Activity

30 days up to

User

Subprojects

Activity

From 05/20/2018 to 06/18/2018

06/18/2018

09:38 PM Feature #8578 (Rejected): /var/unbound/test/unbound_server.pem: No such file or directory: There is not enough information here for a bug report, and this is not a support or discussion platform.
Please po... Jim Pingle
09:25 PM Feature #8578 (Rejected): /var/unbound/test/unbound_server.pem: No such file or directory: We cant save settings in DNS Resolver, we cant disable it either. We cant do browsing because of this. Can you help us? Neil Esperon
01:29 PM Bug #4438: Unable to delete IP Alias outside an interface's subnet where a gateway exists in the same subnet: Easy to reproduce:
1. Add IP Alias VIP in new subnet
2. Add gateway in new subnet
3. Add second IP Alias VIP in ... Jim Pingle
01:25 PM Bug #6455 (Duplicate): Can't delete Virtual IP "referenced by a least one gateway" if gateway outside interface subnet: Duplicate of #4438 Jim Pingle

06/16/2018

06:29 PM pfSense Packages Bug #8577 (Resolved): Snort - Log retention not working: The Snort package has an option under Services -> Snort -> Interfaces -> Log Mgmt to configure "Log Size and Retentio... Clinton Cory

06/15/2018

08:56 PM Revision f54ca2e1: routing, rc.newwanip should also set default-route while booting for ppp interfaces: otherwise we might end up without a default as the bootup script does not wait for ppp interface to obtain the ip, un... PiBa-NL
08:41 PM Revision 5ffeceb6: Fixed #8515 fixed error in queue defintion where it would repeat: It should now create a new definition for each queue. Queues should
now show up under status > queues. Stephen Jones
05:27 PM Revision 8991ac90: Added future ACB settings page: Steve Beaver
05:41 AM Bug #8573 (Resolved): email notifications: Updated to yesterday's snapshots and it started to work Chris Macmahon

06/14/2018

06:39 PM Revision 29e8d025: Validate NPt IPv6 address input and do not use invalid stored settings in rules. Fixes #8575: (cherry picked from commit feccd385d737ffd8c61ca977ee4d3dfa23c1aadc) Jim Pingle
06:39 PM Revision a1b69b57: Rework loader.conf(.local) filtering. Fixes #8571: If this isn't aggressive enough, we could remove the "local" changes and only
keep the new matching method.
(cherry ... Jim Pingle
06:39 PM Revision 0d35a025: Be specific with port fwd priv checks. Fixes #8563: This way, users with only privs to view but not edit port forwards can still see the entries, but not act upon them.
... Jim Pingle
06:39 PM Revision 92e27a71: Correct PHP syntax error. Fixes #8557: (cherry picked from commit 173356547e0005bfe21ba4b2345919dcb89a2fbf) Jim Pingle
06:38 PM Revision 90224db0: Allow hostname/ip to be deleted if the captive portal is not enabled: (cherry picked from commit cc52daa63deb98f6fbcd5edbc24fc65b62eabbec) Stephen Jones
06:38 PM Revision fb4cf3e9: Fixed #8539: (cherry picked from commit 880363af764ab31f2bdf6ee7a7921aeaed577e76) Steve Beaver
06:38 PM Revision 513662e8: Fix up user/group management save message descriptions, add logging for same. Fixes #8548: (cherry picked from commit 3fa6d46229757e2316120a7160a806bb7d28a8ed) Jim Pingle
06:38 PM Revision be5408eb: Add switch config to status output. Implements #8525: (cherry picked from commit 03ce110725129b5f35c62f4985f631a1e3b5d046) Jim Pingle
06:38 PM Revision 9dd89897: Fix bug for rules 'permit ip any any' from LDAP/AD: (cherry picked from commit 1a6857d0eb39e72f12c6f02763863f218ad07293) Aurélien BONANNI
06:04 PM Revision feccd385: Validate NPt IPv6 address input and do not use invalid stored settings in rules. Fixes #8575: Jim Pingle
01:28 PM Bug #8575 (Resolved): IPv6 NPt field order bug?: Jim Pingle
01:10 PM Bug #8575 (Feedback): IPv6 NPt field order bug?: Applied in changeset commit:feccd385d737ffd8c61ca977ee4d3dfa23c1aadc. Jim Pingle
01:06 PM Bug #8575: IPv6 NPt field order bug?: Looks like invalid input caused it, needs some validation. Commit is on its way. Jim Pingle
12:11 PM Bug #8575 (Resolved): IPv6 NPt field order bug?: Hoping this isn't a duplicate of 6985, but appears to be related.
Running 2.4.3_1, appears adding a new NPt crea... Donn Lasher
12:43 PM Bug #8576 (Closed): pfSense stops passing traffic after some time when using Outbound NAT pool w/ Sticky Address: With an outbound NAT mapping configured using pool option "Round Robin with Sticky Address" or "Random with Sticky Ad... Anonymous
12:39 PM Revision 74b3e6ec: 1. I rewound src/etc/inc/config.inc back to you guys' base. It was some funny EOL stuff that happened.: 2. Unwrapped gettext()
3. Agreed. Sanitized.
4. Unwrapped gettext()
5. Took out input_errors item
6. Took out input_... Matt Underscore
04:40 AM pfSense Packages Feature #8574 (Resolved): Enable AgentX-support in lldpd using GUI: The lldpd-package provided by the package manager seems to be compiled with AgentX-support, but there is nowhere to a... Nicklas Björk

06/13/2018

09:50 PM Bug #8492: Enable setting PKCS#12 export password in Certificate Manager: Running 2.4.3-RELEASE-p1 (amd64). The ability to export a keypair as a PKCS12 package (.p12) without a password is ju... Hyrum Smith
09:10 PM Bug #8573: email notifications: Mail notifications work OK here but I'm not using gmail. Perhaps they shut off port 465? Uncheck the ssl box in setti... Jim Pingle
08:56 PM Bug #8573 (Resolved): email notifications: Have not gotten an email notification of boot-up, reboot or gateway event since Jun 9, getting error:
Error: Faile... Chris Macmahon
08:40 PM Bug #8562 (Resolved): IPSEC widget: Jim Pingle
08:28 PM Bug #8562: IPSEC widget: Tested good on latest image: Thanks! Chris Macmahon
07:25 PM Revision 26300aa8: Add more informative documentation: Aaron Kalin
07:06 PM Bug #8572 (Not a Bug): Secure shell: "Authentication Method" option ignored when RSA key configured: The box is working as designed. That enables/disables password authentication. Keys always work. Whether or not the k... Jim Pingle
06:30 PM Bug #8572 (Not a Bug): Secure shell: "Authentication Method" option ignored when RSA key configured: When one (or more) RSA key(s) is(are) configured for the admin user, the "Authentication Method" option for Secure sh... Karl Rigan
02:58 PM Revision 7f943a22: Rework loader.conf(.local) filtering. Fixes #8571: If this isn't aggressive enough, we could remove the "local" changes and only
keep the new matching method. Jim Pingle
11:15 AM pfSense Packages Bug #8568: FreeRadius- Tunnel-Private-Group-ID or VLAN-ID field no longer taking string value. It only take an integer.: Thank you Jim. I verified in my lab and it's working great now! Really appreciate the quick turnaround.
Thanks,
... Vu Pham
10:58 AM pfSense Packages Bug #8568 (Resolved): FreeRadius- Tunnel-Private-Group-ID or VLAN-ID field no longer taking string value. It only take an integer.: I removed the VLAN ID input validation that was preventing your custom value from being saved. It was, as you pointed... Jim Pingle
10:33 AM Bug #7905: OpenVPN Authentication Against Backend Stalls All Server Traffic: I've added another pull request which includes the new plugin port as a dependency to the main pfSense port.
https... Phil DeMonaco
10:10 AM Bug #8571 (Feedback): loader.conf/.local cleanup is a bit too aggressive: Applied in changeset commit:7f943a2269dea1efd9bf42320d14ae7e0ca4a4f7. Jim Pingle
09:58 AM Bug #8571 (Resolved): loader.conf/.local cleanup is a bit too aggressive: We have code that cleans up and eliminates duplicate settings in loader.conf and loader.conf.local to avoid foot-shoo... Jim Pingle
03:10 AM Bug #8570 (New): Empty (dn)shaper config gets populated with newline: Whenever I change something in fw rules the shaper and dnspaher config changes from 'empty' to 'newline':... Zsolt Zsiros

06/12/2018

03:29 PM Bug #8569 (Not a Bug): Certificates generated using deprecated extensions: We've been over this before when it comes up, see #6877 for example.
It doesn't hurt to have it there, the GUI che... Jim Pingle
03:18 PM Bug #8569 (Not a Bug): Certificates generated using deprecated extensions: Any certificate generated in the certificate management interface is generated with a Netscape Cert Type extension in... Justin Coffman
01:53 PM pfSense Packages Bug #8568 (Resolved): FreeRadius- Tunnel-Private-Group-ID or VLAN-ID field no longer taking string value. It only take an integer.: on Pfsense 2.3-RELEASE, it took a string value such as U:10 or U:Data-vlan, and T:20 or T:Voice-vlan for untagged and... Vu Pham
01:26 PM Bug #8567 (New): Using IPv6 VIP alias for services may affect CARP IPv6 VIP work: During investigation of customer request found IPv6 VIP alias for services may affect CARP IPv6 VIP work. CARP IPv6 V... Constantine Kormashev
01:26 PM Bug #8566 (New): Wrong IPv6 source in NS request in case using of IPv6 alias: During investigation of customer request found system uses wrong IPv6 sources for NS requests therefore they never be... Constantine Kormashev
11:16 AM Bug #8427 (Duplicate): Missing Key lenght Selection dropdown list: Duplicate of #8543 (fixed on 2.4.4) Jim Pingle
08:25 AM Bug #7604: Bug #6594 is not resolved: Waiting for Internet connection to update pkg metadata and finish package reinstallation: A different workaround for those who are just trying to factory the unit:
Escape to shell, (Single user, CTRL+C)
... Gareth Hay
07:12 AM Bug #8565 (Rejected): NAT with IPSec: That version is over 6 years out of date. Problem reports against old, unsupported versions are not acceptable. Upgra... Jim Pingle
07:10 AM Bug #8565 (Rejected): NAT with IPSec: I have a configuration described in the Word attached document.
The version of the PFSENSE product is
2.0.1-RELEASE... Fabien DE BIASI
07:07 AM pfSense Packages Bug #8449: FRR 4.0 zebra daemon crashes: xavier Lemaire wrote:
> May be next release will be clean with us ?
> https://github.com/FRRouting/frr/releases/tag... Jim Pingle
03:57 AM pfSense Packages Bug #8449: FRR 4.0 zebra daemon crashes: May be next release will be clean with us ?
https://github.com/FRRouting/frr/releases/tag/frr-5.0
xavier Lemaire

06/11/2018

05:33 PM Revision 8cd59b03: Fix PHP error in dhcpd_gather_stats.php: Some variables were pre-populated with a string, then math was attempted based on a string value that couldn't be con... Jim Pingle
03:12 PM Revision 0dfce56b: Fix IPsec status widget conn matching to align with recent changes. Fixes #8562: Jim Pingle
01:58 PM Revision 2e6167e7: Be specific with port fwd priv checks. Fixes #8563: This way, users with only privs to view but not edit port forwards can still see the entries, but not act upon them. Jim Pingle
01:55 PM Feature #8564 (Duplicate): IP Hostname for GRE Tunnel: Hello! I made this post on the pfSense forums: https://forum.netgate.com/topic/131806/ip-dns-suggestion
It'd be gr... Soarin Boarin
10:20 AM Bug #8562 (Feedback): IPSEC widget: Applied in changeset commit:0dfce56bcec17e4898ab0b2b5b15db0d208bc93e. Jim Pingle
09:50 AM Bug #8563 (Feedback): User with only "WebCfg - Firewall: NAT: Port Forward" cannot view the list of port forwards: Applied in changeset commit:2e6167e71e7f6d83f52094a22a9a5be6ea39859b. Jim Pingle
08:38 AM Bug #8563 (Resolved): User with only "WebCfg - Firewall: NAT: Port Forward" cannot view the list of port forwards: A user with the "WebCfg - Firewall: NAT: Port Forward" privilege can open firewall_nat.php but none of the port forwa... Jim Pingle
03:35 AM Bug #8559: Dynamic Gateway (from e.g. OVPN) only able to disable after edit: That makes it clear, why the delete button only appears after editing. Thanks. But what about the disable button? Sho... Jens Groh

06/10/2018

12:59 PM Revision 092abdb6: routeing, gateways show proper IPv4 IPv6 default, also for dynamic gateways: PiBa-NL
08:54 AM Bug #8562: IPSEC widget: Possibly caused by https://github.com/pfsense/pfsense/commit/235c051f1f48ef30d7962324c488b3fec34d3d10
Assigned to ... Anonymous
07:59 AM Bug #8562: IPSEC widget: . Anonymous
07:23 AM Bug #8562 (Resolved): IPSEC widget: The IPSEC widget is not displaying active tunnels correctly on latest snapshots.
Chris Macmahon
06:14 AM Bug #6223: IPsec + OpenBGPD fails with "PF_KEY socket: No buffer space available": Bump.
Issue still persist.
Installed OpenBGPd for get pfsense connected to AWS via BGP , and also having IPsec IKE ... Roman H

06/09/2018

08:54 PM Revision 96b15e44: routing, fix setting the default-route when the configured default gateway is a dynamic pppoe gateway. it doesnt have a gateway-status when it hasn't connected yet.: PiBa-NL
03:58 PM Bug #8561 (Resolved): default-route is not always set for a pppoe connection after bootup.: It seems the dynamic pppoe gateway does not have a status yet when it hasn’t connected before… And the code assumes i... Pi Ba
03:30 PM Bug #8515: ts wizard syntax error (as of 2.4.4.a.20180514.0905): Retested Traffic Shaping Wizards on 2.4.4.a.20180609.0944 and got the following alerts in the GUI
Filter Reload
... Anonymous
03:24 PM Bug #8457: Packages do not remove on factory default: On SG-2440 2.4.4.a.20180609.0944, installed acme, performed hardware reset, the package appeared to be removed (shown... Anonymous
02:38 PM Revision d84eec80: Do not build hybrid images to serial/ADI: Renato Botelho
02:35 PM Revision b66b246e: Revert "Do not build hybrid images to serial/ADI": This reverts commit 8d22f4b19126cff52e6283a8c8de8849ad614992. Renato Botelho

06/08/2018

08:08 PM Revision 8d22f4b1: Do not build hybrid images to serial/ADI: Renato Botelho
07:57 PM Revision 0aa52fb2: Fixup ipsec interface static route processing. Issue #8544: Jim Pingle
07:22 PM Revision 41160d19: Fixed #8515 Queues should now be added either through manually creating them or through the wizard: Stephen Jones
03:18 PM Revision d4b43c48: Make IPsec IKEv2 conn IDs consistent with IKEv1 or IKEv2 split. Also fix vti test for reqid.: Jim Pingle
03:18 PM Bug #8557 (Resolved): Unbound ACL Page: Parse error: syntax error, unexpected '{' in /usr/local/www/services_unbound_acls.php on line 126: Jim Pingle
03:15 PM Bug #8557: Unbound ACL Page: Parse error: syntax error, unexpected '{' in /usr/local/www/services_unbound_acls.php on line 126: fixed now rub man
07:30 AM Bug #8557 (Feedback): Unbound ACL Page: Parse error: syntax error, unexpected '{' in /usr/local/www/services_unbound_acls.php on line 126: Applied in changeset commit:173356547e0005bfe21ba4b2345919dcb89a2fbf. Jim Pingle
03:49 AM Bug #8557: Unbound ACL Page: Parse error: syntax error, unexpected '{' in /usr/local/www/services_unbound_acls.php on line 126: php error log from crash report rub man
03:33 AM Bug #8557 (Resolved): Unbound ACL Page: Parse error: syntax error, unexpected '{' in /usr/local/www/services_unbound_acls.php on line 126: Unbound acl page is broken in latest snapshot, see screenshot for error:... rub man
01:28 PM pfSense Packages Bug #8560: ACME: can't update DNS records in DNSMadeEasy registar for several domains with different API keys/ids: I was able to fix it with the following workaround:
1. create a cert for the 1st cert in pfsense acme-certificates i... Alex Kolesnik
01:15 PM pfSense Packages Bug #8560 (New): ACME: can't update DNS records in DNSMadeEasy registar for several domains with different API keys/ids: The API key/id of the 3rd domain is used for updating records of the 1st domain. Please, see attached screenshots. Alex Kolesnik
12:17 PM Revision 17335654: Correct PHP syntax error. Fixes #8557: Jim Pingle
10:27 AM Feature #8544: Routed IPsec using FreeBSD if_ipsec(4) VTI: Another fix in commit:d4b43c48ed1636d3fcd6e47d73ba721bd63d883a
Jim Pingle
07:13 AM Bug #8553: Creating a user as a member of a group fails to add that group to the user: It's happening on a standalone system, not XMLRPC. Presumably it would also happen on a master if the same situation ... Jim Pingle
04:12 AM Bug #8553: Creating a user as a member of a group fails to add that group to the user: @jimp: pardon me for jumping in, but is that happening only on the slave via XMLRPC or is that happening on the maste... Jens Groh
07:13 AM Bug #8559 (Not a Bug): Dynamic Gateway (from e.g. OVPN) only able to disable after edit: That's how dynamic gateways work. You also can't delete DHCP gateways or PPPoE gateways. "Deleting" them reverts them... Jim Pingle
04:43 AM Bug #8559 (Not a Bug): Dynamic Gateway (from e.g. OVPN) only able to disable after edit: Steps to reproduce:
1) create openvpn server
2) assign OPT interface to ovpns1
3) edit ovpns1 and make it active... Jens Groh
04:04 AM Feature #8558 (New): Add more table sorting in various UI pages: Some UI Pages like Certificate Manager etc. aren't sortable by columns. It would be great to have that ability in
... Jens Groh

06/07/2018

07:20 PM Revision cc52daa6: Allow hostname/ip to be deleted if the captive portal is not enabled: Stephen Jones
07:01 PM Revision a273f7bd: Do not put "route-to" on rules for traffic outbound from the firewall itself on ipsecX interfaces. Fixes #8551: Jim Pingle
02:10 PM Bug #8551 (Feedback): Routed IPsec/VTI is unable to communicate from the ipsecX interface address to a routed target: Applied in changeset commit:a273f7bdff455a50156ab004358ba3909fa1fee7. Jim Pingle
12:34 PM Bug #8551: Routed IPsec/VTI is unable to communicate from the ipsecX interface address to a routed target: This appears to be related to the automatic rules to pass traffic out from the firewall itself, for example:... Jim Pingle
02:06 PM Revision 880363af: Fixed #8539: Steve Beaver
11:49 AM Feature #8552: enable http2: PR: https://github.com/pfsense/pfsense/pull/3945 Laurent QUILLEROU
11:08 AM pfSense Packages Bug #7223: IPv4 Rules not working in Inline Mode: Hi all, is this still an issue with the spring 2018 updates to Suricata? There was a forum discussion about it that ... Steve Y
10:10 AM Bug #8507 (Assigned): FreeBSD 11.2-BETA dhclient always uses server MTU value: The supersede change was committed and now has been MFC'd as well:
https://svnweb.freebsd.org/base?view=revision&r... Jim Pingle
09:26 AM Bug #8502 (Confirmed): main (top) menu items do not drop down in some cases: Some packages, including arping, mtr, nmap, and iperf, all behave this way. They use XML pages but when the user clic... Jim Pingle
09:11 AM Bug #8502 (Feedback): main (top) menu items do not drop down in some cases: Almost any PHP error anywhere in the system will break the menu system. This issue should be resolved when the last o... Anonymous
09:20 AM Bug #8539: ACLs not configurable in German Language UI: Applied in changeset commit:880363af764ab31f2bdf6ee7a7921aeaed577e76. Anonymous
09:06 AM Bug #8539 (Feedback): ACLs not configurable in German Language UI: Anonymous
09:09 AM Bug #8504 (Closed): Default gateway missing after upgrade: Has been working as expected for two weeks with no further failures observed. Anonymous
09:07 AM Bug #8555: Selectively killing states on WAN failure: The reason we have not taken these approaches is primarily because they do not scale. Some people have state tables w... Jim Pingle
08:52 AM pfSense Packages Bug #8449: FRR 4.0 zebra daemon crashes: Looks like others have noticed the problem as well:
https://lists.freebsd.org/pipermail/freebsd-ports/2018-June/11... Jim Pingle
08:47 AM Bug #8556 (Closed): Notification always sent twice via email - DynDNS updated IP Address on WAN (pppoe0) to: I can't reproduce this here, I only get one e-mail per message even from Dynamic DNS updates. It may be specific to s... Jim Pingle
02:45 AM Bug #8556 (Closed): Notification always sent twice via email - DynDNS updated IP Address on WAN (pppoe0) to: When I get a new IP from my provider I always get *two* emails with same content about this event. E.g.... Willy Tenner
07:25 AM Bug #8096: Special characters not propagated by the config sync engine: Version 2.4-latest
I'll second this. The description field does not seem to be properly escaped when syncing to th... Jens Groh

06/06/2018

09:27 PM Bug #8555 (Duplicate): Selectively killing states on WAN failure: The current options on a WAN failure is to kill all states, or none at all. In a scenario such as having a wireless ... Steven Brown
09:21 PM Revision 9e69907e: Cleanup the comment to be clearer: Aaron Kalin
09:11 PM Revision d2cad3b5: Update to DNSimple APIv2 endpoint: Aaron Kalin
08:23 PM Revision 3fa6d462: Fix up user/group management save message descriptions, add logging for same. Fixes #8548: Jim Pingle
07:33 PM Bug #8554: /etc/rc.kill_states code not correctly parsing pfctl output: Sorry, I believe the patch should be:... Steven Brown
07:28 PM Bug #8554 (Resolved): /etc/rc.kill_states code not correctly parsing pfctl output: The patches added in Bug #2887 no longer works as expected because the output of pfctl -ss no longer matches the form... Steven Brown
07:20 PM Revision 3aebb242: 8552 - enable http2: Laurent QUILLEROU
03:38 PM Feature #8548: User creation is not logged correctly: Group error bug moved to #8553 Jim Pingle
03:30 PM Feature #8548 (Feedback): User creation is not logged correctly: Applied in changeset commit:3fa6d46229757e2316120a7160a806bb7d28a8ed. Jim Pingle
03:06 PM Feature #8548: User creation is not logged correctly: #1 Adding logging is a feature request, not a bug.
#2 is not a logging issue, it's a bug and it needs its own ticket... Jim Pingle
03:37 PM Bug #8553 (Resolved): Creating a user as a member of a group fails to add that group to the user: When creating a user, if a group is selected during account creation, the group is not added to the user at the OS le... Jim Pingle
02:19 PM Revision aea2a0c3: Fix IPsec VTI gateway generation to match interface changes. Fixes #8544: Jim Pingle
02:17 PM Feature #8552 (Resolved): enable http2: http2 brings some improvements (single connection, multiplexing, etc.) and nginx supports it since version 1.9.5 (htt... Laurent QUILLEROU
01:46 PM Bug #8551 (Resolved): Routed IPsec/VTI is unable to communicate from the ipsecX interface address to a routed target: Breaking this away from #8544 since the feature in general works aside from this separate issue.
With routed IPsec... Jim Pingle
12:48 PM pfSense Packages Bug #8550 (Closed): OpenBGPd: bgpd is not started at boot: I have installed the OpenBGPd package on pfsense 2.4.2 and generally, it all works great.
However, after reboot, b... Christian Franke
11:09 AM Feature #7029: GRE interfaces not available as SPAN port: It's not that easy either, FreeBSD will not allow you to add a GRE interface as a span port:... Jim Pingle
03:52 AM Feature #7029: GRE interfaces not available as SPAN port: Jim Pingle wrote:
> As far as I can tell, FreeBSD doesn't support it. If you want ERSPAN support for FreeBSD GRE int... Idar Lund
10:45 AM Bug #6873: radvd - Too many addresses in RDNSS section when previously using DHCPv6: Since 2.4.3_p1 came out, I have been having a tremendous amount of trouble with IPv6 and RADVD specifically - address... Travis McMurry
09:30 AM Feature #8544 (Feedback): Routed IPsec using FreeBSD if_ipsec(4) VTI: Applied in changeset commit:aea2a0c333407c0d8b74a51a9dec0829dc78db72. Jim Pingle
03:24 AM Bug #8549 (Not a Bug): IPsec: Enable bypass for LAN interface IP has no effect when supernetting in IPSec P2: My current setup allows access to the LAN Interface IP (192.168.1.1/24) through the IPsec VPN connection no matter ho... Lars Wolos

06/05/2018

09:24 PM Feature #8544: Routed IPsec using FreeBSD if_ipsec(4) VTI: Interface numbering is fixed, VTI reqids work as expected and line up between strongswan and ipsecX numbering and use... Jim Pingle
09:11 AM Feature #8544 (Assigned): Routed IPsec using FreeBSD if_ipsec(4) VTI: There is a problem with how the interfaces are numbered, since with more tunnels and phase 2 entries around the ID us... Jim Pingle
09:00 PM Revision 235c051f: Rework how IPsec VTI interfaces and reqid specifications for same are formed. Ticket #8544: Jim Pingle
06:05 PM Revision 0dbc88bd: Enable pfBlockerNG-devel build: Renato Botelho
06:05 PM Revision a8bf3fd0: Enable pfBlockerNG-devel build: Renato Botelho
06:04 PM Revision 66de7add: Enable pfBlockerNG-devel build: Renato Botelho

06/04/2018

06:21 PM Revision 65767828: IPsec VTI interface refinements/fixes. Ticket #8544: Jim Pingle
06:01 PM pfSense Packages Bug #5168: squid doesn't function during/after HA failover: Chris Buechler wrote:
> should be possible, and a good idea, to list VIPs in the binding list.
>
> As a workaroun... Adam Gibson
04:02 PM Feature #8548 (Resolved): User creation is not logged correctly: Two issues:
1. Creating a non-admin user via WebGUI does not show in log.
2. Creating a new user in admin group... Ivor Kreso
02:28 PM Feature #8544 (Feedback): Routed IPsec using FreeBSD if_ipsec(4) VTI: Changes pushed, next snapshots should be better for testing. Jim Pingle
01:10 PM Feature #8544 (Assigned): Routed IPsec using FreeBSD if_ipsec(4) VTI: Reopening as there are some issues with how the tunnel addresses are applied to the interface (local and remote shoul... Jim Pingle

06/03/2018

03:35 PM Feature #8546: Ability to download pfSense updates via another gateway: Understood, thank you very much. Stéphane Lapie
02:31 PM Feature #8546 (Duplicate): Ability to download pfSense updates via another gateway: This is already covered by other things here, and likely is already solved on 2.4.4 by the new feature where you can ... Jim Pingle
11:10 AM Feature #8544: Routed IPsec using FreeBSD if_ipsec(4) VTI: Jim Pingle wrote:
> Once a new snapshot is up with the later two commits it should be OK for testing.
Just tested... Michael OBrien

06/02/2018

09:13 AM Bug #8498 (Not a Bug): cloudflare Dynamic DNS is not working: Jim Pingle
09:00 AM Bug #8498: cloudflare Dynamic DNS is not working: This was an issue in your configuration and no bug oft pfsense.
You had no entry makkawi.win in cloudflare. So pf... Michael Geiger
09:12 AM Feature #3652: OpenVPN - Dynamic IPv6 Tunnel Network: Feature #7281 is a duplicate of that
I would love to see this feature too. Unfortunatley it is not easy to implem... Michael Geiger

06/01/2018

01:19 PM Revision 4069207f: Use recently created RELENG_2_4_4 branch for FreeBSD-src: Renato Botelho
06:38 AM pfSense Packages Feature #8547 (New): fwknop Port Knocking Package: "fwknop":http://www.cipherdyne.org/fwknop is a quite well established "next generation" advance on simple port knocki... Stilez y

05/31/2018

09:38 PM Feature #8546 (Duplicate): Ability to download pfSense updates via another gateway: I am mainly using pfSense in a CARP+HAproxy scenario (with a WAN and a LAN interface), and have to face a little conu... Stéphane Lapie
09:22 PM Revision be7c1319: PHP7 fixed illegal string offset warning: Stephen Jones
07:36 PM Bug #8489: DHCPv6 Client Failure to Initialize with "Do not wait for RA": Jim Pingle wrote:
> I still can't replicate this here even by checking "Do not wait for RA", but I do not have a pro... Daryl Morse
06:43 PM Revision a74b4e30: Enable ACB2 build: Renato Botelho
03:09 PM Revision 78031530: Add the missing new line.: Luiz Souza
02:41 PM Revision 5ecce9d0: Fix reference to non-existent variable in IPsec P1. Fixes #8543: (cherry picked from commit ac976b7e061f19d108a6f60a57ce6866dd0a9499) Jim Pingle
02:40 PM Revision ac976b7e: Fix reference to non-existent variable in IPsec P1. Fixes #8543: Jim Pingle
01:53 PM Revision e8f7e051: A couple vpn.inc refinements for VTI. Ticket #8544: Jim Pingle
01:15 PM Revision 50c4282d: Add vpn.inc changes for IPsec VTI that missed the previous commit. Ticket #8544: Jim Pingle
09:59 AM Bug #8545: LACP can't be established on QLogic NetXtreme II BCM57810 NICs: That should probably be tested on FreeBSD directly to see if the problem happens there as well. It sounds like a driv... Jim Pingle
06:50 AM Bug #8545 (Rejected): LACP can't be established on QLogic NetXtreme II BCM57810 NICs: I created LAGG interface with two network cards (QLogic NetXtreme II BCM57810 10GbE (B0) BXE v:1.78.90) and assigned ... Alex Kolesnik
09:50 AM Feature #8544: Routed IPsec using FreeBSD if_ipsec(4) VTI: Once a new snapshot is up with the later two commits it should be OK for testing. Jim Pingle
09:50 AM Bug #8543 (Feedback): IKE Phase 1 configuration not working: Applied in changeset commit:ac976b7e061f19d108a6f60a57ce6866dd0a9499. Jim Pingle
09:41 AM Bug #8543 (Confirmed): IKE Phase 1 configuration not working: OK, I can replicate it in IE and confirm the fix. Pushing momentarily. Jim Pingle
12:41 AM Bug #8543: IKE Phase 1 configuration not working: I used chrome Version 57.0.2987.133 (64-bit) and MS-IE 11.431.162990 (32 and 64 bit) on Windows 10.
This depends o... Thomas Eckardt
09:35 AM Feature #7029 (Closed): GRE interfaces not available as SPAN port: As far as I can tell, FreeBSD doesn't support it. If you want ERSPAN support for FreeBSD GRE interfaces, the issue ne... Jim Pingle
05:45 AM Feature #7029: GRE interfaces not available as SPAN port: Any news on this one? In our virtualized world, it would be awesome to be able to forward copy of traffic over L3. Es... Idar Lund

05/30/2018

08:53 PM Revision bd4c337c: Please welcome routed IPsec using if_ipsec VTI interfaces. Implements #8544: To use, create a P1/P2 and set P2 to VTI using local/remote network as tunnel endpoint addresses, then assign the int... Jim Pingle
08:45 PM Bug #6974: radvd enabled on a disconnected interface kills RA completely on all interfaces: and... should be fixed by radvd-2.17_5. Check #8429 for the current bug. Luiz Souza
08:43 PM Bug #8429 (Feedback): radvd/IPv6 broken in 2.4.3 when using a LAN bridge: Should be fixed with radvd-2.17_5. Please check with the next 2.4.4 snapshot.
Sorry for the breakage. Luiz Souza
04:10 PM Feature #8544 (Feedback): Routed IPsec using FreeBSD if_ipsec(4) VTI: Applied in changeset commit:bd4c337c061f989c4be1bbeaf207447cd8af4989. Jim Pingle
03:53 PM Feature #8544 (Resolved): Routed IPsec using FreeBSD if_ipsec(4) VTI: Add routed IPsec using @if_ipsec(4)@ VTI (Virtual Tunnel Interfaces) from FreeBSD 11.1 and later with strongSwan.
... Jim Pingle
03:06 PM Revision a342020d: Do not disable rekeying by default on IPsec P1 entries. Fixes #8540: Jim Pingle
02:49 PM Revision 5f04221b: Do not disable rekeying by default on IPsec P1 entries. Fixes #8540: Jim Pingle
01:53 PM Revision 15f5dea7: Fix crash reporter download button display when there are only PHP errors, no textdumps.: (cherry picked from commit 3db214ddb99bea076c964bd90538d5975287456b) Jim Pingle
01:53 PM Revision 3db214dd: Fix crash reporter download button display when there are only PHP errors, no textdumps.: Jim Pingle
10:05 AM Bug #8543 (Feedback): IKE Phase 1 configuration not working: I can't replicate this problem here. I see what you mean about that variable not being populated, but the page still ... Jim Pingle
10:00 AM Bug #8540 (Feedback): Disable Rekey Checkbox Should be Disabled on New IPsec Tunnels: Applied in changeset commit:5f04221b2b4e448e7502a2e9f88f0d1295a67f03. Jim Pingle
09:30 AM Bug #8489 (New): DHCPv6 Client Failure to Initialize with "Do not wait for RA": I still can't replicate this here even by checking "Do not wait for RA", but I do not have a provider that requires i... Jim Pingle

05/29/2018

01:34 PM Revision cee46a8f: Use the variable and not a constant: Renato Botelho
01:34 PM Revision 9b11388d: Fix syntax: Renato Botelho
01:34 PM Revision 7aefd1fa: Do not depend of pfSense-builder meta package, track dependencies using pkg: Renato Botelho
01:33 PM Revision ffeac248: Use the variable and not a constant: Renato Botelho
01:32 PM Revision 1386a2e4: Fix syntax: Renato Botelho
01:30 PM Revision 1b40e1a6: Do not depend of pfSense-builder meta package, track dependencies using pkg: Renato Botelho

05/28/2018

11:56 PM Bug #8543 (Resolved): IKE Phase 1 configuration not working: issue:
strongSwan uses only AES 128, because keylen is empty in the pfsense config file.
... Thomas Eckardt
09:07 PM Bug #8542 (Closed): Web GUI did not prompt for NIC reassignment when config restore on hardware with different NICs was performed: Old system: SG-1000 pfsense 2.4.3
New system: amd64 mini-PC pfsense 2.4.3 freshly installed with two realtek NICs na... Jakub Osika
08:54 PM Bug #8541 (Rejected): pf blocking OpenVPN connection causing OpenVPN fail repeatedly and then connecting successfully when connection is no longer being blocked: Hey,
I recently switched to development snapshots and I have noticed that suricata and openvpn together give out s... rub man
08:26 PM pfSense Packages Todo #8433: Upgrade NRPE-SSL Package to NRPE3: The only valid test would be on 2.4.4 or 2.3.5-p2 (where it wasn't intended to be yet, but ended up after the last re... Jim Pingle
08:25 PM pfSense Packages Todo #8433: Upgrade NRPE-SSL Package to NRPE3: How can I go about testing it on 2.4.3-p1 to help out? I currently just have the nrpe3 package installed from the Fre... Ken Sim
07:51 PM pfSense Packages Todo #8433: Upgrade NRPE-SSL Package to NRPE3: I haven't had any feedback on how well (if at all) that it works. If it can get some testing, at least on 2.4.4, then... Jim Pingle
07:34 PM pfSense Packages Todo #8433: Upgrade NRPE-SSL Package to NRPE3: Jim,
Is it possible to get it back ported to 2.4.3-p1 or is there still some issues that need to be worked out?
... Ken Sim
05:07 PM Bug #8540 (Resolved): Disable Rekey Checkbox Should be Disabled on New IPsec Tunnels: When a new IPsec Phase 1 tunnel is created the Disable Rekey checkbox is checked by default.
I would argue that th... Chris Linstruth

05/27/2018

08:12 PM pfSense Packages Todo #8433: Upgrade NRPE-SSL Package to NRPE3: Good timing. Ubuntu 18.04 ships with a new version of OpenSSL that stops @check_nrpe@ from contacting old versions be... Yehuda Katz
03:45 PM Bug #8539 (Resolved): ACLs not configurable in German Language UI: Webinterface does not save ACL entries or changes to existing ones when WebUI is set to German language. Works fine w... Marcus Scholz
12:22 PM Bug #8489: DHCPv6 Client Failure to Initialize with "Do not wait for RA": Is this error: May 21 14:51:51 dhcp6c 49073 transmit failed: Input/output error generated by pfsense or freebsd? I no... Daryl Morse
07:04 AM Bug #7600: Unable to save DNS Resolver settings: I can agree that is in the 2.4.3-RELEASE-p1 (amd64) as well!!
My solution was to deactivate and deinstall "pfBlock... E P

05/26/2018

01:15 PM Bug #8489: DHCPv6 Client Failure to Initialize with "Do not wait for RA": Jim Pingle wrote:
> I can't reproduce this here on any hardware I have, real or virtual.
>
> It might be in that ... Daryl Morse
08:21 AM Bug #8489 (Not a Bug): DHCPv6 Client Failure to Initialize with "Do not wait for RA": I can't reproduce this here on any hardware I have, real or virtual.
It might be in that NIC driver, or some other... Jim Pingle

05/25/2018

06:19 PM Revision 5adda2a2: Make sure gnid, crypto tools and athstats are build with proper compiler: Renato Botelho
06:19 PM Revision 06c13973: Make sure gnid, crypto tools and athstats are build with proper compiler: Renato Botelho
03:26 PM Revision 901916d4: Fix crash reporter "submit" wording (can't submit anymore!): (cherry picked from commit ca06add8b4a61c8ad020e97cb55471bf52c0929c) Jim Pingle
03:26 PM Revision ca06add8: Fix crash reporter "submit" wording (can't submit anymore!): Jim Pingle
03:24 PM Revision c8975d3a: Rework crash reporter page so users can download the data files directly rather than submitting to a server.: Jim Pingle
03:23 PM Revision da6af9ce: Rework crash reporter page so users can download the data files directly rather than submitting to a server.: Jim Pingle
02:50 PM Bug #8070: IKEv2 IPSec tunnel under load crashes pfSense when AES-NI is enabled: Jan Jurkus wrote:
> I want to refer you to this forumpost: https://forum.pfsense.org/index.php?topic=139146.0
>
>... Paul Youngberg
12:46 PM Revision da246f54: Make sure core packages are built with proper ABI information: Renato Botelho
12:46 PM Revision dff2bf9c: Make sure core packages are built with proper ABI information: Renato Botelho
11:58 AM Revision 21c6fa05: Use already defined variable: Renato Botelho
11:18 AM Bug #8537: Update from 2.3.5_1 to 2.3.5_2 on nanobsd failed: I cannot confirm this.
Update from 2.3.5_1 to 2.3.5_2 on nanobsd successful here. Chris Palmer
09:03 AM Bug #8537: Update from 2.3.5_1 to 2.3.5_2 on nanobsd failed: Jim Pingle wrote:
> "Secondary partition (/dev/ufs/pfsense1), used for upgrade not found" reads like you didn't writ... Laurent BONNIN
07:46 AM Bug #8537 (Not a Bug): Update from 2.3.5_1 to 2.3.5_2 on nanobsd failed: "Secondary partition (/dev/ufs/pfsense1), used for upgrade not found" reads like you didn't write a full NanoBSD imag... Jim Pingle
06:46 AM Bug #8537 (Not a Bug): Update from 2.3.5_1 to 2.3.5_2 on nanobsd failed: Update process from GUI failed due to Duplicate slice missing.
See below detailled informations from GUI textare
... Laurent BONNIN
10:03 AM pfSense Packages Bug #8538: arpwatch missing ethercodes.dat: actually, this is syntax error -- single-quote vs double-quote issue on line 149 of the .inc
changing it to ARPWAT... ROB VANHOOREN
09:35 AM pfSense Packages Bug #8538 (Closed): arpwatch missing ethercodes.dat: attached script will pull down the current mac address data from IEEE and parse it for arpwatch (and nmap, fwiw)
i... ROB VANHOOREN

05/24/2018

04:12 PM Feature #2358: NAT64 support: I would like to see this added as well. Large companies such as Microsoft are using NAT64 and going IPv6 only because... Isaac McDonald
01:12 PM pfSense Packages Bug #8438: haproxy: can't use ACL for cert with http-response actions: Thanks for checking.
- Inconsistent method of reordering list entries
I thought i removed those up/down arrows. T... Pi Ba
08:24 AM pfSense Packages Bug #8438: haproxy: can't use ACL for cert with http-response actions: Done some quick test and it seems mostly fine, even the configuration was "migrated" successfully.
Just few things I... Petr H
08:37 AM Bug #8536 (Duplicate): Logout not working as intended: Appears to be a duplicate of #8441
Try on 2.4.3-p1, not 2.4.3. Jim Pingle
08:29 AM Bug #8536 (Duplicate): Logout not working as intended: Hi,
On 2.4.3, we using multiple CP with multiple virtual interface (vlan tagging).
When a user disconnect (or an ... Nymous Ano

05/23/2018

09:16 PM Bug #8535 (Duplicate): SMTP fails to work with STARTTLS and TLS: Problems:
1) I read on the pfSense forums that the new Pear-Mail should automatically use STARTTLS if the server off... Jeremy 99
08:41 PM Revision 60682dd2: Restrict entry of DHCP options (ticket #8534): Michael Newton
06:08 PM pfSense Packages Bug #8438: haproxy: can't use ACL for cert with http-response actions: Ive added a set of commits to this branche for now..: https://github.com/PiBa-NL/FreeBSD-ports/tree/20180521-haproxy-... Pi Ba
04:12 PM Revision 7c41a378: PHP 7.2 fixed string offset and undefined constant: Stephen Jones
03:42 PM Bug #8534: Invalid DHCP options can be added: See https://github.com/pfsense/pfsense/pull/3943 Michael Newton
03:37 PM Bug #8534 (Resolved): Invalid DHCP options can be added: Had a user who wanted to temporarily "disable" a DHCP option so he set it to zero. This corrupted the DHCP response. ... Michael Newton
12:23 PM Revision 3f1791a2: Update translation files: Renato Botelho
12:23 PM Revision 57d932e8: Regenerate pot: Renato Botelho
03:03 AM Bug #8498: cloudflare Dynamic DNS is not working: Now it is working with 2.4.3 p1
Also I added dynamic in cloudflare and in the host name
See attached picture Mohammad Makkawi

05/22/2018

08:59 PM Bug #8533: OpenVPN with 2 site to site tunnels adds routes to first OpenVPN interface only: My apologies, the update information on the firewall was telling me I was already on the latest version, will investi... Jonathan Trott
08:53 PM Bug #8533 (Rejected): OpenVPN with 2 site to site tunnels adds routes to first OpenVPN interface only: Highly unlikely there is a bug here, it's most likely a configuration issue. Please post on the forum (when it comes ... Jim Pingle
08:32 PM Bug #8533 (Rejected): OpenVPN with 2 site to site tunnels adds routes to first OpenVPN interface only: We had setup a single OpenVPN site to site connection to a remote Sophos XG firewall with no issues. pfSense being th... Jonathan Trott
02:24 PM Revision 1b5fbae4: PHP 7.2 Migration. Replace is_numeric() with ctype_xdigit() to check for valid hex string: Stephen Jones
01:25 PM Revision 03ce1107: Add switch config to status output. Implements #8525: Jim Pingle
08:40 AM Feature #8525 (Feedback): add to status.php: Applied in changeset commit:03ce110725129b5f35c62f4985f631a1e3b5d046. Jim Pingle
07:45 AM Feature #8532 (New): Ability to add metric to pushed routes: By default GUI for OpenVPN server creates line as:... Pawel Szafer
12:17 AM Feature #336: Option to create lagg under assign interfaces: If you only needed the LAGG, VLANs and the interfaces :... Stéphane Lapie

05/21/2018

11:02 PM Feature #336: Option to create lagg under assign interfaces: I decided to go the very nasty route, and use PHP Shell :... Stéphane Lapie
09:06 PM Revision 059d8a71: PHP migration 7.2 enforce type array: Stephen Jones
05:23 PM Bug #8531: URL Table aliases don't support FQDNs or names that return >1 IP: I added timeout values to the dig command, but rather than 2 separate commits for this tiny patch, I made a new branc... → luckman212
03:08 PM Bug #8531 (Resolved): URL Table aliases don't support FQDNs or names that return >1 IP: In my testing (pfSense 2.4.3-p1 as well as 'master') the only Alias type that supports FQDNs is "Host". This is limit... → luckman212
05:03 PM Bug #8489: DHCPv6 Client Failure to Initialize with "Do not wait for RA": I performed a clean installation from the latest snapshot (May 21st). The problem is still present.
These DHCP log... Daryl Morse
03:54 PM Bug #6481: loading EAP_RADIUS method failed: I can confirm the bug is still on 2.4.3. Friedrich Schnabel
09:35 AM Bug #8530 (Resolved): Delete allowed hostname/ip doesn't work if captive portal is not enabled.: I noticed in a captive portal zone you can add new allowed hostnames and allowed IP's while the captive portal zone i... Anonymous
07:49 AM Bug #8528: IPsec does not start at boot: That is a topic for a discussion platform (forum, reddit, list) not a bug tracking system. Jim Pingle
07:46 AM Bug #8528: IPsec does not start at boot: Hi,
But there is no any logs in system. 2 times ipsec starts ok, and third fail. How to at least track it? There i... Dmitriy Stark
07:18 AM Bug #8528 (Not a Bug): IPsec does not start at boot: You appear to have something unrelated happening on your system causing some startup tasks to fail. There is no confi... Jim Pingle
05:29 AM Bug #8528 (Not a Bug): IPsec does not start at boot: Hi,
I setup reboot pfSense everynight to avoid memory leak. I understand that this is not really good idea, but be... Dmitriy Stark
07:41 AM pfSense Packages Bug #8514: Captiveportal save or update: Jim Pingle wrote:
> Try on a 2.4.4 snapshot, there were changes recently which may have improved situations where lo... Mehmet Ali Gökbaş
07:27 AM Bug #8429: radvd/IPv6 broken in 2.4.3 when using a LAN bridge: Same here Nicolas Vollmar
07:26 AM Bug #6974: radvd enabled on a disconnected interface kills RA completely on all interfaces: Spencer Hakim wrote:
> Hi, the fix to this bug breaks radvd for bridge interfaces, which subsequently breaks IPv6 ro... Nicolas Vollmar
07:19 AM Bug #8529 (Not a Bug): shellcmd does not run service: You appear to have something unrelated happening on your system causing some startup tasks to fail. There is no confi... Jim Pingle
05:38 AM Bug #8529 (Not a Bug): shellcmd does not run service: Hi,
I'm trying to collect statistic from pfSense with Prometheus node_exporter. node_exporter installed from with:... Dmitriy Stark
03:52 AM Bug #8527 (Resolved): VLANs losing parent interface on LAGG change: Hi, I am using 2.4.3_1 and seem to be experiencing a regression of Issue 3976 https://redmine.pfsense.org/issues/3976... Thomas Spaziani

05/20/2018

05:50 AM Bug #8429: radvd/IPv6 broken in 2.4.3 when using a LAN bridge: Same here:... Michael Duller

Also available in: Atom

Project

General

Profile

pfSense

Activity

Activity

06/18/2018

06/16/2018

06/15/2018

06/14/2018

06/13/2018

06/12/2018

06/11/2018

06/10/2018

06/09/2018

06/08/2018

06/07/2018

06/06/2018

06/05/2018

06/04/2018

06/03/2018

06/02/2018

06/01/2018

05/31/2018

05/30/2018

05/29/2018

05/28/2018

05/27/2018

05/26/2018

05/25/2018

05/24/2018

05/23/2018

05/22/2018

05/21/2018

05/20/2018