Activity

30 days up to

User

Subprojects

Activity

From 03/13/2018 to 04/11/2018

04/11/2018

09:40 PM Bug #8453 (Not a Bug): NAT reflection can't work when NAT port faword set Destination port range: NAT reflection can't work when NAT port forward set Destination port range.
it can work when setting single NAT p... wisn gsiw
06:35 PM Bug #8417 (Resolved): IPv6 bogon list size now too large to fit in standard maximum table size: Jim Pingle
06:13 PM Bug #8417: IPv6 bogon list size now too large to fit in standard maximum table size: Tested on pfSense CE version: 2.4.4 Built On: Wed Apr 11 14:31:44 CDT 2018 .. after upgrading from 2.4.2. Nothing wro... Anonymous
04:19 PM Bug #8452 (Closed): PPPoE :: Interfaces > WAN: [PPPoE Configuration] Service name :: colon not allowed (invalid character): I have noticed that a colon is not allowed in the "Service name" of a PPPoE configuration under "Interface > WAN".
O... Bouke Henstra
01:15 PM Todo #8451 (Resolved): System Information dashboard widget - Kernel PTI toggle: When editing the System Information dashboard widget, all sections of the widget can be toggled on or off. Since the ... Clinton Cory
02:11 AM Bug #8450: High Availability Sync / xmlrpc.php removes "remote system username" on backup cluster member: OK now we're getting somewhere. I can confirm that there is something to look at here regarding syncing users from th... Chris Linstruth
01:56 AM Bug #8450: High Availability Sync / xmlrpc.php removes "remote system username" on backup cluster member: No, the xmlrpcsync user does not exist on the primary. However, since the "user manager users and groups" checkbox is... Alex S
12:51 AM Bug #8450: High Availability Sync / xmlrpc.php removes "remote system username" on backup cluster member: Does the xmlrpcsync user exist on the primary?
I use a custom user (xmlrpc) for this and it survived the upgrade, ... Chris Linstruth
12:28 AM Bug #8450 (Resolved): High Availability Sync / xmlrpc.php removes "remote system username" on backup cluster member: Two-member cluster:
- Primary: upgraded from 2.4.2-p1 to 2.4.3 using the GUI
- Backup: issue occurs both after an u... Alex S

04/10/2018

08:05 PM Bug #8076: User can easily apply an unusable interface configuration after restore: This is exasperated by the fact that in previous versions of pfSense when you got the "reassign interfaces" page afte... Nate Cartwright
05:47 PM Revision 6ad146e0: Reword bogon block size error text. Ticket #8417: Jim Pingle
01:28 PM Bug #7443: Issues Creating IPv6 Static Mappings: The actual lease works now, so now I am just basically verifying the original bug report. Its cosmetic only but I agr... Chris Collins
12:10 PM Bug #7443: Issues Creating IPv6 Static Mappings: Did this ever get fixed? I ended up at this page trying to diagnose static ipv6 mappings.
I have configured static... Chris Collins
01:08 PM pfSense Packages Bug #8440 (Not a Bug): Suricata 4.0.4_1 disablesid.conf does not disable rule?: Jim Pingle
12:58 PM pfSense Packages Bug #8440: Suricata 4.0.4_1 disablesid.conf does not disable rule?: This is not a bug. The rule being triggered was a flowbit rule. Therefore, the disablesid.conf could not disable the ... Raffi T
08:17 AM Bug #8410 (Resolved): unable to use registered services by name and unable to define aliases for registered services using their name: Jim Pingle
08:17 AM Bug #8409 (Resolved): pfsense alias complains about well known name for non well known port: Jim Pingle
03:31 AM Bug #8448: Log size modification broken: In addition, -after three consecutive size changes- when you start with a very large number, the file doesn't stop gr... Alexandre Pétillon
12:48 AM Revision 41270b74: Delete loader.conf.local: Peter Berbec
12:48 AM Revision 3173cf70: Delete IF_URNDIS.KO: Peter Berbec
12:48 AM Revision c344add2: rename: Peter Berbec
12:47 AM Revision 072e0e93: Create loader.conf.locat: Peter Berbec
12:46 AM Revision a397fd7a: ndis driver: Peter Berbec
12:16 AM Bug #8426: Mobile IPSec login not working after upgrade from 2.4.2p1: Seeing the same error ("The VPN Shared Secret is incorrect.") on iOS. Exact same config worked before the update to 2... Daniel Becker

04/09/2018

08:32 PM Revision aa20508d: Correct text and help for new SSH key/pass options. Ticket #8402: Jim Pingle
08:18 PM Revision a2405c1a: Correct text for reserved alias name checks against protocols and services. Fixes #8409: Jim Pingle
08:11 PM Revision 885e9b2a: Correct pconfig_to_address() so its logic matches the input validation used for checking port numbers. Fixes #8410: Jim Pingle
07:37 PM pfSense Packages Bug #8425: telegraf not reporting memory: Can confirm this same behavior. An upstream bug was also filed: https://github.com/influxdata/telegraf/issues/3750 Chipster Cuch
07:26 PM Bug #8410: unable to use registered services by name and unable to define aliases for registered services using their name: Tested on latest 2.4.4 CE snapshot gitsync'd to master, works as expected. Setting port to other and using the name, ... Anonymous
03:20 PM Bug #8410 (Feedback): unable to use registered services by name and unable to define aliases for registered services using their name: Applied in changeset commit:885e9b2a1df256f4d50367f96b4d39c1106b2448. Jim Pingle
03:09 PM Bug #8410: unable to use registered services by name and unable to define aliases for registered services using their name: @is_port()@ from /etc/inc/util.inc tests a string against known services by name to determine validity, not just numb... Jim Pingle
07:15 PM Bug #8409: pfsense alias complains about well known name for non well known port: Tested on latest 2.4.4 CE snapshot gitsync'd to master, works as expected. Anonymous
03:30 PM Bug #8409 (Feedback): pfsense alias complains about well known name for non well known port: Applied in changeset commit:a2405c1a8c366e1ad2ececd4f62c577eed31ab7c. Jim Pingle
04:01 PM pfSense Packages Bug #8438: haproxy: can't use ACL for cert with http-response actions: The haproxy_config_init() is a new function added in the second last commit. Not sure why that wouldn't exist after u... Pi Ba
03:41 PM pfSense Packages Bug #8438: haproxy: can't use ACL for cert with http-response actions: Updated and tested all of the above - looks alright.
Only right after the update I encountered one issue:
- I was... Petr H
12:39 PM pfSense Packages Bug #8438: haproxy: can't use ACL for cert with http-response actions: Okay 0.56 haproxy-devel package is available now through normal pfSense packages. If you can check 'everything' now w... Pi Ba
03:59 PM Bug #8447 (Resolved): Cannot change Gateway in Firewall > Rules: Confirmed here as well. It works as it should now. Switching to IPv4+IPv6 disables the gateway edit control, then swi... Jim Pingle
01:01 PM Bug #8447: Cannot change Gateway in Firewall > Rules: Tested on latest CE snapshot gitsynced to master, works as expected. Editing an IPv4+IPv6 rule's gateway is possible ... Anonymous
09:20 AM Bug #8447: Cannot change Gateway in Firewall > Rules: Applied in changeset commit:1d523d1e4e7b16519ed3fd9dfb9e6b4dd84b4285. Anonymous
09:07 AM Bug #8447 (Feedback): Cannot change Gateway in Firewall > Rules: Should be fixed in the next snapshot. Please confirm here. Anonymous
07:23 AM Bug #8447 (Confirmed): Cannot change Gateway in Firewall > Rules: Confirmed here, too. Create a new rule, Gateway is changeable. Set Address Family to IPv4+IPv6, Gateway field is disa... Jim Pingle
12:05 AM Bug #8447: Cannot change Gateway in Firewall > Rules: Looking at it more there is something here, but it takes more steps to duplicate than you provided.
It works if yo... Chris Linstruth
03:36 PM Feature #8402 (Resolved): SSH2 Enforced Key and Username+Password Authentication...: I made some alterations to the text, cosmetic only. I made sure all the options work as expected here after, looks go... Jim Pingle
01:09 PM Feature #8402: SSH2 Enforced Key and Username+Password Authentication...: New options show up and each works as expected on latest 2.4.4 CE snapshot gitsync'd to master. Anonymous
02:25 PM Revision 96fa3e36: Cleaner fix for ##8447: Steve Beaver
02:17 PM Revision 62ea1dbd: Merge pull request #3904 from Hobby-Student/master: Steve Beaver
02:06 PM Revision 1d523d1e: Fixed #8447: Steve Beaver
01:25 PM Revision b20cfb55: Replace incomplete list of pf reserved words with a list of pf tokens pulled from the pf source. Fixes #8445: Also, move the list to a central location so it does not need to be duplicated. Jim Pingle
01:03 PM Bug #8445 (Resolved): creating an alias named "log" breaks rule processing: Jim Pingle
12:58 PM Bug #8445: creating an alias named "log" breaks rule processing: Tested on latest 2.4.4 CE snapshot gitsync'd to master, works as expected. Anonymous
08:40 AM Bug #8445 (Feedback): creating an alias named "log" breaks rule processing: Applied in changeset commit:b20cfb55125207e21d81a29a107ea77230fbc7fb. Jim Pingle
08:28 AM Bug #8445: creating an alias named "log" breaks rule processing: The list of pf keywords was a lot shorter than it should be, but there isn't a documented list that I could see.
I... Jim Pingle
07:33 AM Bug #8445 (Confirmed): creating an alias named "log" breaks rule processing: It's a reserved keyword in pf but isn't in the list.
Jim Pingle
01:02 PM Todo #8423 (Resolved): Update SimplePie to 1.5.1: Jim Pingle
12:27 PM Todo #8423: Update SimplePie to 1.5.1: Works as expected on 2.4.4.a.20180409.0622. Anonymous
12:04 PM pfSense Packages Bug #8449: FRR 4.0 zebra daemon crashes: Looks like this isn't just specific to BGP. In the forum thread linked above, it is happening on multiple amd64 VMs t... Jim Pingle
11:44 AM pfSense Packages Bug #8449 (Resolved): FRR 4.0 zebra daemon crashes: The zebra daemon in FRR 4.0 won't stay running with a BGP configuration. It crashes on startup. OSPF alone seems to b... Jim Pingle
11:25 AM Bug #8408 (Resolved): invalid rule written due to ipv6 ipalias being present: Problematic test cluster has no errors on a snapshot containing the fix. Looks good here. Jim Pingle
09:11 AM Bug #8448 (Closed): Log size modification broken: From UI, status_log_filter.php.
I want to increase the size of filter.log from 500K to 5G (as an example).
From... Alexandre Pétillon
07:38 AM Feature #8030 (Resolved): Unbound: Add support for DNS over TLS to internal clients: Jim Pingle
07:37 AM Bug #8391 (Resolved): OpenVPN Wizard creates WAN rule with TCP4 instead of protocol TCP, it creates error when loading firewall rules: Jim Pingle
07:36 AM Bug #8444 (Not a Bug): ovpnc as upstream dhcp relay interface: Yeah that does appear to be a limitation. For a site to site, tap should work the same as tun in most cases though, s... Jim Pingle
07:33 AM Bug #8426: Mobile IPSec login not working after upgrade from 2.4.2p1: Yes, I can confirm this issue. Mobile Client ("Roadwarrior") IPSec access no longer works after upgrading to 2.4.3 (w... Jay2k1 *
06:01 AM Feature #8140: Feature Request: Zone Firewall between interfaces: It is high time to move away from interface-based firewalling and move to zone-based firewalling. Zone-based firewall... Jupiter Vuorikoski

04/08/2018

11:54 PM Bug #8447: Cannot change Gateway in Firewall > Rules: Are you sure you are not creating an IPv4+IPv6 rule? You cannot (and have never been able to) set a gateway on those.... Chris Linstruth
11:39 PM Bug #8447 (Resolved): Cannot change Gateway in Firewall > Rules: Open any rule or create a new rule. In the Advanced options, the Gateway cannot be selected. This was working in 2.... Yajasi Support
07:35 PM Bug #8446 (Resolved): QinQ interfaces are assigned incorrectly: When creating a QinQ interface in 2.4.3 it is stored in the config correctly and created as an interface as expected:... Steve Wheeler
03:44 PM Bug #8445 (Resolved): creating an alias named "log" breaks rule processing: i created an ip alias, and named it "log". upon the rules reloading, an error occurred:
There were error(s) loadi... lists b
02:04 PM Bug #8429: radvd/IPv6 broken in 2.4.3 when using a LAN bridge: Same Problem:
RADVD regression on 2.4.3 / radvd can not run on bridge Interface anymore...
https://forum.pfsense.or... neti netwalker
12:13 AM Bug #8429: radvd/IPv6 broken in 2.4.3 when using a LAN bridge: Same issue for me too ....
Netgate SG-4860 - Serial: ********* - Netgate Device ID: *********
*** Welcome to pf... Mat Clarke
01:11 PM pfSense Packages Bug #8438: haproxy: can't use ACL for cert with http-response actions: 2. found&fixed
The plugin 'injects' extra stylesheets, and the setCSSdisplay function searches for a particular st... Pi Ba
11:07 AM pfSense Packages Bug #8438: haproxy: can't use ACL for cert with http-response actions: Re 2: I usually use Firefox @ Windows 10 and yes with some blockers such as NoScript, uBlock and few user scripts in ... Petr H
09:40 AM pfSense Packages Bug #8438: haproxy: can't use ACL for cert with http-response actions: Thanks for testing and reporting about these issues.
1. found&fixed
2. these items seem to work properly for me o... Pi Ba
11:31 AM Bug #8444: ovpnc as upstream dhcp relay interface: This appears to be the expected behaviour as isc-dhcpd cannot bind to adapters with no MAC address.
However you can ... Steve Wheeler
07:32 AM Bug #8335: System hang with LACP downlink to UniFi switch: Some new information:
* It happens when LAGG Protocol is set to Failover.
* It happens when one of the two netwo... Mike Pastore

04/07/2018

08:04 PM Bug #8429: radvd/IPv6 broken in 2.4.3 when using a LAN bridge: Agreed, I'm facing the same issue. Please fix this in the next Dev & Rel version. Thanks.
========================... Jason Smith
06:58 PM pfSense Packages Bug #8438: haproxy: can't use ACL for cert with http-response actions: It seems to be fine, good.
While I'm at it, few more glitches I found:
1. *Backend: Timeout / retry settings*
... Petr H
04:14 PM pfSense Packages Bug #8438: haproxy: can't use ACL for cert with http-response actions: If you can perhaps test/validate my changes again haproxy-devel version that would be great.
Either the full thing (... Pi Ba
08:38 AM pfSense Packages Bug #8438: haproxy: can't use ACL for cert with http-response actions: Re regex - yes you're right.
I was living with the false assumption (based on some tests that I remember from the pa... Petr H
07:23 AM pfSense Packages Bug #8438: haproxy: can't use ACL for cert with http-response actions: Petr H wrote:
> >http-response set-var(txn.txnhost) hdr(host)
> That seems to set that variable only during the res... Pi Ba
07:00 AM Bug #8444 (Not a Bug): ovpnc as upstream dhcp relay interface: Not directly related to Bug 8443, but has something in common:
Following setup to pass DHCP relay requests via Op... Vladimir Lind
02:53 AM Bug #8443: DHCP relay not starting after ovpnc interface is unchecked - vm 2.4.3: DHCP relay started only with disabled openvpn client. Wit enabled openvpn client dhcp relay doesn't start. But after ... Vladimir Lind
02:37 AM Bug #8443 (Resolved): DHCP relay not starting after ovpnc interface is unchecked - vm 2.4.3: Assigned ovpnc interface was chosen as relay interface, config was saved. DHCP relay claimed this interface to be not... Vladimir Lind

04/06/2018

10:02 PM Bug #8391: OpenVPN Wizard creates WAN rule with TCP4 instead of protocol TCP, it creates error when loading firewall rules: Tested on 2.4.4.a.20180406.1258, completed wizard and selected TCP for IPv4 only and the firewall rule on WAN was cre... Anonymous
09:55 PM Bug #8417: IPv6 bogon list size now too large to fit in standard maximum table size: Tested on 2.4.4.a.20180406.1258, warning appears stating that the Firewall Maximum Table Entries value in System / Ad... Anonymous
09:33 PM pfSense Packages Bug #8438: haproxy: can't use ACL for cert with http-response actions: >http-response set-var(txn.txnhost) hdr(host)
That seems to set that variable only during the response processing. I... Petr H
05:55 PM pfSense Packages Bug #8438: haproxy: can't use ACL for cert with http-response actions: Actually that the condition is added to all actions in the frontend probably is the 'right thing' to do.. (my previou... Pi Ba
03:26 PM pfSense Packages Bug #8438: haproxy: can't use ACL for cert with http-response actions: Ok thanks can reproduce it now. Ill check why that happens. Pi Ba
02:49 PM pfSense Packages Bug #8438: haproxy: can't use ACL for cert with http-response actions: Attached sample haproxy.cfg that demonstrates the problem. With this file the warnings occur at lines 48 and 49:
<pr... Petr H
01:59 PM pfSense Packages Bug #8438: haproxy: can't use ACL for cert with http-response actions: Can you show/attach the complete haproxy.conf itself? I'm not yet seeing when this would occur.. And or perhaps a scr... Pi Ba
09:02 PM Feature #8030: Unbound: Add support for DNS over TLS to internal clients: Tested on on 2.4.4.a.20180406.1258, works as expected. Anonymous
01:10 PM Feature #8030 (Feedback): Unbound: Add support for DNS over TLS to internal clients: Applied in changeset commit:1fa69c27ee153fe439c2ba9a9809a28e452811ea. Jim Pingle
05:57 PM Revision 1fa69c27: Add GUI controls to the DNS Resolver for providing DNS over TLS service to local clients. Implements #8030: Jim Pingle
05:40 PM pfSense Packages Feature #8442 (Rejected): ACME - custom script for DNS validation: Please add ability to upload custom script for DNS validation.
I have provider for which I have script to update DNS... Tomas Ulicky
03:46 PM Bug #8389 (Not a Bug): OpenVPN servise status does not update: Anonymous
03:46 PM Bug #8389: OpenVPN servise status does not update: Thanks. I'll mark as resolved. Anonymous
03:44 PM Bug #8389: OpenVPN servise status does not update: My apologies for being unclear :(
I don't see the initial problem I reported.
I stopped VPN server and saw it's m... Yuri Weinstein
03:36 PM Bug #8389: OpenVPN servise status does not update: You don't see what?
A) You don't see a problem any more, it updates correctly
B) You still don't see the widget ... Anonymous
03:31 PM Bug #8389: OpenVPN servise status does not update: I do not see it on the latest release. Yuri Weinstein
03:28 PM Bug #8389: OpenVPN servise status does not update: You don't see it update, or you don't see this issue? Anonymous
03:19 PM Bug #8389: OpenVPN servise status does not update: Well, I don't see it on 2.4.3-RELEASE Yuri Weinstein
02:18 PM pfSense Packages Bug #8421 (Resolved): AutoConfigBackup v1.51 Option to Ignore Captive Portal Vouchers not working: Jim Pingle
01:37 PM pfSense Packages Bug #8421: AutoConfigBackup v1.51 Option to Ignore Captive Portal Vouchers not working: I can now confirm the package is available for 2.4.3 and the fix works as expected.
Thank you all for your time. Bruno Pinto
12:07 PM pfSense Packages Bug #8421: AutoConfigBackup v1.51 Option to Ignore Captive Portal Vouchers not working: It should show up for 2.4.3 users momentarily. Jim Pingle
10:41 AM pfSense Packages Bug #8421: AutoConfigBackup v1.51 Option to Ignore Captive Portal Vouchers not working: After a few days waiting for the package to show up on the update list, I went to look at the FreeBSD-ports repositor... Bruno Pinto
01:05 PM Feature #8430: Add DNS Resolver status page: The infra cache stats appear to be good. It might be nice if they updated via ajax but they do not appear to change f... Jim Pingle
01:00 PM Feature #8388 (Resolved): Add DNS over TLS for upstream forwarders to the DNS Resolver: Works. Jim Pingle
01:00 PM Feature #8028 (Resolved): Unbound: Add advanced option for qname-minimization: Works Jim Pingle
12:59 PM Feature #8431 (Resolved): Add DNS over TLS checkbox for Domain Override entries: Works Jim Pingle
11:30 AM Bug #8441 (Resolved): Manually disconnecting a captive portal user leaves the IPFW table entry: When a captive portal user is manually disconnected their entry is removed from the portal database, but the entry re... Jim Pingle
10:16 AM pfSense Packages Bug #8440 (Not a Bug): Suricata 4.0.4_1 disablesid.conf does not disable rule?: I'm not sure if this started in Suricata 4.0.4_1, but I recently found a rule in my disablesid.conf which was still t... Raffi T
09:26 AM Bug #8422 (Resolved): Switching VLAN mode removes the switch port settings from the config.: Jim Pingle
05:49 AM Bug #8422: Switching VLAN mode removes the switch port settings from the config.: It looks resolved - tested on built on Thu Apr 05 19:51:37 CDT 2018 Vladimir Lind
09:17 AM Bug #8439: Trailing whitespace on username not respected in LDAP filter: I have tried various ways to encode spaces but the LDAP server itself (OpenLDAP, in this case) appears to find the tr... Jim Pingle
08:23 AM Bug #8439 (Not a Bug): Trailing whitespace on username not respected in LDAP filter: When a user attempts to authenticate with LDAP, if they incorrectly enter their username with a trailing space the LD... Jim Pingle

04/05/2018

08:37 PM Revision 423ce46d: Merge pull request #3453 from plumbeo/traffic-quota: Steve Beaver
08:36 PM Revision 9f85da7f: Merge pull request #3933 from PiBa-NL/20180405-widget-invert: Steve Beaver
07:58 PM Revision 3477fc23: trafficwidget, invert option needed json parsing: Pi Ba
07:32 PM Revision fa5df9eb: filter vip usage, ipv6 vips cause invalid rules because a empty item gets added to the vips list for a interface: (cherry picked from commit c6ebe69d2c0838bc76957b22f98547311c68e700) Pi Ba
07:31 PM Revision 74d6e948: Merge pull request #3924 from PiBa-NL/20180331-filter-ipv6-vips: Jim Pingle
06:49 PM Revision 23feda19: Refinements to status_unbound.php. Ticket #8430: Jim Pingle
05:27 PM pfSense Packages Bug #8438 (New): haproxy: can't use ACL for cert with http-response actions: pfSense 2.4.3, pfSense-pkg-haproxy 0.54_2, haproxy 1.7.10
1. Primary frontend used by other shared ones
2. SSL-en... Petr H
05:19 PM Bug #8437 (Resolved): invalid outbound nat rules written when using ipv6 rules on interfaces that also have ipv4 adresses..: Rules like below can be generated with the outbound-nat settings:
nat on $LANI proto icmp from fd:1:2:3::/64 to any... Pi Ba
03:31 PM Revision 0019e3dd: Merge pull request #3932 from robjarsen/tweak/rm-whitespace: Steve Beaver
03:15 PM Bug #8367: Traffic Graph widget shows Inverse view, even when Inverse is set to Off.: Caused by: https://redmine.pfsense.org/issues/8302
Fixable by: https://github.com/pfsense/pfsense/pull/3933 Pi Ba
02:33 PM Bug #8408 (Feedback): invalid rule written due to ipv6 ipalias being present: Jim Pingle
02:33 PM Bug #8408: invalid rule written due to ipv6 ipalias being present: I was finally able to replicate this and confirm the fix, PR merged, thanks! Jim Pingle
01:36 PM Revision 066335a3: Captive portal: Add custom RADIUS dictionary with the new pfSense vendor-specific attributes: Caio Plumbeo
01:35 PM Revision f87ddb3b: Captive portal: add option to choose whether to use the bandwidth limits retrieved from RADIUS or not: Automatically upgrade config to preserve old RADIUS bandwidth limits behaviour on existing installations. Caio Plumbeo
01:24 PM pfSense Packages Bug #8436 (Rejected): I have the problem of User authentication and password in my proxy, when I intend to update the packages using pkg upgrade and pkg update: This is not a support platform, please post your question on the forum, pfSense subreddit, or mailing list. Jim Pingle
01:09 PM pfSense Packages Bug #8436 (Rejected): I have the problem of User authentication and password in my proxy, when I intend to update the packages using pkg upgrade and pkg update: Hello, I am new using pfsense 2.4.2, I have the same problem of User authentication and password in my proxy, I have ... Julio Acosta
01:19 PM Revision e4c34f17: Captive portal: add the explicit reason why a user was disconnected to the log: Caio Plumbeo
01:19 PM Revision f3e403d5: Captive portal: add option to retrieve the traffic quota value from RADIUS: Add an option to enable retrieving a user's traffic quota from RADIUS. The code uses a new vendor-specific attribute ... Caio Plumbeo
01:19 PM Revision acbd943d: Captive portal: add a traffic quota option: Add a new option to disconnect users after they exceed a traffic quota (sum of downloaded data and uploaded data). Caio Plumbeo
01:19 PM Revision 643315be: Captive portal: always use the RADIUS-provided session timeout value if the option is enabled: Caio Plumbeo
01:18 PM pfSense Packages Todo #8433: Upgrade NRPE-SSL Package to NRPE3: Oh sorry I wasn't aware it was already done in the snapshots, haven't used them in a long time. Ken Sim
09:00 AM pfSense Packages Todo #8433 (Feedback): Upgrade NRPE-SSL Package to NRPE3: It is already switched to nrpe3 on 2.4.4 snapshots because the nrpe2 and nrpe-ssl ports were removed from the FreeBSD... Jim Pingle
12:37 PM Bug #8435 (New): DHCPv6 unusable in certain circumstances (US AT&T Fiber, etc.): pfSense's implementation of DHCPv6 prefix delegation is unusable in edge ISP configurations. AT&T Fiber in the United... Justin Coffman
11:15 AM Revision 3d706897: Do not remove unbound testing config when it fails to make it easier to debug: Renato Botelho
11:08 AM Bug #7969: md5 bgp sessions fail in 2.4.0: bkraptor - wrote:
> I have already opened #8407 for this issue, so feel free to continue the conversation there.
> ... Matthew Fields
08:12 AM Bug #6481: loading EAP_RADIUS method failed: This bug is still present on the 2.4.3 release. Harry Gonzalez
02:57 AM Bug #8434: Chelsio T4/T5 CXGBE drivers not loaded as ALTq capable in the PfSense UI: Also see https://redmine.pfsense.org/issues/8314
Jim Pingle (It's possible that either the man page is wrong or i... Justin Smith
02:37 AM Bug #8434 (Resolved): Chelsio T4/T5 CXGBE drivers not loaded as ALTq capable in the PfSense UI: ( Please reference https://redmine.pfsense.org/issues/6830 & https://redmine.pfsense.org/issues/7607 ) Information be... Justin Smith
02:29 AM Bug #7607: Chelsio T4/T5 CXGBE drivers not loaded as ALTq capable in the PfSense UI: This is still not functional.
2.4.4-DEVELOPMENT (amd64)
built on Wed Apr 04 19:00:45 CDT 2018
FreeBSD 11.1-REL... Justin Smith
02:08 AM Bug #8417: IPv6 bogon list size now too large to fit in standard maximum table size: With this error I also noticed a really weird subtle error which took me almost an hour to figure out:
Some Firewall... Thomas Rieschl

04/04/2018

11:38 PM pfSense Packages Todo #8433 (Resolved): Upgrade NRPE-SSL Package to NRPE3: net-mgmt/nrpe-ssl (https://www.freshports.org/net-mgmt/nrpe-ssl/) has been depreciated and removed since January. Can... Ken Sim
10:03 PM Revision b223b6e2: Merge branch 'master' of https://github.com/pfsense/pfsense into tweak/rm-whitespace: robjarsen
08:13 PM Revision 4acef976: Add a status page for unbound to show the infra cache. Ticket #8430: Jim Pingle
07:35 PM Revision aa9971a3: Whitespace Removal: * src\etc\sshd robjarsen
07:27 PM Revision db0050f0: Add array check: Even though I now set `$ns` equal to `array_unique(get_nameservers()`, just to be safe we check with `is_array($ns)` ... Peter Berbec
06:24 PM Revision 9ec128f0: Merge pull request #3922 from reb00tz/reb00tz-sshd_key_and_password-patch-1: Steve Beaver
06:13 PM Revision 923f05c4: Enhanced sshdkeyonly Drop-Down List for Clarity...: Enhanced sshdkeyonly drop-down list for clarity, as per https://github.com/pfsense/pfsense/pull/3922#pullrequestrevie... Daniel Koh
06:13 PM Revision c2d5d1ff: Enhanced sshdkeyonly Drop-Down List for Clarity...: Enhanced sshdkeyonly drop-down list for clarity, as per https://github.com/pfsense/pfsense/pull/3922#pullrequestrevie... Daniel Koh
06:13 PM Revision 0bfd23a6: Allow SSHd Key and Password Combination: Changes to allow key and password combination (in contrast to key OR password) i.e. if selected in the Admin>Advanced... Daniel Koh
06:13 PM Revision d6fdfd78: Allow SSHd Key and Password Combination: Changes to allow key and password combination (in contrast to key OR password) i.e. if selected in the Admin>Advanced... Daniel Koh
06:09 PM Revision f39ba24b: Add a TLS option for DNS Resolver Domain Overrides. Implements #8431: Jim Pingle
05:36 PM Revision 547e51b8: Add query name minimization options to DNS Resolver. Implements #8028: Jim Pingle
05:30 PM Bug #8417: IPv6 bogon list size now too large to fit in standard maximum table size: Yes. I ran into the same issue as Ryan Jaeb . It took me awhile to figure that out. Very confusing. Brendon Baumgartner
05:25 PM Revision 726a9fa5: Merge pull request #3931 from robjarsen/tweak/rm-whitespace: Steve Beaver
03:01 PM Revision cd738219: Add GUI option for DNS over TLS. Implements #8388: Jim Pingle
01:33 PM Bug #6949: username/password not used by proxy support: Hello Jim Pingle , I am new using pfsense 2.4.2, I have the same problem of User authentication and password in my pr... Julio Acosta
01:20 PM Feature #8431 (Feedback): Add DNS over TLS checkbox for Domain Override entries: Applied in changeset commit:f39ba24b36d2eaf725b552aefff3b05ceba49edb. Jim Pingle
11:22 AM Feature #8431 (Resolved): Add DNS over TLS checkbox for Domain Override entries: Using @forward-tls-upstream@ in a forward-zone will trigger unbound to send queries to that server using SSL/TLS. Sin... Jim Pingle
12:55 PM Bug #8432 (New): Dynamic DNS Client gives an error that it can't find IPv6 address when WAN interface is a LAGG: Hi,
I'm trying to get the Dynamic DNS to update my ipv6 address with Amazon's Route 53 service. However, I'm seein... Richard Powell
12:50 PM Feature #8028 (Feedback): Unbound: Add advanced option for qname-minimization: Applied in changeset commit:547e51b887a88d97569e587de26e029674c5d5f0. Jim Pingle
10:48 AM Feature #8388: Add DNS over TLS for upstream forwarders to the DNS Resolver: Of note, a couple changes compared to other examples:
1. We already set @do-tcp: yes@, so adding it again was unne... Jim Pingle
10:10 AM Feature #8388 (Feedback): Add DNS over TLS for upstream forwarders to the DNS Resolver: Applied in changeset commit:cd73821986dd854afbff4b1f63c7fa2bc88ed9a2. Jim Pingle
08:19 AM Feature #8388 (Assigned): Add DNS over TLS for upstream forwarders to the DNS Resolver: On second thought, this is different. The other ticket is for providing DNS over TLS to local clients, this is for up... Jim Pingle
07:41 AM Feature #8388 (Duplicate): Add DNS over TLS for upstream forwarders to the DNS Resolver: Duplicate of #8030 Jim Pingle
08:30 AM Feature #8430 (Resolved): Add DNS Resolver status page: We can fetch some useful status data from unbound using @unbound-control -c /var/unbound/unbound.conf <command>@, and... Jim Pingle
08:20 AM Feature #8415: Add DNS over TLS (RFC 7858) fonctionality to dns resolver and forwarder: Actually it's a duplicate of #8388 (for upstream forwarders), #8030 is for acting as a DNS over TLS server to local c... Jim Pingle
07:41 AM Feature #8415 (Duplicate): Add DNS over TLS (RFC 7858) fonctionality to dns resolver and forwarder: Duplicate of #8030 Jim Pingle
07:43 AM Feature #8030: Unbound: Add support for DNS over TLS to internal clients: See also: #8415 and #8388 Jim Pingle
06:30 AM Revision aca98ca8: scope error?: Error on reboot.
```
[04-Apr-2018 02:21:54 EST5EDT] PHP Warning: in_array() expects parameter 2 to be array, null g... Peter Berbec
02:07 AM Revision b28c9acc: Fixing debug errors.: Peter Berbec

04/03/2018

07:22 PM Bug #8428 (Duplicate): Filter reload nofication: Jim Pingle
05:47 PM Bug #8428: Filter reload nofication: Duplicate of: https://redmine.pfsense.org/issues/8391
Was fixed here: https://github.com/pfsense/pfsense/commit/5ac4... Pi Ba
04:40 PM Bug #8428 (Duplicate): Filter reload nofication: On every filter reload (also in background) we are getting the notification window as attached.
ex.
rc.bootup: Ne... Antonio D'Argenio
07:19 PM Bug #8427 (Not a Bug): Missing Key lenght Selection dropdown list: Looks like a problem in your browser. I can't replicate it here across multiple firewalls. Please post on the forum o... Jim Pingle
04:34 PM Bug #8427 (Duplicate): Missing Key lenght Selection dropdown list: Under VPN - IPSEC, configuring a P1 session under the Phase 1 proposal section the web configurator miss the dropdown... Antonio D'Argenio
06:49 PM Bug #8429 (Resolved): radvd/IPv6 broken in 2.4.3 when using a LAN bridge: Due to the fix for #6974 included in 2.4.3 (commits "1":https://github.com/pfsense/FreeBSD-ports/commit/1857d3d89d2ef... Spencer Hakim
05:27 PM Revision 493e4284: Remove Whitespace: * src\etc\inc\dyndns.class
* src\etc\inc\simplepie\simplepie.inc
* src\usr\local\www\services_dyndns_edit.php robjarsen
04:36 PM Bug #8390: Input validation does not prevent removing a gateway used by a DNS server: my config.xml file had <dns5gw>NORDVPN_DHCP</dns5gw>
despite having no DNS entries in System/Advanced
changed it ... rub man
03:57 PM Revision a6cae015: hideCheckbox. The 'o' is important. And use js instead of php like we're supposed to.: Peter Berbec
03:47 PM Bug #7969: md5 bgp sessions fail in 2.4.0: I have already opened #8407 for this issue, so feel free to continue the conversation there.
@Matthew Fields: that... Anonymous
03:43 PM Bug #7969: md5 bgp sessions fail in 2.4.0: Can someone reopen this bug, it certainly doesn't seem like it has been resolved based on multiple people testing Andrew Dul
03:35 PM Bug #7969: md5 bgp sessions fail in 2.4.0: bkraptor, where is the "Enable Hardware Checksum Support" listed at? I could not seem to find it except for a checkbo... Matthew Fields
03:27 PM Revision c7652dc1: Change array index to use php-style: Peter Berbec
03:25 PM Revision e10fba08: Add fixed suggested by jim-p: Peter Berbec
02:46 PM Revision 2f846a99: Moved out of my root directory :(: Peter Berbec
02:46 PM Bug #8426 (Resolved): Mobile IPSec login not working after upgrade from 2.4.2p1: Since performing the upgrade from 2.4.2p1 to 2.4.3, users have been unable to connect; OS X clients get an error sugg... Michael Newton
02:40 PM Revision d91153df: Allow ocsp-staple to override: Enable ocsp stapling to on if forced that way through configuration Peter Berbec
02:40 PM Revision 070bee71: Change option text: Make it a force-on option
Hide option if ocsp is enabled Peter Berbec
02:40 PM Revision 5a107548: Use cert_get_ocspstaple: Use cert_get_ocspstaple during nginx configuration generation Peter Berbec
02:40 PM Revision da31993a: add cert_get_ocspstaple: Peter Berbec
02:40 PM Revision 4a424643: Create get_dns_nameservers function: Put code in a function since it gets called in two places. Peter Berbec
02:40 PM Revision 089cfcda: Steal resolvconf: Steal the nameserver generation code from the resolvconf code Peter Berbec
02:40 PM Revision 29a6d3f3: Improve description, reorder: make ordering proper Peter Berbec
02:40 PM Revision 7f6fdef2: Use option properly: Use the option created by the config to control stapling
(and add a missed semicolon!) Peter Berbec
02:40 PM Revision 2196cecd: Add OCSP option in config: Peter Berbec
02:40 PM Revision 7312dbec: Beginings of enabling SSL Stapling: Add the option. Default to enable Peter Berbec
01:48 PM pfSense Packages Bug #8421 (Feedback): AutoConfigBackup v1.51 Option to Ignore Captive Portal Vouchers not working: Fix committed b95ecbc9a9f4d87e77079dbf023ddb346460bdb1. It should show up as a package update for AutoConfigBackup wh... Anonymous
01:17 PM pfSense Packages Bug #8421: AutoConfigBackup v1.51 Option to Ignore Captive Portal Vouchers not working: The message looks like the same from here
(system)@172.xx.x.xx: Captive Portal Voucher database synchronized wit... Bruno Pinto
01:14 PM pfSense Packages Bug #8421: AutoConfigBackup v1.51 Option to Ignore Captive Portal Vouchers not working: What is the reason you see for the backup? under Diagnostics > AutoConfigBackup > Restore I want to make sure I am se... Anonymous
06:16 AM pfSense Packages Bug #8421 (Resolved): AutoConfigBackup v1.51 Option to Ignore Captive Portal Vouchers not working: I've been using pfSense in a HA configuration for a while now, and just recently started using the captive portal fea... Bruno Pinto
01:27 PM Revision 0dda568a: Update SimplePie to 1.5.1: Jim Pingle
01:27 PM Revision e3fb3f3b: Update SimplePie to 1.5.1: (cherry picked from commit 0e0adbc9be72c96723f002910453fc8b022ddf59) Jim Pingle
01:18 PM Revision 83a08996: Merge pull request #3926 from martgras/azureddns: Steve Beaver
12:46 PM Revision 96e04d74: remove whitespace - pt. 2: (cherry picked from commit 523849d312daae129a287f9cf43cbdeadafd1fcb) robjarsen
12:46 PM Revision 44f1b689: Merge pull request #3928 from robjarsen/tweak/rm-whitespace: Renato Botelho
12:21 PM pfSense Packages Bug #8425 (Resolved): telegraf not reporting memory: Since installing 2.4.3, telegraf isn't reporting memory anymore. Everything else is reporting as usual. Lucas Hereld
11:38 AM Bug #8422 (Feedback): Switching VLAN mode removes the switch port settings from the config.: Fixed.
Please check with the next snapshot. Luiz Souza
07:03 AM Bug #8422 (Resolved): Switching VLAN mode removes the switch port settings from the config.: On devices with a built in switch changing the switch VLAN mode removes the port state settings from the config resul... Steve Wheeler
11:16 AM Bug #6167: IPsec IPComp not working: Is there any progress on this, other than that the target version moves to the next version each time a new version i... Ronald Antony
08:54 AM Bug #8424 (Duplicate): IPv6 stops working completely for interfaces that use interface tracking and have VIPs configured on them: If you have a downstream interface configured to use a dhcpv6-pd assigned prefix (my isp gives a /56) and you have VI... Jupiter Vuorikoski
08:31 AM Todo #8423 (Resolved): Update SimplePie to 1.5.1: Update SimplePie to 1.5.1
Ticket for tracking. Update was complete in commit:0e0adbc9be Jim Pingle
05:35 AM pfSense Packages Bug #7293: dns/bind911 requires TCP_RFC7413 in kernel: This should be fixed building the kernel with "options TCP_RFC7413" and enabling fastopen sysctl. Wagner Sartori Junior
05:10 AM Bug #6223: IPsec + OpenBGPD fails with "PF_KEY socket: No buffer space available": just make upgrade to 2.4.3-RELEASE (amd64) built on Mon Mar 26 18:02:04 CDT 2018
I have openbgp (ok i ll move to F... xavier Lemaire
03:36 AM Bug #8420 (Not a Bug): Not possible setting up voucher configuration. On save, the form is asking to fill in the synchronization data.: Hi,
On a new 2.4.3 deployment, on initial configuration, when trying to save the Captive Portal Voucher configurat... Dejan Milojevic

04/02/2018

10:10 PM Revision bc12317e: Catch up with ports rename: Renato Botelho
10:09 PM Revision 7068e466: Catch up with ports rename: Renato Botelho
08:41 PM Revision 523849d3: remove whitespace - pt. 2: robjarsen
07:42 PM Revision 37e1aecf: Fix function name typo: Jim Pingle
07:18 PM Revision 00e54150: Add function to detect OCSP Must Staple certs. Ticket #8418 and Ticket #8299: Jim Pingle
06:13 PM Bug #8363: OpenVPN Client Has Needs to be restarted after pfsense restart to be connectable: changing some advanced settings and switching to udp solved my problem. rub man
05:36 PM Bug #8419 (New): webgui, when menubar is fixed to the top of the screen, the last items of long menus cannot be seen/used.: webgui, when menubar is fixed to the top of the screen, the last items of long menus cannot be seen/used.
fix: htt... Pi Ba
05:14 PM Bug #8417: IPv6 bogon list size now too large to fit in standard maximum table size: I think there's also mistake in the description on the settings page that could mislead people. If you've overridden... Ryan Jaeb
12:00 PM Bug #8417 (Feedback): IPv6 bogon list size now too large to fit in standard maximum table size: Applied in changeset commit:2d113b128f270302cc5380669f257e8bd1cb3a15. Renato Botelho
09:51 AM Bug #8417 (Resolved): IPv6 bogon list size now too large to fit in standard maximum table size: The IPv6 bogon list has grown to the point where it can no longer fit inside the stock value for maximum table size (... Jim Pingle
04:45 PM Revision 5ab6ce1d: Fix #8417: - Changed default value for Maximum Table Entries to 400000 in order to
make bogonsv6 to work
- Added code to upgra... Renato Botelho
04:45 PM Revision 2d113b12: Fix #8417: - Changed default value for Maximum Table Entries to 400000 in order to
make bogonsv6 to work
- Added code to upgra... Renato Botelho
02:24 PM Bug #8165: Fragmented at source IPv6 packets (UDP + ICMP Ping) are not forwarded / v2.4.2 AMD64: Mike Nichols wrote:
> Johannes - thanks for you comments.
>
> AFAIK pf is an integral part of FreeBSD so we sti... Kevin A McGrail
12:14 PM Revision 85b10a47: Add copyright version param: Steve Beaver
11:45 AM Feature #8418: OCSP Stapling: Peter Berbec wrote:
> With Letsencrypt offering wildcard, people may get in a situation where the certificate they u... Peter Berbec
11:42 AM Feature #8418 (Resolved): OCSP Stapling: With Letsencrypt offering wildcard, people may get in a situation where the certificate they use has been "ocsp must ... Peter Berbec
11:17 AM Revision 139598eb: Remove Whitespace: I'm aware this is a very large commit. Let me know if you'd rather have it broken down by file type (ie: PHP/shell sc... robjarsen
11:16 AM Revision b93ee0b7: Merge pull request #3923 from robjarsen/tweak/rm-whitespace: Renato Botelho
10:19 AM pfSense Packages Bug #8414: ntopng fails to start with Disable Alerts option: For what it's worth I had found other report. I reported a new issue because #8277 was pre-release and indicates that... Denny Page
08:25 AM pfSense Packages Bug #8414 (Duplicate): ntopng fails to start with Disable Alerts option: Duplicate of #8277 Jim Pingle
12:10 AM pfSense Packages Bug #8414 (Duplicate): ntopng fails to start with Disable Alerts option: Ntopng fails to start (core dumps) with the "Disable Alerts" (-H) option enabled. It starts fine without the option s... Denny Page
08:28 AM pfSense Packages Feature #8416 (Resolved): Mailreport - Minute of the Hour: Any chance of adding *Minute of the Hour* as an option in the schedule, I'd like a bit more granularity if possible.
... Andy Kniveton
08:26 AM pfSense Packages Bug #8277 (Feedback): ntopng service fails to start on 2.4.3: A new version of ntopng is available now on 2.4.4 snapshots which should address this issue. Try it there and let us ... Jim Pingle
03:15 AM Bug #6668: IPSec tunnel + L2TP/IPSec VPN - wrong PSK chosen by pfSense: I tried the patch, without success.
*ipsec.secrets (without patch):*
<WANIP> @<DN> : PSK 0s<PSK-01>
: PSK 0s<PS... Lasse not relevant
12:48 AM Feature #8415 (Duplicate): Add DNS over TLS (RFC 7858) fonctionality to dns resolver and forwarder: See https://tools.ietf.org/html/rfc7858 for the proposed standard. The benefit to the user is out of the box DNS priv... Patrick Roy

04/01/2018

07:34 PM Bug #7719: Dynamic DNS updates not working on interface failover: This is working fine for me both on my edge and in my lab HA setup using he.net DDNS. You might want to take your con... Chris Linstruth
06:41 PM Revision 1ac3c88a: Redmine # 7769: Add support for Azure DNS to DynamicDNS: Martin Grasruck
06:14 PM pfSense Packages Bug #8404 (Duplicate): IPSec pre-shared key: Try the patch on the other ticket and add comments there. Jim Pingle
05:57 PM pfSense Packages Bug #8404: IPSec pre-shared key: Same behavior as described in #6668
As long as the second (side-to-side) is aktiv, the only PSK that will match is... Lasse not relevant
02:57 PM Bug #8165: Fragmented at source IPv6 packets (UDP + ICMP Ping) are not forwarded / v2.4.2 AMD64: Johannes - thanks for you comments.
AFAIK pf is an integral part of FreeBSD so we still have to wait for the Fre... Mike Nichols
07:10 AM Bug #8165: Fragmented at source IPv6 packets (UDP + ICMP Ping) are not forwarded / v2.4.2 AMD64: a possible hint:
Could it be a pf firewalling problem in handling ICMP?
While disabling pf via _pfctl -d_ the tra... Johannes Petrick
01:24 PM Bug #8363: OpenVPN Client Has Needs to be restarted after pfsense restart to be connectable: I also get following error message on first connection try after reboot (when connection fails):
@ioctl(TUNSIFMODE... rub man
12:39 PM Bug #8413: Virtual IP on PPPOE interface no longer working with 2.4.3: Not sure this is a duplicate as it also affects PPPOE interfaces and not just on startup. Also happens when trying to... Foo Barbarian
12:35 PM Bug #8413 (Duplicate): Virtual IP on PPPOE interface no longer working with 2.4.3: Duplicate of #8393 Jim Pingle
12:32 PM Bug #8413 (Duplicate): Virtual IP on PPPOE interface no longer working with 2.4.3: When upgrading from 2.4.2 to 2.4.3 the IP aliases on the PPPOE interface stopped working.
Before upgrading they we... Foo Barbarian
11:46 AM Bug #8381: Cert manager requires fields that aren't necessary: FYI: RFC 5280 obsoletes RFC 3280, but provides the same guidance. I wasn't consistent previously, my apologies. Justin Coffman
11:22 AM Bug #6974: radvd enabled on a disconnected interface kills RA completely on all interfaces: Hi, the fix to this bug breaks radvd for bridge interfaces, which subsequently breaks IPv6 routing within/out of the ... Spencer Hakim
08:59 AM Bug #8412 (Rejected): OpenVPN compression setting ignored: Try "Enable Compression (stub)" which is the closest equivalent in the updated syntax.
Our code is formatting thin... Jim Pingle
04:51 AM Bug #8412 (Rejected): OpenVPN compression setting ignored: Compression setting in the GUI is ignored. Always expects comp-lzo no matter what you select.
Log entry with "No L... Puiu Saptezecisisase
08:46 AM Feature #8402: SSH2 Enforced Key and Username+Password Authentication...: Open PR for this issue: https://github.com/pfsense/pfsense/pull/3922 Jim Pingle

03/31/2018

09:56 PM Bug #8381 (Assigned): Cert manager requires fields that aren't necessary: Jim Pingle
09:53 PM Bug #8410 (Assigned): unable to use registered services by name and unable to define aliases for registered services using their name: It should be rejecting that input rather than switching to 'any'. The only text allowed in those boxes should be vali... Jim Pingle
02:42 PM Bug #8410 (Resolved): unable to use registered services by name and unable to define aliases for registered services using their name: related to some degree to bug 8409, i've found that i'm unable to create aliases for registered services using their ... lists b
09:49 PM Bug #8409: pfsense alias complains about well known name for non well known port: IIRC it is checking well-known and registered ports, basically anything in /etc/services which are considered keyword... Jim Pingle
09:48 PM Bug #8409 (Assigned): pfsense alias complains about well known name for non well known port: Jim Pingle
02:34 PM Bug #8409 (Resolved): pfsense alias complains about well known name for non well known port: when attempting to add a new port alias [firewall -> aliases -> ports -> add], for example, for mdns [udp port 5353],... lists b
09:45 PM Todo #8411 (Resolved): dnsmasq configuration needs changes for 2.79: Looks like host overrides might need some adjustments with dnsmasq 2.79. It is not in builds yet but once master swit... Jim Pingle
06:06 PM Revision c6ebe69d: filter vip usage, ipv6 vips cause invalid rules because a empty item gets added to the vips list for a interface: Pi Ba
05:36 PM Bug #8393 (Resolved): IPAlias VIPs on localhost are not applied at boot.: Luiz Souza
12:14 PM Bug #8393: IPAlias VIPs on localhost are not applied at boot.: Works for me. Thanks Luiz! Pi Ba
05:02 PM Bug #7719: Dynamic DNS updates not working on interface failover: I have tested Dynamic DNS on 2.4.3 to see if dynamic DNS would finally work for the several multi WAN with HA sites w... Steven Perreau
04:56 PM Bug #6370: IPSEC bound to WAN gateway group and Dynamic DNS doesn't to fail back tunnel to WAN on DDNS update: Tested with 2.3.4 - IPsec still does not fail back to primary until reauth.
A checkbox that forced IPsec to rebuil... Steven Perreau
03:20 PM Bug #6799: Negating ``<interface> net`` when a VIP exists on the interface results in unintended behavior: Understood.
The usual reason is that is what pfBlockerNG's DNSBL does by default - places a 10.10.10.X IP Alias VI... Chris Linstruth
02:51 PM Bug #6799: Negating ``<interface> net`` when a VIP exists on the interface results in unintended behavior: LAN Interface: 172.25.232.1/24
IP Alias VIP on LAN: 10.10.10.10/32
You’ve defined LAN here to include both.
S... Jim Thompson
01:16 PM Bug #8408 (Resolved): invalid rule written due to ipv6 ipalias being present: The following rule is generated due to a IPv6 alias being present, this is supposed to fill a array of vips6 , but ad... Pi Ba
12:00 PM Bug #8407 (Resolved): FRR BGP MD5 support is broken: This is a continuation of #7969
I recently upgraded some systems from 2.3.5 to 2.4.3 and found that FRR BGP MD5 su... Anonymous
11:56 AM Bug #8406 (New): DDNS IPV6 Cloudflare Client does not detect PPOE address: The ISP uses PPPoE for connectivity. The Cloudflare DDNS client properly detects the PPPoE IPv4 address. The Cloudfla... Matthew Vinton
11:52 AM Bug #7969: md5 bgp sessions fail in 2.4.0: I recently upgraded some systems from 2.3.5 to 2.4.3 and found that FRR BGP MD5 support is now broken. When the outgo... Anonymous
08:54 AM pfSense Packages Bug #8405 (Duplicate): pfSense 2.4.3 breaks HAProxy if using VIP: Looks like the same issue as #8393 Jim Pingle
06:59 AM pfSense Packages Bug #8405 (Duplicate): pfSense 2.4.3 breaks HAProxy if using VIP: If using a VIP for HAProxy instead of localhost, the upgrade to 2.4.3 creates the following error. Changing from the ... Rick Strangman
05:46 AM pfSense Packages Bug #8404 (Duplicate): IPSec pre-shared key: After upgrading from 2.4.2_p1 to 2.4.3, just the last added (active) IPSec tunnel <PSK> matches in PHASE-1.
All ot... Lasse not relevant
04:10 AM Revision 36c029a1: Fixes a regression in my previous commit.: IP aliases can be used with CARP vhids too.
Reported by: PiBa
Ticket: #8393
(cherry picked from commit b... Luiz Souza
04:09 AM Revision b0ad46aa: Fixes a regression in my previous commit.: IP aliases can be used with CARP vhids too.
Reported by: PiBa
Ticket: #8393 Luiz Souza
03:17 AM Revision deb4dba6: Enhanced sshdkeyonly Drop-Down List for Clarity...: Enhanced sshdkeyonly drop-down list for clarity, as per https://github.com/pfsense/pfsense/pull/3922#pullrequestrevie... Daniel Koh
03:12 AM Revision c45abaab: Enhanced sshdkeyonly Drop-Down List for Clarity...: Enhanced sshdkeyonly drop-down list for clarity, as per https://github.com/pfsense/pfsense/pull/3922#pullrequestrevie... Daniel Koh

03/30/2018

11:01 PM Revision 179377b0: Remove Whitespace: I'm aware this is a very large commit. Let me know if you'd rather have it broken down by file type (ie: PHP/shell sc... robjarsen
09:57 PM Bug #8403 (Resolved): system_advanced_admin.php Uses Incorrect/Inconsistent $config sshdkeyonly References...: /usr/local/www/system_advanced_admin.php uses incorrect/inconsistent $config sshdkeyonly references.
- lines 106-1... Daniel Koh
09:50 PM Feature #8402: SSH2 Enforced Key and Username+Password Authentication...: Incorrect target version - should be 2.4.5. Daniel Koh
09:45 PM Feature #8402 (Resolved): SSH2 Enforced Key and Username+Password Authentication...: To allow key _and_ username+password combination (in contrast to key OR password) i.e. if selected in the System>Adva... Daniel Koh
09:28 PM Bug #7731: DynDNS fail to update after connection lose: I was looking forward to running 2.4.3 to see if dynamic DNS would work.
My latest testing on 2.4.3 is ddns still ... Steven Perreau
09:26 PM Bug #8333: Dynamic DNS updates may fail when using a gateway group as the interface when the default route is down: I was looking forward t0 running 2.4.3 to see if dynamic DNS would finally work.
My latest testing on 2.4.3 is ddn... Steven Perreau
08:47 PM Bug #8393: IPAlias VIPs on localhost are not applied at boot.: I forgot about these, I had the 'CARP isn't a interface anymore' thinking in my head.
Should be fixed now.
Thanks! Luiz Souza
03:58 PM Bug #8393: IPAlias VIPs on localhost are not applied at boot.: Hi Luiz,
To have multiple highly available IP's on 1 interface its possible to configure a vip of type "alias" and... Pi Ba
03:23 PM Bug #8393: IPAlias VIPs on localhost are not applied at boot.: Can you please elaborate PiBa ? Luiz Souza
02:50 PM Bug #8393: IPAlias VIPs on localhost are not applied at boot.: Seems now a IPalias under a CARP parent is not applied.? Pi Ba
10:49 AM Bug #8393 (Feedback): IPAlias VIPs on localhost are not applied at boot.: Jim Pingle
06:47 PM Revision 49c1dfc0: Merge pull request #3915 from cxcv/proxyarp: Steve Beaver
06:46 PM Revision 8d26774f: Merge pull request #3916 from robjarsen/tweak/cf-spelling: Steve Beaver
06:45 PM Revision cd4ee470: Merge pull request #3919 from PiBa-NL/20180329-copyright-showonce: Steve Beaver
06:31 PM Revision ec203c03: Fixes a bug where an IP alias on loopback interface is not initialized at boot.: A recent change changed the IP alias setup to only happen on enabled interfaces. As the loopback interfaces do not h... Luiz Souza
06:30 PM Revision 0dc35a48: Allow SSHd Key and Password Combination: Changes to allow key and password combination (in contrast to key OR password) i.e. if selected in the Admin>Advanced... Daniel Koh
06:22 PM Revision d8aea57a: Allow SSHd Key and Password Combination: Changes to allow key and password combination (in contrast to key OR password) i.e. if selected in the Admin>Advanced... Daniel Koh
06:21 PM Revision 52d4dc91: Fixes a bug where an IP alias on loopback interface is not initialized at boot.: A recent change changed the IP alias setup to only happen on enabled interfaces. As the loopback interfaces do not h... Luiz Souza
11:06 AM Bug #8401 (New): Issues related to keys representing alphabetic characters specific to Scandinavian languages and to some other keys.: *Description of problem:* Issues related to keys representing alphabetic characters specific to Scandinavian language... Ricky Tigg
11:00 AM pfSense Packages Bug #8400 (Closed): FreeRadius 3 EAP-TLS Missing O.U. Option: Under Services-->FreeRADIUS-->EAP-->EAP-TLS
The Organizational Unit (O.U.) is missing from the option for:
"Che... Kristopher Kolpin
09:04 AM Bug #8396: Upgrade 2.4.2_1p to 2.4.3 Fails: Sniffer trace showed that files00.netgate.com will resolve to both IPv4 and IPv6. The IPv6 side of that server is no... Larry Westfall
07:07 AM Bug #8396 (Not a Bug): Upgrade 2.4.2_1p to 2.4.3 Fails: Most likely something specific to your system/setup/hardware. Please post on the forum, pfSense subreddit, or mailing... Jim Pingle
07:19 AM Todo #8394: status.php - Some package password fields are not redacted: I can add them to the redacted field list.
That said, these are from packages and the base system status.php can't... Jim Pingle
07:15 AM Bug #8395 (Duplicate): #6677 broke IP Aliases on loopback interfaces: Jim Pingle
07:11 AM Bug #8398 (Not a Bug): No route for openvpn tunnel addresses: OK, but if you can reproduce the original missing route problem, gather as much detail as you can before restarting t... Jim Pingle
07:07 AM Bug #8398: No route for openvpn tunnel addresses: It looks OpenVPN server" > "Advanced Configuration" > "gateway creation" was unrelated to missing routes. Probably o... Vladimir Lind
05:33 AM Bug #8398 (Not a Bug): No route for openvpn tunnel addresses: On SG-1000 - OpenVPN server" > "Advanced Configuration" > "gateway creation" defaults to "Both"
There was no any rou... Vladimir Lind
07:00 AM Bug #8399 (Duplicate): Coreboot: Netgate 701 is this issue exactly. Jim Pingle
05:37 AM Bug #8399 (Duplicate): Coreboot: We have a report of a user with this issue:
The upgrade went smoothly here, but I'm wondering if anyone else is havi... Chris Macmahon
06:59 AM Bug #8397 (Rejected): after upgrade 2.4.2 -> 2.4.3 gui error: Jim Pingle
06:15 AM Bug #8397: after upgrade 2.4.2 -> 2.4.3 gui error: the source guardion encoder component has broken. i removed. we can close.. serkan kasap
03:06 AM Bug #8397 (Rejected): after upgrade 2.4.2 -> 2.4.3 gui error: Fatal error: Cannot redeclare index_groups() (previously declared in /etc/inc/auth.inc:238) in /etc/inc/auth.inc on l... serkan kasap

03/29/2018

09:28 PM pfSense Packages Feature #8362: Snort and Suricata Package - Allow for changing URLs, Ports, and Protocols to allow for local Repo of Signature Updates: This feature was added in the Suricata GUI package v4.0.4_1 pull request posted on GitHub here: https://github.com/pf... Bill Meeks
08:06 PM Bug #8396 (Not a Bug): Upgrade 2.4.2_1p to 2.4.3 Fails: The gui fails with no real messages, the CLI just freezes, it appears to be failing at:
arj: 3.10.22_5 -> 3.10.22_7... Larry Westfall
07:02 PM Bug #8395: #6677 broke IP Aliases on loopback interfaces: Duplicate of #8393. Anonymous
06:28 PM Bug #8395 (Duplicate): #6677 broke IP Aliases on loopback interfaces: The fix for #6677 broke IP Aliases on loopback interfaces (type "Localhost") in that they no longer come up on reboot... Anonymous
04:55 PM Revision 11522a08: copyright, show only when changed md5 changed: Pi Ba
04:47 PM Bug #8393 (Assigned): IPAlias VIPs on localhost are not applied at boot.: Anonymous
04:39 PM Bug #8393: IPAlias VIPs on localhost are not applied at boot.: Works fine for me too, no need to go back into the VIPs and resave. Andy Kniveton
04:18 PM Bug #8393: IPAlias VIPs on localhost are not applied at boot.: That works here. Steve Wheeler
04:16 PM Bug #8393: IPAlias VIPs on localhost are not applied at boot.: We're testing the patch now.
Patch resolves the issue. Anonymous
04:01 PM Bug #8393: IPAlias VIPs on localhost are not applied at boot.: I've noticed that to, can you try the patch?: https://github.com/pfsense/pfsense/pull/3920 Pi Ba
03:56 PM Bug #8393 (Resolved): IPAlias VIPs on localhost are not applied at boot.: An VIP configured like:... Steve Wheeler
04:31 PM Bug #8247: When in bridge / transparent mode, pfSense blocks UDP/4500 & ESP traffic regardless of origin: Fast Forward to a new pfSense 2.4.3 installation in *routed* mode and the same behavior occurs:
* Only one rule in... Travis McMurry
04:22 PM Todo #8394 (Resolved): status.php - Some package password fields are not redacted: Raised an issue with support to do with 2.4.3 and an issue at boot time https://redmine.pfsense.org/issues/8393
Wa... Andy Kniveton
02:26 PM Bug #8335: System hang with LACP downlink to UniFi switch: I can confirm that this is still an issue on pfSense 2.4.3-RELEASE and UnFi firmware -3.9.21.8191- 3.9.27.8537. Mike Pastore
01:37 PM Bug #8392 (Duplicate): Carp on switch ports: We have previously seen this on VMs when run as HA.
When the on-board switch is segregated using VLANs to provide ... Chris Macmahon
11:40 AM Revision 47d45f69: Prepare repos to point to 2.4.3-RELEASE: Renato Botelho
11:39 AM Revision 6d14fe07: Revert "Add 2.4.3-RC repo conf": This reverts commit 663c7586393c9d4bcd17c3312a24088ee3a3eac9. Renato Botelho
11:39 AM Revision 9ca84c27: Prepare repos to point to 2.4.3-RELEASE: Renato Botelho
11:38 AM Revision cbc1286c: Revert "Add 2.4.3-RC repo conf": This reverts commit 72fcd11a4c5f743990eb2f62789fb292e52bbde5. Renato Botelho
11:38 AM Revision 3c5606c6: Prepare repos to point to 2.4.3-RELEASE: Renato Botelho
11:36 AM Revision 409270dc: Revert "Add 2.4.3-RC repo conf": This reverts commit 5c1132bf0d796295b9b56fd93631c606f8ccd660. Renato Botelho
11:35 AM Revision 76645f89: Prepare repos to point to 2.4.3-RELEASE: Renato Botelho
11:34 AM Revision 78b079ae: Revert "Add 2.4.3-RC repo conf": This reverts commit 29c5272404bdb35a3ac64e6bfcefae02c56e9466. Renato Botelho
07:35 AM Feature #8123 (Resolved): Add GoDaddy as a Dynamic DNS provider: PR was merged months ago, submitter has tested and confirmed it works. Jim Pingle

03/25/2018

08:40 PM Revision ef7e8885: Move copyright notice to /conf: Steve Beaver
11:39 AM Bug #8138: Option <spoofmac> is ignored on interfaces without hwaddr: Confirmed. MAC spoofing is broken on bridge interfaces and still broken in 2.4.4a. Testing on CE amd64.
Initially:... Steve Wheeler

03/24/2018

06:33 PM Revision 1ea2a37e: Fix copyright typo: Steve Beaver
12:49 PM Revision 6fb38a04: Further copyright updates: Steve Beaver
12:44 PM Revision c0debf5b: Revisions to copyright text: Steve Beaver
10:51 AM Bug #8389 (Not a Bug): OpenVPN servise status does not update: On the pfSense Dashboard => Service status, see OpenVPN service status.
Regardless if OpenVPN is on or off, status... Yuri Weinstein
08:22 AM Feature #8388 (Resolved): Add DNS over TLS for upstream forwarders to the DNS Resolver: GUI options to set DNS over TLS.
Currently you can do this by adding a stanza to the custom options on unbound.
... Joe Gassner

03/23/2018

03:33 PM Revision 7b73c8ff: Rename RCC-DFF to SG-2220: Renato Botelho
03:33 PM Revision 6ae6d723: Change reported version to installed version rather than product version for more detail: Steve Beaver
03:32 PM Revision 0a031fc7: Rename RCC-DFF to SG-2220: Renato Botelho
10:40 AM Bug #8387 (Closed): Cannot use large CRLs: Attempting to import CRL data for certificate authorities via the "System > Cert. Manager > Certificate Revocation" w... Anonymous
08:19 AM Bug #7958: Upgrade 2.4.0: IP alias with FQDN doesn't work any more: Edgardo Rodriguez wrote:
> Hi,
> I am also having the same issue, and it's quite annoying...
> In my case, filterd... Edgardo Rodriguez
07:21 AM pfSense Packages Feature #5052: Avahi Proxy Package: Add option to disable/control cache size.: could you please add an option to set cache-entries-max=0 (or other arbitrary avahi config options?) - see below, it ... Roland Kletzing

03/22/2018

05:36 PM Bug #7919: Logging not working: #define ENODEV 19 /* Operation not supported by device */
if (memcmp(&(f-... Jim Thompson
04:53 PM Bug #8386 (Not a Bug): Virtual IPs not considered as part of interface net: Every network interface with ips configured has a variable "INTERFACE net" which can be used in firewall rules to sel... Stefan Kooman
02:56 PM Revision 8062e6a4: Change reported version to installed version rather than product version for more detail: Steve Beaver
02:09 PM Bug #8179: Incorrect reverse DNS zone in DHCP server config for non-octet-aligned subnet mask: Alfred Barnat wrote:
>
> This should have been:
> zone 208-209.24.172.in-addr.arpa {
> primary 127.0.0.1;
>}... Yousif Hassan
01:09 PM Feature #8385 (New): Utilize IP addresses from successfully authenticated OpenVPN endpoints to Update Firewall Rules: OpenVPN is extremely useful for providing authentication and encryption for remote branch locations and individual ro... Kristopher Kolpin
12:12 PM Bug #8355: Upgrades and packages unavailable after upgrade from 2.3.3_1 to 2.3.4_1: 2018-03-22@17:11:25 (Thu) Have encountered exactly the same problem :-( Tim Jones
11:55 AM Revision ae78f278: Simplify copyright notice display: Steve Beaver
05:57 AM Feature #8384 (Rejected): Pushbullet notifications would be nice: Jared Shearer

03/21/2018

07:35 PM Revision a1ec79f3: Simplify copyright notice display: Steve Beaver
03:05 PM Bug #8383 (Duplicate): OpenBGPD not working with MD5 passwords: I am using OpenBGPD on 2.3.5 and am peering using an MD5 password to a Cisco device, when I upgraded to 2.4.2, the MD... Matthew Fields
02:48 PM Bug #7969: md5 bgp sessions fail in 2.4.0: I am using OpenBGPD on 2.3.5 and am peering using an MD5 password to a Cisco device, when I upgraded to 2.4.2, the MD... Matthew Fields
02:28 PM Revision 00a1311e: Update obsoleted files: Steve Beaver
02:28 PM Revision 3a910ee1: Make copyright notice downloadable from server: Trigger cpyright notice on completion of setup wizard Steve Beaver
02:25 PM Revision e84812a1: Update obsoleted files: Steve Beaver
02:11 PM Revision c8c15bf5: Make copyright notice downloadable from server: Trigger cpyright notice on completion of setup wizard Steve Beaver

03/20/2018

10:26 PM Revision cd93132e: Bump up the XML config version.: (cherry picked from commit 45b421561d969e73b7df4ab23a3256acce5929eb) Luiz Souza
10:24 PM Revision 45b42156: Bump up the XML config version.: Luiz Souza

03/19/2018

10:00 PM Bug #8381: Cert manager requires fields that aren't necessary: Clarifying that last line:
RFC 3280 defines how the subject of a certificate or CA must be specified. Ideally, the... Justin Coffman
09:46 PM Bug #8381 (Resolved): Cert manager requires fields that aren't necessary: Attempting to generate a CA or certificate via the cert management tool in the web GUI yields the following error:
... Justin Coffman
05:09 PM Revision 27e5ab7d: Fix pkg repo configs: Renato Botelho
01:28 PM Bug #8380 (New): OpenVPN RADIUS password length is not constant: Hi there,
I've been running a production OpenVPN server on pfSense for the past year and I have recently switched ... James Webb
03:08 AM Bug #8379: rules with DSCP never match: Post removed, apologies, will post in forum.
Edit: Now I understand my mistake, I agree, this is #notabug Anonymous
02:51 AM Bug #8379: rules with DSCP never match: This is not a discussion forum. Please start a topic at https://forum.pfsense.org/
I expect this will be closed as... Chris Linstruth
02:27 AM Bug #8379: rules with DSCP never match: Thanks for the followup Chris.
I will do some more testing - I am using VirtIO/vtnet interfaces, is it possible that... Anonymous
12:44 AM Bug #8379: rules with DSCP never match: Could not duplicate on 2.4.2_1:
Set laptop switchport to set dscp 14
Set floating rule to match AF13 and log
... Chris Linstruth
02:53 AM Todo #765: Patch: Add custom DHCP configuration: It seems this is still not integrated in pfSense 2.4. Stéphane Lapie
12:09 AM Revision 07a84ece: missed a few: robjarsen

03/18/2018

11:02 PM Bug #8379: rules with DSCP never match: erno rubbik wrote:
> Hello
>
> I am aware this looks like a duplicate of bug 3726 https://redmine.pfsense.org/iss... Anonymous
05:03 PM Bug #8379: rules with DSCP never match: Hello
I am aware this looks like a duplicate of bug 3726 https://redmine.pfsense.org/issues/3726 but it's not
... erno rubbik
05:00 PM Bug #8379 (Not a Bug): rules with DSCP never match: Hello
I am aware this looks like a duplicate of bug 3726 https://redmine.pfsense.org/issues/3726 but it's not
I... erno rubbik
08:14 PM Revision c5e1ce90: Change CloudFlare to Cloudflare: This commit also includes misc. whitespace removal on the affected files. robjarsen
03:27 PM Bug #8056: Bridge + CARP crashes/freezes pfSense: I have tested this. I could easily trigger it in 2.4.2_1 but could not in current snaps. It looks to be solved.
An... Steve Wheeler
03:03 PM Feature #8378 (Duplicate): allow webconfigurator to be configured to listen on only specified interface[s]: currently, the webconfigurator listens on all network interfaces. please implement a mechanism to allow this to be c... lists b
02:26 PM Bug #8377 (Duplicate): Traffic graph widget mouse over always shows b/s even when the value is in B/s: As the description, the mouse over display is always shown as b/s regardless on the bits/Bytes setting.
Seen in: p... Steve Wheeler

03/17/2018

09:06 PM Bug #4479: Firewall rules won't match GRE interface after applying IPSEC transport encryption on GRE tunnel: Ermal says there is code in Darwin that addresses this. Jim Thompson
07:44 PM Feature #8376 (Rejected): please allow dashes in alias names: currently, characters in alias names are restricted to "a-z, A-Z, 0-9 and _". this is annoying because it's common t... lists b
07:22 PM Revision a7e859b8: fixed code style: Benjamin Schweizer
03:46 PM Bug #8375 (Duplicate): email session encryption fails in a private ca environment: when configuring email notifications, and enabling encryption, message notifications fail if the certificate provided... lists b
03:37 PM Todo #8374 (Rejected): email notification settings should not require password confirmation: the email notification settings page [system -> advanced -> notifications -> e-mail], system_advanced_notifications.p... lists b
03:28 PM Feature #8373 (Duplicate): please provide a mechanism to add certificates to the system's root certificate store: the system root certificate store [/usr/local/share/certs/ca-root-nss.crt] includes a default set of certificates, bu... lists b
03:21 PM Feature #8372 (New): add gui setting to adjust refresh rate for dynamic firewall logs: status -> system logs -> firewall -> dynamic view [status_logs_filter_dynamic.php] appears to refresh approximately e... lists b
02:47 PM Revision d038a5dd: Don't read picture file if it does not exist: Steve Beaver

03/16/2018

07:22 PM Revision 12b8f3c9: Don't read picture file if it does not exist: Steve Beaver
04:30 PM Revision 7c0e431a: avoid firwall rules for proxyarp addresses: Benjamin Schweizer
02:07 PM Revision 29c52724: Add 2.4.3-RC repo conf: Renato Botelho
02:07 PM Revision 727e8b11: Add 2.4.3-RC repo conf: Renato Botelho
02:07 PM Revision 72fcd11a: Add 2.4.3-RC repo conf: Renato Botelho
02:07 PM Revision 663c7586: Add 2.4.3-RC repo conf: Renato Botelho
02:07 PM Revision 5c1132bf: Add 2.4.3-RC repo conf: Renato Botelho
02:00 PM Revision 5366c4bc: Initial steps for 2.4.3-RC: Renato Botelho
01:44 PM Revision b6c92510: Bump version to 2.4.4-DEVELOPMENT: Renato Botelho
01:36 PM Feature #8371 (Assigned): Reduce config.xml size by removing picture widget images to file system: Upgraded with a picture in the widget and it was broken after the upgrade. No sign of the image in /conf/
Missing ... Jim Pingle
12:54 PM Feature #8371: Reduce config.xml size by removing picture widget images to file system: new VM, setup picture, downloaded a backup. reset to factory defaults, restored backup, no Image in the widget: Scree... Chris Macmahon
10:51 AM Feature #8371 (Resolved): Reduce config.xml size by removing picture widget images to file system: Images now saved in /conf
Upgrade_config function writes any images out to file system and truncates the config.xml ... Anonymous
01:23 PM Revision 1f0bbb13: Revise picture widget to store image on file system, not in XML config: Steve Beaver
01:20 PM Revision 9099582c: Merge branch 'master' of gitlab.netgate.com:pfsense/pfsense: Steve Beaver
01:08 PM Revision ee28e293: Revise picture widget to store inamge on file system, not in XML config: Steve Beaver
01:05 PM Feature #4821: PPPoE WANs do not take full advantage of NIC driver queues for receiving traffic: I will but I was hoping that pfSense people would also push FreeBSD on it, since I'm sure they have a much stronger a... Benoit Lelievre
12:46 PM Feature #4821: PPPoE WANs do not take full advantage of NIC driver queues for receiving traffic: Since this is a missing feature in FreeBSD networking, you should lobby there for it to be addressed, not here:
ht... Jim Pingle
12:34 PM Feature #4821: PPPoE WANs do not take full advantage of NIC driver queues for receiving traffic: Now that the Spectre and Meltdown patches are coming out on various OSes this becomes even more critical to fix becau... Benoit Lelievre
10:27 AM Bug #8290 (Resolved): filter.inc, make filter_expand_alias_array() return consistent results between first and second call.: The part of this that was broken in pfSense is OK now, but it looks like haproxy will need to implement its own funct... Jim Pingle
10:26 AM Bug #8333 (Resolved): Dynamic DNS updates may fail when using a gateway group as the interface when the default route is down: Tested and working. Jim Pingle

03/15/2018

06:35 PM Revision feeb0581: Make our rc ready for recently introduced exit code in fsck: Inspired by: https://svnweb.freebsd.org/base?view=revision&revision=331015 Renato Botelho
04:38 PM Revision 1b20a4a6: Apply microcode update on boot: Renato Botelho
11:56 AM Feature #8370 (Closed): Add port number to predefined port drop-down list in NAT Rules: Hi
I'm missing the port numbers for the predefined ports when creating a NAT rule.
When creating a firewall rul... Mischa De Pol
11:55 AM Bug #8364 (Closed): Multiple IPsec child SA entries: This appears to have been triggered by a DNS issue, so if there is any problem it is likely the same as #7413. Jim Pingle
06:58 AM Bug #8208 (Resolved): Restoring a config in 2.4.2 with 2.3.X Security/Errata Only repo selected breaks PHP: Renato Botelho
12:43 AM Revision 0afa4c70: Really fix the typo now.: Luiz Souza
12:38 AM Revision a90f678d: Fix a typo.: Luiz Souza

03/14/2018

11:19 PM Revision 023a911b: Bump up the default config.xml version.: Luiz Souza
11:18 PM Revision f6bf385e: Add a placeholder for a factory update.: Luiz Souza
10:13 PM Bug #8208: Restoring a config in 2.4.2 with 2.3.X Security/Errata Only repo selected breaks PHP: 2.3.4 Config with 2.3.X Errata Repo restored to 2.4 systems will break.
2.3.4 Config with 2.4.X Repo restored to 2.4... Paighton Bisconer
10:08 PM Revision 792b62ec: Add cpuctl module to allow updates to the CPU microcode.: Luiz Souza
10:06 PM Revision 392608c8: Sort the module list.: Luiz Souza
01:50 PM Revision f9b1c128: Fix case where $_POST['if'] == 0 in sprint_info_box(): Steve Beaver
12:51 PM Bug #8056 (Feedback): Bridge + CARP crashes/freezes pfSense: This issue seems to be fixed (again) in my local tests.
Please check with tomorrow's snapshot. Luiz Souza
12:50 PM Bug #8368: Cannot log into webConfigurator from Firefox/Linux after fresh install: Until it's proven to be a bug on pfSense (after discussion on the forum, subreddit, etc) then it doesn't belong here.... Jim Pingle
12:38 PM Bug #8368: Cannot log into webConfigurator from Firefox/Linux after fresh install: I would agree about this being a client side issue if logins were to fail for every web site I visit. However, this i... Michael von Glasow
12:08 PM Feature #6457: Allow ability to configure AWS EC2 AMI via userdata: A means of running a shell script in some manner as root at first launch would be helpful, a la `fetch -o - $USER_SCR... John Burwell

03/13/2018

11:41 PM Bug #8369 (Rejected): Setting password complexity: This kind of thing should be discussed on the actual forum at https://forum.pfsense.org, on the pfSense subreddit, or... Jim Pingle
11:30 PM Bug #8369 (Rejected): Setting password complexity: Hi All,
This is my first post on this forum, not very sure this is the right page I have to mention this topic.
... Remya Sivan
08:09 PM Bug #8368 (Rejected): Cannot log into webConfigurator from Firefox/Linux after fresh install: There is no such problem with pfSense itself. That is a client side issue. Jim Pingle
07:21 PM Bug #8368: Cannot log into webConfigurator from Firefox/Linux after fresh install: Since this is a live system (on which I rely for Internet access), I cannot easily reproduce the issue with the same ... Michael von Glasow
07:16 PM Bug #8368 (Rejected): Cannot log into webConfigurator from Firefox/Linux after fresh install: To reproduce:
* Install pfSense 2.4.2 from scratch.
* Assign interfaces, configure an IP address and DHCP server ... Michael von Glasow
05:54 PM Bug #8367 (Resolved): Traffic Graph widget shows Inverse view, even when Inverse is set to Off.: Tested in 2.4.3.a.20180313.0000.
When setting the Traffic Graph widget for Inverse=Off, the graph still displays i... George Phillips
01:49 PM pfSense Packages Feature #8203 (Resolved): pfSense-pkg-suricata: extended eve output selectable headers: Jim Pingle
01:46 PM pfSense Packages Feature #8203: pfSense-pkg-suricata: extended eve output selectable headers: This feature has been implemented using code submitted by a package contributer. This issue can be closed.
Bill Bill Meeks
01:35 PM pfSense Packages Bug #7932 (Resolved): 2.4.0 & Snort 3.2.9.5_1 Pass Lists: Jim Pingle
01:31 PM pfSense Packages Bug #7932: 2.4.0 & Snort 3.2.9.5_1 Pass Lists: This issue has been resoved in the 3.2.9.6 Snort package versions. The bogus text was coming from an attempt to use ... Bill Meeks
01:24 PM pfSense Packages Feature #8362: Snort and Suricata Package - Allow for changing URLs, Ports, and Protocols to allow for local Repo of Signature Updates: I will look at adding this feature to both packages. It would likely be just a text box where the admin could enter ... Bill Meeks
01:21 PM pfSense Packages Feature #8311 (Rejected): Suricata persistent blocks: Agreed, Bill. It's not worth the trouble to make them persist. Jim Pingle
01:20 PM pfSense Packages Feature #8311: Suricata persistent blocks: This is not going to happen as there is no need for all the necessary overhead persisting blocks would require. If S... Bill Meeks
07:50 AM Bug #8364: Multiple IPsec child SA entries: James Dekker wrote:... Jim Pingle
05:54 AM Bug #8333: Dynamic DNS updates may fail when using a gateway group as the interface when the default route is down: Well. I setup new one 2440 with latest 2.4.3 And 2 GW with Active/Passive GW group. Looks like DDNS should work becau... Constantine Kormashev
05:46 AM Bug #4479: Firewall rules won't match GRE interface after applying IPSEC transport encryption on GRE tunnel: For reference, the upstream bug opened by Eric: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226411 Daniel Berteaud
01:08 AM Feature #336: Option to create lagg under assign interfaces: +1
Just bumped into the need to do a fresh install of a LAGG+VLAN setup and could not do it via CLI. Stéphane Lapie

Also available in: Atom

Project

General

Profile

pfSense

Activity

Activity

04/11/2018

04/10/2018

04/09/2018

04/08/2018

04/07/2018

04/06/2018

04/05/2018

04/04/2018

04/03/2018

04/02/2018

04/01/2018

03/31/2018

03/30/2018

03/29/2018

03/28/2018

03/27/2018

03/26/2018

03/25/2018

03/24/2018

03/23/2018

03/22/2018

03/21/2018

03/20/2018

03/19/2018

03/18/2018

03/17/2018

03/16/2018

03/15/2018

03/14/2018

03/13/2018