pfSense

03/03/2017

10:53 PM Bug #6937 (Feedback): Inbound traffic on enc0 is not creating a state with mobile IPsec

New changes were made to handle this issue. Waiting on JimP comments. Luiz Souza

10:51 PM Bug #7015 (Feedback): IPsec not working behind NAT

Fixed in latest update. Luiz Souza

07:57 PM Bug #7272: 6rd not functioning on 2.4.0-BETA

Hi guys,
I'm just chiming in to ask for this as well. I'm using Charter's 6rd service and was about to open a tick... Will Wainwright

07:56 PM Bug #7206: Authentication Method Used in Bug 6751 Removed by Amazon

Pull #3608 Jason McCormick

07:53 PM Bug #7206: Authentication Method Used in Bug 6751 Removed by Amazon

It helps if I completely reverted the items I changed for the region being added to the zone. Just needed to step awa... Jason McCormick

04:22 PM Bug #7206: Authentication Method Used in Bug 6751 Removed by Amazon

Okay I've done more testing with this and I'm getting more random errors that don't make any sense to me. The same co... Jason McCormick

07:24 PM Revision 1cd02ef7: igmp, fix apply button, remove save button

Pi Ba

03:40 PM Revision adb19456: Adjust fix for ticket #7294 for 2.3.x, it used a setHelp change that was only valid on 2.4.

Jim Pingle

02:17 PM Todo #6944: dhcp6c releasing allocation

Close this one. Martin Wasley

01:16 PM Bug #7339: Dyndns RFC2136 client, don't send updates via TCP.

Tks Jim.. it is clear now...
Eduardo Silva

12:56 PM Bug #7339: Dyndns RFC2136 client, don't send updates via TCP.

You have broken the update by blocking UDP. It performs the _update_ via TCP, but it performs other parts of the acti... Jim Pingle

12:45 PM Bug #7339: Dyndns RFC2136 client, don't send updates via TCP.

Jim:
The packets in the filter log (pfsense 167.61.xxx.xx) shows port 53 UDP output packets insteads TCP.
I make ... Eduardo Silva

07:16 AM Bug #7339 (Rejected): Dyndns RFC2136 client, don't send updates via TCP.

That is an error from your DNS server, not the client.
TCP updates work well from here on 2.3.3.
Search for tha... Jim Pingle

10:15 AM Revision 1008f6fd: Sanitize linebreaks for textarea fields in packages on save (Bug #5306)

Doktor Notor

08:19 AM Bug #7334: SG-1000 Update failure

I still see a failure on update as the PID file is deleted, but it now happens later in the update process.... Anonymous

07:20 AM pfSense Packages Bug #7211 (Resolved): DNS Made Easy ACME script not parsing domain IDs properly

Jim Pingle

12:10 AM pfSense Packages Bug #7211: DNS Made Easy ACME script not parsing domain IDs properly

I got a notification in my install that 0.1.13 was available and saw that those changes were merged into it. After t... Chris Gelatt

06:08 AM Bug #7344: Pfsense should be able to PXE boot directly from ISO file

Jim Pingle wrote:
> If it still doesn't work on 2.4, it will have to wait until FreeBSD fixes it upstream, and then ... Elias Pereira

05:05 AM Bug #7346 (Rejected): favicon is horrible

It's a bugtracker for pfSense software Renato Botelho

01:40 AM Bug #7346 (Rejected): favicon is horrible

you have a nice responsive design website . one of the major points of a responsive design website is phones and tabl... John Doe

04:15 AM Bug #5306: textarea fields should have linebreaks sanitized automatically on save

This is for XML packages:
https://github.com/pfsense/pfsense/pull/3605 Kill Bill

03:50 AM Bug #7338: ME909u-521 missing serial port

Jim Pingle wrote:
> That's what a proper discussion will determine.
On doc.pFsense.com this card is supported but... Giuseppe Ferraiolo

02:19 AM Revision c06d1448: Revert addition of region to zone field

Jason McCormick

02:18 AM Revision b2cb7364: revert parsing of config field for region

Jason McCormick

01:59 AM Revision 42565652: Fix parsing "::/0" as "::/128" on OpenVPN IPv6 Tunnel Remote network

enukane

01:11 AM Revision f51eab94: RAM Disk Settings GUI

Update notice re: log data loss. The log directory is now also backed up.
Group settings to consolidate. NOYB NOYB

03/02/2017

10:14 PM Revision dc064879: phpsessionmanager, use syslog instead of file_notice

Pi Ba

08:22 PM Bug #7206: Authentication Method Used in Bug 6751 Removed by Amazon

Here's a diff on my pfsense fork: https://github.com/pfsense/pfsense/compare/master...jxmx:7206_route53
I don't ha... Jason McCormick

08:08 PM Bug #7206: Authentication Method Used in Bug 6751 Removed by Amazon

Glad you got it working. There shouldn't be anything coding unsafe with base64. Feel free to look through the signatu... Jason McCormick

08:01 PM Bug #7206: Authentication Method Used in Bug 6751 Removed by Amazon

I created new credentials and it worked this time. I'm not sure what went wrong before. Is there any chance that ce... Doug Twitchell

07:59 PM Bug #7206: Authentication Method Used in Bug 6751 Removed by Amazon

You can use the attached PHP script to test r53.class. I just ran everything through its paces and didn't have any is... Jason McCormick

07:57 PM Bug #7206: Authentication Method Used in Bug 6751 Removed by Amazon

NOT THIS ONE Jason McCormick

04:53 PM Bug #7206: Authentication Method Used in Bug 6751 Removed by Amazon

I've looked for evidence that the only Route53 region is US-EAST-1 and I've never been able to find a definitive stat... Jason McCormick

08:39 AM Bug #7206 (New): Authentication Method Used in Bug 6751 Removed by Amazon

Jim Pingle

07:59 PM Bug #7256 (Confirmed): syslogd is not running after installing or uninstalling a package with logging (e.g. tinc, haproxy)

Jim Pingle

07:59 PM Bug #7256: syslogd is not running after installing or uninstalling a package with logging (e.g. tinc, haproxy)

I thought it might be due to it running twice in some cases but even only being run once, for some reason it's not st... Jim Pingle

03:44 PM Bug #7256: syslogd is not running after installing or uninstalling a package with logging (e.g. tinc, haproxy)

2.3.3/2.3.4, really anything after adding the chrooted socket commit to syslogd.
https://redmine.pfsense.org/proje... Kill Bill

03:42 PM Bug #7256: syslogd is not running after installing or uninstalling a package with logging (e.g. tinc, haproxy)

Was this on 2.3.2 or 2.3.3?
It also affects tinc, happens every time it is added or removed on 2.4 Jim Pingle

07:53 PM Revision 956b03cd: Fix 7294 keep full rule description

Signed-off-by: Phil Davis <phil.davis@inf.org>
(cherry picked from commit 680e15baef76a9c598d52d3f2b9ab498077336a8) Phil Davis

07:52 PM Revision fc970ca2: Merge pull request #3570 from phil-davis/fw-rule-desc-7294

Renato Botelho

07:50 PM Revision e850b0a3: Add a function to normalize CR and CRLF-style newlines to Unix LF

See Bug #5306.
(cherry picked from commit 117776e0c01e68a8b65584d86d7b8b56fe75c9d0) Doktor Notor

07:50 PM Feature #7122: Add filters to various dashboard widgets

Note: The traffic graph widget already had a multi-selector box prior to this feature. That box never got changed to ... Phillip Davis

11:49 AM Feature #7122: Add filters to various dashboard widgets

# Interfaces
# Interface Statistics
# Gateways
# System information
# Traffic Graphs
# SMART
I am able ... John Murphy

07:49 PM Revision 79215c03: Merge pull request #3576 from doktornotor/patch-7

Renato Botelho

07:37 PM Revision 4485ad31: Merge pull request #3578 from NOYB/Vendor_MAC_Retention_-_Update

Renato Botelho

07:36 PM Revision 230547af: Services - Status Icon - Sort Order

Make status column sort order work correctly with the icons.
Also refactor get_service_status_icon() output string co... NOYB NOYB

07:36 PM Revision 166c38b2: Merge pull request #3597 from NOYB/Services_-_Status_Icon_-_Sort_Order

Renato Botelho

07:33 PM Revision 6029dbd3: Show PPPoE/PPTP/L2TP uptime on the Interfaces widget (Feature #6032)

(cherry picked from commit dc0f5e46a03e0ea797fb74df03e09c58f44a5c1a) Doktor Notor

07:32 PM Revision 0b222fea: Merge pull request #3595 from doktornotor/patch-14

Renato Botelho

07:31 PM Revision 293724bc: User Manager - Status Icon - Sort Order

Make status column sort order work correctly with the icons.
(2.4, 2.3)
(cherry picked from commit 0fdbaca8f16d0424... NOYB NOYB

07:31 PM Revision 10115ab7: Merge pull request #3596 from NOYB/User_Manager_-_Status_Icon_-_Sort_Order

Renato Botelho

07:29 PM Revision 1401cc3e: certificatemanager, link certificate to the proper CA after completing the CSR request

(cherry picked from commit 7fd7fbcff3304285f4407bec2ae62bab7195bcc4) Pi Ba

07:29 PM Revision 75c91268: Merge pull request #3586 from PiBa-NL/certificatemanager-csr-calink

Renato Botelho

07:25 PM Revision a1147a30: Fix the pkg_call() and set the timeout to a sane value (Bug #6594)

(cherry picked from commit 9c91c7bd747074b8cdaa90e8810f0c2df081f72d) Doktor Notor

07:25 PM Revision a21a36fe: Fix the pkg_call() and set the timeout to a sane value (Bug #6594)

(cherry picked from commit 9c91c7bd747074b8cdaa90e8810f0c2df081f72d) Doktor Notor

07:25 PM Revision f19d785f: Merge pull request #3582 from doktornotor/patch-10

Renato Botelho

05:53 PM Bug #7344 (Rejected): Pfsense should be able to PXE boot directly from ISO file

If it still doesn't work on 2.4, it will have to wait until FreeBSD fixes it upstream, and then we'll pick it up from... Jim Pingle

05:23 PM Bug #7344 (Rejected): Pfsense should be able to PXE boot directly from ISO file

Hello,
I set up in my xenserver a "Cifs ISO Library" to make ISOs available for installations. I downloaded the la... Elias Pereira

05:37 PM Bug #7343: On 2.3.3, Updater reports that the latest version is 0.18_1

I've pushed a fix on pfSense-upgrade 0.19.
pfSense-upgrade was considering its new version as a new firmware versi... Renato Botelho

04:28 PM Bug #7343: On 2.3.3, Updater reports that the latest version is 0.18_1

Updated example of the homepage widget (previous version exposed PII): http://ookla.d.pr/rHOW
Example of the actual ... brennen smith

04:26 PM Bug #7343 (Resolved): On 2.3.3, Updater reports that the latest version is 0.18_1

On pfSense 2.3.3, we are occasionally seeing that the UI is retrieving the latest version of pfSense as 0.18_1 and do... brennen smith

05:34 PM Revision f708e8b7: Update translation files

Renato Botelho

05:34 PM Bug #7345 (Resolved): nanobsd upgrades still fail bacause of lacking resolv.conf

As I wrote in a comment to the closed bug #6557, the upgrade procedure still fails, because copying the source file o... Andrew Hotlab

05:34 PM Bug #6099: igmpproxy does not recognize upstream interface

Rai Wol wrote:
> Rai Wol wrote:
> > Just upgraded to 2.4.
> >
> > Interfaces are recognized correctly. So actual... Lars Veldcholte

11:29 AM Bug #6099: igmpproxy does not recognize upstream interface

Rai Wol wrote:
> Just upgraded to 2.4.
>
> Interfaces are recognized correctly. So actual bug is fixed.
>
> B... Rai Wol

12:06 AM Bug #6099: igmpproxy does not recognize upstream interface

I see the same messages on my system but my streams do not cut out after any time. They are really stable and channel... Philipp Haefelfinger

05:29 PM Revision 75d2dd6c: Regenerate pot

Renato Botelho

04:19 PM pfSense Packages Bug #7342 (Rejected): Acme Certificates option to change the order of certificates is broken

There is an anchor icon saying it will move the checked certificates to it on click. Clicking the anchor with certif... Sam Bingner

04:14 PM pfSense Packages Bug #7341 (Resolved): New certificates fail with nsupdate on the first try

New domains created for ACME fail with the nsupdate method as the nsupdate keys are not created in /tmp/acme/KEYNAME/... Sam Bingner

04:11 PM pfSense Packages Feature #7340 (Resolved): Acme Client nsupdate interface forces a different key-ID for every domain

It would be much more convenient for a large number of domains to assign a DNSSEC update-key to the firewall and allo... Sam Bingner

04:06 PM Feature #4821: PPPoE WANs do not take full advantage of NIC driver queues for receiving traffic

The problem with the patch mentioned in comment 12 was that it was a kludge for igb(4) only, not a fix for the underl... David Wood

04:00 PM Feature #7137 (Duplicate): Add support for Sierra MC7455

Duplicate of #6832 Renato Botelho

02:42 PM Feature #7137: Add support for Sierra MC7455

Now it works
see: https://redmine.pfsense.org/issues/6832 (the same idProduct)
Daniel Ziehmayer

03:41 PM Bug #7336 (Duplicate): syslogd is not running after installing or uninstalling a package with logging (e.g. tinc, haproxy)

How on earth did I miss that one. I'll close this one and update that.
Duplicate of #7256 Jim Pingle

03:32 PM Bug #7336: syslogd is not running after installing or uninstalling a package with logging (e.g. tinc, haproxy)

I filed identical bug about haproxy before - Bug #7256. Yeah, nothing package-specific except for having their own lo... Kill Bill

03:05 PM Bug #7336: syslogd is not running after installing or uninstalling a package with logging (e.g. tinc, haproxy)

The status output works fine when there is data. That said, after installing or uninstalling the tinc package, syslog... Jim Pingle

07:15 AM Bug #7336 (Duplicate): syslogd is not running after installing or uninstalling a package with logging (e.g. tinc, haproxy)

Status page shows no active connections, no info under "Virtual network device statistics, all known nodes, edges and... Vladimir Lind

03:34 PM pfSense Packages Bug #7271: Co-existence of unbound and BIND/named

The work-round I used back in the days of the pfSense 2.2.x BIND port was to call rndc-confgen with the "-p <control ... David Wood

03:00 PM Bug #7339 (Rejected): Dyndns RFC2136 client, don't send updates via TCP.

Hi, when i use dyndns rfc2136 client update, I check "Use TCP instead of UDP", the ouput command nsupdate add correct... Eduardo Silva

02:41 PM Bug #7272: 6rd not functioning on 2.4.0-BETA

Ah, indeed. It would be great if we can get 6rd support committed to upstream FreeBSD. Ed Maste

01:45 PM Bug #7272: 6rd not functioning on 2.4.0-BETA

this is probably related to freebsd 11 not having support for 6rd. in the current pfsense stable version there is a c... William van de Velde

01:41 PM Feature #7327: add working sftp support to sshd daemon

ok apologies for wasting time on this Chris Collins

01:36 PM Feature #7327: add working sftp support to sshd daemon

Admin has never worked for SCP/SFTP and it's been documented that way for years. Always use root or a different accou... Jim Pingle

01:33 PM Feature #7327: add working sftp support to sshd daemon

I had a look and it was missing scp privledges which I added but it had no affect.
Then I found this page
https... Chris Collins

01:08 PM Feature #7327: add working sftp support to sshd daemon

More likely it's related to your account settings / privileges / config but that's all things we should discuss on th... Jim Pingle

01:07 PM Feature #7327: add working sftp support to sshd daemon

Will leave this as it is, and just keep my local system, patched, if you decide you want to look into it, I can work ... Chris Collins

12:58 PM Feature #7327: add working sftp support to sshd daemon

Those all work here. So perhaps it is a configuration issue or a completely different problem. Let's move this to the... Jim Pingle

12:55 PM Feature #7327: add working sftp support to sshd daemon

ok here is output from pfsense sftp client using the default configuration
@root@PFSENSE backup # sftp admin@127.0... Chris Collins

12:49 PM Feature #7327: add working sftp support to sshd daemon

filezilla not working at all
Response: fzSftp started, protocol_version=5
Command: keyfile "F:\Users\Chris\My Doc... Chris Collins

12:45 PM Feature #7327: add working sftp support to sshd daemon

Jim I should clarify the error comes from pfsense SSHD daemon, the client only reports the error sent from the server... Chris Collins

12:23 PM Feature #7327 (Rejected): add working sftp support to sshd daemon

The current setup works in every scp/sftp client we typically see. scp, filezilla, winscp, ultraedit, etc.
We can'... Jim Pingle

12:18 PM Feature #7327: add working sftp support to sshd daemon

Well the current system is broken as well. If you can provide an example on how to test ssh tunneling (I dont use ss... Chris Collins

12:10 PM Feature #7327: add working sftp support to sshd daemon

Yeah, the "internal" SFTP thing was completely broken last time I tried that for #7012 - better not touched. Kill Bill

11:05 AM Feature #7327: add working sftp support to sshd daemon

Testing that change, it breaks our chroot mechanism, and breaks the ssh tunnel only user, in both cases they get more... Jim Pingle

01:33 PM Feature #6032 (Feedback): Show PPPoE uptime on the Dashboard - Interfaces Widget

Renato Botelho

01:32 PM Feature #6032: Show PPPoE uptime on the Dashboard - Interfaces Widget

PR has been merged, thanks! Renato Botelho

01:28 PM Bug #6594 (Feedback): Package reinstallation post-config restore hangs if no Internet connectivity

Pig Monkey wrote:
> Renato Botelho wrote:
> > Which version were you upgrading to?
>
> 2.3.2
It has a fix on ... Renato Botelho

01:27 PM Bug #6594: Package reinstallation post-config restore hangs if no Internet connectivity

Kill Bill wrote:
> Someone test this, perhaps? https://github.com/pfsense/pfsense/pull/3582
>
> Dunno, but it see... Renato Botelho

01:25 PM Revision 877676ee: Use the same cache filename pattern for RFC2136 IPv6 items as used by dyndns

Renato Botelho

01:21 PM Revision 5be33f49: Use | to separate dyndns IPv4 fields on cache file as done by rfc2136 items and for all IPv6 items

Renato Botelho

01:21 PM Revision 474def89: Use the same cache filename pattern for RFC2136 IPv6 items as used by dyndns

Renato Botelho

01:13 PM Revision d51cdd48: Use | to separate dyndns IPv4 fields on cache file as done by rfc2136 items and for all IPv6 items

Renato Botelho

11:26 AM Bug #7323: More user friendly defaults for firewall logs view

Just verified as well, but a little late to the plate it appears. fresh install of CE from 20170302(https://snapshot... John Murphy

09:38 AM Bug #7323 (Resolved): More user friendly defaults for firewall logs view

A fresh install has the column active in the firewall log as expected. Jim Pingle

10:24 AM Bug #7334 (Feedback): SG-1000 Update failure

Fixed on pfSense-upgrade 0.18 Renato Botelho

10:08 AM Bug #7334: SG-1000 Update failure

We experienced the same issue today on an APU board. Looks like GUI stopped tracking pfSense-upgrade json and conside... Renato Botelho

10:07 AM Bug #6750 (Resolved): dhcpleases shouldn't start when DHCP Relay is configured

Looks good. Input validation prevents the incorrect configuration from happening, and even if the incorrect configura... Jim Pingle

10:04 AM Bug #7338: ME909u-521 missing serial port

That's what a proper discussion will determine. Jim Pingle

09:59 AM Bug #7338: ME909u-521 missing serial port

Jim Pingle wrote:
> Please post on the forum to discuss and diagnose the problem. The serial port in your log does n... Giuseppe Ferraiolo

09:46 AM Bug #7338 (Rejected): ME909u-521 missing serial port

Please post on the forum to discuss and diagnose the problem. The serial port in your log does not match the descript... Jim Pingle

09:38 AM Bug #7338 (Rejected): ME909u-521 missing serial port

Hi,
before upgrading pfsense, I was using properly Huawei ME909u-521.
pFsense was create for modem port (/dev/cuaU0... Giuseppe Ferraiolo

09:57 AM Bug #4766 (Resolved): "URL Table (IPs)" and "URL (IPs)" do not work when text file is hosted on a fresh install of pfSense

Works Jim Pingle

09:55 AM Feature #6743 (Resolved): Packet Capture - Filter MAC

Confirmed on a snapshot here, too. Thanks for testing! Jim Pingle

09:27 AM Feature #6743: Packet Capture - Filter MAC

An initial packet capture was taken over the LAN interface to capture a sample of active MAC addresses on the network... John Murphy

09:52 AM Bug #5976 (Resolved): Load cryptodev as a kernel module

Works as expected. Upgrading users that did not have aesni enabled will have cryptodev loaded on upgrade or with a ne... Jim Pingle

09:51 AM pfSense Packages Bug #6748 (Assigned): rrd_fetch_json.php returns html when user is unauthorized (causes "Error: SyntaxError: Unexpected token <")

This works nicely for Status > Monitoring, a similar error happens on the traffic graph widget and Status > Traffic g... Jim Pingle

09:49 AM Feature #7011 (Resolved): Retain vendor MAC address at power up

Works well!
Spoof MAC -> New MAC shows on the interface
Remove spoofed MAC -> Original MAC returns just like we w... Jim Pingle

09:39 AM Bug #7128 (Assigned): system_advanced_network.php - fugly IPv6 over IPv4 input field alignment

As others noted, the formatting is still not quite right. Jim Pingle

09:37 AM Bug #7086 (Resolved): stale zfs file systems

Looks good now, only has a few expected entries. Jim Pingle

08:37 AM Bug #7273 (Resolved): diag_confbak.php: If a user enters 0 for the number of backups to keep, PHP errors occur

That is, indeed, the desired result. :-)
Thanks for testing Jim Pingle

08:35 AM Bug #7273: diag_confbak.php: If a user enters 0 for the number of backups to keep, PHP errors occur

Setting "Backup Count" to zero does not cause any errors visible from the GUI. In fact, it drops all previously stor... John Murphy

08:34 AM Todo #7331 (Resolved): Check OpenVPN server/client option visibility changes per mode

Confirmed fixed here, too, thanks for testing! Jim Pingle

08:09 AM Todo #7331: Check OpenVPN server/client option visibility changes per mode

OpenVPN Client options:
# CRL (Peer Certificate Revocation List?) is not visible when "Server Mode" is set to "Pe... John Murphy

08:27 AM Bug #7337: IP Aliases Limited or Not accepting more than 2,000 IPs.

When I load it in Chrome its cut off in the middle when I have 12 x /24s. I then reloaded it again, and the cut off ... Ken Bean

08:24 AM Bug #7337: IP Aliases Limited or Not accepting more than 2,000 IPs.

I tried with 10 /24 nets = 10 * 256 = 2560 individual entries. It displayed in Firefox 51.0.1, but of course it takes... Phillip Davis

07:37 AM Bug #7337 (Rejected): IP Aliases Limited or Not accepting more than 2,000 IPs.

We do not impose any limits on the number of VIPs, but if you "need" that many than you are most likely designing or ... Jim Pingle

07:28 AM Bug #7337 (Rejected): IP Aliases Limited or Not accepting more than 2,000 IPs.

To Replicate :
Firewall > Aliases > IP > Add
• Name : Anything
• Description : Anything
• Type : Host(s)
In... Ken Bean

08:19 AM Bug #7333: RADIUS accounting packets are broken.

I added some notes to the book and doc wiki articles in question to clarify what options to use.
Thanks! Jim Pingle

08:09 AM Bug #7333: RADIUS accounting packets are broken.

Brandon lockley wrote:
> Regarding the original issue. I think it may still be a bug because highly doubt that is th... Jim Pingle

03:00 AM Bug #7333: RADIUS accounting packets are broken.

Regarding the original issue. I think it may still be a bug because highly doubt that is the intended behavior for St... Brandon lockley

02:42 AM Bug #7333: RADIUS accounting packets are broken.

@jimp - There are some extremely bad articles about FreeRADIUS, such as one suggesting to install some third-party Sa... Kill Bill

05:37 AM Feature #6832: [PATCH] Add the USB ID for the Sierra MC7430

Thank you very much! Jose Luis Duran

04:47 AM Feature #6832: [PATCH] Add the USB ID for the Sierra MC7430

I've cherry-picked it to RELENG_2_4 and RELENG_2_3 Renato Botelho

03/01/2017

08:49 PM Bug #7206: Authentication Method Used in Bug 6751 Removed by Amazon

I tried it, but received an error. Here's the log with redactions:... Doug Twitchell

08:01 PM Revision 6dbc42de: Sync up package help links with current packages.

Many do not yet exist, but can easily be created. Jim Pingle

07:10 PM Revision d9d8a8f1: Sort help URL list.

Jim Pingle

07:06 PM Revision bff872b9: Update help URLs for base system files, remove old/obsolete files.

Jim Pingle

06:55 PM Bug #7333: RADIUS accounting packets are broken.

https://doc.pfsense.org/index.php/Using_Captive_Portal_with_FreeRADIUS
The only setting i changed was "Accounting ... Brandon lockley

06:30 PM Bug #7333 (Not a Bug): RADIUS accounting packets are broken.

What specific settings did you have active before and after? (RADIUS and things like re-authenticate and so on)
An... Jim Pingle

06:18 PM Bug #7333: RADIUS accounting packets are broken.

Seems this is only an issue when "Accounting updates" is set to Start/Stop (Which is the mode specifically recommende... Brandon lockley

12:05 AM Bug #7333 (Not a Bug): RADIUS accounting packets are broken.

Instead of recalculating a users data traffic each minute it seems pfsense is just collecting the data the first minu... Brandon lockley

06:30 PM Bug #7167 (Resolved): Error creating higher VLAN ID on SG-1000

Jim Pingle

04:41 AM Bug #7167: Error creating higher VLAN ID on SG-1000

I've tested the new update and it worked as expected. Client connected to Guest Wifi from Airport Extreme worked on V... Netnewb net

03:15 PM Feature #7193: NTP process PGRMF

In my original config I had GPGGA and PGRMF enabled and it seems that it prefers GPGGA then:... Pär Wedin

04:25 AM Feature #7193: NTP process PGRMF

Pär Wedin wrote:
> I have the hardware to test this and I have enabled the "Process PGRMF" option, but I don't know ... Jack Booth

03:08 PM Feature #4821: PPPoE WANs do not take full advantage of NIC driver queues for receiving traffic

This should definitely be marked as a bug and not a feature.
Has anybody tried the igb driver patch from https://wik... J P

03:03 PM Bug #7335: DNS Forwarder exposed internal DNS Information to the outside world

Hello Mr Pingle,
are you sure about that?
I didnt change the configuration, i just did a update from 2.3.2 to 2... Florian Asche

12:03 PM Bug #7335 (Not a Bug): DNS Forwarder exposed internal DNS Information to the outside world

Please post on the forum for discussion. This is a configuration issue, not a bug. Jim Pingle

12:00 PM Bug #7335 (Not a Bug): DNS Forwarder exposed internal DNS Information to the outside world

Hello dear devops,
im running pfsense 2.3.3. Im using the DNS Forwarder.
In General Setup - DNS Server Settings ... Florian Asche

11:22 AM Bug #6099: igmpproxy does not recognize upstream interface

Just upgraded to 2.4.
Interfaces are recognized correctly. So actual bug is fixed.
But multicast stream still ... Rai Wol

09:28 AM Bug #6099: igmpproxy does not recognize upstream interface

Hi,
I can confirm that the bug fix is working (at least for me: IPTV in Germany, no BNG)
Runs since two weeks wit... Matthias Lange

08:46 AM Bug #6099: igmpproxy does not recognize upstream interface

Can someone confirm its working in 2.4?
Doesn't stop after 3-4 min? Rai Wol

10:08 AM Feature #6626: Support for IPv6 firewall entries with dynamic delegated prefix and static host address

Note I also have the issue with configuring DHCPv6 and RAs and in configuring somme OpenVPN configurations that are i... Frederick Staats

10:07 AM Feature #6626: Support for IPv6 firewall entries with dynamic delegated prefix and static host address

I would also like to see such a feature. My work around currently is to manually create an aliases that contains the... Frederick Staats

06:58 AM Bug #7334 (Resolved): SG-1000 Update failure

Upgrade shows Failure notice after although it completes successfully.
Investigation has shown the upgrade script ... Anonymous

02/28/2017

08:29 PM Revision be4acfd1: Fix up some options in OpenVPN that were not showing for the correct modes. Fixes #7331

Jim Pingle

07:28 PM Revision 2c98383f: Add GUI components for loading cryptodev as a module, and upgrade code so users have it on upgrade since it was in-kernel before. Fixes #5976

Having both aesni and cryptodev loaded at the same time appears to only negatively impact performance, no gains, so a... Jim Pingle

06:25 PM Revision 88aceb25: In a stock/default config.xml, show firewall rule descriptions in a column. Fixes #7323

Previous performance and display issues do not appear to be a problem any longer. See https://redmine.pfsense.org/iss... Jim Pingle

05:35 PM Revision 6aa85955: Finish MAC address matching for packet capture. Implements #6743

Jim Pingle

05:26 PM Bug #5993: dhcp6c not started until an RA received

The new patches address issues 7145 and 7185. The other issue I was thinking of is 6944 (DHCP no release), but it has... Daryl Morse

01:02 PM Bug #5993: dhcp6c not started until an RA received

Definitely no, but the original problem for which this issue was raised has been fixed by a PR that was merged previo... Daryl Morse

12:15 PM Bug #5993: dhcp6c not started until an RA received

Daryl, are you saying the marjohn56 patches are no longer needed? → luckman212

12:12 PM Bug #5993: dhcp6c not started until an RA received

Renato Botelho wrote:
> Not finished yet
This issue has been fixed in both 2.3.3 release and 2.4.0 beta. Daryl Morse

04:16 PM Feature #7332 (Resolved): Provide certificate expiry warning

Just logged into one of my HP MSM controllers and was warned about certificates that are about to expire. This would ... Michael Newton

03:33 PM Feature #7193: NTP process PGRMF

I have the hardware to test this and I have enabled the "Process PGRMF" option, but I don't know what to look for. Ca... Pär Wedin

02:40 PM Todo #7331 (Feedback): Check OpenVPN server/client option visibility changes per mode

Applied in changeset commit:be4acfd167788719d16b795d5491646fd88bd23f. Jim Pingle

02:30 PM Todo #7331 (Resolved): Check OpenVPN server/client option visibility changes per mode

Some options are not quite correct on OpenVPN clients and servers. In particular:
OpenVPN Client options that shou... Jim Pingle

01:42 PM Bug #5976: Load cryptodev as a kernel module

Had to look up POLA :)
In case I wasn't the only one:
https://en.m.wikipedia.org/wiki/Principle_of_least_astonishment → luckman212

01:32 PM Bug #5976: Load cryptodev as a kernel module

I just pushed a GUI change to add it in as a choice next to aesni. Testing revealed no benefit to having both aesni a... Jim Pingle

12:54 PM Bug #7330: IPv6 Prefix is deleted on PPPoe reset, but not reapplied.

Ah... Sorry!
The interesting Logs are all 04:* ... I somehow missed to truncate the 19:* entries.... Michael Zieher

12:23 PM Bug #7330 (Resolved): IPv6 Prefix is deleted on PPPoe reset, but not reapplied.

On boot all adresses are correctly assigned.
On PPPoe reconnect (by provider or by clicking disconnect and connect i... Michael Zieher

12:37 PM Bug #7323: More user friendly defaults for firewall logs view

I changed the default value in the stock config.xml rather than trying to do any sort of complicated shuffling of con... Jim Pingle

12:30 PM Bug #7323 (Feedback): More user friendly defaults for firewall logs view

Applied in changeset commit:88aceb2573acab8fbc7e4d467e31280f701ba9cd. Jim Pingle

11:40 AM Feature #6743 (Feedback): Packet Capture - Filter MAC

Applied in changeset commit:6aa85955fc074d9d35de782c32f7363391b945df. Jim Pingle

11:33 AM Feature #6743: Packet Capture - Filter MAC

I'll take this, it wasn't too difficult to implement, I've got a working set of changes to push. Jim Pingle

09:33 AM Bug #7329 (Closed): DHCP Not Updating DNS

The DHCP server setting "Register DHCP leases in DNS forwarder" does register the host in the DNS server. However, i... Jon Noren

09:24 AM Feature #7327: add working sftp support to sshd daemon

Ok I will submit later today and for the script that generates.
The client is flashfxp. Chris Collins

08:43 AM Bug #7328: Allow several connections with the same gateway (no load balancing, but Multi-WAN)

Actually most of the discussions about it I read end with "discussed hundreds of times" and no real reason. Coming fr... Robin Lutz

08:38 AM Bug #7328: Allow several connections with the same gateway (no load balancing, but Multi-WAN)

It is not valid at the operating system level because FreeBSD doesn't support having two interfaces in the same subne... Jim Pingle

08:35 AM Bug #7328: Allow several connections with the same gateway (no load balancing, but Multi-WAN)

Why not? What is "valid"? Valid in a technical sense, or valid in a pf-sense, or valid in a "community support" sense?
Robin Lutz

08:25 AM Bug #7328 (Rejected): Allow several connections with the same gateway (no load balancing, but Multi-WAN)

You cannot have two interfaces on the same subnet. It is not a valid configuration. Jim Pingle

08:15 AM Bug #7328 (Rejected): Allow several connections with the same gateway (no load balancing, but Multi-WAN)

I am not sure how load balancing works and it is not my goal to implement. May main goal is to use both of my cable m... Robin Lutz

08:06 AM pfSense Packages Bug #6305: Quagga problems updating routes / mistakenly showing "kernel"-routes while they are not

Looks like Zebra sets RTF_PROTO1 flag on the routes it installs in the routing table.
So I assume in order to get... Hanno Stock

06:47 AM Bug #7269 (Not a Bug): syslogd stops logging

Jim Pingle

06:38 AM Bug #7269: syslogd stops logging

The segfaults occur, when a "clog" file gets truncated like: ... Robin Lutz

02/27/2017

09:51 PM Revision 82cd6022: phpsessionmanager, this helps starting and committing the php session preventing other requests from being blocked longer than required.

Pi Ba

07:51 PM Feature #6240: vxlan driver

+1 Stéphane Lapie

06:48 PM pfSense Packages Bug #7211: DNS Made Easy ACME script not parsing domain IDs properly

Should be fixed once https://github.com/pfsense/FreeBSD-ports/pull/318 is pulled. Pi Ba

11:39 AM Feature #7327: add working sftp support to sshd daemon

What client does not work?
It looks like the internal method is preferred now, that line in our config hasn't chan... Jim Pingle

11:31 AM Feature #7327 (Rejected): add working sftp support to sshd daemon

A very trivial change is required to have sftp support working. The existing code sftp fails in my ftp client.
At... Chris Collins

11:27 AM Bug #7326: Unbound fails to start during rc.wanipchange when using large enough dns lists

attaching file again, first one is wrong Chris Collins

11:23 AM Bug #7326 (Resolved): Unbound fails to start during rc.wanipchange when using large enough dns lists

Current pfsense code manually kills unbound, waits just one second and then starts it again, however if unbound doesn... Chris Collins

10:28 AM Bug #7323: More user friendly defaults for firewall logs view

Nice timings. ;) Just for a giggle, I tried with Alix and 2.3.3: the times are ~ 6.5s with 50 lines and ~25s with 500... Kill Bill

09:40 AM Bug #7323: More user friendly defaults for firewall logs view

It is worth noting that the above numbers were with a minimal ruleset, it would be worth repeating the test with a mo... Jim Pingle

09:34 AM Bug #7323: More user friendly defaults for firewall logs view

I had initially insisted that option default to off because it was horribly slow on ALIX and other low-end platforms ... Jim Pingle

02:41 AM Bug #7323 (Resolved): More user friendly defaults for firewall logs view

One of the 'Display as column' or 'Display as second row' options should be the default. From the forums, it's very m... Kill Bill

07:15 AM Bug #5592: fsck sometimes fails to repair filesystem automatically, resulting in Panic: ufs_dirbad bad dir ino ... mangled entry

There are fixes in 2.3.3 for fsck, see #6340
That is a potentially a different problem from this, however, but hop... Jim Pingle

07:10 AM Bug #5592: fsck sometimes fails to repair filesystem automatically, resulting in Panic: ufs_dirbad bad dir ino ... mangled entry

Is it fixe now in 2.3.3? Or we again need to run into single user mode in order to run the fsck command? Julien REVERT

05:45 AM Bug #7325 (Closed): IPsec VPN Phase2 assigned with idem reqid routing a other VPN Phase2

before create new vpn ipsec :... Thierry Laurier

03:39 AM Bug #7324 (Resolved): DHCPv6 Dynamic DNS hostname

According to 2.3.3 New Features and Changes it is now possible to force a Dynamic DNS hostname in DHCP/DHCP6 Server ... Bogdan P

02:49 AM Revision 9eb0a09c: Merge pull request #3588 from phil-davis/widget-filter-all-fix

Steve Beaver

02:49 AM Revision 7067e174: Fix #7317 Widget Filter All button

Phil Davis

02:22 AM Revision 1e7aedce: Merge pull request #3589 from phil-davis/patch-12

Jim Pingle

02:13 AM Revision 39079706: Fix #7300 provide default value for ipprotocol for old rules

Phil Davis

02:13 AM Revision 1877e4d9: Fix #7300 provide default value for ipprotocol for old rules

Phil Davis

02:13 AM Revision 882d248d: Merge pull request #3573 from phil-davis/patch-9

Jim Pingle

01:38 AM Revision e660ca55: Merge pull request #3581 from phil-davis/patch-11

Steve Beaver

01:22 AM Revision ad4913d7: Merge pull request #3550 from phil-davis/patch-5

Steve Beaver

12:09 AM Revision 446505a9: Services - Status Icon - Sort Order

Make status column sort order work correctly with the icons.
Also refactor get_service_status_icon() output string co... NOYB NOYB

02/26/2017

10:52 PM Revision 61ea29be: Fix #7299 and other stuff

As far as I can see, filter_generate_user_rule() is always supposed to be called with 'ipprotocol' set to 'inet' or '... Phil Davis

10:52 PM Revision 568b607a: Fix #7299 and other stuff

As far as I can see, filter_generate_user_rule() is always supposed to be called with 'ipprotocol' set to 'inet' or '... Phil Davis

10:51 PM Revision ae6c16ef: Merge pull request #7299 from phil-davis/patch-7

Jim Pingle

09:57 PM Revision 0fdbaca8: User Manager - Status Icon - Sort Order

Make status column sort order work correctly with the icons.
(2.4, 2.3) NOYB NOYB

09:36 PM Revision dc0f5e46: Show PPPoE/PPTP/L2TP uptime on the Interfaces widget (Feature #6032)

Doktor Notor

09:00 PM Bug #7317 (Feedback): Widget Filter All button effects all widgets

Applied in changeset commit:c8ebd4d088890adab15eec0c1e83c3a6c08cf7c7. Phillip Davis

12:46 AM Bug #7317: Widget Filter All button effects all widgets

PR https://github.com/pfsense/pfsense/pull/3588 Phillip Davis

12:43 AM Bug #7317: Widget Filter All button effects all widgets

Note: This mostly just looks confusing if users notice it.
If the user clicks All and then Save in the current widge... Phillip Davis

12:42 AM Bug #7317 (Resolved): Widget Filter All button effects all widgets

1) Add 2 widgets to the dashboard that have the capability to filter the displayed data (e.g. System Information and ... Phillip Davis

08:20 PM Bug #7300 (Feedback): Error displaying selected ICMP types for old rules without ipprotocol

Applied in changeset commit:d0e4f6271cae97996fb8495a1578943348780c42. Phillip Davis

08:05 PM Revision 499ac306: Added help text and field visibility controls for Dreamhost DNS.

frank

08:04 PM Revision a71deb5a: Switched API key usage from username to password fields for protection.

This prevents accidentally leaking the Dreamhost API key to casual
router administrators. frank

07:33 PM Revision 7d1b5bd3: Reduce numeric precision in gateways widget to single decimal place (Feature #6841)

Doktor Notor

05:10 PM Bug #7299 (Feedback): Error loading rules for old rule with ICMP type specified

Applied in changeset commit:da57defa02e49ae76a7d397a772467680d5068b2. Phillip Davis

04:43 PM Feature #5510: Need a simple way to enable/disable package-installed services

OK, some update here:
> - a simple tag in the packages service definition pointing to the package configuration va... Kill Bill

03:37 PM Feature #6032: Show PPPoE uptime on the Dashboard - Interfaces Widget

Cool idea.
https://github.com/pfsense/pfsense/pull/3595 Kill Bill

02:33 PM Bug #7322 (Not a Bug): OpenVPN client configuration isn't saved/read well

Please read the note next to the advanced options box.
!http://i.imgur.com/HBrczJs.png! Jim Pingle

02:28 PM Bug #7322: OpenVPN client configuration isn't saved/read well

Yeah, it's not saved correctly because https://redmine.pfsense.org/issues/5306 Kill Bill

02:21 PM Bug #7322 (Not a Bug): OpenVPN client configuration isn't saved/read well

When I have an OpenVPN server in pfSense 2.3.3 with some clients with their own configuration (like in this image htt... WF Budding

02:31 PM Bug #6967: DH Groups 22, 23, 24 missing from Phase 2 selection GUI

This change isn't in 2.3.3 but it's in 2.4. It will most likely stay. Even though they are not recommended they might... Jim Pingle

02:14 PM Feature #7321 (Resolved): DynDNS - Add DreamHost DNS support

I have been a customer of DreamHost (https://www.dreamhost.com/) for many years with several domains and subdomains. ... Frank Gruman

02:14 PM Feature #7315 (Duplicate): Certificates exported from Certificate Manager has no password set

Jim Pingle

02:13 PM Bug #7297 (Resolved): system_certmanager.php: Following a link from a user to add a certificate does not present the "Choose an existing certificate" option

Jim Pingle

02:05 PM Feature #773 (Resolved): CODE for remove unnecesary menu items for users with restrictions.

Jim Pingle

07:27 AM Feature #773: CODE for remove unnecesary menu items for users with restrictions.

Long done, can be closed. Kill Bill

02:04 PM Feature #7099 (Resolved): Make breadcrumbs clickable

Jim Pingle

07:34 AM Feature #7099: Make breadcrumbs clickable

Works. Kill Bill

02:04 PM Todo #7160 (Resolved): Mark Required Fields on GUI Pages

Jim Pingle

07:40 AM Todo #7160: Mark Required Fields on GUI Pages

Works. Kill Bill

01:42 PM Bug #7320 (Rejected): OpenVPN Status shows wrong (old) IP

We show what OpenVPN reports via its management interface. If it's wrong, OpenVPN is reporting it wrong. If you can s... Jim Pingle

01:05 PM Bug #7320 (Rejected): OpenVPN Status shows wrong (old) IP

The local Pfsense is OpenVPN server.
On Dashboard and Status->OpenVPN the shown Remote-Host IP is wrong.
I think it... Grischa Zengel

01:34 PM Feature #6841: reduce numeric precision in Gateways Widget

https://github.com/pfsense/pfsense/pull/3594 Kill Bill

11:34 AM Feature #7318: Dashboard widget filters - provide a "None" option

PR https://github.com/pfsense/pfsense/pull/3593 Phillip Davis

02:04 AM Feature #7318 (Resolved): Dashboard widget filters - provide a "None" option

On a system with a lot of interfaces or whatever entries to display in the dashboard widget, the list can be filtered... Phillip Davis

10:32 AM Revision 54936b49: Fix syntax error in services_wol_edit.php

Phil Davis

07:01 AM pfSense Packages Bug #7319: Tinc uninstall leaves an entry in the firewall rules tab.

https://github.com/pfsense/FreeBSD-ports/pull/317 Kill Bill

05:40 AM pfSense Packages Bug #7319 (Rejected): Tinc uninstall leaves an entry in the firewall rules tab.

After an uninstall of tinc there's still an entry left in the firewall rules tab. Andy Kniveton

06:44 AM Revision c8ebd4d0: Fix #7317 Widget Filter All button

Phil Davis

05:22 AM Bug #3445: Proxy URL behaviour for package list - trailing slash

Apparently no longer an issue due to input validation, the field accepts IP or FQDN only, not URL.
https://github.... Kill Bill

02/25/2017

04:38 PM Revision 7fd7fbcf: certificatemanager, link certificate to the proper CA after completing the CSR request

Pi Ba

02:57 PM Revision 6cc58ae8: Add missing $zone variable

Doktor Notor

02:57 PM Revision e3d5c2e9: Add missing $zone variable

Doktor Notor

02:47 PM Feature #4828: Advanced option to show hidden firewall rules in web gui

I'd like to see this too.
Supposedly there are automatic/invisible rules for passing IPSec, yet my IPSec doesn't w... Sean McBride

02:45 PM Revision c3fb0119: Update BIND zones when adding static DHCP leases if needed (Bug #3710)

Doktor Notor

02:43 PM Revision a207d2c9: Update BIND zones when adding static DHCP leases if needed (Bug #3710)

Doktor Notor

12:47 PM Revision 57dd76d1: Fix #7316 Alias Edit keep pattern, placeholder, title in sync on all rows

Phil Davis

08:46 AM Bug #3710: Adding static DHCP leases doesn't cause BIND zones to update

https://github.com/pfsense/pfsense/pull/3584 Kill Bill

08:23 AM pfSense Packages Bug #6563: Squid still accepts sha1 certificates

It's probably much lower now. Since January, all the major browsers warn upon SHA1 certs. Regardless, the ticket sub... Sean McBride

03:07 AM pfSense Packages Bug #6563: Squid still accepts sha1 certificates

Yeah, last time I checked (~Oct/Nov 2016) an estimate was that ~35% of websites were still using SHA1 certificates. O... Kill Bill

06:54 AM Bug #7316: Fail Boostrap format port in

PR https://github.com/pfsense/pfsense/pull/3583 Phillip Davis

05:27 AM Bug #7316: Fail Boostrap format port in

Pretty sure I already fixed this at least once: https://redmine.pfsense.org/projects/pfsense/repository/revisions/0f1... Kill Bill

04:47 AM Bug #7316: Fail Boostrap format port in

Yes, that field has multiple uses depending if it is an IP, Port or URL alias. It would be nice if the "hover text" c... Phillip Davis

04:33 AM Bug #7316 (Resolved): Fail Boostrap format port in

Incorrect Boostrap format port in Firewall / Aliases / Edit
in
2.3.3-RELEASE (amd64)
built on Thu Feb 16 06:5... David Vicente

06:36 AM Bug #7297: system_certmanager.php: Following a link from a user to add a certificate does not present the "Choose an existing certificate" option

Has the option "Choose an existing Certificate" now (2.4.0.b.20170224.1423) Malcolm Hussain-Gambles

05:02 AM Revision 1ea0460f: Remove another leftover

Doktor Notor

03:31 AM Feature #7315: Certificates exported from Certificate Manager has no password set

Duplicate of Feature #1192 Kill Bill

03:01 AM Feature #7315 (Duplicate): Certificates exported from Certificate Manager has no password set

Certificates exported from Certificate Manager has no password set. I can import such certificate in Firefox certific... Ivars Strazdins

02/24/2017

11:36 PM Bug #6967: DH Groups 22, 23, 24 missing from Phase 2 selection GUI

DH Groups 22-24 are inadvisable:
https://wiki.strongswan.org/projects/strongswan/wiki/IKEv2CipherSuites
Did thi... Sean McBride

11:27 PM pfSense Packages Bug #6563: Squid still accepts sha1 certificates

I don't actually use squid, but given this week's SHA-1 collision https://shattered.it, I thought I'd ping this ticke... Sean McBride

11:21 PM Feature #6842: Package Manager progress bar should indicate overall progress

I upgraded to the new 2.3.3 today and saw this same "dancing". Was going to file a bug, but I'll just +1 this one. :) Sean McBride

11:10 PM Feature #7216: Allow user to choose date display format

And I can't imagine a firewall admin who would work in anything other than ISO 8601 format. :)
But yeah +1 to this... Sean McBride

11:06 PM Bug #7186: Unable to use national symbols in password fo ACB package

It is perhaps noteworthy that US NIST's new password recommendations explicitly state that unicode characters should ... Sean McBride

08:58 PM Bug #4061: dhcpd doesn't send client-hostname to peer, breaking DHCP lease registrations w/HA

Jim Pingle wrote:
> 4.3.5 is in pfSense 2.3.3 and 2.4. Just update and try it.
Ah bummer, I did my testing on 2.3... David Erickson

08:37 PM Bug #7314 (New): Discrepancy in ntp monitoring view

When I go to the Status-monitoring view, and select ntp, there's a discrepancy in the scale and the "hover over" numb... Kristoffer Øyjord

05:20 PM Bug #7299: Error loading rules for old rule with ICMP type specified

The worst thing is that there are no rules loaded and the pfsense is unusable.
Grischa Zengel

04:25 PM Revision 9c91c7bd: Fix the pkg_call() and set the timeout to a sane value (Bug #6594)

Doktor Notor

03:04 PM Bug #7313 (Closed): Crazy behviour of Virtual IP

Hello,
We are using PFSense cluster in our environment (both nodes are running version 2.3.2-p1).
We have are usi... Krzysztof Szczesniak

01:08 PM Bug #7312 (Assigned): Trafic Graph Widget Bug

Jared Dillard

12:47 PM Bug #7312 (Not a Bug): Trafic Graph Widget Bug

I just upgraded to 2.3.3 and noticed that there is an extra interface showing in the traffic graph widget under the D... Kevin Mychal Ong

11:47 AM Revision 00f718d0: Remove unused ntpWidgetUpdateFromServer() from NTP widget

I don;t see where this is used at all. Nothing seems to break if I remove it. Phil Davis

10:56 AM Revision 00a952af: Fix NTP widget to show server time (Issue #7245)

Doktor Notor

10:26 AM Bug #6594: Package reinstallation post-config restore hangs if no Internet connectivity

Someone test this, perhaps? https://github.com/pfsense/pfsense/pull/3582
Dunno, but it seems to me someone has mis... Kill Bill

06:36 AM pfSense Packages Todo #7311 (Rejected): Lightsquid queries

Jim Pingle

01:57 AM pfSense Packages Todo #7311: Lightsquid queries

This is a bug tracker, not a support forum. Kindly use https://forum.pfsense.org/ for discussions. Kill Bill

04:57 AM Revision 9a3ec9a5: Implemented Dreamhost ISP dynamic DNS updates.

Dreamhost does not allow direct record updates through their API.
Records must be deleted and then added. Unfortunat... frank

04:50 AM Revision b11c8ef6: Added Dreamhost and Dreamhost V6 to list of DYNDNS services.

frank

02/23/2017

11:17 PM pfSense Packages Todo #7311 (Rejected): Lightsquid queries

Hello All,
i have some query in pf sense
I want to see the user’s website visit log by user base. Currently IP... PS System

09:36 PM Revision 7038116e: Vendor MAC Retention - Update

Only write if changed or missing.
Vast majority of reboots will not have a change so don't hit the file system with ... NOYB NOYB

09:16 PM Bug #4061: dhcpd doesn't send client-hostname to peer, breaking DHCP lease registrations w/HA

4.3.5 is in pfSense 2.3.3 and 2.4. Just update and try it. Jim Pingle

08:52 PM Bug #4061: dhcpd doesn't send client-hostname to peer, breaking DHCP lease registrations w/HA

It looks like this may have been fixed upstream in version 4.3.5, is this something that could be easily tested? Hap... David Erickson

05:09 PM Revision 69860ee4: Fix #5976: build cryptodev as a module

Renato Botelho

03:45 PM Revision 27bc5848: Fix #7306 Correctly filter log widget entries by interface description

Phil Davis

02:17 PM Bug #6594: Package reinstallation post-config restore hangs if no Internet connectivity

Renato Botelho wrote:
> Which version were you upgrading to?
2.3.2 Pig Monkey

11:35 AM Bug #6594: Package reinstallation post-config restore hangs if no Internet connectivity

Pig Monkey wrote:
> I was just hit by this as well. In my case I am preparing to replace a device at a remote site. ... Renato Botelho

11:34 AM Bug #6594: Package reinstallation post-config restore hangs if no Internet connectivity

Kevin Wojniak wrote:
> I'm running into this right now. Not a big network guy, just trying to replace our small busi... Renato Botelho

01:04 PM Revision 117776e0: Add a function to normalize CR and CRLF-style newlines to Unix LF

See Bug #5306. Doktor Notor

12:28 PM Feature #6743: Packet Capture - Filter MAC

Jim Pingle wrote:
> This is already partially done, commit:151b4e35eead8d1b1a9ccd1d1c3b3c4fb0e6620a
>
> Though th... Clinton Cory

11:46 AM Feature #6743: Packet Capture - Filter MAC

This is already partially done, commit:151b4e35eead8d1b1a9ccd1d1c3b3c4fb0e6620a
Though the calls to is_macaddr() c... Jim Pingle

12:18 PM pfSense Packages Bug #7310: Packages pre-deinstall script removes temporary files used by pkg

Duplicate of Bug #7229. Kill Bill

12:11 PM pfSense Packages Bug #7310 (Resolved): Packages pre-deinstall script removes temporary files used by pkg

Upgrading from 2.3.3 to 2.4 removes Snort from the drop-down.
During the upgrade process I see this:... Clinton Cory

11:20 AM Bug #5976 (Feedback): Load cryptodev as a kernel module

Applied in changeset commit:69860ee4f5ff9f1e5b87bc6fdcb6dfea66062726. Renato Botelho

11:16 AM Bug #7309 (Resolved): ZFS - Can't find zroot, error 5

Using the latest 2.4 factory ADI image.
When rebooting after installing pfSense with ZFS, the file-system isn't ge... Clinton Cory

11:10 AM Bug #7308 (Resolved): ZFS installer - check storage capabilities

ZFS installer fails on the SG-2220 due to the small size of the internal storage (4 GB). The default swap size in ZFS... Clinton Cory

11:05 AM Bug #7307 (Closed): ZFS installer - shuts down instead of rebooting

Using the following image: pfSense-netgate-memstick-ADI-2.4.0-BETA-amd64-latest.img (downloaded today)
When perfor... Clinton Cory

10:53 AM Bug #6370: IPSEC bound to WAN gateway group and Dynamic DNS doesn't to fail back tunnel to WAN on DDNS update

I too have this issue in 2.3.2. Internet fails back to primary interface but IPsec does not always fail back to prima... Josh H

10:00 AM Bug #2896: IPsec failover may not fully attach to new interface address

Im still seeing this issue in 2.3.2 and the "Force IPsec reload on failover" option under advanced ipsec settings is ... Josh H

09:49 AM Bug #7306: Log widget filter interface selection does not work when interface description is not the default

PR https://github.com/pfsense/pfsense/pull/3577
This currently does not work on 2.3.3 and 2.4-BETA and I suppose i... Phillip Davis

09:44 AM Bug #7306 (Resolved): Log widget filter interface selection does not work when interface description is not the default

1) Put some rules with logging on an interface(s)
2) Change the description of those interface(s) from LAN, WAN OPT1... Phillip Davis

08:54 AM Revision 81b1b44a: Redmine #7301 Put dot after the word break

Signed-off-by: Phil Davis <phil.davis@inf.org> Phil Davis

08:25 AM Bug #6318: IPsec dashboard widget causes GUI failure

Nick Wenos wrote:
> We are also having what appears to be the same issue running on version 2.3.2 As a side affect ... Eric Machabert

07:23 AM Bug #3681 (Closed): Email notifications don't work with IPv6-only SMTP servers

Jim Pingle

07:01 AM Revision 138e79d4: Redmine #7301 Provide word-break opportunity for dynamic DNS host names

Signed-off-by: Phil Davis <phil.davis@inf.org> Phil Davis

05:49 AM Revision d0e4f627: Fix #7300 provide default value for ipprotocol for old rules

Phil Davis

05:47 AM Bug #7305: widget "squid antivirus status"

/usr/local/share/clamav-db is NOT the path to the ClamAV DB for anything but boxes with the /var ramdisk madness. (An... Kill Bill

05:18 AM Bug #7305 (Resolved): widget "squid antivirus status"

the widget is using the old path for clamav db "/var/db/clamav"
you must modify the file /usr/local/www/widgets/widg... sylvain sylvain

05:17 AM Bug #5306: textarea fields should have linebreaks sanitized automatically on save

Is there any plan to finally do something about this, or should I start filing bugs for individual pages, starting wi... Kill Bill

04:56 AM Revision da57defa: Fix #7299 and other stuff

As far as I can see, filter_generate_user_rule() is always supposed to be called with 'ipprotocol' set to 'inet' or '... Phil Davis

04:29 AM Bug #6650: Option needed to disable HSTS

Another thing, if the pfSense GUI is behind a reverse proxy (in my case Nginx) you can't enable HSTS on Nginx as it w... Brett Montgomery

03:53 AM Bug #7265 (Not a Bug): Service dpinger does not start after upgrade from 2.3.3 to 2.4.0-Beta

Renato Botelho

03:40 AM Feature #7304 (Resolved): DHCP: Enable OMAPI Config

There's currently no method to configure DHCP OMAPI settings other than modifying dhcpd.conf directly. Torben Hørup

03:16 AM Bug #7303 (New): ipv6 connectivity lost on pfSense reboot

We get everything working, start up pingers to ipv4 and ipv6, then reboot pfSense. We expect all connectivity to be r... Chris Severance

01:05 AM Bug #7301: Dynamic DNS status widget formatting for medium with browser window.

PR https://github.com/pfsense/pfsense/pull/3574 Phillip Davis

12:24 AM pfSense Packages Bug #7302 (Resolved): Acme AWS/Route 53 DNS Verification fails

With the shipping package for acme the acme.sh script for DNS verification with AWS has a bug which is essentially ht... Josh Brauer

02/22/2017

11:57 PM Bug #7301 (Resolved): Dynamic DNS status widget formatting for medium with browser window.

Long host/domain names do not line wrap causing IP address to be past margin with horizontal scroll bar. Same will p... NOYB NOYB

11:54 PM Bug #7300: Error displaying selected ICMP types for old rules without ipprotocol

PR https://github.com/pfsense/pfsense/pull/3573 Phillip Davis

11:46 PM Bug #7300 (Resolved): Error displaying selected ICMP types for old rules without ipprotocol

1) Upgrade from a config that has an old rule that:
a) does not have 'ipprotocol' in its config (from the days be... Phillip Davis

11:28 PM Bug #7290: Dynamic DNS Widget, RFC2136 entries show red even when the cached IP address is correct

On 2.3.3
Vertical bar is being used in the cache files as the delimiter. Dnydns and widget are exploding on colon.
... NOYB NOYB

10:59 PM Bug #7299: Error loading rules for old rule with ICMP type specified

https://github.com/pfsense/pfsense/pull/3572 has a more general fix that should catch any other ways that rules from ... Phillip Davis

10:41 PM Bug #7299: Error loading rules for old rule with ICMP type specified

https://github.com/pfsense/pfsense/pull/3571 for minimal fix to this particular problem. Phillip Davis

10:35 PM Bug #7299 (Resolved): Error loading rules for old rule with ICMP type specified

1) Have an old config with a rule that specifies Protocol ICMP and ICMP type "Echo Request" (for example)
The old... Phillip Davis

06:17 PM Revision 27d15a21: Fixed typo in $POST/$_POST

Steve Beaver

06:11 PM Revision e35d7d0e: Fixes #7296

HTML tags not allowed in selector option values
(cherry picked from commit 57f4327a60c0cabf43161a6cfde98479b42a7092)... Steve Beaver

06:11 PM Revision 8dbde62f: Fixes #7296

HTML tags not allowed in selector option values
(cherry picked from commit 57f4327a60c0cabf43161a6cfde98479b42a7092) Steve Beaver

06:07 PM Revision 88991880: Remove some unused code from diag_command.php.

Jim Pingle

06:06 PM Revision 57f4327a: Fixes #7296

HTML tags not allowed in selector option values Steve Beaver

05:31 PM Revision 12e3e735: Correct variable name. Fixes #7297

Jim Pingle

05:19 PM Bug #7265: Service dpinger does not start after upgrade from 2.3.3 to 2.4.0-Beta

ok, I found the issue with my system and it seems to work again.
As in my previous post described, the issue had to ... Philipp Haefelfinger

04:10 PM Revision 49a9421d: Check that DHCP registration isn't enabled for DNS forwarder/resolver when disabling DHCP server

(cherry picked from commit e83c9b733c86f39a14a874b115f2b8e0adc952e7) Doktor Notor

04:10 PM Revision 97517b69: Only allow the DHCP registration options to be enabled when DHCP server is enabled as well

(cherry picked from commit c6d03f09e035806dca8ac3314b41a3eaf523ab3f) Doktor Notor

04:09 PM Revision 7ff16d90: Only allow the DHCP registration options to be enabled when DHCP server is enabled as well

(cherry picked from commit 13fca9bcb3fdecfb6f9707e621b49f89569abfd7) Doktor Notor

04:07 PM Revision 809022b9: Only start dhcpleases if DHCP server is enabled (Bug #6750)

(cherry picked from commit 3d8b01e8c6392b4177572d540c8160c7e6e071ca) Doktor Notor

04:07 PM Revision 7386f8a0: Merge pull request #3568 from doktornotor/patch-7

Renato Botelho

03:38 PM Revision 4be90da5: Merge pull request #3546 from NOYB/Vendor_MAC_Retention_Logic_/_Consolidate

Renato Botelho

03:08 PM Revision 680e15ba: Fix 7294 keep full rule description

Signed-off-by: Phil Davis <phil.davis@inf.org> Phil Davis

02:43 PM Revision 17f622b6: Fixed #7203 by visually separating the legend area

Make legen area fixed rather than AJAX data Steve Beaver

01:36 PM Revision f38f83cd: vslb.inc - Add missing include, use sigkillbyname()

Doktor Notor

01:05 PM Bug #6318: IPsec dashboard widget causes GUI failure

We are also having what appears to be the same issue running on version 2.3.2 As a side affect of php-fpm going down... Nick Wenos

12:46 PM Bug #7298 (Closed): IPv6 on a second interface doesn't work until the router is pinged

I'm using 6rd for IPv6 and have two LAN interfaces both of them configured to Track WAN interface and each has a uniq... Andy Wang

12:42 PM Bug #7296 (Resolved): system_certmanager.php: HTML tags in certificate description drop-down

Anonymous

12:41 PM Bug #7296: system_certmanager.php: HTML tags in certificate description drop-down

Tested via system patches on 2.3.3-R. Looks good here. Chris Linstruth

12:20 PM Bug #7296: system_certmanager.php: HTML tags in certificate description drop-down

Applied in changeset commit:8dbde62f220234c8fcfe472b97cdba606779bc22. Anonymous

12:13 PM Bug #7296: system_certmanager.php: HTML tags in certificate description drop-down

HTML tags are not permitted in selector option values. - Removed and replaced with braces. Anonymous

12:10 PM Bug #7296 (Feedback): system_certmanager.php: HTML tags in certificate description drop-down

Applied in changeset commit:57f4327a60c0cabf43161a6cfde98479b42a7092. Anonymous

11:32 AM Bug #7296 (Confirmed): system_certmanager.php: HTML tags in certificate description drop-down

Also affects 2.4, but see #7297 first (can't test it without the fix I just pushed for that ticket). Jim Pingle

11:00 AM Bug #7296 (Resolved): system_certmanager.php: HTML tags in certificate description drop-down

If you navigate to the Certificate Manager via the User Manager to add a certificate to a user, and select choose an ... Chris Linstruth

12:38 PM Revision aeaf7ad9: Use sigkillbyname() for relayd

Doktor Notor

11:40 AM Bug #7297 (Feedback): system_certmanager.php: Following a link from a user to add a certificate does not present the "Choose an existing certificate" option

Applied in changeset commit:12e3e735d8e0f6f0256175ad73f07a9fd196d1e9. Jim Pingle

11:30 AM Bug #7297 (Resolved): system_certmanager.php: Following a link from a user to add a certificate does not present the "Choose an existing certificate" option

Edit an existing user and click the + to add a certificate and the browser is taken to system_certmanager.php?act=new... Jim Pingle

11:35 AM Bug #7276: 2.3.3 upgrade does not upgrade

It's broken even with snapshots. The goddamn thing reliably bombs out during post-"upgrade" reboot on
@pkg: https:... Kill Bill

11:13 AM Bug #7203 (Resolved): pkg_mgr_installed.php - visually separate the legend

Anonymous

11:02 AM Bug #7203: pkg_mgr_installed.php - visually separate the legend

Works nicely, thanks. Kill Bill

08:50 AM Bug #7203: pkg_mgr_installed.php - visually separate the legend

Applied in changeset commit:17f622b69c9743f7091864fc9977be14ebfff733. Anonymous

08:46 AM Bug #7203 (Feedback): pkg_mgr_installed.php - visually separate the legend

Legend area changed to alert-info class to distinguish it from the package list Anonymous

10:57 AM pfSense Packages Bug #7191: squid package EN-US grammar errors

Fixed in 0.4.36 Kill Bill

10:16 AM Bug #6750 (Feedback): dhcpleases shouldn't start when DHCP Relay is configured

PR has been merged, thanks Renato Botelho

09:14 AM Bug #7294: Lenght of description of firewall rules

PR https://github.com/pfsense/pfsense/pull/3570 Phillip Davis

07:12 AM Bug #7294: Lenght of description of firewall rules

That's a pf limitation. We prefix user rules with "USER_RULE: " (11 chars) then the description and the total length ... Jim Pingle

07:07 AM Bug #7294: Lenght of description of firewall rules

firewall_rules_edit.php
@strncpy($filterent['descr'], $_POST['descr'], 52);@
I wonder why it limits that to 52?
... Phillip Davis

06:54 AM Bug #7294 (Resolved): Lenght of description of firewall rules

When adding or modifying a firewall rule, the description field accept more characters than are saved, so the descrip... Pablo Trincavelli

09:09 AM Feature #7181: Add Top and Add Bottom on Seperator

While this might add some convenience, the same argument could be made for all of the action buttons, and even for mo... Anonymous

09:03 AM Bug #7295 (Resolved): RFC2136 not updating at boot time

Tracking pppoe interface, is not updating after IP change/reboot.
In logs, after forcing a manual update:... Chris Macmahon

04:10 AM Bug #4674: invalid state table entries after WAN IP change

SIP behind pfSense with changing WAN IP address is with this bug *impossible*.
I must delete every day the old states. slu -

02:57 AM Bug #6099: igmpproxy does not recognize upstream interface

Joao Dinis Neves wrote:
> Do you guys know if this is fixed on version 2.3.3.
>
> Thanks.
Read the comment rig... Kill Bill

02:12 AM Bug #6099: igmpproxy does not recognize upstream interface

Do you guys know if this is fixed on version 2.3.3.
Thanks. Joao Dinis Neves

02:30 AM pfSense Packages Bug #7293: dns/bind911 requires TCP_RFC7413 in kernel

Also filed an upstream bug: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=217288 Kill Bill

02:08 AM pfSense Packages Bug #7293 (Resolved): dns/bind911 requires TCP_RFC7413 in kernel

There's a ton of logspam when this kernel option is disabled.
https://forums.freebsd.org/threads/59348/
https://f... Kill Bill

02:04 AM Bug #6481: loading EAP_RADIUS method failed

Smallish update 2.3.2-RELEASE-p1 still suffers from the same problem. Gustav Aspeling

01:23 AM Revision e83c9b73: Check that DHCP registration isn't enabled for DNS forwarder/resolver when disabling DHCP server

Doktor Notor

12:03 AM Revision c6d03f09: Only allow the DHCP registration options to be enabled when DHCP server is enabled as well

Doktor Notor

12:02 AM Revision 13fca9bc: Only allow the DHCP registration options to be enabled when DHCP server is enabled as well

Doktor Notor

12:00 AM Revision 3d8b01e8: Only start dhcpleases if DHCP server is enabled (Bug #6750)

Doktor Notor

02/21/2017

11:40 PM Bug #6860: Monitoring (RRD) graphs return "unknown" step value

Needs step 1800 added: https://forum.pfsense.org/index.php?topic=117036.msg695224#msg695224 Jared Dillard

08:16 PM Revision 7a74d245: Add syslogd shortcuts

Doktor Notor

07:42 PM Revision 726b889b: Fix indentation

Doktor Notor

07:38 PM Revision e3f68ab9: Add syslogd to Status > Services (Feature #4382)

Sort includes, use full path to pkill and remove openntpd while here. Doktor Notor

07:13 PM Revision 8d679b24: Captive portal: fix "Disconnect All" button

(cherry picked from commit 4fb2b17772928f39add5fc0529e94ed07a09de31) Caio Plumbeo

07:13 PM Revision 5b102ac5: Merge pull request #3565 from plumbeo/fix-disconnect-all

Renato Botelho

07:10 PM Revision 17d09ce9: User Manager - Status Icon

Use icon for status rather than textual asterisk to indicate disabled account.
(2.4, 2.3)
(cherry picked from commi... NOYB NOYB

07:10 PM Revision aba74883: Merge pull request #3552 from NOYB/User_Manager_-_Status_Icon

Renato Botelho

07:09 PM Revision fe8fdf94: Merge pull request #3528 from phil-davis/system-information-widget-filter-2_3

Renato Botelho

07:08 PM Revision 3715f2ed: Merge pull request #3527 from phil-davis/breadcrumbs-2_3

Renato Botelho

06:04 PM Bug #6750: dhcpleases shouldn't start when DHCP Relay is configured

https://github.com/pfsense/pfsense/pull/3568 Kill Bill

05:17 PM Feature #5897 (Resolved): Make Alias url table persistent after reboot without internet

Jim Pingle

04:33 PM Feature #5897: Make Alias url table persistent after reboot without internet

This is fixed with https://github.com/pfsense/pfsense/pull/2902 on full installs, and nanobsd is indeed dead.
Saf... Kill Bill

04:56 PM Feature #7292 (New): DynamicDNS configuration does not sync to HA secondary

If DynamicDNS is configured on the HA primary firewall, it's configuration will not be duplicated to the secondary. ... George Phillips

03:28 PM Bug #4855 (Resolved): GroupManager stops working with LDAP after (something?), /usr/sbin/pw exiting w/error

That does appear to be what it was. If it can still be reproduced somehow on 2.4 we can dig in more. Jim Pingle

03:20 PM Bug #4855: GroupManager stops working with LDAP after (something?), /usr/sbin/pw exiting w/error

OK, so this would seem to be caused by the space in groupname - that appears to be handled by input validation now [1... Kill Bill

02:51 PM Bug #4618 (Duplicate): IPv6 "rule expands to no valid combination" when target is IPv4 address

Jim Pingle

02:43 PM Bug #4618: IPv6 "rule expands to no valid combination" when target is IPv4 address

Duplicate of #6265 and fixed with https://github.com/pfsense/pfsense/commit/776b6190d2f98825e93ddc320c3e99f24ce5b08f Kill Bill

02:37 PM Bug #4536 (Duplicate): 1:1 NAT should not allow IPv6 addresses

Duplicate of #6927 (already resolved) Jim Pingle

02:33 PM Bug #4536: 1:1 NAT should not allow IPv6 addresses

This was fixed with https://github.com/pfsense/pfsense/pull/3299, can be closed. Kill Bill

01:43 PM Feature #4382: Add syslogd as a service under Status > Services

https://github.com/pfsense/pfsense/pull/3567 Kill Bill

01:18 PM pfSense Packages Feature #5434 (Resolved): Let's Encrypt pfSense support

Jim Pingle

01:10 PM pfSense Packages Feature #5434: Let's Encrypt pfSense support

Merged, done. Kill Bill

01:03 PM Feature #3763: GUI: Packages: add 'non supported' or 'experimental' field

Eh... Broken packages should be fixed or removed. The Status (alpha/beta/rc/stable) column is gone altogether with th... Kill Bill

12:42 PM Feature #1455: Voucher manager only user

Seems like it's been there for a while?
WebCfg - Services: Captive Portal Voucher Rolls
WebCfg - Services: Captiv... Kill Bill

12:27 PM Revision 4fb2b177: Captive portal: fix "Disconnect All" button

Caio Plumbeo

11:32 AM Bug #7291 (Resolved): save and force update on rfc 2136

Must have been factory, that change wasn't synchronized yet. Done now, next snap will be fine. CE was already good. Jim Pingle

11:31 AM Bug #7291: save and force update on rfc 2136

Factory Chris Macmahon

11:30 AM Bug #7291: save and force update on rfc 2136

Factory or CE? Jim Pingle

11:29 AM Bug #7291: save and force update on rfc 2136

2.4.0.b.20170220.1014 Today's build Chris Macmahon

11:24 AM Bug #7291 (Feedback): save and force update on rfc 2136

Are you on a current snapshot? If so, what date? This is fixed on the latest snapshot already. See commit:d54107b1b16... Jim Pingle

11:16 AM Bug #7291 (Resolved): save and force update on rfc 2136

When clicking save and force update no actions happen.
Changing arbitrary fields, click save and force update, no ... Chris Macmahon

11:10 AM Feature #4068: CAs present on CERT manager are not trusted from pfSense

Just submitted a pull request to resolve this issue:
https://github.com/pfsense/pfsense/pull/3558
Working now on ... Ross Williams

09:13 AM Feature #6753: Interfaces list order not consistent

Erm, people, it's already done, the sorting is back. Kill Bill

08:53 AM Feature #6753: Interfaces list order not consistent

robi robi wrote:
> +1 for making the interfaces list sorted alphabetically by their DESCRIPTION (NAME) defined in /i... Jens Groh

08:32 AM Bug #7290 (Resolved): Dynamic DNS Widget, RFC2136 entries show red even when the cached IP address is correct

The Dynamic DNS Widget reports that RFC2136 entries are not updated (entry is red) even when the cached IP address is... Jim Pingle

08:30 AM Bug #6884: "Reboot" option should be under "System" menu, not "Diagnostics"

Here's a mock up of that do to with the orphaned "Logout" button, changing it to an "Actions" menu. https://github.co... Kill Bill

08:19 AM Revision f1981374: GitSync - Remove your personalizations

NOYB NOYB

07:28 AM Feature #7245 (Resolved): NTP widget shows client time instead of server time

Jim Pingle

07:24 AM Feature #7245: NTP widget shows client time instead of server time

Fix confirmed on real HW.... Thanks! Charlie m

07:01 AM Bug #7238: Menu layout broken when using "Hostname in Menu" with long hostnames

Daniel Subert wrote:
> Things to fix this (and make the menu less cluttered) could be:
> - Add an option to change/... Kill Bill

06:22 AM Bug #7288: The field 'Distinguished name Organization' contains invalid characters

Kind of duplicate. It's status has been changed to resolv and that's not a solution for this problem! (neither for th... Marcel Hellwig

04:55 AM Bug #7288: The field 'Distinguished name Organization' contains invalid characters

Duplicate of Bug #6432. Kill Bill

04:47 AM Bug #7288 (Needs Patch): The field 'Distinguished name Organization' contains invalid characters

I'd like to create a certificate which "Organizational Unit" contains a german form of organisation, namely @GmbH & C... Marcel Hellwig

06:21 AM Bug #6432: Relative distinguished names should accept unicode during CA creation.

If you look at the associated revisions you'll see, that he only wants @A-Z, a-z, space, underscore, and dash@
Th... Marcel Hellwig

06:21 AM Bug #7276: 2.3.3 upgrade does not upgrade

I've already did changes on pfSense-upgrade to force it to upgrade (or even downgrade) pfSense-repo package. Lets tak... Renato Botelho

04:29 AM Bug #7276: 2.3.3 upgrade does not upgrade

My workaround for that was switching to development then back to stable.
Procedure at https://forum.pfsense.org/inde... Phillip Davis

04:14 AM Bug #7276: 2.3.3 upgrade does not upgrade

So now it doesn't even find the final release upgrade... and I'm not alone with that: https://forum.pfsense.org/index... Kill Bill

04:51 AM Bug #7289 (New): Generating 4096bit Certificate

When I try to create a 4096bit Certificate a receive a @504 Gateway Timeout@. Netherless the Certificate will be gene... Marcel Hellwig

02/20/2017

10:32 PM Bug #6223: IPsec + OpenBGPD fails with "PF_KEY socket: No buffer space available"

I'm also seeing this issue over Ovpn site to site tunnels with static keys on 2.3.2-RELEASE-p1 (i386). The remote sit... Wade Blackwell

10:27 PM pfSense Packages Bug #7278: Suricata Service - Advanced Configuration Pass-Through not working

I will make some time to check into this. I had not realized the Advanced Pass-Through code was missing in Suricata.... Bill Meeks

08:42 PM Feature #7287 (New): NTP add support for ACTS ref clock

Add support for driver 18 ACTS ref clock.
PR https://github.com/pfsense/pfsense/pull/3562 Jack Booth

05:58 PM Bug #7286 (Incomplete): OpenVPN client is unreliable when you have multiple tunnels

I've installed a new pfSense router to route my (Gigabit) WAN connection. My goal was to have it setup such that it b... Viktor Petersson

03:57 PM Revision d54107b1: Fix "Save and Force" action

Steve Beaver

03:28 PM Revision 9267c6c9: Remove newline in error msg

Steve Beaver

03:18 PM Revision 32048df9: Spelling

Steve Beaver

03:16 PM Revision 85ea9d46: Fixed #7231

This avoids the problem rather than fixing it by requiring the user to remove any queues from the if before deleting Steve Beaver

01:52 PM Revision 6378ef45: Add Chinese (Taiwan) to the list of available languages

Renato Botelho

01:51 PM Revision b08a1871: Update translation files

Renato Botelho

01:49 PM Revision 11e77c98: Regenerate pot

Renato Botelho

01:42 PM Revision 68b21600: Merge pull request #3533 from phil-davis/fw-rules-iface-selector

Steve Beaver

01:18 PM Revision 1744b805: Merge pull request #3557 from jskyboo/dev

Jim Pingle

01:10 PM Revision c090afd2: Merge pull request #3553 from doktornotor/patch-1

Jim Pingle

11:45 AM Revision a6b610cb: Typo fix

Doktor Notor

09:20 AM Bug #7231 (Feedback): Web UI does not properly remove priq shaping rules when deleting an interface which causes subsequent rule failures without warning in the UI

Applied in changeset commit:85ea9d468ed5ac21a207554a53d4638f4b7547c9. Anonymous

07:50 AM Bug #7231 (Assigned): Web UI does not properly remove priq shaping rules when deleting an interface which causes subsequent rule failures without warning in the UI

Traffic shaper queue test has been added to the validation when deleting an interface. The user must now delete any q... Anonymous

07:54 AM Feature #4083 (Resolved): Replace GET by POST

Marking this as resolved. Any further conversions, or the replacement of anchor tags with buttons tags can be opened ... Anonymous

07:52 AM Bug #6958 (Resolved): services_dhcp_relay.php: Needs to be converted to more recent rowhelper standard

Anonymous

07:42 AM Bug #7254 (Feedback): Selection from long tab list that uses dropdown does not POST correctly

Fixed via Phil D PR Anonymous

07:39 AM Bug #7262 (Closed): pkg_edit.php - Method Form_Group::__toString() exception with rowhelperfields with a total width >10

Anonymous

07:11 AM Feature #7245 (Feedback): NTP widget shows client time instead of server time

PR Merged Jim Pingle

06:34 AM Bug #7285 (Duplicate): Wrong state with old pppoe WAN IP address (Static Port)

Jim Pingle

02:38 AM Bug #7285: Wrong state with old pppoe WAN IP address (Static Port)

Duplicate of Bug #4674 Kill Bill

01:25 AM Bug #7285 (Duplicate): Wrong state with old pppoe WAN IP address (Static Port)

Firewall / NAT / Outbound -> Hybrid Outbound NAT rule generation.
Static port for Source/Destination udp/5060 interf... slu -

02/19/2017

06:10 PM Revision 6e2f015a: Fix nginx certificate permissions (Bug #6862)

Doktor Notor

05:07 PM Bug #7277 (Resolved): Drag/Drop a LAN Rule Followed by Save Makes Unwanted Changes

Anonymous

05:01 PM Bug #7277: Drag/Drop a LAN Rule Followed by Save Makes Unwanted Changes

Ah yes. That's much better. Thanks. NOYB NOYB

05:48 AM Bug #7277: Drag/Drop a LAN Rule Followed by Save Makes Unwanted Changes

You are right. - Sorry.
Working fix has now been pushed. Anonymous

04:51 PM Revision b0837ceb: Request PD even if no interfaces are set to track6 (Bug #4544)

See https://redmine.pfsense.org/issues/4544#note-4 Doktor Notor

02:11 PM Bug #1916 (Resolved): LDAP Authentication ignores user naming attribute

Jim Pingle

01:48 PM Bug #1916: LDAP Authentication ignores user naming attribute

Certainly works just fine now. Kill Bill

01:30 PM Feature #7204: Router Advertisements: Option to not advertise default routes

Sounds like another duplicate of Bug #6237 Kill Bill

01:29 PM Bug #6541: IPv6 RAs always include on-link prefix; clients may not use DHCPv6 managed addresses

Are you talking about this? Bug #6237
Kill Bill

01:26 PM Feature #7284 (Resolved): NTPd Autoset GPS device baud rate

It would be nice to have the option to attempt to auto configure the baud rate for a GPS device.
Useful if you don't... Jack Booth

01:24 PM Bug #6408 (Duplicate): NTP ACL settings page can't be updated

Jim Pingle

01:21 PM Bug #6408: NTP ACL settings page can't be updated

Duplicate of Bug #6454 and already fixed. Kill Bill

01:23 PM Bug #6418 (Resolved): NTP changes for system.inc

Yeah that's been correct for a while.
Fixed by commit:daed7646d7e8e5d555676299ce660408b490ef81 from PR https://githu... Jim Pingle

01:15 PM Bug #6418: NTP changes for system.inc

Jos van de Ven wrote:
> There is a bug in system.inc in generating the custom access restrictions:
>
> [...]
> T... Kill Bill

01:19 PM pfSense Packages Bug #7283 (Duplicate): Update ntopng to 2.4.2017.01.20

Jim Pingle

01:11 PM pfSense Packages Bug #7283: Update ntopng to 2.4.2017.01.20

Apologies - I did check, but missed it. This is a duplicate of #7247. Andrew -

01:08 PM pfSense Packages Bug #7283 (Duplicate): Update ntopng to 2.4.2017.01.20

Hi. There's an updated port of ntopng available - 2.4.2017.01.20_1 - see https://www.freshports.org/net/ntopng
Ple... Andrew -

01:18 PM Bug #6666 (Duplicate): IPV6 Log Spam?

Jim Pingle

12:58 PM Bug #6666: IPV6 Log Spam?

Rick Strangman wrote:
> Does this mean that the DHCVP daemon is restarting every 2 seconds or is it just log file sp... Kill Bill

12:58 PM Bug #7076 (Duplicate): Packets accepted by IP but rejected because "Allow IP options" is disabled are not logged

See #4383 Jim Pingle

12:45 PM Bug #7076: Packets accepted by IP but rejected because "Allow IP options" is disabled are not logged

Sorry, but this is on purpose. See https://redmine.pfsense.org/issues/4383
(Certainly a whole LOT worse the other ... Kill Bill

12:56 PM Bug #6854 (Rejected): webconfig error with LDAP authenticated users for certmgr

There isn't any reason that section would act differently. If someone manages to reproduce it, start a forum thread t... Jim Pingle

12:17 PM Bug #6854: webconfig error with LDAP authenticated users for certmgr

-1. I've been creating CAs and certs with AD "Administrator" user logged in, for years. Certainly not reproducible as... Kill Bill

12:44 PM Revision 472f121b: Allow PGRMF for Custom GPS type.

Jack Booth

12:11 PM Bug #6862: mode 0444 for /var/etc/cert.crt leads to nginx crit error: 13: Permission denied

https://github.com/pfsense/pfsense/pull/3560 Kill Bill

12:07 PM Revision bd74b2ec: Fix ublox parsing.

Jack Booth

11:46 AM Revision 285aa44d: Save tab value (if) in HTML

Steve Beaver

11:29 AM Bug #7112 (Resolved): Traffic Graphs resets graph when browser tab changes

Jim Pingle

11:27 AM Bug #7112: Traffic Graphs resets graph when browser tab changes

Merged in 2.3.3 and 2.4, can be closed. Kill Bill

11:12 AM Bug #7265: Service dpinger does not start after upgrade from 2.3.3 to 2.4.0-Beta

Sorry for my delay. I was not at home these days.
I tried restarting the service. If I try to restart the service ... Philipp Haefelfinger

11:07 AM Bug #7282 (Closed): ESXi 6.5 SCSI errors on 2.4

No problems here with ESX 6.5.
Even if there were, that isn't an area we touch. Reproduce it with a stock FreeBSD ... Jim Pingle

10:43 AM Bug #7282 (Closed): ESXi 6.5 SCSI errors on 2.4

Installed the 20170219044210 build on my ESXi box, using the LSI Parallel driver and a single 8GB drive, and I'm gett... Demetrius Cassidy

10:53 AM Bug #4544: PD not requested if no interfaces set to track6

https://github.com/pfsense/pfsense/pull/3559 Kill Bill

10:42 AM Feature #7251: JavaScript & CSS are cached too aggressively by browsers, add URL fingerprint or other cache control mechanism

Works here as well. Yay, finally! Kill Bill

10:04 AM Feature #5850: Limit "WebCfg - System: User Manager page" privilege to non-admins and non-admin groups

I guess the system could limit a user1 with "WebCfg - System: User Manager page" privileges to be only able to grant ... Phillip Davis

07:50 AM Feature #7281 (New): OpenVPN: Add support for IPv6 dynamic prefix selection

When WAN is obtaining an IPv6 prefix that allows multiple prefix IDs (i.e. smaller than /64), allow selection of an I... Anonymous

12:45 AM Revision 77408e61: Fix net.inet.ip.random_id tunable description (Bug #6087)

Doktor Notor

02/18/2017

10:24 PM Revision 7c40255c: Fixed #7277

Steve Beaver

10:21 PM Bug #7277: Drag/Drop a LAN Rule Followed by Save Makes Unwanted Changes

Not fixed.
Not sure how $pconfig = $_POST would be expected to fix this. $pconfig is not used anywhere in firewal... NOYB NOYB

04:30 PM Bug #7277: Drag/Drop a LAN Rule Followed by Save Makes Unwanted Changes

Applied in changeset commit:7c40255c3a101e848580b22482d90022683b1c60. Anonymous

04:25 PM Bug #7277 (Feedback): Drag/Drop a LAN Rule Followed by Save Makes Unwanted Changes

Fixed.
Thanks for reporting. Anonymous

03:55 PM Bug #7277 (Resolved): Drag/Drop a LAN Rule Followed by Save Makes Unwanted Changes

Dragging and dropping a rule on the LAN tab to change order followed by a Save results in rules being duplicated on L... Chris Linstruth

09:50 PM Revision c4a6015b: Disallow IPv6 for RADIUS server.

See https://redmine.pfsense.org/issues/4154. No need for users to waste their time with debugging packets black hole. Doktor Notor

08:11 PM pfSense Packages Bug #7278: Suricata Service - Advanced Configuration Pass-Through not working

Well the above should give you a hint on what to add where. LOL. :-P
This package is actively maintained by https:... Kill Bill

07:48 PM pfSense Packages Bug #7278: Suricata Service - Advanced Configuration Pass-Through not working

LMFAO~!
Is there a workaround you can suggest?
Thanks for the update!
Michael Strasner

07:21 PM pfSense Packages Bug #7278: Suricata Service - Advanced Configuration Pass-Through not working

OK... So, this is the code that's handling that in Snort:
https://github.com/pfsense/FreeBSD-ports/blob/devel/secur... Kill Bill

06:11 PM pfSense Packages Bug #7278: Suricata Service - Advanced Configuration Pass-Through not working

> This is just ... mess.
Interesting wording, that's what I thought of the feature.
Description
* Issue: A... Michael Strasner

05:07 PM pfSense Packages Bug #7278: Suricata Service - Advanced Configuration Pass-Through not working

Please, use the @pre@ button to post code/command output. This is just unreadable mess. Kill Bill

04:52 PM pfSense Packages Bug #7278 (Resolved): Suricata Service - Advanced Configuration Pass-Through not working

* Issue: *Advanced Configuration Pass-Through not working* under pfSense > Services > Suricata > Edit Interface Setti... Michael Strasner

07:30 PM Bug #7280 (Not a Bug): pfSense-CE-2.4.0 20170218 fails to boot in ESXi 6.5 host.

Jim Pingle

06:54 PM Bug #7280: pfSense-CE-2.4.0 20170218 fails to boot in ESXi 6.5 host.

Figured it out. It goes into a reboot loop if you set the boot option to boot from EFI instead of BIOS. The looping e... Demetrius Cassidy

06:44 PM Bug #7280 (Not a Bug): pfSense-CE-2.4.0 20170218 fails to boot in ESXi 6.5 host.

I just downloaded the latest nightly, pfSense-CE-2.4.0-BETA-amd64-20170218-1625.iso.gz, but attempting to install it ... Demetrius Cassidy

06:29 PM Bug #7279 (Duplicate): VLAN Trash Icon not working - Cannot delete VLAN entry

Duplicate of #7270 Jim Pingle

06:27 PM Bug #7279 (Duplicate): VLAN Trash Icon not working - Cannot delete VLAN entry

Hi,
Upon creating a test VLAN via Interfaces -> Assignments -> VLAN -> Add
I cannot remove the VLAN. I have inspe... James Webb

05:13 PM Feature #5850: Limit "WebCfg - System: User Manager page" privilege to non-admins and non-admin groups

Timon Esser wrote:
> privilege to manage only non-admins and certain groups.
That wouldn't make any sense as ther... Kill Bill

05:08 PM Feature #5813: Replacement of layer7 filter

Perhaps use Snort and OpenAppID. Kill Bill

05:03 PM Bug #5539 (Resolved): rc.firmware - cut does not cut it...

Jim Pingle

04:57 PM Bug #5539: rc.firmware - cut does not cut it...

/etc/rc.firmware and all the related code is gone from 2.4. Irrelevant bug. Kill Bill

04:39 PM Feature #5083: Allow bridge members to be hidden from menu

Duplicate of Feature #2386 (and yeah, it's extremely annoying.) Kill Bill

04:26 PM Bug #1629: invalid state table entries after WAN IP change

Luke Hamburg wrote:
> it's been removed?? Can anyone confirm?
No, not removed. Adding a relevant PR link:
htt... Kill Bill

04:23 PM Bug #4674: invalid state table entries after WAN IP change

Can someone look into this? Sounds to me like the ordering here is indeed just wrong.
Kill Bill

04:12 PM Feature #4399: Expose more of the DNSSEC-related hardening options in the GUI

Unless someone wants to these to the GUI, this can be closed. Kill Bill

04:03 PM Bug #4218: Bridge does not have AUTO_LINKLOCAL flag

Can someone fix the misleading subject? If does have link-local IPv6 just fine here, what's missing is the AUTO_LINKL... Kill Bill

03:51 PM Feature #4154: Support for RADIUS authentication over IPv6

After wasting my time once again with hitting the same issue and seeing the total ignorance of the issue by PHP devs,... Kill Bill

03:45 PM Feature #7259 (Duplicate): Automatic Rollback of Unsucessful changes

Jim Pingle

03:21 PM Feature #7259: Automatic Rollback of Unsucessful changes

Duplicate of Feature #3895 Kill Bill

03:45 PM Feature #3393 (Resolved): AS filtering support in aliases

Jim Pingle

03:11 PM Feature #3393: AS filtering support in aliases

Creating aliases using AS numbers is available in pfBlockerNG. Kill Bill

03:44 PM Bug #3210 (Rejected): Upgrade to 2.1 fails: Something went wrong when trying to update the fstab entry

Jim Pingle

03:07 PM Bug #3210: Upgrade to 2.1 fails: Something went wrong when trying to update the fstab entry

Irrelevant bug, close please. Kill Bill

03:44 PM Feature #7242 (Duplicate): SSL Include CA Certs

Jim Pingle

03:34 PM Feature #7242: SSL Include CA Certs

Yeah, it's indeed a duplicate of Bug #4068 which at least describes the issue in a comprehensible way. Kill Bill

03:43 PM Bug #3139 (Closed): pkg-utils function stop_packages causes Syntax error bad fd number with more than one script file.

Jim Pingle

03:05 PM Bug #3139: pkg-utils function stop_packages causes Syntax error bad fd number with more than one script file.

Fixed with https://redmine.pfsense.org/projects/pfsense/repository/revisions/6186cdc4be779b37df38e875c76faa5f6d671baa... Kill Bill

02:56 PM Feature #2869 (Resolved): LDAP user authentication backend doesn't support membership lookups by querying the group

Yeah that's been in place for some time now Jim Pingle

02:55 PM Feature #2869: LDAP user authentication backend doesn't support membership lookups by querying the group

Not exactly sure what's missing here:
!https://i.imgsafe.org/8b4756c868.png!
Kill Bill

02:51 PM Feature #2743 (Resolved): Add external interface selector to UPnP Settings

Jim Pingle

02:47 PM Feature #2743: Add external interface selector to UPnP Settings

Already done for quite some time. Close, please. Kill Bill

02:50 PM Feature #2687 (Resolved): Allow GIF interfaces to work with IP aliases

Jim Pingle

02:43 PM Feature #2687: Allow GIF interfaces to work with IP aliases

GIF can use IP aliases just fine with 2.3+. Kill Bill

02:49 PM Feature #2580 (Closed): Include AICCU

Jim Pingle

02:38 PM Feature #2580: Include AICCU

Can be just safely closed. No new sign-ups with SixXS since 2016.
https://www.sixxs.net/signup/
https://www.sixxs... Kill Bill

02:32 PM Bug #2247 (Resolved): Misleading security permission

Jim Pingle

02:23 PM Bug #2247: Misleading security permission

Merged, can be closed. Kill Bill

09:25 AM Feature #7275: Add help text for DNS Made Easy

Mentioning the Pull Request is good enough. I usually paste the whole link to it, like this:
https://github.com/pfse... Phillip Davis

07:52 AM Bug #7276: 2.3.3 upgrade does not upgrade

After *Round 5* (same output as Round 4 and another reboot later), the next generation thing by some huge miracle act... Kill Bill

07:01 AM Bug #7276: 2.3.3 upgrade does not upgrade

*Third round of pkg idiocy*, now pkg getting more schizo, first wants to reinstall itself, then changes its mind, fir... Kill Bill

04:20 AM Bug #7276 (Resolved): 2.3.3 upgrade does not upgrade

Really starting to lose my patience with pkg. :-X... Kill Bill

03:25 AM Revision ff45928a: Added help descriptions for DNSMadeEasy

Jeremy Nelson

02:00 AM Revision 0b22f1cd: Fix NTP widget to show server time (Issue #7245)

This is a couple of seconds late depending on how much stuff people have on dashboard, but at least displays the serv... Doktor Notor

02/17/2017

11:19 PM Bug #7166 (Resolved): During bandwidth test 4860 with 2.4 got Fatal trap 12: page fault while in kernel mode

Fixed. Luiz Souza

11:11 PM Bug #7166: During bandwidth test 4860 with 2.4 got Fatal trap 12: page fault while in kernel mode

Thank you again Constantine!
I'll upstream this fix. Luiz Souza

05:39 AM Bug #7166: During bandwidth test 4860 with 2.4 got Fatal trap 12: page fault while in kernel mode

I updated 4860 on last firmware and made tests. And I got very good result.
There is not problem with performance an... Constantine Kormashev

11:19 PM Bug #7149 (Resolved): igb driver queue related crashes

Fixed. Luiz Souza

11:16 PM Bug #7272: 6rd not functioning on 2.4.0-BETA

Please, check #7176 too (probably related) Luiz Souza

11:57 AM Bug #7272 (Resolved): 6rd not functioning on 2.4.0-BETA

Currently running on a SG-1000:
2.4.0-BETA (arm)
built on Thu Feb 16 08:46:33 CST 2017
FreeBSD 11.0-RELEASE-p7
... Ed Maste

10:59 PM Bug #7167: Error creating higher VLAN ID on SG-1000

Constantine, I cannot reproduce these issues.
I can use VLANs on LAN interface (but need to add the default pass r... Luiz Souza

09:30 PM Feature #7275: Add help text for DNS Made Easy

I guess I'm not sure what I should do next - do I need to link this to Github pull request 3554 somehow, and/or mark ... Jeremy Nelson

09:28 PM Feature #7275: Add help text for DNS Made Easy

I didn't know if I should directly make a pull request to master, and quite frankly, I'm not all that familiar with g... Jeremy Nelson

08:41 PM Feature #7275: Add help text for DNS Made Easy

@Jeremy, since you know exactly what data should go in the fields, it will be easy if you go to:
https://github.com/... Phillip Davis

08:29 PM Feature #7275 (Resolved): Add help text for DNS Made Easy

src/usr/local/www/services_dyndns_edit.php
domainname field: Add "DNS Made Easy: Dynamic DNS ID (NOT hostname)"
u... Jeremy Nelson

09:18 PM Revision 64d53c69: Fixed #7274

Steve Beaver

08:01 PM Feature #7245: NTP widget shows client time instead of server time

https://github.com/pfsense/pfsense/pull/3553 Kill Bill

07:56 PM Revision edd88334: User Manager - Status Icon

Use icon for status rather than textual asterisk to indicate disabled account.
(2.4, 2.3) NOYB NOYB

06:25 PM Revision 3057a2ba: Fix handling of 0 for Backup Count. Fixes #7273

Jim Pingle

05:48 PM Revision 4e2d287c: Regenerate pot

Renato Botelho

05:39 PM Revision f30c7697: Update translation files

Renato Botelho

03:23 PM Bug #7274 (Resolved): status_ipsec.php: connect/ikedisconnect/childdisconnect actions still use GET, not POST

Looks good to me, everything is using POST now Jim Pingle

03:20 PM Bug #7274 (Feedback): status_ipsec.php: connect/ikedisconnect/childdisconnect actions still use GET, not POST

Applied in changeset commit:64d53c6939c0e81cc0e53631006a1b2fc4af4b0a. Anonymous

01:52 PM Bug #7274 (Resolved): status_ipsec.php: connect/ikedisconnect/childdisconnect actions still use GET, not POST

On status_ipsec.php the buttons for connect, ikedisconnect, and childdisconnect actions still use GET, not POST. Addi... Jim Pingle

01:01 PM Bug #6662 (Resolved): pkg_edit.php checkbox alignment issue when using the sethelp xml tag

Anonymous

12:54 PM Bug #6662: pkg_edit.php checkbox alignment issue when using the sethelp xml tag

Long fixed, close please. Kill Bill

12:30 PM Bug #7273 (Feedback): diag_confbak.php: If a user enters 0 for the number of backups to keep, PHP errors occur

Applied in changeset commit:3057a2ba467c5a4bcda3a004f876a43758d6e129. Jim Pingle

12:18 PM Bug #7273 (Resolved): diag_confbak.php: If a user enters 0 for the number of backups to keep, PHP errors occur

On diag_confbak.php the Backup Count text says to use "0" to keep no backups. The form type is 'number' which prevent... Jim Pingle

11:55 AM Revision 4a03ae0a: Fixed #7270

Steve Beaver

07:04 AM pfSense Packages Bug #7271: Co-existence of unbound and BIND/named

Agreed. Move the BIND port instead. Jim Pingle

07:01 AM pfSense Packages Bug #7271: Co-existence of unbound and BIND/named

Yeah, I'd definitely rather move the BIND control port than mess with default ports for a default pfSense resolver th... Kill Bill

05:39 AM pfSense Packages Bug #7271 (Resolved): Co-existence of unbound and BIND/named

Problem: both packages (want to) use same port 953 on 127.0.0.1 for (remote) control. If BIND is installed and enable... Rolf Sommerhalder

06:47 AM Bug #7270 (Resolved): interfaces_vlan.php: Can't delete VLAN

Anonymous

06:15 AM Bug #7270: interfaces_vlan.php: Can't delete VLAN

thank you Dmitry Ivanov

06:00 AM Bug #7270: interfaces_vlan.php: Can't delete VLAN

Applied in changeset commit:4a03ae0a97a58e8526765f8de500edd5ddf7b5a0. Anonymous

05:55 AM Bug #7270 (Feedback): interfaces_vlan.php: Can't delete VLAN

Fixed. Anonymous

04:50 AM Bug #7270 (Resolved): interfaces_vlan.php: Can't delete VLAN

"Delete VLAN" button do nothing Dmitry Ivanov

02:53 AM Bug #7269: syslogd stops logging

With all log files empty, I get an segfault when running syslogd:... Robin Lutz

02:50 AM Bug #7269 (Not a Bug): syslogd stops logging

I am trying to debug #7264 and have the problem that the log files don't recieve any update from syslogd. The last by... Robin Lutz

02:51 AM Bug #7266: SNMP does not listen on IPv6 interface

Sorry. I totaly misread your sentence. -I'll close this- as it will be fixed in 2.4 and is not capable in 2.3 [edit] ... Marcel Hellwig

02:35 AM Bug #7268: System Info Widget "All" button does not work with "Disable the automatic dashboard auto-update check"

Note: "Disable the automatic dashboard auto-update check" is often selected on nanoBSD installs, so nanoBSD users mig... Phillip Davis

02:32 AM Bug #7268 (Resolved): System Info Widget "All" button does not work with "Disable the automatic dashboard auto-update check"

1) In System, Update, Settings, select "Disable the automatic dashboard auto-update check"
2) On the dashboard, clic... Phillip Davis

02:15 AM pfSense Packages Bug #4731: softflowd process gets started twice during bootup

@restart_service_if_running()@ is a completely useless function as designed. The issue is fixed in https://github.com... Kill Bill

12:22 AM Bug #7176: IPv6 Monitor IP does not seem to propagate

The bind address appears to be invalid. Denny Page

02/16/2017

08:27 PM Bug #7176: IPv6 Monitor IP does not seem to propagate

Got to play a little today- This is the error in the log when restarting dpinger.
Feb 16 18:23:01 php-fpm 7... Chris Palmer

06:15 PM Bug #7265: Service dpinger does not start after upgrade from 2.3.3 to 2.4.0-Beta

The log entry doesn't make any sense to me. Please go to Status / Services and restart the dpinger daemon. Then post ... Denny Page

01:53 PM Bug #7265: Service dpinger does not start after upgrade from 2.3.3 to 2.4.0-Beta

If I look at Status -> System logs -> gateways I only see the following message:... Philipp Haefelfinger

04:54 PM pfSense Packages Bug #7267 (Resolved): Status Traffic Totals - Stacked Bar - Scale not high enough

On the Status / Traffic Totals, if you use Bar (Stacked) type, the vertical axis scale is only high enough for the TX... Stuart Wyatt

10:47 AM Bug #6099: igmpproxy does not recognize upstream interface

It seems to be fixed only on devel branch (2.4 only): https://github.com/pfsense/FreeBSD-ports/commits/devel/net/igmp... Luiz Souza

10:07 AM Revision a597e44f: System Info Widget enable All button when disable firmware check is set

If system firmware disablecheck is set, then the click event for the filter "All" button is also not included in the ... Phil Davis

09:17 AM Bug #7264: Multi-WAN with same Gateways: Gateway Monitor causes strange problems

This setup worked for a quite long time. I went back to disable Gateway Monitor over all, but the problems still occu... Robin Lutz

07:11 AM Bug #7262: pkg_edit.php - Method Form_Group::__toString() exception with rowhelperfields with a total width >10

Steve Beaver wrote:
> The disadvantage is that you have to live within the grid. You can have a maximum of 12 column... Kill Bill

06:58 AM Bug #7266: SNMP does not listen on IPv6 interface

The SNMP daemon built into pfSense is bsnmpd, which is not capable of using IPv6 right now.
On 2.4 we have an addi... Jim Pingle

06:47 AM Bug #7266: SNMP does not listen on IPv6 interface

Are we talking about the same net-snmp package? (http://net-snmp.sourceforge.net/)
"SNMP is a suite of application... Marcel Hellwig

06:34 AM Bug #7266 (Rejected): SNMP does not listen on IPv6 interface

It isn't capable.
The net-snmp package, available on pfSense 2.4, does support IPv6 SNMP. Jim Pingle

02:46 AM Bug #7266 (Rejected): SNMP does not listen on IPv6 interface

$ sockstat -4 -l | grep 161
root bsnmpd 13792 6 udp4 192.168.0.1:161 *:*
$ sockstat -6-l | grep ... Marcel Hellwig

05:33 AM pfSense Packages Bug #7263: FreeRADIUS - complete lack of input validation

Hopefully all done.
@Phil: You like to break this kind of things, in case you are bored. :P Kill Bill

05:14 AM Revision df4c21fc: Update services_dyndns_edit.php

xygrec

05:12 AM Revision 74533d41: Update dyndns.class

xygrec

05:06 AM Revision 1bfa0695: Update services.inc

xygrec

02/15/2017

11:52 PM Revision 12516aad: Vendor MAC Retention File Consolidate

Use a single file for vendor MAC retention (vendor_mac).
a) Writes only one file during boot up rather than a file f... NOYB NOYB

11:52 PM Revision 5fbc719b: Vendor MAC Retention File Relocate

Relocate the vendor MAC retention file to /var/db directory.
a) It's more at home here with other network interface ... NOYB NOYB

11:52 PM Revision 537a2bb0: Vendor MAC Restore Logic

Only use the vendor MAC retention file for restoring the vendor MAC when not booting.
a) During boot up the current ... NOYB NOYB

11:52 PM Revision 2c20f47f: Spoof MAC Var Name

Rename 'spoof_mac' var to generic 'mac_addr'.
a) It may be the vendor MAC or a spoofed MAC.
b) Update the comment r... NOYB NOYB

11:40 PM Bug #7265: Service dpinger does not start after upgrade from 2.3.3 to 2.4.0-Beta

Is there anything in the system log for dpinger? Denny Page

05:03 PM Bug #7265 (Assigned): Service dpinger does not start after upgrade from 2.3.3 to 2.4.0-Beta

Jim Thompson

03:13 PM Bug #7265 (Not a Bug): Service dpinger does not start after upgrade from 2.3.3 to 2.4.0-Beta

From the day I upgraded my system to version 2.4.x dpinger did not start anymore and in the list of gateway I only se... Philipp Haefelfinger

08:40 PM Bug #6099: igmpproxy does not recognize upstream interface

I must be extremely dense. Why's this marked as resolved?! Where's a working version available? Kill Bill

09:18 AM Bug #6099: igmpproxy does not recognize upstream interface

Hello,
Okay guys I recognize that one of my latest patches has messed up the behavior earlier. The version that lo... Jorge M. Oliveira

07:30 PM Revision f25c08c9: Check for correct directory

Renato Botelho

07:27 PM Revision d36788b7: Check for correct directory

Renato Botelho

07:27 PM Revision 2c1d42bf: Check for correct directory

Renato Botelho

06:40 PM Revision d50e8445: Fix editing sysctl values.

Jim Pingle

05:53 PM Revision 09ba8bb7: Fixed: #7251

Force JS and CSS files to reload if hte file mtimes change Steve Beaver

05:04 PM Bug #7138 (Assigned): Pfsense wide dhcpv6 client doesn't recognise ifid statement

Jim Thompson

05:04 PM Bug #7254 (Assigned): Selection from long tab list that uses dropdown does not POST correctly

Jim Thompson

05:03 PM Bug #6677 (Assigned): CARP VIPs are configured on disabled interfaces at boot time

Jim Thompson

04:24 PM Revision a86246fb: Add missing space

Renato Botelho

04:24 PM Revision dc2a4fd2: Add missing space

Renato Botelho

02:06 PM Revision aa5f397a: Lead users with Stable repo set to 2.3.3-RELEASE

Renato Botelho

02:05 PM Revision e6d09b74: Welcome 2.3.3-RELEASE

Renato Botelho

02:04 PM Revision 869486a0: Revert "Use devel pkg server while in RC"

Time to RELEASE
This reverts commit 2722f4c257ddd532ad31a4851c4580b3bd667482. Renato Botelho

01:28 PM Feature #4083 (Feedback): Replace GET by POST

All delete, toggle,disable and similar actions have been converted to POST via Javascript
There are two exceptions... Anonymous

01:08 PM Feature #7251 (Resolved): JavaScript & CSS are cached too aggressively by browsers, add URL fingerprint or other cache control mechanism

Seems to work fine. I upgraded a VM that was on a snapshot from before all of the GET/POST conversion and when upgrad... Jim Pingle

12:00 PM Feature #7251: JavaScript & CSS are cached too aggressively by browsers, add URL fingerprint or other cache control mechanism

Applied in changeset commit:09ba8bb752171fe02c67c7983bc8ceeab63f804c. Anonymous

11:55 AM Feature #7251 (Feedback): JavaScript & CSS are cached too aggressively by browsers, add URL fingerprint or other cache control mechanism

Anonymous

11:54 AM Feature #7251: JavaScript & CSS are cached too aggressively by browsers, add URL fingerprint or other cache control mechanism

The above solution seems to work as expected. I have added it to head.inc and foot.inc Anonymous

10:55 AM Revision e3b1ebd2: Make sure OVA_TMP is umounted before start using it

Renato Botelho

10:55 AM Revision bcb6177f: Make sure OVA_TMP is umounted before start using it

Renato Botelho

10:55 AM Revision ca0f9142: Make sure OVA_TMP is umounted before start using it

Renato Botelho

10:20 AM Revision 76dfb0be: Do not try to set old options that were already removed from upstream

Renato Botelho

10:19 AM Revision 5b614dd4: Unset EASYRSA on openvpn23

Renato Botelho

10:19 AM Revision c7408e44: Unset EASYRSA on openvpn23

Renato Botelho

10:19 AM Revision 6eba6abd: Do not try to set old options that were already removed from upstream

Renato Botelho

10:19 AM Revision 5b28306e: Do not try to set old options that were already removed from upstream

Renato Botelho

10:04 AM Bug #7262: pkg_edit.php - Method Form_Group::__toString() exception with rowhelperfields with a total width >10

Well - pfSense uses the Twitter Bootstrap framework for its GUI. That framework uses a grid system with 12 columns an... Anonymous

02:58 AM Bug #7262 (Closed): pkg_edit.php - Method Form_Group::__toString() exception with rowhelperfields with a total width >10

To reproduce:
- take e.g. this file - https://github.com/pfsense/FreeBSD-ports/blob/devel/net/pfSense-pkg-freeradius... Kill Bill

09:47 AM pfSense Packages Bug #7263: FreeRADIUS - complete lack of input validation

https://github.com/pfsense/FreeBSD-ports/pull/308
(Work in progress ATM.) Kill Bill

04:45 AM pfSense Packages Bug #7263: FreeRADIUS - complete lack of input validation

Well, it's not called "free" RADIUS for nothing - validation-free at least. Phillip Davis

03:20 AM pfSense Packages Bug #7263 (Resolved): FreeRADIUS - complete lack of input validation

No input validation whatsoever done anywhere. Nothing, zilch, nada... Kill Bill

08:10 AM Bug #6836: Wrong queue length on "/status_queues.php" page under heavy traffic

I'm experiencing the same issue. Is this being tracked somewhere? My search has come up empty so far. Ronald Trump

06:40 AM Bug #7264 (Not a Bug): Multi-WAN with same Gateways: Gateway Monitor causes strange problems

Using more than one WAN with the same gateway has never been a supported configuration. You can't have two interfaces... Jim Pingle

04:40 AM Bug #7264 (Not a Bug): Multi-WAN with same Gateways: Gateway Monitor causes strange problems

Here is the setup:
Two cable modems from the same provider, one is used for VPN connections, the other one for all... Robin Lutz

05:10 AM Bug #7252 (Resolved): OpenVPN widget, connect time of roadwariors shows a number

Looks good with OpenVPN 2.3 being back Renato Botelho

04:34 AM Feature #3474: Openvpn client-specific-overrides ip conflicts

If we declare ifconfig-pool in custom options, the server doesn't work because of the "server" directive.
We would... Aurélien BONANNI

03:34 AM Bug #7253: LDAP does no longer properly fallback to local auth, obnoxious timeouts, unusable GUI

Yep, usable again. Thanks. Kill Bill

03:27 AM Bug #7253 (Resolved): LDAP does no longer properly fallback to local auth, obnoxious timeouts, unusable GUI

Seems OK after revert Renato Botelho

02/14/2017

09:31 PM Revision 8d58ebae: GET/POST conversion

Steve Beaver

09:16 PM Revision 33ebc875: Fix Apply action

Steve Beaver

09:14 PM Revision 7411a41d: Fix Apply action

Steve Beaver

09:06 PM Revision cbb82e6b: GET/POST conversions

Steve Beaver

08:51 PM pfSense Packages Bug #6404 (Resolved): FreeRADIUS Does Not Start After Upgrade

Jim Pingle

06:59 PM pfSense Packages Bug #6404: FreeRADIUS Does Not Start After Upgrade

Merged and working, can be closed. Kill Bill

08:33 PM Revision 9f2bbdb4: GET/POST conversion

Steve Beaver

07:42 PM Revision 13541a81: GET/POST conversions

Steve Beaver

06:11 PM Revision c946d721: GET/POST conversion - services part 1

Steve Beaver

06:00 PM Revision abdb3547: Update translation files

Renato Botelho

05:42 PM Revision 4f5e3278: Regenerate pot

Renato Botelho

05:26 PM Revision 7b85c9ae: fix colspan background on dark theme

Jared Dillard

05:25 PM Revision 8a90abc5: Add "required field" highlighting

Steve Beaver

05:23 PM Revision 1f3a58e7: fix colspan background on dark theme

Jared Dillard

05:21 PM Revision 44f59761: Add "required field" highlighting

Steve Beaver

05:14 PM Revision 17694a10: fix colspan background on dark theme

Jared Dillard

04:53 PM Bug #7261 (Rejected): pfSense serial console appears unresponsive

Jani,
This is a bug reporter for pfSense in general and it doesn't sound like you have a bug but perhaps an issue ... Jim Pingle

04:38 PM Bug #7261 (Rejected): pfSense serial console appears unresponsive

Hello!
I'd like to report a problem with a brand new pfSense SG-4860 with factory installed firmware:
2.3.2-R... Jani Tuisku

02:44 PM pfSense Packages Bug #6928 (Resolved): freeRADIUS, logging with "Access-Reject" not work in mysql table radpostauth

Renato Botelho

02:38 PM pfSense Packages Bug #6928: freeRADIUS, logging with "Access-Reject" not work in mysql table radpostauth

Merged and working, can be closed. Kill Bill

02:44 PM pfSense Packages Bug #6547 (Resolved): syslog-ng log browser only shows the first few lines

Renato Botelho

02:37 PM pfSense Packages Bug #6547: syslog-ng log browser only shows the first few lines

Works, can be closed. Kill Bill

02:28 PM Bug #7257 (Resolved): Use pfSense-upgrade to check if there is a new firmware upgrade

It works Renato Botelho

02:25 PM Feature #6374 (Resolved): Provide sample server-side logic to report peer's IP address for use with DDNS

What's in the GUI is fine for the purpose it serves. No need to get that complicated for an example. Jim Pingle

11:59 AM Feature #7260 (New): Source OS / p0f Database Missing Modern Operating Systems

Latest FreeBSD: 5.2
Latest Windows: Vista
Latest MacOS: 9.2
No Android, Mac OS X, iOS, macOS, etc. Chris Linstruth

11:25 AM Revision d2e001aa: Only save valid widget locations in config

Some widgets create extra panels, e.g. the widgets that now have the filter functionality. Those panels are processed... Phil Davis

11:24 AM Revision 65bd77d4: Only save valid widget locations in config

Some widgets create extra panels, e.g. the widgets that now have the filter functionality. Those panels are processed... Phil Davis

11:24 AM Revision 40bb19b3: Merge pull request #3545 from phil-davis/patch-6

Renato Botelho

11:22 AM Revision 5952db66: Allow 5 dashboard columns to work

Selecting 1,2,3,4 or 6 dashboards columns results in an exact integer result here and all is good. But 5 columns resu... Phil Davis

11:22 AM Revision 63c0e334: Allow 5 dashboard columns to work

Selecting 1,2,3,4 or 6 dashboards columns results in an exact integer result here and all is good. But 5 columns resu... Phil Davis

11:22 AM Revision 744f5734: Merge pull request #3544 from phil-davis/patch-5

Renato Botelho

10:42 AM Revision 3b07c2b7: Remove $MNT after use

Renato Botelho

10:42 AM Revision cc423d0f: Make sure $MNT is umounted

Renato Botelho

10:42 AM Revision 5371504f: Remove $MNT after use

Renato Botelho

10:41 AM Revision 047620e4: Make sure $MNT is umounted

Renato Botelho

10:37 AM Revision ddd7e7e9: Fix typo in variable name

Renato Botelho

10:37 AM Revision 2f9a3583: Remove schg flag from directories before try to rm them

Renato Botelho

10:36 AM Revision d5b5fd07: Fix typo in variable name

Renato Botelho

10:36 AM Revision 22ab3cb2: Remove schg flag from directories before try to rm them

Renato Botelho

10:27 AM Revision f07da0aa: Fix #7257: Use pfSense-upgrade to look for new versions

Renato Botelho

10:26 AM Revision d7a437ce: Fix #7257: Use pfSense-upgrade to look for new versions

Renato Botelho

10:26 AM Revision ee836314: Fix #7257: Use pfSense-upgrade to look for new versions

Renato Botelho

09:57 AM Revision 621dd536: Only save valid widget locations in config

Some widgets create extra panels, e.g. the widgets that now have the filter functionality. Those panels are processed... Phil Davis

08:09 AM Bug #7243: Openvpn route only first network in IPv4 Remote network(s) to local net

The Internet service provider used by the many subnets are the same as in my company's offices, so solution adding ru... Ivan Pavlov

07:15 AM Bug #7243 (Not a Bug): Openvpn route only first network in IPv4 Remote network(s) to local net

Please post details on a forum thread for discussion. This appears to be a configuration issue, not a bug. Jim Pingle

06:52 AM Bug #7243: Openvpn route only first network in IPv4 Remote network(s) to local net

if server openvpn IPv4 Remote network(s) set to 192.168.0.0/16 оnly after this, routing works on local net to 192.168... Ivan Pavlov

07:44 AM Revision d86cff7f: Allow 5 dashboard columns to work

Selecting 1,2,3,4 or 6 dashboards columns results in an exact integer result here and all is good. But 5 columns resu... Phil Davis

05:28 AM Feature #7011: Retain vendor MAC address at power up

Prefer they be stored in /var/db directory along with some of the other network stuff. Also friendlier for write cyc... NOYB NOYB

05:06 AM Bug #6650: Option needed to disable HSTS

NOYB NOYB wrote:
> What is so difficult about clearing browser cookies?
Nothing except that it's completely usele... Kill Bill

04:54 AM Bug #6650: Option needed to disable HSTS

Kill Bill wrote:
> Most importantly, it makes switching back to HTTP pretty much impossible without stupid browser-s... NOYB NOYB

04:45 AM Bug #7249: firewall_rules.php & firewall_nat.php: Replaces underscores with spaces in aliase names

So what is the actual issue that replacing the underscore with space in the displaying of the rules creates? Is ther... NOYB NOYB

02:28 AM Revision 6a951c86: Merge pull request #3543 from phil-davis/patch-5

Steve Beaver

02:26 AM Revision eb6984fd: Comment typos head.inc

Phil Davis

02/13/2017

10:46 PM Revision 24fc15e6: Fixed DIVIDER issue caused by the addition of msorts to the menu

Steve Beaver

09:23 PM Revision 1a8b6554: GET/POST conversion for status*

Steve Beaver

08:30 PM Revision 7f4268b6: Revisions to GET/POST conversion limiting POSTs to save, apply, and delete functions - Diagnostics

Steve Beaver

07:29 PM Revision 84147b7b: Revisions to GET/POST conversion limiting POSTs to save, apply, and delete functions - Firewall

Steve Beaver

07:21 PM Bug #6687: Secure email fails with private CA

The root issue appears to be #4068. Ross Williams

07:03 PM Bug #6687: Secure email fails with private CA

I am interested in implementing a related feature that allows a "private CA" to be installed as a trusted root that i... Ross Williams

07:19 PM Feature #7242: SSL Include CA Certs

This is a duplicate of #4068. I am considering addressing this issue, as it affects our operations using pfSense on a... Ross Williams

06:12 PM Revision 4401107f: Revisions to GET/POST conversion limiting POSTs to save, apply, and delete functions - Interfaces

Steve Beaver

05:39 PM Revision 42362856: Fix saving Hybrid RSA + Xauth. Fixes #7258

Jim Pingle

05:38 PM Revision 4289b4c1: Fix saving Hybrid RSA + Xauth. Fixes #7258

Jim Pingle

05:38 PM Revision eb5bc42b: Fix saving Hybrid RSA + Xauth. Fixes #7258

Jim Pingle

05:31 PM Revision 1355f71c: Accommodate locales by testing for $_POST['va'] only

Steve Beaver

05:29 PM Revision eeb68412: Revisions to GET/POST conversion limiting POSTs to save, apply, and delete functions - VPN

Steve Beaver

03:58 PM Revision 80c01e06: Revert "Add privs to control display of notices"

Fix #7051
This reverts commit 04665e78537906f7375668ca665cba17f95a4864. Renato Botelho

03:58 PM Revision 8b5cf433: Revert "Add privs to control display of notices"

Fix #7051
This reverts commit 04665e78537906f7375668ca665cba17f95a4864. Renato Botelho

03:56 PM Bug #6711 (Resolved): diag_states_summary # States and # States twice (explain one is per protocol)

Anonymous

10:14 AM Bug #6711 (Assigned): diag_states_summary # States and # States twice (explain one is per protocol)

Anonymous

03:48 PM Revision 4611e283: Revisions to GET/POST conversion limiting POSTs to save, apply, and delete functions

Steve Beaver

03:38 PM Bug #7168: Vague kernel messages in system log

Phillip Davis wrote:
> The 'done' and the dots are output by steps of the boot script as it gets to various points i... Daryl Morse

09:15 AM Bug #7168: Vague kernel messages in system log

The 'done' and the dots are output by steps of the boot script as it gets to various points in the code. That comes o... Phillip Davis

07:43 AM Bug #7168: Vague kernel messages in system log

Noticed the same thing - have not seen them before. Running 2.4 snap 2.4.0.b.20170213.0512... → luckman212

03:29 PM Bug #7257 (Feedback): Use pfSense-upgrade to check if there is a new firmware upgrade

pfSense-upgrade 0.15 should fix it Renato Botelho

11:04 AM Bug #7257 (Resolved): Use pfSense-upgrade to check if there is a new firmware upgrade

Today GUI is using it's own logic to detect when a new pfSense version is available. pfSense-upgrade offers this opti... Renato Botelho

01:30 PM Feature #7259 (Duplicate): Automatic Rollback of Unsucessful changes

One Critical feature that most professional Routers have that PfSense does not is a "do this, but roll it back if you... Sunrunner20 20

11:48 AM Bug #7258 (Resolved): vpn_ipsec_phase1.php: Unable to save Mobile IPsec Phase 1 set for Hybrid RSA + Xauth

Works Jim Pingle

11:40 AM Bug #7258 (Feedback): vpn_ipsec_phase1.php: Unable to save Mobile IPsec Phase 1 set for Hybrid RSA + Xauth

Applied in changeset commit:eb5bc42b04ead009b2e09f3ed002eecded240864. Jim Pingle

11:19 AM Bug #7258 (Resolved): vpn_ipsec_phase1.php: Unable to save Mobile IPsec Phase 1 set for Hybrid RSA + Xauth

On vpn_ipsec_phase1.php, when editing a Mobile Phase 1 a user cannot save the settings when Authentication Method is ... Jim Pingle

11:25 AM Revision 926a7f5c: Revert "Use cached groups in get_user_privileges"

This reverts commit c7c79905d3e0fd01172d373a15a1d0d77a5728e8. Renato Botelho

11:25 AM Revision 990c00c4: Revert "Use cached groups in get_user_privileges"

This reverts commit 855826896509a1a0bec77a51535a8f004b4ca570. Renato Botelho

11:21 AM Revision ac4fe723: Merge pull request #3541 from phil-davis/getAllowedPages-format

Renato Botelho

11:19 AM Revision c7c79905: Use cached groups in get_user_privileges

(cherry picked from commit 7abc3f992e5dd5bff53495844ce944163d6d1d9b) Phil Davis

11:19 AM Revision 85582689: Use cached groups in get_user_privileges

(cherry picked from commit 7abc3f992e5dd5bff53495844ce944163d6d1d9b) Phil Davis

11:19 AM Revision fc4b59f8: Merge pull request #3540 from phil-davis/get_user_privileges-cache

Renato Botelho

11:16 AM Revision 42a2f7da: Fix ldap_get_groups return value when down

In some places ldap_get_groups has:
```
return memberof;
```
It should have the "$" in front, so it will return the $... Phil Davis

11:16 AM Revision fd6a81e1: Fix ldap_get_groups return value when down

In some places ldap_get_groups has:
```
return memberof;
```
It should have the "$" in front, so it will return the $... Phil Davis

11:16 AM Revision ae800a34: Merge pull request #3539 from phil-davis/patch-5

Renato Botelho

11:15 AM Revision 3129d3e9: IPv4 Tunnel Network is required for OpenVPN server

(cherry picked from commit e4488e51cf424907e06ef7cc73370aa0657e5e25) Phil Davis

11:15 AM Revision 1a4e4d04: IPv4 Tunnel Network is required for OpenVPN server

(cherry picked from commit e4488e51cf424907e06ef7cc73370aa0657e5e25) Phil Davis

11:14 AM Revision 369e898a: Merge pull request #3536 from phil-davis/tunnel-network-message

Renato Botelho

11:11 AM Revision 3fbee483: Update version string at end of boot RELENG_2_3

When there is an upgrade, the echo here was outputting a stale value of the version. For example, on first upgrade fr... Phil Davis

11:11 AM Revision eba4f2a1: Merge pull request #3530 from phil-davis/patch-2

Renato Botelho

11:10 AM Revision 687dc905: Merge pull request #3531 from phil-davis/version-display-at-boot

Renato Botelho

10:28 AM Bug #7166: During bandwidth test 4860 with 2.4 got Fatal trap 12: page fault while in kernel mode

The next build has a different fix for this issue, it probably has better performance too.
Could you, please, chec... Luiz Souza

09:59 AM Bug #7253: LDAP does no longer properly fallback to local auth, obnoxious timeouts, unusable GUI

Change reverted from RELENG_2_3 and RELENG_2_3_3 Renato Botelho

06:57 AM Bug #7253: LDAP does no longer properly fallback to local auth, obnoxious timeouts, unusable GUI

Yes, the easy fix is to revert 3322 from 2.3.3. The extra functionality is not that exciting!
And this issue shoul... Phillip Davis

06:10 AM Bug #7253: LDAP does no longer properly fallback to local auth, obnoxious timeouts, unusable GUI

Can we just revert https://github.com/pfsense/pfsense/pull/3322 for 2.3.3? This non-issue with displayed notices that... Kill Bill

05:26 AM Bug #7253: LDAP does no longer properly fallback to local auth, obnoxious timeouts, unusable GUI

My bad, I did to revert it because the field that controls cache time is a 2.4.0 only feature. Sorry about the noise. Renato Botelho

05:20 AM Bug #7253 (Feedback): LDAP does no longer properly fallback to local auth, obnoxious timeouts, unusable GUI

I've applied both PRs to RELENG_2_3_3. Could you please confirm the fix on next snapshot? Renato Botelho

09:51 AM Bug #7252 (Feedback): OpenVPN widget, connect time of roadwariors shows a number

OpenVPN port was downgraded to 2.3.x Renato Botelho

09:38 AM Bug #7252: OpenVPN widget, connect time of roadwariors shows a number

No, it will work fine for everyone (Well, 99.999%). OpenVPN won't have any compatibility issues between the two. It w... Jim Pingle

09:34 AM Bug #7252: OpenVPN widget, connect time of roadwariors shows a number

so if someones on 2.3.3 with opnvpn 2.4 will change back to 2.3 have ramifications ?? Michael Kellogg

09:16 AM Bug #7252: OpenVPN widget, connect time of roadwariors shows a number

We're moving 2.3.3 back to OpenVPN 2.3 since it appears to be the path of least disruption. Jim Pingle

09:20 AM Bug #6937 (Assigned): Inbound traffic on enc0 is not creating a state with mobile IPsec

Jim Pingle

07:41 AM pfSense Packages Feature #7189: Letsencrypt acme sync in HA environment

Since the certs automatically sync between active and passive nodes, I am inclined to agree that acme should not be i... Adam Lawler

07:21 AM Bug #4474: IP address change triggers reload of all packages

Just FYI: That's not my patch, see the URL :) Kill Bill

07:15 AM Bug #4474: IP address change triggers reload of all packages

User "Kill Bill" wrote a patch that disables this behaviour for 2.2.2 and linked it in https://redmine.pfsense.org/is... Daniel Grob

05:48 AM Bug #7256: syslogd is not running after installing or uninstalling a package with logging (e.g. tinc, haproxy)

Here's some more context:... Kill Bill

05:16 AM Bug #7256 (Resolved): syslogd is not running after installing or uninstalling a package with logging (e.g. tinc, haproxy)

Suspect it's related to Feature #4898. Last log entry:... Kill Bill

05:30 AM Revision 0fafb3cd: getAllowedPages consistent code format

Phil Davis

05:15 AM Revision 7abc3f99: Use cached groups in get_user_privileges

Phil Davis

02:56 AM Revision 0241b34f: Fix ldap_get_groups return value when down

In some places ldap_get_groups has:
```
return memberof;
```
It should have the "$" in front, so it will return the $... Phil Davis

02:06 AM Bug #6223: IPsec + OpenBGPD fails with "PF_KEY socket: No buffer space available"

In 2.4 it flaps constantly... I mean every 40 seconds or so, but it varies
startup
rereading config
route decisi... Frans Gidlöf

02/12/2017

09:14 PM Bug #7253: LDAP does no longer properly fallback to local auth, obnoxious timeouts, unusable GUI

I added a commit to https://github.com/pfsense/pfsense/pull/3538 that checks the $allowed_groups actually is an array... Phillip Davis

09:12 PM Bug #7253: LDAP does no longer properly fallback to local auth, obnoxious timeouts, unusable GUI

See PR https://github.com/pfsense/pfsense/pull/3539 for a bug in ldap_get_groups() where it can return something that... Phillip Davis

11:45 AM Bug #7253: LDAP does no longer properly fallback to local auth, obnoxious timeouts, unusable GUI

Phillip Davis wrote:
> (Code changes needed for 2.3.3 should be similar to what is in the PR for 2.4)
The patch a... Kill Bill

11:17 AM Bug #7253: LDAP does no longer properly fallback to local auth, obnoxious timeouts, unusable GUI

I made PR https://github.com/pfsense/pfsense/pull/3538 to cache group/priv information within get_user_privileges() i... Phillip Davis

02:54 PM Bug #7255 (Resolved): Firewall alias FQDN field rejects IDNs (Internationalized domain names)

When creating a firewall alias and entering "www.bücher.ch" as the FQDN, pfsense gives an error stating:
"www.büch... Sean McBride

02:44 PM Bug #6945: Firewall alias naming restrictions are too limiting

Pillip, yes, using "www.xn--bcher-kva.ch" as the FQDN in the alias works. ex:, with such a rule, a traceroute from my... Sean McBride

02:25 PM Revision e8813e51: Allow up to siz dashboard columns

Steve Beaver

01:34 PM Revision e4488e51: IPv4 Tunnel Network is required for OpenVPN server

Phil Davis

12:44 PM Bug #7252: OpenVPN widget, connect time of roadwariors shows a number

I didn't notice that OpenVPN 2.4 was on pfSense 2.3.3. That means there are probably more OpenVPN 2.4-isms to account... Jim Pingle

10:07 AM Bug #7252: OpenVPN widget, connect time of roadwariors shows a number

I didn't test architecture 'all' but likely yes.. As for priority, its a display issue, actual functionality of the o... Pi Ba

09:58 AM Bug #7252: OpenVPN widget, connect time of roadwariors shows a number

Shouldn't this be architecture All? Jim Thompson

08:40 AM Bug #7252: OpenVPN widget, connect time of roadwariors shows a number

At the moment the field is displaying one of the byte counts, so it will be completely misleading to leave it like th... Phillip Davis

08:37 AM Bug #7252: OpenVPN widget, connect time of roadwariors shows a number

Pull Request https://github.com/pfsense/pfsense/pull/3537
Actually I think it could be done just by cherry-picking... Phillip Davis

10:18 AM Revision 66a40592: Add GUI entry for ip_change_kill_states in Network/Advanced (See #1629)

Ralph Haussmann

10:18 AM Revision a84da228: Improve log output when ip_change_kill_states is set.

Ralph Haussmann

08:42 AM Revision b8ad7df3: Do POST for long tab array dropdown

Phil Davis

05:18 AM Revision 55f81e30: Update version string at end of boot

Phil Davis

05:12 AM Revision c0044174: Update version string at end of boot RELENG_2_3

When there is an upgrade, the echo here was outputting a stale value of the version. For example, on first upgrade fr... Phil Davis

03:46 AM Revision 065bd33d: Fix incorrect sorting for various dropdown lists.

Chris Rowe

03:41 AM Feature #4083: Replace GET by POST

And here is a way to "fix" breadcrumb links: https://github.com/pfsense/pfsense/pull/3534
But of course it does not ... Phillip Davis

02:38 AM Feature #4083: Replace GET by POST

Note issue https://redmine.pfsense.org/issues/7254
The dropdown list of interface names in Firewall Rules was still ... Phillip Davis

01:29 AM Bug #7254: Selection from long tab list that uses dropdown does not POST correctly

PR https://github.com/pfsense/pfsense/pull/3533 provides a fix that works for me. It will at least get functionality ... Phillip Davis

01:23 AM Bug #7254 (Resolved): Selection from long tab list that uses dropdown does not POST correctly

1) Have a lot of interfaces with long names.
2) Got to Firewall->Rules
3) Try to access the rules of a different in... Phillip Davis

02/11/2017

07:57 PM Feature #4821: PPPoE WANs do not take full advantage of NIC driver queues for receiving traffic

Unlikely Jim Thompson

07:26 PM Revision e4b2f69f: Point to 2.3.3 branch on devel server while in RC

Renato Botelho

06:54 PM Bug #7253: LDAP does no longer properly fallback to local auth, obnoxious timeouts, unusable GUI

Nuked the above code, sanity restored. It's evil, get it out of the head.inc please. (Plus, get_user_privileges() obv... Kill Bill

06:44 PM Bug #7253: LDAP does no longer properly fallback to local auth, obnoxious timeouts, unusable GUI

I never set up any timeout anywhere. The point is it tries to look up a *local* user in LDAP, over and over again, ca... Kill Bill

06:42 PM Bug #7253: LDAP does no longer properly fallback to local auth, obnoxious timeouts, unusable GUI

What's your server timeout set to in the LDAP auth server settings? It should be defaulting to 25s, you can lower it ... Jim Pingle

06:32 PM Bug #7253 (Resolved): LDAP does no longer properly fallback to local auth, obnoxious timeouts, unusable GUI

No idea when this regressed, but I get this when AD in unreachable:... Kill Bill

06:49 PM Feature #7199 (Resolved): SG-1000 cpsw nics don't support ALTQ

Jim Pingle

05:49 PM Feature #7199: SG-1000 cpsw nics don't support ALTQ

SG-1000
2.4.0.b.20170211.0742
Test and working. Thank you for implementing that! Jakub Osika

06:49 PM Bug #7219 (Resolved): vlan(4) interfaces do not have ALTQ support on pfSense 2.4, they had ALTQ support on 2.3

Jim Pingle

05:48 PM Bug #7219: vlan(4) interfaces do not have ALTQ support on pfSense 2.4, they had ALTQ support on 2.3

SG-1000
2.4.0.b.20170211.0742
Can confirm that ALTQ with vlans now works.
Jakub Osika

06:00 PM Bug #7252 (Resolved): OpenVPN widget, connect time of roadwariors shows a number

OpenVPN widget, connect time of roadwariors shows a number Pi Ba

01:35 PM Revision 2722f4c2: Use devel pkg server while in RC

Renato Botelho

01:31 PM Revision ea9d2cd3: Set some specific rules for RC during build

Renato Botelho

01:30 PM Revision 26f2e751: Set some specific rules for RC during build

Renato Botelho

01:18 PM Revision 3b9d21e0: Set some specific rules for RC during build

Renato Botelho

12:51 PM Revision af36378e: System Information widget filter gettext()

(cherry picked from commit f5d762f90924510c097a9065dff135dab01f46f0) Phil Davis

12:48 PM Revision 3204c695: System Information Widget Filter

(cherry picked from commit 718b3b0b1b75de09a87866cb37b5a0752643283a) Phil Davis

12:40 PM Revision d99503fb: Fix cut-paste error in Breadcrumb Links

(cherry picked from commit 0e5ee5ae260c42a05b79edf74fb491fca52bacb4) Phil Davis

12:40 PM Revision de02dc29: Breadcrumb links

(cherry picked from commit edcd75357f0e93b124159314d3306197d5312e6c) Phil Davis

12:40 PM Revision 990bc1fb: Breadcrumb links support

(cherry picked from commit c50f228a1583fe694993778e8576322877a15bba) Phil Davis

10:48 AM Feature #4083: Replace GET by POST

Yes, that is the goal. It isn't only about accidental actions, though, but also CSRF protection. Jim Pingle

10:41 AM Feature #4083: Replace GET by POST

Isn't the principle here that anything that changes stuff (makes a config change, stops/starts a service, applies cha... Phillip Davis

08:24 AM Feature #4083: Replace GET by POST

Good points. I'll give that some thought. Anonymous

08:07 AM Feature #4083: Replace GET by POST

The recent work here is excellent, for delete, enable/disable, and other actions that result in a config change or fi... Jim Pingle

07:46 AM Bug #6340: fsck hangs boot in background, fails to produce any action, resulting in broken firewall

Graham Collinson wrote:
> yes it was on 2.3.2
It was changed since 2.3.2. New code is on 2.3.3 and 2.4.0 snapshots. Renato Botelho

07:35 AM Bug #6340: fsck hangs boot in background, fails to produce any action, resulting in broken firewall

yes it was on 2.3.2 Graham Collinson

07:06 AM Feature #7251: JavaScript & CSS are cached too aggressively by browsers, add URL fingerprint or other cache control mechanism

A simple way to deal with this might be to prevent caching on the login page. That way all the CSS and JS is re-loade... Anonymous

06:13 AM Feature #7251: JavaScript & CSS are cached too aggressively by browsers, add URL fingerprint or other cache control mechanism

I knew I was forgetting something!
Updated subject/descr
Thanks Jim Pingle

06:10 AM Feature #7251: JavaScript & CSS are cached too aggressively by browsers, add URL fingerprint or other cache control mechanism

There is the same problem with CSS. Kill Bill

02:04 AM Revision 48e4a8c6: Add foot.inc back to status.php

Jim Pingle

02:03 AM Revision c9e18377: Add foot.inc back to status.php

Jim Pingle

02/10/2017

10:14 PM Revision 5bf8ac30: Set _IS_RELEASE for RC in this branch

Renato Botelho

10:07 PM Revision ce437697: logout via POST

Steve Beaver

09:53 PM Feature #7251 (Resolved): JavaScript & CSS are cached too aggressively by browsers, add URL fingerprint or other cache control mechanism

JavaScript and CSS are cached too aggressively by browsers, so when any significant change happens, users must manual... Jim Pingle

09:41 PM Bug #7240 (Not a Bug): OpenVPN Client bug

I can't reproduce this with clients or servers. "Permission denied" implies that a firewall rule is blocking the traf... Jim Pingle

09:40 PM Revision d13d2426: Use RELEASE server and branch on 2.3.3

Renato Botelho

09:39 PM Revision e8260dcf: Use RELEASE branch and server for now

Renato Botelho

09:34 PM pfSense Packages Bug #7236 (Resolved): ACME - DNS-NSupdate badly misformatted GUI

Jim Pingle

09:34 PM pfSense Packages Feature #7221 (Resolved): ACME package : add standalone mode & specify port used

Jim Pingle

09:34 PM pfSense Packages Bug #7218 (Resolved): acme_inc.sh hard codes 'HMAC-MD5.SIG-ALG.REG.INT' for nsupdate key types

Jim Pingle

09:33 PM pfSense Packages Bug #7208 (Resolved): ACME ftpwebroot doesn't work

Jim Pingle

09:33 PM pfSense Packages Bug #7205 (Resolved): ACME package ignores DNS-Manual method, defaults to http-01

Jim Pingle

09:33 PM pfSense Packages Bug #7192 (Resolved): ACME package cannot update more than one nsupdate type domain

Jim Pingle

09:30 PM pfSense Packages Bug #7190 (Resolved): pfSense-pkg-acme Bug - php errors on pages that list certificates when no LE Certs have been created yet (eg Cert. Manager - Certificates, OpenVPN - Servers)

Jim Pingle

09:30 PM Feature #7239 (Rejected): DNS Resolver enable reverse dns override for single host

As you see, it already adds the PTR records.
Jim Pingle

09:29 PM Revision 2de2172e: Bump version to 2.3.4-DEVELOPMENT

Renato Botelho

09:28 PM Revision fa0243db: It's time to 2.3.3-RC

Renato Botelho

09:22 PM Revision 4b72f68f: Replace '_' with '_<wbr> when displaying alias names. Allows long alias names with underscores to word-break better.

Steve Beaver

08:49 PM Revision 8b2cb5a4: GET/POST conversion firewall_virtual_ip*

Steve Beaver

08:42 PM Bug #7241 (Not a Bug): OpenVPN CSC Tunnel Network not accepting net30 addresses

Can't reproduce. It works fine on 2.3.2_1, 2.3.3, and 2.4. The server has to be set for net30 and you have to specify... Jim Pingle

08:34 PM Revision e3947e77: GET/POST conversion firewall_rules

guiconfig.php display_top_tabs supports "usepost" as an optional 4th argument Steve Beaver

07:40 PM Revision a1371557: GET/POST conversion firewall_nat_out*

Steve Beaver

07:33 PM Revision 01b30fa7: GET/POST conversion firewall_nat_npt*

Steve Beaver

07:26 PM Revision b9205559: GET/POST firewall_nat_1to1 bis

Steve Beaver

07:21 PM Revision d0737076: GET/POST conversion

Steve Beaver

07:07 PM Revision 31bdcffb: GET/POST conversion firewall_nat*

Steve Beaver

06:53 PM Revision d1fd8c3b: GET/POST conversion firewall_aliases*

Steve Beaver

06:40 PM Revision c6b6c4bf: GET/POST conversion vpn_ipsec_server

Steve Beaver

06:35 PM Revision cb5a1026: GET/POST conversion vpn_openvpn_csc

Steve Beaver

06:31 PM Revision bae64f1f: GET/POST conversion vpn_openvpn_client

Steve Beaver

06:26 PM Revision 84450372: GET/POST conversion vpn_l2tp*

Steve Beaver

05:57 PM Revision 5eb5856a: 5th try

- change $do_ping default value to 'true' (which emulates the previous default behavior) to avoid any unexpected resu... → luckman212

05:57 PM Revision f8002180: 4th attempt!

- Reworked based on recent comments from @rbgarga
(cherry picked from commit c516cb287a78f7b05459e7fcba410f443d8eb8af) → luckman212

05:57 PM Revision c2f4b759: 3rd try!

- incorporate suggestions from @rbgarga with slight modification
(cherry picked from commit 6c2f093000b05285546e81dd... → luckman212

05:57 PM Revision 307243e7: 2nd try. . .

/etc/inc/util.inc:
- arp_get_mac_by_ip() updated to support IPv6
- attempt at code streamline
/usr/local/www/service... → luckman212

05:57 PM Revision 9a20d170: enhancements to services_dhcp_edit.php

- added ndp call to get MAC addr if remote client is connected via IPv6
- automatically hide `Copy MAC` button if arp... → luckman212

05:57 PM Revision 726de9fe: Merge pull request #3492 from luckman212/dhcp-edit-patch-2

Renato Botelho

05:46 PM Bug #7249: firewall_rules.php & firewall_nat.php: Replaces underscores with spaces in aliase names

Cool... This will help pfBlockerNG as all the Auto rules are *pfB_<aliasname>_v4*... Thanks Steve! BBcan177 .

04:28 PM Bug #7249: firewall_rules.php & firewall_nat.php: Replaces underscores with spaces in aliase names

Yes. Missed it by an hour :)
Anonymous

04:19 PM Bug #7249: firewall_rules.php & firewall_nat.php: Replaces underscores with spaces in aliase names

Steve Beaver wrote:
> Changed the code to replace '_' with '_<wbr>' (word break opportunity). Allows a long alias n... Zetto Null

03:25 PM Bug #7249 (Feedback): firewall_rules.php & firewall_nat.php: Replaces underscores with spaces in aliase names

Changed the code to replace '_' with '_<wbr>' (word break opportunity). Allows a long alias name to word-wrap, but r... Anonymous

03:08 PM Bug #7249: firewall_rules.php & firewall_nat.php: Replaces underscores with spaces in aliase names

That is not exactly a bug, the underscore is deliberately replaced with a space for display. It seems to have been a ... Anonymous

01:58 PM Bug #7249 (Resolved): firewall_rules.php & firewall_nat.php: Replaces underscores with spaces in aliase names

I have a number of firewall aliases that contain underscores. The underscore is replaced with a space when viewing a ... Zetto Null

05:42 PM Revision 804f6a16: Sync up status.php with master, but keep the 2.3/10.3-specific parts. Fixes #7246

Jim Pingle

05:42 PM Revision 7a755921: Do not output PHP shell starup message unless it is run interactively. Fixes #7045

Jim Pingle

05:42 PM Revision bdc16e26: Add a pfSense php shell playback script to show the gateway status. Ticket #7046

Jim Pingle

05:42 PM Revision 5ab3fb16: Add a function to format and return plain text output showing the gateway status, for use by a shell script and status.php. Ticket #7046

Jim Pingle

05:42 PM Revision 4cdd0103: Add playback scripts to drill into pf tables and anchors to list their contents.

Jim Pingle

05:39 PM Revision 3093b965: Fix for bug 6966 https://redmine.pfsense.org/issues/6966

Change-Id: I9471c2bbd8941e70965a86d369c8de87be9a4417
(cherry picked from commit 109a304e154a179bd340b06880ce95baec4da... Graham Collinson

05:39 PM Revision dde7eda2: Merge pull request #3522 from graham-collinson/master

Renato Botelho

05:22 PM Revision 7603794b: GET/POST conversion vpn_ipsec*

Steve Beaver

05:06 PM Revision 3312b65f: GET/POST conversion interfaces_assign

Steve Beaver

05:02 PM Revision 8dce7a92: GET/POST conversion interfaces_wireless*

Steve Beaver

05:00 PM Revision e86b541f: Revert "Fixed #6753"

User feedback suggests the sorted menu was better, despite the lack of consistency elsewhere.
This reverts commit 96f... Jim Pingle

04:59 PM Revision 3b197818: Revert "Fixed #6753"

User feedback suggests the sorted menu was better, despite the lack of consistency elsewhere.
This reverts commit e5d... Jim Pingle

04:57 PM Revision 965717c4: GET/POST conversion interfaces_vlan_edit

Steve Beaver

04:54 PM Revision 5b075645: GET/POST conversion interfaces_vlan

Steve Beaver

04:45 PM Revision 87b458b5: GET/POST conversion interfaces_qinq*

Steve Beaver

04:40 PM Revision f34455d8: GET/POST conversion interfaces_ppps*

Steve Beaver

04:34 PM Revision 41063bd7: GET/POST conversion interfaces_lagg*

Steve Beaver

04:25 PM Revision e1a5d73c: GET/POST conversion interfaces_groups*

Steve Beaver

04:21 PM Revision 5947395d: GET/POST conversion interfaces_gre*

Steve Beaver

04:21 PM Bug #7250: Subnet is too large to expand into individual host IP addresses

Thank you! Using Network(s) instead of Host(s) worked. Zetto Null

04:17 PM Bug #7250 (Not a Bug): Subnet is too large to expand into individual host IP addresses

You can't use a host type alias for a masked network like that, use a Network type alias instead. Jim Pingle

04:10 PM Bug #7250 (Not a Bug): Subnet is too large to expand into individual host IP addresses

I'm trying to create a IP Alias with a /16 subnet. This fails with the following error.
* Subnet is too large to e... Zetto Null

04:21 PM Revision c620a9bb: Mark missing parameter as required. It got lost during backport from master as spotted by @phil-davis

Renato Botelho

04:18 PM Revision b591908c: GET/POST conversion interfaces_gif*

Steve Beaver

04:16 PM Revision 2c391a23: Required fields - Alias Type

should be a required field. And this 1-char change can also be backported to RELENG_2_3. I noticed this while looking... Phil Davis

04:16 PM Revision e2d1352e: Merge pull request #3523 from phil-davis/patch-2

Renato Botelho

04:15 PM Revision a166a212: Fix #7157

trafficgraph: Don't update the on screen visual graph while invisible,
which avoids creating a large queue of pending... Renato Botelho

04:12 PM Revision c5ae2b4d: GET/POST conversion interfaces_bridge*

Steve Beaver

04:11 PM Todo #6767 (Resolved): Change logout from GET to POST request

Anonymous

04:11 PM Revision 7790e0df: Fix #7157

trafficgraph: Don't update the on screen visual graph while invisible,
which avoids creating a large queue of pending... Renato Botelho

04:10 PM Revision 8ea10c11: Required fields - Alias Type

should be a required field. And this 1-char change can also be backported to RELENG_2_3. I noticed this while looking... Phil Davis

04:09 PM Bug #7202 (Resolved): "Warning: sprintf(): Too few arguments in /usr/local/www/classes/Form/Group.class.php on line 65 Call Stack:

Anonymous

04:07 PM Revision ad1e294c: Ticket #7157: Backport upstream fix from https://github.com/novus/nvd3/commit/305cbad96e94f61a3c0bae02d16c28e09249fbc0

Renato Botelho

04:07 PM Revision c674ae38: Ticket #7157: Backport upstream fix from https://github.com/novus/nvd3/commit/305cbad96e94f61a3c0bae02d16c28e09249fbc0

Renato Botelho

04:04 PM Revision edf69b0c: Example of setting required items

(cherry picked from commit 32a85c63c9411463c98a0605772b3e2c01702971) Phil Davis

03:55 PM Revision 85877e3c: Require Name field in Shaper

(cherry picked from commit 40dcb4b61a2c1213a0b3e213c78fddac845a0117) Phil Davis

03:17 PM Revision ddd3ffaf: GET/POST conversion system_routes*

Steve Beaver

02:54 PM Revision 20231404: GET/POST conversion system_groupmanager*

Steve Beaver

02:12 PM Revision ac5e11a7: Revise setHelpText to accommodate required fields

Steve Beaver

02:12 PM Revision 5f6c3712: Provide Javascript set_Required function

Steve Beaver

02:12 PM Revision 5b18b8a4: Provide CSS for required fields

Steve Beaver

02:12 PM Revision cc8783a5: Add "Required field" capability to Groups.class.php

Steve Beaver

02:11 PM Bug #6768 (Resolved): DNS Resolver entry for DHCPv6 static mapping has wrong IP address

Tested 2.3.3 and 2.4, correct subnet is used. Jim Pingle

12:53 PM Bug #6768 (Feedback): DNS Resolver entry for DHCPv6 static mapping has wrong IP address

ops, untested yet Renato Botelho

12:53 PM Bug #6768 (Resolved): DNS Resolver entry for DHCPv6 static mapping has wrong IP address

works Renato Botelho

01:52 PM Bug #6432: Relative distinguished names should accept unicode during CA creation.

To be clear, what's the fix? Does it merely warn to use only ASCII, or does it now support Unicode properly? Sean McBride

01:27 PM Bug #6432 (Resolved): Relative distinguished names should accept unicode during CA creation.

works Renato Botelho

01:40 PM Bug #6852: Commit 8f86722 breaks DHCPv6 leases status page

upgraded hardware due to c2000 restored config and this now works so guess somethin in my dhcp6 leases file had a pro... Michael Kellogg

06:50 AM Bug #6852: Commit 8f86722 breaks DHCPv6 leases status page

This is a regression Michael Kellogg

01:35 PM Revision a04f6658: GET/POST conversion system_gateways*

Steve Beaver

01:30 PM Bug #6340: fsck hangs boot in background, fails to produce any action, resulting in broken firewall

I tried to break it again and couldn't after last changes. Instead of closing it without hearing from more people I'l... Renato Botelho

11:10 AM Bug #6340: fsck hangs boot in background, fails to produce any action, resulting in broken firewall

Graham Collinson wrote:
> I saw an issue like this on the first power cycle of a new SG-2440.
> manually running fs... Renato Botelho

04:34 AM Bug #6340: fsck hangs boot in background, fails to produce any action, resulting in broken firewall

I saw an issue like this on the first power cycle of a new SG-2440.
manually running fsck didn't find an issue but e... Graham Collinson

01:24 PM Bug #7083 (Resolved): Put back some visual hint for required fields

Everything looks OK now. Thanks Phil! Renato Botelho

11:08 AM Bug #7083 (Feedback): Put back some visual hint for required fields

I believe it's all done now Renato Botelho

10:16 AM Bug #7083: Put back some visual hint for required fields

I have noted on GitHub a couple of commits in master that did not get back-ported. @rbgarga is back-porting them righ... Phillip Davis

09:22 AM Bug #7083: Put back some visual hint for required fields

Oh, I see now that you just committed that supporting code to RELENG_2_3. I noticed the issue this morning my time (w... Phillip Davis

09:16 AM Bug #7083: Put back some visual hint for required fields

On which page do you see that Phil?
I assumed you synced in the last few minutes? Anonymous

09:13 AM Bug #7083: Put back some visual hint for required fields

Reported in forum: https://forum.pfsense.org/index.php?topic=125403.0
I am seeing the "*" displayed in the (some) pl... Phillip Davis

08:43 AM Bug #7083: Put back some visual hint for required fields

The mechanism required to do this has been ported to 2.3.3 but it looks like quite a few pages do not yet have the '*... Anonymous

07:25 AM Bug #7083 (Assigned): Put back some visual hint for required fields

Looks like this was partially merged back to 2.3.3 but not all of it. Fields have the * before the name and are not s... Jim Pingle

01:23 PM Bug #5321 (Resolved): rxcsum6, txcsum6 not considered by "Disable hardware checksum offload"

works Renato Botelho

01:21 PM Revision ba14d48e: GET/POST conversion system_gateway_groups*

Steve Beaver

01:18 PM Revision 109a304e: Fix for bug 6966 https://redmine.pfsense.org/issues/6966

Change-Id: I9471c2bbd8941e70965a86d369c8de87be9a4417 Graham Collinson

01:05 PM Revision bda120a4: GET/POST conversion system_crlmanger.php bis

Steve Beaver

01:03 PM Revision d565c182: GET/POST conversion system_crlmanger.php

Steve Beaver

12:55 PM Todo #6689 (Resolved): Add enable link to Status > UPnP & NAT-PMP error message if disabled

works Renato Botelho

11:07 AM Todo #6689 (Feedback): Add enable link to Status > UPnP & NAT-PMP error message if disabled

PR has been merged Renato Botelho

12:54 PM Bug #6806 (Resolved): Form validation for DHCP NTP Servers does not allow hyphens

works Renato Botelho

12:52 PM Revision 59d06739: GET/POST conversion system_authservers.php

Steve Beaver

12:50 PM Bug #6966 (Resolved): Display bug in Status / IPsec / Overview

works Renato Botelho

11:39 AM Bug #6966 (Feedback): Display bug in Status / IPsec / Overview

PR has been merged, thanks! Renato Botelho

07:37 AM Bug #6966 (New): Display bug in Status / IPsec / Overview

Jim Pingle

07:23 AM Bug #6966: Display bug in Status / IPsec / Overview

pull request for fix on github
https://github.com/pfsense/pfsense/pull/3522 Graham Collinson

06:46 AM Bug #6966: Display bug in Status / IPsec / Overview

This simple patch appears to work.
Might want to add in further checking or change the way of identifying whether it... Graham Collinson

06:34 AM Bug #6966: Display bug in Status / IPsec / Overview

Looks like this is caused because there's a mismatch between the ikeid in $config['ipsec']['phase1'] and the ikeid re... Graham Collinson

06:14 AM Bug #6966: Display bug in Status / IPsec / Overview

Reproduced issue with two test VMs. Setup a simple IKEv2 between the two with one child sa. When split connections ... Graham Collinson

04:40 AM Bug #6966: Display bug in Status / IPsec / Overview

I've seen a similar issue on a production system with IKEv2 and split connections ticked (Enable this to split connec... Graham Collinson

12:47 PM Bug #7233 (Resolved): Status DHCP Leases can have incorrect index for edit action

works Renato Botelho

12:45 PM Todo #7246 (Resolved): Sync up status.php on 2.3.3 with 2.4

works Renato Botelho

11:50 AM Todo #7246 (Feedback): Sync up status.php on 2.3.3 with 2.4

Applied in changeset commit:804f6a165fbb80deac018be43e8d41607fa67594. Jim Pingle

11:01 AM Todo #7246 (Resolved): Sync up status.php on 2.3.3 with 2.4

Since 2.3.3 is likely the last 2.3.x release and people may be running it a while, it would be good to pull in the ch... Jim Pingle

12:34 PM Bug #6751: Route53 DynDNS Problems / Replace Route53 DynDNS Module

If you are going to backport this to 2.3.3 Bug #7206 is also needed. Jason McCormick

11:54 AM Feature #4898 (Resolved): Allow packages to request syslogd socket to be created inside chroot

works (haproxy for instance) Renato Botelho

11:47 AM Bug #6916 (Resolved): interfaces_vlan.php: Clicking on "Cancel" deletes VLAN

works Renato Botelho

11:47 AM Feature #7248 (New): Web UI for IPSec settings should warn about poor security choices

I've spent several days getting my VPN working and learned a lot in the process.
I've made a little patch here:
h... Sean McBride

11:46 AM Bug #7120 (Resolved): Wrong file permissions on /var/tmp and missing sticky bit when using /var as RAM disk

really fixed now! Renato Botelho

11:45 AM Bug #7164 (Resolved): NTP page allows adding more time server rows than it saves to the configuration

works Renato Botelho

11:44 AM Bug #7173 (Resolved): [2.3.3+] Interface groups with a '-' (dash) in name are not handled correctly, breaking firewall rules

works Renato Botelho

11:33 AM Bug #5993 (New): dhcp6c not started until an RA received

Not finished yet Renato Botelho

11:33 AM pfSense Packages Bug #7247: Update net/ntopng to 2.4.2017.01.20

Well it the update doesn't fix those, you should submit them upstream (or at least FreeBSD bugzilla). Kill Bill

11:26 AM pfSense Packages Bug #7247: Update net/ntopng to 2.4.2017.01.20

I have 3 recent coredumps saved - are these of any use to anyone for debugging or should I toss them? → luckman212

11:24 AM pfSense Packages Bug #7247 (Closed): Update net/ntopng to 2.4.2017.01.20

Attempting to fix the never ending core dumps with the current version. (Happens pretty much on any restart.) Kill Bill

11:24 AM Revision fb169a1c: Update translation files

Renato Botelho

11:21 AM Revision 9f60fffd: Regenerate pot

Renato Botelho

11:21 AM Revision 5ca44711: Merge pull request #3521 from phil-davis/sethelp-v

Renato Botelho

11:14 AM Feature #6753 (Resolved): Interfaces list order not consistent

Commit reverted. Jim Pingle

10:59 AM Feature #6753: Interfaces list order not consistent

I'll take this, looks like maybe the consistency doesn't weigh up against the inconvenience of the menu being unsorte... Jim Pingle

10:26 AM Feature #6753 (Assigned): Interfaces list order not consistent

Jim Pingle

11:05 AM Feature #1189: Gateway: Multiple monitor ips

Don't have a solution (yet) but FYI in case some people are watching this ticket and not the others/forums, I did cre... → luckman212

10:53 AM Feature #1189: Gateway: Multiple monitor ips

I would also like to see this as a feature. This one has been open for a while now, and many of the hardware solution... John Banks

10:57 AM Bug #6915: unbound logging not working after reboot or "Reset log files"

Yep, that's better, thanks! Jim Pingle

10:48 AM Bug #6915: unbound logging not working after reboot or "Reset log files"

This one shows up under "pfSense packages". Maybe because the category is set to "Unbound".
Other "modern" unbound i... Phillip Davis

10:41 AM Feature #6786 (Resolved): Sortable Description Captive Portal MACs list

Jim Pingle

10:41 AM Feature #7159 (Resolved): Auto correct checksum and missing special characters for NTP GPS initialization commands.

Jim Pingle

10:39 AM Bug #6064 (Resolved): non-fully qualified hostnames included in hosts file and Unbound local-data

Jim Pingle

10:39 AM Feature #6914 (Resolved): unbound access-control lists

Jim Pingle

10:27 AM Bug #6227 (Resolved): LAGG MTU not set correctly when it has child QinQ interfaces

Jim Pingle

10:24 AM Bug #7180 (Resolved): Disabled OpenVPN clients are not shaded in the gui

Jim Pingle

10:21 AM Bug #6609 (Resolved): OpenVPN Radius auth doesn't send NAS attributes and is not consistent with how strongSwan does it

Jim Pingle

10:20 AM Bug #7157 (Feedback): Traffic graphs cause the tab to crash when run in the background

Applied in changeset commit:7790e0dfaee5f4f1707a8bb6c6e8abf03b2001c2. Renato Botelho

08:26 AM Revision 7dabfe79: Fix typo

Renato Botelho

03:50 AM Revision 06f6b161: GET/POST conversion

Steve Beaver

02:37 AM Feature #7245 (Resolved): NTP widget shows client time instead of server time

The javascript nonsense dating back to Windows 9x/IE5 days actually shows local time on the client, severely confusin... Kill Bill

12:51 AM Bug #7219 (Feedback): vlan(4) interfaces do not have ALTQ support on pfSense 2.4, they had ALTQ support on 2.3

Should work now: https://github.com/pfsense/FreeBSD-src/commit/5c1daa5ea1098b67d4c331d5e21b39178d616031 Luiz Souza

12:35 AM Feature #7244 (New): Publish pfsense as a Vagrant Basebox

Hello pfsense!
The pfsense project should make it easy to provision pfsense by publishing an official pfsense vagr... Joel Whitehouse

02/09/2017

10:35 PM Revision 878d6f72: GET/POST conversion system_advanced_ioctl

Steve Beaver

10:01 PM Revision fe914124: Typo

Steve Beaver

09:53 PM Revision e8afd822: GET/POST conversion for camanager and certmanager

Steve Beaver

05:10 PM Feature #7242: SSL Include CA Certs

Chris Linstruth wrote:
> Or are you talking about installing a CA in pfSense so connections *it* makes outbound can ... NOYB NOYB

04:38 PM Feature #7242: SSL Include CA Certs

Or are you talking about installing a CA in pfSense so connections *it* makes outbound can be trusted/verified when c... Chris Linstruth

04:35 PM Feature #7242: SSL Include CA Certs

This looks like another redmine that should be a forum post.
Sending the self-signed CA along with the certificate... Chris Linstruth

04:20 PM Feature #7242: SSL Include CA Certs

Kill Bill wrote:
> Apparently we have a language problem here, so perhaps let's try again in a more simple way: WTH ... NOYB NOYB

03:59 PM Feature #7242: SSL Include CA Certs

Apparently we have a language problem here, so perhaps let's try again in a more simple way: WTH is "included in SSL"... Kill Bill

03:46 PM Feature #7242: SSL Include CA Certs

Kill Bill wrote:
> Am I the only one who cannot make sense of the request? No, self-signed certs will never be seaml... NOYB NOYB

05:32 AM Feature #7242: SSL Include CA Certs

Am I the only one who cannot make sense of the request? No, self-signed certs will never be seamless with browsers, o... Kill Bill

05:20 AM Feature #7242 (Duplicate): SSL Include CA Certs

Option to have an internal or imported CA (such as an imported self-signed CA) included in SSL for verify peer for do... NOYB NOYB

02:20 PM Revision 20cf8d8e: 5th try

- change $do_ping default value to 'true' (which emulates the previous default behavior) to avoid any unexpected results → luckman212

02:15 PM Feature #4821: PPPoE WANs do not take full advantage of NIC driver queues for receiving traffic

Hi Jim, just wondering if this is still something that might make it into pfSense 2.4.0? I would love to use the maxi... Chris Allen

01:52 PM Revision e04daed0: Allow GET-to-POST js to handle confirmation dialogs on delete (anything)

Steve Beaver

12:54 PM Revision 3e142087: setHelp and gettext format vpn*

Phil Davis

11:11 AM Revision a48a563d: Update translation files

Renato Botelho

11:00 AM Revision 5521f90a: Regenerate pot

Renato Botelho

10:58 AM Revision 9f242a98: Merge pull request #3512 from phil-davis/patch-3

Renato Botelho

10:57 AM Revision a958ab5b: Merge pull request #3511 from phil-davis/patch-2

Renato Botelho

10:57 AM Revision 6ec9b6ef: Merge pull request #3508 from phil-davis/sethelp-6

Renato Botelho

10:53 AM Revision a962a2d3: Merge pull request #3519 from phil-davis/patch-6

Renato Botelho

10:52 AM Revision 34b4342c: Merge pull request #3520 from phil-davis/sethelp-9

Renato Botelho

10:52 AM Revision 0aaa7bb0: Merge pull request #3518 from phil-davis/patch-5

Renato Botelho

10:51 AM Revision dd23f616: status_upnp remove nested getext()

I don't think this does anything useful.
(cherry picked from commit 3224663a3759935b47406c789b9f5cea3eb88136) Phil Davis

10:51 AM Revision c52d6985: Merge pull request #3516 from phil-davis/patch-4

Renato Botelho

10:50 AM Revision 36615eb8: Merge pull request #3517 from phil-davis/sethelp-8

Renato Botelho

10:49 AM Revision e7fc54ac: Merge pull request #3513 from phil-davis/sethelp-7

Renato Botelho

10:48 AM Bug #7232 (Feedback): haproxy_pool_edit.php -- sprintf() too few arguments

Fixed in 0.52_5 Renato Botelho

10:37 AM Revision 781d9ce4: setHelp and gettext for system*

Phil Davis

10:31 AM Revision 4dd437e4: Fix keylength.com href in system_usermanager

The literal <a href=... text was displaying here, not an actual link to keylength.com
While here, reformat to take th... Phil Davis

09:45 AM Revision 83d31192: Fix system_gateways_edit setHelp sprintf warning

The code at line 759 emitted a warning because of the bare '%' in the string.
Other changes are to clarify and tidy u... Phil Davis

07:40 AM Revision 7f0d6ccf: setHelp and getttext format for status*

Phil Davis

07:34 AM Revision 3224663a: status_upnp remove nested getext()

I don't think this does anything useful. Phil Davis

06:35 AM pfSense Packages Bug #1620: Can't use transparent proxy when using bridge.

Steve Wheeler wrote:
> I ran some tests with this and was unable to make it work. Adding 'route-to lo0' to the pass ... Kill Bill

06:05 AM Bug #7243 (Not a Bug): Openvpn route only first network in IPv4 Remote network(s) to local net

Openvpn Peer to Peer (ssl\tls) 2 client connection
Openvpn route only first network in server openvpn IPv4 Remote ne... Ivan Pavlov

05:59 AM Revision c516cb28: 4th attempt!

- Reworked based on recent comments from @rbgarga → luckman212

05:10 AM Bug #7209: Something is seriously wrong with firewall aliases

2.4-latest as of today, fresh install - confirmed NOT fixed. Just as I already said in one of my prev posts
>And I d... Dmitry Kernel

04:40 AM Bug #7241 (Not a Bug): OpenVPN CSC Tunnel Network not accepting net30 addresses

I'm migrating a client to pfSense, and they have an OpenVPN server which still uses net30 topology, with some client-... Jernej Simončič

04:31 AM Bug #7116: a floating 'match' rule on LAN does not put traffic from a broswer on a clientpc into a shaper queue

Pi Ba wrote:
> Without quick it didn't work either. Only changing it to 'pass' made it work.
I'm seeing the same ... Greg Siemon

04:06 AM Revision 046346e0: services_dyndns_edit % needs to be escaped

Phil Davis

02:44 AM pfSense Packages Feature #7221: ACME package : add standalone mode & specify port used

Having the package automatically open/close ports 80 and 443 when issuing/renewing certificates would be great. I don... Mathieu Arnold

02:04 AM Bug #7167: Error creating higher VLAN ID on SG-1000

It did not help.
Ok. I restored uFw settings on factory. Assigned VLAN 11 on cpsw0 and chose it as WAN
I can see ... Constantine Kormashev

01:22 AM Bug #7240: OpenVPN Client bug

Time Process PID Message
Feb 9 17:15:10 openvpn 40490 Initialization Sequence Completed
Feb 9 17:15:10 openvpn 40... Zart Zurt

01:17 AM Bug #7240 (Not a Bug): OpenVPN Client bug

Latest snapshot has led to the following log entry and failure to utilise the OpenVPN gateway:
Feb 9 17:13:24 open... Zart Zurt

01:18 AM Feature #7239: DNS Resolver enable reverse dns override for single host

mehh, probably invalid.
Creating a host override already creates a pointer entry as well.
eg /var/unbound/host... David McNeill

02/08/2017

11:56 PM Feature #7239 (Rejected): DNS Resolver enable reverse dns override for single host

DNS resolver only allows individual host overrides for forward lookups, not reverse.
Use case: (sloppy) ISP doesn'... David McNeill

10:32 PM Bug #7238 (New): Menu layout broken when using "Hostname in Menu" with long hostnames

It is good to have the hostname in the menu for quickly identifying the gateways, however almost all of our hostnames... Daniel Subert

10:24 PM pfSense Packages Bug #7190: pfSense-pkg-acme Bug - php errors on pages that list certificates when no LE Certs have been created yet (eg Cert. Manager - Certificates, OpenVPN - Servers)

Jim Pingle wrote:
> PR was merged
Confirm fixed. Greg Siemon

08:23 PM Revision f0136b17: Automatic GET to POST functions moved to pfSenseHelpers.js so they can be used by any page

Steve Beaver

07:22 PM Revision d3f59a8c: Improve comments

Steve Beaver

07:15 PM Revision f5c9c0c7: Experimental method to convert GET calls to POST

Steve Beaver

04:47 PM Revision 71ffc048: Merge branch 'master' into sethelp-7

Phil Davis

04:43 PM Revision 3fd41815: setHelp strings for services*

Phil Davis

04:28 PM Bug #7202: "Warning: sprintf(): Too few arguments in /usr/local/www/classes/Form/Group.class.php on line 65 Call Stack:

I navigated in almost all screens previously affected and can confirm everything is fixed with the pages previously a... Helio Tadao Goto

08:17 AM Bug #7202: "Warning: sprintf(): Too few arguments in /usr/local/www/classes/Form/Group.class.php on line 65 Call Stack:

This problem has now been fixed in a more generic within the Form classes so there should be no other cases, with or ... Anonymous

07:46 AM Bug #7202: "Warning: sprintf(): Too few arguments in /usr/local/www/classes/Form/Group.class.php on line 65 Call Stack:

Fixed embedded '%' in squidguard.inc Anonymous

05:36 AM Bug #7202: "Warning: sprintf(): Too few arguments in /usr/local/www/classes/Form/Group.class.php on line 65 Call Stack:

This problem remains with SquidGuard, in several tabs, like this in
Services > SquidGuard Proxy Filter > Common AC... Helio Tadao Goto

03:35 PM Revision 6c2f0930: 3rd try!

- incorporate suggestions from @rbgarga with slight modification → luckman212

03:35 PM Bug #6406: Web process becomes unresponsive producing 502 Bad Gateway nginx

I've seen this symptom frequently with pfBlockerNG and large lists. I also don't run the IPsec widget.
The comm... John Silva

12:05 PM Bug #6406: Web process becomes unresponsive producing 502 Bad Gateway nginx

Just Restarted PHP-FPM on a system with the following (no pfblocker installed):
* System Information
* Traffic Gr... Alex Vergilis

11:56 AM Bug #6406: Web process becomes unresponsive producing 502 Bad Gateway nginx

Jim Pingle wrote:
> Which dashboard widgets do you have visible?
Right now I have the following widgets open:
* ... Bryan Fehl

11:52 AM Bug #6406: Web process becomes unresponsive producing 502 Bad Gateway nginx

Bryan Fehl wrote:
> I just ran into this myself. Strangely, this issue causes all clients who try to connect with O... Jim Pingle

11:48 AM Bug #6406: Web process becomes unresponsive producing 502 Bad Gateway nginx

Steve Beaver wrote:
> Sorry to re-hash this, but since it has just been assigned to me I need an update.
>
> Some... Bryan Fehl

03:34 PM Revision d030ca9c: services_dhcpv6_relay fix setHelp array parameter

same thing here Phil Davis

03:16 PM Revision 13fa32eb: services_dhcp_relay fix setHelp array parameter

Another one using the old array format. Phil Davis

03:02 PM Revision 2241553c: Rever changes escaping '%' chars in help text. No longer required.

Steve Beaver

02:35 PM pfSense Packages Feature #7221 (Feedback): ACME package : add standalone mode & specify port used

Added standalone HTTP and TLS options with configurable port.
A bind address isn't going to be viable at the momen... Jim Pingle

02:07 PM Revision c74b018d: Only use sprintf in setHelp() if more than one argument is received

This should eliminate all the issues caused by packages with embedded '%' in their text Steve Beaver

01:50 PM pfSense Packages Bug #7218 (Feedback): acme_inc.sh hard codes 'HMAC-MD5.SIG-ALG.REG.INT' for nsupdate key types

Fixed in ACME 0.1.11 which was just pushed, you can now choose the key type and algorithm. Jim Pingle

12:43 PM Bug #7209: Something is seriously wrong with firewall aliases

No, I haven't tried it on 2.4 yet, however I digged into sources on 2.3.2_p1 and reproduced it step-by-step while col... Dmitry Kernel

10:52 AM Bug #7209: Something is seriously wrong with firewall aliases

Did you try it on 2.4 as requested?
Either you are leaving out a config state/step or it's not an issue we can rep... Jim Pingle

10:30 AM Bug #7209: Something is seriously wrong with firewall aliases

What? Rejected based on _assumptions_ that it _possibly_ just me screwed up something on my instance or that it _poss... Dmitry Kernel

12:38 PM pfSense Packages Bug #7236: ACME - DNS-NSupdate badly misformatted GUI

Whole lot better indeed. ;)
!https://i.imgsafe.org/b65eeb532c.png! Kill Bill

11:24 AM pfSense Packages Bug #7236 (Feedback): ACME - DNS-NSupdate badly misformatted GUI

Finally figured it out, fix is coming in 0.1.10 that I just pushed. Also made the box take up the whole width. Jim Pingle

09:45 AM pfSense Packages Bug #7236: ACME - DNS-NSupdate badly misformatted GUI

That would be a better fit for a separate bug report. This formatting issue is enough of a PITA on its own. Jim Pingle

09:44 AM pfSense Packages Bug #7236: ACME - DNS-NSupdate badly misformatted GUI

Yeah, I also failed to find any relevant code fix. LOL.
Also, the first row in the "Table" does not autoexpand the... Kill Bill

09:39 AM pfSense Packages Bug #7236 (Confirmed): ACME - DNS-NSupdate badly misformatted GUI

I've been looking at that but not having any luck so far. The code, by all appearances, should be taking up the whole... Jim Pingle

09:33 AM pfSense Packages Bug #7236 (Resolved): ACME - DNS-NSupdate badly misformatted GUI

This one's so bad that I have no clue what to enter where.
!https://i.imgsafe.org/b3aab299c4.png! Kill Bill

11:46 AM pfSense Packages Bug #7237: ACME - first table row on certs tab does not autoexpand the fields

Well yeah, the thing is not exactly simple readable code :D Being hidden wouldn't really be much of an issue if peopl... Kill Bill

11:36 AM pfSense Packages Bug #7237 (Confirmed): ACME - first table row on certs tab does not autoexpand the fields

The input validation does need work but it's going to be rather complex to pull off. That should probably be a separa... Jim Pingle

11:23 AM pfSense Packages Bug #7237: ACME - first table row on certs tab does not autoexpand the fields

Also, apparently there's lack of input validation here (i.e., at least those fields should be required so that people... Kill Bill

09:51 AM pfSense Packages Bug #7237 (Resolved): ACME - first table row on certs tab does not autoexpand the fields

In the Domain SAN list, the first row in the table does not auto-expand the fields with required settings. See screen... Kill Bill

09:49 AM Revision 5dd8682c: setHelp format for services_captiveportal

Phil Davis

09:21 AM Revision 310f4f21: Part fix #7233 keep correct staticmap_array_index

The index needs to be incremented even for entries that were skipped for display because they (for whatever reason) h... Phil Davis

09:21 AM Revision 743c13ce: Merge pull request #3507 from phil-davis/patch-3

Renato Botelho

09:17 AM Revision 9aa3c5e8: Part fix #7233 keep correct staticmap_array_index

The index needs to be incremented even for entries that were skipped for display because they (for whatever reason) h... Phil Davis

09:05 AM Revision c940afee: Part Fix #7233 Allow deletion of empty static map entries

(cherry picked from commit 2ea70e1a474fd871a007c76841f2a33f34082c58) Phil Davis

09:04 AM Revision 7d7dd2cc: Merge pull request #3506 from phil-davis/patch-2

Renato Botelho

08:13 AM Revision dd83f869: 2nd try. . .

/etc/inc/util.inc:
- arp_get_mac_by_ip() updated to support IPv6
- attempt at code streamline
/usr/local/www/service... → luckman212

07:38 AM pfSense Packages Bug #6690: SURICATA IPS Issue - Kills VLANS & Traffic Shaper

Kill Bill wrote:
> There's already #6023 for netmap + shaping.
"Shaping" is a hack that shouldn't have happened. Jim Thompson

07:37 AM pfSense Packages Bug #6690: SURICATA IPS Issue - Kills VLANS & Traffic Shaper

Steven Kreitzer wrote:
> Sandeep K V wrote:
> > Hi Steven Kreitzer and Jim Thompson isn't this the expected way the... Jim Thompson

05:41 AM pfSense Packages Bug #6690: SURICATA IPS Issue - Kills VLANS & Traffic Shaper

In general, I'd say people who wish to use Snort/Suricata as IPS should look into divert sockets instead. The netmap ... Kill Bill

04:26 AM Revision 2ea70e1a: Part Fix #7233 Allow deletion of empty static map entries

Phil Davis

04:05 AM Bug #7164: NTP page allows adding more time server rows than it saves to the configuration

Build 2.4.0.b.20170207.2344
Test:
* Under Services -> NTP
* Attempt to add 11 server addresses
Result: Er... James Snell

04:05 AM Bug #7226 (Resolved): Package installation message is incomplete

Renato Botelho

03:54 AM Bug #7226: Package installation message is incomplete

Build 2.4.0.b.20170207.2344
Test actions:
* Install tftpd
* Remove tftpd
The status displays the packag... James Snell

03:59 AM pfSense Packages Bug #7229: Package Manager Update "Suricata" failed

Actually i copied the failure message from the one i've found in pfsense forum, but mine was very similar. Problem is... E P

03:44 AM Bug #7167: Error creating higher VLAN ID on SG-1000

Just to be sure, did you put a firewall pass rule onto the interface that is the VLAN? It will need that in order to ... Phillip Davis

03:40 AM Bug #7167: Error creating higher VLAN ID on SG-1000

I have updated to ... Constantine Kormashev

03:10 AM Bug #7233 (Feedback): Status DHCP Leases can have incorrect index for edit action

Applied in changeset commit:2ea70e1a474fd871a007c76841f2a33f34082c58. Phillip Davis

01:47 AM Bug #7235 (New): 4860 has not got significant IPsec performance rising with enabled HW acceleration

During IPsec performance tests on 4860 I did not observe significant IPsec performance increasing if HW acceleration ... Constantine Kormashev

01:24 AM Bug #7234 (Closed): ntpd overload during IPsec session without HW acceleration

During performance test 2440 I noticed quite strange behavior of ntpd. One overloads CPU core during IPsec session if... Constantine Kormashev

02/07/2017

10:29 PM Bug #7233: Status DHCP Leases can have incorrect index for edit action

PR https://github.com/pfsense/pfsense/pull/3506 will let people delete an empty entry, if they get one somehow. Phillip Davis

10:13 PM Bug #7233: Status DHCP Leases can have incorrect index for edit action

Pull Request https://github.com/pfsense/pfsense/pull/3505 to make sure the index counter in status_dhcp_leases keeps ... Phillip Davis

10:07 PM Bug #7233 (Resolved): Status DHCP Leases can have incorrect index for edit action

Forum: https://forum.pfsense.org/index.php?topic=125180.0
In the past, somehow (and I have seen it on systems of m... Phillip Davis

09:35 PM Revision 0f742e51: diag_backup do not use button text for comparisons

(cherry picked from commit 9a7e1c9580c5779c86bc97d6d82c43401c7a4b12) Phil Davis

09:35 PM Revision b0eb674f: Merge pull request #3486 from phil-davis/diag-backup

Renato Botelho

08:34 PM Bug #7230 (Resolved): wizard.php - update_config_field() uses eval to set a value in a way that allows variable protections to be bypassed

Fixed Jim Pingle

01:40 PM Bug #7230 (Feedback): wizard.php - update_config_field() uses eval to set a value in a way that allows variable protections to be bypassed

Applied in changeset commit:5baea4da88fd6c093582d9c3e9b67cce5d6a1013. Jim Pingle

01:29 PM Bug #7230 (Resolved): wizard.php - update_config_field() uses eval to set a value in a way that allows variable protections to be bypassed

update_config_field() in wizard.php needs to use eval to construct a variable name that is several array levels deep.... Jim Pingle

08:31 PM Bug #7227 (Resolved): pkg.php - "pkg_filter" is not encoded before output

Fixed Jim Pingle

10:50 AM Bug #7227 (Feedback): pkg.php - "pkg_filter" is not encoded before output

Applied in changeset commit:6ac61204bc9e4cff54c818ecc71d20d2626a02e1. Jim Pingle

10:45 AM Bug #7227 (Resolved): pkg.php - "pkg_filter" is not encoded before output

On pkg.php "pkg_filter" is not encoded before output - It requires a package use pkg.php and that it has include_filt... Jim Pingle

08:26 PM Bug #7228 (Resolved): easyrule.php: Use of GET allows rule to be added without CSRF protection

Fixed Jim Pingle

12:40 PM Bug #7228 (Feedback): easyrule.php: Use of GET allows rule to be added without CSRF protection

Applied in changeset commit:0f026089f65d92328d680443de5f9a90af50115c. Jim Pingle

12:34 PM Bug #7228 (Resolved): easyrule.php: Use of GET allows rule to be added without CSRF protection

easyrule.php allows parameters passed by GET without a confirmation step, which makes it possible to add firewall rul... Jim Pingle

08:26 PM Bug #7225 (Resolved): pkg_mgr_install.php "from" and "to" parameters are not validated or encoded before output

Fixed Jim Pingle

10:20 AM Bug #7225 (Feedback): pkg_mgr_install.php "from" and "to" parameters are not validated or encoded before output

Applied in changeset commit:2c06742d784cb7ec85151327fd753536d98fbcc1. Jim Pingle

10:14 AM Bug #7225 (Resolved): pkg_mgr_install.php "from" and "to" parameters are not validated or encoded before output

The "from" and "to" parameters on pkg_mgr_install.php need htmlspecialchars() before output or they can be used as an... Jim Pingle

07:31 PM Revision d3da9c7d: Rather than setting the value directly, minimize exposure to eval() in update_config_field() from wizard.php by constructing a variable reference, then set the value using the reference rather than passing user input through eval(). Fixes #7230

Jim Pingle

07:31 PM Revision 2c5c799a: Rather than setting the value directly, minimize exposure to eval() in update_config_field() from wizard.php by constructing a variable reference, then set the value using the reference rather than passing user input through eval(). Fixes #7230

Jim Pingle

07:30 PM Revision 5baea4da: Rather than setting the value directly, minimize exposure to eval() in update_config_field() from wizard.php by constructing a variable reference, then set the value using the reference rather than passing user input through eval(). Fixes #7230

Jim Pingle

07:02 PM pfSense Packages Bug #7190 (Feedback): pfSense-pkg-acme Bug - php errors on pages that list certificates when no LE Certs have been created yet (eg Cert. Manager - Certificates, OpenVPN - Servers)

PR was merged Jim Pingle

07:01 PM Feature #7193 (Feedback): NTP process PGRMF

PR merged Jim Pingle

06:37 PM Revision f0cf40f9: Convert easyrule.php to use a confirmation landing page so that the parameters can be submitted via POST. Also, remove the JavaScript confirmation box since it is now redundant. Fixes #7228

The confirmation page displays the submitted parameters for an extra user sanity check. Also fixed a bunch of page fo... Jim Pingle

06:37 PM Revision 4cef56bf: Convert easyrule.php to use a confirmation landing page so that the parameters can be submitted via POST. Also, remove the JavaScript confirmation box since it is now redundant. Fixes #7228

The confirmation page displays the submitted parameters for an extra user sanity check. Also fixed a bunch of page fo... Jim Pingle

06:35 PM Revision 0f026089: Convert easyrule.php to use a confirmation landing page so that the parameters can be submitted via POST. Also, remove the JavaScript confirmation box since it is now redundant. Fixes #7228

The confirmation page displays the submitted parameters for an extra user sanity check. Also fixed a bunch of page fo... Jim Pingle

06:01 PM Revision 4ebe5abd: Merge pull request #3504 from phil-davis/patch-1

Renato Botelho

05:54 PM Bug #7222: Encryption No Longer Enforced for Email Notifications

Kill Bill wrote:
> NOYB NOYB wrote:
> > My guess is pear Mail will never be patched to fix this STRIPTLS security h... NOYB NOYB

05:14 PM Bug #7222: Encryption No Longer Enforced for Email Notifications

NOYB NOYB wrote:
> My guess is pear Mail will never be patched to fix this STRIPTLS security hole.
Well, certain... Kill Bill

04:22 PM Bug #7222: Encryption No Longer Enforced for Email Notifications

Jim Pingle wrote:
> Lobby to the PEAR crew to import the patch and we'll add support once it's in there. We have mai... NOYB NOYB

03:51 PM Bug #7222 (Needs Patch): Encryption No Longer Enforced for Email Notifications

Lobby to the PEAR crew to import the patch and we'll add support once it's in there. We have maintained a lot of cust... Jim Pingle

03:43 PM Bug #7222: Encryption No Longer Enforced for Email Notifications

Kill Bill wrote:
> Well, I'd hazard to say because it's just another thing to maintain with pretty much no gain? Wan... NOYB NOYB

03:04 PM Bug #7222: Encryption No Longer Enforced for Email Notifications

Well, I'd hazard to say because it's just another thing to maintain with pretty much no gain? Want to be sure TLS is ... Kill Bill

02:58 PM Bug #7222: Encryption No Longer Enforced for Email Notifications

Why can't pfSense customization be made to the pear Mail package, like is done for some others packages, to add the r... NOYB NOYB

07:46 AM Bug #7222: Encryption No Longer Enforced for Email Notifications

We switched over to the Pear Mail package and at the moment I'm not seeing any equivalent option in their code. It wo... Jim Pingle

05:10 AM Bug #7222: Encryption No Longer Enforced for Email Notifications

That wasn't worded very well. Strike that first sentence. This has nothing to do with the "Enable SMTP over SSL/TLS... NOYB NOYB

01:51 AM Bug #7222 (Needs Patch): Encryption No Longer Enforced for Email Notifications

The "Enable SMTP over SSL/TLS" option does not enforce the use of encryption.
Previous versions also had "Enable S... NOYB NOYB

05:06 PM Revision 9570449e: interfaces_ppps_edit remove embedded HTML from setHelp string

There was only one of these remaining to do. Phil Davis

04:58 PM Revision dcef6e2d: interfaces_ppps_edit fixes that will work on 2.3.3 also

1) Make "The MTU is too big" message actually come out. The code around line 300 was rubbish (maybe from before boots... Phil Davis

04:58 PM Revision 1c0e0eae: Merge pull request #3501 from phil-davis/patch-1

Renato Botelho

04:52 PM Revision 36245b2f: Fix #7226 Package installation message is incomplete

This makes it remember pkgname after the install finishes and the form is re-submitted.
(cherry picked from commit d1... Phil Davis

04:52 PM Revision bac8e353: Merge pull request #3503 from phil-davis/patch-3

Renato Botelho

04:52 PM Revision c0e46e9a: pkg_mgr_install remove embedded HTML from result strings

(cherry picked from commit 682008ff758b942d85ed007b485e0b2fa8e3a11c) Phil Davis

04:52 PM Revision 71dbe3f2: Merge pull request #3502 from phil-davis/patch-2

Renato Botelho

04:48 PM Revision ed7bfaa4: Encode the contents of pkg_filter before output. Fixes #7227

Jim Pingle

04:48 PM Revision 7100f041: Encode the contents of pkg_filter before output. Fixes #7227

Jim Pingle

04:45 PM Revision 6ac61204: Encode the contents of pkg_filter before output. Fixes #7227

Jim Pingle

04:42 PM Revision d12bc864: Fix #7226 Package installation message is incomplete

This makes it remember pkgname after the install finishes and the form is re-submitted. Phil Davis

04:31 PM Feature #2358: NAT64 support

Would like to see support for NAT64/DNS64 in pfsense. Deployment of DNS64 outside of the gateway is somewhat convolu... Joel Whitehouse

04:29 PM Revision 682008ff: pkg_mgr_install remove embedded HTML from result strings

Phil Davis

04:15 PM pfSense Packages Bug #7223: IPv4 Rules not working in Inline Mode

That's very interesting to know that we are having similar issues Joe!
I hope that either this can be resolved or ... James Webb

03:57 PM pfSense Packages Bug #7223: IPv4 Rules not working in Inline Mode

James Webb wrote:
> James Webb wrote:
> > Kill Bill wrote:
> > > Your own IP as in something from HOME_NET? Not ex... Joe Cordon

01:56 PM pfSense Packages Bug #7223: IPv4 Rules not working in Inline Mode

James Webb wrote:
> Kill Bill wrote:
> > Your own IP as in something from HOME_NET? Not exactly useful test either.... James Webb

07:56 AM pfSense Packages Bug #7223: IPv4 Rules not working in Inline Mode

Kill Bill wrote:
> Your own IP as in something from HOME_NET? Not exactly useful test either. In general, taking sim... James Webb

07:52 AM pfSense Packages Bug #7223: IPv4 Rules not working in Inline Mode

Your own IP as in something from HOME_NET? Not exactly useful test either. In general, taking similar things to the f... Kill Bill

07:47 AM pfSense Packages Bug #7223: IPv4 Rules not working in Inline Mode

Kill Bill wrote:
> Just to be clear here - If you are looking at the Blocks tab, that is NOT the place to look at wi... James Webb

07:37 AM pfSense Packages Bug #7223: IPv4 Rules not working in Inline Mode

Just to be clear here - If you are looking at the Blocks tab, that is NOT the place to look at with the inline mode.
Kill Bill

07:00 AM pfSense Packages Bug #7223 (Resolved): IPv4 Rules not working in Inline Mode

After adding the following rule to custom.rules:
@drop ip [108.74.97.21, 82.132.247.191] any <> $HOME_NET any (msg... James Webb

04:14 PM Revision ede8a953: Encode 'from' and 'to' before output on pkg_mgr_install.php. Fixes #7225

Jim Pingle

04:14 PM Revision 082f3663: Encode 'from' and 'to' before output on pkg_mgr_install.php. Fixes #7225

Jim Pingle

04:14 PM Revision 2c06742d: Encode 'from' and 'to' before output on pkg_mgr_install.php. Fixes #7225

Jim Pingle

04:09 PM Revision db7a10ab: Update translation files

Renato Botelho

04:07 PM pfSense Packages Bug #7229: Package Manager Update "Suricata" failed

There is no such code in Suricata package. This is pkg(7) bug. Remove and reinstall the package. Kill Bill

12:57 PM pfSense Packages Bug #7229 (Duplicate): Package Manager Update "Suricata" failed

Error message while updating suricata to 3.1.2_2
Also happened from 3.0_7 to 3.0_8 (reported on pfsense forum: [[h... E P

04:01 PM Revision fbe1ea61: Regenerate pot

Renato Botelho

04:00 PM Revision edc4fae1: Merge pull request #3494 from lukehamburg/copy-duid-patch-2

Renato Botelho

03:48 PM Bug #7232 (Resolved): haproxy_pool_edit.php -- sprintf() too few arguments

https://github.com/pfsense/FreeBSD-ports/blob/devel/net/pfSense-pkg-haproxy/files/usr/local/www/haproxy/haproxy_pool_... kevin crawley

03:35 PM Bug #7231: Web UI does not properly remove priq shaping rules when deleting an interface which causes subsequent rule failures without warning in the UI

I think this was accidentally posted in the pkg's section. Could someone move it to the proper area of pfSense? John Barfield

03:32 PM Bug #7231 (Resolved): Web UI does not properly remove priq shaping rules when deleting an interface which causes subsequent rule failures without warning in the UI

Reproduce:
1. Provision pfSense 2.3.2 with 1 WAN and multiple LAN's.
2. Configure priq traffic shaper to limit... John Barfield

02:45 PM Bug #7209 (Rejected): Something is seriously wrong with firewall aliases

I can't reproduce this, it's possible it's a side effect of something else in your configuration. Even on 2.3.2_1 eve... Jim Pingle

01:42 PM Revision 5425b872: Add cpsw to ALTQ list now that the driver supports ALTQ. Ticket #7199

Jim Pingle

12:52 PM Revision 3cc22ff2: interfaces_ppps_edit fixes that will work on 2.3.3 also

1) Make "The MTU is too big" message actually come out. The code around line 300 was rubbish (maybe from before boots... Phil Davis

12:32 PM Revision 661f3896: Merge pull request #3484 from phil-davis/sethelp-empty

Renato Botelho

12:03 PM Revision d30a6181: Merge pull request #3500 from phil-davis/patch-5

Renato Botelho

12:00 PM Revision 795fba9e: Merge pull request #3499 from phil-davis/sethelp-review4

Renato Botelho

12:00 PM Revision 7b4d7779: Merge pull request #3497 from phil-davis/patch-3

Renato Botelho

11:59 AM Revision be9de914: Revert "setHelp formatting for interfaces.php"

This reverts commit e6068596baf4307fe3eb9866072800e4c23b6840. Renato Botelho

11:58 AM Revision e6068596: setHelp formatting for interfaces.php

There was a fair bit of it, so I have put this in its own pull request.
1) Gets HTML out of the strings that go for t... Phil Davis

11:58 AM Revision 0334f0a4: Merge pull request #3496 from phil-davis/patch-2

Renato Botelho

11:58 AM Revision baae9d9f: fbegin.inc and fend.inc obsolete

(cherry picked from commit 5af0922d75724e1eac89017173457f57842387f8) Phil Davis

11:58 AM Revision bd44e2af: fbegin.inc and fend.inc are no longer used

(cherry picked from commit c09188a21938f7b1d19fd845fa7e5b0712dd4a83) Phil Davis

11:57 AM Revision 852dcf4c: Merge pull request #3495 from phil-davis/fbegin-fend

Renato Botelho

11:40 AM Revision 690db956: Internationalization graph.php

1) A few extra strings to be translated.
2) The scale_type code values 'up' and 'follow' need to be kept as those str... Phil Davis

11:39 AM Revision d2500121: Merge pull request #3487 from phil-davis/patch-1

Renato Botelho

11:35 AM Revision eaa726b5: Update help message for Zone ID for new region requirement

(cherry picked from commit 49f90f17bfaf2422d56160ad06ef5e2513beb1ba) Jason McCormick

11:35 AM Revision 3d7921e8: implement AWS API v4 signing

(cherry picked from commit ac5ee07ee1daef2f43e728895290ca6d11efe0f3) Jason McCormick

11:35 AM Revision b6461e84: commit initial fix; need to add hooks for region to zone id

(cherry picked from commit cb5961d1fa64a45cbec5ef5d677b57f8d62f50b5) Jason McCormick

11:34 AM Revision 7a9e0470: Merge pull request #3473 from jxmx/7206_route53

Renato Botelho

11:23 AM Bug #3681: Email notifications don't work with IPv6-only SMTP servers

@smtp.inc@ is gone from 2.4, it's using pear-Net_SMTP and other pear stuff. This bug is not really relevant any more. Kill Bill

09:49 AM Bug #3681: Email notifications don't work with IPv6-only SMTP servers

Maybe this could help? (Although it's in norweign, the code itself is pretty easy and simple)
http://www.webforumet.... Marcel Hellwig

11:14 AM Revision 93eae66f: license.php getext formats and breadcrumbs

1) I added a breadcrumb because the "?" "help on this page" icon does not display nicely without the breadcrumbs sect... Phil Davis

11:00 AM Bug #7226 (Feedback): Package installation message is incomplete

Applied in changeset commit:d12bc864ceb5d656fc094bde7cf5ec96e24bdde9. Phillip Davis

10:43 AM Bug #7226: Package installation message is incomplete

See PR https://github.com/pfsense/pfsense/pull/3503 Phillip Davis

10:23 AM Bug #7226: Package installation message is incomplete

I noticed this on 2.4-BETA, and tried 2.3.3-DEVELOPMENT and 2.3.2-p1 and they all do this.
I suspect this is due t... Phillip Davis

10:19 AM Bug #7226 (Resolved): Package installation message is incomplete

Install, reinstall or delete a package. At successful end of the action a message is given in the GUI like:
'pfSen... Phillip Davis

10:20 AM Revision 7ae1b34f: setHelp and getttext for i*.php files

Phil Davis

10:07 AM Feature #7224: Abandon rate in favor of iftop

While it would be nice, the output from iftop is not printed in a way that would be easy to parse programmatically.
... Jim Pingle

09:45 AM Feature #7224 (Duplicate): Abandon rate in favor of iftop

Due to the lack of ipv6 functionality in rate and also it's development state (not developed since 2011, please corre... Marcel Hellwig

08:48 AM Revision 398821c4: interfaces_bridge_edit setHelp and input_errors formatting

This had enough things to be worth its own pull request.
1) Get embedded HTML out of setHelp etc strings.
2) Fix some... Phil Davis

07:54 AM Bug #7202: "Warning: sprintf(): Too few arguments in /usr/local/www/classes/Form/Group.class.php on line 65 Call Stack:

Installed build 2.4.0.b.20170207-1441 and same errors appears in
* Services > Squid Proxy Server
* Services > Squ... Helio Tadao Goto

07:44 AM Feature #7199: SG-1000 cpsw nics don't support ALTQ

It loads shaper rules without error, I see traffic in queues. I pushed a commit to is_altq_capable() in interfaces.in... Jim Pingle

07:39 AM Revision 4d0c9c59: setHelp formatting for interfaces.php

There was a fair bit of it, so I have put this in its own pull request.
1) Gets HTML out of the strings that go for t... Phil Davis

05:36 AM Bug #7206 (Feedback): Authentication Method Used in Bug 6751 Removed by Amazon

PR has been merged, thanks! Renato Botelho

01:15 AM Revision 5af0922d: fbegin.inc and fend.inc obsolete

Phil Davis

02/06/2017

05:59 PM pfSense Packages Bug #7211: DNS Made Easy ACME script not parsing domain IDs properly

I tried applying that patch to the script on my pfSense install, and the ACME challenge process worked just fine afte... Chris Gelatt

04:50 PM Revision c09188a2: fbegin.inc and fend.inc are no longer used

Phil Davis

04:34 PM pfSense Packages Feature #7221: ACME package : add standalone mode & specify port used

In acme.sh there are several options:
*Standalone mode:*
@acme.sh --issue -d aa.com --standalone --httpport 8... Frederic Lietart

04:30 PM pfSense Packages Feature #7221 (Resolved): ACME package : add standalone mode & specify port used

Added the standalone mode, to be able to specify port used for the challenge and the possibility to automatically ope... Frederic Lietart

04:08 PM Revision 71c45eca: add Copy DUID convenience button

- adds `Copy DUID` convenience button/js
- no page refresh or AJAX → luckman212

04:01 PM Revision 478e8919: enhancements to services_dhcp_edit.php

- added ndp call to get MAC addr if remote client is connected via IPv6
- automatically hide `Copy MAC` button if arp... → luckman212

03:55 PM Revision c1387957: Add .zanata-cache to .gitignore

Renato Botelho

03:55 PM Revision 328f2789: Revert PERL related default options from net-mgmt/net-snmp

(cherry picked from commit 282d025d9756ba8ace2bcfa092e87d5ad6d338da) Danilo Baio

03:55 PM Revision 6b416a15: Revert PERL related default options from net-mgmt/net-snmp

(cherry picked from commit 282d025d9756ba8ace2bcfa092e87d5ad6d338da) Danilo Baio

03:54 PM Revision 07850c91: Merge pull request #3488 from dbaio/master

Renato Botelho

03:53 PM Revision 73c8e3e6: Merge pull request #3490 from phil-davis/sethelp-review3

Renato Botelho

03:50 PM Revision ef7cf05a: Merge pull request #3491 from phil-davis/patch-2

Renato Botelho

03:43 PM Revision 21e768ec: Do not attempt to translate '-DIVIDER-'

'-DIVIDER-' is a keyword here. If someone does translate this, then the divider is going to go missing when in their ... Phil Davis

03:38 PM Revision f8a1be56: user/local/www inc file gettext improvements

Phil Davis

03:27 PM Bug #6937: Inbound traffic on enc0 is not creating a state with mobile IPsec

No change on the latest snap built after that commit. Jim Pingle

02:07 PM Bug #6937 (Feedback): Inbound traffic on enc0 is not creating a state with mobile IPsec

Jimp, can you check the latest build ?
Relevant commit: https://github.com/pfsense/FreeBSD-src/commit/5d8a65f506d8... Luiz Souza

02:04 PM Feature #7199 (Feedback): SG-1000 cpsw nics don't support ALTQ

Should work now: https://github.com/pfsense/FreeBSD-src/commit/b95dbdb097fd2d5b148098bcc68e1f57b7dab544 Luiz Souza

01:58 PM pfSense Packages Bug #7205 (Feedback): ACME package ignores DNS-Manual method, defaults to http-01

Fixed in acme pkg version 0.1.8 which will be available shortly Jim Pingle

01:25 PM pfSense Packages Bug #7208 (Feedback): ACME ftpwebroot doesn't work

Pushed a fix for this in acme pkg version 0.1.7, will be available shortly. Jim Pingle

01:17 PM Revision 282d025d: Revert PERL related default options from net-mgmt/net-snmp

Danilo Baio

12:54 PM Revision 678f1131: Internationalization graph.php

1) A few extra strings to be translated.
2) The scale_type code values 'up' and 'follow' need to be kept as those str... Phil Davis

12:40 PM Revision c728ede6: Merge pull request #3465 from phil-davis/system-widget-filter

Renato Botelho

12:16 PM Revision 4ff3ad47: Revert "Commit updates to the locale messages as best I can"

This reverts commit 7b25b213ee572f9d5471c29a3b3a1cff99cc55d3. Jason McCormick

12:16 PM Revision d1b8c781: Revert "fix locale as best I can"

This reverts commit e25261e4e210376e3db382a1ac52b61b9753a79c. Jason McCormick

11:44 AM Revision f6f86096: Update translation files

Renato Botelho

11:41 AM Revision ca208721: Regenerate pot

Renato Botelho

10:26 AM Revision d414b7eb: certificatemanager, don't show information from previous certificate if no cert or csr is present in the cert

(cherry picked from commit 1048585a08ac824057eea35c57fe359b9e6a48fe) Pi Ba

10:26 AM Revision 3637e667: Merge pull request #3480 from PiBa-NL/certmgr_20170206

Renato Botelho

10:20 AM Revision 85ba2f8b: Use unique var names in Input.class.php

(cherry picked from commit a66177645191359e5ce854d733e9be40ada3535b) Phil Davis

10:20 AM Revision 26bd803a: Merge pull request #3485 from phil-davis/form-var-names

Renato Botelho

10:16 AM Revision c1518def: Merge pull request #3482 from phil-davis/patch-4

Renato Botelho

10:15 AM Revision 17250753: Merge pull request #3478 from phil-davis/sethelp-review2

Renato Botelho

10:14 AM Revision e243bde0: Merge pull request #3477 from phil-davis/patch-2

Renato Botelho

10:14 AM Revision 7b05dc97: Merge pull request #3476 from phil-davis/sethelp-review1

Renato Botelho

10:11 AM Revision 4b10f802: Merge pull request #3475 from phil-davis/patch-1

Renato Botelho

09:15 AM Revision 9a7e1c95: diag_backup do not use button text for comparisons

Phil Davis

08:58 AM Revision a6617764: Use unique var names in Input.class.php

Phil Davis

08:37 AM Bug #7202: "Warning: sprintf(): Too few arguments in /usr/local/www/classes/Form/Group.class.php on line 65 Call Stack:

* System > Advanced > Firewall & NAT
* Services > DNS Resolver > Advanced
Tested, no PHP errors displayed in b... James Snell

08:21 AM Feature #7182: Break up System Widget on the Dashboard

Stage1 done - PR 3456 has been merged. So users can cut down the amount of content in the existing widget.
Now to th... Phillip Davis

08:14 AM Bug #7219 (Confirmed): vlan(4) interfaces do not have ALTQ support on pfSense 2.4, they had ALTQ support on 2.3

The problem, as stated, was incorrect. It's a problem with vlan(4) ALTQ support in general, not specific to any hardw... Jim Pingle

03:40 AM Bug #7219: vlan(4) interfaces do not have ALTQ support on pfSense 2.4, they had ALTQ support on 2.3

What version of pfSense - 2.3.2-p1, 2.3.3-DEVELOPMENT or 2.4-BETA? Phillip Davis

03:10 AM Bug #7219 (Resolved): vlan(4) interfaces do not have ALTQ support on pfSense 2.4, they had ALTQ support on 2.3

Adding a VLAN interface on the Traffic Shaper doesn't work.
rc.filter_configure_sync: New alert found: There were... Zart Zurt

07:34 AM pfSense Packages Feature #7220: ACME client port and service config

Jim Pingle wrote:
> That's a security limitation of Let's Encrypt. Nothing we can do about it.
>
> https://commun... Cristian Menghi

07:32 AM pfSense Packages Feature #7220 (Rejected): ACME client port and service config

That's a security limitation of Let's Encrypt. Nothing we can do about it.
https://community.letsencrypt.org/t/let... Jim Pingle

07:20 AM pfSense Packages Feature #7220 (Rejected): ACME client port and service config

Hi, any way to configure a port of the http server, i dont use 80 or 443 and is not possible to active letsencrypt. Cristian Menghi

07:31 AM pfSense Packages Bug #1620: Can't use transparent proxy when using bridge.

I ran some tests with this and was unable to make it work. Adding 'route-to lo0' to the pass rule did not allow this ... Steve Wheeler

06:43 AM pfSense Packages Bug #7218 (Confirmed): acme_inc.sh hard codes 'HMAC-MD5.SIG-ALG.REG.INT' for nsupdate key types

There are several assumptions that had to be made there for the time being to get it working in a basic fashion (key ... Jim Pingle

06:06 AM Revision 500272bb: Do not pass empty string to gettext

Phil Davis

04:55 AM pfSense Packages Bug #7197 (Resolved): Freeradius ldap authentication failed after update 1.7.5 to 1.7.6

Renato Botelho

03:55 AM Revision 1e3443df: Remove unused restore_ver from diag_backup

I cannot see where this is used any more. The functionality seems to now be done in diag_confbak Phil Davis

01:44 AM Revision f64a22e8: Escape '%' in help text

Steve Beaver

12:36 AM Revision 1048585a: certificatemanager, don't show information from previous certificate if no cert or csr is present in the cert

Pi Ba

12:34 AM Bug #7167 (Feedback): Error creating higher VLAN ID on SG-1000

Fixed in the latest snapshot. Luiz Souza

12:31 AM Bug #7166: During bandwidth test 4860 with 2.4 got Fatal trap 12: page fault while in kernel mode

This may be the tradeoff of the fix, in reality won't disable the multiple queues but only one is going to be used an... Luiz Souza

12:11 AM Bug #6257 (Resolved): Kernel panic with ALTQ

Fixed in 2.4. Luiz Souza

02/05/2017

11:49 PM pfSense Packages Bug #7218: acme_inc.sh hard codes 'HMAC-MD5.SIG-ALG.REG.INT' for nsupdate key types

The file is acme_sh.inc not acme_inc.sh. Anonymous

11:47 PM pfSense Packages Bug #7218 (Resolved): acme_inc.sh hard codes 'HMAC-MD5.SIG-ALG.REG.INT' for nsupdate key types

'HMAC-MD5.SIG-ALG.REG.INT' is hardcoded in acme_inc.sh so that is the only type of key that can be used for dns-nsupd... Anonymous

07:45 PM Bug #7202: "Warning: sprintf(): Too few arguments in /usr/local/www/classes/Form/Group.class.php on line 65 Call Stack:

Got it. Thanks. Anonymous

07:28 PM Bug #7202: "Warning: sprintf(): Too few arguments in /usr/local/www/classes/Form/Group.class.php on line 65 Call Stack:

I just did a click through every page that my device has and found one more for which I couldn't find an existing rep... Jakub Osika

06:55 PM Bug #7202: "Warning: sprintf(): Too few arguments in /usr/local/www/classes/Form/Group.class.php on line 65 Call Stack:

System -> Advanced -> Firewall & NAT has already been fixes and will be in the next snap
The two Squid warnings were... Anonymous

06:23 PM Bug #7202: "Warning: sprintf(): Too few arguments in /usr/local/www/classes/Form/Group.class.php on line 65 Call Stack:

SG-1000
2.4.0.b.20170204.2301
I was getting this issue on the Status Page. Can confirm that it is now resolved.
... Jakub Osika

02:09 PM pfSense Packages Feature #7217 (Rejected): x hrs per day total

That isn't possible in pf. If you need time quotas, you'll have to use something that can hook into RADIUS for accoun... Jim Pingle

02:06 PM pfSense Packages Feature #7217 (Rejected): x hrs per day total

Currently there is a schedule feature in pfsense, where you can allow an IP from 4pm to 5:59pm for example, Mo-Su
... Marcel Beerli

12:59 PM Revision 1a147fcd: setHelp and gettext changes for firewall* pages

Phil Davis

12:37 PM Revision 01b34665: Firewall Rules Edit translate Source and Destination

These bits were not translating.
Line 1406 could possibly be like:
```
$group = new Form_Group($name . ' ' . gettext... Phil Davis

11:39 AM Bug #7214: OpenVPN dh parameters above 4096 are not in /etc/

Duplicate of Bug #6962 and fixed in 2.4 as noted above. Move on. Kill Bill

11:11 AM Bug #7214: OpenVPN dh parameters above 4096 are not in /etc/

Sorry if I wasn't clear, and this very well could have been fixed already in 2.4.
The main issue on 2.3 is not tha... Anonymous

09:28 AM Bug #7149: igb driver queue related crashes

After completely removing the queues entry in loader.conf.local and more than 5 days uptime, I think this issue is re... Anonymous

09:23 AM pfSense Packages Bug #6511: In some circumstances the HAProxy clone front-end button can add blank list entries to the front end being cloned resulting in a config that cannot be applied.

Works fine here with pfSense-pkg-haproxy-0.52_4. Kill Bill

08:18 AM pfSense Packages Bug #7215 (Not a Bug): ACME challenge fails

Jim Pingle

05:49 AM pfSense Packages Bug #7215: ACME challenge fails

This is not a bug. The webroot method assumes you have a webserver already running. It won't run any webserver on its... Kill Bill

03:57 AM pfSense Packages Bug #7215 (Not a Bug): ACME challenge fails

ACME challenge fails for "webroot local folder" method because no web server is listening on HTTP 80.
Setup:
1. p... Dmitriy K

07:35 AM Revision 5db70796: Remove HTML from strings in diags files

Phil Davis

07:15 AM pfSense Packages Bug #7211: DNS Made Easy ACME script not parsing domain IDs properly

Has been fixed upstream for a while:
https://github.com/Neilpang/acme.sh/commit/3cf85634ebb955ecee7616e88f4e1cef4458... Martin Lathoud

07:11 AM Feature #7216: Allow user to choose date display format

Comments please, if there is more/different flexibility that would be useful. Phillip Davis

07:10 AM Feature #7216 (New): Allow user to choose date display format

In various places dates and times are displayed, e.g. rule creation and update date/time stamp.
It would be nice if ... Phillip Davis

04:34 AM Revision 08dbe1c5: Remove HTML from translated shaper setHelp

and sections must not be translated - examples of IP address formats 255.255.255.255 and so on. Phil Davis

03:14 AM Revision dfbc9267: Merge pull request #3469 from phil-davis/fw-nat-out-edit-other-subnet

Steve Beaver

03:13 AM Revision 76f23988: Merge pull request #3472 from phil-davis/patch-2

Steve Beaver

03:13 AM Revision c846ce45: Merge pull request #3474 from lukehamburg/lukehamburg-patch-1

Steve Beaver

03:11 AM Revision 772faea6: Merge pull request #3471 from phil-davis/patch-1

Steve Beaver

02/04/2017

08:54 PM Bug #7214 (Not a Bug): OpenVPN dh parameters above 4096 are not in /etc/

You have to make them yourself if you want to use the larger ones.
Non-existing entries are hidden on 3.Here is wh... Jim Pingle

08:17 PM Bug #7214 (Not a Bug): OpenVPN dh parameters above 4096 are not in /etc/

In 2.3.2 (didn't check earlier versions) there is an option to select the dh parameter length when configuring a new ... Anonymous

08:40 PM Revision bdeec29d: Add a '.' to the help text for consistency

→ luckman212

08:21 PM Revision e402b079: Do not sort the list of locales. That way it is easier to get to the language you want afte accidentally selecting something you no longer understand.

Steve Beaver

08:10 PM Revision 1e0c91d3: Fixed embedded '%' that was breaking setText.

Steve Beaver

07:13 PM Bug #7213 (Resolved): Hyper-V install, no disk found

*Issue:* When installing 2.4 on Hyper-V 2012R2 Gen1 VM, the installer does not see any drives.
*Workaround:* From ... Dustin Dembeck

06:10 PM Bug #7210: Unable to set a Alias with FQDN's for IPv6 networks

I know that it doesn't mean that it is www.google.com, that wasn't the point we are talking about networks here not o... Seyfidin Hamraoui

02:28 PM Bug #7210: Unable to set a Alias with FQDN's for IPv6 networks

Well that's an interesting idea but not exactly valid. If @2a00:1450:401b:803::2004@ is www.google.com, it doesn't me... Kill Bill

10:29 AM Bug #7210: Unable to set a Alias with FQDN's for IPv6 networks

You are right /128 is not reasonable, but /64 would be nice.
Example:
www.google.com AAAA record is 2a00:1450:400... Seyfidin Hamraoui

10:24 AM Bug #7210 (Not a Bug): Unable to set a Alias with FQDN's for IPv6 networks

The hint could maybe be more clear. Network aliases can contain single hosts, and FQDN entries are always assumed to ... Jim Pingle

10:16 AM Bug #7210: Unable to set a Alias with FQDN's for IPv6 networks

And what exactly do you imagine to happen with a thing like www.google.com/128? Yeah, the hint is piece of crap, the ... Kill Bill

09:47 AM Bug #7210: Unable to set a Alias with FQDN's for IPv6 networks

I am using the right place. I want to create a alias for an ipv6 network not for a ipv6 host. It shoud be possible, i... Seyfidin Hamraoui

09:21 AM Bug #7210: Unable to set a Alias with FQDN's for IPv6 networks

1/ The mask is absolutely irrelevant for hostname.
2/ You are using the wrong place to do the job, select 'Hosts' fr... Kill Bill

08:51 AM Bug #7210 (Not a Bug): Unable to set a Alias with FQDN's for IPv6 networks

As soon as a FQDN is entered, the CIDR mask changes to /32, therefore it's impossible to create a alias for IPv6 netw... Seyfidin Hamraoui

06:09 PM Revision e25261e4: fix locale as best I can

Jason McCormick

06:08 PM Revision 7b25b213: Commit updates to the locale messages as best I can

Jason McCormick

05:56 PM Revision 49f90f17: Update help message for Zone ID for new region requirement

Jason McCormick

05:49 PM Revision ac5ee07e: implement AWS API v4 signing

Jason McCormick

05:35 PM Revision 1c3608b3: system_advanced_admin remove href from setHelp strings

I think that giving long strings that contain various HTML tags in-line through for translation is going to be error-... Phil Davis

05:09 PM Revision 31d71150: system_advanced_admin remove setHelp array

Phil Davis

04:57 PM Feature #7212 (New): Provide Driver for SG-1000 Crypto Accelerator

As per this thread, there is no FREEBSD driver available for the SG-1000 crypto accelerator:
https://forum.pfsense... Greg Siemon

04:24 PM pfSense Packages Bug #7211 (Resolved): DNS Made Easy ACME script not parsing domain IDs properly

I'm currently running pfSense 2.3.2_1, and I tried the new ACME package (0.1.5) with DNS Made Easy verification. How... Chris Gelatt

02:10 PM Bug #7202: "Warning: sprintf(): Too few arguments in /usr/local/www/classes/Form/Group.class.php on line 65 Call Stack:

Fixed. Thanks for finding those. Embedded '%' that needed to be escaped. Anonymous

01:30 PM Bug #7202: "Warning: sprintf(): Too few arguments in /usr/local/www/classes/Form/Group.class.php on line 65 Call Stack:

Seeing the same issue as Dustin on System > Advanced > Firewall. Tested with 2.4.0.b.20170203.2002. → luckman212

01:18 PM Revision dd4ecd98: Fix firewall_nat_out_edit dependency on English

Phil Davis

12:20 PM Bug #7206: Authentication Method Used in Bug 6751 Removed by Amazon

Also, wanted to note that the use of v4 signing enables newer regions that didn't support the legacy authentication t... Jason McCormick

12:17 PM Bug #7206: Authentication Method Used in Bug 6751 Removed by Amazon

I've tested changes and created a pull request to resolve this issue: https://github.com/pfsense/pfsense/pull/3473.
... Jason McCormick

11:36 AM Bug #7185: DHCP6c SIGTERM, SIGKILL

Yes, they are both 'hopefully' put to sleep with the changes done in the script patch I sent you and with dhcp6c chan... Martin Wasley

10:21 AM Bug #7185: DHCP6c SIGTERM, SIGKILL

Patch is working well so far!
I think possibly #6944 and #7145 should be merged into this ticket? → luckman212

09:48 AM Bug #6848: Do not create an IPv4/6 gateway for an interface without according IPv4/6 address

Confirmed that affects OpenVPN clients that get assigned interfaces. I am running latest snap 2.4.0.b.20170203.2002. → luckman212

02:44 AM Bug #7187: IPSec IKEv2 additional P2 not written to config

By enabling _Split connections_ on P1 I was able to make it work, and now _statusall_ shows all the routing.
I don... Lorenzo Milesi

02:30 AM Revision f5d762f9: System Information widget filter gettext()

Phil Davis

02:11 AM Bug #7209 (Rejected): Something is seriously wrong with firewall aliases

pfS version is 2.3.2-p1.
Unbound host overrides used in FW aliases:
- server.home 192.168.201.1
-- nas.home ... Dmitry Kernel

01:21 AM Revision cb5961d1: commit initial fix; need to add hooks for region to zone id

Jason McCormick

02/03/2017

11:58 PM pfSense Packages Bug #6875 (Not a Bug): dpinger not switching icmp id automatically

Jim Thompson

11:38 PM pfSense Packages Bug #6875: dpinger not switching icmp id automatically

I think the report is erroneous. There should be no state association beyond a single ICMP Echo Request and it's Echo... Denny Page

11:37 PM Bug #6913: install on Hyper-v R2

Broken again.
https://forum.pfsense.org/index.php?topic=124915.0 Kill Bill

09:26 PM pfSense Packages Bug #7208 (Resolved): ACME ftpwebroot doesn't work

Below is the output of trying to use ftpwebroot. I redacted some data. As you can see from the log it doesn't appea... Anonymous

07:45 PM Bug #7207 (Closed): Updates and Package Manager broken when pfSense accessed via SSH port forward

Hello,
i am still setting up my pfSense device, so at this point it is just a client device connected to my netwo... Igor Pruchanskiy

07:27 PM Bug #7206: Authentication Method Used in Bug 6751 Removed by Amazon

Service no longer works in that is receives a signing error even though all details are correct. Jason McCormick

07:19 PM Bug #7206 (Resolved): Authentication Method Used in Bug 6751 Removed by Amazon

It appears that Route53 has stopped working with the AWS3-HTTP authentication method sometime in the last month. This... Jason McCormick

06:57 PM Revision ab2e7a2e: Build acme pkg

Jim Pingle

06:00 PM pfSense Packages Bug #7205 (Resolved): ACME package ignores DNS-Manual method, defaults to http-01

My initial run using DNS-Manual as the method failed with the log suggesting DNS was ignored and http-01 was attempte... Tim Gladding

05:31 PM Revision 70ada819: Remove infra scripts

Renato Botelho

05:15 PM Revision f21d286d: Add license and copyright

Renato Botelho

04:45 PM Revision 681264e0: Add a script to update translations

Renato Botelho

04:39 PM Revision e64fed52: Update translation files

Renato Botelho

04:34 PM Revision 193515b2: Regenerate pot

Renato Botelho

03:49 PM Revision 4ebcee24: Several more fixes for setHelp to assist with translation

Steve Beaver

03:21 PM pfSense Packages Feature #7189: Letsencrypt acme sync in HA environment

To confirm, with the latest Let's Encrypt package, you can get by with LE only on the primary node. It can generate t... Jim Pingle

03:07 PM Revision 4b329613: Fix #7202

Fix several sprintf errors by escaping '%'s and removing '[ ]' which had been use to pass arguments to setHelp as an ... Steve Beaver

02:31 PM Revision 4dc9ba9f: Exit when xgettext fails

Renato Botelho

02:29 PM pfSense Packages Bug #7197: Freeradius ldap authentication failed after update 1.7.5 to 1.7.6

Thanks it's work fine Tahar GUEBLI

03:02 AM pfSense Packages Bug #7197 (Feedback): Freeradius ldap authentication failed after update 1.7.5 to 1.7.6

PR has been merged, thanks! Renato Botelho

02:23 PM Revision 23afee66: Remove \n from gettext strings

Renato Botelho

02:12 PM Feature #7204 (Duplicate): Router Advertisements: Option to not advertise default routes

I'm using a pfSense appliance in a temporary role mainly to enable "proper" IPv6 support on our network, though it wi... Daniel Grace

02:00 PM Feature #6753: Interfaces list order not consistent

+1 for making the interfaces list sorted alphabetically by their DESCRIPTION (NAME) defined in /interfaces.php.
T... robi robi

09:13 AM Feature #6753: Interfaces list order not consistent

The interface order on Interfaces > Assignments is significant for HA purposes but otherwise alphabetical tends to be... Jim Pingle

07:07 AM Feature #6753: Interfaces list order not consistent

Can I protest against this change? I upgraded to 2.4 and so far this is the only change that is really causing me a l... → luckman212

01:54 PM Bug #7203 (Resolved): pkg_mgr_installed.php - visually separate the legend

Some users think that it's related to the last package in the list, instead of being a legend.
https://forum.pfse... Kill Bill

01:11 PM pfSense Packages Bug #7192 (Feedback): ACME package cannot update more than one nsupdate type domain

Fixed by https://github.com/pfsense/FreeBSD-ports/commit/73246541879f9256f4241b2a22dc61e6e31e6bd2 Jim Pingle

12:27 PM pfSense Packages Bug #7192 (Assigned): ACME package cannot update more than one nsupdate type domain

I figured out a way to fix this. It's not pretty but the way the client passes data and processes the api commands do... Jim Pingle

12:34 PM Bug #7202: "Warning: sprintf(): Too few arguments in /usr/local/www/classes/Form/Group.class.php on line 65 Call Stack:

I am seeing a similar error on System -> Advanced -> Firewall & NAT
Warning: sprintf(): Too few arguments in /usr/... Dustin Dembeck

09:10 AM Bug #7202: "Warning: sprintf(): Too few arguments in /usr/local/www/classes/Form/Group.class.php on line 65 Call Stack:

Applied in changeset commit:4b329613ee7bb2dc85dd72035709853b83061a58. Anonymous

08:59 AM Bug #7202: "Warning: sprintf(): Too few arguments in /usr/local/www/classes/Form/Group.class.php on line 65 Call Stack:

Thanks. Looks like there are a few embedded '%' that now need to be escaped, and arguments passed as an array in [ ] ... Anonymous

08:35 AM Bug #7202: "Warning: sprintf(): Too few arguments in /usr/local/www/classes/Form/Group.class.php on line 65 Call Stack:

Just double checked it's not my patch. :) Clean snapshot update shows it. Martin Wasley

08:25 AM Bug #7202: "Warning: sprintf(): Too few arguments in /usr/local/www/classes/Form/Group.class.php on line 65 Call Stack:

Posted by one of my testers after patching one of mine for testing, this is what he posted,
Martin if I goto the e... Martin Wasley

08:23 AM Bug #7202 (Feedback): "Warning: sprintf(): Too few arguments in /usr/local/www/classes/Form/Group.class.php on line 65 Call Stack:

Anonymous

08:18 AM Bug #7202: "Warning: sprintf(): Too few arguments in /usr/local/www/classes/Form/Group.class.php on line 65 Call Stack:

I knew there would be some :) Could you attach the call stack or tell me which page you had selected when this occured? Anonymous

08:10 AM Bug #7202 (Resolved): "Warning: sprintf(): Too few arguments in /usr/local/www/classes/Form/Group.class.php on line 65 Call Stack:

Problem with changes to the setHelp function or calls to it. Martin Wasley

10:46 AM Revision 042911d3: Fix #7120: Restore vendor mac address when spoofmac is set to blank

Renato Botelho

10:35 AM Revision 67bc9afc: Simplify logic

Renato Botelho

10:35 AM Revision 77890d7d: Simplify logic

Renato Botelho

09:46 AM Revision bc8eedaa: Really fix #7120 after a bad copy/paste

Renato Botelho

09:03 AM Revision d1fe01d2: Set ntp gps mode for pgrmf even if no other modes are being set.

(cherry picked from commit 821110e8ff76564c23783c554fc89cd9458683ac) Jack Booth

09:03 AM Revision 5476b118: Add to NTP GPS processing of PGRMF sentence

(cherry picked from commit 6924a2bf34a70cd33284a28ca3575f33f9834375) Jack Booth

09:03 AM Revision c126fc79: Merge pull request #3463 from jskyboo/master

Renato Botelho

06:11 AM Bug #7200: Diagnostics> DNS Lookup: external links to DNSstuff use wrong parameter

ok, thanks for checking Lorenzo Milesi

06:07 AM Bug #7200: Diagnostics> DNS Lookup: external links to DNSstuff use wrong parameter

I got onto a production 2.3.2-p1 system and yes, it has that bug.
I expect it was fixed for 2.3.3 and 2.4 onwards by... Phillip Davis

05:48 AM Bug #7200: Diagnostics> DNS Lookup: external links to DNSstuff use wrong parameter

With 2.3.2 whatever hostname I query the urls are appended with _Array_. I'll try to setup a testing VM Lorenzo Milesi

05:38 AM Bug #7200: Diagnostics> DNS Lookup: external links to DNSstuff use wrong parameter

I tried on 2.3.3-DEVELOPMENT and 2.4-BETA and cannot reproduce this. If I put a valid name, then it gives me ip=1.2.3... Phillip Davis

03:47 AM Bug #7200 (Closed): Diagnostics> DNS Lookup: external links to DNSstuff use wrong parameter

The two links gets the _ip=_ parameter, but the generated url have _Array_ instead of the actual queried IP address
... Lorenzo Milesi

04:50 AM Feature #7011 (Feedback): Retain vendor MAC address at power up

Fixed by commit:042911d34ab846e7241deeb9fd6469a1460febcf Renato Botelho

04:10 AM Feature #7201 (New): NTP Support multiple GPS reference clocks

PR https://github.com/pfsense/pfsense/pull/3468 Jack Booth

03:44 AM Bug #7183 (Resolved): Interface Groups can be entered with the same name

Renato Botelho

03:36 AM Bug #7183: Interface Groups can be entered with the same name

In 2.4.0-BETA (arm) built on Thu Feb 02 12:37:50 CST 2017
Validation seems OK now, following description instructio... Malcolm Hussain-Gambles

03:31 AM Revision 430f8fbc: Merge pull request #3466 from phil-davis/sethelp-gettext

Steve Beaver

03:27 AM Revision 314a088a: Remove unneeded sprint and gettext in setHelp

Phil Davis

03:20 AM Bug #7120: Wrong file permissions on /var/tmp and missing sticky bit when using /var as RAM disk

2.4.0-BETA (arm) built on Thu Feb 02 12:37:50 CST 2017
Still not fixed.
Not using RAM disk:
drwxrwxrwt 4 root ... Malcolm Hussain-Gambles

03:11 AM Bug #7128: system_advanced_network.php - fugly IPv6 over IPv4 input field alignment

Can't see any change, but it would look less silly if the input field was below the Tick box Malcolm Hussain-Gambles

02:31 AM Revision 3a710cf9: Build acme pkg

Jim Pingle

02:20 AM Revision 50b9cd38: Provide info on services_checkip.php about what the server must return, and provide two examples of server-side code to return the client address. Fixes #6374

Jim Pingle

02/02/2017

10:48 PM Bug #7185: DHCP6c SIGTERM, SIGKILL

Thank you very much. I am testing these now. I got the binaries scp'd onto the test box. I moved the stock binarie... → luckman212

08:29 AM Bug #7185: DHCP6c SIGTERM, SIGKILL

You cannot patch it Luke, it's an exe. I can send it to you when I am back at my desk. Martin Wasley

08:22 AM Bug #7185: DHCP6c SIGTERM, SIGKILL

Martin, could you provide a link to the PR? → luckman212

10:28 PM Feature #7199 (Resolved): SG-1000 cpsw nics don't support ALTQ

According to this thread and posts from jimp the cpsw NICs in the SG-1000 don't support ALTQ at the moment:
jimp:
... Greg Siemon

08:47 PM Revision 5ea71ebd: Add Spanish and Chinese Simplified to the list of available languages

Renato Botelho

08:46 PM Revision 5b780770: Create .mo files for zh_Hans_CN and es

Renato Botelho

08:44 PM Revision 95748672: Update translations from Zanata

Renato Botelho

08:38 PM Revision 10e6f9ea: Regenerate pot

Renato Botelho

08:32 PM Revision 6ca93df3: Retain vendor MAC address for all interfaces during boot. Ticket #7011

Renato Botelho

08:32 PM Revision b17d47b6: Allow to build variant ISO image as done for memstick

Renato Botelho

08:31 PM Revision 40c875d3: Allow to build variant ISO image as done for memstick

Renato Botelho

07:48 PM Feature #6374: Provide sample server-side logic to report peer's IP address for use with DDNS

There may potentially be a need to prevent caching too. Even if pfSense doesn't cache it, there could be CDN's such ... NOYB NOYB

12:30 PM Feature #6374 (Feedback): Provide sample server-side logic to report peer's IP address for use with DDNS

Applied in changeset commit:186c7a6ca49af0d848c1082bfd7f6d9f0cde7046. Jim Pingle

06:36 PM pfSense Packages Bug #7197: Freeradius ldap authentication failed after update 1.7.5 to 1.7.6

Given the impressive number of details provided, my crystal ball says that - out of the ~4500 lines of code changed i... Kill Bill

12:57 PM pfSense Packages Bug #7197 (Resolved): Freeradius ldap authentication failed after update 1.7.5 to 1.7.6

Hi
After updating freeradius package from 1.7.4 to 1.7.5 version, it's failed to authenticate via Ldap.
My Con... Tahar GUEBLI

06:20 PM Revision 186c7a6c: Provide info on services_checkip.php about what the server must return, and provide two examples of server-side code to return the client address. Fixes #6374

Jim Pingle

05:13 PM Revision d2a2f018: Remove unneeded sprintf from setHelp calls

Steve Beaver

04:56 PM Revision a9a7de59: COnvert the setHelp method(s) to accept conventioanl printf style argument lists. e.g.: setHelp("%d interfaces have been detected", $numIfs);

Steve Beaver

02:28 PM Feature #7011: Retain vendor MAC address at power up

I'll take it Renato Botelho

02:21 PM Bug #7198 (Resolved): nginx-error.log is not circular and can fill filesystem

Unlike almost all of the other log files contained in @/var/log@, nginx-error.log is not circular. Because it grows ... Brett Keller

01:14 PM Revision 718b3b0b: System Information Widget Filter

Phil Davis

11:33 AM Feature #7196 (Resolved): setHelp method should use more conventiol argument syntax

Anonymous

11:33 AM Feature #7196 (Resolved): setHelp method should use more conventiol argument syntax

The setHelp methods currently use an array to pass position arguments to sprintf. This has caused people to employ sp... Anonymous

11:05 AM Bug #7163: IGMP Proxy does not valid inputs

In the config for igmpproxy, Network populates altnet and has to be in subnet format. Since the GUI has a drop-down f... Jim Pingle

10:43 AM Bug #7195 (New): pkg_edit.php - <checkenablefields> tag has no effect on fields other than checkbox/input

When messing with another piece of JS for Squid, I figured out that I'd rather not be missing with it. :P So, it woul... Kill Bill

09:59 AM Bug #7194 (Rejected): CARP/IP Aliases under same subnet not synced correctly

I can't reproduce this on a current 2.4 snapshot. Additional addresses fail over all at once as expected. Jim Pingle

09:34 AM Bug #7194 (Rejected): CARP/IP Aliases under same subnet not synced correctly

If you set a CARP VIP e.g. an address on the WAN subnet xxx.xxx.xxx.xx1/28. Then set another address, be it another C... James Webb

09:03 AM Revision 821110e8: Set ntp gps mode for pgrmf even if no other modes are being set.

Jack Booth

08:41 AM Revision 6924a2bf: Add to NTP GPS processing of PGRMF sentence

Jack Booth

07:35 AM Feature #7182: Break up System Widget on the Dashboard

It has come up before, at least on the forum, but I don't see an existing ticket for it yet. I agree it would be nic... Jim Pingle

07:29 AM Feature #7182: Break up System Widget on the Dashboard

And I have a feeling that breaking up the System Information widget has been discussed before, so there may be anothe... Phillip Davis

07:24 AM Feature #7182: Break up System Widget on the Dashboard

PR https://github.com/pfsense/pfsense/pull/3465 provides a first part of addressing this. It allows the user to choos... Phillip Davis

04:52 AM Bug #5993: dhcp6c not started until an RA received

It's not his modem, he's getting a prefix, all is well there. Just looked at the video. Let me think on it...
Go... Martin Wasley

02:45 AM Feature #7193: NTP process PGRMF

PR https://github.com/pfsense/pfsense/pull/3463 Jack Booth

02:42 AM Feature #7193 (Resolved): NTP process PGRMF

The Garmin only NMEA sentence PGRMF can be used by NTP as the time sync. Unlike the other NMEA sentences PGRMF includ... Jack Booth

01:16 AM Bug #7166: During bandwidth test 4860 with 2.4 got Fatal trap 12: page fault while in kernel mode

Constantine Kormashev wrote:
> I noticed with new firmware SG4860 uses CPU resources *on 25% more* than on previous ... Constantine Kormashev

12:55 AM Bug #7166: During bandwidth test 4860 with 2.4 got Fatal trap 12: page fault while in kernel mode

I noticed with new firmware SG4860 uses CPU resources *on 25% more* than on previous version.
Now it is 185% CPU IDL... Constantine Kormashev