Project

General

Profile

Activity

From 01/20/2015 to 02/18/2015

02/18/2015

11:55 PM Bug #4445: Applying NAT changes in Hyper-V can break running NAT config
it's somehow a hardware/hypervisor-specific issue, but I don't think it's indicative of a problem with Hyper-V itself... Chris Buechler
11:52 PM Bug #4445 (Resolved): Applying NAT changes in Hyper-V can break running NAT config
On some Hyper-V systems, applying changes to NAT in the web interface results in a rules.debug omitting all config-de... Chris Buechler
10:30 PM pfSense Packages Bug #4373: pfBlockerNG: IPv4 aliases are not preserved when upgrading package
Here is the commit to default "Keep settings" to "on":
https://github.com/BBcan177/pfsense-packages/commit/f802459... BBcan177 .
08:05 PM pfSense Packages Bug #4373: pfBlockerNG: IPv4 aliases are not preserved when upgrading package
there are a lot of people who are going to be surprised by that default, I suggest switching to defaulting to enablin... Chris Buechler
09:59 PM Bug #4444 (Resolved): Reverse lookup domain overrides and "Do not forward private reverse lookups"
If you enable "Do not forward private reverse lookups" and then have domain override(s) that cover whole chunk(s) of ... Phillip Davis
09:46 PM Feature #3914: Support up to 4 DNS Servers in DHCP
This was implemented for 2.2-RELEASE by commit: https://github.com/pfsense/pfsense/commit/3b5707db5bd1ea4d886b41f86bc... Phillip Davis
09:42 PM Bug #4077: Gateways Status Widget status column does not update
I think it was this commit that fixed the status background color updating: https://github.com/pfsense/pfsense/commit... Phillip Davis
09:31 PM Bug #4443 (Resolved): diag_arp does not display reverse resolved hostnames containing underscore
is_hostname() and is_domain() allow underscore in the names. So it is possible to have underscore in host names, for ... Phillip Davis
09:30 PM Bug #4393: syslogd stops and fails to restart during boot in some cases
anyone who's having issues with syslogd not running, install the System Patches package, then browse to System>Patche... Chris Buechler
07:59 AM Bug #4393: syslogd stops and fails to restart during boot in some cases
No need for that patch I posted now, Chris found the actual fix after that. The fix is in the commits shown in the "A... Jim Pingle
07:56 AM Bug #4393: syslogd stops and fails to restart during boot in some cases
I applied the patch and it created the lighttpd-breakage.log but its 0bytes. After applying the patch and restarting... Adam Esslinger
07:19 PM Bug #4389: gif0 tunnel for ipv6 using a carp-ip to the outside world stops working upon reboots and some config changes
best to gitsync to get to 2.2.1 right now. Option 12 at console, run "playback gitsync RELENG_2_2" Chris Buechler
07:17 PM pfSense Packages Bug #4324 (Resolved): HAproxy and SSL client certificate validation
Chris Buechler
06:48 PM Bug #4442 (Resolved): Boot sits at "Configuring firewall" for long time with hostnames, URL Tables, where DNS non-functional
Where you have FQDNs in aliases, and no reachable DNS servers, the boot gets excessively delayed sitting at "Configur... Chris Buechler
03:30 PM Bug #4438 (Confirmed): Unable to delete IP Alias outside an interface's subnet where a gateway exists in the same subnet
the specific issue is if you have an IP alias VIP that's not within any of your interfaces' subnets, and you have a g... Chris Buechler
06:47 AM Bug #4438 (Resolved): Unable to delete IP Alias outside an interface's subnet where a gateway exists in the same subnet
I have a working 2 FW CARP setup with pfSense 2.2 and a /28 subnet of available ip addresses.
If I add one of my a... Glen Arason
02:02 PM Bug #4441 (Confirmed): duplicating a relayd load balancer monitor in reality just overwrites the existing one and renames it.
Chris Buechler
01:00 PM Bug #4441 (Resolved): duplicating a relayd load balancer monitor in reality just overwrites the existing one and renames it.
Create a load balancing monitor called "Xhttps" and configure it to monitor https. Further configure it to use a host... Vick Khera
11:50 AM Bug #4425 (Closed): IPSEC /Strongswan Fails to Detect IP address Change
duplicate of #4341 Chris Buechler
11:44 AM Bug #4341: strongSwan fails to re-attach dynamic IPs where interfaces_use specified
Chris, will you merge BUG #4425 with this one. I had filed that bug report to outline the same problem that you have ... Sam Bernard
10:57 AM Revision 153613e3: Handle reverse lookup domain overrides
that match exactly a whole block of private address space.
e.g. if the user has checked "Do not forward private rever... Phil Davis
09:58 AM Feature #3933: Limiter burst doesn't have any effect
Would a bounty help with this? Web Dawg
08:48 AM Revision 6777fc3b: diag_arp allow underscore in resolved host names
is_hostname() and is_domain() allow underscore in the names. So it is possible to have underscore in host names, for ... Phil Davis
07:58 AM Revision 90d1d8cf: Don't hard code harden-referral-path. It defaults to no, so no behavior change, and that setting is unlikely to ever become a default. This allows users to configure an override to enable this option if desired. part of Ticket #4399
Chris Buechler
07:57 AM Revision 559c8d3d: Don't hard code harden-referral-path. It defaults to no, so no behavior change, and that setting is unlikely to ever become a default. This allows users to configure an override to enable this option if desired. part of Ticket #4399
Chris Buechler
07:26 AM Bug #4440 (Rejected): CARP does not Sync IP Alais to Backup firewall
Duplicate of #4439 Jim Pingle
07:04 AM Bug #4440 (Rejected): CARP does not Sync IP Alais to Backup firewall
I have a working 2 FW CARP setup with pfSense 2.2 and a /28 subnet of available ip addresses.
The Virtual IP Alias... Glen Arason
07:25 AM Bug #4439 (Rejected): CARP does not Sync IP Alais to Backup firewall
The VIP types that are supposed to sync work properly: CARP VIPs, IP Aliases *using a CARP VIP as their parent interf... Jim Pingle
07:02 AM Bug #4439 (Rejected): CARP does not Sync IP Alais to Backup firewall
I have a working 2 FW CARP setup with pfSense 2.2 and a /28 subnet of available ip addresses.
The Virtual IP Alias... Glen Arason
06:40 AM pfSense Packages Bug #4198 (Resolved): lightsquid doesn't work, perl is missing
Jim Pingle
05:29 AM pfSense Packages Bug #4198: lightsquid doesn't work, perl is missing
thanks Jim! I think we can close this ticket.. I didn't report this, but the only issue now with the package is with ... Cino .
06:39 AM Revision 7b404fde: Add GUI control for MOBIKE. Hide it when IKEv1 selected. Enable toggling of NAT-T field display so it's on for IKEv1, off for IKEv2. Do same for reauth while here. Ticket #3979
Chris Buechler
06:38 AM Revision 065e78b3: Add GUI control for MOBIKE. Hide it when IKEv1 selected. Enable toggling of NAT-T field display so it's on for IKEv1, off for IKEv2. Do same for reauth while here. Ticket #3979
Chris Buechler
06:37 AM Bug #4437 (Closed): FreeBSD Kernel RNG Broken
The broken code never made it into any -RELEASE. pfSense is based on 10.1-RELEASE, so no it's not affected. Jim Pingle
02:20 AM Bug #4437: FreeBSD Kernel RNG Broken
No. https://lists.freebsd.org/pipermail/freebsd-current/2015-February/054581.html Kill Bill
01:02 AM Bug #4437 (Closed): FreeBSD Kernel RNG Broken
Is pfsense of this serious vulnerability affected?
https://lists.freebsd.org/pipermail/freebsd-current/2015-February... Andreas Walther
04:32 AM Revision cfda8861: Wait a bit after sending a TERM to syslogd as in some instances it can take too long to stop, and it fails to restart because it's still running at that point. Add a KILL in case it's still running after that. Ticket #4393
Chris Buechler
04:30 AM Revision 209ba3aa: Wait a bit after sending a TERM to syslogd as in some instances it can take too long to stop, and it fails to restart because it's still running at that point. Add a KILL in case it's still running after that. Ticket #4393
Chris Buechler
01:59 AM Feature #4399: Expose more of the DNSSEC-related hardening options in the GUI
I removed harden-referral-path from the default config, so you can enable it as an advanced option if wanted. Chris Buechler
01:53 AM Bug #4429 (Closed): Problem with radvd(8) SLAAC packets autoconfiguring client IPv6 routes
Thanks for the follow up. SLAAC requires a /64, which is why. The RAs are correct. Not a bug.
though we could imp... Chris Buechler
01:02 AM Feature #4205 (Resolved): unbound config option missing
works Chris Buechler
12:39 AM Bug #3979 (Feedback): 2.2 IPsec NAT-T / MOBIKE IKEv2 control
this should all be addressed now, needs review and further testing. Chris Buechler

02/17/2015

11:43 PM Bug #4300 (Resolved): Can not enter outbound NAT destination port range
fixed Chris Buechler
11:40 PM Bug #4210: Bring back a FTP proxy
In a completely default config, passive FTP clients will work fine. The default LAN rule permits what's necessary.
... Chris Buechler
11:37 PM Bug #4210: Bring back a FTP proxy
Chris Buechler wrote:
> check out the info here:
> https://doc.pfsense.org/index.php/FTP_without_a_Proxy
>
> it... Reqlez Guy
11:35 PM Bug #4210: Bring back a FTP proxy
Chris Buechler wrote:
> check out the info here:
> https://doc.pfsense.org/index.php/FTP_without_a_Proxy
>
> it... Reqlez Guy
11:31 PM Bug #4210 (Confirmed): Bring back a FTP proxy
check out the info here:
https://doc.pfsense.org/index.php/FTP_without_a_Proxy
it's always possible to support p... Chris Buechler
11:27 PM Bug #4210: Bring back a FTP proxy
Interesting because i'm getting reports from vendors who refuse to change away from FTP that PASV mode is not working... Reqlez Guy
11:35 PM Bug #4349 (Resolved): Generating IPsec entries with the option similar to this one causes bad ipsec configuration
fixed Chris Buechler
11:24 PM Bug #3395 (Resolved): DHCPv6 client pass rules need to come before bogons
thanks for confirming. Chris Buechler
10:30 PM Bug #4393 (Feedback): syslogd stops and fails to restart during boot in some cases
every circumstance I could replicate is fixed by what I just pushed. Chris Buechler
02:45 PM Bug #4393: syslogd stops and fails to restart during boot in some cases
I still can't seem to reproduce it here even with a "bad" set of logs and similar settings. There must be some other ... Jim Pingle
05:20 PM Revision 31495068: Three minor improvements to IP functions
1) Most is_ip***() functions can return 4 or 6 to indicate type of IP, for benefit of calling code (both evaluate to ... Stilez y
01:38 PM Feature #4366: Namecheap Dynamic DNS updates fail on subdomain formatted domains
A few more pieces of information
In this scenario, the subdomain is being pointed at namecheap's dynamic DNS not t... Trel S
10:19 AM Bug #4429: Problem with radvd(8) SLAAC packets autoconfiguring client IPv6 routes
In fact, the SLAAC logic in pfSense 2.2 *seems to be okay.* If an interface is configured with flawed Ipv6 notation l... Mich MSvB
12:34 AM Bug #4429: Problem with radvd(8) SLAAC packets autoconfiguring client IPv6 routes
can you send me a pcap containing one of the RAs? Email to me cmb at pfsense.org referencing this ticket # if you don... Chris Buechler
04:13 AM Bug #4310: Limiters + HA results in hangs on secondary
Ermal Luçi wrote:
> Patch committed.
Can you post a link to the patch Vitaliy Isarev
04:13 AM Revision 71383901: Do not request prefix delegation if no tracking interfaces are setup to
use it. Ticket #4436 k-paulius
01:01 AM Bug #4428: Setting media option on em(4) leads to infinite link cycling
It is not. No special functionality (vlan, lagg/lacp, or bridging) is enabled on any interfaces in the system. Nash Kaminski
12:55 AM Bug #4428: Setting media option on em(4) leads to infinite link cycling
Is that interface part of a bridge, or lagg or anything? Chris Buechler
12:58 AM Bug #4371 (Confirmed): Re-enable suhosin
Chris Buechler
12:40 AM Bug #4436 (Confirmed): dhcp6c requests prefix delegation when no tracking interfaces are configured
this can be worse than it might seem at a glance, as if you don't get a PD assignment, it'll keep retrying over and o... Chris Buechler

02/16/2015

10:23 PM Bug #4436: dhcp6c requests prefix delegation when no tracking interfaces are configured
Submitted pull request: https://github.com/pfsense/pfsense/pull/1495 Paul K
10:05 PM Bug #4436 (Resolved): dhcp6c requests prefix delegation when no tracking interfaces are configured
When interface with DHCPv6 has 'DHCPv6 Prefix Delegation size' set and no interfaces are setup to track it, pfSense g... Paul K
09:17 PM Bug #4341: strongSwan fails to re-attach dynamic IPs where interfaces_use specified
Updated subject should be accurate of specific issue. Removing interfaces_use from strongswan.conf makes the problem ... Chris Buechler
08:50 PM Bug #4341 (Confirmed): strongSwan fails to re-attach dynamic IPs where interfaces_use specified
Found a scenario where this is replicable with PPPoE.
1) setup IPsec bound to a PPPoE WAN, with no keepalive defi... Chris Buechler
03:46 PM Bug #3395: DHCPv6 client pass rules need to come before bogons
Tested the patch on v2.2. Rules are now appearing in the correct order and DHCPv6 messages are not getting blocked.
... Paul K
02:10 PM Feature #4179: Driver oce is missing from 2.2 RC
When I load the module, using kldload, I got the following output:
oce0: <Emulex CNA NIC function:///10.0.664.0///... Mathieu FRAPPIER
05:31 AM Revision e2caaee8: Fixing issues with NTP RRD graph state changes
- only call enable_rrd_graphing() after $config['ntpd']['statsgraph']
is set
- fix if condition; empty and isset ... k-paulius
04:49 AM Bug #4371: Re-enable suhosin
I don't think this is done exactly right...... Kill Bill
12:25 AM Bug #4435: Invalid increment in DHCP6 server address range check
Pull request for fix here: https://github.com/pfsense/pfsense/pull/1478 Daniel Becker
12:25 AM Bug #4435: Invalid increment in DHCP6 server address range check
Note that this is actually matches the behavior of the range checks that services_dhcpv6.php performs: The actual che... Daniel Becker
12:24 AM Bug #4435 (Resolved): Invalid increment in DHCP6 server address range check
When computing the start IP for the 'available range' field, services_dhcpv6.php attempts to increment a colon-format... Daniel Becker
12:12 AM Bug #4434: Enabling NTP graphs does not take effect right away
Pull request https://github.com/pfsense/pfsense/pull/1494 Paul K
12:00 AM Bug #4434 (Resolved): Enabling NTP graphs does not take effect right away
When enabling NTP RRD graphs nothing happens first time NTP page is submitted.
Graphs are enabled if page is submi... Paul K

02/15/2015

11:12 PM Bug #4175: kernel panic when loading run driver for RT3070
Had time to load stock FreeBSD 10.1 and the wireless interface worked. Also updated to 2.2-RELEASE and still experien... William Eshagh
09:54 PM Bug #4433: DHCP6 only pushes name server info to tracked interfaces if delegation prefix length is less than /64
Pull request for fix: https://github.com/pfsense/pfsense/pull/1476 Daniel Becker
09:54 PM Bug #4433 (Resolved): DHCP6 only pushes name server info to tracked interfaces if delegation prefix length is less than /64
The auto-generated DHCP6 configuration for tracking interfaces only includes a v6 name server if there are additional... Daniel Becker
09:49 PM Bug #4432: Net_IPv6::compress() does not properly handle all-zeroes address
Pull request for fix: https://github.com/pfsense/pfsense/pull/1477 Daniel Becker
09:48 PM Bug #4432 (Resolved): Net_IPv6::compress() does not properly handle all-zeroes address
Net_IPv6::compress produces an empty string when compressing the all-zeros address, rather than the expected output o... Daniel Becker
04:32 PM Bug #4429: Problem with radvd(8) SLAAC packets autoconfiguring client IPv6 routes
Yes, I'm getting a *single* RA from pfSense to ip6-allnodes which results in a correct IPv6 route in the Ubuntu clien... Mich MSvB
12:49 PM Bug #4429 (Feedback): Problem with radvd(8) SLAAC packets autoconfiguring client IPv6 routes
This works in general. You're getting RAs, which seem fine at a basic level at least though contents of the RA not sh... Chris Buechler
08:40 AM Bug #4429: Problem with radvd(8) SLAAC packets autoconfiguring client IPv6 routes
h1. Additional info
h2. Bogons
My *Interfaces: LAN* 'Private networks' section contains _Block private networks... Mich MSvB
07:13 AM Bug #4429 (Closed): Problem with radvd(8) SLAAC packets autoconfiguring client IPv6 routes
In the last release 2.1.5, stateless address autoconfiguration (SLAAC) was working correctly. After updating to 2.2 m... Mich MSvB
03:29 PM Revision 8f5352df: carp, don't show status icon from previous carp ip in case the ip is not present on the interface (test with ifconfig em0 1.2.3.4 delete)
Pi Ba
02:12 PM Bug #4431 (Duplicate): Bandwidth not reported correctly in "Status: Traffic shaper: Queues"
I'm running pfSense version 2.2 on an Alix 2d2 board. The reported bandwidth under the queues status page is incorre... Jocelyn Le Sage
01:23 PM Bug #4395 (Resolved): /etc/hosts doesn't contain any local IPv6 addresses
fixed Chris Buechler
11:02 AM Bug #4392: OpenVPN daemon crashing with ath(4) card installed
I just had this happen again. I have noticed that this appeared again in the logs.
Feb 15 11:57:57 kernel: sonewc... Adam Esslinger
08:03 AM Bug #4430 (Closed): pppoe configuration can not be removed from WAN interface.
When WAN interface is set as pppoe it can not be changed to DHCP or NONE.
First time, the web interface tells to a... Martin Labbe

02/14/2015

09:27 PM Bug #4428 (Confirmed): Setting media option on em(4) leads to infinite link cycling
If the media or mediaopt config option is set, an infinite link cycling loop results since the link cycles when ifcon... Nash Kaminski
06:39 PM Bug #4427 (Resolved): Traffic Shaper Wizard still having issues
I just upgraded to the latest 2.2 snapshot from Feb 13 in hopes of getting past the already documented traffic shapin... Marco Novielli
06:26 PM Bug #4307 (Closed): bacula-fd configuration is mangled
Thanks for the feedback, I'll close this out.
If you have any ideas on how to simplify the GUI for this to make it... Jim Pingle
06:03 PM Bug #4307: bacula-fd configuration is mangled
This is fixed for me. Thank you. Dan Langille
04:20 PM Bug #4367 (Resolved): Incorrect rrset-cache-size in unbound.conf
fixed Chris Buechler
04:05 PM Bug #4418 (Confirmed): IPsec mobile clients - bogus "p" appended to search domain
It changes the weird character OS X shows at the end in its system.log, but otherwise unchanged and still wrong. Now ... Chris Buechler
03:56 PM Bug #4393 (Confirmed): syslogd stops and fails to restart during boot in some cases
I added a tgz of /var/log from a system exhibiting the problem to projects/ticket-files/
Chris Buechler
07:38 AM Bug #4393: syslogd stops and fails to restart during boot in some cases
I received it, but it may be Tuesday before I have a chance to look at the logs. Jim Pingle
07:26 AM Bug #4393: syslogd stops and fails to restart during boot in some cases
I sent you an email yesterday with the logs (9MB). Did you get the email? Adam Esslinger
11:37 AM Bug #4403: Enabling SNMP causes kernel panic with APU with empty SD card slot
I misunderstood JimP's earlier comment, running 'sysctl -a' won't panic it in the way enabling SNMP will. Chris Buechler
08:20 AM Bug #4403: Enabling SNMP causes kernel panic with APU with empty SD card slot
Same for me during the upgrade from 2.1.5 (amd64) to 2.2 (amd64) on a APU.1C4 (4 GB).
Retried it successfully with a... Marcel Janicki
04:03 AM Bug #4403: Enabling SNMP causes kernel panic with APU with empty SD card slot
I just started to test what combinations of hardware let this crash happen, but the command "systcl -a" is not crashi... Andreas Walther
06:38 AM pfSense Packages Bug #4415: wrong start script in nrpe2 within 64bit installation
Since 2.12_4 v2.2_4 this bug is also in i386. Manfred Bongard
01:06 AM Feature #4179: Driver oce is missing from 2.2 RC
@Matthieu: We copied it over from FreeBSD 10.1 release and added oce_load="YES" to /boot/loader.conf, worked as expec... Christoph Erdle

02/13/2015

11:02 PM Todo #4353: Review IPsec reloading when strongswan.conf is changed
I reported a bug 4425 which I'm thinking might be related to this. Let me know if you need any logs from me.
Sam Sam Bernard
11:01 PM Bug #4425: IPSEC /Strongswan Fails to Detect IP address Change

Just wondering if this could be related to Bug 4353. Sam Bernard
08:13 PM Bug #4425 (Closed): IPSEC /Strongswan Fails to Detect IP address Change
Whats we saw was that 2.2 had no issue bringing up the tunnel but once the tunnels were up they were unstable and if ... Sam Bernard
10:33 PM Feature #4354: Allow dpinger to ping more than one destination for a gateway.
This would be an amazing enhancement! My only comment would be if you're going to enhance the engine to support multi... → luckman212
10:08 PM Feature #4179: Driver oce is missing from 2.2 RC
@Christoph: Can you explain where od you get the file and how exactly do you load it ? Mathieu FRAPPIER
09:26 PM pfSense Packages Bug #4426 (Resolved): NUT fails to start or restart until NUT's settings are (re)saved
Since updating NUT to 2.6.5_1 pkg/2.0.4, I'm finding that NUT won't start on a pfSense reboot. Pressing a "restart s... B. Derman
08:28 PM Revision cc94ea50: Unobsolete libpcre.so.1
Renato Botelho
08:28 PM Revision 3b7f8f83: Unobsolete libpcre.so.1
Renato Botelho
06:27 PM Revision d72e936f: Merge pull request #1484 from phil-davis/more-text-typos
Renato Botelho
06:24 PM Revision 3ddc5d1a: Update fbegin.inc - Missing '/' in path
Found this issue in conjunction with user Digdug3 BBcan177 .
06:24 PM Revision 49fa70a2: Merge pull request #1485 from BBcan177/patch-1
Renato Botelho
04:45 PM Bug #4310: Limiters + HA results in hangs on secondary
Hi, I have the same issue. I tried to update to the latest maintance version, but receive error after upgrade: "shar... Vitaliy Isarev
04:04 PM Bug #4328: Some symlinks not updated by full update
Well, all I can say is that this is definitely not fixed. Tested with 2.2.1-DEVELOPMENT-i386-20150213-1429 snapshot.
... Kill Bill
03:06 PM Bug #4393: syslogd stops and fails to restart during boot in some cases
If you have made an archive of the logs you can post them on a site like Google Drive or Dropbox and PM me the URL on... Jim Pingle
11:11 AM Bug #4393: syslogd stops and fails to restart during boot in some cases
I just had this happen again after rebooting my box from Bug #4392. How can I email you the logs? Adam Esslinger
12:53 PM pfSense Packages Bug #4410: pfBlockerNG adding commented IPs
Hi Ryan, my PR for pfBNG *v1.04* was merged. Please let me know if that fixes your issue.
There is a "pfBlockerNG" t... BBcan177 .
11:32 AM Revision fc06d8ea: Surrond the some mobile clients attributes with " ( quote ) to help the strongswan parser identify properly the values. Ticket #4418
Ermal Luçi
11:31 AM Revision d17ad7f5: Surrond the some mobile clients attributes with " ( quote ) to help the strongswan parser identify properly the values. Ticket #4418
Ermal Luçi
11:21 AM Bug #4424 (Closed): Adding and removing shaper repeatedly causing interface crash
Since at least one other user confirmed that, filing the bug here - relevant forum thread: https://forum.pfsense.org/... Kill Bill
10:17 AM Bug #4392: OpenVPN daemon crashing with ath(4) card installed
I just had this happen again..Here is what I'm seeing. The Service status dashboard shows the Daemon is running, but... Adam Esslinger
06:19 AM Revision e2d0aee8: force minimum 100000 byte log file size. Some have been confused thinking this is KB, in some cases causing problems. This should help, and there shouldn't be a need for logs smaller than that.
Chris Buechler
06:17 AM Revision 47d3f94a: force minimum 100000 byte log file size. Some have been confused thinking this is KB, in some cases causing problems. This should help, and there shouldn't be a need for logs smaller than that.
Chris Buechler
05:49 AM Bug #4326: Limiters on firewall rules where NAT applies drop all traffic
Ok thank you i think i know where the issue is now.
I will update here when the issue is fixed but will need a ker... Ermal Luçi
05:30 AM Bug #4418 (Feedback): IPsec mobile clients - bogus "p" appended to search domain
I pushed a commit since this seems relevant only during parsing time of the options.
Can anyone re-producing this ... Ermal Luçi
12:34 AM Bug #4418: IPsec mobile clients - bogus "p" appended to search domain
the symbol at the end that OS X's logs show doesn't copy/paste, attached screenshot. Chris Buechler
05:20 AM Bug #4422: /etc/rc.initial doesn't handle -c parameters
If you go to GitHub at https://github.com/pfsense/pfsense and make the edit online there, then submit a pull request,... Phillip Davis
04:46 AM Bug #4422 (Resolved): /etc/rc.initial doesn't handle -c parameters
/etc/rc.initial fails to handle parameters passed to it using -c. As a result, SFTP against the internal SSH server f... David Wood
05:11 AM Bug #4423 (Resolved): NTP RRD graphing fails to recognise that offset can be negative
The definition of the offset date source in /etc/inc/rrd.inc fails to recognise that offset can be negative, meaning ... David Wood
03:07 AM pfSense Packages Bug #4419: fatal: open /etc/aliases: No such file or directory
Update: My Postfix Forwarder version: 2.11.3_2 pkg v.2.4.1. NewTo You
02:43 AM pfSense Packages Bug #4419 (Resolved): fatal: open /etc/aliases: No such file or directory
I get this error in maillog:... NewTo You
03:06 AM pfSense Packages Bug #4420: warning: bad command startup -- throttling
Update: My Postfix Forwarder version: 2.11.3_2 pkg v.2.4.1. NewTo You
02:49 AM pfSense Packages Bug #4420 (Resolved): warning: bad command startup -- throttling
I get this error in maillog:... NewTo You
03:02 AM pfSense Packages Bug #4421 (Duplicate): Apache reserve proxy, location must specify Site Path, Backend Path or get http 503 error
Just want to report that I must specify Site Path, Backend Path to '/' instead of leaving blank to use '/' as suggest... NewTo You
02:47 AM Bug #4414: pfsense on amd64 Thinclient Futro S550 // 2.1.5 // 2.2
Hello Chris,
thanks for your reply
i added a dmesg dump of 2.1.5
I hope you find the bug.
thanks Tom
www_l... tom stern

02/12/2015

09:54 PM Revision f742c43e: Update fbegin.inc - Missing '/' in path
Found this issue in conjunction with user Digdug3 BBcan177 .
05:13 PM Bug #3290: IPV6 conectivity not restored after cablemodem reset
An update... had some maintenance last night... while my LAN prefix appears to have been restored following everythin... Anonymous
04:33 PM Bug #4326: Limiters on firewall rules where NAT applies drop all traffic
I also increased the limiter to 700Mb, higher than throughput without limiter and it worked without issue, got the no... Travis Kreikemeier
04:27 PM Bug #4326: Limiters on firewall rules where NAT applies drop all traffic
Finally able to get around to building a VM lab for this. Here is what I have found.
* Appears to only be an issue... Travis Kreikemeier
01:58 PM Bug #4326: Limiters on firewall rules where NAT applies drop all traffic
Can you do another test to have full information?
Do the usual breaking test you have reported and show the output... Ermal Luçi
04:26 PM Bug #4418 (Confirmed): IPsec mobile clients - bogus "p" appended to search domain
it's more than just a p, it ends up with some weird character after the p as well. I've already dug into this a bit b... Chris Buechler
04:22 PM Bug #4418 (Resolved): IPsec mobile clients - bogus "p" appended to search domain
At least 4 reports of this on the forum:
https://forum.pfsense.org/index.php?topic=88631.0
https://forum.pfsense.or... Kill Bill
04:24 PM Revision b95a4d8a: Set srctrack separate from this test or the value won't save unless the sticky box status also changed.
Jim Pingle
04:24 PM Revision 1ac99c4e: Set srctrack separate from this test or the value won't save unless the sticky box status also changed.
Jim Pingle
04:11 PM Bug #4131: CP RADIUS accounting not working
Still having this issue on a machine updated from 2.1.5 to 2.2.
Prior to upgrading, the setup did work, although the... Mikael K
03:16 PM pfSense Packages Bug #4417 (Resolved): Ruleset link for GPLv2 Community rules on Categories tab is incorrect
If you're on the Categories tab and have enabled "GPLv2 Community Rules (VRT certified)", the hyperlink assigned to i... Ryan .
02:42 PM Bug #4276 (Confirmed): Layer 7 not working / ipfw-classifyd high load
Pretty simple to reproduce
* Add a layer 7 container, for example, to block bittorrent
* Apply the layer 7 contai... Jim Pingle
02:41 PM Bug #4416 (Closed): Layer 7 is broken and will not pass traffic on 2.2
Duplicate of #4276 Jim Pingle
02:03 PM Bug #4416 (Confirmed): Layer 7 is broken and will not pass traffic on 2.2
Jim Pingle
02:02 PM Bug #4416 (Closed): Layer 7 is broken and will not pass traffic on 2.2
Using a basic test case, Layer 7 is not functional on 2.2:
* Add a layer 7 container, for example, to block bittorre... Jim Pingle
02:38 PM pfSense Packages Bug #4410: pfBlockerNG adding commented IPs
Great! I'll try it out once it's released.
Thanks Ryan .
01:45 PM Bug #4414 (Rejected): pfsense on amd64 Thinclient Futro S550 // 2.1.5 // 2.2
hardware-specific problem, replicate on stock FreeBSD 10.1 and report upstream. Chris Buechler
01:44 PM Bug #4414: pfsense on amd64 Thinclient Futro S550 // 2.1.5 // 2.2
This is not a supported platform.
Try booting stock freebsd 10.1 off a USB stick.
Also post the full verbose kernel... Jeremy Porter
01:19 PM Bug #4414: pfsense on amd64 Thinclient Futro S550 // 2.1.5 // 2.2
dmesg.txt added tom stern
05:56 AM Bug #4414 (Rejected): pfsense on amd64 Thinclient Futro S550 // 2.1.5 // 2.2
Hello@All
on my labs firewalls (Thinclient Futro S550 /amd64/1GB/CF-Card-4G)
--2.1.5 will only boot "headless" ... tom stern
01:27 PM Bug #2526 (Feedback): Limiter appears to break IPv6 connectivity
A patch has been pushed which will fix limiters with ipv6. Ermal Luçi
11:34 AM pfSense Packages Bug #4415 (Resolved): wrong start script in nrpe2 within 64bit installation
After Update to 2.12_4 v2.2_3 service does not start any more.
Log: root: /usr/local/etc/rc.d/nrpe2.sh: WARNING: r... Manfred Bongard
10:44 AM Revision a9982b43: Unobsolete crypto tools and athstats, ticket #4239
Renato Botelho
10:44 AM Revision 0a81c3ab: Unobsolete crypto tools and athstats, ticket #4239
Renato Botelho
09:33 AM Bug #4266: Rekeying issues with IKEv1 and multiple P2s under some circumstances
Some people have reported that this happens only if prefer oldsa setting is enabled. Ermal Luçi
09:22 AM Bug #4402: Unbound: enable harden-glue by default and/or apply patch
Thanks for the fixes !
On this topic, Unbound 1.5.2rc1 has just been released, and final may then be ready before... Olivier Müller
04:44 AM Bug #4239 (Feedback): athstats, cryptostats, cryptotest missing from 2.2 builds
Build was fixed and all binaries removed from obsolete list Renato Botelho
04:29 AM Revision d4a18f13: Merge branch 'RELENG_2_2' of git.pfmechanics.com:pfsense/pfsense into RELENG_2_2
Chris Buechler
04:28 AM Revision 0f31e918: get rid of wizards/initial/ images that were never used
Chris Buechler
04:28 AM Revision 6972f14e: get rid of wizards/initial/ images that were never used
Chris Buechler
03:06 AM Feature #4413 (Duplicate): Vendor specific option spaces
It would be nice to have a possibility to specify subject. Dmitriy K
12:14 AM pfSense Packages Bug #4324: HAproxy and SSL client certificate validation
I tested the latest version (had an IPv6 connectivity problem with the packages repository), it works as intended.
... Stéphane Lapie

02/11/2015

11:00 PM Revision 377b1faa: DHCPv6 client rules MUST come before bogons. Add a comment that hopefully
sticks out so this stops getting broken. Ticket #3395 Chris Buechler
10:59 PM Revision 274a531a: DHCPv6 client rules MUST come before bogons. Add a comment that hopefully
sticks out so this stops getting broken. Ticket #3395 Chris Buechler
09:20 PM pfSense Packages Bug #4410: pfBlockerNG adding commented IPs
@Ryan. Thanks for the Bug report. I haven't seen a Comment line with an IP in it before. The fix for this bug is in m... BBcan177 .
12:08 PM pfSense Packages Bug #4410 (Resolved): pfBlockerNG adding commented IPs
We have a list provider that requires our IP be passed as a variable in the query (e.g. http://example.com/list.php?i... Ryan .
08:18 PM Revision eaa89cc6: Ticket #4390 Return only the subnet bits not the full network in cidr format.
Ermal Luçi
08:17 PM Revision 810b36ac: Fixes #4390 Properly return the vip subnet now that the CARP might not match its parent interface subnet.
Ermal Luçi
07:34 PM Revision 1c4c5ed2: Remove dead code and unset vars so next time the code works properly avoiding cache issues.
Ermal Luçi
07:34 PM Revision 657932fd: Remove dead code and unset vars so next time the code works properly avoiding cache issues.
Ermal Luçi
07:29 PM Revision b65de558: Fixes #4389 The VIP interfaces cannot be assigned since they are just an identification of the VIP for tracking. Consider that when configuring gif/gre. Also on bridges you cannot set a vip interface as its member.
Ermal Luçi
07:26 PM Revision 2de650f6: Fixes #4389 The VIP interfaces cannot be assigned since they are just an identification of the VIP for tracking. Consider that when configuring gif/gre. Also on bridges you cannot set a vip interface as its member.
Ermal Luçi
07:20 PM Bug #4379: Remove CGN (RFC6598) address space from "private networks"
it's only unusable where you need to allow traffic into WAN that's sourced from CGN space. Which in nearly all cases ... Chris Buechler
07:00 PM pfSense Packages Bug #4412 (Not a Bug): squid reverse proxy
when I try to activate the squid reverse proxy reports an error and when I modify sysctl returns or null or invalid s... alberto alcala pinto
05:00 PM Bug #3395 (Feedback): DHCPv6 client pass rules need to come before bogons
Indeed. Fixed again, and added a comment that will hopefully prevent this from ever getting broken again. Chris Buechler
04:21 PM Bug #4398: Userlist - No sorting anymore
note the sort is there if you have 1 user only, disappears with > 1. I'm sure Phil's right on that. Moving to 2.2.2 s... Chris Buechler
04:20 PM Bug #4398 (Confirmed): Userlist - No sorting anymore
Chris Buechler
04:12 PM Bug #4403: Enabling SNMP causes kernel panic with APU with empty SD card slot
Chris Buechler wrote:
> Andreas: could you do some experimentation with your combination of hardware? See if it's th... Andreas Walther
03:56 PM Bug #4403: Enabling SNMP causes kernel panic with APU with empty SD card slot
the only scenario we've been able to replicate is with no SD card installed. It's easily replicable by just removing ... Chris Buechler
03:46 PM Bug #4403: Enabling SNMP causes kernel panic with APU with empty SD card slot
I don't have an SD card in, but I do have a Mini-PCIe wireless card. Jim Pingle
03:41 PM Bug #4403: Enabling SNMP causes kernel panic with APU with empty SD card slot
Well the first crash after update from 2.1 to 2.2 was with a sd card as the disk and a mini pcie 3g modem installed.
... Andreas Walther
02:57 PM Bug #4403: Enabling SNMP causes kernel panic with APU with empty SD card slot
... Jim Pingle
02:49 PM Bug #4403: Enabling SNMP causes kernel panic with APU with empty SD card slot
does sysctl hw.bus return a result? Ermal Luçi
12:41 PM Bug #4403: Enabling SNMP causes kernel panic with APU with empty SD card slot
I can reproduce it on my APU now as well. Fresh install on mSATA, no SD card inserted, using the factory image.
Seem... Jim Pingle
04:04 PM Bug #4404 (Rejected): Fatal error when enabling IPSec
not a bug.
source is available here:
https://github.com/pfsense/pfsense Chris Buechler
06:24 AM Bug #4404: Fatal error when enabling IPSec
Do you have a link to a stock util.inc, so I can compare ?
The file i patched, I need to have several subnets in D... Lars Juul
01:19 AM Bug #4404 (Feedback): Fatal error when enabling IPSec
you're missing, or have a broken, /etc/inc/util.inc file. The installer can't forget files (and if anything as critic... Chris Buechler
04:01 PM Bug #4407 (Rejected): unbound advanced settings broken
nothing is broken, just have to put things in correctly. added #4411 to add input validation at some point to prevent... Chris Buechler
06:03 AM Bug #4407: unbound advanced settings broken
Kill Bill wrote:
>
> The server: clause is not the place for different kind of things, like the stub zone and forw... Andreas Pflug
06:03 AM Bug #4407: unbound advanced settings broken
Can we please append a link to unbound.conf(5) manpage (https://www.unbound.net/documentation/unbound.conf.html) with... Kill Bill
05:52 AM Bug #4407: unbound advanced settings broken
Andreas Pflug wrote:
> Moving the custom option generation as suggested would make any option appear under the serve... Kill Bill
05:12 AM Bug #4407: unbound advanced settings broken
Kill Bill wrote:
> What advanced settings? This is just not true in general. Prefix the custom options with server: ... Andreas Pflug
05:01 AM Bug #4407: unbound advanced settings broken
In my case, I need *do-not-query-localhost: no* set.
 Andreas Pflug
04:51 AM Bug #4407: unbound advanced settings broken
What advanced settings? This is just not true in general. Prefix the custom options with server: as noted on the bug ... Kill Bill
03:25 AM Bug #4407: unbound advanced settings broken
If you have a patch change that works, it will be very easy for the devs if you make the edit at https://github.com/p... Phillip Davis
03:02 AM Bug #4407 (Rejected): unbound advanced settings broken
Same symptom as https://redmine.pfsense.org/issues/4090, but a different reason:
When domain overrides are set, an... Andreas Pflug
04:00 PM Feature #4411 (Resolved): add validation of Unbound advanced configuration
Something similar to dnsmasq's advanced config validation would be helpful for Unbound, to prevent users from creatin... Chris Buechler
02:51 PM Bug #4178: IPsec leftsubnet changed to 0.0.0.0 with Cisco unity plugin active
Probably that was because the strongswan setting was not being propagated to the plugin.
Now that strongswan was upd... Ermal Luçi
02:35 PM Bug #4389: gif0 tunnel for ipv6 using a carp-ip to the outside world stops working upon reboots and some config changes
Copied interfaces.inc and system.inc to my 2.2 box and seems to work alright now..
Without daily snapshots online,... Pi Ba
01:30 PM Bug #4389: gif0 tunnel for ipv6 using a carp-ip to the outside world stops working upon reboots and some config changes
Applied in changeset commit:b65de5585bb7bffe06750c712b399cd4da10052c. Ermal Luçi
01:30 PM Bug #4389: gif0 tunnel for ipv6 using a carp-ip to the outside world stops working upon reboots and some config changes
Applied in changeset commit:2de650f6117f4b80c3db4f9b46ad83d75d5b9130. Ermal Luçi
01:28 PM Bug #4389 (Feedback): gif0 tunnel for ipv6 using a carp-ip to the outside world stops working upon reboots and some config changes
Ok should be fixed by the commit i pushed.
Can you please confirm as well?
This seems to be a bug since 2.1++ Ermal Luçi
02:30 PM Bug #4390: Cannot create an IP alias on a CARP interface where the actual Interface address is in a different network
Applied in changeset commit:810b36ac0c363c21ea2f1b963f2c1be142fc59a2. Ermal Luçi
02:17 PM Bug #4390 (Feedback): Cannot create an IP alias on a CARP interface where the actual Interface address is in a different network
It behaves correctly with the applied patch. Ermal Luçi
09:46 AM pfSense Packages Bug #4409 (Resolved): Tincd not starting on pfSense 2.2
Hello,
i had troubles getting tinc daemon to work in 2.2, after some investigation I had to do:
ln -s /usr/loc... Raimund Sacherer
09:12 AM Revision 01c155f2: Random text typos
and I "corrected" function names that had "_choosen_" in them.
That is not technically an error - function names do n... Phil Davis
09:04 AM Revision 302cb96e: Check if notification is disabled
in send_smtp_message()
Other packages like arpwatch sm.php and cron job output as reported in forum https://forum.pfs... Phil Davis
09:04 AM Revision 33649526: Merge pull request #1480 from phil-davis/patch-1
Renato Botelho
09:02 AM Revision 1444c08e: Random text typos
that I noticed. Phil Davis
09:01 AM Revision c70002be: Merge pull request #1482 from phil-davis/CP-text-typos
Renato Botelho
09:00 AM Revision 4ab7f8f4: Fix typo in class in bridge edit
Fixing this makes nice little pencil icons appear in front of the text
entry fields. Phil Davis
09:00 AM Revision ef8182ca: Merge pull request #1483 from phil-davis/formfld-unknown
Renato Botelho
08:59 AM Revision 079b0e20: Remove unset variable, spotted by phil-davis
Renato Botelho
08:59 AM Revision 5132312f: Remove unset variable, spotted by phil-davis
Renato Botelho
08:34 AM Bug #4408: Changes to DHCP-services crashes GUI and DHCP daemon when many leases are in use
If I disable DHCP failover everything works perfectly. Lars Jorgensen
08:22 AM Bug #4408 (Closed): Changes to DHCP-services crashes GUI and DHCP daemon when many leases are in use
I have the DHCP service running on five interfaces and a good amount of leases (I would guess around 1,000 or more at... Lars Jorgensen
07:45 AM Revision b3aacd59: rrset-cache-size should == 2 * msg-cache-size. Ticket #4367
Chris Buechler
07:44 AM pfSense Packages Bug #4198: lightsquid doesn't work, perl is missing
I saw that yesterday, thank you! Cino .
07:42 AM pfSense Packages Bug #4198 (Feedback): lightsquid doesn't work, perl is missing
I pushed a fix for this yesterday. Perl is there but the package couldn't find it. Works for me now in testing. Jim Pingle
07:43 AM Revision 2597415b: rrset-cache-size should == 2 * msg-cache-size. Ticket #4367
Chris Buechler
07:28 AM Revision 0c6db320: Fix typo in class in bridge edit
Fixing this makes nice little pencil icons appear in front of the text
entry fields. Phil Davis
07:14 AM Revision 24cbfd5a: Check if Unbound is enabled and using the same port before allowing dnsmasq to be enabled. part of Ticket #4332
Chris Buechler
07:13 AM Revision 06e847a7: Check if Unbound is enabled and using the same port before allowing dnsmasq to be enabled. part of Ticket #4332
Chris Buechler
07:07 AM Revision f416763b: Random text typos
that I noticed. Phil Davis
03:42 AM Bug #4401: remove xen netfront driver until it can handle altq
Is there a way to disable xen detection while booting?
I had to remove traffic shaping from my local pfsense and now... Grischa Zengel
03:21 AM Bug #4401: remove xen netfront driver until it can handle altq
xn0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=3<RXCSUM,TXCSUM>
ether be:f5:19... Chris Linstruth
02:12 AM Bug #4402 (Confirmed): Unbound: enable harden-glue by default and/or apply patch
Part of this was fixed in the default config yesterday (harden-glue is now enabled by default). We'll also add config... Chris Buechler
02:10 AM Bug #4406 (Confirmed): ALTQ problems with wireless cloned interfaces
ath(4) does have ALTQ support, but its cloned interfaces end up unable to use it. ... Chris Buechler
01:57 AM Bug #4237: Error "macro IPsec not defined" once after firmware upgrade
still no other reports of this. will leave for feedback for now. Chris Buechler
01:55 AM Bug #4268 (Confirmed): changes in strongswan config don't apply to SAD or SPD
It causes a wide range of problems for people. We've already seen several people report IPsec changes not applying be... Chris Buechler
01:46 AM Bug #4367 (Feedback): Incorrect rrset-cache-size in unbound.conf
that was apparently an oversight, thanks for catching. It should be fixed with what I just committed, which sets rrse... Chris Buechler
01:29 AM Bug #4329: OpenVPN Server returns an error message while validating selfsigned certificate with a deep of 2
... Armin Tueting
01:27 AM pfSense Packages Bug #4222: Update to 2.2 RC breaks domU
Douglas Haber wrote:
> Maybe a hook should be added then in the web UI to say, "hey, Xen detected, please make sure ... Chris Buechler
12:14 AM Bug #4397 (Confirmed): MTU must be set in same ifconfig command as IP
setting the MTU before setting the IP doesn't behave any differently. The MTU must be appended to the ifconfig comman... Chris Buechler
12:05 AM Bug #4375 (Rejected): Kernel Crash
this is a hardware-specific issue of some sort, not an issue in our code. Judging by Ermal's analysis, ACPI seems lik... Chris Buechler

02/10/2015

11:57 PM Bug #4403 (Confirmed): Enabling SNMP causes kernel panic with APU with empty SD card slot
enough people have reported this that it's clearly an issue in some circumstance. I'm not sure what that circumstance... Chris Buechler
04:10 PM Bug #4403 (Resolved): Enabling SNMP causes kernel panic with APU with empty SD card slot
Hi Together,
i am not sure if this is a hardware problem, but basically i am using a PC Engines APU.1C(2GB) board ... Andreas Walther
11:04 PM Bug #4343 (Resolved): Firewall Log does not display logs for IGMP
fixed Chris Buechler
11:01 PM Bug #4318 (Resolved): gen_subnet_max returns incorrect result for 32 bit
fixed Chris Buechler
11:00 PM Bug #4308 (Closed): LAGG LACP defaults to strict mode in FreeBSD >= 10
It's best to leave as is, the upgrade and release notes describe how to work around pre-upgrade if necessary, and we'... Chris Buechler
02:34 PM Bug #4308: LAGG LACP defaults to strict mode in FreeBSD >= 10
The problem i think is that on FreeBSD 10 you have no tunnable to revert to 8.x behaviour.
That is only on HEAD. Ermal Luçi
09:07 PM Feature #4405 (In Progress): Traffic shaping doesn't work when applied to a bridge interface
Having two or more interfaces within a bridge, the traffic shaper doesn't work when applied to it. Traffic is seen on... Jorge Albarenque
08:14 PM Revision 1ee360aa: Fixes #4370 Use the curlies to not confuse php
Ermal Luçi
08:08 PM Revision 51e76899: Fixes #4370 Use the curlies to not confuse php
Ermal Luçi
07:50 PM Revision 8fa0a534: Actually fix even the openvpn auth user script with proper checks. I thought this was fixes already!
Ermal Luçi
07:50 PM Revision e85f3d1a: Actually fix even the openvpn auth user script with proper checks. I thought this was fixes already!
Ermal Luçi
07:47 PM Revision 22bca296: Fixes #4329, Fix even tls.auth script by using proper isset() test as the fixes for other authentication scripts.
Ermal Luçi
07:47 PM Revision ed56ce5a: Fixes #4329, Fix even tls.auth script by using proper isset() test as the fixes for other authentication scripts.
Ermal Luçi
07:41 PM Revision afb38815: Fixes #4397 Make mtu configuration before the ip address assignment. This fixes the issues of link routes having the wrong mtu configured on them.
Ermal Luçi
07:40 PM Revision 1ac5261f: Fixes #4397 Make mtu configuration before the ip address assignment. This fixes the issues of link routes having the wrong mtu configured on them.
Ermal Luçi
05:50 PM Revision 02376f6f: Check if notification is disabled
in send_smtp_message()
Other packages like arpwatch sm.php and cron job output as reported in forum https://forum.pfs... Phil Davis
05:20 PM Bug #4404 (Rejected): Fatal error when enabling IPSec
I have 3 boxes with pfSense 2.2 installed, and on one of them I get a fatal error when enable the checkmark "Enable I... Lars Juul
05:17 PM Bug #4389: gif0 tunnel for ipv6 using a carp-ip to the outside world stops working upon reboots and some config changes
Ok, reverted a test vm to factory defaults, then configured a simplified setup again it shows the same problem.
Sa... Pi Ba
02:21 PM Bug #4389: gif0 tunnel for ipv6 using a carp-ip to the outside world stops working upon reboots and some config changes
Can you provide your config.xml to have a way to reproduce this normally it should work as expected! Ermal Luçi
02:32 PM Bug #4401: remove xen netfront driver until it can handle altq
XN driver does not support ALTQ at all though it should not be hard to implement it.
 Ermal Luçi
06:21 AM Bug #4401 (Rejected): remove xen netfront driver until it can handle altq
Since 2.2 (freeBSD 10.1) pfsense always detect xen on booting and uses pv(hvm) drivers (xn#).
xn0 is unusable withou... Grischa Zengel
02:20 PM Bug #4370: ntpd does nothing with selected carp interfaces.
Applied in changeset commit:1ee360aaa9176d3287a7099abd47f95c4464ac23. Ermal Luçi
02:20 PM Bug #4370 (Feedback): ntpd does nothing with selected carp interfaces.
Applied in changeset commit:51e76899e66360dc9d8e35f68282c54ccd9a4759. Ermal Luçi
02:00 PM Bug #4329: OpenVPN Server returns an error message while validating selfsigned certificate with a deep of 2
Applied in changeset commit:22bca296dc3777bb872c7be460f09c3ff1177994. Ermal Luçi
02:00 PM Bug #4329: OpenVPN Server returns an error message while validating selfsigned certificate with a deep of 2
Applied in changeset commit:ed56ce5a1d12b5a065e2c375a182adc1b2d8f91d. Ermal Luçi
01:46 PM Bug #4329 (Feedback): OpenVPN Server returns an error message while validating selfsigned certificate with a deep of 2
Ok i pushed the proper fix for this.
Can you confirm it works for you as well? Ermal Luçi
01:58 PM Bug #4363 (Feedback): gpioapu causes kernel panic at boot on some hardware
gpioapu corrected to avoid comparison with NULL in strncmp. Ermal Luçi
01:50 PM Bug #4397: MTU must be set in same ifconfig command as IP
Applied in changeset commit:afb388159bc5a55d784404411ef1a7c7d22625a5. Ermal Luçi
01:50 PM Bug #4397: MTU must be set in same ifconfig command as IP
Applied in changeset commit:1ac5261fb0c96764526beb4d9928b9300094ac3e. Ermal Luçi
01:40 PM Bug #4397 (Feedback): MTU must be set in same ifconfig command as IP
I pushed a fix which make it work for me.
Can you please confirm?
Normally it is not necessary to have the mtu on... Ermal Luçi
01:41 PM Bug #4268 (Feedback): changes in strongswan config don't apply to SAD or SPD
For me this should be closed.
Setting in feedback for now. Ermal Luçi
01:02 PM Feature #3387: process_alias_urltable Frequency
rc.update_urltables accepts the parameter argv[1], and looks for the option now.
I've put in my crontab... Dave Minogue
11:39 AM Bug #2800: OpenVPN doesn't work properly with intermediate/chained CAs
Same broken behaviour in 2.2.
Adding the Root CA certificate to the Intermediate CA's certificate in System: Certi... Bernd Zeimetz
10:50 AM pfSense Packages Bug #4281 (Feedback): E-Mail Reports (mailreports package) Error With Multiple Graphs
Applied in changeset commit:b852b5cd883b3d059bc3744fc7b130531a5f20ed. Bryce Chidester
10:38 AM Bug #4393 (Feedback): syslogd stops and fails to restart during boot in some cases
I set the log file size low and ran some tests and still couldn't make it crash.
If someone else finds syslogd cra... Jim Pingle
08:13 AM Bug #4393: syslogd stops and fails to restart during boot in some cases
It looks like this fixed my issue. I had the log size set to 8192 thinking that it was in KB and realized that the f... Adam Esslinger
09:28 AM Bug #4402 (Resolved): Unbound: enable harden-glue by default and/or apply patch
DNS poisoning seems to be possible under 2.2 according to https://forum.pfsense.org/index.php?topic=87491.0.
Fix: ... Olivier Müller
09:09 AM Feature #4400: allow aliases to enter *.domain.com to block all subdomains
well one way possible would be to set domain overrides in dns resolver but the problem there is the override applies ... Bipin Chandra
08:52 AM Feature #4400 (Rejected): allow aliases to enter *.domain.com to block all subdomains
That is not possible. Entries must be resolved accurately to have their addresses placed into a table. There is no wa... Jim Pingle
05:56 AM Feature #4400 (Rejected): allow aliases to enter *.domain.com to block all subdomains
it would be better if aliases allowed to enter a * before domain in order to block all different subdomain ips for a ... Bipin Chandra
08:32 AM Bug #4392: OpenVPN daemon crashing with ath(4) card installed
the same instance is not always affected...its 2 of the 3 that have the issue. So I would log into the GUI and notic... Adam Esslinger
07:57 AM Todo #4353: Review IPsec reloading when strongswan.conf is changed
Yeah i have done this for mobile settings and some reports from the forum where the settings were not updated.
I w... Ermal Luçi
05:34 AM Bug #4371 (Feedback): Re-enable suhosin
It was re-enabled in 2012 in commit:c25197ba, is there anything else still missing? Renato Botelho
04:34 AM Revision 5ece44f7: touch up Unbound text
Chris Buechler
04:34 AM Revision 74ab379d: touch up Unbound text
Chris Buechler
04:33 AM Revision ccdaaec6: Update Unbound defaults
Chris Buechler
04:31 AM Feature #4399 (Closed): Expose more of the DNSSEC-related hardening options in the GUI
harden-referral-path - hardcoded to no in unbound.inc ATM; any very good reason for this? (Yeah, I did read the manpa... Kill Bill
04:28 AM Revision ef120e87: Update Unbound defaults
Chris Buechler
03:13 AM Bug #4398: Userlist - No sorting anymore
And what is this checkbox for in the first column?
You can select multiple users and then delete them with 1 click (... Phillip Davis
02:18 AM Bug #4398 (Resolved): Userlist - No sorting anymore
The Userlist in pfSense was changed in Version 2.2. Now there is no option sorting the user by name. Before a doublec... Stefan Flügger
12:36 AM Revision fb64f3aa: also add v6 IPs to hosts in the same manner v4 IPs are added. Ticket #4395
Chris Buechler
12:10 AM Revision f7dddc86: also add v6 IPs to hosts in the same manner v4 IPs are added. Ticket #4395
Chris Buechler

02/09/2015

11:52 PM Bug #4397 (Resolved): MTU must be set in same ifconfig command as IP
Where MTU on an interface is user-defined, the ifconfig command that assigns the IP and IPv6 addresses must include t... Chris Buechler
11:22 PM Feature #3199 (Resolved): Option to accumulate or not IP addresses in Alias table of FQDNs
this was done in 2.2-RELEASE (can't set that as target since it's closed). Chris Buechler
09:08 PM Todo #4353 (Confirmed): Review IPsec reloading when strongswan.conf is changed
this is excessive in at least some circumstances. The restart flushes the SAD so it will cause at least a brief outag... Chris Buechler
08:22 PM Revision 3d5e8dce: Use appropriate interface field description when working with floating rules, it was confusing and potentially incorrect for floating rule purposes.
Chris Buechler
08:20 PM Revision 758b51a0: Use appropriate interface field description when working with floating rules, it was confusing and potentially incorrect for floating rule purposes.
Chris Buechler
06:36 PM Bug #4395 (Feedback): /etc/hosts doesn't contain any local IPv6 addresses
it's always just put v4 in there, I added v6 in the same manner if it exists. Chris Buechler
09:19 AM Bug #4395 (Resolved): /etc/hosts doesn't contain any local IPv6 addresses
... Armin Tueting
05:48 PM pfSense Packages Bug #3344: Disable IPV6 Squid3 not run
the likely reason for this is your squid3 config requiring communication with localhost, and it picking v6 to try to ... Chris Buechler
02:50 PM pfSense Packages Bug #4391: Status | Services | nrpe2 | restart does not restart nrpe
Applied in changeset pfsense-packages:commit:909f0dfd8a1efc99c8392423123fdc0b3d88ffea. Renato Botelho
12:30 PM pfSense Packages Bug #4391 (Feedback): Status | Services | nrpe2 | restart does not restart nrpe
Applied in changeset pfsense-packages:commit:11375fe3e8826e02f7a5bec1f6a2d743060dbd76. Renato Botelho
01:22 PM pfSense Packages Bug #4386 (Closed): softflowd not generating flow data on pfsense 2.2
This doesn't seem to be anything specific to our package, but softflowd on FreeBSD 10.x (and likely 9.x) in general. ... Jim Pingle
12:26 PM Bug #4396: Lengthy unbound outage during restart when adding static DHCP leases
Update:
Affected version: 2.2 Release Elliott Quarles
12:22 PM Bug #4396 (Duplicate): Lengthy unbound outage during restart when adding static DHCP leases
When updating static DHCP leases the call to services_unbound_configure on the services_dhcp page causes a full rebui... Elliott Quarles
12:21 PM pfSense Packages Feature #4394: HAproxy and use ACLs from UI to perform a "block"/"http-request deny"
In the new >=0.17 package acl's are written before the user custom config, so acl's should be usable.
As for adding ... Pi Ba
12:10 PM pfSense Packages Bug #4324: HAproxy and SSL client certificate validation
There is no public 'development' repository to install developing packages from, however the official package reposit... Pi Ba
11:22 AM Revision 2b704ea9: Merge pull request #1469 from makkbe/master
Renato Botelho
11:21 AM Bug #4307 (Feedback): bacula-fd configuration is mangled
I just pushed a fix, there were some path issues in the config and startup script and such.
Seems to work OK here ... Jim Pingle
09:50 AM Revision 936bfd84: make computation of start of DHCPv6 range consistent with actual check
When computing the start IP for the 'available range' field,
services_dhcpv6.php attempts to increment a colon-format... Daniel Becker
09:49 AM Revision 09c7e42c: fix Net_IPv6::compress() to properly handle all-zeros address
The existing implementation of Net_IPv6::compress produces an empty
string when compressing the all-zeros ("::") addr... Daniel Becker
09:48 AM Revision 8fd42722: add dhcp6.name-servers option with DHCPD-PD regardless of PD length
The existing code only includes a v6 name server IP in the
automatically generated dhcpdv6 configuration for tracking... Daniel Becker

02/08/2015

09:33 PM Bug #4392 (Feedback): OpenVPN daemon crashing with ath(4) card installed
to get that log it has to be 2.2-something, I presume this is 2.2-RELEASE. Chris Buechler
09:33 PM Bug #4392: OpenVPN daemon crashing with ath(4) card installed
is it the same instance that's affected every time?
The log "OpenVPN ID server1 PID 22206 still running, killing"... Chris Buechler
07:41 PM Bug #4392 (Closed): OpenVPN daemon crashing with ath(4) card installed
I have OpenVPN with tunnels between 3 locations. Almost every day Ill look at the dashboard and it will show one on ... Adam Esslinger
09:03 PM pfSense Packages Bug #4324: HAproxy and SSL client certificate validation
Quick question, what is the proper way to install a development package?
The interface only allows me to install up ... Stéphane Lapie
09:02 PM pfSense Packages Feature #4394 (Resolved): HAproxy and use ACLs from UI to perform a "block"/"http-request deny"
HAproxy currently allows to define ACLs to redirect to specific backends, and to define several frontend -> backend r... Stéphane Lapie
08:12 PM Bug #4393: syslogd stops and fails to restart during boot in some cases
This typically happens when you have a corrupted log file. The first attempted write to said log file will crash sysl... Jim Pingle
08:00 PM Bug #4393 (Resolved): syslogd stops and fails to restart during boot in some cases
Sometimes after rebooting syslogd shows that it has crashed. Rebooting usually fixes the issue. Here is what I see i... Adam Esslinger
06:31 PM pfSense Packages Bug #4391: Status | Services | nrpe2 | restart does not restart nrpe
I have since done a kill -TERM and then reloaded: /status_services.php?mode=restartservice&service=nrpe2
This star... Dan Langille
06:28 PM pfSense Packages Bug #4391: Status | Services | nrpe2 | restart does not restart nrpe
What's in /var/run/nrpe2.pid ? Is the the current PID? If you killall -9 nrpe2; rm /var/run/nrpe2.pid, and then star... Jim Pingle
06:17 PM pfSense Packages Bug #4391 (Resolved): Status | Services | nrpe2 | restart does not restart nrpe
On pfSense 2.2, I am unable to restart nrpe2
I click through: Status | Services | nrpe2 | restart service.
The ... Dan Langille
02:00 PM Bug #4390 (Resolved): Cannot create an IP alias on a CARP interface where the actual Interface address is in a different network
I have configured the WAN IP addresses to be private addresses (i.e. in the 10.0.254.0/30 network) so that I can pres... Xuridisa Support
10:58 AM Bug #4326: Limiters on firewall rules where NAT applies drop all traffic
Nope! Stays at 0 throughout.... Adam Hirsch
02:38 AM Bug #3395: DHCPv6 client pass rules need to come before bogons
Yes, this yet again got broken. Kill Bill

02/07/2015

10:26 PM Bug #3395: DHCPv6 client pass rules need to come before bogons
I am experiencing this issue with v2.2. Rules look like this:... Paul K
06:07 PM Bug #4389 (Resolved): gif0 tunnel for ipv6 using a carp-ip to the outside world stops working upon reboots and some config changes
gif0 tunnel for ipv6 using a carp-ip to the outside world stops working upon reboots and some config changes
I fou... Pi Ba
06:04 PM pfSense Packages Bug #4388 (Duplicate): Squid exits when listening on port 800
Squid 3.4.10_2 pkg 0.2.6 running on 2.2 Release AMD64
After changing the port that the proxy listens on from 3128 to... Vincent Bentley
06:02 PM pfSense Packages Bug #4324: HAproxy and SSL client certificate validation
Could you checkout 0.17 package?(or perhaps 0.18) I've changed the 'none' CA to a separate checkbox which probably ma... Pi Ba
05:03 PM Bug #4387 (Resolved): Installer does not offer choices for keymap, screenmap or video font
The 2.2 Release AMD64 CD Installer does not provide any choices for keymap, screenmap or video font. Only '(default)'... Vincent Bentley
01:08 PM pfSense Packages Bug #4386 (Closed): softflowd not generating flow data on pfsense 2.2
I used to run pfsense 2.1 on several machines, all of which sent NetFlow data to a PRTG collector without any problem... Max Frames
12:57 PM Bug #4385 (Rejected): hostname dots
that is by design because of how it's used for registration of static mappings in the DNS Resolver/Forwarder. Allowin... Chris Buechler
07:07 AM Bug #4385: hostname dots
Uh. No.
http://tools.ietf.org/html/rfc952
http://tools.ietf.org/html/rfc1123#page-13
etc. etc. etc. Kill Bill
05:56 AM Bug #4385 (Rejected): hostname dots
2.2-RELEASE (amd64), built on Thu Jan 22 14:03:54 CST 2015, FreeBSD 10.1-RELEASE-p4
This might seem like a feature... Wouter Snels
04:28 AM Revision 6d5d9658: fix up text
Chris Buechler
04:28 AM Revision 5cb2a425: fix up text
Chris Buechler

02/06/2015

10:32 PM Bug #4384 (Resolved): missing input validation in captive portal
services_captiveportal.php is missing input validation that allows creating invalid configurations, including ones th... Chris Buechler
05:12 PM pfSense Packages Bug #3344: Disable IPV6 Squid3 not run
Gilmar Cabral You are right man, your post helped me today means after one year you posted it...
i have been in thi... Malik Mazhar
04:07 AM Bug #4383 (Resolved): Firewall log contains IGMP for rules that do not have logging on
Example: https://forum.pfsense.org/index.php?topic=88029.msg486945#msg486945
 Phillip Davis

02/05/2015

09:09 PM Revision e4610d66: remove CGN from "Block private networks" as it was in 2.0x and earlier
releases since it specifically notes RFC 1918 and CGN is more bogon.
Ticket #4379 Chris Buechler
07:47 PM Revision 2dfe7846: remove CGN from "Block private networks" as it was in 2.0x and earlier
releases since it specifically notes RFC 1918 and CGN is more bogon.
Ticket #4379 Chris Buechler
07:41 PM Revision bb8a30c2: Fixes #4381 this was a leftover of the change of zoneids to start from 2.
Ermal Luçi
07:41 PM Revision 8b4c7ed1: Fixes #4381 this was a leftover of the change of zoneids to start from 2.
Ermal Luçi
05:16 PM Bug #4379: Remove CGN (RFC6598) address space from "private networks"
Yes, of course. I think we don't understand each other. I can trivially create a RFC1918 alias and place that rule wh... Kill Bill
05:09 PM Bug #4379: Remove CGN (RFC6598) address space from "private networks"
Bogons and block private only applies to traffic sourced on the WAN in question. Where you're on CGN, you pretty much... Chris Buechler
05:01 PM Bug #4379: Remove CGN (RFC6598) address space from "private networks"
I'm not using either of these, so I pretty much don't care either way, but... fixing the description and nuking this ... Kill Bill
03:08 PM Bug #4379 (Resolved): Remove CGN (RFC6598) address space from "private networks"
since block private specifically says RFC 1918, it's more valid as bogon than private, I removed it from private. Chris Buechler
12:34 PM Bug #4379 (Resolved): Remove CGN (RFC6598) address space from "private networks"
No need to filter this in both places, this is really the same thing like RFC1918 ranges.
Forum thread: https://fo... Kill Bill
02:52 PM Revision 20078775: Merge pull request #1458 from xbipin/patch-4
Renato Botelho
02:19 PM Feature #4382 (Resolved): Add syslogd as a service under Status > Services
As requested at Bug #4380 - currently there's no way to track the status of syslogd service and/or start/stop/restart... Kill Bill
01:55 PM pfSense Packages Bug #4380: syslogd missing from Service Watchdog
Not a bug per se but a feature request. You can submit a feature request to add syslogd as a service under Status > S... Jim Pingle
01:52 PM pfSense Packages Bug #4380: syslogd missing from Service Watchdog
Yes, so it's not a problem with the package, but with the base system. Should I file the bug about the same thing und... Kill Bill
01:40 PM pfSense Packages Bug #4380: syslogd missing from Service Watchdog
It was rejected because it's not the purpose of this package to track the services itself. The services are defined b... Jim Pingle
01:31 PM pfSense Packages Bug #4380: syslogd missing from Service Watchdog
Kinda don't get why is this rejected. (Oh, and please, don't get me started with "delete the logs", not interested in... Kill Bill
01:27 PM pfSense Packages Bug #4380 (Rejected): syslogd missing from Service Watchdog
It uses the service list provided by the firewall. Same as Status > Services. Adding a service just to the package wo... Jim Pingle
01:20 PM pfSense Packages Bug #4380 (Rejected): syslogd missing from Service Watchdog
No idea why it's not there. Certainly would be nice to have it when things go wrong, such as Bug #4352 or https://for... Kill Bill
01:50 PM Bug #4381: Bring back the automatic captive portal pass rule to allow users to reach lighttpd on the proper captive portal port
Applied in changeset commit:bb8a30c23b04d8332e8d4fccf15ed91d950cda2b. Ermal Luçi
01:50 PM Bug #4381 (Feedback): Bring back the automatic captive portal pass rule to allow users to reach lighttpd on the proper captive portal port
Applied in changeset commit:8b4c7ed15cdde2e49cfce5f96990ba1dbb2a9fd0. Ermal Luçi
01:37 PM Bug #4381: Bring back the automatic captive portal pass rule to allow users to reach lighttpd on the proper captive portal port
Update:
The rule is there but broken, pointing to the wrong port numbers, for example:
/tmp/rules.debug has:
<... Jim Pingle
01:31 PM Bug #4381 (Resolved): Bring back the automatic captive portal pass rule to allow users to reach lighttpd on the proper captive portal port
pfSense 2.1.x had an automatic captive portal pass rule to allow users to reach the portal daemon, this automatic rul... Jim Pingle
01:14 PM Bug #4341: strongSwan fails to re-attach dynamic IPs where interfaces_use specified
Same issue using a DHCP wan with Kabeldeutschland Cable ISP using a dynamic IP and the other node using a PPP wan wit... Jan-Hendrik Wittke
01:09 PM Bug #4341: strongSwan fails to re-attach dynamic IPs where interfaces_use specified
Same issue one Box using a PPP wan with O2/Alice ISP using a dynamic IP and other Box using DHCP with Kabeldeutschlan... Jan-Hendrik Wittke
10:10 AM Revision ec1d66cc: Use web-gui setting for pap or chap instead of having it hard-coded to chap.
Sebastian Öhman
10:10 AM Revision 42c57d69: Merge pull request #1472 from bassebaba/master
Renato Botelho
09:48 AM Revision 8f637a0c: Merge pull request #1455 from xbipin/patch-2
Renato Botelho
09:41 AM Revision d06f9ebe: Use web-gui setting for pap or chap instead of having it hard-coded to chap.
Sebastian Öhman
09:11 AM Revision ee874f47: remove empty values
remove empty values Bipin Chandra
08:59 AM Bug #3997: get_interface_ip() returns first IP on interface, not necessarily primary IP
Oh, and bridges and gateway config: https://gist.github.com/MikeN123/22d50fa3d37834b9659a Mike Noordermeer
08:56 AM Bug #3997: get_interface_ip() returns first IP on interface, not necessarily primary IP
Interfaces config, slightly censored: https://gist.github.com/MikeN123/009bc5fb76347663e448
Virtual IP config, sli... Mike Noordermeer
07:39 AM Bug #3997: get_interface_ip() returns first IP on interface, not necessarily primary IP
Can you share your interfaces config or all of it so i can replicate that? Ermal Luçi
04:33 AM Bug #3997: get_interface_ip() returns first IP on interface, not necessarily primary IP
2.1.5 and 2.2.0. After reboot the VIP becomes the primary IP, and all outbound traffic and firewall rules referencing... Mike Noordermeer
04:31 AM Bug #3997: get_interface_ip() returns first IP on interface, not necessarily primary IP
On which scenario and which version this happens? Ermal Luçi
03:57 AM Bug #3997: get_interface_ip() returns first IP on interface, not necessarily primary IP
Just FYI, I have a bridge interface with x.x.x.106 as primary IP, and an IP alias x.x.x.105. This fails consistently,... Mike Noordermeer
07:57 AM Bug #4378 (Resolved): editing one of multiple pppoe connections with dial on demand enabled changes port assignment
Where you have dial on demand enabled on PPPoE, and have multiple PPPoE connections, saving on interfaces.php after m... Bipin Chandra
07:51 AM Bug #4377 (Rejected): pfSense boot freezes after restart in QEMU/KVM
pfSense virtual machine freezes after reboot at
@usbus0: 12Mbps Full Speed USB v1.0@
qemu proc contains :
@-... Stanislav Yanchev
06:29 AM pfSense Packages Bug #4376 (Closed): Squid3 Squidguard3 Stability Problems
Hi
Pfsense.2.2 also squid3 3 the stability and squidGuard3 squidGuard3 is experiencing problems, especially after 3... Landforces turkuaz
05:41 AM Revision b997da8b: upgrade config
upgrade config code so old entries not lost during upgrade Bipin Chandra
04:47 AM Revision e5e3216e: Add RTMP to the Traffic Shaper
Talyrius Bekhesh
03:53 AM Bug #4375: Kernel Crash
So solution is disable acpi in bios ? or what we can do. N.Selim GUNER
02:26 AM Bug #4375: Kernel Crash
I think this is because of acpi being enabled by default now. Ermal Luçi
01:19 AM Bug #4375: Kernel Crash
Jetway Mini ITX NF9D 2550 Board N.Selim GUNER
01:16 AM Bug #4375 (Rejected): Kernel Crash
Upgrading 2.1.5 or new install same crash. N.Selim GUNER
03:38 AM Bug #4266: Rekeying issues with IKEv1 and multiple P2s under some circumstances
Also this issue on redmine https://wiki.strongswan.org/issues/431 recommends reauth = no for IKEv2 for IKEv1 not sure... Ermal Luçi
03:34 AM Bug #4266: Rekeying issues with IKEv1 and multiple P2s under some circumstances
Also looking at this thread http://comments.gmane.org/gmane.network.vpn.strongswan.user/2055
It can be a solution to... Ermal Luçi
02:53 AM Bug #4326: Limiters on firewall rules where NAT applies drop all traffic
Does net.inet.ip.dummynet.io_pkt_drop increase during this time? Ermal Luçi
12:43 AM Feature #4374 (New): Add timestamps to notification e-mails
It would sometimes be useful to have timestamps in the body of the e-mail itself. E-Mail transmission is not always r... Michel Zehnder
12:42 AM pfSense Packages Bug #4373: pfBlockerNG: IPv4 aliases are not preserved when upgrading package
Ah, my bad. I got used to original pfBlocker and it's behavior ... didn't expected it to change. Thanks for clarifica... Dmitriy K

02/04/2015

06:23 PM Revision cdcf197b: Fixed not being able to save custom and custom-v6 dyndns
entries due to "host" being posted empty, and thus failing
is_domain() check. Tuyan Ozipek
06:23 PM Revision 68f7662b: Merge pull request #1466 from tuyan/master
Renato Botelho
06:22 PM Revision a912dd7d: Firmware upgrade script text changes
while I am looking at this, might as well correct these.
No function problems or impact. Phil Davis
06:22 PM Revision 13685ab5: Merge pull request #1470 from phil-davis/patch-1
Renato Botelho
06:07 PM Bug #4149: Register DHCP leases in DNS forwarder broken
Now on 2.2, the bug is still present:
Feb 4 20:40:44 dhcpd: Unable to add forward map from linehead.ozone.caligrafi... Anonymous
05:38 PM Revision 62657a7f: Fix restartipsec command line script.
Jim Pingle
05:36 PM Revision 01f3438e: Fix restartipsec command line script.
Jim Pingle
02:46 PM Revision 68716545: Fixes #3669 Handle properly recording of the ipv6 interface new ip and do not issues commands that cannot succeed.
Ermal Luçi
02:46 PM Revision 322cc018: Fixes #3669 Handle properly recording of the ipv6 interface new ip and do not issues commands that cannot succeed.
Ermal Luçi
12:46 PM pfSense Packages Bug #4373: pfBlockerNG: IPv4 aliases are not preserved when upgrading package
This is not a bug.
The text beside the pfBlockerNG Enable Checkbox in the General Tab, is as follows
*"Note - w... BBcan177 .
03:12 AM pfSense Packages Bug #4373 (Resolved): pfBlockerNG: IPv4 aliases are not preserved when upgrading package
After upgrading 1.01 to 1.02 I've lost all IPv4 tab aliases. Dmitriy K
10:27 AM Bug #4344: package (re)installation loop after upgrading from 2.1.5-RELEASE to 2.2-RELEASE
*FYI*
there's another package that was reported as unable to be 100% reinstalled after the upgrade procedure from 2.... Vinícius Zavam
10:20 AM Bug #4344: package (re)installation loop after upgrading from 2.1.5-RELEASE to 2.2-RELEASE
Vinícius Zavam wrote:
> *Piba-NL*'s (##pfsense@freenode) pointed out that would be nice to try this procedures:
> *... Vinícius Zavam
10:14 AM Revision 1f97f379: In last case, use dmesg.boot do detect ALIX boards when hw.model is not enough
Renato Botelho
10:14 AM Revision 6d043a1d: In last case, use dmesg.boot do detect ALIX boards when hw.model is not enough
Renato Botelho
09:52 AM Bug #4326: Limiters on firewall rules where NAT applies drop all traffic
I can verify that turning off reply-to doesn't seem to make a difference, here:
The rule:... Adam Hirsch
09:43 AM Revision 0fcf26e4: Silent kenv when smbios.system.product is not present. While here, add VirtualBox to the list of virtualenvs
Renato Botelho
09:43 AM Revision 7e36f71c: Silent kenv when smbios.system.product is not present. While here, add VirtualBox to the list of virtualenvs
Renato Botelho
09:00 AM Bug #3669: WAN IPs not being cached causing unnecessary "rc.start_packages: Restarting/Starting all packages"
Applied in changeset commit:68716545c5fde880d7a22cd9b13b901d01ccb561. Ermal Luçi
09:00 AM Bug #3669: WAN IPs not being cached causing unnecessary "rc.start_packages: Restarting/Starting all packages"
Applied in changeset commit:322cc0188107e8b8ca912511915e71334fe4089b. Ermal Luçi
08:45 AM Bug #3669 (Feedback): WAN IPs not being cached causing unnecessary "rc.start_packages: Restarting/Starting all packages"
Thank you for the persistence.
Merged a better/modified version of the fix suggested here. Ermal Luçi
02:18 AM Revision 695b6d08: Firmware upgrade script text changes
while I am looking at this, might as well correct these.
No function problems or impact. Phil Davis

02/03/2015

11:21 PM Bug #4326: Limiters on firewall rules where NAT applies drop all traffic
I haven't had a chance to get back to testing this scenario yet, but will soon. Seems like it may not be specific to ... Chris Buechler
10:39 PM Bug #4326: Limiters on firewall rules where NAT applies drop all traffic
Have we confirmed if having reply-to enabled or disabled affects if the limiter works correctly? As well, what about... Travis Kreikemeier
09:48 PM pfSense Packages Bug #4282 (Resolved): Vnstat2 1.11 Does Configuration Parser Error
thanks for the confirmation Paul, and Jim and Bryce for fixing. Others have confirmed fixed as well. Chris Buechler
07:57 PM pfSense Packages Bug #4282: Vnstat2 1.11 Does Configuration Parser Error
Tested on v2.2 amd64 full install.
Removed existing version, made sure nothing but settings are left behind and in... Paul K
02:24 PM pfSense Packages Bug #4282 (Feedback): Vnstat2 1.11 Does Configuration Parser Error
Update the package and try again, I pushed some fixes earlier today. It works for me in testing here. Jim Pingle
08:10 PM Feature #4372 (Closed): dnscrypt support
It'd be nice to have dnscrypt support built-in so people don't need hacks like
https://docs.google.com/document/d/1B... Chris Buechler
08:07 PM Bug #4371 (Resolved): Re-enable suhosin
We had to drop suhosin when moving to PHP 5.4 as it wasn't compatible at the time and its development had stalled. Th... Chris Buechler
07:25 PM Revision f8b5f41d: Merge remote-tracking branch 'upstream/master'
McB
07:21 PM Revision 68fde79c: Fixed alignment issue.
McB
07:17 PM Revision 197cf433: Added DynDNS support for GleSYS API (www.glesys.com).
McB
06:54 PM Revision 98b3de78: fix responder-only IPsec text
Chris Buechler
06:54 PM Revision d7f4c1a4: fix responder-only IPsec text
Chris Buechler
04:44 PM Bug #4310 (Feedback): Limiters + HA results in hangs on secondary
Patch committed. Ermal Luçi
04:31 PM Bug #4370 (Resolved): ntpd does nothing with selected carp interfaces.
ntpd does nothing with selected carp interfaces.
When only carp ip's are selected for ntpd to listen on the config '... Pi Ba
10:44 AM Bug #4344: package (re)installation loop after upgrading from 2.1.5-RELEASE to 2.2-RELEASE
*Piba-NL*'s (##pfsense@freenode) pointed out that would be nice to try this procedures:
* clear installation's lock;... Vinícius Zavam
08:14 AM pfSense Packages Bug #4369 (Resolved): patch fetching doesn't work if pfsense is behind proxy
Hello,
while i was testing a patch (Bug #4238) i noted that the fetch doesn't work.
Issuing a packet caputure while... Anonymous
07:25 AM Feature #809: Config sync username change
The bug is still here in version 2.2 64bit.
The "Remote System Username" field into Firewall->Virtual IP->CARP Set... Antoine Rodriguez
03:32 AM Revision adf17d4f: fix text
Chris Buechler
03:32 AM Revision e829fcbb: fix text
Chris Buechler
02:51 AM pfSense Packages Feature #4368 (Closed): [Unbound] Allow customized root.hints
... Armin Tueting
12:02 AM pfSense Packages Bug #4324: HAproxy and SSL client certificate validation
Just reporting another little very minor thing, I am testing the latest version for which you added ACL negation and ... Stéphane Lapie

02/02/2015

08:55 PM Bug #4367: Incorrect rrset-cache-size in unbound.conf
unbound.conf is generated by back-end code in /etc/inc/unbound.inc
Search for rrset_cache_size and rrset-cache-siz... Phillip Davis
04:43 PM Bug #4367 (Resolved): Incorrect rrset-cache-size in unbound.conf
In /usr/local/www/services_unbound_advanced.php is missing code responsible for setting correct value for rrset-cache... Juraj Binka
07:36 PM Revision bfcb1e4a: Allow IPseec clients to properly connect and not stomp over each other. Reported-by https://forum.pfsense.org/index.php?topic=87980.0
Ermal Luçi
07:36 PM Revision 034a23f0: Allow IPseec clients to properly connect and not stomp over each other. Reported-by https://forum.pfsense.org/index.php?topic=87980.0
Ermal Luçi
07:28 PM pfSense Packages Bug #4324: HAproxy and SSL client certificate validation
No, I haven't. In my production settings, I am only using "ssl_c_used" since I can guarantee for sure we are in a TLS... Stéphane Lapie
06:02 PM pfSense Packages Bug #4324: HAproxy and SSL client certificate validation
Thanks for reporting this, my suspicion is that 'ssl_c_used ssl_c_verify 0' would be enough for all cases.
Have yo... Pi Ba
05:28 PM Revision 4520b2d2: Fix aliases popup width when fields are hidden when page is loaded. It should fix #4238
Renato Botelho
05:28 PM Revision 6672609b: Fix aliases popup width when fields are hidden when page is loaded. It should fix #4238
Renato Botelho
04:46 PM Revision cd214f4b: Properly calculate the 6rd default gateway honoring netmasks other than /32
Ermal Luçi
04:46 PM Revision 5e964cfd: Properly calculate the 6rd default gateway honoring netmasks other than /32
Ermal Luçi
03:51 PM Feature #4366: Namecheap Dynamic DNS updates fail on subdomain formatted domains
Formatting removed the {@} symbol
{@}.sub.domain.com Trel S
03:48 PM Feature #4366 (Resolved): Namecheap Dynamic DNS updates fail on subdomain formatted domains
The domain in question is in the format
sub.domain.com
I need to update the @ record for this domain.
So, it's b... Trel S
03:46 PM Revision f2b769d0: Fixed not being able to save custom and custom-v6 dyndns
entries due to "host" being posted empty, and thus failing
is_domain() check. Tuyan Ozipek
01:19 PM Revision 315d866c: Merge remote-tracking branch 'origin/master'
Sjon Hortensius
11:37 AM Bug #4365 (Resolved): ALTQ Traffic Shaping is not working in pfSense 2.2 when run on Hyper-V 2012 R2
Using pfSense 2.2 release on Hyper-V 2.2 with regular network adapters (not legacy adapters), HFSC queues can be set ... Aaron Smith
11:30 AM Bug #4238: Firewall rule: source port display issue
Applied in changeset commit:4520b2d2b70caa48813f73f89ef5b9c942ea5b25. Renato Botelho
11:30 AM Bug #4238 (Feedback): Firewall rule: source port display issue
Applied in changeset commit:6672609b90a8e60a13ca471a3ad3e054eca542bd. Renato Botelho
11:28 AM Revision c6c71b36: fix indent
fix indent Bipin Chandra
10:08 AM Bug #3669 (New): WAN IPs not being cached causing unnecessary "rc.start_packages: Restarting/Starting all packages"
Let me double check this issue again. Ermal Luçi
05:11 AM Bug #3669: WAN IPs not being cached causing unnecessary "rc.start_packages: Restarting/Starting all packages"
Whilst this ticket has been marked resolved, the second part of the fix relating to /etc/rc.newwanipv6 has never been... David Burns
09:01 AM Revision 1c4540dc: Ticket #4353 fix typo on unset var spotted-by: Phil Davis
Ermal Luçi
09:01 AM Revision 42275e69: Ticket #4353 fix typo on unset var spotted-by: Phil Davis
Ermal Luçi
07:56 AM Revision b82159a6: Unbound domain override IP:port validation
The domain override is IP:port is invalid if either the IP address OR port is invalid.
Previously you could put an in... Phil Davis
07:56 AM Revision e67c5bee: Merge pull request #1457 from phil-davis/patch-2
Renato Botelho
07:55 AM Revision 2cf35754: speedup 'function is_port($port)' speed by skipping calls to getservbyname when possible
Pi Ba
07:55 AM Revision 2b8353ba: Merge pull request #1459 from PiBa-NL/speedup_is_port
Renato Botelho
07:54 AM Revision 87549136: Remove latin-1 encoding of RSS feed
Many thanks to Gertjan in forum https://forum.pfsense.org/index.php?topic=87504.msg484017#msg484017
Specifically sett... Phil Davis
07:54 AM Revision b2b1822b: Merge pull request #1465 from phil-davis/patch-1
Renato Botelho
07:00 AM Bug #4364 (Duplicate): cannot change or set keymap during and after install
No keymap file is present on pfsense 2.2 64bit so, when installing : no keymap selection is available.
After havin... Antoine Rodriguez
06:41 AM Bug #4362 (Resolved): RSS widget - broken character encoding due to forcing latin-1
Renato Botelho
06:00 AM Bug #4362: RSS widget - broken character encoding due to forcing latin-1
This is fixed with rev. 87549136 / rev. 8820a3aa close please. Kill Bill
03:55 AM Bug #4274: Marking a packet with only a number results in a broken rule
Just wanted to say I've verified this works. Thanks so much for the quick response. Jonathan Dieter
02:40 AM Revision 8820a3aa: Remove latin-1 encoding of RSS feed
Many thanks to Gertjan in forum https://forum.pfsense.org/index.php?topic=87504.msg484017#msg484017
Specifically sett... Phil Davis

02/01/2015

08:12 PM Bug #4363 (Resolved): gpioapu causes kernel panic at boot on some hardware
At least two people have reported issues with 2.2-RELEASE not booting on their hardware, stopping with a kernel panic... Chris Buechler
03:28 PM Bug #4297: Squid unable to listen on port inferior to 1024
Chris,
This is a bug and you can see in the forums that other users are having the same problem.
Yes, I do need t... Rody Lopez
11:55 AM Revision 0453eb6e: Converted Misc & Notifications
Sjon Hortensius
11:22 AM pfSense Packages Bug #4282: Vnstat2 1.11 Does Configuration Parser Error
It's just waiting on one of use to have enough time to test it to make sure it works and also doesn't break 2.1.x. Jim Pingle
01:08 AM pfSense Packages Bug #4282: Vnstat2 1.11 Does Configuration Parser Error
me too agree its completely broken and the patch provided by bryce needs to be merged Bipin Chandra
10:44 AM Revision f9a9fb78: Converted system_advanced_network
Sjon Hortensius
10:29 AM Revision 9aa48e62: Select - update name to name[] when multiple=true
Sjon Hortensius
10:28 AM Revision 4b6f8c8d: updated last incorrect _POST references
Sjon Hortensius
09:45 AM Feature #4354: Allow dpinger to ping more than one destination for a gateway.
I've got 2 poor internet connections and use apinger to switch as need be and as of 2.2rc this is no longer a reliabl... Michael Kellogg
05:08 AM Feature #4354: Allow dpinger to ping more than one destination for a gateway.
we're probably going to re-write apinger for 2.3 Jim Thompson
04:59 AM Feature #4354: Allow dpinger to ping more than one destination for a gateway.
See feature request https://redmine.pfsense.org/issues/1189
Various people have discussed this over the years - nobo... Phillip Davis
07:33 AM Revision 63072a7f: need $g here so product_name is set in user agent
Chris Buechler
07:33 AM Revision b051f148: need $g here so product_name is set in user agent
Chris Buechler
06:19 AM Bug #4238: Firewall rule: source port display issue
Bipin Chandra wrote:
> i checked and doesnt seem any issue in port forwarding ports, try clearing your browser cache... Anonymous
05:57 AM Bug #4362 (Resolved): RSS widget - broken character encoding due to forcing latin-1
See https://forum.pfsense.org/index.php?topic=87504.msg484017#msg484017 for cause and fix. Kill Bill

01/31/2015

11:12 PM pfSense Packages Bug #4282: Vnstat2 1.11 Does Configuration Parser Error
Here is a quick fix that you can apply to get it working until patch is merged.
64-bit run: ln -sf /usr/local/etc/... Paul K
01:19 PM pfSense Packages Bug #4282: Vnstat2 1.11 Does Configuration Parser Error
Is there a status update to when the pull request will be accepted, as it stands right now VNSTAT2 package is complet... Disk1of5 NA
10:30 PM Revision 76a9ad94: Add input validation to prevent the use of AES > 128 where glxsb is enabled. Ticket #4361
Chris Buechler
10:30 PM Revision 69aeef21: Add input validation to prevent the use of AES > 128 where glxsb is enabled. Ticket #4361
Chris Buechler
06:49 PM Revision 87808568: Fixes #4360 allow marking a connection as responder only, the same behviour as mobile connections
Ermal Luçi
06:49 PM Revision fdc9ac09: Fixes #4360 allow marking a connection as responder only, the same behviour as mobile connections
Ermal Luçi
06:36 PM Revision 86e1846f: Fixes #4359 Allow controlling uniqueids
Ermal Luçi
06:36 PM Revision 908edbd3: Fixes #4359 Allow controlling uniqueids
Ermal Luçi
05:13 PM Revision 3a8c6408: Merge branch 'master' of github.com:SjonHortensius/pfsense
Sjon Hortensius
05:10 PM Revision 5d00f1d4: fix another typo in cleaner
Sjon Hortensius
05:08 PM Revision f6546b41: WIP: Converted advanced_firewall
Sjon Hortensius
05:08 PM Revision 2cc784b3: Form_Select - handle selected values
Sjon Hortensius
05:06 PM Revision ae479a27: Add placeholder showing default value
Sjon Hortensius
04:29 PM Feature #4361 (Resolved): add input validation to prevent use of AES > 128 w/glxsb
Chris Buechler
04:28 PM Feature #4361 (Resolved): add input validation to prevent use of AES > 128 w/glxsb
The glxsb crypto accelerator breaks AES > 128 bit and people don't seem to be aware of that. Adding input validation ... Chris Buechler
02:14 PM Revision a41b03d0: Support data-toggle=disable
Checkbox - moved call to better location
Select - use parent:: for attributes
Input - add support for attributes with... Sjon Hortensius
01:25 PM Revision 75106235: speedup 'function is_port($port)' speed by skipping calls to getservbyname when possible
Pi Ba
01:19 PM Bug #2526: Limiter appears to break IPv6 connectivity
This issue is still not resolved
https://forum.pfsense.org/index.php?topic=77506.new;topicseen#new
Can this tic... Cino .
01:09 PM Revision 1a86b8fe: Don't treat >name special, just put it in attr; fixes Select.id
Select - name is no longer special, use $attr and get a free ID
Checkbox - make displayAsRadio return itself for chai... Sjon Hortensius
01:00 PM Feature #4360: IPsec allow making a connection repsonder only
Applied in changeset commit:87808568a70404e04c306723cdd65f52e59003f9. Ermal Luçi
01:00 PM Feature #4360 (Feedback): IPsec allow making a connection repsonder only
Applied in changeset commit:fdc9ac09ef07752da6153cd3c28f734c61985372. Ermal Luçi
12:46 PM Feature #4360 (Resolved): IPsec allow making a connection repsonder only
Currently only Mobile connection is repsonder only.
There are situations where this behaviour is required hence the ... Ermal Luçi
12:50 PM Feature #4359: IPsec controlling uniqueid value
Applied in changeset commit:86e1846f47bda6a1e2560c249994b47716fac4ad. Ermal Luçi
12:50 PM Feature #4359 (Feedback): IPsec controlling uniqueid value
Applied in changeset commit:908edbd3d17a6fac747b6583322be9e547026f7f. Ermal Luçi
12:32 PM Feature #4359 (Resolved): IPsec controlling uniqueid value
Strongswan allows ID behaviour to be controllable especially useful for multiple devices connecting with same ID. Ermal Luçi
12:22 PM Revision 81dfcea5: Converted system_advanced_admin
Sjon Hortensius
12:21 PM Revision 276c29d4: Add support for sprintf to setHelp
clean - fix typo in php-end-tag cleaner
Input - support sprintf parameter
Select - put option-names through gettext Sjon Hortensius
12:20 PM Bug #4246: Fix "netstat -gW" behavior broken in r259638.
http://svnweb.freebsd.org/base?view=revision&revision=265096 Kill Bill
11:56 AM Bug #4246: Fix "netstat -gW" behavior broken in r259638.
Problem still there in 2.2 RELEASE.
I run pfSense on an Alix board, which is 32 bits.
Is the kerbel config the ... Jocelyn Le Sage
03:28 AM Bug #4246 (Feedback): Fix "netstat -gW" behavior broken in r259638.
The kernel option is there in our kernels and should be on 2.2 kernels as well.... Ermal Luçi
03:23 AM Bug #4246: Fix "netstat -gW" behavior broken in r259638.
The kernel option is there in our kernels and should be on 2.2 kernels as well.... Ermal Luçi
12:16 PM Bug #4266: Rekeying issues with IKEv1 and multiple P2s under some circumstances
More testing should be done related to rekey, uniqueids and DPD closeaction statement which might impact this. Ermal Luçi
12:02 PM Bug #4358: w3.org: put nested table in td
The first code block is wrong.
It should be:
#1:... Grischa Zengel
11:54 AM Bug #4358 (Closed): w3.org: put nested table in td
In openvpn.widget.php:
> document type does not allow element "table" here; missing one of "th", "td" start-tag
... Grischa Zengel
11:40 AM Bug #4357 (Closed): w3.org: value of attribute id must start with a letter, not a number
My interfaces starts with the number of the port written on the case.
> It is possible that you violated the namin... Grischa Zengel
11:23 AM Bug #4356 (Closed): w3.org: <tfoot> used without thead and tbody
In openvpn.widget.php:
> The <tfoot> element is used in conjunction with the <thead> and <tbody> elements to spec... Grischa Zengel
11:15 AM Bug #4355 (Closed): w3.org: there is no attribute "sortableMultirow"
In openvpn.widget.php:
<table style="padding-top:0px; padding-bottom:0px; padding-left:0px; padding-right:0px" cla... Grischa Zengel
10:08 AM Revision b8150520: Traffic Shaper Wizard Upstream SIP Server
Not being remembered and actioned.
Bug #4314 Phil Davis
10:08 AM Revision 0b31300e: Merge pull request #1453 from phil-davis/Upstream-SIP-server
Ermal Luçi
10:06 AM Revision 41da54ce: Fixes #4353 Identify when strongswan.conf needs a reload and restart ipsec service.
Ermal Luçi
10:06 AM Revision 420fce04: Fixes #4353 Identify when strongswan.conf needs a reload and restart ipsec service.
Ermal Luçi
09:45 AM Revision 430379ac: Fixes #4333 Unset previous defined values before using the new ones
Ermal Luçi
09:45 AM Revision ee65c642: Fixes #4333 Unset previous defined values before using the new ones
Ermal Luçi
09:17 AM Revision 7790dacc: Firewall Log does not display logged IGMP packets
If IGMP packets are logged (either pass or block) then parse_filter_line did not set their src and dst IP.
Later in t... Phil Davis
09:16 AM Revision 955746b0: Merge pull request #1456 from phil-davis/patch-1
Ermal Luçi
09:14 AM Revision fdf6fcb3: Fixes #4340 encode username same as with password to avoid issues with special chars.
Ermal Luçi
09:13 AM Revision 95c93bc3: Fixes #4340 encode username same as with password to avoid issues with special chars.
Ermal Luçi
08:21 AM Bug #4352: 2.2 syslogd exiting sig 15 when boot finishes
received email. will reply with access info... Mike Oxlong
08:20 AM Bug #4341: strongSwan fails to re-attach dynamic IPs where interfaces_use specified
Same issue using a PPP wan with Orange France ISP using a dynamic IP. Everything was working fine before pfsense 2.2/... Bob Gray
08:01 AM Bug #3692: apinger loss % gets stuck
this is back for me and I dont't know why this suddenly showed up and why restarting apinger no longer fixes this. al... Michael Kellogg
07:20 AM pfSense Packages Bug #4293: Squid 2.7.9 pkg v.4.3.6 i386 won't start
Some missing link lib.
you can add this symbolic links in a ssh session,
and restart the squid service.
ln... Tahar GUEBLI
06:38 AM Revision f55ef2e7: Update pkg_edit.php
Bipin Chandra
06:35 AM Revision c67b75d1: add schedule selection to pkg_edit.php
this allows schedule selection to pkg_edit.php, this can then be
utilized by packages to set schedules in many other ... Bipin Chandra
04:20 AM Feature #4354 (Closed): Allow dpinger to ping more than one destination for a gateway.
Hello,
I would like to be able to put more than one IP as a monitoring IP in the GUI. I would like the system to u... Raimund Sacherer
04:20 AM Todo #4353: Review IPsec reloading when strongswan.conf is changed
Applied in changeset commit:41da54ce14d2d43a5ce9738bd80b73355fa26180. Ermal Luçi
04:20 AM Todo #4353: Review IPsec reloading when strongswan.conf is changed
Applied in changeset commit:420fce0458f4f1b49faa167a1b6ccc7800d2b8a3. Ermal Luçi
04:05 AM Todo #4353 (Feedback): Review IPsec reloading when strongswan.conf is changed
Ermal Luçi
04:07 AM Bug #4314 (Feedback): Traffic Shaper Wizard not accepting an alias in the "Upstream SIP Server" text box
Merged pull 1453 Ermal Luçi
04:00 AM Bug #4333: Shaper wizard retains and uses incorrect info when supplying a different count of interfaces on future runs
Applied in changeset commit:430379acf9e4bfcda2625954700a6184265c8f73. Ermal Luçi
04:00 AM Bug #4333: Shaper wizard retains and uses incorrect info when supplying a different count of interfaces on future runs
Applied in changeset commit:ee65c642df6466ed59c332d448a4804690ce55c1. Ermal Luçi
03:45 AM Bug #4333 (Feedback): Shaper wizard retains and uses incorrect info when supplying a different count of interfaces on future runs
Ermal Luçi
03:20 AM Bug #4340: OpenVPN connect fails if login contains special characters (e.g. &)
Applied in changeset commit:fdf6fcb3b1405016146088f547085c5d08ff0398. Ermal Luçi
03:20 AM Bug #4340: OpenVPN connect fails if login contains special characters (e.g. &)
Applied in changeset commit:95c93bc3f6a281bd525d72925ea54dfa6ec2709b. Ermal Luçi
03:17 AM Bug #4340 (Feedback): OpenVPN connect fails if login contains special characters (e.g. &)
Fixed the same way as poasswords Ermal Luçi
03:16 AM Bug #4343 (Feedback): Firewall Log does not display logs for IGMP
The pull request has been merged. Ermal Luçi
02:24 AM Bug #4238: Firewall rule: source port display issue
i checked and doesnt seem any issue in port forwarding ports, try clearing your browser cache and check again and if ... Bipin Chandra

01/30/2015

08:20 PM Bug #4352: 2.2 syslogd exiting sig 15 when boot finishes
I emailed you to see if we can setup a time that I can check out your system in general Chris Buechler
04:22 PM Bug #4352: 2.2 syslogd exiting sig 15 when boot finishes
Yes, it does it at every boot or reboot and started exactly after performing an in place upgrade from 2.1.5 release.
... Mike Oxlong
03:37 PM Bug #4352 (Feedback): 2.2 syslogd exiting sig 15 when boot finishes
does it do that at every boot? could you share your config? Chris Buechler
01:16 PM Bug #4352 (Closed): 2.2 syslogd exiting sig 15 when boot finishes
upgraded box from 2.1.5. syslogd now exits at boot/reboot and does not restart again. prevents ALL logs on the entire... Mike Oxlong
07:59 PM Revision fa776555: Do not reuse reqid on copy of phase2 Fixes #4349
Ermal Luçi
07:59 PM Revision 7c449a56: Do not reuse reqid on copy of phase2 Fixes #4349
Ermal Luçi
05:00 PM Revision 07b37952: Unbound domain override IP:port validation
The domain override is IP:port is invalid if either the IP address OR port is invalid.
Previously you could put an in... Phil Davis
04:43 PM Bug #4345: Traffic Shaping doesn't work with Xen netfront driver
Yes, that NIC's changed to xm but still working on 2.1.5 and not on 2.2. Helio Candido
03:39 PM Bug #4345 (Feedback): Traffic Shaping doesn't work with Xen netfront driver
that should be something that changed to xn NICs after upgrade so they're no longer Realtek, is that the case? Chris Buechler
04:35 AM Bug #4345: Traffic Shaping doesn't work with Xen netfront driver
I'm using 2 NIC's Realtek RTL8111/8168 PCI Express Gigabit Ethernet. Both are working on PFSense 2.1.5 with traffic s... Helio Candido
04:30 PM Bug #4286: State killing on gateway change
As I thought, it seems to be a miss-configuration on our part. However, further testing is necessary. Would you mind ... Marc 05
03:34 PM Bug #4349: Generating IPsec entries with the option similar to this one causes bad ipsec configuration
probably would be good to have upgrade code to clean this up, should help fix some people's issues. Chris Buechler
02:00 PM Bug #4349: Generating IPsec entries with the option similar to this one causes bad ipsec configuration
Applied in changeset commit:fa77655557586453a0279566a84d01cd25645978. Ermal Luçi
02:00 PM Bug #4349 (Feedback): Generating IPsec entries with the option similar to this one causes bad ipsec configuration
Applied in changeset commit:7c449a56f208cb7a02c739610a8abfe11ee498be. Ermal Luçi
01:58 PM Bug #4349: Generating IPsec entries with the option similar to this one causes bad ipsec configuration
Should there be upgrade code to fix this issue or not? Ermal Luçi
04:22 AM Bug #4349: Generating IPsec entries with the option similar to this one causes bad ipsec configuration
Also for a discussion https://forum.pfsense.org/index.php?topic=87786.new#new Ermal Luçi
04:21 AM Bug #4349 (Resolved): Generating IPsec entries with the option similar to this one causes bad ipsec configuration
On 2.2 of pfSense reqid is part of the configuration stored.
When from the GUI a phase2/phase1 is generated with the... Ermal Luçi
02:12 PM Todo #4353 (Resolved): Review IPsec reloading when strongswan.conf is changed
If things on strongswan.conf are changed ipsec service needs to be restarted since reloading does not work for them Ermal Luçi
12:52 PM Bug #3692: apinger loss % gets stuck
I hate to say it but in a new pfsense 2.2 installation (with two wan load balancing and high availability) I have now... Mario Giammarco
11:32 AM Feature #4351 (Resolved): Allow to disable BOOTP in DHCP server
As suggested in forum: https://forum.pfsense.org/index.php?topic=80264.0
To prevent the possibility that a malicio... Phillip Davis
11:22 AM Bug #4307: bacula-fd configuration is mangled
I deleted the package and tried to use pkg as described at https://doc.pfsense.org/index.php/Installing_FreeBSD_Packa... Dan Langille
11:09 AM Bug #4307: bacula-fd configuration is mangled
Known issue: https://forum.pfsense.org/index.php?topic=85265.0 Dan Langille
11:06 AM Bug #4307: bacula-fd configuration is mangled
I do not know how to fix the mangled FailDaemon name, but I see the cause.... Dan Langille
11:18 AM Feature #4350 (Resolved): Allow entry of multiple IP addreses in DNS Resolver Domain Overrides
Unbound seems to allow multiple stub-addr in a stub-zone.
This would be handy when using DNS Resolver on pfSense wit... Phillip Davis
08:02 AM Bug #4344: package (re)installation loop after upgrading from 2.1.5-RELEASE to 2.2-RELEASE
*http://pastebin.com/8ni6F2Tb* was scheduled to expire in 2 weeks, so... here's its content:... Vinícius Zavam
06:36 AM Revision 5d60171d: unnecessary but lets just add this for safety
unnecessary but lets just add this for safety Bipin Chandra
04:29 AM pfSense Packages Bug #4331: Issue with VPN interface within Squid 3.4 for Transparent Proxy
Nev Secular wrote:
> I'm running pfSense 2.2 with squid 3.4.10_2
>
> Want to include my VPN interface in transpar... Nev Secular
03:55 AM pfSense Packages Bug #4348 (Closed): SquidGuard is not starting
Applying "Enable" results in
System log:
php: squidGuard_blacklist_update.sh: The command '/usr/pbi/squid-amd64... Holger Hampel
03:43 AM pfSense Packages Feature #4347 (Closed): Recent Version of Asterisk
Version 1.8 is very old. Please update Asterisk to something recent. Frederic Steinfels
12:27 AM pfSense Packages Bug #4337: Multiple radiusd instances are launched upon WAN interface change
I have modified radiusd.sh to prevent it from being executed in parallel and to wait a bit for the process to start b... Paul K
12:22 AM pfSense Packages Bug #4337: Multiple radiusd instances are launched upon WAN interface change
I dug a little deeper and here is what I discovered.
By the time "radiusd.sh start" is invoked second time, first ... Paul K
12:06 AM Bug #4346 (Resolved): radiusd process is left running after package uninstall
During FreeRADIUS package uninstall, package is removed, but process fails to stop. Log:... Paul K

01/29/2015

06:45 PM pfSense Packages Bug #4342: carp switch problem
please use one of our available support resources. https://pfsense.org/support Chris Buechler
01:42 PM pfSense Packages Bug #4342: carp switch problem
It was configured using : https://doc.pfsense.org/index.php/Configuring_pfSense_Hardware_Redundancy_%28CARP%29
Pleas... Bartłomiej Bujak
12:00 PM pfSense Packages Bug #4342 (Rejected): carp switch problem
this is almost certainly indicative of a connectivity problem between the two systems Chris Buechler
06:55 AM pfSense Packages Bug #4342: carp switch problem
Wrong files.
Please remove pfsense_problem.JPG
 Bartłomiej Bujak
06:53 AM pfSense Packages Bug #4342 (Rejected): carp switch problem
I have 2 pfsense cluster installations in two different locations.
One of them 2.2 version 64-bit, second 32 and 64 ... Bartłomiej Bujak
05:38 PM Bug #4345: Traffic Shaping doesn't work with Xen netfront driver
which driver is it saying doesn't support altq? Chris Buechler
01:58 PM Bug #4345 (Confirmed): Traffic Shaping doesn't work with Xen netfront driver
On the version 2.1.5 I got the traffic shaping work without problem but after upgraded to 2.2 it's just doesn't worki... Helio Candido
05:10 PM Revision 091195f0: Firewall Log does not display logged IGMP packets
If IGMP packets are logged (either pass or block) then parse_filter_line did not set their src and dst IP.
Later in t... Phil Davis
04:38 PM Bug #4310: Limiters + HA results in hangs on secondary
I think this happens because CARP packets are being sent to dummynet.
Before the kernel patch prevented this from ha... Ermal Luçi
02:02 PM Revision f5b23288: Set update_url and update_manifest automatically based on version being or not a RELEASE
Renato Botelho
02:02 PM Revision 15ff0dc5: Set update_url and update_manifest automatically based on version being or not a RELEASE
Renato Botelho
11:55 AM Bug #4326: Limiters on firewall rules where NAT applies drop all traffic
I this affected us at PAX South. We had limiters in place and had certain downloads dropping to 0 bytes/sec until we... Travis Kreikemeier
07:50 AM Bug #4326: Limiters on firewall rules where NAT applies drop all traffic
I suppose that's possible, although manually checking the box to disable the generated reply-to doesn't seem to chang... Adam Hirsch
02:47 AM Bug #4326 (Confirmed): Limiters on firewall rules where NAT applies drop all traffic
I believe it only happens where the matching rule with limiter includes reply-to. Chris Buechler
11:54 AM Bug #4344 (Closed): package (re)installation loop after upgrading from 2.1.5-RELEASE to 2.2-RELEASE
this issue was originally reported by "WolfSec-Support" <support at wolfsec.ch> on the pfSense's mailing list.
* htt... Vinícius Zavam
11:53 AM Feature #2834: carp+pfsync: add ability to prefer one node as master
https://github.com/pfsense/pfsense/pull/1449
My patch was rejected. Looking to see what will be accepted. Robert Middleswarth
11:43 AM pfSense Packages Feature #4335: NUT send notifications via built in smtp notification feature
The following seems to work pretty good.
Add to upsmon.conf... Josh Stompro
08:37 AM pfSense Packages Feature #4335: NUT send notifications via built in smtp notification feature
I think I found the info needed to make this work. A command line tool for sending email via the notification system... Josh Stompro
11:24 AM Bug #4343: Firewall Log does not display logs for IGMP
Related forum thread that got me started looking at this: https://forum.pfsense.org/index.php?topic=87723.0 Phillip Davis
11:15 AM Bug #4343: Firewall Log does not display logs for IGMP
Note: In filter_log.inc parse_filter_line() there is also code that tries to handle protocol 112 CARP (around line 24... Phillip Davis
11:12 AM Bug #4343: Firewall Log does not display logs for IGMP
Proposed fix: https://github.com/pfsense/pfsense/pull/1456 Phillip Davis
11:11 AM Bug #4343 (Resolved): Firewall Log does not display logs for IGMP
I have a rule that that deals with multicast packets (to 224.0.0.0/4).
There are lines in /var/log/filter.log for pa... Phillip Davis
10:14 AM Revision a95867a2: multiple allow/deny entries for UPnP (rowhelper)
remove old permission box fields Bipin Chandra
09:51 AM Revision d9f9836a: Merge pull request #7 from SanderVanLeeuwen/bootstrap
Documentation updates + layout tweaks SjonHortensius
09:47 AM Revision 10322913: Keep original PHP form example
Sander van Leeuwen
09:39 AM Revision 2900b876: Fix footer position
Sander van Leeuwen
09:38 AM Todo #4338 (Feedback): Upgrade PHP to 5.5.22
Done on both builders Renato Botelho
09:06 AM Revision 76d450e2: fix input validation, = is OK here
Chris Buechler
09:05 AM Revision 427831ac: fix input validation, = is OK here
Chris Buechler
07:33 AM Bug #4238: Firewall rule: source port display issue
i noted also that the issue is present also for nat rules (port forwarding) Anonymous
04:15 AM Bug #4238: Firewall rule: source port display issue
after its merged, this can be closed Bipin Chandra
02:05 AM Bug #4238: Firewall rule: source port display issue
ben kenobi wrote:
> Thanks,
> after removing style="display:none" the cosmetic issue is not present anymore.
 Anonymous
02:05 AM Bug #4238: Firewall rule: source port display issue
Thanks,
after removing style="display:none" id="sprtable" the cosmetic issue is not present anymore.
 Anonymous
06:12 AM Bug #4341 (Resolved): strongSwan fails to re-attach dynamic IPs where interfaces_use specified
I have a single WAN setup with PPPOE
IPsec (problem applies to both: IKE1 and IKE2)
Every 24 hours the WAN gets rec... Sebastian Chrostek
03:20 AM Bug #4340 (Resolved): OpenVPN connect fails if login contains special characters (e.g. &)
Hello,
after upgrade pfSense to 2.2, OpenVPN fails connect for login S&V (authorization by AD).
@
openvpn: user 'S... Yuriy K.
03:05 AM Bug #4339 (Resolved): RAM Disk Setting minimum ram error
fixed, thanks
 Chris Buechler
03:03 AM Bug #4339 (Confirmed): RAM Disk Setting minimum ram error
though you're right on the math part, shouldn't have = there. about to push a fix. Chris Buechler
03:00 AM Bug #4339 (Rejected): RAM Disk Setting minimum ram error
You must be looking at the wrong description for the box. One is 40 MB, one is 60 MB. ... Chris Buechler
02:56 AM Bug #4339: RAM Disk Setting minimum ram error
Also, 60MB isn't accepted either. the actual minimum is 61. Alexandre Paradis
02:53 AM Bug #4339 (Resolved): RAM Disk Setting minimum ram error
Version : 2.2-RELEASE (amd64)
when saying "Set the size, in MB, for the /tmp RAM disk. Leave blank for 40MB. Do n... Alexandre Paradis
03:01 AM Bug #4308: LAGG LACP defaults to strict mode in FreeBSD >= 10
After reconsideration, I agree we should keep the existing default. I'm not sure that's the right answer for upgraded... Chris Buechler
02:54 AM Bug #4028: Wireless Obytes counter always 0
That FreeBSD PR got bumped recently, no patch available at this time. Chris Buechler
02:50 AM Bug #4329: OpenVPN Server returns an error message while validating selfsigned certificate with a deep of 2
Ermal Luçi wrote:
> [...]
>
> Can you try this patch and let me know if it works for you?
The patch creates an e... Armin Tueting
12:05 AM Revision 079becf2: Add form styling conventions with an HTML example
Sander van Leeuwen

01/28/2015

11:10 PM Todo #4338 (Resolved): Upgrade PHP to 5.5.22
Need to upgrade PHP to 5.5.21 for 2.2.1. Chris Buechler
10:01 PM Revision 1fbae628: Fixes #4274 same fix as #4302 enclose in double quotes to tell yacc this is a string to be parsed.
Ermal Luçi
10:01 PM Revision 6a2f0ad7: Fixes #4274 same fix as #4302 enclose in double quotes to tell yacc this is a string to be parsed.
Ermal Luçi
09:55 PM Revision 1abdf80b: Apparently yacc became more strict in FreeBSD 10. Fixes #4302
Ermal Luçi
09:53 PM Revision 17b3a068: Apparently yacc became more strict in FreeBSD 10. Fixes #4302
Ermal Luçi
09:39 PM Revision 422a715c: Add id attribute to input elements
Sander van Leeuwen
09:08 PM pfSense Packages Bug #4337: Multiple radiusd instances are launched upon WAN interface change
This also happens on system boot. Paul K
08:36 PM pfSense Packages Bug #4337 (Resolved): Multiple radiusd instances are launched upon WAN interface change
I noticed that whenever I change WAN interface settings and apply them multiple radiusd instances are launched. Syste... Paul K
08:26 PM Revision b50baf79: Fixes #4275 use double quotes on asn1dn specification so strongswan properly interprets it
Ermal Luçi
08:24 PM Revision 99df898e: Fixes #4275 use double quotes on asn1dn specification so strongswan properly interprets it
Ermal Luçi
06:46 PM Revision 340e8bc5: Accept port range on Outbound NAT. Fixes #4300
Renato Botelho
06:45 PM Revision b601f897: Accept port range on Outbound NAT. Fixes #4300
Renato Botelho
06:45 PM Bug #4334 (Rejected): Haning installation
you're using a serial console, it's not hung, it has no keyboard. Please follow up on your forum thread for additiona... Chris Buechler
02:08 PM Bug #4334 (Rejected): Haning installation
I have been trying to install pfsense sevarel times.
but every time the installation hangs at the same point (See at... daniel guldberg aaes
05:54 PM pfSense Packages Bug #4336 (Resolved): syslog-ng package missing libraries
The following error is logged when attempting to enable the syslog-ng service:
Syslog-ng syntax test failed: [2015-0... Jeremy Porter
04:28 PM Revision 42322ae0: Fix name attr for Select, implement Checkbox::displayAsRadio
Sjon Hortensius
04:20 PM Bug #4274: Marking a packet with only a number results in a broken rule
Applied in changeset commit:1fbae628c24e8259dc2ddb3f610c78b4dad45a34. Ermal Luçi
04:20 PM Bug #4274: Marking a packet with only a number results in a broken rule
Applied in changeset commit:6a2f0ad75063b9a0068b0a1983fb61fe3b408920. Ermal Luçi
04:00 PM Bug #4274 (Feedback): Marking a packet with only a number results in a broken rule
Ermal Luçi
07:29 AM Bug #4274 (Confirmed): Marking a packet with only a number results in a broken rule
Confirmed. If you place a purely numerical value in the "You can mark a packet matching this rule and use this mark t... Jim Pingle
04:00 PM Bug #4302: Several DSCP choices are non-functional and result in a broken ruleset
Applied in changeset commit:1abdf80b2d4abaf7fb0238ae21d554603149619e. Ermal Luçi
04:00 PM Bug #4302: Several DSCP choices are non-functional and result in a broken ruleset
Applied in changeset commit:17b3a06878f3664abb7f745a08ab19fc2c58bbba. Ermal Luçi
03:54 PM Bug #4302 (Feedback): Several DSCP choices are non-functional and result in a broken ruleset
Ermal Luçi
02:43 PM Bug #4302: Several DSCP choices are non-functional and result in a broken ruleset
The same rule does not break pf on a pfSense 2.1 install, so it's definitely an issue with 2.2 Jim Pingle
02:40 PM Bug #4302: Several DSCP choices are non-functional and result in a broken ruleset
This is related to #2998 and i do not see anything different in 2.2 in comparison to 2.1?
Probably even 2.1 it did... Ermal Luçi
03:56 PM Bug #4268: changes in strongswan config don't apply to SAD or SPD
I do not expect there to be issues from this.
The SAD is there but the policies(SPD) are not so there is nothing tha... Ermal Luçi
03:43 PM Revision fee13fc0: Reload filter when IPsec is disabled, fixes #4245
Renato Botelho
03:42 PM Revision 1959e3d1: Reload filter when IPsec is disabled, fixes #4245
Renato Botelho
03:33 PM Revision a27f0c10: Add support for 0x20 DNS random bit support. Fixes #4205
Warren Baker
03:33 PM Revision 52d946d8: Merge pull request #1440 from wagonza/patch-6
Renato Botelho
03:23 PM Revision 7c7c2ba2: Support for Office365 Mail
https://redmine.pfsense.org/issues/4176
Allow the user to choose SMTP authentication mechanism PLAIN or LOGIN.
For ex... Phil Davis
03:23 PM Revision 27c25d29: Support choice of SMTP Authentication Mechanisms
https://redmine.pfsense.org/issues/4176
I have left some documentation here of other mechanisms that someone might ca... Phil Davis
03:23 PM Revision e336d9ef: Merge pull request #1421 from phil-davis/patch-4
Renato Botelho
03:15 PM pfSense Packages Feature #4335 (Resolved): NUT send notifications via built in smtp notification feature
This is a wishlist feature request.
The NUT package should have a checkbox that allows it to use the built in noti... Josh Stompro
02:53 PM Bug #4326: Limiters on firewall rules where NAT applies drop all traffic
I'm seeing this when the limiter is applied to a filter on the WAN interface, but not the LAN interface. Odd. Adam Hirsch
02:30 PM Bug #4275: ASN.1 DN needs double quotes in config file
Applied in changeset commit:b50baf79f18b21454dad25819d3a6656caf2abcc. Ermal Luçi
02:30 PM Bug #4275: ASN.1 DN needs double quotes in config file
Applied in changeset commit:99df898e0c5fd8533d234bbb7846b89d9097a424. Ermal Luçi
02:26 PM Bug #4275 (Feedback): ASN.1 DN needs double quotes in config file
Ermal Luçi
01:48 PM Bug #4328: Some symlinks not updated by full update
Likely, (or build from source) but 2.2.1 likely not that far away, either. Jim Thompson
12:55 PM Bug #4328: Some symlinks not updated by full update
Thanks. I assume the only way to test this is to wait for 2.2.1 :) Doktor Notor
08:03 AM Bug #4328 (Feedback): Some symlinks not updated by full update
I pushed a fix for this on tools Renato Botelho
02:40 AM Bug #4328 (Resolved): Some symlinks not updated by full update
Forum thread: https://forum.pfsense.org/index.php?topic=87336.msg481876#msg481876
On upgrade, there are loads of /... Doktor Notor
01:44 PM Bug #4308: LAGG LACP defaults to strict mode in FreeBSD >= 10
Can we talk about *not* disabling strict mode? FreeBSD 10 runs LAGG LACP in 'strict' mode for a reason.
https://bug... Jim Thompson
01:40 PM Bug #4329: OpenVPN Server returns an error message while validating selfsigned certificate with a deep of 2
... Ermal Luçi
10:56 AM Bug #4329: OpenVPN Server returns an error message while validating selfsigned certificate with a deep of 2
Phillip Davis wrote:
> "Two" should be good. I just checked a road warrior server of mine. I changed Certificate Dep... Armin Tueting
05:27 AM Bug #4329: OpenVPN Server returns an error message while validating selfsigned certificate with a deep of 2
"Two" should be good. I just checked a road warrior server of mine. I changed Certificate Depth to "Two" and it chang... Phillip Davis
04:40 AM Bug #4329: OpenVPN Server returns an error message while validating selfsigned certificate with a deep of 2
Phillip Davis wrote:
> Is that related to the "Certificate Depth" setting on the OpenVPN Server GUI page?
I didn't ... Armin Tueting
04:04 AM Bug #4329: OpenVPN Server returns an error message while validating selfsigned certificate with a deep of 2
Is that related to the "Certificate Depth" setting on the OpenVPN Server GUI page?
Do you have that already set to "... Phillip Davis
03:25 AM Bug #4329 (Not a Bug): OpenVPN Server returns an error message while validating selfsigned certificate with a deep of 2
Hello,
I've recently upgraded from 2.1.5 to 2.2 and getting an error message:-
>Jan 28 09:39:23 pfsense openvpn[4... Armin Tueting
01:38 PM Revision 7094c303: Fix #4318 - gen_subnetv4_max() not working on 32bit
Renato Botelho
01:38 PM Revision e69a0cf3: Fix #4318 - gen_subnetv4_max() not working on 32bit
Renato Botelho
01:00 PM Bug #4300: Can not enter outbound NAT destination port range
Applied in changeset commit:340e8bc5cf67a2e826df28d1ac3a1eb70ed2c5c5. Renato Botelho
01:00 PM Bug #4300 (Feedback): Can not enter outbound NAT destination port range
Applied in changeset commit:b601f897a5f6acfb4abc8beeedf0bb0d5cfa3193. Renato Botelho
12:56 PM Revision 01a84fcf: updated forms description HTML > PHP
Sjon Hortensius
12:38 PM Bug #4311: aPinger service gets higher ping. Resolves for short period after restart aPinger service
I am also getting this same issue, and I can confirm a restart restores the pings to their normal value for a short t... Seb Hopley
02:09 AM Bug #4311: aPinger service gets higher ping. Resolves for short period after restart aPinger service
Forgot to mention that this is based on a fresh 2.2 install with a restore of a backup of 2.0 version Dirk Jan de Vries
12:26 PM Bug #4330 (Rejected): Pfsense 2.2 breaks certain Realtek cards
drivers are outside our control, we only follow up with ones relevant to things we sell @ store.pfsense.org. Please r... Chris Buechler
03:32 AM Bug #4330: Pfsense 2.2 breaks certain Realtek cards
Should mention I tried adding if_re.ko and if_rl.ko from FreeBSD 10.1 to /boot/modules with no success. Ross Williamson
03:31 AM Bug #4330 (Rejected): Pfsense 2.2 breaks certain Realtek cards
Hi there
Pfsense 2.2 upgrade has gone very smoothly on all but one of my machines. Unfortunately one happened to b... Ross Williamson
10:08 AM Feature #4322: Add Google Domains DDNS
I'm aware, but it took a while to figure it out on my own. It would be much simpler to have a menu item of it's own. ... Landon Wubbels
09:50 AM Bug #4245: after disabling ipsec, "# VPN Rules" are still loaded
Applied in changeset commit:fee13fc057f3c1e96a3db2535ab7734953de5924. Renato Botelho
09:50 AM Bug #4245 (Feedback): after disabling ipsec, "# VPN Rules" are still loaded
Applied in changeset commit:1959e3d1d08747799229bacea10fbb906367c84f. Renato Botelho
09:50 AM Feature #4205: unbound config option missing
Applied in changeset commit:a27f0c10a90e696d9b987bdc38727eb738163c48. Warren Baker
09:50 AM Feature #4205 (Feedback): unbound config option missing
Applied in changeset commit:a771a6aee364f60ab436f26d061b373118462c43. Warren Baker
09:31 AM Bug #4333 (Resolved): Shaper wizard retains and uses incorrect info when supplying a different count of interfaces on future runs
If you run through the shaper wizard with, for example, two WANs, then some sections like VoIP get a set of <conn0upl... Jim Pingle
09:26 AM Revision 04a893de: multiple allow/deny entries for UPnP (rowhelper)
with this additional change we can allow infinite number of entries
rather than just 500 due to the for loop set to a... Bipin Chandra
09:22 AM Feature #4176 (Feedback): Add support for SMTP authentication mechanisms
Pull request has been merged Renato Botelho
09:01 AM Bug #4238: Firewall rule: source port display issue
the above link is the patch file but u can simply edit the page (/usr/local/www/firewall_rules_edit.php) by going to ... Bipin Chandra
06:56 AM Bug #4238: Firewall rule: source port display issue
https://github.com/pfsense/pfsense/pull/1452.patch Bipin Chandra
04:57 AM Bug #4238: Firewall rule: source port display issue
the fetch fails
i suppose that a / is missing on the patch
usr/local/www/firewall_rules_edit.php
Regards Anonymous
08:57 AM Revision 0f062592: Dynamic DNS wildcard typo
Self-explanatory, just a dumb typo bug Phil Davis
08:57 AM Revision c19bdcf4: Merge pull request #1450 from phil-davis/patch-1
Renato Botelho
08:55 AM Revision 4c40e2a7: Unimportant typos in user and group manager
that do not effect anything. Phil Davis
08:55 AM Revision adaf6ca9: Merge pull request #1445 from phil-davis/priv-typos
Renato Botelho
08:46 AM Revision 085136fe: multiple allow/deny entries for UPnP (rowhelper)
This patch will allow the web GUI for UPnP to enter more user specified
entries rather than just 4, I replaced the 4 ... Bipin Chandra
08:37 AM Bug #4314: Traffic Shaper Wizard not accepting an alias in the "Upstream SIP Server" text box
I applied the patch and it works ok now. The wizard remembers the text box content and the floating rules are automat... Muchacha Grande
08:36 AM Bug #4317: firewall_edit_nat.php - memory exhaustion on 32 bit with VIP range
Note:
$x2 = ip2long32("127.255.255.255");
var_dump($x2);
$y2 = ip2long32("128.0.0.0");
var_dump($y2);
$z2 = $y2 ... Phillip Davis
08:28 AM Bug #4317: firewall_edit_nat.php - memory exhaustion on 32 bit with VIP range
Sorry - the last subtraction in my code above should have been "$z2 = $y2 - $x2" - so ignore the rubbish "float(-198.... Phillip Davis
08:17 AM Bug #4317: firewall_edit_nat.php - memory exhaustion on 32 bit with VIP range
Yes - I had been checking the code on a 64-bit system accidentally. Now I am at home with my Alix it all goes wrong:
... Phillip Davis
08:10 AM Bug #4317: firewall_edit_nat.php - memory exhaustion on 32 bit with VIP range
yes, correct, everything i386 on our side... Alejandro Olivan
08:09 AM Bug #4317: firewall_edit_nat.php - memory exhaustion on 32 bit with VIP range
A fix was just posted for #4318, apply that fix and try this again, I suspect it will work fine. If so, we can close ... Jim Pingle
08:06 AM Bug #4317: firewall_edit_nat.php - memory exhaustion on 32 bit with VIP range
Yep, on i386 Kernel.
Dont see a way to change architecture doing an auto upgrade and several machines are remote.
... Mogamat Abrahams
07:07 AM Bug #4317: firewall_edit_nat.php - memory exhaustion on 32 bit with VIP range
Are you all on i386?
I could see that loop going out of control due to #4318, source:usr/local/www/firewall_nat_ed... Jim Pingle
04:20 AM Bug #4317: firewall_edit_nat.php - memory exhaustion on 32 bit with VIP range
Here i paste relevant part of one upgraded router setup.
This particular one has a mixture of virtualIPs, may this h... Alejandro Olivan
03:57 AM Bug #4317: firewall_edit_nat.php - memory exhaustion on 32 bit with VIP range
Numbers like that work fine for me - e.g. subnet 197.1.2.131 subnet_bits 29
It build a correct list of 8 addresses.
... Phillip Davis
03:22 AM Bug #4317: firewall_edit_nat.php - memory exhaustion on 32 bit with VIP range
I got exactly the same situation, so may I at least help consistently confirming the issue existence:
I have stopp... Alejandro Olivan
03:03 AM Bug #4317: firewall_edit_nat.php - memory exhaustion on 32 bit with VIP range
You are right, must have missed it due to fatigue, although I do remember removing this before upgrading to 2.2.
<... Mogamat Abrahams
08:24 AM Bug #4332 (Resolved): Unable to run DNS Forwarder (dnsmasq) and DNS Resolver (unbound) simultaneously on different ports
It should be possible to run both services for different purposes so long as they are on different port numbers.
C... Jim Pingle
07:50 AM Bug #4318: gen_subnet_max returns incorrect result for 32 bit
Applied in changeset commit:7094c303b7d46c9f7b24c3f1bd4432187832e85c. Renato Botelho
07:50 AM Bug #4318 (Feedback): gen_subnet_max returns incorrect result for 32 bit
Applied in changeset commit:e69a0cf3a216c8647a6def4eee41ab01319ce90f. Renato Botelho
04:38 AM pfSense Packages Bug #4331 (Resolved): Issue with VPN interface within Squid 3.4 for Transparent Proxy
I'm running pfSense 2.2 with squid 3.4.10_2
Want to include my VPN interface in transparent proxy within squid.
s... Nev Secular
03:44 AM Feature #4265: UPNP allow use of alias and schedule
i added the rowhelper control as well as it will allow infinite number of entries and tried it and works well
http... Bipin Chandra
12:24 AM Bug #4327 (Closed): Package Manager issue behind proxy
Hello,
the pfsense that i have installed inside my company uses proxy connections to get updates from pfsense sites.... Anonymous

01/27/2015

10:23 PM Bug #4325: GUI for limiter rules turns Gb/s into b/s
When I do that, /tmp/rules.limiter has the expected stuff like:
pipe 1 config bw 4Gb
But as you say, Diagnostics... Phillip Davis
09:33 PM Bug #4325 (Resolved): GUI for limiter rules turns Gb/s into b/s
Steps to reproduce:
# Firewall -> Traffic Shaper -> Limiter
# Create new limiter with a memorable bandwidth. (In ... Adam Hirsch
10:06 PM Bug #4326 (Resolved): Limiters on firewall rules where NAT applies drop all traffic
A PASS filter rule with In / Out limiters set will pass traffic until bandwidth in a limited direction hits the limit... Adam Hirsch
09:30 PM pfSense Packages Bug #4324 (Resolved): HAproxy and SSL client certificate validation
I just stumbled upon something with HAproxy that is probably not the expected/intended behavior when building an ACL ... Stéphane Lapie
08:33 PM Revision 69f9ff40: final touches on Forms
system - removed trailing unused form-html
Form - set proper width for submit-button column
Element - support returni... Sjon Hortensius
07:51 PM Revision dc58b7b3: moved some js from separate files to contextual .php
pfSense.js - to prevent a blob of scripts; move index-widget handling to
actual index, introduce events instead
*.j... Sjon Hortensius
06:17 PM Revision 7efe99b5: Traffic Shaper Wizard Upstream SIP Server
Not being remembered and actioned.
Bug #4314 Phil Davis
04:53 PM Feature #4322: Add Google Domains DDNS
it can be manually configured using the "custom" type currently Chris Buechler
03:57 PM Feature #4322 (Resolved): Add Google Domains DDNS
Google domains (domains.google.com) has added DDNS services outlined here: https://support.google.com/domains/answer/... Landon Wubbels
04:53 PM Bug #4323 (Rejected): Layer 7 / ipfw-classifyd 100% cpu in 2.2
duplicate of #4276 Chris Buechler
04:13 PM Bug #4323 (Rejected): Layer 7 / ipfw-classifyd 100% cpu in 2.2
Any Layer 7 traffic shaper configuration causes ipfw-classifyd to use 100% of cpu and essentially blocks all outbound... Curtis Edge
02:51 PM Bug #4286: State killing on gateway change
The VPN on Site A has the "Stake killing on gateway change" feature enabled (box unchecked), and it did not restore o... Marc 05
11:11 AM Bug #4286: State killing on gateway change
We're currently testing the same kind of set up with IPsec and it seems we have the same issue (on 2.1.4). This funct... Marc 05
09:31 AM Bug #4286: State killing on gateway change
The problem was already here in the previous stable version. Jo S
08:52 AM Bug #4286: State killing on gateway change
Did you have this multiwan setup working previously with 2.1.5? Or has the issue existed since then? Marc 05
02:33 PM pfSense Packages Bug #4301: arpwatch not sending email reports on 2.2
not sure if this helps
01-27-2015 15:33:50 Daemon.Debug pfsense Jan 27 15:33:50 arpwatch: reaper: pid 93610, exit ... Cino .
02:22 PM Revision ca127ab7: Simplify use of other serial ports setting all of them as onifconsole when serial is enabled
Renato Botelho
02:22 PM Revision 04c8360c: Teach ufslabels.sh to deal with DESTDIR, useful on installation
Renato Botelho
02:22 PM Revision 8c392069: Improve a bit sh syntax and fix it for multiple swap devices
Renato Botelho
02:20 PM Revision 12fe841f: Change version to 2.2.1-DEVELOPMENT
Renato Botelho
02:18 PM Bug #4317 (Feedback): firewall_edit_nat.php - memory exhaustion on 32 bit with VIP range
not a replicable circumstance.
In order for the situation as described to occur, you have to have some kind of co... Chris Buechler
01:28 PM Bug #4317 (Resolved): firewall_edit_nat.php - memory exhaustion on 32 bit with VIP range
Hi,
After upgrade to 2.2, experience memory limit errors even after increasing php memory_limit :
_Crash report... Mogamat Abrahams
02:13 PM Feature #4320: Enable port-in-use checking in miniupnpd
The effect that I see most often is Macs on the LAN adding a mapping for external port 4500 (for BTMM) and breaking I... Daniel Becker
02:12 PM Feature #4320: Enable port-in-use checking in miniupnpd
This might actually be considered a bug rather than a feature, as without this change, miniupnpd will happily let LAN... Daniel Becker
02:07 PM Feature #4320 (Resolved): Enable port-in-use checking in miniupnpd
The miniupnpd port has a build-time option that forces it to check if the requested external port is already in use l... Daniel Becker
02:10 PM Feature #4321 (Resolved): Enable IPv6 for miniupnpd
Miniupnpd supports IPv6; this can be enabled by adding the "IPV6" and "UPNP_IGDV2" make options to the port. See atta... Daniel Becker
02:07 PM pfSense Packages Bug #4256: Squid3 using 100% CPU after install/reboot
I re-did tests with 3.4.10_2 pkg 0.2.6 on clean VM and real router and looks like everything is ok. I wonder what was... Dmitriy K
01:57 PM Revision 4f009171: Simplify use of other serial ports setting all of them as onifconsole when serial is enabled
Renato Botelho
01:50 PM Revision 873cab16: Teach ufslabels.sh to deal with DESTDIR, useful on installation
Renato Botelho
01:49 PM Bug #4319 (Rejected): Release 2.2 - Wake on Lan different behaviour on alix and apu
#4318 is the root cause of this Chris Buechler
01:42 PM Bug #4319 (Rejected): Release 2.2 - Wake on Lan different behaviour on alix and apu
Upgrade worked fine on multiple hardware installations (all on
alix / apu). The only thing I've realised is, that WO... Chris Suter
01:31 PM Bug #4318 (Resolved): gen_subnet_max returns incorrect result for 32 bit
gen_subnet_max returns incorrectly on 32 bit 2.2. One example, WoL will always throw in 255.255.255.255 as the broadc... Chris Buechler
12:59 PM Revision db4b4576: Improve a bit sh syntax and fix it for multiple swap devices
Renato Botelho
12:39 PM Revision a005a836: finalized Form classes, allowed add/removeClass on all elements
+ add overloadable submit button Sjon Hortensius
12:39 PM Revision f76cbd6f: Fix sed syntax, -i requires a space before the parameter. Also fix regex to find swap device
Renato Botelho
12:38 PM Revision 802956d6: Fix sed syntax, -i requires a space before the parameter. Also fix regex to find swap device
Renato Botelho
12:19 PM Bug #4314: Traffic Shaper Wizard not accepting an alias in the "Upstream SIP Server" text box
I think this should fix it:
https://github.com/pfsense/pfsense/pull/1453
The field name for that had been changed i... Phillip Davis
10:39 AM Bug #4314 (Resolved): Traffic Shaper Wizard not accepting an alias in the "Upstream SIP Server" text box
When using the traffic shaper wizard "Multiple LAN/WAN" I choose to prioritize voice over IP traffic and use a generi... Muchacha Grande
11:46 AM Bug #4315 (Resolved): unable to auto-update i386 from 2.2-BETA to 2.2-RELEASE
you're pointing to the snapshot server not the stable release update location, so that's the expected end result.
... Chris Buechler
11:40 AM Bug #4315 (Resolved): unable to auto-update i386 from 2.2-BETA to 2.2-RELEASE
Currently running "2.2-BETA (i386) built on Sat Nov 22 20:52:45 CST 2014 FreeBSD 10.1-RELEASE".
Dashboard shows upda... Adam Thompson
11:19 AM Bug #4313 (Rejected): DHCP server does not send configured DNS (with DNS forwarder/resolver disabled)
not true, that works correctly Chris Buechler
09:58 AM Bug #4313: DHCP server does not send configured DNS (with DNS forwarder/resolver disabled)
Sorry, I had something misconfigured... Eric Hoffman
09:50 AM Bug #4313 (Rejected): DHCP server does not send configured DNS (with DNS forwarder/resolver disabled)
I have DHCP server enabled on LAN, with the DNS fields configured.
I also disabled DNS forwarder/resolver.
On the... Eric Hoffman
09:12 AM Revision a32c0623: whitespace changes; renamed classes to Form_ prefix
Sjon Hortensius
08:55 AM Feature #4272 (Rejected): Depreciate Full install. Replace with Embedded, include gui to allow adding a mount / path to install packages to (and additional Full install features as packages)
Not likely to happen. If anything we may go the other way, deprecating NanoBSD and using full installs exclusively. L... Jim Pingle
08:14 AM Bug #4238: Firewall rule: source port display issue
https://github.com/pfsense/pfsense/pull/1452
patch to fix this Bipin Chandra
07:25 AM Bug #4312 (Resolved): Bridge advanced settings not always applied after interface is added to bridge
on 2.2 release
after reboot, the option PRIVATE PORTS (ovpns6 and ovpnc4 for my example) of BRIDGE not work (brigde ... dominique dupont
07:15 AM Bug #4276: Layer 7 not working / ipfw-classifyd high load
in logs:... winmasta winmasta
06:26 AM Revision 6a32a3e4: use example.com for examples
Chris Buechler
06:26 AM Revision a8b61be6: use example.com for examples
Chris Buechler
06:21 AM Revision 5e3affe2: these descriptions were flipped. Ticket #4273
Chris Buechler
06:21 AM Revision 580f5eee: these descriptions were flipped. Ticket #4273
Chris Buechler
06:15 AM Feature #2668: Support aliases in OpenVPN local/remote/tunnel network fields
Bump Dmitriy K
03:15 AM Bug #4275 (Confirmed): ASN.1 DN needs double quotes in config file
Chris Buechler
03:06 AM Bug #4300 (Confirmed): Can not enter outbound NAT destination port range
Chris Buechler
03:03 AM pfSense Packages Bug #4309 (Rejected): layer7 do not work properly
duplicate of #4276 Chris Buechler
01:32 AM pfSense Packages Bug #4309 (Rejected): layer7 do not work properly
Have "ipfw-classifyd: packet dropped: output queue full" in system log, cant load any web page winmasta winmasta
02:59 AM Feature #4265: UPNP allow use of alias and schedule
im trying to code the schedule feature to upnp but seems im totally lost in all the php and inc file code, can any1 g... Bipin Chandra
02:52 AM Bug #4311 (Resolved): aPinger service gets higher ping. Resolves for short period after restart aPinger service
Our RRD graphs in the section Quality gain a higher ping than I can measure. After restarting the aPinger service the... Dirk Jan de Vries
02:13 AM Bug #4310 (Resolved): Limiters + HA results in hangs on secondary
Configuring limiters on a firewall rule in 2.2 on a system using HA results in a kernel panic reboot loop. To replica... Chris Buechler
01:34 AM Bug #4280 (Rejected): LAN with quad NIC configured with LAGG-LACP and VLANs
the root issue here is #4308 Chris Buechler
01:26 AM Bug #4308 (Closed): LAGG LACP defaults to strict mode in FreeBSD >= 10
In FreeBSD 10.0 and newer, LAGG with LACP defaults to strict mode. If it's not getting LACPDUs on the ports, it doesn... Chris Buechler
12:42 AM Bug #4297: Squid unable to listen on port inferior to 1024
Chris Buechler wrote:
> that sysctl has no relation to what you're trying to do. net.inet.ip.portrange.reservedhigh ... Stanislas Khider
12:20 AM Bug #4273 (Resolved): OpenVPN options route-nopull and route-noexec swapped
Thanks. Yeah the descriptions were backwards, fixed. Chris Buechler
12:00 AM Bug #4178: IPsec leftsubnet changed to 0.0.0.0 with Cisco unity plugin active
reported here that just setting cisco_unity=no is inadequate to fix this issue.
https://forum.pfsense.org/index.php... Chris Buechler

01/26/2015

11:28 PM Bug #4297 (Rejected): Squid unable to listen on port inferior to 1024
that sysctl has no relation to what you're trying to do. net.inet.ip.portrange.reservedhigh is what you're looking fo... Chris Buechler
03:30 AM Bug #4297 (Rejected): Squid unable to listen on port inferior to 1024
Squid 3.4.10_2 pkg 0.2.6
pFsense 2.2
Impossible to listen on port <1024
The field 'reverse HTTP port' must con... Stanislas Khider
07:21 PM Bug #4307: bacula-fd configuration is mangled
The UI also has a typo: Diector Dan Langille
07:19 PM Bug #4307: bacula-fd configuration is mangled
Oh, now that I notice it: "director = -dir" would normally be "director = bacula-dir", that it is, it would match t... Dan Langille
07:16 PM Bug #4307 (Closed): bacula-fd configuration is mangled
This is what pfSense 2.2 shows me for my bacula-fd configuration:... Dan Langille
07:12 PM pfSense Packages Bug #4306 (Resolved): bacula-fd configuration file location is incorrect
Bacula is running with:... Dan Langille
06:19 PM Bug #4299 (Rejected): Gateway Monitor producing bogus RTT variables (ping times)
duplicate of #4081 Chris Buechler
06:15 AM Bug #4299: Gateway Monitor producing bogus RTT variables (ping times)
To add: minimum possible WAN GATEWAY ping return value is 7ms (100% impossible for it to go under that number, a cabl... Mike Oxlong
06:10 AM Bug #4299: Gateway Monitor producing bogus RTT variables (ping times)
Impossibly high, or impossibly low?
Yes, I have seen occasions when the ping time is impossibly low for a while. I t... Phillip Davis
05:59 AM Bug #4299 (Rejected): Gateway Monitor producing bogus RTT variables (ping times)
Performed upgrade from 2.1.5 to 2.2-RELEASE. Now Gateway Monitor produces arbitrary and completely bogus (impossible)... Mike Oxlong
06:17 PM Feature #4305 (Rejected): Add Advanced / local-data option to Host Overrides for DNS Resolver / Unbound
already there, just have to configure it correctly Chris Buechler
06:15 PM Feature #4305: Add Advanced / local-data option to Host Overrides for DNS Resolver / Unbound
You are (obviously) right.
I read that article, but must have assumed it was part of the TXT Comment Support.
T... Andrew Stuart
04:59 PM Feature #4305: Add Advanced / local-data option to Host Overrides for DNS Resolver / Unbound
You're just doing it wrong.... Kill Bill
02:43 PM Feature #4305 (Rejected): Add Advanced / local-data option to Host Overrides for DNS Resolver / Unbound
The Advanced button doesn't allow the inclusion of local-data: entries. Actually it allows it, but it breaks unbound
... Andrew Stuart
05:39 PM Bug #4218 (Confirmed): Bridge does not have AUTO_LINKLOCAL flag
this is part of what's noted in if_bridge(4): ... Chris Buechler
04:40 PM Revision 3ad5d4ce: Merge branch 'bootstrap' of github.com:SjonHortensius/pfsense into bootstrap
Sjon Hortensius
04:38 PM Revision b40bcb23: New POC for generating forms through PHP classes
reduce the amount of html c/ping by keeping the amount of
meta-data limited Sjon Hortensius
04:32 PM Bug #4284 (Rejected): PFSense 2.2. won't automatically add arp entries from multicast mac addresses into its arp table
that'll be required to add as a tunable where you need that to work. The fact it worked before was technically the bu... Chris Buechler
10:19 AM Bug #4284: PFSense 2.2. won't automatically add arp entries from multicast mac addresses into its arp table
This can be permanently fixed on each PFSense Firewall by:
System->Advanced->System Tunables
Then add an entry ... Jonathan Black
04:04 PM Todo #4224: PBIs are old skool. pkg-ng is the new shiny. We need to convert pfSense to use pkg-ng.
Even if you don't go to the extreme I'm suggesting in [[https://redmine.pfsense.org/issues/4272]], I would suggest ke... Andrew Stuart
04:01 PM Todo #4225: Lets improve the webGUI
In addition to this, I'd say the forced change to "pfsense" is rather annoying, in that it's really simple to fat fin... Andrew Stuart
03:21 PM Bug #4280: LAN with quad NIC configured with LAGG-LACP and VLANs
Ok so I created a VM with a fresh install of 2.2 and did the following,
System > Advanced > Networking
Checked "D... Gabriel Zellmer
03:10 PM Bug #4303: When using a public carp-ip on a wan interface that has a private ip apinger 'srcip' is set to the local ip.
Ok for some reason there was a nat state that was already passing traffic. Deleting that state made the apinger pings... Pi Ba
02:40 PM Bug #4303 (Rejected): When using a public carp-ip on a wan interface that has a private ip apinger 'srcip' is set to the local ip.
that's how things work by design, the interface IP of the interface in question is the appropriate source. You can NA... Chris Buechler
01:48 PM Bug #4303 (Rejected): When using a public carp-ip on a wan interface that has a private ip apinger 'srcip' is set to the local ip.
When using a public carp-ip on a wan interface that has a private ip apinger 'srcip' is set to the local ip.
Even wh... Pi Ba
02:16 PM pfSense Packages Bug #4304: pfflowd non-functional on 2.2.x versions
The Packages page reports version as:
0.8 pkg v1.0.2 Jeroen Roovers
02:09 PM pfSense Packages Bug #4304 (Closed): pfflowd non-functional on 2.2.x versions
Jan 26 20:56:32 pfflowd[40995]: pfflowd listening on pfsync0
Jan 26 20:56:32 kernel: pfsync0: promiscuous mode enabl... Jeroen Roovers
01:37 PM Bug #4283 (Rejected): Constant cas# device timeout errors and crashes with Sun 501-6738-10
not something we're going to fix, you can replicate on stock FreeBSD and report upstream to see if that gets any resu... Chris Buechler
01:36 PM pfSense Packages Bug #4271 (Rejected): vnstat2 conf file not pointing to proper path
duplicate of #4282 Chris Buechler
01:25 PM Bug #4302 (Confirmed): Several DSCP choices are non-functional and result in a broken ruleset
Jim Pingle
01:22 PM Bug #4302 (Resolved): Several DSCP choices are non-functional and result in a broken ruleset
Several DSCP choices are non-functional in pfSense 2.2 rules and when chosen, they result in a broken ruleset that wi... Jim Pingle
12:45 PM pfSense Packages Bug #4301 (Closed): arpwatch not sending email reports on 2.2
Not much info I can provide for this one but arpwatch isn't sending email reports anymore after upgrading to 2.2 amd6... Cino .
10:03 AM Revision 5f8673d1: Merge pull request #6 from SanderVanLeeuwen/bootstrap
pfSense in Virtualbox installation instructions SjonHortensius
09:54 AM Revision 6c6ff9ad: Add Virtualbox installation instructions
Sander van Leeuwen
09:51 AM Revision 88d0577b: Add Virtualbox installation instructions
Sander van Leeuwen
09:38 AM Bug #4300: Can not enter outbound NAT destination port range
In the meantime, that field may also be left blank so that it affects all ports, not only that specific range. Jim Pingle
09:36 AM Bug #4300: Can not enter outbound NAT destination port range
One note, it is to be noted that this does NOT seem to break update, nor backup/restore. I.e. on upgrade, from 2.1.5... Eric Hoffman
09:10 AM Bug #4300: Can not enter outbound NAT destination port range
Thanks for the head-up. It seem to be to fix bug #3857. I concur that the edit box is a single port entry, and shou... Eric Hoffman
08:44 AM Bug #4300: Can not enter outbound NAT destination port range
That behavior was changed by https://github.com/pfsense/pfsense/commit/9060f420a9444c68fc8db926787d0bb37d77ed72
Not ... Phillip Davis
07:34 AM Bug #4300 (Resolved): Can not enter outbound NAT destination port range
In pfSense 2.1.5, I could enter an outbound NAT rule with destination port range, and in pfSense 2.2, I get error tha... Eric Hoffman
08:44 AM pfSense Packages Bug #4217 (Confirmed): siproxd on pfSense 2.2-RELEASE i386 fails to start
siproxd works fine on amd64 but fails on i386.
Crashes with signal 4. Jim Pingle
04:50 AM Bug #4298: Excessive errors from snmpd
In the monitoring system there is a strange entry for IP:
Address Interface Netmask
0.0.0.0/ vtnet0 (... Holger Hampel
04:32 AM Bug #4298 (Assigned): Excessive errors from snmpd
When accessing snmp from a montitoring system I get many, many errors (logged in the central syslog):
snmpd[95772]... Holger Hampel

01/25/2015

07:22 PM Bug #4296 (Resolved): Using the same FQDN in multiple aliases causes static entries to be lost
If aliases exist that have both FQDN entries and IP address or network entries, and the same FQDN entries are in mult... Jim Pingle
05:59 PM Feature #2989: Changing language english to turkish not effect
Is the pull request merged? what it's id? Marcello Silva Coutinho
04:42 PM pfSense Packages Bug #4295 (Resolved): stunnel not working in Release 2.2
Installed Package stunnel on pfsense 2.2 but is doesn't work.
(Please see attached file)
I was able to resolve th... Stefan Berger
04:42 PM Feature #4294: Add additonal option to RADIUS Called-Station-Id value
Also, if this ne option is set, the Called-Station-Id should also be the same WAN MAC in RADIUS accounting packets to... James Wood
04:36 PM Feature #4294 (Resolved): Add additonal option to RADIUS Called-Station-Id value
We are a hotspot provider and have many potential customers who are looking to use our service and love their pfSense... James Wood
04:27 PM Bug #4218: Bridge does not have AUTO_LINKLOCAL flag
Can anyone reproduce this? Can this be assigned to 2.2.1? Martin Schmidauer
04:26 PM pfSense Packages Bug #4293: Squid 2.7.9 pkg v.4.3.6 i386 won't start
understand from irc the 64bit package works ok - i386 seems to have issues Walt McDonald
04:22 PM pfSense Packages Bug #4293 (Closed): Squid 2.7.9 pkg v.4.3.6 i386 won't start
squid not starting following upgrade to 2.2
32 bit
squid-2.7.9_4-i386
php-fpm[259]: /rc.start_packages: The co... Walt McDonald
03:47 PM Revision 3aa55bbe: Dynamic DNS wildcard typo
Self-explanatory, just a dumb typo bug Phil Davis
02:24 PM Feature #4292 (New): Show 95th Percentile for IPv6 Traffic in RRD Graphs
The RRD graphs correctly show the 95th percentile for IPv4 traffic but it is neither computed nor displayed for IPv6 ... C0re M
11:13 AM Bug #4286: State killing on gateway change
Ahh - well that is different to what I was thinking. Yes the failback of the OpenVPN traffic in that case will depend... Phillip Davis
10:15 AM Bug #4286: State killing on gateway change
Thank you for your answer, however I forgot to mention that I'm not using OpenVPN server on Pfsense, but on a remote ... Jo S
10:09 AM Bug #4286: State killing on gateway change
This seems more an OpenVPN failover issue. I just tested mine at home on 2.2-RELEASE - failed my main link, my OpenVP... Phillip Davis
04:58 AM Bug #4286 (Not a Bug): State killing on gateway change
Hello,
I have a problem in a multi-wan configuration:
Link 1 (main) in tier1
Link 2 (backup) in tier2
The m... Jo S
11:06 AM Bug #4289: Invalid alias using a numerical name causes a filter reload error
What config look older alias? Dmitry Gnoevoy
11:04 AM Bug #4289: Invalid alias using a numerical name causes a filter reload error
It may be an older notice that hasn't cleared, make sure the alias is gone and then force a filter reload from Status... Jim Pingle
11:02 AM Bug #4289: Invalid alias using a numerical name causes a filter reload error
I Remove it and rename it. But after filter reload error the same # User Aliases
1 = "{ 21 }" Dmitry Gnoevoy
10:45 AM Bug #4289 (Confirmed): Invalid alias using a numerical name causes a filter reload error
You have an invalid alias named "1". Remove it or rename it.
"The alias name must be less than 32 characters long,... Jim Pingle
10:30 AM Bug #4289: Invalid alias using a numerical name causes a filter reload error
Done! Dmitry Gnoevoy
10:20 AM Bug #4289: Invalid alias using a numerical name causes a filter reload error
Please attach a copy of your config.xml and /tmp/rules.debug. A sanitized version of config.xml can be copied from op... Jim Pingle
09:09 AM Bug #4289 (Resolved): Invalid alias using a numerical name causes a filter reload error
Jan 25 16:09:02 php-fpm[55157]: /rc.filter_configure_sync: New alert found: There were error(s) loading the rules: /t... Dmitry Gnoevoy
10:21 AM pfSense Packages Bug #4282: Vnstat2 1.11 Does Configuration Parser Error
Don't forget to also check that the package continues to work on 2.1.x with the fix applied. If it does not, then mor... Jim Pingle
01:53 AM pfSense Packages Bug #4282: Vnstat2 1.11 Does Configuration Parser Error
i tested this and it seems to solve the issue Bipin Chandra
12:55 AM pfSense Packages Bug #4282: Vnstat2 1.11 Does Configuration Parser Error
After digging into this further, this is a "feature" of the PBI architecture, and a bug in the package. The PBI middl... Bryce Chidester
10:18 AM Feature #4291: combined dynamic/static ARP
I'm not sure if it is a bug or this is the normal behavior...
As a work around I do attach another NIC to pfSense... Michael F
09:51 AM Feature #4291 (Rejected): combined dynamic/static ARP
while creating DHCP server there is option called "Enable Static ARP entries"...
When NOT ticked... each lease will ... Michael F
08:11 AM pfSense Packages Bug #4288: inetd is missed by check_mk
inetd is running - but the standard start script is missing.
Also the check_mk config goes to /etc/inetd.conf - th... Holger Hampel
07:48 AM pfSense Packages Bug #4288 (Resolved): inetd is missed by check_mk
When installing or configuring the package I get in the system log:
php-fpm[74859]: /rc.start_packages: The comman... Holger Hampel
05:46 AM Feature #4265: UPNP allow use of alias and schedule
https://github.com/pfsense/pfsense/pull/1438
this patch will allow the web GUI for UPnP to enter more user specifi... Bipin Chandra
05:07 AM Bug #4287 (Resolved): Wrong display for ppp in Interfaces page
Hello,
I have a ppp link configured with a 3G usb modem Huwaei E372 which is working great.
However there is a bu... Jo S
04:59 AM pfSense Packages Bug #4277: squidGuard-squid3 installation Failed after pfSense Update to 2.2
Having the same problem here, see https://forum.pfsense.org/index.php?topic=87325.0
There is no sha256sum for squi... q v
01:37 AM pfSense Packages Bug #4285: lcdproc package is PBI-ignorant, writing configuration outside of the PBI root
Pullreq/patch https://github.com/pfsense/pfsense-packages/pull/795 Bryce Chidester
01:34 AM pfSense Packages Bug #4285 (Resolved): lcdproc package is PBI-ignorant, writing configuration outside of the PBI root
The lcdproc package in the 2.2/FreeBSD-10 release is a PBI and therefore its file access calls go through the PBI pat... Bryce Chidester
12:39 AM pfSense Packages Bug #4271: vnstat2 conf file not pointing to proper path
this seems a duplicate of https://redmine.pfsense.org/issues/4282
fixing that would solve this Bipin Chandra

01/24/2015

09:18 PM Bug #4284 (Rejected): PFSense 2.2. won't automatically add arp entries from multicast mac addresses into its arp table
I have a cluster created with Windows Network Load Balancing using the IGMP multicast. Anyway, the cluster IP has a m... Jonathan Black
07:59 PM Feature #2834: carp+pfsync: add ability to prefer one node as master
Attached is a simple fix based on the initial request of giving people the option to disable the syncing of the skew ... Robert Middleswarth
07:41 PM Bug #4283 (Rejected): Constant cas# device timeout errors and crashes with Sun 501-6738-10
Updated a copy of a working 2.1.5 production system to 2.2 and, during the boot, see constant cas2 and cas3 device ti... B. Derman
07:05 PM pfSense Packages Bug #4198: lightsquid doesn't work, perl is missing
also see post https://forum.pfsense.org/index.php?topic=87316.0;topicseen Cino .
06:52 PM pfSense Packages Bug #4282: Vnstat2 1.11 Does Configuration Parser Error
I can confirm, this bug as well Vnstat2 installs correctly but no logs are ever updated. after going into the shell a... Disk1of5 NA
05:25 PM pfSense Packages Bug #4282: Vnstat2 1.11 Does Configuration Parser Error
(Wow, I meant to update the title slightly... I promise, I speak better English)
Obligatory patch to pfsense-packa... Bryce Chidester
05:24 PM pfSense Packages Bug #4282 (Resolved): Vnstat2 1.11 Does Configuration Parser Error
Since upgrading to 2.2 (and reinstalling all packages), vnstat2 errors out every time.... Bryce Chidester
04:16 PM pfSense Packages Bug #4281: E-Mail Reports (mailreports package) Error With Multiple Graphs
Thanks for fixing the project - didn't realize which project I was in when I opened the issue.
I went ahead and op... Bryce Chidester
04:13 PM pfSense Packages Bug #4281: E-Mail Reports (mailreports package) Error With Multiple Graphs
I've got some other bugs to fix there already (such as updating the mail library). I plan to work on it this week if ... Jim Pingle
03:58 PM pfSense Packages Bug #4281: E-Mail Reports (mailreports package) Error With Multiple Graphs
Simple patch to rename the temporary variable that's conflicting with the global $g.... Bryce Chidester
03:47 PM pfSense Packages Bug #4281 (Resolved): E-Mail Reports (mailreports package) Error With Multiple Graphs
When a report has multiple graphs, the following errors are generated while generating graphs 2-N... Bryce Chidester
02:26 PM Bug #4280 (Rejected): LAN with quad NIC configured with LAGG-LACP and VLANs
Original Post:
https://forum.pfsense.org/index.php?topic=87311
Problem:
With a fresh install of 2.2 and a basic ... Gabriel Zellmer
11:46 AM Bug #4279 (Resolved): Package reinstall displayed when shutting down before upgrade
I have noticed this before when upgrading a slow system (like Alix 2D13). After getting the upgrade it tells you the ... Phillip Davis
11:45 AM Feature #4278 (Resolved): Mail notification change name of the interface info more readable - pfsense 2.2
In mail notification from pfsesne:... Bartłomiej Bujak
11:42 AM pfSense Packages Bug #4277 (Closed): squidGuard-squid3 installation Failed after pfSense Update to 2.2
hello
after updating pfSense to the last release 2.2 it is impossible de reinstall squidGuard-squid3 with the f... idir AIT YAHIA
11:30 AM Bug #4276: Layer 7 not working / ipfw-classifyd high load
In logs:... Bartłomiej Bujak
11:22 AM Bug #4276 (Closed): Layer 7 not working / ipfw-classifyd high load
After upgrade pfsense 2.1.5 to 2.2 i have problem with ipfw-classifyd... Bartłomiej Bujak
10:17 AM Revision 0bf1e5fe: Fixed contextual links
pfSense.css - move help-link to ul that gets positioned
head.inc - implemented fixme
shortcuts.inc - replaced icons Sjon Hortensius
09:53 AM Revision 64c0004e: Updated readme with development instructions
Sjon Hortensius
09:48 AM Bug #4275 (Resolved): ASN.1 DN needs double quotes in config file
Upon upgrade of 2.1.5 to 2.2, strongswan did not start and quit with the following message:
Jan 24 16:12:39 ips... Michel Zehnder
09:38 AM Revision b4988336: Merge branch 'master' into bootstrap
Conflicts:
usr/local/www/head.inc
usr/local/www/themes/_corporate/styles/jquery-ui-1.11.1.css Sjon Hortensius
09:35 AM Revision 4c4e082b: Merge branch 'master' of https://github.com/pfsense/pfsense
Sjon Hortensius
08:50 AM Feature #2599: Captive Portal autologin function better than MAC passthrough
Any updates or work around!?
We also need this option... We use login by MAC address...but it's waiting the client t... Michael F
07:57 AM Bug #3147: Adding new interface can cause issues
This 'bug' appears to have finally been addressed with the changes for #3846 "Adding interface for new VLAN selects a... Chris Thomas
07:41 AM Bug #3290: IPV6 conectivity not restored after cablemodem reset
I had a similar issue when my modem automatically rebooted during Comcast maintenance. Two things... First, a reboot ... Anonymous
06:39 AM Bug #4274: Marking a packet with only a number results in a broken rule
Sorry, just realized I didn't list this as applying to 2.2 and it doesn't seem that I'm able to change it now. Jonathan Dieter
06:37 AM Bug #4274 (Resolved): Marking a packet with only a number results in a broken rule
I have a lot of floating rules used to mark packets with a number that I then catch later to do traffic shaping. Thi... Jonathan Dieter
04:43 AM Bug #4273 (Resolved): OpenVPN options route-nopull and route-noexec swapped
From the pfsense GUI:
Don't pull routes - Don't add or remove routes automatically. Instead pass routes to --route-u... Andreas Winge
04:25 AM Feature #4272 (Rejected): Depreciate Full install. Replace with Embedded, include gui to allow adding a mount / path to install packages to (and additional Full install features as packages)
Embedded looks like a great way to go, why continue supporting a full install?
I've had this idea for a while. It ma... Andrew Stuart
03:52 AM pfSense Packages Bug #4270: Postfix dashboard widget not working in 2.2
I think that is expected unless you have received mail, and thus have an sqlite log/database.
See attached image, of... Andrew Stuart
02:28 AM pfSense Packages Bug #4270 (Closed): Postfix dashboard widget not working in 2.2
The Postfix dashboard widget shows blank in 2.2, likely needs updates for new PHP. Chris Buechler
03:05 AM pfSense Packages Bug #4271: vnstat2 conf file not pointing to proper path
pointed out here
https://forum.pfsense.org/index.php?topic=84026.msg477208#msg477208
fix would be simply changing... Bipin Chandra
03:02 AM pfSense Packages Bug #4271 (Rejected): vnstat2 conf file not pointing to proper path
vnstat2 package conf file in /usr/pbi/vnstat-i386/etc/vnstat.conf and /usr/pbi/vnstat-amd64/etc/vnstat.conf not point... Bipin Chandra

01/23/2015

11:06 PM Bug #4269: Modifying port forwarding rule to invalid IP kill the firewall until reboot
Well, indeed, not 'dead', but traffic is stopped.
I did what you suggested and e don't see any loop. However, I s... Eric Hoffman
10:35 PM Bug #4269 (Feedback): Modifying port forwarding rule to invalid IP kill the firewall until reboot
it's certainly not possible to kill a system by putting an incorrect IP into a port forward. maybe if you managed to ... Chris Buechler
10:08 PM Bug #4269 (Not a Bug): Modifying port forwarding rule to invalid IP kill the firewall until reboot
First, this is using invalid actions, so this is not so critical, but doing so will result in denial of service.
-... Eric Hoffman
09:04 PM Bug #4267 (Closed): IPSEC Phase 1 deletion
thought we already had a ticket to change strongswan's behavior here in the future, apparently not, but we do now. #4... Chris Buechler
08:55 PM Bug #4267 (Closed): IPSEC Phase 1 deletion
Deleting an IPSEC phase 1 entry from vpn_ipsec.php for a tunnel that has not connected does not result in the entry b... Christian Borchert
09:03 PM Bug #4268 (Closed): changes in strongswan config don't apply to SAD or SPD
Doesn't appear we've opened a ticket to address this yet. strongSwan's behavior of not updating the SAD is going to g... Chris Buechler
05:39 PM Bug #4266: Rekeying issues with IKEv1 and multiple P2s under some circumstances
to me for info gathering Chris Buechler
05:39 PM Bug #4266 (Resolved): Rekeying issues with IKEv1 and multiple P2s under some circumstances
Where you have multiple P2s configured on a single P1 with IKEv1, there are some rekeying issues under some circumsta... Chris Buechler
02:52 PM Revision 4c7f7c29: Merge pull request #5 from SanderVanLeeuwen/bootstrap
Updated documentation / guidelines SjonHortensius
06:18 AM Feature #4265: UPNP allow use of alias and schedule
can any of the core developer let me know what would be the preferred method for those permission list so i can make ... Bipin Chandra
02:57 AM Feature #4265: UPNP allow use of alias and schedule
i mean separated with a "," Bipin Chandra
02:56 AM Feature #4265: UPNP allow use of alias and schedule
well, what i can do is is replace the last 4 permission boxes with a single one where some1 could type out all entrie... Bipin Chandra
06:11 AM Bug #4231: bridge or lagg of openvpn link down after reboot
And the interface LAGG is BRIGED with the LAN dominique dupont
04:12 AM Bug #4231: bridge or lagg of openvpn link down after reboot
After the patche of bug https://redmine.pfsense.org/issues/4257
the BRIDGE is OK, but not the LAGG
On 2.2RC last up... dominique dupont
12:42 AM pfSense Packages Bug #4256: Squid3 using 100% CPU after install/reboot
As shown in the log above: some squid processes. The issue is stable to reproduce. Dmitriy K
12:02 AM Revision 323317c3: Typo
Sander van Leeuwen

01/22/2015

10:41 PM Revision 6c943511: Additional documentation
- Added checkbox example
- Form field help block example
- Button and icon usage explained Sander van Leeuwen
08:38 PM Feature #4242: Two Factor or OTP Authentication for Admin Interface
Many if not most 2FA solutions support LDAP and/or RADIUS so are already supported. That said, enhancements here woul... Chris Buechler
07:56 PM Revision 145eb990: Fixes #4257 With the platform_booting() fixes a regression was done on openvpn tap interfaces or dynamic ones that are part of a bridge.
Allow during bootup rc.newwanip to continue up to a ceratin part to handle bridges or other complex interfaces. Ermal Luçi
07:56 PM Revision 30a61a89: Fixes #4257 With the platform_booting() fixes a regression was done on openvpn tap interfaces or dynamic ones that are part of a bridge.
Allow during bootup rc.newwanip to continue up to a ceratin part to handle bridges or other complex interfaces. Ermal Luçi
06:04 PM Bug #4252 (Resolved): radvd not functional with CARP IPs
fixed Chris Buechler
06:20 AM Bug #4252: radvd not functional with CARP IPs
Applied in changeset commit:9b527a7931795466ab7286f0caadd7bef082d002. Renato Botelho
06:10 AM Bug #4252 (Feedback): radvd not functional with CARP IPs
Applied in changeset commit:8e24d1dacd80fd539cc9dd6a5f0a7c8953bcffd0. Renato Botelho
12:58 AM Bug #4252 (Confirmed): radvd not functional with CARP IPs
this is mostly fixed. Where CARP goes to backup status, it seems fine. But if the CARP VIPs are completely gone, it f... Chris Buechler
05:45 PM Bug #4257 (Resolved): tap interfaces missing from bridge after boot
fixed Chris Buechler
02:10 PM Bug #4257: tap interfaces missing from bridge after boot
Applied in changeset commit:145eb9907c638f5a1cf279b480a69bb3556c3b7e. Ermal Luçi
02:10 PM Bug #4257: tap interfaces missing from bridge after boot
Applied in changeset commit:30a61a895a969cfa890a30df76b2f83b252cb231. Ermal Luçi
01:56 PM Bug #4257 (Feedback): tap interfaces missing from bridge after boot
Fixed anything else apart taps through this issue. Ermal Luçi
01:25 AM Bug #4257 (Confirmed): tap interfaces missing from bridge after boot
at the time I set it to 2.2.1, 2.2-release was already built and signed. Since we're rebuilding it for other reasons,... Chris Buechler
12:44 AM Bug #4257: tap interfaces missing from bridge after boot
To remind you: there is no traffic between sites after reboot. Both sides are UP and RUNNING and NOTHING goes between. Dmitriy K
12:37 AM Bug #4257: tap interfaces missing from bridge after boot
Huh, team is going to release 2.2 without working tap openvpn? That's interesting ... Dmitriy K
05:34 PM Bug #4248 (Resolved): AES-GCM doesn't interoperate with devices not using padding
fixed Chris Buechler
05:39 AM Bug #4248 (Feedback): AES-GCM doesn't interoperate with devices not using padding
Fixed by allowing the blocksize to not be multiple of blocksize. Ermal Luçi
01:29 AM Bug #4248 (Confirmed): AES-GCM doesn't interoperate with devices not using padding
Jim mentioned today we'll get this addressed in 2.2.
Ermal: test setup with AES-GCM to an ASA is setup. will emai... Chris Buechler
04:27 PM Revision e8477a56: Text tweak
Sander van Leeuwen
12:02 PM Revision 9b527a79: Make sure radvd is reconfigured when CARP is enabled/disabled. It should fix #4252
Renato Botelho
12:01 PM Revision 8e24d1da: Make sure radvd is reconfigured when CARP is enabled/disabled. It should fix #4252
Renato Botelho
11:41 AM Revision 91729b57: Save the tradition and point to used binaries here
Ermal Luçi
11:41 AM Revision b711bfac: Save the tradition and point to used binaries here
Ermal Luçi
11:03 AM Revision 560d1b53: When configuring radvd, check if carp is enabled. Ticket #4252
Renato Botelho
11:02 AM Revision 7b753c2b: Do not translate function return string
Renato Botelho
11:01 AM Feature #4265: UPNP allow use of alias and schedule
I don't get the design in the first place. You could as many permissions there as needed, if only there was one of th... Kill Bill
04:28 AM Feature #4265 (New): UPNP allow use of alias and schedule
it would be great if the upnp settings page allowed to type in individual client ip for which to allow or deny rather... Bipin Chandra
11:01 AM Revision ee8fb75d: Fix typo in function name
Renato Botelho
11:00 AM Revision 150d479b: When configuring radvd, check if carp is enabled. Ticket #4252
Renato Botelho
11:00 AM Revision 42cc62a2: Do not translate function return string
Renato Botelho
10:59 AM Revision 44763e58: Fix typo in function name
Renato Botelho
10:24 AM Revision 2a746a1e: Add language hint to code block
Sander van Leeuwen
10:22 AM Revision f180fe1a: Code style documentation for tables and forms
Sander van Leeuwen
09:14 AM Revision dc85e806: Merge branch 'master' of https://github.com/pfsense/pfsense
Sjon Hortensius
09:13 AM Revision cc5b2948: Merge pull request #4 from SanderVanLeeuwen/bootstrap
Firewall rules and VPN L2TP layout changes SjonHortensius
09:05 AM Bug #1333: Rate causes high CPU usage
Not here:
PID USERNAME THR PRI NICE SIZE RES STATE TIME WCPU COMMAND
70675 root 1 119 0 3... Wayne Scott
08:22 AM Bug #4240: 2.2 IPv6 radvd RDNSS Issue
attached screenshots Adam Fathauer
06:45 AM Feature #3120 (Rejected): WebConfigurator, open help page on new window
The help link used to open in a new window, it was changed to give the user the choice. The way it is now, the user c... Jim Pingle
03:25 AM Feature #4264 (Closed): Make distinction between general & security updates, while applying the latter automatically
Current pfSense setup does not make a distinction between security updates and general updates. The latter requires a... niels hof
02:48 AM Bug #4258: DNS Resolver - auto-added access controls missing IPv6 subnets where "all" interfaces selected
OK, lets call this fixed then. Thanks. :)
(Kinda inconsistent results, perhaps the VPN stuff would be worth a sepa... Kill Bill
02:43 AM Bug #4258: DNS Resolver - auto-added access controls missing IPv6 subnets where "all" interfaces selected
for v4, it uses the same source networks as it uses for outbound NAT auto rule generation, which is a diff process. Chris Buechler
02:23 AM Bug #4258: DNS Resolver - auto-added access controls missing IPv6 subnets where "all" interfaces selected
Kinda confused really what it covers now. It certainly is adding OpenVPN and IPSec IPv4 subnets to the ACL. Kill Bill
02:20 AM Bug #4258: DNS Resolver - auto-added access controls missing IPv6 subnets where "all" interfaces selected
It only covers interfaces that are assigned and enabled plus static routes for IPv6. Manual entries will be required ... Chris Buechler
02:06 AM Bug #4258: DNS Resolver - auto-added access controls missing IPv6 subnets where "all" interfaces selected
Ok, this works mostly fine, except that it misses OpenVPN's IPv6 (and probably IPsec as well, don't have IPv6 IPsec t... Kill Bill
02:45 AM Feature #4262: Alphabetical listing of interfaces, VLANs
The underlying identifier strings "wan" "lan" "opt1" ... are used all over the place in the config to hook things tog... Phillip Davis
01:55 AM Bug #4261 (Closed): Google Domains Dynamic DNS -- Works on 2.1.5 but not 2.2-RC
Chris Buechler
01:53 AM Bug #4261: Google Domains Dynamic DNS -- Works on 2.1.5 but not 2.2-RC
Works just fine. See https://forum.pfsense.org/index.php?topic=86900.msg477095#msg477095 Kill Bill
12:24 AM Bug #4261: Google Domains Dynamic DNS -- Works on 2.1.5 but not 2.2-RC
Sorry, typo in the report -- I am using HTTPS for all my attempts, not HTTP. I'll start fresh and see if I can figur... Daniel Eckert
12:12 AM Bug #4261: Google Domains Dynamic DNS -- Works on 2.1.5 but not 2.2-RC
oh one difference between what you're doing and we're trying, we're using HTTPS rather than HTTP. Might want to try t... Chris Buechler
01:19 AM pfSense Packages Bug #4263 (Needs Patch): ntopng: historical feature issue
Hello,
i can't use the historical feature. when i try to load historical data after setting interface and time inter... Anonymous
12:59 AM pfSense Packages Bug #4256 (Feedback): Squid3 using 100% CPU after install/reboot
which process is using 100% CPU? Chris Buechler
12:20 AM Feature #4038: Button to clear the arp cache
Chris Buechler wrote:
> Applying that may be dangerous, in that it leaves a file on your system with no authenticati... Josh Finlay
12:04 AM Revision 7fd2a0e3: Strict comparison not necessary here, and makes this fail to work as
intended. Fixes #4258 Chris Buechler
12:04 AM Revision 7684d66f: Strict comparison not necessary here, and makes this fail to work as
intended. Fixes #4258 Chris Buechler

01/21/2015

11:59 PM Feature #3120: WebConfigurator, open help page on new window
Damien Braillard wrote:
> Just a proposition:
> When clicking the help button from a page of the web configurator, ... Josh Finlay
11:58 PM Bug #4261 (Feedback): Google Domains Dynamic DNS -- Works on 2.1.5 but not 2.2-RC
works fine here, we just did some testing with two diff hosts on Google Domains. Both update, both display the correc... Chris Buechler
09:34 PM Bug #4261 (Closed): Google Domains Dynamic DNS -- Works on 2.1.5 but not 2.2-RC
Hi team,
I'm using the new Google Domains Dynamic DNS functionality, and I am pleased that it works so well on 2.1... Daniel Eckert
11:52 PM Feature #4038: Button to clear the arp cache
Chris Buechler wrote:
> Applying that may be dangerous, in that it leaves a file on your system with no authenticati... Josh Finlay
11:44 PM Feature #4038: Button to clear the arp cache
Applying that may be dangerous, in that it leaves a file on your system with no authentication that clears your ARP t... Chris Buechler
11:37 PM Feature #4038: Button to clear the arp cache
Grischa Zengel wrote:
> After swapping IP from two embedded devices (WizNet RS485 Gateways) the gateways weren't rea... Josh Finlay
11:37 PM Feature #4262: Alphabetical listing of interfaces, VLANs
Thanks for the quick reply, Chris! Yes, an option would be great, even if it weren't a change to the default behavio... Daniel Eckert
11:32 PM Feature #4262: Alphabetical listing of interfaces, VLANs
they're listed in the order of their identifier. wan, lan, opt1, opt2, ...
This is one of those things where if y... Chris Buechler
11:16 PM Feature #4262 (Needs Patch): Alphabetical listing of interfaces, VLANs
Hi team,
If possible, I'd love to see interfaces and VLANs ordered alphabetically instead of by order of creation ... Daniel Eckert
08:46 PM Revision f3caa5a4: Ticket #4254 do not put duplicate interface names
Ermal Luçi
08:45 PM Revision 005fd63a: Ticket #4254 do not put duplicate interface names
Ermal Luçi
08:40 PM Revision 44085a65: Ticket #4254 Actually use proper variables allover to have correct route added
Ermal Luçi
08:40 PM Revision b61930dc: Ticket #4254 Actually use proper variables allover to have correct route added
Ermal Luçi
08:34 PM Revision 52b25e81: Ticket #4254 Actually use proper interface to check if gateway exists
Ermal Luçi
08:33 PM Revision 3ad33c0e: Ticket #4254 Actually use proper interface to check if gateway exists
Ermal Luçi
08:25 PM Revision 1e453232: Ticket #4254 Use proper variable
Ermal Luçi
08:25 PM Revision cde88d5e: Ticket #4254 Use proper variable
Ermal Luçi
08:09 PM Revision c7d44786: Ticket #4254 actually use the info on the protocol of the vpn sepcification to be more sure on the family to use
Ermal Luçi
08:09 PM Revision 39e3b27b: Ticket #4254 actually use the info on the protocol of the vpn sepcification to be more sure on the family to use
Ermal Luçi
08:09 PM Bug #4254 (Resolved): Dynamic interface removal/addition breaks IKEv2
that fixes the initial described problem. Also re-verified multi-WAN bits after static routes returned, including dis... Chris Buechler
03:03 PM Bug #4254: Dynamic interface removal/addition breaks IKEv2
Static routes are put back in the configuration. Ermal Luçi
02:38 AM Bug #4254 (Feedback): Dynamic interface removal/addition breaks IKEv2
I put a workaround to not use the interfaces not present in config.
Though the real workaround here is to install ... Ermal Luçi
01:23 AM Bug #4254: Dynamic interface removal/addition breaks IKEv2
sent Ermal details on how to replicate in the test setup. Chris Buechler
08:06 PM Revision 7f9844c2: Ticket #4254 Handle even hosts specified throguh dns name
Ermal Luçi
08:06 PM Revision 95783403: Ticket #4524 Bring back static routes on ipsec to make sure charon does not send traffic through wrong iface. This handles properly ipv6
Ermal Luçi
08:04 PM Revision 4e1fd3b6: Ticket #4254 Handle even hosts specified throguh dns name
Ermal Luçi
08:00 PM Revision c7edf1f8: Ticket #4524 Bring back static routes on ipsec to make sure charon does not send traffic through wrong iface. This handles properly ipv6
Ermal Luçi
07:43 PM Revision 2525ea04: Correct this typo which would make other things break
Ermal Luçi
07:31 PM Revision 121cde47: Be compliant with gatway groups specified on ipsec. Ticket #4254
Ermal Luçi
07:31 PM Revision 312a5188: Ticket #4254 Actually fix this on 2.2 branch since vips are not handled by get_real_interface apparently!
Ermal Luçi
07:31 PM Revision 260c6a7e: Be compliant with gatway groups specified on ipsec. Ticket #4254
Ermal Luçi
06:55 PM Bug #4258 (Resolved): DNS Resolver - auto-added access controls missing IPv6 subnets where "all" interfaces selected
updated subject to specific issue. Fixed Chris Buechler
06:20 PM Bug #4258: DNS Resolver - auto-added access controls missing IPv6 subnets where "all" interfaces selected
Applied in changeset commit:7fd2a0e3a9163d8cc3f578f4bd105ed0c982737f. Chris Buechler
06:20 PM Bug #4258 (Feedback): DNS Resolver - auto-added access controls missing IPv6 subnets where "all" interfaces selected
Applied in changeset commit:7684d66fad740820ca1c945a5b67a6f813306235. Chris Buechler
06:05 AM Bug #4258 (Resolved): DNS Resolver - auto-added access controls missing IPv6 subnets where "all" interfaces selected
IPv4 subnets are automagically added to /var/unbound/access_lists.conf; however this is not done with any of the IPv6... Kill Bill
06:32 PM Revision 083ec796: Ticket #4254 Actually fix this on 2.2 branch since vips are not handled by get_real_interface apparently!
Ermal Luçi
04:38 PM Revision 52b5a223: When radvd is configured on a CARP interface, enable it when it is MASTER and disable when go to BACKUP. It should fix #4252
Renato Botelho
04:36 PM Revision caaaf9ce: Add missing require for filter.inc since vpn_ipsec_configure() calls filter_configure(). It should fix #4236
Renato Botelho
04:36 PM Revision a6934401: When radvd is configured on a CARP interface, enable it when it is MASTER and disable when go to BACKUP. It should fix #4252
Renato Botelho
03:20 PM pfSense Packages Bug #4243: Last squidguard update prevents squid from starting
The problem appears to be more complex than I first thought.
In a fresh install into virtualbox with squid 2.x and s... Volker Kuhlmann
12:27 PM Feature #4260 (Closed): Add ECP DH key groups support
strongswan has had ECP DH key groups support for quite some time, should be added to GUI.
https://wiki.strongswan.o... Chris Buechler
12:13 PM Bug #4257 (Feedback): tap interfaces missing from bridge after boot
Chris Buechler
05:30 AM Bug #4257: tap interfaces missing from bridge after boot
https://redmine.pfsense.org/issues/4146 Kill Bill
04:45 AM Bug #4257 (Resolved): tap interfaces missing from bridge after boot
*Before instance restart/after reboot:*
ovpnc1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 15... Dmitriy K
12:12 PM Bug #4255 (Rejected): Outbound NAT needs config upgrade
you're right, I was too quick on the trigger here. The config upgrade failed on one pair of systems because it was up... Chris Buechler
05:24 AM Bug #4255 (Feedback): Outbound NAT needs config upgrade
Do you have a config that was broken after upgrade? I upgraded a 2.1.x to 2.2 on both modes, automatic and advanced a... Renato Botelho
04:17 AM Bug #4255: Outbound NAT needs config upgrade
There is a code to convert it, it's upgrade_102_to_103() Renato Botelho
11:28 AM Feature #3377: OAuth2 authentication in captive portal
Thomas NOEL wrote:
> Here is a proof of concept, for a OAuth2 captive portal authentication with Google accounts :
... simon mitnick
10:50 AM Bug #4252: radvd not functional with CARP IPs
Applied in changeset commit:52b5a22363d34bbd621b9eb555cf849782318dda. Renato Botelho
10:50 AM Bug #4252 (Feedback): radvd not functional with CARP IPs
Applied in changeset commit:a693440176e8bd4a783a9ccb75d2cd57629b5699. Renato Botelho
12:50 AM Bug #4252: radvd not functional with CARP IPs
The conf file problem is fixed. Since CARP no longer has its own interface, we'll need to start/stop radvd along with... Chris Buechler
09:37 AM Feature #4259 (Resolved): Port forward NAT rules with "any" protocol
Hello,
i'm starting to use pfsense inside my company network but i see that pfsense is missing a NAT ability compare... Anonymous
08:32 AM Revision 778d2ea9: Ticket #4254 specify the list of interfaces to be used by charon. This is a workaround for now. Being investigated the fix.
Ermal Luçi
08:31 AM Revision 89ac17e3: Ticket #4254 specify the list of interfaces to be used by charon. This is a workaround for now. Being investigated the fix.
Ermal Luçi
06:36 AM Revision 94efc59d: Use the parent NIC rather than the VIP. Fixes part of Ticket #4252
Chris Buechler
06:35 AM Revision 2f74d9d8: Use the parent NIC rather than the VIP. Fixes part of Ticket #4252
Chris Buechler
04:42 AM pfSense Packages Bug #4256 (Closed): Squid3 using 100% CPU after install/reboot
1. Install latest pfSense snapshot;
2. Install Squid3 package;
3. Observe 100% load on CPU oob and after reboot;
... Dmitriy K
01:01 AM Bug #4251: NAT Reflection not working if LAN is bridged
The only other explanation that came to my mind is that nat reflection might need a reboot to activate under some cir... Frederic Steinfels

01/20/2015

10:58 PM Bug #4252: radvd not functional with CARP IPs
working on this Chris Buechler
03:56 PM Bug #4252 (Resolved): radvd not functional with CARP IPs
radvd.conf where a CARP IP is chosen results in an invalid config file, as it omits the interface entirely (where it ... Chris Buechler
09:54 PM Revision 81292a2f: The reset button check should happen on all platforms, not only NanoBSD
Jim Pingle
09:53 PM Revision de16863d: The reset button check should happen on all platforms, not only NanoBSD
Jim Pingle
09:47 PM Bug #4255 (Rejected): Outbound NAT needs config upgrade
Outbound NAT configs in 2.1.x and prior use a different XML structure than 2.2, and there isn't any config upgrade co... Chris Buechler
08:54 PM Bug #4253: Diagnostics > Test Port requires Source Port
So sorry to waste your valuable time. I'll do better in the future. Chris Linstruth
07:53 PM Bug #4253 (Rejected): Diagnostics > Test Port requires Source Port
upgrade, that was fixed a while ago Chris Buechler
07:52 PM Bug #4253 (Rejected): Diagnostics > Test Port requires Source Port
The dialog for Diagnostics > Test Port says this for source port, "This should typically be left blank." and the fiel... Chris Linstruth
08:35 PM Bug #4254 (Resolved): Dynamic interface removal/addition breaks IKEv2
Where you have a dynamic interface removed and re-added while running IKEv2 in strongswan, things break. Good easily ... Chris Buechler
06:57 PM Bug #4249 (Feedback): virtual ips backup/restore bug
I replied back on your forum thread, this sounds like a stale upstream ARP cache. Chris Buechler
10:52 AM Bug #4249 (Not a Bug): virtual ips backup/restore bug
the version of the software is 2.2 RC Jan 16 11:53
to take full backup; press diagnostics > backup > full backup >... on dokuz
04:44 PM Revision f0d51562: Place form save button outside form panel for clarity (saves whole form, not just the last panel)
- Increase body bottom margin to create 20px margin between elements
and footer Sander van Leeuwen
02:35 PM Bug #4251: NAT Reflection not working if LAN is bridged
It was bridged with an OpenVPN PSK TAP Client. That connection has been down for about a month but was not disabled. ... Frederic Steinfels
02:20 PM Bug #4251 (Feedback): NAT Reflection not working if LAN is bridged
what was LAN bridged to? Was there an IP on the bridge itself or was it on the LAN interface? Chris Buechler
02:07 PM Bug #4251 (Closed): NAT Reflection not working if LAN is bridged
I have been trying everything to get NAT reflection working. My last effort was to remove LAN bridge (which I wasn't ... Frederic Steinfels
02:21 PM Bug #4206: Missing route creation on DHCP-PD lease where ia-na != ia-pd
Here is a follow-up with 3 attachments: The pcap file, a screenshot of the "Status: DHCPv6 leases" page and the dhcpd... Anders Lind
12:21 PM Bug #4250 (Rejected): IPv6 gateway is not used for default IPv6 route when rebooting, gateway edit page cannot be configured
The IP address and gateway settings on Interfaces > [assigned gif name] should remain at "None".
There is a dynami... Jim Pingle
12:19 PM Bug #4250 (Rejected): IPv6 gateway is not used for default IPv6 route when rebooting, gateway edit page cannot be configured
Error while saving gateway page, having the default checkbox checked:
- "The gateway address 2001:x:x:x::1 does not ... Pi Ba
10:08 AM Revision c4a7740d: Finish preliminary restyle of L2TP configuration
vpn_l2tp.php - Use pill style for navigation
vpn_l2tp_users.php - Cleaned and formatted according to bootstrap style... Sander van Leeuwen
05:21 AM Bug #4248 (Resolved): AES-GCM doesn't interoperate with devices not using padding
As reported on https://forum.pfsense.org/index.php?topic=86866.msg477744#msg477744
The linux hosts like to send unpa... Ermal Luçi
04:51 AM Bug #4246: Fix "netstat -gW" behavior broken in r259638.
This also limit the ability to debug problems with igmpproxy.
Is the fact that MROUTING kernel support is missing ... Jocelyn Le Sage
04:49 AM Bug #4246: Fix "netstat -gW" behavior broken in r259638.
Note that this was working properly in 2.1.5: Multicast forwarding table was displayed for IPv4. Jocelyn Le Sage
 

Also available in: Atom