pfSense

08/17/2016

09:13 PM Bug #6725: DHCP Server > TFTP server name and custom dhcp options in GUI and in dhcpd.conf but missing on the wire

I confirm this is similar in 2.2.6 as well.
I added a made-up dhcp option on the LAN interface, and applied the ch... Criggie .

08:55 PM Bug #6725 (Rejected): DHCP Server > TFTP server name and custom dhcp options in GUI and in dhcpd.conf but missing on the wire

If configuring a TFTP server in the DHCP server settings (in my case for IP phones) the GUI accepts and applies the c... Jules Hoehn

07:35 PM Bug #6724: VLAN interface displayed wrong through interface assignment

That's a dumb bug in the way the str_replace() calls are stripping out all the "igb1" when "igb1" gets selected for a... Phillip Davis

06:02 PM Bug #6724 (Resolved): VLAN interface displayed wrong through interface assignment

On a fresh install of 2.3.2-RELEASE (amd64-full-install), there appears to be a bug at the VLAN assignments prompt. W... Clinton Cory

05:51 PM Feature #6723: Make OpenVPN widget update dynamically

Yes, that would be nice. I also agree that it has never updated automatically, I have always had to refresh the dashb... Phillip Davis

04:03 PM Feature #6723 (Resolved): Make OpenVPN widget update dynamically

https://forum.pfsense.org/index.php?topic=116955.0 Anonymous

05:46 PM Bug #6720: DHCPD Options in "Sub-"Pools ignored, dhcpd.conf does not contain informations, dhcpd therefore not serving

1) "domain-name-servers are listed twice" - yeh, I noticed that also. Should be fixed by pull request https://github.... Phillip Davis

03:52 AM Bug #6720: DHCPD Options in "Sub-"Pools ignored, dhcpd.conf does not contain informations, dhcpd therefore not serving

Dear Phillip Davis,
many thanks for your fast reaction and fix!
I've tested several combinations and can so far c... Harald Gutmann

02:50 PM Bug #6719 (Feedback): OpenVPN DNS Leak Windows 10

Applied in changeset commit:13ac08b8c500cd05f2a351d0d0d37f0d00514a55. Jim Pingle

12:36 PM pfSense Packages Bug #5749 (Resolved): OpenVPN Export Certs with password, password doesn't open .pk12 container.

New version is up, installed, confirmed working on a separate unit. Jim Pingle

12:25 PM pfSense Packages Bug #5749: OpenVPN Export Certs with password, password doesn't open .pk12 container.

I was able to reproduce the problem with "+" and confirmed that switching from escape() to encodeURIComponent() fixed... Jim Pingle

08:41 AM Bug #6691: dhcp6c quits after only two tries if no response was received

Had the same issue this morning. Log attached.
Glenn Matthys

07:04 AM Bug #6722 (Not a Bug): ntp sync

Please create a forum thread for discussion and diagnosis until a specific bug can be identified. I can't reproduce a... Jim Pingle

03:00 AM Feature #1831: Captive portal IPv6 support

Hi,
I think this is an important issue, I would like to see it as early as possible in pfsense, as IPV6 is an impo... Klaus Steinberger

12:59 AM pfSense Packages Bug #6690: SURICATA IPS Issue - Kills VLANS & Traffic Shaper

Sandeep K V wrote:
> Hi Steven Kreitzer and Jim Thompson isn't this the expected way the IPS has to work?
No, and... Steven Kreitzer

12:52 AM pfSense Packages Bug #6690: SURICATA IPS Issue - Kills VLANS & Traffic Shaper

Hi Steven Kreitzer and Jim Thompson isn't this the expected way the IPS has to work?
Sandeep K V

08/16/2016

10:50 PM Bug #6722: ntp sync

Aug 17 09:46:11 ntpd 30668 ntpd 4.2.8p8@1.3265-o Tue Jul 19 16:25:02 UTC 2016 (1): Starting
Aug 17 09:46:11 ntpd 306... nelson naval

09:50 PM Bug #6722 (Not a Bug): ntp sync

im newu ser of pfsense im having problem with ntp unable to snyc after update pfsense 2.2.6 to 2.3.2
thats my sys... nelson naval

01:18 PM pfSense Packages Bug #6721: Incorrect OpenBGPd package scripts prevent use of both IPv4 and IPv6

Steps to reproduce:
1. Install the latest OpenBGPd package;
2. Enter the needed settings, adding both IPv4 and IP... Luzemario Dantas

12:50 PM pfSense Packages Bug #6721: Incorrect OpenBGPd package scripts prevent use of both IPv4 and IPv6

Please read the title as: Incorrect OpenBGPd package scripts prevent use of both IPv4 and IPv6 - at the same time. Luzemario Dantas

12:40 PM pfSense Packages Bug #6721 (Needs Patch): Incorrect OpenBGPd package scripts prevent use of both IPv4 and IPv6

Symtoms of this bug can be seen in the post below:
[[https://forum.pfsense.org/index.php?topic=116900.0]]
To co... Luzemario Dantas

11:39 AM Bug #6719: OpenVPN DNS Leak Windows 10

I use mullvad vpn on one of my PCs which is running windows 10. As long as you are using openvpn 2.3.9 or newer, it h... Daryl Morse

09:22 AM Bug #6719 (Assigned): OpenVPN DNS Leak Windows 10

Ran some quick tests and both ways work so long as the client is current. With the option present, DNS queries only g... Jim Pingle

07:49 AM Bug #6719: OpenVPN DNS Leak Windows 10

All we could do is push the setting or add it to the config. Beyond that it's a Windows problem that isn't anything w... Jim Pingle

07:40 AM Bug #6719: OpenVPN DNS Leak Windows 10

I tried
*push block-outside-dns* @ pfSense & *setenv opt block-outside-dns* @ openVPN-Client
nslookup still tr... Moritz Hofmann

07:08 AM Bug #6719: OpenVPN DNS Leak Windows 10

Did you try the suggested fix on the ticket you linked? Put this in your advanced server config box:... Jim Pingle

02:51 AM Bug #6719 (Resolved): OpenVPN DNS Leak Windows 10

Windows 10 DNS resolver always uses local DNS server, which defeats the point of --redirect-gateway / Road-Warrior sc... Moritz Hofmann

10:10 AM Bug #6718: openvpn server exits if client has explicit-exit-notify 2 specified

OK I can reproduce that. From reading OpenVPN's docs and forum, explicit-exit-notify is *not* intended for use with S... Jim Pingle

09:14 AM Bug #6718: openvpn server exits if client has explicit-exit-notify 2 specified

server config as below:
shared key
udp
tun
1104 port
BF-CBC
SHA1
ipv4 tunnel entwork - 10.10.10.0/24
do not f... Bipin Chandra

08:44 AM Bug #6718 (Not a Bug): openvpn server exits if client has explicit-exit-notify 2 specified

I can't reproduce this at all. I added that directive to a client and the server keeps running afterward, no problems... Jim Pingle

12:43 AM Bug #6718 (Not a Bug): openvpn server exits if client has explicit-exit-notify 2 specified

i have 2 pfsense boxes where 1 is a openvpn server and the other a client, if the client config has explicit-exit-not... Bipin Chandra

09:55 AM Bug #6720: DHCPD Options in "Sub-"Pools ignored, dhcpd.conf does not contain informations, dhcpd therefore not serving

Please try the code at pull request https://github.com/pfsense/pfsense/pull/3112 - /etc/inc/services.inc - and report... Phillip Davis

08:45 AM Bug #6720: DHCPD Options in "Sub-"Pools ignored, dhcpd.conf does not contain informations, dhcpd therefore not serving

Looking in the code I found a couple of other things when I did some first looking:
1) A problem when specifying DDN... Phillip Davis

03:33 AM Bug #6720 (Resolved): DHCPD Options in "Sub-"Pools ignored, dhcpd.conf does not contain informations, dhcpd therefore not serving

Dear Maintainers,
we have recently discovered that pfsense 2.3.2-RELEASE does not treat Options in DHCP "Sub-"Pool... Harald Gutmann

08/15/2016

11:44 PM Bug #6717 (Resolved): Status / DHCPv6 Leases Issues

I'm running 2.3.3.a.20160815.2144 with PR 3102/1, 3102/2, 3103, 3105, 3106 and 3107, testing the fix for https://redm... Daryl Morse

07:37 PM Feature #3377: OAuth2 authentication in captive portal

Thomas NOEL wrote:
> In Captive Portal we have native, ldap and radius authentication. Today, a lot of authenticatio... Cleber Ronaldo

04:49 PM Bug #5993: dhcp6c not started until an RA received

Correction:
I did another test. After around 30 minutes after releasing the WAN interface, both gateways were offl... Daryl Morse

04:31 PM Bug #5993: dhcp6c not started until an RA received

A lot of progress made on this bug and other issues. Currently, I'm running the latest snapshot with the following PR... Daryl Morse

03:07 PM Bug #6712: services_unbound.php Host Overrides don't change any unbound configuration

Thanks to PiBa-NL on IRC who helped me troubleshoot this down to:
/etc/inc/system.inc
339 // prefer dnsma... Jeremy C. Reed

02:03 PM Bug #6716 (Resolved): services_unbound_acls: Network "Delete" button is not hidden if only on network listed

Anonymous

02:00 PM Bug #6716 (Feedback): services_unbound_acls: Network "Delete" button is not hidden if only on network listed

Applied in changeset commit:4d4782fcd7213b5f279cb372853f5fedb07f6178. Anonymous

01:46 PM Bug #6716 (Resolved): services_unbound_acls: Network "Delete" button is not hidden if only on network listed

Also help text in a repeatable section is duplicated if the last row is deleted Anonymous

09:57 AM Bug #6700 (Resolved): dhcp6 Related log entries

Anonymous

09:49 AM Bug #6705 (Resolved): diag_routes "Rows to display" is off by one

Anonymous

08:40 AM Bug #6705 (Feedback): diag_routes "Rows to display" is off by one

Applied in changeset commit:d526fc2d2acc87af2ca829dfe01f0037e3368051. Anonymous

09:48 AM Bug #6704 (Resolved): diag_edit.php Go to Line limits

Anonymous

08:10 AM Bug #6704 (Feedback): diag_edit.php Go to Line limits

Applied in changeset commit:fd778d8bef8ea3b0e5dcc8007de242b6e2ac6d5a. Anonymous

09:33 AM Bug #6710 (Resolved): diag_resetstate.php confirmation prompt even if checkboxes unchecked

Anonymous

08:54 AM Bug #6709 (Resolved): diag_resetstate select or all?

Anonymous

08:46 AM Feature #6703 (Resolved): diag_edit.php suggestion

Anonymous

08:40 AM Bug #6706 (Resolved): diag_routes Use a regular expression description or use

Anonymous

08:22 AM Bug #6701 (Resolved): diag_authentication.php related status link

Anonymous

03:19 AM Todo #6697: White squares around the numeric values in the Status / Queues page

Also just noticed the queue name could do with a little more space between it and the left edge of the table. Andy Kniveton

08/14/2016

02:04 PM Bug #6687: Secure email fails with private CA

The concept of an option to ignore certificate validation is completely unrelated to this issue. Denny Page

05:35 AM Bug #6687: Secure email fails with private CA

Any attempts to do certificate validation here should be completely optional here (as in, a separate checkbox). *Way*... Kill Bill

12:21 PM Bug #5993: dhcp6c not started until an RA received

I spent a while doing some testing with pfsense and 4 clients. Your latest fix definitely seems to have fixed the pro... Daryl Morse

01:19 AM Bug #5993: dhcp6c not started until an RA received

I backed out of the previous changes (PR plus edits) and installed the updated PR. I tested it on a hyper-v server wi... Daryl Morse

04:58 AM Bug #6712: services_unbound.php Host Overrides don't change any unbound configuration

This certainly works. Would suggest using the forums for help. Kill Bill

08/13/2016

09:42 PM Bug #6715 (Resolved): diag_traceroute.php suggestions

1) diag_traceroute.php the IPv4 traceroute when
resolving IPs to hostnames outputs both,
but the IPv6 traceroute6 o... Jeremy C. Reed

09:26 PM pfSense Packages Bug #6714 (Rejected): diag_testport suggestions and issues

I hope you don't mind that I place multiple things in a single ticket here about diag_testport:
1) can output erro... Jeremy C. Reed

09:17 PM Bug #6701: diag_authentication.php related status link

This is also related:
diag_tables has "Related status" shortcut for "aliases" that
goes to same diag_tables page.... Jeremy C. Reed

05:38 PM Bug #6701: diag_authentication.php related status link

Thanks Jeremy,
I'll look at this (and the rest of your list) on the next couple of days. Anonymous

05:23 PM Bug #6701 (Resolved): diag_authentication.php related status link

The diag_authentication "related status" icon links to same page :)
$shortcuts['authentication']['status'] = "diag... Jeremy C. Reed

09:12 PM Bug #6713 (Resolved): diag_tables table or alias or database?

be consistent in naming or add more doc details
to the diag_tables page as custom tables are called "aliases" elsewh... Jeremy C. Reed

08:56 PM Bug #6712 (Resolved): services_unbound.php Host Overrides don't change any unbound configuration

services_unbound.php
I cannot get any Host Override to be configured with unbound.
/var/unbound/host_entries.conf ... Jeremy C. Reed

08:22 PM Bug #6711 (Resolved): diag_states_summary # States and # States twice (explain one is per protocol)

diag_states_summary is not intuitive as each table has two columns
with same "# States" header.
first is for $ipinf... Jeremy C. Reed

07:46 PM Bug #5993: dhcp6c not started until an RA received

I've updated my PR with another commit (almost the same I sent you via PM a few hours ago):
https://github.com/pfsen... Jorge M. Oliveira

07:22 PM Bug #5993: dhcp6c not started until an RA received

From my reply to your PM, based on a discussion with an engineer at my ISP, my understanding is the following:
> T... Daryl Morse

04:42 PM Bug #5993: dhcp6c not started until an RA received

Copying the info I shared on my reply to your PM on the forum.
> From my understanding, the whole point to setting... Jorge M. Oliveira

01:38 AM Bug #5993: dhcp6c not started until an RA received

I was holding off on upgrading to the latest snapshot because PR 3092 wouldn't install. However, I noticed today that... Daryl Morse

05:58 PM Bug #6698 (Rejected): Hostname updates in Alias didn't work

Unable to reproduce. Loaded up pfSense-CE-2.3.2-RELEASE-4g-i386-nanobsd-vga.img and hostnames in aliases worked fine.... Jim Pingle

08:18 AM Bug #6698 (Rejected): Hostname updates in Alias didn't work

I have a fresh 2.3.2 install on i386 on a 4gb cf card (nano version). Hostnames in Alias didn't work. On the firewall... Alexander Rehbein

05:58 PM Bug #6699 (Rejected): Filter reload didn't work

Unable to reproduce. Loaded up pfSense-CE-2.3.2-RELEASE-4g-i386-nanobsd-vga.img and filter reload worked fine.
Ple... Jim Pingle

08:21 AM Bug #6699 (Rejected): Filter reload didn't work

I have a fresh 2.3.2 install on i386 on a 4gb cf card (nano version). New rules didn't apply automatically. I have to... Alexander Rehbein

05:54 PM Bug #6393: SMART service handling is incomplete/missing

See also #6707 Jim Pingle

05:54 PM pfSense Packages Bug #6707 (Duplicate): diag_smart is broken

Duplicate of #6393
That page needs significant work. Jim Pingle

05:33 PM pfSense Packages Bug #6707 (Duplicate): diag_smart is broken

it appears the diag_smart is broken.
For example, its has
$start_script = "/usr/local/etc/rc.d/smartd.sh";
and ... Jeremy C. Reed

05:46 PM Bug #6710 (Resolved): diag_resetstate.php confirmation prompt even if checkboxes unchecked

diag_resetstate.php if the checkbox is UNchecked,
clicking "Reset" still prompts "Are you sure you wish to Reset?"
... Jeremy C. Reed

05:41 PM Bug #6709 (Resolved): diag_resetstate select or all?

diag_resetstate.php header says "Select States to Reset"
but the docs there says "will remove all entries from the
... Jeremy C. Reed

05:35 PM Bug #6708 (Resolved): diag_sockets wrong info

the diag_sockets.php info says sockstat uses capital -L
when using the lowercase -l.
It does not use -L and it does... Jeremy C. Reed

05:31 PM Bug #6706 (Resolved): diag_routes Use a regular expression description or use

diag_routes "Use a regular expression to filter IP address or hostna
mes" actually works to match any field like fla... Jeremy C. Reed

05:29 PM Bug #6705 (Resolved): diag_routes "Rows to display" is off by one

the diag_routes "Rows to display" is off by one as it includes
the header line too. If you choose 10 you would want... Jeremy C. Reed

05:28 PM Bug #6704 (Resolved): diag_edit.php Go to Line limits

Edit File "Go to Line" selection box allows negative numbers and
line numbers longer than the file contains Jeremy C. Reed

05:26 PM Feature #6703 (Resolved): diag_edit.php suggestion

suggestion for the Edit File have the input box have some
description or label like "Path name" or "File name or di... Jeremy C. Reed

05:25 PM Bug #6702 (Resolved): Command Prompt syntax error and crash detection report

syntax error in the PHP execution in Command Prompt menu
should not cause a crash detection to suggest reporting to ... Jeremy C. Reed

05:19 PM Bug #6700 (Resolved): dhcp6 Related log entries

icon for Related log entries for the DHCPv6 Server (and relay) is
for logfile=dhcp but that doesn't match anything s... Jeremy C. Reed

07:46 AM Todo #6697 (New): White squares around the numeric values in the Status / Queues page

White squares around the numeric values in the Status / Queues page, I've tried Safari & Firefox, both show the same.... Andy Kniveton

08/12/2016

12:20 PM Bug #6696 (New): Add configure link to Status > Queues error message if traffic shaping not configured

If I'm not mistaken it should link here: ... Jared Dillard

07:08 AM Bug #6695: issues LAGG and openvpn TAP

it works in 2.1.5 and 2.2.5.
But I understand that you would not supported this configuration dominique dupont

06:50 AM Bug #6695 (Rejected): issues LAGG and openvpn TAP

That is not, and has never been, a supported configuration. Jim Pingle

06:35 AM Bug #6695 (Rejected): issues LAGG and openvpn TAP

I have 2 LAGG openvpn TAP mode.
If I disable and enable a VPN, then the VPN is down (dasboard: 'Unable to Contact se... dominique dupont

08/11/2016

12:44 PM Bug #6694 (Resolved): Change setting at interfaces_ppps_edit.php not working

When changing the settings at the page interfaces_ppps_edit.php there is always the following error:... Alexander Nix

11:02 AM Feature #6546: pfSense should support logging to e.g. ELK stacks

Parsing syslog input is indeed dog simple in Python with asyncore. I should be able to just glue this together to my ... Bruce Simpson

10:04 AM Bug #6692: APU1D crashes on boot with pfSense 2.3.2 on the APU1D

We run 64-bit images exclusively on ours, never 32-bit. Jim Pingle

09:56 AM Bug #6692: APU1D crashes on boot with pfSense 2.3.2 on the APU1D

Apparently i386 works, and this flaw is only with the 64-bit port. GI Jack

09:16 AM Bug #6692 (Not a Bug): APU1D crashes on boot with pfSense 2.3.2 on the APU1D

We regularly test on the APU hardware we have and there are no problems we have found. Please post on the forum first... Jim Pingle

08:59 AM Bug #6692 (Not a Bug): APU1D crashes on boot with pfSense 2.3.2 on the APU1D

I upgraded from pfsense 2.3.1_r5 to 2.3.2, and the pfSense crashes on boot, the reboots endlessly on loop.
The liv... GI Jack

09:38 AM Feature #6693 (Rejected): Security Groups

Users and groups already have privileges to control page access. Post on the forum for assistance or read the documen... Jim Pingle

09:29 AM Feature #6693 (Rejected): Security Groups

Would it be possible or is it already possible to create security and select what the user/group has access to and wh... Dan Gratton

07:54 AM Bug #6678: Virtual IPv6 IP (IP Alias) on a DHCPv6-PD tracked interface causes inconsistencies

agreed on it being a dupe. Not sure how I missed 5999 when I searched initially. Gary Dezern

05:55 AM Bug #6678: Virtual IPv6 IP (IP Alias) on a DHCPv6-PD tracked interface causes inconsistencies

This looks like it might be a duplicate of https://redmine.pfsense.org/issues/5999. Anonymous

06:20 AM Bug #6691 (New): dhcp6c quits after only two tries if no response was received

Last night my ISP connection went down for a few hours, presumably for maintenance on their end. A few minutes into ... Anonymous

08/10/2016

02:34 PM pfSense Packages Bug #6690 (Closed): SURICATA IPS Issue - Kills VLANS & Traffic Shaper

Strips 802.1q tagged traffic from an interface when running inline IPS mode.
Traffic shapper no longer works as one ... Steven Kreitzer

12:26 PM Todo #6689 (Resolved): Add enable link to Status > UPnP & NAT-PMP error message if disabled

Adding a "Go here to enable" link to the error message seems like it would be helpful.
If I'm not mistaken, then l... Jared Dillard

11:28 AM Todo #3734: Remove PHP static pear modules from repo and use ports

CHAP.inc removed in commit:6989a7c Renato Botelho

08:59 AM pfSense Packages Bug #6305: Quagga problems updating routes / mistakenly showing "kernel"-routes while they are not

Someone who can reproduce it reliably needs to get the details of how to reproduce it reported to the Quagga project ... Jim Pingle

08:46 AM pfSense Packages Bug #6305: Quagga problems updating routes / mistakenly showing "kernel"-routes while they are not

Any update on the topic? Juri Dmitrijev

08:33 AM Feature #6546: pfSense should support logging to e.g. ELK stacks

I now have that Python code wrapped up as a class, for use with Python logging. A current limitation is that logging ... Bruce Simpson

07:34 AM Bug #6688: Special characters in a password cause problems

If that example you posted is the one that didn't work, I can see why. Looks like ">" was changed to ">" twice... Jim Pingle

08/09/2016

08:57 PM Bug #6688 (Resolved): Special characters in a password cause problems

With the following config snippet (some info redacted), pfsense reports:
php-fpm[71756]: /services_dyndns_edit... John Dickinson

06:55 PM Bug #6687 (Duplicate): Secure email fails with private CA

If a private CA such as a self signed enterprise CA is in use, the CA is not recognized when establishing SMTP connec... Denny Page

03:55 PM pfSense Packages Bug #5749: OpenVPN Export Certs with password, password doesn't open .pk12 container.

I tried using "@" and "." in the password and both worked fine.
Looking at the JS code, it's using the escape() fu... Brian Talbot

12:44 PM pfSense Packages Bug #5749: OpenVPN Export Certs with password, password doesn't open .pk12 container.

Is it only "+" that causes a problem or have you tried other special characters as well?
The way the password is s... Jim Pingle

01:52 PM Bug #6686: PHP extensions.ini cannot be read by non root users

This file is being removed in 2.4.
If a 2.3.3 is issued, it would be desirable to add a chmod to 644 following cre... Denny Page

01:29 PM Bug #6686 (Resolved): PHP extensions.ini cannot be read by non root users

/usr/local/etc/php/extensions.ini is owned by root and created with 600 permissions. This prevents proper initializat... Denny Page

09:40 AM Bug #1629: invalid state table entries after WAN IP change

I have observed that executing the following code does not seem to actually change anything in config.xml -- so I thi... → luckman212

02:45 AM pfSense Packages Bug #6129: zabbix agent/proxy 2.4 not ported to pfSense 2.3

I would also like to see it come back. As we can't upgrade all our boxes to pf2.3 in one day we have a problem. 2.3 D... Pim Janssen

08/08/2016

10:37 PM Bug #5993: dhcp6c not started until an RA received

I looked into the gateway status issue. After pfsense boots with PR #3092 installed, the status of WAN_DHCP6 is unkno... Daryl Morse

10:31 PM Bug #5993: dhcp6c not started until an RA received

Phillip Davis wrote:
> The text typo was in existing code, so I made a separate pull request to tidy that up:
> htt... Daryl Morse

03:19 PM Bug #5993: dhcp6c not started until an RA received

Phillip Davis wrote:
> The text typo was in existing code, so I made a separate pull request to tidy that up:
> htt... Daryl Morse

04:51 PM Feature #6674: Custom widget preference settings per user

This will need a target version set so that it will appear in release notes some time. Not sure what you guys are goi... Phillip Davis

09:14 AM Feature #6674 (Resolved): Custom widget preference settings per user

PRs tested and merged. Thanks Phil. Anonymous

11:19 AM pfSense Packages Bug #5749: OpenVPN Export Certs with password, password doesn't open .pk12 container.

Any update on this? I'm having the same issue on 2.3.2. Using openvpn-client-export 1.3.8 (just reinstalled it as wel... Brian Talbot

11:00 AM Bug #6685 (Feedback): LAGG groups get stuck with an unconfigurable 1400MTU with em NICs.

We don't have anything that would be forcing that to 1400 that I can see. I have a local setup here with LAGG and VLA... Jim Pingle

10:54 AM Bug #6685 (Closed): LAGG groups get stuck with an unconfigurable 1400MTU with em NICs.

I'm not sure of the exact scope of this issue, but I can at least say it happens when reproducing my environment.
... Nick Zurku

09:15 AM Bug #6676 (Resolved): Delete NAT rule with associated firewall rule does not update firewall separators position

Fixed by https://github.com/pfsense/pfsense/pull/3089 Anonymous

09:12 AM Bug #6669 (Resolved): index.php: Adding a new widget corrupts the settings for existing widgets

Anonymous

08:21 AM pfSense Packages Bug #6681 (Resolved): Squid local auth password handling is weak and only accepting short passwords

Tested and working here as well Jim Pingle

08:18 AM pfSense Packages Bug #6681: Squid local auth password handling is weak and only accepting short passwords

Tested this with a long password that failed in 0.4.21.
Works as expected in 0.4.22. Rejects incorrect password. R... Steve Wheeler

05:02 AM Bug #6528: The captive portal cannot be used on interface lan since it is part of a bridge but works anyway

Orsiris de Jong wrote:
> Screamed horray to quick !
> When the interface the CP is binded to is bridged, everything... van trung tran

08/07/2016

10:57 PM Bug #5993: dhcp6c not started until an RA received

The text typo was in existing code, so I made a separate pull request to tidy that up:
https://github.com/pfsense/pf... Phillip Davis

06:07 PM Bug #5993: dhcp6c not started until an RA received

I'm currently testing the latest development snapshot (as of the time of this post) with the latest patch from (DHCP6... Daryl Morse

01:44 PM pfSense Packages Bug #6684 (Resolved): Setting IKEv2 Phase 2 in Mobile Config appears to generate invalid Apple Profile

Setting "Phase2 PFS Group - Provide the Phase2 PFS group to clients (overrides all mobile phase2 settings)" in Mobile... Chris Linstruth

08/06/2016

02:28 PM Bug #6675: Port Forward on LAN does not work in 2.3.x

Only you correcting what you said above in pfSense own documentation just finding something interesting, he recommend... Tácio Andrade

12:32 PM Bug #5993: dhcp6c not started until an RA received

Daryl Morse wrote:
> I'm currently testing the latest development snapshot (as of the time of this post) with the ... Daryl Morse

06:14 AM Feature #2358: NAT64 support

UPVOTE. I'd love to be able to set up an IPv6-only network and just use NAT64 to redirect old requests. Tom .

08/05/2016

10:21 AM Bug #6683: Empty page 'Firewall: NAT: Port Forward' when Read-Only rights

OK, sorry Jim. But why no delete the right "WebCfg - Firewall: NAT: Port Forward page" if it does not work ? mr xhark

10:14 AM Bug #6683 (Not a Bug): Empty page 'Firewall: NAT: Port Forward' when Read-Only rights

To create a read-only user, give them the "Deny Config Write" privilege. Jim Pingle

10:09 AM Bug #6683 (Not a Bug): Empty page 'Firewall: NAT: Port Forward' when Read-Only rights

Hi,
To reproduce the issue :
* add a NAT Port Forward rule with admin account
* add a new user "john" (no group ... mr xhark

08:31 AM Bug #6682 (Not a Bug): OpenVPN Client does not use "interface" configured. Connection always established through default gateway.

The state table is fibbing to you a little bit in that case. pf is sending the traffic out the correct WAN, but the i... Jim Pingle

06:50 AM Bug #6682 (Not a Bug): OpenVPN Client does not use "interface" configured. Connection always established through default gateway.

Tested with 2.3, 2.3.1 and 2.3.2
Test scenario: configure multiple WANs, use WAN1 as default gateway, configure Open... Jose Duarte

12:59 AM Bug #5993: dhcp6c not started until an RA received

I still haven't had a chance to switch my LAN over to this software, but I'm aware of three other Telus users who are... Daryl Morse

08/04/2016

09:26 PM Bug #6675: Port Forward on LAN does not work in 2.3.x

If I need is more of the same as Squid is to work with the transparent proxy, redirecting only port 80 and not all tr... Tácio Andrade

04:48 PM Bug #6634 (Feedback): DHCP Server "TFTP Server" field should allow URLs

PR has been merged, thanks! Renato Botelho

04:26 PM Feature #4351 (Feedback): Allow to disable BOOTP in DHCP server

Pull request has been merged. Thanks Renato Botelho

01:25 PM pfSense Packages Bug #6511: In some circumstances the HAProxy clone front-end button can add blank list entries to the front end being cloned resulting in a config that cannot be applied.

@Pi Ba
I agree that it should not be possible to end up with empty entries in the config but in the case that someho... Steve Wheeler

12:54 PM pfSense Packages Bug #6511: In some circumstances the HAProxy clone front-end button can add blank list entries to the front end being cloned resulting in a config that cannot be applied.

@Steve, the first issue of empty items being added when duplicating should be fixed in next version..
https://github... Pi Ba

12:04 PM pfSense Packages Feature #6445 (Rejected): Request: Zabbix 3.0 LTS proxy

Zabbix agent and proxy 3.0 is available on pfSense 2.3. If you see only Zabbix agent or proxy 2.2 or 2.4, you must st... Jim Pingle

11:56 AM pfSense Packages Feature #6445: Request: Zabbix 3.0 LTS proxy

Uhm... 3.0.x LTS is in fact the only version available in pfSense 2.3.x packages. Kill Bill

09:45 AM pfSense Packages Bug #6681 (Feedback): Squid local auth password handling is weak and only accepting short passwords

I just pushed a fix to change this to SHA512, which is working well even with long passwords (I only tried up to 32 c... Jim Pingle

09:34 AM pfSense Packages Bug #6681 (Resolved): Squid local auth password handling is weak and only accepting short passwords

The password handling in squid for local auth is using crypt() with default settings and cutting off passwords short ... Jim Pingle

09:25 AM Bug #6680 (Not a Bug): pfSense web ui freezes after clicking on Diagnostics->ARP Table

Please post on the forum or mailing list for assistance with your issue. It's highly unlikely to be a bug, but if it ... Jim Pingle

08:42 AM Bug #6680 (Not a Bug): pfSense web ui freezes after clicking on Diagnostics->ARP Table

For some reason, when I try to list the arp table, pfsense freezes and I need to restart PHP-FPM via console.
2.3.... Tiago Mello

07:07 AM pfSense Packages Bug #6571 (Resolved): NUT service can not start sometimes after boot when SNMP UPS interface is down

Jim Pingle

12:13 AM pfSense Packages Bug #6571: NUT service can not start sometimes after boot when SNMP UPS interface is down

This is resolved with version 2.7.4_1 of the nut package. Denny Page

07:04 AM Bug #6679 (Not a Bug): No config option for "limited" parameter in Default/Custom Access Restrictions in NTP

Jim Pingle

06:30 AM Bug #6679: No config option for "limited" parameter in Default/Custom Access Restrictions in NTP

KOD flag also toggles limited.
Sorry for opening this ticket. Patrik Andersin

06:17 AM Bug #6679 (Not a Bug): No config option for "limited" parameter in Default/Custom Access Restrictions in NTP

Now limited parameter is always included in restrict config lines.
Older Netapp filer uses sntp and sends 3 ntp qu... Patrik Andersin

08/03/2016

11:31 PM Bug #6678: Virtual IPv6 IP (IP Alias) on a DHCPv6-PD tracked interface causes inconsistencies

In addition, this messes up the snort default pass list, adding the VIP instead of the actual interface IP. Gary Dezern

10:09 PM Bug #6678 (Duplicate): Virtual IPv6 IP (IP Alias) on a DHCPv6-PD tracked interface causes inconsistencies

2.3.2-RELEASE (amd64)
WAN interface gets a IPv6 /60 prefix delegation from my ISP. (example: 2001:1:2:30/60) My... Gary Dezern

03:23 PM Bug #6665: Upgrading packages when pfSense upgrade is available breaks package manager

+1, tested and working, thanks. ;) Kill Bill

03:13 PM Bug #6665 (Resolved): Upgrading packages when pfSense upgrade is available breaks package manager

Fix works fine, the older release is no longer broken by the newer pkg.
If you have a system stuck in the older st... Jim Pingle

06:29 AM Bug #6665 (Feedback): Upgrading packages when pfSense upgrade is available breaks package manager

I've pushed a fix for that, it's in pkg-1.8.7_1 Renato Botelho

01:02 PM Bug #6677 (New): CARP VIPs are configured on disabled interfaces at boot time

OK, that I can reproduce. I have adjusted the subject and description to be a more clear/accurate representation of t... Jim Pingle

09:14 AM Bug #6677: CARP VIPs are configured on disabled interfaces at boot time

Did little more testing.
It seems that if there is an carp address assigned to interface the interface will come u... Patrik Andersin

08:27 AM Bug #6677 (Feedback): CARP VIPs are configured on disabled interfaces at boot time

An interface can show as "up" as long as it has a link. A VLAN will exist at the OS level if a tag is defined. The di... Jim Pingle

08:23 AM Bug #6677 (Resolved): CARP VIPs are configured on disabled interfaces at boot time

When a CARP VIP is configured for a disabled interface, it is still configured by pfSense during the boot process eve... Patrik Andersin

10:37 AM Bug #6672 (Resolved): CSR missing OU, same with internal certs missing OU

Works for me, also works for the original reporter on the forum. Closing out. Jim Pingle

10:00 AM Bug #6672 (Feedback): CSR missing OU, same with internal certs missing OU

Applied in changeset commit:1ea1b228285dfa60da6732eba54dc03b932eb92f. Jim Pingle

09:46 AM Bug #6672 (Assigned): CSR missing OU, same with internal certs missing OU

Looks like an easy fix for this missing field. I have a patch I'm testing that adds an optional OU field, works OK to... Jim Pingle

08:45 AM Bug #6673 (Duplicate): Missing "Organizational Unit" when generating CSR for external CA

Duplicate of #6672 Jim Pingle

08:43 AM Bug #6675 (Not a Bug): Port Forward on LAN does not work in 2.3.x

Reflection wouldn't come into play for a rule such as that. If the client and server are on the same subnet, you need... Jim Pingle

12:23 AM Bug #6676: Delete NAT rule with associated firewall rule does not update firewall separators position

Fix: https://github.com/pfsense/pfsense/pull/3089

NOYB NOYB

12:06 AM Bug #6676 (Resolved): Delete NAT rule with associated firewall rule does not update firewall separators position

2.3.2 - Delete NAT rule - bug?
https://forum.pfsense.org/index.php?topic=116099.0

NOYB NOYB

08/02/2016

10:17 PM Bug #6675 (Not a Bug): Port Forward on LAN does not work in 2.3.x

Good evening everyone, updated my pfSense from 2.2.6 to 2.3.2 this week and 2 rules Port Forward on the LAN, one to r... Tácio Andrade

06:55 PM Feature #6674 (Resolved): Custom widget preference settings per user

The ability to save custom dashboard widget layout and various other custom GUI preferences on a per user basis was a... Phillip Davis

03:55 PM Bug #6673 (Duplicate): Missing "Organizational Unit" when generating CSR for external CA

Hello,
I use a paied wildcard certificate *.domain.com and I need to generate a CSR (Certificat Signing Request) a... mr xhark

03:43 PM Bug #6672 (Resolved): CSR missing OU, same with internal certs missing OU

Seems Org is there but Org Unit is missing. This is required by many CAs
See thread here
https://forum.pfsense.o... JohnPoz _

08:07 AM Bug #6665: Upgrading packages when pfSense upgrade is available breaks package manager

I'm not sure that would be viable but Renato would know better than I. You have to upgrade pkg to the new version to ... Jim Pingle

08:03 AM Bug #6665: Upgrading packages when pfSense upgrade is available breaks package manager

Noticed a lot of complaints on the forums as well in many different threads. Wouldn't locking the pkg package itself ... Kill Bill

07:24 AM Bug #6665: Upgrading packages when pfSense upgrade is available breaks package manager

In this case it actually turns out that the problem is the new version of 'pkg' needs a different command line parame... Jim Pingle

07:49 AM Bug #6670 (Not a Bug): XMLRPC failure after setting proxy settings

None of the XML_RPC_Client() calls we have specify a proxy, and I can't reproduce a problem here. When I specify a pr... Jim Pingle

04:22 AM Bug #6670 (Not a Bug): XMLRPC failure after setting proxy settings

Hi,
environment : It's a pfsense HA for internal LAN firewalling. It does not have direct access to internet. In o... Antoine Rodriguez

07:36 AM Bug #6671 (Duplicate): Package manager is unable to list installed packages after installing zabbix agent

Duplicate of #6665 Jim Pingle

06:23 AM Bug #6671: Package manager is unable to list installed packages after installing zabbix agent

See https://redmine.pfsense.org/issues/6665; you need to upgrade to 2.3.2 to get the package manager GUI back. Kill Bill

04:29 AM Bug #6671 (Duplicate): Package manager is unable to list installed packages after installing zabbix agent

Hi,
After installing zabbix agent the package manager is unable to list installed packages and say :
Unable to ... Antoine Rodriguez

04:49 AM Bug #6634: DHCP Server "TFTP Server" field should allow URLs

It works!
Rene Plattner

08/01/2016

07:20 PM Bug #6669: index.php: Adding a new widget corrupts the settings for existing widgets

Applied in changeset commit:236e6a54e9a93284ca170b68aa1188dfaa195c3d. Anonymous

07:10 PM Bug #6669 (Feedback): index.php: Adding a new widget corrupts the settings for existing widgets

Was adding configuration for a new widget to a new config array instead of reading the existing config. Anonymous

07:03 PM Bug #6669 (Resolved): index.php: Adding a new widget corrupts the settings for existing widgets

See: https://forum.pfsense.org/index.php?topic=115934.msg644220#msg644220 Anonymous

04:44 PM Bug #6505 (Feedback): dpinger - socket name too large

PR has been merged, thanks! Renato Botelho

03:42 PM Bug #6667: DHCP DUID file not preserved across reboots when "Use RAM Disks" is enabled

Well, you're running it, so I won't argue (too much.) ;)
Gary Dezern

02:58 PM Bug #6667: DHCP DUID file not preserved across reboots when "Use RAM Disks" is enabled

This is a symptom/byproduct of the other missing feature, so it is definitely a duplicate. Solve the other, and this ... Jim Pingle

02:53 PM Bug #6667: DHCP DUID file not preserved across reboots when "Use RAM Disks" is enabled

This is NOT a duplicate. While 3971 might resolve this bug as a side effect, a fix for this bug might not fulfill th... Gary Dezern

01:04 PM Feature #6644: Add console shutdown option along with reboot at end of installation

Xander Venterus wrote:
> If its locked, then you just need to set it to none, and have your mouse over the apply but... Daryl Morse

12:22 PM Bug #5993: dhcp6c not started until an RA received

Daryl Morse wrote:
> Chris Buechler wrote:
> > merged this for 2.4 as it needs more baking time in snapshots than w... Daryl Morse

11:52 AM Bug #6448: Mousing over aliases on disabled rules makes hint difficult to read

The opacity of the popover is inherited from the parent element. AFAIK there is no easy way to avoid inheritence of o... Alex JOST

10:41 AM Bug #6657: Unable to add network in the source section of a LAN firewall rule

Chris Anderson wrote:
> I have the same issue with the latest BETA version of Chrome. It works in the latest stable ... Jim Pingle

10:31 AM Bug #6657: Unable to add network in the source section of a LAN firewall rule

I have the same issue with the latest BETA version of Chrome. It works in the latest stable release, and in other bro... Chris Anderson

07/31/2016

04:53 PM Bug #6668: IPSec tunnel + L2TP/IPSec VPN - wrong PSK chosen by pfSense

ERRATUM:
@ipsec.secrets@ (mistyped) should be:... Janusz Baranek

04:22 PM Bug #6668 (Closed): IPSec tunnel + L2TP/IPSec VPN - wrong PSK chosen by pfSense

Setup:
1. IPSec, IKEv1 site to site tunnel, PSK, Main mode. FQDN identifier - talking to a Mac OS server (racoon)
... Janusz Baranek

11:47 AM Bug #6481: loading EAP_RADIUS method failed

I wanted to jump in to say I just had this same issue on 2.3.2 today. Same log message and everything. Confirming y... Randy Snow

09:23 AM Feature #5112: LDAP support for Captive Portal

I'm interested to this feature. It will be officially implemented? Filippo Sorbellini

07:59 AM Feature #3971: IPv6 - Preserve the DUID used for WAN DHCP-PD in the configuration file

As mentioned in #6667, this also negatively impacts those with /var in RAM Jim Pingle

07:59 AM Bug #6667 (Duplicate): DHCP DUID file not preserved across reboots when "Use RAM Disks" is enabled

Duplicate of #3971 Jim Pingle

02:27 AM Bug #6667: DHCP DUID file not preserved across reboots when "Use RAM Disks" is enabled

Duplicate of https://redmine.pfsense.org/issues/3971 (this is a more generic problem, even without tmpfs-based /var, ... Kill Bill

07:52 AM Feature #4351: Allow to disable BOOTP in DHCP server

https://github.com/pfsense/pfsense/pull/3086 Jose Luis Duran

01:47 AM Feature #4351: Allow to disable BOOTP in DHCP server

I am also seeing BOOTP queries being served for captive portal users. The problem is that BOOTP leases do not have a ... Jose Luis Duran

07:45 AM pfSense Packages Bug #6632: siproxd hosts_allow_reg should be configurable

Chris Buechler wrote:
> if you open siproxd on WAN in firewall rules, you get what you're asking for security-wise. ... Kill Bill

03:23 AM Bug #6634: DHCP Server "TFTP Server" field should allow URLs

@Rene: Try https://github.com/pfsense/pfsense/pull/3083 Kill Bill

12:23 AM Bug #6666: IPV6 Log Spam?

Sorry:
Version: 2.3.2
Priority: Low
Spelling mistake on last line, should be DHCPv6 daemon Rick Strangman

07/30/2016

09:18 PM Bug #6667 (Duplicate): DHCP DUID file not preserved across reboots when "Use RAM Disks" is enabled

The file "/var/db/dhcp6c_duid" contains a DHCP Unique Identifier (DUID) that a host uses to uniquely identify itself ... Gary Dezern

07:08 PM Bug #6666 (Duplicate): IPV6 Log Spam?

I have a fully functioning dual stack IPv4 static and Prefix Delegated /56 IPv6 DHCPv6 network running over PPPOE. Th... Rick Strangman

05:44 PM Bug #6665: Upgrading packages when pfSense upgrade is available breaks package manager

(Same goes for merely installing a package, not just upgrading.) Kill Bill

05:39 PM Bug #6665 (Resolved): Upgrading packages when pfSense upgrade is available breaks package manager

As described here: https://forum.pfsense.org/index.php?topic=116026.0 - when you upgrade some package before upgradin... Kill Bill

05:16 AM Bug #6664: It's impossible to use HE.NET tunnel iface as a parent for OpenVPN instances

Yet another workaround: Specify a local port instead of empty/0. Looks like *$iface_ip* is not properly initialized w... Dmitriy K

04:58 AM Bug #6664 (Resolved): It's impossible to use HE.NET tunnel iface as a parent for OpenVPN instances

Setup:
* HE.NET tunnel iface [for example, WAN_HE]
Steps to reproduce:
* Create an IPv6 OpenVPN instance on pare... Dmitriy K

04:45 AM Bug #6663 (Resolved): IPv6 OpenVPN client is down after reboot

Setup:
# WAN PPPoE WAN
# HE.NET tunnel on WAN
# Static IPv6 on LAN
Steps to reproduce:
* Create a UDP6 TAP Ope... Dmitriy K

07/29/2016

11:39 PM Feature #6661 (Rejected): Show # of packages available for update on dashboard

The "Installed Packages" widget exists for those who want to know what packages are installed and which have availabl... Jim Pingle

07:13 PM Feature #6661 (Rejected): Show # of packages available for update on dashboard

The ability to show the number of packages that need updating under the system update status on the System Informatio... Ken Sim

08:53 PM Bug #6662 (Resolved): pkg_edit.php checkbox alignment issue when using the sethelp xml tag

When using pkg_edit.php, the checkbox alignment is off when using the <sethelp> XML tags.
See attached pic.
Can... BBcan177 .

10:44 AM Bug #6659 (Confirmed): Default routes are not being removed after deletion

Confirmed, but it's not a regression. As far as I can see, default routes are never removed except by ppp-linkdown an... Jim Pingle

08:14 AM Bug #6659 (Resolved): Default routes are not being removed after deletion

I have noticed that when a default route is deleted via GUI, they are not removed from the system, only from the scre... Andre Luiz Paiz

09:53 AM Bug #6657 (Not a Bug): Unable to add network in the source section of a LAN firewall rule

I can't reproduce it using the settings you show. Make sure there are no extra spaces or anything else non-printable ... Jim Pingle

05:58 AM Bug #6657: Unable to add network in the source section of a LAN firewall rule

Destination host should be 8.8.8.8, but the error is the same. Edwin Chan

05:56 AM Bug #6657: Unable to add network in the source section of a LAN firewall rule

Phillip Davis wrote:
> That works fine for me - give more information about the data you enter and exactly which fie... Edwin Chan

05:49 AM Bug #6657: Unable to add network in the source section of a LAN firewall rule

That works fine for me - give more information about the data you enter and exactly which field the "Please match the... Phillip Davis

05:37 AM Bug #6657 (Not a Bug): Unable to add network in the source section of a LAN firewall rule

Since 2.3.2-RELEASE, the following causes an "Please match the request format" error:
1. Go to Firewall / Rules / LA... Edwin Chan

09:38 AM Todo #6660: Rename "admin" to "root" in GUI, because in fact it is "root" on BSD level.

Thanks Jim, for clarification. Vladimir Suhhanov

09:36 AM Todo #6660 (Rejected): Rename "admin" to "root" in GUI, because in fact it is "root" on BSD level.

Both admin and root exist at the OS level but they each work in different ways. While the password for both accounts ... Jim Pingle

09:32 AM Todo #6660 (Rejected): Rename "admin" to "root" in GUI, because in fact it is "root" on BSD level.

I think it will be more clear for new users and won't cause any misunderstandings. Vladimir Suhhanov

06:39 AM Bug #6658 (Resolved): DHCP Relay not working on 2.3.2

The DHCP Relay Service cannot be started on 2.3.2 with ath0, clients do not receive an IP address.... Kill Bill

07/28/2016

08:35 PM Bug #6435: Unable to edit PPTP using interfaces_ppps_edit.php

reassigned Jim Thompson

07:20 PM Bug #6601 (Feedback): Horizontal scroll bar on Installed Packages

Applied in changeset commit:1cba7db475b142e8c1dd5edeb71b294ae01347d3. Anonymous

04:35 PM Bug #3334: Status/Traffic Graph isn't IPv6 ready

IPv6 issue still present in 2.3.2 Luca Moncelli

03:43 PM Bug #6656 (Not a Bug): /rc.newwanip - Excessive Usage

Something is triggering it, usually a gateway outage. Post on the forum or mailing list for help diagnosing the actua... Jim Pingle

03:38 PM Bug #6656 (Not a Bug): /rc.newwanip - Excessive Usage

Currently having the following problem:
According to the systemlogs /rc.newwanip is executed every 3 minutes or so a... Christian M.

12:08 PM pfSense Packages Bug #6655 (Not a Bug): Installing sudo package breaks webGUI system update capabilities and Package Manager on 2.3.1-RELEASE-p1

The problem isn't the sudo package at all. It's that pkg was upgraded and the GUI doesn't understand the output of th... Jim Pingle

11:57 AM pfSense Packages Bug #6655: Installing sudo package breaks webGUI system update capabilities and Package Manager on 2.3.1-RELEASE-p1

I forgot to mention that removing the sudo package via ssh had no change aside from removing the package, the bugs st... Nick Zimmerman

11:56 AM pfSense Packages Bug #6655 (Not a Bug): Installing sudo package breaks webGUI system update capabilities and Package Manager on 2.3.1-RELEASE-p1

After installing the *sudo* package through the System > Package Manager menu, our firewalls are no longer able to ch... Nick Zimmerman

11:56 AM Bug #5652: Radius IETF Class Group Assignment - Incorrect Standard

Phillip Hernandez wrote:
> I disagree with using Cisco-AV:Pair and believe that using Filter-Id is a better option. ... Jay Shepherd

11:28 AM Bug #5652: Radius IETF Class Group Assignment - Incorrect Standard

I disagree with using Cisco-AV:Pair and believe that using Filter-Id is a better option.
Thanks
Phillip Hernandez

11:51 AM Bug #6640: DHCPv6 Server Time Format Change Reversed

Deleted. Daryl Morse

11:50 AM Bug #6640: DHCPv6 Server Time Format Change Reversed

Phillip Davis wrote:
> That looks like a bug that has been around for a while - it is not reversed, it is doubled.
... Daryl Morse

11:24 AM pfSense Packages Bug #6654: siproxyd Table issue

System: Netgate SG-2440 (amd64) Patrick King

11:20 AM pfSense Packages Bug #6654 (Resolved): siproxyd Table issue

Under services-> siproxyd -> Registered phones
Table is not aligned correctly and not showing correct number of re... Patrick King

09:10 AM Bug #6652 (Feedback): Filtering system logs doesn't include all log entries

Applied in changeset commit:f1773759e286fa7dfcaa10965fc7909b7abf560f. Jim Pingle

12:08 AM Bug #6652 (Resolved): Filtering system logs doesn't include all log entries

https://forum.pfsense.org/index.php?topic=115753.0

Log entries to be included in the filtering is capped/restr... NOYB NOYB

05:57 AM Bug #6528: The captive portal cannot be used on interface lan since it is part of a bridge but works anyway

Screamed horray to quick !
When the interface the CP is binded to is bridged, everything works except for the downlo... Orsiris de Jong

01:33 AM Bug #6637 (Confirmed): pfSense blocks return traffic (mostly TCP) on 2.3.1-RELEASE-p5

There is a known fix for this on PR 207598 that should be easy to import.
all FreeBSD 10.x base versions affected Chris Buechler

12:47 AM Bug #6653 (Not a Bug): DNS Forvarder dont worked Host Overrides

that's not true, they work fine. Please post to the forum for assistance. Chris Buechler

12:17 AM Bug #6653 (Not a Bug): DNS Forvarder dont worked Host Overrides

DNS Forvarder ignored all Host Overrides records. Cergo Cergoca

12:20 AM pfSense Packages Feature #6651: Loopback interfaces

For dynamic routing protocol.
As example border router supply originate option ( default gateway ) and use of lo* to... Slava Bendersky

07/27/2016

11:51 PM Bug #6650: Option needed to disable HSTS

A potential workaround may be to use a different host name for other NAT'ed ports.

NOYB NOYB

05:51 PM Bug #6650: Option needed to disable HSTS

Hint: Use haproxy with SNI and forget the ports. See https://github.com/PiBa-NL/pfsense-haproxy-package-doc/wiki (and... Kill Bill

05:04 PM Bug #6650 (Resolved): Option needed to disable HSTS

HSTS is based solely on hosts, and not port numbers. As a result, any HTTPS devices behind the pfSense are unreachabl... Michael Newton

10:50 PM pfSense Packages Feature #6651: Loopback interfaces

I'm curious, what use case do you have for additional lo* interfaces? Chris Buechler

10:31 PM pfSense Packages Feature #6651: Loopback interfaces

major think is create additional lo* interface as right now we can define LAN or WAN. Slava Bendersky

10:10 PM pfSense Packages Feature #6651: Loopback interfaces

you can already do that with virtual IPs on localhost. That doesn't allow cloning lo0 to lo1, though I don't think an... Chris Buechler

09:44 PM pfSense Packages Feature #6651: Loopback interfaces

Assign additional ip addresses like... Slava Bendersky

09:11 PM pfSense Packages Feature #6651: Loopback interfaces

manipulate loopback interfaces in what way? You can already set static routes to lo0 to null route, and add VIPs on l... Chris Buechler

08:59 PM pfSense Packages Feature #6651 (Resolved): Loopback interfaces

Hello Everyone,
I would like place request add ability manipulate loopback interfaces through web ui.
Use cases wh... Slava Bendersky

08:50 PM Bug #6648: pf V2.3.1 - Enabling captive portal failed to create captive portal security group

For support assistance of that nature, use the forum or mailing lists. Jim Pingle

08:33 PM Bug #6648: pf V2.3.1 - Enabling captive portal failed to create captive portal security group

Thank you for the reply, and please pardon my ignorance. Could you please tell me how to assign privileges to a group... Daren Lee

06:54 AM Bug #6648 (Not a Bug): pf V2.3.1 - Enabling captive portal failed to create captive portal security group

That is exactly how it is supposed to work. It is up to the firewall admin to create a group or add the privilege dir... Jim Pingle

01:07 AM Bug #6648 (Not a Bug): pf V2.3.1 - Enabling captive portal failed to create captive portal security group

on a fresh install, enabling Captive Portal failed to create the captive portal security group. could not assign user... Daren Lee

04:17 PM Feature #3718: radvd - enhancement proposal: ability to advertise routes and some fixes - patches attached

Updated the patch for version 2.3.2. Marc Posch

06:58 AM Bug #6649 (Not a Bug): pf v2.3.1 - gateway grouping failed to detect a member with no route to the internet - DNS problems also

Your gateway monitoring for that WAN must not have been correct. For example, pfSense may have been pinging the modem... Jim Pingle

05:14 AM Bug #6649: pf v2.3.1 - gateway grouping failed to detect a member with no route to the internet - DNS problems also

In this situation you need to specify an alternate monitor IP for the router/gateway. If you let it use the default, ... Phillip Davis

01:29 AM Bug #6649 (Not a Bug): pf v2.3.1 - gateway grouping failed to detect a member with no route to the internet - DNS problems also

there are two internet router members added to a Gateway Group. one router (4G wireless modem) became unregistered fr... Daren Lee

07/26/2016

08:30 PM Todo #6647 (New): Enable Additional Security Headers

The nginx instance for the web GUI should enable CSP. Just adding the following works: ... Chris Buechler

05:03 PM Bug #6646 (Resolved): "Reject leases from" on interfaces.php only accepts IPs

"Reject leases from" on interfaces.php only accepts IP addresses. It should also accept subnets in CIDR notation. Chris Buechler

04:43 PM Feature #6644: Add console shutdown option along with reboot at end of installation

If its locked, then you just need to set it to none, and have your mouse over the apply button, and dont click it unt... Xander Venterus

03:21 PM Feature #6644: Add console shutdown option along with reboot at end of installation

Xander Venterus wrote:
> I do believe as you said it, this is more of a microsoft issue.
>
> HOWEVER, my HyperV a... Daryl Morse

03:17 PM Feature #6644: Add console shutdown option along with reboot at end of installation

I do believe as you said it, this is more of a microsoft issue.
HOWEVER, my HyperV allows me to eject virtual CDs ... Xander Venterus

01:20 PM Feature #6644 (Closed): Add console shutdown option along with reboot at end of installation

In windows 2012R2 hyper-v, there is no way to change boot order, dismount a CD or "eject" virtual media while a vm is... Daryl Morse

01:39 PM Todo #6645 (Closed): More reliable update system

Today when 2.3.2 released to public, some peoples got troubles with update.
The main problem is that when update fai... Vladimir Suhhanov

12:56 PM Feature #6641: Please add DHCPv4 Server Time Format Change Setting

Chris Buechler wrote:
> it's already there, has been for a long time.
Noted. Sorry for the false alarm. Not sure ... Daryl Morse

11:35 AM Bug #6031: Anti-Lockoug Rule Not Effective Against Canned Interface Block Rules

Actually, that would be an easy thing for me to do: my entire LAN has public IPs, so in essence, that should be turne... Ronald Antony

11:20 AM Bug #6643 (Feedback): /usr/bin/install missing from new 2.3.2 installations

Applied in changeset commit:78e9b001e9c7f7995a9b79d831d8c33f95aeff3c. Renato Botelho

10:26 AM Bug #6643 (Resolved): /usr/bin/install missing from new 2.3.2 installations

The /usr/bin/install binary is needed by some packages (such as squid) during their installation procedures, but it i... Jim Pingle

09:55 AM Feature #1019: Lagg Failover Mode Master Interface

Is this on a roadmap for any future release? I just ran into this issue today myself and found this feature request. Christian Ulrich

09:42 AM Bug #6642 (Closed): Cant access certain IP's

I use pfSense with multiple LAN NICs:
10GWAN holds our 10G public /22 ip scope
1GWAN holds our 1G public /26 ip sco... Jesper Nissen

03:09 AM Bug #6634: DHCP Server "TFTP Server" field should allow URLs

see: https://forum.pfsense.org/index.php?topic=114085.0 Rene Plattner

03:08 AM Bug #6512: Upgrade to 2.3.1 causes network performance degradation (with High CPU usage by NIC kernel tasks)

Hi,
I also has the problem of the performance degration!
We have a setup of a small hardware box (N3150 Mini-ITX ... Rene Plattner

01:54 AM Bug #4981: Remote logging not active after reboot

Any news on this? Still an issue in the latest 2.3.1_p5 release. I'm also logging to a Nagios Log Server now, and bot... Lars Jorgensen

07/25/2016

11:05 PM Bug #6640 (Feedback): DHCPv6 Server Time Format Change Reversed

merged, thanks Phil Chris Buechler

10:46 PM Bug #6640: DHCPv6 Server Time Format Change Reversed

That looks like a bug that has been around for a while - it is not reversed, it is doubled.
If you have the checkbox... Phillip Davis

09:14 PM Bug #6640 (Resolved): DHCPv6 Server Time Format Change Reversed

The DHCPv6 Server Time Format Change setting "Change DHCPv6 display lease time from UTC to local time" is reversed. W... Daryl Morse

10:43 PM Feature #6641 (Closed): Please add DHCPv4 Server Time Format Change Setting

it's already there, has been for a long time. Chris Buechler

09:16 PM Feature #6641 (Closed): Please add DHCPv4 Server Time Format Change Setting

The DHCPv6 server has a Time Format Change setting to allow display of leases in local time or UTC. Please add a simi... Daryl Morse

08:26 PM Bug #5993: dhcp6c not started until an RA received

Chris Buechler wrote:
> merged this for 2.4 as it needs more baking time in snapshots than we're going to have for 2... Daryl Morse

01:38 PM Feature #6639 (Resolved): Utilize nextboot to control the behavior of the next firewall reboot

Now that we include nextboot, we can use it to control the properties of the next firewall boot sequence.
Two idea... Jim Pingle

10:24 AM pfSense Packages Feature #5434: Let's Encrypt pfSense support

Sory, but now it's working via some simple manual steps...
https://thedevops.party/lets-encrypt-ssl-certificate-on... Ernesto Victor Villarreal

01:44 AM Bug #6637: pfSense blocks return traffic (mostly TCP) on 2.3.1-RELEASE-p5

Chris Buechler wrote:
> this seems like it's probably the issue here?
> https://bugs.freebsd.org/bugzilla/show_bug... Remko Lodder

07/24/2016

06:16 PM pfSense Packages Feature #6196 (Closed): APU2 Thermal sensor

patch is already upstream (by us, not OPNsense).
Jim Thompson

01:19 AM pfSense Packages Feature #6196: APU2 Thermal sensor

This has already been committed upstream:
https://github.com/freebsd/freebsd/commit/cf2857955cc43bf478bbb4716641d1... Jose Luis Duran

05:26 PM Bug #6422: PHP Fatal error: Call to undefined function gettext() in /etc/inc/rrd.inc on line 60

I've been getting this consistently on two new installs that are both dual-WAN load balanced (Gateway Groups).
Mos... Jeffrey Posluns

07/23/2016

05:18 PM Bug #6505: dpinger - socket name too large

I've pushed a hotfix for this commit. Somehow i checked the wrong variable ... Please check
https://github.com/pfs... Daniel Hoffend

03:44 PM Bug #6507: GRE and GIF tunnels on dynamic IPv6 interface are not brought up during boot

IMO this function should be combined with the ipsec tunnel reload. This way you can combine point2point ipsec connect... Daniel Hoffend

09:26 AM Feature #3718: radvd - enhancement proposal: ability to advertise routes and some fixes - patches attached

Hi,
I have upgraded my pfsense box to 2.3.1 finally, since I have seen that there were major changes in the web in... Marc Posch

07/22/2016

11:27 PM Bug #6635 (Not a Bug): Dyndns not updating for no-ip

It works fine as-is. Their old API apparently accepts either hostname or h[] there, since it worked before, and it st... Chris Buechler

12:24 PM Bug #6635: Dyndns not updating for no-ip

My updates on several boxes are working fine. 2.3.1 p5 (I use noip for my primary server dns also so have the ... Chris Palmer

02:56 AM Bug #6635: Dyndns not updating for no-ip

Could have sworn I'd used my no-ip account for testing since that commit. Though my account isn't working either way ... Chris Buechler

11:23 PM Todo #6638 (Resolved): Update no-ip DDNS to new API

no-ip's API has changed (sometime in 2011 apparently), though they still accept updates using the old URL, it should ... Chris Buechler

03:20 PM Bug #6637: pfSense blocks return traffic (mostly TCP) on 2.3.1-RELEASE-p5

this seems like it's probably the issue here?
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=207598
we haven'... Chris Buechler

03:25 AM Bug #6637: pfSense blocks return traffic (mostly TCP) on 2.3.1-RELEASE-p5

I can narrow this down to the 'block out' rule. (And I believe there is no configurable option, perhaps except on the... Remko Lodder

03:19 AM Bug #6637 (Resolved): pfSense blocks return traffic (mostly TCP) on 2.3.1-RELEASE-p5

Dear people,
I am setting up a host where I have my AP's connecting to the pfSense box over IPSEC.
I use the "tra... Remko Lodder

09:25 AM Bug #6433: "TFTP Server" field on DHCP server page does not allow hyphen character.

New ticket now open.
See TICKET #6634 Shane Poteet

03:03 AM Bug #6634 (Confirmed): DHCP Server "TFTP Server" field should allow URLs

different issue, we'll keep this here. Chris Buechler

02:47 AM Bug #4723: Can't forward UDP fragmented packets with scrubbing enabled.

Chris Buechler wrote:
> I hit this issue with a customer last week. Worked fine after disabling scrub. I have pcaps ... Remko Lodder

07/21/2016

09:50 PM pfSense Packages Bug #6636 (Resolved): Squid Reverse Proxy with Additional IP and compatibility="Intermediate" writes bad squid.conf

I use a CARP config, actual IP on this box is x.x.x.135, Virtual IP x.x.x.133. When compatibility="Intermediate" the... Marc Skarshinski

08:38 PM Bug #6635: Dyndns not updating for no-ip

It was "&hostname=" for many years up until 30 Jan 2016, when this commit changed it for some reason:
https://github... Phillip Davis

07:51 PM Bug #6635 (Not a Bug): Dyndns not updating for no-ip

There's a typo on line 431 of dyndns.class where '&h[]=' should be '&hostname='. As is, it doesn't update and logs a... Terry T

02:42 PM Bug #6572: Config sync hangs php-fpm on secondary

Hi Chris,
I have the same problem. I do 1-2 config changes and everything works just fine. If I do a couple more I... Bogdan Cornea

02:04 PM Bug #6634 (Resolved): DHCP Server "TFTP Server" field should allow URLs

Please reopen bug #6433. Not familiar with system here or I would try.
The filter on the web interface is not allo... Shane Poteet

01:55 PM Bug #6433: "TFTP Server" field on DHCP server page does not allow hyphen character.

This still does not have the necessary functionality as it did on 2.2.x as of 2.3.1-5. I need to be able to populate ... Shane Poteet

07:07 AM Bug #6631: vesa_configure error on boot

In that case we'll get the change automatically when we switch to a FreeBSD 11 base for pfSense 2.4, which is only a ... Jim Pingle

02:25 AM Bug #6631: vesa_configure error on boot

I've verified that it's already fixed. Not that the bug still persists. This means that the pfSense kernel should be ... Thijs Cramer

03:56 AM Bug #6558: Pf-sense 2.3 doesn't detect shutdow event with em driver and Intel Chipset 82574L

Chris Buechler wrote:
> No, it's not a bug in our code and doesn't affect any of the hardware we sell or have sold, ... Atlante Informatica

07/20/2016

07:59 PM Bug #6633 (Feedback): redirect-gateway duplicated in client specific overrides

fix pushed Chris Buechler

07:58 PM Bug #6633 (Resolved): redirect-gateway duplicated in client specific overrides

as reported here.
https://forum.pfsense.org/index.php?topic=115429.0 Chris Buechler

07:55 PM pfSense Packages Bug #6632 (Confirmed): siproxd hosts_allow_reg should be configurable

if you open siproxd on WAN in firewall rules, you get what you're asking for security-wise. No shortage of potential ... Chris Buechler

05:09 PM pfSense Packages Bug #6632 (Resolved): siproxd hosts_allow_reg should be configurable

siproxd is providing a configuration option "hosts_allow_reg" which
implements a positive access control list for ho... Robert Jordan

02:48 PM Bug #4326: Limiters on firewall rules where NAT applies drop all traffic

this is from the use of dummynet in pf, which doesn't exist in stock FreeBSD. And the implementation apparently leave... Chris Buechler

02:23 PM Bug #4326: Limiters on firewall rules where NAT applies drop all traffic

Chris Buechler wrote:
> There isn't one because the code/feature in question doesn't exist there.
Now I'm confuse... → luckman212

01:55 PM Bug #4326: Limiters on firewall rules where NAT applies drop all traffic

Andrew Maslin wrote:
> Can someone share the FreeBSD bug # so we can track the progress of the root of the issue? L... Chris Buechler

11:29 AM Bug #4326: Limiters on firewall rules where NAT applies drop all traffic

Can someone share the FreeBSD bug # so we can track the progress of the root of the issue? Like Luke, I would like t... Andrew Maslin

06:48 AM Bug #4326: Limiters on firewall rules where NAT applies drop all traffic

Have you guys tried using a queue inside the limiter instead of the limiter itself? It could make a difference since ... Jose Duarte

02:47 PM Bug #6558: Pf-sense 2.3 doesn't detect shutdow event with em driver and Intel Chipset 82574L

No, it's not a bug in our code and doesn't affect any of the hardware we sell or have sold, so not something we'll ad... Chris Buechler

06:15 AM Bug #6558: Pf-sense 2.3 doesn't detect shutdow event with em driver and Intel Chipset 82574L

Atlante Informatica wrote:
> Chris Buechler wrote:
> > subject isn't true in general, 82574L in the FW-7541 correc... Atlante Informatica

01:56 PM Bug #6629: Can't update to "update" update (e.g. 2.3.1_5)

which is correct, guessing it's no longer showing as described? As that output would give you 2.3.1_5 as an update av... Chris Buechler

08:13 AM Bug #6629: Can't update to "update" update (e.g. 2.3.1_5)

Chris Buechler wrote:
> not replicable. Those two pages use the same function to obtain their data, so no apparent m... Jonathon Reinhart

01:54 PM Bug #6631 (Closed): vesa_configure error on boot

The change that's in reference to was only in 11, what you're seeing there isn't the same thing. Not a bug in our cod... Chris Buechler

01:03 PM Bug #6631 (Closed): vesa_configure error on boot

I have the same issue as this FreeBSD Mailing List thread: http://markmail.org/message/aoq6ub636ainxcxe#query:+page:1... Thijs Cramer

10:44 AM pfSense Packages Todo #6443 (Resolved): Add ntopng package back into pfSense 2.3.x

ntopng will be in the pfSense 2.3.2 release. New tickets should be opened if there are issues with the package upon r... Jared Dillard

07/19/2016

08:51 PM Bug #5993: dhcp6c not started until an RA received

Chris Buechler wrote:
> merged this for 2.4 as it needs more baking time in snapshots than we're going to have for 2... Daryl Morse

08:12 PM Bug #6629: Can't update to "update" update (e.g. 2.3.1_5)

I observed the same thing about a week ago. Performing an update from the console resolved the issue. Anonymous

07:27 PM Bug #6629 (Feedback): Can't update to "update" update (e.g. 2.3.1_5)

not replicable. Those two pages use the same function to obtain their data, so no apparent means for one to show an u... Chris Buechler

05:31 PM Bug #6629 (Resolved): Can't update to "update" update (e.g. 2.3.1_5)

It appears that there is an update available, but when I try to install it, pfSense says it's up-to-date.
I just i... Jonathon Reinhart

06:00 PM Bug #6630 (Assigned): Set Defaults for Graphs - Traffic/WAN + Packets/WAN doesn't work

Jared Dillard

05:39 PM Bug #6630 (Resolved): Set Defaults for Graphs - Traffic/WAN + Packets/WAN doesn't work

Tested on two installations.
2.3.2-DEVELOPMENT (amd64)
built on Mon Jul 18 13:42:01 CDT 2016
FreeBSD 10.3-RELE... Jordan Heinz

03:55 PM Bug #6628 (Resolved): extensions.ini can end up missing required items

In some currently-unknown edge case, extensions.ini can end up missing lines, breaking things.
One example post-2... Chris Buechler

03:51 PM Bug #6578: Filter reload hangs with IPsec hostnames that don't resolve configured

This gets very ugly in circumstances where DNS servers aren't reachable at all. resolve_retry takes extremely long in... Chris Buechler

07:05 AM Bug #4326: Limiters on firewall rules where NAT applies drop all traffic

Now that the target version bumped to 2.4 (FREEBSD-11) can anyone at least say whether the bug has been fixed in Free... → luckman212

04:27 AM Bug #5990: AES-GCM should be an allowed encryption algorithm for IKEv2 in P1

Confirmed that it works with IKEv2 PSK mobile client using:
ike = aes256gcm128-sha512-ecp512bp!
esp = aes256gcm... Lars Pedersen

02:11 AM Bug #6625: firewall forwards all traffic through wan interface, via default gateway, even if alternative route had been installed

Chris Buechler wrote:
> Hi Remko,
> This seems like a duplicate of #1136, is the VPN in this case reachable via a s... Remko Lodder

12:25 AM Bug #6625 (Feedback): firewall forwards all traffic through wan interface, via default gateway, even if alternative route had been installed

Hi Remko,
This seems like a duplicate of #1136, is the VPN in this case reachable via a static route? Chris Buechler

12:50 AM Bug #6437 (Resolved): CBQ queues are not displaying options for bandwidth or borrowing

works, thanks Steve Chris Buechler