Project

General

Profile

Activity

From 10/31/2016 to 11/29/2016

11/29/2016

07:34 PM pfSense Packages Bug #6763: Squid ClamAv wrong redirect URL
I'm seeing the same redirect behavior. I can confirm that changing the GUI does update the squidclamav.conf file as i... Frank Pineau
07:18 PM Revision 75e80f16: If there are input errors when creating a user certificate from the user manager, stop and show the errors rather than appearing to fail silently. Fixes #6953
Jim Pingle
07:13 PM Revision 2cf5db21: Ensure that the submitted private key matches the certificate or CA when importing. Ticket #6953
Jim Pingle
06:48 PM Revision ab63443a: Fix certificate generation for CAs without a serial set on import. Fixes #6952
Jim Pingle
06:45 PM Bug #6588: PHP suhosin max value length prevents Quagga OSPF from storing a very large zebra.conf
Yet another Chris left so the bug went into an unassigned state.
JimP please verify, and assign back to me if we c... Jim Thompson
06:34 PM Revision 80080a0c: When deleting a CA, do not delete all certificates from this CA, only remove the CA reference from certificates that used this CA, as the relationship can be rebuilt if needed. Also, prevent in-use CAs from being deleted and print a list of places a CA is used, similar to the output on certificates. Fixes #6947
Jim Pingle
06:32 PM Revision e2c718c8: Add some CA in-use test utility functions. Ticket #6947
Jim Pingle
05:01 PM Revision cce6c834: Fix the static ARP test
Jim Pingle
04:57 PM Revision 04fe6f00: Update setup_wizard.xml
(cherry picked from commit b0b2af901f352dbbaad0b09d06fe7adb105ff7a4) Jonathon Anderson
04:57 PM Revision 04d7836b: LAN IP validation logic
(cherry picked from commit 6a365a4c80aced41ec87ad93ed2c986d9935a4ea) Jonathon Anderson
04:57 PM Revision d1a4cb8d: Update setup_wizard.xml
(cherry picked from commit 3ad0f9b63f690f77cf8c4d398b521eba6909f0bc) Jonathon Anderson
04:57 PM Revision ab5f464a: update conditional re:LAN dhcp
(cherry picked from commit 0eb2512f93c7e187511ea258948715c2e230e98f) Jonathon Anderson
04:57 PM Revision bdffccfd: update LAN regex for case insensitivity
(cherry picked from commit 32980f321e854bf008efa04ee9187553231b6423) Jonathon Anderson
04:56 PM Revision 31ec01c3: Merge pull request #3219 from NonSecwitter/patch-2
Renato Botelho
04:53 PM Revision 4a77c4ea: - added support for duiadns.net ipv4 and ipv6
(cherry picked from commit 19b7263e859243adfcf6588533cb47b4c768765e) Ionut
04:53 PM Revision 473f37a9: Merge pull request #3239 from duiadns/master
Renato Botelho
04:40 PM Revision 6cade780: IPv6 address can contain a dot
When requiring the entry of an IPv6 address, the regex pattern should still allow a dot, so that an IPv6 address can ... Phil Davis
04:39 PM Revision 6a320efb: Merge pull request #3241 from phil-davis/patch-2
Renato Botelho
04:37 PM Revision 6e623580: Captive portal: use "Admin Reset" as termination cause when disconnecting a user from admin UI
When a user is disconnected by the administrator using the pfSense captive portal status page or widget set the value... Caio Plumbeo
04:37 PM Revision 993ff722: Merge pull request #3243 from plumbeo/term-cause
Renato Botelho
04:33 PM Revision 7b861bce: clarified input format hint for expiration date
(cherry picked from commit 98b87cfafe8a890787ca5d22a1089678b9b250ac) Jonathon Anderson
04:33 PM Revision 890a80eb: Merge pull request #3244 from NonSecwitter/patch-3
Renato Botelho
03:53 PM Revision 7a9c12b3: Improve input validation on static ARP for DHCP static mapping entries, also prevent the backend from attempting to apply entries with insufficient information stored. Fixes #6969
Jim Pingle
02:47 PM Revision 98b87cfa: clarified input format hint for expiration date
Jonathon Anderson
02:34 PM Revision 2a119ed3: Captive portal: use "Admin Reset" as termination cause when disconnecting a user from admin UI
When a user is disconnected by the administrator using the pfSense captive portal status page or widget set the value... Caio Plumbeo
02:29 PM Revision 481db4fe: Reword/rework wireless note on assignment page. Ticket #6770
Jim Pingle
01:24 PM Bug #6947: Deleting an external CA wipes certificates in use
The cert case is much simpler since there is a field for that directly. All the code has to check for is that the cer... Jim Pingle
01:13 PM Bug #6947: Deleting an external CA wipes certificates in use
Jim Pingle wrote:
> That would require some more work to detect if it's the GUI cert's issuer.
Hmmm well, that al... Kill Bill
01:08 PM Bug #6947: Deleting an external CA wipes certificates in use
That would require some more work to detect if it's the GUI cert's issuer, and the GUI cert could be self-signed, sin... Jim Pingle
01:06 PM Bug #6947: Deleting an external CA wipes certificates in use
Looks pretty good. CA in use detection works (tested with OpenVPN server, IPsec and LDAP), plus can no longer be dele... Kill Bill
12:40 PM Bug #6947 (Feedback): Deleting an external CA wipes certificates in use
Applied in changeset commit:80080a0c8b5949b1af97d1d49b4cc834d06875cf. Jim Pingle
01:19 PM Bug #6953 (Feedback): on mismatching private key for CA, "edit user" silently creates user cert using different CA
I was unable to reproduce the problem exactly as stated, but I added validation code to prevent incorrect keys from b... Jim Pingle
12:50 PM Bug #6952 (Feedback): Generating user certs from imported CA fails silently when no starting serial# is set
Applied in changeset commit:ab63443a9184f42f6a47907e5f2d3fbab6ff043e. Jim Pingle
11:16 AM Bug #4479: Firewall rules won't match GRE interface after applying IPSEC transport encryption on GRE tunnel
Testing on 2.4 won't be reliable until #6937 is fixed. Jim Pingle
11:15 AM Bug #4479: Firewall rules won't match GRE interface after applying IPSEC transport encryption on GRE tunnel
It appears to be worse than before now too.... ICMP doesn't work across the tunnel now either. Jonathan Black
11:07 AM Bug #4479: Firewall rules won't match GRE interface after applying IPSEC transport encryption on GRE tunnel
Jorge Albarenque wrote:
> I can confirm this still occurs on 2.3.2. Probably worth checking on 2.4 since Chris had m... Jonathan Black
04:47 AM Bug #4479: Firewall rules won't match GRE interface after applying IPSEC transport encryption on GRE tunnel
I can confirm this still occurs on 2.3.2. Probably worth checking on 2.4 since Chris had mentioned it seemed to be re... Jorge Albarenque
10:50 AM pfSense Packages Bug #6603: pfblockerng's Unbound modifications leave system broken post-config restore
It's still a problem on 2.3 and 2.4... Jim Pingle
10:00 AM Bug #6969 (Feedback): Insufficient error checking on static ARP entries
Applied in changeset commit:7a9c12b3d6e01e11ec0af3a6690a5c3de2fbbd2e. Jim Pingle
09:35 AM Bug #6973 (Duplicate): OpenVPN fails to verify client certificate when using intermediate CAs to sign server/user certs
Duplicate of #2800 which is fixed on 2.4 already. Jim Pingle
09:22 AM Bug #6973 (Duplicate): OpenVPN fails to verify client certificate when using intermediate CAs to sign server/user certs
I am using pfSense and OpenVPN with a few intermediate CAs to seperate VPN servers by project:... Harald Linden
08:31 AM Bug #6770 (Resolved): 802.11 stack on FreeBSD 11 requires changes to support its new device creation method
It's working well now.
I updated the wiki and book to follow the new requirement, and made a slight adjustment to ... Jim Pingle
07:13 AM Bug #6972: "Are you sure you wish to?" prompts and other issues with deleting networks from network-type aliases
An example:
!https://s14.postimg.org/7fgw3jrxd/aliases_delete_wth.png! Kill Bill
07:02 AM Bug #6972 (Resolved): "Are you sure you wish to?" prompts and other issues with deleting networks from network-type aliases
I randomly keep getting a nonsensical "Are you sure you wish to?" prompt when deleting networks from network-type al... Kill Bill

11/28/2016

10:09 PM pfSense Packages Bug #6968: Snort VRT Rules Fail to automatically update SSL read error
Well, apparently not a package bug. Kill Bill
05:31 PM pfSense Packages Bug #6968: Snort VRT Rules Fail to automatically update SSL read error
Kill Bill wrote:
> You have pfBNG installed and Amazon S3 blocked?
Nope only package I have installed is snort.
... rub man
09:43 AM pfSense Packages Bug #6968: Snort VRT Rules Fail to automatically update SSL read error
You have pfBNG installed and Amazon S3 blocked? Kill Bill
08:54 AM pfSense Packages Bug #6968 (Rejected): Snort VRT Rules Fail to automatically update SSL read error
pfsense version: 2.3.2-RELEASE-p1 (amd64)
Snort Version: 3.2.9.1_14
Automatic update fails with following errors... rub man
09:14 PM pfSense Packages Bug #6971 (Closed): Interfaces.php: "Reserved Networks" checkboxes not shown
Using Windows 10 snap window function to resize Firefox to half the display size causes the checkboxes on Reserve Net... Bart K
09:12 PM Bug #4479: Firewall rules won't match GRE interface after applying IPSEC transport encryption on GRE tunnel
yet another case where we lost track of the bug because Chris just removed himself when he left.
assigned back to ... Jim Thompson
09:08 PM Bug #6938: DNS with OpenVPN gateway specified is routed through wrong interface. 2.4 regression.
i think this is a freebsd bug, might be fixed. Jim Thompson
09:04 PM Bug #6947: Deleting an external CA wipes certificates in use
please validate and hand back. Jim Thompson
09:03 PM Feature #6960: Introduce Kea DHCP as an alternative DHCP server for IPv4 and IPv6
they moved because it's better.
but they have a really large environment.
we've known about kea for a while. (... Jim Thompson
08:57 PM pfSense Packages Bug #6603: pfblockerng's Unbound modifications leave system broken post-config restore
JimP, please verify, and if not valid, close.
If valid, please hand-off to bbcan117 Jim Thompson
08:11 PM Bug #6970 (Rejected): Update pfSense 2.3 to Unbound 1.5.10
It's already in 2.3.3 snapshots Jim Pingle
07:57 PM Bug #6970 (Rejected): Update pfSense 2.3 to Unbound 1.5.10
I noticed the Unbound version pfSense is shipping is a bit old at 1.5.9. The latest release is 1.5.10. The .10 releas... Brad Smith
03:35 PM Revision d68efad1: Fix System Update link
Renato Botelho
03:35 PM Revision 85b36c34: Fix System Update link
Renato Botelho
01:16 PM Revision cacbc2cb: Send packages to files03 too
Renato Botelho
01:16 PM Revision f74e2105: Send packages to files03 too
Renato Botelho
01:15 PM Revision c3d2384b: Send packages to files03 too
Renato Botelho
12:01 PM Bug #6969 (Confirmed): Insufficient error checking on static ARP entries
Adding a note to clarify: It is OK for "IP address" to be blank/empty if "ARP Table Static Entry" is unchecked. Jim Pingle
11:40 AM Bug #6969 (Resolved): Insufficient error checking on static ARP entries
When creating a static DHCP lease entry the GUI input checking does not prevent checking 'static ARP' without enterin... Steve Wheeler
11:14 AM Bug #6963: SSH Keyboard-Interactive Authentication fails on 2.3.2/2.4
Applied in changeset commit:b35fc4331ac78f9459db00be04dc6b077f168593. Jim Pingle
08:43 AM Bug #6223: IPsec + OpenBGPD fails with "PF_KEY socket: No buffer space available"
To all having this problem - while there is no fix yet, I have put together a workaround I have been using successful... Firstname Surname
08:08 AM Bug #6966: Display bug in Status / IPsec / Overview
Jim Pingle wrote:
> That page outputs what is given to it by strongSwan. Check the output of "ipsec statusall" from ... Lars Jorgensen
07:35 AM Bug #6966 (Feedback): Display bug in Status / IPsec / Overview
That page outputs what is given to it by strongSwan. Check the output of "ipsec statusall" from the console when it's... Jim Pingle
06:10 AM Bug #6966 (Resolved): Display bug in Status / IPsec / Overview
I have to IPsec tunnels configured. If one goes up, it is reported as both connected and disconnected in two separate... Lars Jorgensen
07:41 AM Bug #6967 (Resolved): DH Groups 22, 23, 24 missing from Phase 2 selection GUI
When configuring IPSec you can select DH Groups 22-24 for Phase 1, but for Phase 2 they are missing from the GUI.
... Sec Sec

11/27/2016

06:31 PM pfSense Packages Bug #6763: Squid ClamAv wrong redirect URL
And as for "the GUI does nothing":
!https://s15.postimg.org/fk5zywtsr/clamav_redirect_empty.png!... Kill Bill
06:04 PM pfSense Packages Bug #6763: Squid ClamAv wrong redirect URL
The default URL is set to the pfSense GUI URL on package install. Simply because that's the only sensible default. Th... Kill Bill
02:40 PM pfSense Packages Bug #6763: Squid ClamAv wrong redirect URL
See: https://forum.pfsense.org/index.php?topic=115323.0 Richard Eberhard
02:39 PM pfSense Packages Bug #6763: Squid ClamAv wrong redirect URL
Kill Bill wrote:
> Richard Eberhard wrote:
> > I also tried adding a redirect command in the custom squid config: n... Richard Eberhard
08:28 AM pfSense Packages Bug #6763 (Not a Bug): Squid ClamAv wrong redirect URL
Jim Pingle
04:08 AM pfSense Packages Bug #6763: Squid ClamAv wrong redirect URL
No bug here, let alone "very high" severity, can be closed. This is configurable in the GUI as shown above. Kill Bill
06:28 PM Bug #6223: IPsec + OpenBGPD fails with "PF_KEY socket: No buffer space available"
Has anyone attempted this with 2.4 beta? I've already burned my downtime allowance testing with 2.3.x versions and va... Michael OBrien
05:53 PM pfSense Packages Bug #6562: Bug/Wrong description in the squid settings
Yes, set CN property surprisingly sets CN property. Sigh. Because that's exactly the purpose of the feature. Set != s... Kill Bill
02:46 PM pfSense Packages Bug #6562: Bug/Wrong description in the squid settings
Kill Bill wrote:
> Sorry, but browser thinking a certificate is valid when it's not is NOT a Squid issue. Stop doing... Richard Eberhard
08:30 AM pfSense Packages Bug #6562 (Not a Bug): Bug/Wrong description in the squid settings
Jim Pingle
04:16 AM pfSense Packages Bug #6562: Bug/Wrong description in the squid settings
Sorry, but browser thinking a certificate is valid when it's not is NOT a Squid issue. Stop doing HTTPS MITM if you h... Kill Bill
08:34 AM pfSense Packages Bug #5701 (Not a Bug): Sarg does not delete cron entry
Jim Pingle
08:04 AM pfSense Packages Bug #5701: Sarg does not delete cron entry
Ale Feltes wrote:
> I can't see issue's status control. I can only add comments.
That was aimed @pfSense guys. :) Kill Bill
07:06 AM pfSense Packages Bug #5701: Sarg does not delete cron entry
I can't see issue's status control. I can only add comments. Ale Feltes
04:35 AM pfSense Packages Bug #5701: Sarg does not delete cron entry
Package no longer exists in 2.3+, use lightsquid.
Please, close.
 Kill Bill
08:34 AM pfSense Packages Bug #3986 (Closed): BandwidthD can break php-fpm in unknown rare edge case
Jim Pingle
04:56 AM pfSense Packages Bug #3986: BandwidthD can break php-fpm in unknown rare edge case
Package gone, please close. Kill Bill
08:33 AM pfSense Packages Feature #2170 (Closed): Enable AirPrint mdns via Avahi
Jim Pingle
04:43 AM pfSense Packages Feature #2170: Enable AirPrint mdns via Avahi
This already works with Avahi as noted above. Please, close this. Kill Bill
08:32 AM pfSense Packages Bug #4676 (Rejected): Avahi & .local domain in config file
Jim Pingle
04:41 AM pfSense Packages Bug #4676: Avahi & .local domain in config file
Cannot be reproduced plus concerns obsolete 2.2.x PBI stuff.
Please, close. Kill Bill
08:31 AM pfSense Packages Bug #4301 (Closed): arpwatch not sending email reports on 2.2
Jim Pingle
04:37 AM pfSense Packages Bug #4301: arpwatch not sending email reports on 2.2
Package no longer exists in 2.3+, please close. Kill Bill
08:31 AM pfSense Packages Feature #6141 (Resolved): Convert apcupsd package to 2.3
Jim Pingle
04:33 AM pfSense Packages Feature #6141: Convert apcupsd package to 2.3
Been already done, can be closed.
https://github.com/pfsense/FreeBSD-ports/commits/devel/sysutils/pfSense-pkg-apcupsd Kill Bill
08:30 AM pfSense Packages Bug #6252 (Not a Bug): Can't access darkstat if webgui is on HTTPS.
Jim Pingle
04:25 AM pfSense Packages Bug #6252: Can't access darkstat if webgui is on HTTPS.
Darkstat does not support HTTPS. Cannot be fixed in the package. The issue is HSTS headers set by pfSense nginx. Best... Kill Bill
08:30 AM pfSense Packages Bug #6485 (Rejected): Squid garbage collection is a blocking thread and stops all network traffic
Jim Pingle
04:20 AM pfSense Packages Bug #6485: Squid garbage collection is a blocking thread and stops all network traffic
Upstream bug tracker for Squid is at http://bugs.squid-cache.org/describecomponents.cgi?product=Squid - the pfSense p... Kill Bill
08:29 AM pfSense Packages Bug #6497 (Closed): Squid3 web GUI page not saving settings for users in custom system privileged groups in v 2.2.2
Jim Pingle
04:13 AM pfSense Packages Bug #6497: Squid3 web GUI page not saving settings for users in custom system privileged groups in v 2.2.2
2.2.x is dead, plus this would not be a Squid package bug at all. Please, close this. Kill Bill
08:28 AM pfSense Packages Bug #6814 (Not a Bug): pfBlockerNG cannot define table pfB_Europe_v6 after pfsense upgrade to 2.3.2-RELEASE (amd64)
Jim Pingle
04:05 AM pfSense Packages Bug #6814: pfBlockerNG cannot define table pfB_Europe_v6 after pfsense upgrade to 2.3.2-RELEASE (amd64)
No bug here, can be closed. Kill Bill
06:32 AM pfSense Packages Feature #6965 (Resolved): suricata + snort - making custom passlist additive to the default one
It'd seriously help to have a checkbox that'd simply _add_ whatever custom alias(es) to the default passlist, instead... Kill Bill
04:39 AM Feature #5619: Curl with ARES support
This is misfiled under Packages product, any changes here would need to be done in pfSense core. Kill Bill

11/26/2016

09:15 PM pfSense Packages Bug #6047: syslog-ng does not logrotate
Well, this still does not work properly at least with bzip2, because:... Kill Bill
04:19 PM Revision b0b2af90: Update setup_wizard.xml
Jonathon Anderson
04:18 PM pfSense Packages Bug #6690: SURICATA IPS Issue - Kills VLANS & Traffic Shaper
There's already #6023 for netmap + shaping. Kill Bill
02:12 PM Bug #5649: bce0: Discard frame w/o leading ethernet header (len 0 pkt len 0)
I believe this issue can now be closed.
After using pci-stub on the Linux host for the two NIC's in question, whic... Matt Parnell
12:21 PM pfSense Packages Bug #6964 (Resolved): Host OS Policy Assignment broken when using "Import" or "Aliases" buttons
The policy always gets assigned to the first instance (normally probably WAN) when you either
- use the Import butto... Kill Bill
10:41 AM Revision b8678b63: IPv6 address can contain a dot
When requiring the entry of an IPv6 address, the regex pattern should still allow a dot, so that an IPv6 address can ... Phil Davis
06:44 AM pfSense Packages Bug #6389: Suricata typo under interface rules tab
https://github.com/pfsense/FreeBSD-ports/pull/220 Kill Bill
06:38 AM pfSense Packages Bug #5938: Link for Signing up for ETPro account got changed - Suricata
This got broken again. Together with some other cosmetics, this is fixed by https://github.com/pfsense/FreeBSD-ports/... Kill Bill

11/25/2016

10:27 PM Bug #6962: GUI allows selecting missing diffe-helman Paremeters for OpenVPN
My vote would be either to grey out or remove the missing parameters from the OpenVPN dropdown, or to kick off a back... Andy Sayler
09:25 AM Bug #6962 (Confirmed): GUI allows selecting missing diffe-helman Paremeters for OpenVPN
The GUI should probably grey out or otherwise note the selections without available files. Or maybe check for @/etc/d... Jim Pingle
09:04 PM Revision 19b7263e: - added support for duiadns.net ipv4 and ipv6
Ionut
08:17 PM Revision 8505ccf0: Disable PAM when using only key-based authentication, otherwise keyboard-interactive fails. Fixes #6963
Jim Pingle
08:17 PM Revision ec64b0a8: Disable PAM when using only key-based authentication, otherwise keyboard-interactive fails. Fixes #6963
Jim Pingle
08:08 PM Revision b35fc433: Disable PAM when using only key-based authentication, otherwise keyboard-interactive fails. Fixes #6963
Jim Pingle
05:09 PM Revision 6be782ed: increase webgui usability when the remote ldap server isn't available
(cherry picked from commit b77a63948b4bd54f3d2e6e9d3822588105fb5741) Pi Ba
05:09 PM Revision 23a8dae0: Merge pull request #3196 from PiBa-NL/authfallbackspeed
Renato Botelho
05:06 PM Revision 54098908: ipsec mobile clients, don't check mobile leases if mobile client isn't enabled to begin with
(cherry picked from commit 339279415ced4aaaafb96fc14a334a172b8db49f) Pi Ba
05:06 PM Revision ba2253da: Merge pull request #3212 from PiBa-NL/ipsec-mobile-leasecheck
Renato Botelho
05:05 PM Revision 9e2fa369: Improved error message to explicitly state allowable characters
Related to Bug #6432.
(cherry picked from commit 3b55b54e9c76998a2b0e28897a0be79d5cf0cb8f) Sean McBride
05:05 PM Revision 823091b1: Merge pull request #3216 from seanm/master
Renato Botelho
05:01 PM Revision f968d06d: DHCPv6 ddnsdomainprimary must currently be IPv4
This field is currently validated to allow only an IPv4 address to be entered, so it may as well be consistent client... Phil Davis
05:00 PM Revision d0e73557: Merge pull request #3231 from phil-davis/patch-8
Renato Botelho
04:59 PM Revision 19509df3: services_dhcp_edit add extra IPv4 validation
a) Validate that ipaddr must be IPv4 (note if you enter an IPv6 address, it will fail other later tests of being in t... Phil Davis
04:59 PM Revision ab97c6aa: Merge pull request #3230 from phil-davis/patch-7
Renato Botelho
04:48 PM Revision e9544016: Specify the IP address family in interfaces.php
Where it is known what sort of IP address is required, we can specify it in the call to Form_IpAddress. That will mak... Phil Davis
04:48 PM Revision 8adb1946: Merge pull request #3226 from phil-davis/patch-3
Renato Botelho
04:47 PM Revision 57808367: Keep the rule type selection after input errors on firewall rule
If the user:
a) Edit a firewall rule
b) Select "single host or alias"
c) Enter an invalid IP address that is not an a... Phil Davis
04:47 PM Revision 81e2aa25: Merge pull request #3224 from phil-davis/patch-2
Renato Botelho
04:45 PM Revision fbcdf576: add All-Inkl to services.class
(cherry picked from commit 360f3a9011d143944fcd8e5e6b69fced2f9baaf7) Christoph Filnkößl
04:45 PM Revision 3c2a6448: add All-Inkl to dyndns.class
(cherry picked from commit 575b1dcf0bdb28c431fca420d27bdedf579ec9c4) Christoph Filnkößl
04:45 PM Revision 75357823: Merge pull request #3223 from filnko/patch-1
Renato Botelho
04:11 PM Bug #6963 (Feedback): SSH Keyboard-Interactive Authentication fails on 2.3.2/2.4
I pushed a fix as stated. Works fine with and without key-based auth. Needs more testing once it hits snaps. Jim Pingle
02:15 PM Bug #6963 (Resolved): SSH Keyboard-Interactive Authentication fails on 2.3.2/2.4
The ssh authentication "keyboard-interactive" method fails on 2.3.2 and 2.4
This is due to the use of @UsePAM no@ ... Jim Pingle
09:28 AM Feature #6961 (Duplicate): IPv4/IPv6 Dual-Stack IPSEC mobile vpn
Duplicate of #6886 Jim Pingle

11/24/2016

04:21 PM Bug #6962: GUI allows selecting missing diffe-helman Paremeters for OpenVPN
Uhm... generating these "on demand" is a horrible idea. Should be either pre-shipped or user told to do the job. User... Kill Bill
03:58 PM Bug #6962 (Resolved): GUI allows selecting missing diffe-helman Paremeters for OpenVPN
When trying to use a 3072-bit Diffie-Hellman parameter with the OpenVPN server, the following error is logged and the... Andy Sayler
12:43 PM Revision f6bea44d: Silence kenv calls
Renato Botelho
12:43 PM Revision 411f439a: Silence kenv calls
Renato Botelho
12:21 PM pfSense Packages Bug #6547: syslog-ng log browser only shows the first few lines
Kinda difficult to come with "pfSense native firewall"-like GUI, considering there's no pattern about what's going to... Kill Bill
11:26 AM pfSense Packages Feature #4548: syslog-ng interface doesn't allow rule ordering
See https://github.com/pfsense/FreeBSD-ports/pull/218 Kill Bill
09:31 AM Feature #6961 (Duplicate): IPv4/IPv6 Dual-Stack IPSEC mobile vpn
It would be nice to have possibility to create Phase1 IPSec for Mobile Clients - for both IPv4 and IPv6.
Currently... Vladimir Lind
07:51 AM Feature #6960: Introduce Kea DHCP as an alternative DHCP server for IPv4 and IPv6
It looks like Facebook migrated to Kea DHCP. Should be for a good reason [[https://code.facebook.com/posts/8459090588... Raul Ramos
06:51 AM Feature #6960 (Resolved): Introduce Kea DHCP as an alternative DHCP server for IPv4 and IPv6
I think it would be a good idea to at least take a look at kea dhcp by ISC. It seems to be a much better solution for... Bogdan P
07:22 AM pfSense Packages Bug #6492 (Resolved): Syslog-ng configuration file warning is treated as syntax error
Renato Botelho
07:05 AM pfSense Packages Bug #6492: Syslog-ng configuration file warning is treated as syntax error
Already fixed by https://github.com/pfsense/FreeBSD-ports/commit/5f79e53dcae89bb185279ba2164a99891bb70dfd Kill Bill
03:28 AM Bug #6959 (Feedback): Remove or rename "LiveCD" option in the 2.4 installer
Done Renato Botelho
03:24 AM Bug #6762: "Please match the requested format" error in Chrome when editing certain form fields
I'm still having this issue.
Norwegian settings in Chromve version 55.0.2883.59
I get the error when trying to ad... Øistein Kjos

11/23/2016

06:47 PM Revision 581aa622: Added addrtolower() to interface pages
Steve Beaver
06:47 PM Revision 5af93827: Added addrtolower() to interface pages
Steve Beaver
02:36 PM Revision 3947f294: Add a note that wireless clones must be created before they can be assigned. This should fix #6770
Renato Botelho
02:35 PM Bug #6850: FreeBSD 11.0 Route Syntax Change For Non-Local Gateway
After going into System -> Routing -> Gateways, clicking edit on the current gateway outside the subnet, don't even h... Ken Sim
02:34 PM Revision 656ed1af: Start wireless clone count from 0
Renato Botelho
02:23 PM Bug #6959 (Resolved): Remove or rename "LiveCD" option in the 2.4 installer
When booting the 2.4 install media, the first screen of the installer offers a "Live CD" choice that is confusing to ... Jim Pingle
02:11 PM Revision 930ca820: Change wireless interface description
Renato Botelho
12:51 PM Bug #6958 (Resolved): services_dhcp_relay.php: Needs to be converted to more recent rowhelper standard
Page still uses the deprecated setIsRepeated() method on the group. We no longer do that. Anonymous
12:18 PM Bug #6957 (Closed): CARP arp reply with wrong src mac
The problem is same as https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=141023
I find a patch on pfsense/FreeBSD-sr... zhiwu shan
12:01 PM Feature #6956 (New): Allow more control over concurrent logins
Currently there is a checkbox that allows concurrent logins, or not. I'd like to be able to replace that binary check... Michael Newton
11:56 AM Bug #6955 (Resolved): The uniqid of the virtual IP address is lost when you modify the vip type
My interfaces:LAN, WAN, WAN2
1、I add IP Alias VIP 155.155.155.155 on WAN2, it's ok. Get the uniqid: 5831b1cbbbdcd
... zhiwu shan
09:47 AM Bug #6954 (Resolved): New installer has no "Quick/Easy" installation option
The new installer has a number of useful options but there is no choice that replicates the "Quick/Easy Install" opti... Jim Pingle
09:46 AM Bug #6770 (Feedback): 802.11 stack on FreeBSD 11 requires changes to support its new device creation method
After discussed it, we decided to let user create wireless clone interface before assign it and remove any special tr... Renato Botelho
07:42 AM Bug #6770: 802.11 stack on FreeBSD 11 requires changes to support its new device creation method
It works on the latest CE snapshot from overnight, but there is one regression from the previous behavior. At the mom... Jim Pingle
04:40 AM Bug #6770: 802.11 stack on FreeBSD 11 requires changes to support its new device creation method
Kill Bill wrote:
> I guess you produced a typo in the latest commit.
>
> [...]
>
> https://github.com/pfsense/... Renato Botelho
08:06 AM Bug #6953 (Resolved): on mismatching private key for CA, "edit user" silently creates user cert using different CA
Steps to reproduce:
* have existing internal CA
* import external CA (in my case, signed by the internal CA but g... Harald Linden
06:59 AM Bug #6952 (Resolved): Generating user certs from imported CA fails silently when no starting serial# is set
Steps to reproduce:
* Import external CA
* Do not set "Serial for next certificate"
* Try to create a user certi... Harald Linden
12:41 AM Revision 5794e197: Fix typo. Ticket #6770
Jim Pingle

11/22/2016

05:54 PM Revision ae7d6aca: Ticket #6770: Create a function to list available wireless interfaces and include model description
Renato Botelho
05:40 PM Revision d3343d02: Ticket #6770: Detect wlan interfaces from sysctl net.wlan.devices
Renato Botelho
04:56 PM Bug #6770: 802.11 stack on FreeBSD 11 requires changes to support its new device creation method
I guess you produced a typo in the latest commit.... Kill Bill
04:49 PM Bug #6931 (Resolved): Status > Filter Reload page is confusingly worded
Renato Botelho
02:48 PM Bug #6931: Status > Filter Reload page is confusingly worded
Wow, this is much better than before, shows complete progress output now. 8-) Thanks. Kill Bill
04:23 PM Revision ac516731: Ticket #6770: Update wireless regex to match FreeBSD 11
Renato Botelho
03:45 PM Revision 499ff8fc: Added addrtolower calls to force IPv6 addresses to lower case
First of many Steve Beaver
03:45 PM Revision 5100064f: Added addrtolower calls to force IPv6 addresses to lower case
First of many Steve Beaver
09:51 AM Bug #6864 (Assigned): Error checking rejects IPv6 addresses with upper case A-F.
Force IPv6 to lowercase via addrtolower() has been added to:
firewall_aliases_edit.php
firewall_rules_edit.php
... Anonymous
09:48 AM Bug #6918 (Closed): Javascript Lowercase for IPv6 addresses prevents use of aliases with capital letters
Closed in favor of #6864 Anonymous
09:40 AM Bug #6945: Firewall alias naming restrictions are too limiting
What happens if you use www.xn--bcher-kva.ch as the name to block in the rule?
Is that effective?
I wonder if pf ... Phillip Davis
09:33 AM Bug #6946 (Not a Bug): Unable to override dns servers in dhcp server
Most likely it's a configuration issue and not a bug. It's best to discuss this on the forum before opening a bug rep... Jim Pingle
09:22 AM Bug #6946: Unable to override dns servers in dhcp server
What appears in /var/dhcpd/etc/dhcpd.conf ?
When I put specific DNS servers in there, I get a line like:
option dom... Phillip Davis
08:37 AM pfSense Packages Feature #6951 (Resolved): Disable Auto Config Backup without uninstalling
The only way to disable the auto config backup package after the credentials have been entered is to uninstall it. Th... Steve Wheeler
08:32 AM pfSense Packages Bug #6950 (Resolved): Auto Config Backup always reports success
The 'Backup Now' function always reports 'Backup completed successfully.' even if the backup to the server failed. If... Steve Wheeler
06:44 AM pfSense Packages Bug #6410 (Resolved): when PFSENSE after server restart,openvpn+motp not login
Fixed by #6900 Jim Pingle
02:23 AM pfSense Packages Bug #6410: when PFSENSE after server restart,openvpn+motp not login
SOLVED: Did update with Version freeradius2 1.7.4 and everything runs fine now Johannes Goldynia
12:19 AM Revision dd98dfcc: The bug was actually the missing new line ('\n') on poudriere bulk list.
Luiz Souza
12:08 AM Revision 78dd16ee: net/hping does not build on ARM, exclude it from poudriere builds.
Luiz Souza

11/21/2016

07:37 PM Revision 028596d8: Revise filter_reload page to display entire reload_filter_status contents, not just last line
Steve Beaver
07:36 PM Revision d00157df: Revise filter_reload page to display entire reload_filter_status contents, not just last line
Steve Beaver
06:58 PM Revision 71b86385: Revise shaper wizards to support multi-line filter_reload_status
Steve Beaver
06:57 PM Revision de1425d9: Revise shaper wizards to support multi-line filter_reload_status
Steve Beaver
06:54 PM Revision 5bf9c6f7: Revise update_filter_relaod_status() function to append status messages rather than overwrite the file
Steve Beaver
06:53 PM Revision 4f7956ad: Revise update_filter_relaod_status() function to append status messages rather than overwrite the file
Steve Beaver
04:49 PM Revision df995721: Merge branch 'master' of git.netgate.com:pfsense/pfsense
Steve Beaver
04:47 PM Revision a7391526: Fixed #6922
Added code for IPv6 Dynamic DNS Steve Beaver
04:46 PM Revision 707e1ac2: Fixed #6922
Added code for IPv6 Dynamic DNS Steve Beaver
04:12 PM Revision 9e8a731d: Remove deprecated code
Renato Botelho
04:12 PM Revision 23960be7: /var/etc/* has been removed above
Renato Botelho
04:06 PM Revision fc84b222: Remove config files symlinks from /etc to /var/etc. Fixes #5538
Renato Botelho
04:06 PM Revision a5dd605a: We don't need to remove newsyslog.conf
Renato Botelho
03:38 PM Revision f6973634: Fixed #6939 by moving CSS only to the two pages that require it
Steve Beaver
03:37 PM Revision dd455f50: Fixed #6939 by moving CSS only to the two pages that require it
Steve Beaver
02:05 PM Revision c945d7a5: This should be 'default' rather than 'panic' or some non-panic crashes will land at a debugger prompt rather than rebooting.
Jim Pingle
01:51 PM Bug #6931: Status > Filter Reload page is confusingly worded
Thanks for looking into it (it's not like the exact messages would be really critical, but it was an indication of a ... Kill Bill
01:43 PM Bug #6931: Status > Filter Reload page is confusingly worded
The root cause of the issue was that the filter reload process over-wrote the status file with every message, so ther... Anonymous
11:59 AM Bug #6931: Status > Filter Reload page is confusingly worded
The system I was testing on was too fast to notice the intermediate messages. Thanks for pointing that out. Fix coming. Anonymous
11:21 AM Bug #6931: Status > Filter Reload page is confusingly worded
I'm very sure the thing has actually been displaying _real_ activity during reload. Such as, loading the various pack... Kill Bill
11:14 AM Bug #6931: Status > Filter Reload page is confusingly worded
Previously when visiting the page from the status menu the page would say that it was reloading the filter then after... Anonymous
10:23 AM Bug #6931: Status > Filter Reload page is confusingly worded
Uhm, dunno guys, it appears to me like this made the thing basically no-op? Previously, it's been showing what's goin... Kill Bill
12:34 PM Revision 0529323f: Force textdump, it should fix #6943
Renato Botelho
12:34 PM Revision a7d88d2c: Add our own ddb.conf
Renato Botelho
10:58 AM Bug #6922 (Resolved): Dynamic DNS widget broken with Custom v6 entries
Anonymous
10:57 AM Bug #6922: Dynamic DNS widget broken with Custom v6 entries
Works, thanks.
!https://s22.postimg.org/kxalm38rl/screenshot_dyndns_widget.png! Kill Bill
10:54 AM Bug #6922: Dynamic DNS widget broken with Custom v6 entries
Added code to handle IPv6 (cache file has "_v6" appended) Anonymous
10:50 AM Bug #6922: Dynamic DNS widget broken with Custom v6 entries
Applied in changeset commit:a7391526c83a8d4b33e81d730141a4811ae8d482. Anonymous
09:38 AM Bug #6922: Dynamic DNS widget broken with Custom v6 entries
... Kill Bill
08:58 AM Bug #6922 (Feedback): Dynamic DNS widget broken with Custom v6 entries
Kill Bill,
Could you post or send me the contents of the /cf/conf/*.cache file that pertains to he HEIPV6 entry pl... Anonymous
10:57 AM Bug #6864: Error checking rejects IPv6 addresses with upper case A-F.
See #6918
A new function has been provided to force IPv6 to lower case on save. This is being added to GUI pages as ... Anonymous
10:13 AM pfSense Packages Bug #6939 (Resolved): HAproxy - backend server list broken with recent 2.3.3 snapshots
Renato Botelho
09:52 AM pfSense Packages Bug #6939: HAproxy - backend server list broken with recent 2.3.3 snapshots
Fixed. Dragging below/above the visible window in FW rules works, HAproxy and Status_Traffic_Totals still have the re... Kill Bill
09:50 AM pfSense Packages Bug #6939: HAproxy - backend server list broken with recent 2.3.3 snapshots
Applied in changeset pfsense:commit:f6973634c34b34908644e2df17154274d2ab12be. Anonymous
09:40 AM pfSense Packages Bug #6939: HAproxy - backend server list broken with recent 2.3.3 snapshots
Applied in changeset pfsense:commit:dd455f50b7be7957428b0733b5b2c93ccba9e284. Anonymous
09:37 AM pfSense Packages Bug #6939 (Feedback): HAproxy - backend server list broken with recent 2.3.3 snapshots
The scroll gimmick CSS has been removed from the master CSS file, and added only to firewall_rues.php and firewall_na... Anonymous
10:10 AM Todo #5538 (Feedback): remove symlinks from /etc/ to /var/etc/
Applied in changeset commit:fc84b222e75c9d92e394a2e9ddb80c5ead382f52. Renato Botelho
09:02 AM Bug #6903 (Resolved): services_dnsmasq_edit.php: Configuration XML hosts section order appears randomized
Anonymous
09:02 AM Bug #6918: Javascript Lowercase for IPv6 addresses prevents use of aliases with capital letters
I have added a new function addretolower() to detect if a string is a valid IPv6 address, and if so convert it to low... Anonymous
08:09 AM Bug #6943 (Resolved): Textdumps are not working on 2.4 (No DDB)
That worked, thanks!
I did make one small tweak. Before, we used @kdb.enter.default@ rather than @kdb.enter.panic@... Jim Pingle
06:40 AM Bug #6943 (Feedback): Textdumps are not working on 2.4 (No DDB)
Applied in changeset commit:0529323ff97f81e0203553086df8917aeb5542d3. Renato Botelho
06:01 AM Bug #6658: DHCP Relay not working on 2.3.2
Kill Bill wrote:
> Yay!!! Will only be able to test after this weekend; going to post feedback here. Thanks.
!htt... Kill Bill
02:56 AM Bug #6949 (Resolved): username/password not used by proxy support
hello,
it seems that username and password is not used for the proxy connection. it works only with IP and port but ... Giuanin Piemunteis
01:57 AM Bug #6925: System Update Failed
I was able to update. But I had to take the cable out of the router and leave it to pfsense only. Very sensitive. lol... Edson Bueno

11/20/2016

04:35 PM Bug #6945: Firewall alias naming restrictions are too limiting
I am well aware of DNS's Punycode encoding and of the homograph problem. The former is alas needed for backwards com... Sean McBride
01:02 PM pfSense Packages Bug #6948: HAproxy files tab input validation nonsense - impossible to save files
Hmmm... So, that's caused by the bogus empty file at the top, which I never placed there in the first place. NFC how ... Kill Bill
12:56 PM pfSense Packages Bug #6948 (Resolved): HAproxy files tab input validation nonsense - impossible to save files
No idea what's this bootstrap nonsense validating where yet again. It is absolutely impossible to input anything ther... Kill Bill
04:38 AM Bug #6947 (Resolved): Deleting an external CA wipes certificates in use
This is beyond uncool. When I accidentally deleted an external (intermediate) CA cert from the CAs tab, it wiped the ... Kill Bill
01:08 AM Bug #6946 (Not a Bug): Unable to override dns servers in dhcp server
Trying to provide specific DNS servers for specific optX network. No matter what I set the dns server fields to, the... Sean Bales

11/19/2016

10:49 PM Revision ce983754: openvpn, startup locking sequence to prevent issues around pid file / process management
fixes: https://redmine.pfsense.org/issues/6940 Pi Ba
05:13 PM Bug #6945: Firewall alias naming restrictions are too limiting
This is how's www.bücher.ch represented in DNS: www.xn--bcher-kva.ch; believe it or not, people do NOT want to deal w... Kill Bill
04:09 PM Bug #6945: Firewall alias naming restrictions are too limiting
Thanks for the link. Hopefully they won't reject the bug. Why do you think they would? (You do know that the majo... Sean McBride
02:37 PM Bug #6945: Firewall alias naming restrictions are too limiting
Sean McBride wrote:
> Do you know where I should file this upstream then?
https://bugs.freebsd.org/ if you insist... Kill Bill
01:22 PM Bug #6945: Firewall alias naming restrictions are too limiting
I figured it would be something like that.
Do you know where I should file this upstream then? Sean McBride
12:48 PM Bug #6945 (Rejected): Firewall alias naming restrictions are too limiting
We are bound by the limits in pf. We can only allow what they allow. (A-Z, a-z, 0-9, and _)
Use the description fi... Jim Pingle
12:40 PM Bug #6945 (Rejected): Firewall alias naming restrictions are too limiting
In Firewalls > Aliases, when creating/editing an alias there is a 'name' field. This field disallows most characters... Sean McBride
04:57 PM Bug #6132: race condition in OpenVPN startup
Just found this one issue, looks i made a duplicate https://redmine.pfsense.org/issues/6940 , i did implemented the '... Pi Ba
04:52 PM Bug #6940: OpenVPN management socket not listening after bootup / cannot restart the service.
Fixable by: https://github.com/pfsense/pfsense/pull/3236 Pi Ba
03:58 PM Bug #6943 (Confirmed): Textdumps are not working on 2.4 (No DDB)
DDB is there now but something still isn't triggering textdumps. 2.4 has a different /etc/ddb.conf file from the one ... Jim Pingle
03:36 PM pfSense Packages Bug #6939: HAproxy - backend server list broken with recent 2.3.3 snapshots
I quoted a wrong post, however, both the HAproxy and the Status_Traffic_Totals have been fixed by reverting the offen... Kill Bill
03:05 PM pfSense Packages Bug #6939: HAproxy - backend server list broken with recent 2.3.3 snapshots
Kill Bill wrote:
> I'm not one of those bootstrap guys. :/ Perhaps @sbeaver could help. As for excessively wide drop... Kill Bill
02:34 PM Todo #6332: Upgrade encryption options to cover current range of recommendations
I believe such an RFC exists already:
https://tools.ietf.org/html/rfc6151
Section 2: "MD5 is no longer acceptab... Sean McBride
12:38 PM Todo #6944 (Closed): dhcp6c releasing allocation
There is a problem some users are having with dhcp6c sending a release on exit, in 99% of cases this is not an issue ... Martin Wasley
01:21 AM Feature #6832: [PATCH] Add the USB ID for the Sierra MC7430
Thanks, but I don't see it in the @RELENG_2_4@ branch. Jose Luis Duran

11/18/2016

08:22 PM Bug #6941: VLAN interface does not work unless parent/or vlan interface are in promiscious mode
There are known issues with re(4) and spoofed MACs, it isn't always the driver, sometimes it is the chip itself.
Y... Jim Pingle
07:44 PM Bug #6941: VLAN interface does not work unless parent/or vlan interface are in promiscious mode
Jim Pingle wrote:
> That would be a limit of your specific NIC chip and/or driver. If it's possible to be fixed at a... Thomas Nilsen
06:33 PM Revision 86bb5c37: Build hping
Jim Pingle
06:33 PM Revision 6be47576: Build hping
Jim Pingle
06:32 PM Revision c1d124be: Build hping
Jim Pingle
04:51 PM Revision e63ca285: Revert "Set dhcp-cache-threshold to 0 to avoid a bug in dhcpd 4.3.x where it omits client-hostname where the cache threshold is reached. Ticket #6589"
Reverted after upgrade dhcpd server to 4.3.5
This reverts commit 9dacff7f1b2b89ebebc1e9456d642e0657bb89cc. Renato Botelho
04:51 PM Revision 94e0e0de: Revert "Apply the fix for ticket #6589 also into dhcpdv6 config"
Reverted after upgrade dhcpd server to 4.3.5
This reverts commit 776692947bda5c867c7f5e60550c3a508760c251. Renato Botelho
04:50 PM Revision 1bd7d5e5: Revert "Apply the fix for ticket #6589 also into dhcpdv6 config"
Reverted after upgrade dhcpd server to 4.3.5
This reverts commit 20350989db5d66ffb827beaed5ef5738cd62fc9d. Renato Botelho
04:50 PM Revision 06b91f60: Revert "Set dhcp-cache-threshold to 0 to avoid a bug in dhcpd 4.3.x where it omits client-hostname where the cache threshold is reached. Ticket #6589"
Removed after upgrade dhcpd server to 4.3.5
This reverts commit 318e0383829daac934424879ccfce09395e80025. Renato Botelho
04:08 PM pfSense Packages Bug #6939: HAproxy - backend server list broken with recent 2.3.3 snapshots
I'll take care of it Anonymous
03:44 PM pfSense Packages Bug #6939: HAproxy - backend server list broken with recent 2.3.3 snapshots
I'm not one of those bootstrap guys. :/ Perhaps @sbeaver could help. As for excessively wide dropdowns, perhaps this ... Kill Bill
03:17 PM pfSense Packages Bug #6939: HAproxy - backend server list broken with recent 2.3.3 snapshots
Yah shortening the field lengths would likely help.. but how to do that in a bootstrapped kinda way.?. Pi Ba
02:59 PM pfSense Packages Bug #6939: HAproxy - backend server list broken with recent 2.3.3 snapshots
Not sure either, the "port" field could definitely be shrunk quite a bit, for starters, though that'd only mitigate t... Kill Bill
02:36 PM pfSense Packages Bug #6939: HAproxy - backend server list broken with recent 2.3.3 snapshots
There used to be a scrollbar.. Thats hidden now by this fix: https://redmine.pfsense.org/issues/6895
Reverting htt... Pi Ba
02:30 PM Bug #6850: FreeBSD 11.0 Route Syntax Change For Non-Local Gateway
Still seeing some issues, if I edit anything with the local-gateway even just the description and click apply changes... Ken Sim
02:10 PM Bug #6850 (Feedback): FreeBSD 11.0 Route Syntax Change For Non-Local Gateway
Ken Sim wrote:
> Still seeing system lockup on 2.4.0-BETA when dealing with non-local gateways.
I've tried to rep... Renato Botelho
02:14 PM Feature #6832 (Resolved): [PATCH] Add the USB ID for the Sierra MC7430
Already added Renato Botelho
02:13 PM Bug #6782: pkg update can trigger multiple updates per second
I believe the responsible for so many queries is System Information Widget, that checks for upgrades every time it sh... Renato Botelho
12:41 PM Bug #6658: DHCP Relay not working on 2.3.2
Yay!!! Will only be able to test after this weekend; going to post feedback here. Thanks. Kill Bill
10:47 AM Bug #6658 (Feedback): DHCP Relay not working on 2.3.2
Patch removed and package updated to 4.3.5 on pfSense 2.3.3 and 2.4.0 Renato Botelho
10:47 AM Bug #6840 (Feedback): Upgrade ISC dhcpd to 4.3.5 to address missing hostname workaround
Done for 2.3.3 and 2.4.0 Renato Botelho
10:32 AM Todo #6894 (Resolved): Improvements and fixes on 2.4 installer
Labels are working, GPT was the default, ZFS is working (See #6929). This looks good to me. Closing. Jim Pingle
07:14 AM Todo #6894 (Feedback): Improvements and fixes on 2.4 installer
- GPT is now default
- Labels are being used on fstab
- ZFS installation is working as expected Renato Botelho
10:23 AM Bug #6943 (Feedback): Textdumps are not working on 2.4 (No DDB)
option DDB added to pfSense kernel Renato Botelho
09:10 AM Bug #6943 (Resolved): Textdumps are not working on 2.4 (No DDB)
The amd64 kernel in 2.4 does not contain "options DDB" so textdumps are not working. It does have "options KDB", but ... Jim Pingle
07:50 AM Bug #6942 (Duplicate): Traffic Graph displays wrong local FQDN
It will only show what it finds in DNS, which is what it gets from DHCP static mappings, leases, host overrides, and ... Jim Pingle
06:18 AM Bug #6942 (Duplicate): Traffic Graph displays wrong local FQDN
In a configuration with several networks and different local domain names for each network where hosts get their name... Juerg Reimann
07:18 AM Bug #6877: nsCertType "Server" property of a certificate is not detected if additional nsCertType flags are also set
And in the same spirit, https://github.com/pfsense/pfsense/pull/3234 Bruno Grossmann
07:16 AM Todo #5368 (Feedback): Review /etc/ttys for serial console
Done during 2.4 alpha Renato Botelho

11/17/2016

09:21 PM Bug #6941 (Rejected): VLAN interface does not work unless parent/or vlan interface are in promiscious mode
That would be a limit of your specific NIC chip and/or driver. If it's possible to be fixed at all, it would have to ... Jim Pingle
04:48 PM Bug #6941 (Rejected): VLAN interface does not work unless parent/or vlan interface are in promiscious mode
Hi,
I have a pfsense box with two physical interfaces re0/re1.
My setup is two vlan interfaces defined re0_102 ... Thomas Nilsen
08:23 PM Revision 0641b626: Fixed #6931
Steve Beaver
08:22 PM Revision d3cb20ce: Fixed #6931
Steve Beaver
06:07 PM Bug #4689: Panic/Crash "sbflush_internal: cc 4294967166 || mb 0 || mbcnt 0"
I am getting this symptom (crashs) on v2.3.2, multiple times a day:... Claude Duvergier
02:34 PM pfSense Packages Feature #6831: Snort does not support aliases containing FQDN
Reading this would help to understand why it's not supported.
https://forum.pfsense.org/index.php?topic=87211.msg514... Kill Bill
02:30 PM Bug #6931: Status > Filter Reload page is confusingly worded
Applied in changeset commit:d3cb20cef80a084f162495b5698190405df7a1dd. Anonymous
02:24 PM Bug #6931 (Feedback): Status > Filter Reload page is confusingly worded
Page un-uglyfied as requested Anonymous
01:22 PM Revision 09d22384: Merge pull request #3233 from doktornotor/patch-2
Jim Pingle
12:55 PM pfSense Packages Bug #6939: HAproxy - backend server list broken with recent 2.3.3 snapshots
P.S. Cannot make the window any wider, it's already fullscreen on a full HD monitor, not even F11 helps. :-D Kill Bill
12:54 PM pfSense Packages Bug #6939: HAproxy - backend server list broken with recent 2.3.3 snapshots
That's the same image I'm running, so it's most likely a problem with the package in general. It's possible there was... Jim Pingle
12:51 PM pfSense Packages Bug #6939: HAproxy - backend server list broken with recent 2.3.3 snapshots
Well, not sure what's current. The box has been upgraded about ~2 hours ago. ... Kill Bill
12:46 PM pfSense Packages Bug #6939: HAproxy - backend server list broken with recent 2.3.3 snapshots
Is this still the same on a current snapshot? Is it the same if you force a page reload to clear the cache? Make the ... Jim Pingle
12:29 PM pfSense Packages Bug #6939 (Resolved): HAproxy - backend server list broken with recent 2.3.3 snapshots
This definitely used to work, however it got badly broken recently. The SSL checkbox and weight fields are completely... Kill Bill
12:51 PM Bug #6940 (Duplicate): OpenVPN management socket not listening after bootup / cannot restart the service.
OpenVPN management socket not listening after bootup
The dashboard shows the following: "Unable to contact daemon ... Pi Ba
12:38 PM Bug #6760: Editing WAN bridge interface breaks routing until reboot
Jim Pingle wrote:
> One thing I did notice in your original description is that the network config is invalid. You c... Kill Bill
11:47 AM Revision 2f7c76cf: Put original match back
Did not mean to remove SSL substring from the check... Doktor Notor
11:36 AM Revision 0db9846a: Fix nsCertType matching for some certificates (Bug #6877)
See https://redmine.pfsense.org/issues/6877#note-4 Doktor Notor
08:51 AM Bug #6919 (Resolved): Filter logs are broken, log has incomplete/invalid data
Looks good, filter log contains the expected entries now. Jim Pingle
08:42 AM Bug #6901 (Resolved): services_unbound_host_edit.php: "Delete" button should be suppressed if < 2 host aliases listed
We determined this page was OK because it's acceptable for a host override to have zero aliases. Without the button t... Jim Pingle
08:34 AM Feature #809 (Resolved): Config sync username change
Works, can XMLRPC sync so long as the user has the "System - HA node sync" privilege. Jim Pingle
08:17 AM Bug #5319: Error message "No config named" in charon daemon
I can confirm this one too. 2.3.2 in use.... Fabian Melters
07:30 AM Bug #6877 (Resolved): nsCertType "Server" property of a certificate is not detected if additional nsCertType flags are also set
Looks good, thanks for testing!
 Jim Pingle
07:27 AM Bug #6877: nsCertType "Server" property of a certificate is not detected if additional nsCertType flags are also set
Works ;)
!https://s15.postimg.org/w34bhj9az/Cert_Manager_Screenshot_Fixed.png! Kill Bill
07:23 AM Bug #6877 (Feedback): nsCertType "Server" property of a certificate is not detected if additional nsCertType flags are also set
Merged PR Jim Pingle
07:10 AM Bug #6877 (Assigned): nsCertType "Server" property of a certificate is not detected if additional nsCertType flags are also set
I don't think I've ever seen one with both set, and practically there is rarely if ever a reason to do so. It's worth... Jim Pingle
05:37 AM Bug #6877: nsCertType "Server" property of a certificate is not detected if additional nsCertType flags are also set
Yeah, this cannot work... Kill Bill
04:38 AM Bug #6877: nsCertType "Server" property of a certificate is not detected if additional nsCertType flags are also set
Well, this does not work properly even with the nsCertType set. Example:... Kill Bill
05:23 AM Bug #6934 (Resolved): /usr/bin/install missing from new 2.4 installations
Renato Botelho
01:18 AM Bug #6934: /usr/bin/install missing from new 2.4 installations
I just did a fresh install with the 11/16/16 build. I was able to restore my configuration and all packages installe... Chad Wagner

11/16/2016

11:29 PM Revision 8cab3470: Revise host and domain sorting so that the index is not lost
Steve Beaver
11:28 PM Revision 589634a9: Revise host and domain sorting so that the index is not lost
Steve Beaver
09:48 PM Bug #6938: DNS with OpenVPN gateway specified is routed through wrong interface. 2.4 regression.
I've been trying to identify if the same issue exists when setting a DNS entry with a normal WAN gateway (with static... Gavin Stewart
07:39 PM Bug #6938 (Duplicate): DNS with OpenVPN gateway specified is routed through wrong interface. 2.4 regression.
System -> General Setup -> DNS Server Settings
Setting a DNS with an OpenVPN client gateway (dynamic IP address) is ... Gavin Stewart
09:11 PM Revision 4c17e45f: Added addrtolower() function to allow IPv6 addresses to be converted to lower case while preserving aliases or other text
Steve Beaver
09:10 PM Revision f3997278: Added addrtolower() function to allow IPv6 addresses to be converted to lower case while preserving aliases or other text
Steve Beaver
07:22 PM Bug #6936: OpenVPN client boot race causes intermittent dependent rule failure.
I have now verified that this is reproducible on 2.4 nightly 20161116-0701. Gavin Stewart
06:44 AM Bug #6936: OpenVPN client boot race causes intermittent dependent rule failure.
Moving the start of OpenVPN will undoubtedly have other unintended consequences. What is likely happening here is tha... Jim Pingle
06:37 AM Bug #6936: OpenVPN client boot race causes intermittent dependent rule failure.
Yes. Gavin Stewart
06:33 AM Bug #6936: OpenVPN client boot race causes intermittent dependent rule failure.
Do you have System > Advanced, Misc, "Do not create rules when gateway is down" set? Jim Pingle
03:54 AM Bug #6936: OpenVPN client boot race causes intermittent dependent rule failure.
Please note that Status -> Filter Reload also works to properly initialise the rule after boot (as an alternative to ... Gavin Stewart
01:19 AM Bug #6936 (Closed): OpenVPN client boot race causes intermittent dependent rule failure.
*Summary*:
A race condition starting OpenVPN client at boot (rc.bootup) is causing a firewall rule (that is dependen... Gavin Stewart
07:17 PM Revision 8f6cd075: Make sure pkg repo config files are not included in base tarball
Renato Botelho
04:06 PM Bug #6925: System Update Failed
I've already taken everyone off the network, but I can not update only timeout.
((>>> Updating repositories meta... Edson Bueno
02:58 PM Revision cd618e85: Be more verbose when creating distribution tarball
Renato Botelho
02:16 PM Revision 22e3574d: Revert "Fix #6864 automatically convert IPv6 input to lowercase"
This reverts commit d461ff40e364fc0ecc003b9f673cbad7c6a08f2f.
(cherry picked from commit 75bc87fe10f30f49a09218820f7... Luiz Souza
02:16 PM Revision ba814883: Revert "Fix #6918 Allow aliases with capital letters in rules"
This reverts commit 9444a281f051e11d5456cc37b2a3f56fc8a7bc33.
(cherry picked from commit 9128641db5c9b6839163948f3f7... Luiz Souza
12:55 PM Revision 574866f1: Change the way to initialize PKG_REPO_SIGNING_COMMAND to make it possible to set it to empty string on build.conf
Renato Botelho
09:15 AM Revision c0ac85e7: There is no ./install to be excluded in 2.4. It fixes #6934
Renato Botelho
08:47 AM Bug #6937 (Confirmed): Inbound traffic on enc0 is not creating a state with mobile IPsec
Jim Pingle
08:47 AM Bug #6937 (Resolved): Inbound traffic on enc0 is not creating a state with mobile IPsec
Traffic entering enc0 on 2.4 is not creating a state, thus TCP traffic will not pass. ICMP works as the return traffi... Jim Pingle
06:45 AM Bug #6913 (Resolved): install on Hyper-v R2
Jim Pingle
06:15 AM Bug #6935 (Duplicate): Rule (which contains a pfBlockerNG URL-Alias) cannot be saved
Jim Pingle
03:37 AM Bug #6935: Rule (which contains a pfBlockerNG URL-Alias) cannot be saved
Kill Bill wrote:
> Duplicate of Bug #6918
Ups, sorry Andreas Strub
03:06 AM Bug #6935: Rule (which contains a pfBlockerNG URL-Alias) cannot be saved
Duplicate of Bug #6918 Kill Bill
01:06 AM Bug #6935 (Duplicate): Rule (which contains a pfBlockerNG URL-Alias) cannot be saved
I cannot create or edit a Rule which contains a pfBlockerNG (URL-)Alias. The name of the Alias will automatically con... Andreas Strub
03:50 AM Revision 75bc87fe: Revert "Fix #6864 automatically convert IPv6 input to lowercase"
This reverts commit d461ff40e364fc0ecc003b9f673cbad7c6a08f2f. Luiz Souza
03:45 AM Revision 9128641d: Revert "Fix #6918 Allow aliases with capital letters in rules"
This reverts commit 9444a281f051e11d5456cc37b2a3f56fc8a7bc33. Luiz Souza
03:20 AM Bug #6934 (Feedback): /usr/bin/install missing from new 2.4 installations
Applied in changeset commit:c0ac85e7408bd34beac586b25a57901dc2c5c885. Renato Botelho

11/15/2016

11:44 PM Bug #6913: install on Hyper-v R2
Yes, it works.
Thank you. Dmitry Ivanov
10:44 PM Bug #6913 (Feedback): install on Hyper-v R2
There were fixes put in today for ZFS and it might have affected other things you're seeing. Try it again on a new sn... Jim Pingle
11:15 PM Bug #6911: no network on hyperv-v 2012 R1
I don't have anything capable of running Hyper-V on Windows Server (R1 or R2) nearby so I can't easily confirm the is... Jim Pingle
10:20 PM Bug #5383: CODELQ Traffic Shaper Causes Panic and Reboot During Speed Test
I just experienced this apparently same crash on 2.4 while running the DSLReports Speedtest. The system crashed afte... Chad Wagner
10:02 PM Bug #6918: Javascript Lowercase for IPv6 addresses prevents use of aliases with capital letters
I reverted all these changes until the proper solution is committed.
The 'real' solution here is convert the IPv6 ... Luiz Souza
05:44 PM Bug #6918 (New): Javascript Lowercase for IPv6 addresses prevents use of aliases with capital letters
There are more related pending PRs that may help, but I was talking to sbeaver earlier and he had some ideas on how i... Jim Pingle
05:30 PM Bug #6918: Javascript Lowercase for IPv6 addresses prevents use of aliases with capital letters
I'm sorry but this is *still* broken. I go to Firewall - NAT - Port Forward, there's a rule with an alias called "RAS... Kill Bill
09:40 PM Bug #6919 (Feedback): Filter logs are broken, log has incomplete/invalid data
Should be fixed in filterlog-0.1_5. Luiz Souza
05:41 PM Bug #6925: System Update Failed
Nah, Nepal is innocent -- the mirrors have been slow like molasses for some two days or so... Kill Bill
05:34 PM Bug #6925: System Update Failed
I am also getting this the last day or so. I thought it was related to moving back to Nepal and having slower internet. Phillip Davis
01:25 PM Bug #6925 (Feedback): System Update Failed
Jim Thompson
11:45 AM Revision ff3d11c8: DHCPv6 ddnsdomainprimary must currently be IPv4
This field is currently validated to allow only an IPv4 address to be entered, so it may as well be consistent client... Phil Davis
11:40 AM Bug #6929 (Resolved): Choosing ZFS during install results in a system that cannot mount root
ZFS now works on CE and Factory snapshots, thanks!
 Jim Pingle
09:37 AM Bug #6929 (Feedback): Choosing ZFS during install results in a system that cannot mount root
Pushed a fix, please try next round of snapshots Renato Botelho
11:35 AM Revision 7164c563: services_dhcp_edit add extra IPv4 validation
a) Validate that ipaddr must be IPv4 (note if you enter an IPv6 address, it will fail other later tests of being in t... Phil Davis
10:34 AM Revision 41fc88ec: Specify the IP address family in interfaces.php
Where it is known what sort of IP address is required, we can specify it in the call to Form_IpAddress. That will mak... Phil Davis
10:13 AM Bug #6934 (Resolved): /usr/bin/install missing from new 2.4 installations
Same as #6643 but it's happening again on 2.4 now.
/usr/bin/install is missing from a fresh install, updating to a... Jim Pingle
08:26 AM Bug #6933 (Duplicate): Wrong IPv6 address is served over DNS when static mapping is used with Track6 interface
Duplicate of #6768 Jim Pingle
08:07 AM Bug #6933 (Duplicate): Wrong IPv6 address is served over DNS when static mapping is used with Track6 interface
I have a router with pfSense 2.3.2 that has several LAN interfaces, each set to Track6 mode to assign IPv6 addresses ... Anonymous
07:20 AM Bug #6927: 1 to 1 NAT allows entry of mixed IP addresses
1:1 NAT does work for IPv6. It's similar to NPt, but for a single address -- NPt is really just a slightly different ... Jim Pingle
04:07 AM Bug #6927: 1 to 1 NAT allows entry of mixed IP addresses
At the moment it allows entry of IPv6 addresses. Is that correct? Is the 1:1 NAT feature supposed to work fine with I... Phillip Davis

11/14/2016

11:00 PM Revision bf2c7206: Fix #6918 Allow aliases with capital letters in rules
Expand the types of Form_IpAddress so that the caller can specify
exactly what combination of IPv4, IPv6 address and ... Phil Davis
11:00 PM Revision 8100374e: Fix #6918 Allow aliases with capital letters in rules
Expand the types of Form_IpAddress so that the caller can specify
exactly what combination of IPv4, IPv6 address and ... Phil Davis
10:59 PM Revision f9dcc114: Merge pull request #3225 from phil-davis/form_ipaddress
Jim Pingle
10:14 PM Bug #6932 (Not a Bug): MLPPP
Please open a forum thread for discussion and diagnosis before opening a bug report. It does work for some people, an... Jim Pingle
10:11 PM Bug #6932 (Not a Bug): MLPPP
This feature has been broken for a very long time. I have tested with x64 and x86 and different hardware with no luck... Matt Crook
06:11 PM Bug #6931 (Resolved): Status > Filter Reload page is confusingly worded
The way the Filter Reload page is displayed implies that the filter rules are loaded by simply visiting the page.
... Steve Wheeler
05:32 PM Bug #6812: IPsec filterdns crash
OK these issues have surfaces again this morning. Truth be told, I have no idea what's Ipsec and as far as I know, I... Anonymous
05:10 PM Bug #6918: Javascript Lowercase for IPv6 addresses prevents use of aliases with capital letters
Applied in changeset commit:9444a281f051e11d5456cc37b2a3f56fc8a7bc33. Phillip Davis
05:01 PM Bug #6918 (Feedback): Javascript Lowercase for IPv6 addresses prevents use of aliases with capital letters
The PR looks good, appears to do the proper thing in each case. I just merged it in. Jim Pingle
03:28 PM pfSense Packages Feature #6651: Loopback interfaces
Loopback interfaces are a cisco best practice for GRE/IPSec tunnels. I would use them for site-to-site IPSec as an in... Tom Poole
11:50 AM Bug #6930 (Resolved): DHCP server should be disabled for /31 and /32
Related forum thread: https://forum.pfsense.org/index.php?topic=121105.0
Basically
- disable the enable DHCP serv... Kill Bill
11:49 AM Bug #6929 (Resolved): Choosing ZFS during install results in a system that cannot mount root
Choosing the ZFS option results in a system that starts to boot, but cannot mount the root slice because it doesn't k... Jim Pingle
12:43 AM Bug #6911: no network on hyperv-v 2012 R1
the problem appears to be fixed in FreeBSD 11.0- *STABLE* Dmitry Ivanov

11/13/2016

11:13 PM pfSense Packages Bug #6928: freeRADIUS, logging with "Access-Reject" not work in mysql table radpostauth
for change it - needed uncomment this:
/usr/local/etc/raddb/sites-enabled/default
section post-auth
variable sql
... Konstantin Ab
09:47 PM pfSense Packages Bug #6928 (Resolved): freeRADIUS, logging with "Access-Reject" not work in mysql table radpostauth
The table(radpostauth) is recorded only events "Access-Accept".
in the table(radpostauth) needed events "Acces-Reje... Konstantin Ab
10:01 PM Bug #6913: install on Hyper-v R2
11-stable have fixed this issue Dmitry Ivanov
07:47 AM Bug #6913: install on Hyper-v R2
Bug 212721 - FreeBSD 11.0-RC2/RC3/RELEASE fails on Hyper-V 2012r2
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id... Dmitry Ivanov
06:17 PM Revision 9444a281: Fix #6918 Allow aliases with capital letters in rules
Expand the types of Form_IpAddress so that the caller can specify
exactly what combination of IPv4, IPv6 address and ... Phil Davis
05:49 PM Revision 38ce4a18: Keep the rule type selection after input errors on firewall rule
If the user:
a) Edit a firewall rule
b) Select "single host or alias"
c) Enter an invalid IP address that is not an a... Phil Davis
01:12 PM Bug #6925: System Update Failed
"Operation timed out" => when download fails, you cannot upgrade. Kill Bill
10:41 AM Bug #6925 (Resolved): System Update Failed
>>> Updating repositories metadata...
Updating pfSense-core repository catalogue...
pfSense-core repository is up-... Edson Bueno
01:07 PM Bug #6927 (Resolved): 1 to 1 NAT allows entry of mixed IP addresses
When adding a 1:1 NAT entry it is possible to enter a mix of IPv4 and IPv6 addresses in the various External Internal... Phillip Davis
12:19 PM Bug #6918: Javascript Lowercase for IPv6 addresses prevents use of aliases with capital letters
See pull request https://github.com/pfsense/pfsense/pull/3225 for a suggested fix. Phillip Davis
11:05 AM Bug #6918: Javascript Lowercase for IPv6 addresses prevents use of aliases with capital letters
Yes. Confirmed on:
2.3.3-DEVELOPMENT (amd64)
built on Fri Nov 11 16:36:08 CST 2016
FreeBSD 10.3-RELEASE-p12
... Andrew -
12:17 PM Bug #6926 (New): Miniupnp advertising expired IPv6 address
Version 2.3.2_1
With WAN set to DHCP6 and LAN set to track interface, the miniupnp service does not get notified i... Leland Roach
07:39 AM Bug #6924 (Not a Bug): Configure third interface by gui.
It's possible something being configured on the previous one made it appear that it failed (e.g. states got reset). I... Jim Pingle
12:52 AM Bug #6924: Configure third interface by gui.
I added a new network card and I set up ipv4 and saved it and it was just spinning. Now I added another set and it wa... Edson Bueno
05:55 AM pfSense Packages Bug #3343: (re)starting freeradius service throws "The command '/usr/local/etc/rc.d/radiusd.sh stop' returned exit code '1', the output was 'radiusd not running?'"
The problem is, that pfSense restarts the packages it self and also calls the restart method of freeradius itself.
... Chris Becker
04:50 AM Bug #6911: no network on hyperv-v 2012 R1
Bug 213618 - When running as a Hyper-V Guest, FreeBSD 11 networking does not work
https://bugs.freebsd.org/bugzilla... Dmitry Ivanov

11/12/2016

10:13 PM Revision 360f3a90: add All-Inkl to services.class
Christoph Filnkößl
10:09 PM Revision 575b1dcf: add All-Inkl to dyndns.class
Christoph Filnkößl
09:00 PM Bug #6923 (Not a Bug): install pfSense-pkg-nrpe-2.3.1_1.txz
I can't duplicate this here on a current snapshot. The package installs fine.
Make sure you are on a completely up... Jim Pingle
12:06 PM Bug #6923 (Not a Bug): install pfSense-pkg-nrpe-2.3.1_1.txz
Fetching pfSense-pkg-nrpe-2.3.1_1.txz: . done
Fetching nrpe-ssl-2.15_6.txz: ... done
Fetching nagios-plugins-2.1.3,... Edson Bueno
08:21 PM Bug #6924 (Feedback): Configure third interface by gui.
Can you explain in more detail about exactly what you are doing that is failing?
I am able to assign an interface ... Jim Pingle
12:57 PM Bug #6924 (Not a Bug): Configure third interface by gui.
Configures all standard parameters prompts to save. But it just keeps rolling.
But by option 2 (Set interface (s) IP... Edson Bueno
02:54 AM Bug #6922 (Resolved): Dynamic DNS widget broken with Custom v6 entries
Self-explanatory:
!https://s16.postimg.org/9l1y6nq6t/Screenshot1.png!
!https://s16.postimg.org/t46jg0oyd/Screensh... Kill Bill

11/11/2016

11:22 PM Bug #6921 (Not a Bug): Poor speed with Chelsio T420-CR
I have a Chelsio T420-CR 10gbe NIC in a Supermicro A1SRi-2758f based pfsense router. I get poor speed (~1.2gbps) test... Rajil Saraswat
10:00 PM Bug #6688 (Resolved): Special characters in a password cause problems
Base64 encoding works fine here. Jim Pingle
09:59 PM Feature #5985 (Resolved): ntp pool command
Tested on a few systems, works fine. Jim Pingle
03:30 PM Feature #5985 (Feedback): ntp pool command
Applied in changeset commit:fbb652ed28641c50b14b9897a914ed317c323d73. Jim Pingle
09:59 PM Feature #6639 (Resolved): Utilize nextboot to control the behavior of the next firewall reboot
Tested on a few systems, works fine. Jim Pingle
02:30 PM Feature #6639 (Feedback): Utilize nextboot to control the behavior of the next firewall reboot
Applied in changeset commit:92a78939583e2be7f7cc52d045bc48a2e2264d1d. Jim Pingle
09:50 PM Bug #6920 (Resolved): Upgrading to 2.4 with a stale package .inc file can prevent the system from fully booting after upgrade
I upgraded a 2.3 VM that had recently had FreeRADIUS installed, but removed. The old freeradius.inc was somehow left ... Jim Pingle
09:24 PM Revision fbb652ed: Use the ntpd "pool" command for more robust timekeeping. Attempting to automatically determine if we are using a pool, and allow it to be set optionally otherwise. Implements #5985
Jim Pingle
08:48 PM Bug #6919 (Resolved): Filter logs are broken, log has incomplete/invalid data
The filter logs contain information but not enough data:... Jim Pingle
08:22 PM Revision 92a78939: Add options to console menu reboot selection to reboot into single user mode and to reboot and force a filesystem check. Implements #6639
Jim Pingle
06:45 PM Revision 2909468c: Revert change to row delete button
Steve Beaver
06:44 PM Revision 464a540a: Revert change to row delete button
Steve Beaver
06:39 PM Revision 0a0c6db0: Revert "Suppress delete button if only one row"
This reverts commit 13be068fe5e1377d1d5649efe0f860ba5c34ba90. Steve Beaver
06:38 PM Revision b9c0d66d: Revert "Suppress delete button if only one row"
This reverts commit 75ac7cab1dfb3e8148a27a13369bbb08219e8c3a. Steve Beaver
04:37 PM Revision 13be068f: Suppress delete button if only one row
Steve Beaver
04:37 PM Revision 75ac7cab: Suppress delete button if only one row
Steve Beaver
04:12 PM Revision af3bf919: Fixed #6916
Steve Beaver
04:11 PM Revision 38fe6f07: Fixed #6916
Steve Beaver
02:01 PM Revision 6a365a4c: LAN IP validation logic
Jonathon Anderson
01:47 PM Revision c6575378: Revert "Fixed #6811"
This reverts commit f92d44da5a4958372c7fb925043abc34588143e3. Steve Beaver
01:40 PM Revision aa66a125: Revert "Fixed #6811"
This reverts commit f92d44da5a4958372c7fb925043abc34588143e3. Steve Beaver
12:34 PM Bug #6898 (Resolved): Suggestion: reword "VPN > IPsec > Tunnels > Edit Phase 1" "Key Exchange version" popup contents
Looks good. Jim Pingle
12:23 PM Bug #6872 (Resolved): Captive Portal per user bandwidth field no longer accepts 0.
Text is correct now. Jim Pingle
12:22 PM Bug #6864 (New): Error checking rejects IPv6 addresses with upper case A-F.
Jim Pingle
12:22 PM Bug #6864: Error checking rejects IPv6 addresses with upper case A-F.
This appears to have broken the use of Aliases that have names using capital letters. See #6918 Jim Pingle
12:20 PM Bug #6830 (Resolved): Chelsio T4/T5 CXGBE drivers not loaded as ALTq capable in the PfSense UI
It's in the list now for snapshots. Jim Pingle
12:19 PM Bug #6828 (Resolved): Patch for "route change" is not present on 2.4 builds using FreeBSD 11
Routing has been fine on 2.4 in every scenario I've tried so far. Jim Pingle
12:18 PM Bug #6633 (Resolved): redirect-gateway duplicated in client specific overrides
Fixed, only one entry is present in the override file now. Jim Pingle
12:16 PM Bug #6628 (Resolved): extensions.ini can end up missing required items
New extension loading method is working well. Jim Pingle
12:15 PM Bug #6549 (Resolved): fstab is missing post-install
I've run through several installs lately and this is definitely OK now. Jim Pingle
11:00 AM Feature #2766: status_openvpn.php needs IPv6 support
Still missing in OpenVPN 2.3.12 Jim Pingle
10:43 AM Bug #6918 (Closed): Javascript Lowercase for IPv6 addresses prevents use of aliases with capital letters
If you have an alias, say "Blah", and try to enter it in a field on a firewall rule, it is automatically translated t... Jim Pingle
10:21 AM Bug #6893 (Resolved): Configuration XML is inconsistent with self closing tags
Anonymous
10:20 AM Bug #6916: interfaces_vlan.php: Clicking on "Cancel" deletes VLAN
Applied in changeset commit:38fe6f07922c8ee6bde81ba1f07ab6ffe380f12b. Anonymous
10:14 AM Bug #6916 (Feedback): interfaces_vlan.php: Clicking on "Cancel" deletes VLAN
Automatic confirmation suppressed and manual confirm substituted. Anonymous
08:59 AM Bug #6916 (Resolved): interfaces_vlan.php: Clicking on "Cancel" deletes VLAN
Just another small bug from VLAN delete confirmation dialog (see Bug #5541). If one clicks on trash icon, the delete ... Luzemario Dantas
09:51 AM Feature #6917: Add ability to choose from what IP/IFACE you search for updates
The update check always has to leave the interface with the default gateway, as any traffic originating from the fire... Jim Pingle
09:40 AM Feature #6917 (New): Add ability to choose from what IP/IFACE you search for updates
Hi guys,
Please add an option to allow the user to choose from what IP or interface the request for updates is out... Luzemario Dantas
07:48 AM Bug #6905 (Resolved): XMLRPC Loop detection broken, secondary refuses to accept sync data
Works in snapshots that include the fix Jim Pingle
07:46 AM pfSense Packages Feature #6859 (Resolved): have an includedir by default (sudo package)
Works Jim Pingle
07:27 AM pfSense Packages Bug #6900 (Resolved): OpenVPN + OTP auth failure
Works Jim Pingle
07:01 AM pfSense Packages Bug #5868 (Resolved): Quagga OSPF Priority value "0" (zero) is being ignored - DR election doesnt work properly.
Feedback from a customer who was hitting this confirmed it's now working. Jim Pingle
07:01 AM pfSense Packages Bug #6797 (Resolved): Shared Key Export - just one server in list
Works Jim Pingle
07:00 AM Feature #3410 (Resolved): Patch: Add Apple Open Directory memberUid support in group lookup
Closing for lack of feedback. Jim Pingle
06:59 AM Bug #4820 (Resolved): DHCP Scope at setup
Works Jim Pingle
06:55 AM Todo #2480 (Closed): Add checkbox to OpenVPN client/server to exlcude VPN server from (pushed) routes
It's been 4 years and this hasn't come up again. If someone needs it, they can add these options manually. Jim Pingle
05:50 AM Bug #6895 (Resolved): Moving rules does not scroll
Anonymous
03:27 AM Bug #6658: DHCP Relay not working on 2.3.2
Can this pretty please finally get the disastrous patch reverted? Not only it did not fix what it was supposed to fix... Kill Bill
03:08 AM pfSense Packages Bug #6736: Snort fails to start after upgrade to 2.3.2-RELEASE
Get the same issue when updateing from pfSense 2.3.1_5 to 2.3.2_1
In my logs when SNORT tries to start I also get:... Diggory Gray
02:09 AM Bug #6915 (Resolved): unbound logging not working after reboot or "Reset log files"
After "reboot the machine" or "Status => System Logs => Settings" => "Reset log files" then unbound logs are not s... idris budak

11/10/2016

11:07 PM Feature #6914 (Resolved): unbound access-control lists
Hello! In
Services -> DNS Resolver -> Access Lists -> Add -> Actions
we have only 4 options "Deny", "Refuse", "Allo... Vladimir Tiukhtin
04:04 PM Bug #6099: igmpproxy does not recognize upstream interface
That's interesting. But unfortunately this is not the case for my system. Swisscom transmits everything on vlan10 and... Philipp Haefelfinger
02:49 PM Revision 3ad0f9b6: Update setup_wizard.xml
Jonathon Anderson
01:30 PM Bug #6906: Issues with /tmp and /var in RAM on 2.4
The prompt when booting appears to be due to the fact that /var was not cleaned out when switching to RAM disk, and t... Jim Pingle
12:32 PM Bug #6913 (Resolved): install on Hyper-v R2
can't install 2.4 on Hyper-V 2012 R2
fix... Dmitry Ivanov
12:27 PM pfSense Packages Bug #4608: squidGuard & pfsense RAM disk compatible
Better fix is in now, see #6878 Jim Pingle
12:27 PM pfSense Packages Bug #6279 (Rejected): squidguard blacklist update not working after initial update
Works here, must be something local or site-specific. Jim Pingle
12:23 PM pfSense Packages Bug #6878: how to use snort, squid and squid_guard with a ram disk
Each of these changes was made on 2.4 only, as some assumptions were made that could conflict in some cases (e.g. Nan... Jim Pingle
12:23 PM pfSense Packages Bug #6878 (Feedback): how to use snort, squid and squid_guard with a ram disk
I pushed a change to teach squidGuard to keep its databases in a persistent directory when /var is in RAM. The files ... Jim Pingle
11:10 AM pfSense Packages Bug #6878: how to use snort, squid and squid_guard with a ram disk
Pushed a change for squid to teach clamav to keep its DB in a persistent location if /var is a RAM disk. It doesn't c... Jim Pingle
12:23 PM Bug #6912 (Closed): install on Hyper-v R2
can't install 2.4 on Hyper-v R2 (all updates installed)
fix:... Dmitry Ivanov
11:17 AM Bug #6910: Pre-fill 'interface' field when creating firewall rule on interface -> efficiency
But the details you mention are not solved by this suggestion. The interface is already filled/selected when you crea... Jim Pingle
11:14 AM Bug #6910: Pre-fill 'interface' field when creating firewall rule on interface -> efficiency
I mean it constructively, btw, not to whine or something. Hollander Hollander
11:08 AM Bug #6910: Pre-fill 'interface' field when creating firewall rule on interface -> efficiency
I'm assuming people want to work efficient.
What is wrong with copying a field into a field to make sure people do... Hollander Hollander
10:08 AM Bug #6910: Pre-fill 'interface' field when creating firewall rule on interface -> efficiency
You're assuming everyone uses it the same way you use it, which isn't the case. Removing functionality to prevent foo... Jim Pingle
10:05 AM Bug #6910: Pre-fill 'interface' field when creating firewall rule on interface -> efficiency
1. Button: 'copy'
2. Popup: which fields to change (interface);
3. Save = copied with altered values. Hollander Hollander
09:44 AM Bug #6910 (Rejected): Pre-fill 'interface' field when creating firewall rule on interface -> efficiency
Being able to edit the interface allows you to move a rule from one interface to another. (e.g. copy LAN rule, edit L... Jim Pingle
09:05 AM Bug #6910 (Rejected): Pre-fill 'interface' field when creating firewall rule on interface -> efficiency
Now it is possible to create a firewall rule on a vlan tab, and fill in the wrong interface in that rule. Aside from ... Hollander Hollander
11:02 AM Bug #6781 (Resolved): OpenBSD description links are broken in Traffic Shaper
Thanks for the feedback! Jim Pingle
11:00 AM Bug #6781: OpenBSD description links are broken in Traffic Shaper
I think you should mark it as "resolved/closed". Thanks! Vladimir Suhhanov
10:49 AM Bug #6911 (Rejected): no network on hyperv-v 2012 R1
i have installed 2.4 on hyper-v 2012 R1, set ip. no network.. no ping.. have updated drivers, enabled and disabled hw... Dmitry Ivanov
10:03 AM Revision 09cc19c2: Consider the IPv6 checksum options when dealing with "Disable hardware checksum offload".
Ticket #5321
(cherry picked from commit 411d4e6e55475cc66b997ca3e47478dbe10b4e1b) Luiz Souza
10:03 AM Revision 1c9bf396: Fix bug where CARP vip status is incorrent in the interface when more
than one CARP vip is configured for an interface.
(cherry picked from commit 5116a8aa60ad87c0a47aafeca422cc323147ea14) Fredrik Rönnvall
10:03 AM Revision 16bdba73: Remove "use lowercase" hint
As it is no longer relevant, because the code now automatically converts
to lowercase.
(cherry picked from commit 6a... Phil Davis
10:03 AM Revision 3a66c0da: Fix #6864 automatically convert IPv6 input to lowercase
1) As the user leaves the field, or presses Save, onChange will fire and
convert the input string to lowercase. This ... Phil Davis
10:01 AM Revision ebc4a441: Consider the IPv6 checksum options when dealing with "Disable hardware checksum offload".
Ticket #5321
(cherry picked from commit 411d4e6e55475cc66b997ca3e47478dbe10b4e1b) Luiz Souza
10:01 AM Revision 5ad69855: Fix bug where CARP vip status is incorrent in the interface when more
than one CARP vip is configured for an interface.
(cherry picked from commit 5116a8aa60ad87c0a47aafeca422cc323147ea14) Fredrik Rönnvall
10:01 AM Revision 0cc7eec5: 80 character lines ftw :)
Just because it was asked nicely :)
(cherry picked from commit 013110a19b90698cd521fc120b06b7cc37b531e5) Stilez y
10:01 AM Revision 68de92f2: standardise old code ("or" -> "||")
(cherry picked from commit f9416ab2bdaae5ca41e70db1c846ab3419fd0cee) Stilez y
10:01 AM Revision b68edd49: Remove "use lowercase" hint
As it is no longer relevant, because the code now automatically converts
to lowercase.
(cherry picked from commit 6a... Phil Davis
10:01 AM Revision 6df432c3: Fix #6864 automatically convert IPv6 input to lowercase
1) As the user leaves the field, or presses Save, onChange will fire and
convert the input string to lowercase. This ... Phil Davis
08:48 AM Feature #6909 (Duplicate): Copy FW rules to new interface efficiency
Example: I want to copy ALL FW rules from VLAN100 to VLAN110 at once.
Then, in that copy, or (see previous issue r... Hollander Hollander
08:16 AM Feature #6908 (Resolved): Alias copy, sort, search/replace functions
For example: copy one alias (the content of course) into another alias (like in FW rules), sort alias, filter alias, ... Hollander Hollander
04:08 AM Revision 7798eb1e: Fix a 'divide by zero' bug in traffic_shaper_wizard_multi_all.inc.
Luiz Souza

11/09/2016

11:27 PM Revision 694872ae: Comment typos alphabet
(cherry picked from commit d622a62eb4f3ec8535ead494a863f10bbc409f41) Phil Davis
11:27 PM Revision 2f8f3cb3: Merge pull request #3221 from phil-davis/patch-2
Steve Beaver
11:23 PM Revision d622a62e: Comment typos alphabet
Phil Davis
10:51 PM Bug #6907 (Duplicate): DNS Resolver does not use domain name set in DHCP subnet, only the global one
Ran into this myself & found a relevant forum post here: https://forum.pfsense.org/index.php?topic=119717.0
In sho... Wil Reichert
10:28 PM Bug #6761 (Feedback): Limiter doesn't limit at correct bandwidth
Many bugs were fixed in 2.4.
2.3.2 is very broken with respect to limiters.
Could you try a recent 2.4 snapshot ? Luiz Souza
07:55 PM Revision 0eb2512f: update conditional re:LAN dhcp
Jonathon Anderson
06:05 PM Revision b20a6d67: Fix #6899
(cherry picked from commit c766ac7dd723f6e36980c48b0dd156b492556616) Luka Pavlyuk
06:05 PM Revision 5e105459: Merge pull request #3218 from kernelbug/master
Renato Botelho
06:02 PM Revision abc9b886: ipsec, apply routes also for IP-aliases with carp parents
(cherry picked from commit ee908e93671fddb38f8cca5d3d19a28791934878) Pi Ba
06:02 PM Revision 8d8cd372: Merge pull request #3220 from PiBa-NL/ipsec-routes
Renato Botelho
05:33 PM Revision 6f012614: syslogd, create configured logsocket directories
(cherry picked from commit 4406922edb1000ef79f4fccfb484aa1103105ac0) Pi Ba
05:32 PM Revision b256751e: Merge pull request #3211 from PiBa-NL/syslogd-logsocket
Renato Botelho
04:41 PM Bug #6099: igmpproxy does not recognize upstream interface
Found sth on different site:
[[https://sourceforge.net/p/igmpproxy/bugs/4/#472a]]
So for at least with DE-Telekom ... Chris Becker
03:23 PM pfSense Packages Bug #6878: how to use snort, squid and squid_guard with a ram disk
Fixed the snort directories in commit:ce8fedd
Will look into squidGuard soon. Jim Pingle
02:57 PM Revision 59537908: err() expects a single parameter
Renato Botelho
02:57 PM Bug #6906: Issues with /tmp and /var in RAM on 2.4
Checking deeper, @pkg info@ is empty after switching, which explains why the installed packages showed damaged, but a... Jim Pingle
02:49 PM Bug #6906 (Resolved): Issues with /tmp and /var in RAM on 2.4
I set /tmp and /var to be in RAM on a test box running 2.4 and hit a couple issues:
1. I had two packages installe... Jim Pingle
02:57 PM Revision dcae03a3: Fixed #6903
hosts and domains sorted on display, not on save to config Steve Beaver
02:56 PM Revision 8e7fea67: Fixed #6903
hosts and domains sorted on display, not on save to config Steve Beaver
02:23 PM Feature #6881: services_unbound_host_edit.php: DNS Resolver Add V4 and V6 host override at the same time
In addition any aliases created would have to include both the V4 and V6 addresses. Anonymous
02:06 PM Bug #1813 (Confirmed): Static routes on WAN interfaces overridden by route-to for firewall-initiated traffic
It is still an issue but it can be easily worked around by adding a floating rule to pass outbound to the destination... Jim Pingle
01:57 PM pfSense Packages Bug #6900 (Feedback): OpenVPN + OTP auth failure
The verify script is in @/usr/local/etc/raddb/scripts/otpverify.sh@ on current versions. The FreeRADIUS package code ... Jim Pingle
01:08 PM Revision b8b0fab1: Merge pull request #3215 from PiBa-NL/xmlrpc-loopback
Jim Pingle
12:06 PM Feature #6899 (Feedback): Can't specify PPTP/L2TP gateway as FQDN
Pull request has been merged. Thanks! Renato Botelho
11:01 AM Bug #6769 (Resolved): Crash PacketFilter in bridge mode
I can reproduce this somewhat here on 2.3.2. With a WAN/LAN style bridge, putting @synproxy@ on a TCP rule will event... Jim Pingle
10:03 AM Bug #6760 (Not a Bug): Editing WAN bridge interface breaks routing until reboot
I can't reproduce this here on 2.3.2_1. I can make edits to the bridge and the MAC stays the same and I can still rou... Jim Pingle
09:00 AM Bug #6903: services_dnsmasq_edit.php: Configuration XML hosts section order appears randomized
Applied in changeset commit:8e7fea674a34ab217c9b9821c608639ca45bd281. Anonymous
08:18 AM Bug #6903 (Feedback): services_dnsmasq_edit.php: Configuration XML hosts section order appears randomized
It is certainly not "randomized", but since the two tables may be sorted (by clicking the column headers) the hosts c... Anonymous
08:56 AM Bug #6883 (Resolved): OpenVPN puts subnet on lo0 on FreeBSD 11, breaks in certain cases
The route now appears on the OpenVPN interface as expected, and clients can connect/pass traffic with static addresse... Jim Pingle
07:57 AM Bug #5319: Error message "No config named" in charon daemon
I've just been hit by this as well and like the last comment, restarting ipsec from the cmd line fixes the problem fo... Nick Fisk
07:15 AM Bug #6905: XMLRPC Loop detection broken, secondary refuses to accept sync data
Merge is in commit:b8b0fab1a4ef44758ff7fdd9cbfcc8bab2fe49b9 Jim Pingle
07:08 AM Bug #6905 (Feedback): XMLRPC Loop detection broken, secondary refuses to accept sync data
Merged PR Jim Pingle
07:06 AM Bug #6905 (Resolved): XMLRPC Loop detection broken, secondary refuses to accept sync data
When trying to perform an XMLRPC between two 2.4 HA systems, the secondary won't accept new settings, believing it ha... Jim Pingle
06:26 AM Revision 1267b787: The IPv6 packets are always blocked.
Ticket #6206 Luiz Souza
06:21 AM Revision c603770d: Fix a 'divide by zero' bug on shaper wizard when PRIQ is used and no bandwitdth is entered (the correct setting for a PRIQ scheduler).
Luiz Souza
01:21 AM Bug #6904: PRIQ Queue Priority Limited To 7
Dirty patch attached to thread above, restores old behavior...
Correct way would be to determine parent interface ... ky41083 -

11/08/2016

09:46 PM Bug #6904 (Resolved): PRIQ Queue Priority Limited To 7
Set parent interface to PRIQ. Set child queue priority to anything greater than 7. Receive "Please select a value tha... ky41083 -
09:20 PM Bug #6779 (Resolved): Traffic shaper wizard uses decimals instead of whole numbers
Anonymous
09:18 PM Bug #6779: Traffic shaper wizard uses decimals instead of whole numbers
Looks like fixed. Vladimir Suhhanov
08:38 PM Revision ee908e93: ipsec, apply routes also for IP-aliases with carp parents
Pi Ba
06:53 PM Revision e5f9360f: Fixed #6893
Null configuration settings are now written as <tag></tag> instead of <tag /> for consistency Steve Beaver
06:53 PM Revision da7054b7: Fixed #6893
Null configuration settings are now written as <tag></tag> instead of <tag /> for consistency Steve Beaver
06:07 PM Bug #6903 (Resolved): services_dnsmasq_edit.php: Configuration XML hosts section order appears randomized
Related to #6893 - when I view the diff of the configuration XML after a change to DNS Resolver's Host Overrides sect... Kevin Wojniak
05:08 PM Revision 92db4492: Set root password for installation media
Renato Botelho
04:26 PM Bug #6893: Configuration XML is inconsistent with self closing tags
Awesome, thanks for the quick fix! Kevin Wojniak
01:00 PM Bug #6893: Configuration XML is inconsistent with self closing tags
Applied in changeset commit:da7054b7cf77d9322307c52d8340fb30486ce25e. Anonymous
12:54 PM Bug #6893 (Feedback): Configuration XML is inconsistent with self closing tags
Null configuration settings are now written as <tag></tag> instead of <tag /> for consistency Anonymous
01:06 PM Bug #6883: OpenVPN puts subnet on lo0 on FreeBSD 11, breaks in certain cases
thank you very much!) Dmitry Ivanov
01:02 PM Bug #6883 (Feedback): OpenVPN puts subnet on lo0 on FreeBSD 11, breaks in certain cases
I've imported a patch from OpenVPN development list:
https://github.com/pfsense/FreeBSD-ports/commit/153999c431c59... Renato Botelho
09:46 AM Bug #6902 (Not a Bug): webConfigurator not using new certificate and won't disable SSL
The certificate won't take full effect until the web server is restarted, and restarting the web server from a proces... Jim Pingle
06:00 AM Bug #6902: webConfigurator not using new certificate and won't disable SSL
Bob Hannent wrote:
> Restarting the pfSense box has now locked me out of the UI, neither HTTPS or HTTP work now. Sli... Bob Hannent
05:46 AM Bug #6902 (Not a Bug): webConfigurator not using new certificate and won't disable SSL
Method:
* I had the web UI using the default self-signed certificate and I used an alternate port number just in cas... Bob Hannent
07:38 AM Bug #3075: Can't delete unused Virtual IP "referenced by a least one gateway"
I've got this error on 2.3.2_1, on a CARP VIP I just added for a test. I'm 100% sure that VIP is not being used for a... Flavio Stanchina

11/07/2016

10:53 PM Bug #6850: FreeBSD 11.0 Route Syntax Change For Non-Local Gateway
Still seeing system lockup on 2.4.0-BETA when dealing with non-local gateways. Ken Sim
10:13 PM Revision d36ea867: 2.4.0 is now BETA
Renato Botelho
08:26 PM Revision 32980f32: update LAN regex for case insensitivity
Jonathon Anderson
07:14 PM Revision 4c7ec3de: Fixed 6901
Steve Beaver
07:13 PM Revision 6bd09ca2: Fixed 6901
Steve Beaver
06:49 PM Revision 86584ded: Store Dynamic DNS passwords in Base64 to protect special characters. Fixes #6688
Jim Pingle
06:00 PM Revision 4606b548: Fixed #6898
Steve Beaver
06:00 PM Revision 10b262b4: Fixed #6898
Steve Beaver
04:24 PM Revision cde63e73: Merge branch 'RELENG_2_3' of git.netgate.com:pfsense/pfsense into RELENG_2_3
Steve Beaver
04:22 PM Revision a4a0f8db: Fixed #6779 by rounding bandwidth down to nearest integer
Steve Beaver
04:19 PM Revision 16625f3c: Fixed #6779 by roundinf bandwidth down to nearest integer
Steve Beaver
03:56 PM Revision a6b5014d: So, PHP eats the last '\n' and we need an additional new line...
Fix the generated pf rules. Luiz Souza
03:51 PM Bug #6119 (Closed): Alias entry causes filterdns core dumps
> While creating an alias containing multiple networks, I used copy/paste and (unthinkingly) pasted 18 of the 22 entr... Jim Pingle
03:36 PM Revision 7c3a9ded: Fixed #6779
Round calculated bandwidth down to nearest integer Steve Beaver
03:18 PM Bug #6200: LACP with em driver does not work with cisco active lacp setup
I don't have a Cisco switch to test against, and the only piece of hardware I have left with em0 that works is 32-bit... Jim Pingle
02:57 PM Bug #6880 (Confirmed): Multiple DHCP6 WAN connections leads to multiple dhcp6c clients
Confirmed. The daemon is binding to all interfaces, which prevents the second one from operating properly.
Changin... Jim Pingle
02:39 PM Revision 7c9f724c: Correct part of #6779
Setting input "step" value to "any" alows hte element to accept decimal (float) values, not just integers. Steve Beaver
02:38 PM Revision 54a217f0: Correct part of #6779
Setting input "step" value to "any" alows hte element to accept decimal (float) values, not just integers. Steve Beaver
02:33 PM Bug #6663 (Confirmed): IPv6 OpenVPN client is down after reboot
Confirmed, doesn't need PPPoE. An OpenVPN instance on an assigned GIF interface is enough. It's acting as though the ... Jim Pingle
02:21 PM pfSense Packages Bug #6721: Incorrect OpenBGPd package scripts prevent use of both IPv4 and IPv6
Hi Jim,
Leaving "Listen on IP" blank makes the default IPv4 address "0.0.0.0" to be put on both IPv4 *and IPv6* "l... Luzemario Dantas
11:14 AM pfSense Packages Bug #6721 (Needs Patch): Incorrect OpenBGPd package scripts prevent use of both IPv4 and IPv6
Unless there is a compelling need to set it to listen on two specific addresses manually, leave "Listen on IP" blank ... Jim Pingle
01:12 PM Bug #6901 (Feedback): services_unbound_host_edit.php: "Delete" button should be suppressed if < 2 host aliases listed
checkLastRow() Javascript added to page Anonymous
01:12 PM Bug #6901 (Resolved): services_unbound_host_edit.php: "Delete" button should be suppressed if < 2 host aliases listed
Anonymous
01:00 PM Bug #6688 (Feedback): Special characters in a password cause problems
Applied in changeset commit:86584ded30c27b9ad1b017fb743399dc01180f02. Jim Pingle
12:50 PM Bug #6688: Special characters in a password cause problems
I committed a fix to store the passwords in base64. Worked fine here but could use more testing. 2.4 only for the tim... Jim Pingle
12:10 PM Bug #6898: Suggestion: reword "VPN > IPsec > Tunnels > Edit Phase 1" "Key Exchange version" popup contents
Applied in changeset commit:10b262b409c9b4170785948b9e73bdfc7edc2eae. Anonymous
12:01 PM Bug #6898 (Feedback): Suggestion: reword "VPN > IPsec > Tunnels > Edit Phase 1" "Key Exchange version" popup contents
Pull-down text changed as suggested. Anonymous
09:40 AM Bug #6779: Traffic shaper wizard uses decimals instead of whole numbers
Applied in changeset commit:7c3a9dede96552233fbe1da35ac4126aa524711b. Anonymous
08:56 AM Bug #6779: Traffic shaper wizard uses decimals instead of whole numbers
Fix part 1: HTML inputs that specify the bandwidth have been updated to accept decimal values.
Part 2: Calcualted ba... Anonymous
09:39 AM pfSense Packages Feature #6859 (Feedback): have an includedir by default (sudo package)
Seems useful and was simple to add. I pushed it to the 2.4 version of the package. Jim Pingle
08:20 AM pfSense Packages Bug #6867 (Closed): Please update quagga to version 1.1
We'll pick it up naturally when it comes through FreeBSD ports. I don't think it's worth going out of our way to pick... Jim Pingle
05:22 AM pfSense Packages Bug #6900 (Resolved): OpenVPN + OTP auth failure
Hi guys. In pfsense 2.3.2 after any changes (firewall rules, reboot, etc...), I cannot access the server via OpenVPN ... Franz Tavers
04:17 AM Revision 55fcc035: Do not generate IPv6 rules when IPv6 is disabled.
Ticket #6206 Luiz Souza
03:51 AM Revision 411d4e6e: Consider the IPv6 checksum options when dealing with "Disable hardware checksum offload".
Ticket #5321 Luiz Souza
03:18 AM Revision a227ecef: Merge pull request #3164 from fredronnv/master
* 'master' of https://github.com/fredronnv/pfsense:
Fix bug where CARP vip status is incorrent in the interface whe... Luiz Souza
02:57 AM Revision 068ec0b1: Merge pull request #3176 from stilez/patch-49
* 'patch-49' of https://github.com/stilez/pfsense:
80 character lines ftw :)
standardise old code ("or" -> "||") Luiz Souza
02:49 AM Revision 81cc31e1: Merge pull request #3199 from phil-davis/ipv6lower
* 'ipv6lower' of https://github.com/phil-davis/pfsense:
Remove "use lowercase" hint
Fix #6864 automatically conve... Luiz Souza

11/06/2016

10:25 PM Bug #6206 (Feedback): Default icmp6 pass-rules are added even when ipv6 is "disabled" by user
Luiz Souza
10:12 PM Feature #3859: Make it possible to set the source IP address for gateway monitoring
is there any updates on this feature ?
With lack of ipv4, being able to use only one public ip is a pretty common co... david stievenard
10:00 PM Bug #5321 (Feedback): rxcsum6, txcsum6 not considered by "Disable hardware checksum offload"
Fixed in 2.4. Luiz Souza
09:32 PM Revision c766ac7d: Fix #6899
Luka Pavlyuk
09:10 PM Bug #6864 (Feedback): Error checking rejects IPv6 addresses with upper case A-F.
Applied in changeset commit:d461ff40e364fc0ecc003b9f673cbad7c6a08f2f. Phillip Davis
06:05 PM Bug #6864: Error checking rejects IPv6 addresses with upper case A-F.
Note: The pull request generated discussion about whether users should have the option to record IPv6 addresses with ... Phillip Davis
12:37 AM Bug #6864: Error checking rejects IPv6 addresses with upper case A-F.
Take a look at Phil's patch. If it needs rework kick back to either he or I. Jim Thompson
01:07 AM Bug #6200: LACP with em driver does not work with cisco active lacp setup
Eval, please Jim Thompson
01:06 AM Bug #6119: Alias entry causes filterdns core dumps
Please retest on 2.3. Close if possible. Let me know if it's still an issue Jim Thompson
01:03 AM Bug #1813: Static routes on WAN interfaces overridden by route-to for firewall-initiated traffic
Can't be "high", it's five years old.
JimP, please reeval to see if this is still and issue. Jim Thompson
01:00 AM Bug #4424: Adding and removing shaper repeatedly causing interface crash
With luck recent work has closed this. Jim Thompson
12:59 AM Todo #6606: Adapt captive portal to work without multi-instance ipfw
Believe this should be closed Jim Thompson
12:57 AM Bug #6663: IPv6 OpenVPN client is down after reboot
Pingle pls confirm Jim Thompson
12:42 AM Bug #6688: Special characters in a password cause problems
Please look at Phil'a patch Jim Thompson
12:31 AM Bug #6896 (Feedback): unbound root.key file corruption possibly related to full file system
Jim Thompson
12:27 AM pfSense Packages Feature #6859: have an includedir by default (sudo package)
Pingle for eval. Jim Thompson
12:26 AM pfSense Packages Bug #6867: Please update quagga to version 1.1
Needs serious evaluation first. Jim Thompson

11/05/2016

02:03 PM Todo #6332: Upgrade encryption options to cover current range of recommendations
In general I agree that we could do a better job here. Beaver can look into that.
Things like md5 have to stay u... Jim Thompson
12:04 PM Todo #6332: Upgrade encryption options to cover current range of recommendations
Jim Pingle wrote:
> We can't outright purge md5 and other weak options because people are frequently forced to use t... Sean McBride
11:04 AM Todo #6332: Upgrade encryption options to cover current range of recommendations
We can't outright purge md5 and other weak options because people are frequently forced to use them for third party v... Jim Pingle
10:09 AM Todo #6332: Upgrade encryption options to cover current range of recommendations
I was about to file a similar bug, but found this one searching the bugbase for "md5".
I'm new to pfsense and just... Sean McBride
12:56 PM Feature #6899 (Needs Patch): Can't specify PPTP/L2TP gateway as FQDN
Thanks for the proposal. This would be considered a feature request (I changed the type for you). Code submissions sh... Jim Pingle
12:51 PM Feature #6899 (Resolved): Can't specify PPTP/L2TP gateway as FQDN
Actually I don't know that's a bug report or a feature request actually.
Nevertheless I'm using the following workar... Luka Pavlyuk
12:30 PM Bug #6898 (Resolved): Suggestion: reword "VPN > IPsec > Tunnels > Edit Phase 1" "Key Exchange version" popup contents
In the "VPN > IPsec > Tunnels > Edit Phase 1" screen, there is a "Key Exchange version" popup, its contents are:
V1... Sean McBride
07:45 AM pfSense Packages Feature #6226: Add usb_modeswitch to the pfSense package repo
Has this feature request stalled ?
There is a package that that could handle this, it is only a matter of the corr... Dan Lundqvist
04:26 AM Revision 3c3f9397: Fix the port assigment on SG-4860 or SG-8860.
Luiz Souza

11/04/2016

08:50 PM Feature #6897 (Duplicate): Use a dedicated favicon for the webConfigurator (one that differs from *.pfsense.org)
I think webConfigurator should use a favicon that differs from the one used on any *.pfsense.org.
I often have mul... Claude Duvergier
08:26 PM Revision d5cf0b70: Fixed #6895
by setting overflow-x: visible; in CSS Steve Beaver
08:25 PM Revision 7da65ab7: Fixed #6895
by setting overflow-x: visible; in CSS Steve Beaver
07:17 PM Revision 0bddde7f: Enable ALTQ for cxl. Fixes #6830
Renato Botelho
07:17 PM Revision 0ea7b83e: Enable ALTQ for cxl. Fixes #6830
Renato Botelho
07:16 PM Revision 7ac34d65: Enable ALTQ for cxl. Fixes #6830
Renato Botelho
07:08 PM Bug #6779: Traffic shaper wizard uses decimals instead of whole numbers
Thanks!
I updated you instructions a little since "default" is not always the same in the Wizard. Anonymous
11:31 AM Bug #6779: Traffic shaper wizard uses decimals instead of whole numbers
Yes, calculated values.
Run wizard, select Multiple Lan/Wan traffic_shaper_wizard_multi_all.xml
*First step:*
LA... Vladimir Suhhanov
10:47 AM Bug #6779 (Feedback): Traffic shaper wizard uses decimals instead of whole numbers
Would you please clarify for me?
Does the problem occur when you enter decimals in the wizard, or when values you ... Anonymous
06:43 PM Revision 01fb4340: Fixed $6811
Steve Beaver
06:39 PM Revision cbd61636: When deleting or disabling a non-dynamic gateway, if that gateway was set as default then remove the corresponding default route to respect the user's decision. Fixes #6659
(cherry picked from commit 1be1b87b5f9ab8d0a259b888aab08ec6babad568) Jim Pingle
06:06 PM Revision 1be1b87b: When deleting or disabling a non-dynamic gateway, if that gateway was set as default then remove the corresponding default route to respect the user's decision. Fixes #6659
Jim Pingle
05:19 PM Bug #6896: unbound root.key file corruption possibly related to full file system
The logs cannot fill up anything. They are circular and fixed size - see Status - System Logs - Settings. Simply make... Kill Bill
05:19 PM Bug #6896: unbound root.key file corruption possibly related to full file system
Just following up, I traced it down to the suricata package. My DNS log is gigabytes in length. What is strange is t... George 77
05:13 PM Bug #6896 (Not a Bug): unbound root.key file corruption possibly related to full file system
My root.key becomes corrupt and unbound crashes and no longer will start. This bug is likely related to #5334 and has... George 77
04:51 PM Revision f92d44da: Fixed #6811
Steve Beaver
04:28 PM Revision 3b55b54e: Improved error message to explicitly state allowable characters
Related to Bug #6432. Sean McBride
03:30 PM Bug #6895: Moving rules does not scroll
Applied in changeset commit:7da65ab7dc9a1b55624de9fb6eb9a4a272440573. Anonymous
03:29 PM Bug #6895 (Feedback): Moving rules does not scroll
Matt Fine to test. Anonymous
03:23 PM Bug #6895 (Resolved): Moving rules does not scroll
Dragging firewall rules does not automatically scroll the page when dragging to the top or bottom of hte visible window Anonymous
03:05 PM Revision 2446fffa: Convert CloudFlare and GratisDNS dynamic DNS over to split hostname and domain name fields, like Namecheap. Otherwise they could both break with subdomains or international TLDs with many parts. Fixes #6778
Jim Pingle
02:58 PM pfSense Packages Bug #6777 (Not a Bug): squid cant redirect ssl website correctly to squidguard error page in a denied category
Jim Pingle
02:56 PM pfSense Packages Bug #6777: squid cant redirect ssl website correctly to squidguard error page in a denied category
NOT A BUG.
This is caused by a behavior on Browsers, check this link for more information about it: https://bugzil... Luiz Fernando Cavalcanti
02:38 PM Revision 96ff627f: Fixed #6753
Interface menu entries no longer sorted for consistency with other GUI instances
(cherry picked from commit e5d33973... Steve Beaver
02:38 PM Revision e5d33973: Fixed #6753
Interface menu entries no longer sorted for consistency with other GUI instances Steve Beaver
02:34 PM Todo #6894: Improvements and fixes on 2.4 installer
- It's not rebooting after auto ZFS installation on 4860 Renato Botelho
02:04 PM Todo #6894 (Resolved): Improvements and fixes on 2.4 installer
- Remove extra options for auto UFS leaving only MBR and GPT
- Use labels to particions on UFS Renato Botelho
02:22 PM Revision 46800f85: OpenBSD removed the pf FAQ page for shaping, so link to the proper page on archive.org since they offer no current equivalent and no other suitable replacement page is immediately available. Fixes #6781
Jim Pingle
02:22 PM Revision 7a48a7f7: OpenBSD removed the pf FAQ page for shaping, so link to the proper page on archive.org since they offer no current equivalent and no other suitable replacement page is immediately available. Fixes #6781
Jim Pingle
02:20 PM Revision 79e50e97: OpenBSD removed the pf FAQ page for shaping, so link to the proper page on archive.org since they offer no current equivalent and no other suitable replacement page is immediately available. Fixes #6781
Jim Pingle
02:20 PM Bug #6830 (Feedback): Chelsio T4/T5 CXGBE drivers not loaded as ALTq capable in the PfSense UI
Applied in changeset commit:7ac34d65a4f3f8561c8156ae75630aa71c8a88f2. Renato Botelho
01:18 PM Bug #2800 (Resolved): OpenVPN doesn't work properly with intermediate/chained CAs
This works fine in the base system and in the export package. I can make a CA, then make an intermediate CA, then mak... Jim Pingle
01:10 PM Bug #6659 (Feedback): Default routes are not being removed after deletion
Applied in changeset commit:1be1b87b5f9ab8d0a259b888aab08ec6babad568. Jim Pingle
12:13 PM Bug #6876: Firewall alias issue after adding a wrong alias
I do confirm that affected version are 2.3.2 and 2.2, even if screenshot is 2.2.x. Purpose of screenshot was just to ... m de crevoisier
09:11 AM Bug #6876 (Feedback): Firewall alias issue after adding a wrong alias
Affected version has been set to 2.3.2, yet your screenshots are from a 2.2.x version. Would you please confirm that ... Anonymous
12:00 PM Bug #6811: pkg_edit.php rowhelper is broken with multiple distinct rowhelpers per page.
Applied in changeset commit:f92d44da5a4958372c7fb925043abc34588143e3. Anonymous
11:51 AM Bug #6811 (Feedback): pkg_edit.php rowhelper is broken with multiple distinct rowhelpers per page.
Changes made to pkg_edit.php appear to have resolved this, but more testing is required. Many packages use rowhelpers... Anonymous
11:22 AM Bug #6432: Relative distinguished names should accept unicode during CA creation.
I hit this exact problem too.
It would be nice to at least improve the error message to state which characters are... Sean McBride
11:05 AM Bug #6884: "Reboot" option should be under "System" menu, not "Diagnostics"
First, I really did not intend to start a bikeshedding flame war. :) I honestly thought it would be non-controversia... Sean McBride
10:51 AM Bug #6884: "Reboot" option should be under "System" menu, not "Diagnostics"
In the typical firewall use case, a reboot or halt only happens when there is a problem that needs correcting, which ... Jim Pingle
10:42 AM Bug #6884: "Reboot" option should be under "System" menu, not "Diagnostics"
Shrug; not sure how common action is rebooting a NAS:
QNAP: !https://s22.postimg.org/4aznct5kh/Screenshot_1.png! S... Kill Bill
10:26 AM Bug #6884: "Reboot" option should be under "System" menu, not "Diagnostics"
Because it's a bikeshed discussion that will never please everyone. Making reboot and halt more accessible is not a g... Jim Pingle
10:18 AM Bug #6884: "Reboot" option should be under "System" menu, not "Diagnostics"
I think all the current locations simply suck. Why not have a menu in place of the current logout button that offers ... Kill Bill
10:39 AM Bug #6668 (Feedback): IPSec tunnel + L2TP/IPSec VPN - wrong PSK chosen by pfSense
I'm hesitant to commit changes to the ordering without lots of testing first, so can you try the attached patch to se... Jim Pingle
10:14 AM Bug #6893: Configuration XML is inconsistent with self closing tags
Here's another example. I only deleted some L2TP users, but the XML has changed for these values (screenshot from Sou... Kevin Wojniak
09:39 AM Bug #6893 (Resolved): Configuration XML is inconsistent with self closing tags
Whenever I make changes I do "Download configuration as XML" and store the file in a git repository, so I always view... Kevin Wojniak
10:10 AM Bug #6778 (Feedback): CloudFlare Dynamic DNS fails when domain name uses a Second Level TLD
Applied in changeset commit:2446fffa5932e8debcaf165bfaf5492cea429c60. Jim Pingle
10:06 AM Bug #6778 (Confirmed): CloudFlare Dynamic DNS fails when domain name uses a Second Level TLD
Both CloudFlare and GratisDNS used the same logic that Namecheap used to use, which has several potential problems. I... Jim Pingle
10:04 AM Bug #6406: Web process becomes unresponsive producing 502 Bad Gateway nginx
There is no known consistent single cause. Some have it with nothing else installed, some other pfBlocker, some with ... Jim Pingle
09:59 AM Bug #6406: Web process becomes unresponsive producing 502 Bad Gateway nginx
Sorry to re-hash this, but since it has just been assigned to me I need an update.
Some of the above responses wou... Anonymous
09:50 AM Feature #6753: Interfaces list order not consistent
Applied in changeset commit:e5d339735836fd55b0fa944d5d7e472793785e30. Anonymous
09:43 AM Feature #6753 (Feedback): Interfaces list order not consistent
Sorting has been removed from the Interface menu.
Adding msort to all other occurrences would obviously involve mo... Anonymous
09:35 AM Bug #6826: DNS forwarder is sending packets with link-local IPv6 source address to global unicast address
Thanks. ping is a special case since it is protocol-aware (separate ping, ping6), but it looks like FreeBSD doesn't i... Brian Candler
08:49 AM Bug #6826 (Rejected): DNS forwarder is sending packets with link-local IPv6 source address to global unicast address
This appears to be how FreeBSD behaves and is not specific to the DNS resolver or forwarder, the same happens even wi... Jim Pingle
09:30 AM Bug #6781 (Feedback): OpenBSD description links are broken in Traffic Shaper
Applied in changeset commit:79e50e9768f32b75817a28021d051c79cb44fdec. Jim Pingle
09:13 AM Bug #6711 (Closed): diag_states_summary # States and # States twice (explain one is per protocol)
Anonymous
09:06 AM Bug #6802 (Rejected): GUI does not respond and vpn stops working
Duplicate of #6406 and others that are all the same base issue: PHP gets wedged and don't respond. Jim Pingle
09:04 AM Bug #6868 (Confirmed): Interface MTU Setting not applied to all IPv6 routes
I can reproduce the behavior on 2.3.x. If I adjust the MTU of an assigned interface, only the default and/or link rou... Jim Pingle
08:58 AM Bug #6812 (Feedback): IPsec filterdns crash
The two events are not related.
The first is an issue with an IPsec tunnel peer address that was entered as a full... Jim Pingle
02:09 AM Bug #6843: Version inconsistency after updating to 2.3.2_1
I should add that I've since this was reported upgraded via the command line and it now shows 2.3.2_1 on both pages. Ivan Pedersen

11/03/2016

11:00 PM Bug #6892 (Resolved): CARP VIPs Deleted entering CARP Maintenance Mode
There is an issue both upgrading CARP HA cluster and subsequent entering and leaving CARP maintenance mode.
When e... Chris Linstruth
10:09 PM Bug #6884 (Rejected): "Reboot" option should be under "System" menu, not "Diagnostics"
This debate pops up every now and then and there hasn't been a compelling argument for moving it. Rebooting and shutt... Jim Pingle
10:01 PM Bug #6884: "Reboot" option should be under "System" menu, not "Diagnostics"
When I first came to pfSense I had the same trouble finding the Reboot entry and Halt entry.
The flip side to this i... Phillip Davis
10:08 PM Bug #4326: Limiters on firewall rules where NAT applies drop all traffic
OK. I don't use this so it doesn't effect systems that I have that will be stuck on 2.3.* (32-bit Alix). If it is not... Phillip Davis
09:43 PM Bug #4326: Limiters on firewall rules where NAT applies drop all traffic
Given all the work that's happened on 2.4 with IPFW, I'd say it's best to not attempt a backport. 2.4 is not that far... Jim Pingle
07:36 PM Bug #4326: Limiters on firewall rules where NAT applies drop all traffic
I guess the fix is in the pf port or...?
Is it something that easily applies back to 2.3.* FreeBSD 10.3 and thus cou... Phillip Davis
05:10 PM Bug #4326 (Feedback): Limiters on firewall rules where NAT applies drop all traffic
Fixed in 2.4. Luiz Souza
09:42 PM Bug #6812: IPsec filterdns crash
Assigned to Pingle for analysis. Jim Thompson
09:41 PM Bug #6823: No connectivity after changing link state to UP

We would have to provide the ports of the Intel drivers as packages, and then allow people to load the package on d... Jim Thompson
09:22 PM Bug #6868: Interface MTU Setting not applied to all IPv6 routes
assigned to Pingle for analysis. Jim Thompson
08:54 PM Bug #6891: Improper shutdown causes irrecoverable filesystem corruption, unable to boot or fsck
Some related forum threads...
https://forum.pfsense.org/index.php?topic=120019.0
https://forum.pfsense.org/index.ph... → luckman212
08:47 PM Bug #6891 (Duplicate): Improper shutdown causes irrecoverable filesystem corruption, unable to boot or fsck
I've had this happen 4 times so far that I can remember. That is definitely more than I would like but out of ~85 fi... → luckman212
07:42 PM Bug #6406: Web process becomes unresponsive producing 502 Bad Gateway nginx
FYI - Still happening on 2.3.2-RELEASE-p1 systems. Alex Vergilis
07:00 PM Revision 8d44b2cb: xmlrpc, fix loopback detection
Pi Ba
06:55 PM Feature #6775: Strongswan PKCS#11 Support
https://wiki.strongswan.org/projects/strongswan/wiki/PKCS11plugin
no idea what this needs in the GUI, etc.
OP s... Jim Thompson
05:34 PM Bug #6890 (Resolved): PPP service name error
Hi,
I've just updated a virtual appliance to the new 2.3.2_1 version, and now, i can't add ppp connection (3G backu... Jonathan Valverde
03:56 PM Bug #1819: DNS Resolver Not Registering DHCP Server Specified Domain Name
Any updates on this? It also seems to be affecting unbound on 2.3.2-p1. Until this is fixed, perhaps removing the d... Jacob Smith
12:20 PM Bug #6887 (Rejected): Carp status widget doesn't work, show wrong IPs status
I can't reproduce this. If I create a similar setup, the VIP status is reflected properly on both units.
That said... Jim Pingle
05:45 AM Bug #6887 (Rejected): Carp status widget doesn't work, show wrong IPs status
In a two nodes cluster with 3 carp IPs, carp widget doesn't show correctly which node is master or backup for each ip... Alberto Ayllon
10:21 AM Todo #6889 (Resolved): Improve router mode help text
*Current*
Select the Operating Mode for the Router Advertisement (RA) Daemon. Use:
Router Only to only advertise th... Corey Boyle
09:24 AM Bug #6888 (Rejected): openVPN - Client Specific Overrides
Don't use a manual "ifconfig-push" line, that's what the "Tunnel Network" option in the override sets up automaticall... Jim Pingle
09:19 AM Bug #6888 (Rejected): openVPN - Client Specific Overrides
System: 2.3.2-RELEASE-p1
On WebGUI i put 'ifconfig-push 172.50.0.10 255.255.255.0' but client gets this IP: 172.50... Daniel Kaspar
07:40 AM Bug #3330: Load Balancer showing wrong Status when using aliases for the port
Indeed, is still there in 2.3.2-RELEASE-p1, is not assigned to anybody unfortunately and I need to do load balancing ... Alex Stefan

11/02/2016

06:48 PM Revision 4406922e: syslogd, create configured logsocket directories
Pi Ba
04:15 PM Feature #6886 (Resolved): Allow Dual-Stack IPSec VPN
It would be nice to have a third option in the web interface for creating IPSec mobile configs, allowing you to selec... Tobias Timpe
04:10 PM Todo #6885 (Resolved): Add vectorized logo in web interface
The logo used on the pfSense web interface should be a scalable vector graphics file (SVG), allowing it to automatica... Tobias Timpe
04:01 PM pfSense Packages Bug #6410: when PFSENSE after server restart,openvpn+motp not login
Hello,
this seems to be a solid hazard preventing the use of motp based 2 factor auth.
see also https://forum.pfs... Johannes Goldynia
11:43 AM Bug #6884 (Rejected): "Reboot" option should be under "System" menu, not "Diagnostics"
I'm new to pfsense, and this is my first bug report. Please be gentle. :)
I had to google how to reboot pfsense, b... Sean McBride
07:16 AM Bug #6883: OpenVPN puts subnet on lo0 on FreeBSD 11, breaks in certain cases
This appears to be a general problem with OpenVPN on FreeBSD 11:
https://forums.freebsd.org/threads/58019/
https:... Jim Pingle

11/01/2016

03:32 PM Todo #4706 (Feedback): MPD needs to be upgraded to version 5 even for the various other tunnels
PPPoE and L2TP were converted to use mpd5 in commit:8d50c07c8bfdd2692a0c7d3ca3489977b528aecc and commit:2c0a3677de6b6... Renato Botelho
02:53 PM Bug #6850 (Confirmed): FreeBSD 11.0 Route Syntax Change For Non-Local Gateway
Renato Botelho
01:31 PM pfSense Packages Bug #5868 (Feedback): Quagga OSPF Priority value "0" (zero) is being ignored - DR election doesnt work properly.
I pushed a fix for this in package version 0.6.15. Jim Pingle
12:05 PM Bug #6883 (Confirmed): OpenVPN puts subnet on lo0 on FreeBSD 11, breaks in certain cases
Jim Pingle
12:02 PM Bug #6883: OpenVPN puts subnet on lo0 on FreeBSD 11, breaks in certain cases
I ran some tests and can confirm the issue on 2.4 only.
2.3.3 and 2.4 run the same version of OpenVPN and have ide... Jim Pingle
11:41 AM Bug #6883: OpenVPN puts subnet on lo0 on FreeBSD 11, breaks in certain cases
when i try to connect to pfsense web interface, there is block entry in firewall log:
lo0 10.10.111.231:81 _(pfsen... Dmitry Ivanov
08:32 AM Bug #6883: OpenVPN puts subnet on lo0 on FreeBSD 11, breaks in certain cases
dev ovpns7
verb 1
dev-type tun
dev-node /dev/tun7
writepid /var/run/openvpn_server7.pid
#user nobody
#group nob... Dmitry Ivanov
08:15 AM Bug #6883: OpenVPN puts subnet on lo0 on FreeBSD 11, breaks in certain cases
Still not enough info. Need to know all settings all the way down the page, especially the topology type. Would also ... Jim Pingle
07:57 AM Bug #6883: OpenVPN puts subnet on lo0 on FreeBSD 11, breaks in certain cases
it works on 2.3.*
i installed 2.4, and restored config from 2.3.3
openvpn server UDP/TUN
Server mode - Remote Ac... Dmitry Ivanov
07:11 AM Bug #6883 (Feedback): OpenVPN puts subnet on lo0 on FreeBSD 11, breaks in certain cases
Unless this was a working configuration on a previous version, it's more likely to be a configuration error. There is... Jim Pingle
05:11 AM Bug #6883 (Resolved): OpenVPN puts subnet on lo0 on FreeBSD 11, breaks in certain cases
openvpn - UDP/TUN (TAP works)
clients connect to server, in the logs everything is fine, but no access anywhere.
wi... Dmitry Ivanov
10:22 AM Bug #4723 (Feedback): Can't forward UDP fragmented packets with scrubbing enabled.
I tested the forwarding of fragmented ICMP and UDP packets and they seem to be working as expected on 2.4.
Could s... Luiz Souza
10:19 AM Bug #4723: Can't forward UDP fragmented packets with scrubbing enabled.
Remko Lodder wrote:
> Chris Buechler wrote:
> > I hit this issue with a customer last week. Worked fine after disab... Luiz Souza
04:35 AM Bug #4326: Limiters on firewall rules where NAT applies drop all traffic
This is a workaround, not a clean solution.
Better than nothing, but a native, specific and definitive resolution is... Luca De Andreis

10/31/2016

09:04 PM Revision 9d29322d: Do not attempt to remove interfaces from CP zone, captiveportal_configure_zone() will take care of it
Renato Botelho
08:31 PM Revision 0b8b5069: Check if pidfile is valid before try to send signal
Renato Botelho
03:36 PM pfSense Packages Bug #5868 (Confirmed): Quagga OSPF Priority value "0" (zero) is being ignored - DR election doesnt work properly.
Looks like it's a classic case of PHP returning "true" for empty() when passed a string of "0". I'll look into it. Jim Pingle
03:15 PM Bug #6882 (Resolved): bsnmpd uses all available CPU with hostres module active in some cases
Running 2.4, bsnmpd will consume all available CPU time when the hostres module is active. The CPU usage for geom als... Jim Pingle
12:19 PM Bug #4723: Can't forward UDP fragmented packets with scrubbing enabled.
Remko Lodder wrote:
> Chris Buechler wrote:
> > I hit this issue with a customer last week. Worked fine after disab... Dominic Blais
10:04 AM Bug #6856: "Force Config Settings" buton on master causes slave to loss IP alises on lo0
Confirmed in 2.2.6 and 2.3.2_1 64bit. Steve Wheeler
07:12 AM Feature #6881 (Duplicate): services_unbound_host_edit.php: DNS Resolver Add V4 and V6 host override at the same time
Is there any chance of changing the setup of the Edit Host Overide page so you can add IPv4 and IPv6 addresses for th... Andy Kniveton
 

Also available in: Atom