Project

General

Profile

Activity

From 12/25/2014 to 01/23/2015

01/23/2015

11:06 PM Bug #4269: Modifying port forwarding rule to invalid IP kill the firewall until reboot
Well, indeed, not 'dead', but traffic is stopped.
I did what you suggested and e don't see any loop. However, I s... Eric Hoffman
10:35 PM Bug #4269 (Feedback): Modifying port forwarding rule to invalid IP kill the firewall until reboot
it's certainly not possible to kill a system by putting an incorrect IP into a port forward. maybe if you managed to ... Chris Buechler
10:08 PM Bug #4269 (Not a Bug): Modifying port forwarding rule to invalid IP kill the firewall until reboot
First, this is using invalid actions, so this is not so critical, but doing so will result in denial of service.
-... Eric Hoffman
09:04 PM Bug #4267 (Closed): IPSEC Phase 1 deletion
thought we already had a ticket to change strongswan's behavior here in the future, apparently not, but we do now. #4... Chris Buechler
08:55 PM Bug #4267 (Closed): IPSEC Phase 1 deletion
Deleting an IPSEC phase 1 entry from vpn_ipsec.php for a tunnel that has not connected does not result in the entry b... Christian Borchert
09:03 PM Bug #4268 (Closed): changes in strongswan config don't apply to SAD or SPD
Doesn't appear we've opened a ticket to address this yet. strongSwan's behavior of not updating the SAD is going to g... Chris Buechler
05:39 PM Bug #4266: Rekeying issues with IKEv1 and multiple P2s under some circumstances
to me for info gathering Chris Buechler
05:39 PM Bug #4266 (Resolved): Rekeying issues with IKEv1 and multiple P2s under some circumstances
Where you have multiple P2s configured on a single P1 with IKEv1, there are some rekeying issues under some circumsta... Chris Buechler
02:52 PM Revision 4c7f7c29: Merge pull request #5 from SanderVanLeeuwen/bootstrap
Updated documentation / guidelines SjonHortensius
06:18 AM Feature #4265: UPNP allow use of alias and schedule
can any of the core developer let me know what would be the preferred method for those permission list so i can make ... Bipin Chandra
02:57 AM Feature #4265: UPNP allow use of alias and schedule
i mean separated with a "," Bipin Chandra
02:56 AM Feature #4265: UPNP allow use of alias and schedule
well, what i can do is is replace the last 4 permission boxes with a single one where some1 could type out all entrie... Bipin Chandra
06:11 AM Bug #4231: bridge or lagg of openvpn link down after reboot
And the interface LAGG is BRIGED with the LAN dominique dupont
04:12 AM Bug #4231: bridge or lagg of openvpn link down after reboot
After the patche of bug https://redmine.pfsense.org/issues/4257
the BRIDGE is OK, but not the LAGG
On 2.2RC last up... dominique dupont
12:42 AM pfSense Packages Bug #4256: Squid3 using 100% CPU after install/reboot
As shown in the log above: some squid processes. The issue is stable to reproduce. Dmitriy K
12:02 AM Revision 323317c3: Typo
Sander van Leeuwen

01/22/2015

10:41 PM Revision 6c943511: Additional documentation
- Added checkbox example
- Form field help block example
- Button and icon usage explained Sander van Leeuwen
08:38 PM Feature #4242: Two Factor or OTP Authentication for Admin Interface
Many if not most 2FA solutions support LDAP and/or RADIUS so are already supported. That said, enhancements here woul... Chris Buechler
07:56 PM Revision 145eb990: Fixes #4257 With the platform_booting() fixes a regression was done on openvpn tap interfaces or dynamic ones that are part of a bridge.
Allow during bootup rc.newwanip to continue up to a ceratin part to handle bridges or other complex interfaces. Ermal Luçi
07:56 PM Revision 30a61a89: Fixes #4257 With the platform_booting() fixes a regression was done on openvpn tap interfaces or dynamic ones that are part of a bridge.
Allow during bootup rc.newwanip to continue up to a ceratin part to handle bridges or other complex interfaces. Ermal Luçi
06:04 PM Bug #4252 (Resolved): radvd not functional with CARP IPs
fixed Chris Buechler
06:20 AM Bug #4252: radvd not functional with CARP IPs
Applied in changeset commit:9b527a7931795466ab7286f0caadd7bef082d002. Renato Botelho
06:10 AM Bug #4252 (Feedback): radvd not functional with CARP IPs
Applied in changeset commit:8e24d1dacd80fd539cc9dd6a5f0a7c8953bcffd0. Renato Botelho
12:58 AM Bug #4252 (Confirmed): radvd not functional with CARP IPs
this is mostly fixed. Where CARP goes to backup status, it seems fine. But if the CARP VIPs are completely gone, it f... Chris Buechler
05:45 PM Bug #4257 (Resolved): tap interfaces missing from bridge after boot
fixed Chris Buechler
02:10 PM Bug #4257: tap interfaces missing from bridge after boot
Applied in changeset commit:145eb9907c638f5a1cf279b480a69bb3556c3b7e. Ermal Luçi
02:10 PM Bug #4257: tap interfaces missing from bridge after boot
Applied in changeset commit:30a61a895a969cfa890a30df76b2f83b252cb231. Ermal Luçi
01:56 PM Bug #4257 (Feedback): tap interfaces missing from bridge after boot
Fixed anything else apart taps through this issue. Ermal Luçi
01:25 AM Bug #4257 (Confirmed): tap interfaces missing from bridge after boot
at the time I set it to 2.2.1, 2.2-release was already built and signed. Since we're rebuilding it for other reasons,... Chris Buechler
12:44 AM Bug #4257: tap interfaces missing from bridge after boot
To remind you: there is no traffic between sites after reboot. Both sides are UP and RUNNING and NOTHING goes between. Dmitriy K
12:37 AM Bug #4257: tap interfaces missing from bridge after boot
Huh, team is going to release 2.2 without working tap openvpn? That's interesting ... Dmitriy K
05:34 PM Bug #4248 (Resolved): AES-GCM doesn't interoperate with devices not using padding
fixed Chris Buechler
05:39 AM Bug #4248 (Feedback): AES-GCM doesn't interoperate with devices not using padding
Fixed by allowing the blocksize to not be multiple of blocksize. Ermal Luçi
01:29 AM Bug #4248 (Confirmed): AES-GCM doesn't interoperate with devices not using padding
Jim mentioned today we'll get this addressed in 2.2.
Ermal: test setup with AES-GCM to an ASA is setup. will emai... Chris Buechler
04:27 PM Revision e8477a56: Text tweak
Sander van Leeuwen
12:02 PM Revision 9b527a79: Make sure radvd is reconfigured when CARP is enabled/disabled. It should fix #4252
Renato Botelho
12:01 PM Revision 8e24d1da: Make sure radvd is reconfigured when CARP is enabled/disabled. It should fix #4252
Renato Botelho
11:41 AM Revision 91729b57: Save the tradition and point to used binaries here
Ermal Luçi
11:41 AM Revision b711bfac: Save the tradition and point to used binaries here
Ermal Luçi
11:03 AM Revision 560d1b53: When configuring radvd, check if carp is enabled. Ticket #4252
Renato Botelho
11:02 AM Revision 7b753c2b: Do not translate function return string
Renato Botelho
11:01 AM Feature #4265: UPNP allow use of alias and schedule
I don't get the design in the first place. You could as many permissions there as needed, if only there was one of th... Kill Bill
04:28 AM Feature #4265 (New): UPNP allow use of alias and schedule
it would be great if the upnp settings page allowed to type in individual client ip for which to allow or deny rather... Bipin Chandra
11:01 AM Revision ee8fb75d: Fix typo in function name
Renato Botelho
11:00 AM Revision 150d479b: When configuring radvd, check if carp is enabled. Ticket #4252
Renato Botelho
11:00 AM Revision 42cc62a2: Do not translate function return string
Renato Botelho
10:59 AM Revision 44763e58: Fix typo in function name
Renato Botelho
10:24 AM Revision 2a746a1e: Add language hint to code block
Sander van Leeuwen
10:22 AM Revision f180fe1a: Code style documentation for tables and forms
Sander van Leeuwen
09:14 AM Revision dc85e806: Merge branch 'master' of https://github.com/pfsense/pfsense
Sjon Hortensius
09:13 AM Revision cc5b2948: Merge pull request #4 from SanderVanLeeuwen/bootstrap
Firewall rules and VPN L2TP layout changes SjonHortensius
09:05 AM Bug #1333: Rate causes high CPU usage
Not here:
PID USERNAME THR PRI NICE SIZE RES STATE TIME WCPU COMMAND
70675 root 1 119 0 3... Wayne Scott
08:22 AM Bug #4240: 2.2 IPv6 radvd RDNSS Issue
attached screenshots Adam Fathauer
06:45 AM Feature #3120 (Rejected): WebConfigurator, open help page on new window
The help link used to open in a new window, it was changed to give the user the choice. The way it is now, the user c... Jim Pingle
03:25 AM Feature #4264 (Closed): Make distinction between general & security updates, while applying the latter automatically
Current pfSense setup does not make a distinction between security updates and general updates. The latter requires a... niels hof
02:48 AM Bug #4258: DNS Resolver - auto-added access controls missing IPv6 subnets where "all" interfaces selected
OK, lets call this fixed then. Thanks. :)
(Kinda inconsistent results, perhaps the VPN stuff would be worth a sepa... Kill Bill
02:43 AM Bug #4258: DNS Resolver - auto-added access controls missing IPv6 subnets where "all" interfaces selected
for v4, it uses the same source networks as it uses for outbound NAT auto rule generation, which is a diff process. Chris Buechler
02:23 AM Bug #4258: DNS Resolver - auto-added access controls missing IPv6 subnets where "all" interfaces selected
Kinda confused really what it covers now. It certainly is adding OpenVPN and IPSec IPv4 subnets to the ACL. Kill Bill
02:20 AM Bug #4258: DNS Resolver - auto-added access controls missing IPv6 subnets where "all" interfaces selected
It only covers interfaces that are assigned and enabled plus static routes for IPv6. Manual entries will be required ... Chris Buechler
02:06 AM Bug #4258: DNS Resolver - auto-added access controls missing IPv6 subnets where "all" interfaces selected
Ok, this works mostly fine, except that it misses OpenVPN's IPv6 (and probably IPsec as well, don't have IPv6 IPsec t... Kill Bill
02:45 AM Feature #4262: Alphabetical listing of interfaces, VLANs
The underlying identifier strings "wan" "lan" "opt1" ... are used all over the place in the config to hook things tog... Phillip Davis
01:55 AM Bug #4261 (Closed): Google Domains Dynamic DNS -- Works on 2.1.5 but not 2.2-RC
Chris Buechler
01:53 AM Bug #4261: Google Domains Dynamic DNS -- Works on 2.1.5 but not 2.2-RC
Works just fine. See https://forum.pfsense.org/index.php?topic=86900.msg477095#msg477095 Kill Bill
12:24 AM Bug #4261: Google Domains Dynamic DNS -- Works on 2.1.5 but not 2.2-RC
Sorry, typo in the report -- I am using HTTPS for all my attempts, not HTTP. I'll start fresh and see if I can figur... Daniel Eckert
12:12 AM Bug #4261: Google Domains Dynamic DNS -- Works on 2.1.5 but not 2.2-RC
oh one difference between what you're doing and we're trying, we're using HTTPS rather than HTTP. Might want to try t... Chris Buechler
01:19 AM pfSense Packages Bug #4263 (Needs Patch): ntopng: historical feature issue
Hello,
i can't use the historical feature. when i try to load historical data after setting interface and time inter... Anonymous
12:59 AM pfSense Packages Bug #4256 (Feedback): Squid3 using 100% CPU after install/reboot
which process is using 100% CPU? Chris Buechler
12:20 AM Feature #4038: Button to clear the arp cache
Chris Buechler wrote:
> Applying that may be dangerous, in that it leaves a file on your system with no authenticati... Josh Finlay
12:04 AM Revision 7fd2a0e3: Strict comparison not necessary here, and makes this fail to work as
intended. Fixes #4258 Chris Buechler
12:04 AM Revision 7684d66f: Strict comparison not necessary here, and makes this fail to work as
intended. Fixes #4258 Chris Buechler

01/21/2015

11:59 PM Feature #3120: WebConfigurator, open help page on new window
Damien Braillard wrote:
> Just a proposition:
> When clicking the help button from a page of the web configurator, ... Josh Finlay
11:58 PM Bug #4261 (Feedback): Google Domains Dynamic DNS -- Works on 2.1.5 but not 2.2-RC
works fine here, we just did some testing with two diff hosts on Google Domains. Both update, both display the correc... Chris Buechler
09:34 PM Bug #4261 (Closed): Google Domains Dynamic DNS -- Works on 2.1.5 but not 2.2-RC
Hi team,
I'm using the new Google Domains Dynamic DNS functionality, and I am pleased that it works so well on 2.1... Daniel Eckert
11:52 PM Feature #4038: Button to clear the arp cache
Chris Buechler wrote:
> Applying that may be dangerous, in that it leaves a file on your system with no authenticati... Josh Finlay
11:44 PM Feature #4038: Button to clear the arp cache
Applying that may be dangerous, in that it leaves a file on your system with no authentication that clears your ARP t... Chris Buechler
11:37 PM Feature #4038: Button to clear the arp cache
Grischa Zengel wrote:
> After swapping IP from two embedded devices (WizNet RS485 Gateways) the gateways weren't rea... Josh Finlay
11:37 PM Feature #4262: Alphabetical listing of interfaces, VLANs
Thanks for the quick reply, Chris! Yes, an option would be great, even if it weren't a change to the default behavio... Daniel Eckert
11:32 PM Feature #4262: Alphabetical listing of interfaces, VLANs
they're listed in the order of their identifier. wan, lan, opt1, opt2, ...
This is one of those things where if y... Chris Buechler
11:16 PM Feature #4262 (Needs Patch): Alphabetical listing of interfaces, VLANs
Hi team,
If possible, I'd love to see interfaces and VLANs ordered alphabetically instead of by order of creation ... Daniel Eckert
08:46 PM Revision f3caa5a4: Ticket #4254 do not put duplicate interface names
Ermal Luçi
08:45 PM Revision 005fd63a: Ticket #4254 do not put duplicate interface names
Ermal Luçi
08:40 PM Revision 44085a65: Ticket #4254 Actually use proper variables allover to have correct route added
Ermal Luçi
08:40 PM Revision b61930dc: Ticket #4254 Actually use proper variables allover to have correct route added
Ermal Luçi
08:34 PM Revision 52b25e81: Ticket #4254 Actually use proper interface to check if gateway exists
Ermal Luçi
08:33 PM Revision 3ad33c0e: Ticket #4254 Actually use proper interface to check if gateway exists
Ermal Luçi
08:25 PM Revision 1e453232: Ticket #4254 Use proper variable
Ermal Luçi
08:25 PM Revision cde88d5e: Ticket #4254 Use proper variable
Ermal Luçi
08:09 PM Revision c7d44786: Ticket #4254 actually use the info on the protocol of the vpn sepcification to be more sure on the family to use
Ermal Luçi
08:09 PM Revision 39e3b27b: Ticket #4254 actually use the info on the protocol of the vpn sepcification to be more sure on the family to use
Ermal Luçi
08:09 PM Bug #4254 (Resolved): Dynamic interface removal/addition breaks IKEv2
that fixes the initial described problem. Also re-verified multi-WAN bits after static routes returned, including dis... Chris Buechler
03:03 PM Bug #4254: Dynamic interface removal/addition breaks IKEv2
Static routes are put back in the configuration. Ermal Luçi
02:38 AM Bug #4254 (Feedback): Dynamic interface removal/addition breaks IKEv2
I put a workaround to not use the interfaces not present in config.
Though the real workaround here is to install ... Ermal Luçi
01:23 AM Bug #4254: Dynamic interface removal/addition breaks IKEv2
sent Ermal details on how to replicate in the test setup. Chris Buechler
08:06 PM Revision 7f9844c2: Ticket #4254 Handle even hosts specified throguh dns name
Ermal Luçi
08:06 PM Revision 95783403: Ticket #4524 Bring back static routes on ipsec to make sure charon does not send traffic through wrong iface. This handles properly ipv6
Ermal Luçi
08:04 PM Revision 4e1fd3b6: Ticket #4254 Handle even hosts specified throguh dns name
Ermal Luçi
08:00 PM Revision c7edf1f8: Ticket #4524 Bring back static routes on ipsec to make sure charon does not send traffic through wrong iface. This handles properly ipv6
Ermal Luçi
07:43 PM Revision 2525ea04: Correct this typo which would make other things break
Ermal Luçi
07:31 PM Revision 121cde47: Be compliant with gatway groups specified on ipsec. Ticket #4254
Ermal Luçi
07:31 PM Revision 312a5188: Ticket #4254 Actually fix this on 2.2 branch since vips are not handled by get_real_interface apparently!
Ermal Luçi
07:31 PM Revision 260c6a7e: Be compliant with gatway groups specified on ipsec. Ticket #4254
Ermal Luçi
06:55 PM Bug #4258 (Resolved): DNS Resolver - auto-added access controls missing IPv6 subnets where "all" interfaces selected
updated subject to specific issue. Fixed Chris Buechler
06:20 PM Bug #4258: DNS Resolver - auto-added access controls missing IPv6 subnets where "all" interfaces selected
Applied in changeset commit:7fd2a0e3a9163d8cc3f578f4bd105ed0c982737f. Chris Buechler
06:20 PM Bug #4258 (Feedback): DNS Resolver - auto-added access controls missing IPv6 subnets where "all" interfaces selected
Applied in changeset commit:7684d66fad740820ca1c945a5b67a6f813306235. Chris Buechler
06:05 AM Bug #4258 (Resolved): DNS Resolver - auto-added access controls missing IPv6 subnets where "all" interfaces selected
IPv4 subnets are automagically added to /var/unbound/access_lists.conf; however this is not done with any of the IPv6... Kill Bill
06:32 PM Revision 083ec796: Ticket #4254 Actually fix this on 2.2 branch since vips are not handled by get_real_interface apparently!
Ermal Luçi
04:38 PM Revision 52b5a223: When radvd is configured on a CARP interface, enable it when it is MASTER and disable when go to BACKUP. It should fix #4252
Renato Botelho
04:36 PM Revision caaaf9ce: Add missing require for filter.inc since vpn_ipsec_configure() calls filter_configure(). It should fix #4236
Renato Botelho
04:36 PM Revision a6934401: When radvd is configured on a CARP interface, enable it when it is MASTER and disable when go to BACKUP. It should fix #4252
Renato Botelho
03:20 PM pfSense Packages Bug #4243: Last squidguard update prevents squid from starting
The problem appears to be more complex than I first thought.
In a fresh install into virtualbox with squid 2.x and s... Volker Kuhlmann
12:27 PM Feature #4260 (Closed): Add ECP DH key groups support
strongswan has had ECP DH key groups support for quite some time, should be added to GUI.
https://wiki.strongswan.o... Chris Buechler
12:13 PM Bug #4257 (Feedback): tap interfaces missing from bridge after boot
Chris Buechler
05:30 AM Bug #4257: tap interfaces missing from bridge after boot
https://redmine.pfsense.org/issues/4146 Kill Bill
04:45 AM Bug #4257 (Resolved): tap interfaces missing from bridge after boot
*Before instance restart/after reboot:*
ovpnc1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 15... Dmitriy K
12:12 PM Bug #4255 (Rejected): Outbound NAT needs config upgrade
you're right, I was too quick on the trigger here. The config upgrade failed on one pair of systems because it was up... Chris Buechler
05:24 AM Bug #4255 (Feedback): Outbound NAT needs config upgrade
Do you have a config that was broken after upgrade? I upgraded a 2.1.x to 2.2 on both modes, automatic and advanced a... Renato Botelho
04:17 AM Bug #4255: Outbound NAT needs config upgrade
There is a code to convert it, it's upgrade_102_to_103() Renato Botelho
11:28 AM Feature #3377: OAuth2 authentication in captive portal
Thomas NOEL wrote:
> Here is a proof of concept, for a OAuth2 captive portal authentication with Google accounts :
... simon mitnick
10:50 AM Bug #4252: radvd not functional with CARP IPs
Applied in changeset commit:52b5a22363d34bbd621b9eb555cf849782318dda. Renato Botelho
10:50 AM Bug #4252 (Feedback): radvd not functional with CARP IPs
Applied in changeset commit:a693440176e8bd4a783a9ccb75d2cd57629b5699. Renato Botelho
12:50 AM Bug #4252: radvd not functional with CARP IPs
The conf file problem is fixed. Since CARP no longer has its own interface, we'll need to start/stop radvd along with... Chris Buechler
09:37 AM Feature #4259 (Resolved): Port forward NAT rules with "any" protocol
Hello,
i'm starting to use pfsense inside my company network but i see that pfsense is missing a NAT ability compare... Anonymous
08:32 AM Revision 778d2ea9: Ticket #4254 specify the list of interfaces to be used by charon. This is a workaround for now. Being investigated the fix.
Ermal Luçi
08:31 AM Revision 89ac17e3: Ticket #4254 specify the list of interfaces to be used by charon. This is a workaround for now. Being investigated the fix.
Ermal Luçi
06:36 AM Revision 94efc59d: Use the parent NIC rather than the VIP. Fixes part of Ticket #4252
Chris Buechler
06:35 AM Revision 2f74d9d8: Use the parent NIC rather than the VIP. Fixes part of Ticket #4252
Chris Buechler
04:42 AM pfSense Packages Bug #4256 (Closed): Squid3 using 100% CPU after install/reboot
1. Install latest pfSense snapshot;
2. Install Squid3 package;
3. Observe 100% load on CPU oob and after reboot;
... Dmitriy K
01:01 AM Bug #4251: NAT Reflection not working if LAN is bridged
The only other explanation that came to my mind is that nat reflection might need a reboot to activate under some cir... Frederic Steinfels

01/20/2015

10:58 PM Bug #4252: radvd not functional with CARP IPs
working on this Chris Buechler
03:56 PM Bug #4252 (Resolved): radvd not functional with CARP IPs
radvd.conf where a CARP IP is chosen results in an invalid config file, as it omits the interface entirely (where it ... Chris Buechler
09:54 PM Revision 81292a2f: The reset button check should happen on all platforms, not only NanoBSD
Jim Pingle
09:53 PM Revision de16863d: The reset button check should happen on all platforms, not only NanoBSD
Jim Pingle
09:47 PM Bug #4255 (Rejected): Outbound NAT needs config upgrade
Outbound NAT configs in 2.1.x and prior use a different XML structure than 2.2, and there isn't any config upgrade co... Chris Buechler
08:54 PM Bug #4253: Diagnostics > Test Port requires Source Port
So sorry to waste your valuable time. I'll do better in the future. Chris Linstruth
07:53 PM Bug #4253 (Rejected): Diagnostics > Test Port requires Source Port
upgrade, that was fixed a while ago Chris Buechler
07:52 PM Bug #4253 (Rejected): Diagnostics > Test Port requires Source Port
The dialog for Diagnostics > Test Port says this for source port, "This should typically be left blank." and the fiel... Chris Linstruth
08:35 PM Bug #4254 (Resolved): Dynamic interface removal/addition breaks IKEv2
Where you have a dynamic interface removed and re-added while running IKEv2 in strongswan, things break. Good easily ... Chris Buechler
06:57 PM Bug #4249 (Feedback): virtual ips backup/restore bug
I replied back on your forum thread, this sounds like a stale upstream ARP cache. Chris Buechler
10:52 AM Bug #4249 (Not a Bug): virtual ips backup/restore bug
the version of the software is 2.2 RC Jan 16 11:53
to take full backup; press diagnostics > backup > full backup >... on dokuz
04:44 PM Revision f0d51562: Place form save button outside form panel for clarity (saves whole form, not just the last panel)
- Increase body bottom margin to create 20px margin between elements
and footer Sander van Leeuwen
02:35 PM Bug #4251: NAT Reflection not working if LAN is bridged
It was bridged with an OpenVPN PSK TAP Client. That connection has been down for about a month but was not disabled. ... Frederic Steinfels
02:20 PM Bug #4251 (Feedback): NAT Reflection not working if LAN is bridged
what was LAN bridged to? Was there an IP on the bridge itself or was it on the LAN interface? Chris Buechler
02:07 PM Bug #4251 (Closed): NAT Reflection not working if LAN is bridged
I have been trying everything to get NAT reflection working. My last effort was to remove LAN bridge (which I wasn't ... Frederic Steinfels
02:21 PM Bug #4206: Missing route creation on DHCP-PD lease where ia-na != ia-pd
Here is a follow-up with 3 attachments: The pcap file, a screenshot of the "Status: DHCPv6 leases" page and the dhcpd... Anders Lind
12:21 PM Bug #4250 (Rejected): IPv6 gateway is not used for default IPv6 route when rebooting, gateway edit page cannot be configured
The IP address and gateway settings on Interfaces > [assigned gif name] should remain at "None".
There is a dynami... Jim Pingle
12:19 PM Bug #4250 (Rejected): IPv6 gateway is not used for default IPv6 route when rebooting, gateway edit page cannot be configured
Error while saving gateway page, having the default checkbox checked:
- "The gateway address 2001:x:x:x::1 does not ... Pi Ba
10:08 AM Revision c4a7740d: Finish preliminary restyle of L2TP configuration
vpn_l2tp.php - Use pill style for navigation
vpn_l2tp_users.php - Cleaned and formatted according to bootstrap style... Sander van Leeuwen
05:21 AM Bug #4248 (Resolved): AES-GCM doesn't interoperate with devices not using padding
As reported on https://forum.pfsense.org/index.php?topic=86866.msg477744#msg477744
The linux hosts like to send unpa... Ermal Luçi
04:51 AM Bug #4246: Fix "netstat -gW" behavior broken in r259638.
This also limit the ability to debug problems with igmpproxy.
Is the fact that MROUTING kernel support is missing ... Jocelyn Le Sage
04:49 AM Bug #4246: Fix "netstat -gW" behavior broken in r259638.
Note that this was working properly in 2.1.5: Multicast forwarding table was displayed for IPv4. Jocelyn Le Sage

01/19/2015

11:21 PM pfSense Packages Bug #4247 (Resolved): Changes not saved when expression list becomes empty
On the page pfsense/pkg_edit.php?xml=squidguard_dest.xml&act=edit
for editing a target category the new expression l... Volker Kuhlmann
08:03 PM Bug #4246 (Resolved): Fix "netstat -gW" behavior broken in r259638.
Running 'netstat -g' to display multicast forwarding table display the following message:... Jocelyn Le Sage
07:34 PM pfSense Packages Bug #4228 (Resolved): 2.2 RC nano i386 on Watchguard Firebox
Chris Buechler
04:37 AM pfSense Packages Bug #4228: 2.2 RC nano i386 on Watchguard Firebox
this is already fixed in the latest release - I'm sorry !
Thomas Thomas Eckardt
05:57 PM Bug #4244 (Rejected): outbound nat applied on wrong interface.
there are no such issues, please post to the forum or list for assistance. Chris Buechler
05:53 PM Bug #4244: outbound nat applied on wrong interface.
Ignore this one, false alarm sorry. I hacked some rules in the filter.inc that did force a route-to. removing those..... Pi Ba
05:29 PM Bug #4244: outbound nat applied on wrong interface.
To add some more info to this issue, perhaps the traffic is properly natted as em0 is the default route, and that is ... Pi Ba
05:24 PM Bug #4244 (Rejected): outbound nat applied on wrong interface.
When i put a manual outbount-nat-rule on em0, it is applied at traffic leaving from interface em3
In this case i'm... Pi Ba
05:40 PM Bug #4245 (Confirmed): after disabling ipsec, "# VPN Rules" are still loaded
they are disabled after the next filter reload, the process of disabling just doesn't kick off a filter reload. Chris Buechler
05:34 PM Bug #4245 (Resolved): after disabling ipsec, "# VPN Rules" are still loaded
after disabling ipsec all the "# VPN Rules" are still loaded
A reload of rules should probably be triggered. Pi Ba
05:12 PM Revision 61144c9b: Preliminary changes for VPN L2TP configuration
- Cleaned using clean.sh
- Added bootstrap form and input wrappers & classes
- Splitted configuration into three part... Sander van Leeuwen
03:01 PM pfSense Packages Bug #4088: Buggy squidgurd config file is created
Issue 1) renders squidguard useless because it bypasses it entirely.
I can't seem to change the bug priority. I wa... Volker Kuhlmann
02:54 PM pfSense Packages Bug #4243 (Resolved): Last squidguard update prevents squid from starting
I don't believe I am seeing a package update breaking things completely...
squidguard 1.4_4 pkg v.1.9.9 introduces... Volker Kuhlmann
01:44 PM Revision 06966500: Firewall rules layout changes
- Added missing th for buttons column
- Wrap table in div.table-responsive; adds scrollbar on smaller viewports while... Sander van Leeuwen
12:37 PM Revision 2e7fd143: Merge pull request #3 from SanderVanLeeuwen/bootstrap
Fix grid setup on dashboard SjonHortensius
12:28 PM Revision a2faa388: Fix grid setup on dashboard
- Default width in .container is 100%, so col-md-12 isn't necessary there
- Add .row wrapper to 6/6 columns Sander van Leeuwen
12:17 PM Revision ec71be6b: Merge pull request #2 from SanderVanLeeuwen/bootstrap
Improved login screen styling SjonHortensius
12:11 PM Revision 0a353c81: Full width input fields @ sm breakpoint
Sander van Leeuwen
11:25 AM Revision ca276264: Add missing require for filter.inc since vpn_ipsec_configure() calls filter_configure(). It should fix #4236
Renato Botelho
11:09 AM Revision 365fc95d: Add reset button support for APU and FW7541
Renato Botelho
11:08 AM Revision 7f360152: Add reset button support for APU and FW7541
Renato Botelho
11:02 AM Revision c7d61071: Use bootstrap columns to scale and style jumbotron
pfSense.css - proper positioning for logo, remove with on jumbotron
auth.inc - add bootstrap columns to jumbotron
aut... Sander van Leeuwen
10:52 AM Bug #4237 (Feedback): Error "macro IPsec not defined" once after firmware upgrade
seems likely there is some other root cause, like the alias issue from before, given no one else appears to be seeing... Chris Buechler
10:48 AM Bug #4236 (Resolved): Call to undefined function filter_configure() in /etc/inc/vpn.inc
fixed Chris Buechler
05:40 AM Bug #4236 (Feedback): Call to undefined function filter_configure() in /etc/inc/vpn.inc
Applied in changeset commit:ca276264ee3289e308f33bfc6d87217d108f4a13. Renato Botelho
10:39 AM Bug #4235 (Confirmed): missing 'reply-to' in rules for mobile-ipsec
there have never been any accommodations for mobile IPsec in that regard Chris Buechler
10:08 AM Feature #4242 (New): Two Factor or OTP Authentication for Admin Interface
Hi developers!
In a never-ending quest to beef up security, it would be great to have the ability of using two-fac... Charlie Ross
08:46 AM Bug #4241 (Confirmed): Installer display glitch on "Install Bootblocks" screen
Jim Pingle
08:46 AM Bug #4241 (Needs Patch): Installer display glitch on "Install Bootblocks" screen
If a custom install is chosen, the "Install Bootblocks" screen has a graphical glitch that causes display problems on... Jim Pingle
07:53 AM Bug #4240 (Not a Bug): 2.2 IPv6 radvd RDNSS Issue
I'm have a 2.2 box running 10.1-RELEASE-p4 FreeBSD 10.1-RELEASE-p4 #0 36d7dec(releng/10.1)-dirty: Fri Jan 16 12:38:50... Adam Fathauer
07:42 AM Bug #4239 (Resolved): athstats, cryptostats, cryptotest missing from 2.2 builds
The athstats, cryptostats, and cryptotest utilities were present in 2.1.x but are not on 2.2 images, but they are lis... Jim Pingle
05:20 AM Feature #4234: allow for strict user <> cn validation of mobile ipsec users when using rsa+xauth
Push it to 2.2.1 Renato Botelho
04:28 AM pfSense Packages Todo #4029: Update phpsysinfo package
That are some really good news :) Thank you Patrick Schmidt
02:46 AM pfSense Packages Todo #4029: Update phpsysinfo package
Phpsysinfo upcoming version (3.2.1) now works correctly with pfSense 2.1.5 and 2.2.
 Mieczysław Nalewaj
01:56 AM Bug #4238 (Resolved): Firewall rule: source port display issue
Hello,
it is a display issue and appears when i try to select saved aliases on source port range.
The red backgroun... Anonymous

01/18/2015

06:05 PM Revision e30050b6: Unimportant typos in user and group manager
that do not effect anything. Phil Davis
03:10 PM Bug #4237 (Closed): Error "macro IPsec not defined" once after firmware upgrade
Error "macro IPsec not defined"
I dont know why it currently happens, and dont have a way to trigger it easily as ... Pi Ba
02:31 PM Bug #4236 (Resolved): Call to undefined function filter_configure() in /etc/inc/vpn.inc
PHP Errors:
[18-Jan-2015 21:30:33 CET] PHP Fatal error: Call to undefined function filter_configure() in /etc/inc/v... Pi Ba
02:09 PM Revision 1eb66a84: correct a few typos that made these files unparsable
services_unbound - added missing $-sign to variable
xmlrcp - removed redundant closing brackets. Some trailing whites... Sjon Hortensius
02:04 PM Revision 50242425: Derive name from easyrule block alias from the scripts name
Allows to use different block lists by using symlinks to the
easyrule CLI script Oliver Welter
02:04 PM Revision 4dedce6d: Add showblock and unblock options to easyrule CLI tool
Block rules added with easyrule block.... can now be listed and removed using
the easyrule tool. This is handy to be ... Oliver Welter
02:04 PM Revision e4d8943c: Fix inconsistent handling of seperator in easyrule, should fix #4233
Oliver Welter
01:58 PM Revision 2e1cd9d8: log.widget - replaced js processor with simple xhr that fetches html
firewall_rules - typo, duplicate $pgtitle
log.js - simple xhr html updater, no need for duplicate logic
log.widget - ... Sjon Hortensius
01:30 PM Bug #4235 (Resolved): missing 'reply-to' in rules for mobile-ipsec
It seem 'reply-to' is missing in firewall rules generated for mobile-ipsec. Pi Ba
01:27 PM Feature #4234 (Assigned): allow for strict user <> cn validation of mobile ipsec users when using rsa+xauth
Allow for strict user <> cn validation of mobile ipsec users when using rsa+xauth
It seems the gui setting is missin... Pi Ba
10:55 AM pfSense Packages Bug #4197: squid 3.4 anti-virus feature not working
The anti-virus feature is working now after adjusting the conf files based on the syntax checks you added to the to t... Cino .
08:10 AM Bug #4233: Inconsistent handling of seperators in easyrule cli
patch provided at https://github.com/pfsense/pfsense/pull/1442 Oliver Welter
07:52 AM Bug #4233 (Resolved): Inconsistent handling of seperators in easyrule cli
When making modifications to the alias generated using easyrule CLI tool, there are two issues regarding separators:
... Oliver Welter
06:06 AM Bug #4166: filterdns generates floods of DNS requests when there are significant jumps in system time
line 405 in filter.inc is what i suspect to be the issue (maybe) because when filterdns is initially run with a time ... Bipin Chandra
12:51 AM Bug #4166: filterdns generates floods of DNS requests when there are significant jumps in system time
i guess the easy way to fix this would be to handle the $resolve_interval properly such that if the time difference i... Bipin Chandra
05:58 AM Bug #4146: OpenVPN tap interfaces are down after boot
Yes, of course. Since this bridged/TAP OpenVPN nonsense needs PROMISC on both the ovpn and other bridged interfaces -... Kill Bill
05:48 AM Bug #4146: OpenVPN tap interfaces are down after boot
same goes for bridged tap server: everything is UP and RUNNING but no traffic after reboot. Restarting server fixes t... Dmitriy K
03:26 AM Bug #4146: OpenVPN tap interfaces are down after boot
I repeat myself: bridged tap client doesn't work after reboot!
Yes, latest commit brought the UP flag to the inter... Dmitriy K
03:15 AM Bug #4231: bridge or lagg of openvpn link down after reboot
at boot, i think at the time of initialization of the BRIDGE (or LAGG), the vpn is not yet initialized, and this crea... dominique dupont
03:02 AM Bug #4231: bridge or lagg of openvpn link down after reboot
both. specifically, one that reboot.
so that it works again, it is necessary after the reboot, resave the bridge con... dominique dupont

01/17/2015

09:10 PM pfSense Packages Bug #4232: GUI: Interface Menu
Thanks! It's the same problem.
This could be marked as dupe report. Sorry about that (i searched before i posted.) David Pfsense
09:01 PM pfSense Packages Bug #4232: GUI: Interface Menu
on Linux, it might be a font problem, since fixed/avoided in 2.2. see #3841 Chris Buechler
07:37 PM pfSense Packages Bug #4232: GUI: Interface Menu
I've tried that.
I've tried two browsers with the same result.
Mozilla Firefox 34.0
Chromium Version 39.0.2171.6... David Pfsense
06:44 PM pfSense Packages Bug #4232 (Rejected): GUI: Interface Menu
clear your browser cache, it's using outdated pieces Chris Buechler
06:13 PM pfSense Packages Bug #4232 (Rejected): GUI: Interface Menu
System Menu drops down on Help Menu.
Help Menu is just below System Menu.
This happend when upgradring from;
... David Pfsense
06:50 PM Feature #4230: Prefer SSL Perfect Forward Secrecy ciphers in UI
this is something I'd noted for 2.2.1 but don't think we have a ticket on it. Chris Buechler
07:19 AM Feature #4230 (Resolved): Prefer SSL Perfect Forward Secrecy ciphers in UI
Perfect Forward Secrecy (PFS) ciphers should be preferred in the admin interface to further harden the admin web serv... Phil Koller
06:46 PM Bug #4231: bridge or lagg of openvpn link down after reboot
which side doesn't work? Chris Buechler
04:06 PM Bug #4231: bridge or lagg of openvpn link down after reboot
site 1 : 2.1.2 with BRIDGE lan, openvpn link and LAGG of 2 openvpn (multi wan: 1 vpn per wan)
site 2 : 2.2RC last u... dominique dupont
12:43 PM Bug #4231: bridge or lagg of openvpn link down after reboot
what version are you using? Chris Buechler
12:42 PM Bug #4231: bridge or lagg of openvpn link down after reboot
rectification for the BRIDGE, create an interface BRIDGE with the LAN and an openvpn links. dominique dupont
10:33 AM Bug #4231 (Resolved): bridge or lagg of openvpn link down after reboot
If you create an interface LAGG with two openvpn links or an interface BRIDGE with two openvpn links, after reboot, t... dominique dupont
04:16 PM Revision 69b397dd: updated firewall WIP, fixed widget ordering
* ipsec - replaced manual panel with simple alert Sjon Hortensius
02:54 PM Revision a42e7aa2: replaced logobig with high-quality logo-black
favicon - updated as well
authgui - form is now horizontal, logo update Sjon Hortensius
02:07 PM pfSense Packages Bug #3986: BandwidthD can break php-fpm in unknown rare edge case
Hi,
FYI, I just added some new observations to the forum post, https://forum.pfsense.org/index.php?topic=84642.0
... Russell Morris
01:50 PM Revision 80169aa8: implemented widget-config
fbegin/fend.inc - temporary added for non-migrated pages
firewall_rules - use buttons for actions
index - implement w... Sjon Hortensius
09:13 AM Todo #4225: Lets improve the webGUI
That's definitely a good news! Current webgui looks like "hello from hardcore early 90s". It would be nice to get a m... Dmitriy K
07:30 AM pfSense Packages Feature #2592: Allow squid to listen on multiple interfaces
squid3 does this now. I would close this ticket Cino .
05:18 AM Revision ef9ef75f: add detection for 7541, APU
Chris Buechler
05:15 AM Revision 5a8519bb: add detection for 7541, APU
Chris Buechler
03:36 AM Bug #1943: PPPoE won't reconnect after link loss when using vr(4) NICs on certain ISPs only
this problem persists on 2.2 RC Bipin Chandra
12:02 AM Revision 1195a12d: move jquery ui css to theme folders
Jared Dillard
12:01 AM Revision 6f1d609b: move jquery ui css to theme folders
Jared Dillard

01/16/2015

09:30 PM Revision ccda8a1d: Merge branch 'master' into bootstrap
Conflicts:
usr/local/www/carp_status.php
usr/local/www/diag_arp.php
usr/local/www/diag_authen... Sjon Hortensius
07:42 PM Revision b1fef27f: Set $arch accordingly to release
Renato Botelho
07:40 PM Revision 6aac31ef: change update URLs for release
Chris Buechler
07:36 PM Revision 6434d5be: Bump to 2.2-RELEASE
Chris Buechler
07:35 PM Revision 77fa86b0: make master 2.3-DEVELOPMENT
Chris Buechler
06:53 PM pfSense Packages Bug #4114: Squid 3.4.9 transparent proxy broken.
the issue covered by this ticket is fixed, there might be other issues but those are separate and have no relation to... Chris Buechler
03:17 PM pfSense Packages Bug #4114: Squid 3.4.9 transparent proxy broken.
Issue definitely not "fixed" if you are upgrading from a working config - maybe if you install fresh or use some work... Luke Stracey
11:44 AM pfSense Packages Bug #4114 (Resolved): Squid 3.4.9 transparent proxy broken.
issue covered here is fixed Chris Buechler
04:50 PM Revision b9a12ae0: Still missed one mistake on last commit
Renato Botelho
04:49 PM Revision b9ad208c: Fix some logic mistakes introduced in 89f171b052, spotted by phil-davis
Renato Botelho
04:30 PM Revision 0a1f1301: fix syntax and unbreak pfsense-utils.inc
Renato Botelho
04:24 PM Revision daae5e03: fix syntax and unbreak interfaces.inc
Renato Botelho
04:12 PM Revision 649cde0b: Address pull comments
head.inc - Revert indenting
.gitignore - Add IDE name in comment Sander van Leeuwen
03:14 PM Revision 2148e0bf: Ignore PhpStorm settings
Sander van Leeuwen
03:13 PM Revision d75a843c: - Wrap form parts in panels
- Improved some form-groups
- Add .checkbox helper to form-groups containing checkboxes Sander van Leeuwen
03:11 PM Revision 45eebe10: Style page header & footer
head.inc - Wrap header elements (title, breadcrumb)
guiconfig.inc - Prefix breadcrumb with title h1
pfSense.css - Sty... Sander van Leeuwen
01:50 PM Revision 0c5dd854: Validate if both IP address and subnet are valid and the same version. Fixes #4223
Renato Botelho
01:50 PM Revision 17c98255: Validate if both IP address and subnet are valid and the same version. Fixes #4223
Renato Botelho
12:39 PM Bug #4229 (Rejected): Can not create a VIP for OpenVPN instance
you can't create CARP IPs on tap or tun interfaces. you're misinterpreting the recommendation, that's the binding of ... Chris Buechler
12:36 PM Bug #4229 (Rejected): Can not create a VIP for OpenVPN instance
pfSense says:
@The following input errors were detected:
The interface chosen for the VIP has no IPv4 or IPv6 addre... Dmitriy K
11:50 AM Bug #4227: Too much logging for IPSec DPD
logging levels are configurable. Defaults could use some review later. Chris Buechler
02:53 AM Bug #4227 (Resolved): Too much logging for IPSec DPD
Is it possible to reduce the amount of logging for DPD packets. By default, these are generated every minute, and I h... Eskild Skaar
11:47 AM Bug #4223 (Resolved): ip_in_subnet('11.22.33.5','abcd::/64') returns true.. this should not be.
fixed Chris Buechler
08:10 AM Bug #4223: ip_in_subnet('11.22.33.5','abcd::/64') returns true.. this should not be.
Applied in changeset commit:0c5dd854a840007e09bd3f95949cbce9abeb7d18. Renato Botelho
08:10 AM Bug #4223 (Feedback): ip_in_subnet('11.22.33.5','abcd::/64') returns true.. this should not be.
Applied in changeset commit:17c982555a2a3ecfa5c2ce988a6d85bee5a5980d. Renato Botelho
11:44 AM Bug #4208: P1 rekeying with IKEv1 failing with no proposal chosen / invalid ID info
that did fix the issue for 2.2, pushing to 2.2.1 for getting the issue fixed in strongswan 5.2.2. Chris Buechler
04:08 AM pfSense Packages Bug #4228 (Resolved): 2.2 RC nano i386 on Watchguard Firebox
the 'Watchguard Firebox with SDEC' driver is missing in the 'LCDproc' package Thomas Eckardt
01:02 AM Feature #4179: Driver oce is missing from 2.2 RC
oce.ko from FreeBSD 8.3 copied over to PfSense 2.2.5 works fine in our environment including VLAN tags, LACP trunk, C... Christoph Erdle
12:40 AM Feature #4179: Driver oce is missing from 2.2 RC
just setting assignee for completeness Jim Thompson
12:51 AM Todo #4226 (Resolved): Time to put a knife in PPTP
PPTP comes out of pfSense in 2.3.
this bug is opened so we remember to do it. Jim Thompson
12:50 AM Todo #4225 (Resolved): Lets improve the webGUI
People seem to like the look and feel of the web GUI in a recent fork (which shall not be named).
Jared says it's ... Jim Thompson
12:47 AM Todo #4224 (Resolved): PBIs are old skool. pkg-ng is the new shiny. We need to convert pfSense to use pkg-ng.
Jim Thompson
12:45 AM Bug #2762: PF drops IPv6 packets with fragment header followed by a last fragment only
I think this is going to want more testing than what we can afford in the 2.2.1 timeframe. That said, if it gets fi... Jim Thompson

01/15/2015

11:59 PM Bug #4223 (Confirmed): ip_in_subnet('11.22.33.5','abcd::/64') returns true.. this should not be.
I thought this was covered by an outstanding pull request, but not seeing one at a glance specific to in_subnet. This... Chris Buechler
10:04 PM Bug #4223 (Resolved): ip_in_subnet('11.22.33.5','abcd::/64') returns true.. this should not be.
ip_in_subnet('11.22.33.5','abcd::/64') returns true.. this should not be.
still causes trouble like reported in ht... Pi Ba
11:22 PM Bug #4208 (Feedback): P1 rekeying with IKEv1 failing with no proposal chosen / invalid ID info
downgrade to strongswan 5.2.1 (with cherry-picked security fixes from 5.2.2) looks to have fixed this issue. Leaving ... Chris Buechler
11:19 PM pfSense Packages Bug #4197: squid 3.4 anti-virus feature not working
thanks Marcello, I merged it. Chris Buechler
10:05 PM pfSense Packages Bug #4197: squid 3.4 anti-virus feature not working
Typo and freshclam checks fixed on this PullRequest
https://github.com/pfsense/pfsense-packages/pull/788 Marcello Silva Coutinho
09:05 PM Revision 5b7c33fc: Firewall Rules Apply be friendly to other languages
Forum: https://forum.pfsense.org/index.php?topic=86808.0
Redmine: https://redmine.pfsense.org/issues/3886
print_info... Phil Davis
09:04 PM Revision 65f9080d: Merge pull request #1441 from phil-davis/patch-1
Renato Botelho
08:42 PM Revision 8d4e768a: Time to let these go
Ermal Luçi
08:41 PM Revision 81b7bc4b: Time to let these go
Ermal Luçi
08:20 PM Revision 19523ce2: Ticket #3997 s/_vhid/_vip/g
Ermal Luçi
07:58 PM Revision eef9a15d: Ticket #3997 Put a uniq identifier on the carp settings.
Ermal Luçi
07:31 PM Bug #3886: (TurkishLanguage) After the firewall rule for example (lan rule) does not come "Apply Button"
That pull request has been merged, so this particular thing should be fixed in 2.2 Phillip Davis
12:29 PM Bug #3886: (TurkishLanguage) After the firewall rule for example (lan rule) does not come "Apply Button"
It did not resolve - switch to Turkish, edit and save a firewall rule. The "Apply" step of the sequence is not displa... Phillip Davis
07:18 PM Revision 05071b65: Just do an update since it will handle itself properly.
Ermal Luçi
07:18 PM Revision dc41ccaf: Just do an update since it will handle itself properly.
Ermal Luçi
07:17 PM Revision 89f171b0: Ticket #3997, teach code to track carp through uniqids(). Missing carp GUI changes and upgrade code
Ermal Luçi
07:09 PM Feature #4128: Email notification webgui configuration
I think this is a fantastic idea! → luckman212
06:15 PM Revision fe0fa4c3: Firewall Rules Apply be friendly to other languages
Forum: https://forum.pfsense.org/index.php?topic=86808.0
Redmine: https://redmine.pfsense.org/issues/3886
print_info... Phil Davis
05:53 PM Revision 98bf4991: Fixes #4150. Move to tables to accomodate unlimited number of interfaces.
Ermal Luçi
04:31 PM pfSense Packages Bug #4114: Squid 3.4.9 transparent proxy broken.
PfSense: 2.2-RC (amd64) built on Thu Jan 15 12:12:32 CST 2015
Squid: 3.4.10_2 pkg 0.2.4
Confirmed, Package is wor... Gerald Drausinger
04:45 AM pfSense Packages Bug #4114: Squid 3.4.9 transparent proxy broken.
Please do not close.
I know the original bug was opened on amd64 but I have been following this avidly as it also ef... Luke Stracey
03:26 AM pfSense Packages Bug #4114: Squid 3.4.9 transparent proxy broken.
Confirmed working now. (phew!)
Latest package 0.2.4 transparent proxy is OK.
ICMP pinger disabled in GUI to avoid ... Arthur Undisclosed
01:34 PM Feature #4214 (Resolved): IKEv2 EAP-MSCHAPv2 support
This has been reported working. Ermal Luçi
12:10 PM Bug #4150: Captive Portal doesn't work with > 120 VLAN interfaces
Applied in changeset commit:98bf4991dc31f97fc7315a6b8aba433de9d39cea. Ermal Luçi
11:53 AM Bug #4150 (Feedback): Captive Portal doesn't work with > 120 VLAN interfaces
Ermal Luçi
11:21 AM pfSense Packages Bug #4222: Update to 2.2 RC breaks domU
Maybe a hook should be added then in the web UI to say, "hey, Xen detected, please make sure you checked (this note) ... Douglas Haber
11:18 AM pfSense Packages Bug #4222: Update to 2.2 RC breaks domU
In theory it is possible but given the wide range of disks that have been setup over the years, it is not yet a proce... Jim Pingle
11:14 AM pfSense Packages Bug #4222: Update to 2.2 RC breaks domU
Theoretically, could a hook for the referenced shell script be added into the pfSense upgrade process? Or even a sed ... Douglas Haber
11:13 AM pfSense Packages Bug #4222: Update to 2.2 RC breaks domU
To elaborate on that a little, the main problem with the disk is that the PVHVM drivers in FreeBSD apparently do not ... Jim Pingle
11:11 AM pfSense Packages Bug #4222 (Rejected): Update to 2.2 RC breaks domU
Already documented. It's a Xen/PVHVM thing we can't control.
https://doc.pfsense.org/index.php/Upgrade_Guide#Xen_U... Jim Pingle
11:09 AM pfSense Packages Bug #4222 (Rejected): Update to 2.2 RC breaks domU
By doing an upgrade to nightly RC build for 2.2 from a working 2.1.5 install, it breaks it in Citrix XenServer. 2.2 s... Douglas Haber
11:08 AM pfSense Packages Bug #4220 (Closed): IPSec dose not work any more.
Maybe just happened to not hit the issue after another reboot. This: ... Chris Buechler
10:49 AM pfSense Packages Bug #4220: IPSec dose not work any more.
*With the new built "Thu January 15 08:01:35 CST 2015
FreeBSD 10.1-RELEASE-p4 "IPsec works great.* Anonymous
06:56 AM pfSense Packages Bug #4220 (Closed): IPSec dose not work any more.
Since update to "2.2-RC (amd64) built on Wed January 14 17:46:28 CST 2015 FreeBSD 10.1-RELEASE-p4 " does not work any... Anonymous
10:08 AM Bug #4219 (Confirmed): Bump sched buckets limiter log spam
Chris Buechler
10:07 AM Bug #4219: Bump sched buckets limiter log spam
no diff than it's ever been. Chris Buechler
04:06 AM Bug #4219 (Resolved): Bump sched buckets limiter log spam
when limiter is used with source mask, it creates a lot of system log entries over time when active and applied to cl... Bipin Chandra
10:07 AM Bug #4221 (Rejected): Bridge does not have IPv6 link local address
duplicate Chris Buechler
07:22 AM Bug #4221 (Rejected): Bridge does not have IPv6 link local address
I configured a ethernet bridge with two members (re0_vlan20 and re1_vlan20) and assigned an IPv6 address to it.
It s... Martin Schmidauer
09:13 AM Revision 4e8eacfd: Revert "Move to specifically specifying the ID type apart when an ip address to have strongswan do proper behaviour. Also for DynDNS names use the dns type id so strongswan does the resolving by its own."
This reverts commit 1ada4c8c514cc33b0df6238b7f2f177078bfe2e8. Ermal Luçi
09:13 AM Revision 23de1f0d: Revert "Fix typos introduced by chaning to explicit id specification when necessary. Fixes #4202"
This reverts commit 324311043385aed357ca8838bde2c3af3111e564. Ermal Luçi
08:29 AM Revision bc62f818: Add RSA keys even for eap-mschapv2
Ermal Luçi
08:29 AM Revision f579c0fb: Add EAP-MSChapv2 implementation for Windows ipsec support as reported here https://forum.pfsense.org/index.php?topic=81657.15
Ermal Luçi
07:45 AM Revision 07d0d1b2: Add RSA keys even for eap-mschapv2
Ermal Luçi
04:13 AM Bug #4212 (Resolved): unbound not starting on 12 CPU host
Renato Botelho
03:25 AM Bug #4212: unbound not starting on 12 CPU host
It works. Thanks for the quick fix. Thomas Hilse
02:41 AM Bug #4218: Bridge does not have AUTO_LINKLOCAL flag
affected version: 2.2-rc Martin Schmidauer
02:40 AM Bug #4218 (Resolved): Bridge does not have AUTO_LINKLOCAL flag
I configured a ethernet bridge with two members (re0_vlan20 and re1_vlan20) and assigned a IPv6 address to it.
It se... Martin Schmidauer

01/14/2015

10:22 PM pfSense Packages Bug #4114: Squid 3.4.9 transparent proxy broken.
Arthur Undisclosed wrote:
> I'm sorry, it seems there are still numerous issues with this package:
>
> - Transpar... Albert H
06:49 PM pfSense Packages Bug #4114: Squid 3.4.9 transparent proxy broken.
I'm sorry, it seems there are still numerous issues with this package:
- Transparent proxy still doesn't work. "TA... Arthur Undisclosed
09:43 AM pfSense Packages Bug #4114: Squid 3.4.9 transparent proxy broken.
Should be fine on 0.2.4 Renato Botelho
08:56 PM Bug #4208: P1 rekeying with IKEv1 failing with no proposal chosen / invalid ID info
strongswan has been reverted back to 5.2.1 to see if that resolves the issue, as other possibilities seem to have bee... Chris Buechler
05:42 AM Bug #4208: P1 rekeying with IKEv1 failing with no proposal chosen / invalid ID info
The first one hsa been reverted and is present on new snaps. Ermal Luçi
04:36 AM Bug #4208: P1 rekeying with IKEv1 failing with no proposal chosen / invalid ID info
If the present builds do not work.
These commits seem at fault
http://git.strongswan.org/?p=strongswan.git;a=commit... Ermal Luçi
05:20 PM pfSense Packages Bug #4217 (Resolved): siproxd on pfSense 2.2-RELEASE i386 fails to start
running on Netgate ALIX router.
siproxd won't start via GUI.
Executing
[2.2-RC][root@router.example.org]/usr/... Randall Barth
04:58 PM pfSense Packages Bug #4216: squidguard squidguard-dev issues
https://forum.pfsense.org/index.php?topic=86701.msg475980#msg475980 Cino .
04:57 PM pfSense Packages Bug #4216 (Closed): squidguard squidguard-dev issues
squidguard and squidguard-dev are missing symlinks to shared libs
ln -s /usr/pbi/squidguard-amd64/local/lib/liblda... Cino .
04:16 PM pfSense Packages Bug #4197: squid 3.4 anti-virus feature not working
thanks Marcello and Renato!!
We are almost there, Marcello found a typo that he is correcting in the squid.inc fil... Cino .
09:41 AM pfSense Packages Bug #4197 (Feedback): squid 3.4 anti-virus feature not working
Please try squid3 package version 0.2.4 Renato Botelho
04:03 PM Revision 37656b10: Oops add missing curly
Ermal Luçi
04:03 PM Revision 54ab1bdc: Also take care of ph1 mobile settings for eap-tls
Ermal Luçi
04:03 PM Revision 88a46519: Oops add missing curly
Ermal Luçi
04:03 PM Revision eb26d310: Also take care of ph1 mobile settings for eap-tls
Ermal Luçi
02:11 PM Revision 38f77f4f: Obsolete libpng15 in favour of libpng16
Renato Botelho
02:09 PM Revision 6e0a0ab3: Obsolete libpng15 in favour of libpng16
Renato Botelho
12:51 PM Bug #2984 (Resolved): IPSec adds route but isn't needed any more
this works in 2.2 Chris Buechler
09:37 AM Bug #2984 (Feedback): IPSec adds route but isn't needed any more
The routes are not present anymore since 2.2. Ermal Luçi
12:47 PM Feature #2849 (Resolved): IKEv2 support for IPsec
implemented Chris Buechler
04:53 AM Feature #2849: IKEv2 support for IPsec
I suppose this is not an issue anymore and can be resolved/closed. Dmitriy K
12:42 PM Feature #1972 (Resolved): Allow /31 networks to be configured
yeah this works Chris Buechler
09:38 AM Feature #1972 (Feedback): Allow /31 networks to be configured
This has already been committed/fixed from Chris. Ermal Luçi
11:34 AM Revision a771a6ae: Add support for 0x20 DNS random bit support. Fixes #4205
Warren Baker
11:28 AM Revision 10e2acb5: Add EAP-MSChapv2 implementation for Windows ipsec support as reported here https://forum.pfsense.org/index.php?topic=81657.15
Ermal Luçi
11:23 AM Revision 9eec3be3: Correctly handle number of cores and power of 2. Merged from the package already had this. Fixes #4212
Warren Baker
11:22 AM Revision 5526efab: Merge pull request #1439 from wagonza/patch-5
Renato Botelho
11:09 AM Revision 46762efe: Correctly handle number of cores and power of 2. Merged from the package already had this. Fixes #4212
Warren Baker
11:05 AM pfSense Packages Bug #4215 (Resolved): System Patches - no-op "Apply changes" button after test
Jim Pingle
11:01 AM pfSense Packages Bug #4215: System Patches - no-op "Apply changes" button after test
Thanks, works :) Kill Bill
08:20 AM pfSense Packages Bug #4215 (Feedback): System Patches - no-op "Apply changes" button after test
Applied in changeset commit:37f34f561e7d537f5f56469de7632097b0058c4a. Jim Pingle
06:31 AM pfSense Packages Bug #4215 (Resolved): System Patches - no-op "Apply changes" button after test
0/ Add some patch.
1/ Click Test link
2/ You get something like:... Kill Bill
09:04 AM Feature #2593: sync NTPD, SNMP config between HA members
With the expanded config options in 2.2, this seems even more valuable now. Ansley Barnes
08:41 AM pfSense Packages Bug #4196 (Resolved): Squid 3.4 pid file can't be created
Renato Botelho
08:31 AM pfSense Packages Bug #4196: Squid 3.4 pid file can't be created
looking good. squid is able to start. I installed the package on a fresh amd64 install. After package install it aut... Cino .
05:40 AM Feature #4205 (Assigned): unbound config option missing
Pull request already sent to fix it, but it can wait for 2.2.1 - https://github.com/pfsense/pfsense/pull/1440 Renato Botelho
05:40 AM Bug #4212: unbound not starting on 12 CPU host
Applied in changeset commit:9eec3be339805c5f276500331c410fa18cc9bd5f. Warren Baker
05:40 AM Bug #4212 (Feedback): unbound not starting on 12 CPU host
Applied in changeset commit:46762efee6b66b86090bb54f0bbb3d593bf23cf3. Warren Baker
05:16 AM Bug #4212: unbound not starting on 12 CPU host
Thanks merged patch from the package would had this fixed (check https://github.com/pfsense/pfsense/pull/1439) Warren Baker
04:20 AM Bug #4212: unbound not starting on 12 CPU host
I just saw, that this was already discussed in the pfsense forum:
https://forum.pfsense.org/index.php?topic=61659.... Thomas Hilse
04:09 AM Bug #4212 (Resolved): unbound not starting on 12 CPU host
In /etc/inc/unbound.inc
the unbound parameters 'msg_cache_slabs', 'rrset_cache_slabs', 'infra_cache_slabs', 'key_cac... Thomas Hilse
05:30 AM Feature #4214 (Resolved): IKEv2 EAP-MSCHAPv2 support
Support for EAP-MSchapv2 authentication.
The integration has been done according to https://forum.pfsense.org/index.... Ermal Luçi
05:25 AM Bug #4213 (Resolved): WebGUI - improper path to icons
Didn't validate it on 2.1.x, but I checked and it's ok on 2.2 by commit:be0af33ee0137cc92272b5f5c5c1a4a70bce82f2 Renato Botelho
05:17 AM Bug #4213 (Resolved): WebGUI - improper path to icons
On the Status -> System Logs -> Firewall tab -> Summary View (/diag_logs_filter_summary.php) in the Source IP Data an... Krzysztof Ciepłucha
04:11 AM Bug #4178: IPsec leftsubnet changed to 0.0.0.0 with Cisco unity plugin active
There has been some fixes on 5.2.2 related to that but not complete one. Ermal Luçi
01:04 AM Feature #3453: Management GUI (lighttpd) interface binding control
I have personally opted for using the following patch, as a burn-in procedure, once the LAN interface has been define... Stéphane Lapie
12:33 AM Feature #3453: Management GUI (lighttpd) interface binding control
+1, also needing this here.
This makes it impossible to create any redundant cluster with userland-based services ... Stéphane Lapie

01/13/2015

11:20 PM Bug #4178: IPsec leftsubnet changed to 0.0.0.0 with Cisco unity plugin active
disabling unity is confirmed to work around this issue, and will suffice for the vast majority in this situation. I'l... Chris Buechler
11:10 PM pfSense Packages Bug #4196 (Feedback): Squid 3.4 pid file can't be created
Applied in changeset commit:078fdef02580b396cdad6c21e8e86360e53d338c. Marcello Silva Coutinho
09:45 PM pfSense Packages Bug #4196: Squid 3.4 pid file can't be created
This may fix most issues with squid package on 2.2
https://github.com/pfsense/pfsense-packages/pull/786
I've incl... Marcello Silva Coutinho
09:42 PM pfSense Packages Bug #4197: squid 3.4 anti-virus feature not working
This may fix most issues with squid package
https://github.com/pfsense/pfsense-packages/pull/786 Marcello Silva Coutinho
07:44 PM Revision a6a42b6d: Actually remove rekey/reauth from config to avoid strange issues. Ticket #4208
Ermal Luçi
07:43 PM Revision 3a56c146: Actually remove rekey/reauth from config to avoid strange issues. Ticket #4208
Ermal Luçi
07:21 PM Revision 656fd270: Add some saftey belts here to be safe
Ermal Luçi
07:21 PM Revision 1ec35c4d: Add some saftey belts here to be safe
Ermal Luçi
07:19 PM Revision 191d5392: Heh bump the config version
Ermal Luçi
07:19 PM Revision a2feea37: Heh bump the config version
Ermal Luçi
06:57 PM Revision b4013725: To avoid issues with clashing SAIDs go back to specifying the reqid in strongswan config.
To be able to manage this first upgrade the config to assign each phase2 an reqid
Second use that during config gener... Ermal Luçi
06:57 PM Revision 1fe208ec: To avoid issues with clashing SAIDs go back to specifying the reqid in strongswan config.
To be able to manage this first upgrade the config to assign each phase2 an reqid
Second use that during config gener... Ermal Luçi
06:28 PM Bug #4211 (Rejected): DNS Answer ignored even though protect against rebind is disabled
there are no issues as described. Replied back in your forum thread. Chris Buechler
06:10 PM Bug #4211 (Rejected): DNS Answer ignored even though protect against rebind is disabled
The pfsense server is 10.233.105.10/26
The interface I have to use for this dns query is 10.232.100.63/25
There... Carl Spiby
03:01 PM Revision 6db7ee23: Improving aesthetics.
Make title color more consistent with other pages.
Improving aesthetics. Bipin Chandra
03:00 PM Revision 5a5615ce: Merge pull request #1437 from xbipin/master
Renato Botelho
02:37 PM Revision f6510207: Improving aesthetics.
Make title color more consistent with other pages.
Improving aesthetics. Bipin Chandra
01:19 PM Bug #4207: IPv6 - PHP error "Warning: inet_pton(): Unrecognized address" in DHCPv6/RA (possibly due to bad format of IPv6 address?)
Awesome! Thanks for checking, Phillip, great to know it's fixed in the new release. Overand IRC-Priv
11:27 AM Bug #4207: IPv6 - PHP error "Warning: inet_pton(): Unrecognized address" in DHCPv6/RA (possibly due to bad format of IPv6 address?)
No problems with white space or anything for me on 2.2-RC. As Chris says, this is fixed in 2.2 and I can't find a com... Phillip Davis
11:16 AM Bug #4207: IPv6 - PHP error "Warning: inet_pton(): Unrecognized address" in DHCPv6/RA (possibly due to bad format of IPv6 address?)
Aha! Looks like a leading space on the "range start" is what does it.
Leading space on this first one: @ 2001:47... Overand IRC-Priv
11:11 AM Bug #4207: IPv6 - PHP error "Warning: inet_pton(): Unrecognized address" in DHCPv6/RA (possibly due to bad format of IPv6 address?)
Well, I figured I might have left something in by accident - figures!
I've attached (but not embedded) the un-mung... Overand IRC-Priv
08:40 AM Bug #4207: IPv6 - PHP error "Warning: inet_pton(): Unrecognized address" in DHCPv6/RA (possibly due to bad format of IPv6 address?)
I tried your formats above and got no "Unrecognized address" text error stuff, just the proper errors reported on the... Phillip Davis
10:29 AM Bug #4210 (Feedback): Bring back a FTP proxy
not something we're looking into for 2.2 at this point Chris Buechler
10:06 AM Bug #4210 (Resolved): Bring back a FTP proxy
on 2.2-RC we noted that ftp helper is not working anymore, confirmed by another users on forum:
https://forum.pfse... Daniel Cabral
10:25 AM Bug #4202: IPsec - completely broken after last round of changes
Fixed, thanks. Kill Bill
09:56 AM Bug #3347 (Resolved): Certificate Authority SAN names not working in 2.1
Fixed at some point on 2.2. When SANs are added to a cert, they are properly reflected in the properties.
> ... Jim Pingle
09:42 AM Feature #4209 (Resolved): Releasing DHCP on WAN interface should send a release
Although sending a DHCP Release is not a requirement of the DHCP spec it would be nice if when clicking "release" on ... Caleb Carges
08:23 AM pfSense Packages Bug #3036 (Resolved): Small web interface bug
Fixed on recent versions Renato Botelho
08:15 AM pfSense Packages Bug #3850 (Resolved): Snort "add a new interface based on this" creates a bad configuration
It was fixed Renato Botelho
08:11 AM pfSense Packages Bug #3202 (Rejected): Squid3-dev library not found
It's expected since PBI libraries are contained inside PBI_DIR/lib and binary wrappers setup environment before call it. Renato Botelho
03:57 AM Bug #4164: IPsec dashboard status wrong for connections with multiple P2s
Perfect. Thanks! Eskild Skaar
03:36 AM Bug #4208: P1 rekeying with IKEv1 failing with no proposal chosen / invalid ID info
I haven't found a means of reliably replicating this with shorter lifetimes. It's either some combination of things t... Chris Buechler
02:48 AM Bug #1360 (Closed): Auto PPTP firewall rules don't work if WAN isn't the default route
PPTP is very nearly dead, this won't be fixed. Chris Buechler
02:47 AM Bug #2421 (Resolved): Filter log parser misinterprets some rare lines resulting in TCP:lo for the proto/flags
won't happen with the logging in 2.2 Chris Buechler
02:44 AM Bug #3447 (Resolved): pfSense 2.1 Captive Portal RADIUS Accouting records not sent to RADIUS Server
was fixed a while back Chris Buechler
02:42 AM Bug #3848 (Resolved): enabling schedule on 2.1.5 causes page fault
multiple people have confirmed 2.2 fixes this issue. Chris Buechler
02:41 AM Bug #3919 (Resolved): carp vhid=255
254 is the highest available VHID in 2.2. Chris Buechler
01:50 AM Bug #4206 (Confirmed): Missing route creation on DHCP-PD lease where ia-na != ia-pd
updated subject to root cause of issue.
Anders: asked about getting a pcap of the DHCPv6 traffic in your forum th... Chris Buechler
01:25 AM Revision 156938a8: Where the P1 is disabled, show the P2s as disabled since they will be, same as in previous versions.
Chris Buechler
01:25 AM Revision 51ef7499: Where the P1 is disabled, show the P2s as disabled since they will be, same as in previous versions.
Chris Buechler
01:10 AM Bug #4204 (Resolved): CP leaking resources on reload
went back through and verified things after that change, all is well. Chris Buechler

01/12/2015

11:54 PM Bug #4208: P1 rekeying with IKEv1 failing with no proposal chosen / invalid ID info
adding some details from what I've found thus far.
* It's not universal, but it is replicable. It's not replicabl... Chris Buechler
09:40 PM Bug #4208: P1 rekeying with IKEv1 failing with no proposal chosen / invalid ID info
to me for further info Chris Buechler
09:40 PM Bug #4208 (Resolved): P1 rekeying with IKEv1 failing with no proposal chosen / invalid ID info
When P1 rekeys with IKEv1, in certain circumstances (which aren't entirely clear) it'll end up failing with no propos... Chris Buechler
11:50 PM Revision d71f9794: Fix IPsec widget for multiple P2, it fixes #4164
Renato Botelho
11:50 PM Revision f285d039: Fix IPsec widget for multiple P2, it fixes #4164
Renato Botelho
10:33 PM Revision 324a2387: Unbound is compiled with libevent so setting this to always be 4096.
Warren Baker
10:32 PM Revision a9402b96: Merge pull request #1430 from wagonza/patch-4
Chris Buechler
10:32 PM Revision ad9148ae: Allow for overhead and up maximum limit from 8 to 32, also only set it if its set to 4 or above. Fixes https://forum.pfsense.org/index.php?topic=78356.msg472781#msg472781
Warren Baker
10:31 PM Revision bf6c57c7: Merge pull request #1428 from wagonza/patch-3
Chris Buechler
09:27 PM Bug #4164 (Resolved): IPsec dashboard status wrong for connections with multiple P2s
this looks good now Chris Buechler
06:10 PM Bug #4164: IPsec dashboard status wrong for connections with multiple P2s
Applied in changeset commit:d71f97947553897f8ae6b0bb1f5145f9456f20bc. Renato Botelho
06:10 PM Bug #4164: IPsec dashboard status wrong for connections with multiple P2s
Applied in changeset commit:f285d039255f8536d135578125be4f5c76ccd24a. Renato Botelho
05:51 PM Bug #4164 (Feedback): IPsec dashboard status wrong for connections with multiple P2s
Renato committed something that seems to work for this, to me for further testing. Chris Buechler
04:33 PM Bug #4164 (Confirmed): IPsec dashboard status wrong for connections with multiple P2s
same status, seems fine for everything except multiple P2s. Chris Buechler
03:40 AM Bug #4164: IPsec dashboard status wrong for connections with multiple P2s
Tested with "2.2-RC (i386) built on Sun Jan 11 18:19:43 CST 2015", but the problem is still present. Eskild Skaar
08:15 PM Bug #4202 (Resolved): IPsec - completely broken after last round of changes
that looks like the only issue that existed here and that works fine now. Chris Buechler
08:20 AM Bug #4202: IPsec - completely broken after last round of changes
Applied in changeset commit:324311043385aed357ca8838bde2c3af3111e564. Ermal Luçi
08:20 AM Bug #4202: IPsec - completely broken after last round of changes
Applied in changeset commit:83b8ed6b2bec13d3b60acd9bd4786e5a7df4de90. Ermal Luçi
08:13 AM Bug #4202 (Feedback): IPsec - completely broken after last round of changes
Just pushed a commit for this.
Thx for the catch. Ermal Luçi
08:11 AM Bug #4202: IPsec - completely broken after last round of changes
Well your problem is on
leftid = asn1dn:
What do you have configured as leftid? Ermal Luçi
04:57 AM Bug #4202: IPsec - completely broken after last round of changes
The IPsec log is above. There is nothing relevant in system log. Relevant configuration from both endpoints:... Kill Bill
04:49 AM Bug #4202 (Rejected): IPsec - completely broken after last round of changes
I am sorry this is not something you call a bug report.
Please provide the contents of your /var/etc/ipsec and you... Ermal Luçi
04:39 AM Bug #4202 (Resolved): IPsec - completely broken after last round of changes
Had perfectly working IKEv2 Mutual RSA configurations. After last round of messing with IPSec (presumably related to ... Kill Bill
08:14 PM Bug #4203 (Resolved): Default loader tunables for DMA and write caching changed on FreeBSD 10.x
this should be fine as is now. Not going to retain the previous default setting since we haven't seen any problems th... Chris Buechler
12:38 PM Bug #4203 (Feedback): Default loader tunables for DMA and write caching changed on FreeBSD 10.x
I removed them entirely for the time being. Having a note in the docs will probably suffice.
I don't believe we'v... Chris Buechler
08:22 AM Bug #4203: Default loader tunables for DMA and write caching changed on FreeBSD 10.x
If we choose to remove them, for reference the new tunables are documented at https://doc.pfsense.org/index.php/Boot_... Jim Pingle
08:08 AM Bug #4203 (Resolved): Default loader tunables for DMA and write caching changed on FreeBSD 10.x
Some of the old ATA subsystem tunables are still used in loader.conf that should be updated and changed on upgrade. O... Jim Pingle
08:08 PM Revision 75b595e8: Fix copyright
Ermal Luçi
08:03 PM Revision d127d01d: Ooops fix culries
Ermal Luçi
08:02 PM Revision 1f1f2a34: No need for this anymore
Ermal Luçi
08:01 PM Revision b8632324: Improve this part as well
Ermal Luçi
07:58 PM Bug #4207 (Closed): IPv6 - PHP error "Warning: inet_pton(): Unrecognized address" in DHCPv6/RA (possibly due to bad format of IPv6 address?)
there were some issues with IPv6 validation in 2.1.5 that are since fixed in 2.2. That was triggered by an invalid IP... Chris Buechler
04:22 PM Bug #4207 (Closed): IPv6 - PHP error "Warning: inet_pton(): Unrecognized address" in DHCPv6/RA (possibly due to bad format of IPv6 address?)
h3. Short Version
I received the following error while trying to configure DHCPv6/RA.
h3. Details
h4. Error
... Overand IRC-Priv
07:57 PM Revision 41196b69: Split the work into different jobs called through fcgicli. Helps Ticket #3932
Ermal Luçi
07:40 PM pfSense Packages Bug #4196: Squid 3.4 pid file can't be created
Thanks Marcello! I'll have keep note of this in-case it's brought up on the forums again.. I've always used a higher ... Cino .
07:27 PM pfSense Packages Bug #4196: Squid 3.4 pid file can't be created
thanks Marcello.
For those wanting to bind it to something < 1024, they'll have to configure net.inet.ip.portrang... Chris Buechler
07:08 PM pfSense Packages Bug #4196: Squid 3.4 pid file can't be created
Marcello Silva Coutinho wrote:
> /var/run/squid will be fixed on next package update. This fixes squid -k reconfigur... Marcello Silva Coutinho
07:00 PM pfSense Packages Bug #4196: Squid 3.4 pid file can't be created
/var/run/squid will be fixed on next package update. This fixes squid -k reconfigure calls returning "no running copy... Marcello Silva Coutinho
06:43 PM Revision df92099c: Remove old write caching tunable as well. Ticket #4203
Chris Buechler
06:43 PM Revision bdb8fbff: Remove old write caching tunable as well. Ticket #4203
Chris Buechler
06:37 PM Revision f66bcbaf: Remove the settings to disable DMA, which have changed in FreeBSD 10.
Ticket #4203 Chris Buechler
06:34 PM Revision 397009e9: Remove the settings to disable DMA, which have changed in FreeBSD 10.
Ticket #4203 Chris Buechler
06:25 PM Revision 35e3d350: Do not leak firewall rules as well when (re)creating rules
Ermal Luçi
06:25 PM Revision f084049d: Do not leak firewall rules as well when (re)creating rules
Ermal Luçi
04:10 PM Bug #4177 (Resolved): Bug in OpenVPN user/pass auth
works now Chris Buechler
04:50 AM Bug #4177: Bug in OpenVPN user/pass auth
Applied in changeset commit:5cd24cf110ed3b5919922de4437ea3344f54eaea. Ermal Luçi
04:50 AM Bug #4177: Bug in OpenVPN user/pass auth
Applied in changeset commit:21165e6455f1402eb6b319dd515a6b43f0bb0e04. Ermal Luçi
04:48 AM Bug #4177 (Feedback): Bug in OpenVPN user/pass auth
Works for me now.
The issue was related to just echo introducing a \n at the end. Ermal Luçi
03:52 PM Bug #4206 (Resolved): Missing route creation on DHCP-PD lease where ia-na != ia-pd
The long story ( https://forum.pfsense.org/index.php?topic=86374.0 ) short:
When a prefix is delegated through DHCP ... Anders Lind
02:36 PM Revision eab9d9c1: Fix spell typo spotted by phil-davis
Renato Botelho
02:35 PM Revision 8ec853c3: Fix spell typo spotted by phil-davis
Renato Botelho
02:14 PM Revision 32431104: Fix typos introduced by chaning to explicit id specification when necessary. Fixes #4202
Ermal Luçi
02:14 PM Revision 83b8ed6b: Fix typos introduced by chaning to explicit id specification when necessary. Fixes #4202
Ermal Luçi
02:05 PM Feature #4205 (Resolved): unbound config option missing
The config option for "use-caps-for-id" is missing from the Advanced tab of the Resolver config page. It's not critic... Ansley Barnes
01:50 PM Revision 0c5e61b1: Fix cut paste brain fade
Phil Davis
01:49 PM Revision 3fbfbe90: Restart PHP-FPM allow to setup ini file
I was just using console menu option 16 Restart PHP-FPM and it hung on a nanoBSD system.
I found /tmp/php_errors.txt ... Phil Davis
01:49 PM Revision b73e9bc2: Merge pull request #1431 from phil-davis/patch-1
Renato Botelho
12:26 PM Bug #4204 (Resolved): CP leaking resources on reload
CP is leaking resources on reload of rules or while reconfiguration.
This will show itself as pipes exhausted when... Ermal Luçi
12:22 PM Bug #4199 (Rejected): 2.1.5 to 2.2 system tunable default value issue
I loaded that on nano and full, 32 and 64 bit, both on 2.2 and on 2.1.5 then upgraded to 2.2, and it never tries to s... Chris Buechler
11:31 AM Revision 2ea976b7: Properly handle large passthrough entries even here.
Ermal Luçi
11:30 AM Revision a4cd8f03: Properly handle large passthrough entries even here.
Ermal Luçi
11:27 AM Revision 9d89f780: Use this generation now of committing pipes directly and only rules to put on ruleset to avoid memory pressure and the timelimit will than be enforced by the caller
Ermal Luçi
11:27 AM Revision 9b255a36: Use this generation now of committing pipes directly and only rules to put on ruleset to avoid memory pressure and the timelimit will than be enforced by the caller
Ermal Luçi
11:26 AM Revision 124299a3: Revert "Ticket #3932 Use array_map to get more parallelism when there are many entries. This makes it not reach the execution timeout with large entries."
This reverts commit 7077addc5a5058fab4b4dc7678270c1000d342c9. Ermal Luçi
11:25 AM Revision fe9ec12b: Revert "Ticket #3932 Use array_map to get more parallelism when there are many entries. This makes it not reach the execution timeout with large entries."
This reverts commit 7077addc5a5058fab4b4dc7678270c1000d342c9. Ermal Luçi
11:21 AM Revision fd9e6066: Actually improve the previous resource leak commit since the function is there but it was not being used during init_rules process.
Ermal Luçi
11:20 AM Revision 0fc3c465: Actually improve the previous resource leak commit since the function is there but it was not being used during init_rules process.
Ermal Luçi
11:18 AM Revision 339e2fe5: * Try to autodetect if the execution limit needs to be raised on big number of passthrough entries.
Set the time limit to 0 and restore it back to default value when this is detected.
* Do not leak pipes when reloadi... Ermal Luçi
11:17 AM Revision 18f4d6c9: * Try to autodetect if the execution limit needs to be raised on big number of passthrough entries.
Set the time limit to 0 and restore it back to default value when this is detected.
* Do not leak pipes when reloadi... Ermal Luçi
10:49 AM Revision 907cc718: Put the value of password under double quotes(") to avoid issues with special characters in passwords. Ticket #4177
Ermal Luçi
10:49 AM Revision 6a752ca2: Put the value of password under double quotes(") to avoid issues with special characters in passwords. Ticket #4177
Ermal Luçi
10:43 AM Revision 545c4435: Do not override the passwd string. First it prevents the md5 working if the crypt() check fails and also is useless to override it since the parameter is passed by value and not by reference.
Ermal Luçi
10:43 AM Revision c80ad8a8: Do not override the passwd string. First it prevents the md5 working if the crypt() check fails and also is useless to override it since the parameter is passed by value and not by reference.
Ermal Luçi
10:40 AM Revision 5cd24cf1: Prevent echo to insert a newline(\n) at the secret string. Fixes #4177
Ermal Luçi
10:40 AM Revision 21165e64: Prevent echo to insert a newline(\n) at the secret string. Fixes #4177
Ermal Luçi
09:38 AM Revision aa685f7a: Ticket #3932 Use array_map to get more parallelism when there are many entries. This makes it not reach the execution timeout with large entries.
Ermal Luçi
09:38 AM Revision 7077addc: Ticket #3932 Use array_map to get more parallelism when there are many entries. This makes it not reach the execution timeout with large entries.
Ermal Luçi
09:19 AM Bug #4147: IPsec - IPv4 Phase 1 using FQDN resolves to IPv6 IP
Yeah, strongswan 5.2.2 does not fix anything here indeed. Kill Bill
08:33 AM Revision f3f885aa: Fix typos and set needed variable
Ermal Luçi
08:33 AM Revision 7001542e: Fix typos and set needed variable
Ermal Luçi
08:30 AM Revision c9f04cd0: properly apply the passthrough entries when apply is hitr.
Ermal Luçi
08:30 AM Revision 330591f5: properly apply the passthrough entries when apply is hitr.
Ermal Luçi
08:27 AM Revision 384deecb: Fix inherent issues with isset and empty values set as true by our parser. This made the piep configuration to be wrong at least for passthrough entries. Ticket #3932
Ermal Luçi
08:27 AM Revision 64ed3e60: Fix inherent issues with isset and empty values set as true by our parser. This made the piep configuration to be wrong at least for passthrough entries. Ticket #3932
Ermal Luçi
05:23 AM Bug #3932: Captive portal with greater than 9000 permanent MAC addresses causes timeout in loading CP
This should be resolved properly now.
 Ermal Luçi
02:33 AM Bug #3932 (Feedback): Captive portal with greater than 9000 permanent MAC addresses causes timeout in loading CP
I pushed some fixes related to this that impacted even 2.2
Normally on a capable machine for this it should be ok.
... Ermal Luçi
01:34 AM Revision 1aecc4da: Bring back showing of default value like previous versions.
Chris Buechler
01:33 AM Revision ab54ec9f: Bring back showing of default value like previous versions.
Chris Buechler
01:16 AM Revision 4fc1c68f: Do not return disabled dynamic gateways
When a dynamic gateway is disabled (by the user through the webGUI), it was still being returned by return_gateways_a... Phil Davis
01:16 AM Revision 7f52fdd2: Merge pull request #1433 from phil-davis/patch-3
Chris Buechler

01/11/2015

11:21 PM Bug #4199: 2.1.5 to 2.2 system tunable default value issue
to replicate this, first copy the sysctl section from the attached config file to a 2.1.5 config file and then upgrad... Bipin Chandra
07:46 PM Bug #4199 (Feedback): 2.1.5 to 2.2 system tunable default value issue
this isn't true, most all configs have the sysctl items and the code that sets them reads their default value and set... Chris Buechler
10:41 AM Bug #4199 (Rejected): 2.1.5 to 2.2 system tunable default value issue
i noticed when u have a config which u have been upgrading since long and now from 2.1.5 to 2.2, the system tunable e... Bipin Chandra
10:15 PM Bug #4177 (Confirmed): Bug in OpenVPN user/pass auth
That's functionally equivalent to what I was trying, which seems like it should work and does fix at least part of th... Chris Buechler
09:50 AM Bug #4177: Bug in OpenVPN user/pass auth
Applied in changeset commit:30656f66407ab42c6f42e9552371090ca84165bb. Ermal Luçi
09:29 AM Bug #4177: Bug in OpenVPN user/pass auth
@Ermal - that fix only got applied to master. It needs to be in RELENG_2_2 also. Phillip Davis
09:57 PM Bug #4147 (Confirmed): IPsec - IPv4 Phase 1 using FQDN resolves to IPv6 IP
the changes in strongswan 5.2.2 that help some FQDN circumstances don't change anything in this case. Where "right" i... Chris Buechler
09:18 PM pfSense Packages Bug #4196: Squid 3.4 pid file can't be created
log file from squid.log. There are a few things going on here..
Squid is unable to bind to port 80 for reverse pro... Cino .
07:47 AM pfSense Packages Bug #4196 (Resolved): Squid 3.4 pid file can't be created
Please see post https://forum.pfsense.org/index.php?topic=84638.msg474780#msg474780
/var/run/squid.pid isn't being c... Cino .
07:51 PM Bug #4201 (Rejected): pfSense user passwords: cannot contain - or ! characters?
all characters are supported and work. Only way it reverts back is if the entire config reverts back, which would be ... Chris Buechler
04:29 PM Bug #4201 (Rejected): pfSense user passwords: cannot contain - or ! characters?
I was trying to set admin user passwords of the form "iodjf-oisdfj-123-oijdfs!-dsiofjs" with about 25 total chars
an... Eduard Rozenberg
07:49 PM pfSense Packages Bug #4059 (Resolved): library required by squid3 may be absent
fixed Chris Buechler
08:37 AM pfSense Packages Bug #4059: library required by squid3 may be absent
It looks like the problem originally reported in this issue has been resolved. Thank you, BB John D
02:02 AM pfSense Packages Bug #4059: library required by squid3 may be absent
Forgot to mention: Stopping service doesn't kill squid processes:
php-fpm[64022]: /status_services.php: The command ... Dmitriy K
01:59 AM pfSense Packages Bug #4059: library required by squid3 may be absent
I can confirm: Squid package is working. But looks like there is an another issue appeared: Squid package heats up my... Dmitriy K
07:48 PM Feature #4200 (Rejected): Would be great: config sync option to NOT sync user auth passwords
No, would not be great. That would never be a good idea. Chris Buechler
04:23 PM Feature #4200 (Rejected): Would be great: config sync option to NOT sync user auth passwords
Hello,
It would be great to have a new option to not sync passwords for auth users in config sync settings.
Cur... Eduard Rozenberg
03:40 PM Revision fd607d14: configured gitignore for eclipse, add clean.sh
Sjon Hortensius
03:38 PM Revision 7025c4fa: Remove debug code
Ermal Luçi
03:38 PM Revision 30656f66: Fixes #4177 convert password to base64 to be submitted to avoid issues with special chars in shell and HTTP GET parameter passing. Probably should add POST support to fcgicli.
Ermal Luçi
03:37 PM Revision 619aa26f: Remove debug code
Ermal Luçi
03:35 PM Revision 7c804c69: Some tweaks for global tpl considerations
* pkg_mgr* - removed icon-hrefs with actual buttons
* system - made labels shorter, added label in content column too... Sjon Hortensius
03:15 PM Revision 2d375e81: Fix cut paste brain fade
Phil Davis
03:09 PM Revision 8d848bdf: Do not return disabled dynamic gateways
When a dynamic gateway is disabled (by the user through the webGUI), it was still being returned by return_gateways_a... Phil Davis
02:24 PM Revision 8a07e316: Merge branch 'master' into bootstrap
Conflicts occured in copyright message (year-update) due to whitespace difference and themes/ which was removed Sjon Hortensius
02:01 PM Revision 41ea4cf3: implemented widget drag/drop on index + storage
replaced custom jquery-ui with default set of plugins Sjon Hortensius
01:03 PM Revision fc03ca01: Fix POST typo in interfaces_assign.php
Obviously a typo. But this section is inside:
if (isset($_POST['add_x']) && isset($_POST['if_add'])) {
and I cannot f... Phil Davis
01:03 PM Revision 6bdb02d3: Merge pull request #1432 from phil-davis/patch-2
Renato Botelho
12:55 PM Revision 3f6930f7: Fix POST typo in interfaces_assign.php
Obviously a typo. But this section is inside:
if (isset($_POST['add_x']) && isset($_POST['if_add'])) {
and I cannot f... Phil Davis
11:49 AM Feature #4194: Mass maintenance tools :-)
On 2.2 there is a macro in the drop-down list for destination that is "This Firewall" which covers all IP addresses o... Jim Pingle
11:48 AM Feature #4194: Mass maintenance tools :-)
Give my damaged brain some time, and it comes back to me (in the shower, this morning :D).
_(I seriously have brai... Hollander Hollander
08:24 AM pfSense Packages Bug #4198 (Resolved): lightsquid doesn't work, perl is missing
perl isn't correctly installed for lightsquid to work. Manually installing perl and adding a couple of symbiotic link... Cino .
08:17 AM pfSense Packages Bug #4197 (Resolved): squid 3.4 anti-virus feature not working
I haven't posted this on the forum yet but it looks like the symbiotic links aren't being created for the anti-virus ... Cino .

01/10/2015

11:05 PM Bug #4147: IPsec - IPv4 Phase 1 using FQDN resolves to IPv6 IP
Even though this is in feedback, I'm assigning it. (To Chris.)
 Jim Thompson
03:20 PM Bug #4147 (Feedback): IPsec - IPv4 Phase 1 using FQDN resolves to IPv6 IP
Ermal Luçi
03:20 PM Bug #4147: IPsec - IPv4 Phase 1 using FQDN resolves to IPv6 IP
Normally this should be fixed as part of latest 2.2 and switch to strongswan 5.2.2.
Now the resolve to address is ... Ermal Luçi
09:35 PM Revision 31cf5a93: Fixes #3281 do not undo any changes already done for gif/gre interface.
Ermal Luçi
09:34 PM Revision 7de6a47f: Fixes #3281 do not undo any changes already done for gif/gre interface.
Ermal Luçi
09:17 PM Revision e821f30e: Fixes #4177 convert password to base64 to be submitted to avoid issues with special chars in shell and HTTP GET parameter passing. Probably should add POST support to fcgicli.
Ermal Luçi
08:52 PM Revision 60370eb9: Properly rename the var Ticket #4164
Ermal Luçi
08:50 PM Revision 83b0a21a: Properly rename the var Ticket #4164
Ermal Luçi
04:33 PM Revision 6eeca0ef: notices now presented as modal-popup
Sjon Hortensius
03:53 PM Revision 1d8c79cc: Restart PHP-FPM allow to setup ini file
I was just using console menu option 16 Restart PHP-FPM and it hung on a nanoBSD system.
I found /tmp/php_errors.txt ... Phil Davis
03:53 PM Revision 2d26ee5e: initial rewrite of package management pages
Sjon Hortensius
03:40 PM Bug #4177: Bug in OpenVPN user/pass auth
Applied in changeset commit:e821f30e7dd50285cf0c590d205409bb53cf3d6a. Ermal Luçi
03:16 PM Bug #4177 (Feedback): Bug in OpenVPN user/pass auth
base64 is a better solution, implemented now. Ermal Luçi
03:26 PM Feature #4179 (Feedback): Driver oce is missing from 2.2 RC
activated on master branch. Ermal Luçi
02:58 PM Bug #4164 (Feedback): IPsec dashboard status wrong for connections with multiple P2s
Ermal Luçi
01:02 PM Revision 31f03b6c: re-added shortcuts/, global tpl updates
* merged fbegin into head.inc, rename fend to foot.inc
* consistency: head.inc now outputs '<body>'; foot outputs '</... Sjon Hortensius
06:41 AM pfSense Packages Bug #4059: library required by squid3 may be absent
Pfsense: 2.2-RC (amd64) built on Sat Jan 10 03:54:06 CST 2015
Squid: 3.4.10_2 pkg 0.2.2
Installation works fine ... Gerald Drausinger
06:35 AM pfSense Packages Bug #4114: Squid 3.4.9 transparent proxy broken.
Pfsense: 2.2-RC (amd64) built on Sat Jan 10 03:54:06 CST 2015
Squid: 3.4.10_2 pkg 0.2.2
Issue with transparent p... Gerald Drausinger
01:33 AM pfSense Packages Bug #4114: Squid 3.4.9 transparent proxy broken.
Just tested the new package, still transparent proxy does not work. In the logs I get "TAG_NONE/400" and the client g... Arthur Undisclosed
04:08 AM Revision ed5c6e89: Default to only AES and SHA1 for new P2s.
Chris Buechler
04:08 AM Revision c39feb71: Default to only AES and SHA1 for new P2s.
Chris Buechler
04:01 AM Revision c5ddb6ad: Default IPsec to AES
Chris Buechler
04:00 AM Revision 6f7960c3: Default IPsec to AES
Chris Buechler
03:59 AM Revision c1826169: Default IPsec to main mode, unless mobile client.
Chris Buechler
03:59 AM Revision 460719c8: Default IPsec to main mode, unless mobile client.
Chris Buechler

01/09/2015

11:28 PM Bug #4177: Bug in OpenVPN user/pass auth
the problem here is how ovpn_auth_verify passes the password to openvpn.auth-user.php. The latter does a urldecode, w... Chris Buechler
07:28 PM Bug #4177 (Confirmed): Bug in OpenVPN user/pass auth
Chris Buechler
10:12 PM Revision 422a2007: Do not count twice the phase2 entries
Ermal Luçi
10:12 PM Revision 9c0ec56e: Do not count twice the phase2 entries
Ermal Luçi
09:47 PM Revision 7f48765a: Just some reshufling and cleanup
Ermal Luçi
09:47 PM Revision 832ec9fe: Just some reshufling and cleanup
Ermal Luçi
09:32 PM Revision 9218ecb6: Let the kernel handle REQID rather than handling it manually. The connection name is the one needed here.
Ermal Luçi
09:32 PM Revision e8cb8b29: Let the kernel handle REQID rather than handling it manually. The connection name is the one needed here.
Ermal Luçi
09:07 PM Revision 526e6c06: Add tracker and label to IPv4 Link-Local block rules.
Jim Pingle
09:06 PM Revision 57963e4b: Add tracker and label to IPv4 Link-Local block rules.
Jim Pingle
07:35 PM Bug #3281: In certain cases, GRE interfaces are missing the "RUNNING" flag at bootup and will not function
I have 2.2-RC (amd64) built on Fri Jan 09 09:55:04 CST 2015 FreeBSD 10.1-RELEASE-p3 installed on Hyper-v 2012 R2
I a... James Field
07:03 PM Bug #4094 (Resolved): Gateway Status can report Online when gateway is waiting for DHCP
all good, could clearly replicate different scenarios on a version prior to the fix date, and they work fine on a ver... Chris Buechler
06:52 PM pfSense Packages Bug #4059: library required by squid3 may be absent
this seems to be working, will leave for others' confirmation. Chris Buechler
02:48 PM pfSense Packages Bug #4059 (Feedback): library required by squid3 may be absent
Please try pkg version 0.2.2 Renato Botelho
06:33 PM Bug #3968 (Resolved): Incorrect gateway is assumed when using tun + topology subnet
all the circumstances that work in 2.1.x confirmed good Chris Buechler
04:51 PM Bug #3968: Incorrect gateway is assumed when using tun + topology subnet
Just kicking this so maybe we can get it resolved. Jim Thompson
05:54 PM Bug #4164 (Confirmed): IPsec dashboard status wrong for connections with multiple P2s
as suspected after previous fixes, this doesn't work, it only shows the first up. Chris Buechler
05:52 PM Bug #3987 (Resolved): not possible to have both IKEv1 and IKEv2 mobile P1s
works Chris Buechler
05:51 PM Bug #4189 (Resolved): url(IPs) alias not loading correctly.
works. Cleans up lists like the DROP list to work, and prevents loading of aliases containing bunk data that'd blow u... Chris Buechler
05:32 PM Bug #4188 (Resolved): IPSec SA requestid has limited range in FreeBSD
fixed again Chris Buechler
04:59 PM Bug #3979: 2.2 IPsec NAT-T / MOBIKE IKEv2 control
this is fine as is for now, will revisit for 2.2.1 Chris Buechler
02:48 PM pfSense Packages Bug #4114 (Feedback): Squid 3.4.9 transparent proxy broken.
Please try pkg version 0.2.2 Renato Botelho
02:17 PM Bug #4143: After firmware upgrade it keeps saying "Packages are currently being reinstalled in the background." for no apparent reason.
The commit that was done been commented out in the code now.. Which would reopen this issue.
Would it be an option... Pi Ba
01:24 PM Bug #4174 (Resolved): multi-WAN IPsec uses wrong interface at times
works Chris Buechler
01:11 PM Bug #4193 (Rejected): libevent-2.0.so.5 symlink missing on 2.2 RC
it's there on 2.2-RC both 32 and 64 bit, nano and full. It's not a symlink and never has been. I double checked the o... Chris Buechler
09:51 AM Feature #4194: Mass maintenance tools :-)
In the thread you referred to, Jim, Volker made another good mass maintenance suggestion:
[quote]
The other reall... Hollander Hollander
09:46 AM Feature #4194: Mass maintenance tools :-)
Thank you, Jim: how could I have overlooked that?(?) Even more: as I have used them in the past(!) (But there was som... Hollander Hollander
07:57 AM Feature #4194: Mass maintenance tools :-)
The mass disable/enable/copy function is good, but the second bit you describe is essentially already there with Inte... Jim Pingle
07:39 AM Feature #4194 (Duplicate): Mass maintenance tools :-)
G'day :D
As I wrote here:
https://forum.pfsense.org/index.php?topic=86254.15
If you would want, at least in ... Hollander Hollander
09:50 AM Feature #3506: Firewall:Aliases - Sort/Move Function
+1 for me too, and also +1 for Volker's suggestion. Hollander Hollander
09:38 AM Bug #3383: Web GUI becomes slow or unusable if the LDAP server used for GUI auth is unreachable
Renato Botelho being able to revert to local DB is a useful workaround compared to the current process of having to e... Robert Middleswarth
08:51 AM Revision 2cbcc256: Unbound is compiled with libevent so setting this to always be 4096.
Warren Baker
08:23 AM Revision ad04bbbf: Allow for overhead and up maximum limit from 8 to 32, also only set it if its set to 4 or above. Fixes https://forum.pfsense.org/index.php?topic=78356.msg472781#msg472781
Warren Baker
08:18 AM Feature #4195: Aliases: sections
Sorting is already a feature request: #3506
The sections part may be something to consider though. Jim Pingle
08:16 AM Feature #4195: Aliases: sections
Sorry, pushed 'send' before filling the classification fields :-( Hollander Hollander
08:15 AM Feature #4195 (New): Aliases: sections
G'day :D
My aliases are a mess; I have many of them, and I need to reorganize this. Now, one thing that is making ... Hollander Hollander
07:14 AM Revision 557c21da: After the other set of changes had unexpected complications, let's back this out too. Revert "PEAR static method call warning"
This reverts commit 4751f76a6772147097906b699d4216ae38c58c39. Chris Buechler
07:13 AM Revision 3529ac32: After the other set of changes had unexpected complications, let's back this out too. Revert "PEAR static method call warning"
This reverts commit 4751f76a6772147097906b699d4216ae38c58c39. Chris Buechler
06:40 AM Revision 0515117e: This broke a variety of things. Revert "Deprecated and non-static method messages"
This reverts commit 91b9a02fb131746c67fdf9f34282f123a13f1b13. Chris Buechler
06:40 AM Revision 23ca5695: This broke a variety of things. Revert "Deprecated and non-static method messages"
This reverts commit 91b9a02fb131746c67fdf9f34282f123a13f1b13. Chris Buechler
06:20 AM Revision 0391b39b: PEAR static method call warning
Forum https://forum.pfsense.org/index.php?topic=86478.0
PEAR is used by
IPv6.inc
auth.inc
captiveportal.inc
radius.in... Phil Davis
06:20 AM Revision 79ac2ee0: Merge pull request #1427 from phil-davis/PEAR-static-methods
Chris Buechler
06:18 AM Revision ecefba29: disable this PHP error logging, errors that are really significant end up with a crash report, this is more noise than useful at this stage in 2.2.
Chris Buechler
06:17 AM Revision e8e494f3: disable this PHP error logging, errors that are really significant end up with a crash report, this is more noise than useful at this stage in 2.2.
Chris Buechler
04:19 AM Revision 4751f76a: PEAR static method call warning
Forum https://forum.pfsense.org/index.php?topic=86478.0
PEAR is used by
IPv6.inc
auth.inc
captiveportal.inc
radius.in... Phil Davis
12:01 AM Bug #4004 (Resolved): CARP on HyperV
confirmed working Chris Buechler

01/08/2015

11:42 PM Bug #4193: libevent-2.0.so.5 symlink missing on 2.2 RC
Not seeing it.
[2.2-RC][admin@<Yeah, no>]/root: cat /etc/version*
2.2-RC
Thu Jan 08 19:13:15 CST 2015
d97dd424371014... Jim Thompson
09:42 PM Bug #4193 (Rejected): libevent-2.0.so.5 symlink missing on 2.2 RC
on 2.2 beta I have ldd /usr/local/sbin/check_reload_status with all libs ok
/usr/local/sbin/check_reload_status:
... Marcello Silva Coutinho
10:58 PM Revision d97dd424: Make this code less memory hungry and fix route command generation
Ermal Luçi
10:57 PM Revision 74fe0ef9: Make this code less memory hungry and fix route command generation
Ermal Luçi
09:49 PM Revision 2ecb2daf: Catch packets on all iunterfaces and send them out the correct one. Fixes #4174
Ermal Luçi
09:49 PM Revision ac8f75f1: Catch packets on all iunterfaces and send them out the correct one. Fixes #4174
Ermal Luçi
09:36 PM pfSense Packages Bug #4114: Squid 3.4.9 transparent proxy broken.
package build options are updated and pbi rebuild. Marcello Silva Coutinho
08:26 PM Revision bad9dec5: Deprecated and non-static method messages
Fix various files that can emit messages like:
PHP Strict Standards: Non-static method SimplePie_Misc::array_unique(... Phil Davis
08:25 PM Revision dd0ad62c: Merge pull request #1426 from phil-davis/deprecated-stuff
Chris Buechler
07:35 PM Revision 91b9a02f: Deprecated and non-static method messages
Fix various files that can emit messages like:
PHP Strict Standards: Non-static method SimplePie_Misc::array_unique(... Phil Davis
07:32 PM Bug #4188 (Confirmed): IPSec SA requestid has limited range in FreeBSD
yeah this did break that scenario Chris Buechler
07:17 PM Bug #4188: IPSec SA requestid has limited range in FreeBSD
This broke https://redmine.pfsense.org/issues/4129 again.. it really needs different reqid's for each P1 if unity is ... Pi Ba
07:25 AM Bug #4188: IPSec SA requestid has limited range in FreeBSD
Just need to check if the IKEv1 tunnels with many phase2 are still usable with pfSense to some other product Chris.
... Ermal Luçi
07:27 PM Bug #4192 (Resolved): check_reload_status aggregation of CARP events causes issues
This is confirmed fixed on the most recent snapshot, but adding a ticket for tracking purposes.
check_reload_stat... Chris Buechler
06:17 PM Revision 7c1c70d5: Improve URL and URL ports alias update data:
- Move redundant code to a function parse_aliases_file(). Before the max
number of items was not being respected when... Renato Botelho
06:16 PM Revision 6d1907a3: Improve URL and URL ports alias update data:
- Move redundant code to a function parse_aliases_file(). Before the max
number of items was not being respected when... Renato Botelho
04:12 PM Bug #4004: CARP on HyperV
to me for testing Chris Buechler
03:47 PM Bug #4004 (Feedback): CARP on HyperV
Patch provided by Microsoft applied, ready for tests on next rounds of snapshots Renato Botelho
02:34 PM Bug #4004 (Assigned): CARP on HyperV
Jim Thompson
04:10 PM Bug #4174: multi-WAN IPsec uses wrong interface at times
Applied in changeset commit:2ecb2dafa5fa78388fd72c3360495f734cb5633c. Ermal Luçi
04:10 PM Bug #4174: multi-WAN IPsec uses wrong interface at times
Applied in changeset commit:ac8f75f1e046b32c88693ff0c6854b7f641cf206. Ermal Luçi
04:09 PM Bug #4174: multi-WAN IPsec uses wrong interface at times
to me for further testing Chris Buechler
04:04 PM Bug #4174 (Feedback): multi-WAN IPsec uses wrong interface at times
Ermal Luçi
12:13 AM Bug #4174: multi-WAN IPsec uses wrong interface at times
Ermal: the test box at 172.27.44.52 has the test case setup we talked about earlier, where the "pass out" rules speci... Chris Buechler
04:09 PM Bug #4178 (Feedback): IPsec leftsubnet changed to 0.0.0.0 with Cisco unity plugin active
strongswan 5.2.2 may fix, otherwise disabling unity plugin should work around, awaiting feedback Chris Buechler
03:41 PM Revision 1776d19e: Change OpenVPN CARP VIP test to be more accurate. The client should also not be run if the VIP is in the INIT state.
Jim Pingle
03:41 PM Revision 725d54bd: Change OpenVPN CARP VIP test to be more accurate. The client should also not be run if the VIP is in the INIT state.
Jim Pingle
02:33 PM Bug #4069 (Resolved): cookie_test causes false positives in vulnerability scanners
fixed Chris Buechler
06:40 AM Bug #4069: cookie_test causes false positives in vulnerability scanners
Applied in changeset commit:9156a51d0cb8f7124be3c173ea9bebc057f662b5. Renato Botelho
06:20 AM Bug #4069 (Feedback): cookie_test causes false positives in vulnerability scanners
Applied in changeset commit:ce997e6a88e9eb23c03b73f89d38257ce37a4023. Renato Botelho
02:26 PM Revision ae952a03: Unobsolete libcurl.so.4 since it's installed by recent versions of curl package
Renato Botelho
02:26 PM Revision 1ba50154: Unobsolete libcurl.so.4 since it's installed by recent versions of curl package
Renato Botelho
02:16 PM Bug #4186 (Resolved): VLANs on lagg not configurable with FEC, LB and RR modes
fixed Chris Buechler
12:05 AM Bug #4186 (Feedback): VLANs on lagg not configurable with FEC, LB and RR modes
Added a workaround for this. Chris Buechler
01:08 PM Revision d10a1662: Fix check for cookies, the way it was implemented didn't work because it would need a refresh to check if cookie was set or not. Use javascript to do a simple test
Renato Botelho
01:08 PM Revision a980b284: Fix check for cookies, the way it was implemented didn't work because it would need a refresh to check if cookie was set or not. Use javascript to do a simple test
Renato Botelho
12:40 PM Bug #4189: url(IPs) alias not loading correctly.
Applied in changeset commit:7c1c70d5ea751213307fec9e522a7f032c0c9499. Renato Botelho
12:20 PM Bug #4189 (Feedback): url(IPs) alias not loading correctly.
Applied in changeset commit:6d1907a3d2d9729f37fe15d0291d3a0f9a85a25e. Renato Botelho
12:26 PM Revision 9156a51d: Add a value to cookie, otherwise it's not set. Before my last change parameters were out of order and expiration time was being set as value. It should fix #4069
Renato Botelho
12:15 PM Revision ce997e6a: Add a value to cookie, otherwise it's not set. Before my last change parameters were out of order and expiration time was being set as value. It should fix #4069
Renato Botelho
11:33 AM Revision adf8a74a: This is not the place for this setting and werid its here!
Ermal Luçi
11:33 AM Revision 3d031b27: This is not the place for this setting and werid its here!
Ermal Luçi
06:05 AM Revision f585d06e: some lagg modes are missing vlanmtu, but work fine with VLANs. Work around it for now at least. Ticket #4186
Chris Buechler
06:03 AM Revision 21e2561f: some lagg modes are missing vlanmtu, but work fine with VLANs. Work around it for now at least. Ticket #4186
Chris Buechler
05:48 AM Revision 2727e3fc: Also include /127 for IPv6, it works fine. Ticket #3657
Chris Buechler
05:47 AM Revision 8948f125: Also include /127 for IPv6, it works fine. Ticket #3657
Chris Buechler
05:42 AM Revision 13358d35: Allow for configuring /31 masks on interfaces.php. The rest of the code was updated accordingly some time ago, and an employee with Cox Communications has confirmed this allows things to work on their circuits deployed with /31s. Ticket #4190
Chris Buechler
05:39 AM Revision aac1c1db: Allow for configuring /31 masks on interfaces.php. The rest of the code was updated accordingly some time ago, and an employee with Cox Communications has confirmed this allows things to work on their circuits deployed with /31s. Ticket #4190
Chris Buechler
05:28 AM Revision 74017e32: "Like with like" - move a few functions to better places in the code (they are placed strangely)
A few functions such as ipcmp(), subnet_expand(), and check_subnets_overlap() are in illogical places - away from al... Stilez y
05:28 AM Revision 564978ad: Merge pull request #1425 from stilez/patch-2
Chris Buechler
05:04 AM Revision 05b47f2d: fix up text
Chris Buechler
05:04 AM Revision b25ccd04: fix up text
Chris Buechler
03:00 AM Revision 6be58d9d: fix strongswan conf file generation with ipcomp. Ticket #4182
Chris Buechler
02:59 AM Revision 2a691e34: fix strongswan conf file generation with ipcomp. Ticket #4182
Chris Buechler
02:55 AM Bug #4191 (Resolved): GRE interface not in RUNNING state after reboot
When using GRE in combination with IPSEC transport mode the GRE interface never gets to RUNNING state after reboot. A... Per Hodneland
02:46 AM Bug #4180: OpenVPN Backend for authentication field does not process in other languages
I tested by have an OpenVPN server setup in English, then switch language to Turkish. The words for "Local Database" ... Phillip Davis
12:17 AM Bug #4180 (Resolved): OpenVPN Backend for authentication field does not process in other languages
I can't easily test this, but the change looks good to me and Renato, and I trust Phil to get it right. If there are ... Chris Buechler
02:01 AM Bug #4182: IPsec ipcomp is not supported with strongswan
Heh i even saw that issue but apparently did not include in the fix.
Thx Chris. Ermal Luçi

01/07/2015

11:48 PM Revision f8e23dc8: Fixes #4188 use the same reqid over same phase1 but different phase2 connections. The dashboard will be fixed with the ticket already open. This should fix a lot of instabilities reported on the forums for people having a dozen or more tunnels
Ermal Luçi
11:48 PM Revision 4a3ce17a: Fixes #4188 use the same reqid over same phase1 but different phase2 connections. The dashboard will be fixed with the ticket already open. This should fix a lot of instabilities reported on the forums for people having a dozen or more tunnels
Ermal Luçi
11:47 PM Bug #3657 (Resolved): Web Interface - Missing Static IPv6 /127 Subnet Prefix
this has been fixed in 2.2 Chris Buechler
11:42 PM Feature #4190 (Resolved): Support for RFC 3021, using 31-Bit Prefixes on IPv4 Point-to-Point Links
works.
related forum thread:
https://forum.pfsense.org/index.php?topic=83741.msg467113 Chris Buechler
11:40 PM Feature #4190 (Resolved): Support for RFC 3021, using 31-Bit Prefixes on IPv4 Point-to-Point Links
The back-end work for this was done a while back, but not exposed in the GUI as FreeBSD 8.x lacked support. An employ... Chris Buechler
11:39 PM Revision b17ac4f7: "Like with like" - move a few functions to better places in the code (they are placed strangely)
A few functions such as ipcmp(), subnet_expand(), and check_subnets_overlap() are in illogical places - away from al... Stilez y
11:14 PM Bug #4004: CARP on HyperV
Testing isn't an issue, assign it to me once the patch is in. Chris Buechler
11:00 PM Bug #4004: CARP on HyperV
Assigning this to Ermal, as Microsoft has given us a patch.
(Testing is a whole different problem.)
If the patc... Jim Thompson
11:03 PM Bug #3790 (Resolved): Input validation is too strict for IPv6 Prefix ID for Track Interface
fixed Chris Buechler
09:31 PM Revision 0759fdd8: Correct the sense of the check by default unity is enabled
Ermal Luçi
09:31 PM Revision 7a959780: Correct the sense of the check by default unity is enabled
Ermal Luçi
09:07 PM Revision 4a076e36: Provide an advanced setting to be able to disable Unity Plugin(Cisco extensions)
Ermal Luçi
09:06 PM Revision 845f9f78: Provide an advanced setting to be able to disable Unity Plugin(Cisco extensions)
Ermal Luçi
08:59 PM Bug #4182 (Resolved): IPsec ipcomp is not supported with strongswan
that broke the conf files, but is now fine with the commits I just pushed. Chris Buechler
09:50 AM Bug #4182: IPsec ipcomp is not supported with strongswan
Applied in changeset commit:40cc36d165ebe44f423554e9bc411f17161fea3b. Ermal Luçi
09:50 AM Bug #4182 (Feedback): IPsec ipcomp is not supported with strongswan
Applied in changeset commit:45efe1b672f16a5c4b1e856f1deb2e55dde1c6e4. Ermal Luçi
09:18 AM Bug #4182 (Resolved): IPsec ipcomp is not supported with strongswan
With racoon compression is always enabled on the connection while with strongswan default value is to off.
Even th... Ermal Luçi
08:41 PM Bug #4188 (Resolved): IPSec SA requestid has limited range in FreeBSD
confirmed the new snapshot with this fix fixes the circumstances where we were seeing this. Chris Buechler
06:10 PM Bug #4188: IPSec SA requestid has limited range in FreeBSD
Applied in changeset commit:f8e23dc8c4f6c333621e4fb44e8fc1f3ef1dd60c. Ermal Luçi
06:10 PM Bug #4188 (Feedback): IPSec SA requestid has limited range in FreeBSD
Applied in changeset commit:4a3ce17a7e3926cce3bf2671965096db78f95932. Ermal Luçi
05:31 PM Bug #4188 (Confirmed): IPSec SA requestid has limited range in FreeBSD
Chris Buechler
05:29 PM Bug #4188 (Resolved): IPSec SA requestid has limited range in FreeBSD
FreeBSD allows up to ~16000 range of reqid on the SAs specified manually.
There are problems with the IPsec SA track... Ermal Luçi
08:27 PM Bug #4090 (Resolved): unbound advanced settings cause broken unbound.conf file
With Renato's steps I could replicate the issue. the base64 encoding works, and does fix it. Chris Buechler
08:05 PM Todo #4173 (Resolved): Web site cleanup - deprecated 512 MB images
Cleaned that up. The existing 512M systems out there will fail auto-update checks now, but they didn't upgrade succes... Chris Buechler
08:02 PM Revision 5324ea38: Move to specifically specifying the ID type apart when an ip address to have strongswan do proper behaviour. Also for DynDNS names use the dns type id so strongswan does the resolving by its own.
Ermal Luçi
08:02 PM Revision 1ada4c8c: Move to specifically specifying the ID type apart when an ip address to have strongswan do proper behaviour. Also for DynDNS names use the dns type id so strongswan does the resolving by its own.
Ermal Luçi
07:26 PM Revision 2f56ac49: Don't hard code the target IP in auto-generated outbound NAT rules, use
previous behavior of setting it to the interface IP. Chris Buechler
07:25 PM Revision b9f290bd: Don't hard code the target IP in auto-generated outbound NAT rules, use
previous behavior of setting it to the interface IP. Chris Buechler
07:22 PM Revision 3c364131: split is deprecated move to explode
Ermal Luçi
07:22 PM Revision f99f51a9: split is deprecated move to explode
Ermal Luçi
07:20 PM Revision ba0bc258: split is deprecated move to explode
Ermal Luçi
07:20 PM Revision f3ab0e74: split is deprecated move to explode
Ermal Luçi
07:18 PM Revision cc9b3e07: split is deprecated move to explode
Ermal Luçi
07:18 PM Revision ad451a81: split is deprecated move to explode
Ermal Luçi
07:16 PM Revision 9643058d: split is deprecated move to explode
Ermal Luçi
07:15 PM Revision 91456048: split is deprecated move to explode
Ermal Luçi
06:55 PM Bug #4185 (Rejected): error "macro IPsec not defined" caused by ipsec settings set to initiated from a carp-ip/interface
#4189 is actual root cause Chris Buechler
06:31 PM Bug #4185: error "macro IPsec not defined" caused by ipsec settings set to initiated from a carp-ip/interface
This one seems to be a side-effect of this a bogus url(IPs) alias like described here: https://redmine.pfsense.org/is... Pi Ba
04:30 PM Bug #4185 (Feedback): error "macro IPsec not defined" caused by ipsec settings set to initiated from a carp-ip/interface
the issue as described doesn't exist. There could be some unusual edge case but I don't see how, our test environment... Chris Buechler
02:06 PM Bug #4185 (Rejected): error "macro IPsec not defined" caused by ipsec settings set to initiated from a carp-ip/interface
error "macro IPsec not defined" caused by ipsec connection initiated from a carp-ip/interface
on reboot (and rando... Pi Ba
06:49 PM Revision 3add5b2d: fix text
Chris Buechler
06:48 PM Revision 2a8a09a9: fix text
Chris Buechler
06:47 PM Revision d2884b9a: fix spelling of compression
Chris Buechler
06:47 PM Revision e57a3e40: fix spelling of compression
Chris Buechler
06:09 PM Bug #4189 (Resolved): url(IPs) alias not loading correctly.
url alias with ip's not loading correctly.
01-08-15 01:05:28 [ There were error(s) loading the rules: /tmp/rules.d... Pi Ba
04:56 PM Bug #4187 (Rejected): dhcpv6 client settings override system defaults
The checkbox to disable IPv6 only blocks all IPv6. If you leave IPv6 enabled elsewhere, it'll block it, and cause thi... Chris Buechler
04:40 PM Bug #4187 (Rejected): dhcpv6 client settings override system defaults
Hi,
It's my first bugreport here, so please be gentle.
I noticed routing system logs (system logs -> routing) g... Pedro Caetano
04:50 PM Feature #3916 (Assigned): IPsec status Overview tab no longer an overview
Jim Thompson
04:25 PM Bug #4186 (Confirmed): VLANs on lagg not configurable with FEC, LB and RR modes
Thanks, that's what I was wondering. It's 3 of the modes where lagg stops reporting itself as VLAN-capable. Chris Buechler
04:17 PM Bug #4186: VLANs on lagg not configurable with FEC, LB and RR modes
To be more precise: The drop down boxes on interface_vlan_edit.php only show igb0 to igb3, but not lagg0. Ron Hubert
04:15 PM Bug #4186: VLANs on lagg not configurable with FEC, LB and RR modes
For me it is not possible to create a vlan tag on top of the lagg0 interface. I am currently investigating /etc/inc/i... Ron Hubert
03:47 PM Bug #4186 (Feedback): VLANs on lagg not configurable with FEC, LB and RR modes
what do you mean it doesn't allow you to create tagged interfaces on the lagg? That works fine, we have several syste... Chris Buechler
02:39 PM Bug #4186 (Resolved): VLANs on lagg not configurable with FEC, LB and RR modes
Hi,
i created different variants (simple virtualbox (3× pcn, 3x em), lanner 7535 (6x EM), supermicro c2758 board (6x... Ron Hubert
03:39 PM Bug #4146 (Resolved): OpenVPN tap interfaces are down after boot
fixed Chris Buechler
05:40 AM Bug #4146: OpenVPN tap interfaces are down after boot
Applied in changeset commit:4ab1ffa0b042e4fda87d66de2fd74a1e6db48272. Renato Botelho
05:40 AM Bug #4146 (Feedback): OpenVPN tap interfaces are down after boot
Applied in changeset commit:d4e894f6a6f464fd00e39356a23586f8420b31af. Renato Botelho
03:35 PM Revision 40cc36d1: Fixes #4182 by properly managing IPcomp on ipsec tunnels.
Also retires IPsec force reloading advanced sysctl since its useless nowdays with strongswan and remove its call on r... Ermal Luçi
03:33 PM Revision 45efe1b6: Fixes #4182 by properly managing IPcomp on ipsec tunnels.
Also retires IPsec force reloading advanced sysctl since its useless nowdays with strongswan and remove its call on r... Ermal Luçi
03:06 PM Bug #4178: IPsec leftsubnet changed to 0.0.0.0 with Cisco unity plugin active
Pushed a sysctl to be able to disable unity plugin as a workaround. Ermal Luçi
01:54 PM Bug #4184 (Rejected): Disable SMTP Notifications
The box does what it's intended to do. It disables sending firewall _notifications_ via SMTP. Other subsystems may by... Jim Pingle
01:50 PM Bug #4184: Disable SMTP Notifications
It looks like /etc/inc/notices.inc function notify_via_smtp() correctly checks the disabled setting, so anything that... Phillip Davis
01:04 PM Bug #4184 (Rejected): Disable SMTP Notifications
In SYSTEM>ADVANCED>NOTIFICATIONS>SMTP E-Mail, even selecting the "Disable SMTP Notifications" option, still keeps sen... Wendell Borges
12:55 PM Bug #4148: gen_subnet returns incorrect result for IPv6
Thanks gen_subnet() is fixed, however issue #4141 still exists as ip_in_subnet(11.22.33.5,abcd::/64) needs fixing to. Pi Ba
12:17 AM Bug #4148 (Resolved): gen_subnet returns incorrect result for IPv6
fixed Chris Buechler
12:55 PM Bug #4183: Dashboard System Information CPU bar at 100% when actually idle
FYI, I investigated further and found it was the Chrome Add-on AdBlock that was causing the CPU bar to remain on pend... Ketan Shah
12:40 PM Bug #4183 (Rejected): Dashboard System Information CPU bar at 100% when actually idle
that's not showing 100%, that's what it shows before it updates at all (that's showing "pending" essentially). Chris Buechler
12:38 PM Bug #4183: Dashboard System Information CPU bar at 100% when actually idle
That's not a "full red bar" - see the stripes there. Means the graph is still loading (takes 10 secs to settle). Kill Bill
12:27 PM Bug #4183 (Rejected): Dashboard System Information CPU bar at 100% when actually idle
The Dashboard - System Information shows CPU with full red bar - implying 100% CPU usage but numerical value under th... Ketan Shah
11:24 AM Revision 4ab1ffa0: Fix #4146:
OpenVPN create the tun/tap interface and, when set an IP address to
it, mark it as UP. In some scenarios, when TAP is... Renato Botelho
11:11 AM Revision d4e894f6: Fix #4146:
OpenVPN create the tun/tap interface and, when set an IP address to
it, mark it as UP. In some scenarios, when TAP is... Renato Botelho
08:55 AM Bug #4181 (Rejected): Two OpenVPN Server, Client Export only works only for one
Unlikely to be a problem in the export package. Please post in the forum for discussion until a bug is confirmed. Jim Pingle
08:52 AM Bug #4181 (Rejected): Two OpenVPN Server, Client Export only works only for one
When i have 2 OpenVPN Server on PFsense 2.2 and Client Export only shows the Export for the first Server.
DropDown "... Mike Anderl
07:50 AM Bug #4164: IPsec dashboard status wrong for connections with multiple P2s
I'm one of the people initially have this issue:
https://forum.pfsense.org/index.php?topic=86056.msg472022#msg472022... Eskild Skaar
05:52 AM Bug #4164 (Feedback): IPsec dashboard status wrong for connections with multiple P2s
I do not think is anymore an issue now that the connections with multiple phase2 on IKEv1 get split on their own conn... Ermal Luçi
07:47 AM Feature #3633: OpenVPN client's "Client Certificate" should be optional
Hi, Is anyone going to pull this into master for 2.2?
Thanks Marcus Brown
06:53 AM Revision be2d7eb7: Log PHP errors. Ticket #4143
Chris Buechler
06:47 AM Revision 19c8976b: Log PHP errors. Ticket #4143
Chris Buechler
12:53 AM Bug #4143 (Resolved): After firmware upgrade it keeps saying "Packages are currently being reinstalled in the background." for no apparent reason.
the original had a couple issues that I noted as comments in the comment, and Renato added one there as well. I imple... Chris Buechler
12:33 AM Bug #4163 (Resolved): upgraded configs missing <iketype>
works Chris Buechler
12:30 AM Todo #4073 (Resolved): Validate bogon update failure handling
what we now have is a good balance between not DDoSing ourselves and not giving up too easily. Chris Buechler
12:21 AM Bug #3910 (Resolved): Cannot set advskew back to 0
works Chris Buechler
12:05 AM Feature #4179: Driver oce is missing from 2.2 RC
this kind of thing seems simple enough, but adding a device can have fallout. For 2.2, you can copy over the ko and k... Chris Buechler
12:04 AM Bug #4069 (Confirmed): cookie_test causes false positives in vulnerability scanners
this exhibits the behavior I was seeing in a fix I attempted, then got sidetracked on other things after not quickly ... Chris Buechler

01/06/2015

09:54 PM Revision 9b182b08: Enforce subnet check here to avoid any issues resulting from function call.
Ermal Luçi
09:54 PM Revision 00b56e04: Enforce subnet check here to avoid any issues resulting from function call.
Ermal Luçi
08:55 PM Revision c8d87d2a: Remove useless check, CARP does not depend of interface having another IP set before
Renato Botelho
08:54 PM Revision b5686214: Remove useless check, CARP does not depend of interface having another IP set before
Renato Botelho
07:18 PM Bug #4174: multi-WAN IPsec uses wrong interface at times
the specific issue is the "pass out" isn't getting routed out via the correct interface. As responder it's fine, as i... Chris Buechler
07:07 PM Bug #4174: multi-WAN IPsec uses wrong interface at times
test setup details on the IPsec test list wiki page Chris Buechler
05:17 PM Revision 3ffea319: Remove some extra spaces
Renato Botelho
05:17 PM Revision d9db4862: Fix typo on variable name
Renato Botelho
05:17 PM Revision 374b2f21: Tighten and IPv6-ify gen_subnet() etc
Tightens, canonicalises and improves for IPv6, the functions
gen_subnet(), gen_subnetv6(), gen_subnet_max(), gen_subn... Stilez y
05:16 PM Revision 3bad4691: Remove some extra spaces
Renato Botelho
05:15 PM Revision 3f499654: Fix typo on variable name
Renato Botelho
05:14 PM Revision e89d2995: Tighten and IPv6-ify gen_subnet() etc
Tightens, canonicalises and improves for IPv6, the functions
gen_subnet(), gen_subnetv6(), gen_subnet_max(), gen_subn... Stilez y
02:22 PM Revision 0bd024d0: OpenVPN backend authentication fix key and translation
The array returned by auth_get_authserver_list() has key as the fixed name of each available authentication mode - e.... Phil Davis
02:22 PM Revision 06cb724b: Merge pull request #1422 from phil-davis/patch-1
Renato Botelho
01:44 PM Revision d8540659: Revert "FreeBSD fails to set advskew back to 0 after you set it to any other"
A patch was added to allow set advskew back to 0
This reverts commit eea2ad5d61b2cbcf2957207fb0f13769c203cb36. Renato Botelho
01:44 PM Revision 57f58894: Revert "FreeBSD fails to set advskew back to 0 after you set it to any other"
A patch was added to allow set advskew back to 0
This reverts commit eea2ad5d61b2cbcf2957207fb0f13769c203cb36. Renato Botelho
12:01 PM Revision b785a40b: Add secure flag when necessary to cookie_test, as we do for session cookie, to avoid false positives in common vulnerabilities scanners. It fixes #4069
Renato Botelho
12:00 PM Revision 39c50234: Add secure flag when necessary to cookie_test, as we do for session cookie, to avoid false positives in common vulnerabilities scanners. It fixes #4069
Renato Botelho
11:18 AM Bug #4148 (Feedback): gen_subnet returns incorrect result for IPv6
Pull request has been merged. Renato Botelho
08:28 AM Bug #4148: gen_subnet returns incorrect result for IPv6
Chris Buechler wrote:
> stilez has an ICLA on file now so we can merge that. It looks fine to me, to Ermal for revie... Renato Botelho
09:43 AM Feature #4176: Add support for SMTP authentication mechanisms
I targeted it to 2.2.1, it'll be committed to RELENG_2_2 after 2.2 is released, and a gitsync will bring it to 2.2. I... Renato Botelho
08:42 AM Feature #4176: Add support for SMTP authentication mechanisms
Hi,
Not a huge issue, just trying to understand - so this won't be included in the near future? Only asking becaus... Russell Morris
08:34 AM Feature #4176: Add support for SMTP authentication mechanisms
Provide a better description and move it to future since we are in RC Renato Botelho
08:29 AM Bug #4180 (Feedback): OpenVPN Backend for authentication field does not process in other languages
Merged, thanks! Renato Botelho
07:48 AM Bug #3910 (Feedback): Cannot set advskew back to 0
Should be ok on next snapshots Renato Botelho
06:10 AM Bug #4069: cookie_test causes false positives in vulnerability scanners
Applied in changeset commit:b785a40bac3b2aeee993fd3302eff7e781654586. Renato Botelho
06:10 AM Bug #4069 (Feedback): cookie_test causes false positives in vulnerability scanners
Applied in changeset commit:39c502347d5a87a2376f74b912c1281ba79131ee. Renato Botelho
01:42 AM Revision 91454850: OpenVPN backend authentication fix key and translation
The array returned by auth_get_authserver_list() has key as the fixed name of each available authentication mode - e.... Phil Davis

01/05/2015

08:07 PM Bug #4174: multi-WAN IPsec uses wrong interface at times
I'm testing on a production system where I've been looking into a separate IPsec issue as well. Now setting up a test... Chris Buechler
07:41 PM Bug #4180: OpenVPN Backend for authentication field does not process in other languages
Proposed fix: https://github.com/pfsense/pfsense/pull/1422 Phillip Davis
07:40 PM Bug #4180 (Resolved): OpenVPN Backend for authentication field does not process in other languages
Forum: https://forum.pfsense.org/index.php?topic=86326.0
The code is using the text of the translated name to try an... Phillip Davis
06:57 PM Revision 055bd1ee: Allow IPv6 on loopback needs quick
The following block uses "quick" which causes that block to come into effect before the "pass in" here. The pass rule... Phil Davis
06:57 PM Revision 386788e2: Merge pull request #1419 from phil-davis/patch-2
Chris Buechler
06:56 PM Revision 91a84a26: Limit unbound so-rcvbuf: 8m
Issue reported here: https://forum.pfsense.org/index.php?topic=78356.msg472781#msg472781
Most unbound doc places ment... Phil Davis
06:56 PM Revision 6d8dadb5: Merge pull request #1420 from phil-davis/patch-3
Chris Buechler
05:44 PM Revision cfb5073f: Fix #4090:
- Unbound advanced options may contain double quotes and it breaks the
syntax when a backup is restored because newli... Renato Botelho
05:41 PM Revision 0a23cddc: Fix #4090:
- Unbound advanced options may contain double quotes and it breaks the
syntax when a backup is restored because newli... Renato Botelho
02:58 PM Revision 24149c31: It's supposed to remove windows EOL here, not ;
Renato Botelho
02:58 PM Revision 7f5c2669: Make it possible to backup/restore 'DNS Resolver' section individually
Renato Botelho
02:57 PM Revision fbf3d06e: It's supposed to remove windows EOL here, not ;
Renato Botelho
02:57 PM Revision fb130335: Make it possible to backup/restore 'DNS Resolver' section individually
Renato Botelho
02:15 PM Feature #4179 (Closed): Driver oce is missing from 2.2 RC
The driver oce (oce.ko) to support Emulex 10 GE NICs is missing from pfSense 2.2 RC but available and working in Free... Christoph Erdle
02:10 PM Bug #4178 (Resolved): IPsec leftsubnet changed to 0.0.0.0 with Cisco unity plugin active
Under some circumstance we haven't exactly narrowed down yet, having the Cisco unity plugin enabled in strongswan cau... Chris Buechler
01:17 PM Revision 62403377: Do not monitor a gateway that has not got DHCP yet
When an interface is waiting to get DHCP, but the cable is physically-electrically connected to the upstream device, ... Phil Davis
01:16 PM Revision fd9b1512: Merge pull request #1414 from phil-davis/patch-1
Renato Botelho
11:50 AM Bug #4090: unbound advanced settings cause broken unbound.conf file
Applied in changeset commit:cfb5073f83fa80e5b40476b12ea91ff5114c60fc. Renato Botelho
11:50 AM Bug #4090 (Feedback): unbound advanced settings cause broken unbound.conf file
Applied in changeset commit:0a23cddced057d929c53f3ad1e5d6898a3fada50. Renato Botelho
09:57 AM Bug #4090 (Confirmed): unbound advanced settings cause broken unbound.conf file
Confirmed. Steps to reproduce on 2.2:
* Configure DNS Resolver Advanced Options with the following content... Renato Botelho
08:06 AM Bug #4090: unbound advanced settings cause broken unbound.conf file
Jim P wrote:
> Any chance we could get the exact config.xml section that exhibited the problem?
Attached is the f... Vick Khera
10:26 AM Bug #4175 (Rejected): kernel panic when loading run driver for RT3070
please replicate on stock FreeBSD 10.1 and report upstream Chris Buechler
09:20 AM Feature #4176: Add support for SMTP authentication mechanisms
Confirmed that pull request 1421 code is working for the user in forum: https://forum.pfsense.org/index.php?topic=862... Phillip Davis
08:36 AM Bug #4177: Bug in OpenVPN user/pass auth
For instance if the password ends with a + Anonymous
08:34 AM Bug #4177: Bug in OpenVPN user/pass auth
I think Ermal was fixing some of that. Give an example of final char/s that still do not work on latest snapshots - t... Phillip Davis
07:18 AM Bug #4177 (Resolved): Bug in OpenVPN user/pass auth
As stated in https://forum.pfsense.org/index.php?topic=85311
OpenVPN user/pass auth fails if passwords end on spec... Anonymous
07:59 AM Bug #3910 (Assigned): Cannot set advskew back to 0
After the fix is pushed, revert commit:eea2ad5d Renato Botelho
07:58 AM Bug #4116 (Resolved): IP Alias VIPs using CARP VIP as their interface are not properly deactivated for temporary CARP disable
The bug described in this ticket is resolved. The maintenance mode issue will be fixed when #3910 fix is pushed and c... Renato Botelho
07:14 AM Bug #4094 (Feedback): Gateway Status can report Online when gateway is waiting for DHCP
Pull request merged Renato Botelho
02:37 AM pfSense Packages Feature #3685: haproxy listener ip from alias
Hi,
I had added before this feature to the my own haproxy.
Thanks for the feature. Atıf CEYLAN

01/04/2015

08:30 PM Bug #4172 (Resolved): Diag Test Port does not allow blank source port
works, thanks Chris Buechler
08:28 PM Bug #3558 (Resolved): Schedule States in System - Advanced - Misc not working
the original issue here is fixed, and this looks to work fine in general.
Richard: if you can re-test with 2.2 an... Chris Buechler
06:36 PM Bug #4174: multi-WAN IPsec uses wrong interface at times
Do you have a test case setup?
When you do, let's assign this to Ermal. Jim Thompson
06:32 PM Feature #4176: Add support for SMTP authentication mechanisms
I'm not sure how to test this. (I don't want an Office365 Mail account.) Jim Thompson
10:34 AM Feature #4176: Add support for SMTP authentication mechanisms
Proposed implementation of this: https://github.com/pfsense/pfsense/pull/1421
It works for me on a mail server that ... Phillip Davis
07:24 AM Feature #4176 (Resolved): Add support for SMTP authentication mechanisms
This may apply to more than Office365 mail, but it does impact this mail system for sure. Details (and the fix) are a... Russell Morris
04:37 PM Revision 305856e8: Support for Office365 Mail
https://redmine.pfsense.org/issues/4176
Allow the user to choose SMTP authentication mechanism PLAIN or LOGIN.
For ex... Phil Davis
04:33 PM Revision c4249322: Support choice of SMTP Authentication Mechanisms
https://redmine.pfsense.org/issues/4176
I have left some documentation here of other mechanisms that someone might ca... Phil Davis
03:19 PM Revision 4708c6f0: Limit unbound so-rcvbuf: 8m
Issue reported here: https://forum.pfsense.org/index.php?topic=78356.msg472781#msg472781
Most unbound doc places ment... Phil Davis
02:32 PM Revision c876b212: Allow IPv6 on loopback needs quick
The following block uses "quick" which causes that block to come into effect before the "pass in" here. The pass rule... Phil Davis
01:59 PM Revision f79f9497: completed confbak and backup/restore
Sjon Hortensius
12:27 PM pfSense Packages Feature #3685: haproxy listener ip from alias
I've included some ability to use aliases, and add multiple ip's in 1 frontend. Does this satisfy your needs? Pi Ba
12:23 PM pfSense Packages Feature #3583: haproxy-devel: individual backend for each acl
Using the 'shared frontends' its possible to define acl's for different backends, this should allow for 'most' common... Pi Ba
11:57 AM Revision 7d5b007c: initial drag/drop WIP, working on backup/restore page
Sjon Hortensius
08:29 AM Bug #4074: Status NTP does not display any result if IPv6 Allow is off
Well noted Andy, the pass was not having effect. It needs "quick" on that pass rule.
Pull request: https://github.co... Phillip Davis
07:45 AM Bug #4018: several packages not looking in pbi dir for files
And some updates for apcupsd (hope this info helps!).
Thanks!
 Russell Morris
07:27 AM Bug #4018: several packages not looking in pbi dir for files
Hi,
Hopefully this is helpful info, but here is another package that still need a minor / slight correction (detai... Russell Morris

01/03/2015

10:37 PM Bug #4175 (Rejected): kernel panic when loading run driver for RT3070
I get a kernel panic whenever trying to load the run wireless driver on the 2.2-RC i386 snapshots:
<118>Configurin... William Eshagh
10:28 PM Bug #4074: Status NTP does not display any result if IPv6 Allow is off
I'm still seeing IPv6 lo traffic blocked in the Fri Jan 02 14:50:21 CST 2015 2.2-RC build. Screenshot attached and ex... Andy Sayler
05:33 AM Feature #4133: Add GUI setting for VLANs PCP
I just realized that the blob in the git diff regarding configuration compatibility has a few missing brackets. I gue... Clement Barnier

01/02/2015

05:36 PM Bug #4174 (Resolved): multi-WAN IPsec uses wrong interface at times
Still quantifying exactly what's happening here, it's hit and miss. Some ISAKMP and/or ESP traffic ends up following ... Chris Buechler
03:20 PM Todo #4173 (Resolved): Web site cleanup - deprecated 512 MB images
In the pfsense IRC channel last night, someone was having problems with the 512 MB images in
http://updates.pfsens... Criggie .
03:07 PM Revision 5a158a29: Fix track6 prefix id range check, reported by jimp
Renato Botelho
03:07 PM Revision eef5aeeb: Fix track6 prefix id range check, reported by jimp
Renato Botelho
11:25 AM Revision 8c46314c: Allow blank source port in diag_testport
Reported by forum https://forum.pfsense.org/index.php?topic=86146.0
Also, if there are input validation errors, save ... Phil Davis
11:24 AM Revision 9fd02f60: Merge pull request #1418 from phil-davis/patch-2
Renato Botelho
10:49 AM Revision a3c9510c: Allow blank source port in diag_testport
Reported by forum https://forum.pfsense.org/index.php?topic=86146.0
Also, if there are input validation errors, save ... Phil Davis
09:44 AM Bug #3790 (Feedback): Input validation is too strict for IPv6 Prefix ID for Track Interface
Should be fixed by commit:5a158a29698405a1d3ee759dcbf9a95f9150e12e Renato Botelho
08:52 AM Bug #3790 (Confirmed): Input validation is too strict for IPv6 Prefix ID for Track Interface
Seems to break when WAN is set to a /64 delegation. Saving LAN with an ID of 0 is rejected, though it is valid. Jim Pingle
08:50 AM pfSense Packages Bug #3729 (Feedback): Bacula-client Services not running
Applied in changeset commit:22c884d104498547356e6144b6a0c22300085b22. Renato Botelho
08:06 AM pfSense Packages Bug #3729: Bacula-client Services not running
Can confirm this still exists in 2.1.5. Anonymous
05:45 AM Bug #4172 (Feedback): Diag Test Port does not allow blank source port
Merged Renato Botelho
05:04 AM Bug #4172: Diag Test Port does not allow blank source port
Proposed fix https://github.com/pfsense/pfsense/pull/1418 Phillip Davis
05:03 AM Bug #4172 (Resolved): Diag Test Port does not allow blank source port
Leaving the source port blank results in a warning that the source port should either be valid or left blank.
Report... Phillip Davis
05:14 AM Bug #4159 (Resolved): 2.2 amd64 nsupdate broken
[2.2-RC][root@pfs22amd64.home]/root: ldd /usr/local/bin/nsupdate
/usr/local/bin/nsupdate:
libreadline.so.6 => /usr... Renato Botelho
04:07 AM pfSense Packages Bug #4078 (Resolved): NUT fails to start with USB
Renato Botelho
01:53 AM Bug #3886: (TurkishLanguage) After the firewall rule for example (lan rule) does not come "Apply Button"
https://forum.pfsense.org/index.php?topic=78795.0 miraç öztürk
12:21 AM Bug #4095: Unbound config not regenrated on WAN-style interface acquiring IP address
fixed Bipin Chandra

01/01/2015

09:15 PM pfSense Packages Bug #4078: NUT fails to start with USB
This issue can be closed. It is addressed by 4118. Denny Page
05:42 PM Bug #1974: Captive Portal RADIUS accounting bytes wrong
should be accurate on 2.2, I don't recall for sure on 2.1.5. Chris Buechler
05:06 AM Bug #1974: Captive Portal RADIUS accounting bytes wrong
This problem seems to still exist on 2.1.5-RELEASE (amd64). The radius accounting logs say the amount of data used ov... Mikael K
05:39 PM Bug #4169 (Resolved): IPsec NAT address to address using nat instead of binat
fixed Chris Buechler
05:39 PM Bug #4170 (Rejected): Gateway monitoring ip set results in all traffic going to that ip from that gateway
that's how things have to work. Traffic from clients in those circumstances should be hitting rules specifying gatewa... Chris Buechler
12:16 AM Bug #4170: Gateway monitoring ip set results in all traffic going to that ip from that gateway
discussed here
https://forum.pfsense.org/index.php?topic=85059.0 Bipin Chandra
12:15 AM Bug #4170 (Rejected): Gateway monitoring ip set results in all traffic going to that ip from that gateway
when u set a gateway monitoring IP, it results in all traffic going out of that gateway only, it would be better if o... Bipin Chandra
03:19 PM Feature #4171 (Resolved): Allow for one rule to apply to both ipv6 and ipv4 to allow all protocols.
Spawned from a question posted to twitter by me:... Jorge Schrauwen
12:13 PM Revision 6317d31d: Fix lineup of copyright lines
and module names and other bits of formatting and typos in header
comment sections. Phil Davis
12:13 PM Revision d4b2cd35: Remove duplicate copyright
Noticed these had the copyright twice Phil Davis
12:12 PM Revision 0e25a6b9: Merge pull request #1416 from phil-davis/Copyright-format
Renato Botelho
12:12 PM Revision 183c08d1: Merge pull request #1415 from phil-davis/copyright-dup
Renato Botelho
09:26 AM Revision ce77a9c4: Fix lineup of copyright lines
and module names and other bits of formatting and typos in header
comment sections. Phil Davis
07:15 AM Bug #4143: After firmware upgrade it keeps saying "Packages are currently being reinstalled in the background." for no apparent reason.
FYI, i did send a new pull request https://github.com/pfsense/pfsense/pull/1403 as the other one was closed. Pi Ba
03:10 AM Revision 7f696ba0: Remove duplicate copyright
Noticed these had the copyright twice Phil Davis

12/31/2014

10:18 PM Revision 1d709219: Use binat, not nat, where IPsec NAT is configured with an address for local and NAT. Ticket #4169
Chris Buechler
10:17 PM Revision d6726bcb: Use binat, not nat, where IPsec NAT is configured with an address for local and NAT. Ticket #4169
Chris Buechler
06:22 PM Revision d961e7e3: Welcome 2015
Renato Botelho
06:22 PM Revision ed2d1343: Welcome 2015
Renato Botelho
05:24 PM Revision 2d793d01: Do not monitor a gateway that has not got DHCP yet
When an interface is waiting to get DHCP, but the cable is physically-electrically connected to the upstream device, ... Phil Davis
04:20 PM Bug #4169 (Feedback): IPsec NAT address to address using nat instead of binat
looks to be fixed, leaving for further testing Chris Buechler
03:58 PM Bug #4169 (Resolved): IPsec NAT address to address using nat instead of binat
Where the NAT on a P2 is from an address to an address, the NAT rule is wrongly added as "nat" rather than "binat".
... Chris Buechler
04:14 PM Bug #4095 (Resolved): Unbound config not regenrated on WAN-style interface acquiring IP address
thanks Phil. Yeah v6 goes through the same thing, it worked fine as well. Chris Buechler
12:58 AM Bug #4095: Unbound config not regenrated on WAN-style interface acquiring IP address
Note: I have only tested with IPv4. But I presume the same problem, test case and resolution should work for IPv6 in ... Phillip Davis
12:57 AM Bug #4095: Unbound config not regenrated on WAN-style interface acquiring IP address
Tested by:
Test system with WAN connected to a local LAN through a switch, switch uplinked to a production pfSense t... Phillip Davis
02:54 PM Revision 16a0f334: Add config upgrade code to make sure iketype is set, bump config version to 11.4. It fixes #4163
Renato Botelho
02:54 PM Revision 368d4910: Add config upgrade code to make sure iketype is set, bump config version to 11.4. It fixes #4163
Renato Botelho
02:27 PM Revision c95bb533: libreadline.so.6 is not supposed to be obsoleted, fixes #4159
Renato Botelho
02:26 PM Revision 7cb2ebe7: libreadline.so.6 is not supposed to be obsoleted, fixes #4159
Renato Botelho
11:31 AM Bug #3932: Captive portal with greater than 9000 permanent MAC addresses causes timeout in loading CP
Target version set back to 2.2.
The issue is that it's slow.
I made an assignment yesterday. I'm restoring it ... Jim Thompson
02:12 AM Bug #3932: Captive portal with greater than 9000 permanent MAC addresses causes timeout in loading CP
2.2 doesn't run out of memory doing this, so the problem as it existed in earlier versions is gone (probably with the... Chris Buechler
11:23 AM Bug #4094: Gateway Status can report Online when gateway is waiting for DHCP
Got annoyed about my DynDNS status attached to a gateway group showing the IP address in red, and realised it was a d... Phillip Davis
09:09 AM pfSense Packages Bug #4168: bandwithd result pages are public accessible
Well, in that case you should at least put a big fat warning on the docs. I am new to pfSense and when I add a module... Oliver Welter
07:49 AM pfSense Packages Bug #4168 (Rejected): bandwithd result pages are public accessible
That is a known issue with all add-on packages which include their own web interfaces. Unless they have their own pro... Jim Pingle
05:28 AM pfSense Packages Bug #4168 (Rejected): bandwithd result pages are public accessible
The result pages produced by bandwithd can be accessed without a login when knowing the url (which does not contain a... Oliver Welter
09:00 AM Bug #4163: upgraded configs missing <iketype>
Applied in changeset commit:16a0f33446b3fffc6783803fad56f3b71eceb78c. Renato Botelho
09:00 AM Bug #4163 (Feedback): upgraded configs missing <iketype>
Applied in changeset commit:368d491073eecbb3ff89e016c4308ca5bad86860. Renato Botelho
08:30 AM Bug #4159: 2.2 amd64 nsupdate broken
Applied in changeset commit:c95bb5333cc5dfdc23fc1999ba9ac4935190eea5. Renato Botelho
08:30 AM Bug #4159 (Feedback): 2.2 amd64 nsupdate broken
Applied in changeset commit:7cb2ebe7550ca328661ec12f380d4dc43b71dd30. Renato Botelho
08:02 AM Revision 3cf56fb0: Allow IPv6 on loopback even where IPv6 is otherwise disabled. The intent of that feature is to prevent IPv6 from communicating on the network. Blocking it on localhost can result in issues and is unnecessary. Ticket #4074
Chris Buechler
08:00 AM Revision 4270d983: Allow IPv6 on loopback even where IPv6 is otherwise disabled. The intent of that feature is to prevent IPv6 from communicating on the network. Blocking it on localhost can result in issues and is unnecessary. Ticket #4074
Chris Buechler
05:14 AM Revision 36dbc3ae: Reload Unbound after IP changes, to fix issues noted in Ticket #4095. Do so before Dynamic DNS updates occur to ensure the host has functioning DNS.
Chris Buechler
05:10 AM Revision 1c84a5f1: Reload Unbound after IP changes, to fix issues noted in Ticket #4095. Do so before Dynamic DNS updates occur to ensure the host has functioning DNS.
Chris Buechler
03:53 AM Bug #2882: 6RD not working in latest snapshots
I've been trying to get this working for a week now with no success. I have the latest (as of tonight) snapshot inst... Jarom Hatch
03:29 AM pfSense Packages Bug #4167 (Resolved): Lightsquid package does not remove crontab entries
When removing the Lightsquid package, it did not remove the crontab entries, removing the package should not do this?... Wendell Borges
02:43 AM Revision 1142d9a0: IPsec Widget allow for old settings that have no iketype
as mentioned in https://forum.pfsense.org/index.php?topic=84527.msg471919#msg471919
This change makes it work like si... Phil Davis
02:42 AM Revision 7b43825e: Merge pull request #1412 from phil-davis/patch-2
Chris Buechler
02:41 AM Bug #4146: OpenVPN tap interfaces are down after boot
there is a test case for this on 22vpntest. The tap interfaces are missing "UP" in flags. ... Chris Buechler
02:40 AM Revision 6e26b9c5: Allow for old settings that have no iketype
This bit of code looks like it could do with the same test as https://github.com/pfsense/pfsense/pull/1412
This is ex... Phil Davis
02:40 AM Revision 55dec416: Merge pull request #1413 from phil-davis/patch-3
Chris Buechler
02:34 AM Bug #3790: Input validation is too strict for IPv6 Prefix ID for Track Interface
to me for review Chris Buechler
02:12 AM Revision c8c4520a: Only set route-to and reply-to on ESP and ISAKMP rules if the remote endpoint is not within the parent interface's subnet. Ticket #4157
Chris Buechler
02:11 AM Revision a7f2eea8: Only set route-to and reply-to on ESP and ISAKMP rules if the remote endpoint is not within the parent interface's subnet. Ticket #4157
Chris Buechler
02:00 AM Bug #3996: Solarflare NIC panic with LACP
not something we'll be able to get fixed in 2.2. needs testing and reporting upstream, not something I can make a pri... Chris Buechler
01:58 AM Bug #4074 (Resolved): Status NTP does not display any result if IPv6 Allow is off
As a general fix for the issue of blocking v6 to loopback, I went ahead and committed a change to pass v6 on loopback... Chris Buechler
01:43 AM Bug #4155 (Feedback): ntpd crashes on 32 bit with dynamic WAN reconnections and OpenVPN client configured
This seems to be limited impact. 32 bit is minority, and it's an unusual circumstance. I can't seem to replicate it e... Chris Buechler
01:26 AM Bug #4070 (Resolved): Vulnerability SSL Weak Ciphers
SSLv3 was disabled already in 2.2, I disabled the RC4 options a bit later in 2.2. Chris Buechler
01:04 AM Bug #4157 (Resolved): IPsec route-to/reply-to "pass out" rules mis-route ISAKMP and ESP traffic with remote on same subnet
confirmed on a handful more systems with a variety of configs, a good mix of ones that need the route-to/reply-to and... Chris Buechler
12:53 AM Bug #4166 (Resolved): filterdns generates floods of DNS requests when there are significant jumps in system time
When you have FQDNs in aliases, and the system clock jumps significantly (talking years), it creates a flood of DNS r... Chris Buechler
12:24 AM Feature #4165 (Rejected): Allow for security zones when defining interfaces and firewall rules.
I have experience using CheckPoint and PaloAlto appliances with "zone" features. This allows you to group networks\in... Ryan H

12/30/2014

11:22 PM Revision 430f8380: Check for fqdn peerid/myids and prepend @ so strongswan does not try to be smart. Also use %any for myid instead of risking of putting the wrong value in the secrets file for traffic selector
Ermal LUÇI
11:21 PM Revision f3106b3f: Check for fqdn peerid/myids and prepend @ so strongswan does not try to be smart. Also use %any for myid instead of risking of putting the wrong value in the secrets file for traffic selector
Ermal Luçi
11:18 PM Revision 69f7d82f: Oops this should be 0s rather than 00. Linked with Ticket #4158
Ermal LUÇI
11:17 PM Revision 1e7d2482: Oops this should be 0s rather than 00. Linked with Ticket #4158
Ermal LUÇI
11:14 PM Revision 68f0da59: ipsec_smp_dump_status get out of loop if error
when reading response from socket.
Otherwise it would be in a loop and end up like: https://forum.pfsense.org/index.p... Phil Davis
11:12 PM Revision 25bc37f7: Merge pull request #1411 from phil-davis/patch-1
Ermal LUÇI
11:09 PM Bug #4095 (Feedback): Unbound config not regenrated on WAN-style interface acquiring IP address
I just committed what should be a solution for this. Phil and Bipin if you could please verify on 31st snapshot (or g... Chris Buechler
10:52 PM Revision 83650c94: Unbreak IPsec rules generation for IPsec over CARP. Should help even Ticket #4157
Ermal Luçi
10:52 PM Revision 46a99aec: Unbreak IPsec rules generation for IPsec over CARP. Should help even Ticket #4157
Ermal Luçi
10:34 PM Revision 13403bd1: Check for fqdn peerid/myids and prepend @ so strongswan does not try to be smart. Also use %any for myid instead of risking of putting the wrong value in the secrets file for traffic selector
Ermal Luçi
10:28 PM Revision 7f69cbe7: Use base64 encoded secrets which Fixes #4158
Ermal Luçi
09:45 PM Revision c86c2b8b: Use base64 encoded secrets which Fixes #4158
Ermal Luçi
09:12 PM Revision 3b2c83b8: initial commit of new firewall_rules
css - add styling for tr.disabled
firewall_rules - migrated to bootstrap
guiconfig - changed alias-popup to be displa... Sjon Hortensius
08:22 PM Bug #4147 (Confirmed): IPsec - IPv4 Phase 1 using FQDN resolves to IPv6 IP
yeah seeing that now, the proper v4 IP is put into the config for ID, but the "right" ipsec.conf entry has the hostna... Chris Buechler
02:38 AM Bug #4147: IPsec - IPv4 Phase 1 using FQDN resolves to IPv6 IP
Did not even look at the configs... Go to Phase 1 - put a dual-stack FQDN there. Go to Status - IPsec, select the ent... Kill Bill
12:44 AM Bug #4147 (Feedback): IPsec - IPv4 Phase 1 using FQDN resolves to IPv6 IP
where? Not seeing that. I have the same circumstance setup and everything in /var/etc/ipsec/ has the v4 IP, everythin... Chris Buechler
08:06 PM Bug #4157 (Feedback): IPsec route-to/reply-to "pass out" rules mis-route ISAKMP and ESP traffic with remote on same subnet
should be fixed, leaving for further verification Chris Buechler
07:28 PM Bug #4148: gen_subnet returns incorrect result for IPv6
stilez has an ICLA on file now so we can merge that. It looks fine to me, to Ermal for review. Chris Buechler
07:04 PM Bug #4129 (Resolved): IPsec connections with multiple P2s use only first SA
this works. the only issue introduced by this that I've found is the status widget issue in #4164 Chris Buechler
07:02 PM Bug #4158 (Resolved): IPsec PSK containing " breaks
fixed Chris Buechler
04:30 PM Bug #4158: IPsec PSK containing " breaks
Applied in changeset commit:7f69cbe7d442650671fe29a2d4804fbd77bc9855. Ermal Luçi
03:50 PM Bug #4158 (Feedback): IPsec PSK containing " breaks
Applied in changeset commit:c86c2b8b7d7e3eedbc68d3ed67ed5a7e88052086. Ermal Luçi
06:50 PM Bug #4164 (Resolved): IPsec dashboard status wrong for connections with multiple P2s
"ipsec statusall" reports connections with multiple P2s as being a single connection, which breaks the active/inactiv... Chris Buechler
06:43 PM Bug #4163 (Resolved): upgraded configs missing <iketype>
Upgraded configs don't have <iketype> added, which leaves some things non-functional until editing and saving the P1s... Chris Buechler
05:39 PM Revision 43531ed7: Allow for old settings that have no iketype
This bit of code looks like it could do with the same test as https://github.com/pfsense/pfsense/pull/1412
This is ex... Phil Davis
05:34 PM Revision d2cc92ec: Merge branch 'master' into bootstrap
Sjon Hortensius
04:35 PM Revision 86b429b3: IPsec Widget allow for old settings that have no iketype
as mentioned in https://forum.pfsense.org/index.php?topic=84527.msg471919#msg471919
This change makes it work like si... Phil Davis
03:58 PM Revision d50b4c30: implemented tabs
interfaces.widget - no need to display associated state, the second icon
does that already
gui.css - no longe... Sjon Hortensius
02:55 PM Bug #4161 (Resolved): Misspelling in privilege "WebCfg - Services - Captiveprotal Zones page"
thanks, fixed Chris Buechler
07:09 AM Bug #4161 (Feedback): Misspelling in privilege "WebCfg - Services - Captiveprotal Zones page"
Merged Renato Botelho
05:31 AM Bug #4161: Misspelling in privilege "WebCfg - Services - Captiveprotal Zones page"
Fixed that spelling and other inconsistencies I noticed in the priv list test.
https://github.com/pfsense/pfsense/pu... Phillip Davis
02:38 AM Bug #4161 (Resolved): Misspelling in privilege "WebCfg - Services - Captiveprotal Zones page"
Hello,
I am running pfSense 2.1.5-RELEASE (i386) .
ISSUE:
- The privilege "WebCfg - Services - Captiveprotal Z... James Simas
12:55 PM Revision 6617b9bf: ipsec_smp_dump_status get out of loop if error
when reading response from socket.
Otherwise it would be in a loop and end up like: https://forum.pfsense.org/index.p... Phil Davis
11:47 AM Revision 13c6375b: Captive portal spelling
Phil Davis
11:47 AM Revision ef0d25b3: Standardise text in priv list
Phil Davis
11:47 AM Revision 565dcf3c: Merge pull request #1410 from phil-davis/patch-1
Renato Botelho
11:35 AM Revision e0273f44: Captive portal spelling
Phil Davis
11:32 AM Revision 9006a538: Standardise text in priv list
Phil Davis
08:45 AM Bug #4150: Captive Portal doesn't work with > 120 VLAN interfaces
ICLA submitted. Thanks guys! Making me love pfsense more and more each day Ethan Hayon
01:43 AM Bug #4150: Captive Portal doesn't work with > 120 VLAN interfaces
thanks, let's not break anything worse than it already is there, will push to 2.2.1 Chris Buechler
01:14 AM Bug #4150: Captive Portal doesn't work with > 120 VLAN interfaces
Updated the pull request, though its not correct as implemented even as a workaround. Ermal Luçi
12:50 AM Bug #4150 (Confirmed): Captive Portal doesn't work with > 120 VLAN interfaces
Thanks!
Ethan: we'll need an ICLA from you to accept that.
To Ermal for review of pull request. Chris Buechler
01:36 AM Bug #4139 (Resolved): IPsec status widget broken
spent a lot of time confirming a variety of scenarios here. this as a whole is definitely working fine, in a wide ran... Chris Buechler
12:47 AM Bug #4090: unbound advanced settings cause broken unbound.conf file
that's legitimately wrong syntax Bipin, not related to this, see forum. Chris Buechler
12:00 AM Bug #4090: unbound advanced settings cause broken unbound.conf file
as soon as i enter the below line in advanced config box and hit save and apply, dns resolver stops working and wont ... Bipin Chandra
12:27 AM Bug #4064 (Resolved): improper handling of DNS servers by rtsold
fixed Chris Buechler
12:25 AM Bug #4155: ntpd crashes on 32 bit with dynamic WAN reconnections and OpenVPN client configured
doesn't seem to be every WAN reconnection, I can't replicate it at will. I only see one instance of it happening in m... Chris Buechler
12:15 AM Bug #4031: Notifications mail bomb in some gateway failure circumstances
this doesn't seem to be as bad as it used to be, will revisit. Chris Buechler
12:14 AM Bug #4105: rc.update_bogons.sh fetch failure should never sleep on FW upgrade
still not seeing any way that sleep can hold up anything. Do you have specific steps to replicate? Chris Buechler
12:11 AM Bug #4151 (Resolved): Main page for this section link in services_unbound_host_edit.php is linked to services_dnsmasq.php
fixed Chris Buechler
12:11 AM Bug #4152 (Resolved): Main page for this section link in services_unbound_domainoverride_edit.php is linked to services_dnsmasq.php
fixed Chris Buechler
12:10 AM Bug #4140 (Resolved): Password protect console menu setting not preserved on upgrade
confirmed, fixed Chris Buechler
12:09 AM pfSense Packages Bug #4160 (Resolved): First shutdown attempt of guest fails with open-vm-tools
The first attempt to send a guest shutdown results in: ... Chris Buechler

12/29/2014

11:35 PM Bug #4159 (Resolved): 2.2 amd64 nsupdate broken
... Chris Buechler
10:16 PM Bug #4140: Password protect console menu setting not preserved on upgrade
I just upgraded a test nanoBSD system with "Password protect the console menu" set. The setting was correctly impleme... Phillip Davis
07:14 PM Revision 1180e4f0: started migration to bootstrap
* migrated /index and most widgets on it
* migrated /system.php using new form-layout
* removed /themes and /javascri... Sjon Hortensius
06:35 PM Bug #4158 (Resolved): IPsec PSK containing " breaks
Since the switch to strongswan, any PSKs containing " do not work, it seems strongswan terminates the PSK right befor... Chris Buechler
06:09 PM Bug #4157 (Resolved): IPsec route-to/reply-to "pass out" rules mis-route ISAKMP and ESP traffic with remote on same subnet
Where your IPsec remote endpoint is on the same subnet as the local IP where it's bound, the "pass out" rules for ISA... Chris Buechler
04:16 PM Bug #4150: Captive Portal doesn't work with > 120 VLAN interfaces
Addressed here: https://github.com/pfsense/pfsense/pull/1409 Ethan Hayon
02:13 PM Bug #4150: Captive Portal doesn't work with > 120 VLAN interfaces
Ok, I did a little digging and I found out what's happening. IPFW isn't inserting all of the necessary CP rules becau... Ethan Hayon
08:36 AM Bug #4150: Captive Portal doesn't work with > 120 VLAN interfaces
Thanks guys. So it looks like the exact number is 117 VLANS, but when I add any more, the captive portal starts letti... Ethan Hayon
03:28 PM Bug #4090: unbound advanced settings cause broken unbound.conf file
Any chance we could get the exact config.xml section that exhibited the problem? Jim Pingle
09:38 AM Bug #4090: unbound advanced settings cause broken unbound.conf file
This was a 2.1.3 install into a VM, upgrade to 2.1.5, then upgraded to 2.2-RC (and again to the 12/24 snapshot). Ther... Vick Khera
02:48 PM Revision 55f910a3: Simplify cron array comparison
This works fine - I had not thought about how arrays are compared. Using "==" checks that the key/value pairs match i... Phil Davis
02:48 PM Revision 71bd5ec1: Minimise config updates when checking cron jobs
Phil Davis
02:47 PM Revision 16d2c13a: Merge pull request #1407 from phil-davis/patch-1
Renato Botelho
02:31 PM Revision aff83787: Simplify cron array comparison
This works fine - I had not thought about how arrays are compared. Using "==" checks that the key/value pairs match i... Phil Davis
01:40 PM Revision 91145658: Backout pull request #1391
https://forum.pfsense.org/index.php?topic=85944.0
Backout pull request #13191 Colin Fleming
01:40 PM Revision d9feefb1: Merge pull request #1408 from ExolonDX/master
Renato Botelho
11:59 AM Bug #4155: ntpd crashes on 32 bit with dynamic WAN reconnections and OpenVPN client configured
OpenNTPD had its own share of crashes and other bad behavior (See #2423 for one major example). The only thing it han... Jim Pingle
10:56 AM Bug #4155: ntpd crashes on 32 bit with dynamic WAN reconnections and OpenVPN client configured
Chris Buechler wrote:
> Why people think it's better I don't know
Probably because it does not try to bind to unw... Kill Bill
10:21 AM Bug #4155: ntpd crashes on 32 bit with dynamic WAN reconnections and OpenVPN client configured
openntpd is a buggy mess, we've been there, done that, and got rid of it for many reasons. Why people think it's bett... Chris Buechler
11:51 AM Revision 40930f75: Backout pull request #1391
https://forum.pfsense.org/index.php?topic=85944.0
Backout pull request #13191 Colin Fleming
07:51 AM Bug #4151 (Feedback): Main page for this section link in services_unbound_host_edit.php is linked to services_dnsmasq.php
Pull request has been merged Renato Botelho
07:50 AM Bug #4152 (Feedback): Main page for this section link in services_unbound_domainoverride_edit.php is linked to services_dnsmasq.php
Pull request has been merged Renato Botelho
06:53 AM Revision 994a0644: Minimise config updates when checking cron jobs
Phil Davis
06:20 AM Bug #4156 (Rejected): Raid Gmirror not failing graceully
That is likely a hardware-related lockup for which the OS can do nothing better. A true RAID adapter may handle that ... Jim Pingle
02:35 AM Bug #4156: Raid Gmirror not failing graceully
What pfSense version? 2.1.5? 2.2-RC? Phillip Davis
12:52 AM Bug #4156 (Rejected): Raid Gmirror not failing graceully
1 Hard drive fails
System locks up (console unable to input on keyboard, no network traffic can't ping access web ... Walt McDonald

12/28/2014

06:45 PM Revision 8f6875de: Fix unbound shortcut links
Fixes redmine #4151
1) Make the naming in shortcuts.inc more clear - forwarder=dnsmasq
resolver=unbound
2) Make the v... Phil Davis
06:43 PM Revision f9aed22c: Merge pull request #1405 from phil-davis/unbound-shortcuts
Jim Pingle
10:51 AM Revision db88a3a2: Fix unbound shortcut links
Fixes redmine #4151
1) Make the naming in shortcuts.inc more clear - forwarder=dnsmasq
resolver=unbound
2) Make the v... Phil Davis
05:51 AM Bug #4155: ntpd crashes on 32 bit with dynamic WAN reconnections and OpenVPN client configured
Phillip Davis wrote:
> It happens after some WAN event that has potential IP change, and the OpenVPN clients are res... Kill Bill
05:38 AM Bug #4155: ntpd crashes on 32 bit with dynamic WAN reconnections and OpenVPN client configured
It happens after some WAN event that has potential IP change, and the OpenVPN clients are restarted. About 20 seconds... Phillip Davis
05:29 AM Bug #4155: ntpd crashes on 32 bit with dynamic WAN reconnections and OpenVPN client configured
i have a stable internet connection on the alix and i just noticed the same behaviour Bipin Chandra
05:21 AM Bug #4155: ntpd crashes on 32 bit with dynamic WAN reconnections and OpenVPN client configured
Phillip Davis wrote:
> The 2 APUs I have do not have any ntpd exited messages. That could be because the 64-bit ntpd... Kill Bill
05:15 AM Bug #4155: ntpd crashes on 32 bit with dynamic WAN reconnections and OpenVPN client configured
My Alix boxes do it also. Here is an example:
@$ clog /var/log/system.log | grep signal
Dec 24 13:16:36 skt-rt-01 k... Phillip Davis
04:05 AM Bug #4155 (Resolved): ntpd crashes on 32 bit with dynamic WAN reconnections and OpenVPN client configured
Seeing this on tons of Alix boxes. (Frankly had to install Service Watchdog package to keep ntpd running, it crashes ... Kill Bill
04:53 AM Bug #4151: Main page for this section link in services_unbound_host_edit.php is linked to services_dnsmasq.php
Same changes now in https://github.com/pfsense/pfsense/pull/1405
That pull request is a single commit - easier to ma... Phillip Davis
04:52 AM Bug #4152: Main page for this section link in services_unbound_domainoverride_edit.php is linked to services_dnsmasq.php
Same changes now in https://github.com/pfsense/pfsense/pull/1405
That pull request is a single commit - easier to ma... Phillip Davis
01:44 AM Bug #4146: OpenVPN tap interfaces are down after boot
Same issue for openvpn tap clients! everything is UP and RUNNING but iface is DOWN. Dmitriy K

12/27/2014

09:48 PM Bug #4151 (Confirmed): Main page for this section link in services_unbound_host_edit.php is linked to services_dnsmasq.php
Chris Buechler
12:39 PM Bug #4151: Main page for this section link in services_unbound_host_edit.php is linked to services_dnsmasq.php
And more things I noticed - the Unbound Advanced and ACLs tabs do not display the shortcuts at all. The Resolver logs... Phillip Davis
09:48 PM Bug #4152 (Confirmed): Main page for this section link in services_unbound_domainoverride_edit.php is linked to services_dnsmasq.php
Chris Buechler
12:40 PM Bug #4152: Main page for this section link in services_unbound_domainoverride_edit.php is linked to services_dnsmasq.php
Same set of fixes for this one also
https://github.com/pfsense/pfsense/pull/1404 Phillip Davis
09:45 PM Bug #4150 (Feedback): Captive Portal doesn't work with > 120 VLAN interfaces
will need more details, likely this isn't 2.2-specific if there is any actual problem here. Chris Buechler
01:05 PM Bug #4150: Captive Portal doesn't work with > 120 VLAN interfaces
There really is nothing to prevent this from working.
Though i am sure you would get better solution for this if you... Ermal Luçi
09:42 PM Bug #4153 (Rejected): Can't remove shaper or queue in IE11
duplicate of #1957 Chris Buechler
04:36 AM Bug #4153 (Rejected): Can't remove shaper or queue in IE11
Browser: IE11;
Removing shaper:
1. Configure shaper via "Dedicated Links" wizard;
2. Go to "By interface" tab an... Dmitriy K
05:32 PM Feature #4154: Support for RADIUS authentication over IPv6
FYI- This was the same on pfSense 2.1. It doesn't send out IPv6 RADIUS requests either. So at least it's not a regres... Jim Pingle
01:06 PM Feature #4154: Support for RADIUS authentication over IPv6
Ermal Luçi wrote:
> Hence the issue, i think this should be pushed post 2.2 to really be fixed.
Well, whatever is... Kill Bill
12:58 PM Feature #4154: Support for RADIUS authentication over IPv6
libradius is v4 only for now.
Hence the issue, i think this should be pushed post 2.2 to really be fixed. Ermal Luçi
11:46 AM Feature #4154: Support for RADIUS authentication over IPv6
Yep, it just seems to vanish somewhere. :) I deleted the client on the Windows server, and nothing logged. normally, ... Kill Bill
11:26 AM Feature #4154 (Confirmed): Support for RADIUS authentication over IPv6
Just tried this and I'm seeing the same thing against FreeRADIUS2. The IPv6 RADIUS request never leaves the client ho... Jim Pingle
08:25 AM Feature #4154 (Resolved): Support for RADIUS authentication over IPv6
Following https://doc.pfsense.org/index.php/OpenVPN_with_RADIUS_via_Active_Directory - this does not work if the RADI... Kill Bill
02:50 PM Bug #4134 (Resolved): Email notifications configuration migration to 2.2 broken (STARTTLS)
Renato Botelho
02:05 PM Bug #4134: Email notifications configuration migration to 2.2 broken (STARTTLS)
Works, thanks. Kill Bill
12:56 PM Bug #4141: captive-portal on opt1 interface affects traffic going through other interfaces
This will really be fixed when the carp interface link is made a strong one rather than the weak one that is today.
... Ermal Luçi
11:08 AM Bug #4090: unbound advanced settings cause broken unbound.conf file
Chris has put a little different - Vick's example does not have the double-quotes on the last 2 lines.
In any case, ... Phillip Davis
08:14 AM Bug #4149: Register DHCP leases in DNS forwarder broken
Well, I'm sure it's an issue in 2.1.5, as I am observing it. I haven't tested 2.2 (as far as I can tell 2.1.5 is the ... Anonymous
01:35 AM Bug #4146: OpenVPN tap interfaces are down after boot
All instances are tap. Dmitriy K

12/26/2014

10:50 PM Revision e63734ff: clarify message here after customer feedback, it wasn't meant to imply "only a reboot will re-enable" but that's how some people have read it.
Chris Buechler
10:49 PM Revision cccee755: clarify message here after customer feedback, it wasn't meant to imply "only a reboot will re-enable" but that's how some people have read it.
Chris Buechler
06:51 PM Bug #4152 (Resolved): Main page for this section link in services_unbound_domainoverride_edit.php is linked to services_dnsmasq.php
Services: DNS Resolver: Edit Domain Override (services_unbound_domainoverride_edit.php)
Main page for this section... Herman Johnson
06:49 PM Bug #4151 (Resolved): Main page for this section link in services_unbound_host_edit.php is linked to services_dnsmasq.php
Services: DNS Resolver: Edit host (services_unbound_host_edit.php)
Main page for this section [+] link at the top ... Herman Johnson
05:28 PM Bug #4150 (Resolved): Captive Portal doesn't work with > 120 VLAN interfaces
Captive portal is not authenticating users (just letting everyone on) when a zone is attached to more than 120 VLAN i... Ethan Hayon
05:17 PM Bug #4139: IPsec status widget broken
thanks for the feedback. I'm not 100% confident yet, will leave this open til early next week while I'm doing further... Chris Buechler
05:12 PM Bug #4139: IPsec status widget broken
All good here, finally ;) Kill Bill
01:12 PM Bug #4139: IPsec status widget broken
It seems all the problem circumstances here are fine now. A spot check of a handful of test systems where several iss... Chris Buechler
03:45 AM Bug #4139: IPsec status widget broken
Phillip Davis wrote:
> The description went missing in https://github.com/pfsense/pfsense/commit/bd0bb466f073c50a443... Kill Bill
03:38 AM Bug #4139: IPsec status widget broken
The description went missing in https://github.com/pfsense/pfsense/commit/bd0bb466f073c50a443c09096e89acf0abf8fdaa
I... Phillip Davis
05:04 PM Bug #4149 (Rejected): Register DHCP leases in DNS forwarder broken
not sure if that's an issue in 2.1.5 (maybe in some edge case, but there would be much more of an uproar than 2 peopl... Chris Buechler
04:57 PM Bug #4149 (Rejected): Register DHCP leases in DNS forwarder broken
On 2.1.5, the DHCP registration option in DNS Forwarding is broken. When a new machine is granted a DHCP lease, the f... Anonymous
04:51 PM Bug #4146: OpenVPN tap interfaces are down after boot
It appears it's more than just after boot, tap interfaces seem to always end up missing "UP". Will attempt to further... Chris Buechler
02:47 PM Bug #4146: OpenVPN tap interfaces are down after boot
corrected specific issue Chris Buechler
01:36 PM Bug #4146 (Confirmed): OpenVPN tap interfaces are down after boot
updated subject to actual issue Chris Buechler
04:50 PM Bug #4130 (Resolved): Status: Dashboard - index.php: XML error: no leases object found! (IPsec Widget)
fixed Chris Buechler
04:49 PM Bug #4138 (Resolved): Status - IPsec: Description missing on connected tunnels
fixed Chris Buechler
04:47 PM Bug #4116 (Confirmed): IP Alias VIPs using CARP VIP as their interface are not properly deactivated for temporary CARP disable
confirmed current status as Jim described. Temporary is fine. Maintenance mode gets stuck at advskew 254 only on inte... Chris Buechler
04:39 PM Bug #4141 (Closed): captive-portal on opt1 interface affects traffic going through other interfaces
Thanks for diagnosis PiBa. #4148 has root cause Chris Buechler
04:39 PM Bug #4148 (Resolved): gen_subnet returns incorrect result for IPv6
There is a pull request to fix this:
https://github.com/pfsense/pfsense/pull/958
#4141 shows one instance where ... Chris Buechler
04:31 PM Bug #4119 (Resolved): Disable DHCP server when interface is disabled / DHCP relay is checking for disabled interfaces
fixed Chris Buechler
04:25 PM Bug #4090: unbound advanced settings cause broken unbound.conf file
I can paste in exactly what you have above: ... Chris Buechler
04:19 PM Bug #4117: Using run(4) USB WLAN in hostap mode crashes in FreeBSD 10.x
it's crashing in run and we include 100% stock run(4) and don't patch anything related to wifi, there is more of a di... Chris Buechler
03:58 PM Bug #4145 (Rejected): Interfaces widget - interface details missing
doing something to ensure browsers don't excessively cache js and css is something we've discussed internally, but ha... Chris Buechler
10:01 AM Bug #4145: Interfaces widget - interface details missing
To fix various widget behavior, I keep making minor changes to the way some of the backround update data is passed ar... Phillip Davis
03:33 PM Bug #4142 (Confirmed): certificate manager certificates that are in use by packages can be deleted
Chris Buechler
03:13 PM Revision 02e4ee54: Update /etc/ttys from new partition when upgrading nanobsd, and in this case do not call reload_ttys(). It should fix #4140
Renato Botelho
03:13 PM Revision e68b7be0: Remove unused variable
Renato Botelho
03:00 PM Revision c07cd2ce: Update /etc/ttys from new partition when upgrading nanobsd, and in this case do not call reload_ttys(). It should fix #4140
Renato Botelho
02:57 PM Revision da4f9b60: Remove unused variable
Renato Botelho
02:32 PM Bug #4076 (Resolved): DNS Forwarder options do not unset during CARP sync
fixed Chris Buechler
08:30 AM Bug #4076: DNS Forwarder options do not unset during CARP sync
Applied in changeset commit:4469379c20d22b6c80bb7c47219e2fa2895c89a1. Renato Botelho
08:30 AM Bug #4076 (Feedback): DNS Forwarder options do not unset during CARP sync
Applied in changeset commit:f29fd4d08d910d6a10e294c555c052ae6a69c2b4. Renato Botelho
02:21 PM Revision ef6f553d: Move this check before full sync to disable dnsmasq/unbound in the first time it's sync'd
Renato Botelho
02:21 PM Revision 4469379c: Add dnsmasq and unbound config sections to full sync, it fixes #4076 that is caused because boolean config fields are not disabled on secondary
Renato Botelho
02:21 PM Revision d0bf02bd: Move this check before full sync to disable dnsmasq/unbound in the first time it's sync'd
Renato Botelho
02:20 PM Revision f29fd4d0: Add dnsmasq and unbound config sections to full sync, it fixes #4076 that is caused because boolean config fields are not disabled on secondary
Renato Botelho
01:08 PM Bug #4124 (Resolved): Alias FQDNs don't permit trailing period
all seems fine here Chris Buechler
01:07 PM Bug #4143 (Confirmed): After firmware upgrade it keeps saying "Packages are currently being reinstalled in the background." for no apparent reason.
there have always been some circumstances with some packages where that happens. additional comment on the pull reque... Chris Buechler
01:00 PM Bug #4131 (Resolved): CP RADIUS accounting not working
fixed Chris Buechler
12:55 PM Bug #4127 (Resolved): CP per-user bandwidth restriction applied when disabled
fixed Chris Buechler
12:13 PM Bug #3358: new version of <include_file> is not required during reinstall_all
Not having this install_package called from the new updated file could cause some packages to 'break', because of bei... Pi Ba
12:08 PM pfSense Packages Bug #4144 (Resolved): Current GUI doesn't allow you to select multiple logging severity options
Chris Buechler
11:30 AM pfSense Packages Bug #4144 (Feedback): Current GUI doesn't allow you to select multiple logging severity options
Applied in changeset commit:05a05c59ca10b62bdba34178e25e28fa55be12fc. Renato Botelho
11:09 AM Bug #4135 (Rejected): package update code does not run new update code from +packagename+.inc file when upgrading a package.
Duplicate of #3358 Renato Botelho
10:21 AM Revision ddfe3e05: Display tunnel description on IPsec widget
There was not even code to attempt to display the description.
Also, when I first created a phase1 and there were no ... Phil Davis
10:19 AM Revision 46df4e88: Merge pull request #1402 from phil-davis/patch-1
Renato Botelho
09:23 AM Bug #4147 (Resolved): IPsec - IPv4 Phase 1 using FQDN resolves to IPv6 IP
When you define an IPv4 tunnel using FQDN as Remote gateway, this resolves to AAAA record (if any) and subsequently o... Kill Bill
09:20 AM Bug #4140: Password protect console menu setting not preserved on upgrade
Applied in changeset commit:02e4ee541ba8af0992c6cd3acd468d731369b287. Renato Botelho
09:20 AM Bug #4140 (Feedback): Password protect console menu setting not preserved on upgrade
Applied in changeset commit:c07cd2ce79f56c96c886db818cb36651b5a334be. Renato Botelho
08:03 AM Revision 5525974b: Display tunnel description on IPsec widget
There was not even code to attempt to display the description.
Also, when I first created a phase1 and there were no ... Phil Davis

12/25/2014

04:34 PM Bug #4129: IPsec connections with multiple P2s use only first SA
Tested, works ok for my tunnels. Thanks. Pi Ba
04:04 PM Bug #4145: Interfaces widget - interface details missing
Sorry, this is not a widget issue. Another browser caching problem in action. Guys, would it be possible to produce a... Kill Bill
10:22 AM Bug #4145 (Rejected): Interfaces widget - interface details missing
After the latest batch of patches, as soon as CPU usage bar stops refreshing, the interface details (speed, duplex, m... Kill Bill
12:02 PM Bug #4146 (Resolved): OpenVPN tap interfaces are down after boot
Setup:
1. Latest snapshot
2. 2 ovpn servers on parent WAN (PPPoE);
3. 1 ovpn server on LAN;
After reboot:
1. A... Dmitriy K
11:06 AM Bug #4139: IPsec status widget broken
Still missing the description here...
!http://i57.tinypic.com/1q60oz.png!
 Kill Bill
06:25 AM pfSense Packages Bug #4144 (Resolved): Current GUI doesn't allow you to select multiple logging severity options
Even GUI says "use CTRL+click to select/unselect." you cant do that because a combobox is used instead of listbox so ... Dmitriy K
 

Also available in: Atom