Activity
From 05/10/2017 to 06/08/2017
06/08/2017
-
08:12 PM Bug #7605: State Killing on Gateway Success
Another doubt about the same feature. On a multi-wan environment, is it possible to kill the states just of the fai...-
06:48 PM pfSense Packages Bug #7617: OpenBGP not restarting on new WAN IP or firewall reload
- I need to withdraw this report, assuming my assessment below is correct. Apologies for any effort wasted on this.
... -
04:44 PM Bug #4310: Limiters + HA results in hangs on secondary
- Has this had any development recently?
This is the primary reason I can't use limiters in my HA setup, and the ass... -
03:21 PM pfSense Packages Bug #7632: CVE-2016-2107 in OpenSSL
- Are you certain that your pfSense installation is current? We ran that same test against a 2.3.4 system with HAProxy ...
-
02:45 PM pfSense Packages Bug #7632: CVE-2016-2107 in OpenSSL
- Sorry, I follow what you are saying now!
The SSLLabs test still says that we are vulnerable when we test the site.... -
- We have 2.3.4 in use, hosting a website with HAProxy TLS offload. SSLLabs confirms that it is vulnerable to Oracle P...
-
- FreeBSD patches OpenSSL in its own way, relying on the version number is not accurate to determine vulnerabilities.
... -
- pfSense 2.3.4 uses OpenSSL 1.0.1s which is vulnerable to CVE-2016-2107 Oracle Padding attack. HAProxy TLS terminatio...
-
01:10 PM Bug #7629: FreeBSD PR affecting pfsense
- An update, I pulled the Freebsd-src from the repo and have actually now compiled the kernel patched and have it runni...
-
- another one and again turnstile_broadcast
db:0:kdb.enter.default> bt
Tracing pid 65385 tid 100750 td 0xfffff8001...
06/07/2017
-
10:28 PM Bug #7604: Bug #6594 is not resolved: Waiting for Internet connection to update pkg metadata and finish package reinstallation
- Just happened to me as well. Brand new SG-2440 from Netgate with 2.3.4 pre-installed. I restored a config from the ol...
-
09:37 PM pfSense Packages Feature #7631: Please allow static IPs be assigned from the DHCP range
- For future readers:
And if you have a bit of address space that you want to use for static IPs in the middle of the ... -
- Read the link, it's all explained there.
-
02:21 PM pfSense Packages Feature #7631: Please allow static IPs be assigned from the DHCP range
- why in the would all other vendors allow this and no pfSense?
-
- https://doc.pfsense.org/index.php/Why_can't_I_have_static_mappings_inside_my_DHCP_range
-
- Currently if a client was selected from the Leases table and a user wants to make an IP static pfSense forces it to b...
-
11:23 AM pfSense Packages Bug #7630 (Needs Patch): UEFI Booting
- When trying to boot using UEFI mode, installer hangs at 'Consoles: EFI Consoles'
Using Dell Optiplex 7010 or 9010 ... -
- PR was merged
-
09:47 AM Bug #6594: Package reinstallation post-config restore hangs if no Internet connectivity
- I opened a new ticket for that problem, as the old one (this one) is closed
https://redmine.pfsense.org/issues/7604
... -
- Just happened to me as well. Brand new SG-2440 from Netgate with 2.3.4 pre-installed. I restored a config from the ol...
06/06/2017
-
- Affected version is 2.4 built on Wed Mar 15 18:17:17 CDT 2017
FreeBSD 11.0-RELEASE-p8 -
- IS it possible to test the patch on a build of PFSense 2.4 which I am willing to test.
The patch is here
https:... -
- Assigned openvpn interfaces do not work that way. You do not set an IP address on the interface like that, and they d...
-
09:55 AM Bug #7628 (Not a Bug): The IP address must lie in the LAN subnet
- Hello,
I found this was a problem one year ago:
https://redmine.pfsense.org/issues/5651
It however turns out... -
- Please post on the forum or mailing list to discuss configuration issues. There is no bug here.
You can define mul... -
07:28 AM Bug #7627 (Rejected): SG-1000 pfSense 2.4.0-BETA: Unbound domain overides with multiple DNS
- Unbound domain overrides configuration does not allow multiple IP.
06/05/2017
-
11:39 PM Bug #6340: fsck hangs boot in background, fails to produce any action, resulting in broken firewall
- I just wanted to add the following, as this was one of the #1 reasons I was nervous about using PFSense.
Before t... -
10:50 PM Feature #7626 (New): Add IPoE support for WAN
- Many ISPs are moving away from PPPoE to IPoE for WAN connectivity. Please add IPoE native support for WAN connections.
-
01:08 PM Bug #7601: Dynamic DNS - Hostname should not be required for DNS-O-Matic
- Please see the attached trivial patch to make the hostname optional for DNS-O-Matic.
-
11:32 AM Bug #7625 (Resolved): When creating IPv6 firewall rule for single host, netmask improperly displays
- When creating a firewall rule (I tested with a pass rule on WAN):
Address Family: IPv6
Source: Single Host or ali... -
- Applied in changeset commit:de147d3d614c877df2022d85d37256a93047764c.
-
- In some cases, packages can still end up with an empty @<config></config>@ or @<config/>@ tag which leads to problems...
-
- The validation for L2TP user account passwords is the same as it has been since pfSense 2.0 when it was first added. ...
-
- I can't seem to reproduce this as stated. I have a system with a GIF tunnel and I can disable/enable its WAN (it's a ...
-
- Maybe your user already has the privilege?
It's there on a normal install. It has to be specific to your installat... -
- Agreed. DHCP is not broken, at least in general. Post on the forum or mailing list for assistance.
If there is som...
06/03/2017
-
10:55 AM Feature #7321: DynDNS - Add DreamHost DNS support
- Any progress on this? I'd love to use it. Looking at the possibility of combining this with the acme and haproxy pack...
-
09:51 AM Feature #7623 (Resolved): Allow L2TP user passwords to contain special characters
- In older versions of pfSense, special characters (!@#$%^& etc) where allowed in passwords.
Since a while back this... -
07:31 AM Bug #7622 (Resolved): Don't include disabled ipsec phase2 entries on pf table vpn_networks
- PF Table vpn_networks is populated with disabled Phase 2 entries.
This may lead to underperformance if
(a) You ha...
06/02/2017
-
02:04 PM pfSense Packages Feature #7621: OpenVPN Client Export name whens is a windows installer have the same name its a bit confused
- Fixing the sentence:
So, will be like that for Windows Vista, 64 bits: pfSense-udp-1194-prolinx-x64-win6-install.exe -
- When you export a OpenVpn files it's not possible distinguished by the name file between win6, x86, x64, xp, etc.
... -
12:52 PM Bug #7620 (Resolved): State table cannot be displayed because lack of PHP memory
- Please see [[https://forum.pfsense.org/index.php?topic=130797.0]]
@
Crash report begins. Anonymous machine infor...
06/01/2017
-
06:19 PM Bug #7606: Using limiters and VLANs on Supermicro Xeon D boards crashes with kernel panic
- I was able to capture the very beginning of the crash, see pic
-
- I dont think I can provide a crash dump without swap on my build but here are some screencaps of the console once the...
-
12:27 PM Bug #7619 (Closed): Enable Enhanced networking on AWS
- https://svnweb.freebsd.org/base?view=revision&revision=293739
https://aws.amazon.com/ec2/instance-types/#enhanced_... -
12:05 PM pfSense Packages Bug #7524: Squid MITM/SSL-Bump broken with Chrome due to missing SAN in generated certificates
- Looks like the Squid developers are getting ready to push v3.5.26, which appears to have a fix for bug 4711:
http:... -
09:32 AM pfSense Packages Bug #7524: Squid MITM/SSL-Bump broken with Chrome due to missing SAN in generated certificates
- Patricio Stegmann wrote:
> I can confirm the bug in pfSense 2.3.4 and the fix on squid issue tracker at http://bugs.... -
08:12 AM Feature #7618 (Resolved): Add support for user-supplied Host-Uniq tag and handle PADM messages in Netgraph PPPoE
- Hi,
can this patch already working be added to pfSense to enable it to deal with custom Host-Uniq tags?
A new input...
05/31/2017
-
- Attaching some system and routing logs.
-
- A symptom of this is that a table maintained by OpenBGP is not updated after a WAN IP change or firewall reload.
S... -
- OpenBGP does not reload/restart with other packages when the WAN IP changes or the firewall rules are reloaded.
... -
04:49 PM Bug #7600: Unable to save DNS Resolver settings
- There is validation of DNSBL after each feed is downloaded and parsed.
If you add the include line in /var/unbound/u... -
04:19 PM Bug #7600: Unable to save DNS Resolver settings
- I can reproduce the issue. Load up an assload (technical term) of lists in the pfBlockerNG plugin in the DNSBL Feeds ...
-
02:53 PM Bug #7116: a floating 'match' rule on LAN does not put traffic from a broswer on a clientpc into a shaper queue
- Suffering same, any plans this would get fixed soon because converting rules to a pass isn't feasible in my situation...
-
01:49 PM pfSense Packages Bug #7278: Suricata Service - Advanced Configuration Pass-Through not working
- Hi all,
i just run into this bug as i was testing configs for an other feature i'm currently developing for suric... -
01:26 PM Bug #7611: Diagnostics/Routes ipv6 ( netstat ), causes kernel panic
- For easiest reproduction ive found the following settings:
Gif interface with parent:wan ,gifremote: 4.4.4.4 ,gift...
05/30/2017
-
09:47 PM Bug #7615: User / Group Privileges for the "Status: Monitoring" page.
- Well this is interesting.. The file /etc/inc/priv/pfSense-Status_Monitoring.priv.inc is there, but it doesn't show up...
-
- It is there in the list for me, and works when I give it to a user.
Status monitoring is provided in pfSense like a ... -
- I'm not sure if this is a bug or if it needs to be a feature request. I'm was just attempting to make a new pfsense u...
-
07:14 PM pfSense Packages Bug #7616 (Closed): Barnyard2 webui configuration updates result in ****** written to the config for the password
- Any changes to the barnyard configuration page requires that you update the password as well, otherwise ****** is wri...
-
03:31 PM Bug #5413: Reduce disruptions when changing DNS records from DHCP leases in Unbound
- Sadly, I've faced the same problem with Unbound. This issue forced me to use RAM disks. I hope there will be a fix in...
-
06:42 AM
Bug #5413: Reduce disruptions when changing DNS records from DHCP leases in Unbound
- Hi all
I'm facing same issue on our pfSense boxes.
We're using unbound and configured dhcp server to update unb... -
11:23 AM Bug #7614 (Resolved): Port forwards where the destination is a network alias can create invalid refection rules if multiple subnets are in that alias.
- For example if the chosen destination is 'WAN net' and there is a VIP on the WAN in the different subnet.
NAT refl... -
05:32 AM pfSense Packages Bug #7613: quagga not starting after upgrade - initial boot
- forgot to mention that quagga is mainly used to supply routes over openvpn site2site tunnels
-
- initial boot after upgrade:
* quagga not started, it is upgraded/installed
* service can be started manually by GU...
05/29/2017
-
- DHCP is not broken in 2.4. There must be another issue in play. Please take this to the forum and post specifics ther...
-
09:46 PM Bug #7612 (Rejected): No internet access through DHCP unless using static assigned address
- Currently running 2.4.0-BETA (amd64) built on Mon May 29 17:12:34 CDT 2017
This issue has persisted since updatin... -
- Diagnostics/Routes ipv6 ( netstat ), causes kernel panic
Several crashdumps uploaded past few hours.. (my ip ends ... -
05:50 PM pfSense Packages Bug #7610: Squid use all memory ram.
- I did the update to pfsense 2.3.4 with new verion of squid, but still have the problem, memory used by squid only gro...
-
- I am using Pfsense version
2.3.3-RELEASE (amd64)
built on Thu Feb 16 06:59:53 CST 2017
FreeBSD 10.3-RELEASE-p... -
- We have this forum https://forum.pfsense.org/index.php?topic=126309.0, and i have the same version of the problem on ...
-
09:35 AM Bug #7609 (Resolved): NTP Status not parsing all NTP Access Restrictions preventing status display when it is actually allowed
- Status/NTP displays "Statistics unavailable because ntpq and ntpdc queries are disabled in the NTP service settings",...
05/28/2017
-
02:16 PM Feature #7383: system_certmanager.php?act=new: Add new select option to sign a CSR
- Build 2.4.0.b.20170527.2111
External generated CSR failed with
The following input errors were detected:
•This s... -
- It is up to the RADIUS server/database to count traffic and decide when to cut the user off, not Captive Portal. Capt...
-
01:47 AM pfSense Packages Feature #7608 (New): Captive Portal amount of traffic Account + Free Radius+Mysql
limitation on amount of traffic does not work when used CP and Free Radiusand and Mysql to gether
It seams...
05/27/2017
-
07:05 PM Bug #7607: Chelsio T4/T5 CXGBE drivers not loaded as ALTq capable in the PfSense UI
- Also tested on 2.3.4 non-functional
-
- ( Please reference https://redmine.pfsense.org/issues/6830 ) Information below duplicated from this ticket. Testing e...
-
- Using Chelsio T4 on;
2.4.0-BETA (amd64)
built on Fri May 26 19:15:04 CDT 2017
FreeBSD 11.0-RELEASE-p10
This ...
05/26/2017
-
07:03 PM pfSense Packages Bug #7555: Snort settings show translation metadata when creating a new interface that is not yet defined
- Jim Pingle wrote:
> You might consider changing "None" to "New Interface" or something like that as otherwise the ta... -
- You might consider changing "None" to "New Interface" or something like that as otherwise the tab names could be conf...
-
- This is working in the current package. Thanks!
-
01:57 PM Bug #7606: Using limiters and VLANs on Supermicro Xeon D boards crashes with kernel panic
- Installed:
pfSense-CE-2.4.0-BETA-amd64-20170526-0955.iso
Installed on 500GB hard drive. Swap exists.
Proble... -
- Sorry not sure if this is right place for this but this issue seems almost identical to what I am experiencing on 2.4...
-
- Please test against a 2.4 snapshot. Attach crash dump data here as well, as the report has very little use without it...
-
- Confirmed on three different Supermicro Xeon D boards, 1508/1518/1521. With the similarities between these boards t...
-
07:17 AM Bug #7605 (Duplicate): State Killing on Gateway Success
- Hi,
We have the option that the firewall can kill states on gateway failure. This is great in multi-wan environnem... -
04:23 AM Feature #7598: Static IPv6 using IPv4 PPPoE as parent interface
- OK, here's a patch to try. The patch is against today's snapshot.
You'll have a new option when selecting a v6 sta... -
- I reference Bug #6594 - https://redmine.pfsense.org/issues/6594#change-32802
I left a comment there, but the bug i...
05/25/2017
-
- This is fixed in Snort GUI package version 3.2.9.3. The value is checked, and if NULL, the string "None" is substitu...
-
- Duplicate of #3924
-
- Duplicate of #3924
-
- suppose u have a firewall rule with up and down limiters set, then when u goto edit the limiter name, the rule looses...
-
- I'll post here when I have patches to test. Next week sometime, I have to do some real work for a few days. :)
-
01:12 AM Feature #7602 (New): Auto-Create bootable USB for recovery
- Option to insert a blank USB drive, and create a bootable recovery image on the device.
Possible options to save i... -
- Background: DNS-O-Matic allows updates to be sent without a hostname or service specified, in which case all services...
05/24/2017
-
- I can't replicate this as stated. There must be some missing detail to reliably replicate it. Please discuss it furth...
-
01:23 AM Feature #7598: Static IPv6 using IPv4 PPPoE as parent interface
- Pretty please :)
I have the same dpinger problem :)
05/23/2017
-
-
06:58 PM Bug #7552: IPFW crashes on load or unload of modules
- Please close this, seems I made a mistake on how to employ our version of Captive portal, and thought the kldunload o...
-
- https://forum.pfsense.org/index.php?topic=118226.15
I was about to respond to this, currently happening on a 2.3.4... -
02:10 PM Bug #7599 (Closed): System->Update unavailable in WebGUI after connection failure during update
- Using the WebGUI to update pfsense from 2.3.3_1 to 2.3.4.
During the update process (downloading packages) the netwo... -
11:56 AM Bug #7501 (Feedback): Interfaces statistics widget GUI + JSON (2 issues)
- PR has been merged, thanks!
-
- A strange requirement has come up. When selecting to use Static IPV6 it's not possible to specify using the PPPoE int...
-
09:46 AM Feature #4821: PPPoE WANs do not take full advantage of NIC driver queues for receiving traffic
- I'm using the nightly builds (2.4.0.b.20170522.1522 as of right now). I also use gigabit fiber over PPPoE, so I'm ha...
-
- This bug is old, and resolved. It works perfectly, and I use it every day. If you have an issue it is different than ...
-
- This is not a support system. For help, please post on the forum, mailing list, or use another support method.
05/22/2017
-
11:33 PM pfSense Packages Bug #7595: suricata custom SID Mgmt configuration missing after full system restore
- Appreciate the response, Bill.
It would be good to have an API where packages can mark files/directories for backu... -
- This is admittedly not optimal, but it is by design (by default). This is because all of the firewall configuration ...
-
- I have added this bug report to my list of TODO bug fixes for the next Suricata update.
Bill -
09:04 PM pfSense Packages Bug #7524: Squid MITM/SSL-Bump broken with Chrome due to missing SAN in generated certificates
- Kill Bill wrote:
> Upstream bug: http://bugs.squid-cache.org/show_bug.cgi?id=4711
>
> Also, there were multiple o... -
- Applied in changeset commit:d80812af5dafe616e7ea33b3a7ea12413c87bdf4.
-
-
- The mobile provider list is pulled from the FreeBSD port net/mobile-broadband-provider-info/ which in turn gets the l...
-
- Applied in changeset commit:bc07c19263afbb43b4e1f8a3ad318a0d6e7ff6fb.
-
-
- The fix in the PR Looks good to me.
-
- Applied in changeset commit:2c1a08a8a30bb4cd0476af5b45ea25ba0a859af4.
-
-
- Applied in changeset commit:8abe82728750782f4adebf8d4336570402a5583d.
-
-
- Applied in changeset commit:fc1913fef29fbc7f90e8e2fe9374b761411f09ae.
-
- It will not show anything meaningful unless the firewall has a CA with which it can create/sign user certificates.
... -
- Applied in changeset commit:ec0736af255a8c2b3f158156ef00845ca3c6c4d9.
-
-
- There isn't enough room in the column headers to label our internal version number "pfSense pkg version" without badl...
-
- You can also filter for a subnet and kill by that, but it also shows no states. It may not be intuitive, but it's a v...
-
- Applied in changeset commit:c07a2b866b0d7b9b4fa8a2899e4a20562f9f2f24.
-
-
- Applied in changeset commit:9cf0609b8b8c8f3104326d883f3d0fac9359a896.
-
- FYI- The man page is wrong on this, then. It appears we originally included it since the man page listed it among the...
-
-
- Already has a fix merged on 2.4 so the buttons use the new settings:
https://github.com/pfsense/pfsense/pull/3691 -
- I'm not certain there is a good way to do this in a way that wouldn't break other, valid behavior. Working with sysct...
-
- Applied in changeset commit:7120ef411c122e67f6585be13fb89daa9df9a152.
-
-
- How did you skip creating a certificate? I can't reproduce this error message or condition.
Need more precise inst... -
- Applied in changeset commit:919a0f4a4b8ec00693811d3bfb8cdbc05802da30.
-
- Looks like we can remove it since it's been forced on for clients for some time now (~3 years).
-
- Applied in changeset commit:473f7ec48f7510a60ade574ef32b09f4abaa6b9a.
-
-
- Yes, it works. route-noexec in OpenVPN tells it not to run the Operating System executable to install routes (e.g. /s...
-
- It's not that cut and dried.
Point-to-Point modes still use "IP1 IP2" style, which includes Shared Key, SSL/TLS wi... -
- That's a quirk of how the shortcut system works. The "related settings" link is filled in to the "main" page for a se...
-
- Applied in changeset commit:39fed386534d3e7dc6fc248cc6cdf831cf422000.
-
- Server shouldn't allow 0, but for clients, 0 is the same as blank/empty so that's OK. Needs to reflect the proper ran...
-
- Applied in changeset commit:bc3669e4e88cb75eb987ee073a5360f4a69b10b1.
-
- The setting isn't required, the backend behavior is determined by the mode now. Safe to remove.
-
- Applied in changeset commit:d44942d3477c609e37794dc31c36fcd5c4435fbb.
-
- Indeed, in "the olden days" we had to run OpenVPN Manager on a Windows client so that unpriv users could use it to st...
-
- It was a part of the OpenVPN Client Export package that was used with the OpenVPNManager add-on. That add-on has been...
-
- On 2.4 the GUI only shows options for files that exist. Click the "i" on the text for the setting and follow the link...
-
- Applied in changeset commit:0116009a07f7f0f8c25e4306485102b5432676f4.
-
-
- Applied in changeset commit:5de4b0463871c9077850ab81ea506d5d5a892439.
-
-
- Applied in changeset commit:11a3e413225b3719c6424b74ed7103f91852ac62.
-
-
- Applied in changeset commit:45b5afa4f4dd978ed9adbd1c0673bca5c861d8b5.
-
-
04:21 AM Bug #7597 (Duplicate): DynDNS fail to update after connection lose
Hi,
i experienced some problem with DynDNS update.
When the gateway is down (connection lost) and then come b...
05/21/2017
-
08:22 PM Feature #7596 (Rejected): Ting Config
- When setting up a PPP, it would be great to get Ting as an option for a provider. Thanks.
-
- Ran into this issue today building a new 2.4 snapshot machine.
Is there any reason that /var/unbound/conf.d isn't ... -
- Sorry, should have filed this under pfSense-Packages.
-
- Decided to try 2.4 today. I first tried building a new ZFS VM and attempted to restore my config to a clean system. ...
-
- Decided to try 2.4 today so I upgraded a clone of my 2.3.5 snapshot firewall. The upgrade went reasonably well, exce...
-
01:14 PM Feature #7593 (Rejected): Enable FreeBSD 11 pvclock module in 2.4 builds
- FreeBSD brings the pvclock module. According to https://lists.freebsd.org/pipermail/freebsd-arch/2015-January/016587....
-
10:06 AM Bug #7592: SG-1000: Unbound not always restarting properly after changes in /etc/hosts
- I just noticed I overlooked a part after rewording the issue:
"Those cases" on line 2 refers to the successfull on... -
- I'm observing an issue on my SG-1000 (came preloaded with 2.4b, currently running v. 2.4.0.b.20170430.0444) which cau...
05/20/2017
-
- PR https://github.com/pfsense/pfsense/pull/3735
-
04:10 PM Bug #7584 (Resolved): privileges abuse with page-diagnostics-dns
- my user has
page-diagnostics-dns privilege which provides DNS lookups
but also allowed the user to create an alias
... -
- I ended up describing this two ways. It now doesn't accept it (per 0ee22f364ca62b8305ff36447954dacdbc3c3cce)
but pl... -
- services_captiveportal.php
If don't select radio button for "Authentication method" it stays empty
so no authentica... -
- diag_edit.php
if you are browsing directory hiererchy, and enter a filename
and click save, it will write a zero by... -
- diag_edit.php will give warning "Loading a directory is not supported."
but after clicking Browse and getting a dire... -
- services_dyndns_edit "Verify SSL peer" checkbox
doesn't show its corresponding form label. It is set to "null".
(So... -
- system_groupmanager_addprivs.php
feature request.
Please sort the list of privileges in the form
like is done in t... -
- feature request: system_usermanager_addprivs.php
should say what user and fullname is having the privileges added to... -
- system_usermanager.php
The checkbox for showcert "Click to create a user certificate"
when adding a new user does n... -
- pkg_mgr.php
The table shows Version for the package then
the dependencies show same package name with different ver... -
- diag_dump_states.php
enter a non-existent but valid IP address and will get a Kill States
button but no states list... -
- /etc/pfSense.obsoletedfiles
has wrong path for diag_system_pftop.php
(missing www)
see 1af5edbf04e0e3bbbc55981f6fc... -
- diag_pftop.php should not have sort options choices of Peak
and Rate since only useful
if have cached information ... -
- diag_pftop.php has "Size" for sorttype which is not a order type
known by pftop. (sort_size_callback in pftop is "By... -
03:35 PM pfSense Packages Bug #7578 (Resolved): Suricata -- Removing Hosts from Block Table via Alerts
- Hi there,
I am running the pfSense 2.4 beta with Suricata 3.2.1_1.
I have noticed that when clicking the leftmo... -
- system_advanced_notifications.php has a button to test
growl, but no indication locally (in the GUI) if use... -
- system_advanced_sysctl.php allows adding a tunable with
a bogus name (like a space in it or doesn't exist) or bogus ... -
- vpn_openvpn_client.php
Does the route_no_exec feature for "Don't add/remove routes"
even work? I don't see any use ... -
/etc/inc/openvpn.inc
The openvpn manual says:
Note: Using - -topology subnet changes the interpretation of ...-
- vpn_openvpn_client.php
text for Tunnel Networks says "The second network address will be assigned".
It uses openvpn... -
- vpn_openvpn_client.php and /etc/inc/openvpn.inc
Has checkbox to enable "Infinitely resolve server"
but the resolv-r... -
- vpn_openvpn_client.php has Related settings shortcut to
vpn_openvpn_server.php
but that is misleading and for norm... -
- openvpn_wizard.xml
skipped creating a cert and when finished it took me back to
select or add a certificate. After... -
- wizards/openvpn_wizard.xml
This is a wizards behavior which can cause confusion or mistake.
A wizard saves its set... -
- vpn_openvpn_server.php
configures client_mgmt_port
but as far as I can tell this number is not used
and the manage... -
- vpn_openvpn_server.php
Address Pool
sets pool_enable.
I don't see any code that uses it, like not in /etc/inc/open... -
- /etc/inc/openvpn.inc
used vpn_openvpn_server.php to set dh_length
but only three /etc/dh-parameters.NUM files are a... -
- openvpn_validate_port() has:
if (empty($value ...
so when passing zero to it complains
(because empty(0) is FAL... -
- The logging shortcuts for vpn_l2tp.php and vpn_l2tp_users.php
and vpn_l2tp_users_edit.php all go to same:
status_lo... -
- vpn_l2tp_users.php
Suggestion: consider allowing IP/Subnet for the user.
mtp supports this for restricting to a ran... -
- in vpn_l2tp.php
Remote address range remoteip is required even if
RADIUS issued IPs radiusissueips is set.
Per v... -
- vpn_l2tp.php says when RADIUS is set "The local user database will
not be used."
and vpn_l2tp_users.php also shows:... -
- vpn_l2tp.php
recommend confirming that DNS servers l2tp_dns1 and l2tp_dns2
are IP addresses. Check this right in vp... -
- vpn_l2tp_configure in /etc/inc/vpn.inc
can use $l2tpcfg['wins'] for NetBIOS name server (NBNS) information
but that... -
- vpn_l2tp_configure in /etc/inc/vpn.inc
has killbypid and sleep(8) even if starting it for first time.
I suggest it ... -
- Hello everybody.
I'm at a customer site today with several branch offices. I sit at the head quarter and prepare thr...
05/19/2017
-
08:00 AM Bug #7400: Traffic Graphs show bad data on 2.3.3_1
- Yhea, the scale can confuse. 2.4 have same same results. I need see on my interfaces Bandwidth on Mb/s . This can be...
-
12:48 AM Bug #7557: Unbound (DNS Resolver) Domain Overrides need "." at the end to work
- It didn't work for me otherwise.
I want (or more correctly need) to forward DNS-Queries about my local domain to my ...
05/18/2017
-
04:53 PM Bug #6099: igmpproxy does not recognize upstream interface
- Rai Wol wrote:
> Can someone confirm its working in 2.4?
>
> Doesn't stop after 3-4 min?
igmproxy_all.zip mad... -
- Working fine on the latest 2.3.x snapshots as well. Closing.
-
- No they don't. (Plus, .local is not valid use case in the first place, reserved for mDNS.)
-
- Adding domain overrides in unbound requires the format "company.local.", DNS Forwarder works with "company.local".
A... -
- Duplicate of #3473
05/17/2017
-
11:49 PM Feature #7556 (Duplicate): Adding keepalive fields to OpenVPN config rather than forcing defaults
- "keepalive 10 60" is currently hardcoded into the OpenVPN configs. This simply adds configuration prompts to allow t...
-
- Scale of the graph is in MB/s while on the hosts bandwidth it shows in Mb/s. This accounts for a factor 8 difference....
-
- It's a configuration issue, not a bug. Should have been closed sooner. This isn't a support system.
-
04:05 PM Bug #6642: Cant access certain IP's
- Is the issue resolved or why is it closed?
-
-
- Not a firewall issue: http://cloud.wnb.dk/3r410y2N0D3f
-
- A few places in snort call @gettext("{$if_friendly}")@ but that ends up showing translation metadata when it is a new...
-
- Pullrequest send: https://github.com/pfsense/pfsense/pull/3730
-
06:33 AM Feature #7554 (Resolved): Sort list of Virtual-IPs
- If you have a large number of Virtual IPs (VIPs) its very hard to keep track of them. A sort feature would be a great...
-
- This does appear to be the case on 2.3.x and 2.4.x. It used to work, not sure when it stopped.
That said we always... -
03:32 AM Bug #7553 (Resolved): Captive portal on a parent interface blocks traffic on VLAN interfaces too
- Using PfSense 2.3.4, I enabled a captive portal on interface em2. Then, as I needed another interface, I added a tagg...
-
- Applied in changeset commit:576cbe26c184734e93f59320d43aeb2e510c9804.
-
- As far as I've been able to tell, it appears that syslogd will not stay running in the background as a daemon when it...
-
- Seems much better. Reinstalled haproxy a couple of times and syslogd keeps logging. Still wondering what's the real b...
-
- This was merged a while ago and works well, now also merged back to RELENG_2_3 and RELENG_2_3_4
-
- +1! That would be great!
-
01:32 AM pfSense Packages Bug #6736: Snort fails to start after upgrade to 2.3.2-RELEASE
- 2.3.4-RELEASE (amd64)
built on Wed May 03 15:13:29 CDT 2017
FreeBSD 10.3-RELEASE-p19
snort security 3.2.9.2_1...
05/16/2017
-
04:04 PM pfSense Packages Feature #7535: Snort messages filling System / General. Should have its own log.
- As far as I know, anything pertaining to logging is set to the default. It is set to send alerts to the system log. F...
-
- Do you have it configured to log alerts to the system log? Otherwise, it does not put too much info into the system ...
-
- Oi, you're right.
-
- Jim Pingle wrote:
> Nowhere in the pfSense source does it ever kldunload ipfw.ko or dummynet.ko.
>
> Is there a w... -
-
- Nowhere in the pfSense source does it ever kldunload ipfw.ko or dummynet.ko.
Is there a way to replicate this usin... -
- https://customercare.netgate.com/requests/show/index/id/20338
Complete kernel crash on Netgate branded servers. ... -
- On the latest 2.4 snapshot I can install and uninstall tinc and haproxy and syslogd never dies, and it appears to rel...
-
- IPsec endpoint using FQDN as remote IPsec endpoint does not add rules for that endpoint after a single WAN down/up ev...
-
12:37 PM Todo #7546: d3pie version update
- can this be reverted on master too??
-
- MySQL server should be run on a separate server or virtualized. This is a firewall, not a database server.
-
,as you Know , MySQL is important for Managing of Users
, lack of Mysql make , users have many problem
on free...
05/15/2017
-
- With commit:3a0df77eebf27d027d512a61dcbf80adefd630c4 I can now install/remove haproxy and tinc without affecting sysl...
-
- Erm, guys, this is super-annoying. Lost logging on many boxes on recent HAproxy updates without realizing what happen...
-
- Applied in changeset commit:ae764da6ef91f0e9f440d423dfbdb72f44b33276.
-
- Unbound has optional Python support, which is not currently enabled. Enabling this option will allow packages such as...
-
12:11 PM Bug #6400: assign_interfaces.php issues with large numbers of interfaces
- I'm having the same issue with about 230 VLAN interfaces on 2.3.3.
Assign_Interfaces.php ist not usable and all conf... -
- Thanks for testing!
-
- we were already using those params as advanced settings till date and now that it appears in GUI it works well, can b...
-
- Thanks as well. :)
-
- PR has been merged, thanks!
-
- Can someone kindly review the PR before it's again too late even for 2.4?
-
- PR has been merged, thanks!
05/14/2017
-
10:22 AM
Todo #7546: d3pie version update
- Reverted
-
- Seems the compatibility check failed.
https://forum.pfsense.org/index.php?topic=130533.0... -
-
- works fine now, this can be closed
-
-
- new snap has upgraded openvpn now and works well, this can be closed
-
- PR https://github.com/pfsense/FreeBSD-ports/pull/355
Has a full refactoring of the code first, then adding this feat...
05/13/2017
-
- PR https://github.com/pfsense/FreeBSD-ports/pull/354 (now closed)
-
- In Status Monitoring, NTP, the graph and stats data below it show the time offset. This varies plus and minus from ze...
-
- I shuffled that block of code around so much trying to get the wording/formatting right that one slipped by. I pushed...
-
04:33 AM Feature #7529: CPU Type
- Looking at the commit, I think there is an error in functions.inc.php :
the line:
$cpucrypto_active = is_module_loa...
05/12/2017
-
07:09 PM Bug #7352: pfSense IPv6 static route is dumped after a WAN flap
- Michael Zieher wrote:
> What happens if you just open a page (WAN Interface maybe), click 'save' without changing an... -
- When adding a new static route into an Alias group the route does not populate until a resave.
Steps to reproduce:
... -
02:47 PM Bug #4310: Limiters + HA results in hangs on secondary
- Hmmm.... this is very much no not ideal. :( I was going to do this in a new environment as we have soft limits in our...
-
- Applied in changeset commit:a84e59a27094e3ccc4f13b596ff1bb80e3ae267a.
-
- Thanks Steve!
-
10:36 AM
Todo #7546 (Resolved): d3pie version update
- Updated as requested
-
10:17 AM
Todo #7546: d3pie version update
- Checking for compatibility
-
- pfSense has d3pie v0.1.6, while the latest version is 0.2.1
https://github.com/benkeen/d3pie
Can this ... -
- Great - I'll be sure to check it out when it's compiled into a snapshot.
Thanks Jim -
- I just cherry-picked the OpenVPN 2.4.2 port update commit to the ports branch for pfSense 2.4 snapshots, so the next ...
-
- Fantastic - that's great news.
James -
- Yep, that's already on our to-do list. It was just updated in the FreeBSD ports tree late last night.
The export p... -
- Hi there,
I am unsure whether the pfSense 2.4 version will include the OpenVPN 2.4.2 version or just 2.4. However,... -
- It works correctly on 2.3.4 and 2.4, no problems with a proper configuration. You may have something else wrong with ...
-
04:32 AM Bug #7542 (Rejected): Enter Persistent CARP Maintenance Mode is broken in pfsense 2.4
- Just upgraded my pfsense ha-cluster to v2.4. If i try to switch one of my nodes into persistent CARP maintenance mode...
-
06:46 AM pfSense Packages Bug #7543: pfBlockerNG doesn't appear to pull IP block lists that are marked as "OFF" if previously they were enabled
- It's a bug. The update message should reflect the deletion of the IP ranges associated with the list set to "OFF". ...
-
-
- Andrew - wrote:
> Please can you confirm whether pfBlockerNG is properly pulling lists of IPs that are changed from ... -
- If you have various IPv4 lists and set one of them to "ON", but then subsequently set it to "OFF", it appears that pf...
-
-
- That is not possible, there is no such keyword for pf, and there isn't any viable way for us to handle that on the fi...
-
05:09 AM Feature #7544 (Rejected): Graphing hits against firewall rules.
- In the Extra Options in the filewall rule would it be possible to add the following under Log packets that are handle...
05/11/2017
-
- Conducted another test:
(From my workstation 10.3.70.40)
ping 10.11.2.15
ping -l 1500 10.11.2.15
(From my vir... -
04:03 PM Feature #7541 (New): ZFS Install, add hot spare option
- Since the 2.4 beta installer has the option to setup ZFS, and a lot of parameters, I would like to see the installer ...
-
- Applied in changeset commit:83d2b83af9953ecbcc5917d935f077e7dabe8e10.
-
- We currently prevent some valid characters from being used in fields such as Organization, such as ".", "!", "~", and...
-
- We report what OpenVPN's management interface reports. In this case, that is actually the remote client's _source_ po...
-
10:25 AM pfSense Packages Bug #7539 (Rejected): OpenVPN dashboard widget shows 1194 for client connections
- I have never submitted a bug before, but I have noticed this issue now that I have built a second VPN server to play ...
05/10/2017
-
- This seemed safe enough and reports of significant speed increases, especially on SG-1000, made this desirable for 2....
-
- Applied in changeset commit:7618a842d54eade58007ab72c751b1f1a900f840.
-
12:37 PM Feature #7537 (Resolved): Include mellanox mlx4 and mlx5 ethernet driver
- Hello Devs,
I know you guys doesn't like infiniband, but since there is a lot of cheap option with mellanox card, ... -
11:35 AM Bug #7536 (Duplicate): <sendpacket> sendmsg on cpsw0: Permission denied
- I noticed the following log entry and I'm not sure what it indicates. This is on an SG-1000. I noticed this because I...
-
- I'm running 2.3.4. Snort is completely burying other messages in System / General. It should have its own log.
-
08:02 AM Bug #7534 (Not a Bug): gif interface with /64 subnet gets configured as /128
- A gif tunnel (with tunnelbroker.net) has been configured with /64 nets in GIF settings, as well as on OPT6 interface ...
-
-
- Fixed - all languages in the drop-down now work,
2.4.0-BETA (amd64)
built on Tue May 09 13:43:38 CDT 2017
FreeBSD ...
Also available in: Atom