Project

General

Profile

Activity

From 01/07/2018 to 02/05/2018

02/05/2018

10:45 PM Bug #8165: Fragmented at source IPv6 packets (UDP + ICMP Ping) are not forwarded / v2.4.2 AMD64
Mike Nichols wrote:
> This issue came to light when I encountered a problem with a SIP phone not receiving SIP Invit... Kevin A McGrail
09:55 PM Revision 40f2c5d9: Add cxgbe to ALTQ list. Fixes #8314
Jim Pingle
08:26 PM Revision 0f5bd6f8: Fixed #8091 Force Integers in GUI
It will use the ceil() function to always use the ceiling after loading a config.
Also onchange of bandwidth will cal... Stephen Jones
07:02 PM pfSense Packages Bug #8315 (Closed): Mail Report mail_report_send() behavior different than notify_via_smtp()
@notify_via_smtp()@ correctly supports both SMTPS SSL and SMTP+StartTLS.
Mail Report @mail_report_send()@ supports S... Dale Southard
05:47 PM Bug #6263: Encryption options for every P2 on a given P1 are written to each P2 individually inside ipsec.conf with multiple P2 entries + split conn entries
Looked into this and the attached patch appears to fix the issue in 2.4.2. The comparable change also corrected a 2.... PJ Goodwin
04:10 PM Bug #8314 (Feedback): cxgbe missing from ALTQ interface list
Applied in changeset commit:40f2c5d909220dd5aaa23515d25a04916438304d. Jim Pingle
03:56 PM Bug #8314: cxgbe missing from ALTQ interface list
T5 cards are called cxl; T4 cards are called cxgbe
... ref cxgbe(4) "*here*":https://www.freebsd.org/cgi/man.cgi?qu... ROB VANHOOREN
03:45 PM Bug #8314 (Not a Bug): cxgbe missing from ALTQ interface list
patchset added 'cxl' ... line 5680 of src/etc/inc/interfaces.inc also needs 'cxgbe'
thanks,
R.
 ROB VANHOOREN
03:36 PM Bug #8313: STARTTLS auto detection not working
That code is not ours but that of the Net_SMTP Pear package: https://pear.php.net/package/Net_SMTP -- That package do... Jim Pingle
03:26 PM Bug #8313 (Not a Bug): STARTTLS auto detection not working
When attempting to setup SMTP notifications to a mailserver which supports STARTTLS the following error occurrs:
Co... David Martin
02:55 PM Bug #8226 (Resolved): Pass-through MAC automatic additions adds duplicate
Anonymous
06:46 AM Bug #8226: Pass-through MAC automatic additions adds duplicate
Its indeed solved. Thanks for the quick fix. Sander Naudts
02:40 PM Bug #8091 (Feedback): Limiters with fractional bandwidth values are not loaded correctly
Applied in changeset commit:0f5bd6f8ecf2a755cf2cef689e1e3bead04cc058. Anonymous
01:13 PM Bug #7425 (Confirmed): dhclient not sending option 77
Option 77 works on 2.4.3 snapshots, I'm checking what we can do about the VLAN priority. Luiz Souza
11:24 AM Feature #8186 (Feedback): ipsec, allow configuration of multiple ike phase1 encryption ciphers #3711
PR has been merged. Thanks! Renato Botelho
11:08 AM Feature #336: Option to create lagg under assign interfaces
+1
Absolute impossible to create a LAGG on the CLI :/ Kilian Ries
07:30 AM pfSense Packages Bug #8312 (Not a Bug): Can not init api (error code: 3)
It works fine here, it looks like it's something in your configuration, probably a problem with the key. If it can't ... Jim Pingle
05:09 AM pfSense Packages Bug #8312: Can not init api (error code: 3)
Relevant portion from acme_issuecert.log:... H. de Visser
03:57 AM pfSense Packages Bug #8312 (Not a Bug): Can not init api (error code: 3)
pfSense: 2.3.5_p1 (on amd64)
Acme Package: 0.1.34
Trying to manually renew our certificate, but getting error bel... H. de Visser
07:19 AM Bug #7905: OpenVPN Authentication Against Backend Stalls All Server Traffic
Would a solution like Keepalived on the authentication servers back-end (if they are of the same type, e.g. RADIUS)wo... John Tikis

02/04/2018

09:02 PM pfSense Packages Feature #8311 (Rejected): Suricata persistent blocks
Please make blocks with suricata persistent through reboot. Jon Shoulders
08:05 PM Bug #8056: Bridge + CARP crashes/freezes pfSense
Set target. Luiz Souza
01:04 PM pfSense Packages Bug #8307: HAproxy in pfsense 2.42-p1 creating a new frontend with a Shared Frontend issues invalid ip error
The haproxy-devel 0.55_2 package will be build after the pull request is 'accepted' by official pfSense developers..
... Pi Ba

02/03/2018

11:34 AM Bug #8310 (Not a Bug): Firewall ACL fails to parse / validate host alias entries after tenth entry in alias
This can be recreated 100% of the time.
When writing an ACL on the firewall, if I use a host alias as source or de... Francisco Artes
10:13 AM Bug #8056: Bridge + CARP crashes/freezes pfSense
The previous patch works well on 2.3.x. Is it possible to apply the same patch for 2.4.x while FreeBSD folks decide w... Anonymous
01:07 AM Bug #1819: DNS Resolver Not Registering DHCP Server Specified Domain Name
I just started a bounty thread on the pfSense forums:
https://forum.pfsense.org/index.php?topic=143579.0
Essent... Lynn Dixon

02/02/2018

08:41 PM Revision 76ca1bc5: Fix config version # arrising from merging older PR
Steve Beaver
08:26 PM Revision d205ac7a: Merge pull request #3711 from PiBa-NL/20170427-ipsec-multiple-P1-algo
Steve Beaver
08:17 PM Revision 3490784c: Merge branch 'master' of gitlab.netgate.com:pfsense/pfsense
Steve Beaver
08:16 PM Bug #1819: DNS Resolver Not Registering DHCP Server Specified Domain Name
Unfortunately, it looks like it keeps getting kicked down the road a bit. This would be a really nice bit of polish... Lynn Dixon
08:13 PM Bug #1819: DNS Resolver Not Registering DHCP Server Specified Domain Name
is there an ETA on this one? Oded Brilon
07:05 PM pfSense Packages Bug #8307: HAproxy in pfsense 2.42-p1 creating a new frontend with a Shared Frontend issues invalid ip error
Pi Ba wrote:
> Perhaps you could send me 'PiBa' a PM on the forum?
Pi
Other then manually patching the code. ... Mark Saad
06:35 PM pfSense Packages Bug #8307: HAproxy in pfsense 2.42-p1 creating a new frontend with a Shared Frontend issues invalid ip error
The new package 0.55_2 should skip the check on 'secondary' frontends.
https://github.com/pfsense/FreeBSD-ports/pull... Pi Ba
02:53 PM pfSense Packages Bug #8307: HAproxy in pfsense 2.42-p1 creating a new frontend with a Shared Frontend issues invalid ip error
Perhaps you could send me 'PiBa' a PM on the forum? Pi Ba
01:06 PM pfSense Packages Bug #8307: HAproxy in pfsense 2.42-p1 creating a new frontend with a Shared Frontend issues invalid ip error
Pi Ba wrote:
> Would be nice to know what your config looks like. As it doesn't seem to happen here. Can you share t... Mark Saad
05:57 PM Revision 67784aa6: Add DDNS client update option to DHCPv4 configuraiton
Steve Beaver
04:51 PM Revision daf7490f: Fix #8290
On d9b05eb490a the way aliases containing a mix of IP address and FQDNs
works has changed and all items were added to... Renato Botelho
04:50 PM Feature #8309 (New): Include apuled driver to add support for LEDs on PC Engines APU boards
Driver for adding support for LEDs and mode switch on PC engines APU boards.
See here for details: https://bugs.fr... Darryn Storm
04:50 PM Revision 1c1613c5: Fix #8290
On d9b05eb490a the way aliases containing a mix of IP address and FQDNs
works has changed and all items were added to... Renato Botelho
04:45 PM Revision a464eaf7: Fixed #8226 Check for MAC duplicates
loop through auto pass MAC addresses for duplicates
before automatically adding a pass thru. Stephen Jones
04:20 PM Feature #7216: Allow user to choose date display format
I think a text field allowing standard PHP date() format would be ideal. https://secure.php.net/manual/en/function.da... Duncan Fairley
03:32 PM pfSense Packages Bug #8306: HAproxy in pfsense 2.42-p1 ha pair generates XMLRPC errors
Pi Ba wrote:
> Sync should be disabled on haproxy on the backup machine, can you check that is indeed the case?
P... Mark Saad
02:51 PM pfSense Packages Bug #8306: HAproxy in pfsense 2.42-p1 ha pair generates XMLRPC errors
Sync should be disabled on haproxy on the backup machine, can you check that is indeed the case? Pi Ba
01:09 PM pfSense Packages Bug #8306: HAproxy in pfsense 2.42-p1 ha pair generates XMLRPC errors
Pi Ba wrote:
> Could it be that youve got sync configuration enabled in haproxy, but dont have it configured in pfSe... Mark Saad
01:09 PM Bug #8290: filter.inc, make filter_expand_alias_array() return consistent results between first and second call.
Well now the haproxy usecase is broken both ways. start by 'apply config', and by 'restart service' neither fills the... Pi Ba
11:00 AM Bug #8290 (Feedback): filter.inc, make filter_expand_alias_array() return consistent results between first and second call.
Applied in changeset commit:1c1613c532cfca62724b490f44989dbbff3a170b. Renato Botelho
12:00 PM Bug #7131 (Feedback): DHCP v4&v6 DDNS missing options
DHCP client updates option added DHCP v4
ddns-update-style interim may be added later Anonymous
11:00 AM Bug #8226 (Feedback): Pass-through MAC automatic additions adds duplicate
Applied in changeset commit:a464eaf72bb970cc3a26cef9b322f1ee9918cf9f. Anonymous
09:47 AM Bug #8226 (Assigned): Pass-through MAC automatic additions adds duplicate
Disregard that last message I was able to reproduce it. Anonymous
09:39 AM Bug #8226 (Feedback): Pass-through MAC automatic additions adds duplicate
Could we get more details on how to reproduce this? I do not see duplicate entries when logging in from different tab... Anonymous
09:41 AM pfSense Packages Bug #8308 (Resolved): FRR OSPF6D: interfaces not assigned to areas if they only have a link-local address
frr_ospf6d.inc:... Firstname Surname
09:34 AM Bug #3932 (Closed): Captive portal with greater than 9000 permanent MAC addresses causes timeout in loading CP
It is unreasonable to keep kicking this down the road to target_version++ Closing and recording it for future conside... Anonymous
09:31 AM Bug #6031 (Closed): Anti-Lockoug Rule Not Effective Against Canned Interface Block Rules
No one has been able to work on this in two years, and there is a work-around. Closing and recording for future consi... Anonymous
09:27 AM Bug #6578 (Closed): Filter reload hangs with IPsec hostnames that don't resolve configured
This will not be addressed in the next version or two, so is being shelved and recorded for future consideration. Anonymous
09:12 AM Bug #7082: pkg_edit.php - impossible to use default_value with rowhelperfield
This will not be addressed in 2.4.3 :( We are looking at alternative ways of providing this functionality. Anonymous
07:11 AM pfSense Packages Bug #7965 (Resolved): freeradius 3 with MySQL
Jim Pingle
12:19 AM pfSense Packages Bug #7965: freeradius 3 with MySQL
THX! It's worked! Konstantin Ab

02/01/2018

05:37 PM pfSense Packages Bug #8306: HAproxy in pfsense 2.42-p1 ha pair generates XMLRPC errors
Could it be that youve got sync configuration enabled in haproxy, but dont have it configured in pfSense itself? Pi Ba
09:29 AM pfSense Packages Bug #8306 (Rejected): HAproxy in pfsense 2.42-p1 ha pair generates XMLRPC errors
I have a number of http(s) sites setup under haproxy using a shared ssl cert .
After cloning an existing config I... Mark Saad
05:36 PM pfSense Packages Bug #8307: HAproxy in pfsense 2.42-p1 creating a new frontend with a Shared Frontend issues invalid ip error
Would be nice to know what your config looks like. As it doesn't seem to happen here. Can you share the <haproxy> sec... Pi Ba
09:35 AM pfSense Packages Bug #8307 (Resolved): HAproxy in pfsense 2.42-p1 creating a new frontend with a Shared Frontend issues invalid ip error
This has existing since 2.3.x and has been worked around for some time.
We use a haproxy shared frontend for a com... Mark Saad
05:33 PM Revision 12f16196: Fixed #8303
Steve Beaver
04:15 PM Revision ce7b40ce: Fixed #8301 CSRF Enabled on all widgets.
Enabled CSRF on all widgets. Stephen Jones
04:12 PM Bug #6677 (Resolved): CARP VIPs are configured on disabled interfaces at boot time
Luiz Souza
03:08 PM Bug #7195: pkg_edit.php - <checkenablefields> tag has no effect on fields other than checkbox/input
We hope to provide an alternative means of achieving this, but it won't make it in 2.4.3, so ++target_version :( Anonymous
12:46 PM Bug #7801: UDP fragments received over IPsec tunnel are not properly reassembled and forwarded
++target_version Anonymous
12:36 PM Bug #7905: OpenVPN Authentication Against Backend Stalls All Server Traffic
Sorry to have to kick this to ++version but the work required cannot be squeezed into the 2.4.3 schedule Anonymous
12:03 PM Bug #8263: Cannot create a nonlinear `Link Share` service curve because of: "the sum of the child bandwidth higher than parent"
Rescheduled for release 2.4.4 Anonymous
12:02 PM Bug #7413: status_dhcpv6_leases.php: Some DHCPv6 leases are not displayed in the GUI
Re-assigned for testing Anonymous
11:57 AM Bug #7480 (Feedback): pkg framework - textarea on rowhelperfield errors
Is there an existing package where this behavior can be seen? Anonymous
11:51 AM Bug #7481 (Rejected): pkg-framework - rowhelper ignores <advancedfield/>
The advancedfield tag is no longer supported in the rowhelper section. This may be addressed in the future, but more ... Anonymous
11:48 AM Bug #7599: System->Update unavailable in WebGUI after connection failure during update
Stephen. - Would you please retest and confirm this issue still exists? Anonymous
11:40 AM Bug #8303: Undefined Function
Applied in changeset commit:12f1619688ce2dc92e63e808cda3cd9317e96c13. Anonymous
11:34 AM Bug #8303 (Feedback): Undefined Function
Fixed.
That function has not been required for a number of years. Anonymous
11:10 AM Bug #8303 (Confirmed): Undefined Function
Anonymous
11:09 AM Bug #7772 (Feedback): Regression of Bug #906
Can you provide simple steps to reproduce please? Anonymous
10:30 AM Bug #8301 (Feedback): Dashboard Widgets may no longer need CSRF disabled
Applied in changeset commit:ce7b40ce96bbd9e94d36d1779807bbe6b8efd356. Anonymous
08:16 AM pfSense Packages Bug #7965: freeradius 3 with MySQL
There should not be any need for manual corrections on the current version. The counters should be handled properly.
... Jim Pingle

01/31/2018

09:45 PM pfSense Packages Bug #7965: freeradius 3 with MySQL
Thank you! It remains to fix "daily" in config to run freeradius
With "daily(and etc...)" in config freeradius not s... Konstantin Ab
10:50 AM pfSense Packages Bug #7965 (Feedback): freeradius 3 with MySQL
Fixed in commit:a5d0e15340e1975a86fb5fe48f93032b3c574934 - pkg version 0.15.4 Jim Pingle
06:56 PM Revision 3c44c845: Silence warnings generated by sysctl to standard error.
Luiz Souza
02:07 PM Revision ae72e9e2: openvpn, clear route also for /31 for ptp interfaces
(cherry picked from commit a0f991ecb8247688bfc91b11176c0442e8d7327b) Pi Ba
02:07 PM Revision 489ff1a3: Change get_interface_subnet() to use configured value if available.
(cherry picked from commit 77a6cafbc02c0bbd4075237cca849841561bf6b3) Pi Ba
02:07 PM Revision dae6aba5: openvpn, fix the ifconfig ip1 ip2 when subnet /31 is used
(cherry picked from commit 10a8b5eea62e71aedc76e9eb3fc9630b73247a31) Pi Ba
02:07 PM Revision ba2b547f: Merge pull request #3895 from PiBa-NL/20180106-openvpn-fix-subnet31
Renato Botelho
08:47 AM Feature #8184 (Resolved): pppoe, allow configuring pppoe on a carp interface so its only active on the master #3830
Luiz Souza
08:46 AM Bug #6974 (Resolved): radvd enabled on a disconnected interface kills RA completely on all interfaces
Luiz Souza
08:45 AM Bug #8056 (Confirmed): Bridge + CARP crashes/freezes pfSense
Luiz Souza
07:55 AM Bug #8056: Bridge + CARP crashes/freezes pfSense
The underlying FreeBSD bug is still open:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=200319
The previous p... Jim Pingle
06:43 AM Bug #8056: Bridge + CARP crashes/freezes pfSense
Confirmed - We have 2 Netgate 8860 1u appliances setup with CARP + Bridge and when upgrading from 2.3.4 to 2.4.2_1 we... Adam Boyhan

01/30/2018

03:49 PM Bug #8304 (Not a Bug): pfSense locks up when Android device connects to L2TP/IPsec VPN that uses forces SHA-256 in phase 2
The two crash reports in the submission from that IP address are different and at very low levels of code in the oper... Jim Pingle
03:43 PM Bug #8304: pfSense locks up when Android device connects to L2TP/IPsec VPN that uses forces SHA-256 in phase 2
Ah, I see. I'm a bit new to bug reporting.
My WAN IP was 158.174.30.59.
I didn't make a Reddit post or anything... Justin Lex
08:32 AM Bug #8304 (Feedback): pfSense locks up when Android device connects to L2TP/IPsec VPN that uses forces SHA-256 in phase 2
Is there a forum thread or reddit post with more detail? There isn't anything that stands out in what you have posted... Jim Pingle
02:04 AM Bug #8304: pfSense locks up when Android device connects to L2TP/IPsec VPN that uses forces SHA-256 in phase 2
I noticed I wasn't 100% clear on the conditions: The Android connection works just fine if I set for MD5 or SHA1 hash... Justin Lex
01:51 AM Bug #8304 (Not a Bug): pfSense locks up when Android device connects to L2TP/IPsec VPN that uses forces SHA-256 in phase 2
Discovered this by trying to follow this tutorial and messing with the encryption settings.
[[https://doc.pfsense.or... Justin Lex
02:03 PM Bug #6263: Encryption options for every P2 on a given P1 are written to each P2 individually inside ipsec.conf with multiple P2 entries + split conn entries
Ran into this bug as well, though it appears to break things if you have too many phase 2 entries. After a certain n... PJ Goodwin
05:46 AM pfSense Packages Bug #8305 (Resolved): acme: "Key Size" value is not passed to acme.sh
Setting a "Key Size" in acme_certificates_edit.php has no effect. This variable is not passed on to the /usr/local/pk... Idar Lund

01/29/2018

06:56 PM Revision e0c3df40: Update OpenVPN wizard with current protocol selection options. Fixes #8298
(cherry picked from commit 7f054ea0b387cd8db372d92e04aed1a9c2ef028a) Jim Pingle
06:55 PM Revision 7f054ea0: Update OpenVPN wizard with current protocol selection options. Fixes #8298
Jim Pingle
05:27 PM Revision 834ac053: Fix a potential encoding issue in diag_system_activity.php. Fixes #8300
(cherry picked from commit c083e1e49af4902d15173d412feebd8b86a616ee) Jim Pingle
05:27 PM Revision f51de9fd: Add input validation to traffic_graphs_widget.php and fix JS encoding. Fixes #8302
(cherry picked from commit e7b5b82b121c76c4c6bf57229bfef0ea3bc33d5b) Jim Pingle
05:26 PM Revision e7b5b82b: Add input validation to traffic_graphs_widget.php and fix JS encoding. Fixes #8302
Jim Pingle
05:26 PM Revision fbcb1046: Re-enable CSRF protection in traffic_graphs_widget.php. Ticket #8301
(cherry picked from commit 9ee5030eecc99dd1e7a747f23870663715dfc21f) Jim Pingle
05:25 PM Revision 9ee5030e: Re-enable CSRF protection in traffic_graphs_widget.php. Ticket #8301
Jim Pingle
05:25 PM Revision 51992270: Fix a potential encoding issue in diag_system_activity.php. Fixes #8300
(cherry picked from commit c083e1e49af4902d15173d412feebd8b86a616ee) Jim Pingle
05:25 PM Revision bd866431: Fix a potential encoding issue in diag_system_activity.php. Fixes #8300
(cherry picked from commit c083e1e49af4902d15173d412feebd8b86a616ee) Jim Pingle
05:24 PM Revision c083e1e4: Fix a potential encoding issue in diag_system_activity.php. Fixes #8300
Jim Pingle
02:24 PM Bug #8303 (Resolved): Undefined Function
While looking over the widgets I noticed in the Gateways widget if you change the display type you get a Javascript e... Anonymous
01:10 PM Bug #8298 (Feedback): OpenVPN Wizard protocol defaults to "UDP IPv4 and IPv6 on all interfaces" causing problems
Applied in changeset commit:7f054ea0b387cd8db372d92e04aed1a9c2ef028a. Jim Pingle
11:40 AM Bug #8302 (Feedback): traffic_graphs.widget.php potential XSS via settings
Applied in changeset commit:e7b5b82b121c76c4c6bf57229bfef0ea3bc33d5b. Jim Pingle
11:23 AM Bug #8302 (Resolved): traffic_graphs.widget.php potential XSS via settings
traffic_graphs.widget.php does not perform input validation on its settings, which can lead to a potential XSS due to... Jim Pingle
11:40 AM Bug #8300 (Feedback): diag_system_activity.php: Potential XSS due to encoding of process output
Applied in changeset commit:c083e1e49af4902d15173d412feebd8b86a616ee. Jim Pingle
11:15 AM Bug #8300 (Resolved): diag_system_activity.php: Potential XSS due to encoding of process output
The @top@ command output is printed to the user without encoding, so if a malicious process is started which contains... Jim Pingle
11:20 AM Bug #8301 (Resolved): Dashboard Widgets may no longer need CSRF disabled
CSRF is deliberately disabled in some widgets stuch as traffic_graphs.widget.php but it's unclear if that is still ne... Jim Pingle
10:25 AM Revision 3b41c8f3: Fix dyndns update with gateway group
Vince C
10:23 AM Bug #7905: OpenVPN Authentication Against Backend Stalls All Server Traffic
I can also add that when two RADIUS servers are declared as backend authenticators and the first on the list fails (e... John Tikis
09:32 AM Bug #6400: assign_interfaces.php issues with large numbers of interfaces
The previous PR was reverted. Current PR is https://github.com/pfsense/pfsense/pull/3896 and it was merged on Jan 17. Jim Pingle
02:42 AM pfSense Packages Feature #8299 (Resolved): acme: ocsp must-staple
The acme.sh client supports ocsp must-staple;
if [ "$Le_OCSP_Staple" ] || [ "$Le_OCSP_Stable" ]; then
_savedo... Idar Lund

01/27/2018

11:28 AM Bug #8298 (Resolved): OpenVPN Wizard protocol defaults to "UDP IPv4 and IPv6 on all interfaces" causing problems
The OpenVPN Wizard's default protocol is "UDP IPv4 and IPv6 on all interfaces (multihome). However, when you are bin... George Phillips
09:39 AM Feature #2358: NAT64 support
UPVOTE!!
at the moment I have to use an external router to do this! Marco Vaschetto

01/26/2018

07:37 PM Revision d69a55e3: Fixed #8297 If user has no page permissions it will automatically log them out so they don't get stuck on the logout page
Stephen Jones
03:35 PM Bug #8297 (Resolved): User with no privileges cannot logout.
Works better now, thanks! Jim Pingle
01:47 PM Bug #8297 (Feedback): User with no privileges cannot logout.
Commit pushed. d69a55e3d647795477606e844f79bb94fc127f24 Anonymous
01:08 PM Bug #8297 (Resolved): User with no privileges cannot logout.
If there is a created user and they have no permissions they will see a page that says: "No page assigned to this use... Anonymous
03:28 PM Bug #7412 (Resolved): rtsold will not run on VLAN interfaces
Looks good now. SG-1000 with a VLAN WAN pulls an IPv6 address and default gateway now, without the "Do not wait for R... Jim Pingle
12:00 PM pfSense Packages Bug #8229: syslog-ng stops parsing logs after logrotate run
Well, tried syslog-ng-3.13.2_1 from http://pkg.freebsd.org/FreeBSD:11:amd64/latest/All/ but that went crazy after a c... Orion Poplawski
10:09 AM Feature #8257: pfSense Diagnostics -> Packet Capture support for loopback interface
Tested build 2.4.3.a.20180126.0706
Navigated to Diagnostics -> Packet Capture
Localhost is available in interfa... James Snell
06:17 AM Bug #8056: Bridge + CARP crashes/freezes pfSense
Confirmed - I can also replicate this easily. CARP on a bridged interface, tested on 2.4.2 and 2.4.2_1 with no change... James Freeman
06:04 AM Revision 82f581d5: Improve the CARP description.
No functional change. Luiz Souza
06:04 AM Revision a9a74b49: Merge pull request #3830 from PiBa-NL/20170925-pppoe-on-carpmaster
Luiz Souza

01/25/2018

06:50 PM Revision 2884600f: Fix syntax error in interfaces.inc
Jim Pingle
05:28 PM Revision 44b1c000: Do no configure the virtual IPs if the parent is disabled.
Ticket #6677 Luiz Souza
03:51 PM Revision fccdc01a: off-by-one fix in an error text.
No functional change. Luiz Souza
02:47 PM Bug #6974 (Feedback): radvd enabled on a disconnected interface kills RA completely on all interfaces
Fixed in radvd-2.17_4.
Disconnected interfaces will be properly ignored. Luiz Souza
02:04 PM pfSense Packages Bug #8291: Auto Config Backup ACB Reports Success on invalid credentials then an error notice is logged
Looks better. Thank you. Chris Linstruth
10:31 AM Bug #8296 (Resolved): status_services.php: AJAX requests via GET can control services without CSRF validation
This looks OK now. It only works via POST and trying to POST without CSRF results in a failure. Jim Pingle
09:57 AM pfSense Packages Bug #8229: syslog-ng stops parsing logs after logrotate run
After switching to use tls for forwarded log traffic this seems even worse. It requires several attempts to restart ... Orion Poplawski
08:06 AM Bug #6677 (Feedback): CARP VIPs are configured on disabled interfaces at boot time
Fixed.
Please check with the next snapshot. Luiz Souza
07:03 AM Bug #7412 (Feedback): rtsold will not run on VLAN interfaces
Should be fixed in the next snapshot.
 Luiz Souza
06:27 AM Bug #6904 (Resolved): PRIQ Queue Priority Limited To 7
Already fixed in 2.4.2-p1. Luiz Souza
06:04 AM Bug #6848 (Resolved): Do not create an IPv4/6 gateway for an interface without according IPv4/6 address
Luiz Souza
06:03 AM Bug #5473 (Resolved): pf_test_state_tcp() crash
I'm closing this bug because I believe it was fixed already.
It was caused by a bug in interface queue use, which ... Luiz Souza
04:37 AM pfSense Packages Bug #8277: ntopng service fails to start on 2.4.3
I could be wrong but libcap is a linux specific library to support capabilities as supported by the linux kernel.
... Guido Falsi
03:19 AM Revision c7027903: Fixed #8296
Steve Beaver

01/24/2018

09:30 PM Bug #8296: status_services.php: AJAX requests via GET can control services without CSRF validation
Applied in changeset commit:c7027903d4ba68cf33d7d601c9a9d2efd476f79f. Anonymous
09:21 PM Bug #8296 (Feedback): status_services.php: AJAX requests via GET can control services without CSRF validation
Anonymous
03:04 PM Bug #8296 (Resolved): status_services.php: AJAX requests via GET can control services without CSRF validation
Using a GET request to status_services.php with a sepcially-crafted URL, services can be controlled by visiting a URL... Jim Pingle
09:08 PM Feature #7781: Please Enable Rule Separators on Manual Outbound NAT
There is a lot of work in this, and even more testing required. It's on my list, but it will probably be a few weeks ... Anonymous
08:40 PM Feature #7781: Please Enable Rule Separators on Manual Outbound NAT
Does anyone know if this will be acknowledged to be added into the interface. With tons of nat rules, it becomes very... Nick K
07:39 PM Revision 97e6ec09: Fixes a bug in primary DHCPD host detection for failover.
Properly detect the master host based on CARP skew at setup time when used with HA. Luiz Souza
02:56 PM Bug #4310 (Feedback): Limiters + HA results in hangs on secondary
The crash is fixed on the last snapshot.
Tests are welcome. Luiz Souza
10:19 AM pfSense Packages Bug #8295 (Closed): syslog-ng logrotates tls files
Issue 3292 is back, because the options in the syslog-ng manual now suggest using option names like "key-file" instea... Orion Poplawski

01/23/2018

02:05 PM Bug #8249 (Resolved): pid 77785 (php-fpm), uid 0, was killed: out of swap space
Luiz Souza
01:14 PM Bug #8249: pid 77785 (php-fpm), uid 0, was killed: out of swap space
Thank you!
Confirmed fixed.
2.4.3-DEVELOPMENT (amd64)
built on Tue Jan 23 04:03:53 CST 2018
FreeBSD 11.1-RELE... Pi Ba
12:18 PM Revision d2a8a7e7: first change for extending mobile connection
christian christian
12:16 PM pfSense Packages Bug #8291 (Feedback): Auto Config Backup ACB Reports Success on invalid credentials then an error notice is logged
Changes pushed. Commit Hash 30b86fd147b2df9eb9f629251066baa0f1f0b386 Anonymous
09:13 AM Bug #8294 (Not a Bug): Icmp redirect doesn't use CARP IP
When you configure two pfsense servers in high availability using CARP, every icmps redirect generated use the physic... Denis Grilli
06:28 AM Feature #8292: IPsec mobile clients with different (virtual) IP addresses by (EAP) identity
pull request on github: https://github.com/pfsense/pfsense/pull/3904 Christian R.
06:17 AM Feature #8292 (Resolved): IPsec mobile clients with different (virtual) IP addresses by (EAP) identity
Extending the mobile clients with IP's on a per user basis / EAP identity. This enables managing different users with... Christian R.
06:21 AM Bug #8293 (Not a Bug): Backup does not store the selected Repo Path
In my 2.3.5_1 (i386) Version of pfsense the firmware branch "Legacy stable version (Security/Errata only 2.3.x)" is s... Joseph Huber
03:30 AM Revision f1dc05b7: Merge pull request #3862 from marjohn56/pfsense
Luiz Souza
01:35 AM Revision 68872169: Fix get_cpu_crypto_support() to not overwrite $cpucrypto_type.
Luiz Souza

01/22/2018

09:46 PM Bug #8200 (Resolved): Set VLAN priority on on dhcp6c packets
Luiz Souza
09:45 PM Bug #8200: Set VLAN priority on on dhcp6c packets
Committed. Thanks! Luiz Souza
07:18 PM pfSense Packages Bug #8291 (Resolved): Auto Config Backup ACB Reports Success on invalid credentials then an error notice is logged
If invalid credentials are provided to Auto Config Backup then Backup Now is pressed, a green bar is presented that s... Chris Linstruth
02:48 PM Bug #8290: filter.inc, make filter_expand_alias_array() return consistent results between first and second call.
Affects: 2.4.2p1 amd64 (and probably previous versions).
Haproxy: 0.55_1 (and probably previous versions).
Progr... Pi Ba
02:45 PM Bug #8290 (Resolved): filter.inc, make filter_expand_alias_array() return consistent results between first and second call.
filter.inc, make filter_expand_alias_array() return consistent results between first and second call.
Currently th... Pi Ba
02:39 PM Bug #8185: status_queues, provide 'realtime' statistics #3792
Works for me :).
Now if someone can change qstats to provide similar numbers that might perform better than the ph... Pi Ba
11:09 AM Bug #8249 (Feedback): pid 77785 (php-fpm), uid 0, was killed: out of swap space
Hm.. I found the leak.
Should be fixed in php56-pfSense-module-0.58.
Thank you! Luiz Souza
10:09 AM Todo #8237 (Resolved): Import netstat kresolve_list() fix from stable/11 to improve performance on some platforms
Luiz Souza
09:56 AM Bug #8273: IPv6 GRE tunnel over PPPoE fails on startup
I don't have a means to test IPv6 over PPPoE, but I tried this with DHCPv6 with LAN set to track and the same behavio... Jim Pingle
07:54 AM Feature #8288 (Duplicate): OpenVPN - configurable keepalive
Duplicate of #3473 Jim Pingle
03:30 AM Feature #8288 (Duplicate): OpenVPN - configurable keepalive
Hi!
It would be nice to have configurable keepalive options instead of hard coded 30/60. Greg M
03:32 AM Feature #8289 (Resolved): OpenVPN - configurable username as common name
Hi!
See here: https://forum.pfsense.org/index.php?topic=136533.msg778977#msg778977
There are use cases and it`s... Greg M

01/19/2018

03:41 PM Bug #8287: /var/unbound/test/unbound_server.pem: No such file or directory
I am unable to reproduce it as well.
This occurred while configuring the DNS Resolver after upgrading to 2.4.2_1.
A... Joseph McGuirl
02:22 PM Bug #8287 (Feedback): /var/unbound/test/unbound_server.pem: No such file or directory
I cannot reproduce this as stated using services_unbound.php on SG-1000 or amd64.
What page do you see this error ... Jim Pingle
12:26 AM Bug #8287 (Not a Bug): /var/unbound/test/unbound_server.pem: No such file or directory
2.4.2-RELEASE-p1 (arm) on SG1000
"The following input errors were detected:
The generated config file cannot be p... Joseph McGuirl
03:34 PM Revision 71cf75cb: Merge pull request #3902 from stensonb/fix-typo
Steve Beaver
10:19 AM Revision 7a55c6ae: Add sysutils/devcpu-data
Renato Botelho
10:18 AM Revision 4b90e927: Add sysutils/devcpu-data
Renato Botelho
10:18 AM Revision bd8f5110: Add sysutils/devcpu-data
Renato Botelho
10:17 AM Revision 83aef0ec: Add sysutils/devcpu-data
Renato Botelho
09:35 AM Revision 19e87bb3: fix typos
Bryan Stenson
12:22 AM Bug #6442: DNS Resolver - error
2.4.2-RELEASE-p1 (arm) on SG1000
"The following input errors were detected:
The generated config file cannot be p... Joseph McGuirl

01/18/2018

02:59 PM Bug #8249: pid 77785 (php-fpm), uid 0, was killed: out of swap space
Memory usage of pfSense_getall_interface_addresses("em0")... Pi Ba
12:54 AM Bug #8276: Virtual IPs considered primary when using interface tracking for ipv6
The problem of pfsense considering a VIP over the actual tracked interface IPv6 and never switching is still an issue... Jupiter Vuorikoski

01/17/2018

11:43 PM Feature #8286 (Duplicate): IPsec on Multiwan fail back to Tier1 WAN after it is back UP
IPsec is running on a top of failover gateway group interface. DynDNS client entry updates on behalf of failover gate... Vladimir Lind
10:05 PM Revision b1c01d80: Merge pull request #6400 from loonylion/master
Steve Beaver
06:06 PM Bug #8249: pid 77785 (php-fpm), uid 0, was killed: out of swap space
Ok found at least part of the leak / function call causing it (on my development/test machine)..
Running the code ... Pi Ba
04:04 PM Bug #8231 (Closed): Undefined function while restoring config from older version
Anonymous
03:48 PM Bug #8231: Undefined function while restoring config from older version
I can't close this, but it has been fixed with this commit: https://github.com/pfsense/pfsense/commit/61b6c22a5082eb6... Alistair Francis
12:24 PM Revision 61b6c22a: Merge pull request #3898 from alistair23/alistair/master
Steve Beaver

01/16/2018

08:08 PM Bug #8285 (New): Actions on stale data may result in catastrophic results
It seems that a number of pages in pfSense use links that specify only the index of an item in its category rather th... Mahmoud Al-Qudsi
07:15 PM Revision 8d403391: Change sshd compression to 'delayed' to match current FreeBSD default. Fixes #8245
(cherry picked from commit 4cad9a5bd1666c9bd5ce32b82f9b897dbbe5a5bf) Jim Pingle
07:15 PM Revision 3c73e81d: Change sshd compression to 'delayed' to match current FreeBSD default. Fixes #8245
(cherry picked from commit 4cad9a5bd1666c9bd5ce32b82f9b897dbbe5a5bf) Jim Pingle
07:15 PM Revision 08bdeb89: Change sshd compression to 'delayed' to match current FreeBSD default. Fixes #8245
(cherry picked from commit 4cad9a5bd1666c9bd5ce32b82f9b897dbbe5a5bf) Jim Pingle
07:15 PM Revision 4cad9a5b: Change sshd compression to 'delayed' to match current FreeBSD default. Fixes #8245
Jim Pingle
05:05 PM Revision 900663a4: Add an update source control to RFC2136 dynamic DNS updates. Implements #8278
Jim Pingle
04:07 PM Revision 99f41354: Add localhost to list of interfaces for packet capture. Implements #8257
(cherry picked from commit 618faaf26212de6d2d44627bbe41f0a683f34bed) Jim Pingle
04:07 PM Revision 618faaf2: Add localhost to list of interfaces for packet capture. Implements #8257
Jim Pingle
03:28 PM Bug #8113: MTU setting on bridge, openvpn clients ignored
It's not immediately clear to me what you are doing here. What interfaces make up the bridge? OpenVPN tap (layer2 end... Braden McGrath
03:03 PM Revision 3980a797: Add ospf6d to routing logs.
(cherry picked from commit 163255d64c021508224140f08fb2c261265e465e) Jim Pingle
03:03 PM Revision 36d53a87: Add ospf6d to routing logs.
(cherry picked from commit 163255d64c021508224140f08fb2c261265e465e) Jim Pingle
03:03 PM Revision 1b756c3c: Add ospf6d to routing logs.
(cherry picked from commit 163255d64c021508224140f08fb2c261265e465e) Jim Pingle
03:02 PM Revision 163255d6: Add ospf6d to routing logs.
Jim Pingle
02:08 PM Bug #4031 (Feedback): Notifications mail bomb in some gateway failure circumstances
PR 3768 was merged a while back and it's working well. Could use some additional testing/feedback but it looks good t... Jim Pingle
02:05 PM Bug #6318 (Resolved): IPsec dashboard widget causes GUI failure
This appears to be fixed by other changes to the IPsec status code in recent versions. No new reports of this being c... Jim Pingle
02:02 PM pfSense Packages Bug #6690 (Feedback): SURICATA IPS Issue - Kills VLANS & Traffic Shaper
Still waiting on feedback/new testing on current versions of pfSense and suricata Jim Pingle
01:59 PM Bug #6848 (Feedback): Do not create an IPv4/6 gateway for an interface without according IPv4/6 address
PR was merged several weeks ago Jim Pingle
01:57 PM Bug #7079 (Feedback): ClamAV C-ICAP causing Kernel Panic and System Crash
Still waiting on testing/confirmation feedback on a current version Jim Pingle
01:50 PM Bug #7439 (Feedback): IKE_SA (IKEv2) does not rekey on break before make startegy, just issues IKE_DELETE and connection is closed
We need confirmation that this is still a problem on current versions of strongSwan Jim Pingle
01:42 PM Bug #8249: pid 77785 (php-fpm), uid 0, was killed: out of swap space
I can make a new patch so its back to max 500 requests before a child process is forcibly restarted, although martin ... Chris Collins
01:30 PM Todo #8245 (Feedback): use delayed compression for sshd
Applied in changeset commit:4cad9a5bd1666c9bd5ce32b82f9b897dbbe5a5bf. Jim Pingle
01:27 PM Bug #7735: Switching to wildcard cert fails until reboot
I don't have access to a wildcard certificate to verify this but it's unlikely to be related. Changing a certificate ... Jim Pingle
01:23 PM Bug #7634: When restoring from USB during install, if the config file contains RRD data, the final config.xml on the system will also contain all the RRD infomation
FYI- The PFI/Restore feature was put back in the installer, but this RRD issue likely still persists. It needs retest... Jim Pingle
01:21 PM Bug #7607 (Resolved): Chelsio T4/T5 CXGBE drivers not loaded as ALTq capable in the PfSense UI
Fixed in commit:0ea7b83e8e976469c926140af76a2d29ab0f57a6
See also: #6830 Jim Pingle
12:57 PM Bug #8125: gateway 502 errors proposed fix for high ram systems
Could be a potential problem with the solution in the PR, see #8249 Jim Pingle
12:51 PM Bug #8125 (Feedback): gateway 502 errors proposed fix for high ram systems
PR https://github.com/pfsense/pfsense/pull/3881 was merged a few weeks ago Jim Pingle
12:57 PM Bug #8201 (Duplicate): 502 gateway issues Increase FPM process availability in high ram systems
Duplicate of #8125 Jim Pingle
12:49 PM Bug #8119 (Not a Bug): Site to Site IPsec On a VM Not Routing
Seems more like a configuration issue. pfSense doesn't care if it's running on a VM or bare metal, IPsec wouldn't hav... Jim Pingle
12:48 PM Bug #8117 (Not a Bug): IPSec statuspage shows both connected and connecting tunnel
Given the output I'm not sure it's a bug at all. The main connection could accept another remote, given its configura... Jim Pingle
12:43 PM Bug #8183 (Feedback): pkg, fix, reinstall missing package #3866
PR was merged a few weeks ago Jim Pingle
12:42 PM Bug #8185 (Feedback): status_queues, provide 'realtime' statistics #3792
PR was merged a few weeks ago Jim Pingle
12:41 PM Bug #8182 (Feedback): Support shutdown scripts in /usr/local/etc/rc.d
PR was merged a few weeks ago Jim Pingle
12:36 PM Bug #8276: Virtual IPs considered primary when using interface tracking for ipv6
I'm not sure we've ever officially endorsed that type of setup. The behavior is at best undefined. It's going to need... Jim Pingle
11:20 AM Feature #8278 (Feedback): Add control for source address of RFC2136 updates
Applied in changeset commit:900663a44f41de0af780614df18cc432f8c9eaab. Jim Pingle
10:20 AM Feature #8257 (Feedback): pfSense Diagnostics -> Packet Capture support for loopback interface
Applied in changeset commit:618faaf26212de6d2d44627bbe41f0a683f34bed. Jim Pingle

01/15/2018

08:37 PM Revision 8dc33488: Merge pull request #3889 from kangtastic/master
Steve Beaver
08:37 PM Revision f5d55ac6: Merge pull request #3899 from PiBa-NL/20180111-bootup-step-messages
Steve Beaver
08:36 PM Revision 0fc473ad: Merge pull request #3900 from PiBa-NL/20180111-pf-busy
Steve Beaver
08:35 PM Revision d23d1a06: Merge pull request #3901 from earlchew/issue-7357
Steve Beaver
03:25 PM pfSense Packages Bug #8281: letsencrypt cert ca isn't recognised by openvpn client
No. It already works fine with all other services that we're aware of, including HAProxy.
 Jim Pingle
03:19 PM pfSense Packages Bug #8281: letsencrypt cert ca isn't recognised by openvpn client
you're right, It's better using own CA for private vpn
but the issue is about ACME client to put the bundled LE CA... dhia eddine
10:27 AM pfSense Packages Bug #8281 (Rejected): letsencrypt cert ca isn't recognised by openvpn client
Never use a public/globally trusted cert with your VPN. You will allow anyone anywhere with a cert from the same CA a... Jim Pingle
10:20 AM pfSense Packages Bug #8281 (Rejected): letsencrypt cert ca isn't recognised by openvpn client
using LE generated cert for openvpn config
openvpn client can't connect stopping at... dhia eddine
03:24 PM Feature #8284 (Duplicate): Add duplicate option next to OpenVPN servers and clients
It would be very convenient to have a "duplicate" icon next to OpenVPN servers and clients list. Just like the one ne... Ivor Kreso
03:13 PM Bug #7413: status_dhcpv6_leases.php: Some DHCPv6 leases are not displayed in the GUI
The PR has been updated with a second patch addressing the
requested changes and includes further amends e.g. visual... Anders Lind
11:47 AM Bug #8283 (Rejected): multi-wan gateway group with openvpn clients
Prereqs:
1) Need at least 3+ VPN providers
2) at least one of the VPN providers needs to use the TLS private key co... Jon James
10:42 AM Bug #8282 (Resolved): Enabling CODELQ on virtual interface VLAN crashes appliance
I was working to reduce buffer bloat on a client's SG-4860 and I enabled CODELQ on a virtual interface for one of the... Ben Pike
04:51 AM Bug #8280 (Duplicate): Captive Portal Voucher Sync
Hi all,
we just got back from a debug session of a client, which had problems with Voucher Sync of the CP instance... Jens Groh

01/14/2018

09:52 PM Revision f95579a6: Follow-up to syntax, file order and other changes
Notes:
* Those able to check a proper failover configured system please check if
the Pool Staus table shows up in the... Anders Lind
03:04 PM pfSense Packages Feature #8279: Consider adding a new option to the Rule Order
Use case for illustration:
There are two rules to make sure that LAN IPs access pfSense router DNS and not be able... Yuri Weinstein
12:56 PM pfSense Packages Feature #8279 (New): Consider adding a new option to the Rule Order
There are situations when firewall rules order should be either preserved (kept unchanged) or when pfSense rules are ... Yuri Weinstein
04:34 AM Revision 247f5719: [services_dyndns_edit] Clarify use of @ for Cloudflare
Add GUI prompts corresponding to #7357 that allows users to
enter @ for the hostname, and have it replaced with an em... Earl Chew
02:35 AM Bug #8276: Virtual IPs considered primary when using interface tracking for ipv6
This affects the dhcpv6 server as well. Logic needs to be applied to never consider a VIP a primary address. Jupiter Vuorikoski

01/13/2018

05:00 PM pfSense Packages Bug #8277: ntopng service fails to start on 2.4.3
By the way, I think there's an additional issue in that this warning is triggered on start up:
ntopng has not been... Andrew -
04:51 PM pfSense Packages Bug #8277: ntopng service fails to start on 2.4.3
Thanks. Yes, looking at the ntopng prefs.cpp on GitHub it looks like that command line option has been removed in 3.2... Andrew -
04:01 PM pfSense Packages Bug #8277: ntopng service fails to start on 2.4.3
maybe find some help in forums? https://forum.pfsense.org/index.php?topic=142576.0 Michael Kellogg
05:50 AM pfSense Packages Bug #8277 (Resolved): ntopng service fails to start on 2.4.3
Since the upgrade of the ports tree to ntopng-3.2.2017.12.06, the ntopng service no longer starts.
The system log ... Andrew -
03:26 PM Feature #8278 (Resolved): Add control for source address of RFC2136 updates
Using the local directive in the nsupdate can cause breakage in certain scenarios where the source address of the upd... Chris Linstruth
01:22 AM Bug #8276 (Duplicate): Virtual IPs considered primary when using interface tracking for ipv6
On boot, if you have VIPs configured on an interface that uses interface tracking for its primary IP, the primary ipv... Jupiter Vuorikoski

01/12/2018

07:56 PM Revision c8c7b243: Fix certificate SAN input validation so it does not improperly allow an IP address when FQDN is selected. Fixes #8275
(cherry picked from commit 19a1cf348b07dbaf8fe4d81b8cfc8292b61fd8c3) Jim Pingle
07:56 PM Revision 6a95ae60: Fix certificate SAN input validation so it does not improperly allow an IP address when FQDN is selected. Fixes #8275
(cherry picked from commit 19a1cf348b07dbaf8fe4d81b8cfc8292b61fd8c3) Jim Pingle
07:50 PM Revision 6314fbba: Fix certificate SAN input validation so it does not improperly allow an IP address when FQDN is selected. Fixes #8275
(cherry picked from commit 19a1cf348b07dbaf8fe4d81b8cfc8292b61fd8c3) Jim Pingle
07:49 PM Revision 19a1cf34: Fix certificate SAN input validation so it does not improperly allow an IP address when FQDN is selected. Fixes #8275
Jim Pingle
02:29 PM pfSense Packages Bug #8269 (Resolved): Passing an invalid RRD file to rrd_fetch_json.php via the left= parameter in POST prints the supplied name to the user without encoding
All branches have updated packages and they are all working as expected with the fix in place. Jim Pingle
02:10 PM Bug #8275 (Feedback): Input validation for Certificate SAN (Subject Alternative Name) allows IP addresses to be entered when FQDN/Hostname is selected
Applied in changeset commit:19a1cf348b07dbaf8fe4d81b8cfc8292b61fd8c3. Jim Pingle
02:03 PM Bug #8275: Input validation for Certificate SAN (Subject Alternative Name) allows IP addresses to be entered when FQDN/Hostname is selected
I'm sorry, I completely missed that there's a dropdown that can be used to specify the record type. Mahmoud Al-Qudsi
01:32 PM Bug #8275: Input validation for Certificate SAN (Subject Alternative Name) allows IP addresses to be entered when FQDN/Hostname is selected
The user specifies the SAN type when making entries in the SAN list. If you choose "IP Address" it makes proper entri... Jim Pingle
01:23 PM Bug #8275 (Resolved): Input validation for Certificate SAN (Subject Alternative Name) allows IP addresses to be entered when FQDN/Hostname is selected
As we're all aware, changes to how Chrome (and possibly other browsers in the future) disregard the common name field... Mahmoud Al-Qudsi
02:00 PM Feature #7618: Add support for user-supplied Host-Uniq tag and handle PADM messages in Netgraph PPPoE
We’ll pull the support for this in as soon as FreeBSD accepts it. (It’s too big to carry.) Jim Thompson
08:38 AM pfSense Packages Bug #8214 (Resolved): HOME_NET includes all locally attached Networks
Renato Botelho
08:06 AM pfSense Packages Bug #8214: HOME_NET includes all locally attached Networks
This bug has been resoved in version 4.0.3 of the Suricata package which was moved to release January 12, 2018.
Bill Bill Meeks

01/11/2018

09:50 PM Revision a0f991ec: openvpn, clear route also for /31 for ptp interfaces
Pi Ba
08:57 PM Revision 66e6198f: pf, device-busy, add another item DIOCADDRULE to the list of results to retry
Pi Ba
08:27 PM Revision 1da0c794: bootup, add information about what bootup step is being done
Pi Ba
04:57 PM Feature #8274 (New): Reverse Inverse Traffic Graph View
The live traffic graph inverse view (on the dashboard and in status - traffic graph) by default shows inbound traffic... Mike Gittelman
04:42 PM Revision 3a48e238: Kernel modules failed to build as non-root
Renato Botelho
04:16 PM Bug #8249: pid 77785 (php-fpm), uid 0, was killed: out of swap space
Some fresh numbers from a clean install, wan(dhcp)/lan(static) ssh enabled and thats it..:
After reboot 27MB per pro... Pi Ba
12:39 PM Bug #8249: pid 77785 (php-fpm), uid 0, was killed: out of swap space
p.s. As for widget refresh every second.. thats normal.. once a second 'a' widget is refreshed.. delete all your othe... Pi Ba
12:36 PM Bug #8249: pid 77785 (php-fpm), uid 0, was killed: out of swap space
I might have edited some things.. (its my pfSense testmachine i also develop things on..) so i cant tell for sure if ... Pi Ba
07:22 AM Bug #8249: pid 77785 (php-fpm), uid 0, was killed: out of swap space
I created the original patch to increase the fpm processes, and my processes dont use anywhere near 500meg of ram res... Chris Collins
09:16 AM Bug #8273 (Confirmed): IPv6 GRE tunnel over PPPoE fails on startup
I have a XS4ALL FTTH pppoe connection that provides IPv6. IPv6 works perfectly, however GRE doesn't during initializa... Wagner Sartori Junior
09:15 AM pfSense Packages Bug #7462: HAproxy not rebinding properly after WAN DHCP IP change
I am experiencing the same issue on 2.4.2-RELEASE-p1 with HAproxy 0.54_2. I have changed frontend binding from "WAN a... Michael Duller
08:19 AM Todo #8270: Fix grammatically erroneous repetition
Redundancies from acronyms can be annoying at times, and other times necessary due to familiar terminology or technic... Jim Pingle

01/10/2018

10:03 PM Bug #8271 (Closed): <sendpacket> sendmsg on cpsw0: Permission denied
My connectionion went down today. I'm waiting to hear from ISP to see if it's the PPoE server on their end. While tro... Jeffrey Davis
05:41 PM Revision af17dba1: Fixed #8268
Steve Beaver
04:58 PM Revision 498f7e20: Add an option to push a gatewy address to bridged tap clients. Implements #8267
Jim Pingle
04:06 PM Todo #8270 (New): Fix grammatically erroneous repetition
The pfSense web interface has some grammatically incorrect repetition due to, what I suspect to be, a very lackadaisi... Maxwell Cody
03:27 PM pfSense Packages Bug #8269 (Feedback): Passing an invalid RRD file to rrd_fetch_json.php via the left= parameter in POST prints the supplied name to the user without encoding
Fixed pushed to 2.4.x and 2.3.x
pfSense/FreeBSD-ports
devel: commit https://github.com/pfsense/FreeBSD-ports/co... Jim Pingle
03:02 PM pfSense Packages Bug #8269 (Resolved): Passing an invalid RRD file to rrd_fetch_json.php via the left= parameter in POST prints the supplied name to the user without encoding
Passing an invalid RRD file to rrd_fetch_json.php via the left= parameter in POST prints the supplied name without en... Jim Pingle
12:42 PM Bug #7604: Bug #6594 is not resolved: Waiting for Internet connection to update pkg metadata and finish package reinstallation
Can't believe this is still a issue. :( At the very least can we just decrease the timeout to like 3mins? I would thi... Adam Piasecki
11:50 AM Bug #8268: RAMdisk warning pop-up appears when no changes have been made
Applied in changeset commit:af17dba166c9dda46a1974841a6cb0ad44af397c. Anonymous
11:49 AM Bug #8268 (Feedback): RAMdisk warning pop-up appears when no changes have been made
Resolved by correcting before/after logic Anonymous
11:39 AM Bug #8268 (Resolved): RAMdisk warning pop-up appears when no changes have been made
https://forum.pfsense.org/index.php?topic=141402.new;topicseen#new
Looks like an error introduced in PR #3776 Anonymous
11:10 AM Feature #8267 (Feedback): OpenVPN tap bridge configurations without a tunnel network need a route-gateway for routes/redirects
Applied in changeset commit:498f7e20b630ae1429c1e6892402a0256e8859ba. Jim Pingle
10:57 AM Feature #8267 (Resolved): OpenVPN tap bridge configurations without a tunnel network need a route-gateway for routes/redirects
When using a bridged tap configuration, routing through tap to the Internet or other subnets outside of the bridged i... Jim Pingle
01:16 AM Revision 3048dd47: upgrade_config.inc: Remove all restore_rrd() calls
Commit 0869605131ba3e5d7e502af7a799e54f27d2e7f6 removed the
restore_rrd() function. To avoid errors when restoring ol... Alistair Francis

01/09/2018

07:56 PM Bug #8231: Undefined function while restoring config from older version
I sent a PR to fix this: https://github.com/pfsense/pfsense/pull/3898 Alistair Francis
04:33 PM Revision 016260fe: Fixed #8266 by removing JS alerts
Steve Beaver
03:51 PM Bug #8150: upgrade from 2.3* to 2.4* caused new self signed ssl cert to be selected for WebConfig
Who's arguing? No me.
I was trying to point out that something was not working "quite right". Trying to help.
... Oliver Schonrock
03:46 PM Bug #8150: upgrade from 2.3* to 2.4* caused new self signed ssl cert to be selected for WebConfig
Arguing won't help anyone. You won't convince anyone by acting that way, and there is nothing to "win". Clearly you a... Jim Pingle
03:26 PM Bug #8150: upgrade from 2.3* to 2.4* caused new self signed ssl cert to be selected for WebConfig
> I use ACME/Let's Encrypt certs where the certificate has SANs for both nodes + hostname(s) for the CARP VIP, and it... Oliver Schonrock
02:57 PM Bug #8150: upgrade from 2.3* to 2.4* caused new self signed ssl cert to be selected for WebConfig
I use ACME/Let's Encrypt certs where the certificate has SANs for both nodes + hostname(s) for the CARP VIP, and it w... Jim Pingle
02:49 PM Bug #8150: upgrade from 2.3* to 2.4* caused new self signed ssl cert to be selected for WebConfig
Just to clarify...no certs are generated on the pfsense machines here...These are proper certs signed by a CA. Would ... Oliver Schonrock
02:26 PM Bug #8150: upgrade from 2.3* to 2.4* caused new self signed ssl cert to be selected for WebConfig
It's still not a bug. You didn't update the certificate on the secondary properly. The two units share a certificate ... Jim Pingle
01:57 PM Bug #8150: upgrade from 2.3* to 2.4* caused new self signed ssl cert to be selected for WebConfig
Please reopen this bug, because I have managed to reproduce it with more detail.
While replacing the SSLs on this ... Oliver Schonrock
10:40 AM Bug #8266 (Feedback): Bogus error message occurs on killing OPenVPN connection
Applied in changeset commit:016260fe433772839a06233d821992808d80f8cd. Anonymous
10:31 AM Bug #8266 (Resolved): Bogus error message occurs on killing OPenVPN connection
https://forum.pfsense.org/index.php?topic=139073.0 Anonymous
01:44 AM Bug #8265: Relayd port range (alias) not working
Tanks for the explanation. That is a good idea, because in the gui it says "A port alias listed in Firewall -> Aliase... Kilian Ries

01/08/2018

06:50 PM Revision 87489e5c: re-adding changes made to fix bug#6400, includes fixes for bug#8222 and bug#8223 that were introduced with the initial commit of this code.
original pull request was #3868 Peter Schofield
03:53 PM Bug #8265: Relayd port range (alias) not working
relayd does not support port ranges, only single ports, but there isn't any input validation that checks for that inv... Jim Pingle
03:38 PM Bug #8265 (Closed): Relayd port range (alias) not working
Hi,
i just configured a load balancer via relayd and used a port range which i defined via the firewall - alias ta... Kilian Ries
03:52 PM Bug #3330: Load Balancer showing wrong Status when using aliases for the port
Can confirm it is still present in 2.4.2-RELEASE-p1 (amd64). This is really sad, the bug exists for more than 4 years... Kilian Ries
09:26 AM pfSense Packages Bug #8264 (New): Radiusd restart on WAN change results in freeradius not running (and possible solution)
With a PPPoE WAN that sometimes goes down and up, we found each time the radius service stopped.
Our guess is that... Silvio Massina

01/07/2018

04:29 PM Feature #8187: Gateways, allow for configuring a gatewaygroup as the default gateway. #3781
Progress: 100% Pi Ba
02:26 PM Bug #8263 (New): Cannot create a nonlinear `Link Share` service curve because of: "the sum of the child bandwidth higher than parent"
*Problem:*
* Cannot create a nonlinear service curve using `m1` and `d` variables with HFSC Scheduler. Traffic shape... Tom Misztur
 

Also available in: Atom