Activity
From 06/28/2015 to 07/27/2015
07/27/2015
-
11:54 PM Bug #4513: Change in IP Alias name causes no tables on reboot
- Bump this to make it appear later than the 200 entries Chris just mass-changed. I think this one can be closed as dup...
-
11:00 PM Bug #4522 (Not a Bug): ipsec mobile client not working on android
- this is a bug in racoon on Android. Described here. https://wiki.strongswan.org/issues/255 also #4891
not a bug i... -
-
- haven't gotten info to replicate, and no one else has reported same.
Eric: if you can provide specifics to replic... -
- thanks Phil. Agree on getting rid of all the complications here. I went through and tested it all myself too after yo...
-
- For master: https://github.com/pfsense/pfsense/commit/8e24ffdd7a0cea3580f15317275128c6abe924d2
For RELENG_2_2 and 2.... -
- Oops, I put url_port instead of url_ports in that first pull request.
A hopefully better attempt is https://github.c... -
- Forum: https://forum.pfsense.org/index.php?topic=97101.0
It seems I did not consider the url_port alias type when "f... -
- From Diagnostics->DNS Lookup it was reporting stuff from the upstream public DNS for me, as well as 127.0.0.1 so I us...
-
01:16 PM Feature #4883: DNS Fowarder domain overrides
- Today I tried switching from forwarder to resolver and was unable to get resolver to resolve against multiple entries...
-
- yes, true, I misread that as Resolver.
If dnsmasq implements same support, we can definitely implement there as w... -
08:05 PM Revision 31e66b41: Move cleargpt.sh and cleargmirror.sh scripts to main repo
- 07:42 PM Revision ade65176: Fixed "Save" action
- 07:18 PM Revision 46bb6ced: firewall_shaper_layer7 done
-
06:38 PM Bug #4873: Key Exchange version "Auto" isn't really useful, remove it.
- As a temporary measure, I have backed out commit 4d7568404c276ea8fd10583e8d769f5ba82587aa by hand for testing. This, ...
-
- Thank you Chris. Is there anything I could put in via system patches rather than hand editing files?
-
- given the issues with it, I assumed no one could have been successfully using it. Sorry that was a wrong assumption i...
-
- Forgive me for being direct...
The existing solution may not have been proper, but it did work and was very useful... - 05:54 PM Revision 6b7ae4af: Strip any \r when parsing URL table ports file
- If the URL table ports file at the URL specified has lines separated by "\r\n" rather than just "\n", then the code h...
-
-
-
- 05:51 PM Revision 2b869fa1: Strip any \r when parsing URL table ports file
- If the URL table ports file at the URL specified has lines separated by "\r\n" rather than just "\n", then the code h...
-
- 05:47 PM Revision 8e24ffdd: Consider url_port alias type when checking port-type aliases V2
- This time I have typed url_ports correctly.
-
-
04:31 PM Bug #4345: Traffic Shaping doesn't work with Xen netfront driver
- > 2.2.4-RELEASE Now Available
When can we use this?
There are security fixes, which we must have. - 02:41 PM Revision d7b67981: Consider url_port alias type when checking port-type aliases V2
- This time I have typed url_ports correctly.
-
- During boot any urltable_ports type aliases will be loaded from the specified URLs into files in /var/db/aliastables/...
-
01:47 PM Bug #4892: LDAP Windows 2012 R2
- Using LDAP with OUs and 2012 R2 in multiple places. Definitely not a generic issue.
-
- I do not have anonymous binds enabled. I have a domain user & password specified. The tests shows that connect and ...
-
01:33 PM Bug #4892 (Rejected): LDAP Windows 2012 R2
- This should be on the forum first for discussion until/unless a bug is confirmed.
That said, I hit something recen... -
- I have an existing Active Directory domain and I recently added another AD Server in my existing domain. Existing se...
-
- Err... not XML, but tinydns.inc; the point obviously stands, though. (I suspect that beyond /usr/local/bin/svscan, al...
-
- @Michael: These issues won't go away until the PBI shit dies in 2.3. Meanwhile, I looked at the code and the only fix...
-
01:18 PM pfSense Packages Bug #4555: Tiny DNS: Service does not start
- (This is an issue in 2.2.3 as well as 2.2.1)
-
- I started working through the issues, beginning at tinydns.sh
Unfortunately it was taking more time than I have avai... -
- Forum reference for tracking:
https://forum.pfsense.org/index.php?topic=96927.0
https://forum.pfsense.org/index.p... -
- You're on a version that's no longer supported, and there isn't anything here that describes an actual bug (lighttpd ...
-
05:30 AM pfSense Packages Bug #4889 (Not a Bug): pfSense 2.1.5 amd64 with haproxy-devel 1.5.3: (connections.c.277) SSL: -1 5 32 Broken pipe
- Hi,
we have several pfSenses as firewalls with loadbalancing. We're using haproxy-devel for our service, because t... -
- That's a bug in the Android client with strongSwan -- appeal to one or the other to fix it: https://wiki.strongswan.o...
-
11:02 AM Bug #4891: android 5 can't login pfsense 2.2.4 ipsec
- I was upgrade from 2.2.3,it's version also can't connect ipsec by android 5.
I never connect ipsec by android 5.I ca... -
- What version were you on before the upgrade, when it was working?
-
- I use pfsense 2.2.4.The client use Android 5.
I screenshot some pic.You can see some config. -
- Not enough detail here. Should be discussed in a forum thread first to narrow down a specific issue before opening a ...
-
- Hello,
I have upgrade to pfsense 2.2.4.But it's always can't connect it by android 5.
It's have log.
Jul 27 10:4... -
- As already noted on another bug - please, remove the unmaintained, horribly broken and dead Squid2 package. Noone sho...
-
08:17 AM pfSense Packages Bug #4887: nonexistent lib file - (lightsquid not work)
- im using lightsquid with squid3 and works fine on 2.2.4
-
07:52 AM pfSense Packages Bug #4887: nonexistent lib file - (lightsquid not work)
- #squid2
ln -s /usr/lib/libssl.so.7 /usr/lib/libssl.so.6
ln -s /lib/libcrypt.so.5 /usr/lib/libcrypto.so.6
-
- lightsquid not work - nonexistent lib
#perl not work
ln -s /lib/libutil.so.9 /lib/libutil.so.8
#GD not work
l... -
- im having same issue, setting to 0666 works fine
-
- no relation to base version
-
12:16 AM pfSense Packages Bug #4885 (Resolved): squid3 chmod error at boot after reinstall post-upgrade
- when squid3 start
warning: chmod() expects parameter 2 to be long, string given in /usr/local/pkg/squid.inc on line ... -
- Files under /var/etc are not meant to be touched by human hands. For persistent files, place them in a location that ...
-
07:53 AM Bug #4890 (Rejected): OpenVPN - File created with ifconfig-pool-persist is destroyed upon system reboot
- +Issue:+ File created with the ifconfig-pool-persist Advanced Configuration option is destroyed upon system reboot.
... - 07:00 AM Revision 645f2fa8: Pkg install error handling and connect timeout RELENG_2_2
- Fixes Redmine #4884
1) Line 778-780 - If the fetch of any of the package additional files
fails then bail out. This p... - 06:57 AM Revision 2da055f0: add a check to avoid foreach on non-array
- 06:57 AM Revision 56fd056b: add a check to avoid foreach on non-array
-
- Note: This seems to have broken url_port alias processing.
See new bug https://redmine.pfsense.org/issues/4888 - 02:29 AM Revision dd03760e: Check if the actual $fieldname element is present in the $a_pkg[$id] array before trying to assign its value. Do same with default_value. Fixes issue where default value was not being populated for newly added fields.
-
- Pull request for RELENG_2_2 https://github.com/pfsense/pfsense/pull/1790
I managed to get an example with it faili... -
-
- has no relation to base version
-
- when ntopng start
warning: Invalid argument supplied for foreach() in /etc/inc/pkg-utils.inc(423): eval()'d code o...
07/26/2015
-
- there were a variety of problems with that implementation. we'll properly implement it in the future.
-
- While I haven't reviewed the strongSwan code, I can attest that operationally auto is not a synonym for IKEv2. I've b...
-
- it being a synonym for IKEv2 was only true of pre-5.x strongswan versions (see my above comment). But still it wasn't...
-
- It would be useful if it was actually auto. It's not. It's a synonym for IKEv2 in strongSwan. Needs fixed upstream.
-
- Hate to disagree, but auto is indeed useful. Removal breaks the ability to mix IKEv1 and IKEv2 mobile clients.
-
- The code that gets "additional files" during package install does not pass failure codes back up to the overall packa...
-
- That certainly works with DNS Resolver (unbound).
https://redmine.pfsense.org/issues/4350
https://github.com/pfsens... -
- you can, add the same domain multiple times.
-
- Within the DNS forwarder under the domain and host overrides it would be a good feature to allow a list of DNS serer ...
-
- You really have pfSense 2.3?
Duplicate of Bug #4555 -
- https://github.com/pfsense/pfsense-packages/blob/master/config/tinydns/tinydns.inc#L77
- 08:20 AM Revision a34e9807: Bring back the ability to specify file and URL as command line arguments. Clean it up a bit.
-
- the 119 to 120 is regarding upnp, i had modified it such that now the user can add multiple user specified permission...
-
- There is a 119_to_120 config upgrade in master, which needs to be double checked, and if fine, bump the config versio...
-
- The root problem is that unbound reload functions (-HUP, unbound-control reload) actually stop, then start unbound. W...
- 12:51 AM Revision 8691632c: Upgrade config to 11.9. Changes IPsec peer ID for EAP types to "any", to retain previous behavior.
- Conflicts:
etc/inc/upgrade_config.inc - 12:45 AM Revision 905205a2: Change the log for CRLs with no data (exists but no certs revoked) to a warning since it's not technically an error.
- 12:41 AM Revision 5e11c6a1: Upgrade config to 11.9. Changes IPsec peer ID for EAP types to "any", to retain previous behavior.
- 12:34 AM Revision c6354005: Change the log for CRLs with no data (exists but no certs revoked) to a warning since it's not technically an error.
- 12:21 AM Revision 29fc0334: Initialize variables
07/25/2015
- 10:00 PM Revision b0994811: Add 'any' option for peer ID, for mobile IPsec scenarios where you can't or don't want to check peer ID.
- Conflicts:
usr/local/www/vpn_ipsec_phase1.php - 09:58 PM Revision 9a2bec12: Add 'any' option for peer ID, for mobile IPsec scenarios where you can't or don't want to check peer ID.
-
10:27 AM Feature #1831: Captive portal IPv6 support
- Hi,
I just stumbled over this ticket after trying to find the reason for IPv6 not working in my guest WiFi. Since ... -
09:50 AM Feature #4881 (Resolved): Allow NPt to use dynamic IPv6 networks
- It would be very helpful to allow NTp to be used with dynamic IPv6 connections.
-
- thanks
-
- Fixed with the above pull req. Thanks.
-
- 1/ All settings lost on reinstall/upgrade. After reinstall, I'm left with this in config.xml...
-
- thanks doktor
-
- This should be fixed now.
-
02:44 AM Todo #4672: Update igmpproxy to latest version
- p.s. just in case it wasn't obvious, you still need to update igmpproxy to version 0.1 - the above just relates to en...
-
- I've updated the post. There's a better way. Rather than creating igmpstart.sh, you can just edit the line in the s...
- 02:05 AM Revision ff01ab1a: Replace space to tab indentations
- 01:29 AM Revision b11eea17: Remove unused variables
- 01:15 AM Revision 10da4aea: Remove unused variables
-
- https://github.com/pfsense/pfsense/pull/1784
Dunno why this needs to be logged or what kind of debugging is this s...
07/24/2015
-
- yeah, done. Thanks
-
- Plus it's already done.
-
07:30 AM Feature #4171: Allow for one rule to apply to both ipv6 and ipv4 to allow all protocols.
- I think this was already requested in #3367
-
- this was done in an earlier 2.2.x release
-
- 06:12 PM Revision 7903dd5e: Tree javascript lib added to repo
-
- Yes, you are right. There is a bit of duck-and-weave in the changes there to save the previous strings, get the $POST...
-
- thought I'd submitted this yesterday but was still sitting here.
Thanks Phil. Assuming testing checks out fine, we'... -
12:18 PM Bug #4817: rc.start_packages: Restarting/Starting all packages on config sync
- Well to correct my own typo and partly answer my own question therein:
'_Is_ this just down to using OpenVPN, becaus... -
- https://github.com/pfsense/pfsense/pull/1782
This is one possible quick-and-dirty pragmatic way to fix this. Increme... -
- file_notice() keys its entries by the Unix time() stamp that is only to the second. If the system wants to notify the...
-
- https://github.com/pfsense/pfsense/pull/1783
has a suggested solution. -
- For example:
LAN 192.168.1.1/24 with DHCP pool 192.168.1.100-192.168.1.199 working fine.
OPT1 192.168.2.1/24 with D... -
- Kill Bill wrote:
> That /usr/pbi/ntopng-amd64/bin/ntopng-geoipupdate.sh is definitely not a shell script, plus it do... -
- ...
-
08:17 AM Bug #4298: Excessive errors from snmpd
- We are also experiencing the same issue. When doing snmp walk's against the pfsense firewall we get timeout's at diff...
-
04:19 AM Bug #4850: RRDGraphs suddenly stop recording
- http://clickmy.website pfsense config-router.thedesignspace.org-20150724095531.zip
Dear Chris and others,
Many th... - 04:09 AM Revision f674922e: Lower LoginGraceTime to 30s, should be plenty long for users, and mitigates the password login attempt bypass bug in OpenSSH. Ticket #4875
- 04:07 AM Revision 29f5f85e: Lower LoginGraceTime to 30s, should be plenty long for users, and mitigates the password login attempt bypass bug in OpenSSH. Ticket #4875
- 03:58 AM Revision 26ab9c1a: Display monitor IP on Gateways widget
- This version is for system patches to 2.2.4 systems
-
- Perhaps also this (copied from pfBNG update log) - really cannot see how I'm hitting the 10M limit here....
-
- Reference: https://forum.pfsense.org/index.php?topic=95989.0...
- 12:56 AM Revision 8e3c8f53: Bump to 2.2.4-RELEASE
07/23/2015
-
- fixed
-
- strongswan 5.x versions do have a concept of 'auto' in that they'll accept either v1 or v2 as responder, use v2 only ...
-
- removed, and upgrade code added to convert. Should be good now.
-
- With "Key Exchange version" set to Auto in IPsec Phase 1, the Mode setting is set to Main in the GUI even if Aggressi...
-
- if/when it gets fixed upstream we'll patch it. You have the same option that everything else does - disable password ...
-
- Have you actually tested this? Because, mind you, you'll get banned from the firewall: https://doc.pfsense.org/index....
-
08:36 PM Bug #4875: Security issue with OpenSSH "ChallengeResponseAuthentication yes" (implies KbdInteractiveAuthentication yes)
- Current workarounds are:
1) Do not allow password authentication for ssh. The default setting for sshd in public k... -
- http://www.infoworld.com/article/2951100/security/bug-exposes-openssh-servers-to-bruteforce-password-guessing-attacks...
- 11:17 PM Revision 021a97b5: Only omit rightid for PSK mobile types. Flip the logic here as the 2_1 !
- logic gets ugly.
- 11:15 PM Revision 6d86e659: Only omit rightid for PSK mobile types. Flip the logic here as the 2_1 !
- logic gets ugly.
- 08:03 PM Revision bdd9efb3: change iketype auto to ikev2 on upgrade. Ticket #4873
- 08:02 PM Revision e7f4a964: change iketype auto to ikev2 on upgrade. Ticket #4873
- 07:47 PM Revision 4d756840: Remove "auto", it's just a synonym for IKEv2. Ticket #4873
- Conflicts:
usr/local/www/vpn_ipsec_phase1.php -
- thanks Paul
-
07:45 PM Bug #4556: pfSense_getall_interface_addresses() does not return scope identifier for link-local addresses
- Duplicate of #4062
-
- This also broke functionality in diag_ping and diag_testport pages.
- 07:43 PM Revision 47f80269: Remove "auto", it's just a synonym for IKEv2. Ticket #4873
- 07:34 PM Revision c03512f5: include vpn.inc so IPsec CRL reload works. require_once filter.inc in
- vpn.inc for callers there that haven't already included it.
- 07:31 PM Revision 0dea741f: include vpn.inc so IPsec CRL reload works. require_once filter.inc in
- vpn.inc for callers there that haven't already included it.
- 06:38 PM Revision d17c4ee9: Fix spaces
- 06:38 PM Revision b28e1512: firewall_shaper_queues completed
-
- The RSA cases are no longer skipped, and work correctly now. Commits (didn't tag this ticket since it's private):
h... -
-
06:04 PM
pfSense Packages
Bug #4857: Cannot install squid3 on pfsense 2.2.3
- Reinstalled pfsense from scratch using the config.xml backup I had previously created, and ended up in the same situa...
-
- the issue will be addressed at some point. The complication is you can't just not restart in that circumstance, as th...
-
04:49 PM Bug #4287: Wrong display for ppp in Interfaces page
- Here is the output:
[2.2.3-RELEASE][root@home3-fw.localdomain]/tmp: usbconfig
ugen0.1: <OHCI root HUB 0x8086> ... -
- What is in /tmp/3gstats.* ?
and what is the output of:
usbconfig
?
Those things are used by function get_interf... - 03:38 PM Revision 806942d0: Final changes on firewall_shaper ??
- 03:19 PM Revision 9ddd492c: Javascript changed to jQuery
-
- Seems to be fairly rare, but there is a potential crash in pf that has been hit at least once:...
-
- fixed
-
- looks good, works with IPsec now, and still works with OpenVPN. want to get additional feedback and testing before cl...
- 01:37 PM Revision aef9d8fe: Partial converson
-
-
-
- this should be fine. I'm going to make sure my LTE card works (in a few hours, it's at home), then this should be goo...
-
- Thanks for the follow up. Should only run 64 bit on 64 bit hardware. Whatever issue there is something in FreeBSD rat...
-
11:29 AM Bug #4871: Boot loop on older hardware when installing latest Version.
- Just tested the 64Bit LiveCD Installer Version and this works fine (2.2.3)
-
- When I install pfSense on my Dell Optiplex 320 (Pentium 4), the installation runs fine till the reboot question at th...
-
10:18 AM Bug #4872 (Duplicate): GRE tunnels on CARP endpoint doesn't get started at boot
- GRE tunnels doesn't get started at boot.they dont have the running flag. If i login to the console and do a ifconfig ...
-
- Well, there's no media info on pppoeX, not sure what you want to display there. Just run ifconfig and see for yourself.
-
- This might be related to commas coming back in the status information. So maybe it is fixed with:
https://github.com... -
- i managed to trigger it again on the same box and got the config file, can u give me ur mail id so i can send the con...
-
- actually few months back when i opened this ticket, i had sent the config file and Chris and way to replicate, cant s...
-
- @Bipin - I just fixed a different issue https://redmine.pfsense.org/issues/4568 where some things the interfaces.php ...
- 05:34 AM Revision d55f6326: Most of the flowtable bits were removed some time ago, take out the last of them too.
-
- https://github.com/pfsense/pfsense-packages/pull/904
- 05:32 AM Revision b0deba23: Most of the flowtable bits were removed some time ago, take out the last of them too.
- 05:21 AM Revision 6141f51a: When a CRL is updated, refresh strongswan's CRLs.
- 05:20 AM Revision fa944e1d: When a CRL is updated, refresh strongswan's CRLs.
- 02:59 AM Revision 85cf3f4f: Merge pull request #1775 from phil-davis/Interfaces-Widget-2-2
- 02:57 AM Revision 241c48ef: Add isset check for strictcrlpolicy
- To be consistent with the checks in the rest of this code.
- 02:57 AM Revision 1d3c9c9f: Merge pull request #1778 from phil-davis/patch-1
-
- Actually I looked at the code more and option (d) was easy to do and seemed reasonable. Pull request https://github.c...
- 12:54 AM Revision a95acf12: Add isset check for strictcrlpolicy
- To be consistent with the checks in the rest of this code.
-
- Pull request submitted:
https://github.com/pfsense/pfsense/pull/1779
07/22/2015
-
- Please post to the forum for assistance. This doesn't meet criteria for a bug report. https://doc.pfsense.org/index.p...
-
11:35 PM pfSense Packages Bug #4870 (Not a Bug): Bandwidth Limiter
- Bandwidth Limiter is not Working Properly.
-
- Note: both Local IP, subnet and Gateway fields are lost for all but the first of multiple interfaces selected for MLP...
-
- The problem is at line 929 in the configs above. The alias did not get renamed in the outbound rule. That has been fi...
-
- Commits for master to finally get the all-singing all-dancing version of the glob:
https://github.com/pfsense/pfsens... -
- Thanks, I understand what you're saying now.
There's a reason things are the way they are - iOS and similar Cisco... -
11:40 AM Bug #4825: Mobile client IPsec config omits peer identifier
Don't have the 2.1 config around anymore, sorry. But I do not think it is necessary.
In
https://github.com/pf...-
- merged that one as well, thanks Phil!
-
- Pull request https://github.com/pfsense/pfsense/pull/1775 for RELENG_2_2
-
-
- Commit for master: https://github.com/pfsense/pfsense/commit/a607968ab4fbfc5fa3baf6ce6282065e22b81847
Commit for REL... -
- Also if you select some debug level settings when saving the very first time, then those are not actually saved.
T... -
- On a system that does not have IPsec enabled, go to VPN->IPsec, Advanced Settings tab and press Save (leave all the d...
-
08:50 PM Revision f812b883: removed $output (on review not really needed)
- the only use for $output is as a temp variable to hold the imploded array, which is used in the following sprint and ...
-
- style changes per @rbgarga
- 08:10 PM Revision bfc1c4b0: make the IPsec bypass LAN from LAN subnet to LAN subnet rather than from
- LAN subnet to LAN IP. Same end result except it'll work for VIPs on same
interface now. - 08:08 PM Revision 699e2074: make the IPsec bypass LAN from LAN subnet to LAN subnet rather than from
- LAN subnet to LAN IP. Same end result except it'll work for VIPs on same
interface now. - 08:03 PM Revision df4de32d: Add IPsec advanced option for strict CRL checking
- 08:03 PM Revision 7361628b: Add IPsec advanced option for strict CRL checking
- 06:32 PM Revision cc31dc7a: fix typo
- 06:31 PM Revision 0be67fe5: fix typo
- 06:24 PM Revision b3bcc729: Handle IPsec Advanced Settings save before IPsec is enabled
- If the Advanced Settings are saved before any other IPsec is set up then $config['ipsec'] can be just the empty strin...
- 06:22 PM Revision 3453cbfc: Merge pull request #1777 from phil-davis/patch-1
- 06:06 PM Revision 14ec7c4b: write out built-in CRLs for strongswan
- 06:05 PM Revision 5bded426: write out built-in CRLs for strongswan
-
04:39 PM pfSense Packages Bug #4868: excessive Quagga package restart when IP change
- Fantastic! Works fine. Thanks.
This patch will it be implemented in a future release? -
- http://files.pfsense.org/jimp/patches/skip_restart_for_routing_packages-2.2.2.patch
-
- Already mentioned on this thread one year ago :
https://forum.pfsense.org/index.php?topic=80262.0
Quagga/OSPF ser... -
04:39 PM pfSense Packages Bug #4869 (Duplicate): TinyDNS services fail to start in pfsense 2.3
- I have been trying to install abd run TinyDNS into pfsense 2.3 but it does not seem to setup correctly.
From the l... -
- Codel patch is being reviewed
-
05:31 AM Bug #4692: CODELQ scheduler defaults to incorrect "target" and "interval" values.
- Good to hear.
There are two different methods of employing codel.
1. Where codel is the one and only scheduling... -
05:14 AM Bug #4692: CODELQ scheduler defaults to incorrect "target" and "interval" values.
- Kieran Cawthray wrote:
> As far as I can see, the interval is correctly set to 100 on both the 20150721 and 20150719... -
- As far as I can see, the interval is correctly set to 100 on both the 20150721 and 20150719 nightly builds, the targe...
-
- fixed
-
- 31ae45d2535e73f58b307f18227ba29a9061d2af looks good to me.
keyid might deserve some quotes, too, but that's propa... -
- Fixed, please try next snaps
-
- Checking
- 01:51 PM Revision a607968a: Handle IPsec Advanced Settings save before IPsec is enabled
- If the Advanced Settings are saved before any other IPsec is set up then $config['ipsec'] can be just the empty strin...
-
- There is no /conf so loading the config fails when booting the ISO, as do several other install-related tasks.
It'... -
- the values that were originally under System>Advanced (of which MSS clamping is the only remaining) are within system...
-
07:39 AM Bug #4864: IPsec MSS clamping not backed up in IPsec partial backup
- My pfSense installation is running the current 2.2.4 development and the problem is that the Maximum MSS is being bac...
-
- There are some fixes to the way the "Enable bypass for LAN interface IP" check-box is handled that are coming in 2.2....
-
- Maximum MSS (probably all in the Advanced settings in the VPN IPsec) is not being backup in the XML file.
-
08:55 AM Feature #4863 (Assigned): Add support for Sierra MC7355
- Try to get patch into 2.2.4,, but don't hold up release.
-
02:10 AM Feature #4863 (Resolved): Add support for Sierra MC7355
- Support was added to pfSense version 2.2.3 for Sierra MC7354 hardware modem. Request to add MC7355 Product ID due to ...
-
08:39 AM Bug #4866 (Resolved): L2TP server are restarted after adding/modifying L2TP users (mpd.secret)
- Full daemon restart is useless since mpd reads mpd.secret on the fly (as I can uderstand from mpd4's code). One probl...
-
06:10 AM Bug #4804: PPPoE Restart won't update IPv6 routing table with gif
- Emailed you my findings.
- 05:08 AM Revision d97992c7: Interfaces widget use more obscure separator RELENG_2_2
- Redmine #4859 fix for RELENG_2_2
- 04:54 AM Revision fcb477c0: Merge pull request #1774 from phil-davis/interfaces-widget
- 03:51 AM Revision 9cbdb6e3: Interfaces widget use more obscure separator
- when acquiring the interface data. In particular the media information
can have commas in it already as reported in R... - 12:25 AM Revision 8c378f3f: Unset old CA and Cert in left system config
- Unset any old CA and Cert in the system section that might still be there from when upgrade_066_to_067 did not unset ...
- 12:25 AM Revision 909d9ec1: Merge pull request #1770 from phil-davis/patch-1
07/21/2015
-
- thanks Phil. Merged to master, doesn't cherry-pick clean to RELENG_2_2 because of style diffs. Not difficult to fix, ...
-
- Yes, it was an easy fix. Comma was being used to separate the various interface data items and that data also had a c...
-
04:09 PM Bug #4859 (Resolved): Cosmetic dashboard issue with bce/bge interfaces
- When running bce/bge interfaces directly connected (e.g. a sync interface between cluster members) one of the ports n...
-
- thanks Armin. Emailed you back for feedback.
-
- fixed
-
- I probably fixed this by coincidence (didn't recall this ticket existed until now) earlier today. I think what Adam's...
-
- thanks for the config. I deleted it from here since there are potentially sensitive things in it and added it to a pr...
-
- duplicate of #4508
-
- The MailScanner is release Stable v4.85.2-3
-
- Hello,
The package MailScanner can't start on pfsense 2.2.3,Could fix in next release? -
08:47 PM pfSense Packages Bug #4862 (Needs Patch): HAVP won't start
- I'm unable to get HAVP to even start. I have attached screen shots. Below are system logs filtered on HAVP. Also, I h...
-
- CRLs generated by the built-in certificate manager should include authorityKeyIdentifier. This was changed in openssl...
-
- Renato Botelho wrote:
> Ben Cook wrote:
> > I think there is already a (newer) patch merged, but according to a few... -
- Ben Cook wrote:
> I think there is already a (newer) patch merged, but according to a few sources, the patch is not ... -
- I think there is already a (newer) patch merged, but according to a few sources, the patch is not working.
http... -
- Pull request has been merged. Thanks!
- 06:05 PM Revision 564f1356: Unset old CA and Cert in left system config
- Unset any old CA and Cert in the system section that might still be there from when upgrade_066_to_067 did not unset ...
- 04:51 PM Revision ebd900f9: Allocate dnpipe and dnqueue numbers even if no filter rules
- It would be quite unusual to have no filter rules array, but if that is indeed the case then the first part of this c...
-
- 04:41 PM Revision 2abf33ed: Captive Portal zoneid upgrade fix var name typo
- With the typo, this empty() test would always have been true. So maybe on upgrade some existing captive portal zoneid...
-
- 04:27 PM Revision 55fae310: Captive Portal zoneid upgrade fix var name typo
- With the typo, this empty() test would always have been true. So maybe on upgrade some existing captive portal zoneid...
- 04:02 PM Revision 34823356: Allocate dnpipe and dnqueue numbers even if no filter rules
- It would be quite unusual to have no filter rules array, but if that is indeed the case then the first part of this c...
- 03:33 PM Revision 661de3e7: Unset old CA and Cert in system config
- This looked odd. Why would we leave behind the old "ca" and "cert" section in $config["system"]?
I guess it would do ... -
-
-
-
-
08:25 AM Bug #4326: Limiters on firewall rules where NAT applies drop all traffic
- I'm still seeing the issue after upgrading to 2.2.3. NAT with limiters means no traffic. Once the rule is saved with ...
- 05:34 AM Revision 34cd5348: Reverting this for master, needs review in context of uniqid changes. Opening redmine ticket. Revert "sync up rc.carpmaster with RELENG_2_2. Ticket #4854, plus removal of unnecessary loop that'll amplify notifications unnecessarily."
- This reverts commit 401adacfefbc6006bc2270ccc1640e1b15f767c1.
- 05:33 AM Revision f3dadbb4: Going back to prior to earlier commit. Revert "fix indent my editor broke in an earlier commit."
- This reverts commit 948bbc9baf77b47e636c904faf677a698c13a293.
- 05:22 AM Revision f5b37588: fix indent my editor broke in my earlier commit
- 05:22 AM Revision 948bbc9b: fix indent my editor broke in an earlier commit.
- 04:50 AM Revision 66ed8787: Add IPsec IKE Intermediate EKU to server certificates. The serverAuth EKU already added suffices for Windows clients, though strongswan docs suggest setting this as well.
- 04:46 AM Revision 68ebb884: Add IPsec IKE Intermediate EKU to server certificates. The serverAuth EKU already added suffices for Windows clients, though strongswan docs suggest setting this as well.
- 01:21 AM Revision ed226521: Specify keyUsage and extendedKeyUsage in openssl.cnf, use crl_ext.
- 01:20 AM Revision b27567ca: Specify keyUsage and extendedKeyUsage in openssl.cnf, use crl_ext.
-
- works
-
- works
-
- Now I'm confused that I was looking at something different from what you were referring to. Could you share your 2.1....
-
- The changes made in 89f171b052fbe72aed654d2a1c3d5a24e9bf9902 need review and completion. Need to verify OpenVPN bound...
07/20/2015
-
07:44 PM
pfSense Packages
Bug #4857: Cannot install squid3 on pfsense 2.2.3
- Other than the multiple errors I dont really understand, I have worked on the two file permission errors:
# Cannot... -
07:36 PM
pfSense Packages
Bug #4857 (Not a Bug): Cannot install squid3 on pfsense 2.2.3
- I have tried migrating from squid2 to squid3 because I was having issues with squid2 and package repos, and trying to...
-
12:05 PM Bug #4856: Traffic Shaper blocks traffic when the config is otherwise changed
- I can give a config if required (see attached file), but the problem is that the issue appears often enough for me to...
-
- Going to need more to go on here, the case as described isn't replicable. Like a specific set of steps, start with th...
-
- When changing a firewall or NAT rule, or converting a NAT rule to loadbalancer (or potentially other firewall-related...
07/19/2015
-
04:21 PM Bug #4418: IPsec mobile clients - bogus "p" appended to search domain
- Just happened to have the same problem. DNS in OS X client and Apple IOS client does not work.
Running pfSense 2.2.3... -
- Just happened to have the same problem. DNS in OS X client and Apple IOS client does not work.
Running pfSense 2.2.3... -
- Duplicate of #1835
-
11:09 AM Revision 99f89b04: Fix caps
-
- Clarify that this applies to DNS Resolver as well. Update the translations template.
-
- Clarify that this applies to DNS Resolver as well.
-
- Clarify that this applies to DNS Resolver as well.
-
-
- Some quick mockup here: https://github.com/pfsense/pfsense/pull/1767
-
-
- Pull request has been merged. Thanks!
-
-
- This has been fixed by https://github.com/pfsense/pfsense/commit/eb0287e96f01ea0880d3ccce762d6880b2b44792
-
- I don't understand what you mean. The problem is that even though you configure a remote identifier, which e.g. might...
-
12:56 AM Bug #4855 (Resolved): GroupManager stops working with LDAP after (something?), /usr/sbin/pw exiting w/error
- I'm not sure I can reproduce this issue, but the system is still up.
I'd renamed / created/ removed / created some...
07/18/2015
-
-
- Clarify that this applies to DNS Resolver as well. Update the translations template.
-
- Clarify that this applies to DNS Resolver as well.
-
- Clarify that this applies to DNS Resolver as well.
-
- 05:17 PM Revision 205178aa: Switch logic of $disabled tests system_gateways
-
-
-
- Jim P wrote:
> It does act as a responder now rather than an initiator, but it would be nice to have a selector on P... -
- 03:58 PM Revision 49fc1967: Really avoid error loading rules for numeric host name in alias
- Create a host-type alias. Put just a number in "IP or FQDN" - e.g. I made alias name "Zqw" and a single host "23". Th...
-
-
-
-
- Kill Bill wrote:
> The DHCP/DHCPv6 stuff was meanwhile fixed, apparently. System - General Setup and the Captive Por... - 01:37 PM Revision 561cc25d: Modal - refactored using new attributes
- refs #30
- 01:37 PM Revision 566885d5: Merge branch 'psophis-modal' into bootstrap #30
- 01:36 PM Revision 2d05ff20: Merge branch 'modal' of git://github.com/psophis/pfsense into psophis-modal
-
- Applied in changeset commit:028ff8f8a3d7c09ee5604d6f3eadcdaaef1610c7.
-
- Pull request has been merged. Thanks!
-
-
- Pull request has been merged
-
- Pull request has been merged
-
- ... so that people can get useful descriptions in the System Logs - Firewall GUI, instead of useless tracker numbers....
-
- ... so that people can get useful descriptions in the System Logs - Firewall GUI, instead of useless tracker numbers.
- 09:40 AM Revision 401adacf: sync up rc.carpmaster with RELENG_2_2. Ticket #4854, plus removal of unnecessary loop that'll amplify notifications unnecessarily.
- 09:24 AM Revision 6eb52093: Handle OpenVPN bound to gateway groups using CARP IPs in rc.carpmaster/backup. Ticket #4854
-
- looks to be fixed with what I just pushed
-
- OpenVPN bound to a gateway group specifying CARP VIPs stops when CARP goes to backup status, but doesn't start when r...
-
- Fixed by https://github.com/pfsense/pfsense-packages/commit/2dd0d10d8eb7e9208cd0a02fa6ee02d47a554a8f
-
- thanks, yeah that was fixed in 2.2.0
-
- Works.
-
- The original issue here was fixed in 2.2.3.
The issue Grzegorz and Cullen noted is separate. Opened #4854 for tha... -
- Going to need more details, not a general issue anywhere along those lines. Anything RRD-related in the system log? I...
07/17/2015
-
- fixed
-
- works
-
- Applied in changeset commit:faaab0885d68e6422885e1c3d56985992e909474.
-
- Applied in changeset commit:e4b7410b9bc3622cee6797588a7d5a685d4d759e.
-
- Should be fine to s/\/emailAddress/, E/ on asn1dn when doing config upgrade from 2.1.5
-
- there are a variety of problems along these lines with slow flash that aren't safely fixable. Leaving permanently rw ...
-
- fixed
-
- fixed
-
- fix pushed
-
- When binding outgoing-interface in Unbound to a CARP IP, you end up with an invalid config with a line like: ...
-
- The GUI should show descriptions according to what's selected from the dropdown, but currently does not for URL Table...
-
- The GUI should show descriptions according to what's selected from the dropdown, but currently does not for URL Table...
- 07:29 PM Revision 0958dde1: firewall_schedule_edit.php Conversion complete
- Ready for review
-
- Thanks Chris! We'll get this integrated for 2.3.
-
- - Do not add leftid to confir when value is empty
- When asn1dn param is in binary form, explicit type
- Always add d... -
- - Do not add leftid to confir when value is empty
- When asn1dn param is in binary form, explicit type
- Always add d... - 06:01 PM Revision c37ffea8: only add outgoing-interface if it's an IP. Ticket #4852
- 06:00 PM Revision 4df4c7d6: Only add outgoing-interface if IP. Ticket #4852
- 05:20 PM Revision dd07956c: Really avoid error loading rules for numeric host name in alias
- Create a host-type alias. Put just a number in "IP or FQDN" - e.g. I made alias name "Zqw" and a single host "23". Th...
-
- See screenshot. Note that what's selected from the dropdown does not match what's shown below, unlike for the rest of...
-
- Please try next round of snapshots
-
- The issue doesn't affect left side because leftid is overwritten by strongSwan when leftcert is defined.
I'm worki... -
08:41 AM Bug #4792: IPSec ASN.1 DN needs double quotes in config file
- Hold on... The real issue here (as explained in the first comment) is the mishandling of the peer id type for the new...
-
- this looks to be fixed.
-
- - Add a upgrade code to fix asn1dn string format to match strongSwan needs
- Bump config version to 11.8 -
- - Add a upgrade code to fix asn1dn string format to match strongSwan needs
- Bump config version to 11.8 -
-
- Duplicate of Bug #4369
-
04:47 AM Bug #4851 (Duplicate): proxy settings not honored / cannot work with proxy
- Hi,
when I configure an http proxy under System / Advanced / Miscellaneous, some functions do not use the proxy:
... -
-
- I found the dumb error in my previous attempt. This pull request works for me on a system with a mix of nested host/n...
-
- Been using the same setup for 2 years and no configuration changes but the update to 2.2.3-RELEASE (i386) however sus...
-
02:59 AM Bug #4848: The remote gateway "ip-adres is already used by phase1 "name of phase 1"
- "If interface and remote are the same as an enabled connection, it triggers that validation." <- This is what I did. ...
-
- Chris Buechler wrote:
> Armin: could you get me a copy of your config? Can email to cmb at pfsense dot org with refe... -
- Still not replicable doing same. Doesn't seem to be anything wrong here. Maybe an edge case of some sort I'm not repl...
-
- Looks like left/rightcertpolicy is the only option here. Generally a non-issue because people generate a CA just for ...
-
- As I replied back on your forum thread last month, that's not true. Source IP selection is handled automatically, and...
07/16/2015
-
11:38 PM Bug #4849 (Not a Bug): ipsec: keepalive not working; wrong source ip used
- While debugging ipsec tunnels between two pfsenses I noticed that using ping on the command line does not work out of...
-
- The issue as described isn't replicable. You get the same error in that described circumstance. The check there is fo...
-
- If you clone (copy phase 1 entry) a "phase 1" IPsec connection and only change the "P1 Description" and hit the save ...
-
- The issue's been around since the inception of CARP in 2003, so yeah not likely this is going to change in the near f...
-
- That other ticket ended up not being related to this, it was a different issue. In that case the "link" was lost from...
-
09:12 AM Bug #4845: CARP preemption doesn't switch to backup where connectivity between systems is lost but not NIC link
- If that's the case, you are right. The only way I can see this working is sending both sending their 'status' via the...
-
- We noticed this at one point back in 2012 or so and I swear we already had a ticket open but couldn't find it. It's r...
- 10:24 PM Revision a296286b: Revert "myid_data and peerid_data fields are not relevant with asn1dn."
- This reverts commit 0e19c4bba659a5f4d28f9c8b20c80717a90964b9.
- 10:22 PM Revision d6908784: Contrary to some reports this is actually usable in some cases, just not
- mandatory. Revert "myid_data and peerid_data fields are not relevant with asn1dn."
This reverts commit b8754cc85db7e... - 10:17 PM Revision 0e19c4bb: myid_data and peerid_data fields are not relevant with asn1dn.
- Conflicts:
usr/local/www/vpn_ipsec_phase1.php - 10:16 PM Revision b8754cc8: myid_data and peerid_data fields are not relevant with asn1dn.
-
07:50 PM Todo #4847: NanoBSD Image Flash Block Misalignment
- Want to add while I'm here, in case some don't read the linked thread. Per the very first reference listed, the begin...
-
- I completely agree.
I would also love to hear about any examples of systems that can currently run pfSense 2.2, bu... -
- Keith Hough wrote:
> Are there any systems you know of that can boot from NanoBSD slice 1, but fail to boot from sli... -
- The boot code and MBR partition tables would remain where they are, in sector 0 / 1. If a system was going to have is...
-
12:36 AM Todo #4847: NanoBSD Image Flash Block Misalignment
- only problem here (assuming it works, and is useful) is that setting to sector 2048 probably renders a lot of old har...
-
- Keith Hough wrote:
> start that partition on sector 64, rather than sector 63 (default) as it is now.
Got ahead o... -
- The upgrade scenario for NanoBSD...
In the research I've done, as far as moving the entire MBR partition down by o... - 07:03 PM Revision 693c13cb: Restrict serial ports glob to cua followed by alpha
- Improve this a little more to match only alpha after /dev/cua (/dev/cuau for example)
- 07:03 PM Revision 3eed76d7: Make serial ports glob cope with many more possibilities
- It originally coped with things like cuau1 cuau1.1
Then I made it cope with things like cuau1 cuau11 but it stopped w... -
-
- 04:45 PM Revision 348c7c87: Remove old, unused NetUtils.js
- 04:44 PM Revision 088af065: Remove old, unused NetUtils.js
- 03:50 PM Revision 8235e730: Restrict serial ports glob to cua followed by alpha
- Improve this a little more to match only alpha after /dev/cua (/dev/cuau for example)
-
08:30 AM
pfSense Packages
Bug #4295: stunnel not working in Release 2.2
- Applied in changeset commit:06a66c936672073525ea2626b85ccc42db104f16.
-
- Updated to 5.20 and fixed for 2.2.x
-
07:38 AM pfSense Packages Feature #1973: Update siproxd to v0.8.1
- now in ports, please update? https://www.freshports.org/net/siproxd/
-
- Fixes are on ports tree - https://svnweb.freebsd.org/ports?view=revision&revision=392293
- 05:07 AM Revision 72b28115: Make serial ports glob cope with many more possibilities
- It originally coped with things like cuau1 cuau1.1
Then I made it cope with things like cuau1 cuau11 but it stopped w...
07/15/2015
-
- The change for NanoBSD would be implemented in the build system. The fdisk command that creates the initial MBR parti...
-
- pfSense NanoBSD images are not flash block aligned. This causes significant slowdown during extended write disk activ...
-
- Done: https://redmine.pfsense.org/issues/4847
Thanks Chris. -
- all my comments were re: rw->ro mount time.
Keith, Phil's suggestion to open a todo including those references is... -
- I am happy with the way it is now for 2.2.4. At least it is reliable, even if the speed varies on different cards of ...
-
- Chris, I'm not sure if you are referring to the alignment issue or the remount issue only effecting 1 of the CF / SD ...
-
- Updated subject to reflect the root of the issue. Of a whole stack of various CF and SD cards I have here, there is o...
-
- Works here too. added #4846 todo to remove from pfports when fixed upstream.
-
- This is all fixed now. Current snap is OK. DHCPd is running and a client behind obtains a delegation.
Do we want t... -
- This check was also removed, please try next round of snapshots
-
- It's better but still fails in a related way. There is an additional check that needs to be patched out:...
-
- Patch applied to dhcpd-server
-
- As soon as ISC puts out a release with the prefix6 issue from #4829 fixed, we need to remove our copy from pfports.
-
- there is an issue here, but not as described. opened #4845 for the root issue.
-
- Hi,
I followed the guides on the pfsense portal and also the pfsense Gold book.
Using 2.2.3, at the testing sta... -
- Take a basic WAN and LAN setup, one CARP IP on each interface. If WAN's NIC loses link, the secondary system takes ov...
-
- This reverts commit 81a73bcba3b3a79bb3a7add2e14a46e6af748f50.
-
- This reverts commit 6605035f9d2a04d1d4b724f6e993bc3f5c6d173d.
-
- Looks good now.
-
- I reverted that commit.
-
- Port aliases are non-functional on 2.2.4 snapshots, they appear in rules.debug as empty lists and then the rules fail...
-
- Create a host-type alias. Put just a number in "IP or FQDN" - e.g. I made alias name "Zqw" and a single host "23". Th...
-
07:58 PM Bug #4843 (Not a Bug): Traffic Shapper Wizard
- The traffic_shaper_wizard_multi_all.xml appears to be creating a qLink queue in the incorrect hierarchy for the Lan q...
-
07:40 PM Feature #4133: Add GUI setting for VLANs PCP
- I tested this patch using 2.2.3-Release:
* https://github.com/pfsense/pfsense-tools/compare/pfsense:RELENG_2_2_3..... -
- I just discovered the same 'problem', but with a more usual set-up. Sync is from primary to secondary, but secondary ...
-
- 04:40 PM Revision dea04167: Display any advanced DHCP server settings RELENG_2_2
- Cherry pick of https://github.com/pfsense/pfsense/commit/90ad3a76edae543bcc63252b14660ac4baee291e
-
- 03:56 PM Revision 3e415478: Cancel button after input error for RELENG_2_2
-
-
- Thanks! Tested the change and things look good.
-
- Pull request has been merged
- 03:05 PM Revision f8bcdede: Fix issue_ip_type var name spelling
- Actually there was no real problem, but having a mis-spelling like this means that English speakers will waste time (...
-
- 03:04 PM Revision 4433cf85: Firewall Aliases Import display error message for invalid alias name
- If you open firewall_aliases_import and enter just an invalid Alias Name (e.g. a$b) and press save or press save with...
-
- 03:01 PM Revision 043e61ee: Firewall Aliases Edit ensure input_addresses array exists
- If you click "+" to add an alias, then press Save without entering anything, you get:
Warning: Invalid argument suppl... -
-
- thanks
-
- Yeah, this is available in pfBlockerNG (Advanced Inbound Firewall Rule Settings). This can be closed.
-
- Hmmm, would seem to me that the "Raw Config" feature lets you enable just about anything?
https://github.com/pfsen... -
- yeah this was done at some point
-
- Well, the PBI is 0.6.6.2_1 which is latest available port, can be closed.
- 01:44 PM Revision 6605035f: Avoid error loading rules for numeric host name in alias
- Create a host-type alias. Put just a number in "IP or FQDN" - e.g. I made alias name "Zqw" and a single host "23". Th...
-
- 01:38 PM Revision 6b30491f: Interfaces GIF Edit fix do_input_validation
- Make the required fields be correct and match thier text names, which should each have their own gettext() cal so as ...
-
- 01:30 PM Revision e3a5f487: Interfaces GRE Edit fix required fields text
- The reqdfields had only 4 entries but reqdfieldsn has 5 entries and the field names to text descriptions did not matc...
-
- 01:19 PM Revision 0d9fe84b: Interfaces PPPs edit avoid foreach() warning
- If you go to Interfaces, assign, PPPs, press "+" to add an entry, then press Save without entering anything then you ...
-
-
-
- Need to update AES-GCM and AES-NI from FreeBSD -HEAD.
-
-
12:16 PM pfSense Packages Bug #4561: siproxd listening port redirect rule pulling wrong tag from <siproxdsettings> (config.xml)
Thank You!
Saw this and reported on the forum back in 2011.
https://forum.pfsense.org/index.php?topic=43213.m...-
- Pull request has been merged
-
- Pull request has been merged
-
- Pull request has been merged
-
-
- 1.9.14 is pfSense package version, not the upstream release version.
-
06:39 AM pfSense Packages Bug #4839 (Not a Bug): Version of squidGuard on pfSense 2.2
- The squidGuard version information in pfSense 2.2 is as 1.9.14, but the correct version is 1.4.7.
-
09:20 AM Bug #4818: IPSec makes worse in some cases - since 2.2.3 Update
- Since upgrading to pfSense-Full-Update-2.2.4-DEVELOPMENT-amd64-20150712-1215
I´m able to use all vpn tunnels again! ...
07/14/2015
- 11:25 PM Revision 36f90078: Fix glob for serial device names
- Removing the "." that was in {,.[0-9]} allows it to match /dev/cuau10 and onward.
I added lots of comments on the glo... - 11:25 PM Revision ccf504fc: Merge pull request #1752 from phil-davis/patch-9
- 10:55 PM Revision e65ebe32: Fix adding of VoIP rules from traffic shaper wizard where IP/alias is not
- specified.
- 10:54 PM Revision 57945fcc: Fix adding of VoIP rules from traffic shaper wizard where IP/alias is not
- specified.
-
- The match floating rule for VoIP was being skipped when no IP or alias was specified in the VoIP screen in the shaper...
- 09:52 PM Revision 1cc4c9e3: Fix GratisDNS support, manual merge of commit 3e31a7f82589d3350f111bd7d81cc83a0ab253e2
- 09:49 PM Revision 8795064c: Merge pull request #1753 from mortencombat/patch-1
- 09:43 PM Revision 3e31a7f8: Fix GratisDNS support
- The current implementation is not working for me, maybe the interface was changed by GratisDNS? I tested the update U...
-
- Since 2.2.3, enabling SSH at the console on nanobsd goes through the process, but keys aren't generated.
-
-
- Should be fixed by:
https://github.com/pfsense/pfsense/commit/cc4d13683e50595abc14efc43c91a087f123a979
Awaiting fee... -
- Reported on forum:
https://forum.pfsense.org/index.php?topic=96466.0
The glob that matches the serial device name... -
- works
-
-
- this change in dhcpd seems to be wrong. Posted to their list for feedback with additional details.
https://lists.is... -
- fixed
-
03:11 PM pfSense Packages Bug #3363: TinyDNS does not respond to IPv6 subnet
- I am currently not in charge of the router.
However shortly after reporting this issue concerning TinyDNS I changed ... -
- Do you still have this issue with current pfSense version and current tinydns version? Looks like duplicate of Bug #4...
-
- sync no longer added to new installs, and confirmed the upgrade code removes it where it's set and doesn't change any...
-
- I'm confident in this, snapshots including all relevant changes have been through the config_write loop torture test,...
- 01:24 PM Revision cc4d1368: Fix glob for serial device names
- Removing the "." that was in {,.[0-9]} allows it to match /dev/cuau10 and onward.
I added lots of comments on the glo... -
12:17 PM Bug #4817: rc.start_packages: Restarting/Starting all packages on config sync
- I had issues with my bgp and carp configurations also some bugs from version 2.2.1 and 2.2.0.
So for couple of weeks... -
- this is just how things work currently. That normally doesn't matter because only the system with backup status has t...
-
- Hello,
I am sorry for my late response.. It's suck a same...
But I have released I have sync between fw1 and fw... -
- that's been merged, thanks!
-
-
- The patches from https://forum.pfsense.org/index.php?topic=44413.msg236701#msg236701 have been merged, looking at the...
-
-
- Fixed by https://github.com/pfsense/pfsense-packages/commit/27ea3affa00297e713a8cf7c18bb81ec96ba500b
-
- > But I think there are enough nanoBSD systems out there that can potentially benefit that it is worth doing some res...
-
- this is probably much better with latest 2.2.4 @ https://snapshots.pfsense.org, would appreciate your feedback if you...
-
-
- Duplicate of #4814
-
10:28 AM Bug #4835 (Duplicate): Configuration changes are slow to save after upgrade
- I have a HA setup (two physical machines with direct crossover connection for the SYNC interface) previously running ...
-
- And while at it, https://github.com/pfsense/pfsense-packages/pull/894 (the c009c57 commit) is required to be able to ...
-
- This thing is incredibly outdated. Upstream is at 5.20. Please update the PBI.
-
- Slight cleanup with two effects:
1) a bit easier to follow
2) background execution returns PID of started process, wh... -
- Virtually no information here. If you have issues with current pfSense version and current tinydns package version, t...
-
03:33 AM pfSense Packages Bug #2720: TinyDNS does not read nameserver_*
- Thanks Kill Bill and Chris Buechler!
-
- fixed, thanks
- 01:26 AM Revision 98de735f: manual merge of Phil Davis pull request, commit b45537f75b24bc323987094e459db7b2f75aa405
- 01:22 AM Revision 82921c72: Merge pull request #1748 from phil-davis/patch-9
07/13/2015
-
- Pull request https://github.com/pfsense/pfsense-packages/pull/901
-
- Every time system is upgraded or vnstat2 package is reinstall, PHP front-end becomes inaccessible. It can be accessed...
-
- Merged and fixed ;)
-
- https://github.com/pfsense/pfsense-packages/pull/899 - perhaps someone's finally gonna pick it up when added as pull ...
-
- confirmed in latest snapshot
-
- next snapshot run, building now, should have it.
-
- port updated, package build running now.
-
- https://redmine.pfsense.org/issues/4830
https://forum.pfsense.org/index.php?topic=95908.0 -
- ALIX and APU both made it through 1000 power cycles while rw mounted on the slowest SD/CF I could find with no proble...
-
- Today another remote site is reporting similar symptoms. I am in the process of turning around the old Jumla one, put...
-
- I got the Alix back from Jumla. The replacement came up first time - thank goodness for AutoConfigBackup and being ab...
-
-
-
-
-
-
-
-
-
-
-
-
- #4608
-
- duplicate of #4806, already fixed in 2.2.4 snapshots @ https://snapshots.pfsense.org
-
- My pfsense is 2.2.3
-
- Hello,
I have set ipsec for mobile client.But it's always show connecting.And I have fot some message for ipsec.
... -
-
-
08:54 AM pfSense Packages Bug #4085: Check_mk agent configuration: 'Listen Port' is required, contrary to description
- JayD - wrote:
> Erm ... clearly a layer 7 issue on my end. FIXED! ;)
// Layer 8
I'll shut up now ... -
- Erm ... clearly a layer 7 issue on my end. FIXED! ;)
-
- Erm. See the pull request above...
-
- Running on 2.2.3 the port still has to be defined manually (see screenshot).
-
- Thanks Phillip!
Done. -
- It will be easy for the devs to review if you go to https://github.com/pfsense/pfsense and make the edit yourself and...
-
- Can it be included into 2.2.4?
-
- Fixed by https://github.com/pfsense/pfsense-packages/commit/266662ff8334da5210ad64f08b050b1167386268
-
06:11 AM Bug #1629: invalid state table entries after WAN IP change
- I forgot to post that i am using 2.2.3 and using multiple GW's to internet.
-
- I get the same behavior for my ipsec tunnels.
if my GW (cable modem giving dhcp to pfsense) "resets" itself i do not... -
- Fixed ages ago with https://github.com/pfsense/pfsense-packages/commit/7232161e99d60256c51a4ee94ef800f6d4f39764
-
05:26 AM Bug #4103: Xen xn NICs can't tag VLANs
- FYI, manually adjusting the select box HTML using an inline edit from the browser allows you to create the VLAN on th...
- 05:08 AM Revision 5eabad3d: Cancel button after input error
- If there is an input error then the edit page is redrawn showing the
input errors. The HTTP_REFERER becomes the curre... -
- Frederic Steinfels wrote:
> It seems the start script is doing more or less the same. I have no clue why the script ... -
03:53 AM pfSense Packages Bug #4717: Asterisk needs workarounds to work properly
- It seems the start script is doing more or less the same. I have no clue why the script did not get executed. However...
-
- I have watched the back-and-forth on that thread and restrained myself from commenting. Keith, I will be surprised if...
07/12/2015
-
- Can we safely assume that proper image alignment with slower flash devices that are having issues, will at least help...
-
- When it's disabled it cannot be started, since the executable bit is removed intentionally - https://github.com/pfsen...
- 07:40 PM Revision b45537f7: Fix references to Load Balancer Virtual Server redirect_mode
- When adding a Virtual Server, if you press Save with blank fields, the validation does not show. That was because the...
-
- greg Bernard wrote:
> Only workaround is to create your own certs using pfSense Cert Manager and apply that to the l... - 07:00 PM Revision ec4112dd: Interfaces PPPs edit avoid foreach() warning
- If you go to Interfaces, assign, PPPs, press "+" to add an entry, then press Save without entering anything then you ...
- 06:43 PM Revision 2f0e31b1: Interfaces GRE Edit fix required fields text
- The reqdfields had only 4 entries but reqdfieldsn has 5 entries and the field names to text descriptions did not matc...
-
- Fixed by https://github.com/pfsense/pfsense-packages/commit/65a36bbf84c3401bc79f49290493a0913fdb4936
- 06:31 PM Revision e2db25cc: Interfaces GIF Edit fix do_input_validation
- Make the required fields be correct and match thier text names, which should each have their own gettext() cal so as ...
-
- Fixed by https://github.com/pfsense/pfsense-packages/commit/d3ea61231ce09601a855da251e8067686c29646d
-
- Fixed by https://github.com/pfsense/pfsense-packages/commit/fe0163a939023f87b259f3475a89ee632824a973
-
- My humble suggestion would be to NOT use "Automatic PTR entry" in your highly weird environment that probably noone e...
-
05:22 PM pfSense Packages Bug #3530: TinyDNS creates incorrect NS records
- To better explain: in my PFsense environment, there are two nameservers:
- recursive nameserver bound to the priva... -
- Cannot see how on earth is proper FQDN "incorrect" and localhost "correct" for a NS record anywhere but for localhost...
-
- @OP: Code examples to remove the widget on uninstall:
https://github.com/pfsense/pfsense-packages/blob/master/conf... -
- SRV was added 4+ years ago: https://github.com/pfsense/pfsense-packages/commit/fceaec0ccf3e2f35959219c5e5498fdfda29a8...
- 04:18 PM Revision 81a73bcb: Avoid error loading rules for numeric host name in alias
- Create a host-type alias. Put just a number in "IP or FQDN" - e.g. I made alias name "Zqw" and a single host "23". Th...
-
- Looks like another round of PBI idiocy. Perhaps try a complete uninstall and reinstall.
-
- Can you post the contents of /usr/local/etc/rc.d/asterisk ?
-
- My car won't go. A.k.a. totally useless bug. Likely duplicate of Bug #4717.
-
- Fixed by https://github.com/pfsense/pfsense-packages/commit/7c10d4029c809d662156d5116be882ba2f8d6af9
-
- Fixed.
-
- https://github.com/pfsense/pfsense-packages/pull/897
-
- I don't know what's exactly "evidenced" by bold text, and definitely cannot see how's it required.
https://github.... -
- Considering we are on 3.0.718, this should be fixed. BTW, 3.0.719 has been released. ;)
-
- https://github.com/pfsense/pfsense-packages/pull/896
-
- Duplicate of Bug #3360
-
- https://github.com/pfsense/pfsense-packages/pull/895
- 08:53 AM Revision 0c53abc2: Firewall Aliases Edit ensure input_addresses array exists
- If you click "+" to add an alias, then press Save without entering anything, you get:
Warning: Invalid argument suppl... - 08:40 AM Revision a3669259: Firewall Aliases Import display error message for invalid alias name
- If you open firewall_aliases_import and enter just an invalid Alias Name (e.g. a$b) and press save or press save with...
-
- Perhaps test with current packages?
-
- 2.2.4 PHP needs upgraded to "5.5.27":http://php.net/archive/2015.php#id2015-07-10-2
> The PHP development team ann... -
- Someone kindly remove the dead, unmaintained and unsupported Squid2 package for 2.2+ and consider this fixed with htt...
-
- Anyterm package no longer exists. Plus really, https://doc.pfsense.org/index.php/Why_are_some_passwords_stored_in_pla...
-
- Should be fixed in Zabbix Agent LTS 0.8.5
-
- Fixed by https://github.com/pfsense/pfsense-packages/commit/8b1b7e27646806c6b283f93a62fd59ed6083f97e
-
- Are you on pfSense 2.1.x or what?
-
- Fixed.
-
- Fixed long time ago by https://github.com/pfsense/pfsense-packages/commit/8121961c39d71cbf57bd332712e044aa6ea05203
-
- PBI stupidity "fixed" as noted above, can be closed.
-
- Abandoned package, no such issue with pfBlockerNG.
-
- Fixed for quite some time.
-
- This works just fine now; obsolete bug.
-
- System - Advanced - System Tunebles: edit net.inet.ip.portrange.first
Duplicate of #4297 -
- Duplicate of # 4608
- 05:49 AM Revision 9a01d22d: Static routes merge "else" and "if" into "else if"
- As suggested by Renato.
-
- https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=200502
https://github.com/zeromq/libzmq/issues/1273
!http://i.i... - 03:04 AM Revision b03de800: Fix issue_ip_type var name spelling
- Actually there was no real problem, but having a mis-spelling like this means that English speakers will waste time (...
-
- Diff attached.
-
- Works for me.
@[2.2.2-RELEASE][admin@gw.localdomain]/etc/inc: diff vpn.inc vpn.inc.orig
1650,1654d1649
< ...
07/11/2015
-
- Denis Kozlov wrote:
> I mean, scale the MBUF according to the number of cores and network cards. Job done.
That's... -
05:51 PM Bug #1221: igb driver mbuf allocation problems on multicore machines aka Could not setup receive structures
- Once again, why can't this be addressed in pfSense?
I mean, scale the MBUF according to the number of cores and ne... -
- The original problem here from years back has nothing to do with anything current, that was a 4 year old driver probl...
-
04:44 PM Bug #1221: igb driver mbuf allocation problems on multicore machines aka Could not setup receive structures
- Still on 2.2.3 this bug is for sure not resolved. Yes there is a manual workaround that needs to be applied on every ...
-
- SU+J gone -> sanity restored. Good riddance.
-
- The interface gets saved OK in the config, but in /etc/inc.vpn.inc function vpn_l2tp_configure() there is no mention ...
-
- I have pfSense with 2 WANs (ISPs) and L2TP server on it in head office (HO). I RDR 1701/udp to LAN address of pfSense...
-
- This fix was released with v2.2.3. I tested it and it works as expected now.
-
- That /usr/pbi/ntopng-amd64/bin/ntopng-geoipupdate.sh is definitely not a shell script, plus it downloads corrupt crap...
-
- Thanks for the follow up.
-
- You are right, sorry. Tried again and it generates the proper config. Must have mixed something up.
- 01:03 AM Revision fd29caa1: fix fsync, thanks Phil Davis for noticing
- 01:03 AM Revision 63fcce23: fix fsync, thanks Phil Davis for noticing
-
- Thanks for the report, I'll review.
07/10/2015
- 11:21 PM Revision 88f2c335: fix fsync
- 11:21 PM Revision 362245b0: fix fsync
- 11:13 PM Revision 8a811010: fsync after fclose here, clean up some white space while here.
- Conflicts:
etc/inc/config.lib.inc - 11:12 PM Revision 4171affc: fsync after fclose here, clean up some white space while here.
- 10:48 PM Revision d7b97ca3: fsync conf_path here too
- 10:48 PM Revision 601ba542: fsync conf_path here too
- 09:23 PM Revision 89a8d28e: fix typo
- 09:22 PM Revision 224d9d30: fix typo
-
- I believe this happens when config.cache is corrupt or truncated because of power loss shortly after writing the file...
-
- updated subject to actual issue. SU+J was reverted in nanobsd today after verifying an APU made it through hundreds o...
-
- not sure I'm following what you mean, single address in P2s works as is. What's the circumstance you're referring to?
-
- Static phase 2 entries with a single address endpoint are generated with left/rightsourceip which means that strongsw...
- 07:44 PM Revision f9ee8994: system_crlmanager.php Conversion complete
- Ready for review
This page has a complex mixture of forms and tables. It needs to be
reviewed for functionality. -
- Thanks Clement!
-
10:43 AM Bug #3737: Incoming VLAN traffic fails to reach VLAN interface if PCP not 0
- Chris, if you're interested in using PCP in your configuration you can take a look at #4133 which is more "up-to-date...
-
- I believe this may be related to https://forum.pfsense.org/index.php?topic=87638 (of which I am experiencing the same...
-
- A previously working IPv6 configuration for prefix delegation is broken on 2.2.3.
In /var/dhcpd/etc/dhcpdv6.conf, ... - 01:18 PM Revision f17594c7: Add missing <h2> elements to panel-heading's
- refs #192
- 12:33 PM Revision 11e87d3a: Merge pull request #328 from sbeaver-netgate/Remove-Cancel
- remove all "Cancel" buttons on forms
- 12:19 PM Revision 40f73fe2: Removal of "Clear" controls
- Removal complete from all files
-
11:06 AM Feature #4828 (Duplicate): Advanced option to show hidden firewall rules in web gui
- It would be really nice to be able to see the complete ruleset (including hidden rules like the "default pass rules")...
-
- Moritz Bechler wrote:
> Actually, I think this is a bug in strongswan
Of course not! That's all by (utterly brai... -
- Actually, I think this is a bug in strongswan (just filed it: https://wiki.strongswan.org/issues/1028), as the asn1dn...
-
07:18 AM Feature #4821: PPPoE WANs do not take full advantage of NIC driver queues for receiving traffic
- Seems likely to be this:
"Unfortunately, RSS is usually capable of hashing IPv4 and IPv4 traffic (L3+L4). All other ... -
- That is expected behavior. It matches based on regex/substrings. You can use regex anchors to limit what it matches, ...
-
04:42 AM Bug #4824: Filterting firewall logs by port returns excess results
- The bold 25 above should have read asterisk25asterisk (as in wildcard).
-
- Hi,
If you filter firewall logs by e.g. port 25, the search results appear to be *25* so results include e.g. 1251... -
- Phase 1 configuration is currently restricted to specifiying a single algorithm proposal. Shouldn't be too difficult ...
-
- The strongswan connection config generated for a mobile client association does not include the configured peer ident...
-
- The config.xml portion was fine with Renato's change, but missed other parts of /cf/conf/. Jim T's earlier change get...
-
- James Snell wrote:
> Thank you Tahar for the ln commands, that got it running again for me after I upgraded to 2.2.3...
07/09/2015
-
08:23 PM pfSense Packages Bug #4293: Squid 2.7.9 pkg v.4.3.6 i386 won't start
- Thank you Tahar for the ln commands, that got it running again for me after I upgraded to 2.2.3-RELEASE.
- 07:24 PM Revision 6e332f7f: Debug removed
- Ready for review
-
06:38 PM Bug #4310: Limiters + HA results in hangs on secondary
- This is also happening to me. I though the issue with the limiters was fixed in 2.2.2 and 2.2.3, so I posted a duplic...
- 06:28 PM Revision 3795cc0a: diag_ipsec.php
- Conversion complete
DEBUG still in place -
- Duplicate of #4310
-
- I'd been running two pfsense firewalls on a master/backup setup with CARP. It was running fine on the 2.1.x branch. N...
- 03:19 PM Revision 9a044a7e: diag_gmirror.php
- Conversion complete
-
- Here's one from my Alix at home that happened a while ago, but I thought it might have had a flakey CF card and I did...
-
- http://lists.freebsd.org/pipermail/freebsd-fs/2014-April/019253.html
Can we get rid of the journal "improvement" A... -
- https://forum.pfsense.org/index.php?topic=96326.0...
-
08:01 AM Bug #4808: Unbound segfaults
- Unfortunately not, it seems to crash rather randomly. I'd love to be able to capture a stacktrace or other useful inf...
-
- > How are you restarting the connection that triggers this?
I've written a script...... -
- Updated subject to I think a closer description. But I can't replicate it that much even. Whether via gif, or DHCP6, ...
-
- Maybe my situation is also related to this in some way. We do not get big ping (or I guess other big packets) from br...
-
- Alignment discussed at great length here https://forum.pfsense.org/index.php?topic=95938.0
doktornotor's input can... - 02:50 AM Revision 863094c5: Merge pull request #1739 from yakar/patch-6
07/08/2015
-
- this looks to be fixed. Up to 15 cycles with no issues in a circumstance that would fail at least 50% of the time bef...
-
11:40 PM Bug #4607: Bridge+CARP crashes/freezes pfSense
- Thanks 2.2.3 is working smoothly now .
-
11:38 PM Feature #809: Config sync username change
- Thanks,
Added to : https://github.com/pfsense/pfsense/pull/1735 -
- yeah that's fine to remove the username field, no point in having it right now. Pull request welcome. Thanks!
-
- Related:
* Bug #1971 (Rejected): carp sync username not honored
* Bug #1736 (Closed): Allow other users to be used ... -
- is there any means of replicating?
- 05:33 PM Revision a2a5983a: Restore section commented out for testing
-
- On PPPoE WANs packets are only received on one NIC driver queue (queue0) while packets are transmitted from all queue...
-
- I already put in a feature request for this- https://redmine.pfsense.org/issues/4598
- 12:14 PM Revision cffc7ec1: services_captiveportal.php Conversion complete
- Conversion complete
-
- I can somewhat confirm this with the following scenario:
* *Central Office*
** OVPN Server (TCP, AES-256-CBC, LZO... -
08:46 AM Bug #4820: DHCP Scope at setup
- I set LAN and WAN IP info via the console, then completed setup via the webGUI using the wizard. The initial DHCP sco...
07/07/2015
-
- ditto Phil's question. The setup wizard in the web interface definitely doesn't do that, and I don't recall the conso...
-
- How did you do the initial setup - using the webGUI initial wizard, from console menu selections, or?
And how did yo... -
- At initial setup, 192.168.100.1 was used for the LAN IP and a DHCP scope of 192.168.100.0/24 appeared in the interfac...
-
- you have to delete the already-established SAs after making such changes. #4268
-
09:06 AM pfSense Packages Bug #4819: pfSense IPsec rekey not functional
- Florian Ganée wrote:
> Solved by deleting and creating VPN entirely again
-
- Solved by deleting et creating VPN entirely again
-
- Forgot to mention : running 2.2.3-RELEASE (amd64)
-
- IPsec rekey is shown as Enabled in VPN phase 1 and in config files, but in Status > IPsec when Phases 1 & 2 are up "R...
-
10:42 AM Revision 1a1d9a8c: Update index.php
-
-
- Thanks for your quick response Chris!
I tried the last "nighty build" -> pfSense-Full-Update-2.2.4-DEVELOPMENT-amd64...
07/06/2015
- 10:05 PM Revision f2265d88: Fix dashboard hardware crypto display where AES-NI is enabled. Ticket
- 10:03 PM Revision c9e7807a: Fix dashboard hardware crypto display where AES-NI is enabled. Ticket
- 08:41 PM Revision 10c65c48: Don't check whether the QinQ interface exists when deleting. Unnecessarily
- makes QinQ un-deletable where the parent interface no longer exists
(removed, config restored from diff hardware, etc.). - 08:40 PM Revision ee3b5c15: Don't check whether the QinQ interface exists when deleting. Unnecessarily
- makes QinQ un-deletable where the parent interface no longer exists
(removed, config restored from diff hardware, etc.). -
- fixed, thanks
-
-
-
-
-
-
-
- duplicate of #4326
-
- updated subject to root problem, closing out #4596 as duplicate of this.
-
06:32 AM Bug #4326: Limiters on firewall rules where NAT applies drop all traffic
- Like Ryan, I'm still seeing the issue after upgrading to 2.2.3.
-
- this likely overlaps with the changes made as part of fixing #4811, which some have confirmed fixed things for them t...
-
- Since updateing pfsense from V2.1.5 to V2.2.3, I´ve some issues with the IPsec VPN.
I´ve configured about 20 IPsec v... -
- what packages do you have installed?
That says fw1, but the logs indicate something is config syncing to that sys... -
- Applying configuration of pfsense cause openvpn server restart
When you press apply configuration on DNS TAB or on T... -
-
-
- Please try next round of snapshots, a pfSense_fsync was implemented and is being used to make config.xml save operati...
-
- Jim Thompson wrote:
> This needs similar work (and a PHP extension, because fsync() isn't possible via PHP) to what ... -
09:00 AM Bug #4805: Using FQDN and IP in alias causes static entries to be lost
- Another observation, after some time (30min-60min) its recover from badly filled tables and are filled with proper IP...
-
- In the log there is correctly: filterdns: adding entry 1.1.1.1 to table IP_Alias_1 on host fqdn1.server.com
But in ... -
- Update, it is not working even with filterdns.fixed, after some time, if I reload some firewall rules tables are mism...
- 02:00 AM Revision 8cbb22c6: fix includes so shellsession restartipsec works.
- 02:00 AM Revision d04b109b: fix includes so shellsession restartipsec works.
07/05/2015
-
- The sync option was not an *optimal* fix, but it was a proper fix, as it does fix the corruption issue, and was what ...
-
- Thomas X wrote:
> I was just wondering why this could happen although sync was added in 2.2.3.
Probably because t... -
09:16 AM Bug #4523: master.passwd/group file corruption may occur after kernel panic or unclean shut down
- One addition: Filesystem has been in standard NanoBSD mode (ReadOnly) when the loss of power appeared.
-
- Today I had a power loss with pfSense 2.2.3 AMD64 NanoBSD, which seems to have corrupted the installation. The system...
-
- This needs similar work (and a PHP extension, because fsync() isn't possible via PHP) to what fixed the corruption of...
-
- that patch isn't going into pfSense.
We'll investigate 'why' the transition is slow, then attempt to develop a sol... -
- When people go through the hassle of generating their own set of DH parameters, it'd be nice to not overwrite those a...
- 05:33 PM Revision 028ff8f8: Fix #4813 validation of enable/disable of gateways and static routes
- 1) A disabled gateway can always be enabled - no extra validation
needed.
2) When disabling an enabled gateway, check... -
05:21 PM Bug #4237: Error "macro IPsec not defined" once after firmware upgrade
- Having the same issue here:
[ There were error(s) loading the rules: /tmp/rules.debug:108: macro IPsec not define... -
- Validation of enable/disable of gateways and static routes
Pull request: https://github.com/pfsense/pfsense/pull/173...
07/04/2015
-
- Well, apparently there's the same issue with Status - NTP. This can be solved by using -w option (https://bugs.ntp.or...
-
- See screenshot. In fact, the IP is 2001:718:801:230::8c as confirmed by ntpq -p.
!http://i62.tinypic.com/2vvmm4p.png! - 06:47 AM Revision 5af64602: remove debug.pfftpproxy, it no longer exists.
- 06:47 AM Revision f39cb6af: remove debug.pfftpproxy, it no longer exists.
-
- fixed
-
- looks to be fixed in 2.2.4 after gitsync, next snapshot will include those changes.
- 04:11 AM Revision aaf07882: de-activate sync on upgrade where it's enabled now that the root passwd/group problem is fixed. Ticket #4523
- 04:11 AM Revision 2300307e: de-activate sync on upgrade where it's enabled now that the root passwd/group problem is fixed. Ticket #4523
-
- fixed
- 01:06 AM Revision d44e7dc0: Fix keyid identifers, and go back to using %any in ipsec.secrets as in previous versions, fixing a variety of other ID issues. Latter will break some mobile IPsec circumstances, fix for that to come after more testing. Ticket #4811
- 01:03 AM Revision f5aec3e1: Fix keyid identifers, and go back to using %any in ipsec.secrets as in previous versions, fixing a variety of other ID issues. Latter will break some mobile IPsec circumstances, fix for that to come after more testing. Ticket #4811
07/03/2015
-
- this is adequately worked around in 2.2.3 with the usage of sync. Now that we have a proper fix for pw in 2.2.4, and ...
- 06:47 PM Revision a61daab9: Fix put static route destination in config change description
- When enabling or disabling a route by using the enable/disable button on the Routes page, the destination network was...
-
- 06:35 PM Revision 6135a11f: Fix put static route destination in config change description
- When enabling or disabling a route by using the enable/disable button on the Routes page, the destination network was...
-
- #4814 opened re: the regression of #2401 for the slow ro->rw mount issue discussed here.
-
- this patch fixes the issue, though apparently isn't good.
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=176169
... -
- Opening a new issue to track the regression of old bug #2401. The ro->rw mount is so slow on some hardware that it ma...
-
- I just made a pull request for the first tiny error I noticed:
https://github.com/pfsense/pfsense/pull/1736
I am ... -
- If you attempt to edit a static route to disable it and the gateway set is already disabled you will receive the foll...
07/02/2015
-
- The likely cause for this is the mishandling of the identity type prefixes, as reported on bug "4792":https://redmine...
- 08:12 PM Revision 49683954: sync up vpn.inc with master. Mostly white space and style changes
- 07:46 PM Revision 255075c9: sync up ipsec.inc with master. Mostly whitespace and style changes.
-
- duplicate of #4309
-
11:43 AM pfSense Packages Bug #4812 (Duplicate): Layer7 Filter
- internet stops working after creating layer 7 filter then adding it into firewall rule.
i followed this link - (http... -
- my internet stops working after creating layer 7 filter then adding it into firewall rule.
i followed this link - (h... -
- Yes, I have used this steps from forum (credit Andrew)
But I did pkg stuff on another pfsense and extracted only bin... -
- Yes, the 2.2.3 New Features and Changes page says that this is fixed in 2.2.3, but here in Redmine it says target 2.3...
-
03:15 AM Bug #4746: captive portal allowed hostnames not loaded into table at boot time
- As stated in version 2.2.3 changelog, this bug has to be resolved but now, it doesn't work also if you add FQDN in th...
-
05:50 AM Bug #4794: Handling of ASN1.DN values for RSA IPsec during upgrades from previous versions
- As I've recently explained on an "Ubuntu bug report related to pfSense":https://bugs.launchpad.net/ubuntu/+source/str...
-
02:31 AM Bug #4596: NAT 1:1 vs VIP, limiters works on LAN, but on WAN breaks NAT
- Tested now.
I confirm the problem on 2.2.3, limiters works well on LAN, but if I enable on WAN breaks 1:1 NAT. - 12:23 AM Revision e9b65f25: fix part of keyid problem. Ticket #4811
07/01/2015
- 09:03 PM Revision 4af5c0c8: Remove unnecessary deletion of rc.conf. Add an empty rc.conf with a note
- so people don't think they should be using it.
-
-
- 08:03 PM Revision 71ffb7bb: Merge branch 'RELENG_2_2' of git.pfmechanics.com:pfsense/pfsense into RELENG_2_2
- 08:01 PM Revision 9924ebd4: Remove the unnecessary deletion of rc.conf. Add an empty rc.conf with a
- note so people don't think they should be using it.
-
- keyid identifiers in IPsec stopped working from 2.2.2 -> 2.2.3.
-
-
-
-
-
-
-
-
- Applied in changeset commit:bc5c2e542c7a89ae59f079540ee6fc8f4183b9aa.
-
- Applied in changeset commit:9195a8378002ed41b459eb8c53a208f5fc6f8d4c.
-
- relayd supports port ranges in the listen directive but the forward directive should only have the first port. Also, ...
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- This does not appear to be specific to NanoBSD or even sync on the filesystem.
I can replicate this by causing a p... -
02:15 PM Bug #4809 (Resolved): Dashboard - Hardware crypto (aesni) display cut off with Netgate ADI Board
- If aesni is available and enabled, the Dashboard displays a cut off Hardware crypto line
Hardware crypto <AES-CBC
... -
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Tomas: what are you changing the binary to, just the one from stock FreeBSD ports?
-
- I support this idea, because it is not difficult to implement and solves many problem.
Currently Im changing binary... - 08:30 AM Revision e2451989: Only process Traffic Graph object if it is open
- Reduces useless CPU use on the pfSense box when the dashboard is
displayed with the Traffic Graphs widget. -
- On one of my pfSense boxes I've seen Unbound segfault a couple of times. Since pfSense doesn't seem to monitor Unboun...
-
- I just hit this issue as well, disabling AES-NI did the trick. It's a bit unfortunate that the release notes/blog pos...
-
04:22 AM Bug #4806: Mobile IPSec Broken on iOS devices after 2.2.3 Upgrade from 2.2.2
- Chris Buechler wrote:
> this diff will fix iOS.
>
> [... @@ -613,7 +613,7 @@ EOD; ...]
>
I saw this issue bef... -
- this diff will fix iOS. ...
-
- Yeah, sorry this is typo, correct one is:
IP_Alias_10 IP_Alias_5, IP_Alias_2, IP_Alias_1, IP_Alias_3, IP_Alias_4 -
- Chris Buechler wrote:
> what type of v6 connectivity do you have? Looks like a HE.net or similar tunnel?
Connectit... -
- adding ticket for tracking, already-fixed issue here:
https://github.com/pfsense/pfsense/commit/342f509028bc675c811...
06/30/2015
-
10:22 PM Bug #4463: Fix the NTPD Access Restrictions / and other NTPD related issues, including GPS
- Anything I can do to help move this along? Do I need to clarify anything?
-
- this ticket is specific to vpnc and only vpnc. iOS PSK issues in 2.2.3 is #4806
-
04:11 AM Bug #4784: IPsec mobile fails with VPNC and "Network List" after 2.2.x upgrade
- Hi,
Attached are the screenshots of the VPN configuration for this, along with a log file of the connection attemp... -
- Hi,
I can confirm that this issue is still affecting me - with the disable AES-NI workaround enabled. My iOS clien... -
- fixing some mobile IPsec scenarios broke iOS PSKs, I'm already looking into it.
-
- Since others are posting to [[https://redmine.pfsense.org/issues/4784]]. I figured it's worth opening a new ticket in...
-
- @Tomas - your description of IP_Alias_10 includes IP_Alias_6
But IP_Alias_6 is not mentioned anywhere else.
Is ther... -
- And IP_Alias_10 contains only IP address from IP_Alias_5
-
- For better replication this is what happening:
IP_Alias_10 IP_Alias_6, IP_Alias_2, IP_Alias_1, IP_Alias_3, IP_Alias... -
- Hi, despite of fact that this issue was resolved (https://redmine.pfsense.org/issues/4296), I have problem, that in A...
-
-
03:26 PM Bug #4790: Established IPSec Tunnel refused transporting further traffic out of sudden.. it than refuses any rule based traffic to anywhere!
- Hi Chris,
I know, that's why I did - before I opened this bug - at least tried it for two days without Snort... in... -
- That definitely sounds like you have a Snort signature set enabled that's too touchy, and it blocked the remote endpo...
-
- Thank you for your Update and Feedback, I found meanwhile that https://forum.pfsense.org/index.php?topic=78151.15 did...
-
- what type of v6 connectivity do you have? Looks like a HE.net or similar tunnel?
Did this work at any previous po... -
- Hello,
after rebooting pfSense 2.2.3 ... -
- given some period of time, it also goes nuts and starts logging like mad, to the extent its logging generates over 6 ...
-
- Opening this back up. Though pfflowd does not complain about the pfsync version, it does not produce any data.
-
-
04:43 AM pfSense Packages Bug #4799: Emulex OCE11102-NT & PFSENSE 2.2.2 & VLAN TAG
- Thank you for your quick answer.
I tested this morning opnsense (the fork from pfsense and based on FreeBSD 10.1)... -
- dem co wrote:
> 3 minutes+ waiting time when running conf_mount_ro() on CF card).
That's due to removal of this p... -
01:48 AM Bug #4803 (Resolved): config.xml is empty if power loss or panic happens shortly after config write
- When running ver 2.2.3 nanobsd with filesystem kept permanently read-write enabled (due to 3 minutes+ waiting time wh...
06/29/2015
-
- I apologize, my issue was not actually with IPsec logging. Syslog was not working at all, even across reboots, on two...
-
- where is it not working, what's blank? It works fine in general.
- 05:30 PM Revision bdfce2a4: Merge branch 'RELENG_2_2' of git.pfmechanics.com:pfsense/pfsense into RELENG_2_2
-
02:54 PM Bug #4326: Limiters on firewall rules where NAT applies drop all traffic
- Ermal Luçi wrote:
> This seems affecting only NAT with limiters.
> It should be handled properly now in 2.2.3 i wil... -
02:19 PM Bug #3096: Limiters problem using Multi WAN
- Any news about when this bug will be dealt with ? I don't see it in the roadmap.
-
- duplicate #4661
-
01:52 PM Bug #4802 (Duplicate): OpenVPN Client wont start after reboot, when set to a Gateway Group specifing a VIP
- An OpenVPN Client won't start after reboot of the primary node, when set to a Gateway Group specifing a VIP.
-
-
- Spoke too soon, I went back and tried it on the original hardware that was used to replicate the problem and it still...
-
- Apparently so. Moving the sleep down below the other line allows it to function. Occasionally drops an error on the c...
-
- guessing this is probably all 2.2.x versions.
Does the workaround in #4740 also work around this? -
- I'm guessing the IPsec service is one you've restarted in the process? There should be nothing rebooting does that re...
-
12:40 PM Bug #4801: IPSec multiple Phase 2 single-phase 1
- Chris Buechler wrote:
> no indications of a bug here. If IKEv2, and a Cisco ASA on the other side, that's #4704 (whi... -
- no indications of a bug here. If IKEv2, and a Cisco ASA on the other side, that's #4704 (which is a Cisco problem ult...
-
- I can not connect multiple Phase 2 single-phase 1.
I have an IPSec VPN with a business partner, but I need to have... -
-
- I don't see this being something we integrate into the user manager, given those with these requirements often have o...
-
-
-
- Thanks Phil. I'll confirm when time permits
-
-
- Superseded by #4801 that has description in english.
-
- Não consigo conectar múltiplas fase 2 com uma fase 1.
Possuo uma vpn IPSec com uma empresa parceira, porém necessi... -
- Customers are still reporting panics on 2.2.3 with all of the fixes thus far applied. Crash dump looks virtually iden...
-
- We can't call this a bug since that isn't a driver we include or have any capability to test. It appears you copied t...
-
- Hello,
I bought a 10Gbe Emulex OCE11102-NT. The network card works fine on FreeBSD 10.1. I tried to configured som... -
- The code was already there with 2.1.x and the unbound *package*. https://github.com/pfsense/pfsense-packages/blob/mas...
06/28/2015
-
- There have been a few times on the forum when people need to be told to put in their Host or Domain Overrides again w...
-
- Fixed by commit to master:
https://github.com/pfsense/pfsense/commit/90ad3a76edae543bcc63252b14660ac4baee291e -
- When the services_dhcp page is shown the contents of advanced settings are not shown to the user - the user has to cl...
-
- The commit to 2.2 branch was:
https://github.com/pfsense/pfsense/commit/dc6695c3f41f65dd3232e311e589bad217bb4c10
Th... -
- Done by commits:
https://github.com/pfsense/pfsense/commit/a7a064f4e523cc94d8570075e8b3b9a9220da3a3
https://github.... -
- Done by commits:
https://github.com/pfsense/pfsense/commit/3d0391f1d843a04ae1072440c8e38bbf392cb4c6
https://github.... -
- The current default pfSense kernel is not built with multiple FIB support. Multiple FIB support has been in FreeBSD ...
Also available in: Atom