Activity

30 days up to

User

Subprojects

Activity

From 11/21/2014 to 12/20/2014

12/20/2014

08:13 PM Revision 30501526: Prevent resolvconf(8) from stomping all over our newly generated: resolv.conf and subsequent updates. Warren Baker
06:12 PM Revision fe416714: Put line break only if IPv4 address exists: This makes a line for the IPv4 address if it is there. If the IPv4 address goes away, the whole line will disappear, ... Phil Davis
06:05 PM Revision 7a0c88f8: Interfaces widget remove blank line if no IPv4 address: If the interface had an IPv6 address but no IPv4 address, there was a blank line where the IPv4 address would have be... Phil Davis
05:53 PM Bug #4129: IPsec connections with multiple P2s use only first SA: In my test above i created complete separate conn sections in the config file, it seems possible to not repeat all in... Pi Ba
05:16 PM Bug #4129: IPsec connections with multiple P2s use only first SA: I've been checking this a bit more, and did see that with the current way it does work properly for a tunnel that use... Pi Ba
05:16 PM Revision 6e795218: Set Interfaces widget IPv6 address: Now that get_interfacestatus() is returning us the IPv6 address, and interfaces.widget.php has a div to put it in, ac... Phil Davis
05:12 PM Revision d7884992: Send IPv4 and IPv6 address in get_interfacestatus: And make them strong (bold), which is how they are displayed originally by interfaces.widget.php
This allows the AJAX... Phil Davis
05:08 PM Revision 2795f40b: Interfaces widget create all div: All div for the various things need to be created here, so that later AJAX can switch the necessary things on/off and... Phil Davis
04:57 PM Bug #4134 (Resolved): Email notifications configuration migration to 2.2 broken (STARTTLS): 2.1.x config snippet:... Kill Bill
08:34 AM Feature #4133 (Resolved): Add GUI setting for VLANs PCP: Add support for optionally setting VLANs priority (PCP) through the GUI, saved as part of the xml configuration.
S... Clement Barnier
01:57 AM Revision 5b4ed0e1: Use correct port for viewing portal page contents. Ticket #4125: Chris Buechler
01:56 AM Revision 5a098344: Use correct port for viewing portal page contents. Ticket #4125: Chris Buechler

12/14/2014

10:03 PM Revision 6678fdd1: Tidy up "widgets" XHTML: Add CDATA sections to scripts
Add ALT to image tags and close image tags
DIV tag cannot be inside a STRONG tag, so sw... Colin Fleming
08:09 PM pfSense Packages Bug #4114 (Resolved): Squid 3.4.9 transparent proxy broken.: The latest Squid packages all had issues, but none of them as serious as transparent proxy not working.
Squid has to... Arthur Undisclosed
05:58 PM Bug #4113 (Resolved): multiple instances of /var/db/rrd/updaterrd.sh: On my pfsenses I see multiple instances of updaterrd.sh
Because all instances uses only one pid file with only one... Grischa Zengel
03:28 PM Bug #4112 (Closed): ipsec, strongswan (sometimes) needs a 'conn' section with a unique reqid for each phase2: ipsec, strongswan (sometimes) needs a 'conn' section with a unique reqid for each phase2
I've been trying to repla... Pi Ba
08:09 AM Bug #4103: Xen xn NICs can't tag VLANs: On Interfaces/VLAN is written:... Grischa Zengel
12:52 AM Feature #4108: USB printers support required: Including ulpt driver module into freebsd/pfsense compilation does not make a print server from it, not even close to... Vladimir Suhhanov

12/13/2014

10:47 PM Feature #4108 (Rejected): USB printers support required: It's a firewall, not a print server. Don't do that. Anyone who *really* wants to can copy over a ulpt.ko from stock F... Chris Buechler
01:02 AM Feature #4108 (Rejected): USB printers support required: I ask you to add ulpt driver module or compile it into the kernel. People want to use it! :)
https://www.freebsd.org... Vladimir Suhhanov
07:25 PM Revision 7dd5f0f7: Where binding Unbound to *:53, set "interface-automatic: yes" so replies are sourced from the correct IP. Ideally this should always work this way, but setting this causes Unbound to bind to *:53, which shouldn't happen where specific interfaces are chosen. Ticket #4111: Chris Buechler
07:24 PM Revision f358fe3f: Where binding Unbound to *:53, set "interface-automatic: yes" so replies are sourced from the correct IP. Ideally this should always work this way, but setting this causes Unbound to bind to *:53, which shouldn't happen where specific interfaces are chosen. Ticket #4111: Chris Buechler
01:20 PM Bug #4111 (Feedback): Unbound replies using wrong source IP when bound to *: Fix committed and verified for the circumstance where binding all interfaces. Chris Buechler
01:17 PM Bug #4111 (Resolved): Unbound replies using wrong source IP when bound to *: When Unbound is bound to all interfaces, it replies back with the source IP it would use for initiating a new connect... Chris Buechler
12:09 PM Bug #4110 (Resolved): interface-group is not set properly on the openvpn interfaces after reboot: interface-group is not set properly on the openvpn interfaces after reboot
The openvpn interfaces are part of the My... Pi Ba
10:57 AM pfSense Packages Bug #4109: squid package doesn't include hostname when logging remotely: sorry - snort not squid ;)
The remote system can detect the sender, of cause. But if you ommit the hostname, it's no... Patrick Hieber
10:00 AM pfSense Packages Bug #4109 (Rejected): squid package doesn't include hostname when logging remotely: Squid/snort inconsistencies in the report aside, syslog does not include that. It's up to the remote system to identi... Jim Pingle
07:41 AM pfSense Packages Bug #4109 (Rejected): squid package doesn't include hostname when logging remotely: Squid doesn't include the hostname when logging remotely (e.g.):
<33>Dec 13 13:40:18 snort[2160]: [120:3:1] (http_... Patrick Hieber
09:03 AM Bug #3848: enabling schedule on 2.1.5 causes page fault: 21 days and no page fault so far. I am updating to the latest build today and will continue to monitor. Ernst den Broeder
05:48 AM Bug #4103: Xen xn NICs can't tag VLANs: In XN there couldn't be tagging problems, because it didn't know anything about tagging.
They will tell me that the ... Grischa Zengel
12:55 AM Bug #4107 (Resolved): Firmware backup restoration via WebUI does not reboot firewall at the end, no logs, no messages: If you restore full backups via console, using upgrade firmware menu - no problem it is working, the only one thing i... Vladimir Suhhanov

12/12/2014

10:23 PM Bug #4105: rc.update_bogons.sh fetch failure should never sleep on FW upgrade: Well, sadly this does not happen in the _background_... No idea why it does not background, as said the upgrade could... Kill Bill
09:40 PM Bug #4105 (Feedback): rc.update_bogons.sh fetch failure should never sleep on FW upgrade: The bogon update sleep doesn't lock anything or prevent anything else from happening, it just sits in the background ... Chris Buechler
09:51 AM Bug #4105 (Not a Bug): rc.update_bogons.sh fetch failure should never sleep on FW upgrade: This kills the whole upgrade process, since this gets stuck on sleep "forever" (one day at least, or even a week or m... Kill Bill
09:30 PM Bug #4103: Xen xn NICs can't tag VLANs: There are problems in VLAN tagging in that driver. That's outside of our control. Please replicate the problem on sto... Chris Buechler
08:50 PM Bug #4103: Xen xn NICs can't tag VLANs: That's in the code:... Grischa Zengel
08:20 PM Bug #4103: Xen xn NICs can't tag VLANs: That's to lapidary.
Tagging is something which is handled by software and could be in hardware.
Without anything wr... Grischa Zengel
07:07 PM Bug #4103 (Rejected): Xen xn NICs can't tag VLANs: they don't show up because they report themselves as not being VLAN-capable. Those who have forced their way around t... Chris Buechler
03:20 AM Bug #4103 (Rejected): Xen xn NICs can't tag VLANs: Interface xn0 is not listed on "Interfaces: VLAN: Edit" for using as parent interface.
On XEN interface xn0 didn't... Grischa Zengel
07:05 PM Feature #3933: Limiter burst doesn't have any effect: it's not a config or command issue, if it were that simple I would have fixed it. It's a kernel issue with dummynet i... Chris Buechler
06:20 PM Bug #4106 (Rejected): ipsec, using a carpip for the interface of a phase1 ipsec connection with fails to generate the ipsec.conf content: duplicate of #4089 which is fixed already. Chris Buechler
06:18 PM Bug #4106 (Rejected): ipsec, using a carpip for the interface of a phase1 ipsec connection with fails to generate the ipsec.conf content: ipsec, using a carpip for the interface of a phase1 ipsec connection with fails to generate the ipsec.conf content.
... Pi Ba
05:41 PM Revision b78111c4: Validation of y/n answers in setlanip: At the moment the user can answer "yes" to most of the questions, but then later code only checks if the answer is "y... Phil Davis
05:40 PM Revision 00aa3b79: Merge pull request #1385 from phil-davis/patch-11: Renato Botelho
05:16 PM Revision e6abcccc: Validation of y/n answers in setlanip: At the moment the user can answer "yes" to most of the questions, but then later code only checks if the answer is "y... Phil Davis
04:56 PM Revision d7b9b993: Update service providers xml to sync with upstream: Renato Botelho
04:55 PM Revision 38e1541b: Update service providers xml to sync with upstream: Renato Botelho
04:49 PM Revision a7d7cd7f: rc.initial.setlanip fix validation of CIDR within range: Currently this allows the user to input any number for the CIDR. I happened to try 44 for an IPv4 CIDR when playing.
... Phil Davis
04:49 PM Revision 3bc55eee: Merge pull request #1383 from phil-davis/patch-10: Renato Botelho
03:19 PM Revision 87657b95: rc.initial.setlanip fix validation of CIDR within range: Currently this allows the user to input any number for the CIDR. I happened to try 44 for an IPv4 CIDR when playing.
... Phil Davis
02:30 PM Revision 245f78d2: Regenerate Turkish mo: Renato Botelho
02:30 PM Revision 6220186b: Update po from last pot: Renato Botelho
02:30 PM Revision 4770b341: Update Turkish translation file from last version available on old translation server: Renato Botelho
02:29 PM Revision c45c6ccd: Regenerate Turkish mo: Renato Botelho
02:28 PM Revision 019645ff: Update po from last pot: Renato Botelho
02:27 PM Revision 66f8965d: Update Turkish translation file from last version available on old translation server: Renato Botelho
02:14 PM Revision 6e84f8c0: Regenerate pfSense.pot: Renato Botelho
02:13 PM Revision fb0495f3: Regenerate pfSense.pot: Renato Botelho
11:17 AM Revision 9b8f26cf: Fix password confirmation name to make style working as expected. Fixes #3992: Renato Botelho
11:17 AM Revision 2e65babb: Fix password confirmation name to make style working as expected. Fixes #3992: Renato Botelho
10:40 AM Revision 946e55bd: Base URL must be specified when alturlenable on: I had a 2.1.5 system that I was wondering why the dashboard always said it could not check for updates. I discovered ... Phil Davis
10:40 AM Revision a516c81e: Merge pull request #1381 from phil-davis/patch-8: Renato Botelho
09:37 AM Bug #4104 (Resolved): unbound package configuration migration to 2.2 broken: On literally every box that had unbound installed as a package with 2.1.x, there's some statistics-related configurat... Kill Bill
08:26 AM Bug #3886 (Feedback): (TurkishLanguage) After the firewall rule for example (lan rule) does not come "Apply Button": Done. We will have a new translation server available soon to make users able to translate again. Renato Botelho
07:26 AM Bug #4095: Unbound config not regenrated on WAN-style interface acquiring IP address: in my case one of my alix boxes has a single wan conenction (pppoe) and i have set it to periodically reset at 3am so... Bipin Chandra
06:17 AM Bug #4100: Validation of y/n answers in setlanip console menu: Better solution in https://github.com/pfsense/pfsense/pull/1382 Phillip Davis
05:30 AM Bug #3992: The password confirmation field is not properly formatted at VPN: L2TP: User: Add/Edit: Applied in changeset commit:9b8f26cfdf3a9829585c1e97b435407561e2766d. Renato Botelho
05:30 AM Bug #3992 (Feedback): The password confirmation field is not properly formatted at VPN: L2TP: User: Add/Edit: Applied in changeset commit:2e65babb16b604752afc6b5f948851cb881ce9af. Renato Botelho
04:53 AM Revision a93bc299: Base URL must be specified when alturlenable on: I had a 2.1.5 system that I was wondering why the dashboard always said it could not check for updates. I discovered ... Phil Davis
04:51 AM Bug #4077 (Feedback): Gateways Status Widget status column does not update: Merged Renato Botelho
04:27 AM Bug #4091 (Resolved): spurious character in NTP config: Renato Botelho
03:05 AM Bug #4102 (Resolved): Could not find IPv4/IPv6 gateway for interface log spam: There is no IPv4 nor IPv6 assigned to the interface, there was a dynamic IPv6 GW created on 2.1.x, which was made def... Kill Bill

12/11/2014

09:50 PM Revision fcc96054: Split ICMP and ICMPv6 types on Firewall Rules: - Remove redundant declaration of $icmptypes and move it to a common
place (filter.inc)
- Add missing ICMP types for ... Renato Botelho
09:49 PM Revision c03ed2fb: Fix indent and spaces: Renato Botelho
09:47 PM Revision d3bf4a41: Split ICMP and ICMPv6 types on Firewall Rules: - Remove redundant declaration of $icmptypes and move it to a common
place (filter.inc)
- Add missing ICMP types for ... Renato Botelho
08:55 PM Revision 0ab1f107: Fix indent and spaces: Renato Botelho
06:46 PM Revision 470b14d8: Fix #4099:: - When interface is 'lo0', strpos returns 0, that is erroneously
considered false (boolean) on the test. Be more stri... Renato Botelho
06:43 PM Revision 11bdc638: Fix #4099:: - When interface is 'lo0', strpos returns 0, that is erroneously
considered false (boolean) on the test. Be more stri... Renato Botelho
05:05 PM Revision 79fabc8f: Fix #3790:: - Do not let 2 interfaces to setup the same track6 prefix id
- Show correct prefix id range for each interface Renato Botelho
05:03 PM Revision 986fd3d9: Fix #3790:: - Do not let 2 interfaces to setup the same track6 prefix id
- Show correct prefix id range for each interface Renato Botelho
04:00 PM Bug #3389: GUI allows to configure ICMPv4 types for ICMPv6 firewall rules: Applied in changeset commit:fcc96054a0935a2eb4aa380ccf0fc8c44987715f. Renato Botelho
04:00 PM Bug #3389 (Feedback): GUI allows to configure ICMPv4 types for ICMPv6 firewall rules: Applied in changeset commit:d3bf4a4163c50146a18cbb6cebe87d8d9a453afe. Renato Botelho
04:00 PM Bug #4101: Mounting information lost upgrading from XenServer virtualized 2.1.5: That's an issue with Xen changing your devices without telling you, and coupled with FreeBSD's Xen disk driver not al... Jim Pingle
03:37 PM Bug #4101 (Needs Patch): Mounting information lost upgrading from XenServer virtualized 2.1.5: During the update, the devices get renamed and the reboot fails. You have to manually fix this during boot and edit t... Joel Linn
12:50 PM Bug #4099: IP aliases on localhost not config syncing across: Applied in changeset commit:470b14d8d676c342956c783bba4b352c91627626. Renato Botelho
12:50 PM Bug #4099 (Feedback): IP aliases on localhost not config syncing across: Applied in changeset commit:11bdc638ef87c94d239113cbac9e5f59bc8b74da. Renato Botelho
12:45 AM Bug #4099 (Resolved): IP aliases on localhost not config syncing across: IP aliases on localhost don't config sync to the secondary. This was broken, then fixed earlier in the 2.2 release cy... Chris Buechler
11:20 AM Bug #3790: Input validation is too strict for IPv6 Prefix ID for Track Interface: Applied in changeset commit:79fabc8fac5f8c8444f8374748572040e96bee24. Renato Botelho
11:20 AM Bug #3790 (Feedback): Input validation is too strict for IPv6 Prefix ID for Track Interface: Applied in changeset commit:986fd3d9a70bd92e2138372147e338e24f774730. Renato Botelho
09:40 AM Revision bf310189: Change text and color delimiter to carat sign: To match change made in functions.inc.php Phil Davis
09:40 AM Revision f2d27f93: Gateway Status Widget keep IP address bold: Forum: https://forum.pfsense.org/index.php?topic=85187.msg467438#msg467438
The bold is specified literally in gatewa... Phil Davis
09:39 AM Revision 8d5be861: Merge pull request #1378 from phil-davis/patch-10: Renato Botelho
09:38 AM Revision 07ab838e: Improve check if no OpenVPN defined: Alternate version of https://github.com/pfsense/pfsense/pull/1376
This version retains the is_array() checks and then... Phil Davis
09:37 AM Revision 21e71044: Merge pull request #1379 from phil-davis/patch-11: Renato Botelho
05:50 AM Feature #3933: Limiter burst doesn't have any effect: Hi Chris,
This issue is a blocker for me, I would really want the bursting functionality to work. I would like to ... Ahmed Kamal
03:12 AM Bug #4100: Validation of y/n answers in setlanip console menu: Proposed solution https://github.com/pfsense/pfsense/pull/1372 Phillip Davis
03:11 AM Bug #4100 (Resolved): Validation of y/n answers in setlanip console menu: At the moment the user can answer "yes" to most of the (y/n) questions, but then later code only checks if the answer... Phillip Davis
02:39 AM Revision 04c0724e: Improve check if no OpenVPN defined: Alternate version of https://github.com/pfsense/pfsense/pull/1376
This version retains the is_array() checks and then... Phil Davis
01:30 AM Revision 2cc10e2c: Change text and color delimiter to carat sign: To match change made in functions.inc.php Phil Davis
01:28 AM Revision 6385c335: Gateway Status Widget keep IP address bold: Forum: https://forum.pfsense.org/index.php?topic=85187.msg467438#msg467438
The bold is specified literally in gatewa... Phil Davis
12:31 AM Bug #4094: Gateway Status can report Online when gateway is waiting for DHCP: Because the interface has no IP address/gateway yet, there is no way for pfSense to set a specific route to the monit... Phillip Davis

12/10/2014

11:59 PM Bug #4095: Unbound config not regenrated on WAN-style interface acquiring IP address: actually im having the same issue
https://forum.pfsense.org/index.php?topic=78356.msg467520#msg467520 Bipin Chandra
11:15 PM Bug #4095: Unbound config not regenrated on WAN-style interface acquiring IP address: assigned to cmb for eval Jim Thompson
11:51 AM Bug #4095 (Resolved): Unbound config not regenrated on WAN-style interface acquiring IP address: Example: system with dual-WAN - WAN and OPT1 both DHCP.
Boot with WAN getting DHCP but OPT1 connected but not gettin... Phillip Davis
11:50 PM Bug #4094: Gateway Status can report Online when gateway is waiting for DHCP: I'm almost to a point of confirming what Phil describes. Broke my system earlier and killed my VPN to where the test ... Chris Buechler
11:14 PM Bug #4094: Gateway Status can report Online when gateway is waiting for DHCP: assigned to CMB for now. (Evaluation).
I can think of a bunch of scenarios that are "racy" (DHCP can take a while... Jim Thompson
08:58 PM Bug #4094: Gateway Status can report Online when gateway is waiting for DHCP: Note: Another hardware scenario where this can happen is if you have your upstream WAN devices connected to pfSense o... Phillip Davis
10:56 AM Bug #4094: Gateway Status can report Online when gateway is waiting for DHCP: If I physically unplug OPT1, then everything fails over correctly to WAN. The issue seems to be only if a DHCP WAN-ty... Phillip Davis
10:51 AM Bug #4094 (Resolved): Gateway Status can report Online when gateway is waiting for DHCP: Example system: 2 WANs, both DHCP, that uplink to 2 different ISPs (WAN and OPT1) (called WAN_DHCP interface WANGENER... Phillip Davis
11:14 PM pfSense Packages Bug #4078: NUT fails to start with USB: After updating to 2.2 RC, removing the NUT package, cleaning up 2.1.5 NUT leftovers by hand, and reinstalling the NUT... Denny Page
11:10 PM Bug #4076: DNS Forwarder options do not unset during CARP sync: assigned to Chris for evaluation. Jim Thompson
11:06 PM Bug #4067: Unbound configuration does not get synchronized to the secondary members of a cluster install: Ermal reported it, I'm assigning it to him. :-) Jim Thompson
11:05 PM pfSense Packages Bug #4059: library required by squid3 may be absent: Assigned to Renato for evaluation and possible fix, because: packages. Jim Thompson
11:04 PM Bug #3790: Input validation is too strict for IPv6 Prefix ID for Track Interface: re-assigned Jim Thompson
10:58 PM Bug #3932: Captive portal with greater than 9000 permanent MAC addresses causes timeout in loading CP: Could we try what Jeremy asked for? Jim Thompson
04:36 PM Revision 6346f188: Setup ddb on all platforms. On full install it will save the dump, on NanoBSD it will print to console and auto-reboot.: This way, a router running NanoBSD won't sit at a db> prompt indefinitely if it crashes. Jim Pingle
04:35 PM Revision 3740e87e: Setup ddb on all platforms. On full install it will save the dump, on NanoBSD it will print to console and auto-reboot.: This way, a router running NanoBSD won't sit at a db> prompt indefinitely if it crashes. Jim Pingle
03:40 PM Revision e519371d: Fixup text rule should be route: This code was obviously taken from firewall rules and reused here without changing the word "rule" to "route". Phil Davis
03:39 PM Revision b3986dd1: Merge pull request #1377 from phil-davis/patch-9: Renato Botelho
03:32 PM Revision f4d094b4: Fixup text rule should be route: This code was obviously taken from firewall rules and reused here without changing the word "rule" to "route". Phil Davis
02:31 PM Feature #4098 (New): Add option to force a password change on login: For new users in the User Manager, it would be handy to have the ability to force them to change their password on th... Jim Pingle
02:25 PM Bug #4092 (Rejected): enable DNSSEC on unbound resolver breaks ability to resolve www.google.com: Definitely not true. Something in your case legitimately is breaking DNSSEC. Post some details to the forum or list a... Chris Buechler
08:30 AM Bug #4092 (Rejected): enable DNSSEC on unbound resolver breaks ability to resolve www.google.com: On the DNS Resolver main configuration page, if you enable DNSSEC, the resolver is no longer able to resolve www.goog... Vick Khera
02:14 PM Revision 59c5e4bd: Remove spurious '>', fixes #4091: Renato Botelho
02:14 PM Revision d7563eeb: Remove spurious '>', fixes #4091: Renato Botelho
02:01 PM pfSense Packages Bug #4097 (Not a Bug): Unable to restart Postfix: Postfix seems disabled but can't enabled.
When trying to restart Postfix from the GUI nothing seems to happen. The c... Marco Verleun
01:21 PM Bug #4089 (Resolved): IPsec skips P1s bound to CARP IPs: fixed Chris Buechler
06:00 AM Bug #4089: IPsec skips P1s bound to CARP IPs: Applied in changeset commit:c02acef2866f08662d62aa6f0ba73168e85dafc8. Renato Botelho
06:00 AM Bug #4089 (Feedback): IPsec skips P1s bound to CARP IPs: Applied in changeset commit:76f12171884adcbbf6ea6d66b87851b0a5fcc4b3. Renato Botelho
04:05 AM Bug #4089 (Resolved): IPsec skips P1s bound to CARP IPs: Configure IPsec bound to a CARP IP on P1, and see it ends up being completely omitted from ipsec.conf. Chris Buechler
12:38 PM Bug #4096 (Rejected): Update Checker doesnt work Under Failover setup: you need default gateway switching enabled for that to work Chris Buechler
12:35 PM Bug #4096 (Rejected): Update Checker doesnt work Under Failover setup: I have a failover setup
WAN, WAN2
WAN being primary.
if WAN is down. pfSense can not check if iam on the latest v... M Skenderian
12:25 PM Bug #4093 (Resolved): Static Routes GUI page mentions rules: Chris Buechler
09:36 AM Bug #4093 (Feedback): Static Routes GUI page mentions rules: Merged, thanks! Renato Botelho
09:30 AM Bug #4093 (Resolved): Static Routes GUI page mentions rules: A bunch of the hover text for buttons on this page, and delete confirmation mention "rule" rather than "route".
Obvi... Phillip Davis
11:58 AM Revision b8dd129d: Make sure this message is only displayed on console: Renato Botelho
11:58 AM Revision 52e97bcc: Make sure this message is only displayed on console: Renato Botelho
11:56 AM Revision c02acef2: get_failover_interface() is already called inside get_interface_ip(v6), no need to call it twice. It should fix #4089: Renato Botelho
11:55 AM Revision 76f12171: get_failover_interface() is already called inside get_interface_ip(v6), no need to call it twice. It should fix #4089: Renato Botelho
08:20 AM Bug #4091: spurious character in NTP config: Applied in changeset commit:59c5e4bd687ec9779488e35e418380bde8a2544e. Renato Botelho
08:20 AM Bug #4091 (Feedback): spurious character in NTP config: Applied in changeset commit:d7563eebc721a6eb2ca1f58136905ed4044a1a15. Renato Botelho
08:03 AM Bug #4091 (Resolved): spurious character in NTP config: In service->NTP under "access restrictions" advanced button, the line for "Disable ntpq and ntpdc queries (default: d... Vick Khera
08:00 AM Bug #4090: unbound advanced settings cause broken unbound.conf file: I found that I need to specify... Vick Khera
07:52 AM Bug #4090 (Resolved): unbound advanced settings cause broken unbound.conf file: I need to permit private IPs for my local domains to resolve. That is, vick.int.kcilink.com resolves to 192.168.7.80.... Vick Khera

12/09/2014

01:31 PM Bug #4082: Adding to Captive Portal Allowed Hostnames list gives error (exit code 71) in System Logs: Thanks; so when I add pfsense.org , which is not already there :o), it gives the same error.
Currently, that pass th... David Goldstrom
12:59 PM pfSense Packages Bug #4087: Rule reload doesn't update FQDN entries in pf tables: It occurred to me after turning the computer off well after midnight that you might have been referring to the "TTL" ... Volker Kuhlmann
06:39 AM pfSense Packages Bug #4087: Rule reload doesn't update FQDN entries in pf tables: Oh, that's a bug with network-type aliases and FQDNs if you mix networks in with them. That's fixed in 2.2, there's a... Chris Buechler
06:00 AM pfSense Packages Bug #4087: Rule reload doesn't update FQDN entries in pf tables: You have missed the problem. I am not interested in new DNS lookups.
The problem is that THE ENTRIES CORRESPONDING T... Volker Kuhlmann
05:53 AM pfSense Packages Bug #4087 (Rejected): Rule reload doesn't update FQDN entries in pf tables: Nor should they be. They're updated in the background by filterdns when the TTL expires. It's pointless to do another... Chris Buechler
05:30 AM pfSense Packages Bug #4087 (Rejected): Rule reload doesn't update FQDN entries in pf tables: pf tables can be populated from FQDNs through pfsense aliases. This is a very good feature for a number of reasons. T... Volker Kuhlmann
11:46 AM Bug #3939: Cannot create Host or Network type alias with an IP address/range: It looks like there is still an issue with this.
If I create a new alias with 2 networks and 2 FQDN's, all expected... Landon Timothy
05:53 AM Bug #4086: Gateway monitoring DoS: It took me a long time to find the problem because there are few symptoms that immediately break things, other than a... Volker Kuhlmann
05:38 AM Bug #4086 (Rejected): Gateway monitoring DoS: not true in general, though I'm sure there are unusual edge cases where that's possible. Even the described flapping ... Chris Buechler
05:21 AM Bug #4086 (Rejected): Gateway monitoring DoS: Default configuration is to monitor the WAN gateway once per second and to take action if it doesn't respond for 10 s... Volker Kuhlmann
05:44 AM pfSense Packages Bug #4088 (Feedback): Buggy squidgurd config file is created: The config file that is generated for squidguard 1.4_4 pkg v.1.9.6 is buggy in two ways, leading to unexpected and da... Volker Kuhlmann
04:59 AM Bug #4080 (Resolved): can't edit setting after factory reset!: fixed Chris Buechler
04:58 AM Bug #4066 (Resolved): Dynamic DNS updates failing on PPPoE reconnect: fixed Chris Buechler
04:18 AM pfSense Packages Bug #4085 (Resolved): Check_mk agent configuration: 'Listen Port' is required, contrary to description: In the Check_mk agent configuration page, the description for 'Listen Port' says:
"Leave empty to use Default prot [... Flavio Stanchina
04:09 AM pfSense Packages Bug #4084 (Resolved): Check_mk agent doesn't work: wrong bash path: The official Check_mk agent package doesn't work because the shebang line at the top of /usr/local/bin/check_mk_agent... Flavio Stanchina

12/08/2014

11:51 PM pfSense Packages Feature #3485: Log rotation for mod_security: +1
Ended up having to install a local crontab to avoid log overflowing, which is totally sub-optimal and non-repro... Stéphane Lapie
09:45 PM Revision e2a319f3: Use exit instead of return here, otherwise script's return code is always 0 and user with wrong password is authenticated: Renato Botelho
09:44 PM Revision 9a92e2ef: Use exit instead of return here, otherwise script's return code is always 0 and user with wrong password is authenticated: Renato Botelho
03:24 PM Feature #4083 (Resolved): Replace GET by POST: These functions should be sent as a POST to pfSense software, which should then do a redirect back to the status page... Michael Newton
02:29 PM Bug #4081: Apinger reporting incorrect latency: also affects rrd graph at same time Michael Kellogg
10:28 AM Bug #4081 (Confirmed): Apinger reporting incorrect latency: it's not reporting latency to the gateway, its calculations become wrong under some circumstance. Chris Buechler
10:40 AM Bug #4082 (Confirmed): Adding to Captive Portal Allowed Hostnames list gives error (exit code 71) in System Logs: that's just cosmetic, when it tries to add something that's already there. Chris Buechler
10:07 AM Bug #3286: Radvd will not function with IPv6 Prefix delegation other than 64 on WAN: Just wanted to add a comment here... it's possible that this is not a pfSense bug. DHCPv6+PD leases a prefix of the r... Anonymous

12/07/2014

10:32 PM Revision 34d03237: Standardise css list padding: for _corporate Phil Davis
10:32 PM Revision 63d41775: Standardise css list padding: for code-red theme Phil Davis
10:32 PM Revision 40a27d2c: Standardise css list padding: for metallic theme Phil Davis
10:32 PM Revision fa367078: Standardise css list padding: for nervecenter theme Phil Davis
10:32 PM Revision ed1457e3: Standardise css list padding: for pfsense-dropdown theme Phil Davis
10:32 PM Revision ba1ff148: Standardise css list padding: for pfsense theme Phil Davis
10:32 PM Revision 433f5949: Standardise css list padding: for pfsense_ng_fs theme Phil Davis
10:32 PM Revision 93365bbd: Standardise css list padding: for the_wall theme Phil Davis
10:32 PM Revision 14bd365a: Provide success return indication from console_configure_dhcpd: Recent commit https://github.com/pfsense/pfsense/commit/9ea554ee5cb25ea3bf5bb6bf7997c6c7379ce349 added testing of the... Phil Davis
10:31 PM Revision ae0daa80: Merge pull request #1371 from phil-davis/patch-6: Renato Botelho
10:30 PM Revision 47a12231: Merge pull request #1370 from phil-davis/patch-5: Renato Botelho
04:56 PM Revision eca5402b: Provide success return indication from console_configure_dhcpd: Recent commit https://github.com/pfsense/pfsense/commit/9ea554ee5cb25ea3bf5bb6bf7997c6c7379ce349 added testing of the... Phil Davis
04:28 PM Bug #4080 (Feedback): can't edit setting after factory reset!: Pull request merged Renato Botelho
10:51 AM Bug #4080: can't edit setting after factory reset!: Should be fixed by: https://github.com/pfsense/pfsense/pull/1371
It was broken recently by enhancements to return ... Phillip Davis
08:50 AM Bug #4080 (Resolved): can't edit setting after factory reset!: After I do a "reset to factory defaults" I couldn't change any other setting from the Console menu ... I have tried t... Michael F
04:28 PM Revision 2ce15f63: Standardise css list padding: for the_wall theme Phil Davis
04:26 PM Revision fe9273cf: Standardise css list padding: for pfsense_ng_fs theme Phil Davis
04:24 PM Revision 4fb660ae: Standardise css list padding: for pfsense theme Phil Davis
04:23 PM Revision 6e74f280: Standardise css list padding: for pfsense-dropdown theme Phil Davis
04:21 PM Revision 09b095b0: Standardise css list padding: for nervecenter theme Phil Davis
04:19 PM Revision af978cb9: Standardise css list padding: for metallic theme Phil Davis
04:16 PM Revision 04d21981: Standardise css list padding: for code-red theme Phil Davis
04:11 PM Revision 66591feb: Standardise css list padding: for _corporate Phil Davis
03:42 PM Revision cd4d0c29: Standardise css list padding: On Status->Services, the Services Status widget when a service status is down, the red "x" button does not line up wi... Phil Davis
03:41 PM Revision e17748e2: Typo CIDR in UPnP GUI page: As reported by johnpoz https://forum.pfsense.org/index.php?topic=84964.0 Phil Davis
03:41 PM Revision f3dac61c: Merge pull request #1368 from phil-davis/patch-3: Renato Botelho
03:40 PM Revision f060bd2a: Merge pull request #1369 from phil-davis/patch-4: Renato Botelho
01:25 PM Revision 9241d942: Typo CIDR in UPnP GUI page: As reported by johnpoz https://forum.pfsense.org/index.php?topic=84964.0 Phil Davis
01:14 PM Bug #4082 (Resolved): Adding to Captive Portal Allowed Hostnames list gives error (exit code 71) in System Logs: Adding a web address to the Captive Portal's Allowed Hostnames list consistently gives this error in the system logs:... David Goldstrom
12:36 PM Bug #1629: invalid state table entries after WAN IP change: So is this change going in to 2.2? Will the state killing be triggered in a gateway group failover event that is typi... → luckman212
12:14 PM Feature #3506: Firewall:Aliases - Sort/Move Function: I agree this would be a very nice feature to have, as would the ability to sort or re-order the "interfaces" lists wh... → luckman212
12:00 PM Bug #4081: Apinger reporting incorrect latency: I have a bare metal box that I believe this or something related is happing chris has access info if any of the other... Michael Kellogg
11:02 AM Bug #4081 (Resolved): Apinger reporting incorrect latency: If a gateway has an explicit monitor address, apinger will stop reporting latency to the monitor address and switch t... Denny Page
09:47 AM Revision 0f3d668f: Standardise css list padding: On Status->Services, the Services Status widget when a service status is down, the red "x" button does not line up wi... Phil Davis
08:48 AM Feature #4079 (Closed): Specify opt-number to use on new interfaces: When creating new interfaces, it would be nice to be able to specify the number that the opt-interface receives. A si... Trond Vindenes

12/05/2014

09:06 PM Revision a4e07baf: Disable RC4 ciphers in lighttpd: Chris Buechler
09:05 PM Revision fa10244f: Disable RC4 ciphers in lighttpd: Chris Buechler
07:04 PM Revision 72e79bc7: Call filter_configure_sync() is a better fix for #4066, as pointed by Ermal: Renato Botelho
07:04 PM Revision 56c6993c: Call filter_configure_sync() is a better fix for #4066, as pointed by Ermal: Renato Botelho
06:23 PM Revision 6a7dae05: Fix #4066:: Make sure pf is configured before other services are restarted when WAN
IP changes. The way it was before, 'pass out'... Renato Botelho
06:20 PM Revision 6d744cc8: Fix #4066:: Make sure pf is configured before other services are restarted when WAN
IP changes. The way it was before, 'pass out'... Renato Botelho
02:27 PM Todo #4075 (Resolved): branch RELENG_2_2, update build tools and build servers accordingly: All done Renato Botelho
01:06 PM Revision 5c3dae18: Add RELENG_2_2 to gitsync: Renato Botelho
01:06 PM Revision a911f2e2: Set text and color of Gateways Widget Status: getstats.php calls functions.inc.php get_stats(), which calls get_gatewaystats().
get_gatewaystats() now returns the ... Phil Davis
01:06 PM Revision 3002168f: Explicitly pass gateway status and color: This code was passing a whole load of html to attempt to set various properties of the Gateways Widget Status column ... Phil Davis
01:06 PM Revision d68be5d6: Use proper listr class for Gateways Widget Status: The Gateways Widget Status was not using the listr class, and so it was missing the borders for the right and bottom ... Phil Davis
01:05 PM Revision 8da00522: Add RELENG_2_2 to gitsync: Renato Botelho
01:05 PM Revision 75f65f9c: Merge pull request #1367 from phil-davis/patch-2: Renato Botelho
12:30 PM Bug #4066: Dynamic DNS updates failing on PPPoE reconnect: Applied in changeset commit:6a7dae05d3a628492f5b55ff87a7153ee69484dd. Renato Botelho
12:30 PM Bug #4066 (Feedback): Dynamic DNS updates failing on PPPoE reconnect: Applied in changeset commit:6d744cc842058a2ff35c82700cce71a2f5eaae41. Renato Botelho
12:09 PM Revision 95d045fc: Set text and color of Gateways Widget Status: getstats.php calls functions.inc.php get_stats(), which calls get_gatewaystats().
get_gatewaystats() now returns the ... Phil Davis
11:58 AM Revision beb7d9e3: Explicitly pass gateway status and color: This code was passing a whole load of html to attempt to set various properties of the Gateways Widget Status column ... Phil Davis
11:51 AM Revision 6404148c: Use proper listr class for Gateways Widget Status: The Gateways Widget Status was not using the listr class, and so it was missing the borders for the right and bottom ... Phil Davis
10:03 AM pfSense Packages Bug #4078 (Resolved): NUT fails to start with USB: On 64 bit, the NUT build is looking libusb.so.2, whereas the native build for 64 bit in /usr/lib is libusb.so.3. Ther... Denny Page
09:01 AM Revision d4337df8: Fix gateway widget status update: Redmine #4077 Phil Davis
09:00 AM Revision d57c55ca: Merge pull request #1366 from phil-davis/patch-1: Renato Botelho
07:55 AM Revision 5eeee40f: Fix gateway widget status update: Redmine #4077 Phil Davis
05:39 AM Revision 04d307d8: dyn.dns.he.net uses a self-signed cert, disable verification for it.: Chris Buechler
05:38 AM Revision 393dac91: dyn.dns.he.net uses a self-signed cert, disable verification for it.: Chris Buechler
05:19 AM Revision d69414fe: Don't try to launch 3gstats unless it's on a valid device.: Chris Buechler
05:19 AM Revision 514512dd: Don't try to launch 3gstats unless it's on a valid device.: Chris Buechler
05:11 AM Revision a0b470ee: Proper CA certificates are in place to validate SSL in these cases where it previously couldn't be, remove disabling of verification.: Chris Buechler
05:10 AM Revision 5ed9fab7: Proper CA certificates are in place to validate SSL in these cases where it previously couldn't be, remove disabling of verification.: Chris Buechler
03:02 AM Revision 95bd66a0: replace spaces with tabs: Chris Buechler
03:00 AM Revision 590aa3e7: After discussion with Ermal, remove this to force consumers to send things: properly. I fixed the scenario in Unbound where it was sending IPs to
these functions rather than an interface, so th... Chris Buechler
02:58 AM Revision 32a81561: Don't include link-locals as unbound interface candidates: Unbound does not presently support link-local interfaces. Jean Cyr
02:57 AM Revision 8742f799: Merge pull request #1365 from jean-m-cyr/master: Chris Buechler
01:54 AM Bug #4077: Gateways Status Widget status column does not update: Pull request: https://github.com/pfsense/pfsense/pull/1366
After this the status updates - pull the cable out of a... Phillip Davis
01:49 AM Bug #4077 (Resolved): Gateways Status Widget status column does not update: On the Dashboard, Gateways Status widget, the RTT and Loss columns update every 10 seconds. But the Status column doe... Phillip Davis

12/04/2014

11:34 PM Revision 0af2fab6: The time has come - bump to 2.2-RC: Chris Buechler
11:20 PM Revision b3460e3d: The time has come - bump to 2.2-RC: Chris Buechler
10:38 PM Bug #4066 (Confirmed): Dynamic DNS updates failing on PPPoE reconnect: found one scenario that's still a problem, investigating. Chris Buechler
12:07 PM Bug #4066 (Resolved): Dynamic DNS updates failing on PPPoE reconnect: confirmed fixed on multiple systems Chris Buechler
09:58 PM Revision 1d57a7f7: After discussion with Ermal, remove this to force consumers to send things: properly. I fixed the scenario in Unbound where it was sending IPs to
these functions rather than an interface, so th... Chris Buechler
06:18 PM Revision a623defd: replace spaces with tabs: Chris Buechler
06:07 PM Revision ad62d077: Don't include link-locals as unbound interface candidates: Unbound does not presently support link-local interfaces. Jean Cyr
05:52 PM Revision d0b5ddce: Fix update url since now we have RELENG_2_2: Renato Botelho
05:40 PM Bug #4040 (Resolved): gateway monitoring issues with multiple PPPoE with same gateway: fixed Chris Buechler
05:39 PM Bug #3809 (Resolved): IPsec Save Xauth Password no longer work: Chris Buechler
05:38 PM Bug #4061: dhcpd doesn't send client-hostname to peer, breaking DHCP lease registrations w/HA: no quick fix here, will review further for 2.2.1 Chris Buechler
05:24 PM Todo #4075 (Feedback): branch RELENG_2_2, update build tools and build servers accordingly: should be done Chris Buechler
11:50 AM Todo #4075: branch RELENG_2_2, update build tools and build servers accordingly: Just /etc/version is missing Renato Botelho
04:40 AM Todo #4075 (Assigned): branch RELENG_2_2, update build tools and build servers accordingly: - Branch RELENG_2_2 created
- set_version.sh changed
Still missing (waiting some definitions):
- Update URL
-... Renato Botelho
12:12 AM Todo #4075 (Resolved): branch RELENG_2_2, update build tools and build servers accordingly: Time to branch RELENG_2_2, and everything that comes along with that. Should be final thing before RC.
Chris Buechler
12:41 PM Bug #4009: Selecting "Embedded" during install does not activate the serial console in a persistent way on amd64: yeah looks good Chris Buechler
09:42 AM Bug #4009 (Resolved): Selecting "Embedded" during install does not activate the serial console in a persistent way on amd64: Works for me, too. I restored a problem config and it still has a console when it boots back up. Marking this as reso... Jim Pingle
12:08 PM Bug #4015 (Resolved): IKE version change needs javascript to update other available fields: this should be good Chris Buechler
11:49 AM Bug #3997: get_interface_ip() returns first IP on interface, not necessarily primary IP: We'll review Ermal's patch post-2.2. Chris Buechler
11:35 AM Revision 47eb263d: Proper fix was put on f658bac: Revert "Can't skip this if booting, ends up breaking config. Ticket #4071"
This reverts commit effb3a3cfe4e57b781f35... Ermal Luçi
11:35 AM Revision 33dc4fbb: Properly unset booting flags to allow dynamic ipsec tunnels to work correctly: Ermal Luçi
10:40 AM Revision b8959f3c: Provide friendly descr in error message in Interfaces Assign: I was doing drastic things testing some stuff, swapping WAN and OPT1 interfaces in Interfaces->Assign. I accidentally... Phil Davis
10:39 AM Revision 9fc7e40d: Merge pull request #1364 from phil-davis/patch-4: Renato Botelho
10:31 AM Revision f0eef2ef: Provide friendly descr in error message in Interfaces Assign: I was doing drastic things testing some stuff, swapping WAN and OPT1 interfaces in Interfaces->Assign. I accidentally... Phil Davis
10:01 AM Revision 01b8dbb0: Put -4 in the right place in ntpq clockver command #4074: I had pasted it in here between "-c" and "clockvar", that was not good.
That's all I have for #4074 (I hope) Phil Davis
10:01 AM Revision 9bcb0919: Use IPv4 for ntpq if IPv6 not allowed in widget #4074: Similar code here. Shame it was not in a subroutine called from both places, but not about to re-engineer that now:) Phil Davis
10:01 AM Revision 99a80364: Merge pull request #1363 from phil-davis/patch-3: Renato Botelho
10:00 AM Revision 2966bc42: Merge pull request #1362 from phil-davis/patch-2: Renato Botelho
09:19 AM Revision c02c81de: Proper fix was put on f658bac: Revert "Can't skip this if booting, ends up breaking config. Ticket #4071"
This reverts commit effb3a3cfe4e57b781f35... Ermal Luçi
09:18 AM Revision f658bac7: Properly unset booting flags to allow dynamic ipsec tunnels to work correctly: Ermal Luçi
08:05 AM Bug #4076 (Resolved): DNS Forwarder options do not unset during CARP sync: With a CARP cluster, the options on Services > DNS Forwarder will sync to the secondary when set, but when unset they... Jim Pingle
08:05 AM Revision 62a407da: Put -4 in the right place in ntpq clockver command #4074: I had pasted it in here between "-c" and "clockvar", that was not good.
That's all I have for #4074 (I hope) Phil Davis
07:59 AM Revision c2914fc9: Use IPv4 for ntpq if IPv6 not allowed in widget #4074: Similar code here. Shame it was not in a subroutine called from both places, but not about to re-engineer that now:) Phil Davis
06:23 AM Revision e26effd3: change the ordering of dhcpd_configure and unbound_configure here, claims on forum it fixes issue I can't seem to replicate.: Chris Buechler
06:12 AM Revision 888dd494: Merge pull request #1361 from phil-davis/patch-2: Chris Buechler
05:41 AM Revision e4a496ae: Use IPv4 for ntpq if IPv6 not allowed: Forum: https://forum.pfsense.org/index.php?topic=84890.0 Phil Davis
05:07 AM Revision 679c54fc: Merge pull request #1360 from jean-m-cyr/master: Chris Buechler
03:23 AM Revision f302a333: Link local interfaces don't have subnet.. don't create access-control statement: Selecting link local interface for unbound causes invalid access-control
statement in unbound config since link local... Jean Cyr
03:14 AM Bug #4071: IPsec with remote gateway of FQDN missing rightid after boot: I reverted the fix you pushed and committed f658bac which is the correct fix.
The issue came from the platform_booti... Ermal Luçi
02:43 AM Revision effb3a3c: Can't skip this if booting, ends up breaking config. Ticket #4071: Chris Buechler
12:22 AM Bug #4074: Status NTP does not display any result if IPv6 Allow is off: Yes, I was thinking a similar thing. "Allow IPv6" is really meant to be a general blocker for outside things that mig... Phillip Davis
12:08 AM Bug #4074 (Feedback): Status NTP does not display any result if IPv6 Allow is off: Good catch, thanks. I merged that.
Wondering if it'd be best to allow localhost to localhost v6 connectivity rega... Chris Buechler

12/03/2014

11:52 PM Bug #4074 (Resolved): Status NTP does not display any result if IPv6 Allow is off: Forum: https://forum.pfsense.org/index.php?topic=84890.0
ntpq by default tries to ask ntpd for status using the IP... Phillip Davis
11:27 PM Bug #4069 (Confirmed): cookie_test causes false positives in vulnerability scanners: After further consideration, I will make this a bug, but corrected to the real issue (subject fixed). We can make peo... Chris Buechler
05:03 PM Bug #4069 (Rejected): cookie_test causes false positives in vulnerability scanners: every meaningful cookie sets secure in all versions. That's flagging on the cookie_test that does nothing but check w... Chris Buechler
04:53 PM Bug #4069 (Resolved): cookie_test causes false positives in vulnerability scanners: openvas reports vulnerability:
*Vulnerability Detection Result*
The cookies:
Set-Cookie: cookie_test=1417649... Koen de Boeve
11:02 PM Feature #4072 (Resolved): Display installed pkg version even if pkg server not available: thanks Chris Buechler
09:29 PM Feature #4072 (Resolved): Display installed pkg version even if pkg server not available: Display the currently installed package version numbers, along with text like "Latest: N/A". and the Version box bein... Phillip Davis
10:58 PM Todo #4073 (Resolved): Validate bogon update failure handling: Soft failures returned by fetch resulted in immediate and continual retries prior to the last couple days. Now it at ... Chris Buechler
10:53 PM Bug #3894: OpenVPN client started multiple times when connecting to FQDN where connectivity to server is delayed: The last update has nothing to do with your issue Dmitriy, the fix I put in a couple weeks ago is fine for that. Erma... Chris Buechler
12:48 PM Bug #3894: OpenVPN client started multiple times when connecting to FQDN where connectivity to server is delayed: Does that mean that the issue remains intact? Or SIGKILL will do in my case? Dmitriy K
11:02 AM Bug #3894: OpenVPN client started multiple times when connecting to FQDN where connectivity to server is delayed: Since the circumstance Phil noted is pretty common, and the change that caused a problem there had no benefit on the ... Chris Buechler
08:41 PM Bug #4071 (Resolved): IPsec with remote gateway of FQDN missing rightid after boot: fix confirmed on two of my systems and slpalmer's where I originally found the issue. Chris Buechler
08:36 PM Bug #4071 (Resolved): IPsec with remote gateway of FQDN missing rightid after boot: Where a P1 exists with a FQDN as the remote-gateway, ipsec.conf is missing rightid after boot. Adding ticket for trac... Chris Buechler
06:42 PM Revision e78509cc: fix IPv6 static routes, is_ipaddrv6 returns true for strings including a: CIDR mask, which then ended up broken. Chris Buechler
05:05 PM Revision 30640018: Change our default resolv-retry back to OpenVPN's default. Changing this: didn't help the ticket where it was intended to help, which was later
fixed differently. This change in defaults is p... Chris Buechler
04:59 PM Bug #4070 (Resolved): Vulnerability SSL Weak Ciphers: openvas reports vulnerability:
*Vulnerability Detection Result*
Weak ciphers offered by this service:
SSL3_RSA... Koen de Boeve
04:13 PM Bug #4009: Selecting "Embedded" during install does not activate the serial console in a persistent way on amd64: Worked fine on my tests, will leave it open to hear a 2nd opinion Renato Botelho
03:41 PM Bug #4066 (Feedback): Dynamic DNS updates failing on PPPoE reconnect: Please try again with last snapshots Renato Botelho
12:52 PM Bug #4066 (Resolved): Dynamic DNS updates failing on PPPoE reconnect: Dynamic DNS updates started failing within the last few days with: ... Chris Buechler
02:20 PM Bug #4067 (Confirmed): Unbound configuration does not get synchronized to the secondary members of a cluster install: probably should add a new config sync checkbox for DNS Resolver, and leave DNS Forwarder as is. Chris Buechler
01:16 PM Bug #4067 (Resolved): Unbound configuration does not get synchronized to the secondary members of a cluster install: Unbound configuration does not get synchronized to the secondary members of a cluster install.
There is no provision... Ermal Luçi
02:19 PM Feature #4068 (Confirmed): CAs present on CERT manager are not trusted from pfSense: Chris Buechler
01:18 PM Feature #4068 (Resolved): CAs present on CERT manager are not trusted from pfSense: Normally the CAs imported/generated on the CERT manager of pfSense should be trusted to help avoid issues with cert v... Ermal Luçi
01:41 PM Feature #3029: DHCPv6 Server/RA page should list interfaces that are configured to track DHCP-PD: Definitely interested in this one. Other open source router firmwares have figured out how to do DHCPv6 on a LAN that... Anonymous
12:57 PM Revision 576af570: Merge pull request #1359 from phil-davis/patch-1: Renato Botelho
11:42 AM Revision efa28692: Display installed pkg version even if pkg server not available: Forum: https://forum.pfsense.org/index.php?topic=84820.0
It seems reasonable to me to display the currently installed... Phil Davis
11:25 AM pfSense Packages Bug #4059: library required by squid3 may be absent: the root issue from #4018 is fixed, this package has a separate issue. Chris Buechler
04:28 AM pfSense Packages Bug #4059: library required by squid3 may be absent: Just in case installed squid3 3.4 and it doesn't work:
@Dec 3 14:27:47 php-fpm[7738]: /pkg_mgr_install.php: The comm... Dmitriy K
04:11 AM pfSense Packages Bug #4059: library required by squid3 may be absent: This is an issue with incorrect symlinks. This issue is tracked in #4018. Dmitriy K
10:50 AM Bug #3790 (Confirmed): Input validation is too strict for IPv6 Prefix ID for Track Interface: Chris Buechler
10:09 AM Bug #4065 (Rejected): There is no way a gif tunnel could be used as a default ipv6 gateway automatically: you have to mark the gif's gateway as default if you want it as such, that's not a bug. Chris Buechler
06:40 AM Bug #4065 (Rejected): There is no way a gif tunnel could be used as a default ipv6 gateway automatically: Steps to reproduce:
1. Create a GIF IPv6 tunnel (*gifx*);
2. *gifx* tunnel should be the only one tunnel in the sys... Dmitriy K
03:35 AM Revision a94b1edc: Merge pull request #1348 from phil-davis/patch-4: Chris Buechler
03:28 AM Revision c042bc3b: Merge pull request #1357 from DasTestament/patch-1: Chris Buechler
02:50 AM Revision d12e3d3c: reload Unbound here, fixes some instances of PD-assigned v6 IPs missing from unbound.conf: Chris Buechler
02:15 AM Revision a0e9e17d: If get_interface_ip(v6) is passed an IP, return the IP.: Properly set up interface binding for v6 link local IPs. Ticket #4021
except had to comment out the fix for now beca... Chris Buechler

12/02/2014

11:06 PM Bug #4064 (Confirmed): improper handling of DNS servers by rtsold: should also be safe to remove resolvconf entirely once this is done, as Ermal suggested yesterday. Right now rtsold l... Chris Buechler
11:02 PM Bug #4064 (Resolved): improper handling of DNS servers by rtsold: rtsold is configured at its defaults, which calls resolvconf to update resolv.conf. It ends up blowing away everythin... Chris Buechler
10:18 PM Bug #4056 (Resolved): IKEv2 rekeying issues: Confirmed fixed in multiple production systems where this could be replicated. Chris Buechler
10:13 PM Bug #4018 (Resolved): several packages not looking in pbi dir for files: Renato and I have tested nearly every package. This issue in general is fixed. There are still some issues with indiv... Chris Buechler
08:36 PM Feature #4063 (Duplicate): Captive Portal: Sync IPFW table states between CARP Members: Dear all,
Currently PFSYNC doesnt sync Captive Portal user states in CARP settings. If failover occurs, users need... Wan Hafizi
08:12 PM Bug #4021 (Confirmed): Unbound doesn't handle v6 link local correctly: this is fixed, except I had to comment out the fix for now because of #4062 Chris Buechler
07:59 PM Bug #4062 (Resolved): pfSense_getall_interface_addresses truncates v6 link local IPs: pfSense_getall_interface_addresses returns v6 link local IPs minus the %interface off the end. That makes get_possibl... Chris Buechler
06:41 PM Bug #3996 (Feedback): Solarflare NIC panic with LACP: back to me for testing after discussion with Jim. I now have a Solarflare card to test. Chris Buechler
06:29 PM Bug #4061 (Confirmed): dhcpd doesn't send client-hostname to peer, breaking DHCP lease registrations w/HA: In a HA setup with DHCP server enabled, both peers will assign IPs. The leases that sync to peers don't include clien... Chris Buechler
05:46 PM Revision 0b0d83cb: Use clog -f /var/log/filter.log to view firewall log entries, so they are displayed in the new format.: Jim Pingle
05:31 PM Bug #4060 (Rejected): SSL weirdness in redmine: I set HTTP on redmine.pfsense.com to redirect to https://redmine.pfsense.org. We don't link to .com anywhere, though ... Chris Buechler
04:52 PM Bug #4060: SSL weirdness in redmine: I didn't even notice that! The interesting part is that I followed a link to that... I'll try to retrace my steps, ... Adam Thompson
04:32 PM Bug #4060: SSL weirdness in redmine: That screenshot shows you're trying to connect to redmine.pfsense.com rather than redmine.pfsense.org. The certificat... Ross Williamson
12:57 PM Bug #4060 (Rejected): SSL weirdness in redmine: Pretty much just FYI...
When navigating to https://redmine.pfsense.org/ using Chrome Version 39.0.2171.65 (64-bit)... Adam Thompson
05:14 PM Revision 690b557c: wait 10 minutes before retrying on soft failures to avoid us getting DoSed: if something is wrong there (like someone's system can't validate the
cert) Chris Buechler
05:08 PM Revision a82b458f: don't include cert.pem in the obsoletedfiles list.: Chris Buechler
02:05 PM Feature #336: Option to create lagg under assign interfaces: Best procedure I've found so far:
Tools required:
1. A switch with at least two ports configured for 802.1Q-over-... Adam Thompson
01:40 PM Feature #336: Option to create lagg under assign interfaces: This is still an outstanding problem in 2.2-beta as of 20141201-1400 build... and it's a royal PITA to work around. Adam Thompson
01:20 PM Bug #3790: Input validation is too strict for IPv6 Prefix ID for Track Interface: A couple of additional items for this that need to be resolved...
- When the prefix selection box first appears, i... Anonymous
11:59 AM Revision 3377dc9d: Preserve exit code lost from s/exit/return/: Ermal Luçi
11:35 AM Revision 110967a4: Try to not make useless entries in the config file for very rare used configuration values. Makes config file readble and with less size: Ermal Luçi
11:24 AM Revision 7f060014: Cleanup whitespace.: Ermal Luçi
11:01 AM Revision 52550ca5: Remove exit from as much as possible backend code: Ermal Luçi
10:46 AM Bug #3894: OpenVPN client started multiple times when connecting to FQDN where connectivity to server is delayed: I understand that, and I will now go to all my site-to-site clients on 2.1.5 and turn on that setting so it carries o... Phillip Davis
10:30 AM Bug #3894: OpenVPN client started multiple times when connecting to FQDN where connectivity to server is delayed: You have an option resolve-retry-inifinite on the openvpn settings.
Use that to have it behave as before. Ermal Luçi
10:01 AM Bug #3894: OpenVPN client started multiple times when connecting to FQDN where connectivity to server is delayed: I have systems where the internet somewhere goes away quite regularly. The actual pfSense WAN interface to the upstre... Phillip Davis
10:33 AM Revision 9ea554ee: Remove exit from as much as possible backend code: Ermal Luçi
10:28 AM Revision 8ad1ee63: Remove exit and also properly close open files: Ermal Luçi
10:26 AM pfSense Packages Bug #4059: library required by squid3 may be absent: I attempted a package install of squid3 (3.4.9_pkg 0.1). The install... John D
10:24 AM pfSense Packages Bug #4059 (Resolved): library required by squid3 may be absent: I attempted a package install of 3.4.9_1 pkg 0.1. The install proceeds, but the subsequent start of the squid3 servi... John D
10:24 AM Revision 2eb3efc2: Lock rc.linkup based on interface to avoid races in between up/down events which might create a loop. This is more a timing issue but better enforce serialization here. check_reload_status forces this but not between start and stop but just between similar events. Probably need to bring more inteligence there.: Ermal Luçi
10:18 AM Revision 6a1ed2cd: Avoid calling exit in backend now that fpm is used for php since its a pesimization and can break calling scripts assumption on locks.: Ermal Luçi
10:07 AM Revision 1ff8e8f6: Comment out copy paste of v4 code. No need to delete arp entries on v6.: Ermal Luçi
10:06 AM Revision f74c9aba: Comment out copy paste of v4 code. No need to delete arp entries on v6.: Ermal Luçi
09:32 AM Bug #4058 (Resolved): WAN interface configured as PPPoE not displaying properly in Interfaces box of Dashboard: When running 2.1, the dashboard displayed all the various interfaces as: interface, link status, link speed/duplex, i... John D
08:12 AM Bug #4057: [Cosmetic] ssh_tunnel_shell timer issues: I would assume that you either show hours, or show minutes, or, if you show both, make it so the format 'x hour and y... Anonymous
07:45 AM Bug #4057 (Rejected): [Cosmetic] ssh_tunnel_shell timer issues: It is showing hours and minutes in total.
It is not showing passesd hours and minutes.
If you do the math 1331 mi... Ermal Luçi
04:17 AM Bug #4057 (Rejected): [Cosmetic] ssh_tunnel_shell timer issues: The minute timer in the SSH-only banner is not decrementing the number of elapsed minutes based on the number of elap... Anonymous
08:01 AM Bug #3670: IPv6 DHCP-PD over PPPoE non functional + radvd core dump + solution: Can you confirm that dhcpv6 is running on top of pppoe? Ermal Luçi
06:08 AM Bug #3670: IPv6 DHCP-PD over PPPoE non functional + radvd core dump + solution: I believe this bug should be targeted against 2.2 Dmitriy K
12:27 AM pfSense Packages Todo #4029: Update phpsysinfo package: Chris Buechler wrote:
> if someone wants to fix it, they can. we're not going to.
Thank you for the info..
I t... Patrick Schmidt

12/01/2014

10:54 PM Revision 9eabb248: also take into account the "all" option in Unbound Network Interfaces when: setting 127.0.0.1 into resolv.conf. Chris Buechler
02:54 PM pfSense Packages Todo #4029 (Needs Patch): Update phpsysinfo package: if someone wants to fix it, they can. we're not going to. Chris Buechler
02:43 PM pfSense Packages Todo #4029 (Rejected): Update phpsysinfo package: phpsysinfo was removed from pfSense 2.2 and higher Renato Botelho
02:33 PM pfSense Packages Todo #4029: Update phpsysinfo package: Current version also doesn't work on pfSense 2.2 with php 5.5.x. Renato Botelho
02:33 PM Bug #4056 (Resolved): IKEv2 rekeying issues: adding a ticket for the IPsec rekeying issue we've been tracking the last few days. Appears to be this strongswan bug... Chris Buechler
12:43 PM Bug #4046 (Resolved): Invalid access-control.conf entry with certain IPv6 settings: Chris Buechler
11:18 AM Revision be5b4133: Revert "/etc/ssl/cert.pem was obsoleted by mistake, remove it": Since /usr/local/ssl/cert.pem is in place now, it can be obsoleted
This reverts commit bb788b8ceb3337b62401819378ec3... Renato Botelho
11:17 AM Revision bb788b8c: /etc/ssl/cert.pem was obsoleted by mistake, remove it: Renato Botelho
11:06 AM Revision 4dd7ca80: Update filter.inc: Add missing gettext.
p.s: Is it really needed to log? Lots of rules causes lots of spam on ifaces without gw. Such k... Dmitriy K.
10:11 AM pfSense Packages Feature #4055 (Rejected): Enable area authentication from GUI: I can not find how to enable "area 0.0.0.0 authentication" from the GUI for Services Quagga OSPFd Agustín Eijo
09:02 AM Revision 7ceff68a: Unlink temporary xml file to avoid filling up space with junk files: Ermal Luçi
08:47 AM Revision be544b90: Ticket #4053, manually merge improvements on rrd restore handling.: Ermal Luçi
08:43 AM Revision 02b81e84: Ticket #4053, manually merge improvements on rrd backup handling.: Ermal Luçi
08:11 AM pfSense Packages Feature #4054: Package Country Block: OK, too bad. There is a reason this old version is still running : impossible to get a maintenance window with the cl... Julien Gormotte
06:58 AM pfSense Packages Feature #4054 (Rejected): Package Country Block: pfSense 1.2.3 is no longer supported, many packages have been broken there for quite some time. If packages are requi... Jim Pingle
06:17 AM pfSense Packages Feature #4054 (Rejected): Package Country Block: Hello,
You disabled the Country Block package saying :
"disable the old, unmaintained CountryBlock package that'... Julien Gormotte
02:35 AM Feature #4053 (Resolved): Make backup of RRD more efficient on using /var disk space: Commits have been made and make this happy.
Probably need to merge this in 2.1 branch that i am going to do now. Ermal Luçi
02:10 AM Feature #4053 (Resolved): Make backup of RRD more efficient on using /var disk space: On shutdown, the RRD data is all expanded from /var/db/rrd/*.rrd to /var/db/rrd/*.xml, then all the *.xml are put int... Phillip Davis

11/30/2014

01:15 AM Bug #3670: IPv6 DHCP-PD over PPPoE non functional + radvd core dump + solution: I can confirm that at least the first problem also exists in 2.2-BETA.
In shell, ifconfig gives me:... Furen Xiao

11/29/2014

07:43 PM Revision e3afacbb: Only set i_dont_care_about_security_and_use_aggressive_mode_psk=yes where there is a P1 with aggressive+PSK enabled. Log a warning when such a configuration is in use.: Chris Buechler
12:27 PM Revision cc62e5ed: Merge pull request #1356 from phil-davis/patch-3: Renato Botelho
12:20 PM Revision 9c97e4b8: Correctly delete xml file after restore and conversion to rrd: When doing "Generating RRD graphs" at bootup, the data is restored from /cf/conf/rrd.tgz into xml format files in /va... Phil Davis
12:10 PM Revision 345145e2: Merge pull request #1355 from phil-davis/patch-2: Renato Botelho
11:45 AM Revision 8c2a5a73: Fix bracketing of if statement in unbound: Stops message:
Warning: in_array() expects parameter 2 to be array, null given in /etc/inc/unbound.inc on line 607
Th... Phil Davis
06:38 AM Bug #4046: Invalid access-control.conf entry with certain IPv6 settings: I was on a build dated 11/25. It doesn't seem to be a problem on a newer build now, so it must have been something th... Anonymous
04:58 AM Revision 978b8f50: fix syntax on prefix6 for DHCPv6 PD: Chris Buechler
03:23 AM Bug #4041 (Resolved): Default gateway switching logic seems broken: Ermal Luçi
01:18 AM Bug #4041: Default gateway switching logic seems broken: This can be closed, Ermal fixed it in the latest snapshots. Anonymous
01:33 AM Revision c5cd9b75: validate MTU and MSS as integers, and don't allow MSS larger than pf will accept to avoid broken rulesets.: Chris Buechler
01:30 AM Bug #4048 (Resolved): cosmetic-only RRD error in logs on nano during boot: fixed Chris Buechler
01:17 AM Revision a96dc32e: Add input validation on vpn_ipsec_settings.php. Fixes #4052.: Chris Buechler
01:12 AM Bug #3996 (Rejected): Solarflare NIC panic with LACP: Jim Thompson
01:11 AM Bug #3996: Solarflare NIC panic with LACP: Ermal is correct.
Check the contents of the patch against https://svnweb.freebsd.org/base/releng/10.1/sys/dev/sfxg... Jim Thompson
12:57 AM Feature #3916: IPsec status Overview tab no longer an overview: I tend to side with Ermal here.
More debugging (what you're calling "too noisy") is good.
I don't think there... Jim Thompson
12:53 AM Bug #2762: PF drops IPv6 packets with fragment header followed by a last fragment only: Jens,
If you look at that thread, Ermal has the fix in-hand.
IJS... Jim Thompson

11/28/2014

11:30 PM Revision 5a663a5d: Skip v6 WANs in Unbound access-control. Ticket #4023: Chris Buechler
11:12 PM Bug #4051 (Resolved): Not assigning v6 DNS when Unbound is enabled: fixed Chris Buechler
04:20 PM Bug #4051: Not assigning v6 DNS when Unbound is enabled: Applied in changeset commit:f4620b36fdc29ed665776f50a01423c901a48411. Chris Buechler
04:06 PM Bug #4051 (Feedback): Not assigning v6 DNS when Unbound is enabled: should be fixed, will double check on additional systems. Chris Buechler
04:04 PM Bug #4051 (Resolved): Not assigning v6 DNS when Unbound is enabled: Some things for v6 DNS assignment are only checking if dnsmasq is enabled, not unbound. About to push a fix, adding t... Chris Buechler
10:30 PM Revision 80075b9e: fix v6 access-control in Unbound, Ticket #4023: Chris Buechler
10:26 PM Revision 719db60e: Ticket #4009 Force serial console whenever the installer told us so.: Ermal Luçi
10:09 PM Bug #4023 (Resolved): allowed networks in Unbound inadequate: fixed Chris Buechler
05:28 PM Bug #4023 (Feedback): allowed networks in Unbound inadequate: this should be good, leaving for more testing. Chris Buechler
10:09 PM Revision f4620b36: check if Unbound is enabled in addition to dnsmasq for v6 DNS assignment. Fixes #4051: Chris Buechler
10:01 PM Bug #2786: Setting MTU on VLAN does not set MTU on parent interface in 2.2: Yep, seems to be working correctly now. Thanks!
I did end up having to reboot after changing the MTU setting for m... Andy Sayler
09:54 PM Revision b7960673: Fix input validation for DNS resolver when localhost is enabled in resolv.conf and "all" chosen in Network Interfaces. While here, set something other than '' when all is chosen.: Chris Buechler
09:47 PM Revision 2388a1ac: Merge pull request #1354 from phil-davis/patch-2: Ermal LUÇI
08:53 PM Revision 7b9dfd6b: Correct some logic and remove temporary files: Ermal Luçi
08:50 PM Revision 7966b0df: Make restore one by one to help https://forum.pfsense.org/index.php?topic=84693.0: Ermal Luçi
08:05 PM Bug #4049 (Resolved): dashboard PHP warnings: fixed Chris Buechler
12:27 PM Bug #4049: dashboard PHP warnings: Yeah that was the circumstance that prompted me to open this, I realized this morning. To me for testing. Chris Buechler
08:50 AM Bug #4049 (Feedback): dashboard PHP warnings: Applied in changeset commit:16d6c1df8c5b110c9fd7a5e9238d03b820ed2445. Renato Botelho
05:21 AM Bug #4049 (Assigned): dashboard PHP warnings: It still happens after a system upgrade with packages installed, while packages are being reinstalled during boot you... Renato Botelho
07:52 PM Bug #4052 (Resolved): vpn_ipsec_settings.php missing input validation: fixed Chris Buechler
07:30 PM Bug #4052: vpn_ipsec_settings.php missing input validation: Applied in changeset commit:a96dc32e35766aa6c0788154a2b246bb76b252c2. Chris Buechler
07:11 PM Bug #4052 (Feedback): vpn_ipsec_settings.php missing input validation: should be fixed Chris Buechler
07:11 PM Bug #4052 (Resolved): vpn_ipsec_settings.php missing input validation: There isn't input validation on vpn_ipsec_settings.php. Chris Buechler
05:40 PM Bug #4043 (Resolved): ipsec_dump_sad has issues with IKEv2: fixed Chris Buechler
05:39 PM Revision 8676899f: Process RRD backup compression in var: Prior to this the RRD xml files were added uncompressed to the archive in /cf/conf and then that archive was compress... Phil Davis
05:38 PM Bug #4018 (Feedback): several packages not looking in pbi dir for files: Looks to be fixed. A full PBI rebuild ran, and we're going through testing packages. Chris Buechler
05:37 PM Bug #4050 (Resolved): Unbound advanced page missing input validation: fixed Chris Buechler
02:09 AM Bug #4050 (Feedback): Unbound advanced page missing input validation: this should be fixed, leaving for review. Chris Buechler
04:21 PM Bug #4009 (Feedback): Selecting "Embedded" during install does not activate the serial console in a persistent way on amd64: Hoepfully the latest commits with a file makes this final solution. Ermal Luçi
04:05 PM Revision c1819b48: Process the rrd files one by one to fix https://forum.pfsense.org/index.php?topic=84693.0. Restore will come after: Ermal Luçi
03:48 PM Revision fea0b652: Correct typo on variable. Should help https://forum.pfsense.org/index.php?topic=84451.0: Ermal Luçi
02:43 PM Revision 16d6c1df: Add a parameter on platform_booting to help detect if it's on GUI on console and use it in appropriate places, it fixes #4049: Renato Botelho
02:15 PM Revision 5acce704: Fix sapi name check to detect if it's on console, ticket #4049: Renato Botelho
12:11 PM Revision e48a7cf4: Remove the . here they just confuse things as in Ticket #4049. Also check that the script is called from console to trigger the convertion and mounting of floppy.: Ermal Luçi
12:05 PM Revision d8648df4: Remove these booting settings since are useless: Ermal Luçi
12:04 PM Revision 4854e3a2: Remove these booting settings since are useless: Ermal Luçi
12:00 PM Revision 359655af: Remove these booting settings since are useless: Ermal Luçi
11:50 AM Revision 42982b22: Bring back the old way of waiting for 3 times of 10seconds on bootup for a ppp type interface to come up. while here also do bringup of virtual interfaces only when not booting: Ermal Luçi
11:14 AM Revision 6f1b89e9: Use function for determining if its ppp type: Ermal Luçi
11:13 AM Revision a9163efe: Cleanup some code and use function for easier management: Ermal Luçi
09:17 AM Revision 4dbc18db: Merge pull request #1352 from phil-davis/patch-8: Renato Botelho
09:17 AM Revision ba44446f: Merge pull request #1351 from phil-davis/patch-7: Renato Botelho
08:10 AM Revision f865302f: Add input validation to Unbound advanced settings page. Ticket #4050: Chris Buechler
06:47 AM Revision 823cabba: Validate as integers, not just numeric, to prevent possible breakage.: Chris Buechler
04:10 AM Revision f8f5ba1a: Add option to disable auto-added access-control entries for users who want to manually manage ACLs. Ticket #4023: Chris Buechler
03:03 AM Revision aea7da2f: Fixup misleading comment: This comment was misleading - this is the IP of whatever interface that is being processed, not just WAN IP. Might as... Phil Davis
02:55 AM Revision bd4471a4: Fix module name in top comment: A bit of rubbish to update while I notice it. Phil Davis

11/27/2014

10:14 PM Bug #4050 (Resolved): Unbound advanced page missing input validation: There is effectively no input validation on services_unbound_advanced.php. Chris Buechler
09:17 PM pfSense Packages Bug #3986: BandwidthD can break php-fpm in unknown rare edge case: Hi,
Yes, I can definitely reproduce this - just installed the latest version of pfSense (v2.2, from today), and I ... Russell Morris
02:20 AM pfSense Packages Bug #3986: BandwidthD can break php-fpm in unknown rare edge case: I will try a few variations again to see if I can break anything. I did see it in a CPU loop on a 2.1.5 system last w... Phillip Davis
12:57 AM pfSense Packages Bug #3986 (Feedback): BandwidthD can break php-fpm in unknown rare edge case: bandwidthd works in general on 2.2 now. The issue Phil noted with php-fpm may still be a problem in some circumstance... Chris Buechler
08:44 PM Revision 5d4b8830: Unset any previous dat: Ermal Luçi
08:44 PM Revision e6283dfd: Use the pfsense module functions rather than execing. Fixes also possible attack vectors.: Ermal Luçi
08:44 PM Revision 7a63d5d0: Fixes #4040 for pppoe use static route with -iface option to help when more than one pppoe has the same gateway. Also kill states when reloading apinger to catch up with new route: Ermal Luçi
08:44 PM Revision 0174c480: Use the pfsense module functions rather than execing. Fixes also possible attack vectors.: Ermal Luçi
06:54 PM Revision 045287e8: use correct variable here: Chris Buechler
03:16 PM Feature #446 (Resolved): Enable ether interface to be reused (when used for PPPOE), like wireless clone: Ermal Luçi
03:13 PM pfSense Packages Bug #3905 (Feedback): Upgrade from 2.1.3 to 2.1.5 broken Net/SNMP.pm path: likely not an issue in 2.2, leaving for feedback. Chris Buechler
03:12 PM pfSense Packages Bug #3292 (Resolved): Syslog-ng accidentally gzip's SSL key file + fix: Chris Buechler
03:12 PM Bug #2943 (Feedback): Problem with Interim-Update in PfSense Captive portal: Chris Buechler
03:10 PM Bug #3999 (Closed): SRC, GW wrong in pftop on 2.2: This is not a bug or problem.
Interal structures in pf make this be displayed this way. Ermal Luçi
03:09 PM Revision 648661c5: Make the parsing of setkey -d(SAs) more reliable. Fixes #4043: Ermal Luçi
03:07 PM pfSense Packages Bug #3145 (Resolved): NRPEv2 problem with created configuration and check_nrpe2 (for example): Chris Buechler
03:06 PM pfSense Packages Bug #3203 (Resolved): vnstat2 not working after pfsense 2.1 upgrade: Chris Buechler
03:05 PM pfSense Packages Bug #2851 (Resolved): Varnish3 config: add option to disable probing: Chris Buechler
03:04 PM pfSense Packages Bug #2698 (Resolved): freeradius2 counter not working: Chris Buechler
03:02 PM pfSense Packages Bug #2930 (Resolved): NRPE package broken on 2.1: Chris Buechler
03:01 PM pfSense Packages Bug #1887 (Resolved): axfrdns from tinydns is not working: Chris Buechler
03:00 PM pfSense Packages Bug #1213 (Resolved): Mod_Security+Apache+Proxy: fixed long ago Chris Buechler
02:57 PM pfSense Packages Bug #2892 (Resolved): "pfblocker_Range2CIDR" function yields erroneous results (pfBlocker v1.0.2): Chris Buechler
02:56 PM pfSense Packages Bug #3368 (Resolved): ProxyPassReverse / balancer://cluster/ adds extra slash to redirect: Chris Buechler
02:54 PM pfSense Packages Bug #2217 (Resolved): Varnish2+3 does not save custom VCLs vcl_fetch_early and vcl_fetch_late: Chris Buechler
02:54 PM pfSense Packages Bug #2624 (Resolved): Varnish3 Package + GUI seems broken: Chris Buechler
02:52 PM Bug #4009: Selecting "Embedded" during install does not activate the serial console in a persistent way on amd64: No need for an embedded kernel, maybe a flag file in /conf/ that is set/checked to signal that the serial console sho... Jim Pingle
02:39 PM Bug #4009: Selecting "Embedded" during install does not activate the serial console in a persistent way on amd64: I committed that part by accident.
Though i think returning a embedded kernel only for this is redundant no? Ermal Luçi
01:33 PM Bug #4009: Selecting "Embedded" during install does not activate the serial console in a persistent way on amd64: Seems like that would still be possible to bypass in a few ways (like ACB). Relying on config.xml for what should be ... Jim Pingle
12:21 PM Bug #4009: Selecting "Embedded" during install does not activate the serial console in a persistent way on amd64: Yeah that seems fine if it works, haven't tested it. Maybe JimP can think of a scenario where that doesn't work, but ... Chris Buechler
09:21 AM Bug #4009: Selecting "Embedded" during install does not activate the serial console in a persistent way on amd64: Do you agree with this diff?... Ermal Luçi
03:40 AM Bug #4009: Selecting "Embedded" during install does not activate the serial console in a persistent way on amd64: This is important in that it'll be a support nightmare to put out a release that makes it this easy to break the cons... Chris Buechler
02:50 PM Bug #4040: gateway monitoring issues with multiple PPPoE with same gateway: Applied in changeset commit:7a63d5d095edf84850715af23c6e380542896a1d. Ermal Luçi
02:42 PM Bug #4040 (Feedback): gateway monitoring issues with multiple PPPoE with same gateway: Ermal Luçi
02:50 PM pfSense Packages Bug #1236 (Closed): Anyterm package doesn't start after upgrade: anyterm package no longer exists Chris Buechler
02:48 PM pfSense Packages Bug #2256 (Resolved): FreeRadius not starting: Chris Buechler
02:47 PM pfSense Packages Bug #3323 (Resolved): BIND, Reverse Zones and Register DHCP static mappings.: Chris Buechler
02:46 PM pfSense Packages Bug #4034 (Confirmed): AutoConfigBackup - user-config-readonly priv still does backup: We'll fix this as part of ACB enhancements immediately post-2.2. Chris Buechler
02:13 PM Revision 4ce77a6c: Correct logic of skipping for gif/gre/bridge on top of _vips. Even though this is not anymore a problem in 10 since the vip is on the physical interface but for now its ok.: Ermal Luçi
02:06 PM Revision 7e677d85: Simplify code flow not functional change just aesthetics.: Ermal Luçi
01:48 PM Revision f72ea82a: Put the safety belts for rrds on its proper location. No need to create /tmp and change permissions on these paths: Ermal Luçi
01:48 PM Revision 1a28657c: Try to silence the errors for missing /var/db/rrd during bootup.: Ermal Luçi
11:58 AM Revision 2bc1451a: Merge pull request #1350 from phil-davis/patch-6: Renato Botelho
11:09 AM Revision 68017562: Put a comment for the wierd code here: Ermal Luçi
11:08 AM Revision da145569: Handle recovering of ppp types as pppoe/l2tp/pp2p when the parent comes up. It should solve the issues present before on pppoe not recovering on link loss especially when connected directly to modem.: Ermal Luçi
10:27 AM Revision e318d592: Fix Unbound host_entries.conf warnings on console during boot: system_hosts_generate() tried to make /var/unbound/host_entries.conf at various times in the boot sequence before the... Phil Davis
09:46 AM Revision 23c5cf73: Merge pull request #1349 from phil-davis/patch-5: Renato Botelho
09:43 AM Revision 3cd3cbd2: Setup rrd dir before calling create_gateway_quality_rrd: Stops error:
ERROR: opening '/var/db/rrd/WAN_DHCP-quality.rrd': No such file or directory
in system log during boot.
... Phil Davis
09:20 AM Bug #4043: ipsec_dump_sad has issues with IKEv2: Applied in changeset commit:648661c57bfdd75e4916be6bdb537bff378d9f0d. Ermal Luçi
09:04 AM Bug #4043 (Feedback): ipsec_dump_sad has issues with IKEv2: Ermal Luçi
09:05 AM Bug #4048 (Feedback): cosmetic-only RRD error in logs on nano during boot: Commits have been done to fix this. Ermal Luçi
12:47 AM Bug #4048 (Resolved): cosmetic-only RRD error in logs on nano during boot: During boot, nano logs things like the following: ... Chris Buechler
07:59 AM Revision a7f79eda: Use the undocumented -q options of devd to reduce spamming on logs. pfSense scripts do their logging so not necessary to have devd in there.: Ermal Luçi
07:46 AM Revision f29e20a3: Do not run this during bootup: Ermal Luçi
07:42 AM Revision bf635e7d: Optimize: Ermal Luçi
07:41 AM Revision e546d2d1: Do not run this code during upgrade and if ost is booting up: Ermal Luçi
03:33 AM Bug #4049 (Resolved): dashboard PHP warnings: yeah that must have been cache. Multiple systems that were doing that no longer are. Chris Buechler
03:28 AM Bug #4049: dashboard PHP warnings: this was on the most recent snapshot available at the time I posted it, but I could have had stale cache. re-testing. Chris Buechler
03:26 AM Bug #4049 (Feedback): dashboard PHP warnings: I got this yesterday but Ermal has fixed it. Did you try last snapshot after clear browser's cache? Renato Botelho
02:33 AM Bug #4049 (Resolved): dashboard PHP warnings: Ermal's already been working on this, but it's still an issue and we don't have a ticket. The dashboard spews the fol... Chris Buechler
03:25 AM Bug #4025 (Resolved): package service starting issues post-package reinstall: been through a lot of testing with package reinstalls post-upgrade and just hitting "reinstall all packages", and thi... Chris Buechler
03:23 AM pfSense Packages Bug #3659 (Resolved): Bind Slave Zone - Ignoring Allow-transfer value: that was merged a while back and should have resolved this. Thanks! Chris Buechler
03:20 AM pfSense Packages Bug #3751 (Resolved): bandwidthd graphics missing: they're there Chris Buechler
03:18 AM pfSense Packages Bug #3533 (Feedback): bind package restores outdated config.xml: haven't heard of anyone else seeing this. Chris Buechler
03:17 AM pfSense Packages Bug #3056 (Resolved): Unbound not getting IPv6 host overrides: Chris Buechler
03:16 AM pfSense Packages Bug #4016 (Resolved): squid3 amd64 looks to have bad download link: it needed to be updated to 3.4, which has been completed. Chris Buechler
03:15 AM Feature #2505: Toggle button to disable/enable multiple firewall rules: This Feature would be much appreciated!
Not only for debugging but also for emergency situations,
i.e. if you want ... Frank Heydlauf
02:25 AM pfSense Packages Bug #4033: AutoConfigBackup - Do not overwrite previous backups for this hostname: Yep - gone from the GUI. That's the easy way to fix everything :) Phillip Davis
01:08 AM pfSense Packages Bug #4033 (Resolved): AutoConfigBackup - Do not overwrite previous backups for this hostname: yeah that's a legacy piece that doesn't do anything useful at the moment. I removed the checkbox for now. One of the ... Chris Buechler
02:03 AM pfSense Packages Bug #3400 (Resolved): apcupsd service config does not allow DEVICE to be set: Chris Buechler
02:02 AM Bug #4026 (Rejected): Virtual IP on a PPPoE interface - OpenVPN fails: VIP should be bound to localhost with PPPoE, not WAN. Chris Buechler
01:58 AM pfSense Packages Todo #1551: OLSR Version update: I'm contemplating removing this as a package. It is installed a couple dozen times a month, but I've never heard of i... Chris Buechler
01:52 AM pfSense Packages Todo #596 (Closed): Varnish package suggestions for VCL syntax checking: Chris Buechler
01:50 AM pfSense Packages Bug #3972 (Resolved): Avahi daemon doesn't start due to missing folder for requisite dbus-daemon.: bug here is fixed. would be nice to have a <service> tag, but this was a quick fix and that's a little more involved ... Chris Buechler
01:50 AM pfSense Packages Bug #3972 (Feedback): Avahi daemon doesn't start due to missing folder for requisite dbus-daemon.: Applied in changeset commit:a3ffce8ab05d830dba2b9d36da60178c1789fa65. Chris Buechler
01:12 AM Bug #3141 (Resolved): UPNP Interface selection contains default interface names: Chris Buechler
01:11 AM pfSense Packages Bug #3672 (Resolved): s/jailscanner/mailscanner and fix website links in pkg_config.10.xml: Chris Buechler
01:10 AM pfSense Packages Feature #3123 (Needs Patch): Implement OpenNHRP into Pfsense: Chris Buechler
01:09 AM pfSense Packages Bug #3850 (Feedback): Snort "add a new interface based on this" creates a bad configuration: Bill: was this fixed? Chris Buechler
01:02 AM pfSense Packages Bug #3962 (Confirmed): LADVD interface handling issues with lagg and bridge: There is a similar issue with lagg here. Our package should probably detect when you have a bridge or lagg and put it... Chris Buechler
01:00 AM pfSense Packages Bug #2845 (Closed): bandwidthd keeps saying "Please start bandwidthd to populate this directory." even after its started.: this isn't an issue in any recent versions, may have been in old versions at some point. Chris Buechler
12:08 AM Bug #2786 (Resolved): Setting MTU on VLAN does not set MTU on parent interface in 2.2: all good, also doesn't require a reboot for the most common scenarios. Chris Buechler

11/26/2014

09:53 PM Revision 08003661: Actually comment this code out since it causes more troubles than solves for any type: Ermal Luçi
09:46 PM Revision 6878d797: Just indent code to make it more readble.: Ermal Luçi
09:01 PM Revision 329c2bb3: Make at least the code correct here even though it does not make sense on what it does!: Ermal Luçi
08:17 PM Revision b8828d0a: This is revrsed conversion. The linkup script should run after booting not during it. This should help with issues on ppp type links reported: Ermal Luçi
08:11 PM Revision e17fad50: Actually rc.linkup needs the parent search for example on ppp type wans.: Ermal Luçi
08:05 PM Revision 5b7c2403: Mute this since only spams logs when interface is not there: Ermal Luçi
07:59 PM Revision 7d5fc0b3: Move these functions nearby since thy are related: Ermal Luçi
07:57 PM Revision 383f20a1: Actually get the correct value here!: Ermal Luçi
07:54 PM Revision 7bc73d5e: Actually consider parentmtu 0 here to get the real value when unassgined: Ermal Luçi
07:52 PM Revision 3e8035da: Properly respect other configured MTUs for other vlans. Properly respect parent of vlan MTU if configured. Also avoid errors when possible. This helps VLANs MTU handling but all the other interfaces as gre/gif/... needs the same handling. It is better to require reboot on MTU changes especially on complex configurations.: Ermal Luçi
07:42 PM Revision 31ddb935: Partially revert the previous modification on vlan mtu. The function job is to find the biggest mtu between vlans and let it do that: Ermal Luçi
07:37 PM Revision ac9f16ad: Go through the same checks when called from command line and when called from fcgi.: Ermal Luçi
07:34 PM Revision 5e0a3256: convert_real_interface_to_friendly_interface_name() goes and checks the parent and this gives wrong information 99.9 percent of the time on scenarios like when this is called for unassigned vlans etc, while its real purpose is just to check if the interface is assigned and return the intermeddiate/config name of the interface. Leave the get_parent_option there in the function but it needs to be asked specifically for.: Ermal Luçi
07:18 PM Revision 4f5577f6: Fix JavaScript confirmation dialog for EasyRule.: Jim Pingle
02:41 PM Revision e2fcd0e3: Skip the interface being configured from the list to check the mtu: Ermal Luçi
02:39 PM Revision cb054444: Seems somehow globals.inc are not being sucked in on the GUIgit diff! Make this a requirement here!: Ermal Luçi
02:21 PM Revision 94b0ac1c: Remove a blank row in the tab display during firmware update: Ermal Luçi
01:57 PM Bug #2786 (Feedback): Setting MTU on VLAN does not set MTU on parent interface in 2.2: Now works better than ever :)
Though on complex scenarios still needs a reboot to apply proper MTU allover as in G... Ermal Luçi
01:41 PM Revision 2f8f9d5a: Add checks for requirement as array here. Reported-by: garga: Ermal Luçi
01:29 PM Revision e702e9ed: Silence this error during bootup: Ermal Luçi
01:21 PM Revision ca301b52: Fix the function missing from config.inc. Spotted-by: garga: Ermal Luçi
12:10 PM Revision 285ef132: Rather than set the g['booting'] on globals provide a function to test for that doing the right checks: Ermal Luçi
11:41 AM Revision 32e834ff: Reorder the inclusion of headers so that globals.inc comes first: Ermal Luçi
11:30 AM Revision e861812c: Remove the booting signal if not needed to fix some issues reported on the GUI: Ermal Luçi
11:15 AM Revision 3d3dd668: Use the new available function: Ermal Luçi
11:11 AM Revision b9767e86: Fix variable typos introduced in eb8ad408: Renato Botelho
10:31 AM Revision eb8ad408: Cleanup code and make sense of it. While here do not forget gre tunnels as well:: Ermal Luçi
10:20 AM Revision 619cd0d6: Make this more readble and also do not trigger an interface_bring_up on a down event.: Ermal Luçi
10:16 AM Revision 5574e8d5: Correct the variable name typo to allow rc.linkup to function properly.: Ermal Luçi
10:15 AM Revision 708aa0ef: Remove variable use here since it's confusing sshdcond package, ticket #3959: Renato Botelho
07:18 AM Revision c683f627: include 169.254./16 in unbound's DNS rebinding protection: Chris Buechler
07:00 AM Revision e3045c51: include Unbound access-control entries for local IPv6 networks reachable via static route. Ticket #4023: Chris Buechler
05:42 AM Revision edee528c: Send the gateway name to this function. Fixes #4047: Chris Buechler
04:57 AM Revision 31afa084: Skip interface subnets for IPv4 here, this is best handled via the NAT networks list. Ticket #4023: Chris Buechler
04:39 AM Revision 3bdf2a70: Use the subnets automatic outbound NAT uses for tonatsubnets for Unbound's access-control config, as this is a good source of what networks are internal. Ticket #4023: Chris Buechler
04:30 AM pfSense Packages Bug #3959 (Feedback): sshdcond edit /etc/sshd and gets it wrong: Applied in changeset commit:a2103cc238bc568016d4ed931bd5ec52ca103fc8. Renato Botelho
03:12 AM Revision f1a6f696: If localhost is configured to be included in resolv.conf, force its selection in Unbound. The resolv.conf logic prevents that from being a problem, but people don't seem to realize they have to pick that to use Unbound for the host itself. Force it here rather than just silently skipping its inclusion in resolv.conf.: Chris Buechler
02:20 AM Revision 95834f84: correct logic here to omit 127.0.0.1 from resolv.conf when no DNS resolver bound there.: Chris Buechler
01:40 AM Bug #729 (Closed): if_bridge unpredictable filter interface selection: I've been through a good deal of bridging testing in 2.2. It all behaves as expected. The subject-described issue is ... Chris Buechler
01:36 AM Revision f72fce18: fix text here, variables came back empty and aren't all that useful here anyway.: Chris Buechler
01:34 AM Bug #3191 (Feedback): Quality RRD inaccuracies and failure to update status in some circumstances: things are much better with apinger in general after fixes in the past 1-2 months. I can still replicate some issues ... Chris Buechler
01:24 AM Bug #4042 (Resolved): AES-GCM should not be an option in P1: fixed, updated subject to reflect actual issue Chris Buechler
01:04 AM Bug #4023: allowed networks in Unbound inadequate: v4 should be good now. I removed the interface subnets for all enabled interfaces, since that's potentially excessive... Chris Buechler

11/25/2014

11:38 PM Bug #4047 (Resolved): address family check on dynamic gateways incorrect: fixed Chris Buechler
11:36 PM Bug #4047 (Resolved): address family check on dynamic gateways incorrect: The address family check for dynamic gateways doesn't work, preventing adding of static routes out dynamic gateways.
Chris Buechler
10:45 PM Bug #4023: allowed networks in Unbound inadequate: one update to use the same list of networks as automatic outbound NAT uses, that's the best internal networks list th... Chris Buechler
10:16 PM Revision 563ea7ea: only show aggressive/main mode for IKEv1: Chris Buechler
09:01 PM Revision a46dc3c7: fix typo: Chris Buechler
08:43 PM Revision 8e87f714: Unset the aggressive mode settings for not IKEv1 settings: Ermal Luçi
08:40 PM Revision 02069977: Ooops do the right things for a correct config and php syntax: Ermal Luçi
08:39 PM Revision 1eb378ed: Put the aggressive line only during ikev1 configs: Ermal Luçi
08:28 PM Revision 156a086d: Ignore linkup/down events on disabled interfaces.: Ermal Luçi
07:58 PM Revision 8b335b7a: Remove var_dump from production code: Ermal Luçi
07:56 PM Revision ee127967: Remove AES-GCM from phase1 settings algos since its not recommended: Ermal Luçi
07:34 PM Bug #4046 (Feedback): Invalid access-control.conf entry with certain IPv6 settings: I don't see any way it's possible for that to happen unless you're on an old version. Every part of the code that put... Chris Buechler
07:21 PM Bug #4046 (Resolved): Invalid access-control.conf entry with certain IPv6 settings: WAN connection with IPv6 via DHCP... when the box to request only a prefix is checked, this results in the WAN interf... Anonymous
07:30 PM Revision 79f4c970: fix IPsec widget status display after recent changes broke it. Ticket #4045: Chris Buechler
07:23 PM Revision 2d2e466c: Show Mtu on status interfaces.: Ermal Luçi
07:04 PM Revision 3740c82b: Use proper function now that this call is not needed anymore: Ermal Luçi
07:02 PM Revision 2c4301fa: Ticket #2786 handle the mtu on bridge same as on lagg. Cleanup some not needed code while here: Ermal Luçi
06:32 PM Revision ba8e4c88: Remove the mac address propagation to vlans since FreeBSD 10 handles this itself: Ermal Luçi
06:23 PM Revision bc8f3264: Ticket #2786 there is an issue with convert_real_interface_to_friendly_interface which might return not expected data as in the situation checked for vlan case her ein the validation. Avoid for this case here the issue to allow properly setting mtu on vlans with not assigned parent.: Ermal Luçi
05:04 PM Bug #4043 (Confirmed): ipsec_dump_sad has issues with IKEv2: Chris Buechler
12:09 AM Bug #4043 (Resolved): ipsec_dump_sad has issues with IKEv2: ipsec_dump_sad works fine with IKEv1, but matches on the wrong parts of setkey output for IKEv2. Shifting the line nu... Chris Buechler
05:03 PM Bug #4030: AR9227 cards cause kernic panic when switched to n-mode: not seeing a crash report from anything on those first two octets. One in the same big Verizon block but well off fro... Chris Buechler
04:55 PM Revision 6c101e32: s/Unbound DNS Forwarder/Unbound DNS Resolver/ to be consistent with other wording in the GUI: Jim Pingle
04:50 PM Revision 4bbc32b9: Remove gmirror_status.inc from obsolete files list as it exists again in our repository.: Jim Pingle
04:48 PM Revision fc86e6c1: remove unused function referencing racoon: Chris Buechler
04:31 PM Revision 8ce58e05: Option for browser tab text order: Phil Davis
04:29 PM Revision 0274d41a: Option for browser tab text order: Easy thing to do - add an option for the user to select if they want the host name or page name text to display first... Phil Davis
04:23 PM Bug #2786 (Confirmed): Setting MTU on VLAN does not set MTU on parent interface in 2.2: unchanged for physical interface where parent isn't assigned. Clear test case on 172.27.32.125, igb1 and igb1_vlan10.... Chris Buechler
01:29 PM Bug #2786: Setting MTU on VLAN does not set MTU on parent interface in 2.2: Ok works for me.
Lagg needs a restart when the mtu is changed on a vlan on top of it properly the same behaviour wih... Ermal Luçi
09:50 AM Bug #2786 (Feedback): Setting MTU on VLAN does not set MTU on parent interface in 2.2: Applied in changeset commit:2b58f94e6005a4b1e8c3387341dc07f3c173269f. Ermal Luçi
03:36 PM Revision 2b58f94e: Fixes #2786, properly handle the chain of interfaces during lagg configuration for mtu. For most interfaces this works, bridge will be added in a separate commit: Ermal Luçi
02:32 PM Revision a8e43014: Actually to not change all scripts running both versions of console and gui just detect that the caller is through fpm-cgi and make it include config.gui.inc to avoid having issues in general from being called from wrong places.: Ermal Luçi
02:23 PM Revision 1ad2dc5b: Set the timezone even during config.gui.inc to please the timezone selection: Ermal Luçi
02:07 PM Revision 4ec33e13: Provision for inclusion from different places.: Ermal Luçi
02:02 PM Revision 624bf131: Remove useless check: Ermal Luçi
02:01 PM Bug #4042 (Feedback): AES-GCM should not be an option in P1: This was because AES-GCM was being used on Phase1 which is not recommended.
The options are removed now from the GUI... Ermal Luçi
10:08 AM Bug #4042 (Confirmed): AES-GCM should not be an option in P1: right, the problem is it's configured to send it, but it's not doing so. Chris Buechler
09:34 AM Bug #4042: AES-GCM should not be an option in P1: The other side is not sending AES-GCM in its list of supported algos hence you end up with no proposal found. Ermal Luçi
01:56 PM Revision c3bc039c: Do not let the config.inc to be included from GUI scripts.: Ermal Luçi
01:49 PM Bug #3558: Schedule States in System - Advanced - Misc not working: mine for testing Chris Buechler
01:49 PM Bug #3809: IPsec Save Xauth Password no longer work: others have reported it works with RSA+Xauth, I can't seem to get it to work with PSK+Xauth though. to me for more te... Chris Buechler
01:45 PM Bug #4045 (Resolved): IPsec dashboard widget status incorrect: confirmed after gitsync on others Chris Buechler
01:25 PM Bug #4045 (Feedback): IPsec dashboard widget status incorrect: Chris Buechler
01:22 PM Bug #4045 (Resolved): IPsec dashboard widget status incorrect: status on IPsec dashboard widget regressed after a recent change. about to push a fix, adding ticket for tracking Chris Buechler
11:15 AM Bug #3996: Solarflare NIC panic with LACP: If that "Solarflare patch" is the binary blob driver for sfxge, then we should yank it back out by the roots. Jim Thompson
09:57 AM Bug #3361 (Resolved): DHCP6 WAN is not obtaining a default gateway: On the current snapshot this is fixed on every system I could reproduce the problem with before. Updated multiple VMs... Jim Pingle
09:24 AM Revision c039d44a: Merge pull request #1347 from phil-davis/patch-3: Renato Botelho
07:28 AM Feature #4044 (Resolved): Add UEFI support: FreeBSD 10.1-RELEASE does appear to have support for UEFI installation images, however it appears as though pfSense s... Jason Ross
05:37 AM Revision 24aa9e40: fix up text: Chris Buechler
04:13 AM Bug #3968: Incorrect gateway is assumed when using tun + topology subnet: Everything is ok except for tun server. Incorrect IP is assumed: 5.45.32.2 is not exists and never existed.
--
... Dmitriy K
12:22 AM Bug #3991 (Resolved): /etc MFS on 2.2 Netgate build memstick image runs out of space: fixed Chris Buechler
12:20 AM Bug #3198 (Resolved): IPSEC, when nating to a different size subnet a invalid natting rule is made.: fixed. users will need to manually configure outbound NAT as desired in this circumstance. Chris Buechler
12:19 AM Bug #3981 (Resolved): strongswan "gets crazy" after a few reloads, wipes SAD and doesn't remove old SPD: fixed Chris Buechler
12:12 AM Bug #4037 (Resolved): delete missing from SAD and SPD screens: works for SAD, we'll leave SPD as is, shouldn't be a need for it. Chris Buechler

11/24/2014

11:07 PM Bug #4042 (Resolved): AES-GCM should not be an option in P1: Strongswan's documentation shows AES-GCM ciphers are valid for both IKEv1 and IKEv2.
https://wiki.strongswan.org/... Chris Buechler
11:02 PM Bug #4015: IKE version change needs javascript to update other available fields: removal of main/aggressive mode looks good.
thinking there are other things we're missing here, leaving to feedba... Chris Buechler
02:50 AM Bug #4015 (Feedback): IKE version change needs javascript to update other available fields: Applied in changeset commit:0771969b40bb37d0aa8b8d66fbd17b5176957231. Ermal Luçi
11:01 PM Bug #4041 (Resolved): Default gateway switching logic seems broken: Tested with:... Anonymous
09:45 PM Revision 73fc2ea0: Correct logic for lagg mtu. Also optimize and cleanup dead code: Ermal Luçi
09:23 PM Revision efed74da: Make this note more accurate.: Jim Pingle
09:07 PM Revision 2f851abf: Fixes #4039 remove the toggle from IPSec settings since its not anymore useful.: Ermal Luçi
08:55 PM Bug #4030: AR9227 cards cause kernic panic when switched to n-mode: 108.28 (Sorry for the [super] late reply) Alex Restifo
08:54 PM Revision f07008f5: Fixes #4037: Revert "Do not let the user mess with SAs from this page. The daemon and primary status page handles tat"
This rever... Ermal Luçi
08:39 PM Revision ec5753e7: The net.inet6.ip6.rfc6204w3 needs to be 1 for dhcpv6 to work correctly. Fixes #3361: Ermal Luçi
08:18 PM Revision e550188f: Fix issue of previous commit on adding bridge memebers.: Ermal Luçi
07:36 PM Revision 96fbd43a: DHCP6 might start after bootup: Revert "Gather DNS information and return on bootup"
This reverts commit c2847e0faa781712f6419c8f305c97df66d9d233. Ermal Luçi
06:59 PM Revision 5987261f: Use the same strategy as on CP by putting a file to detect running instances and if older than 90seconds continue otherwise just let the previous one continue.: Ermal Luçi
06:10 PM Bug #4040 (Resolved): gateway monitoring issues with multiple PPPoE with same gateway: With multiple PPPoE connections with the same gateway, the static route for the monitor IP can end up on the wrong in... Chris Buechler
06:04 PM Bug #4039 (Resolved): IPsec does not install anymore LAN SPDs: this is fine with that, no need for it. Chris Buechler
03:20 PM Bug #4039 (Feedback): IPsec does not install anymore LAN SPDs: Applied in changeset commit:2f851abff998778d6e8a120a708fee67368edb45. Ermal Luçi
02:42 AM Bug #4039 (Resolved): IPsec does not install anymore LAN SPDs: On 2.1 branch and before there were SPDs installed by default to bypass LAN ips to go through ipsec.
This could be d... Ermal Luçi
05:47 PM Bug #1047 (Resolved): Disable TSO, hardware checksum don't work for unassigned but active interfaces: fixed Chris Buechler
05:30 AM Bug #1047: Disable TSO, hardware checksum don't work for unassigned but active interfaces: Applied in changeset commit:43517fcc1b616b7443b26247dc59dbd65bde2819. Ermal Luçi
05:13 AM Bug #1047 (Feedback): Disable TSO, hardware checksum don't work for unassigned but active interfaces: Fixed Chris, though lagg still needs reboot to work on my vms and your test setup. Ermal Luçi
04:27 PM Feature #1810 (Resolved): Captive portal - Portal page contents - View current page url is incorrect.: fixed long ago Chris Buechler
03:52 PM Bug #3361: DHCP6 WAN is not obtaining a default gateway: Will leave for feedback until the fix is in snapshots, but a gitsync on two VMs and an APU shows they are all working... Jim Pingle
02:50 PM Bug #3361: DHCP6 WAN is not obtaining a default gateway: Applied in changeset commit:ec5753e7563c31e843a503d17f78487a2d156c78. Ermal Luçi
02:36 PM Bug #3361 (Feedback): DHCP6 WAN is not obtaining a default gateway: Works for me. Ermal Luçi
03:25 PM Bug #4036 (Resolved): Unbound bails with "fatal error: Could not read config file: /unbound.conf": others have confirmed fixed on forum thread Chris Buechler
03:15 PM Bug #2786 (Confirmed): Setting MTU on VLAN does not set MTU on parent interface in 2.2: this has regressed, doesn't work with lagg or physical interfaces Chris Buechler
02:49 PM Bug #2786: Setting MTU on VLAN does not set MTU on parent interface in 2.2: I'm still seeing this issue on the Mon Nov 24 07:19:16 CST 2014 build, even without using LAGG.
Steps to reproduce... Andy Sayler
03:00 PM Bug #4037: delete missing from SAD and SPD screens: Applied in changeset commit:f07008f559059d5f3da9bc702d19a9c8aa7c18f7. Ermal Luçi
02:49 PM Bug #4037 (Feedback): delete missing from SAD and SPD screens: Fixed for SADs SPDs i do not think are necessary. Ermal Luçi
02:25 AM Bug #4037: delete missing from SAD and SPD screens: This was removed by me since everything is managed from the daemon now.
It would cause problems if you try to mangle... Ermal Luçi
02:42 PM Revision c2847e0f: Gather DNS information and return on bootup: Ermal Luçi
02:36 PM Bug #4025 (Feedback): package service starting issues post-package reinstall: Fixes on dynamic interfaces pushed today should have fixed the last issues with this as well. Ermal Luçi
02:23 PM Revision b8d09280: Put the booting signal in globals.inc since it makes all the other scripts detect we are booting. Otherwise separate php instances will not detect that. rc.bootup clears this flag so all should work correctly: Ermal Luçi
02:02 PM Revision 6668e18f: Ignore empty interfaces and ovpn ones on linkup since they should not trigger this script actions: Ermal Luçi
11:22 AM Revision dced0dd0: Be friendly to large interface systems: Ermal Luçi
11:19 AM Revision 43517fcc: Fixes #1047, overhaul handling of flags for hardware offloading and make it work correctly for system_advanced page settings. Lagg is still a special case that needs a reboot.: Ermal Luçi
08:44 AM Revision 0771969b: Fixes #4015. Hide Negotiation mode when in IKEv2 since it is not required.: Ermal Luçi
04:29 AM Revision a8604dc6: Process unbound start from status services: This was missing, so nothing happened when the user tried to start Unbound from Status->Services Phil Davis

11/23/2014

08:49 PM Revision e0dd1fdd: Merge pull request #1346 from SunStroke74/patch-2: Renato Botelho
07:35 PM Revision cfbe7e09: Removing extra closing bracket: SunStroke74
07:00 PM Feature #4038 (Resolved): Button to clear the arp cache: After swapping IP from two embedded devices (WizNet RS485 Gateways) the gateways weren't reachable from an other subn... Grischa Zengel
04:05 PM Bug #3684: Openvpn not routing incomming traffic correct when using tap device: There is no other rules for the openvpn and no flowing rules,
I have tried to update to beta 2.2 and I have the sa... Lars Jensen

11/22/2014

09:34 PM Revision 1ea3b03b: Merge branch 'wagonza': Chris Buechler
09:33 PM Revision 38e91976: Merge branch 'master' of https://github.com/wagonza/pfsense into wagonza: Chris Buechler
07:24 PM Revision e840fc8c: Don't unset these items for PPP configurations as they're not configured here and doing so loses settings configured in interfaces_ppps_edit.php. Ticket #3727: Chris Buechler
07:13 PM Revision 15fbb5ec: Fix ovpn-linkup for tun + topology subnet case setting router as ifconfig_local envvaar when route_vpn_gateway and ifconfig_remote are both not defined. Keep using 5th parameter as a seatbelt in last case. While I'm here, improve sh syntax. It should fix #3968: Renato Botelho
07:03 PM Revision 68ce5a28: phone number is a required field: Chris Buechler
06:57 PM Revision 02a2bffa: add a usleep here to prevent killing twice. Ticket #3894: Chris Buechler
06:42 PM Revision 93ead355: In some circumstances, OpenVPN doesn't exit on SIGTERM. SIGKILL it when that happens. Ticket #3894: Chris Buechler
05:35 PM pfSense Packages Bug #3816 (Resolved): Bump FreeRADIUS to fix libssl version mismatch error: Chris Buechler
05:33 PM pfSense Packages Bug #2536 (Resolved): arpwatch issues: Chris Buechler
05:33 PM pfSense Packages Bug #3711 (Resolved): bind package not starting after update: Chris Buechler
05:32 PM pfSense Packages Bug #3641 (Closed): Freeradius Pfsense 2.1.3: looks like a config problem not a bug. Chris Buechler
05:30 PM pfSense Packages Bug #3093 (Closed): squid3-dev missing libgssapi.so.10: Chris Buechler
05:29 PM pfSense Packages Bug #3986 (Confirmed): BandwidthD can break php-fpm in unknown rare edge case: Chris Buechler
05:27 PM pfSense Packages Bug #3985 (Closed): apcupsd / nut not working in v2.2: Duplicate, #4018 is the cause of this Chris Buechler
05:22 PM pfSense Packages Bug #3892 (Resolved): Critical bash vulnerability CVE-2014-6271: Chris Buechler
05:21 PM pfSense Packages Bug #3994 (Resolved): sudo package not working on 2.2: this was fixed, root PBI problem has a diff ticket Chris Buechler
05:17 PM Feature #2757 (Resolved): CDP/ISDP/LLDP support.: there has been a ladvd package available for a while now. Chris Buechler
05:17 PM Revision e295e7ca: MSS clamping on VPNs is necessary in both directions where it's needed. Rather than requiring setting on both ends, especially since the remote side can be some third party device where MSS clamping may not be available or not work, set in both directions here.: Chris Buechler
04:48 PM Bug #4037 (Resolved): delete missing from SAD and SPD screens: diag_ipsec_sad.php and diag_ipsec_spd.php are both missing the delete buttons they had in 2.1.5 and prior versions. Chris Buechler
04:16 PM Bug #4036 (Feedback): Unbound bails with "fatal error: Could not read config file: /unbound.conf": pretty sure this is fixed after merging Warren's earlier pull request. I found a system where I could reliably replic... Chris Buechler
02:12 PM Bug #4036 (Resolved): Unbound bails with "fatal error: Could not read config file: /unbound.conf": I just upgraded a pretty heavily configured (many OpenVPN tunnels, QoS, 80-100 firewall rules, etc. on a 150/50Mbps c... Chad Monroe
03:04 PM Bug #4028: Wireless Obytes counter always 0: this actually applies to all wifi judging by the FreeBSD PR on the issue.
https://bugs.freebsd.org/bugzilla/show_bu... Chris Buechler
02:56 PM Bug #4028 (Confirmed): Wireless Obytes counter always 0: confirmed. The root of the issue is the Obytes counter on ath0 and ath0_wlanX is always 0. For instance: ... Chris Buechler
01:20 PM Bug #3727 (Resolved): PPP config loses "on-demand" setting when configured via interfaces tab: no change with Ermal's last commit.
My last commit on this ticket resolves this for ondemand and some other items... Chris Buechler
01:20 PM Bug #3968 (Feedback): Incorrect gateway is assumed when using tun + topology subnet: Applied in changeset commit:15fbb5ecf35ac794b4bf357c1cd821a1413cdaa9. Renato Botelho
01:08 PM Bug #3991 (Feedback): /etc MFS on 2.2 Netgate build memstick image runs out of space: Since the fix was pushed, looks better to be moved to feedback state Renato Botelho
12:43 PM Bug #3894 (Resolved): OpenVPN client started multiple times when connecting to FQDN where connectivity to server is delayed: Ermal's change is good, but doesn't help this circumstance. The root cause here is OpenVPN doesn't exit when sent a S... Chris Buechler
11:43 AM Bug #3848: enabling schedule on 2.1.5 causes page fault: I have installed 2.2 beta built on Sat Nov 22 02:14:01 CST 2014 (nano bsd 4g, no vga) and will monitor it. Ernst den Broeder
07:15 AM Revision b7b3f343: fix up text: Chris Buechler
06:52 AM Feature #4035 (Resolved): AutoConfigBackup - selective deletion of automatic and manual backups: The list of 100 backups kept automatically tends to mostly be full of uninteresting stuff, e.g. we add all LAN client... Phillip Davis
06:33 AM pfSense Packages Bug #4034 (Resolved): AutoConfigBackup - user-config-readonly priv still does backup: A user with the priv user-config-readonly cannot change the config. This is handled correctly in write_config().
But... Phillip Davis
06:29 AM pfSense Packages Bug #4033 (Resolved): AutoConfigBackup - Do not overwrite previous backups for this hostname: When doing a manual backup, there is a check box for:
"Do not overwrite previous backups for this hostname"
But wit... Phillip Davis
03:52 AM Revision 7786c9d6: clean up tabs in strongswan.conf: Chris Buechler
03:11 AM Revision 0a69eb7a: touch up text: Chris Buechler
02:10 AM Bug #1681 (Resolved): OpenVPN tun IPs fail HTTP REFERER checks: this seems to be fine, works where it's reasonable to work, can be assigned if desired in other circumstances. Chris Buechler
12:17 AM Bug #3949 (Resolved): Dynamic DNS public IP check always uses default gateway: this was fixed by coincidence when something else got fixed, my systems where this was an issue are now fine. Chris Buechler

11/21/2014

11:17 PM Feature #3916: IPsec status Overview tab no longer an overview: this is a big enough regression in usability to justify being a bug. Chris Buechler
07:26 PM Revision d266dc07: Merge branch 'master' of github.com:wagonza/pfsense: Warren Baker
07:24 PM Revision 0a5a8df9: d DHCPLeases starting before Unbound/DNSMasq and returning a pid not found message. Add missing reload feature: Warren Baker
07:10 PM Revision 5ce68025: d DHCPLeases starting before Unbound/DNSMasq and returning a pid not found message. Add missing reload feature: Warren Baker
06:27 PM Revision 5b506a49: Fix input validation of custom-type dynamic DNS hostnames.: Chris Buechler
05:02 PM Bug #3996 (Confirmed): Solarflare NIC panic with LACP: confirmed the described scenario is an issue, and I can't find that patch's contents anywhere Chris Buechler
04:58 PM Bug #2786 (Resolved): Setting MTU on VLAN does not set MTU on parent interface in 2.2: fixed. lagg works fine here too Chris Buechler
04:57 PM Bug #1047 (Confirmed): Disable TSO, hardware checksum don't work for unassigned but active interfaces: reboot doesn't handle it correctly either. There is a clear test case on 172.27.32.125 with its lagg0 and members igb... Chris Buechler
04:40 PM Bug #4007 (Resolved): "Last activity" in CP status blank: fixed Chris Buechler
02:21 PM Bug #3361: DHCP6 WAN is not obtaining a default gateway: This appears to be tied to having a DHCPv4 WAN configured along side DHCPv6. If I set the WAN of an affected system t... Jim Pingle
01:45 PM Bug #4019 (Resolved): clean 2.2 install doesn't have /usr/local/etc/rc.d/ directory: fixed Chris Buechler
01:37 PM Revision 7525f05d: Fix misspelling: Jim Pingle
01:34 PM Bug #4025 (Confirmed): package service starting issues post-package reinstall: still an issue here Chris Buechler
12:22 PM Revision d274a75b: Fix syntax: Renato Botelho
11:10 AM Revision 64cda11e: Actually an interface is detstroyed here no need for this merge!: Revert "Merge e3cffd6cefc - Properly remove IPv6 carp vips as reported from https://forum.pfsense.org/index.php?topic... Ermal Luçi
11:10 AM Revision e5e16cfc: Merge e3cffd6cefc - Properly remove IPv6 carp vips as reported from https://forum.pfsense.org/index.php?topic=84392.0: Ermal Luçi
10:59 AM pfSense Packages Bug #4032 (Rejected): squid3-dev 3.3.11_1 pkg 2.2.8 doesn't work OOB: duplicate of #4018 Chris Buechler
04:03 AM pfSense Packages Bug #4032 (Rejected): squid3-dev 3.3.11_1 pkg 2.2.8 doesn't work OOB: 1. Install pfSense latest snapshot;
2. Install squid3-dev package;
System logs will be bloated with:
Nov 21 12:5... Dmitriy K
10:20 AM Revision e3cffd6c: Properly remove IPv6 carp vips as reported from https://forum.pfsense.org/index.php?topic=84392.0: Ermal Luçi
05:28 AM pfSense Packages Bug #4017 (Rejected): postfix package looking for /usr/local on pfsense 2.2: Will track all those issues in #4018 Renato Botelho
05:27 AM Bug #4018 (Assigned): several packages not looking in pbi dir for files: Note that postfix is one of the affected packages, will close #4017 and keep the issue here. Renato Botelho

Also available in: Atom

Project

General

Profile

pfSense

Activity

Activity

12/20/2014

12/19/2014

12/18/2014

12/17/2014

12/16/2014

12/15/2014

12/14/2014

12/13/2014

12/12/2014

12/11/2014

12/10/2014

12/09/2014

12/08/2014

12/07/2014

12/05/2014

12/04/2014

12/03/2014

12/02/2014

12/01/2014

11/30/2014

11/29/2014

11/28/2014

11/27/2014

11/26/2014

11/25/2014

11/24/2014

11/23/2014

11/22/2014

11/21/2014