Activity

30 days up to

User

Subprojects

Activity

From 11/08/2016 to 12/07/2016

12/07/2016

08:06 PM pfSense Packages Bug #6983: pfBlockerNG-2.1.1_4 requires xmlrpc.inc which is removed or moved: BBcan177 . wrote:
> Workaround here:
> https://forum.pfsense.org/index.php?topic=120040.0
>
That workaround do... Angel Torres
06:55 PM Revision 1060378f: Populate the HTTP_PROXY_AUTH env var. Ticket #6949: Jim Pingle
06:09 PM Revision 823b7a1a: Fix #6224 NAT edit - preserve user selections when input errors: 1) Edit a NAT Port Forward rule, change the destination type to "Network", but do not input any network address/mask.... Phil Davis
06:09 PM Revision bbe0c513: Merge pull request #3257 from phil-davis/patch-7: Renato Botelho
06:07 PM Revision bb0a0bb2: Feature #3151 Disable gateway monitoring actions: without disabling gateway monitoring.
This allows the user to continue to monitor the gateway with dpinger, so
they ... Phil Davis
06:07 PM Revision 92cdad2b: Merge pull request #3259 from phil-davis/disablegatewayactions: Renato Botelho
06:01 PM Bug #3973: Route 53 dynamic DNS provider fails to update record: The use of the UPCERT action in 6751 should address this bug. Jason McCormick
07:47 AM Bug #3973 (Feedback): Route 53 dynamic DNS provider fails to update record: Please check next round of 2.3.3 or 2.4.0 snapshots to make sure issue persists with current code Renato Botelho
03:37 PM Revision f396d2b7: Feature #3151 Disable gateway monitoring actions: without disabling gateway monitoring.
This allows the user to continue to monitor the gateway with dpinger, so
they ... Phil Davis
02:38 PM Bug #6994 (Closed): [Portuguese] - Traffic graphs shows overwritten words by traffic values: Changing language to Brazilian portuguese makes traffic graphs look oddly in dashboard. Larger "Entrada"/"Saida" word... Luzemario Dantas
02:32 PM Revision c7cecab8: Fix bandwidth limitation in mac passthrough auth: (cherry picked from commit aa1c6774927fd6e1b11a9315900035c0e084fd82) Jonatan Ramos
02:32 PM Revision e85f3a2b: Merge pull request #3130 from omnia-dev/master: Renato Botelho
01:41 PM Revision af41271b: move back to r53.class for license continuity: (cherry picked from commit 16b163661b1d1a5bcc9a24ce023f7a06c5fb420e) Jason McCormick
01:41 PM Revision 08698a02: note inspiration/sanity check from r53.class code: (cherry picked from commit 260228142573deeb8ef5eaee34c761ca783f8cd3) Jason McCormick
01:41 PM Revision db49d9ad: fix testing headers for bad data: (cherry picked from commit 8d8405baf12806a7f09ef8562cfb24f9083809d3) Jason McCormick
01:41 PM Revision 57298463: noted testing for Route53: (cherry picked from commit c46412956fb629a2f7dc94ca2a553444046a39c3) Jason McCormick
01:41 PM Revision 4bc737dc: Fixed status success message typo and cleaned up: (cherry picked from commit 166f4a4c67e61334791b43a21845603c1295ab2c) Jason McCormick
01:41 PM Revision 9783e0c2: fix auth header and minor XML tag issue: (cherry picked from commit 616a24828992d37ea67e810dbf9fd84ec80562e7) Jason McCormick
01:41 PM Revision a0dd4ec2: initial commit of code -- having a signing error: (cherry picked from commit cc5adcaa679686e54e4035fa5bc283b1cac085a2) Jason McCormick
01:35 PM Revision e61436df: Merge pull request #3155 from jxmx/6751_route53: Renato Botelho
01:14 PM Revision e102e1d9: php fatal error logging: (cherry picked from commit ae3463540ea0a3cc94c18ad9c7b829b2645e8910) Pi Ba
01:14 PM Revision 9f834c4b: Merge pull request #3193 from PiBa-NL/php_notice_fatal: Renato Botelho
01:14 PM Bug #6949: username/password not used by proxy support: I pushed some changes to populate the HTTP_PROXY_AUTH variable and it works for HTTP, but HTTPS does not work using t... Jim Pingle
12:56 PM Bug #6993 (New): OpenVPN status error during CARP state transition: Running two devices in HA and have stacked one IP Alias onto the CARP IP. If I bind a OpenVPN server to the IP Alias ... James Webb
12:10 PM Feature #3151 (Feedback): Disable gateway monitoring actions without disabling gateway monitoring: Merged, thanks! Renato Botelho
09:58 AM Feature #3151: Disable gateway monitoring actions without disabling gateway monitoring: I'll check it Renato Botelho
09:42 AM Feature #3151: Disable gateway monitoring actions without disabling gateway monitoring: I finally remembered and cared enough :)
Pull Request https://github.com/pfsense/pfsense/pull/3259
Phillip Davis
12:10 PM Bug #6224 (Feedback): Firewall NAT Edit forgets dst type selection after reporting input errors: Merged, thanks! Renato Botelho
11:42 AM Bug #6992 (Resolved): ZoneEdit DDNS does not update to CARP IP: When using ZoneEdit Dynamic DNS, using dual wan with a gateway group for failover, ZoneEdit domain gets the WAN/Inter... James Kohout
11:32 AM Bug #6990: DDNS IPs not updating after a system restart: HE.net has two kinds of service, the DDNS service and the IPv6 tunnel. You must be talking about HE.net Tunnelbroker ... Muchacha Grande
06:02 AM Bug #6990: DDNS IPs not updating after a system restart: The HE.net looks definitely wrong. As noted there, you should use the Tunnel ID, and NOT hostname. Kill Bill
05:48 AM Bug #6990: DDNS IPs not updating after a system restart: I'm using a no-ip and a he service. Both of them updating the same wan IPv4 address.
Could you please tell me what e... Muchacha Grande
10:28 AM Bug #6850: FreeBSD 11.0 Route Syntax Change For Non-Local Gateway: Opened a ticket upstream:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=215122 Renato Botelho
10:08 AM Bug #6850: FreeBSD 11.0 Route Syntax Change For Non-Local Gateway: Full config attached, but it's nothing special - default config + static address on WAN + off-subnet gateway. Jim Pingle
10:03 AM Bug #6850 (Confirmed): FreeBSD 11.0 Route Syntax Change For Non-Local Gateway: I was finally able to reproduce this reliably today, and out of 5 failures once I was able to catch what was consumin... Jim Pingle
07:48 AM Bug #6751 (Feedback): Route53 DynDNS Problems / Replace Route53 DynDNS Module: Renato Botelho
07:44 AM Bug #6751: Route53 DynDNS Problems / Replace Route53 DynDNS Module: PR has been merged, thanks! Renato Botelho
07:47 AM Bug #5054 (Feedback): Dynamic DNS - Route53 errors should probably be more verbose: Please check next round of 2.3.3 or 2.4.0 snapshots, that contain an updated code, to see if the issue persists Renato Botelho
07:45 AM Feature #6728: Route53 API mod and Geolocation: Matt, you mentioned you submitted a Pull Request, what is the #? Renato Botelho
07:29 AM Bug #6927: 1 to 1 NAT allows entry of mixed IP addresses: Pull Request https://github.com/pfsense/pfsense/pull/3258 Phillip Davis

12/06/2016

07:54 PM Revision a04cc2c5: NAT 1:1 edit - preserve user selections on edit-save with input errors: 1) Edit a NAT 1:1 rule, change the source and/or destination type to "Network", but do not input any network address/... Phil Davis
07:54 PM Revision 45d8b8a6: Merge pull request #3256 from phil-davis/patch-5: Renato Botelho
07:48 PM Revision cc99b298: Captive portal: add option to include idle time in total session time: Add an option to choose whether the time spent idle by a user disconnected for exceeding the idle timeout must be inc... Caio Plumbeo
07:48 PM Revision d253d5c6: Merge pull request #3249 from plumbeo/idletime-in-sessiontime: Renato Botelho
07:44 PM Revision 36868398: Add BIND logging to proper facility (Bug #5524): Stop the /etc/inc/system.inc patching by dns/pfSense-pkg-bind9 package.
(cherry picked from commit 957ec89e7959e966e8... Doktor Notor
07:44 PM Revision 7bcd5671: Merge pull request #3254 from doktornotor/patch-1: Renato Botelho
05:51 PM Revision 836c858f: Added STARTTLS to LDAP Auth Server Config: (cherry picked from commit d672403c250556ced61d6eec7c51f5518b5f8c6b) derelict-pf
05:51 PM Revision f459bcce: Merge pull request #3240 from derelict-pf/ldap_starttls: Renato Botelho
05:23 PM Revision f7405cd2: Fix #6224 NAT edit - preserve user selections when input errors: 1) Edit a NAT Port Forward rule, change the destination type to "Network", but do not input any network address/mask.... Phil Davis
03:59 PM Revision 9c8ce38b: Work around the NPt rule loading issue to load the rules as they were on previous versions. Fixes #6985: Jim Pingle
03:47 PM Revision d99ce9cc: NAT 1:1 edit - preserve user selections on edit-save with input errors: 1) Edit a NAT 1:1 rule, change the source and/or destination type to "Network", but do not input any network address/... Phil Davis
03:09 PM Revision 957ec89e: Add BIND logging to proper facility (Bug #5524): Stop the /etc/inc/system.inc patching by dns/pfSense-pkg-bind9 package. Doktor Notor
02:04 PM pfSense Packages Bug #5524: bind package is patching /etc/inc/system.inc (syslog configuration): That was fast, thanks. :) Kill Bill
01:45 PM pfSense Packages Bug #5524 (Feedback): bind package is patching /etc/inc/system.inc (syslog configuration): PRs have been merged. Thanks! Renato Botelho
09:43 AM pfSense Packages Bug #5524: bind package is patching /etc/inc/system.inc (syslog configuration): Plus https://github.com/pfsense/FreeBSD-ports/pull/223 Kill Bill
09:10 AM pfSense Packages Bug #5524: bind package is patching /etc/inc/system.inc (syslog configuration): https://github.com/pfsense/pfsense/pull/3254 Kill Bill
12:14 PM Revision 3dd6ce64: Merge pull request #3252 from phil-davis/unset_glxsb: Renato Botelho
12:13 PM Revision 13622c26: Merge pull request #3251 from phil-davis/dyndnsclass23: Renato Botelho
12:10 PM Revision cdcce1c4: Tidy input errors in services_ntpd_acls: 1) If there are multiple rows with invalid IP addresses then the same message was displayed multiple times. We might ... Phil Davis
12:10 PM Revision 71bafaa6: Merge pull request #3253 from phil-davis/patch-2: Renato Botelho
11:43 AM Feature #6989 (Closed): Add second IP to monitoring in "Gateway Monitoring": It would add a lot of complication and also increase the amount of time/processing it would take to notice an upstrea... Jim Pingle
11:32 AM Feature #6989: Add second IP to monitoring in "Gateway Monitoring": See:
https://redmine.pfsense.org/issues/4354
https://redmine.pfsense.org/issues/1189
for past discussion about thi... Phillip Davis
04:43 AM Feature #6989 (Closed): Add second IP to monitoring in "Gateway Monitoring": A problem arises when the gateway IP is available but the network behind the gateway is unavailable, or if alternativ... Vasyl Semenchuk
11:39 AM Bug #6224: Firewall NAT Edit forgets dst type selection after reporting input errors: Pull Request https://github.com/pfsense/pfsense/pull/3257 Phillip Davis
11:37 AM pfSense Packages Bug #6473 (Resolved): OpenVPN Client Export package - depends on vulnerable p7zip version (CVE-2016-2334, CVE-2016-2335): Jim Pingle
11:36 AM pfSense Packages Bug #6473 (Rejected): OpenVPN Client Export package - depends on vulnerable p7zip version (CVE-2016-2334, CVE-2016-2335): Not vulnerable to those. It was patched in the ports tree by FreeBSD back in July.... Jim Pingle
10:59 AM Bug #6982: Nested Aliases with FQDNs do not populate parent table in some cases: Here is the aliases export I am using to test. It should match the screenshot above. Chris Linstruth
10:21 AM Bug #6991 (Resolved): IPv6 traffic hitting a rule with policy routing and NPt fails/disappears: IPv6 NPt on its own works, and IPv6 policy routing on its own works, but if traffic hits a rule that sets it on a pat... Jim Pingle
10:10 AM Bug #6985 (Feedback): NPt rules are causing a filter error on 2.4: Applied in changeset commit:9c8ce38b01fb59dbd474367f77e8de67655f0275. Jim Pingle
10:05 AM pfSense Packages Feature #6176: Privilege for OpenVPN Client Export: Alexandre Paradis wrote:
> Would it be logical to Have a dropdown menu directly for Openvpn, and when clicked it wou... Kill Bill
09:23 AM pfSense Packages Bug #5940 (Resolved): Squid Local Authentication fails with passwords >8 characters: Jim Pingle
09:22 AM pfSense Packages Bug #5940: Squid Local Authentication fails with passwords >8 characters: Hi Jim,
I´ve tested with a recent version of the Squid package on amd64 and i386 (I know i386 is nearly dead).
Bo... Markus Brungs
08:17 AM pfSense Packages Bug #5940 (Feedback): Squid Local Authentication fails with passwords >8 characters: Jim Pingle
08:09 AM pfSense Packages Bug #5940: Squid Local Authentication fails with passwords >8 characters: Appears to be fixed: https://github.com/pfsense/FreeBSD-ports/blob/devel/www/pfSense-pkg-squid/files/usr/local/pkg/sq... Kill Bill
08:47 AM pfSense Packages Bug #6484 (Rejected): pfsense 2.3.1_1 does not accept haproxy advanced parameters: Jim Pingle
08:46 AM pfSense Packages Bug #6484: pfsense 2.3.1_1 does not accept haproxy advanced parameters: OSI layer-8 problem as noted above, can be closed. Kill Bill
08:01 AM pfSense Packages Bug #6019 (Closed): Squid service runs but doesn't process requests after reboot: Jim Pingle
07:58 AM pfSense Packages Bug #6019: Squid service runs but doesn't process requests after reboot: Duplicate of #5594. Squid won't work with CP. Kill Bill
07:56 AM pfSense Packages Bug #6636 (Feedback): Squid Reverse Proxy with Additional IP and compatibility="Intermediate" writes bad squid.conf: Jim Pingle
07:50 AM pfSense Packages Bug #6636: Squid Reverse Proxy with Additional IP and compatibility="Intermediate" writes bad squid.conf: Fixed by https://github.com/pfsense/FreeBSD-ports/commit/a6d15b81474396a043df664c2c645356d7718601 AFAICT, please test... Kill Bill
07:56 AM pfSense Packages Bug #6612 (Closed): squid Multi segmented downloading is broken: Jim Pingle
07:46 AM pfSense Packages Bug #6612: squid Multi segmented downloading is broken: In case you enabled "Cache Dynamic Content" and defined something there, then either disable it altogether or pick up... Kill Bill
07:48 AM Feature #6384: Allow IPSEC P1 to have 2 peer remote gateway IP addresses to allow VPN failover faster without requiring DDNS: We are well aware that strongSwan supports it, but it's not that simple. There are other factors to consider such as ... Jim Pingle
07:44 AM Feature #6384: Allow IPSEC P1 to have 2 peer remote gateway IP addresses to allow VPN failover faster without requiring DDNS: I'll add my tests since I need this feature as well
strongSwan 5.5.0 which is used in pfSense 2.3 already supports... Cristian Mammoli
07:37 AM Bug #6990 (Feedback): DDNS IPs not updating after a system restart: Not nearly enough detail.
What are the exact types and services used in your Dynamic DNS configuration? You can ob... Jim Pingle
06:14 AM Bug #6990 (Not a Bug): DDNS IPs not updating after a system restart: When the system shuts down and then restarts (for example after a power failure) unsing a DSL connection with PPPoE, ... Muchacha Grande
07:32 AM Bug #3885 (Duplicate): Dynamic DNS provider password containing special character ampersand &: Duplicate of / Fixed by #6688 Jim Pingle
07:27 AM pfSense Packages Bug #5736 (Closed): Squid did not authorize user with Captive Portal: Jim Pingle
07:18 AM pfSense Packages Bug #5736: Squid did not authorize user with Captive Portal: No idea what's this patching, certainly not the current code @ https://github.com/pfsense/FreeBSD-ports/blob/devel/ww... Kill Bill
07:25 AM pfSense Packages Bug #6083: Suqid Realtime Monitor / Squid Cache Table not diplaying correctly: I have no idea why's Squidguard logging something into Squid cache log. This is not a bug in Squid package, and given... Kill Bill
07:16 AM pfSense Packages Bug #5506 (Closed): Gateway restart stops service and does not restart Squid: Jim Pingle
07:09 AM pfSense Packages Bug #5506: Gateway restart stops service and does not restart Squid: Please close this. With Squid disabled, it won't ever start, let alone automatically restart. Kill Bill
06:41 AM pfSense Packages Bug #6419 (Resolved): RRD_Summary reports incorrect bandwidth statistics.: Renato Botelho
06:34 AM pfSense Packages Bug #6419: RRD_Summary reports incorrect bandwidth statistics.: Fixed by https://github.com/pfsense/FreeBSD-ports/pull/185, can be closed. Kill Bill
05:34 AM Bug #6981: IPv6, rc.newwanipv6, flooding log and resets connection periodically: Sorry, seems like bug #6000 has been deleted and i was not refering to feature #6000 Rick Strangman
04:53 AM Revision 7c7d3605: Tidy input errors in services_ntpd_acls: 1) If there are multiple rows with invalid IP addresses then the same message was displayed multiple times. We might ... Phil Davis
03:29 AM Revision e030050d: Fix unset glxsb: This bit of upgrade_config code needs a global reference to $config Phil Davis
03:17 AM Revision be17e372: Backport Cloudflare and Gratis plus passwords in base64 DynDNS changes: Note: corresponding change to upgrade_config.inc to come in master to
correctly implement the upgrade_155_to_156 code... Phil Davis
01:57 AM pfSense Packages Bug #6988 (New): SNORT Package PHP memory error: Crash report begins. Anonymous machine information:
amd64
10.3-RELEASE-p9
FreeBSD 10.3-RELEASE-p9 #1 5fc1b... Zeev Zalessky

12/05/2016

10:42 PM pfSense Packages Bug #6987 (Closed): ntopng needs Google API key for GeoIP map: ntopng needs to be updated to a version that supports use of a Google API key and the ntopng settings page needs a fi... Stuart Wyatt
08:46 PM pfSense Packages Bug #6983: pfBlockerNG-2.1.1_4 requires xmlrpc.inc which is removed or moved: Workaround here:
https://forum.pfsense.org/index.php?topic=120040.0
Will try to push a fix as time permits. BBcan177 .
04:03 AM pfSense Packages Bug #6983 (Resolved): pfBlockerNG-2.1.1_4 requires xmlrpc.inc which is removed or moved: Hello,
I'm testing 2.4-BETA x64. Faced an issue with subject package installation:
@Warning: require_once(xmlrpc.... Dmitriy K
08:12 PM Revision 74213edf: Do not truncate IPv6 addresss in NTP widget (Bug #4815): (cherry picked from commit cd2c59c9839e38fa7cbd4ae217fe14883b086145) Doktor Notor
08:11 PM Revision fc6b7031: Merge pull request #4815 from doktornotor/patch-2: Renato Botelho
07:34 PM Revision f34e9794: Stopgap to keep filter reload errors from happening due to NPt rule errors. Ticket #6985: Jim Pingle
07:12 PM Revision b0787bc8: wbr tag needs a css compatibility fix for some browsers: See comment in the PR
(cherry picked from commit e67157bee85f71929d687e2c03020618f18c8f6d) Stilez y
07:11 PM Revision 0b037063: Merge pull request #3159 from stilez/patch-46: Jared Dillard
07:09 PM Revision fc709ad3: [theme] Compact-RED: fix `sortable` table fonts: (cherry picked from commit f84c1e1ef92e7e69e0eb8672a450a255ee2dfe95) Alexander Moisseev
07:09 PM Revision 9a275fb0: Merge pull request #3181 from moisseev/master: Jared Dillard
05:02 PM Bug #6823: No connectivity after changing link state to UP: Jim Thompson wrote:
> We would have to provide the ports of the Intel drivers as packages, and then allow people to ... C S
04:25 PM Revision d667692e: Start building tftpd package: Renato Botelho
04:25 PM Revision 7f62cada: Start building tftpd package: Renato Botelho
04:09 PM Revision eb44f662: remove bogus debug: Steve Beaver
04:08 PM Revision ac572fc1: remove bogus debug: Steve Beaver
03:47 PM Revision 30735b1e: Fixed #6454: Fixed #6984 Steve Beaver
03:45 PM Revision 3b1c0951: Fixed #6454: Fixed #6984 Steve Beaver
02:27 PM Bug #4815: NTP status widget shows truncated IPv6 address: Thanks as well.
(As for Status - NTP, AFAICT that'd require completely rewriting the code because of the "wonderf... Kill Bill
02:13 PM Bug #4815 (Feedback): NTP status widget shows truncated IPv6 address: PR has been merged, thanks! Renato Botelho
02:08 PM Bug #6986 (Resolved): reply-to is not functioning on pfSense 2.4: Rules in the ruleset have reply-to, but any rules matching inbound traffic on non-default WANs fail to fully establis... Jim Pingle
01:59 PM pfSense Packages Bug #3962: LADVD interface handling issues with lagg and bridge: As noted in the linked commit, it's not fixable in any reasonable way: https://github.com/pfsense/FreeBSD-ports/commi... Kill Bill
01:59 PM pfSense Packages Bug #6389 (Resolved): Suricata typo under interface rules tab: Jim Pingle
01:53 PM pfSense Packages Bug #6389: Suricata typo under interface rules tab: Fixed in 3.0_10, please close. Kill Bill
01:52 PM pfSense Packages Bug #5515 (Closed): Squid3 change log URL leads to a 404 error: Jim Pingle
01:51 PM pfSense Packages Bug #5515: Squid3 change log URL leads to a 404 error: Obsolete unmaintained 2.2.x stuff, please close. Kill Bill
01:21 PM Bug #6985 (Resolved): NPt rules are causing a filter error on 2.4: Network Prefix Translation rules that worked on 2.3.2 are causing a filter reload error on 2.4
Real addresses mask... Jim Pingle
10:45 AM Bug #6454 (Resolved): services_ntpd_acls.php: Can't change default options without setting custom access restriction: Anonymous
10:18 AM Bug #6454: services_ntpd_acls.php: Can't change default options without setting custom access restriction: Steve Beaver wrote:
> Applied in changeset commit:3b1c0951ddb913cefcf3aaca301c9a8803a50224.
Works, thanks. Kill Bill
09:50 AM Bug #6454 (Feedback): services_ntpd_acls.php: Can't change default options without setting custom access restriction: Applied in changeset commit:3b1c0951ddb913cefcf3aaca301c9a8803a50224. Anonymous
08:00 AM Bug #6454: services_ntpd_acls.php: Can't change default options without setting custom access restriction: Including the page name in the subject is helpful. Anonymous
07:44 AM Bug #6454: services_ntpd_acls.php: Can't change default options without setting custom access restriction: More issues with this page noted at #6984 Kill Bill
10:14 AM Bug #6984: NTP/ACLs - Delete button partially invisible + rowhelper handling broken: OK... The button now almost fits, plus the issues on the second and third screenshots seem to be indeed fixed.
!ht... Kill Bill
09:50 AM Bug #6984: NTP/ACLs - Delete button partially invisible + rowhelper handling broken: Applied in changeset commit:3b1c0951ddb913cefcf3aaca301c9a8803a50224. Anonymous
09:48 AM Bug #6984 (Feedback): NTP/ACLs - Delete button partially invisible + rowhelper handling broken: Both issues fixed in JavaScript Anonymous
07:54 AM Bug #6984: NTP/ACLs - Delete button partially invisible + rowhelper handling broken: Playing with Delete is apparently lot of fun, also managed to produce this result:
!https://s15.postimg.org/x7rx3x... Kill Bill
07:43 AM Bug #6984 (Resolved): NTP/ACLs - Delete button partially invisible + rowhelper handling broken: Beyond #6454 (still unfixed), there are other issues with this thing, such as:
- the button not fitting the page
... Kill Bill
07:53 AM Bug #6972: "Are you sure you wish to?" prompts and other issues with deleting networks from network-type aliases: OK, after a bit of clicking, this is definitely not limited to aliases, let alone network-type ones. I managed to get... Kill Bill
04:17 AM Bug #6981: IPv6, rc.newwanipv6, flooding log and resets connection periodically: @Marcel
It would be interesting to see what your dhcp6 is doing at the same time, could you post a snippit of both... Martin Wasley

12/04/2016

05:42 PM pfSense Packages Bug #6378: inline background styles in squidguard package: Anyone filling bugs about this package should consider a bounty to get it rewritten from scratch. I guess nothing sho... Kill Bill
12:49 PM Bug #6981: IPv6, rc.newwanipv6, flooding log and resets connection periodically: Thank you Rick Strangman for the reply. I don't think, the issus are similar.
The Update will be scheduled for next ... Marcel Mayer
08:58 AM Bug #6981: IPv6, rc.newwanipv6, flooding log and resets connection periodically: #6000 is about virtual IP's or am I missing something... quite possible at my age. :) Martin Wasley
06:36 AM Bug #6981: IPv6, rc.newwanipv6, flooding log and resets connection periodically: Does this issue seem similar to bug #6000? If so I can probably help.
Rick Rick Strangman
05:01 AM Bug #6981: IPv6, rc.newwanipv6, flooding log and resets connection periodically: Can I make a suggestion. Before you do any major revision updates save a copy of your config file in case you wish to... Martin Wasley
09:44 AM Revision cd2c59c9: Do not truncate IPv6 addresss in NTP widget (Bug #4815): Doktor Notor
06:24 AM pfSense Packages Bug #6473: OpenVPN Client Export package - depends on vulnerable p7zip version (CVE-2016-2334, CVE-2016-2335): Bump, this is still not fixed. Please, upgrade to 16.02. Kill Bill
01:04 AM Feature #6620: CoDel, FQ-CoDel, PIE and FQ-PIE AQMs: I think it's late for 2.4, since it's beta. Vladimir Suhhanov

12/03/2016

11:43 PM Bug #6981: IPv6, rc.newwanipv6, flooding log and resets connection periodically: Go to System->Updates->Update Settings, change Branch to "Development Snapshots" and save.
Now it will show an upgra... Phillip Davis
11:29 AM Bug #6981: IPv6, rc.newwanipv6, flooding log and resets connection periodically: The addresses are not changing. They stay.
What do you preffer or suggest? Updating would be ok for me. Is it possib... Marcel Mayer
10:30 AM Bug #6981: IPv6, rc.newwanipv6, flooding log and resets connection periodically: Marcel Mayer wrote:
> As you can see here (logfiles attached in threads!)
>
> (English)https://forum.pfsense.org/... Martin Wasley
05:01 AM Bug #6981 (Closed): IPv6, rc.newwanipv6, flooding log and resets connection periodically: As you can see here (logfiles attached in threads!)
(English)https://forum.pfsense.org/index.php?topic=119439.0
... Marcel Mayer
05:03 PM Revision 1878e1c9: Captive portal: add option to include idle time in total session time: Add an option to choose whether the time spent idle by a user disconnected for exceeding the idle timeout must be inc... Caio Plumbeo
02:24 PM Bug #6982: Nested Aliases with FQDNs do not populate parent table in some cases: I should add that the only alias present in any rules is groupone. It is on LAN pass IPv4 any from LAN net destinatio... Chris Linstruth
02:07 PM Bug #6982 (Resolved): Nested Aliases with FQDNs do not populate parent table in some cases: In some cases a nested alias containing FQDNs does not populate the parent table until filterdns runs again at its in... Chris Linstruth
01:36 PM Revision 45541aae: Form_IpAddress add types remove patterns: 1) Add alias and host types to Form_IpAddress with the appropriate hover
text.
2) Remove the patterns - the UI of tho... Phil Davis
01:04 PM Revision 0f2fbcd7: fix typo from merge: Jason McCormick
01:00 PM Revision a5676b5d: Merge remote-tracking branch 'upstream/master' into 6751_route53: Jason McCormick
06:42 AM Feature #6620: CoDel, FQ-CoDel, PIE and FQ-PIE AQMs: bounty request with more forum links https://forum.pfsense.org/index.php?topic=90942.0 Michael Kellogg
06:31 AM Feature #6620: CoDel, FQ-CoDel, PIE and FQ-PIE AQMs: forum link
https://forum.pfsense.org/index.php?topic=121198.0 Michael Kellogg
06:30 AM Feature #6620: CoDel, FQ-CoDel, PIE and FQ-PIE AQMs: Can we get this added into 2.4 ?? Michael Kellogg
04:22 AM Revision 7d4d9ec5: Remove the PHP limit from diag_dump_states(), it is now managed on pfSense_get_pf_state().: Luiz Souza
02:49 AM Bug #6319: DHCP6 DDNS tsig key missing from dhcpv6.conf for reverse zone: Can someone have another look at this please? IMHO this seems to be a simple fix. Unfortunatelly i don't have the cod... Bogdan P

12/02/2016

07:41 PM Revision f829a8d3: OpenVPN populates IPv6 env vars now, so we can fetch them for the IPv6 gateway. Fixes #6016: Jim Pingle
06:18 PM Revision 8ec77040: Fix indent: Jim Pingle
06:18 PM Revision da83e212: Merge pull request #3145 from skrude61/master: Jim Pingle
06:04 PM Revision 01d98377: Create a dummy /etc/printcap when starting bsnmpd so it it will not log errors. Fixes #6838: Jim Pingle
06:04 PM Revision 26be03d7: Create a dummy /etc/printcap when starting bsnmpd so it it will not log errors. Fixes #6838: Jim Pingle
06:03 PM Revision 63b44eed: Create a dummy /etc/printcap when starting bsnmpd so it it will not log errors. Fixes #6838: Jim Pingle
05:51 PM Revision bb6d61b1: Add www/pound to the list of packages to build. Fixes #6793: Jim Pingle
05:15 PM Revision 80bc583c: Standardize and fix 'other' type VIP display on NAT pages. Fixes #6094: Jim Pingle
05:15 PM Revision d2ce7d30: Fix 'Other' type VIP options. Ticket #6094: While here, remove some defunct 'range' code that was never used. Jim Pingle
04:48 PM Revision 2a38eaf4: interfaces, show error message if adding duplicate gateway: (cherry picked from commit e8517c7c16b8a845333c7d0e91f552144e6b5560) Pi Ba
04:47 PM Revision 778f9885: Merge pull request #3213 from PiBa-NL/interfaces-gateway-message: Renato Botelho
04:00 PM Revision d7155857: Clarified help text for ddnsforcehostname option.: (cherry picked from commit 9ca5d4abf949e088d6f1966003a6bf957f3cbdf6) Ross Williams
04:00 PM Revision 6a2c8e35: Added title to ddnsforcehostname checkbox: (cherry picked from commit cfc10a3364fee9ab220b9ada5584bfbe62ba800c) Ross Williams
04:00 PM Revision 7b0df184: Removed TODO comment: (cherry picked from commit a7e3001c740c79da652a9a4d53509e95adaf0c77) Ross Williams
04:00 PM Revision e8f2eb8d: Add ddnsforcehostname option to DHCP6 Server configuration editor: (cherry picked from commit 1a6bda5b389df05d6dac024e8445d3a00e01e823) Ross Williams
04:00 PM Revision eeffd48c: Add ddnsforcehostname option to DHCP Server configuration editor: (cherry picked from commit cf15bcb41f5befb3668f4608aafeddcb8bb18a58) Ross Williams
04:00 PM Revision 149575ae: Add ddnsforcehostname option to Static Mapping editor: (cherry picked from commit 62abab65c9c3fb010862201b327b426b3b9fc3b8) Ross Williams
04:00 PM Revision 8960e397: Put DDNS hostname config in the wrong place: It is relevant to the interface, not just the per-static-mapping DDNS config.
(cherry picked from commit f0cce276a6c... Ross Williams
04:00 PM Revision 25b18b5d: Implement ddns-hostname option emission for static hosts in services.inc.: (cherry picked from commit 011f550d9b6d5980bd486af3254b387d3019783b) Ross Williams
03:59 PM Revision 6cb599da: Merge pull request #3246 from overhacked/dhcpd-dyndns-force-hostname: Renato Botelho
03:51 PM Revision d2ad2359: Add missing L2TP from this gateway handling case. Fixes #6980: Jim Pingle
03:51 PM Revision 8091b5d7: Add missing L2TP from this gateway handling case. Fixes #6980: Jim Pingle
03:50 PM Revision 3343571b: Add missing L2TP from this gateway handling case. Fixes #6980: Jim Pingle
03:34 PM Revision d265a53b: Fix reversed accounting style: (cherry picked from commit f3838572c59ea5ebe656851511c75d217afec815) Caio Plumbeo
03:34 PM Revision 45a84d8d: Fix reversed accounting style: (cherry picked from commit f3838572c59ea5ebe656851511c75d217afec815) Caio Plumbeo
03:34 PM Revision 00847ca8: Merge pull request #3247 from plumbeo/fix-reverse-acct: Renato Botelho
02:04 PM Feature #2766: status_openvpn.php needs IPv6 support: Still missing in OpenVPN 2.3.13 Jim Pingle
02:03 PM Bug #6249 (Duplicate): OpenVPN widget does not show client instance's IPv6 address: Duplicate of #2766
When OpenVPN properly populates IPv6 addresses in the status output, we can include them in the... Jim Pingle
01:50 PM Bug #6016 (Feedback): ovpn-linkup not populating IPv6 gateways: Applied in changeset commit:f829a8d3258e377b778ac84a1f2f345b8a79b766. Jim Pingle
01:46 PM Bug #6016: ovpn-linkup not populating IPv6 gateways: Fix pushed, will show momentarily.
!http://i.imgur.com/oDe2MhN.png! Jim Pingle
01:46 PM Revision e6fa3b22: Add decoration to "On latest version" message: Steve Beaver
01:10 PM Revision c73a2f31: Revise status messages. Adjust PID file timeout to accommodate slower systems: Steve Beaver
12:10 PM Bug #6838 (Feedback): bsnmpd logs errors when /etc/printcap is missing: Applied in changeset commit:63b44eed9eeaa32567c1234c37dbce2e15dc8d37. Jim Pingle
12:08 PM Bug #6751: Route53 DynDNS Problems / Replace Route53 DynDNS Module: Link to the associated PR: https://github.com/pfsense/pfsense/pull/3155 Jim Pingle
12:00 PM Feature #6793 (Feedback): Add pound package to the pfSense repository: Applied in changeset commit:bb6d61b1028697fe0e9e9a3b91a9b5491654319f. Jim Pingle
11:39 AM Bug #6495 (Resolved): No default route on PPPoE after reconnect or IP change in some cases: Jim Pingle
11:36 AM Bug #6925: System Update Failed: Ok ... But I can only update by removing the network cable after midnight and plugging in only on it. But in my netwo... Edson Bueno
10:06 AM Bug #6925 (Resolved): System Update Failed: Jim Pingle
11:25 AM Bug #4326 (Resolved): Limiters on firewall rules where NAT applies drop all traffic: All indications are that this is fixed now, from my own tests and from user feedback. Jim Pingle
11:20 AM Bug #6094 (Feedback): VIP Other subnet does not expand into NAT entries: Applied in changeset commit:80bc583c2365a0df606f409f6526385b1f0d8023. Jim Pingle
10:08 AM Feature #4351 (Resolved): Allow to disable BOOTP in DHCP server: Works Jim Pingle
10:00 AM Bug #6980 (Feedback): L2TP WAN gateway is missing the type at the end of its dynamic name: Applied in changeset commit:3343571b7f4c9c705869798ffc01bf9897d20aa0. Jim Pingle
09:50 AM Bug #6980 (Resolved): L2TP WAN gateway is missing the type at the end of its dynamic name: an L2TP WAN dynamic gateway ends in "_", for example "WAN_L2TP1_" when it should end with the type, such as "WAN_L2TP... Jim Pingle
09:53 AM Todo #4706 (Resolved): MPD needs to be upgraded to version 5 even for the various other tunnels: Looks good, no sign of mpd4, services still work. Jim Pingle
09:29 AM Bug #6393 (Resolved): SMART service handling is incomplete/missing: Jim Pingle
09:24 AM pfSense Packages Bug #6878 (Resolved): how to use snort, squid and squid_guard with a ram disk: Seems to be working. Jim Pingle
09:13 AM Bug #6953 (Resolved): on mismatching private key for CA, "edit user" silently creates user cert using different CA: Jim Pingle
09:13 AM Bug #6952 (Resolved): Generating user certs from imported CA fails silently when no starting serial# is set: Works better now. If it's left blank, it's assumed to be 0. Jim Pingle
09:11 AM Bug #6947 (Resolved): Deleting an external CA wipes certificates in use: Jim Pingle
09:01 AM Todo #5538 (Resolved): remove symlinks from /etc/ to /var/etc/: Looks good, I don't see any left. Jim Pingle
09:00 AM Todo #5368 (Resolved): Review /etc/ttys for serial console: Consoles are working on all 2.4 versions. Jim Pingle
08:56 AM Bug #6658 (Resolved): DHCP Relay not working on 2.3.2: Jim Pingle
07:58 AM Feature #6979 (Duplicate): Create a rule using asn: Duplicate of #3393, and Phil's right, that can be done in pfBlocker already. Jim Pingle
05:33 AM Feature #6979: Create a rule using asn: This can be done with pfBlockerNG - example at https://forum.pfsense.org/index.php?topic=118431.0
A more manual meth... Phillip Davis
03:52 AM Feature #6979 (Duplicate): Create a rule using asn: Create a rule using ASN
Example: block AS51773 Softonic adware and useless network. Oscar Francia

12/01/2016

09:02 PM Revision ad477ffa: Remove the broken e-mail options from diag_smart.php. Fixes #6393: Jim Pingle
08:43 PM Revision 66e5d4f2: Print a message about SMART not working on uFW/SG-1000 (smartmontools is not available there): Jim Pingle
04:18 PM Revision 1f4d1851: Remove extraneous ): Renato Botelho
04:17 PM Revision cf15d484: Remove extraneous ): Renato Botelho
04:04 PM Revision f3838572: Fix reversed accounting style: Caio Plumbeo
03:10 PM Bug #6393 (Feedback): SMART service handling is incomplete/missing: Applied in changeset commit:ad477ffafc4491ccc7a9c69686cfdb404e6a7bca. Jim Pingle
11:54 AM Bug #4479: Firewall rules won't match GRE interface after applying IPSEC transport encryption on GRE tunnel: Jim Pingle wrote:
> Testing on 2.4 won't be reliable until #6937 is fixed.
Apparently this only affects mobile IP... Jonathan Black
11:48 AM Bug #6937: Inbound traffic on enc0 is not creating a state with mobile IPsec: After some more testing this appears to be a problem only with mobile IPsec, specifically (at least) IKEv2 EAP-RADIUS... Jim Pingle
11:35 AM Bug #6978 (Not a Bug): Squidguard error page crashing after activating WebGUI PFSENSE https security: Blocking of pages by the capture of SSL works well, however when it activates the https security of webgui, the page ... Paulo Lima
12:53 AM Bug #6975: <Hostname> is omitted when sending logs on syslog: Jim Pingle wrote:
> Remote syslog data doesn't include the hostname, that is up to the receiving log server to handl... Idar Lund

11/30/2016

10:45 PM pfSense Packages Feature #4548: syslog-ng interface doesn't allow rule ordering: Thanks, that's a better solution. ;) Kill Bill
07:04 AM pfSense Packages Feature #4548 (Feedback): syslog-ng interface doesn't allow rule ordering: I've pushed a fix Renato Botelho
07:44 PM Bug #5413: Reduce disruptions when changing DNS records from DHCP leases in Unbound: Michael Marley wrote:
> Unbound is restarted directly by "dhcpleases"
Please post a Github link to the file + lin... ky41083 -
07:32 PM Bug #5413: Reduce disruptions when changing DNS records from DHCP leases in Unbound: With the patch above applied, and "Register DHCP leases in the DNS Resolver" enabled, the Unbound service does not re... ky41083 -
04:17 PM Revision 7f927cf4: Correct "not ready" flag: Steve Beaver
04:16 PM Revision 4a140c44: Correct "not ready" flag: Steve Beaver
03:55 PM Revision b4dd9f25: Allow for slower uFW by removing log file before upgrading, and allowing more time for the PID to appear: Steve Beaver
02:47 PM Revision 9ca5d4ab: Clarified help text for ddnsforcehostname option.: Ross Williams
02:38 PM Revision cfc10a33: Added title to ddnsforcehostname checkbox: Ross Williams
02:29 PM Revision a7e3001c: Removed TODO comment: Ross Williams
12:19 PM Bug #6977 (New): VLAN traffic is erroneously counted as underlying iface (untagged) traffic: On my pfs box I have one port carrying 3 subnets: first untagged and 2 other are VLANs, so the following layout:
igb... Dmitry Kernel
10:02 AM Bug #6963 (Resolved): SSH Keyboard-Interactive Authentication fails on 2.3.2/2.4: Working now Jim Pingle
09:35 AM Bug #6588: PHP suhosin max value length prevents Quagga OSPF from storing a very large zebra.conf: Attempting to store that large of value hits a suhosin variable limit. I updated the description of the ticket to mat... Jim Pingle
08:27 AM Bug #5993: dhcp6c not started until an RA received: I can see why it would end up being called twice since in certain combinations of configurations the script would end... Jim Pingle
03:53 AM Bug #5993: dhcp6c not started until an RA received: JimP, please look at the last entry here. Jim Thompson
02:45 AM Bug #5993: dhcp6c not started until an RA received: Whilst having a look at another issue, the fabled no release on dhcp6c option, I noticed on WAN intergace startup tha... Martin Wasley
08:21 AM Bug #6969 (Resolved): Insufficient error checking on static ARP entries: Jim Pingle
08:19 AM Bug #6969: Insufficient error checking on static ARP entries: Seems fixed in todays 2.4 snapshots.
It won't allow the static DHCP lease to be submitted and the error message giv... Steve Wheeler
07:20 AM Bug #6975 (Rejected): <Hostname> is omitted when sending logs on syslog: Remote syslog data doesn't include the hostname, that is up to the receiving log server to handle. Jim Pingle
03:55 AM Bug #6975 (Rejected): <Hostname> is omitted when sending logs on syslog: When sending "filterlog" over syslog the standard defined in https://doc.pfsense.org/index.php/Filter_Log_Format_for_... Idar Lund
07:16 AM Bug #6976 (Confirmed): Interface group and alias with same name creates firewall syntax error: This is also a problem on 2.4.
Input validation should prevent an alias from using a name that is already an inter... Jim Pingle
06:21 AM Bug #6976 (Resolved): Interface group and alias with same name creates firewall syntax error: The firewall fails to reload when using the same name for an alias and interface group.
Steps to reproduce:
1. Cr... Sander Peterse
07:06 AM pfSense Packages Bug #6547 (Feedback): syslog-ng log browser only shows the first few lines: PR has been merged Renato Botelho
04:05 AM pfSense Packages Bug #6763: Squid ClamAv wrong redirect URL: Frank Pineau wrote:
> I'm seeing the same redirect behavior.
Exact my problem.
So please reopen the issue. @... Richard Eberhard
03:33 AM Revision 1a6bda5b: Add ddnsforcehostname option to DHCP6 Server configuration editor: Ross Williams
03:30 AM Revision cf15bcb4: Add ddnsforcehostname option to DHCP Server configuration editor: Ross Williams
03:21 AM Revision 62abab65: Add ddnsforcehostname option to Static Mapping editor: Ross Williams
03:14 AM Revision f0cce276: Put DDNS hostname config in the wrong place: It is relevant to the interface, not just the per-static-mapping DDNS config. Ross Williams
03:01 AM Bug #6974 (Resolved): radvd enabled on a disconnected interface kills RA completely on all interfaces: After much head scratching about why devices are not getting v6 IPs any more, nothing short of disabling it on the di... Kill Bill
02:55 AM Revision 011f550d: Implement ddns-hostname option emission for static hosts in services.inc.: Ross Williams

11/29/2016

07:34 PM pfSense Packages Bug #6763: Squid ClamAv wrong redirect URL: I'm seeing the same redirect behavior. I can confirm that changing the GUI does update the squidclamav.conf file as i... Frank Pineau
07:18 PM Revision 75e80f16: If there are input errors when creating a user certificate from the user manager, stop and show the errors rather than appearing to fail silently. Fixes #6953: Jim Pingle
07:13 PM Revision 2cf5db21: Ensure that the submitted private key matches the certificate or CA when importing. Ticket #6953: Jim Pingle
06:48 PM Revision ab63443a: Fix certificate generation for CAs without a serial set on import. Fixes #6952: Jim Pingle
06:45 PM Bug #6588: PHP suhosin max value length prevents Quagga OSPF from storing a very large zebra.conf: Yet another Chris left so the bug went into an unassigned state.
JimP please verify, and assign back to me if we c... Jim Thompson
06:34 PM Revision 80080a0c: When deleting a CA, do not delete all certificates from this CA, only remove the CA reference from certificates that used this CA, as the relationship can be rebuilt if needed. Also, prevent in-use CAs from being deleted and print a list of places a CA is used, similar to the output on certificates. Fixes #6947: Jim Pingle
06:32 PM Revision e2c718c8: Add some CA in-use test utility functions. Ticket #6947: Jim Pingle
05:01 PM Revision cce6c834: Fix the static ARP test: Jim Pingle
04:57 PM Revision 04fe6f00: Update setup_wizard.xml: (cherry picked from commit b0b2af901f352dbbaad0b09d06fe7adb105ff7a4) Jonathon Anderson
04:57 PM Revision 04d7836b: LAN IP validation logic: (cherry picked from commit 6a365a4c80aced41ec87ad93ed2c986d9935a4ea) Jonathon Anderson
04:57 PM Revision d1a4cb8d: Update setup_wizard.xml: (cherry picked from commit 3ad0f9b63f690f77cf8c4d398b521eba6909f0bc) Jonathon Anderson
04:57 PM Revision ab5f464a: update conditional re:LAN dhcp: (cherry picked from commit 0eb2512f93c7e187511ea258948715c2e230e98f) Jonathon Anderson
04:57 PM Revision bdffccfd: update LAN regex for case insensitivity: (cherry picked from commit 32980f321e854bf008efa04ee9187553231b6423) Jonathon Anderson
04:56 PM Revision 31ec01c3: Merge pull request #3219 from NonSecwitter/patch-2: Renato Botelho
04:53 PM Revision 4a77c4ea: - added support for duiadns.net ipv4 and ipv6: (cherry picked from commit 19b7263e859243adfcf6588533cb47b4c768765e) Ionut
04:53 PM Revision 473f37a9: Merge pull request #3239 from duiadns/master: Renato Botelho
04:40 PM Revision 6cade780: IPv6 address can contain a dot: When requiring the entry of an IPv6 address, the regex pattern should still allow a dot, so that an IPv6 address can ... Phil Davis
04:39 PM Revision 6a320efb: Merge pull request #3241 from phil-davis/patch-2: Renato Botelho
04:37 PM Revision 6e623580: Captive portal: use "Admin Reset" as termination cause when disconnecting a user from admin UI: When a user is disconnected by the administrator using the pfSense captive portal status page or widget set the value... Caio Plumbeo
04:37 PM Revision 993ff722: Merge pull request #3243 from plumbeo/term-cause: Renato Botelho
04:33 PM Revision 7b861bce: clarified input format hint for expiration date: (cherry picked from commit 98b87cfafe8a890787ca5d22a1089678b9b250ac) Jonathon Anderson
04:33 PM Revision 890a80eb: Merge pull request #3244 from NonSecwitter/patch-3: Renato Botelho
03:53 PM Revision 7a9c12b3: Improve input validation on static ARP for DHCP static mapping entries, also prevent the backend from attempting to apply entries with insufficient information stored. Fixes #6969: Jim Pingle
02:47 PM Revision 98b87cfa: clarified input format hint for expiration date: Jonathon Anderson
02:34 PM Revision 2a119ed3: Captive portal: use "Admin Reset" as termination cause when disconnecting a user from admin UI: When a user is disconnected by the administrator using the pfSense captive portal status page or widget set the value... Caio Plumbeo
02:29 PM Revision 481db4fe: Reword/rework wireless note on assignment page. Ticket #6770: Jim Pingle
01:24 PM Bug #6947: Deleting an external CA wipes certificates in use: The cert case is much simpler since there is a field for that directly. All the code has to check for is that the cer... Jim Pingle
01:13 PM Bug #6947: Deleting an external CA wipes certificates in use: Jim Pingle wrote:
> That would require some more work to detect if it's the GUI cert's issuer.
Hmmm well, that al... Kill Bill
01:08 PM Bug #6947: Deleting an external CA wipes certificates in use: That would require some more work to detect if it's the GUI cert's issuer, and the GUI cert could be self-signed, sin... Jim Pingle
01:06 PM Bug #6947: Deleting an external CA wipes certificates in use: Looks pretty good. CA in use detection works (tested with OpenVPN server, IPsec and LDAP), plus can no longer be dele... Kill Bill
12:40 PM Bug #6947 (Feedback): Deleting an external CA wipes certificates in use: Applied in changeset commit:80080a0c8b5949b1af97d1d49b4cc834d06875cf. Jim Pingle
01:19 PM Bug #6953 (Feedback): on mismatching private key for CA, "edit user" silently creates user cert using different CA: I was unable to reproduce the problem exactly as stated, but I added validation code to prevent incorrect keys from b... Jim Pingle
12:50 PM Bug #6952 (Feedback): Generating user certs from imported CA fails silently when no starting serial# is set: Applied in changeset commit:ab63443a9184f42f6a47907e5f2d3fbab6ff043e. Jim Pingle
11:16 AM Bug #4479: Firewall rules won't match GRE interface after applying IPSEC transport encryption on GRE tunnel: Testing on 2.4 won't be reliable until #6937 is fixed. Jim Pingle
11:15 AM Bug #4479: Firewall rules won't match GRE interface after applying IPSEC transport encryption on GRE tunnel: It appears to be worse than before now too.... ICMP doesn't work across the tunnel now either. Jonathan Black
11:07 AM Bug #4479: Firewall rules won't match GRE interface after applying IPSEC transport encryption on GRE tunnel: Jorge Albarenque wrote:
> I can confirm this still occurs on 2.3.2. Probably worth checking on 2.4 since Chris had m... Jonathan Black
04:47 AM Bug #4479: Firewall rules won't match GRE interface after applying IPSEC transport encryption on GRE tunnel: I can confirm this still occurs on 2.3.2. Probably worth checking on 2.4 since Chris had mentioned it seemed to be re... Jorge Albarenque
10:50 AM pfSense Packages Bug #6603: pfblockerng's Unbound modifications leave system broken post-config restore: It's still a problem on 2.3 and 2.4... Jim Pingle
10:00 AM Bug #6969 (Feedback): Insufficient error checking on static ARP entries: Applied in changeset commit:7a9c12b3d6e01e11ec0af3a6690a5c3de2fbbd2e. Jim Pingle
09:35 AM Bug #6973 (Duplicate): OpenVPN fails to verify client certificate when using intermediate CAs to sign server/user certs: Duplicate of #2800 which is fixed on 2.4 already. Jim Pingle
09:22 AM Bug #6973 (Duplicate): OpenVPN fails to verify client certificate when using intermediate CAs to sign server/user certs: I am using pfSense and OpenVPN with a few intermediate CAs to seperate VPN servers by project:... Harald Linden
08:31 AM Bug #6770 (Resolved): 802.11 stack on FreeBSD 11 requires changes to support its new device creation method: It's working well now.
I updated the wiki and book to follow the new requirement, and made a slight adjustment to ... Jim Pingle
07:13 AM Bug #6972: "Are you sure you wish to?" prompts and other issues with deleting networks from network-type aliases: An example:
!https://s14.postimg.org/7fgw3jrxd/aliases_delete_wth.png! Kill Bill
07:02 AM Bug #6972 (Resolved): "Are you sure you wish to?" prompts and other issues with deleting networks from network-type aliases: I randomly keep getting a nonsensical "Are you sure you wish to?" prompt when deleting networks from network-type al... Kill Bill

11/28/2016

10:09 PM pfSense Packages Bug #6968: Snort VRT Rules Fail to automatically update SSL read error: Well, apparently not a package bug. Kill Bill
05:31 PM pfSense Packages Bug #6968: Snort VRT Rules Fail to automatically update SSL read error: Kill Bill wrote:
> You have pfBNG installed and Amazon S3 blocked?
Nope only package I have installed is snort.
... rub man
09:43 AM pfSense Packages Bug #6968: Snort VRT Rules Fail to automatically update SSL read error: You have pfBNG installed and Amazon S3 blocked? Kill Bill
08:54 AM pfSense Packages Bug #6968 (Rejected): Snort VRT Rules Fail to automatically update SSL read error: pfsense version: 2.3.2-RELEASE-p1 (amd64)
Snort Version: 3.2.9.1_14
Automatic update fails with following errors... rub man
09:14 PM pfSense Packages Bug #6971 (Closed): Interfaces.php: "Reserved Networks" checkboxes not shown: Using Windows 10 snap window function to resize Firefox to half the display size causes the checkboxes on Reserve Net... Bart K
09:12 PM Bug #4479: Firewall rules won't match GRE interface after applying IPSEC transport encryption on GRE tunnel: yet another case where we lost track of the bug because Chris just removed himself when he left.
assigned back to ... Jim Thompson
09:08 PM Bug #6938: DNS with OpenVPN gateway specified is routed through wrong interface. 2.4 regression.: i think this is a freebsd bug, might be fixed. Jim Thompson
09:04 PM Bug #6947: Deleting an external CA wipes certificates in use: please validate and hand back. Jim Thompson
09:03 PM Feature #6960: Introduce Kea DHCP as an alternative DHCP server for IPv4 and IPv6: they moved because it's better.
but they have a really large environment.
we've known about kea for a while. (... Jim Thompson
08:57 PM pfSense Packages Bug #6603: pfblockerng's Unbound modifications leave system broken post-config restore: JimP, please verify, and if not valid, close.
If valid, please hand-off to bbcan117 Jim Thompson
08:11 PM Bug #6970 (Rejected): Update pfSense 2.3 to Unbound 1.5.10: It's already in 2.3.3 snapshots Jim Pingle
07:57 PM Bug #6970 (Rejected): Update pfSense 2.3 to Unbound 1.5.10: I noticed the Unbound version pfSense is shipping is a bit old at 1.5.9. The latest release is 1.5.10. The .10 releas... Brad Smith
03:35 PM Revision d68efad1: Fix System Update link: Renato Botelho
03:35 PM Revision 85b36c34: Fix System Update link: Renato Botelho
01:16 PM Revision cacbc2cb: Send packages to files03 too: Renato Botelho
01:16 PM Revision f74e2105: Send packages to files03 too: Renato Botelho
01:15 PM Revision c3d2384b: Send packages to files03 too: Renato Botelho
12:01 PM Bug #6969 (Confirmed): Insufficient error checking on static ARP entries: Adding a note to clarify: It is OK for "IP address" to be blank/empty if "ARP Table Static Entry" is unchecked. Jim Pingle
11:40 AM Bug #6969 (Resolved): Insufficient error checking on static ARP entries: When creating a static DHCP lease entry the GUI input checking does not prevent checking 'static ARP' without enterin... Steve Wheeler
11:14 AM Bug #6963: SSH Keyboard-Interactive Authentication fails on 2.3.2/2.4: Applied in changeset commit:b35fc4331ac78f9459db00be04dc6b077f168593. Jim Pingle
08:43 AM Bug #6223: IPsec + OpenBGPD fails with "PF_KEY socket: No buffer space available": To all having this problem - while there is no fix yet, I have put together a workaround I have been using successful... Firstname Surname
08:08 AM Bug #6966: Display bug in Status / IPsec / Overview: Jim Pingle wrote:
> That page outputs what is given to it by strongSwan. Check the output of "ipsec statusall" from ... Lars Jorgensen
07:35 AM Bug #6966 (Feedback): Display bug in Status / IPsec / Overview: That page outputs what is given to it by strongSwan. Check the output of "ipsec statusall" from the console when it's... Jim Pingle
06:10 AM Bug #6966 (Resolved): Display bug in Status / IPsec / Overview: I have to IPsec tunnels configured. If one goes up, it is reported as both connected and disconnected in two separate... Lars Jorgensen
07:41 AM Bug #6967 (Resolved): DH Groups 22, 23, 24 missing from Phase 2 selection GUI: When configuring IPSec you can select DH Groups 22-24 for Phase 1, but for Phase 2 they are missing from the GUI.
... Sec Sec

11/27/2016

06:31 PM pfSense Packages Bug #6763: Squid ClamAv wrong redirect URL: And as for "the GUI does nothing":
!https://s15.postimg.org/fk5zywtsr/clamav_redirect_empty.png!... Kill Bill
06:04 PM pfSense Packages Bug #6763: Squid ClamAv wrong redirect URL: The default URL is set to the pfSense GUI URL on package install. Simply because that's the only sensible default. Th... Kill Bill
02:40 PM pfSense Packages Bug #6763: Squid ClamAv wrong redirect URL: See: https://forum.pfsense.org/index.php?topic=115323.0 Richard Eberhard
02:39 PM pfSense Packages Bug #6763: Squid ClamAv wrong redirect URL: Kill Bill wrote:
> Richard Eberhard wrote:
> > I also tried adding a redirect command in the custom squid config: n... Richard Eberhard
08:28 AM pfSense Packages Bug #6763 (Not a Bug): Squid ClamAv wrong redirect URL: Jim Pingle
04:08 AM pfSense Packages Bug #6763: Squid ClamAv wrong redirect URL: No bug here, let alone "very high" severity, can be closed. This is configurable in the GUI as shown above. Kill Bill
06:28 PM Bug #6223: IPsec + OpenBGPD fails with "PF_KEY socket: No buffer space available": Has anyone attempted this with 2.4 beta? I've already burned my downtime allowance testing with 2.3.x versions and va... Michael OBrien
05:53 PM pfSense Packages Bug #6562: Bug/Wrong description in the squid settings: Yes, set CN property surprisingly sets CN property. Sigh. Because that's exactly the purpose of the feature. Set != s... Kill Bill
02:46 PM pfSense Packages Bug #6562: Bug/Wrong description in the squid settings: Kill Bill wrote:
> Sorry, but browser thinking a certificate is valid when it's not is NOT a Squid issue. Stop doing... Richard Eberhard
08:30 AM pfSense Packages Bug #6562 (Not a Bug): Bug/Wrong description in the squid settings: Jim Pingle
04:16 AM pfSense Packages Bug #6562: Bug/Wrong description in the squid settings: Sorry, but browser thinking a certificate is valid when it's not is NOT a Squid issue. Stop doing HTTPS MITM if you h... Kill Bill
08:34 AM pfSense Packages Bug #5701 (Not a Bug): Sarg does not delete cron entry: Jim Pingle
08:04 AM pfSense Packages Bug #5701: Sarg does not delete cron entry: Ale Feltes wrote:
> I can't see issue's status control. I can only add comments.
That was aimed @pfSense guys. :) Kill Bill
07:06 AM pfSense Packages Bug #5701: Sarg does not delete cron entry: I can't see issue's status control. I can only add comments. Ale Feltes
04:35 AM pfSense Packages Bug #5701: Sarg does not delete cron entry: Package no longer exists in 2.3+, use lightsquid.
Please, close.
Kill Bill
08:34 AM pfSense Packages Bug #3986 (Closed): BandwidthD can break php-fpm in unknown rare edge case: Jim Pingle
04:56 AM pfSense Packages Bug #3986: BandwidthD can break php-fpm in unknown rare edge case: Package gone, please close. Kill Bill
08:33 AM pfSense Packages Feature #2170 (Closed): Enable AirPrint mdns via Avahi: Jim Pingle
04:43 AM pfSense Packages Feature #2170: Enable AirPrint mdns via Avahi: This already works with Avahi as noted above. Please, close this. Kill Bill
08:32 AM pfSense Packages Bug #4676 (Rejected): Avahi & .local domain in config file: Jim Pingle
04:41 AM pfSense Packages Bug #4676: Avahi & .local domain in config file: Cannot be reproduced plus concerns obsolete 2.2.x PBI stuff.
Please, close. Kill Bill
08:31 AM pfSense Packages Bug #4301 (Closed): arpwatch not sending email reports on 2.2: Jim Pingle
04:37 AM pfSense Packages Bug #4301: arpwatch not sending email reports on 2.2: Package no longer exists in 2.3+, please close. Kill Bill
08:31 AM pfSense Packages Feature #6141 (Resolved): Convert apcupsd package to 2.3: Jim Pingle
04:33 AM pfSense Packages Feature #6141: Convert apcupsd package to 2.3: Been already done, can be closed.
https://github.com/pfsense/FreeBSD-ports/commits/devel/sysutils/pfSense-pkg-apcupsd Kill Bill
08:30 AM pfSense Packages Bug #6252 (Not a Bug): Can't access darkstat if webgui is on HTTPS.: Jim Pingle
04:25 AM pfSense Packages Bug #6252: Can't access darkstat if webgui is on HTTPS.: Darkstat does not support HTTPS. Cannot be fixed in the package. The issue is HSTS headers set by pfSense nginx. Best... Kill Bill
08:30 AM pfSense Packages Bug #6485 (Rejected): Squid garbage collection is a blocking thread and stops all network traffic: Jim Pingle
04:20 AM pfSense Packages Bug #6485: Squid garbage collection is a blocking thread and stops all network traffic: Upstream bug tracker for Squid is at http://bugs.squid-cache.org/describecomponents.cgi?product=Squid - the pfSense p... Kill Bill
08:29 AM pfSense Packages Bug #6497 (Closed): Squid3 web GUI page not saving settings for users in custom system privileged groups in v 2.2.2: Jim Pingle
04:13 AM pfSense Packages Bug #6497: Squid3 web GUI page not saving settings for users in custom system privileged groups in v 2.2.2: 2.2.x is dead, plus this would not be a Squid package bug at all. Please, close this. Kill Bill
08:28 AM pfSense Packages Bug #6814 (Not a Bug): pfBlockerNG cannot define table pfB_Europe_v6 after pfsense upgrade to 2.3.2-RELEASE (amd64): Jim Pingle
04:05 AM pfSense Packages Bug #6814: pfBlockerNG cannot define table pfB_Europe_v6 after pfsense upgrade to 2.3.2-RELEASE (amd64): No bug here, can be closed. Kill Bill
06:32 AM pfSense Packages Feature #6965 (Resolved): suricata + snort - making custom passlist additive to the default one: It'd seriously help to have a checkbox that'd simply _add_ whatever custom alias(es) to the default passlist, instead... Kill Bill
04:39 AM Feature #5619: Curl with ARES support: This is misfiled under Packages product, any changes here would need to be done in pfSense core. Kill Bill

11/26/2016

09:15 PM pfSense Packages Bug #6047: syslog-ng does not logrotate: Well, this still does not work properly at least with bzip2, because:... Kill Bill
04:19 PM Revision b0b2af90: Update setup_wizard.xml: Jonathon Anderson
04:18 PM pfSense Packages Bug #6690: SURICATA IPS Issue - Kills VLANS & Traffic Shaper: There's already #6023 for netmap + shaping. Kill Bill
02:12 PM Bug #5649: bce0: Discard frame w/o leading ethernet header (len 0 pkt len 0): I believe this issue can now be closed.
After using pci-stub on the Linux host for the two NIC's in question, whic... Matt Parnell
12:21 PM pfSense Packages Bug #6964 (Resolved): Host OS Policy Assignment broken when using "Import" or "Aliases" buttons: The policy always gets assigned to the first instance (normally probably WAN) when you either
- use the Import butto... Kill Bill
10:41 AM Revision b8678b63: IPv6 address can contain a dot: When requiring the entry of an IPv6 address, the regex pattern should still allow a dot, so that an IPv6 address can ... Phil Davis
06:44 AM pfSense Packages Bug #6389: Suricata typo under interface rules tab: https://github.com/pfsense/FreeBSD-ports/pull/220 Kill Bill
06:38 AM pfSense Packages Bug #5938: Link for Signing up for ETPro account got changed - Suricata: This got broken again. Together with some other cosmetics, this is fixed by https://github.com/pfsense/FreeBSD-ports/... Kill Bill

11/25/2016

10:27 PM Bug #6962: GUI allows selecting missing diffe-helman Paremeters for OpenVPN: My vote would be either to grey out or remove the missing parameters from the OpenVPN dropdown, or to kick off a back... Andy Sayler
09:25 AM Bug #6962 (Confirmed): GUI allows selecting missing diffe-helman Paremeters for OpenVPN: The GUI should probably grey out or otherwise note the selections without available files. Or maybe check for @/etc/d... Jim Pingle
09:04 PM Revision 19b7263e: - added support for duiadns.net ipv4 and ipv6: Ionut
08:17 PM Revision 8505ccf0: Disable PAM when using only key-based authentication, otherwise keyboard-interactive fails. Fixes #6963: Jim Pingle
08:17 PM Revision ec64b0a8: Disable PAM when using only key-based authentication, otherwise keyboard-interactive fails. Fixes #6963: Jim Pingle
08:08 PM Revision b35fc433: Disable PAM when using only key-based authentication, otherwise keyboard-interactive fails. Fixes #6963: Jim Pingle
05:09 PM Revision 6be782ed: increase webgui usability when the remote ldap server isn't available: (cherry picked from commit b77a63948b4bd54f3d2e6e9d3822588105fb5741) Pi Ba
05:09 PM Revision 23a8dae0: Merge pull request #3196 from PiBa-NL/authfallbackspeed: Renato Botelho
05:06 PM Revision 54098908: ipsec mobile clients, don't check mobile leases if mobile client isn't enabled to begin with: (cherry picked from commit 339279415ced4aaaafb96fc14a334a172b8db49f) Pi Ba
05:06 PM Revision ba2253da: Merge pull request #3212 from PiBa-NL/ipsec-mobile-leasecheck: Renato Botelho
05:05 PM Revision 9e2fa369: Improved error message to explicitly state allowable characters: Related to Bug #6432.
(cherry picked from commit 3b55b54e9c76998a2b0e28897a0be79d5cf0cb8f) Sean McBride
05:05 PM Revision 823091b1: Merge pull request #3216 from seanm/master: Renato Botelho
05:01 PM Revision f968d06d: DHCPv6 ddnsdomainprimary must currently be IPv4: This field is currently validated to allow only an IPv4 address to be entered, so it may as well be consistent client... Phil Davis
05:00 PM Revision d0e73557: Merge pull request #3231 from phil-davis/patch-8: Renato Botelho
04:59 PM Revision 19509df3: services_dhcp_edit add extra IPv4 validation: a) Validate that ipaddr must be IPv4 (note if you enter an IPv6 address, it will fail other later tests of being in t... Phil Davis
04:59 PM Revision ab97c6aa: Merge pull request #3230 from phil-davis/patch-7: Renato Botelho
04:48 PM Revision e9544016: Specify the IP address family in interfaces.php: Where it is known what sort of IP address is required, we can specify it in the call to Form_IpAddress. That will mak... Phil Davis
04:48 PM Revision 8adb1946: Merge pull request #3226 from phil-davis/patch-3: Renato Botelho
04:47 PM Revision 57808367: Keep the rule type selection after input errors on firewall rule: If the user:
a) Edit a firewall rule
b) Select "single host or alias"
c) Enter an invalid IP address that is not an a... Phil Davis
04:47 PM Revision 81e2aa25: Merge pull request #3224 from phil-davis/patch-2: Renato Botelho
04:45 PM Revision fbcdf576: add All-Inkl to services.class: (cherry picked from commit 360f3a9011d143944fcd8e5e6b69fced2f9baaf7) Christoph Filnkößl
04:45 PM Revision 3c2a6448: add All-Inkl to dyndns.class: (cherry picked from commit 575b1dcf0bdb28c431fca420d27bdedf579ec9c4) Christoph Filnkößl
04:45 PM Revision 75357823: Merge pull request #3223 from filnko/patch-1: Renato Botelho
04:11 PM Bug #6963 (Feedback): SSH Keyboard-Interactive Authentication fails on 2.3.2/2.4: I pushed a fix as stated. Works fine with and without key-based auth. Needs more testing once it hits snaps. Jim Pingle
02:15 PM Bug #6963 (Resolved): SSH Keyboard-Interactive Authentication fails on 2.3.2/2.4: The ssh authentication "keyboard-interactive" method fails on 2.3.2 and 2.4
This is due to the use of @UsePAM no@ ... Jim Pingle
09:28 AM Feature #6961 (Duplicate): IPv4/IPv6 Dual-Stack IPSEC mobile vpn: Duplicate of #6886 Jim Pingle

11/24/2016

04:21 PM Bug #6962: GUI allows selecting missing diffe-helman Paremeters for OpenVPN: Uhm... generating these "on demand" is a horrible idea. Should be either pre-shipped or user told to do the job. User... Kill Bill
03:58 PM Bug #6962 (Resolved): GUI allows selecting missing diffe-helman Paremeters for OpenVPN: When trying to use a 3072-bit Diffie-Hellman parameter with the OpenVPN server, the following error is logged and the... Andy Sayler
12:43 PM Revision f6bea44d: Silence kenv calls: Renato Botelho
12:43 PM Revision 411f439a: Silence kenv calls: Renato Botelho
12:21 PM pfSense Packages Bug #6547: syslog-ng log browser only shows the first few lines: Kinda difficult to come with "pfSense native firewall"-like GUI, considering there's no pattern about what's going to... Kill Bill
11:26 AM pfSense Packages Feature #4548: syslog-ng interface doesn't allow rule ordering: See https://github.com/pfsense/FreeBSD-ports/pull/218 Kill Bill
09:31 AM Feature #6961 (Duplicate): IPv4/IPv6 Dual-Stack IPSEC mobile vpn: It would be nice to have possibility to create Phase1 IPSec for Mobile Clients - for both IPv4 and IPv6.
Currently... Vladimir Lind
07:51 AM Feature #6960: Introduce Kea DHCP as an alternative DHCP server for IPv4 and IPv6: It looks like Facebook migrated to Kea DHCP. Should be for a good reason [[https://code.facebook.com/posts/8459090588... Raul Ramos
06:51 AM Feature #6960 (Resolved): Introduce Kea DHCP as an alternative DHCP server for IPv4 and IPv6: I think it would be a good idea to at least take a look at kea dhcp by ISC. It seems to be a much better solution for... Bogdan P
07:22 AM pfSense Packages Bug #6492 (Resolved): Syslog-ng configuration file warning is treated as syntax error: Renato Botelho
07:05 AM pfSense Packages Bug #6492: Syslog-ng configuration file warning is treated as syntax error: Already fixed by https://github.com/pfsense/FreeBSD-ports/commit/5f79e53dcae89bb185279ba2164a99891bb70dfd Kill Bill
03:28 AM Bug #6959 (Feedback): Remove or rename "LiveCD" option in the 2.4 installer: Done Renato Botelho
03:24 AM Bug #6762: "Please match the requested format" error in Chrome when editing certain form fields: I'm still having this issue.
Norwegian settings in Chromve version 55.0.2883.59
I get the error when trying to ad... Øistein Kjos

11/23/2016

06:47 PM Revision 581aa622: Added addrtolower() to interface pages: Steve Beaver
06:47 PM Revision 5af93827: Added addrtolower() to interface pages: Steve Beaver
02:36 PM Revision 3947f294: Add a note that wireless clones must be created before they can be assigned. This should fix #6770: Renato Botelho
02:35 PM Bug #6850: FreeBSD 11.0 Route Syntax Change For Non-Local Gateway: After going into System -> Routing -> Gateways, clicking edit on the current gateway outside the subnet, don't even h... Ken Sim
02:34 PM Revision 656ed1af: Start wireless clone count from 0: Renato Botelho
02:23 PM Bug #6959 (Resolved): Remove or rename "LiveCD" option in the 2.4 installer: When booting the 2.4 install media, the first screen of the installer offers a "Live CD" choice that is confusing to ... Jim Pingle
02:11 PM Revision 930ca820: Change wireless interface description: Renato Botelho
12:51 PM Bug #6958 (Resolved): services_dhcp_relay.php: Needs to be converted to more recent rowhelper standard: Page still uses the deprecated setIsRepeated() method on the group. We no longer do that. Anonymous
12:18 PM Bug #6957 (Closed): CARP arp reply with wrong src mac: The problem is same as https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=141023
I find a patch on pfsense/FreeBSD-sr... zhiwu shan
12:01 PM Feature #6956 (New): Allow more control over concurrent logins: Currently there is a checkbox that allows concurrent logins, or not. I'd like to be able to replace that binary check... Michael Newton
11:56 AM Bug #6955 (Resolved): The uniqid of the virtual IP address is lost when you modify the vip type: My interfaces：LAN, WAN, WAN2
1、I add IP Alias VIP 155.155.155.155 on WAN2, it's ok. Get the uniqid: 5831b1cbbbdcd
... zhiwu shan
09:47 AM Bug #6954 (Resolved): New installer has no "Quick/Easy" installation option: The new installer has a number of useful options but there is no choice that replicates the "Quick/Easy Install" opti... Jim Pingle
09:46 AM Bug #6770 (Feedback): 802.11 stack on FreeBSD 11 requires changes to support its new device creation method: After discussed it, we decided to let user create wireless clone interface before assign it and remove any special tr... Renato Botelho
07:42 AM Bug #6770: 802.11 stack on FreeBSD 11 requires changes to support its new device creation method: It works on the latest CE snapshot from overnight, but there is one regression from the previous behavior. At the mom... Jim Pingle
04:40 AM Bug #6770: 802.11 stack on FreeBSD 11 requires changes to support its new device creation method: Kill Bill wrote:
> I guess you produced a typo in the latest commit.
>
> [...]
>
> https://github.com/pfsense/... Renato Botelho
08:06 AM Bug #6953 (Resolved): on mismatching private key for CA, "edit user" silently creates user cert using different CA: Steps to reproduce:
* have existing internal CA
* import external CA (in my case, signed by the internal CA but g... Harald Linden
06:59 AM Bug #6952 (Resolved): Generating user certs from imported CA fails silently when no starting serial# is set: Steps to reproduce:
* Import external CA
* Do not set "Serial for next certificate"
* Try to create a user certi... Harald Linden
12:41 AM Revision 5794e197: Fix typo. Ticket #6770: Jim Pingle

11/22/2016

05:54 PM Revision ae7d6aca: Ticket #6770: Create a function to list available wireless interfaces and include model description: Renato Botelho
05:40 PM Revision d3343d02: Ticket #6770: Detect wlan interfaces from sysctl net.wlan.devices: Renato Botelho
04:56 PM Bug #6770: 802.11 stack on FreeBSD 11 requires changes to support its new device creation method: I guess you produced a typo in the latest commit.... Kill Bill
04:49 PM Bug #6931 (Resolved): Status > Filter Reload page is confusingly worded: Renato Botelho
02:48 PM Bug #6931: Status > Filter Reload page is confusingly worded: Wow, this is much better than before, shows complete progress output now. 8-) Thanks. Kill Bill
04:23 PM Revision ac516731: Ticket #6770: Update wireless regex to match FreeBSD 11: Renato Botelho
03:45 PM Revision 499ff8fc: Added addrtolower calls to force IPv6 addresses to lower case: First of many Steve Beaver
03:45 PM Revision 5100064f: Added addrtolower calls to force IPv6 addresses to lower case: First of many Steve Beaver
09:51 AM Bug #6864 (Assigned): Error checking rejects IPv6 addresses with upper case A-F.: Force IPv6 to lowercase via addrtolower() has been added to:
firewall_aliases_edit.php
firewall_rules_edit.php
... Anonymous
09:48 AM Bug #6918 (Closed): Javascript Lowercase for IPv6 addresses prevents use of aliases with capital letters: Closed in favor of #6864 Anonymous
09:40 AM Bug #6945: Firewall alias naming restrictions are too limiting: What happens if you use www.xn--bcher-kva.ch as the name to block in the rule?
Is that effective?
I wonder if pf ... Phillip Davis
09:33 AM Bug #6946 (Not a Bug): Unable to override dns servers in dhcp server: Most likely it's a configuration issue and not a bug. It's best to discuss this on the forum before opening a bug rep... Jim Pingle
09:22 AM Bug #6946: Unable to override dns servers in dhcp server: What appears in /var/dhcpd/etc/dhcpd.conf ?
When I put specific DNS servers in there, I get a line like:
option dom... Phillip Davis
08:37 AM pfSense Packages Feature #6951 (Resolved): Disable Auto Config Backup without uninstalling: The only way to disable the auto config backup package after the credentials have been entered is to uninstall it. Th... Steve Wheeler
08:32 AM pfSense Packages Bug #6950 (Resolved): Auto Config Backup always reports success: The 'Backup Now' function always reports 'Backup completed successfully.' even if the backup to the server failed. If... Steve Wheeler
06:44 AM pfSense Packages Bug #6410 (Resolved): when PFSENSE after server restart,openvpn+motp not login: Fixed by #6900 Jim Pingle
02:23 AM pfSense Packages Bug #6410: when PFSENSE after server restart,openvpn+motp not login: SOLVED: Did update with Version freeradius2 1.7.4 and everything runs fine now Johannes Goldynia
12:19 AM Revision dd98dfcc: The bug was actually the missing new line ('\n') on poudriere bulk list.: Luiz Souza
12:08 AM Revision 78dd16ee: net/hping does not build on ARM, exclude it from poudriere builds.: Luiz Souza

11/21/2016

07:37 PM Revision 028596d8: Revise filter_reload page to display entire reload_filter_status contents, not just last line: Steve Beaver
07:36 PM Revision d00157df: Revise filter_reload page to display entire reload_filter_status contents, not just last line: Steve Beaver
06:58 PM Revision 71b86385: Revise shaper wizards to support multi-line filter_reload_status: Steve Beaver
06:57 PM Revision de1425d9: Revise shaper wizards to support multi-line filter_reload_status: Steve Beaver
06:54 PM Revision 5bf9c6f7: Revise update_filter_relaod_status() function to append status messages rather than overwrite the file: Steve Beaver
06:53 PM Revision 4f7956ad: Revise update_filter_relaod_status() function to append status messages rather than overwrite the file: Steve Beaver
04:49 PM Revision df995721: Merge branch 'master' of git.netgate.com:pfsense/pfsense: Steve Beaver
04:47 PM Revision a7391526: Fixed #6922: Added code for IPv6 Dynamic DNS Steve Beaver
04:46 PM Revision 707e1ac2: Fixed #6922: Added code for IPv6 Dynamic DNS Steve Beaver
04:12 PM Revision 9e8a731d: Remove deprecated code: Renato Botelho
04:12 PM Revision 23960be7: /var/etc/* has been removed above: Renato Botelho
04:06 PM Revision fc84b222: Remove config files symlinks from /etc to /var/etc. Fixes #5538: Renato Botelho
04:06 PM Revision a5dd605a: We don't need to remove newsyslog.conf: Renato Botelho
03:38 PM Revision f6973634: Fixed #6939 by moving CSS only to the two pages that require it: Steve Beaver
03:37 PM Revision dd455f50: Fixed #6939 by moving CSS only to the two pages that require it: Steve Beaver
02:05 PM Revision c945d7a5: This should be 'default' rather than 'panic' or some non-panic crashes will land at a debugger prompt rather than rebooting.: Jim Pingle
01:51 PM Bug #6931: Status > Filter Reload page is confusingly worded: Thanks for looking into it (it's not like the exact messages would be really critical, but it was an indication of a ... Kill Bill
01:43 PM Bug #6931: Status > Filter Reload page is confusingly worded: The root cause of the issue was that the filter reload process over-wrote the status file with every message, so ther... Anonymous
11:59 AM Bug #6931: Status > Filter Reload page is confusingly worded: The system I was testing on was too fast to notice the intermediate messages. Thanks for pointing that out. Fix coming. Anonymous
11:21 AM Bug #6931: Status > Filter Reload page is confusingly worded: I'm very sure the thing has actually been displaying _real_ activity during reload. Such as, loading the various pack... Kill Bill
11:14 AM Bug #6931: Status > Filter Reload page is confusingly worded: Previously when visiting the page from the status menu the page would say that it was reloading the filter then after... Anonymous
10:23 AM Bug #6931: Status > Filter Reload page is confusingly worded: Uhm, dunno guys, it appears to me like this made the thing basically no-op? Previously, it's been showing what's goin... Kill Bill
12:34 PM Revision 0529323f: Force textdump, it should fix #6943: Renato Botelho
12:34 PM Revision a7d88d2c: Add our own ddb.conf: Renato Botelho
10:58 AM Bug #6922 (Resolved): Dynamic DNS widget broken with Custom v6 entries: Anonymous
10:57 AM Bug #6922: Dynamic DNS widget broken with Custom v6 entries: Works, thanks.
!https://s22.postimg.org/kxalm38rl/screenshot_dyndns_widget.png! Kill Bill
10:54 AM Bug #6922: Dynamic DNS widget broken with Custom v6 entries: Added code to handle IPv6 (cache file has "_v6" appended) Anonymous
10:50 AM Bug #6922: Dynamic DNS widget broken with Custom v6 entries: Applied in changeset commit:a7391526c83a8d4b33e81d730141a4811ae8d482. Anonymous
09:38 AM Bug #6922: Dynamic DNS widget broken with Custom v6 entries: ... Kill Bill
08:58 AM Bug #6922 (Feedback): Dynamic DNS widget broken with Custom v6 entries: Kill Bill,
Could you post or send me the contents of the /cf/conf/*.cache file that pertains to he HEIPV6 entry pl... Anonymous
10:57 AM Bug #6864: Error checking rejects IPv6 addresses with upper case A-F.: See #6918
A new function has been provided to force IPv6 to lower case on save. This is being added to GUI pages as ... Anonymous
10:13 AM pfSense Packages Bug #6939 (Resolved): HAproxy - backend server list broken with recent 2.3.3 snapshots: Renato Botelho
09:52 AM pfSense Packages Bug #6939: HAproxy - backend server list broken with recent 2.3.3 snapshots: Fixed. Dragging below/above the visible window in FW rules works, HAproxy and Status_Traffic_Totals still have the re... Kill Bill
09:50 AM pfSense Packages Bug #6939: HAproxy - backend server list broken with recent 2.3.3 snapshots: Applied in changeset pfsense:commit:f6973634c34b34908644e2df17154274d2ab12be. Anonymous
09:40 AM pfSense Packages Bug #6939: HAproxy - backend server list broken with recent 2.3.3 snapshots: Applied in changeset pfsense:commit:dd455f50b7be7957428b0733b5b2c93ccba9e284. Anonymous
09:37 AM pfSense Packages Bug #6939 (Feedback): HAproxy - backend server list broken with recent 2.3.3 snapshots: The scroll gimmick CSS has been removed from the master CSS file, and added only to firewall_rues.php and firewall_na... Anonymous
10:10 AM Todo #5538 (Feedback): remove symlinks from /etc/ to /var/etc/: Applied in changeset commit:fc84b222e75c9d92e394a2e9ddb80c5ead382f52. Renato Botelho
09:02 AM Bug #6903 (Resolved): services_dnsmasq_edit.php: Configuration XML hosts section order appears randomized: Anonymous
09:02 AM Bug #6918: Javascript Lowercase for IPv6 addresses prevents use of aliases with capital letters: I have added a new function addretolower() to detect if a string is a valid IPv6 address, and if so convert it to low... Anonymous
08:09 AM Bug #6943 (Resolved): Textdumps are not working on 2.4 (No DDB): That worked, thanks!
I did make one small tweak. Before, we used @kdb.enter.default@ rather than @kdb.enter.panic@... Jim Pingle
06:40 AM Bug #6943 (Feedback): Textdumps are not working on 2.4 (No DDB): Applied in changeset commit:0529323ff97f81e0203553086df8917aeb5542d3. Renato Botelho
06:01 AM Bug #6658: DHCP Relay not working on 2.3.2: Kill Bill wrote:
> Yay!!! Will only be able to test after this weekend; going to post feedback here. Thanks.
!htt... Kill Bill
02:56 AM Bug #6949 (Resolved): username/password not used by proxy support: hello,
it seems that username and password is not used for the proxy connection. it works only with IP and port but ... Giuanin Piemunteis
01:57 AM Bug #6925: System Update Failed: I was able to update. But I had to take the cable out of the router and leave it to pfsense only. Very sensitive. lol... Edson Bueno

11/20/2016

04:35 PM Bug #6945: Firewall alias naming restrictions are too limiting: I am well aware of DNS's Punycode encoding and of the homograph problem. The former is alas needed for backwards com... Sean McBride
01:02 PM pfSense Packages Bug #6948: HAproxy files tab input validation nonsense - impossible to save files: Hmmm... So, that's caused by the bogus empty file at the top, which I never placed there in the first place. NFC how ... Kill Bill
12:56 PM pfSense Packages Bug #6948 (Resolved): HAproxy files tab input validation nonsense - impossible to save files: No idea what's this bootstrap nonsense validating where yet again. It is absolutely impossible to input anything ther... Kill Bill
04:38 AM Bug #6947 (Resolved): Deleting an external CA wipes certificates in use: This is beyond uncool. When I accidentally deleted an external (intermediate) CA cert from the CAs tab, it wiped the ... Kill Bill
01:08 AM Bug #6946 (Not a Bug): Unable to override dns servers in dhcp server: Trying to provide specific DNS servers for specific optX network. No matter what I set the dns server fields to, the... Sean Bales

11/19/2016

10:49 PM Revision ce983754: openvpn, startup locking sequence to prevent issues around pid file / process management: fixes: https://redmine.pfsense.org/issues/6940 Pi Ba
05:13 PM Bug #6945: Firewall alias naming restrictions are too limiting: This is how's www.bücher.ch represented in DNS: www.xn--bcher-kva.ch; believe it or not, people do NOT want to deal w... Kill Bill
04:09 PM Bug #6945: Firewall alias naming restrictions are too limiting: Thanks for the link. Hopefully they won't reject the bug. Why do you think they would? (You do know that the majo... Sean McBride
02:37 PM Bug #6945: Firewall alias naming restrictions are too limiting: Sean McBride wrote:
> Do you know where I should file this upstream then?
https://bugs.freebsd.org/ if you insist... Kill Bill
01:22 PM Bug #6945: Firewall alias naming restrictions are too limiting: I figured it would be something like that.
Do you know where I should file this upstream then? Sean McBride
12:48 PM Bug #6945 (Rejected): Firewall alias naming restrictions are too limiting: We are bound by the limits in pf. We can only allow what they allow. (A-Z, a-z, 0-9, and _)
Use the description fi... Jim Pingle
12:40 PM Bug #6945 (Rejected): Firewall alias naming restrictions are too limiting: In Firewalls > Aliases, when creating/editing an alias there is a 'name' field. This field disallows most characters... Sean McBride
04:57 PM Bug #6132: race condition in OpenVPN startup: Just found this one issue, looks i made a duplicate https://redmine.pfsense.org/issues/6940 , i did implemented the '... Pi Ba
04:52 PM Bug #6940: OpenVPN management socket not listening after bootup / cannot restart the service.: Fixable by: https://github.com/pfsense/pfsense/pull/3236 Pi Ba
03:58 PM Bug #6943 (Confirmed): Textdumps are not working on 2.4 (No DDB): DDB is there now but something still isn't triggering textdumps. 2.4 has a different /etc/ddb.conf file from the one ... Jim Pingle
03:36 PM pfSense Packages Bug #6939: HAproxy - backend server list broken with recent 2.3.3 snapshots: I quoted a wrong post, however, both the HAproxy and the Status_Traffic_Totals have been fixed by reverting the offen... Kill Bill
03:05 PM pfSense Packages Bug #6939: HAproxy - backend server list broken with recent 2.3.3 snapshots: Kill Bill wrote:
> I'm not one of those bootstrap guys. :/ Perhaps @sbeaver could help. As for excessively wide drop... Kill Bill
02:34 PM Todo #6332: Upgrade encryption options to cover current range of recommendations: I believe such an RFC exists already:
https://tools.ietf.org/html/rfc6151
Section 2: "MD5 is no longer acceptab... Sean McBride
12:38 PM Todo #6944 (Closed): dhcp6c releasing allocation: There is a problem some users are having with dhcp6c sending a release on exit, in 99% of cases this is not an issue ... Martin Wasley
01:21 AM Feature #6832: [PATCH] Add the USB ID for the Sierra MC7430: Thanks, but I don't see it in the @RELENG_2_4@ branch. Jose Luis Duran

11/18/2016

08:22 PM Bug #6941: VLAN interface does not work unless parent/or vlan interface are in promiscious mode: There are known issues with re(4) and spoofed MACs, it isn't always the driver, sometimes it is the chip itself.
Y... Jim Pingle
07:44 PM Bug #6941: VLAN interface does not work unless parent/or vlan interface are in promiscious mode: Jim Pingle wrote:
> That would be a limit of your specific NIC chip and/or driver. If it's possible to be fixed at a... Thomas Nilsen
06:33 PM Revision 86bb5c37: Build hping: Jim Pingle
06:33 PM Revision 6be47576: Build hping: Jim Pingle
06:32 PM Revision c1d124be: Build hping: Jim Pingle
04:51 PM Revision e63ca285: Revert "Set dhcp-cache-threshold to 0 to avoid a bug in dhcpd 4.3.x where it omits client-hostname where the cache threshold is reached. Ticket #6589": Reverted after upgrade dhcpd server to 4.3.5
This reverts commit 9dacff7f1b2b89ebebc1e9456d642e0657bb89cc. Renato Botelho
04:51 PM Revision 94e0e0de: Revert "Apply the fix for ticket #6589 also into dhcpdv6 config": Reverted after upgrade dhcpd server to 4.3.5
This reverts commit 776692947bda5c867c7f5e60550c3a508760c251. Renato Botelho
04:50 PM Revision 1bd7d5e5: Revert "Apply the fix for ticket #6589 also into dhcpdv6 config": Reverted after upgrade dhcpd server to 4.3.5
This reverts commit 20350989db5d66ffb827beaed5ef5738cd62fc9d. Renato Botelho
04:50 PM Revision 06b91f60: Revert "Set dhcp-cache-threshold to 0 to avoid a bug in dhcpd 4.3.x where it omits client-hostname where the cache threshold is reached. Ticket #6589": Removed after upgrade dhcpd server to 4.3.5
This reverts commit 318e0383829daac934424879ccfce09395e80025. Renato Botelho
04:08 PM pfSense Packages Bug #6939: HAproxy - backend server list broken with recent 2.3.3 snapshots: I'll take care of it Anonymous
03:44 PM pfSense Packages Bug #6939: HAproxy - backend server list broken with recent 2.3.3 snapshots: I'm not one of those bootstrap guys. :/ Perhaps @sbeaver could help. As for excessively wide dropdowns, perhaps this ... Kill Bill
03:17 PM pfSense Packages Bug #6939: HAproxy - backend server list broken with recent 2.3.3 snapshots: Yah shortening the field lengths would likely help.. but how to do that in a bootstrapped kinda way.?. Pi Ba
02:59 PM pfSense Packages Bug #6939: HAproxy - backend server list broken with recent 2.3.3 snapshots: Not sure either, the "port" field could definitely be shrunk quite a bit, for starters, though that'd only mitigate t... Kill Bill
02:36 PM pfSense Packages Bug #6939: HAproxy - backend server list broken with recent 2.3.3 snapshots: There used to be a scrollbar.. Thats hidden now by this fix: https://redmine.pfsense.org/issues/6895
Reverting htt... Pi Ba
02:30 PM Bug #6850: FreeBSD 11.0 Route Syntax Change For Non-Local Gateway: Still seeing some issues, if I edit anything with the local-gateway even just the description and click apply changes... Ken Sim
02:10 PM Bug #6850 (Feedback): FreeBSD 11.0 Route Syntax Change For Non-Local Gateway: Ken Sim wrote:
> Still seeing system lockup on 2.4.0-BETA when dealing with non-local gateways.
I've tried to rep... Renato Botelho
02:14 PM Feature #6832 (Resolved): [PATCH] Add the USB ID for the Sierra MC7430: Already added Renato Botelho
02:13 PM Bug #6782: pkg update can trigger multiple updates per second: I believe the responsible for so many queries is System Information Widget, that checks for upgrades every time it sh... Renato Botelho
12:41 PM Bug #6658: DHCP Relay not working on 2.3.2: Yay!!! Will only be able to test after this weekend; going to post feedback here. Thanks. Kill Bill
10:47 AM Bug #6658 (Feedback): DHCP Relay not working on 2.3.2: Patch removed and package updated to 4.3.5 on pfSense 2.3.3 and 2.4.0 Renato Botelho
10:47 AM Bug #6840 (Feedback): Upgrade ISC dhcpd to 4.3.5 to address missing hostname workaround: Done for 2.3.3 and 2.4.0 Renato Botelho
10:32 AM Todo #6894 (Resolved): Improvements and fixes on 2.4 installer: Labels are working, GPT was the default, ZFS is working (See #6929). This looks good to me. Closing. Jim Pingle
07:14 AM Todo #6894 (Feedback): Improvements and fixes on 2.4 installer: - GPT is now default
- Labels are being used on fstab
- ZFS installation is working as expected Renato Botelho
10:23 AM Bug #6943 (Feedback): Textdumps are not working on 2.4 (No DDB): option DDB added to pfSense kernel Renato Botelho
09:10 AM Bug #6943 (Resolved): Textdumps are not working on 2.4 (No DDB): The amd64 kernel in 2.4 does not contain "options DDB" so textdumps are not working. It does have "options KDB", but ... Jim Pingle
07:50 AM Bug #6942 (Duplicate): Traffic Graph displays wrong local FQDN: It will only show what it finds in DNS, which is what it gets from DHCP static mappings, leases, host overrides, and ... Jim Pingle
06:18 AM Bug #6942 (Duplicate): Traffic Graph displays wrong local FQDN: In a configuration with several networks and different local domain names for each network where hosts get their name... Juerg Reimann
07:18 AM Bug #6877: nsCertType "Server" property of a certificate is not detected if additional nsCertType flags are also set: And in the same spirit, https://github.com/pfsense/pfsense/pull/3234 Bruno Grossmann
07:16 AM Todo #5368 (Feedback): Review /etc/ttys for serial console: Done during 2.4 alpha Renato Botelho

11/17/2016

09:21 PM Bug #6941 (Rejected): VLAN interface does not work unless parent/or vlan interface are in promiscious mode: That would be a limit of your specific NIC chip and/or driver. If it's possible to be fixed at all, it would have to ... Jim Pingle
04:48 PM Bug #6941 (Rejected): VLAN interface does not work unless parent/or vlan interface are in promiscious mode: Hi,
I have a pfsense box with two physical interfaces re0/re1.
My setup is two vlan interfaces defined re0_102 ... Thomas Nilsen
08:23 PM Revision 0641b626: Fixed #6931: Steve Beaver
08:22 PM Revision d3cb20ce: Fixed #6931: Steve Beaver
06:07 PM Bug #4689: Panic/Crash "sbflush_internal: cc 4294967166 || mb 0 || mbcnt 0": I am getting this symptom (crashs) on v2.3.2, multiple times a day:... Claude Duvergier
02:34 PM pfSense Packages Feature #6831: Snort does not support aliases containing FQDN: Reading this would help to understand why it's not supported.
https://forum.pfsense.org/index.php?topic=87211.msg514... Kill Bill
02:30 PM Bug #6931: Status > Filter Reload page is confusingly worded: Applied in changeset commit:d3cb20cef80a084f162495b5698190405df7a1dd. Anonymous
02:24 PM Bug #6931 (Feedback): Status > Filter Reload page is confusingly worded: Page un-uglyfied as requested Anonymous
01:22 PM Revision 09d22384: Merge pull request #3233 from doktornotor/patch-2: Jim Pingle
12:55 PM pfSense Packages Bug #6939: HAproxy - backend server list broken with recent 2.3.3 snapshots: P.S. Cannot make the window any wider, it's already fullscreen on a full HD monitor, not even F11 helps. :-D Kill Bill
12:54 PM pfSense Packages Bug #6939: HAproxy - backend server list broken with recent 2.3.3 snapshots: That's the same image I'm running, so it's most likely a problem with the package in general. It's possible there was... Jim Pingle
12:51 PM pfSense Packages Bug #6939: HAproxy - backend server list broken with recent 2.3.3 snapshots: Well, not sure what's current. The box has been upgraded about ~2 hours ago. ... Kill Bill
12:46 PM pfSense Packages Bug #6939: HAproxy - backend server list broken with recent 2.3.3 snapshots: Is this still the same on a current snapshot? Is it the same if you force a page reload to clear the cache? Make the ... Jim Pingle
12:29 PM pfSense Packages Bug #6939 (Resolved): HAproxy - backend server list broken with recent 2.3.3 snapshots: This definitely used to work, however it got badly broken recently. The SSL checkbox and weight fields are completely... Kill Bill
12:51 PM Bug #6940 (Duplicate): OpenVPN management socket not listening after bootup / cannot restart the service.: OpenVPN management socket not listening after bootup
The dashboard shows the following: "Unable to contact daemon ... Pi Ba
12:38 PM Bug #6760: Editing WAN bridge interface breaks routing until reboot: Jim Pingle wrote:
> One thing I did notice in your original description is that the network config is invalid. You c... Kill Bill
11:47 AM Revision 2f7c76cf: Put original match back: Did not mean to remove SSL substring from the check... Doktor Notor
11:36 AM Revision 0db9846a: Fix nsCertType matching for some certificates (Bug #6877): See https://redmine.pfsense.org/issues/6877#note-4 Doktor Notor
08:51 AM Bug #6919 (Resolved): Filter logs are broken, log has incomplete/invalid data: Looks good, filter log contains the expected entries now. Jim Pingle
08:42 AM Bug #6901 (Resolved): services_unbound_host_edit.php: "Delete" button should be suppressed if < 2 host aliases listed: We determined this page was OK because it's acceptable for a host override to have zero aliases. Without the button t... Jim Pingle
08:34 AM Feature #809 (Resolved): Config sync username change: Works, can XMLRPC sync so long as the user has the "System - HA node sync" privilege. Jim Pingle
08:17 AM Bug #5319: Error message "No config named" in charon daemon: I can confirm this one too. 2.3.2 in use.... Fabian Melters
07:30 AM Bug #6877 (Resolved): nsCertType "Server" property of a certificate is not detected if additional nsCertType flags are also set: Looks good, thanks for testing!
Jim Pingle
07:27 AM Bug #6877: nsCertType "Server" property of a certificate is not detected if additional nsCertType flags are also set: Works ;)
!https://s15.postimg.org/w34bhj9az/Cert_Manager_Screenshot_Fixed.png! Kill Bill
07:23 AM Bug #6877 (Feedback): nsCertType "Server" property of a certificate is not detected if additional nsCertType flags are also set: Merged PR Jim Pingle
07:10 AM Bug #6877 (Assigned): nsCertType "Server" property of a certificate is not detected if additional nsCertType flags are also set: I don't think I've ever seen one with both set, and practically there is rarely if ever a reason to do so. It's worth... Jim Pingle
05:37 AM Bug #6877: nsCertType "Server" property of a certificate is not detected if additional nsCertType flags are also set: Yeah, this cannot work... Kill Bill
04:38 AM Bug #6877: nsCertType "Server" property of a certificate is not detected if additional nsCertType flags are also set: Well, this does not work properly even with the nsCertType set. Example:... Kill Bill
05:23 AM Bug #6934 (Resolved): /usr/bin/install missing from new 2.4 installations: Renato Botelho
01:18 AM Bug #6934: /usr/bin/install missing from new 2.4 installations: I just did a fresh install with the 11/16/16 build. I was able to restore my configuration and all packages installe... Chad Wagner

11/16/2016

11:29 PM Revision 8cab3470: Revise host and domain sorting so that the index is not lost: Steve Beaver
11:28 PM Revision 589634a9: Revise host and domain sorting so that the index is not lost: Steve Beaver
09:48 PM Bug #6938: DNS with OpenVPN gateway specified is routed through wrong interface. 2.4 regression.: I've been trying to identify if the same issue exists when setting a DNS entry with a normal WAN gateway (with static... Gavin Stewart
07:39 PM Bug #6938 (Duplicate): DNS with OpenVPN gateway specified is routed through wrong interface. 2.4 regression.: System -> General Setup -> DNS Server Settings
Setting a DNS with an OpenVPN client gateway (dynamic IP address) is ... Gavin Stewart
09:11 PM Revision 4c17e45f: Added addrtolower() function to allow IPv6 addresses to be converted to lower case while preserving aliases or other text: Steve Beaver
09:10 PM Revision f3997278: Added addrtolower() function to allow IPv6 addresses to be converted to lower case while preserving aliases or other text: Steve Beaver
07:22 PM Bug #6936: OpenVPN client boot race causes intermittent dependent rule failure.: I have now verified that this is reproducible on 2.4 nightly 20161116-0701. Gavin Stewart
06:44 AM Bug #6936: OpenVPN client boot race causes intermittent dependent rule failure.: Moving the start of OpenVPN will undoubtedly have other unintended consequences. What is likely happening here is tha... Jim Pingle
06:37 AM Bug #6936: OpenVPN client boot race causes intermittent dependent rule failure.: Yes. Gavin Stewart
06:33 AM Bug #6936: OpenVPN client boot race causes intermittent dependent rule failure.: Do you have System > Advanced, Misc, "Do not create rules when gateway is down" set? Jim Pingle
03:54 AM Bug #6936: OpenVPN client boot race causes intermittent dependent rule failure.: Please note that Status -> Filter Reload also works to properly initialise the rule after boot (as an alternative to ... Gavin Stewart
01:19 AM Bug #6936 (Closed): OpenVPN client boot race causes intermittent dependent rule failure.: *Summary*:
A race condition starting OpenVPN client at boot (rc.bootup) is causing a firewall rule (that is dependen... Gavin Stewart
07:17 PM Revision 8f6cd075: Make sure pkg repo config files are not included in base tarball: Renato Botelho
04:06 PM Bug #6925: System Update Failed: I've already taken everyone off the network, but I can not update only timeout.
((>>> Updating repositories meta... Edson Bueno
02:58 PM Revision cd618e85: Be more verbose when creating distribution tarball: Renato Botelho
02:16 PM Revision 22e3574d: Revert "Fix #6864 automatically convert IPv6 input to lowercase": This reverts commit d461ff40e364fc0ecc003b9f673cbad7c6a08f2f.
(cherry picked from commit 75bc87fe10f30f49a09218820f7... Luiz Souza
02:16 PM Revision ba814883: Revert "Fix #6918 Allow aliases with capital letters in rules": This reverts commit 9444a281f051e11d5456cc37b2a3f56fc8a7bc33.
(cherry picked from commit 9128641db5c9b6839163948f3f7... Luiz Souza
12:55 PM Revision 574866f1: Change the way to initialize PKG_REPO_SIGNING_COMMAND to make it possible to set it to empty string on build.conf: Renato Botelho
09:15 AM Revision c0ac85e7: There is no ./install to be excluded in 2.4. It fixes #6934: Renato Botelho
08:47 AM Bug #6937 (Confirmed): Inbound traffic on enc0 is not creating a state with mobile IPsec: Jim Pingle
08:47 AM Bug #6937 (Resolved): Inbound traffic on enc0 is not creating a state with mobile IPsec: Traffic entering enc0 on 2.4 is not creating a state, thus TCP traffic will not pass. ICMP works as the return traffi... Jim Pingle
06:45 AM Bug #6913 (Resolved): install on Hyper-v R2: Jim Pingle
06:15 AM Bug #6935 (Duplicate): Rule (which contains a pfBlockerNG URL-Alias) cannot be saved: Jim Pingle
03:37 AM Bug #6935: Rule (which contains a pfBlockerNG URL-Alias) cannot be saved: Kill Bill wrote:
> Duplicate of Bug #6918
Ups, sorry Andreas Strub
03:06 AM Bug #6935: Rule (which contains a pfBlockerNG URL-Alias) cannot be saved: Duplicate of Bug #6918 Kill Bill
01:06 AM Bug #6935 (Duplicate): Rule (which contains a pfBlockerNG URL-Alias) cannot be saved: I cannot create or edit a Rule which contains a pfBlockerNG (URL-)Alias. The name of the Alias will automatically con... Andreas Strub
03:50 AM Revision 75bc87fe: Revert "Fix #6864 automatically convert IPv6 input to lowercase": This reverts commit d461ff40e364fc0ecc003b9f673cbad7c6a08f2f. Luiz Souza
03:45 AM Revision 9128641d: Revert "Fix #6918 Allow aliases with capital letters in rules": This reverts commit 9444a281f051e11d5456cc37b2a3f56fc8a7bc33. Luiz Souza
03:20 AM Bug #6934 (Feedback): /usr/bin/install missing from new 2.4 installations: Applied in changeset commit:c0ac85e7408bd34beac586b25a57901dc2c5c885. Renato Botelho

11/15/2016

11:44 PM Bug #6913: install on Hyper-v R2: Yes, it works.
Thank you. Dmitry Ivanov
10:44 PM Bug #6913 (Feedback): install on Hyper-v R2: There were fixes put in today for ZFS and it might have affected other things you're seeing. Try it again on a new sn... Jim Pingle
11:15 PM Bug #6911: no network on hyperv-v 2012 R1: I don't have anything capable of running Hyper-V on Windows Server (R1 or R2) nearby so I can't easily confirm the is... Jim Pingle
10:20 PM Bug #5383: CODELQ Traffic Shaper Causes Panic and Reboot During Speed Test: I just experienced this apparently same crash on 2.4 while running the DSLReports Speedtest. The system crashed afte... Chad Wagner
10:02 PM Bug #6918: Javascript Lowercase for IPv6 addresses prevents use of aliases with capital letters: I reverted all these changes until the proper solution is committed.
The 'real' solution here is convert the IPv6 ... Luiz Souza
05:44 PM Bug #6918 (New): Javascript Lowercase for IPv6 addresses prevents use of aliases with capital letters: There are more related pending PRs that may help, but I was talking to sbeaver earlier and he had some ideas on how i... Jim Pingle
05:30 PM Bug #6918: Javascript Lowercase for IPv6 addresses prevents use of aliases with capital letters: I'm sorry but this is *still* broken. I go to Firewall - NAT - Port Forward, there's a rule with an alias called "RAS... Kill Bill
09:40 PM Bug #6919 (Feedback): Filter logs are broken, log has incomplete/invalid data: Should be fixed in filterlog-0.1_5. Luiz Souza
05:41 PM Bug #6925: System Update Failed: Nah, Nepal is innocent -- the mirrors have been slow like molasses for some two days or so... Kill Bill
05:34 PM Bug #6925: System Update Failed: I am also getting this the last day or so. I thought it was related to moving back to Nepal and having slower internet. Phillip Davis
01:25 PM Bug #6925 (Feedback): System Update Failed: Jim Thompson
11:45 AM Revision ff3d11c8: DHCPv6 ddnsdomainprimary must currently be IPv4: This field is currently validated to allow only an IPv4 address to be entered, so it may as well be consistent client... Phil Davis
11:40 AM Bug #6929 (Resolved): Choosing ZFS during install results in a system that cannot mount root: ZFS now works on CE and Factory snapshots, thanks!
Jim Pingle
09:37 AM Bug #6929 (Feedback): Choosing ZFS during install results in a system that cannot mount root: Pushed a fix, please try next round of snapshots Renato Botelho
11:35 AM Revision 7164c563: services_dhcp_edit add extra IPv4 validation: a) Validate that ipaddr must be IPv4 (note if you enter an IPv6 address, it will fail other later tests of being in t... Phil Davis
10:34 AM Revision 41fc88ec: Specify the IP address family in interfaces.php: Where it is known what sort of IP address is required, we can specify it in the call to Form_IpAddress. That will mak... Phil Davis
10:13 AM Bug #6934 (Resolved): /usr/bin/install missing from new 2.4 installations: Same as #6643 but it's happening again on 2.4 now.
/usr/bin/install is missing from a fresh install, updating to a... Jim Pingle
08:26 AM Bug #6933 (Duplicate): Wrong IPv6 address is served over DNS when static mapping is used with Track6 interface: Duplicate of #6768 Jim Pingle
08:07 AM Bug #6933 (Duplicate): Wrong IPv6 address is served over DNS when static mapping is used with Track6 interface: I have a router with pfSense 2.3.2 that has several LAN interfaces, each set to Track6 mode to assign IPv6 addresses ... Anonymous
07:20 AM Bug #6927: 1 to 1 NAT allows entry of mixed IP addresses: 1:1 NAT does work for IPv6. It's similar to NPt, but for a single address -- NPt is really just a slightly different ... Jim Pingle
04:07 AM Bug #6927: 1 to 1 NAT allows entry of mixed IP addresses: At the moment it allows entry of IPv6 addresses. Is that correct? Is the 1:1 NAT feature supposed to work fine with I... Phillip Davis

11/14/2016

11:00 PM Revision bf2c7206: Fix #6918 Allow aliases with capital letters in rules: Expand the types of Form_IpAddress so that the caller can specify
exactly what combination of IPv4, IPv6 address and ... Phil Davis
11:00 PM Revision 8100374e: Fix #6918 Allow aliases with capital letters in rules: Expand the types of Form_IpAddress so that the caller can specify
exactly what combination of IPv4, IPv6 address and ... Phil Davis
10:59 PM Revision f9dcc114: Merge pull request #3225 from phil-davis/form_ipaddress: Jim Pingle
10:14 PM Bug #6932 (Not a Bug): MLPPP: Please open a forum thread for discussion and diagnosis before opening a bug report. It does work for some people, an... Jim Pingle
10:11 PM Bug #6932 (Not a Bug): MLPPP: This feature has been broken for a very long time. I have tested with x64 and x86 and different hardware with no luck... Matt Crook
06:11 PM Bug #6931 (Resolved): Status > Filter Reload page is confusingly worded: The way the Filter Reload page is displayed implies that the filter rules are loaded by simply visiting the page.
... Steve Wheeler
05:32 PM Bug #6812: IPsec filterdns crash: OK these issues have surfaces again this morning. Truth be told, I have no idea what's Ipsec and as far as I know, I... Anonymous
05:10 PM Bug #6918: Javascript Lowercase for IPv6 addresses prevents use of aliases with capital letters: Applied in changeset commit:9444a281f051e11d5456cc37b2a3f56fc8a7bc33. Phillip Davis
05:01 PM Bug #6918 (Feedback): Javascript Lowercase for IPv6 addresses prevents use of aliases with capital letters: The PR looks good, appears to do the proper thing in each case. I just merged it in. Jim Pingle
03:28 PM pfSense Packages Feature #6651: Loopback interfaces: Loopback interfaces are a cisco best practice for GRE/IPSec tunnels. I would use them for site-to-site IPSec as an in... Tom Poole
11:50 AM Bug #6930 (Resolved): DHCP server should be disabled for /31 and /32: Related forum thread: https://forum.pfsense.org/index.php?topic=121105.0
Basically
- disable the enable DHCP serv... Kill Bill
11:49 AM Bug #6929 (Resolved): Choosing ZFS during install results in a system that cannot mount root: Choosing the ZFS option results in a system that starts to boot, but cannot mount the root slice because it doesn't k... Jim Pingle
12:43 AM Bug #6911: no network on hyperv-v 2012 R1: the problem appears to be fixed in FreeBSD 11.0- *STABLE* Dmitry Ivanov

11/13/2016

11:13 PM pfSense Packages Bug #6928: freeRADIUS, logging with "Access-Reject" not work in mysql table radpostauth: for change it - needed uncomment this:
/usr/local/etc/raddb/sites-enabled/default
section post-auth
variable sql
... Konstantin Ab
09:47 PM pfSense Packages Bug #6928 (Resolved): freeRADIUS, logging with "Access-Reject" not work in mysql table radpostauth: The table(radpostauth) is recorded only events "Access-Accept".
in the table(radpostauth) needed events "Acces-Reje... Konstantin Ab
10:01 PM Bug #6913: install on Hyper-v R2: 11-stable have fixed this issue Dmitry Ivanov
07:47 AM Bug #6913: install on Hyper-v R2: Bug 212721 - FreeBSD 11.0-RC2/RC3/RELEASE fails on Hyper-V 2012r2
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id... Dmitry Ivanov
06:17 PM Revision 9444a281: Fix #6918 Allow aliases with capital letters in rules: Expand the types of Form_IpAddress so that the caller can specify
exactly what combination of IPv4, IPv6 address and ... Phil Davis
05:49 PM Revision 38ce4a18: Keep the rule type selection after input errors on firewall rule: If the user:
a) Edit a firewall rule
b) Select "single host or alias"
c) Enter an invalid IP address that is not an a... Phil Davis
01:12 PM Bug #6925: System Update Failed: "Operation timed out" => when download fails, you cannot upgrade. Kill Bill
10:41 AM Bug #6925 (Resolved): System Update Failed: >>> Updating repositories metadata...
Updating pfSense-core repository catalogue...
pfSense-core repository is up-... Edson Bueno
01:07 PM Bug #6927 (Resolved): 1 to 1 NAT allows entry of mixed IP addresses: When adding a 1:1 NAT entry it is possible to enter a mix of IPv4 and IPv6 addresses in the various External Internal... Phillip Davis
12:19 PM Bug #6918: Javascript Lowercase for IPv6 addresses prevents use of aliases with capital letters: See pull request https://github.com/pfsense/pfsense/pull/3225 for a suggested fix. Phillip Davis
11:05 AM Bug #6918: Javascript Lowercase for IPv6 addresses prevents use of aliases with capital letters: Yes. Confirmed on:
2.3.3-DEVELOPMENT (amd64)
built on Fri Nov 11 16:36:08 CST 2016
FreeBSD 10.3-RELEASE-p12
... Andrew -
12:17 PM Bug #6926 (New): Miniupnp advertising expired IPv6 address: Version 2.3.2_1
With WAN set to DHCP6 and LAN set to track interface, the miniupnp service does not get notified i... Leland Roach
07:39 AM Bug #6924 (Not a Bug): Configure third interface by gui.: It's possible something being configured on the previous one made it appear that it failed (e.g. states got reset). I... Jim Pingle
12:52 AM Bug #6924: Configure third interface by gui.: I added a new network card and I set up ipv4 and saved it and it was just spinning. Now I added another set and it wa... Edson Bueno
05:55 AM pfSense Packages Bug #3343: (re)starting freeradius service throws "The command '/usr/local/etc/rc.d/radiusd.sh stop' returned exit code '1', the output was 'radiusd not running?'": The problem is, that pfSense restarts the packages it self and also calls the restart method of freeradius itself.
... Chris Becker
04:50 AM Bug #6911: no network on hyperv-v 2012 R1: Bug 213618 - When running as a Hyper-V Guest, FreeBSD 11 networking does not work
https://bugs.freebsd.org/bugzilla... Dmitry Ivanov

11/12/2016

10:13 PM Revision 360f3a90: add All-Inkl to services.class: Christoph Filnkößl
10:09 PM Revision 575b1dcf: add All-Inkl to dyndns.class: Christoph Filnkößl
09:00 PM Bug #6923 (Not a Bug): install pfSense-pkg-nrpe-2.3.1_1.txz: I can't duplicate this here on a current snapshot. The package installs fine.
Make sure you are on a completely up... Jim Pingle
12:06 PM Bug #6923 (Not a Bug): install pfSense-pkg-nrpe-2.3.1_1.txz: Fetching pfSense-pkg-nrpe-2.3.1_1.txz: . done
Fetching nrpe-ssl-2.15_6.txz: ... done
Fetching nagios-plugins-2.1.3,... Edson Bueno
08:21 PM Bug #6924 (Feedback): Configure third interface by gui.: Can you explain in more detail about exactly what you are doing that is failing?
I am able to assign an interface ... Jim Pingle
12:57 PM Bug #6924 (Not a Bug): Configure third interface by gui.: Configures all standard parameters prompts to save. But it just keeps rolling.
But by option 2 (Set interface (s) IP... Edson Bueno
02:54 AM Bug #6922 (Resolved): Dynamic DNS widget broken with Custom v6 entries: Self-explanatory:
!https://s16.postimg.org/9l1y6nq6t/Screenshot1.png!
!https://s16.postimg.org/t46jg0oyd/Screensh... Kill Bill

11/11/2016

11:22 PM Bug #6921 (Not a Bug): Poor speed with Chelsio T420-CR: I have a Chelsio T420-CR 10gbe NIC in a Supermicro A1SRi-2758f based pfsense router. I get poor speed (~1.2gbps) test... Rajil Saraswat
10:00 PM Bug #6688 (Resolved): Special characters in a password cause problems: Base64 encoding works fine here. Jim Pingle
09:59 PM Feature #5985 (Resolved): ntp pool command: Tested on a few systems, works fine. Jim Pingle
03:30 PM Feature #5985 (Feedback): ntp pool command: Applied in changeset commit:fbb652ed28641c50b14b9897a914ed317c323d73. Jim Pingle
09:59 PM Feature #6639 (Resolved): Utilize nextboot to control the behavior of the next firewall reboot: Tested on a few systems, works fine. Jim Pingle
02:30 PM Feature #6639 (Feedback): Utilize nextboot to control the behavior of the next firewall reboot: Applied in changeset commit:92a78939583e2be7f7cc52d045bc48a2e2264d1d. Jim Pingle
09:50 PM Bug #6920 (Resolved): Upgrading to 2.4 with a stale package .inc file can prevent the system from fully booting after upgrade: I upgraded a 2.3 VM that had recently had FreeRADIUS installed, but removed. The old freeradius.inc was somehow left ... Jim Pingle
09:24 PM Revision fbb652ed: Use the ntpd "pool" command for more robust timekeeping. Attempting to automatically determine if we are using a pool, and allow it to be set optionally otherwise. Implements #5985: Jim Pingle
08:48 PM Bug #6919 (Resolved): Filter logs are broken, log has incomplete/invalid data: The filter logs contain information but not enough data:... Jim Pingle
08:22 PM Revision 92a78939: Add options to console menu reboot selection to reboot into single user mode and to reboot and force a filesystem check. Implements #6639: Jim Pingle
06:45 PM Revision 2909468c: Revert change to row delete button: Steve Beaver
06:44 PM Revision 464a540a: Revert change to row delete button: Steve Beaver
06:39 PM Revision 0a0c6db0: Revert "Suppress delete button if only one row": This reverts commit 13be068fe5e1377d1d5649efe0f860ba5c34ba90. Steve Beaver
06:38 PM Revision b9c0d66d: Revert "Suppress delete button if only one row": This reverts commit 75ac7cab1dfb3e8148a27a13369bbb08219e8c3a. Steve Beaver
04:37 PM Revision 13be068f: Suppress delete button if only one row: Steve Beaver
04:37 PM Revision 75ac7cab: Suppress delete button if only one row: Steve Beaver
04:12 PM Revision af3bf919: Fixed #6916: Steve Beaver
04:11 PM Revision 38fe6f07: Fixed #6916: Steve Beaver
02:01 PM Revision 6a365a4c: LAN IP validation logic: Jonathon Anderson
01:47 PM Revision c6575378: Revert "Fixed #6811": This reverts commit f92d44da5a4958372c7fb925043abc34588143e3. Steve Beaver
01:40 PM Revision aa66a125: Revert "Fixed #6811": This reverts commit f92d44da5a4958372c7fb925043abc34588143e3. Steve Beaver
12:34 PM Bug #6898 (Resolved): Suggestion: reword "VPN > IPsec > Tunnels > Edit Phase 1" "Key Exchange version" popup contents: Looks good. Jim Pingle
12:23 PM Bug #6872 (Resolved): Captive Portal per user bandwidth field no longer accepts 0.: Text is correct now. Jim Pingle
12:22 PM Bug #6864 (New): Error checking rejects IPv6 addresses with upper case A-F.: Jim Pingle
12:22 PM Bug #6864: Error checking rejects IPv6 addresses with upper case A-F.: This appears to have broken the use of Aliases that have names using capital letters. See #6918 Jim Pingle
12:20 PM Bug #6830 (Resolved): Chelsio T4/T5 CXGBE drivers not loaded as ALTq capable in the PfSense UI: It's in the list now for snapshots. Jim Pingle
12:19 PM Bug #6828 (Resolved): Patch for "route change" is not present on 2.4 builds using FreeBSD 11: Routing has been fine on 2.4 in every scenario I've tried so far. Jim Pingle
12:18 PM Bug #6633 (Resolved): redirect-gateway duplicated in client specific overrides: Fixed, only one entry is present in the override file now. Jim Pingle
12:16 PM Bug #6628 (Resolved): extensions.ini can end up missing required items: New extension loading method is working well. Jim Pingle
12:15 PM Bug #6549 (Resolved): fstab is missing post-install: I've run through several installs lately and this is definitely OK now. Jim Pingle
11:00 AM Feature #2766: status_openvpn.php needs IPv6 support: Still missing in OpenVPN 2.3.12 Jim Pingle
10:43 AM Bug #6918 (Closed): Javascript Lowercase for IPv6 addresses prevents use of aliases with capital letters: If you have an alias, say "Blah", and try to enter it in a field on a firewall rule, it is automatically translated t... Jim Pingle
10:21 AM Bug #6893 (Resolved): Configuration XML is inconsistent with self closing tags: Anonymous
10:20 AM Bug #6916: interfaces_vlan.php: Clicking on "Cancel" deletes VLAN: Applied in changeset commit:38fe6f07922c8ee6bde81ba1f07ab6ffe380f12b. Anonymous
10:14 AM Bug #6916 (Feedback): interfaces_vlan.php: Clicking on "Cancel" deletes VLAN: Automatic confirmation suppressed and manual confirm substituted. Anonymous
08:59 AM Bug #6916 (Resolved): interfaces_vlan.php: Clicking on "Cancel" deletes VLAN: Just another small bug from VLAN delete confirmation dialog (see Bug #5541). If one clicks on trash icon, the delete ... Luzemario Dantas
09:51 AM Feature #6917: Add ability to choose from what IP/IFACE you search for updates: The update check always has to leave the interface with the default gateway, as any traffic originating from the fire... Jim Pingle
09:40 AM Feature #6917 (New): Add ability to choose from what IP/IFACE you search for updates: Hi guys,
Please add an option to allow the user to choose from what IP or interface the request for updates is out... Luzemario Dantas
07:48 AM Bug #6905 (Resolved): XMLRPC Loop detection broken, secondary refuses to accept sync data: Works in snapshots that include the fix Jim Pingle
07:46 AM pfSense Packages Feature #6859 (Resolved): have an includedir by default (sudo package): Works Jim Pingle
07:27 AM pfSense Packages Bug #6900 (Resolved): OpenVPN + OTP auth failure: Works Jim Pingle
07:01 AM pfSense Packages Bug #5868 (Resolved): Quagga OSPF Priority value "0" (zero) is being ignored - DR election doesnt work properly.: Feedback from a customer who was hitting this confirmed it's now working. Jim Pingle
07:01 AM pfSense Packages Bug #6797 (Resolved): Shared Key Export - just one server in list: Works Jim Pingle
07:00 AM Feature #3410 (Resolved): Patch: Add Apple Open Directory memberUid support in group lookup: Closing for lack of feedback. Jim Pingle
06:59 AM Bug #4820 (Resolved): DHCP Scope at setup: Works Jim Pingle
06:55 AM Todo #2480 (Closed): Add checkbox to OpenVPN client/server to exlcude VPN server from (pushed) routes: It's been 4 years and this hasn't come up again. If someone needs it, they can add these options manually. Jim Pingle
05:50 AM Bug #6895 (Resolved): Moving rules does not scroll: Anonymous
03:27 AM Bug #6658: DHCP Relay not working on 2.3.2: Can this pretty please finally get the disastrous patch reverted? Not only it did not fix what it was supposed to fix... Kill Bill
03:08 AM pfSense Packages Bug #6736: Snort fails to start after upgrade to 2.3.2-RELEASE: Get the same issue when updateing from pfSense 2.3.1_5 to 2.3.2_1
In my logs when SNORT tries to start I also get:... Diggory Gray
02:09 AM Bug #6915 (Resolved): unbound logging not working after reboot or "Reset log files": After "reboot the machine" or "Status => System Logs => Settings" => "Reset log files" then unbound logs are not s... idris budak

11/10/2016

11:07 PM Feature #6914 (Resolved): unbound access-control lists: Hello! In
Services -> DNS Resolver -> Access Lists -> Add -> Actions
we have only 4 options "Deny", "Refuse", "Allo... Vladimir Tiukhtin
04:04 PM Bug #6099: igmpproxy does not recognize upstream interface: That's interesting. But unfortunately this is not the case for my system. Swisscom transmits everything on vlan10 and... Philipp Haefelfinger
02:49 PM Revision 3ad0f9b6: Update setup_wizard.xml: Jonathon Anderson
01:30 PM Bug #6906: Issues with /tmp and /var in RAM on 2.4: The prompt when booting appears to be due to the fact that /var was not cleaned out when switching to RAM disk, and t... Jim Pingle
12:32 PM Bug #6913 (Resolved): install on Hyper-v R2: can't install 2.4 on Hyper-V 2012 R2
fix... Dmitry Ivanov
12:27 PM pfSense Packages Bug #4608: squidGuard & pfsense RAM disk compatible: Better fix is in now, see #6878 Jim Pingle
12:27 PM pfSense Packages Bug #6279 (Rejected): squidguard blacklist update not working after initial update: Works here, must be something local or site-specific. Jim Pingle
12:23 PM pfSense Packages Bug #6878: how to use snort, squid and squid_guard with a ram disk: Each of these changes was made on 2.4 only, as some assumptions were made that could conflict in some cases (e.g. Nan... Jim Pingle
12:23 PM pfSense Packages Bug #6878 (Feedback): how to use snort, squid and squid_guard with a ram disk: I pushed a change to teach squidGuard to keep its databases in a persistent directory when /var is in RAM. The files ... Jim Pingle
11:10 AM pfSense Packages Bug #6878: how to use snort, squid and squid_guard with a ram disk: Pushed a change for squid to teach clamav to keep its DB in a persistent location if /var is a RAM disk. It doesn't c... Jim Pingle
12:23 PM Bug #6912 (Closed): install on Hyper-v R2: can't install 2.4 on Hyper-v R2 (all updates installed)
fix:... Dmitry Ivanov
11:17 AM Bug #6910: Pre-fill 'interface' field when creating firewall rule on interface -> efficiency: But the details you mention are not solved by this suggestion. The interface is already filled/selected when you crea... Jim Pingle
11:14 AM Bug #6910: Pre-fill 'interface' field when creating firewall rule on interface -> efficiency: I mean it constructively, btw, not to whine or something. Hollander Hollander
11:08 AM Bug #6910: Pre-fill 'interface' field when creating firewall rule on interface -> efficiency: I'm assuming people want to work efficient.
What is wrong with copying a field into a field to make sure people do... Hollander Hollander
10:08 AM Bug #6910: Pre-fill 'interface' field when creating firewall rule on interface -> efficiency: You're assuming everyone uses it the same way you use it, which isn't the case. Removing functionality to prevent foo... Jim Pingle
10:05 AM Bug #6910: Pre-fill 'interface' field when creating firewall rule on interface -> efficiency: 1. Button: 'copy'
2. Popup: which fields to change (interface);
3. Save = copied with altered values. Hollander Hollander
09:44 AM Bug #6910 (Rejected): Pre-fill 'interface' field when creating firewall rule on interface -> efficiency: Being able to edit the interface allows you to move a rule from one interface to another. (e.g. copy LAN rule, edit L... Jim Pingle
09:05 AM Bug #6910 (Rejected): Pre-fill 'interface' field when creating firewall rule on interface -> efficiency: Now it is possible to create a firewall rule on a vlan tab, and fill in the wrong interface in that rule. Aside from ... Hollander Hollander
11:02 AM Bug #6781 (Resolved): OpenBSD description links are broken in Traffic Shaper: Thanks for the feedback! Jim Pingle
11:00 AM Bug #6781: OpenBSD description links are broken in Traffic Shaper: I think you should mark it as "resolved/closed". Thanks! Vladimir Suhhanov
10:49 AM Bug #6911 (Rejected): no network on hyperv-v 2012 R1: i have installed 2.4 on hyper-v 2012 R1, set ip. no network.. no ping.. have updated drivers, enabled and disabled hw... Dmitry Ivanov
10:03 AM Revision 09cc19c2: Consider the IPv6 checksum options when dealing with "Disable hardware checksum offload".: Ticket #5321
(cherry picked from commit 411d4e6e55475cc66b997ca3e47478dbe10b4e1b) Luiz Souza
10:03 AM Revision 1c9bf396: Fix bug where CARP vip status is incorrent in the interface when more: than one CARP vip is configured for an interface.
(cherry picked from commit 5116a8aa60ad87c0a47aafeca422cc323147ea14) Fredrik Rönnvall
10:03 AM Revision 16bdba73: Remove "use lowercase" hint: As it is no longer relevant, because the code now automatically converts
to lowercase.
(cherry picked from commit 6a... Phil Davis
10:03 AM Revision 3a66c0da: Fix #6864 automatically convert IPv6 input to lowercase: 1) As the user leaves the field, or presses Save, onChange will fire and
convert the input string to lowercase. This ... Phil Davis
10:01 AM Revision ebc4a441: Consider the IPv6 checksum options when dealing with "Disable hardware checksum offload".: Ticket #5321
(cherry picked from commit 411d4e6e55475cc66b997ca3e47478dbe10b4e1b) Luiz Souza
10:01 AM Revision 5ad69855: Fix bug where CARP vip status is incorrent in the interface when more: than one CARP vip is configured for an interface.
(cherry picked from commit 5116a8aa60ad87c0a47aafeca422cc323147ea14) Fredrik Rönnvall
10:01 AM Revision 0cc7eec5: 80 character lines ftw :): Just because it was asked nicely :)
(cherry picked from commit 013110a19b90698cd521fc120b06b7cc37b531e5) Stilez y
10:01 AM Revision 68de92f2: standardise old code ("or" -> "||"): (cherry picked from commit f9416ab2bdaae5ca41e70db1c846ab3419fd0cee) Stilez y
10:01 AM Revision b68edd49: Remove "use lowercase" hint: As it is no longer relevant, because the code now automatically converts
to lowercase.
(cherry picked from commit 6a... Phil Davis
10:01 AM Revision 6df432c3: Fix #6864 automatically convert IPv6 input to lowercase: 1) As the user leaves the field, or presses Save, onChange will fire and
convert the input string to lowercase. This ... Phil Davis
08:48 AM Feature #6909 (Duplicate): Copy FW rules to new interface efficiency: Example: I want to copy ALL FW rules from VLAN100 to VLAN110 at once.
Then, in that copy, or (see previous issue r... Hollander Hollander
08:16 AM Feature #6908 (Resolved): Alias copy, sort, search/replace functions: For example: copy one alias (the content of course) into another alias (like in FW rules), sort alias, filter alias, ... Hollander Hollander
04:08 AM Revision 7798eb1e: Fix a 'divide by zero' bug in traffic_shaper_wizard_multi_all.inc.: Luiz Souza

11/09/2016

11:27 PM Revision 694872ae: Comment typos alphabet: (cherry picked from commit d622a62eb4f3ec8535ead494a863f10bbc409f41) Phil Davis
11:27 PM Revision 2f8f3cb3: Merge pull request #3221 from phil-davis/patch-2: Steve Beaver
11:23 PM Revision d622a62e: Comment typos alphabet: Phil Davis
10:51 PM Bug #6907 (Duplicate): DNS Resolver does not use domain name set in DHCP subnet, only the global one: Ran into this myself & found a relevant forum post here: https://forum.pfsense.org/index.php?topic=119717.0
In sho... Wil Reichert
10:28 PM Bug #6761 (Feedback): Limiter doesn't limit at correct bandwidth: Many bugs were fixed in 2.4.
2.3.2 is very broken with respect to limiters.
Could you try a recent 2.4 snapshot ? Luiz Souza
07:55 PM Revision 0eb2512f: update conditional re:LAN dhcp: Jonathon Anderson
06:05 PM Revision b20a6d67: Fix #6899: (cherry picked from commit c766ac7dd723f6e36980c48b0dd156b492556616) Luka Pavlyuk
06:05 PM Revision 5e105459: Merge pull request #3218 from kernelbug/master: Renato Botelho
06:02 PM Revision abc9b886: ipsec, apply routes also for IP-aliases with carp parents: (cherry picked from commit ee908e93671fddb38f8cca5d3d19a28791934878) Pi Ba
06:02 PM Revision 8d8cd372: Merge pull request #3220 from PiBa-NL/ipsec-routes: Renato Botelho
05:33 PM Revision 6f012614: syslogd, create configured logsocket directories: (cherry picked from commit 4406922edb1000ef79f4fccfb484aa1103105ac0) Pi Ba
05:32 PM Revision b256751e: Merge pull request #3211 from PiBa-NL/syslogd-logsocket: Renato Botelho
04:41 PM Bug #6099: igmpproxy does not recognize upstream interface: Found sth on different site:
[[https://sourceforge.net/p/igmpproxy/bugs/4/#472a]]
So for at least with DE-Telekom ... Chris Becker
03:23 PM pfSense Packages Bug #6878: how to use snort, squid and squid_guard with a ram disk: Fixed the snort directories in commit:ce8fedd
Will look into squidGuard soon. Jim Pingle
02:57 PM Revision 59537908: err() expects a single parameter: Renato Botelho
02:57 PM Bug #6906: Issues with /tmp and /var in RAM on 2.4: Checking deeper, @pkg info@ is empty after switching, which explains why the installed packages showed damaged, but a... Jim Pingle
02:49 PM Bug #6906 (Resolved): Issues with /tmp and /var in RAM on 2.4: I set /tmp and /var to be in RAM on a test box running 2.4 and hit a couple issues:
1. I had two packages installe... Jim Pingle
02:57 PM Revision dcae03a3: Fixed #6903: hosts and domains sorted on display, not on save to config Steve Beaver
02:56 PM Revision 8e7fea67: Fixed #6903: hosts and domains sorted on display, not on save to config Steve Beaver
02:23 PM Feature #6881: services_unbound_host_edit.php: DNS Resolver Add V4 and V6 host override at the same time: In addition any aliases created would have to include both the V4 and V6 addresses. Anonymous
02:06 PM Bug #1813 (Confirmed): Static routes on WAN interfaces overridden by route-to for firewall-initiated traffic: It is still an issue but it can be easily worked around by adding a floating rule to pass outbound to the destination... Jim Pingle
01:57 PM pfSense Packages Bug #6900 (Feedback): OpenVPN + OTP auth failure: The verify script is in @/usr/local/etc/raddb/scripts/otpverify.sh@ on current versions. The FreeRADIUS package code ... Jim Pingle
01:08 PM Revision b8b0fab1: Merge pull request #3215 from PiBa-NL/xmlrpc-loopback: Jim Pingle
12:06 PM Feature #6899 (Feedback): Can't specify PPTP/L2TP gateway as FQDN: Pull request has been merged. Thanks! Renato Botelho
11:01 AM Bug #6769 (Resolved): Crash PacketFilter in bridge mode: I can reproduce this somewhat here on 2.3.2. With a WAN/LAN style bridge, putting @synproxy@ on a TCP rule will event... Jim Pingle
10:03 AM Bug #6760 (Not a Bug): Editing WAN bridge interface breaks routing until reboot: I can't reproduce this here on 2.3.2_1. I can make edits to the bridge and the MAC stays the same and I can still rou... Jim Pingle
09:00 AM Bug #6903: services_dnsmasq_edit.php: Configuration XML hosts section order appears randomized: Applied in changeset commit:8e7fea674a34ab217c9b9821c608639ca45bd281. Anonymous
08:18 AM Bug #6903 (Feedback): services_dnsmasq_edit.php: Configuration XML hosts section order appears randomized: It is certainly not "randomized", but since the two tables may be sorted (by clicking the column headers) the hosts c... Anonymous
08:56 AM Bug #6883 (Resolved): OpenVPN puts subnet on lo0 on FreeBSD 11, breaks in certain cases: The route now appears on the OpenVPN interface as expected, and clients can connect/pass traffic with static addresse... Jim Pingle
07:57 AM Bug #5319: Error message "No config named" in charon daemon: I've just been hit by this as well and like the last comment, restarting ipsec from the cmd line fixes the problem fo... Nick Fisk
07:15 AM Bug #6905: XMLRPC Loop detection broken, secondary refuses to accept sync data: Merge is in commit:b8b0fab1a4ef44758ff7fdd9cbfcc8bab2fe49b9 Jim Pingle
07:08 AM Bug #6905 (Feedback): XMLRPC Loop detection broken, secondary refuses to accept sync data: Merged PR Jim Pingle
07:06 AM Bug #6905 (Resolved): XMLRPC Loop detection broken, secondary refuses to accept sync data: When trying to perform an XMLRPC between two 2.4 HA systems, the secondary won't accept new settings, believing it ha... Jim Pingle
06:26 AM Revision 1267b787: The IPv6 packets are always blocked.: Ticket #6206 Luiz Souza
06:21 AM Revision c603770d: Fix a 'divide by zero' bug on shaper wizard when PRIQ is used and no bandwitdth is entered (the correct setting for a PRIQ scheduler).: Luiz Souza
01:21 AM Bug #6904: PRIQ Queue Priority Limited To 7: Dirty patch attached to thread above, restores old behavior...
Correct way would be to determine parent interface ... ky41083 -

11/08/2016

09:46 PM Bug #6904 (Resolved): PRIQ Queue Priority Limited To 7: Set parent interface to PRIQ. Set child queue priority to anything greater than 7. Receive "Please select a value tha... ky41083 -
09:20 PM Bug #6779 (Resolved): Traffic shaper wizard uses decimals instead of whole numbers: Anonymous
09:18 PM Bug #6779: Traffic shaper wizard uses decimals instead of whole numbers: Looks like fixed. Vladimir Suhhanov
08:38 PM Revision ee908e93: ipsec, apply routes also for IP-aliases with carp parents: Pi Ba
06:53 PM Revision e5f9360f: Fixed #6893: Null configuration settings are now written as <tag></tag> instead of <tag /> for consistency Steve Beaver
06:53 PM Revision da7054b7: Fixed #6893: Null configuration settings are now written as <tag></tag> instead of <tag /> for consistency Steve Beaver
06:07 PM Bug #6903 (Resolved): services_dnsmasq_edit.php: Configuration XML hosts section order appears randomized: Related to #6893 - when I view the diff of the configuration XML after a change to DNS Resolver's Host Overrides sect... Kevin Wojniak
05:08 PM Revision 92db4492: Set root password for installation media: Renato Botelho
04:26 PM Bug #6893: Configuration XML is inconsistent with self closing tags: Awesome, thanks for the quick fix! Kevin Wojniak
01:00 PM Bug #6893: Configuration XML is inconsistent with self closing tags: Applied in changeset commit:da7054b7cf77d9322307c52d8340fb30486ce25e. Anonymous
12:54 PM Bug #6893 (Feedback): Configuration XML is inconsistent with self closing tags: Null configuration settings are now written as <tag></tag> instead of <tag /> for consistency Anonymous
01:06 PM Bug #6883: OpenVPN puts subnet on lo0 on FreeBSD 11, breaks in certain cases: thank you very much!) Dmitry Ivanov
01:02 PM Bug #6883 (Feedback): OpenVPN puts subnet on lo0 on FreeBSD 11, breaks in certain cases: I've imported a patch from OpenVPN development list:
https://github.com/pfsense/FreeBSD-ports/commit/153999c431c59... Renato Botelho
09:46 AM Bug #6902 (Not a Bug): webConfigurator not using new certificate and won't disable SSL: The certificate won't take full effect until the web server is restarted, and restarting the web server from a proces... Jim Pingle
06:00 AM Bug #6902: webConfigurator not using new certificate and won't disable SSL: Bob Hannent wrote:
> Restarting the pfSense box has now locked me out of the UI, neither HTTPS or HTTP work now. Sli... Bob Hannent
05:46 AM Bug #6902 (Not a Bug): webConfigurator not using new certificate and won't disable SSL: Method:
* I had the web UI using the default self-signed certificate and I used an alternate port number just in cas... Bob Hannent
07:38 AM Bug #3075: Can't delete unused Virtual IP "referenced by a least one gateway": I've got this error on 2.3.2_1, on a CARP VIP I just added for a test. I'm 100% sure that VIP is not being used for a... Flavio Stanchina

Also available in: Atom

Project

General

Profile

pfSense

Activity

Activity

12/07/2016

12/06/2016

12/05/2016

12/04/2016

12/03/2016

12/02/2016

12/01/2016

11/30/2016

11/29/2016

11/28/2016

11/27/2016

11/26/2016

11/25/2016

11/24/2016

11/23/2016

11/22/2016

11/21/2016

11/20/2016

11/19/2016

11/18/2016

11/17/2016

11/16/2016

11/15/2016

11/14/2016

11/13/2016

11/12/2016

11/11/2016

11/10/2016

11/09/2016

11/08/2016