Activity

30 days up to

User

Subprojects

Activity

From 12/13/2014 to 01/11/2015

01/11/2015

11:21 PM Bug #4199: 2.1.5 to 2.2 system tunable default value issue: to replicate this, first copy the sysctl section from the attached config file to a 2.1.5 config file and then upgrad... Bipin Chandra
07:46 PM Bug #4199 (Feedback): 2.1.5 to 2.2 system tunable default value issue: this isn't true, most all configs have the sysctl items and the code that sets them reads their default value and set... Chris Buechler
10:41 AM Bug #4199 (Rejected): 2.1.5 to 2.2 system tunable default value issue: i noticed when u have a config which u have been upgrading since long and now from 2.1.5 to 2.2, the system tunable e... Bipin Chandra
10:15 PM Bug #4177 (Confirmed): Bug in OpenVPN user/pass auth: That's functionally equivalent to what I was trying, which seems like it should work and does fix at least part of th... Chris Buechler
09:50 AM Bug #4177: Bug in OpenVPN user/pass auth: Applied in changeset commit:30656f66407ab42c6f42e9552371090ca84165bb. Ermal Luçi
09:29 AM Bug #4177: Bug in OpenVPN user/pass auth: @Ermal - that fix only got applied to master. It needs to be in RELENG_2_2 also. Phillip Davis
09:57 PM Bug #4147 (Confirmed): IPsec - IPv4 Phase 1 using FQDN resolves to IPv6 IP: the changes in strongswan 5.2.2 that help some FQDN circumstances don't change anything in this case. Where "right" i... Chris Buechler
09:18 PM pfSense Packages Bug #4196: Squid 3.4 pid file can't be created: log file from squid.log. There are a few things going on here..
Squid is unable to bind to port 80 for reverse pro... Cino .
07:47 AM pfSense Packages Bug #4196 (Resolved): Squid 3.4 pid file can't be created: Please see post https://forum.pfsense.org/index.php?topic=84638.msg474780#msg474780
/var/run/squid.pid isn't being c... Cino .
07:51 PM Bug #4201 (Rejected): pfSense user passwords: cannot contain - or ! characters?: all characters are supported and work. Only way it reverts back is if the entire config reverts back, which would be ... Chris Buechler
04:29 PM Bug #4201 (Rejected): pfSense user passwords: cannot contain - or ! characters?: I was trying to set admin user passwords of the form "iodjf-oisdfj-123-oijdfs!-dsiofjs" with about 25 total chars
an... Eduard Rozenberg
07:49 PM pfSense Packages Bug #4059 (Resolved): library required by squid3 may be absent: fixed Chris Buechler
08:37 AM pfSense Packages Bug #4059: library required by squid3 may be absent: It looks like the problem originally reported in this issue has been resolved. Thank you, BB John D
02:02 AM pfSense Packages Bug #4059: library required by squid3 may be absent: Forgot to mention: Stopping service doesn't kill squid processes:
php-fpm[64022]: /status_services.php: The command ... Dmitriy K
01:59 AM pfSense Packages Bug #4059: library required by squid3 may be absent: I can confirm: Squid package is working. But looks like there is an another issue appeared: Squid package heats up my... Dmitriy K
07:48 PM Feature #4200 (Rejected): Would be great: config sync option to NOT sync user auth passwords: No, would not be great. That would never be a good idea. Chris Buechler
04:23 PM Feature #4200 (Rejected): Would be great: config sync option to NOT sync user auth passwords: Hello,
It would be great to have a new option to not sync passwords for auth users in config sync settings.
Cur... Eduard Rozenberg
03:40 PM Revision fd607d14: configured gitignore for eclipse, add clean.sh: Sjon Hortensius
03:38 PM Revision 7025c4fa: Remove debug code: Ermal Luçi
03:38 PM Revision 30656f66: Fixes #4177 convert password to base64 to be submitted to avoid issues with special chars in shell and HTTP GET parameter passing. Probably should add POST support to fcgicli.: Ermal Luçi
03:37 PM Revision 619aa26f: Remove debug code: Ermal Luçi
03:35 PM Revision 7c804c69: Some tweaks for global tpl considerations: * pkg_mgr* - removed icon-hrefs with actual buttons
* system - made labels shorter, added label in content column too... Sjon Hortensius
03:15 PM Revision 2d375e81: Fix cut paste brain fade: Phil Davis
03:09 PM Revision 8d848bdf: Do not return disabled dynamic gateways: When a dynamic gateway is disabled (by the user through the webGUI), it was still being returned by return_gateways_a... Phil Davis
02:24 PM Revision 8a07e316: Merge branch 'master' into bootstrap: Conflicts occured in copyright message (year-update) due to whitespace difference and themes/ which was removed Sjon Hortensius
02:01 PM Revision 41ea4cf3: implemented widget drag/drop on index + storage: replaced custom jquery-ui with default set of plugins Sjon Hortensius
01:03 PM Revision fc03ca01: Fix POST typo in interfaces_assign.php: Obviously a typo. But this section is inside:
if (isset($_POST['add_x']) && isset($_POST['if_add'])) {
and I cannot f... Phil Davis
01:03 PM Revision 6bdb02d3: Merge pull request #1432 from phil-davis/patch-2: Renato Botelho
12:55 PM Revision 3f6930f7: Fix POST typo in interfaces_assign.php: Obviously a typo. But this section is inside:
if (isset($_POST['add_x']) && isset($_POST['if_add'])) {
and I cannot f... Phil Davis
11:49 AM Feature #4194: Mass maintenance tools :-): On 2.2 there is a macro in the drop-down list for destination that is "This Firewall" which covers all IP addresses o... Jim Pingle
11:48 AM Feature #4194: Mass maintenance tools :-): Give my damaged brain some time, and it comes back to me (in the shower, this morning :D).
_(I seriously have brai... Hollander Hollander
08:24 AM pfSense Packages Bug #4198 (Resolved): lightsquid doesn't work, perl is missing: perl isn't correctly installed for lightsquid to work. Manually installing perl and adding a couple of symbiotic link... Cino .
08:17 AM pfSense Packages Bug #4197 (Resolved): squid 3.4 anti-virus feature not working: I haven't posted this on the forum yet but it looks like the symbiotic links aren't being created for the anti-virus ... Cino .

01/07/2015

11:48 PM Revision f8e23dc8: Fixes #4188 use the same reqid over same phase1 but different phase2 connections. The dashboard will be fixed with the ticket already open. This should fix a lot of instabilities reported on the forums for people having a dozen or more tunnels: Ermal Luçi
11:48 PM Revision 4a3ce17a: Fixes #4188 use the same reqid over same phase1 but different phase2 connections. The dashboard will be fixed with the ticket already open. This should fix a lot of instabilities reported on the forums for people having a dozen or more tunnels: Ermal Luçi
11:47 PM Bug #3657 (Resolved): Web Interface - Missing Static IPv6 /127 Subnet Prefix: this has been fixed in 2.2 Chris Buechler
11:42 PM Feature #4190 (Resolved): Support for RFC 3021, using 31-Bit Prefixes on IPv4 Point-to-Point Links: works.
related forum thread:
https://forum.pfsense.org/index.php?topic=83741.msg467113 Chris Buechler
11:40 PM Feature #4190 (Resolved): Support for RFC 3021, using 31-Bit Prefixes on IPv4 Point-to-Point Links: The back-end work for this was done a while back, but not exposed in the GUI as FreeBSD 8.x lacked support. An employ... Chris Buechler
11:39 PM Revision b17ac4f7: "Like with like" - move a few functions to better places in the code (they are placed strangely): A few functions such as ipcmp(), subnet_expand(), and check_subnets_overlap() are in illogical places - away from al... Stilez y
11:14 PM Bug #4004: CARP on HyperV: Testing isn't an issue, assign it to me once the patch is in. Chris Buechler
11:00 PM Bug #4004: CARP on HyperV: Assigning this to Ermal, as Microsoft has given us a patch.
(Testing is a whole different problem.)
If the patc... Jim Thompson
11:03 PM Bug #3790 (Resolved): Input validation is too strict for IPv6 Prefix ID for Track Interface: fixed Chris Buechler
09:31 PM Revision 0759fdd8: Correct the sense of the check by default unity is enabled: Ermal Luçi
09:31 PM Revision 7a959780: Correct the sense of the check by default unity is enabled: Ermal Luçi
09:07 PM Revision 4a076e36: Provide an advanced setting to be able to disable Unity Plugin(Cisco extensions): Ermal Luçi
09:06 PM Revision 845f9f78: Provide an advanced setting to be able to disable Unity Plugin(Cisco extensions): Ermal Luçi
08:59 PM Bug #4182 (Resolved): IPsec ipcomp is not supported with strongswan: that broke the conf files, but is now fine with the commits I just pushed. Chris Buechler
09:50 AM Bug #4182: IPsec ipcomp is not supported with strongswan: Applied in changeset commit:40cc36d165ebe44f423554e9bc411f17161fea3b. Ermal Luçi
09:50 AM Bug #4182 (Feedback): IPsec ipcomp is not supported with strongswan: Applied in changeset commit:45efe1b672f16a5c4b1e856f1deb2e55dde1c6e4. Ermal Luçi
09:18 AM Bug #4182 (Resolved): IPsec ipcomp is not supported with strongswan: With racoon compression is always enabled on the connection while with strongswan default value is to off.
Even th... Ermal Luçi
08:41 PM Bug #4188 (Resolved): IPSec SA requestid has limited range in FreeBSD: confirmed the new snapshot with this fix fixes the circumstances where we were seeing this. Chris Buechler
06:10 PM Bug #4188: IPSec SA requestid has limited range in FreeBSD: Applied in changeset commit:f8e23dc8c4f6c333621e4fb44e8fc1f3ef1dd60c. Ermal Luçi
06:10 PM Bug #4188 (Feedback): IPSec SA requestid has limited range in FreeBSD: Applied in changeset commit:4a3ce17a7e3926cce3bf2671965096db78f95932. Ermal Luçi
05:31 PM Bug #4188 (Confirmed): IPSec SA requestid has limited range in FreeBSD: Chris Buechler
05:29 PM Bug #4188 (Resolved): IPSec SA requestid has limited range in FreeBSD: FreeBSD allows up to ~16000 range of reqid on the SAs specified manually.
There are problems with the IPsec SA track... Ermal Luçi
08:27 PM Bug #4090 (Resolved): unbound advanced settings cause broken unbound.conf file: With Renato's steps I could replicate the issue. the base64 encoding works, and does fix it. Chris Buechler
08:05 PM Todo #4173 (Resolved): Web site cleanup - deprecated 512 MB images: Cleaned that up. The existing 512M systems out there will fail auto-update checks now, but they didn't upgrade succes... Chris Buechler
08:02 PM Revision 5324ea38: Move to specifically specifying the ID type apart when an ip address to have strongswan do proper behaviour. Also for DynDNS names use the dns type id so strongswan does the resolving by its own.: Ermal Luçi
08:02 PM Revision 1ada4c8c: Move to specifically specifying the ID type apart when an ip address to have strongswan do proper behaviour. Also for DynDNS names use the dns type id so strongswan does the resolving by its own.: Ermal Luçi
07:26 PM Revision 2f56ac49: Don't hard code the target IP in auto-generated outbound NAT rules, use: previous behavior of setting it to the interface IP. Chris Buechler
07:25 PM Revision b9f290bd: Don't hard code the target IP in auto-generated outbound NAT rules, use: previous behavior of setting it to the interface IP. Chris Buechler
07:22 PM Revision 3c364131: split is deprecated move to explode: Ermal Luçi
07:22 PM Revision f99f51a9: split is deprecated move to explode: Ermal Luçi
07:20 PM Revision ba0bc258: split is deprecated move to explode: Ermal Luçi
07:20 PM Revision f3ab0e74: split is deprecated move to explode: Ermal Luçi
07:18 PM Revision cc9b3e07: split is deprecated move to explode: Ermal Luçi
07:18 PM Revision ad451a81: split is deprecated move to explode: Ermal Luçi
07:16 PM Revision 9643058d: split is deprecated move to explode: Ermal Luçi
07:15 PM Revision 91456048: split is deprecated move to explode: Ermal Luçi
06:55 PM Bug #4185 (Rejected): error "macro IPsec not defined" caused by ipsec settings set to initiated from a carp-ip/interface: #4189 is actual root cause Chris Buechler
06:31 PM Bug #4185: error "macro IPsec not defined" caused by ipsec settings set to initiated from a carp-ip/interface: This one seems to be a side-effect of this a bogus url(IPs) alias like described here: https://redmine.pfsense.org/is... Pi Ba
04:30 PM Bug #4185 (Feedback): error "macro IPsec not defined" caused by ipsec settings set to initiated from a carp-ip/interface: the issue as described doesn't exist. There could be some unusual edge case but I don't see how, our test environment... Chris Buechler
02:06 PM Bug #4185 (Rejected): error "macro IPsec not defined" caused by ipsec settings set to initiated from a carp-ip/interface: error "macro IPsec not defined" caused by ipsec connection initiated from a carp-ip/interface
on reboot (and rando... Pi Ba
06:49 PM Revision 3add5b2d: fix text: Chris Buechler
06:48 PM Revision 2a8a09a9: fix text: Chris Buechler
06:47 PM Revision d2884b9a: fix spelling of compression: Chris Buechler
06:47 PM Revision e57a3e40: fix spelling of compression: Chris Buechler
06:09 PM Bug #4189 (Resolved): url(IPs) alias not loading correctly.: url alias with ip's not loading correctly.
01-08-15 01:05:28 [ There were error(s) loading the rules: /tmp/rules.d... Pi Ba
04:56 PM Bug #4187 (Rejected): dhcpv6 client settings override system defaults: The checkbox to disable IPv6 only blocks all IPv6. If you leave IPv6 enabled elsewhere, it'll block it, and cause thi... Chris Buechler
04:40 PM Bug #4187 (Rejected): dhcpv6 client settings override system defaults: Hi,
It's my first bugreport here, so please be gentle.
I noticed routing system logs (system logs -> routing) g... Pedro Caetano
04:50 PM Feature #3916 (Assigned): IPsec status Overview tab no longer an overview: Jim Thompson
04:25 PM Bug #4186 (Confirmed): VLANs on lagg not configurable with FEC, LB and RR modes: Thanks, that's what I was wondering. It's 3 of the modes where lagg stops reporting itself as VLAN-capable. Chris Buechler
04:17 PM Bug #4186: VLANs on lagg not configurable with FEC, LB and RR modes: To be more precise: The drop down boxes on interface_vlan_edit.php only show igb0 to igb3, but not lagg0. Ron Hubert
04:15 PM Bug #4186: VLANs on lagg not configurable with FEC, LB and RR modes: For me it is not possible to create a vlan tag on top of the lagg0 interface. I am currently investigating /etc/inc/i... Ron Hubert
03:47 PM Bug #4186 (Feedback): VLANs on lagg not configurable with FEC, LB and RR modes: what do you mean it doesn't allow you to create tagged interfaces on the lagg? That works fine, we have several syste... Chris Buechler
02:39 PM Bug #4186 (Resolved): VLANs on lagg not configurable with FEC, LB and RR modes: Hi,
i created different variants (simple virtualbox (3× pcn, 3x em), lanner 7535 (6x EM), supermicro c2758 board (6x... Ron Hubert
03:39 PM Bug #4146 (Resolved): OpenVPN tap interfaces are down after boot: fixed Chris Buechler
05:40 AM Bug #4146: OpenVPN tap interfaces are down after boot: Applied in changeset commit:4ab1ffa0b042e4fda87d66de2fd74a1e6db48272. Renato Botelho
05:40 AM Bug #4146 (Feedback): OpenVPN tap interfaces are down after boot: Applied in changeset commit:d4e894f6a6f464fd00e39356a23586f8420b31af. Renato Botelho
03:35 PM Revision 40cc36d1: Fixes #4182 by properly managing IPcomp on ipsec tunnels.: Also retires IPsec force reloading advanced sysctl since its useless nowdays with strongswan and remove its call on r... Ermal Luçi
03:33 PM Revision 45efe1b6: Fixes #4182 by properly managing IPcomp on ipsec tunnels.: Also retires IPsec force reloading advanced sysctl since its useless nowdays with strongswan and remove its call on r... Ermal Luçi
03:06 PM Bug #4178: IPsec leftsubnet changed to 0.0.0.0 with Cisco unity plugin active: Pushed a sysctl to be able to disable unity plugin as a workaround. Ermal Luçi
01:54 PM Bug #4184 (Rejected): Disable SMTP Notifications: The box does what it's intended to do. It disables sending firewall _notifications_ via SMTP. Other subsystems may by... Jim Pingle
01:50 PM Bug #4184: Disable SMTP Notifications: It looks like /etc/inc/notices.inc function notify_via_smtp() correctly checks the disabled setting, so anything that... Phillip Davis
01:04 PM Bug #4184 (Rejected): Disable SMTP Notifications: In SYSTEM>ADVANCED>NOTIFICATIONS>SMTP E-Mail, even selecting the "Disable SMTP Notifications" option, still keeps sen... Wendell Borges
12:55 PM Bug #4148: gen_subnet returns incorrect result for IPv6: Thanks gen_subnet() is fixed, however issue #4141 still exists as ip_in_subnet(11.22.33.5,abcd::/64) needs fixing to. Pi Ba
12:17 AM Bug #4148 (Resolved): gen_subnet returns incorrect result for IPv6: fixed Chris Buechler
12:55 PM Bug #4183: Dashboard System Information CPU bar at 100% when actually idle: FYI, I investigated further and found it was the Chrome Add-on AdBlock that was causing the CPU bar to remain on pend... Ketan Shah
12:40 PM Bug #4183 (Rejected): Dashboard System Information CPU bar at 100% when actually idle: that's not showing 100%, that's what it shows before it updates at all (that's showing "pending" essentially). Chris Buechler
12:38 PM Bug #4183: Dashboard System Information CPU bar at 100% when actually idle: That's not a "full red bar" - see the stripes there. Means the graph is still loading (takes 10 secs to settle). Kill Bill
12:27 PM Bug #4183 (Rejected): Dashboard System Information CPU bar at 100% when actually idle: The Dashboard - System Information shows CPU with full red bar - implying 100% CPU usage but numerical value under th... Ketan Shah
11:24 AM Revision 4ab1ffa0: Fix #4146:: OpenVPN create the tun/tap interface and, when set an IP address to
it, mark it as UP. In some scenarios, when TAP is... Renato Botelho
11:11 AM Revision d4e894f6: Fix #4146:: OpenVPN create the tun/tap interface and, when set an IP address to
it, mark it as UP. In some scenarios, when TAP is... Renato Botelho
08:55 AM Bug #4181 (Rejected): Two OpenVPN Server, Client Export only works only for one: Unlikely to be a problem in the export package. Please post in the forum for discussion until a bug is confirmed. Jim Pingle
08:52 AM Bug #4181 (Rejected): Two OpenVPN Server, Client Export only works only for one: When i have 2 OpenVPN Server on PFsense 2.2 and Client Export only shows the Export for the first Server.
DropDown "... Mike Anderl
07:50 AM Bug #4164: IPsec dashboard status wrong for connections with multiple P2s: I'm one of the people initially have this issue:
https://forum.pfsense.org/index.php?topic=86056.msg472022#msg472022... Eskild Skaar
05:52 AM Bug #4164 (Feedback): IPsec dashboard status wrong for connections with multiple P2s: I do not think is anymore an issue now that the connections with multiple phase2 on IKEv1 get split on their own conn... Ermal Luçi
07:47 AM Feature #3633: OpenVPN client's "Client Certificate" should be optional: Hi, Is anyone going to pull this into master for 2.2?
Thanks Marcus Brown
06:53 AM Revision be2d7eb7: Log PHP errors. Ticket #4143: Chris Buechler
06:47 AM Revision 19c8976b: Log PHP errors. Ticket #4143: Chris Buechler
12:53 AM Bug #4143 (Resolved): After firmware upgrade it keeps saying "Packages are currently being reinstalled in the background." for no apparent reason.: the original had a couple issues that I noted as comments in the comment, and Renato added one there as well. I imple... Chris Buechler
12:33 AM Bug #4163 (Resolved): upgraded configs missing <iketype>: works Chris Buechler
12:30 AM Todo #4073 (Resolved): Validate bogon update failure handling: what we now have is a good balance between not DDoSing ourselves and not giving up too easily. Chris Buechler
12:21 AM Bug #3910 (Resolved): Cannot set advskew back to 0: works Chris Buechler
12:05 AM Feature #4179: Driver oce is missing from 2.2 RC: this kind of thing seems simple enough, but adding a device can have fallout. For 2.2, you can copy over the ko and k... Chris Buechler
12:04 AM Bug #4069 (Confirmed): cookie_test causes false positives in vulnerability scanners: this exhibits the behavior I was seeing in a fix I attempted, then got sidetracked on other things after not quickly ... Chris Buechler

01/06/2015

09:54 PM Revision 9b182b08: Enforce subnet check here to avoid any issues resulting from function call.: Ermal Luçi
09:54 PM Revision 00b56e04: Enforce subnet check here to avoid any issues resulting from function call.: Ermal Luçi
08:55 PM Revision c8d87d2a: Remove useless check, CARP does not depend of interface having another IP set before: Renato Botelho
08:54 PM Revision b5686214: Remove useless check, CARP does not depend of interface having another IP set before: Renato Botelho
07:18 PM Bug #4174: multi-WAN IPsec uses wrong interface at times: the specific issue is the "pass out" isn't getting routed out via the correct interface. As responder it's fine, as i... Chris Buechler
07:07 PM Bug #4174: multi-WAN IPsec uses wrong interface at times: test setup details on the IPsec test list wiki page Chris Buechler
05:17 PM Revision 3ffea319: Remove some extra spaces: Renato Botelho
05:17 PM Revision d9db4862: Fix typo on variable name: Renato Botelho
05:17 PM Revision 374b2f21: Tighten and IPv6-ify gen_subnet() etc: Tightens, canonicalises and improves for IPv6, the functions
gen_subnet(), gen_subnetv6(), gen_subnet_max(), gen_subn... Stilez y
05:16 PM Revision 3bad4691: Remove some extra spaces: Renato Botelho
05:15 PM Revision 3f499654: Fix typo on variable name: Renato Botelho
05:14 PM Revision e89d2995: Tighten and IPv6-ify gen_subnet() etc: Tightens, canonicalises and improves for IPv6, the functions
gen_subnet(), gen_subnetv6(), gen_subnet_max(), gen_subn... Stilez y
02:22 PM Revision 0bd024d0: OpenVPN backend authentication fix key and translation: The array returned by auth_get_authserver_list() has key as the fixed name of each available authentication mode - e.... Phil Davis
02:22 PM Revision 06cb724b: Merge pull request #1422 from phil-davis/patch-1: Renato Botelho
01:44 PM Revision d8540659: Revert "FreeBSD fails to set advskew back to 0 after you set it to any other": A patch was added to allow set advskew back to 0
This reverts commit eea2ad5d61b2cbcf2957207fb0f13769c203cb36. Renato Botelho
01:44 PM Revision 57f58894: Revert "FreeBSD fails to set advskew back to 0 after you set it to any other": A patch was added to allow set advskew back to 0
This reverts commit eea2ad5d61b2cbcf2957207fb0f13769c203cb36. Renato Botelho
12:01 PM Revision b785a40b: Add secure flag when necessary to cookie_test, as we do for session cookie, to avoid false positives in common vulnerabilities scanners. It fixes #4069: Renato Botelho
12:00 PM Revision 39c50234: Add secure flag when necessary to cookie_test, as we do for session cookie, to avoid false positives in common vulnerabilities scanners. It fixes #4069: Renato Botelho
11:18 AM Bug #4148 (Feedback): gen_subnet returns incorrect result for IPv6: Pull request has been merged. Renato Botelho
08:28 AM Bug #4148: gen_subnet returns incorrect result for IPv6: Chris Buechler wrote:
> stilez has an ICLA on file now so we can merge that. It looks fine to me, to Ermal for revie... Renato Botelho
09:43 AM Feature #4176: Add support for SMTP authentication mechanisms: I targeted it to 2.2.1, it'll be committed to RELENG_2_2 after 2.2 is released, and a gitsync will bring it to 2.2. I... Renato Botelho
08:42 AM Feature #4176: Add support for SMTP authentication mechanisms: Hi,
Not a huge issue, just trying to understand - so this won't be included in the near future? Only asking becaus... Russell Morris
08:34 AM Feature #4176: Add support for SMTP authentication mechanisms: Provide a better description and move it to future since we are in RC Renato Botelho
08:29 AM Bug #4180 (Feedback): OpenVPN Backend for authentication field does not process in other languages: Merged, thanks! Renato Botelho
07:48 AM Bug #3910 (Feedback): Cannot set advskew back to 0: Should be ok on next snapshots Renato Botelho
06:10 AM Bug #4069: cookie_test causes false positives in vulnerability scanners: Applied in changeset commit:b785a40bac3b2aeee993fd3302eff7e781654586. Renato Botelho
06:10 AM Bug #4069 (Feedback): cookie_test causes false positives in vulnerability scanners: Applied in changeset commit:39c502347d5a87a2376f74b912c1281ba79131ee. Renato Botelho
01:42 AM Revision 91454850: OpenVPN backend authentication fix key and translation: The array returned by auth_get_authserver_list() has key as the fixed name of each available authentication mode - e.... Phil Davis

01/05/2015

08:07 PM Bug #4174: multi-WAN IPsec uses wrong interface at times: I'm testing on a production system where I've been looking into a separate IPsec issue as well. Now setting up a test... Chris Buechler
07:41 PM Bug #4180: OpenVPN Backend for authentication field does not process in other languages: Proposed fix: https://github.com/pfsense/pfsense/pull/1422 Phillip Davis
07:40 PM Bug #4180 (Resolved): OpenVPN Backend for authentication field does not process in other languages: Forum: https://forum.pfsense.org/index.php?topic=86326.0
The code is using the text of the translated name to try an... Phillip Davis
06:57 PM Revision 055bd1ee: Allow IPv6 on loopback needs quick: The following block uses "quick" which causes that block to come into effect before the "pass in" here. The pass rule... Phil Davis
06:57 PM Revision 386788e2: Merge pull request #1419 from phil-davis/patch-2: Chris Buechler
06:56 PM Revision 91a84a26: Limit unbound so-rcvbuf: 8m: Issue reported here: https://forum.pfsense.org/index.php?topic=78356.msg472781#msg472781
Most unbound doc places ment... Phil Davis
06:56 PM Revision 6d8dadb5: Merge pull request #1420 from phil-davis/patch-3: Chris Buechler
05:44 PM Revision cfb5073f: Fix #4090:: - Unbound advanced options may contain double quotes and it breaks the
syntax when a backup is restored because newli... Renato Botelho
05:41 PM Revision 0a23cddc: Fix #4090:: - Unbound advanced options may contain double quotes and it breaks the
syntax when a backup is restored because newli... Renato Botelho
02:58 PM Revision 24149c31: It's supposed to remove windows EOL here, not ;: Renato Botelho
02:58 PM Revision 7f5c2669: Make it possible to backup/restore 'DNS Resolver' section individually: Renato Botelho
02:57 PM Revision fbf3d06e: It's supposed to remove windows EOL here, not ;: Renato Botelho
02:57 PM Revision fb130335: Make it possible to backup/restore 'DNS Resolver' section individually: Renato Botelho
02:15 PM Feature #4179 (Closed): Driver oce is missing from 2.2 RC: The driver oce (oce.ko) to support Emulex 10 GE NICs is missing from pfSense 2.2 RC but available and working in Free... Christoph Erdle
02:10 PM Bug #4178 (Resolved): IPsec leftsubnet changed to 0.0.0.0 with Cisco unity plugin active: Under some circumstance we haven't exactly narrowed down yet, having the Cisco unity plugin enabled in strongswan cau... Chris Buechler
01:17 PM Revision 62403377: Do not monitor a gateway that has not got DHCP yet: When an interface is waiting to get DHCP, but the cable is physically-electrically connected to the upstream device, ... Phil Davis
01:16 PM Revision fd9b1512: Merge pull request #1414 from phil-davis/patch-1: Renato Botelho
11:50 AM Bug #4090: unbound advanced settings cause broken unbound.conf file: Applied in changeset commit:cfb5073f83fa80e5b40476b12ea91ff5114c60fc. Renato Botelho
11:50 AM Bug #4090 (Feedback): unbound advanced settings cause broken unbound.conf file: Applied in changeset commit:0a23cddced057d929c53f3ad1e5d6898a3fada50. Renato Botelho
09:57 AM Bug #4090 (Confirmed): unbound advanced settings cause broken unbound.conf file: Confirmed. Steps to reproduce on 2.2:
* Configure DNS Resolver Advanced Options with the following content... Renato Botelho
08:06 AM Bug #4090: unbound advanced settings cause broken unbound.conf file: Jim P wrote:
> Any chance we could get the exact config.xml section that exhibited the problem?
Attached is the f... Vick Khera
10:26 AM Bug #4175 (Rejected): kernel panic when loading run driver for RT3070: please replicate on stock FreeBSD 10.1 and report upstream Chris Buechler
09:20 AM Feature #4176: Add support for SMTP authentication mechanisms: Confirmed that pull request 1421 code is working for the user in forum: https://forum.pfsense.org/index.php?topic=862... Phillip Davis
08:36 AM Bug #4177: Bug in OpenVPN user/pass auth: For instance if the password ends with a + Anonymous
08:34 AM Bug #4177: Bug in OpenVPN user/pass auth: I think Ermal was fixing some of that. Give an example of final char/s that still do not work on latest snapshots - t... Phillip Davis
07:18 AM Bug #4177 (Resolved): Bug in OpenVPN user/pass auth: As stated in https://forum.pfsense.org/index.php?topic=85311
OpenVPN user/pass auth fails if passwords end on spec... Anonymous
07:59 AM Bug #3910 (Assigned): Cannot set advskew back to 0: After the fix is pushed, revert commit:eea2ad5d Renato Botelho
07:58 AM Bug #4116 (Resolved): IP Alias VIPs using CARP VIP as their interface are not properly deactivated for temporary CARP disable: The bug described in this ticket is resolved. The maintenance mode issue will be fixed when #3910 fix is pushed and c... Renato Botelho
07:14 AM Bug #4094 (Feedback): Gateway Status can report Online when gateway is waiting for DHCP: Pull request merged Renato Botelho
02:37 AM pfSense Packages Feature #3685: haproxy listener ip from alias: Hi,
I had added before this feature to the my own haproxy.
Thanks for the feature. Atıf CEYLAN

01/04/2015

08:30 PM Bug #4172 (Resolved): Diag Test Port does not allow blank source port: works, thanks Chris Buechler
08:28 PM Bug #3558 (Resolved): Schedule States in System - Advanced - Misc not working: the original issue here is fixed, and this looks to work fine in general.
Richard: if you can re-test with 2.2 an... Chris Buechler
06:36 PM Bug #4174: multi-WAN IPsec uses wrong interface at times: Do you have a test case setup?
When you do, let's assign this to Ermal. Jim Thompson
06:32 PM Feature #4176: Add support for SMTP authentication mechanisms: I'm not sure how to test this. (I don't want an Office365 Mail account.) Jim Thompson
10:34 AM Feature #4176: Add support for SMTP authentication mechanisms: Proposed implementation of this: https://github.com/pfsense/pfsense/pull/1421
It works for me on a mail server that ... Phillip Davis
07:24 AM Feature #4176 (Resolved): Add support for SMTP authentication mechanisms: This may apply to more than Office365 mail, but it does impact this mail system for sure. Details (and the fix) are a... Russell Morris
04:37 PM Revision 305856e8: Support for Office365 Mail: https://redmine.pfsense.org/issues/4176
Allow the user to choose SMTP authentication mechanism PLAIN or LOGIN.
For ex... Phil Davis
04:33 PM Revision c4249322: Support choice of SMTP Authentication Mechanisms: https://redmine.pfsense.org/issues/4176
I have left some documentation here of other mechanisms that someone might ca... Phil Davis
03:19 PM Revision 4708c6f0: Limit unbound so-rcvbuf: 8m: Issue reported here: https://forum.pfsense.org/index.php?topic=78356.msg472781#msg472781
Most unbound doc places ment... Phil Davis
02:32 PM Revision c876b212: Allow IPv6 on loopback needs quick: The following block uses "quick" which causes that block to come into effect before the "pass in" here. The pass rule... Phil Davis
01:59 PM Revision f79f9497: completed confbak and backup/restore: Sjon Hortensius
12:27 PM pfSense Packages Feature #3685: haproxy listener ip from alias: I've included some ability to use aliases, and add multiple ip's in 1 frontend. Does this satisfy your needs? Pi Ba
12:23 PM pfSense Packages Feature #3583: haproxy-devel: individual backend for each acl: Using the 'shared frontends' its possible to define acl's for different backends, this should allow for 'most' common... Pi Ba
11:57 AM Revision 7d5b007c: initial drag/drop WIP, working on backup/restore page: Sjon Hortensius
08:29 AM Bug #4074: Status NTP does not display any result if IPv6 Allow is off: Well noted Andy, the pass was not having effect. It needs "quick" on that pass rule.
Pull request: https://github.co... Phillip Davis
07:45 AM Bug #4018: several packages not looking in pbi dir for files: And some updates for apcupsd (hope this info helps!).
Thanks!
Russell Morris
07:27 AM Bug #4018: several packages not looking in pbi dir for files: Hi,
Hopefully this is helpful info, but here is another package that still need a minor / slight correction (detai... Russell Morris

01/03/2015

10:37 PM Bug #4175 (Rejected): kernel panic when loading run driver for RT3070: I get a kernel panic whenever trying to load the run wireless driver on the 2.2-RC i386 snapshots:
<118>Configurin... William Eshagh
10:28 PM Bug #4074: Status NTP does not display any result if IPv6 Allow is off: I'm still seeing IPv6 lo traffic blocked in the Fri Jan 02 14:50:21 CST 2015 2.2-RC build. Screenshot attached and ex... Andy Sayler
05:33 AM Feature #4133: Add GUI setting for VLANs PCP: I just realized that the blob in the git diff regarding configuration compatibility has a few missing brackets. I gue... Clement Barnier

01/02/2015

05:36 PM Bug #4174 (Resolved): multi-WAN IPsec uses wrong interface at times: Still quantifying exactly what's happening here, it's hit and miss. Some ISAKMP and/or ESP traffic ends up following ... Chris Buechler
03:20 PM Todo #4173 (Resolved): Web site cleanup - deprecated 512 MB images: In the pfsense IRC channel last night, someone was having problems with the 512 MB images in
http://updates.pfsens... Criggie .
03:07 PM Revision 5a158a29: Fix track6 prefix id range check, reported by jimp: Renato Botelho
03:07 PM Revision eef5aeeb: Fix track6 prefix id range check, reported by jimp: Renato Botelho
11:25 AM Revision 8c46314c: Allow blank source port in diag_testport: Reported by forum https://forum.pfsense.org/index.php?topic=86146.0
Also, if there are input validation errors, save ... Phil Davis
11:24 AM Revision 9fd02f60: Merge pull request #1418 from phil-davis/patch-2: Renato Botelho
10:49 AM Revision a3c9510c: Allow blank source port in diag_testport: Reported by forum https://forum.pfsense.org/index.php?topic=86146.0
Also, if there are input validation errors, save ... Phil Davis
09:44 AM Bug #3790 (Feedback): Input validation is too strict for IPv6 Prefix ID for Track Interface: Should be fixed by commit:5a158a29698405a1d3ee759dcbf9a95f9150e12e Renato Botelho
08:52 AM Bug #3790 (Confirmed): Input validation is too strict for IPv6 Prefix ID for Track Interface: Seems to break when WAN is set to a /64 delegation. Saving LAN with an ID of 0 is rejected, though it is valid. Jim Pingle
08:50 AM pfSense Packages Bug #3729 (Feedback): Bacula-client Services not running: Applied in changeset commit:22c884d104498547356e6144b6a0c22300085b22. Renato Botelho
08:06 AM pfSense Packages Bug #3729: Bacula-client Services not running: Can confirm this still exists in 2.1.5. Anonymous
05:45 AM Bug #4172 (Feedback): Diag Test Port does not allow blank source port: Merged Renato Botelho
05:04 AM Bug #4172: Diag Test Port does not allow blank source port: Proposed fix https://github.com/pfsense/pfsense/pull/1418 Phillip Davis
05:03 AM Bug #4172 (Resolved): Diag Test Port does not allow blank source port: Leaving the source port blank results in a warning that the source port should either be valid or left blank.
Report... Phillip Davis
05:14 AM Bug #4159 (Resolved): 2.2 amd64 nsupdate broken: [2.2-RC][root@pfs22amd64.home]/root: ldd /usr/local/bin/nsupdate
/usr/local/bin/nsupdate:
libreadline.so.6 => /usr... Renato Botelho
04:07 AM pfSense Packages Bug #4078 (Resolved): NUT fails to start with USB: Renato Botelho
01:53 AM Bug #3886: (TurkishLanguage) After the firewall rule for example (lan rule) does not come "Apply Button": https://forum.pfsense.org/index.php?topic=78795.0 miraç öztürk
12:21 AM Bug #4095: Unbound config not regenrated on WAN-style interface acquiring IP address: fixed Bipin Chandra

01/01/2015

09:15 PM pfSense Packages Bug #4078: NUT fails to start with USB: This issue can be closed. It is addressed by 4118. Denny Page
05:42 PM Bug #1974: Captive Portal RADIUS accounting bytes wrong: should be accurate on 2.2, I don't recall for sure on 2.1.5. Chris Buechler
05:06 AM Bug #1974: Captive Portal RADIUS accounting bytes wrong: This problem seems to still exist on 2.1.5-RELEASE (amd64). The radius accounting logs say the amount of data used ov... Mikael K
05:39 PM Bug #4169 (Resolved): IPsec NAT address to address using nat instead of binat: fixed Chris Buechler
05:39 PM Bug #4170 (Rejected): Gateway monitoring ip set results in all traffic going to that ip from that gateway: that's how things have to work. Traffic from clients in those circumstances should be hitting rules specifying gatewa... Chris Buechler
12:16 AM Bug #4170: Gateway monitoring ip set results in all traffic going to that ip from that gateway: discussed here
https://forum.pfsense.org/index.php?topic=85059.0 Bipin Chandra
12:15 AM Bug #4170 (Rejected): Gateway monitoring ip set results in all traffic going to that ip from that gateway: when u set a gateway monitoring IP, it results in all traffic going out of that gateway only, it would be better if o... Bipin Chandra
03:19 PM Feature #4171 (Resolved): Allow for one rule to apply to both ipv6 and ipv4 to allow all protocols.: Spawned from a question posted to twitter by me:... Jorge Schrauwen
12:13 PM Revision 6317d31d: Fix lineup of copyright lines: and module names and other bits of formatting and typos in header
comment sections. Phil Davis
12:13 PM Revision d4b2cd35: Remove duplicate copyright: Noticed these had the copyright twice Phil Davis
12:12 PM Revision 0e25a6b9: Merge pull request #1416 from phil-davis/Copyright-format: Renato Botelho
12:12 PM Revision 183c08d1: Merge pull request #1415 from phil-davis/copyright-dup: Renato Botelho
09:26 AM Revision ce77a9c4: Fix lineup of copyright lines: and module names and other bits of formatting and typos in header
comment sections. Phil Davis
07:15 AM Bug #4143: After firmware upgrade it keeps saying "Packages are currently being reinstalled in the background." for no apparent reason.: FYI, i did send a new pull request https://github.com/pfsense/pfsense/pull/1403 as the other one was closed. Pi Ba
03:10 AM Revision 7f696ba0: Remove duplicate copyright: Noticed these had the copyright twice Phil Davis

12/31/2014

10:18 PM Revision 1d709219: Use binat, not nat, where IPsec NAT is configured with an address for local and NAT. Ticket #4169: Chris Buechler
10:17 PM Revision d6726bcb: Use binat, not nat, where IPsec NAT is configured with an address for local and NAT. Ticket #4169: Chris Buechler
06:22 PM Revision d961e7e3: Welcome 2015: Renato Botelho
06:22 PM Revision ed2d1343: Welcome 2015: Renato Botelho
05:24 PM Revision 2d793d01: Do not monitor a gateway that has not got DHCP yet: When an interface is waiting to get DHCP, but the cable is physically-electrically connected to the upstream device, ... Phil Davis
04:20 PM Bug #4169 (Feedback): IPsec NAT address to address using nat instead of binat: looks to be fixed, leaving for further testing Chris Buechler
03:58 PM Bug #4169 (Resolved): IPsec NAT address to address using nat instead of binat: Where the NAT on a P2 is from an address to an address, the NAT rule is wrongly added as "nat" rather than "binat".
... Chris Buechler
04:14 PM Bug #4095 (Resolved): Unbound config not regenrated on WAN-style interface acquiring IP address: thanks Phil. Yeah v6 goes through the same thing, it worked fine as well. Chris Buechler
12:58 AM Bug #4095: Unbound config not regenrated on WAN-style interface acquiring IP address: Note: I have only tested with IPv4. But I presume the same problem, test case and resolution should work for IPv6 in ... Phillip Davis
12:57 AM Bug #4095: Unbound config not regenrated on WAN-style interface acquiring IP address: Tested by:
Test system with WAN connected to a local LAN through a switch, switch uplinked to a production pfSense t... Phillip Davis
02:54 PM Revision 16a0f334: Add config upgrade code to make sure iketype is set, bump config version to 11.4. It fixes #4163: Renato Botelho
02:54 PM Revision 368d4910: Add config upgrade code to make sure iketype is set, bump config version to 11.4. It fixes #4163: Renato Botelho
02:27 PM Revision c95bb533: libreadline.so.6 is not supposed to be obsoleted, fixes #4159: Renato Botelho
02:26 PM Revision 7cb2ebe7: libreadline.so.6 is not supposed to be obsoleted, fixes #4159: Renato Botelho
11:31 AM Bug #3932: Captive portal with greater than 9000 permanent MAC addresses causes timeout in loading CP: Target version set back to 2.2.
The issue is that it's slow.
I made an assignment yesterday. I'm restoring it ... Jim Thompson
02:12 AM Bug #3932: Captive portal with greater than 9000 permanent MAC addresses causes timeout in loading CP: 2.2 doesn't run out of memory doing this, so the problem as it existed in earlier versions is gone (probably with the... Chris Buechler
11:23 AM Bug #4094: Gateway Status can report Online when gateway is waiting for DHCP: Got annoyed about my DynDNS status attached to a gateway group showing the IP address in red, and realised it was a d... Phillip Davis
09:09 AM pfSense Packages Bug #4168: bandwithd result pages are public accessible: Well, in that case you should at least put a big fat warning on the docs. I am new to pfSense and when I add a module... Oliver Welter
07:49 AM pfSense Packages Bug #4168 (Rejected): bandwithd result pages are public accessible: That is a known issue with all add-on packages which include their own web interfaces. Unless they have their own pro... Jim Pingle
05:28 AM pfSense Packages Bug #4168 (Rejected): bandwithd result pages are public accessible: The result pages produced by bandwithd can be accessed without a login when knowing the url (which does not contain a... Oliver Welter
09:00 AM Bug #4163: upgraded configs missing <iketype>: Applied in changeset commit:16a0f33446b3fffc6783803fad56f3b71eceb78c. Renato Botelho
09:00 AM Bug #4163 (Feedback): upgraded configs missing <iketype>: Applied in changeset commit:368d491073eecbb3ff89e016c4308ca5bad86860. Renato Botelho
08:30 AM Bug #4159: 2.2 amd64 nsupdate broken: Applied in changeset commit:c95bb5333cc5dfdc23fc1999ba9ac4935190eea5. Renato Botelho
08:30 AM Bug #4159 (Feedback): 2.2 amd64 nsupdate broken: Applied in changeset commit:7cb2ebe7550ca328661ec12f380d4dc43b71dd30. Renato Botelho
08:02 AM Revision 3cf56fb0: Allow IPv6 on loopback even where IPv6 is otherwise disabled. The intent of that feature is to prevent IPv6 from communicating on the network. Blocking it on localhost can result in issues and is unnecessary. Ticket #4074: Chris Buechler
08:00 AM Revision 4270d983: Allow IPv6 on loopback even where IPv6 is otherwise disabled. The intent of that feature is to prevent IPv6 from communicating on the network. Blocking it on localhost can result in issues and is unnecessary. Ticket #4074: Chris Buechler
05:14 AM Revision 36dbc3ae: Reload Unbound after IP changes, to fix issues noted in Ticket #4095. Do so before Dynamic DNS updates occur to ensure the host has functioning DNS.: Chris Buechler
05:10 AM Revision 1c84a5f1: Reload Unbound after IP changes, to fix issues noted in Ticket #4095. Do so before Dynamic DNS updates occur to ensure the host has functioning DNS.: Chris Buechler
03:53 AM Bug #2882: 6RD not working in latest snapshots: I've been trying to get this working for a week now with no success. I have the latest (as of tonight) snapshot inst... Jarom Hatch
03:29 AM pfSense Packages Bug #4167 (Resolved): Lightsquid package does not remove crontab entries: When removing the Lightsquid package, it did not remove the crontab entries, removing the package should not do this?... Wendell Borges
02:43 AM Revision 1142d9a0: IPsec Widget allow for old settings that have no iketype: as mentioned in https://forum.pfsense.org/index.php?topic=84527.msg471919#msg471919
This change makes it work like si... Phil Davis
02:42 AM Revision 7b43825e: Merge pull request #1412 from phil-davis/patch-2: Chris Buechler
02:41 AM Bug #4146: OpenVPN tap interfaces are down after boot: there is a test case for this on 22vpntest. The tap interfaces are missing "UP" in flags. ... Chris Buechler
02:40 AM Revision 6e26b9c5: Allow for old settings that have no iketype: This bit of code looks like it could do with the same test as https://github.com/pfsense/pfsense/pull/1412
This is ex... Phil Davis
02:40 AM Revision 55dec416: Merge pull request #1413 from phil-davis/patch-3: Chris Buechler
02:34 AM Bug #3790: Input validation is too strict for IPv6 Prefix ID for Track Interface: to me for review Chris Buechler
02:12 AM Revision c8c4520a: Only set route-to and reply-to on ESP and ISAKMP rules if the remote endpoint is not within the parent interface's subnet. Ticket #4157: Chris Buechler
02:11 AM Revision a7f2eea8: Only set route-to and reply-to on ESP and ISAKMP rules if the remote endpoint is not within the parent interface's subnet. Ticket #4157: Chris Buechler
02:00 AM Bug #3996: Solarflare NIC panic with LACP: not something we'll be able to get fixed in 2.2. needs testing and reporting upstream, not something I can make a pri... Chris Buechler
01:58 AM Bug #4074 (Resolved): Status NTP does not display any result if IPv6 Allow is off: As a general fix for the issue of blocking v6 to loopback, I went ahead and committed a change to pass v6 on loopback... Chris Buechler
01:43 AM Bug #4155 (Feedback): ntpd crashes on 32 bit with dynamic WAN reconnections and OpenVPN client configured: This seems to be limited impact. 32 bit is minority, and it's an unusual circumstance. I can't seem to replicate it e... Chris Buechler
01:26 AM Bug #4070 (Resolved): Vulnerability SSL Weak Ciphers: SSLv3 was disabled already in 2.2, I disabled the RC4 options a bit later in 2.2. Chris Buechler
01:04 AM Bug #4157 (Resolved): IPsec route-to/reply-to "pass out" rules mis-route ISAKMP and ESP traffic with remote on same subnet: confirmed on a handful more systems with a variety of configs, a good mix of ones that need the route-to/reply-to and... Chris Buechler
12:53 AM Bug #4166 (Resolved): filterdns generates floods of DNS requests when there are significant jumps in system time: When you have FQDNs in aliases, and the system clock jumps significantly (talking years), it creates a flood of DNS r... Chris Buechler
12:24 AM Feature #4165 (Rejected): Allow for security zones when defining interfaces and firewall rules.: I have experience using CheckPoint and PaloAlto appliances with "zone" features. This allows you to group networks\in... Ryan H

12/30/2014

11:22 PM Revision 430f8380: Check for fqdn peerid/myids and prepend @ so strongswan does not try to be smart. Also use %any for myid instead of risking of putting the wrong value in the secrets file for traffic selector: Ermal LUÇI
11:21 PM Revision f3106b3f: Check for fqdn peerid/myids and prepend @ so strongswan does not try to be smart. Also use %any for myid instead of risking of putting the wrong value in the secrets file for traffic selector: Ermal Luçi
11:18 PM Revision 69f7d82f: Oops this should be 0s rather than 00. Linked with Ticket #4158: Ermal LUÇI
11:17 PM Revision 1e7d2482: Oops this should be 0s rather than 00. Linked with Ticket #4158: Ermal LUÇI
11:14 PM Revision 68f0da59: ipsec_smp_dump_status get out of loop if error: when reading response from socket.
Otherwise it would be in a loop and end up like: https://forum.pfsense.org/index.p... Phil Davis
11:12 PM Revision 25bc37f7: Merge pull request #1411 from phil-davis/patch-1: Ermal LUÇI
11:09 PM Bug #4095 (Feedback): Unbound config not regenrated on WAN-style interface acquiring IP address: I just committed what should be a solution for this. Phil and Bipin if you could please verify on 31st snapshot (or g... Chris Buechler
10:52 PM Revision 83650c94: Unbreak IPsec rules generation for IPsec over CARP. Should help even Ticket #4157: Ermal Luçi
10:52 PM Revision 46a99aec: Unbreak IPsec rules generation for IPsec over CARP. Should help even Ticket #4157: Ermal Luçi
10:34 PM Revision 13403bd1: Check for fqdn peerid/myids and prepend @ so strongswan does not try to be smart. Also use %any for myid instead of risking of putting the wrong value in the secrets file for traffic selector: Ermal Luçi
10:28 PM Revision 7f69cbe7: Use base64 encoded secrets which Fixes #4158: Ermal Luçi
09:45 PM Revision c86c2b8b: Use base64 encoded secrets which Fixes #4158: Ermal Luçi
09:12 PM Revision 3b2c83b8: initial commit of new firewall_rules: css - add styling for tr.disabled
firewall_rules - migrated to bootstrap
guiconfig - changed alias-popup to be displa... Sjon Hortensius
08:22 PM Bug #4147 (Confirmed): IPsec - IPv4 Phase 1 using FQDN resolves to IPv6 IP: yeah seeing that now, the proper v4 IP is put into the config for ID, but the "right" ipsec.conf entry has the hostna... Chris Buechler
02:38 AM Bug #4147: IPsec - IPv4 Phase 1 using FQDN resolves to IPv6 IP: Did not even look at the configs... Go to Phase 1 - put a dual-stack FQDN there. Go to Status - IPsec, select the ent... Kill Bill
12:44 AM Bug #4147 (Feedback): IPsec - IPv4 Phase 1 using FQDN resolves to IPv6 IP: where? Not seeing that. I have the same circumstance setup and everything in /var/etc/ipsec/ has the v4 IP, everythin... Chris Buechler
08:06 PM Bug #4157 (Feedback): IPsec route-to/reply-to "pass out" rules mis-route ISAKMP and ESP traffic with remote on same subnet: should be fixed, leaving for further verification Chris Buechler
07:28 PM Bug #4148: gen_subnet returns incorrect result for IPv6: stilez has an ICLA on file now so we can merge that. It looks fine to me, to Ermal for review. Chris Buechler
07:04 PM Bug #4129 (Resolved): IPsec connections with multiple P2s use only first SA: this works. the only issue introduced by this that I've found is the status widget issue in #4164 Chris Buechler
07:02 PM Bug #4158 (Resolved): IPsec PSK containing " breaks: fixed Chris Buechler
04:30 PM Bug #4158: IPsec PSK containing " breaks: Applied in changeset commit:7f69cbe7d442650671fe29a2d4804fbd77bc9855. Ermal Luçi
03:50 PM Bug #4158 (Feedback): IPsec PSK containing " breaks: Applied in changeset commit:c86c2b8b7d7e3eedbc68d3ed67ed5a7e88052086. Ermal Luçi
06:50 PM Bug #4164 (Resolved): IPsec dashboard status wrong for connections with multiple P2s: "ipsec statusall" reports connections with multiple P2s as being a single connection, which breaks the active/inactiv... Chris Buechler
06:43 PM Bug #4163 (Resolved): upgraded configs missing <iketype>: Upgraded configs don't have <iketype> added, which leaves some things non-functional until editing and saving the P1s... Chris Buechler
05:39 PM Revision 43531ed7: Allow for old settings that have no iketype: This bit of code looks like it could do with the same test as https://github.com/pfsense/pfsense/pull/1412
This is ex... Phil Davis
05:34 PM Revision d2cc92ec: Merge branch 'master' into bootstrap: Sjon Hortensius
04:35 PM Revision 86b429b3: IPsec Widget allow for old settings that have no iketype: as mentioned in https://forum.pfsense.org/index.php?topic=84527.msg471919#msg471919
This change makes it work like si... Phil Davis
03:58 PM Revision d50b4c30: implemented tabs: interfaces.widget - no need to display associated state, the second icon
does that already
gui.css - no longe... Sjon Hortensius
02:55 PM Bug #4161 (Resolved): Misspelling in privilege "WebCfg - Services - Captiveprotal Zones page": thanks, fixed Chris Buechler
07:09 AM Bug #4161 (Feedback): Misspelling in privilege "WebCfg - Services - Captiveprotal Zones page": Merged Renato Botelho
05:31 AM Bug #4161: Misspelling in privilege "WebCfg - Services - Captiveprotal Zones page": Fixed that spelling and other inconsistencies I noticed in the priv list test.
https://github.com/pfsense/pfsense/pu... Phillip Davis
02:38 AM Bug #4161 (Resolved): Misspelling in privilege "WebCfg - Services - Captiveprotal Zones page": Hello,
I am running pfSense 2.1.5-RELEASE (i386) .
ISSUE:
- The privilege "WebCfg - Services - Captiveprotal Z... James Simas
12:55 PM Revision 6617b9bf: ipsec_smp_dump_status get out of loop if error: when reading response from socket.
Otherwise it would be in a loop and end up like: https://forum.pfsense.org/index.p... Phil Davis
11:47 AM Revision 13c6375b: Captive portal spelling: Phil Davis
11:47 AM Revision ef0d25b3: Standardise text in priv list: Phil Davis
11:47 AM Revision 565dcf3c: Merge pull request #1410 from phil-davis/patch-1: Renato Botelho
11:35 AM Revision e0273f44: Captive portal spelling: Phil Davis
11:32 AM Revision 9006a538: Standardise text in priv list: Phil Davis
08:45 AM Bug #4150: Captive Portal doesn't work with > 120 VLAN interfaces: ICLA submitted. Thanks guys! Making me love pfsense more and more each day Ethan Hayon
01:43 AM Bug #4150: Captive Portal doesn't work with > 120 VLAN interfaces: thanks, let's not break anything worse than it already is there, will push to 2.2.1 Chris Buechler
01:14 AM Bug #4150: Captive Portal doesn't work with > 120 VLAN interfaces: Updated the pull request, though its not correct as implemented even as a workaround. Ermal Luçi
12:50 AM Bug #4150 (Confirmed): Captive Portal doesn't work with > 120 VLAN interfaces: Thanks!
Ethan: we'll need an ICLA from you to accept that.
To Ermal for review of pull request. Chris Buechler
01:36 AM Bug #4139 (Resolved): IPsec status widget broken: spent a lot of time confirming a variety of scenarios here. this as a whole is definitely working fine, in a wide ran... Chris Buechler
12:47 AM Bug #4090: unbound advanced settings cause broken unbound.conf file: that's legitimately wrong syntax Bipin, not related to this, see forum. Chris Buechler
12:00 AM Bug #4090: unbound advanced settings cause broken unbound.conf file: as soon as i enter the below line in advanced config box and hit save and apply, dns resolver stops working and wont ... Bipin Chandra
12:27 AM Bug #4064 (Resolved): improper handling of DNS servers by rtsold: fixed Chris Buechler
12:25 AM Bug #4155: ntpd crashes on 32 bit with dynamic WAN reconnections and OpenVPN client configured: doesn't seem to be every WAN reconnection, I can't replicate it at will. I only see one instance of it happening in m... Chris Buechler
12:15 AM Bug #4031: Notifications mail bomb in some gateway failure circumstances: this doesn't seem to be as bad as it used to be, will revisit. Chris Buechler
12:14 AM Bug #4105: rc.update_bogons.sh fetch failure should never sleep on FW upgrade: still not seeing any way that sleep can hold up anything. Do you have specific steps to replicate? Chris Buechler
12:11 AM Bug #4151 (Resolved): Main page for this section link in services_unbound_host_edit.php is linked to services_dnsmasq.php: fixed Chris Buechler
12:11 AM Bug #4152 (Resolved): Main page for this section link in services_unbound_domainoverride_edit.php is linked to services_dnsmasq.php: fixed Chris Buechler
12:10 AM Bug #4140 (Resolved): Password protect console menu setting not preserved on upgrade: confirmed, fixed Chris Buechler
12:09 AM pfSense Packages Bug #4160 (Resolved): First shutdown attempt of guest fails with open-vm-tools: The first attempt to send a guest shutdown results in: ... Chris Buechler

12/29/2014

11:35 PM Bug #4159 (Resolved): 2.2 amd64 nsupdate broken: ... Chris Buechler
10:16 PM Bug #4140: Password protect console menu setting not preserved on upgrade: I just upgraded a test nanoBSD system with "Password protect the console menu" set. The setting was correctly impleme... Phillip Davis
07:14 PM Revision 1180e4f0: started migration to bootstrap: * migrated /index and most widgets on it
* migrated /system.php using new form-layout
* removed /themes and /javascri... Sjon Hortensius
06:35 PM Bug #4158 (Resolved): IPsec PSK containing " breaks: Since the switch to strongswan, any PSKs containing " do not work, it seems strongswan terminates the PSK right befor... Chris Buechler
06:09 PM Bug #4157 (Resolved): IPsec route-to/reply-to "pass out" rules mis-route ISAKMP and ESP traffic with remote on same subnet: Where your IPsec remote endpoint is on the same subnet as the local IP where it's bound, the "pass out" rules for ISA... Chris Buechler
04:16 PM Bug #4150: Captive Portal doesn't work with > 120 VLAN interfaces: Addressed here: https://github.com/pfsense/pfsense/pull/1409 Ethan Hayon
02:13 PM Bug #4150: Captive Portal doesn't work with > 120 VLAN interfaces: Ok, I did a little digging and I found out what's happening. IPFW isn't inserting all of the necessary CP rules becau... Ethan Hayon
08:36 AM Bug #4150: Captive Portal doesn't work with > 120 VLAN interfaces: Thanks guys. So it looks like the exact number is 117 VLANS, but when I add any more, the captive portal starts letti... Ethan Hayon
03:28 PM Bug #4090: unbound advanced settings cause broken unbound.conf file: Any chance we could get the exact config.xml section that exhibited the problem? Jim Pingle
09:38 AM Bug #4090: unbound advanced settings cause broken unbound.conf file: This was a 2.1.3 install into a VM, upgrade to 2.1.5, then upgraded to 2.2-RC (and again to the 12/24 snapshot). Ther... Vick Khera
02:48 PM Revision 55f910a3: Simplify cron array comparison: This works fine - I had not thought about how arrays are compared. Using "==" checks that the key/value pairs match i... Phil Davis
02:48 PM Revision 71bd5ec1: Minimise config updates when checking cron jobs: Phil Davis
02:47 PM Revision 16d2c13a: Merge pull request #1407 from phil-davis/patch-1: Renato Botelho
02:31 PM Revision aff83787: Simplify cron array comparison: This works fine - I had not thought about how arrays are compared. Using "==" checks that the key/value pairs match i... Phil Davis
01:40 PM Revision 91145658: Backout pull request #1391: https://forum.pfsense.org/index.php?topic=85944.0
Backout pull request #13191 Colin Fleming
01:40 PM Revision d9feefb1: Merge pull request #1408 from ExolonDX/master: Renato Botelho
11:59 AM Bug #4155: ntpd crashes on 32 bit with dynamic WAN reconnections and OpenVPN client configured: OpenNTPD had its own share of crashes and other bad behavior (See #2423 for one major example). The only thing it han... Jim Pingle
10:56 AM Bug #4155: ntpd crashes on 32 bit with dynamic WAN reconnections and OpenVPN client configured: Chris Buechler wrote:
> Why people think it's better I don't know
Probably because it does not try to bind to unw... Kill Bill
10:21 AM Bug #4155: ntpd crashes on 32 bit with dynamic WAN reconnections and OpenVPN client configured: openntpd is a buggy mess, we've been there, done that, and got rid of it for many reasons. Why people think it's bett... Chris Buechler
11:51 AM Revision 40930f75: Backout pull request #1391: https://forum.pfsense.org/index.php?topic=85944.0
Backout pull request #13191 Colin Fleming
07:51 AM Bug #4151 (Feedback): Main page for this section link in services_unbound_host_edit.php is linked to services_dnsmasq.php: Pull request has been merged Renato Botelho
07:50 AM Bug #4152 (Feedback): Main page for this section link in services_unbound_domainoverride_edit.php is linked to services_dnsmasq.php: Pull request has been merged Renato Botelho
06:53 AM Revision 994a0644: Minimise config updates when checking cron jobs: Phil Davis
06:20 AM Bug #4156 (Rejected): Raid Gmirror not failing graceully: That is likely a hardware-related lockup for which the OS can do nothing better. A true RAID adapter may handle that ... Jim Pingle
02:35 AM Bug #4156: Raid Gmirror not failing graceully: What pfSense version? 2.1.5? 2.2-RC? Phillip Davis
12:52 AM Bug #4156 (Rejected): Raid Gmirror not failing graceully: 1 Hard drive fails
System locks up (console unable to input on keyboard, no network traffic can't ping access web ... Walt McDonald

12/28/2014

06:45 PM Revision 8f6875de: Fix unbound shortcut links: Fixes redmine #4151
1) Make the naming in shortcuts.inc more clear - forwarder=dnsmasq
resolver=unbound
2) Make the v... Phil Davis
06:43 PM Revision f9aed22c: Merge pull request #1405 from phil-davis/unbound-shortcuts: Jim Pingle
10:51 AM Revision db88a3a2: Fix unbound shortcut links: Fixes redmine #4151
1) Make the naming in shortcuts.inc more clear - forwarder=dnsmasq
resolver=unbound
2) Make the v... Phil Davis
05:51 AM Bug #4155: ntpd crashes on 32 bit with dynamic WAN reconnections and OpenVPN client configured: Phillip Davis wrote:
> It happens after some WAN event that has potential IP change, and the OpenVPN clients are res... Kill Bill
05:38 AM Bug #4155: ntpd crashes on 32 bit with dynamic WAN reconnections and OpenVPN client configured: It happens after some WAN event that has potential IP change, and the OpenVPN clients are restarted. About 20 seconds... Phillip Davis
05:29 AM Bug #4155: ntpd crashes on 32 bit with dynamic WAN reconnections and OpenVPN client configured: i have a stable internet connection on the alix and i just noticed the same behaviour Bipin Chandra
05:21 AM Bug #4155: ntpd crashes on 32 bit with dynamic WAN reconnections and OpenVPN client configured: Phillip Davis wrote:
> The 2 APUs I have do not have any ntpd exited messages. That could be because the 64-bit ntpd... Kill Bill
05:15 AM Bug #4155: ntpd crashes on 32 bit with dynamic WAN reconnections and OpenVPN client configured: My Alix boxes do it also. Here is an example:
@$ clog /var/log/system.log | grep signal
Dec 24 13:16:36 skt-rt-01 k... Phillip Davis
04:05 AM Bug #4155 (Resolved): ntpd crashes on 32 bit with dynamic WAN reconnections and OpenVPN client configured: Seeing this on tons of Alix boxes. (Frankly had to install Service Watchdog package to keep ntpd running, it crashes ... Kill Bill
04:53 AM Bug #4151: Main page for this section link in services_unbound_host_edit.php is linked to services_dnsmasq.php: Same changes now in https://github.com/pfsense/pfsense/pull/1405
That pull request is a single commit - easier to ma... Phillip Davis
04:52 AM Bug #4152: Main page for this section link in services_unbound_domainoverride_edit.php is linked to services_dnsmasq.php: Same changes now in https://github.com/pfsense/pfsense/pull/1405
That pull request is a single commit - easier to ma... Phillip Davis
01:44 AM Bug #4146: OpenVPN tap interfaces are down after boot: Same issue for openvpn tap clients! everything is UP and RUNNING but iface is DOWN. Dmitriy K

12/27/2014

09:48 PM Bug #4151 (Confirmed): Main page for this section link in services_unbound_host_edit.php is linked to services_dnsmasq.php: Chris Buechler
12:39 PM Bug #4151: Main page for this section link in services_unbound_host_edit.php is linked to services_dnsmasq.php: And more things I noticed - the Unbound Advanced and ACLs tabs do not display the shortcuts at all. The Resolver logs... Phillip Davis
09:48 PM Bug #4152 (Confirmed): Main page for this section link in services_unbound_domainoverride_edit.php is linked to services_dnsmasq.php: Chris Buechler
12:40 PM Bug #4152: Main page for this section link in services_unbound_domainoverride_edit.php is linked to services_dnsmasq.php: Same set of fixes for this one also
https://github.com/pfsense/pfsense/pull/1404 Phillip Davis
09:45 PM Bug #4150 (Feedback): Captive Portal doesn't work with > 120 VLAN interfaces: will need more details, likely this isn't 2.2-specific if there is any actual problem here. Chris Buechler
01:05 PM Bug #4150: Captive Portal doesn't work with > 120 VLAN interfaces: There really is nothing to prevent this from working.
Though i am sure you would get better solution for this if you... Ermal Luçi
09:42 PM Bug #4153 (Rejected): Can't remove shaper or queue in IE11: duplicate of #1957 Chris Buechler
04:36 AM Bug #4153 (Rejected): Can't remove shaper or queue in IE11: Browser: IE11;
Removing shaper:
1. Configure shaper via "Dedicated Links" wizard;
2. Go to "By interface" tab an... Dmitriy K
05:32 PM Feature #4154: Support for RADIUS authentication over IPv6: FYI- This was the same on pfSense 2.1. It doesn't send out IPv6 RADIUS requests either. So at least it's not a regres... Jim Pingle
01:06 PM Feature #4154: Support for RADIUS authentication over IPv6: Ermal Luçi wrote:
> Hence the issue, i think this should be pushed post 2.2 to really be fixed.
Well, whatever is... Kill Bill
12:58 PM Feature #4154: Support for RADIUS authentication over IPv6: libradius is v4 only for now.
Hence the issue, i think this should be pushed post 2.2 to really be fixed. Ermal Luçi
11:46 AM Feature #4154: Support for RADIUS authentication over IPv6: Yep, it just seems to vanish somewhere. :) I deleted the client on the Windows server, and nothing logged. normally, ... Kill Bill
11:26 AM Feature #4154 (Confirmed): Support for RADIUS authentication over IPv6: Just tried this and I'm seeing the same thing against FreeRADIUS2. The IPv6 RADIUS request never leaves the client ho... Jim Pingle
08:25 AM Feature #4154 (Resolved): Support for RADIUS authentication over IPv6: Following https://doc.pfsense.org/index.php/OpenVPN_with_RADIUS_via_Active_Directory - this does not work if the RADI... Kill Bill
02:50 PM Bug #4134 (Resolved): Email notifications configuration migration to 2.2 broken (STARTTLS): Renato Botelho
02:05 PM Bug #4134: Email notifications configuration migration to 2.2 broken (STARTTLS): Works, thanks. Kill Bill
12:56 PM Bug #4141: captive-portal on opt1 interface affects traffic going through other interfaces: This will really be fixed when the carp interface link is made a strong one rather than the weak one that is today.
... Ermal Luçi
11:08 AM Bug #4090: unbound advanced settings cause broken unbound.conf file: Chris has put a little different - Vick's example does not have the double-quotes on the last 2 lines.
In any case, ... Phillip Davis
08:14 AM Bug #4149: Register DHCP leases in DNS forwarder broken: Well, I'm sure it's an issue in 2.1.5, as I am observing it. I haven't tested 2.2 (as far as I can tell 2.1.5 is the ... Anonymous
01:35 AM Bug #4146: OpenVPN tap interfaces are down after boot: All instances are tap. Dmitriy K

12/26/2014

10:50 PM Revision e63734ff: clarify message here after customer feedback, it wasn't meant to imply "only a reboot will re-enable" but that's how some people have read it.: Chris Buechler
10:49 PM Revision cccee755: clarify message here after customer feedback, it wasn't meant to imply "only a reboot will re-enable" but that's how some people have read it.: Chris Buechler
06:51 PM Bug #4152 (Resolved): Main page for this section link in services_unbound_domainoverride_edit.php is linked to services_dnsmasq.php: Services: DNS Resolver: Edit Domain Override (services_unbound_domainoverride_edit.php)
Main page for this section... Herman Johnson
06:49 PM Bug #4151 (Resolved): Main page for this section link in services_unbound_host_edit.php is linked to services_dnsmasq.php: Services: DNS Resolver: Edit host (services_unbound_host_edit.php)
Main page for this section [+] link at the top ... Herman Johnson
05:28 PM Bug #4150 (Resolved): Captive Portal doesn't work with > 120 VLAN interfaces: Captive portal is not authenticating users (just letting everyone on) when a zone is attached to more than 120 VLAN i... Ethan Hayon
05:17 PM Bug #4139: IPsec status widget broken: thanks for the feedback. I'm not 100% confident yet, will leave this open til early next week while I'm doing further... Chris Buechler
05:12 PM Bug #4139: IPsec status widget broken: All good here, finally ;) Kill Bill
01:12 PM Bug #4139: IPsec status widget broken: It seems all the problem circumstances here are fine now. A spot check of a handful of test systems where several iss... Chris Buechler
03:45 AM Bug #4139: IPsec status widget broken: Phillip Davis wrote:
> The description went missing in https://github.com/pfsense/pfsense/commit/bd0bb466f073c50a443... Kill Bill
03:38 AM Bug #4139: IPsec status widget broken: The description went missing in https://github.com/pfsense/pfsense/commit/bd0bb466f073c50a443c09096e89acf0abf8fdaa
I... Phillip Davis
05:04 PM Bug #4149 (Rejected): Register DHCP leases in DNS forwarder broken: not sure if that's an issue in 2.1.5 (maybe in some edge case, but there would be much more of an uproar than 2 peopl... Chris Buechler
04:57 PM Bug #4149 (Rejected): Register DHCP leases in DNS forwarder broken: On 2.1.5, the DHCP registration option in DNS Forwarding is broken. When a new machine is granted a DHCP lease, the f... Anonymous
04:51 PM Bug #4146: OpenVPN tap interfaces are down after boot: It appears it's more than just after boot, tap interfaces seem to always end up missing "UP". Will attempt to further... Chris Buechler
02:47 PM Bug #4146: OpenVPN tap interfaces are down after boot: corrected specific issue Chris Buechler
01:36 PM Bug #4146 (Confirmed): OpenVPN tap interfaces are down after boot: updated subject to actual issue Chris Buechler
04:50 PM Bug #4130 (Resolved): Status: Dashboard - index.php: XML error: no leases object found! (IPsec Widget): fixed Chris Buechler
04:49 PM Bug #4138 (Resolved): Status - IPsec: Description missing on connected tunnels: fixed Chris Buechler
04:47 PM Bug #4116 (Confirmed): IP Alias VIPs using CARP VIP as their interface are not properly deactivated for temporary CARP disable: confirmed current status as Jim described. Temporary is fine. Maintenance mode gets stuck at advskew 254 only on inte... Chris Buechler
04:39 PM Bug #4141 (Closed): captive-portal on opt1 interface affects traffic going through other interfaces: Thanks for diagnosis PiBa. #4148 has root cause Chris Buechler
04:39 PM Bug #4148 (Resolved): gen_subnet returns incorrect result for IPv6: There is a pull request to fix this:
https://github.com/pfsense/pfsense/pull/958
#4141 shows one instance where ... Chris Buechler
04:31 PM Bug #4119 (Resolved): Disable DHCP server when interface is disabled / DHCP relay is checking for disabled interfaces: fixed Chris Buechler
04:25 PM Bug #4090: unbound advanced settings cause broken unbound.conf file: I can paste in exactly what you have above: ... Chris Buechler
04:19 PM Bug #4117: Using run(4) USB WLAN in hostap mode crashes in FreeBSD 10.x: it's crashing in run and we include 100% stock run(4) and don't patch anything related to wifi, there is more of a di... Chris Buechler
03:58 PM Bug #4145 (Rejected): Interfaces widget - interface details missing: doing something to ensure browsers don't excessively cache js and css is something we've discussed internally, but ha... Chris Buechler
10:01 AM Bug #4145: Interfaces widget - interface details missing: To fix various widget behavior, I keep making minor changes to the way some of the backround update data is passed ar... Phillip Davis
03:33 PM Bug #4142 (Confirmed): certificate manager certificates that are in use by packages can be deleted: Chris Buechler
03:13 PM Revision 02e4ee54: Update /etc/ttys from new partition when upgrading nanobsd, and in this case do not call reload_ttys(). It should fix #4140: Renato Botelho
03:13 PM Revision e68b7be0: Remove unused variable: Renato Botelho
03:00 PM Revision c07cd2ce: Update /etc/ttys from new partition when upgrading nanobsd, and in this case do not call reload_ttys(). It should fix #4140: Renato Botelho
02:57 PM Revision da4f9b60: Remove unused variable: Renato Botelho
02:32 PM Bug #4076 (Resolved): DNS Forwarder options do not unset during CARP sync: fixed Chris Buechler
08:30 AM Bug #4076: DNS Forwarder options do not unset during CARP sync: Applied in changeset commit:4469379c20d22b6c80bb7c47219e2fa2895c89a1. Renato Botelho
08:30 AM Bug #4076 (Feedback): DNS Forwarder options do not unset during CARP sync: Applied in changeset commit:f29fd4d08d910d6a10e294c555c052ae6a69c2b4. Renato Botelho
02:21 PM Revision ef6f553d: Move this check before full sync to disable dnsmasq/unbound in the first time it's sync'd: Renato Botelho
02:21 PM Revision 4469379c: Add dnsmasq and unbound config sections to full sync, it fixes #4076 that is caused because boolean config fields are not disabled on secondary: Renato Botelho
02:21 PM Revision d0bf02bd: Move this check before full sync to disable dnsmasq/unbound in the first time it's sync'd: Renato Botelho
02:20 PM Revision f29fd4d0: Add dnsmasq and unbound config sections to full sync, it fixes #4076 that is caused because boolean config fields are not disabled on secondary: Renato Botelho
01:08 PM Bug #4124 (Resolved): Alias FQDNs don't permit trailing period: all seems fine here Chris Buechler
01:07 PM Bug #4143 (Confirmed): After firmware upgrade it keeps saying "Packages are currently being reinstalled in the background." for no apparent reason.: there have always been some circumstances with some packages where that happens. additional comment on the pull reque... Chris Buechler
01:00 PM Bug #4131 (Resolved): CP RADIUS accounting not working: fixed Chris Buechler
12:55 PM Bug #4127 (Resolved): CP per-user bandwidth restriction applied when disabled: fixed Chris Buechler
12:13 PM Bug #3358: new version of <include_file> is not required during reinstall_all: Not having this install_package called from the new updated file could cause some packages to 'break', because of bei... Pi Ba
12:08 PM pfSense Packages Bug #4144 (Resolved): Current GUI doesn't allow you to select multiple logging severity options: Chris Buechler
11:30 AM pfSense Packages Bug #4144 (Feedback): Current GUI doesn't allow you to select multiple logging severity options: Applied in changeset commit:05a05c59ca10b62bdba34178e25e28fa55be12fc. Renato Botelho
11:09 AM Bug #4135 (Rejected): package update code does not run new update code from +packagename+.inc file when upgrading a package.: Duplicate of #3358 Renato Botelho
10:21 AM Revision ddfe3e05: Display tunnel description on IPsec widget: There was not even code to attempt to display the description.
Also, when I first created a phase1 and there were no ... Phil Davis
10:19 AM Revision 46df4e88: Merge pull request #1402 from phil-davis/patch-1: Renato Botelho
09:23 AM Bug #4147 (Resolved): IPsec - IPv4 Phase 1 using FQDN resolves to IPv6 IP: When you define an IPv4 tunnel using FQDN as Remote gateway, this resolves to AAAA record (if any) and subsequently o... Kill Bill
09:20 AM Bug #4140: Password protect console menu setting not preserved on upgrade: Applied in changeset commit:02e4ee541ba8af0992c6cd3acd468d731369b287. Renato Botelho
09:20 AM Bug #4140 (Feedback): Password protect console menu setting not preserved on upgrade: Applied in changeset commit:c07cd2ce79f56c96c886db818cb36651b5a334be. Renato Botelho
08:03 AM Revision 5525974b: Display tunnel description on IPsec widget: There was not even code to attempt to display the description.
Also, when I first created a phase1 and there were no ... Phil Davis

12/25/2014

04:34 PM Bug #4129: IPsec connections with multiple P2s use only first SA: Tested, works ok for my tunnels. Thanks. Pi Ba
04:04 PM Bug #4145: Interfaces widget - interface details missing: Sorry, this is not a widget issue. Another browser caching problem in action. Guys, would it be possible to produce a... Kill Bill
10:22 AM Bug #4145 (Rejected): Interfaces widget - interface details missing: After the latest batch of patches, as soon as CPU usage bar stops refreshing, the interface details (speed, duplex, m... Kill Bill
12:02 PM Bug #4146 (Resolved): OpenVPN tap interfaces are down after boot: Setup:
1. Latest snapshot
2. 2 ovpn servers on parent WAN (PPPoE);
3. 1 ovpn server on LAN;
After reboot:
1. A... Dmitriy K
11:06 AM Bug #4139: IPsec status widget broken: Still missing the description here...
!http://i57.tinypic.com/1q60oz.png!
Kill Bill
06:25 AM pfSense Packages Bug #4144 (Resolved): Current GUI doesn't allow you to select multiple logging severity options: Even GUI says "use CTRL+click to select/unselect." you cant do that because a combobox is used instead of listbox so ... Dmitriy K

12/24/2014

07:40 PM Bug #4143 (Resolved): After firmware upgrade it keeps saying "Packages are currently being reinstalled in the background." for no apparent reason.: After firmware upgrade it keeps saying "Packages are currently being reinstalled in the background." for no apparent ... Pi Ba
06:14 PM Revision 5a0028ad: Correct even other areas of CP using pfSense_ipfw_getTablestats function.: Ermal Luçi
06:14 PM Revision 82a2fd79: Correct even other areas of CP using pfSense_ipfw_getTablestats function.: Ermal Luçi
06:10 PM Revision b9276845: Correctly call function for retrieving stats from ipfw. Fixes #4131: Ermal Luçi
06:10 PM Revision 553803f4: Correctly call function for retrieving stats from ipfw. Fixes #4131: Ermal Luçi
05:59 PM Revision 046d253a: Fixes #4130 Check for a certain size of file to start showing data on dashboard and avoiding xml parser errors: Ermal Luçi
05:59 PM Revision 35d17581: Fixes #4130 Check for a certain size of file to start showing data on dashboard and avoiding xml parser errors: Ermal Luçi
05:47 PM Revision c607f306: Fix displaying description for IKEv1 connected tunnels: Ermal Luçi
05:47 PM Revision 5afffea4: Fix displaying description for IKEv1 connected tunnels: Ermal Luçi
05:40 PM Revision a47e038c: Oops remove variable with same name unused!: Ermal Luçi
05:40 PM Revision cdb68b25: Oops remove variable with same name unused!: Ermal Luçi
05:39 PM Revision 4f23e0a4: Add checks for ghost phase2 and no need to check for number of phase2 here: Ermal Luçi
05:39 PM Revision 6a802ab4: Add checks for ghost phase2 and no need to check for number of phase2 here: Ermal Luçi
05:26 PM Revision 87f2ea89: Correct skipping of disabled tunnels: Ermal Luçi
05:26 PM Revision d1e53a1e: Correct skipping of disabled tunnels: Ermal Luçi
05:22 PM Revision b4997579: Make this function readble: Ermal Luçi
05:22 PM Revision 168126ea: Correct status counter of inactive tunnels: Ermal Luçi
05:21 PM Revision 17318511: Make this function readble: Ermal Luçi
05:21 PM Revision 21b2912f: Correct status counter of inactive tunnels: Ermal Luçi
04:57 PM Bug #4142 (Resolved): certificate manager certificates that are in use by packages can be deleted: certificatemanager, certificates that are in use can be deleted
When a certificate is in use by a OpenVPN server i... Pi Ba
04:44 PM Bug #4141: captive-portal on opt1 interface affects traffic going through other interfaces: When gen_subnet is fixed (for example by pulling [https://github.com/pfsense/pfsense/pull/958] ), ip_in_subnet(11.22... Pi Ba
12:59 PM Bug #4141: captive-portal on opt1 interface affects traffic going through other interfaces: Ok found the cause of the issue.
I have a ipv6 carp-ip "abcd::1234/64" defined on my wan interface. (its a test box.... Pi Ba
12:12 PM Bug #4141: captive-portal on opt1 interface affects traffic going through other interfaces: Seems then that interface is wrongly added to the ipfw context.... Pi Ba
11:57 AM Bug #4141: captive-portal on opt1 interface affects traffic going through other interfaces: Can you show me an ipfw zone list when this happens? Ermal Luçi
04:00 PM pfSense Packages Bug #4118 (Resolved): NUT fails to start in pfSense 2.2: Renato Botelho
03:55 PM pfSense Packages Bug #4118: NUT fails to start in pfSense 2.2: Fix confirmed. Many thanks! Denny Page
07:34 AM pfSense Packages Bug #4118: NUT fails to start in pfSense 2.2: Thanks, works now. Merry Christmas! :-) Kill Bill
05:20 AM pfSense Packages Bug #4118 (Feedback): NUT fails to start in pfSense 2.2: Applied in changeset commit:63881e2114fc597d2f940d630d902c4801b6b9e0. Renato Botelho
02:00 AM pfSense Packages Bug #4118: NUT fails to start in pfSense 2.2: Keepalive Xmas ping. ;) This is incredibly annoying on snapshot upgrades, causing *very* slow boot. https://forum.pfs... Kill Bill
12:20 PM Bug #4131: CP RADIUS accounting not working: Applied in changeset commit:b9276845369b186dd1226a20b7402b2e61b31faf. Ermal Luçi
12:20 PM Bug #4131: CP RADIUS accounting not working: Applied in changeset commit:553803f445185da2ac08baa7c034fada8032c3bd. Ermal Luçi
12:08 PM Bug #4131 (Feedback): CP RADIUS accounting not working: Ermal Luçi
12:00 PM Bug #4130: Status: Dashboard - index.php: XML error: no leases object found! (IPsec Widget): Applied in changeset commit:046d253a34d74c794d7ed44b241c79a01fe86b20. Ermal Luçi
12:00 PM Bug #4130: Status: Dashboard - index.php: XML error: no leases object found! (IPsec Widget): Applied in changeset commit:35d17581b1bd21dfc325c2a59174bd3beb416a27. Ermal Luçi
11:53 AM Bug #4130 (Feedback): Status: Dashboard - index.php: XML error: no leases object found! (IPsec Widget): Fixed. Ermal Luçi
11:48 AM Bug #4130: Status: Dashboard - index.php: XML error: no leases object found! (IPsec Widget): Normally an ipsec stroke leases creates an empty file with only main leases tag inside! Ermal Luçi
11:42 AM Bug #4138 (Feedback): Status - IPsec: Description missing on connected tunnels: Fixed on latest code. Ermal Luçi
11:35 AM Bug #4139 (Feedback): IPsec status widget broken: Widgets works properly now for all states. Ermal Luçi
11:19 AM Revision fad42a3d: Remove option that has now been merged into infra-host-ttl.: Warren Baker
11:19 AM Revision 43067abc: Merge pull request #1395 from wagonza/RELENG_2_2: Renato Botelho
10:33 AM Bug #4090: unbound advanced settings cause broken unbound.conf file: I'm using the 20141224-0520 upgrade image. Vick Khera
10:32 AM Bug #4090: unbound advanced settings cause broken unbound.conf file: No, this did not fix the problem.
I did some experimentation and discovered that if I enter the above configuratio... Vick Khera
09:03 AM Bug #4117: Using run(4) USB WLAN in hostap mode crashes in FreeBSD 10.x: I am not able to reproduce this crash on FreeBSD 10.1.
Using the FreeBSD kernel on the pfSense installation works ... Andreas Mueller

12/23/2014

06:20 PM Bug #4141 (Closed): captive-portal on opt1 interface affects traffic going through other interfaces: captive-portal on opt1 interface affects traffic going through other interfaces.
ive got a pfSense box with 3 inte... Pi Ba
04:21 PM Revision dd07beef: Oops do not override ipsec status array!: Ermal Luçi
04:21 PM Revision f8827719: Oops do not override ipsec status array!: Ermal Luçi
01:18 PM Bug #4117 (Rejected): Using run(4) USB WLAN in hostap mode crashes in FreeBSD 10.x: please replicate on stock FreeBSD 10.1 and report upstream, that's a driver issue outside of our control. Chris Buechler
01:13 PM Bug #4140: Password protect console menu setting not preserved on upgrade: setup_serial_port() is called by /tmp/post_upgrade_command.php and should reconfigure serial port before reboot the n... Renato Botelho
01:01 PM Bug #4124 (Feedback): Alias FQDNs don't permit trailing period: pull request merged. seems fine, leaving for now for further testing. Chris Buechler
12:49 PM Revision 283dd1d7: Reboot not required for password protect console menu: On my systems I can toggle and save "Password protect the console menu" back and forth and the console switches back ... Phil Davis
12:49 PM Revision 242e6ba2: Merge pull request #1401 from phil-davis/patch-1: Renato Botelho
12:32 PM Bug #4139: IPsec status widget broken: + description missing on the tunnels tab Kill Bill
11:09 AM Revision 0bc7947e: Handle firewall log widget display formats: the same way for the initial display and for updated rows done by Java Script. Now we receive the source IP and port,... Phil Davis
11:09 AM Revision 7d182021: Interfaces widget remove blank line if no IPv4 address: If the interface had an IPv6 address but no IPv4 address, there was a blank line where the IPv4 address would have be... Phil Davis
11:09 AM Revision d4b3c264: Interfaces widget create all div: All div for the various things need to be created here, so that later AJAX can switch the necessary things on/off and... Phil Davis
11:08 AM Revision 490810ed: Remove "link", "vlink" and "alink" from BODY tag: This is a positional change to remove "link", "vlink" and "alink" from
the BODY tag, the following themes do not have... Colin Fleming
11:07 AM Revision 89914d8c: Put line break only if IPv4 address exists: This makes a line for the IPv4 address if it is there. If the IPv4 address goes away, the whole line will disappear, ... Phil Davis
11:07 AM Revision 085d6889: Set Interfaces widget IPv6 address: Now that get_interfacestatus() is returning us the IPv6 address, and interfaces.widget.php has a div to put it in, ac... Phil Davis
11:07 AM Revision 42647435: Lastsawtime has moved further along: srcport, dstport and version are now explicitly passed as fields here, so lastsawtime is 3 fields further out. Phil Davis
11:06 AM Revision 5b370150: Display better message when booting and awaiting package reinstall: Phil Davis
11:06 AM Revision 25d3c68f: Display better message when booting and awaiting package reinstall: Phil Davis
11:04 AM Revision b79c23ae: Send IPv4 and IPv6 address in get_interfacestatus: And make them strong (bold), which is how they are displayed originally by interfaces.widget.php
This allows the AJAX... Phil Davis
11:04 AM Revision dad58d7f: Display better message when booting and awaiting package reinstall: Phil Davis
11:03 AM Revision 4e220eea: Standardise dynamic firewall log view: to be like Firewall Log widget:
1) Display IPv6 address and port in [a:b::c]:123 format
2) Fix same issue with rows g... Phil Davis
11:03 AM Revision 8b3d14bc: Allow dot at end of FQDN for a host: Redmine #4124 has discussion of this. Phil Davis
11:02 AM Revision 71ddc9ef: Pass src dst IP port through to firewall log: and IP version. So that the receiving code can easily have each pat of the IP addresses and ports, and display them a... Phil Davis
10:57 AM Bug #4126 (Resolved): some PSKs incorrect in ipsec.secrets: Ermal confirmed this looks fine. Chris Buechler
03:56 AM Revision f244dca8: Reboot not required for password protect console menu: On my systems I can toggle and save "Password protect the console menu" back and forth and the console switches back ... Phil Davis

12/22/2014

11:49 PM Revision 6422c6f1: Merge pull request #1394 from phil-davis/patch-13: Chris Buechler
11:45 PM Revision dc83dd4c: Merge pull request #1393 from phil-davis/patch-12: Chris Buechler
11:41 PM Revision f2087b77: Merge pull request #1397 from phil-davis/patch-15: Chris Buechler
11:39 PM Revision b5d827f6: Merge pull request #1400 from phil-davis/patch-17: Chris Buechler
11:36 PM Revision 0000cdf7: Prevent resolvconf(8) from stomping all over our newly generated: resolv.conf and subsequent updates. Warren Baker
11:32 PM Revision 07499022: Merge pull request #1398 from wagonza/patch-2: Chris Buechler
11:18 PM Bug #4140: Password protect console menu setting not preserved on upgrade: setup_serial_port() does a bunch of other things related to loader.conf stuff also, so there might be other side-effe... Phillip Davis
11:14 PM Bug #4140 (Resolved): Password protect console menu setting not preserved on upgrade: 1) Select "Password protect the console menu" from System->Advanced, Admin and press Save. The console now prompts fo... Phillip Davis
10:07 PM Bug #4138: Status - IPsec: Description missing on connected tunnels: Yeah, confirmed it seems to happen that way on all IKEv1.
Both v1 and v2 have the description disappear when it's... Chris Buechler
07:33 PM Bug #4138: Status - IPsec: Description missing on connected tunnels: Yes, IKEv1. Tried IKEv2 and the description is flaky as well as you describe. Kill Bill
06:08 PM Bug #4138: Status - IPsec: Description missing on connected tunnels: also here: https://forum.pfsense.org/index.php?topic=85752.0 Chris Buechler
05:59 PM Bug #4138 (Confirmed): Status - IPsec: Description missing on connected tunnels: are those IKEv1 connections? Seems to be limited to IKEv1 for the problem as described.
With IKEv2 there is a simil... Chris Buechler
02:44 PM Bug #4138 (Resolved): Status - IPsec: Description missing on connected tunnels: This is broken even with commit 17ad9cb8 applied. Kill Bill
09:33 PM Bug #4064 (Feedback): improper handling of DNS servers by rtsold: Warren's pull request from earlier should fix this, to me for testing. Chris Buechler
06:01 PM Bug #4137 (Closed): IPSec widget - Invalid argument supplied for foreach() in /usr/local/www/widgets/widgets/ipsec.widget.php on line 89: multiple issues there, covered in #4139 Chris Buechler
01:18 PM Bug #4137 (Closed): IPSec widget - Invalid argument supplied for foreach() in /usr/local/www/widgets/widgets/ipsec.widget.php on line 89: As per subject. This is on a fully gitsynced box with Dec 22 10:10:37 CST 2014 snapshot. Kill Bill
05:59 PM Bug #3886 (Resolved): (TurkishLanguage) After the firewall rule for example (lan rule) does not come "Apply Button": Chris Buechler
05:58 PM Bug #4139 (Resolved): IPsec status widget broken: Multiple issues since changes earlier today.
1) "Warning: Invalid argument supplied for foreach() in /usr/local/w... Chris Buechler
05:07 PM Revision 792dbafd: Add config upgrade code to validate changes made on c2fe67eb and d269747b. It fixes #4134: Renato Botelho
05:06 PM Revision ccf30846: Add config upgrade code to validate changes made on c2fe67eb and d269747b. It fixes #4134: Renato Botelho
04:54 PM Revision 1df8a7b2: Add missing $ as spotted by Kill Bill, ticket #4132: Renato Botelho
04:54 PM Revision cfec8558: Add missing $ as spotted by Kill Bill, ticket #4132: Renato Botelho
04:36 PM Revision 0314cbf4: Correct display of tunnel status on ikev1 with multiple phase2: Ermal Luçi
04:36 PM Revision 17ad9cb8: Correct display of tunnel status on ikev1 with multiple phase2: Ermal Luçi
04:20 PM Revision 483c3b5b: Correct ipsec status page to make connect button work: Ermal Luçi
04:20 PM Revision fe2e680b: Correct ipsec status page to make connect button work: Ermal Luçi
03:14 PM Revision 432dee2d: Correct dashboard with new ipsec generation: Ermal Luçi
03:14 PM Revision 3c5af33a: Manually merge vpn.inc from master since cherry-picking is very messy to perform.: Ermal Luçi
03:08 PM Revision 7a8ea3ee: Correct dashboard with new ipsec generation: Ermal Luçi
02:59 PM pfSense Packages Bug #4059 (Confirmed): library required by squid3 may be absent: Chris Buechler
02:37 PM Revision d8cb5ff3: Create a separate connection for IKEv1 with multiple phase2 definitions.: Ermal Luçi
02:33 PM Revision ad9bce2c: Correct issue with not reloading CP properly on calling interface configure.: Ermal Luçi
02:33 PM Revision a08db603: Correct issue with not reloading CP properly on calling interface configure.: Ermal Luçi
02:24 PM Revision b2448aa0: Fix issue reported on https://forum.pfsense.org/index.php?topic=85737.0: Ermal Luçi
02:24 PM Revision d90d869e: Fix issue reported on https://forum.pfsense.org/index.php?topic=85737.0: Ermal Luçi
01:24 PM Feature #4083: Replace GET by POST: This is a change that needs to be done globally, replace this ticket to a more general description to keep track of i... Renato Botelho
12:39 PM Feature #4136 (Rejected): Change the default ntp client/server to OpenNTPD: We tried using OpenNTPD. It was buggy and lacked features we needed. Not likely to switch back and regress.
There ... Jim Pingle
12:34 PM Feature #4136 (Rejected): Change the default ntp client/server to OpenNTPD: During the last years, a lot of security bugs have been found in the NTP code. My proposal is to change the default N... Juan Francisco Cantero Hurtado
12:12 PM Revision 22a7fef8: Fix string, we want to print variable name here and not its value. Fixes #4132: Renato Botelho
12:12 PM Revision 7fd7c5a5: Fix string, we want to print variable name here and not its value. Fixes #4132: Renato Botelho
11:36 AM Bug #4132 (Resolved): Captive Portal - Portal page contents - confusing instructions (gettext issue): Cool. Thanks!! Renato Botelho
11:25 AM Bug #4132: Captive Portal - Portal page contents - confusing instructions (gettext issue): All good now :) Kill Bill
10:48 AM Bug #4132: Captive Portal - Portal page contents - confusing instructions (gettext issue): Good catch, thanks! Renato Botelho
10:26 AM Bug #4132: Captive Portal - Portal page contents - confusing instructions (gettext issue): Thanks, though this is still incosistent - $PORTAL_ACTION/$PORTAL_REDIRURL vs. $PORTAL_ACTION$/$PORTAL_REDIRURL$ (not... Kill Bill
06:20 AM Bug #4132: Captive Portal - Portal page contents - confusing instructions (gettext issue): Applied in changeset commit:22a7fef8b7ff2fc4f9c13b6a248912c1cf8e345b. Renato Botelho
06:20 AM Bug #4132 (Feedback): Captive Portal - Portal page contents - confusing instructions (gettext issue): Applied in changeset commit:7fd7c5a5454b8b59467016b62333818e585f9187. Renato Botelho
11:20 AM Bug #4134: Email notifications configuration migration to 2.2 broken (STARTTLS): Applied in changeset commit:792dbafd7b83e40e5bb9383294e2abb2b2ad083c. Renato Botelho
11:20 AM Bug #4134 (Feedback): Email notifications configuration migration to 2.2 broken (STARTTLS): Applied in changeset commit:ccf30846e7b7651da65ab0b5f44e77c70ba8c0d9. Renato Botelho
11:04 AM Revision b57ea0b7: Do not apply bw limits if the setting is not enabled in CP. Though still respect radius attributes for now with this setting. Resolves #4127: Ermal Luçi
11:03 AM Revision 1eff6ee0: Do not apply bw limits if the setting is not enabled in CP. Though still respect radius attributes for now with this setting. Resolves #4127: Ermal Luçi
11:03 AM Revision ce90c89a: Do not apply bw limits if the setting is not enabled in CP. Though still respect radius attributes for now with this setting. Resolves #4127: Ermal Luçi
10:52 AM Bug #4129 (Feedback): IPsec connections with multiple P2s use only first SA: Changes have been committed to generate single connections for each phase2 and confirmed by https://forum.pfsense.org... Ermal Luçi
08:03 AM Bug #4135 (Rejected): package update code does not run new update code from +packagename+.inc file when upgrading a package.: package update code does not run new update code from +packagename+.inc file when upgrading a package.
For example... Pi Ba
07:09 AM Feature #4133: Add GUI setting for VLANs PCP: Target to 2.2.1 for future review, 2.2 is now in RC state Renato Botelho
05:20 AM Bug #4127: CP per-user bandwidth restriction applied when disabled: Applied in changeset commit:b57ea0b75a722f86ba01f72393950ac49610b9b2. Ermal Luçi
05:20 AM Bug #4127: CP per-user bandwidth restriction applied when disabled: Applied in changeset commit:1eff6ee0a2b98b4e571e7cb4dd6fc285605f6307. Ermal Luçi
05:20 AM Bug #4127 (Feedback): CP per-user bandwidth restriction applied when disabled: Applied in changeset commit:ce90c89a308f6d3ceaf9193a570eb10911903f87. Ermal Luçi

12/21/2014

04:05 PM Revision acfef9f5: Standardise dynamic firewall log view: to be like Firewall Log widget:
1) Display IPv6 address and port in [a:b::c]:123 format
2) Fix same issue with rows g... Phil Davis
12:03 PM Revision c120bd8d: Handle firewall log widget display formats: the same way for the initial display and for updated rows done by Java Script. Now we receive the source IP and port,... Phil Davis
11:49 AM Revision 319e126e: Lastsawtime has moved further along: srcport, dstport and version are now explicitly passed as fields here, so lastsawtime is 3 fields further out. Phil Davis
11:45 AM Revision 1a9b610a: Pass src dst IP port through to firewall log: and IP version. So that the receiving code can easily have each pat of the IP addresses and ports, and display them a... Phil Davis

12/20/2014

08:13 PM Revision 30501526: Prevent resolvconf(8) from stomping all over our newly generated: resolv.conf and subsequent updates. Warren Baker
06:12 PM Revision fe416714: Put line break only if IPv4 address exists: This makes a line for the IPv4 address if it is there. If the IPv4 address goes away, the whole line will disappear, ... Phil Davis
06:05 PM Revision 7a0c88f8: Interfaces widget remove blank line if no IPv4 address: If the interface had an IPv6 address but no IPv4 address, there was a blank line where the IPv4 address would have be... Phil Davis
05:53 PM Bug #4129: IPsec connections with multiple P2s use only first SA: In my test above i created complete separate conn sections in the config file, it seems possible to not repeat all in... Pi Ba
05:16 PM Bug #4129: IPsec connections with multiple P2s use only first SA: I've been checking this a bit more, and did see that with the current way it does work properly for a tunnel that use... Pi Ba
05:16 PM Revision 6e795218: Set Interfaces widget IPv6 address: Now that get_interfacestatus() is returning us the IPv6 address, and interfaces.widget.php has a div to put it in, ac... Phil Davis
05:12 PM Revision d7884992: Send IPv4 and IPv6 address in get_interfacestatus: And make them strong (bold), which is how they are displayed originally by interfaces.widget.php
This allows the AJAX... Phil Davis
05:08 PM Revision 2795f40b: Interfaces widget create all div: All div for the various things need to be created here, so that later AJAX can switch the necessary things on/off and... Phil Davis
04:57 PM Bug #4134 (Resolved): Email notifications configuration migration to 2.2 broken (STARTTLS): 2.1.x config snippet:... Kill Bill
08:34 AM Feature #4133 (Resolved): Add GUI setting for VLANs PCP: Add support for optionally setting VLANs priority (PCP) through the GUI, saved as part of the xml configuration.
S... Clement Barnier
01:57 AM Revision 5b4ed0e1: Use correct port for viewing portal page contents. Ticket #4125: Chris Buechler
01:56 AM Revision 5a098344: Use correct port for viewing portal page contents. Ticket #4125: Chris Buechler

12/19/2014

09:33 PM Bug #4132 (Resolved): Captive Portal - Portal page contents - confusing instructions (gettext issue): Make sure to include a form (POST to "") with a submit button (name="accept") and a hidden field with name="redirurl"... Kill Bill
09:18 PM Revision 8cd0dba6: Fix help for UPnP/NAT-PMP: Jim Pingle
09:17 PM Revision a98ff7ef: Fix help for UPnP/NAT-PMP: Jim Pingle
08:56 PM Bug #4125 (Resolved): Captive Portal - Portal page contents - View current page has a broken link: Thanks for the feedback. I confirmed on another system as well. Chris Buechler
08:50 PM Bug #4125: Captive Portal - Portal page contents - View current page has a broken link: Works for me ;) Kill Bill
07:51 PM Bug #4125 (Feedback): Captive Portal - Portal page contents - View current page has a broken link: should be fixed, leaving for further testing. Chris Buechler
08:25 PM Revision 41c4ef39: Correct the leftsubnet specification for transport mode.: Ermal Luçi
08:24 PM Revision 85ea799e: Correct the leftsubnet specification for transport mode.: Ermal Luçi
07:54 PM Revision 7c2a9397: Ooops fix this identation on final config: Ermal Luçi
07:49 PM Revision 1bd77f26: Heh remove debugging code: Ermal Luçi
07:48 PM Revision 0b7f174c: Ooops fix this identation on final config: Ermal Luçi
06:54 PM Bug #4131 (Resolved): CP RADIUS accounting not working: Captive portal RADIUS accounting sends only 0 for Acct-Input and Output Packets, Octets, and Gigawords. Chris Buechler
06:43 PM Revision 83aaa431: Remove option that has now been merged into infra-host-ttl.: Warren Baker
06:30 PM Revision 7a683b46: Just whitespace save from removing a useless else { branch: Ermal Luçi
06:01 PM Revision 51a2c561: Remove unused function: Ermal Luçi
06:01 PM Revision 1aac6291: Remove unused function: Ermal Luçi
05:52 PM Bug #4129: IPsec connections with multiple P2s use only first SA: To add a little info/reference here from report: #4112, with StrongSwan i was able to make it work in my situation by... Pi Ba
12:50 AM Bug #4129: IPsec connections with multiple P2s use only first SA: probably the best next step, after discussion with Jim T earlier, is to try ipsec-tools on 2.2 and see if the issue p... Chris Buechler
12:41 AM Bug #4129 (Resolved): IPsec connections with multiple P2s use only first SA: Where you have multiple P2s on a P1, only the first is actually used. The SPD and SAD are correct in setkey's output,... Chris Buechler
05:29 PM Bug #4110 (Resolved): interface-group is not set properly on the openvpn interfaces after reboot: fixed Chris Buechler
05:00 PM Bug #4090 (Resolved): unbound advanced settings cause broken unbound.conf file: Chris Buechler
05:05 AM Bug #4090: unbound advanced settings cause broken unbound.conf file: Ah ok, please try to update to a more recent snapshot, it should be fixed now. Seems to be same issue of #4104 Renato Botelho
04:59 PM Bug #4067 (Resolved): Unbound configuration does not get synchronized to the secondary members of a cluster install: works Chris Buechler
04:56 PM Bug #4112 (Closed): ipsec, strongswan (sometimes) needs a 'conn' section with a unique reqid for each phase2: source of issue is #4129 Chris Buechler
04:53 PM Bug #4076: DNS Forwarder options do not unset during CARP sync: though if you enable unbound, then dnsmasq is unset on the secondary. Doesn't happen just by disabling dnsmasq, that ... Chris Buechler
04:50 PM Bug #4076: DNS Forwarder options do not unset during CARP sync: confirmed as described Chris Buechler
04:52 PM Bug #4099 (Resolved): IP aliases on localhost not config syncing across: fixed Chris Buechler
04:37 PM Bug #4021: Unbound doesn't handle v6 link local correctly: worked around this issue for the time being. Chris Buechler
04:36 PM Bug #3389 (Resolved): GUI allows to configure ICMPv4 types for ICMPv6 firewall rules: fixed Chris Buechler
04:32 PM Bug #4062: pfSense_getall_interface_addresses truncates v6 link local IPs: only thing I'm aware of that was broken by this was unbound, and that was worked around within unbound, so yeah pushi... Chris Buechler
02:28 PM pfSense Packages Bug #4087: Rule reload doesn't update FQDN entries in pf tables: there is no bug here, that's why. Chris Buechler
02:00 PM pfSense Packages Bug #4087: Rule reload doesn't update FQDN entries in pf tables: If you say so. Usually finding a workaround to a bug while the bug is being fixed is part of dealing with the bug. Volker Kuhlmann
12:10 PM pfSense Packages Bug #4087: Rule reload doesn't update FQDN entries in pf tables: this isn't a place for such discussions, please post to the forum or list. Chris Buechler
10:17 AM Bug #4130 (Confirmed): Status: Dashboard - index.php: XML error: no leases object found! (IPsec Widget): Confirmed it here. Adding the IPsec widget it starts logging it in the main system log. It may only happen when there... Jim Pingle
10:12 AM Bug #4130: Status: Dashboard - index.php: XML error: no leases object found! (IPsec Widget): Yes, removing that widget works. (Was kinda planning on removing that for now anyway, seems in quite a messy state wi... Kill Bill
09:52 AM Bug #4130: Status: Dashboard - index.php: XML error: no leases object found! (IPsec Widget): If you turn off the IPsec widget, does the error stop?
Do you have mobile IPsec enabled?
It's the only thing I ca... Jim Pingle
08:34 AM Bug #4130: Status: Dashboard - index.php: XML error: no leases object found! (IPsec Widget): ... Kill Bill
06:33 AM Bug #4130: Status: Dashboard - index.php: XML error: no leases object found! (IPsec Widget): And which dashboard widgets are enabled? Jim Pingle
05:18 AM Bug #4130: Status: Dashboard - index.php: XML error: no leases object found! (IPsec Widget): Phillip Davis wrote:
> Sounds like a problem in your /cf/conf/config.xml
> That should start with:
> <?xml version... Kill Bill
04:19 AM Bug #4130: Status: Dashboard - index.php: XML error: no leases object found! (IPsec Widget): I do not see that on my 2.2 boxes.
Sounds like a problem in your /cf/conf/config.xml
That should start with:
<?x... Phillip Davis
03:15 AM Bug #4130 (Resolved): Status: Dashboard - index.php: XML error: no leases object found! (IPsec Widget): Whenever I go to the index.php page, it produces the a system log entry like this:... Kill Bill
08:35 AM pfSense Packages Bug #4118: NUT fails to start in pfSense 2.2: Diff works. ;) Kill Bill
05:31 AM pfSense Packages Bug #4118: NUT fails to start in pfSense 2.2: Here's the diff if anyone wants it:... Denny Page
08:34 AM Revision 964dcb25: Enforce some more checking to avoid https://forum.pfsense.org/index.php?topic=85580.0: Ermal Luçi
08:34 AM Revision 11caacf6: Enforce some more checking to avoid https://forum.pfsense.org/index.php?topic=85580.0: Ermal Luçi
05:04 AM Bug #4104 (Resolved): unbound package configuration migration to 2.2 broken: Renato Botelho
12:22 AM Revision 19ddaa31: include $myid in these PSK lines. Ticket #4126: Chris Buechler
12:19 AM Revision 42a10991: include $myid in these PSK lines. Ticket #4126: Chris Buechler

12/18/2014

11:29 PM Feature #4128 (New): Email notification webgui configuration: Please consider implementing in the webgui a tab to configure what type of email we want to be send by services.
A... Lex lex
07:17 PM Bug #4127 (Resolved): CP per-user bandwidth restriction applied when disabled: If you have values entered for CP's per-user bandwidth restriction in 2.2, but don't have the box checked to enable i... Chris Buechler
06:16 PM Bug #4126 (Feedback): some PSKs incorrect in ipsec.secrets: what I committed makes it work the same as it does on 2.1.5. To Ermal for review, to verify that's correct. Chris Buechler
06:12 PM Bug #4126 (Resolved): some PSKs incorrect in ipsec.secrets: PSKs from the user manager and vpn_ipsec_keys.php are written to ipsec.secrets without a leading $myid, which makes t... Chris Buechler
06:13 PM Revision bd1a6267: Simplify logic using a proper function as spotted by Ermal: Renato Botelho
06:13 PM Revision 019c7b2d: Simplify logic using a proper function as spotted by Ermal: Renato Botelho
05:28 PM Bug #4110: interface-group is not set properly on the openvpn interfaces after reboot: With a short test this seems to be fixed now, thanks. Pi Ba
04:20 AM Bug #4110: interface-group is not set properly on the openvpn interfaces after reboot: Applied in changeset commit:02f65ece135c962b34548f2ec8ed9ed38ba22211. Renato Botelho
04:20 AM Bug #4110 (Feedback): interface-group is not set properly on the openvpn interfaces after reboot: Applied in changeset commit:da4f91a9207cc5b958adbca75415266700b4b8c6. Renato Botelho
05:26 PM Bug #4104: unbound package configuration migration to 2.2 broken: Fixed. (Same issue like the more generic Bug #4090 I guess.) Kill Bill
04:50 PM Bug #4125 (Resolved): Captive Portal - Portal page contents - View current page has a broken link: It links to http://fqdn:<zoneid>, e.g. http://pfsense.example.com:2 Kill Bill
03:52 PM Revision 0fcab48b: Replace ; by newlines when upgrading custom_options from unbound packages, it's related to ticket #4090: Renato Botelho
03:51 PM Revision c23f4d8f: Replace ; by newlines when upgrading custom_options from unbound packages, it's related to ticket #4090: Renato Botelho
02:32 PM Bug #4090: unbound advanced settings cause broken unbound.conf file: I guess I was unclear. It was a vanilla 2.1.5 system I upgraded to 2.2-RC for testing. Vick Khera
09:36 AM Bug #4090: unbound advanced settings cause broken unbound.conf file: Vick Khera wrote:
> No, it was a vanilla 2.1.5 system in a vm. I use it for testing things, then revert the image to... Renato Botelho
09:07 AM Bug #4090: unbound advanced settings cause broken unbound.conf file: No, it was a vanilla 2.1.5 system in a vm. I use it for testing things, then revert the image to the base system with... Vick Khera
08:37 AM Bug #4090: unbound advanced settings cause broken unbound.conf file: Did you upgrade this system from 2.1.x with unbound package installed? The upgrade code had an issue, it was using ; ... Renato Botelho
06:46 AM Bug #4090: unbound advanced settings cause broken unbound.conf file: Here it is. I also notice there is no config download option for unbound, just the dns forwarder. In any case, I cut ... Vick Khera
05:45 AM Bug #4090 (Feedback): unbound advanced settings cause broken unbound.conf file: I couldn't reproduce it, unbound.conf ended with lines exactly the same I added to textarea. Could you please share t... Renato Botelho
02:17 PM Revision ab0e4080: Do not restart unneeded services. Also triger configuration for the proper interface.: Ermal Luçi
02:17 PM Revision 65a6e535: Do not restart unneeded services. Also triger configuration for the proper interface.: Ermal Luçi
11:54 AM Revision 1a2ea2cc: Display better message when booting and awaiting package reinstall: Phil Davis
11:21 AM Revision 906ae455: Merge pull request #1391 from ExolonDX/master: Renato Botelho
10:03 AM Revision 02f65ece: Add openvpn interfaces to group when they are created, it should fix #4110: Renato Botelho
10:03 AM Revision afe81d69: Check if interface exist before try to add it to group: Renato Botelho
10:03 AM Revision da4f91a9: Add openvpn interfaces to group when they are created, it should fix #4110: Renato Botelho
10:02 AM Revision 67de15fc: Check if interface exist before try to add it to group: Renato Botelho
09:14 AM Feature #3633: OpenVPN client's "Client Certificate" should be optional: RE: no cert vs no CA.
The cryptostorm.is service does supply a CA certificate which I imported to the pfSense cert ... Marcus Brown
09:11 AM Feature #3633: OpenVPN client's "Client Certificate" should be optional: I tested the patch.
It does indeed work for the username only AND password only use case.
I pasted my key into th... Marcus Brown
07:17 AM Revision 5454fd1b: Allow dot at end of FQDN for a host: Redmine #4124 has discussion of this. Phil Davis
05:02 AM Bug #4124: Alias FQDNs don't permit trailing period: I made pull request https://github.com/pfsense/pfsense/pull/1394
That solution enables the validation of things like... Phillip Davis
01:08 AM Bug #4124: Alias FQDNs don't permit trailing period: Yes, that is annoying for people who want/like/need to put the correct whole FQDN, including the root domain ".".
e.... Phillip Davis
04:24 AM Revision 2ccdd739: Display better message when booting and awaiting package reinstall: Phil Davis
04:22 AM Revision 8aec06e0: Display better message when booting and awaiting package reinstall: Phil Davis
03:44 AM Bug #4122 (Resolved): webConfiguratorlockout table is missing expiration: Renato Botelho
01:15 AM Bug #4122: webConfiguratorlockout table is missing expiration: Works - I locked myself out from 1 IP address (after about 15 dodgy password entries). After the following hour bound... Phillip Davis
12:41 AM Feature #3506: Firewall:Aliases - Sort/Move Function: The other really useful feature would be to be able to disable entries in the alias list without having to remove the... Volker Kuhlmann
12:16 AM Feature #3506: Firewall:Aliases - Sort/Move Function: +1 Bipin Chandra

12/17/2014

07:54 PM Bug #4110 (Confirmed): interface-group is not set properly on the openvpn interfaces after reboot: confirmed as described Chris Buechler
07:46 PM Bug #4121 (Rejected): Failover don´t switch back to Tier 1: not true. I re-tested typical multi-WAN scenarios, then tested the less typical case described here where an OpenVPN ... Chris Buechler
04:32 AM Bug #4121 (Rejected): Failover don´t switch back to Tier 1: I Have two Gateway´s in a Group (Failover)
Tier1 = HideVPN Gateway OpenVPN with Monitoring IP
Tier2 = Normal WAN ... Cor-nY r!Egelchen
06:48 PM Revision 55092b0e: Bump latest_config version that I forgot on previous commit. Spotted by Jim Pingle: Renato Botelho
06:47 PM Revision a03551c2: Bump latest_config version that I forgot on previous commit. Spotted by Jim Pingle: Renato Botelho
06:26 PM Bug #4111 (Resolved): Unbound replies using wrong source IP when bound to *: If not ideal since it only completely fixes the circumstance where you're binding to *:53, this is the best we can do... Chris Buechler
06:25 PM Revision 264d17a5: syslogd can't just be HUPed to pick up its new config, as many of those: are command line arguments. Go back to 2.1x and prior behavior of TERM and
restart. Fixes source IP use with syslog a... Chris Buechler
06:21 PM Revision f1905a3e: syslogd can't just be HUPed to pick up its new config, as many of those: are command line arguments. Go back to 2.1x and prior behavior of TERM and
restart. Fixes source IP use with syslog a... Chris Buechler
06:17 PM Revision b0885c5a: Add a cron item to expire items from webConfiguratorlockout, also add config upgrade code. This fixes #4122: Renato Botelho
06:17 PM Revision 56c8376a: Add a cron item to expire items from webConfiguratorlockout, also add config upgrade code. This fixes #4122: Renato Botelho
05:27 PM Revision aafa7657: Check if interface is disabled when configuring DHCP server. It fixes #4119: Renato Botelho
05:27 PM Revision b2379012: Disable dhcp server when interface is disabled. Ticket #4119: Renato Botelho
05:27 PM Revision a030a437: Do not check disabled interfaces, ticket #4119: Renato Botelho
05:26 PM Revision 57006646: Check if interface is disabled when configuring DHCP server. It fixes #4119: Renato Botelho
05:25 PM Revision f4c40620: Disable dhcp server when interface is disabled. Ticket #4119: Renato Botelho
05:25 PM Revision e94692c0: Do not check disabled interfaces, ticket #4119: Renato Botelho
03:41 PM pfSense Packages Bug #4087: Rule reload doesn't update FQDN entries in pf tables: Is there a way to sun a command that does an update immediately?
filterdns is run as
/usr/local/sbin/filterdns -p... Volker Kuhlmann
03:05 PM Feature #3506: Firewall:Aliases - Sort/Move Function: I would really like this feature too. When having aliases with 15 or 20 hosts etc. it is easier to maintain if they c... Volker Kuhlmann
02:48 PM Bug #4124 (Resolved): Alias FQDNs don't permit trailing period: On page
https://pfsense/firewall_aliases_edit.php?id=xx
for alias type network(s) entering an FQDN with trailing pe... Volker Kuhlmann
02:02 PM Revision 2ae99d06: Give the proper value for the logging level since even 0 is the correct value coming from GUI.: Ermal Luçi
12:54 PM Todo #4123 (Closed): Add support to multiple tables to expiretable: Improve expiretable to support multiple tables and remove multiple calls from crontab Renato Botelho
12:30 PM Bug #4122: webConfiguratorlockout table is missing expiration: Applied in changeset commit:b0885c5a7aa20801d78df77f5124eca766f34723. Renato Botelho
12:30 PM Bug #4122 (Feedback): webConfiguratorlockout table is missing expiration: Applied in changeset commit:56c8376a9eabdc59e8f71535c0f3cd871cd776f1. Renato Botelho
09:00 AM Bug #4122 (Resolved): webConfiguratorlockout table is missing expiration: The sshlockout_pf process adds IP addresses that fail too many GUI login attempts to the webConfiguratorlockout table... Jim Pingle
11:54 AM Revision c1476a2a: Give the proper value for the logging level since even 0 is the correct value coming from GUI.: Ermal Luçi
11:30 AM Bug #4119: Disable DHCP server when interface is disabled / DHCP relay is checking for disabled interfaces: Applied in changeset commit:aafa7657399edf835a28c106c37ac71cc9b24335. Renato Botelho
11:30 AM Bug #4119 (Feedback): Disable DHCP server when interface is disabled / DHCP relay is checking for disabled interfaces: Applied in changeset commit:570066460e88a63d186e8892930927e6e9825fc4. Renato Botelho
11:18 AM Bug #4119: Disable DHCP server when interface is disabled / DHCP relay is checking for disabled interfaces: Original issue is also present Renato Botelho
10:04 AM Bug #4119 (Assigned): Disable DHCP server when interface is disabled / DHCP relay is checking for disabled interfaces: The real issue here is DHCP server still starts after interface is disabled, even if you reboot the system service is... Renato Botelho
10:10 AM Bug #4102: Could not find IPv4/IPv6 gateway for interface log spam: Guys, can you tell me how to stop logging this junk at least? This renders the system log absolutely useless with fir... Kill Bill
08:08 AM Bug #4062: pfSense_getall_interface_addresses truncates v6 link local IPs: I would push this on 2.2.1 since i am not yet able to evaluate if this is fixed what all is impacted. Ermal Luçi
04:29 AM Todo #4120 (Resolved): Improve passwd security: A couple of things to be done to improve pfSense passwd:
- Change hash from MD5 to SHA512 or blowfish
- Start to ... Renato Botelho

12/16/2014

11:01 PM Revision cc2c1a3c: Encode space to avoid rejecting users with spaces in username: Ermal Luçi
11:01 PM Revision 05992982: Encode space to avoid rejecting users with spaces in username: Ermal Luçi
09:52 PM Revision 55edb8d6: Use updated URLs for Limiters and Layer 7 help.: Jim Pingle
09:52 PM Revision 50b00432: Use updated URLs for Limiters and Layer 7 help.: Jim Pingle
09:10 PM Revision 00342f85: Remove some old comments and unnecessary cruft.: Jim Pingle
09:10 PM Revision 8db9ed79: Remove some old comments and unnecessary cruft.: Jim Pingle
09:08 PM Revision d9ecdec0: Pick up some more new pages for 2.2 that need help links.: Jim Pingle
09:08 PM Revision 51579bb4: Pick up some more new pages for 2.2 that need help links.: Jim Pingle
09:03 PM pfSense Packages Bug #4118: NUT fails to start in pfSense 2.2: Thanks Denny: Confirmed to fix my copy.
[code]
#!/bin/sh
# This file was automatically generated
# by the pfSe... Chris Palmer
08:48 PM Revision e4e6c315: Some misc updates to pkg help links: Jim Pingle
08:47 PM Revision 7b7e4de7: Some misc updates to pkg help links: Jim Pingle
08:26 PM Revision 72c35a46: Add help for Unbound/DNS Resolver and its related tabs.: Jim Pingle
08:26 PM Revision 84b85dc5: Add help for Unbound/DNS Resolver and its related tabs.: Jim Pingle
07:49 PM Revision c2e6e8e2: Remove "link", "vlink" and "alink" from BODY tag: This is a positional change to remove "link", "vlink" and "alink" from
the BODY tag, the following themes do not have... Colin Fleming
07:21 PM Revision db7a17d0: Point these CARP Help pages at more useful places.: Jim Pingle
07:21 PM Revision e38f03a0: Point these CARP Help pages at more useful places.: Jim Pingle
07:13 PM Revision 24a87e44: Use provided function to change user's password: Renato Botelho
07:10 PM Revision c445a9f5: Use provided function to change user's password: Renato Botelho
06:22 PM Revision dd05d045: Fixup the rest of the URLs for DHCPv6/RA help.: Jim Pingle
06:22 PM Revision 9279460b: Fixup the rest of the URLs for DHCPv6/RA help.: Jim Pingle
05:45 PM Revision 50f5c82e: The ID in DUID is Identifier.: See also: ATM Machine, ISP Provider, DMZ Zone, LCD Display, GMT Time... Jim Pingle
05:41 PM Revision 6f49b97d: The ID in DUID is Identifier.: See also: ATM Machine, ISP Provider, DMZ Zone, LCD Display, GMT Time... Jim Pingle
05:32 PM Bug #4112: ipsec, strongswan (sometimes) needs a 'conn' section with a unique reqid for each phase2: the subject here isn't what the problem really is, but there is some kind of interoperability issue with multiple P2s... Chris Buechler
04:48 PM Revision 0f680478: Remove old/invalid note: Jim Pingle
04:48 PM Revision 2fedc3ee: Update help links for DHCPv6 relay and DHCPv6 Lease Status: Jim Pingle
04:48 PM Revision 136633ce: Update help links for DHCPv6 relay and DHCPv6 Lease Status: Jim Pingle
04:47 PM Revision d5b8bf16: Remove old/invalid note: Jim Pingle
03:54 PM Revision 0c4fb3c0: Fix up Help links for Inbound Load Balancing.: Jim Pingle
03:53 PM Revision 95349b2c: Fix up Help links for Inbound Load Balancing.: Jim Pingle
01:49 PM Bug #4116: IP Alias VIPs using CARP VIP as their interface are not properly deactivated for temporary CARP disable: The "temporary" button seems to behave OK in my test setup now but maintenance mode still does not appear to work pro... Jim Pingle
06:30 AM Bug #4116: IP Alias VIPs using CARP VIP as their interface are not properly deactivated for temporary CARP disable: Applied in changeset commit:936e554bab69b0f6b1eb53cae807e3f2fafa3e73. Renato Botelho
06:30 AM Bug #4116 (Feedback): IP Alias VIPs using CARP VIP as their interface are not properly deactivated for temporary CARP disable: Applied in changeset commit:dd0cb9fcf4428d8fdc0e6cd380ea2a5dff4e9114. Renato Botelho
01:34 PM Revision 9d26addd: Make logic more visible as suggested by Ermal: Renato Botelho
01:33 PM Revision 136217fd: Make logic more visible as suggested by Ermal: Renato Botelho
01:28 PM Revision d4ea38c5: Tidy up "widgets" XHTML: Add CDATA sections to scripts
Add ALT to image tags and close image tags
DIV tag cannot be inside a STRONG tag, so sw... Colin Fleming
01:28 PM Revision 04e722a6: Merge pull request #1388 from ExolonDX/master: Renato Botelho
12:22 PM Revision 936e554b: Cleanup aliases when temporarily disable CARP, fixes #4116: Renato Botelho
12:22 PM Revision 43157c8f: Teach interface_vip_bring_down() to deal with IP Alias over CARP: Renato Botelho
12:19 PM Revision dd0cb9fc: Cleanup aliases when temporarily disable CARP, fixes #4116: Renato Botelho
12:18 PM Revision 28268a4a: Teach interface_vip_bring_down() to deal with IP Alias over CARP: Renato Botelho
10:46 AM Bug #4119 (Resolved): Disable DHCP server when interface is disabled / DHCP relay is checking for disabled interfaces: DHCP Relay will print the usual error about DHCP being enabled even when DHCP is not active, if there is a disabled o... Jim Pingle
06:26 AM Bug #4100 (Resolved): Validation of y/n answers in setlanip console menu: The question in the end is an enhancement, this ticket can be safely closed. Renato Botelho
03:24 AM Bug #3915: DHCP server static mapped clients do not receive custom DNS servers: Received this text in email today from dhcp-bugs@isc.org :
--------
Yes 4.3 added this functionality. There was a b... Phillip Davis

12/15/2014

09:58 PM Bug #4074: Status NTP does not display any result if IPv6 Allow is off: So far, all that has been committed is a change to the ntpq command that gets the ntpd status, forcing it to use IPv4... Phillip Davis
01:12 PM Bug #4074: Status NTP does not display any result if IPv6 Allow is off: I'm still seeing NTP IPv6 requests blocked on lo0 using the Sat Dec 13 13:26:22 amd64 build. Should this fix be prese... Andy Sayler
09:45 PM Revision 363a0231: Follow help page that moved.: Jim Pingle
09:45 PM Revision 745e7941: Follow help page that moved.: Jim Pingle
09:41 PM Bug #4100: Validation of y/n answers in setlanip console menu: And in the end the committed pull request was: https://github.com/pfsense/pfsense/pull/1385
I will do a change to ad... Phillip Davis
06:24 AM Bug #4100 (Feedback): Validation of y/n answers in setlanip console menu: Merged, thanks! Renato Botelho
09:31 PM Revision 79c3a753: Follow help page that moved.: Jim Pingle
09:30 PM Revision 327bbab6: Follow help page that moved.: Jim Pingle
08:28 PM pfSense Packages Bug #4078: NUT fails to start with USB: I've determined that the USB problem was due to leftover files from the NUT install under pfSense 2.1.5. After having... Denny Page
08:20 PM pfSense Packages Bug #4118 (Resolved): NUT fails to start in pfSense 2.2: The start up script for NUT, /usr/local/etc/rc.d/nut.sh, needs to change the path used to invoke upsdrvctl.
In Fre... Denny Page
07:18 PM Revision 73041230: Add DNS Resolver to the list of services to be sync'd on HA, make sure it and DNS Forwarder are not enabled simultaneously. It fixes #4067: Renato Botelho
07:18 PM Revision d691465c: Fix password field name: Renato Botelho
07:18 PM Revision 03226d75: Use newline to separate unbound custom options during config upgrade, it should fix #4104: Renato Botelho
07:18 PM Revision 8f3b2775: Add a shortcut for unbound and enable it: Renato Botelho
07:18 PM Revision f6179f4c: Fix password field name to apply correct style: Renato Botelho
07:16 PM Revision c25caf5b: Add DNS Resolver to the list of services to be sync'd on HA, make sure it and DNS Forwarder are not enabled simultaneously. It fixes #4067: Renato Botelho
06:43 PM Revision fa2122b0: Fix password field name: Renato Botelho
06:42 PM Revision 387ab31a: Use newline to separate unbound custom options during config upgrade, it should fix #4104: Renato Botelho
06:18 PM Revision 6bb9db05: Add a shortcut for unbound and enable it: Renato Botelho
04:47 PM Revision 99441482: Fix password field name to apply correct style: Renato Botelho
03:41 PM Bug #4117 (Resolved): Using run(4) USB WLAN in hostap mode crashes in FreeBSD 10.x: I was using a "Hama Wireless LAN USB 2.0 Stick 300 Mbps" for some time as an access point with the 2.2 alpha and beta... Andreas Mueller
01:30 PM Bug #4067: Unbound configuration does not get synchronized to the secondary members of a cluster install: Applied in changeset commit:73041230a79f7b0f2cbae60cf51596a1232d5029. Renato Botelho
01:30 PM Bug #4067 (Feedback): Unbound configuration does not get synchronized to the secondary members of a cluster install: Applied in changeset commit:c25caf5b01269961d0129f8f83dc8dc1a078c3a8. Renato Botelho
08:49 AM Bug #4067: Unbound configuration does not get synchronized to the secondary members of a cluster install: I'll take it Renato Botelho
01:30 PM Bug #4104: unbound package configuration migration to 2.2 broken: Applied in changeset commit:03226d75ba52c78d33c5afaaa81379baf0d3856f. Renato Botelho
01:30 PM Bug #4104 (Feedback): unbound package configuration migration to 2.2 broken: Applied in changeset commit:387ab31a976fbacfc0d8e2fde7efb7cb1c4b6b6b. Renato Botelho
12:11 PM Bug #4104: unbound package configuration migration to 2.2 broken: It's these checkboxes breaking the upgrade:
!http://i.imgur.com/od1nv1s.png!
Kill Bill
08:50 AM Bug #4104: unbound package configuration migration to 2.2 broken: Can you share your unbound config from 2.1.x? Renato Botelho
12:46 PM Revision 5cfd9481: Add missing BR tags and fix display with pfsense_ng_fs theme. It fixes #4115: Renato Botelho
12:44 PM Revision e51d6e1b: Add missing BR tags and fix display with pfsense_ng_fs theme. It fixes #4115: Renato Botelho
12:31 PM Bug #4115 (Resolved): Services - DHCP/DHCPv6 Server - some advanced options have messed up GUI: Renato Botelho
12:10 PM Bug #4115: Services - DHCP/DHCPv6 Server - some advanced options have messed up GUI: Fixed after gitsync, thanks. ;) Kill Bill
06:50 AM Bug #4115: Services - DHCP/DHCPv6 Server - some advanced options have messed up GUI: Applied in changeset commit:5cfd948144741ba0d6981f89b2e40257cb9ef2b1. Renato Botelho
06:50 AM Bug #4115 (Feedback): Services - DHCP/DHCPv6 Server - some advanced options have messed up GUI: Applied in changeset commit:e51d6e1b7f195cbc8300c473a14610b84cc191b0. Renato Botelho
05:24 AM Bug #4115 (Resolved): Services - DHCP/DHCPv6 Server - some advanced options have messed up GUI: *DHCP server:*
!http://i.imgur.com/yiRg3HA.png!
*DHCPv6 server:*
!http://i.imgur.com/qfFo5Cz.png!
(FWIW, this... Kill Bill
11:30 AM Feature #3633: OpenVPN client's "Client Certificate" should be optional: @G Brinton - can you try the code in https://github.com/pfsense/pfsense/pull/1389
I discovered that OpenVPN does n... Phillip Davis
10:25 AM Feature #3633: OpenVPN client's "Client Certificate" should be optional: Actually, at the moment, the code does allow a password to be entered without username - it gets through the front-en... Phillip Davis
09:21 AM Feature #3633: OpenVPN client's "Client Certificate" should be optional: Can we relax the input validation to require password only?
I've tested it with a service provider that only requir... Marcus Brown
11:11 AM Bug #3910: Cannot set advskew back to 0: There still seems to be an issue here. On a current snapshot when I try to leave maintenance mode the skew is stuck a... Jim Pingle
11:00 AM Bug #4116 (Resolved): IP Alias VIPs using CARP VIP as their interface are not properly deactivated for temporary CARP disable: When using "Temporarily Disable CARP", IP alias VIPs using a CARP VIP "interface" are still present and the interface... Jim Pingle

12/14/2014

10:03 PM Revision 6678fdd1: Tidy up "widgets" XHTML: Add CDATA sections to scripts
Add ALT to image tags and close image tags
DIV tag cannot be inside a STRONG tag, so sw... Colin Fleming
08:09 PM pfSense Packages Bug #4114 (Resolved): Squid 3.4.9 transparent proxy broken.: The latest Squid packages all had issues, but none of them as serious as transparent proxy not working.
Squid has to... Arthur Undisclosed
05:58 PM Bug #4113 (Resolved): multiple instances of /var/db/rrd/updaterrd.sh: On my pfsenses I see multiple instances of updaterrd.sh
Because all instances uses only one pid file with only one... Grischa Zengel
03:28 PM Bug #4112 (Closed): ipsec, strongswan (sometimes) needs a 'conn' section with a unique reqid for each phase2: ipsec, strongswan (sometimes) needs a 'conn' section with a unique reqid for each phase2
I've been trying to repla... Pi Ba
08:09 AM Bug #4103: Xen xn NICs can't tag VLANs: On Interfaces/VLAN is written:... Grischa Zengel
12:52 AM Feature #4108: USB printers support required: Including ulpt driver module into freebsd/pfsense compilation does not make a print server from it, not even close to... Vladimir Suhhanov

12/13/2014

10:47 PM Feature #4108 (Rejected): USB printers support required: It's a firewall, not a print server. Don't do that. Anyone who *really* wants to can copy over a ulpt.ko from stock F... Chris Buechler
01:02 AM Feature #4108 (Rejected): USB printers support required: I ask you to add ulpt driver module or compile it into the kernel. People want to use it! :)
https://www.freebsd.org... Vladimir Suhhanov
07:25 PM Revision 7dd5f0f7: Where binding Unbound to *:53, set "interface-automatic: yes" so replies are sourced from the correct IP. Ideally this should always work this way, but setting this causes Unbound to bind to *:53, which shouldn't happen where specific interfaces are chosen. Ticket #4111: Chris Buechler
07:24 PM Revision f358fe3f: Where binding Unbound to *:53, set "interface-automatic: yes" so replies are sourced from the correct IP. Ideally this should always work this way, but setting this causes Unbound to bind to *:53, which shouldn't happen where specific interfaces are chosen. Ticket #4111: Chris Buechler
01:20 PM Bug #4111 (Feedback): Unbound replies using wrong source IP when bound to *: Fix committed and verified for the circumstance where binding all interfaces. Chris Buechler
01:17 PM Bug #4111 (Resolved): Unbound replies using wrong source IP when bound to *: When Unbound is bound to all interfaces, it replies back with the source IP it would use for initiating a new connect... Chris Buechler
12:09 PM Bug #4110 (Resolved): interface-group is not set properly on the openvpn interfaces after reboot: interface-group is not set properly on the openvpn interfaces after reboot
The openvpn interfaces are part of the My... Pi Ba
10:57 AM pfSense Packages Bug #4109: squid package doesn't include hostname when logging remotely: sorry - snort not squid ;)
The remote system can detect the sender, of cause. But if you ommit the hostname, it's no... Patrick Hieber
10:00 AM pfSense Packages Bug #4109 (Rejected): squid package doesn't include hostname when logging remotely: Squid/snort inconsistencies in the report aside, syslog does not include that. It's up to the remote system to identi... Jim Pingle
07:41 AM pfSense Packages Bug #4109 (Rejected): squid package doesn't include hostname when logging remotely: Squid doesn't include the hostname when logging remotely (e.g.):
<33>Dec 13 13:40:18 snort[2160]: [120:3:1] (http_... Patrick Hieber
09:03 AM Bug #3848: enabling schedule on 2.1.5 causes page fault: 21 days and no page fault so far. I am updating to the latest build today and will continue to monitor. Ernst den Broeder
05:48 AM Bug #4103: Xen xn NICs can't tag VLANs: In XN there couldn't be tagging problems, because it didn't know anything about tagging.
They will tell me that the ... Grischa Zengel
12:55 AM Bug #4107 (Resolved): Firmware backup restoration via WebUI does not reboot firewall at the end, no logs, no messages: If you restore full backups via console, using upgrade firmware menu - no problem it is working, the only one thing i... Vladimir Suhhanov

Also available in: Atom

Project

General

Profile

pfSense

Activity

Activity

01/11/2015

01/10/2015

01/09/2015

01/08/2015

01/07/2015

01/06/2015

01/05/2015

01/04/2015

01/03/2015

01/02/2015

01/01/2015

12/31/2014

12/30/2014

12/29/2014

12/28/2014

12/27/2014

12/26/2014

12/25/2014

12/24/2014

12/23/2014

12/22/2014

12/21/2014

12/20/2014

12/19/2014

12/18/2014

12/17/2014

12/16/2014

12/15/2014

12/14/2014

12/13/2014