Project

General

Profile

Activity

From 10/17/2016 to 11/15/2016

11/15/2016

11:44 PM Bug #6913: install on Hyper-v R2
Yes, it works.
Thank you. Dmitry Ivanov
10:44 PM Bug #6913 (Feedback): install on Hyper-v R2
There were fixes put in today for ZFS and it might have affected other things you're seeing. Try it again on a new sn... Jim Pingle
11:15 PM Bug #6911: no network on hyperv-v 2012 R1
I don't have anything capable of running Hyper-V on Windows Server (R1 or R2) nearby so I can't easily confirm the is... Jim Pingle
10:20 PM Bug #5383: CODELQ Traffic Shaper Causes Panic and Reboot During Speed Test
I just experienced this apparently same crash on 2.4 while running the DSLReports Speedtest. The system crashed afte... Chad Wagner
10:02 PM Bug #6918: Javascript Lowercase for IPv6 addresses prevents use of aliases with capital letters
I reverted all these changes until the proper solution is committed.
The 'real' solution here is convert the IPv6 ... Luiz Souza
05:44 PM Bug #6918 (New): Javascript Lowercase for IPv6 addresses prevents use of aliases with capital letters
There are more related pending PRs that may help, but I was talking to sbeaver earlier and he had some ideas on how i... Jim Pingle
05:30 PM Bug #6918: Javascript Lowercase for IPv6 addresses prevents use of aliases with capital letters
I'm sorry but this is *still* broken. I go to Firewall - NAT - Port Forward, there's a rule with an alias called "RAS... Kill Bill
09:40 PM Bug #6919 (Feedback): Filter logs are broken, log has incomplete/invalid data
Should be fixed in filterlog-0.1_5. Luiz Souza
05:41 PM Bug #6925: System Update Failed
Nah, Nepal is innocent -- the mirrors have been slow like molasses for some two days or so... Kill Bill
05:34 PM Bug #6925: System Update Failed
I am also getting this the last day or so. I thought it was related to moving back to Nepal and having slower internet. Phillip Davis
01:25 PM Bug #6925 (Feedback): System Update Failed
Jim Thompson
11:45 AM Revision ff3d11c8: DHCPv6 ddnsdomainprimary must currently be IPv4
This field is currently validated to allow only an IPv4 address to be entered, so it may as well be consistent client... Phil Davis
11:40 AM Bug #6929 (Resolved): Choosing ZFS during install results in a system that cannot mount root
ZFS now works on CE and Factory snapshots, thanks!
 Jim Pingle
09:37 AM Bug #6929 (Feedback): Choosing ZFS during install results in a system that cannot mount root
Pushed a fix, please try next round of snapshots Renato Botelho
11:35 AM Revision 7164c563: services_dhcp_edit add extra IPv4 validation
a) Validate that ipaddr must be IPv4 (note if you enter an IPv6 address, it will fail other later tests of being in t... Phil Davis
10:34 AM Revision 41fc88ec: Specify the IP address family in interfaces.php
Where it is known what sort of IP address is required, we can specify it in the call to Form_IpAddress. That will mak... Phil Davis
10:13 AM Bug #6934 (Resolved): /usr/bin/install missing from new 2.4 installations
Same as #6643 but it's happening again on 2.4 now.
/usr/bin/install is missing from a fresh install, updating to a... Jim Pingle
08:26 AM Bug #6933 (Duplicate): Wrong IPv6 address is served over DNS when static mapping is used with Track6 interface
Duplicate of #6768 Jim Pingle
08:07 AM Bug #6933 (Duplicate): Wrong IPv6 address is served over DNS when static mapping is used with Track6 interface
I have a router with pfSense 2.3.2 that has several LAN interfaces, each set to Track6 mode to assign IPv6 addresses ... Anonymous
07:20 AM Bug #6927: 1 to 1 NAT allows entry of mixed IP addresses
1:1 NAT does work for IPv6. It's similar to NPt, but for a single address -- NPt is really just a slightly different ... Jim Pingle
04:07 AM Bug #6927: 1 to 1 NAT allows entry of mixed IP addresses
At the moment it allows entry of IPv6 addresses. Is that correct? Is the 1:1 NAT feature supposed to work fine with I... Phillip Davis

11/14/2016

11:00 PM Revision bf2c7206: Fix #6918 Allow aliases with capital letters in rules
Expand the types of Form_IpAddress so that the caller can specify
exactly what combination of IPv4, IPv6 address and ... Phil Davis
11:00 PM Revision 8100374e: Fix #6918 Allow aliases with capital letters in rules
Expand the types of Form_IpAddress so that the caller can specify
exactly what combination of IPv4, IPv6 address and ... Phil Davis
10:59 PM Revision f9dcc114: Merge pull request #3225 from phil-davis/form_ipaddress
Jim Pingle
10:14 PM Bug #6932 (Not a Bug): MLPPP
Please open a forum thread for discussion and diagnosis before opening a bug report. It does work for some people, an... Jim Pingle
10:11 PM Bug #6932 (Not a Bug): MLPPP
This feature has been broken for a very long time. I have tested with x64 and x86 and different hardware with no luck... Matt Crook
06:11 PM Bug #6931 (Resolved): Status > Filter Reload page is confusingly worded
The way the Filter Reload page is displayed implies that the filter rules are loaded by simply visiting the page.
... Steve Wheeler
05:32 PM Bug #6812: IPsec filterdns crash
OK these issues have surfaces again this morning. Truth be told, I have no idea what's Ipsec and as far as I know, I... Anonymous
05:10 PM Bug #6918: Javascript Lowercase for IPv6 addresses prevents use of aliases with capital letters
Applied in changeset commit:9444a281f051e11d5456cc37b2a3f56fc8a7bc33. Phillip Davis
05:01 PM Bug #6918 (Feedback): Javascript Lowercase for IPv6 addresses prevents use of aliases with capital letters
The PR looks good, appears to do the proper thing in each case. I just merged it in. Jim Pingle
03:28 PM pfSense Packages Feature #6651: Loopback interfaces
Loopback interfaces are a cisco best practice for GRE/IPSec tunnels. I would use them for site-to-site IPSec as an in... Tom Poole
11:50 AM Bug #6930 (Resolved): DHCP server should be disabled for /31 and /32
Related forum thread: https://forum.pfsense.org/index.php?topic=121105.0
Basically
- disable the enable DHCP serv... Kill Bill
11:49 AM Bug #6929 (Resolved): Choosing ZFS during install results in a system that cannot mount root
Choosing the ZFS option results in a system that starts to boot, but cannot mount the root slice because it doesn't k... Jim Pingle
12:43 AM Bug #6911: no network on hyperv-v 2012 R1
the problem appears to be fixed in FreeBSD 11.0- *STABLE* Dmitry Ivanov

11/13/2016

11:13 PM pfSense Packages Bug #6928: freeRADIUS, logging with "Access-Reject" not work in mysql table radpostauth
for change it - needed uncomment this:
/usr/local/etc/raddb/sites-enabled/default
section post-auth
variable sql
... Konstantin Ab
09:47 PM pfSense Packages Bug #6928 (Resolved): freeRADIUS, logging with "Access-Reject" not work in mysql table radpostauth
The table(radpostauth) is recorded only events "Access-Accept".
in the table(radpostauth) needed events "Acces-Reje... Konstantin Ab
10:01 PM Bug #6913: install on Hyper-v R2
11-stable have fixed this issue Dmitry Ivanov
07:47 AM Bug #6913: install on Hyper-v R2
Bug 212721 - FreeBSD 11.0-RC2/RC3/RELEASE fails on Hyper-V 2012r2
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id... Dmitry Ivanov
06:17 PM Revision 9444a281: Fix #6918 Allow aliases with capital letters in rules
Expand the types of Form_IpAddress so that the caller can specify
exactly what combination of IPv4, IPv6 address and ... Phil Davis
05:49 PM Revision 38ce4a18: Keep the rule type selection after input errors on firewall rule
If the user:
a) Edit a firewall rule
b) Select "single host or alias"
c) Enter an invalid IP address that is not an a... Phil Davis
01:12 PM Bug #6925: System Update Failed
"Operation timed out" => when download fails, you cannot upgrade. Kill Bill
10:41 AM Bug #6925 (Resolved): System Update Failed
>>> Updating repositories metadata...
Updating pfSense-core repository catalogue...
pfSense-core repository is up-... Edson Bueno
01:07 PM Bug #6927 (Resolved): 1 to 1 NAT allows entry of mixed IP addresses
When adding a 1:1 NAT entry it is possible to enter a mix of IPv4 and IPv6 addresses in the various External Internal... Phillip Davis
12:19 PM Bug #6918: Javascript Lowercase for IPv6 addresses prevents use of aliases with capital letters
See pull request https://github.com/pfsense/pfsense/pull/3225 for a suggested fix. Phillip Davis
11:05 AM Bug #6918: Javascript Lowercase for IPv6 addresses prevents use of aliases with capital letters
Yes. Confirmed on:
2.3.3-DEVELOPMENT (amd64)
built on Fri Nov 11 16:36:08 CST 2016
FreeBSD 10.3-RELEASE-p12
... Andrew -
12:17 PM Bug #6926 (New): Miniupnp advertising expired IPv6 address
Version 2.3.2_1
With WAN set to DHCP6 and LAN set to track interface, the miniupnp service does not get notified i... Leland Roach
07:39 AM Bug #6924 (Not a Bug): Configure third interface by gui.
It's possible something being configured on the previous one made it appear that it failed (e.g. states got reset). I... Jim Pingle
12:52 AM Bug #6924: Configure third interface by gui.
I added a new network card and I set up ipv4 and saved it and it was just spinning. Now I added another set and it wa... Edson Bueno
05:55 AM pfSense Packages Bug #3343: (re)starting freeradius service throws "The command '/usr/local/etc/rc.d/radiusd.sh stop' returned exit code '1', the output was 'radiusd not running?'"
The problem is, that pfSense restarts the packages it self and also calls the restart method of freeradius itself.
... Chris Becker
04:50 AM Bug #6911: no network on hyperv-v 2012 R1
Bug 213618 - When running as a Hyper-V Guest, FreeBSD 11 networking does not work
https://bugs.freebsd.org/bugzilla... Dmitry Ivanov

11/12/2016

10:13 PM Revision 360f3a90: add All-Inkl to services.class
Christoph Filnkößl
10:09 PM Revision 575b1dcf: add All-Inkl to dyndns.class
Christoph Filnkößl
09:00 PM Bug #6923 (Not a Bug): install pfSense-pkg-nrpe-2.3.1_1.txz
I can't duplicate this here on a current snapshot. The package installs fine.
Make sure you are on a completely up... Jim Pingle
12:06 PM Bug #6923 (Not a Bug): install pfSense-pkg-nrpe-2.3.1_1.txz
Fetching pfSense-pkg-nrpe-2.3.1_1.txz: . done
Fetching nrpe-ssl-2.15_6.txz: ... done
Fetching nagios-plugins-2.1.3,... Edson Bueno
08:21 PM Bug #6924 (Feedback): Configure third interface by gui.
Can you explain in more detail about exactly what you are doing that is failing?
I am able to assign an interface ... Jim Pingle
12:57 PM Bug #6924 (Not a Bug): Configure third interface by gui.
Configures all standard parameters prompts to save. But it just keeps rolling.
But by option 2 (Set interface (s) IP... Edson Bueno
02:54 AM Bug #6922 (Resolved): Dynamic DNS widget broken with Custom v6 entries
Self-explanatory:
!https://s16.postimg.org/9l1y6nq6t/Screenshot1.png!
!https://s16.postimg.org/t46jg0oyd/Screensh... Kill Bill

11/11/2016

11:22 PM Bug #6921 (Not a Bug): Poor speed with Chelsio T420-CR
I have a Chelsio T420-CR 10gbe NIC in a Supermicro A1SRi-2758f based pfsense router. I get poor speed (~1.2gbps) test... Rajil Saraswat
10:00 PM Bug #6688 (Resolved): Special characters in a password cause problems
Base64 encoding works fine here. Jim Pingle
09:59 PM Feature #5985 (Resolved): ntp pool command
Tested on a few systems, works fine. Jim Pingle
03:30 PM Feature #5985 (Feedback): ntp pool command
Applied in changeset commit:fbb652ed28641c50b14b9897a914ed317c323d73. Jim Pingle
09:59 PM Feature #6639 (Resolved): Utilize nextboot to control the behavior of the next firewall reboot
Tested on a few systems, works fine. Jim Pingle
02:30 PM Feature #6639 (Feedback): Utilize nextboot to control the behavior of the next firewall reboot
Applied in changeset commit:92a78939583e2be7f7cc52d045bc48a2e2264d1d. Jim Pingle
09:50 PM Bug #6920 (Resolved): Upgrading to 2.4 with a stale package .inc file can prevent the system from fully booting after upgrade
I upgraded a 2.3 VM that had recently had FreeRADIUS installed, but removed. The old freeradius.inc was somehow left ... Jim Pingle
09:24 PM Revision fbb652ed: Use the ntpd "pool" command for more robust timekeeping. Attempting to automatically determine if we are using a pool, and allow it to be set optionally otherwise. Implements #5985
Jim Pingle
08:48 PM Bug #6919 (Resolved): Filter logs are broken, log has incomplete/invalid data
The filter logs contain information but not enough data:... Jim Pingle
08:22 PM Revision 92a78939: Add options to console menu reboot selection to reboot into single user mode and to reboot and force a filesystem check. Implements #6639
Jim Pingle
06:45 PM Revision 2909468c: Revert change to row delete button
Steve Beaver
06:44 PM Revision 464a540a: Revert change to row delete button
Steve Beaver
06:39 PM Revision 0a0c6db0: Revert "Suppress delete button if only one row"
This reverts commit 13be068fe5e1377d1d5649efe0f860ba5c34ba90. Steve Beaver
06:38 PM Revision b9c0d66d: Revert "Suppress delete button if only one row"
This reverts commit 75ac7cab1dfb3e8148a27a13369bbb08219e8c3a. Steve Beaver
04:37 PM Revision 13be068f: Suppress delete button if only one row
Steve Beaver
04:37 PM Revision 75ac7cab: Suppress delete button if only one row
Steve Beaver
04:12 PM Revision af3bf919: Fixed #6916
Steve Beaver
04:11 PM Revision 38fe6f07: Fixed #6916
Steve Beaver
02:01 PM Revision 6a365a4c: LAN IP validation logic
Jonathon Anderson
01:47 PM Revision c6575378: Revert "Fixed #6811"
This reverts commit f92d44da5a4958372c7fb925043abc34588143e3. Steve Beaver
01:40 PM Revision aa66a125: Revert "Fixed #6811"
This reverts commit f92d44da5a4958372c7fb925043abc34588143e3. Steve Beaver
12:34 PM Bug #6898 (Resolved): Suggestion: reword "VPN > IPsec > Tunnels > Edit Phase 1" "Key Exchange version" popup contents
Looks good. Jim Pingle
12:23 PM Bug #6872 (Resolved): Captive Portal per user bandwidth field no longer accepts 0.
Text is correct now. Jim Pingle
12:22 PM Bug #6864 (New): Error checking rejects IPv6 addresses with upper case A-F.
Jim Pingle
12:22 PM Bug #6864: Error checking rejects IPv6 addresses with upper case A-F.
This appears to have broken the use of Aliases that have names using capital letters. See #6918 Jim Pingle
12:20 PM Bug #6830 (Resolved): Chelsio T4/T5 CXGBE drivers not loaded as ALTq capable in the PfSense UI
It's in the list now for snapshots. Jim Pingle
12:19 PM Bug #6828 (Resolved): Patch for "route change" is not present on 2.4 builds using FreeBSD 11
Routing has been fine on 2.4 in every scenario I've tried so far. Jim Pingle
12:18 PM Bug #6633 (Resolved): redirect-gateway duplicated in client specific overrides
Fixed, only one entry is present in the override file now. Jim Pingle
12:16 PM Bug #6628 (Resolved): extensions.ini can end up missing required items
New extension loading method is working well. Jim Pingle
12:15 PM Bug #6549 (Resolved): fstab is missing post-install
I've run through several installs lately and this is definitely OK now. Jim Pingle
11:00 AM Feature #2766: status_openvpn.php needs IPv6 support
Still missing in OpenVPN 2.3.12 Jim Pingle
10:43 AM Bug #6918 (Closed): Javascript Lowercase for IPv6 addresses prevents use of aliases with capital letters
If you have an alias, say "Blah", and try to enter it in a field on a firewall rule, it is automatically translated t... Jim Pingle
10:21 AM Bug #6893 (Resolved): Configuration XML is inconsistent with self closing tags
Anonymous
10:20 AM Bug #6916: interfaces_vlan.php: Clicking on "Cancel" deletes VLAN
Applied in changeset commit:38fe6f07922c8ee6bde81ba1f07ab6ffe380f12b. Anonymous
10:14 AM Bug #6916 (Feedback): interfaces_vlan.php: Clicking on "Cancel" deletes VLAN
Automatic confirmation suppressed and manual confirm substituted. Anonymous
08:59 AM Bug #6916 (Resolved): interfaces_vlan.php: Clicking on "Cancel" deletes VLAN
Just another small bug from VLAN delete confirmation dialog (see Bug #5541). If one clicks on trash icon, the delete ... Luzemario Dantas
09:51 AM Feature #6917: Add ability to choose from what IP/IFACE you search for updates
The update check always has to leave the interface with the default gateway, as any traffic originating from the fire... Jim Pingle
09:40 AM Feature #6917 (New): Add ability to choose from what IP/IFACE you search for updates
Hi guys,
Please add an option to allow the user to choose from what IP or interface the request for updates is out... Luzemario Dantas
07:48 AM Bug #6905 (Resolved): XMLRPC Loop detection broken, secondary refuses to accept sync data
Works in snapshots that include the fix Jim Pingle
07:46 AM pfSense Packages Feature #6859 (Resolved): have an includedir by default (sudo package)
Works Jim Pingle
07:27 AM pfSense Packages Bug #6900 (Resolved): OpenVPN + OTP auth failure
Works Jim Pingle
07:01 AM pfSense Packages Bug #5868 (Resolved): Quagga OSPF Priority value "0" (zero) is being ignored - DR election doesnt work properly.
Feedback from a customer who was hitting this confirmed it's now working. Jim Pingle
07:01 AM pfSense Packages Bug #6797 (Resolved): Shared Key Export - just one server in list
Works Jim Pingle
07:00 AM Feature #3410 (Resolved): Patch: Add Apple Open Directory memberUid support in group lookup
Closing for lack of feedback. Jim Pingle
06:59 AM Bug #4820 (Resolved): DHCP Scope at setup
Works Jim Pingle
06:55 AM Todo #2480 (Closed): Add checkbox to OpenVPN client/server to exlcude VPN server from (pushed) routes
It's been 4 years and this hasn't come up again. If someone needs it, they can add these options manually. Jim Pingle
05:50 AM Bug #6895 (Resolved): Moving rules does not scroll
Anonymous
03:27 AM Bug #6658: DHCP Relay not working on 2.3.2
Can this pretty please finally get the disastrous patch reverted? Not only it did not fix what it was supposed to fix... Kill Bill
03:08 AM pfSense Packages Bug #6736: Snort fails to start after upgrade to 2.3.2-RELEASE
Get the same issue when updateing from pfSense 2.3.1_5 to 2.3.2_1
In my logs when SNORT tries to start I also get:... Diggory Gray
02:09 AM Bug #6915 (Resolved): unbound logging not working after reboot or "Reset log files"
After "reboot the machine" or "Status => System Logs => Settings" => "Reset log files" then unbound logs are not s... idris budak

11/10/2016

11:07 PM Feature #6914 (Resolved): unbound access-control lists
Hello! In
Services -> DNS Resolver -> Access Lists -> Add -> Actions
we have only 4 options "Deny", "Refuse", "Allo... Vladimir Tiukhtin
04:04 PM Bug #6099: igmpproxy does not recognize upstream interface
That's interesting. But unfortunately this is not the case for my system. Swisscom transmits everything on vlan10 and... Philipp Haefelfinger
02:49 PM Revision 3ad0f9b6: Update setup_wizard.xml
Jonathon Anderson
01:30 PM Bug #6906: Issues with /tmp and /var in RAM on 2.4
The prompt when booting appears to be due to the fact that /var was not cleaned out when switching to RAM disk, and t... Jim Pingle
12:32 PM Bug #6913 (Resolved): install on Hyper-v R2
can't install 2.4 on Hyper-V 2012 R2
fix... Dmitry Ivanov
12:27 PM pfSense Packages Bug #4608: squidGuard & pfsense RAM disk compatible
Better fix is in now, see #6878 Jim Pingle
12:27 PM pfSense Packages Bug #6279 (Rejected): squidguard blacklist update not working after initial update
Works here, must be something local or site-specific. Jim Pingle
12:23 PM pfSense Packages Bug #6878: how to use snort, squid and squid_guard with a ram disk
Each of these changes was made on 2.4 only, as some assumptions were made that could conflict in some cases (e.g. Nan... Jim Pingle
12:23 PM pfSense Packages Bug #6878 (Feedback): how to use snort, squid and squid_guard with a ram disk
I pushed a change to teach squidGuard to keep its databases in a persistent directory when /var is in RAM. The files ... Jim Pingle
11:10 AM pfSense Packages Bug #6878: how to use snort, squid and squid_guard with a ram disk
Pushed a change for squid to teach clamav to keep its DB in a persistent location if /var is a RAM disk. It doesn't c... Jim Pingle
12:23 PM Bug #6912 (Closed): install on Hyper-v R2
can't install 2.4 on Hyper-v R2 (all updates installed)
fix:... Dmitry Ivanov
11:17 AM Bug #6910: Pre-fill 'interface' field when creating firewall rule on interface -> efficiency
But the details you mention are not solved by this suggestion. The interface is already filled/selected when you crea... Jim Pingle
11:14 AM Bug #6910: Pre-fill 'interface' field when creating firewall rule on interface -> efficiency
I mean it constructively, btw, not to whine or something. Hollander Hollander
11:08 AM Bug #6910: Pre-fill 'interface' field when creating firewall rule on interface -> efficiency
I'm assuming people want to work efficient.
What is wrong with copying a field into a field to make sure people do... Hollander Hollander
10:08 AM Bug #6910: Pre-fill 'interface' field when creating firewall rule on interface -> efficiency
You're assuming everyone uses it the same way you use it, which isn't the case. Removing functionality to prevent foo... Jim Pingle
10:05 AM Bug #6910: Pre-fill 'interface' field when creating firewall rule on interface -> efficiency
1. Button: 'copy'
2. Popup: which fields to change (interface);
3. Save = copied with altered values. Hollander Hollander
09:44 AM Bug #6910 (Rejected): Pre-fill 'interface' field when creating firewall rule on interface -> efficiency
Being able to edit the interface allows you to move a rule from one interface to another. (e.g. copy LAN rule, edit L... Jim Pingle
09:05 AM Bug #6910 (Rejected): Pre-fill 'interface' field when creating firewall rule on interface -> efficiency
Now it is possible to create a firewall rule on a vlan tab, and fill in the wrong interface in that rule. Aside from ... Hollander Hollander
11:02 AM Bug #6781 (Resolved): OpenBSD description links are broken in Traffic Shaper
Thanks for the feedback! Jim Pingle
11:00 AM Bug #6781: OpenBSD description links are broken in Traffic Shaper
I think you should mark it as "resolved/closed". Thanks! Vladimir Suhhanov
10:49 AM Bug #6911 (Rejected): no network on hyperv-v 2012 R1
i have installed 2.4 on hyper-v 2012 R1, set ip. no network.. no ping.. have updated drivers, enabled and disabled hw... Dmitry Ivanov
10:03 AM Revision 09cc19c2: Consider the IPv6 checksum options when dealing with "Disable hardware checksum offload".
Ticket #5321
(cherry picked from commit 411d4e6e55475cc66b997ca3e47478dbe10b4e1b) Luiz Souza
10:03 AM Revision 1c9bf396: Fix bug where CARP vip status is incorrent in the interface when more
than one CARP vip is configured for an interface.
(cherry picked from commit 5116a8aa60ad87c0a47aafeca422cc323147ea14) Fredrik Rönnvall
10:03 AM Revision 16bdba73: Remove "use lowercase" hint
As it is no longer relevant, because the code now automatically converts
to lowercase.
(cherry picked from commit 6a... Phil Davis
10:03 AM Revision 3a66c0da: Fix #6864 automatically convert IPv6 input to lowercase
1) As the user leaves the field, or presses Save, onChange will fire and
convert the input string to lowercase. This ... Phil Davis
10:01 AM Revision ebc4a441: Consider the IPv6 checksum options when dealing with "Disable hardware checksum offload".
Ticket #5321
(cherry picked from commit 411d4e6e55475cc66b997ca3e47478dbe10b4e1b) Luiz Souza
10:01 AM Revision 5ad69855: Fix bug where CARP vip status is incorrent in the interface when more
than one CARP vip is configured for an interface.
(cherry picked from commit 5116a8aa60ad87c0a47aafeca422cc323147ea14) Fredrik Rönnvall
10:01 AM Revision 0cc7eec5: 80 character lines ftw :)
Just because it was asked nicely :)
(cherry picked from commit 013110a19b90698cd521fc120b06b7cc37b531e5) Stilez y
10:01 AM Revision 68de92f2: standardise old code ("or" -> "||")
(cherry picked from commit f9416ab2bdaae5ca41e70db1c846ab3419fd0cee) Stilez y
10:01 AM Revision b68edd49: Remove "use lowercase" hint
As it is no longer relevant, because the code now automatically converts
to lowercase.
(cherry picked from commit 6a... Phil Davis
10:01 AM Revision 6df432c3: Fix #6864 automatically convert IPv6 input to lowercase
1) As the user leaves the field, or presses Save, onChange will fire and
convert the input string to lowercase. This ... Phil Davis
08:48 AM Feature #6909 (Duplicate): Copy FW rules to new interface efficiency
Example: I want to copy ALL FW rules from VLAN100 to VLAN110 at once.
Then, in that copy, or (see previous issue r... Hollander Hollander
08:16 AM Feature #6908 (Resolved): Alias copy, sort, search/replace functions
For example: copy one alias (the content of course) into another alias (like in FW rules), sort alias, filter alias, ... Hollander Hollander
04:08 AM Revision 7798eb1e: Fix a 'divide by zero' bug in traffic_shaper_wizard_multi_all.inc.
Luiz Souza

11/09/2016

11:27 PM Revision 694872ae: Comment typos alphabet
(cherry picked from commit d622a62eb4f3ec8535ead494a863f10bbc409f41) Phil Davis
11:27 PM Revision 2f8f3cb3: Merge pull request #3221 from phil-davis/patch-2
Steve Beaver
11:23 PM Revision d622a62e: Comment typos alphabet
Phil Davis
10:51 PM Bug #6907 (Duplicate): DNS Resolver does not use domain name set in DHCP subnet, only the global one
Ran into this myself & found a relevant forum post here: https://forum.pfsense.org/index.php?topic=119717.0
In sho... Wil Reichert
10:28 PM Bug #6761 (Feedback): Limiter doesn't limit at correct bandwidth
Many bugs were fixed in 2.4.
2.3.2 is very broken with respect to limiters.
Could you try a recent 2.4 snapshot ? Luiz Souza
07:55 PM Revision 0eb2512f: update conditional re:LAN dhcp
Jonathon Anderson
06:05 PM Revision b20a6d67: Fix #6899
(cherry picked from commit c766ac7dd723f6e36980c48b0dd156b492556616) Luka Pavlyuk
06:05 PM Revision 5e105459: Merge pull request #3218 from kernelbug/master
Renato Botelho
06:02 PM Revision abc9b886: ipsec, apply routes also for IP-aliases with carp parents
(cherry picked from commit ee908e93671fddb38f8cca5d3d19a28791934878) Pi Ba
06:02 PM Revision 8d8cd372: Merge pull request #3220 from PiBa-NL/ipsec-routes
Renato Botelho
05:33 PM Revision 6f012614: syslogd, create configured logsocket directories
(cherry picked from commit 4406922edb1000ef79f4fccfb484aa1103105ac0) Pi Ba
05:32 PM Revision b256751e: Merge pull request #3211 from PiBa-NL/syslogd-logsocket
Renato Botelho
04:41 PM Bug #6099: igmpproxy does not recognize upstream interface
Found sth on different site:
[[https://sourceforge.net/p/igmpproxy/bugs/4/#472a]]
So for at least with DE-Telekom ... Chris Becker
03:23 PM pfSense Packages Bug #6878: how to use snort, squid and squid_guard with a ram disk
Fixed the snort directories in commit:ce8fedd
Will look into squidGuard soon. Jim Pingle
02:57 PM Revision 59537908: err() expects a single parameter
Renato Botelho
02:57 PM Bug #6906: Issues with /tmp and /var in RAM on 2.4
Checking deeper, @pkg info@ is empty after switching, which explains why the installed packages showed damaged, but a... Jim Pingle
02:49 PM Bug #6906 (Resolved): Issues with /tmp and /var in RAM on 2.4
I set /tmp and /var to be in RAM on a test box running 2.4 and hit a couple issues:
1. I had two packages installe... Jim Pingle
02:57 PM Revision dcae03a3: Fixed #6903
hosts and domains sorted on display, not on save to config Steve Beaver
02:56 PM Revision 8e7fea67: Fixed #6903
hosts and domains sorted on display, not on save to config Steve Beaver
02:23 PM Feature #6881: services_unbound_host_edit.php: DNS Resolver Add V4 and V6 host override at the same time
In addition any aliases created would have to include both the V4 and V6 addresses. Anonymous
02:06 PM Bug #1813 (Confirmed): Static routes on WAN interfaces overridden by route-to for firewall-initiated traffic
It is still an issue but it can be easily worked around by adding a floating rule to pass outbound to the destination... Jim Pingle
01:57 PM pfSense Packages Bug #6900 (Feedback): OpenVPN + OTP auth failure
The verify script is in @/usr/local/etc/raddb/scripts/otpverify.sh@ on current versions. The FreeRADIUS package code ... Jim Pingle
01:08 PM Revision b8b0fab1: Merge pull request #3215 from PiBa-NL/xmlrpc-loopback
Jim Pingle
12:06 PM Feature #6899 (Feedback): Can't specify PPTP/L2TP gateway as FQDN
Pull request has been merged. Thanks! Renato Botelho
11:01 AM Bug #6769 (Resolved): Crash PacketFilter in bridge mode
I can reproduce this somewhat here on 2.3.2. With a WAN/LAN style bridge, putting @synproxy@ on a TCP rule will event... Jim Pingle
10:03 AM Bug #6760 (Not a Bug): Editing WAN bridge interface breaks routing until reboot
I can't reproduce this here on 2.3.2_1. I can make edits to the bridge and the MAC stays the same and I can still rou... Jim Pingle
09:00 AM Bug #6903: services_dnsmasq_edit.php: Configuration XML hosts section order appears randomized
Applied in changeset commit:8e7fea674a34ab217c9b9821c608639ca45bd281. Anonymous
08:18 AM Bug #6903 (Feedback): services_dnsmasq_edit.php: Configuration XML hosts section order appears randomized
It is certainly not "randomized", but since the two tables may be sorted (by clicking the column headers) the hosts c... Anonymous
08:56 AM Bug #6883 (Resolved): OpenVPN puts subnet on lo0 on FreeBSD 11, breaks in certain cases
The route now appears on the OpenVPN interface as expected, and clients can connect/pass traffic with static addresse... Jim Pingle
07:57 AM Bug #5319: Error message "No config named" in charon daemon
I've just been hit by this as well and like the last comment, restarting ipsec from the cmd line fixes the problem fo... Nick Fisk
07:15 AM Bug #6905: XMLRPC Loop detection broken, secondary refuses to accept sync data
Merge is in commit:b8b0fab1a4ef44758ff7fdd9cbfcc8bab2fe49b9 Jim Pingle
07:08 AM Bug #6905 (Feedback): XMLRPC Loop detection broken, secondary refuses to accept sync data
Merged PR Jim Pingle
07:06 AM Bug #6905 (Resolved): XMLRPC Loop detection broken, secondary refuses to accept sync data
When trying to perform an XMLRPC between two 2.4 HA systems, the secondary won't accept new settings, believing it ha... Jim Pingle
06:26 AM Revision 1267b787: The IPv6 packets are always blocked.
Ticket #6206 Luiz Souza
06:21 AM Revision c603770d: Fix a 'divide by zero' bug on shaper wizard when PRIQ is used and no bandwitdth is entered (the correct setting for a PRIQ scheduler).
Luiz Souza
01:21 AM Bug #6904: PRIQ Queue Priority Limited To 7
Dirty patch attached to thread above, restores old behavior...
Correct way would be to determine parent interface ... ky41083 -

11/08/2016

09:46 PM Bug #6904 (Resolved): PRIQ Queue Priority Limited To 7
Set parent interface to PRIQ. Set child queue priority to anything greater than 7. Receive "Please select a value tha... ky41083 -
09:20 PM Bug #6779 (Resolved): Traffic shaper wizard uses decimals instead of whole numbers
Anonymous
09:18 PM Bug #6779: Traffic shaper wizard uses decimals instead of whole numbers
Looks like fixed. Vladimir Suhhanov
08:38 PM Revision ee908e93: ipsec, apply routes also for IP-aliases with carp parents
Pi Ba
06:53 PM Revision e5f9360f: Fixed #6893
Null configuration settings are now written as <tag></tag> instead of <tag /> for consistency Steve Beaver
06:53 PM Revision da7054b7: Fixed #6893
Null configuration settings are now written as <tag></tag> instead of <tag /> for consistency Steve Beaver
06:07 PM Bug #6903 (Resolved): services_dnsmasq_edit.php: Configuration XML hosts section order appears randomized
Related to #6893 - when I view the diff of the configuration XML after a change to DNS Resolver's Host Overrides sect... Kevin Wojniak
05:08 PM Revision 92db4492: Set root password for installation media
Renato Botelho
04:26 PM Bug #6893: Configuration XML is inconsistent with self closing tags
Awesome, thanks for the quick fix! Kevin Wojniak
01:00 PM Bug #6893: Configuration XML is inconsistent with self closing tags
Applied in changeset commit:da7054b7cf77d9322307c52d8340fb30486ce25e. Anonymous
12:54 PM Bug #6893 (Feedback): Configuration XML is inconsistent with self closing tags
Null configuration settings are now written as <tag></tag> instead of <tag /> for consistency Anonymous
01:06 PM Bug #6883: OpenVPN puts subnet on lo0 on FreeBSD 11, breaks in certain cases
thank you very much!) Dmitry Ivanov
01:02 PM Bug #6883 (Feedback): OpenVPN puts subnet on lo0 on FreeBSD 11, breaks in certain cases
I've imported a patch from OpenVPN development list:
https://github.com/pfsense/FreeBSD-ports/commit/153999c431c59... Renato Botelho
09:46 AM Bug #6902 (Not a Bug): webConfigurator not using new certificate and won't disable SSL
The certificate won't take full effect until the web server is restarted, and restarting the web server from a proces... Jim Pingle
06:00 AM Bug #6902: webConfigurator not using new certificate and won't disable SSL
Bob Hannent wrote:
> Restarting the pfSense box has now locked me out of the UI, neither HTTPS or HTTP work now. Sli... Bob Hannent
05:46 AM Bug #6902 (Not a Bug): webConfigurator not using new certificate and won't disable SSL
Method:
* I had the web UI using the default self-signed certificate and I used an alternate port number just in cas... Bob Hannent
07:38 AM Bug #3075: Can't delete unused Virtual IP "referenced by a least one gateway"
I've got this error on 2.3.2_1, on a CARP VIP I just added for a test. I'm 100% sure that VIP is not being used for a... Flavio Stanchina

11/07/2016

10:53 PM Bug #6850: FreeBSD 11.0 Route Syntax Change For Non-Local Gateway
Still seeing system lockup on 2.4.0-BETA when dealing with non-local gateways. Ken Sim
10:13 PM Revision d36ea867: 2.4.0 is now BETA
Renato Botelho
08:26 PM Revision 32980f32: update LAN regex for case insensitivity
Jonathon Anderson
07:14 PM Revision 4c7ec3de: Fixed 6901
Steve Beaver
07:13 PM Revision 6bd09ca2: Fixed 6901
Steve Beaver
06:49 PM Revision 86584ded: Store Dynamic DNS passwords in Base64 to protect special characters. Fixes #6688
Jim Pingle
06:00 PM Revision 4606b548: Fixed #6898
Steve Beaver
06:00 PM Revision 10b262b4: Fixed #6898
Steve Beaver
04:24 PM Revision cde63e73: Merge branch 'RELENG_2_3' of git.netgate.com:pfsense/pfsense into RELENG_2_3
Steve Beaver
04:22 PM Revision a4a0f8db: Fixed #6779 by rounding bandwidth down to nearest integer
Steve Beaver
04:19 PM Revision 16625f3c: Fixed #6779 by roundinf bandwidth down to nearest integer
Steve Beaver
03:56 PM Revision a6b5014d: So, PHP eats the last '\n' and we need an additional new line...
Fix the generated pf rules. Luiz Souza
03:51 PM Bug #6119 (Closed): Alias entry causes filterdns core dumps
> While creating an alias containing multiple networks, I used copy/paste and (unthinkingly) pasted 18 of the 22 entr... Jim Pingle
03:36 PM Revision 7c3a9ded: Fixed #6779
Round calculated bandwidth down to nearest integer Steve Beaver
03:18 PM Bug #6200: LACP with em driver does not work with cisco active lacp setup
I don't have a Cisco switch to test against, and the only piece of hardware I have left with em0 that works is 32-bit... Jim Pingle
02:57 PM Bug #6880 (Confirmed): Multiple DHCP6 WAN connections leads to multiple dhcp6c clients
Confirmed. The daemon is binding to all interfaces, which prevents the second one from operating properly.
Changin... Jim Pingle
02:39 PM Revision 7c9f724c: Correct part of #6779
Setting input "step" value to "any" alows hte element to accept decimal (float) values, not just integers. Steve Beaver
02:38 PM Revision 54a217f0: Correct part of #6779
Setting input "step" value to "any" alows hte element to accept decimal (float) values, not just integers. Steve Beaver
02:33 PM Bug #6663 (Confirmed): IPv6 OpenVPN client is down after reboot
Confirmed, doesn't need PPPoE. An OpenVPN instance on an assigned GIF interface is enough. It's acting as though the ... Jim Pingle
02:21 PM pfSense Packages Bug #6721: Incorrect OpenBGPd package scripts prevent use of both IPv4 and IPv6
Hi Jim,
Leaving "Listen on IP" blank makes the default IPv4 address "0.0.0.0" to be put on both IPv4 *and IPv6* "l... Luzemario Dantas
11:14 AM pfSense Packages Bug #6721 (Needs Patch): Incorrect OpenBGPd package scripts prevent use of both IPv4 and IPv6
Unless there is a compelling need to set it to listen on two specific addresses manually, leave "Listen on IP" blank ... Jim Pingle
01:12 PM Bug #6901 (Feedback): services_unbound_host_edit.php: "Delete" button should be suppressed if < 2 host aliases listed
checkLastRow() Javascript added to page Anonymous
01:12 PM Bug #6901 (Resolved): services_unbound_host_edit.php: "Delete" button should be suppressed if < 2 host aliases listed
Anonymous
01:00 PM Bug #6688 (Feedback): Special characters in a password cause problems
Applied in changeset commit:86584ded30c27b9ad1b017fb743399dc01180f02. Jim Pingle
12:50 PM Bug #6688: Special characters in a password cause problems
I committed a fix to store the passwords in base64. Worked fine here but could use more testing. 2.4 only for the tim... Jim Pingle
12:10 PM Bug #6898: Suggestion: reword "VPN > IPsec > Tunnels > Edit Phase 1" "Key Exchange version" popup contents
Applied in changeset commit:10b262b409c9b4170785948b9e73bdfc7edc2eae. Anonymous
12:01 PM Bug #6898 (Feedback): Suggestion: reword "VPN > IPsec > Tunnels > Edit Phase 1" "Key Exchange version" popup contents
Pull-down text changed as suggested. Anonymous
09:40 AM Bug #6779: Traffic shaper wizard uses decimals instead of whole numbers
Applied in changeset commit:7c3a9dede96552233fbe1da35ac4126aa524711b. Anonymous
08:56 AM Bug #6779: Traffic shaper wizard uses decimals instead of whole numbers
Fix part 1: HTML inputs that specify the bandwidth have been updated to accept decimal values.
Part 2: Calcualted ba... Anonymous
09:39 AM pfSense Packages Feature #6859 (Feedback): have an includedir by default (sudo package)
Seems useful and was simple to add. I pushed it to the 2.4 version of the package. Jim Pingle
08:20 AM pfSense Packages Bug #6867 (Closed): Please update quagga to version 1.1
We'll pick it up naturally when it comes through FreeBSD ports. I don't think it's worth going out of our way to pick... Jim Pingle
05:22 AM pfSense Packages Bug #6900 (Resolved): OpenVPN + OTP auth failure
Hi guys. In pfsense 2.3.2 after any changes (firewall rules, reboot, etc...), I cannot access the server via OpenVPN ... Franz Tavers
04:17 AM Revision 55fcc035: Do not generate IPv6 rules when IPv6 is disabled.
Ticket #6206 Luiz Souza
03:51 AM Revision 411d4e6e: Consider the IPv6 checksum options when dealing with "Disable hardware checksum offload".
Ticket #5321 Luiz Souza
03:18 AM Revision a227ecef: Merge pull request #3164 from fredronnv/master
* 'master' of https://github.com/fredronnv/pfsense:
Fix bug where CARP vip status is incorrent in the interface whe... Luiz Souza
02:57 AM Revision 068ec0b1: Merge pull request #3176 from stilez/patch-49
* 'patch-49' of https://github.com/stilez/pfsense:
80 character lines ftw :)
standardise old code ("or" -> "||") Luiz Souza
02:49 AM Revision 81cc31e1: Merge pull request #3199 from phil-davis/ipv6lower
* 'ipv6lower' of https://github.com/phil-davis/pfsense:
Remove "use lowercase" hint
Fix #6864 automatically conve... Luiz Souza

11/06/2016

10:25 PM Bug #6206 (Feedback): Default icmp6 pass-rules are added even when ipv6 is "disabled" by user
Luiz Souza
10:12 PM Feature #3859: Make it possible to set the source IP address for gateway monitoring
is there any updates on this feature ?
With lack of ipv4, being able to use only one public ip is a pretty common co... david stievenard
10:00 PM Bug #5321 (Feedback): rxcsum6, txcsum6 not considered by "Disable hardware checksum offload"
Fixed in 2.4. Luiz Souza
09:32 PM Revision c766ac7d: Fix #6899
Luka Pavlyuk
09:10 PM Bug #6864 (Feedback): Error checking rejects IPv6 addresses with upper case A-F.
Applied in changeset commit:d461ff40e364fc0ecc003b9f673cbad7c6a08f2f. Phillip Davis
06:05 PM Bug #6864: Error checking rejects IPv6 addresses with upper case A-F.
Note: The pull request generated discussion about whether users should have the option to record IPv6 addresses with ... Phillip Davis
12:37 AM Bug #6864: Error checking rejects IPv6 addresses with upper case A-F.
Take a look at Phil's patch. If it needs rework kick back to either he or I. Jim Thompson
01:07 AM Bug #6200: LACP with em driver does not work with cisco active lacp setup
Eval, please Jim Thompson
01:06 AM Bug #6119: Alias entry causes filterdns core dumps
Please retest on 2.3. Close if possible. Let me know if it's still an issue Jim Thompson
01:03 AM Bug #1813: Static routes on WAN interfaces overridden by route-to for firewall-initiated traffic
Can't be "high", it's five years old.
JimP, please reeval to see if this is still and issue. Jim Thompson
01:00 AM Bug #4424: Adding and removing shaper repeatedly causing interface crash
With luck recent work has closed this. Jim Thompson
12:59 AM Todo #6606: Adapt captive portal to work without multi-instance ipfw
Believe this should be closed Jim Thompson
12:57 AM Bug #6663: IPv6 OpenVPN client is down after reboot
Pingle pls confirm Jim Thompson
12:42 AM Bug #6688: Special characters in a password cause problems
Please look at Phil'a patch Jim Thompson
12:31 AM Bug #6896 (Feedback): unbound root.key file corruption possibly related to full file system
Jim Thompson
12:27 AM pfSense Packages Feature #6859: have an includedir by default (sudo package)
Pingle for eval. Jim Thompson
12:26 AM pfSense Packages Bug #6867: Please update quagga to version 1.1
Needs serious evaluation first. Jim Thompson

11/05/2016

02:03 PM Todo #6332: Upgrade encryption options to cover current range of recommendations
In general I agree that we could do a better job here. Beaver can look into that.
Things like md5 have to stay u... Jim Thompson
12:04 PM Todo #6332: Upgrade encryption options to cover current range of recommendations
Jim Pingle wrote:
> We can't outright purge md5 and other weak options because people are frequently forced to use t... Sean McBride
11:04 AM Todo #6332: Upgrade encryption options to cover current range of recommendations
We can't outright purge md5 and other weak options because people are frequently forced to use them for third party v... Jim Pingle
10:09 AM Todo #6332: Upgrade encryption options to cover current range of recommendations
I was about to file a similar bug, but found this one searching the bugbase for "md5".
I'm new to pfsense and just... Sean McBride
12:56 PM Feature #6899 (Needs Patch): Can't specify PPTP/L2TP gateway as FQDN
Thanks for the proposal. This would be considered a feature request (I changed the type for you). Code submissions sh... Jim Pingle
12:51 PM Feature #6899 (Resolved): Can't specify PPTP/L2TP gateway as FQDN
Actually I don't know that's a bug report or a feature request actually.
Nevertheless I'm using the following workar... Luka Pavlyuk
12:30 PM Bug #6898 (Resolved): Suggestion: reword "VPN > IPsec > Tunnels > Edit Phase 1" "Key Exchange version" popup contents
In the "VPN > IPsec > Tunnels > Edit Phase 1" screen, there is a "Key Exchange version" popup, its contents are:
V1... Sean McBride
07:45 AM pfSense Packages Feature #6226: Add usb_modeswitch to the pfSense package repo
Has this feature request stalled ?
There is a package that that could handle this, it is only a matter of the corr... Dan Lundqvist
04:26 AM Revision 3c3f9397: Fix the port assigment on SG-4860 or SG-8860.
Luiz Souza

11/04/2016

08:50 PM Feature #6897 (Duplicate): Use a dedicated favicon for the webConfigurator (one that differs from *.pfsense.org)
I think webConfigurator should use a favicon that differs from the one used on any *.pfsense.org.
I often have mul... Claude Duvergier
08:26 PM Revision d5cf0b70: Fixed #6895
by setting overflow-x: visible; in CSS Steve Beaver
08:25 PM Revision 7da65ab7: Fixed #6895
by setting overflow-x: visible; in CSS Steve Beaver
07:17 PM Revision 0bddde7f: Enable ALTQ for cxl. Fixes #6830
Renato Botelho
07:17 PM Revision 0ea7b83e: Enable ALTQ for cxl. Fixes #6830
Renato Botelho
07:16 PM Revision 7ac34d65: Enable ALTQ for cxl. Fixes #6830
Renato Botelho
07:08 PM Bug #6779: Traffic shaper wizard uses decimals instead of whole numbers
Thanks!
I updated you instructions a little since "default" is not always the same in the Wizard. Anonymous
11:31 AM Bug #6779: Traffic shaper wizard uses decimals instead of whole numbers
Yes, calculated values.
Run wizard, select Multiple Lan/Wan traffic_shaper_wizard_multi_all.xml
*First step:*
LA... Vladimir Suhhanov
10:47 AM Bug #6779 (Feedback): Traffic shaper wizard uses decimals instead of whole numbers
Would you please clarify for me?
Does the problem occur when you enter decimals in the wizard, or when values you ... Anonymous
06:43 PM Revision 01fb4340: Fixed $6811
Steve Beaver
06:39 PM Revision cbd61636: When deleting or disabling a non-dynamic gateway, if that gateway was set as default then remove the corresponding default route to respect the user's decision. Fixes #6659
(cherry picked from commit 1be1b87b5f9ab8d0a259b888aab08ec6babad568) Jim Pingle
06:06 PM Revision 1be1b87b: When deleting or disabling a non-dynamic gateway, if that gateway was set as default then remove the corresponding default route to respect the user's decision. Fixes #6659
Jim Pingle
05:19 PM Bug #6896: unbound root.key file corruption possibly related to full file system
The logs cannot fill up anything. They are circular and fixed size - see Status - System Logs - Settings. Simply make... Kill Bill
05:19 PM Bug #6896: unbound root.key file corruption possibly related to full file system
Just following up, I traced it down to the suricata package. My DNS log is gigabytes in length. What is strange is t... George 77
05:13 PM Bug #6896 (Not a Bug): unbound root.key file corruption possibly related to full file system
My root.key becomes corrupt and unbound crashes and no longer will start. This bug is likely related to #5334 and has... George 77
04:51 PM Revision f92d44da: Fixed #6811
Steve Beaver
04:28 PM Revision 3b55b54e: Improved error message to explicitly state allowable characters
Related to Bug #6432. Sean McBride
03:30 PM Bug #6895: Moving rules does not scroll
Applied in changeset commit:7da65ab7dc9a1b55624de9fb6eb9a4a272440573. Anonymous
03:29 PM Bug #6895 (Feedback): Moving rules does not scroll
Matt Fine to test. Anonymous
03:23 PM Bug #6895 (Resolved): Moving rules does not scroll
Dragging firewall rules does not automatically scroll the page when dragging to the top or bottom of hte visible window Anonymous
03:05 PM Revision 2446fffa: Convert CloudFlare and GratisDNS dynamic DNS over to split hostname and domain name fields, like Namecheap. Otherwise they could both break with subdomains or international TLDs with many parts. Fixes #6778
Jim Pingle
02:58 PM pfSense Packages Bug #6777 (Not a Bug): squid cant redirect ssl website correctly to squidguard error page in a denied category
Jim Pingle
02:56 PM pfSense Packages Bug #6777: squid cant redirect ssl website correctly to squidguard error page in a denied category
NOT A BUG.
This is caused by a behavior on Browsers, check this link for more information about it: https://bugzil... Luiz Fernando Cavalcanti
02:38 PM Revision 96ff627f: Fixed #6753
Interface menu entries no longer sorted for consistency with other GUI instances
(cherry picked from commit e5d33973... Steve Beaver
02:38 PM Revision e5d33973: Fixed #6753
Interface menu entries no longer sorted for consistency with other GUI instances Steve Beaver
02:34 PM Todo #6894: Improvements and fixes on 2.4 installer
- It's not rebooting after auto ZFS installation on 4860 Renato Botelho
02:04 PM Todo #6894 (Resolved): Improvements and fixes on 2.4 installer
- Remove extra options for auto UFS leaving only MBR and GPT
- Use labels to particions on UFS Renato Botelho
02:22 PM Revision 46800f85: OpenBSD removed the pf FAQ page for shaping, so link to the proper page on archive.org since they offer no current equivalent and no other suitable replacement page is immediately available. Fixes #6781
Jim Pingle
02:22 PM Revision 7a48a7f7: OpenBSD removed the pf FAQ page for shaping, so link to the proper page on archive.org since they offer no current equivalent and no other suitable replacement page is immediately available. Fixes #6781
Jim Pingle
02:20 PM Revision 79e50e97: OpenBSD removed the pf FAQ page for shaping, so link to the proper page on archive.org since they offer no current equivalent and no other suitable replacement page is immediately available. Fixes #6781
Jim Pingle
02:20 PM Bug #6830 (Feedback): Chelsio T4/T5 CXGBE drivers not loaded as ALTq capable in the PfSense UI
Applied in changeset commit:7ac34d65a4f3f8561c8156ae75630aa71c8a88f2. Renato Botelho
01:18 PM Bug #2800 (Resolved): OpenVPN doesn't work properly with intermediate/chained CAs
This works fine in the base system and in the export package. I can make a CA, then make an intermediate CA, then mak... Jim Pingle
01:10 PM Bug #6659 (Feedback): Default routes are not being removed after deletion
Applied in changeset commit:1be1b87b5f9ab8d0a259b888aab08ec6babad568. Jim Pingle
12:13 PM Bug #6876: Firewall alias issue after adding a wrong alias
I do confirm that affected version are 2.3.2 and 2.2, even if screenshot is 2.2.x. Purpose of screenshot was just to ... m de crevoisier
09:11 AM Bug #6876 (Feedback): Firewall alias issue after adding a wrong alias
Affected version has been set to 2.3.2, yet your screenshots are from a 2.2.x version. Would you please confirm that ... Anonymous
12:00 PM Bug #6811: pkg_edit.php rowhelper is broken with multiple distinct rowhelpers per page.
Applied in changeset commit:f92d44da5a4958372c7fb925043abc34588143e3. Anonymous
11:51 AM Bug #6811 (Feedback): pkg_edit.php rowhelper is broken with multiple distinct rowhelpers per page.
Changes made to pkg_edit.php appear to have resolved this, but more testing is required. Many packages use rowhelpers... Anonymous
11:22 AM Bug #6432: Relative distinguished names should accept unicode during CA creation.
I hit this exact problem too.
It would be nice to at least improve the error message to state which characters are... Sean McBride
11:05 AM Bug #6884: "Reboot" option should be under "System" menu, not "Diagnostics"
First, I really did not intend to start a bikeshedding flame war. :) I honestly thought it would be non-controversia... Sean McBride
10:51 AM Bug #6884: "Reboot" option should be under "System" menu, not "Diagnostics"
In the typical firewall use case, a reboot or halt only happens when there is a problem that needs correcting, which ... Jim Pingle
10:42 AM Bug #6884: "Reboot" option should be under "System" menu, not "Diagnostics"
Shrug; not sure how common action is rebooting a NAS:
QNAP: !https://s22.postimg.org/4aznct5kh/Screenshot_1.png! S... Kill Bill
10:26 AM Bug #6884: "Reboot" option should be under "System" menu, not "Diagnostics"
Because it's a bikeshed discussion that will never please everyone. Making reboot and halt more accessible is not a g... Jim Pingle
10:18 AM Bug #6884: "Reboot" option should be under "System" menu, not "Diagnostics"
I think all the current locations simply suck. Why not have a menu in place of the current logout button that offers ... Kill Bill
10:39 AM Bug #6668 (Feedback): IPSec tunnel + L2TP/IPSec VPN - wrong PSK chosen by pfSense
I'm hesitant to commit changes to the ordering without lots of testing first, so can you try the attached patch to se... Jim Pingle
10:14 AM Bug #6893: Configuration XML is inconsistent with self closing tags
Here's another example. I only deleted some L2TP users, but the XML has changed for these values (screenshot from Sou... Kevin Wojniak
09:39 AM Bug #6893 (Resolved): Configuration XML is inconsistent with self closing tags
Whenever I make changes I do "Download configuration as XML" and store the file in a git repository, so I always view... Kevin Wojniak
10:10 AM Bug #6778 (Feedback): CloudFlare Dynamic DNS fails when domain name uses a Second Level TLD
Applied in changeset commit:2446fffa5932e8debcaf165bfaf5492cea429c60. Jim Pingle
10:06 AM Bug #6778 (Confirmed): CloudFlare Dynamic DNS fails when domain name uses a Second Level TLD
Both CloudFlare and GratisDNS used the same logic that Namecheap used to use, which has several potential problems. I... Jim Pingle
10:04 AM Bug #6406: Web process becomes unresponsive producing 502 Bad Gateway nginx
There is no known consistent single cause. Some have it with nothing else installed, some other pfBlocker, some with ... Jim Pingle
09:59 AM Bug #6406: Web process becomes unresponsive producing 502 Bad Gateway nginx
Sorry to re-hash this, but since it has just been assigned to me I need an update.
Some of the above responses wou... Anonymous
09:50 AM Feature #6753: Interfaces list order not consistent
Applied in changeset commit:e5d339735836fd55b0fa944d5d7e472793785e30. Anonymous
09:43 AM Feature #6753 (Feedback): Interfaces list order not consistent
Sorting has been removed from the Interface menu.
Adding msort to all other occurrences would obviously involve mo... Anonymous
09:35 AM Bug #6826: DNS forwarder is sending packets with link-local IPv6 source address to global unicast address
Thanks. ping is a special case since it is protocol-aware (separate ping, ping6), but it looks like FreeBSD doesn't i... Brian Candler
08:49 AM Bug #6826 (Rejected): DNS forwarder is sending packets with link-local IPv6 source address to global unicast address
This appears to be how FreeBSD behaves and is not specific to the DNS resolver or forwarder, the same happens even wi... Jim Pingle
09:30 AM Bug #6781 (Feedback): OpenBSD description links are broken in Traffic Shaper
Applied in changeset commit:79e50e9768f32b75817a28021d051c79cb44fdec. Jim Pingle
09:13 AM Bug #6711 (Closed): diag_states_summary # States and # States twice (explain one is per protocol)
Anonymous
09:06 AM Bug #6802 (Rejected): GUI does not respond and vpn stops working
Duplicate of #6406 and others that are all the same base issue: PHP gets wedged and don't respond. Jim Pingle
09:04 AM Bug #6868 (Confirmed): Interface MTU Setting not applied to all IPv6 routes
I can reproduce the behavior on 2.3.x. If I adjust the MTU of an assigned interface, only the default and/or link rou... Jim Pingle
08:58 AM Bug #6812 (Feedback): IPsec filterdns crash
The two events are not related.
The first is an issue with an IPsec tunnel peer address that was entered as a full... Jim Pingle
02:09 AM Bug #6843: Version inconsistency after updating to 2.3.2_1
I should add that I've since this was reported upgraded via the command line and it now shows 2.3.2_1 on both pages. Ivan Pedersen

11/03/2016

11:00 PM Bug #6892 (Resolved): CARP VIPs Deleted entering CARP Maintenance Mode
There is an issue both upgrading CARP HA cluster and subsequent entering and leaving CARP maintenance mode.
When e... Chris Linstruth
10:09 PM Bug #6884 (Rejected): "Reboot" option should be under "System" menu, not "Diagnostics"
This debate pops up every now and then and there hasn't been a compelling argument for moving it. Rebooting and shutt... Jim Pingle
10:01 PM Bug #6884: "Reboot" option should be under "System" menu, not "Diagnostics"
When I first came to pfSense I had the same trouble finding the Reboot entry and Halt entry.
The flip side to this i... Phillip Davis
10:08 PM Bug #4326: Limiters on firewall rules where NAT applies drop all traffic
OK. I don't use this so it doesn't effect systems that I have that will be stuck on 2.3.* (32-bit Alix). If it is not... Phillip Davis
09:43 PM Bug #4326: Limiters on firewall rules where NAT applies drop all traffic
Given all the work that's happened on 2.4 with IPFW, I'd say it's best to not attempt a backport. 2.4 is not that far... Jim Pingle
07:36 PM Bug #4326: Limiters on firewall rules where NAT applies drop all traffic
I guess the fix is in the pf port or...?
Is it something that easily applies back to 2.3.* FreeBSD 10.3 and thus cou... Phillip Davis
05:10 PM Bug #4326 (Feedback): Limiters on firewall rules where NAT applies drop all traffic
Fixed in 2.4. Luiz Souza
09:42 PM Bug #6812: IPsec filterdns crash
Assigned to Pingle for analysis. Jim Thompson
09:41 PM Bug #6823: No connectivity after changing link state to UP

We would have to provide the ports of the Intel drivers as packages, and then allow people to load the package on d... Jim Thompson
09:22 PM Bug #6868: Interface MTU Setting not applied to all IPv6 routes
assigned to Pingle for analysis. Jim Thompson
08:54 PM Bug #6891: Improper shutdown causes irrecoverable filesystem corruption, unable to boot or fsck
Some related forum threads...
https://forum.pfsense.org/index.php?topic=120019.0
https://forum.pfsense.org/index.ph... → luckman212
08:47 PM Bug #6891 (Duplicate): Improper shutdown causes irrecoverable filesystem corruption, unable to boot or fsck
I've had this happen 4 times so far that I can remember. That is definitely more than I would like but out of ~85 fi... → luckman212
07:42 PM Bug #6406: Web process becomes unresponsive producing 502 Bad Gateway nginx
FYI - Still happening on 2.3.2-RELEASE-p1 systems. Alex Vergilis
07:00 PM Revision 8d44b2cb: xmlrpc, fix loopback detection
Pi Ba
06:55 PM Feature #6775: Strongswan PKCS#11 Support
https://wiki.strongswan.org/projects/strongswan/wiki/PKCS11plugin
no idea what this needs in the GUI, etc.
OP s... Jim Thompson
05:34 PM Bug #6890 (Resolved): PPP service name error
Hi,
I've just updated a virtual appliance to the new 2.3.2_1 version, and now, i can't add ppp connection (3G backu... Jonathan Valverde
03:56 PM Bug #1819: DNS Resolver Not Registering DHCP Server Specified Domain Name
Any updates on this? It also seems to be affecting unbound on 2.3.2-p1. Until this is fixed, perhaps removing the d... Jacob Smith
12:20 PM Bug #6887 (Rejected): Carp status widget doesn't work, show wrong IPs status
I can't reproduce this. If I create a similar setup, the VIP status is reflected properly on both units.
That said... Jim Pingle
05:45 AM Bug #6887 (Rejected): Carp status widget doesn't work, show wrong IPs status
In a two nodes cluster with 3 carp IPs, carp widget doesn't show correctly which node is master or backup for each ip... Alberto Ayllon
10:21 AM Todo #6889 (Resolved): Improve router mode help text
*Current*
Select the Operating Mode for the Router Advertisement (RA) Daemon. Use:
Router Only to only advertise th... Corey Boyle
09:24 AM Bug #6888 (Rejected): openVPN - Client Specific Overrides
Don't use a manual "ifconfig-push" line, that's what the "Tunnel Network" option in the override sets up automaticall... Jim Pingle
09:19 AM Bug #6888 (Rejected): openVPN - Client Specific Overrides
System: 2.3.2-RELEASE-p1
On WebGUI i put 'ifconfig-push 172.50.0.10 255.255.255.0' but client gets this IP: 172.50... Daniel Kaspar
07:40 AM Bug #3330: Load Balancer showing wrong Status when using aliases for the port
Indeed, is still there in 2.3.2-RELEASE-p1, is not assigned to anybody unfortunately and I need to do load balancing ... Alex Stefan

11/02/2016

06:48 PM Revision 4406922e: syslogd, create configured logsocket directories
Pi Ba
04:15 PM Feature #6886 (Resolved): Allow Dual-Stack IPSec VPN
It would be nice to have a third option in the web interface for creating IPSec mobile configs, allowing you to selec... Tobias Timpe
04:10 PM Todo #6885 (Resolved): Add vectorized logo in web interface
The logo used on the pfSense web interface should be a scalable vector graphics file (SVG), allowing it to automatica... Tobias Timpe
04:01 PM pfSense Packages Bug #6410: when PFSENSE after server restart,openvpn+motp not login
Hello,
this seems to be a solid hazard preventing the use of motp based 2 factor auth.
see also https://forum.pfs... Johannes Goldynia
11:43 AM Bug #6884 (Rejected): "Reboot" option should be under "System" menu, not "Diagnostics"
I'm new to pfsense, and this is my first bug report. Please be gentle. :)
I had to google how to reboot pfsense, b... Sean McBride
07:16 AM Bug #6883: OpenVPN puts subnet on lo0 on FreeBSD 11, breaks in certain cases
This appears to be a general problem with OpenVPN on FreeBSD 11:
https://forums.freebsd.org/threads/58019/
https:... Jim Pingle

11/01/2016

03:32 PM Todo #4706 (Feedback): MPD needs to be upgraded to version 5 even for the various other tunnels
PPPoE and L2TP were converted to use mpd5 in commit:8d50c07c8bfdd2692a0c7d3ca3489977b528aecc and commit:2c0a3677de6b6... Renato Botelho
02:53 PM Bug #6850 (Confirmed): FreeBSD 11.0 Route Syntax Change For Non-Local Gateway
Renato Botelho
01:31 PM pfSense Packages Bug #5868 (Feedback): Quagga OSPF Priority value "0" (zero) is being ignored - DR election doesnt work properly.
I pushed a fix for this in package version 0.6.15. Jim Pingle
12:05 PM Bug #6883 (Confirmed): OpenVPN puts subnet on lo0 on FreeBSD 11, breaks in certain cases
Jim Pingle
12:02 PM Bug #6883: OpenVPN puts subnet on lo0 on FreeBSD 11, breaks in certain cases
I ran some tests and can confirm the issue on 2.4 only.
2.3.3 and 2.4 run the same version of OpenVPN and have ide... Jim Pingle
11:41 AM Bug #6883: OpenVPN puts subnet on lo0 on FreeBSD 11, breaks in certain cases
when i try to connect to pfsense web interface, there is block entry in firewall log:
lo0 10.10.111.231:81 _(pfsen... Dmitry Ivanov
08:32 AM Bug #6883: OpenVPN puts subnet on lo0 on FreeBSD 11, breaks in certain cases
dev ovpns7
verb 1
dev-type tun
dev-node /dev/tun7
writepid /var/run/openvpn_server7.pid
#user nobody
#group nob... Dmitry Ivanov
08:15 AM Bug #6883: OpenVPN puts subnet on lo0 on FreeBSD 11, breaks in certain cases
Still not enough info. Need to know all settings all the way down the page, especially the topology type. Would also ... Jim Pingle
07:57 AM Bug #6883: OpenVPN puts subnet on lo0 on FreeBSD 11, breaks in certain cases
it works on 2.3.*
i installed 2.4, and restored config from 2.3.3
openvpn server UDP/TUN
Server mode - Remote Ac... Dmitry Ivanov
07:11 AM Bug #6883 (Feedback): OpenVPN puts subnet on lo0 on FreeBSD 11, breaks in certain cases
Unless this was a working configuration on a previous version, it's more likely to be a configuration error. There is... Jim Pingle
05:11 AM Bug #6883 (Resolved): OpenVPN puts subnet on lo0 on FreeBSD 11, breaks in certain cases
openvpn - UDP/TUN (TAP works)
clients connect to server, in the logs everything is fine, but no access anywhere.
wi... Dmitry Ivanov
10:22 AM Bug #4723 (Feedback): Can't forward UDP fragmented packets with scrubbing enabled.
I tested the forwarding of fragmented ICMP and UDP packets and they seem to be working as expected on 2.4.
Could s... Luiz Souza
10:19 AM Bug #4723: Can't forward UDP fragmented packets with scrubbing enabled.
Remko Lodder wrote:
> Chris Buechler wrote:
> > I hit this issue with a customer last week. Worked fine after disab... Luiz Souza
04:35 AM Bug #4326: Limiters on firewall rules where NAT applies drop all traffic
This is a workaround, not a clean solution.
Better than nothing, but a native, specific and definitive resolution is... Luca De Andreis

10/31/2016

09:04 PM Revision 9d29322d: Do not attempt to remove interfaces from CP zone, captiveportal_configure_zone() will take care of it
Renato Botelho
08:31 PM Revision 0b8b5069: Check if pidfile is valid before try to send signal
Renato Botelho
03:36 PM pfSense Packages Bug #5868 (Confirmed): Quagga OSPF Priority value "0" (zero) is being ignored - DR election doesnt work properly.
Looks like it's a classic case of PHP returning "true" for empty() when passed a string of "0". I'll look into it. Jim Pingle
03:15 PM Bug #6882 (Resolved): bsnmpd uses all available CPU with hostres module active in some cases
Running 2.4, bsnmpd will consume all available CPU time when the hostres module is active. The CPU usage for geom als... Jim Pingle
12:19 PM Bug #4723: Can't forward UDP fragmented packets with scrubbing enabled.
Remko Lodder wrote:
> Chris Buechler wrote:
> > I hit this issue with a customer last week. Worked fine after disab... Dominic Blais
10:04 AM Bug #6856: "Force Config Settings" buton on master causes slave to loss IP alises on lo0
Confirmed in 2.2.6 and 2.3.2_1 64bit. Steve Wheeler
07:12 AM Feature #6881 (Duplicate): services_unbound_host_edit.php: DNS Resolver Add V4 and V6 host override at the same time
Is there any chance of changing the setup of the Edit Host Overide page so you can add IPv4 and IPv6 addresses for th... Andy Kniveton

10/30/2016

01:08 AM Bug #6340: fsck hangs boot in background, fails to produce any action, resulting in broken firewall
So far I am happy with 2.4 running on ZFS, even it highly experimental, I use on one non so critical production firew... Vladimir Suhhanov

10/29/2016

10:12 PM Revision e8517c7c: interfaces, show error message if adding duplicate gateway
Pi Ba
10:08 PM Revision 33927941: ipsec mobile clients, don't check mobile leases if mobile client isn't enabled to begin with
Pi Ba
07:50 AM Bug #4326: Limiters on firewall rules where NAT applies drop all traffic

Solution
fix Limiters on firewall rules where NAT applies drop all traffic
and
Problem Limiter blocks in... gmar almnsoor
05:31 AM Bug #4326: Limiters on firewall rules where NAT applies drop all traffic
Also affected... is there any plan to fix this in an upcoming release as it's a common use case jake keeys
04:03 AM Bug #6340: fsck hangs boot in background, fails to produce any action, resulting in broken firewall
Managed to completely destruct entire system by a _single_ power cycle. Unbootable, kernel panic, endless reboot cycl... Kill Bill

10/28/2016

08:17 PM Bug #6880 (Resolved): Multiple DHCP6 WAN connections leads to multiple dhcp6c clients
When configuring multiple interfaces as DHCP6, such as PPPoE DSL and Cable, multiple dhcp6c processes get started, on... Roy Hooper
05:47 PM Revision 393c1317: Always create a pipe for each allowed MAC or IP
Renato Botelho
05:44 PM Revision aab966f2: host_ips tables is not supposed to use pipes
Renato Botelho
03:11 PM Bug #6879 (Resolved): GUI doesn't show rebooting notification after upgrading
During upgrade to the latest version, GUI doesn't update fast enough and does not write a rebooting notification. To ... Ivor Kreso
06:18 AM pfSense Packages Bug #6875: dpinger not switching icmp id automatically
Luiz Otavio O Souza wrote:
> This is the same behaviour of ping (the icmp_id comes from the PID).
>
> So, when yo... Tiziano Bacocco
12:52 AM pfSense Packages Bug #6305: Quagga problems updating routes / mistakenly showing "kernel"-routes while they are not
So far the only thing I got from Martin was that -9 is not a nice way to stop quagga and could cause the issues... Al... Reqlez Guy

10/27/2016

05:26 PM Revision aa9cf3fa: Fix #6758
extensions.ini must be readable by any users otherwise any php script
called by a non-root user will not be able to u... Renato Botelho
12:57 PM pfSense Packages Bug #6878 (Resolved): how to use snort, squid and squid_guard with a ram disk
create 2 directories in /root
mkdir /root/sauv_db_clamav/
mkdir /root/sauv_db_squidGuard/
you need to create a f... sylvain sylvain
12:40 PM Bug #6758 (Feedback): 2 x Crash with "PHP Fatal error: Call to undefined function pfSense_interface_listget() in /etc/inc/interfaces.inc on line 80"
Applied in changeset commit:aa9cf3fa4d532e9f2dbd05d38ca438980b21e06b. Renato Botelho
12:37 PM Bug #6686 (Resolved): PHP extensions.ini cannot be read by non root users
Renato Botelho
09:33 AM Revision fc0e31d7: Import a patch to fix Net_IPv6::compress("::")
Obtained from: https://github.com/phil-davis/Net_IPv6/commit/638b96a253164b65c63825c38e79812b6c5f448d
Submitted by: ... Renato Botelho
09:32 AM Revision f5febd77: Import a patch to fix Net_IPv6::compress("::")
Obtained from: https://github.com/phil-davis/Net_IPv6/commit/638b96a253164b65c63825c38e79812b6c5f448d
Submitted by: ... Renato Botelho

10/26/2016

10:59 PM Revision 013110a1: 80 character lines ftw :)
Just because it was asked nicely :) Stilez y
10:12 PM Revision 97eebb23: coding layout fix
Stilez y
10:11 PM Revision c7e31e37: remove gettext() not needed
Stilez y
10:09 PM Revision fa16b2f9: add gettext() to icmptype descriptions
Stilez y
06:17 PM Revision 3e80d64e: Make sure we consume staging packages on build process after pfSense-repo became a package
Renato Botelho
06:16 PM Revision c497ae1d: Make sure we consume staging packages on build process after pfSense-repo became a package
Renato Botelho
06:16 PM Revision a014cf62: Make sure we consume staging packages on build process after pfSense-repo became a package
Renato Botelho
05:07 PM Revision 349b2102: ARM kernel is not compressed, deal with that
Renato Botelho
02:37 PM Bug #6802: GUI does not respond and vpn stops working
I too have seen this issue.
I bought a new newgate sg2440 running 2.3.2_1 and 1 week ago I used it to replace my o... Adam Saint
09:03 AM Bug #6877: nsCertType "Server" property of a certificate is not detected if additional nsCertType flags are also set
That means nothing to how it's used on pfSense. One of the primary uses of certificates on pfSense is OpenVPN, and Op... Jim Pingle
08:41 AM Bug #6877: nsCertType "Server" property of a certificate is not detected if additional nsCertType flags are also set
OK. However, let me point out that, according to https://www.openssl.org/docs/manmaster/apps/x509v3_config.html, the ... Bruno Grossmann
08:28 AM Bug #6877 (Rejected): nsCertType "Server" property of a certificate is not detected if additional nsCertType flags are also set
Those are both authentication attributes, not the server property.
The GUI checks the cert to see if the nsCertTyp... Jim Pingle
08:23 AM Bug #6877 (Resolved): nsCertType "Server" property of a certificate is not detected if additional nsCertType flags are also set
Using a GoDaddy server certificate. The server has both TLS Web Server Authentication and TLS Web Client Authenticati... Bruno Grossmann

10/25/2016

06:33 PM Bug #6869: Diagnostics / Routes Truncates Destination and Gateway Names
Note: This fix has been applied to RELENG_2_3 to fix the issue on FreeBSD 10.3/pfSense 2.3.*
In FreeBSD 11.0 (upco... Phillip Davis
10:40 AM Bug #6869: Diagnostics / Routes Truncates Destination and Gateway Names
Applied in changeset commit:ed893ee55a248bea3a03d69a7e80b905a39a4f94. Phillip Davis
10:29 AM Bug #6869 (Feedback): Diagnostics / Routes Truncates Destination and Gateway Names
PR has been merged, thanks! Renato Botelho
03:56 PM Revision e37ecea9: Improve IPv4 address validation for services_dhcp
The input pattern that goes with Form_IpAddress by default allows for IPv4 and IPv6 valid characters. The back-end va... Phil Davis
03:55 PM Revision 892d8816: Merge pull request #3201 from phil-davis/patch-3
Renato Botelho
03:49 PM Revision b6417760: dyndns: add header processing in curl
some dyndns implementations rely on the correct HTTP header being set. the information was lost and now fixed. Christoph Filnkößl
03:47 PM Revision 0e0f580d: dyndns: add header processing in curl
some dyndns implementations rely on the correct HTTP header being set. the information was lost and now fixed. Christoph Filnkößl
03:42 PM Revision f85a1e53: Merge pull request #3192 from PiBa-NL/xmlrpc-auth
Renato Botelho
03:38 PM Revision bddeb146: Fix display advanced after input error for system_gateways_edit
Use case:
1) Edit a gateway that has no advanced settings (i.e. the Advanced section does not need to open on page lo... Phil Davis
03:38 PM Revision 06493ae0: Fix display advanced after input error for system_gateways_edit
Use case:
1) Edit a gateway that has no advanced settings (i.e. the Advanced section does not need to open on page lo... Phil Davis
03:37 PM Revision 1ace41be: Merge pull request #3200 from phil-davis/patch-2
Renato Botelho
03:35 PM Revision 7f798f24: Better handle no dhcpv6 leases file
(cherry picked from commit 2355c154b7598f937ba2121429659f5676ce4d96) Phil Davis
03:34 PM Revision 3e598cc9: Better handle no dhcpv6 leases file
(cherry picked from commit 2355c154b7598f937ba2121429659f5676ce4d96) Phil Davis
03:34 PM Revision bc6cefb7: Merge pull request #3197 from phil-davis/dhcp6
Renato Botelho
03:26 PM Revision 2674bfad: Merge pull request #3204 from phil-davis/patch-6
Renato Botelho
03:25 PM Revision 0b1715e9: Fix #6872 CP bandwidth 0 is no valid
The front-end validation prevents zero from being entered. "Leave empty" is the way to specify no limit.
(cherry pick... Phil Davis
03:25 PM Revision 4f131b02: Fix #6872 CP bandwidth 0 is no valid
The front-end validation prevents zero from being entered. "Leave empty" is the way to specify no limit.
(cherry pick... Phil Davis
03:25 PM Revision 4a1dc683: Merge pull request #3205 from phil-davis/patch-7
Renato Botelho
11:06 AM Revision 99a537e1: Make sure filterdns is disabled when CP zone is disabled
Renato Botelho
10:49 AM Bug #6874 (Feedback): Dynamic DNS w/ DNSimple
PR has been merged, thanks! Renato Botelho
10:35 AM Bug #6717 (Feedback): Status / DHCPv6 Leases Issues
PR has been merged, thanks! Renato Botelho
10:28 AM Bug #6872 (Feedback): Captive Portal per user bandwidth field no longer accepts 0.
PR has been merged Renato Botelho
08:15 AM Bug #6876 (Resolved): Firewall alias issue after adding a wrong alias

***** ALREADY POSTED ON FORUM : https://forum.pfsense.org/index.php?topic=119811.msg662795#msg662795 **************... m de crevoisier
05:20 AM Feature #1219: Ship DTRACE enabled kernels in the images
+100500
Please, implement! Alex Kolesnik
01:22 AM Revision 9945720f: Fix the ipfw rule to use the table cp_ifaces and not the interface cp_ifaces.
Luiz Souza

10/24/2016

09:26 PM Revision a4aebf44: Stop using -y on filterdns call
Renato Botelho
09:22 PM Revision 517b893e: Rework captive portal to run with stock IPFW (round 1)
- Remove use of IPFW context
- Create a rule that will skip to proper rule for each cp zone
- Use new PHP module func... Renato Botelho
09:09 PM Revision 6344be46: REmove accidental text
Steve Beaver
09:08 PM Revision 2c38c5de: Remove accidental code
Steve Beaver
05:48 PM Bug #6272: Wrong numbers in state column of /firewall_rules.php
Ok thanks for the explanation Jo S
05:44 PM Bug #6272: Wrong numbers in state column of /firewall_rules.php
RELENG_2_3 is the development path towards (a possible) 2.3.3. It should therefore be fixed in recent builds of 2.3.3... Phillip Davis
03:03 AM Bug #6272: Wrong numbers in state column of /firewall_rules.php
Hi, by "RELENG_2_3" do you mean this should be already fixed in current stable 2.3.2-RELEASE-p1 ? Because the problem... Jo S
05:35 PM Bug #6874: Dynamic DNS w/ DNSimple
I stumbled on to the same problem just now when implementing a new dyndns provider.
The code was wrong for both the ... Christoph Filnkößl
01:34 AM Bug #6874 (Resolved): Dynamic DNS w/ DNSimple
Around line 1380 in src/etc/inc/dyndns.class is a chunk of code that looks like this:... Michael Lustfield
03:46 PM Revision 3a5a205d: Revise login hostname dispaly
Steve Beaver
03:44 PM Revision c1077a75: Revert "Allow login hostname to be controlled via system.php"
This reverts commit cd6b99147a673b6bd0313fff55cab7eb6879608f. Steve Beaver
03:42 PM Revision cd6b9914: Allow login hostname to be controlled via system.php
Steve Beaver
03:37 PM Revision dd56aa5d: Added hostname to login page.
Option control required
(cherry picked from commit 616724395ae00a74fac4cf960ac2261b486e9dae) Steve Beaver
03:36 PM Revision 506fe755: Provide conrol on system.php to allow display of hostname on login banner
(cherry picked from commit a22947a4980a9f8beb294d6bad039495164ff1aa) Steve Beaver
03:30 PM Revision a22947a4: Provide conrol on system.php to allow display of hostname on login banner
Steve Beaver
03:06 PM Revision 61672439: Added hostname to login page.
Option control required Steve Beaver
02:18 PM pfSense Packages Bug #6875: dpinger not switching icmp id automatically
This is the same behaviour of ping (the icmp_id comes from the PID).
So, when you have an issue with your ISP ping... Luiz Souza
11:46 AM pfSense Packages Bug #6875 (Not a Bug): dpinger not switching icmp id automatically
I'm having a problem with dpinger that's not switching ICMP id when there's packet loss, for example in a CGNAT scena... Tiziano Bacocco
07:59 AM Bug #6870 (Closed): Load balancer DNS (relayd) can't handle fragmented udp, breaks DNSSEC
@relayd@ is a part of the FreeBSD ports tree. It's not a piece of software that pfSense has ported or maintained. You... Jim Pingle
07:50 AM pfSense Packages Bug #6871 (Not a Bug): Squid Proxy Reports bug
Jim Pingle
04:16 AM Bug #6223: IPsec + OpenBGPD fails with "PF_KEY socket: No buffer space available"
I can word in on this, major issue. Martin Hansen
04:11 AM Revision 71bb3f01: Update the variable with the round() return otherwise it does not has any effect.
Found while testing Ticket #6272.
(cherry picked from commit 92130da3b5fb55588d351c22042c9ce8ab5883d7) Luiz Souza
04:09 AM Revision 92130da3: Update the variable with the round() return otherwise it does not has any effect.
Found while testing Ticket #6272. Luiz Souza
12:32 AM Revision b7f2ebb5: Fix #6872 CP bandwidth 0 is no valid
The front-end validation prevents zero from being entered. "Leave empty" is the way to specify no limit. Phil Davis

10/23/2016

11:58 PM Bug #5317: CSR signed certificates shows issuer as external
Seeing this as well, quite problematic for VPN usage. pfSense 2.3.2-RELEASE-p1. Andrew M
11:33 PM Bug #6272 (Resolved): Wrong numbers in state column of /firewall_rules.php
Fixed on 2.4 and RELENG_2_3.
pfSense_get_pf_states() now return the packet counters as doubles. Luiz Souza
07:34 PM Bug #6872: Captive Portal per user bandwidth field no longer accepts 0.
The front-end validation is stopping a zero from being entered, so "Leave empty" is the (only) way to specify "no lim... Phillip Davis
11:00 AM Bug #6872 (Resolved): Captive Portal per user bandwidth field no longer accepts 0.
The text says "Leave empty or set to 0 for no limit." However input error checking in the browser now no-longer allow... Steve Wheeler
03:05 PM Bug #6873 (New): radvd - Too many addresses in RDNSS section when previously using DHCPv6
I have come across a bug within the IPv6 Router Advertising Daemon where you receive the following errors in the logs... Dominic McKeown
03:03 PM Feature #4259: Port forward NAT rules with "any" protocol
Could be it implemented with the new 2.4 release ? Giuanin Piemunteis
10:14 AM Bug #6870: Load balancer DNS (relayd) can't handle fragmented udp, breaks DNSSEC
Turns out causing pfsense to not drop fragmented 'do not fragment' packets creates more problems than it solves. For... Harry Coin

10/22/2016

12:25 PM pfSense Packages Bug #6871: Squid Proxy Reports bug
I'm sorry but I'm a fool ... is necessarily open ports on your firewall application ( ports 7445 and 3000)
ALL OK Claudio Berselli
05:28 AM pfSense Packages Bug #6871 (Not a Bug): Squid Proxy Reports bug

Installed from scratch pfsense, Proxy Server, Squid Proxy Reports.
If you try to access the page https: // pfSen... Claudio Berselli
10:07 AM Bug #6870: Load balancer DNS (relayd) can't handle fragmented udp, breaks DNSSEC
To be clear:
The workaround for relayd / DNS protocol failing or being seemingly intermittent when load balancing... Harry Coin
10:04 AM Bug #6870: Load balancer DNS (relayd) can't handle fragmented udp, breaks DNSSEC

Update: dig and other dns query engines set the DF 'do not fragment' bit -- then go on to issue DNSSEC DNS querie... Harry Coin
05:31 AM Revision ed893ee5: Fix #6869 diag_routes resolve names for RELENG_2_3
This code to parse the netstat output and use gethostbyaddr() to reverse resolve names is only needed in RELENG_2_3, ... Phil Davis

10/21/2016

08:15 PM Revision 8fc25403: Revert "Revert "Enable IPFW on PHP module""
This reverts commit 9fdd0c7ebb966df9b566acac091390c4a97fa8c7. Renato Botelho
03:29 PM Bug #6870: Load balancer DNS (relayd) can't handle fragmented udp, breaks DNSSEC
Unlikely we can do much if anything for this, it's probably an issue in relayd itself and not the way we set it up. Y... Jim Pingle
03:25 PM Bug #6870 (Closed): Load balancer DNS (relayd) can't handle fragmented udp, breaks DNSSEC
The built-in load balancer (relayd) has a protocol 'dns' that manages UDP dns queries. The purpose is to load balanc... Harry Coin
11:32 AM Revision 9fdd0c7e: Revert "Enable IPFW on PHP module"
This reverts commit c04887d8fc440e769ed987f993d34bc8f20fbf64. Renato Botelho
10:02 AM Bug #6863: pf states reset by CARP neighbor
Jim, thanks for your explanation! This what I'm trying to detect - what exactly clearing the states. I know, Redmine ... Alex Kolesnik
09:50 AM Bug #6758: 2 x Crash with "PHP Fatal error: Call to undefined function pfSense_interface_listget() in /etc/inc/interfaces.inc on line 80"
Discussion: https://forum.pfsense.org/index.php?topic=118679.0 → luckman212

10/20/2016

09:23 PM Bug #6869: Diagnostics / Routes Truncates Destination and Gateway Names
That is a "feature" of the netstat command, which has annoyed me too. With "-W" it does output the full data in some ... Phillip Davis
12:58 PM Bug #6869 (Resolved): Diagnostics / Routes Truncates Destination and Gateway Names
When "resolve names" is enabled, resolved destination and gateway names are truncated to 18 characters (e.g., pfSense... Daryl Morse
05:50 PM Revision c04887d8: Enable IPFW on PHP module
Renato Botelho
12:34 PM Bug #6868 (Resolved): Interface MTU Setting not applied to all IPv6 routes
Running 2.3.2_1 using an HE/64 tunnel. Adjusting MTU to troubleshoot possible PMTUD problem. Found that setting for M... Daryl Morse
10:47 AM Bug #4326: Limiters on firewall rules where NAT applies drop all traffic
I also use limiters and NAT reflection in combination. So I am stuck on 2.1.4 and 2.1.5 until a release where this co... Anders Tillebeck
09:50 AM pfSense Packages Bug #6129: zabbix agent/proxy 2.4 not ported to pfSense 2.3
Is there any way i can help with this. Or is there anything i can do to make this happen? Pim Janssen
08:35 AM Bug #4031: Notifications mail bomb in some gateway failure circumstances
Looking at a customer box today it made me realize a good path here would be to queue up the notifications in a file ... Jim Pingle
08:09 AM pfSense Packages Bug #6867 (Closed): Please update quagga to version 1.1
Quagga 1.1 fixes a lot of bugs:
http://mirror.yannic-bonenberger.com/nongnu/quagga/quagga-1.1.0.changelog.txt
N... Cullen Trey
08:04 AM Revision eb01f065: Improve IPv4 address validation for services_dhcp
The input pattern that goes with Form_IpAddress by default allows for IPv4 and IPv6 valid characters. The back-end va... Phil Davis
07:18 AM Revision ebfcfeb5: Fix display advanced after input error for system_gateways_edit
Use case:
1) Edit a gateway that has no advanced settings (i.e. the Advanced section does not need to open on page lo... Phil Davis
05:48 AM Revision c982fdbc: Fix is_macaddr().
Hexadecimal numbers without the '0' padding are also valid, e.g:
a:b:c:d:e:f Luiz Souza
05:47 AM Revision 6a546985: Remove "use lowercase" hint
As it is no longer relevant, because the code now automatically converts
to lowercase. Phil Davis
04:21 AM Revision d461ff40: Fix #6864 automatically convert IPv6 input to lowercase
1) As the user leaves the field, or presses Save, onChange will fire and
convert the input string to lowercase. This ... Phil Davis

10/19/2016

11:24 PM Bug #6864: Error checking rejects IPv6 addresses with upper case A-F.
This one also automatically converts the input to lowercase as the user leaves the IP Address field, or presses a but... Phillip Davis
11:18 PM Bug #6864: Error checking rejects IPv6 addresses with upper case A-F.
While I think it is cool to convert the characters as you type, the GUI has to accept upper case letters as well.
... Luiz Souza
10:18 PM Bug #6864: Error checking rejects IPv6 addresses with upper case A-F.
Pull request: https://github.com/pfsense/pfsense/pull/3198
That makes the "Please match the requested format:" text ... Phillip Davis
09:20 AM Bug #6864 (Resolved): Error checking rejects IPv6 addresses with upper case A-F.
Recent browser changes mean this is rejected before the form is submitted and the error tool tip shown is unhelpful.
... Steve Wheeler
05:38 PM Bug #6717: Status / DHCPv6 Leases Issues
I can confirm that this fixes the issue where the file exists but contains no leases. The lease file is still being p... Daryl Morse
04:30 PM pfSense Packages Feature #6866 (Rejected): Suricata multiple interfaces
I've set up Suricata on the WAN interface. When an alert happen I don't see what internal address caused the alert. I... Idar Lund
03:14 PM Bug #6865 (Rejected): DNS resolver : old issue returns
Please start a forum thread for discussion and diagnosis before opening a ticket. Also, upgrade to 2.3.2_1 first to e... Jim Pingle
03:11 PM Bug #6865 (Rejected): DNS resolver : old issue returns
2.3.2-RELEASE (i386)
built on Tue Jul 19 13:09:39 CDT 2016
FreeBSD 10.3-RELEASE-p5
nanobsd (4g)
When trying to... mark allen
12:49 PM Feature #2358: NAT64 support
Too late for 2.4.0... Luiz Souza
04:39 AM Feature #2358: NAT64 support
UPVOTE Greg M
02:16 AM Feature #2358: NAT64 support
UPVOTE, word up on this. It should be prioritized significantly. Martin Hansen
08:32 AM Bug #6863 (Rejected): pf states reset by CARP neighbor
That is normal and expected when the two units are properly synchronizing states. Find what is clearing the states an... Jim Pingle
02:43 AM Revision 2355c154: Better handle no dhcpv6 leases file
Phil Davis

10/18/2016

09:53 PM Bug #6717: Status / DHCPv6 Leases Issues
https://github.com/pfsense/pfsense/pull/3197
That fixes the little side issue, where in fact the leases file exists ... Phillip Davis
04:31 PM Bug #6717: Status / DHCPv6 Leases Issues
With regards to item 1, testing with one windows 10 client and no active leases, Status / DHCPv6 Leases reports "No l... Daryl Morse
01:20 PM Bug #6862: mode 0444 for /var/etc/cert.crt leads to nginx crit error: 13: Permission denied
title should have had protection of 0600, workaround changes it to 0644
 Harry Coin
11:23 AM Bug #6862 (Resolved): mode 0444 for /var/etc/cert.crt leads to nginx crit error: 13: Permission denied
/var/etc/cert.crt has mode 0444, leading to
/var/log/nginx-error.log entries like
2016/10/16 16:06:14 [crit] 61476#... Harry Coin
01:01 PM Revision 94bd7fb3: Fix #6828
Until 2.3.x pfSense carried a patch that changed the behavior of 'route
change' command, making it add the route when... Renato Botelho
12:30 PM Bug #6863 (Rejected): pf states reset by CARP neighbor
There are two pfsense routers (version 2.3.2-RELEASE-p1, but I've faced this issue 1st time on 2.2.5/2.2.6) in HA mod... Alex Kolesnik
12:24 PM Bug #6758: 2 x Crash with "PHP Fatal error: Call to undefined function pfSense_interface_listget() in /etc/inc/interfaces.inc on line 80"
I started having this crash frequently as well. I'm running 2.3.2_p1. I do have DHCPv6 on one of my WANs (but I nee... → luckman212
12:04 PM Bug #6850: FreeBSD 11.0 Route Syntax Change For Non-Local Gateway
Ken Sim wrote:
> Anytime I try and change any of the gateways that are checked non-local on the current snapshot it ... Renato Botelho
11:43 AM Bug #6850: FreeBSD 11.0 Route Syntax Change For Non-Local Gateway
Anytime I try and change any of the gateways that are checked non-local on the current snapshot it locks up pfsense a... Ken Sim
08:35 AM Bug #6850 (Feedback): FreeBSD 11.0 Route Syntax Change For Non-Local Gateway
I couldn't replicate it after fixes I pushed for #6828. Can you try the next round of snapshots? Renato Botelho
11:16 AM Bug #6858: 2.3.X is not properly updating packages
Renato, thank you for the write up.
Does this cover file /usr/local/lib/php/20131226/suhosin.so? This shared objec... Denny Page
05:16 AM Bug #6858 (Not a Bug): 2.3.X is not properly updating packages
Actually it's not a bug, it's expected and it's how pkg is designed to work.
When we moved to 2.3.2_1 we cherry-pi... Renato Botelho
08:10 AM Bug #6828 (Feedback): Patch for "route change" is not present on 2.4 builds using FreeBSD 11
Applied in changeset commit:94bd7fb3a52e375dcd25c416e36389f96060a8fd. Renato Botelho
07:46 AM pfSense Packages Bug #6861 (New): Ha-Proxy duplicated backend used in place of original backend
Hello,
Find hereafter a problem on ha-proxy 0.48 / 1.6.6 package.
Steps to reproduce :
- Create a configurati... Stéphane DAGUET

10/17/2016

04:01 PM Bug #6860 (Resolved): Monitoring (RRD) graphs return "unknown" step value
There seem to be cases where rrd_fetch_json.php returns a step value that isn't located in the javascript lookup tabl... Jared Dillard
12:56 PM pfSense Packages Feature #6859 (Resolved): have an includedir by default (sudo package)
I'm trying to customize sudo and the options I'm looking for aren't in the GUI. Is there a way to include this line i... Brendon Baumgartner
04:33 AM Bug #6099: igmpproxy does not recognize upstream interface
I have the same problem with the 20160905_1818 version.
The _all version works fine on ISP XS4All in The Netherlands... Michiel Lowijs
03:14 AM Feature #2573: Captive Portal support of RADIUS POD (Packet of Disconnect)
POD is useful when replacing Expiration date in Pfsense user manager.
The Option " re-authenticate users every minu... Muhammed Ismail
12:10 AM Bug #6858 (Not a Bug): 2.3.X is not properly updating packages
2.3.X is not updating files properly. See forum thread https://forum.pfsense.org/index.php?topic=119344.msg662359#msg... Denny Page
 

Also available in: Atom