Activity

30 days up to

User

Subprojects

Activity

From 04/04/2018 to 05/03/2018

05/03/2018

09:10 PM Revision caf4d712: Merge pull request #3781 from PiBa-NL/20170712-defaultgateway-group: Steve Beaver
09:05 PM Revision 65cde57f: Merge pull request #3918 from RepositPower/default-route-preference-in-radvd.conf: Steve Beaver
09:02 PM Revision 1761c8a2: Merge pull request #3927 from peterberbec/master: Steve Beaver
09:02 PM Revision 53a72784: Delete loader.conf.local: Peter Berbec
09:02 PM Revision f8227fe2: Delete IF_URNDIS.KO: Peter Berbec
09:02 PM Revision 267cf2d6: rename: Peter Berbec
09:02 PM Revision 7cb4c2ae: Create loader.conf.locat: Peter Berbec
09:02 PM Revision 7a3cdc11: ndis driver: Peter Berbec
09:02 PM Revision feae1ba4: Add array check: Even though I now set `$ns` equal to `array_unique(get_nameservers()`, just to be safe we check with `is_array($ns)` ... Peter Berbec
09:02 PM Revision 0637a69b: scope error?: Error on reboot.
```
[04-Apr-2018 02:21:54 EST5EDT] PHP Warning: in_array() expects parameter 2 to be array, null g... Peter Berbec
09:02 PM Revision 2d0f86ba: Fixing debug errors.: Peter Berbec
09:02 PM Revision 43a1b4bd: hideCheckbox. The 'o' is important. And use js instead of php like we're supposed to.: Peter Berbec
09:02 PM Revision b458b3d3: Change array index to use php-style: Peter Berbec
09:02 PM Revision 1e238af4: Add fixed suggested by jim-p: Peter Berbec
09:02 PM Revision 0877fe87: Moved out of my root directory :(: Peter Berbec
09:02 PM Revision 80f95a62: Allow ocsp-staple to override: Enable ocsp stapling to on if forced that way through configuration Peter Berbec
09:02 PM Revision 4bdc654b: Change option text: Make it a force-on option
Hide option if ocsp is enabled Peter Berbec
09:02 PM Revision 5067844c: Use cert_get_ocspstaple: Use cert_get_ocspstaple during nginx configuration generation Peter Berbec
09:02 PM Revision 0276ff2e: add cert_get_ocspstaple: Peter Berbec
09:02 PM Revision b7a4321c: Create get_dns_nameservers function: Put code in a function since it gets called in two places. Peter Berbec
09:02 PM Revision 8d76d71a: Steal resolvconf: Steal the nameserver generation code from the resolvconf code Peter Berbec
09:02 PM Revision d7a0bbbe: Improve description, reorder: make ordering proper Peter Berbec
09:02 PM Revision 63a0cb97: Use option properly: Use the option created by the config to control stapling
(and add a missed semicolon!) Peter Berbec
09:02 PM Revision 895a7b90: Add OCSP option in config: Peter Berbec
09:02 PM Revision 2bf437ba: Beginings of enabling SSL Stapling: Add the option. Default to enable Peter Berbec
08:05 PM Feature #8496 (Duplicate): Allow user to backup multiple sections of their configuration: At Diagnostics > Backup & Restore, the user is able to select All or one specific section of the config to back up.
... Anonymous
08:04 PM Revision a08b017c: Redact some more info from the status.php output. Fixes #8394: (cherry picked from commit 21fdf72c0b3caf960512373ad903fe03ccc578ff) Jim Pingle
08:04 PM Revision 34935fb8: Redact some more info from the status.php output. Fixes #8394: (cherry picked from commit 21fdf72c0b3caf960512373ad903fe03ccc578ff) Jim Pingle
07:57 PM Revision 21fdf72c: Redact some more info from the status.php output. Fixes #8394: Jim Pingle
07:19 PM Revision c1d8f66b: Remove 'now' from reboot command, it is no longer accepted or necessary. Fixes #8495: (cherry picked from commit 63642806eb11d2a1d8b203d85252f4afa15876ce) Jim Pingle
07:19 PM Revision 22b43392: Remove 'now' from reboot command, it is no longer accepted or necessary. Fixes #8495: Jim Pingle
06:32 PM Revision cdd30801: Bug #8469 - Modify show_advdns function pageload conditions to allow for ddnsdomainkeyalgorithm default value, i.e., hmac-md5: (cherry picked from commit 3e1b29c7ba3a586cb94268d76ecb78874c2f5007) Michael Alden
05:59 PM Revision 6fd98c6f: Enable build of drm-next-kmod: Renato Botelho
05:31 PM Revision 98dfd103: Backport table size increase for larger bogons. Ticket #8417: Jim Pingle
03:10 PM Todo #8394 (Feedback): status.php - Some package password fields are not redacted: Applied in changeset commit:21fdf72c0b3caf960512373ad903fe03ccc578ff. Jim Pingle
03:04 PM Revision c8febf6e: Revert "Do not assign classes with =& to make PHP 7 happy": This reverts commit e33c96162a33b52a9152ce0b05dba8b25f1dc2b4. Renato Botelho
02:45 PM Revision 6fb33591: Enforce array type for PHP 7.2 Migration: Stephen Jones
02:39 PM Revision ab1387e6: Prevent pressing Enter in the filter field of diag_pftop.php. Fixes #8494: (cherry picked from commit e2654541019b59f544cda76fb0e63ea7a4a5d040) Jim Pingle
02:39 PM Revision e2654541: Prevent pressing Enter in the filter field of diag_pftop.php. Fixes #8494: Jim Pingle
02:30 PM Bug #8495 (Feedback): /etc/rc.reboot does not work on latest 2.4.4 snapshot: Applied in changeset commit:22b43392c24ef1c8fd165a5fa6b30098d127c010. Jim Pingle
02:17 PM Bug #8495 (Resolved): /etc/rc.reboot does not work on latest 2.4.4 snapshot: /etc/rc.reboot calls "/sbin/reboot now" and apparently that has been disabled in 11.2-PRE, see https://github.com/fre... Jim Pingle
01:33 PM Bug #8439 (Not a Bug): Trailing whitespace on username not respected in LDAP filter: After talking with others this is all up to the target server. AD respects the space, for example, while OpenLDAP doe... Jim Pingle
01:32 PM Bug #8469 (Feedback): DHCP Server configuration page errantly expands Dynamic DNS advanced parameters even when none are configured: Jim Pingle
10:05 AM Bug #8493: Assigned OpenVPN interface does not send traffic via right route until reboot: Got it, no more questoins Constantine Kormashev
09:57 AM Bug #8493: Assigned OpenVPN interface does not send traffic via right route until reboot: It's noted in "book section on assignment":https://portal.pfsense.org/docs/book/openvpn/assigning-openvpn-interfaces.... Jim Pingle
09:55 AM Bug #8493: Assigned OpenVPN interface does not send traffic via right route until reboot: Did not know about OpenVPN restart. Perhaps we need some hook for autorestart or warning there, because this is not o... Constantine Kormashev
09:47 AM Bug #8493 (Not a Bug): Assigned OpenVPN interface does not send traffic via right route until reboot: After assignment, you must restart the VPN manually so OpenVPN can reapply the interface setttings which are stripped... Jim Pingle
03:25 AM Bug #8493 (Not a Bug): Assigned OpenVPN interface does not send traffic via right route until reboot: In case of using several OpenVPN instances, e.g. Client (has its own default route) and Server on pfsense, assigned O... Constantine Kormashev
09:50 AM Bug #8494 (Feedback): pressing Enter in pftop filter field redirects to another page: Applied in changeset commit:e2654541019b59f544cda76fb0e63ea7a4a5d040. Jim Pingle
09:35 AM Bug #8494 (Confirmed): pressing Enter in pftop filter field redirects to another page: Jim Pingle
04:40 AM Bug #8494 (Resolved): pressing Enter in pftop filter field redirects to another page: If I press Enter in pftop filter field system redirects me to another page instead showing result in Output frame.
... Constantine Kormashev

05/02/2018

08:51 PM Revision 714c15d7: Cleaner fix for ##8447: (cherry picked from commit 96fa3e3616c1b46cbd23593df8c08cceb23a61e6) Steve Beaver
08:51 PM Revision e3dfbd9c: Fixed #8447: (cherry picked from commit 1d523d1e4e7b16519ed3fd9dfb9e6b4dd84b4285) Steve Beaver
07:52 PM Revision d62d089d: Since OpenVPN user attributes come from RADIUS which keys off username, use that and not common_name which may be empty. Fixes #8480: (cherry picked from commit a2e92e18a35112ec59d18d3555f89668d9e07a11) Jim Pingle
07:52 PM Revision 8228ea91: fix #8441;: ipfw rules must be deleted before cp record delete.
(cherry picked from commit 29a272f7361689c87dd7ad9fc1c903e843a1c... Selman ULUG
07:51 PM Revision 8d06b6c2: Reword bogon block size error text. Ticket #8417: (cherry picked from commit 6ad146e0445961ccba5323cccadcdfddc98e7d55) Jim Pingle
07:51 PM Revision b4bb2544: Correct text for reserved alias name checks against protocols and services. Fixes #8409: (cherry picked from commit a2405c1a8c366e1ad2ececd4f62c577eed31ab7c) Jim Pingle
07:51 PM Revision 39ee89ab: Correct pconfig_to_address() so its logic matches the input validation used for checking port numbers. Fixes #8410: (cherry picked from commit 885e9b2a1df256f4d50367f96b4d39c1106b2448) Jim Pingle
07:51 PM Revision a8ad9098: Cleaner fix for ##8447: (cherry picked from commit 96fa3e3616c1b46cbd23593df8c08cceb23a61e6) Steve Beaver
07:51 PM Revision ca0ca1c5: Fixed #8447: (cherry picked from commit 1d523d1e4e7b16519ed3fd9dfb9e6b4dd84b4285) Steve Beaver
07:51 PM Revision ef799458: Replace incomplete list of pf reserved words with a list of pf tokens pulled from the pf source. Fixes #8445: Also, move the list to a central location so it does not need to be duplicated.
(cherry picked from commit b20cfb551... Jim Pingle
07:51 PM Revision 1ed92658: fixed code style: (cherry picked from commit a7e859b80d55abfbdcae1918065aaf59baba4900) Benjamin Schweizer
07:51 PM Revision 2d6255e1: avoid firwall rules for proxyarp addresses: (cherry picked from commit 7c0e431a878d63fdb0440dbd2c1fad1e7d379f8c) Benjamin Schweizer
04:48 PM Revision 6dde4c10: Type check for array, Part of php 7.2 migration: Stephen Jones
04:12 PM Revision e3df164a: Added a check to make sure ['ipsec'] was an array, Part of PHP 7.2 Migration: Stephen Jones
03:42 PM Revision d3cc158c: Only alter users/groups via XMLRPC when the primary is set to do so. Fixes #8450: Jim Pingle
03:42 PM Revision ff13ca0d: Only alter users/groups via XMLRPC when the primary is set to do so. Fixes #8450: (cherry picked from commit be4693a1e79d89cfc6ea797fcb7fb56b5052c26d) Jim Pingle
03:41 PM Revision bb24d66e: PHP7 Resolve count() parameter warning: Steve Beaver
12:55 PM Feature #8430 (Resolved): Add DNS Resolver status page: What's there now is enough for this purpose. I haven't yet been able to come up with a good way to represent the data... Jim Pingle
10:50 AM Bug #8450 (Feedback): High Availability Sync / xmlrpc.php removes "remote system username" on backup cluster member: Applied in changeset commit:ff13ca0dfe2e016cb21141f0dbd7cdad44e55a46. Jim Pingle
07:57 AM pfSense Packages Feature #8490: pfSense-pkg-acme: acme_certificates_edit.php - Add ability to specify (vs generate) private key: PR Link: https://github.com/pfsense/FreeBSD-ports/pull/518 Jim Pingle
07:43 AM pfSense Packages Feature #8299 (Resolved): acme: ocsp must-staple: This is in the package and working OK now Jim Pingle

05/01/2018

09:06 PM Revision a2e92e18: Since OpenVPN user attributes come from RADIUS which keys off username, use that and not common_name which may be empty. Fixes #8480: Jim Pingle
06:22 PM Revision f1552738: PHP7 - Resolev undefined constant warning: Steve Beaver
05:47 PM Revision 72f363ed: Fixed #8486 via htmlspecialchars(): (cherry picked from commit 687e50fd439179ba61a518c7b68c91b168e56e50) Steve Beaver
05:47 PM Revision 8d7458f6: Fixed #8485 by POSTing fixed string and looking up the required file name: (cherry picked from commit c29a1fe90f89c1ae392df2ef2092207e282ddc37) Steve Beaver
05:46 PM Revision 5c856a1d: Fixed #8486 via htmlspecialchars(): (cherry picked from commit 687e50fd439179ba61a518c7b68c91b168e56e50) Steve Beaver
05:46 PM Revision 9d918214: Fixed #8485 by POSTing fixed string and looking up the required file name: (cherry picked from commit c29a1fe90f89c1ae392df2ef2092207e282ddc37) Steve Beaver
05:46 PM Revision b662c5e4: Fixed #8486 via htmlspecialchars(): (cherry picked from commit 687e50fd439179ba61a518c7b68c91b168e56e50) Steve Beaver
05:46 PM Revision 48f8b5ad: Fixed #8485 by POSTing fixed string and looking up the required file name: (cherry picked from commit c29a1fe90f89c1ae392df2ef2092207e282ddc37) Steve Beaver
04:20 PM Bug #8480 (Feedback): common/user name not expaned in openvpn.attributes.php (when doing per-user fw rules): Applied in changeset commit:a2e92e18a35112ec59d18d3555f89668d9e07a11. Jim Pingle
11:37 AM Bug #8492 (Duplicate): Enable setting PKCS#12 export password in Certificate Manager: Several use cases exist for using an exported keypair as a .p12 archive, but are complicated by pfSense not setting a... Darren Spruell
08:04 AM pfSense Packages Bug #8491 (Resolved): ACME: DNS-Luadns not working: Hello,
I'm using acme 0.2.8_2 with LuaDNS. If I want to obtain a certificate with the DNS-Luadns method, I should ... Anonymous

04/30/2018

08:14 PM pfSense Packages Feature #8490: pfSense-pkg-acme: acme_certificates_edit.php - Add ability to specify (vs generate) private key: Scott Smith wrote:
> * Like other user-entered data, the user-entered _Private Key_ text would be stored in the co... Michael M
01:36 PM Revision aa6184b6: Enable support for php72 variant: Renato Botelho
01:36 PM Revision b395c4f2: Add a global to keep valid meta package suffixes: Renato Botelho
11:28 AM Revision 88a8b4da: Sort: Renato Botelho
05:27 AM Bug #6880: Multiple DHCP6 WAN connections leads to multiple dhcp6c clients: Luke Hamburg wrote:
> Thanks. I first checked out master and didn't find that commit... then drank some coffee & re... Daniel Helgenberger
03:39 AM Bug #6223: IPsec + OpenBGPD fails with "PF_KEY socket: No buffer space available": Just finish to migrate to FRRouting
IPV4 OK but IPV6 bad dream... fortunately there is a great thing called vtysh ... xavier Lemaire

04/28/2018

05:29 PM pfSense Packages Feature #8490 (Resolved): pfSense-pkg-acme: acme_certificates_edit.php - Add ability to specify (vs generate) private key: I was unable to find a bug/issue/etc on this specific topic, so I'm submitting it as a Feature request.
When a use... Scott Smith
04:58 PM Bug #8489: DHCPv6 Client Failure to Initialize with "Do not wait for RA": Here is a post reboot log file with debug enabled.
Apr 28 14:51:55 dhcp6c 9814 reset a timer on hn1, state=SOLICIT... Daryl Morse

04/24/2018

03:20 PM pfSense Packages Bug #8482 (Closed): Reseting states causes ntop-ng to core dump: Almost certainly nothing we can do about a crash of that nature. You'll have to take that up with ntopng and/or FreeB... Jim Pingle
03:17 PM pfSense Packages Bug #8482 (Closed): Reseting states causes ntop-ng to core dump: Not sure if this is somewhat expected, but reseting states through the "diagnostics" menu causes ntopng to core dump.... Jon Hayward
02:15 PM Revision e33c9616: Do not assign classes with =& to make PHP 7 happy: Renato Botelho
02:08 PM Revision 39f69cb3: Fix syntax removing a continue that is out of scope and making the: function to return instead Renato Botelho
10:17 AM Bug #8481 (Duplicate): Editing multiple entries in multiple browser tabs causes problems or doesn't work: In various places in the web interface, trying to edit multiple entries in browser tabs and saving them one by one do... Eduard Rozenberg
07:56 AM pfSense Packages Bug #8425: telegraf not reporting memory: *UPDATE*: my changes were committed upstream (https://svnweb.freebsd.org/ports?view=revision&revision=468200).
I h... Chipster Cuch
07:42 AM pfSense Packages Bug #8425: telegraf not reporting memory: Telegraf 1.6.1 was released yesterday with the updated godeps that fix various issues. I have submitted my patches up... Chipster Cuch
04:45 AM Bug #8480 (Resolved): common/user name not expaned in openvpn.attributes.php (when doing per-user fw rules): As requested on forums (https://forum.pfsense.org/index.php?topic=146908.0) opening bug report.
It seems there are... Michal Soltys
02:30 AM Bug #8429: radvd/IPv6 broken in 2.4.3 when using a LAN bridge: I'm seeing a similar issue, but I am using a USB ethernet device for the LAN connection:
ioctl(SIOCGIFMEDIA) failed... TJ Synkral
12:13 AM Revision ba1f99cd: Improve/add help messages warning about bad security choices: Sean McBride

04/23/2018

08:14 PM Revision 3f576469: Merge pull request #3938 from CampinCarl/master: Steve Beaver
08:13 PM Revision 2c588398: Merge pull request #3940 from GrantSheehan/add_do_dyndns: Steve Beaver
07:39 PM Revision 43a9b03d: Gateways, allow for configuring a gatewaygroup as the default gateway.: -Avoid changing routes by just visiting a webgui page.
-Avoid change some unneeded events when nothing changed. Pi Ba
04:07 PM Bug #8479 (Duplicate): Firewall stops working (all the traffic passes!) due to an error caused by OpenVPN wizard.: Duplicate of #8391 and #6028
And in the future, if you believe you have found a security problem, the correct proc... Jim Pingle
04:04 PM Bug #8479 (Duplicate): Firewall stops working (all the traffic passes!) due to an error caused by OpenVPN wizard.: Originally published at https://forum.pfsense.org/index.php?topic=147068.0
Guyz, today I've discovered *a very dan... Aleksandar Pesic
09:47 AM Feature #7890 (Rejected): Support for Intel/AMD CPU microcode updates: Jim Thompson
07:57 AM pfSense Packages Bug #8476: OpenVPN Client Export TLS Key Direction Directive Location: As long as we can prove that change will not negatively impact other clients it should be OK to make that change, but... Jim Pingle
02:29 AM Revision 32cb54c3: Merge branch 'master' into add_do_dyndns: Grant Sheehan

04/22/2018

10:27 PM Revision 544674ad: Add DigitalOcean DynDNS client: Grant Sheehan
09:04 PM Feature #8478: Add DynDNS client for DigitalOcean DNS: PR is posted: https://github.com/pfsense/pfsense/pull/3940 Grant Sheehan
05:31 PM Feature #8478 (Resolved): Add DynDNS client for DigitalOcean DNS: Add a DynDNS client for DigitalOcean's DNS service. Grant Sheehan
10:48 AM Bug #8477 (Resolved): Gateway latency, units used inconsistently.: When a gateway alarm is triggered or cleared is is reported in the system log using milliseconds (ms) but the gateway... Steve Wheeler

04/21/2018

02:17 PM pfSense Packages Bug #8476 (Resolved): OpenVPN Client Export TLS Key Direction Directive Location: pfSense Version: pfSense-CE-memstick-2.4.3-RELEASE-amd64.img.gz ( https://nyifiles.pfsense.org/mirror/downloads/pfS... Joshua Katz

04/20/2018

07:56 PM Bug #8463: Performance Regression in 2.4.3 under KVM: If I change the cards from being vtnet to em0 (i.e. remove the VirtIO ethernet card in Proxmox and replace it with th... Anonymous
04:00 PM Bug #8441 (Resolved): Manually disconnecting a captive portal user leaves the IPFW table entry: Jim Pingle
03:49 PM Bug #8441: Manually disconnecting a captive portal user leaves the IPFW table entry: tested on today's snap: 2.4.4.a.20180420.1016
removed item from the captive portal status page.
was removed from ip... Chris Macmahon
03:14 PM Revision 9dd655a0: Enable build of PHP 7.2 flavor: Renato Botelho
03:04 PM Bug #8426 (Resolved): Mobile IPSec login not working after upgrade from 2.4.2p1: Jim Pingle
03:01 PM Bug #8426: Mobile IPSec login not working after upgrade from 2.4.2p1: Was able to confirm fix worked. Chris Macmahon
11:34 AM pfSense Packages Feature #8475 (Closed): syslog-ng TLS configuration support: For syslog-ng to use TLS, it needs access to certificates, and in particular CA certs. For the local cert/key I can ... Orion Poplawski

04/19/2018

11:52 PM Feature #8474 (New): Easier Conversion to HA Pair from Existing Non-HA Firewall: Requesting perhaps a guided wizard built-in to convert an existing well established pfsense 2.4.x configuration (such... Dennis Chow
03:39 PM pfSense Packages Bug #6339: OpenVPN Client Export package option for "Use Microsoft Certificate Storage" does not specify which certificate to use: Not sure if it would be easier to implement, but using this works well for me:... Caleb Hornbeck
12:43 PM Bug #8473 (Closed): Not a bug: a feature patch that's been part implemented.: I'm not inclined to split off those options to their own page. There aren't that many, and I also don't like the idea... Jim Pingle
12:29 PM Bug #8473 (Closed): Not a bug: a feature patch that's been part implemented.: In the last couple of weeks there's been news on DNS privacy. I was JUST about to submit a PR for a bunch of Unbound ... Stilez y
11:09 AM Bug #8472 (Resolved): IPsec with "Split connections" enabled (multiple P2's) - new added P2's are not coming up (between two pfsense's 2.4.3): When a new P2 is created it is not appearing in active SA's.
For example - P2 is added for 10.200.136.0/24|/0 === ... Vladimir Lind
10:09 AM Bug #8470 (Closed): IKEv2 EAP-MSCHAPv2 inconsistent as option (documentation or fix): Docs adjusted. It used to work that way (button on either page) in 2.2.x, but in 2.4 the button only shows on the Mob... Jim Pingle
10:04 AM Bug #8471 (Rejected): Captive portal version 2.4.3: You have some other configuration issue there. Captive Portal works well on 2.4.3, unless you are hitting #8441 in wh... Jim Pingle
09:59 AM Bug #8471 (Rejected): Captive portal version 2.4.3: After updating from 2.4.2 to 2.4.3, captive portal does not work.
Any user is allowed to use the network, even if th... Gerardo Trotta
04:04 AM Bug #8463: Performance Regression in 2.4.3 under KVM: As suggested on reddit I have also done a fresh install of 2.4.3 and then applied the backed up configuration. This ... Anonymous

04/18/2018

08:09 PM Revision 3e1b29c7: Bug #8469 - Modify show_advdns function pageload conditions to allow for ddnsdomainkeyalgorithm default value, i.e., hmac-md5: Michael Alden
04:28 PM Bug #8470 (Closed): IKEv2 EAP-MSCHAPv2 inconsistent as option (documentation or fix): Only if you create a tunnel from the Mobile Clients page instead of from the Tunnels page does the EAP-MSCHAPv2 optio... MIchael K
03:33 PM Bug #8413: Virtual IP on PPPOE interface no longer working with 2.4.3: This is not duplicate of #8393 - I've applied the patches of #8393 and it does not resolve the issue Foo Barbarian
03:21 PM Bug #8469: DHCP Server configuration page errantly expands Dynamic DNS advanced parameters even when none are configured: Pull Request: https://github.com/pfsense/pfsense/pull/3938 Michael Alden
03:05 PM Bug #8469 (Resolved): DHCP Server configuration page errantly expands Dynamic DNS advanced parameters even when none are configured: When saving DHCP Server configuration settings, the Dynamic DNS Key algorithm drop down box (under advanced Dynamic D... Michael Alden
01:38 PM Bug #8468 (Rejected): Status / Queues show mostly NaN: While using shaping on multiple interfaces (and only priq in my situation), many of the columns only show NaN.
For... Kris Lou
03:18 AM Bug #8467: Certificate Manager Cannot Delete/Export: hmm... the issue disappeard. Now exporting the certificate works. The problem might have been related to an upgrade f... Otto Waalkes

04/17/2018

07:42 PM Bug #8457: Packages do not remove on factory default: Assigned to PM for future reassignment. Jim Thompson
07:41 PM Bug #7604: Bug #6594 is not resolved: Waiting for Internet connection to update pkg metadata and finish package reinstallation: Assigned to PM for further re-assignment. Jim Thompson
06:22 PM Bug #8467 (Not a Bug): Certificate Manager Cannot Delete/Export: Can't reproduce it here, either. All entries export fine. Must be a local problem or something wrong with that instal... Jim Pingle
05:41 PM Bug #8467 (Feedback): Certificate Manager Cannot Delete/Export: I am unable to reproduce. The functionality works as expected for me. Please ensure you have JavaScript enabled, and ... Anonymous
05:10 PM Bug #8467 (Not a Bug): Certificate Manager Cannot Delete/Export: Exporting a Certificate Authority is not working. There is no error message. The page just gets reloaded and not down... Otto Waalkes
04:33 PM pfSense Packages Bug #8438: haproxy: can't use ACL for cert with http-response actions: Also:
1. Add "path_dir" to the default list of ACL expressions
2. Your current ACLs are case insensitive (-i) by ... Petr H
06:32 AM pfSense Packages Bug #8438: haproxy: can't use ACL for cert with http-response actions: I've got one minor feature proposal:
Notes/Description/Comments for each ACL or action entry
Normally if I'd us... Petr H
09:04 AM Feature #8316: expiration date when creating new rules: I also would welcome this feature. Christian Rhomberg
07:54 AM pfSense Packages Bug #8466 (Resolved): radiusd crash: Radiusd crash when for a user is set a password in plain text containing " (double qoutes)
After this all users get ... Razvan Petrescu
07:05 AM Feature #4688: Missing TFC Traffic Flow Confidentiality support: Jim Pingle wrote:
> The IPsec stack in FreeBSD was overhauled between FreeBSD 10.x and FreeBSD 11.1, so it's possibl... Lars Pedersen
04:31 AM pfSense Packages Bug #8425: telegraf not reporting memory: *UPDATE*:
Telegraf 1.6.0 final was released today. I have updated the port accordingly, and it includes the memory p... Chipster Cuch
04:21 AM Bug #8465 (Resolved): Lost default gateway after recover from failover with CARP VIP and HA: Both boxes works with SuperMicro Boards which have two interfaces on board and an additional i350 4 Port network card... Tom DL7BJ
03:35 AM Bug #8464 (New): Wireless USB card does not connect to WiFi automatically after reboot/halt: Wireless USB card on Realtek RTL8192SU chipset in BSS mode does not connect to WiFi until wilreless interface is set ... Constantine Kormashev

04/16/2018

04:53 PM Bug #8424: IPv6 stops working completely for interfaces that use interface tracking and have VIPs configured on them: Apparently after more testing, the issue does not manifest after modifying the max table size to mitigate the bogon t... Jupiter Vuorikoski
04:00 PM Bug #8463: Performance Regression in 2.4.3 under KVM: I should also point out under 2.4.3 that IBRS isn't enabled:... Anonymous
01:58 PM Bug #8463 (Closed): Performance Regression in 2.4.3 under KVM: Since upgrading my install to 2.4.3 I have noticed a decrease in the results I get from speedtest.net and fast.com
I... Anonymous
01:45 PM Revision e3957306: Merge pull request #3937 from Bg-Tek/cp_disconnect_not_remove_ipfw_rules: Steve Beaver
01:28 PM Revision 7be90df1: Merge pull request #3912 from mhalden/nat_ifgroups: Steve Beaver
01:25 PM Revision 9ba58425: Merge pull request #3935 from Firminator/patch-1: Steve Beaver
12:42 PM pfSense Packages Bug #8277 (Resolved): ntopng service fails to start on 2.4.3: Jim Pingle
12:10 PM Feature #4688: Missing TFC Traffic Flow Confidentiality support: The IPsec stack in FreeBSD was overhauled between FreeBSD 10.x and FreeBSD 11.1, so it's possible that the behavior i... Jim Pingle
11:13 AM Revision 29a272f7: fix #8441;: ipfw rules must be deleted before cp record delete. Selman ULUG
11:04 AM Bug #8462 (Not a Bug): UI - small gear icon/animation not centered: The small gear icon/animation that appears in the dashboard update widget is not centered, so the animation is a bit ... Eduard Rozenberg
09:28 AM Bug #8122: openvpn client is unable to use OTP (temporary) passwords: As implemented, this script would only be run when the OpenVPN client configuration is re-written, which happens when... Jim Pingle
09:21 AM pfSense Packages Bug #8461 (Closed): open-vm-tools : bug with version 2.4.3: The updated port is already on 2.4.4 snapshots, try it there. If it still has issues, you'll need to replicate them o... Jim Pingle
05:54 AM pfSense Packages Bug #8461 (Closed): open-vm-tools : bug with version 2.4.3: Hello,
I have a very specific bug that appeared with version 2.4.3.
When uploading a file to pfSense using vmwa... Julien Gormotte
09:00 AM Bug #8441 (Feedback): Manually disconnecting a captive portal user leaves the IPFW table entry: Applied in changeset commit:29a272f7361689c87dd7ad9fc1c903e843a1c593. Anonymous

04/15/2018

12:01 PM pfSense Packages Feature #8279: Consider adding a new option to the Rule Order: Two more options:
1 - in pfBlockerNG, Rule Order add option - "Do not change (preserve) existing order"
or
... Yuri Weinstein
01:57 AM Revision 70e0b547: Update system_advanced_admin.php: Firminator

04/14/2018

09:41 PM Feature #4688: Missing TFC Traffic Flow Confidentiality support: Did FreeBSD get TFC support in the last 2 years? Sean McBride
10:51 AM pfSense Packages Bug #8425: telegraf not reporting memory: FWIW: Here is my @port@ setup for the patched Telegraf fixing the memory issue and addressing the new golang deps for... Chipster Cuch
07:02 AM Feature #5544: DHCP static mapping from RADIUS: Michael F wrote:
> it will be a brilliant to set the static DHCP mapping only one time on a RADIUS server & use it f... Michael F
02:28 AM Bug #8122: openvpn client is unable to use OTP (temporary) passwords: I attached a screenshot of the initial implementation as it would make easier to review it.
I know that there are ... Sorin Sbarnea

04/13/2018

07:55 PM Bug #7604: Bug #6594 is not resolved: Waiting for Internet connection to update pkg metadata and finish package reinstallation: Still hitting this in 2.4.3. Anonymous
04:50 PM pfSense Packages Bug #8456 (Resolved): Squid shows Warning on package page after installation: Jim Pingle
04:02 PM pfSense Packages Bug #8456: Squid shows Warning on package page after installation: Tested on 2.4.4.a.20180413.1305, fix works. Anonymous
04:08 PM pfSense Packages Bug #8425: telegraf not reporting memory: *Update*: I worked with an InfluxData dev on this issue and it's indeed upstream. @gopsutil@[1], a golang dependency ... Chipster Cuch
11:02 AM Bug #8460: Ntopng and default SNMP daemon issues: Hello Jim,
Thank you for the reply. Will ping bsd bug tracker. Florin Samareanu
10:51 AM Bug #8460 (Closed): Ntopng and default SNMP daemon issues: Nothing we can do about that. Take it up with bsnmpd in FreeBSD if you want to pursue the issue. You already found th... Jim Pingle
10:48 AM Bug #8460: Ntopng and default SNMP daemon issues: Pcap captures of snmpwalk and when adding pfsense from ntopng interface. Florin Samareanu
10:46 AM Bug #8460 (Closed): Ntopng and default SNMP daemon issues: Hello,
When adding pfsense as a SNMP monitored target in ntopng an error message appears. Switching to net-SNMP fi... Florin Samareanu
10:13 AM Bug #8459 (Rejected): Duplicating IP Addresses on Dhcp Server: It's not at all clear what you're referring to here. Please post on a discussion platform such as the forum, pfSense ... Jim Pingle
08:53 AM Bug #8459 (Rejected): Duplicating IP Addresses on Dhcp Server: I am using Version 2.4.3-RELEASE (amd64)
I use pfsense as a dhcp server on my network, I noticed that after upgradin... Julio Cesar Pereira
09:48 AM pfSense Packages Bug #8454: Arpwatch package break email notifications from other sources: Makes sense since all that sendmail script does is call the internal mail handling.
I see three options:
1. Chang... Yehuda Katz
08:56 AM pfSense Packages Bug #8277 (Feedback): ntopng service fails to start on 2.4.3: Done on 2.4.3 and 2.3.5 Renato Botelho
08:41 AM Feature #8458 (New): Allow reordering of interface widget: It would be nice to be able to reorder the interfaces in the Interface widget. Simon Brezovnik
02:25 AM Revision 9886c24b: Update system_advanced_admin.php: * upper and lowercase fixes
* added missing space Firminator

04/12/2018

07:07 PM Bug #8048: DHCPv6 Configured for LAN without LAN interface: Still hitting this issue in 2.4.4.a.20180412.1121. Can't tell why the <dhcpdv6> section is being added to the configu... Anonymous
04:25 PM Bug #8457: Packages do not remove on factory default: also tested via menu option 4. the Packages I Installed (acme, Nut Ladvd) were not removed
Chris Macmahon
03:47 PM Bug #8457: Packages do not remove on factory default: Tested 2.4.4, hardware reset did not clear the packages like it did on 2.4.3.
Hardware reset worked on 2.4.3, but ... Chris Macmahon
02:41 PM Bug #8457 (Resolved): Packages do not remove on factory default: Install 2.4.2 CE. Upgrade to latest 2.4.4 snap. Install Squid. Factory Default the appliance. The package will remain... Anonymous
04:21 PM Revision fad13c41: For IPsec mobile clients, write out a more specific ipsec.secrets line to help clients find the right key with strongSwan's new lookup code. Fixes #8426: (cherry picked from commit af7c0311b89656198e00ded91c1a2a87f34c331b) Jim Pingle
04:19 PM Revision af7c0311: For IPsec mobile clients, write out a more specific ipsec.secrets line to help clients find the right key with strongSwan's new lookup code. Fixes #8426: Jim Pingle
02:18 PM Bug #8453 (Not a Bug): NAT reflection can't work when NAT port faword set Destination port range: Reflection rules are created properly for port ranges. Please post on the forum, pfSense subreddit, or mailing list f... Jim Pingle
01:51 PM pfSense Packages Bug #8456 (Feedback): Squid shows Warning on package page after installation: Fix pushed Jim Pingle
01:37 PM pfSense Packages Bug #8456 (Resolved): Squid shows Warning on package page after installation: Install 2.4.2 CE, upgrad to latest 2.4.4 snapshot. Install Squid package, visit Services > Squid and the text (Warnin... Anonymous
01:36 PM pfSense Packages Bug #8277 (Assigned): ntopng service fails to start on 2.4.3: Since it's OK on 2.4.4, we can copy back the new ntopng to 2.4.3 now Jim Pingle
12:38 PM pfSense Packages Bug #8277: ntopng service fails to start on 2.4.3: Tested on 2.4.4.a.20180412.1121, service starts and can be accessed. Anonymous
11:36 AM Bug #8426: Mobile IPSec login not working after upgrade from 2.4.2p1: I tested the diff and can confirm it works again. Thank you so much for fixing this so quickly Jim! Jay2k1 *
11:30 AM Bug #8426 (Feedback): Mobile IPSec login not working after upgrade from 2.4.2p1: Applied in changeset commit:af7c0311b89656198e00ded91c1a2a87f34c331b. Jim Pingle
10:55 AM Bug #8426: Mobile IPSec login not working after upgrade from 2.4.2p1: Well, ipsec.secrets is written out identically on both a working (2.4.2) and non-working (2.4.3, 2.4.4, 2.3.6) setup ... Jim Pingle
10:34 AM Bug #8426 (Confirmed): Mobile IPSec login not working after upgrade from 2.4.2p1: Looks like the PSK for another tunnel is being used instead of the more exact match. It works when it is the only ent... Jim Pingle
07:34 AM pfSense Packages Bug #8454: Arpwatch package break email notifications from other sources: I wouldn't say those are broken. Those cron notifications didn't work at all without the symlink setup by arpwatch. F... Jim Pingle
07:18 AM pfSense Packages Bug #8454 (New): Arpwatch package break email notifications from other sources: Arpwatch replaces /usr/sbin/sendmail with a symlink to a PHP script that specifically mentioned Arpwatch in the messa... Yehuda Katz
07:31 AM Bug #8455 (Not a Bug): IPsec site2site connection not working after upgrade to 2.4.3: Please post on the forum or pfSense subreddit for assistance. Most likely this is not related to IPsec at all, but a ... Jim Pingle
07:29 AM Bug #8455 (Not a Bug): IPsec site2site connection not working after upgrade to 2.4.3: Since the upgrade from 2.4.2p1 to 2.4.3, the connection to the remote ipsec endpoint fails with 04[NET] error writing... Kai Wöstefeld
06:47 AM Bug #8429: radvd/IPv6 broken in 2.4.3 when using a LAN bridge: just to confirm. Having the same problem.
[Apr 12 11:43:32] radvd (88189): polling for 0 second(s), next iface is ... Johannes Ullrich

04/11/2018

09:40 PM Bug #8453 (Not a Bug): NAT reflection can't work when NAT port faword set Destination port range: NAT reflection can't work when NAT port forward set Destination port range.
it can work when setting single NAT p... wisn gsiw
06:35 PM Bug #8417 (Resolved): IPv6 bogon list size now too large to fit in standard maximum table size: Jim Pingle
06:13 PM Bug #8417: IPv6 bogon list size now too large to fit in standard maximum table size: Tested on pfSense CE version: 2.4.4 Built On: Wed Apr 11 14:31:44 CDT 2018 .. after upgrading from 2.4.2. Nothing wro... Anonymous
04:19 PM Bug #8452 (Closed): PPPoE :: Interfaces > WAN: [PPPoE Configuration] Service name :: colon not allowed (invalid character): I have noticed that a colon is not allowed in the "Service name" of a PPPoE configuration under "Interface > WAN".
O... Bouke Henstra
01:15 PM Todo #8451 (Resolved): System Information dashboard widget - Kernel PTI toggle: When editing the System Information dashboard widget, all sections of the widget can be toggled on or off. Since the ... Clinton Cory
02:11 AM Bug #8450: High Availability Sync / xmlrpc.php removes "remote system username" on backup cluster member: OK now we're getting somewhere. I can confirm that there is something to look at here regarding syncing users from th... Chris Linstruth
01:56 AM Bug #8450: High Availability Sync / xmlrpc.php removes "remote system username" on backup cluster member: No, the xmlrpcsync user does not exist on the primary. However, since the "user manager users and groups" checkbox is... Alex S
12:51 AM Bug #8450: High Availability Sync / xmlrpc.php removes "remote system username" on backup cluster member: Does the xmlrpcsync user exist on the primary?
I use a custom user (xmlrpc) for this and it survived the upgrade, ... Chris Linstruth
12:28 AM Bug #8450 (Resolved): High Availability Sync / xmlrpc.php removes "remote system username" on backup cluster member: Two-member cluster:
- Primary: upgraded from 2.4.2-p1 to 2.4.3 using the GUI
- Backup: issue occurs both after an u... Alex S

04/10/2018

08:05 PM Bug #8076: User can easily apply an unusable interface configuration after restore: This is exasperated by the fact that in previous versions of pfSense when you got the "reassign interfaces" page afte... Nate Cartwright
05:47 PM Revision 6ad146e0: Reword bogon block size error text. Ticket #8417: Jim Pingle
01:28 PM Bug #7443: Issues Creating IPv6 Static Mappings: The actual lease works now, so now I am just basically verifying the original bug report. Its cosmetic only but I agr... Chris Collins
12:10 PM Bug #7443: Issues Creating IPv6 Static Mappings: Did this ever get fixed? I ended up at this page trying to diagnose static ipv6 mappings.
I have configured static... Chris Collins
01:08 PM pfSense Packages Bug #8440 (Not a Bug): Suricata 4.0.4_1 disablesid.conf does not disable rule?: Jim Pingle
12:58 PM pfSense Packages Bug #8440: Suricata 4.0.4_1 disablesid.conf does not disable rule?: This is not a bug. The rule being triggered was a flowbit rule. Therefore, the disablesid.conf could not disable the ... Raffi T
08:17 AM Bug #8410 (Resolved): unable to use registered services by name and unable to define aliases for registered services using their name: Jim Pingle
08:17 AM Bug #8409 (Resolved): pfsense alias complains about well known name for non well known port: Jim Pingle
03:31 AM Bug #8448: Log size modification broken: In addition, -after three consecutive size changes- when you start with a very large number, the file doesn't stop gr... Alexandre Pétillon
12:48 AM Revision 41270b74: Delete loader.conf.local: Peter Berbec
12:48 AM Revision 3173cf70: Delete IF_URNDIS.KO: Peter Berbec
12:48 AM Revision c344add2: rename: Peter Berbec
12:47 AM Revision 072e0e93: Create loader.conf.locat: Peter Berbec
12:46 AM Revision a397fd7a: ndis driver: Peter Berbec
12:16 AM Bug #8426: Mobile IPSec login not working after upgrade from 2.4.2p1: Seeing the same error ("The VPN Shared Secret is incorrect.") on iOS. Exact same config worked before the update to 2... Daniel Becker

04/09/2018

08:32 PM Revision aa20508d: Correct text and help for new SSH key/pass options. Ticket #8402: Jim Pingle
08:18 PM Revision a2405c1a: Correct text for reserved alias name checks against protocols and services. Fixes #8409: Jim Pingle
08:11 PM Revision 885e9b2a: Correct pconfig_to_address() so its logic matches the input validation used for checking port numbers. Fixes #8410: Jim Pingle
07:37 PM pfSense Packages Bug #8425: telegraf not reporting memory: Can confirm this same behavior. An upstream bug was also filed: https://github.com/influxdata/telegraf/issues/3750 Chipster Cuch
07:26 PM Bug #8410: unable to use registered services by name and unable to define aliases for registered services using their name: Tested on latest 2.4.4 CE snapshot gitsync'd to master, works as expected. Setting port to other and using the name, ... Anonymous
03:20 PM Bug #8410 (Feedback): unable to use registered services by name and unable to define aliases for registered services using their name: Applied in changeset commit:885e9b2a1df256f4d50367f96b4d39c1106b2448. Jim Pingle
03:09 PM Bug #8410: unable to use registered services by name and unable to define aliases for registered services using their name: @is_port()@ from /etc/inc/util.inc tests a string against known services by name to determine validity, not just numb... Jim Pingle
07:15 PM Bug #8409: pfsense alias complains about well known name for non well known port: Tested on latest 2.4.4 CE snapshot gitsync'd to master, works as expected. Anonymous
03:30 PM Bug #8409 (Feedback): pfsense alias complains about well known name for non well known port: Applied in changeset commit:a2405c1a8c366e1ad2ececd4f62c577eed31ab7c. Jim Pingle
04:01 PM pfSense Packages Bug #8438: haproxy: can't use ACL for cert with http-response actions: The haproxy_config_init() is a new function added in the second last commit. Not sure why that wouldn't exist after u... Pi Ba
03:41 PM pfSense Packages Bug #8438: haproxy: can't use ACL for cert with http-response actions: Updated and tested all of the above - looks alright.
Only right after the update I encountered one issue:
- I was... Petr H
12:39 PM pfSense Packages Bug #8438: haproxy: can't use ACL for cert with http-response actions: Okay 0.56 haproxy-devel package is available now through normal pfSense packages. If you can check 'everything' now w... Pi Ba
03:59 PM Bug #8447 (Resolved): Cannot change Gateway in Firewall > Rules: Confirmed here as well. It works as it should now. Switching to IPv4+IPv6 disables the gateway edit control, then swi... Jim Pingle
01:01 PM Bug #8447: Cannot change Gateway in Firewall > Rules: Tested on latest CE snapshot gitsynced to master, works as expected. Editing an IPv4+IPv6 rule's gateway is possible ... Anonymous
09:20 AM Bug #8447: Cannot change Gateway in Firewall > Rules: Applied in changeset commit:1d523d1e4e7b16519ed3fd9dfb9e6b4dd84b4285. Anonymous
09:07 AM Bug #8447 (Feedback): Cannot change Gateway in Firewall > Rules: Should be fixed in the next snapshot. Please confirm here. Anonymous
07:23 AM Bug #8447 (Confirmed): Cannot change Gateway in Firewall > Rules: Confirmed here, too. Create a new rule, Gateway is changeable. Set Address Family to IPv4+IPv6, Gateway field is disa... Jim Pingle
12:05 AM Bug #8447: Cannot change Gateway in Firewall > Rules: Looking at it more there is something here, but it takes more steps to duplicate than you provided.
It works if yo... Chris Linstruth
03:36 PM Feature #8402 (Resolved): SSH2 Enforced Key and Username+Password Authentication...: I made some alterations to the text, cosmetic only. I made sure all the options work as expected here after, looks go... Jim Pingle
01:09 PM Feature #8402: SSH2 Enforced Key and Username+Password Authentication...: New options show up and each works as expected on latest 2.4.4 CE snapshot gitsync'd to master. Anonymous
02:25 PM Revision 96fa3e36: Cleaner fix for ##8447: Steve Beaver
02:17 PM Revision 62ea1dbd: Merge pull request #3904 from Hobby-Student/master: Steve Beaver
02:06 PM Revision 1d523d1e: Fixed #8447: Steve Beaver
01:25 PM Revision b20cfb55: Replace incomplete list of pf reserved words with a list of pf tokens pulled from the pf source. Fixes #8445: Also, move the list to a central location so it does not need to be duplicated. Jim Pingle
01:03 PM Bug #8445 (Resolved): creating an alias named "log" breaks rule processing: Jim Pingle
12:58 PM Bug #8445: creating an alias named "log" breaks rule processing: Tested on latest 2.4.4 CE snapshot gitsync'd to master, works as expected. Anonymous
08:40 AM Bug #8445 (Feedback): creating an alias named "log" breaks rule processing: Applied in changeset commit:b20cfb55125207e21d81a29a107ea77230fbc7fb. Jim Pingle
08:28 AM Bug #8445: creating an alias named "log" breaks rule processing: The list of pf keywords was a lot shorter than it should be, but there isn't a documented list that I could see.
I... Jim Pingle
07:33 AM Bug #8445 (Confirmed): creating an alias named "log" breaks rule processing: It's a reserved keyword in pf but isn't in the list.
Jim Pingle
01:02 PM Todo #8423 (Resolved): Update SimplePie to 1.5.1: Jim Pingle
12:27 PM Todo #8423: Update SimplePie to 1.5.1: Works as expected on 2.4.4.a.20180409.0622. Anonymous
12:04 PM pfSense Packages Bug #8449: FRR 4.0 zebra daemon crashes: Looks like this isn't just specific to BGP. In the forum thread linked above, it is happening on multiple amd64 VMs t... Jim Pingle
11:44 AM pfSense Packages Bug #8449 (Resolved): FRR 4.0 zebra daemon crashes: The zebra daemon in FRR 4.0 won't stay running with a BGP configuration. It crashes on startup. OSPF alone seems to b... Jim Pingle
11:25 AM Bug #8408 (Resolved): invalid rule written due to ipv6 ipalias being present: Problematic test cluster has no errors on a snapshot containing the fix. Looks good here. Jim Pingle
09:11 AM Bug #8448 (Closed): Log size modification broken: From UI, status_log_filter.php.
I want to increase the size of filter.log from 500K to 5G (as an example).
From... Alexandre Pétillon
07:38 AM Feature #8030 (Resolved): Unbound: Add support for DNS over TLS to internal clients: Jim Pingle
07:37 AM Bug #8391 (Resolved): OpenVPN Wizard creates WAN rule with TCP4 instead of protocol TCP, it creates error when loading firewall rules: Jim Pingle
07:36 AM Bug #8444 (Not a Bug): ovpnc as upstream dhcp relay interface: Yeah that does appear to be a limitation. For a site to site, tap should work the same as tun in most cases though, s... Jim Pingle
07:33 AM Bug #8426: Mobile IPSec login not working after upgrade from 2.4.2p1: Yes, I can confirm this issue. Mobile Client ("Roadwarrior") IPSec access no longer works after upgrading to 2.4.3 (w... Jay2k1 *
06:01 AM Feature #8140: Feature Request: Zone Firewall between interfaces: It is high time to move away from interface-based firewalling and move to zone-based firewalling. Zone-based firewall... Jupiter Vuorikoski

04/08/2018

11:54 PM Bug #8447: Cannot change Gateway in Firewall > Rules: Are you sure you are not creating an IPv4+IPv6 rule? You cannot (and have never been able to) set a gateway on those.... Chris Linstruth
11:39 PM Bug #8447 (Resolved): Cannot change Gateway in Firewall > Rules: Open any rule or create a new rule. In the Advanced options, the Gateway cannot be selected. This was working in 2.... Yajasi Support
07:35 PM Bug #8446 (Resolved): QinQ interfaces are assigned incorrectly: When creating a QinQ interface in 2.4.3 it is stored in the config correctly and created as an interface as expected:... Steve Wheeler
03:44 PM Bug #8445 (Resolved): creating an alias named "log" breaks rule processing: i created an ip alias, and named it "log". upon the rules reloading, an error occurred:
There were error(s) loadi... lists b
02:04 PM Bug #8429: radvd/IPv6 broken in 2.4.3 when using a LAN bridge: Same Problem:
RADVD regression on 2.4.3 / radvd can not run on bridge Interface anymore...
https://forum.pfsense.or... neti netwalker
12:13 AM Bug #8429: radvd/IPv6 broken in 2.4.3 when using a LAN bridge: Same issue for me too ....
Netgate SG-4860 - Serial: ********* - Netgate Device ID: *********
*** Welcome to pf... Mat Clarke
01:11 PM pfSense Packages Bug #8438: haproxy: can't use ACL for cert with http-response actions: 2. found&fixed
The plugin 'injects' extra stylesheets, and the setCSSdisplay function searches for a particular st... Pi Ba
11:07 AM pfSense Packages Bug #8438: haproxy: can't use ACL for cert with http-response actions: Re 2: I usually use Firefox @ Windows 10 and yes with some blockers such as NoScript, uBlock and few user scripts in ... Petr H
09:40 AM pfSense Packages Bug #8438: haproxy: can't use ACL for cert with http-response actions: Thanks for testing and reporting about these issues.
1. found&fixed
2. these items seem to work properly for me o... Pi Ba
11:31 AM Bug #8444: ovpnc as upstream dhcp relay interface: This appears to be the expected behaviour as isc-dhcpd cannot bind to adapters with no MAC address.
However you can ... Steve Wheeler
07:32 AM Bug #8335: System hang with LACP downlink to UniFi switch: Some new information:
* It happens when LAGG Protocol is set to Failover.
* It happens when one of the two netwo... Mike Pastore

04/07/2018

08:04 PM Bug #8429: radvd/IPv6 broken in 2.4.3 when using a LAN bridge: Agreed, I'm facing the same issue. Please fix this in the next Dev & Rel version. Thanks.
========================... Jason Smith
06:58 PM pfSense Packages Bug #8438: haproxy: can't use ACL for cert with http-response actions: It seems to be fine, good.
While I'm at it, few more glitches I found:
1. *Backend: Timeout / retry settings*
... Petr H
04:14 PM pfSense Packages Bug #8438: haproxy: can't use ACL for cert with http-response actions: If you can perhaps test/validate my changes again haproxy-devel version that would be great.
Either the full thing (... Pi Ba
08:38 AM pfSense Packages Bug #8438: haproxy: can't use ACL for cert with http-response actions: Re regex - yes you're right.
I was living with the false assumption (based on some tests that I remember from the pa... Petr H
07:23 AM pfSense Packages Bug #8438: haproxy: can't use ACL for cert with http-response actions: Petr H wrote:
> >http-response set-var(txn.txnhost) hdr(host)
> That seems to set that variable only during the res... Pi Ba
07:00 AM Bug #8444 (Not a Bug): ovpnc as upstream dhcp relay interface: Not directly related to Bug 8443, but has something in common:
Following setup to pass DHCP relay requests via Op... Vladimir Lind
02:53 AM Bug #8443: DHCP relay not starting after ovpnc interface is unchecked - vm 2.4.3: DHCP relay started only with disabled openvpn client. Wit enabled openvpn client dhcp relay doesn't start. But after ... Vladimir Lind
02:37 AM Bug #8443 (Resolved): DHCP relay not starting after ovpnc interface is unchecked - vm 2.4.3: Assigned ovpnc interface was chosen as relay interface, config was saved. DHCP relay claimed this interface to be not... Vladimir Lind

04/06/2018

10:02 PM Bug #8391: OpenVPN Wizard creates WAN rule with TCP4 instead of protocol TCP, it creates error when loading firewall rules: Tested on 2.4.4.a.20180406.1258, completed wizard and selected TCP for IPv4 only and the firewall rule on WAN was cre... Anonymous
09:55 PM Bug #8417: IPv6 bogon list size now too large to fit in standard maximum table size: Tested on 2.4.4.a.20180406.1258, warning appears stating that the Firewall Maximum Table Entries value in System / Ad... Anonymous
09:33 PM pfSense Packages Bug #8438: haproxy: can't use ACL for cert with http-response actions: >http-response set-var(txn.txnhost) hdr(host)
That seems to set that variable only during the response processing. I... Petr H
05:55 PM pfSense Packages Bug #8438: haproxy: can't use ACL for cert with http-response actions: Actually that the condition is added to all actions in the frontend probably is the 'right thing' to do.. (my previou... Pi Ba
03:26 PM pfSense Packages Bug #8438: haproxy: can't use ACL for cert with http-response actions: Ok thanks can reproduce it now. Ill check why that happens. Pi Ba
02:49 PM pfSense Packages Bug #8438: haproxy: can't use ACL for cert with http-response actions: Attached sample haproxy.cfg that demonstrates the problem. With this file the warnings occur at lines 48 and 49:
<pr... Petr H
01:59 PM pfSense Packages Bug #8438: haproxy: can't use ACL for cert with http-response actions: Can you show/attach the complete haproxy.conf itself? I'm not yet seeing when this would occur.. And or perhaps a scr... Pi Ba
09:02 PM Feature #8030: Unbound: Add support for DNS over TLS to internal clients: Tested on on 2.4.4.a.20180406.1258, works as expected. Anonymous
01:10 PM Feature #8030 (Feedback): Unbound: Add support for DNS over TLS to internal clients: Applied in changeset commit:1fa69c27ee153fe439c2ba9a9809a28e452811ea. Jim Pingle
05:57 PM Revision 1fa69c27: Add GUI controls to the DNS Resolver for providing DNS over TLS service to local clients. Implements #8030: Jim Pingle
05:40 PM pfSense Packages Feature #8442 (Rejected): ACME - custom script for DNS validation: Please add ability to upload custom script for DNS validation.
I have provider for which I have script to update DNS... Tomas Ulicky
03:46 PM Bug #8389 (Not a Bug): OpenVPN servise status does not update: Anonymous
03:46 PM Bug #8389: OpenVPN servise status does not update: Thanks. I'll mark as resolved. Anonymous
03:44 PM Bug #8389: OpenVPN servise status does not update: My apologies for being unclear :(
I don't see the initial problem I reported.
I stopped VPN server and saw it's m... Yuri Weinstein
03:36 PM Bug #8389: OpenVPN servise status does not update: You don't see what?
A) You don't see a problem any more, it updates correctly
B) You still don't see the widget ... Anonymous
03:31 PM Bug #8389: OpenVPN servise status does not update: I do not see it on the latest release. Yuri Weinstein
03:28 PM Bug #8389: OpenVPN servise status does not update: You don't see it update, or you don't see this issue? Anonymous
03:19 PM Bug #8389: OpenVPN servise status does not update: Well, I don't see it on 2.4.3-RELEASE Yuri Weinstein
02:18 PM pfSense Packages Bug #8421 (Resolved): AutoConfigBackup v1.51 Option to Ignore Captive Portal Vouchers not working: Jim Pingle
01:37 PM pfSense Packages Bug #8421: AutoConfigBackup v1.51 Option to Ignore Captive Portal Vouchers not working: I can now confirm the package is available for 2.4.3 and the fix works as expected.
Thank you all for your time. Bruno Pinto
12:07 PM pfSense Packages Bug #8421: AutoConfigBackup v1.51 Option to Ignore Captive Portal Vouchers not working: It should show up for 2.4.3 users momentarily. Jim Pingle
10:41 AM pfSense Packages Bug #8421: AutoConfigBackup v1.51 Option to Ignore Captive Portal Vouchers not working: After a few days waiting for the package to show up on the update list, I went to look at the FreeBSD-ports repositor... Bruno Pinto
01:05 PM Feature #8430: Add DNS Resolver status page: The infra cache stats appear to be good. It might be nice if they updated via ajax but they do not appear to change f... Jim Pingle
01:00 PM Feature #8388 (Resolved): Add DNS over TLS for upstream forwarders to the DNS Resolver: Works. Jim Pingle
01:00 PM Feature #8028 (Resolved): Unbound: Add advanced option for qname-minimization: Works Jim Pingle
12:59 PM Feature #8431 (Resolved): Add DNS over TLS checkbox for Domain Override entries: Works Jim Pingle
11:30 AM Bug #8441 (Resolved): Manually disconnecting a captive portal user leaves the IPFW table entry: When a captive portal user is manually disconnected their entry is removed from the portal database, but the entry re... Jim Pingle
10:16 AM pfSense Packages Bug #8440 (Not a Bug): Suricata 4.0.4_1 disablesid.conf does not disable rule?: I'm not sure if this started in Suricata 4.0.4_1, but I recently found a rule in my disablesid.conf which was still t... Raffi T
09:26 AM Bug #8422 (Resolved): Switching VLAN mode removes the switch port settings from the config.: Jim Pingle
05:49 AM Bug #8422: Switching VLAN mode removes the switch port settings from the config.: It looks resolved - tested on built on Thu Apr 05 19:51:37 CDT 2018 Vladimir Lind
09:17 AM Bug #8439: Trailing whitespace on username not respected in LDAP filter: I have tried various ways to encode spaces but the LDAP server itself (OpenLDAP, in this case) appears to find the tr... Jim Pingle
08:23 AM Bug #8439 (Not a Bug): Trailing whitespace on username not respected in LDAP filter: When a user attempts to authenticate with LDAP, if they incorrectly enter their username with a trailing space the LD... Jim Pingle

04/05/2018

08:37 PM Revision 423ce46d: Merge pull request #3453 from plumbeo/traffic-quota: Steve Beaver
08:36 PM Revision 9f85da7f: Merge pull request #3933 from PiBa-NL/20180405-widget-invert: Steve Beaver
07:58 PM Revision 3477fc23: trafficwidget, invert option needed json parsing: Pi Ba
07:32 PM Revision fa5df9eb: filter vip usage, ipv6 vips cause invalid rules because a empty item gets added to the vips list for a interface: (cherry picked from commit c6ebe69d2c0838bc76957b22f98547311c68e700) Pi Ba
07:31 PM Revision 74d6e948: Merge pull request #3924 from PiBa-NL/20180331-filter-ipv6-vips: Jim Pingle
06:49 PM Revision 23feda19: Refinements to status_unbound.php. Ticket #8430: Jim Pingle
05:27 PM pfSense Packages Bug #8438 (New): haproxy: can't use ACL for cert with http-response actions: pfSense 2.4.3, pfSense-pkg-haproxy 0.54_2, haproxy 1.7.10
1. Primary frontend used by other shared ones
2. SSL-en... Petr H
05:19 PM Bug #8437 (Resolved): invalid outbound nat rules written when using ipv6 rules on interfaces that also have ipv4 adresses..: Rules like below can be generated with the outbound-nat settings:
nat on $LANI proto icmp from fd:1:2:3::/64 to any... Pi Ba
03:31 PM Revision 0019e3dd: Merge pull request #3932 from robjarsen/tweak/rm-whitespace: Steve Beaver
03:15 PM Bug #8367: Traffic Graph widget shows Inverse view, even when Inverse is set to Off.: Caused by: https://redmine.pfsense.org/issues/8302
Fixable by: https://github.com/pfsense/pfsense/pull/3933 Pi Ba
02:33 PM Bug #8408 (Feedback): invalid rule written due to ipv6 ipalias being present: Jim Pingle
02:33 PM Bug #8408: invalid rule written due to ipv6 ipalias being present: I was finally able to replicate this and confirm the fix, PR merged, thanks! Jim Pingle
01:36 PM Revision 066335a3: Captive portal: Add custom RADIUS dictionary with the new pfSense vendor-specific attributes: Caio Plumbeo
01:35 PM Revision f87ddb3b: Captive portal: add option to choose whether to use the bandwidth limits retrieved from RADIUS or not: Automatically upgrade config to preserve old RADIUS bandwidth limits behaviour on existing installations. Caio Plumbeo
01:24 PM pfSense Packages Bug #8436 (Rejected): I have the problem of User authentication and password in my proxy, when I intend to update the packages using pkg upgrade and pkg update: This is not a support platform, please post your question on the forum, pfSense subreddit, or mailing list. Jim Pingle
01:09 PM pfSense Packages Bug #8436 (Rejected): I have the problem of User authentication and password in my proxy, when I intend to update the packages using pkg upgrade and pkg update: Hello, I am new using pfsense 2.4.2, I have the same problem of User authentication and password in my proxy, I have ... Julio Acosta
01:19 PM Revision e4c34f17: Captive portal: add the explicit reason why a user was disconnected to the log: Caio Plumbeo
01:19 PM Revision f3e403d5: Captive portal: add option to retrieve the traffic quota value from RADIUS: Add an option to enable retrieving a user's traffic quota from RADIUS. The code uses a new vendor-specific attribute ... Caio Plumbeo
01:19 PM Revision acbd943d: Captive portal: add a traffic quota option: Add a new option to disconnect users after they exceed a traffic quota (sum of downloaded data and uploaded data). Caio Plumbeo
01:19 PM Revision 643315be: Captive portal: always use the RADIUS-provided session timeout value if the option is enabled: Caio Plumbeo
01:18 PM pfSense Packages Todo #8433: Upgrade NRPE-SSL Package to NRPE3: Oh sorry I wasn't aware it was already done in the snapshots, haven't used them in a long time. Ken Sim
09:00 AM pfSense Packages Todo #8433 (Feedback): Upgrade NRPE-SSL Package to NRPE3: It is already switched to nrpe3 on 2.4.4 snapshots because the nrpe2 and nrpe-ssl ports were removed from the FreeBSD... Jim Pingle
12:37 PM Bug #8435 (New): DHCPv6 unusable in certain circumstances (US AT&T Fiber, etc.): pfSense's implementation of DHCPv6 prefix delegation is unusable in edge ISP configurations. AT&T Fiber in the United... Justin Coffman
11:15 AM Revision 3d706897: Do not remove unbound testing config when it fails to make it easier to debug: Renato Botelho
11:08 AM Bug #7969: md5 bgp sessions fail in 2.4.0: bkraptor - wrote:
> I have already opened #8407 for this issue, so feel free to continue the conversation there.
> ... Matthew Fields
08:12 AM Bug #6481: loading EAP_RADIUS method failed: This bug is still present on the 2.4.3 release. Harry Gonzalez
02:57 AM Bug #8434: Chelsio T4/T5 CXGBE drivers not loaded as ALTq capable in the PfSense UI: Also see https://redmine.pfsense.org/issues/8314
Jim Pingle (It's possible that either the man page is wrong or i... Justin Smith
02:37 AM Bug #8434 (Resolved): Chelsio T4/T5 CXGBE drivers not loaded as ALTq capable in the PfSense UI: ( Please reference https://redmine.pfsense.org/issues/6830 & https://redmine.pfsense.org/issues/7607 ) Information be... Justin Smith
02:29 AM Bug #7607: Chelsio T4/T5 CXGBE drivers not loaded as ALTq capable in the PfSense UI: This is still not functional.
2.4.4-DEVELOPMENT (amd64)
built on Wed Apr 04 19:00:45 CDT 2018
FreeBSD 11.1-REL... Justin Smith
02:08 AM Bug #8417: IPv6 bogon list size now too large to fit in standard maximum table size: With this error I also noticed a really weird subtle error which took me almost an hour to figure out:
Some Firewall... Thomas Rieschl

04/04/2018

11:38 PM pfSense Packages Todo #8433 (Resolved): Upgrade NRPE-SSL Package to NRPE3: net-mgmt/nrpe-ssl (https://www.freshports.org/net-mgmt/nrpe-ssl/) has been depreciated and removed since January. Can... Ken Sim
10:03 PM Revision b223b6e2: Merge branch 'master' of https://github.com/pfsense/pfsense into tweak/rm-whitespace: robjarsen
08:13 PM Revision 4acef976: Add a status page for unbound to show the infra cache. Ticket #8430: Jim Pingle
07:35 PM Revision aa9971a3: Whitespace Removal: * src\etc\sshd robjarsen
07:27 PM Revision db0050f0: Add array check: Even though I now set `$ns` equal to `array_unique(get_nameservers()`, just to be safe we check with `is_array($ns)` ... Peter Berbec
06:24 PM Revision 9ec128f0: Merge pull request #3922 from reb00tz/reb00tz-sshd_key_and_password-patch-1: Steve Beaver
06:13 PM Revision 923f05c4: Enhanced sshdkeyonly Drop-Down List for Clarity...: Enhanced sshdkeyonly drop-down list for clarity, as per https://github.com/pfsense/pfsense/pull/3922#pullrequestrevie... Daniel Koh
06:13 PM Revision c2d5d1ff: Enhanced sshdkeyonly Drop-Down List for Clarity...: Enhanced sshdkeyonly drop-down list for clarity, as per https://github.com/pfsense/pfsense/pull/3922#pullrequestrevie... Daniel Koh
06:13 PM Revision 0bfd23a6: Allow SSHd Key and Password Combination: Changes to allow key and password combination (in contrast to key OR password) i.e. if selected in the Admin>Advanced... Daniel Koh
06:13 PM Revision d6fdfd78: Allow SSHd Key and Password Combination: Changes to allow key and password combination (in contrast to key OR password) i.e. if selected in the Admin>Advanced... Daniel Koh
06:09 PM Revision f39ba24b: Add a TLS option for DNS Resolver Domain Overrides. Implements #8431: Jim Pingle
05:36 PM Revision 547e51b8: Add query name minimization options to DNS Resolver. Implements #8028: Jim Pingle
05:30 PM Bug #8417: IPv6 bogon list size now too large to fit in standard maximum table size: Yes. I ran into the same issue as Ryan Jaeb . It took me awhile to figure that out. Very confusing. Brendon Baumgartner
05:25 PM Revision 726a9fa5: Merge pull request #3931 from robjarsen/tweak/rm-whitespace: Steve Beaver
03:01 PM Revision cd738219: Add GUI option for DNS over TLS. Implements #8388: Jim Pingle
01:33 PM Bug #6949: username/password not used by proxy support: Hello Jim Pingle , I am new using pfsense 2.4.2, I have the same problem of User authentication and password in my pr... Julio Acosta
01:20 PM Feature #8431 (Feedback): Add DNS over TLS checkbox for Domain Override entries: Applied in changeset commit:f39ba24b36d2eaf725b552aefff3b05ceba49edb. Jim Pingle
11:22 AM Feature #8431 (Resolved): Add DNS over TLS checkbox for Domain Override entries: Using @forward-tls-upstream@ in a forward-zone will trigger unbound to send queries to that server using SSL/TLS. Sin... Jim Pingle
12:55 PM Bug #8432 (New): Dynamic DNS Client gives an error that it can't find IPv6 address when WAN interface is a LAGG: Hi,
I'm trying to get the Dynamic DNS to update my ipv6 address with Amazon's Route 53 service. However, I'm seein... Richard Powell
12:50 PM Feature #8028 (Feedback): Unbound: Add advanced option for qname-minimization: Applied in changeset commit:547e51b887a88d97569e587de26e029674c5d5f0. Jim Pingle
10:48 AM Feature #8388: Add DNS over TLS for upstream forwarders to the DNS Resolver: Of note, a couple changes compared to other examples:
1. We already set @do-tcp: yes@, so adding it again was unne... Jim Pingle
10:10 AM Feature #8388 (Feedback): Add DNS over TLS for upstream forwarders to the DNS Resolver: Applied in changeset commit:cd73821986dd854afbff4b1f63c7fa2bc88ed9a2. Jim Pingle
08:19 AM Feature #8388 (Assigned): Add DNS over TLS for upstream forwarders to the DNS Resolver: On second thought, this is different. The other ticket is for providing DNS over TLS to local clients, this is for up... Jim Pingle
07:41 AM Feature #8388 (Duplicate): Add DNS over TLS for upstream forwarders to the DNS Resolver: Duplicate of #8030 Jim Pingle
08:30 AM Feature #8430 (Resolved): Add DNS Resolver status page: We can fetch some useful status data from unbound using @unbound-control -c /var/unbound/unbound.conf <command>@, and... Jim Pingle
08:20 AM Feature #8415: Add DNS over TLS (RFC 7858) fonctionality to dns resolver and forwarder: Actually it's a duplicate of #8388 (for upstream forwarders), #8030 is for acting as a DNS over TLS server to local c... Jim Pingle
07:41 AM Feature #8415 (Duplicate): Add DNS over TLS (RFC 7858) fonctionality to dns resolver and forwarder: Duplicate of #8030 Jim Pingle
07:43 AM Feature #8030: Unbound: Add support for DNS over TLS to internal clients: See also: #8415 and #8388 Jim Pingle
06:30 AM Revision aca98ca8: scope error?: Error on reboot.
```
[04-Apr-2018 02:21:54 EST5EDT] PHP Warning: in_array() expects parameter 2 to be array, null g... Peter Berbec
02:07 AM Revision b28c9acc: Fixing debug errors.: Peter Berbec

Also available in: Atom

Project

General

Profile

pfSense

Activity

Activity

05/03/2018

05/02/2018

05/01/2018

04/30/2018

04/28/2018

04/27/2018

04/26/2018

04/25/2018

04/24/2018

04/23/2018

04/22/2018

04/21/2018

04/20/2018

04/19/2018

04/18/2018

04/17/2018

04/16/2018

04/15/2018

04/14/2018

04/13/2018

04/12/2018

04/11/2018

04/10/2018

04/09/2018

04/08/2018

04/07/2018

04/06/2018

04/05/2018

04/04/2018