Activity
From 10/12/2016 to 11/10/2016
11/10/2016
-
11:07 PM Feature #6914 (Resolved): unbound access-control lists
- Hello! In
Services -> DNS Resolver -> Access Lists -> Add -> Actions
we have only 4 options "Deny", "Refuse", "Allo... -
04:04 PM Bug #6099: igmpproxy does not recognize upstream interface
- That's interesting. But unfortunately this is not the case for my system. Swisscom transmits everything on vlan10 and...
-
01:30 PM Bug #6906: Issues with /tmp and /var in RAM on 2.4
- The prompt when booting appears to be due to the fact that /var was not cleaned out when switching to RAM disk, and t...
-
12:32 PM Bug #6913 (Resolved): install on Hyper-v R2
- can't install 2.4 on Hyper-V 2012 R2
fix... -
- Better fix is in now, see #6878
-
- Works here, must be something local or site-specific.
-
- Each of these changes was made on 2.4 only, as some assumptions were made that could conflict in some cases (e.g. Nan...
-
- I pushed a change to teach squidGuard to keep its databases in a persistent directory when /var is in RAM. The files ...
-
- Pushed a change for squid to teach clamav to keep its DB in a persistent location if /var is a RAM disk. It doesn't c...
-
- can't install 2.4 on Hyper-v R2 (all updates installed)
fix:... -
- But the details you mention are not solved by this suggestion. The interface is already filled/selected when you crea...
-
11:14 AM Bug #6910: Pre-fill 'interface' field when creating firewall rule on interface -> efficiency
- I mean it constructively, btw, not to whine or something.
-
- I'm assuming people want to work efficient.
What is wrong with copying a field into a field to make sure people do... -
- You're assuming everyone uses it the same way you use it, which isn't the case. Removing functionality to prevent foo...
-
- 1. Button: 'copy'
2. Popup: which fields to change (interface);
3. Save = copied with altered values. -
- Being able to edit the interface allows you to move a rule from one interface to another. (e.g. copy LAN rule, edit L...
-
- Now it is possible to create a firewall rule on a vlan tab, and fill in the wrong interface in that rule. Aside from ...
-
- Thanks for the feedback!
-
11:00 AM Bug #6781: OpenBSD description links are broken in Traffic Shaper
- I think you should mark it as "resolved/closed". Thanks!
-
- i have installed 2.4 on hyper-v 2012 R1, set ip. no network.. no ping.. have updated drivers, enabled and disabled hw...
-
- Example: I want to copy ALL FW rules from VLAN100 to VLAN110 at once.
Then, in that copy, or (see previous issue r... -
- For example: copy one alias (the content of course) into another alias (like in FW rules), sort alias, filter alias, ...
11/09/2016
-
10:51 PM Bug #6907 (Duplicate): DNS Resolver does not use domain name set in DHCP subnet, only the global one
- Ran into this myself & found a relevant forum post here: https://forum.pfsense.org/index.php?topic=119717.0
In sho... -
10:28 PM Bug #6761 (Feedback): Limiter doesn't limit at correct bandwidth
- Many bugs were fixed in 2.4.
2.3.2 is very broken with respect to limiters.
Could you try a recent 2.4 snapshot ? -
04:41 PM Bug #6099: igmpproxy does not recognize upstream interface
- Found sth on different site:
[[https://sourceforge.net/p/igmpproxy/bugs/4/#472a]]
So for at least with DE-Telekom ... -
- Fixed the snort directories in commit:ce8fedd
Will look into squidGuard soon. -
- Checking deeper, @pkg info@ is empty after switching, which explains why the installed packages showed damaged, but a...
-
- I set /tmp and /var to be in RAM on a test box running 2.4 and hit a couple issues:
1. I had two packages installe... -
02:23 PM
Feature #6881: services_unbound_host_edit.php: DNS Resolver Add V4 and V6 host override at the same time
- In addition any aliases created would have to include both the V4 and V6 addresses.
-
- It is still an issue but it can be easily worked around by adding a floating rule to pass outbound to the destination...
-
- The verify script is in @/usr/local/etc/raddb/scripts/otpverify.sh@ on current versions. The FreeRADIUS package code ...
-
12:06 PM Feature #6899 (Feedback): Can't specify PPTP/L2TP gateway as FQDN
- Pull request has been merged. Thanks!
-
- I can reproduce this somewhat here on 2.3.2. With a WAN/LAN style bridge, putting @synproxy@ on a TCP rule will event...
-
- I can't reproduce this here on 2.3.2_1. I can make edits to the bridge and the MAC stays the same and I can still rou...
-
09:00 AM
Bug #6903: services_dnsmasq_edit.php: Configuration XML hosts section order appears randomized
- Applied in changeset commit:8e7fea674a34ab217c9b9821c608639ca45bd281.
-
08:18 AM
Bug #6903 (Feedback): services_dnsmasq_edit.php: Configuration XML hosts section order appears randomized
- It is certainly not "randomized", but since the two tables may be sorted (by clicking the column headers) the hosts c...
-
- The route now appears on the OpenVPN interface as expected, and clients can connect/pass traffic with static addresse...
-
07:57 AM Bug #5319: Error message "No config named" in charon daemon
- I've just been hit by this as well and like the last comment, restarting ipsec from the cmd line fixes the problem fo...
-
- Merge is in commit:b8b0fab1a4ef44758ff7fdd9cbfcc8bab2fe49b9
-
- Merged PR
-
- When trying to perform an XMLRPC between two 2.4 HA systems, the secondary won't accept new settings, believing it ha...
-
01:21 AM Bug #6904: PRIQ Queue Priority Limited To 7
- Dirty patch attached to thread above, restores old behavior...
Correct way would be to determine parent interface ...
11/08/2016
-
- Set parent interface to PRIQ. Set child queue priority to anything greater than 7. Receive "Please select a value tha...
-
09:20 PM
Bug #6779 (Resolved): Traffic shaper wizard uses decimals instead of whole numbers
-
- Looks like fixed.
-
06:07 PM Bug #6903 (Resolved): services_dnsmasq_edit.php: Configuration XML hosts section order appears randomized
- Related to #6893 - when I view the diff of the configuration XML after a change to DNS Resolver's Host Overrides sect...
-
- Awesome, thanks for the quick fix!
-
01:00 PM
Bug #6893: Configuration XML is inconsistent with self closing tags
- Applied in changeset commit:da7054b7cf77d9322307c52d8340fb30486ce25e.
-
12:54 PM
Bug #6893 (Feedback): Configuration XML is inconsistent with self closing tags
- Null configuration settings are now written as <tag></tag> instead of <tag /> for consistency
-
- thank you very much!)
-
- I've imported a patch from OpenVPN development list:
https://github.com/pfsense/FreeBSD-ports/commit/153999c431c59... -
- The certificate won't take full effect until the web server is restarted, and restarting the web server from a proces...
-
06:00 AM Bug #6902: webConfigurator not using new certificate and won't disable SSL
- Bob Hannent wrote:
> Restarting the pfSense box has now locked me out of the UI, neither HTTPS or HTTP work now. Sli... -
- Method:
* I had the web UI using the default self-signed certificate and I used an alternate port number just in cas... -
07:38 AM Bug #3075: Can't delete unused Virtual IP "referenced by a least one gateway"
- I've got this error on 2.3.2_1, on a CARP VIP I just added for a test. I'm 100% sure that VIP is not being used for a...
11/07/2016
-
10:53 PM Bug #6850: FreeBSD 11.0 Route Syntax Change For Non-Local Gateway
- Still seeing system lockup on 2.4.0-BETA when dealing with non-local gateways.
-
- > While creating an alias containing multiple networks, I used copy/paste and (unthinkingly) pasted 18 of the 22 entr...
-
- I don't have a Cisco switch to test against, and the only piece of hardware I have left with em0 that works is 32-bit...
-
- Confirmed. The daemon is binding to all interfaces, which prevents the second one from operating properly.
Changin... -
- Confirmed, doesn't need PPPoE. An OpenVPN instance on an assigned GIF interface is enough. It's acting as though the ...
-
02:21 PM pfSense Packages Bug #6721: Incorrect OpenBGPd package scripts prevent use of both IPv4 and IPv6
- Hi Jim,
Leaving "Listen on IP" blank makes the default IPv4 address "0.0.0.0" to be put on both IPv4 *and IPv6* "l... -
- Unless there is a compelling need to set it to listen on two specific addresses manually, leave "Listen on IP" blank ...
-
01:12 PM
Bug #6901 (Feedback): services_unbound_host_edit.php: "Delete" button should be suppressed if < 2 host aliases listed
- checkLastRow() Javascript added to page
-
01:12 PM
Bug #6901 (Resolved): services_unbound_host_edit.php: "Delete" button should be suppressed if < 2 host aliases listed
-
- Applied in changeset commit:86584ded30c27b9ad1b017fb743399dc01180f02.
-
- I committed a fix to store the passwords in base64. Worked fine here but could use more testing. 2.4 only for the tim...
-
12:10 PM
Bug #6898: Suggestion: reword "VPN > IPsec > Tunnels > Edit Phase 1" "Key Exchange version" popup contents
- Applied in changeset commit:10b262b409c9b4170785948b9e73bdfc7edc2eae.
-
12:01 PM
Bug #6898 (Feedback): Suggestion: reword "VPN > IPsec > Tunnels > Edit Phase 1" "Key Exchange version" popup contents
- Pull-down text changed as suggested.
-
09:40 AM
Bug #6779: Traffic shaper wizard uses decimals instead of whole numbers
- Applied in changeset commit:7c3a9dede96552233fbe1da35ac4126aa524711b.
-
08:56 AM
Bug #6779: Traffic shaper wizard uses decimals instead of whole numbers
- Fix part 1: HTML inputs that specify the bandwidth have been updated to accept decimal values.
Part 2: Calcualted ba... -
- Seems useful and was simple to add. I pushed it to the 2.4 version of the package.
-
- We'll pick it up naturally when it comes through FreeBSD ports. I don't think it's worth going out of our way to pick...
-
05:22 AM pfSense Packages Bug #6900 (Resolved): OpenVPN + OTP auth failure
- Hi guys. In pfsense 2.3.2 after any changes (firewall rules, reboot, etc...), I cannot access the server via OpenVPN ...
11/06/2016
-
-
10:12 PM Feature #3859: Make it possible to set the source IP address for gateway monitoring
- is there any updates on this feature ?
With lack of ipv4, being able to use only one public ip is a pretty common co... -
- Fixed in 2.4.
-
09:10 PM Bug #6864 (Feedback): Error checking rejects IPv6 addresses with upper case A-F.
- Applied in changeset commit:d461ff40e364fc0ecc003b9f673cbad7c6a08f2f.
-
- Note: The pull request generated discussion about whether users should have the option to record IPv6 addresses with ...
-
12:37 AM Bug #6864: Error checking rejects IPv6 addresses with upper case A-F.
- Take a look at Phil's patch. If it needs rework kick back to either he or I.
-
- Eval, please
-
- Please retest on 2.3. Close if possible. Let me know if it's still an issue
-
- Can't be "high", it's five years old.
JimP, please reeval to see if this is still and issue. -
- With luck recent work has closed this.
-
- Believe this should be closed
-
- Pingle pls confirm
-
- Please look at Phil'a patch
-
-
- Pingle for eval.
-
- Needs serious evaluation first.
11/05/2016
-
- In general I agree that we could do a better job here. Beaver can look into that.
Things like md5 have to stay u... -
12:04 PM Todo #6332: Upgrade encryption options to cover current range of recommendations
- Jim Pingle wrote:
> We can't outright purge md5 and other weak options because people are frequently forced to use t... -
- We can't outright purge md5 and other weak options because people are frequently forced to use them for third party v...
-
- I was about to file a similar bug, but found this one searching the bugbase for "md5".
I'm new to pfsense and just... -
- Thanks for the proposal. This would be considered a feature request (I changed the type for you). Code submissions sh...
-
12:51 PM Feature #6899 (Resolved): Can't specify PPTP/L2TP gateway as FQDN
- Actually I don't know that's a bug report or a feature request actually.
Nevertheless I'm using the following workar... -
- In the "VPN > IPsec > Tunnels > Edit Phase 1" screen, there is a "Key Exchange version" popup, its contents are:
V1... -
07:45 AM pfSense Packages Feature #6226: Add usb_modeswitch to the pfSense package repo
- Has this feature request stalled ?
There is a package that that could handle this, it is only a matter of the corr...
11/04/2016
-
08:50 PM Feature #6897 (Duplicate): Use a dedicated favicon for the webConfigurator (one that differs from *.pfsense.org)
- I think webConfigurator should use a favicon that differs from the one used on any *.pfsense.org.
I often have mul... -
07:08 PM
Bug #6779: Traffic shaper wizard uses decimals instead of whole numbers
- Thanks!
I updated you instructions a little since "default" is not always the same in the Wizard. -
- Yes, calculated values.
Run wizard, select Multiple Lan/Wan traffic_shaper_wizard_multi_all.xml
*First step:*
LA... -
10:47 AM
Bug #6779 (Feedback): Traffic shaper wizard uses decimals instead of whole numbers
- Would you please clarify for me?
Does the problem occur when you enter decimals in the wizard, or when values you ... -
05:19 PM Bug #6896: unbound root.key file corruption possibly related to full file system
- The logs cannot fill up anything. They are circular and fixed size - see Status - System Logs - Settings. Simply make...
-
05:19 PM Bug #6896: unbound root.key file corruption possibly related to full file system
- Just following up, I traced it down to the suricata package. My DNS log is gigabytes in length. What is strange is t...
-
- My root.key becomes corrupt and unbound crashes and no longer will start. This bug is likely related to #5334 and has...
-
03:30 PM
Bug #6895: Moving rules does not scroll
- Applied in changeset commit:7da65ab7dc9a1b55624de9fb6eb9a4a272440573.
-
03:29 PM
Bug #6895 (Feedback): Moving rules does not scroll
- Matt Fine to test.
-
03:23 PM
Bug #6895 (Resolved): Moving rules does not scroll
- Dragging firewall rules does not automatically scroll the page when dragging to the top or bottom of hte visible window
-
-
02:56 PM pfSense Packages Bug #6777: squid cant redirect ssl website correctly to squidguard error page in a denied category
- NOT A BUG.
This is caused by a behavior on Browsers, check this link for more information about it: https://bugzil... -
- - It's not rebooting after auto ZFS installation on 4860
-
- - Remove extra options for auto UFS leaving only MBR and GPT
- Use labels to particions on UFS -
- Applied in changeset commit:7ac34d65a4f3f8561c8156ae75630aa71c8a88f2.
-
- This works fine in the base system and in the export package. I can make a CA, then make an intermediate CA, then mak...
-
- Applied in changeset commit:1be1b87b5f9ab8d0a259b888aab08ec6babad568.
-
12:13 PM Bug #6876: Firewall alias issue after adding a wrong alias
- I do confirm that affected version are 2.3.2 and 2.2, even if screenshot is 2.2.x. Purpose of screenshot was just to ...
-
09:11 AM
Bug #6876 (Feedback): Firewall alias issue after adding a wrong alias
- Affected version has been set to 2.3.2, yet your screenshots are from a 2.2.x version. Would you please confirm that ...
-
12:00 PM
Bug #6811: pkg_edit.php rowhelper is broken with multiple distinct rowhelpers per page.
- Applied in changeset commit:f92d44da5a4958372c7fb925043abc34588143e3.
-
11:51 AM
Bug #6811 (Feedback): pkg_edit.php rowhelper is broken with multiple distinct rowhelpers per page.
- Changes made to pkg_edit.php appear to have resolved this, but more testing is required. Many packages use rowhelpers...
-
- I hit this exact problem too.
It would be nice to at least improve the error message to state which characters are... -
- First, I really did not intend to start a bikeshedding flame war. :) I honestly thought it would be non-controversia...
-
- In the typical firewall use case, a reboot or halt only happens when there is a problem that needs correcting, which ...
-
- Shrug; not sure how common action is rebooting a NAS:
QNAP: !https://s22.postimg.org/4aznct5kh/Screenshot_1.png! S... -
- Because it's a bikeshed discussion that will never please everyone. Making reboot and halt more accessible is not a g...
-
- I think all the current locations simply suck. Why not have a menu in place of the current logout button that offers ...
-
- I'm hesitant to commit changes to the ordering without lots of testing first, so can you try the attached patch to se...
-
- Here's another example. I only deleted some L2TP users, but the XML has changed for these values (screenshot from Sou...
-
- Whenever I make changes I do "Download configuration as XML" and store the file in a git repository, so I always view...
-
- Applied in changeset commit:2446fffa5932e8debcaf165bfaf5492cea429c60.
-
- Both CloudFlare and GratisDNS used the same logic that Namecheap used to use, which has several potential problems. I...
-
- There is no known consistent single cause. Some have it with nothing else installed, some other pfBlocker, some with ...
-
09:59 AM
Bug #6406: Web process becomes unresponsive producing 502 Bad Gateway nginx
- Sorry to re-hash this, but since it has just been assigned to me I need an update.
Some of the above responses wou... -
09:50 AM
Feature #6753: Interfaces list order not consistent
- Applied in changeset commit:e5d339735836fd55b0fa944d5d7e472793785e30.
-
09:43 AM
Feature #6753 (Feedback): Interfaces list order not consistent
- Sorting has been removed from the Interface menu.
Adding msort to all other occurrences would obviously involve mo... -
09:35 AM Bug #6826: DNS forwarder is sending packets with link-local IPv6 source address to global unicast address
- Thanks. ping is a special case since it is protocol-aware (separate ping, ping6), but it looks like FreeBSD doesn't i...
-
- This appears to be how FreeBSD behaves and is not specific to the DNS resolver or forwarder, the same happens even wi...
-
- Applied in changeset commit:79e50e9768f32b75817a28021d051c79cb44fdec.
-
09:13 AM
Bug #6711 (Closed): diag_states_summary # States and # States twice (explain one is per protocol)
-
- Duplicate of #6406 and others that are all the same base issue: PHP gets wedged and don't respond.
-
- I can reproduce the behavior on 2.3.x. If I adjust the MTU of an assigned interface, only the default and/or link rou...
-
- The two events are not related.
The first is an issue with an IPsec tunnel peer address that was entered as a full... -
02:09 AM Bug #6843: Version inconsistency after updating to 2.3.2_1
- I should add that I've since this was reported upgraded via the command line and it now shows 2.3.2_1 on both pages.
11/03/2016
-
11:00 PM Bug #6892 (Resolved): CARP VIPs Deleted entering CARP Maintenance Mode
- There is an issue both upgrading CARP HA cluster and subsequent entering and leaving CARP maintenance mode.
When e... -
- This debate pops up every now and then and there hasn't been a compelling argument for moving it. Rebooting and shutt...
-
- When I first came to pfSense I had the same trouble finding the Reboot entry and Halt entry.
The flip side to this i... -
- OK. I don't use this so it doesn't effect systems that I have that will be stuck on 2.3.* (32-bit Alix). If it is not...
-
- Given all the work that's happened on 2.4 with IPFW, I'd say it's best to not attempt a backport. 2.4 is not that far...
-
- I guess the fix is in the pf port or...?
Is it something that easily applies back to 2.3.* FreeBSD 10.3 and thus cou... -
- Fixed in 2.4.
-
- Assigned to Pingle for analysis.
-
We would have to provide the ports of the Intel drivers as packages, and then allow people to load the package on d...-
- assigned to Pingle for analysis.
-
08:54 PM Bug #6891: Improper shutdown causes irrecoverable filesystem corruption, unable to boot or fsck
- Some related forum threads...
https://forum.pfsense.org/index.php?topic=120019.0
https://forum.pfsense.org/index.ph... -
- I've had this happen 4 times so far that I can remember. That is definitely more than I would like but out of ~85 fi...
-
07:42 PM Bug #6406: Web process becomes unresponsive producing 502 Bad Gateway nginx
- FYI - Still happening on 2.3.2-RELEASE-p1 systems.
-
- https://wiki.strongswan.org/projects/strongswan/wiki/PKCS11plugin
no idea what this needs in the GUI, etc.
OP s... -
05:34 PM Bug #6890 (Resolved): PPP service name error
- Hi,
I've just updated a virtual appliance to the new 2.3.2_1 version, and now, i can't add ppp connection (3G backu... -
03:56 PM Bug #1819: DNS Resolver Not Registering DHCP Server Specified Domain Name
- Any updates on this? It also seems to be affecting unbound on 2.3.2-p1. Until this is fixed, perhaps removing the d...
-
- I can't reproduce this. If I create a similar setup, the VIP status is reflected properly on both units.
That said... -
05:45 AM Bug #6887 (Rejected): Carp status widget doesn't work, show wrong IPs status
- In a two nodes cluster with 3 carp IPs, carp widget doesn't show correctly which node is master or backup for each ip...
-
10:21 AM Todo #6889 (Resolved): Improve router mode help text
- *Current*
Select the Operating Mode for the Router Advertisement (RA) Daemon. Use:
Router Only to only advertise th... -
- Don't use a manual "ifconfig-push" line, that's what the "Tunnel Network" option in the override sets up automaticall...
-
09:19 AM Bug #6888 (Rejected): openVPN - Client Specific Overrides
- System: 2.3.2-RELEASE-p1
On WebGUI i put 'ifconfig-push 172.50.0.10 255.255.255.0' but client gets this IP: 172.50... -
07:40 AM Bug #3330: Load Balancer showing wrong Status when using aliases for the port
- Indeed, is still there in 2.3.2-RELEASE-p1, is not assigned to anybody unfortunately and I need to do load balancing ...
11/02/2016
-
04:15 PM Feature #6886 (Resolved): Allow Dual-Stack IPSec VPN
- It would be nice to have a third option in the web interface for creating IPSec mobile configs, allowing you to selec...
-
- The logo used on the pfSense web interface should be a scalable vector graphics file (SVG), allowing it to automatica...
-
04:01 PM pfSense Packages Bug #6410: when PFSENSE after server restart,openvpn+motp not login
- Hello,
this seems to be a solid hazard preventing the use of motp based 2 factor auth.
see also https://forum.pfs... -
- I'm new to pfsense, and this is my first bug report. Please be gentle. :)
I had to google how to reboot pfsense, b... -
- This appears to be a general problem with OpenVPN on FreeBSD 11:
https://forums.freebsd.org/threads/58019/
https:...
11/01/2016
-
- PPPoE and L2TP were converted to use mpd5 in commit:8d50c07c8bfdd2692a0c7d3ca3489977b528aecc and commit:2c0a3677de6b6...
-
-
- I pushed a fix for this in package version 0.6.15.
-
-
- I ran some tests and can confirm the issue on 2.4 only.
2.3.3 and 2.4 run the same version of OpenVPN and have ide... -
- when i try to connect to pfsense web interface, there is block entry in firewall log:
lo0 10.10.111.231:81 _(pfsen... -
- dev ovpns7
verb 1
dev-type tun
dev-node /dev/tun7
writepid /var/run/openvpn_server7.pid
#user nobody
#group nob... -
- Still not enough info. Need to know all settings all the way down the page, especially the topology type. Would also ...
-
- it works on 2.3.*
i installed 2.4, and restored config from 2.3.3
openvpn server UDP/TUN
Server mode - Remote Ac... -
- Unless this was a working configuration on a previous version, it's more likely to be a configuration error. There is...
-
- openvpn - UDP/TUN (TAP works)
clients connect to server, in the logs everything is fine, but no access anywhere.
wi... -
- I tested the forwarding of fragmented ICMP and UDP packets and they seem to be working as expected on 2.4.
Could s... -
- Remko Lodder wrote:
> Chris Buechler wrote:
> > I hit this issue with a customer last week. Worked fine after disab... -
04:35 AM Bug #4326: Limiters on firewall rules where NAT applies drop all traffic
- This is a workaround, not a clean solution.
Better than nothing, but a native, specific and definitive resolution is...
10/31/2016
-
- Looks like it's a classic case of PHP returning "true" for empty() when passed a string of "0". I'll look into it.
-
- Running 2.4, bsnmpd will consume all available CPU time when the hostres module is active. The CPU usage for geom als...
-
12:19 PM Bug #4723: Can't forward UDP fragmented packets with scrubbing enabled.
- Remko Lodder wrote:
> Chris Buechler wrote:
> > I hit this issue with a customer last week. Worked fine after disab... -
10:04 AM Bug #6856: "Force Config Settings" buton on master causes slave to loss IP alises on lo0
- Confirmed in 2.2.6 and 2.3.2_1 64bit.
-
07:12 AM Feature #6881 (Duplicate): services_unbound_host_edit.php: DNS Resolver Add V4 and V6 host override at the same time
- Is there any chance of changing the setup of the Edit Host Overide page so you can add IPv4 and IPv6 addresses for th...
10/30/2016
-
- So far I am happy with 2.4 running on ZFS, even it highly experimental, I use on one non so critical production firew...
10/29/2016
-
07:50 AM Bug #4326: Limiters on firewall rules where NAT applies drop all traffic
Solution
fix Limiters on firewall rules where NAT applies drop all traffic
and
Problem Limiter blocks in...-
05:31 AM Bug #4326: Limiters on firewall rules where NAT applies drop all traffic
- Also affected... is there any plan to fix this in an upcoming release as it's a common use case
-
- Managed to completely destruct entire system by a _single_ power cycle. Unbootable, kernel panic, endless reboot cycl...
10/28/2016
-
08:17 PM Bug #6880 (Resolved): Multiple DHCP6 WAN connections leads to multiple dhcp6c clients
- When configuring multiple interfaces as DHCP6, such as PPPoE DSL and Cable, multiple dhcp6c processes get started, on...
-
03:11 PM Bug #6879 (Resolved): GUI doesn't show rebooting notification after upgrading
- During upgrade to the latest version, GUI doesn't update fast enough and does not write a rebooting notification. To ...
-
06:18 AM pfSense Packages Bug #6875: dpinger not switching icmp id automatically
- Luiz Otavio O Souza wrote:
> This is the same behaviour of ping (the icmp_id comes from the PID).
>
> So, when yo... -
12:52 AM pfSense Packages Bug #6305: Quagga problems updating routes / mistakenly showing "kernel"-routes while they are not
- So far the only thing I got from Martin was that -9 is not a nice way to stop quagga and could cause the issues... Al...
10/27/2016
-
12:57 PM pfSense Packages Bug #6878 (Resolved): how to use snort, squid and squid_guard with a ram disk
- create 2 directories in /root
mkdir /root/sauv_db_clamav/
mkdir /root/sauv_db_squidGuard/
you need to create a f... -
- Applied in changeset commit:aa9cf3fa4d532e9f2dbd05d38ca438980b21e06b.
-
10/26/2016
-
02:37 PM Bug #6802: GUI does not respond and vpn stops working
- I too have seen this issue.
I bought a new newgate sg2440 running 2.3.2_1 and 1 week ago I used it to replace my o... -
- That means nothing to how it's used on pfSense. One of the primary uses of certificates on pfSense is OpenVPN, and Op...
-
08:41 AM Bug #6877: nsCertType "Server" property of a certificate is not detected if additional nsCertType flags are also set
- OK. However, let me point out that, according to https://www.openssl.org/docs/manmaster/apps/x509v3_config.html, the ...
-
- Those are both authentication attributes, not the server property.
The GUI checks the cert to see if the nsCertTyp... -
- Using a GoDaddy server certificate. The server has both TLS Web Server Authentication and TLS Web Client Authenticati...
10/25/2016
-
- Note: This fix has been applied to RELENG_2_3 to fix the issue on FreeBSD 10.3/pfSense 2.3.*
In FreeBSD 11.0 (upco... -
- Applied in changeset commit:ed893ee55a248bea3a03d69a7e80b905a39a4f94.
-
- PR has been merged, thanks!
-
- PR has been merged, thanks!
-
- PR has been merged, thanks!
-
- PR has been merged
-
***** ALREADY POSTED ON FORUM : https://forum.pfsense.org/index.php?topic=119811.msg662795#msg662795 **************...-
05:20 AM Feature #1219: Ship DTRACE enabled kernels in the images
- +100500
Please, implement!
10/24/2016
-
05:48 PM Bug #6272: Wrong numbers in state column of /firewall_rules.php
- Ok thanks for the explanation
-
- RELENG_2_3 is the development path towards (a possible) 2.3.3. It should therefore be fixed in recent builds of 2.3.3...
-
- Hi, by "RELENG_2_3" do you mean this should be already fixed in current stable 2.3.2-RELEASE-p1 ? Because the problem...
-
05:35 PM Bug #6874: Dynamic DNS w/ DNSimple
- I stumbled on to the same problem just now when implementing a new dyndns provider.
The code was wrong for both the ... -
01:34 AM Bug #6874 (Resolved): Dynamic DNS w/ DNSimple
- Around line 1380 in src/etc/inc/dyndns.class is a chunk of code that looks like this:...
-
- This is the same behaviour of ping (the icmp_id comes from the PID).
So, when you have an issue with your ISP ping... -
- I'm having a problem with dpinger that's not switching ICMP id when there's packet loss, for example in a CGNAT scena...
-
- @relayd@ is a part of the FreeBSD ports tree. It's not a piece of software that pfSense has ported or maintained. You...
-
-
04:16 AM Bug #6223: IPsec + OpenBGPD fails with "PF_KEY socket: No buffer space available"
- I can word in on this, major issue.
10/23/2016
-
11:58 PM Bug #5317: CSR signed certificates shows issuer as external
- Seeing this as well, quite problematic for VPN usage. pfSense 2.3.2-RELEASE-p1.
-
- Fixed on 2.4 and RELENG_2_3.
pfSense_get_pf_states() now return the packet counters as doubles. -
- The front-end validation is stopping a zero from being entered, so "Leave empty" is the (only) way to specify "no lim...
-
- The text says "Leave empty or set to 0 for no limit." However input error checking in the browser now no-longer allow...
-
03:05 PM Bug #6873 (New): radvd - Too many addresses in RDNSS section when previously using DHCPv6
- I have come across a bug within the IPv6 Router Advertising Daemon where you receive the following errors in the logs...
-
03:03 PM Feature #4259: Port forward NAT rules with "any" protocol
- Could be it implemented with the new 2.4 release ?
-
10:14 AM Bug #6870: Load balancer DNS (relayd) can't handle fragmented udp, breaks DNSSEC
- Turns out causing pfsense to not drop fragmented 'do not fragment' packets creates more problems than it solves. For...
10/22/2016
-
12:25 PM pfSense Packages Bug #6871: Squid Proxy Reports bug
- I'm sorry but I'm a fool ... is necessarily open ports on your firewall application ( ports 7445 and 3000)
ALL OK -
Installed from scratch pfsense, Proxy Server, Squid Proxy Reports.
If you try to access the page https: // pfSen...-
- To be clear:
The workaround for relayd / DNS protocol failing or being seemingly intermittent when load balancing... -
Update: dig and other dns query engines set the DF 'do not fragment' bit -- then go on to issue DNSSEC DNS querie...
10/21/2016
-
- Unlikely we can do much if anything for this, it's probably an issue in relayd itself and not the way we set it up. Y...
-
- The built-in load balancer (relayd) has a protocol 'dns' that manages UDP dns queries. The purpose is to load balanc...
-
- Jim, thanks for your explanation! This what I'm trying to detect - what exactly clearing the states. I know, Redmine ...
-
- Discussion: https://forum.pfsense.org/index.php?topic=118679.0
10/20/2016
-
- That is a "feature" of the netstat command, which has annoyed me too. With "-W" it does output the full data in some ...
-
12:58 PM Bug #6869 (Resolved): Diagnostics / Routes Truncates Destination and Gateway Names
- When "resolve names" is enabled, resolved destination and gateway names are truncated to 18 characters (e.g., pfSense...
-
- Running 2.3.2_1 using an HE/64 tunnel. Adjusting MTU to troubleshoot possible PMTUD problem. Found that setting for M...
-
10:47 AM Bug #4326: Limiters on firewall rules where NAT applies drop all traffic
- I also use limiters and NAT reflection in combination. So I am stuck on 2.1.4 and 2.1.5 until a release where this co...
-
09:50 AM pfSense Packages Bug #6129: zabbix agent/proxy 2.4 not ported to pfSense 2.3
- Is there any way i can help with this. Or is there anything i can do to make this happen?
-
- Looking at a customer box today it made me realize a good path here would be to queue up the notifications in a file ...
-
08:09 AM pfSense Packages Bug #6867 (Closed): Please update quagga to version 1.1
- Quagga 1.1 fixes a lot of bugs:
http://mirror.yannic-bonenberger.com/nongnu/quagga/quagga-1.1.0.changelog.txt
N...
10/19/2016
-
- This one also automatically converts the input to lowercase as the user leaves the IP Address field, or presses a but...
-
- While I think it is cool to convert the characters as you type, the GUI has to accept upper case letters as well.
... -
- Pull request: https://github.com/pfsense/pfsense/pull/3198
That makes the "Please match the requested format:" text ... -
- Recent browser changes mean this is rejected before the form is submitted and the error tool tip shown is unhelpful.
... -
- I can confirm that this fixes the issue where the file exists but contains no leases. The lease file is still being p...
-
04:30 PM pfSense Packages Feature #6866 (Rejected): Suricata multiple interfaces
- I've set up Suricata on the WAN interface. When an alert happen I don't see what internal address caused the alert. I...
-
- Please start a forum thread for discussion and diagnosis before opening a ticket. Also, upgrade to 2.3.2_1 first to e...
-
03:11 PM Bug #6865 (Rejected): DNS resolver : old issue returns
- 2.3.2-RELEASE (i386)
built on Tue Jul 19 13:09:39 CDT 2016
FreeBSD 10.3-RELEASE-p5
nanobsd (4g)
When trying to... -
- Too late for 2.4.0...
-
04:39 AM Feature #2358: NAT64 support
- UPVOTE
-
- UPVOTE, word up on this. It should be prioritized significantly.
-
- That is normal and expected when the two units are properly synchronizing states. Find what is clearing the states an...
10/18/2016
-
- https://github.com/pfsense/pfsense/pull/3197
That fixes the little side issue, where in fact the leases file exists ... -
- With regards to item 1, testing with one windows 10 client and no active leases, Status / DHCPv6 Leases reports "No l...
-
- title should have had protection of 0600, workaround changes it to 0644
-
- /var/etc/cert.crt has mode 0444, leading to
/var/log/nginx-error.log entries like
2016/10/16 16:06:14 [crit] 61476#... -
- There are two pfsense routers (version 2.3.2-RELEASE-p1, but I've faced this issue 1st time on 2.2.5/2.2.6) in HA mod...
-
- I started having this crash frequently as well. I'm running 2.3.2_p1. I do have DHCPv6 on one of my WANs (but I nee...
-
- Ken Sim wrote:
> Anytime I try and change any of the gateways that are checked non-local on the current snapshot it ... -
- Anytime I try and change any of the gateways that are checked non-local on the current snapshot it locks up pfsense a...
-
- I couldn't replicate it after fixes I pushed for #6828. Can you try the next round of snapshots?
-
11:16 AM Bug #6858: 2.3.X is not properly updating packages
- Renato, thank you for the write up.
Does this cover file /usr/local/lib/php/20131226/suhosin.so? This shared objec... -
- Actually it's not a bug, it's expected and it's how pkg is designed to work.
When we moved to 2.3.2_1 we cherry-pi... -
- Applied in changeset commit:94bd7fb3a52e375dcd25c416e36389f96060a8fd.
-
07:46 AM pfSense Packages Bug #6861 (New): Ha-Proxy duplicated backend used in place of original backend
- Hello,
Find hereafter a problem on ha-proxy 0.48 / 1.6.6 package.
Steps to reproduce :
- Create a configurati...
10/17/2016
-
04:01 PM Bug #6860 (Resolved): Monitoring (RRD) graphs return "unknown" step value
- There seem to be cases where rrd_fetch_json.php returns a step value that isn't located in the javascript lookup tabl...
-
12:56 PM pfSense Packages Feature #6859 (Resolved): have an includedir by default (sudo package)
- I'm trying to customize sudo and the options I'm looking for aren't in the GUI. Is there a way to include this line i...
-
04:33 AM Bug #6099: igmpproxy does not recognize upstream interface
- I have the same problem with the 20160905_1818 version.
The _all version works fine on ISP XS4All in The Netherlands... -
03:14 AM Feature #2573: Captive Portal support of RADIUS POD (Packet of Disconnect)
- POD is useful when replacing Expiration date in Pfsense user manager.
The Option " re-authenticate users every minu... -
- 2.3.X is not updating files properly. See forum thread https://forum.pfsense.org/index.php?topic=119344.msg662359#msg...
10/16/2016
-
10:37 PM
Bug #5413: Reduce disruptions when changing DNS records from DHCP leases in Unbound
- The patch you posted only prevents Unbound from being restarted by performing GUI actions, not automatically when a n...
-
- Note this potentially related bug report:
https://github.com/opnsense/core/issues/1184
"
Adding an IPv6 CARP V... -
- The issue manifests as the 'backup' machine in the carp set being unable to ping6 (or otherwise pass packets to) the ...
-
- It would be good to make target version 2.4 instead of nothing. Thanks.
10/15/2016
-
11:16 PM Bug #6856: "Force Config Settings" buton on master causes slave to loss IP alises on lo0
- Sent pull-request: https://github.com/pfsense/pfsense/pull/3195
-
- Hi,
We have a two couple of node HA setup with pfsense latests version running (2.3.2p1). This cluster has a few v... -
- I've just sent a pull-req: https://github.com/pfsense/pfsense/pull/3194
-
- Hi,
When using an LDAP server on a non-local (ie. accesible thru a gateway) network, the system takes 10+ minutes ...
10/14/2016
-
- Add STARTTLS to the available LDAP Server modes.
-
02:32 PM Bug #6854 (Rejected): webconfig error with LDAP authenticated users for certmgr
- The local admin user is the only user that can successfully work with certificates.
Other users authenticating off o... -
- Nate Baker wrote:
> Jim Pingle wrote:
> > Someone who can reproduce it reliably needs to get the details of how to ... -
12:56 PM pfSense Packages Bug #6305: Quagga problems updating routes / mistakenly showing "kernel"-routes while they are not
- Jim Pingle wrote:
> Someone who can reproduce it reliably needs to get the details of how to reproduce it reported t... -
12:15 PM Bug #4418: IPsec mobile clients - bogus "p" appended to search domain
Also I am having the same problem in versãoo 2.3.2-RELEASE-p1. For some in the forum saw what worked the Place hum ...
10/13/2016
-
- Phillip Davis wrote:
> As part of removing nanobsd support, it was noticed that dhcp6 leases were not being restored... -
- As part of removing nanobsd support, it was noticed that dhcp6 leases were not being restored on systems with use_mfs...
-
- Daryl Morse wrote:
> I'm running 2.3.3.a.20160815.2144 with PR 3102/1, 3102/2, 3103, 3105, 3106 and 3107, testing th... -
- I have the same issue like Dora Paule with the version: igmpproxy_20160905_1818.zip
There is no such problem with t... -
- Updating this issue based on 2.4 development snapshot.
The dhcp6 before RA feature has been working perfectly sinc... -
- Applied in changeset commit:d02ee1387fdb159bfb7cb9495003f66545d97989.
-
- What appears to happen is that the wizard resets the range even if the existing range is valid. So if you have x.x.x....
10/12/2016
-
- Jim Pingle wrote:
> On 2.3 we have a patch to alter the behavior of "route change" so that it adds a route if it's n... -
- All gone.
-
- Works
-
- Works great
-
- Appears to be working correctly on 2.3.3 and 2.4 snapshots.
-
- This seems to be OK now. The comp-noadapt change was confirmed to work on an affected system (remote client had no LZ...
-
- New options are being pushed correctly when selected.
-
- 2.4 doesn't support nanobsd anymore, convert all nanobsd installations to full install during upgrade from 2.3 to 2.4...
-
11:44 AM Bug #6650: Option needed to disable HSTS
- Having same issue, all HTTP sites are also broken like the original example. Need option in pfsense to disable HSTS.
-
11:30 AM
Bug #6806 (Feedback): Form validation for DHCP NTP Servers does not allow hyphens
- Applied in changeset commit:c68dbfc7580180cd9d47bdbecaeeb6cf835fe210.
Also available in: Atom