Activity

30 days up to

User

Subprojects

Activity

From 09/19/2017 to 10/18/2017

10/18/2017

10:09 PM Bug #7969 (Resolved): md5 bgp sessions fail in 2.4.0: Upgraded to 2.4.0 from 2.3.4 and my bgp sessions which were secured via TCP md5 configurations in openbgpd & the new ... Andrew Dul
08:50 PM Bug #7748: VLAN Priority: Luiz Souza wrote:
> Found the regression. Please test the next snapshot.
No luck for me (Google Fiber) on snapsh... Corey Doss
07:34 PM Bug #7748 (Feedback): VLAN Priority: Found the regression. Please test the next snapshot. Luiz Souza
07:06 PM Bug #7927: (filterdns), uid 0: exited on signal 11 (core dumped): As of 2.4.1.a.20171018.1438, I am not seeing further reports of a core dump by filterdns. Chase Turner
05:02 PM Revision 2b38f54d: Recognize the first level tag of QinQ interfaces as standard VLANs.: Luiz Souza
04:37 PM Bug #7604: Bug #6594 is not resolved: Waiting for Internet connection to update pkg metadata and finish package reinstallation: So I just tried again... this must be the most braindead thing ever.... Kill Bill
03:29 PM Feature #7968 (Resolved): Display NDI on shell menu: The NDI is displayed in the webGUI but not the shell menu. This forces customers to access the webGUI before they can... Clinton Cory
03:22 PM Revision 7857b28e: Disable zabbix 3.4 on pfSense 2.3.4: Renato Botelho
03:18 PM Revision 8ed52700: Enable build of new Zabbix versions (2.2, 3.2 and 3.4): Renato Botelho
03:18 PM Revision 2f66e4e6: Enable build of new Zabbix versions (2.2, 3.2 and 3.4): Renato Botelho
02:18 PM Bug #7967 (Not a Bug): LDAP User Naming Attribuite override isn't used in pfSense 2.4: The LDAP user naming attribute is read from the configuration and CN is not hardcoded, so it can only be from somethi... Jim Pingle
02:14 PM Bug #7967: LDAP User Naming Attribuite override isn't used in pfSense 2.4: I have been unable to duplicate this. A configured LDAP server here uses uid and the query is properly-filtered with ... Chris Linstruth
01:33 PM Bug #7967 (Not a Bug): LDAP User Naming Attribuite override isn't used in pfSense 2.4: Version 2.4 Authentication Servers page, User Naming Attribute is set to something other than CN. In my case the LDA... Anonymous
02:09 PM Bug #7925 (Resolved): VT race condition panic at boot on ESXi 6.5.0U1 and FreeBSD 11.1 base: I ran some more tests:
kern.vty=sc ADDED to /boot/loader.conf.local: 72 reboots (6 VMs, 12 reboots each), no crash... Jim Pingle
11:50 AM Bug #7925: VT race condition panic at boot on ESXi 6.5.0U1 and FreeBSD 11.1 base: To rule that out we should setup the kern.vty=sc workaround and continue testing for a bit to see if it still crashes... Jim Pingle
11:36 AM Bug #7925: VT race condition panic at boot on ESXi 6.5.0U1 and FreeBSD 11.1 base: Ok, I see now the two different crashes on the OP post.
While I take back part of what I said before, It still doe... Luiz Souza
11:32 AM Bug #7925: VT race condition panic at boot on ESXi 6.5.0U1 and FreeBSD 11.1 base: The recent crashes seems unrelated to the original crash in VT.
They actually seem to happen quite late in the ker... Luiz Souza
09:23 AM Bug #7925 (Assigned): VT race condition panic at boot on ESXi 6.5.0U1 and FreeBSD 11.1 base: Ditto, I see a similar crash. I had to reboot 5 VMs a few times before one of them failed.
!Selection_709.png! Jim Pingle
03:38 AM Bug #7925: VT race condition panic at boot on ESXi 6.5.0U1 and FreeBSD 11.1 base: Tried on 2 different esxi hosts latest 2.4.1 ova rebooted 20 times each VM. Once got error for 2nd VM.
!vm_bug.png... Constantine Kormashev
01:44 PM Revision c3a6a00f: Add missing space: Renato Botelho
01:12 PM Revision 2a781563: Fix #7953: Make sure a proper empty array is returned instead of NULL: Renato Botelho
01:11 PM Revision 58572d45: Revert "Fix #7953: Make sure NULL values are not passed to XMLRPC functions": This reverts commit 73ee3d78d505c10e8c70606bf008732833c00859. Renato Botelho
12:24 PM pfSense Packages Feature #7657: OpenBGPD local-as feature in neighbors context: +1 for updating the openbgpd package so that it can support local-as.
Current package version will give me a syn... Andrew Dul
12:04 PM pfSense Packages Bug #7954: Package upgrade/reinstall gets stuck on deinstall if the package-provided service is not running: Sure, that should work fine Jim Pingle
12:01 PM pfSense Packages Bug #7954: Package upgrade/reinstall gets stuck on deinstall if the package-provided service is not running: Jim Pingle wrote:
> Looks like one viable method might be to echo with @&@, capture the pid of that process, sleep f... Kill Bill
11:39 AM pfSense Packages Bug #7954: Package upgrade/reinstall gets stuck on deinstall if the package-provided service is not running: Well yes I think there's something broken about c-icap in general, the named pipe (fifo) should vanish once the servi... Kill Bill
11:30 AM pfSense Packages Bug #7954: Package upgrade/reinstall gets stuck on deinstall if the package-provided service is not running: Looks like one viable method might be to echo with @&@, capture the pid of that process, sleep for a moment, and then... Jim Pingle
11:20 AM pfSense Packages Bug #7954 (Confirmed): Package upgrade/reinstall gets stuck on deinstall if the package-provided service is not running: OK, that does make a difference. If there are stale PID files it seems to get stuck because "/bin/sh /usr/local/etc/r... Jim Pingle
10:15 AM pfSense Packages Bug #7954: Package upgrade/reinstall gets stuck on deinstall if the package-provided service is not running: Jim Pingle wrote:
> I setup squid and enabled clamav, so I have squid, clamav, and c-icap services running. I manual... Kill Bill
09:37 AM pfSense Packages Bug #7954 (Feedback): Package upgrade/reinstall gets stuck on deinstall if the package-provided service is not running: I can't seem to replicate this as-is but there could be something I haven't quite triggered yet.
I setup squid and... Jim Pingle
10:00 AM Bug #7953 (Resolved): XMLRPC produces an error when attempting to sync an empty section: Works now, the last item delete gets synchronized as expected. Jim Pingle
08:20 AM Bug #7953 (Feedback): XMLRPC produces an error when attempting to sync an empty section: Applied in changeset commit:2a781563c6acf925a45e74d6c2f72d0e9b4173f9. Renato Botelho
09:42 AM Bug #7868 (Resolved): bsmtpd hostres feature should not be active when running on esx/proxmox/virtualbox: After the fix for #6882 this is no longer necessary. Jim Pingle
09:40 AM Bug #7960 (Resolved): Wirelss WAN can get caught in a configure loop: This looks good now. After upgrading to the latest snap, I can have a wireless WAN assigned and working, and also edi... Jim Pingle
09:10 AM Bug #6882 (Resolved): bsnmpd uses all available CPU with hostres module active in some cases: After importing the FreeBSD patch, this appears to be OK. CPU usage is back to normal, no sign of a memory leak, and ... Jim Pingle
07:53 AM Bug #7964: Restart openvpn on gateway switching: perhaps this would help: --remap-usr1 SIGHUP
I don't know how you handle openvpn exactly. Have you send SIGUSR1? At ... Grischa Zengel
07:09 AM pfSense Packages Bug #7963 (Not a Bug): Unable to upgrade pfSense v2.3.4-RELEASE to v2.3.4-RELEASE-p1 via web admin site. Clicking 'y' on console continues upgrade successfully.: Jim Pingle
04:11 AM pfSense Packages Bug #7965: freeradius 3 with MySQL: hmmm.... will this commit fall into the repository? or nothing?
how can I help? Konstantin Ab
04:07 AM pfSense Packages Bug #7965: freeradius 3 with MySQL: There is nothing for testing (beyond reverting that commit). The linked commit is potentially a *source* of the issue... Kill Bill
03:37 AM pfSense Packages Bug #7965: freeradius 3 with MySQL: where its apply for testing? Konstantin Ab
03:03 AM pfSense Packages Bug #7965: freeradius 3 with MySQL: This commit: https://github.com/pfsense/FreeBSD-ports/commit/eafa6ca5d0b89a3e6a9110dfea8e2a89fe24d245
- The hunk s... Kill Bill
03:17 AM Bug #7966 (Resolved): Live traffic graphs appear to have sampling errors: The Status > Traffic Graphs function and the Traffic Graph widget appear to have a regression (#7515 ? ).
The samp... Chris Linstruth
02:29 AM Bug #7426: UDP packet drops: The reason of UDP drop is packet processing slowdown which happens on ARM devices (1k, 3100). I observed ~2-7% for di... Constantine Kormashev

10/17/2017

11:58 PM pfSense Packages Bug #7965: freeradius 3 with MySQL: i use freeradius for Plain MAC Authentication Konstantin Ab
11:54 PM pfSense Packages Bug #7965 (Resolved): freeradius 3 with MySQL: sorry, I will duplicate issue 7947, BUT i think this is a 100% bug. Please, let's take it seriously.
I'm upgrading... Konstantin Ab
09:51 PM Revision 48450841: Helped make the ajax more robust to check for non json return types: Stephen Jones
09:37 PM Bug #7964: Restart openvpn on gateway switching: After the PPPoE interface is up, the openvpn clients still use Tier2 and didn't fall back to Tier1. Grischa Zengel
08:32 PM Bug #7964 (New): Restart openvpn on gateway switching: I have 2 openvpn clients with GW Group configured.
While Tier1 interface (PPPoE) was going down the two openvpn cras... Grischa Zengel
08:39 PM Revision 55c60100: Revert "Added JSON checks for widgets to prevent parsing errors.": This reverts commit e63aee854214c93fd0cba71f7023c194942c1ca9. Stephen Jones
08:10 PM Revision e63aee85: Added JSON checks for widgets to prevent parsing errors.: (cherry picked from commit 63f686bde3e95eed8d2223d00e5f6403a5ef2d4c) Stephen Jones
08:03 PM Revision 63f686bd: Added JSON checks for widgets to prevent parsing errors.: Stephen Jones
07:47 PM Revision 1b21bfdb: Simplify the code a little bit.: Luiz Souza
07:46 PM Revision 0d9b74f1: add cache busting to css using last modified timestamp: Jared Dillard
07:45 PM Revision 2e155305: Use the new function to validate the VLAN tags.: Luiz Souza
07:42 PM Revision 0793de1a: Fix the QinQ support.: Bring the QinQ support to the VLAN dotted format.
To avoid breaks third party software (such as dhcpd), we silently ... Luiz Souza
07:11 PM Revision 08a5e9a6: add cache busting to css using last modified timestamp: Jared Dillard
07:03 PM Revision cbd7c398: Restore auth_check(): Steve Beaver
06:43 PM Revision 6a6c0b16: Added back the previous commit since it got overwritten.: Stephen Jones
06:37 PM Revision 58f31015: Related to redmine #6318 helps fix some times when it would get back null data after a session ended: Stephen Jones
06:15 PM pfSense Packages Bug #7963: Unable to upgrade pfSense v2.3.4-RELEASE to v2.3.4-RELEASE-p1 via web admin site. Clicking 'y' on console continues upgrade successfully.: Steve Tanti wrote:
> Jim Pingle wrote:
> > Be sure to go to System > Update, Update Settings tab. Set the branch to... Steve Tanti
05:57 PM pfSense Packages Bug #7963: Unable to upgrade pfSense v2.3.4-RELEASE to v2.3.4-RELEASE-p1 via web admin site. Clicking 'y' on console continues upgrade successfully.: Jim Pingle wrote:
> Be sure to go to System > Update, Update Settings tab. Set the branch to Security/Errata Only an... Steve Tanti
05:43 PM pfSense Packages Bug #7963 (Feedback): Unable to upgrade pfSense v2.3.4-RELEASE to v2.3.4-RELEASE-p1 via web admin site. Clicking 'y' on console continues upgrade successfully.: Be sure to go to System > Update, Update Settings tab. Set the branch to Security/Errata Only and then try again. Jim Pingle
05:40 PM pfSense Packages Bug #7963 (Not a Bug): Unable to upgrade pfSense v2.3.4-RELEASE to v2.3.4-RELEASE-p1 via web admin site. Clicking 'y' on console continues upgrade successfully.: When I trigger an upgrade via the web console it hangs stating:
>>> Downloading upgrade packages...
I left it f... Steve Tanti
06:14 PM Revision 25a95b4c: Use pkg-static binary to prevent errors when moving to new major FreeBSD version: Renato Botelho
06:14 PM Revision 1dee6294: Use pkg-static binary to prevent errors when moving to new major FreeBSD version: Renato Botelho
06:13 PM Revision 9a0f7e2a: Use pkg-static binary to prevent errors when moving to new major FreeBSD version: Renato Botelho
06:13 PM Revision 58e60eb9: Use pkg-static binary to prevent errors when moving to new major FreeBSD version: Renato Botelho
06:10 PM Revision 73ee3d78: Fix #7953: Make sure NULL values are not passed to XMLRPC functions: Renato Botelho
04:57 PM Revision b87f0429: IPSec widget no longer includes session timout code: Steve Beaver
04:04 PM Revision 93d3a065: Do not reconfigure wireless on a link up event, or else it can get stuck in a loop. Fixes #7960: Jim Pingle
03:37 PM Bug #7951 (Resolved): WPA2 issue (KRACK): Looks good as far as I can see, with hostapd and wpa_supplicant are updated and running as expected. Jim Pingle
12:27 PM Bug #7951: WPA2 issue (KRACK): I've tested with ath0 and run0 as AP and BSS mode, both run the appropriate binaries from ports and appear to be OK. Jim Pingle
07:08 AM Bug #7951 (Feedback): WPA2 issue (KRACK): Start using hostapd / wpa_supplicant from ports on 2.4.1 and 2.3.5. Next round of snapshots should be OK Renato Botelho
03:03 PM Bug #7953 (Assigned): XMLRPC produces an error when attempting to sync an empty section: The XMLRPC error is gone but the affected section does not sync when empty.
You can never delete the last virtual ... Jim Pingle
01:19 PM Bug #7953 (Feedback): XMLRPC produces an error when attempting to sync an empty section: Fix pushed Renato Botelho
02:19 PM Bug #6954 (Resolved): New installer has no "Quick/Easy" installation option: The Auto (UFS) behavior with a single drive works well Jim Pingle
07:28 AM Bug #6954 (Feedback): New installer has no "Quick/Easy" installation option: Added in 2.4.0 installer already. When Auto (UFS) is selected, if there is only one available disk it's automatically... Renato Botelho
01:55 PM Feature #7962: Support for Intel 553 network card: Hi,
could also be easier as this here:
https://lwn.net/Articles/735126/ or in more detail this: https://revie... Cullen Trey
01:16 PM Feature #7962 (Resolved): Support for Intel 553 network card: Hi,
just tried to get a Intel 553 network card running in pfsense 2.4, but it does not work.
Issue https://red... Cullen Trey
12:30 PM Bug #7868: bsmtpd hostres feature should not be active when running on esx/proxmox/virtualbox: It looks good with a gitsync, but needs another test once it's in snapshots. Jim Pingle
07:30 AM Bug #7868 (Feedback): bsmtpd hostres feature should not be active when running on esx/proxmox/virtualbox: Fix committed to FreeBSD-src and exceptions removed from GUI Renato Botelho
12:29 PM Bug #7921 (Resolved): Reset All States on WAN IP Change does not stay unchecked when disabled in GUI: The GUI control properly reflects the state of the option in the configuration, and changes are saved properly. Jim Pingle
12:26 PM Bug #7939 (Resolved): Voucher test page produces no output: Testing and expiring works now. Jim Pingle
12:25 PM Bug #7810 (Resolved): openssl/openvpn need to have loaded booth AESNI and cryptodev to accelerate AES operations , but gui alows you load only one at once: Jim Pingle
12:24 PM Bug #7810: openssl/openvpn need to have loaded booth AESNI and cryptodev to accelerate AES operations , but gui alows you load only one at once: Verified that the correct combination of aesni.ko and cryptodev.ko are present after a reboot and that cryptodev is o... Chris Linstruth
12:22 PM Todo #7938 (Resolved): Change pfSense-upgrade to use pkg-static instead of pkg: Looks to me like all of the references in the pfSense-upgrade code now call pkg-static so this is done. Jim Pingle
12:15 PM Bug #7937 (Resolved): FreeBSD 11 removed legacy ada aliases, some older installs will fail to mount root post-upgrade: Latest fix did the trick. I can now start with a VM with a legacy style fstab and the upgrade completes and boots up ... Jim Pingle
10:30 AM Bug #7937 (Feedback): FreeBSD 11 removed legacy ada aliases, some older installs will fail to mount root post-upgrade: I've added it to pfSense-repo package post-install script Renato Botelho
12:14 PM Bug #7925: VT race condition panic at boot on ESXi 6.5.0U1 and FreeBSD 11.1 base: I can't reproduce this on 2.4.1 snapshots but it was so random before that doesn't give me much confidence.
Anyone... Jim Pingle
12:12 PM Feature #7506 (Resolved): Use "auth-retry nointeract" to prevent OpenVPN clients from exiting or attempting to prompt for passwords: Works Jim Pingle
12:10 PM Revision e8972c2f: Fix 7868 - Allow to enable hostres on all platforms after fix on FreeBSD-src: Renato Botelho
12:07 PM Feature #7814 (Resolved): Unbound serve-expired please add to GU as tickbox: We've tested this a bit and it's working. Jim Pingle
12:01 PM Feature #7814: Unbound serve-expired please add to GU as tickbox: Martin informed this has been accepted and merged. Chris Collins
07:45 AM Feature #7814 (Feedback): Unbound serve-expired please add to GU as tickbox: Anonymous
11:21 AM Bug #7942 (Feedback): QinQ interfaces never show as active: Please, test again when the next snapshot is ready.
It is fixed and updated to use the same name format as VLANs.
... Luiz Souza
11:11 AM pfSense Packages Feature #7895: Add a script for CARP monitoring to NRPE: Here is a fixed version, I tested it based on your above output.
It now gives the following result :... Stéphane Lapie
10:43 AM pfSense Packages Feature #7895: Add a script for CARP monitoring to NRPE: Ah, I think I see. I did not handle the case of multiple VHIDs on one interface, I will fix it right now. Stéphane Lapie
10:11 AM pfSense Packages Feature #7895: Add a script for CARP monitoring to NRPE: I agree that it would be very helpful if there was a way to monitor carp status via SNMP.
I ran your script on my ... Phillip Hernandez
11:10 AM Bug #7960 (Feedback): Wirelss WAN can get caught in a configure loop: Applied in changeset commit:93d3a065260441dcb32fcd69cf4cb806d1021eea. Jim Pingle
11:04 AM Bug #7960 (Resolved): Wirelss WAN can get caught in a configure loop: At least with some wireless devices, they send a link up event to the OS when they associate successfully. This trigg... Jim Pingle
11:06 AM pfSense Packages Bug #7961 (Resolved): JS Error on Status > Monitoring: If you go to Status > Monitoring click Settings > Display Advanced > add view and then click cancel you get this cons... Anonymous
11:00 AM Revision 6a7a320e: Use hostapd / wpa_supplicant from ports when available: Renato Botelho
10:59 AM Revision 95605da1: Use hostapd / wpa_supplicant from ports when available: Renato Botelho
10:46 AM Revision 19a9070e: Enable build of new Zabbix versions (2.2, 3.2 and 3.4): Renato Botelho
10:37 AM Revision af0d2a1f: Enable build of new Zabbix versions (2.2, 3.2 and 3.4): Renato Botelho
10:28 AM Revision ac717bc0: Update Zabbix options: - Bring versions 3.2 and 3.4
- Enable IPMI, VMware and SSH monitoring for Zabbix Proxy
- Remove unnecessary items
(c... Danilo Baio
10:28 AM Revision af40692f: Update Zabbix options: - Bring versions 3.2 and 3.4
- Enable IPMI, VMware and SSH monitoring for Zabbix Proxy
- Remove unnecessary items
(c... Danilo Baio
10:28 AM Revision 54869134: Update Zabbix options: - Bring versions 3.2 and 3.4
- Enable IPMI, VMware and SSH monitoring for Zabbix Proxy
- Remove unnecessary items
(c... Danilo Baio
10:27 AM Revision 863ce211: Merge pull request #3851 from dbaio/master: Renato Botelho
10:17 AM pfSense Packages Bug #7959 (Not a Bug): Dpinger - Probe Interval: Dear Team
We are working with WAN satellite connections limited in bandwidth data per month.
The maximum probe inte... Lampros Papanastasiou
10:08 AM Bug #7958: Upgrade 2.4.0: IP alias with FQDN doesn't work any more: OK. Now have a look at the forum.
It looks like filterdns stops working and after a big change a second one will be ... Grischa Zengel
08:30 AM Bug #7958: Upgrade 2.4.0: IP alias with FQDN doesn't work any more: If it ever worked, it was by luck alone.
When I try to resolve www.google.de, I only receive two responses (one I... Jim Pingle
08:27 AM Bug #7958: Upgrade 2.4.0: IP alias with FQDN doesn't work any more: It was a test with google ...
The point is, that the other address are not shown.
And before update it worked as ... Grischa Zengel
08:24 AM Bug #7958: Upgrade 2.4.0: IP alias with FQDN doesn't work any more: You cannot rely on alias resolution for domains which return random sets of addresses. That will never work properly ... Jim Pingle
08:23 AM Bug #7958: Upgrade 2.4.0: IP alias with FQDN doesn't work any more: Some more info:
I'm using Domain Overrides.
I put www.google.de and a host from my Domain Overrides into a table ... Grischa Zengel
07:30 AM Bug #7958 (Not a Bug): Upgrade 2.4.0: IP alias with FQDN doesn't work any more: It works fine here on several firewalls and there is nowhere near enough detail here or on the linked thread to sugge... Jim Pingle
07:24 AM Bug #7958 (Not a Bug): Upgrade 2.4.0: IP alias with FQDN doesn't work any more: I'm not alone with this problem so I decide to open a issue an this:
https://forum.pfsense.org/index.php?topic=13817... Grischa Zengel
08:47 AM Bug #7856: IPsec status does not show all connected mobile clients: I did some tests with SG-2220 (2.4.1-DEVELOPMENT (amd64)) and IPsec widget was on Dashboard, but there wasn't any IPs... Azamat Khakimyanov
07:45 AM Bug #7748: VLAN Priority: Downgraded last night to 2.3.4, packets are now being properly tagged again. Here are some examples:... Oliver Palmer
06:58 AM Feature #7957 (New): GUI theme - separate "colour" from "compact/normal" in theme dropdown: At the moment one can choose themes such as normal, dark, and compact-RED.
There is also a colour selector with a wi... Stilez y
06:36 AM Feature #7956: Favicon able to match GUI colour setting?: Sample favicons attached Stilez y
06:19 AM Feature #7956 (New): Favicon able to match GUI colour setting?: I'm finding that with multiple pfSense routers in use, choosing the right tab in the browser would be a lot easier if... Stilez y
05:50 AM Bug #7955 (Closed): Upgrade in 2.4 GUI appears to fail when it actually succeeded (no D/L completion or reboot message, or sign of completion): In previous versions, when upgrading, the activity textbox displays what's happening. At the end it said something li... Stilez y

10/16/2017

07:49 PM Revision 12bcf7e9: Change the VLAN inteface names to use the 'dotted' format of FreeBSD, which is shorter and helps to keep the interface name smaller than the limit (16).: This fixes the 4 digit VLAN issues when the NIC name is 6 bytes long.
Ticket #294 Luiz Souza
07:07 PM Revision 40437d5d: xmlrpc, webgui, prevent that a xmlrpc.lock is placed that is never unlocked, thus hanging php and the webgui after a few more sync request are trying to acquire the lock and all are waiting..: (cherry picked from commit 8239af2dc167fd865818a29b4e01d7e464d564d3) Pi Ba
07:07 PM Revision ee0e2507: Merge pull request #3848 from PiBa-NL/20171011-xmlrpc-prevent-lost-lock: Renato Botelho
07:07 PM Revision 6665dd8c: Remove no-op code: See https://redmine.pfsense.org/issues/7889 for related discussion
(cherry picked from commit 401e2ac783756e22ab738d... Doktor Notor
07:07 PM Revision fc9abcc7: Remove no-op code: See https://redmine.pfsense.org/issues/7889 for related discussion
(cherry picked from commit cbbb8fdb62fc75bfac28b2... Doktor Notor
07:06 PM Revision 8734adf8: Merge pull request #3838 from doktornotor/patch-9: Renato Botelho
06:31 PM Revision 840a290e: Merge pull request #3831 from luckman212/patch-1: Renato Botelho
06:21 PM Revision e4aef1ed: Merge pull request #3850 from doktornotor/patch-11: Renato Botelho
06:07 PM Revision f96376a3: Allow both AES-NI and Crypto modules to be loaded at the same time. Fixes #7810: Jim Pingle
06:07 PM Bug #7951: WPA2 issue (KRACK): Fixes for KRACK now in FreeBSD Ports tree: https://github.com/freebsd/freebsd-ports/commit/e0ec9d45b57b88487440141915... Jim Thompson
10:08 AM Bug #7951 (Resolved): WPA2 issue (KRACK): We need to import the FreeBSD fixes for wpa_supplicant and hostapd related to the recently-disclosed key reinsertion ... Jim Pingle
05:53 PM Revision 5e5b13a9: Merge pull request #3821 from PiBa-NL/20170916-bsnmp-hostrest-check: Renato Botelho
05:43 PM Bug #6455: Can't delete Virtual IP "referenced by a least one gateway" if gateway outside interface subnet: Thanks! Just ran into this and changed the mast to /32 and I was then able to delete it. I thought it was a 2.4.0 bug... Brendon Baumgartner
05:16 PM Revision 2105c0e2: Change OpenVPN to retry client auth when it fails by default, rather than making the process exit which confuses users. Fixes #7506: (cherry picked from commit a69a9182278bab4843f3215a1b484f9452558884) Jim Pingle
05:14 PM Revision a69a9182: Change OpenVPN to retry client auth when it fails by default, rather than making the process exit which confuses users. Fixes #7506: Jim Pingle
04:17 PM Revision 7a696510: Merge pull request #3817 from marjohn56/Unbound-serve-expired: Steve Beaver
04:09 PM Revision 9503d881: Merge pull request #3826 from doktornotor/patch-5: Steve Beaver
04:05 PM Revision 84ec58b7: Unbound Serve expired: Serve expired – Records stay in cache after TTL expires, with a TTL value of 0, if a new lookup is requested the cach... Martin Wasley
03:45 PM Revision c676c135: Fixed #7896: 2.3 is slightly different than 2.4 with different variables so this
fix is different than the 2.4 version. Stephen Jones
03:42 PM Bug #7884 (Resolved): Unbound refusing non-recursive/iterative queries even from localhost: Jim Pingle
03:34 PM Bug #7884: Unbound refusing non-recursive/iterative queries even from localhost: On pfSense-netgate-memstick-ADI-2.4.1-DEVELOPMENT-amd64-20171016-1127.img "dig google.com +trace" and "drill -T googl... Anonymous
03:28 PM pfSense Packages Bug #7871 (Resolved): Add squid validation for selected CA when MITM is enabled: Great, thanks for testing! Jim Pingle
03:22 PM pfSense Packages Bug #7871: Add squid validation for selected CA when MITM is enabled: Looks good here, only usable CAs are being offered in the Squid GUI with 0.4.42. Thanks! Kill Bill
11:19 AM pfSense Packages Bug #7871 (Feedback): Add squid validation for selected CA when MITM is enabled: OK I added two different sets of protection:
1. Input validation to warn if a user selected a CA without a private... Jim Pingle
03:22 PM Revision a55c5a21: roll back for 2_3 for picture widget: Stephen Jones
03:20 PM pfSense Packages Bug #7954 (Confirmed): Package upgrade/reinstall gets stuck on deinstall if the package-provided service is not running: So you have a package and the service is not running. Trying to upgrade/reinstall produces the following:... Kill Bill
02:55 PM Bug #7953 (Resolved): XMLRPC produces an error when attempting to sync an empty section: When attempting to sync an empty section (e.g. VIPs are set to sync, but no VIPs are defined), the following error is... Jim Pingle
02:55 PM Revision 1f8a9b40: Fixed #7896: Handled the case where there is no picture and made it simpler to load
a picture.
(cherry picked from commit dc91c94... Stephen Jones
02:51 PM Revision 14ef41c4: Let 2.4.0 users to go to 2.4.1: Renato Botelho
02:28 PM Revision dc91c949: Fixed #7896: Handled the case where there is no picture and made it simpler to load
a picture. Stephen Jones
01:57 PM Revision 7f9b448f: Fixed #7714: Added JS code to formate the date/time for UCT
(cherry picked from commit 893b609111be502233a7a4ad6804fff1e4779a03) Steve Beaver
01:53 PM Revision 893b6091: Fixed #7714: Added JS code to formate the date/time for UCT Steve Beaver
01:27 PM Revision 7077ba39: Update Zabbix options: - Bring versions 3.2 and 3.4
- Enable IPMI, VMware and SSH monitoring for Zabbix Proxy
- Remove unnecessary items Danilo Baio
01:20 PM Bug #7810 (Feedback): openssl/openvpn need to have loaded booth AESNI and cryptodev to accelerate AES operations , but gui alows you load only one at once: Applied in changeset commit:f96376a378211155181a02a053cbb7ff9a700056. Jim Pingle
10:34 AM Bug #7810: openssl/openvpn need to have loaded booth AESNI and cryptodev to accelerate AES operations , but gui alows you load only one at once: There is still some debate as to whether or not this is even necessary or would ever help, but it should be simple to... Jim Pingle
01:12 PM pfSense Packages Bug #7947 (Rejected): freeRadius 3 on pfSense 2.4 not work: There isn't enough really to go on here, please start a forum thread so we can discuss and diagnose the issue. Also, ... Jim Pingle
12:57 AM pfSense Packages Bug #7947: freeRadius 3 on pfSense 2.4 not work: i edit /usr/local/etc/raddb/sites-enabled/default
i comment:... Konstantin Ab
12:42 AM pfSense Packages Bug #7947: freeRadius 3 on pfSense 2.4 not work: i use EAP section
and freeRadius2 worked in 2.3.4
2.4 + FR3 = not worked Konstantin Ab
12:30 PM Feature #7506 (Feedback): Use "auth-retry nointeract" to prevent OpenVPN clients from exiting or attempting to prompt for passwords: Applied in changeset commit:a69a9182278bab4843f3215a1b484f9452558884. Jim Pingle
12:26 PM Revision 233dde07: Fixed #7921: (cherry picked from commit 5fce3e8e905c3a2029475293cf760ee2c2a51074) Steve Beaver
12:24 PM Revision 5fce3e8e: Fixed #7921: Steve Beaver
12:18 PM pfSense Packages Feature #7945 (Resolved): NET-SNMP - Flooding log entries: Great, thanks for testing!
Jim Pingle
12:06 PM pfSense Packages Feature #7945: NET-SNMP - Flooding log entries: Jim Pingle wrote:
> I just pushed a fix for this, it will show up shortly to install.
Updated and tested. Looks g... Nonada Nonadz
07:49 AM pfSense Packages Feature #7945 (Feedback): NET-SNMP - Flooding log entries: I just pushed a fix for this, it will show up shortly to install. Jim Pingle
11:43 AM Bug #7946: 2.4 Package Manager: Does Not List Installed Packages which have been removed from the repository.: It seems to be anything it can't validate against the current repository (offline or online). It should list them all... Jim Pingle
11:41 AM Bug #7946: 2.4 Package Manager: Does Not List Installed Packages which have been removed from the repository.: Well yes, the inability to produce/take into account any offline results is indeed a bug. Kill Bill
07:54 AM Bug #7946: 2.4 Package Manager: Does Not List Installed Packages which have been removed from the repository.: It may still be a bug though. The package is indeed gone from the server-side database but it's still installed local... Jim Pingle
11:35 AM pfSense Packages Bug #7941 (Not a Bug): ntop-ng. Unable to reach web page: This was an issue with the rules on that one system and not a problem with ntopng. Jim Pingle
08:19 AM pfSense Packages Bug #7941 (Feedback): ntop-ng. Unable to reach web page: I see those errors here but it appears they happen during install or boot when it gets stopped/started a couple times... Jim Pingle
11:16 AM pfSense Packages Bug #7952 (Closed): OpenVPN export package for Windows flagged by a few AV's: We have received a report that exported OpenVPN client package is flagged by a few AV's.
https://forum.pfsense.or... Ivor Kreso
10:48 AM Revision e9bb33f3: Fix #7949: Add UEFI 32 and UEFI 64 filenames defined inside a pool to dhcpd.conf Renato Botelho
10:47 AM Revision 9d775c75: Fix #7949: Add UEFI 32 and UEFI 64 filenames defined inside a pool to dhcpd.conf Renato Botelho
09:40 AM Bug #7896 (Feedback): picture_widget.php: Applied in changeset commit:dc91c9490a61c374b4358a3a328019f3e0e150ab. Anonymous
09:10 AM Bug #7714: NTP Widget Time Display: Applied in changeset commit:7f9b448ff7d926c4c5b69ada8625e728c3f5c715. Anonymous
09:00 AM Bug #7714 (Feedback): NTP Widget Time Display: Applied in changeset commit:893b609111be502233a7a4ad6804fff1e4779a03. Anonymous
08:04 AM Bug #7940: disabling LAGG causes system reboot on 2.4: That does look almost identical to #7119, we should check to see if those patches need any adjustments for FreeBSD 11.1. Jim Pingle
07:54 AM Bug #7917: GUI shows "There are no packages currently installed" when repos are unreachable: See also: #7946 Jim Pingle
07:40 AM Bug #7921 (Feedback): Reset All States on WAN IP Change does not stay unchecked when disabled in GUI: Applied in changeset commit:5fce3e8e905c3a2029475293cf760ee2c2a51074. Anonymous
07:38 AM Bug #7948 (Rejected): pfsense 2.4 fall in black screen on ESXI 6.5: Please start a new thread on the forum with was much detail as possible. There is not enough to go by here, and some ... Jim Pingle
01:12 AM Bug #7948 (Rejected): pfsense 2.4 fall in black screen on ESXI 6.5: after upgrade from 2.3.4 pfsense periodically fall in black screen
you can enter letters from the keyboard, but th... Konstantin Ab
07:22 AM pfSense Packages Bug #7950 (Feedback): Quagga not displaying status messages on 2.4-rel: It's working fine here. Are all of the daemons running?
Does running one of the status commands at the CLI work?
<... Jim Pingle
06:59 AM pfSense Packages Bug #7950 (Closed): Quagga not displaying status messages on 2.4-rel: See attached screenshot. Quagga is working but no status messages are displayed. Vladimir Lind
06:40 AM Bug #6860 (Feedback): Monitoring (RRD) graphs return "unknown" step value: PR has been merged Renato Botelho
06:20 AM pfSense Packages Bug #7935 (Feedback): FFR doesn't save prefix lists to bgpd.conf: PR has been merged Renato Botelho
06:00 AM Bug #7949 (Feedback): DHCP UEFI file name under pools are ignored: Applied in changeset commit:9d775c7500e1ba09417e106f2ddc81b2cc8e67dc. Renato Botelho
05:47 AM Bug #7949 (Resolved): DHCP UEFI file name under pools are ignored: DHCP Server has places to define 3 files for netboot (BIOS, UEFI 32 and UEFI 64). When these options are configured i... Renato Botelho

10/15/2017

11:54 PM Bug #7946: 2.4 Package Manager: Does Not List Installed Packages which have been removed from the repository.: Not a bug.
https://forum.pfsense.org/index.php?topic=133280.0 Kill Bill
07:09 PM Bug #7946 (Resolved): 2.4 Package Manager: Does Not List Installed Packages which have been removed from the repository.: Upon upgrading to pfSense 2.4, I was unable to perform the recommended approach to move from freeradius 2.x to 3.x be... Andrew Barnes
11:00 PM pfSense Packages Bug #7947 (Rejected): freeRadius 3 on pfSense 2.4 not work: Afrer upgrade pfsense to 2.4 and install freeradius v3 -- freeRadius not execute.... Konstantin Ab
05:13 PM Bug #6882: bsnmpd uses all available CPU with hostres module active in some cases: I don't see any mention about memory leaks here but this might be related.
https://forum.pfsense.org/index.php?topic... Brendon Baumgartner
10:41 AM Bug #6882: bsnmpd uses all available CPU with hostres module active in some cases: Just found this bug report after chasing down the issue on my office's pfsense install that was upgraded to 2.4.
I... Michael Knowles
05:11 PM pfSense Packages Feature #7945 (Resolved): NET-SNMP - Flooding log entries: Please make a better solution for the NET-SNMP logging. Currently it floods the Genereal Log Entries (System Logs / S... Nonada Nonadz
03:44 PM pfSense Packages Bug #7944 (Resolved): Bind XMLRPC Sync Error: After upgrading to pfsense 2.4.0 syncing Bind is not possible anymore. Each time I update the config I get the follow... Maximilian Sesterhenn
02:00 PM Feature #7943 (Resolved): Overflow scrolling for top navigation drop-down menus in Fixed mode: Some resolutions (16:9 on laptops) don't have the vertical height to display all drop down menu items on items such a... Ken Moini
01:30 PM Bug #7942: QinQ interfaces never show as active: ... Steve Wheeler
01:10 PM Bug #7942 (Resolved): QinQ interfaces never show as active: In a fresh 2.4 install QinQ interfaces always show in Status > Interfaces as down even when the parent interface show... Steve Wheeler
12:52 PM pfSense Packages Bug #7941 (Not a Bug): ntop-ng. Unable to reach web page: After installing and enabling ntop-ng with default settings in 2.4 it is not possible to reach the data display page ... Steve Wheeler
10:32 AM Bug #7937 (Assigned): FreeBSD 11 removed legacy ada aliases, some older installs will fail to mount root post-upgrade: The code itself appears to work but it doesn't get triggered unless you start to run the upgrade from the CLI, stop w... Jim Pingle
02:00 AM Revision c83649d3: Fix voucher test and expire pages. Fixes #7939: (cherry picked from commit 0b2d15478ee375c5bb9bde82ac493e1ea38d2eb6) Jim Pingle
02:00 AM Revision 0b2d1547: Fix voucher test and expire pages. Fixes #7939: Jim Pingle
01:40 AM Bug #7940 (Resolved): disabling LAGG causes system reboot on 2.4: It looks very similar to this - https://redmine.pfsense.org/issues/7119
When Lagg interface goes down:
<6>carp:... Vladimir Lind

10/14/2017

09:10 PM Bug #7939 (Feedback): Voucher test page produces no output: Applied in changeset commit:0b2d15478ee375c5bb9bde82ac493e1ea38d2eb6. Jim Pingle
08:58 PM Bug #7939: Voucher test page produces no output: Affects both status_captiveportal_test.php and status_captiveportal_expire.php Jim Pingle
08:50 PM Bug #7939 (Resolved): Voucher test page produces no output: The voucher test page does nothing when a value is submitted. Jim Pingle
07:39 PM Revision ed66d491: snmpd, hostres cpu usage on virtual environments that have a virtual cd drive seems to happen on most (all?) hypervisors.: Pi Ba
04:57 PM Feature #6754 (Duplicate): Use of aliases in OpenVPN configuration: Duplicate of #2668 Jim Pingle
03:50 PM Feature #6754: Use of aliases in OpenVPN configuration: Requested on forums also: https://forum.pfsense.org/index.php?topic=137852.0 robi robi
03:49 PM Feature #2668: Support aliases in OpenVPN local/remote/tunnel network fields: Requested on forums also: https://forum.pfsense.org/index.php?topic=137852.0 robi robi
03:38 PM Bug #6882: bsnmpd uses all available CPU with hostres module active in some cases: Judging by some responses on the forum it can also happen on bare metal, not just VMs. The exact conditions are uncle... Jim Pingle
02:44 PM Bug #6882: bsnmpd uses all available CPU with hostres module active in some cases: Please either fix the underlying issue if possible. Or at least commit this workaround that seems to be needed for mo... Pi Ba
11:20 AM pfSense Packages Bug #7932: 2.4.0 & Snort 3.2.9.5_1 Pass Lists: No, it's not directly a Snort issue. It appears to be something that was perhaps inadvertently introduced when the t... Bill Meeks
03:43 AM pfSense Packages Bug #7932: 2.4.0 & Snort 3.2.9.5_1 Pass Lists: Cheers guys, it does disapear after moving pfSense.mo pfSense.mo.old
So not a Snort issue then. Andy Kniveton
07:59 AM Revision 0c9a6bc3: Remove obsolete CLA information: https://www.netgate.com/blog/contributing-to-the-pfsense-project-gets-easier.html Doktor Notor
07:04 AM Bug #6223: IPsec + OpenBGPD fails with "PF_KEY socket: No buffer space available": Michael OBrien wrote:
> Is there a reason you're moving this to 2.4.2, or you just need confirmation that it's good ... Jim Pingle
02:54 AM Revision c5a33683: Accept 'IP/mask' notation in 'Set interface IP address' from initial menu, there is no need to force use to enter the netmask in a different input.: Luiz Souza
02:13 AM Revision d326425e: Break from the loop when we run out of interfaces in console 'Assign Interfaces'.: Luiz Souza
12:31 AM Revision 286cd231: Mount the disk (the root slice) as read-only before running the fsck in the preen mode.: This force the flush of all pending writes to disk and thus put the disk in a consistent state.
The second effect of... Luiz Souza

10/13/2017

09:52 PM Bug #6223: IPsec + OpenBGPD fails with "PF_KEY socket: No buffer space available": Jim Pingle wrote:
> FYI- FRR is now available for 2.4, 2.3.5 (snapshots), and 2.3.4 users. Internal tests show that ... Michael OBrien
03:42 PM Bug #6882: bsnmpd uses all available CPU with hostres module active in some cases: Looks Like KVM has the same issue btw. I am running 2.4.1-DEVELOPMENT (amd64)
built on Fri Oct 13 12:32:36 CDT 2017... Chris Stocker
09:32 AM Bug #6882: bsnmpd uses all available CPU with hostres module active in some cases: It looks like there is actually a patch for FreeBSD now which might help: https://bugs.freebsd.org/bugzilla/show_bug.... Jim Pingle
03:02 PM Bug #7931 (Duplicate): Error: SyntaxError: Unexpected token < in JSON at position 0: Jim Pingle
10:57 AM Bug #7931: Error: SyntaxError: Unexpected token < in JSON at position 0: This one is actually a duplicate of Bug #6748 and I'm still seeing this randomly. Kill Bill
02:30 PM pfSense Packages Bug #7932: 2.4.0 & Snort 3.2.9.5_1 Pass Lists: Bill Meeks wrote:
> Andy Kniveton wrote:
> UPDATE- an empty string is the cause, now to find out why ???
>
> Bi... Kill Bill
02:09 PM pfSense Packages Bug #7932: 2.4.0 & Snort 3.2.9.5_1 Pass Lists: Andy Kniveton wrote:
> Ah I don't have an Assigned Alias, so it displays the txt regardless of what ever the locale ... Bill Meeks
12:29 PM pfSense Packages Bug #7932: 2.4.0 & Snort 3.2.9.5_1 Pass Lists: Ah I don't have an Assigned Alias, so it displays the txt regardless of what ever the locale is set to.
Just creat... Andy Kniveton
12:22 PM pfSense Packages Bug #7932: 2.4.0 & Snort 3.2.9.5_1 Pass Lists: I've upgraded from 2.3.4-p1 to 2.4.0 and not changed the locale. it's using the default English I guess as I've not s... Andy Kniveton
10:23 AM pfSense Packages Bug #7932: 2.4.0 & Snort 3.2.9.5_1 Pass Lists: I am so far unable to reproduce this problem in my virtual machine test environment. What language/locale is your fi... Bill Meeks
09:46 AM pfSense Packages Bug #7932: 2.4.0 & Snort 3.2.9.5_1 Pass Lists: Thanks for the report. I will look into the problem.
Bill Bill Meeks
12:10 PM pfSense Packages Bug #7923: 502 Bad Gateway and unresponsive OS with 2.4: This is definitely due to a locking issue with file access in the index.php file for pfBlocker DNSBL. Not sure why it... Jim Pingle
10:50 AM Bug #7748: VLAN Priority: Hey, I'm one of those users thanks for putting this in the queue for 2.4.1.
I did a real quick tcpdump looking for... Oliver Palmer
09:35 AM Bug #7748: VLAN Priority: Apparently this negatively impacts users on Google Fiber
https://forum.pfsense.org/index.php?topic=137916.msg754579#... Jim Pingle
10:48 AM pfSense Packages Bug #7935: FFR doesn't save prefix lists to bgpd.conf: There is a pending PR for this, https://github.com/pfsense/FreeBSD-ports/pull/417
We'll be reviewing PRs shortly n... Jim Pingle
10:44 AM Bug #7937 (Feedback): FreeBSD 11 removed legacy ada aliases, some older installs will fail to mount root post-upgrade: pfSense-upgrade version 0.27_2 on 2.3.x and 0.34 on 2.4.x check for /dev/adN under /etc/fstab and call "/usr/local/sb... Renato Botelho
07:50 AM Bug #7937 (Resolved): FreeBSD 11 removed legacy ada aliases, some older installs will fail to mount root post-upgrade: Some upgrade attempts are failing to mount root after the kernel is upgraded to FreeBSD 11.x due to ada disk driver c... Jim Pingle
10:43 AM Todo #7938 (Feedback): Change pfSense-upgrade to use pkg-static instead of pkg: pfSense-upgrade version 0.27_2 on 2.3.x and 0.34 on 2.4.x are changed Renato Botelho
09:16 AM Todo #7938 (Resolved): Change pfSense-upgrade to use pkg-static instead of pkg: pfSense-upgrade should use pkg-static internally, rather than pkg, to avoid issues with major version upgrades, poten... Jim Pingle
10:37 AM Feature #1557: Add the Interface descriptions to the OS interface descriptions: Hi there,
This would be a great feature for those who use Zabbix or similar.
Thanks
Gareth Gareth Hay
09:12 AM Bug #7928: LAGG interfaces lose MAC address: Can confirm, this is new behavior and I am able to duplicate it per Steve's steps at a client site. The secondary fir... Arthur Brownlee IV
08:50 AM Bug #7925: VT race condition panic at boot on ESXi 6.5.0U1 and FreeBSD 11.1 base: For reference, at least one person appears to have encountered it on ESX 5.5 as well, though the majority of users ar... Jim Pingle
07:07 AM Bug #7936 (Confirmed): bridge network interface does not support altq on 2.4.0-RELEASE: I thought we had another entry for bridge already but today I don't see it. So I reopened this and changed the subjec... Jim Pingle
03:00 AM Bug #7916: There were error(s) loading the rules: pfctl: ix0: driver does not support altq - The line in question reads [0]: | Intel X520-DA2: Same problem on 2.4.0! Roman Fidi
01:22 AM Bug #4310: Limiters + HA results in hangs on secondary: Sander Naudts wrote:
> Why not change target version to 2.9.9... sorry just little frustrating that this doesn't get... Lars Jorgensen

10/12/2017

11:42 PM Bug #6882: bsnmpd uses all available CPU with hostres module active in some cases: It should be noted that when upgrading, if the host resources MIB was already selected BEFORE the upgrade, it will re... Stéphane Lapie
09:51 PM Bug #7936: bridge network interface does not support altq on 2.4.0-RELEASE: That is true, but all interfaces assigned to bridge0 are igbx, will retest tomorrow John Schneider
09:13 PM Bug #7936 (Rejected): bridge network interface does not support altq on 2.4.0-RELEASE: bridge0 is not igbX. Jim Pingle
09:07 PM Bug #7936 (Resolved): bridge network interface does not support altq on 2.4.0-RELEASE: The bridge interface is currently not being built with altq support enabled. This leads to a situation where the user... John Schneider
07:28 PM pfSense Packages Bug #7935 (Resolved): FFR doesn't save prefix lists to bgpd.conf: Prefix lists referenced in route-maps or directly do not work with bgp when created using the webui. Have to copy the... Louis McLennan
05:47 PM Bug #7925: VT race condition panic at boot on ESXi 6.5.0U1 and FreeBSD 11.1 base: For information, the same problem occurs in Workstation 12.5.7 (build 5813279), vm hardware version 11.
It happened ... Gianluca Toso
09:18 AM Bug #7925: VT race condition panic at boot on ESXi 6.5.0U1 and FreeBSD 11.1 base: For anyone experiencing this crash in the meantime, adding @kern.vty=sc@ to @/boot/loader.conf.local@ is confirmed to... Jim Pingle
04:38 PM Feature #7934: format support phone# for international use: Assigned to sdavis. This is a server-side issue Anonymous
04:10 PM Feature #7934 (New): format support phone# for international use: In the new 2.4.0 release, the Netgate Services and Support dashboard gadget shows the phone# to call. (Good idea, bt... Adam Thompson
03:00 PM Revision 855aab21: Merge branch 'master' into add-cloudns-to-dynamicdns: Wagner Sartori Junior
02:47 PM Feature #7643: Send notification when boot completed: I also think that would be very useful function. Luca Moncelli
02:26 PM Bug #7933: There were error(s) loading the rules: pfctl: vtnet0: driver does not support altq - The line in question reads [0]:: Doesn't make a difference, still the same bug on the same version. If it was closed, you might have a point but it's ... Jim Pingle
02:23 PM Bug #7933: There were error(s) loading the rules: pfctl: vtnet0: driver does not support altq - The line in question reads [0]:: Maybe, but the bugs remains on release 2.4.0-RELEASE (amd64), that was for 2.4 BETA and 2.4 RC. Albert Lightware
02:18 PM Bug #7933 (Duplicate): There were error(s) loading the rules: pfctl: vtnet0: driver does not support altq - The line in question reads [0]:: Duplicate of #7594 Jim Pingle
02:03 PM Bug #7933: There were error(s) loading the rules: pfctl: vtnet0: driver does not support altq - The line in question reads [0]:: To let you now my configuration was working nice on 2.3.4-RELEASE-p1 Albert Lightware
02:01 PM Bug #7933 (Duplicate): There were error(s) loading the rules: pfctl: vtnet0: driver does not support altq - The line in question reads [0]:: After a clean installation to have zfs filesystem, I restored my configuration, and there is no internet connection c... Albert Lightware
02:19 PM Bug #4479: Firewall rules won't match GRE interface after applying IPSEC transport encryption on GRE tunnel: Michael OBrien wrote:
> Any chance 2.4.0, with the FreeBSD 11.1 ipsec changes, may resolve this?
Just loaded up 2... Michael OBrien
12:03 PM pfSense Packages Bug #7932: 2.4.0 & Snort 3.2.9.5_1 Pass Lists: https://forum.pfsense.org/index.php?topic=137921.0 Andy Kniveton
12:02 PM pfSense Packages Bug #7932: 2.4.0 & Snort 3.2.9.5_1 Pass Lists: Please also post that in the IDS/IPS board of the forum so the package maintainer has a higher chance of seeing it:
... Jim Pingle
11:53 AM pfSense Packages Bug #7932 (Resolved): 2.4.0 & Snort 3.2.9.5_1 Pass Lists: The following appears under Assigned Alias header :-
Project-Id-Version: PACKAGE VERSION Report-Msgid-Bugs-To: POT... Andy Kniveton
11:48 AM Bug #7931 (Not a Bug): Error: SyntaxError: Unexpected token < in JSON at position 0: Most likely it was old/cached data in your browser and the refresh let it pick up new copies. We have added some prot... Jim Pingle
11:46 AM Bug #7931: Error: SyntaxError: Unexpected token < in JSON at position 0: After a refresh the error is gone btw Christian M.
11:44 AM Bug #7931 (Duplicate): Error: SyntaxError: Unexpected token < in JSON at position 0: After Upgrading to 2.4.0 this error is shown in the Traffic Graph Widget on the Dashboard
@Error: SyntaxError: Une... Christian M.
11:15 AM Feature #7930 (Rejected): Upgrade notification: Sending an e-mail notification for that from the firewall itself isn't really a good idea. There are many other ways ... Jim Pingle
11:13 AM Feature #7930 (Rejected): Upgrade notification: It would be nice if there was some sort of alerting or notification when pfSense has a new upgrade available (via ema... Joshua Craft
10:55 AM Bug #4310: Limiters + HA results in hangs on secondary: We expected to have more time before 2.4.1 but we need to have it out in a week or so, there isn't time to get to thi... Jim Pingle
10:53 AM Bug #4310: Limiters + HA results in hangs on secondary: Why not change target version to 2.9.9... sorry just little frustrating that this doesn't get fixed. Sander Naudts
10:36 AM Feature #7926: limit clog -f look-back size: You'd be surprised, there are a number of them out there on CF, USB sticks and the like, and some of them have opted ... Jim Pingle
10:33 AM Feature #7926: limit clog -f look-back size: Thanks, Jim. That would be a perfectly acceptable solution, with a whole bunch of side benefits.
Especially since I... Adam Thompson
10:28 AM Bug #7786: traffic shaping queue on WAN wont allow total of all child to be 100%: i think this requires some php code changes only as the web gui doesnt allow, the shaper itself is fine with it when ... Bipin Chandra
09:46 AM Bug #7786: traffic shaping queue on WAN wont allow total of all child to be 100%: Moving target to 2.4.2 as we need 2.4.1 sooner than anticipated. Jim Pingle
10:23 AM Bug #7474 (Resolved): Problems adding gateway from interface edit: Jim Pingle
10:09 AM Bug #4031: Notifications mail bomb in some gateway failure circumstances: Moving target to 2.4.2 as we need 2.4.1 sooner than anticipated. Jim Pingle
10:02 AM Bug #6420 (Resolved): Monitoring graphs last sample being zero: Jim Pingle
10:01 AM Feature #7823: Pull request: Add support for dynamic DNS provider ClouDNS: conflict is fixed. Wagner Sartori Junior
09:46 AM Feature #7823: Pull request: Add support for dynamic DNS provider ClouDNS: The PR has conflicts that need resolved.
Moving target to 2.4.2 as we need 2.4.1 sooner than anticipated. Jim Pingle
09:55 AM Bug #7079: ClamAV C-ICAP causing Kernel Panic and System Crash: This should be re-tested on 2.4.0-RELEASE, the newer FreeBSD 11.1 base has a patch for that crash, I believe. Also it... Jim Pingle
09:52 AM Bug #7213 (Feedback): Hyper-V install, no disk found: Please retry this on 2.4.0-RELEASE which uses a FreeBSD 11.1 base and it has several fixes for Hyper-V. Jim Pingle
09:51 AM Bug #7412: rtsold will not run on VLAN interfaces: Moving target to 2.4.2 as we need 2.4.1 sooner than anticipated. Jim Pingle
09:51 AM Bug #7413: status_dhcpv6_leases.php: Some DHCPv6 leases are not displayed in the GUI: Moving target to 2.4.2 as we need 2.4.1 sooner than anticipated. Jim Pingle
09:51 AM Bug #7425: dhclient not sending option 77: Moving target to 2.4.2 as we need 2.4.1 sooner than anticipated. Jim Pingle
09:49 AM Bug #7439: IKE_SA (IKEv2) does not rekey on break before make startegy, just issues IKE_DELETE and connection is closed: There is a new version of strongSwan on 2.4.0-RELEASE, please make this is still happening there.
Moving target to 2... Jim Pingle
09:48 AM Feature #7467: Add iPhone/Android/Generic USB tethering support: Moving target to 2.4.2 as we need 2.4.1 sooner than anticipated. Jim Pingle
09:48 AM Bug #7469: local_sync_accounts() slowness can trigger GUI/XMLRPC failures with many accounts: Moving target to 2.4.2 as we need 2.4.1 sooner than anticipated. Jim Pingle
09:47 AM Bug #7480: pkg framework - textarea on rowhelperfield errors: Moving target to 2.4.2 as we need 2.4.1 sooner than anticipated. Jim Pingle
09:47 AM Bug #7481: pkg-framework - rowhelper ignores <advancedfield/>: Moving target to 2.4.2 as we need 2.4.1 sooner than anticipated. Jim Pingle
09:47 AM Bug #7532: SG-1000 autonegotiation 10baseT speed and duplex: Moving target to 2.4.2 as we need 2.4.1 sooner than anticipated. Jim Pingle
09:47 AM Bug #7605: State Killing on Gateway Success: Moving target to 2.4.2 as we need 2.4.1 sooner than anticipated. Jim Pingle
09:47 AM Feature #7623: Allow L2TP user passwords to contain special characters: Moving target to 2.4.2 as we need 2.4.1 sooner than anticipated. Jim Pingle
09:46 AM Bug #7714: NTP Widget Time Display: Moving target to 2.4.2 as we need 2.4.1 sooner than anticipated. Jim Pingle
09:46 AM Todo #7762: Add uid check to pfSense-upgrade and exit unless it is run as uid=0: Moving target to 2.4.2 as we need 2.4.1 sooner than anticipated. Jim Pingle
09:46 AM Bug #7774: No TCP Reply State Established on GRE in IPsec Transport: Moving target to 2.4.2 as we need 2.4.1 sooner than anticipated. Jim Pingle
09:46 AM Bug #7801: UDP fragments received over IPsec tunnel are not properly reassembled and forwarded: Moving target to 2.4.2 as we need 2.4.1 sooner than anticipated. Jim Pingle
09:46 AM Bug #7856: IPsec status does not show all connected mobile clients: Moving target to 2.4.2 as we need 2.4.1 sooner than anticipated. Jim Pingle
09:46 AM Feature #7882: Seperator feature in DHCP Static mapping for this feature: Moving target to 2.4.2 as we need 2.4.1 sooner than anticipated. Jim Pingle
09:46 AM Bug #7885: Cert. Manager should validate EKUs on importing a certificate authority: Moving target to 2.4.2 as we need 2.4.1 sooner than anticipated. Jim Pingle
09:46 AM Bug #7905: OpenVPN Authentication Against Backend Stalls All Server Traffic: Moving target to 2.4.2 as we need 2.4.1 sooner than anticipated. Jim Pingle
06:31 AM Feature #7321 (Resolved): DynDNS - Add DreamHost DNS support: Renato Botelho
01:43 AM Bug #7929 (Resolved): IPSec CA certificate name corrupt if multiple RDNs of the same type are in subject name: When the CA certificate subject is converted to OSF style, but multiple RDN components of the same type are in the su... Daniel Sands

10/11/2017

07:27 PM Feature #7321: DynDNS - Add DreamHost DNS support: OK - I do see that it made it into the 2.4.0 Git branch. I didn't see it listed at https://redmine.pfsense.org/versi... Frank Gruman
06:08 PM Bug #7928 (Resolved): LAGG interfaces lose MAC address: LAGG interfaces lose their MAC address, normally inherited from the first member, if all links are disconnected and t... Steve Wheeler
03:03 PM Bug #7927 (Closed): (filterdns), uid 0: exited on signal 11 (core dumped): #Problem:
With 2.4, and also with 2.4.1, I am seeing frequent error messages
> kernel: pid 12918 (filterdns),... Chase Turner
02:21 PM Bug #7015: IPsec not working behind NAT: The problem I reported above occurs when the Phase 2 IPv6 Tunnel "Local Network" is set to "LAN subnet", and therefor... David Myers
12:57 PM Feature #7926: limit clog -f look-back size: The way clog reads the records it has to figure out where the start is and then unwind it from there, so it doesn't e... Jim Pingle
12:47 PM Feature #7926: limit clog -f look-back size: FWIW, I'm thinking of "tail -f"'s behaviour, where it only tail's the last ~10 lines (I think most implementations de... Adam Thompson
12:44 PM Feature #7926 (Closed): limit clog -f look-back size: I've configured the system log files to be substantially larger than normal, in order to get some reasonable retentio... Adam Thompson
12:51 PM Bug #7925 (Feedback): VT race condition panic at boot on ESXi 6.5.0U1 and FreeBSD 11.1 base: The fix is already merge and will be available on next snapshot. Luiz Souza
09:21 AM Bug #7925 (Resolved): VT race condition panic at boot on ESXi 6.5.0U1 and FreeBSD 11.1 base: Some users occasionally encounter a panic during OS hardware detection on 2.4 running under ESXi 6.5.0 U1 (Build 6765... Jim Pingle
12:24 PM pfSense Packages Bug #7923: 502 Bad Gateway and unresponsive OS with 2.4: If it's happening on 2.4.0 and started around that time, it's likely related to the FreeBSD 11.1 change and not the I... Jim Pingle
10:53 AM pfSense Packages Bug #7923: 502 Bad Gateway and unresponsive OS with 2.4: Jim Pingle wrote:
> The affected code was on 2.4.0 for a couple days but is no longer there now. Current 2.4.0-RC sn... Chad Brandenburg
10:35 AM pfSense Packages Bug #7923: 502 Bad Gateway and unresponsive OS with 2.4: The affected code was on 2.4.0 for a couple days but is no longer there now. Current 2.4.0-RC snapshots and the actua... Jim Pingle
10:28 AM pfSense Packages Bug #7923: 502 Bad Gateway and unresponsive OS with 2.4: Jim Pingle wrote:
> At the moment, the only change in 2.4.1 that isn't in 2.4.0 that might be relevant is #7856
>
... Chad Brandenburg
07:13 AM pfSense Packages Bug #7923: 502 Bad Gateway and unresponsive OS with 2.4: At the moment, the only change in 2.4.1 that isn't in 2.4.0 that might be relevant is #7856
And since we already k... Jim Pingle
06:21 AM pfSense Packages Bug #7923 (Resolved): 502 Bad Gateway and unresponsive OS with 2.4: Multiple users complaining that following the infamous 502 Bad Gateway, they eventually are unable to do anything wit... Kill Bill
08:36 AM Bug #7924 (Rejected): DHCP Server fails to start after updating to 2.4.0.r.20171009.1758: You must have upgraded to a snapshot that was broken before that one. You'll need to fix your local installation manu... Jim Pingle
08:29 AM Bug #7924 (Rejected): DHCP Server fails to start after updating to 2.4.0.r.20171009.1758: After upgrading to 2.4.0.r.20171009.1758, the DHCP server fails with the following error message:
Can't attach int... Jeff Wischkaemper
07:17 AM Bug #7856 (Assigned): IPsec status does not show all connected mobile clients: It looks like this change caused a regression, see #7923
Also one person on the forum reported that the status bre... Jim Pingle
02:21 AM Bug #7272: 6rd not functioning on 2.4.0-BETA: I can confirm that my issue has been fixed (Altibox Norway ISP). Thank you very much! Paal Andreas Lindsetmo
12:41 AM Revision 8239af2d: xmlrpc, webgui, prevent that a xmlrpc.lock is placed that is never unlocked, thus hanging php and the webgui after a few more sync request are trying to acquire the lock and all are waiting..: Pi Ba

10/10/2017

06:36 PM Feature #7922 (New): Add the option to select the ISP IPv6 Delegated Prefix as a destination in firewall rules: It would be useful to have the option to use the ISP delegated prefix (/48, /56, etc) from DHCPv6-PD as a destination... Scott D
06:13 PM Bug #7921: Reset All States on WAN IP Change does not stay unchecked when disabled in GUI: Current Base System 2.4.0.r.20171009.1800 Paighton Bisconer
06:12 PM Bug #7921 (Resolved): Reset All States on WAN IP Change does not stay unchecked when disabled in GUI: Under System > Advanced > Networking, the new option to reset all sates when a WAN IP changes does not stay unchecked... Paighton Bisconer
10:55 AM Revision 4183c042: Add new repos to lead users to 2.4.0 on amd64: Renato Botelho
10:50 AM Revision de2312f5: Welcome 2.4.0-RELEASE again. This time based on FreeBSD 11.1: Renato Botelho
10:47 AM Revision 9615f091: Update translation files: Renato Botelho
10:47 AM Revision 8a5ca070: Regenerate pot: Renato Botelho
10:40 AM Revision 2448d0fc: Update translation files: Renato Botelho
10:36 AM Revision ac9e9abb: Regenerate pot: Renato Botelho
07:17 AM Revision 10085279: Add filtering to pfTop page: → luckman212
05:22 AM Bug #7779: Traffic crossing a site-to-site OpenVPN tunnel fails to fragment.: We were able to disprove the situation with OpenVPN disabled. The initial description still holds. Steve Wheeler
05:15 AM Bug #7920 (Not a Bug): Logos Missing and wrong size: Renato Botelho
03:20 AM Bug #7920: Logos Missing and wrong size: Resolved
Browser cache... duh! Martin Wasley
02:43 AM Bug #7920: Logos Missing and wrong size: Forgot to add this is on 2.4.1.a.20171009.1853 Martin Wasley
02:42 AM Bug #7920 (Not a Bug): Logos Missing and wrong size: pfSense logo is the wrong size on the login screen, appears far too large. It's missing completely from the other pag... Martin Wasley
04:15 AM Bug #7841: CARP Sync Issue - when no internet on standby: Hi Jim,
I had the same issue when using a PfSense cluster with CARP with a /32 Public IP Allocation. I think lot o... Yann Tintignac

10/09/2017

10:51 PM Revision fd47fb02: Remove old custom logos: Renato Botelho
10:51 PM Revision 06a1b081: Remove old custom logos: Renato Botelho
10:43 PM Revision f9a6637a: Use include() to add logo content and use complete path: Renato Botelho
10:43 PM Revision fe8922b8: Use include() to add logo content and use complete path: Renato Botelho
10:36 PM Revision 4c072afb: update NYI logos: Jared Dillard
10:36 PM Revision 6244dca8: update svg logos to pull from file: Jared Dillard
08:55 PM Revision f2fd97c8: update NYI logos: Jared Dillard
08:46 PM Revision 9ae8ade5: update svg logos to pull from file: Jared Dillard
08:38 PM Revision 71e01ef0: Update obsoleted files list for 2.4: Renato Botelho
08:38 PM Revision f0d9e40e: Update obsoleted files list for 2.4: Renato Botelho
08:05 PM Revision 32fb158e: Custom logo is a svg and a css files now: Renato Botelho
08:05 PM Revision c8735982: Custom logo is a svg and a css files now: Renato Botelho
06:56 PM Revision e3acd13d: Do not reset SKIP_FINAL_RSYNC, it can make things to go to undesired place: Renato Botelho
06:56 PM Revision d01d2e79: Do not reset SKIP_FINAL_RSYNC, it can make things to go to undesired place: Renato Botelho
06:56 PM Revision 6c6c5b31: Do not reset SKIP_FINAL_RSYNC, it can make things to go to undesired place: Renato Botelho
06:56 PM Revision f19faa6d: Do not reset SKIP_FINAL_RSYNC, it can make things to go to undesired place: Renato Botelho
03:17 PM Revision 2d32e50b: Disable ARJ option: Renato Botelho
03:17 PM Revision 45b84395: Disable ARJ option: Renato Botelho
01:47 PM Bug #7919 (Resolved): Logging not working: Luiz pushed some fixes to clog to correct this, next new snapshot we're testing internally is good. Jim Pingle
10:55 AM Bug #7919: Logging not working: https://forum.pfsense.org/index.php?topic=137672.msg752928#msg752928
Kill Bill
08:40 AM Bug #7919: Logging not working: It's also possible syslogd is writing bad data to the file which breaks the clog format, so maybe the syslogd clog pa... Jim Pingle
08:38 AM Bug #7919 (Confirmed): Logging not working: It looks like clog is failing to recognize its own file header somehow.... Jim Pingle
08:36 AM Bug #7919 (Resolved): Logging not working: On new installs logging is failing with:... Steve Wheeler
12:49 PM Bug #4479: Firewall rules won't match GRE interface after applying IPSEC transport encryption on GRE tunnel: Any chance 2.4.0, with the FreeBSD 11.1 ipsec changes, may resolve this? Michael OBrien
11:39 AM Bug #7907: Cannot edit IPv4 and IPv6 Local Networks after tunnel creation: You can open a new bug report for that with an appropriate title/description, rather than re-using this one which was... Jim Pingle
10:30 AM Revision 39d413fa: Remove grub2-bhyve for now: Renato Botelho
10:30 AM Revision 07998395: Remove grub2-bhyve for now: Renato Botelho
09:38 AM Bug #7015: IPsec not working behind NAT: I’m still seeing problems with IPv6 tunneling over an IPv4 IPsec connection, but the symptoms are different from what... David Myers
04:07 AM Bug #7917: GUI shows "There are no packages currently installed" when repos are unreachable: Stephane Debreuil wrote:
> Same issue. It appears after upgrade to 2.4.0.r.20171007.0850 (from 2.4.0.r.20171004.xxxx... Kill Bill
01:57 AM Bug #7917: GUI shows "There are no packages currently installed" when repos are unreachable: Same issue. It appears after upgrade to 2.4.0.r.20171007.0850 (from 2.4.0.r.20171004.xxxx).
S. Debreuil
03:32 AM Bug #7918 (Not a Bug): Nightly error reloading rules: A while ago, I started getting the same notice in my logs every night at the same time. Most of my external servers r... Michael Lustfield

10/08/2017

11:14 PM Bug #7907: Cannot edit IPv4 and IPv6 Local Networks after tunnel creation: I figured out what the issue is. When "redirect gateway" option is checked the fields for local networks are hidden,... John Silva
06:44 PM Revision 75cc9f81: Remove grub2-bhyve for now: Renato Botelho
06:44 PM Revision 9ce60a31: Remove grub2-bhyve for now: Renato Botelho
05:33 PM Bug #6852: Commit 8f86722 breaks DHCPv6 leases status page: Duplicate of Bug #7413 Kill Bill
04:59 PM Bug #7917 (Resolved): GUI shows "There are no packages currently installed" when repos are unreachable: !https://image.prntscr.com/image/O75ZDOwbT8KKiypUxRhaWQ.png!... Kill Bill
03:36 PM Bug #7413: status_dhcpv6_leases.php: Some DHCPv6 leases are not displayed in the GUI: Jim Pingle wrote:
> I agree, but last I looked OMAPI didn't quite do everything we need. ... That may have changed ... Kill Bill
02:17 PM Bug #7413: status_dhcpv6_leases.php: Some DHCPv6 leases are not displayed in the GUI: I agree, but last I looked OMAPI didn't quite do everything we need, plus it required making a program in C to interf... Jim Pingle
02:04 PM Bug #7413: status_dhcpv6_leases.php: Some DHCPv6 leases are not displayed in the GUI: Am I the only one thinking that this absolutely unreadable regex madness needs to go to /dev/null and ISC DHCP server... Kill Bill
10:54 AM Feature #7814: Unbound serve-expired please add to GU as tickbox: yeah I should have updated, martin did the work. Chris Collins
05:45 AM Feature #7814: Unbound serve-expired please add to GU as tickbox: https://github.com/pfsense/pfsense/pull/3817
Kill Bill
10:44 AM Feature #7321: DynDNS - Add DreamHost DNS support: Frank Gruman wrote:
> I'm pretty interested in finally seeing this delivered. The pull request was accepted into ma... Kill Bill
08:36 AM Bug #6420: Monitoring graphs last sample being zero: Been fixed with https://github.com/pfsense/FreeBSD-ports/commit/5b20ed3661e6dc6d8b8d3c78aab5784556cc0dc3 almost a yea... Kill Bill
05:15 AM Bug #6848: Do not create an IPv4/6 gateway for an interface without according IPv4/6 address: Related forum discussion and PR:
https://forum.pfsense.org/index.php?topic=137317.0
https://github.com/pfsense/pfse... Kill Bill
04:55 AM Bug #6860: Monitoring (RRD) graphs return "unknown" step value: Jared Dillard wrote:
> Needs step 1800 added: https://forum.pfsense.org/index.php?topic=117036.msg695224#msg695224
... Kill Bill

10/04/2017

01:49 PM Todo #7911: Suricata missing dropsid sample file in SID Mgmt: Dan Collins wrote:
> Try a fresh install and none of the sample files are there.
That did not work, they are stil... Kill Bill
01:21 PM Todo #7911: Suricata missing dropsid sample file in SID Mgmt: Try a fresh install and none of the sample files are there. Dan Collins
01:13 PM Todo #7911 (Rejected): Suricata missing dropsid sample file in SID Mgmt: Jim Pingle
01:11 PM Todo #7911: Suricata missing dropsid sample file in SID Mgmt: Not really.
!https://image.prntscr.com/image/3cJ2VqXiSTmxQxOSiBZEDw.png!
Please post to the forums until you ha... Kill Bill
11:56 AM Todo #7911 (Rejected): Suricata missing dropsid sample file in SID Mgmt: Suricata - sample dropsid_sample.conf file no longer included in SID Mgmt files. Dan Collins
11:52 AM Feature #7910 (Duplicate): Notification GUI: I would like to see a GUI showing a list of alerts and the ability to turn them on/off from sending email. Dan Collins
10:15 AM Bug #7629 (Resolved): FreeBSD PR affecting pfsense: Moving target to 2.4.0 as this appears to be fixed by FreeBSD 11.1, which is now used by 2.4.0 Jim Pingle
10:10 AM Bug #7839: IPv6 ICMPv6 Type 3 Code 0 (hop limit exceeded in transit) reply uses wrong address.: Moving target to 2.4.0 as this appears to be fixed by FreeBSD 11.1, which is now used by 2.4.0 Jim Pingle
07:53 AM Bug #7825: missing "BACKUP" in CARP status with IPv6: I just tried this again and the procedure you list still doesn't result in the same outcome here. Try it again on 2.4... Jim Pingle
07:52 AM Bug #7909 (Duplicate): XMLRPC: missing "BACKUP" in CARP status with IPv6: Duplicate of #7825
Don't open a duplicate bug, the other one is still open, just in a feedback state. Jim Pingle
01:45 AM Bug #7909 (Duplicate): XMLRPC: missing "BACKUP" in CARP status with IPv6: Hi everyone,
as i am not able to reopen the ticket #7825 -- here we go again ;)
The descriptive text ("BACKUP") n... Helge Wiethoff

10/03/2017

10:49 PM Revision 807160e9: VirtualIP, FIX, VIPs should have a <uniqueid> property inside the config.xml, however if they are added as 'proxy-arp' or 'other' and then modified to ipalias or carp, the uniqueid stays empty.: Pi Ba
06:49 PM Feature #7904: Automatic Bandwidth Limiter on Dummynet: Thanks Jim(s) ;)
A bounty has been created for this project to be completed and submitted to be added to pfSense. ... duev s
06:23 PM Revision 962faafa: Make devel repo point to 2.4.0 as well: Renato Botelho
03:35 PM Revision c604b571: Fix PPP log reference in status.php: (cherry picked from commit 35e5c404ef0d03d40eeac7f5a33f43da0d3ac6fc)
(cherry picked from commit 69ed1107fac3c256695d9... Jim Pingle
03:35 PM Revision e9ec739b: Fix PPP log reference in status.php: (cherry picked from commit 35e5c404ef0d03d40eeac7f5a33f43da0d3ac6fc)
(cherry picked from commit 69ed1107fac3c256695d9... Jim Pingle
03:35 PM Revision 69ed1107: Fix PPP log reference in status.php: (cherry picked from commit 35e5c404ef0d03d40eeac7f5a33f43da0d3ac6fc) Jim Pingle
03:34 PM Revision 35e5c404: Fix PPP log reference in status.php: Jim Pingle
09:23 AM Bug #7908: "Kill filtered states" button has no effect: Yes, unless you are killing states from a serial or VGA console, your own IP address will always show up as you're co... Jim Pingle
09:20 AM Bug #7908: "Kill filtered states" button has no effect: Erm, eh... you'll need to NOT refresh... like, you are recreating those states when you refresh the page. Kill Bill
09:06 AM Bug #7908: "Kill filtered states" button has no effect: There is my own IP address in the box.
Effectively, if I specify another IP address, it works. But not with my own. Alban Cousinié
08:46 AM Bug #7908 (Rejected): "Kill filtered states" button has no effect: What exactly did you have in the box? It only kills properly if you enter an IP address or subnet. The description ma... Jim Pingle
08:35 AM Bug #7908 (Rejected): "Kill filtered states" button has no effect: In pfsense 2.4.0-RC, when I attempt to kill states using the "Kill filtered states" button in the Diagnostics / State... Alban Cousinié

10/02/2017

11:13 PM Revision 28837c4d: Fix path: Renato Botelho
11:12 PM Revision f2daa63c: Fix path: Renato Botelho
07:11 PM Revision 3d90abca: Revert "Welcome pfSense 2.4.0-RELEASE": This reverts commit b6d433fdfc25b404693b85e9086d716db7d76460. Renato Botelho
07:05 PM Revision 388b6303: Revert "Add new repos to lead users to 2.4.0 on amd64": This reverts commit 42eecfeff0f6c1326a7dd7669cb48a7eccead0a6. Renato Botelho
04:52 PM Revision 42eecfef: Add new repos to lead users to 2.4.0 on amd64: Renato Botelho
12:27 PM Bug #7907 (Not a Bug): Cannot edit IPv4 and IPv6 Local Networks after tunnel creation: I can't reproduce anything like that here. The fields show up when editing existing tunnels that can push. Perhaps th... Jim Pingle
11:57 AM Bug #7907 (Not a Bug): Cannot edit IPv4 and IPv6 Local Networks after tunnel creation: IPv4 and IPv6 Local Networks may be specified when tunnel is created but is not exposed when editing existing tunnel ... John Silva
10:26 AM Bug #7754 (Not a Bug): Cannot access "WebCfg - OpenVPN: Client Export Utility" without also granting access to "WebCfg - OpenVPN: Servers": It's working as designed. The export package has no menu entry, so they can't see any menu entry for it.
Users wil... Jim Pingle
10:25 AM Bug #7754: Cannot access "WebCfg - OpenVPN: Client Export Utility" without also granting access to "WebCfg - OpenVPN: Servers": tqwqllrm tqwqllrm wrote:
> I tried to create a local group for admins with limited access and I only want that group... tqwqllrm tqwqllrm
08:15 AM Bug #7906: Dashboard Version Info Inconsistency: I'll post on the forum then, but it's still a bug, if perhaps one of a different color: the GUI System Update reporte... Jeff Morris
08:08 AM Bug #7906 (Not a Bug): Dashboard Version Info Inconsistency: Some component failed in your upgrade. Please post on the forum, mailing list, or reddit and someone can help you get... Jim Pingle
08:07 AM Bug #7906: Dashboard Version Info Inconsistency: Apologies, please disregard my original dashboard screenshot, I unintentionally captured it while it was still displa... Jeff Morris
08:04 AM Bug #7906 (Not a Bug): Dashboard Version Info Inconsistency: I was previously running pfSense-CE-2.3.3-RELEASE-4g-i386-nanobsd and used System Update from the GUI to upgrade to 2... Jeff Morris
07:59 AM Bug #7905: OpenVPN Authentication Against Backend Stalls All Server Traffic: Looks like it's a known issue with the nature of auth-user-pass-verify that OpenVPN does not plan to address: https:/... Jim Pingle
03:54 AM pfSense Packages Feature #7895: Add a script for CARP monitoring to NRPE: Little fix, the current plugin did not set the return code upon exiting. Stéphane Lapie

10/01/2017

05:29 PM Feature #7904 (Needs Patch): Automatic Bandwidth Limiter on Dummynet: It's possible in some specific circumstances, but I don't see one of those being a way that would work properly with ... Jim Pingle
12:00 PM Feature #7904: Automatic Bandwidth Limiter on Dummynet: Thanks Jim!
I really think this would be a highlight feature for pfSense.
It would be very effective traffic ... duev s
11:22 AM Feature #7904: Automatic Bandwidth Limiter on Dummynet: Actually, it seems completely possible. Van Jacobson’s “pathchar” showed so 20 years ago.
https://www.caida.org/t... Jim Thompson
11:03 AM Feature #7904: Automatic Bandwidth Limiter on Dummynet: The idea isn't to use a speedtest.net to monitor actual bandwidth, but to monitor ping latency to see if the dummynet... duev s
10:49 AM Feature #7904 (Rejected): Automatic Bandwidth Limiter on Dummynet: It's not possible. The firewall has no way to determine the actual circuit speed, it must be set manually. A speed te... Jim Pingle
09:33 AM Feature #7904 (Needs Patch): Automatic Bandwidth Limiter on Dummynet: Add an automatic bandwidth limiter to pfSense that dynamically limits Down and Up speeds on WAN based on latency in o... duev s
04:13 PM Bug #7905 (Resolved): OpenVPN Authentication Against Backend Stalls All Server Traffic: When authenticating an OpenVPN Remote Access server against an authentication backend such as RADIUS, all traffic on ... Chris Linstruth

09/30/2017

10:53 AM pfSense Packages Feature #7903 (New): Duo ssh package: When trying to compile the Duo ssh package I get errors. After fixing these, I cannot get the sshd configs to stick o... Jaosn Beitler
08:23 AM Feature #7881: OpenVPN client - add support for multiple server entries: Brendon Baumgartner wrote:
> I think to implement this is by setting the server to Other towards the top and leaving... Jim Pingle
02:00 AM Feature #7881: OpenVPN client - add support for multiple server entries: I think to implement this is by setting the server to Other towards the top and leaving the field blank. Then using t... Brendon Baumgartner
04:45 AM pfSense Packages Bug #6129: zabbix agent/proxy 2.4 not ported to pfSense 2.3: Brendon Baumgartner wrote:
> Zabbix proxies have to match the version of the Zabbix server so just supporting LTS he... Pim Janssen
02:02 AM pfSense Packages Bug #6129: zabbix agent/proxy 2.4 not ported to pfSense 2.3: Zabbix agents can be any version.
Zabbix proxies have to match the version of the Zabbix server so just supporting... Brendon Baumgartner

09/29/2017

09:44 PM Revision b7a91a4d: Fix path: Renato Botelho
09:43 PM Revision e3998059: Fix path: Renato Botelho
07:44 PM Revision 433a54ed: Send RELEASE to internal server: Renato Botelho
07:44 PM Revision 6a3df338: Send RELEASE to internal server: Renato Botelho
05:51 PM Revision b6d433fd: Welcome pfSense 2.4.0-RELEASE: Renato Botelho
02:15 PM pfSense Packages Feature #7902 (New): allow vpn client export of other to be a blank field: Under: OpenVPN -> Client Export -> Host Name Resolution -> Other
The Host Name field that appears requires a valu... Brendon Baumgartner
11:51 AM pfSense Packages Bug #7729 (Resolved): pfBlockerNG orders NAT licked rules to the bottom of firewall rules: Jim Pingle
11:34 AM pfSense Packages Bug #7729: pfBlockerNG orders NAT licked rules to the bottom of firewall rules: Merged and fixed since 2.1.1_9 Kill Bill
10:12 AM Bug #4723 (Resolved): Can't forward UDP fragmented packets with scrubbing enabled.: Thanks! Renato Botelho
09:57 AM Bug #4723: Can't forward UDP fragmented packets with scrubbing enabled.: I made the lab in order to reproduce the issue. But could not reproduce one.
I tried to use 2KB frames, and the fram... Constantine Kormashev
10:04 AM pfSense Packages Bug #7893: Kernel Panic Suricata Inline: Additional warning text has been added to the Group Help displayed in the Blocking Mode section of the INTERFACE SETT... Bill Meeks
10:01 AM Bug #7592 (Resolved): SG-1000: Unbound not always restarting properly after changes in /etc/hosts: Anonymous
06:28 AM Bug #7592: SG-1000: Unbound not always restarting properly after changes in /etc/hosts: I found there are error messages in logs, but I can see unbound works fine on latest FW on sg1000
Error messages a... Constantine Kormashev
10:00 AM Bug #7889: The dropdown tabs replacement fallback needs to be limited to certain pages: Pull requests have been submitted for removing the use of the <no_drop_down> tag on the SYNC tab in both the Snort an... Bill Meeks
08:57 AM Bug #7901 (Rejected): Cannot Import Valid SSL Certificate with Private Key: That message means the public key on the certificate does not match the public key stored with the private key. Post ... Jim Pingle
08:41 AM Bug #7901 (Rejected): Cannot Import Valid SSL Certificate with Private Key: I have a wildcard SSL certificate from a vendor using my own private key. This wildcard SSL certificate was successfu... Jarrad S
08:28 AM Bug #7900 (Not a Bug): DynamicDNS Amazon Route53 Not Working: Jim Pingle
06:39 AM Bug #7900: DynamicDNS Amazon Route53 Not Working: It looks like the settings for the HostZonedID input were changed (previously needed to specify a region and hosted z... George 77
06:15 AM Bug #7900 (Not a Bug): DynamicDNS Amazon Route53 Not Working: DynamicDNS Provider Route53 is not updating. Despite the failure, the error detection code doesn't catch that a failu... George 77
07:06 AM Bug #7272 (Resolved): 6rd not functioning on 2.4.0-BETA: Looks like the main problem here is fixed. If any specific problem is found, please open a new ticket with details Renato Botelho
07:05 AM Bug #7719 (Resolved): Dynamic DNS updates not working on interface failover: Works Renato Botelho
07:05 AM Bug #7750 (Resolved): unbound refuses ipv6 queries after reboot: Works Renato Botelho

09/28/2017

04:54 PM Revision de5c66b5: Add copyright notice to dashboard page (but only once per upgrade): (cherry picked from commit f3c5f4c57362a893868976054c00dd7d9f37e721) Steve Beaver
04:38 PM Revision c731797d: Set kern.cam.boot_delay=10000 on target systems installed using memstick or ISO: Renato Botelho
04:38 PM Revision 286ec1c7: Set kern.cam.boot_delay=10000 on target systems installed using memstick or ISO: Renato Botelho
02:28 PM Revision c56630d7: Increase reserved space for loader/boot to 128Kb to make 8Gb disk size to fit: Renato Botelho
02:28 PM Revision 1b30618f: Default config packages need to have vital flag set too: Renato Botelho
02:27 PM Revision 0968ca43: Increase reserved space for loader/boot to 128Kb to make 8Gb disk size to fit: Renato Botelho
01:31 PM Revision 401e2ac7: Remove no-op code: See https://redmine.pfsense.org/issues/7889 for related discussion Doktor Notor
01:26 PM Revision cbbb8fdb: Remove no-op code: See https://redmine.pfsense.org/issues/7889 for related discussion Doktor Notor
12:49 PM Revision 5f63cb40: Fixed #7889: Increase max number of characters allowed in a tab array to 256 to prevent automatic conversion to pull-down Steve Beaver
09:16 AM Bug #7899: a floating 'match' rule on LAN does not put traffic from a broswer on a clientpc into a shaper queue: Note, I was using PRIQ. Kristopher Kolpin
09:16 AM Bug #7899 (New): a floating 'match' rule on LAN does not put traffic from a broswer on a clientpc into a shaper queue: Seeing bug 7116 (https://redmine.pfsense.org/issues/7116) again with squid and any other traffic originating from the... Kristopher Kolpin
09:13 AM Bug #7116: a floating 'match' rule on LAN does not put traffic from a broswer on a clientpc into a shaper queue: Seeing bug 7116 again with squid and any other traffic originating from the firewall. Cannot place it into any kind ... Kristopher Kolpin
09:13 AM Bug #7272 (Feedback): 6rd not functioning on 2.4.0-BETA: We will keep an eye on this issue, for now it seems to be working.
Thanks everybody. Luiz Souza
08:32 AM Bug #7889: The dropdown tabs replacement fallback needs to be limited to certain pages: Steve Beaver wrote:
> Yes; it should be nuked. I'd like to wait until after the 2.4 release before doing that, howev... Kill Bill
08:22 AM Bug #7889 (Resolved): The dropdown tabs replacement fallback needs to be limited to certain pages: Anonymous
08:22 AM Bug #7889: The dropdown tabs replacement fallback needs to be limited to certain pages: Yes; it should be nuked. I'd like to wait until after the 2.4 release before doing that, however. Anonymous
08:18 AM Bug #7889: The dropdown tabs replacement fallback needs to be limited to certain pages: That works (for the pkg.php/pkg_edit.php as well) provided the limit stays high-enough.
Should the no-op no_drop_... Kill Bill
08:00 AM Bug #7889 (Feedback): The dropdown tabs replacement fallback needs to be limited to certain pages: Applied in changeset commit:5f63cb40ca75f055f85427e78d9e2348b65b05c4. Anonymous
07:17 AM Bug #7898: PFsense 2.4 RC 9/28/17 update - Traffic Shaper HFSC Priority field missing: It was removed deliberately as a part of PR https://github.com/pfsense/pfsense/pull/3795 but in #1994 luiz says HFSC ... Jim Pingle
05:05 AM Bug #7898: PFsense 2.4 RC 9/28/17 update - Traffic Shaper HFSC Priority field missing: thats because HFSC doesnt use priorities Bipin Chandra
07:09 AM pfSense Packages Bug #7716 (Resolved): Suricata - Barnyard2 webui configuration updates result in base64-encoded value written to the config for the password: Jim Pingle
03:21 AM pfSense Packages Bug #7716: Suricata - Barnyard2 webui configuration updates result in base64-encoded value written to the config for the password: Fixed. Kill Bill
07:09 AM pfSense Packages Bug #7756 (Resolved): suricata suricata_check_dir_size_limit() needs to be improved: Jim Pingle
03:21 AM pfSense Packages Bug #7756: suricata suricata_check_dir_size_limit() needs to be improved: Fixed. Kill Bill
07:08 AM pfSense Packages Bug #7578 (Resolved): Suricata -- Removing Hosts from Block Table via Alerts: Jim Pingle
03:13 AM pfSense Packages Bug #7578: Suricata -- Removing Hosts from Block Table via Alerts: Fixed. Kill Bill
07:08 AM pfSense Packages Bug #5996 (Closed): Snort service does not start back after rules update: Jim Pingle
02:49 AM pfSense Packages Bug #5996: Snort service does not start back after rules update: Certainly not a general issue plus insufficient info here to identify any bug. Kill Bill
06:29 AM pfSense Packages Bug #7736: Crahs with Quagga OSPF and the latest 2.4 Beta: bump Jim Thompson
06:29 AM pfSense Packages Bug #6456 (Not a Bug): vm-bhyve not correctly detecting the modules in kernel: Jim Thompson
03:30 AM pfSense Packages Bug #6456: vm-bhyve not correctly detecting the modules in kernel: As noted above, long fixed. Kill Bill
05:50 AM Feature #7888: Add a button in package manager GUI to upgrade all packages: And on that note, one to remove them all would help as well. Kill Bill

09/27/2017

11:52 PM Bug #7898 (Closed): PFsense 2.4 RC 9/28/17 update - Traffic Shaper HFSC Priority field missing: See attached screenshot of HFSC shaper parent and qInternet Child which i already setup traffic shaper on 2.3 when i ... Pushapraj Bhamra
08:06 PM Revision f3c5f4c5: Add copyright notice to dashboard page (but only once per upgrade): Steve Beaver
06:32 PM Bug #7272: 6rd not functioning on 2.4.0-BETA: this time around it took a bit for it to come up, but it did....
[2.4.1-DEVELOPMENT][ler@home-fw.lerctr.org]/tmp: ... Larry Rosenman
05:55 PM Bug #7272: 6rd not functioning on 2.4.0-BETA: I can also confirm that it works with the current release (2.4.0.r.20170927.1221).
Only difference (when it comes to... Morten Freberg
03:21 PM Bug #7272: 6rd not functioning on 2.4.0-BETA: DHCP / WAN (passthrough from my NVG-599).
It's consistently (at least now) getting a route by default (I've moved... Larry Rosenman
03:16 PM Bug #7272: 6rd not functioning on 2.4.0-BETA: The only way I found to reproduce this problem (no default gateway at boot) was using DHCP on WAN and I intentionally... Luiz Souza
05:08 PM Bug #7846 (Duplicate): Hyper-v vm traffic shaper error: hn0: driver does not support altq: Jim Pingle
04:01 PM Bug #7846: Hyper-v vm traffic shaper error: hn0: driver does not support altq: Duplicate of Bug #7869 and fixed. Kill Bill
05:08 PM pfSense Packages Bug #7850 (Resolved): Include file containing XML_RPC_encode() missing from snort: Jim Pingle
03:53 PM pfSense Packages Bug #7850: Include file containing XML_RPC_encode() missing from snort: Fixed. Kill Bill
05:08 PM Bug #7839 (Resolved): IPv6 ICMPv6 Type 3 Code 0 (hop limit exceeded in transit) reply uses wrong address.: Jim Pingle
04:50 PM Bug #7839: IPv6 ICMPv6 Type 3 Code 0 (hop limit exceeded in transit) reply uses wrong address.: Fixed in 2.4.1 Kill Bill
01:15 PM pfSense Packages Feature #6022: Consider MLVPN for bonded VPN: Has there been any traction with this? I have been looking for something like this too. I'll add to the kitty for t... Mike T
12:04 PM Feature #7897 (Rejected): User Dashboard: Nothing will be available without logging in. That is not a secure means of accomplishing that goal. You can make res... Jim Pingle
11:54 AM Feature #7897: User Dashboard: This could be useful for Diags on remote sites that users can check.
Also for putting on a Plasma/Monitor on the ... Philip Hadfield
11:50 AM Feature #7897 (Rejected): User Dashboard: Having a Dashboard that can show stats without logging in.
Traffic, Link status, EG all the widgets without any of... Philip Hadfield
10:13 AM Bug #7763 (Resolved): IX driver - fails to recognize media type with SFP after link drop: Closing this issue as the driver is working as intended.
The media options will not be detected until you restart ... Luiz Souza
09:28 AM Bug #7896 (Resolved): picture_widget.php: Hi everyone,
First of all, thanks a bunch for such an effort you put on developing this awesome application. While... Valentin Bajrami
07:59 AM Bug #6499: pf fragment states not purged: The specific bug on this ticket is fixed on version 2.3.2 and later. Your system may legitimately have a lot of fragm... Jim Pingle
07:56 AM Bug #6499: pf fragment states not purged: Chris Buechler wrote:
> fixed
Every so often I am seeing "[zone: pf frag entries] PF frag entries limit reached" ... Hillie Sample
05:16 AM pfSense Packages Feature #7895 (Resolved): Add a script for CARP monitoring to NRPE: I have deployed several CARP clusters at work, but I realized there is no real good way to monitor CARP status :
* S... Stéphane Lapie
01:12 AM pfSense Packages Bug #7893: Kernel Panic Suricata Inline: The “generic_XXXXXX” in one of your screenshots shows you’re not running s netmap-capable NIC. (You’re getting the e... Jim Thompson

09/26/2017

10:45 PM Bug #7894 (Not a Bug): Open VPN not redirecting traffic over tunnel. Remote IPV6 shows as public IP when "Force all client generated traffic through the tunnel." option is enabled and all IPV6 through pfsense is blocked: Yeah that would have to be on the client side. It might even be using its own IPv6 tunneling protocol like Teredo Jim Pingle
10:10 PM Bug #7894: Open VPN not redirecting traffic over tunnel. Remote IPV6 shows as public IP when "Force all client generated traffic through the tunnel." option is enabled and all IPV6 through pfsense is blocked: So after a bit more trouble shooting, I am leaning against this being a bug in PfSense and possibly in my linux build... Shawn Moss
09:51 PM Bug #7894 (Not a Bug): Open VPN not redirecting traffic over tunnel. Remote IPV6 shows as public IP when "Force all client generated traffic through the tunnel." option is enabled and all IPV6 through pfsense is blocked: Hello All,
I just updated to the newest dev build and connected to it remotely and had a shocking supprise. For... Shawn Moss
06:41 PM Revision d47d9b28: Default config packages need to have vital flag set too: Renato Botelho
06:30 PM pfSense Packages Bug #7893: Kernel Panic Suricata Inline: Thanks for the info, you guys might want to get the package maintainer to put some info under the inline selection, i... Ken Sim
06:22 PM pfSense Packages Bug #7893 (Needs Patch): Kernel Panic Suricata Inline: Inline/Netmap is known to have issues with certain hardware (real or virtual). It's still somewhat of an experimental... Jim Pingle
06:12 PM pfSense Packages Bug #7893: Kernel Panic Suricata Inline: I rebooted the VM a few times, and it appears to have stopped it's panic reboot cycle. When I went in to view Suricat... Ken Sim
06:01 PM pfSense Packages Bug #7893 (Needs Patch): Kernel Panic Suricata Inline: I have been playing around with the 2.4.0/1 snapshots, and have found that when Suricata is enabled with inline block... Ken Sim
06:00 PM Revision 7d368325: Mark some core packages as vital: Renato Botelho
06:00 PM Revision 99db0fa7: Mark some core packages as vital: Renato Botelho
03:06 PM Revision d3fda40d: Detect XG-1537: Renato Botelho
03:06 PM Revision 53476cfb: Detect XG-1537: Renato Botelho
03:06 PM Revision e4f613db: Detect XG-1537: Renato Botelho
03:06 PM Revision 90c5e3a9: Detect XG-1537: Renato Botelho
01:55 PM Bug #7889: The dropdown tabs replacement fallback needs to be limited to certain pages: Found it. Had to go back and think about it a minute. It's in the pkg_edit.php file in this code near the bottom of... Bill Meeks
10:20 AM Bug #7889: The dropdown tabs replacement fallback needs to be limited to certain pages: Which line are the comments on? I don't see any. Anonymous
01:41 PM Bug #7763: IX driver - fails to recognize media type with SFP after link drop: The actual bug reported in this ticket is already fixed.
There was a bug in the driver that would fail to add the ... Luiz Souza
11:40 AM Bug #7763 (Assigned): IX driver - fails to recognize media type with SFP after link drop: Renato Botelho
10:28 AM Bug #7763: IX driver - fails to recognize media type with SFP after link drop: Loaded the latest snapshot from today on a XG-2758. The interface media type displayed properly:
ix0: flags=8843<UP,... Clinton Cory
12:15 PM Bug #7606: Using limiters and VLANs on Supermicro Xeon D boards crashes with kernel panic: For now it appears my issue has been resolved on 2.4.0.r.20170926.1006.
Side note though, floating rule still does... putzomatic none
08:51 AM Bug #7877 (Resolved): Crash when enabling traffic shaper on more than 1 port: People on forum report it's fixed Renato Botelho
08:49 AM Bug #3710 (Resolved): Adding static DHCP leases doesn't cause BIND zones to update: Renato Botelho
08:48 AM Bug #7869 (Resolved): Hyper-v vm traffic shaper error: hn0: driver does not support altq: Renato Botelho
02:56 AM Bug #7869: Hyper-v vm traffic shaper error: hn0: driver does not support altq: Solved! Works for me, thanks! Nadav Rak
08:47 AM Bug #7879 (Resolved): traffic shaper crashes with hfsc_dequeue: Renato Botelho

09/25/2017

08:40 PM Bug #7889: The dropdown tabs replacement fallback needs to be limited to certain pages: Thanks Bill. I will try to determine why that change was made. Anonymous
08:09 PM Bug #7889: The dropdown tabs replacement fallback needs to be limited to certain pages: To add another note to the conversation. There is a parameter in the _display_top_tabs()_ function that is supposed ... Bill Meeks
05:32 PM Bug #7879: traffic shaper crashes with hfsc_dequeue: After initial testing with and pushing some traffic through my queue's which seemed like a sure way to crash it befor... Pi Ba
03:17 PM Bug #7879 (Feedback): traffic shaper crashes with hfsc_dequeue: Found and fixed, a new commit was made to address this issue.
Please test again on the next snapshot.
Thanks! Luiz Souza
03:18 PM Bug #7877 (Feedback): Crash when enabling traffic shaper on more than 1 port: (duplicate from #7879): Found and fixed, a new commit was made to address this issue.
Please test again on the nex... Luiz Souza
01:44 PM Bug #7833: ipfw will not limit download speed - captiveportal: Works here as well. Thanks. Kill Bill
11:35 AM Bug #7833 (Resolved): ipfw will not limit download speed - captiveportal: Renato Botelho
11:18 AM Bug #7833: ipfw will not limit download speed - captiveportal: Confirmed, this looks fixed.
I see limiters created and traffic going into them both up and down:... Steve Wheeler
09:46 AM Bug #7833: ipfw will not limit download speed - captiveportal: [2.4.1-DEVELOPMENT][admin@pf6.localdomain]/root: ipfw table all list
--- table(cp_ifaces), set(0) ---
vmx1 2100 147... Vladimir Lind
09:42 AM Bug #7833: ipfw will not limit download speed - captiveportal: Renato Botelho wrote:
> Kill Bill wrote:
> > This got reverted yet again. Sigh.
>
> Yes, because kernel was fixe... Kill Bill
08:57 AM Bug #7833: ipfw will not limit download speed - captiveportal: Kill Bill wrote:
> This got reverted yet again. Sigh.
Yes, because kernel was fixed. Renato Botelho
12:41 PM Bug #7819: php-fpm crashing: The problem stated on this ticket is resolved. If you still have an issue, it's something different. Just because you... Jim Pingle
12:24 PM Bug #7819: php-fpm crashing: I am still getting 502 Bad Gateway every day, so bad its about once an hour.. Here is what I can get when its locked ... Chad Brandenburg
11:36 AM Bug #7813: Missing download statistics on captive portal with MAC filtering enabled: Confirmed:... Steve Wheeler
10:29 AM Bug #7813 (Resolved): Missing download statistics on captive portal with MAC filtering enabled: Renato Botelho
10:07 AM Bug #7813: Missing download statistics on captive portal with MAC filtering enabled: 2.4.1-DEVELOPMENT (amd64)
built on Sun Sep 24 21:37:23 CDT 2017
With enabled MAC filtering:
--- table(teaget... Vladimir Lind
11:25 AM Bug #7834: Disabling captiveportal will not flush the ipfw pipes: Confirmed dynamic Limiters are removed as expected:... Steve Wheeler
10:29 AM Bug #7834 (Resolved): Disabling captiveportal will not flush the ipfw pipes: Renato Botelho
09:56 AM Bug #7834: Disabling captiveportal will not flush the ipfw pipes: Looks good after disabling CP:
[2.4.1-DEVELOPMENT][admin@pf6.localdomain]/root: ipfw table all list ; echo ; ipfw ... Vladimir Lind
11:22 AM Bug #7807: sg-1000 random reboot when traffic shaping enabled: ok ill try to get crash log again, on apu2 it crashes as soon as u enable shaping on more than 1 interface and on sg-... Bipin Chandra
10:54 AM Bug #7807 (Duplicate): sg-1000 random reboot when traffic shaping enabled: Neither of those logs contain useful information, the most important parts are before those logs start. If you captur... Jim Pingle
10:37 AM Bug #7807: sg-1000 random reboot when traffic shaping enabled: crash log attached Bipin Chandra
08:57 AM pfSense Packages Bug #7891 (Rejected): (suricata), uid 0: exited on signal 11 (core dumped) latest 2.4.0-RC: This does not appear to be a general issue with suricata, but may be specific to your configuration or installation. ... Jim Pingle
06:27 AM Feature #4242: Two Factor or OTP Authentication for Admin Interface: This feature will be really helpful to meet the specifications from the PCI-DSS / ISO27001 or another security certs. Florent A
03:12 AM Revision ce6d6fdb: Tiny typo: Just removed an extra `'.'` → luckman212

09/24/2017

10:11 PM Bug #7763 (Feedback): IX driver - fails to recognize media type with SFP after link drop: Seems like you have found a real bug in the driver.
It is fixed in pfSense 2.4-RC, please try the next snapshot.
... Luiz Souza
09:06 PM pfSense Packages Bug #7891: (suricata), uid 0: exited on signal 11 (core dumped) latest 2.4.0-RC: Did a fresh reinstall and restored the backup and still got same issue. rub man
04:20 PM pfSense Packages Bug #7891: (suricata), uid 0: exited on signal 11 (core dumped) latest 2.4.0-RC: I found the core dump file.
I couldn't upload the .core file here as it is huge...
so I upload it to my dropbox:
... rub man
03:49 PM pfSense Packages Bug #7891 (Rejected): (suricata), uid 0: exited on signal 11 (core dumped) latest 2.4.0-RC: Hi,
Just upgraded from latest stable to next major version 2.4.0-RC today via gui.
Only major problem I have is s... rub man
04:50 PM Bug #7892 (Closed): AutoConfigBackup status reported incorrectly: Around 12PM Central time (9/24/17), AutoConfigBackup showed some alerts about unsuccessfully backing up the config.
... Anonymous
12:30 PM Bug #7879: traffic shaper crashes with hfsc_dequeue: I tried 2.4.1 with 'em' E1000 nics on ESXi.. that crashes to..
Version 2.4.1-DEVELOPMENT (amd64)
built on Sat Sep ... Pi Ba
06:53 AM Bug #7272: 6rd not functioning on 2.4.0-BETA: Larry Rosenman wrote:
> with the current code a straight reboot has the IPv6 default installed.
>
> However, on ... Jim Thompson
06:47 AM Bug #7272: 6rd not functioning on 2.4.0-BETA: with the current code a straight reboot has the IPv6 default installed.
However, on the upgrade to this code did ... Larry Rosenman
06:38 AM Bug #7272: 6rd not functioning on 2.4.0-BETA: Well I'm just saying that the results of your testing appear to be completely random and unrelated to any versions. H... Kill Bill
06:30 AM Bug #7272: 6rd not functioning on 2.4.0-BETA: just reporting what I'm seeing. I update to each RC and when I get IPv6 default route working I post, and when I see... Larry Rosenman
06:27 AM Bug #7272: 6rd not functioning on 2.4.0-BETA: Larry Rosenman wrote:
> Broke again at:
> 2.4.0-RC (amd64)
> built on Sat Sep 23 22:28:05 CDT 2017
> FreeBSD 11... Kill Bill
06:14 AM Bug #7272: 6rd not functioning on 2.4.0-BETA: Broke again at:
2.4.0-RC (amd64)
built on Sat Sep 23 22:28:05 CDT 2017
FreeBSD 11.0-RELEASE-p12 Larry Rosenman
04:36 AM Bug #7833: ipfw will not limit download speed - captiveportal: This got reverted yet again. Sigh. Kill Bill
01:02 AM Bug #6911: no network on hyperv-v 2012 R1: resolved in 2.4.1 Dmitry Ivanov

09/23/2017

11:12 PM Feature #7890: Support for Intel/AMD CPU microcode updates: https://github.com/pfsense/pfsense/pull/3828 for sysutils/devcpu-data and the kernel bits. Adding the GUI toggle to b... Kill Bill
11:08 PM Feature #7890 (Rejected): Support for Intel/AMD CPU microcode updates: It'd be useful to include support for Intel/AMD CPU microcode updates.
https://www.freebsd.org/doc/en/books/faq/co... Kill Bill
11:58 AM Bug #7594: "vtnet: driver does not support altq" following upgrade to 2.4 (worked in pfSense 2.3): What are the chances of getting this fixed for 2.4-RELEASE? Similar bugs (https://redmine.pfsense.org/issues/7869) s... John Silva
09:49 AM Bug #7272: 6rd not functioning on 2.4.0-BETA: And it works again at:
2.4.0-RC (amd64)
built on Fri Sep 22 20:41:05 CDT 2017
FreeBSD 11.0-RELEASE-p12 Larry Rosenman
09:27 AM Feature #7847: USB NIC not loading (TP-Link UE300 RTL8153): J L wrote:
> can this be considered as a request to have this automated ?
Stick it as earlyshellcmd to Shellcmd p... Kill Bill
05:58 AM Bug #7889 (Resolved): The dropdown tabs replacement fallback needs to be limited to certain pages: AFAICT, this was designed to aid systems with lots of interfaces, and intended for places such as Firewall - Rules. I... Kill Bill

09/22/2017

08:53 PM Bug #7272: 6rd not functioning on 2.4.0-BETA: And it *BROKE* again on:
2.4.0-RC (amd64)
built on Fri Sep 22 11:35:27 CDT 2017
FreeBSD 11.0-RELEASE-p12 Larry Rosenman
04:02 PM Revision 27d1807a: Don't call widget callback function if no data is returned: (cherry picked from commit 89d83febe6bf0fd63ec72d53eb8e524a8d19994e) Steve Beaver
04:01 PM Revision 89d83feb: Don't call widget callback function if no data is returned: Steve Beaver
03:59 PM Revision 352f422c: Dashboard refresh system should not call the widget callback function if no data was returned: (cherry picked from commit 7a8131028874b334e43b5e7dcf894a86481543c6) Steve Beaver
03:57 PM Revision 7a813102: Dashboard refresh system should not call the widget callback function if no data was returned: Steve Beaver
02:43 PM Bug #7865 (Resolved): User groups -> Assigned Privileges doesn't work: Fixed Jim Pingle
01:53 PM Revision 97c69e81: Revert "Do not associate IP and MAC on down table. It should help #7813 and #7833": This reverts commit 0116f1c9bbf1a532fdd49c346c41b761c1e59d93. Luiz Souza
01:52 PM Revision bd068df3: Revert "Do not associate IP and MAC on down table. It should help #7813 and #7833": This reverts commit aa61ecfde0952ed1c3a035ac9489f5a5f9c51425. Luiz Souza
12:44 PM Feature #7847 (Needs Patch): USB NIC not loading (TP-Link UE300 RTL8153): Jim Pingle
12:44 PM pfSense Packages Bug #7278 (Resolved): Suricata Service - Advanced Configuration Pass-Through not working: Jim Pingle
11:53 AM Feature #7888 (New): Add a button in package manager GUI to upgrade all packages: Dunno, am I'm the only one who's missing this? Kill Bill
11:37 AM Bug #7869 (Feedback): Hyper-v vm traffic shaper error: hn0: driver does not support altq: There is a new knob to enable the support and now it is enabled by default in pfSense.
Will be available on the ne... Luiz Souza
01:37 AM Bug #7813 (Feedback): Missing download statistics on captive portal with MAC filtering enabled: Fixed. Please try the next snapshot (will be available on tomorrow's snapshot). Luiz Souza
01:36 AM Bug #7833 (Feedback): ipfw will not limit download speed - captiveportal: Fixed. Please try the next snapshot (will be available on tomorrow's snapshot). Luiz Souza
12:12 AM Feature #4796: Support Multiple FIBs in pfSense: I just stumbled upon a case where it would be nice to have the webConfigurator in a separate FIB, because of routing ... Stéphane Lapie

09/21/2017

07:45 PM Revision 603be247: Remove erroneous additional text.: AdamD
06:10 PM Revision 0116f1c9: Do not associate IP and MAC on down table. It should help #7813 and #7833: Renato Botelho
06:10 PM Revision aa61ecfd: Do not associate IP and MAC on down table. It should help #7813 and #7833: Renato Botelho
06:08 PM Revision a6f8dd7a: Revert "Update translation files": Bad commit log
This reverts commit ff8d44d194b6a5ada8fcd2aafe8c7ec358a7adae. Renato Botelho
06:05 PM Revision ff8d44d1: Update translation files: Renato Botelho
05:24 PM Bug #7887 (Not a Bug): User permissions do not protect firewall rules: It is working as designed. If you have permissions for a page, you can do anything on that page. The "Edit" page edit... Jim Pingle
05:10 PM Bug #7887: User permissions do not protect firewall rules: Michael Newton wrote:
> Javascript should have no bearing on it, since the permissions (should) get checked on the s... Kill Bill
05:04 PM Bug #7887: User permissions do not protect firewall rules: Kill Bill wrote:
> Michael Newton wrote:
> > 6. Right click on Save button, inspect in browser's tools and remove "... Michael Newton
04:55 PM Bug #7887: User permissions do not protect firewall rules: Michael Newton wrote:
> 6. Right click on Save button, inspect in browser's tools and remove "disabled" attribute
... Kill Bill
04:30 PM Bug #7887 (Not a Bug): User permissions do not protect firewall rules: User permissions have only cosmetic effect on the firewall page, if any, and are trivially easy to bypass.
Steps t... Michael Newton
05:02 PM Revision 575bc378: Update translation files: Renato Botelho
05:02 PM Revision f9cc13d0: Regenerate pot: Renato Botelho
04:27 PM Revision 1144e24c: Fixed #7856: Steve Beaver
02:23 PM Revision 0266efa6: Unbound - allow snoop from localhost: dig +trace fails without this, which is super annoying for debugging/diagnostics/benchmarking or whatever similar pur... Doktor Notor
12:57 PM Revision 1841c040: Update translation files: Renato Botelho
12:57 PM Revision 58a62782: Regenerate pot: Renato Botelho
12:37 PM Bug #7886: PRIQ, priority of 0 cannot be saved in GUI, GUI attempts to save a 0 value but actually ends up storing it as the default of 1: I also noticed that if you reorder and change the names of the priorities, and you have P2P catch-all set (default qu... jake xanaro
12:34 PM Bug #7886 (Resolved): PRIQ, priority of 0 cannot be saved in GUI, GUI attempts to save a 0 value but actually ends up storing it as the default of 1: PRIQ, priority of 0 cannot be saved in GUI, GUI attempts to save a 0 value but actually ends up storing it as the def... jake xanaro
12:06 PM Bug #7885 (Resolved): Cert. Manager should validate EKUs on importing a certificate authority: Currently, you can import any certificate as a CA, even ones that are actually unusable as a CA. Subsequently, you ca... Kill Bill
11:40 AM Bug #7856 (Feedback): IPsec status does not show all connected mobile clients: Applied in changeset commit:1144e24cabeda458b266b9874b827746f4c0f8a0. Anonymous
11:20 AM Bug #4723: Can't forward UDP fragmented packets with scrubbing enabled.: I am no longer able to troubleshoot this issue, I switched over to IPSec to resolve my SIP/UPD issue. I was working ... ryon m
11:13 AM Bug #7884 (Confirmed): Unbound refusing non-recursive/iterative queries even from localhost: PR looks good and the change lets @dig +trace@ and @drill -T@ work locally. Jim Pingle
09:42 AM Bug #7884 (Resolved): Unbound refusing non-recursive/iterative queries even from localhost: This is so much secure that it's annoying and getting in the way of normal work for not exactly any good reason.
<... Kill Bill
11:08 AM Bug #7500 (Resolved): Upgrade From 2.3.3_p1 to 2.4 Fails (libssl.so.8 not found): Jim Pingle
10:57 AM Bug #7500: Upgrade From 2.3.3_p1 to 2.4 Fails (libssl.so.8 not found): I'm no longer seeing this error on recent upgrades, please close the ticket.
For documentation, the following co... ryon m
07:45 AM Bug #7883 (Not a Bug): Aliases can only be deleted by some users: Most likely they had the 'deny config write' privilege which will do exactly this, and it's expected. On 2.4 it will ... Jim Pingle
04:25 AM Bug #7883: Aliases can only be deleted by some users: So, new insights (and the bug in that form can be closed):
- alias generation was not automatic but user triggered
... Felix Wolfsteller
03:57 AM Bug #7883 (Not a Bug): Aliases can only be deleted by some users: We have following setup:
- pfsense 2.3.4-RELEASE-p1
- one default admin user
- one user with all privileges assign... Felix Wolfsteller
05:45 AM Revision 316af8dc: Update misleading help text: Commit d57725aac5145b4f17097d61e3b5a6ca72f1754e updated the help text
to use LDAP search filter syntax. This is misle... AdamD
02:39 AM Feature #7882 (Rejected): Seperator feature in DHCP Static mapping for this feature: Under Firewall -> Rules you have the possibility to seperate the rules with a seperator, this is a nice feature and i... Arian olde Kalter

09/20/2017

02:54 PM Bug #7819 (Resolved): php-fpm crashing: This looks good with 0.50, it no longer crashes on either system I could reproduce the crash on originally. Jim Pingle
01:55 PM Bug #7819 (Feedback): php-fpm crashing: php56-pfSense-module version 0.50 should fix this Renato Botelho
02:37 PM Revision 2f4685ca: Merge branch 'master' of gitlab.netgate.com:pfsense/pfsense: Steve Beaver
02:35 PM Bug #7878 (Resolved): GUI lag in Edit Phase 1 ipsec: This works now for Chrome on OS X. Jim Pingle
02:32 PM pfSense Packages Bug #7876 (Resolved): Potential XSS in status_monitoring.php: Confirmed fixed on the latest snapshot. Jim Pingle
02:30 PM Bug #7864 (Resolved): OpenVPN (tun/tap) is not showing: This works now. The wizard is now correctly populating the appropriate variables for the VPN. Jim Pingle
12:28 PM Bug #7880: 504 Gateway Time-out: Yes, because the certificate verification and authentication is handled in PHP. If you have more questions, please po... Jim Pingle
12:24 PM Bug #7880: 504 Gateway Time-out: is there any reason vpn server not accepting incoming vpn connections? Nikos Kastanas
08:01 AM Bug #7880 (Not a Bug): 504 Gateway Time-out: If a command never terminates, it will run until something stops it (e.g. PHP execution timeout).
There is no way ... Jim Pingle
04:08 AM Bug #7880: 504 Gateway Time-out: Yeah nothing happens because the command will never return. It will keep pinging forever. PEBKAC. Kill Bill
03:18 AM Bug #7880 (Not a Bug): 504 Gateway Time-out: it is checked on different hardware with the same pfsense version 2.3.4-RELEASE-p1.
If try to run a command (eg ping... Nikos Kastanas
10:32 AM Feature #1205 (Closed): VPN: User-based / Group-based firewall rules: This has been in place since pfSense 2.1. It uses the same syntax as cisco inacl/outacl, for example "permit tcp from... Jim Pingle
10:07 AM Feature #1205: VPN: User-based / Group-based firewall rules: Ermal Luçi wrote:
> The user based rules are supported if they come from radius.
>
> Locally to pfSense they stil... Adrien Carlyle
09:46 AM Feature #6457: Allow ability to configure AWS EC2 AMI via userdata: Internal redmine ticket related to one of the user data options:
https://redmine.netgate.com/issues/162 Clinton Cory
06:51 AM Feature #7881 (New): OpenVPN client - add support for multiple server entries: OpenVPN in client mode supports multiple "remote" directives, these can be used for redundancy, if the first server f... robi robi
05:05 AM Bug #6406: Web process becomes unresponsive producing 502 Bad Gateway nginx: Chris Collins wrote:
> As an experiment I manually adjusted the php-fpm server configuration so there is more childr... Kill Bill
04:18 AM Bug #7813: Missing download statistics on captive portal with MAC filtering enabled: See Bug #7833 and kindly re-instate the AWOL fix. Kill Bill

09/19/2017

09:38 PM Revision 72d2dbdf: Only run swapon and rc.savecore when the SWAPDEVICE is valid.: (cherry picked from commit d988e0bbf991e28c611b194e9e6ccd99f818209b) Luiz Souza
09:38 PM Revision d988e0bb: Only run swapon and rc.savecore when the SWAPDEVICE is valid.: Luiz Souza
07:59 PM Revision 7e0b401d: Include boot/modules and also kernel.debug in kernel-debug package: Renato Botelho
07:58 PM Revision fd349773: Include boot/modules and also kernel.debug in kernel-debug package: Renato Botelho
07:41 PM Bug #7272: 6rd not functioning on 2.4.0-BETA: upgraded today to:
2.4.0-RC (amd64)
built on Tue Sep 19 18:30:48 CDT 2017
FreeBSD 11.0-RELEASE-p12
and 6RD... Larry Rosenman
07:03 PM Bug #7879: traffic shaper crashes with hfsc_dequeue: Possible duplicate of #7877 Jim Thompson
12:57 PM Bug #7879 (Resolved): traffic shaper crashes with hfsc_dequeue: Today i experienced several crashes in 2.4RC i think there were at least 5.
Ive submitted the crash report a few tim... Pi Ba
05:47 PM Revision 72878dfa: Authentication selector JavaScript changed to eliminate lag: (cherry picked from commit dbef7a85819d3c971319de41d287f06419342105) Steve Beaver
05:46 PM Revision dbef7a85: Authentication selector JavaScript changed to eliminate lag: Steve Beaver
05:21 PM Revision 8451d0a9: Fix #7834: Delete IPFW pipes when disable Captive Portal zone: Renato Botelho
05:21 PM Revision 76c6bf5b: Remove correct file: Renato Botelho
05:21 PM Revision 666cc3d7: Ticket #7834: Add missing global declarations: Renato Botelho
05:21 PM Revision b2c92623: Fix #7834: Delete IPFW pipes when disable Captive Portal zone: Renato Botelho
05:21 PM Revision 5c7fead1: Remove correct file: Renato Botelho
05:21 PM Revision fbfbc6bd: Ticket #7834: Add missing global declarations: Renato Botelho
03:47 PM Bug #7778: DHCP relay not working correctly with bridges: Any updates on this issue? Do you agree this is a bug or is there a good reason why the bridge interface isn't added ... Sander Peterse
02:30 PM Revision a2d83aaf: Setup wizard revisions: (cherry picked from commit 09237040fd9a05415673a47d26e669b274981c2e) Steve Beaver
02:29 PM Revision 09237040: Setup wizard revisions: Steve Beaver
12:48 PM Bug #7878 (Feedback): GUI lag in Edit Phase 1 ipsec: JavaScript changed to eliminate lag Anonymous
11:33 AM Bug #7878: GUI lag in Edit Phase 1 ipsec: Seems to be isolated to only Chrome and only on OS X.
Firefox on OS X is fine. Chrome on Linux and Windows is fine... Jim Pingle
11:15 AM Bug #7878 (Resolved): GUI lag in Edit Phase 1 ipsec: There appears to be a lag when selecting options for Authentication Method when editing Phase 1 for IPSec. Please se... Matthew Fine
12:30 PM Bug #7834 (Feedback): Disabling captiveportal will not flush the ipfw pipes: Applied in changeset commit:b2c926239223ed959a800ddf0c799e7650696d2e. Renato Botelho
10:41 AM pfSense Packages Bug #7876 (Feedback): Potential XSS in status_monitoring.php: Fixes pushed to the freebsd-ports repo:
FreeBSD-ports/devel "f044c1e4e3f647028c57ae1a572dc6377e555f... Jim Pingle
09:45 AM pfSense Packages Bug #7876 (Resolved): Potential XSS in status_monitoring.php: The "view" variable in status_monitoring.php is taken from $_GET and used in a hidden input ("view-title") without en... Jim Pingle
10:17 AM Bug #7877 (Resolved): Crash when enabling traffic shaper on more than 1 port: https://forum.pfsense.org/index.php?topic=136733.0 Anonymous
02:12 AM Revision 4c53dfbe: Changes Dynamic DNS Status Widget to display client description text for Custom and Custom (v6) entries. Implements #7843: Christopher Fazendin

Also available in: Atom

Project

General

Profile

pfSense

Activity

Activity

10/18/2017

10/17/2017

10/16/2017

10/15/2017

10/14/2017

10/13/2017

10/12/2017

10/11/2017

10/10/2017

10/09/2017

10/08/2017

10/07/2017

10/06/2017

10/05/2017

10/04/2017

10/03/2017

10/02/2017

10/01/2017

09/30/2017

09/29/2017

09/28/2017

09/27/2017

09/26/2017

09/25/2017

09/24/2017

09/23/2017

09/22/2017

09/21/2017

09/20/2017

09/19/2017