Project

General

Profile

Activity

From 06/25/2018 to 07/24/2018

07/24/2018

11:16 PM Bug #8674: Switching IPsec phase one to vti from Tunnel IPv4 and back yields unexpected behavior
On 2.4.4.a.20180724.1715, unable to switch from VTI to another P2 mode with an assigned interface; unable to disable ... Anonymous
04:11 PM Bug #8674 (Feedback): Switching IPsec phase one to vti from Tunnel IPv4 and back yields unexpected behavior
Jim Pingle
04:10 PM Bug #8674: Switching IPsec phase one to vti from Tunnel IPv4 and back yields unexpected behavior
I just pushed some extra input validation which does the following:
* Prevents from switching VTI to another P2 mo... Jim Pingle
09:04 PM Revision 7c4e29cb: VTI input validation. Fixes #8674
Add input validation to prevent switching away from VTI or deleting a
VTI P1/P2 which belongs to an assigned interfac... Jim Pingle
07:59 PM Bug #6929: Choosing ZFS during install results in a system that cannot mount root
Having both won't hurt anything, but you only need @zfs_load="YES"@ in loader.conf Jim Pingle
07:53 PM Bug #6929: Choosing ZFS during install results in a system that cannot mount root
Got it - thanks for clarifying, Jim.
I added those two lines to the bottom of my /boot/loader.conf:
opensolaris... Victor Hooi
05:53 PM pfSense Packages Bug #8670: HAProxy PHP error
If haproxy-devel package is working properly, then i should probably copy its components/fixes/features over to hapro... Pi Ba
04:08 PM Bug #8686: IPsec VTI: Assigned interface firewall rules are never parsed
Issue #8685 will work around this for now, but we can use this issue to track the longer-term problem of how these ru... Jim Pingle
03:40 PM Bug #8686 (New): IPsec VTI: Assigned interface firewall rules are never parsed
Traffic entering an assigned VTI interface never hits firewall rules on that specific interface tab even if they are ... Steve Wheeler
03:51 PM Revision d1a990d6: Default cipher selections conform to proposal.
Justin Coffman
03:47 PM Feature #8687 (Resolved): Interfaces assigned for OpenVPN/GIF/GRE/Routed IPsec should not present IPv4 and IPv6 settings
When a user assigns an OpenVPN/GIF/GRE/Routed IPsec interface, there should be no options for configuring IPv4 and IPv6. Anonymous
03:24 PM Feature #8685 (Resolved): Implement some controls to hide certain information for VTI Assigned Interfaces
Would be nice if an assigned VTI interface did not show up in Firewall > Rules since rules there are never processed. Chris Linstruth
02:58 PM pfSense Packages Bug #8684 (Resolved): PHP7 can't install pfBlockerNG
Fix pushed here c2e322f41654abd8685c66323c90576ecebf1265
Will test more once the new update hits the package server. Anonymous
02:55 PM pfSense Packages Bug #8684 (Resolved): PHP7 can't install pfBlockerNG
This error is shown after attempting to install pfBlockerNG.... Anonymous
02:19 PM Bug #8524: HTTP_REFERER issue if changing the LAN IP in setup wizard
Gotcha, I wasn't sure since the appliance uses a special image. Posted: https://forum.netgate.com/topic/133117/xg-710... T F
02:05 PM Bug #8524: HTTP_REFERER issue if changing the LAN IP in setup wizard
That wouldn't be a problem specific to Netgate hardware. Post that on the forum and someone can take a deeper look an... Jim Pingle
02:00 PM Bug #8524: HTTP_REFERER issue if changing the LAN IP in setup wizard
OK, should I log it under hardware (since this is on a netgate appliance vs. a CE image running on my own hardware)?
... T F
07:28 AM Bug #8524: HTTP_REFERER issue if changing the LAN IP in setup wizard
This issue is only for the wizard, and the fix applies only to the wizard. I'm not aware of another way to trigger th... Jim Pingle
01:50 PM pfSense Packages Bug #8676 (Resolved): PHP7: LCDproc package
Steve Wheeler
01:49 PM pfSense Packages Bug #8676: PHP7: LCDproc package
Looks good on todays snap. Package version 0.10.6_1.
No errors found. Steve Wheeler

07/23/2018

10:02 PM Bug #8524: HTTP_REFERER issue if changing the LAN IP in setup wizard
Just to confirm, will this commit also fix the same issue when changing the LAN IP in the web configurator (not just ... T F
09:50 PM Bug #8683 (Resolved): Unable to add GIF interface (Hurricane Electric IPv6)
From crash report:
[23-Jul-2018 22:38:59 America/New_York] PHP Warning: exec(): NULL byte detected. Possible atta... P L
08:39 PM Revision 2c3ac0b3: Remove unneeded VTIs in IPsec sync. Issue #8674
Still needs input validation to prevent changes that would remove an
assigned interface. Jim Pingle
05:07 PM Bug #8477: Gateway latency, units used inconsistently.
I made a rough PR for dpinger.c that also replicates this "usec to ms" format change. Minimal testing, but it works o... → luckman212
10:30 AM Bug #8477: Gateway latency, units used inconsistently.
Awesome, Thanks for your help. I made the change you have above to the code here. 21daa13ee2642a5f4821382a46be2dfc71b... Anonymous
10:24 AM Bug #8477: Gateway latency, units used inconsistently.
Good point about expr only doing integer math. For floats we could use bc... → luckman212
10:21 AM Bug #8477: Gateway latency, units used inconsistently.
Good catch. I'll change that. Do we care about decimal precision? anything under 1 ms will round to 0. I don't know i... Anonymous
10:15 AM Bug #8477: Gateway latency, units used inconsistently.
Stephen, That change looks problematic.
I made a comment on the commit but adding one here for completeness.
Exam... → luckman212
10:04 AM Bug #8477: Gateway latency, units used inconsistently.
Change made here 37be6b260f8b90393d994c40e2db34925acaa451. I'll have to look into the best way to get that into dping... Anonymous
08:50 AM Bug #8477: Gateway latency, units used inconsistently.
I'll work on making it milliseconds for everything to be consistent. I added the code you suggested Luke for the gate... Anonymous
04:26 PM Bug #8674: Switching IPsec phase one to vti from Tunnel IPv4 and back yields unexpected behavior
With the patch provided, applied, the behavior appears to be corrected. That is, when you switch back to Tunnel IPv4 ... Anonymous
04:10 PM Bug #8674: Switching IPsec phase one to vti from Tunnel IPv4 and back yields unexpected behavior
Partially done with commit:2c3ac0b381a5d1ed6e81105158fa7cceb682dc95 - Still needs some input validation to prevent a ... Jim Pingle
01:29 PM Bug #8674 (Assigned): Switching IPsec phase one to vti from Tunnel IPv4 and back yields unexpected behavior
Jim Pingle
04:19 PM Bug #8681 (Resolved): PHP7 - Error on login when using RADIUS authentication
Jim Pingle
01:39 PM Bug #8681: PHP7 - Error on login when using RADIUS authentication
Patch is working. This can be set to resolved A FL
08:50 AM Bug #8681 (Feedback): PHP7 - Error on login when using RADIUS authentication
Applied in changeset commit:ec445b1acba5bc7e1447bd4975b8dc211393a567. Jim Pingle
08:44 AM Bug #8681: PHP7 - Error on login when using RADIUS authentication
Note that https://github.com/pfsense/pfsense/pull/3640 technically fix this issue, because radius_authentication.inc ... A FL
08:39 AM Bug #8681 (Resolved): PHP7 - Error on login when using RADIUS authentication
Moving to PHP 7 broke RADIUS_AUTHENTICATION() : ... A FL
03:55 PM pfSense Packages Bug #8676 (Feedback): PHP7: LCDproc package
Anonymous
02:39 PM pfSense Packages Bug #8676: PHP7: LCDproc package
Should be more better now.
f32de6e5495fc3e6515f0bc832dabab7b9d8a568 Version: 0.10.6_1 Anonymous
02:28 PM pfSense Packages Bug #8676 (Assigned): PHP7: LCDproc package
Couple more warnings in package version 0.10.6... Steve Wheeler
12:22 PM pfSense Packages Bug #8676 (Feedback): PHP7: LCDproc package
Should be good now.
cefd582895c48ea2b96b1b185bfbd45a15d93ff3 Anonymous
03:28 PM Revision 21daa13e: Fixed to be accurate when converting from us to ms
Stephen Jones
02:41 PM Revision 37be6b26: Change us to ms for gateway alarm.
Fixes #8477 looking to be more consitent changed to use ms for gateway alarm.
Thanks to Luke Hamburg for helping with... Stephen Jones
02:19 PM pfSense Packages Bug #8670: HAProxy PHP error
This particular error has been fixed. It may, however, reveal more :( Anonymous
01:55 PM pfSense Packages Bug #8670: HAProxy PHP error
I have also run in to this on 2.4.4.a.20180723.1255 and HAProxy 0.57_5. Upgrading to HAProxy-devel (0.59_1) as sugges... King J
01:42 PM Revision ec445b1a: Correct string missing quotes. Fixes #8681
Jim Pingle
01:03 PM pfSense Packages Bug #8647: PHP7: Snort package
Seeing that on todays snap. Also seeing:... Steve Wheeler
01:03 PM Revision 5e3918ba: Fix PHP error when adding a gateway from interfaces.php. Fixes #8680
Jim Pingle
12:22 PM Bug #8660 (Feedback): php undef constant breaks suricata
Anonymous
12:21 PM Bug #8660: php undef constant breaks suricata
Should be fixed in next update for Suricata 4.0.11_1
025a42c5814aff1dde43cee4d72de87514ca6435 Anonymous
12:01 PM Revision 8701bad8: Fixed #8679
Steve Beaver
11:59 AM Revision d4cebe1f: Fixed #8678
Steve Beaver
10:53 AM pfSense Packages Todo #8682 (Feedback): ACME Account Key registration gives no indication of success or failure, assumes success
Implemented in FreeBSD-ports commit:daa4f30cdf8f Jim Pingle
10:49 AM pfSense Packages Todo #8682 (Resolved): ACME Account Key registration gives no indication of success or failure, assumes success
When registering an account key in the ACME package, the button always changes to a checkmark when the AJAX call fini... Jim Pingle
10:48 AM pfSense Packages Feature #8490 (Feedback): pfSense-pkg-acme: acme_certificates_edit.php - Add ability to specify (vs generate) private key
PR was merged back in May Jim Pingle
08:48 AM Bug #6929: Choosing ZFS during install results in a system that cannot mount root
Jim Pingle wrote:
> If you upgraded to a snapshot that clobbered your @/boot/loader.conf@ contents then you would ne... Satadru Pramanik
07:22 AM Bug #6929: Choosing ZFS during install results in a system that cannot mount root
If you upgraded to a snapshot that clobbered your @/boot/loader.conf@ contents then you would need to re-add the @zfs... Jim Pingle
12:01 AM Bug #6929: Choosing ZFS during install results in a system that cannot mount root
Victor Hooi wrote:
> I hit this issue as well.
>
> The workaround was to trigger the loader mode on bootup, then ... Jim Thompson
08:10 AM Bug #8680 (Feedback): PHP7: Adding a static gateway on an interface when none are already defined causes errors.
Applied in changeset commit:5e3918baca5b4fa378cf4775e7bd9506f4ccbb82. Jim Pingle
07:50 AM Bug #8680 (Resolved): PHP7: Adding a static gateway on an interface when none are already defined causes errors.
... Steve Wheeler
07:34 AM Bug #8663: gw group - php error on opening
No errors seen opening the page or creating a group in todays snap. Steve Wheeler
07:29 AM Bug #2710 (Resolved): Captive Portal radius accounting negative session time
Since the old releases were insecure and there wasn't much reason to keep them available, we locked those down to pre... Jim Pingle
07:19 AM Bug #8661 (Resolved): Cannot view or edit firewall rules in 2.4.4.a.20180717.1700
Jim Pingle
12:07 AM Bug #8661: Cannot view or edit firewall rules in 2.4.4.a.20180717.1700
Do not observe the issue on latest for creating, editing and deleting FW and NAT rules Constantine Kormashev
07:18 AM Bug #8640 (Resolved): PHP Error
Jim Pingle
12:09 AM Bug #8640: PHP Error
Do not observe the issue on latest for creating, editing and deleting NAT rules for any type of NAT Constantine Kormashev
07:18 AM Bug #8429 (Resolved): radvd/IPv6 broken in 2.4.3 when using a LAN bridge
Jim Pingle
04:00 AM Bug #8429: radvd/IPv6 broken in 2.4.3 when using a LAN bridge
Tried again with 4 ifaces, do not observe the issue Constantine Kormashev
12:12 AM Bug #8429: radvd/IPv6 broken in 2.4.3 when using a LAN bridge
setup bridge from LAN, OPT1 and OPT2
setup stateless RA on LAN
connected to vswitch which is used by LAN
obtained ... Constantine Kormashev
07:16 AM Bug #8653 (Resolved): Spurious HA XMLRPC Sync Error after move to PHP7
Jim Pingle
06:31 AM Bug #8653: Spurious HA XMLRPC Sync Error after move to PHP7
do not observe the issue on latest, different settings FW, NAT, VIP synced without errors Constantine Kormashev
07:02 AM Bug #8678 (Resolved): unexpected error string on web page services_dhcpv6.php
Anonymous
04:50 AM Bug #8678 (Resolved): unexpected error string on web page services_dhcpv6.php
In case any actions are performed on services_dhcpv6.php error string appears at the page's frame:... Constantine Kormashev
07:02 AM Bug #8679 (Resolved): error in services_router_advertisements.php after clicking on Save button
Anonymous
04:53 AM Bug #8679 (Resolved): error in services_router_advertisements.php after clicking on Save button
The error occurs in services_router_advertisements.php after clicking on Save button... Constantine Kormashev
04:19 AM Bug #8656: PHP Error - Firewall Scheduler
Do not observe the issue on latest with creating, editing and deleting schedules and FW rules that use these schedules. Constantine Kormashev
12:09 AM pfSense Packages Feature #8517: OpenConnect client
should be a package.
pull requests accepted for review. Jim Thompson

07/22/2018

10:33 PM Bug #6929: Choosing ZFS during install results in a system that cannot mount root
I hit this issue as well.
The workaround was to trigger the loader mode on bootup, then enter the commands:
loa... Victor Hooi
03:16 PM pfSense Packages Bug #8676 (Resolved): PHP7: LCDproc package
Warnings shown after upgrading from 2.3.4p1:... Steve Wheeler
02:52 PM Bug #8477: Gateway latency, units used inconsistently.
Personally I can live with seeing '0.196ms' there. Let's see what Stephen suggests when he gets gets the feedback.
... Steve Wheeler
02:28 PM Bug #8477: Gateway latency, units used inconsistently.
Steve:
For the first case (rc.gateway_alarm), how about the change I suggested over on the github commit?
https://g... → luckman212
01:55 PM Bug #8477: Gateway latency, units used inconsistently.
System log now shows:... Steve Wheeler
02:04 PM Revision 3ea92441: Fix ID issues when edit/delete DNS Forwarding rule
jburel-clever-age
10:58 AM Todo #6998 (Resolved): Create a port for simplepie to keep it updated and use modular version
Jim Pingle
03:19 AM Todo #6998: Create a port for simplepie to keep it updated and use modular version
It works, tried with netgate and reuters RSS Constantine Kormashev

07/21/2018

10:33 PM Feature #1831: Captive portal IPv6 support
Bump. Its 2018, how is this still a thing. Brandon Jackson
01:18 PM Bug #8675 (Resolved): 2.4.x nightly: Warning: A non-numeric value encountered in /etc/inc/unbound.inc on line 85
This has been corrected in the current snaps Anonymous
01:00 PM Bug #8675 (Resolved): 2.4.x nightly: Warning: A non-numeric value encountered in /etc/inc/unbound.inc on line 85
I was adding a new static mapping in the DHCP server and saw this warning at the top of the page when saving.
Curr... Greg Hulands
09:58 AM pfSense Packages Bug #8670: HAProxy PHP error
Yup, using Haproxy-Dev works. This is for PHP migration. Chris Macmahon
06:02 AM Bug #2710: Captive Portal radius accounting negative session time
@Jim P : would it be possible to have access to any old 2.0.1 ISO for testing?
I didn’t arrived to find one on inter... A FL

07/20/2018

10:09 PM Bug #8674 (Resolved): Switching IPsec phase one to vti from Tunnel IPv4 and back yields unexpected behavior
On 2.4.4.a.20180720.1418, create a site-to-site IPsec tunnel, with Tunnel IPv4 selected as the mode for the phase two... Anonymous
09:09 PM Revision 742cc9ae: routing, when a new pppoe connection is made the gatewaymonitor should be started before decisions about default route can be properly made. also for 'automatic' provide a fallback to the first enabled gateway thats configured, just in case..
PiBa-NL
08:56 PM Revision 7ed7a9f0: ELiminate 8 char restriction on "legacy" password
Fix spelling error Steve Beaver
07:17 PM Bug #6477: Sample bounds can jump around for custom timer periods on Status > Monitoring
On 2.4.4.a.20180720.1418, cannot reproduce. At one hour time period, with one minute resolution, the graph looks fine. Anonymous
07:13 PM Feature #8187: Gateways, allow for configuring a gatewaygroup as the default gateway. #3781
On 2.4.4.a.20180720.1418, once a gateway group is created, the user is able to select it as the default gateway at Sy... Anonymous
06:08 PM Bug #8648 (Resolved): php dynamic dns status widget error
Jim Pingle
06:07 PM Bug #8648: php dynamic dns status widget error
On 2.4.4.a.20180720.1418, the DynDNS widget can be added to the Dashboard, with no Dynamic DNS clients configured, wi... Anonymous
06:08 PM Revision b1e7a0b0: Fix PHP7 error due to lack of int casting for gateway weight when making rules.
Jim Pingle
06:07 PM Revision b2c97ede: Fix PHP7 array issue in array_merge_recursive_unique()
Jim Pingle
06:04 PM Bug #8673: Bridge interface php error
The following shows up in a crash report:... Anonymous
06:00 PM Bug #8673 (Resolved): Bridge interface php error
On 2.4.4.a.20180720.1418, go to Interfaces > Assignments, then to Bridges. Click Add and select interfaces to make a ... Anonymous
05:57 PM Bug #8658 (Resolved): Bridge Route Gateway section shows empty undere OpenVPN settings
Jim Pingle
05:51 PM Bug #8658: Bridge Route Gateway section shows empty undere OpenVPN settings
On 2.4.4.a.20180720.1408, with OpenVPN Remote Access in TAP mode the Bridge options show up and are usable. With peer... Anonymous
05:21 PM pfSense Packages Bug #8670: HAProxy PHP error
I suspect your using 'haproxy' package? Can you verify that haproxy-devel is working properly? Pi Ba
09:11 AM pfSense Packages Bug #8670 (Resolved): HAProxy PHP error
On update to snapshot 2.4.4.a.20180718.2256:
HA Proxy errors with PHP:
PHP ERROR: Type: 1, File: /usr/local/pkg/h... Chris Macmahon
05:11 PM Bug #8381 (Resolved): Cert manager requires fields that aren't necessary
Jim Pingle
03:14 PM Bug #8381: Cert manager requires fields that aren't necessary
On 2.4.4.a.20180720.1408, the only required field is common name to create a certificate. It is now possible to creat... Anonymous
05:08 PM Bug #8664 (Resolved): DynamicDNS client does not use custom check IP service
Jim Pingle
04:02 PM Bug #8664: DynamicDNS client does not use custom check IP service
On 2.4.4.a.20180720.1408, works as expected. If a custom check IP service is added, pfSense will use it. Anonymous
04:30 PM Feature #8598: Add IPsec identifiers to Status > IPsec
On 2.4.4.a.20180720.1408, IPsec IDs like con1000: #1 (phase one) and conn1000: #2 (phase two) show correctly on the S... Anonymous
01:20 PM pfSense Packages Bug #8449 (Resolved): FRR 4.0 zebra daemon crashes
This looks good with FRR 5.0.1. zebra is still running, no crashes, I'm getting routes from BGP and OSPF Jim Pingle
12:01 PM pfSense Packages Bug #8449: FRR 4.0 zebra daemon crashes
for the part bgp that interests me, in lab IPV4 ok. I let it run and I will test the bugs I have in the previous vers... xavier Lemaire
04:09 AM pfSense Packages Bug #8449: FRR 4.0 zebra daemon crashes
lets go to my sandbox ... xavier Lemaire
01:11 PM Bug #8653 (Feedback): Spurious HA XMLRPC Sync Error after move to PHP7
I can't reproduce this on current snapshots after fixing some PHP errors. It's possible this was from the secondary e... Jim Pingle
12:19 PM pfSense Packages Bug #8476 (Feedback): OpenVPN Client Export TLS Key Direction Directive Location
Done in v1.4.16, will be in snapshots shortly. Jim Pingle
11:38 AM pfSense Packages Bug #8476: OpenVPN Client Export TLS Key Direction Directive Location
See also https://github.com/pfsense/FreeBSD-ports/pull/529 but I plan on committing a slightly different fix. Jim Pingle
12:19 PM pfSense Packages Todo #8671 (Feedback): Add "V83" to Yealink T38G (2) download label
Done in v1.4.16, will be in snapshots shortly. Jim Pingle
11:35 AM pfSense Packages Todo #8671 (Resolved): Add "V83" to Yealink T38G (2) download label
Yealink firmware V83 changed to use paths similar to the existing "T38G (2)" export option.
https://forum.netgate... Jim Pingle
12:18 PM pfSense Packages Todo #8672 (Feedback): Update OpenVPN client export with OpenVPN 2.4.6 rev 2 and 2.3.18 rev 2
Committed to master for snapshots.
security/openvpn-client-export updated to 2.4.6
security/pfSense-pkg-openvpn-c... Jim Pingle
11:37 AM pfSense Packages Todo #8672 (Resolved): Update OpenVPN client export with OpenVPN 2.4.6 rev 2 and 2.3.18 rev 2
Client export package needs updated with the latest OpenVPN installers. Jim Pingle
08:50 AM pfSense Packages Bug #8668: im getting root: pkg help Child process pid=91546 terminated abnormally: Segmentation fault
im also getting ERROR: It was not possible to identify which pfSense kernel is installed
Netgate SG-4860 - Serial: 1... Steven Runghen
08:44 AM pfSense Packages Bug #8668 (Rejected): im getting root: pkg help Child process pid=91546 terminated abnormally: Segmentation fault
Hello,
This site is not for support and diagnostic discussion. Please post on the forum ( https://forum.netgate.co... Jim Pingle
08:23 AM pfSense Packages Bug #8668 (Rejected): im getting root: pkg help Child process pid=91546 terminated abnormally: Segmentation fault
im getting [2.4.2-RELEASE][admin@gladiator.kalexius.com]/root: pkg help Child process pid=91546 terminated abnormally... Steven Runghen
08:08 AM Bug #8667 (Resolved): VU#857035 - IKE Protocol Vulnerability
From CERT. There may not be much we can do here but wait for an update to strongSwan if it's even viable (see conclus... Jim Pingle
07:45 AM Bug #7138: Pfsense wide dhcpv6 client doesn't recognise ifid statement
This is not supported on FreeBSD yet. Lets track the progress of FreeBSD's open ticket and when it's available there ... Renato Botelho
07:14 AM Bug #8665 (Not a Bug): ipv6: ULA adresses on different VLAN inaccesible after pfsense restart
To further check some issues I'm having with ipv6 ULA addresses, I created a test setup.
(see here: https://forum.ne... Tanya Severeyns
03:20 AM Bug #2710: Captive Portal radius accounting negative session time
Hi,
I think the root cause of this issue was captiveportal that was sending the wrong stop-time to RADIUS_ACCOUNTI... A FL
12:20 AM pfSense Packages Bug #6235: Snort sometimes crashes during rule update process (specifically related to VRT .so rule update?)
I also have the same problem.. nearly every night on the rule update process the snort service
dies or isn't coming ... Frank Seidel

07/19/2018

09:31 PM Revision 040a1579: Changed ms to us Fixes #8477
Stephen Jones
08:02 PM Bug #8477: Gateway latency, units used inconsistently.
Since I think "ms" is much more widely used and easier to comprehend, how about using ... → luckman212
04:40 PM Bug #8477 (Feedback): Gateway latency, units used inconsistently.
Applied in changeset commit:040a1579e474290abfc7a4a445e310ce8e462847. Anonymous
04:28 PM Bug #8477 (Assigned): Gateway latency, units used inconsistently.
Anonymous
07:06 PM Revision be060079: Teach DynDNS to use custom IP check services. Fixes #8664
Jim Pingle
03:34 PM Bug #7599 (Closed): System->Update unavailable in WebGUI after connection failure during update
I can't reproduce this on recent versions. I have download failures regularly for a variety of reasons and all I need... Jim Pingle
02:50 PM pfSense Packages Bug #8449 (Feedback): FRR 4.0 zebra daemon crashes
Package has been moved to use FRR 5.0.1 for testing, allegedly the crashes are fixed. Needs testing. Jim Pingle
02:47 PM Bug #8604 (Resolved): Race condition in NAT reflection filter rules leads to ruleset load failure
Only system we had exhibiting this condition is fixed after the commit above. Closing. Jim Pingle
02:43 PM Bug #6477 (Feedback): Sample bounds can jump around for custom timer periods on Status > Monitoring
Jim Pingle
02:36 PM Bug #8664: DynamicDNS client does not use custom check IP service
Tested here with the patch and the custom check ip service appears to work as expected. Anonymous
02:20 PM Bug #8664 (Feedback): DynamicDNS client does not use custom check IP service
Applied in changeset commit:be06007945169dba5c61407347141bcff52a38f6. Jim Pingle
02:03 PM Bug #8664 (Resolved): DynamicDNS client does not use custom check IP service
From a pfSense install behind NAT, at Services > Dynamic DNS, add a dynamic DNS client, then on the Check IP services... Anonymous
02:07 PM Revision 9025112e: Fix PHP7 error in miniupnpd.inc
Jim Pingle
12:40 PM Revision 7511a857: Config/Configuration in breadcrumbs
Steve Beaver
09:38 AM Bug #2957 (Resolved): stop/start accounting Captive Portal
Jim Pingle
09:31 AM Bug #8643 (Resolved): IPsec not working on latest 2.4.4 snap
Anonymous
09:30 AM Bug #8630 (Resolved): Web-GUI PHP error in brige after removing all interfaces were in bridge
Anonymous
09:29 AM Bug #8656 (Resolved): PHP Error - Firewall Scheduler
Anonymous

07/18/2018

08:59 PM Revision 857533db: Fixes #8661 PHP7 illegal string offset
Stephen Jones
08:10 PM Revision a2a60a07: Fixes #8659 PHP7 Illegal string offset and count
Stephen Jones
04:49 PM Bug #2957: stop/start accounting Captive Portal
This Bug has been resolved in https://github.com/pfsense/pfsense/commit/ab225849ced6756452b0244abb9d42db4830b68f
An... A FL
04:18 PM Bug #8656: PHP Error - Firewall Scheduler
Stephen Jones wrote:
> Applied in changeset commit:4114a6aec4a5e8d1428df33a3f966b786c328d73.
Have updated and can... B C
04:10 PM Bug #8661 (Feedback): Cannot view or edit firewall rules in 2.4.4.a.20180717.1700
Applied in changeset commit:857533dbe0896de58441f23ec84f94c0d3d8e112. Anonymous
12:49 AM Bug #8661 (Resolved): Cannot view or edit firewall rules in 2.4.4.a.20180717.1700
When trying to view the firewall rules, the following error occurs.
Warning: Illegal string offset 'seq' in /etc/i... Greg Hulands
03:25 PM Revision 7c957a56: PHP7 fixed illegal argument supplied foreach()
Stephen Jones
03:20 PM Bug #8659 (Feedback): DHCPv6 Server removing a static mapping throws error.
Applied in changeset commit:a2a60a0738a1c05f319e534f0fd5f49ad7540728. Anonymous
03:01 PM Revision ab548c02: PHP7 fixed illegal string offset
Stephen Jones
01:08 PM Revision 809438b4: Fixed #8663
Steve Beaver
12:30 PM Revision 560dd92c: fixed #981
Steve Beaver
12:01 PM Revision d48a12db: Revise ACB settings breadcrumbs
Steve Beaver
11:51 AM Bug #8639 (Resolved): Unable to boot zfs on root
Multiple tests and user feedback on the forum confirm this is now working properly, closing Jim Pingle
07:31 AM Bug #8639 (Feedback): Unable to boot zfs on root
Latest snapshot upgrades OK from a VM that previously failed. Everything should be OK now, but additional feedback fo... Jim Pingle
09:13 AM Feature #8084: Implementação do Login Social no Captive Portal
Since most Social Logins (at least Facebook/Twitter/Google+/Github/Reddit/etc...) are using Oauth for authenticating ... A FL
08:38 AM Bug #8603: PPP WANs do not work on VLANs on current snapshots
No, but it shows that a newer build works with an older kernel. So it's not a configuration or a package issue. Enzo Laroche
07:53 AM Bug #8603: PPP WANs do not work on VLANs on current snapshots
Yeah.... but that's not the way to fix bugs ;) Dirk Steingäßer
07:49 AM Bug #8603: PPP WANs do not work on VLANs on current snapshots
Reverting to an older kernel solved it for me Enzo Laroche
08:16 AM Feature #8202 (Resolved): Captive portal: add support for setting traffic quotas
Jim Pingle
08:11 AM Feature #8202: Captive portal: add support for setting traffic quotas
Duplicate of #1932
+
Pull request https://github.com/pfsense/pfsense/pull/3453 has been implemented
This issue c... A FL
08:10 AM Bug #8663 (Resolved): gw group - php error on opening
Anonymous
07:38 AM Bug #8663 (Resolved): gw group - php error on opening
2.4.4-CE Tue Jul 17 17:00:22 EDT 2018
When opening https://x.x.x.x/system_gateway_groups.php I get an error:
Wa... Vladimir Lind
07:19 AM pfSense Packages Todo #8662: FFR OSPF Cleartext Password Lengths
Oops clicked on the wrong target version <:o) Andy Kniveton
07:18 AM pfSense Packages Todo #8662 (Resolved): FFR OSPF Cleartext Password Lengths
OSPF password length can be input over 8 characters in length.
Could the field be checked for length at save time... Andy Kniveton
07:14 AM Feature #2143 (Resolved): Captive Portal - RADIUS - attribute: Acct-Terminate-Cause
Jim Pingle
07:03 AM Feature #2143: Captive Portal - RADIUS - attribute: Acct-Terminate-Cause
Pull request https://github.com/pfsense/pfsense/pull/236 has been merged in 2013.
The feature is working well.
T... A FL
07:14 AM Feature #1932 (Resolved): Captive Portal add RADIUS attributes for traffic quotas
Jim Pingle
07:12 AM Feature #1932: Captive Portal add RADIUS attributes for traffic quotas
Pull request https://github.com/pfsense/pfsense/pull/3453 has been implemented
This issue can be marked as resolved A FL

07/17/2018

11:05 PM Bug #8660 (Resolved): php undef constant breaks suricata
pfS latest (2.4.4.a.20180717.1700) breaks suricata (4.0.10_1)
thanks,
R.

Crash report begins. Anonymou... ROB VANHOOREN
10:41 PM Bug #8659 (Resolved): DHCPv6 Server removing a static mapping throws error.
Hi,
This is happening with the latest nightly - 2.4.4.a.20180717.1700
When you go to remove an existing static ma... Greg Hulands
09:39 PM Bug #8636: pfSense_kill_states function does not parse protocol parameter correctly
Pull request created: https://github.com/pfsense/FreeBSD-ports/pull/538 Steven Brown
08:31 PM Revision 40d6bb15: Fix OpenVPN Bridge Route Gateway field hide/unhide. Fixes #8658
Jim Pingle
08:21 PM Revision bb43bed7: Fixed #8657 PHP7 illegal string offset error
Stephen Jones
07:55 PM Revision b3df66da: Fix potential PHP error editing VLANs
Jim Pingle
07:49 PM Revision c09082ae: Fix PHP7 error in services_unbound_domainoverride_edit.php
Jim Pingle
06:22 PM Revision 26e3967a: Group CA/Cert CN w/required options. Fixes #8381
Also add a note stating the other fields are optional. Jim Pingle
06:12 PM Revision 56458872: RFC 5280 changes for OpenVPN wizard. Issue #8381
Jim Pingle
05:39 PM pfSense Packages Bug #8631: syslog-ng - logrotate incorrectly configured to rotate TLS key
I have found a workaround. syslog-ng supports both key-file and key_file syntax. Using the underscore does not matc... Aaron Morris
05:36 PM pfSense Packages Bug #8631: syslog-ng - logrotate incorrectly configured to rotate TLS key
I found the offending regex in /usr/local/pkg/syslog-ng.inc
The regex appears to be too broad and does not take in... Aaron Morris
05:19 PM Revision 80d50253: Conform CA/Cert fields to RFC 5280. Fixes #8381
Only required subject field is CN (for simplicity)
e-mail field deprecated from CA/Cert (can still be Cert SAN) Jim Pingle
03:53 PM Revision 1d1a5f1b: Clarify IPsec local/remote net usage for tunnel/vti/mobile. Fixes #8635
Jim Pingle
03:40 PM Bug #8658 (Feedback): Bridge Route Gateway section shows empty undere OpenVPN settings
Applied in changeset commit:40d6bb15977bb12eca7d7d04e12a75e753da36fa. Jim Pingle
03:29 PM Bug #8658 (Resolved): Bridge Route Gateway section shows empty undere OpenVPN settings
See screenshot. Also in latest snapshot. Ivor Kreso
03:30 PM Bug #8657 (Feedback): Unable to Configure Outbound NAT due to PHP Error
Applied in changeset commit:bb43bed707ac74bff5843976e22837b196aaea3d. Anonymous
02:58 PM Bug #8657 (Resolved): Unable to Configure Outbound NAT due to PHP Error
Here is the error I'm getting on the dev latest (2.4.4.a.20180717.0756):
Warning: Illegal string offset 'alias' in /... Terrence O'Connor
03:24 PM Todo #8411 (Resolved): dnsmasq configuration needs changes for 2.79
Confirmed working now. Jim Pingle
03:04 PM Revision 4114a6ae: Fixed #8656 PHP7 fixed illegal string offsets
Stephen Jones
01:30 PM Bug #8381 (Feedback): Cert manager requires fields that aren't necessary
Applied in changeset commit:26e3967ab7d6a53bb0cbeb62f926d5c75e046bac. Jim Pingle
12:51 PM Bug #8381 (Assigned): Cert manager requires fields that aren't necessary
Still needs accounted for in the OpenVPN wizard. Jim Pingle
12:30 PM Bug #8381 (Feedback): Cert manager requires fields that aren't necessary
Applied in changeset commit:80d50253e84a7dca3c03fcff6c0365aa3f04fd76. Jim Pingle
12:23 PM Revision e1ad890e: Revert "Add fields for DNS server hostnames for TLS verification. Implements #8602"
Per https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=658 the verification
requires OpenSSL 1.1.x, and FreeBSD 11.... Jim Pingle
11:00 AM Feature #8635 (Feedback): "Remote/local subnets" in routed IPsec renaming
Applied in changeset commit:1d1a5f1bcf3dbe494af50188638cbe3e07722d47. Jim Pingle
10:53 AM Revision c88734be: Merge pull request #3963 from PiBa-NL/20180710-php7-gw
Renato Botelho
10:46 AM Bug #6929: Choosing ZFS during install results in a system that cannot mount root
Renato Botelho wrote:
>
> I've pushed a fix to prevent update to overwrite loader.conf
Thanks.
As a point o... Satadru Pramanik
07:47 AM Bug #6929: Choosing ZFS during install results in a system that cannot mount root
Satadru Pramanik wrote:
> FYI this situation is re-occurring on current 2.4.4 dev snapshots. (The problem started in... Renato Botelho
07:29 AM Bug #6929: Choosing ZFS during install results in a system that cannot mount root
FYI this situation is re-occurring on current 2.4.4 dev snapshots. (The problem started in the last week.)
It can ... Satadru Pramanik
10:43 AM Revision 77554022: Merge pull request #3964 from marcelloc/patch-7
Renato Botelho
10:10 AM Bug #8656 (Feedback): PHP Error - Firewall Scheduler
Applied in changeset commit:4114a6aec4a5e8d1428df33a3f966b786c328d73. Anonymous
09:32 AM Bug #8637 (Resolved): field type select_source returns eval warnings if empty on pkg_edit.php
Merged 07/17/18 Anonymous
08:35 AM pfSense Packages Bug #8454: Arpwatch package break email notifications from other sources
It's stepping on it in that it's putting "arpwatch" on an email that has nothing to do with arpwatch. -I'd actually ... Matt Castelein
08:23 AM pfSense Packages Bug #8454: Arpwatch package break email notifications from other sources
There is no "stepping on other notifications".
It was not seen before because there was no "sendmail" on the box ... Jim Pingle
08:12 AM pfSense Packages Bug #8454: Arpwatch package break email notifications from other sources
I don't like how this works either. The arpwatch package shouldn't be stepping on other notifications. Additionally... Matt Castelein
07:31 AM Feature #8602 (Assigned): DNS over TLS host verification
Jim Pingle
07:30 AM Feature #8602 (Feedback): DNS over TLS host verification
Applied in changeset commit:e1ad890e581ad76a17af2860b054ce496a0aa56f. Jim Pingle
07:24 AM Feature #8602: DNS over TLS host verification
Per https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=658 the verification requires OpenSSL 1.1.x, and FreeBSD 11.... Jim Pingle

07/16/2018

10:42 PM Revision 925919d1: Remove AutoConfigBackup package
Steve Beaver
10:35 PM Revision ef3d2cad: Fixed #8654
Fixed PHP7 issue causing separators not to work at all Steve Beaver
10:35 PM Revision 68048497: Integrate ACB into core. Add config migration.
Steve Beaver
08:55 PM Revision 360e7711: Fixed td placement from previous commit
Stephen Jones
08:53 PM Revision 437263f2: Fixed table spacing when no tunnels were active
Stephen Jones
07:51 PM Bug #8656 (Resolved): PHP Error - Firewall Scheduler
Hello folks, first try posting a bug report here, didn't find it on a search so giving it a whirl. On Jul-15-2018 2.4... B C
07:44 PM Bug #8652: OpenVPN crash client with "Remote network" option
crash does not always happen, in my network only 2 from 21 routers has this problem. PSK scheme.
BUT! problem with r... Konstantin Ab
11:58 AM Bug #8652 (Not a Bug): OpenVPN crash client with "Remote network" option
I cannot reproduce this. I tried a static key client and SSL/TLS client and everything worked as expected. The remote... Jim Pingle
03:54 AM Bug #8652: OpenVPN crash client with "Remote network" option
general log:
Jul 16 15:50:25 php-fpm 316 OpenVPN terminate old pid: 75376
Jul 16 15:50:25 kernel ovpnc3: link st... Konstantin Ab
03:39 AM Bug #8652 (Not a Bug): OpenVPN crash client with "Remote network" option
site-to-site.
if set in openvpn client option "remote network" for example "192.168.18.0/24" -- openvpn client is ... Konstantin Ab
05:43 PM Bug #7532: SG-1000 autonegotiation 10baseT speed and duplex
Testing this further I found that with the SG-1000 port set to auto it establishes a link to a switch port set to 10M... Steve Wheeler
05:41 PM Revision f0b0a03b: Escape LDAP username when searching. Fixes #8626
Jim Pingle
04:13 PM Revision 3ef6c4d3: Fixed #8640 Added type casting in case destination port is empty
Stephen Jones
04:07 PM Revision 030d8e87: Fix another DynDNS status PHP error. Fixes #8648
Jim Pingle
04:02 PM Bug #8655 (Resolved): Radius Accounting updates are not sent in a particular situation
Accounting updates are not send when :
- Captiveportal auth mode is "Radius". Accounting request with updates are ... A FL
03:58 PM Revision 62caa87a: status_ipsec.php, correct conX refs. Fixes #8629
Jim Pingle
01:54 PM Revision 6c4ccc9f: Fix PHP7 errors in the Dynamic DNS widget. Fixes #8648
Jim Pingle
01:53 PM Bug #8649 (Not a Bug): NAT does not work anymore with Port / IP Aliases
I can't reproduce this on a current snapshot. Perhaps it was fixed by one of the other PHP error bugs that was alread... Jim Pingle
01:46 PM Bug #8642 (Not a Bug): OPENVpn CSO: client-config-dir missing
There is not nearly enough information here. The @client-config-dir@ directive is present in an OpenVPN server config... Jim Pingle
12:50 PM Bug #8626 (Feedback): CN in certificate and probably other user names are not properly escaped in LDAP search
Applied in changeset commit:f0b0a03bbdca9311f3f01b8825903425126727bb. Jim Pingle
12:42 PM pfSense Packages Bug #8577: Snort - Log retention not working
Thanks for the bug report. I will get this fixed up in the next Snort GUI package update.
Bill Bill Meeks
12:39 PM pfSense Packages Bug #8647: PHP7: Snort package
Thanks for the report. This is fixed in the upcoming Snort GUI package update for PHP 7.2 that will be posted soon.
... Bill Meeks
11:44 AM Bug #8639 (Resolved): Unable to boot zfs on root
I've upgraded an old VM to most recent snapshot and loader.conf was not replaced. The bug that created this issue is ... Renato Botelho
10:26 AM Bug #8639 (Feedback): Unable to boot zfs on root
I detected that a static version of /boot/loader.conf was being added to pfSense-kernel package. A fix was pushed and... Renato Botelho
08:10 AM Bug #8639: Unable to boot zfs on root
There is still a problem here on current snapshots. Upgrading a VM running on ZFS to a current snapshot still fails i... Jim Pingle
07:18 AM Bug #8639: Unable to boot zfs on root
this bit me too on bare metal hardware would be nice to have this fixed so can upgrade to get some of the php error f... Michael Kellogg
11:36 AM Feature #8602 (Assigned): DNS over TLS host verification
So it looks like we are setting up the unbound configuration correctly but it does not appear to be enforcing hostnam... Jim Pingle
11:20 AM Bug #8640 (Feedback): PHP Error
Applied in changeset commit:3ef6c4d3a02a6478b823de56f5703ad19b4f3a06. Anonymous
11:18 AM Bug #8640: PHP Error
I just pushed a new fix for the nat_edit page that should fix that issue. It may take a couple days for the changes t... Anonymous
08:36 AM Bug #8640 (Assigned): PHP Error
Jim Pingle
11:10 AM Bug #8603: PPP WANs do not work on VLANs on current snapshots
This is still a problem on current snapshots in certain circumstances. There is no current viable workaround, but it ... Jim Pingle
11:10 AM Bug #8629 (Feedback): Routed IPsec P1 - not coming up after pressing "disconnect" button
Applied in changeset commit:62caa87a4b9027ac8f7b7cace7588f842ca57fc2. Jim Pingle
11:04 AM Bug #8636: pfSense_kill_states function does not parse protocol parameter correctly
Can you submit that as a Github pull request on the pfSense FreeBSD-ports repository at https://github.com/pfsense/fr... Jim Pingle
10:50 AM Feature #8598 (Resolved): Add IPsec identifiers to Status > IPsec
IPsec IDs show up and look correct in the tunnels I have configured. Jim Pingle
10:44 AM Bug #8653 (Resolved): Spurious HA XMLRPC Sync Error after move to PHP7
After moving to PHP7, an HA pair logs an XMLRPC error and files a notice even though the synchronization appears to h... Jim Pingle
10:21 AM Feature #8641: Need way to disable HSTS and/or replace webConfigurator certificate from CLI
It's definitely a legitimate feature request. It makes sense to have a console menu entry that takes the GUI reset co... Jim Pingle
10:06 AM Feature #8641: Need way to disable HSTS and/or replace webConfigurator certificate from CLI
While I now feel like a complete idiot, thank you for reminding me of the same advice I give to my own developers. S... Adam Thompson
08:38 AM Feature #8641: Need way to disable HSTS and/or replace webConfigurator certificate from CLI
If you access the firewall by IP address instead of hostname, it should allow you to connect even with a bad cert IIR... Jim Pingle
09:54 AM Bug #8622 (Resolved): system_usermanager.php: Group selections not retained when an input error occurs
Looks good now. The page still shows selected groups when I trigger an input error. Jim Pingle
09:51 AM Bug #8553 (Resolved): Creating a user as a member of a group fails to add that group to the user
Error is gone and user is a member of the group after creation. Looks good to me. Jim Pingle
09:00 AM Bug #8648 (Feedback): php dynamic dns status widget error
Applied in changeset commit:6c4ccc9f76786f940a358698b6e2a7f0245b626d. Jim Pingle
08:41 AM Feature #8292 (Resolved): IPsec mobile clients with different (virtual) IP addresses by (EAP) identity
Jim Pingle
08:41 AM Feature #8292: IPsec mobile clients with different (virtual) IP addresses by (EAP) identity
This specific feature (Virtual IP addresses by EAP ID) appears to be working. Remaining issue with DNS was split off ... Jim Pingle
08:40 AM Feature #8644: IPsec mobile clients DNS enhancement
PR looks OK, but needs testing. Jim Pingle
08:35 AM Bug #4082 (Resolved): Adding to Captive Portal Allowed Hostnames list gives error (exit code 71) in System Logs
Jim Pingle
08:33 AM Bug #8590 (New): sshd does not allow agent forwarding
Reopening due to PR https://github.com/pfsense/pfsense/pull/3957 (adds option, defaults to off) Jim Pingle
08:16 AM Feature #8635: "Remote/local subnets" in routed IPsec renaming
"Network" is what I know works and works best, but address should also work in some cases for a point-to-point interf... Jim Pingle
07:52 AM Feature #8632: dhcpd ipv4 - fix gui config to accept multiple subnets and/or answer requests from relay servers
That PR is closed and over three and a half years old. It would need updated and tested before it could be considered... Jim Pingle
07:44 AM Feature #8478 (Feedback): Add DynDNS client for DigitalOcean DNS
PR was merged, ready for testing. Jim Pingle
07:36 AM Feature #8599: IPv6 flow labels
Since that's fully automatic it doesn't appear to allow the kind of control implied in the original request. That lik... Jim Pingle
07:27 AM Bug #8605 (Resolved): OpenVPN wizard fails to populate LDAP fields
Jim Pingle
07:26 AM Bug #8587 (Resolved): System information dashboad show only first swap disk/file info
Jim Pingle
07:26 AM Bug #8583 (Resolved): LDAP fails with bind credentials due to mispelled variable
Jim Pingle
07:25 AM Bug #8586 (Resolved): Gateway Group trigger level
Jim Pingle
07:21 AM Bug #8582 (Resolved): Ship RFC 7919-provided DH groups
No problems so far, tested a variety of scenarios that would use the new DH groups (GUI, OpenVPN, etc) Jim Pingle

07/15/2018

11:26 PM pfSense Packages Bug #8651 (Resolved): another php error (broke stable pfBng)
latest pfS (2.4.4.a.20180715.1209) broke stable pfBng (2.1.2_5)
thousands of
PHP Warning: count(): Parameter m... ROB VANHOOREN
10:58 PM Bug #8555: Selectively killing states on WAN failure
I'm not sure if I need to specify, these patches are for FreeBSD-src 'origin/RELENG_2_4' and pfsense 'origin/RELENG_2... Steven Brown
10:53 PM Bug #8555: Selectively killing states on WAN failure
I've been working on doing this better and I believe I've come up a solution. I'd appreciate if someone could review... Steven Brown
12:19 AM Revision 1ed21e0a: Fix #8646
Steve Beaver

07/14/2018

07:29 PM Revision d4f29a52: Fix shaper "non-numeric value" errors
Steve Beaver
07:20 PM Bug #8646 (Resolved): Another php error
Anonymous
11:08 AM Bug #4082: Adding to Captive Portal Allowed Hostnames list gives error (exit code 71) in System Logs
After further investigation, i confirm that this bug has been fixed in commit 517b893 (precisely here : https://gith... A FL
08:26 AM Feature #8650 (Bogus): DynDNS Update via HTTPS
Refering DnyDNS.org the updater should only send via HTTPS
https://dyn.com/update-client-faqs/
 Dirk Steingäßer
02:31 AM Bug #8639: Unable to boot zfs on root
As per here: https://forum.netgate.com/topic/132728/zfs-issues-built-on-wed-jul-11-16-46-22-edt-2018
I can confirm... Greg M
01:31 AM Bug #8649 (Not a Bug): NAT does not work anymore with Port / IP Aliases
Hi,
with the actual dev
2.4.4-DEVELOPMENT (amd64)
built on Fri Jul 13 10:56:07 EDT 2018
FreeBSD 11.2-RELEA... Dirk Steingäßer

07/13/2018

09:51 PM Bug #8648 (Resolved): php dynamic dns status widget error
Warning: Illegal string offset 'dnsupdate' in /usr/local/www/widgets/widgets/dyn_dns_status.widget.php on line 59
Wa... Roby Sadeli
05:41 PM Bug #8640: PHP Error
Still present + additional NAT error
Crash report begins. Anonymous machine information:
amd64
11.2-RELEASE
... Dirk Steingäßer
10:10 AM Bug #8640 (Feedback): PHP Error
Applied in changeset commit:8501d8477c007a768537ebcb5a916f8f8ebb4091. Anonymous
03:04 PM Revision 8501d847: Fixed #8640 PHP7 initialize variable as array instead of string
Stephen Jones
02:54 PM Revision 07ca0162: PHP7 initialize as array instead of string
Stephen Jones
12:33 PM Revision 59a5679c: changes to mobile ipsec dns to support new features
christian christian
11:38 AM Bug #8646: Another php error
This:
PHP Errors:
[13-Jul-2018 18:38:00 Europe/Berlin] PHP Warning: Illegal string offset 'item' in /usr/local/w... Greg M
11:37 AM Bug #8646: Another php error
And this:
[13-Jul-2018 18:36:49 Europe/Berlin] PHP Warning: Use of undefined constant info - assumed 'info' (this... Greg M
11:33 AM Bug #8646 (Resolved): Another php error
Latest 13 JUL snapshot.
Crash report begins. Anonymous machine information:
amd64
11.2-RELEASE
FreeBSD 11.2-... Greg M
11:35 AM pfSense Packages Bug #8647 (Resolved): PHP7: Snort package
Just a small glitch :)
Crash report begins. Anonymous machine information:
amd64
11.2-RELEASE
FreeBSD 11.2-R... Greg M
11:34 AM Bug #8639: Unable to boot zfs on root
Umm I upgraded to 2.4.4.a.20180713.1056 and it borked my machine.
Running on Hyper-v Server 2016.
Clean install i... Greg M
10:40 AM Bug #8639: Unable to boot zfs on root
ROB VANHOOREN wrote:
> Ken Sim wrote:
> > The current snapshot for 2.4.4 does not allow booting from zfs on root.
... Ken Sim
08:46 AM Bug #8639: Unable to boot zfs on root
Ken Sim wrote:
> The current snapshot for 2.4.4 does not allow booting from zfs on root.
issue still exists for m... ROB VANHOOREN
11:21 AM Bug #8048 (Resolved): DHCPv6 Configured for LAN without LAN interface
Anonymous
10:41 AM Bug #8048: DHCPv6 Configured for LAN without LAN interface
Confirmed fixed on pfSense-CE-memstick-2.4.4-DEVELOPMENT-amd64-20180712-2121.img. Installed from that img, with only ... Anonymous
11:10 AM Bug #8603: PPP WANs do not work on VLANs on current snapshots
Sorry that did not work at all in my case. I had some trouble after changing the config.xml manually and needed to re... Dirk Steingäßer
03:44 AM Bug #8603: PPP WANs do not work on VLANs on current snapshots
sorry that didnt work, what if you try replace all instances of re1.30 with re1_30
it is also listed under ppp Josiah Whitefield
02:23 AM Bug #8603: PPP WANs do not work on VLANs on current snapshots
So i tested to change manually <vlanif>re1_30</vlanif> by replacing "." to the "_" but it does not resolve the symptom. Dirk Steingäßer
01:58 AM Bug #8603: PPP WANs do not work on VLANs on current snapshots
Ok thanks a lot for that hint Dirk Steingäßer
09:57 AM Bug #8643 (Feedback): IPsec not working on latest 2.4.4 snap
Fix pushed. 07ca01622ba8251d61b48b3b26442f4323df3428
Looks like the variable was initialized as a string instead o... Anonymous
12:06 AM Bug #8643: IPsec not working on latest 2.4.4 snap
Thu Jul 12 06:13:34 EDT 2018 snap on SG3100 Vladimir Lind
12:03 AM Bug #8643 (Resolved): IPsec not working on latest 2.4.4 snap
IPsec is not establishing connection, seeing this error (crash):
Fatal error: Uncaught Error: [] operator not supp... Vladimir Lind
08:57 AM Feature #8645 (Resolved): Upload certificate file instead of pasting
When importing a new certificate, currently we have to paste in the ASCII Base64 (PEM) representation of the cert & k... Adam Thompson
07:48 AM Feature #8292: IPsec mobile clients with different (virtual) IP addresses by (EAP) identity
moved to #8644
github: https://github.com/pfsense/pfsense/pull/3965 Christian R.
07:46 AM Feature #8644: IPsec mobile clients DNS enhancement
github: https://github.com/pfsense/pfsense/pull/3965 Christian R.
07:44 AM Feature #8644 (Resolved): IPsec mobile clients DNS enhancement
linked to #8292
changing DNS from _attr plugin_ to _rightdns_ as of strongswan wiki:
>DNS servers
>DNS servers a... Christian R.
07:32 AM Feature #8641: Need way to disable HSTS and/or replace webConfigurator certificate from CLI
Thanks, Jim - that is +much+ easier to type through a bad console connection! (Particularly since I just realized I'... Adam Thompson

07/12/2018

11:45 PM Bug #8642 (Not a Bug): OPENVpn CSO: client-config-dir missing
Perhaps related to #3165
I use the Wizard to create the OpenVPN server (server2 in my case).
I activate the Clien... Stefan Ru
09:30 PM Revision b42a4b6e: PHP7 Fixed illegal string offset for alias
Stephen Jones
06:13 PM Bug #8639: Unable to boot zfs on root
Sorry for the confusion, glad that it is working for you now. If it happens in the future (anything can happen with d... Ken Sim
06:10 PM Bug #8639: Unable to boot zfs on root
I had your issue originally, yes. I was trying to resolve it by other means (a fresh install). For example, the Sys... P L
05:07 PM Bug #8639: Unable to boot zfs on root
Nick K wrote:
> Ken,
>
> I am trying to find out if you had edited the loader.conf file to add back in the ZFS lo... Ken Sim
05:05 PM Bug #8639: Unable to boot zfs on root
Ken,
I am trying to find out if you had edited the loader.conf file to add back in the ZFS loads (opensolaris_load... Nick K
04:46 PM Bug #8639: Unable to boot zfs on root
P Law wrote:
> I tried installing the 2.4.4.a.20180712.1231 snapshot and it fails to proceed after selecting to inst... Ken Sim
04:44 PM Bug #8639: Unable to boot zfs on root
I tried installing the 2.4.4.a.20180712.1231 snapshot and it fails to proceed after selecting to install with ZFS on ... P L
04:44 PM Bug #8639: Unable to boot zfs on root
It's resolved for me and I opened the ticket, so I was letting them know its resolved for the issue I posted. You mig... Ken Sim
04:37 PM Bug #8639: Unable to boot zfs on root
Ken Sim wrote:
> This issue is resolved with 2.4.4.a.20180712.1231 snapshot. Looks like it was an issue building zfs... Nick K
04:31 PM Bug #8639: Unable to boot zfs on root
The snapshot (still) doesn't show up under System -> Update. Anyway to force it to refresh?
Ken Sim wrote:
> T... P L
03:59 PM Bug #8639: Unable to boot zfs on root
There actually is ISO's for the development branch, its a hybrid image so if you want an iso you rename the file to .... Ken Sim
03:57 PM Bug #8639: Unable to boot zfs on root
This snapshot doesn't show up in System -> Update now.
There is no bootable CD ISO for the development snapshots. ... P L
03:26 PM Bug #8639: Unable to boot zfs on root
This issue is resolved with 2.4.4.a.20180712.1231 snapshot. Looks like it was an issue building zfs in the previous s... Ken Sim
03:24 PM Bug #8639: Unable to boot zfs on root
This is a problem if your saved configuration backup is more recent than your last snapshot of the base system.
St... P L
05:42 PM Feature #8641: Need way to disable HSTS and/or replace webConfigurator certificate from CLI
... Jim Pingle
05:25 PM Feature #8641: Need way to disable HSTS and/or replace webConfigurator certificate from CLI
And yes, I'd be happy to _also_ write up a KB-style or doc-style page showing admins how to un-f*** themselves in thi... Adam Thompson
05:23 PM Feature #8641: Need way to disable HSTS and/or replace webConfigurator certificate from CLI
Yes, I'm aware of both #6650 and https://github.com/pfsense/pfsense/pull/3856, and I was able to find the Disable HST... Adam Thompson
05:22 PM Feature #8641 (New): Need way to disable HSTS and/or replace webConfigurator certificate from CLI
On a 2.4.2-RELEASE firewall, which still sets the HSTS headers, I had a wildcard certificate installed, and it just e... Adam Thompson
04:43 PM Bug #8603: PPP WANs do not work on VLANs on current snapshots
I fixed this temporarily by editing the vlans to <vlanif>re1_30</vlanif>
Replaced the "." to "_" this was an issue w... Josiah Whitefield
03:43 PM Revision 6d3b8da5: Fixed a bug that won't let you create a bridge on PHP7. This is just a workaround until the actual issue is found
Stephen Jones
02:17 PM Revision f37dd1a9: Removed debug statement
Stephen Jones
12:47 PM Revision 1981dfb5: Make sure /var/etc/openvpn-csc directory is created
Renato Botelho
12:07 PM Bug #8640 (Resolved): PHP Error
Hi, just for notice there is an php error with 2.4.4 dev
[[Crash report begins. Anonymous machine information:
... Dirk Steingäßer
11:09 AM Bug #4082: Adding to Captive Portal Allowed Hostnames list gives error (exit code 71) in System Logs
I can not reproduce this.
Could this bug have been fixed by https://github.com/pfsense/pfsense/commit/517b893eec6... A FL
09:52 AM Bug #7928: LAGG interfaces lose MAC address
Yes I have it with a 2.3.5p2 (fresh install). Never try to do it before (as I hadn't a LACP compliant ethernet switch... Olivier Delcourt
09:00 AM Bug #8629: Routed IPsec P1 - not coming up after pressing "disconnect" button
I just pushed a fix for #8598 which may help with this (Fixing disconnect and show child buttons) It was mostly for m... Anonymous

07/11/2018

08:46 PM Revision 2c5f44bd: i915kms doesn't need to be declared here
Renato Botelho
08:31 PM Revision e4c2220e: Add i915kms and drm2 to the list of modules to be built
Renato Botelho
05:02 PM Bug #8639: Unable to boot zfs on root
On pFsense start press 3
One at a time
@load /boot/kernel.old/kernel
load /boot/kernel.old/opensolaris.ko
load ... Raul Ramos
02:56 PM Bug #8639 (Resolved): Unable to boot zfs on root
The current snapshot for 2.4.4 does not allow booting from zfs on root. It returns "failed with error 2: unknown file... Ken Sim
03:10 PM Revision b5e93be6: Changed it to just use the variable name
Stephen Jones
02:38 PM Revision 6f331d22: Fixed #8630 , PHP7 illegal string offset.
Stephen Jones
02:30 PM Revision 1303150b: Fixed #8633 PHP7 issue use of undefined constant, Should work as it did before.
Stephen Jones
12:32 PM Revision 79577f5f: suppress php7.2 eval erros on pkg_edit.php
https://redmine.pfsense.org/issues/8637
As of PHP 7, if there is a parse error in the evaluated code, eval() throws ... Marcello Silva Coutinho
09:50 AM Bug #8630 (Feedback): Web-GUI PHP error in brige after removing all interfaces were in bridge
Applied in changeset commit:6f331d2241ef633feef95a2fca5b6112da016741. Anonymous
09:40 AM Bug #8633 (Feedback): thousands PHP undef gwname /etc/inc/gwlib.inc line 1210
Applied in changeset commit:1303150bbe0c67c4d0b05fdea4e101b191a124f8. Anonymous
09:03 AM Bug #8633 (Assigned): thousands PHP undef gwname /etc/inc/gwlib.inc line 1210
Anonymous
07:35 AM Bug #8637: field type select_source returns eval warnings if empty on pkg_edit.php
https://github.com/pfsense/pfsense/pull/3964 Marcello Silva Coutinho
07:27 AM Bug #8637 (Resolved): field type select_source returns eval warnings if empty on pkg_edit.php
pkg_edit.php shows eval erros while tries to fetch a select_source type field that has an empty source
For example... Marcello Silva Coutinho
01:06 AM Bug #8636 (Resolved): pfSense_kill_states function does not parse protocol parameter correctly
Inside pfSense-ports/devel/php56-pfSense-module/files/pfSense.c the function pfSense_kill_states takes a parameter fo... Steven Brown
12:17 AM Feature #8635 (Resolved): "Remote/local subnets" in routed IPsec renaming
Naming of the "Remote/local subnets" labels looks not to be appropriate.
According to this link - https://www.netg... Vladimir Lind

07/10/2018

10:16 PM Feature #8634: Enhance the certificate manager to support private keys with passphrases

pfSense permits certificate generation for use by OpenVPN clients, amongst others. At present, pfSense doesn't pe... Brian Martin
10:14 PM Feature #8634 (Duplicate): Enhance the certificate manager to support private keys with passphrases
pfSense permits certificate generation for use by OpenVPN clients, amongst others. At present, pfSense doesn't permi... Brian Martin
04:04 PM Bug #8633 (Resolved): thousands PHP undef gwname /etc/inc/gwlib.inc line 1210
PHP continually barking -- several thousand times -- on latest 2.4.4.a.20180710.1501
excerpt ...
Crash report b... ROB VANHOOREN
03:18 PM Revision 3c5f4441: Fixed #8598 Added IPsec ID to the table, Moved the disconnect button over to better fit the page, Also fixed the disconnect button and show child button for mobile clients
Stephen Jones
11:46 AM Bug #8627 (Resolved): PHP Warning in /system_groupmanager.php
Renato Botelho
10:35 AM Bug #8627: PHP Warning in /system_groupmanager.php
Looks good in 2.4.4.a.20180710.0609. Thanks! Chris Linstruth
05:09 AM Bug #8627 (Feedback): PHP Warning in /system_groupmanager.php
Fixed Renato Botelho
12:53 AM Bug #8627 (Resolved): PHP Warning in /system_groupmanager.php
If a group has a zero member count this PHP warning is displayed there:
Warning: count(): Parameter must be an arr... Chris Linstruth
10:30 AM Feature #8598 (Feedback): Add IPsec identifiers to Status > IPsec
Applied in changeset commit:3c5f4441cb62524448a868f3908de9504f9fb305. Anonymous
10:22 AM Feature #8598: Add IPsec identifiers to Status > IPsec
Implemented this. Also found issues with the buttons not lining up correctly for mobile clients. I included the fix f... Anonymous
10:08 AM Revision 19028049: Make sure array exist before call count()
Renato Botelho
10:04 AM Revision 449cac24: Improve style
Renato Botelho
09:20 AM Feature #8632 (Duplicate): dhcpd ipv4 - fix gui config to accept multiple subnets and/or answer requests from relay servers
Before starting reapplying dhcp code improvements for ipv4, if the code is ok, can it be reviewed and merged to maste... Marcello Silva Coutinho
09:19 AM Feature #8478: Add DynDNS client for DigitalOcean DNS
Constantine Kormashev wrote:
> This is not for DDNS service, DO does not have one. This is tool for managing DNS rec... Grant Sheehan
02:49 AM Feature #8478: Add DynDNS client for DigitalOcean DNS
This is not for DDNS service, DO does not have one. This is tool for managing DNS records on DO DNS service. Constantine Kormashev
08:17 AM Bug #8629: Routed IPsec P1 - not coming up after pressing "disconnect" button
The connect/disconnect issue likely doesn't have anything to do with VTI, but the conn numbering changes. sjones was ... Jim Pingle
01:52 AM Bug #8629 (Resolved): Routed IPsec P1 - not coming up after pressing "disconnect" button
A simple routed IPsec setup with one single /32 route across VTI interface. It works - P1 is UP, P2 routes listed, co... Vladimir Lind
08:14 AM Bug #8628 (Not a Bug): IPsec VTI - P2 "remote network" field accepts only host address
That is by design. The VTI local/remote pair of addresses form a point-to-point "tunnel network" similar to OpenVPN s... Jim Pingle
01:05 AM Bug #8628 (Not a Bug): IPsec VTI - P2 "remote network" field accepts only host address
In routed IPsec you can specify "remote network" - but in fact "mask" field is grayed out. You can set only a host (/... Vladimir Lind
08:09 AM pfSense Packages Bug #8631 (Resolved): syslog-ng - logrotate incorrectly configured to rotate TLS key
I noticed recently a pfSense device stopped logging to our remote TLS syslog server. After investigating, I found th... Aaron Morris
07:36 AM Bug #8465: Lost default gateway after recover from failover with CARP VIP and HA
Can I ask if any investigation has been done on this or whether anyone else has been able to replicate it? This could... Adam Sweet
07:29 AM Bug #8527: VLANs losing parent interface on LAGG change
Can I ask if any investigation has been done on this or whether anyone else has been able to replicate it? This will ... Adam Sweet
02:02 AM Bug #8630 (Resolved): Web-GUI PHP error in brige after removing all interfaces were in bridge
If device has several interfaces in bridge and all those interfaces are deleted, Web-GUI shows error in https://<addr... Constantine Kormashev

07/09/2018

11:36 PM Revision 4b0cb4f1: php7, avoid warning in gateway plugin call
PiBa-NL
08:18 PM Bug #8626 (Resolved): CN in certificate and probably other user names are not properly escaped in LDAP search
Marking as private due to the nature of this but it does not look like the searches are ever sent to the LDAP server ... Chris Linstruth
06:38 PM Revision 58003f47: Remove pecl-xdebug since it doesn't build with PHP 7.2
Renato Botelho
05:37 PM Bug #8618: 2.4.4 *possible bug* with Intel C3858 and Interface Auto-Detection on 10Gb interfaces
Spent some more time looking into this with the latest CE snapshot from today. This time I installed it on a XG-1537 ... Clinton Cory
05:27 PM Revision 5bd32389: Start moving PHP to 7.2
Renato Botelho
04:13 PM Revision 2a0be57e: Fixed a warning on status > dhcpv6 leases parameter 2 expected to be a string.
Stephen Jones
03:39 PM Revision 5c3a8a9c: Fixed #8622 It will now revert to whatever was previously saved in the config if there is an input error for user groups
Stephen Jones
01:47 PM Revision aa029c93: Fix 8553: When creating a new user, make sure it's added to desired groups
Renato Botelho
01:09 PM Bug #7928: LAGG interfaces lose MAC address
Hmm, we never saw this in 2.3.X previously.
Do you see it in 2.3.5p2 if you haven't tested that already?
Were y... Steve Wheeler
04:41 AM Bug #7928: LAGG interfaces lose MAC address
I have the same problem with pfsense 2.3.5 (fresh install nanobsd on a netgate apu1C4).
I there a fix or workaround ... Olivier Delcourt
10:50 AM Bug #8622 (Feedback): system_usermanager.php: Group selections not retained when an input error occurs
Applied in changeset commit:5c3a8a9ce4e02a34de439087c9d4bcfd9877c5f1. Anonymous
09:30 AM Bug #8553 (Feedback): Creating a user as a member of a group fails to add that group to the user
Fix committed at commit:aa029c9304765e67a9f9bd63336716c0c9a3f298 Renato Botelho
08:01 AM pfSense Packages Bug #8625 (Resolved): PFsense squidGuard faulty URL check
Hi,
wanted to import a blacklist into squid guard an ran into errors.
Always complaining about some urls.
Narrow... James Interop
07:35 AM Feature #8599: IPv6 flow labels
sysctl -d net.inet6.ip6.auto_flowlabel
net.inet6.ip6.auto_flowlabel: Provide an IPv6 flowlabel in outbound packets... David Horn
02:34 AM Bug #7020: <Hostname> is omitted when sending logs on syslog
I agree with Darren. This should be treated as a bug and the best solution is to add hostname to the syslog messages ... Idar Lund

07/08/2018

10:18 AM Feature #8478: Add DynDNS client for DigitalOcean DNS
This is in current 2.4.4 snapshots.
Anyone with a Digital Ocean instance who can test this is encouraged to do so.... Steve Wheeler

07/07/2018

07:00 PM Bug #8605: OpenVPN wizard fails to populate LDAP fields
On 2.4.4.a.20180707.0234, LDAP wizard successfully completed and the LDAP server information (in it's entirety) was s... Anonymous
06:53 PM Bug #8587: System information dashboad show only first swap disk/file info
On 2.4.4.a.20180707.0234, multiple swap files are accurately reported. On the test system with 978M swap after instal... Anonymous
06:50 PM Feature #8624 (Resolved): DNS Resolver Resolve IPv6 OpenVPN Client Addresses
Currently it only handles the IPv4 of the client and ignores the IPv6 of a client if it exists. It would be nice if i... Ken Sim
03:36 PM Bug #8583: LDAP fails with bind credentials due to mispelled variable
On 2.4.4.a.20180707.0234, bind credentials work as expected. Anonymous
01:43 PM Bug #8530: Delete allowed hostname/ip doesn't work if captive portal is not enabled.
On 2.4.4.a.20180707.0234, works as expected. Allowed IPs and Hostnames can be deleted successfully without the zone e... Anonymous
01:32 PM Bug #7634: When restoring from USB during install, if the config file contains RRD data, the final config.xml on the system will also contain all the RRD infomation
On 2.4.4.a.20180707.0234 works as expected. RRD data is removed from the config.xml that is restored during PFI. Anonymous
01:05 PM Bug #8586: Gateway Group trigger level
2.4.4-DEVELOPMENT (amd64)
built on Fri Jul 06 15:23:49 EDT 2018
FreeBSD 11.2-RELEASE
2 gateways, setup a fa... Chris Macmahon
12:36 PM Bug #6477: Sample bounds can jump around for custom timer periods on Status > Monitoring
On 2.4.4.a.20180707.0234 the does not appear to be an issue when viewing the Status > Monitoring graph at 1 hour time... Anonymous
12:26 PM Bug #8582: Ship RFC 7919-provided DH groups
On 2.4.4.a.20180707.0234, DH parameter length 6144 and 8192 both seem to work when an android OpenVPN client connects. Anonymous
12:23 PM Bug #8582: Ship RFC 7919-provided DH groups
On 2.4.4.a.20180707.0234, DH Group 17 and 18 on Phase one and PFS key group 17 and 18 seem to work when an android st... Anonymous
09:45 AM Bug #8603: PPP WANs do not work on VLANs on current snapshots
Hi, any news here? Best regards Dirk Steingäßer
04:41 AM Feature #8292: IPsec mobile clients with different (virtual) IP addresses by (EAP) identity
Have found one more in the strongswan wiki [[https://wiki.strongswan.org/projects/strongswan/wiki/VirtualIp]]
>DNS... Christian R.
04:20 AM Feature #8292: IPsec mobile clients with different (virtual) IP addresses by (EAP) identity
James Dekker wrote:
> With the Virtual Address Pool working as expected and DNS server being the problem child now, ... Christian R.

07/06/2018

06:08 PM Revision ad08a824: Add fields for DNS server hostnames for TLS verification. Implements #8602
Jim Pingle
05:53 PM Bug #8618 (Assigned): 2.4.4 *possible bug* with Intel C3858 and Interface Auto-Detection on 10Gb interfaces
Installed 2.4.4 CE build: pfSense-CE-memstick-2.4.4-DEVELOPMENT-amd64-20180705-0739.img
ifconfig outputs the follo... Clinton Cory
03:40 PM Bug #8469: DHCP Server configuration page errantly expands Dynamic DNS advanced parameters even when none are configured
Retested today on a fresh install (2.4.4.a.20180705.0032) and the issue appears to be resolved. Anonymous
03:04 PM Bug #7020: <Hostname> is omitted when sending logs on syslog
Idar Lund wrote:
> If this is considered as "not a bug", the web page https://doc.pfsense.org/index.php/Filter_Log_F... Darren Spruell
02:46 PM Bug #8571 (Resolved): loader.conf/.local cleanup is a bit too aggressive
Jim Pingle
02:45 PM Bug #8571: loader.conf/.local cleanup is a bit too aggressive
On 2.4.4.a.20180705.0032 (SG-2440) added autoboot_delay=10 to /boot/loader.conf.local (which didn't exist before that... Anonymous
02:25 PM Todo #8350: Remove clog in favor of standard syslogd or syslogd alternative with rotation via newsyslog or logrotate
+1 on this - clog is kind of neat for the use case it addresses, but is fairly inconvenient in terms of modern log an... Darren Spruell
02:11 PM Todo #1940: Integrate rSyslogd
Another vote! Darren Spruell
02:02 PM Bug #8457: Packages do not remove on factory default
Behavior described in last update appeared to be limited to acme ... created https://redmine.pfsense.org/issues/8623 ... Anonymous
01:59 PM Bug #8623 (Closed): acme package does not show correct installation output following a factory reset
Install the latest 2.4.4 snap (or upgrade to it from 2.4.3). Run `playback gitsync master` to get current. Reset the ... Anonymous
01:45 PM Revision 50e0d399: wizard.php: Ensure CA and Certs are arrays before using in foreach.
Jim Pingle
01:20 PM Feature #8602 (Feedback): DNS over TLS host verification
Applied in changeset commit:ad08a8242ca45907e0486712d218a5f8f34c7332. Jim Pingle
08:53 AM Feature #8602: DNS over TLS host verification
Unbound 1.7.3 is in current 2.4.4 snapshots, so this can be added now. Jim Pingle
01:12 PM Revision ab4fdf49: Cosmetic changes to warning maeesage
Steve Beaver
01:03 PM Revision 1ddc7206: Add position params to gettext password warning
Steve Beaver
12:44 PM Revision 40d26f65: Test the password, not the hash, or it won't detect if the user reset password from the console or otherwise changed it to the default manually. Issue #8596
Jim Pingle
12:20 PM Revision 58a0f5e1: Change warning wording to avoid using a "click here" link. Issue #8596
Jim Pingle
11:52 AM Revision 5b2e9e7b: Fixed #8596
Steve Beaver
11:41 AM Bug #8407 (Resolved): FRR BGP MD5 support is broken
Great!
I'll close this out for now. If it breaks again, let us know. Jim Pingle
11:36 AM Bug #8407: FRR BGP MD5 support is broken
I used my previous lab test from #7969 and looks like I was able to establish a BGP session w/ password OK to my aris... Andrew Dul
11:26 AM Feature #8292: IPsec mobile clients with different (virtual) IP addresses by (EAP) identity
Christian R. wrote:
> James Dekker wrote:
> > On 2.4.4.a.20180705.0032 the options appear. Tested specifying a diff... Anonymous
10:43 AM Feature #8292: IPsec mobile clients with different (virtual) IP addresses by (EAP) identity
James Dekker wrote:
> On 2.4.4.a.20180705.0032 the options appear. Tested specifying a different DNS server, saved a... Christian R.
07:22 AM Feature #8292 (New): IPsec mobile clients with different (virtual) IP addresses by (EAP) identity
Jim Pingle
09:24 AM Feature #8596: Warn user when default password has not been changed
On 2.4.4.a.20180705.0739 gitsync'd to master, the feature works as expected. Anonymous
07:09 AM Feature #8596 (Resolved): Warn user when default password has not been changed
Anonymous
07:00 AM Feature #8596: Warn user when default password has not been changed
Applied in changeset commit:5b2e9e7b034a3818ec754fa316516e9e0e6a1c86. Anonymous
09:02 AM pfSense Packages Bug #8620: arpwatch database page is not accessible
I am also experiencing this. My best guess is that Arpwatch is starting itself at boot, then pfSense is starting Arp... DL Ford
08:35 AM Bug #8582: Ship RFC 7919-provided DH groups
Looks good here so far. GUI still works in a variety of different browsers/platforms (Firefox and Chrome on Linux, Ma... Jim Pingle
07:59 AM Bug #8622 (Confirmed): system_usermanager.php: Group selections not retained when an input error occurs
Jim Pingle
04:04 AM Bug #8622 (Resolved): system_usermanager.php: Group selections not retained when an input error occurs
When doing such a simple thing as adding a ssh key, I completely deprived myself of access to webgui or ssh and was a... Andrew Rud
07:37 AM Bug #8617 (Resolved): Error on RADIUS Authentication
RADIUS auth works from diag_authentication.php with the current code from the repository. Jim Pingle
07:33 AM Bug #8515 (Resolved): ts wizard syntax error (as of 2.4.4.a.20180514.0905)
Jim Pingle
07:32 AM Bug #8048 (New): DHCPv6 Configured for LAN without LAN interface
Jim Pingle
07:32 AM Bug #8597 (Resolved): When editing a firewall rule, the "Action" field is selected
Jim Pingle
07:30 AM Bug #4438 (Resolved): Unable to delete IP Alias outside an interface's subnet where a gateway exists in the same subnet
Tested and working Jim Pingle
07:28 AM Todo #8411: dnsmasq configuration needs changes for 2.79
I can't replicate any problem here. Domain overrides work on the latest snapshot, no changes made. Queries are forwar... Jim Pingle
07:23 AM Bug #8591 (Resolved): interfaces.php: Checking "Default Gateway" on the "Add a new Gateway" modal does not set it as default
Jim Pingle
07:22 AM Bug #8593 (Resolved): Extend maximum gateway monitoring ping interval
Jim Pingle
07:08 AM Bug #8606 (Resolved): system_advanced_admin.php: PHP error when saving without sshdkeyonly set
Jim Pingle
07:07 AM Bug #8621 (Resolved): PHP errors on VPN IPSec P1 add
Already fixed by https://github.com/pfsense/pfsense/pull/3960 which was merged yesterday. Jim Pingle
05:16 AM Bug #8621: PHP errors on VPN IPSec P1 add
When editing an existing tunnel on 2.4.4
Fatal error: Call to undefined method Form_Section::setHelp() in /usr/loc... Chris Macmahon
01:16 AM Bug #8621: PHP errors on VPN IPSec P1 add
On SG3100 (built on Thu Jul 05 01:19:47 EDT 2018) I see this when trying to create ipsec P1:
Fatal error: Call to ... Vladimir Lind
12:53 AM Bug #8621 (Resolved): PHP errors on VPN IPSec P1 add
Downloaded latest KVM pfSense-netgate-kvm-2.4.4-DEVELOPMENT-amd64-20180530-1447.qcow2.gz
Updated via GUI to latest... Paighton Bisconer
06:13 AM Bug #7013 (Resolved): Changing group scope to remote does not remove it from group file
Renato Botelho
06:11 AM Todo #7024: Replace copy of radius.inc by pear-Auth_RADIUS
James Webb wrote:
> I believe the change applied in commit: e26b805 may have caused errors; specifically those refer... Renato Botelho

07/05/2018

07:51 PM Feature #2358: NAT64 support
UPVOTE Talyrius Bekhesh
07:48 PM Feature #2358: NAT64 support
Bump + UpVote ! Peek Around
06:18 PM Feature #7746: Proxy NDP
Ran into the exact same issue (provider only issues a /64 and I give away a chunk of that to mobile VPN clients). If ... Firstname Surname
05:02 PM Bug #8606: system_advanced_admin.php: PHP error when saving without sshdkeyonly set
On 2.4.4.a.20180705.0032 checked "Display page name first in browser tab", checked "Enable Secure Shell", and left th... Anonymous
04:58 PM Feature #8292: IPsec mobile clients with different (virtual) IP addresses by (EAP) identity
On 2.4.4.a.20180705.0032 the options appear. Tested specifying a different DNS server, saved and applied changes, sto... Anonymous
04:49 PM Bug #8593: Extend maximum gateway monitoring ping interval
On 2.4.4.a.20180705.0032 you're able to set the probe interval to a max value of 36000000 as expected. Anonymous
04:42 PM Bug #8591: interfaces.php: Checking "Default Gateway" on the "Add a new Gateway" modal does not set it as default
On 2.4.4.a.20180705.0032 works as expected. Anonymous
04:18 PM Revision ac27f5a1: Fixed #8597 The edit page will no longer initialize with focus on any element
Stephen Jones
04:00 PM Bug #8618: 2.4.4 *possible bug* with Intel C3858 and Interface Auto-Detection on 10Gb interfaces
I have a SuperMicro box with the same specs on-hand. Will attempt to replicate and debug. Clinton Cory
03:57 PM pfSense Packages Bug #8620: arpwatch database page is not accessible
I'm having the same problems. Woke up this morning to find all devices that have a static IP set were off line and I ... Dave Bergman
11:05 AM pfSense Packages Bug #8620: arpwatch database page is not accessible
Sven L wrote:
> I experienced exactly the same. In my case after some time running arpwatch my whole pfsense box hun... Cino .
10:44 AM pfSense Packages Bug #8620: arpwatch database page is not accessible
Cino . wrote:
> The issue I have with arpwatch is different but I'm pretty sure they are related. After a day or two... Sven L
10:14 AM pfSense Packages Bug #8620: arpwatch database page is not accessible
The issue I have with arpwatch is different but I'm pretty sure they are related. After a day or two of arpwatch runn... Cino .
09:57 AM pfSense Packages Bug #8620 (Resolved): arpwatch database page is not accessible
On CE-2.4.3-p1 I am not able to open https://172.21.41.148/pkg_edit.php?xml=arpwatch.xml - getting 504
from upstre... Vladimir Lind
03:57 PM Bug #8515: ts wizard syntax error (as of 2.4.4.a.20180514.0905)
On 2.4.4.a.20180705.0032 the wizard completes without error and the queues show up under Status > Queues Anonymous
03:52 PM Bug #8048: DHCPv6 Configured for LAN without LAN interface
On 2.4.4.a.20180705.0739 the bad behavior is still present. Anonymous
03:44 PM Bug #7013: Changing group scope to remote does not remove it from group file
On 2.4.4.a.20180705.0032 works as expected. After changing scope from Local to Remote, the group is removed from /etc... Anonymous
03:34 PM Bug #8457: Packages do not remove on factory default
On 2.4.4.a.20180705.0032 this behavior is still present:
"installed acme, performed Factory reset with WebGUI an... Anonymous
03:25 PM Revision 54d62381: Merge pull request #3960 from PiBa-NL/20180704-ipsec-fix-phase1-edit-page
Steve Beaver
03:24 PM Bug #8469: DHCP Server configuration page errantly expands Dynamic DNS advanced parameters even when none are configured
Forgot to include files for https://redmine.pfsense.org/issues/8469#note-8
 Anonymous
03:22 PM Bug #8469: DHCP Server configuration page errantly expands Dynamic DNS advanced parameters even when none are configured
Simply clicking "Display advanced" at Services > DHCP Server, Dynamic DNS changes the DHCP section of config.xml as s... Anonymous
03:21 PM Bug #8469: DHCP Server configuration page errantly expands Dynamic DNS advanced parameters even when none are configured
On 2.4.4.a.20180705.0032 stock, hitting Save at Services > DHCP caused the service to stop. Trying to manually start ... Anonymous
03:00 PM Bug #8597: When editing a firewall rule, the "Action" field is selected
Tested (as a patch) on 2.4.4.a.20180705.0032, worked as expected, rule action is not selected by default. Anonymous
11:30 AM Bug #8597 (Feedback): When editing a firewall rule, the "Action" field is selected
Applied in changeset commit:ac27f5a1082d971566f21169e0d17401e335c1c6. Anonymous
02:49 PM Todo #8411: dnsmasq configuration needs changes for 2.79
On 2.4.4.a.20180705.0032 the host override resolves successfully, but the domain override does not. Anonymous
01:58 PM Revision e31870db: Merge pull request #3951 from whislock/dh-rfc
Steve Beaver
01:53 PM Revision fbb77ab7: Merge pull request #3958 from PiBa-NL/20180702-gateway-none
Steve Beaver
01:16 PM Bug #8582 (Feedback): Ship RFC 7919-provided DH groups
PR Merged Jim Pingle
01:14 PM Feature #8187 (Feedback): Gateways, allow for configuring a gatewaygroup as the default gateway. #3781
PR merged Jim Pingle
01:11 PM Bug #8614: Cannot remove Additional BOOTP/DHCP Options
If you add more than one, a delete button appears. It doesn't give you a delete button for the last entry, but you ca... Jim Pingle
01:10 PM Bug #8534 (Resolved): Invalid DHCP options can be added
The values can be 0, but this was about the option number, not the value.
The option number is now restricted to 1... Jim Pingle
12:19 PM Revision 71b4b23b: Add missing global $g declaration
Renato Botelho
12:02 PM Revision 7fe4d351: Create pkg_conf_setup() to setup pkg.conf
It will be necessary in near future for thoth setup Renato Botelho
11:51 AM Revision 6900f144: Remove autoconfigbackup2
Renato Botelho
11:44 AM Revision 5286277f: Suppress display of AutoConfigBackup in package list
Steve Beaver
11:44 AM Feature #8596: Warn user when default password has not been changed
PRD created. Anonymous
10:05 AM Feature #8596: Warn user when default password has not been changed
Please create a PRD for this feature. It is subject to much debate so we need to have everyone in agreement before p... Anonymous
09:36 AM Feature #8596 (Feedback): Warn user when default password has not been changed
If we display a notice before the user logs in, we will be telling that person what the login credentials are
If we ... Anonymous
11:38 AM Revision 49ec9d91: Fix #7024: Fix Radius include extension
Renato Botelho
11:19 AM Bug #8617 (Feedback): Error on RADIUS Authentication
This is not specific to FreeRADIUS, but recent RADIUS changes. Renato has committed a fix. Jim Pingle
11:14 AM pfSense Packages Bug #8514 (Duplicate): Captiveportal save or update
Duplicated by #8616 but it has better information, so closing this in favor of that ticket. Jim Pingle
03:03 AM pfSense Packages Bug #8514: Captiveportal save or update
I confirm this behaviour
Please see https://redmine.pfsense.org/issues/8616 A FL
10:03 AM Feature #6620 (Resolved): CoDel, FQ-CoDel, PIE and FQ-PIE AQMs
Anonymous
07:23 AM Feature #6620: CoDel, FQ-CoDel, PIE and FQ-PIE AQMs
This seems to work great since the merge. Alexandre Paradis
09:38 AM Bug #8387 (Closed): Cannot use large CRLs
Anonymous
09:36 AM Bug #8539 (Resolved): ACLs not configurable in German Language UI
Anonymous
09:05 AM pfSense Packages Bug #8619: Domains improperly checked when registering DHCP static mappings
PR: https://github.com/pfsense/FreeBSD-ports/pull/533 Martin Gignac
08:53 AM pfSense Packages Bug #8619 (Resolved): Domains improperly checked when registering DHCP static mappings
There is a bug in the Register DHCP Static Mappings feature of BIND zones. I've noticed that if I create DHCP static ... Martin Gignac
07:56 AM Bug #8518: Rule Error On Upgrade 2.4.3 -> 2.4.3-p1
The solution is in the commits on this issue, not that diff. It has been fixed on 2.4.4, but unless we make another 2... Jim Pingle
07:51 AM Bug #8518: Rule Error On Upgrade 2.4.3 -> 2.4.3-p1
Still hitting this bug with no working solution in 2.4.3_p1, but it's fixed in 2.4.4.a.20180705.0739 , at least on th... Adam Thompson
03:41 AM Bug #7532: SG-1000 autonegotiation 10baseT speed and duplex
Looked at "datasheet":http://ww1.microchip.com/downloads/en/DeviceDoc/00002117F.pdf
p.33 in the description of bit 1... Dmitry Vakhrushev
02:53 AM Bug #7532: SG-1000 autonegotiation 10baseT speed and duplex
Expected solution is not appropriate.
I thought that part of errata KSZ9031 (1G PHY chip which used in SG-1000) help... Dmitry Vakhrushev
03:08 AM Bug #8616: When reconfiguring a captiveportal, connected users get disconnected and can't login back
Issue mentionned here : https://forum.netgate.com/topic/137824/pfsense-no-internet-when-it-is-said-you-are-connected/... A FL

07/04/2018

09:39 PM Bug #8618 (Closed): 2.4.4 *possible bug* with Intel C3858 and Interface Auto-Detection on 10Gb interfaces
Hi all,
I'm not a developer (also my first possible bug report) of any sort but i hope I am providing enough detai... Kevin Boatswain
09:17 PM Revision 1c367372: ipsec, fix Phase1 and Phase2 edit pages 'section' class does not have a setHelp() function, and add help for insecure DH groups on mobile settings page
PiBa-NL
02:46 PM Todo #7024: Replace copy of radius.inc by pear-Auth_RADIUS
I believe the change applied in commit: e26b805 may have caused errors; specifically those referenced in issue #8617.... James Webb
01:17 PM Bug #8561 (Resolved): default-route is not always set for a pppoe connection after bootup.
Renato Botelho
12:58 PM Bug #8561: default-route is not always set for a pppoe connection after bootup.
Fix confirmed, issue can be closed.
https://forum.netgate.com/post/775465
@w0w said in [No internet connection af... Pi Ba
12:29 PM Bug #8611 (New): unable to receive IPv6 RA's on SG-1000, default route lost
Jim Pingle
12:27 PM Bug #8611: unable to receive IPv6 RA's on SG-1000, default route lost
Jim Pingle wrote:
> Can you test this on a 2.4.4 snapshot? The base OS has been upgraded there, and most likely the ... Anthony Roberts
12:26 PM Bug #6579: IPv6 CARP VIPs lost upon config sync where they include non-significant zeros
Possibly related: There also appears to be something not right when capital hex digits A-F are used in an IPv6 CARP V... Chris Linstruth
12:21 PM Bug #8617 (Resolved): Error on RADIUS Authentication
After switching to pfSense development snapshots I've noticed that the freeradius package has been producing some fat... James Webb

07/03/2018

07:43 PM Revision af0edce6: Add gettext() and other cosmetic changes
Steve Beaver
07:01 PM Revision e85efdca: Fixed #8048 now properly removes dhcpv6 for lan if lan is not configured
Stephen Jones
03:35 PM Revision c3d2fce6: Provide warning if legacy mode not configured
Steve Beaver
03:13 PM Todo #8411 (Feedback): dnsmasq configuration needs changes for 2.79
Existing behavior in the DNS Forwarder all appears to function as expected. Could use some additional confirmation bu... Jim Pingle
03:00 PM Revision 2d99bed3: Add legacy encrytopn password support
Steve Beaver
02:49 PM Bug #8611 (Feedback): unable to receive IPv6 RA's on SG-1000, default route lost
Can you test this on a 2.4.4 snapshot? The base OS has been upgraded there, and most likely the behavior will be diff... Jim Pingle
02:47 PM Bug #8530 (Resolved): Delete allowed hostname/ip doesn't work if captive portal is not enabled.
Fixed. You can now delete hostnames and ips if the zone is not enabled. cc52daa63deb98f6fbcd5edbc24fc65b62eabbec Anonymous
02:40 PM Bug #8507 (Resolved): FreeBSD 11.2-BETA dhclient always uses server MTU value
We're on 11.2-RELEASE now with stock patches, working as expected. Jim Pingle
02:32 PM Bug #7774 (Duplicate): No TCP Reply State Established on GRE in IPsec Transport
Duplicate of #4479 Jim Pingle
02:28 PM Feature #8509 (Closed): Notify user that crash report was not successfully submitted if connection times out
No longer relevant since crash reporter no longer submits data. Jim Pingle
02:25 PM Revision 720ebd09: Add tabs to settings page
Steve Beaver
02:12 PM Bug #8591 (Feedback): interfaces.php: Checking "Default Gateway" on the "Add a new Gateway" modal does not set it as default
PR merged Jim Pingle
02:12 PM Bug #8593 (Feedback): Extend maximum gateway monitoring ping interval
PR merged Jim Pingle
02:11 PM Bug #8592 (Resolved): Can't "Register DHCP leases in the DNS Resolver" when only using DHCPv6
Jim Pingle
02:11 PM Bug #8615: Notification smtp using 587/tcp or 465/tcp does not work.
I do not think I explained it very well. It was working and stopped working I think in this last update. In fact it s... Marcelo Gondim
12:58 PM Bug #8615 (Not a Bug): Notification smtp using 587/tcp or 465/tcp does not work.
This is working fine for many, many others. Please post on the forum or pfSense subreddit for help in narrowing down ... Jim Pingle
12:30 PM Bug #8615 (Not a Bug): Notification smtp using 587/tcp or 465/tcp does not work.
Hi,
Configuring SMTP notification with 587/tcp or 465/tcp authentication displays error to send. The user and pass... Marcelo Gondim
02:10 PM Bug #8048 (Feedback): DHCPv6 Configured for LAN without LAN interface
Applied in changeset commit:e85efdca9cabb3a0444882c7c05102939a637e23. Anonymous
02:09 PM Bug #8561 (Feedback): default-route is not always set for a pppoe connection after bootup.
PR merged Jim Pingle
01:56 PM Bug #8616 (Resolved): When reconfiguring a captiveportal, connected users get disconnected and can't login back
Hello,
I noticed a weird behaviour with captiveportal when reconfiguring a CP while active users are connected : W... A FL
01:17 PM Bug #8407 (Feedback): FRR BGP MD5 support is broken
Can you test this again on a current 2.4.4 snapshot which uses a FreeBSD 11.2 base? Looking at the FreeBSD bug you li... Jim Pingle
01:14 PM Revision 587315d5: Update $config references
Steve Beaver
12:40 PM Revision e26b805c: Fix #7024: Deprecate /etc/inc/radius.inc in favor of pear-Auth_RADIUS port
Renato Botelho
12:25 PM Revision 054f0ed0: Initial commit of ACB core functionality
Steve Beaver
07:50 AM Todo #7024 (Feedback): Replace copy of radius.inc by pear-Auth_RADIUS
Applied in changeset commit:e26b805c92d2454629a8f63ca491c2c3c812d9dc. Renato Botelho
05:49 AM Bug #8355: Upgrades and packages unavailable after upgrade from 2.3.3_1 to 2.3.4_1
i have the same bug and have no "non-standard/third-party unofficial pkg repository" i only have:... Tom Meier
05:29 AM Bug #8614 (New): Cannot remove Additional BOOTP/DHCP Options
While testing https://redmine.pfsense.org/issues/8534 I noticed that you can add additional options in the DHCP serve... James Snell
05:15 AM Bug #8534: Invalid DHCP options can be added
Tested 2.4.4.a.20180702.2123
Services -> DHCP Server -> Additional BOOTP/DHCP Options
Set DHCP option 84 which ... James Snell

07/02/2018

07:22 PM Revision e311cb79: routing, add option 'automatic' for gateway selection, and allow manual ordering of gateways
PiBa-NL
07:19 PM Revision f2bd5e35: Use only the last part of arch variable
Renato Botelho
07:14 PM Revision 61de46d7: Fix reference variable in sh
Renato Botelho
06:50 PM Revision f7961bd1: Fill up poudriere make.conf with arch specific server/branch info
Renato Botelho
06:36 PM Revision 88b10e56: Merge pull request #3941 from mattund/master
Steve Beaver
06:08 PM Revision 352f6a3f: Fix logic error in default algo/key setting
Justin Coffman
05:53 PM Revision 202411c3: Fixing @jim-p's change requests
no
05:13 PM Feature #8544: Routed IPsec using FreeBSD if_ipsec(4) VTI
This site isn't good for discussion and diagnosis of that nature, please post on the forum and we can talk about it t... Jim Pingle
05:10 PM Feature #8544: Routed IPsec using FreeBSD if_ipsec(4) VTI
I should note that ipsec2000 is clipped to ipsec200 in the above
Its also worth noting that on the ifconfig the in... Aidan Mountford
05:09 PM Feature #8544: Routed IPsec using FreeBSD if_ipsec(4) VTI
Howdy,
Similar to Michael Obrien, I tested this on snapshot from 1st of July.
192.168.90.1/30 (Junos) to 192.1... Aidan Mountford
04:56 PM Revision 08f7ff2a: Merge pull request #3956 from PiBa-NL/20180609-fix-default-route-for-dynamic-gateway-pppoe
Steve Beaver
04:56 PM Revision ddd3da80: Merge pull request #3955 from PiBa-NL/20180623-fix-edit-interface-set-default-gateway
Steve Beaver
04:54 PM Revision 9344170d: Merge pull request #3953 from whislock/gw-mon-interval
Steve Beaver
04:54 PM Revision b0c5dfde: Merge pull request #3952 from imcdona/master
Steve Beaver
04:50 PM Revision a48da38d: Merge pull request #3939 from seanm/IPSec-Warnings2
Steve Beaver
04:08 PM Revision 9fa8c7de: Make GUI/config values for gateway groups match what the backend code expects. Fixes #8586
Jim Pingle
11:43 AM pfSense Packages Feature #8613 (Resolved): pfSense-pkg-acme: acme_certificates_edit.php - Add support for --challenge-alias acme.sh flag
*+User Story+*
*As a* pfSense-pkg-acme user
*I want to* be able to use the @--challenge-alias@ flag
*So that* I ... Kage -
11:20 AM Bug #8586 (Feedback): Gateway Group trigger level
Applied in changeset commit:9fa8c7de7bca843a3157807c66fecd3159b701ac. Jim Pingle
09:13 AM Bug #8612 (Rejected): LAN Interface track IPv6 to PPPoE Interface didn't renew subnet
Hi In my situation the PPPoE interface will disconnect and reconnect to force change IPv4 and IPv6 from ISP requireme... Joey Chen

06/30/2018

11:06 PM pfSense Packages Bug #7661: pfBlockerNG doesn't make a rule for Antarctica
This should be fixed in the pfBlockerNG-devel version. BBcan177 .
11:06 PM pfSense Packages Bug #8318: PFBlockerNG removes alias file when using advanced inverted rule
This should be fixed in the pfBlockerNG-devel version. BBcan177 .
04:44 PM Bug #8611 (In Progress): unable to receive IPv6 RA's on SG-1000, default route lost
expected behavior:
* IPv6 default route is stable indefinitely
actual behavior:
* IPv6 default route is lost a f... Anthony Roberts

06/29/2018

04:11 PM pfSense Packages Feature #8610 (Resolved): FRR BGP "no bgp default ipv4-unicast" option.
Any chance at getting this option added in GUI?
Trying to keep IPv4 and IPv6 neighbors/routes separate but of cour... Brandon Jackson
02:04 PM Revision 58cbaf84: Fix style
Renato Botelho
01:53 PM Revision 5ee16aa6: Fixing GitHub reported issues
no
08:03 AM pfSense Packages Bug #8608 (Not a Bug): openVPN export package doesn't export compression settings
It doesn't put it there because it isn't necessary to. With OpenVPN 2.4 the compression setting can be pushed, it doe... Jim Pingle

06/28/2018

10:56 PM pfSense Packages Bug #8608 (Not a Bug): openVPN export package doesn't export compression settings
I did the test with openVPN server configured with those options activated
--> compression : lz4-v2
--> Push Compre... david stievenard
10:19 PM pfSense Packages Bug #8607: Suricata package fails to prune suricata.log
Relevant logs:
@Jun 28 14:28:20 pfsense php-fpm[1136]: /suricata/suricata_logs_browser.php: PHP ERROR: Type: 1, Fi... John Silva
10:16 PM pfSense Packages Bug #8607 (Resolved): Suricata package fails to prune suricata.log
The suricata package does not prune suricata.log. As a result, suricata.log grows without bound eventually resulting... John Silva
10:00 PM pfSense Packages Bug #6988: SNORT Package PHP memory error
There is no option to configure the log size for snort.log. Because of this it grows without bound resulting in this... John Silva
02:50 PM Revision 8038c4e8: Correct a PHP error when saving on system_advanced_admin.php. Fixes #8606
Jim Pingle
10:00 AM Bug #8606 (Feedback): system_advanced_admin.php: PHP error when saving without sshdkeyonly set
Applied in changeset commit:8038c4e807c88fda4e1bb5b37ac31c9dbb8395fe. Jim Pingle
09:50 AM Bug #8606 (Resolved): system_advanced_admin.php: PHP error when saving without sshdkeyonly set
If the SSH settings are set to "Password or Public Key", when saving any other setting on the page a PHP error occurs... Jim Pingle

06/27/2018

04:43 PM Revision f031765b: Fix OpenVPN Wizard LDAP handling of ATTR fields. Fixes #8605
While here, also add missing LDAP fields and fix a PHP 7.2 error. Jim Pingle
03:10 PM Bug #7094 (Duplicate): Unbound startup syntax is incorrect
Duplicated by #7667 and has been fixed for some time now. Jim Pingle
02:53 PM Revision 64fa4207: Fixed #7013
Added warning requiring reboot if group scope is changed Steve Beaver
02:45 PM Revision 6f8e648f: Do not generate a NAT reflection rule with an interface source if that interface has no IP address. Fixes #8604
Jim Pingle
01:52 PM Feature #8599: IPv6 flow labels
Looks like @ipfw@ can match, but not set the IPv6 @flow-id@. I don't see any reference to a similar function to match... Jim Pingle
01:24 PM Bug #8590: sshd does not allow agent forwarding
Another funny aspect is that this is a quote from official ssh manual, https://www.freebsd.org/cgi/man.cgi?sshd_confi... Sorin Sbarnea
12:49 PM Bug #8590: sshd does not allow agent forwarding
> It's always acceptable to voice security concerns, thanks for the input!
I think that the security concerns are ... Sorin Sbarnea
11:50 AM Bug #8605 (Feedback): OpenVPN wizard fails to populate LDAP fields
Applied in changeset commit:f031765bb020f7a67a022056cda341f18a88ff8a. Jim Pingle
10:02 AM Bug #8605 (Resolved): OpenVPN wizard fails to populate LDAP fields
If you run the OpenVPN wizard and choose LDAP in the first step it asks you to fill in the data required to create th... Steve Wheeler
10:52 AM pfSense Plus Bug #8600: "snmpd SIOCGIFDESCR (e6000sw0port1): Device not configured"
The bug also affects 7100 Constantine Kormashev
10:00 AM Bug #7013: Changing group scope to remote does not remove it from group file
Applied in changeset commit:64fa4207182efea9b45f5170b8996b967441d4e1. Anonymous
09:55 AM Bug #7013 (Feedback): Changing group scope to remote does not remove it from group file
Changing group scope from local to remote now deletes the group from /etc/group
Added a warning message to indicate ... Anonymous
10:00 AM Bug #8604 (Feedback): Race condition in NAT reflection filter rules leads to ruleset load failure
Applied in changeset commit:6f8e648f5c88e04166539ab27872b13dfd587cb8. Jim Pingle
09:40 AM Bug #8604 (Resolved): Race condition in NAT reflection filter rules leads to ruleset load failure
On current 2.4.4 snapshots, at boot time the rules can be (re)loaded before all of the interface addresses are presen... Jim Pingle
09:41 AM Revision 6c83167c: Build drm-stable-kmod
Renato Botelho
09:08 AM Bug #8603: PPP WANs do not work on VLANs on current snapshots
Similar to #7981 Jim Pingle
09:06 AM Bug #8603 (Resolved): PPP WANs do not work on VLANs on current snapshots
At some time between April and now on 2.4.4 snapshots, PPP WANs like PPPoE stopped working when using a VLAN interfac... Jim Pingle

06/26/2018

06:11 PM Revision 02d5d8bd: Fix PHP 7 error on services_unbound_host_edit.php
Jim Pingle
02:41 PM Revision fafd64f2: Deprecate the copy of simplepie, use the port instead
Renato Botelho
11:42 AM Bug #7634 (Resolved): When restoring from USB during install, if the config file contains RRD data, the final config.xml on the system will also contain all the RRD infomation
Added a piece in the PFI to remove rrddata when restoring from a USB config during install. b76e6a64c0b948808a0260f4c... Anonymous
10:51 AM Todo #6998 (Feedback): Create a port for simplepie to keep it updated and use modular version
Renato Botelho
09:55 AM Feature #8552 (Resolved): enable http2
Jim Pingle
09:47 AM Bug #8601 (Duplicate): "snmpd SIOCGIFDESCR (e6000sw0port1): Device not configured"
Duplicate ticket of #8600 Jim Pingle
01:59 AM Bug #8601 (Duplicate): "snmpd SIOCGIFDESCR (e6000sw0port1): Device not configured"
When enabling SNMP on SG-3100 and XG-7100 following messages appear on every SNMP service change:
SG3100:
Jun 2... Vladimir Lind
09:29 AM Feature #8602: DNS over TLS host verification
devel should pick it up naturally here in a week or two when the 2018Q3 branch comes in. FreeBSD ports tree HEAD/mast... Jim Pingle
08:59 AM Feature #8602 (Resolved): DNS over TLS host verification
Currently at 1.6.8 in release, and "1.7.0 on devel":https://github.com/pfsense/FreeBSD-ports/blob/4089b606b21a5ae7df5... Andrew M
01:58 AM pfSense Plus Bug #8600 (Resolved): "snmpd SIOCGIFDESCR (e6000sw0port1): Device not configured"
When enabling SNMP on SG-3100 and XG-7100 following messages appear on every SNMP service change:
SG3100:
Jun 2... Vladimir Lind

06/25/2018

02:46 PM Revision ecf4b407: Remove unneeded commas
Isaac McDonald
12:59 PM Revision 31a618f5: Remove 512 bit option from OpenVPN wizard.
Justin Coffman
11:38 AM Feature #8599 (New): IPv6 flow labels
Here's a short list of possible uses for IPv6 flow labels in pfSense:
* Ability to apply QOS based on IPv6 flow la... Isaac McDonald
09:53 AM Bug #8594: Assess default crypto settings for OpenVPN/IPsec
I can open up a separate issue and work on it, if you think it's worthwhile. Anonymous
09:47 AM Bug #8594: Assess default crypto settings for OpenVPN/IPsec
Justin Coffman wrote:
> Would it be valuable to include some validation logic in the interface to warn a user if the... Jim Pingle
09:10 AM Bug #8594: Assess default crypto settings for OpenVPN/IPsec
Would it be valuable to include some validation logic in the interface to warn a user if they select an algorithm wit... Anonymous
08:18 AM Bug #8594: Assess default crypto settings for OpenVPN/IPsec
Justin Coffman wrote:
> Additionally, I'd like to make two additional changes:
>
> 1. Add a 6144-bit option to th... Jim Pingle
07:41 AM Bug #8594: Assess default crypto settings for OpenVPN/IPsec
PR for proposed changes: https://github.com/pfsense/pfsense/pull/3954
Obviously, PR commits are subject to change ... Anonymous
07:40 AM Bug #8561 (New): default-route is not always set for a pppoe connection after bootup.
Jim Pingle
 

Also available in: Atom