Activity

30 days up to

User

Subprojects

Activity

From 06/07/2018 to 07/06/2018

07/06/2018

06:08 PM Revision ad08a824: Add fields for DNS server hostnames for TLS verification. Implements #8602: Jim Pingle
05:53 PM Bug #8618 (Assigned): 2.4.4 *possible bug* with Intel C3858 and Interface Auto-Detection on 10Gb interfaces: Installed 2.4.4 CE build: pfSense-CE-memstick-2.4.4-DEVELOPMENT-amd64-20180705-0739.img
ifconfig outputs the follo... Clinton Cory
03:40 PM Bug #8469: DHCP Server configuration page errantly expands Dynamic DNS advanced parameters even when none are configured: Retested today on a fresh install (2.4.4.a.20180705.0032) and the issue appears to be resolved. Anonymous
03:04 PM Bug #7020: <Hostname> is omitted when sending logs on syslog: Idar Lund wrote:
> If this is considered as "not a bug", the web page https://doc.pfsense.org/index.php/Filter_Log_F... Darren Spruell
02:46 PM Bug #8571 (Resolved): loader.conf/.local cleanup is a bit too aggressive: Jim Pingle
02:45 PM Bug #8571: loader.conf/.local cleanup is a bit too aggressive: On 2.4.4.a.20180705.0032 (SG-2440) added autoboot_delay=10 to /boot/loader.conf.local (which didn't exist before that... Anonymous
02:25 PM Todo #8350: Remove clog in favor of standard syslogd or syslogd alternative with rotation via newsyslog or logrotate: +1 on this - clog is kind of neat for the use case it addresses, but is fairly inconvenient in terms of modern log an... Darren Spruell
02:11 PM Todo #1940: Integrate rSyslogd: Another vote! Darren Spruell
02:02 PM Bug #8457: Packages do not remove on factory default: Behavior described in last update appeared to be limited to acme ... created https://redmine.pfsense.org/issues/8623 ... Anonymous
01:59 PM Bug #8623 (Closed): acme package does not show correct installation output following a factory reset: Install the latest 2.4.4 snap (or upgrade to it from 2.4.3). Run `playback gitsync master` to get current. Reset the ... Anonymous
01:45 PM Revision 50e0d399: wizard.php: Ensure CA and Certs are arrays before using in foreach.: Jim Pingle
01:20 PM Feature #8602 (Feedback): DNS over TLS host verification: Applied in changeset commit:ad08a8242ca45907e0486712d218a5f8f34c7332. Jim Pingle
08:53 AM Feature #8602: DNS over TLS host verification: Unbound 1.7.3 is in current 2.4.4 snapshots, so this can be added now. Jim Pingle
01:12 PM Revision ab4fdf49: Cosmetic changes to warning maeesage: Steve Beaver
01:03 PM Revision 1ddc7206: Add position params to gettext password warning: Steve Beaver
12:44 PM Revision 40d26f65: Test the password, not the hash, or it won't detect if the user reset password from the console or otherwise changed it to the default manually. Issue #8596: Jim Pingle
12:20 PM Revision 58a0f5e1: Change warning wording to avoid using a "click here" link. Issue #8596: Jim Pingle
11:52 AM Revision 5b2e9e7b: Fixed #8596: Steve Beaver
11:41 AM Bug #8407 (Resolved): FRR BGP MD5 support is broken: Great!
I'll close this out for now. If it breaks again, let us know. Jim Pingle
11:36 AM Bug #8407: FRR BGP MD5 support is broken: I used my previous lab test from #7969 and looks like I was able to establish a BGP session w/ password OK to my aris... Andrew Dul
11:26 AM Feature #8292: IPsec mobile clients with different (virtual) IP addresses by (EAP) identity: Christian R. wrote:
> James Dekker wrote:
> > On 2.4.4.a.20180705.0032 the options appear. Tested specifying a diff... Anonymous
10:43 AM Feature #8292: IPsec mobile clients with different (virtual) IP addresses by (EAP) identity: James Dekker wrote:
> On 2.4.4.a.20180705.0032 the options appear. Tested specifying a different DNS server, saved a... Christian R.
07:22 AM Feature #8292 (New): IPsec mobile clients with different (virtual) IP addresses by (EAP) identity: Jim Pingle
09:24 AM Feature #8596: Warn user when default password has not been changed: On 2.4.4.a.20180705.0739 gitsync'd to master, the feature works as expected. Anonymous
07:09 AM Feature #8596 (Resolved): Warn user when default password has not been changed: Anonymous
07:00 AM Feature #8596: Warn user when default password has not been changed: Applied in changeset commit:5b2e9e7b034a3818ec754fa316516e9e0e6a1c86. Anonymous
09:02 AM pfSense Packages Bug #8620: arpwatch database page is not accessible: I am also experiencing this. My best guess is that Arpwatch is starting itself at boot, then pfSense is starting Arp... DL Ford
08:35 AM Bug #8582: Ship RFC 7919-provided DH groups: Looks good here so far. GUI still works in a variety of different browsers/platforms (Firefox and Chrome on Linux, Ma... Jim Pingle
07:59 AM Bug #8622 (Confirmed): system_usermanager.php: Group selections not retained when an input error occurs: Jim Pingle
04:04 AM Bug #8622 (Resolved): system_usermanager.php: Group selections not retained when an input error occurs: When doing such a simple thing as adding a ssh key, I completely deprived myself of access to webgui or ssh and was a... Andrew Rud
07:37 AM Bug #8617 (Resolved): Error on RADIUS Authentication: RADIUS auth works from diag_authentication.php with the current code from the repository. Jim Pingle
07:33 AM Bug #8515 (Resolved): ts wizard syntax error (as of 2.4.4.a.20180514.0905): Jim Pingle
07:32 AM Bug #8048 (New): DHCPv6 Configured for LAN without LAN interface: Jim Pingle
07:32 AM Bug #8597 (Resolved): When editing a firewall rule, the "Action" field is selected: Jim Pingle
07:30 AM Bug #4438 (Resolved): Unable to delete IP Alias outside an interface's subnet where a gateway exists in the same subnet: Tested and working Jim Pingle
07:28 AM Todo #8411: dnsmasq configuration needs changes for 2.79: I can't replicate any problem here. Domain overrides work on the latest snapshot, no changes made. Queries are forwar... Jim Pingle
07:23 AM Bug #8591 (Resolved): interfaces.php: Checking "Default Gateway" on the "Add a new Gateway" modal does not set it as default: Jim Pingle
07:22 AM Bug #8593 (Resolved): Extend maximum gateway monitoring ping interval: Jim Pingle
07:08 AM Bug #8606 (Resolved): system_advanced_admin.php: PHP error when saving without sshdkeyonly set: Jim Pingle
07:07 AM Bug #8621 (Resolved): PHP errors on VPN IPSec P1 add: Already fixed by https://github.com/pfsense/pfsense/pull/3960 which was merged yesterday. Jim Pingle
05:16 AM Bug #8621: PHP errors on VPN IPSec P1 add: When editing an existing tunnel on 2.4.4
Fatal error: Call to undefined method Form_Section::setHelp() in /usr/loc... Chris Macmahon
01:16 AM Bug #8621: PHP errors on VPN IPSec P1 add: On SG3100 (built on Thu Jul 05 01:19:47 EDT 2018) I see this when trying to create ipsec P1:
Fatal error: Call to ... Vladimir Lind
12:53 AM Bug #8621 (Resolved): PHP errors on VPN IPSec P1 add: Downloaded latest KVM pfSense-netgate-kvm-2.4.4-DEVELOPMENT-amd64-20180530-1447.qcow2.gz
Updated via GUI to latest... Paighton Bisconer
06:13 AM Bug #7013 (Resolved): Changing group scope to remote does not remove it from group file: Renato Botelho
06:11 AM Todo #7024: Replace copy of radius.inc by pear-Auth_RADIUS: James Webb wrote:
> I believe the change applied in commit: e26b805 may have caused errors; specifically those refer... Renato Botelho

07/05/2018

07:51 PM Feature #2358: NAT64 support: UPVOTE Talyrius Bekhesh
07:48 PM Feature #2358: NAT64 support: Bump + UpVote ! Peek Around
06:18 PM Feature #7746: Proxy NDP: Ran into the exact same issue (provider only issues a /64 and I give away a chunk of that to mobile VPN clients). If ... Firstname Surname
05:02 PM Bug #8606: system_advanced_admin.php: PHP error when saving without sshdkeyonly set: On 2.4.4.a.20180705.0032 checked "Display page name first in browser tab", checked "Enable Secure Shell", and left th... Anonymous
04:58 PM Feature #8292: IPsec mobile clients with different (virtual) IP addresses by (EAP) identity: On 2.4.4.a.20180705.0032 the options appear. Tested specifying a different DNS server, saved and applied changes, sto... Anonymous
04:49 PM Bug #8593: Extend maximum gateway monitoring ping interval: On 2.4.4.a.20180705.0032 you're able to set the probe interval to a max value of 36000000 as expected. Anonymous
04:42 PM Bug #8591: interfaces.php: Checking "Default Gateway" on the "Add a new Gateway" modal does not set it as default: On 2.4.4.a.20180705.0032 works as expected. Anonymous
04:18 PM Revision ac27f5a1: Fixed #8597 The edit page will no longer initialize with focus on any element: Stephen Jones
04:00 PM Bug #8618: 2.4.4 *possible bug* with Intel C3858 and Interface Auto-Detection on 10Gb interfaces: I have a SuperMicro box with the same specs on-hand. Will attempt to replicate and debug. Clinton Cory
03:57 PM pfSense Packages Bug #8620: arpwatch database page is not accessible: I'm having the same problems. Woke up this morning to find all devices that have a static IP set were off line and I ... Dave Bergman
11:05 AM pfSense Packages Bug #8620: arpwatch database page is not accessible: Sven L wrote:
> I experienced exactly the same. In my case after some time running arpwatch my whole pfsense box hun... Cino .
10:44 AM pfSense Packages Bug #8620: arpwatch database page is not accessible: Cino . wrote:
> The issue I have with arpwatch is different but I'm pretty sure they are related. After a day or two... Sven L
10:14 AM pfSense Packages Bug #8620: arpwatch database page is not accessible: The issue I have with arpwatch is different but I'm pretty sure they are related. After a day or two of arpwatch runn... Cino .
09:57 AM pfSense Packages Bug #8620 (Resolved): arpwatch database page is not accessible: On CE-2.4.3-p1 I am not able to open https://172.21.41.148/pkg_edit.php?xml=arpwatch.xml - getting 504
from upstre... Vladimir Lind
03:57 PM Bug #8515: ts wizard syntax error (as of 2.4.4.a.20180514.0905): On 2.4.4.a.20180705.0032 the wizard completes without error and the queues show up under Status > Queues Anonymous
03:52 PM Bug #8048: DHCPv6 Configured for LAN without LAN interface: On 2.4.4.a.20180705.0739 the bad behavior is still present. Anonymous
03:44 PM Bug #7013: Changing group scope to remote does not remove it from group file: On 2.4.4.a.20180705.0032 works as expected. After changing scope from Local to Remote, the group is removed from /etc... Anonymous
03:34 PM Bug #8457: Packages do not remove on factory default: On 2.4.4.a.20180705.0032 this behavior is still present:
"installed acme, performed Factory reset with WebGUI an... Anonymous
03:25 PM Revision 54d62381: Merge pull request #3960 from PiBa-NL/20180704-ipsec-fix-phase1-edit-page: Steve Beaver
03:24 PM Bug #8469: DHCP Server configuration page errantly expands Dynamic DNS advanced parameters even when none are configured: Forgot to include files for https://redmine.pfsense.org/issues/8469#note-8
Anonymous
03:22 PM Bug #8469: DHCP Server configuration page errantly expands Dynamic DNS advanced parameters even when none are configured: Simply clicking "Display advanced" at Services > DHCP Server, Dynamic DNS changes the DHCP section of config.xml as s... Anonymous
03:21 PM Bug #8469: DHCP Server configuration page errantly expands Dynamic DNS advanced parameters even when none are configured: On 2.4.4.a.20180705.0032 stock, hitting Save at Services > DHCP caused the service to stop. Trying to manually start ... Anonymous
03:00 PM Bug #8597: When editing a firewall rule, the "Action" field is selected: Tested (as a patch) on 2.4.4.a.20180705.0032, worked as expected, rule action is not selected by default. Anonymous
11:30 AM Bug #8597 (Feedback): When editing a firewall rule, the "Action" field is selected: Applied in changeset commit:ac27f5a1082d971566f21169e0d17401e335c1c6. Anonymous
02:49 PM Todo #8411: dnsmasq configuration needs changes for 2.79: On 2.4.4.a.20180705.0032 the host override resolves successfully, but the domain override does not. Anonymous
01:58 PM Revision e31870db: Merge pull request #3951 from whislock/dh-rfc: Steve Beaver
01:53 PM Revision fbb77ab7: Merge pull request #3958 from PiBa-NL/20180702-gateway-none: Steve Beaver
01:16 PM Bug #8582 (Feedback): Ship RFC 7919-provided DH groups: PR Merged Jim Pingle
01:14 PM Feature #8187 (Feedback): Gateways, allow for configuring a gatewaygroup as the default gateway. #3781: PR merged Jim Pingle
01:11 PM Bug #8614: Cannot remove Additional BOOTP/DHCP Options: If you add more than one, a delete button appears. It doesn't give you a delete button for the last entry, but you ca... Jim Pingle
01:10 PM Bug #8534 (Resolved): Invalid DHCP options can be added: The values can be 0, but this was about the option number, not the value.
The option number is now restricted to 1... Jim Pingle
12:19 PM Revision 71b4b23b: Add missing global $g declaration: Renato Botelho
12:02 PM Revision 7fe4d351: Create pkg_conf_setup() to setup pkg.conf: It will be necessary in near future for thoth setup Renato Botelho
11:51 AM Revision 6900f144: Remove autoconfigbackup2: Renato Botelho
11:44 AM Revision 5286277f: Suppress display of AutoConfigBackup in package list: Steve Beaver
11:44 AM Feature #8596: Warn user when default password has not been changed: PRD created. Anonymous
10:05 AM Feature #8596: Warn user when default password has not been changed: Please create a PRD for this feature. It is subject to much debate so we need to have everyone in agreement before p... Anonymous
09:36 AM Feature #8596 (Feedback): Warn user when default password has not been changed: If we display a notice before the user logs in, we will be telling that person what the login credentials are
If we ... Anonymous
11:38 AM Revision 49ec9d91: Fix #7024: Fix Radius include extension: Renato Botelho
11:19 AM Bug #8617 (Feedback): Error on RADIUS Authentication: This is not specific to FreeRADIUS, but recent RADIUS changes. Renato has committed a fix. Jim Pingle
11:14 AM pfSense Packages Bug #8514 (Duplicate): Captiveportal save or update: Duplicated by #8616 but it has better information, so closing this in favor of that ticket. Jim Pingle
03:03 AM pfSense Packages Bug #8514: Captiveportal save or update: I confirm this behaviour
Please see https://redmine.pfsense.org/issues/8616 A FL
10:03 AM Feature #6620 (Resolved): CoDel, FQ-CoDel, PIE and FQ-PIE AQMs: Anonymous
07:23 AM Feature #6620: CoDel, FQ-CoDel, PIE and FQ-PIE AQMs: This seems to work great since the merge. Alexandre Paradis
09:38 AM Bug #8387 (Closed): Cannot use large CRLs: Anonymous
09:36 AM Bug #8539 (Resolved): ACLs not configurable in German Language UI: Anonymous
09:05 AM pfSense Packages Bug #8619: Domains improperly checked when registering DHCP static mappings: PR: https://github.com/pfsense/FreeBSD-ports/pull/533 Martin Gignac
08:53 AM pfSense Packages Bug #8619 (Resolved): Domains improperly checked when registering DHCP static mappings: There is a bug in the Register DHCP Static Mappings feature of BIND zones. I've noticed that if I create DHCP static ... Martin Gignac
07:56 AM Bug #8518: Rule Error On Upgrade 2.4.3 -> 2.4.3-p1: The solution is in the commits on this issue, not that diff. It has been fixed on 2.4.4, but unless we make another 2... Jim Pingle
07:51 AM Bug #8518: Rule Error On Upgrade 2.4.3 -> 2.4.3-p1: Still hitting this bug with no working solution in 2.4.3_p1, but it's fixed in 2.4.4.a.20180705.0739 , at least on th... Adam Thompson
03:41 AM Bug #7532: SG-1000 autonegotiation 10baseT speed and duplex: Looked at "datasheet":http://ww1.microchip.com/downloads/en/DeviceDoc/00002117F.pdf
p.33 in the description of bit 1... Dmitry Vakhrushev
02:53 AM Bug #7532: SG-1000 autonegotiation 10baseT speed and duplex: Expected solution is not appropriate.
I thought that part of errata KSZ9031 (1G PHY chip which used in SG-1000) help... Dmitry Vakhrushev
03:08 AM Bug #8616: When reconfiguring a captiveportal, connected users get disconnected and can't login back: Issue mentionned here : https://forum.netgate.com/topic/137824/pfsense-no-internet-when-it-is-said-you-are-connected/... A FL

06/30/2018

11:06 PM pfSense Packages Bug #7661: pfBlockerNG doesn't make a rule for Antarctica: This should be fixed in the pfBlockerNG-devel version. BBcan177 .
11:06 PM pfSense Packages Bug #8318: PFBlockerNG removes alias file when using advanced inverted rule: This should be fixed in the pfBlockerNG-devel version. BBcan177 .
04:44 PM Bug #8611 (In Progress): unable to receive IPv6 RA's on SG-1000, default route lost: expected behavior:
* IPv6 default route is stable indefinitely
actual behavior:
* IPv6 default route is lost a f... Anthony Roberts

06/29/2018

04:11 PM pfSense Packages Feature #8610 (Resolved): FRR BGP "no bgp default ipv4-unicast" option.: Any chance at getting this option added in GUI?
Trying to keep IPv4 and IPv6 neighbors/routes separate but of cour... Brandon Jackson
02:04 PM Revision 58cbaf84: Fix style: Renato Botelho
01:53 PM Revision 5ee16aa6: Fixing GitHub reported issues: no
08:03 AM pfSense Packages Bug #8608 (Not a Bug): openVPN export package doesn't export compression settings: It doesn't put it there because it isn't necessary to. With OpenVPN 2.4 the compression setting can be pushed, it doe... Jim Pingle

06/28/2018

10:56 PM pfSense Packages Bug #8608 (Not a Bug): openVPN export package doesn't export compression settings: I did the test with openVPN server configured with those options activated
--> compression : lz4-v2
--> Push Compre... david stievenard
10:19 PM pfSense Packages Bug #8607: Suricata package fails to prune suricata.log: Relevant logs:
@Jun 28 14:28:20 pfsense php-fpm[1136]: /suricata/suricata_logs_browser.php: PHP ERROR: Type: 1, Fi... John Silva
10:16 PM pfSense Packages Bug #8607 (Resolved): Suricata package fails to prune suricata.log: The suricata package does not prune suricata.log. As a result, suricata.log grows without bound eventually resulting... John Silva
10:00 PM pfSense Packages Bug #6988: SNORT Package PHP memory error: There is no option to configure the log size for snort.log. Because of this it grows without bound resulting in this... John Silva
02:50 PM Revision 8038c4e8: Correct a PHP error when saving on system_advanced_admin.php. Fixes #8606: Jim Pingle
10:00 AM Bug #8606 (Feedback): system_advanced_admin.php: PHP error when saving without sshdkeyonly set: Applied in changeset commit:8038c4e807c88fda4e1bb5b37ac31c9dbb8395fe. Jim Pingle
09:50 AM Bug #8606 (Resolved): system_advanced_admin.php: PHP error when saving without sshdkeyonly set: If the SSH settings are set to "Password or Public Key", when saving any other setting on the page a PHP error occurs... Jim Pingle

06/27/2018

04:43 PM Revision f031765b: Fix OpenVPN Wizard LDAP handling of ATTR fields. Fixes #8605: While here, also add missing LDAP fields and fix a PHP 7.2 error. Jim Pingle
03:10 PM Bug #7094 (Duplicate): Unbound startup syntax is incorrect: Duplicated by #7667 and has been fixed for some time now. Jim Pingle
02:53 PM Revision 64fa4207: Fixed #7013: Added warning requiring reboot if group scope is changed Steve Beaver
02:45 PM Revision 6f8e648f: Do not generate a NAT reflection rule with an interface source if that interface has no IP address. Fixes #8604: Jim Pingle
01:52 PM Feature #8599: IPv6 flow labels: Looks like @ipfw@ can match, but not set the IPv6 @flow-id@. I don't see any reference to a similar function to match... Jim Pingle
01:24 PM Bug #8590: sshd does not allow agent forwarding: Another funny aspect is that this is a quote from official ssh manual, https://www.freebsd.org/cgi/man.cgi?sshd_confi... Sorin Sbarnea
12:49 PM Bug #8590: sshd does not allow agent forwarding: > It's always acceptable to voice security concerns, thanks for the input!
I think that the security concerns are ... Sorin Sbarnea
11:50 AM Bug #8605 (Feedback): OpenVPN wizard fails to populate LDAP fields: Applied in changeset commit:f031765bb020f7a67a022056cda341f18a88ff8a. Jim Pingle
10:02 AM Bug #8605 (Resolved): OpenVPN wizard fails to populate LDAP fields: If you run the OpenVPN wizard and choose LDAP in the first step it asks you to fill in the data required to create th... Steve Wheeler
10:52 AM pfSense Plus Bug #8600: "snmpd SIOCGIFDESCR (e6000sw0port1): Device not configured": The bug also affects 7100 Constantine Kormashev
10:00 AM Bug #7013: Changing group scope to remote does not remove it from group file: Applied in changeset commit:64fa4207182efea9b45f5170b8996b967441d4e1. Anonymous
09:55 AM Bug #7013 (Feedback): Changing group scope to remote does not remove it from group file: Changing group scope from local to remote now deletes the group from /etc/group
Added a warning message to indicate ... Anonymous
10:00 AM Bug #8604 (Feedback): Race condition in NAT reflection filter rules leads to ruleset load failure: Applied in changeset commit:6f8e648f5c88e04166539ab27872b13dfd587cb8. Jim Pingle
09:40 AM Bug #8604 (Resolved): Race condition in NAT reflection filter rules leads to ruleset load failure: On current 2.4.4 snapshots, at boot time the rules can be (re)loaded before all of the interface addresses are presen... Jim Pingle
09:41 AM Revision 6c83167c: Build drm-stable-kmod: Renato Botelho
09:08 AM Bug #8603: PPP WANs do not work on VLANs on current snapshots: Similar to #7981 Jim Pingle
09:06 AM Bug #8603 (Resolved): PPP WANs do not work on VLANs on current snapshots: At some time between April and now on 2.4.4 snapshots, PPP WANs like PPPoE stopped working when using a VLAN interfac... Jim Pingle

06/26/2018

06:11 PM Revision 02d5d8bd: Fix PHP 7 error on services_unbound_host_edit.php: Jim Pingle
02:41 PM Revision fafd64f2: Deprecate the copy of simplepie, use the port instead: Renato Botelho
11:42 AM Bug #7634 (Resolved): When restoring from USB during install, if the config file contains RRD data, the final config.xml on the system will also contain all the RRD infomation: Added a piece in the PFI to remove rrddata when restoring from a USB config during install. b76e6a64c0b948808a0260f4c... Anonymous
10:51 AM Todo #6998 (Feedback): Create a port for simplepie to keep it updated and use modular version: Renato Botelho
09:55 AM Feature #8552 (Resolved): enable http2: Jim Pingle
09:47 AM Bug #8601 (Duplicate): "snmpd SIOCGIFDESCR (e6000sw0port1): Device not configured": Duplicate ticket of #8600 Jim Pingle
01:59 AM Bug #8601 (Duplicate): "snmpd SIOCGIFDESCR (e6000sw0port1): Device not configured": When enabling SNMP on SG-3100 and XG-7100 following messages appear on every SNMP service change:
SG3100:
Jun 2... Vladimir Lind
09:29 AM Feature #8602: DNS over TLS host verification: devel should pick it up naturally here in a week or two when the 2018Q3 branch comes in. FreeBSD ports tree HEAD/mast... Jim Pingle
08:59 AM Feature #8602 (Resolved): DNS over TLS host verification: Currently at 1.6.8 in release, and "1.7.0 on devel":https://github.com/pfsense/FreeBSD-ports/blob/4089b606b21a5ae7df5... Andrew M
01:58 AM pfSense Plus Bug #8600 (Resolved): "snmpd SIOCGIFDESCR (e6000sw0port1): Device not configured": When enabling SNMP on SG-3100 and XG-7100 following messages appear on every SNMP service change:
SG3100:
Jun 2... Vladimir Lind

06/25/2018

02:46 PM Revision ecf4b407: Remove unneeded commas: Isaac McDonald
12:59 PM Revision 31a618f5: Remove 512 bit option from OpenVPN wizard.: Justin Coffman
11:38 AM Feature #8599 (New): IPv6 flow labels: Here's a short list of possible uses for IPv6 flow labels in pfSense:
* Ability to apply QOS based on IPv6 flow la... Isaac McDonald
09:53 AM Bug #8594: Assess default crypto settings for OpenVPN/IPsec: I can open up a separate issue and work on it, if you think it's worthwhile. Anonymous
09:47 AM Bug #8594: Assess default crypto settings for OpenVPN/IPsec: Justin Coffman wrote:
> Would it be valuable to include some validation logic in the interface to warn a user if the... Jim Pingle
09:10 AM Bug #8594: Assess default crypto settings for OpenVPN/IPsec: Would it be valuable to include some validation logic in the interface to warn a user if they select an algorithm wit... Anonymous
08:18 AM Bug #8594: Assess default crypto settings for OpenVPN/IPsec: Justin Coffman wrote:
> Additionally, I'd like to make two additional changes:
>
> 1. Add a 6144-bit option to th... Jim Pingle
07:41 AM Bug #8594: Assess default crypto settings for OpenVPN/IPsec: PR for proposed changes: https://github.com/pfsense/pfsense/pull/3954
Obviously, PR commits are subject to change ... Anonymous
07:40 AM Bug #8561 (New): default-route is not always set for a pppoe connection after bootup.: Jim Pingle

06/24/2018

08:28 PM Feature #8598 (Resolved): Add IPsec identifiers to Status > IPsec: Add the IPsec identifiers used in the IPsec configuration, on the Status > IPsec page. Anonymous
08:20 PM Bug #8597 (Resolved): When editing a firewall rule, the "Action" field is selected: When a user goes to edit a firewall rule, the page loads with the "Action" field selected (in Chrome and Firefox). If... Anonymous
08:13 PM Feature #8596 (Resolved): Warn user when default password has not been changed: The user should be warned on every login that the default password has not been changed, until it's been changed.
... Anonymous
12:28 PM Revision 561077c7: routing, fix setting the default-route when the configured default gateway is a dynamic pppoe gateway: PiBa-NL
08:23 AM Bug #8595: Maybe a new mpd5-x+1 MTU ISSUE WITH ORANGE FR: Eugene Grosbein - 29 minutes ago
I have just updated FreeBSD's net/mpd5 port up to revision 5.8_4 that contains t... xavier Lemaire
06:34 AM Bug #8595: Maybe a new mpd5-x+1 MTU ISSUE WITH ORANGE FR: It s work for me
https://sourceforge.net/p/mpd/bugs/62/#7142
Eugene Grosbein make a binary https://sourceforge... xavier Lemaire
01:31 AM Bug #8595: Maybe a new mpd5-x+1 MTU ISSUE WITH ORANGE FR: https://sourceforge.net/p/mpd/bugs/62/#b64c
A patch to try xavier Lemaire
07:32 AM Bug #8561: default-route is not always set for a pppoe connection after bootup.: Sorry, forgot the '!', new PR added: https://github.com/pfsense/pfsense/pull/3956 Pi Ba

06/23/2018

02:11 PM Revision 264f4423: routing, when adding a new gateway and setting it as the default actually allow that to happen by indicating the proper ipprotocol for the gateway to set it for as a default: PiBa-NL
11:40 AM Bug #8591: interfaces.php: Checking "Default Gateway" on the "Add a new Gateway" modal does not set it as default: fix submitted: https://github.com/pfsense/pfsense/pull/3955 Pi Ba
11:10 AM Revision 36cfae5f: Add 6144/remove 512 from cert size options: Justin Coffman
10:24 AM Bug #8595 (Resolved): Maybe a new mpd5-x+1 MTU ISSUE WITH ORANGE FR: hi guys
I opened a thread here : https://sourceforge.net/p/mpd/bugs/62/
I have the feeling that awesome guys are ... xavier Lemaire
06:11 AM Bug #8594: Assess default crypto settings for OpenVPN/IPsec: Additionally, I'd like to make two additional changes:
# Add a 6144-bit option to the CA and Cert Manager pages (t... Anonymous
06:09 AM Bug #8594: Assess default crypto settings for OpenVPN/IPsec: Additionally, I'd like to make two additional changes:
1. Add a 6144-bit option to the CA and Cert Manager pages (... Anonymous
03:30 AM Revision ec9343c0: Update crypto defaults for OpenVPN/IPsec: Updated default cipher to AES-128, default hash to SHA256, default DH group to 2048 bit (IPsec DH group 14). Justin Coffman
02:19 AM Revision 4b6bf6aa: Remove RFC 7919 from DH group titles: Nothing is preventing the user from overwriting them, which would mean they're no longer the RFC groups. Justin Coffman
02:17 AM Revision 43228ab3: Added new DH groups to valid groups list: Justin Coffman

06/22/2018

07:58 PM Revision aa93d3fa: Reduce max interval to 60 minutes: Per discussion on Redmine, bringing the maximum probe interval down to 60 minutes. Anything higher than this would pr... Justin Coffman
07:18 PM Revision bad35425: Properly escape the single quotes: Aaron Kalin
07:01 PM Revision e7d76457: Redmine #8592: Clarify DHCP hostname registration: Isaac McDonald
07:00 PM Revision 7ae00d0d: Extend maximum monitoring interval.: The existing monitoring interval was a maximum of 86400 ms, or approximately 86 seconds. This can cause excessive dat... Justin Coffman
05:43 PM Bug #8594 (Resolved): Assess default crypto settings for OpenVPN/IPsec: Per Jim's comment on https://github.com/pfsense/pfsense/pull/3951. If any changes are approved, I'll be happy to subm... Anonymous
03:13 PM Revision 3efa3530: Provide DH groups from RFC 7919.: Replaced 2048-bit and 4096-bit groups with RFC 7919 parameters. Added 3072, 6144, and 8192-bit groups from same. Relo... Justin Coffman
03:06 PM Revision 3937cbaa: Remove DH group name from output.: Accidentally left that line in from testing. Justin Coffman
03:05 PM Revision 45bebeb8: Create generate_ffdhe.py: This script converts the hexadecimal-format parameters from RFC 7919 to usable PEM format DH groups. Justin Coffman
02:59 PM Bug #8593: Extend maximum gateway monitoring ping interval: Change committed to the PR branch. Anonymous
02:57 PM Bug #8593: Extend maximum gateway monitoring ping interval: I'll be honest, I didn't really have a maximum value in mind. I saw the existing value and thought "oh, they must hav... Anonymous
02:41 PM Bug #8593: Extend maximum gateway monitoring ping interval: I'd prefer that, but it's open for debate if there is a valid use case I'm not thinking of. Jim Pingle
02:25 PM Bug #8593: Extend maximum gateway monitoring ping interval: I can modify it down to 3,600,000 ms (60 minutes) in the PR, if that works. Anonymous
02:15 PM Bug #8593: Extend maximum gateway monitoring ping interval: The 86400 limit is likely a holdover from when it used to be seconds, but letting it go up to a full day seems like i... Jim Pingle
02:07 PM Bug #8593: Extend maximum gateway monitoring ping interval: Submitted PR: https://github.com/pfsense/pfsense/pull/3953 Anonymous
02:05 PM Bug #8593 (Resolved): Extend maximum gateway monitoring ping interval: The existing maximum gateway monitoring ping interval is 86,400 ms, or about a minute and a half. Over strictly meter... Anonymous
02:07 PM Bug #8592: Can't "Register DHCP leases in the DNS Resolver" when only using DHCPv6: Issue addressed in PR https://github.com/pfsense/pfsense/pull/3952 Isaac McDonald
01:22 PM Bug #8592: Can't "Register DHCP leases in the DNS Resolver" when only using DHCPv6: Granted it could be more clear, but DHCP is always IPv4, it does not refer to both. For IPv6 support, things are labe... Jim Pingle
01:13 PM Bug #8592: Can't "Register DHCP leases in the DNS Resolver" when only using DHCPv6: If that's the case, the description for the option should be changed to reflect the fact that it only applies to IPv4... Isaac McDonald
12:24 PM Bug #8592 (Not a Bug): Can't "Register DHCP leases in the DNS Resolver" when only using DHCPv6: DHCPv6 does not support registering hostnames, so this is working as expected. Only IPv4 DHCP is capable of pulling h... Jim Pingle
12:22 PM Bug #8592 (Resolved): Can't "Register DHCP leases in the DNS Resolver" when only using DHCPv6: Attempts to enable "@Register DHCP leases in the DNS Resolver@" in the "DNS Resolver" module fail when only DHCPv6 is... Isaac McDonald
11:38 AM Bug #8591 (Resolved): interfaces.php: Checking "Default Gateway" on the "Add a new Gateway" modal does not set it as default: On interfaces.php, for a static IP Address WAN, the "Add a new Gateway" button/modal lets you add a gateway and it ha... Jim Pingle
10:59 AM Bug #8588 (Resolved): Latest installer image does not boot as an ISO: Latest snapshot is OK after Renato merged in changes from releng/11.2. Jim Pingle
10:26 AM Bug #8534 (Feedback): Invalid DHCP options can be added: PR has been merged Jim Pingle
10:26 AM Feature #8552 (Feedback): enable http2: PR has been merged Jim Pingle
10:26 AM Bug #8561 (Feedback): default-route is not always set for a pppoe connection after bootup.: PR has been merged Jim Pingle
10:25 AM Bug #8582: Ship RFC 7919-provided DH groups: GitHub PR filed referencing this issue: https://github.com/pfsense/pfsense/pull/3951 Anonymous
10:25 AM Bug #8587 (Feedback): System information dashboad show only first swap disk/file info: PR has been merged Jim Pingle
10:05 AM Feature #8292 (Feedback): IPsec mobile clients with different (virtual) IP addresses by (EAP) identity: PR was merged yesterday. Jim Pingle
09:15 AM Bug #8590 (Rejected): sshd does not allow agent forwarding: I concur with Justin. The security risks involved with agent forwarding make it undesirable for a firewall.
If som... Jim Pingle
09:08 AM Bug #8590: sshd does not allow agent forwarding: Sorin Sbarnea wrote:
> I am in favour of enabling it by default because I see no security risks with it and it would... Anonymous
04:12 AM Bug #8590 (Resolved): sshd does not allow agent forwarding: Apparently /etc/ssh/sshd_config file is missing "AllowAgentForwarding yes" option, which prevents agent forwarding.
... Sorin Sbarnea

06/21/2018

07:56 PM Revision be228fd8: PHP7 fixed illegal string offset: Stephen Jones
03:09 PM Revision fc00cb20: Merge pull request #3950 from marcelloc/patch-5: Steve Beaver
03:07 PM Revision 1b213a45: Merge pull request #3949 from Hobby-Student/master: Steve Beaver
03:06 PM Revision 8baac392: Merge pull request #3947 from PiBa-NL/20180609-fix-default-route-for-dynamic-gateway-pppoe: Steve Beaver
03:04 PM pfSense Packages Bug #8589 (New): FreeRadius 0.15.5_2 ignoring tunnelled-reply=no: I have disabled EAP tunneled reply, however the NAS is still receiving the response.
FreeRadius config:
peap {
... Matt Klouda
03:03 PM Revision 4439ab0b: Merge pull request #3945 from laurentquillerou/http2: Steve Beaver
03:01 PM Revision e0f84e05: Merge pull request #3943 from miken32/patch-2: Steve Beaver
02:31 PM Revision e08d2ae7: Flavorize pfBlockerNG-devel: Jim Pingle
01:00 PM Revision 525199ff: Fix typo: Renato Botelho
12:38 PM Bug #8588 (Resolved): Latest installer image does not boot as an ISO: The latest image, pfSense-CE-memstick-2.4.4-DEVELOPMENT-amd64-20180621-0604.img, should be a hybrid image but it does... Jim Pingle
02:27 AM Revision a9c6c95b: Build all flavors of pfBlockerNG: Jim Pingle
12:39 AM pfSense Packages Bug #8139: LADVD not working on LAGG interfaces: Same bug was logged on the FreeNAS tracker too:
https://redmine.ixsystems.com/issues/27497 Tom Cosmos

06/20/2018

09:51 PM Revision 4a1de53e: Merge https://github.com/pfsense/pfsense into http2: Laurent QUILLEROU
08:30 PM Revision a592da38: requested changes: christian christian
08:13 PM Revision 9f208301: fix the fix: Marcello Silva Coutinho
07:47 PM Revision 57fe270e: get total size on system dashboad: Marcello Silva Coutinho
07:40 PM Revision c7841232: check total swap size on dashboard: Refer to bug #8587 Marcello Silva Coutinho
03:02 PM Bug #8587: System information dashboad show only first swap disk/file info: Forgot to test on systems without more then on swap file.
-The code needs more checks-
Pushed a fix for the fix. Marcello Silva Coutinho
02:53 PM Bug #8587: System information dashboad show only first swap disk/file info: Marcello Silva Coutinho wrote:
> On systems that swap was undersized and a another swap file had to be added, dashbo... Marcello Silva Coutinho
02:31 PM Bug #8587 (Resolved): System information dashboad show only first swap disk/file info: On systems that swap was undersized and a another swap file had to be added, dashboard fails to show right usage % an... Marcello Silva Coutinho
01:56 PM Revision bbc752e1: fixed wrong if conditions: added support of dns server christian christian
12:20 PM Revision fdbea0c6: misspelled ldap bind username variable: * $ldapbndun -> $ldapbindun
(cherry picked from commit b310666c2662044ab761f8c9798a46a064d1c6d5) Carl Corliss
12:20 PM Revision e45459c1: misspelled ldap bind username variable: * $ldapbndun -> $ldapbindun
(cherry picked from commit b310666c2662044ab761f8c9798a46a064d1c6d5) Carl Corliss
12:19 PM Revision 3eb9de30: misspelled ldap bind username variable: * $ldapbndun -> $ldapbindun
(cherry picked from commit b310666c2662044ab761f8c9798a46a064d1c6d5) Carl Corliss
12:19 PM Revision fdabb034: Merge pull request #3948 from rabbitt/ldap-fix: Jim Pingle
11:35 AM Bug #8586 (Resolved): Gateway Group trigger level: Hi to all,
i think there is a problem using trigger level in gateway group other than "member down".
In function ... Mauro Parente
11:21 AM Revision 6037515f: Adjust confs for new release-staging server: Renato Botelho
11:20 AM Revision bc7e57de: Adjust confs for new release-staging server: Renato Botelho
11:17 AM Revision 7969ec71: Adjust confs for new release-staging server: Renato Botelho
11:17 AM Revision 64564c4f: Adjust confs for new release-staging server: Renato Botelho
09:21 AM Feature #8292: IPsec mobile clients with different (virtual) IP addresses by (EAP) identity: Original PR was merged. There is a follow-up PR to address issues at https://github.com/pfsense/pfsense/pull/3949 Jim Pingle
09:15 AM Bug #8585 (Resolved): Logical interface MTU matches configuration of its physical port channel, not its own configuration: If a port channel is configured with an MTU of 9000, but one of the VLAN interfaces on that port channel is configure... Tom Cosmos
09:07 AM Bug #8519 (New): pfSense update from the webGUI fails: On an SG-1000 I occasionally get "The update system is busy. Please try again later" message despite starting the upg... Jim Pingle
08:49 AM Bug #8563 (Resolved): User with only "WebCfg - Firewall: NAT: Port Forward" cannot view the list of port forwards: Jim Pingle
08:47 AM Feature #8548 (Resolved): User creation is not logged correctly: Jim Pingle
08:47 AM Bug #8543 (Resolved): IKE Phase 1 configuration not working: Jim Pingle
08:45 AM Bug #8540 (Resolved): Disable Rekey Checkbox Should be Disabled on New IPsec Tunnels: Jim Pingle
08:44 AM Feature #8525 (Resolved): add to status.php: Jim Pingle
08:43 AM Bug #8524 (Resolved): HTTP_REFERER issue if changing the LAN IP in setup wizard: Jim Pingle
08:42 AM pfSense Packages Feature #5052 (Resolved): Avahi Proxy Package: Add option to disable/control cache size.: Jim Pingle
08:40 AM pfSense Packages Bug #8354 (Resolved): ACME: period at end of key name breaks dns validation method: Jim Pingle
08:37 AM Bug #8551 (Resolved): Routed IPsec/VTI is unable to communicate from the ipsecX interface address to a routed target: Works fine now Jim Pingle
08:37 AM Bug #8242 (Resolved): Unable to edit firewall rules: Jim Pingle
08:36 AM Bug #8497 (Resolved): route errors ("route has not been found") on current 2.4.4 snapshots: These errors haven't shown up since this commit. Jim Pingle
07:44 AM Feature #8584 (Rejected): Suppress logging of specific firewall rule: If traffic matches a rule with logging set, it will log.
If traffic matches a rule without logging set, it won't log... Jim Pingle
07:38 AM Feature #8584 (Rejected): Suppress logging of specific firewall rule: I have a number of floating rules that block traffic on my network (such as multicast traffic). Due to the nature of ... T. Oink
07:23 AM Bug #8583 (Feedback): LDAP fails with bind credentials due to mispelled variable: PR is at https://github.com/pfsense/pfsense/pull/3948
I just merged it, will hit the tree momentarily. Jim Pingle
12:12 AM Bug #8583 (Resolved): LDAP fails with bind credentials due to mispelled variable: line #1017 of /etc/inc/auth.inc misspells $ldapbindun as $ldapbndun. PR on github coming shortly. Carl Corliss
05:07 AM Revision b310666c: misspelled ldap bind username variable: * $ldapbndun -> $ldapbindun Carl Corliss

06/19/2018

07:03 PM pfSense Packages Feature #8581: IPv6 hostnames: Jim Pingle wrote:
> That relies on the client making it work, and that also doesn't change the fact that the server ... Shawn Patti
10:06 AM pfSense Packages Feature #8581: IPv6 hostnames: That relies on the client making it work, and that also doesn't change the fact that the server doesn't record the ho... Jim Pingle
09:57 AM pfSense Packages Feature #8581: IPv6 hostnames: You can send fqdn to isc-dhcp v6. It is a matter of adding send fqdn.fqdn = gethostname() to the client dhclient.conf... Shawn Patti
07:24 AM pfSense Packages Feature #8581 (Duplicate): IPv6 hostnames: Duplicate of #2017
DHCPv6 clients don't send a hostname, thus the ISC DHCPv6 daemon doesn't record one in the leas... Jim Pingle
07:08 AM pfSense Packages Feature #8581 (Duplicate): IPv6 hostnames: Would be nice if AAAA records were created the same as A records as issued by dhcpv6 in the resolver. Is this somethi... Shawn Patti
03:59 PM Revision d1a59766: Correct PHP syntax error that leads to a PHP 7 error.: (cherry picked from commit 90b3235d6a47680655b8559618d2cd6841baf823) Jim Pingle
03:57 PM Revision 90b3235d: Correct PHP syntax error that leads to a PHP 7 error.: Jim Pingle
02:06 PM Revision 45c44edb: Correct the gateway check when deleting a VIP. Fixes #4438: Now it checks to see if there are other VIPs in the same subnet left,
and only prevents deleting the last VIP by whic... Jim Pingle
02:05 PM Revision 480c21f4: Correct the gateway check when deleting a VIP. Fixes #4438: Now it checks to see if there are other VIPs in the same subnet left,
and only prevents deleting the last VIP by whic... Jim Pingle
09:20 AM Bug #4438 (Feedback): Unable to delete IP Alias outside an interface's subnet where a gateway exists in the same subnet: Applied in changeset commit:480c21f44c42dd84f7ca0e0db62a7a731ed0278e. Jim Pingle
07:28 AM Bug #8579 (Duplicate): HAProxy produces intermittent 504 errors and sR–: Duplicate of #8580 Jim Pingle
05:02 AM Bug #8579: HAProxy produces intermittent 504 errors and sR–: Sorry, I created this in the wrong project. New bug here:
https://redmine.pfsense.org/issues/8580
Feel free to ... Joe Palmer
04:54 AM Bug #8579 (Duplicate): HAProxy produces intermittent 504 errors and sR–: This turns out to be a bug in v1.7.10:
https://discourse.haproxy.org/t/intermittent-504-errors-and-sr-after-upgrad... Joe Palmer
07:16 AM Bug #8582 (Resolved): Ship RFC 7919-provided DH groups: Currently, pfSense ships DH groups at sizes 1024, 2048, and 4096, with no statement as to how/where/when these groups... Anonymous
05:01 AM pfSense Packages Bug #8580 (Closed): HAProxy produces intermittent 504 errors and sR–: This turns out to be a bug in v1.7.10:
https://discourse.haproxy.org/t/intermittent-504-errors-and-sr-after-upgrad... Joe Palmer
03:40 AM Bug #7175: SIP MESSAGE UDP packets not passed despite rules & pcaps showing otherwise: i have a similar issue, if i do failover from one pfsense box to the other, sip traffic is not being passed in both d... Roland Kletzing

06/18/2018

09:38 PM Feature #8578 (Rejected): /var/unbound/test/unbound_server.pem: No such file or directory: There is not enough information here for a bug report, and this is not a support or discussion platform.
Please po... Jim Pingle
09:25 PM Feature #8578 (Rejected): /var/unbound/test/unbound_server.pem: No such file or directory: We cant save settings in DNS Resolver, we cant disable it either. We cant do browsing because of this. Can you help us? Neil Esperon
01:29 PM Bug #4438: Unable to delete IP Alias outside an interface's subnet where a gateway exists in the same subnet: Easy to reproduce:
1. Add IP Alias VIP in new subnet
2. Add gateway in new subnet
3. Add second IP Alias VIP in ... Jim Pingle
01:25 PM Bug #6455 (Duplicate): Can't delete Virtual IP "referenced by a least one gateway" if gateway outside interface subnet: Duplicate of #4438 Jim Pingle

06/16/2018

06:29 PM pfSense Packages Bug #8577 (Resolved): Snort - Log retention not working: The Snort package has an option under Services -> Snort -> Interfaces -> Log Mgmt to configure "Log Size and Retentio... Clinton Cory

06/15/2018

08:56 PM Revision f54ca2e1: routing, rc.newwanip should also set default-route while booting for ppp interfaces: otherwise we might end up without a default as the bootup script does not wait for ppp interface to obtain the ip, un... PiBa-NL
08:41 PM Revision 5ffeceb6: Fixed #8515 fixed error in queue defintion where it would repeat: It should now create a new definition for each queue. Queues should
now show up under status > queues. Stephen Jones
05:27 PM Revision 8991ac90: Added future ACB settings page: Steve Beaver
05:41 AM Bug #8573 (Resolved): email notifications: Updated to yesterday's snapshots and it started to work Chris Macmahon

06/14/2018

06:39 PM Revision 29e8d025: Validate NPt IPv6 address input and do not use invalid stored settings in rules. Fixes #8575: (cherry picked from commit feccd385d737ffd8c61ca977ee4d3dfa23c1aadc) Jim Pingle
06:39 PM Revision a1b69b57: Rework loader.conf(.local) filtering. Fixes #8571: If this isn't aggressive enough, we could remove the "local" changes and only
keep the new matching method.
(cherry ... Jim Pingle
06:39 PM Revision 0d35a025: Be specific with port fwd priv checks. Fixes #8563: This way, users with only privs to view but not edit port forwards can still see the entries, but not act upon them.
... Jim Pingle
06:39 PM Revision 92e27a71: Correct PHP syntax error. Fixes #8557: (cherry picked from commit 173356547e0005bfe21ba4b2345919dcb89a2fbf) Jim Pingle
06:38 PM Revision 90224db0: Allow hostname/ip to be deleted if the captive portal is not enabled: (cherry picked from commit cc52daa63deb98f6fbcd5edbc24fc65b62eabbec) Stephen Jones
06:38 PM Revision fb4cf3e9: Fixed #8539: (cherry picked from commit 880363af764ab31f2bdf6ee7a7921aeaed577e76) Steve Beaver
06:38 PM Revision 513662e8: Fix up user/group management save message descriptions, add logging for same. Fixes #8548: (cherry picked from commit 3fa6d46229757e2316120a7160a806bb7d28a8ed) Jim Pingle
06:38 PM Revision be5408eb: Add switch config to status output. Implements #8525: (cherry picked from commit 03ce110725129b5f35c62f4985f631a1e3b5d046) Jim Pingle
06:38 PM Revision 9dd89897: Fix bug for rules 'permit ip any any' from LDAP/AD: (cherry picked from commit 1a6857d0eb39e72f12c6f02763863f218ad07293) Aurélien BONANNI
06:04 PM Revision feccd385: Validate NPt IPv6 address input and do not use invalid stored settings in rules. Fixes #8575: Jim Pingle
01:28 PM Bug #8575 (Resolved): IPv6 NPt field order bug?: Jim Pingle
01:10 PM Bug #8575 (Feedback): IPv6 NPt field order bug?: Applied in changeset commit:feccd385d737ffd8c61ca977ee4d3dfa23c1aadc. Jim Pingle
01:06 PM Bug #8575: IPv6 NPt field order bug?: Looks like invalid input caused it, needs some validation. Commit is on its way. Jim Pingle
12:11 PM Bug #8575 (Resolved): IPv6 NPt field order bug?: Hoping this isn't a duplicate of 6985, but appears to be related.
Running 2.4.3_1, appears adding a new NPt crea... Donn Lasher
12:43 PM Bug #8576 (Closed): pfSense stops passing traffic after some time when using Outbound NAT pool w/ Sticky Address: With an outbound NAT mapping configured using pool option "Round Robin with Sticky Address" or "Random with Sticky Ad... Anonymous
12:39 PM Revision 74b3e6ec: 1. I rewound src/etc/inc/config.inc back to you guys' base. It was some funny EOL stuff that happened.: 2. Unwrapped gettext()
3. Agreed. Sanitized.
4. Unwrapped gettext()
5. Took out input_errors item
6. Took out input_... Matt Underscore
04:40 AM pfSense Packages Feature #8574 (Resolved): Enable AgentX-support in lldpd using GUI: The lldpd-package provided by the package manager seems to be compiled with AgentX-support, but there is nowhere to a... Nicklas Björk

06/13/2018

09:50 PM Bug #8492: Enable setting PKCS#12 export password in Certificate Manager: Running 2.4.3-RELEASE-p1 (amd64). The ability to export a keypair as a PKCS12 package (.p12) without a password is ju... Hyrum Smith
09:10 PM Bug #8573: email notifications: Mail notifications work OK here but I'm not using gmail. Perhaps they shut off port 465? Uncheck the ssl box in setti... Jim Pingle
08:56 PM Bug #8573 (Resolved): email notifications: Have not gotten an email notification of boot-up, reboot or gateway event since Jun 9, getting error:
Error: Faile... Chris Macmahon
08:40 PM Bug #8562 (Resolved): IPSEC widget: Jim Pingle
08:28 PM Bug #8562: IPSEC widget: Tested good on latest image: Thanks! Chris Macmahon
07:25 PM Revision 26300aa8: Add more informative documentation: Aaron Kalin
07:06 PM Bug #8572 (Not a Bug): Secure shell: "Authentication Method" option ignored when RSA key configured: The box is working as designed. That enables/disables password authentication. Keys always work. Whether or not the k... Jim Pingle
06:30 PM Bug #8572 (Not a Bug): Secure shell: "Authentication Method" option ignored when RSA key configured: When one (or more) RSA key(s) is(are) configured for the admin user, the "Authentication Method" option for Secure sh... Karl Rigan
02:58 PM Revision 7f943a22: Rework loader.conf(.local) filtering. Fixes #8571: If this isn't aggressive enough, we could remove the "local" changes and only
keep the new matching method. Jim Pingle
11:15 AM pfSense Packages Bug #8568: FreeRadius- Tunnel-Private-Group-ID or VLAN-ID field no longer taking string value. It only take an integer.: Thank you Jim. I verified in my lab and it's working great now! Really appreciate the quick turnaround.
Thanks,
... Vu Pham
10:58 AM pfSense Packages Bug #8568 (Resolved): FreeRadius- Tunnel-Private-Group-ID or VLAN-ID field no longer taking string value. It only take an integer.: I removed the VLAN ID input validation that was preventing your custom value from being saved. It was, as you pointed... Jim Pingle
10:33 AM Bug #7905: OpenVPN Authentication Against Backend Stalls All Server Traffic: I've added another pull request which includes the new plugin port as a dependency to the main pfSense port.
https... Phil DeMonaco
10:10 AM Bug #8571 (Feedback): loader.conf/.local cleanup is a bit too aggressive: Applied in changeset commit:7f943a2269dea1efd9bf42320d14ae7e0ca4a4f7. Jim Pingle
09:58 AM Bug #8571 (Resolved): loader.conf/.local cleanup is a bit too aggressive: We have code that cleans up and eliminates duplicate settings in loader.conf and loader.conf.local to avoid foot-shoo... Jim Pingle
03:10 AM Bug #8570 (New): Empty (dn)shaper config gets populated with newline: Whenever I change something in fw rules the shaper and dnspaher config changes from 'empty' to 'newline':... Zsolt Zsiros

06/12/2018

03:29 PM Bug #8569 (Not a Bug): Certificates generated using deprecated extensions: We've been over this before when it comes up, see #6877 for example.
It doesn't hurt to have it there, the GUI che... Jim Pingle
03:18 PM Bug #8569 (Not a Bug): Certificates generated using deprecated extensions: Any certificate generated in the certificate management interface is generated with a Netscape Cert Type extension in... Justin Coffman
01:53 PM pfSense Packages Bug #8568 (Resolved): FreeRadius- Tunnel-Private-Group-ID or VLAN-ID field no longer taking string value. It only take an integer.: on Pfsense 2.3-RELEASE, it took a string value such as U:10 or U:Data-vlan, and T:20 or T:Voice-vlan for untagged and... Vu Pham
01:26 PM Bug #8567 (New): Using IPv6 VIP alias for services may affect CARP IPv6 VIP work: During investigation of customer request found IPv6 VIP alias for services may affect CARP IPv6 VIP work. CARP IPv6 V... Constantine Kormashev
01:26 PM Bug #8566 (New): Wrong IPv6 source in NS request in case using of IPv6 alias: During investigation of customer request found system uses wrong IPv6 sources for NS requests therefore they never be... Constantine Kormashev
11:16 AM Bug #8427 (Duplicate): Missing Key lenght Selection dropdown list: Duplicate of #8543 (fixed on 2.4.4) Jim Pingle
08:25 AM Bug #7604: Bug #6594 is not resolved: Waiting for Internet connection to update pkg metadata and finish package reinstallation: A different workaround for those who are just trying to factory the unit:
Escape to shell, (Single user, CTRL+C)
... Gareth Hay
07:12 AM Bug #8565 (Rejected): NAT with IPSec: That version is over 6 years out of date. Problem reports against old, unsupported versions are not acceptable. Upgra... Jim Pingle
07:10 AM Bug #8565 (Rejected): NAT with IPSec: I have a configuration described in the Word attached document.
The version of the PFSENSE product is
2.0.1-RELEASE... Fabien DE BIASI
07:07 AM pfSense Packages Bug #8449: FRR 4.0 zebra daemon crashes: xavier Lemaire wrote:
> May be next release will be clean with us ?
> https://github.com/FRRouting/frr/releases/tag... Jim Pingle
03:57 AM pfSense Packages Bug #8449: FRR 4.0 zebra daemon crashes: May be next release will be clean with us ?
https://github.com/FRRouting/frr/releases/tag/frr-5.0
xavier Lemaire

06/11/2018

05:33 PM Revision 8cd59b03: Fix PHP error in dhcpd_gather_stats.php: Some variables were pre-populated with a string, then math was attempted based on a string value that couldn't be con... Jim Pingle
03:12 PM Revision 0dfce56b: Fix IPsec status widget conn matching to align with recent changes. Fixes #8562: Jim Pingle
01:58 PM Revision 2e6167e7: Be specific with port fwd priv checks. Fixes #8563: This way, users with only privs to view but not edit port forwards can still see the entries, but not act upon them. Jim Pingle
01:55 PM Feature #8564 (Duplicate): IP Hostname for GRE Tunnel: Hello! I made this post on the pfSense forums: https://forum.netgate.com/topic/131806/ip-dns-suggestion
It'd be gr... Soarin Boarin
10:20 AM Bug #8562 (Feedback): IPSEC widget: Applied in changeset commit:0dfce56bcec17e4898ab0b2b5b15db0d208bc93e. Jim Pingle
09:50 AM Bug #8563 (Feedback): User with only "WebCfg - Firewall: NAT: Port Forward" cannot view the list of port forwards: Applied in changeset commit:2e6167e71e7f6d83f52094a22a9a5be6ea39859b. Jim Pingle
08:38 AM Bug #8563 (Resolved): User with only "WebCfg - Firewall: NAT: Port Forward" cannot view the list of port forwards: A user with the "WebCfg - Firewall: NAT: Port Forward" privilege can open firewall_nat.php but none of the port forwa... Jim Pingle
03:35 AM Bug #8559: Dynamic Gateway (from e.g. OVPN) only able to disable after edit: That makes it clear, why the delete button only appears after editing. Thanks. But what about the disable button? Sho... Jens Groh

06/10/2018

12:59 PM Revision 092abdb6: routeing, gateways show proper IPv4 IPv6 default, also for dynamic gateways: PiBa-NL
08:54 AM Bug #8562: IPSEC widget: Possibly caused by https://github.com/pfsense/pfsense/commit/235c051f1f48ef30d7962324c488b3fec34d3d10
Assigned to ... Anonymous
07:59 AM Bug #8562: IPSEC widget: . Anonymous
07:23 AM Bug #8562 (Resolved): IPSEC widget: The IPSEC widget is not displaying active tunnels correctly on latest snapshots.
Chris Macmahon
06:14 AM Bug #6223: IPsec + OpenBGPD fails with "PF_KEY socket: No buffer space available": Bump.
Issue still persist.
Installed OpenBGPd for get pfsense connected to AWS via BGP , and also having IPsec IKE ... Roman H

06/09/2018

08:54 PM Revision 96b15e44: routing, fix setting the default-route when the configured default gateway is a dynamic pppoe gateway. it doesnt have a gateway-status when it hasn't connected yet.: PiBa-NL
03:58 PM Bug #8561 (Resolved): default-route is not always set for a pppoe connection after bootup.: It seems the dynamic pppoe gateway does not have a status yet when it hasn’t connected before… And the code assumes i... Pi Ba
03:30 PM Bug #8515: ts wizard syntax error (as of 2.4.4.a.20180514.0905): Retested Traffic Shaping Wizards on 2.4.4.a.20180609.0944 and got the following alerts in the GUI
Filter Reload
... Anonymous
03:24 PM Bug #8457: Packages do not remove on factory default: On SG-2440 2.4.4.a.20180609.0944, installed acme, performed hardware reset, the package appeared to be removed (shown... Anonymous
02:38 PM Revision d84eec80: Do not build hybrid images to serial/ADI: Renato Botelho
02:35 PM Revision b66b246e: Revert "Do not build hybrid images to serial/ADI": This reverts commit 8d22f4b19126cff52e6283a8c8de8849ad614992. Renato Botelho

06/08/2018

08:08 PM Revision 8d22f4b1: Do not build hybrid images to serial/ADI: Renato Botelho
07:57 PM Revision 0aa52fb2: Fixup ipsec interface static route processing. Issue #8544: Jim Pingle
07:22 PM Revision 41160d19: Fixed #8515 Queues should now be added either through manually creating them or through the wizard: Stephen Jones
03:18 PM Revision d4b43c48: Make IPsec IKEv2 conn IDs consistent with IKEv1 or IKEv2 split. Also fix vti test for reqid.: Jim Pingle
03:18 PM Bug #8557 (Resolved): Unbound ACL Page: Parse error: syntax error, unexpected '{' in /usr/local/www/services_unbound_acls.php on line 126: Jim Pingle
03:15 PM Bug #8557: Unbound ACL Page: Parse error: syntax error, unexpected '{' in /usr/local/www/services_unbound_acls.php on line 126: fixed now rub man
07:30 AM Bug #8557 (Feedback): Unbound ACL Page: Parse error: syntax error, unexpected '{' in /usr/local/www/services_unbound_acls.php on line 126: Applied in changeset commit:173356547e0005bfe21ba4b2345919dcb89a2fbf. Jim Pingle
03:49 AM Bug #8557: Unbound ACL Page: Parse error: syntax error, unexpected '{' in /usr/local/www/services_unbound_acls.php on line 126: php error log from crash report rub man
03:33 AM Bug #8557 (Resolved): Unbound ACL Page: Parse error: syntax error, unexpected '{' in /usr/local/www/services_unbound_acls.php on line 126: Unbound acl page is broken in latest snapshot, see screenshot for error:... rub man
01:28 PM pfSense Packages Bug #8560: ACME: can't update DNS records in DNSMadeEasy registar for several domains with different API keys/ids: I was able to fix it with the following workaround:
1. create a cert for the 1st cert in pfsense acme-certificates i... Alex Kolesnik
01:15 PM pfSense Packages Bug #8560 (New): ACME: can't update DNS records in DNSMadeEasy registar for several domains with different API keys/ids: The API key/id of the 3rd domain is used for updating records of the 1st domain. Please, see attached screenshots. Alex Kolesnik
12:17 PM Revision 17335654: Correct PHP syntax error. Fixes #8557: Jim Pingle
10:27 AM Feature #8544: Routed IPsec using FreeBSD if_ipsec(4) VTI: Another fix in commit:d4b43c48ed1636d3fcd6e47d73ba721bd63d883a
Jim Pingle
07:13 AM Bug #8553: Creating a user as a member of a group fails to add that group to the user: It's happening on a standalone system, not XMLRPC. Presumably it would also happen on a master if the same situation ... Jim Pingle
04:12 AM Bug #8553: Creating a user as a member of a group fails to add that group to the user: @jimp: pardon me for jumping in, but is that happening only on the slave via XMLRPC or is that happening on the maste... Jens Groh
07:13 AM Bug #8559 (Not a Bug): Dynamic Gateway (from e.g. OVPN) only able to disable after edit: That's how dynamic gateways work. You also can't delete DHCP gateways or PPPoE gateways. "Deleting" them reverts them... Jim Pingle
04:43 AM Bug #8559 (Not a Bug): Dynamic Gateway (from e.g. OVPN) only able to disable after edit: Steps to reproduce:
1) create openvpn server
2) assign OPT interface to ovpns1
3) edit ovpns1 and make it active... Jens Groh
04:04 AM Feature #8558 (New): Add more table sorting in various UI pages: Some UI Pages like Certificate Manager etc. aren't sortable by columns. It would be great to have that ability in
... Jens Groh

06/07/2018

07:20 PM Revision cc52daa6: Allow hostname/ip to be deleted if the captive portal is not enabled: Stephen Jones
07:01 PM Revision a273f7bd: Do not put "route-to" on rules for traffic outbound from the firewall itself on ipsecX interfaces. Fixes #8551: Jim Pingle
02:10 PM Bug #8551 (Feedback): Routed IPsec/VTI is unable to communicate from the ipsecX interface address to a routed target: Applied in changeset commit:a273f7bdff455a50156ab004358ba3909fa1fee7. Jim Pingle
12:34 PM Bug #8551: Routed IPsec/VTI is unable to communicate from the ipsecX interface address to a routed target: This appears to be related to the automatic rules to pass traffic out from the firewall itself, for example:... Jim Pingle
02:06 PM Revision 880363af: Fixed #8539: Steve Beaver
11:49 AM Feature #8552: enable http2: PR: https://github.com/pfsense/pfsense/pull/3945 Laurent QUILLEROU
11:08 AM pfSense Packages Bug #7223: IPv4 Rules not working in Inline Mode: Hi all, is this still an issue with the spring 2018 updates to Suricata? There was a forum discussion about it that ... Steve Y
10:10 AM Bug #8507 (Assigned): FreeBSD 11.2-BETA dhclient always uses server MTU value: The supersede change was committed and now has been MFC'd as well:
https://svnweb.freebsd.org/base?view=revision&r... Jim Pingle
09:26 AM Bug #8502 (Confirmed): main (top) menu items do not drop down in some cases: Some packages, including arping, mtr, nmap, and iperf, all behave this way. They use XML pages but when the user clic... Jim Pingle
09:11 AM Bug #8502 (Feedback): main (top) menu items do not drop down in some cases: Almost any PHP error anywhere in the system will break the menu system. This issue should be resolved when the last o... Anonymous
09:20 AM Bug #8539: ACLs not configurable in German Language UI: Applied in changeset commit:880363af764ab31f2bdf6ee7a7921aeaed577e76. Anonymous
09:06 AM Bug #8539 (Feedback): ACLs not configurable in German Language UI: Anonymous
09:09 AM Bug #8504 (Closed): Default gateway missing after upgrade: Has been working as expected for two weeks with no further failures observed. Anonymous
09:07 AM Bug #8555: Selectively killing states on WAN failure: The reason we have not taken these approaches is primarily because they do not scale. Some people have state tables w... Jim Pingle
08:52 AM pfSense Packages Bug #8449: FRR 4.0 zebra daemon crashes: Looks like others have noticed the problem as well:
https://lists.freebsd.org/pipermail/freebsd-ports/2018-June/11... Jim Pingle
08:47 AM Bug #8556 (Closed): Notification always sent twice via email - DynDNS updated IP Address on WAN (pppoe0) to: I can't reproduce this here, I only get one e-mail per message even from Dynamic DNS updates. It may be specific to s... Jim Pingle
02:45 AM Bug #8556 (Closed): Notification always sent twice via email - DynDNS updated IP Address on WAN (pppoe0) to: When I get a new IP from my provider I always get *two* emails with same content about this event. E.g.... Willy Tenner
07:25 AM Bug #8096: Special characters not propagated by the config sync engine: Version 2.4-latest
I'll second this. The description field does not seem to be properly escaped when syncing to th... Jens Groh

Also available in: Atom

Project

General

Profile

pfSense

Activity

Activity

07/06/2018

07/05/2018

07/04/2018

07/03/2018

07/02/2018

06/30/2018

06/29/2018

06/28/2018

06/27/2018

06/26/2018

06/25/2018

06/24/2018

06/23/2018

06/22/2018

06/21/2018

06/20/2018

06/19/2018

06/18/2018

06/16/2018

06/15/2018

06/14/2018

06/13/2018

06/12/2018

06/11/2018

06/10/2018

06/09/2018

06/08/2018

06/07/2018