Activity
From 07/17/2015 to 08/15/2015
08/14/2015
-
03:54 PM Bug #495: USB drive fails to mount during boot
- Well,
I finally foun the issue, I was using Unetbootin and it was a bad choice.
Working with DD is magic!
Regards -
- Hi,
I've experimented the same problem with :
* memstick 2.1.5 and 2.2.4
* with or without the delay
* with 2 d... -
09:24 AM Bug #4935: WAN 6rd without border relay IP creates invalid ruleset
- Seems like 6rd can not work with a static ipv4 address.
Was assuming that ipv6 and ipv4 were separate things, but... -
- When enabling 6rd on WAN interface(have static ipv4 address configured - not sure if it matters), it does not work an...
- 08:35 AM Revision aa49b6b3: replace addGlobal reference so Modal doesn't throw fatal errors when used
-
06:51 AM Bug #4936 (Resolved): dhcpd sets wrong permissions on leases files
- Hi,
I hope this is not a duplicate, at least I didn't found an issue which matches our problem.
We upgraded our... -
05:31 AM pfSense Packages Bug #4934 (Resolved): OpenVPN Client Export Doesn't Include Full CA Chain
- When exporting an OpenVPN configuration, only the CA immediately above the server's certificate is included. If that ...
08/13/2015
-
09:13 PM Bug #4568: mlppp settings lost after save on interface page
- I have never been able to edit my posts in Redmine. Sorry - that post above has the pull request and commit for maste...
-
- Apply the patch to usr/local/www/interfaces.php from https://github.com/pfsense/pfsense/pull/1780
My commit https://... -
04:08 PM Bug #4568: mlppp settings lost after save on interface page
- Is there a workaround for this? I just upgraded from 2.1.3 > 2.2.4 and now have use of only one of my MLPPP members.
-
07:43 PM Revision 00b8b2ec: The "enableallowallwan" script should also allow bogons, or it makes running test firewalls with RFC5735/6890 test network style WANs a pain.
-
-
07:12 PM Bug #4933: Vlan interfaces created in web ui show up in ifconfig but don't show up in the UI.
- Yeah, I have this working in other builds. That's why I'm thinking it's a bug.
I'm creating the vlans through the... -
04:55 PM Bug #4933 (Feedback): Vlan interfaces created in web ui show up in ifconfig but don't show up in the UI.
- where/how are you creating them? this all works of course, it's widely used.
-
- I have two pfSense firewalls running CARP and pfSync. em0 is the WAN interface, em1 is LAN, em2 is unused, and em3 i...
-
07:00 PM Revision a369fe71: Drop loader.conf_wrap
-
- To activate, check the box for RFC2307 in the LDAP server settings and fill in the group object class (typically posi...
-
- Previous default was ~1m20sec.
-
-
- Applied in changeset commit:f6f7f1c244929016d2ab4664df6d969f664a54f0.
-
- Leaving this open because the code will need to be brought into 2.3 after the bootstrap merge.
-
- Added a checkbox for RFC2307 and an input field for the group object class (defaults to posixGroup). To activate, che...
-
- PHP's LDAP library has a network timeout now and that seemed like a good choice that wouldn't increase complexity or ...
-
07:13 AM Bug #4854: OpenVPN bound to gateway group using CARP IP doesn't start with CARP master status
- Maybe the same problem with OpenVPN Client Connections:
We have a Master/Backup CARP setup with OpenVPN-Client Conne... -
01:20 AM pfSense Packages Bug #4932 (Not a Bug): Avahi package fails to start after reboot since 2.2.3
- on a fresh 2.2.4 AMD 64 install (Hyper-V VM) Avahi fails to start after reboot.
Running this command will get the ... -
- I don't think that in and of itself would trigger a restart of unbound, as it doesn't mean it picks up a hostname cha...
-
01:11 AM Bug #4931: dhcpleases misses some DHCP lease changes
- So... as result, this causes unbound to restart every 5 minutes (Bug #4396)? I'd rather live with the original bug!!!
08/12/2015
-
-
-
-
- Thank you! That's the root of a problem I was in the midst of troubleshooting and hadn't had time to get to the botto...
-
11:39 AM Bug #4931 (Resolved): dhcpleases misses some DHCP lease changes
- Some changes to dhcp leases made by dhcpd to its database in /var/dhcpd/var/db/dhcpd.leases, are being missed by dhcp...
-
- The RADIUS server must populate the Class attribute with a string, semicolon-separated, of user groups. Similar to LD...
-
- The RADIUS server must populate the Class attribute with a string, semicolon-separated, of user groups. Similar to LD...
-
- Attached patch is a bit of a hack but is just a proof of concept -- when applied it will find groups for the users in...
-
- Turned out to be a relatively minor/safe change. Unlike LDAP, RADIUS would fail to grab the groups if a second query ...
-
- Applied in changeset commit:c4a9f99a8d79e201b2af5053a095c83bb1a26467.
-
- Applied in changeset commit:709c2f99f1bf99022ee8ba670cfd8025e2c71592.
-
- Looks like the problem here is due to the way LDAP groups are obtained. The GUI does not cache the obtained LDAP grou...
08/11/2015
- 08:08 PM Revision 99812394: Merge branch 'interfaces_qinq_edit' into bootstrap
- 07:59 PM Revision 3bbf56d7: interfaces_qinq_edit Conversion complete
- Ready for review
Note:
This conversion includes a change to Form_Group and pfSense.js to allow
the buttons added by e... -
- At the moment we don't appear to attempt to determine the group from RADIUS to support this. Looks like maybe we coul...
-
- Changed the subject of the ticket to be a little more accurate. I was looking at this a few weeks ago myself but with...
-
- Nevermind, PR merged. Just update the package and report back.
-
- Install the current version. After that, test this please (either apply via system patches or replace existing /usr/l...
-
07:55 AM Bug #4930 (Closed): IPSec interface missing in SNMP
- Hello,
after upgrading to version 2.2.4-RELEASE (i386) there is no way to monitor the IPSec traffic using SNMP. ... -
- ...
08/10/2015
-
- Hmmm.... I cannot see any pencil under description after hitting "Update". Seems like the feature is not enabled for ...
-
- you should be able to edit your own posts (though the edit feature isn't exactly easy to see). Hit Update, then under...
-
-
03:26 PM Feature #3504: Firewall rules hit counter
- Marcello, that is awesome! The bytes, packets and states are a very nice touch. However, the evaluations is kind of...
-
02:34 PM Feature #3504: Firewall rules hit counter
- with few modifications and a new function, I've got this result.
Is there any info about how often does pfctrl cle... -
01:21 PM Feature #4923: Add LDAP support for RFC2307 style group membership
- The ...
-
- Yes, after applying the patch the ipfw/CP rules will need a kick (or, ideally, a reboot) -- that won't be an issue fo...
-
07:49 AM Bug #4903: Captive Portal ipfw rules are not correctly including interface CARP VIPs
- A note on my previous comment:
First this fix didn't work, these rules were missing (in 'ipfw -x 2 show'):
allo... -
- Jim P wrote:
> Applied in changeset commit:6538d22fcb8068b276585b6cc2b4f7b9b0c58829.
This resolved the issue for ... -
07:29 AM pfSense Packages Feature #4928 (New): Surftool - New Package to turn squidguard groups(/acls) on or off
- Manage your squidguard groups/acls. This tool was made for schools. You can set every group very easily to one of fiv...
-
04:37 AM Bug #4913: XMLRPC sync craches PHP-fpm
- Another crashreport just sended in.
-
01:53 AM pfSense Packages Bug #4927 (Not a Bug): Add MAC only once to the pass-through list
- I'm using pfsense and the captive portal.
If an user enters a voucher he is added to the Pass-through MAC list.
...
08/09/2015
-
09:21 PM pfSense Packages Bug #4922: Nut Settings Page - PHP Config nut.inc - Field Validation Fails
- Awesome, thanks!
- 11:30 AM Revision 4fdcdbf3: Ignore case when comparing package versions
- So that "versions" that probably are the same will be compared the same:
"Utility-1.0" and "utility-1.0"
"2.3.4_5 pkg... - 07:57 AM Revision 5685a741: Compare package version strings with compare_pkg_versions
- This fixes redmine #4924
- 07:54 AM Revision cac80f49: Provide compare_pkg_versions
- This function parses and compares two strings to see which one seems to represent the greater "version". It splits th...
-
- Hit Enter by accident. (Why there's no working Edit button here?!). Already available in ports; provides one of the l...
-
- Already available in ports; provides one of the long requested features (remote ports tracking), plus important bugfi...
-
- I made a generic version comparison function. That should handle all the rubbish that is there now, and also continue...
-
- Another note on the above... It's really pfS that sets up the rules what's considered valid here -- and this stuff co...
-
- @Phil: IMO, those completely whacky package versions should not be a concern here. I'm replacing them as I clean some...
-
- The current packages has quite a few "non-standards" for writing the package version:
1) "n.n" or "n.n.n" - like pfS...
08/08/2015
-
- Note that this is also a problem for a pfSense version upgrade from 2.2.9 to 2.2.10 and the like, due to a bug in the...
-
- I am looking at that. Yes, it needs smarter comparison and might be able to reuse code that does similar stuff for co...
-
- Noted this with the recent packages cleanup spree... 10 > 9, the trailing 0 is not insignificant... :)
!http://i.i... -
- Pull request https://github.com/pfsense/pfsense/pull/1810
-
- version_compare_numeric correctly compares 2.2.8 to 2.2.9 and thinks 2.2.9 is an upgrade - good.
But comparing 2.2.9... - 11:13 AM Revision eb76c6b7: Merge pull request #337 from sbeaver-netgate/firewall_schedule_edit.php
- Converted firewall_schedule_edit
-
11:10 AM Bug #4854: OpenVPN bound to gateway group using CARP IP doesn't start with CARP master status
- Hi Chris,
think there is still a problem.
When CARP goes to backup on let say pfsense#1, it stops openvpn and i... - 11:07 AM Revision a4b3dbce: Merge pull request #332 from sbeaver-netgate/firewall_nat_edit
- Converted firewall_nat_edit
-
- Merged and working again.
-
- Can this be done for 2.2.5 please? There is a whole galore of people complaining about this... https://forum.pfsense....
-
- thanks
08/07/2015
- 08:21 PM Revision 4b94f9ec: Partially converted
- Requires revised save logic using an array rather than multiple POST
fields
Also like to look at possibility of chan... - 07:18 PM Revision 55d43903: Merge branch 'logos' into bootstrap
-
- Merged -> fixed.
- 05:56 PM Revision f4beb885: Updated logos
-
- thanks
- 03:02 PM Revision eda83714: Merge branch 'firewall_rules' into bootstrap
- 03:01 PM Revision 42a6bcbd: Change savings display class.
- 02:53 PM Revision 50e12e3e: Merge branch 'firewall_nat_out' into bootstrap
- 02:52 PM Revision 1ce2bbbc: Merge branch 'firewall_nat_1to1' into bootstrap
- 02:52 PM Revision f2776958: Merge branch 'firewall_nat' into bootstrap
- 02:52 PM Revision d9a57fcd: Merge branch 'firewall_rules' into bootstrap
- 02:51 PM Revision c821a6cd: Added panel etc
- Added panel for consistency
moved “store changes” button to <nav>
Changed icon legend to <dd> for consistency - 02:29 PM Revision 1c0d1b28: Change icon display
- Change icon display to<i>
Remove row shading
Remove unneeded checkbox - 02:22 PM Revision 91d452c7: Removed row shading
- 02:19 PM Revision 0032fa52: updated icons etc
- Changed icon display
Removed row shading
Removed unneeded checkboxes - 02:08 PM Revision 7abddc12: icon and checkbox changes
- display icon with <i>
eliminate unneeded checkbox -
- Same system crashed identically on 2.2.4:...
-
- Turnkey Linux OpenLDAP (which runs the phpLDAPadmin web UI) seems to define group membership differently than pfSense...
-
11:09 AM Feature #4044: Add UEFI support
- Will this be looked at eventually? I think GEN2 Hyper-V support would be a great thing, particularly for dynamic mem...
- 01:51 AM Revision db141f98: Added alias pop-ups
- 01:23 AM Revision dbbd22f9: Added alias pop-up
- 12:36 AM Revision 90741c50: Merge branch 'firewall_nat_npt' into bootstrap
- 12:36 AM Revision b4c47a85: Merge branch 'firewall_nat_1to1' into bootstrap
- 12:36 AM Revision 5e07cad0: Merge branch 'firewall_nat_out' into bootstrap
- 12:36 AM Revision 3e051f35: Merge branch 'firewall_nat' into bootstrap
- 12:35 AM Revision 8bbab8a3: Added store changes button and containing panel
- 12:29 AM Revision 598dc5ed: Added store changes
- 12:25 AM Revision 56fca890: Save re-ordered list
- 12:02 AM Revision 797f7b50: Save changed rule order
08/06/2015
- 11:41 PM Revision 74ccc915: Merge branch 'firewall_nat_1to1' into bootstrap
- 11:41 PM Revision b27b4e4b: Updated to use jquery drag/move
- 11:34 PM Revision eff6aa06: Merge branch 'firewall_nat_out' into bootstrap
- 11:34 PM Revision 753dd9fc: Updated to use jQuery drag/move
- 11:26 PM Revision 2d708e43: Merge branch 'firewall_nat' into bootstrap
- 11:26 PM Revision 4cf530c4: Updated to use jQuery row drag/move
- 10:53 PM Revision eb19b66d: Merge branch 'firewall_aliases_edit.php' into bootstrap
- 10:53 PM Revision 6fceee6b: Fixed issue when address array contained blank entries
- Todo: Probably a better way to fix this, but this fix at least allows
the page to function. - 03:47 PM Revision ac23816a: Merge branch 'firewall_nat_out' into bootstrap
- 03:46 PM Revision 1d449e7c: firewall_nat_out Conversion complete
- Ready for review
-
- This is fixed by https://github.com/pfsense/pfsense-packages/pull/952
-
- If you really want this displayed somewhere in dashboard, you can assign the underlying physical interface (and use t...
-
08:25 AM Bug #4058: WAN interface configured as PPPoE not displaying properly in Interfaces box of Dashboard
- Thank you both for looking into this. Apparently something changed (gasp!) since the previous release. I looked at ...
08/05/2015
-
- https://github.com/pfsense/pfsense-packages/pull/939
-
- Original issue:
PfSense 2.2.3 and 2.2.4, install Nut 2.0.5.
Go to configure as 'Remote NUT Ups', fill in fields u... - 10:15 PM Revision 37ad2e00: Highlight all cells in the row
-
-
11:01 AM Bug #4921 (Resolved): Disabling a gateway does not remove static routes for DNS servers set to use it
- After disabling a gateway in System > Routing, Gateways if you have DNS servers defined in System > General Setup tha...
-
- LAGG interfaces do not support ALTQ directly, so they don't appear in the shaper wizard or other ALTQ areas unless th...
-
05:38 AM Bug #4920 (Not a Bug): Traffic Shaping Wizard don't show "LAN" Interface
- I have an little issue with the Traffic Shaping Wizard on my pfSense. I have the following interfaces:
-WAN 1 (VLA... -
01:16 AM pfSense Packages Bug #4919 (Not a Bug): squid transparent proxy interface problem
- Hello!
I don't know where to report this =)
I found a problem in squid3 package. In web configuration script (/usr/...
08/04/2015
-
09:19 PM Revision 44551f82: Fix missing DH group 22-24
-
-
- working
-
- Pull request has been merged
-
- NWM, looking at filer_sync.xml instead.
https://github.com/pfsense/pfsense-packages/pull/933 -
- I frankly cannot see there's it referenced in the filer.xml.
- 06:37 PM Revision 69d42601: Merge branch 'loadbalancer_monitor' into bootstrap
- 06:36 PM Revision ac800670: load_balancer_monitir Conversion complete
- Ready for review
-
- thanks
-
- Confirmed working by multiple forum users, safe to close. ;)
- 04:35 PM Revision 95056f94: Merge branch 'firewall_nat_1to1' into bootstrap
- 04:34 PM Revision fe4dec8f: Add containing panel
- 04:28 PM Revision b7e553b1: firewall_nat_1to1 COnversion complete
- Ready for review
-
- The configuration generated when DH groups 22-24 is incorrect (the _ike_ and _esp_ attributes are incomplete.)
Pul... - 03:23 PM Revision 66df2190: Initial conversion
-
12:20 PM Bug #4806: Mobile IPSec Broken on iOS devices after 2.2.3 Upgrade from 2.2.2
- We are running version 2.2.4 but we still appear to have this issue.
We followed the guide at:
https://doc.pfsens... -
10:48 AM Revision 30ccf550: put back the missing newline
- Since 2.2 the console is missing the separating line between the interfaces list and the menu, which makes it harder ...
-
- As I said I am aware of that, but having a 8GB image (which means approx 4GB per slice) would be a benefit for packag...
-
05:24 AM Bug #4766: "URL Table (IPs)" and "URL (IPs)" do not work when text file is hosted on a fresh install of pfSense
- Yes, the one I attached is sufficient to replicate this issue. I just tested 2.2.3 and 2.2.4 and they both still have...
- 04:13 AM Revision 24850bca: only read file if it exists, and only foreach if an array.
- 04:10 AM Revision 0057e62d: only read file if it exists, and only foreach if an array.
-
03:23 AM Bug #2762: PF drops IPv6 packets with fragment header followed by a last fragment only
- I modified _/usr/local/www/firewall_rules_edit.php_ with enclosed patch (pfSense 2.2.4)
After that, protocol "IPV6... - 01:31 AM Revision d098d2ce: Merge https://github.com/SjonHortensius/pfsense into bootstrap
08/03/2015
-
- Forum: https://forum.pfsense.org/index.php?topic=97540.0
In the recent commits "function filer_install()" was remove... - 07:53 PM Revision 31d613d2: Merge pull request #335 from sbeaver-netgate/XSS
- XSS/Security updates from upstream
- 06:08 PM Revision 2a52350e: Merge branch 'firewall_nat_edit' into bootstrap
- 06:08 PM Revision 7bd45a1d: Merge branch 'firewall_nat' into bootstrap
- 06:03 PM Revision 96798027: Merge branch 'XSS' into bootstrap
- 05:11 PM Revision 603aa20f: XSS/Security updates from upstream
- The pfSense maintainers have provided a list of 30 or so security
changes related to the web GUI that have been made ... -
- Fixed with the above commit.
-
- it's fine (and better in ways) to use a larger card than the image size. this has been discussed at length in other t...
-
- Looks like around where I live the 4GB CF cards start to disappear from the market. Today all I can find are Kingston...
- 01:18 PM Revision 2ab10468: Allow to create empty bogons on nanoBSD
- If for some reason the bogons file/s do not exist then this code creates
empty ones before making any use of them in ... -
-
- Just a note here: 1/ only happens as a result of 2/ (and of subsequent restarting of the reinstall).
-
- Dave B wrote:
> Nevermind, restarted and it worked
That's #4880 (see point 2 there). Good luck figuring it out. -
10:38 AM pfSense Packages Bug #4886: ntopng error at boot after reinstall post-upgrade
- Nevermind, restarted and it worked
-
- the new ntopng package is "broken"
froze at Executing custom_php_global_functions()...
and stay there forever -
- Pull request has been merged, thanks!
-
- Pull request has been merged
-
04:30 AM Feature #4915 (Resolved): Move logout link
- The logout link is currently hidden in the middle of the System menu which makes it a bit awkward to find, it would b...
-
03:50 AM Bug #3749: Upgrade from 2.1.4 to 2.2 does not automatically reboot
- Also had same problem refusing to reboot in 2.2.2. I was able to get to console but reboot failed there too. But on s...
-
02:04 AM Feature #4914 (New): Packet Capture Settings
- It would be nice if the Packet Capture utility, once started, could keep in memory the settings it started with and s...
08/02/2015
- 08:44 AM Revision 42d24d00: Merge pull request #331 from sbeaver-netgate/firewall_nat_out_edit.php
- Converted firewall_nat_out_edit
- 08:43 AM Revision f9b2aaa5: Merge pull request #329 from sbeaver-netgate/system_crlmanager.php
- Convert system_crlmanager
- 08:42 AM Revision 4a098495: fix a few syntax problems #327
- 08:41 AM Revision b70992c6: Merge pull request #327 from sbeaver-netgate/diag_ipsec.php
- Converted diag_ipsec
- 08:25 AM Revision c3e5fd5b: Merge pull request #326 from sbeaver-netgate/diag_gmirror.php
- Converted diag_gmirror
- 08:20 AM Revision 5db21898: Merge pull request #325 from sbeaver-netgate/services_captiveportal.php
- Converted services_captiveportal
- 08:08 AM Revision 60558695: Merge pull request #330 from sbeaver-netgate/firewall_shaper
- converted firewall_shaper
-
- Hi!
Having a problem that XMLRPC gets "Code 5: Didn't receive 200 OK from remote server. (HTTP/1.0 500 Internal Se... -
04:58 AM Bug #4286: State killing on gateway change
- Here is a new test case in the latest 2.2.4 release:
- I start a "ping 8.8.8.8"
- Link ADSL is up, link 3G is up,... -
- Looked a bit at the source code:
There is 3gstats.php which is retrieving datas from the Huawei monitoring device:...
08/01/2015
-
- It's definitely less than ideal, especially given it doesn't reliably work. dmidecode is not an alternative though, a...
07/31/2015
- 07:58 PM Revision 2807e479: Fixed error in use of array_merge()
- array_merge() re-numbers the keys :(
-
- 07:32 PM Revision 0e6ac11d: firewall_nat.php Conversion complete
- Ready for review
-
-
-
-
-
-
05:51 PM pfSense Packages Bug #4895: System Patches - multiple regressions with the new code
- Given this information, I think it's possible to meet both sets of uses neatly.
I'll have a go at a second versio... -
-
-
-
-
-
-
- Can someone please bump the PBI to 0.86? With 0.85, the only thing you get is...
-
- 2015/07/31 03:05:08 kid1| /var/run/squid/squid.pid: (1) Operation not permitted
2015/07/31 03:05:08 kid1| WARNING: C... -
- Guys, this "method" is really pathetic. Not having things like /proc/cpuinfo does not help here, but what's exactly w...
07/30/2015
-
-
-
- 09:21 PM Revision 223af28c: firewall_nat_edit.php COnversion complete
- Ready for review
-
08:32 PM Bug #4911 (Resolved): AES-NI hardware crypto not always displayed in information widget
- The /var/log/dmesg.boot snapshot file appears to be created too early in the boot process resulting in hardware crypt...
- 08:28 PM Revision ee4b22ea: firewall_nat_edit Partial conversion
- Some JS left to complete
- 08:07 PM Revision 9d454891: fix whitespace
- 08:02 PM Revision aa14a0f4: Add NUT package help location
- 07:23 PM Revision f791f28d: remove the destination server's interface(s) from dhcrelay. Ticket #4908
-
04:49 PM
pfSense Packages
Bug #4857: Cannot install squid3 on pfsense 2.2.3
- I confirm squid3 dies or doesnt work on pfsense 2.2.3
After a few days qwhere everything was running fine, squid s... -
-
-
-
-
04:13 PM Bug #4418: IPsec mobile clients - bogus "p" appended to search domain
- Running pfSense 2.2.4 and attempting to connect with iOS 8.4. This problem still apparently exists in some form or an...
-
- Two completely different animals there.
Host and network aliases are parsed in pfSense and passed into filterdns f... -
- According to [[https://doc.pfsense.org/index.php/Aliases#Aliases_and_Hostnames]] hostnames are updated as often as co...
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- needs fixed upstream
-
- 1/ This is an upstream issue.
2/ Has no influence here on functionality. Dunno what time interval you have selected.... -
11:59 AM Bug #4896: Gateway group failover
- I've tried back and forth to trigger the fault again, but it is a no show, which is both good and bad. :)
However ... -
- First of all i turned off Grown notifications (thought they were off). And the warnings disappeared. Thanks!
I tri... -
- Scratch that, a proper one here: https://github.com/pfsense/pfsense-packages/pull/917
-
- https://github.com/pfsense/pfsense-packages/pull/916
- 10:58 AM Revision ede37031: Allow to create empty bogons on nanoBSD
- If for some reason the bogons file/s do not exist then this code creates
empty ones before making any use of them in ... -
10:15 AM Bug #4329: OpenVPN Server returns an error message while validating selfsigned certificate with a deep of 2
- I've disabled the certificate check and went with the default "Do not check".
-
- Applied in changeset commit:79e46ebda9eb3b92fc911fd82ef3b701ef3a64da.
-
- Applied in changeset commit:2ae65d99d228f8de891bd93d359ad9fca95c3adf.
-
- Though I saw this happen on a production unit when performing an upgrade, I can't seem to reproduce it locally.
On... - 06:27 AM Revision 97613114: remove the destination server's interface(s) from dhcrelay. Ticket #4908
- 05:49 AM Revision fc3e3bdb: remove more old, unused platform stuff
- 05:49 AM Revision f688185c: remove more old, unused platform stuff
- 05:38 AM Revision c7ea65c2: Fix killing of individual states for IPv6. Ticket #4906
- 05:37 AM Revision fcf8ac0a: Fix killing of individual states for IPv6. Ticket #4906
- 05:28 AM Revision ffb3d9d5: fix whitespace
- 05:28 AM Revision 324ce0b9: fix whitespace
- 05:17 AM Revision c5dbb02f: Use the appropriate source and dest IPs for all state types. Ticket #4907
- 05:16 AM Revision 38e7c093: Use the appropriate source and dest IPs for all state types. Ticket #4907
- 04:10 AM Revision d3712bdf: remove old unused nopccard_platforms
- 04:08 AM Revision 58ec9af1: remove old unused nopccard_platforms
- Conflicts:
etc/inc/globals.inc - 04:02 AM Revision edd4c038: sync rc.firmware_auto with master
- 04:01 AM Revision ac565fab: remove wrap and net4501 platforms, they haven't existed for years.
-
- pushed to RELENG_2_2 for verification, need to cherry-pick to master once confirmed.
-
- At some point ages ago, if you specified an interface list with dhcrelay, you had to also include the interface(s) wh...
-
- looks to be fixed with what I just pushed.
-
- looks to be correct with what I just pushed, leaving for further confirmation.
-
- diag_dump_states.php's individual state killing assumes the left IP in the state is the source IP, which isn't true f...
07/29/2015
-
- diag_dump_states.php doesn't kill individual IPv6 states. It finds the source and dest as the first group of the addr...
-
- Warning: dns_get_record(): DNS Query failed in /etc/inc/notices.inc on line 390
That comes from trying to look up th... -
- This might be a DNS related issue dues to the warning messages I get. So FYI I am using the DNS Resolver with these s...
-
- First of all when I run /etc/rc.filter_configure_sync it outputs 16 of these:
Warning: dns_get_record(): DNS Query ... -
- what if you run:...
-
-
- 06:53 PM Revision 30e18055: firewall_nat_out_edit.php Conversion complete
- Ready for review
-
-
-
06:32 PM Feature #4905 (Needs Patch): Expose Curve25519 DH group to UI
- StrongSwan has additional key exchange groups that are not currently offered:
https://wiki.strongswan.org/projects... -
-
-
- Applied in changeset commit:4379f31869e48e98f73600a166854ab417c3f645.
-
- Applied in changeset commit:33697d18572e8f3f320b0627101e663710fa3dba.
-
- Looks like we only test for "$parsed_response['config_version'] < $config['version']" and not greater than.
https:... -
- With an HA setup with XMLRPC sync there is supposed to be a version check to prevent different versions of pfSense fr...
-
-
- Applied in changeset commit:6538d22fcb8068b276585b6cc2b4f7b9b0c58829.
-
- Applied in changeset commit:7fbe16f7989890122e429bbf5048324a263d13b8.
-
There is similar code in filter.inc and captiveportal.inc for these rules. The code in filter.inc generates rules f...-
- With Captive Portal on an interface with a CARP VIP, 2.1.x properly included the CARP VIP in the ipfw rules:...
-
- Early shell commands are not run early enough. Running at boot "ifconfig emX name ethX" for all interfaces in order t...
-
- Upgrading from pfSense 2.1.x to 2.2, the captive portal databases are in the older sqlite 2.x format and cannot be re...
-
- Not a bug. Seek help on the forum/mailing list, this is not a support forum.
-
08:01 AM pfSense Packages Bug #4901: How to block https Sites in pfsense
- Kill bill is right, this really seems to be an issue with your configuration. I think the best way to go about it is ...
-
- Ravi Kumar wrote:
> That is a major bug in pfsense.
You can only filter HTTPS requests when DNS lookups are chann... -
05:37 AM pfSense Packages Bug #4901: How to block https Sites in pfsense
- That is a major bug in pfsense.
-
- This is not the place for support questions. https://www.pfsense.org/get-support/
-
- Ravi Kumar wrote:
> Proxy filter SquidGuard: Target categories >> creating a New target apply to denying some sites... -
- Proxy filter SquidGuard: Target categories >> creating a New target apply to denying some sites.(eg.-https://www.fac...
-
07:27 AM Feature #4899: Additional BOOTP/DHCP Options should allow a force option
- This is a RELENG_2_2 patch for /etc/inc/services.inc with a safe workaround for PXElinux.
It would be better to just... -
- One use case is for pxelinux with options 208,209,210.
The client will not request these options so it must be force... -
- The "without context" parts are part of it, also if there are only additions and no deletions, with the right context...
-
- I'm not sure about some of the comments above - I'll look into the points raised. This patch should only have change...
-
- Completely nonsensical code with tons of garbage and hundreds of wheels reinvented. Will submit a pull req when done.
07/28/2015
-
11:36 PM Feature #4898: Allow packages to request syslogd socket to be created inside chroot
- Pull request: https://github.com/pfsense/pfsense/pull/1802
-
- Currently there is no way to run a package inside chroot if it requires logging socket to be located inside chroot. L...
-
- The gateway group with re0 and ppp0 still says " route-to { ( re0 x.x.x.x ) } "
-
- check the output of: ...
-
- My setup for the WAN looks like this:
ISP - switch - Pfsense
If I pull the cable between the ISP and the switch... -
- It shows:
Name: WAN
Gateway: Changes from GW IP to "Dynamic"
Monitor: GW IP
RTT: 0.5ms
Loss: Changes from 0% t... -
- this works, nothing here to indicate a bug. Best to use one of our support resources for assistance first in the futu...
-
- Two WAN connections (re0 and ppp0).
The two gateways are in a gateway group (re0 as tier 1 and ppp0 as tier 2).
Rul... - 06:09 PM Revision 3b6dedf3: firewall_shaper* Conversion complete
- Ready for review
- 04:35 PM Revision d2466d40: Revised javascript on firewall_shaper_vinterface
-
- Fixed by https://redmine.pfsense.org/projects/pfsense-packages/repository/revisions/838a67e8432d882b7f8c3d4a75564ed89...
-
03:44 PM pfSense Packages Feature #4897 (Resolved): Use errorfiles with frontend(s) via UI
- HAProxy currently allows you to define errorfiles for use with backend server pools.
It would be great to be able ... -
03:10 PM Bug #4329: OpenVPN Server returns an error message while validating selfsigned certificate with a deep of 2
- Has this one stalled? It is affecting me too.
Is there a safe workaround?
-
02:27 PM pfSense Packages Bug #4612: syslog-ng creates logrotate cron job, but logrotate doesn't exist
- My mistake, exists for me. Ok, looks like this bug will be squashed as soon as v1.0.7 is out!
-
- It's /usr/pbi/syslog-ng-amd64/local/sbin/logrotate
-
- I have v1.0.6 of the packageinstalled and /usr/pbi/syslog-ng-amd64/sbin/logrotate doesn't exist for me. Will this be ...
-
- Joshua Ruehlig wrote:
> But, logrotate doesn't exist on the system.
logrotate actually does exist. Just elsewhere... -
- Some notes on Kill Bill's observations and the assumptions made by the commit:
* Apply and Revert status cannot be... -
- I reverted the broken commit. Leaving this as resolved for now (though "Needs patch" may be better).
-
- 1/ When you click Test, then click Apply *without* clicking Close on the red banner, it applies the patch, but does n...
-
- Since upgrade to V2.2.4 from v2.2.3 not all dyndns entries are updated correctly.
After a few reboots I've noticed t... -
- https://github.com/pfsense/pfsense-packages/pull/909
Die, PBI, die!!! #$%^@!!! :-X -
- That's still a switch configuration problem. Unless you have a bridge on pfSense involved, you should have "portfast"...
-
- Upon further testing, this issue seems to cause further problems described below when using certain switches that tak...
-
- As mentioned in a previous comment on this ticket, it was rejected because it was a duplicate of #3328.
-
07:27 AM Bug #3794: Re-orderable IPsec
- Issue was fixed in 2.2 why marked as rejected?
Thanks
Robert -
- Well I think I have found something (basically, kernel limits issue), but the hints there are not useful since kern.m...
-
- Alex . wrote:
> I think the problem has accumulated during the work of this system (2.0.x -> ... -> 2.2.4).
2.0.x... -
01:32 AM pfSense Packages Bug #4887: nonexistent lib file - (lightsquid not work)
- OK
Today checked the update from version 2.1.5 to 2.2.4 on a clean system (vmware), everything works. I think the pr... - 02:29 AM Revision 8141416f: Revert "Replace space to tab indentations"
- This reverts commit ff01ab1a7460a6061f2df3f8cf50b744ba5dc912.
-
- Note this is in RELENG_2_2 2.2.4-RELEASE also:
https://github.com/pfsense/pfsense/commit/dea04167b4678353d99b58279fe... -
- The simstate and service fields in your output are the field offsets used by the code, so that is a good start. But t...
07/27/2015
-
- Bump this to make it appear later than the 200 entries Chris just mass-changed. I think this one can be closed as dup...
-
- this is a bug in racoon on Android. Described here. https://wiki.strongswan.org/issues/255 also #4891
not a bug i... -
-
- haven't gotten info to replicate, and no one else has reported same.
Eric: if you can provide specifics to replic... -
- thanks Phil. Agree on getting rid of all the complications here. I went through and tested it all myself too after yo...
-
- For master: https://github.com/pfsense/pfsense/commit/8e24ffdd7a0cea3580f15317275128c6abe924d2
For RELENG_2_2 and 2.... -
- Oops, I put url_port instead of url_ports in that first pull request.
A hopefully better attempt is https://github.c... -
- Forum: https://forum.pfsense.org/index.php?topic=97101.0
It seems I did not consider the url_port alias type when "f... -
- From Diagnostics->DNS Lookup it was reporting stuff from the upstream public DNS for me, as well as 127.0.0.1 so I us...
-
01:16 PM Feature #4883: DNS Fowarder domain overrides
- Today I tried switching from forwarder to resolver and was unable to get resolver to resolve against multiple entries...
-
- yes, true, I misread that as Resolver.
If dnsmasq implements same support, we can definitely implement there as w... -
- 07:42 PM Revision ade65176: Fixed "Save" action
- 07:18 PM Revision 46bb6ced: firewall_shaper_layer7 done
-
- As a temporary measure, I have backed out commit 4d7568404c276ea8fd10583e8d769f5ba82587aa by hand for testing. This, ...
-
- Thank you Chris. Is there anything I could put in via system patches rather than hand editing files?
-
- given the issues with it, I assumed no one could have been successfully using it. Sorry that was a wrong assumption i...
-
- Forgive me for being direct...
The existing solution may not have been proper, but it did work and was very useful... - 05:54 PM Revision 6b7ae4af: Strip any \r when parsing URL table ports file
- If the URL table ports file at the URL specified has lines separated by "\r\n" rather than just "\n", then the code h...
-
-
-
- 05:51 PM Revision 2b869fa1: Strip any \r when parsing URL table ports file
- If the URL table ports file at the URL specified has lines separated by "\r\n" rather than just "\n", then the code h...
-
- 05:47 PM Revision 8e24ffdd: Consider url_port alias type when checking port-type aliases V2
- This time I have typed url_ports correctly.
-
-
04:31 PM Bug #4345: Traffic Shaping doesn't work with Xen netfront driver
- > 2.2.4-RELEASE Now Available
When can we use this?
There are security fixes, which we must have. - 02:41 PM Revision d7b67981: Consider url_port alias type when checking port-type aliases V2
- This time I have typed url_ports correctly.
-
- During boot any urltable_ports type aliases will be loaded from the specified URLs into files in /var/db/aliastables/...
-
- Using LDAP with OUs and 2012 R2 in multiple places. Definitely not a generic issue.
-
- I do not have anonymous binds enabled. I have a domain user & password specified. The tests shows that connect and ...
-
- This should be on the forum first for discussion until/unless a bug is confirmed.
That said, I hit something recen... -
- I have an existing Active Directory domain and I recently added another AD Server in my existing domain. Existing se...
-
- Err... not XML, but tinydns.inc; the point obviously stands, though. (I suspect that beyond /usr/local/bin/svscan, al...
-
- @Michael: These issues won't go away until the PBI shit dies in 2.3. Meanwhile, I looked at the code and the only fix...
-
01:18 PM pfSense Packages Bug #4555: Tiny DNS: Service does not start
- (This is an issue in 2.2.3 as well as 2.2.1)
-
- I started working through the issues, beginning at tinydns.sh
Unfortunately it was taking more time than I have avai... -
- Forum reference for tracking:
https://forum.pfsense.org/index.php?topic=96927.0
https://forum.pfsense.org/index.p... -
- You're on a version that's no longer supported, and there isn't anything here that describes an actual bug (lighttpd ...
-
05:30 AM pfSense Packages Bug #4889 (Not a Bug): pfSense 2.1.5 amd64 with haproxy-devel 1.5.3: (connections.c.277) SSL: -1 5 32 Broken pipe
- Hi,
we have several pfSenses as firewalls with loadbalancing. We're using haproxy-devel for our service, because t... -
- That's a bug in the Android client with strongSwan -- appeal to one or the other to fix it: https://wiki.strongswan.o...
-
11:02 AM Bug #4891: android 5 can't login pfsense 2.2.4 ipsec
- I was upgrade from 2.2.3,it's version also can't connect ipsec by android 5.
I never connect ipsec by android 5.I ca... -
- What version were you on before the upgrade, when it was working?
-
- I use pfsense 2.2.4.The client use Android 5.
I screenshot some pic.You can see some config. -
- Not enough detail here. Should be discussed in a forum thread first to narrow down a specific issue before opening a ...
-
- Hello,
I have upgrade to pfsense 2.2.4.But it's always can't connect it by android 5.
It's have log.
Jul 27 10:4... -
- As already noted on another bug - please, remove the unmaintained, horribly broken and dead Squid2 package. Noone sho...
-
08:17 AM pfSense Packages Bug #4887: nonexistent lib file - (lightsquid not work)
- im using lightsquid with squid3 and works fine on 2.2.4
-
- #squid2
ln -s /usr/lib/libssl.so.7 /usr/lib/libssl.so.6
ln -s /lib/libcrypt.so.5 /usr/lib/libcrypto.so.6
-
- lightsquid not work - nonexistent lib
#perl not work
ln -s /lib/libutil.so.9 /lib/libutil.so.8
#GD not work
l... -
- im having same issue, setting to 0666 works fine
-
- no relation to base version
-
- when squid3 start
warning: chmod() expects parameter 2 to be long, string given in /usr/local/pkg/squid.inc on line ... -
- Files under /var/etc are not meant to be touched by human hands. For persistent files, place them in a location that ...
-
07:53 AM Bug #4890 (Rejected): OpenVPN - File created with ifconfig-pool-persist is destroyed upon system reboot
- +Issue:+ File created with the ifconfig-pool-persist Advanced Configuration option is destroyed upon system reboot.
... - 07:00 AM Revision 645f2fa8: Pkg install error handling and connect timeout RELENG_2_2
- Fixes Redmine #4884
1) Line 778-780 - If the fetch of any of the package additional files
fails then bail out. This p... - 06:57 AM Revision 2da055f0: add a check to avoid foreach on non-array
- 06:57 AM Revision 56fd056b: add a check to avoid foreach on non-array
-
- Note: This seems to have broken url_port alias processing.
See new bug https://redmine.pfsense.org/issues/4888 - 02:29 AM Revision dd03760e: Check if the actual $fieldname element is present in the $a_pkg[$id] array before trying to assign its value. Do same with default_value. Fixes issue where default value was not being populated for newly added fields.
-
- Pull request for RELENG_2_2 https://github.com/pfsense/pfsense/pull/1790
I managed to get an example with it faili... -
-
- has no relation to base version
-
- when ntopng start
warning: Invalid argument supplied for foreach() in /etc/inc/pkg-utils.inc(423): eval()'d code o...
07/26/2015
-
- there were a variety of problems with that implementation. we'll properly implement it in the future.
-
- While I haven't reviewed the strongSwan code, I can attest that operationally auto is not a synonym for IKEv2. I've b...
-
- it being a synonym for IKEv2 was only true of pre-5.x strongswan versions (see my above comment). But still it wasn't...
-
- It would be useful if it was actually auto. It's not. It's a synonym for IKEv2 in strongSwan. Needs fixed upstream.
-
- Hate to disagree, but auto is indeed useful. Removal breaks the ability to mix IKEv1 and IKEv2 mobile clients.
-
- The code that gets "additional files" during package install does not pass failure codes back up to the overall packa...
-
- That certainly works with DNS Resolver (unbound).
https://redmine.pfsense.org/issues/4350
https://github.com/pfsens... -
- you can, add the same domain multiple times.
-
- Within the DNS forwarder under the domain and host overrides it would be a good feature to allow a list of DNS serer ...
-
- You really have pfSense 2.3?
Duplicate of Bug #4555 -
- https://github.com/pfsense/pfsense-packages/blob/master/config/tinydns/tinydns.inc#L77
- 08:20 AM Revision a34e9807: Bring back the ability to specify file and URL as command line arguments. Clean it up a bit.
-
- the 119 to 120 is regarding upnp, i had modified it such that now the user can add multiple user specified permission...
-
- There is a 119_to_120 config upgrade in master, which needs to be double checked, and if fine, bump the config versio...
-
- The root problem is that unbound reload functions (-HUP, unbound-control reload) actually stop, then start unbound. W...
- 12:51 AM Revision 8691632c: Upgrade config to 11.9. Changes IPsec peer ID for EAP types to "any", to retain previous behavior.
- Conflicts:
etc/inc/upgrade_config.inc - 12:45 AM Revision 905205a2: Change the log for CRLs with no data (exists but no certs revoked) to a warning since it's not technically an error.
- 12:41 AM Revision 5e11c6a1: Upgrade config to 11.9. Changes IPsec peer ID for EAP types to "any", to retain previous behavior.
- 12:34 AM Revision c6354005: Change the log for CRLs with no data (exists but no certs revoked) to a warning since it's not technically an error.
- 12:21 AM Revision 29fc0334: Initialize variables
07/25/2015
- 10:00 PM Revision b0994811: Add 'any' option for peer ID, for mobile IPsec scenarios where you can't or don't want to check peer ID.
- Conflicts:
usr/local/www/vpn_ipsec_phase1.php - 09:58 PM Revision 9a2bec12: Add 'any' option for peer ID, for mobile IPsec scenarios where you can't or don't want to check peer ID.
-
10:27 AM Feature #1831: Captive portal IPv6 support
- Hi,
I just stumbled over this ticket after trying to find the reason for IPv6 not working in my guest WiFi. Since ... -
09:50 AM Feature #4881 (Resolved): Allow NPt to use dynamic IPv6 networks
- It would be very helpful to allow NTp to be used with dynamic IPv6 connections.
-
- thanks
-
- Fixed with the above pull req. Thanks.
-
- 1/ All settings lost on reinstall/upgrade. After reinstall, I'm left with this in config.xml...
-
- thanks doktor
-
- This should be fixed now.
-
02:44 AM Todo #4672: Update igmpproxy to latest version
- p.s. just in case it wasn't obvious, you still need to update igmpproxy to version 0.1 - the above just relates to en...
-
- I've updated the post. There's a better way. Rather than creating igmpstart.sh, you can just edit the line in the s...
- 02:05 AM Revision ff01ab1a: Replace space to tab indentations
- 01:29 AM Revision b11eea17: Remove unused variables
- 01:15 AM Revision 10da4aea: Remove unused variables
-
- https://github.com/pfsense/pfsense/pull/1784
Dunno why this needs to be logged or what kind of debugging is this s...
07/24/2015
-
- yeah, done. Thanks
-
- Plus it's already done.
-
07:30 AM Feature #4171: Allow for one rule to apply to both ipv6 and ipv4 to allow all protocols.
- I think this was already requested in #3367
-
- this was done in an earlier 2.2.x release
-
- 06:12 PM Revision 7903dd5e: Tree javascript lib added to repo
-
- Yes, you are right. There is a bit of duck-and-weave in the changes there to save the previous strings, get the $POST...
-
- thought I'd submitted this yesterday but was still sitting here.
Thanks Phil. Assuming testing checks out fine, we'... -
12:18 PM Bug #4817: rc.start_packages: Restarting/Starting all packages on config sync
- Well to correct my own typo and partly answer my own question therein:
'_Is_ this just down to using OpenVPN, becaus... -
- https://github.com/pfsense/pfsense/pull/1782
This is one possible quick-and-dirty pragmatic way to fix this. Increme... -
- file_notice() keys its entries by the Unix time() stamp that is only to the second. If the system wants to notify the...
-
- https://github.com/pfsense/pfsense/pull/1783
has a suggested solution. -
- For example:
LAN 192.168.1.1/24 with DHCP pool 192.168.1.100-192.168.1.199 working fine.
OPT1 192.168.2.1/24 with D... -
- Kill Bill wrote:
> That /usr/pbi/ntopng-amd64/bin/ntopng-geoipupdate.sh is definitely not a shell script, plus it do... -
- ...
-
08:17 AM Bug #4298: Excessive errors from snmpd
- We are also experiencing the same issue. When doing snmp walk's against the pfsense firewall we get timeout's at diff...
-
04:19 AM Bug #4850: RRDGraphs suddenly stop recording
- http://clickmy.website pfsense config-router.thedesignspace.org-20150724095531.zip
Dear Chris and others,
Many th... - 04:09 AM Revision f674922e: Lower LoginGraceTime to 30s, should be plenty long for users, and mitigates the password login attempt bypass bug in OpenSSH. Ticket #4875
- 04:07 AM Revision 29f5f85e: Lower LoginGraceTime to 30s, should be plenty long for users, and mitigates the password login attempt bypass bug in OpenSSH. Ticket #4875
- 03:58 AM Revision 26ab9c1a: Display monitor IP on Gateways widget
- This version is for system patches to 2.2.4 systems
-
- Perhaps also this (copied from pfBNG update log) - really cannot see how I'm hitting the 10M limit here....
-
- Reference: https://forum.pfsense.org/index.php?topic=95989.0...
- 12:56 AM Revision 8e3c8f53: Bump to 2.2.4-RELEASE
07/23/2015
-
- fixed
-
- strongswan 5.x versions do have a concept of 'auto' in that they'll accept either v1 or v2 as responder, use v2 only ...
-
- removed, and upgrade code added to convert. Should be good now.
-
- With "Key Exchange version" set to Auto in IPsec Phase 1, the Mode setting is set to Main in the GUI even if Aggressi...
-
- if/when it gets fixed upstream we'll patch it. You have the same option that everything else does - disable password ...
-
- Have you actually tested this? Because, mind you, you'll get banned from the firewall: https://doc.pfsense.org/index....
-
08:36 PM Bug #4875: Security issue with OpenSSH "ChallengeResponseAuthentication yes" (implies KbdInteractiveAuthentication yes)
- Current workarounds are:
1) Do not allow password authentication for ssh. The default setting for sshd in public k... -
- http://www.infoworld.com/article/2951100/security/bug-exposes-openssh-servers-to-bruteforce-password-guessing-attacks...
- 11:17 PM Revision 021a97b5: Only omit rightid for PSK mobile types. Flip the logic here as the 2_1 !
- logic gets ugly.
- 11:15 PM Revision 6d86e659: Only omit rightid for PSK mobile types. Flip the logic here as the 2_1 !
- logic gets ugly.
- 08:03 PM Revision bdd9efb3: change iketype auto to ikev2 on upgrade. Ticket #4873
- 08:02 PM Revision e7f4a964: change iketype auto to ikev2 on upgrade. Ticket #4873
- 07:47 PM Revision 4d756840: Remove "auto", it's just a synonym for IKEv2. Ticket #4873
- Conflicts:
usr/local/www/vpn_ipsec_phase1.php -
- thanks Paul
-
- Duplicate of #4062
-
- This also broke functionality in diag_ping and diag_testport pages.
- 07:43 PM Revision 47f80269: Remove "auto", it's just a synonym for IKEv2. Ticket #4873
- 07:34 PM Revision c03512f5: include vpn.inc so IPsec CRL reload works. require_once filter.inc in
- vpn.inc for callers there that haven't already included it.
- 07:31 PM Revision 0dea741f: include vpn.inc so IPsec CRL reload works. require_once filter.inc in
- vpn.inc for callers there that haven't already included it.
- 06:38 PM Revision d17c4ee9: Fix spaces
- 06:38 PM Revision b28e1512: firewall_shaper_queues completed
-
- The RSA cases are no longer skipped, and work correctly now. Commits (didn't tag this ticket since it's private):
h... -
-
06:04 PM
pfSense Packages
Bug #4857: Cannot install squid3 on pfsense 2.2.3
- Reinstalled pfsense from scratch using the config.xml backup I had previously created, and ended up in the same situa...
-
- the issue will be addressed at some point. The complication is you can't just not restart in that circumstance, as th...
-
- Here is the output:
[2.2.3-RELEASE][root@home3-fw.localdomain]/tmp: usbconfig
ugen0.1: <OHCI root HUB 0x8086> ... -
- What is in /tmp/3gstats.* ?
and what is the output of:
usbconfig
?
Those things are used by function get_interf... - 03:38 PM Revision 806942d0: Final changes on firewall_shaper ??
- 03:19 PM Revision 9ddd492c: Javascript changed to jQuery
-
- Seems to be fairly rare, but there is a potential crash in pf that has been hit at least once:...
-
- fixed
-
- looks good, works with IPsec now, and still works with OpenVPN. want to get additional feedback and testing before cl...
- 01:37 PM Revision aef9d8fe: Partial converson
-
-
-
- this should be fine. I'm going to make sure my LTE card works (in a few hours, it's at home), then this should be goo...
-
- Thanks for the follow up. Should only run 64 bit on 64 bit hardware. Whatever issue there is something in FreeBSD rat...
-
11:29 AM Bug #4871: Boot loop on older hardware when installing latest Version.
- Just tested the 64Bit LiveCD Installer Version and this works fine (2.2.3)
-
- When I install pfSense on my Dell Optiplex 320 (Pentium 4), the installation runs fine till the reboot question at th...
-
10:18 AM Bug #4872 (Duplicate): GRE tunnels on CARP endpoint doesn't get started at boot
- GRE tunnels doesn't get started at boot.they dont have the running flag. If i login to the console and do a ifconfig ...
-
- Well, there's no media info on pppoeX, not sure what you want to display there. Just run ifconfig and see for yourself.
-
- This might be related to commas coming back in the status information. So maybe it is fixed with:
https://github.com... -
- i managed to trigger it again on the same box and got the config file, can u give me ur mail id so i can send the con...
-
- actually few months back when i opened this ticket, i had sent the config file and Chris and way to replicate, cant s...
-
- @Bipin - I just fixed a different issue https://redmine.pfsense.org/issues/4568 where some things the interfaces.php ...
- 05:34 AM Revision d55f6326: Most of the flowtable bits were removed some time ago, take out the last of them too.
-
- https://github.com/pfsense/pfsense-packages/pull/904
- 05:32 AM Revision b0deba23: Most of the flowtable bits were removed some time ago, take out the last of them too.
- 05:21 AM Revision 6141f51a: When a CRL is updated, refresh strongswan's CRLs.
- 05:20 AM Revision fa944e1d: When a CRL is updated, refresh strongswan's CRLs.
- 02:59 AM Revision 85cf3f4f: Merge pull request #1775 from phil-davis/Interfaces-Widget-2-2
- 02:57 AM Revision 241c48ef: Add isset check for strictcrlpolicy
- To be consistent with the checks in the rest of this code.
- 02:57 AM Revision 1d3c9c9f: Merge pull request #1778 from phil-davis/patch-1
-
- Actually I looked at the code more and option (d) was easy to do and seemed reasonable. Pull request https://github.c...
- 12:54 AM Revision a95acf12: Add isset check for strictcrlpolicy
- To be consistent with the checks in the rest of this code.
-
- Pull request submitted:
https://github.com/pfsense/pfsense/pull/1779
07/22/2015
-
- Please post to the forum for assistance. This doesn't meet criteria for a bug report. https://doc.pfsense.org/index.p...
-
- Bandwidth Limiter is not Working Properly.
-
- Note: both Local IP, subnet and Gateway fields are lost for all but the first of multiple interfaces selected for MLP...
-
- The problem is at line 929 in the configs above. The alias did not get renamed in the outbound rule. That has been fi...
-
- Commits for master to finally get the all-singing all-dancing version of the glob:
https://github.com/pfsense/pfsens... -
- Thanks, I understand what you're saying now.
There's a reason things are the way they are - iOS and similar Cisco... -
11:40 AM Bug #4825: Mobile client IPsec config omits peer identifier
Don't have the 2.1 config around anymore, sorry. But I do not think it is necessary.
In
https://github.com/pf...-
- merged that one as well, thanks Phil!
-
- Pull request https://github.com/pfsense/pfsense/pull/1775 for RELENG_2_2
-
-
- Commit for master: https://github.com/pfsense/pfsense/commit/a607968ab4fbfc5fa3baf6ce6282065e22b81847
Commit for REL... -
- Also if you select some debug level settings when saving the very first time, then those are not actually saved.
T... -
- On a system that does not have IPsec enabled, go to VPN->IPsec, Advanced Settings tab and press Save (leave all the d...
-
- the only use for $output is as a temp variable to hold the imploded array, which is used in the following sprint and ...
-
- style changes per @rbgarga
- 08:10 PM Revision bfc1c4b0: make the IPsec bypass LAN from LAN subnet to LAN subnet rather than from
- LAN subnet to LAN IP. Same end result except it'll work for VIPs on same
interface now. - 08:08 PM Revision 699e2074: make the IPsec bypass LAN from LAN subnet to LAN subnet rather than from
- LAN subnet to LAN IP. Same end result except it'll work for VIPs on same
interface now. - 08:03 PM Revision df4de32d: Add IPsec advanced option for strict CRL checking
- 08:03 PM Revision 7361628b: Add IPsec advanced option for strict CRL checking
- 06:32 PM Revision cc31dc7a: fix typo
- 06:31 PM Revision 0be67fe5: fix typo
- 06:24 PM Revision b3bcc729: Handle IPsec Advanced Settings save before IPsec is enabled
- If the Advanced Settings are saved before any other IPsec is set up then $config['ipsec'] can be just the empty strin...
- 06:22 PM Revision 3453cbfc: Merge pull request #1777 from phil-davis/patch-1
- 06:06 PM Revision 14ec7c4b: write out built-in CRLs for strongswan
- 06:05 PM Revision 5bded426: write out built-in CRLs for strongswan
-
04:39 PM pfSense Packages Bug #4868: excessive Quagga package restart when IP change
- Fantastic! Works fine. Thanks.
This patch will it be implemented in a future release? -
- http://files.pfsense.org/jimp/patches/skip_restart_for_routing_packages-2.2.2.patch
-
- Already mentioned on this thread one year ago :
https://forum.pfsense.org/index.php?topic=80262.0
Quagga/OSPF ser... -
04:39 PM pfSense Packages Bug #4869 (Duplicate): TinyDNS services fail to start in pfsense 2.3
- I have been trying to install abd run TinyDNS into pfsense 2.3 but it does not seem to setup correctly.
From the l... -
- Codel patch is being reviewed
-
05:31 AM Bug #4692: CODELQ scheduler defaults to incorrect "target" and "interval" values.
- Good to hear.
There are two different methods of employing codel.
1. Where codel is the one and only scheduling... -
05:14 AM Bug #4692: CODELQ scheduler defaults to incorrect "target" and "interval" values.
- Kieran Cawthray wrote:
> As far as I can see, the interval is correctly set to 100 on both the 20150721 and 20150719... -
- As far as I can see, the interval is correctly set to 100 on both the 20150721 and 20150719 nightly builds, the targe...
-
- fixed
-
- 31ae45d2535e73f58b307f18227ba29a9061d2af looks good to me.
keyid might deserve some quotes, too, but that's propa... -
- Fixed, please try next snaps
-
- Checking
- 01:51 PM Revision a607968a: Handle IPsec Advanced Settings save before IPsec is enabled
- If the Advanced Settings are saved before any other IPsec is set up then $config['ipsec'] can be just the empty strin...
-
- There is no /conf so loading the config fails when booting the ISO, as do several other install-related tasks.
It'... -
- the values that were originally under System>Advanced (of which MSS clamping is the only remaining) are within system...
-
07:39 AM Bug #4864: IPsec MSS clamping not backed up in IPsec partial backup
- My pfSense installation is running the current 2.2.4 development and the problem is that the Maximum MSS is being bac...
-
- There are some fixes to the way the "Enable bypass for LAN interface IP" check-box is handled that are coming in 2.2....
-
- Maximum MSS (probably all in the Advanced settings in the VPN IPsec) is not being backup in the XML file.
-
08:55 AM Feature #4863 (Assigned): Add support for Sierra MC7355
- Try to get patch into 2.2.4,, but don't hold up release.
-
02:10 AM Feature #4863 (Resolved): Add support for Sierra MC7355
- Support was added to pfSense version 2.2.3 for Sierra MC7354 hardware modem. Request to add MC7355 Product ID due to ...
-
08:39 AM Bug #4866 (Resolved): L2TP server are restarted after adding/modifying L2TP users (mpd.secret)
- Full daemon restart is useless since mpd reads mpd.secret on the fly (as I can uderstand from mpd4's code). One probl...
-
- Emailed you my findings.
- 05:08 AM Revision d97992c7: Interfaces widget use more obscure separator RELENG_2_2
- Redmine #4859 fix for RELENG_2_2
- 04:54 AM Revision fcb477c0: Merge pull request #1774 from phil-davis/interfaces-widget
- 03:51 AM Revision 9cbdb6e3: Interfaces widget use more obscure separator
- when acquiring the interface data. In particular the media information
can have commas in it already as reported in R... - 12:25 AM Revision 8c378f3f: Unset old CA and Cert in left system config
- Unset any old CA and Cert in the system section that might still be there from when upgrade_066_to_067 did not unset ...
- 12:25 AM Revision 909d9ec1: Merge pull request #1770 from phil-davis/patch-1
07/21/2015
-
- thanks Phil. Merged to master, doesn't cherry-pick clean to RELENG_2_2 because of style diffs. Not difficult to fix, ...
-
- Yes, it was an easy fix. Comma was being used to separate the various interface data items and that data also had a c...
-
04:09 PM Bug #4859 (Resolved): Cosmetic dashboard issue with bce/bge interfaces
- When running bce/bge interfaces directly connected (e.g. a sync interface between cluster members) one of the ports n...
-
- thanks Armin. Emailed you back for feedback.
-
- fixed
-
- I probably fixed this by coincidence (didn't recall this ticket existed until now) earlier today. I think what Adam's...
-
- thanks for the config. I deleted it from here since there are potentially sensitive things in it and added it to a pr...
-
- duplicate of #4508
-
- The MailScanner is release Stable v4.85.2-3
-
- Hello,
The package MailScanner can't start on pfsense 2.2.3,Could fix in next release? -
08:47 PM pfSense Packages Bug #4862 (Needs Patch): HAVP won't start
- I'm unable to get HAVP to even start. I have attached screen shots. Below are system logs filtered on HAVP. Also, I h...
-
- CRLs generated by the built-in certificate manager should include authorityKeyIdentifier. This was changed in openssl...
-
- Renato Botelho wrote:
> Ben Cook wrote:
> > I think there is already a (newer) patch merged, but according to a few... -
- Ben Cook wrote:
> I think there is already a (newer) patch merged, but according to a few sources, the patch is not ... -
- I think there is already a (newer) patch merged, but according to a few sources, the patch is not working.
http... -
- Pull request has been merged. Thanks!
- 06:05 PM Revision 564f1356: Unset old CA and Cert in left system config
- Unset any old CA and Cert in the system section that might still be there from when upgrade_066_to_067 did not unset ...
- 04:51 PM Revision ebd900f9: Allocate dnpipe and dnqueue numbers even if no filter rules
- It would be quite unusual to have no filter rules array, but if that is indeed the case then the first part of this c...
-
- 04:41 PM Revision 2abf33ed: Captive Portal zoneid upgrade fix var name typo
- With the typo, this empty() test would always have been true. So maybe on upgrade some existing captive portal zoneid...
-
- 04:27 PM Revision 55fae310: Captive Portal zoneid upgrade fix var name typo
- With the typo, this empty() test would always have been true. So maybe on upgrade some existing captive portal zoneid...
- 04:02 PM Revision 34823356: Allocate dnpipe and dnqueue numbers even if no filter rules
- It would be quite unusual to have no filter rules array, but if that is indeed the case then the first part of this c...
- 03:33 PM Revision 661de3e7: Unset old CA and Cert in system config
- This looked odd. Why would we leave behind the old "ca" and "cert" section in $config["system"]?
I guess it would do ... -
-
-
-
-
08:25 AM Bug #4326: Limiters on firewall rules where NAT applies drop all traffic
- I'm still seeing the issue after upgrading to 2.2.3. NAT with limiters means no traffic. Once the rule is saved with ...
- 05:34 AM Revision 34cd5348: Reverting this for master, needs review in context of uniqid changes. Opening redmine ticket. Revert "sync up rc.carpmaster with RELENG_2_2. Ticket #4854, plus removal of unnecessary loop that'll amplify notifications unnecessarily."
- This reverts commit 401adacfefbc6006bc2270ccc1640e1b15f767c1.
- 05:33 AM Revision f3dadbb4: Going back to prior to earlier commit. Revert "fix indent my editor broke in an earlier commit."
- This reverts commit 948bbc9baf77b47e636c904faf677a698c13a293.
- 05:22 AM Revision f5b37588: fix indent my editor broke in my earlier commit
- 05:22 AM Revision 948bbc9b: fix indent my editor broke in an earlier commit.
- 04:50 AM Revision 66ed8787: Add IPsec IKE Intermediate EKU to server certificates. The serverAuth EKU already added suffices for Windows clients, though strongswan docs suggest setting this as well.
- 04:46 AM Revision 68ebb884: Add IPsec IKE Intermediate EKU to server certificates. The serverAuth EKU already added suffices for Windows clients, though strongswan docs suggest setting this as well.
- 01:21 AM Revision ed226521: Specify keyUsage and extendedKeyUsage in openssl.cnf, use crl_ext.
- 01:20 AM Revision b27567ca: Specify keyUsage and extendedKeyUsage in openssl.cnf, use crl_ext.
-
- works
-
- works
-
- Now I'm confused that I was looking at something different from what you were referring to. Could you share your 2.1....
-
- The changes made in 89f171b052fbe72aed654d2a1c3d5a24e9bf9902 need review and completion. Need to verify OpenVPN bound...
07/20/2015
-
07:44 PM
pfSense Packages
Bug #4857: Cannot install squid3 on pfsense 2.2.3
- Other than the multiple errors I dont really understand, I have worked on the two file permission errors:
# Cannot... -
07:36 PM
pfSense Packages
Bug #4857 (Not a Bug): Cannot install squid3 on pfsense 2.2.3
- I have tried migrating from squid2 to squid3 because I was having issues with squid2 and package repos, and trying to...
-
12:05 PM Bug #4856: Traffic Shaper blocks traffic when the config is otherwise changed
- I can give a config if required (see attached file), but the problem is that the issue appears often enough for me to...
-
- Going to need more to go on here, the case as described isn't replicable. Like a specific set of steps, start with th...
-
- When changing a firewall or NAT rule, or converting a NAT rule to loadbalancer (or potentially other firewall-related...
07/19/2015
-
04:21 PM Bug #4418: IPsec mobile clients - bogus "p" appended to search domain
- Just happened to have the same problem. DNS in OS X client and Apple IOS client does not work.
Running pfSense 2.2.3... -
- Just happened to have the same problem. DNS in OS X client and Apple IOS client does not work.
Running pfSense 2.2.3... -
- Duplicate of #1835
-
11:09 AM Revision 99f89b04: Fix caps
-
- Clarify that this applies to DNS Resolver as well. Update the translations template.
-
- Clarify that this applies to DNS Resolver as well.
-
- Clarify that this applies to DNS Resolver as well.
-
-
- Some quick mockup here: https://github.com/pfsense/pfsense/pull/1767
-
-
- Pull request has been merged. Thanks!
-
-
- This has been fixed by https://github.com/pfsense/pfsense/commit/eb0287e96f01ea0880d3ccce762d6880b2b44792
-
- I don't understand what you mean. The problem is that even though you configure a remote identifier, which e.g. might...
-
12:56 AM Bug #4855 (Resolved): GroupManager stops working with LDAP after (something?), /usr/sbin/pw exiting w/error
- I'm not sure I can reproduce this issue, but the system is still up.
I'd renamed / created/ removed / created some...
07/18/2015
-
-
- Clarify that this applies to DNS Resolver as well. Update the translations template.
-
- Clarify that this applies to DNS Resolver as well.
-
- Clarify that this applies to DNS Resolver as well.
-
- 05:17 PM Revision 205178aa: Switch logic of $disabled tests system_gateways
-
-
-
- Jim P wrote:
> It does act as a responder now rather than an initiator, but it would be nice to have a selector on P... -
- 03:58 PM Revision 49fc1967: Really avoid error loading rules for numeric host name in alias
- Create a host-type alias. Put just a number in "IP or FQDN" - e.g. I made alias name "Zqw" and a single host "23". Th...
-
-
-
-
- Kill Bill wrote:
> The DHCP/DHCPv6 stuff was meanwhile fixed, apparently. System - General Setup and the Captive Por... - 01:37 PM Revision 561cc25d: Modal - refactored using new attributes
- refs #30
- 01:37 PM Revision 566885d5: Merge branch 'psophis-modal' into bootstrap #30
- 01:36 PM Revision 2d05ff20: Merge branch 'modal' of git://github.com/psophis/pfsense into psophis-modal
-
- Applied in changeset commit:028ff8f8a3d7c09ee5604d6f3eadcdaaef1610c7.
-
- Pull request has been merged. Thanks!
-
-
- Pull request has been merged
-
- Pull request has been merged
-
- ... so that people can get useful descriptions in the System Logs - Firewall GUI, instead of useless tracker numbers....
-
- ... so that people can get useful descriptions in the System Logs - Firewall GUI, instead of useless tracker numbers.
- 09:40 AM Revision 401adacf: sync up rc.carpmaster with RELENG_2_2. Ticket #4854, plus removal of unnecessary loop that'll amplify notifications unnecessarily.
- 09:24 AM Revision 6eb52093: Handle OpenVPN bound to gateway groups using CARP IPs in rc.carpmaster/backup. Ticket #4854
-
- looks to be fixed with what I just pushed
-
- OpenVPN bound to a gateway group specifying CARP VIPs stops when CARP goes to backup status, but doesn't start when r...
-
- Fixed by https://github.com/pfsense/pfsense-packages/commit/2dd0d10d8eb7e9208cd0a02fa6ee02d47a554a8f
-
- thanks, yeah that was fixed in 2.2.0
-
- Works.
-
- The original issue here was fixed in 2.2.3.
The issue Grzegorz and Cullen noted is separate. Opened #4854 for tha... -
- Going to need more details, not a general issue anywhere along those lines. Anything RRD-related in the system log? I...
07/17/2015
-
- fixed
-
- works
-
- Applied in changeset commit:faaab0885d68e6422885e1c3d56985992e909474.
-
- Applied in changeset commit:e4b7410b9bc3622cee6797588a7d5a685d4d759e.
-
- Should be fine to s/\/emailAddress/, E/ on asn1dn when doing config upgrade from 2.1.5
-
- there are a variety of problems along these lines with slow flash that aren't safely fixable. Leaving permanently rw ...
-
- fixed
-
- fixed
-
- fix pushed
-
- When binding outgoing-interface in Unbound to a CARP IP, you end up with an invalid config with a line like: ...
-
- The GUI should show descriptions according to what's selected from the dropdown, but currently does not for URL Table...
-
- The GUI should show descriptions according to what's selected from the dropdown, but currently does not for URL Table...
- 07:29 PM Revision 0958dde1: firewall_schedule_edit.php Conversion complete
- Ready for review
-
- Thanks Chris! We'll get this integrated for 2.3.
-
- - Do not add leftid to confir when value is empty
- When asn1dn param is in binary form, explicit type
- Always add d... -
- - Do not add leftid to confir when value is empty
- When asn1dn param is in binary form, explicit type
- Always add d... - 06:01 PM Revision c37ffea8: only add outgoing-interface if it's an IP. Ticket #4852
- 06:00 PM Revision 4df4c7d6: Only add outgoing-interface if IP. Ticket #4852
- 05:20 PM Revision dd07956c: Really avoid error loading rules for numeric host name in alias
- Create a host-type alias. Put just a number in "IP or FQDN" - e.g. I made alias name "Zqw" and a single host "23". Th...
-
- See screenshot. Note that what's selected from the dropdown does not match what's shown below, unlike for the rest of...
-
- Please try next round of snapshots
-
- The issue doesn't affect left side because leftid is overwritten by strongSwan when leftcert is defined.
I'm worki... -
08:41 AM Bug #4792: IPSec ASN.1 DN needs double quotes in config file
- Hold on... The real issue here (as explained in the first comment) is the mishandling of the peer id type for the new...
-
- this looks to be fixed.
-
- - Add a upgrade code to fix asn1dn string format to match strongSwan needs
- Bump config version to 11.8 -
- - Add a upgrade code to fix asn1dn string format to match strongSwan needs
- Bump config version to 11.8 -
-
- Duplicate of Bug #4369
-
04:47 AM Bug #4851 (Duplicate): proxy settings not honored / cannot work with proxy
- Hi,
when I configure an http proxy under System / Advanced / Miscellaneous, some functions do not use the proxy:
... -
-
- I found the dumb error in my previous attempt. This pull request works for me on a system with a mix of nested host/n...
-
- Been using the same setup for 2 years and no configuration changes but the update to 2.2.3-RELEASE (i386) however sus...
-
02:59 AM Bug #4848: The remote gateway "ip-adres is already used by phase1 "name of phase 1"
- "If interface and remote are the same as an enabled connection, it triggers that validation." <- This is what I did. ...
-
- Chris Buechler wrote:
> Armin: could you get me a copy of your config? Can email to cmb at pfsense dot org with refe... -
- Still not replicable doing same. Doesn't seem to be anything wrong here. Maybe an edge case of some sort I'm not repl...
-
- Looks like left/rightcertpolicy is the only option here. Generally a non-issue because people generate a CA just for ...
-
- As I replied back on your forum thread last month, that's not true. Source IP selection is handled automatically, and...
Also available in: Atom