Activity

30 days up to

User

Subprojects

Activity

From 11/13/2016 to 12/12/2016

12/12/2016

09:10 PM Revision 089c18f3: Add PC Engines APU2 to the list of serial-only platforms: The vidconsole needs to be explicitly disabled for PC Engines APU2,
otherwise the comconsole is garbled and mostly un... Brett Keller
08:46 PM Revision ffda0181: Add specific platform detection for PC Engines APU2: Based detection on $product rather than $hw_model, because $hw_model
returns the name of the AMD SoC, which might be ... Brett Keller
08:38 PM Revision f24b6fb6: Encode the auth server list before passing it on the CLI, to avoid issues with special characters that break when interpreted as URL parameters during OpenVPN auth. Fixes #7002: Jim Pingle
08:37 PM Revision c165a17e: Encode the auth server list before passing it on the CLI, to avoid issues with special characters that break when interpreted as URL parameters during OpenVPN auth. Fixes #7002: Jim Pingle
08:24 PM Revision e719538c: This script is not called directly in a way that requires a shabang, and it interferes with the script output, preventing successful authentication. Fixes #7008: Jim Pingle
06:44 PM Revision 768037ee: Do not allow a group name to start with 'pkg-', reserve it for packages use (e.g. tinc): Renato Botelho
06:44 PM Revision 6af92afd: Update interface group name validation rules to match ifconfig: Renato Botelho
06:44 PM Revision f6e519ec: Fix #6976: Make sure interface description, interface name and alias don't have the same name: Renato Botelho
06:44 PM Revision e4830f02: Ticket #6976: Check disabled interfaces: Renato Botelho
06:43 PM Revision ebdcad3b: Do not allow a group name to start with 'pkg-', reserve it for packages use (e.g. tinc): Renato Botelho
06:43 PM Revision 2326f325: Update interface group name validation rules to match ifconfig: Renato Botelho
06:43 PM Revision 7ec6e283: Fix #6976: Make sure interface description, interface name and alias don't have the same name: Renato Botelho
06:43 PM Revision ee5284ce: Ticket #6976: Check disabled interfaces: Renato Botelho
06:29 PM Revision 6d40829b: Fix CA input validation to (again) allow an import without a key. Fixes #7001: Jim Pingle
05:56 PM Revision 93ab5b34: Ensure that mobile IPsec client addresses are added to vpn_networks. Fixes #7005: Jim Pingle
05:55 PM Revision d4ed1bd9: Ensure that mobile IPsec client addresses are added to vpn_networks. Fixes #7005: Jim Pingle
03:33 PM Bug #7004: [2.3.3] NAT no longer respects interface selection: Screenshot is fixed.
It may seem absurd to you but what else should it do? There isn't any programmatic way for it... Jim Pingle
03:26 PM Bug #7004: [2.3.3] NAT no longer respects interface selection: The resolver is answering queries just fine on LAN. Until you set up a NAT rule on WLAN. Sorry, but this behavior is ... Kill Bill
03:07 PM Bug #7004: [2.3.3] NAT no longer respects interface selection: There isn't anything to fix. Logically, it's acting as intended. That's what NAT reflection does -- it redirects anyt... Jim Pingle
03:03 PM Bug #7004: [2.3.3] NAT no longer respects interface selection: Well perhaps this should be left open till it's somehow fixed, sending packets coming from completely unrelated inter... Kill Bill
02:55 PM Bug #7004 (Not a Bug): [2.3.3] NAT no longer respects interface selection: The extra interfaces are coming from NAT reflection and it doesn't appear to be a regression, but a quirk of having r... Jim Pingle
01:21 PM Bug #7004: [2.3.3] NAT no longer respects interface selection: !https://s23.postimg.org/53zzev93f/Screenshot.png! Kill Bill
01:19 PM Bug #7004: [2.3.3] NAT no longer respects interface selection: What options do you have configured for NAT Reflection under System > Advanced, Firewall & NAT? Jim Pingle
12:55 PM Bug #7004: [2.3.3] NAT no longer respects interface selection: The rule from config.xml:... Kill Bill
12:13 PM Bug #7004 (Feedback): [2.3.3] NAT no longer respects interface selection: I can't reproduce this on current snapshots with 2.3.3 or 2.4, can you show the XML for that rule in config.xml? And ... Jim Pingle
06:24 AM Bug #7004: [2.3.3] NAT no longer respects interface selection: Doing this from *LAN* machine (remember, the redirection is supposed to happen on *WLAN*):... Kill Bill
06:19 AM Bug #7004 (Not a Bug): [2.3.3] NAT no longer respects interface selection: Dunno guys when this regressed, however NAT rules apply on ALL interfaces, no matter what you select. Say, you follow... Kill Bill
02:48 PM Feature #7007: Change default IPsec/strongswan log levels: Those are a different story entirely and unrelated to this at all. See #4227 (If you set "Networking" and "Message E... Jim Pingle
01:54 PM Feature #7007: Change default IPsec/strongswan log levels: Any attempts on tweaks useful for debugging here are completely useless while IPsec log is being flooding with tons o... Kill Bill
01:46 PM Feature #7007 (Resolved): Change default IPsec/strongswan log levels: It is usually beneficial to set IKE SA, IKE Child SA, and Configuration Backend to logging level "Diag" when troubles... Chris Linstruth
02:40 PM Bug #7002 (Feedback): OpenVPN unable to use authentication server with ampersand in descriptive name: Applied in changeset commit:c165a17e0225f09afb4882d360ba086f629f2b77. Jim Pingle
02:30 PM Bug #7008 (Feedback): OpenVPN sever unable to authenticate users on 2.4: Applied in changeset commit:e719538c01cde5c444255941655a54134c68f16b. Jim Pingle
02:24 PM Bug #7008 (Resolved): OpenVPN sever unable to authenticate users on 2.4: On 2.4, OpenVPN is unable to authenticate local or remote users. The logs show that the user authenticates successful... Jim Pingle
12:50 PM Bug #6976 (Feedback): Interface group and alias with same name creates firewall syntax error: Applied in changeset commit:7ec6e2831fe56514e90fcbd2beb5af52b7054ab6. Renato Botelho
07:06 AM Bug #6976: Interface group and alias with same name creates firewall syntax error: I'll handle it Renato Botelho
12:49 PM Bug #6981: IPv6, rc.newwanipv6, flooding log and resets connection periodically: DNS Resolver/General - Network Interfaces and Outgoing interfaces = both are set to "All"
Removed dhcpd from monit... Marcel Mayer
07:00 AM Bug #6981: IPv6, rc.newwanipv6, flooding log and resets connection periodically: What do you have selected in DNS Resolver/General - Network Interfaces and Outgoing interfaces? Martin Wasley
06:44 AM Bug #6981: IPv6, rc.newwanipv6, flooding log and resets connection periodically: Some confusing log entrys are still there. See attached file. Marcel Mayer
12:40 PM Bug #7001 (Feedback): Certificate manager requiring private key when importing CA certificate authority: Applied in changeset commit:6d40829b6905bf55c238bffc6c779e9bf063297f. Jim Pingle
12:00 PM Bug #7005 (Feedback): IPsec mss clamping not working for mobile clients: Applied in changeset commit:d4ed1bd9a86a23ff3d4baed97db32eb90cd21947. Jim Pingle
11:37 AM Bug #7005 (Confirmed): IPsec mss clamping not working for mobile clients: Confirmed. To me, I have a fix. Jim Pingle
08:13 AM Bug #7005 (Resolved): IPsec mss clamping not working for mobile clients: Doesn't look that mss-clamping is working on a IPsec mobile client setup.
1) In IPSec -> Advanced Settings -> Ena... Lars Pedersen
11:41 AM Revision 30bc2971: Update services_captiveportal.php: fixes https://redmine.pfsense.org/issues/6391
(cherry picked from commit 6ba184a1d6ead4cdbc4369c1a7ddcc820e8ffcce) Stefan Kronawithleitner
11:40 AM Revision 7739e0ce: Merge pull request #3267 from noledge/patch-1: Renato Botelho
11:37 AM Revision b7b72880: Comment typos in itemid.inc: (cherry picked from commit 632a238f1fb7f0c80e76058563a95bbf6785df53) Phil Davis
11:37 AM Revision fcfe8031: Merge pull request #3264 from phil-davis/patch-2: Renato Botelho
09:12 AM Bug #7006 (Not a Bug): radius authentication doesn't work: It works fine on current snapshots when properly configured. Post on the forum for help with your configuration. Jim Pingle
09:07 AM Bug #7006 (Not a Bug): radius authentication doesn't work: hello,
the remote authentication seems to be broken.
I configured my company Cisco ACS as authentication server (t... Giuanin Piemunteis
06:50 AM Feature #3971: IPv6 - Preserve the DUID used for WAN DHCP-PD in the configuration file: Added as part of PR #3262
Martin Wasley
05:54 AM pfSense Packages Bug #6999 (Feedback): ntopng missing preferences menu: PR has been merged, thanks! Renato Botelho
05:42 AM Bug #6391 (Feedback): View Current Portal Page goes to wrong URL: PR has been merged Renato Botelho
05:39 AM Bug #6997: DHCP/DHCPv6 server GUI should be accessible even if DHCP relay is enabled: One more thing I noticed - Status/DHCP(v6) Leases, on the contrary, is something that should not be accessible when D... Kill Bill
04:19 AM pfSense Packages Feature #6480: pfBlockerNG - add ability to force download of a list: Hi - would it be possible to revisit this please? The issue with the method proposed above is that, for a long list,... Andrew -
03:12 AM Feature #628: Ability to specify listen IP address of management services (SSH, web interface): Marlin Cremers wrote:
> Is there a way for me to at least look at this? Are there particular things I have to keep i... Kill Bill
02:38 AM Feature #628: Ability to specify listen IP address of management services (SSH, web interface): I would love to see this as I'm using pfSense as router and would like to disable the firewall to get greater perform... Marlin Cremers

12/11/2016

04:46 PM Bug #6985 (Resolved): NPt rules are causing a filter error on 2.4: Looks good on a current snapshot Jim Pingle
04:13 PM Bug #7003: autoboot_delay on 2.4.0: Most likely cause is that the setting isn't being put in place by the new installer Jim Pingle
12:46 PM Bug #7003 (Resolved): autoboot_delay on 2.4.0: It seems the autoboot_delay in loader.conf has been set/left at the default 10 seconds. It seems 2.3 and prior have a... Ken Sim
04:09 PM Bug #6850 (Resolved): FreeBSD 11.0 Route Syntax Change For Non-Local Gateway: Jim Pingle
02:18 PM Bug #6850: FreeBSD 11.0 Route Syntax Change For Non-Local Gateway: Everything seems to be working as expected now with that patch applied. I have played around with the gateways for ab... Ken Sim
03:55 PM Revision 6ba184a1: Update services_captiveportal.php: fixes https://redmine.pfsense.org/issues/6391 Stefan Kronawithleitner
10:37 AM Bug #6981: IPv6, rc.newwanipv6, flooding log and resets connection periodically: Found the solution for that.
The Leasetable hold two entries (no idea why). After deleting them, everything now work... Marcel Mayer
08:44 AM Bug #6981: IPv6, rc.newwanipv6, flooding log and resets connection periodically: What I found and confuses me are this lines in general log:
/rc.newwanipv6: The command '/usr/local/sbin/dhcpd -us... Marcel Mayer
08:25 AM Bug #6981: IPv6, rc.newwanipv6, flooding log and resets connection periodically: I started to do the test today and realised, that IPv6 is working for the moment without the described issue.
Used t... Marcel Mayer
09:06 AM pfSense Packages Bug #6999: ntopng missing preferences menu: https://github.com/pfsense/FreeBSD-ports/pull/226 Kill Bill
04:12 AM Bug #6997: DHCP/DHCPv6 server GUI should be accessible even if DHCP relay is enabled: Thanks, Phil. And yes, also when migrating the other way round (i.e., when moving your DHCP to pfSense), you want to ... Kill Bill

12/10/2016

11:49 PM Bug #6997: DHCP/DHCPv6 server GUI should be accessible even if DHCP relay is enabled: This looks not too hard to do, and will help those who would like to be able to see and manipulate disabled-DHCP-serv... Phillip Davis
11:36 PM Revision 260f60a9: IPv6, allow DHCP6 client to use a prefix size of /59: Pi Ba
11:06 PM Bug #7002 (Resolved): OpenVPN unable to use authentication server with ampersand in descriptive name: Add LDAP server in System/User Manager/Authentication Servers, include an ampersand in the Descriptive Name. Test aga... Anonymous
10:08 PM Revision 6d587359: Improve input validation for services_dhcp_relay: While looking at interactions between DHCP Relay and DHCP Server, I noticed a few annoying/inconsistent things in dri... Phil Davis
10:05 PM Revision ad7bdc9b: Merge pull request #3265 from phil-davis/patch-5: Steve Beaver
02:27 PM Revision ac999f3b: Improve input validation for services_dhcp_relay: While looking at interactions between DHCP Relay and DHCP Server, I noticed a few annoying/inconsistent things in dri... Phil Davis
02:13 PM Bug #7001 (Resolved): Certificate manager requiring private key when importing CA certificate authority: Attempts to import just the public key portion of a certificate authority errors out because a private key is not pre... Chris Linstruth
12:55 PM Bug #1819: DNS Resolver Not Registering DHCP Server Specified Domain Name: Well nobody's assigned to it and it's a 5 year old ticket. Last few comments were from Chris and he works for Ubiquit... → luckman212
09:53 AM Revision 632a238f: Comment typos in itemid.inc: Phil Davis
09:43 AM pfSense Packages Feature #7000 (Closed): ntopng historical data needs to be reworked: Reference:
- http://www.ntop.org/ntopng/exploring-historical-data-using-ntopng/
- http://www.ntop.org/ntopng/explor... Kill Bill
06:03 AM Bug #4310: Limiters + HA results in hangs on secondary: I updated a test cluster to a snapshot from a couple hours ago, which from the timestamp looks like it should have th... Jim Pingle
05:55 AM pfSense Packages Bug #6999: ntopng missing preferences menu: Unable to submit anything via GitHub (server error 500 since yesterday). If it works for someone:... Kill Bill
05:20 AM pfSense Packages Bug #6999 (Resolved): ntopng missing preferences menu: This is caused by the admin user not being a member of "administrator" group. Related forum thread: https://forum.pfs... Kill Bill
05:13 AM Revision ca8ab3c9: Add a gateway state plugin hook.: Pull Request #3093 Luiz Souza
04:35 AM Revision 140f1f6f: Revert the workaround now that the pf parsing issue is fixed.: Ticket #6985 Luiz Souza

12/09/2016

11:28 PM Revision a3ed7862: move export button to heading for status monitoring page: Jared Dillard
11:27 PM Revision 726ebc65: move export button to heading for status monitoring page: Jared Dillard
11:24 PM Bug #4310: Limiters + HA results in hangs on secondary: 2.4 has a few new fixes for use-after-free pfsync states. The limiters issue is also fixed. Luiz Souza
11:11 PM pfSense Packages Bug #6983: pfBlockerNG-2.1.1_4 requires xmlrpc.inc which is removed or moved: Angel Torres, best to post in the forum for that... Not related to this issue..
Maybe this is causing your issue? ... BBcan177 .
10:49 PM Bug #6985: NPt rules are causing a filter error on 2.4: Fixed the parsing issue on pf (and reverted the workaround): https://github.com/pfsense/FreeBSD-src/commit/e4a708b0c1... Luiz Souza
08:25 PM Revision 77b6d849: Fix #6472: Enable/Disable associated firewall rule when NAT rule changes: Renato Botelho
08:25 PM Revision 7a76bc6f: Ticket #6472: Respect disabled field: Respect disabled field when creating firewall associated rule Renato Botelho
08:25 PM Revision 9e21304e: Ticket #6472: Add toggle_id: Introduce toggle_id() used to enable/disable associated firewall rules Renato Botelho
08:25 PM Revision 3335fee9: Do not set disabled or nordr fields when they are not selected. Checks are using isset() and not its boolean value: Renato Botelho
08:25 PM Revision 6d52d0bf: Simplify logic: Renato Botelho
08:25 PM Revision 9601f6ad: Fix comments: Renato Botelho
08:25 PM Revision 2a080336: $array doesn't need to be a reference here: Renato Botelho
08:24 PM Revision be1bc233: Fix #6472: Enable/Disable associated firewall rule when NAT rule changes: Renato Botelho
08:24 PM Revision 8a915911: Ticket #6472: Respect disabled field: Respect disabled field when creating firewall associated rule Renato Botelho
08:23 PM Revision 8aa2dd26: Ticket #6472: Add toggle_id: Introduce toggle_id() used to enable/disable associated firewall rules Renato Botelho
08:23 PM Revision 15586fff: Do not set disabled or nordr fields when they are not selected. Checks are using isset() and not its boolean value: Renato Botelho
08:22 PM Revision 75bb5037: Simplify logic: Renato Botelho
08:22 PM Revision 21408bb4: Fix comments: Renato Botelho
08:22 PM Revision 9f61bcc9: $array doesn't need to be a reference here: Renato Botelho
07:46 PM Revision cdec7893: Rule type icon should not change to 'X' when disabled: Steve Beaver
06:27 PM Revision 67bc28c9: Update simplepie (RSS Parsing library) to 1.4.3: Jim Pingle
06:26 PM Revision 73a0719a: Update simplepie (RSS Parsing library) to 1.4.3: Jim Pingle
06:03 PM Revision 650ba8d7: Fix copy/paste error in variable test.: Jim Pingle
06:03 PM Revision c7435c36: Fix copy/paste error in variable test.: Jim Pingle
06:03 PM Revision 530eceb9: Fix copy/paste error in variable test.: Jim Pingle
05:25 PM Revision 898aa92c: Change (assign) to Assignments in Interfaces menu: Add HTML divider in Interfaces menu to separate actions form the interface list Steve Beaver
05:21 PM pfSense Packages Bug #6987: ntopng needs Google API key for GeoIP map: Result after patching:
!https://s30.postimg.org/m3vi0pxy9/ntopng_geomap.png! Kill Bill
05:18 PM pfSense Packages Bug #6987: ntopng needs Google API key for GeoIP map: Well... this additionally need a patch to the ntopng port itself (basically the one from https://github.com/ntop/ntop... Kill Bill
03:51 PM pfSense Packages Bug #6987: ntopng needs Google API key for GeoIP map: Please, test the attached patch and report back. (Would like to submit a PR on GitHub, however the only thing that Gi... Kill Bill
04:41 PM Revision 8638429a: Fix log file deletion: Steve Beaver
04:35 PM Revision 8d8b2fc7: Fix log file deletion: Steve Beaver
03:47 PM Revision 5eab2de4: Fix #6996 using existing variable: Renato Botelho
03:47 PM Revision 803c9768: Fix #6996 using existing variable: Renato Botelho
02:30 PM Bug #6472 (Feedback): Disabling NAT (port forward) rule does not disable the associated firewall rule: Applied in changeset commit:be1bc233931122a67821bee7e02778f7c5138779. Renato Botelho
12:36 PM Todo #6998 (Resolved): Create a port for simplepie to keep it updated and use modular version: Simple build process:
Clone from https://github.com/simplepie/simplepie.git
run "php build/compile.php" from inside... Jim Pingle
12:26 PM Bug #6996 (Resolved): DHCP traffic getting blocked (still/again) with DHCP Relay enabled: Renato Botelho
12:22 PM Bug #6996: DHCP traffic getting blocked (still/again) with DHCP Relay enabled: Works, hooray! Thanks. Reminds me it's Friday -> time for some:
!http://cdn.pcwallart.com/images/homer-simpson-bee... Kill Bill
09:50 AM Bug #6996 (Feedback): DHCP traffic getting blocked (still/again) with DHCP Relay enabled: Applied in changeset commit:803c97685fef85f35a6cf781143259458486c34a. Renato Botelho
04:41 AM Bug #6996: DHCP traffic getting blocked (still/again) with DHCP Relay enabled: https://github.com/pfsense/pfsense/pull/3263 (kindly commit to 2.3.x as well). Thanks. Kill Bill
04:31 AM Bug #6996 (Resolved): DHCP traffic getting blocked (still/again) with DHCP Relay enabled: Exact same issue as Bug #4558. The traffic is getting blocked since $dhcrelaycfg is nowhere defined.
Kill Bill
09:54 AM Bug #6850: FreeBSD 11.0 Route Syntax Change For Non-Local Gateway: It works well for me now, I can run the route command by hand and also apply settings in the GUI. Assigning back to t... Jim Pingle
09:44 AM pfSense Packages Bug #6971 (Closed): Interfaces.php: "Reserved Networks" checkboxes not shown: This issue appears to be limited to FireFox, but also seems to be fixed on pfSense 2.3.3 and later. Anonymous
09:44 AM pfSense Packages Feature #4548 (Resolved): syslog-ng interface doesn't allow rule ordering: Renato Botelho
09:06 AM pfSense Packages Feature #4548: syslog-ng interface doesn't allow rule ordering: Works. Kill Bill
09:19 AM Bug #6997 (Resolved): DHCP/DHCPv6 server GUI should be accessible even if DHCP relay is enabled: So, I wanted to copy the DHCP static leases from the GUI. Cannot do, since all I get is _"DHCP Relay is currently ena... Kill Bill
09:17 AM pfSense Packages Bug #6047 (Resolved): syslog-ng does not logrotate: Renato Botelho
08:58 AM pfSense Packages Bug #6047: syslog-ng does not logrotate: All working now. Kill Bill
09:17 AM pfSense Packages Bug #4518 (Closed): Pfsense 2.2 squid3 + negotiate_kerberos_auth: Renato Botelho
08:57 AM pfSense Packages Bug #4518: Pfsense 2.2 squid3 + negotiate_kerberos_auth: 2.2.x packages are not maintained, please close. Kill Bill
06:17 AM Bug #6978: Squidguard error page crashing after activating WebGUI PFSENSE https security: 1/ Dansguardian does not even exist as a pfSense package in 2.3.x.
2/ Whatever are you doing there, you cannot have... Kill Bill
06:04 AM Bug #6978: Squidguard error page crashing after activating WebGUI PFSENSE https security: I believe in something about dansguardian
If I'm wrong, please close the ticket. Paulo Lima
06:03 AM Bug #6978: Squidguard error page crashing after activating WebGUI PFSENSE https security: I believe in something about dansguardian Paulo Lima

12/08/2016

02:36 PM Bug #6940: OpenVPN management socket not listening after bootup / cannot restart the service.: Send by mail. Pi Ba
02:01 PM Bug #6940: OpenVPN management socket not listening after bootup / cannot restart the service.: Pi Ba wrote:
> My setup 'at work' running on ESXi has 5 openvpn instances running on a carp-ip. Its connected to sev... Renato Botelho
01:47 PM Bug #6940: OpenVPN management socket not listening after bootup / cannot restart the service.: My setup 'at work' running on ESXi has 5 openvpn instances running on a carp-ip. Its connected to several networks/vl... Pi Ba
07:05 AM Bug #6940: OpenVPN management socket not listening after bootup / cannot restart the service.: Can you give us more details about your setup? I couldn't replicate it on a box with some tunnels configured Renato Botelho
02:35 PM Bug #6333: Bootup starts/restarts dpinger multiple times: Luiz, when you are touching it, it would be nice to add code on PHP side to deal with interface in tentative state so... Renato Botelho
01:29 PM Bug #6850 (Feedback): FreeBSD 11.0 Route Syntax Change For Non-Local Gateway: Luiz pushed a fix for that deadlock. Next round of 2.4.0 snapshots will have it applied so we can test
https://git... Renato Botelho
01:14 PM Revision b8f13447: Fix #6857: During boot local_sync_acocunts() should be able to access LDAP server
on a non-local network or also resolve LDAP se... Renato Botelho
01:11 PM Revision 4c6135c2: Fix #6857: During boot local_sync_acocunts() should be able to access LDAP server
on a non-local network or also resolve LDAP se... Renato Botelho
11:52 AM Revision 8b82942f: Specify IP to set for zoneedit: (cherry picked from commit 176d24e1206586cc67888bcbd3a4d947f043a187) Phil Davis
11:52 AM Revision bde382dd: Merge pull request #3261 from phil-davis/zoneedit: Renato Botelho
11:32 AM Revision 176d24e1: Specify IP to set for zoneedit: Phil Davis
11:27 AM Revision eee6c580: Remove destination self from NAT 1:1: It is not needed and caused problems if used and was not remembered on
edit anyway.
(cherry picked from commit 6b8f9... Phil Davis
11:27 AM Revision ccb14855: Merge pull request #3260 from phil-davis/nat11noself: Renato Botelho
07:29 AM Bug #6995: Security Issue - SquidAnalyzer: There is no SquidAnalyzer anywhere in pfSense packages. If you are unable to secure random third-party stuff properly... Kill Bill
07:28 AM Bug #6995 (Rejected): Security Issue - SquidAnalyzer: There is no pfSense package by that name.
Furthermore, any package that runs its own daemon on an alternate port h... Jim Pingle
07:23 AM Bug #6995: Security Issue - SquidAnalyzer: If you open the URL directly, +access is accomplished *without* authentication+. Bruno Kammers
07:19 AM Bug #6995 (Rejected): Security Issue - SquidAnalyzer: I found this flaw when I was testing SquidAnalyzer.
I noticed that it is possible to access the URL of the package... Bruno Kammers
07:26 AM Bug #6879 (Feedback): GUI doesn't show rebooting notification after upgrading: It happened at some point but I couldn't reproduce it anymore. Leaving ticket in feedback state for now Renato Botelho
07:24 AM Bug #6367 (Feedback): Long delays with LDAP enabled w/local users during boot at "Synchronizing user settings...": I've pushed a fix for #6857 that should fix it Renato Botelho
07:20 AM Bug #6857 (Feedback): local_sync_accounts fails during boot when using ldap on a non-local network or hostname: Applied in changeset commit:4c6135c288444be99fbf18915e0e09d1d865ae25. Renato Botelho
07:11 AM Bug #6857 (Confirmed): local_sync_accounts fails during boot when using ldap on a non-local network or hostname: Renato Botelho
07:11 AM Bug #6857: local_sync_accounts fails during boot when using ldap on a non-local network or hostname: If ldap server is configured using hostname and it depends of local DNS resolver it also fails Renato Botelho
07:08 AM Bug #6949: username/password not used by proxy support: It's possible but doesn't sound quite the same. Here's a capture of the initial exchange I grabbed yesterday where th... Jim Pingle
02:30 AM Bug #6949: username/password not used by proxy support: @jimp: Perhaps this is relevant to HTTPS not working?
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=194483 Kill Bill
05:53 AM Bug #6992 (Feedback): ZoneEdit DDNS does not update to CARP IP: PR has been merged. Thanks! Renato Botelho
05:40 AM Bug #6992: ZoneEdit DDNS does not update to CARP IP: Maybe sending the proper "dnsto" parameter to Zoneedit will fix this, see Pull Request:
https://github.com/pfsense/p... Phillip Davis
03:24 AM Revision 6b8f9c35: Remove destination self from NAT 1:1: It is not needed and caused problems if used and was not remembered on
edit anyway. Phil Davis

12/07/2016

08:06 PM pfSense Packages Bug #6983: pfBlockerNG-2.1.1_4 requires xmlrpc.inc which is removed or moved: BBcan177 . wrote:
> Workaround here:
> https://forum.pfsense.org/index.php?topic=120040.0
>
That workaround do... Angel Torres
06:55 PM Revision 1060378f: Populate the HTTP_PROXY_AUTH env var. Ticket #6949: Jim Pingle
06:09 PM Revision 823b7a1a: Fix #6224 NAT edit - preserve user selections when input errors: 1) Edit a NAT Port Forward rule, change the destination type to "Network", but do not input any network address/mask.... Phil Davis
06:09 PM Revision bbe0c513: Merge pull request #3257 from phil-davis/patch-7: Renato Botelho
06:07 PM Revision bb0a0bb2: Feature #3151 Disable gateway monitoring actions: without disabling gateway monitoring.
This allows the user to continue to monitor the gateway with dpinger, so
they ... Phil Davis
06:07 PM Revision 92cdad2b: Merge pull request #3259 from phil-davis/disablegatewayactions: Renato Botelho
06:01 PM Bug #3973: Route 53 dynamic DNS provider fails to update record: The use of the UPCERT action in 6751 should address this bug. Jason McCormick
07:47 AM Bug #3973 (Feedback): Route 53 dynamic DNS provider fails to update record: Please check next round of 2.3.3 or 2.4.0 snapshots to make sure issue persists with current code Renato Botelho
03:37 PM Revision f396d2b7: Feature #3151 Disable gateway monitoring actions: without disabling gateway monitoring.
This allows the user to continue to monitor the gateway with dpinger, so
they ... Phil Davis
02:38 PM Bug #6994 (Closed): [Portuguese] - Traffic graphs shows overwritten words by traffic values: Changing language to Brazilian portuguese makes traffic graphs look oddly in dashboard. Larger "Entrada"/"Saida" word... Luzemario Dantas
02:32 PM Revision c7cecab8: Fix bandwidth limitation in mac passthrough auth: (cherry picked from commit aa1c6774927fd6e1b11a9315900035c0e084fd82) Jonatan Ramos
02:32 PM Revision e85f3a2b: Merge pull request #3130 from omnia-dev/master: Renato Botelho
01:41 PM Revision af41271b: move back to r53.class for license continuity: (cherry picked from commit 16b163661b1d1a5bcc9a24ce023f7a06c5fb420e) Jason McCormick
01:41 PM Revision 08698a02: note inspiration/sanity check from r53.class code: (cherry picked from commit 260228142573deeb8ef5eaee34c761ca783f8cd3) Jason McCormick
01:41 PM Revision db49d9ad: fix testing headers for bad data: (cherry picked from commit 8d8405baf12806a7f09ef8562cfb24f9083809d3) Jason McCormick
01:41 PM Revision 57298463: noted testing for Route53: (cherry picked from commit c46412956fb629a2f7dc94ca2a553444046a39c3) Jason McCormick
01:41 PM Revision 4bc737dc: Fixed status success message typo and cleaned up: (cherry picked from commit 166f4a4c67e61334791b43a21845603c1295ab2c) Jason McCormick
01:41 PM Revision 9783e0c2: fix auth header and minor XML tag issue: (cherry picked from commit 616a24828992d37ea67e810dbf9fd84ec80562e7) Jason McCormick
01:41 PM Revision a0dd4ec2: initial commit of code -- having a signing error: (cherry picked from commit cc5adcaa679686e54e4035fa5bc283b1cac085a2) Jason McCormick
01:35 PM Revision e61436df: Merge pull request #3155 from jxmx/6751_route53: Renato Botelho
01:14 PM Revision e102e1d9: php fatal error logging: (cherry picked from commit ae3463540ea0a3cc94c18ad9c7b829b2645e8910) Pi Ba
01:14 PM Revision 9f834c4b: Merge pull request #3193 from PiBa-NL/php_notice_fatal: Renato Botelho
01:14 PM Bug #6949: username/password not used by proxy support: I pushed some changes to populate the HTTP_PROXY_AUTH variable and it works for HTTP, but HTTPS does not work using t... Jim Pingle
12:56 PM Bug #6993 (New): OpenVPN status error during CARP state transition: Running two devices in HA and have stacked one IP Alias onto the CARP IP. If I bind a OpenVPN server to the IP Alias ... James Webb
12:10 PM Feature #3151 (Feedback): Disable gateway monitoring actions without disabling gateway monitoring: Merged, thanks! Renato Botelho
09:58 AM Feature #3151: Disable gateway monitoring actions without disabling gateway monitoring: I'll check it Renato Botelho
09:42 AM Feature #3151: Disable gateway monitoring actions without disabling gateway monitoring: I finally remembered and cared enough :)
Pull Request https://github.com/pfsense/pfsense/pull/3259
Phillip Davis
12:10 PM Bug #6224 (Feedback): Firewall NAT Edit forgets dst type selection after reporting input errors: Merged, thanks! Renato Botelho
11:42 AM Bug #6992 (Resolved): ZoneEdit DDNS does not update to CARP IP: When using ZoneEdit Dynamic DNS, using dual wan with a gateway group for failover, ZoneEdit domain gets the WAN/Inter... James Kohout
11:32 AM Bug #6990: DDNS IPs not updating after a system restart: HE.net has two kinds of service, the DDNS service and the IPv6 tunnel. You must be talking about HE.net Tunnelbroker ... Muchacha Grande
06:02 AM Bug #6990: DDNS IPs not updating after a system restart: The HE.net looks definitely wrong. As noted there, you should use the Tunnel ID, and NOT hostname. Kill Bill
05:48 AM Bug #6990: DDNS IPs not updating after a system restart: I'm using a no-ip and a he service. Both of them updating the same wan IPv4 address.
Could you please tell me what e... Muchacha Grande
10:28 AM Bug #6850: FreeBSD 11.0 Route Syntax Change For Non-Local Gateway: Opened a ticket upstream:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=215122 Renato Botelho
10:08 AM Bug #6850: FreeBSD 11.0 Route Syntax Change For Non-Local Gateway: Full config attached, but it's nothing special - default config + static address on WAN + off-subnet gateway. Jim Pingle
10:03 AM Bug #6850 (Confirmed): FreeBSD 11.0 Route Syntax Change For Non-Local Gateway: I was finally able to reproduce this reliably today, and out of 5 failures once I was able to catch what was consumin... Jim Pingle
07:48 AM Bug #6751 (Feedback): Route53 DynDNS Problems / Replace Route53 DynDNS Module: Renato Botelho
07:44 AM Bug #6751: Route53 DynDNS Problems / Replace Route53 DynDNS Module: PR has been merged, thanks! Renato Botelho
07:47 AM Bug #5054 (Feedback): Dynamic DNS - Route53 errors should probably be more verbose: Please check next round of 2.3.3 or 2.4.0 snapshots, that contain an updated code, to see if the issue persists Renato Botelho
07:45 AM Feature #6728: Route53 API mod and Geolocation: Matt, you mentioned you submitted a Pull Request, what is the #? Renato Botelho
07:29 AM Bug #6927: 1 to 1 NAT allows entry of mixed IP addresses: Pull Request https://github.com/pfsense/pfsense/pull/3258 Phillip Davis

12/06/2016

07:54 PM Revision a04cc2c5: NAT 1:1 edit - preserve user selections on edit-save with input errors: 1) Edit a NAT 1:1 rule, change the source and/or destination type to "Network", but do not input any network address/... Phil Davis
07:54 PM Revision 45d8b8a6: Merge pull request #3256 from phil-davis/patch-5: Renato Botelho
07:48 PM Revision cc99b298: Captive portal: add option to include idle time in total session time: Add an option to choose whether the time spent idle by a user disconnected for exceeding the idle timeout must be inc... Caio Plumbeo
07:48 PM Revision d253d5c6: Merge pull request #3249 from plumbeo/idletime-in-sessiontime: Renato Botelho
07:44 PM Revision 36868398: Add BIND logging to proper facility (Bug #5524): Stop the /etc/inc/system.inc patching by dns/pfSense-pkg-bind9 package.
(cherry picked from commit 957ec89e7959e966e8... Doktor Notor
07:44 PM Revision 7bcd5671: Merge pull request #3254 from doktornotor/patch-1: Renato Botelho
05:51 PM Revision 836c858f: Added STARTTLS to LDAP Auth Server Config: (cherry picked from commit d672403c250556ced61d6eec7c51f5518b5f8c6b) derelict-pf
05:51 PM Revision f459bcce: Merge pull request #3240 from derelict-pf/ldap_starttls: Renato Botelho
05:23 PM Revision f7405cd2: Fix #6224 NAT edit - preserve user selections when input errors: 1) Edit a NAT Port Forward rule, change the destination type to "Network", but do not input any network address/mask.... Phil Davis
03:59 PM Revision 9c8ce38b: Work around the NPt rule loading issue to load the rules as they were on previous versions. Fixes #6985: Jim Pingle
03:47 PM Revision d99ce9cc: NAT 1:1 edit - preserve user selections on edit-save with input errors: 1) Edit a NAT 1:1 rule, change the source and/or destination type to "Network", but do not input any network address/... Phil Davis
03:09 PM Revision 957ec89e: Add BIND logging to proper facility (Bug #5524): Stop the /etc/inc/system.inc patching by dns/pfSense-pkg-bind9 package. Doktor Notor
02:04 PM pfSense Packages Bug #5524: bind package is patching /etc/inc/system.inc (syslog configuration): That was fast, thanks. :) Kill Bill
01:45 PM pfSense Packages Bug #5524 (Feedback): bind package is patching /etc/inc/system.inc (syslog configuration): PRs have been merged. Thanks! Renato Botelho
09:43 AM pfSense Packages Bug #5524: bind package is patching /etc/inc/system.inc (syslog configuration): Plus https://github.com/pfsense/FreeBSD-ports/pull/223 Kill Bill
09:10 AM pfSense Packages Bug #5524: bind package is patching /etc/inc/system.inc (syslog configuration): https://github.com/pfsense/pfsense/pull/3254 Kill Bill
12:14 PM Revision 3dd6ce64: Merge pull request #3252 from phil-davis/unset_glxsb: Renato Botelho
12:13 PM Revision 13622c26: Merge pull request #3251 from phil-davis/dyndnsclass23: Renato Botelho
12:10 PM Revision cdcce1c4: Tidy input errors in services_ntpd_acls: 1) If there are multiple rows with invalid IP addresses then the same message was displayed multiple times. We might ... Phil Davis
12:10 PM Revision 71bafaa6: Merge pull request #3253 from phil-davis/patch-2: Renato Botelho
11:43 AM Feature #6989 (Closed): Add second IP to monitoring in "Gateway Monitoring": It would add a lot of complication and also increase the amount of time/processing it would take to notice an upstrea... Jim Pingle
11:32 AM Feature #6989: Add second IP to monitoring in "Gateway Monitoring": See:
https://redmine.pfsense.org/issues/4354
https://redmine.pfsense.org/issues/1189
for past discussion about thi... Phillip Davis
04:43 AM Feature #6989 (Closed): Add second IP to monitoring in "Gateway Monitoring": A problem arises when the gateway IP is available but the network behind the gateway is unavailable, or if alternativ... Vasyl Semenchuk
11:39 AM Bug #6224: Firewall NAT Edit forgets dst type selection after reporting input errors: Pull Request https://github.com/pfsense/pfsense/pull/3257 Phillip Davis
11:37 AM pfSense Packages Bug #6473 (Resolved): OpenVPN Client Export package - depends on vulnerable p7zip version (CVE-2016-2334, CVE-2016-2335): Jim Pingle
11:36 AM pfSense Packages Bug #6473 (Rejected): OpenVPN Client Export package - depends on vulnerable p7zip version (CVE-2016-2334, CVE-2016-2335): Not vulnerable to those. It was patched in the ports tree by FreeBSD back in July.... Jim Pingle
10:59 AM Bug #6982: Nested Aliases with FQDNs do not populate parent table in some cases: Here is the aliases export I am using to test. It should match the screenshot above. Chris Linstruth
10:21 AM Bug #6991 (Resolved): IPv6 traffic hitting a rule with policy routing and NPt fails/disappears: IPv6 NPt on its own works, and IPv6 policy routing on its own works, but if traffic hits a rule that sets it on a pat... Jim Pingle
10:10 AM Bug #6985 (Feedback): NPt rules are causing a filter error on 2.4: Applied in changeset commit:9c8ce38b01fb59dbd474367f77e8de67655f0275. Jim Pingle
10:05 AM pfSense Packages Feature #6176: Privilege for OpenVPN Client Export: Alexandre Paradis wrote:
> Would it be logical to Have a dropdown menu directly for Openvpn, and when clicked it wou... Kill Bill
09:23 AM pfSense Packages Bug #5940 (Resolved): Squid Local Authentication fails with passwords >8 characters: Jim Pingle
09:22 AM pfSense Packages Bug #5940: Squid Local Authentication fails with passwords >8 characters: Hi Jim,
I´ve tested with a recent version of the Squid package on amd64 and i386 (I know i386 is nearly dead).
Bo... Markus Brungs
08:17 AM pfSense Packages Bug #5940 (Feedback): Squid Local Authentication fails with passwords >8 characters: Jim Pingle
08:09 AM pfSense Packages Bug #5940: Squid Local Authentication fails with passwords >8 characters: Appears to be fixed: https://github.com/pfsense/FreeBSD-ports/blob/devel/www/pfSense-pkg-squid/files/usr/local/pkg/sq... Kill Bill
08:47 AM pfSense Packages Bug #6484 (Rejected): pfsense 2.3.1_1 does not accept haproxy advanced parameters: Jim Pingle
08:46 AM pfSense Packages Bug #6484: pfsense 2.3.1_1 does not accept haproxy advanced parameters: OSI layer-8 problem as noted above, can be closed. Kill Bill
08:01 AM pfSense Packages Bug #6019 (Closed): Squid service runs but doesn't process requests after reboot: Jim Pingle
07:58 AM pfSense Packages Bug #6019: Squid service runs but doesn't process requests after reboot: Duplicate of #5594. Squid won't work with CP. Kill Bill
07:56 AM pfSense Packages Bug #6636 (Feedback): Squid Reverse Proxy with Additional IP and compatibility="Intermediate" writes bad squid.conf: Jim Pingle
07:50 AM pfSense Packages Bug #6636: Squid Reverse Proxy with Additional IP and compatibility="Intermediate" writes bad squid.conf: Fixed by https://github.com/pfsense/FreeBSD-ports/commit/a6d15b81474396a043df664c2c645356d7718601 AFAICT, please test... Kill Bill
07:56 AM pfSense Packages Bug #6612 (Closed): squid Multi segmented downloading is broken: Jim Pingle
07:46 AM pfSense Packages Bug #6612: squid Multi segmented downloading is broken: In case you enabled "Cache Dynamic Content" and defined something there, then either disable it altogether or pick up... Kill Bill
07:48 AM Feature #6384: Allow IPSEC P1 to have 2 peer remote gateway IP addresses to allow VPN failover faster without requiring DDNS: We are well aware that strongSwan supports it, but it's not that simple. There are other factors to consider such as ... Jim Pingle
07:44 AM Feature #6384: Allow IPSEC P1 to have 2 peer remote gateway IP addresses to allow VPN failover faster without requiring DDNS: I'll add my tests since I need this feature as well
strongSwan 5.5.0 which is used in pfSense 2.3 already supports... Cristian Mammoli
07:37 AM Bug #6990 (Feedback): DDNS IPs not updating after a system restart: Not nearly enough detail.
What are the exact types and services used in your Dynamic DNS configuration? You can ob... Jim Pingle
06:14 AM Bug #6990 (Not a Bug): DDNS IPs not updating after a system restart: When the system shuts down and then restarts (for example after a power failure) unsing a DSL connection with PPPoE, ... Muchacha Grande
07:32 AM Bug #3885 (Duplicate): Dynamic DNS provider password containing special character ampersand &: Duplicate of / Fixed by #6688 Jim Pingle
07:27 AM pfSense Packages Bug #5736 (Closed): Squid did not authorize user with Captive Portal: Jim Pingle
07:18 AM pfSense Packages Bug #5736: Squid did not authorize user with Captive Portal: No idea what's this patching, certainly not the current code @ https://github.com/pfsense/FreeBSD-ports/blob/devel/ww... Kill Bill
07:25 AM pfSense Packages Bug #6083: Suqid Realtime Monitor / Squid Cache Table not diplaying correctly: I have no idea why's Squidguard logging something into Squid cache log. This is not a bug in Squid package, and given... Kill Bill
07:16 AM pfSense Packages Bug #5506 (Closed): Gateway restart stops service and does not restart Squid: Jim Pingle
07:09 AM pfSense Packages Bug #5506: Gateway restart stops service and does not restart Squid: Please close this. With Squid disabled, it won't ever start, let alone automatically restart. Kill Bill
06:41 AM pfSense Packages Bug #6419 (Resolved): RRD_Summary reports incorrect bandwidth statistics.: Renato Botelho
06:34 AM pfSense Packages Bug #6419: RRD_Summary reports incorrect bandwidth statistics.: Fixed by https://github.com/pfsense/FreeBSD-ports/pull/185, can be closed. Kill Bill
05:34 AM Bug #6981: IPv6, rc.newwanipv6, flooding log and resets connection periodically: Sorry, seems like bug #6000 has been deleted and i was not refering to feature #6000 Rick Strangman
04:53 AM Revision 7c7d3605: Tidy input errors in services_ntpd_acls: 1) If there are multiple rows with invalid IP addresses then the same message was displayed multiple times. We might ... Phil Davis
03:29 AM Revision e030050d: Fix unset glxsb: This bit of upgrade_config code needs a global reference to $config Phil Davis
03:17 AM Revision be17e372: Backport Cloudflare and Gratis plus passwords in base64 DynDNS changes: Note: corresponding change to upgrade_config.inc to come in master to
correctly implement the upgrade_155_to_156 code... Phil Davis
01:57 AM pfSense Packages Bug #6988 (New): SNORT Package PHP memory error: Crash report begins. Anonymous machine information:
amd64
10.3-RELEASE-p9
FreeBSD 10.3-RELEASE-p9 #1 5fc1b... Zeev Zalessky

12/05/2016

10:42 PM pfSense Packages Bug #6987 (Closed): ntopng needs Google API key for GeoIP map: ntopng needs to be updated to a version that supports use of a Google API key and the ntopng settings page needs a fi... Stuart Wyatt
08:46 PM pfSense Packages Bug #6983: pfBlockerNG-2.1.1_4 requires xmlrpc.inc which is removed or moved: Workaround here:
https://forum.pfsense.org/index.php?topic=120040.0
Will try to push a fix as time permits. BBcan177 .
04:03 AM pfSense Packages Bug #6983 (Resolved): pfBlockerNG-2.1.1_4 requires xmlrpc.inc which is removed or moved: Hello,
I'm testing 2.4-BETA x64. Faced an issue with subject package installation:
@Warning: require_once(xmlrpc.... Dmitriy K
08:12 PM Revision 74213edf: Do not truncate IPv6 addresss in NTP widget (Bug #4815): (cherry picked from commit cd2c59c9839e38fa7cbd4ae217fe14883b086145) Doktor Notor
08:11 PM Revision fc6b7031: Merge pull request #4815 from doktornotor/patch-2: Renato Botelho
07:34 PM Revision f34e9794: Stopgap to keep filter reload errors from happening due to NPt rule errors. Ticket #6985: Jim Pingle
07:12 PM Revision b0787bc8: wbr tag needs a css compatibility fix for some browsers: See comment in the PR
(cherry picked from commit e67157bee85f71929d687e2c03020618f18c8f6d) Stilez y
07:11 PM Revision 0b037063: Merge pull request #3159 from stilez/patch-46: Jared Dillard
07:09 PM Revision fc709ad3: [theme] Compact-RED: fix `sortable` table fonts: (cherry picked from commit f84c1e1ef92e7e69e0eb8672a450a255ee2dfe95) Alexander Moisseev
07:09 PM Revision 9a275fb0: Merge pull request #3181 from moisseev/master: Jared Dillard
05:02 PM Bug #6823: No connectivity after changing link state to UP: Jim Thompson wrote:
> We would have to provide the ports of the Intel drivers as packages, and then allow people to ... C S
04:25 PM Revision d667692e: Start building tftpd package: Renato Botelho
04:25 PM Revision 7f62cada: Start building tftpd package: Renato Botelho
04:09 PM Revision eb44f662: remove bogus debug: Steve Beaver
04:08 PM Revision ac572fc1: remove bogus debug: Steve Beaver
03:47 PM Revision 30735b1e: Fixed #6454: Fixed #6984 Steve Beaver
03:45 PM Revision 3b1c0951: Fixed #6454: Fixed #6984 Steve Beaver
02:27 PM Bug #4815: NTP status widget shows truncated IPv6 address: Thanks as well.
(As for Status - NTP, AFAICT that'd require completely rewriting the code because of the "wonderf... Kill Bill
02:13 PM Bug #4815 (Feedback): NTP status widget shows truncated IPv6 address: PR has been merged, thanks! Renato Botelho
02:08 PM Bug #6986 (Resolved): reply-to is not functioning on pfSense 2.4: Rules in the ruleset have reply-to, but any rules matching inbound traffic on non-default WANs fail to fully establis... Jim Pingle
01:59 PM pfSense Packages Bug #3962: LADVD interface handling issues with lagg and bridge: As noted in the linked commit, it's not fixable in any reasonable way: https://github.com/pfsense/FreeBSD-ports/commi... Kill Bill
01:59 PM pfSense Packages Bug #6389 (Resolved): Suricata typo under interface rules tab: Jim Pingle
01:53 PM pfSense Packages Bug #6389: Suricata typo under interface rules tab: Fixed in 3.0_10, please close. Kill Bill
01:52 PM pfSense Packages Bug #5515 (Closed): Squid3 change log URL leads to a 404 error: Jim Pingle
01:51 PM pfSense Packages Bug #5515: Squid3 change log URL leads to a 404 error: Obsolete unmaintained 2.2.x stuff, please close. Kill Bill
01:21 PM Bug #6985 (Resolved): NPt rules are causing a filter error on 2.4: Network Prefix Translation rules that worked on 2.3.2 are causing a filter reload error on 2.4
Real addresses mask... Jim Pingle
10:45 AM Bug #6454 (Resolved): services_ntpd_acls.php: Can't change default options without setting custom access restriction: Anonymous
10:18 AM Bug #6454: services_ntpd_acls.php: Can't change default options without setting custom access restriction: Steve Beaver wrote:
> Applied in changeset commit:3b1c0951ddb913cefcf3aaca301c9a8803a50224.
Works, thanks. Kill Bill
09:50 AM Bug #6454 (Feedback): services_ntpd_acls.php: Can't change default options without setting custom access restriction: Applied in changeset commit:3b1c0951ddb913cefcf3aaca301c9a8803a50224. Anonymous
08:00 AM Bug #6454: services_ntpd_acls.php: Can't change default options without setting custom access restriction: Including the page name in the subject is helpful. Anonymous
07:44 AM Bug #6454: services_ntpd_acls.php: Can't change default options without setting custom access restriction: More issues with this page noted at #6984 Kill Bill
10:14 AM Bug #6984: NTP/ACLs - Delete button partially invisible + rowhelper handling broken: OK... The button now almost fits, plus the issues on the second and third screenshots seem to be indeed fixed.
!ht... Kill Bill
09:50 AM Bug #6984: NTP/ACLs - Delete button partially invisible + rowhelper handling broken: Applied in changeset commit:3b1c0951ddb913cefcf3aaca301c9a8803a50224. Anonymous
09:48 AM Bug #6984 (Feedback): NTP/ACLs - Delete button partially invisible + rowhelper handling broken: Both issues fixed in JavaScript Anonymous
07:54 AM Bug #6984: NTP/ACLs - Delete button partially invisible + rowhelper handling broken: Playing with Delete is apparently lot of fun, also managed to produce this result:
!https://s15.postimg.org/x7rx3x... Kill Bill
07:43 AM Bug #6984 (Resolved): NTP/ACLs - Delete button partially invisible + rowhelper handling broken: Beyond #6454 (still unfixed), there are other issues with this thing, such as:
- the button not fitting the page
... Kill Bill
07:53 AM Bug #6972: "Are you sure you wish to?" prompts and other issues with deleting networks from network-type aliases: OK, after a bit of clicking, this is definitely not limited to aliases, let alone network-type ones. I managed to get... Kill Bill
04:17 AM Bug #6981: IPv6, rc.newwanipv6, flooding log and resets connection periodically: @Marcel
It would be interesting to see what your dhcp6 is doing at the same time, could you post a snippit of both... Martin Wasley

12/04/2016

05:42 PM pfSense Packages Bug #6378: inline background styles in squidguard package: Anyone filling bugs about this package should consider a bounty to get it rewritten from scratch. I guess nothing sho... Kill Bill
12:49 PM Bug #6981: IPv6, rc.newwanipv6, flooding log and resets connection periodically: Thank you Rick Strangman for the reply. I don't think, the issus are similar.
The Update will be scheduled for next ... Marcel Mayer
08:58 AM Bug #6981: IPv6, rc.newwanipv6, flooding log and resets connection periodically: #6000 is about virtual IP's or am I missing something... quite possible at my age. :) Martin Wasley
06:36 AM Bug #6981: IPv6, rc.newwanipv6, flooding log and resets connection periodically: Does this issue seem similar to bug #6000? If so I can probably help.
Rick Rick Strangman
05:01 AM Bug #6981: IPv6, rc.newwanipv6, flooding log and resets connection periodically: Can I make a suggestion. Before you do any major revision updates save a copy of your config file in case you wish to... Martin Wasley
09:44 AM Revision cd2c59c9: Do not truncate IPv6 addresss in NTP widget (Bug #4815): Doktor Notor
06:24 AM pfSense Packages Bug #6473: OpenVPN Client Export package - depends on vulnerable p7zip version (CVE-2016-2334, CVE-2016-2335): Bump, this is still not fixed. Please, upgrade to 16.02. Kill Bill
01:04 AM Feature #6620: CoDel, FQ-CoDel, PIE and FQ-PIE AQMs: I think it's late for 2.4, since it's beta. Vladimir Suhhanov

12/03/2016

11:43 PM Bug #6981: IPv6, rc.newwanipv6, flooding log and resets connection periodically: Go to System->Updates->Update Settings, change Branch to "Development Snapshots" and save.
Now it will show an upgra... Phillip Davis
11:29 AM Bug #6981: IPv6, rc.newwanipv6, flooding log and resets connection periodically: The addresses are not changing. They stay.
What do you preffer or suggest? Updating would be ok for me. Is it possib... Marcel Mayer
10:30 AM Bug #6981: IPv6, rc.newwanipv6, flooding log and resets connection periodically: Marcel Mayer wrote:
> As you can see here (logfiles attached in threads!)
>
> (English)https://forum.pfsense.org/... Martin Wasley
05:01 AM Bug #6981 (Closed): IPv6, rc.newwanipv6, flooding log and resets connection periodically: As you can see here (logfiles attached in threads!)
(English)https://forum.pfsense.org/index.php?topic=119439.0
... Marcel Mayer
05:03 PM Revision 1878e1c9: Captive portal: add option to include idle time in total session time: Add an option to choose whether the time spent idle by a user disconnected for exceeding the idle timeout must be inc... Caio Plumbeo
02:24 PM Bug #6982: Nested Aliases with FQDNs do not populate parent table in some cases: I should add that the only alias present in any rules is groupone. It is on LAN pass IPv4 any from LAN net destinatio... Chris Linstruth
02:07 PM Bug #6982 (Resolved): Nested Aliases with FQDNs do not populate parent table in some cases: In some cases a nested alias containing FQDNs does not populate the parent table until filterdns runs again at its in... Chris Linstruth
01:36 PM Revision 45541aae: Form_IpAddress add types remove patterns: 1) Add alias and host types to Form_IpAddress with the appropriate hover
text.
2) Remove the patterns - the UI of tho... Phil Davis
01:04 PM Revision 0f2fbcd7: fix typo from merge: Jason McCormick
01:00 PM Revision a5676b5d: Merge remote-tracking branch 'upstream/master' into 6751_route53: Jason McCormick
06:42 AM Feature #6620: CoDel, FQ-CoDel, PIE and FQ-PIE AQMs: bounty request with more forum links https://forum.pfsense.org/index.php?topic=90942.0 Michael Kellogg
06:31 AM Feature #6620: CoDel, FQ-CoDel, PIE and FQ-PIE AQMs: forum link
https://forum.pfsense.org/index.php?topic=121198.0 Michael Kellogg
06:30 AM Feature #6620: CoDel, FQ-CoDel, PIE and FQ-PIE AQMs: Can we get this added into 2.4 ?? Michael Kellogg
04:22 AM Revision 7d4d9ec5: Remove the PHP limit from diag_dump_states(), it is now managed on pfSense_get_pf_state().: Luiz Souza
02:49 AM Bug #6319: DHCP6 DDNS tsig key missing from dhcpv6.conf for reverse zone: Can someone have another look at this please? IMHO this seems to be a simple fix. Unfortunatelly i don't have the cod... Bogdan P

12/02/2016

07:41 PM Revision f829a8d3: OpenVPN populates IPv6 env vars now, so we can fetch them for the IPv6 gateway. Fixes #6016: Jim Pingle
06:18 PM Revision 8ec77040: Fix indent: Jim Pingle
06:18 PM Revision da83e212: Merge pull request #3145 from skrude61/master: Jim Pingle
06:04 PM Revision 01d98377: Create a dummy /etc/printcap when starting bsnmpd so it it will not log errors. Fixes #6838: Jim Pingle
06:04 PM Revision 26be03d7: Create a dummy /etc/printcap when starting bsnmpd so it it will not log errors. Fixes #6838: Jim Pingle
06:03 PM Revision 63b44eed: Create a dummy /etc/printcap when starting bsnmpd so it it will not log errors. Fixes #6838: Jim Pingle
05:51 PM Revision bb6d61b1: Add www/pound to the list of packages to build. Fixes #6793: Jim Pingle
05:15 PM Revision 80bc583c: Standardize and fix 'other' type VIP display on NAT pages. Fixes #6094: Jim Pingle
05:15 PM Revision d2ce7d30: Fix 'Other' type VIP options. Ticket #6094: While here, remove some defunct 'range' code that was never used. Jim Pingle
04:48 PM Revision 2a38eaf4: interfaces, show error message if adding duplicate gateway: (cherry picked from commit e8517c7c16b8a845333c7d0e91f552144e6b5560) Pi Ba
04:47 PM Revision 778f9885: Merge pull request #3213 from PiBa-NL/interfaces-gateway-message: Renato Botelho
04:00 PM Revision d7155857: Clarified help text for ddnsforcehostname option.: (cherry picked from commit 9ca5d4abf949e088d6f1966003a6bf957f3cbdf6) Ross Williams
04:00 PM Revision 6a2c8e35: Added title to ddnsforcehostname checkbox: (cherry picked from commit cfc10a3364fee9ab220b9ada5584bfbe62ba800c) Ross Williams
04:00 PM Revision 7b0df184: Removed TODO comment: (cherry picked from commit a7e3001c740c79da652a9a4d53509e95adaf0c77) Ross Williams
04:00 PM Revision e8f2eb8d: Add ddnsforcehostname option to DHCP6 Server configuration editor: (cherry picked from commit 1a6bda5b389df05d6dac024e8445d3a00e01e823) Ross Williams
04:00 PM Revision eeffd48c: Add ddnsforcehostname option to DHCP Server configuration editor: (cherry picked from commit cf15bcb41f5befb3668f4608aafeddcb8bb18a58) Ross Williams
04:00 PM Revision 149575ae: Add ddnsforcehostname option to Static Mapping editor: (cherry picked from commit 62abab65c9c3fb010862201b327b426b3b9fc3b8) Ross Williams
04:00 PM Revision 8960e397: Put DDNS hostname config in the wrong place: It is relevant to the interface, not just the per-static-mapping DDNS config.
(cherry picked from commit f0cce276a6c... Ross Williams
04:00 PM Revision 25b18b5d: Implement ddns-hostname option emission for static hosts in services.inc.: (cherry picked from commit 011f550d9b6d5980bd486af3254b387d3019783b) Ross Williams
03:59 PM Revision 6cb599da: Merge pull request #3246 from overhacked/dhcpd-dyndns-force-hostname: Renato Botelho
03:51 PM Revision d2ad2359: Add missing L2TP from this gateway handling case. Fixes #6980: Jim Pingle
03:51 PM Revision 8091b5d7: Add missing L2TP from this gateway handling case. Fixes #6980: Jim Pingle
03:50 PM Revision 3343571b: Add missing L2TP from this gateway handling case. Fixes #6980: Jim Pingle
03:34 PM Revision d265a53b: Fix reversed accounting style: (cherry picked from commit f3838572c59ea5ebe656851511c75d217afec815) Caio Plumbeo
03:34 PM Revision 45a84d8d: Fix reversed accounting style: (cherry picked from commit f3838572c59ea5ebe656851511c75d217afec815) Caio Plumbeo
03:34 PM Revision 00847ca8: Merge pull request #3247 from plumbeo/fix-reverse-acct: Renato Botelho
02:04 PM Feature #2766: status_openvpn.php needs IPv6 support: Still missing in OpenVPN 2.3.13 Jim Pingle
02:03 PM Bug #6249 (Duplicate): OpenVPN widget does not show client instance's IPv6 address: Duplicate of #2766
When OpenVPN properly populates IPv6 addresses in the status output, we can include them in the... Jim Pingle
01:50 PM Bug #6016 (Feedback): ovpn-linkup not populating IPv6 gateways: Applied in changeset commit:f829a8d3258e377b778ac84a1f2f345b8a79b766. Jim Pingle
01:46 PM Bug #6016: ovpn-linkup not populating IPv6 gateways: Fix pushed, will show momentarily.
!http://i.imgur.com/oDe2MhN.png! Jim Pingle
01:46 PM Revision e6fa3b22: Add decoration to "On latest version" message: Steve Beaver
01:10 PM Revision c73a2f31: Revise status messages. Adjust PID file timeout to accommodate slower systems: Steve Beaver
12:10 PM Bug #6838 (Feedback): bsnmpd logs errors when /etc/printcap is missing: Applied in changeset commit:63b44eed9eeaa32567c1234c37dbce2e15dc8d37. Jim Pingle
12:08 PM Bug #6751: Route53 DynDNS Problems / Replace Route53 DynDNS Module: Link to the associated PR: https://github.com/pfsense/pfsense/pull/3155 Jim Pingle
12:00 PM Feature #6793 (Feedback): Add pound package to the pfSense repository: Applied in changeset commit:bb6d61b1028697fe0e9e9a3b91a9b5491654319f. Jim Pingle
11:39 AM Bug #6495 (Resolved): No default route on PPPoE after reconnect or IP change in some cases: Jim Pingle
11:36 AM Bug #6925: System Update Failed: Ok ... But I can only update by removing the network cable after midnight and plugging in only on it. But in my netwo... Edson Bueno
10:06 AM Bug #6925 (Resolved): System Update Failed: Jim Pingle
11:25 AM Bug #4326 (Resolved): Limiters on firewall rules where NAT applies drop all traffic: All indications are that this is fixed now, from my own tests and from user feedback. Jim Pingle
11:20 AM Bug #6094 (Feedback): VIP Other subnet does not expand into NAT entries: Applied in changeset commit:80bc583c2365a0df606f409f6526385b1f0d8023. Jim Pingle
10:08 AM Feature #4351 (Resolved): Allow to disable BOOTP in DHCP server: Works Jim Pingle
10:00 AM Bug #6980 (Feedback): L2TP WAN gateway is missing the type at the end of its dynamic name: Applied in changeset commit:3343571b7f4c9c705869798ffc01bf9897d20aa0. Jim Pingle
09:50 AM Bug #6980 (Resolved): L2TP WAN gateway is missing the type at the end of its dynamic name: an L2TP WAN dynamic gateway ends in "_", for example "WAN_L2TP1_" when it should end with the type, such as "WAN_L2TP... Jim Pingle
09:53 AM Todo #4706 (Resolved): MPD needs to be upgraded to version 5 even for the various other tunnels: Looks good, no sign of mpd4, services still work. Jim Pingle
09:29 AM Bug #6393 (Resolved): SMART service handling is incomplete/missing: Jim Pingle
09:24 AM pfSense Packages Bug #6878 (Resolved): how to use snort, squid and squid_guard with a ram disk: Seems to be working. Jim Pingle
09:13 AM Bug #6953 (Resolved): on mismatching private key for CA, "edit user" silently creates user cert using different CA: Jim Pingle
09:13 AM Bug #6952 (Resolved): Generating user certs from imported CA fails silently when no starting serial# is set: Works better now. If it's left blank, it's assumed to be 0. Jim Pingle
09:11 AM Bug #6947 (Resolved): Deleting an external CA wipes certificates in use: Jim Pingle
09:01 AM Todo #5538 (Resolved): remove symlinks from /etc/ to /var/etc/: Looks good, I don't see any left. Jim Pingle
09:00 AM Todo #5368 (Resolved): Review /etc/ttys for serial console: Consoles are working on all 2.4 versions. Jim Pingle
08:56 AM Bug #6658 (Resolved): DHCP Relay not working on 2.3.2: Jim Pingle
07:58 AM Feature #6979 (Duplicate): Create a rule using asn: Duplicate of #3393, and Phil's right, that can be done in pfBlocker already. Jim Pingle
05:33 AM Feature #6979: Create a rule using asn: This can be done with pfBlockerNG - example at https://forum.pfsense.org/index.php?topic=118431.0
A more manual meth... Phillip Davis
03:52 AM Feature #6979 (Duplicate): Create a rule using asn: Create a rule using ASN
Example: block AS51773 Softonic adware and useless network. Oscar Francia

12/01/2016

09:02 PM Revision ad477ffa: Remove the broken e-mail options from diag_smart.php. Fixes #6393: Jim Pingle
08:43 PM Revision 66e5d4f2: Print a message about SMART not working on uFW/SG-1000 (smartmontools is not available there): Jim Pingle
04:18 PM Revision 1f4d1851: Remove extraneous ): Renato Botelho
04:17 PM Revision cf15d484: Remove extraneous ): Renato Botelho
04:04 PM Revision f3838572: Fix reversed accounting style: Caio Plumbeo
03:10 PM Bug #6393 (Feedback): SMART service handling is incomplete/missing: Applied in changeset commit:ad477ffafc4491ccc7a9c69686cfdb404e6a7bca. Jim Pingle
11:54 AM Bug #4479: Firewall rules won't match GRE interface after applying IPSEC transport encryption on GRE tunnel: Jim Pingle wrote:
> Testing on 2.4 won't be reliable until #6937 is fixed.
Apparently this only affects mobile IP... Jonathan Black
11:48 AM Bug #6937: Inbound traffic on enc0 is not creating a state with mobile IPsec: After some more testing this appears to be a problem only with mobile IPsec, specifically (at least) IKEv2 EAP-RADIUS... Jim Pingle
11:35 AM Bug #6978 (Not a Bug): Squidguard error page crashing after activating WebGUI PFSENSE https security: Blocking of pages by the capture of SSL works well, however when it activates the https security of webgui, the page ... Paulo Lima
12:53 AM Bug #6975: <Hostname> is omitted when sending logs on syslog: Jim Pingle wrote:
> Remote syslog data doesn't include the hostname, that is up to the receiving log server to handl... Idar Lund

11/30/2016

10:45 PM pfSense Packages Feature #4548: syslog-ng interface doesn't allow rule ordering: Thanks, that's a better solution. ;) Kill Bill
07:04 AM pfSense Packages Feature #4548 (Feedback): syslog-ng interface doesn't allow rule ordering: I've pushed a fix Renato Botelho
07:44 PM Bug #5413: Reduce disruptions when changing DNS records from DHCP leases in Unbound: Michael Marley wrote:
> Unbound is restarted directly by "dhcpleases"
Please post a Github link to the file + lin... ky41083 -
07:32 PM Bug #5413: Reduce disruptions when changing DNS records from DHCP leases in Unbound: With the patch above applied, and "Register DHCP leases in the DNS Resolver" enabled, the Unbound service does not re... ky41083 -
04:17 PM Revision 7f927cf4: Correct "not ready" flag: Steve Beaver
04:16 PM Revision 4a140c44: Correct "not ready" flag: Steve Beaver
03:55 PM Revision b4dd9f25: Allow for slower uFW by removing log file before upgrading, and allowing more time for the PID to appear: Steve Beaver
02:47 PM Revision 9ca5d4ab: Clarified help text for ddnsforcehostname option.: Ross Williams
02:38 PM Revision cfc10a33: Added title to ddnsforcehostname checkbox: Ross Williams
02:29 PM Revision a7e3001c: Removed TODO comment: Ross Williams
12:19 PM Bug #6977 (New): VLAN traffic is erroneously counted as underlying iface (untagged) traffic: On my pfs box I have one port carrying 3 subnets: first untagged and 2 other are VLANs, so the following layout:
igb... Dmitry Kernel
10:02 AM Bug #6963 (Resolved): SSH Keyboard-Interactive Authentication fails on 2.3.2/2.4: Working now Jim Pingle
09:35 AM Bug #6588: PHP suhosin max value length prevents Quagga OSPF from storing a very large zebra.conf: Attempting to store that large of value hits a suhosin variable limit. I updated the description of the ticket to mat... Jim Pingle
08:27 AM Bug #5993: dhcp6c not started until an RA received: I can see why it would end up being called twice since in certain combinations of configurations the script would end... Jim Pingle
03:53 AM Bug #5993: dhcp6c not started until an RA received: JimP, please look at the last entry here. Jim Thompson
02:45 AM Bug #5993: dhcp6c not started until an RA received: Whilst having a look at another issue, the fabled no release on dhcp6c option, I noticed on WAN intergace startup tha... Martin Wasley
08:21 AM Bug #6969 (Resolved): Insufficient error checking on static ARP entries: Jim Pingle
08:19 AM Bug #6969: Insufficient error checking on static ARP entries: Seems fixed in todays 2.4 snapshots.
It won't allow the static DHCP lease to be submitted and the error message giv... Steve Wheeler
07:20 AM Bug #6975 (Rejected): <Hostname> is omitted when sending logs on syslog: Remote syslog data doesn't include the hostname, that is up to the receiving log server to handle. Jim Pingle
03:55 AM Bug #6975 (Rejected): <Hostname> is omitted when sending logs on syslog: When sending "filterlog" over syslog the standard defined in https://doc.pfsense.org/index.php/Filter_Log_Format_for_... Idar Lund
07:16 AM Bug #6976 (Confirmed): Interface group and alias with same name creates firewall syntax error: This is also a problem on 2.4.
Input validation should prevent an alias from using a name that is already an inter... Jim Pingle
06:21 AM Bug #6976 (Resolved): Interface group and alias with same name creates firewall syntax error: The firewall fails to reload when using the same name for an alias and interface group.
Steps to reproduce:
1. Cr... Sander Peterse
07:06 AM pfSense Packages Bug #6547 (Feedback): syslog-ng log browser only shows the first few lines: PR has been merged Renato Botelho
04:05 AM pfSense Packages Bug #6763: Squid ClamAv wrong redirect URL: Frank Pineau wrote:
> I'm seeing the same redirect behavior.
Exact my problem.
So please reopen the issue. @... Richard Eberhard
03:33 AM Revision 1a6bda5b: Add ddnsforcehostname option to DHCP6 Server configuration editor: Ross Williams
03:30 AM Revision cf15bcb4: Add ddnsforcehostname option to DHCP Server configuration editor: Ross Williams
03:21 AM Revision 62abab65: Add ddnsforcehostname option to Static Mapping editor: Ross Williams
03:14 AM Revision f0cce276: Put DDNS hostname config in the wrong place: It is relevant to the interface, not just the per-static-mapping DDNS config. Ross Williams
03:01 AM Bug #6974 (Resolved): radvd enabled on a disconnected interface kills RA completely on all interfaces: After much head scratching about why devices are not getting v6 IPs any more, nothing short of disabling it on the di... Kill Bill
02:55 AM Revision 011f550d: Implement ddns-hostname option emission for static hosts in services.inc.: Ross Williams

11/29/2016

07:34 PM pfSense Packages Bug #6763: Squid ClamAv wrong redirect URL: I'm seeing the same redirect behavior. I can confirm that changing the GUI does update the squidclamav.conf file as i... Frank Pineau
07:18 PM Revision 75e80f16: If there are input errors when creating a user certificate from the user manager, stop and show the errors rather than appearing to fail silently. Fixes #6953: Jim Pingle
07:13 PM Revision 2cf5db21: Ensure that the submitted private key matches the certificate or CA when importing. Ticket #6953: Jim Pingle
06:48 PM Revision ab63443a: Fix certificate generation for CAs without a serial set on import. Fixes #6952: Jim Pingle
06:45 PM Bug #6588: PHP suhosin max value length prevents Quagga OSPF from storing a very large zebra.conf: Yet another Chris left so the bug went into an unassigned state.
JimP please verify, and assign back to me if we c... Jim Thompson
06:34 PM Revision 80080a0c: When deleting a CA, do not delete all certificates from this CA, only remove the CA reference from certificates that used this CA, as the relationship can be rebuilt if needed. Also, prevent in-use CAs from being deleted and print a list of places a CA is used, similar to the output on certificates. Fixes #6947: Jim Pingle
06:32 PM Revision e2c718c8: Add some CA in-use test utility functions. Ticket #6947: Jim Pingle
05:01 PM Revision cce6c834: Fix the static ARP test: Jim Pingle
04:57 PM Revision 04fe6f00: Update setup_wizard.xml: (cherry picked from commit b0b2af901f352dbbaad0b09d06fe7adb105ff7a4) Jonathon Anderson
04:57 PM Revision 04d7836b: LAN IP validation logic: (cherry picked from commit 6a365a4c80aced41ec87ad93ed2c986d9935a4ea) Jonathon Anderson
04:57 PM Revision d1a4cb8d: Update setup_wizard.xml: (cherry picked from commit 3ad0f9b63f690f77cf8c4d398b521eba6909f0bc) Jonathon Anderson
04:57 PM Revision ab5f464a: update conditional re:LAN dhcp: (cherry picked from commit 0eb2512f93c7e187511ea258948715c2e230e98f) Jonathon Anderson
04:57 PM Revision bdffccfd: update LAN regex for case insensitivity: (cherry picked from commit 32980f321e854bf008efa04ee9187553231b6423) Jonathon Anderson
04:56 PM Revision 31ec01c3: Merge pull request #3219 from NonSecwitter/patch-2: Renato Botelho
04:53 PM Revision 4a77c4ea: - added support for duiadns.net ipv4 and ipv6: (cherry picked from commit 19b7263e859243adfcf6588533cb47b4c768765e) Ionut
04:53 PM Revision 473f37a9: Merge pull request #3239 from duiadns/master: Renato Botelho
04:40 PM Revision 6cade780: IPv6 address can contain a dot: When requiring the entry of an IPv6 address, the regex pattern should still allow a dot, so that an IPv6 address can ... Phil Davis
04:39 PM Revision 6a320efb: Merge pull request #3241 from phil-davis/patch-2: Renato Botelho
04:37 PM Revision 6e623580: Captive portal: use "Admin Reset" as termination cause when disconnecting a user from admin UI: When a user is disconnected by the administrator using the pfSense captive portal status page or widget set the value... Caio Plumbeo
04:37 PM Revision 993ff722: Merge pull request #3243 from plumbeo/term-cause: Renato Botelho
04:33 PM Revision 7b861bce: clarified input format hint for expiration date: (cherry picked from commit 98b87cfafe8a890787ca5d22a1089678b9b250ac) Jonathon Anderson
04:33 PM Revision 890a80eb: Merge pull request #3244 from NonSecwitter/patch-3: Renato Botelho
03:53 PM Revision 7a9c12b3: Improve input validation on static ARP for DHCP static mapping entries, also prevent the backend from attempting to apply entries with insufficient information stored. Fixes #6969: Jim Pingle
02:47 PM Revision 98b87cfa: clarified input format hint for expiration date: Jonathon Anderson
02:34 PM Revision 2a119ed3: Captive portal: use "Admin Reset" as termination cause when disconnecting a user from admin UI: When a user is disconnected by the administrator using the pfSense captive portal status page or widget set the value... Caio Plumbeo
02:29 PM Revision 481db4fe: Reword/rework wireless note on assignment page. Ticket #6770: Jim Pingle
01:24 PM Bug #6947: Deleting an external CA wipes certificates in use: The cert case is much simpler since there is a field for that directly. All the code has to check for is that the cer... Jim Pingle
01:13 PM Bug #6947: Deleting an external CA wipes certificates in use: Jim Pingle wrote:
> That would require some more work to detect if it's the GUI cert's issuer.
Hmmm well, that al... Kill Bill
01:08 PM Bug #6947: Deleting an external CA wipes certificates in use: That would require some more work to detect if it's the GUI cert's issuer, and the GUI cert could be self-signed, sin... Jim Pingle
01:06 PM Bug #6947: Deleting an external CA wipes certificates in use: Looks pretty good. CA in use detection works (tested with OpenVPN server, IPsec and LDAP), plus can no longer be dele... Kill Bill
12:40 PM Bug #6947 (Feedback): Deleting an external CA wipes certificates in use: Applied in changeset commit:80080a0c8b5949b1af97d1d49b4cc834d06875cf. Jim Pingle
01:19 PM Bug #6953 (Feedback): on mismatching private key for CA, "edit user" silently creates user cert using different CA: I was unable to reproduce the problem exactly as stated, but I added validation code to prevent incorrect keys from b... Jim Pingle
12:50 PM Bug #6952 (Feedback): Generating user certs from imported CA fails silently when no starting serial# is set: Applied in changeset commit:ab63443a9184f42f6a47907e5f2d3fbab6ff043e. Jim Pingle
11:16 AM Bug #4479: Firewall rules won't match GRE interface after applying IPSEC transport encryption on GRE tunnel: Testing on 2.4 won't be reliable until #6937 is fixed. Jim Pingle
11:15 AM Bug #4479: Firewall rules won't match GRE interface after applying IPSEC transport encryption on GRE tunnel: It appears to be worse than before now too.... ICMP doesn't work across the tunnel now either. Jonathan Black
11:07 AM Bug #4479: Firewall rules won't match GRE interface after applying IPSEC transport encryption on GRE tunnel: Jorge Albarenque wrote:
> I can confirm this still occurs on 2.3.2. Probably worth checking on 2.4 since Chris had m... Jonathan Black
04:47 AM Bug #4479: Firewall rules won't match GRE interface after applying IPSEC transport encryption on GRE tunnel: I can confirm this still occurs on 2.3.2. Probably worth checking on 2.4 since Chris had mentioned it seemed to be re... Jorge Albarenque
10:50 AM pfSense Packages Bug #6603: pfblockerng's Unbound modifications leave system broken post-config restore: It's still a problem on 2.3 and 2.4... Jim Pingle
10:00 AM Bug #6969 (Feedback): Insufficient error checking on static ARP entries: Applied in changeset commit:7a9c12b3d6e01e11ec0af3a6690a5c3de2fbbd2e. Jim Pingle
09:35 AM Bug #6973 (Duplicate): OpenVPN fails to verify client certificate when using intermediate CAs to sign server/user certs: Duplicate of #2800 which is fixed on 2.4 already. Jim Pingle
09:22 AM Bug #6973 (Duplicate): OpenVPN fails to verify client certificate when using intermediate CAs to sign server/user certs: I am using pfSense and OpenVPN with a few intermediate CAs to seperate VPN servers by project:... Harald Linden
08:31 AM Bug #6770 (Resolved): 802.11 stack on FreeBSD 11 requires changes to support its new device creation method: It's working well now.
I updated the wiki and book to follow the new requirement, and made a slight adjustment to ... Jim Pingle
07:13 AM Bug #6972: "Are you sure you wish to?" prompts and other issues with deleting networks from network-type aliases: An example:
!https://s14.postimg.org/7fgw3jrxd/aliases_delete_wth.png! Kill Bill
07:02 AM Bug #6972 (Resolved): "Are you sure you wish to?" prompts and other issues with deleting networks from network-type aliases: I randomly keep getting a nonsensical "Are you sure you wish to?" prompt when deleting networks from network-type al... Kill Bill

11/28/2016

10:09 PM pfSense Packages Bug #6968: Snort VRT Rules Fail to automatically update SSL read error: Well, apparently not a package bug. Kill Bill
05:31 PM pfSense Packages Bug #6968: Snort VRT Rules Fail to automatically update SSL read error: Kill Bill wrote:
> You have pfBNG installed and Amazon S3 blocked?
Nope only package I have installed is snort.
... rub man
09:43 AM pfSense Packages Bug #6968: Snort VRT Rules Fail to automatically update SSL read error: You have pfBNG installed and Amazon S3 blocked? Kill Bill
08:54 AM pfSense Packages Bug #6968 (Rejected): Snort VRT Rules Fail to automatically update SSL read error: pfsense version: 2.3.2-RELEASE-p1 (amd64)
Snort Version: 3.2.9.1_14
Automatic update fails with following errors... rub man
09:14 PM pfSense Packages Bug #6971 (Closed): Interfaces.php: "Reserved Networks" checkboxes not shown: Using Windows 10 snap window function to resize Firefox to half the display size causes the checkboxes on Reserve Net... Bart K
09:12 PM Bug #4479: Firewall rules won't match GRE interface after applying IPSEC transport encryption on GRE tunnel: yet another case where we lost track of the bug because Chris just removed himself when he left.
assigned back to ... Jim Thompson
09:08 PM Bug #6938: DNS with OpenVPN gateway specified is routed through wrong interface. 2.4 regression.: i think this is a freebsd bug, might be fixed. Jim Thompson
09:04 PM Bug #6947: Deleting an external CA wipes certificates in use: please validate and hand back. Jim Thompson
09:03 PM Feature #6960: Introduce Kea DHCP as an alternative DHCP server for IPv4 and IPv6: they moved because it's better.
but they have a really large environment.
we've known about kea for a while. (... Jim Thompson
08:57 PM pfSense Packages Bug #6603: pfblockerng's Unbound modifications leave system broken post-config restore: JimP, please verify, and if not valid, close.
If valid, please hand-off to bbcan117 Jim Thompson
08:11 PM Bug #6970 (Rejected): Update pfSense 2.3 to Unbound 1.5.10: It's already in 2.3.3 snapshots Jim Pingle
07:57 PM Bug #6970 (Rejected): Update pfSense 2.3 to Unbound 1.5.10: I noticed the Unbound version pfSense is shipping is a bit old at 1.5.9. The latest release is 1.5.10. The .10 releas... Brad Smith
03:35 PM Revision d68efad1: Fix System Update link: Renato Botelho
03:35 PM Revision 85b36c34: Fix System Update link: Renato Botelho
01:16 PM Revision cacbc2cb: Send packages to files03 too: Renato Botelho
01:16 PM Revision f74e2105: Send packages to files03 too: Renato Botelho
01:15 PM Revision c3d2384b: Send packages to files03 too: Renato Botelho
12:01 PM Bug #6969 (Confirmed): Insufficient error checking on static ARP entries: Adding a note to clarify: It is OK for "IP address" to be blank/empty if "ARP Table Static Entry" is unchecked. Jim Pingle
11:40 AM Bug #6969 (Resolved): Insufficient error checking on static ARP entries: When creating a static DHCP lease entry the GUI input checking does not prevent checking 'static ARP' without enterin... Steve Wheeler
11:14 AM Bug #6963: SSH Keyboard-Interactive Authentication fails on 2.3.2/2.4: Applied in changeset commit:b35fc4331ac78f9459db00be04dc6b077f168593. Jim Pingle
08:43 AM Bug #6223: IPsec + OpenBGPD fails with "PF_KEY socket: No buffer space available": To all having this problem - while there is no fix yet, I have put together a workaround I have been using successful... Firstname Surname
08:08 AM Bug #6966: Display bug in Status / IPsec / Overview: Jim Pingle wrote:
> That page outputs what is given to it by strongSwan. Check the output of "ipsec statusall" from ... Lars Jorgensen
07:35 AM Bug #6966 (Feedback): Display bug in Status / IPsec / Overview: That page outputs what is given to it by strongSwan. Check the output of "ipsec statusall" from the console when it's... Jim Pingle
06:10 AM Bug #6966 (Resolved): Display bug in Status / IPsec / Overview: I have to IPsec tunnels configured. If one goes up, it is reported as both connected and disconnected in two separate... Lars Jorgensen
07:41 AM Bug #6967 (Resolved): DH Groups 22, 23, 24 missing from Phase 2 selection GUI: When configuring IPSec you can select DH Groups 22-24 for Phase 1, but for Phase 2 they are missing from the GUI.
... Sec Sec

11/27/2016

06:31 PM pfSense Packages Bug #6763: Squid ClamAv wrong redirect URL: And as for "the GUI does nothing":
!https://s15.postimg.org/fk5zywtsr/clamav_redirect_empty.png!... Kill Bill
06:04 PM pfSense Packages Bug #6763: Squid ClamAv wrong redirect URL: The default URL is set to the pfSense GUI URL on package install. Simply because that's the only sensible default. Th... Kill Bill
02:40 PM pfSense Packages Bug #6763: Squid ClamAv wrong redirect URL: See: https://forum.pfsense.org/index.php?topic=115323.0 Richard Eberhard
02:39 PM pfSense Packages Bug #6763: Squid ClamAv wrong redirect URL: Kill Bill wrote:
> Richard Eberhard wrote:
> > I also tried adding a redirect command in the custom squid config: n... Richard Eberhard
08:28 AM pfSense Packages Bug #6763 (Not a Bug): Squid ClamAv wrong redirect URL: Jim Pingle
04:08 AM pfSense Packages Bug #6763: Squid ClamAv wrong redirect URL: No bug here, let alone "very high" severity, can be closed. This is configurable in the GUI as shown above. Kill Bill
06:28 PM Bug #6223: IPsec + OpenBGPD fails with "PF_KEY socket: No buffer space available": Has anyone attempted this with 2.4 beta? I've already burned my downtime allowance testing with 2.3.x versions and va... Michael OBrien
05:53 PM pfSense Packages Bug #6562: Bug/Wrong description in the squid settings: Yes, set CN property surprisingly sets CN property. Sigh. Because that's exactly the purpose of the feature. Set != s... Kill Bill
02:46 PM pfSense Packages Bug #6562: Bug/Wrong description in the squid settings: Kill Bill wrote:
> Sorry, but browser thinking a certificate is valid when it's not is NOT a Squid issue. Stop doing... Richard Eberhard
08:30 AM pfSense Packages Bug #6562 (Not a Bug): Bug/Wrong description in the squid settings: Jim Pingle
04:16 AM pfSense Packages Bug #6562: Bug/Wrong description in the squid settings: Sorry, but browser thinking a certificate is valid when it's not is NOT a Squid issue. Stop doing HTTPS MITM if you h... Kill Bill
08:34 AM pfSense Packages Bug #5701 (Not a Bug): Sarg does not delete cron entry: Jim Pingle
08:04 AM pfSense Packages Bug #5701: Sarg does not delete cron entry: Ale Feltes wrote:
> I can't see issue's status control. I can only add comments.
That was aimed @pfSense guys. :) Kill Bill
07:06 AM pfSense Packages Bug #5701: Sarg does not delete cron entry: I can't see issue's status control. I can only add comments. Ale Feltes
04:35 AM pfSense Packages Bug #5701: Sarg does not delete cron entry: Package no longer exists in 2.3+, use lightsquid.
Please, close.
Kill Bill
08:34 AM pfSense Packages Bug #3986 (Closed): BandwidthD can break php-fpm in unknown rare edge case: Jim Pingle
04:56 AM pfSense Packages Bug #3986: BandwidthD can break php-fpm in unknown rare edge case: Package gone, please close. Kill Bill
08:33 AM pfSense Packages Feature #2170 (Closed): Enable AirPrint mdns via Avahi: Jim Pingle
04:43 AM pfSense Packages Feature #2170: Enable AirPrint mdns via Avahi: This already works with Avahi as noted above. Please, close this. Kill Bill
08:32 AM pfSense Packages Bug #4676 (Rejected): Avahi & .local domain in config file: Jim Pingle
04:41 AM pfSense Packages Bug #4676: Avahi & .local domain in config file: Cannot be reproduced plus concerns obsolete 2.2.x PBI stuff.
Please, close. Kill Bill
08:31 AM pfSense Packages Bug #4301 (Closed): arpwatch not sending email reports on 2.2: Jim Pingle
04:37 AM pfSense Packages Bug #4301: arpwatch not sending email reports on 2.2: Package no longer exists in 2.3+, please close. Kill Bill
08:31 AM pfSense Packages Feature #6141 (Resolved): Convert apcupsd package to 2.3: Jim Pingle
04:33 AM pfSense Packages Feature #6141: Convert apcupsd package to 2.3: Been already done, can be closed.
https://github.com/pfsense/FreeBSD-ports/commits/devel/sysutils/pfSense-pkg-apcupsd Kill Bill
08:30 AM pfSense Packages Bug #6252 (Not a Bug): Can't access darkstat if webgui is on HTTPS.: Jim Pingle
04:25 AM pfSense Packages Bug #6252: Can't access darkstat if webgui is on HTTPS.: Darkstat does not support HTTPS. Cannot be fixed in the package. The issue is HSTS headers set by pfSense nginx. Best... Kill Bill
08:30 AM pfSense Packages Bug #6485 (Rejected): Squid garbage collection is a blocking thread and stops all network traffic: Jim Pingle
04:20 AM pfSense Packages Bug #6485: Squid garbage collection is a blocking thread and stops all network traffic: Upstream bug tracker for Squid is at http://bugs.squid-cache.org/describecomponents.cgi?product=Squid - the pfSense p... Kill Bill
08:29 AM pfSense Packages Bug #6497 (Closed): Squid3 web GUI page not saving settings for users in custom system privileged groups in v 2.2.2: Jim Pingle
04:13 AM pfSense Packages Bug #6497: Squid3 web GUI page not saving settings for users in custom system privileged groups in v 2.2.2: 2.2.x is dead, plus this would not be a Squid package bug at all. Please, close this. Kill Bill
08:28 AM pfSense Packages Bug #6814 (Not a Bug): pfBlockerNG cannot define table pfB_Europe_v6 after pfsense upgrade to 2.3.2-RELEASE (amd64): Jim Pingle
04:05 AM pfSense Packages Bug #6814: pfBlockerNG cannot define table pfB_Europe_v6 after pfsense upgrade to 2.3.2-RELEASE (amd64): No bug here, can be closed. Kill Bill
06:32 AM pfSense Packages Feature #6965 (Resolved): suricata + snort - making custom passlist additive to the default one: It'd seriously help to have a checkbox that'd simply _add_ whatever custom alias(es) to the default passlist, instead... Kill Bill
04:39 AM Feature #5619: Curl with ARES support: This is misfiled under Packages product, any changes here would need to be done in pfSense core. Kill Bill

11/26/2016

09:15 PM pfSense Packages Bug #6047: syslog-ng does not logrotate: Well, this still does not work properly at least with bzip2, because:... Kill Bill
04:19 PM Revision b0b2af90: Update setup_wizard.xml: Jonathon Anderson
04:18 PM pfSense Packages Bug #6690: SURICATA IPS Issue - Kills VLANS & Traffic Shaper: There's already #6023 for netmap + shaping. Kill Bill
02:12 PM Bug #5649: bce0: Discard frame w/o leading ethernet header (len 0 pkt len 0): I believe this issue can now be closed.
After using pci-stub on the Linux host for the two NIC's in question, whic... Matt Parnell
12:21 PM pfSense Packages Bug #6964 (Resolved): Host OS Policy Assignment broken when using "Import" or "Aliases" buttons: The policy always gets assigned to the first instance (normally probably WAN) when you either
- use the Import butto... Kill Bill
10:41 AM Revision b8678b63: IPv6 address can contain a dot: When requiring the entry of an IPv6 address, the regex pattern should still allow a dot, so that an IPv6 address can ... Phil Davis
06:44 AM pfSense Packages Bug #6389: Suricata typo under interface rules tab: https://github.com/pfsense/FreeBSD-ports/pull/220 Kill Bill
06:38 AM pfSense Packages Bug #5938: Link for Signing up for ETPro account got changed - Suricata: This got broken again. Together with some other cosmetics, this is fixed by https://github.com/pfsense/FreeBSD-ports/... Kill Bill

11/25/2016

10:27 PM Bug #6962: GUI allows selecting missing diffe-helman Paremeters for OpenVPN: My vote would be either to grey out or remove the missing parameters from the OpenVPN dropdown, or to kick off a back... Andy Sayler
09:25 AM Bug #6962 (Confirmed): GUI allows selecting missing diffe-helman Paremeters for OpenVPN: The GUI should probably grey out or otherwise note the selections without available files. Or maybe check for @/etc/d... Jim Pingle
09:04 PM Revision 19b7263e: - added support for duiadns.net ipv4 and ipv6: Ionut
08:17 PM Revision 8505ccf0: Disable PAM when using only key-based authentication, otherwise keyboard-interactive fails. Fixes #6963: Jim Pingle
08:17 PM Revision ec64b0a8: Disable PAM when using only key-based authentication, otherwise keyboard-interactive fails. Fixes #6963: Jim Pingle
08:08 PM Revision b35fc433: Disable PAM when using only key-based authentication, otherwise keyboard-interactive fails. Fixes #6963: Jim Pingle
05:09 PM Revision 6be782ed: increase webgui usability when the remote ldap server isn't available: (cherry picked from commit b77a63948b4bd54f3d2e6e9d3822588105fb5741) Pi Ba
05:09 PM Revision 23a8dae0: Merge pull request #3196 from PiBa-NL/authfallbackspeed: Renato Botelho
05:06 PM Revision 54098908: ipsec mobile clients, don't check mobile leases if mobile client isn't enabled to begin with: (cherry picked from commit 339279415ced4aaaafb96fc14a334a172b8db49f) Pi Ba
05:06 PM Revision ba2253da: Merge pull request #3212 from PiBa-NL/ipsec-mobile-leasecheck: Renato Botelho
05:05 PM Revision 9e2fa369: Improved error message to explicitly state allowable characters: Related to Bug #6432.
(cherry picked from commit 3b55b54e9c76998a2b0e28897a0be79d5cf0cb8f) Sean McBride
05:05 PM Revision 823091b1: Merge pull request #3216 from seanm/master: Renato Botelho
05:01 PM Revision f968d06d: DHCPv6 ddnsdomainprimary must currently be IPv4: This field is currently validated to allow only an IPv4 address to be entered, so it may as well be consistent client... Phil Davis
05:00 PM Revision d0e73557: Merge pull request #3231 from phil-davis/patch-8: Renato Botelho
04:59 PM Revision 19509df3: services_dhcp_edit add extra IPv4 validation: a) Validate that ipaddr must be IPv4 (note if you enter an IPv6 address, it will fail other later tests of being in t... Phil Davis
04:59 PM Revision ab97c6aa: Merge pull request #3230 from phil-davis/patch-7: Renato Botelho
04:48 PM Revision e9544016: Specify the IP address family in interfaces.php: Where it is known what sort of IP address is required, we can specify it in the call to Form_IpAddress. That will mak... Phil Davis
04:48 PM Revision 8adb1946: Merge pull request #3226 from phil-davis/patch-3: Renato Botelho
04:47 PM Revision 57808367: Keep the rule type selection after input errors on firewall rule: If the user:
a) Edit a firewall rule
b) Select "single host or alias"
c) Enter an invalid IP address that is not an a... Phil Davis
04:47 PM Revision 81e2aa25: Merge pull request #3224 from phil-davis/patch-2: Renato Botelho
04:45 PM Revision fbcdf576: add All-Inkl to services.class: (cherry picked from commit 360f3a9011d143944fcd8e5e6b69fced2f9baaf7) Christoph Filnkößl
04:45 PM Revision 3c2a6448: add All-Inkl to dyndns.class: (cherry picked from commit 575b1dcf0bdb28c431fca420d27bdedf579ec9c4) Christoph Filnkößl
04:45 PM Revision 75357823: Merge pull request #3223 from filnko/patch-1: Renato Botelho
04:11 PM Bug #6963 (Feedback): SSH Keyboard-Interactive Authentication fails on 2.3.2/2.4: I pushed a fix as stated. Works fine with and without key-based auth. Needs more testing once it hits snaps. Jim Pingle
02:15 PM Bug #6963 (Resolved): SSH Keyboard-Interactive Authentication fails on 2.3.2/2.4: The ssh authentication "keyboard-interactive" method fails on 2.3.2 and 2.4
This is due to the use of @UsePAM no@ ... Jim Pingle
09:28 AM Feature #6961 (Duplicate): IPv4/IPv6 Dual-Stack IPSEC mobile vpn: Duplicate of #6886 Jim Pingle

11/24/2016

04:21 PM Bug #6962: GUI allows selecting missing diffe-helman Paremeters for OpenVPN: Uhm... generating these "on demand" is a horrible idea. Should be either pre-shipped or user told to do the job. User... Kill Bill
03:58 PM Bug #6962 (Resolved): GUI allows selecting missing diffe-helman Paremeters for OpenVPN: When trying to use a 3072-bit Diffie-Hellman parameter with the OpenVPN server, the following error is logged and the... Andy Sayler
12:43 PM Revision f6bea44d: Silence kenv calls: Renato Botelho
12:43 PM Revision 411f439a: Silence kenv calls: Renato Botelho
12:21 PM pfSense Packages Bug #6547: syslog-ng log browser only shows the first few lines: Kinda difficult to come with "pfSense native firewall"-like GUI, considering there's no pattern about what's going to... Kill Bill
11:26 AM pfSense Packages Feature #4548: syslog-ng interface doesn't allow rule ordering: See https://github.com/pfsense/FreeBSD-ports/pull/218 Kill Bill
09:31 AM Feature #6961 (Duplicate): IPv4/IPv6 Dual-Stack IPSEC mobile vpn: It would be nice to have possibility to create Phase1 IPSec for Mobile Clients - for both IPv4 and IPv6.
Currently... Vladimir Lind
07:51 AM Feature #6960: Introduce Kea DHCP as an alternative DHCP server for IPv4 and IPv6: It looks like Facebook migrated to Kea DHCP. Should be for a good reason [[https://code.facebook.com/posts/8459090588... Raul Ramos
06:51 AM Feature #6960 (Resolved): Introduce Kea DHCP as an alternative DHCP server for IPv4 and IPv6: I think it would be a good idea to at least take a look at kea dhcp by ISC. It seems to be a much better solution for... Bogdan P
07:22 AM pfSense Packages Bug #6492 (Resolved): Syslog-ng configuration file warning is treated as syntax error: Renato Botelho
07:05 AM pfSense Packages Bug #6492: Syslog-ng configuration file warning is treated as syntax error: Already fixed by https://github.com/pfsense/FreeBSD-ports/commit/5f79e53dcae89bb185279ba2164a99891bb70dfd Kill Bill
03:28 AM Bug #6959 (Feedback): Remove or rename "LiveCD" option in the 2.4 installer: Done Renato Botelho
03:24 AM Bug #6762: "Please match the requested format" error in Chrome when editing certain form fields: I'm still having this issue.
Norwegian settings in Chromve version 55.0.2883.59
I get the error when trying to ad... Øistein Kjos

11/23/2016

06:47 PM Revision 581aa622: Added addrtolower() to interface pages: Steve Beaver
06:47 PM Revision 5af93827: Added addrtolower() to interface pages: Steve Beaver
02:36 PM Revision 3947f294: Add a note that wireless clones must be created before they can be assigned. This should fix #6770: Renato Botelho
02:35 PM Bug #6850: FreeBSD 11.0 Route Syntax Change For Non-Local Gateway: After going into System -> Routing -> Gateways, clicking edit on the current gateway outside the subnet, don't even h... Ken Sim
02:34 PM Revision 656ed1af: Start wireless clone count from 0: Renato Botelho
02:23 PM Bug #6959 (Resolved): Remove or rename "LiveCD" option in the 2.4 installer: When booting the 2.4 install media, the first screen of the installer offers a "Live CD" choice that is confusing to ... Jim Pingle
02:11 PM Revision 930ca820: Change wireless interface description: Renato Botelho
12:51 PM Bug #6958 (Resolved): services_dhcp_relay.php: Needs to be converted to more recent rowhelper standard: Page still uses the deprecated setIsRepeated() method on the group. We no longer do that. Anonymous
12:18 PM Bug #6957 (Closed): CARP arp reply with wrong src mac: The problem is same as https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=141023
I find a patch on pfsense/FreeBSD-sr... zhiwu shan
12:01 PM Feature #6956 (New): Allow more control over concurrent logins: Currently there is a checkbox that allows concurrent logins, or not. I'd like to be able to replace that binary check... Michael Newton
11:56 AM Bug #6955 (Resolved): The uniqid of the virtual IP address is lost when you modify the vip type: My interfaces：LAN, WAN, WAN2
1、I add IP Alias VIP 155.155.155.155 on WAN2, it's ok. Get the uniqid: 5831b1cbbbdcd
... zhiwu shan
09:47 AM Bug #6954 (Resolved): New installer has no "Quick/Easy" installation option: The new installer has a number of useful options but there is no choice that replicates the "Quick/Easy Install" opti... Jim Pingle
09:46 AM Bug #6770 (Feedback): 802.11 stack on FreeBSD 11 requires changes to support its new device creation method: After discussed it, we decided to let user create wireless clone interface before assign it and remove any special tr... Renato Botelho
07:42 AM Bug #6770: 802.11 stack on FreeBSD 11 requires changes to support its new device creation method: It works on the latest CE snapshot from overnight, but there is one regression from the previous behavior. At the mom... Jim Pingle
04:40 AM Bug #6770: 802.11 stack on FreeBSD 11 requires changes to support its new device creation method: Kill Bill wrote:
> I guess you produced a typo in the latest commit.
>
> [...]
>
> https://github.com/pfsense/... Renato Botelho
08:06 AM Bug #6953 (Resolved): on mismatching private key for CA, "edit user" silently creates user cert using different CA: Steps to reproduce:
* have existing internal CA
* import external CA (in my case, signed by the internal CA but g... Harald Linden
06:59 AM Bug #6952 (Resolved): Generating user certs from imported CA fails silently when no starting serial# is set: Steps to reproduce:
* Import external CA
* Do not set "Serial for next certificate"
* Try to create a user certi... Harald Linden
12:41 AM Revision 5794e197: Fix typo. Ticket #6770: Jim Pingle

11/22/2016

05:54 PM Revision ae7d6aca: Ticket #6770: Create a function to list available wireless interfaces and include model description: Renato Botelho
05:40 PM Revision d3343d02: Ticket #6770: Detect wlan interfaces from sysctl net.wlan.devices: Renato Botelho
04:56 PM Bug #6770: 802.11 stack on FreeBSD 11 requires changes to support its new device creation method: I guess you produced a typo in the latest commit.... Kill Bill
04:49 PM Bug #6931 (Resolved): Status > Filter Reload page is confusingly worded: Renato Botelho
02:48 PM Bug #6931: Status > Filter Reload page is confusingly worded: Wow, this is much better than before, shows complete progress output now. 8-) Thanks. Kill Bill
04:23 PM Revision ac516731: Ticket #6770: Update wireless regex to match FreeBSD 11: Renato Botelho
03:45 PM Revision 499ff8fc: Added addrtolower calls to force IPv6 addresses to lower case: First of many Steve Beaver
03:45 PM Revision 5100064f: Added addrtolower calls to force IPv6 addresses to lower case: First of many Steve Beaver
09:51 AM Bug #6864 (Assigned): Error checking rejects IPv6 addresses with upper case A-F.: Force IPv6 to lowercase via addrtolower() has been added to:
firewall_aliases_edit.php
firewall_rules_edit.php
... Anonymous
09:48 AM Bug #6918 (Closed): Javascript Lowercase for IPv6 addresses prevents use of aliases with capital letters: Closed in favor of #6864 Anonymous
09:40 AM Bug #6945: Firewall alias naming restrictions are too limiting: What happens if you use www.xn--bcher-kva.ch as the name to block in the rule?
Is that effective?
I wonder if pf ... Phillip Davis
09:33 AM Bug #6946 (Not a Bug): Unable to override dns servers in dhcp server: Most likely it's a configuration issue and not a bug. It's best to discuss this on the forum before opening a bug rep... Jim Pingle
09:22 AM Bug #6946: Unable to override dns servers in dhcp server: What appears in /var/dhcpd/etc/dhcpd.conf ?
When I put specific DNS servers in there, I get a line like:
option dom... Phillip Davis
08:37 AM pfSense Packages Feature #6951 (Resolved): Disable Auto Config Backup without uninstalling: The only way to disable the auto config backup package after the credentials have been entered is to uninstall it. Th... Steve Wheeler
08:32 AM pfSense Packages Bug #6950 (Resolved): Auto Config Backup always reports success: The 'Backup Now' function always reports 'Backup completed successfully.' even if the backup to the server failed. If... Steve Wheeler
06:44 AM pfSense Packages Bug #6410 (Resolved): when PFSENSE after server restart,openvpn+motp not login: Fixed by #6900 Jim Pingle
02:23 AM pfSense Packages Bug #6410: when PFSENSE after server restart,openvpn+motp not login: SOLVED: Did update with Version freeradius2 1.7.4 and everything runs fine now Johannes Goldynia
12:19 AM Revision dd98dfcc: The bug was actually the missing new line ('\n') on poudriere bulk list.: Luiz Souza
12:08 AM Revision 78dd16ee: net/hping does not build on ARM, exclude it from poudriere builds.: Luiz Souza

11/21/2016

07:37 PM Revision 028596d8: Revise filter_reload page to display entire reload_filter_status contents, not just last line: Steve Beaver
07:36 PM Revision d00157df: Revise filter_reload page to display entire reload_filter_status contents, not just last line: Steve Beaver
06:58 PM Revision 71b86385: Revise shaper wizards to support multi-line filter_reload_status: Steve Beaver
06:57 PM Revision de1425d9: Revise shaper wizards to support multi-line filter_reload_status: Steve Beaver
06:54 PM Revision 5bf9c6f7: Revise update_filter_relaod_status() function to append status messages rather than overwrite the file: Steve Beaver
06:53 PM Revision 4f7956ad: Revise update_filter_relaod_status() function to append status messages rather than overwrite the file: Steve Beaver
04:49 PM Revision df995721: Merge branch 'master' of git.netgate.com:pfsense/pfsense: Steve Beaver
04:47 PM Revision a7391526: Fixed #6922: Added code for IPv6 Dynamic DNS Steve Beaver
04:46 PM Revision 707e1ac2: Fixed #6922: Added code for IPv6 Dynamic DNS Steve Beaver
04:12 PM Revision 9e8a731d: Remove deprecated code: Renato Botelho
04:12 PM Revision 23960be7: /var/etc/* has been removed above: Renato Botelho
04:06 PM Revision fc84b222: Remove config files symlinks from /etc to /var/etc. Fixes #5538: Renato Botelho
04:06 PM Revision a5dd605a: We don't need to remove newsyslog.conf: Renato Botelho
03:38 PM Revision f6973634: Fixed #6939 by moving CSS only to the two pages that require it: Steve Beaver
03:37 PM Revision dd455f50: Fixed #6939 by moving CSS only to the two pages that require it: Steve Beaver
02:05 PM Revision c945d7a5: This should be 'default' rather than 'panic' or some non-panic crashes will land at a debugger prompt rather than rebooting.: Jim Pingle
01:51 PM Bug #6931: Status > Filter Reload page is confusingly worded: Thanks for looking into it (it's not like the exact messages would be really critical, but it was an indication of a ... Kill Bill
01:43 PM Bug #6931: Status > Filter Reload page is confusingly worded: The root cause of the issue was that the filter reload process over-wrote the status file with every message, so ther... Anonymous
11:59 AM Bug #6931: Status > Filter Reload page is confusingly worded: The system I was testing on was too fast to notice the intermediate messages. Thanks for pointing that out. Fix coming. Anonymous
11:21 AM Bug #6931: Status > Filter Reload page is confusingly worded: I'm very sure the thing has actually been displaying _real_ activity during reload. Such as, loading the various pack... Kill Bill
11:14 AM Bug #6931: Status > Filter Reload page is confusingly worded: Previously when visiting the page from the status menu the page would say that it was reloading the filter then after... Anonymous
10:23 AM Bug #6931: Status > Filter Reload page is confusingly worded: Uhm, dunno guys, it appears to me like this made the thing basically no-op? Previously, it's been showing what's goin... Kill Bill
12:34 PM Revision 0529323f: Force textdump, it should fix #6943: Renato Botelho
12:34 PM Revision a7d88d2c: Add our own ddb.conf: Renato Botelho
10:58 AM Bug #6922 (Resolved): Dynamic DNS widget broken with Custom v6 entries: Anonymous
10:57 AM Bug #6922: Dynamic DNS widget broken with Custom v6 entries: Works, thanks.
!https://s22.postimg.org/kxalm38rl/screenshot_dyndns_widget.png! Kill Bill
10:54 AM Bug #6922: Dynamic DNS widget broken with Custom v6 entries: Added code to handle IPv6 (cache file has "_v6" appended) Anonymous
10:50 AM Bug #6922: Dynamic DNS widget broken with Custom v6 entries: Applied in changeset commit:a7391526c83a8d4b33e81d730141a4811ae8d482. Anonymous
09:38 AM Bug #6922: Dynamic DNS widget broken with Custom v6 entries: ... Kill Bill
08:58 AM Bug #6922 (Feedback): Dynamic DNS widget broken with Custom v6 entries: Kill Bill,
Could you post or send me the contents of the /cf/conf/*.cache file that pertains to he HEIPV6 entry pl... Anonymous
10:57 AM Bug #6864: Error checking rejects IPv6 addresses with upper case A-F.: See #6918
A new function has been provided to force IPv6 to lower case on save. This is being added to GUI pages as ... Anonymous
10:13 AM pfSense Packages Bug #6939 (Resolved): HAproxy - backend server list broken with recent 2.3.3 snapshots: Renato Botelho
09:52 AM pfSense Packages Bug #6939: HAproxy - backend server list broken with recent 2.3.3 snapshots: Fixed. Dragging below/above the visible window in FW rules works, HAproxy and Status_Traffic_Totals still have the re... Kill Bill
09:50 AM pfSense Packages Bug #6939: HAproxy - backend server list broken with recent 2.3.3 snapshots: Applied in changeset pfsense:commit:f6973634c34b34908644e2df17154274d2ab12be. Anonymous
09:40 AM pfSense Packages Bug #6939: HAproxy - backend server list broken with recent 2.3.3 snapshots: Applied in changeset pfsense:commit:dd455f50b7be7957428b0733b5b2c93ccba9e284. Anonymous
09:37 AM pfSense Packages Bug #6939 (Feedback): HAproxy - backend server list broken with recent 2.3.3 snapshots: The scroll gimmick CSS has been removed from the master CSS file, and added only to firewall_rues.php and firewall_na... Anonymous
10:10 AM Todo #5538 (Feedback): remove symlinks from /etc/ to /var/etc/: Applied in changeset commit:fc84b222e75c9d92e394a2e9ddb80c5ead382f52. Renato Botelho
09:02 AM Bug #6903 (Resolved): services_dnsmasq_edit.php: Configuration XML hosts section order appears randomized: Anonymous
09:02 AM Bug #6918: Javascript Lowercase for IPv6 addresses prevents use of aliases with capital letters: I have added a new function addretolower() to detect if a string is a valid IPv6 address, and if so convert it to low... Anonymous
08:09 AM Bug #6943 (Resolved): Textdumps are not working on 2.4 (No DDB): That worked, thanks!
I did make one small tweak. Before, we used @kdb.enter.default@ rather than @kdb.enter.panic@... Jim Pingle
06:40 AM Bug #6943 (Feedback): Textdumps are not working on 2.4 (No DDB): Applied in changeset commit:0529323ff97f81e0203553086df8917aeb5542d3. Renato Botelho
06:01 AM Bug #6658: DHCP Relay not working on 2.3.2: Kill Bill wrote:
> Yay!!! Will only be able to test after this weekend; going to post feedback here. Thanks.
!htt... Kill Bill
02:56 AM Bug #6949 (Resolved): username/password not used by proxy support: hello,
it seems that username and password is not used for the proxy connection. it works only with IP and port but ... Giuanin Piemunteis
01:57 AM Bug #6925: System Update Failed: I was able to update. But I had to take the cable out of the router and leave it to pfsense only. Very sensitive. lol... Edson Bueno

11/20/2016

04:35 PM Bug #6945: Firewall alias naming restrictions are too limiting: I am well aware of DNS's Punycode encoding and of the homograph problem. The former is alas needed for backwards com... Sean McBride
01:02 PM pfSense Packages Bug #6948: HAproxy files tab input validation nonsense - impossible to save files: Hmmm... So, that's caused by the bogus empty file at the top, which I never placed there in the first place. NFC how ... Kill Bill
12:56 PM pfSense Packages Bug #6948 (Resolved): HAproxy files tab input validation nonsense - impossible to save files: No idea what's this bootstrap nonsense validating where yet again. It is absolutely impossible to input anything ther... Kill Bill
04:38 AM Bug #6947 (Resolved): Deleting an external CA wipes certificates in use: This is beyond uncool. When I accidentally deleted an external (intermediate) CA cert from the CAs tab, it wiped the ... Kill Bill
01:08 AM Bug #6946 (Not a Bug): Unable to override dns servers in dhcp server: Trying to provide specific DNS servers for specific optX network. No matter what I set the dns server fields to, the... Sean Bales

11/19/2016

10:49 PM Revision ce983754: openvpn, startup locking sequence to prevent issues around pid file / process management: fixes: https://redmine.pfsense.org/issues/6940 Pi Ba
05:13 PM Bug #6945: Firewall alias naming restrictions are too limiting: This is how's www.bücher.ch represented in DNS: www.xn--bcher-kva.ch; believe it or not, people do NOT want to deal w... Kill Bill
04:09 PM Bug #6945: Firewall alias naming restrictions are too limiting: Thanks for the link. Hopefully they won't reject the bug. Why do you think they would? (You do know that the majo... Sean McBride
02:37 PM Bug #6945: Firewall alias naming restrictions are too limiting: Sean McBride wrote:
> Do you know where I should file this upstream then?
https://bugs.freebsd.org/ if you insist... Kill Bill
01:22 PM Bug #6945: Firewall alias naming restrictions are too limiting: I figured it would be something like that.
Do you know where I should file this upstream then? Sean McBride
12:48 PM Bug #6945 (Rejected): Firewall alias naming restrictions are too limiting: We are bound by the limits in pf. We can only allow what they allow. (A-Z, a-z, 0-9, and _)
Use the description fi... Jim Pingle
12:40 PM Bug #6945 (Rejected): Firewall alias naming restrictions are too limiting: In Firewalls > Aliases, when creating/editing an alias there is a 'name' field. This field disallows most characters... Sean McBride
04:57 PM Bug #6132: race condition in OpenVPN startup: Just found this one issue, looks i made a duplicate https://redmine.pfsense.org/issues/6940 , i did implemented the '... Pi Ba
04:52 PM Bug #6940: OpenVPN management socket not listening after bootup / cannot restart the service.: Fixable by: https://github.com/pfsense/pfsense/pull/3236 Pi Ba
03:58 PM Bug #6943 (Confirmed): Textdumps are not working on 2.4 (No DDB): DDB is there now but something still isn't triggering textdumps. 2.4 has a different /etc/ddb.conf file from the one ... Jim Pingle
03:36 PM pfSense Packages Bug #6939: HAproxy - backend server list broken with recent 2.3.3 snapshots: I quoted a wrong post, however, both the HAproxy and the Status_Traffic_Totals have been fixed by reverting the offen... Kill Bill
03:05 PM pfSense Packages Bug #6939: HAproxy - backend server list broken with recent 2.3.3 snapshots: Kill Bill wrote:
> I'm not one of those bootstrap guys. :/ Perhaps @sbeaver could help. As for excessively wide drop... Kill Bill
02:34 PM Todo #6332: Upgrade encryption options to cover current range of recommendations: I believe such an RFC exists already:
https://tools.ietf.org/html/rfc6151
Section 2: "MD5 is no longer acceptab... Sean McBride
12:38 PM Todo #6944 (Closed): dhcp6c releasing allocation: There is a problem some users are having with dhcp6c sending a release on exit, in 99% of cases this is not an issue ... Martin Wasley
01:21 AM Feature #6832: [PATCH] Add the USB ID for the Sierra MC7430: Thanks, but I don't see it in the @RELENG_2_4@ branch. Jose Luis Duran

11/18/2016

08:22 PM Bug #6941: VLAN interface does not work unless parent/or vlan interface are in promiscious mode: There are known issues with re(4) and spoofed MACs, it isn't always the driver, sometimes it is the chip itself.
Y... Jim Pingle
07:44 PM Bug #6941: VLAN interface does not work unless parent/or vlan interface are in promiscious mode: Jim Pingle wrote:
> That would be a limit of your specific NIC chip and/or driver. If it's possible to be fixed at a... Thomas Nilsen
06:33 PM Revision 86bb5c37: Build hping: Jim Pingle
06:33 PM Revision 6be47576: Build hping: Jim Pingle
06:32 PM Revision c1d124be: Build hping: Jim Pingle
04:51 PM Revision e63ca285: Revert "Set dhcp-cache-threshold to 0 to avoid a bug in dhcpd 4.3.x where it omits client-hostname where the cache threshold is reached. Ticket #6589": Reverted after upgrade dhcpd server to 4.3.5
This reverts commit 9dacff7f1b2b89ebebc1e9456d642e0657bb89cc. Renato Botelho
04:51 PM Revision 94e0e0de: Revert "Apply the fix for ticket #6589 also into dhcpdv6 config": Reverted after upgrade dhcpd server to 4.3.5
This reverts commit 776692947bda5c867c7f5e60550c3a508760c251. Renato Botelho
04:50 PM Revision 1bd7d5e5: Revert "Apply the fix for ticket #6589 also into dhcpdv6 config": Reverted after upgrade dhcpd server to 4.3.5
This reverts commit 20350989db5d66ffb827beaed5ef5738cd62fc9d. Renato Botelho
04:50 PM Revision 06b91f60: Revert "Set dhcp-cache-threshold to 0 to avoid a bug in dhcpd 4.3.x where it omits client-hostname where the cache threshold is reached. Ticket #6589": Removed after upgrade dhcpd server to 4.3.5
This reverts commit 318e0383829daac934424879ccfce09395e80025. Renato Botelho
04:08 PM pfSense Packages Bug #6939: HAproxy - backend server list broken with recent 2.3.3 snapshots: I'll take care of it Anonymous
03:44 PM pfSense Packages Bug #6939: HAproxy - backend server list broken with recent 2.3.3 snapshots: I'm not one of those bootstrap guys. :/ Perhaps @sbeaver could help. As for excessively wide dropdowns, perhaps this ... Kill Bill
03:17 PM pfSense Packages Bug #6939: HAproxy - backend server list broken with recent 2.3.3 snapshots: Yah shortening the field lengths would likely help.. but how to do that in a bootstrapped kinda way.?. Pi Ba
02:59 PM pfSense Packages Bug #6939: HAproxy - backend server list broken with recent 2.3.3 snapshots: Not sure either, the "port" field could definitely be shrunk quite a bit, for starters, though that'd only mitigate t... Kill Bill
02:36 PM pfSense Packages Bug #6939: HAproxy - backend server list broken with recent 2.3.3 snapshots: There used to be a scrollbar.. Thats hidden now by this fix: https://redmine.pfsense.org/issues/6895
Reverting htt... Pi Ba
02:30 PM Bug #6850: FreeBSD 11.0 Route Syntax Change For Non-Local Gateway: Still seeing some issues, if I edit anything with the local-gateway even just the description and click apply changes... Ken Sim
02:10 PM Bug #6850 (Feedback): FreeBSD 11.0 Route Syntax Change For Non-Local Gateway: Ken Sim wrote:
> Still seeing system lockup on 2.4.0-BETA when dealing with non-local gateways.
I've tried to rep... Renato Botelho
02:14 PM Feature #6832 (Resolved): [PATCH] Add the USB ID for the Sierra MC7430: Already added Renato Botelho
02:13 PM Bug #6782: pkg update can trigger multiple updates per second: I believe the responsible for so many queries is System Information Widget, that checks for upgrades every time it sh... Renato Botelho
12:41 PM Bug #6658: DHCP Relay not working on 2.3.2: Yay!!! Will only be able to test after this weekend; going to post feedback here. Thanks. Kill Bill
10:47 AM Bug #6658 (Feedback): DHCP Relay not working on 2.3.2: Patch removed and package updated to 4.3.5 on pfSense 2.3.3 and 2.4.0 Renato Botelho
10:47 AM Bug #6840 (Feedback): Upgrade ISC dhcpd to 4.3.5 to address missing hostname workaround: Done for 2.3.3 and 2.4.0 Renato Botelho
10:32 AM Todo #6894 (Resolved): Improvements and fixes on 2.4 installer: Labels are working, GPT was the default, ZFS is working (See #6929). This looks good to me. Closing. Jim Pingle
07:14 AM Todo #6894 (Feedback): Improvements and fixes on 2.4 installer: - GPT is now default
- Labels are being used on fstab
- ZFS installation is working as expected Renato Botelho
10:23 AM Bug #6943 (Feedback): Textdumps are not working on 2.4 (No DDB): option DDB added to pfSense kernel Renato Botelho
09:10 AM Bug #6943 (Resolved): Textdumps are not working on 2.4 (No DDB): The amd64 kernel in 2.4 does not contain "options DDB" so textdumps are not working. It does have "options KDB", but ... Jim Pingle
07:50 AM Bug #6942 (Duplicate): Traffic Graph displays wrong local FQDN: It will only show what it finds in DNS, which is what it gets from DHCP static mappings, leases, host overrides, and ... Jim Pingle
06:18 AM Bug #6942 (Duplicate): Traffic Graph displays wrong local FQDN: In a configuration with several networks and different local domain names for each network where hosts get their name... Juerg Reimann
07:18 AM Bug #6877: nsCertType "Server" property of a certificate is not detected if additional nsCertType flags are also set: And in the same spirit, https://github.com/pfsense/pfsense/pull/3234 Bruno Grossmann
07:16 AM Todo #5368 (Feedback): Review /etc/ttys for serial console: Done during 2.4 alpha Renato Botelho

11/17/2016

09:21 PM Bug #6941 (Rejected): VLAN interface does not work unless parent/or vlan interface are in promiscious mode: That would be a limit of your specific NIC chip and/or driver. If it's possible to be fixed at all, it would have to ... Jim Pingle
04:48 PM Bug #6941 (Rejected): VLAN interface does not work unless parent/or vlan interface are in promiscious mode: Hi,
I have a pfsense box with two physical interfaces re0/re1.
My setup is two vlan interfaces defined re0_102 ... Thomas Nilsen
08:23 PM Revision 0641b626: Fixed #6931: Steve Beaver
08:22 PM Revision d3cb20ce: Fixed #6931: Steve Beaver
06:07 PM Bug #4689: Panic/Crash "sbflush_internal: cc 4294967166 || mb 0 || mbcnt 0": I am getting this symptom (crashs) on v2.3.2, multiple times a day:... Claude Duvergier
02:34 PM pfSense Packages Feature #6831: Snort does not support aliases containing FQDN: Reading this would help to understand why it's not supported.
https://forum.pfsense.org/index.php?topic=87211.msg514... Kill Bill
02:30 PM Bug #6931: Status > Filter Reload page is confusingly worded: Applied in changeset commit:d3cb20cef80a084f162495b5698190405df7a1dd. Anonymous
02:24 PM Bug #6931 (Feedback): Status > Filter Reload page is confusingly worded: Page un-uglyfied as requested Anonymous
01:22 PM Revision 09d22384: Merge pull request #3233 from doktornotor/patch-2: Jim Pingle
12:55 PM pfSense Packages Bug #6939: HAproxy - backend server list broken with recent 2.3.3 snapshots: P.S. Cannot make the window any wider, it's already fullscreen on a full HD monitor, not even F11 helps. :-D Kill Bill
12:54 PM pfSense Packages Bug #6939: HAproxy - backend server list broken with recent 2.3.3 snapshots: That's the same image I'm running, so it's most likely a problem with the package in general. It's possible there was... Jim Pingle
12:51 PM pfSense Packages Bug #6939: HAproxy - backend server list broken with recent 2.3.3 snapshots: Well, not sure what's current. The box has been upgraded about ~2 hours ago. ... Kill Bill
12:46 PM pfSense Packages Bug #6939: HAproxy - backend server list broken with recent 2.3.3 snapshots: Is this still the same on a current snapshot? Is it the same if you force a page reload to clear the cache? Make the ... Jim Pingle
12:29 PM pfSense Packages Bug #6939 (Resolved): HAproxy - backend server list broken with recent 2.3.3 snapshots: This definitely used to work, however it got badly broken recently. The SSL checkbox and weight fields are completely... Kill Bill
12:51 PM Bug #6940 (Duplicate): OpenVPN management socket not listening after bootup / cannot restart the service.: OpenVPN management socket not listening after bootup
The dashboard shows the following: "Unable to contact daemon ... Pi Ba
12:38 PM Bug #6760: Editing WAN bridge interface breaks routing until reboot: Jim Pingle wrote:
> One thing I did notice in your original description is that the network config is invalid. You c... Kill Bill
11:47 AM Revision 2f7c76cf: Put original match back: Did not mean to remove SSL substring from the check... Doktor Notor
11:36 AM Revision 0db9846a: Fix nsCertType matching for some certificates (Bug #6877): See https://redmine.pfsense.org/issues/6877#note-4 Doktor Notor
08:51 AM Bug #6919 (Resolved): Filter logs are broken, log has incomplete/invalid data: Looks good, filter log contains the expected entries now. Jim Pingle
08:42 AM Bug #6901 (Resolved): services_unbound_host_edit.php: "Delete" button should be suppressed if < 2 host aliases listed: We determined this page was OK because it's acceptable for a host override to have zero aliases. Without the button t... Jim Pingle
08:34 AM Feature #809 (Resolved): Config sync username change: Works, can XMLRPC sync so long as the user has the "System - HA node sync" privilege. Jim Pingle
08:17 AM Bug #5319: Error message "No config named" in charon daemon: I can confirm this one too. 2.3.2 in use.... Fabian Melters
07:30 AM Bug #6877 (Resolved): nsCertType "Server" property of a certificate is not detected if additional nsCertType flags are also set: Looks good, thanks for testing!
Jim Pingle
07:27 AM Bug #6877: nsCertType "Server" property of a certificate is not detected if additional nsCertType flags are also set: Works ;)
!https://s15.postimg.org/w34bhj9az/Cert_Manager_Screenshot_Fixed.png! Kill Bill
07:23 AM Bug #6877 (Feedback): nsCertType "Server" property of a certificate is not detected if additional nsCertType flags are also set: Merged PR Jim Pingle
07:10 AM Bug #6877 (Assigned): nsCertType "Server" property of a certificate is not detected if additional nsCertType flags are also set: I don't think I've ever seen one with both set, and practically there is rarely if ever a reason to do so. It's worth... Jim Pingle
05:37 AM Bug #6877: nsCertType "Server" property of a certificate is not detected if additional nsCertType flags are also set: Yeah, this cannot work... Kill Bill
04:38 AM Bug #6877: nsCertType "Server" property of a certificate is not detected if additional nsCertType flags are also set: Well, this does not work properly even with the nsCertType set. Example:... Kill Bill
05:23 AM Bug #6934 (Resolved): /usr/bin/install missing from new 2.4 installations: Renato Botelho
01:18 AM Bug #6934: /usr/bin/install missing from new 2.4 installations: I just did a fresh install with the 11/16/16 build. I was able to restore my configuration and all packages installe... Chad Wagner

11/16/2016

11:29 PM Revision 8cab3470: Revise host and domain sorting so that the index is not lost: Steve Beaver
11:28 PM Revision 589634a9: Revise host and domain sorting so that the index is not lost: Steve Beaver
09:48 PM Bug #6938: DNS with OpenVPN gateway specified is routed through wrong interface. 2.4 regression.: I've been trying to identify if the same issue exists when setting a DNS entry with a normal WAN gateway (with static... Gavin Stewart
07:39 PM Bug #6938 (Duplicate): DNS with OpenVPN gateway specified is routed through wrong interface. 2.4 regression.: System -> General Setup -> DNS Server Settings
Setting a DNS with an OpenVPN client gateway (dynamic IP address) is ... Gavin Stewart
09:11 PM Revision 4c17e45f: Added addrtolower() function to allow IPv6 addresses to be converted to lower case while preserving aliases or other text: Steve Beaver
09:10 PM Revision f3997278: Added addrtolower() function to allow IPv6 addresses to be converted to lower case while preserving aliases or other text: Steve Beaver
07:22 PM Bug #6936: OpenVPN client boot race causes intermittent dependent rule failure.: I have now verified that this is reproducible on 2.4 nightly 20161116-0701. Gavin Stewart
06:44 AM Bug #6936: OpenVPN client boot race causes intermittent dependent rule failure.: Moving the start of OpenVPN will undoubtedly have other unintended consequences. What is likely happening here is tha... Jim Pingle
06:37 AM Bug #6936: OpenVPN client boot race causes intermittent dependent rule failure.: Yes. Gavin Stewart
06:33 AM Bug #6936: OpenVPN client boot race causes intermittent dependent rule failure.: Do you have System > Advanced, Misc, "Do not create rules when gateway is down" set? Jim Pingle
03:54 AM Bug #6936: OpenVPN client boot race causes intermittent dependent rule failure.: Please note that Status -> Filter Reload also works to properly initialise the rule after boot (as an alternative to ... Gavin Stewart
01:19 AM Bug #6936 (Closed): OpenVPN client boot race causes intermittent dependent rule failure.: *Summary*:
A race condition starting OpenVPN client at boot (rc.bootup) is causing a firewall rule (that is dependen... Gavin Stewart
07:17 PM Revision 8f6cd075: Make sure pkg repo config files are not included in base tarball: Renato Botelho
04:06 PM Bug #6925: System Update Failed: I've already taken everyone off the network, but I can not update only timeout.
((>>> Updating repositories meta... Edson Bueno
02:58 PM Revision cd618e85: Be more verbose when creating distribution tarball: Renato Botelho
02:16 PM Revision 22e3574d: Revert "Fix #6864 automatically convert IPv6 input to lowercase": This reverts commit d461ff40e364fc0ecc003b9f673cbad7c6a08f2f.
(cherry picked from commit 75bc87fe10f30f49a09218820f7... Luiz Souza
02:16 PM Revision ba814883: Revert "Fix #6918 Allow aliases with capital letters in rules": This reverts commit 9444a281f051e11d5456cc37b2a3f56fc8a7bc33.
(cherry picked from commit 9128641db5c9b6839163948f3f7... Luiz Souza
12:55 PM Revision 574866f1: Change the way to initialize PKG_REPO_SIGNING_COMMAND to make it possible to set it to empty string on build.conf: Renato Botelho
09:15 AM Revision c0ac85e7: There is no ./install to be excluded in 2.4. It fixes #6934: Renato Botelho
08:47 AM Bug #6937 (Confirmed): Inbound traffic on enc0 is not creating a state with mobile IPsec: Jim Pingle
08:47 AM Bug #6937 (Resolved): Inbound traffic on enc0 is not creating a state with mobile IPsec: Traffic entering enc0 on 2.4 is not creating a state, thus TCP traffic will not pass. ICMP works as the return traffi... Jim Pingle
06:45 AM Bug #6913 (Resolved): install on Hyper-v R2: Jim Pingle
06:15 AM Bug #6935 (Duplicate): Rule (which contains a pfBlockerNG URL-Alias) cannot be saved: Jim Pingle
03:37 AM Bug #6935: Rule (which contains a pfBlockerNG URL-Alias) cannot be saved: Kill Bill wrote:
> Duplicate of Bug #6918
Ups, sorry Andreas Strub
03:06 AM Bug #6935: Rule (which contains a pfBlockerNG URL-Alias) cannot be saved: Duplicate of Bug #6918 Kill Bill
01:06 AM Bug #6935 (Duplicate): Rule (which contains a pfBlockerNG URL-Alias) cannot be saved: I cannot create or edit a Rule which contains a pfBlockerNG (URL-)Alias. The name of the Alias will automatically con... Andreas Strub
03:50 AM Revision 75bc87fe: Revert "Fix #6864 automatically convert IPv6 input to lowercase": This reverts commit d461ff40e364fc0ecc003b9f673cbad7c6a08f2f. Luiz Souza
03:45 AM Revision 9128641d: Revert "Fix #6918 Allow aliases with capital letters in rules": This reverts commit 9444a281f051e11d5456cc37b2a3f56fc8a7bc33. Luiz Souza
03:20 AM Bug #6934 (Feedback): /usr/bin/install missing from new 2.4 installations: Applied in changeset commit:c0ac85e7408bd34beac586b25a57901dc2c5c885. Renato Botelho

11/15/2016

11:44 PM Bug #6913: install on Hyper-v R2: Yes, it works.
Thank you. Dmitry Ivanov
10:44 PM Bug #6913 (Feedback): install on Hyper-v R2: There were fixes put in today for ZFS and it might have affected other things you're seeing. Try it again on a new sn... Jim Pingle
11:15 PM Bug #6911: no network on hyperv-v 2012 R1: I don't have anything capable of running Hyper-V on Windows Server (R1 or R2) nearby so I can't easily confirm the is... Jim Pingle
10:20 PM Bug #5383: CODELQ Traffic Shaper Causes Panic and Reboot During Speed Test: I just experienced this apparently same crash on 2.4 while running the DSLReports Speedtest. The system crashed afte... Chad Wagner
10:02 PM Bug #6918: Javascript Lowercase for IPv6 addresses prevents use of aliases with capital letters: I reverted all these changes until the proper solution is committed.
The 'real' solution here is convert the IPv6 ... Luiz Souza
05:44 PM Bug #6918 (New): Javascript Lowercase for IPv6 addresses prevents use of aliases with capital letters: There are more related pending PRs that may help, but I was talking to sbeaver earlier and he had some ideas on how i... Jim Pingle
05:30 PM Bug #6918: Javascript Lowercase for IPv6 addresses prevents use of aliases with capital letters: I'm sorry but this is *still* broken. I go to Firewall - NAT - Port Forward, there's a rule with an alias called "RAS... Kill Bill
09:40 PM Bug #6919 (Feedback): Filter logs are broken, log has incomplete/invalid data: Should be fixed in filterlog-0.1_5. Luiz Souza
05:41 PM Bug #6925: System Update Failed: Nah, Nepal is innocent -- the mirrors have been slow like molasses for some two days or so... Kill Bill
05:34 PM Bug #6925: System Update Failed: I am also getting this the last day or so. I thought it was related to moving back to Nepal and having slower internet. Phillip Davis
01:25 PM Bug #6925 (Feedback): System Update Failed: Jim Thompson
11:45 AM Revision ff3d11c8: DHCPv6 ddnsdomainprimary must currently be IPv4: This field is currently validated to allow only an IPv4 address to be entered, so it may as well be consistent client... Phil Davis
11:40 AM Bug #6929 (Resolved): Choosing ZFS during install results in a system that cannot mount root: ZFS now works on CE and Factory snapshots, thanks!
Jim Pingle
09:37 AM Bug #6929 (Feedback): Choosing ZFS during install results in a system that cannot mount root: Pushed a fix, please try next round of snapshots Renato Botelho
11:35 AM Revision 7164c563: services_dhcp_edit add extra IPv4 validation: a) Validate that ipaddr must be IPv4 (note if you enter an IPv6 address, it will fail other later tests of being in t... Phil Davis
10:34 AM Revision 41fc88ec: Specify the IP address family in interfaces.php: Where it is known what sort of IP address is required, we can specify it in the call to Form_IpAddress. That will mak... Phil Davis
10:13 AM Bug #6934 (Resolved): /usr/bin/install missing from new 2.4 installations: Same as #6643 but it's happening again on 2.4 now.
/usr/bin/install is missing from a fresh install, updating to a... Jim Pingle
08:26 AM Bug #6933 (Duplicate): Wrong IPv6 address is served over DNS when static mapping is used with Track6 interface: Duplicate of #6768 Jim Pingle
08:07 AM Bug #6933 (Duplicate): Wrong IPv6 address is served over DNS when static mapping is used with Track6 interface: I have a router with pfSense 2.3.2 that has several LAN interfaces, each set to Track6 mode to assign IPv6 addresses ... Anonymous
07:20 AM Bug #6927: 1 to 1 NAT allows entry of mixed IP addresses: 1:1 NAT does work for IPv6. It's similar to NPt, but for a single address -- NPt is really just a slightly different ... Jim Pingle
04:07 AM Bug #6927: 1 to 1 NAT allows entry of mixed IP addresses: At the moment it allows entry of IPv6 addresses. Is that correct? Is the 1:1 NAT feature supposed to work fine with I... Phillip Davis

11/14/2016

11:00 PM Revision bf2c7206: Fix #6918 Allow aliases with capital letters in rules: Expand the types of Form_IpAddress so that the caller can specify
exactly what combination of IPv4, IPv6 address and ... Phil Davis
11:00 PM Revision 8100374e: Fix #6918 Allow aliases with capital letters in rules: Expand the types of Form_IpAddress so that the caller can specify
exactly what combination of IPv4, IPv6 address and ... Phil Davis
10:59 PM Revision f9dcc114: Merge pull request #3225 from phil-davis/form_ipaddress: Jim Pingle
10:14 PM Bug #6932 (Not a Bug): MLPPP: Please open a forum thread for discussion and diagnosis before opening a bug report. It does work for some people, an... Jim Pingle
10:11 PM Bug #6932 (Not a Bug): MLPPP: This feature has been broken for a very long time. I have tested with x64 and x86 and different hardware with no luck... Matt Crook
06:11 PM Bug #6931 (Resolved): Status > Filter Reload page is confusingly worded: The way the Filter Reload page is displayed implies that the filter rules are loaded by simply visiting the page.
... Steve Wheeler
05:32 PM Bug #6812: IPsec filterdns crash: OK these issues have surfaces again this morning. Truth be told, I have no idea what's Ipsec and as far as I know, I... Anonymous
05:10 PM Bug #6918: Javascript Lowercase for IPv6 addresses prevents use of aliases with capital letters: Applied in changeset commit:9444a281f051e11d5456cc37b2a3f56fc8a7bc33. Phillip Davis
05:01 PM Bug #6918 (Feedback): Javascript Lowercase for IPv6 addresses prevents use of aliases with capital letters: The PR looks good, appears to do the proper thing in each case. I just merged it in. Jim Pingle
03:28 PM pfSense Packages Feature #6651: Loopback interfaces: Loopback interfaces are a cisco best practice for GRE/IPSec tunnels. I would use them for site-to-site IPSec as an in... Tom Poole
11:50 AM Bug #6930 (Resolved): DHCP server should be disabled for /31 and /32: Related forum thread: https://forum.pfsense.org/index.php?topic=121105.0
Basically
- disable the enable DHCP serv... Kill Bill
11:49 AM Bug #6929 (Resolved): Choosing ZFS during install results in a system that cannot mount root: Choosing the ZFS option results in a system that starts to boot, but cannot mount the root slice because it doesn't k... Jim Pingle
12:43 AM Bug #6911: no network on hyperv-v 2012 R1: the problem appears to be fixed in FreeBSD 11.0- *STABLE* Dmitry Ivanov

11/13/2016

11:13 PM pfSense Packages Bug #6928: freeRADIUS, logging with "Access-Reject" not work in mysql table radpostauth: for change it - needed uncomment this:
/usr/local/etc/raddb/sites-enabled/default
section post-auth
variable sql
... Konstantin Ab
09:47 PM pfSense Packages Bug #6928 (Resolved): freeRADIUS, logging with "Access-Reject" not work in mysql table radpostauth: The table(radpostauth) is recorded only events "Access-Accept".
in the table(radpostauth) needed events "Acces-Reje... Konstantin Ab
10:01 PM Bug #6913: install on Hyper-v R2: 11-stable have fixed this issue Dmitry Ivanov
07:47 AM Bug #6913: install on Hyper-v R2: Bug 212721 - FreeBSD 11.0-RC2/RC3/RELEASE fails on Hyper-V 2012r2
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id... Dmitry Ivanov
06:17 PM Revision 9444a281: Fix #6918 Allow aliases with capital letters in rules: Expand the types of Form_IpAddress so that the caller can specify
exactly what combination of IPv4, IPv6 address and ... Phil Davis
05:49 PM Revision 38ce4a18: Keep the rule type selection after input errors on firewall rule: If the user:
a) Edit a firewall rule
b) Select "single host or alias"
c) Enter an invalid IP address that is not an a... Phil Davis
01:12 PM Bug #6925: System Update Failed: "Operation timed out" => when download fails, you cannot upgrade. Kill Bill
10:41 AM Bug #6925 (Resolved): System Update Failed: >>> Updating repositories metadata...
Updating pfSense-core repository catalogue...
pfSense-core repository is up-... Edson Bueno
01:07 PM Bug #6927 (Resolved): 1 to 1 NAT allows entry of mixed IP addresses: When adding a 1:1 NAT entry it is possible to enter a mix of IPv4 and IPv6 addresses in the various External Internal... Phillip Davis
12:19 PM Bug #6918: Javascript Lowercase for IPv6 addresses prevents use of aliases with capital letters: See pull request https://github.com/pfsense/pfsense/pull/3225 for a suggested fix. Phillip Davis
11:05 AM Bug #6918: Javascript Lowercase for IPv6 addresses prevents use of aliases with capital letters: Yes. Confirmed on:
2.3.3-DEVELOPMENT (amd64)
built on Fri Nov 11 16:36:08 CST 2016
FreeBSD 10.3-RELEASE-p12
... Andrew -
12:17 PM Bug #6926 (New): Miniupnp advertising expired IPv6 address: Version 2.3.2_1
With WAN set to DHCP6 and LAN set to track interface, the miniupnp service does not get notified i... Leland Roach
07:39 AM Bug #6924 (Not a Bug): Configure third interface by gui.: It's possible something being configured on the previous one made it appear that it failed (e.g. states got reset). I... Jim Pingle
12:52 AM Bug #6924: Configure third interface by gui.: I added a new network card and I set up ipv4 and saved it and it was just spinning. Now I added another set and it wa... Edson Bueno
05:55 AM pfSense Packages Bug #3343: (re)starting freeradius service throws "The command '/usr/local/etc/rc.d/radiusd.sh stop' returned exit code '1', the output was 'radiusd not running?'": The problem is, that pfSense restarts the packages it self and also calls the restart method of freeradius itself.
... Chris Becker
04:50 AM Bug #6911: no network on hyperv-v 2012 R1: Bug 213618 - When running as a Hyper-V Guest, FreeBSD 11 networking does not work
https://bugs.freebsd.org/bugzilla... Dmitry Ivanov

Also available in: Atom

Project

General

Profile

pfSense

Activity

Activity

12/12/2016

12/11/2016

12/10/2016

12/09/2016

12/08/2016

12/07/2016

12/06/2016

12/05/2016

12/04/2016

12/03/2016

12/02/2016

12/01/2016

11/30/2016

11/29/2016

11/28/2016

11/27/2016

11/26/2016

11/25/2016

11/24/2016

11/23/2016

11/22/2016

11/21/2016

11/20/2016

11/19/2016

11/18/2016

11/17/2016

11/16/2016

11/15/2016

11/14/2016

11/13/2016