Activity
From 06/17/2015 to 07/16/2015
07/16/2015
-
11:38 PM Bug #4849 (Not a Bug): ipsec: keepalive not working; wrong source ip used
- While debugging ipsec tunnels between two pfsenses I noticed that using ping on the command line does not work out of...
-
11:35 PM Bug #4848 (Feedback): The remote gateway "ip-adres is already used by phase1 "name of phase 1"
- The issue as described isn't replicable. You get the same error in that described circumstance. The check there is fo...
-
08:14 AM Bug #4848 (Not a Bug): The remote gateway "ip-adres is already used by phase1 "name of phase 1"
- If you clone (copy phase 1 entry) a "phase 1" IPsec connection and only change the "P1 Description" and hit the save ...
-
- The issue's been around since the inception of CARP in 2003, so yeah not likely this is going to change in the near f...
-
09:20 AM Bug #4845: CARP preemption doesn't switch to backup where connectivity between systems is lost but not NIC link
- That other ticket ended up not being related to this, it was a different issue. In that case the "link" was lost from...
-
09:12 AM Bug #4845: CARP preemption doesn't switch to backup where connectivity between systems is lost but not NIC link
- If that's the case, you are right. The only way I can see this working is sending both sending their 'status' via the...
-
- We noticed this at one point back in 2012 or so and I swear we already had a ticket open but couldn't find it. It's r...
- 10:24 PM Revision a296286b: Revert "myid_data and peerid_data fields are not relevant with asn1dn."
- This reverts commit 0e19c4bba659a5f4d28f9c8b20c80717a90964b9.
- 10:22 PM Revision d6908784: Contrary to some reports this is actually usable in some cases, just not
- mandatory. Revert "myid_data and peerid_data fields are not relevant with asn1dn."
This reverts commit b8754cc85db7e... - 10:17 PM Revision 0e19c4bb: myid_data and peerid_data fields are not relevant with asn1dn.
- Conflicts:
usr/local/www/vpn_ipsec_phase1.php - 10:16 PM Revision b8754cc8: myid_data and peerid_data fields are not relevant with asn1dn.
-
07:50 PM Todo #4847: NanoBSD Image Flash Block Misalignment
- Want to add while I'm here, in case some don't read the linked thread. Per the very first reference listed, the begin...
-
- I completely agree.
I would also love to hear about any examples of systems that can currently run pfSense 2.2, bu... -
- Keith Hough wrote:
> Are there any systems you know of that can boot from NanoBSD slice 1, but fail to boot from sli... -
- The boot code and MBR partition tables would remain where they are, in sector 0 / 1. If a system was going to have is...
-
12:36 AM Todo #4847: NanoBSD Image Flash Block Misalignment
- only problem here (assuming it works, and is useful) is that setting to sector 2048 probably renders a lot of old har...
-
- Keith Hough wrote:
> start that partition on sector 64, rather than sector 63 (default) as it is now.
Got ahead o... -
- The upgrade scenario for NanoBSD...
In the research I've done, as far as moving the entire MBR partition down by o... - 07:03 PM Revision 693c13cb: Restrict serial ports glob to cua followed by alpha
- Improve this a little more to match only alpha after /dev/cua (/dev/cuau for example)
- 07:03 PM Revision 3eed76d7: Make serial ports glob cope with many more possibilities
- It originally coped with things like cuau1 cuau1.1
Then I made it cope with things like cuau1 cuau11 but it stopped w... -
06:56 PM Revision d5dd538d: Add leftid and rightid value between double quotes on ipsec config when type is asn1dn. Ticket #4792
-
- 04:45 PM Revision 348c7c87: Remove old, unused NetUtils.js
- 04:44 PM Revision 088af065: Remove old, unused NetUtils.js
- 03:50 PM Revision 8235e730: Restrict serial ports glob to cua followed by alpha
- Improve this a little more to match only alpha after /dev/cua (/dev/cuau for example)
-
08:30 AM
pfSense Packages
Bug #4295: stunnel not working in Release 2.2
- Applied in changeset commit:06a66c936672073525ea2626b85ccc42db104f16.
-
- Updated to 5.20 and fixed for 2.2.x
-
07:38 AM pfSense Packages Feature #1973: Update siproxd to v0.8.1
- now in ports, please update? https://www.freshports.org/net/siproxd/
-
- Fixes are on ports tree - https://svnweb.freebsd.org/ports?view=revision&revision=392293
- 05:07 AM Revision 72b28115: Make serial ports glob cope with many more possibilities
- It originally coped with things like cuau1 cuau1.1
Then I made it cope with things like cuau1 cuau11 but it stopped w...
07/15/2015
-
- The change for NanoBSD would be implemented in the build system. The fdisk command that creates the initial MBR parti...
-
- pfSense NanoBSD images are not flash block aligned. This causes significant slowdown during extended write disk activ...
-
- Done: https://redmine.pfsense.org/issues/4847
Thanks Chris. -
- all my comments were re: rw->ro mount time.
Keith, Phil's suggestion to open a todo including those references is... -
11:00 PM Bug #4814: read-only to read-write mount very slow on nanobsd with slow flash media
- I am happy with the way it is now for 2.2.4. At least it is reliable, even if the speed varies on different cards of ...
-
- Chris, I'm not sure if you are referring to the alignment issue or the remount issue only effecting 1 of the CF / SD ...
-
- Updated subject to reflect the root of the issue. Of a whole stack of various CF and SD cards I have here, there is o...
-
- Works here too. added #4846 todo to remove from pfports when fixed upstream.
-
- This is all fixed now. Current snap is OK. DHCPd is running and a client behind obtains a delegation.
Do we want t... -
- This check was also removed, please try next round of snapshots
-
- It's better but still fails in a related way. There is an additional check that needs to be patched out:...
-
- Patch applied to dhcpd-server
-
- As soon as ISC puts out a release with the prefix6 issue from #4829 fixed, we need to remove our copy from pfports.
-
- there is an issue here, but not as described. opened #4845 for the root issue.
-
- Hi,
I followed the guides on the pfsense portal and also the pfsense Gold book.
Using 2.2.3, at the testing sta... -
- Take a basic WAN and LAN setup, one CARP IP on each interface. If WAN's NIC loses link, the secondary system takes ov...
-
- This reverts commit 81a73bcba3b3a79bb3a7add2e14a46e6af748f50.
-
- This reverts commit 6605035f9d2a04d1d4b724f6e993bc3f5c6d173d.
-
- Looks good now.
-
- I reverted that commit.
-
- Port aliases are non-functional on 2.2.4 snapshots, they appear in rules.debug as empty lists and then the rules fail...
-
- Create a host-type alias. Put just a number in "IP or FQDN" - e.g. I made alias name "Zqw" and a single host "23". Th...
-
07:58 PM Bug #4843 (Not a Bug): Traffic Shapper Wizard
- The traffic_shaper_wizard_multi_all.xml appears to be creating a qLink queue in the incorrect hierarchy for the Lan q...
-
07:40 PM Feature #4133: Add GUI setting for VLANs PCP
- I tested this patch using 2.2.3-Release:
* https://github.com/pfsense/pfsense-tools/compare/pfsense:RELENG_2_2_3..... -
05:51 PM Bug #4817: rc.start_packages: Restarting/Starting all packages on config sync
- I just discovered the same 'problem', but with a more usual set-up. Sync is from primary to secondary, but secondary ...
-
- 04:40 PM Revision dea04167: Display any advanced DHCP server settings RELENG_2_2
- Cherry pick of https://github.com/pfsense/pfsense/commit/90ad3a76edae543bcc63252b14660ac4baee291e
-
- 03:56 PM Revision 3e415478: Cancel button after input error for RELENG_2_2
-
-
03:39 PM Bug #4346: radiusd process is left running after package uninstall
- Thanks! Tested the change and things look good.
-
- Pull request has been merged
- 03:05 PM Revision f8bcdede: Fix issue_ip_type var name spelling
- Actually there was no real problem, but having a mis-spelling like this means that English speakers will waste time (...
-
- 03:04 PM Revision 4433cf85: Firewall Aliases Import display error message for invalid alias name
- If you open firewall_aliases_import and enter just an invalid Alias Name (e.g. a$b) and press save or press save with...
-
- 03:01 PM Revision 043e61ee: Firewall Aliases Edit ensure input_addresses array exists
- If you click "+" to add an alias, then press Save without entering anything, you get:
Warning: Invalid argument suppl... -
-
- thanks
-
01:46 PM pfSense Packages Feature #3272: pfBlocker: Specific ports to block.
- Yeah, this is available in pfBlockerNG (Advanced Inbound Firewall Rule Settings). This can be closed.
-
- Hmmm, would seem to me that the "Raw Config" feature lets you enable just about anything?
https://github.com/pfsen... -
- yeah this was done at some point
-
- Well, the PBI is 0.6.6.2_1 which is latest available port, can be closed.
- 01:44 PM Revision 6605035f: Avoid error loading rules for numeric host name in alias
- Create a host-type alias. Put just a number in "IP or FQDN" - e.g. I made alias name "Zqw" and a single host "23". Th...
-
- 01:38 PM Revision 6b30491f: Interfaces GIF Edit fix do_input_validation
- Make the required fields be correct and match thier text names, which should each have their own gettext() cal so as ...
-
- 01:30 PM Revision e3a5f487: Interfaces GRE Edit fix required fields text
- The reqdfields had only 4 entries but reqdfieldsn has 5 entries and the field names to text descriptions did not matc...
-
- 01:19 PM Revision 0d9fe84b: Interfaces PPPs edit avoid foreach() warning
- If you go to Interfaces, assign, PPPs, press "+" to add an entry, then press Save without entering anything then you ...
-
-
-
- Need to update AES-GCM and AES-NI from FreeBSD -HEAD.
-
-
12:16 PM pfSense Packages Bug #4561: siproxd listening port redirect rule pulling wrong tag from <siproxdsettings> (config.xml)
Thank You!
Saw this and reported on the forum back in 2011.
https://forum.pfsense.org/index.php?topic=43213.m...-
- Pull request has been merged
-
- Pull request has been merged
-
- Pull request has been merged
-
-
- 1.9.14 is pfSense package version, not the upstream release version.
-
06:39 AM pfSense Packages Bug #4839 (Not a Bug): Version of squidGuard on pfSense 2.2
- The squidGuard version information in pfSense 2.2 is as 1.9.14, but the correct version is 1.4.7.
-
09:20 AM Bug #4818: IPSec makes worse in some cases - since 2.2.3 Update
- Since upgrading to pfSense-Full-Update-2.2.4-DEVELOPMENT-amd64-20150712-1215
I´m able to use all vpn tunnels again! ...
07/14/2015
- 11:25 PM Revision 36f90078: Fix glob for serial device names
- Removing the "." that was in {,.[0-9]} allows it to match /dev/cuau10 and onward.
I added lots of comments on the glo... - 11:25 PM Revision ccf504fc: Merge pull request #1752 from phil-davis/patch-9
- 10:55 PM Revision e65ebe32: Fix adding of VoIP rules from traffic shaper wizard where IP/alias is not
- specified.
- 10:54 PM Revision 57945fcc: Fix adding of VoIP rules from traffic shaper wizard where IP/alias is not
- specified.
-
- The match floating rule for VoIP was being skipped when no IP or alias was specified in the VoIP screen in the shaper...
- 09:52 PM Revision 1cc4c9e3: Fix GratisDNS support, manual merge of commit 3e31a7f82589d3350f111bd7d81cc83a0ab253e2
- 09:49 PM Revision 8795064c: Merge pull request #1753 from mortencombat/patch-1
- 09:43 PM Revision 3e31a7f8: Fix GratisDNS support
- The current implementation is not working for me, maybe the interface was changed by GratisDNS? I tested the update U...
-
- Since 2.2.3, enabling SSH at the console on nanobsd goes through the process, but keys aren't generated.
-
-
- Should be fixed by:
https://github.com/pfsense/pfsense/commit/cc4d13683e50595abc14efc43c91a087f123a979
Awaiting fee... -
- Reported on forum:
https://forum.pfsense.org/index.php?topic=96466.0
The glob that matches the serial device name... -
- works
-
-
- this change in dhcpd seems to be wrong. Posted to their list for feedback with additional details.
https://lists.is... -
- fixed
-
03:11 PM pfSense Packages Bug #3363: TinyDNS does not respond to IPv6 subnet
- I am currently not in charge of the router.
However shortly after reporting this issue concerning TinyDNS I changed ... -
- Do you still have this issue with current pfSense version and current tinydns version? Looks like duplicate of Bug #4...
-
- sync no longer added to new installs, and confirmed the upgrade code removes it where it's set and doesn't change any...
-
- I'm confident in this, snapshots including all relevant changes have been through the config_write loop torture test,...
- 01:24 PM Revision cc4d1368: Fix glob for serial device names
- Removing the "." that was in {,.[0-9]} allows it to match /dev/cuau10 and onward.
I added lots of comments on the glo... -
12:17 PM Bug #4817: rc.start_packages: Restarting/Starting all packages on config sync
- I had issues with my bgp and carp configurations also some bugs from version 2.2.1 and 2.2.0.
So for couple of weeks... -
- this is just how things work currently. That normally doesn't matter because only the system with backup status has t...
-
- Hello,
I am sorry for my late response.. It's suck a same...
But I have released I have sync between fw1 and fw... -
- that's been merged, thanks!
-
-
- The patches from https://forum.pfsense.org/index.php?topic=44413.msg236701#msg236701 have been merged, looking at the...
-
-
- Fixed by https://github.com/pfsense/pfsense-packages/commit/27ea3affa00297e713a8cf7c18bb81ec96ba500b
-
- > But I think there are enough nanoBSD systems out there that can potentially benefit that it is worth doing some res...
-
- this is probably much better with latest 2.2.4 @ https://snapshots.pfsense.org, would appreciate your feedback if you...
-
-
- Duplicate of #4814
-
10:28 AM Bug #4835 (Duplicate): Configuration changes are slow to save after upgrade
- I have a HA setup (two physical machines with direct crossover connection for the SYNC interface) previously running ...
-
- And while at it, https://github.com/pfsense/pfsense-packages/pull/894 (the c009c57 commit) is required to be able to ...
-
- This thing is incredibly outdated. Upstream is at 5.20. Please update the PBI.
-
08:08 AM Revision f0b41548: mwexec_bg() and mwexec() - transparent change
- Slight cleanup with two effects:
1) a bit easier to follow
2) background execution returns PID of started process, wh... -
- Virtually no information here. If you have issues with current pfSense version and current tinydns package version, t...
-
03:33 AM pfSense Packages Bug #2720: TinyDNS does not read nameserver_*
- Thanks Kill Bill and Chris Buechler!
-
- fixed, thanks
- 01:26 AM Revision 98de735f: manual merge of Phil Davis pull request, commit b45537f75b24bc323987094e459db7b2f75aa405
- 01:22 AM Revision 82921c72: Merge pull request #1748 from phil-davis/patch-9
07/13/2015
-
- Pull request https://github.com/pfsense/pfsense-packages/pull/901
-
- Every time system is upgraded or vnstat2 package is reinstall, PHP front-end becomes inaccessible. It can be accessed...
-
- Merged and fixed ;)
-
- https://github.com/pfsense/pfsense-packages/pull/899 - perhaps someone's finally gonna pick it up when added as pull ...
-
- confirmed in latest snapshot
-
- next snapshot run, building now, should have it.
-
- port updated, package build running now.
-
12:53 PM Revision c4f22962: Add L2TP server's interface to mpd.conf
- https://redmine.pfsense.org/issues/4830
https://forum.pfsense.org/index.php?topic=95908.0 -
- ALIX and APU both made it through 1000 power cycles while rw mounted on the slowest SD/CF I could find with no proble...
-
- Today another remote site is reporting similar symptoms. I am in the process of turning around the old Jumla one, put...
-
- I got the Alix back from Jumla. The replacement came up first time - thank goodness for AutoConfigBackup and being ab...
-
-
-
-
-
-
-
-
-
-
-
-
- #4608
-
- duplicate of #4806, already fixed in 2.2.4 snapshots @ https://snapshots.pfsense.org
-
01:19 AM Bug #4833: android 5 can't login pfsense 2.2.3 ipsec
- My pfsense is 2.2.3
-
- Hello,
I have set ipsec for mobile client.But it's always show connecting.And I have fot some message for ipsec.
... -
-
-
08:54 AM pfSense Packages Bug #4085: Check_mk agent configuration: 'Listen Port' is required, contrary to description
- JayD - wrote:
> Erm ... clearly a layer 7 issue on my end. FIXED! ;)
// Layer 8
I'll shut up now ... -
- Erm ... clearly a layer 7 issue on my end. FIXED! ;)
-
- Erm. See the pull request above...
-
- Running on 2.2.3 the port still has to be defined manually (see screenshot).
-
- Thanks Phillip!
Done. -
- It will be easy for the devs to review if you go to https://github.com/pfsense/pfsense and make the edit yourself and...
-
- Can it be included into 2.2.4?
-
- Fixed by https://github.com/pfsense/pfsense-packages/commit/266662ff8334da5210ad64f08b050b1167386268
-
06:11 AM Bug #1629: invalid state table entries after WAN IP change
- I forgot to post that i am using 2.2.3 and using multiple GW's to internet.
-
- I get the same behavior for my ipsec tunnels.
if my GW (cable modem giving dhcp to pfsense) "resets" itself i do not... -
- Fixed ages ago with https://github.com/pfsense/pfsense-packages/commit/7232161e99d60256c51a4ee94ef800f6d4f39764
-
05:26 AM Bug #4103: Xen xn NICs can't tag VLANs
- FYI, manually adjusting the select box HTML using an inline edit from the browser allows you to create the VLAN on th...
- 05:08 AM Revision 5eabad3d: Cancel button after input error
- If there is an input error then the edit page is redrawn showing the
input errors. The HTTP_REFERER becomes the curre... -
- Frederic Steinfels wrote:
> It seems the start script is doing more or less the same. I have no clue why the script ... -
03:53 AM pfSense Packages Bug #4717: Asterisk needs workarounds to work properly
- It seems the start script is doing more or less the same. I have no clue why the script did not get executed. However...
-
- I have watched the back-and-forth on that thread and restrained myself from commenting. Keith, I will be surprised if...
07/12/2015
-
- Can we safely assume that proper image alignment with slower flash devices that are having issues, will at least help...
-
- When it's disabled it cannot be started, since the executable bit is removed intentionally - https://github.com/pfsen...
- 07:40 PM Revision b45537f7: Fix references to Load Balancer Virtual Server redirect_mode
- When adding a Virtual Server, if you press Save with blank fields, the validation does not show. That was because the...
-
- greg Bernard wrote:
> Only workaround is to create your own certs using pfSense Cert Manager and apply that to the l... - 07:00 PM Revision ec4112dd: Interfaces PPPs edit avoid foreach() warning
- If you go to Interfaces, assign, PPPs, press "+" to add an entry, then press Save without entering anything then you ...
- 06:43 PM Revision 2f0e31b1: Interfaces GRE Edit fix required fields text
- The reqdfields had only 4 entries but reqdfieldsn has 5 entries and the field names to text descriptions did not matc...
-
- Fixed by https://github.com/pfsense/pfsense-packages/commit/65a36bbf84c3401bc79f49290493a0913fdb4936
- 06:31 PM Revision e2db25cc: Interfaces GIF Edit fix do_input_validation
- Make the required fields be correct and match thier text names, which should each have their own gettext() cal so as ...
-
- Fixed by https://github.com/pfsense/pfsense-packages/commit/d3ea61231ce09601a855da251e8067686c29646d
-
- Fixed by https://github.com/pfsense/pfsense-packages/commit/fe0163a939023f87b259f3475a89ee632824a973
-
- My humble suggestion would be to NOT use "Automatic PTR entry" in your highly weird environment that probably noone e...
-
05:22 PM pfSense Packages Bug #3530: TinyDNS creates incorrect NS records
- To better explain: in my PFsense environment, there are two nameservers:
- recursive nameserver bound to the priva... -
- Cannot see how on earth is proper FQDN "incorrect" and localhost "correct" for a NS record anywhere but for localhost...
-
- @OP: Code examples to remove the widget on uninstall:
https://github.com/pfsense/pfsense-packages/blob/master/conf... -
- SRV was added 4+ years ago: https://github.com/pfsense/pfsense-packages/commit/fceaec0ccf3e2f35959219c5e5498fdfda29a8...
- 04:18 PM Revision 81a73bcb: Avoid error loading rules for numeric host name in alias
- Create a host-type alias. Put just a number in "IP or FQDN" - e.g. I made alias name "Zqw" and a single host "23". Th...
-
- Looks like another round of PBI idiocy. Perhaps try a complete uninstall and reinstall.
-
- Can you post the contents of /usr/local/etc/rc.d/asterisk ?
-
- My car won't go. A.k.a. totally useless bug. Likely duplicate of Bug #4717.
-
- Fixed by https://github.com/pfsense/pfsense-packages/commit/7c10d4029c809d662156d5116be882ba2f8d6af9
-
- Fixed.
-
- https://github.com/pfsense/pfsense-packages/pull/897
-
- I don't know what's exactly "evidenced" by bold text, and definitely cannot see how's it required.
https://github.... -
- Considering we are on 3.0.718, this should be fixed. BTW, 3.0.719 has been released. ;)
-
- https://github.com/pfsense/pfsense-packages/pull/896
-
- Duplicate of Bug #3360
-
- https://github.com/pfsense/pfsense-packages/pull/895
- 08:53 AM Revision 0c53abc2: Firewall Aliases Edit ensure input_addresses array exists
- If you click "+" to add an alias, then press Save without entering anything, you get:
Warning: Invalid argument suppl... - 08:40 AM Revision a3669259: Firewall Aliases Import display error message for invalid alias name
- If you open firewall_aliases_import and enter just an invalid Alias Name (e.g. a$b) and press save or press save with...
-
- Perhaps test with current packages?
-
- 2.2.4 PHP needs upgraded to "5.5.27":http://php.net/archive/2015.php#id2015-07-10-2
> The PHP development team ann... -
- Someone kindly remove the dead, unmaintained and unsupported Squid2 package for 2.2+ and consider this fixed with htt...
-
- Anyterm package no longer exists. Plus really, https://doc.pfsense.org/index.php/Why_are_some_passwords_stored_in_pla...
-
- Should be fixed in Zabbix Agent LTS 0.8.5
-
- Fixed by https://github.com/pfsense/pfsense-packages/commit/8b1b7e27646806c6b283f93a62fd59ed6083f97e
-
- Are you on pfSense 2.1.x or what?
-
- Fixed.
-
- Fixed long time ago by https://github.com/pfsense/pfsense-packages/commit/8121961c39d71cbf57bd332712e044aa6ea05203
-
- PBI stupidity "fixed" as noted above, can be closed.
-
- Abandoned package, no such issue with pfBlockerNG.
-
- Fixed for quite some time.
-
- This works just fine now; obsolete bug.
-
- System - Advanced - System Tunebles: edit net.inet.ip.portrange.first
Duplicate of #4297 -
- Duplicate of # 4608
- 05:49 AM Revision 9a01d22d: Static routes merge "else" and "if" into "else if"
- As suggested by Renato.
-
- https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=200502
https://github.com/zeromq/libzmq/issues/1273
!http://i.i... - 03:04 AM Revision b03de800: Fix issue_ip_type var name spelling
- Actually there was no real problem, but having a mis-spelling like this means that English speakers will waste time (...
-
- Diff attached.
-
- Works for me.
@[2.2.2-RELEASE][admin@gw.localdomain]/etc/inc: diff vpn.inc vpn.inc.orig
1650,1654d1649
< ...
07/11/2015
-
- Denis Kozlov wrote:
> I mean, scale the MBUF according to the number of cores and network cards. Job done.
That's... -
05:51 PM Bug #1221: igb driver mbuf allocation problems on multicore machines aka Could not setup receive structures
- Once again, why can't this be addressed in pfSense?
I mean, scale the MBUF according to the number of cores and ne... -
- The original problem here from years back has nothing to do with anything current, that was a 4 year old driver probl...
-
04:44 PM Bug #1221: igb driver mbuf allocation problems on multicore machines aka Could not setup receive structures
- Still on 2.2.3 this bug is for sure not resolved. Yes there is a manual workaround that needs to be applied on every ...
-
- SU+J gone -> sanity restored. Good riddance.
-
- The interface gets saved OK in the config, but in /etc/inc.vpn.inc function vpn_l2tp_configure() there is no mention ...
-
- I have pfSense with 2 WANs (ISPs) and L2TP server on it in head office (HO). I RDR 1701/udp to LAN address of pfSense...
-
- This fix was released with v2.2.3. I tested it and it works as expected now.
-
- That /usr/pbi/ntopng-amd64/bin/ntopng-geoipupdate.sh is definitely not a shell script, plus it downloads corrupt crap...
-
- Thanks for the follow up.
-
03:00 AM Bug #4827: Static phase2 entry requires modeconfig
- You are right, sorry. Tried again and it generates the proper config. Must have mixed something up.
- 01:03 AM Revision fd29caa1: fix fsync, thanks Phil Davis for noticing
- 01:03 AM Revision 63fcce23: fix fsync, thanks Phil Davis for noticing
-
- Thanks for the report, I'll review.
07/10/2015
- 11:21 PM Revision 88f2c335: fix fsync
- 11:21 PM Revision 362245b0: fix fsync
- 11:13 PM Revision 8a811010: fsync after fclose here, clean up some white space while here.
- Conflicts:
etc/inc/config.lib.inc - 11:12 PM Revision 4171affc: fsync after fclose here, clean up some white space while here.
- 10:48 PM Revision d7b97ca3: fsync conf_path here too
- 10:48 PM Revision 601ba542: fsync conf_path here too
- 09:23 PM Revision 89a8d28e: fix typo
- 09:22 PM Revision 224d9d30: fix typo
-
- I believe this happens when config.cache is corrupt or truncated because of power loss shortly after writing the file...
-
- updated subject to actual issue. SU+J was reverted in nanobsd today after verifying an APU made it through hundreds o...
-
- not sure I'm following what you mean, single address in P2s works as is. What's the circumstance you're referring to?
-
- Static phase 2 entries with a single address endpoint are generated with left/rightsourceip which means that strongsw...
- 07:44 PM Revision f9ee8994: system_crlmanager.php Conversion complete
- Ready for review
This page has a complex mixture of forms and tables. It needs to be
reviewed for functionality. -
- Thanks Clement!
-
10:43 AM Bug #3737: Incoming VLAN traffic fails to reach VLAN interface if PCP not 0
- Chris, if you're interested in using PCP in your configuration you can take a look at #4133 which is more "up-to-date...
-
- I believe this may be related to https://forum.pfsense.org/index.php?topic=87638 (of which I am experiencing the same...
-
- A previously working IPv6 configuration for prefix delegation is broken on 2.2.3.
In /var/dhcpd/etc/dhcpdv6.conf, ... - 01:18 PM Revision f17594c7: Add missing <h2> elements to panel-heading's
- refs #192
- 12:33 PM Revision 11e87d3a: Merge pull request #328 from sbeaver-netgate/Remove-Cancel
- remove all "Cancel" buttons on forms
- 12:19 PM Revision 40f73fe2: Removal of "Clear" controls
- Removal complete from all files
-
11:06 AM Feature #4828 (Duplicate): Advanced option to show hidden firewall rules in web gui
- It would be really nice to be able to see the complete ruleset (including hidden rules like the "default pass rules")...
-
- Moritz Bechler wrote:
> Actually, I think this is a bug in strongswan
Of course not! That's all by (utterly brai... -
- Actually, I think this is a bug in strongswan (just filed it: https://wiki.strongswan.org/issues/1028), as the asn1dn...
-
07:18 AM Feature #4821: PPPoE WANs do not take full advantage of NIC driver queues for receiving traffic
- Seems likely to be this:
"Unfortunately, RSS is usually capable of hashing IPv4 and IPv4 traffic (L3+L4). All other ... -
- That is expected behavior. It matches based on regex/substrings. You can use regex anchors to limit what it matches, ...
-
04:42 AM Bug #4824: Filterting firewall logs by port returns excess results
- The bold 25 above should have read asterisk25asterisk (as in wildcard).
-
- Hi,
If you filter firewall logs by e.g. port 25, the search results appear to be *25* so results include e.g. 1251... -
- Phase 1 configuration is currently restricted to specifiying a single algorithm proposal. Shouldn't be too difficult ...
-
- The strongswan connection config generated for a mobile client association does not include the configured peer ident...
-
- The config.xml portion was fine with Renato's change, but missed other parts of /cf/conf/. Jim T's earlier change get...
-
- James Snell wrote:
> Thank you Tahar for the ln commands, that got it running again for me after I upgraded to 2.2.3...
07/09/2015
-
08:23 PM pfSense Packages Bug #4293: Squid 2.7.9 pkg v.4.3.6 i386 won't start
- Thank you Tahar for the ln commands, that got it running again for me after I upgraded to 2.2.3-RELEASE.
- 07:24 PM Revision 6e332f7f: Debug removed
- Ready for review
-
06:38 PM Bug #4310: Limiters + HA results in hangs on secondary
- This is also happening to me. I though the issue with the limiters was fixed in 2.2.2 and 2.2.3, so I posted a duplic...
- 06:28 PM Revision 3795cc0a: diag_ipsec.php
- Conversion complete
DEBUG still in place -
- Duplicate of #4310
-
- I'd been running two pfsense firewalls on a master/backup setup with CARP. It was running fine on the 2.1.x branch. N...
- 03:19 PM Revision 9a044a7e: diag_gmirror.php
- Conversion complete
-
- Here's one from my Alix at home that happened a while ago, but I thought it might have had a flakey CF card and I did...
-
- http://lists.freebsd.org/pipermail/freebsd-fs/2014-April/019253.html
Can we get rid of the journal "improvement" A... -
- https://forum.pfsense.org/index.php?topic=96326.0...
-
08:01 AM Bug #4808: Unbound segfaults
- Unfortunately not, it seems to crash rather randomly. I'd love to be able to capture a stacktrace or other useful inf...
-
06:58 AM Bug #4804: PPPoE Restart won't update IPv6 routing table with gif
- > How are you restarting the connection that triggers this?
I've written a script...... -
- Updated subject to I think a closer description. But I can't replicate it that much even. Whether via gif, or DHCP6, ...
-
- Maybe my situation is also related to this in some way. We do not get big ping (or I guess other big packets) from br...
-
- Alignment discussed at great length here https://forum.pfsense.org/index.php?topic=95938.0
doktornotor's input can... - 02:50 AM Revision 863094c5: Merge pull request #1739 from yakar/patch-6
07/08/2015
-
- this looks to be fixed. Up to 15 cycles with no issues in a circumstance that would fail at least 50% of the time bef...
-
11:40 PM Bug #4607: Bridge+CARP crashes/freezes pfSense
- Thanks 2.2.3 is working smoothly now .
-
11:38 PM Feature #809: Config sync username change
- Thanks,
Added to : https://github.com/pfsense/pfsense/pull/1735 -
- yeah that's fine to remove the username field, no point in having it right now. Pull request welcome. Thanks!
-
- Related:
* Bug #1971 (Rejected): carp sync username not honored
* Bug #1736 (Closed): Allow other users to be used ... -
- is there any means of replicating?
- 05:33 PM Revision a2a5983a: Restore section commented out for testing
-
- On PPPoE WANs packets are only received on one NIC driver queue (queue0) while packets are transmitted from all queue...
-
01:01 PM Feature #4796: Support Multiple FIBs in pfSense
- I already put in a feature request for this- https://redmine.pfsense.org/issues/4598
- 12:14 PM Revision cffc7ec1: services_captiveportal.php Conversion complete
- Conversion complete
-
- I can somewhat confirm this with the following scenario:
* *Central Office*
** OVPN Server (TCP, AES-256-CBC, LZO... -
08:46 AM Bug #4820: DHCP Scope at setup
- I set LAN and WAN IP info via the console, then completed setup via the webGUI using the wizard. The initial DHCP sco...
07/07/2015
-
- ditto Phil's question. The setup wizard in the web interface definitely doesn't do that, and I don't recall the conso...
-
- How did you do the initial setup - using the webGUI initial wizard, from console menu selections, or?
And how did yo... -
- At initial setup, 192.168.100.1 was used for the LAN IP and a DHCP scope of 192.168.100.0/24 appeared in the interfac...
-
- you have to delete the already-established SAs after making such changes. #4268
-
09:06 AM pfSense Packages Bug #4819: pfSense IPsec rekey not functional
- Florian Ganée wrote:
> Solved by deleting and creating VPN entirely again
-
- Solved by deleting et creating VPN entirely again
-
- Forgot to mention : running 2.2.3-RELEASE (amd64)
-
- IPsec rekey is shown as Enabled in VPN phase 1 and in config files, but in Status > IPsec when Phases 1 & 2 are up "R...
-
10:42 AM Revision 1a1d9a8c: Update index.php
-
-
- Thanks for your quick response Chris!
I tried the last "nighty build" -> pfSense-Full-Update-2.2.4-DEVELOPMENT-amd64...
07/06/2015
- 10:05 PM Revision f2265d88: Fix dashboard hardware crypto display where AES-NI is enabled. Ticket
- 10:03 PM Revision c9e7807a: Fix dashboard hardware crypto display where AES-NI is enabled. Ticket
- 08:41 PM Revision 10c65c48: Don't check whether the QinQ interface exists when deleting. Unnecessarily
- makes QinQ un-deletable where the parent interface no longer exists
(removed, config restored from diff hardware, etc.). - 08:40 PM Revision ee3b5c15: Don't check whether the QinQ interface exists when deleting. Unnecessarily
- makes QinQ un-deletable where the parent interface no longer exists
(removed, config restored from diff hardware, etc.). -
- fixed, thanks
-
-
-
-
-
-
-
- duplicate of #4326
-
- updated subject to root problem, closing out #4596 as duplicate of this.
-
06:32 AM Bug #4326: Limiters on firewall rules where NAT applies drop all traffic
- Like Ryan, I'm still seeing the issue after upgrading to 2.2.3.
-
- this likely overlaps with the changes made as part of fixing #4811, which some have confirmed fixed things for them t...
-
- Since updateing pfsense from V2.1.5 to V2.2.3, I´ve some issues with the IPsec VPN.
I´ve configured about 20 IPsec v... -
- what packages do you have installed?
That says fw1, but the logs indicate something is config syncing to that sys... -
- Applying configuration of pfsense cause openvpn server restart
When you press apply configuration on DNS TAB or on T... -
-
-
- Please try next round of snapshots, a pfSense_fsync was implemented and is being used to make config.xml save operati...
-
- Jim Thompson wrote:
> This needs similar work (and a PHP extension, because fsync() isn't possible via PHP) to what ... -
09:00 AM Bug #4805: Using FQDN and IP in alias causes static entries to be lost
- Another observation, after some time (30min-60min) its recover from badly filled tables and are filled with proper IP...
-
- In the log there is correctly: filterdns: adding entry 1.1.1.1 to table IP_Alias_1 on host fqdn1.server.com
But in ... -
- Update, it is not working even with filterdns.fixed, after some time, if I reload some firewall rules tables are mism...
- 02:00 AM Revision 8cbb22c6: fix includes so shellsession restartipsec works.
- 02:00 AM Revision d04b109b: fix includes so shellsession restartipsec works.
07/05/2015
-
- The sync option was not an *optimal* fix, but it was a proper fix, as it does fix the corruption issue, and was what ...
-
- Thomas X wrote:
> I was just wondering why this could happen although sync was added in 2.2.3.
Probably because t... -
09:16 AM Bug #4523: master.passwd/group file corruption may occur after kernel panic or unclean shut down
- One addition: Filesystem has been in standard NanoBSD mode (ReadOnly) when the loss of power appeared.
-
- Today I had a power loss with pfSense 2.2.3 AMD64 NanoBSD, which seems to have corrupted the installation. The system...
-
- This needs similar work (and a PHP extension, because fsync() isn't possible via PHP) to what fixed the corruption of...
-
- that patch isn't going into pfSense.
We'll investigate 'why' the transition is slow, then attempt to develop a sol... -
- When people go through the hassle of generating their own set of DH parameters, it'd be nice to not overwrite those a...
- 05:33 PM Revision 028ff8f8: Fix #4813 validation of enable/disable of gateways and static routes
- 1) A disabled gateway can always be enabled - no extra validation
needed.
2) When disabling an enabled gateway, check... -
05:21 PM Bug #4237: Error "macro IPsec not defined" once after firmware upgrade
- Having the same issue here:
[ There were error(s) loading the rules: /tmp/rules.debug:108: macro IPsec not define... -
- Validation of enable/disable of gateways and static routes
Pull request: https://github.com/pfsense/pfsense/pull/173...
07/04/2015
-
- Well, apparently there's the same issue with Status - NTP. This can be solved by using -w option (https://bugs.ntp.or...
-
- See screenshot. In fact, the IP is 2001:718:801:230::8c as confirmed by ntpq -p.
!http://i62.tinypic.com/2vvmm4p.png! - 06:47 AM Revision 5af64602: remove debug.pfftpproxy, it no longer exists.
- 06:47 AM Revision f39cb6af: remove debug.pfftpproxy, it no longer exists.
-
- fixed
-
- looks to be fixed in 2.2.4 after gitsync, next snapshot will include those changes.
- 04:11 AM Revision aaf07882: de-activate sync on upgrade where it's enabled now that the root passwd/group problem is fixed. Ticket #4523
- 04:11 AM Revision 2300307e: de-activate sync on upgrade where it's enabled now that the root passwd/group problem is fixed. Ticket #4523
-
- fixed
- 01:06 AM Revision d44e7dc0: Fix keyid identifers, and go back to using %any in ipsec.secrets as in previous versions, fixing a variety of other ID issues. Latter will break some mobile IPsec circumstances, fix for that to come after more testing. Ticket #4811
- 01:03 AM Revision f5aec3e1: Fix keyid identifers, and go back to using %any in ipsec.secrets as in previous versions, fixing a variety of other ID issues. Latter will break some mobile IPsec circumstances, fix for that to come after more testing. Ticket #4811
07/03/2015
-
- this is adequately worked around in 2.2.3 with the usage of sync. Now that we have a proper fix for pw in 2.2.4, and ...
- 06:47 PM Revision a61daab9: Fix put static route destination in config change description
- When enabling or disabling a route by using the enable/disable button on the Routes page, the destination network was...
-
- 06:35 PM Revision 6135a11f: Fix put static route destination in config change description
- When enabling or disabling a route by using the enable/disable button on the Routes page, the destination network was...
-
- #4814 opened re: the regression of #2401 for the slow ro->rw mount issue discussed here.
-
- this patch fixes the issue, though apparently isn't good.
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=176169
... -
- Opening a new issue to track the regression of old bug #2401. The ro->rw mount is so slow on some hardware that it ma...
-
- I just made a pull request for the first tiny error I noticed:
https://github.com/pfsense/pfsense/pull/1736
I am ... -
- If you attempt to edit a static route to disable it and the gateway set is already disabled you will receive the foll...
07/02/2015
-
11:39 PM Bug #4811: keyid identifiers not working
- The likely cause for this is the mishandling of the identity type prefixes, as reported on bug "4792":https://redmine...
- 08:12 PM Revision 49683954: sync up vpn.inc with master. Mostly white space and style changes
- 07:46 PM Revision 255075c9: sync up ipsec.inc with master. Mostly whitespace and style changes.
-
- duplicate of #4309
-
11:43 AM pfSense Packages Bug #4812 (Duplicate): Layer7 Filter
- internet stops working after creating layer 7 filter then adding it into firewall rule.
i followed this link - (http... -
- my internet stops working after creating layer 7 filter then adding it into firewall rule.
i followed this link - (h... -
- Yes, I have used this steps from forum (credit Andrew)
But I did pkg stuff on another pfsense and extracted only bin... -
- Yes, the 2.2.3 New Features and Changes page says that this is fixed in 2.2.3, but here in Redmine it says target 2.3...
-
03:15 AM Bug #4746: captive portal allowed hostnames not loaded into table at boot time
- As stated in version 2.2.3 changelog, this bug has to be resolved but now, it doesn't work also if you add FQDN in th...
-
05:50 AM Bug #4794: Handling of ASN1.DN values for RSA IPsec during upgrades from previous versions
- As I've recently explained on an "Ubuntu bug report related to pfSense":https://bugs.launchpad.net/ubuntu/+source/str...
-
02:31 AM Bug #4596: NAT 1:1 vs VIP, limiters works on LAN, but on WAN breaks NAT
- Tested now.
I confirm the problem on 2.2.3, limiters works well on LAN, but if I enable on WAN breaks 1:1 NAT. - 12:23 AM Revision e9b65f25: fix part of keyid problem. Ticket #4811
07/01/2015
- 09:03 PM Revision 4af5c0c8: Remove unnecessary deletion of rc.conf. Add an empty rc.conf with a note
- so people don't think they should be using it.
-
-
- 08:03 PM Revision 71ffb7bb: Merge branch 'RELENG_2_2' of git.pfmechanics.com:pfsense/pfsense into RELENG_2_2
- 08:01 PM Revision 9924ebd4: Remove the unnecessary deletion of rc.conf. Add an empty rc.conf with a
- note so people don't think they should be using it.
-
- keyid identifiers in IPsec stopped working from 2.2.2 -> 2.2.3.
-
-
-
-
-
-
-
-
- Applied in changeset commit:bc5c2e542c7a89ae59f079540ee6fc8f4183b9aa.
-
- Applied in changeset commit:9195a8378002ed41b459eb8c53a208f5fc6f8d4c.
-
- relayd supports port ranges in the listen directive but the forward directive should only have the first port. Also, ...
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- This does not appear to be specific to NanoBSD or even sync on the filesystem.
I can replicate this by causing a p... -
02:15 PM Bug #4809 (Resolved): Dashboard - Hardware crypto (aesni) display cut off with Netgate ADI Board
- If aesni is available and enabled, the Dashboard displays a cut off Hardware crypto line
Hardware crypto <AES-CBC
... -
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Tomas: what are you changing the binary to, just the one from stock FreeBSD ports?
-
- I support this idea, because it is not difficult to implement and solves many problem.
Currently Im changing binary... - 08:30 AM Revision e2451989: Only process Traffic Graph object if it is open
- Reduces useless CPU use on the pfSense box when the dashboard is
displayed with the Traffic Graphs widget. -
- On one of my pfSense boxes I've seen Unbound segfault a couple of times. Since pfSense doesn't seem to monitor Unboun...
-
- I just hit this issue as well, disabling AES-NI did the trick. It's a bit unfortunate that the release notes/blog pos...
-
04:22 AM Bug #4806: Mobile IPSec Broken on iOS devices after 2.2.3 Upgrade from 2.2.2
- Chris Buechler wrote:
> this diff will fix iOS.
>
> [... @@ -613,7 +613,7 @@ EOD; ...]
>
I saw this issue bef... -
- this diff will fix iOS. ...
-
- Yeah, sorry this is typo, correct one is:
IP_Alias_10 IP_Alias_5, IP_Alias_2, IP_Alias_1, IP_Alias_3, IP_Alias_4 -
- Chris Buechler wrote:
> what type of v6 connectivity do you have? Looks like a HE.net or similar tunnel?
Connectit... -
- adding ticket for tracking, already-fixed issue here:
https://github.com/pfsense/pfsense/commit/342f509028bc675c811...
06/30/2015
-
10:22 PM Bug #4463: Fix the NTPD Access Restrictions / and other NTPD related issues, including GPS
- Anything I can do to help move this along? Do I need to clarify anything?
-
- this ticket is specific to vpnc and only vpnc. iOS PSK issues in 2.2.3 is #4806
-
04:11 AM Bug #4784: IPsec mobile fails with VPNC and "Network List" after 2.2.x upgrade
- Hi,
Attached are the screenshots of the VPN configuration for this, along with a log file of the connection attemp... -
- Hi,
I can confirm that this issue is still affecting me - with the disable AES-NI workaround enabled. My iOS clien... -
- fixing some mobile IPsec scenarios broke iOS PSKs, I'm already looking into it.
-
- Since others are posting to [[https://redmine.pfsense.org/issues/4784]]. I figured it's worth opening a new ticket in...
-
- @Tomas - your description of IP_Alias_10 includes IP_Alias_6
But IP_Alias_6 is not mentioned anywhere else.
Is ther... -
- And IP_Alias_10 contains only IP address from IP_Alias_5
-
- For better replication this is what happening:
IP_Alias_10 IP_Alias_6, IP_Alias_2, IP_Alias_1, IP_Alias_3, IP_Alias... -
- Hi, despite of fact that this issue was resolved (https://redmine.pfsense.org/issues/4296), I have problem, that in A...
-
-
03:26 PM Bug #4790: Established IPSec Tunnel refused transporting further traffic out of sudden.. it than refuses any rule based traffic to anywhere!
- Hi Chris,
I know, that's why I did - before I opened this bug - at least tried it for two days without Snort... in... -
- That definitely sounds like you have a Snort signature set enabled that's too touchy, and it blocked the remote endpo...
-
- Thank you for your Update and Feedback, I found meanwhile that https://forum.pfsense.org/index.php?topic=78151.15 did...
-
- what type of v6 connectivity do you have? Looks like a HE.net or similar tunnel?
Did this work at any previous po... -
- Hello,
after rebooting pfSense 2.2.3 ... -
- given some period of time, it also goes nuts and starts logging like mad, to the extent its logging generates over 6 ...
-
- Opening this back up. Though pfflowd does not complain about the pfsync version, it does not produce any data.
-
-
04:43 AM pfSense Packages Bug #4799: Emulex OCE11102-NT & PFSENSE 2.2.2 & VLAN TAG
- Thank you for your quick answer.
I tested this morning opnsense (the fork from pfsense and based on FreeBSD 10.1)... -
- dem co wrote:
> 3 minutes+ waiting time when running conf_mount_ro() on CF card).
That's due to removal of this p... -
01:48 AM Bug #4803 (Resolved): config.xml is empty if power loss or panic happens shortly after config write
- When running ver 2.2.3 nanobsd with filesystem kept permanently read-write enabled (due to 3 minutes+ waiting time wh...
06/29/2015
-
- I apologize, my issue was not actually with IPsec logging. Syslog was not working at all, even across reboots, on two...
-
- where is it not working, what's blank? It works fine in general.
- 05:30 PM Revision bdfce2a4: Merge branch 'RELENG_2_2' of git.pfmechanics.com:pfsense/pfsense into RELENG_2_2
-
02:54 PM Bug #4326: Limiters on firewall rules where NAT applies drop all traffic
- Ermal Luçi wrote:
> This seems affecting only NAT with limiters.
> It should be handled properly now in 2.2.3 i wil... -
02:19 PM Bug #3096: Limiters problem using Multi WAN
- Any news about when this bug will be dealt with ? I don't see it in the roadmap.
-
- duplicate #4661
-
01:52 PM Bug #4802 (Duplicate): OpenVPN Client wont start after reboot, when set to a Gateway Group specifing a VIP
- An OpenVPN Client won't start after reboot of the primary node, when set to a Gateway Group specifing a VIP.
-
-
- Spoke too soon, I went back and tried it on the original hardware that was used to replicate the problem and it still...
-
- Apparently so. Moving the sleep down below the other line allows it to function. Occasionally drops an error on the c...
-
- guessing this is probably all 2.2.x versions.
Does the workaround in #4740 also work around this? -
- I'm guessing the IPsec service is one you've restarted in the process? There should be nothing rebooting does that re...
-
12:40 PM Bug #4801: IPSec multiple Phase 2 single-phase 1
- Chris Buechler wrote:
> no indications of a bug here. If IKEv2, and a Cisco ASA on the other side, that's #4704 (whi... -
- no indications of a bug here. If IKEv2, and a Cisco ASA on the other side, that's #4704 (which is a Cisco problem ult...
-
- I can not connect multiple Phase 2 single-phase 1.
I have an IPSec VPN with a business partner, but I need to have... -
-
- I don't see this being something we integrate into the user manager, given those with these requirements often have o...
-
-
-
- Thanks Phil. I'll confirm when time permits
-
-
- Superseded by #4801 that has description in english.
-
- Não consigo conectar múltiplas fase 2 com uma fase 1.
Possuo uma vpn IPSec com uma empresa parceira, porém necessi... -
- Customers are still reporting panics on 2.2.3 with all of the fixes thus far applied. Crash dump looks virtually iden...
-
- We can't call this a bug since that isn't a driver we include or have any capability to test. It appears you copied t...
-
- Hello,
I bought a 10Gbe Emulex OCE11102-NT. The network card works fine on FreeBSD 10.1. I tried to configured som... -
- The code was already there with 2.1.x and the unbound *package*. https://github.com/pfsense/pfsense-packages/blob/mas...
06/28/2015
-
- There have been a few times on the forum when people need to be told to put in their Host or Domain Overrides again w...
-
- Fixed by commit to master:
https://github.com/pfsense/pfsense/commit/90ad3a76edae543bcc63252b14660ac4baee291e -
- When the services_dhcp page is shown the contents of advanced settings are not shown to the user - the user has to cl...
-
- The commit to 2.2 branch was:
https://github.com/pfsense/pfsense/commit/dc6695c3f41f65dd3232e311e589bad217bb4c10
Th... -
- Done by commits:
https://github.com/pfsense/pfsense/commit/a7a064f4e523cc94d8570075e8b3b9a9220da3a3
https://github.... -
- Done by commits:
https://github.com/pfsense/pfsense/commit/3d0391f1d843a04ae1072440c8e38bbf392cb4c6
https://github.... -
12:30 AM Feature #4796 (New): Support Multiple FIBs in pfSense
- The current default pfSense kernel is not built with multiple FIB support. Multiple FIB support has been in FreeBSD ...
06/27/2015
-
- The IPsec logs stay blank even when setting all options to "highest".
I believe this is an issue on how the syslog... -
- The certificate CNs are interpreted differently by raccoon and strongSwan, for example:
+raccoon:+
C=US, ST=Whate... -
- I stumbled upon this today.
If you omit the identity prefix altogether, strongSwan will guess and convert the data... -
- Cullen Trey wrote:
> Or just throw away the asn1dn identifier...?
Sounds like a plan. Completely craptastic desig... -
- Okay, understood why it is not possible to specify:
leftid = asn1dn:C=CH/ST=Aargau/L=Baden/O=TechFreak/emailAddres... -
- This is a bug #4275 reintroduced in 2.2.3:
Upon upgrade of 2.2.2 to 2.2.3 strongswan did not start and quit with ... - 01:45 PM Revision 08d1762e: Implement ->toggle(selector, 'disable') + handle adv. globally
- handle advanced globally; when an input has .advanced class, it will
automatically be hidden and a button to show all... - 01:09 PM Revision 9801e938: head - specify utf-8 charset
- 10:55 AM Revision ea5665c7: firewall_rules; implement sortable for ordering rules
- also; remove 'delete selected' and ID column until we know if its
useful; allows buttons and most rules on single li... -
06:45 AM pfSense Packages Bug #4793: squidguard crashes squid when enabled
- Shared object "libldap-2.4.so.2" not found, required by "squidGuard"
2015/06/27 11:42:01 kid1| Starting Squid Cache ... -
- Jun 27 11:36:36 php-fpm[55499]: /pkg_edit.php: The command '/usr/pbi/squid-i386/sbin/squid -k reconfigure -f /usr/pb...
-
- on 2.2.3 squid3 works fine but as soon as u enable squidguard then squid constantly crashes with messages as redirect...
-
05:57 AM Bug #807: Cannot set the keymap to anything other then the default
- Hi,
I observed the same thing on the 2.2.3 fresh install -
- In the installer, it was possible to choose something else instead default. In the 2.2.3 no more keymap are availabl...
-
- Hello,
even worse, if a OpenVPN client in 2.2.3 is set to a GWGroup specifying VIPs, first it is working. Meening ...
06/26/2015
-
05:47 PM Bug #4791: AES-NI on 2.2.3-RELEASE broken with non AES-GCM modes
- Not sure if it's needed but I can confirm that Disabling AESNI works.
-
- Patch that broke it (ipsec_aescbc_aesni.diff) was reverted. Should be fine on 2.2.4 snapshots
-
- Looks like it's related to the AESNI module now attempting to process all AES rather than only AES-GCM. It works fine...
-
- Hi,
Numerous reports are coming in of IPSec not working correctly with the 2.2.3-RELEASE. Multiple failures on sit... -
02:55 PM Bug #4784: IPsec mobile fails with VPNC and "Network List" after 2.2.x upgrade
- Jim P wrote:
> Your issue is likely #4791 and not related to this ticket.
Thanks Jim,
That was my first though... -
- Edward Roper wrote:
> I'm also having this issue. Please let me know if there is any specific information I can prov... -
- I'm also having this issue. Please let me know if there is any specific information I can provide to assist. Everythi...
-
-
-
- Additionnaly I tried to follow this : https://forum.pfsense.org/index.php?topic=52145.msg279761#msg279761
No keymaps... -
- Hi,
I've just installed the 2.2.3 an it still not working -
- https://wiki.strongswan.org/issues/993
- 10:55 AM Revision f3ec49e1: Only process Traffic Graph object if it is open
- The Traffic Graphs widget puts a graph object for every interface into
the HTML of the widget. Underneath the graph o... -
- *Scenario*
* *In General*
* Everything is IPv4 by now
* *Local office* network which is running PFSense in Hyp... -
- This may be a non-issue in 2.3, the whole GUI is getting a Bootstrap facelift (https://blog.pfsense.org/?p=1773)
-
01:27 AM Feature #4789 (Resolved): user interface / text fields are too short to display long alias names
- We use a lot of aliases, which are sometimes very long and we face the problem that in the standard template "pfsense...
-
- The builder has code to make 8 and 16GB images, but we don't generate them ourselves. We do not recommend using NanoB...
-
03:22 AM Bug #3330: Load Balancer showing wrong Status when using aliases for the port
- Just to bump, this is still the case in 2.2.3. If Daniel Onisoru's ports alias issue above hasn't been made into an i...
06/25/2015
-
09:24 PM Feature #4788 (Rejected): Can 8g or larger nanobsd images be made?
- I am loading a number of ISO images and files onto \tftpboot for use with the TFTP package and pxelinux but find the ...
-
06:33 PM Feature #4787: Time restrictions on Users, for Captive Portal auth
- Confirmed this works as expected. Radius server is relatively complex to set up, I will do a tutorial on it.
-
-
-
-
- 11:32 AM Revision 763afdaf: Add semicolon
- Fix delete Java Script to match valid HTML ID
- 11:31 AM Revision 0f383d78: XHTML Compliance
- html id's not permitted to begin with a number.
html id's not permitted to contain '/'
add prefix (entry_) and replac... -
-
06/24/2015
-
07:05 PM Feature #3933: Limiter burst doesn't have any effect
- Target version is 2.3
https://redmine.pfsense.org/versions/16
http://snapshots.pfsense.org/
Shows 2.2.3 as l... -
06:54 PM Feature #3933: Limiter burst doesn't have any effect
- Hi folks,
Any progress on this one? Is there any alpha version that might have this working for me to test .. Thanks! - 05:03 PM Revision fc04a23e: Merge branch 'RELENG_2_2' of git.pfmechanics.com:pfsense/pfsense into RELENG_2_2
- 05:00 PM Revision 90ad3a76: Display any advanced DHCP server settings
- when the page is first displayed.
This has annoyed me a few times and it annoyed me again just now. I had some settin...
06/23/2015
-
10:24 PM Bug #3858: DynDNS errno 47: Address family not supported by protocol family
- I put together a quick test on Linux (using pycurl) that basically does:...
-
- Chris Buechler wrote:
> that's what happens when you're dual stack, the URL has an AAAA, and it's updating a v4 IP.
... - 09:29 PM Revision 9cbb7fe4: It's time for 2.2.3-RELEASE
- 09:25 PM Revision 5b1844a6: Bump to 2.2.3-RELEASE
-
07:32 PM Revision 47b09af7: Add D1540-XG.
-
- 06:36 PM Revision ba8c6e37: Introduce Netgate RCC-DFF to the list of known platforms
- 06:35 PM Revision 91bbf120: Introduce Netgate RCC-DFF to the list of known platforms
- 05:31 PM Revision 96072f52: rereadall is not enough here, restore reload call to make sure everything works. Ticket #4785
- 05:31 PM Revision 2f898d6a: rereadall is not enough here, restore reload call to make sure everything works. Ticket #4785
- 05:15 PM Revision 8961801d: Replace ipsec rereadsecrets + reload by single rereadall, that will re-read also cert changes. Ticket #4785
- 05:15 PM Revision 9edeadc5: Replace ipsec rereadsecrets + reload by single rereadall, that will re-read also cert changes. Ticket #4785
- 05:12 PM Revision a241d6b5: Instead of sending USR1, just call ipsec reload. And before it, call ipsec rereadsecrets to make sure new secretes are updated. It should fix #4785
- 05:12 PM Revision bc7748f7: Partially revert 019ee2bc8c, this workaround is not necessary. Real fix will be committed after this
- 05:12 PM Revision dbd43cc2: Instead of sending USR1, just call ipsec reload. And before it, call ipsec rereadsecrets to make sure new secretes are updated. It should fix #4785
- 05:11 PM Revision d30038e0: Partially revert 019ee2bc8c, this workaround is not necessary. Real fix will be committed after this
-
- confirmed good.
-
- Applied in changeset commit:a241d6b53ac8d1aefe854d673ed5f41693ce9388.
-
- Applied in changeset commit:dbd43cc24d6c18f6bf279c4e52a7a01d2bdfb8c5.
- 01:22 PM Revision 019ee2bc: Add a workaround for ticket #4785:
- There was a regression on strongswan between 5.3.0 and 5.3.2 as reported
at [1]. To workaround this issue, add an ext... - 12:59 PM Revision 29c9e140: Add a workaround for ticket #4785:
- There was a regression on strongswan between 5.3.0 and 5.3.2 as reported
at [1]. To workaround this issue, add an ext... -
10:53 AM Bug #4642: OpenVPN process status stopped... but its running
- Updating:
Ok, 21 days passed, and there it goes... today I have discovered on the monitored nanobsd installs final... - 07:28 AM Revision 9a3ec939: Standardize widget iform and submit names
- The log and picture widgets were both using "iforma" and "submita".
Actually it did not break anything because it was... - 06:48 AM Revision c598160a: Fix var name typo in shaper.inc
- 06:45 AM Revision cfc6fd8d: Merge pull request #1728 from devnullity/patch-1
- 05:53 AM Revision 6538d33a: GW widget input form name-id needs to be unique
- among all widget forms.
Traffic Graphs widget already uses the vanilla name "iform". Reusing that name causes Traffic... -
- Well, this does not work for the console menu either. Plus, I don't think it's limited to static IPv6. It's broken fo...
-
- 02:31 AM Revision 9a8a5e6a: Don't delete /var/tmp/, that was originally done to clear session data at boot, but no longer applicable as session data is no longer in /var/tmp/. Credit to 'aa' on opnsense forum.
- 02:27 AM Revision 5e1ff564: Don't delete /var/tmp/, that was originally done to clear session data at boot, but no longer applicable as session data is no longer in /var/tmp/. Credit to 'aa' on opnsense forum.
-
- you can use firewall rules with schedules to accomplish that in some cases. Otherwise you're best off using RADIUS au...
-
- I'd like to let my kids use the net between certain hours, but deny them after bedtime.
Could the pfSense user man... - 12:43 AM Revision d812e83e: Use $myid in ipsec.secrets. Ticket #4785
- Conflicts:
etc/inc/vpn.inc - 12:42 AM Revision fe96d725: Use $myid in ipsec.secrets. Ticket #4785
06/22/2015
-
- all good.
-
- It was happening when wrong kernel was selected during installation. I've changed kernel order for ADI and Embedded i...
-
- there is something wrong here, though it's not clear what. The issue is replicable with Jody's config, and a slightly...
-
01:20 PM Bug #4784 (Closed): IPsec mobile fails with VPNC and "Network List" after 2.2.x upgrade
- We usually use a wrapper client (Shimo) for vpnc that helps us with some route automation, but for purposes of simpli...
-
09:49 PM Bug #4345: Traffic Shaping doesn't work with Xen netfront driver
- I think same as Grischa Zengel said!
We need an option to disable xn implementation -
12:56 PM Bug #4345: Traffic Shaping doesn't work with Xen netfront driver
- I'm installing the next server and need 8+ networks. Because xen can't handle so much NICs I have to use tagging.
... -
- duplicate of #3858. that didn't change on upgrade, guessing maybe this is the first you've had IPv6. Changing your pr...
-
- I just updated from 2.2.1 to 2.2.2. I have Dynamic DNS enabled for my domain hosted at Google Domains, and DynDNS is...
-
- that's what happens when you're dual stack, the URL has an AAAA, and it's updating a v4 IP.
-
- the semicolon separators are required, as it says in the notes field there. Some additional input validation there wo...
-
- should be fixed, need to double check every type of config to verify all still work.
-
- Where using IKEv2 with PSK on a site to site VPN, where the identifiers are IPs, and the remote is a FQDN, you end up...
- 06:34 PM Revision b7316893: This is incomplete. Leaving for 2.3. Revert "Ticket #4683 merge in brainpool for DH parameters"
- This reverts commit 7dc35024af3af1d644c25b002ca9f40f1d61c05b.
-
- no change from last comment. filterdns is running with the correct instance ID for -y, logs that it's adding entries ...
-
- Thanks for the heads up, Lars. We're short on time for 2.2.3, plus don't generally put features into maintenance rele...
-
08:21 AM Feature #4683: Support for elliptic curve for IPsec on webconfigurator
- Can see that you have only merged parts of the 1649 pull request. Things like IPsec phase 1 is missing AES GCM suppor...
-
- The "can't assign requested address" means something is already listening on port 10000. You have something else boun...
-
- for aliases that big you're best off using URL Table aliases instead
- 07:20 AM Revision be253f60: Add DNS host override descriptions
- since we can sometimes provide a useful description from that config
data also.
Fill the $iplookup array with host or... -
- not seeing any scenario where this still happens.
-
- The traffic graph can already display a choice of IP address, Hostname or FQDN in the table of top bandwidth hogs.
S... -
- splitting con entries will suffice here. this should be straight forward, quick, and low risk, but if there are compl...
-
- The RTT and Loss figures on the Gateways widget are for ping responses to the gateway monitor IP, which often is diff...
-
- fixed
-
- Ermal suggested replicating with very low bpf buffers and high ARP traffic. I've had an arp-scan across one /16 and o...
06/21/2015
-
11:49 PM Revision 5a147eaf: Fix var name typo in shaper.inc
- Fix typo so get_bandwidthtype_scale can do more than default to "1".
-
- works from what I can tell. Markus, if you can see any remaining issues here in 2.2.3, please follow up.
-
- this is still replicable as described, but only with ASAs, and only as initiator when triggered by traffic. Manually ...
-
- something's changed in the OS X client since last trying this. I'll revisit for further testing.
- 09:01 PM Revision 62102a8b: Specify $myid rather than %any here, otherwise user manager and mobile PSKs won't match. Ticket #4781
- Conflicts:
etc/inc/vpn.inc - 09:00 PM Revision 887093c3: Specify $myid rather than %any here, otherwise user manager and mobile PSKs won't match. Ticket #4781
-
- no known way to replicate this. Likely fixed with the patch that's been merged but will leave for feedback.
-
- confirmed working on one system
-
- PSKs defined in the user manager and vpn_ipsec_keys.php result in: ...
-
01:19 PM Bug #4780: max_input_vars limit reached with aliases having >1000 members
- pfSense version 2.2.2
-
- The limit has been reach for long alias lists used in firewall configuration.
firewall_aliases_edit.php
Warning... -
10:33 AM Bug #4779 (Not a Bug): OPENVPN - Exiting due to fatal error
- Since I'm using pfSense 2.2.2 I get the following error, every time the switch is turned off - the device is disconne...
06/20/2015
-
- this is fixed, opened #4778 for aforementioned remaining issue.
-
- The serial console on the ADI memstick image isn't setup correctly post-install.
-
- Was just wondering if it's specific to your file, or any similar file. If the one you attached suffices to replicate,...
-
- fixed
-
- this isn't easily replicable, so not sure whether it's still an issue. Will leave for feedback
-
- Tried after changing both hosts to use unicast pfsync, which had no impact. It seems to alternate between hanging the...
06/19/2015
-
- that triggers a kernel panic in FreeBSD 10.1. Same wifi card in an 11-CURRENT (as of a couple days ago) box, tcpdump ...
-
09:37 PM Bug #4777: tcpdump causes kernel panic when deleting underlying interface
- pfSense just prompted me, then automatically uploaded a crashreport (approx 2015-Jun-19 21:40 CDT [GMT-5]). Of cours...
-
- Cloned ath0 interface.
Ran tcpdump on console against ath0_wlan1.
Deleted ath0_wlan1 from GUI (Interfaces->Wireless... -
09:34 PM Bug #4766: "URL Table (IPs)" and "URL (IPs)" do not work when text file is hosted on a fresh install of pfSense
- I can't share the IP addresses because they are Tor bridges, which must be kept secret in order to be useful. Does th...
-
- the upgrade issue you noted is fixed for 2.2.3, release coming next week. Upgrading to the latest snapshot from snaps...
-
- I tested an auto-upgrade again before doing the test you suggested. The auto-upgrade sort of failed somehow because t...
- 06:33 PM Revision 10a1c51d: Obsolete pt_BR.ISO-88591 in favor of UTF-8
- 06:31 PM Revision a3918e59: Move pt_BR translation from ISO to UTF-8
- 06:29 PM Revision 6b42b02c: Move pt_BR directory, it's moving from ISO to UTF-8
- 06:15 PM Revision 3d0391f1: Display monitor IP on Gateways widget
- This change adds a setting for the Gateways dashboard widget so the user
can choose to display the Gateway IP, Monito... -
-
-
- that's due to a configuration mismatch of some sort. Please post to the forum or mailing list for help troubleshooting
-
- replied back on your forum thread. this works in general, we can troubleshoot further on forum.
-
03:35 PM Revision 3378289a: Ticket #4746 Correctly set global variables to be used by hostnames cod epaths
-
-
- this issue is fixed. there is a different problem in that it doesn't enable the serial console properly after clean i...
-
- Ok that's a different circumstance from the other I mentioned (which is the same as what Bipin noted). That's never a...
-
04:06 AM Bug #4760: PPPoE loses connection to modem, clicking connect does not reconnect but rebooting pfSense does
- It's a virtual machine on ESX, using E1000 nics, the NIC isn't locked however as the web interface on the ADSL modem ...
-
- for me alix via chipset and 2 full install machines with realtek chipset have this issue
-
- I moved it to UTF-8, it's working now.
For reference commit:6b42b02cc0 commit:a3918e5999 and commit:10a1c51d87 -
- Thanks Robert, we'll get that reviewed, tested and merged soon for 2.3.
-
- The DHCP/DHCPv6 stuff was meanwhile fixed, apparently. System - General Setup and the Captive Portal still remain.
-
- closing in favor of #4683
- 11:51 AM Revision 320ed23c: Merge pull request #1724 from phil-davis/patch-3
-
- Hi,
as I was creating a WLAN for our company based on pfsense APs, I run into the problem, that pfsense has no opt... -
-
- Merged.
-
- I thought this was due that now unity plugin is not anymore loaded by default.
-
- this doesn't appear to be an issue anymore with 2.2.3, though I haven't narrowed down exactly where that changed yet....
-
- works
06/18/2015
-
- works
-
-
- By default pf uses a frag limit of 5000. Several customers and users have reported hitting that limit on 2.2+ resulti...
-
- fixed
-
- this should be fixed already. adding this to remember to test on new snapshot.
/etc/rc.d/hostid was missing +x, w... -
-
- the REKEYED entries no longer exist since that separate bug was fixed, which leaves this fine.
-
- Turkish works now, though selecting PT-br still leaves you with English.
-
- can't replicate that here either, and that code hasn't changed in quite some time. will leave for feedback for now.
-
- The current code does unset and the code to unset has been in place for ages (3+ years). See source:"usr/local/www/di...
-
- Hmmm - I guess on restoring from a backup that has RRD data, the system should remove existing RRD data files, build ...
-
- Well, the problem apparently is this:...
-
- 2.2.3-DEVELOPMENT (amd64)
built on Sun Jun 14 19:59:54 CDT 2015
FreeBSD 10.1-RELEASE-p12
With the "do not backup... -
- This is a full install. With the box, I get ~4 MB with huge <rrddata>; without the box, it's ~8 MB with two <rrddata>...
-
- Guessing it's because we enable certificate validation by default in 2.2.x there, and the default self-signed cert wi...
-
- Perhaps you could post the results of this:...
-
- Let me point out that the "URL Table (IPs)" version of this test does not produce any error messages. Therefore, if i...
-
- It's a list of IP addresses, one IP on each line. I just tested it in a new install of 2.1.5, and it works fine there...
-
- this is correct now in every circumstance I could previously replicate problems.
-
-
-
- not the modem, what hardware are you running pfSense on, specifically what NICs but other details might help.
-
- The actual hardware is a BT Voyager 190 Ethernet ADSL modem with the unlocked firmware on it.
I assume that the is... -
- https://forum.pfsense.org/index.php?topic=41061.0
long thread but to me it seems the nic drivers is the culprit, t... -
- fixed
-
10:56 AM Bug #4364: cannot change or set keymap during and after install
- Hello.
Just installed 2.2.2 x64 and the problema is still here.
Best regards. - 05:26 AM Revision 41e9efe6: chmod +x hostid
- 05:26 AM Revision f6a4fe06: chmod +x hostid
-
- fixed, thanks!
06/17/2015
-
- Tobias: if you have a 2.2.2 (or newer) config that'll replicate, I'd definitely like to check it out. Email to cmb at...
-
- what hardware?
the only issue along those lines I can recall in any version was some modems combined with some ol... -
- what's in some_file.txt? I'm guessing nothing, you're trying to fetch a file that doesn't exist, given it happens aft...
-
- On nanoBSD 32-bit running snap from Wed Jun 17 18:54:23 I can't replicate this. With the box checked I get an ordinar...
-
- This worked just fine before the latest batch of commits (i.e., a week ago, or even less).
- I have the "Do not ba... -
- no change here. Logs show during boot: ...
-
- this change could also be what completely broke CP (see #4751)
-
-
-
- it works fine. keep the discussion of support issues on the forum please. I replied back there again.
-
01:43 PM Bug #4765: NAT Reflection (Pure NAT) rules not setup for traffic originating from same subnet as final destination
- I don't understand the meaning of "looking for something that won't exist" considering that the rest of your comment ...
-
- replied back in your forum thread, you're looking for something that won't exist, but where the "Enable automatic out...
-
- Just what algorithms and what version of ipsec you are using.
Preferably send me /var/etc/ipsec/ipsec.conf and /tm... -
03:30 PM Bug #4770: Packet Filter Reject IPSEC packets
- How much detail do you want? I'd rather not leak all our info onto the net.
-
- Can you also describe your tunnel configuration here?
-
- ...
-
- what's the rule that's blocking it? click the red X.
doubt this is a bug, probably something like Snort enabled w... -
- Periodically the firewall starts firewalling traffic coming through one or more IPSEC tunnels. Doing "Filter Reload" ...
-
- Applied in changeset commit:e932c35017d0c5e35957e01c90dab57a0519f588.
-
- Applied in changeset commit:2e0397e05b6168dfcfbd04c9f3629a988744a8b2.
-
- If the L2TP subnet overlaps a subnet that contains a port forward target, and automatic outbound NAT for reflection i...
-
- no change, as long as you have some traffic passing through a limiter, the secondary hangs within ~1-4 hours.
-
- I'll see if I can reproduce this, but the diag_tables showed all IP addresses (I should add that I have applied the p...
-
- diag_tables shows what is in the table (""in memory" alias") at the time the page is loaded. filterdns keeps that upd...
-
- Yes, sorry, diag_tables.php.
This showed all entries as being correct, however, when looking at the resolver logs ... -
- When the DHCP server issues an IP to a host that provides a name, that name cannot immediately be resolved by the DNS...
-
- the created rules largely aren't IPv4/IPv6-specific, and will work for both.
-
09:30 AM Feature #4769 (Resolved): IPv6 support in the Traffic Shaper Wizard
- It would be really nice if Traffic Shaping Wizard could be set to also create IPv6 rules.
-
-
- Yep this commit broke it by showing that there might have been other issues that now are handled properly.
Next sn... -
- This patch (or something else in about the same timeframe) completely broke CP in 2.2.3. No contexts are created.
... -
- EDIT:
15 days passed by since I installed watchdog and set it to keep ntp up (ntp crashed all the time).
Since th... -
- no change, but we'll leave as-is for 2.2.3. Limiters in general are better in 2.2.3 than earlier 2.2.*.
-
- confirmed upgrades on 1.2.3, 2.0.3, 2.1.5, 2.2.2, including both 32 and 64 bit for all 2.x. All fine.
-
- fixed
-
- fixed. We'll again verify as part of the release test matrix on each install type.
Also available in: Atom