Project

General

Profile

Activity

From 01/02/2018 to 01/31/2018

01/31/2018

09:45 PM pfSense Packages Bug #7965: freeradius 3 with MySQL
Thank you! It remains to fix "daily" in config to run freeradius
With "daily(and etc...)" in config freeradius not s... Konstantin Ab
10:50 AM pfSense Packages Bug #7965 (Feedback): freeradius 3 with MySQL
Fixed in commit:a5d0e15340e1975a86fb5fe48f93032b3c574934 - pkg version 0.15.4 Jim Pingle
06:56 PM Revision 3c44c845: Silence warnings generated by sysctl to standard error.
Luiz Souza
02:07 PM Revision ae72e9e2: openvpn, clear route also for /31 for ptp interfaces
(cherry picked from commit a0f991ecb8247688bfc91b11176c0442e8d7327b) Pi Ba
02:07 PM Revision 489ff1a3: Change get_interface_subnet() to use configured value if available.
(cherry picked from commit 77a6cafbc02c0bbd4075237cca849841561bf6b3) Pi Ba
02:07 PM Revision dae6aba5: openvpn, fix the ifconfig ip1 ip2 when subnet /31 is used
(cherry picked from commit 10a8b5eea62e71aedc76e9eb3fc9630b73247a31) Pi Ba
02:07 PM Revision ba2b547f: Merge pull request #3895 from PiBa-NL/20180106-openvpn-fix-subnet31
Renato Botelho
08:47 AM Feature #8184 (Resolved): pppoe, allow configuring pppoe on a carp interface so its only active on the master #3830
Luiz Souza
08:46 AM Bug #6974 (Resolved): radvd enabled on a disconnected interface kills RA completely on all interfaces
Luiz Souza
08:45 AM Bug #8056 (Confirmed): Bridge + CARP crashes/freezes pfSense
Luiz Souza
07:55 AM Bug #8056: Bridge + CARP crashes/freezes pfSense
The underlying FreeBSD bug is still open:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=200319
The previous p... Jim Pingle
06:43 AM Bug #8056: Bridge + CARP crashes/freezes pfSense
Confirmed - We have 2 Netgate 8860 1u appliances setup with CARP + Bridge and when upgrading from 2.3.4 to 2.4.2_1 we... Adam Boyhan

01/30/2018

03:49 PM Bug #8304 (Not a Bug): pfSense locks up when Android device connects to L2TP/IPsec VPN that uses forces SHA-256 in phase 2
The two crash reports in the submission from that IP address are different and at very low levels of code in the oper... Jim Pingle
03:43 PM Bug #8304: pfSense locks up when Android device connects to L2TP/IPsec VPN that uses forces SHA-256 in phase 2
Ah, I see. I'm a bit new to bug reporting.
My WAN IP was 158.174.30.59.
I didn't make a Reddit post or anything... Justin Lex
08:32 AM Bug #8304 (Feedback): pfSense locks up when Android device connects to L2TP/IPsec VPN that uses forces SHA-256 in phase 2
Is there a forum thread or reddit post with more detail? There isn't anything that stands out in what you have posted... Jim Pingle
02:04 AM Bug #8304: pfSense locks up when Android device connects to L2TP/IPsec VPN that uses forces SHA-256 in phase 2
I noticed I wasn't 100% clear on the conditions: The Android connection works just fine if I set for MD5 or SHA1 hash... Justin Lex
01:51 AM Bug #8304 (Not a Bug): pfSense locks up when Android device connects to L2TP/IPsec VPN that uses forces SHA-256 in phase 2
Discovered this by trying to follow this tutorial and messing with the encryption settings.
[[https://doc.pfsense.or... Justin Lex
02:03 PM Bug #6263: Encryption options for every P2 on a given P1 are written to each P2 individually inside ipsec.conf with multiple P2 entries + split conn entries
Ran into this bug as well, though it appears to break things if you have too many phase 2 entries. After a certain n... PJ Goodwin
05:46 AM pfSense Packages Bug #8305 (Resolved): acme: "Key Size" value is not passed to acme.sh
Setting a "Key Size" in acme_certificates_edit.php has no effect. This variable is not passed on to the /usr/local/pk... Idar Lund

01/29/2018

06:56 PM Revision e0c3df40: Update OpenVPN wizard with current protocol selection options. Fixes #8298
(cherry picked from commit 7f054ea0b387cd8db372d92e04aed1a9c2ef028a) Jim Pingle
06:55 PM Revision 7f054ea0: Update OpenVPN wizard with current protocol selection options. Fixes #8298
Jim Pingle
05:27 PM Revision 834ac053: Fix a potential encoding issue in diag_system_activity.php. Fixes #8300
(cherry picked from commit c083e1e49af4902d15173d412feebd8b86a616ee) Jim Pingle
05:27 PM Revision f51de9fd: Add input validation to traffic_graphs_widget.php and fix JS encoding. Fixes #8302
(cherry picked from commit e7b5b82b121c76c4c6bf57229bfef0ea3bc33d5b) Jim Pingle
05:26 PM Revision e7b5b82b: Add input validation to traffic_graphs_widget.php and fix JS encoding. Fixes #8302
Jim Pingle
05:26 PM Revision fbcb1046: Re-enable CSRF protection in traffic_graphs_widget.php. Ticket #8301
(cherry picked from commit 9ee5030eecc99dd1e7a747f23870663715dfc21f) Jim Pingle
05:25 PM Revision 9ee5030e: Re-enable CSRF protection in traffic_graphs_widget.php. Ticket #8301
Jim Pingle
05:25 PM Revision 51992270: Fix a potential encoding issue in diag_system_activity.php. Fixes #8300
(cherry picked from commit c083e1e49af4902d15173d412feebd8b86a616ee) Jim Pingle
05:25 PM Revision bd866431: Fix a potential encoding issue in diag_system_activity.php. Fixes #8300
(cherry picked from commit c083e1e49af4902d15173d412feebd8b86a616ee) Jim Pingle
05:24 PM Revision c083e1e4: Fix a potential encoding issue in diag_system_activity.php. Fixes #8300
Jim Pingle
02:24 PM Bug #8303 (Resolved): Undefined Function
While looking over the widgets I noticed in the Gateways widget if you change the display type you get a Javascript e... Anonymous
01:10 PM Bug #8298 (Feedback): OpenVPN Wizard protocol defaults to "UDP IPv4 and IPv6 on all interfaces" causing problems
Applied in changeset commit:7f054ea0b387cd8db372d92e04aed1a9c2ef028a. Jim Pingle
11:40 AM Bug #8302 (Feedback): traffic_graphs.widget.php potential XSS via settings
Applied in changeset commit:e7b5b82b121c76c4c6bf57229bfef0ea3bc33d5b. Jim Pingle
11:23 AM Bug #8302 (Resolved): traffic_graphs.widget.php potential XSS via settings
traffic_graphs.widget.php does not perform input validation on its settings, which can lead to a potential XSS due to... Jim Pingle
11:40 AM Bug #8300 (Feedback): diag_system_activity.php: Potential XSS due to encoding of process output
Applied in changeset commit:c083e1e49af4902d15173d412feebd8b86a616ee. Jim Pingle
11:15 AM Bug #8300 (Resolved): diag_system_activity.php: Potential XSS due to encoding of process output
The @top@ command output is printed to the user without encoding, so if a malicious process is started which contains... Jim Pingle
11:20 AM Bug #8301 (Resolved): Dashboard Widgets may no longer need CSRF disabled
CSRF is deliberately disabled in some widgets stuch as traffic_graphs.widget.php but it's unclear if that is still ne... Jim Pingle
10:25 AM Revision 3b41c8f3: Fix dyndns update with gateway group
Vince C
10:23 AM Bug #7905: OpenVPN Authentication Against Backend Stalls All Server Traffic
I can also add that when two RADIUS servers are declared as backend authenticators and the first on the list fails (e... John Tikis
09:32 AM Bug #6400: assign_interfaces.php issues with large numbers of interfaces
The previous PR was reverted. Current PR is https://github.com/pfsense/pfsense/pull/3896 and it was merged on Jan 17. Jim Pingle
02:42 AM pfSense Packages Feature #8299 (Resolved): acme: ocsp must-staple
The acme.sh client supports ocsp must-staple;
if [ "$Le_OCSP_Staple" ] || [ "$Le_OCSP_Stable" ]; then
_savedo... Idar Lund

01/27/2018

11:28 AM Bug #8298 (Resolved): OpenVPN Wizard protocol defaults to "UDP IPv4 and IPv6 on all interfaces" causing problems
The OpenVPN Wizard's default protocol is "UDP IPv4 and IPv6 on all interfaces (multihome). However, when you are bin... George Phillips
09:39 AM Feature #2358: NAT64 support
UPVOTE!!
at the moment I have to use an external router to do this! Marco Vaschetto

01/26/2018

07:37 PM Revision d69a55e3: Fixed #8297 If user has no page permissions it will automatically log them out so they don't get stuck on the logout page
Stephen Jones
03:35 PM Bug #8297 (Resolved): User with no privileges cannot logout.
Works better now, thanks! Jim Pingle
01:47 PM Bug #8297 (Feedback): User with no privileges cannot logout.
Commit pushed. d69a55e3d647795477606e844f79bb94fc127f24 Anonymous
01:08 PM Bug #8297 (Resolved): User with no privileges cannot logout.
If there is a created user and they have no permissions they will see a page that says: "No page assigned to this use... Anonymous
03:28 PM Bug #7412 (Resolved): rtsold will not run on VLAN interfaces
Looks good now. SG-1000 with a VLAN WAN pulls an IPv6 address and default gateway now, without the "Do not wait for R... Jim Pingle
12:00 PM pfSense Packages Bug #8229: syslog-ng stops parsing logs after logrotate run
Well, tried syslog-ng-3.13.2_1 from http://pkg.freebsd.org/FreeBSD:11:amd64/latest/All/ but that went crazy after a c... Orion Poplawski
10:09 AM Feature #8257: pfSense Diagnostics -> Packet Capture support for loopback interface
Tested build 2.4.3.a.20180126.0706
Navigated to Diagnostics -> Packet Capture
Localhost is available in interfa... James Snell
06:17 AM Bug #8056: Bridge + CARP crashes/freezes pfSense
Confirmed - I can also replicate this easily. CARP on a bridged interface, tested on 2.4.2 and 2.4.2_1 with no change... James Freeman
06:04 AM Revision 82f581d5: Improve the CARP description.
No functional change. Luiz Souza
06:04 AM Revision a9a74b49: Merge pull request #3830 from PiBa-NL/20170925-pppoe-on-carpmaster
Luiz Souza

01/25/2018

06:50 PM Revision 2884600f: Fix syntax error in interfaces.inc
Jim Pingle
05:28 PM Revision 44b1c000: Do no configure the virtual IPs if the parent is disabled.
Ticket #6677 Luiz Souza
03:51 PM Revision fccdc01a: off-by-one fix in an error text.
No functional change. Luiz Souza
02:47 PM Bug #6974 (Feedback): radvd enabled on a disconnected interface kills RA completely on all interfaces
Fixed in radvd-2.17_4.
Disconnected interfaces will be properly ignored. Luiz Souza
02:04 PM pfSense Packages Bug #8291: Auto Config Backup ACB Reports Success on invalid credentials then an error notice is logged
Looks better. Thank you. Chris Linstruth
10:31 AM Bug #8296 (Resolved): status_services.php: AJAX requests via GET can control services without CSRF validation
This looks OK now. It only works via POST and trying to POST without CSRF results in a failure. Jim Pingle
09:57 AM pfSense Packages Bug #8229: syslog-ng stops parsing logs after logrotate run
After switching to use tls for forwarded log traffic this seems even worse. It requires several attempts to restart ... Orion Poplawski
08:06 AM Bug #6677 (Feedback): CARP VIPs are configured on disabled interfaces at boot time
Fixed.
Please check with the next snapshot. Luiz Souza
07:03 AM Bug #7412 (Feedback): rtsold will not run on VLAN interfaces
Should be fixed in the next snapshot.
 Luiz Souza
06:27 AM Bug #6904 (Resolved): PRIQ Queue Priority Limited To 7
Already fixed in 2.4.2-p1. Luiz Souza
06:04 AM Bug #6848 (Resolved): Do not create an IPv4/6 gateway for an interface without according IPv4/6 address
Luiz Souza
06:03 AM Bug #5473 (Resolved): pf_test_state_tcp() crash
I'm closing this bug because I believe it was fixed already.
It was caused by a bug in interface queue use, which ... Luiz Souza
04:37 AM pfSense Packages Bug #8277: ntopng service fails to start on 2.4.3
I could be wrong but libcap is a linux specific library to support capabilities as supported by the linux kernel.
... Guido Falsi
03:19 AM Revision c7027903: Fixed #8296
Steve Beaver

01/24/2018

09:30 PM Bug #8296: status_services.php: AJAX requests via GET can control services without CSRF validation
Applied in changeset commit:c7027903d4ba68cf33d7d601c9a9d2efd476f79f. Anonymous
09:21 PM Bug #8296 (Feedback): status_services.php: AJAX requests via GET can control services without CSRF validation
Anonymous
03:04 PM Bug #8296 (Resolved): status_services.php: AJAX requests via GET can control services without CSRF validation
Using a GET request to status_services.php with a sepcially-crafted URL, services can be controlled by visiting a URL... Jim Pingle
09:08 PM Feature #7781: Please Enable Rule Separators on Manual Outbound NAT
There is a lot of work in this, and even more testing required. It's on my list, but it will probably be a few weeks ... Anonymous
08:40 PM Feature #7781: Please Enable Rule Separators on Manual Outbound NAT
Does anyone know if this will be acknowledged to be added into the interface. With tons of nat rules, it becomes very... Nick K
07:39 PM Revision 97e6ec09: Fixes a bug in primary DHCPD host detection for failover.
Properly detect the master host based on CARP skew at setup time when used with HA. Luiz Souza
02:56 PM Bug #4310 (Feedback): Limiters + HA results in hangs on secondary
The crash is fixed on the last snapshot.
Tests are welcome. Luiz Souza
10:19 AM pfSense Packages Bug #8295 (Closed): syslog-ng logrotates tls files
Issue 3292 is back, because the options in the syslog-ng manual now suggest using option names like "key-file" instea... Orion Poplawski

01/23/2018

02:05 PM Bug #8249 (Resolved): pid 77785 (php-fpm), uid 0, was killed: out of swap space
Luiz Souza
01:14 PM Bug #8249: pid 77785 (php-fpm), uid 0, was killed: out of swap space
Thank you!
Confirmed fixed.
2.4.3-DEVELOPMENT (amd64)
built on Tue Jan 23 04:03:53 CST 2018
FreeBSD 11.1-RELE... Pi Ba
12:18 PM Revision d2a8a7e7: first change for extending mobile connection
christian christian
12:16 PM pfSense Packages Bug #8291 (Feedback): Auto Config Backup ACB Reports Success on invalid credentials then an error notice is logged
Changes pushed. Commit Hash 30b86fd147b2df9eb9f629251066baa0f1f0b386 Anonymous
09:13 AM Bug #8294 (Not a Bug): Icmp redirect doesn't use CARP IP
When you configure two pfsense servers in high availability using CARP, every icmps redirect generated use the physic... Denis Grilli
06:28 AM Feature #8292: IPsec mobile clients with different (virtual) IP addresses by (EAP) identity
pull request on github: https://github.com/pfsense/pfsense/pull/3904 Christian R.
06:17 AM Feature #8292 (Resolved): IPsec mobile clients with different (virtual) IP addresses by (EAP) identity
Extending the mobile clients with IP's on a per user basis / EAP identity. This enables managing different users with... Christian R.
06:21 AM Bug #8293 (Not a Bug): Backup does not store the selected Repo Path
In my 2.3.5_1 (i386) Version of pfsense the firmware branch "Legacy stable version (Security/Errata only 2.3.x)" is s... Joseph Huber
03:30 AM Revision f1dc05b7: Merge pull request #3862 from marjohn56/pfsense
Luiz Souza
01:35 AM Revision 68872169: Fix get_cpu_crypto_support() to not overwrite $cpucrypto_type.
Luiz Souza

01/22/2018

09:46 PM Bug #8200 (Resolved): Set VLAN priority on on dhcp6c packets
Luiz Souza
09:45 PM Bug #8200: Set VLAN priority on on dhcp6c packets
Committed. Thanks! Luiz Souza
07:18 PM pfSense Packages Bug #8291 (Resolved): Auto Config Backup ACB Reports Success on invalid credentials then an error notice is logged
If invalid credentials are provided to Auto Config Backup then Backup Now is pressed, a green bar is presented that s... Chris Linstruth
02:48 PM Bug #8290: filter.inc, make filter_expand_alias_array() return consistent results between first and second call.
Affects: 2.4.2p1 amd64 (and probably previous versions).
Haproxy: 0.55_1 (and probably previous versions).
Progr... Pi Ba
02:45 PM Bug #8290 (Resolved): filter.inc, make filter_expand_alias_array() return consistent results between first and second call.
filter.inc, make filter_expand_alias_array() return consistent results between first and second call.
Currently th... Pi Ba
02:39 PM Bug #8185: status_queues, provide 'realtime' statistics #3792
Works for me :).
Now if someone can change qstats to provide similar numbers that might perform better than the ph... Pi Ba
11:09 AM Bug #8249 (Feedback): pid 77785 (php-fpm), uid 0, was killed: out of swap space
Hm.. I found the leak.
Should be fixed in php56-pfSense-module-0.58.
Thank you! Luiz Souza
10:09 AM Todo #8237 (Resolved): Import netstat kresolve_list() fix from stable/11 to improve performance on some platforms
Luiz Souza
09:56 AM Bug #8273: IPv6 GRE tunnel over PPPoE fails on startup
I don't have a means to test IPv6 over PPPoE, but I tried this with DHCPv6 with LAN set to track and the same behavio... Jim Pingle
07:54 AM Feature #8288 (Duplicate): OpenVPN - configurable keepalive
Duplicate of #3473 Jim Pingle
03:30 AM Feature #8288 (Duplicate): OpenVPN - configurable keepalive
Hi!
It would be nice to have configurable keepalive options instead of hard coded 30/60. Greg M
03:32 AM Feature #8289 (Resolved): OpenVPN - configurable username as common name
Hi!
See here: https://forum.pfsense.org/index.php?topic=136533.msg778977#msg778977
There are use cases and it`s... Greg M

01/19/2018

03:41 PM Bug #8287: /var/unbound/test/unbound_server.pem: No such file or directory
I am unable to reproduce it as well.
This occurred while configuring the DNS Resolver after upgrading to 2.4.2_1.
A... Joseph McGuirl
02:22 PM Bug #8287 (Feedback): /var/unbound/test/unbound_server.pem: No such file or directory
I cannot reproduce this as stated using services_unbound.php on SG-1000 or amd64.
What page do you see this error ... Jim Pingle
12:26 AM Bug #8287 (Not a Bug): /var/unbound/test/unbound_server.pem: No such file or directory
2.4.2-RELEASE-p1 (arm) on SG1000
"The following input errors were detected:
The generated config file cannot be p... Joseph McGuirl
03:34 PM Revision 71cf75cb: Merge pull request #3902 from stensonb/fix-typo
Steve Beaver
10:19 AM Revision 7a55c6ae: Add sysutils/devcpu-data
Renato Botelho
10:18 AM Revision 4b90e927: Add sysutils/devcpu-data
Renato Botelho
10:18 AM Revision bd8f5110: Add sysutils/devcpu-data
Renato Botelho
10:17 AM Revision 83aef0ec: Add sysutils/devcpu-data
Renato Botelho
09:35 AM Revision 19e87bb3: fix typos
Bryan Stenson
12:22 AM Bug #6442: DNS Resolver - error
2.4.2-RELEASE-p1 (arm) on SG1000
"The following input errors were detected:
The generated config file cannot be p... Joseph McGuirl

01/18/2018

02:59 PM Bug #8249: pid 77785 (php-fpm), uid 0, was killed: out of swap space
Memory usage of pfSense_getall_interface_addresses("em0")... Pi Ba
12:54 AM Bug #8276: Virtual IPs considered primary when using interface tracking for ipv6
The problem of pfsense considering a VIP over the actual tracked interface IPv6 and never switching is still an issue... Jupiter Vuorikoski

01/17/2018

11:43 PM Feature #8286 (Duplicate): IPsec on Multiwan fail back to Tier1 WAN after it is back UP
IPsec is running on a top of failover gateway group interface. DynDNS client entry updates on behalf of failover gate... Vladimir Lind
10:05 PM Revision b1c01d80: Merge pull request #6400 from loonylion/master
Steve Beaver
06:06 PM Bug #8249: pid 77785 (php-fpm), uid 0, was killed: out of swap space
Ok found at least part of the leak / function call causing it (on my development/test machine)..
Running the code ... Pi Ba
04:04 PM Bug #8231 (Closed): Undefined function while restoring config from older version
Anonymous
03:48 PM Bug #8231: Undefined function while restoring config from older version
I can't close this, but it has been fixed with this commit: https://github.com/pfsense/pfsense/commit/61b6c22a5082eb6... Alistair Francis
12:24 PM Revision 61b6c22a: Merge pull request #3898 from alistair23/alistair/master
Steve Beaver

01/16/2018

08:08 PM Bug #8285 (New): Actions on stale data may result in catastrophic results
It seems that a number of pages in pfSense use links that specify only the index of an item in its category rather th... Mahmoud Al-Qudsi
07:15 PM Revision 8d403391: Change sshd compression to 'delayed' to match current FreeBSD default. Fixes #8245
(cherry picked from commit 4cad9a5bd1666c9bd5ce32b82f9b897dbbe5a5bf) Jim Pingle
07:15 PM Revision 3c73e81d: Change sshd compression to 'delayed' to match current FreeBSD default. Fixes #8245
(cherry picked from commit 4cad9a5bd1666c9bd5ce32b82f9b897dbbe5a5bf) Jim Pingle
07:15 PM Revision 08bdeb89: Change sshd compression to 'delayed' to match current FreeBSD default. Fixes #8245
(cherry picked from commit 4cad9a5bd1666c9bd5ce32b82f9b897dbbe5a5bf) Jim Pingle
07:15 PM Revision 4cad9a5b: Change sshd compression to 'delayed' to match current FreeBSD default. Fixes #8245
Jim Pingle
05:05 PM Revision 900663a4: Add an update source control to RFC2136 dynamic DNS updates. Implements #8278
Jim Pingle
04:07 PM Revision 99f41354: Add localhost to list of interfaces for packet capture. Implements #8257
(cherry picked from commit 618faaf26212de6d2d44627bbe41f0a683f34bed) Jim Pingle
04:07 PM Revision 618faaf2: Add localhost to list of interfaces for packet capture. Implements #8257
Jim Pingle
03:28 PM Bug #8113: MTU setting on bridge, openvpn clients ignored
It's not immediately clear to me what you are doing here. What interfaces make up the bridge? OpenVPN tap (layer2 end... Braden McGrath
03:03 PM Revision 3980a797: Add ospf6d to routing logs.
(cherry picked from commit 163255d64c021508224140f08fb2c261265e465e) Jim Pingle
03:03 PM Revision 36d53a87: Add ospf6d to routing logs.
(cherry picked from commit 163255d64c021508224140f08fb2c261265e465e) Jim Pingle
03:03 PM Revision 1b756c3c: Add ospf6d to routing logs.
(cherry picked from commit 163255d64c021508224140f08fb2c261265e465e) Jim Pingle
03:02 PM Revision 163255d6: Add ospf6d to routing logs.
Jim Pingle
02:08 PM Bug #4031 (Feedback): Notifications mail bomb in some gateway failure circumstances
PR 3768 was merged a while back and it's working well. Could use some additional testing/feedback but it looks good t... Jim Pingle
02:05 PM Bug #6318 (Resolved): IPsec dashboard widget causes GUI failure
This appears to be fixed by other changes to the IPsec status code in recent versions. No new reports of this being c... Jim Pingle
02:02 PM pfSense Packages Bug #6690 (Feedback): SURICATA IPS Issue - Kills VLANS & Traffic Shaper
Still waiting on feedback/new testing on current versions of pfSense and suricata Jim Pingle
01:59 PM Bug #6848 (Feedback): Do not create an IPv4/6 gateway for an interface without according IPv4/6 address
PR was merged several weeks ago Jim Pingle
01:57 PM Bug #7079 (Feedback): ClamAV C-ICAP causing Kernel Panic and System Crash
Still waiting on testing/confirmation feedback on a current version Jim Pingle
01:50 PM Bug #7439 (Feedback): IKE_SA (IKEv2) does not rekey on break before make startegy, just issues IKE_DELETE and connection is closed
We need confirmation that this is still a problem on current versions of strongSwan Jim Pingle
01:42 PM Bug #8249: pid 77785 (php-fpm), uid 0, was killed: out of swap space
I can make a new patch so its back to max 500 requests before a child process is forcibly restarted, although martin ... Chris Collins
01:30 PM Todo #8245 (Feedback): use delayed compression for sshd
Applied in changeset commit:4cad9a5bd1666c9bd5ce32b82f9b897dbbe5a5bf. Jim Pingle
01:27 PM Bug #7735: Switching to wildcard cert fails until reboot
I don't have access to a wildcard certificate to verify this but it's unlikely to be related. Changing a certificate ... Jim Pingle
01:23 PM Bug #7634: When restoring from USB during install, if the config file contains RRD data, the final config.xml on the system will also contain all the RRD infomation
FYI- The PFI/Restore feature was put back in the installer, but this RRD issue likely still persists. It needs retest... Jim Pingle
01:21 PM Bug #7607 (Resolved): Chelsio T4/T5 CXGBE drivers not loaded as ALTq capable in the PfSense UI
Fixed in commit:0ea7b83e8e976469c926140af76a2d29ab0f57a6
See also: #6830 Jim Pingle
12:57 PM Bug #8125: gateway 502 errors proposed fix for high ram systems
Could be a potential problem with the solution in the PR, see #8249 Jim Pingle
12:51 PM Bug #8125 (Feedback): gateway 502 errors proposed fix for high ram systems
PR https://github.com/pfsense/pfsense/pull/3881 was merged a few weeks ago Jim Pingle
12:57 PM Bug #8201 (Duplicate): 502 gateway issues Increase FPM process availability in high ram systems
Duplicate of #8125 Jim Pingle
12:49 PM Bug #8119 (Not a Bug): Site to Site IPsec On a VM Not Routing
Seems more like a configuration issue. pfSense doesn't care if it's running on a VM or bare metal, IPsec wouldn't hav... Jim Pingle
12:48 PM Bug #8117 (Not a Bug): IPSec statuspage shows both connected and connecting tunnel
Given the output I'm not sure it's a bug at all. The main connection could accept another remote, given its configura... Jim Pingle
12:43 PM Bug #8183 (Feedback): pkg, fix, reinstall missing package #3866
PR was merged a few weeks ago Jim Pingle
12:42 PM Bug #8185 (Feedback): status_queues, provide 'realtime' statistics #3792
PR was merged a few weeks ago Jim Pingle
12:41 PM Bug #8182 (Feedback): Support shutdown scripts in /usr/local/etc/rc.d
PR was merged a few weeks ago Jim Pingle
12:36 PM Bug #8276: Virtual IPs considered primary when using interface tracking for ipv6
I'm not sure we've ever officially endorsed that type of setup. The behavior is at best undefined. It's going to need... Jim Pingle
11:20 AM Feature #8278 (Feedback): Add control for source address of RFC2136 updates
Applied in changeset commit:900663a44f41de0af780614df18cc432f8c9eaab. Jim Pingle
10:20 AM Feature #8257 (Feedback): pfSense Diagnostics -> Packet Capture support for loopback interface
Applied in changeset commit:618faaf26212de6d2d44627bbe41f0a683f34bed. Jim Pingle

01/15/2018

08:37 PM Revision 8dc33488: Merge pull request #3889 from kangtastic/master
Steve Beaver
08:37 PM Revision f5d55ac6: Merge pull request #3899 from PiBa-NL/20180111-bootup-step-messages
Steve Beaver
08:36 PM Revision 0fc473ad: Merge pull request #3900 from PiBa-NL/20180111-pf-busy
Steve Beaver
08:35 PM Revision d23d1a06: Merge pull request #3901 from earlchew/issue-7357
Steve Beaver
03:25 PM pfSense Packages Bug #8281: letsencrypt cert ca isn't recognised by openvpn client
No. It already works fine with all other services that we're aware of, including HAProxy.
 Jim Pingle
03:19 PM pfSense Packages Bug #8281: letsencrypt cert ca isn't recognised by openvpn client
you're right, It's better using own CA for private vpn
but the issue is about ACME client to put the bundled LE CA... dhia eddine
10:27 AM pfSense Packages Bug #8281 (Rejected): letsencrypt cert ca isn't recognised by openvpn client
Never use a public/globally trusted cert with your VPN. You will allow anyone anywhere with a cert from the same CA a... Jim Pingle
10:20 AM pfSense Packages Bug #8281 (Rejected): letsencrypt cert ca isn't recognised by openvpn client
using LE generated cert for openvpn config
openvpn client can't connect stopping at... dhia eddine
03:24 PM Feature #8284 (Duplicate): Add duplicate option next to OpenVPN servers and clients
It would be very convenient to have a "duplicate" icon next to OpenVPN servers and clients list. Just like the one ne... Ivor Kreso
03:13 PM Bug #7413: status_dhcpv6_leases.php: Some DHCPv6 leases are not displayed in the GUI
The PR has been updated with a second patch addressing the
requested changes and includes further amends e.g. visual... Anders Lind
11:47 AM Bug #8283 (Rejected): multi-wan gateway group with openvpn clients
Prereqs:
1) Need at least 3+ VPN providers
2) at least one of the VPN providers needs to use the TLS private key co... Jon James
10:42 AM Bug #8282 (Resolved): Enabling CODELQ on virtual interface VLAN crashes appliance
I was working to reduce buffer bloat on a client's SG-4860 and I enabled CODELQ on a virtual interface for one of the... Ben Pike
04:51 AM Bug #8280 (Duplicate): Captive Portal Voucher Sync
Hi all,
we just got back from a debug session of a client, which had problems with Voucher Sync of the CP instance... Jens Groh

01/14/2018

09:52 PM Revision f95579a6: Follow-up to syntax, file order and other changes
Notes:
* Those able to check a proper failover configured system please check if
the Pool Staus table shows up in the... Anders Lind
03:04 PM pfSense Packages Feature #8279: Consider adding a new option to the Rule Order
Use case for illustration:
There are two rules to make sure that LAN IPs access pfSense router DNS and not be able... Yuri Weinstein
12:56 PM pfSense Packages Feature #8279 (New): Consider adding a new option to the Rule Order
There are situations when firewall rules order should be either preserved (kept unchanged) or when pfSense rules are ... Yuri Weinstein
04:34 AM Revision 247f5719: [services_dyndns_edit] Clarify use of @ for Cloudflare
Add GUI prompts corresponding to #7357 that allows users to
enter @ for the hostname, and have it replaced with an em... Earl Chew
02:35 AM Bug #8276: Virtual IPs considered primary when using interface tracking for ipv6
This affects the dhcpv6 server as well. Logic needs to be applied to never consider a VIP a primary address. Jupiter Vuorikoski

01/13/2018

05:00 PM pfSense Packages Bug #8277: ntopng service fails to start on 2.4.3
By the way, I think there's an additional issue in that this warning is triggered on start up:
ntopng has not been... Andrew -
04:51 PM pfSense Packages Bug #8277: ntopng service fails to start on 2.4.3
Thanks. Yes, looking at the ntopng prefs.cpp on GitHub it looks like that command line option has been removed in 3.2... Andrew -
04:01 PM pfSense Packages Bug #8277: ntopng service fails to start on 2.4.3
maybe find some help in forums? https://forum.pfsense.org/index.php?topic=142576.0 Michael Kellogg
05:50 AM pfSense Packages Bug #8277 (Resolved): ntopng service fails to start on 2.4.3
Since the upgrade of the ports tree to ntopng-3.2.2017.12.06, the ntopng service no longer starts.
The system log ... Andrew -
03:26 PM Feature #8278 (Resolved): Add control for source address of RFC2136 updates
Using the local directive in the nsupdate can cause breakage in certain scenarios where the source address of the upd... Chris Linstruth
01:22 AM Bug #8276 (Duplicate): Virtual IPs considered primary when using interface tracking for ipv6
On boot, if you have VIPs configured on an interface that uses interface tracking for its primary IP, the primary ipv... Jupiter Vuorikoski

01/12/2018

07:56 PM Revision c8c7b243: Fix certificate SAN input validation so it does not improperly allow an IP address when FQDN is selected. Fixes #8275
(cherry picked from commit 19a1cf348b07dbaf8fe4d81b8cfc8292b61fd8c3) Jim Pingle
07:56 PM Revision 6a95ae60: Fix certificate SAN input validation so it does not improperly allow an IP address when FQDN is selected. Fixes #8275
(cherry picked from commit 19a1cf348b07dbaf8fe4d81b8cfc8292b61fd8c3) Jim Pingle
07:50 PM Revision 6314fbba: Fix certificate SAN input validation so it does not improperly allow an IP address when FQDN is selected. Fixes #8275
(cherry picked from commit 19a1cf348b07dbaf8fe4d81b8cfc8292b61fd8c3) Jim Pingle
07:49 PM Revision 19a1cf34: Fix certificate SAN input validation so it does not improperly allow an IP address when FQDN is selected. Fixes #8275
Jim Pingle
02:29 PM pfSense Packages Bug #8269 (Resolved): Passing an invalid RRD file to rrd_fetch_json.php via the left= parameter in POST prints the supplied name to the user without encoding
All branches have updated packages and they are all working as expected with the fix in place. Jim Pingle
02:10 PM Bug #8275 (Feedback): Input validation for Certificate SAN (Subject Alternative Name) allows IP addresses to be entered when FQDN/Hostname is selected
Applied in changeset commit:19a1cf348b07dbaf8fe4d81b8cfc8292b61fd8c3. Jim Pingle
02:03 PM Bug #8275: Input validation for Certificate SAN (Subject Alternative Name) allows IP addresses to be entered when FQDN/Hostname is selected
I'm sorry, I completely missed that there's a dropdown that can be used to specify the record type. Mahmoud Al-Qudsi
01:32 PM Bug #8275: Input validation for Certificate SAN (Subject Alternative Name) allows IP addresses to be entered when FQDN/Hostname is selected
The user specifies the SAN type when making entries in the SAN list. If you choose "IP Address" it makes proper entri... Jim Pingle
01:23 PM Bug #8275 (Resolved): Input validation for Certificate SAN (Subject Alternative Name) allows IP addresses to be entered when FQDN/Hostname is selected
As we're all aware, changes to how Chrome (and possibly other browsers in the future) disregard the common name field... Mahmoud Al-Qudsi
02:00 PM Feature #7618: Add support for user-supplied Host-Uniq tag and handle PADM messages in Netgraph PPPoE
We’ll pull the support for this in as soon as FreeBSD accepts it. (It’s too big to carry.) Jim Thompson
08:38 AM pfSense Packages Bug #8214 (Resolved): HOME_NET includes all locally attached Networks
Renato Botelho
08:06 AM pfSense Packages Bug #8214: HOME_NET includes all locally attached Networks
This bug has been resoved in version 4.0.3 of the Suricata package which was moved to release January 12, 2018.
Bill Bill Meeks

01/11/2018

09:50 PM Revision a0f991ec: openvpn, clear route also for /31 for ptp interfaces
Pi Ba
08:57 PM Revision 66e6198f: pf, device-busy, add another item DIOCADDRULE to the list of results to retry
Pi Ba
08:27 PM Revision 1da0c794: bootup, add information about what bootup step is being done
Pi Ba
04:57 PM Feature #8274 (New): Reverse Inverse Traffic Graph View
The live traffic graph inverse view (on the dashboard and in status - traffic graph) by default shows inbound traffic... Mike Gittelman
04:42 PM Revision 3a48e238: Kernel modules failed to build as non-root
Renato Botelho
04:16 PM Bug #8249: pid 77785 (php-fpm), uid 0, was killed: out of swap space
Some fresh numbers from a clean install, wan(dhcp)/lan(static) ssh enabled and thats it..:
After reboot 27MB per pro... Pi Ba
12:39 PM Bug #8249: pid 77785 (php-fpm), uid 0, was killed: out of swap space
p.s. As for widget refresh every second.. thats normal.. once a second 'a' widget is refreshed.. delete all your othe... Pi Ba
12:36 PM Bug #8249: pid 77785 (php-fpm), uid 0, was killed: out of swap space
I might have edited some things.. (its my pfSense testmachine i also develop things on..) so i cant tell for sure if ... Pi Ba
07:22 AM Bug #8249: pid 77785 (php-fpm), uid 0, was killed: out of swap space
I created the original patch to increase the fpm processes, and my processes dont use anywhere near 500meg of ram res... Chris Collins
09:16 AM Bug #8273 (Confirmed): IPv6 GRE tunnel over PPPoE fails on startup
I have a XS4ALL FTTH pppoe connection that provides IPv6. IPv6 works perfectly, however GRE doesn't during initializa... Wagner Sartori Junior
09:15 AM pfSense Packages Bug #7462: HAproxy not rebinding properly after WAN DHCP IP change
I am experiencing the same issue on 2.4.2-RELEASE-p1 with HAproxy 0.54_2. I have changed frontend binding from "WAN a... Michael Duller
08:19 AM Todo #8270: Fix grammatically erroneous repetition
Redundancies from acronyms can be annoying at times, and other times necessary due to familiar terminology or technic... Jim Pingle

01/10/2018

10:03 PM Bug #8271 (Closed): <sendpacket> sendmsg on cpsw0: Permission denied
My connectionion went down today. I'm waiting to hear from ISP to see if it's the PPoE server on their end. While tro... Jeffrey Davis
05:41 PM Revision af17dba1: Fixed #8268
Steve Beaver
04:58 PM Revision 498f7e20: Add an option to push a gatewy address to bridged tap clients. Implements #8267
Jim Pingle
04:06 PM Todo #8270 (New): Fix grammatically erroneous repetition
The pfSense web interface has some grammatically incorrect repetition due to, what I suspect to be, a very lackadaisi... Maxwell Cody
03:27 PM pfSense Packages Bug #8269 (Feedback): Passing an invalid RRD file to rrd_fetch_json.php via the left= parameter in POST prints the supplied name to the user without encoding
Fixed pushed to 2.4.x and 2.3.x
pfSense/FreeBSD-ports
devel: commit https://github.com/pfsense/FreeBSD-ports/co... Jim Pingle
03:02 PM pfSense Packages Bug #8269 (Resolved): Passing an invalid RRD file to rrd_fetch_json.php via the left= parameter in POST prints the supplied name to the user without encoding
Passing an invalid RRD file to rrd_fetch_json.php via the left= parameter in POST prints the supplied name without en... Jim Pingle
12:42 PM Bug #7604: Bug #6594 is not resolved: Waiting for Internet connection to update pkg metadata and finish package reinstallation
Can't believe this is still a issue. :( At the very least can we just decrease the timeout to like 3mins? I would thi... Adam Piasecki
11:50 AM Bug #8268: RAMdisk warning pop-up appears when no changes have been made
Applied in changeset commit:af17dba166c9dda46a1974841a6cb0ad44af397c. Anonymous
11:49 AM Bug #8268 (Feedback): RAMdisk warning pop-up appears when no changes have been made
Resolved by correcting before/after logic Anonymous
11:39 AM Bug #8268 (Resolved): RAMdisk warning pop-up appears when no changes have been made
https://forum.pfsense.org/index.php?topic=141402.new;topicseen#new
Looks like an error introduced in PR #3776 Anonymous
11:10 AM Feature #8267 (Feedback): OpenVPN tap bridge configurations without a tunnel network need a route-gateway for routes/redirects
Applied in changeset commit:498f7e20b630ae1429c1e6892402a0256e8859ba. Jim Pingle
10:57 AM Feature #8267 (Resolved): OpenVPN tap bridge configurations without a tunnel network need a route-gateway for routes/redirects
When using a bridged tap configuration, routing through tap to the Internet or other subnets outside of the bridged i... Jim Pingle
01:16 AM Revision 3048dd47: upgrade_config.inc: Remove all restore_rrd() calls
Commit 0869605131ba3e5d7e502af7a799e54f27d2e7f6 removed the
restore_rrd() function. To avoid errors when restoring ol... Alistair Francis

01/09/2018

07:56 PM Bug #8231: Undefined function while restoring config from older version
I sent a PR to fix this: https://github.com/pfsense/pfsense/pull/3898 Alistair Francis
04:33 PM Revision 016260fe: Fixed #8266 by removing JS alerts
Steve Beaver
03:51 PM Bug #8150: upgrade from 2.3* to 2.4* caused new self signed ssl cert to be selected for WebConfig
Who's arguing? No me.
I was trying to point out that something was not working "quite right". Trying to help.
... Oliver Schonrock
03:46 PM Bug #8150: upgrade from 2.3* to 2.4* caused new self signed ssl cert to be selected for WebConfig
Arguing won't help anyone. You won't convince anyone by acting that way, and there is nothing to "win". Clearly you a... Jim Pingle
03:26 PM Bug #8150: upgrade from 2.3* to 2.4* caused new self signed ssl cert to be selected for WebConfig
> I use ACME/Let's Encrypt certs where the certificate has SANs for both nodes + hostname(s) for the CARP VIP, and it... Oliver Schonrock
02:57 PM Bug #8150: upgrade from 2.3* to 2.4* caused new self signed ssl cert to be selected for WebConfig
I use ACME/Let's Encrypt certs where the certificate has SANs for both nodes + hostname(s) for the CARP VIP, and it w... Jim Pingle
02:49 PM Bug #8150: upgrade from 2.3* to 2.4* caused new self signed ssl cert to be selected for WebConfig
Just to clarify...no certs are generated on the pfsense machines here...These are proper certs signed by a CA. Would ... Oliver Schonrock
02:26 PM Bug #8150: upgrade from 2.3* to 2.4* caused new self signed ssl cert to be selected for WebConfig
It's still not a bug. You didn't update the certificate on the secondary properly. The two units share a certificate ... Jim Pingle
01:57 PM Bug #8150: upgrade from 2.3* to 2.4* caused new self signed ssl cert to be selected for WebConfig
Please reopen this bug, because I have managed to reproduce it with more detail.
While replacing the SSLs on this ... Oliver Schonrock
10:40 AM Bug #8266 (Feedback): Bogus error message occurs on killing OPenVPN connection
Applied in changeset commit:016260fe433772839a06233d821992808d80f8cd. Anonymous
10:31 AM Bug #8266 (Resolved): Bogus error message occurs on killing OPenVPN connection
https://forum.pfsense.org/index.php?topic=139073.0 Anonymous
01:44 AM Bug #8265: Relayd port range (alias) not working
Tanks for the explanation. That is a good idea, because in the gui it says "A port alias listed in Firewall -> Aliase... Kilian Ries

01/08/2018

06:50 PM Revision 87489e5c: re-adding changes made to fix bug#6400, includes fixes for bug#8222 and bug#8223 that were introduced with the initial commit of this code.
original pull request was #3868 Peter Schofield
03:53 PM Bug #8265: Relayd port range (alias) not working
relayd does not support port ranges, only single ports, but there isn't any input validation that checks for that inv... Jim Pingle
03:38 PM Bug #8265 (Closed): Relayd port range (alias) not working
Hi,
i just configured a load balancer via relayd and used a port range which i defined via the firewall - alias ta... Kilian Ries
03:52 PM Bug #3330: Load Balancer showing wrong Status when using aliases for the port
Can confirm it is still present in 2.4.2-RELEASE-p1 (amd64). This is really sad, the bug exists for more than 4 years... Kilian Ries
09:26 AM pfSense Packages Bug #8264 (New): Radiusd restart on WAN change results in freeradius not running (and possible solution)
With a PPPoE WAN that sometimes goes down and up, we found each time the radius service stopped.
Our guess is that... Silvio Massina

01/07/2018

04:29 PM Feature #8187: Gateways, allow for configuring a gatewaygroup as the default gateway. #3781
Progress: 100% Pi Ba
02:26 PM Bug #8263 (New): Cannot create a nonlinear `Link Share` service curve because of: "the sum of the child bandwidth higher than parent"
*Problem:*
* Cannot create a nonlinear service curve using `m1` and `d` variables with HFSC Scheduler. Traffic shape... Tom Misztur

01/06/2018

07:16 PM Revision 77a6cafb: Change get_interface_subnet() to use configured value if available.
Pi Ba
06:33 PM Revision 10a8b5ee: openvpn, fix the ifconfig ip1 ip2 when subnet /31 is used
Pi Ba
06:27 PM Feature #8262: Make each prefix flags configurable separately.
Currently all additional prefixes added to be advertised by radvd inherit flags from the general interface radvd conf... Jupiter Vuorikoski
06:22 PM Feature #8262 (New): Make each prefix flags configurable separately.
Jupiter Vuorikoski
05:14 PM pfSense Packages Feature #8232: different ssl options based on the sni name
Much better, I'll start the functional testing! Zoltan Beck
09:13 AM pfSense Packages Feature #8232: different ssl options based on the sni name
Added commit to remove the double section.
URL: https://github.com/pfsense/FreeBSD-ports/pull/491/commits/83ae379cda... Pi Ba
09:00 AM pfSense Packages Feature #8232: different ssl options based on the sni name
Ah um no sorry. Fix will be added shortly. p.s. are you on IRC #pfSense channel? on freenode Maybe we could talk there. Pi Ba
08:38 AM pfSense Packages Feature #8232: different ssl options based on the sni name
Thank you for your help, I installed as you mentioned. I don't know if it works as expected, but on every frontend I ... Zoltan Beck
12:49 PM Bug #8261: OpenVPN tunnel network handled incorrectly with a /31 tunnel network
Is fixed by: https://github.com/pfsense/pfsense/pull/3895 Pi Ba
12:17 PM Bug #8261 (Resolved): OpenVPN tunnel network handled incorrectly with a /31 tunnel network
When defining the tunnel network to be used in an openvpn site-to-site tunnel, if you define a /31 network, the confi... Jupiter Vuorikoski
04:49 AM Feature #7861: Make "Descriptive name" of certificates editable
Is there any chance you will add this feature? Is there anything I can do?
Lars Möller Lars Möller
12:07 AM Bug #8250: Captive Portal XMLRPC does not use the custom port configured.
** it is not a bug **
Louis Casambre

01/05/2018

09:54 PM Revision 34c3aeac: Encode rangedescr before display in firewall_schedules.php. Fixes #8259
(cherry picked from commit 2f7d3a1f3c9b00a815037e1f4b8a88c938a8f42d) Jim Pingle
09:54 PM Revision cc646dfa: Encode rangedescr before display in firewall_schedules.php. Fixes #8259
(cherry picked from commit 2f7d3a1f3c9b00a815037e1f4b8a88c938a8f42d) Jim Pingle
09:54 PM Revision 55ea766a: Encode rangedescr before display in firewall_schedules.php. Fixes #8259
(cherry picked from commit 2f7d3a1f3c9b00a815037e1f4b8a88c938a8f42d) Jim Pingle
09:53 PM Revision 2f7d3a1f: Encode rangedescr before display in firewall_schedules.php. Fixes #8259
Jim Pingle
09:42 PM Revision 88be34ad: Fix foreach error on hosts that have no dyndns entries.
Jim Pingle
09:37 PM pfSense Packages Bug #8260: Status Traffic Totals is not restored when restoring a backup
Jim Pingle wrote:
> Duplicate of #8068
woops, searched for it but didn't find that one, sorry... Tobias H
09:23 PM pfSense Packages Bug #8260 (Duplicate): Status Traffic Totals is not restored when restoring a backup
Duplicate of #8068 Jim Pingle
09:09 PM pfSense Packages Bug #8260 (Duplicate): Status Traffic Totals is not restored when restoring a backup
When you do a backup and restore it then the plugin "Status_Traffic_Totals" is missing. Configuration of the plugin a... Tobias H
04:52 PM Bug #8165: Fragmented at source IPv6 packets (UDP + ICMP Ping) are not forwarded / v2.4.2 AMD64
Just wanted to file a METOO on this where it seems to be causing issues with IPv6 and UDP especially where we saw it ... Kevin A McGrail
04:00 PM Bug #8259 (Feedback): Range description is not encoded in firewall_schedule.php
Applied in changeset commit:2f7d3a1f3c9b00a815037e1f4b8a88c938a8f42d. Jim Pingle
03:53 PM Bug #8259 (Resolved): Range description is not encoded in firewall_schedule.php
On firewall_schedule.php the rangedescr for time ranges is not encoded before display. However, an invalid entry cann... Jim Pingle
02:58 PM Revision e3c0d75e: Update the Copyright notice for pfSense.
Luiz Souza
02:47 PM pfSense Packages Bug #8258 (Resolved): BIND responds with SERVFAIL when adding/changing records if 'allow-update' is configured for a zone
When a proper functioning bind server is running fine for a zone with 'allow-update' enabled for local-nets it is pos... Marco Verleun
02:45 PM Revision 5391d05c: Sort package entries, remove unused packages (elinks, asterisk).
Luiz Souza
01:50 PM Revision 51796ced: Small cosmetic fix.
Luiz Souza
01:44 PM Revision b8f91b7c: Update the Copyright notice for pfSense.
Luiz Souza
12:56 PM pfSense Packages Feature #7706 (Feedback): Add option to write certificate to the filesystem after renew
This is implemented in ACME package version 0.1.34, though it could use additional testing to ensure it's working in ... Jim Pingle
11:02 AM pfSense Packages Feature #7519 (Resolved): Add support for --listen-v6 to ACME standalone webserver
This is implemented in the ACME package version 0.1.33, for HTTP and TLS standalone entries there is now a checkbox t... Jim Pingle
08:33 AM pfSense Packages Feature #7340 (Resolved): Acme Client nsupdate interface forces a different key-ID for every domain
In ACME package version 0.1.32 there is a separate Key name field which can be used to override the default key name ... Jim Pingle
08:33 AM pfSense Packages Bug #8118 (Resolved): Note default key name when using RFC 2136
In ACME package version 0.1.32 there is a separate Key name field which can be used to override the default key name,... Jim Pingle

01/04/2018

07:27 PM Revision 31bb3fb6: Merge pull request #3893 from JoeriCapens/ddns-rfc2136-algorithm-choice
Jim Pingle
06:49 PM Feature #8257: pfSense Diagnostics -> Packet Capture support for loopback interface
In particular, in order to debug a problem I was having with the HAProxy and Acme packages (#7519), I ultimately ende... Chaos215 Bar2
06:47 PM Feature #8257 (Resolved): pfSense Diagnostics -> Packet Capture support for loopback interface
I can't overstate how useful the GUI Packet Capture feature is for debugging all variety of networking issues, but it... Chaos215 Bar2
06:43 PM pfSense Packages Feature #7519: Add support for --listen-v6 to ACME standalone webserver
Another +1.
I'm using HAProxy to allow multiple hosts behind a router to issue Let's Encrypt certificates, using H... Chaos215 Bar2
06:28 PM Bug #8249: pid 77785 (php-fpm), uid 0, was killed: out of swap space
The number of widgets doesn't really matter, only 1 will be refreshed every second..
Could use ab or wrk for a secon... Pi Ba
12:20 PM Bug #8249: pid 77785 (php-fpm), uid 0, was killed: out of swap space
I can't seem to reproduce this here. I have a box with 2GB of RAM and a 14 dashboard widgets loaded and it never goes... Jim Pingle
04:29 PM Revision a58b6915: Backport changes regarding login page
This commit improves consistency and prevents bugs by:
1) Not displaying the login CSS file in the theme list
2) Ensu... NewEraCracker
01:43 PM Feature #8244: Add Dynamic DNS RFC 2136 Client server key algorithm choice
PR Merged Jim Pingle
01:40 PM Feature #8244 (Feedback): Add Dynamic DNS RFC 2136 Client server key algorithm choice
Applied in changeset commit:ab1112eed9c14f95d32469755c17dc067f903e61. Joeri Capens
10:31 AM Bug #8255 (Resolved): Login page color not honoured
The fix was already in the repo for 2.3.6, I cherry-picked commit:1b2c6dd943e90acd25f00f9539aa606bdf26712f back to RE... Jim Pingle
12:12 AM Bug #8255 (Resolved): Login page color not honoured
Login page color is not honoured and it defaults to default blue always Bipin Chandra
06:37 AM Bug #8256 (Resolved): IPv6 IP Alias VIP not added to Interface Network Macros
Hi,
I opened this Forum post thinking that the issue is with CARP VIP, but later on I figured it out that it's act... Rabi Hanna
04:43 AM pfSense Packages Bug #8194: BIND fails to respond after interface goes down
Just a quick note: As an alternate workaround, I attempted to run the DNS Resolver as the primary DNS server, forward... Chaos215 Bar2
03:14 AM pfSense Packages Bug #8194: BIND fails to respond after interface goes down
Is there anything I can do to help diagnose and/or workaround this issue? This is kind of a showstopper for using the... Chaos215 Bar2

01/03/2018

04:23 PM Feature #7671: Gateway Monitoring Via Custom Script or Telnet.
Well that script didn't really seem to work... New Script attached. Sends emails via smtp to address configured on no... Bridgetowermedia IT
01:28 PM Bug #8124: username/password not used by proxy support
Jim Pingle wrote:
> There was a FreeBSD bug about that, see #6949, but that's been fixed for a while now. If the pro... O 71
09:43 AM pfSense Packages Bug #8254 (Resolved): BIND, Register DHCP static mappings and Subzones
If BIND is configured so that it has master zones for example.com and sub.example.com
(assuming proper delegation fr... name name
06:54 AM Bug #8253 (Rejected): Corrupt video during 2.4.x install on Dell Wyse thin client with AMD Radeon HD 6250
*Problem:*
While installing version 2.4.2 via USB key onto a Wyse D50D or D90D, the video is corrupt from the bootlo... Ronnie Last

01/02/2018

08:49 PM Revision c0305bb8: Add keyalgorithm input validation.
Joeri Capens
08:49 PM Revision 16f8df9a: Delete keytype field from config, remove unnecessary file cleanup.
Joeri Capens
06:32 PM pfSense Packages Feature #8232: different ssl options based on the sni name
Patches are based on top of haproxy-devel package 0.54_2 to apply them do the following:
-Install 'System Patches'... Pi Ba
05:19 PM pfSense Packages Feature #8232: different ssl options based on the sni name
Can you please give us steps how to install this version on pfsense 2.4.2-RELEASE-p1? Zoltan Beck
05:20 PM Bug #8247: When in bridge / transparent mode, pfSense blocks UDP/4500 & ESP traffic regardless of origin
In the days since I created this bug, I continue to observe pfSense filtering out inbound return UDP traffic unless e... Travis McMurry
04:50 PM Revision 5340fd2f: Change how SANs are generated from the CN, considering that not all CNs will produce a valid SAN. Fixes #8252
(cherry picked from commit e562fca2e6b7a2ffbbdfe748f769a8cde9e116dc) Jim Pingle
04:49 PM Revision e562fca2: Change how SANs are generated from the CN, considering that not all CNs will produce a valid SAN. Fixes #8252
Jim Pingle
03:56 PM Revision a6c87161: Do not make a bypasslan IPsec config block when it should be disable/empty. Fixes #8239
(cherry picked from commit fbdf0a084da239ca785360106b3dd8d1390223cf) Jim Pingle
03:56 PM Revision 6a20a5bd: Do not make a bypasslan IPsec config block when it should be disable/empty. Fixes #8239
(cherry picked from commit fbdf0a084da239ca785360106b3dd8d1390223cf) Jim Pingle
03:56 PM Revision 5437463a: Do not make a bypasslan IPsec config block when it should be disable/empty. Fixes #8239
(cherry picked from commit fbdf0a084da239ca785360106b3dd8d1390223cf) Jim Pingle
03:55 PM Revision fbdf0a08: Do not make a bypasslan IPsec config block when it should be disable/empty. Fixes #8239
Jim Pingle
02:24 PM Feature #4899: Additional BOOTP/DHCP Options should allow a force option
Code for consideration should be submitted as a Github pull request. Anonymous
02:01 PM Feature #4899: Additional BOOTP/DHCP Options should allow a force option
Moving this feature request back to the top of the stack. The creator did all the leg work to implement this, why not... Charles Taylor
11:00 AM Bug #8252 (Feedback): Automatic SAN code for certificates does not work properly with additional SANs when the CN contains a space
Applied in changeset commit:e562fca2e6b7a2ffbbdfe748f769a8cde9e116dc. Jim Pingle
10:44 AM Bug #8252 (Resolved): Automatic SAN code for certificates does not work properly with additional SANs when the CN contains a space
When making a certificate, if there is a space in the CN the automatic code that copies the CN to a SAN fails to make... Jim Pingle
10:10 AM Bug #8239 (Feedback): If IPsec bypasslan is enabled while the LAN interface is disabled, all traffic bypasses IPsec
Applied in changeset commit:fbdf0a084da239ca785360106b3dd8d1390223cf. Jim Pingle
09:57 AM Bug #8239 (Confirmed): If IPsec bypasslan is enabled while the LAN interface is disabled, all traffic bypasses IPsec
Jim Pingle
 

Also available in: Atom