Activity
From 05/26/2018 to 06/24/2018
06/24/2018
-
08:28 PM
Feature #8598 (Resolved): Add IPsec identifiers to Status > IPsec
- Add the IPsec identifiers used in the IPsec configuration, on the Status > IPsec page.
-
08:20 PM
Bug #8597 (Resolved): When editing a firewall rule, the "Action" field is selected
- When a user goes to edit a firewall rule, the page loads with the "Action" field selected (in Chrome and Firefox). If...
-
08:13 PM
Feature #8596 (Resolved): Warn user when default password has not been changed
- The user should be warned on every login that the default password has not been changed, until it's been changed.
... - 12:28 PM Revision 561077c7: routing, fix setting the default-route when the configured default gateway is a dynamic pppoe gateway
-
08:23 AM Bug #8595: Maybe a new mpd5-x+1 MTU ISSUE WITH ORANGE FR
- Eugene Grosbein - 29 minutes ago
I have just updated FreeBSD's net/mpd5 port up to revision 5.8_4 that contains t... -
- It s work for me
https://sourceforge.net/p/mpd/bugs/62/#7142
Eugene Grosbein make a binary https://sourceforge... -
- https://sourceforge.net/p/mpd/bugs/62/#b64c
A patch to try -
07:32 AM Bug #8561: default-route is not always set for a pppoe connection after bootup.
- Sorry, forgot the '!', new PR added: https://github.com/pfsense/pfsense/pull/3956
06/23/2018
- 02:11 PM Revision 264f4423: routing, when adding a new gateway and setting it as the default actually allow that to happen by indicating the proper ipprotocol for the gateway to set it for as a default
-
- fix submitted: https://github.com/pfsense/pfsense/pull/3955
- 11:10 AM Revision 36cfae5f: Add 6144/remove 512 from cert size options
-
- hi guys
I opened a thread here : https://sourceforge.net/p/mpd/bugs/62/
I have the feeling that awesome guys are ... -
06:11 AM
Bug #8594: Assess default crypto settings for OpenVPN/IPsec
- Additionally, I'd like to make two additional changes:
# Add a 6144-bit option to the CA and Cert Manager pages (t... -
06:09 AM
Bug #8594: Assess default crypto settings for OpenVPN/IPsec
- Additionally, I'd like to make two additional changes:
1. Add a 6144-bit option to the CA and Cert Manager pages (... - 03:30 AM Revision ec9343c0: Update crypto defaults for OpenVPN/IPsec
- Updated default cipher to AES-128, default hash to SHA256, default DH group to 2048 bit (IPsec DH group 14).
- 02:19 AM Revision 4b6bf6aa: Remove RFC 7919 from DH group titles
- Nothing is preventing the user from overwriting them, which would mean they're no longer the RFC groups.
- 02:17 AM Revision 43228ab3: Added new DH groups to valid groups list
06/22/2018
- 07:58 PM Revision aa93d3fa: Reduce max interval to 60 minutes
- Per discussion on Redmine, bringing the maximum probe interval down to 60 minutes. Anything higher than this would pr...
- 07:18 PM Revision bad35425: Properly escape the single quotes
-
07:01 PM Revision e7d76457: Redmine #8592: Clarify DHCP hostname registration
- 07:00 PM Revision 7ae00d0d: Extend maximum monitoring interval.
- The existing monitoring interval was a maximum of 86400 ms, or approximately 86 seconds. This can cause excessive dat...
-
05:43 PM
Bug #8594 (Resolved): Assess default crypto settings for OpenVPN/IPsec
- Per Jim's comment on https://github.com/pfsense/pfsense/pull/3951. If any changes are approved, I'll be happy to subm...
- 03:13 PM Revision 3efa3530: Provide DH groups from RFC 7919.
- Replaced 2048-bit and 4096-bit groups with RFC 7919 parameters. Added 3072, 6144, and 8192-bit groups from same. Relo...
- 03:06 PM Revision 3937cbaa: Remove DH group name from output.
- Accidentally left that line in from testing.
- 03:05 PM Revision 45bebeb8: Create generate_ffdhe.py
- This script converts the hexadecimal-format parameters from RFC 7919 to usable PEM format DH groups.
-
02:59 PM
Bug #8593: Extend maximum gateway monitoring ping interval
- Change committed to the PR branch.
-
02:57 PM
Bug #8593: Extend maximum gateway monitoring ping interval
- I'll be honest, I didn't really have a maximum value in mind. I saw the existing value and thought "oh, they must hav...
-
02:41 PM Bug #8593: Extend maximum gateway monitoring ping interval
- I'd prefer that, but it's open for debate if there is a valid use case I'm not thinking of.
-
02:25 PM
Bug #8593: Extend maximum gateway monitoring ping interval
- I can modify it down to 3,600,000 ms (60 minutes) in the PR, if that works.
-
- The 86400 limit is likely a holdover from when it used to be seconds, but letting it go up to a full day seems like i...
-
02:07 PM
Bug #8593: Extend maximum gateway monitoring ping interval
- Submitted PR: https://github.com/pfsense/pfsense/pull/3953
-
02:05 PM
Bug #8593 (Resolved): Extend maximum gateway monitoring ping interval
- The existing maximum gateway monitoring ping interval is 86,400 ms, or about a minute and a half. Over strictly meter...
-
- Issue addressed in PR https://github.com/pfsense/pfsense/pull/3952
-
- Granted it could be more clear, but DHCP is always IPv4, it does not refer to both. For IPv6 support, things are labe...
-
- If that's the case, the description for the option should be changed to reflect the fact that it only applies to IPv4...
-
- DHCPv6 does not support registering hostnames, so this is working as expected. Only IPv4 DHCP is capable of pulling h...
-
- Attempts to enable "@Register DHCP leases in the DNS Resolver@" in the "DNS Resolver" module fail when only DHCPv6 is...
-
- On interfaces.php, for a static IP Address WAN, the "Add a new Gateway" button/modal lets you add a gateway and it ha...
-
- Latest snapshot is OK after Renato merged in changes from releng/11.2.
-
- PR has been merged
-
- PR has been merged
-
- PR has been merged
-
10:25 AM
Bug #8582: Ship RFC 7919-provided DH groups
- GitHub PR filed referencing this issue: https://github.com/pfsense/pfsense/pull/3951
-
- PR has been merged
-
- PR was merged yesterday.
-
- I concur with Justin. The security risks involved with agent forwarding make it undesirable for a firewall.
If som... -
09:08 AM
Bug #8590: sshd does not allow agent forwarding
- Sorin Sbarnea wrote:
> I am in favour of enabling it by default because I see no security risks with it and it would... -
04:12 AM Bug #8590 (Resolved): sshd does not allow agent forwarding
- Apparently /etc/ssh/sshd_config file is missing "AllowAgentForwarding yes" option, which prevents agent forwarding.
...
06/21/2018
- 07:56 PM Revision be228fd8: PHP7 fixed illegal string offset
- 03:09 PM Revision fc00cb20: Merge pull request #3950 from marcelloc/patch-5
- 03:07 PM Revision 1b213a45: Merge pull request #3949 from Hobby-Student/master
- 03:06 PM Revision 8baac392: Merge pull request #3947 from PiBa-NL/20180609-fix-default-route-for-dynamic-gateway-pppoe
-
03:04 PM pfSense Packages Bug #8589 (New): FreeRadius 0.15.5_2 ignoring tunnelled-reply=no
- I have disabled EAP tunneled reply, however the NAS is still receiving the response.
FreeRadius config:
peap {
... - 03:03 PM Revision 4439ab0b: Merge pull request #3945 from laurentquillerou/http2
- 03:01 PM Revision e0f84e05: Merge pull request #3943 from miken32/patch-2
-
-
01:00 PM Revision 525199ff: Fix typo
-
- The latest image, pfSense-CE-memstick-2.4.4-DEVELOPMENT-amd64-20180621-0604.img, should be a hybrid image but it does...
-
-
12:39 AM pfSense Packages Bug #8139: LADVD not working on LAGG interfaces
- Same bug was logged on the FreeNAS tracker too:
https://redmine.ixsystems.com/issues/27497
06/20/2018
-
09:51 PM Revision 4a1de53e: Merge https://github.com/pfsense/pfsense into http2
-
08:30 PM Revision a592da38: requested changes
-
08:13 PM Revision 9f208301: fix the fix
-
-
- Refer to bug #8587
-
- Forgot to test on systems without more then on swap file.
-The code needs more checks-
Pushed a fix for the fix. -
- Marcello Silva Coutinho wrote:
> On systems that swap was undersized and a another swap file had to be added, dashbo... -
- On systems that swap was undersized and a another swap file had to be added, dashboard fails to show right usage % an...
-
- added support of dns server
-
12:20 PM Revision fdbea0c6: misspelled ldap bind username variable
- * $ldapbndun -> $ldapbindun
(cherry picked from commit b310666c2662044ab761f8c9798a46a064d1c6d5) -
- * $ldapbndun -> $ldapbindun
(cherry picked from commit b310666c2662044ab761f8c9798a46a064d1c6d5) -
- * $ldapbndun -> $ldapbindun
(cherry picked from commit b310666c2662044ab761f8c9798a46a064d1c6d5) -
-
11:35 AM Bug #8586 (Resolved): Gateway Group trigger level
- Hi to all,
i think there is a problem using trigger level in gateway group other than "member down".
In function ... -
-
-
-
-
- Original PR was merged. There is a follow-up PR to address issues at https://github.com/pfsense/pfsense/pull/3949
-
- If a port channel is configured with an MTU of 9000, but one of the VLAN interfaces on that port channel is configure...
-
- On an SG-1000 I occasionally get "The update system is busy. Please try again later" message despite starting the upg...
-
-
-
-
-
-
-
-
-
- Works fine now
-
-
- These errors haven't shown up since this commit.
-
- If traffic matches a rule with logging set, it will log.
If traffic matches a rule without logging set, it won't log... -
07:38 AM Feature #8584 (Rejected): Suppress logging of specific firewall rule
- I have a number of floating rules that block traffic on my network (such as multicast traffic). Due to the nature of ...
-
- PR is at https://github.com/pfsense/pfsense/pull/3948
I just merged it, will hit the tree momentarily. -
- line #1017 of /etc/inc/auth.inc misspells $ldapbindun as $ldapbndun. PR on github coming shortly.
-
- * $ldapbndun -> $ldapbindun
06/19/2018
-
07:03 PM pfSense Packages Feature #8581: IPv6 hostnames
- Jim Pingle wrote:
> That relies on the client making it work, and that also doesn't change the fact that the server ... -
- That relies on the client making it work, and that also doesn't change the fact that the server doesn't record the ho...
-
- You can send fqdn to isc-dhcp v6. It is a matter of adding send fqdn.fqdn = gethostname() to the client dhclient.conf...
-
- Duplicate of #2017
DHCPv6 clients don't send a hostname, thus the ISC DHCPv6 daemon doesn't record one in the leas... -
- Would be nice if AAAA records were created the same as A records as issued by dhcpv6 in the resolver. Is this somethi...
-
- (cherry picked from commit 90b3235d6a47680655b8559618d2cd6841baf823)
-
-
- Now it checks to see if there are other VIPs in the same subnet left,
and only prevents deleting the last VIP by whic... -
- Now it checks to see if there are other VIPs in the same subnet left,
and only prevents deleting the last VIP by whic... -
- Applied in changeset commit:480c21f44c42dd84f7ca0e0db62a7a731ed0278e.
-
- Duplicate of #8580
-
05:02 AM Bug #8579: HAProxy produces intermittent 504 errors and sR–
- Sorry, I created this in the wrong project. New bug here:
https://redmine.pfsense.org/issues/8580
Feel free to ... -
- This turns out to be a bug in v1.7.10:
https://discourse.haproxy.org/t/intermittent-504-errors-and-sr-after-upgrad... -
07:16 AM
Bug #8582 (Resolved): Ship RFC 7919-provided DH groups
- Currently, pfSense ships DH groups at sizes 1024, 2048, and 4096, with no statement as to how/where/when these groups...
-
- This turns out to be a bug in v1.7.10:
https://discourse.haproxy.org/t/intermittent-504-errors-and-sr-after-upgrad... -
03:40 AM Bug #7175: SIP MESSAGE UDP packets not passed despite rules & pcaps showing otherwise
- i have a similar issue, if i do failover from one pfsense box to the other, sip traffic is not being passed in both d...
06/18/2018
-
- There is not enough information here for a bug report, and this is not a support or discussion platform.
Please po... -
09:25 PM Feature #8578 (Rejected): /var/unbound/test/unbound_server.pem: No such file or directory
- We cant save settings in DNS Resolver, we cant disable it either. We cant do browsing because of this. Can you help us?
-
- Easy to reproduce:
1. Add IP Alias VIP in new subnet
2. Add gateway in new subnet
3. Add second IP Alias VIP in ... -
- Duplicate of #4438
06/16/2018
-
06:29 PM pfSense Packages Bug #8577 (Resolved): Snort - Log retention not working
- The Snort package has an option under Services -> Snort -> Interfaces -> Log Mgmt to configure "Log Size and Retentio...
06/15/2018
- 08:56 PM Revision f54ca2e1: routing, rc.newwanip should also set default-route while booting for ppp interfaces
- otherwise we might end up without a default as the bootup script does not wait for ppp interface to obtain the ip, un...
- 08:41 PM Revision 5ffeceb6: Fixed #8515 fixed error in queue defintion where it would repeat
- It should now create a new definition for each queue. Queues should
now show up under status > queues. - 05:27 PM Revision 8991ac90: Added future ACB settings page
-
05:41 AM Bug #8573 (Resolved): email notifications
- Updated to yesterday's snapshots and it started to work
06/14/2018
-
- (cherry picked from commit feccd385d737ffd8c61ca977ee4d3dfa23c1aadc)
-
- If this isn't aggressive enough, we could remove the "local" changes and only
keep the new matching method.
(cherry ... -
- This way, users with only privs to view but not edit port forwards can still see the entries, but not act upon them.
... -
- (cherry picked from commit 173356547e0005bfe21ba4b2345919dcb89a2fbf)
- 06:38 PM Revision 90224db0: Allow hostname/ip to be deleted if the captive portal is not enabled
- (cherry picked from commit cc52daa63deb98f6fbcd5edbc24fc65b62eabbec)
- 06:38 PM Revision fb4cf3e9: Fixed #8539
- (cherry picked from commit 880363af764ab31f2bdf6ee7a7921aeaed577e76)
-
- (cherry picked from commit 3fa6d46229757e2316120a7160a806bb7d28a8ed)
-
- (cherry picked from commit 03ce110725129b5f35c62f4985f631a1e3b5d046)
- 06:38 PM Revision 9dd89897: Fix bug for rules 'permit ip any any' from LDAP/AD
- (cherry picked from commit 1a6857d0eb39e72f12c6f02763863f218ad07293)
-
-
-
- Applied in changeset commit:feccd385d737ffd8c61ca977ee4d3dfa23c1aadc.
-
- Looks like invalid input caused it, needs some validation. Commit is on its way.
-
12:11 PM Bug #8575 (Resolved): IPv6 NPt field order bug?
Hoping this isn't a duplicate of 6985, but appears to be related.
Running 2.4.3_1, appears adding a new NPt crea...-
12:43 PM
Bug #8576 (Closed): pfSense stops passing traffic after some time when using Outbound NAT pool w/ Sticky Address
- With an outbound NAT mapping configured using pool option "Round Robin with Sticky Address" or "Random with Sticky Ad...
- 12:39 PM Revision 74b3e6ec: 1. I rewound src/etc/inc/config.inc back to you guys' base. It was some funny EOL stuff that happened.
- 2. Unwrapped gettext()
3. Agreed. Sanitized.
4. Unwrapped gettext()
5. Took out input_errors item
6. Took out input_... -
04:40 AM pfSense Packages Feature #8574 (Resolved): Enable AgentX-support in lldpd using GUI
- The lldpd-package provided by the package manager seems to be compiled with AgentX-support, but there is nowhere to a...
06/13/2018
-
09:50 PM Bug #8492: Enable setting PKCS#12 export password in Certificate Manager
- Running 2.4.3-RELEASE-p1 (amd64). The ability to export a keypair as a PKCS12 package (.p12) without a password is ju...
-
- Mail notifications work OK here but I'm not using gmail. Perhaps they shut off port 465? Uncheck the ssl box in setti...
-
- Have not gotten an email notification of boot-up, reboot or gateway event since Jun 9, getting error:
Error: Faile... -
-
- Tested good on latest image: Thanks!
- 07:25 PM Revision 26300aa8: Add more informative documentation
-
- The box is working as designed. That enables/disables password authentication. Keys always work. Whether or not the k...
-
06:30 PM Bug #8572 (Not a Bug): Secure shell: "Authentication Method" option ignored when RSA key configured
- When one (or more) RSA key(s) is(are) configured for the admin user, the "Authentication Method" option for Secure sh...
-
- If this isn't aggressive enough, we could remove the "local" changes and only
keep the new matching method. -
11:15 AM pfSense Packages Bug #8568: FreeRadius- Tunnel-Private-Group-ID or VLAN-ID field no longer taking string value. It only take an integer.
- Thank you Jim. I verified in my lab and it's working great now! Really appreciate the quick turnaround.
Thanks,
... -
- I removed the VLAN ID input validation that was preventing your custom value from being saved. It was, as you pointed...
-
10:33 AM Bug #7905: OpenVPN Authentication Against Backend Stalls All Server Traffic
- I've added another pull request which includes the new plugin port as a dependency to the main pfSense port.
https... -
- Applied in changeset commit:7f943a2269dea1efd9bf42320d14ae7e0ca4a4f7.
-
- We have code that cleans up and eliminates duplicate settings in loader.conf and loader.conf.local to avoid foot-shoo...
-
03:10 AM Bug #8570 (New): Empty (dn)shaper config gets populated with newline
- Whenever I change something in fw rules the shaper and dnspaher config changes from 'empty' to 'newline':...
06/12/2018
-
- We've been over this before when it comes up, see #6877 for example.
It doesn't hurt to have it there, the GUI che... -
03:18 PM Bug #8569 (Not a Bug): Certificates generated using deprecated extensions
- Any certificate generated in the certificate management interface is generated with a Netscape Cert Type extension in...
-
- on Pfsense 2.3-RELEASE, it took a string value such as U:10 or U:Data-vlan, and T:20 or T:Voice-vlan for untagged and...
-
01:26 PM Bug #8567 (New): Using IPv6 VIP alias for services may affect CARP IPv6 VIP work
- During investigation of customer request found IPv6 VIP alias for services may affect CARP IPv6 VIP work. CARP IPv6 V...
-
- During investigation of customer request found system uses wrong IPv6 sources for NS requests therefore they never be...
-
- Duplicate of #8543 (fixed on 2.4.4)
-
08:25 AM Bug #7604: Bug #6594 is not resolved: Waiting for Internet connection to update pkg metadata and finish package reinstallation
- A different workaround for those who are just trying to factory the unit:
Escape to shell, (Single user, CTRL+C)
... -
- That version is over 6 years out of date. Problem reports against old, unsupported versions are not acceptable. Upgra...
-
07:10 AM Bug #8565 (Rejected): NAT with IPSec
- I have a configuration described in the Word attached document.
The version of the PFSENSE product is
2.0.1-RELEASE... -
- xavier Lemaire wrote:
> May be next release will be clean with us ?
> https://github.com/FRRouting/frr/releases/tag... -
- May be next release will be clean with us ?
https://github.com/FRRouting/frr/releases/tag/frr-5.0
06/11/2018
-
- Some variables were pre-populated with a string, then math was attempted based on a string value that couldn't be con...
-
-
- This way, users with only privs to view but not edit port forwards can still see the entries, but not act upon them.
-
01:55 PM Feature #8564 (Duplicate): IP Hostname for GRE Tunnel
- Hello! I made this post on the pfSense forums: https://forum.netgate.com/topic/131806/ip-dns-suggestion
It'd be gr... -
- Applied in changeset commit:0dfce56bcec17e4898ab0b2b5b15db0d208bc93e.
-
- Applied in changeset commit:2e6167e71e7f6d83f52094a22a9a5be6ea39859b.
-
- A user with the "WebCfg - Firewall: NAT: Port Forward" privilege can open firewall_nat.php but none of the port forwa...
-
03:35 AM Bug #8559: Dynamic Gateway (from e.g. OVPN) only able to disable after edit
- That makes it clear, why the delete button only appears after editing. Thanks. But what about the disable button? Sho...
06/10/2018
- 12:59 PM Revision 092abdb6: routeing, gateways show proper IPv4 IPv6 default, also for dynamic gateways
-
08:54 AM
Bug #8562: IPSEC widget
- Possibly caused by https://github.com/pfsense/pfsense/commit/235c051f1f48ef30d7962324c488b3fec34d3d10
Assigned to ... -
07:59 AM
Bug #8562: IPSEC widget
- .
-
- The IPSEC widget is not displaying active tunnels correctly on latest snapshots.
-
06:14 AM Bug #6223: IPsec + OpenBGPD fails with "PF_KEY socket: No buffer space available"
- Bump.
Issue still persist.
Installed OpenBGPd for get pfsense connected to AWS via BGP , and also having IPsec IKE ...
06/09/2018
- 08:54 PM Revision 96b15e44: routing, fix setting the default-route when the configured default gateway is a dynamic pppoe gateway. it doesnt have a gateway-status when it hasn't connected yet.
-
- It seems the dynamic pppoe gateway does not have a status yet when it hasn’t connected before… And the code assumes i...
-
03:30 PM
Bug #8515: ts wizard syntax error (as of 2.4.4.a.20180514.0905)
- Retested Traffic Shaping Wizards on 2.4.4.a.20180609.0944 and got the following alerts in the GUI
Filter Reload
... -
03:24 PM
Bug #8457: Packages do not remove on factory default
- On SG-2440 2.4.4.a.20180609.0944, installed acme, performed hardware reset, the package appeared to be removed (shown...
-
-
- This reverts commit 8d22f4b19126cff52e6283a8c8de8849ad614992.
06/08/2018
-
-
- 07:22 PM Revision 41160d19: Fixed #8515 Queues should now be added either through manually creating them or through the wizard
-
-
-
03:15 PM Bug #8557: Unbound ACL Page: Parse error: syntax error, unexpected '{' in /usr/local/www/services_unbound_acls.php on line 126
- fixed now
-
- Applied in changeset commit:173356547e0005bfe21ba4b2345919dcb89a2fbf.
-
- php error log from crash report
-
- Unbound acl page is broken in latest snapshot, see screenshot for error:...
-
01:28 PM pfSense Packages Bug #8560: ACME: can't update DNS records in DNSMadeEasy registar for several domains with different API keys/ids
- I was able to fix it with the following workaround:
1. create a cert for the 1st cert in pfsense acme-certificates i... -
- The API key/id of the 3rd domain is used for updating records of the 1st domain. Please, see attached screenshots.
-
-
- Another fix in commit:d4b43c48ed1636d3fcd6e47d73ba721bd63d883a
-
- It's happening on a standalone system, not XMLRPC. Presumably it would also happen on a master if the same situation ...
-
- @jimp: pardon me for jumping in, but is that happening only on the slave via XMLRPC or is that happening on the maste...
-
- That's how dynamic gateways work. You also can't delete DHCP gateways or PPPoE gateways. "Deleting" them reverts them...
-
- Steps to reproduce:
1) create openvpn server
2) assign OPT interface to ovpns1
3) edit ovpns1 and make it active... -
- Some UI Pages like Certificate Manager etc. aren't sortable by columns. It would be great to have that ability in
...
06/07/2018
- 07:20 PM Revision cc52daa6: Allow hostname/ip to be deleted if the captive portal is not enabled
-
-
- Applied in changeset commit:a273f7bdff455a50156ab004358ba3909fa1fee7.
-
- This appears to be related to the automatic rules to pass traffic out from the firewall itself, for example:...
- 02:06 PM Revision 880363af: Fixed #8539
-
- PR: https://github.com/pfsense/pfsense/pull/3945
-
11:08 AM pfSense Packages Bug #7223: IPv4 Rules not working in Inline Mode
- Hi all, is this still an issue with the spring 2018 updates to Suricata? There was a forum discussion about it that ...
-
- The supersede change was committed and now has been MFC'd as well:
https://svnweb.freebsd.org/base?view=revision&r... -
- Some packages, including arping, mtr, nmap, and iperf, all behave this way. They use XML pages but when the user clic...
-
09:11 AM
Bug #8502 (Feedback): main (top) menu items do not drop down in some cases
- Almost any PHP error anywhere in the system will break the menu system. This issue should be resolved when the last o...
-
09:20 AM
Bug #8539: ACLs not configurable in German Language UI
- Applied in changeset commit:880363af764ab31f2bdf6ee7a7921aeaed577e76.
-
09:06 AM
Bug #8539 (Feedback): ACLs not configurable in German Language UI
-
09:09 AM
Bug #8504 (Closed): Default gateway missing after upgrade
- Has been working as expected for two weeks with no further failures observed.
-
- The reason we have not taken these approaches is primarily because they do not scale. Some people have state tables w...
-
- Looks like others have noticed the problem as well:
https://lists.freebsd.org/pipermail/freebsd-ports/2018-June/11... -
- I can't reproduce this here, I only get one e-mail per message even from Dynamic DNS updates. It may be specific to s...
-
02:45 AM Bug #8556 (Closed): Notification always sent twice via email - DynDNS updated IP Address on WAN (pppoe0) to
- When I get a new IP from my provider I always get *two* emails with same content about this event. E.g....
-
- Version 2.4-latest
I'll second this. The description field does not seem to be properly escaped when syncing to th...
06/06/2018
-
09:27 PM Bug #8555 (Duplicate): Selectively killing states on WAN failure
- The current options on a WAN failure is to kill all states, or none at all. In a scenario such as having a wireless ...
- 09:21 PM Revision 9e69907e: Cleanup the comment to be clearer
- 09:11 PM Revision d2cad3b5: Update to DNSimple APIv2 endpoint
-
-
- Sorry, I believe the patch should be:...
-
- The patches added in Bug #2887 no longer works as expected because the output of pfctl -ss no longer matches the form...
-
-
- Group error bug moved to #8553
-
- Applied in changeset commit:3fa6d46229757e2316120a7160a806bb7d28a8ed.
-
- #1 Adding logging is a feature request, not a bug.
#2 is not a logging issue, it's a bug and it needs its own ticket... -
- When creating a user, if a group is selected during account creation, the group is not added to the user at the OS le...
-
-
- http2 brings some improvements (single connection, multiplexing, etc.) and nginx supports it since version 1.9.5 (htt...
-
- Breaking this away from #8544 since the feature in general works aside from this separate issue.
With routed IPsec... -
12:48 PM pfSense Packages Bug #8550 (Closed): OpenBGPd: bgpd is not started at boot
- I have installed the OpenBGPd package on pfsense 2.4.2 and generally, it all works great.
However, after reboot, b... -
- It's not that easy either, FreeBSD will not allow you to add a GRE interface as a span port:...
-
03:52 AM Feature #7029: GRE interfaces not available as SPAN port
- Jim Pingle wrote:
> As far as I can tell, FreeBSD doesn't support it. If you want ERSPAN support for FreeBSD GRE int... -
10:45 AM Bug #6873: radvd - Too many addresses in RDNSS section when previously using DHCPv6
- Since 2.4.3_p1 came out, I have been having a tremendous amount of trouble with IPv6 and RADVD specifically - address...
-
- Applied in changeset commit:aea2a0c333407c0d8b74a51a9dec0829dc78db72.
-
03:24 AM Bug #8549 (Not a Bug): IPsec: Enable bypass for LAN interface IP has no effect when supernetting in IPSec P2
- My current setup allows access to the LAN Interface IP (192.168.1.1/24) through the IPsec VPN connection no matter ho...
06/05/2018
-
- Interface numbering is fixed, VTI reqids work as expected and line up between strongswan and ipsecX numbering and use...
-
- There is a problem with how the interfaces are numbered, since with more tunnels and phase 2 entries around the ID us...
-
-
-
-
06/04/2018
-
-
06:01 PM pfSense Packages Bug #5168: squid doesn't function during/after HA failover
- Chris Buechler wrote:
> should be possible, and a good idea, to list VIPs in the binding list.
>
> As a workaroun... -
04:02 PM Feature #8548 (Resolved): User creation is not logged correctly
- Two issues:
1. Creating a non-admin user via WebGUI does not show in log.
2. Creating a new user in admin group... -
- Changes pushed, next snapshots should be better for testing.
-
- Reopening as there are some issues with how the tunnel addresses are applied to the interface (local and remote shoul...
06/03/2018
-
03:35 PM Feature #8546: Ability to download pfSense updates via another gateway
- Understood, thank you very much.
-
- This is already covered by other things here, and likely is already solved on 2.4.4 by the new feature where you can ...
-
11:10 AM Feature #8544: Routed IPsec using FreeBSD if_ipsec(4) VTI
- Jim Pingle wrote:
> Once a new snapshot is up with the later two commits it should be OK for testing.
Just tested...
06/02/2018
-
-
09:00 AM Bug #8498: cloudflare Dynamic DNS is not working
- This was an issue in your configuration and no bug oft pfsense.
You had no entry makkawi.win in cloudflare. So pf... -
- Feature #7281 is a duplicate of that
I would love to see this feature too. Unfortunatley it is not easy to implem...
06/01/2018
-
-
06:38 AM pfSense Packages Feature #8547 (New): fwknop Port Knocking Package
- "fwknop":http://www.cipherdyne.org/fwknop is a quite well established "next generation" advance on simple port knocki...
05/31/2018
-
- I am mainly using pfSense in a CARP+HAproxy scenario (with a WAN and a LAN interface), and have to face a little conu...
- 09:22 PM Revision be7c1319: PHP7 fixed illegal string offset warning
-
07:36 PM Bug #8489: DHCPv6 Client Failure to Initialize with "Do not wait for RA"
- Jim Pingle wrote:
> I still can't replicate this here even by checking "Do not wait for RA", but I do not have a pro... -
-
03:09 PM Revision 78031530: Add the missing new line.
-
- (cherry picked from commit ac976b7e061f19d108a6f60a57ce6866dd0a9499)
-
-
-
-
- That should probably be tested on FreeBSD directly to see if the problem happens there as well. It sounds like a driv...
-
- I created LAGG interface with two network cards (QLogic NetXtreme II BCM57810 10GbE (B0) BXE v:1.78.90) and assigned ...
-
- Once a new snapshot is up with the later two commits it should be OK for testing.
-
- Applied in changeset commit:ac976b7e061f19d108a6f60a57ce6866dd0a9499.
-
- OK, I can replicate it in IE and confirm the fix. Pushing momentarily.
-
12:41 AM Bug #8543: IKE Phase 1 configuration not working
- I used chrome Version 57.0.2987.133 (64-bit) and MS-IE 11.431.162990 (32 and 64 bit) on Windows 10.
This depends o... -
- As far as I can tell, FreeBSD doesn't support it. If you want ERSPAN support for FreeBSD GRE interfaces, the issue ne...
-
- Any news on this one? In our virtualized world, it would be awesome to be able to forward copy of traffic over L3. Es...
05/30/2018
-
- To use, create a P1/P2 and set P2 to VTI using local/remote network as tunnel endpoint addresses, then assign the int...
-
- and... should be fixed by radvd-2.17_5. Check #8429 for the current bug.
-
- Should be fixed with radvd-2.17_5. Please check with the next 2.4.4 snapshot.
Sorry for the breakage. -
- Applied in changeset commit:bd4c337c061f989c4be1bbeaf207447cd8af4989.
-
- Add routed IPsec using @if_ipsec(4)@ VTI (Virtual Tunnel Interfaces) from FreeBSD 11.1 and later with strongSwan.
... -
-
-
- (cherry picked from commit 3db214ddb99bea076c964bd90538d5975287456b)
-
-
- I can't replicate this problem here. I see what you mean about that variable not being populated, but the page still ...
-
- Applied in changeset commit:5f04221b2b4e448e7502a2e9f88f0d1295a67f03.
-
- I still can't replicate this here even by checking "Do not wait for RA", but I do not have a provider that requires i...
05/29/2018
-
-
-
-
-
-
05/28/2018
-
- issue:
strongSwan uses only AES 128, because keylen is empty in the pfsense config file.
... -
09:07 PM Bug #8542 (Closed): Web GUI did not prompt for NIC reassignment when config restore on hardware with different NICs was performed
- Old system: SG-1000 pfsense 2.4.3
New system: amd64 mini-PC pfsense 2.4.3 freshly installed with two realtek NICs na... -
- Hey,
I recently switched to development snapshots and I have noticed that suricata and openvpn together give out s... -
- The only valid test would be on 2.4.4 or 2.3.5-p2 (where it wasn't intended to be yet, but ended up after the last re...
-
08:25 PM pfSense Packages Todo #8433: Upgrade NRPE-SSL Package to NRPE3
- How can I go about testing it on 2.4.3-p1 to help out? I currently just have the nrpe3 package installed from the Fre...
-
- I haven't had any feedback on how well (if at all) that it works. If it can get some testing, at least on 2.4.4, then...
-
- Jim,
Is it possible to get it back ported to 2.4.3-p1 or is there still some issues that need to be worked out?
... -
05:07 PM Bug #8540 (Resolved): Disable Rekey Checkbox Should be Disabled on New IPsec Tunnels
- When a new IPsec Phase 1 tunnel is created the Disable Rekey checkbox is checked by default.
I would argue that th...
05/27/2018
-
08:12 PM pfSense Packages Todo #8433: Upgrade NRPE-SSL Package to NRPE3
- Good timing. Ubuntu 18.04 ships with a new version of OpenSSL that stops @check_nrpe@ from contacting old versions be...
-
03:45 PM Bug #8539 (Resolved): ACLs not configurable in German Language UI
- Webinterface does not save ACL entries or changes to existing ones when WebUI is set to German language. Works fine w...
-
- Is this error: May 21 14:51:51 dhcp6c 49073 transmit failed: Input/output error generated by pfsense or freebsd? I no...
-
07:04 AM Bug #7600: Unable to save DNS Resolver settings
- I can agree that is in the 2.4.3-RELEASE-p1 (amd64) as well!!
My solution was to deactivate and deinstall "pfBlock...
05/26/2018
-
- Jim Pingle wrote:
> I can't reproduce this here on any hardware I have, real or virtual.
>
> It might be in that ... -
- I can't reproduce this here on any hardware I have, real or virtual.
It might be in that NIC driver, or some other...
Also available in: Atom