Project

General

Profile

Activity

From 01/21/2017 to 02/19/2017

02/19/2017

05:07 PM Bug #7277 (Resolved): Drag/Drop a LAN Rule Followed by Save Makes Unwanted Changes
Anonymous
05:01 PM Bug #7277: Drag/Drop a LAN Rule Followed by Save Makes Unwanted Changes
Ah yes. That's much better. Thanks. NOYB NOYB
05:48 AM Bug #7277: Drag/Drop a LAN Rule Followed by Save Makes Unwanted Changes
You are right. - Sorry.
Working fix has now been pushed. Anonymous
02:11 PM Bug #1916 (Resolved): LDAP Authentication ignores user naming attribute
Jim Pingle
01:48 PM Bug #1916: LDAP Authentication ignores user naming attribute
Certainly works just fine now. Kill Bill
01:30 PM Feature #7204: Router Advertisements: Option to not advertise default routes
Sounds like another duplicate of Bug #6237 Kill Bill
01:29 PM Bug #6541: IPv6 RAs always include on-link prefix; clients may not use DHCPv6 managed addresses
Are you talking about this? Bug #6237
 Kill Bill
01:26 PM Feature #7284 (Resolved): NTPd Autoset GPS device baud rate
It would be nice to have the option to attempt to auto configure the baud rate for a GPS device.
Useful if you don't... Jack Booth
01:24 PM Bug #6408 (Duplicate): NTP ACL settings page can't be updated
Jim Pingle
01:21 PM Bug #6408: NTP ACL settings page can't be updated
Duplicate of Bug #6454 and already fixed. Kill Bill
01:23 PM Bug #6418 (Resolved): NTP changes for system.inc
Yeah that's been correct for a while.
Fixed by commit:daed7646d7e8e5d555676299ce660408b490ef81 from PR https://githu... Jim Pingle
01:15 PM Bug #6418: NTP changes for system.inc
Jos van de Ven wrote:
> There is a bug in system.inc in generating the custom access restrictions:
>
> [...]
> T... Kill Bill
01:19 PM pfSense Packages Bug #7283 (Duplicate): Update ntopng to 2.4.2017.01.20
Jim Pingle
01:11 PM pfSense Packages Bug #7283: Update ntopng to 2.4.2017.01.20
Apologies - I did check, but missed it. This is a duplicate of #7247. Andrew -
01:08 PM pfSense Packages Bug #7283 (Duplicate): Update ntopng to 2.4.2017.01.20
Hi. There's an updated port of ntopng available - 2.4.2017.01.20_1 - see https://www.freshports.org/net/ntopng
Ple... Andrew -
01:18 PM Bug #6666 (Duplicate): IPV6 Log Spam?
Jim Pingle
12:58 PM Bug #6666: IPV6 Log Spam?
Rick Strangman wrote:
> Does this mean that the DHCVP daemon is restarting every 2 seconds or is it just log file sp... Kill Bill
12:58 PM Bug #7076 (Duplicate): Packets accepted by IP but rejected because "Allow IP options" is disabled are not logged
See #4383 Jim Pingle
12:45 PM Bug #7076: Packets accepted by IP but rejected because "Allow IP options" is disabled are not logged
Sorry, but this is on purpose. See https://redmine.pfsense.org/issues/4383
(Certainly a whole LOT worse the other ... Kill Bill
12:56 PM Bug #6854 (Rejected): webconfig error with LDAP authenticated users for certmgr
There isn't any reason that section would act differently. If someone manages to reproduce it, start a forum thread t... Jim Pingle
12:17 PM Bug #6854: webconfig error with LDAP authenticated users for certmgr
-1. I've been creating CAs and certs with AD "Administrator" user logged in, for years. Certainly not reproducible as... Kill Bill
12:11 PM Bug #6862: mode 0444 for /var/etc/cert.crt leads to nginx crit error: 13: Permission denied
https://github.com/pfsense/pfsense/pull/3560 Kill Bill
11:29 AM Bug #7112 (Resolved): Traffic Graphs resets graph when browser tab changes
Jim Pingle
11:27 AM Bug #7112: Traffic Graphs resets graph when browser tab changes
Merged in 2.3.3 and 2.4, can be closed. Kill Bill
11:12 AM Bug #7265: Service dpinger does not start after upgrade from 2.3.3 to 2.4.0-Beta
Sorry for my delay. I was not at home these days.
I tried restarting the service. If I try to restart the service ... Philipp Haefelfinger
11:07 AM Bug #7282 (Closed): ESXi 6.5 SCSI errors on 2.4
No problems here with ESX 6.5.
Even if there were, that isn't an area we touch. Reproduce it with a stock FreeBSD ... Jim Pingle
10:43 AM Bug #7282 (Closed): ESXi 6.5 SCSI errors on 2.4
Installed the 20170219044210 build on my ESXi box, using the LSI Parallel driver and a single 8GB drive, and I'm gett... Demetrius Cassidy
10:53 AM Bug #4544: PD not requested if no interfaces set to track6
https://github.com/pfsense/pfsense/pull/3559 Kill Bill
10:42 AM Feature #7251: JavaScript & CSS are cached too aggressively by browsers, add URL fingerprint or other cache control mechanism
Works here as well. Yay, finally! Kill Bill
10:04 AM Feature #5850: Limit "WebCfg - System: User Manager page" privilege to non-admins and non-admin groups
I guess the system could limit a user1 with "WebCfg - System: User Manager page" privileges to be only able to grant ... Phillip Davis
07:50 AM Feature #7281 (New): OpenVPN: Add support for IPv6 dynamic prefix selection
When WAN is obtaining an IPv6 prefix that allows multiple prefix IDs (i.e. smaller than /64), allow selection of an I... Anonymous

02/18/2017

10:21 PM Bug #7277: Drag/Drop a LAN Rule Followed by Save Makes Unwanted Changes
Not fixed.
Not sure how $pconfig = $_POST would be expected to fix this. $pconfig is not used anywhere in firewal... NOYB NOYB
04:30 PM Bug #7277: Drag/Drop a LAN Rule Followed by Save Makes Unwanted Changes
Applied in changeset commit:7c40255c3a101e848580b22482d90022683b1c60. Anonymous
04:25 PM Bug #7277 (Feedback): Drag/Drop a LAN Rule Followed by Save Makes Unwanted Changes
Fixed.
Thanks for reporting. Anonymous
03:55 PM Bug #7277 (Resolved): Drag/Drop a LAN Rule Followed by Save Makes Unwanted Changes
Dragging and dropping a rule on the LAN tab to change order followed by a Save results in rules being duplicated on L... Chris Linstruth
08:11 PM pfSense Packages Bug #7278: Suricata Service - Advanced Configuration Pass-Through not working
Well the above should give you a hint on what to add where. LOL. :-P
This package is actively maintained by https:... Kill Bill
07:48 PM pfSense Packages Bug #7278: Suricata Service - Advanced Configuration Pass-Through not working
LMFAO~!
Is there a workaround you can suggest?
Thanks for the update!
Michael Strasner
07:21 PM pfSense Packages Bug #7278: Suricata Service - Advanced Configuration Pass-Through not working
OK... So, this is the code that's handling that in Snort:
https://github.com/pfsense/FreeBSD-ports/blob/devel/secur... Kill Bill
06:11 PM pfSense Packages Bug #7278: Suricata Service - Advanced Configuration Pass-Through not working
> This is just ... mess.
Interesting wording, that's what I thought of the feature.
Description
* Issue: A... Michael Strasner
05:07 PM pfSense Packages Bug #7278: Suricata Service - Advanced Configuration Pass-Through not working
Please, use the @pre@ button to post code/command output. This is just unreadable mess. Kill Bill
04:52 PM pfSense Packages Bug #7278 (Resolved): Suricata Service - Advanced Configuration Pass-Through not working
* Issue: *Advanced Configuration Pass-Through not working* under pfSense > Services > Suricata > Edit Interface Setti... Michael Strasner
07:30 PM Bug #7280 (Not a Bug): pfSense-CE-2.4.0 20170218 fails to boot in ESXi 6.5 host.
Jim Pingle
06:54 PM Bug #7280: pfSense-CE-2.4.0 20170218 fails to boot in ESXi 6.5 host.
Figured it out. It goes into a reboot loop if you set the boot option to boot from EFI instead of BIOS. The looping e... Demetrius Cassidy
06:44 PM Bug #7280 (Not a Bug): pfSense-CE-2.4.0 20170218 fails to boot in ESXi 6.5 host.
I just downloaded the latest nightly, pfSense-CE-2.4.0-BETA-amd64-20170218-1625.iso.gz, but attempting to install it ... Demetrius Cassidy
06:29 PM Bug #7279 (Duplicate): VLAN Trash Icon not working - Cannot delete VLAN entry
Duplicate of #7270 Jim Pingle
06:27 PM Bug #7279 (Duplicate): VLAN Trash Icon not working - Cannot delete VLAN entry
Hi,
Upon creating a test VLAN via Interfaces -> Assignments -> VLAN -> Add
I cannot remove the VLAN. I have inspe... James Webb
05:13 PM Feature #5850: Limit "WebCfg - System: User Manager page" privilege to non-admins and non-admin groups
Timon Esser wrote:
> privilege to manage only non-admins and certain groups.
That wouldn't make any sense as ther... Kill Bill
05:08 PM Feature #5813: Replacement of layer7 filter
Perhaps use Snort and OpenAppID. Kill Bill
05:03 PM Bug #5539 (Resolved): rc.firmware - cut does not cut it...
Jim Pingle
04:57 PM Bug #5539: rc.firmware - cut does not cut it...
/etc/rc.firmware and all the related code is gone from 2.4. Irrelevant bug. Kill Bill
04:39 PM Feature #5083: Allow bridge members to be hidden from menu
Duplicate of Feature #2386 (and yeah, it's extremely annoying.) Kill Bill
04:26 PM Bug #1629: invalid state table entries after WAN IP change
Luke Hamburg wrote:
> it's been removed?? Can anyone confirm?
No, not removed. Adding a relevant PR link:
htt... Kill Bill
04:23 PM Bug #4674: invalid state table entries after WAN IP change
Can someone look into this? Sounds to me like the ordering here is indeed just wrong.
 Kill Bill
04:12 PM Feature #4399: Expose more of the DNSSEC-related hardening options in the GUI
Unless someone wants to these to the GUI, this can be closed. Kill Bill
04:03 PM Bug #4218: Bridge does not have AUTO_LINKLOCAL flag
Can someone fix the misleading subject? If does have link-local IPv6 just fine here, what's missing is the AUTO_LINKL... Kill Bill
03:51 PM Feature #4154: Support for RADIUS authentication over IPv6
After wasting my time once again with hitting the same issue and seeing the total ignorance of the issue by PHP devs,... Kill Bill
03:45 PM Feature #7259 (Duplicate): Automatic Rollback of Unsucessful changes
Jim Pingle
03:21 PM Feature #7259: Automatic Rollback of Unsucessful changes
Duplicate of Feature #3895 Kill Bill
03:45 PM Feature #3393 (Resolved): AS filtering support in aliases
Jim Pingle
03:11 PM Feature #3393: AS filtering support in aliases
Creating aliases using AS numbers is available in pfBlockerNG. Kill Bill
03:44 PM Bug #3210 (Rejected): Upgrade to 2.1 fails: Something went wrong when trying to update the fstab entry
Jim Pingle
03:07 PM Bug #3210: Upgrade to 2.1 fails: Something went wrong when trying to update the fstab entry
Irrelevant bug, close please. Kill Bill
03:44 PM Feature #7242 (Duplicate): SSL Include CA Certs
Jim Pingle
03:34 PM Feature #7242: SSL Include CA Certs
Yeah, it's indeed a duplicate of Bug #4068 which at least describes the issue in a comprehensible way. Kill Bill
03:43 PM Bug #3139 (Closed): pkg-utils function stop_packages causes Syntax error bad fd number with more than one script file.
Jim Pingle
03:05 PM Bug #3139: pkg-utils function stop_packages causes Syntax error bad fd number with more than one script file.
Fixed with https://redmine.pfsense.org/projects/pfsense/repository/revisions/6186cdc4be779b37df38e875c76faa5f6d671baa... Kill Bill
02:56 PM Feature #2869 (Resolved): LDAP user authentication backend doesn't support membership lookups by querying the group
Yeah that's been in place for some time now Jim Pingle
02:55 PM Feature #2869: LDAP user authentication backend doesn't support membership lookups by querying the group
Not exactly sure what's missing here:
!https://i.imgsafe.org/8b4756c868.png!
 Kill Bill
02:51 PM Feature #2743 (Resolved): Add external interface selector to UPnP Settings
Jim Pingle
02:47 PM Feature #2743: Add external interface selector to UPnP Settings
Already done for quite some time. Close, please. Kill Bill
02:50 PM Feature #2687 (Resolved): Allow GIF interfaces to work with IP aliases
Jim Pingle
02:43 PM Feature #2687: Allow GIF interfaces to work with IP aliases
GIF can use IP aliases just fine with 2.3+. Kill Bill
02:49 PM Feature #2580 (Closed): Include AICCU
Jim Pingle
02:38 PM Feature #2580: Include AICCU
Can be just safely closed. No new sign-ups with SixXS since 2016.
https://www.sixxs.net/signup/
https://www.sixxs... Kill Bill
02:32 PM Bug #2247 (Resolved): Misleading security permission
Jim Pingle
02:23 PM Bug #2247: Misleading security permission
Merged, can be closed. Kill Bill
09:25 AM Feature #7275: Add help text for DNS Made Easy
Mentioning the Pull Request is good enough. I usually paste the whole link to it, like this:
https://github.com/pfse... Phillip Davis
07:52 AM Bug #7276: 2.3.3 upgrade does not upgrade
After *Round 5* (same output as Round 4 and another reboot later), the next generation thing by some huge miracle act... Kill Bill
07:01 AM Bug #7276: 2.3.3 upgrade does not upgrade
*Third round of pkg idiocy*, now pkg getting more schizo, first wants to reinstall itself, then changes its mind, fir... Kill Bill
04:20 AM Bug #7276 (Resolved): 2.3.3 upgrade does not upgrade
Really starting to lose my patience with pkg. :-X... Kill Bill

02/17/2017

11:19 PM Bug #7166 (Resolved): During bandwidth test 4860 with 2.4 got Fatal trap 12: page fault while in kernel mode
Fixed. Luiz Souza
11:11 PM Bug #7166: During bandwidth test 4860 with 2.4 got Fatal trap 12: page fault while in kernel mode
Thank you again Constantine!
I'll upstream this fix. Luiz Souza
05:39 AM Bug #7166: During bandwidth test 4860 with 2.4 got Fatal trap 12: page fault while in kernel mode
I updated 4860 on last firmware and made tests. And I got very good result.
There is not problem with performance an... Constantine Kormashev
11:19 PM Bug #7149 (Resolved): igb driver queue related crashes
Fixed. Luiz Souza
11:16 PM Bug #7272: 6rd not functioning on 2.4.0-BETA
Please, check #7176 too (probably related) Luiz Souza
11:57 AM Bug #7272 (Resolved): 6rd not functioning on 2.4.0-BETA
Currently running on a SG-1000:
2.4.0-BETA (arm)
built on Thu Feb 16 08:46:33 CST 2017
FreeBSD 11.0-RELEASE-p7
... Ed Maste
10:59 PM Bug #7167: Error creating higher VLAN ID on SG-1000
Constantine, I cannot reproduce these issues.
I can use VLANs on LAN interface (but need to add the default pass r... Luiz Souza
09:30 PM Feature #7275: Add help text for DNS Made Easy
I guess I'm not sure what I should do next - do I need to link this to Github pull request 3554 somehow, and/or mark ... Jeremy Nelson
09:28 PM Feature #7275: Add help text for DNS Made Easy
I didn't know if I should directly make a pull request to master, and quite frankly, I'm not all that familiar with g... Jeremy Nelson
08:41 PM Feature #7275: Add help text for DNS Made Easy
@Jeremy, since you know exactly what data should go in the fields, it will be easy if you go to:
https://github.com/... Phillip Davis
08:29 PM Feature #7275 (Resolved): Add help text for DNS Made Easy
src/usr/local/www/services_dyndns_edit.php
domainname field: Add "DNS Made Easy: Dynamic DNS ID (NOT hostname)"
u... Jeremy Nelson
08:01 PM Feature #7245: NTP widget shows client time instead of server time
https://github.com/pfsense/pfsense/pull/3553 Kill Bill
03:23 PM Bug #7274 (Resolved): status_ipsec.php: connect/ikedisconnect/childdisconnect actions still use GET, not POST
Looks good to me, everything is using POST now Jim Pingle
03:20 PM Bug #7274 (Feedback): status_ipsec.php: connect/ikedisconnect/childdisconnect actions still use GET, not POST
Applied in changeset commit:64d53c6939c0e81cc0e53631006a1b2fc4af4b0a. Anonymous
01:52 PM Bug #7274 (Resolved): status_ipsec.php: connect/ikedisconnect/childdisconnect actions still use GET, not POST
On status_ipsec.php the buttons for connect, ikedisconnect, and childdisconnect actions still use GET, not POST. Addi... Jim Pingle
01:01 PM Bug #6662 (Resolved): pkg_edit.php checkbox alignment issue when using the sethelp xml tag
Anonymous
12:54 PM Bug #6662: pkg_edit.php checkbox alignment issue when using the sethelp xml tag
Long fixed, close please. Kill Bill
12:30 PM Bug #7273 (Feedback): diag_confbak.php: If a user enters 0 for the number of backups to keep, PHP errors occur
Applied in changeset commit:3057a2ba467c5a4bcda3a004f876a43758d6e129. Jim Pingle
12:18 PM Bug #7273 (Resolved): diag_confbak.php: If a user enters 0 for the number of backups to keep, PHP errors occur
On diag_confbak.php the Backup Count text says to use "0" to keep no backups. The form type is 'number' which prevent... Jim Pingle
07:04 AM pfSense Packages Bug #7271: Co-existence of unbound and BIND/named
Agreed. Move the BIND port instead. Jim Pingle
07:01 AM pfSense Packages Bug #7271: Co-existence of unbound and BIND/named
Yeah, I'd definitely rather move the BIND control port than mess with default ports for a default pfSense resolver th... Kill Bill
05:39 AM pfSense Packages Bug #7271 (Resolved): Co-existence of unbound and BIND/named
Problem: both packages (want to) use same port 953 on 127.0.0.1 for (remote) control. If BIND is installed and enable... Rolf Sommerhalder
06:47 AM Bug #7270 (Resolved): interfaces_vlan.php: Can't delete VLAN
Anonymous
06:15 AM Bug #7270: interfaces_vlan.php: Can't delete VLAN
thank you Dmitry Ivanov
06:00 AM Bug #7270: interfaces_vlan.php: Can't delete VLAN
Applied in changeset commit:4a03ae0a97a58e8526765f8de500edd5ddf7b5a0. Anonymous
05:55 AM Bug #7270 (Feedback): interfaces_vlan.php: Can't delete VLAN
Fixed. Anonymous
04:50 AM Bug #7270 (Resolved): interfaces_vlan.php: Can't delete VLAN
"Delete VLAN" button do nothing Dmitry Ivanov
02:53 AM Bug #7269: syslogd stops logging
With all log files empty, I get an segfault when running syslogd:... Robin Lutz
02:50 AM Bug #7269 (Not a Bug): syslogd stops logging
I am trying to debug #7264 and have the problem that the log files don't recieve any update from syslogd. The last by... Robin Lutz
02:51 AM Bug #7266: SNMP does not listen on IPv6 interface
Sorry. I totaly misread your sentence. -I'll close this- as it will be fixed in 2.4 and is not capable in 2.3 [edit] ... Marcel Hellwig
02:35 AM Bug #7268: System Info Widget "All" button does not work with "Disable the automatic dashboard auto-update check"
Note: "Disable the automatic dashboard auto-update check" is often selected on nanoBSD installs, so nanoBSD users mig... Phillip Davis
02:32 AM Bug #7268 (Resolved): System Info Widget "All" button does not work with "Disable the automatic dashboard auto-update check"
1) In System, Update, Settings, select "Disable the automatic dashboard auto-update check"
2) On the dashboard, clic... Phillip Davis
02:15 AM pfSense Packages Bug #4731: softflowd process gets started twice during bootup
@restart_service_if_running()@ is a completely useless function as designed. The issue is fixed in https://github.com... Kill Bill
12:22 AM Bug #7176: IPv6 Monitor IP does not seem to propagate
The bind address appears to be invalid. Denny Page

02/16/2017

08:27 PM Bug #7176: IPv6 Monitor IP does not seem to propagate

Got to play a little today- This is the error in the log when restarting dpinger.
Feb 16 18:23:01 php-fpm 7... Chris Palmer
06:15 PM Bug #7265: Service dpinger does not start after upgrade from 2.3.3 to 2.4.0-Beta
The log entry doesn't make any sense to me. Please go to Status / Services and restart the dpinger daemon. Then post ... Denny Page
01:53 PM Bug #7265: Service dpinger does not start after upgrade from 2.3.3 to 2.4.0-Beta
If I look at Status -> System logs -> gateways I only see the following message:... Philipp Haefelfinger
04:54 PM pfSense Packages Bug #7267 (Resolved): Status Traffic Totals - Stacked Bar - Scale not high enough
On the Status / Traffic Totals, if you use Bar (Stacked) type, the vertical axis scale is only high enough for the TX... Stuart Wyatt
10:47 AM Bug #6099: igmpproxy does not recognize upstream interface
It seems to be fixed only on devel branch (2.4 only): https://github.com/pfsense/FreeBSD-ports/commits/devel/net/igmp... Luiz Souza
09:17 AM Bug #7264: Multi-WAN with same Gateways: Gateway Monitor causes strange problems
This setup worked for a quite long time. I went back to disable Gateway Monitor over all, but the problems still occu... Robin Lutz
07:11 AM Bug #7262: pkg_edit.php - Method Form_Group::__toString() exception with rowhelperfields with a total width >10
Steve Beaver wrote:
> The disadvantage is that you have to live within the grid. You can have a maximum of 12 column... Kill Bill
06:58 AM Bug #7266: SNMP does not listen on IPv6 interface
The SNMP daemon built into pfSense is bsnmpd, which is not capable of using IPv6 right now.
On 2.4 we have an addi... Jim Pingle
06:47 AM Bug #7266: SNMP does not listen on IPv6 interface
Are we talking about the same net-snmp package? (http://net-snmp.sourceforge.net/)
"SNMP is a suite of application... Marcel Hellwig
06:34 AM Bug #7266 (Rejected): SNMP does not listen on IPv6 interface
It isn't capable.
The net-snmp package, available on pfSense 2.4, does support IPv6 SNMP. Jim Pingle
02:46 AM Bug #7266 (Rejected): SNMP does not listen on IPv6 interface
$ sockstat -4 -l | grep 161
root bsnmpd 13792 6 udp4 192.168.0.1:161 *:*
$ sockstat -6-l | grep ... Marcel Hellwig
05:33 AM pfSense Packages Bug #7263: FreeRADIUS - complete lack of input validation
Hopefully all done.
@Phil: You like to break this kind of things, in case you are bored. :P Kill Bill

02/15/2017

11:40 PM Bug #7265: Service dpinger does not start after upgrade from 2.3.3 to 2.4.0-Beta
Is there anything in the system log for dpinger? Denny Page
05:03 PM Bug #7265 (Assigned): Service dpinger does not start after upgrade from 2.3.3 to 2.4.0-Beta
Jim Thompson
03:13 PM Bug #7265 (Not a Bug): Service dpinger does not start after upgrade from 2.3.3 to 2.4.0-Beta
From the day I upgraded my system to version 2.4.x dpinger did not start anymore and in the list of gateway I only se... Philipp Haefelfinger
08:40 PM Bug #6099: igmpproxy does not recognize upstream interface
I must be extremely dense. Why's this marked as resolved?! Where's a working version available? Kill Bill
09:18 AM Bug #6099: igmpproxy does not recognize upstream interface
Hello,
Okay guys I recognize that one of my latest patches has messed up the behavior earlier. The version that lo... Jorge M. Oliveira
05:04 PM Bug #7138 (Assigned): Pfsense wide dhcpv6 client doesn't recognise ifid statement
Jim Thompson
05:04 PM Bug #7254 (Assigned): Selection from long tab list that uses dropdown does not POST correctly
Jim Thompson
05:03 PM Bug #6677 (Assigned): CARP VIPs are configured on disabled interfaces at boot time
Jim Thompson
01:28 PM Feature #4083 (Feedback): Replace GET by POST
All delete, toggle,disable and similar actions have been converted to POST via Javascript
There are two exceptions... Anonymous
01:08 PM Feature #7251 (Resolved): JavaScript & CSS are cached too aggressively by browsers, add URL fingerprint or other cache control mechanism
Seems to work fine. I upgraded a VM that was on a snapshot from before all of the GET/POST conversion and when upgrad... Jim Pingle
12:00 PM Feature #7251: JavaScript & CSS are cached too aggressively by browsers, add URL fingerprint or other cache control mechanism
Applied in changeset commit:09ba8bb752171fe02c67c7983bc8ceeab63f804c. Anonymous
11:55 AM Feature #7251 (Feedback): JavaScript & CSS are cached too aggressively by browsers, add URL fingerprint or other cache control mechanism
Anonymous
11:54 AM Feature #7251: JavaScript & CSS are cached too aggressively by browsers, add URL fingerprint or other cache control mechanism
The above solution seems to work as expected. I have added it to head.inc and foot.inc Anonymous
10:04 AM Bug #7262: pkg_edit.php - Method Form_Group::__toString() exception with rowhelperfields with a total width >10
Well - pfSense uses the Twitter Bootstrap framework for its GUI. That framework uses a grid system with 12 columns an... Anonymous
02:58 AM Bug #7262 (Closed): pkg_edit.php - Method Form_Group::__toString() exception with rowhelperfields with a total width >10
To reproduce:
- take e.g. this file - https://github.com/pfsense/FreeBSD-ports/blob/devel/net/pfSense-pkg-freeradius... Kill Bill
09:47 AM pfSense Packages Bug #7263: FreeRADIUS - complete lack of input validation
https://github.com/pfsense/FreeBSD-ports/pull/308
(Work in progress ATM.) Kill Bill
04:45 AM pfSense Packages Bug #7263: FreeRADIUS - complete lack of input validation
Well, it's not called "free" RADIUS for nothing - validation-free at least. Phillip Davis
03:20 AM pfSense Packages Bug #7263 (Resolved): FreeRADIUS - complete lack of input validation
No input validation whatsoever done anywhere. Nothing, zilch, nada... Kill Bill
08:10 AM Bug #6836: Wrong queue length on "/status_queues.php" page under heavy traffic
I'm experiencing the same issue. Is this being tracked somewhere? My search has come up empty so far. Ronald Trump
06:40 AM Bug #7264 (Not a Bug): Multi-WAN with same Gateways: Gateway Monitor causes strange problems
Using more than one WAN with the same gateway has never been a supported configuration. You can't have two interfaces... Jim Pingle
04:40 AM Bug #7264 (Not a Bug): Multi-WAN with same Gateways: Gateway Monitor causes strange problems
Here is the setup:
Two cable modems from the same provider, one is used for VPN connections, the other one for all... Robin Lutz
05:10 AM Bug #7252 (Resolved): OpenVPN widget, connect time of roadwariors shows a number
Looks good with OpenVPN 2.3 being back Renato Botelho
04:34 AM Feature #3474: Openvpn client-specific-overrides ip conflicts
If we declare ifconfig-pool in custom options, the server doesn't work because of the "server" directive.
We would... Aurélien BONANNI
03:34 AM Bug #7253: LDAP does no longer properly fallback to local auth, obnoxious timeouts, unusable GUI
Yep, usable again. Thanks. Kill Bill
03:27 AM Bug #7253 (Resolved): LDAP does no longer properly fallback to local auth, obnoxious timeouts, unusable GUI
Seems OK after revert Renato Botelho

02/14/2017

08:51 PM pfSense Packages Bug #6404 (Resolved): FreeRADIUS Does Not Start After Upgrade
Jim Pingle
06:59 PM pfSense Packages Bug #6404: FreeRADIUS Does Not Start After Upgrade
Merged and working, can be closed. Kill Bill
04:53 PM Bug #7261 (Rejected): pfSense serial console appears unresponsive
Jani,
This is a bug reporter for pfSense in general and it doesn't sound like you have a bug but perhaps an issue ... Jim Pingle
04:38 PM Bug #7261 (Rejected): pfSense serial console appears unresponsive
Hello!
I'd like to report a problem with a brand new pfSense SG-4860 with factory installed firmware:
2.3.2-R... Jani Tuisku
02:44 PM pfSense Packages Bug #6928 (Resolved): freeRADIUS, logging with "Access-Reject" not work in mysql table radpostauth
Renato Botelho
02:38 PM pfSense Packages Bug #6928: freeRADIUS, logging with "Access-Reject" not work in mysql table radpostauth
Merged and working, can be closed. Kill Bill
02:44 PM pfSense Packages Bug #6547 (Resolved): syslog-ng log browser only shows the first few lines
Renato Botelho
02:37 PM pfSense Packages Bug #6547: syslog-ng log browser only shows the first few lines
Works, can be closed. Kill Bill
02:28 PM Bug #7257 (Resolved): Use pfSense-upgrade to check if there is a new firmware upgrade
It works Renato Botelho
02:25 PM Feature #6374 (Resolved): Provide sample server-side logic to report peer's IP address for use with DDNS
What's in the GUI is fine for the purpose it serves. No need to get that complicated for an example. Jim Pingle
11:59 AM Feature #7260 (New): Source OS / p0f Database Missing Modern Operating Systems
Latest FreeBSD: 5.2
Latest Windows: Vista
Latest MacOS: 9.2
No Android, Mac OS X, iOS, macOS, etc. Chris Linstruth
08:09 AM Bug #7243: Openvpn route only first network in IPv4 Remote network(s) to local net
The Internet service provider used by the many subnets are the same as in my company's offices, so solution adding ru... Ivan Pavlov
07:15 AM Bug #7243 (Not a Bug): Openvpn route only first network in IPv4 Remote network(s) to local net
Please post details on a forum thread for discussion. This appears to be a configuration issue, not a bug. Jim Pingle
06:52 AM Bug #7243: Openvpn route only first network in IPv4 Remote network(s) to local net
if server openvpn IPv4 Remote network(s) set to 192.168.0.0/16 оnly after this, routing works on local net to 192.168... Ivan Pavlov
05:28 AM Feature #7011: Retain vendor MAC address at power up
Prefer they be stored in /var/db directory along with some of the other network stuff. Also friendlier for write cyc... NOYB NOYB
05:06 AM Bug #6650: Option needed to disable HSTS
NOYB NOYB wrote:
> What is so difficult about clearing browser cookies?
Nothing except that it's completely usele... Kill Bill
04:54 AM Bug #6650: Option needed to disable HSTS
Kill Bill wrote:
> Most importantly, it makes switching back to HTTP pretty much impossible without stupid browser-s... NOYB NOYB
04:45 AM Bug #7249: firewall_rules.php & firewall_nat.php: Replaces underscores with spaces in aliase names
So what is the actual issue that replacing the underscore with space in the displaying of the rules creates? Is ther... NOYB NOYB

02/13/2017

07:21 PM Bug #6687: Secure email fails with private CA
The root issue appears to be #4068. Ross Williams
07:03 PM Bug #6687: Secure email fails with private CA
I am interested in implementing a related feature that allows a "private CA" to be installed as a trusted root that i... Ross Williams
07:19 PM Feature #7242: SSL Include CA Certs
This is a duplicate of #4068. I am considering addressing this issue, as it affects our operations using pfSense on a... Ross Williams
03:56 PM Bug #6711 (Resolved): diag_states_summary # States and # States twice (explain one is per protocol)
Anonymous
10:14 AM Bug #6711 (Assigned): diag_states_summary # States and # States twice (explain one is per protocol)
Anonymous
03:38 PM Bug #7168: Vague kernel messages in system log
Phillip Davis wrote:
> The 'done' and the dots are output by steps of the boot script as it gets to various points i... Daryl Morse
09:15 AM Bug #7168: Vague kernel messages in system log
The 'done' and the dots are output by steps of the boot script as it gets to various points in the code. That comes o... Phillip Davis
07:43 AM Bug #7168: Vague kernel messages in system log
Noticed the same thing - have not seen them before. Running 2.4 snap 2.4.0.b.20170213.0512... → luckman212
03:29 PM Bug #7257 (Feedback): Use pfSense-upgrade to check if there is a new firmware upgrade
pfSense-upgrade 0.15 should fix it Renato Botelho
11:04 AM Bug #7257 (Resolved): Use pfSense-upgrade to check if there is a new firmware upgrade
Today GUI is using it's own logic to detect when a new pfSense version is available. pfSense-upgrade offers this opti... Renato Botelho
01:30 PM Feature #7259 (Duplicate): Automatic Rollback of Unsucessful changes
One Critical feature that most professional Routers have that PfSense does not is a "do this, but roll it back if you... Sunrunner20 20
11:48 AM Bug #7258 (Resolved): vpn_ipsec_phase1.php: Unable to save Mobile IPsec Phase 1 set for Hybrid RSA + Xauth
Works Jim Pingle
11:40 AM Bug #7258 (Feedback): vpn_ipsec_phase1.php: Unable to save Mobile IPsec Phase 1 set for Hybrid RSA + Xauth
Applied in changeset commit:eb5bc42b04ead009b2e09f3ed002eecded240864. Jim Pingle
11:19 AM Bug #7258 (Resolved): vpn_ipsec_phase1.php: Unable to save Mobile IPsec Phase 1 set for Hybrid RSA + Xauth
On vpn_ipsec_phase1.php, when editing a Mobile Phase 1 a user cannot save the settings when Authentication Method is ... Jim Pingle
10:28 AM Bug #7166: During bandwidth test 4860 with 2.4 got Fatal trap 12: page fault while in kernel mode
The next build has a different fix for this issue, it probably has better performance too.
Could you, please, chec... Luiz Souza
09:59 AM Bug #7253: LDAP does no longer properly fallback to local auth, obnoxious timeouts, unusable GUI
Change reverted from RELENG_2_3 and RELENG_2_3_3 Renato Botelho
06:57 AM Bug #7253: LDAP does no longer properly fallback to local auth, obnoxious timeouts, unusable GUI
Yes, the easy fix is to revert 3322 from 2.3.3. The extra functionality is not that exciting!
And this issue shoul... Phillip Davis
06:10 AM Bug #7253: LDAP does no longer properly fallback to local auth, obnoxious timeouts, unusable GUI
Can we just revert https://github.com/pfsense/pfsense/pull/3322 for 2.3.3? This non-issue with displayed notices that... Kill Bill
05:26 AM Bug #7253: LDAP does no longer properly fallback to local auth, obnoxious timeouts, unusable GUI
My bad, I did to revert it because the field that controls cache time is a 2.4.0 only feature. Sorry about the noise. Renato Botelho
05:20 AM Bug #7253 (Feedback): LDAP does no longer properly fallback to local auth, obnoxious timeouts, unusable GUI
I've applied both PRs to RELENG_2_3_3. Could you please confirm the fix on next snapshot? Renato Botelho
09:51 AM Bug #7252 (Feedback): OpenVPN widget, connect time of roadwariors shows a number
OpenVPN port was downgraded to 2.3.x Renato Botelho
09:38 AM Bug #7252: OpenVPN widget, connect time of roadwariors shows a number
No, it will work fine for everyone (Well, 99.999%). OpenVPN won't have any compatibility issues between the two. It w... Jim Pingle
09:34 AM Bug #7252: OpenVPN widget, connect time of roadwariors shows a number
so if someones on 2.3.3 with opnvpn 2.4 will change back to 2.3 have ramifications ?? Michael Kellogg
09:16 AM Bug #7252: OpenVPN widget, connect time of roadwariors shows a number
We're moving 2.3.3 back to OpenVPN 2.3 since it appears to be the path of least disruption. Jim Pingle
09:20 AM Bug #6937 (Assigned): Inbound traffic on enc0 is not creating a state with mobile IPsec
Jim Pingle
07:41 AM pfSense Packages Feature #7189: Letsencrypt acme sync in HA environment
Since the certs automatically sync between active and passive nodes, I am inclined to agree that acme should not be i... Adam Lawler
07:21 AM Bug #4474: IP address change triggers reload of all packages
Just FYI: That's not my patch, see the URL :) Kill Bill
07:15 AM Bug #4474: IP address change triggers reload of all packages
User "Kill Bill" wrote a patch that disables this behaviour for 2.2.2 and linked it in https://redmine.pfsense.org/is... Daniel Grob
05:48 AM Bug #7256: syslogd is not running after installing or uninstalling a package with logging (e.g. tinc, haproxy)
Here's some more context:... Kill Bill
05:16 AM Bug #7256 (Resolved): syslogd is not running after installing or uninstalling a package with logging (e.g. tinc, haproxy)
Suspect it's related to Feature #4898. Last log entry:... Kill Bill
02:06 AM Bug #6223: IPsec + OpenBGPD fails with "PF_KEY socket: No buffer space available"
In 2.4 it flaps constantly... I mean every 40 seconds or so, but it varies
startup
rereading config
route decisi... Frans Gidlöf

02/12/2017

09:14 PM Bug #7253: LDAP does no longer properly fallback to local auth, obnoxious timeouts, unusable GUI
I added a commit to https://github.com/pfsense/pfsense/pull/3538 that checks the $allowed_groups actually is an array... Phillip Davis
09:12 PM Bug #7253: LDAP does no longer properly fallback to local auth, obnoxious timeouts, unusable GUI
See PR https://github.com/pfsense/pfsense/pull/3539 for a bug in ldap_get_groups() where it can return something that... Phillip Davis
11:45 AM Bug #7253: LDAP does no longer properly fallback to local auth, obnoxious timeouts, unusable GUI
Phillip Davis wrote:
> (Code changes needed for 2.3.3 should be similar to what is in the PR for 2.4)
The patch a... Kill Bill
11:17 AM Bug #7253: LDAP does no longer properly fallback to local auth, obnoxious timeouts, unusable GUI
I made PR https://github.com/pfsense/pfsense/pull/3538 to cache group/priv information within get_user_privileges() i... Phillip Davis
02:54 PM Bug #7255 (Resolved): Firewall alias FQDN field rejects IDNs (Internationalized domain names)
When creating a firewall alias and entering "www.bücher.ch" as the FQDN, pfsense gives an error stating:
"www.büch... Sean McBride
02:44 PM Bug #6945: Firewall alias naming restrictions are too limiting
Pillip, yes, using "www.xn--bcher-kva.ch" as the FQDN in the alias works. ex:, with such a rule, a traceroute from my... Sean McBride
12:44 PM Bug #7252: OpenVPN widget, connect time of roadwariors shows a number
I didn't notice that OpenVPN 2.4 was on pfSense 2.3.3. That means there are probably more OpenVPN 2.4-isms to account... Jim Pingle
10:07 AM Bug #7252: OpenVPN widget, connect time of roadwariors shows a number
I didn't test architecture 'all' but likely yes.. As for priority, its a display issue, actual functionality of the o... Pi Ba
09:58 AM Bug #7252: OpenVPN widget, connect time of roadwariors shows a number
Shouldn't this be architecture All? Jim Thompson
08:40 AM Bug #7252: OpenVPN widget, connect time of roadwariors shows a number
At the moment the field is displaying one of the byte counts, so it will be completely misleading to leave it like th... Phillip Davis
08:37 AM Bug #7252: OpenVPN widget, connect time of roadwariors shows a number
Pull Request https://github.com/pfsense/pfsense/pull/3537
Actually I think it could be done just by cherry-picking... Phillip Davis
03:41 AM Feature #4083: Replace GET by POST
And here is a way to "fix" breadcrumb links: https://github.com/pfsense/pfsense/pull/3534
But of course it does not ... Phillip Davis
02:38 AM Feature #4083: Replace GET by POST
Note issue https://redmine.pfsense.org/issues/7254
The dropdown list of interface names in Firewall Rules was still ... Phillip Davis
01:29 AM Bug #7254: Selection from long tab list that uses dropdown does not POST correctly
PR https://github.com/pfsense/pfsense/pull/3533 provides a fix that works for me. It will at least get functionality ... Phillip Davis
01:23 AM Bug #7254 (Resolved): Selection from long tab list that uses dropdown does not POST correctly
1) Have a lot of interfaces with long names.
2) Got to Firewall->Rules
3) Try to access the rules of a different in... Phillip Davis

02/11/2017

07:57 PM Feature #4821: PPPoE WANs do not take full advantage of NIC driver queues for receiving traffic
Unlikely Jim Thompson
06:54 PM Bug #7253: LDAP does no longer properly fallback to local auth, obnoxious timeouts, unusable GUI
Nuked the above code, sanity restored. It's evil, get it out of the head.inc please. (Plus, get_user_privileges() obv... Kill Bill
06:44 PM Bug #7253: LDAP does no longer properly fallback to local auth, obnoxious timeouts, unusable GUI
I never set up any timeout anywhere. The point is it tries to look up a *local* user in LDAP, over and over again, ca... Kill Bill
06:42 PM Bug #7253: LDAP does no longer properly fallback to local auth, obnoxious timeouts, unusable GUI
What's your server timeout set to in the LDAP auth server settings? It should be defaulting to 25s, you can lower it ... Jim Pingle
06:32 PM Bug #7253 (Resolved): LDAP does no longer properly fallback to local auth, obnoxious timeouts, unusable GUI
No idea when this regressed, but I get this when AD in unreachable:... Kill Bill
06:49 PM Feature #7199 (Resolved): SG-1000 cpsw nics don't support ALTQ
Jim Pingle
05:49 PM Feature #7199: SG-1000 cpsw nics don't support ALTQ
SG-1000
2.4.0.b.20170211.0742
Test and working. Thank you for implementing that! Jakub Osika
06:49 PM Bug #7219 (Resolved): vlan(4) interfaces do not have ALTQ support on pfSense 2.4, they had ALTQ support on 2.3
Jim Pingle
05:48 PM Bug #7219: vlan(4) interfaces do not have ALTQ support on pfSense 2.4, they had ALTQ support on 2.3
SG-1000
2.4.0.b.20170211.0742
Can confirm that ALTQ with vlans now works.
 Jakub Osika
06:00 PM Bug #7252 (Resolved): OpenVPN widget, connect time of roadwariors shows a number
OpenVPN widget, connect time of roadwariors shows a number Pi Ba
10:48 AM Feature #4083: Replace GET by POST
Yes, that is the goal. It isn't only about accidental actions, though, but also CSRF protection. Jim Pingle
10:41 AM Feature #4083: Replace GET by POST
Isn't the principle here that anything that changes stuff (makes a config change, stops/starts a service, applies cha... Phillip Davis
08:24 AM Feature #4083: Replace GET by POST
Good points. I'll give that some thought. Anonymous
08:07 AM Feature #4083: Replace GET by POST
The recent work here is excellent, for delete, enable/disable, and other actions that result in a config change or fi... Jim Pingle
07:46 AM Bug #6340: fsck hangs boot in background, fails to produce any action, resulting in broken firewall
Graham Collinson wrote:
> yes it was on 2.3.2
It was changed since 2.3.2. New code is on 2.3.3 and 2.4.0 snapshots. Renato Botelho
07:35 AM Bug #6340: fsck hangs boot in background, fails to produce any action, resulting in broken firewall
yes it was on 2.3.2 Graham Collinson
07:06 AM Feature #7251: JavaScript & CSS are cached too aggressively by browsers, add URL fingerprint or other cache control mechanism
A simple way to deal with this might be to prevent caching on the login page. That way all the CSS and JS is re-loade... Anonymous
06:13 AM Feature #7251: JavaScript & CSS are cached too aggressively by browsers, add URL fingerprint or other cache control mechanism
I knew I was forgetting something!
Updated subject/descr
Thanks Jim Pingle
06:10 AM Feature #7251: JavaScript & CSS are cached too aggressively by browsers, add URL fingerprint or other cache control mechanism
There is the same problem with CSS. Kill Bill

02/10/2017

09:53 PM Feature #7251 (Resolved): JavaScript & CSS are cached too aggressively by browsers, add URL fingerprint or other cache control mechanism
JavaScript and CSS are cached too aggressively by browsers, so when any significant change happens, users must manual... Jim Pingle
09:41 PM Bug #7240 (Not a Bug): OpenVPN Client bug
I can't reproduce this with clients or servers. "Permission denied" implies that a firewall rule is blocking the traf... Jim Pingle
09:34 PM pfSense Packages Bug #7236 (Resolved): ACME - DNS-NSupdate badly misformatted GUI
Jim Pingle
09:34 PM pfSense Packages Feature #7221 (Resolved): ACME package : add standalone mode & specify port used
Jim Pingle
09:34 PM pfSense Packages Bug #7218 (Resolved): acme_inc.sh hard codes 'HMAC-MD5.SIG-ALG.REG.INT' for nsupdate key types
Jim Pingle
09:33 PM pfSense Packages Bug #7208 (Resolved): ACME ftpwebroot doesn't work
Jim Pingle
09:33 PM pfSense Packages Bug #7205 (Resolved): ACME package ignores DNS-Manual method, defaults to http-01
Jim Pingle
09:33 PM pfSense Packages Bug #7192 (Resolved): ACME package cannot update more than one nsupdate type domain
Jim Pingle
09:30 PM pfSense Packages Bug #7190 (Resolved): pfSense-pkg-acme Bug - php errors on pages that list certificates when no LE Certs have been created yet (eg Cert. Manager - Certificates, OpenVPN - Servers)
Jim Pingle
09:30 PM Feature #7239 (Rejected): DNS Resolver enable reverse dns override for single host
As you see, it already adds the PTR records.
 Jim Pingle
08:42 PM Bug #7241 (Not a Bug): OpenVPN CSC Tunnel Network not accepting net30 addresses
Can't reproduce. It works fine on 2.3.2_1, 2.3.3, and 2.4. The server has to be set for net30 and you have to specify... Jim Pingle
05:46 PM Bug #7249: firewall_rules.php & firewall_nat.php: Replaces underscores with spaces in aliase names
Cool... This will help pfBlockerNG as all the Auto rules are *pfB_<aliasname>_v4*... Thanks Steve! BBcan177 .
04:28 PM Bug #7249: firewall_rules.php & firewall_nat.php: Replaces underscores with spaces in aliase names
Yes. Missed it by an hour :)
 Anonymous
04:19 PM Bug #7249: firewall_rules.php & firewall_nat.php: Replaces underscores with spaces in aliase names
Steve Beaver wrote:
> Changed the code to replace '_' with '_<wbr>' (word break opportunity). Allows a long alias n... Zetto Null
03:25 PM Bug #7249 (Feedback): firewall_rules.php & firewall_nat.php: Replaces underscores with spaces in aliase names
Changed the code to replace '_' with '_<wbr>' (word break opportunity). Allows a long alias name to word-wrap, but r... Anonymous
03:08 PM Bug #7249: firewall_rules.php & firewall_nat.php: Replaces underscores with spaces in aliase names
That is not exactly a bug, the underscore is deliberately replaced with a space for display. It seems to have been a ... Anonymous
01:58 PM Bug #7249 (Resolved): firewall_rules.php & firewall_nat.php: Replaces underscores with spaces in aliase names
I have a number of firewall aliases that contain underscores. The underscore is replaced with a space when viewing a ... Zetto Null
04:21 PM Bug #7250: Subnet is too large to expand into individual host IP addresses
Thank you! Using Network(s) instead of Host(s) worked. Zetto Null
04:17 PM Bug #7250 (Not a Bug): Subnet is too large to expand into individual host IP addresses
You can't use a host type alias for a masked network like that, use a Network type alias instead. Jim Pingle
04:10 PM Bug #7250 (Not a Bug): Subnet is too large to expand into individual host IP addresses
I'm trying to create a IP Alias with a /16 subnet. This fails with the following error.
* Subnet is too large to e... Zetto Null
04:11 PM Todo #6767 (Resolved): Change logout from GET to POST request
Anonymous
04:09 PM Bug #7202 (Resolved): "Warning: sprintf(): Too few arguments in /usr/local/www/classes/Form/Group.class.php on line 65 Call Stack:
Anonymous
02:11 PM Bug #6768 (Resolved): DNS Resolver entry for DHCPv6 static mapping has wrong IP address
Tested 2.3.3 and 2.4, correct subnet is used. Jim Pingle
12:53 PM Bug #6768 (Feedback): DNS Resolver entry for DHCPv6 static mapping has wrong IP address
ops, untested yet Renato Botelho
12:53 PM Bug #6768 (Resolved): DNS Resolver entry for DHCPv6 static mapping has wrong IP address
works Renato Botelho
01:52 PM Bug #6432: Relative distinguished names should accept unicode during CA creation.
To be clear, what's the fix? Does it merely warn to use only ASCII, or does it now support Unicode properly? Sean McBride
01:27 PM Bug #6432 (Resolved): Relative distinguished names should accept unicode during CA creation.
works Renato Botelho
01:40 PM Bug #6852: Commit 8f86722 breaks DHCPv6 leases status page
upgraded hardware due to c2000 restored config and this now works so guess somethin in my dhcp6 leases file had a pro... Michael Kellogg
06:50 AM Bug #6852: Commit 8f86722 breaks DHCPv6 leases status page
This is a regression Michael Kellogg
01:30 PM Bug #6340: fsck hangs boot in background, fails to produce any action, resulting in broken firewall
I tried to break it again and couldn't after last changes. Instead of closing it without hearing from more people I'l... Renato Botelho
11:10 AM Bug #6340: fsck hangs boot in background, fails to produce any action, resulting in broken firewall
Graham Collinson wrote:
> I saw an issue like this on the first power cycle of a new SG-2440.
> manually running fs... Renato Botelho
04:34 AM Bug #6340: fsck hangs boot in background, fails to produce any action, resulting in broken firewall
I saw an issue like this on the first power cycle of a new SG-2440.
manually running fsck didn't find an issue but e... Graham Collinson
01:24 PM Bug #7083 (Resolved): Put back some visual hint for required fields
Everything looks OK now. Thanks Phil! Renato Botelho
11:08 AM Bug #7083 (Feedback): Put back some visual hint for required fields
I believe it's all done now Renato Botelho
10:16 AM Bug #7083: Put back some visual hint for required fields
I have noted on GitHub a couple of commits in master that did not get back-ported. @rbgarga is back-porting them righ... Phillip Davis
09:22 AM Bug #7083: Put back some visual hint for required fields
Oh, I see now that you just committed that supporting code to RELENG_2_3. I noticed the issue this morning my time (w... Phillip Davis
09:16 AM Bug #7083: Put back some visual hint for required fields
On which page do you see that Phil?
I assumed you synced in the last few minutes? Anonymous
09:13 AM Bug #7083: Put back some visual hint for required fields
Reported in forum: https://forum.pfsense.org/index.php?topic=125403.0
I am seeing the "*" displayed in the (some) pl... Phillip Davis
08:43 AM Bug #7083: Put back some visual hint for required fields
The mechanism required to do this has been ported to 2.3.3 but it looks like quite a few pages do not yet have the '*... Anonymous
07:25 AM Bug #7083 (Assigned): Put back some visual hint for required fields
Looks like this was partially merged back to 2.3.3 but not all of it. Fields have the * before the name and are not s... Jim Pingle
01:23 PM Bug #5321 (Resolved): rxcsum6, txcsum6 not considered by "Disable hardware checksum offload"
works Renato Botelho
12:55 PM Todo #6689 (Resolved): Add enable link to Status > UPnP & NAT-PMP error message if disabled
works Renato Botelho
11:07 AM Todo #6689 (Feedback): Add enable link to Status > UPnP & NAT-PMP error message if disabled
PR has been merged Renato Botelho
12:54 PM Bug #6806 (Resolved): Form validation for DHCP NTP Servers does not allow hyphens
works Renato Botelho
12:50 PM Bug #6966 (Resolved): Display bug in Status / IPsec / Overview
works Renato Botelho
11:39 AM Bug #6966 (Feedback): Display bug in Status / IPsec / Overview
PR has been merged, thanks! Renato Botelho
07:37 AM Bug #6966 (New): Display bug in Status / IPsec / Overview
Jim Pingle
07:23 AM Bug #6966: Display bug in Status / IPsec / Overview
pull request for fix on github
https://github.com/pfsense/pfsense/pull/3522 Graham Collinson
06:46 AM Bug #6966: Display bug in Status / IPsec / Overview
This simple patch appears to work.
Might want to add in further checking or change the way of identifying whether it... Graham Collinson
06:34 AM Bug #6966: Display bug in Status / IPsec / Overview
Looks like this is caused because there's a mismatch between the ikeid in $config['ipsec']['phase1'] and the ikeid re... Graham Collinson
06:14 AM Bug #6966: Display bug in Status / IPsec / Overview
Reproduced issue with two test VMs. Setup a simple IKEv2 between the two with one child sa. When split connections ... Graham Collinson
04:40 AM Bug #6966: Display bug in Status / IPsec / Overview
I've seen a similar issue on a production system with IKEv2 and split connections ticked (Enable this to split connec... Graham Collinson
12:47 PM Bug #7233 (Resolved): Status DHCP Leases can have incorrect index for edit action
works Renato Botelho
12:45 PM Todo #7246 (Resolved): Sync up status.php on 2.3.3 with 2.4
works Renato Botelho
11:50 AM Todo #7246 (Feedback): Sync up status.php on 2.3.3 with 2.4
Applied in changeset commit:804f6a165fbb80deac018be43e8d41607fa67594. Jim Pingle
11:01 AM Todo #7246 (Resolved): Sync up status.php on 2.3.3 with 2.4
Since 2.3.3 is likely the last 2.3.x release and people may be running it a while, it would be good to pull in the ch... Jim Pingle
12:34 PM Bug #6751: Route53 DynDNS Problems / Replace Route53 DynDNS Module
If you are going to backport this to 2.3.3 Bug #7206 is also needed. Jason McCormick
11:54 AM Feature #4898 (Resolved): Allow packages to request syslogd socket to be created inside chroot
works (haproxy for instance) Renato Botelho
11:47 AM Bug #6916 (Resolved): interfaces_vlan.php: Clicking on "Cancel" deletes VLAN
works Renato Botelho
11:47 AM Feature #7248 (New): Web UI for IPSec settings should warn about poor security choices
I've spent several days getting my VPN working and learned a lot in the process.
I've made a little patch here:
h... Sean McBride
11:46 AM Bug #7120 (Resolved): Wrong file permissions on /var/tmp and missing sticky bit when using /var as RAM disk
really fixed now! Renato Botelho
11:45 AM Bug #7164 (Resolved): NTP page allows adding more time server rows than it saves to the configuration
works Renato Botelho
11:44 AM Bug #7173 (Resolved): [2.3.3+] Interface groups with a '-' (dash) in name are not handled correctly, breaking firewall rules
works Renato Botelho
11:33 AM Bug #5993 (New): dhcp6c not started until an RA received
Not finished yet Renato Botelho
11:33 AM pfSense Packages Bug #7247: Update net/ntopng to 2.4.2017.01.20
Well it the update doesn't fix those, you should submit them upstream (or at least FreeBSD bugzilla). Kill Bill
11:26 AM pfSense Packages Bug #7247: Update net/ntopng to 2.4.2017.01.20
I have 3 recent coredumps saved - are these of any use to anyone for debugging or should I toss them? → luckman212
11:24 AM pfSense Packages Bug #7247 (Closed): Update net/ntopng to 2.4.2017.01.20
Attempting to fix the never ending core dumps with the current version. (Happens pretty much on any restart.) Kill Bill
11:14 AM Feature #6753 (Resolved): Interfaces list order not consistent
Commit reverted. Jim Pingle
10:59 AM Feature #6753: Interfaces list order not consistent
I'll take this, looks like maybe the consistency doesn't weigh up against the inconvenience of the menu being unsorte... Jim Pingle
10:26 AM Feature #6753 (Assigned): Interfaces list order not consistent
Jim Pingle
11:05 AM Feature #1189: Gateway: Multiple monitor ips
Don't have a solution (yet) but FYI in case some people are watching this ticket and not the others/forums, I did cre... → luckman212
10:53 AM Feature #1189: Gateway: Multiple monitor ips
I would also like to see this as a feature. This one has been open for a while now, and many of the hardware solution... John Banks
10:57 AM Bug #6915: unbound logging not working after reboot or "Reset log files"
Yep, that's better, thanks! Jim Pingle
10:48 AM Bug #6915: unbound logging not working after reboot or "Reset log files"
This one shows up under "pfSense packages". Maybe because the category is set to "Unbound".
Other "modern" unbound i... Phillip Davis
10:41 AM Feature #6786 (Resolved): Sortable Description Captive Portal MACs list
Jim Pingle
10:41 AM Feature #7159 (Resolved): Auto correct checksum and missing special characters for NTP GPS initialization commands.
Jim Pingle
10:39 AM Bug #6064 (Resolved): non-fully qualified hostnames included in hosts file and Unbound local-data
Jim Pingle
10:39 AM Feature #6914 (Resolved): unbound access-control lists
Jim Pingle
10:27 AM Bug #6227 (Resolved): LAGG MTU not set correctly when it has child QinQ interfaces
Jim Pingle
10:24 AM Bug #7180 (Resolved): Disabled OpenVPN clients are not shaded in the gui
Jim Pingle
10:21 AM Bug #6609 (Resolved): OpenVPN Radius auth doesn't send NAS attributes and is not consistent with how strongSwan does it
Jim Pingle
10:20 AM Bug #7157 (Feedback): Traffic graphs cause the tab to crash when run in the background
Applied in changeset commit:7790e0dfaee5f4f1707a8bb6c6e8abf03b2001c2. Renato Botelho
02:37 AM Feature #7245 (Resolved): NTP widget shows client time instead of server time
The javascript nonsense dating back to Windows 9x/IE5 days actually shows local time on the client, severely confusin... Kill Bill
12:51 AM Bug #7219 (Feedback): vlan(4) interfaces do not have ALTQ support on pfSense 2.4, they had ALTQ support on 2.3
Should work now: https://github.com/pfsense/FreeBSD-src/commit/5c1daa5ea1098b67d4c331d5e21b39178d616031 Luiz Souza
12:35 AM Feature #7244 (New): Publish pfsense as a Vagrant Basebox
Hello pfsense!
The pfsense project should make it easy to provision pfsense by publishing an official pfsense vagr... Joel Whitehouse

02/09/2017

05:10 PM Feature #7242: SSL Include CA Certs
Chris Linstruth wrote:
> Or are you talking about installing a CA in pfSense so connections *it* makes outbound can ... NOYB NOYB
04:38 PM Feature #7242: SSL Include CA Certs
Or are you talking about installing a CA in pfSense so connections *it* makes outbound can be trusted/verified when c... Chris Linstruth
04:35 PM Feature #7242: SSL Include CA Certs
This looks like another redmine that should be a forum post.
Sending the self-signed CA along with the certificate... Chris Linstruth
04:20 PM Feature #7242: SSL Include CA Certs
Kill Bill wrote:
> Apparently we have a language problem here, so perhaps let's try again in a more simple way: WTH ... NOYB NOYB
03:59 PM Feature #7242: SSL Include CA Certs
Apparently we have a language problem here, so perhaps let's try again in a more simple way: WTH is "included in SSL"... Kill Bill
03:46 PM Feature #7242: SSL Include CA Certs
Kill Bill wrote:
> Am I the only one who cannot make sense of the request? No, self-signed certs will never be seaml... NOYB NOYB
05:32 AM Feature #7242: SSL Include CA Certs
Am I the only one who cannot make sense of the request? No, self-signed certs will never be seamless with browsers, o... Kill Bill
05:20 AM Feature #7242 (Duplicate): SSL Include CA Certs
Option to have an internal or imported CA (such as an imported self-signed CA) included in SSL for verify peer for do... NOYB NOYB
02:15 PM Feature #4821: PPPoE WANs do not take full advantage of NIC driver queues for receiving traffic
Hi Jim, just wondering if this is still something that might make it into pfSense 2.4.0? I would love to use the maxi... Chris Allen
10:48 AM Bug #7232 (Feedback): haproxy_pool_edit.php -- sprintf() too few arguments
Fixed in 0.52_5 Renato Botelho
06:35 AM pfSense Packages Bug #1620: Can't use transparent proxy when using bridge.
Steve Wheeler wrote:
> I ran some tests with this and was unable to make it work. Adding 'route-to lo0' to the pass ... Kill Bill
06:05 AM Bug #7243 (Not a Bug): Openvpn route only first network in IPv4 Remote network(s) to local net
Openvpn Peer to Peer (ssl\tls) 2 client connection
Openvpn route only first network in server openvpn IPv4 Remote ne... Ivan Pavlov
05:10 AM Bug #7209: Something is seriously wrong with firewall aliases
2.4-latest as of today, fresh install - confirmed NOT fixed. Just as I already said in one of my prev posts
>And I d... Dmitry Kernel
04:40 AM Bug #7241 (Not a Bug): OpenVPN CSC Tunnel Network not accepting net30 addresses
I'm migrating a client to pfSense, and they have an OpenVPN server which still uses net30 topology, with some client-... Jernej Simončič
04:31 AM Bug #7116: a floating 'match' rule on LAN does not put traffic from a broswer on a clientpc into a shaper queue
Pi Ba wrote:
> Without quick it didn't work either. Only changing it to 'pass' made it work.
I'm seeing the same ... Greg Siemon
02:44 AM pfSense Packages Feature #7221: ACME package : add standalone mode & specify port used
Having the package automatically open/close ports 80 and 443 when issuing/renewing certificates would be great. I don... Mathieu Arnold
02:04 AM Bug #7167: Error creating higher VLAN ID on SG-1000
It did not help.
Ok. I restored uFw settings on factory. Assigned VLAN 11 on cpsw0 and chose it as WAN
I can see ... Constantine Kormashev
01:22 AM Bug #7240: OpenVPN Client bug

Time Process PID Message
Feb 9 17:15:10 openvpn 40490 Initialization Sequence Completed
Feb 9 17:15:10 openvpn 40... Zart Zurt
01:17 AM Bug #7240 (Not a Bug): OpenVPN Client bug
Latest snapshot has led to the following log entry and failure to utilise the OpenVPN gateway:
Feb 9 17:13:24 open... Zart Zurt
01:18 AM Feature #7239: DNS Resolver enable reverse dns override for single host
mehh, probably invalid.
Creating a host override already creates a pointer entry as well.
eg /var/unbound/host... David McNeill

02/08/2017

11:56 PM Feature #7239 (Rejected): DNS Resolver enable reverse dns override for single host
DNS resolver only allows individual host overrides for forward lookups, not reverse.
Use case: (sloppy) ISP doesn'... David McNeill
10:32 PM Bug #7238 (New): Menu layout broken when using "Hostname in Menu" with long hostnames
It is good to have the hostname in the menu for quickly identifying the gateways, however almost all of our hostnames... Daniel Subert
10:24 PM pfSense Packages Bug #7190: pfSense-pkg-acme Bug - php errors on pages that list certificates when no LE Certs have been created yet (eg Cert. Manager - Certificates, OpenVPN - Servers)
Jim Pingle wrote:
> PR was merged
Confirm fixed. Greg Siemon
04:28 PM Bug #7202: "Warning: sprintf(): Too few arguments in /usr/local/www/classes/Form/Group.class.php on line 65 Call Stack:
I navigated in almost all screens previously affected and can confirm everything is fixed with the pages previously a... Helio Tadao Goto
08:17 AM Bug #7202: "Warning: sprintf(): Too few arguments in /usr/local/www/classes/Form/Group.class.php on line 65 Call Stack:
This problem has now been fixed in a more generic within the Form classes so there should be no other cases, with or ... Anonymous
07:46 AM Bug #7202: "Warning: sprintf(): Too few arguments in /usr/local/www/classes/Form/Group.class.php on line 65 Call Stack:
Fixed embedded '%' in squidguard.inc Anonymous
05:36 AM Bug #7202: "Warning: sprintf(): Too few arguments in /usr/local/www/classes/Form/Group.class.php on line 65 Call Stack:
This problem remains with SquidGuard, in several tabs, like this in
Services > SquidGuard Proxy Filter > Common AC... Helio Tadao Goto
03:35 PM Bug #6406: Web process becomes unresponsive producing 502 Bad Gateway nginx
I've seen this symptom frequently with pfBlockerNG and large lists. I also don't run the IPsec widget.
The comm... John Silva
12:05 PM Bug #6406: Web process becomes unresponsive producing 502 Bad Gateway nginx
Just Restarted PHP-FPM on a system with the following (no pfblocker installed):
* System Information
* Traffic Gr... Alex Vergilis
11:56 AM Bug #6406: Web process becomes unresponsive producing 502 Bad Gateway nginx
Jim Pingle wrote:
> Which dashboard widgets do you have visible?
Right now I have the following widgets open:
* ... Bryan Fehl
11:52 AM Bug #6406: Web process becomes unresponsive producing 502 Bad Gateway nginx
Bryan Fehl wrote:
> I just ran into this myself. Strangely, this issue causes all clients who try to connect with O... Jim Pingle
11:48 AM Bug #6406: Web process becomes unresponsive producing 502 Bad Gateway nginx
Steve Beaver wrote:
> Sorry to re-hash this, but since it has just been assigned to me I need an update.
>
> Some... Bryan Fehl
02:35 PM pfSense Packages Feature #7221 (Feedback): ACME package : add standalone mode & specify port used
Added standalone HTTP and TLS options with configurable port.
A bind address isn't going to be viable at the momen... Jim Pingle
01:50 PM pfSense Packages Bug #7218 (Feedback): acme_inc.sh hard codes 'HMAC-MD5.SIG-ALG.REG.INT' for nsupdate key types
Fixed in ACME 0.1.11 which was just pushed, you can now choose the key type and algorithm. Jim Pingle
12:43 PM Bug #7209: Something is seriously wrong with firewall aliases
No, I haven't tried it on 2.4 yet, however I digged into sources on 2.3.2_p1 and reproduced it step-by-step while col... Dmitry Kernel
10:52 AM Bug #7209: Something is seriously wrong with firewall aliases
Did you try it on 2.4 as requested?
Either you are leaving out a config state/step or it's not an issue we can rep... Jim Pingle
10:30 AM Bug #7209: Something is seriously wrong with firewall aliases
What? Rejected based on _assumptions_ that it _possibly_ just me screwed up something on my instance or that it _poss... Dmitry Kernel
12:38 PM pfSense Packages Bug #7236: ACME - DNS-NSupdate badly misformatted GUI
Whole lot better indeed. ;)
!https://i.imgsafe.org/b65eeb532c.png! Kill Bill
11:24 AM pfSense Packages Bug #7236 (Feedback): ACME - DNS-NSupdate badly misformatted GUI
Finally figured it out, fix is coming in 0.1.10 that I just pushed. Also made the box take up the whole width. Jim Pingle
09:45 AM pfSense Packages Bug #7236: ACME - DNS-NSupdate badly misformatted GUI
That would be a better fit for a separate bug report. This formatting issue is enough of a PITA on its own. Jim Pingle
09:44 AM pfSense Packages Bug #7236: ACME - DNS-NSupdate badly misformatted GUI
Yeah, I also failed to find any relevant code fix. LOL.
Also, the first row in the "Table" does not autoexpand the... Kill Bill
09:39 AM pfSense Packages Bug #7236 (Confirmed): ACME - DNS-NSupdate badly misformatted GUI
I've been looking at that but not having any luck so far. The code, by all appearances, should be taking up the whole... Jim Pingle
09:33 AM pfSense Packages Bug #7236 (Resolved): ACME - DNS-NSupdate badly misformatted GUI
This one's so bad that I have no clue what to enter where.
!https://i.imgsafe.org/b3aab299c4.png! Kill Bill
11:46 AM pfSense Packages Bug #7237: ACME - first table row on certs tab does not autoexpand the fields
Well yeah, the thing is not exactly simple readable code :D Being hidden wouldn't really be much of an issue if peopl... Kill Bill
11:36 AM pfSense Packages Bug #7237 (Confirmed): ACME - first table row on certs tab does not autoexpand the fields
The input validation does need work but it's going to be rather complex to pull off. That should probably be a separa... Jim Pingle
11:23 AM pfSense Packages Bug #7237: ACME - first table row on certs tab does not autoexpand the fields
Also, apparently there's lack of input validation here (i.e., at least those fields should be required so that people... Kill Bill
09:51 AM pfSense Packages Bug #7237 (Resolved): ACME - first table row on certs tab does not autoexpand the fields
In the Domain SAN list, the first row in the table does not auto-expand the fields with required settings. See screen... Kill Bill
07:38 AM pfSense Packages Bug #6690: SURICATA IPS Issue - Kills VLANS & Traffic Shaper
Kill Bill wrote:
> There's already #6023 for netmap + shaping.
"Shaping" is a hack that shouldn't have happened. Jim Thompson
07:37 AM pfSense Packages Bug #6690: SURICATA IPS Issue - Kills VLANS & Traffic Shaper
Steven Kreitzer wrote:
> Sandeep K V wrote:
> > Hi Steven Kreitzer and Jim Thompson isn't this the expected way the... Jim Thompson
05:41 AM pfSense Packages Bug #6690: SURICATA IPS Issue - Kills VLANS & Traffic Shaper
In general, I'd say people who wish to use Snort/Suricata as IPS should look into divert sockets instead. The netmap ... Kill Bill
04:05 AM Bug #7164: NTP page allows adding more time server rows than it saves to the configuration
Build 2.4.0.b.20170207.2344
Test:
* Under Services -> NTP
* Attempt to add 11 server addresses
Result: Er... James Snell
04:05 AM Bug #7226 (Resolved): Package installation message is incomplete
Renato Botelho
03:54 AM Bug #7226: Package installation message is incomplete
Build 2.4.0.b.20170207.2344
Test actions:
* Install tftpd
* Remove tftpd
The status displays the packag... James Snell
03:59 AM pfSense Packages Bug #7229: Package Manager Update "Suricata" failed
Actually i copied the failure message from the one i've found in pfsense forum, but mine was very similar. Problem is... E P
03:44 AM Bug #7167: Error creating higher VLAN ID on SG-1000
Just to be sure, did you put a firewall pass rule onto the interface that is the VLAN? It will need that in order to ... Phillip Davis
03:40 AM Bug #7167: Error creating higher VLAN ID on SG-1000

I have updated to ... Constantine Kormashev
03:10 AM Bug #7233 (Feedback): Status DHCP Leases can have incorrect index for edit action
Applied in changeset commit:2ea70e1a474fd871a007c76841f2a33f34082c58. Phillip Davis
01:47 AM Bug #7235 (New): 4860 has not got significant IPsec performance rising with enabled HW acceleration
During IPsec performance tests on 4860 I did not observe significant IPsec performance increasing if HW acceleration ... Constantine Kormashev
01:24 AM Bug #7234 (Closed): ntpd overload during IPsec session without HW acceleration
During performance test 2440 I noticed quite strange behavior of ntpd. One overloads CPU core during IPsec session if... Constantine Kormashev

02/07/2017

10:29 PM Bug #7233: Status DHCP Leases can have incorrect index for edit action
PR https://github.com/pfsense/pfsense/pull/3506 will let people delete an empty entry, if they get one somehow. Phillip Davis
10:13 PM Bug #7233: Status DHCP Leases can have incorrect index for edit action
Pull Request https://github.com/pfsense/pfsense/pull/3505 to make sure the index counter in status_dhcp_leases keeps ... Phillip Davis
10:07 PM Bug #7233 (Resolved): Status DHCP Leases can have incorrect index for edit action
Forum: https://forum.pfsense.org/index.php?topic=125180.0
In the past, somehow (and I have seen it on systems of m... Phillip Davis
08:34 PM Bug #7230 (Resolved): wizard.php - update_config_field() uses eval to set a value in a way that allows variable protections to be bypassed
Fixed Jim Pingle
01:40 PM Bug #7230 (Feedback): wizard.php - update_config_field() uses eval to set a value in a way that allows variable protections to be bypassed
Applied in changeset commit:5baea4da88fd6c093582d9c3e9b67cce5d6a1013. Jim Pingle
01:29 PM Bug #7230 (Resolved): wizard.php - update_config_field() uses eval to set a value in a way that allows variable protections to be bypassed
update_config_field() in wizard.php needs to use eval to construct a variable name that is several array levels deep.... Jim Pingle
08:31 PM Bug #7227 (Resolved): pkg.php - "pkg_filter" is not encoded before output
Fixed Jim Pingle
10:50 AM Bug #7227 (Feedback): pkg.php - "pkg_filter" is not encoded before output
Applied in changeset commit:6ac61204bc9e4cff54c818ecc71d20d2626a02e1. Jim Pingle
10:45 AM Bug #7227 (Resolved): pkg.php - "pkg_filter" is not encoded before output
On pkg.php "pkg_filter" is not encoded before output - It requires a package use pkg.php and that it has include_filt... Jim Pingle
08:26 PM Bug #7228 (Resolved): easyrule.php: Use of GET allows rule to be added without CSRF protection
Fixed Jim Pingle
12:40 PM Bug #7228 (Feedback): easyrule.php: Use of GET allows rule to be added without CSRF protection
Applied in changeset commit:0f026089f65d92328d680443de5f9a90af50115c. Jim Pingle
12:34 PM Bug #7228 (Resolved): easyrule.php: Use of GET allows rule to be added without CSRF protection
easyrule.php allows parameters passed by GET without a confirmation step, which makes it possible to add firewall rul... Jim Pingle
08:26 PM Bug #7225 (Resolved): pkg_mgr_install.php "from" and "to" parameters are not validated or encoded before output
Fixed Jim Pingle
10:20 AM Bug #7225 (Feedback): pkg_mgr_install.php "from" and "to" parameters are not validated or encoded before output
Applied in changeset commit:2c06742d784cb7ec85151327fd753536d98fbcc1. Jim Pingle
10:14 AM Bug #7225 (Resolved): pkg_mgr_install.php "from" and "to" parameters are not validated or encoded before output
The "from" and "to" parameters on pkg_mgr_install.php need htmlspecialchars() before output or they can be used as an... Jim Pingle
07:02 PM pfSense Packages Bug #7190 (Feedback): pfSense-pkg-acme Bug - php errors on pages that list certificates when no LE Certs have been created yet (eg Cert. Manager - Certificates, OpenVPN - Servers)
PR was merged Jim Pingle
07:01 PM Feature #7193 (Feedback): NTP process PGRMF
PR merged Jim Pingle
05:54 PM Bug #7222: Encryption No Longer Enforced for Email Notifications
Kill Bill wrote:
> NOYB NOYB wrote:
> > My guess is pear Mail will never be patched to fix this STRIPTLS security h... NOYB NOYB
05:14 PM Bug #7222: Encryption No Longer Enforced for Email Notifications
NOYB NOYB wrote:
> My guess is pear Mail will never be patched to fix this STRIPTLS security hole.
Well, certain... Kill Bill
04:22 PM Bug #7222: Encryption No Longer Enforced for Email Notifications
Jim Pingle wrote:
> Lobby to the PEAR crew to import the patch and we'll add support once it's in there. We have mai... NOYB NOYB
03:51 PM Bug #7222 (Needs Patch): Encryption No Longer Enforced for Email Notifications
Lobby to the PEAR crew to import the patch and we'll add support once it's in there. We have maintained a lot of cust... Jim Pingle
03:43 PM Bug #7222: Encryption No Longer Enforced for Email Notifications
Kill Bill wrote:
> Well, I'd hazard to say because it's just another thing to maintain with pretty much no gain? Wan... NOYB NOYB
03:04 PM Bug #7222: Encryption No Longer Enforced for Email Notifications
Well, I'd hazard to say because it's just another thing to maintain with pretty much no gain? Want to be sure TLS is ... Kill Bill
02:58 PM Bug #7222: Encryption No Longer Enforced for Email Notifications
Why can't pfSense customization be made to the pear Mail package, like is done for some others packages, to add the r... NOYB NOYB
07:46 AM Bug #7222: Encryption No Longer Enforced for Email Notifications
We switched over to the Pear Mail package and at the moment I'm not seeing any equivalent option in their code. It wo... Jim Pingle
05:10 AM Bug #7222: Encryption No Longer Enforced for Email Notifications
That wasn't worded very well. Strike that first sentence. This has nothing to do with the "Enable SMTP over SSL/TLS... NOYB NOYB
01:51 AM Bug #7222 (Needs Patch): Encryption No Longer Enforced for Email Notifications
The "Enable SMTP over SSL/TLS" option does not enforce the use of encryption.
Previous versions also had "Enable S... NOYB NOYB
04:31 PM Feature #2358: NAT64 support
Would like to see support for NAT64/DNS64 in pfsense. Deployment of DNS64 outside of the gateway is somewhat convolu... Joel Whitehouse
04:15 PM pfSense Packages Bug #7223: IPv4 Rules not working in Inline Mode
That's very interesting to know that we are having similar issues Joe!
I hope that either this can be resolved or ... James Webb
03:57 PM pfSense Packages Bug #7223: IPv4 Rules not working in Inline Mode
James Webb wrote:
> James Webb wrote:
> > Kill Bill wrote:
> > > Your own IP as in something from HOME_NET? Not ex... Joe Cordon
01:56 PM pfSense Packages Bug #7223: IPv4 Rules not working in Inline Mode
James Webb wrote:
> Kill Bill wrote:
> > Your own IP as in something from HOME_NET? Not exactly useful test either.... James Webb
07:56 AM pfSense Packages Bug #7223: IPv4 Rules not working in Inline Mode
Kill Bill wrote:
> Your own IP as in something from HOME_NET? Not exactly useful test either. In general, taking sim... James Webb
07:52 AM pfSense Packages Bug #7223: IPv4 Rules not working in Inline Mode
Your own IP as in something from HOME_NET? Not exactly useful test either. In general, taking similar things to the f... Kill Bill
07:47 AM pfSense Packages Bug #7223: IPv4 Rules not working in Inline Mode
Kill Bill wrote:
> Just to be clear here - If you are looking at the Blocks tab, that is NOT the place to look at wi... James Webb
07:37 AM pfSense Packages Bug #7223: IPv4 Rules not working in Inline Mode
Just to be clear here - If you are looking at the Blocks tab, that is NOT the place to look at with the inline mode.
 Kill Bill
07:00 AM pfSense Packages Bug #7223 (Resolved): IPv4 Rules not working in Inline Mode
After adding the following rule to custom.rules:
@drop ip [108.74.97.21, 82.132.247.191] any <> $HOME_NET any (msg... James Webb
04:07 PM pfSense Packages Bug #7229: Package Manager Update "Suricata" failed
There is no such code in Suricata package. This is pkg(7) bug. Remove and reinstall the package. Kill Bill
12:57 PM pfSense Packages Bug #7229 (Duplicate): Package Manager Update "Suricata" failed
Error message while updating suricata to 3.1.2_2
Also happened from 3.0_7 to 3.0_8 (reported on pfsense forum: [[h... E P
03:48 PM Bug #7232 (Resolved): haproxy_pool_edit.php -- sprintf() too few arguments
https://github.com/pfsense/FreeBSD-ports/blob/devel/net/pfSense-pkg-haproxy/files/usr/local/www/haproxy/haproxy_pool_... kevin crawley
03:35 PM Bug #7231: Web UI does not properly remove priq shaping rules when deleting an interface which causes subsequent rule failures without warning in the UI
I think this was accidentally posted in the pkg's section. Could someone move it to the proper area of pfSense? John Barfield
03:32 PM Bug #7231 (Resolved): Web UI does not properly remove priq shaping rules when deleting an interface which causes subsequent rule failures without warning in the UI
Reproduce:
1. Provision pfSense 2.3.2 with 1 WAN and multiple LAN's.
2. Configure priq traffic shaper to limit... John Barfield
02:45 PM Bug #7209 (Rejected): Something is seriously wrong with firewall aliases
I can't reproduce this, it's possible it's a side effect of something else in your configuration. Even on 2.3.2_1 eve... Jim Pingle
11:23 AM Bug #3681: Email notifications don't work with IPv6-only SMTP servers
@smtp.inc@ is gone from 2.4, it's using pear-Net_SMTP and other pear stuff. This bug is not really relevant any more. Kill Bill
09:49 AM Bug #3681: Email notifications don't work with IPv6-only SMTP servers
Maybe this could help? (Although it's in norweign, the code itself is pretty easy and simple)
http://www.webforumet.... Marcel Hellwig
11:00 AM Bug #7226 (Feedback): Package installation message is incomplete
Applied in changeset commit:d12bc864ceb5d656fc094bde7cf5ec96e24bdde9. Phillip Davis
10:43 AM Bug #7226: Package installation message is incomplete
See PR https://github.com/pfsense/pfsense/pull/3503 Phillip Davis
10:23 AM Bug #7226: Package installation message is incomplete
I noticed this on 2.4-BETA, and tried 2.3.3-DEVELOPMENT and 2.3.2-p1 and they all do this.
I suspect this is due t... Phillip Davis
10:19 AM Bug #7226 (Resolved): Package installation message is incomplete
Install, reinstall or delete a package. At successful end of the action a message is given in the GUI like:
'pfSen... Phillip Davis
10:07 AM Feature #7224: Abandon rate in favor of iftop
While it would be nice, the output from iftop is not printed in a way that would be easy to parse programmatically.
... Jim Pingle
09:45 AM Feature #7224 (Duplicate): Abandon rate in favor of iftop
Due to the lack of ipv6 functionality in rate and also it's development state (not developed since 2011, please corre... Marcel Hellwig
07:54 AM Bug #7202: "Warning: sprintf(): Too few arguments in /usr/local/www/classes/Form/Group.class.php on line 65 Call Stack:
Installed build 2.4.0.b.20170207-1441 and same errors appears in
* Services > Squid Proxy Server
* Services > Squ... Helio Tadao Goto
07:44 AM Feature #7199: SG-1000 cpsw nics don't support ALTQ
It loads shaper rules without error, I see traffic in queues. I pushed a commit to is_altq_capable() in interfaces.in... Jim Pingle
05:36 AM Bug #7206 (Feedback): Authentication Method Used in Bug 6751 Removed by Amazon
PR has been merged, thanks! Renato Botelho

02/06/2017

05:59 PM pfSense Packages Bug #7211: DNS Made Easy ACME script not parsing domain IDs properly
I tried applying that patch to the script on my pfSense install, and the ACME challenge process worked just fine afte... Chris Gelatt
04:34 PM pfSense Packages Feature #7221: ACME package : add standalone mode & specify port used
In acme.sh there are several options:
*Standalone mode:*
@acme.sh --issue -d aa.com --standalone --httpport 8... Frederic Lietart
04:30 PM pfSense Packages Feature #7221 (Resolved): ACME package : add standalone mode & specify port used
Added the standalone mode, to be able to specify port used for the challenge and the possibility to automatically ope... Frederic Lietart
03:27 PM Bug #6937: Inbound traffic on enc0 is not creating a state with mobile IPsec
No change on the latest snap built after that commit. Jim Pingle
02:07 PM Bug #6937 (Feedback): Inbound traffic on enc0 is not creating a state with mobile IPsec
Jimp, can you check the latest build ?
Relevant commit: https://github.com/pfsense/FreeBSD-src/commit/5d8a65f506d8... Luiz Souza
02:04 PM Feature #7199 (Feedback): SG-1000 cpsw nics don't support ALTQ
Should work now: https://github.com/pfsense/FreeBSD-src/commit/b95dbdb097fd2d5b148098bcc68e1f57b7dab544 Luiz Souza
01:58 PM pfSense Packages Bug #7205 (Feedback): ACME package ignores DNS-Manual method, defaults to http-01
Fixed in acme pkg version 0.1.8 which will be available shortly Jim Pingle
01:25 PM pfSense Packages Bug #7208 (Feedback): ACME ftpwebroot doesn't work
Pushed a fix for this in acme pkg version 0.1.7, will be available shortly. Jim Pingle
08:37 AM Bug #7202: "Warning: sprintf(): Too few arguments in /usr/local/www/classes/Form/Group.class.php on line 65 Call Stack:
* System > Advanced > Firewall & NAT
* Services > DNS Resolver > Advanced
Tested, no PHP errors displayed in b... James Snell
08:21 AM Feature #7182: Break up System Widget on the Dashboard
Stage1 done - PR 3456 has been merged. So users can cut down the amount of content in the existing widget.
Now to th... Phillip Davis
08:14 AM Bug #7219 (Confirmed): vlan(4) interfaces do not have ALTQ support on pfSense 2.4, they had ALTQ support on 2.3
The problem, as stated, was incorrect. It's a problem with vlan(4) ALTQ support in general, not specific to any hardw... Jim Pingle
03:40 AM Bug #7219: vlan(4) interfaces do not have ALTQ support on pfSense 2.4, they had ALTQ support on 2.3
What version of pfSense - 2.3.2-p1, 2.3.3-DEVELOPMENT or 2.4-BETA? Phillip Davis
03:10 AM Bug #7219 (Resolved): vlan(4) interfaces do not have ALTQ support on pfSense 2.4, they had ALTQ support on 2.3
Adding a VLAN interface on the Traffic Shaper doesn't work.
rc.filter_configure_sync: New alert found: There were... Zart Zurt
07:34 AM pfSense Packages Feature #7220: ACME client port and service config
Jim Pingle wrote:
> That's a security limitation of Let's Encrypt. Nothing we can do about it.
>
> https://commun... Cristian Menghi
07:32 AM pfSense Packages Feature #7220 (Rejected): ACME client port and service config
That's a security limitation of Let's Encrypt. Nothing we can do about it.
https://community.letsencrypt.org/t/let... Jim Pingle
07:20 AM pfSense Packages Feature #7220 (Rejected): ACME client port and service config
Hi, any way to configure a port of the http server, i dont use 80 or 443 and is not possible to active letsencrypt. Cristian Menghi
07:31 AM pfSense Packages Bug #1620: Can't use transparent proxy when using bridge.
I ran some tests with this and was unable to make it work. Adding 'route-to lo0' to the pass rule did not allow this ... Steve Wheeler
06:43 AM pfSense Packages Bug #7218 (Confirmed): acme_inc.sh hard codes 'HMAC-MD5.SIG-ALG.REG.INT' for nsupdate key types
There are several assumptions that had to be made there for the time being to get it working in a basic fashion (key ... Jim Pingle
04:55 AM pfSense Packages Bug #7197 (Resolved): Freeradius ldap authentication failed after update 1.7.5 to 1.7.6
Renato Botelho
12:34 AM Bug #7167 (Feedback): Error creating higher VLAN ID on SG-1000
Fixed in the latest snapshot. Luiz Souza
12:31 AM Bug #7166: During bandwidth test 4860 with 2.4 got Fatal trap 12: page fault while in kernel mode
This may be the tradeoff of the fix, in reality won't disable the multiple queues but only one is going to be used an... Luiz Souza
12:11 AM Bug #6257 (Resolved): Kernel panic with ALTQ
Fixed in 2.4. Luiz Souza

02/05/2017

11:49 PM pfSense Packages Bug #7218: acme_inc.sh hard codes 'HMAC-MD5.SIG-ALG.REG.INT' for nsupdate key types
The file is acme_sh.inc not acme_inc.sh. Anonymous
11:47 PM pfSense Packages Bug #7218 (Resolved): acme_inc.sh hard codes 'HMAC-MD5.SIG-ALG.REG.INT' for nsupdate key types
'HMAC-MD5.SIG-ALG.REG.INT' is hardcoded in acme_inc.sh so that is the only type of key that can be used for dns-nsupd... Anonymous
07:45 PM Bug #7202: "Warning: sprintf(): Too few arguments in /usr/local/www/classes/Form/Group.class.php on line 65 Call Stack:
Got it. Thanks. Anonymous
07:28 PM Bug #7202: "Warning: sprintf(): Too few arguments in /usr/local/www/classes/Form/Group.class.php on line 65 Call Stack:
I just did a click through every page that my device has and found one more for which I couldn't find an existing rep... Jakub Osika
06:55 PM Bug #7202: "Warning: sprintf(): Too few arguments in /usr/local/www/classes/Form/Group.class.php on line 65 Call Stack:
System -> Advanced -> Firewall & NAT has already been fixes and will be in the next snap
The two Squid warnings were... Anonymous
06:23 PM Bug #7202: "Warning: sprintf(): Too few arguments in /usr/local/www/classes/Form/Group.class.php on line 65 Call Stack:
SG-1000
2.4.0.b.20170204.2301
I was getting this issue on the Status Page. Can confirm that it is now resolved.
... Jakub Osika
02:09 PM pfSense Packages Feature #7217 (Rejected): x hrs per day total
That isn't possible in pf. If you need time quotas, you'll have to use something that can hook into RADIUS for accoun... Jim Pingle
02:06 PM pfSense Packages Feature #7217 (Rejected): x hrs per day total
Currently there is a schedule feature in pfsense, where you can allow an IP from 4pm to 5:59pm for example, Mo-Su
... Marcel Beerli
11:39 AM Bug #7214: OpenVPN dh parameters above 4096 are not in /etc/
Duplicate of Bug #6962 and fixed in 2.4 as noted above. Move on. Kill Bill
11:11 AM Bug #7214: OpenVPN dh parameters above 4096 are not in /etc/
Sorry if I wasn't clear, and this very well could have been fixed already in 2.4.
The main issue on 2.3 is not tha... Anonymous
09:28 AM Bug #7149: igb driver queue related crashes
After completely removing the queues entry in loader.conf.local and more than 5 days uptime, I think this issue is re... Anonymous
09:23 AM pfSense Packages Bug #6511: In some circumstances the HAProxy clone front-end button can add blank list entries to the front end being cloned resulting in a config that cannot be applied.
Works fine here with pfSense-pkg-haproxy-0.52_4. Kill Bill
08:18 AM pfSense Packages Bug #7215 (Not a Bug): ACME challenge fails
Jim Pingle
05:49 AM pfSense Packages Bug #7215: ACME challenge fails
This is not a bug. The webroot method assumes you have a webserver already running. It won't run any webserver on its... Kill Bill
03:57 AM pfSense Packages Bug #7215 (Not a Bug): ACME challenge fails
ACME challenge fails for "webroot local folder" method because no web server is listening on HTTP 80.
Setup:
1. p... Dmitriy K
07:15 AM pfSense Packages Bug #7211: DNS Made Easy ACME script not parsing domain IDs properly
Has been fixed upstream for a while:
https://github.com/Neilpang/acme.sh/commit/3cf85634ebb955ecee7616e88f4e1cef4458... Martin Lathoud
07:11 AM Feature #7216: Allow user to choose date display format
Comments please, if there is more/different flexibility that would be useful. Phillip Davis
07:10 AM Feature #7216 (New): Allow user to choose date display format
In various places dates and times are displayed, e.g. rule creation and update date/time stamp.
It would be nice if ... Phillip Davis

02/04/2017

08:54 PM Bug #7214 (Not a Bug): OpenVPN dh parameters above 4096 are not in /etc/
You have to make them yourself if you want to use the larger ones.
Non-existing entries are hidden on 3.Here is wh... Jim Pingle
08:17 PM Bug #7214 (Not a Bug): OpenVPN dh parameters above 4096 are not in /etc/
In 2.3.2 (didn't check earlier versions) there is an option to select the dh parameter length when configuring a new ... Anonymous
07:13 PM Bug #7213 (Resolved): Hyper-V install, no disk found
*Issue:* When installing 2.4 on Hyper-V 2012R2 Gen1 VM, the installer does not see any drives.
*Workaround:* From ... Dustin Dembeck
06:10 PM Bug #7210: Unable to set a Alias with FQDN's for IPv6 networks
I know that it doesn't mean that it is www.google.com, that wasn't the point we are talking about networks here not o... Seyfidin Hamraoui
02:28 PM Bug #7210: Unable to set a Alias with FQDN's for IPv6 networks
Well that's an interesting idea but not exactly valid. If @2a00:1450:401b:803::2004@ is www.google.com, it doesn't me... Kill Bill
10:29 AM Bug #7210: Unable to set a Alias with FQDN's for IPv6 networks
You are right /128 is not reasonable, but /64 would be nice.
Example:
www.google.com AAAA record is 2a00:1450:400... Seyfidin Hamraoui
10:24 AM Bug #7210 (Not a Bug): Unable to set a Alias with FQDN's for IPv6 networks
The hint could maybe be more clear. Network aliases can contain single hosts, and FQDN entries are always assumed to ... Jim Pingle
10:16 AM Bug #7210: Unable to set a Alias with FQDN's for IPv6 networks
And what exactly do you imagine to happen with a thing like www.google.com/128? Yeah, the hint is piece of crap, the ... Kill Bill
09:47 AM Bug #7210: Unable to set a Alias with FQDN's for IPv6 networks
I am using the right place. I want to create a alias for an ipv6 network not for a ipv6 host. It shoud be possible, i... Seyfidin Hamraoui
09:21 AM Bug #7210: Unable to set a Alias with FQDN's for IPv6 networks
1/ The mask is absolutely irrelevant for hostname.
2/ You are using the wrong place to do the job, select 'Hosts' fr... Kill Bill
08:51 AM Bug #7210 (Not a Bug): Unable to set a Alias with FQDN's for IPv6 networks
As soon as a FQDN is entered, the CIDR mask changes to /32, therefore it's impossible to create a alias for IPv6 netw... Seyfidin Hamraoui
04:57 PM Feature #7212 (New): Provide Driver for SG-1000 Crypto Accelerator
As per this thread, there is no FREEBSD driver available for the SG-1000 crypto accelerator:
https://forum.pfsense... Greg Siemon
04:24 PM pfSense Packages Bug #7211 (Resolved): DNS Made Easy ACME script not parsing domain IDs properly
I'm currently running pfSense 2.3.2_1, and I tried the new ACME package (0.1.5) with DNS Made Easy verification. How... Chris Gelatt
02:10 PM Bug #7202: "Warning: sprintf(): Too few arguments in /usr/local/www/classes/Form/Group.class.php on line 65 Call Stack:
Fixed. Thanks for finding those. Embedded '%' that needed to be escaped. Anonymous
01:30 PM Bug #7202: "Warning: sprintf(): Too few arguments in /usr/local/www/classes/Form/Group.class.php on line 65 Call Stack:
Seeing the same issue as Dustin on System > Advanced > Firewall. Tested with 2.4.0.b.20170203.2002. → luckman212
12:20 PM Bug #7206: Authentication Method Used in Bug 6751 Removed by Amazon
Also, wanted to note that the use of v4 signing enables newer regions that didn't support the legacy authentication t... Jason McCormick
12:17 PM Bug #7206: Authentication Method Used in Bug 6751 Removed by Amazon
I've tested changes and created a pull request to resolve this issue: https://github.com/pfsense/pfsense/pull/3473.
... Jason McCormick
11:36 AM Bug #7185: DHCP6c SIGTERM, SIGKILL
Yes, they are both 'hopefully' put to sleep with the changes done in the script patch I sent you and with dhcp6c chan... Martin Wasley
10:21 AM Bug #7185: DHCP6c SIGTERM, SIGKILL
Patch is working well so far!
I think possibly #6944 and #7145 should be merged into this ticket? → luckman212
09:48 AM Bug #6848: Do not create an IPv4/6 gateway for an interface without according IPv4/6 address
Confirmed that affects OpenVPN clients that get assigned interfaces. I am running latest snap 2.4.0.b.20170203.2002. → luckman212
02:44 AM Bug #7187: IPSec IKEv2 additional P2 not written to config
By enabling _Split connections_ on P1 I was able to make it work, and now _statusall_ shows all the routing.
I don... Lorenzo Milesi
02:11 AM Bug #7209 (Rejected): Something is seriously wrong with firewall aliases
pfS version is 2.3.2-p1.
Unbound host overrides used in FW aliases:
- server.home 192.168.201.1
-- nas.home ... Dmitry Kernel

02/03/2017

11:58 PM pfSense Packages Bug #6875 (Not a Bug): dpinger not switching icmp id automatically
Jim Thompson
11:38 PM pfSense Packages Bug #6875: dpinger not switching icmp id automatically
I think the report is erroneous. There should be no state association beyond a single ICMP Echo Request and it's Echo... Denny Page
11:37 PM Bug #6913: install on Hyper-v R2
Broken again.
https://forum.pfsense.org/index.php?topic=124915.0 Kill Bill
09:26 PM pfSense Packages Bug #7208 (Resolved): ACME ftpwebroot doesn't work
Below is the output of trying to use ftpwebroot. I redacted some data. As you can see from the log it doesn't appea... Anonymous
07:45 PM Bug #7207 (Closed): Updates and Package Manager broken when pfSense accessed via SSH port forward
Hello,
i am still setting up my pfSense device, so at this point it is just a client device connected to my netwo... Igor Pruchanskiy
07:27 PM Bug #7206: Authentication Method Used in Bug 6751 Removed by Amazon
Service no longer works in that is receives a signing error even though all details are correct. Jason McCormick
07:19 PM Bug #7206 (Resolved): Authentication Method Used in Bug 6751 Removed by Amazon
It appears that Route53 has stopped working with the AWS3-HTTP authentication method sometime in the last month. This... Jason McCormick
06:00 PM pfSense Packages Bug #7205 (Resolved): ACME package ignores DNS-Manual method, defaults to http-01
My initial run using DNS-Manual as the method failed with the log suggesting DNS was ignored and http-01 was attempte... Tim Gladding
03:21 PM pfSense Packages Feature #7189: Letsencrypt acme sync in HA environment
To confirm, with the latest Let's Encrypt package, you can get by with LE only on the primary node. It can generate t... Jim Pingle
02:29 PM pfSense Packages Bug #7197: Freeradius ldap authentication failed after update 1.7.5 to 1.7.6
Thanks it's work fine Tahar GUEBLI
03:02 AM pfSense Packages Bug #7197 (Feedback): Freeradius ldap authentication failed after update 1.7.5 to 1.7.6
PR has been merged, thanks! Renato Botelho
02:12 PM Feature #7204 (Duplicate): Router Advertisements: Option to not advertise default routes
I'm using a pfSense appliance in a temporary role mainly to enable "proper" IPv6 support on our network, though it wi... Daniel Grace
02:00 PM Feature #6753: Interfaces list order not consistent
+1 for making the interfaces list sorted alphabetically by their DESCRIPTION (NAME) defined in /interfaces.php.
T... robi robi
09:13 AM Feature #6753: Interfaces list order not consistent
The interface order on Interfaces > Assignments is significant for HA purposes but otherwise alphabetical tends to be... Jim Pingle
07:07 AM Feature #6753: Interfaces list order not consistent
Can I protest against this change? I upgraded to 2.4 and so far this is the only change that is really causing me a l... → luckman212
01:54 PM Bug #7203 (Resolved): pkg_mgr_installed.php - visually separate the legend
Some users think that it's related to the last package in the list, instead of being a legend.
https://forum.pfse... Kill Bill
01:11 PM pfSense Packages Bug #7192 (Feedback): ACME package cannot update more than one nsupdate type domain
Fixed by https://github.com/pfsense/FreeBSD-ports/commit/73246541879f9256f4241b2a22dc61e6e31e6bd2 Jim Pingle
12:27 PM pfSense Packages Bug #7192 (Assigned): ACME package cannot update more than one nsupdate type domain
I figured out a way to fix this. It's not pretty but the way the client passes data and processes the api commands do... Jim Pingle
12:34 PM Bug #7202: "Warning: sprintf(): Too few arguments in /usr/local/www/classes/Form/Group.class.php on line 65 Call Stack:
I am seeing a similar error on System -> Advanced -> Firewall & NAT
Warning: sprintf(): Too few arguments in /usr/... Dustin Dembeck
09:10 AM Bug #7202: "Warning: sprintf(): Too few arguments in /usr/local/www/classes/Form/Group.class.php on line 65 Call Stack:
Applied in changeset commit:4b329613ee7bb2dc85dd72035709853b83061a58. Anonymous
08:59 AM Bug #7202: "Warning: sprintf(): Too few arguments in /usr/local/www/classes/Form/Group.class.php on line 65 Call Stack:
Thanks. Looks like there are a few embedded '%' that now need to be escaped, and arguments passed as an array in [ ] ... Anonymous
08:35 AM Bug #7202: "Warning: sprintf(): Too few arguments in /usr/local/www/classes/Form/Group.class.php on line 65 Call Stack:
Just double checked it's not my patch. :) Clean snapshot update shows it. Martin Wasley
08:25 AM Bug #7202: "Warning: sprintf(): Too few arguments in /usr/local/www/classes/Form/Group.class.php on line 65 Call Stack:
Posted by one of my testers after patching one of mine for testing, this is what he posted,
Martin if I goto the e... Martin Wasley
08:23 AM Bug #7202 (Feedback): "Warning: sprintf(): Too few arguments in /usr/local/www/classes/Form/Group.class.php on line 65 Call Stack:
Anonymous
08:18 AM Bug #7202: "Warning: sprintf(): Too few arguments in /usr/local/www/classes/Form/Group.class.php on line 65 Call Stack:
I knew there would be some :) Could you attach the call stack or tell me which page you had selected when this occured? Anonymous
08:10 AM Bug #7202 (Resolved): "Warning: sprintf(): Too few arguments in /usr/local/www/classes/Form/Group.class.php on line 65 Call Stack:
Problem with changes to the setHelp function or calls to it. Martin Wasley
06:11 AM Bug #7200: Diagnostics> DNS Lookup: external links to DNSstuff use wrong parameter
ok, thanks for checking Lorenzo Milesi
06:07 AM Bug #7200: Diagnostics> DNS Lookup: external links to DNSstuff use wrong parameter
I got onto a production 2.3.2-p1 system and yes, it has that bug.
I expect it was fixed for 2.3.3 and 2.4 onwards by... Phillip Davis
05:48 AM Bug #7200: Diagnostics> DNS Lookup: external links to DNSstuff use wrong parameter
With 2.3.2 whatever hostname I query the urls are appended with _Array_. I'll try to setup a testing VM Lorenzo Milesi
05:38 AM Bug #7200: Diagnostics> DNS Lookup: external links to DNSstuff use wrong parameter
I tried on 2.3.3-DEVELOPMENT and 2.4-BETA and cannot reproduce this. If I put a valid name, then it gives me ip=1.2.3... Phillip Davis
03:47 AM Bug #7200 (Closed): Diagnostics> DNS Lookup: external links to DNSstuff use wrong parameter
The two links gets the _ip=_ parameter, but the generated url have _Array_ instead of the actual queried IP address
... Lorenzo Milesi
04:50 AM Feature #7011 (Feedback): Retain vendor MAC address at power up
Fixed by commit:042911d34ab846e7241deeb9fd6469a1460febcf Renato Botelho
04:10 AM Feature #7201 (New): NTP Support multiple GPS reference clocks
PR https://github.com/pfsense/pfsense/pull/3468 Jack Booth
03:44 AM Bug #7183 (Resolved): Interface Groups can be entered with the same name
Renato Botelho
03:36 AM Bug #7183: Interface Groups can be entered with the same name
In 2.4.0-BETA (arm) built on Thu Feb 02 12:37:50 CST 2017
Validation seems OK now, following description instructio... Malcolm Hussain-Gambles
03:20 AM Bug #7120: Wrong file permissions on /var/tmp and missing sticky bit when using /var as RAM disk
2.4.0-BETA (arm) built on Thu Feb 02 12:37:50 CST 2017
Still not fixed.
Not using RAM disk:
drwxrwxrwt 4 root ... Malcolm Hussain-Gambles
03:11 AM Bug #7128: system_advanced_network.php - fugly IPv6 over IPv4 input field alignment
Can't see any change, but it would look less silly if the input field was below the Tick box Malcolm Hussain-Gambles

02/02/2017

10:48 PM Bug #7185: DHCP6c SIGTERM, SIGKILL
Thank you very much. I am testing these now. I got the binaries scp'd onto the test box. I moved the stock binarie... → luckman212
08:29 AM Bug #7185: DHCP6c SIGTERM, SIGKILL
You cannot patch it Luke, it's an exe. I can send it to you when I am back at my desk. Martin Wasley
08:22 AM Bug #7185: DHCP6c SIGTERM, SIGKILL
Martin, could you provide a link to the PR? → luckman212
10:28 PM Feature #7199 (Resolved): SG-1000 cpsw nics don't support ALTQ
According to this thread and posts from jimp the cpsw NICs in the SG-1000 don't support ALTQ at the moment:
jimp:
... Greg Siemon
07:48 PM Feature #6374: Provide sample server-side logic to report peer's IP address for use with DDNS
There may potentially be a need to prevent caching too. Even if pfSense doesn't cache it, there could be CDN's such ... NOYB NOYB
12:30 PM Feature #6374 (Feedback): Provide sample server-side logic to report peer's IP address for use with DDNS
Applied in changeset commit:186c7a6ca49af0d848c1082bfd7f6d9f0cde7046. Jim Pingle
06:36 PM pfSense Packages Bug #7197: Freeradius ldap authentication failed after update 1.7.5 to 1.7.6
Given the impressive number of details provided, my crystal ball says that - out of the ~4500 lines of code changed i... Kill Bill
12:57 PM pfSense Packages Bug #7197 (Resolved): Freeradius ldap authentication failed after update 1.7.5 to 1.7.6
Hi
After updating freeradius package from 1.7.4 to 1.7.5 version, it's failed to authenticate via Ldap.
My Con... Tahar GUEBLI
02:28 PM Feature #7011: Retain vendor MAC address at power up
I'll take it Renato Botelho
02:21 PM Bug #7198 (Resolved): nginx-error.log is not circular and can fill filesystem
Unlike almost all of the other log files contained in @/var/log@, nginx-error.log is not circular. Because it grows ... Brett Keller
11:33 AM Feature #7196 (Resolved): setHelp method should use more conventiol argument syntax
Anonymous
11:33 AM Feature #7196 (Resolved): setHelp method should use more conventiol argument syntax
The setHelp methods currently use an array to pass position arguments to sprintf. This has caused people to employ sp... Anonymous
11:05 AM Bug #7163: IGMP Proxy does not valid inputs
In the config for igmpproxy, Network populates altnet and has to be in subnet format. Since the GUI has a drop-down f... Jim Pingle
10:43 AM Bug #7195 (New): pkg_edit.php - <checkenablefields> tag has no effect on fields other than checkbox/input
When messing with another piece of JS for Squid, I figured out that I'd rather not be missing with it. :P So, it woul... Kill Bill
09:59 AM Bug #7194 (Rejected): CARP/IP Aliases under same subnet not synced correctly
I can't reproduce this on a current 2.4 snapshot. Additional addresses fail over all at once as expected. Jim Pingle
09:34 AM Bug #7194 (Rejected): CARP/IP Aliases under same subnet not synced correctly
If you set a CARP VIP e.g. an address on the WAN subnet xxx.xxx.xxx.xx1/28. Then set another address, be it another C... James Webb
07:35 AM Feature #7182: Break up System Widget on the Dashboard
It has come up before, at least on the forum, but I don't see an existing ticket for it yet. I agree it would be nic... Jim Pingle
07:29 AM Feature #7182: Break up System Widget on the Dashboard
And I have a feeling that breaking up the System Information widget has been discussed before, so there may be anothe... Phillip Davis
07:24 AM Feature #7182: Break up System Widget on the Dashboard
PR https://github.com/pfsense/pfsense/pull/3465 provides a first part of addressing this. It allows the user to choos... Phillip Davis
04:52 AM Bug #5993: dhcp6c not started until an RA received
It's not his modem, he's getting a prefix, all is well there. Just looked at the video. Let me think on it...
Go... Martin Wasley
02:45 AM Feature #7193: NTP process PGRMF
PR https://github.com/pfsense/pfsense/pull/3463 Jack Booth
02:42 AM Feature #7193 (Resolved): NTP process PGRMF
The Garmin only NMEA sentence PGRMF can be used by NTP as the time sync. Unlike the other NMEA sentences PGRMF includ... Jack Booth
01:16 AM Bug #7166: During bandwidth test 4860 with 2.4 got Fatal trap 12: page fault while in kernel mode
Constantine Kormashev wrote:
> I noticed with new firmware SG4860 uses CPU resources *on 25% more* than on previous ... Constantine Kormashev
12:55 AM Bug #7166: During bandwidth test 4860 with 2.4 got Fatal trap 12: page fault while in kernel mode
I noticed with new firmware SG4860 uses CPU resources *on 25% more* than on previous version.
Now it is 185% CPU IDL... Constantine Kormashev

02/01/2017

10:22 PM Bug #5993: dhcp6c not started until an RA received
J L wrote:
> Daryl Morse wrote:
> > J L wrote:
> >
> > > Alright. I doubt hardware matters too much, but I'll li... Daryl Morse
07:35 PM Bug #5993: dhcp6c not started until an RA received
Daryl Morse wrote:
> J L wrote:
>
> > Alright. I doubt hardware matters too much, but I'll list some facts.
> > ... J L
06:46 PM Bug #5993: dhcp6c not started until an RA received
J L wrote:
> Alright. I doubt hardware matters too much, but I'll list some facts.
> WAN gateway: Actiontec V2000... Daryl Morse
04:31 PM Bug #5993: dhcp6c not started until an RA received
Martin Wasley wrote:
> I'll pm you with my email address.
>
> Edit.. you're not showing yours either.. :)
jtl... J L
04:27 PM Bug #5993: dhcp6c not started until an RA received
Do you have Daryl's pm? Martin Wasley
04:24 PM Bug #5993: dhcp6c not started until an RA received
I'll pm you with my email address.
Edit.. you're not showing yours either.. :) Martin Wasley
09:57 PM pfSense Packages Bug #7190: pfSense-pkg-acme Bug - php errors on pages that list certificates when no LE Certs have been created yet (eg Cert. Manager - Certificates, OpenVPN - Servers)
PR https://github.com/pfsense/FreeBSD-ports/pull/286 Phillip Davis
03:55 PM pfSense Packages Bug #7190 (Resolved): pfSense-pkg-acme Bug - php errors on pages that list certificates when no LE Certs have been created yet (eg Cert. Manager - Certificates, OpenVPN - Servers)
I just installed pfSense-pkg-acme and went to the Cert. Manager - Certificates Page. I see the following output imme... Greg Siemon
08:12 PM pfSense Packages Bug #7192 (Resolved): ACME package cannot update more than one nsupdate type domain
With multiple domains in the "Domain SAN List" set to nsupdate, it only appears to use the last key entered, rather t... Jim Pingle
07:46 PM pfSense Packages Bug #7191 (Resolved): squid package EN-US grammar errors
In the Services > Squid Proxy Server > Antivirus > Enable Manual Configuration section, the warning "Warning: Only en... P Jones
05:11 PM pfSense Packages Feature #7189: Letsencrypt acme sync in HA environment
There are a couple considerations here to keep straight for GUI use as well.
* One cert with SANs for both hosts i... Jim Pingle
02:13 PM pfSense Packages Feature #7189 (Resolved): Letsencrypt acme sync in HA environment
Configure the letsencrypt package https://github.com/pfsense/FreeBSD-ports/tree/devel/security/pfSense-pkg-acme to sy... Adam Lawler
01:50 PM pfSense Packages Feature #4752 (Resolved): SQUID. Exception for speed limits
Renato Botelho
01:36 PM pfSense Packages Feature #4752: SQUID. Exception for speed limits
Works. Kill Bill
01:49 PM pfSense Packages Feature #2825 (Resolved): OpenBGPd: Add options prepend-neighbor and prepend-self
Renato Botelho
01:32 PM pfSense Packages Feature #2825: OpenBGPd: Add options prepend-neighbor and prepend-self
Fixed with https://github.com/pfsense/FreeBSD-ports/commit/df93449ea55537c48bca4304f72aa7ced243a116 - close please. Kill Bill
01:49 PM pfSense Packages Feature #6537 (Rejected): Suricata does not autopopulate IP Reputation list from Emerging Threats on rules update
Renato Botelho
01:12 PM pfSense Packages Feature #6537: Suricata does not autopopulate IP Reputation list from Emerging Threats on rules update
Can be closed. Feature misunderstanding. Kill Bill
01:44 PM pfSense Packages Feature #6022: Consider MLVPN for bonded VPN
This feature would bring high value to the product and really make it stand out from the crowd. Not many solutions a... mark rousseau
01:16 PM Bug #6363: AutoConfigBackup Restore Actions column missing due to long XMLRPC sync merge strings in the configuration description
Wraps just fine without any CSS, as seen on the screenshot. Close, please. Kill Bill
11:55 AM Feature #4405: Traffic shaping doesn't work when applied to a bridge interface
Any news on this? Issue still exists in 2.3.2. No Traffic shaper on bridge0 even with:
net.link.bridge.pfil_member=0... Daniel Greenwald
10:31 AM pfSense Packages Bug #7188 (Closed): Squid update issue
Already fixed Renato Botelho
10:06 AM pfSense Packages Bug #7188: Squid update issue
... Kill Bill
09:27 AM pfSense Packages Bug #7188 (Closed): Squid update issue
Hi, after updating (yesteray) squid my web ui is not working any more! Here is the error:
Parse error: syntax erro... Robert Weingardt
09:54 AM Bug #7145: rc.newwanipv6 running in all cases, even for a renew
PR Pushed upstream as fix needed for dhcp6c PID issue - Redmine #7185. Martin Wasley
09:47 AM Bug #7066 (Resolved): vmx(4) interfaces do not have ALTQ support on pfSense 2.4, they had ALTQ support on 2.3
Thanks! Luiz Souza
07:43 AM Bug #7187: IPSec IKEv2 additional P2 not written to config
And it does not show in the routed connection of _statusall_... Lorenzo Milesi
07:30 AM Bug #7187 (Closed): IPSec IKEv2 additional P2 not written to config
I have a v2 tunnel with a second P2 NATting the OpenVPN subnet to the tunnel which is not working. The traffic from t... Lorenzo Milesi
05:57 AM Bug #6650: Option needed to disable HSTS
Bump here. This breaks even things running on pfSense itself, such as the darkstat package (HTTP only). It will break... Kill Bill
05:51 AM Bug #6624: changes in IPsec config should down the connection
As a sidenote: When using IPsec mobile clients with PSK keys it would be preferred not to take the entire IPsec servi... Lars Pedersen
05:00 AM Bug #7186 (Resolved): Unable to use national symbols in password fo ACB package
While using ACB package it is not possible to use national symbols in crypto password. I was trying to set password w... Denis Karpushin
04:51 AM Bug #7185 (Resolved): DHCP6c SIGTERM, SIGKILL
I have found that when issuing a SIGTERM to dhcp6c that it immediately deletes the pid file, however, if the WAN inte... Martin Wasley
04:39 AM Bug #7184 (Rejected): FW limits MTU to 1280 when using VPN tunnel to F5
If I'm using local network behind pfSense I get a tun0 device with MTU limited to 1280.
When using the tunnel behind... Martin Assarsson
03:50 AM Bug #7183 (Feedback): Interface Groups can be entered with the same name
Applied in changeset commit:89ac71d38a4c49e1537e4afe2b34b2457d9817a7. Phillip Davis
03:25 AM Bug #7173: [2.3.3+] Interface groups with a '-' (dash) in name are not handled correctly, breaking firewall rules
Yeah, I think it should behave like the IPsec/OpenVPN ones, they don't let you mess with those either. :) (Well, exce... Kill Bill
02:49 AM Bug #7173: [2.3.3+] Interface groups with a '-' (dash) in name are not handled correctly, breaking firewall rules
I guess the package should be responsible for deleting the Interface Group as it uninstalls itself.
So the Interface... Phillip Davis
02:39 AM Bug #7173: [2.3.3+] Interface groups with a '-' (dash) in name are not handled correctly, breaking firewall rules
Heh, none that I'd know of ATM except tinc, but it simply needs to be something, so that some checking can be done fo... Kill Bill

01/31/2017

11:01 PM Bug #5993: dhcp6c not started until an RA received
Martin Wasley wrote:
> OK, I can see dhcp6c is doing its job and launching RTSOLD, which is launching rc.newwanipv6.... J L
10:39 PM Bug #7173: [2.3.3+] Interface groups with a '-' (dash) in name are not handled correctly, breaking firewall rules
What other packages use the "pkg_" prefix to generate names in this namespace? Phillip Davis
10:39 PM Bug #7173: [2.3.3+] Interface groups with a '-' (dash) in name are not handled correctly, breaking firewall rules
PR https://github.com/pfsense/pfsense/pull/3458
To fix validation of Interface, Interface Group and Alias names. Phillip Davis
09:55 AM Bug #7173: [2.3.3+] Interface groups with a '-' (dash) in name are not handled correctly, breaking firewall rules
To get this really fixed, it's needed to
1/ revert a bunch of other commits that allowed that stuff specifically ... Kill Bill
09:30 AM Bug #7173 (Feedback): [2.3.3+] Interface groups with a '-' (dash) in name are not handled correctly, breaking firewall rules
Applied in changeset commit:b835c2dd77a09ea46b5d6abd8d2271332bf52367. Phillip Davis
09:17 AM Bug #7173: [2.3.3+] Interface groups with a '-' (dash) in name are not handled correctly, breaking firewall rules
PR https://github.com/pfsense/pfsense/pull/3452
The char set allowed should be the same as for Interfaces and Aliases. Phillip Davis
09:58 PM Bug #7183: Interface Groups can be entered with the same name
Woo-hoo, I got allocated PR https://github.com/pfsense/pfsense/pull/3456
 Phillip Davis
09:55 PM Bug #7183 (Resolved): Interface Groups can be entered with the same name
1) Add an Interface Group named "abc"
2) Add an Interface Group named "def"
3) Edit Interface Group "def", change i... Phillip Davis
07:33 PM Feature #7182 (New): Break up System Widget on the Dashboard
The system widget is quite useful, however there is a lot of information in one place (and it is quite tall, so the s... Daniel Subert
07:20 PM Feature #7181 (New): Add Top and Add Bottom on Seperator
Currently when separators are in use, to add a rule under the separator, you have to create the rule at the bottom of... Daniel Subert
06:57 PM Bug #7066: vmx(4) interfaces do not have ALTQ support on pfSense 2.4, they had ALTQ support on 2.3
Luiz Otavio O Souza wrote:
> Should work now: https://github.com/pfsense/FreeBSD-src/commit/91384809a74dc98ef0d2a173... Greg Siemon
06:18 PM Bug #7156: Change in 'Block bogon networks' or 'Block private netowrks' GUI options kills routing entries for OpenVPN interfaces.
As I've thought about this more, it seems to me that the correct behavior is for "Apply Changes" to trigger a restart... Karl Fife
04:08 PM pfSense Packages Bug #7009 (Resolved): syslog_ng Log Viewer page didn't get converted to the new 2.3 bootstrap
Anonymous
04:07 PM pfSense Packages Bug #7009: syslog_ng Log Viewer page didn't get converted to the new 2.3 bootstrap
Works, thanks for help. Kill Bill
12:51 PM pfSense Packages Bug #7009 (Feedback): syslog_ng Log Viewer page didn't get converted to the new 2.3 bootstrap
Anonymous
02:00 PM Bug #7180: Disabled OpenVPN clients are not shaded in the gui
Applied in changeset commit:070379bbc0cf84d82f52a0adfe2bdc6014695f7e. Anonymous
01:50 PM Bug #7180 (Feedback): Disabled OpenVPN clients are not shaded in the gui
Fixed copy/paste error.
Thanks for the report. Anonymous
01:19 PM Bug #7180 (Resolved): Disabled OpenVPN clients are not shaded in the gui
When I disable an openvpn client, it's not indicated in the clients page. All clients appear the same, active.
Lin... Mark Wiater
11:08 AM pfSense Packages Bug #6928 (Feedback): freeRADIUS, logging with "Access-Reject" not work in mysql table radpostauth
Renato Botelho
09:45 AM Bug #7178 (Feedback): pfSense themes don't handle package XML field without <description> tag properly
Unable to reproduce using:
Ubuntu Firefox
macOS Firefox, Safari, Chrome
Tried pfSense and Compact red themes. ... Anonymous
02:44 AM Bug #7178 (Rejected): pfSense themes don't handle package XML field without <description> tag properly
See
Compact-Red (working properly): https://forum.pfsense.org/index.php?topic=124759.msg689034#msg689034
pfSense (... Kill Bill
09:34 AM Todo #7160 (Feedback): Mark Required Fields on GUI Pages
Renato Botelho
09:19 AM Todo #7160: Mark Required Fields on GUI Pages
PR https://github.com/pfsense/pfsense/pull/3451 is the last set of changes for this. Phillip Davis
09:21 AM Feature #7122: Add filters to various dashboard widgets
I think that is it. Unless anyone has another favorite, the dashboard widgets can be given a last test and this can b... Phillip Davis
08:00 AM pfSense Packages Feature #7179: Package Filer into 2.3
Also did xmlrpc 2.4 adjustments:
https://github.com/pfsense/FreeBSD-ports/pull/277/commits/8d27c452ce42ca2ef0d65b65b... Mathias Möller
04:57 AM pfSense Packages Feature #7179 (Resolved): Package Filer into 2.3
Pull Request to include the filer package in pfSense >= 2.3
https://github.com/pfsense/FreeBSD-ports/pull/277 Mathias Möller
03:46 AM Bug #7166: During bandwidth test 4860 with 2.4 got Fatal trap 12: page fault while in kernel mode
Tests repeated as instructed by Constantine - SG4860 did not crash with 2.4 built on Mon Jan 30 22:08:41 CST 2017
 Vladimir Lind
12:43 AM Bug #7149: igb driver queue related crashes
Updated to the lastest snapshot (Mon Jan 30 22:08:41 CST 2017), set queues to 2 and tried this on a DMZ host for a fe... Anonymous

01/30/2017

08:34 PM Bug #7177 (Duplicate): IPv6 Monitor IP does not seem to propagate
Duplicate with #7176. Let's close this one. Luiz Souza
08:24 PM Bug #7177: IPv6 Monitor IP does not seem to propagate
Duplicated Issue please close. Chris Palmer
08:20 PM Bug #7177 (Duplicate): IPv6 Monitor IP does not seem to propagate
2.3.3 snaps work. This particular install uses a 6to4 tunnel from the ISP.
Setting "Gateway Monitor IP" in 2.4 sna... Chris Palmer
08:31 PM Bug #7149 (Feedback): igb driver queue related crashes
This commit fix a few obvious issues in igb: https://github.com/pfsense/FreeBSD-src/commit/215ddb035593bc4cee275b9dbb... Luiz Souza
08:30 PM Bug #7166 (Feedback): During bandwidth test 4860 with 2.4 got Fatal trap 12: page fault while in kernel mode
This commit fix a few obvious issues in igb: https://github.com/pfsense/FreeBSD-src/commit/215ddb035593bc4cee275b9dbb... Luiz Souza
12:28 AM Bug #7166: During bandwidth test 4860 with 2.4 got Fatal trap 12: page fault while in kernel mode
The FreeBSD PR also suggest that disabling the LEGACY_TX support (and ALTQ support altogether) would also fix the cra... Luiz Souza
12:21 AM Bug #7166: During bandwidth test 4860 with 2.4 got Fatal trap 12: page fault while in kernel mode
Seems like a know bug in FreeBSD (or sort of): https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=208409#c11
Also d... Luiz Souza
08:19 PM Bug #7176 (Resolved): IPv6 Monitor IP does not seem to propagate
2.3.3 snaps work. This particular install uses a 6to4 tunnel from the ISP.
Setting "Gateway Monitor IP" in 2.4 sna... Chris Palmer
03:54 PM Bug #7066: vmx(4) interfaces do not have ALTQ support on pfSense 2.4, they had ALTQ support on 2.3
Luiz Otavio O Souza wrote:
> Should work now: https://github.com/pfsense/FreeBSD-src/commit/91384809a74dc98ef0d2a173... Greg Siemon
12:30 AM Bug #7066 (Feedback): vmx(4) interfaces do not have ALTQ support on pfSense 2.4, they had ALTQ support on 2.3
Should work now: https://github.com/pfsense/FreeBSD-src/commit/91384809a74dc98ef0d2a173718bd79bd77c13bb Luiz Souza
03:24 PM pfSense Packages Feature #2825: OpenBGPd: Add options prepend-neighbor and prepend-self
Hello,
I know it's been a long time since this thread was started, but we started using the openBGPd package and not... Lucas Jackson
02:21 PM Bug #7157: Traffic graphs cause the tab to crash when run in the background
Think ive found the source of the background leak in a growing list of timer objects waiting for a 'requestAnimationF... Pi Ba
01:20 PM Bug #7174: OpenVPN Server and Client not detecting Hardware Cryto
Kill Bill wrote:
> I'd hope that is intentional fix, since enabling HW crypto there actually makes performance _sign... James Williams
12:51 PM Bug #7174: OpenVPN Server and Client not detecting Hardware Cryto
I'd hope that is intentional fix, since enabling HW crypto there actually makes performance _significantly_ worse.
... Kill Bill
12:48 PM Bug #7174 (Duplicate): OpenVPN Server and Client not detecting Hardware Cryto
PC Engines APU2C4, AMD GX412TC SOC CPU.
Cryptographic Hardware AES-NI CPU-based Acceleration enabled.
Dashboard sho... James Williams
01:04 PM Bug #7175 (Not a Bug): SIP MESSAGE UDP packets not passed despite rules & pcaps showing otherwise
I have two pfSense boxes in failover configuration both running NanoBSD 2.3.2-RELEASE (amd64) and a VoIP server on th... Sean Pappalardo
12:14 PM Bug #7173 (Resolved): [2.3.3+] Interface groups with a '-' (dash) in name are not handled correctly, breaking firewall rules
To reproduce:
- Create an interface group named like @prefix-test@
- Try to add some firewall rule there and save.
... Kill Bill
11:13 AM Bug #7145: rc.newwanipv6 running in all cases, even for a renew
Final version. Changed static chars to pointers for exit script call. As it's possible to have multiple interfaces on... Martin Wasley
06:52 AM Bug #7145: rc.newwanipv6 running in all cases, even for a renew
Additions and changes to dhcp6c Martin Wasley
10:05 AM Bug #7172 (New): Sorting by hostname in Services > DHCP Server > LAN should be "natural" (alphanumeric friendly)
Under "Services > DHCP Server > LAN" if I sort the 'static mappings' table by the hostname column, I get results like... Sean McBride
09:35 AM Bug #7171 (Resolved): system_advanced_firewall.php: setHelpText is changing the field label also.
Anonymous
09:28 AM Bug #7171: system_advanced_firewall.php: setHelpText is changing the field label also.
Works, thanks Phillip Davis
08:10 AM Bug #7171: system_advanced_firewall.php: setHelpText is changing the field label also.
Applied in changeset commit:678c6a56bce239ac152e3d9fe051ad8508ab3ce3. Anonymous
08:01 AM Bug #7171 (Feedback): system_advanced_firewall.php: setHelpText is changing the field label also.
Newly added span element accommodated
Function moved to pfSenseHelpers.js Anonymous
04:16 AM Bug #7171 (Resolved): system_advanced_firewall.php: setHelpText is changing the field label also.
I suspect this is a side-effect of the recent changes for marking required fields.
e.g. in system_advanced_firewall.... Phillip Davis
08:37 AM pfSense Packages Bug #6928: freeRADIUS, logging with "Access-Reject" not work in mysql table radpostauth
Konstantin Ab wrote:
> Hmmm, it seems to work!
> records appear in Table
Thanks for testing. Added to this monst... Kill Bill
08:31 AM Bug #7147 (Resolved): pfsense-utils.inc - is_ipaddr_configured() does not work properly with some IPv6 formats
I'll close this ticket as the original issue was fixed by Phillip's commit.
The whole IPv6 input, store and output... Luiz Souza
03:47 AM Bug #7005: IPsec mss clamping not working for mobile clients
That was backported to RELENG_2_3 in commit https://github.com/pfsense/pfsense/commit/93ab5b34e4e0b20baaf10fdd52119dd... Phillip Davis
02:22 AM Bug #7005: IPsec mss clamping not working for mobile clients
Hi,
You've listed this as resolved in 2.4, what's the current timeframe for the release of 2.4? If it is some way ... Joe Tiedeman
03:06 AM Bug #5993: dhcp6c not started until an RA received
OK, I can see dhcp6c is doing its job and launching RTSOLD, which is launching rc.newwanipv6. As no-one else has repo... Martin Wasley
12:34 AM Bug #7143 (Confirmed): filterdns is triggering every 16 seconds for hosts even when the DNS record has not changed
Ooops, there is a loop in rc.newipsecdns, which triggers a filterdns reload, which runs rc.newipsecdns again (where y... Luiz Souza

01/29/2017

10:25 PM Bug #7143: filterdns is triggering every 16 seconds for hosts even when the DNS record has not changed
I'll take it, something is fishy here. Luiz Souza
09:46 PM Bug #7119 (Resolved): Changing LAGG attributes results in a panic/crash
Luiz Souza
09:46 PM Bug #7124 (Resolved): Kernel panic when configuring 6to4 on a interface
Yeah, that's a different issue, can you open a new ticket for it ?
Thanks! Luiz Souza
06:14 PM Bug #7124: Kernel panic when configuring 6to4 on a interface
Actually just shows "Pending".
Other (2.3) box works. Chris Palmer
06:12 PM Bug #7124: Kernel panic when configuring 6to4 on a interface
Seems right now I cannot monitor the gateway though if I ping from diagnostics the ping returns fine.
Gateway moni... Chris Palmer
04:51 PM Bug #7124: Kernel panic when configuring 6to4 on a interface
Confirmed working here as well. Thank You!
 Chris Palmer
12:52 PM Bug #7124: Kernel panic when configuring 6to4 on a interface
Thanks, i can no longer reproduce the panic.
If 6to4 itself works properly now i cant tell, i have not used it bef... Pi Ba
09:45 PM Bug #7117 (Resolved): Bump sched buckets limiter log spam in console
Luiz Souza
09:27 PM pfSense Packages Bug #6928: freeRADIUS, logging with "Access-Reject" not work in mysql table radpostauth
Hmmm, it seems to work!
records appear in Table Konstantin Ab
03:46 AM pfSense Packages Bug #6928: freeRADIUS, logging with "Access-Reject" not work in mysql table radpostauth
Can you please test this patch? https://github.com/pfsense/FreeBSD-ports/commit/cdf9b05e966f311b8ae83c7a3158479bd5c9e... Kill Bill
12:15 AM pfSense Packages Bug #6928: freeRADIUS, logging with "Access-Reject" not work in mysql table radpostauth
i tryed diable SQL. No problem.
I'm watching the security problems in this table. Konstantin Ab
03:45 PM Bug #5993: dhcp6c not started until an RA received
Martin Wasley wrote:
> Just post the dropbox link here..
Fair enough. I looked through the pcap and there's nothi... J L
08:18 AM Bug #5993: dhcp6c not started until an RA received
Just post the dropbox link here.. Martin Wasley
08:45 AM Bug #3703: MTU not applied on reboot
Is it Resolved ?
2.3.2-RELEASE-p1 (amd64)
built on Fri Sep 30 14:36:56 CDT 2016
FreeBSD 10.3-RELEASE-p9
I hav... koo kim
08:38 AM pfSense Packages Feature #6022: Consider MLVPN for bonded VPN
+1
It's too bad that pfSense do not have this functionality yet
Many of us use multiple WANs please consider MLVP... koo kim
08:23 AM Bug #7169 (Duplicate): MAC address for an interface is not set back to the actual hardware value if a manually entered MAC value in General Configuration under Interfaces is cleared
Known limitation / Duplicate. See #7011 Jim Pingle
02:16 AM Bug #7169 (Duplicate): MAC address for an interface is not set back to the actual hardware value if a manually entered MAC value in General Configuration under Interfaces is cleared
Steps to reproduce
1) Set the MAC address to an interface manually in the General Configuration for an Interface
... Aleksanteri Aaltonen
08:16 AM Bug #7145: rc.newwanipv6 running in all cases, even for a renew
OK, before I do a PR upstream for this, there is one issue left. This only applied in the default mode not dhcp6witho... Martin Wasley
05:20 AM pfSense Packages Bug #7170: FreeRADIUS built-in certificate manager defaults to MD5 (!!!), no support for SHA2
Added a huge deprecation warning to the page as part of https://github.com/pfsense/FreeBSD-ports/pull/272. Kill Bill
04:41 AM pfSense Packages Bug #7170 (Resolved): FreeRADIUS built-in certificate manager defaults to MD5 (!!!), no support for SHA2
I'd rather nuke this redundant thing altogether, however not sure how to handle the transition for unfortunate users ... Kill Bill

01/28/2017

10:30 PM Bug #5993: dhcp6c not started until an RA received
Martin Wasley wrote:
> Just upload them to a dropbox and send me a link.
Sure thing. Can I email you a private link? J L
08:09 AM Bug #5993: dhcp6c not started until an RA received
Just upload them to a dropbox and send me a link. Martin Wasley
08:21 PM Bug #7124 (Feedback): Kernel panic when configuring 6to4 on a interface
Fixed.
Relevant commit: https://github.com/pfsense/FreeBSD-src/commit/c050d42a2646d2e582c46cc6f61531150ffb6cb9 Luiz Souza
05:47 PM pfSense Packages Bug #6928: freeRADIUS, logging with "Access-Reject" not work in mysql table radpostauth
Does uncommenting this break things if SQL is *disabled*? The whole thing is a damn complex heap of code, not really ... Kill Bill
03:32 PM Bug #7168 (Closed): Vague kernel messages in system log
I'm running the a recent 2.4 beta snapshot. I'm periodically seeing vague kernel messages in the system log.
Some ... Daryl Morse
08:54 AM Bug #7154: firewall_nat_edit JS function check_for_aliases()
Yes, the code did nothing effective. I guess that someone had started thinking about what smarts to put in it, had "t... Phillip Davis
08:50 AM Bug #7154: firewall_nat_edit JS function check_for_aliases()
Applied in changeset commit:b39cebf6f09b7d110d810e3ccff0136751aa1718. Anonymous
08:44 AM Bug #7154 (Feedback): firewall_nat_edit JS function check_for_aliases()
Looks like that duplication (several times over) goes back to at least 2.0!
https://github.com/pfsense/pfsense/blo... Anonymous
08:12 AM Bug #7145: rc.newwanipv6 running in all cases, even for a renew
Also added an EXIT as when the No-release flag it's useful to know that dhcp has exited. Would it be be useful to hav... Martin Wasley
07:16 AM Bug #7166: During bandwidth test 4860 with 2.4 got Fatal trap 12: page fault while in kernel mode
Adding "hw.igb.num_queues=1" to /boot/local.conf helps resolving this issue.
_sysctl hw.igb.num_queues
hw.igb.num_q... Constantine Kormashev

01/27/2017

09:04 PM Bug #7119: Changing LAGG attributes results in a panic/crash
Yes, the messages does not seem related with the original bug (crash at ifconfig laggX destroy).
Let's open a new ... Luiz Souza
06:53 PM Bug #7119: Changing LAGG attributes results in a panic/crash
Seems better now, it doesn't crash. Logs of activity in the log, though:... Jim Pingle
03:33 PM Bug #7119 (Feedback): Changing LAGG attributes results in a panic/crash
Fixed in latest snapshot.
Relevant commits:
https://github.com/pfsense/FreeBSD-src/commit/b5996bd8278c710ce6859... Luiz Souza
08:58 PM Bug #6099: igmpproxy does not recognize upstream interface
I downloaded the 2.3.3 nightly but this fix doesn't appear to be included there, so I built a copy of the proxy from ... Andy Shulman
07:18 PM Bug #7167 (Resolved): Error creating higher VLAN ID on SG-1000
SG-1000 connected to an Apple Airport Extreme ac on the LAN interface.
Created a VLAN interface with tag 1003 and as... Netnewb net
06:48 PM Bug #5993: dhcp6c not started until an RA received
Martin.
I got a packet capture from the WAN upon bootup (all looks good there), a copy of the system and DHCP logs... J L
02:33 PM Bug #6448 (Resolved): Mousing over aliases on disabled rules makes hint difficult to read
Jim Pingle
02:07 PM Bug #6448: Mousing over aliases on disabled rules makes hint difficult to read
Looks good here. Thanks! Chris Linstruth
12:47 PM Bug #7143 (Feedback): filterdns is triggering every 16 seconds for hosts even when the DNS record has not changed
I've pushed a fix on filterdns 1.0_16 that will make it to run defined cmd only when IP address changes. Renato Botelho
09:14 AM Bug #7166: During bandwidth test 4860 with 2.4 got Fatal trap 12: page fault while in kernel mode
I can reproduce this bug.
It happens when I use especial traffic pattern for cisco t-rex which included several pcap... Constantine Kormashev
06:54 AM Bug #7166 (Resolved): During bandwidth test 4860 with 2.4 got Fatal trap 12: page fault while in kernel mode
During bandwidth test 4860 on today 2.4 got `Fatal trap 12: page fault while in kernel mode`
FreeBSD pfSense.localdo... Constantine Kormashev
08:33 AM pfSense Packages Bug #6404: FreeRADIUS Does Not Start After Upgrade
All merged. Please test with 1.7.5_1 when available; if it still does not work, describe exactly what actions make it... Kill Bill
07:25 AM Bug #7164 (Feedback): NTP page allows adding more time server rows than it saves to the configuration
PR has been merged, thanks! Renato Botelho
02:47 AM Bug #7116 (New): a floating 'match' rule on LAN does not put traffic from a broswer on a clientpc into a shaper queue
Renato Botelho

01/26/2017

09:12 PM Bug #7165: NAT: Source: <port - range> -> Destination:<a single port from 'source' range> -> error message
The message is about Redirect Target Port (as Jim mentions) which is a field further down the page. The message came ... Phillip Davis
04:47 PM Bug #7165 (Rejected): NAT: Source: <port - range> -> Destination:<a single port from 'source' range> -> error message
Most likely what you're trying to do is invalid. Post on the forum for setup assistance.
Include the following inf... Jim Pingle
04:34 PM Bug #7165 (Rejected): NAT: Source: <port - range> -> Destination:<a single port from 'source' range> -> error message
For some reason latest pfSense version (2.3.2-RELEASE-p1) is not allowing me to forward NAT range 1100 - 65000 to the... Lemi Nah
04:28 PM Bug #6860 (Feedback): Monitoring (RRD) graphs return "unknown" step value
I added the missing step (43200) to the lookup table. Jared Dillard
04:27 PM pfSense Packages Bug #6748 (Feedback): rrd_fetch_json.php returns html when user is unauthorized (causes "Error: SyntaxError: Unexpected token <")
I added a better error message in the case that JSON doesn't get returned, but a hint for the user to check that they... Jared Dillard
04:26 PM Bug #6138 (Feedback): Long hostnames overlap the "time" title in the Monitoring graphs
The positions are hard coded at this time so it is hard to account for really long hostnames, but I moved the values ... Jared Dillard
12:52 PM pfSense Packages Bug #6404: FreeRADIUS Does Not Start After Upgrade
See
- https://github.com/pfsense/FreeBSD-ports/pull/267
- https://github.com/pfsense/FreeBSD-ports/pull/268 Kill Bill
12:50 PM Bug #7116: a floating 'match' rule on LAN does not put traffic from a broswer on a clientpc into a shaper queue
Without quick it didn't work either. Only changing it to 'pass' made it work. Pi Ba
11:25 AM Bug #7116 (Not a Bug): a floating 'match' rule on LAN does not put traffic from a broswer on a clientpc into a shaper queue
According to docs you shouldn't use quick on match rules: https://doc.pfsense.org/index.php/What_are_Floating_Rules
... Renato Botelho
11:02 AM Bug #7116: a floating 'match' rule on LAN does not put traffic from a broswer on a clientpc into a shaper queue
Have you tried to remove 'quick' from this match rule? Renato Botelho
12:35 PM Bug #6333: Bootup starts/restarts dpinger multiple times
Renato Botelho wrote:
> Luiz, when you are touching it, it would be nice to add code on PHP side to deal with interf... Renato Botelho
12:28 PM Feature #6591 (Duplicate): Configurable DDNS check IP services
This was actually a duplicate of #6373 which had more info. I noted the PR there. Jim Pingle
12:28 PM Feature #6373 (Resolved): RFC2136 DDNS could be more configurable to improve security
Items 1 and 2 were completed under #6591 which was resolved by PR https://github.com/pfsense/pfsense/pull/3037 Jim Pingle
12:25 PM Feature #6374: Provide sample server-side logic to report peer's IP address for use with DDNS
PHP Example:... Jim Pingle
12:18 PM Todo #6606: Adapt captive portal to work without multi-instance ipfw
Last I heard from Renato this is still missing some important pieces:
* Missing a mixed table with IP and MAC addr... Jim Pingle
12:13 PM Bug #6664 (Resolved): It's impossible to use HE.NET tunnel iface as a parent for OpenVPN instances
Between #6663 and commit:b42ccf1504eca5e40bfb49b0afb688fffe293a7a this is fixed. Jim Pingle
12:06 PM Bug #6833 (Resolved): Wifi channel change applies only on reboot
PR https://github.com/pfsense/pfsense/pull/3169 was merged back in October.
Tested on a system on 2.4 with wireles... Jim Pingle
11:54 AM Bug #7149: igb driver queue related crashes
See also:
#7079
#6257
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=148807
https://bugs.freebsd.org/bugzilla/... Jim Pingle
11:50 AM Bug #7079: ClamAV C-ICAP causing Kernel Panic and System Crash
I suspect this is not actually from clamav but that is what generates enough load in your environment to trigger it.
... Jim Pingle
11:45 AM Bug #7140 (Resolved): User with page-help-all as first priv is redirected to Dashboard Help
We merged PR for this and tested, should be fine now. Jim Pingle
11:36 AM Bug #6820 (Resolved): Configure WAN Interface Boot Delay
I'm also not seeing a long delay any more. I suspect the fix for #7042 might have also fixed this. The previous delay... Jim Pingle
11:03 AM Bug #7150 (Resolved): shell option before 1st reboot/wizard - can't login
Works Renato Botelho
10:35 AM Bug #6938 (Duplicate): DNS with OpenVPN gateway specified is routed through wrong interface. 2.4 regression.
This is a duplicate of #6883 Renato Botelho
10:25 AM Bug #6880: Multiple DHCP6 WAN connections leads to multiple dhcp6c clients
Luke Hamburg wrote:
> Thanks. I first checked out master and didn't find that commit... then drank some coffee & re... Renato Botelho
08:08 AM Bug #6880: Multiple DHCP6 WAN connections leads to multiple dhcp6c clients
Thanks. I first checked out master and didn't find that commit... then drank some coffee & realized it's a PR still ... → luckman212
07:46 AM Bug #6880: Multiple DHCP6 WAN connections leads to multiple dhcp6c clients
If you update to the latest snapshot then you can try patch ID: cdb6c8ac8e65f98a2ac0fa469c963c055a5c522d
There are... Martin Wasley
10:10 AM Bug #7145: rc.newwanipv6 running in all cases, even for a renew
This is cool... it works nicely. I'm still messing around with it but I've changed the strings to full reply words su... Martin Wasley
05:04 AM Bug #6630 (Resolved): Set Defaults for Graphs - Traffic/WAN + Packets/WAN doesn't work
Renato Botelho
05:03 AM Bug #6132 (Resolved): race condition in OpenVPN startup
Renato Botelho
05:01 AM Bug #7151 (Resolved): Interface Group Name hint is misleading
Renato Botelho
02:24 AM Bug #7164: NTP page allows adding more time server rows than it saves to the configuration
Most likely limited to 10 because historically anything above 10 best servers was discarded as a potential peer [1]. ... Kill Bill
12:02 AM Bug #7036: 2.4 ZFS on RCC-VE 2440 hangs
UFS was mentioned as an issue as well, but wasn't tested? J Harnick

01/25/2017

09:40 PM Bug #7164: NTP page allows adding more time server rows than it saves to the configuration
I can't answer the question of why other than it is generally not recommended to specify a large number of time serve... Jack Booth
09:30 PM Bug #7164: NTP page allows adding more time server rows than it saves to the configuration
Why is the page limited to 10 servers? Is this limitation enforced elsewhere in the system? Anonymous
09:28 PM Bug #7164: NTP page allows adding more time server rows than it saves to the configuration
PR https://github.com/pfsense/pfsense/pull/3446 Jack Booth
09:19 PM Bug #7164 (Resolved): NTP page allows adding more time server rows than it saves to the configuration
The NTP configuration page has a button to add more time servers to use as a time source. Only 10 servers are saved t... Jack Booth
04:56 PM Bug #7149: igb driver queue related crashes
I also can confirm this issue on my box as well.
I have 6 igb (Intel pro 1000) interfaces (4 on the asus mainboard... Philipp Haefelfinger
03:14 PM Bug #7157: Traffic graphs cause the tab to crash when run in the background
Pretty sure they will crash in the foreground also.. Think ive found a leak in the code though.
The nv.utils.inherit... Pi Ba
02:40 PM Bug #7075 (Feedback): firewall states show negative value for total bytes processed
Should be fixed now: https://github.com/pfsense/FreeBSD-ports/commit/2f5f4b5ac53ead4c12761273a3cc332b08806e26
Unfo... Luiz Souza
02:31 PM Bug #6630: Set Defaults for Graphs - Traffic/WAN + Packets/WAN doesn't work
Not seeing this issue either, Set as Defaults is working fine for me too. Malcolm Hussain-Gambles
02:29 PM Bug #6132: race condition in OpenVPN startup
Fresh install and one OpenVPN server seems to work fine for me with fresh install from Dec and no probs with latest b... Malcolm Hussain-Gambles
02:25 PM Bug #7151: Interface Group Name hint is misleading
"Only letters (A-Z), digits (0-9), '-' and '_' are allowed. The group name cannot end with a digit." appears in lates... Malcolm Hussain-Gambles
01:37 PM Bug #6820 (Feedback): Configure WAN Interface Boot Delay
I was seeing this issue on all my test VMs too but on recent snapshots it seems to be OK, probably some change have f... Renato Botelho
01:29 PM Bug #6811 (Resolved): pkg_edit.php rowhelper is broken with multiple distinct rowhelpers per page.
3 months with no complains is like enough time to consider it fixed Renato Botelho
01:24 PM Bug #7036 (Not a Bug): 2.4 ZFS on RCC-VE 2440 hangs
After internal tests, we could install it successfully on 2440 using ZFS. Discussion will continue on forum thread li... Renato Botelho
01:22 PM Bug #6911 (Rejected): no network on hyperv-v 2012 R1
There is no much we can do at this point for a release that seems to be unsupported by Microsoft according https://su... Renato Botelho
01:20 PM Bug #6880: Multiple DHCP6 WAN connections leads to multiple dhcp6c clients
Ok great, I will definitely try 2.4b then. If you happen to know which commits are relevant to that fix I'd love to l... → luckman212
01:17 PM Bug #6880: Multiple DHCP6 WAN connections leads to multiple dhcp6c clients
Its not, it's a problem that appears from time to time and is quite intermittent. In 2.4b changes have been made whic... Martin Wasley
11:08 AM Bug #6880: Multiple DHCP6 WAN connections leads to multiple dhcp6c clients
I have a dual WAN 2.3.2-p1 system with only one of the WANs configured for DHCP6 (not PPPoE, just Ethernet) and I am ... → luckman212
12:44 PM Feature #7159 (Feedback): Auto correct checksum and missing special characters for NTP GPS initialization commands.
PR has been merged, thanks! Renato Botelho
11:08 AM Bug #5993: dhcp6c not started until an RA received
And the fixes are for dhcp6c the WAN client, not dhcpd the LAN server. Different things.
First, enable dhcp6c debu... Martin Wasley
10:52 AM Bug #7163: IGMP Proxy does not valid inputs
If someone confirms what the validation requirements are, I can make it so. Phillip Davis
10:51 AM Bug #7163 (Resolved): IGMP Proxy does not valid inputs
IGMP Proxy Edit
Threshold: no validation is done, I can put "abc" "-42"... - I think it must be a positive integer... Phillip Davis
08:49 AM Bug #7143: filterdns is triggering every 16 seconds for hosts even when the DNS record has not changed
This only happens when config file uses the directive 'cmd', in this case, ipsec session is using it:... Renato Botelho
08:43 AM Bug #5319: Error message "No config named" in charon daemon
With 2.3.2, in a hub and spoke model of IPsec tunnels, when the hub was restarted, about 10 percent of the spoke mode... Alex Vergilis
07:58 AM pfSense Packages Bug #6988: SNORT Package PHP memory error
Your logs are way too huge! Configure something sane on Logs Mgmt tab. (You can override the memory limit in https://... Kill Bill
07:47 AM Bug #7162 (Rejected): XMLRPC lock in backup node if offline
That is not a supported configuration, in part due to the issues you have noted. Without connectivity for the seconda... Jim Pingle
03:45 AM Bug #7162 (Rejected): XMLRPC lock in backup node if offline
I have 2 Netgate SG-4860 installed with pfsense v. 2.3.2_1, with 1 carp vip on wan. The backup machine, however, rema... Stefano Aldeni
07:23 AM Bug #7124 (Confirmed): Kernel panic when configuring 6to4 on a interface
Renato Botelho
05:56 AM Bug #7123 (Resolved): Kernel panic when setting TCP MD5 Password in OpenBGP
Renato Botelho
05:10 AM Bug #7123: Kernel panic when setting TCP MD5 Password in OpenBGP
Renato Botelho wrote:
> Possible fix was cherry-picked to FreeBSD-src, please try again on next snapshot
Great, t... Rolf Sommerhalder
04:31 AM pfSense Packages Bug #6305: Quagga problems updating routes / mistakenly showing "kernel"-routes while they are not
https://github.com/pfsense/FreeBSD-ports/pull/265 - that's not a real solution obviously, so kindly leave this bug op... Kill Bill
01:47 AM Bug #7145: rc.newwanipv6 running in all cases, even for a renew
Use this too, just makes the logging a little tidier. If this is implemented then the dhcp6withoutRA PR I have curren... Martin Wasley
01:04 AM Bug #7145: rc.newwanipv6 running in all cases, even for a renew
Yes, attached..
As dhcp6c only calls the script function when the above reply states happen you don't get quite as... Martin Wasley

01/24/2017

10:03 PM Feature #4606: PKI : CA signing external CSR
I'd also love to see this functionality. Many Ubiquiti devices only support outputting a CSR instead of importing a k... Andy Sayler
05:18 PM Bug #7145: rc.newwanipv6 running in all cases, even for a renew
Got a source patch for that? If I do manage to try it, I am not keen on running binaries from outside sources. Jim Pingle
02:40 PM Bug #7145: rc.newwanipv6 running in all cases, even for a renew
Try this...
These are pulled from the reply state, and are what is displayed in dhcp6c logs, well mine at least. T... Martin Wasley
12:31 PM Bug #7145: rc.newwanipv6 running in all cases, even for a renew
It would probably be good enough if dhcp6c properly populated REASON with what actually happened. If it's a simple re... Jim Pingle
12:19 PM Bug #7145: rc.newwanipv6 running in all cases, even for a renew
I can have a look at dhcp6c, easy enough to add something. What do you want it do do, set an env stating what trigger... Martin Wasley
10:21 AM Bug #6448: Mousing over aliases on disabled rules makes hint difficult to read
This is fixed in the following commit: https://github.com/pfsense/pfsense/commit/d9bad9e8863bb91cb568b3b41470e22a20d9... Jared Dillard
10:10 AM Bug #6448 (Feedback): Mousing over aliases on disabled rules makes hint difficult to read
Applied in changeset commit:d9bad9e8863bb91cb568b3b41470e22a20d9fa6e. Anonymous
09:49 AM Bug #7128: system_advanced_network.php - fugly IPv6 over IPv4 input field alignment
Hmmm? This just broke the vertical alignment altogether and did nothing with the input field?
!https://i.imgsafe.o... Kill Bill
09:43 AM Bug #7086: stale zfs file systems
Thank you. Vladimir Suhhanov
05:24 AM Bug #7086: stale zfs file systems
Vladimir Putin wrote:
> What are the risks to continue using updated versions without reinstall?
There are no ris... Renato Botelho
09:42 AM Bug #6836: Wrong queue length on "/status_queues.php" page under heavy traffic
Sorry, I see no reason, just outrage and not from my side. Vladimir Suhhanov
05:34 AM Bug #6836 (Rejected): Wrong queue length on "/status_queues.php" page under heavy traffic
rejected for reasons shown in-thread. Jim Thompson
09:41 AM Feature #6914: unbound access-control lists
Merged. Kill Bill
08:49 AM pfSense Packages Bug #6490 (Rejected): Squid Reverse Proxy: Disabling an entry on the "Redirects" tab creates duplicate entries for the previous entry in the squid config
Jim Pingle
08:35 AM pfSense Packages Bug #6490: Squid Reverse Proxy: Disabling an entry on the "Redirects" tab creates duplicate entries for the previous entry in the squid config
Cannot reproduce, plus suspect it's more or less a duplicate of another non-reproducible issue filed by the same user... Kill Bill
07:25 AM pfSense Packages Bug #7161 (Resolved): pfSense-pkg-bind9 changelog pointing to non-existent location
The changelog link should point to https://github.com/pfsense/FreeBSD-ports/tree/devel/dns/pfSense-pkg-bind9 while it... Kill Bill
07:11 AM pfSense Packages Feature #3754 (Closed): Add APC Back-UPS CS to NUT
Jim Pingle
07:08 AM pfSense Packages Feature #3754: Add APC Back-UPS CS to NUT
No feedback, related to ancient package version, plus apparently not a pfSense issue either. Retest with current pack... Kill Bill
06:35 AM pfSense Packages Bug #5869: Squid non-functional in transparent mode in 2.3
Here’s the mail I got recently for my problem
I was not able to get to these sites at the time of my first post but ... john Smith
03:40 AM Bug #7149: igb driver queue related crashes
Rolf Sommerhalder wrote:
...
> This morning, we have added this potential work around on three systems. No crashes ... Rolf Sommerhalder

01/23/2017

11:28 PM Feature #7159: Auto correct checksum and missing special characters for NTP GPS initialization commands.
PR https://github.com/pfsense/pfsense/pull/3433 Jack Booth
09:30 PM Feature #7159 (Resolved): Auto correct checksum and missing special characters for NTP GPS initialization commands.
The current NTP GPS configuration has a field for users to customize the GPS initialization commands. These NMEA comm... Jack Booth
10:05 PM Todo #7160 (Resolved): Mark Required Fields on GUI Pages
Redmine 7083 provided the infrastructure to mark GUI fields as "required" and the UI implementation underlines fields... Phillip Davis
07:59 PM Bug #7086: stale zfs file systems
What are the risks to continue using updated versions without reinstall? Vladimir Suhhanov
05:20 AM Bug #7086: stale zfs file systems
Tobias Wigand wrote:
> Fresh install worked without problems. Can't say anything about the original problem, not eno... Renato Botelho
04:34 PM Bug #6630 (Feedback): Set Defaults for Graphs - Traffic/WAN + Packets/WAN doesn't work
This is not longer an issue. It must have been fixed in a previous commit. Jared Dillard
03:45 PM Feature #7158 (Rejected): Captive Portal should have logs facilities for blocked sites
Whenever I have problems connecting to sites from client software that does not have proxy settings there is no way t... Jose Torres
03:11 PM Bug #7156: Change in 'Block bogon networks' or 'Block private netowrks' GUI options kills routing entries for OpenVPN interfaces.
It could probably be documented in a way that calls more attention to it, but it is mentioned in the documentation wh... Jim Pingle
03:06 PM Bug #7156: Change in 'Block bogon networks' or 'Block private netowrks' GUI options kills routing entries for OpenVPN interfaces.
How is one supposed to know that this is a requirement? It's exactly not self-evident that changing something as sim... Karl Fife
02:23 PM Bug #7156 (Rejected): Change in 'Block bogon networks' or 'Block private netowrks' GUI options kills routing entries for OpenVPN interfaces.
Any time you save/apply changes on an assigned OpenVPN interfaces you have to restart the VPN. It's always been that ... Jim Pingle
01:57 PM Bug #7156 (Rejected): Change in 'Block bogon networks' or 'Block private netowrks' GUI options kills routing entries for OpenVPN interfaces.
It appears that toggling in the 'Block bogon networks' and/or 'Block private netowrks' GUI option kills the automatic... Karl Fife
03:07 PM Bug #7157 (Resolved): Traffic graphs cause the tab to crash when run in the background
When the "Keep graphs updated when on inactive tab" option is selected for traffic graphs it can cause the tab to loc... Jared Dillard
11:14 AM Bug #7155 (Resolved): services_dhcp_relay.php: Section hide/show gets out of synch with enable checkbox
Replace ->toggle code with jQuery for reliability Anonymous
11:11 AM Bug #5993: dhcp6c not started until an RA received
Barring unforeseen changes, you should not expect the behaviour to change between now and the release version. I've b... Daryl Morse
02:20 AM Bug #5993: dhcp6c not started until an RA received
Thanks.
I'm on the 2.4 snapshot and upon reboot I have to disable and enable the DHCPv6 server for it to properly ... J L
12:53 AM Bug #5993: dhcp6c not started until an RA received
J L wrote:
> Daryl Morse wrote:
> > I installed the additional patch that Martin provided to address the request fo... Daryl Morse
12:29 AM Bug #5993: dhcp6c not started until an RA received
Daryl Morse wrote:
> I installed the additional patch that Martin provided to address the request for changes. I've ... J L
11:00 AM Bug #6958 (Feedback): services_dhcp_relay.php: Needs to be converted to more recent rowhelper standard
Applied in changeset commit:81fd21019cd0de8300fa0480cff1973d58d28e03. Anonymous
10:22 AM pfSense Packages Bug #6350: Auto Config Backup - Uncaught Exception
Steve Beaver wrote:
> Fixed by populating version table when info request fails
I don't remember what package ver... Simon Trigona
09:10 AM pfSense Packages Bug #6350 (Feedback): Auto Config Backup - Uncaught Exception
Fixed by populating version table when info request fails Anonymous
10:00 AM Bug #7128: system_advanced_network.php - fugly IPv6 over IPv4 input field alignment
Applied in changeset commit:b33d32a500fe722035de3efc6a6d50c8cdae6f16. Anonymous
09:53 AM Bug #7128 (Feedback): system_advanced_network.php - fugly IPv6 over IPv4 input field alignment
Anonymous
09:24 AM Bug #6864 (Resolved): Error checking rejects IPv6 addresses with upper case A-F.
Anonymous
09:10 AM Bug #7151 (Feedback): Interface Group Name hint is misleading
Applied in changeset commit:351ef3ef2ac1bbcfb0643a5efc46a3970d06d78c. Phillip Davis
12:05 AM Bug #7151: Interface Group Name hint is misleading
Assuming the real requirement is what is in the validation code, I updated the front-end GUI text in:
https://github... Phillip Davis
09:07 AM Bug #7119: Changing LAGG attributes results in a panic/crash
Here, it still panics + dumps + reboots same as it did originally. Jim Pingle
01:01 AM Bug #7119: Changing LAGG attributes results in a panic/crash
To be more precise: pfSense does not exactly "crash", as it is still ping-able. And SSH shells that were open from be... Rolf Sommerhalder
09:06 AM pfSense Packages Bug #6968 (Rejected): Snort VRT Rules Fail to automatically update SSL read error
Jim Pingle
05:09 AM pfSense Packages Bug #6968: Snort VRT Rules Fail to automatically update SSL read error
Upstream server issue, has nothing to do with pfSense. Close please. Kill Bill
08:32 AM Bug #7150 (Feedback): shell option before 1st reboot/wizard - can't login
It should be fixed on next round of snapshots Renato Botelho
07:50 AM Bug #6967: DH Groups 22, 23, 24 missing from Phase 2 selection GUI
Applied in changeset commit:0be9d722226790674bd35c8087286442e5766232. Anonymous
07:48 AM Bug #6967 (Feedback): DH Groups 22, 23, 24 missing from Phase 2 selection GUI
Anonymous
05:43 AM Bug #7121 (Resolved): freshclam.conf advanced editing, configuring value of "Checks" has no effect on crontab entry
Renato Botelho
05:13 AM Bug #7121: freshclam.conf advanced editing, configuring value of "Checks" has no effect on crontab entry
All that could be done here is fixed with https://github.com/pfsense/FreeBSD-ports/pull/254 and https://github.com/pf... Kill Bill
04:51 AM Bug #7149: igb driver queue related crashes
On Supermicro SuperServers 5018D-FN8T with X10SDV-TP8F motherboards, that feature six igb and two ix NICs, we experie... Rolf Sommerhalder

01/22/2017

10:33 PM Bug #7154: firewall_nat_edit JS function check_for_aliases()
I suspect the requirement might be:
If the user enters a port alias in any of destination from/to (dest begin, des... Phillip Davis
10:27 PM Bug #7154 (Resolved): firewall_nat_edit JS function check_for_aliases()
The code in this function seems to be ineffective. e.g. it has sequences like:
@
if ($('#dstbeginport_cust').val... Phillip Davis
05:26 PM Bug #7153 (Resolved): pkg-utils.inc - register_all_installed_packages() does not handle packages that are missing XML
After seeing "Running last steps of Status_Traffic_Totals installation" on every reboot, I did some digging into the ... Kill Bill
10:57 AM Bug #6852: Commit 8f86722 breaks DHCPv6 leases status page
does reverting this commit in 2.3.3 with a patch (i dont know how) fix this its really annoying not having this popul... Michael Kellogg
10:01 AM Bug #7147: pfsense-utils.inc - is_ipaddr_configured() does not work properly with some IPv6 formats
I'll take this one. Luiz Souza
03:52 AM Bug #7147: pfsense-utils.inc - is_ipaddr_configured() does not work properly with some IPv6 formats
Yes, option (c) is the most flexible - let users put in whatever format they like (within reason) and deal with it in... Phillip Davis
03:32 AM Bug #7147: pfsense-utils.inc - is_ipaddr_configured() does not work properly with some IPv6 formats
I'd rather avoid input validation here. Would just upset users for no good reason. Kill Bill
03:17 AM Bug #7147: pfsense-utils.inc - is_ipaddr_configured() does not work properly with some IPv6 formats
There are a few approaches to a full fix throughout the system:
a) Catch this at input validation, always store a "c... Phillip Davis
03:08 AM Bug #7147: pfsense-utils.inc - is_ipaddr_configured() does not work properly with some IPv6 formats
PR https://github.com/pfsense/pfsense/pull/3414 should fix the particular bug reported here and make a start on fixin... Phillip Davis
02:28 AM Bug #7147: pfsense-utils.inc - is_ipaddr_configured() does not work properly with some IPv6 formats
Yeah, they definitely should be compressed before comparing. I hit this case since I've copied the local LAN IP from ... Kill Bill
02:18 AM Bug #7147: pfsense-utils.inc - is_ipaddr_configured() does not work properly with some IPv6 formats
Net_IPv6 validation allows compressed addresses that are not strictly in the "correct" compressed form.
e.g.
2001:2... Phillip Davis
09:58 AM Bug #7152 (New): Unbound / DNS Resolver issue if "Register DHCP static mappings in the DNS Resolver" set before wildcard DNS custom options
Tested on:
2.3.2-RELEASE-p1 (amd64)
built on Tue Sep 27 12:13:07 CDT 2016
FreeBSD 10.3-RELEASE-p9
To create ... Rudolph Sand
08:04 AM Bug #7151 (Resolved): Interface Group Name hint is misleading
On the Interface Groups Edit page, Group Name field, it says "No numbers or spaces are allowed. Only characters: a-zA... Phillip Davis
06:03 AM Bug #7150 (Resolved): shell option before 1st reboot/wizard - can't login
_(Posted "on forum":https://forum.pfsense.org/index.php?topic=124335.0 and confirmed by another user)_
Default cle... Stilez y
02:55 AM Bug #7149 (Resolved): igb driver queue related crashes
Some 2.4 installations tend to crash out of nowhere related to igb driver queues.
Setting... Anonymous

01/21/2017

05:41 PM Feature #4242: Two Factor or OTP Authentication for Admin Interface
Ping. I'd love this as a built in feature! I'm using the local database and dont want to get into managing another sy... Dan Journo
12:03 PM Bug #5993: dhcp6c not started until an RA received
I installed the additional patch that Martin provided to address the request for changes. I've tested both patches to... Daryl Morse
09:38 AM Bug #7086: stale zfs file systems
Fresh install worked without problems. Can't say anything about the original problem, not enough knowledge in that ar... Anonymous
08:50 AM Bug #7148 (Duplicate): Spoofed mac addresses on VLAN interfaces apply to the same physical interface
I was replacing a virtual machine with a physical pfSense box. In effort to minimize the change experienced by the ne... Øyvind Hvidsten
04:15 AM Bug #6099: igmpproxy does not recognize upstream interface
You can find the sources to build the FreeBSD/pfSense package at: https://github.com/pfsense/FreeBSD-ports/tree/devel... Harald Gutmann
 

Also available in: Atom