Activity

30 days up to

User

Subprojects

Activity

From 12/09/2016 to 01/07/2017

01/07/2017

11:10 PM Bug #6836: Wrong queue length on "/status_queues.php" page under heavy traffic: Please point me to the some redmine EULA or law, why I can not use this name anymore like it was used for the 5 last ... Vladimir Suhhanov
12:26 PM Bug #6836 (Assigned): Wrong queue length on "/status_queues.php" page under heavy traffic: please close and reopen this as someone other than "Vladimir Putin".
not kidding. Jim Thompson
10:55 PM Bug #7102: This firewall does not have any interfaces assigned that are capable of using ALTQ traffic shaping for igb interface: Jim seems it is working, and its a GUI bug.
the command line doesnt give any errors, however I am not 100% sure as... Chris Collins
10:11 PM Bug #7102: This firewall does not have any interfaces assigned that are capable of using ALTQ traffic shaping for igb interface: Possibly yes as it seems also broken on realtek.
I tried to move both cables to the reX ports but it seems my re1 ... Chris Collins
09:05 PM Bug #7102 (Duplicate): This firewall does not have any interfaces assigned that are capable of using ALTQ traffic shaping for igb interface: Probably a duplicate of #7066 which appears to be a more general issue. Jim Pingle
09:04 PM Bug #7102 (Resolved): This firewall does not have any interfaces assigned that are capable of using ALTQ traffic shaping for igb interface: Is intel i350 interface
According to this url it can be patched to work. Can the patches please be made on the pf... Chris Collins
10:28 PM Bug #7093 (Rejected): "Outgoing Network Interfaces" is broken in dns resolver settings: I cannot reproduce this on current 2.4 snapshots. I have tried a variety of outgoing and other interface configuratio... Jim Pingle
10:18 PM Bug #7066: vmx(4) interfaces do not have ALTQ support on pfSense 2.4, they had ALTQ support on 2.3: Jim ALTQ does looks its on the a downward path but still pfSense uses it and the traffic shaper is an established key... Chris Collins
12:13 PM Bug #7066: vmx(4) interfaces do not have ALTQ support on pfSense 2.4, they had ALTQ support on 2.3: Personally, I think ALTQ is dead. Jim Thompson
10:02 PM Bug #7037: CPU frequency in System Information: The info might well be redundant, but dynamic resizing from different values is poor design. Aslak Sande
08:00 PM Feature #7007 (Feedback): Change default IPsec/strongswan log levels: Applied in changeset commit:e470f72139ed54972465e653e27536687ce58b23. Jim Pingle
12:12 PM Feature #7007: Change default IPsec/strongswan log levels: assigned to Pingle for resolution. Jim Thompson
06:09 PM Bug #6949: username/password not used by proxy support: Looks like the patch on the FreeBSD bug entry was committed. We should be able to pull it in from there. Jim Pingle
06:00 PM Bug #6882 (Feedback): bsnmpd uses all available CPU with hostres module active in some cases: Applied in changeset commit:43de83978ed93c9a4886e2844e341af0f3fe9a05. Jim Pingle
01:15 PM Bug #7100 (Resolved): pkg_edit.php - $("#showadv").prop('value') not working: Anonymous
01:01 PM Bug #7100: pkg_edit.php - $("#showadv").prop('value') not working: Works! ;) Thanks. Kill Bill
12:50 PM Bug #7100 (Feedback): pkg_edit.php - $("#showadv").prop('value') not working: Applied in changeset commit:6d55e876755d422e97bacb336f52f577087aa71c. Anonymous
08:36 AM Bug #7100 (Resolved): pkg_edit.php - $("#showadv").prop('value') not working: This code somehow does not work: https://github.com/pfsense/pfsense/blob/master/src/usr/local/www/pkg_edit.php#L1521 ... Kill Bill
12:23 PM Bug #6974: radvd enabled on a disconnected interface kills RA completely on all interfaces: There is code in radvd to stop sending on interfaces that are no longer transmitting.
I don't know how difficult... Jim Thompson
12:10 PM Bug #7013: Changing group scope to remote does not remove it from group file: you would have to teach each affected process to re-run initgroups(3); setgroups(2); in order for them all to have a ... Jim Thompson
12:05 PM Todo #7084: Intel IEEE 802.11ac wireless network driver: I don't think we have any hardware to test this with. Jim Thompson
11:06 AM Bug #7101: services_dyndns.php not updating via gateway group, ok with the interface: Sorry, a mistake in line 1...
"with 2 PPPoE connection I have defined 3 DDNS: DDNS1.selfip.net for WADSL, DDNS2.se... Riccardo Di Sarcina
11:03 AM Bug #7101 (Duplicate): services_dyndns.php not updating via gateway group, ok with the interface: Hi,
with 2 connection I have defined 3 DDNS: DDNS1.selfip.net for WADSL, DDNS2.selfip.net for VDSL and DDNS.selfip... Riccardo Di Sarcina
09:10 AM Feature #7099: Make breadcrumbs clickable: I wondered about that also, at the time of the bootstrap conversion, but there was enough going on that I never follo... Phillip Davis
06:54 AM Feature #7099 (Resolved): Make breadcrumbs clickable: Dunno if it's just me, but the entire feature is very much pointless when it's unusable for navigation. Seems pretty ... Kill Bill
08:40 AM Feature #7077: Display negotiated data encryption algorithm in OpenVPN connection status: Great news!
We'll keep an eye out for it Jim Pingle
08:27 AM Feature #7077: Display negotiated data encryption algorithm in OpenVPN connection status: The proposal to add the info to status 2 / 3 has been accepted, and may make it into OVPN 2.4.1. I'll update this whe... Jeff Wischkaemper
06:30 AM Bug #7096: Unbound fails to start on boot if specific network devices are configured in the "Network Interfaces": I have a proposal which should make it easier for development.
I suggest removing the interface selection as is (f... Chris Collins
05:46 AM Feature #7098 (Resolved): RAM Disk Management: RAM Disk Management
https://github.com/pfsense/pfsense/pull/2902
1) Treat the RAM disk more like a permanent stor... NOYB NOYB
01:20 AM Bug #5993: dhcp6c not started until an RA received: The removal of the extra dhc6c_interface_script call does cause a problem for some, those who use dhcpwithoutra and w... Martin Wasley

01/06/2017

11:20 PM Feature #7097 (Feedback): Authentication cache for LDAP and RADIUS: PR merged Jim Pingle
02:41 PM Feature #7097 (Resolved): Authentication cache for LDAP and RADIUS: Currently PFSense does not remember LDAP or RADIUS authentication to the admin portal between requests. This results ... Joash Lewis
11:16 PM Feature #7051 (Feedback): Allow control of what users can view and/or clear notices: PR merged Jim Pingle
11:54 AM Feature #7051: Allow control of what users can view and/or clear notices: This should fix it:
https://github.com/pfsense/pfsense/pull/3359
assuming it should be "fixed" Phillip Davis
11:23 AM Feature #7051: Allow control of what users can view and/or clear notices: Ditto, but that VM had apparently been broken in that way for some time and I never noticed until this morning when I... Jim Pingle
11:17 AM Feature #7051: Allow control of what users can view and/or clear notices: The code checks for having the specific new privs to view/clear notices or the "all pages" access. If the "root" user... Phillip Davis
11:05 AM Feature #7051: Allow control of what users can view and/or clear notices: More info: This appears to have happened because the 'admin' user on that VM was somehow not a member of the 'admins'... Jim Pingle
11:02 AM Feature #7051 (Assigned): Allow control of what users can view and/or clear notices: The notice alert/bell isn't displayed to the admin user when this code is in place. If I revert it, they show up. Jim Pingle
02:28 PM Feature #6045: Updates that do not require a reboot should run reroot: Looks like reroot doesn't work with ZFS without changing vfs.root.mountfrom
https://bugs.freebsd.org/bugzilla/show... Renato Botelho
12:56 PM Feature #6045 (Assigned): Updates that do not require a reboot should run reroot: reroot crashes with ZFS. We will have to detect that case and fall back to a traditional reboot (or see if we can get... Jim Pingle
01:43 PM Bug #7096 (Resolved): Unbound fails to start on boot if specific network devices are configured in the "Network Interfaces": It starts fine if default ALL is selected.
But if specific interfaces are selected instead it prints bind errors a... Chris Collins
11:51 AM pfSense Packages Todo #7055 (Feedback): Update OpenVPN Client Export package with OpenVPN 2.4: This is now live for 2.3.2_1 users as well. What little feedback I received was positive. We'll move forward from her... Jim Pingle
11:35 AM Feature #7095 (Resolved): Improve Remote Gateway field description for IPSec VPN Phase 1: I think it would be nice if it would be mentioned that 0.0.0.0 is a valid value for that field
So... Philippe Schnyder
11:33 AM Feature #4354: Allow dpinger to ping more than one destination for a gateway.: Luke Hamburg wrote:
> _"8.8.8.8 is not a good target"_ huhhh? Then why does https://doc.pfsense.org/index.php/Multi-... Kill Bill
10:29 AM Feature #4354: Allow dpinger to ping more than one destination for a gateway.: this is from the manual
Connection Health Check: Uses the following methods to check if the WAN interfaces are stil... Michael Kellogg
10:20 AM Feature #4354: Allow dpinger to ping more than one destination for a gateway.: let me add to this talk past experiences (as i have a couple of maybe the worst isps anywhere ) I had a old dual wan ... Michael Kellogg
10:05 AM Feature #4354: Allow dpinger to ping more than one destination for a gateway.: Luiz:
_"If you monitor a couple of IPs and one of them is really down, the one you really need access, how you are... → luckman212
09:45 AM Feature #4354: Allow dpinger to ping more than one destination for a gateway.: Phillip Davis wrote:
> I would like to see something like this also. I had been meaning to look at it a long time ag... Luiz Souza
09:24 AM Feature #4354: Allow dpinger to ping more than one destination for a gateway.: "excess traffic" -- a 0 byte payload ICMP? I don't think we can call that excess traffic :)
"too much time before... → luckman212
09:23 AM Feature #4354: Allow dpinger to ping more than one destination for a gateway.: I would like to see something like this also. I had been meaning to look at it a long time ago! Maybe I will play wit... Phillip Davis
09:19 AM Feature #4354: Allow dpinger to ping more than one destination for a gateway.: No matter how multiple targets are handled, it is worse off in some way (excess traffic, too much time before an outa... Jim Pingle
08:35 AM Feature #4354: Allow dpinger to ping more than one destination for a gateway.: Can we get this one re-opened? This "bit" me badly yesterday at a customer site. Monitor IP of 8.8.8.8 started "flap... → luckman212
11:30 AM Bug #7034 (Resolved): NTP Orphan Mode stratum setting is not displayed in input field: Jim Pingle
11:22 AM Bug #7034: NTP Orphan Mode stratum setting is not displayed in input field: Just tested again with @2.4.0-BETA (amd64) built on Fri Jan 06 01:41:07 CST 2017, FreeBSD 11.0-RELEASE-p5@ and it's w... Thomas Rieschl
11:09 AM Bug #7094 (Duplicate): Unbound startup syntax is incorrect: This one is perhaps complicated to fix.
Currently if a unbound-control reload is issued then unbound will shutdown... Chris Collins
11:05 AM Bug #7093 (Rejected): "Outgoing Network Interfaces" is broken in dns resolver settings: The "Outgoing Network Interfaces" incorrectly applies the WAN ipv6 link-local when ALL is not selected and also when ... Chris Collins
10:59 AM Feature #7092 (Closed): Kernel modules for alternate congestion control algorithms: These are provided via kernel modules cc_cubic and cc_htcp
I am aware pfsense when its not the endpoint these are ... Chris Collins
10:38 AM Todo #7091 (Not a Bug): Write upgrade code to rename igb devices to em: As announced at [1] igb devices will become em devices on FreeBSD 12. We need to have some upgrade code ready to dete... Renato Botelho
10:17 AM Bug #6837: Gateway Failover does not failback: Wait, _what?_ Default gateway switching is an experimental feature? That checkbox has been there since at least 2.0.... → luckman212
09:12 AM Bug #7089: Opposite of + or - is occurring when selecting time zone: The thing needs to be kept in-line with what the "standard" tz-database distribution is doing. Otherwise, as Jim says... Phillip Davis
08:49 AM Bug #7089: Opposite of + or - is occurring when selecting time zone: pfSense is not other products. And the Etc zones are NOT what you want, likely ever. We have been tempted to remove o... Jim Pingle
08:37 AM Bug #7089: Opposite of + or - is occurring when selecting time zone: In every other environment I've worked in that I can think of, you can pick the -5 and it's correct. Why is this any ... Geoffrey Bricker
07:52 AM Bug #7089: Opposite of + or - is occurring when selecting time zone: You should not be picking what you think is an offset (but is really a special-use time zone). Pick a geographic zone... Jim Pingle
07:51 AM Bug #7089: Opposite of + or - is occurring when selecting time zone: Just so I can be clear, you're saying the intended behavior is that - is + and + is minus? Every other device I've ev... Geoffrey Bricker
06:01 AM Bug #7089 (Feedback): Opposite of + or - is occurring when selecting time zone: Changes were added to let user know about how it works, as proposed by Phil. Renato Botelho
12:59 AM Bug #7089: Opposite of + or - is occurring when selecting time zone: Suggested enhancement to UI:
https://github.com/pfsense/pfsense/pull/3354 Phillip Davis
08:51 AM Bug #6936: OpenVPN client boot race causes intermittent dependent rule failure.: There is a good chance this has been fixed by #6132 so it's worth trying on a current 2.4 snapshot. Jim Pingle
08:43 AM Bug #6936: OpenVPN client boot race causes intermittent dependent rule failure.: Gavin
Have you retested on a recent 2.4 snap? → luckman212
06:32 AM Bug #7090 (Not a Bug): Firewall rule is ignored when action is pass: Configuration error. Post on the forum for discussion. Jim Pingle

01/05/2017

11:38 PM Bug #7089: Opposite of + or - is occurring when selecting time zone: Also, 99.9% of users should be selecting a timezone based on a continent/city in their area. This makes summer time c... Phillip Davis
11:21 PM Bug #7089: Opposite of + or - is occurring when selecting time zone: https://en.wikipedia.org/wiki/Tz_database#Area
"The special area of "Etc" is used for some administrative zones, par... Phillip Davis
08:22 PM Bug #7089: Opposite of + or - is occurring when selecting time zone: Oh and Yes, the time is also incorrect not just the + and the - Geoffrey Bricker
08:09 PM Bug #7089 (Resolved): Opposite of + or - is occurring when selecting time zone: I select ETC/GMT-5 on the web interface, and typing 'date' in shell shows the opposite, +5. I changed to -4, it went ... Geoffrey Bricker
11:21 PM Bug #7090 (Not a Bug): Firewall rule is ignored when action is pass: Hi,
I've got a firewall rule that reads:
States Protocol Source Port Destination Port Gateway Queue Schedule De... Walter Steinlein
06:30 PM Bug #7081 (Feedback): Search Domains not populating from RA using SLAAC: Applied in changeset commit:1794ecbb8b37fc97bd1d2fe6ab7ecc19d87a9a68. Jim Pingle
10:45 AM Bug #7081: Search Domains not populating from RA using SLAAC: The field "radomainsearchlist" in the GUI is not referenced anywhere in the backend. Needs some research/testing Jim Pingle
10:40 AM Bug #7081 (Resolved): Search Domains not populating from RA using SLAAC: When I enter nameservers in the DNS list for Router Advertisements in unmanaged mode the client will populate with th... Matthew Fine
05:30 PM Bug #7088 (Feedback): DHCP does not accept input into MAC Control Fields.: Applied in changeset commit:80e7011fddd29a387c4c84b68c8c49dce4494729. Jim Pingle
05:19 PM Bug #7088: DHCP does not accept input into MAC Control Fields.: This affects the main DHCP settings page not just the pools
is_macaddr() lost its $partial parameter/support require... Jim Pingle
04:15 PM Bug #7088 (Confirmed): DHCP does not accept input into MAC Control Fields.: Jim Pingle
04:03 PM Bug #7088 (Resolved): DHCP does not accept input into MAC Control Fields.: "If a mac allow list is specified, it must contain only valid partial MAC addresses."
Attempted input (I also trie... Shane Poteet
04:09 PM pfSense Packages Bug #7087 (Rejected): DNSBL service does not start: Is pfBlocker actually installed, enabled, and properly configured?
Please post on the forum in the pfBlockerNG boa... Jim Pingle
03:51 PM pfSense Packages Bug #7087: DNSBL service does not start: Other errors:... Brenden Smerbeck
03:48 PM pfSense Packages Bug #7087 (Rejected): DNSBL service does not start: Noticed this while configuring 2.4. dnsbl service does not start, and the .pid file has no value. Brenden Smerbeck
01:10 PM Bug #7053 (Resolved): OpenVPN Client Specific Overrides - GUI Omissions and Errors: Jim Pingle
12:37 PM Bug #7086 (Resolved): stale zfs file systems: I am not sure if this is a bug or a feature. Seems the 'Auto install'-values are used from the native FreeBSD while p... Ekki Gehm
12:29 PM Feature #7085 (New): Edit Firewall Rules Seperator: Once a Firewall Rule Separator is added you cannot edit it. You have to delete and add it again to make any changes. Adam Piasecki
12:02 PM Todo #7084 (Resolved): Intel IEEE 802.11ac wireless network driver: Hey folks,
I wonder if it would be possible to include the if_iwm.ko and related firmware .kos. They are new as of... Ekki Gehm
11:35 AM Bug #7083 (Resolved): Put back some visual hint for required fields: Pretty sure the convention was that the @<fielddescr>@ for a @<required/>@ field was shown in bold in pfSense before ... Kill Bill
11:15 AM Bug #7082: pkg_edit.php - impossible to use default_value with rowhelperfield: I'm kinda unsure that the <default_value> works like that even for non-rowhelperfield fields. :-) What I see in packa... Kill Bill
11:04 AM Bug #7082: pkg_edit.php - impossible to use default_value with rowhelperfield: I will investigate.
I presume the desired functionality is that if the element has no current (stored) value, the ... Anonymous
11:00 AM Bug #7082 (New): pkg_edit.php - impossible to use default_value with rowhelperfield: I mean, things like:... Kill Bill
10:52 AM Bug #5673: pkg_edit - Rowhelper descriptions are not printing: So, is it possible to have the @<description>@ tag printed somehow? (As a hover on the @<fielddescr>@ or whatever?) W... Kill Bill
10:48 AM Bug #6972 (Resolved): "Are you sure you wish to?" prompts and other issues with deleting networks from network-type aliases: Renato Botelho
10:34 AM Bug #6972: "Are you sure you wish to?" prompts and other issues with deleting networks from network-type aliases: Looks all good here. Thanks. ;) Kill Bill
08:15 AM Bug #6972: "Are you sure you wish to?" prompts and other issues with deleting networks from network-type aliases: Fixed. Please retest. Anonymous
10:45 AM Bug #7080 (Resolved): pkg_edit.php - rowhelper fielddescr disappears when last row is deleted: Jim Pingle
10:38 AM Bug #7080: pkg_edit.php - rowhelper fielddescr disappears when last row is deleted: Well, this was apparently another manifestation of Bug #6972. The issue seems gone with ea02e3cf5d54c9f1ebbe09d9fa552... Kill Bill
08:25 AM Bug #7080 (Feedback): pkg_edit.php - rowhelper fielddescr disappears when last row is deleted: Unable to reproduce with Safari, Firefox or Chrome. Am I doing something wrong?
!rowhelper.gif! Anonymous
08:10 AM Bug #7080 (Resolved): pkg_edit.php - rowhelper fielddescr disappears when last row is deleted: An example: https://github.com/pfsense/FreeBSD-ports/blob/devel/www/pfSense-pkg-squid/files/usr/local/pkg/squid_rever... Kill Bill
10:38 AM Bug #7050: Limiter with PFsense 2.4 transparent proxy: yeah, sort of. this is a fallout of 4326 not being properly tested under all conditions (nat, binat and rdr) - they ... Luiz Souza
08:00 AM Feature #7077: Display negotiated data encryption algorithm in OpenVPN connection status: "verbosity 4"? As in the system logs? Sure, it's in the logs, sure, but scraping logs isn't proper status output. It ... Jim Pingle
07:52 AM Feature #7077: Display negotiated data encryption algorithm in OpenVPN connection status: Their initial reply is that it's available if you use verbosity 4... which is correct, but not entirely useful. I'm a... Jeff Wischkaemper
07:49 AM pfSense Packages Bug #6950 (Resolved): Auto Config Backup always reports success: Renato Botelho
04:04 AM pfSense Packages Bug #6950: Auto Config Backup always reports success: Works (at least for cases where write_config() returns false, and there's not really much else that could be done here.) Kill Bill
07:20 AM Bug #7033: Hidden rule break the policy routing: Jim Pingle wrote:
> Duplicate of #1136
>
> If you must have a second gateway on WAN, add floating rules to match ... Maxence Sartiaux
06:17 AM pfSense Packages Feature #6951 (Resolved): Disable Auto Config Backup without uninstalling: Renato Botelho
04:01 AM pfSense Packages Feature #6951: Disable Auto Config Backup without uninstalling: Merged and works, can be closed. Kill Bill

01/04/2017

11:16 PM pfSense Packages Todo #7055: Update OpenVPN Client Export package with OpenVPN 2.4: I just pushed this to 2.3.3 as well for more testing. Jim Pingle
07:58 AM pfSense Packages Todo #7055: Update OpenVPN Client Export package with OpenVPN 2.4: A new version of OpenVPN client export for pfSense 2.4 with OpenVPN 2.4 is up now for testing.
Key changes:
* Ope... Jim Pingle
10:50 PM Bug #6962 (Resolved): GUI allows selecting missing diffe-helman Paremeters for OpenVPN: I fixed this up among the other OpenVPN improvements this week. Jim Pingle
09:10 PM Todo #7054 (Resolved): Update OpenVPN to 2.4.0: Jim Pingle
09:10 PM Bug #7034 (Feedback): NTP Orphan Mode stratum setting is not displayed in input field: Applied in changeset commit:531c348639adb8b7e7d190e8fdab709fea61f61a. Jim Pingle
09:00 PM Bug #7034 (Confirmed): NTP Orphan Mode stratum setting is not displayed in input field: Yep, something isn't quite right with how it's doing validation. Jim Pingle
03:45 PM Bug #7034: NTP Orphan Mode stratum setting is not displayed in input field: I just tested it with the current nightly (@2.4.0-BETA (amd64) built on Wed Jan 04 13:38:53 CST 2017; FreeBSD 11.0-RE... Thomas Rieschl
08:00 PM Bug #7053 (Feedback): OpenVPN Client Specific Overrides - GUI Omissions and Errors: Applied in changeset commit:b6dd335e6b81c89f2e4dd63cbd638853ebe2a275. Jim Pingle
07:51 PM Feature #7061 (Resolved): OpenVPN 2.4 supports pushing IPv6, allow the GUI to define IPv6 OpenVPN DNS servers to push to clients.: Jim Pingle
07:34 PM Bug #6099: igmpproxy does not recognize upstream interface: Is the change also available to 2.3.3 branch ? Alexandre Paradis
09:00 AM Bug #6099: igmpproxy does not recognize upstream interface: Luiz Otavio O Souza wrote:
> Ooops. Sorry for the breakage.
>
> Fixed in the latest version.
>
> Thanks for t... Lars Veldcholte
05:51 AM Bug #6099 (Resolved): igmpproxy does not recognize upstream interface: Renato Botelho
07:14 PM Feature #7077: Display negotiated data encryption algorithm in OpenVPN connection status: I'll see what I can do and report back. Jeff Wischkaemper
07:09 PM Feature #7077: Display negotiated data encryption algorithm in OpenVPN connection status: Nothing in particular comes to mind, it would be nice to see all of the known parameters for connecting clients/serve... Jim Pingle
06:45 PM Feature #7077: Display negotiated data encryption algorithm in OpenVPN connection status: Will do. Is there something specific I can ask for over there that would make it easier for you? Jeff Wischkaemper
05:31 PM Feature #7077 (Needs Patch): Display negotiated data encryption algorithm in OpenVPN connection status: We have no way to detect that currently. OpenVPN does not report that in any of their status output. Open a feature r... Jim Pingle
03:59 PM Feature #7077 (Resolved): Display negotiated data encryption algorithm in OpenVPN connection status: NCP is great. Not knowing what cipher NCP negotiated is less great.
It would be excellent to add something on the... Jeff Wischkaemper
06:48 PM Bug #7079 (Closed): ClamAV C-ICAP causing Kernel Panic and System Crash: Running ClamAV causes sporadic kernel panics and resets with the following syntax:... Brenden Smerbeck
06:44 PM Feature #7078: Allow reordering of client specific overrides in OpenVPN: Organization, primarily. I have about 100 of them which are are generally speaking associated with different sites. I... Jeff Wischkaemper
05:27 PM Feature #7078: Allow reordering of client specific overrides in OpenVPN: For what purpose? They are all mutually exclusive. Jim Pingle
05:02 PM Feature #7078 (New): Allow reordering of client specific overrides in OpenVPN: It would be useful to rearrange the client specific overrides in OpenVPN. Jeff Wischkaemper
06:22 PM Feature #7072 (Resolved): vpn_openvpn_server.php / vpn_openvpn_client.php : Add controls to OpenVPN for Negotiable Crypto Parameters: Looks good Jim Pingle
04:26 PM Feature #7072 (Feedback): vpn_openvpn_server.php / vpn_openvpn_client.php : Add controls to OpenVPN for Negotiable Crypto Parameters: Fixed Anonymous
03:38 PM Feature #7072 (Assigned): vpn_openvpn_server.php / vpn_openvpn_client.php : Add controls to OpenVPN for Negotiable Crypto Parameters: There's one little problem left with the NCP list control. Clicking in empty area on the right side adds a "null" ent... Jim Pingle
01:50 PM Feature #7072 (Feedback): vpn_openvpn_server.php / vpn_openvpn_client.php : Add controls to OpenVPN for Negotiable Crypto Parameters: Applied in changeset commit:fa351dd3c13e65dfabfb0f2ac2ed72b332276892. Jim Pingle
01:12 PM Feature #7072: vpn_openvpn_server.php / vpn_openvpn_client.php : Add controls to OpenVPN for Negotiable Crypto Parameters: See also:
* commit:bd07fbdb4b81fc358b8fa55b06469dde7a3870df
* commit:6c00adf3316d2c5214f7e9cf2e5f138c32845d58
* co... Jim Pingle
02:37 PM Bug #6972: "Are you sure you wish to?" prompts and other issues with deleting networks from network-type aliases: To reproduce:
1/ Edit some alias
*2/ Add some rows*
3/ Now, try to delete them (or the previously existing rows)... Kill Bill
02:33 PM Bug #6972: "Are you sure you wish to?" prompts and other issues with deleting networks from network-type aliases: I am unable to reproduce this in the updated version. Clicking the trash can icon previously did not delete for me, b... Anonymous
02:08 PM Bug #6972 (Assigned): "Are you sure you wish to?" prompts and other issues with deleting networks from network-type aliases: Renato Botelho
01:35 PM Bug #6972: "Are you sure you wish to?" prompts and other issues with deleting networks from network-type aliases: OK, got to testing. As a good news, the annoying prompt is gone. The second symptom (unable to delete added rows when... Kill Bill
12:14 PM Bug #7074 (Resolved): Due to OpenVPN protocol selection changes, automatic port number guessing/adjustment is not working: I tried a few combinations and it all worked. Creating a new instance or using the wizard properly guessed the next h... Jim Pingle
08:00 AM Bug #7074 (Feedback): Due to OpenVPN protocol selection changes, automatic port number guessing/adjustment is not working: Applied in changeset commit:f69e098f41bb3937b244b557969009535a911ef4. Renato Botelho
06:48 AM Bug #7074: Due to OpenVPN protocol selection changes, automatic port number guessing/adjustment is not working: I'll work on it Renato Botelho
12:13 PM pfSense Packages Bug #6527 (Feedback): Squid 3.5 - Deprecated "ssl_bump server-first all" don't allow SNI in transparent mode with HTTPS/SSL Interception: PR has been merged to 2.4.0 and 2.3.3 snapshots Renato Botelho
11:32 AM Feature #7071 (Resolved): Add TLS Encryption (--tls-crypt) as an optional TLS Key usage type for OpenVPN 2.4: Works Jim Pingle
10:54 AM Bug #7076 (Duplicate): Packets accepted by IP but rejected because "Allow IP options" is disabled are not logged: Hi,
I added a rule to allow multicast traffic by IP without "Allow IP options" enabled (because I did not yet know... JJ Meijer
10:46 AM Bug #6906 (Resolved): Issues with /tmp and /var in RAM on 2.4: Works fine on two different systems here, thanks! Jim Pingle
08:13 AM Bug #6906 (Feedback): Issues with /tmp and /var in RAM on 2.4: The issue was happening on ZFS and should be fixed after commit:b712dd529e2445fc20e983815a80a4e8ea109760 Renato Botelho
10:19 AM Bug #5993: dhcp6c not started until an RA received: OK, had a look around that bit of code. This is what I have found:
1. RTSOLD still launches multiple dhcp6c client... Martin Wasley
02:41 AM Bug #5993: dhcp6c not started until an RA received: The dhcpc before RA was originally my fix for an issue we have with Sky ISP in the U.K. I got very busy with work and... Martin Wasley
09:55 AM Bug #6856 (Duplicate): "Force Config Settings" buton on master causes slave to loss IP alises on lo0: Duplicate of #7010 which is already fixed. Jim Pingle
01:14 AM Bug #4310: Limiters + HA results in hangs on secondary: Dear Luiz! Can we expect real fix in 2.4? We are waiting for it too long, and this is a really critical problem, sinc... Vladimir Usov

01/03/2017

11:30 PM Bug #7050: Limiter with PFsense 2.4 transparent proxy: Luiz Otavio O Souza wrote:
> The issue here is limiter (dummynet) and pf redir on the same interface.
> The transpa... Kill Bill
05:45 PM Bug #7050 (Confirmed): Limiter with PFsense 2.4 transparent proxy: The issue here is limiter (dummynet) and pf redir on the same interface.
The transparent proxy adds a rdr rule to ... Luiz Souza
09:23 PM Bug #7066: vmx(4) interfaces do not have ALTQ support on pfSense 2.4, they had ALTQ support on 2.3: I also see this on Hyper-V virtual NICs (not legacy). Perhaps this is a more generalized issue?
Michael OBrien
05:14 PM Bug #7066: vmx(4) interfaces do not have ALTQ support on pfSense 2.4, they had ALTQ support on 2.3: This appears to be caused by r263259 in FreeBSD 11 - Add Tx/Rx multiqueue support to vmx(4).
I believe that ALTQ d... Greg Siemon
05:46 PM Bug #6594: Package reinstallation post-config restore hangs if no Internet connectivity: I was just hit by this as well. In my case I am preparing to replace a device at a remote site. I used pfsense's rest... Pig Monkey
04:44 PM Bug #6099: igmpproxy does not recognize upstream interface: No problem, sh** happens ;-)
I updated my box today to version 2.4.0.b.20170103.0147.
Checked igmpproxy for new b... Philipp Haefelfinger
01:03 PM pfSense Packages Bug #6987: ntopng needs Google API key for GeoIP map: It is working on 2.3.3 snapshots as well. Kill Bill
11:21 AM pfSense Packages Bug #6987: ntopng needs Google API key for GeoIP map: Thanks, that's the information I was missing.
Stuart Wyatt
08:29 AM pfSense Packages Bug #6987: ntopng needs Google API key for GeoIP map: ntopng 2.4 is available on pfSense 2.4, and it works there. If/when the package is updated on other branches it will ... Jim Pingle
08:16 AM pfSense Packages Bug #6987: ntopng needs Google API key for GeoIP map: The bug referenced the need for ntopng version 2.4 to resolve the problem, so why is it being closed when version 2.2... Stuart Wyatt
05:28 AM pfSense Packages Bug #6987 (Closed): ntopng needs Google API key for GeoIP map: Renato Botelho
03:46 AM pfSense Packages Bug #6987: ntopng needs Google API key for GeoIP map: Apparently no patching required with ntopng-2.4.2016.10.14 - you can configure the API key in Preferences - Users - G... Kill Bill
11:53 AM Bug #7075 (Resolved): firewall states show negative value for total bytes processed: As seen in the screenshot, the "Firewall >> Rules >> LAN" page shows a negative number for total bytes processed by a... Bryan Stenson
11:42 AM Feature #4821: PPPoE WANs do not take full advantage of NIC driver queues for receiving traffic: According to this
https://lists.freebsd.org/pipermail/freebsd-net/2013-May/035564.html
Script that can solve CPU 1... Vladimir Suhhanov
11:10 AM Bug #7073 (Resolved): OpenVPN 2.4: client-cert-not-required is deprecated, replace with "verify-client-cert none": Works Jim Pingle
11:10 AM Bug #7073 (Feedback): OpenVPN 2.4: client-cert-not-required is deprecated, replace with "verify-client-cert none": Applied in changeset commit:4cfd15a94a97445d1334ad87bddf0c3700f74bf2. Jim Pingle
10:38 AM Bug #7073 (Resolved): OpenVPN 2.4: client-cert-not-required is deprecated, replace with "verify-client-cert none": In OpenVPN 2.4 "client-cert-not-required" is deprecated, the new functional equivalent directive is "verify-client-ce... Jim Pingle
11:10 AM Bug #7068 (Resolved): Prevent GCM encryption from being selected for Shared Key modes in OpenVPN: Works Jim Pingle
11:09 AM Feature #7064 (Resolved): Add LZO4 options for OpenVPN 2.4: Seems to work in every combination I've thrown at it. Jim Pingle
10:58 AM Bug #7074 (Resolved): Due to OpenVPN protocol selection changes, automatic port number guessing/adjustment is not working: After the protocol selection changes needed for #7062, the OpenVPN server page is not adjusting the port numbers like... Jim Pingle
09:56 AM Feature #7072 (Resolved): vpn_openvpn_server.php / vpn_openvpn_client.php : Add controls to OpenVPN for Negotiable Crypto Parameters: OpenVPN 2.4 automatically attempts to negotiate crypto between the client and server, due to this, the tunnel can end... Jim Pingle
09:40 AM Feature #7071 (Feedback): Add TLS Encryption (--tls-crypt) as an optional TLS Key usage type for OpenVPN 2.4: Applied in changeset commit:c854afcc3d7830414a2514a640248a5b239569a3. Jim Pingle
09:27 AM Feature #7071 (Resolved): Add TLS Encryption (--tls-crypt) as an optional TLS Key usage type for OpenVPN 2.4: OpenVPN 2.4 added --tls-crypt which works similar to --tls-auth, but also encrypts the control channel. It does not r... Jim Pingle
08:00 AM Bug #6357 (Feedback): Dynamic DNS (RFC2136) updates always considered successful: Applied in changeset commit:3bfb38f99cd1c15b5d502b3dbabc913226550d9c. Renato Botelho
07:24 AM Bug #6357 (Assigned): Dynamic DNS (RFC2136) updates always considered successful: Renato Botelho
05:30 AM Todo #7054 (Feedback): Update OpenVPN to 2.4.0: Basic updates are complete, now dealing with specific changes in separate tickets Renato Botelho
05:26 AM Bug #7070 (Duplicate): Sync username for xmlrmc seems considerate: Already fixed on 2.4.0 - see #809 Renato Botelho
05:01 AM Bug #7070 (Duplicate): Sync username for xmlrmc seems considerate: On master I do the folowing configuration:
!pfsense.png!
I have the folowing log on master :
@/rc.filter_sync... Lilian Deloche
03:49 AM pfSense Packages Bug #7067: usbhid-ups - no such file or directory: There is no such thing needed, simply reboot after installing the package. Kill Bill
03:29 AM Feature #7069: Provide knob to disable state display in Diagnostics > States until a filter has been submitted.: https://github.com/pfsense/pfsense/pull/3344 Chris Linstruth
12:53 AM Feature #7069 (Resolved): Provide knob to disable state display in Diagnostics > States until a filter has been submitted.: Diagnostics > States becomes cumbersome on systems with large state tables. Provide a mechanism to suppress the displ... Chris Linstruth
12:10 AM Feature #2358: NAT64 support: UPVOTE!
First of all, thank you for the great open source firewall product. As Apple starts to require all the new... DB Tsai

01/02/2017

09:48 PM Bug #6906 (Assigned): Issues with /tmp and /var in RAM on 2.4: On a freshly installed VM I activated the option and when it rebooted, it came up all the way but it shows no package... Jim Pingle
09:20 AM Bug #6906 (Feedback): Issues with /tmp and /var in RAM on 2.4: I've used wrong ticket # in commit log. Relevant commits are:
commit:9bf6cdc135ddf108bc08f048687130c09cd09f4b and ... Renato Botelho
09:20 PM Bug #7068 (Feedback): Prevent GCM encryption from being selected for Shared Key modes in OpenVPN: Applied in changeset commit:c13c0fd0fe547fa8e35997d7ede7f8a6b33088fa. Jim Pingle
09:18 PM Bug #7068 (Resolved): Prevent GCM encryption from being selected for Shared Key modes in OpenVPN: OpenVPN 2.4 supports GCM encryption but it cannot be used in Shared Key mode. If you attempt to activate it, OpenVPN ... Jim Pingle
08:30 PM Feature #7064 (Feedback): Add LZO4 options for OpenVPN 2.4: Applied in changeset commit:a4b3624650aa46c9dc4a20afc5b522c6b9191904. Jim Pingle
08:11 PM Bug #1994 (Rejected): Remove priority on HFSC: HFSC support priorities just as any other scheduler:
hfsc Hierarchical Fair Service Curve. Queues attached ... Luiz Souza
09:20 AM Bug #1994: Remove priority on HFSC: Is there any possibility to change the target to 2.4.1?
Or... just fix it somebody, please :) Vladimir Suhhanov
02:34 PM Bug #7062 (Resolved): OpenVPN 2.4 treats "udp" and "tcp" as dual stack now, move old preference to udp4/tcp4: OpenVPN's man page and docs say it should work but it tosses an error on the bind directive.
It appears to do the ... Jim Pingle
11:25 AM Bug #7062 (Assigned): OpenVPN 2.4 treats "udp" and "tcp" as dual stack now, move old preference to udp4/tcp4: This apparently still needs one more change. The IPv6 only modes need:... Jim Pingle
01:29 PM Bug #7057 (Resolved): Hidden field displays in browser: Anonymous
01:09 PM Bug #7066: vmx(4) interfaces do not have ALTQ support on pfSense 2.4, they had ALTQ support on 2.3: For what it's worth, I saw the same behavior with igb interfaces after restoring a 2.3 config with a shaper. Landon Timothy
09:49 AM Bug #7066 (Resolved): vmx(4) interfaces do not have ALTQ support on pfSense 2.4, they had ALTQ support on 2.3: Attempting to configure traffic shaping on a pfSense 2.4 VMware VM with vmx NICs results in an error:... Jim Pingle
12:54 PM Feature #7063 (Resolved): Add OpenVPN 2.4 ECDH options: I pushed a change with help text for DH & ECDH and also updated the doc wiki a bit: https://doc.pfsense.org/index.php... Jim Pingle
01:52 AM Feature #7063: Add OpenVPN 2.4 ECDH options: A little fix in https://github.com/pfsense/pfsense/pull/3340 Phillip Davis
11:39 AM Bug #6099: igmpproxy does not recognize upstream interface: Ooops. Sorry for the breakage.
Fixed in the latest version.
Thanks for the report. Luiz Souza
11:24 AM Feature #7061: OpenVPN 2.4 supports pushing IPv6, allow the GUI to define IPv6 OpenVPN DNS servers to push to clients.: Works fine. Client receives IPv6 DNS servers if they are configured. Jim Pingle
11:19 AM Feature #2766 (Resolved): status_openvpn.php needs IPv6 support: Works! Jim Pingle
10:42 AM pfSense Packages Bug #7067 (Closed): usbhid-ups - no such file or directory: After installing NUT and connecting a generic (Costco) CyberPower UPS, I receive the following error in the log:
u... Karl Janus
10:40 AM Bug #6972: "Are you sure you wish to?" prompts and other issues with deleting networks from network-type aliases: Applied in changeset commit:fab3c245cfb52964cebdab2ea47dddb21731352a. Anonymous
10:37 AM Bug #6972 (Feedback): "Are you sure you wish to?" prompts and other issues with deleting networks from network-type aliases: I am only able to reproduce this with Chrome but it should now be resolved. Anonymous
09:58 AM Bug #5976 (Assigned): Load cryptodev as a kernel module: reopening since crypto is not cryptodev. Pointy hat to me Renato Botelho
09:37 AM Bug #7065 (Resolved): OpenVPN Server conf files not created in /var/etc after upgrading to 2017.01.01.1906 release: Renato Botelho
08:54 AM Bug #7065: OpenVPN Server conf files not created in /var/etc after upgrading to 2017.01.01.1906 release: Working now.
Thanks again for the quick turnaround.
Jeff Wischkaemper
08:27 AM Bug #7065: OpenVPN Server conf files not created in /var/etc after upgrading to 2017.01.01.1906 release: Now it˛`s all good.
Thanks again! Greg M
08:00 AM Bug #7065: OpenVPN Server conf files not created in /var/etc after upgrading to 2017.01.01.1906 release: Yes it's building right now, we restarted the snapshot builds to make sure it gets picked up. Jim Pingle
07:57 AM Bug #7065: OpenVPN Server conf files not created in /var/etc after upgrading to 2017.01.01.1906 release: Thanks for the quick response on this Jim. I assume another snapshot will hit later this morning or early afternoon? Jeff Wischkaemper
07:50 AM Bug #7065: OpenVPN Server conf files not created in /var/etc after upgrading to 2017.01.01.1906 release: That was probably from before the sync. Clear the error and check again. If you can, reboot and see if the error is g... Jim Pingle
07:45 AM Bug #7065: OpenVPN Server conf files not created in /var/etc after upgrading to 2017.01.01.1906 release: I just have this now...
Crash report begins. Anonymous machine information:
amd64
11.0-RELEASE-p5
FreeB... Greg M
07:44 AM Bug #7065: OpenVPN Server conf files not created in /var/etc after upgrading to 2017.01.01.1906 release: OK. We will wait for it to show up in snapshots and re-test and then if it's OK there, this can be closed. Jim Pingle
07:43 AM Bug #7065: OpenVPN Server conf files not created in /var/etc after upgrading to 2017.01.01.1906 release: Yep, all works now.
Thanks! Greg M
07:36 AM Bug #7065: OpenVPN Server conf files not created in /var/etc after upgrading to 2017.01.01.1906 release: I just pushed another change that should help, give it ~5-10 mins to show up on github and then gitsync or apply that... Jim Pingle
07:34 AM Bug #7065: OpenVPN Server conf files not created in /var/etc after upgrading to 2017.01.01.1906 release: Greg M wrote:
> Ummm I`m on: 2.4.0.b.20170102.0439
> Issue persists.
Try to gitsync with master or wait next sna... Renato Botelho
07:32 AM Bug #7065: OpenVPN Server conf files not created in /var/etc after upgrading to 2017.01.01.1906 release: Ummm I`m on: 2.4.0.b.20170102.0439
Issue persists. Greg M
07:29 AM Bug #7065 (Feedback): OpenVPN Server conf files not created in /var/etc after upgrading to 2017.01.01.1906 release: This should be fixed by the PR that was merged a short while ago and is already in the latest snapshot. Update to the... Jim Pingle
07:26 AM Bug #7065: OpenVPN Server conf files not created in /var/etc after upgrading to 2017.01.01.1906 release: I am seeing the same errors as Greg, though I'm using a DH of 4096 instead of 2048.
Problem is still occurring on... Jeff Wischkaemper
07:24 AM Bug #7065: OpenVPN Server conf files not created in /var/etc after upgrading to 2017.01.01.1906 release: Forgot to add...
If I use ECDH only it works... Greg M
07:23 AM Bug #7065: OpenVPN Server conf files not created in /var/etc after upgrading to 2017.01.01.1906 release: Hi!
I`m also affected.
First thing:
Crash report begins. Anonymous machine information:
amd64
11.0... Greg M
07:05 AM Bug #7065: OpenVPN Server conf files not created in /var/etc after upgrading to 2017.01.01.1906 release: The only error that could cause the settings to not be written is if you have selected DH parameters that do not have... Jim Pingle
01:12 AM Bug #7065: OpenVPN Server conf files not created in /var/etc after upgrading to 2017.01.01.1906 release: First problem I found is if you edit/save a client, it writes the protocol description to the config, rather than the... Phillip Davis
08:05 AM Bug #7059 (Resolved): firewall_rules_edit.php - strlen error when there are input errors: Looks good, no more strlen error. Jim Pingle
04:51 AM Bug #7059 (Feedback): firewall_rules_edit.php - strlen error when there are input errors: PR has been merged Renato Botelho
04:15 AM Bug #5218: CSRF magic modifies content in pfSense interface: No, it's back again on my installation (2.3.2), in my case while editing php files with embedded html Raffaele Candeliere

01/01/2017

11:34 PM Bug #7065 (Resolved): OpenVPN Server conf files not created in /var/etc after upgrading to 2017.01.01.1906 release: After upgrading to the latest release (20170101.1906), OpenVPN server conf files are not populated in the /var/etc di... Jeff Wischkaemper
06:58 PM Feature #7064 (Resolved): Add LZO4 options for OpenVPN 2.4: OpenVPN 2.4 added support for LZO4 which gets better performance and consumes less CPU... Jim Pingle
06:30 PM Feature #7063 (Feedback): Add OpenVPN 2.4 ECDH options: Applied in changeset commit:f888c35aa25b38cdf5b1a73fc65ed6959451bfe0. Jim Pingle
06:23 PM Feature #7063 (Resolved): Add OpenVPN 2.4 ECDH options: OpenVPN 2.4 added two ECDH-related options:
1. Settings "dh" to "none" tells OpenVPN to use only ECDH and not DH
... Jim Pingle
06:03 PM Bug #7057: Hidden field displays in browser: Using the addGlobal() method is the best way to do this as Phil has demonstrated. That creates a simple input without... Anonymous
04:49 PM Feature #5549: Additional DNS entries in General Setup would be good for 3 or more WAN's: Yup. It'd be awesome if those settings were moved to the relevant place (i.e., DNS forwarder/resolver settings). This... Kill Bill
03:29 PM Feature #5549: Additional DNS entries in General Setup would be good for 3 or more WAN's: That's for the host resolver itself -- dnsmasq and unbound in forwarding mode will pick up more. Jim Pingle
03:01 PM Feature #5549: Additional DNS entries in General Setup would be good for 3 or more WAN's: Maybe someone could instead fix/nuke the misleading note from the GUI, instead of putting in more DNS servers that wi... Kill Bill
01:00 PM Feature #5549: Additional DNS entries in General Setup would be good for 3 or more WAN's: this is true add ipv6 and it has even more need
Michael Kellogg
04:00 PM Bug #7062 (Feedback): OpenVPN 2.4 treats "udp" and "tcp" as dual stack now, move old preference to udp4/tcp4: Applied in changeset commit:ca3666766588538934bedc6933934fbadb9249ef. Jim Pingle
03:47 PM Bug #7062 (Resolved): OpenVPN 2.4 treats "udp" and "tcp" as dual stack now, move old preference to udp4/tcp4: OpenVPN 2.4 changed the meaning of "udp" and "tcp" to be dual stack, listening on IPv6 on all interfaces at once. "lo... Jim Pingle
01:40 PM Feature #7061 (Feedback): OpenVPN 2.4 supports pushing IPv6, allow the GUI to define IPv6 OpenVPN DNS servers to push to clients.: Applied in changeset commit:6a638752c8a3861a3309c3dc8d557c8904ff84d6. Jim Pingle
01:31 PM Feature #7061 (Resolved): OpenVPN 2.4 supports pushing IPv6, allow the GUI to define IPv6 OpenVPN DNS servers to push to clients.: OpenVPN 2.4 supports pushing IPv6, allow the GUI to define IPv6 OpenVPN DNS servers to push to clients.
To me, I h... Jim Pingle
11:58 AM Bug #7036: 2.4 ZFS on RCC-VE 2440 hangs: I also have the same issue on my RCC-VE 2440. I've tried with both Bios 06 and 08, same issue. It takes 15-20 minut... J Harnick
11:30 AM Feature #2766 (Feedback): status_openvpn.php needs IPv6 support: Applied in changeset commit:bffa3185a63cbdd727701704d3b82abd7c61a78c. Jim Pingle
09:16 AM Feature #2766: status_openvpn.php needs IPv6 support: It's finally there in OpenVPN 2.4!
And since it's caused the status page to report fields incorrectly, it needs to... Jim Pingle
10:31 AM Bug #6340: fsck hangs boot in background, fails to produce any action, resulting in broken firewall: Turn off sync mode.
On a clean system, before an issue crops up. It will let UFS do what it does, and not genera... ky41083 -
08:00 AM Todo #7060 (Rejected): Logically organise various backup/restore functions?: We don't like to move things just to move them, unless it's worth updating all of the documentation and other related... Jim Pingle
07:13 AM Todo #7060 (Rejected): Logically organise various backup/restore functions?: I'd like to do a quick reorganise of the various backup and restore functions in the GUI. While not a huge problem it... Stilez y
05:32 AM Feature #4632: Support for Multipath TCP (MPTCP): Hello,
Could you please add this feature on 2.4.0 version? serdar kekik
05:11 AM Bug #2247: Misleading security permission: Next round of possibilities in PR https://github.com/pfsense/pfsense/pull/3337 Phillip Davis

12/31/2016

10:33 PM Bug #7059: firewall_rules_edit.php - strlen error when there are input errors: Try PR https://github.com/pfsense/pfsense/pull/3334 Phillip Davis
09:31 AM Bug #7059 (Resolved): firewall_rules_edit.php - strlen error when there are input errors: Craft an invalid firewall rule, such as one set for IPv4 with an IPv6 src/dst, and when the input errors are displaye... Jim Pingle
07:45 AM Bug #7058: Alias type-checking issues: You cannot specify either one in the rule directly because it doesn't make sense. Use an alias with mixed contents in... Jim Pingle
07:31 AM Bug #7058: Alias type-checking issues: In which case flip the question on-end, why does the code (_firewall_rules_edit.php_) seem to disallow IPv4 and IPv6 ... Stilez y
07:01 AM Bug #7058 (Not a Bug): Alias type-checking issues: What's the bug here?
pf allows mixed aliases and only uses appropriate addresses when matching. We allow it becaus... Jim Pingle
04:50 AM Bug #7058 (Not a Bug): Alias type-checking issues: pfSense really needs a more strongly type-checked alias system/API/library.
Current example: often these days a s... Stilez y
07:25 AM Bug #6099: igmpproxy does not recognize upstream interface: edit: 31-12-2016
I've established a working setup, using the develop version, already on theh box.
When I disable... Vincent Gijsen
05:04 AM Bug #6099: igmpproxy does not recognize upstream interface: Philipp Haefelfinger wrote:
> Is this commit in the latest build applied? If yes, there seems to be something buggy ... Vincent Gijsen
07:23 AM Bug #2247: Misleading security permission: See "PR 3331":https://github.com/pfsense/pfsense/pull/3331 . Note added to assignment pages, probably suffices? Stilez y
05:50 AM Bug #2247: Misleading security permission: And as soon as you have "Diagnostics->Edit File" you can change whatever code you like, so you can add/modify code to... Phillip Davis
05:07 AM Bug #2247: Misleading security permission: I suppose that "WebCfg - All pages" includes shell command prompt, so it's clearly on reflection going to have shell ... Stilez y
05:27 AM Bug #7057: Hidden field displays in browser: PR https://github.com/pfsense/pfsense/pull/3329
I made the "Floating" field be created with the same construction as... Phillip Davis
03:40 AM Bug #7057 (Resolved): Hidden field displays in browser: _firewall_rules_edit.php_ on Firefox 50.1, see attached screenshot
Html looks correct (contains "hidden" parameter... Stilez y
05:11 AM Bug #2873: IPv6 rules, filter by protocol: As of 2.3.x the original issue is resolved (it's now allowed/valid) so this issue can be closed as resolved Stilez y

12/30/2016

08:51 PM Bug #6911: no network on hyperv-v 2012 R1: This is not so easy, there are a lot more relevant commits to MFC, a lot. Luiz Souza
05:17 AM Bug #6911: no network on hyperv-v 2012 R1: This seems to be relevant commit - https://svnweb.freebsd.org/base?view=revision&revision=306433
Assign to Luiz for ... Renato Botelho
06:43 PM Bug #7053: OpenVPN Client Specific Overrides - GUI Omissions and Errors: I think I understand why the text under Remote networks is written the way it is now. Apologies for the misunderstan... Greg Siemon
06:20 PM Bug #7053: OpenVPN Client Specific Overrides - GUI Omissions and Errors: All of the settings are from the perspective of the server, even the override. The descriptions reflect this, they do... Jim Pingle
05:25 PM Bug #7053: OpenVPN Client Specific Overrides - GUI Omissions and Errors: Jim Pingle wrote:
> The wording of IPv4 Remote Networks is correct. The box defines a client-side network ("routed _... Greg Siemon
10:10 AM Bug #7053: OpenVPN Client Specific Overrides - GUI Omissions and Errors: OpenVPN 2.4 makes it more obvious that you can't mix static IPv4 in an override with dynamic IPv6, so there is a grea... Jim Pingle
07:16 AM Bug #7053: OpenVPN Client Specific Overrides - GUI Omissions and Errors: The wording of IPv4 Remote Networks is correct. The box defines a client-side network ("routed _to_ this client") for... Jim Pingle
01:59 AM Bug #7053 (Resolved): OpenVPN Client Specific Overrides - GUI Omissions and Errors: The OpenVPN Client Specific Overrides page under OpenVPN settings only has a single Tunnel Network field. In fact t... Greg Siemon
02:37 PM Bug #6981: IPv6, rc.newwanipv6, flooding log and resets connection periodically: Happy to helped. Last good action for 2016.
Happy new year^^ Marcel Mayer
12:02 PM Bug #6981: IPv6, rc.newwanipv6, flooding log and resets connection periodically: It does work for me now - Marcel's hint to check "Request only an IPv6 prefix" was indeed correct. After two more reb... Arno Gramatke
11:00 AM Bug #7050: Limiter with PFsense 2.4 transparent proxy: Luiz good afternoon, I have two files as you requested, one working perfectly, which is called BKP_2.1.5_Functionando... Nelson Junior
09:36 AM Todo #7054 (Assigned): Update OpenVPN to 2.4.0: Package was updated as well Renato Botelho
07:33 AM Todo #7054 (Resolved): Update OpenVPN to 2.4.0: Update OpenVPN to 2.4.0 and make necessary adjustments. Noted after a quick look:
* Remove tun-ipv6 from config si... Renato Botelho
08:08 AM Bug #7056: Add gpg keys to repo for proper iso download verification method: Ah, I had assumed it was simply two httpd's on the same box as they had an adjacent IP address.
Still however, if ... John Smith
07:59 AM Bug #7056 (Duplicate): Add gpg keys to repo for proper iso download verification method: Duplicate of #4472
That said, a _copy_ of the hash is on the same server as the files, but the hash is also availa... Jim Pingle
07:49 AM Bug #7056 (Duplicate): Add gpg keys to repo for proper iso download verification method: Currently there is no legitimate way to properly verify the .iso download has not been tampered with.
The sha256 f... John Smith
07:40 AM pfSense Packages Todo #7055 (Resolved): Update OpenVPN Client Export package with OpenVPN 2.4: OpenVPN 2.4 has made a few changes to the Windows installer that may need accounting for. See https://community.openv... Jim Pingle
07:07 AM Bug #6982: Nested Aliases with FQDNs do not populate parent table in some cases: Port aliases work again with that last commit. Will leave it open waiting for feedback to make sure the original issu... Jim Pingle
05:50 AM Bug #6982 (Feedback): Nested Aliases with FQDNs do not populate parent table in some cases: Applied in changeset commit:631217f488c682ce4ffa8af5d0c54b03c016af46. Renato Botelho
05:49 AM Feature #7051 (Feedback): Allow control of what users can view and/or clear notices: PR has been merged, thanks! Renato Botelho

12/29/2016

08:28 PM Bug #6982 (Assigned): Nested Aliases with FQDNs do not populate parent table in some cases: This fix broke port aliases.
With this commit, port aliases are empty:... Jim Pingle
08:03 PM Bug #6852: Commit 8f86722 breaks DHCPv6 leases status page: were the files I uploaded any help or is something more needed? Michael Kellogg
08:02 PM Bug #6594: Package reinstallation post-config restore hangs if no Internet connectivity: I'm running into this right now. Not a big network guy, just trying to replace our small business' router with a SG-4... Kevin Wojniak
05:05 PM Bug #6972: "Are you sure you wish to?" prompts and other issues with deleting networks from network-type aliases: I'll take care of it :) Anonymous
04:52 PM Bug #6972: "Are you sure you wish to?" prompts and other issues with deleting networks from network-type aliases: Renato Botelho wrote:
> It happens when you click on fa-trash icon. If you click on other areas of the button confir... Kill Bill
12:28 PM Bug #6972 (Confirmed): "Are you sure you wish to?" prompts and other issues with deleting networks from network-type aliases: I've found the way to reproduce it. It happens when you click on fa-trash icon. If you click on other areas of the bu... Renato Botelho
04:59 PM Bug #7042 (Feedback): DHCP client configures wrong address in some circumstances (setfirst support missing from ifconfig): Luiz Souza
03:19 PM Bug #6099: igmpproxy does not recognize upstream interface: Is this commit in the latest build applied? If yes, there seems to be something buggy with the fix.
I just updated m... Philipp Haefelfinger
01:50 PM Bug #6920 (Feedback): Upgrading to 2.4 with a stale package .inc file can prevent the system from fully booting after upgrade: Applied in changeset commit:fef29f5aee32899b72886f8a0c00205bf0f2fc09. Renato Botelho
01:01 PM Bug #7052 (Rejected): Fails to monitor ipv6 gateway: From log... Roger Skjetlein
12:48 PM Feature #6746 (Feedback): Option to select dark or misc background for Traffic Graphs when a dark theme is selected.: New traffic graphs respect theme colors. Should be OK now Renato Botelho
12:33 PM pfSense Packages Feature #6831: Snort does not support aliases containing FQDN: Keeping it opened for reference but I'm not sure if Bill Meeks will implement it based on his comments on the forum t... Renato Botelho
09:44 AM Feature #6045: Updates that do not require a reboot should run reroot: Jim Pingle wrote:
> Doing a reroot style restart works nicely on its own, need to test it during an upgrade to know ... Renato Botelho
09:27 AM Feature #6045: Updates that do not require a reboot should run reroot: Doing a reroot style restart works nicely on its own, need to test it during an upgrade to know for sure how it handl... Jim Pingle
08:53 AM Feature #6045 (Feedback): Updates that do not require a reboot should run reroot: Done. pfSense-upgrade 0.11 on recent 2.4.0 system will do the trick Renato Botelho
09:40 AM Bug #7050: Limiter with PFsense 2.4 transparent proxy: Nelson, can you submit (even privately if you prefer) a copy of your working settings for the 2.1.x version and also ... Luiz Souza
07:06 AM Bug #7050: Limiter with PFsense 2.4 transparent proxy: Not sure what's special about 2.4 here; this has _never_ worked since the hidden rules created by the package when se... Kill Bill
06:58 AM Bug #7050 (Resolved): Limiter with PFsense 2.4 transparent proxy: Good morning Luiz, is as follows, transparent proxy use with the limiter by ip, what happens is that when setada the ... Nelson Junior
07:53 AM Todo #7047 (Resolved): Update status.php with new info helpful to support staff: Seems to all be working and sufficient. Can add more later if needed. Jim Pingle
07:53 AM Bug #3454 (Resolved): Acknowledge all notices is presented to users who do not have privilege: Renato Botelho
07:19 AM Bug #3454: Acknowledge all notices is presented to users who do not have privilege: The changes here fix this bug report.
For a followon feature request to implement control of view/clear notices see:... Phillip Davis
07:53 AM Feature #7046 (Resolved): Bring back a method of viewing the gateway status from the shell and status output: Works great Jim Pingle
07:48 AM Bug #7045 (Resolved): PHP Shell outputs startup message when running a playback script: Fixed Jim Pingle
07:21 AM Feature #7051: Allow control of what users can view and/or clear notices: Proposed code in PR https://github.com/pfsense/pfsense/pull/3322 Phillip Davis
07:16 AM Feature #7051 (Resolved): Allow control of what users can view and/or clear notices: Use case:
A user with minimal page privs (e.g. can just change their password, or access a few status pages or...) s... Phillip Davis
05:58 AM pfSense Packages Bug #7049 (Rejected): Problema No Limiter Com Proxy Transparente 2.4 Beta: After talk with Nelson on facebook he agreed to open a new ticket in english Renato Botelho

12/28/2016

06:43 PM pfSense Packages Bug #7049 (Rejected): Problema No Limiter Com Proxy Transparente 2.4 Beta: boa noite, estou tendo problemas no limiter funcionando com proxy transparente, nas versões acima da 2.1.5, todas tes... Nelson Junior
01:40 PM pfSense Packages Bug #7048: Add IPv6 support to squid: Squid's own capabilities mean nothing here. You need support in the underlying OS to work with. Even if I made all th... Kill Bill
01:32 PM pfSense Packages Bug #7048: Add IPv6 support to squid: Regarding the comment, "The NAT used for transparent IPv4 proxy won't work, and there's nothing to hook into regardin... Matthew Hall
01:25 PM pfSense Packages Bug #7048: Add IPv6 support to squid: A couple of notes on this: The only part of Squid working with IPv6 is the reverse proxy (though, that's not advertis... Kill Bill
01:11 PM pfSense Packages Bug #7048: Add IPv6 support to squid: Corrected subject - This is not a "bypass" in the way that is stated. The squid package only supports IPv4 currently.... Jim Pingle
01:03 PM pfSense Packages Bug #7048 (Resolved): Add IPv6 support to squid: Missing IPv6 support in the squid package allows traffic to escape intended inspection and apparently also the firewa... Matthew Hall
01:13 PM Feature #7046 (Feedback): Bring back a method of viewing the gateway status from the shell and status output: Last part of this was implemented by #7046 Jim Pingle
12:50 PM Feature #7046 (Resolved): Bring back a method of viewing the gateway status from the shell and status output: Since the switch to dpinger, there is no easy way to view the gateway status from the shell. Having the gateway statu... Jim Pingle
01:10 PM Todo #7047 (Feedback): Update status.php with new info helpful to support staff: Applied in changeset commit:84fe48d414dc59ffd236b072000f07ea7423380e. Jim Pingle
01:02 PM Todo #7047 (Resolved): Update status.php with new info helpful to support staff: Items to add:
* The firewall platform and serial number
* ARP Table
* NDP Table
* Gateway status (See #7046)
* Z... Jim Pingle
01:10 PM Bug #7045 (Feedback): PHP Shell outputs startup message when running a playback script: Applied in changeset commit:337822a39bfd89c011cfda4092a6e5e409a7dbcf. Jim Pingle
12:49 PM Bug #7045 (Resolved): PHP Shell outputs startup message when running a playback script: When running a playback script, there is extra output from pfSsh.php that is unnecessary:... Jim Pingle
11:34 AM Feature #7044 (Duplicate): Gateway Monitoring - Add More IPs: Jim Pingle
11:18 AM Feature #7044: Gateway Monitoring - Add More IPs: See #6989 Kill Bill
10:31 AM Feature #7044 (Duplicate): Gateway Monitoring - Add More IPs: I would like to request that it be possible to add more than one ip to monitor the gateway (s), today we have the pos... Douglas Silva
09:40 AM Bug #3454 (Feedback): Acknowledge all notices is presented to users who do not have privilege: Applied in changeset commit:fe80b3aac6ddd661c7a2daf52ad54f1722915590. Phillip Davis
12:45 AM Bug #3454: Acknowledge all notices is presented to users who do not have privilege: Bug fix PR https://github.com/pfsense/pfsense/pull/3319
I will raise another feature issue to discuss what could b... Phillip Davis
09:30 AM Bug #7043 (Feedback): If user does not have crash_reporter page access the crash reported link is useless: Applied in changeset commit:c87eeb08acc6d5d0fd642e50990b93b7137657ee. Phillip Davis
02:00 AM Bug #7043: If user does not have crash_reporter page access the crash reported link is useless: PR https://github.com/pfsense/pfsense/pull/3321 Phillip Davis
01:59 AM Bug #7043 (Resolved): If user does not have crash_reporter page access the crash reported link is useless: When the user clicks "here" for more information, nothing happens, because they do not have carsh_reporter page acces... Phillip Davis
07:58 AM pfSense Packages Bug #7028: Squid - all javascript broken by bootstrap conversion: Steve Beaver wrote:
> Right. It is not "A new bug", it is the original bug that has just been fixed.
https://gith... Luiz Gustavo S. Costa
07:56 AM pfSense Packages Bug #7028: Squid - all javascript broken by bootstrap conversion: Right. It is not "A new bug", it is the original bug that has just been fixed. Anonymous
07:49 AM pfSense Packages Bug #7028: Squid - all javascript broken by bootstrap conversion: None of those fixes are in 2.3.2 so it's just pointless to test anything there. Kill Bill
07:36 AM pfSense Packages Bug #7028: Squid - all javascript broken by bootstrap conversion: A new bug is revelead, see:
!http://i.imgur.com/U6Ggy4d.png!
The syntax is duplicated.
New installation from... Luiz Gustavo S. Costa
05:22 AM Bug #6982 (Resolved): Nested Aliases with FQDNs do not populate parent table in some cases: Renato Botelho

12/27/2016

07:39 PM Bug #6982: Nested Aliases with FQDNs do not populate parent table in some cases: This is working well for me with changeset applied using system patches on 2.3.2_1 that I was using in my initial tes... Chris Linstruth
01:30 PM Bug #6982 (Feedback): Nested Aliases with FQDNs do not populate parent table in some cases: Applied in changeset commit:5d1cf6f5cf85c6371078e288172da1e05df1380c. Renato Botelho
06:21 PM pfSense Packages Bug #6527: Squid 3.5 - Deprecated "ssl_bump server-first all" don't allow SNI in transparent mode with HTTPS/SSL Interception: https://github.com/pfsense/FreeBSD-ports/pull/242
Kindly test and report back either here, and/or @ https://forum.... Kill Bill
03:44 PM Bug #7042: DHCP client configures wrong address in some circumstances (setfirst support missing from ifconfig): Simplest way to reproduce this is to use a DNS Resolver override for "setfirst" and the firewall's domain, set to an ... Jim Pingle
03:31 PM Bug #7042 (Resolved): DHCP client configures wrong address in some circumstances (setfirst support missing from ifconfig): In certain circumstances a DHCP client interface gets configured with an incorrect address. The address that should b... Jim Pingle
02:47 PM pfSense Packages Bug #7017 (Resolved): Squid NT Domain authentication is broken: Renato Botelho
02:19 PM pfSense Packages Bug #7017: Squid NT Domain authentication is broken: Broken feature gone -> can be closed. Thanks. Kill Bill
06:35 AM pfSense Packages Bug #7017 (Feedback): Squid NT Domain authentication is broken: PR has been merged, thanks! Renato Botelho
01:35 PM Bug #3560 (Feedback): Disabled Static Route not fully disabled: PR has been merged, thanks! Renato Botelho
06:04 AM Bug #3560: Disabled Static Route not fully disabled: See PR https://github.com/pfsense/pfsense/pull/3312 Phillip Davis
10:13 AM Feature #3151 (Resolved): Disable gateway monitoring actions without disabling gateway monitoring: Works here, too. Gateway status shows it going up/down but no actions are taken when it transitions. Jim Pingle
01:52 AM Feature #3151: Disable gateway monitoring actions without disabling gateway monitoring: Been working for me, but it would be good to get some feedback from anyone else who has tried/tested this. Phillip Davis
06:36 AM pfSense Packages Feature #6593 (Feedback): squid: allow user to configure DH key size, SINGLE_DH_USE, NO-SSLv3, Cipher-Suites - performance improvement hint: PR has been merged, thanks! Renato Botelho
06:36 AM pfSense Packages Bug #6592 (Feedback): squid does NOT use EDH and EECDH cipher suites because "tls-dh" is not configured and so these ciphers are silently dropped - see squid documentation: PR has been merged, thanks! Renato Botelho

12/26/2016

09:36 PM Bug #7036: 2.4 ZFS on RCC-VE 2440 hangs: Running bios version 08 (ADI_RCCVE-01.00.00.08-nodebug) with no change. pfSense-CE-memstick-ADI-2.4.0-BETA-amd64-2016... qubit nano
11:26 AM Bug #7036 (Feedback): 2.4 ZFS on RCC-VE 2440 hangs: Follow the procedure at http://netgate.com/docs/reference/adi-bios-flash.html#adi-bios-flash-procedure and update to ... Jim Pingle
07:36 PM Bug #7041 (Rejected): Not all mobile IPsec phase 2 entries pass traffic through the correct interface: Most likely a configuration error. Please post on the forum for discussion before opening a bug report. Jim Pingle
07:24 PM Bug #7041 (Rejected): Not all mobile IPsec phase 2 entries pass traffic through the correct interface: My phase 2 configuration is as follows:
VLAN 10 [Home]- 192.168.1.0/24
VLAN 12 [VMs] - 10.1.2.0/24
VLAN 13 [Lega... Jameson P
05:05 PM pfSense Packages Feature #2133 (Closed): Add ET's SidReporter to snort package: Jim Pingle
04:55 PM pfSense Packages Feature #2133: Add ET's SidReporter to snort package: Cannot be downloaded anywhere, another thing killed by Proofpoint.
Close please. Kill Bill
09:59 AM Bug #7038 (Confirmed): SG-1000 Quagga zebra service fails to start with signal 6 abort: Confirmed, happens even with a very basic config (one interface, dummy password, standard router ID and area filled i... Jim Pingle
07:54 AM pfSense Packages Bug #6592: squid does NOT use EDH and EECDH cipher suites because "tls-dh" is not configured and so these ciphers are silently dropped - see squid documentation: https://github.com/pfsense/FreeBSD-ports/pull/241
Kill Bill
07:54 AM pfSense Packages Feature #6593: squid: allow user to configure DH key size, SINGLE_DH_USE, NO-SSLv3, Cipher-Suites - performance improvement hint: https://github.com/pfsense/FreeBSD-ports/pull/241
Added options matching the reverse proxy options (modern/interme... Kill Bill
06:50 AM pfSense Packages Bug #6636 (Resolved): Squid Reverse Proxy with Additional IP and compatibility="Intermediate" writes bad squid.conf: Renato Botelho
05:23 AM pfSense Packages Bug #6636: Squid Reverse Proxy with Additional IP and compatibility="Intermediate" writes bad squid.conf: Works. Kill Bill
02:56 AM Bug #7040 (Resolved): Issue when disabling an interface: I am using the interfaces like this :
ix0
ix0_vlan1
ix0_vlan35
I just want to disable only ix0, but still h... Alexandre Paradis
02:38 AM pfSense Packages Bug #7039 (Feedback): HAProxy backend configuration does not handle intermediate CAs properly: In HAProxy backend settings, when configuring a server, there is the option to have it validate SSL certificates agai... Stéphane Lapie
02:33 AM Bug #6981: IPv6, rc.newwanipv6, flooding log and resets connection periodically: I'm confused as to why they would issue a /64 PD on the wan.
dhcp6c does ask for renew, as shown in the attached i... Martin Wasley

12/25/2016

11:47 PM Bug #7027: Dynamic DNS dyndns.org no longer updates: Tony Mace wrote:
> Kill Bill wrote:
> > Try with 2.3.3 snapshots.
>
> Am using "2.3.3.a.20161220.0605" right now... Tony Mace
10:31 PM Bug #7038: SG-1000 Quagga zebra service fails to start with signal 6 abort: Relevant logs (system.log):... Ryan H
10:24 PM Bug #7038 (Resolved): SG-1000 Quagga zebra service fails to start with signal 6 abort: Quagga_OSPF 0.6.16 package installed from package manager. Using config pasted below (raw, not assisted). OSPFd servi... Ryan H
08:45 AM Bug #7037 (Not a Bug): CPU frequency in System Information: If the frequency is at maximum, the information is redundant and thus hidden. There isn't any reason to think it isn'... Jim Pingle
04:48 AM Bug #7037: CPU frequency in System Information: That seems reasonable, but resizing the column on refresh is not pretty. I don't see any reason to why it should't sh... Aslak Sande
04:00 AM Bug #7037: CPU frequency in System Information: This only shows when the actual CPU freq is lower than max. By taxing the CPU with reloading the dashboard every 5 se... Kill Bill
12:09 AM Bug #7037 (Not a Bug): CPU frequency in System Information: On dashboard under "CPU Type" the "Current" frequency rarely appears. Maybe 1 in 10 refreshes? This is with refresh i... Aslak Sande

12/24/2016

07:44 PM Feature #4821: PPPoE WANs do not take full advantage of NIC driver queues for receiving traffic: I would like to add that I am also experiencing this issue. I would love to see this fixed in pfSense 2.4 if possible... Chris Allen
03:16 AM Bug #6930: DHCP server should be disabled for /31 and /32: Yup looks much better looking at the error message in the source code. Andy Kniveton
01:13 AM Bug #6930: DHCP server should be disabled for /31 and /32: Something like https://github.com/pfsense/pfsense/pull/3309 ? Phillip Davis

12/23/2016

07:32 PM Bug #7036 (Not a Bug): 2.4 ZFS on RCC-VE 2440 hangs: RCC-VE 2440, bios version 6
Downloaded 2.4.0.b.20161223.0723 and did a clean install. Auto ZFS, default values, se... qubit nano
06:47 PM Feature #7035: Make webgui authentication logs less invasive: I don't want to disable them, I feel knowing that is very useful, I just don't want them spilling out on my shell, es... Victor Coss
06:45 PM Feature #7035 (Rejected): Make webgui authentication logs less invasive: Login events are always logged that way for security reasons. If you want to disable those messages, use the "Disable... Jim Pingle
06:33 PM Feature #7035: Make webgui authentication logs less invasive: Just a note, I've only had the SG-1000 a few days so I haven't updated the DNS on the syslog box yet, so it shows the... Victor Coss
06:16 PM Feature #7035 (Rejected): Make webgui authentication logs less invasive: I'm not sure why, I'm guessing intentional, but webgui events, such as logins to the webgui, when they are logged can... Victor Coss
03:03 PM Bug #7003: autoboot_delay on 2.4.0: Ok thank you :) Ken Sim
12:52 PM Bug #7003: autoboot_delay on 2.4.0: Ken Sim wrote:
> Am I correct that this is only set during install and we have to set it manually if already install... Renato Botelho
02:41 PM Bug #6099 (Feedback): igmpproxy does not recognize upstream interface: Fix committed.
Thanks! Luiz Souza
02:07 PM Bug #6930: DHCP server should be disabled for /31 and /32: It now doesn't enable dhcp on a /31 or /32 subnet, IMO the message "The DHCP Server can only be enabled on interfaces... Andy Kniveton
10:48 AM Bug #6981: IPv6, rc.newwanipv6, flooding log and resets connection periodically: The Address given to the WAN interface is more or less irrelevant, cause it's not realy necessary for your firewall r... Marcel Mayer
08:52 AM Bug #6981: IPv6, rc.newwanipv6, flooding log and resets connection periodically: When I check "Request only an IPv6 prefix" the WAN interface uses the first /64 prefix (prefix ID 0) out of the /56 p... Arno Gramatke
05:04 AM Bug #6981: IPv6, rc.newwanipv6, flooding log and resets connection periodically: In my opinion we are not talking about a bug any more.
The problem seems to be a missconfiguration ...
For DTAG "... Marcel Mayer
04:33 AM Bug #6981: IPv6, rc.newwanipv6, flooding log and resets connection periodically: The ISP (Deutsche Telekom) doesn't supply a router, so I can't do any Wireshark capture there. The German Telekom use... Arno Gramatke
10:14 AM Bug #6857 (Resolved): local_sync_accounts fails during boot when using ldap on a non-local network or hostname: Works, no failures or delays when booting with a remote LDAP server. Jim Pingle
10:13 AM Bug #6367 (Resolved): Long delays with LDAP enabled w/local users during boot at "Synchronizing user settings...": Works, no delay on boot with LDAP enabled when local accounts sync Jim Pingle
09:52 AM Bug #6761 (Not a Bug): Limiter doesn't limit at correct bandwidth: No response from the OP here or on Reddit. I can't reproduce this on a current 2.4 snapshot (also on vmware with vmxn... Jim Pingle
09:44 AM Feature #6899 (Resolved): Can't specify PPTP/L2TP gateway as FQDN: Works as expected with that last commit, when the client can resolve the hostname it connects. Jim Pingle
09:40 AM Feature #6899 (Feedback): Can't specify PPTP/L2TP gateway as FQDN: Applied in changeset commit:35d393f04add76d7f5ac55fb33aaa955f354b5b8. Jim Pingle
09:18 AM Feature #6899 (Assigned): Can't specify PPTP/L2TP gateway as FQDN: The JS input validation still rejects hostnames on the page. I'll push a fix shortly. Jim Pingle
09:24 AM Bug #6659 (Resolved): Default routes are not being removed after deletion: Works as expected now. Jim Pingle
09:14 AM Bug #6980 (Resolved): L2TP WAN gateway is missing the type at the end of its dynamic name: Works Jim Pingle
09:10 AM Bug #7005 (Resolved): IPsec mss clamping not working for mobile clients: Works Jim Pingle
09:06 AM Bug #6879 (Resolved): GUI doesn't show rebooting notification after upgrading: I've been keeping an eye on this and haven't seen it fail in quite some time. Every update I've run on any platform (... Jim Pingle
09:05 AM Bug #6869 (Resolved): Diagnostics / Routes Truncates Destination and Gateway Names: Works Jim Pingle
09:02 AM Bug #6668: IPSec tunnel + L2TP/IPSec VPN - wrong PSK chosen by pfSense: No response from the OP, can't seem to reproduce it.
If someone can reproduce it and test a potential fix, please ... Jim Pingle
08:55 AM Bug #6224 (Resolved): Firewall NAT Edit forgets dst type selection after reporting input errors: Works as expected now Jim Pingle
08:53 AM Bug #6094 (Resolved): VIP Other subnet does not expand into NAT entries: Works Jim Pingle
08:45 AM Bug #6976 (Resolved): Interface group and alias with same name creates firewall syntax error: All of the problem cases work as expected now. Names are rejected as being in use, I was not able to make a conflict. Jim Pingle
08:43 AM Bug #6892 (Resolved): CARP VIPs Deleted entering CARP Maintenance Mode: Works, VIPs are still there and their skews are raised as expected. Secondary takes over like it should. Comes out of... Jim Pingle
08:42 AM Bug #7034: NTP Orphan Mode stratum setting is not displayed in input field: Wow, that was fast :)
Thanks, and happy holidays! Thomas Rieschl
07:30 AM Bug #7034 (Feedback): NTP Orphan Mode stratum setting is not displayed in input field: Applied in changeset commit:d0db0f9bcae3d368c2d83cc7bc4b888fd07eade3. Jim Pingle
07:23 AM Bug #7034 (Confirmed): NTP Orphan Mode stratum setting is not displayed in input field: Jim Pingle
03:59 AM Bug #7034 (Resolved): NTP Orphan Mode stratum setting is not displayed in input field: The "Orphan Mode" setting in the NTP config is not displayed in the input form field.
It is used, though. I checke... Thomas Rieschl
08:35 AM Bug #4815 (Resolved): NTP status widget shows truncated IPv6 address: Works Jim Pingle
08:24 AM Todo #7032 (Resolved): Make a lack of ALTQ-capable interfaces more obvious to the user: Looks much more obvious, hopefully it's clear to users now. Jim Pingle
08:23 AM Bug #7019 (Resolved): XSS issues in captive portal status pages: Seems fine now, and the sorting on the CP status page that was affected was also ripped out & replaced (see commit:e1... Jim Pingle
08:21 AM Todo #7021 (Resolved): system_advanced_network.php Deprecate/remove Device Polling on 2.4: It's all gone. Jim Pingle
08:20 AM Bug #7008 (Resolved): OpenVPN sever unable to authenticate users on 2.4: Works Jim Pingle
08:20 AM Bug #7002 (Resolved): OpenVPN unable to use authentication server with ampersand in descriptive name: Works Jim Pingle
08:19 AM Bug #7001 (Resolved): Certificate manager requiring private key when importing CA certificate authority: Works Jim Pingle
08:17 AM Bug #6838 (Resolved): bsnmpd logs errors when /etc/printcap is missing: Seems to be fine now, no more log spam and the dummy printcap file is there as expected. Jim Pingle
08:16 AM Bug #6741 (Resolved): /etc/rc.initial does not trap CTRL-C back to console menu but rather to # prompt.: Works well. I went into several console menu options and confirmed ^C returned to the menu from all of them rather th... Jim Pingle
08:15 AM Bug #6634 (Resolved): DHCP Server "TFTP Server" field should allow URLs: Works fine.
The TFTP field itself had a different issue as well, see commit:9d9736d7bf456a441e3cb95421cfed429502e220 Jim Pingle
08:10 AM Bug #6472 (Resolved): Disabling NAT (port forward) rule does not disable the associated firewall rule: Works, associated rules are toggled together with the NAT rule when the NAT rule is changed. Jim Pingle
08:09 AM Bug #6391 (Resolved): View Current Portal Page goes to wrong URL: Works correctly now Jim Pingle
08:08 AM Bug #6016: ovpn-linkup not populating IPv6 gateways: Great! Thank you! Jose Luis Duran
08:07 AM Bug #6016 (Resolved): ovpn-linkup not populating IPv6 gateways: Works Jim Pingle
07:45 AM Bug #7025 (Resolved): wizard.php?xml=setup_wizard.xml - Setup wizard is flagging valid LAN IP addresses as invalid: Anonymous
06:33 AM Bug #7033 (Duplicate): Hidden rule break the policy routing: Duplicate of #1136
If you must have a second gateway on WAN, add floating rules to match the outbound traffic to o... Jim Pingle
02:41 AM Bug #7033 (Duplicate): Hidden rule break the policy routing: Hello
I found a hidden rule who break the policy routing.
The rule :
pass out route-to ( lagg0_vlan2000 192.1... Maxence Sartiaux

12/22/2016

07:02 PM Bug #7003: autoboot_delay on 2.4.0: Am I correct that this is only set during install and we have to set it manually if already installed? Wouldn't it ge... Ken Sim
06:07 PM pfSense Packages Bug #7017: Squid NT Domain authentication is broken: Just removed this deprecated stuff in https://github.com/pfsense/FreeBSD-ports/pull/241. People should use LDAP for A... Kill Bill
05:14 PM Bug #7026 (Resolved): filter_logs.inc: parse_firewall_log_line(): Filter logs do not display: Thanks you Luiz. Anonymous
04:43 PM Bug #6981: IPv6, rc.newwanipv6, flooding log and resets connection periodically: Don't delete the DUID mid session, its pointless, dhcp6c will generate a new one, which means that your ISP then sees... Martin Wasley
09:18 AM Bug #6981: IPv6, rc.newwanipv6, flooding log and resets connection periodically: And I think it's important that this seems to be a problem with dhcp6c and NOT dhcp6d. Arno Gramatke
08:46 AM Bug #6981: IPv6, rc.newwanipv6, flooding log and resets connection periodically: I still have this issue. I am not sure whether this has to do with the watchdog at all. When I enable IPv6 from the w... Arno Gramatke
02:47 PM Bug #6318: IPsec dashboard widget causes GUI failure: This also affects Status > IPsec
We have access to a customer system that has 70 tunnels defined, and it happens e... Jim Pingle
02:42 PM pfSense Packages Bug #7028 (Resolved): Squid - all javascript broken by bootstrap conversion: Anonymous
02:41 PM pfSense Packages Bug #7028: Squid - all javascript broken by bootstrap conversion: Yeah, 0.4.28 behaves like it used to works on pfSense 2.2.x, all weirdness gone. Very cool. Thanks!!! Kill Bill
01:50 PM pfSense Packages Bug #7028: Squid - all javascript broken by bootstrap conversion: Can you describe"the weird behaviour" please? I don't see anything untoward. Also what Browser/OS are you using?
T... Anonymous
01:43 PM pfSense Packages Bug #7028: Squid - all javascript broken by bootstrap conversion: Well, that's kinda difficult to see with the package as is. :) What I did for testing was nuking all the "advanced" t... Kill Bill
01:27 PM pfSense Packages Bug #7028: Squid - all javascript broken by bootstrap conversion: I think that happens now. The XML fragment ... Anonymous
08:44 AM pfSense Packages Bug #7028: Squid - all javascript broken by bootstrap conversion: Steve Beaver wrote:
> Yep. Revised that yesterday. The Antivirus stuff appears to work as designed, but that design ... Kill Bill
07:14 AM pfSense Packages Bug #7028: Squid - all javascript broken by bootstrap conversion: Yep. Revised that yesterday. The Antivirus stuff appears to work as designed, but that design may not be ideal. It's ... Anonymous
01:11 PM Bug #7031 (Feedback): Cannot configure OpenVPN on a DHCP interface that has not received an IP address: PR has been merged, thanks! Renato Botelho
06:00 AM Bug #7031: Cannot configure OpenVPN on a DHCP interface that has not received an IP address: A suggested solution in PR https://github.com/pfsense/pfsense/pull/3306 Phillip Davis
05:54 AM Bug #7031 (Resolved): Cannot configure OpenVPN on a DHCP interface that has not received an IP address: If the interface that an OpenVPN server or client is being configured on uses DHCP and has not yet received an IP add... Phillip Davis
09:30 AM Todo #7032 (Feedback): Make a lack of ALTQ-capable interfaces more obvious to the user: Applied in changeset commit:aa64bb6565db2f788846eee9a62bccde280a605a. Jim Pingle
09:18 AM Todo #7032 (Resolved): Make a lack of ALTQ-capable interfaces more obvious to the user: On systems that do not have any assigned interfaces capable of using ALTQ, that fact is not make obvious enough to th... Jim Pingle
07:26 AM Feature #4821: PPPoE WANs do not take full advantage of NIC driver queues for receiving traffic: It still happens on 2.4, actually it's a little worse since it doesn't appear to transmit on the additional queues li... Jim Pingle

12/21/2016

06:42 PM pfSense Packages Bug #7028: Squid - all javascript broken by bootstrap conversion: OK, tested. The authentication tab works great. The antivirus stuff is quirky, will need to play with it. Most issues... Kill Bill
04:45 PM pfSense Packages Bug #7028: Squid - all javascript broken by bootstrap conversion: Should be there already Anonymous
04:41 PM pfSense Packages Bug #7028: Squid - all javascript broken by bootstrap conversion: Steve Beaver wrote:
> There was a bug in pkg_edit.php that was causing the \<onchange\> XML tag to be rendered incor... Kill Bill
04:30 PM pfSense Packages Bug #7028: Squid - all javascript broken by bootstrap conversion: Remember to update BOTH Squid from the package manager, AND the base system from the Update manager. Anonymous
04:21 PM pfSense Packages Bug #7028: Squid - all javascript broken by bootstrap conversion: Thanks, much appreciated! Will test with a new snapshot ASAP. Kill Bill
03:08 PM pfSense Packages Bug #7028 (Feedback): Squid - all javascript broken by bootstrap conversion: There were two issues: There was a bug in pkg_edit.php that was causing the \<onchange\> XML tag to be rendered incor... Anonymous
02:26 PM pfSense Packages Bug #7028: Squid - all javascript broken by bootstrap conversion: Thanks. Yours truly Santa. :-P Kill Bill
07:31 AM pfSense Packages Bug #7028: Squid - all javascript broken by bootstrap conversion: And a merry frickin' Christmas to you too :)
Looking at this now. Anonymous
03:58 AM pfSense Packages Bug #7028 (Resolved): Squid - all javascript broken by bootstrap conversion: Guys, there's this @squid_js.inc@ thing that used to do a lot of useful GUI work. It's completely no-op since the boo... Kill Bill
06:05 PM Bug #7027: Dynamic DNS dyndns.org no longer updates: Kill Bill wrote:
> Try with 2.3.3 snapshots.
Am using "2.3.3.a.20161220.0605" right now with same problems Tony Mace
04:15 AM Bug #7027: Dynamic DNS dyndns.org no longer updates: Try with 2.3.3 snapshots. Kill Bill
05:42 PM Bug #7026 (Feedback): filter_logs.inc: parse_firewall_log_line(): Filter logs do not display: It was broken only on 32bits platforms (ARM).
Fixed by: https://github.com/pfsense/FreeBSD-src/commit/aa25003286b4... Luiz Souza
11:15 AM Bug #7026 (Confirmed): filter_logs.inc: parse_firewall_log_line(): Filter logs do not display: That's right JimP, but seems like we have a regression... Luiz Souza
10:18 AM Bug #7026: filter_logs.inc: parse_firewall_log_line(): Filter logs do not display: Looks the same as #6919 Jim Pingle
01:17 PM pfSense Packages Feature #5434: Let's Encrypt pfSense support: Remove target. When PR is done and merged it's going to be available to stable versions Renato Botelho
01:16 PM Bug #5976 (Rejected): Load cryptodev as a kernel module: IPsec is builtin GENERIC kernel even in FreeBSD and it depends of crypto. This change doesn't make sense anymore Renato Botelho
12:55 PM pfSense Packages Bug #6983 (Resolved): pfBlockerNG-2.1.1_4 requires xmlrpc.inc which is removed or moved: Renato Botelho
12:46 PM pfSense Packages Bug #6983: pfBlockerNG-2.1.1_4 requires xmlrpc.inc which is removed or moved: Confirm: Fixed. Dmitriy K
12:45 PM Feature #7030 (New): New Feature Load Balance Per Amount Of GB: https://forum.pfsense.org/index.php?topic=122752.0 christian alfideo arminio
11:17 AM Feature #7029: GRE interfaces not available as SPAN port: It may be valid on Cisco but does it actually function on FreeBSD? That would be the real question. GRE doesn't handl... Jim Pingle
11:13 AM Feature #7029 (Closed): GRE interfaces not available as SPAN port: GRE interfaces are removed from all bridge port lists. It is valid to select a GRE port as a SPAN port destination (... Adam C
11:12 AM Bug #4766 (Feedback): "URL Table (IPs)" and "URL (IPs)" do not work when text file is hosted on a fresh install of pfSense: Fix committed.
Thanks! Luiz Souza
10:09 AM Bug #6882: bsnmpd uses all available CPU with hostres module active in some cases: Reproduced it on a stock FreeBSD 11 system.
Opened a bug report upstream: https://bugs.freebsd.org/bugzilla/show_b... Jim Pingle
08:10 AM Bug #6978 (Not a Bug): Squidguard error page crashing after activating WebGUI PFSENSE https security: squidGuard can't redirect to https that way, the user will get a nasty cert error and/or it won't work.
Setup an e... Jim Pingle
07:59 AM Bug #6978: Squidguard error page crashing after activating WebGUI PFSENSE https security: sry, squidguard instead dansguardian.
Squid uses port 3128 and webgui 8989. Paulo Lima

12/20/2016

09:30 PM Bug #7027 (Resolved): Dynamic DNS dyndns.org no longer updates: Have paid DynDNS.org service - used to work - do not know exactly when it quit but now get following error in system ... Tony Mace
09:21 PM Bug #7026: filter_logs.inc: parse_firewall_log_line(): Filter logs do not display: I'll take this one, this happens because of a change on a struct size. Luiz Souza
09:18 PM Bug #7026: filter_logs.inc: parse_firewall_log_line(): Filter logs do not display: 2.4 logs:
Dec 1 16:34:41 pfSense filterlog: 61,16777216,,12000,cpsw0,match,block,in,0,bad-hlen=0),0
Dec 1 16:39:1... Anonymous
07:11 PM Bug #7026 (Resolved): filter_logs.inc: parse_firewall_log_line(): Filter logs do not display: There is a problem with the format of the filter logs which is causing src/etc/inc/filter_logs.inc: parse_firewall_lo... Anonymous
09:13 PM Bug #6892 (Feedback): CARP VIPs Deleted entering CARP Maintenance Mode: v6 CARP addresses now works too: https://github.com/pfsense/FreeBSD-src/commit/580e1b6a1155103292e67771940801d8fe896f45 Luiz Souza
07:12 PM Bug #6892: CARP VIPs Deleted entering CARP Maintenance Mode: IPv4 was fixed by this commit: https://github.com/pfsense/FreeBSD-src/commit/77805aa5fa51dbd2ed0b6c363c6235c892caee76... Luiz Souza
01:31 PM Bug #7025: wizard.php?xml=setup_wizard.xml - Setup wizard is flagging valid LAN IP addresses as invalid: It happens to me on Firefox (50.1.0 on Linux) but I was using an SG-1000 when I confirmed it, as that's what the repo... Jim Pingle
01:26 PM Bug #7025 (Confirmed): wizard.php?xml=setup_wizard.xml - Setup wizard is flagging valid LAN IP addresses as invalid: This appears to be Chrome related. No problem on Safari or Firefox. Probably the Chrome pattern matching bug. Checkin... Anonymous
01:19 PM Bug #7025 (Resolved): wizard.php?xml=setup_wizard.xml - Setup wizard is flagging valid LAN IP addresses as invalid: Go through the setup wizard to the LAN configuration page, enter a valid IP address, click or tab out of the field an... Jim Pingle
12:00 PM Bug #6930 (Feedback): DHCP server should be disabled for /31 and /32: Applied in changeset commit:e66503688e06a8ce19875863ee87356bb4ce3cf8. Renato Botelho
11:10 AM Bug #6927 (Feedback): 1 to 1 NAT allows entry of mixed IP addresses: Applied in changeset commit:bcdf453402a2f742b2656cd59602250f062896ee. Phillip Davis
11:00 AM Todo #7021 (Feedback): system_advanced_network.php Deprecate/remove Device Polling on 2.4: Applied in changeset commit:dc5edc6e9840a53e6c7153414c1d0e1066efd058. Renato Botelho
10:40 AM Bug #6741 (Feedback): /etc/rc.initial does not trap CTRL-C back to console menu but rather to # prompt.: Applied in changeset commit:533f3160a46672e3cf74f6fd1af952f966ae5b06. Renato Botelho
10:35 AM Feature #6728 (Needs Patch): Route53 API mod and Geolocation: Target to future while we wait for the patch Renato Botelho
10:31 AM Todo #6998: Create a port for simplepie to keep it updated and use modular version: Convert code to use modular version of simplepie instead of static file Renato Botelho
10:22 AM Bug #4766: "URL Table (IPs)" and "URL (IPs)" do not work when text file is hosted on a fresh install of pfSense: https://192.168.1.1/firewall_aliases.php?tab=all
In URL you must to use same hostname on self-signed certificate. ... Marcelo Matos
10:08 AM Todo #3734 (Resolved): Remove PHP static pear modules from repo and use ports: Moving radius.inc change to a new ticket (#7024) Renato Botelho
10:07 AM Todo #7024 (Resolved): Replace copy of radius.inc by pear-Auth_RADIUS: Replace copy of radius.inc, with a good number of modifications, by pear-Auth_RADIUS provided by ports Renato Botelho
10:04 AM Bug #7023 (Rejected): dhclient: You are probably talking about this forum thread - https://forum.pfsense.org/index.php?topic=116487.0
I post an an... Renato Botelho
06:20 AM Bug #7023 (Rejected): dhclient: One of my testers has a site in France, the dhclient needs to send extra options ( Orange France ). Apparently there ... Martin Wasley
07:29 AM pfSense Packages Bug #7022 (Not a Bug): HAproxy action sequence bug: Jim Pingle
06:22 AM pfSense Packages Bug #7022: HAproxy action sequence bug: Yes, it is supposed to be always below the actions, I even linked the code and stated it explicitly. Dunno which part... Kill Bill
05:41 AM pfSense Packages Bug #7022: HAproxy action sequence bug: Kill Bill wrote:
> Actually, no, there is no such bug. The redirect rules are ordered perfectly fine as declared. An... Vladimir Tiukhtin
05:00 AM pfSense Packages Bug #7022: HAproxy action sequence bug: Actually, no, there is no such bug. The redirect rules are ordered perfectly fine as declared. And there's nothing to... Kill Bill
04:16 AM pfSense Packages Bug #7022: HAproxy action sequence bug: Kill Bill wrote:
> Fix the "tes" typo to "test" perhaps? Use https://forum.pfsense.org/index.php?board=60.0 for help... Vladimir Tiukhtin
03:49 AM pfSense Packages Bug #7022: HAproxy action sequence bug: Fix the "tes" typo to "test" perhaps? Use https://forum.pfsense.org/index.php?board=60.0 for help, Redmine is for bugs. Kill Bill
03:11 AM pfSense Packages Bug #7022 (Not a Bug): HAproxy action sequence bug: Web interface generate wrong action sequence in HAproxy config. See screenshots Vladimir Tiukhtin
05:45 AM pfSense Packages Bug #6950 (Feedback): Auto Config Backup always reports success: PR has been merged. Thanks! Renato Botelho
05:39 AM pfSense Packages Bug #6983 (Feedback): pfBlockerNG-2.1.1_4 requires xmlrpc.inc which is removed or moved: 2.1.1_5 should address this Renato Botelho

12/19/2016

06:37 PM pfSense Packages Bug #6356 (Resolved): Snort - missing protocol in port scan detection: Renato Botelho
06:03 PM pfSense Packages Bug #6356: Snort - missing protocol in port scan detection: Been merged/fixed long time ago. Can be closed. Kill Bill
06:36 PM Bug #6997 (Resolved): DHCP/DHCPv6 server GUI should be accessible even if DHCP relay is enabled: Renato Botelho
05:52 PM Bug #6997: DHCP/DHCPv6 server GUI should be accessible even if DHCP relay is enabled: Works, thanks! 8-) Kill Bill
02:53 PM Todo #6889 (Resolved): Improve router mode help text: Kill Bill text reformatted to take up less screen space. Thanks KB. Anonymous
01:07 PM Todo #7021 (Resolved): system_advanced_network.php Deprecate/remove Device Polling on 2.4: Given the other changes on 2.4 (e.g. dropping i386), it may also be time to remove the polling option from /usr/local... Jim Pingle
10:56 AM Bug #6959 (Resolved): Remove or rename "LiveCD" option in the 2.4 installer: Done Renato Botelho
09:44 AM Bug #7020 (Duplicate): <Hostname> is omitted when sending logs on syslog: When sending "filterlog" over syslog the standard defined in https://doc.pfsense.org/index.php/Filter_Log_Format_for_... Idar Lund
08:48 AM pfSense Packages Bug #4034 (Resolved): AutoConfigBackup - user-config-readonly priv still does backup: Confirmed as fixed. A user with the Deny Config Write privilege won't trigger a new ACB entry on save. Jim Pingle
08:39 AM Bug #6990: DDNS IPs not updating after a system restart: Jim Pingle wrote:
> Nothing unusual in the settings, look for anything related to Dynamic DNS in the main system log... Muchacha Grande
07:48 AM Bug #6990: DDNS IPs not updating after a system restart: Nothing unusual in the settings, look for anything related to Dynamic DNS in the main system log, are there any error... Jim Pingle
06:18 AM Bug #6990: DDNS IPs not updating after a system restart: Jim Pingle wrote:
> Not nearly enough detail.
>
> What are the exact types and services used in your Dynamic DNS ... Muchacha Grande
06:00 AM Bug #6915 (Feedback): unbound logging not working after reboot or "Reset log files": PR has been merged Renato Botelho
05:55 AM pfSense Packages Feature #3303 (Feedback): Allow quagga ospf stub, not so stub and totally stub areas: PR has been merged Renato Botelho
05:49 AM pfSense Packages Feature #556 (Feedback): siproxd: add carp virtual IPs as interface candidates: PR merged Renato Botelho

12/18/2016

03:18 PM pfSense Packages Feature #556: siproxd: add carp virtual IPs as interface candidates: In case you are still waiting... https://github.com/pfsense/FreeBSD-ports/pull/235
LOLz. Kill Bill
08:24 AM Feature #6914: unbound access-control lists: https://github.com/pfsense/pfsense/pull/3291 Kill Bill
05:45 AM Todo #6689: Add enable link to Status > UPnP & NAT-PMP error message if disabled: https://github.com/pfsense/pfsense/pull/3290 Kill Bill
04:34 AM Todo #6889: Improve router mode help text: I got annoyed once again by having to look up what the modes do in the PHP code, so did a PR:
https://github.com/p... Kill Bill

12/17/2016

10:10 PM Bug #7019 (Feedback): XSS issues in captive portal status pages: Applied in changeset commit:ac90c9012453c7e81ff0d0b472a55b116866c56e. Jim Pingle
10:07 PM Bug #7019 (Resolved): XSS issues in captive portal status pages: The zone parameter needs better validation/encoding on the captive portal status pages, and the 'order' parameter on ... Jim Pingle
06:57 PM pfSense Packages Bug #3380 (Not a Bug): FreeRadius-User-Option "Expiration Date" kills the FreeRadius-Server: Jim Pingle
06:10 PM pfSense Packages Bug #3380: FreeRadius-User-Option "Expiration Date" kills the FreeRadius-Server: Did you read the field description and the error message?
> Enter the date when this account should expire. *Forma... Kill Bill
05:58 PM pfSense Packages Bug #6805 (Duplicate): Freeradius + OTP sometimes auth failed when auth openvpn.: Probably fixed with #6900 anyhow. Closing. Jim Pingle
12:06 PM pfSense Packages Bug #6805: Freeradius + OTP sometimes auth failed when auth openvpn.: Not even remotely enough info here to debug anything. Please, move to https://forum.pfsense.org/ until you have a con... Kill Bill
05:37 PM pfSense Packages Bug #6456: vm-bhyve not correctly detecting the modules in kernel: Jose Luis Duran wrote:
> This was fixed in vm-bhyve v0.12.3.
>
> (https://github.com/churchers/vm-bhyve/commit/a7... Kill Bill
03:45 PM Bug #7018: DHCP packets replicated on non-DHCP relay interface: No idea what's the bug here (the requests are relayed from the configured interfaces to the network where's the confi... Kill Bill
01:53 PM Bug #7018 (Closed): DHCP packets replicated on non-DHCP relay interface: When enabling DHCP relay for the following networks:
LAN: 192.168.2.0
PUBLIC: 192.168.4.0
But not on:
Se... Jan Eagleman
09:07 AM pfSense Packages Bug #6950: Auto Config Backup always reports success: Well, actually there's _some_ output needed no matter what, to provide some indication that the Backup button works. ... Kill Bill
08:31 AM pfSense Packages Bug #6950: Auto Config Backup always reports success: I just removed the misleading "success" noise as part of https://github.com/pfsense/FreeBSD-ports/pull/234 - as noted... Kill Bill
07:54 AM pfSense Packages Bug #4034: AutoConfigBackup - user-config-readonly priv still does backup: Well I think this bug is gone since this commit (which disabled the unwanted duplicated backups as well) - https://gi... Kill Bill
07:48 AM pfSense Packages Feature #4055 (Rejected): Enable area authentication from GUI: Jim Pingle
04:53 AM pfSense Packages Feature #4055: Enable area authentication from GUI: Works just fine with the GUI as well, cf. https://github.com/pfsense/FreeBSD-ports/blob/devel/net/pfSense-pkg-Quagga_... Kill Bill
07:16 AM pfSense Packages Feature #6951: Disable Auto Config Backup without uninstalling: https://github.com/pfsense/FreeBSD-ports/pull/234 Kill Bill
06:16 AM Bug #6852: Commit 8f86722 breaks DHCPv6 leases status page: only ipv6 that i get to show up is static mappings so I attached requested file currently on 2.3.3-DEVELOPMENT (amd6... Michael Kellogg
04:31 AM pfSense Packages Bug #5732: Qagga: Different output in ospfd.conf based on order of interfaces.: The description here makes no sense. I'd suggest to post some configuration screenshots with the interfaces configura... Kill Bill
03:33 AM pfSense Packages Feature #3303: Allow quagga ospf stub, not so stub and totally stub areas: Renato Botelho wrote:
> Please send it as using github pull request on https://github.com/pfsense/pfsense-packages r... Kill Bill

12/16/2016

06:45 PM pfSense Packages Bug #6616 (Duplicate): Client Export list empty when using intermediate CA: Jim Pingle
06:26 PM pfSense Packages Bug #6616: Client Export list empty when using intermediate CA: This works just fine here with 2.3.3, sounds like duplicate of Bug #2800. Kill Bill
06:12 PM Bug #6915: unbound logging not working after reboot or "Reset log files": The "reset log files" issue should be fixed by https://github.com/pfsense/pfsense/pull/3284
As for unbound logging... Kill Bill
06:07 PM pfSense Packages Bug #6061 (Closed): stunnel package update request: Jim Pingle
05:33 PM pfSense Packages Bug #6061: stunnel package update request: 2.2.x packages are not maintained. PR for stunnel package on 2.3+ is @ https://github.com/pfsense/FreeBSD-ports/pull/... Kill Bill
06:07 PM pfSense Packages Bug #6060 (Closed): stunnel certs tab does update cert tab: Jim Pingle
05:33 PM pfSense Packages Bug #6060: stunnel certs tab does update cert tab: 2.2.x packages are not maintained. PR for stunnel package on 2.3+ is @ https://github.com/pfsense/FreeBSD-ports/pull/... Kill Bill
05:48 PM pfSense Packages Feature #6436: Add Stunnel binaries to the pfSense repository: Adding the PR for reference: https://github.com/pfsense/FreeBSD-ports/pull/135
Kill Bill
05:46 PM Bug #6363: AutoConfigBackup Restore Actions column missing due to long XMLRPC sync merge strings in the configuration description: Hmmm, wraps into multiple lines just fine here.
!https://s29.postimg.org/8064c051j/Screenshot_ACB.png! Kill Bill
02:42 PM pfSense Packages Bug #7017 (Resolved): Squid NT Domain authentication is broken: Relevant forum thread: https://forum.pfsense.org/index.php?topic=113667.0; the method used for Squid 3.3 does no long... Kill Bill
02:26 PM Bug #6982: Nested Aliases with FQDNs do not populate parent table in some cases: I'll work on it Renato Botelho
01:44 PM Feature #7016 (Resolved): system_information_widget.php - Indicate adaptive state timeout status when active: It would be helpful to show the user that pf has enabled adaptive state timeout scaling when it kicks in.
Some sam... Jim Pingle
11:43 AM Bug #7015 (Resolved): IPsec not working behind NAT: @luiz has the details, looks like a ESP fragment but it creates odd state with unknown IP address like:
enc0 icmp ... Renato Botelho
11:14 AM Bug #7013: Changing group scope to remote does not remove it from group file: Well, there's obviously much more wrong here, this actually requires a reboot to take effect. Also, adding/removing u... Kill Bill
09:06 AM Bug #6702 (Resolved): Command Prompt syntax error and crash detection report: Yeah that's part is good to stay, what still annoys me is that you get a notice from it (alert bell, e-mail notificat... Jim Pingle
08:48 AM Bug #6702: Command Prompt syntax error and crash detection report: Yup, works. (As for the error being shown in "PHP Response", I think that's OK and should actually stay, it's useful.) Kill Bill
08:30 AM Bug #6702: Command Prompt syntax error and crash detection report: Applied in changeset commit:45bcbee917920238248a2486a2742e3ff327b309. Jim Pingle
08:28 AM Bug #6702: Command Prompt syntax error and crash detection report: Pushed a small change so that it will at least not offer to submit a crash report. Jim Pingle
05:16 AM Bug #6702: Command Prompt syntax error and crash detection report: Well I think what was meant here is that pasting random potentially broken junk to Diagnostics - Command Prompt for t... Kill Bill
08:28 AM pfSense Packages Bug #1620: Can't use transparent proxy when using bridge.: I have no intention setting up bridges to test with transparent Squid. My understanding is that when the interface is... Kill Bill
08:06 AM pfSense Packages Bug #6182: HAProxy not supporting ALPN: Pi Ba wrote:
> Is it possible to make changes to existing ports makefiles?
See this and replace with < 1100000?
... Kill Bill
07:32 AM Bug #7014: inbound connections do not get through whilst using openvpn: Thanks posted on forum few weeks back but got no response
thanks for the detailed bug that does sound similar wel... r m
06:45 AM Bug #7014 (Rejected): inbound connections do not get through whilst using openvpn: Not enough usable info here. Please "post on the forum":https://forum.pfsense.org/index.php?board=69.0 with much more... Jim Pingle
06:15 AM Bug #7014: inbound connections do not get through whilst using openvpn: openvpn not opendns r m
04:29 AM Bug #7014 (Rejected): inbound connections do not get through whilst using openvpn: when using openvpn, inbound traffic is not received and do not get passed to the intended device,
when you turn o... r m
07:11 AM Bug #7012: scponly shipped with pfSense does not work with Linux scp: Jim Pingle wrote:
> Yeah it would need some extra bits but that can all be done by hand if the user really wants it,... Kill Bill
06:42 AM pfSense Packages Bug #6489 (Not a Bug): Squid Reverse Proxy: Deleting an entry on the "Redirects" tab does not reload config: Jim Pingle
05:34 AM pfSense Packages Bug #6489: Squid Reverse Proxy: Deleting an entry on the "Redirects" tab does not reload config: No idea how to reproduce. On save, squid_resync() is called [1] which in turn calls squid_resync_reverse() [2] which ... Kill Bill
06:41 AM pfSense Packages Bug #6632 (Resolved): siproxd hosts_allow_reg should be configurable: Jim Pingle
05:04 AM pfSense Packages Bug #6632: siproxd hosts_allow_reg should be configurable: Done with 1.1.3 (https://github.com/pfsense/FreeBSD-ports/pull/147), can be closed. Kill Bill
06:40 AM pfSense Packages Bug #6654 (Resolved): siproxyd Table issue: Jim Pingle
05:01 AM pfSense Packages Bug #6654: siproxyd Table issue: Fixed with 1.1.3 (https://github.com/pfsense/FreeBSD-ports/pull/147), can be closed. Kill Bill
06:38 AM pfSense Packages Bug #6999 (Resolved): ntopng missing preferences menu: Renato Botelho
04:54 AM pfSense Packages Bug #6999: ntopng missing preferences menu: Works. Kill Bill

12/15/2016

09:49 PM Bug #6308 (Resolved): TFTP Proxy can't be turned off: Jim Pingle
07:32 PM Bug #6308: TFTP Proxy can't be turned off: Works, log noise gone. Yay! Kill Bill
10:50 AM Bug #6308 (Feedback): TFTP Proxy can't be turned off: Applied in changeset commit:0917101a0c0c4d611eeb41c2d3ee49062d52a2e9. Jim Pingle
10:46 AM Bug #6308: TFTP Proxy can't be turned off: To me, I've got a fix coming. Jim Pingle
09:49 PM Bug #7012 (Resolved): scponly shipped with pfSense does not work with Linux scp: Thanks for testing! Jim Pingle
07:28 PM Bug #7012: scponly shipped with pfSense does not work with Linux scp: Jim Pingle wrote:
> I pushed a change to fix the options up so it'll come through with the next update. pkg is smart... Kill Bill
08:53 AM Bug #7012: scponly shipped with pfSense does not work with Linux scp: Agree. I might do a PR eventually when I get bored.
(All this also could be done with OpenSSH "natively", but it s... Kill Bill
08:21 AM Bug #7012: scponly shipped with pfSense does not work with Linux scp: Yeah it would need some extra bits but that can all be done by hand if the user really wants it, it doesn't hurt to h... Jim Pingle
08:19 AM Bug #7012: scponly shipped with pfSense does not work with Linux scp: Yeah, thanks. I'll test in a while. (As for the chroot, that's going to need some pfSense code changes - adding a sep... Kill Bill
08:03 AM Bug #7012: scponly shipped with pfSense does not work with Linux scp: I pushed a change to fix the options up so it'll come through with the next update. pkg is smart enough to pick up th... Jim Pingle
07:40 AM Bug #7012 (Feedback): scponly shipped with pfSense does not work with Linux scp: Applied in changeset commit:ef76f693c54b01b40666a41dbf82be70f9379718. Jim Pingle
05:04 AM Bug #7012: scponly shipped with pfSense does not work with Linux scp: Session output with SCP (broken):... Kill Bill
04:54 AM Bug #7012 (Resolved): scponly shipped with pfSense does not work with Linux scp: Dunno guys how you compiled this, but scp does not work. Never worked in fact, as discussed at https://forum.pfsense.... Kill Bill
08:20 AM Bug #6099: igmpproxy does not recognize upstream interface: Dear Maintainers,
@Jorge M. Oliveira, thank you for your work to fix this issues.
I'm using the igmpproxy to co... Harald Gutmann
08:08 AM Bug #6852: Commit 8f86722 breaks DHCPv6 leases status page: If it breaks for you, please include the relevant portions of dhcpd6.leases that break it, or the entire file if poss... Jim Pingle
05:38 AM Bug #7013 (Resolved): Changing group scope to remote does not remove it from group file: If I understand things correctly, after implementing Bug #6012 the groups with scope set to "Remote" are not supposed... Kill Bill

12/14/2016

07:57 PM Bug #6852: Commit 8f86722 breaks DHCPv6 leases status page: This also just happened to me. There is more info when analyzing the stderr output from awk, or running the sed/awk c... Brenton Rothchild
12:04 PM Feature #7011 (Resolved): Retain vendor MAC address at power up: There are circumstances where it is desirable to be able to read the vendor's MAC addresses on an interface, even if ... Anonymous
11:34 AM Bug #6132 (Feedback): race condition in OpenVPN startup: PR has been merged Renato Botelho
10:18 AM Bug #6940 (Duplicate): OpenVPN management socket not listening after bootup / cannot restart the service.: Duplicate of #6132 Renato Botelho
09:10 AM Bug #7003 (Feedback): autoboot_delay on 2.4.0: Applied in changeset commit:788f1c3bee47b409a357ec19750fb958a5397938. Renato Botelho
08:54 AM pfSense Packages Bug #7009: syslog_ng Log Viewer page didn't get converted to the new 2.3 bootstrap: https://github.com/pfsense/FreeBSD-ports/pull/278 Kill Bill
08:53 AM Bug #6997 (Feedback): DHCP/DHCPv6 server GUI should be accessible even if DHCP relay is enabled: Both PRs merged, thanks! Renato Botelho
07:15 AM Bug #4689 (New): Panic/Crash "sbflush_internal: cc 4294967166 || mb 0 || mbcnt 0": This is still happening to customers on 2.3.2-p1, so the imported patch didn't fix the problem. Jim Pingle
06:30 AM Bug #6981: IPv6, rc.newwanipv6, flooding log and resets connection periodically: @Kill Bill: Deactivating watchdog solves my issue. It realy seems to make some trouble running it at moment. Especail... Marcel Mayer

12/13/2016

01:57 PM Bug #7010 (Resolved): Problem Syncing IP Aliases on Localhost on HA cluster: Renato Botelho
01:54 PM Bug #7010: Problem Syncing IP Aliases on Localhost on HA cluster: Looks good here. Thanks. Chris Linstruth
01:30 PM Bug #7010 (Feedback): Problem Syncing IP Aliases on Localhost on HA cluster: Applied in changeset commit:5fda51cd2af8a099b89f35439343744dbe981fa1. Jim Pingle
01:10 PM Bug #7010: Problem Syncing IP Aliases on Localhost on HA cluster: Steps to reproduce:
Create HA cluster:
Add IP Alias VIP to Localhost on Primary. Save/Apply
Results: IP Alia... Chris Linstruth
12:57 PM Bug #7010 (Resolved): Problem Syncing IP Aliases on Localhost on HA cluster: IP Alias VIPs can be added to Localhost on primary node and are properly XMLRPC synced to secondary's configuration.
... Chris Linstruth
12:51 PM pfSense Packages Bug #7009 (Resolved): syslog_ng Log Viewer page didn't get converted to the new 2.3 bootstrap: It is not as noticeable on the default theme, but shows up on the dark theme.
page url: syslog-ng_log_viewer.php Jared Dillard
08:25 AM Bug #6223: IPsec + OpenBGPD fails with "PF_KEY socket: No buffer space available": As long as you're logging things, dump the output from @/usr/bin/netstat -s -ppfkey@ as well to see if the errors in ... Jim Pingle
07:54 AM Bug #6223: IPsec + OpenBGPD fails with "PF_KEY socket: No buffer space available": I've created a little patch to the ipsecmon.sh file to actually log the output using logger, and made it a little eas... James Cornman
07:40 AM Bug #6997: DHCP/DHCPv6 server GUI should be accessible even if DHCP relay is enabled: https://github.com/pfsense/pfsense/pull/3274 addresses the DHCP (v6) Server part. Phillip Davis
04:20 AM Bug #6997: DHCP/DHCPv6 server GUI should be accessible even if DHCP relay is enabled: Phillip Davis wrote:
> Some fixups/enhancements to Status DHCP Leases in https://github.com/pfsense/pfsense/pull/327... Kill Bill
03:54 AM Bug #6997: DHCP/DHCPv6 server GUI should be accessible even if DHCP relay is enabled: Some fixups/enhancements to Status DHCP Leases in https://github.com/pfsense/pfsense/pull/3273
If DHCP Server is dis... Phillip Davis
01:13 AM Bug #6997: DHCP/DHCPv6 server GUI should be accessible even if DHCP relay is enabled: https://github.com/pfsense/pfsense/pull/3271 addresses the DHCP (v4) Server part. Phillip Davis
07:35 AM Bug #6981: IPv6, rc.newwanipv6, flooding log and resets connection periodically: The only thing that the watchdog does is setting up a cronjob which in turn checks every minute whether configured se... Kill Bill
06:19 AM Bug #6981: IPv6, rc.newwanipv6, flooding log and resets connection periodically: I think System Watchdog needs some dusting off. I stopped using it a while ago as it seems to cause more problems tha... → luckman212
12:57 AM Bug #6981: IPv6, rc.newwanipv6, flooding log and resets connection periodically: That now looks pretty normal. Martin Wasley
01:41 AM Bug #6406: Web process becomes unresponsive producing 502 Bad Gateway nginx: Well, to me it started to happen when I readded the "Traffic Graphs" widget. It never happened before without that. Michele Di Maria

12/12/2016

03:33 PM Bug #7004: [2.3.3] NAT no longer respects interface selection: Screenshot is fixed.
It may seem absurd to you but what else should it do? There isn't any programmatic way for it... Jim Pingle
03:26 PM Bug #7004: [2.3.3] NAT no longer respects interface selection: The resolver is answering queries just fine on LAN. Until you set up a NAT rule on WLAN. Sorry, but this behavior is ... Kill Bill
03:07 PM Bug #7004: [2.3.3] NAT no longer respects interface selection: There isn't anything to fix. Logically, it's acting as intended. That's what NAT reflection does -- it redirects anyt... Jim Pingle
03:03 PM Bug #7004: [2.3.3] NAT no longer respects interface selection: Well perhaps this should be left open till it's somehow fixed, sending packets coming from completely unrelated inter... Kill Bill
02:55 PM Bug #7004 (Not a Bug): [2.3.3] NAT no longer respects interface selection: The extra interfaces are coming from NAT reflection and it doesn't appear to be a regression, but a quirk of having r... Jim Pingle
01:21 PM Bug #7004: [2.3.3] NAT no longer respects interface selection: !https://s23.postimg.org/53zzev93f/Screenshot.png! Kill Bill
01:19 PM Bug #7004: [2.3.3] NAT no longer respects interface selection: What options do you have configured for NAT Reflection under System > Advanced, Firewall & NAT? Jim Pingle
12:55 PM Bug #7004: [2.3.3] NAT no longer respects interface selection: The rule from config.xml:... Kill Bill
12:13 PM Bug #7004 (Feedback): [2.3.3] NAT no longer respects interface selection: I can't reproduce this on current snapshots with 2.3.3 or 2.4, can you show the XML for that rule in config.xml? And ... Jim Pingle
06:24 AM Bug #7004: [2.3.3] NAT no longer respects interface selection: Doing this from *LAN* machine (remember, the redirection is supposed to happen on *WLAN*):... Kill Bill
06:19 AM Bug #7004 (Not a Bug): [2.3.3] NAT no longer respects interface selection: Dunno guys when this regressed, however NAT rules apply on ALL interfaces, no matter what you select. Say, you follow... Kill Bill
02:48 PM Feature #7007: Change default IPsec/strongswan log levels: Those are a different story entirely and unrelated to this at all. See #4227 (If you set "Networking" and "Message E... Jim Pingle
01:54 PM Feature #7007: Change default IPsec/strongswan log levels: Any attempts on tweaks useful for debugging here are completely useless while IPsec log is being flooding with tons o... Kill Bill
01:46 PM Feature #7007 (Resolved): Change default IPsec/strongswan log levels: It is usually beneficial to set IKE SA, IKE Child SA, and Configuration Backend to logging level "Diag" when troubles... Chris Linstruth
02:40 PM Bug #7002 (Feedback): OpenVPN unable to use authentication server with ampersand in descriptive name: Applied in changeset commit:c165a17e0225f09afb4882d360ba086f629f2b77. Jim Pingle
02:30 PM Bug #7008 (Feedback): OpenVPN sever unable to authenticate users on 2.4: Applied in changeset commit:e719538c01cde5c444255941655a54134c68f16b. Jim Pingle
02:24 PM Bug #7008 (Resolved): OpenVPN sever unable to authenticate users on 2.4: On 2.4, OpenVPN is unable to authenticate local or remote users. The logs show that the user authenticates successful... Jim Pingle
12:50 PM Bug #6976 (Feedback): Interface group and alias with same name creates firewall syntax error: Applied in changeset commit:7ec6e2831fe56514e90fcbd2beb5af52b7054ab6. Renato Botelho
07:06 AM Bug #6976: Interface group and alias with same name creates firewall syntax error: I'll handle it Renato Botelho
12:49 PM Bug #6981: IPv6, rc.newwanipv6, flooding log and resets connection periodically: DNS Resolver/General - Network Interfaces and Outgoing interfaces = both are set to "All"
Removed dhcpd from monit... Marcel Mayer
07:00 AM Bug #6981: IPv6, rc.newwanipv6, flooding log and resets connection periodically: What do you have selected in DNS Resolver/General - Network Interfaces and Outgoing interfaces? Martin Wasley
06:44 AM Bug #6981: IPv6, rc.newwanipv6, flooding log and resets connection periodically: Some confusing log entrys are still there. See attached file. Marcel Mayer
12:40 PM Bug #7001 (Feedback): Certificate manager requiring private key when importing CA certificate authority: Applied in changeset commit:6d40829b6905bf55c238bffc6c779e9bf063297f. Jim Pingle
12:00 PM Bug #7005 (Feedback): IPsec mss clamping not working for mobile clients: Applied in changeset commit:d4ed1bd9a86a23ff3d4baed97db32eb90cd21947. Jim Pingle
11:37 AM Bug #7005 (Confirmed): IPsec mss clamping not working for mobile clients: Confirmed. To me, I have a fix. Jim Pingle
08:13 AM Bug #7005 (Resolved): IPsec mss clamping not working for mobile clients: Doesn't look that mss-clamping is working on a IPsec mobile client setup.
1) In IPSec -> Advanced Settings -> Ena... Lars Pedersen
09:12 AM Bug #7006 (Not a Bug): radius authentication doesn't work: It works fine on current snapshots when properly configured. Post on the forum for help with your configuration. Jim Pingle
09:07 AM Bug #7006 (Not a Bug): radius authentication doesn't work: hello,
the remote authentication seems to be broken.
I configured my company Cisco ACS as authentication server (t... Giuanin Piemunteis
06:50 AM Feature #3971: IPv6 - Preserve the DUID used for WAN DHCP-PD in the configuration file: Added as part of PR #3262
Martin Wasley
05:54 AM pfSense Packages Bug #6999 (Feedback): ntopng missing preferences menu: PR has been merged, thanks! Renato Botelho
05:42 AM Bug #6391 (Feedback): View Current Portal Page goes to wrong URL: PR has been merged Renato Botelho
05:39 AM Bug #6997: DHCP/DHCPv6 server GUI should be accessible even if DHCP relay is enabled: One more thing I noticed - Status/DHCP(v6) Leases, on the contrary, is something that should not be accessible when D... Kill Bill
04:19 AM pfSense Packages Feature #6480: pfBlockerNG - add ability to force download of a list: Hi - would it be possible to revisit this please? The issue with the method proposed above is that, for a long list,... Andrew -
03:12 AM Feature #628: Ability to specify listen IP address of management services (SSH, web interface): Marlin Cremers wrote:
> Is there a way for me to at least look at this? Are there particular things I have to keep i... Kill Bill
02:38 AM Feature #628: Ability to specify listen IP address of management services (SSH, web interface): I would love to see this as I'm using pfSense as router and would like to disable the firewall to get greater perform... Marlin Cremers

12/11/2016

04:46 PM Bug #6985 (Resolved): NPt rules are causing a filter error on 2.4: Looks good on a current snapshot Jim Pingle
04:13 PM Bug #7003: autoboot_delay on 2.4.0: Most likely cause is that the setting isn't being put in place by the new installer Jim Pingle
12:46 PM Bug #7003 (Resolved): autoboot_delay on 2.4.0: It seems the autoboot_delay in loader.conf has been set/left at the default 10 seconds. It seems 2.3 and prior have a... Ken Sim
04:09 PM Bug #6850 (Resolved): FreeBSD 11.0 Route Syntax Change For Non-Local Gateway: Jim Pingle
02:18 PM Bug #6850: FreeBSD 11.0 Route Syntax Change For Non-Local Gateway: Everything seems to be working as expected now with that patch applied. I have played around with the gateways for ab... Ken Sim
10:37 AM Bug #6981: IPv6, rc.newwanipv6, flooding log and resets connection periodically: Found the solution for that.
The Leasetable hold two entries (no idea why). After deleting them, everything now work... Marcel Mayer
08:44 AM Bug #6981: IPv6, rc.newwanipv6, flooding log and resets connection periodically: What I found and confuses me are this lines in general log:
/rc.newwanipv6: The command '/usr/local/sbin/dhcpd -us... Marcel Mayer
08:25 AM Bug #6981: IPv6, rc.newwanipv6, flooding log and resets connection periodically: I started to do the test today and realised, that IPv6 is working for the moment without the described issue.
Used t... Marcel Mayer
09:06 AM pfSense Packages Bug #6999: ntopng missing preferences menu: https://github.com/pfsense/FreeBSD-ports/pull/226 Kill Bill
04:12 AM Bug #6997: DHCP/DHCPv6 server GUI should be accessible even if DHCP relay is enabled: Thanks, Phil. And yes, also when migrating the other way round (i.e., when moving your DHCP to pfSense), you want to ... Kill Bill

12/10/2016

11:49 PM Bug #6997: DHCP/DHCPv6 server GUI should be accessible even if DHCP relay is enabled: This looks not too hard to do, and will help those who would like to be able to see and manipulate disabled-DHCP-serv... Phillip Davis
11:06 PM Bug #7002 (Resolved): OpenVPN unable to use authentication server with ampersand in descriptive name: Add LDAP server in System/User Manager/Authentication Servers, include an ampersand in the Descriptive Name. Test aga... Anonymous
02:13 PM Bug #7001 (Resolved): Certificate manager requiring private key when importing CA certificate authority: Attempts to import just the public key portion of a certificate authority errors out because a private key is not pre... Chris Linstruth
12:55 PM Bug #1819: DNS Resolver Not Registering DHCP Server Specified Domain Name: Well nobody's assigned to it and it's a 5 year old ticket. Last few comments were from Chris and he works for Ubiquit... → luckman212
09:43 AM pfSense Packages Feature #7000 (Closed): ntopng historical data needs to be reworked: Reference:
- http://www.ntop.org/ntopng/exploring-historical-data-using-ntopng/
- http://www.ntop.org/ntopng/explor... Kill Bill
06:03 AM Bug #4310: Limiters + HA results in hangs on secondary: I updated a test cluster to a snapshot from a couple hours ago, which from the timestamp looks like it should have th... Jim Pingle
05:55 AM pfSense Packages Bug #6999: ntopng missing preferences menu: Unable to submit anything via GitHub (server error 500 since yesterday). If it works for someone:... Kill Bill
05:20 AM pfSense Packages Bug #6999 (Resolved): ntopng missing preferences menu: This is caused by the admin user not being a member of "administrator" group. Related forum thread: https://forum.pfs... Kill Bill

12/09/2016

11:24 PM Bug #4310: Limiters + HA results in hangs on secondary: 2.4 has a few new fixes for use-after-free pfsync states. The limiters issue is also fixed. Luiz Souza
11:11 PM pfSense Packages Bug #6983: pfBlockerNG-2.1.1_4 requires xmlrpc.inc which is removed or moved: Angel Torres, best to post in the forum for that... Not related to this issue..
Maybe this is causing your issue? ... BBcan177 .
10:49 PM Bug #6985: NPt rules are causing a filter error on 2.4: Fixed the parsing issue on pf (and reverted the workaround): https://github.com/pfsense/FreeBSD-src/commit/e4a708b0c1... Luiz Souza
05:21 PM pfSense Packages Bug #6987: ntopng needs Google API key for GeoIP map: Result after patching:
!https://s30.postimg.org/m3vi0pxy9/ntopng_geomap.png! Kill Bill
05:18 PM pfSense Packages Bug #6987: ntopng needs Google API key for GeoIP map: Well... this additionally need a patch to the ntopng port itself (basically the one from https://github.com/ntop/ntop... Kill Bill
03:51 PM pfSense Packages Bug #6987: ntopng needs Google API key for GeoIP map: Please, test the attached patch and report back. (Would like to submit a PR on GitHub, however the only thing that Gi... Kill Bill
02:30 PM Bug #6472 (Feedback): Disabling NAT (port forward) rule does not disable the associated firewall rule: Applied in changeset commit:be1bc233931122a67821bee7e02778f7c5138779. Renato Botelho
12:36 PM Todo #6998 (Resolved): Create a port for simplepie to keep it updated and use modular version: Simple build process:
Clone from https://github.com/simplepie/simplepie.git
run "php build/compile.php" from inside... Jim Pingle
12:26 PM Bug #6996 (Resolved): DHCP traffic getting blocked (still/again) with DHCP Relay enabled: Renato Botelho
12:22 PM Bug #6996: DHCP traffic getting blocked (still/again) with DHCP Relay enabled: Works, hooray! Thanks. Reminds me it's Friday -> time for some:
!http://cdn.pcwallart.com/images/homer-simpson-bee... Kill Bill
09:50 AM Bug #6996 (Feedback): DHCP traffic getting blocked (still/again) with DHCP Relay enabled: Applied in changeset commit:803c97685fef85f35a6cf781143259458486c34a. Renato Botelho
04:41 AM Bug #6996: DHCP traffic getting blocked (still/again) with DHCP Relay enabled: https://github.com/pfsense/pfsense/pull/3263 (kindly commit to 2.3.x as well). Thanks. Kill Bill
04:31 AM Bug #6996 (Resolved): DHCP traffic getting blocked (still/again) with DHCP Relay enabled: Exact same issue as Bug #4558. The traffic is getting blocked since $dhcrelaycfg is nowhere defined.
Kill Bill
09:54 AM Bug #6850: FreeBSD 11.0 Route Syntax Change For Non-Local Gateway: It works well for me now, I can run the route command by hand and also apply settings in the GUI. Assigning back to t... Jim Pingle
09:44 AM pfSense Packages Bug #6971 (Closed): Interfaces.php: "Reserved Networks" checkboxes not shown: This issue appears to be limited to FireFox, but also seems to be fixed on pfSense 2.3.3 and later. Anonymous
09:44 AM pfSense Packages Feature #4548 (Resolved): syslog-ng interface doesn't allow rule ordering: Renato Botelho
09:06 AM pfSense Packages Feature #4548: syslog-ng interface doesn't allow rule ordering: Works. Kill Bill
09:19 AM Bug #6997 (Resolved): DHCP/DHCPv6 server GUI should be accessible even if DHCP relay is enabled: So, I wanted to copy the DHCP static leases from the GUI. Cannot do, since all I get is _"DHCP Relay is currently ena... Kill Bill
09:17 AM pfSense Packages Bug #6047 (Resolved): syslog-ng does not logrotate: Renato Botelho
08:58 AM pfSense Packages Bug #6047: syslog-ng does not logrotate: All working now. Kill Bill
09:17 AM pfSense Packages Bug #4518 (Closed): Pfsense 2.2 squid3 + negotiate_kerberos_auth: Renato Botelho
08:57 AM pfSense Packages Bug #4518: Pfsense 2.2 squid3 + negotiate_kerberos_auth: 2.2.x packages are not maintained, please close. Kill Bill
06:17 AM Bug #6978: Squidguard error page crashing after activating WebGUI PFSENSE https security: 1/ Dansguardian does not even exist as a pfSense package in 2.3.x.
2/ Whatever are you doing there, you cannot have... Kill Bill
06:04 AM Bug #6978: Squidguard error page crashing after activating WebGUI PFSENSE https security: I believe in something about dansguardian
If I'm wrong, please close the ticket. Paulo Lima
06:03 AM Bug #6978: Squidguard error page crashing after activating WebGUI PFSENSE https security: I believe in something about dansguardian Paulo Lima

Also available in: Atom

Project

General

Profile

pfSense

Activity

Activity

01/07/2017

01/06/2017

01/05/2017

01/04/2017

01/03/2017

01/02/2017

01/01/2017

12/31/2016

12/30/2016

12/29/2016

12/28/2016

12/27/2016

12/26/2016

12/25/2016

12/24/2016

12/23/2016

12/22/2016

12/21/2016

12/20/2016

12/19/2016

12/18/2016

12/17/2016

12/16/2016

12/15/2016

12/14/2016

12/13/2016

12/12/2016

12/11/2016

12/10/2016

12/09/2016