Activity

30 days up to

User

Subprojects

Activity

From 06/21/2016 to 07/20/2016

07/20/2016

07:59 PM Bug #6633 (Feedback): redirect-gateway duplicated in client specific overrides: fix pushed Chris Buechler
07:58 PM Bug #6633 (Resolved): redirect-gateway duplicated in client specific overrides: as reported here.
https://forum.pfsense.org/index.php?topic=115429.0 Chris Buechler
07:55 PM pfSense Packages Bug #6632 (Confirmed): siproxd hosts_allow_reg should be configurable: if you open siproxd on WAN in firewall rules, you get what you're asking for security-wise. No shortage of potential ... Chris Buechler
05:09 PM pfSense Packages Bug #6632 (Resolved): siproxd hosts_allow_reg should be configurable: siproxd is providing a configuration option "hosts_allow_reg" which
implements a positive access control list for ho... Robert Jordan
02:48 PM Bug #4326: Limiters on firewall rules where NAT applies drop all traffic: this is from the use of dummynet in pf, which doesn't exist in stock FreeBSD. And the implementation apparently leave... Chris Buechler
02:23 PM Bug #4326: Limiters on firewall rules where NAT applies drop all traffic: Chris Buechler wrote:
> There isn't one because the code/feature in question doesn't exist there.
Now I'm confuse... → luckman212
01:55 PM Bug #4326: Limiters on firewall rules where NAT applies drop all traffic: Andrew Maslin wrote:
> Can someone share the FreeBSD bug # so we can track the progress of the root of the issue? L... Chris Buechler
11:29 AM Bug #4326: Limiters on firewall rules where NAT applies drop all traffic: Can someone share the FreeBSD bug # so we can track the progress of the root of the issue? Like Luke, I would like t... Andrew Maslin
06:48 AM Bug #4326: Limiters on firewall rules where NAT applies drop all traffic: Have you guys tried using a queue inside the limiter instead of the limiter itself? It could make a difference since ... Jose Duarte
02:47 PM Bug #6558: Pf-sense 2.3 doesn't detect shutdow event with em driver and Intel Chipset 82574L: No, it's not a bug in our code and doesn't affect any of the hardware we sell or have sold, so not something we'll ad... Chris Buechler
06:15 AM Bug #6558: Pf-sense 2.3 doesn't detect shutdow event with em driver and Intel Chipset 82574L: Atlante Informatica wrote:
> Chris Buechler wrote:
> > subject isn't true in general, 82574L in the FW-7541 correc... Atlante Informatica
01:56 PM Bug #6629: Can't update to "update" update (e.g. 2.3.1_5): which is correct, guessing it's no longer showing as described? As that output would give you 2.3.1_5 as an update av... Chris Buechler
08:13 AM Bug #6629: Can't update to "update" update (e.g. 2.3.1_5): Chris Buechler wrote:
> not replicable. Those two pages use the same function to obtain their data, so no apparent m... Jonathon Reinhart
01:54 PM Bug #6631 (Closed): vesa_configure error on boot: The change that's in reference to was only in 11, what you're seeing there isn't the same thing. Not a bug in our cod... Chris Buechler
01:03 PM Bug #6631 (Closed): vesa_configure error on boot: I have the same issue as this FreeBSD Mailing List thread: http://markmail.org/message/aoq6ub636ainxcxe#query:+page:1... Thijs Cramer
10:44 AM pfSense Packages Todo #6443 (Resolved): Add ntopng package back into pfSense 2.3.x: ntopng will be in the pfSense 2.3.2 release. New tickets should be opened if there are issues with the package upon r... Jared Dillard

07/19/2016

08:51 PM Bug #5993: dhcp6c not started until an RA received: Chris Buechler wrote:
> merged this for 2.4 as it needs more baking time in snapshots than we're going to have for 2... Daryl Morse
08:12 PM Bug #6629: Can't update to "update" update (e.g. 2.3.1_5): I observed the same thing about a week ago. Performing an update from the console resolved the issue. Anonymous
07:27 PM Bug #6629 (Feedback): Can't update to "update" update (e.g. 2.3.1_5): not replicable. Those two pages use the same function to obtain their data, so no apparent means for one to show an u... Chris Buechler
05:31 PM Bug #6629 (Resolved): Can't update to "update" update (e.g. 2.3.1_5): It appears that there is an update available, but when I try to install it, pfSense says it's up-to-date.
I just i... Jonathon Reinhart
06:00 PM Bug #6630 (Assigned): Set Defaults for Graphs - Traffic/WAN + Packets/WAN doesn't work: Jared Dillard
05:39 PM Bug #6630 (Resolved): Set Defaults for Graphs - Traffic/WAN + Packets/WAN doesn't work: Tested on two installations.
2.3.2-DEVELOPMENT (amd64)
built on Mon Jul 18 13:42:01 CDT 2016
FreeBSD 10.3-RELE... Jordan Heinz
03:55 PM Bug #6628 (Resolved): extensions.ini can end up missing required items: In some currently-unknown edge case, extensions.ini can end up missing lines, breaking things.
One example post-2... Chris Buechler
03:51 PM Bug #6578: Filter reload hangs with IPsec hostnames that don't resolve configured: This gets very ugly in circumstances where DNS servers aren't reachable at all. resolve_retry takes extremely long in... Chris Buechler
07:05 AM Bug #4326: Limiters on firewall rules where NAT applies drop all traffic: Now that the target version bumped to 2.4 (FREEBSD-11) can anyone at least say whether the bug has been fixed in Free... → luckman212
04:27 AM Bug #5990: AES-GCM should be an allowed encryption algorithm for IKEv2 in P1: Confirmed that it works with IKEv2 PSK mobile client using:
ike = aes256gcm128-sha512-ecp512bp!
esp = aes256gcm... Lars Pedersen
02:11 AM Bug #6625: firewall forwards all traffic through wan interface, via default gateway, even if alternative route had been installed: Chris Buechler wrote:
> Hi Remko,
> This seems like a duplicate of #1136, is the VPN in this case reachable via a s... Remko Lodder
12:25 AM Bug #6625 (Feedback): firewall forwards all traffic through wan interface, via default gateway, even if alternative route had been installed: Hi Remko,
This seems like a duplicate of #1136, is the VPN in this case reachable via a static route? Chris Buechler
12:50 AM Bug #6437 (Resolved): CBQ queues are not displaying options for bandwidth or borrowing: works, thanks Steve Chris Buechler

07/18/2016

07:44 PM pfSense Packages Bug #6571: NUT service can not start sometimes after boot when SNMP UPS interface is down: The new NUT package allows for a nut supported way to retry the startup of the driver. Denny Page
03:52 PM Bug #5990: AES-GCM should be an allowed encryption algorithm for IKEv2 in P1: Jose Luis Duran wrote:
> Is this going to be backported?
>
> As this was a breaking change from 2.2 to 2.3 (not a... Renato Botelho
03:35 PM Bug #5990 (Resolved): AES-GCM should be an allowed encryption algorithm for IKEv2 in P1: fixed
Nothing to back port it to, 2.3.2 is the next release. Chris Buechler
03:16 PM Bug #5990: AES-GCM should be an allowed encryption algorithm for IKEv2 in P1: Is this going to be backported?
As this was a breaking change from 2.2 to 2.3 (not appearing in the Change log). Jose Luis Duran
02:59 PM Bug #5990: AES-GCM should be an allowed encryption algorithm for IKEv2 in P1: Lars Pedersen wrote:
> Chris Buechler wrote:
> > fix pushed
>
> Looks good. Will verify it when the next snapsho... Renato Botelho
03:46 AM Bug #5990: AES-GCM should be an allowed encryption algorithm for IKEv2 in P1: Chris Buechler wrote:
> fix pushed
Looks good. Will verify it when the next snapshot is being build. Lars Pedersen
11:45 AM Feature #6569: Support Rockwell ZODIAC binary protocol (Jupiter receiver) for high precision: And now I've had gpsmon SIGSEGV on me. It doesn't happen often, but it has happened from time to time.
gpsd itself... Bruce Simpson
09:28 AM Feature #6569: Support Rockwell ZODIAC binary protocol (Jupiter receiver) for high precision: I think there may also be (benign) bugs in the gpsmon monitor for UBX in gpsd.
I just swapped out a car antenna (S... Bruce Simpson
10:20 AM Bug #6437: CBQ queues are not displaying options for bandwidth or borrowing: Applied in changeset commit:2e2ffafc35f73282f0a40132de4949cae2dbf4bf. Anonymous
10:13 AM Bug #6437: CBQ queues are not displaying options for bandwidth or borrowing: Form section containing bandwidth and borrow was not being added to the composed form. Anonymous
10:10 AM Bug #6437 (Feedback): CBQ queues are not displaying options for bandwidth or borrowing: Applied in changeset commit:7bba13e8d53adfe4beb03c8444e60848ae6e25e9. Anonymous
09:15 AM Bug #1629: invalid state table entries after WAN IP change: I posted "over on the forum":https://forum.pfsense.org/index.php?topic=108895.msg639527#msg639527 but I am not sure w... → luckman212
08:22 AM Bug #6627 (New): floating tab match rules ignore quick action so should be removed: i noticed since queue rules in floating tab was removed and just match in list or maybe queue renamed to match, the q... Bipin Chandra
07:51 AM Feature #6626 (Closed): Support for IPv6 firewall entries with dynamic delegated prefix and static host address: When using an ISP with dynamic prefix delegation, the prefix may change at any time, resulting in a change of the IP ... Anonymous
06:44 AM Bug #6625 (Duplicate): firewall forwards all traffic through wan interface, via default gateway, even if alternative route had been installed: We have setup a new pfSense box that will route our VPN traffic between endpoints.
That goes out on our WAN interfac... Remko Lodder
06:02 AM Bug #6487: PfSense crashes during boot at configuring LAGG interfacess: Possibly related:
* https://forum.pfsense.org/index.php?topic=112042.msg623929#msg623929
* https://forum.pfsense.or... Kilian H
12:24 AM Bug #4268 (Closed): changes in strongswan config don't apply to SAD or SPD: when this started, it was a much bigger issue. The worst of it was fixed, but the remaining part with the SAD is stil... Chris Buechler
12:22 AM Bug #6624 (Confirmed): changes in IPsec config should down the connection: The fact that strongswan doesn't take down an established connection after changing the config has lead to a number o... Chris Buechler

07/17/2016

11:19 PM Bug #5990 (Feedback): AES-GCM should be an allowed encryption algorithm for IKEv2 in P1: fix pushed Chris Buechler
09:28 PM Bug #6622 (Resolved): DHCP Server: Dynamic DNS required fields are ambiguous: Thanks, committed clarification to description. Chris Buechler
01:10 PM Bug #6622 (Resolved): DHCP Server: Dynamic DNS required fields are ambiguous: This is a screenshot of the current DHCP Server's advanced Dynamic DNS options, as of 2.3.1-p5:
!http://i.imgur.co... Thomas Ward
09:21 PM Feature #6623 (Resolved): Cloudflare DDNS IPv6 support: merged to master from PR 3061.
https://github.com/pfsense/pfsense/pull/3061
Chris Buechler
09:16 PM Bug #5993 (Feedback): dhcp6c not started until an RA received: merged this for 2.4 as it needs more baking time in snapshots than we're going to have for 2.3.2. Chris Buechler
09:10 PM Bug #6355 (Resolved): DHCP relay listens for dhcp requests on the upstream interface.: works Chris Buechler
09:00 PM Bug #6589 (Resolved): dhcpd.leases missing hostnames in some cases: works Chris Buechler
08:37 PM Bug #6619 (Not a Bug): NAT - Outbound - Edit/Add: Can't enter alias in source/destination network field: the stable version of Opera works fine. They broke something in the development release, report it there. Chris Buechler
10:16 AM Bug #6619: NAT - Outbound - Edit/Add: Can't enter alias in source/destination network field: This happens in Opera 40. In Edge everything works fine. Dmitriy K
09:57 AM Bug #6619: NAT - Outbound - Edit/Add: Can't enter alias in source/destination network field: The same "bug" goes for Firewall rule Add/Edit page: There is no way to use an alias.
Looks like a certain commit... Dmitriy K
09:38 AM Bug #6619 (Not a Bug): NAT - Outbound - Edit/Add: Can't enter alias in source/destination network field: Mayday mayday: There is no way to use network(s) alias in network field on the Outbound NAT Add/Edit page.
Tested... Dmitriy K
08:32 PM Bug #6617 (Resolved): "UNKNOWN" links in package manager: fixed Chris Buechler
01:11 PM Feature #6621: Permit DHCP Server Dynamic DNS server key algorithm type selection and use: Related bug report on the ambiguity of the algorithm currently needed for the DNS secret key: #6622 (https://redmine.... Thomas Ward
01:10 PM Feature #6621 (Resolved): Permit DHCP Server Dynamic DNS server key algorithm type selection and use: Under the DHCP Server page, you are able to do advanced configuration of Dynamic DNS with an internal nameserver (not... Thomas Ward
10:01 AM Feature #6620 (Resolved): CoDel, FQ-CoDel, PIE and FQ-PIE AQMs: Patches for new AQMs CoDel, FQ-CoDel, PIE and FQ-PIE were submitted to CURRENT a few months ago and are now in 10-STA... qubit nano
09:37 AM Bug #6437: CBQ queues are not displaying options for bandwidth or borrowing: well i hit into this today Bipin Chandra

07/16/2016

05:28 PM Feature #6618 (Duplicate): Alert when reboot required for updates: duplicate of #6411 Chris Buechler
04:41 PM Feature #6618 (Duplicate): Alert when reboot required for updates: Hi,
When new updates, the user is not notified if the reboot is required to complete the update.
Why not add a ... Frederic Lietart
11:11 AM Feature #6569: Support Rockwell ZODIAC binary protocol (Jupiter receiver) for high precision: An apparently identical uBlox5 MiniPCIe module (on site at a client's0 stops responding after CFG-PRT to UBX only.
... Bruce Simpson
01:04 AM Bug #6594: Package reinstallation post-config restore hangs if no Internet connectivity: It's still the package reinstall that gets hung up, regardless of whether or not you have packages installed. It sets... Chris Buechler
12:30 AM Bug #6617 (Resolved): "UNKNOWN" links in package manager: From Luke Hamburg on PR 3060:
"I noticed recently that many packages do not have the 'www' field in the database f... Chris Buechler
12:25 AM Bug #6139 (Resolved): vpn_openvpn_server.php - When saving a server, all CSCs should be resynced: fixed Chris Buechler
12:06 AM Bug #6613 (Resolved): Interface mismatch allows applying changes without saving them: works, now doesn't allow applying until after you save, so people can't get confused.
This same bug actually goes... Chris Buechler

07/15/2016

10:56 PM Bug #4639 (Resolved): NAT fails to correctly translate udp port numbers embedded in certain ICMP error packets: Pretty sure this overlaps with PR 201519, which is confirmed fixed.
Daniel: if you're still seeing issues on 2.3.... Chris Buechler
09:50 PM Bug #6450 (Resolved): Deleting yourself in User Manager results in an empty user tag in the config: Thanks Phil, setting the target was overlooked after the merge. Just double checked 2.3.2 and it's good. Chris Buechler
08:33 PM Bug #6450: Deleting yourself in User Manager results in an empty user tag in the config: This was committed to master, RELENG_2_3 and RELENG_2_3_1 around 23 June 2016.
That looks like it is later than the ... Phillip Davis
05:50 PM pfSense Packages Feature #6204: Integrate ntopng with pfSense - assistance required by ntopng developer: Wow, this would be incredible (being able to mark traffic based on ntop filters) - did not even know that was theoret... → luckman212
02:20 PM Bug #6139: vpn_openvpn_server.php - When saving a server, all CSCs should be resynced: Applied in changeset commit:1f954318266fc0da7ee41bb532da969ec9da8b95. Jim Pingle
01:15 PM Bug #6589 (Feedback): dhcpd.leases missing hostnames in some cases: this is a bug with the dhcp-cache-threshold feature.
https://lists.isc.org/pipermail/dhcp-users/2016-July/020183.ht... Chris Buechler
11:18 AM Bug #6495: No default route on PPPoE after reconnect or IP change in some cases: Hi Chris,
> I brought back the behavior of 2.2.6 and earlier here, as the root cause isn't readily apparent. The rou... Mario Lener
12:15 AM Bug #6495: No default route on PPPoE after reconnect or IP change in some cases: I brought back the behavior of 2.2.6 and earlier here, as the root cause isn't readily apparent. The router file ends... Chris Buechler
05:04 AM pfSense Packages Bug #6616 (Duplicate): Client Export list empty when using intermediate CA: Certificate setup:
A Root CA which has signed a VPN CA certificate.
This VPN CA signed the VPN server certificate... Johan Braeken
04:29 AM pfSense Packages Bug #6571: NUT service can not start sometimes after boot when SNMP UPS interface is down: I think the reason why this feature is not implemented by NUT team is because it should be implemented on the OS side... Vladimir Suhhanov
03:50 AM Feature #6615 (New): new DHCP server option: Some hardware can't receive a dhcp lease until they has been configured with a valid IP address.
In that circumstanc... Fabien Duay

07/14/2016

11:54 PM Bug #6613: Interface mismatch allows applying changes without saving them: "The way it worked in 2.2.X was when you hit apply changes it saved and rebooted the pfsense at the same time."
Hm... Phillip Davis
10:30 PM Bug #6613: Interface mismatch allows applying changes without saving them: Applied in changeset commit:1602106bf511e91c8d8f371ff8d5a92cfa70879a. Phillip Davis
10:25 PM Bug #6613 (Feedback): Interface mismatch allows applying changes without saving them: merged, thanks Phil. Chris Buechler
09:17 PM Bug #6613: Interface mismatch allows applying changes without saving them: Phillip Davis wrote:
> The Apply Changes button is being shown too early in the workflow.
> PR https://github.com/p... Adam Piasecki
06:17 PM Bug #6613: Interface mismatch allows applying changes without saving them: The Apply Changes button is being shown too early in the workflow.
PR https://github.com/pfsense/pfsense/pull/3058 s... Phillip Davis
10:19 AM Bug #6613 (Resolved): Interface mismatch allows applying changes without saving them: When selecting Apply Changes after fixing a interface mismatch. The button does not save the changes, and asks again ... Adam Piasecki
11:27 PM pfSense Packages Bug #6571: NUT service can not start sometimes after boot when SNMP UPS interface is down: I've taken a look at this, and this behavior appears to be an intentional choice on the part of the NUT team. I agree... Denny Page
10:42 PM Feature #3254 (Closed): Add DNS controls for radvd on tracking interfaces: this was addressed in 2.3 Chris Buechler
10:38 PM Feature #3366 (Duplicate): Diagnostics: DNS Lookup does not return AAAA records: this was implemented in 2.3.2 on a diff ticket Chris Buechler
10:38 PM pfSense Packages Feature #3685 (Resolved): haproxy listener ip from alias: Chris Buechler
10:30 PM Todo #1934 (Resolved): Add input validation for interface addresses in GUI and console: this was done quite some time ago Chris Buechler
07:41 PM Bug #6481: loading EAP_RADIUS method failed: happened to encounter this with a support customer today. It appears a reload of strongswan doesn't correctly enable ... Chris Buechler
03:17 PM Bug #6494 (Resolved): Hang during bootup on lock('filter.lock'): thanks for the feedback Chris Buechler
11:57 AM Bug #6494: Hang during bootup on lock('filter.lock'): I've never tried a 'snapshot' before this.
So... here goes.... While I'm waiting for 2.3.2.a.20160714.0044:
T... Harry Coin
03:04 PM Bug #6614 (Confirmed): Dashboard high CPU usage: the number of things that dynamically update is significantly higher than it was in 2.2.x and prior. Still, something... Chris Buechler
01:16 PM Bug #6614: Dashboard high CPU usage: I visit the package manager listing, loads hover around 1, processor 98% idle. Back to the dashboard: wait 20 sec fo... Harry Coin
12:32 PM Bug #6614 (Confirmed): Dashboard high CPU usage: In a very low traffic sandbox environment, the new 2.3.2 snapshot of today hums along with a load average of 0.48 or ... Harry Coin
02:11 PM pfSense Packages Todo #6443: Add ntopng package back into pfSense 2.3.x: Rich Murphey wrote:
> I've installed snapshot 2.3.2.a.20160606.1543, and ntopng via the web UI package manager.
>
... Jim Pingle
10:03 AM Bug #6610: Restore Config Interface Mismatch asks again on boot.: Once i fix the interface mismatch, and hit *apply changes* it reboots, and asks again at boot. Apply changes is not s... Adam Piasecki
03:48 AM Bug #6607: OpenVPN server won't start after reboot, when set to a Gateway Group specifing CARP VIPs: See: VPA-15570 Steve Wheeler
03:14 AM Feature #6569: Support Rockwell ZODIAC binary protocol (Jupiter receiver) for high precision: Using gpsctl to initialize the GPS is rather slow, due to the repeated auto-detection (even when the device type is f... Bruce Simpson
03:09 AM Feature #6569: Support Rockwell ZODIAC binary protocol (Jupiter receiver) for high precision: uBlox5 1PPS modifications. From memory, I believe green is TX data (at 3.3V level), grey is 1PPS (also 3.3V; configur... Bruce Simpson
02:21 AM Feature #6569: Support Rockwell ZODIAC binary protocol (Jupiter receiver) for high precision: Woops. Forgot to update the comment about 1PPS. We need it to supply only UTC seconds, and that's what the blob does.... Bruce Simpson
02:10 AM Feature #6569: Support Rockwell ZODIAC binary protocol (Jupiter receiver) for high precision: This !ublox5-boot.sh! is a bit ugly to embed in Shellcmd, but good enough to copy to /root and invoke from there. Bruce Simpson
01:19 AM Feature #6569: Support Rockwell ZODIAC binary protocol (Jupiter receiver) for high precision: I now have a fix. I traced this back to an error in the NAVX5 message.
There is a 2-byte version (0000) in front wh... Bruce Simpson
12:20 AM Bug #4544: PD not requested if no interfaces set to track6: The code here is at fault.
https://github.com/pfsense/pfsense/blob/master/src/etc/inc/interfaces.inc#L3927
It sh... Chris Buechler
12:09 AM Bug #6609 (Feedback): OpenVPN Radius auth doesn't send NAS attributes and is not consistent with how strongSwan does it: Thanks, merged to master for 2.4. Chris Buechler

07/13/2016

11:43 PM Bug #6223: IPsec + OpenBGPD fails with "PF_KEY socket: No buffer space available": bumping net.inet.raw.maxdgram, net.inet.raw.recvspace, net.raw.recvspace and net.raw.sendspace even further seems to ... Chris Buechler
11:39 PM Feature #6569: Support Rockwell ZODIAC binary protocol (Jupiter receiver) for high precision: Success pushing uBlox5 into binary mode; but don't let gpsd write to
the GPS (-b switch) just in case. I got NMEA a... Bruce Simpson
10:17 PM Feature #6569: Support Rockwell ZODIAC binary protocol (Jupiter receiver) for high precision: I hate little endian. Endian little hate I. This is the endian-fixed CFG-PRT packet. I get only UBX now, but I don't ... Bruce Simpson
10:04 PM Feature #6569: Support Rockwell ZODIAC binary protocol (Jupiter receiver) for high precision: According to Pg. 10 of [[http://www.pcengines.ch/schema/alix6b.pdf]], there is no way to power-cycle the MiniPCIe USB... Bruce Simpson
09:37 PM Feature #6569: Support Rockwell ZODIAC binary protocol (Jupiter receiver) for high precision: Indeed, UBX messages are little-endian by definition. I'll have to revisit this -- being dragged into other things at... Bruce Simpson
09:07 PM Feature #6569: Support Rockwell ZODIAC binary protocol (Jupiter receiver) for high precision: OK. I'm having trouble with the uBlox5. Specifically, it is difficult to force the unit into a binary-only mode; it d... Bruce Simpson
11:40 AM Feature #6569: Support Rockwell ZODIAC binary protocol (Jupiter receiver) for high precision: Picture of modified u-Blox5 unit -- pictures of modification (on lower side PCB) to follow !P1010540.jpeg! Bruce Simpson
09:29 AM Feature #6569: Support Rockwell ZODIAC binary protocol (Jupiter receiver) for high precision: I am pivoting back to working on u-Blox 5 with GPSD, now that the SUT for Rockwell Jupiter is being soak-tested with ... Bruce Simpson
11:23 PM Bug #6548 (Resolved): Enclosed delimiters not protected in DHCP client advanced options: works Chris Buechler
02:57 PM Bug #6548 (Feedback): Enclosed delimiters not protected in DHCP client advanced options: PR #3020 merged, thanks! Renato Botelho
02:05 PM Bug #6548: Enclosed delimiters not protected in DHCP client advanced options: I'll handle this Renato Botelho
10:09 PM Bug #6494: Hang during bootup on lock('filter.lock'): That seems to work.
Harry: could you please try the latest 2.3.2 snapshot ASAP (we're looking to build release on... Chris Buechler
03:30 PM Bug #6494 (Feedback): Hang during bootup on lock('filter.lock'): Yes, this looks correct. In addition to this fix I would like to open the files with FD_CLOEXEC set, but I could not ... Luiz Souza
07:43 PM pfSense Packages Bug #6612: squid Multi segmented downloading is broken: likely an issue in squid itself that should be reported there. They don't seem fond of download managers Chris Buechler
07:22 PM pfSense Packages Bug #6612 (Closed): squid Multi segmented downloading is broken: it looks like that squid Multi segmented downloading is broken again in squid.
TCP_MISS_ABORTED/206
It was fixe... ageekhere ageekhere
07:43 PM Bug #6607 (Not a Bug): OpenVPN server won't start after reboot, when set to a Gateway Group specifing CARP VIPs: subject isn't true. That was all fully verified in 2.3.1, and just checked again to verify on 2.3.1_5 and 2.3.2, and ... Chris Buechler
02:17 AM Bug #6607: OpenVPN server won't start after reboot, when set to a Gateway Group specifing CARP VIPs: Affected version is 2.3.1-RELEASE-p1. I am using SG-4860 hardware. r00 00m
02:14 AM Bug #6607 (Not a Bug): OpenVPN server won't start after reboot, when set to a Gateway Group specifing CARP VIPs: No problem for OpenVPN clients.
When OpenVPN server is set to a simple CARP VIP, it will start after reboot.
Wh... r00 00m
07:02 PM Bug #6611: Kernel panic when running PPPoE Server on tun/tap interface: Setting it to ovpn interface was just an attempt to see the result. Frank Schmied
06:57 PM Bug #6611 (Confirmed): Kernel panic when running PPPoE Server on tun/tap interface: also makes no sense to run on OpenVPN. That should be prohibited. other ticket is #4510 Chris Buechler
06:45 PM Bug #6611: Kernel panic when running PPPoE Server on tun/tap interface: I've seen the other ticket. The first attempt was on wan interface, which has a fixed ip (no PPPoE client). The secon... Frank Schmied
06:10 PM Bug #6611 (Feedback): Kernel panic when running PPPoE Server on tun/tap interface: what's the parent interface of the PPPoE? only way I know of doing something like this is making a PPPoE server inter... Chris Buechler
06:01 PM Bug #6611 (Closed): Kernel panic when running PPPoE Server on tun/tap interface: 2.3.1-RELEASE-p5, running in 64 bit kvm vm.
After updating PPPoE settings and confirmation by clicking the green s... Frank Schmied
06:22 PM Bug #6050 (Resolved): services_dhcp.php: "Network booting" section default style is confusing/easy to overlook: Looks good, thanks Phil Chris Buechler
05:02 PM Bug #6050 (Feedback): services_dhcp.php: "Network booting" section default style is confusing/easy to overlook: Merged, thanks Phil! Renato Botelho
04:32 PM Bug #6609: OpenVPN Radius auth doesn't send NAS attributes and is not consistent with how strongSwan does it: I fixed the lines that reverted the recent changes. My bad for committing things that really aren't part of the patch... Kacper Boström
04:08 PM Bug #6609: OpenVPN Radius auth doesn't send NAS attributes and is not consistent with how strongSwan does it: Thanks Kacper. Looks reasonable, outside the one line I left a comment on where a recent change was reverted, but som... Chris Buechler
03:57 PM Bug #6609: OpenVPN Radius auth doesn't send NAS attributes and is not consistent with how strongSwan does it: I've submitted a github pull request (#3057) fixing this issue. Kacper Boström
03:53 PM Bug #6609 (Confirmed): OpenVPN Radius auth doesn't send NAS attributes and is not consistent with how strongSwan does it: Chris Buechler
11:31 AM Bug #6609 (Resolved): OpenVPN Radius auth doesn't send NAS attributes and is not consistent with how strongSwan does it: OpenVPN Radius auth doesn't send NAS Port-Type (which should be "Virtual") and NAS Port (which preferably should be t... Kacper Boström
04:09 PM Bug #4804 (Closed): PPPoE Restart won't update IPv6 routing table with gif: Chris Buechler
11:06 AM Bug #4804: PPPoE Restart won't update IPv6 routing table with gif: Chris,
no, I''m afraid as I don't use pfSense anymore! Armin Tueting
03:51 PM Bug #6610 (Not a Bug): Restore Config Interface Mismatch asks again on boot.: only if you didn't correct the interface mismatch and save that change. That only comes up when there are assigned in... Chris Buechler
12:04 PM Bug #6610 (Not a Bug): Restore Config Interface Mismatch asks again on boot.: When restoring a config with a interface mismatch, it prompts to fix the mismatch, after this it reboots the system. ... Adam Piasecki
03:21 PM Bug #6315 (Resolved): tftp-proxy is not functioning properly through xinetd: works Renato Botelho
02:59 PM Bug #6315 (Feedback): tftp-proxy is not functioning properly through xinetd: Luiz pushed a fix fot xinetd - https://github.com/pfsense/FreeBSD-ports/commit/eeb3abaa71905ccaec35b0bee7bc4dcc40cfc306 Renato Botelho
12:00 PM Bug #6594: Package reinstallation post-config restore hangs if no Internet connectivity: This happens even without packages installed. I restored a config without any package information in it. Even selecte... Adam Piasecki
11:41 AM Bug #6074 (Resolved): Odd wrap behavior on sortable tables: works Renato Botelho
10:02 AM Bug #4031: Notifications mail bomb in some gateway failure circumstances: I too have seen this I shut off emails cause it makes gui inaccessible when it starts bombing no coding skills here b... Michael Kellogg
09:47 AM Bug #4031: Notifications mail bomb in some gateway failure circumstances: Luke Hamburg wrote:
> I noticed the target version was bumped to 2.4.0 and the assignee is still cmb — this one bit ... Jim Thompson
07:58 AM Bug #4031: Notifications mail bomb in some gateway failure circumstances: I noticed the target version was bumped to 2.4.0 and the assignee is still cmb — this one bit me again this morning s... → luckman212
05:52 AM Feature #6608 (New): backup and restore dhcp: good morning people,
I'm with a problem in dhcp backup restoration, I will explain the case.
My client has 3 ... caio dias de souza
01:49 AM pfSense Packages Todo #6443: Add ntopng package back into pfSense 2.3.x: I'm still having the issue with ntopng not restarting after a reboot, with the following errors in the log.
Jul 13... Andrew -
01:40 AM pfSense Packages Feature #6204: Integrate ntopng with pfSense - assistance required by ntopng developer: Hi
I think this ticket is different to #6443.
#6443 is simply about getting ntopng back into pfSense 2.3, follo... Andrew -

07/07/2016

08:58 PM Bug #6588 (Closed): PHP suhosin max value length prevents Quagga OSPF from storing a very large zebra.conf: pfsense 2.3.1-RELEASE-p5 (amd64)
Quagga_OSPF net 0.6.14
I tried to add some static routes in Services>Quagga OSP... Fisher Wei
08:39 PM Bug #6585: status_logs_filter.php ipv6 support (reverse lookup): The IPv6 addresses there are displayed using the [1:2::3]:80 format with [IPv6-address]:port which is good for displa... Phillip Davis
01:31 PM Bug #6585 (Resolved): status_logs_filter.php ipv6 support (reverse lookup): status_logs_filter.php reverse lookup lacks IPv6 support,
"i" click to resolve doesn't returs any info for IPv6 addr... Luca Moncelli
05:54 PM Bug #6543 (Confirmed): Some leases do not show up in DHCPv6 Lease status: Forwarded it to you, Renato. Chris Buechler
08:37 AM Bug #6543: Some leases do not show up in DHCPv6 Lease status: Axel Taferner wrote:
> I sent the email last week, I hope you received it.
Hello Axel,
Can you also send it to... Renato Botelho
04:17 PM Bug #6584 (Not a Bug): FirewallTraffic ShaperLimiters on in/out rule mixed up: That's correct. Upload is in on LAN, download is out on LAN. Chris Buechler
06:31 AM Bug #6584 (Not a Bug): FirewallTraffic ShaperLimiters on in/out rule mixed up: When apply traffic rule on the lan interface default any rule. the in and out is mixed up.
in= upstream (upload)
... danny van aalstede
03:22 PM Todo #6587 (Resolved): interfaces_gif_edit.php: Link flag changes need to catch up with FreeBSD: link0 is no longer supported on gif, it used to be multi-destination behavior, we had it labeled as "route caching" -... Jim Pingle
03:16 PM Todo #6586 (Resolved): interfaces_gre_edit.php: Checkbox options that set link0, link1, and link2 appear to be no-ops on FreeBSD now: gre(4) in FreeBSD 10.3 (and 10.2) no longer appears to support the link0/link1/link2 tweaks it used to have for route... Jim Pingle
01:07 PM Bug #6334 (Resolved): No data periods in monitoring are represented as 0 (zero). Skewing averages.: Renato Botelho
12:44 PM Feature #6561 (Resolved): diag_dns.php IPv6 support: Renato Botelho
12:42 PM Feature #6561: diag_dns.php IPv6 support: now works on 2.3.2.a.20160707.1019 : ipv4/ipv6 name lookup and reverse. Luca Moncelli
12:43 PM Bug #3069 (Feedback): traceroute6 fails to timeout and hangs the webconfigurator GUI: Imported traceroute6 patch to FreeBSD-src repo. It'll be available on next round of snapshots Renato Botelho
09:32 AM Bug #3069: traceroute6 fails to timeout and hangs the webconfigurator GUI: I'll make some tests and import the patch to our tree Renato Botelho
12:32 PM Feature #5498: RRD needs a makeover: Period data is now available in 2.3.2 snapshots in the new Traffic Totals package, based on the vnstat database.
h... Jared Dillard
12:30 PM Feature #6172 (Feedback): Restore the traffic totals previously displayed in RRD graphs data summary.: There is now a Traffic Totals package in 2.3.2 snapshots that shows traffic totals for hours/days/months, using the v... Jared Dillard
12:18 PM Feature #6569: Support Rockwell ZODIAC binary protocol (Jupiter receiver) for high precision: Bug in present patch: '$PRWIINIT,A,,,,,,,,,,,,,\r\n' is an absolute reset, losing the date. This may have caused inte... Bruce Simpson
11:39 AM Bug #5990: AES-GCM should be an allowed encryption algorithm for IKEv2 in P1: Can I suggest that in the meantime, there shouldn't be a default selection made for encryption algorithm? And further... Michael Newton
10:28 AM Bug #6395 (Resolved): Comments are not removed from URL Table (Ports) links: Renato Botelho
10:05 AM Bug #6395: Comments are not removed from URL Table (Ports) links: FYI - I need this update to be rolled up into 2.3.2 as I cannot upgrade to 2.3.1_5 directly without breaking firewall... Alex Vergilis
10:03 AM Bug #6395: Comments are not removed from URL Table (Ports) links: 2.3.1_5 appears to have fixed it. Thank you. Alex Vergilis
09:18 AM Bug #6395: Comments are not removed from URL Table (Ports) links: Alex Vergilis wrote:
> Phillip/Chris/Renato,
>
> I've noticed that I had to save the URL several times before the... Renato Botelho
10:00 AM Bug #6291 (Feedback): Serial console data fields not displayed on nanobsd VGA: Applied in changeset commit:2a8849119c7c48976161faeaedc477c347e9b724. Renato Botelho
09:55 AM Bug #6291: Serial console data fields not displayed on nanobsd VGA: It was replaced by $g['enableserial_force']. I've pushed a fix for System Advanced page Renato Botelho
09:20 AM Feature #6045: Updates that do not require a reboot should run reroot: All updates are requiring reboot nowadays while we didn't test reroot accordingly. IMO it's a big change for 2.3 seri... Renato Botelho
08:59 AM Bug #6582: Import on Firewall/Aliases Only Works for IPs: Yes, agree. It is new functionality that does not need to risk breaking something in 2.3.1_* Phillip Davis
08:55 AM Bug #6582: Import on Firewall/Aliases Only Works for IPs: Such a big change for 2.3.1, pushing it to 2.3.2 Renato Botelho
02:01 AM Bug #6582: Import on Firewall/Aliases Only Works for IPs: Suggested combination fix and enhancement pull request https://github.com/pfsense/pfsense/pull/3046 Phillip Davis
08:57 AM Bug #6583 (Not a Bug): Unbound Query Logging: Definitely works, no bug here.
Depending on your other selected options you may need to have a line before it for ... Jim Pingle
08:51 AM Bug #6583 (Feedback): Unbound Query Logging: I've added it to custom options without any problem. Make sure any extra char was not added by accident, check if unb... Renato Botelho
02:22 AM Bug #6583 (Not a Bug): Unbound Query Logging: It is not possible to configure query logging in the DNS Resolver UI page; adding "log-queries: yes" to the custom op... Chris Kuethe
08:34 AM pfSense Packages Bug #5713 (Rejected): SSHDCond package broken - Incorrect path in /etc/sshd file: sshdcond package was deprecated in pfSense 2.3 Renato Botelho
01:12 AM pfSense Packages Bug #6246 (Resolved): pfBlockerNG - filter rule error if all entries in a block list de-dupe out: thanks BBcan Chris Buechler

07/06/2016

11:19 PM pfSense Packages Bug #6246: pfBlockerNG - filter rule error if all entries in a block list de-dupe out: Can be closed BBcan177 .
09:41 PM Bug #6582 (Resolved): Import on Firewall/Aliases Only Works for IPs: In the firewall alias section, the import button only enters values into IP aliases despite the import button being p... Daniel Subert
08:07 PM pfSense Packages Todo #6443 (Assigned): Add ntopng package back into pfSense 2.3.x: Jim Thompson
04:36 PM Feature #6561: diag_dns.php IPv6 support: fix pushed for the PTR lookups Chris Buechler
03:57 PM Bug #6581: Router Advertisement forces (possibly empty) interface subnet contrary to GUI text, can crash radavd on boot.: Might have got the version wrong there, this occurs on the latest release.
The patch I put in was:... Harry Coin
03:53 PM Bug #6581 (Resolved): Router Advertisement forces (possibly empty) interface subnet contrary to GUI text, can crash radavd on boot.: On the "Router Advertisements" page in the GUI we have:
RA Subnets: ... If no subnets are specified here, the Route... Harry Coin
10:00 AM Bug #6577: pkg_edit.php: rowhelper data not preserved on validation error: Applied in changeset commit:a654d899cd5d288501fea1ec52dba2e3f0e479ba. Anonymous
09:57 AM Bug #6577 (Feedback): pkg_edit.php: rowhelper data not preserved on validation error: Read values from POST data on validation error
Re-factor some duplicated code
Anonymous
09:26 AM Bug #6543: Some leases do not show up in DHCPv6 Lease status: I sent the email last week, I hope you received it. Axel Taferner
08:59 AM Bug #5993: dhcp6c not started until an RA received: I finally managed to get back to this after several weeks having to work for a living. The first thing I did was to u... Martin Wasley
05:50 AM Bug #6557 (Feedback): nanobsd upgrades may fail from lacking resolv.conf: Applied in changeset commit:5fac13aafdc335864082fd2e3f5a843d33859fe4. Renato Botelho
12:51 AM pfSense Packages Bug #6084: Snort custom rule page does not update on apply: Thanks Bill Chris Buechler
12:51 AM pfSense Packages Bug #6084 (Resolved): Snort custom rule page does not update on apply: Chris Buechler
12:50 AM Feature #4881: Allow NPt to use dynamic IPv6 networks: NPT ought to allow specifying "LAN subnet", "OPT1 subnet", etc. like firewall rules and other NAT pages for source an... Chris Buechler
12:47 AM Bug #2913 (Resolved): OpenVPN servers and clients not reevaluated when gateway groups settings are saved and applied: Even further back, this was fixed by Phil via PR in 2013 and works. ... Chris Buechler
12:43 AM Bug #6181 (Feedback): Updating url alias tables fails when remote server returns empty document.: fix pushed to prevent ruleset errors in that case. It just leaves an empty file there and still includes it in the ru... Chris Buechler

07/05/2016

06:10 PM Bug #6579: IPv6 CARP VIPs lost upon config sync where they include non-significant zeros: Phillip Davis wrote:
> Firstly the back-end implementation code should Net_IPv6:compress all IPv6 addresses in order... Chris Buechler
05:48 PM Bug #6579: IPv6 CARP VIPs lost upon config sync where they include non-significant zeros: Firstly the back-end implementation code should Net_IPv6:compress all IPv6 addresses in order to make sure the addres... Phillip Davis
05:19 PM Bug #6579 (Resolved): IPv6 CARP VIPs lost upon config sync where they include non-significant zeros: If you have IPv6 CARP VIPs specified with non-significant zeros, such as fdaa:1234:0012::1, the secondary will see th... Chris Buechler
05:40 PM Bug #6580 (Confirmed): Bridge with down member interface sends ICMP unreachables where it shouldn't: Take the scenario of:
LAN: bridge0
OPT1: igb1
OPT2: igb2
where bridge0 has igb1 and igb2 members. The LAN IP ... Chris Buechler
04:03 PM Bug #6578 (Closed): Filter reload hangs with IPsec hostnames that don't resolve configured: If you have IPsec P1s configured with a FQDN as the remote endpoint, and those don't resolve, the filter reload proce... Chris Buechler
03:49 PM Bug #5737: Traffic Graph Table and Graph Inverted Values: I was just getting ready to report this as a bug myself.
I guess my question is: how is this not considered a bug... johnny inc
02:55 PM Bug #6260 (Resolved): Namecheap Dynamic DNS does not accept * for hostname even though it is valid: Thanks Luke.
The delay there is from dyndns's checkip service being very slow to respond, there is another ticket... Chris Buechler
02:53 PM Bug #6399 (Resolved): Alias type not available from config during alias url table creation: works.
Thanks NOYB Chris Buechler
01:05 PM Feature #6569: Support Rockwell ZODIAC binary protocol (Jupiter receiver) for high precision: This area could use some more work anyhow. I have to fight to get my USB GPS to be recognized at all. It appears we n... Jim Pingle
01:01 PM Feature #6573: /var/run/dmesg.boot: It was relocated because /var/run is a tiny memory disk used for some very volatile files to save disk writes, and th... Jim Pingle
12:59 PM Feature #6546: pfSense should support logging to e.g. ELK stacks: The Python prototype we have internally is now plug-and-play as filebeat and topbeat are. It uses the bulk posting AP... Bruce Simpson
09:03 AM Feature #6546: pfSense should support logging to e.g. ELK stacks: We have Python pushing log records to ELK as a rough prototype. The code is dog simple, and should be relatively easy... Bruce Simpson
11:20 AM Bug #6577 (Resolved): pkg_edit.php: rowhelper data not preserved on validation error: e.g.: Install pfBlockerNG and visit pkg_edit.php?xml=/pfblockerng/pfblockerng_v4lists.xml&id=2
Add an IPV4 list sour... Anonymous

07/04/2016

11:23 AM Feature #6546: pfSense should support logging to e.g. ELK stacks: We have a candidate library. [[https://github.com/QHedgeTech/cpp-elasticsearch]] requires only libcurl, already in ba... Bruce Simpson
11:01 AM Feature #6546: pfSense should support logging to e.g. ELK stacks: Not as such, but we've raised CCLAs with ESF so we can get onto it.
Also, the relatively large binary footprint of... Bruce Simpson
09:54 AM Bug #6566: Cloudflare DnyDNS Update with subdomains: Looking at this again - I don't think this would work for a subdomain such as ip.test.example.com.
It might be pos... Euan Kerr
02:18 AM Bug #6572: Config sync hangs php-fpm on secondary: Hi Chris,
Also forgot to mention that both PFSense boxes are installed in a VMware environment. We followed the fo... Brian Stivala
01:54 AM Bug #6572: Config sync hangs php-fpm on secondary: Hi Chris,
We would like to thank you for your reply, please find my replies in line. Do not hesitate to contact us... Brian Stivala
12:10 AM Bug #6572 (Feedback): Config sync hangs php-fpm on secondary: The issue is php-fpm on the secondary is getting hung up on something. Going to need more info.
Does it happen on... Chris Buechler
01:18 AM Feature #6533: Allow configuration of Min and MaxRtrAdvInterval, AdvDefaultLifetime: Hi!
Can we also set the:
Router lifetime (now 60 seconds, this is way too low)
Route lifetime, also 60 seconds a... Greg M

07/03/2016

08:34 PM Bug #6575 (Closed): GEOM Mirror Status Change Re-sync notices: Every 1% re-sync creates a notice (and an email alert if configured as such).
Suggest re-sync start, re-sync error... Walt McDonald
02:06 PM Feature #6574: Support USB RNDIS network interfaces: Here is the USB config descriptor as seen by Linux. Bruce Simpson
02:05 PM Feature #6574 (New): Support USB RNDIS network interfaces: TL;DR -- the FreeBSD urndis(4) driver needs some serious attention.
People cannot buy discrete ADSL2+ modem cards ... Bruce Simpson
11:33 AM Feature #6569: Support Rockwell ZODIAC binary protocol (Jupiter receiver) for high precision: Yup. I have the u-Blox 5 also in an ALIX 6D2 (older rev) and have the necessary leads soldered for 1PPS and UART. But... Bruce Simpson
11:22 AM Bug #6223: IPsec + OpenBGPD fails with "PF_KEY socket: No buffer space available": Chris Buechler wrote:
> Michael OBrien wrote:
> >
> > Still having this issue (running OpenBGPd + IPSec - transpo... Michael OBrien
09:41 AM Feature #6573 (Resolved): /var/run/dmesg.boot: Is it possible to have a @ln -s /var/log/dmesg.boot /var/run/dmesg.boot@? The @vm-bhyve@ package expects the file at ... Jose Luis Duran

07/02/2016

11:25 PM Feature #6569: Support Rockwell ZODIAC binary protocol (Jupiter receiver) for high precision: Assigned to Pingle.
Note as well that we have a (I believe) U-blox GPS receiver that interfaces to the Minnowboard... Jim Thompson
08:29 PM Feature #6569: Support Rockwell ZODIAC binary protocol (Jupiter receiver) for high precision: I notice that there is no way to set the termios bits directly w/o hacking code. It's a possibility I may have to do ... Bruce Simpson
08:18 PM Feature #6569: Support Rockwell ZODIAC binary protocol (Jupiter receiver) for high precision: Swapped out PSU rail on my GPSDO for a discrete external PSU. I think it's still losing characters, however pfSense's... Bruce Simpson
07:57 PM Feature #6569: Support Rockwell ZODIAC binary protocol (Jupiter receiver) for high precision: See NTPD refclock 31 page: [[https://www.eecis.udel.edu/~mills/ntp/html/drivers/driver31.html]] Bruce Simpson
07:50 PM Feature #6569: Support Rockwell ZODIAC binary protocol (Jupiter receiver) for high precision: (This isn't working for me right now -- could be power or cabling issues)
This is just a quick and dirty patch to ... Bruce Simpson
07:32 PM Bug #6568: NanoBSD image unconditionally enables comconsole.: NanoBSD won't be around for much longer, you're better off with a full install anyhow in the long run. If you activat... Jim Pingle
07:09 PM Bug #6568: NanoBSD image unconditionally enables comconsole.: This isn't nearly as much of a problem for me right now -- the offending system has been upgraded to use mSATA, throu... Bruce Simpson
01:46 PM Bug #6572 (Duplicate): Config sync hangs php-fpm on secondary: Hi All,
We have 2x PFSense boxes with version 2.3.1-p5 configured with CARP protocol. We have noticed and this is ... Brian Stivala
12:11 PM pfSense Packages Bug #6571 (Resolved): NUT service can not start sometimes after boot when SNMP UPS interface is down: If NUT is started with SNMP UPS configured and UPS network or card is currently down, an error message appears
"ER... Vladimir Suhhanov
09:39 AM Bug #6260: Namecheap Dynamic DNS does not accept * for hostname even though it is valid: Tested with pfSense-CE-2.3.2-DEVELOPMENT-amd64-20160702-0342 + Namecheap DDNS using `*` wildcard. Works! Testing was... → luckman212
04:50 AM Bug #6399: Alias type not available from config during alias url table creation: It's fixed. NOYB NOYB
04:09 AM Bug #6399 (Feedback): Alias type not available from config during alias url table creation: PR was merged Chris Buechler
04:14 AM Bug #4544 (Confirmed): PD not requested if no interfaces set to track6: updated subject is the issue. That case shouldn't cause it to skip requesting PD, for cases where the PD is actually ... Chris Buechler
02:00 AM Bug #4639 (Feedback): NAT fails to correctly translate udp port numbers embedded in certain ICMP error packets: I believe this is the issue in FreeBSD PR 201519.
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201519
Luiz ... Chris Buechler
12:36 AM Bug #6505 (Resolved): dpinger - socket name too large: works Chris Buechler

07/01/2016

04:35 PM Bug #6570 (Confirmed): Unbound breaks DNSSEC for pfSense's own hostname: It probably shouldn't write out anything to /etc/hosts or host_entries.conf for the host's own hostname if DHCP Regis... Chris Buechler
05:14 AM Bug #6570 (Closed): Unbound breaks DNSSEC for pfSense's own hostname: During config update, pfSense writes its own FQDN in /etc/hosts, such as:... Mantas Mikulėnas
02:07 PM Bug #3369 (Not a Bug): Captive vouchers expire too quickly: appears to be a date/time issue within the VM in this case Chris Buechler
12:25 PM Feature #6561: diag_dns.php IPv6 support: seems that now ipv4/ipv6 reverse lookup is broken Luca Moncelli
10:56 AM Feature #6546: pfSense should support logging to e.g. ELK stacks: Have you made any progress on this? I am trying to get filebeat set up on pfsense right now and ran into CLOG. :-( Nathan Stocks
10:48 AM Feature #6155: shipment of logs using e.g. filebeat: Martin Hansen wrote:
> Hi, first ever bug report, bare with me.
>
> Running filebeat on a pfsense to ship logs to... Nathan Stocks
08:40 AM Feature #6569: Support Rockwell ZODIAC binary protocol (Jupiter receiver) for high precision: This is mentioned at [[http://support.ntp.org/bin/view/Support/ConfiguringJupiterRefclocks]] Bruce Simpson
03:54 AM Bug #6534: DNS resolver doesn't returns AAAA records: Resolved: now (tested on 2.3.2.a.20160630.1832) "Diagnostics / DNS Lookup" returns AAAA records.
Note: still on f... Luca Moncelli
12:26 AM pfSense Packages Feature #6141: Convert apcupsd package to 2.3: I'm working on catching up on PRs, this one coming soon. Chris Buechler

06/30/2016

11:49 PM pfSense Packages Feature #6141: Convert apcupsd package to 2.3: Apparently someone has updated the package and it's been waiting on approval here for over a month: https://github.co... Charles Sprickman
09:14 PM pfSense Packages Bug #5511 (Feedback): quagga zebra.conf and openvpn interface: fix pushed Chris Buechler
09:02 PM Bug #6317 (Resolved): vlan/track interface generates error "Can't assign requested address" during boot: works Chris Buechler
08:57 PM Bug #6552 (Resolved): Invalid IPv6 address formats possible: looks good, validation is correct in those cases now, no apparent regressions. Thanks Phil! Chris Buechler
12:02 AM Bug #6552 (Feedback): Invalid IPv6 address formats possible: PR merged Chris Buechler
08:15 PM Bug #6530 (Resolved): Kill states doesn't work for 'in' direction: works Chris Buechler
08:15 PM Bug #6531 (Resolved): Kill states doesn't work for states with translated destination: works Chris Buechler
07:25 PM Feature #6560 (Resolved): Add php shell sessions to enable and disable Persistent CARP Maintenance Mode: works Chris Buechler
06:21 PM Feature #6569 (New): Support Rockwell ZODIAC binary protocol (Jupiter receiver) for high precision: (I will probably have a crack at doing this when time permits... I'm bedding in a GPSDO unit based on the Jupiter, wi... Bruce Simpson
06:05 PM Bug #6568 (Not a Bug): NanoBSD image unconditionally enables comconsole.: OK, first of all, I appreciate the hard work you guys have done on cleaning up the backend implementation.
However... Bruce Simpson
04:59 PM Bug #6538: tcpdump needs update -- cannot decode most IPv6 RA options: OK, so having run headfirst into the bsdconfig wall, I had a rethink about how to express what this ticket is really ... Bruce Simpson
09:09 AM Bug #6538: tcpdump needs update -- cannot decode most IPv6 RA options: (From a strictly "consumer of tech" point of view, relying on the base system for this is probably going to cause mor... Bruce Simpson
04:22 PM Bug #6553 (Resolved): net.inet.ip.dummynet.pipe_slot_limit can't be set manually, should be automatic: works Chris Buechler
02:40 PM Bug #6364 (Resolved): PHP Fatal error: Allowed memory size of 268435456 bytes exhausted (tried to allocate 32 bytes) in /usr/local/www/status_carp.php on line 261: works.
Thanks for the additional confirmation, Zeev. Chris Buechler
02:14 AM Bug #6364: PHP Fatal error: Allowed memory size of 268435456 bytes exhausted (tried to allocate 32 bytes) in /usr/local/www/status_carp.php on line 261: Hello,
i added your changes and looks like it works. Chris you are the king :) Zeev Zalessky
01:34 PM Bug #6564 (Duplicate): Alias URL TABLE(IP) failed loading when WebGUI set to HTTPS: duplicate of #4766 Chris Buechler
03:54 AM Bug #6564 (Duplicate): Alias URL TABLE(IP) failed loading when WebGUI set to HTTPS: After setting System -> Advanced -> Protocol to HTTPS
the download of Alias URL TABLES(ip) does not work anymore whe... Stefan Heck
01:26 PM Bug #2005 (Resolved): URL aliases need validation of fetched data: this was done in pieces across several releases since then, especially in 2.3x+. Chris Buechler
01:13 PM Bug #6567 (Not a Bug): Dual Wan Gateway Monitor is offline: probably just need to set the ping payload.
https://forum.pfsense.org/index.php?topic=110043.0
no indication of ... Chris Buechler
10:20 AM Bug #6567 (Not a Bug): Dual Wan Gateway Monitor is offline: Hello, i am running on pfsense 2.3.1_5_amd64 (latest) and when i switch on dual gateway, the gateways status is offli... Jacob Green
01:09 PM Feature #6561: diag_dns.php IPv6 support: The create alias stuff is still broken due to gethostbyname() usage. Kill Bill
11:08 AM Bug #6495: No default route on PPPoE after reconnect or IP change in some cases: Hi Chris,
system log added. :)
Thanks,
Mario (Marlenio) Mario Lener
09:05 AM pfSense Packages Feature #6555: Support IEEE 1588: See also [[https://redmine.pfsense.org/issues/6554]] Bruce Simpson
09:01 AM pfSense Packages Feature #6555: Support IEEE 1588: Here is how I get around the lack of GUI integration at the moment.
(Requires mode7 support on loopback is re-enable... Bruce Simpson
09:04 AM Feature #6554: Reintroduce NTP mode7 for IEEE 1588 PTPd interop: See attached hack. Bruce Simpson
07:18 AM Bug #6566 (Duplicate): Cloudflare DnyDNS Update with subdomains: If a host such as ip.example.co.uk is used for the cloudflare dynamic dns update the zone_id will fail to be returned... Euan Kerr
04:32 AM Bug #6565: OpenVPN calculates incorrect TCP checksums when running in bridged/tap mode with 'mode server': Chris Buechler wrote:
> with tap I'm guessing? That's not the case with tun. Any IP assigned to the server itself is... Geoff Jones
04:31 AM Bug #6565: OpenVPN calculates incorrect TCP checksums when running in bridged/tap mode with 'mode server': with tap I'm guessing? That's not the case with tun. Any IP assigned to the server itself is affected (tap IP, LAN IP... Chris Buechler
04:17 AM Bug #6565 (Closed): OpenVPN calculates incorrect TCP checksums when running in bridged/tap mode with 'mode server': When a connected OpenVPN client attempts to establish a TCP connection with a pfSense OpenVPN server, the server resp... Geoff Jones
04:09 AM Bug #6559: OpenVPN 'mode server' directive missing: Generated config:... Geoff Jones
04:06 AM Bug #6559: OpenVPN 'mode server' directive missing: Chris Buechler wrote:
> The config either ends up with "mode server" or "server-bridge" depending on the specifics o... Geoff Jones
02:59 AM Bug #6515 (Resolved): link_interface_to_vips slow with large numbers of VIPs: works Chris Buechler
02:48 AM Bug #6506 (Resolved): IPv6 static routes omit interface scope of link-local gateways: works Chris Buechler
02:46 AM pfSense Packages Bug #6562: Bug/Wrong description in the squid settings: Screenshot Author: http://docs.diladele.com/ Richard Eberhard
02:39 AM pfSense Packages Bug #6562 (Not a Bug): Bug/Wrong description in the squid settings: I think there is a wrong description or maybe a bug in the "certificate adapt" option in the squid https settings. He... Richard Eberhard
02:41 AM pfSense Packages Bug #6563 (Resolved): Squid still accepts sha1 certificates: Squid still accepts sha1 certificates.(Man in the middle proxy) I think this should be blocked by default for securit... Richard Eberhard
02:39 AM Bug #6558: Pf-sense 2.3 doesn't detect shutdow event with em driver and Intel Chipset 82574L: Chris Buechler wrote:
> subject isn't true in general, 82574L in the FW-7541 correctly detects link down and up. e10... Atlante Informatica
01:30 AM Feature #4044 (Resolved): Add UEFI support: exists and works in 2.4 Chris Buechler
01:23 AM Bug #6260 (Feedback): Namecheap Dynamic DNS does not accept * for hostname even though it is valid: merged a slightly modified fix from PR 2770
https://github.com/pfsense/pfsense/pull/2770
Not sure that suffices t... Chris Buechler
12:23 AM Feature #6388 (Feedback): Status / Dashboard save changes for all users: merged, thanks Phil Chris Buechler

06/29/2016

11:35 PM Feature #6561 (Resolved): diag_dns.php IPv6 support: diag_dns.php lacks IPv6 support. Merged from PR 3028
https://github.com/pfsense/pfsense/pull/3028
Thought we had ... Chris Buechler
10:46 PM Bug #6552: Invalid IPv6 address formats possible: Pull request https://github.com/pfsense/pfsense/pull/3029
Fixes handling of (what should be invalid) formats:
1:2... Phillip Davis
10:27 PM Feature #6560 (Feedback): Add php shell sessions to enable and disable Persistent CARP Maintenance Mode: added. Since it's a trivial addition and not a feature that can introduce regressions, merged to 2_3_1 as well. Chris Buechler
07:15 PM Feature #6560 (Resolved): Add php shell sessions to enable and disable Persistent CARP Maintenance Mode: It would be very useful to be able to do this from the CLI when the GUI is unavailable. Steve Wheeler
07:42 PM Bug #6364 (Feedback): PHP Fatal error: Allowed memory size of 268435456 bytes exhausted (tried to allocate 32 bytes) in /usr/local/www/status_carp.php on line 261: restored 2.2.x and prior's method of obtaining the nodes, which will prevent it from running out of memory. Chris Buechler
07:31 PM Bug #6551 (Resolved): Invalid IPv6 address can be entered: This all looks good now. All the test cases that were wrong previously are correct now, and no apparent regressions. Chris Buechler
04:02 PM Bug #6495: No default route on PPPoE after reconnect or IP change in some cases: Hi Chris,
new update in thread-
--
Mario (Marlenio)
Mario Lener
02:50 PM Bug #6558 (Not a Bug): Pf-sense 2.3 doesn't detect shutdow event with em driver and Intel Chipset 82574L: subject isn't true in general, 82574L in the FW-7541 correctly detects link down and up. e1000 in VMware ESX and Work... Chris Buechler
10:24 AM Bug #6558 (Not a Bug): Pf-sense 2.3 doesn't detect shutdow event with em driver and Intel Chipset 82574L: Hi All,
as described in the title, with the 2.3 version of PF-Sense when you unplug an Ethernet cable from a gigab... Atlante Informatica
02:45 PM Bug #6559 (Feedback): OpenVPN 'mode server' directive missing: The config either ends up with "mode server" or "server-bridge" depending on the specifics of your config. That's in ... Chris Buechler
12:32 PM Bug #6559: OpenVPN 'mode server' directive missing: Jim Pingle wrote:
> What are the exact settings in use on the OpenVPN server that lead to it being omitted when yo... Geoff Jones
12:15 PM Bug #6559: OpenVPN 'mode server' directive missing: It's not quite that simple. There are cases when it must be omitted as well, such as some tap bridge scenarios, or Op... Jim Pingle
12:09 PM Bug #6559: OpenVPN 'mode server' directive missing: Workaround is to set 'mode server' in the advanced options section. Geoff Jones
12:01 PM Bug #6559 (Not a Bug): OpenVPN 'mode server' directive missing: When creating a new OpenVPN server, the "server mode" web interface drop down does not influence the written configur... Geoff Jones
01:19 PM Bug #6557: nanobsd upgrades may fail from lacking resolv.conf: The situation where they fail is where DNS Forwarder or Resolver are not bound to localhost. If resolv.conf doesn't e... Chris Buechler
08:15 AM Bug #6540: Virtual IPs -> Edit does not allow upper-case IPv6 digits: At the moment the user can input a "full" IPv6 address "uncompressed" and it is saved just like that, e.g.:
1:2:3:4:... Phillip Davis
04:52 AM Feature #336: Option to create lagg under assign interfaces: Just to chime in, we're in the process of upgrading loads of our pfSense installs to use LAGG from single links; this... Rob Emery
12:59 AM Bug #6317 (Feedback): vlan/track interface generates error "Can't assign requested address" during boot: PR confirmed and merged Chris Buechler

06/28/2016

11:14 PM Bug #6468: Firewall scheduler allows you to set invalid time range: @Erik: If someone puts the validation code in place to check text-entries in those boxes for validity, then they coul... Phillip Davis
04:07 PM Bug #6468: Firewall scheduler allows you to set invalid time range: @Philip: Even if it was not an intention, it was best what happened. It was definitively easier to modify one single ... Erik Ruedin
10:00 PM Bug #6543: Some leases do not show up in DHCPv6 Lease status: Axel: could you email me an unsanitized copy of your dhcpd6.leases? cmb at pfsense dot org. Nothing immediately stick... Chris Buechler
04:26 PM Bug #6543: Some leases do not show up in DHCPv6 Lease status: I like to statically assign DHCPv6 addresses to some devices on my network. But finding the DUID can sometimes be cha... Axel Taferner
01:42 PM Bug #6543: Some leases do not show up in DHCPv6 Lease status: I'd have to get back to you on that -- e.g. putting a watch on the file contents. There have clearly been leases miss... Bruce Simpson
01:13 PM Bug #6543: Some leases do not show up in DHCPv6 Lease status: Need some examples, what's shown in dhcpd6.leases that doesn't show on the status page?
Chris Buechler
10:37 AM Bug #6543: Some leases do not show up in DHCPv6 Lease status: I've experienced this same issue, in my case it is not limited to mobile devices. I've had this happen with a Macbook... Axel Taferner
09:17 PM Bug #6557 (Resolved): nanobsd upgrades may fail from lacking resolv.conf: resolv.conf may not exist or be populated in the chroot of nanobsd upgrades on 2.3.x+. pkg uses that for fetching the... Chris Buechler
09:15 PM Bug #6505 (Feedback): dpinger - socket name too large: Thanks Daniel! Looks good, merged to all 3 branches. Chris Buechler
06:13 PM Bug #6505: dpinger - socket name too large: The bug has been traced down and fixed. Pull Request is up (ICLA already signed).
https://github.com/pfsense/pfsense... Daniel Hoffend
05:10 PM Feature #6556 (Duplicate): Support Duo Security two-factor authentication for local user database: We have started evaluating Duo Security, starting with the duo-unix PAM module package.
It would be extremely usef... Bruce Simpson
05:05 PM pfSense Packages Feature #6555 (New): Support IEEE 1588: pfSense should include a package (and GUI) for driving IEEE 1588 PTPd. This is currently available as a FreeBSD packa... Bruce Simpson
05:03 PM Feature #6554 (New): Reintroduce NTP mode7 for IEEE 1588 PTPd interop: It should be possible to selectively re-enable Mode 7 packets. This allows PTPd to take time from NTPd on the node. T... Bruce Simpson
03:46 PM Bug #6553 (Feedback): net.inet.ip.dummynet.pipe_slot_limit can't be set manually, should be automatic: fix pushed Chris Buechler
03:44 PM Bug #6553 (Resolved): net.inet.ip.dummynet.pipe_slot_limit can't be set manually, should be automatic: net.inet.ip.dummynet.pipe_slot_limit only exists after dummynet is kldloaded, which comes after the sysctls are appli... Chris Buechler
01:29 PM Bug #6551 (Feedback): Invalid IPv6 address can be entered: Chris Buechler
02:50 AM Bug #6551: Invalid IPv6 address can be entered: Pull request https://github.com/pfsense/pfsense/pull/3026 has a proposed fix and longer explanation. Phillip Davis
02:49 AM Bug #6551 (Resolved): Invalid IPv6 address can be entered: For example, add a host alias, in the IP Address or FQDN box of the 1st entry put:
1:2:3:xy:4:5:6:7:8
This is acc... Phillip Davis
07:31 AM Bug #6552 (Resolved): Invalid IPv6 address formats possible: Add a host alias, in the IP Address or FQDN box of the 1st entry put:
1:2:3:::4:5:6:8 or 1:2:3:4:5:6:::8 or simila... Phillip Davis
06:51 AM Bug #6550 (Not a Bug): Bandwidth LAN IN/OUT reversed: As noted above, it is correct as-is. Jim Pingle
02:46 AM Bug #6550: Bandwidth LAN IN/OUT reversed: It is correct - there is ~10 MB/s of data (download) coming in WAN (from the internet) and then that ~10 MB/s is goin... Phillip Davis
02:20 AM Bug #6550 (Not a Bug): Bandwidth LAN IN/OUT reversed: See attached screen shot.
WAN IN 10.14 MB/s
LAN OUT 10.11 MB/s
LAN IN 292.99 KB/s
LAN IN should be 10.11 MB/s Byron Johnson

06/27/2016

08:06 PM Bug #6549 (Resolved): fstab is missing post-install: There is no /etc/fstab post-install on 2.4. Chris Buechler
08:03 PM Bug #6548 (Confirmed): Enclosed delimiters not protected in DHCP client advanced options: I was already looking at those, taking Chris Buechler
07:44 PM Bug #6548 (Resolved): Enclosed delimiters not protected in DHCP client advanced options: Issue:
Interface advanced dhcp client configuration
https://forum.pfsense.org/index.php?topic=87570
Two Availabl... NOYB NOYB
05:53 PM Bug #6505: dpinger - socket name too large: Looking at the code from dpinger it seems that this is not something we really can count on.
https://github.com/de... Daniel Hoffend
05:19 PM Bug #6506: IPv6 static routes omit interface scope of link-local gateways: Manuelly applied the change to my system.inc file. Seems to work. The static routes using a dynamic IPv6 WAN Gateway ... Daniel Hoffend
03:17 PM Bug #6540: Virtual IPs -> Edit does not allow upper-case IPv6 digits: Specific text is in https://tools.ietf.org/html/rfc5952#section-4.3
Kicking back to ISP (who may blame their IPAM ... Bruce Simpson
03:09 PM Bug #6540: Virtual IPs -> Edit does not allow upper-case IPv6 digits: Good point re RFC -- I'll have to kick that back to them. It is a Standards Track RFC after all.
Bruce Simpson
01:51 PM Bug #6540: Virtual IPs -> Edit does not allow upper-case IPv6 digits: RFC 5952, uppercase is forbidden. This is true in all the screens that accept IPv6 addresses or networks.
We ough... Chris Buechler
05:57 AM Bug #6540 (Resolved): Virtual IPs -> Edit does not allow upper-case IPv6 digits: I noticed that the address fields in the Virtual IPs edit screen reject upper-case hex digits in IPv6 addresses.
T... Bruce Simpson
02:09 PM Bug #6535 (Not a Bug): github pullrequests, please pull or comment: we're working through them. Chris Buechler
02:01 PM Bug #6534 (Not a Bug): DNS resolver doesn't returns AAAA records: subject isn't true, there is a separate ticket for the DNS lookup page not supporting IPv6. Chris Buechler
01:53 PM pfSense Packages Feature #6537: Suricata does not autopopulate IP Reputation list from Emerging Threats on rules update: Tried importing manually, this does not work the way one would expect. Please close. John Silva
01:46 PM Bug #6538 (Not a Bug): tcpdump needs update -- cannot decode most IPv6 RA options: we ship what's included in the FreeBSD version used. Chris Buechler
05:51 AM Bug #6538 (Not a Bug): tcpdump needs update -- cannot decode most IPv6 RA options: The version of tcpdump/libpcap in 2.3.1-x is lagging; this makes debugging IPv6 turn-ups slightly more difficult.
... Bruce Simpson
11:23 AM pfSense Packages Bug #6547 (Resolved): syslog-ng log browser only shows the first few lines: The log browser in the package tab only shows the first few lines for each log target.
Right now, it's easier to u... Bruce Simpson
11:21 AM Feature #6546 (Closed): pfSense should support logging to e.g. ELK stacks: pfSense logging is based around the FreeBSD base system's syslogd logging daemon.
This can be tricky to integrate ... Bruce Simpson
07:04 AM Feature #6545 (Needs Patch): Show active sessions and manually disconnect option to PPPoE server: As far as I can see, this is not currently possible with mpd. If you need this sort of functionality, you'll have to ... Jim Pingle
06:57 AM Feature #6545 (Needs Patch): Show active sessions and manually disconnect option to PPPoE server: Hello,
It will be great to have "Users Logged In" option to PPPoE server services as Captive portal.
It could h... Joel AGBESSI
06:55 AM Bug #6541: IPv6 RAs always include on-link prefix; clients may not use DHCPv6 managed addresses: First two sentences above are reversed -- my bad.
TL;DR -- a Cisco will let you advertise 'M' *and only 'M'*, caus... Bruce Simpson
06:04 AM Bug #6541 (New): IPv6 RAs always include on-link prefix; clients may not use DHCPv6 managed addresses: pfSense IPv6 RA support in 2.3.1-x correctly includes the 'M' (Managed) bit in its advertisements.
By contrast, Ci... Bruce Simpson
06:12 AM Feature #6544 (New): RFC 3046 DHCP Option 82 support (and RFC 3315/4649/4580 for IPv6): We use an HPE switch to implement MAC layer security. It is configured to snoop DHCP request & inject Option 82 (RFC ... Bruce Simpson
06:07 AM Bug #6543 (Resolved): Some leases do not show up in DHCPv6 Lease status: I have noticed from time-to-time that some IPv6 devices have taken a DHCPv6 dynamic lease, and do not show up in the ... Bruce Simpson
06:05 AM Bug #6542 (Closed): Cannot revoke DHCPv6 leases from the GUI: (We understand there's a fix in progress for this, at least for IPv4.)
The DHCPv6 lease status tab lacks an option... Bruce Simpson
05:55 AM Feature #6539 (New): ICMPv6 filtering requires multiple rules - no range support: (This may also be a shortcoming in PF itself).
Currently there is no way to specify an ICMPv6 type range in the GU... Bruce Simpson

06/26/2016

01:31 PM Bug #6534: DNS resolver doesn't returns AAAA records: oh.. maybe for the same reason is not possible to resolve ipv6 addresses in firewall log... Luca Moncelli
11:43 AM Bug #6536 (Resolved): update + reboot, did not trigger the webgui 90 second countdown: Anonymous
10:23 AM Bug #6536: update + reboot, did not trigger the webgui 90 second countdown: Oké thanks, confirmed fixed when i updated today to "built on Sun Jun 26 08:40:49 CDT 2016" it worked as expected. Pi Ba

06/25/2016

10:49 PM pfSense Packages Bug #6521: pfsense 2.3.1 squidguard -> Groups ACL -> Target Rules List missing...: It works if I change
squidguard_before_form_acl($pkg); to squidguard_before_form_acl($pkg,false);
in
/usr/local/pk... Lars Heer
06:01 PM pfSense Packages Feature #6537 (Rejected): Suricata does not autopopulate IP Reputation list from Emerging Threats on rules update: The snort rules update process auto-populates the ET IP reputation list into SNORT_IPREP_PATH on rules update. Suric... John Silva
05:58 PM Bug #6536 (Feedback): update + reboot, did not trigger the webgui 90 second countdown: Thanks. This was fixed earlier this week and should be good in any snapshot since then. Anonymous
03:43 PM Bug #6536 (Resolved): update + reboot, did not trigger the webgui 90 second countdown: update + reboot, did not trigger the webgui 90 second countdown
Coming from a snapshot about 5 days old i think now ... Pi Ba
03:28 PM Bug #6495: No default route on PPPoE after reconnect or IP change in some cases: Hi Chris,
i post in open thread, but in my setup the file you ask isn't present.
--
Mario (Marlenio) Mario Lener
01:41 PM pfSense Packages Bug #6305: Quagga problems updating routes / mistakenly showing "kernel"-routes while they are not: Okay ... I have to set-up already that if i upgrade the package back to the new one, the issue will happen. Jim ... ... Reqlez Guy
09:40 AM Bug #6535 (Not a Bug): github pullrequests, please pull or comment: github pullrequests, please pull or comment
There are quite a few pullrequests pending on github without any reaso... Pi Ba
08:21 AM Bug #6534: DNS resolver doesn't returns AAAA records: Unbound returns AAAA records just perfectly fine as you can see from shell (using host, drill or whatever). That page... Kill Bill
07:47 AM Bug #6534 (Not a Bug): DNS resolver doesn't returns AAAA records: DNS resolver doesn't returns AAAA records.
From web gui: Diagnostics --> DNS Lookup
If FQDN has A and AAAA records ... Luca Moncelli
01:57 AM Feature #6210: create user privilege for only DNS Host and Domain Overrides in DNS Resolver: Sorry, but it shouldn't have been merged in the first place. There is discussion on the forum NOYB linked as to why. ... Chris Buechler
12:31 AM Feature #6533 (Resolved): Allow configuration of Min and MaxRtrAdvInterval, AdvDefaultLifetime: The RA page should allow configuration of Min and MaxRtrAdvInterval. Chris Buechler
12:31 AM Bug #6516 (Resolved): Calendar date picker on system_usermanager.php only works in Chrome: works in Chrome, Firefox, Safari, Opera and IE. Chris Buechler
12:29 AM Bug #6532 (Not a Bug): LAN rule with gateway left at default stops traffic.: subject is definitely not true, please post to the forum for troubleshooting assistance. Chris Buechler
12:10 AM Bug #6532 (Not a Bug): LAN rule with gateway left at default stops traffic.: I have a LAN rule where a specific host goes over a VPN gateway.
The rule is super LAN simple - IPv4 *, source ho... Dan .

06/24/2016

11:42 PM Bug #6513 (Resolved): IKE mode auto omits aggressive from ipsec.conf: works Chris Buechler
11:40 PM Bug #6499 (Resolved): pf fragment states not purged: fixed Chris Buechler
11:31 PM Bug #6494 (Confirmed): Hang during bootup on lock('filter.lock'): Nice catch, Harry.
Looks like this should be easy to fix, Luiz please review. Chris Buechler
09:22 PM Bug #6494: Hang during bootup on lock('filter.lock'): I've got a case that hangs every type as noted above. And I have a patch.
/cf/hc_filterlog:
#!/bin/tcsh
3>&-... Harry Coin
11:02 PM Bug #6531 (Feedback): Kill states doesn't work for states with translated destination: fix pushed Chris Buechler
11:01 PM Bug #6531 (Resolved): Kill states doesn't work for states with translated destination: diag_dump_states.php kill states passes the srcip and destip to pfSense_kill_states in all cases. That doesn't match ... Chris Buechler
10:47 PM Bug #6530 (Feedback): Kill states doesn't work for 'in' direction: also fixed the column header description.
Chris Buechler
10:17 PM Bug #6530 (Resolved): Kill states doesn't work for 'in' direction: diag_dump_states.php gets source and destination wrong on the kill states option for the 'in' direction. Chris Buechler
08:34 PM Feature #6210: create user privilege for only DNS Host and Domain Overrides in DNS Resolver: If you wish to discuss it, options, and alternatives.

New DNS Resolver Overrides Page
https://forum.pfsense.o... NOYB NOYB
04:43 PM Bug #6529 (Confirmed): dhcp6c fails to start with track6 on a bridge interface: Chris Buechler
02:32 PM Bug #6529 (Duplicate): dhcp6c fails to start with track6 on a bridge interface: I noticed today that IPv6 wasn't working, and found this in the dhcpd log.... Kai Groner
03:45 PM Bug #6495: No default route on PPPoE after reconnect or IP change in some cases: Hi Chris,

> > I'm not sure what circumstance triggers this, but judging by the number of reports in that thread t... Mario Lener
07:51 AM Bug #6177: pkg update checking with no Internet access kills web GUI: edit. Nicola Bressan
07:50 AM Bug #6177: pkg update checking with no Internet access kills web GUI: edit Nicola Bressan
07:46 AM Bug #6177: pkg update checking with no Internet access kills web GUI: Chris Buechler wrote:
> IPv6 works just fine on pkg.pfsense.org. You're not hitting the issue here, please start a... Nicola Bressan
05:46 AM Bug #6528 (Resolved): The captive portal cannot be used on interface lan since it is part of a bridge but works anyway: Hello,
I've setup a captive portal on my LAN interface.
Later, I've setup a OpenVPN tap connection where the tap1... Orsiris de Jong
01:36 AM Bug #6506 (Feedback): IPv6 static routes omit interface scope of link-local gateways: fix pushed to always include interface scope on static routes to a link local v6 gateway IP. Chris Buechler

06/23/2016

10:38 PM pfSense Packages Bug #6527: Squid 3.5 - Deprecated "ssl_bump server-first all" don't allow SNI in transparent mode with HTTPS/SSL Interception: Edited in order to add more information about ssl peek and splice
http://wiki.squid-cache.org/Features/SslPeekAndS... Michael Epstein
08:51 PM pfSense Packages Bug #6527 (Resolved): Squid 3.5 - Deprecated "ssl_bump server-first all" don't allow SNI in transparent mode with HTTPS/SSL Interception: As described in the squid wiki, "ssl_bump server-first all" is deprecated in squid 3.5+
http://wiki.squid-cache.or... Michael Epstein
05:55 PM Feature #6210: create user privilege for only DNS Host and Domain Overrides in DNS Resolver: Chris Buechler wrote:
> This isn't desirable. We don't want to add yet another new menu item, for a use case that I ... Joe Passavanti
05:28 PM Feature #6210 (Rejected): create user privilege for only DNS Host and Domain Overrides in DNS Resolver: This isn't desirable. We don't want to add yet another new menu item, for a use case that I think you're the only per... Chris Buechler
03:32 PM Bug #6177: pkg update checking with no Internet access kills web GUI: Nicola Bressan wrote:
> I've experienced a similar issue.
>
> can you have a look in it?
> or maybe fix IPv6 ans... Chris Buechler
02:36 AM Bug #6177: pkg update checking with no Internet access kills web GUI: hello,
I've experienced a similar issue.
pfSense 2.3.1_5
IPv6 tunnel configured
pfSense in GUI was checking ... Nicola Bressan
07:35 AM Bug #6400: assign_interfaces.php issues with large numbers of interfaces: Maybe this is somehow related to https://redmine.pfsense.org/issues/6515
When submitting a change in interfaces_assi... Phillip Davis
06:46 AM Bug #6400: assign_interfaces.php issues with large numbers of interfaces: We have been doing some testing on one of our sites.
Under 2.2.4 no issue with 100 vlans, under 2.3.1-RELEASE-p5 a... Gareth Hay
06:51 AM Feature #6526 (Closed): pfSense Update information via SNMP: For automatic update checking with monitoring systems like Icinga it would be great to have the update status of the ... Jan Vonde
06:16 AM Bug #6520: Time out when trying to look at interfaces_assign.php: We have been doing some testing on one of our sites.
Under 2.2.4 no issue with 100 vlans, under 2.3.1-RELEASE-p5 a... Gareth Hay
05:53 AM Bug #6495: No default route on PPPoE after reconnect or IP change in some cases: Same here. After reconnect (PPPoE) there was no default route set. Dmitriy K
04:16 AM Bug #6525: Mobile web interface can't scroll down all items in sub-menus: ok let's wait for this then! Nicola Bressan
04:11 AM Bug #6525: Mobile web interface can't scroll down all items in sub-menus: I have some code under review that allows custom GUI preference settings per user.
https://redmine.pfsense.org/issue... Phillip Davis
03:31 AM Bug #6525: Mobile web interface can't scroll down all items in sub-menus: yes that solves the problem, but I find very handy to have it fixed when I use it with a normal web browser at home a... Nicola Bressan
03:22 AM Bug #6525: Mobile web interface can't scroll down all items in sub-menus: Try changing System->General Setup, webConfigurator section, Top Navigation. Set it to "Scrolls with page". That shou... Phillip Davis
02:54 AM Bug #6525 (Resolved): Mobile web interface can't scroll down all items in sub-menus: When accessing pfSense web interface from mobile device and selecting a menu with long list of items (like "Services"... Nicola Bressan
04:12 AM Feature #6388: Status / Dashboard save changes for all users: Note: New pull request https://github.com/pfsense/pfsense/pull/3018 has the proposed solution all in 1 commit that is... Phillip Davis

06/22/2016

11:56 PM Bug #6506 (Confirmed): IPv6 static routes omit interface scope of link-local gateways: confirmed, thanks Chris Buechler
05:47 PM Bug #6506: IPv6 static routes omit interface scope of link-local gateways: No, with pushed to the system i mean: When the static route that you've added using the WebUI is getting added to the... Daniel Hoffend
08:08 PM Bug #6523 (Resolved): Firewall/Aliases/Ports: Unclear description and/or result of desired format: clarified hint Chris Buechler
08:06 PM Bug #6523 (Confirmed): Firewall/Aliases/Ports: Unclear description and/or result of desired format: It works as it always has, and as intended. Each box can only contain a single port or range.
I'll clarify the de... Chris Buechler
08:11 AM Bug #6523 (Resolved): Firewall/Aliases/Ports: Unclear description and/or result of desired format: Current hint is: "Enter as many ports as desired. Port ranges can be expressed by separating with a colon."
Expect... Prince Adam
07:01 PM Bug #6524 (Not a Bug): 192.168.100.0/24 subnet with Cable Modem WAN un-workable: it's workable just fine. You can't have the same subnet on two diff interfaces of any firewall/router. You have some ... Chris Buechler
06:12 PM Bug #6524 (Not a Bug): 192.168.100.0/24 subnet with Cable Modem WAN un-workable: So here is the scenario i ran into today.
Customer Subnet is 192.168.100.1/24
Customer WAN IP is 174.77.55.XX6/28... Xander Venterus
06:57 PM Bug #6509 (Resolved): Status monitoring not displaying graphs: No problem, thanks for checking. Marking as resolved. Jared Dillard
04:16 AM Bug #6509: Status monitoring not displaying graphs: Thx, todays snap is OK. Greg M
04:42 PM Bug #6495: No default route on PPPoE after reconnect or IP change in some cases: Just to let you know, unfortunately this hasn't solved my issue, and the line is dead again. Michael Knowles
01:29 PM Bug #6495: No default route on PPPoE after reconnect or IP change in some cases: Hi Chris,
> I'm not sure what circumstance triggers this, but judging by the number of reports in that thread ther... Mario Lener
06:57 AM Bug #6495: No default route on PPPoE after reconnect or IP change in some cases: Yep, it's static in as much as it's supposed not to alter, and is the way that most "static IP" addresses are dished ... Michael Knowles
05:30 AM Bug #6495: No default route on PPPoE after reconnect or IP change in some cases: Michael Knowles wrote:
> p.s. - The ADSL i'm using in this instance has a "static IP" delivered from the ISP via DHC... Mario Lener
05:13 AM Bug #6495: No default route on PPPoE after reconnect or IP change in some cases: p.s. - The ADSL i'm using in this instance has a "static IP" delivered from the ISP via DHCP (or whatever mechanism i... Michael Knowles
05:10 AM Bug #6495: No default route on PPPoE after reconnect or IP change in some cases: Hi,
I'm the author of Bug #6423. This bug sounds remarkably similar to my symptoms.
I'm going to get the onsit... Michael Knowles
02:14 PM Bug #6099: igmpproxy does not recognize upstream interface: As said my provider is using IGMPv3 which I cannot get to work (so I will stay on 2.2.6 for the time being).
I've ... Victor Toni
02:04 PM Bug #6099: igmpproxy does not recognize upstream interface: Greg Myran wrote:
> I want to thank you again for your efforts.
You're welcome,
> I've moved my multicast traffic... Victor Toni
08:23 AM Bug #6520: Time out when trying to look at interfaces_assign.php: Here are the logs :
Jun 22 15:21:51 fw2.ds nginx: 2016/06/22 15:21:51 [error] 21284#0: *121 upstream timed out (60: ... Axel Duez
04:34 AM Bug #6520 (Duplicate): Time out when trying to look at interfaces_assign.php: Hello,
Since the update in 2.3, I get a time out when trying to reach interfaces_assign.php. Then the whole web inte... Axel Duez
07:50 AM Feature #6504: services_dhcp.php: DHCP Static Mappings table should be sortable: Applied in changeset commit:55f67b5abd9b809807e328477779d97120908273. Anonymous
07:41 AM Feature #6504 (Feedback): services_dhcp.php: DHCP Static Mappings table should be sortable: Table is now sortable as requested Anonymous
07:39 AM Feature #6504 (Assigned): services_dhcp.php: DHCP Static Mappings table should be sortable: Anonymous
07:21 AM Bug #6522 (Not a Bug): Mobile IPSec with PSK does not supply option to provide PSK: With plain PSK auth you enter the Identifiers and keys on the PSK tab and/or in the PSK field on accounts in the user... Jim Pingle
06:52 AM Bug #6522 (Not a Bug): Mobile IPSec with PSK does not supply option to provide PSK: When I create the IPsec for the mobile clients, I choose PSK as Phase1 security. However, I cannot select any predefi... Alex Z
07:19 AM Feature #6519: SSD TRIM option via GUI: Hi Jim,
You made the right considerations. I'll continue to use the manual option.
Thanks in advance,
--
Mario Mario Lener
07:12 AM Feature #6519 (Rejected): SSD TRIM option via GUI: No, it is not. The option cannot be changed while the disk is mounted. Also, hardware support for TRIM is not univers... Jim Pingle
04:23 AM Feature #6519 (Rejected): SSD TRIM option via GUI: Hi,
It would be possible to add an option to enable TRIM SSD in the GUI instead of via command line? Mario Lener
06:30 AM Bug #6516: Calendar date picker on system_usermanager.php only works in Chrome: Applied in changeset commit:53c38ff16c1eb8743e69d506f69167c88cf34910. Anonymous
06:28 AM Bug #6516 (Feedback): Calendar date picker on system_usermanager.php only works in Chrome: HTML5 datepicker replaced with jQuery widget. It seems that Chrome and Opera are the only browsers that implement the... Anonymous
06:23 AM Feature #2358: NAT64 support: UPVOTE Alex Kolesnik
05:28 AM pfSense Packages Bug #6521 (New): pfsense 2.3.1 squidguard -> Groups ACL -> Target Rules List missing...: The clickable "Target Rules List" field in menu "Groups ACL" disappears if more than 3 "Target categories" are define... Lars Heer
02:58 AM Bug #6518 (Closed): IPsec phase 1 VPN not working with IPv6+DNS with "My IP Address" as identifier: Hi,
I'm running pfSense : ... Sébastien Boulet
12:16 AM Bug #6499: pf fragment states not purged: Dmitriy K wrote:
> This fix wont be pushed in current stable?
Needed to be confirmed in 2.3.2 snapshots first.
... Chris Buechler
12:12 AM Bug #6476: Editing an IPSec phase 2 entry fails: Waldo Nell wrote:
>
> string(10) "10.200.1.1"
> int(16)
that's correct, and exactly what it's checking for the... Chris Buechler
12:01 AM pfSense Packages Feature #6502 (Closed): Add samba in the available packages: a firewall isn't a NAS, trying to be one isn't of interest. Chris Buechler

06/21/2016

11:57 PM Bug #6506: IPv6 static routes omit interface scope of link-local gateways: Daniel Hoffend wrote:
> when a static route gets pushed to the system
What do you mean by "pushed to", that via ... Chris Buechler
11:54 PM Bug #6516: Calendar date picker on system_usermanager.php only works in Chrome: It's probably similar to this: https://forum.pfsense.org/index.php?topic=112358.0.
It could be replaced with the ... Jared Dillard
08:05 PM Bug #6516 (Resolved): Calendar date picker on system_usermanager.php only works in Chrome: The calendar date picker on system_usermanager.php doesn't show up in any browser other than Chrome from the looks of... Chris Buechler
11:53 PM Bug #6507 (Confirmed): GRE and GIF tunnels on dynamic IPv6 interface are not brought up during boot: Chris Buechler
11:43 PM Feature #6365: Current images do not install on UEFI Machines: Tomas Ulicky wrote:
>
> Why deleted target version?
Duplicate closed tickets need that removed so it doesn't me... Chris Buechler
11:37 PM Bug #6510 (Resolved): Core files can fill up /var/run/: works Chris Buechler
10:30 AM Bug #6510 (Feedback): Core files can fill up /var/run/: Applied in changeset commit:a08208f81bcb2812bdda07e21b501447fb350408. Jim Pingle
10:23 AM Bug #6510 (Resolved): Core files can fill up /var/run/: In some cases, a process can crash and the resulting core file fills /var/run/ if that was the working directory for ... Jim Pingle
11:33 PM Bug #6514 (Resolved): services_captiveportal_zones_edit.php: Zone name cannot start with a number: works Chris Buechler
05:00 PM Bug #6514 (Feedback): services_captiveportal_zones_edit.php: Zone name cannot start with a number: Applied in changeset commit:f0a053846d6cde2724c47b5553e1395cfd21445c. Anonymous
03:29 PM Bug #6514 (Resolved): services_captiveportal_zones_edit.php: Zone name cannot start with a number: The zone name on services_captiveportal_zones_edit.php is used as an XML tag name and needs to follow the relevant st... Jim Pingle
11:09 PM Bug #6512: Upgrade to 2.3.1 causes network performance degradation (with High CPU usage by NIC kernel tasks): It's likely not one NIC driver that's in question, as there definitely aren't any issues with e1000, and probably not... Chris Buechler
04:30 PM Bug #6512: Upgrade to 2.3.1 causes network performance degradation (with High CPU usage by NIC kernel tasks): And perhaps this post has the same problem
https://forum.pfsense.org/index.php?topic=113529.0
Juan Gallego
03:46 PM Bug #6512: Upgrade to 2.3.1 causes network performance degradation (with High CPU usage by NIC kernel tasks): Obviously there's a performance regression. It may have to do with our hardware, but:
# This wasnt present on previ... Juan Gallego
03:36 PM Bug #6512 (Rejected): Upgrade to 2.3.1 causes network performance degradation (with High CPU usage by NIC kernel tasks): that's something to do with your combination of hardware, which isn't anything we support. There aren't any general p... Chris Buechler
03:22 PM Bug #6512 (Rejected): Upgrade to 2.3.1 causes network performance degradation (with High CPU usage by NIC kernel tasks): Hi,
Currently we have a 2-node pfsense system working in active/passive HA. This cluster was running pfsense v2.2.... Juan Gallego
11:04 PM Bug #6517 (Confirmed): Adding mobile IPsec phase 2 entries requires restart of strongswan: strongswan doesn't pick up the new leftsubnet config (though it's correctly shown in statusall) when doing a reload. ... Chris Buechler
10:06 PM Bug #6517 (Confirmed): Adding mobile IPsec phase 2 entries requires restart of strongswan: Using mobile IPsec on 2.3.1-RELEASE-p1 and using OS X 10.11.4 on the client side, I find that when I add additional P... Andreas Wintervold
10:07 PM Bug #6498 (Resolved): firewall_nat_npt_edit.php: IPv4 addresses can be entered, but the page is only for IPv6: works Chris Buechler
01:40 PM Bug #6498: firewall_nat_npt_edit.php: IPv4 addresses can be entered, but the page is only for IPv6: Applied in changeset commit:3e4adb7139b4cddbb06a2aba7e0727d1762b35ee. Anonymous
01:28 PM Bug #6498 (Feedback): firewall_nat_npt_edit.php: IPv4 addresses can be entered, but the page is only for IPv6: A new optional argument is supported for inputs of type IpAddress. $type can be "BOTH", "V4" or "V6" and will enforce... Anonymous
10:24 AM Bug #6498 (Assigned): firewall_nat_npt_edit.php: IPv4 addresses can be entered, but the page is only for IPv6: Anonymous
09:32 PM Bug #6495 (Confirmed): No default route on PPPoE after reconnect or IP change in some cases: I'm not sure what circumstance triggers this, but judging by the number of reports in that thread there is something.... Chris Buechler
07:41 PM Bug #6515 (Feedback): link_interface_to_vips slow with large numbers of VIPs: fix pushed. Confirmed that still does all the necessary actions, and eliminates the delays by not doing the same thin... Chris Buechler
07:39 PM Bug #6515 (Resolved): link_interface_to_vips slow with large numbers of VIPs: link_interface_to_vips when called with the update parameter calls interfaces_vips_configure once per VIP on the inte... Chris Buechler
06:28 PM pfSense Packages Bug #6511: In some circumstances the HAProxy clone front-end button can add blank list entries to the front end being cloned resulting in a config that cannot be applied.: It's not just that - the clone/duplicate/whatnot button is borked in general. E.g., when you "duplicate" an ACL, the ... Kill Bill
01:26 PM pfSense Packages Bug #6511 (Resolved): In some circumstances the HAProxy clone front-end button can add blank list entries to the front end being cloned resulting in a config that cannot be applied.: 1. The blank entries shouldn't be created.
2. The blank entries should be ignored on the backend.
See: RPL-94792 Steve Wheeler
04:16 PM Bug #6509 (Feedback): Status monitoring not displaying graphs: Thanks for taking the time to make a detailed report!
It looks like I was able to fix both issues and just pushed ... Jared Dillard
03:57 AM Bug #6509 (Resolved): Status monitoring not displaying graphs: Hi!
On latest snaps monitoring is not displaying graphs correctly when both axes are selected.
See attached scree... Greg M
03:26 PM Bug #6513 (Feedback): IKE mode auto omits aggressive from ipsec.conf: fix pushed Chris Buechler
03:24 PM Bug #6513 (Resolved): IKE mode auto omits aggressive from ipsec.conf: IKE mode auto omits aggressive from ipsec.conf, leaving it always disabled Chris Buechler
03:32 AM pfSense Packages Feature #6508 (Closed): OSPF v3 - Quagga OSPF6d: Hi,
Can you implement, in a future release, the OSPFv3 for IPv6?
In advance tank you Johann Vyncke
01:42 AM Bug #6496: Squid HTTPS Certificed enable Unable to determine IP address from host name http: Chris Buechler wrote:
> pretty sure that's a config issue, not a bug.
So what is the solution of this
I think it... Landforces turkuaz
01:29 AM Bug #3022: OpenVPN does not failover to the 2nd configured LDAP auth.server: Facing the same issue.
Currently we have 2 entries for 'Backend for authentication' selected (Active Directory domai... Sven Lennartz

Also available in: Atom

Project

General

Profile

pfSense

Activity

Activity

07/20/2016

07/19/2016

07/18/2016

07/17/2016

07/16/2016

07/15/2016

07/14/2016

07/13/2016

07/12/2016

07/11/2016

07/10/2016

07/09/2016

07/08/2016

07/07/2016

07/06/2016

07/05/2016

07/04/2016

07/03/2016

07/02/2016

07/01/2016

06/30/2016

06/29/2016

06/28/2016

06/27/2016

06/26/2016

06/25/2016

06/24/2016

06/23/2016

06/22/2016

06/21/2016