Project

General

Profile

Activity

From 11/29/2014 to 12/28/2014

12/28/2014

05:51 AM Bug #4155: ntpd crashes on 32 bit with dynamic WAN reconnections and OpenVPN client configured
Phillip Davis wrote:
> It happens after some WAN event that has potential IP change, and the OpenVPN clients are res... Kill Bill
05:38 AM Bug #4155: ntpd crashes on 32 bit with dynamic WAN reconnections and OpenVPN client configured
It happens after some WAN event that has potential IP change, and the OpenVPN clients are restarted. About 20 seconds... Phillip Davis
05:29 AM Bug #4155: ntpd crashes on 32 bit with dynamic WAN reconnections and OpenVPN client configured
i have a stable internet connection on the alix and i just noticed the same behaviour Bipin Chandra
05:21 AM Bug #4155: ntpd crashes on 32 bit with dynamic WAN reconnections and OpenVPN client configured
Phillip Davis wrote:
> The 2 APUs I have do not have any ntpd exited messages. That could be because the 64-bit ntpd... Kill Bill
05:15 AM Bug #4155: ntpd crashes on 32 bit with dynamic WAN reconnections and OpenVPN client configured
My Alix boxes do it also. Here is an example:
@$ clog /var/log/system.log | grep signal
Dec 24 13:16:36 skt-rt-01 k... Phillip Davis
04:05 AM Bug #4155 (Resolved): ntpd crashes on 32 bit with dynamic WAN reconnections and OpenVPN client configured
Seeing this on tons of Alix boxes. (Frankly had to install Service Watchdog package to keep ntpd running, it crashes ... Kill Bill
04:53 AM Bug #4151: Main page for this section link in services_unbound_host_edit.php is linked to services_dnsmasq.php
Same changes now in https://github.com/pfsense/pfsense/pull/1405
That pull request is a single commit - easier to ma... Phillip Davis
04:52 AM Bug #4152: Main page for this section link in services_unbound_domainoverride_edit.php is linked to services_dnsmasq.php
Same changes now in https://github.com/pfsense/pfsense/pull/1405
That pull request is a single commit - easier to ma... Phillip Davis
01:44 AM Bug #4146: OpenVPN tap interfaces are down after boot
Same issue for openvpn tap clients! everything is UP and RUNNING but iface is DOWN. Dmitriy K

12/27/2014

09:48 PM Bug #4151 (Confirmed): Main page for this section link in services_unbound_host_edit.php is linked to services_dnsmasq.php
Chris Buechler
12:39 PM Bug #4151: Main page for this section link in services_unbound_host_edit.php is linked to services_dnsmasq.php
And more things I noticed - the Unbound Advanced and ACLs tabs do not display the shortcuts at all. The Resolver logs... Phillip Davis
09:48 PM Bug #4152 (Confirmed): Main page for this section link in services_unbound_domainoverride_edit.php is linked to services_dnsmasq.php
Chris Buechler
12:40 PM Bug #4152: Main page for this section link in services_unbound_domainoverride_edit.php is linked to services_dnsmasq.php
Same set of fixes for this one also
https://github.com/pfsense/pfsense/pull/1404 Phillip Davis
09:45 PM Bug #4150 (Feedback): Captive Portal doesn't work with > 120 VLAN interfaces
will need more details, likely this isn't 2.2-specific if there is any actual problem here. Chris Buechler
01:05 PM Bug #4150: Captive Portal doesn't work with > 120 VLAN interfaces
There really is nothing to prevent this from working.
Though i am sure you would get better solution for this if you... Ermal Luçi
09:42 PM Bug #4153 (Rejected): Can't remove shaper or queue in IE11
duplicate of #1957 Chris Buechler
04:36 AM Bug #4153 (Rejected): Can't remove shaper or queue in IE11
Browser: IE11;
Removing shaper:
1. Configure shaper via "Dedicated Links" wizard;
2. Go to "By interface" tab an... Dmitriy K
05:32 PM Feature #4154: Support for RADIUS authentication over IPv6
FYI- This was the same on pfSense 2.1. It doesn't send out IPv6 RADIUS requests either. So at least it's not a regres... Jim Pingle
01:06 PM Feature #4154: Support for RADIUS authentication over IPv6
Ermal Luçi wrote:
> Hence the issue, i think this should be pushed post 2.2 to really be fixed.
Well, whatever is... Kill Bill
12:58 PM Feature #4154: Support for RADIUS authentication over IPv6
libradius is v4 only for now.
Hence the issue, i think this should be pushed post 2.2 to really be fixed. Ermal Luçi
11:46 AM Feature #4154: Support for RADIUS authentication over IPv6
Yep, it just seems to vanish somewhere. :) I deleted the client on the Windows server, and nothing logged. normally, ... Kill Bill
11:26 AM Feature #4154 (Confirmed): Support for RADIUS authentication over IPv6
Just tried this and I'm seeing the same thing against FreeRADIUS2. The IPv6 RADIUS request never leaves the client ho... Jim Pingle
08:25 AM Feature #4154 (Resolved): Support for RADIUS authentication over IPv6
Following https://doc.pfsense.org/index.php/OpenVPN_with_RADIUS_via_Active_Directory - this does not work if the RADI... Kill Bill
02:50 PM Bug #4134 (Resolved): Email notifications configuration migration to 2.2 broken (STARTTLS)
Renato Botelho
02:05 PM Bug #4134: Email notifications configuration migration to 2.2 broken (STARTTLS)
Works, thanks. Kill Bill
12:56 PM Bug #4141: captive-portal on opt1 interface affects traffic going through other interfaces
This will really be fixed when the carp interface link is made a strong one rather than the weak one that is today.
... Ermal Luçi
11:08 AM Bug #4090: unbound advanced settings cause broken unbound.conf file
Chris has put a little different - Vick's example does not have the double-quotes on the last 2 lines.
In any case, ... Phillip Davis
08:14 AM Bug #4149: Register DHCP leases in DNS forwarder broken
Well, I'm sure it's an issue in 2.1.5, as I am observing it. I haven't tested 2.2 (as far as I can tell 2.1.5 is the ... Anonymous
01:35 AM Bug #4146: OpenVPN tap interfaces are down after boot
All instances are tap. Dmitriy K

12/26/2014

06:51 PM Bug #4152 (Resolved): Main page for this section link in services_unbound_domainoverride_edit.php is linked to services_dnsmasq.php
Services: DNS Resolver: Edit Domain Override (services_unbound_domainoverride_edit.php)
Main page for this section... Herman Johnson
06:49 PM Bug #4151 (Resolved): Main page for this section link in services_unbound_host_edit.php is linked to services_dnsmasq.php
Services: DNS Resolver: Edit host (services_unbound_host_edit.php)
Main page for this section [+] link at the top ... Herman Johnson
05:28 PM Bug #4150 (Resolved): Captive Portal doesn't work with > 120 VLAN interfaces
Captive portal is not authenticating users (just letting everyone on) when a zone is attached to more than 120 VLAN i... Ethan Hayon
05:17 PM Bug #4139: IPsec status widget broken
thanks for the feedback. I'm not 100% confident yet, will leave this open til early next week while I'm doing further... Chris Buechler
05:12 PM Bug #4139: IPsec status widget broken
All good here, finally ;) Kill Bill
01:12 PM Bug #4139: IPsec status widget broken
It seems all the problem circumstances here are fine now. A spot check of a handful of test systems where several iss... Chris Buechler
03:45 AM Bug #4139: IPsec status widget broken
Phillip Davis wrote:
> The description went missing in https://github.com/pfsense/pfsense/commit/bd0bb466f073c50a443... Kill Bill
03:38 AM Bug #4139: IPsec status widget broken
The description went missing in https://github.com/pfsense/pfsense/commit/bd0bb466f073c50a443c09096e89acf0abf8fdaa
I... Phillip Davis
05:04 PM Bug #4149 (Rejected): Register DHCP leases in DNS forwarder broken
not sure if that's an issue in 2.1.5 (maybe in some edge case, but there would be much more of an uproar than 2 peopl... Chris Buechler
04:57 PM Bug #4149 (Rejected): Register DHCP leases in DNS forwarder broken
On 2.1.5, the DHCP registration option in DNS Forwarding is broken. When a new machine is granted a DHCP lease, the f... Anonymous
04:51 PM Bug #4146: OpenVPN tap interfaces are down after boot
It appears it's more than just after boot, tap interfaces seem to always end up missing "UP". Will attempt to further... Chris Buechler
02:47 PM Bug #4146: OpenVPN tap interfaces are down after boot
corrected specific issue Chris Buechler
01:36 PM Bug #4146 (Confirmed): OpenVPN tap interfaces are down after boot
updated subject to actual issue Chris Buechler
04:50 PM Bug #4130 (Resolved): Status: Dashboard - index.php: XML error: no leases object found! (IPsec Widget)
fixed Chris Buechler
04:49 PM Bug #4138 (Resolved): Status - IPsec: Description missing on connected tunnels
fixed Chris Buechler
04:47 PM Bug #4116 (Confirmed): IP Alias VIPs using CARP VIP as their interface are not properly deactivated for temporary CARP disable
confirmed current status as Jim described. Temporary is fine. Maintenance mode gets stuck at advskew 254 only on inte... Chris Buechler
04:39 PM Bug #4141 (Closed): captive-portal on opt1 interface affects traffic going through other interfaces
Thanks for diagnosis PiBa. #4148 has root cause Chris Buechler
04:39 PM Bug #4148 (Resolved): gen_subnet returns incorrect result for IPv6
There is a pull request to fix this:
https://github.com/pfsense/pfsense/pull/958
#4141 shows one instance where ... Chris Buechler
04:31 PM Bug #4119 (Resolved): Disable DHCP server when interface is disabled / DHCP relay is checking for disabled interfaces
fixed Chris Buechler
04:25 PM Bug #4090: unbound advanced settings cause broken unbound.conf file
I can paste in exactly what you have above: ... Chris Buechler
04:19 PM Bug #4117: Using run(4) USB WLAN in hostap mode crashes in FreeBSD 10.x
it's crashing in run and we include 100% stock run(4) and don't patch anything related to wifi, there is more of a di... Chris Buechler
03:58 PM Bug #4145 (Rejected): Interfaces widget - interface details missing
doing something to ensure browsers don't excessively cache js and css is something we've discussed internally, but ha... Chris Buechler
10:01 AM Bug #4145: Interfaces widget - interface details missing
To fix various widget behavior, I keep making minor changes to the way some of the backround update data is passed ar... Phillip Davis
03:33 PM Bug #4142 (Confirmed): certificate manager certificates that are in use by packages can be deleted
Chris Buechler
02:32 PM Bug #4076 (Resolved): DNS Forwarder options do not unset during CARP sync
fixed Chris Buechler
08:30 AM Bug #4076: DNS Forwarder options do not unset during CARP sync
Applied in changeset commit:4469379c20d22b6c80bb7c47219e2fa2895c89a1. Renato Botelho
08:30 AM Bug #4076 (Feedback): DNS Forwarder options do not unset during CARP sync
Applied in changeset commit:f29fd4d08d910d6a10e294c555c052ae6a69c2b4. Renato Botelho
01:08 PM Bug #4124 (Resolved): Alias FQDNs don't permit trailing period
all seems fine here Chris Buechler
01:07 PM Bug #4143 (Confirmed): After firmware upgrade it keeps saying "Packages are currently being reinstalled in the background." for no apparent reason.
there have always been some circumstances with some packages where that happens. additional comment on the pull reque... Chris Buechler
01:00 PM Bug #4131 (Resolved): CP RADIUS accounting not working
fixed Chris Buechler
12:55 PM Bug #4127 (Resolved): CP per-user bandwidth restriction applied when disabled
fixed Chris Buechler
12:13 PM Bug #3358: new version of <include_file> is not required during reinstall_all
Not having this install_package called from the new updated file could cause some packages to 'break', because of bei... Pi Ba
12:08 PM pfSense Packages Bug #4144 (Resolved): Current GUI doesn't allow you to select multiple logging severity options
Chris Buechler
11:30 AM pfSense Packages Bug #4144 (Feedback): Current GUI doesn't allow you to select multiple logging severity options
Applied in changeset commit:05a05c59ca10b62bdba34178e25e28fa55be12fc. Renato Botelho
11:09 AM Bug #4135 (Rejected): package update code does not run new update code from +packagename+.inc file when upgrading a package.
Duplicate of #3358 Renato Botelho
09:23 AM Bug #4147 (Resolved): IPsec - IPv4 Phase 1 using FQDN resolves to IPv6 IP
When you define an IPv4 tunnel using FQDN as Remote gateway, this resolves to AAAA record (if any) and subsequently o... Kill Bill
09:20 AM Bug #4140: Password protect console menu setting not preserved on upgrade
Applied in changeset commit:02e4ee541ba8af0992c6cd3acd468d731369b287. Renato Botelho
09:20 AM Bug #4140 (Feedback): Password protect console menu setting not preserved on upgrade
Applied in changeset commit:c07cd2ce79f56c96c886db818cb36651b5a334be. Renato Botelho

12/25/2014

04:34 PM Bug #4129: IPsec connections with multiple P2s use only first SA
Tested, works ok for my tunnels. Thanks. Pi Ba
04:04 PM Bug #4145: Interfaces widget - interface details missing
Sorry, this is not a widget issue. Another browser caching problem in action. Guys, would it be possible to produce a... Kill Bill
10:22 AM Bug #4145 (Rejected): Interfaces widget - interface details missing
After the latest batch of patches, as soon as CPU usage bar stops refreshing, the interface details (speed, duplex, m... Kill Bill
12:02 PM Bug #4146 (Resolved): OpenVPN tap interfaces are down after boot
Setup:
1. Latest snapshot
2. 2 ovpn servers on parent WAN (PPPoE);
3. 1 ovpn server on LAN;
After reboot:
1. A... Dmitriy K
11:06 AM Bug #4139: IPsec status widget broken
Still missing the description here...
!http://i57.tinypic.com/1q60oz.png!
 Kill Bill
06:25 AM pfSense Packages Bug #4144 (Resolved): Current GUI doesn't allow you to select multiple logging severity options
Even GUI says "use CTRL+click to select/unselect." you cant do that because a combobox is used instead of listbox so ... Dmitriy K

12/24/2014

07:40 PM Bug #4143 (Resolved): After firmware upgrade it keeps saying "Packages are currently being reinstalled in the background." for no apparent reason.
After firmware upgrade it keeps saying "Packages are currently being reinstalled in the background." for no apparent ... Pi Ba
04:57 PM Bug #4142 (Resolved): certificate manager certificates that are in use by packages can be deleted
certificatemanager, certificates that are in use can be deleted
When a certificate is in use by a OpenVPN server i... Pi Ba
04:44 PM Bug #4141: captive-portal on opt1 interface affects traffic going through other interfaces
When gen_subnet is fixed (for example by pulling [https://github.com/pfsense/pfsense/pull/958] ), ip_in_subnet(11.22... Pi Ba
12:59 PM Bug #4141: captive-portal on opt1 interface affects traffic going through other interfaces
Ok found the cause of the issue.
I have a ipv6 carp-ip "abcd::1234/64" defined on my wan interface. (its a test box.... Pi Ba
12:12 PM Bug #4141: captive-portal on opt1 interface affects traffic going through other interfaces
Seems then that interface is wrongly added to the ipfw context.... Pi Ba
11:57 AM Bug #4141: captive-portal on opt1 interface affects traffic going through other interfaces
Can you show me an ipfw zone list when this happens? Ermal Luçi
04:00 PM pfSense Packages Bug #4118 (Resolved): NUT fails to start in pfSense 2.2
Renato Botelho
03:55 PM pfSense Packages Bug #4118: NUT fails to start in pfSense 2.2
Fix confirmed. Many thanks! Denny Page
07:34 AM pfSense Packages Bug #4118: NUT fails to start in pfSense 2.2
Thanks, works now. Merry Christmas! :-) Kill Bill
05:20 AM pfSense Packages Bug #4118 (Feedback): NUT fails to start in pfSense 2.2
Applied in changeset commit:63881e2114fc597d2f940d630d902c4801b6b9e0. Renato Botelho
02:00 AM pfSense Packages Bug #4118: NUT fails to start in pfSense 2.2
Keepalive Xmas ping. ;) This is incredibly annoying on snapshot upgrades, causing *very* slow boot. https://forum.pfs... Kill Bill
12:20 PM Bug #4131: CP RADIUS accounting not working
Applied in changeset commit:b9276845369b186dd1226a20b7402b2e61b31faf. Ermal Luçi
12:20 PM Bug #4131: CP RADIUS accounting not working
Applied in changeset commit:553803f445185da2ac08baa7c034fada8032c3bd. Ermal Luçi
12:08 PM Bug #4131 (Feedback): CP RADIUS accounting not working
Ermal Luçi
12:00 PM Bug #4130: Status: Dashboard - index.php: XML error: no leases object found! (IPsec Widget)
Applied in changeset commit:046d253a34d74c794d7ed44b241c79a01fe86b20. Ermal Luçi
12:00 PM Bug #4130: Status: Dashboard - index.php: XML error: no leases object found! (IPsec Widget)
Applied in changeset commit:35d17581b1bd21dfc325c2a59174bd3beb416a27. Ermal Luçi
11:53 AM Bug #4130 (Feedback): Status: Dashboard - index.php: XML error: no leases object found! (IPsec Widget)
Fixed. Ermal Luçi
11:48 AM Bug #4130: Status: Dashboard - index.php: XML error: no leases object found! (IPsec Widget)
Normally an ipsec stroke leases creates an empty file with only main leases tag inside! Ermal Luçi
11:42 AM Bug #4138 (Feedback): Status - IPsec: Description missing on connected tunnels
Fixed on latest code. Ermal Luçi
11:35 AM Bug #4139 (Feedback): IPsec status widget broken
Widgets works properly now for all states. Ermal Luçi
10:33 AM Bug #4090: unbound advanced settings cause broken unbound.conf file
I'm using the 20141224-0520 upgrade image. Vick Khera
10:32 AM Bug #4090: unbound advanced settings cause broken unbound.conf file
No, this did not fix the problem.
I did some experimentation and discovered that if I enter the above configuratio... Vick Khera
09:03 AM Bug #4117: Using run(4) USB WLAN in hostap mode crashes in FreeBSD 10.x
I am not able to reproduce this crash on FreeBSD 10.1.
Using the FreeBSD kernel on the pfSense installation works ... Andreas Mueller

12/23/2014

06:20 PM Bug #4141 (Closed): captive-portal on opt1 interface affects traffic going through other interfaces
captive-portal on opt1 interface affects traffic going through other interfaces.
ive got a pfSense box with 3 inte... Pi Ba
01:18 PM Bug #4117 (Rejected): Using run(4) USB WLAN in hostap mode crashes in FreeBSD 10.x
please replicate on stock FreeBSD 10.1 and report upstream, that's a driver issue outside of our control. Chris Buechler
01:13 PM Bug #4140: Password protect console menu setting not preserved on upgrade
setup_serial_port() is called by /tmp/post_upgrade_command.php and should reconfigure serial port before reboot the n... Renato Botelho
01:01 PM Bug #4124 (Feedback): Alias FQDNs don't permit trailing period
pull request merged. seems fine, leaving for now for further testing. Chris Buechler
12:32 PM Bug #4139: IPsec status widget broken
+ description missing on the tunnels tab Kill Bill
10:57 AM Bug #4126 (Resolved): some PSKs incorrect in ipsec.secrets
Ermal confirmed this looks fine. Chris Buechler

12/22/2014

11:18 PM Bug #4140: Password protect console menu setting not preserved on upgrade
setup_serial_port() does a bunch of other things related to loader.conf stuff also, so there might be other side-effe... Phillip Davis
11:14 PM Bug #4140 (Resolved): Password protect console menu setting not preserved on upgrade
1) Select "Password protect the console menu" from System->Advanced, Admin and press Save. The console now prompts fo... Phillip Davis
10:07 PM Bug #4138: Status - IPsec: Description missing on connected tunnels
Yeah, confirmed it seems to happen that way on all IKEv1.
Both v1 and v2 have the description disappear when it's... Chris Buechler
07:33 PM Bug #4138: Status - IPsec: Description missing on connected tunnels
Yes, IKEv1. Tried IKEv2 and the description is flaky as well as you describe. Kill Bill
06:08 PM Bug #4138: Status - IPsec: Description missing on connected tunnels
also here: https://forum.pfsense.org/index.php?topic=85752.0 Chris Buechler
05:59 PM Bug #4138 (Confirmed): Status - IPsec: Description missing on connected tunnels
are those IKEv1 connections? Seems to be limited to IKEv1 for the problem as described.
With IKEv2 there is a simil... Chris Buechler
02:44 PM Bug #4138 (Resolved): Status - IPsec: Description missing on connected tunnels
This is broken even with commit 17ad9cb8 applied. Kill Bill
09:33 PM Bug #4064 (Feedback): improper handling of DNS servers by rtsold
Warren's pull request from earlier should fix this, to me for testing. Chris Buechler
06:01 PM Bug #4137 (Closed): IPSec widget - Invalid argument supplied for foreach() in /usr/local/www/widgets/widgets/ipsec.widget.php on line 89
multiple issues there, covered in #4139 Chris Buechler
01:18 PM Bug #4137 (Closed): IPSec widget - Invalid argument supplied for foreach() in /usr/local/www/widgets/widgets/ipsec.widget.php on line 89
As per subject. This is on a fully gitsynced box with Dec 22 10:10:37 CST 2014 snapshot. Kill Bill
05:59 PM Bug #3886 (Resolved): (TurkishLanguage) After the firewall rule for example (lan rule) does not come "Apply Button"
Chris Buechler
05:58 PM Bug #4139 (Resolved): IPsec status widget broken
Multiple issues since changes earlier today.
1) "Warning: Invalid argument supplied for foreach() in /usr/local/w... Chris Buechler
02:59 PM pfSense Packages Bug #4059 (Confirmed): library required by squid3 may be absent
Chris Buechler
01:24 PM Feature #4083: Replace GET by POST
This is a change that needs to be done globally, replace this ticket to a more general description to keep track of i... Renato Botelho
12:39 PM Feature #4136 (Rejected): Change the default ntp client/server to OpenNTPD
We tried using OpenNTPD. It was buggy and lacked features we needed. Not likely to switch back and regress.
There ... Jim Pingle
12:34 PM Feature #4136 (Rejected): Change the default ntp client/server to OpenNTPD
During the last years, a lot of security bugs have been found in the NTP code. My proposal is to change the default N... Juan Francisco Cantero Hurtado
11:36 AM Bug #4132 (Resolved): Captive Portal - Portal page contents - confusing instructions (gettext issue)
Cool. Thanks!! Renato Botelho
11:25 AM Bug #4132: Captive Portal - Portal page contents - confusing instructions (gettext issue)
All good now :) Kill Bill
10:48 AM Bug #4132: Captive Portal - Portal page contents - confusing instructions (gettext issue)
Good catch, thanks! Renato Botelho
10:26 AM Bug #4132: Captive Portal - Portal page contents - confusing instructions (gettext issue)
Thanks, though this is still incosistent - $PORTAL_ACTION/$PORTAL_REDIRURL vs. $PORTAL_ACTION$/$PORTAL_REDIRURL$ (not... Kill Bill
06:20 AM Bug #4132: Captive Portal - Portal page contents - confusing instructions (gettext issue)
Applied in changeset commit:22a7fef8b7ff2fc4f9c13b6a248912c1cf8e345b. Renato Botelho
06:20 AM Bug #4132 (Feedback): Captive Portal - Portal page contents - confusing instructions (gettext issue)
Applied in changeset commit:7fd7c5a5454b8b59467016b62333818e585f9187. Renato Botelho
11:20 AM Bug #4134: Email notifications configuration migration to 2.2 broken (STARTTLS)
Applied in changeset commit:792dbafd7b83e40e5bb9383294e2abb2b2ad083c. Renato Botelho
11:20 AM Bug #4134 (Feedback): Email notifications configuration migration to 2.2 broken (STARTTLS)
Applied in changeset commit:ccf30846e7b7651da65ab0b5f44e77c70ba8c0d9. Renato Botelho
10:52 AM Bug #4129 (Feedback): IPsec connections with multiple P2s use only first SA
Changes have been committed to generate single connections for each phase2 and confirmed by https://forum.pfsense.org... Ermal Luçi
08:03 AM Bug #4135 (Rejected): package update code does not run new update code from +packagename+.inc file when upgrading a package.
package update code does not run new update code from +packagename+.inc file when upgrading a package.
For example... Pi Ba
07:09 AM Feature #4133: Add GUI setting for VLANs PCP
Target to 2.2.1 for future review, 2.2 is now in RC state Renato Botelho
05:20 AM Bug #4127: CP per-user bandwidth restriction applied when disabled
Applied in changeset commit:b57ea0b75a722f86ba01f72393950ac49610b9b2. Ermal Luçi
05:20 AM Bug #4127: CP per-user bandwidth restriction applied when disabled
Applied in changeset commit:1eff6ee0a2b98b4e571e7cb4dd6fc285605f6307. Ermal Luçi
05:20 AM Bug #4127 (Feedback): CP per-user bandwidth restriction applied when disabled
Applied in changeset commit:ce90c89a308f6d3ceaf9193a570eb10911903f87. Ermal Luçi

12/20/2014

05:53 PM Bug #4129: IPsec connections with multiple P2s use only first SA
In my test above i created complete separate conn sections in the config file, it seems possible to not repeat all in... Pi Ba
05:16 PM Bug #4129: IPsec connections with multiple P2s use only first SA
I've been checking this a bit more, and did see that with the current way it does work properly for a tunnel that use... Pi Ba
04:57 PM Bug #4134 (Resolved): Email notifications configuration migration to 2.2 broken (STARTTLS)
2.1.x config snippet:... Kill Bill
08:34 AM Feature #4133 (Resolved): Add GUI setting for VLANs PCP
Add support for optionally setting VLANs priority (PCP) through the GUI, saved as part of the xml configuration.
S... Clement Barnier

12/19/2014

09:33 PM Bug #4132 (Resolved): Captive Portal - Portal page contents - confusing instructions (gettext issue)
Make sure to include a form (POST to "") with a submit button (name="accept") and a hidden field with name="redirurl"... Kill Bill
08:56 PM Bug #4125 (Resolved): Captive Portal - Portal page contents - View current page has a broken link
Thanks for the feedback. I confirmed on another system as well. Chris Buechler
08:50 PM Bug #4125: Captive Portal - Portal page contents - View current page has a broken link
Works for me ;) Kill Bill
07:51 PM Bug #4125 (Feedback): Captive Portal - Portal page contents - View current page has a broken link
should be fixed, leaving for further testing. Chris Buechler
06:54 PM Bug #4131 (Resolved): CP RADIUS accounting not working
Captive portal RADIUS accounting sends only 0 for Acct-Input and Output Packets, Octets, and Gigawords. Chris Buechler
05:52 PM Bug #4129: IPsec connections with multiple P2s use only first SA
To add a little info/reference here from report: #4112, with StrongSwan i was able to make it work in my situation by... Pi Ba
12:50 AM Bug #4129: IPsec connections with multiple P2s use only first SA
probably the best next step, after discussion with Jim T earlier, is to try ipsec-tools on 2.2 and see if the issue p... Chris Buechler
12:41 AM Bug #4129 (Resolved): IPsec connections with multiple P2s use only first SA
Where you have multiple P2s on a P1, only the first is actually used. The SPD and SAD are correct in setkey's output,... Chris Buechler
05:29 PM Bug #4110 (Resolved): interface-group is not set properly on the openvpn interfaces after reboot
fixed Chris Buechler
05:00 PM Bug #4090 (Resolved): unbound advanced settings cause broken unbound.conf file
Chris Buechler
05:05 AM Bug #4090: unbound advanced settings cause broken unbound.conf file
Ah ok, please try to update to a more recent snapshot, it should be fixed now. Seems to be same issue of #4104 Renato Botelho
04:59 PM Bug #4067 (Resolved): Unbound configuration does not get synchronized to the secondary members of a cluster install
works Chris Buechler
04:56 PM Bug #4112 (Closed): ipsec, strongswan (sometimes) needs a 'conn' section with a unique reqid for each phase2
source of issue is #4129 Chris Buechler
04:53 PM Bug #4076: DNS Forwarder options do not unset during CARP sync
though if you enable unbound, then dnsmasq is unset on the secondary. Doesn't happen just by disabling dnsmasq, that ... Chris Buechler
04:50 PM Bug #4076: DNS Forwarder options do not unset during CARP sync
confirmed as described Chris Buechler
04:52 PM Bug #4099 (Resolved): IP aliases on localhost not config syncing across
fixed Chris Buechler
04:37 PM Bug #4021: Unbound doesn't handle v6 link local correctly
worked around this issue for the time being. Chris Buechler
04:36 PM Bug #3389 (Resolved): GUI allows to configure ICMPv4 types for ICMPv6 firewall rules
fixed Chris Buechler
04:32 PM Bug #4062: pfSense_getall_interface_addresses truncates v6 link local IPs
only thing I'm aware of that was broken by this was unbound, and that was worked around within unbound, so yeah pushi... Chris Buechler
02:28 PM pfSense Packages Bug #4087: Rule reload doesn't update FQDN entries in pf tables
there is no bug here, that's why. Chris Buechler
02:00 PM pfSense Packages Bug #4087: Rule reload doesn't update FQDN entries in pf tables
If you say so. Usually finding a workaround to a bug while the bug is being fixed is part of dealing with the bug. Volker Kuhlmann
12:10 PM pfSense Packages Bug #4087: Rule reload doesn't update FQDN entries in pf tables
this isn't a place for such discussions, please post to the forum or list. Chris Buechler
10:17 AM Bug #4130 (Confirmed): Status: Dashboard - index.php: XML error: no leases object found! (IPsec Widget)
Confirmed it here. Adding the IPsec widget it starts logging it in the main system log. It may only happen when there... Jim Pingle
10:12 AM Bug #4130: Status: Dashboard - index.php: XML error: no leases object found! (IPsec Widget)
Yes, removing that widget works. (Was kinda planning on removing that for now anyway, seems in quite a messy state wi... Kill Bill
09:52 AM Bug #4130: Status: Dashboard - index.php: XML error: no leases object found! (IPsec Widget)
If you turn off the IPsec widget, does the error stop?
Do you have mobile IPsec enabled?
It's the only thing I ca... Jim Pingle
08:34 AM Bug #4130: Status: Dashboard - index.php: XML error: no leases object found! (IPsec Widget)
... Kill Bill
06:33 AM Bug #4130: Status: Dashboard - index.php: XML error: no leases object found! (IPsec Widget)
And which dashboard widgets are enabled? Jim Pingle
05:18 AM Bug #4130: Status: Dashboard - index.php: XML error: no leases object found! (IPsec Widget)
Phillip Davis wrote:
> Sounds like a problem in your /cf/conf/config.xml
> That should start with:
> <?xml version... Kill Bill
04:19 AM Bug #4130: Status: Dashboard - index.php: XML error: no leases object found! (IPsec Widget)
I do not see that on my 2.2 boxes.
Sounds like a problem in your /cf/conf/config.xml
That should start with:
<?x... Phillip Davis
03:15 AM Bug #4130 (Resolved): Status: Dashboard - index.php: XML error: no leases object found! (IPsec Widget)
Whenever I go to the index.php page, it produces the a system log entry like this:... Kill Bill
08:35 AM pfSense Packages Bug #4118: NUT fails to start in pfSense 2.2
Diff works. ;) Kill Bill
05:31 AM pfSense Packages Bug #4118: NUT fails to start in pfSense 2.2
Here's the diff if anyone wants it:... Denny Page
05:04 AM Bug #4104 (Resolved): unbound package configuration migration to 2.2 broken
Renato Botelho

12/18/2014

11:29 PM Feature #4128 (New): Email notification webgui configuration
Please consider implementing in the webgui a tab to configure what type of email we want to be send by services.
A... Lex lex
07:17 PM Bug #4127 (Resolved): CP per-user bandwidth restriction applied when disabled
If you have values entered for CP's per-user bandwidth restriction in 2.2, but don't have the box checked to enable i... Chris Buechler
06:16 PM Bug #4126 (Feedback): some PSKs incorrect in ipsec.secrets
what I committed makes it work the same as it does on 2.1.5. To Ermal for review, to verify that's correct. Chris Buechler
06:12 PM Bug #4126 (Resolved): some PSKs incorrect in ipsec.secrets
PSKs from the user manager and vpn_ipsec_keys.php are written to ipsec.secrets without a leading $myid, which makes t... Chris Buechler
05:28 PM Bug #4110: interface-group is not set properly on the openvpn interfaces after reboot
With a short test this seems to be fixed now, thanks. Pi Ba
04:20 AM Bug #4110: interface-group is not set properly on the openvpn interfaces after reboot
Applied in changeset commit:02f65ece135c962b34548f2ec8ed9ed38ba22211. Renato Botelho
04:20 AM Bug #4110 (Feedback): interface-group is not set properly on the openvpn interfaces after reboot
Applied in changeset commit:da4f91a9207cc5b958adbca75415266700b4b8c6. Renato Botelho
05:26 PM Bug #4104: unbound package configuration migration to 2.2 broken
Fixed. (Same issue like the more generic Bug #4090 I guess.) Kill Bill
04:50 PM Bug #4125 (Resolved): Captive Portal - Portal page contents - View current page has a broken link
It links to http://fqdn:<zoneid>, e.g. http://pfsense.example.com:2 Kill Bill
02:32 PM Bug #4090: unbound advanced settings cause broken unbound.conf file
I guess I was unclear. It was a vanilla 2.1.5 system I upgraded to 2.2-RC for testing. Vick Khera
09:36 AM Bug #4090: unbound advanced settings cause broken unbound.conf file
Vick Khera wrote:
> No, it was a vanilla 2.1.5 system in a vm. I use it for testing things, then revert the image to... Renato Botelho
09:07 AM Bug #4090: unbound advanced settings cause broken unbound.conf file
No, it was a vanilla 2.1.5 system in a vm. I use it for testing things, then revert the image to the base system with... Vick Khera
08:37 AM Bug #4090: unbound advanced settings cause broken unbound.conf file
Did you upgrade this system from 2.1.x with unbound package installed? The upgrade code had an issue, it was using ; ... Renato Botelho
06:46 AM Bug #4090: unbound advanced settings cause broken unbound.conf file
Here it is. I also notice there is no config download option for unbound, just the dns forwarder. In any case, I cut ... Vick Khera
05:45 AM Bug #4090 (Feedback): unbound advanced settings cause broken unbound.conf file
I couldn't reproduce it, unbound.conf ended with lines exactly the same I added to textarea. Could you please share t... Renato Botelho
09:14 AM Feature #3633: OpenVPN client's "Client Certificate" should be optional
RE: no cert vs no CA.
The cryptostorm.is service does supply a CA certificate which I imported to the pfSense cert ... Marcus Brown
09:11 AM Feature #3633: OpenVPN client's "Client Certificate" should be optional
I tested the patch.
It does indeed work for the username only AND password only use case.
I pasted my key into th... Marcus Brown
05:02 AM Bug #4124: Alias FQDNs don't permit trailing period
I made pull request https://github.com/pfsense/pfsense/pull/1394
That solution enables the validation of things like... Phillip Davis
01:08 AM Bug #4124: Alias FQDNs don't permit trailing period
Yes, that is annoying for people who want/like/need to put the correct whole FQDN, including the root domain ".".
e.... Phillip Davis
03:44 AM Bug #4122 (Resolved): webConfiguratorlockout table is missing expiration
Renato Botelho
01:15 AM Bug #4122: webConfiguratorlockout table is missing expiration
Works - I locked myself out from 1 IP address (after about 15 dodgy password entries). After the following hour bound... Phillip Davis
12:41 AM Feature #3506: Firewall:Aliases - Sort/Move Function
The other really useful feature would be to be able to disable entries in the alias list without having to remove the... Volker Kuhlmann
12:16 AM Feature #3506: Firewall:Aliases - Sort/Move Function
+1 Bipin Chandra

12/17/2014

07:54 PM Bug #4110 (Confirmed): interface-group is not set properly on the openvpn interfaces after reboot
confirmed as described Chris Buechler
07:46 PM Bug #4121 (Rejected): Failover don´t switch back to Tier 1
not true. I re-tested typical multi-WAN scenarios, then tested the less typical case described here where an OpenVPN ... Chris Buechler
04:32 AM Bug #4121 (Rejected): Failover don´t switch back to Tier 1
I Have two Gateway´s in a Group (Failover)
Tier1 = HideVPN Gateway OpenVPN with Monitoring IP
Tier2 = Normal WAN ... Cor-nY r!Egelchen
06:26 PM Bug #4111 (Resolved): Unbound replies using wrong source IP when bound to *
If not ideal since it only completely fixes the circumstance where you're binding to *:53, this is the best we can do... Chris Buechler
03:41 PM pfSense Packages Bug #4087: Rule reload doesn't update FQDN entries in pf tables
Is there a way to sun a command that does an update immediately?
filterdns is run as
/usr/local/sbin/filterdns -p... Volker Kuhlmann
03:05 PM Feature #3506: Firewall:Aliases - Sort/Move Function
I would really like this feature too. When having aliases with 15 or 20 hosts etc. it is easier to maintain if they c... Volker Kuhlmann
02:48 PM Bug #4124 (Resolved): Alias FQDNs don't permit trailing period
On page
https://pfsense/firewall_aliases_edit.php?id=xx
for alias type network(s) entering an FQDN with trailing pe... Volker Kuhlmann
12:54 PM Todo #4123 (Closed): Add support to multiple tables to expiretable
Improve expiretable to support multiple tables and remove multiple calls from crontab Renato Botelho
12:30 PM Bug #4122: webConfiguratorlockout table is missing expiration
Applied in changeset commit:b0885c5a7aa20801d78df77f5124eca766f34723. Renato Botelho
12:30 PM Bug #4122 (Feedback): webConfiguratorlockout table is missing expiration
Applied in changeset commit:56c8376a9eabdc59e8f71535c0f3cd871cd776f1. Renato Botelho
09:00 AM Bug #4122 (Resolved): webConfiguratorlockout table is missing expiration
The sshlockout_pf process adds IP addresses that fail too many GUI login attempts to the webConfiguratorlockout table... Jim Pingle
11:30 AM Bug #4119: Disable DHCP server when interface is disabled / DHCP relay is checking for disabled interfaces
Applied in changeset commit:aafa7657399edf835a28c106c37ac71cc9b24335. Renato Botelho
11:30 AM Bug #4119 (Feedback): Disable DHCP server when interface is disabled / DHCP relay is checking for disabled interfaces
Applied in changeset commit:570066460e88a63d186e8892930927e6e9825fc4. Renato Botelho
11:18 AM Bug #4119: Disable DHCP server when interface is disabled / DHCP relay is checking for disabled interfaces
Original issue is also present Renato Botelho
10:04 AM Bug #4119 (Assigned): Disable DHCP server when interface is disabled / DHCP relay is checking for disabled interfaces
The real issue here is DHCP server still starts after interface is disabled, even if you reboot the system service is... Renato Botelho
10:10 AM Bug #4102: Could not find IPv4/IPv6 gateway for interface log spam
Guys, can you tell me how to stop logging this junk at least? This renders the system log absolutely useless with fir... Kill Bill
08:08 AM Bug #4062: pfSense_getall_interface_addresses truncates v6 link local IPs
I would push this on 2.2.1 since i am not yet able to evaluate if this is fixed what all is impacted. Ermal Luçi
04:29 AM Todo #4120 (Resolved): Improve passwd security
A couple of things to be done to improve pfSense passwd:
- Change hash from MD5 to SHA512 or blowfish
- Start to ... Renato Botelho

12/16/2014

09:03 PM pfSense Packages Bug #4118: NUT fails to start in pfSense 2.2
Thanks Denny: Confirmed to fix my copy.
[code]
#!/bin/sh
# This file was automatically generated
# by the pfSe... Chris Palmer
05:32 PM Bug #4112: ipsec, strongswan (sometimes) needs a 'conn' section with a unique reqid for each phase2
the subject here isn't what the problem really is, but there is some kind of interoperability issue with multiple P2s... Chris Buechler
01:49 PM Bug #4116: IP Alias VIPs using CARP VIP as their interface are not properly deactivated for temporary CARP disable
The "temporary" button seems to behave OK in my test setup now but maintenance mode still does not appear to work pro... Jim Pingle
06:30 AM Bug #4116: IP Alias VIPs using CARP VIP as their interface are not properly deactivated for temporary CARP disable
Applied in changeset commit:936e554bab69b0f6b1eb53cae807e3f2fafa3e73. Renato Botelho
06:30 AM Bug #4116 (Feedback): IP Alias VIPs using CARP VIP as their interface are not properly deactivated for temporary CARP disable
Applied in changeset commit:dd0cb9fcf4428d8fdc0e6cd380ea2a5dff4e9114. Renato Botelho
10:46 AM Bug #4119 (Resolved): Disable DHCP server when interface is disabled / DHCP relay is checking for disabled interfaces
DHCP Relay will print the usual error about DHCP being enabled even when DHCP is not active, if there is a disabled o... Jim Pingle
06:26 AM Bug #4100 (Resolved): Validation of y/n answers in setlanip console menu
The question in the end is an enhancement, this ticket can be safely closed. Renato Botelho
03:24 AM Bug #3915: DHCP server static mapped clients do not receive custom DNS servers
Received this text in email today from dhcp-bugs@isc.org :
--------
Yes 4.3 added this functionality. There was a b... Phillip Davis

12/15/2014

09:58 PM Bug #4074: Status NTP does not display any result if IPv6 Allow is off
So far, all that has been committed is a change to the ntpq command that gets the ntpd status, forcing it to use IPv4... Phillip Davis
01:12 PM Bug #4074: Status NTP does not display any result if IPv6 Allow is off
I'm still seeing NTP IPv6 requests blocked on lo0 using the Sat Dec 13 13:26:22 amd64 build. Should this fix be prese... Andy Sayler
09:41 PM Bug #4100: Validation of y/n answers in setlanip console menu
And in the end the committed pull request was: https://github.com/pfsense/pfsense/pull/1385
I will do a change to ad... Phillip Davis
06:24 AM Bug #4100 (Feedback): Validation of y/n answers in setlanip console menu
Merged, thanks! Renato Botelho
08:28 PM pfSense Packages Bug #4078: NUT fails to start with USB
I've determined that the USB problem was due to leftover files from the NUT install under pfSense 2.1.5. After having... Denny Page
08:20 PM pfSense Packages Bug #4118 (Resolved): NUT fails to start in pfSense 2.2
The start up script for NUT, /usr/local/etc/rc.d/nut.sh, needs to change the path used to invoke upsdrvctl.
In Fre... Denny Page
03:41 PM Bug #4117 (Resolved): Using run(4) USB WLAN in hostap mode crashes in FreeBSD 10.x
I was using a "Hama Wireless LAN USB 2.0 Stick 300 Mbps" for some time as an access point with the 2.2 alpha and beta... Andreas Mueller
01:30 PM Bug #4067: Unbound configuration does not get synchronized to the secondary members of a cluster install
Applied in changeset commit:73041230a79f7b0f2cbae60cf51596a1232d5029. Renato Botelho
01:30 PM Bug #4067 (Feedback): Unbound configuration does not get synchronized to the secondary members of a cluster install
Applied in changeset commit:c25caf5b01269961d0129f8f83dc8dc1a078c3a8. Renato Botelho
08:49 AM Bug #4067: Unbound configuration does not get synchronized to the secondary members of a cluster install
I'll take it Renato Botelho
01:30 PM Bug #4104: unbound package configuration migration to 2.2 broken
Applied in changeset commit:03226d75ba52c78d33c5afaaa81379baf0d3856f. Renato Botelho
01:30 PM Bug #4104 (Feedback): unbound package configuration migration to 2.2 broken
Applied in changeset commit:387ab31a976fbacfc0d8e2fde7efb7cb1c4b6b6b. Renato Botelho
12:11 PM Bug #4104: unbound package configuration migration to 2.2 broken
It's these checkboxes breaking the upgrade:
!http://i.imgur.com/od1nv1s.png!
 Kill Bill
08:50 AM Bug #4104: unbound package configuration migration to 2.2 broken
Can you share your unbound config from 2.1.x? Renato Botelho
12:31 PM Bug #4115 (Resolved): Services - DHCP/DHCPv6 Server - some advanced options have messed up GUI
Renato Botelho
12:10 PM Bug #4115: Services - DHCP/DHCPv6 Server - some advanced options have messed up GUI
Fixed after gitsync, thanks. ;) Kill Bill
06:50 AM Bug #4115: Services - DHCP/DHCPv6 Server - some advanced options have messed up GUI
Applied in changeset commit:5cfd948144741ba0d6981f89b2e40257cb9ef2b1. Renato Botelho
06:50 AM Bug #4115 (Feedback): Services - DHCP/DHCPv6 Server - some advanced options have messed up GUI
Applied in changeset commit:e51d6e1b7f195cbc8300c473a14610b84cc191b0. Renato Botelho
05:24 AM Bug #4115 (Resolved): Services - DHCP/DHCPv6 Server - some advanced options have messed up GUI
*DHCP server:*
!http://i.imgur.com/yiRg3HA.png!
*DHCPv6 server:*
!http://i.imgur.com/qfFo5Cz.png!
(FWIW, this... Kill Bill
11:30 AM Feature #3633: OpenVPN client's "Client Certificate" should be optional
@G Brinton - can you try the code in https://github.com/pfsense/pfsense/pull/1389
I discovered that OpenVPN does n... Phillip Davis
10:25 AM Feature #3633: OpenVPN client's "Client Certificate" should be optional
Actually, at the moment, the code does allow a password to be entered without username - it gets through the front-en... Phillip Davis
09:21 AM Feature #3633: OpenVPN client's "Client Certificate" should be optional
Can we relax the input validation to require password only?
I've tested it with a service provider that only requir... Marcus Brown
11:11 AM Bug #3910: Cannot set advskew back to 0
There still seems to be an issue here. On a current snapshot when I try to leave maintenance mode the skew is stuck a... Jim Pingle
11:00 AM Bug #4116 (Resolved): IP Alias VIPs using CARP VIP as their interface are not properly deactivated for temporary CARP disable
When using "Temporarily Disable CARP", IP alias VIPs using a CARP VIP "interface" are still present and the interface... Jim Pingle

12/14/2014

08:09 PM pfSense Packages Bug #4114 (Resolved): Squid 3.4.9 transparent proxy broken.
The latest Squid packages all had issues, but none of them as serious as transparent proxy not working.
Squid has to... Arthur Undisclosed
05:58 PM Bug #4113 (Resolved): multiple instances of /var/db/rrd/updaterrd.sh
On my pfsenses I see multiple instances of updaterrd.sh
Because all instances uses only one pid file with only one... Grischa Zengel
03:28 PM Bug #4112 (Closed): ipsec, strongswan (sometimes) needs a 'conn' section with a unique reqid for each phase2
ipsec, strongswan (sometimes) needs a 'conn' section with a unique reqid for each phase2
I've been trying to repla... Pi Ba
08:09 AM Bug #4103: Xen xn NICs can't tag VLANs
On Interfaces/VLAN is written:... Grischa Zengel
12:52 AM Feature #4108: USB printers support required
Including ulpt driver module into freebsd/pfsense compilation does not make a print server from it, not even close to... Vladimir Suhhanov

12/13/2014

10:47 PM Feature #4108 (Rejected): USB printers support required
It's a firewall, not a print server. Don't do that. Anyone who *really* wants to can copy over a ulpt.ko from stock F... Chris Buechler
01:02 AM Feature #4108 (Rejected): USB printers support required
I ask you to add ulpt driver module or compile it into the kernel. People want to use it! :)
https://www.freebsd.org... Vladimir Suhhanov
01:20 PM Bug #4111 (Feedback): Unbound replies using wrong source IP when bound to *
Fix committed and verified for the circumstance where binding all interfaces. Chris Buechler
01:17 PM Bug #4111 (Resolved): Unbound replies using wrong source IP when bound to *
When Unbound is bound to all interfaces, it replies back with the source IP it would use for initiating a new connect... Chris Buechler
12:09 PM Bug #4110 (Resolved): interface-group is not set properly on the openvpn interfaces after reboot
interface-group is not set properly on the openvpn interfaces after reboot
The openvpn interfaces are part of the My... Pi Ba
10:57 AM pfSense Packages Bug #4109: squid package doesn't include hostname when logging remotely
sorry - snort not squid ;)
The remote system can detect the sender, of cause. But if you ommit the hostname, it's no... Patrick Hieber
10:00 AM pfSense Packages Bug #4109 (Rejected): squid package doesn't include hostname when logging remotely
Squid/snort inconsistencies in the report aside, syslog does not include that. It's up to the remote system to identi... Jim Pingle
07:41 AM pfSense Packages Bug #4109 (Rejected): squid package doesn't include hostname when logging remotely
Squid doesn't include the hostname when logging remotely (e.g.):
<33>Dec 13 13:40:18 snort[2160]: [120:3:1] (http_... Patrick Hieber
09:03 AM Bug #3848: enabling schedule on 2.1.5 causes page fault
21 days and no page fault so far. I am updating to the latest build today and will continue to monitor. Ernst den Broeder
05:48 AM Bug #4103: Xen xn NICs can't tag VLANs
In XN there couldn't be tagging problems, because it didn't know anything about tagging.
They will tell me that the ... Grischa Zengel
12:55 AM Bug #4107 (Resolved): Firmware backup restoration via WebUI does not reboot firewall at the end, no logs, no messages
If you restore full backups via console, using upgrade firmware menu - no problem it is working, the only one thing i... Vladimir Suhhanov

12/12/2014

10:23 PM Bug #4105: rc.update_bogons.sh fetch failure should never sleep on FW upgrade
Well, sadly this does not happen in the _background_... No idea why it does not background, as said the upgrade could... Kill Bill
09:40 PM Bug #4105 (Feedback): rc.update_bogons.sh fetch failure should never sleep on FW upgrade
The bogon update sleep doesn't lock anything or prevent anything else from happening, it just sits in the background ... Chris Buechler
09:51 AM Bug #4105 (Not a Bug): rc.update_bogons.sh fetch failure should never sleep on FW upgrade
This kills the whole upgrade process, since this gets stuck on sleep "forever" (one day at least, or even a week or m... Kill Bill
09:30 PM Bug #4103: Xen xn NICs can't tag VLANs
There are problems in VLAN tagging in that driver. That's outside of our control. Please replicate the problem on sto... Chris Buechler
08:50 PM Bug #4103: Xen xn NICs can't tag VLANs
That's in the code:... Grischa Zengel
08:20 PM Bug #4103: Xen xn NICs can't tag VLANs
That's to lapidary.
Tagging is something which is handled by software and could be in hardware.
Without anything wr... Grischa Zengel
07:07 PM Bug #4103 (Rejected): Xen xn NICs can't tag VLANs
they don't show up because they report themselves as not being VLAN-capable. Those who have forced their way around t... Chris Buechler
03:20 AM Bug #4103 (Rejected): Xen xn NICs can't tag VLANs
Interface xn0 is not listed on "Interfaces: VLAN: Edit" for using as parent interface.
On XEN interface xn0 didn't... Grischa Zengel
07:05 PM Feature #3933: Limiter burst doesn't have any effect
it's not a config or command issue, if it were that simple I would have fixed it. It's a kernel issue with dummynet i... Chris Buechler
06:20 PM Bug #4106 (Rejected): ipsec, using a carpip for the interface of a phase1 ipsec connection with fails to generate the ipsec.conf content
duplicate of #4089 which is fixed already. Chris Buechler
06:18 PM Bug #4106 (Rejected): ipsec, using a carpip for the interface of a phase1 ipsec connection with fails to generate the ipsec.conf content
ipsec, using a carpip for the interface of a phase1 ipsec connection with fails to generate the ipsec.conf content.
... Pi Ba
09:37 AM Bug #4104 (Resolved): unbound package configuration migration to 2.2 broken
On literally every box that had unbound installed as a package with 2.1.x, there's some statistics-related configurat... Kill Bill
08:26 AM Bug #3886 (Feedback): (TurkishLanguage) After the firewall rule for example (lan rule) does not come "Apply Button"
Done. We will have a new translation server available soon to make users able to translate again. Renato Botelho
07:26 AM Bug #4095: Unbound config not regenrated on WAN-style interface acquiring IP address
in my case one of my alix boxes has a single wan conenction (pppoe) and i have set it to periodically reset at 3am so... Bipin Chandra
06:17 AM Bug #4100: Validation of y/n answers in setlanip console menu
Better solution in https://github.com/pfsense/pfsense/pull/1382 Phillip Davis
05:30 AM Bug #3992: The password confirmation field is not properly formatted at VPN: L2TP: User: Add/Edit
Applied in changeset commit:9b8f26cfdf3a9829585c1e97b435407561e2766d. Renato Botelho
05:30 AM Bug #3992 (Feedback): The password confirmation field is not properly formatted at VPN: L2TP: User: Add/Edit
Applied in changeset commit:2e65babb16b604752afc6b5f948851cb881ce9af. Renato Botelho
04:51 AM Bug #4077 (Feedback): Gateways Status Widget status column does not update
Merged Renato Botelho
04:27 AM Bug #4091 (Resolved): spurious character in NTP config
Renato Botelho
03:05 AM Bug #4102 (Resolved): Could not find IPv4/IPv6 gateway for interface log spam
There is no IPv4 nor IPv6 assigned to the interface, there was a dynamic IPv6 GW created on 2.1.x, which was made def... Kill Bill

12/11/2014

04:00 PM Bug #3389: GUI allows to configure ICMPv4 types for ICMPv6 firewall rules
Applied in changeset commit:fcc96054a0935a2eb4aa380ccf0fc8c44987715f. Renato Botelho
04:00 PM Bug #3389 (Feedback): GUI allows to configure ICMPv4 types for ICMPv6 firewall rules
Applied in changeset commit:d3bf4a4163c50146a18cbb6cebe87d8d9a453afe. Renato Botelho
04:00 PM Bug #4101: Mounting information lost upgrading from XenServer virtualized 2.1.5
That's an issue with Xen changing your devices without telling you, and coupled with FreeBSD's Xen disk driver not al... Jim Pingle
03:37 PM Bug #4101 (Needs Patch): Mounting information lost upgrading from XenServer virtualized 2.1.5
During the update, the devices get renamed and the reboot fails. You have to manually fix this during boot and edit t... Joel Linn
12:50 PM Bug #4099: IP aliases on localhost not config syncing across
Applied in changeset commit:470b14d8d676c342956c783bba4b352c91627626. Renato Botelho
12:50 PM Bug #4099 (Feedback): IP aliases on localhost not config syncing across
Applied in changeset commit:11bdc638ef87c94d239113cbac9e5f59bc8b74da. Renato Botelho
12:45 AM Bug #4099 (Resolved): IP aliases on localhost not config syncing across
IP aliases on localhost don't config sync to the secondary. This was broken, then fixed earlier in the 2.2 release cy... Chris Buechler
11:20 AM Bug #3790: Input validation is too strict for IPv6 Prefix ID for Track Interface
Applied in changeset commit:79fabc8fac5f8c8444f8374748572040e96bee24. Renato Botelho
11:20 AM Bug #3790 (Feedback): Input validation is too strict for IPv6 Prefix ID for Track Interface
Applied in changeset commit:986fd3d9a70bd92e2138372147e338e24f774730. Renato Botelho
05:50 AM Feature #3933: Limiter burst doesn't have any effect
Hi Chris,
This issue is a blocker for me, I would really want the bursting functionality to work. I would like to ... Ahmed Kamal
03:12 AM Bug #4100: Validation of y/n answers in setlanip console menu
Proposed solution https://github.com/pfsense/pfsense/pull/1372 Phillip Davis
03:11 AM Bug #4100 (Resolved): Validation of y/n answers in setlanip console menu
At the moment the user can answer "yes" to most of the (y/n) questions, but then later code only checks if the answer... Phillip Davis
12:31 AM Bug #4094: Gateway Status can report Online when gateway is waiting for DHCP
Because the interface has no IP address/gateway yet, there is no way for pfSense to set a specific route to the monit... Phillip Davis

12/10/2014

11:59 PM Bug #4095: Unbound config not regenrated on WAN-style interface acquiring IP address
actually im having the same issue
https://forum.pfsense.org/index.php?topic=78356.msg467520#msg467520 Bipin Chandra
11:15 PM Bug #4095: Unbound config not regenrated on WAN-style interface acquiring IP address
assigned to cmb for eval Jim Thompson
11:51 AM Bug #4095 (Resolved): Unbound config not regenrated on WAN-style interface acquiring IP address
Example: system with dual-WAN - WAN and OPT1 both DHCP.
Boot with WAN getting DHCP but OPT1 connected but not gettin... Phillip Davis
11:50 PM Bug #4094: Gateway Status can report Online when gateway is waiting for DHCP
I'm almost to a point of confirming what Phil describes. Broke my system earlier and killed my VPN to where the test ... Chris Buechler
11:14 PM Bug #4094: Gateway Status can report Online when gateway is waiting for DHCP
assigned to CMB for now. (Evaluation).
I can think of a bunch of scenarios that are "racy" (DHCP can take a while... Jim Thompson
08:58 PM Bug #4094: Gateway Status can report Online when gateway is waiting for DHCP
Note: Another hardware scenario where this can happen is if you have your upstream WAN devices connected to pfSense o... Phillip Davis
10:56 AM Bug #4094: Gateway Status can report Online when gateway is waiting for DHCP
If I physically unplug OPT1, then everything fails over correctly to WAN. The issue seems to be only if a DHCP WAN-ty... Phillip Davis
10:51 AM Bug #4094 (Resolved): Gateway Status can report Online when gateway is waiting for DHCP
Example system: 2 WANs, both DHCP, that uplink to 2 different ISPs (WAN and OPT1) (called WAN_DHCP interface WANGENER... Phillip Davis
11:14 PM pfSense Packages Bug #4078: NUT fails to start with USB
After updating to 2.2 RC, removing the NUT package, cleaning up 2.1.5 NUT leftovers by hand, and reinstalling the NUT... Denny Page
11:10 PM Bug #4076: DNS Forwarder options do not unset during CARP sync
assigned to Chris for evaluation. Jim Thompson
11:06 PM Bug #4067: Unbound configuration does not get synchronized to the secondary members of a cluster install
Ermal reported it, I'm assigning it to him. :-) Jim Thompson
11:05 PM pfSense Packages Bug #4059: library required by squid3 may be absent

Assigned to Renato for evaluation and possible fix, because: packages. Jim Thompson
11:04 PM Bug #3790: Input validation is too strict for IPv6 Prefix ID for Track Interface
re-assigned Jim Thompson
10:58 PM Bug #3932: Captive portal with greater than 9000 permanent MAC addresses causes timeout in loading CP
Could we try what Jeremy asked for? Jim Thompson
02:31 PM Feature #4098 (New): Add option to force a password change on login
For new users in the User Manager, it would be handy to have the ability to force them to change their password on th... Jim Pingle
02:25 PM Bug #4092 (Rejected): enable DNSSEC on unbound resolver breaks ability to resolve www.google.com
Definitely not true. Something in your case legitimately is breaking DNSSEC. Post some details to the forum or list a... Chris Buechler
08:30 AM Bug #4092 (Rejected): enable DNSSEC on unbound resolver breaks ability to resolve www.google.com
On the DNS Resolver main configuration page, if you enable DNSSEC, the resolver is no longer able to resolve www.goog... Vick Khera
02:01 PM pfSense Packages Bug #4097 (Not a Bug): Unable to restart Postfix
Postfix seems disabled but can't enabled.
When trying to restart Postfix from the GUI nothing seems to happen. The c... Marco Verleun
01:21 PM Bug #4089 (Resolved): IPsec skips P1s bound to CARP IPs
fixed Chris Buechler
06:00 AM Bug #4089: IPsec skips P1s bound to CARP IPs
Applied in changeset commit:c02acef2866f08662d62aa6f0ba73168e85dafc8. Renato Botelho
06:00 AM Bug #4089 (Feedback): IPsec skips P1s bound to CARP IPs
Applied in changeset commit:76f12171884adcbbf6ea6d66b87851b0a5fcc4b3. Renato Botelho
04:05 AM Bug #4089 (Resolved): IPsec skips P1s bound to CARP IPs
Configure IPsec bound to a CARP IP on P1, and see it ends up being completely omitted from ipsec.conf. Chris Buechler
12:38 PM Bug #4096 (Rejected): Update Checker doesnt work Under Failover setup
you need default gateway switching enabled for that to work Chris Buechler
12:35 PM Bug #4096 (Rejected): Update Checker doesnt work Under Failover setup
I have a failover setup
WAN, WAN2
WAN being primary.
if WAN is down. pfSense can not check if iam on the latest v... M Skenderian
12:25 PM Bug #4093 (Resolved): Static Routes GUI page mentions rules
Chris Buechler
09:36 AM Bug #4093 (Feedback): Static Routes GUI page mentions rules
Merged, thanks! Renato Botelho
09:30 AM Bug #4093 (Resolved): Static Routes GUI page mentions rules
A bunch of the hover text for buttons on this page, and delete confirmation mention "rule" rather than "route".
Obvi... Phillip Davis
08:20 AM Bug #4091: spurious character in NTP config
Applied in changeset commit:59c5e4bd687ec9779488e35e418380bde8a2544e. Renato Botelho
08:20 AM Bug #4091 (Feedback): spurious character in NTP config
Applied in changeset commit:d7563eebc721a6eb2ca1f58136905ed4044a1a15. Renato Botelho
08:03 AM Bug #4091 (Resolved): spurious character in NTP config
In service->NTP under "access restrictions" advanced button, the line for "Disable ntpq and ntpdc queries (default: d... Vick Khera
08:00 AM Bug #4090: unbound advanced settings cause broken unbound.conf file
I found that I need to specify... Vick Khera
07:52 AM Bug #4090 (Resolved): unbound advanced settings cause broken unbound.conf file
I need to permit private IPs for my local domains to resolve. That is, vick.int.kcilink.com resolves to 192.168.7.80.... Vick Khera

12/09/2014

01:31 PM Bug #4082: Adding to Captive Portal Allowed Hostnames list gives error (exit code 71) in System Logs
Thanks; so when I add pfsense.org , which is not already there :o), it gives the same error.
Currently, that pass th... David Goldstrom
12:59 PM pfSense Packages Bug #4087: Rule reload doesn't update FQDN entries in pf tables
It occurred to me after turning the computer off well after midnight that you might have been referring to the "TTL" ... Volker Kuhlmann
06:39 AM pfSense Packages Bug #4087: Rule reload doesn't update FQDN entries in pf tables
Oh, that's a bug with network-type aliases and FQDNs if you mix networks in with them. That's fixed in 2.2, there's a... Chris Buechler
06:00 AM pfSense Packages Bug #4087: Rule reload doesn't update FQDN entries in pf tables
You have missed the problem. I am not interested in new DNS lookups.
The problem is that THE ENTRIES CORRESPONDING T... Volker Kuhlmann
05:53 AM pfSense Packages Bug #4087 (Rejected): Rule reload doesn't update FQDN entries in pf tables
Nor should they be. They're updated in the background by filterdns when the TTL expires. It's pointless to do another... Chris Buechler
05:30 AM pfSense Packages Bug #4087 (Rejected): Rule reload doesn't update FQDN entries in pf tables
pf tables can be populated from FQDNs through pfsense aliases. This is a very good feature for a number of reasons. T... Volker Kuhlmann
11:46 AM Bug #3939: Cannot create Host or Network type alias with an IP address/range
It looks like there is still an issue with this.
If I create a new alias with 2 networks and 2 FQDN's, all expected... Landon Timothy
05:53 AM Bug #4086: Gateway monitoring DoS
It took me a long time to find the problem because there are few symptoms that immediately break things, other than a... Volker Kuhlmann
05:38 AM Bug #4086 (Rejected): Gateway monitoring DoS
not true in general, though I'm sure there are unusual edge cases where that's possible. Even the described flapping ... Chris Buechler
05:21 AM Bug #4086 (Rejected): Gateway monitoring DoS
Default configuration is to monitor the WAN gateway once per second and to take action if it doesn't respond for 10 s... Volker Kuhlmann
05:44 AM pfSense Packages Bug #4088 (Feedback): Buggy squidgurd config file is created
The config file that is generated for squidguard 1.4_4 pkg v.1.9.6 is buggy in two ways, leading to unexpected and da... Volker Kuhlmann
04:59 AM Bug #4080 (Resolved): can't edit setting after factory reset!
fixed Chris Buechler
04:58 AM Bug #4066 (Resolved): Dynamic DNS updates failing on PPPoE reconnect
fixed Chris Buechler
04:18 AM pfSense Packages Bug #4085 (Resolved): Check_mk agent configuration: 'Listen Port' is required, contrary to description
In the Check_mk agent configuration page, the description for 'Listen Port' says:
"Leave empty to use Default prot [... Flavio Stanchina
04:09 AM pfSense Packages Bug #4084 (Resolved): Check_mk agent doesn't work: wrong bash path
The official Check_mk agent package doesn't work because the shebang line at the top of /usr/local/bin/check_mk_agent... Flavio Stanchina

12/08/2014

11:51 PM pfSense Packages Feature #3485: Log rotation for mod_security
+1
Ended up having to install a local crontab to avoid log overflowing, which is totally sub-optimal and non-repro... Stéphane Lapie
03:24 PM Feature #4083 (Resolved): Replace GET by POST
These functions should be sent as a POST to pfSense software, which should then do a redirect back to the status page... Michael Newton
02:29 PM Bug #4081: Apinger reporting incorrect latency
also affects rrd graph at same time Michael Kellogg
10:28 AM Bug #4081 (Confirmed): Apinger reporting incorrect latency
it's not reporting latency to the gateway, its calculations become wrong under some circumstance. Chris Buechler
10:40 AM Bug #4082 (Confirmed): Adding to Captive Portal Allowed Hostnames list gives error (exit code 71) in System Logs
that's just cosmetic, when it tries to add something that's already there. Chris Buechler
10:07 AM Bug #3286: Radvd will not function with IPv6 Prefix delegation other than 64 on WAN
Just wanted to add a comment here... it's possible that this is not a pfSense bug. DHCPv6+PD leases a prefix of the r... Anonymous

12/07/2014

04:28 PM Bug #4080 (Feedback): can't edit setting after factory reset!
Pull request merged Renato Botelho
10:51 AM Bug #4080: can't edit setting after factory reset!
Should be fixed by: https://github.com/pfsense/pfsense/pull/1371
It was broken recently by enhancements to return ... Phillip Davis
08:50 AM Bug #4080 (Resolved): can't edit setting after factory reset!
After I do a "reset to factory defaults" I couldn't change any other setting from the Console menu ... I have tried t... Michael F
01:14 PM Bug #4082 (Resolved): Adding to Captive Portal Allowed Hostnames list gives error (exit code 71) in System Logs
Adding a web address to the Captive Portal's Allowed Hostnames list consistently gives this error in the system logs:... David Goldstrom
12:36 PM Bug #1629: invalid state table entries after WAN IP change
So is this change going in to 2.2? Will the state killing be triggered in a gateway group failover event that is typi... → luckman212
12:14 PM Feature #3506: Firewall:Aliases - Sort/Move Function
I agree this would be a very nice feature to have, as would the ability to sort or re-order the "interfaces" lists wh... → luckman212
12:00 PM Bug #4081: Apinger reporting incorrect latency
I have a bare metal box that I believe this or something related is happing chris has access info if any of the other... Michael Kellogg
11:02 AM Bug #4081 (Resolved): Apinger reporting incorrect latency
If a gateway has an explicit monitor address, apinger will stop reporting latency to the monitor address and switch t... Denny Page
08:48 AM Feature #4079 (Closed): Specify opt-number to use on new interfaces
When creating new interfaces, it would be nice to be able to specify the number that the opt-interface receives. A si... Trond Vindenes

12/05/2014

02:27 PM Todo #4075 (Resolved): branch RELENG_2_2, update build tools and build servers accordingly
All done Renato Botelho
12:30 PM Bug #4066: Dynamic DNS updates failing on PPPoE reconnect
Applied in changeset commit:6a7dae05d3a628492f5b55ff87a7153ee69484dd. Renato Botelho
12:30 PM Bug #4066 (Feedback): Dynamic DNS updates failing on PPPoE reconnect
Applied in changeset commit:6d744cc842058a2ff35c82700cce71a2f5eaae41. Renato Botelho
10:03 AM pfSense Packages Bug #4078 (Resolved): NUT fails to start with USB
On 64 bit, the NUT build is looking libusb.so.2, whereas the native build for 64 bit in /usr/lib is libusb.so.3. Ther... Denny Page
01:54 AM Bug #4077: Gateways Status Widget status column does not update
Pull request: https://github.com/pfsense/pfsense/pull/1366
After this the status updates - pull the cable out of a... Phillip Davis
01:49 AM Bug #4077 (Resolved): Gateways Status Widget status column does not update
On the Dashboard, Gateways Status widget, the RTT and Loss columns update every 10 seconds. But the Status column doe... Phillip Davis

12/04/2014

10:38 PM Bug #4066 (Confirmed): Dynamic DNS updates failing on PPPoE reconnect
found one scenario that's still a problem, investigating. Chris Buechler
12:07 PM Bug #4066 (Resolved): Dynamic DNS updates failing on PPPoE reconnect
confirmed fixed on multiple systems Chris Buechler
05:40 PM Bug #4040 (Resolved): gateway monitoring issues with multiple PPPoE with same gateway
fixed Chris Buechler
05:39 PM Bug #3809 (Resolved): IPsec Save Xauth Password no longer work
Chris Buechler
05:38 PM Bug #4061: dhcpd doesn't send client-hostname to peer, breaking DHCP lease registrations w/HA
no quick fix here, will review further for 2.2.1 Chris Buechler
05:24 PM Todo #4075 (Feedback): branch RELENG_2_2, update build tools and build servers accordingly
should be done Chris Buechler
11:50 AM Todo #4075: branch RELENG_2_2, update build tools and build servers accordingly
Just /etc/version is missing Renato Botelho
04:40 AM Todo #4075 (Assigned): branch RELENG_2_2, update build tools and build servers accordingly
- Branch RELENG_2_2 created
- set_version.sh changed
Still missing (waiting some definitions):
- Update URL
-... Renato Botelho
12:12 AM Todo #4075 (Resolved): branch RELENG_2_2, update build tools and build servers accordingly
Time to branch RELENG_2_2, and everything that comes along with that. Should be final thing before RC.
Chris Buechler
12:41 PM Bug #4009: Selecting "Embedded" during install does not activate the serial console in a persistent way on amd64
yeah looks good Chris Buechler
09:42 AM Bug #4009 (Resolved): Selecting "Embedded" during install does not activate the serial console in a persistent way on amd64
Works for me, too. I restored a problem config and it still has a console when it boots back up. Marking this as reso... Jim Pingle
12:08 PM Bug #4015 (Resolved): IKE version change needs javascript to update other available fields
this should be good Chris Buechler
11:49 AM Bug #3997: get_interface_ip() returns first IP on interface, not necessarily primary IP
We'll review Ermal's patch post-2.2. Chris Buechler
08:05 AM Bug #4076 (Resolved): DNS Forwarder options do not unset during CARP sync
With a CARP cluster, the options on Services > DNS Forwarder will sync to the secondary when set, but when unset they... Jim Pingle
03:14 AM Bug #4071: IPsec with remote gateway of FQDN missing rightid after boot
I reverted the fix you pushed and committed f658bac which is the correct fix.
The issue came from the platform_booti... Ermal Luçi
12:22 AM Bug #4074: Status NTP does not display any result if IPv6 Allow is off
Yes, I was thinking a similar thing. "Allow IPv6" is really meant to be a general blocker for outside things that mig... Phillip Davis
12:08 AM Bug #4074 (Feedback): Status NTP does not display any result if IPv6 Allow is off
Good catch, thanks. I merged that.
Wondering if it'd be best to allow localhost to localhost v6 connectivity rega... Chris Buechler

12/03/2014

11:52 PM Bug #4074 (Resolved): Status NTP does not display any result if IPv6 Allow is off
Forum: https://forum.pfsense.org/index.php?topic=84890.0
ntpq by default tries to ask ntpd for status using the IP... Phillip Davis
11:27 PM Bug #4069 (Confirmed): cookie_test causes false positives in vulnerability scanners
After further consideration, I will make this a bug, but corrected to the real issue (subject fixed). We can make peo... Chris Buechler
05:03 PM Bug #4069 (Rejected): cookie_test causes false positives in vulnerability scanners
every meaningful cookie sets secure in all versions. That's flagging on the cookie_test that does nothing but check w... Chris Buechler
04:53 PM Bug #4069 (Resolved): cookie_test causes false positives in vulnerability scanners
openvas reports vulnerability:
*Vulnerability Detection Result*
The cookies:
Set-Cookie: cookie_test=1417649... Koen de Boeve
11:02 PM Feature #4072 (Resolved): Display installed pkg version even if pkg server not available
thanks Chris Buechler
09:29 PM Feature #4072 (Resolved): Display installed pkg version even if pkg server not available
Display the currently installed package version numbers, along with text like "Latest: N/A". and the Version box bein... Phillip Davis
10:58 PM Todo #4073 (Resolved): Validate bogon update failure handling
Soft failures returned by fetch resulted in immediate and continual retries prior to the last couple days. Now it at ... Chris Buechler
10:53 PM Bug #3894: OpenVPN client started multiple times when connecting to FQDN where connectivity to server is delayed
The last update has nothing to do with your issue Dmitriy, the fix I put in a couple weeks ago is fine for that. Erma... Chris Buechler
12:48 PM Bug #3894: OpenVPN client started multiple times when connecting to FQDN where connectivity to server is delayed
Does that mean that the issue remains intact? Or SIGKILL will do in my case? Dmitriy K
11:02 AM Bug #3894: OpenVPN client started multiple times when connecting to FQDN where connectivity to server is delayed
Since the circumstance Phil noted is pretty common, and the change that caused a problem there had no benefit on the ... Chris Buechler
08:41 PM Bug #4071 (Resolved): IPsec with remote gateway of FQDN missing rightid after boot
fix confirmed on two of my systems and slpalmer's where I originally found the issue. Chris Buechler
08:36 PM Bug #4071 (Resolved): IPsec with remote gateway of FQDN missing rightid after boot
Where a P1 exists with a FQDN as the remote-gateway, ipsec.conf is missing rightid after boot. Adding ticket for trac... Chris Buechler
04:59 PM Bug #4070 (Resolved): Vulnerability SSL Weak Ciphers
openvas reports vulnerability:
*Vulnerability Detection Result*
Weak ciphers offered by this service:
SSL3_RSA... Koen de Boeve
04:13 PM Bug #4009: Selecting "Embedded" during install does not activate the serial console in a persistent way on amd64
Worked fine on my tests, will leave it open to hear a 2nd opinion Renato Botelho
03:41 PM Bug #4066 (Feedback): Dynamic DNS updates failing on PPPoE reconnect
Please try again with last snapshots Renato Botelho
12:52 PM Bug #4066 (Resolved): Dynamic DNS updates failing on PPPoE reconnect
Dynamic DNS updates started failing within the last few days with: ... Chris Buechler
02:20 PM Bug #4067 (Confirmed): Unbound configuration does not get synchronized to the secondary members of a cluster install
probably should add a new config sync checkbox for DNS Resolver, and leave DNS Forwarder as is. Chris Buechler
01:16 PM Bug #4067 (Resolved): Unbound configuration does not get synchronized to the secondary members of a cluster install
Unbound configuration does not get synchronized to the secondary members of a cluster install.
There is no provision... Ermal Luçi
02:19 PM Feature #4068 (Confirmed): CAs present on CERT manager are not trusted from pfSense
Chris Buechler
01:18 PM Feature #4068 (Resolved): CAs present on CERT manager are not trusted from pfSense
Normally the CAs imported/generated on the CERT manager of pfSense should be trusted to help avoid issues with cert v... Ermal Luçi
01:41 PM Feature #3029: DHCPv6 Server/RA page should list interfaces that are configured to track DHCP-PD
Definitely interested in this one. Other open source router firmwares have figured out how to do DHCPv6 on a LAN that... Anonymous
11:25 AM pfSense Packages Bug #4059: library required by squid3 may be absent
the root issue from #4018 is fixed, this package has a separate issue. Chris Buechler
04:28 AM pfSense Packages Bug #4059: library required by squid3 may be absent
Just in case installed squid3 3.4 and it doesn't work:
@Dec 3 14:27:47 php-fpm[7738]: /pkg_mgr_install.php: The comm... Dmitriy K
04:11 AM pfSense Packages Bug #4059: library required by squid3 may be absent
This is an issue with incorrect symlinks. This issue is tracked in #4018. Dmitriy K
10:50 AM Bug #3790 (Confirmed): Input validation is too strict for IPv6 Prefix ID for Track Interface
Chris Buechler
10:09 AM Bug #4065 (Rejected): There is no way a gif tunnel could be used as a default ipv6 gateway automatically
you have to mark the gif's gateway as default if you want it as such, that's not a bug. Chris Buechler
06:40 AM Bug #4065 (Rejected): There is no way a gif tunnel could be used as a default ipv6 gateway automatically
Steps to reproduce:
1. Create a GIF IPv6 tunnel (*gifx*);
2. *gifx* tunnel should be the only one tunnel in the sys... Dmitriy K

12/02/2014

11:06 PM Bug #4064 (Confirmed): improper handling of DNS servers by rtsold
should also be safe to remove resolvconf entirely once this is done, as Ermal suggested yesterday. Right now rtsold l... Chris Buechler
11:02 PM Bug #4064 (Resolved): improper handling of DNS servers by rtsold
rtsold is configured at its defaults, which calls resolvconf to update resolv.conf. It ends up blowing away everythin... Chris Buechler
10:18 PM Bug #4056 (Resolved): IKEv2 rekeying issues
Confirmed fixed in multiple production systems where this could be replicated. Chris Buechler
10:13 PM Bug #4018 (Resolved): several packages not looking in pbi dir for files
Renato and I have tested nearly every package. This issue in general is fixed. There are still some issues with indiv... Chris Buechler
08:36 PM Feature #4063 (Duplicate): Captive Portal: Sync IPFW table states between CARP Members
Dear all,
Currently PFSYNC doesnt sync Captive Portal user states in CARP settings. If failover occurs, users need... Wan Hafizi
08:12 PM Bug #4021 (Confirmed): Unbound doesn't handle v6 link local correctly
this is fixed, except I had to comment out the fix for now because of #4062 Chris Buechler
07:59 PM Bug #4062 (Resolved): pfSense_getall_interface_addresses truncates v6 link local IPs
pfSense_getall_interface_addresses returns v6 link local IPs minus the %interface off the end. That makes get_possibl... Chris Buechler
06:41 PM Bug #3996 (Feedback): Solarflare NIC panic with LACP
back to me for testing after discussion with Jim. I now have a Solarflare card to test. Chris Buechler
06:29 PM Bug #4061 (Confirmed): dhcpd doesn't send client-hostname to peer, breaking DHCP lease registrations w/HA
In a HA setup with DHCP server enabled, both peers will assign IPs. The leases that sync to peers don't include clien... Chris Buechler
05:31 PM Bug #4060 (Rejected): SSL weirdness in redmine
I set HTTP on redmine.pfsense.com to redirect to https://redmine.pfsense.org. We don't link to .com anywhere, though ... Chris Buechler
04:52 PM Bug #4060: SSL weirdness in redmine
I didn't even notice that! The interesting part is that I followed a link to that... I'll try to retrace my steps, ... Adam Thompson
04:32 PM Bug #4060: SSL weirdness in redmine
That screenshot shows you're trying to connect to redmine.pfsense.com rather than redmine.pfsense.org. The certificat... Ross Williamson
12:57 PM Bug #4060 (Rejected): SSL weirdness in redmine
Pretty much just FYI...
When navigating to https://redmine.pfsense.org/ using Chrome Version 39.0.2171.65 (64-bit)... Adam Thompson
02:05 PM Feature #336: Option to create lagg under assign interfaces
Best procedure I've found so far:
Tools required:
1. A switch with at least two ports configured for 802.1Q-over-... Adam Thompson
01:40 PM Feature #336: Option to create lagg under assign interfaces
This is still an outstanding problem in 2.2-beta as of 20141201-1400 build... and it's a royal PITA to work around. Adam Thompson
01:20 PM Bug #3790: Input validation is too strict for IPv6 Prefix ID for Track Interface
A couple of additional items for this that need to be resolved...
- When the prefix selection box first appears, i... Anonymous
10:46 AM Bug #3894: OpenVPN client started multiple times when connecting to FQDN where connectivity to server is delayed
I understand that, and I will now go to all my site-to-site clients on 2.1.5 and turn on that setting so it carries o... Phillip Davis
10:30 AM Bug #3894: OpenVPN client started multiple times when connecting to FQDN where connectivity to server is delayed
You have an option resolve-retry-inifinite on the openvpn settings.
Use that to have it behave as before. Ermal Luçi
10:01 AM Bug #3894: OpenVPN client started multiple times when connecting to FQDN where connectivity to server is delayed
I have systems where the internet somewhere goes away quite regularly. The actual pfSense WAN interface to the upstre... Phillip Davis
10:26 AM pfSense Packages Bug #4059: library required by squid3 may be absent
I attempted a package install of squid3 (3.4.9_pkg 0.1). The install... John D
10:24 AM pfSense Packages Bug #4059 (Resolved): library required by squid3 may be absent
I attempted a package install of 3.4.9_1 pkg 0.1. The install proceeds, but the subsequent start of the squid3 servi... John D
09:32 AM Bug #4058 (Resolved): WAN interface configured as PPPoE not displaying properly in Interfaces box of Dashboard
When running 2.1, the dashboard displayed all the various interfaces as: interface, link status, link speed/duplex, i... John D
08:12 AM Bug #4057: [Cosmetic] ssh_tunnel_shell timer issues
I would assume that you either show hours, or show minutes, or, if you show both, make it so the format 'x hour and y... Anonymous
07:45 AM Bug #4057 (Rejected): [Cosmetic] ssh_tunnel_shell timer issues
It is showing hours and minutes in total.
It is not showing passesd hours and minutes.
If you do the math 1331 mi... Ermal Luçi
04:17 AM Bug #4057 (Rejected): [Cosmetic] ssh_tunnel_shell timer issues
The minute timer in the SSH-only banner is not decrementing the number of elapsed minutes based on the number of elap... Anonymous
08:01 AM Bug #3670: IPv6 DHCP-PD over PPPoE non functional + radvd core dump + solution
Can you confirm that dhcpv6 is running on top of pppoe? Ermal Luçi
06:08 AM Bug #3670: IPv6 DHCP-PD over PPPoE non functional + radvd core dump + solution
I believe this bug should be targeted against 2.2 Dmitriy K
12:27 AM pfSense Packages Todo #4029: Update phpsysinfo package
Chris Buechler wrote:
> if someone wants to fix it, they can. we're not going to.
Thank you for the info..
I t... Patrick Schmidt

12/01/2014

02:54 PM pfSense Packages Todo #4029 (Needs Patch): Update phpsysinfo package
if someone wants to fix it, they can. we're not going to. Chris Buechler
02:43 PM pfSense Packages Todo #4029 (Rejected): Update phpsysinfo package
phpsysinfo was removed from pfSense 2.2 and higher Renato Botelho
02:33 PM pfSense Packages Todo #4029: Update phpsysinfo package
Current version also doesn't work on pfSense 2.2 with php 5.5.x. Renato Botelho
02:33 PM Bug #4056 (Resolved): IKEv2 rekeying issues
adding a ticket for the IPsec rekeying issue we've been tracking the last few days. Appears to be this strongswan bug... Chris Buechler
12:43 PM Bug #4046 (Resolved): Invalid access-control.conf entry with certain IPv6 settings
Chris Buechler
10:11 AM pfSense Packages Feature #4055 (Rejected): Enable area authentication from GUI
I can not find how to enable "area 0.0.0.0 authentication" from the GUI for Services Quagga OSPFd Agustín Eijo
08:11 AM pfSense Packages Feature #4054: Package Country Block
OK, too bad. There is a reason this old version is still running : impossible to get a maintenance window with the cl... Julien Gormotte
06:58 AM pfSense Packages Feature #4054 (Rejected): Package Country Block
pfSense 1.2.3 is no longer supported, many packages have been broken there for quite some time. If packages are requi... Jim Pingle
06:17 AM pfSense Packages Feature #4054 (Rejected): Package Country Block
Hello,
You disabled the Country Block package saying :
"disable the old, unmaintained CountryBlock package that'... Julien Gormotte
02:35 AM Feature #4053 (Resolved): Make backup of RRD more efficient on using /var disk space
Commits have been made and make this happy.
Probably need to merge this in 2.1 branch that i am going to do now. Ermal Luçi
02:10 AM Feature #4053 (Resolved): Make backup of RRD more efficient on using /var disk space
On shutdown, the RRD data is all expanded from /var/db/rrd/*.rrd to /var/db/rrd/*.xml, then all the *.xml are put int... Phillip Davis

11/30/2014

01:15 AM Bug #3670: IPv6 DHCP-PD over PPPoE non functional + radvd core dump + solution
I can confirm that at least the first problem also exists in 2.2-BETA.
In shell, ifconfig gives me:... Furen Xiao

11/29/2014

06:38 AM Bug #4046: Invalid access-control.conf entry with certain IPv6 settings
I was on a build dated 11/25. It doesn't seem to be a problem on a newer build now, so it must have been something th... Anonymous
03:23 AM Bug #4041 (Resolved): Default gateway switching logic seems broken
Ermal Luçi
01:18 AM Bug #4041: Default gateway switching logic seems broken
This can be closed, Ermal fixed it in the latest snapshots. Anonymous
01:30 AM Bug #4048 (Resolved): cosmetic-only RRD error in logs on nano during boot
fixed Chris Buechler
01:12 AM Bug #3996 (Rejected): Solarflare NIC panic with LACP
Jim Thompson
01:11 AM Bug #3996: Solarflare NIC panic with LACP
Ermal is correct.
Check the contents of the patch against https://svnweb.freebsd.org/base/releng/10.1/sys/dev/sfxg... Jim Thompson
12:57 AM Feature #3916: IPsec status Overview tab no longer an overview

I tend to side with Ermal here.
More debugging (what you're calling "too noisy") is good.
I don't think there... Jim Thompson
12:53 AM Bug #2762: PF drops IPv6 packets with fragment header followed by a last fragment only

Jens,
If you look at that thread, Ermal has the fix in-hand.
IJS... Jim Thompson
 

Also available in: Atom