Activity

30 days up to

User

Subprojects

Activity

From 10/13/2018 to 11/11/2018

11/11/2018

06:53 PM pfSense Packages Bug #9108: OpenVPN client without "explicit-exit-notify" does not trigger client-disconnect portion of /usr/local/sbin/openvpn.attributes.sh: Sorry, forgot the pre tags:... Phil Biggs
05:48 PM pfSense Packages Bug #9108 (Closed): OpenVPN client without "explicit-exit-notify" does not trigger client-disconnect portion of /usr/local/sbin/openvpn.attributes.sh: In relation to Feature Request #9805, to avoid overriding the default client-connect/client-disconnect script I reloc... Phil Biggs
01:55 PM pfSense Packages Bug #8607: Suricata package fails to prune suricata.log: This problem is addressed by the pull request https://github.com/pfsense/FreeBSD-ports/pull/592 that updates the GUI ... Bill Meeks
10:13 AM Bug #8489: DHCPv6 Client Failure to Initialize with "Do not wait for RA": Matt _ wrote:
> For the original issue,
>
> [...]
>
> seems to fix this, as well as disabling any checksum off... Daryl Morse
10:07 AM Bug #9019: Hyper-V hn NICs drop UDP6 traffic when transmit checksums are enabled: Renato Botelho wrote:
> FreeBSD r339863 was cherry-picked to RELENG_2_4_4
I updated to the latest snapshot as of ... Daryl Morse

11/10/2018

05:03 PM Bug #9004: Default gateway IPv4 set to a group fails after restart on 2.4.4: Daniel Williams wrote:
> This is repeatable.
+1, i have had the same.
Also
https://www.netgate.com/blog/pfsen... Daniele Palumbo
04:02 AM Bug #7972: Captive portals do not synchronize voucher data in both directions: Renato wrote:
> When voucher is used, disconnected or expired, sync it in both
> directions using HA main infor... A FL

11/09/2018

09:12 PM Bug #9105 (Resolved): WebGUI option toggles that need nginx restart are not triggering when disabled: Anonymous
09:12 PM Bug #9105: WebGUI option toggles that need nginx restart are not triggering when disabled: Tested on 2.4.5.a.20181109.1326, works as expected. Anonymous
01:42 PM Bug #9107 (Closed): New AutoConfigBackup - Cannot Access Settings When Not Connected to Internet: I have a router I had an issue with. I am moving it over to new hardware, because the old hardware does not support ... Web Dawg
12:45 PM Bug #9106 (Resolved): strongSwan 5.7.1 will not start on some 2.4.4/2.4.5 systems, log shows "charon has quit: integrity test of libstrongswan failed": Some users on 2.4.4 and 2.4.5 snapshots with strongSwan 5.7.1 have found that IPsec is not working.
strongSwan will ... Jim Pingle
10:57 AM Revision dfbf0d5f: Fix #9102: Suppress stream_select() undesired warnings: Renato Botelho
10:56 AM Revision e1a6074d: Fix #9102: Suppress stream_select() undesired warnings: Renato Botelho
09:34 AM Bug #9054: Gateway Group slow (or never) to switch back to Tier 1: Also i noticed in my case helps when restart openvpn client.
After restart OpenVPN, vpn and other traffic switch bac... Vasyl Semenchuk
09:26 AM Bug #9054: Gateway Group slow (or never) to switch back to Tier 1: Did you try restart service dpinger? In my case this helps switch back to WAN1 Vasyl Semenchuk
09:22 AM Bug #9054: Gateway Group slow (or never) to switch back to Tier 1: Set to trigger level "Packet Loss or High Latency"
I will set trigger level "Member Down" and let you know on monday... Vasyl Semenchuk
08:10 AM Bug #9054: Gateway Group slow (or never) to switch back to Tier 1: @VasylSemenchuk Are your gateway groups set to trigger level "Packet Loss or High Latency" or "Member Down"? Does it ... Mitch Claborn
06:36 AM Bug #9054: Gateway Group slow (or never) to switch back to Tier 1: The same problem on all my devices (20 devices) after upgrading Vasyl Semenchuk
08:09 AM Bug #9049: IPSec statuspage shows both connected and connecting tunnel: Ges Ture wrote:
> Since bugnumber 8117 has been served off as not a bug, and no further response is given I'd like t... Ges Ture
07:28 AM Bug #8001 (Feedback): Invalid FQDN in alias causes alias table to fail *silently*: Should be fixed by the new filterdns (see #8758 too).
If you have issues, please let us know.
Luiz Souza
07:26 AM Bug #7143 (Feedback): filterdns is triggering every 16 seconds for hosts even when the DNS record has not changed: Fixed in the new filterdns. Luiz Souza
07:25 AM Bug #8758 (Feedback): filterdns stops working on a regular basis.: This issue was one of fixes included in the new filterdns (version 2.0).
If you still have issues, please let us k... Luiz Souza
05:05 AM Bug #9102 (Feedback): PHP7: Error on restoring a config with packages: Applied in changeset commit:e1a6074dc8918d756a73efc8cf251318b735f000. Renato Botelho
04:56 AM Bug #9102 (In Progress): PHP7: Error on restoring a config with packages: Renato Botelho
04:57 AM Feature #9104 (In Progress): Add a FAT32 partition to memstick installer images: Renato Botelho

11/08/2018

06:01 PM Revision 98716a68: Fix change detection of GUI web server toggles. Fixes #9105: (cherry picked from commit 8207fac69158ad4a56deab4a4b4f6f4c3c361b81) Jim Pingle
06:01 PM Revision 8207fac6: Fix change detection of GUI web server toggles. Fixes #9105: Jim Pingle
02:32 PM Bug #9102: PHP7: Error on restoring a config with packages: Renato Botelho
01:41 PM pfSense Packages Bug #9082 (Resolved): freeradius eap-tls CA validation trying to use fields that may not exist: Jim Pingle
01:30 PM pfSense Packages Bug #9082: freeradius eap-tls CA validation trying to use fields that may not exist: can confirm. it is working. rub man
09:39 AM pfSense Packages Bug #9082 (Feedback): freeradius eap-tls CA validation trying to use fields that may not exist: Fixed in pkg version 0.15.7 Jim Pingle
09:33 AM pfSense Packages Bug #9082 (In Progress): freeradius eap-tls CA validation trying to use fields that may not exist: Looks like the config shouldn't put a trailing @/@ on the subject.
Though the more I think about it, I wonder why ... Jim Pingle
08:49 AM pfSense Packages Bug #9082: freeradius eap-tls CA validation trying to use fields that may not exist: it's in the right order :
Auth: tls: Certificate issuer (/C=FR/ST=Ain/L=Jassans-Riottier/O=pfvpn/emailAddress=... frederic lubrano
12:58 PM Feature #8284: Add duplicate option next to OpenVPN servers and clients: Ivor Kreso wrote:
> It would be very convenient to have a "duplicate" icon next to OpenVPN servers and clients list.... L H
12:10 PM Bug #9105 (Feedback): WebGUI option toggles that need nginx restart are not triggering when disabled: Applied in changeset commit:8207fac69158ad4a56deab4a4b4f6f4c3c361b81. Jim Pingle
12:00 PM Bug #9105 (Resolved): WebGUI option toggles that need nginx restart are not triggering when disabled: Some of the option GUI toggles like the WebGUI redirect are supposed to trigger a restart of nginx when they change. ... Jim Pingle
11:41 AM Bug #9067 (Resolved): PHP error when installing first package with empty installedpackages tag: Jim Pingle
11:21 AM Bug #9067: PHP error when installing first package with empty installedpackages tag: I've upgraded to:
2.4.5-DEVELOPMENT (ARM)
built on Wed Nov 07 16:23:36 EST 2018
FreeBSD 11.2-RELEASE-p4
Conf... Danilo Zrenjanin
10:48 AM pfSense Packages Todo #9041: update ntopng 3.6.0: ntopng appears to have removed all of that code. It went from enable-flow-activity to enable-flow-scripts to enable-u... Jim Pingle
10:28 AM pfSense Packages Todo #9041: update ntopng 3.6.0: Jim Pingle wrote:
> The activity map is not relevant to this ticket, only the version, which appears to be OK.
>
... mom aiaz
10:17 AM pfSense Packages Todo #9041 (Resolved): update ntopng 3.6.0: The activity map is not relevant to this ticket, only the version, which appears to be OK.
FYI: ntopng disabled th... Jim Pingle
12:55 AM pfSense Packages Todo #9041: update ntopng 3.6.0: On 2.4.5-DEVELOPMENT (arm) built on Mon Nov 05 15:36:37 EST 2018 FreeBSD 11.2-RELEASE-p4:
I don't see activity map o... Vladimir Lind
09:57 AM Feature #9104 (Resolved): Add a FAT32 partition to memstick installer images: Adding a FAT32 partition on the installer image, as we have on ARM recovery images currently, means:
* We can drop... Steve Wheeler
08:48 AM Bug #9099 (Resolved): system_certmanager.php: Empty cert tag can lead to PHP error: Jim Pingle
05:47 AM Bug #9010 (Resolved): Captive Portal Unable to logout: Renato Botelho
05:37 AM Bug #9010: Captive Portal Unable to logout: Seems good to me. This issue be marked as resolved. A FL
05:36 AM Feature #9032: RADIUS MAC Authentication: display the login page when MAC auth failed: Jane Doe wrote:
> The fall back seems not to respect the setting *Use custom captive portal page* as it always shows... A FL
04:49 AM Bug #9048 (Not a Bug): Installer memsticks using GPT should always have partition count that is a multiple of 4: This but only applies to installer image, not to installed system. Our memstick installer image uses MBR since May, w... Renato Botelho
04:21 AM Bug #9048 (In Progress): Installer memsticks using GPT should always have partition count that is a multiple of 4: Renato Botelho
03:40 AM Bug #9086 (Resolved): Local Database authentication is failing in other languages: Renato Botelho

11/07/2018

11:51 PM Bug #9099: system_certmanager.php: Empty cert tag can lead to PHP error: On 2.4.5-DEVELOPMENT (arm) Mon Nov 05 15:36:37 EST 2018 FreeBSD 11.2-RELEASE-p4:
Created a test cert, then opened... Vladimir Lind
11:34 PM Bug #9086: Local Database authentication is failing in other languages: On 3100 2.4.5-DEVELOPMENT (arm) сделан Mon Nov 05 15:36:37 EST 2018 changed language to Russian, then logged out and ... Vladimir Lind
08:38 PM Bug #8465: Lost default gateway after recover from failover with CARP VIP and HA: I'm having the exact same issue with 2.4.4. Using IPs outside the WAN-VIP subnet on the WAN interfaces forces the d... John K
08:37 PM Revision 17dfb092: Add 0.0.0.0/0 to VTI left/rightsubnets. Fixes #8859: No negative feedback from testing, time for a wider push.
This helps with third party devices that require 0.0.0.0/0... Jim Pingle
08:36 PM Revision 5c4aa94a: Add 0.0.0.0/0 to VTI left/rightsubnets. Fixes #8859: No negative feedback from testing, time for a wider push.
This helps with third party devices that require 0.0.0.0/0... Jim Pingle
08:31 PM Revision 0b76ff3b: Add checkbox to disable SMTP SSL cert verification. Implements #9001: The default action is to validate the certificate. If the user knows the
server does not have a valid certificate (e.... Jim Pingle
08:30 PM Revision 7da466e1: Add checkbox to disable SMTP SSL cert verification. Implements #9001: The default action is to validate the certificate. If the user knows the
server does not have a valid certificate (e.... Jim Pingle
04:22 PM pfSense Packages Bug #9082: freeradius eap-tls CA validation trying to use fields that may not exist: Seems like the order in which cert fields are presented is also an issue. Still getting error despite matching exactl... rub man
03:00 PM pfSense Packages Bug #9082 (Feedback): freeradius eap-tls CA validation trying to use fields that may not exist: Fixed in pkg version 0.15.6.
Fields left blank will not be added to the subject to validate.
If someone was rel... Jim Pingle
02:45 PM Bug #8859 (Feedback): VTI: Some third-party vendors require rightsubnet to have a mask for VTI, rather than address: Applied in changeset commit:5c4aa94a90256b13b19209f11e4c75b2d0e85ece. Jim Pingle
02:40 PM Feature #9001 (Feedback): Add checkbox to disable SSL peer verification for SMTP notifications: Applied in changeset commit:7da466e1c4b6873b9fb80e862faf8f799a6d4531. Jim Pingle
12:56 PM Bug #8961 (Duplicate): IPSEC issues with Asynchronous Cryptography: Duplicate of #8964 (it came later, but has more detail and comments with additional info) Jim Pingle
12:27 PM Bug #9059 (Resolved): Update Unbound to 1.8.1: This was picked back to 2.4.4 last week. Looks good, no complaints or errors encountered. Jim Pingle
10:23 AM Bug #9094: MBT console settings are not forced to video console: Looks like that might be something in FreeBSD but needs more research. It doesn't seem to matter if @console="efi,com... Jim Pingle
07:21 AM pfSense Docs Correction #9103 (Rejected): Feedback on Routing — Routing Public IP Addresses: In that case, it is NOT a routed setup, so the document is not relevant to what the user is doing.
Jim Pingle
07:11 AM pfSense Docs Correction #9103 (Rejected): Feedback on Routing — Routing Public IP Addresses: *Page:* https://www.netgate.com/docs/pfsense/book/routing/routing-public-ip-addresses.html
*Feedback:*
If the u... Christian Wahl

11/06/2018

06:20 PM Revision 84b70d69: If the cert date is negative, use DateTime instead of date. Fixes #9100: (cherry picked from commit 3fec247042a91642a22a8761d3c8a1f9df119817) Jim Pingle
06:19 PM Revision 3fec2470: If the cert date is negative, use DateTime instead of date. Fixes #9100: Jim Pingle
05:48 PM Revision e5e2ea27: Prevent CRL from using too large a lifetime on ARM. Fixes #9098: (cherry picked from commit 9aa8f6a864905c0e3738c337a51f0772b0c5eb93) Jim Pingle
05:47 PM Revision 9aa8f6a8: Prevent CRL from using too large a lifetime on ARM. Fixes #9098: Jim Pingle
04:38 PM Revision 04e1a5d3: Improve handling of empty cert tags. Fixes #9099: (cherry picked from commit ca4456b95c53e89cf6b428a999ae15367b753073) Jim Pingle
04:38 PM Revision ca4456b9: Improve handling of empty cert tags. Fixes #9099: Jim Pingle
02:37 PM Bug #9102 (Resolved): PHP7: Error on restoring a config with packages: Tested against:
2.4.5-DEVELOPMENT (amd64)
built on Tue Nov 06 11:45:54 EST 2018
After restoring a config with p... Steve Wheeler
02:12 PM Bug #9095 (Resolved): PHP error when saving logs with empty syslog tag: Tested against:
2.4.5-DEVELOPMENT (amd64)
built on Tue Nov 06 11:45:54 EST 2018
Repeated above steps. Log setti... Steve Wheeler
02:03 PM Bug #9101 (New): Traffic Graphs/Dashboard Slows Downloads Being Performed by the Same Firefox Browser: Based on a forum post I performed some testing.
If I started a download in Firefox then used the same Firefox brow... Chris Linstruth
01:46 PM Bug #9094 (Assigned): MBT console settings are not forced to video console: The console order appears to be correctly forced:... Steve Wheeler
01:14 PM Bug #8978 (Resolved): vidconsole is invalid for efi booted systems: Tested against:
2.4.5-DEVELOPMENT (amd64)
built on Tue Nov 06 11:45:54 EST 2018
With serial console enabled loa... Steve Wheeler
12:25 PM Bug #9100 (Feedback): CA/Cert valid end dates after 2038 are blank on ARM: Applied in changeset commit:3fec247042a91642a22a8761d3c8a1f9df119817. Jim Pingle
11:50 AM Bug #9100 (Resolved): CA/Cert valid end dates after 2038 are blank on ARM: In the CA and Cert lists, if an entry has a valid end date after the UNIX timestamp signed 32-bit int rollover time i... Jim Pingle
12:00 PM Bug #9098 (Feedback): Default CRL lifetime of 9999 rolls over at 2038 on ARM: Applied in changeset commit:9aa8f6a864905c0e3738c337a51f0772b0c5eb93. Jim Pingle
11:50 AM Bug #9098: Default CRL lifetime of 9999 rolls over at 2038 on ARM: CA and Certs get the correct/expected end date in the data, but the GUI doesn't show the dates. Moved that to #9100 Jim Pingle
11:42 AM Bug #9019 (Feedback): Hyper-V hn NICs drop UDP6 traffic when transmit checksums are enabled: FreeBSD r339863 was cherry-picked to RELENG_2_4_4 Renato Botelho
11:22 AM pfSense Packages Bug #8607: Suricata package fails to prune suricata.log: I also got hit by this now when trying to open suricata.log. The crashing suricata.log file was 103MB. Suricata.log o... Alexander Lindqvist
10:45 AM Bug #9099 (Feedback): system_certmanager.php: Empty cert tag can lead to PHP error: Applied in changeset commit:ca4456b95c53e89cf6b428a999ae15367b753073. Jim Pingle
10:37 AM Bug #9099 (Resolved): system_certmanager.php: Empty cert tag can lead to PHP error: If the config.xml contains an empty certificate (@<cert></cert>@) it leads to a PHP error when attempting to add a ne... Jim Pingle
08:56 AM pfSense Packages Bug #8491 (Resolved): ACME: DNS-Luadns not working: Jim Pingle
08:51 AM pfSense Packages Bug #8491: ACME: DNS-Luadns not working: Problem is solved. Anonymous
08:36 AM Bug #9054: Gateway Group slow (or never) to switch back to Tier 1: With the Gateway Group set to "Packet Loss or High Latency" this problem definitely shows up much more often. Mitch Claborn
04:10 AM Bug #9058: Kernel panic during L2TP retransmit: This seems to be an upstream bug in FreeBSD mpd5 - today I got the same crash on my L2TP Server (FreeBSD 11.2-RELEASE... Bianco Veigel

11/05/2018

08:48 PM Bug #8590 (Resolved): sshd does not allow agent forwarding: Verified that the checkbox toggles the AllowAgentForwarding in sshd_config and that agent forwarding is both enabled ... Chris Linstruth
08:11 PM Revision 64c98886: Prevent log size from being too large, which breaks clog. Fixes #9081: (cherry picked from commit 8bd36425b4bc46e5bbcc940a4d20bfbb2a0011ba) Jim Pingle
08:11 PM Revision 8bd36425: Prevent log size from being too large, which breaks clog. Fixes #9081: Jim Pingle
07:58 PM Revision 5dea6c81: Prevent PHP error when saving log config. Fixes #9095: (cherry picked from commit 4c4e294b0f1523827fa21066521674a435c8f670) Jim Pingle
07:57 PM Revision 4c4e294b: Prevent PHP error when saving log config. Fixes #9095: Jim Pingle
06:51 PM Revision 7f40e4a9: Make MBT prefer video console. Fixes #9094: Avoids foot-shooting by restoring a config with serial enabled.
(cherry picked from commit 5e5df38fcd3116c4d0f3fc716... Jim Pingle
06:51 PM Revision 2887721c: Use EFI console when needed. Fixes #8978: (cherry picked from commit 2f73f2f9eca656c2de5b836f4d0292186147e788) Jim Pingle
06:31 PM Revision 5e5df38f: Make MBT prefer video console. Fixes #9094: Avoids foot-shooting by restoring a config with serial enabled. Jim Pingle
06:30 PM Revision 2f73f2f9: Use EFI console when needed. Fixes #8978: Jim Pingle
03:22 PM Bug #9098 (Resolved): Default CRL lifetime of 9999 rolls over at 2038 on ARM: The default lifetime on a CRL is 9999 days, which currently puts it expiring in 2046. On ARM, this seems to lead to a... Jim Pingle
02:50 PM Bug #9081: signed long rollover in "Log file size (Bytes)" can cause self-inflicted DoS: That'll do. I mean, other than actually fixing clog. But that is a whole other ball of wax and just another reason ... Izaac Falken
02:20 PM Bug #9081 (Feedback): signed long rollover in "Log file size (Bytes)" can cause self-inflicted DoS: Applied in changeset commit:8bd36425b4bc46e5bbcc940a4d20bfbb2a0011ba. Jim Pingle
02:36 PM Bug #9097 (Resolved): ECL can't locate config.xml unless device is MBR-partitioned: Follow-on to #9089, but this one needs to be fixed in code, IMHO:
* GPT devices show up as da1p1, not da1s1, so ca... Adam Thompson
02:20 PM Bug #9095 (Feedback): PHP error when saving logs with empty syslog tag: Applied in changeset commit:4c4e294b0f1523827fa21066521674a435c8f670. Jim Pingle
01:55 PM Bug #9095 (Resolved): PHP error when saving logs with empty syslog tag: If config.xml contains no log settings, but has an empty syslog section (@<syslog></syslog>@) this can lead to a PHP ... Jim Pingle
02:17 PM Feature #9096 (Resolved): Login Page: Make pfSense Login Page Tab Name More Unique: Currently, the tab name (i.e., the name that appears in the tab in Google Chrome and other browsers) for pfSense's Lo... David Lessnau
01:17 PM pfSense Docs Correction #9089 (Resolved): ECL can't locate config.xml unless USB device is partitioned: Fixed. Jim Pingle
01:00 PM Bug #9094 (Feedback): MBT console settings are not forced to video console: Applied in changeset commit:5e5df38fcd3116c4d0f3fc71622643e962f982a8. Jim Pingle
10:06 AM Bug #9094 (Assigned): MBT console settings are not forced to video console: We have code in source:src/etc/inc/pfsense-utils.inc#L1226 that checks for the MBT models and sets @$hdmi_only@ but t... Jim Pingle
01:00 PM Bug #8978 (Feedback): vidconsole is invalid for efi booted systems: Applied in changeset commit:2f73f2f9eca656c2de5b836f4d0292186147e788. Jim Pingle
11:34 AM Bug #8980 (Feedback): Disabling hardware checksums does not disable IPv6 transmit checksum: Fixed in php-pfSense-module 0.65 Renato Botelho
07:15 AM Bug #9093 (Not a Bug): Blank Parent Interfaces while creating LAGG: If all of your interfaces are assigned, none are free to be added to a lagg. This is normal and not a bug. Post on th... Jim Pingle
06:07 AM Bug #9093 (Not a Bug): Blank Parent Interfaces while creating LAGG: Hi Team,
I am using 2.4.4 physical and 2.4.3 on a VM, while creating a new LAGG I see that the Parent Interfaces s... Vamsi Kandula
04:23 AM Todo #8898 (Resolved): Update strongswan to 5.7.1: Renato Botelho

11/04/2018

03:16 PM Feature #9092 (Resolved): Option to set interval of forced Dynamic DNS updates: I use dy.fi dynamic DNS service. It requires refreshing the IP every 7 days (even if it does not change) or it is rel... Bjarne Boström
03:07 PM Feature #9091 (Resolved): Chelsio TOE support using the ``t4_tom`` module: Please add t4_tom.ko to the kernel so Chelsio cards TOE functionality can be enabled as discussed on this forum post ... Kyle Klouzal

11/03/2018

11:31 PM Revision 2dd0ba04: Update src/usr/local/www/vendor/d3/d3.min.js: Restored d3.min.js Marco Pannetto
06:29 PM Bug #9066 (Resolved): ecl.php: Checking /config path is not working due to lack of trailing slash: Tested on pfSense-CE-memstick-ADI-2.4.5-DEVELOPMENT-amd64-20181103-0458, works as expected (config.xml in /config/ on... Anonymous
08:13 AM Bug #9090 (Duplicate): Traffic graph widget mouse over always shows b/s even when the value is in B/s: The other issue is still open. This is not necessary. Jim Pingle
02:19 AM Bug #9090 (Duplicate): Traffic graph widget mouse over always shows b/s even when the value is in B/s: As the description, the mouse over display is always shown as b/s regardless on the bits/Bytes setting.
Same as Bug ... Fred Ch
02:04 AM Bug #8377: Traffic graph widget mouse over always shows b/s even when the value is in B/s: Bug still present on 2.4.4 Fred Ch

11/02/2018

04:39 PM pfSense Docs Correction #9089 (Resolved): ECL can't locate config.xml unless USB device is partitioned: The glob() pattern in source:src/etc/ecl.php#L40 's get_disk_slices() implicitly limits the function to finding confi... Adam Thompson
04:23 PM Bug #9061 (Resolved): PowerD command parameter validation and escaping: Anonymous
04:23 PM Bug #9061: PowerD command parameter validation and escaping: Could recreate the behavior on 2.4.4. On 2.4.5.a.20181102.0213, could not reproduce the behavior, received ... Anonymous
03:31 PM Feature #9088: Indication of package upgrades in dashboard widget “System Information”: Jim Pingle wrote:
> There is a packages widget that checks for package updates. It won't be added to the main system... mpfusion _
03:24 PM Feature #9088 (Rejected): Indication of package upgrades in dashboard widget “System Information”: There is a packages widget that checks for package updates. It won't be added to the main system information widget.
... Jim Pingle
03:23 PM Feature #9088 (Rejected): Indication of package upgrades in dashboard widget “System Information”: It would be very helpful if the ”System Information” widget could indicate if packages need to be updated. Currently ... mpfusion _
03:09 PM Todo #8898: Update strongswan to 5.7.1: On 2.4.5.a.20181102.0213, strongswan version is 5.7.1. Anonymous
03:06 PM Todo #9026: PTI checkbox wording can be confusing, should give a little more detail and show current PTI status: Corey Boyle wrote:
> Why even have the option to disable PTI?
The user may have a use case where the original pro... Jim Pingle
03:05 PM Todo #9026: PTI checkbox wording can be confusing, should give a little more detail and show current PTI status: Why even have the option to disable PTI? Corey Boyle
03:05 PM Bug #8864 (Resolved): SSH Guard Sensitivity/Whitelist on 2.4.4: Anonymous
03:04 PM Bug #8864: SSH Guard Sensitivity/Whitelist on 2.4.4: On 2.4.5.a.20181102.0213, works as expected. Address(es) added to the whitelist are not subject to SSH Guard detection. Anonymous
12:50 PM Bug #7869: Hyper-v vm traffic shaper error: hn0: driver does not support altq: altq regressed to broken in hyper-v in 2.4.4, but this is fixed already per this bug report:
https://redmine.pfsense... Ben T
12:29 PM Bug #8954: hn0: driver does not support altq: In case anyone has already upgraded to 2.4.4 and wants to workaround the issue without waiting for a patch or downgra... Ben T
11:26 AM Bug #8954 (Resolved): hn0: driver does not support altq: Renato Botelho
11:14 AM Bug #8954: hn0: driver does not support altq: The fix Renato pushed yesterday has fixed the issue! Traffic shaper starts up no problem now.
Looks like the firs... Ben T
10:47 AM Feature #8946: Add field to show IA_PD to DHCP6 Server page: Set it to Future until a new patch is submitted Renato Botelho
10:26 AM Bug #9086 (Feedback): Local Database authentication is failing in other languages: Renato Botelho

11/01/2018

11:51 PM Bug #9087 (New): Traffic Graph Widget Legend Not Updating: This issue was first posted to the Netgate Forums, but no solution was posted.
The traffic graph widget shows a le... Brent Clothier
08:45 PM Revision 307ee672: Fix 9086: Remove gettext() from all 'Local Databases' strings: Renato Botelho
08:45 PM Revision 296c16bd: Fix 9086: Remove gettext() from all 'Local Databases' strings: Renato Botelho
08:42 PM Revision a7b0d338: Update translation files: Renato Botelho
08:42 PM Revision 58bf585e: Regenerate pot: Renato Botelho
08:41 PM Revision d5b70264: Update translation files: Renato Botelho
08:41 PM Revision 840494c0: Regenerate pot: Renato Botelho
04:05 PM Bug #8954 (Feedback): hn0: driver does not support altq: I pushed a fix on FreeBSD-src. Please try next round of 2.4.5 snapshots Renato Botelho
03:06 PM Bug #8954: hn0: driver does not support altq: I've created a new "System Tunable" with : hw.hn.use_if_start with value of 1 Then rebooted the VM.
Output of s... Ben T
12:01 PM Bug #8954: hn0: driver does not support altq: Ben T wrote:
> On psense 2.4.4 running as vm gen2 on windows 10 build 1803 Hyper-V, the output of the command: (scre... Renato Botelho
10:51 AM Bug #8954: hn0: driver does not support altq: On psense 2.4.4 running as vm gen2 on windows 10 build 1803 Hyper-V, the output of the command: (screenshot also atta... Ben T
09:45 AM Bug #8954 (In Progress): hn0: driver does not support altq: Renato Botelho
09:21 AM Bug #8954: hn0: driver does not support altq: Jon Gav wrote:
> > hyper-v 2016
> > gen1 and gen2
>
> Issue persistent in 2.4.5.development as well
can you p... Renato Botelho
03:45 PM Bug #9086 (Resolved): Local Database authentication is failing in other languages: A user reported this problem on a pt_BR group. After changing language it stopped working. I noted it is storing tran... Renato Botelho
08:44 AM Bug #9064: voucher to device binding: Jim Pingle wrote:
> If you add a pass-through MAC, the time on the voucher is irrelevant. Don't set it that long.
... ishtiaq ahmad
08:35 AM Bug #9064: voucher to device binding: If you add a pass-through MAC, the time on the voucher is irrelevant. Don't set it that long. Jim Pingle
08:06 AM Bug #9064: voucher to device binding: Jim Pingle wrote:
> If the voucher adds a pass-thru MAC, then you could also make the voucher only last 1 minute. Sm... ishtiaq ahmad
08:03 AM Bug #9064: voucher to device binding: A FL wrote:
> This is actually not a bug.
>
> If the MAC address of the previous computer has been added as pass-... ishtiaq ahmad
07:06 AM Bug #9064: voucher to device binding: If the voucher adds a pass-thru MAC, then you could also make the voucher only last 1 minute. Smaller window for abus... Jim Pingle
05:08 AM Bug #9064: voucher to device binding: This is actually not a bug.
If the MAC address of the previous computer has been added as pass-through, "Disable c... A FL
08:07 AM pfSense Packages Todo #9041: update ntopng 3.6.0: json-c upgrade was not necessary since we don't have plans to import a new quarterly to 2.4.4 branch. Renato Botelho
08:07 AM pfSense Packages Todo #9041 (Feedback): update ntopng 3.6.0: Renato Botelho
07:36 AM Todo #8898 (Feedback): Update strongswan to 5.7.1: Both 5.7.0 and 5.7.1 commits were cherry-picked to 2.4.4 branch Renato Botelho
07:09 AM Bug #9058: Kernel panic during L2TP retransmit: yes it's always the same (except the hex addresses)... Bianco Veigel
07:07 AM Bug #9058 (New): Kernel panic during L2TP retransmit: OK, and is the backtrace in the crash report always the same?
I have not seen a recurrence of this on my local set... Jim Pingle
04:18 AM Bug #9058: Kernel panic during L2TP retransmit: Thanks for waiting. My pfsense crashed two times in the last two days. From the monitoring (telegraf, 300s interval) ... Bianco Veigel
05:17 AM Revision 125ae17e: Update src/usr/local/www/vendor/d3/d3.min.js: make sure to only pass valid options when supported by the browser Marco Pannetto
04:33 AM Revision 36742b46: Removed js warnings: Marco Pannetto

10/31/2018

09:13 PM pfSense Packages Feature #9085 (New): OpenVPN connect/disconnect scripts: I'm running pfSense 2.4.4 and the Windows openVPN 2.4.6 client.
I was trying to get the openVPN server to log *use... Phil Biggs
05:07 PM Revision e65a15e4: Add help text to sshguard whitelist: Reduce delete button size
Change label text to "Add address"
(cherry picked from commit 5514e368421171482e3e5b945f4c... Steve Beaver
04:59 PM Revision 1f7ea9ce: Skip empty IPsec P1 during upgrade to 17.5. Fixes #9083: (cherry picked from commit 024e5de242661219bb8a62f183b1601cec44aa3c) Jim Pingle
04:59 PM Revision 024e5de2: Skip empty IPsec P1 during upgrade to 17.5. Fixes #9083: Jim Pingle
02:34 PM Revision 5514e368: Add help text to sshguard whitelist: Reduce delete button size
Change label text to "Add address" Steve Beaver
12:19 PM Revision 087a1f6b: Fix #8864: Let users modify sshguard parameters and whitelist: Renato Botelho
12:19 PM Revision ef4a242c: Fix #8864: Let users modify sshguard parameters and whitelist: Renato Botelho
12:10 PM Bug #9083 (Feedback): Config upgrade issue with empty IPsec P1: Applied in changeset commit:024e5de242661219bb8a62f183b1601cec44aa3c. Jim Pingle
09:02 AM Bug #9083 (Resolved): Config upgrade issue with empty IPsec P1: An older configuration will fail to upgrade with an incomplete or empty IPsec Phase 1 section:... Jim Pingle
11:27 AM Bug #9054: Gateway Group slow (or never) to switch back to Tier 1: The Gateway Group was set as Trigger Level: Packet Loss or High Latency. I changed that to "Member Down" and now the... Mitch Claborn
11:09 AM Bug #9084 (Duplicate): PHP crash after deleting NAT 1:1 rule: Duplicate of #9080 which is already fixed in the repo. Jim Pingle
10:45 AM Bug #9084 (Duplicate): PHP crash after deleting NAT 1:1 rule: There was only one rule on the NAT 1:1 list. After deleting it the the crash occurred. This happened several times an... Guilherme Orcutt
07:25 AM Bug #8864 (Feedback): SSH Guard Sensitivity/Whitelist on 2.4.4: Applied in changeset commit:ef4a242c0df1b69b3348997165afc8555471202c. Renato Botelho

10/30/2018

10:15 PM pfSense Packages Bug #9082 (Resolved): freeradius eap-tls CA validation trying to use fields that may not exist: This issue is reproduced in this thread: https://forum.netgate.com/topic/137168/freeradius-ca-validation-broken-2-4-5... rub man
02:24 PM Revision f989b4f6: Array initialization in NAT pages. Fixes #9080: (cherry picked from commit 42ad3b8b51e12b9e4c89b94e2a191495318f42dc) Jim Pingle
02:24 PM Revision 42ad3b8b: Array initialization in NAT pages. Fixes #9080: Jim Pingle
02:18 PM Revision f5c56bf8: Fix issue where Alias URL lists are not correctly stored: Paul.Bramhall
10:16 AM Bug #9081: signed long rollover in "Log file size (Bytes)" can cause self-inflicted DoS: That certainly sounds fun. I'll have a look. Jim Pingle
10:14 AM Bug #9081 (Closed): signed long rollover in "Log file size (Bytes)" can cause self-inflicted DoS: Values between 2147483648 and 4294967295 and cause fire-y disk-full death at the hands of @clog -i -s@ Izaac Falken
09:30 AM Bug #9080 (Feedback): firewall_nat_1to1.php: PHP error with empty 1:1 NAT rule list: Applied in changeset commit:42ad3b8b51e12b9e4c89b94e2a191495318f42dc. Jim Pingle
09:02 AM Bug #9080 (In Progress): firewall_nat_1to1.php: PHP error with empty 1:1 NAT rule list: Jim Pingle
09:02 AM Bug #9080 (Closed): firewall_nat_1to1.php: PHP error with empty 1:1 NAT rule list: ... Jim Pingle
09:23 AM pfSense Packages Bug #9079: High CPU usage of ntopng even during IDLE and no network traffic: It's not clear there is anything we can do at all here. This is most likely an issue in ntopng itself, not something ... Jim Pingle
09:22 AM pfSense Packages Bug #9079: High CPU usage of ntopng even during IDLE and no network traffic: TOP shows that the ntopng process is in the only one in nanslp (nanosleep) mode if this helps. Hannes W.
08:58 AM pfSense Packages Bug #9079 (Closed): High CPU usage of ntopng even during IDLE and no network traffic: With pfSense version 2.4.4 and the usage of ntopng package the CPU is constantly on a high load.
Reducing ntopng tas... Hannes W.
09:21 AM Bug #9074: Alias URL lists only storing last-most list in config.: Submitted pull request:
https://github.com/pfsense/pfsense/pull/4002 Paul Bramhall
07:52 AM Bug #9059 (In Progress): Update Unbound to 1.8.1: Cherry picked a270651cc45b428b5f8167d1d533c50e5ee958c2 to devel. If it's OK on 2.4.5 we can consider picking it back ... Jim Pingle

10/29/2018

02:13 PM Feature #9078 (Resolved): Investigate adding knobs for explicit-exit-notify in OpenVPN: explicit-exit-notify looks like it can greatly speed up recovery time on OpenVPN process restarts and potentially HA ... Chris Linstruth
12:18 PM Revision c6b4e293: Revert "Build textproc/jq, asked by BBcan177": This reverts commit 2e618c0d285a242b8cc8004f0907ddbb227ecfe9. Renato Botelho
09:13 AM Feature #9032: RADIUS MAC Authentication: display the login page when MAC auth failed: The fall back seems not to respect the setting *Use custom captive portal page* as it always shows the default login ... Jane Doe
07:59 AM Bug #9074: Alias URL lists only storing last-most list in config.: There still appeared to be some odd behaviour with the change I did above where it was not always appending the array... Paul Bramhall
06:29 AM Bug #9075 (Not a Bug): Firewall rules with aliases are not applied in upgraded 2.4.4: There is not enough detail here to reproduce or identify a problem. Aliases are working fine in lab and production se... Jim Pingle
04:06 AM Bug #9075 (Not a Bug): Firewall rules with aliases are not applied in upgraded 2.4.4: HI,
I have an upgraded pfsense from 2.4.3 to 2.4.4 and then all the firewall rules with aliases are not applied co... Julio VIzcaino
06:25 AM Bug #9076 (Not a Bug): DHCP RENEW PROBLEM: This needs discussion on the forum. It's working fine for thousands and thousands of installs. If there is an issue h... Jim Pingle
04:44 AM Bug #9076 (Not a Bug): DHCP RENEW PROBLEM: Hello,
Since two weeks we have a problem on our DHCP Server with dhcp adress renew on our clients.
All 24 hours, ... Aurelien Dufeu
06:06 AM pfSense Packages Feature #9077 (New): haproxy UI: Add seperator lines: When having lots of ACL rules and action rules it would be nice if it was possible to insert seperator lines with a n... Torben Hørup

10/28/2018

09:18 PM Bug #9056 (Resolved): DNS search domain omitted in some cases: Jim Pingle
08:43 PM Bug #9056: DNS search domain omitted in some cases: Looks good here. Thanks. Chris Linstruth
09:18 PM Bug #9055 (Resolved): IKEv2 EAP Identity vs client ID matching for per-client settings with local users: Jim Pingle
08:48 PM Bug #9055: IKEv2 EAP Identity vs client ID matching for per-client settings with local users: Works as expected. Thank you. Chris Linstruth
07:45 AM Bug #9074 (Resolved): Alias URL lists only storing last-most list in config.: When creating an Alias URL list under Firewall->Aliases->URLs, only the IP's from the last-most URL in the list is wh... Paul Bramhall

10/27/2018

01:35 PM Bug #9073: "private-domain" in custom options results in invalid config (syntax error): Thanks, Jim! It didn't occur to me that the @server@ block could be specified twice. Can confirm the config now che... Rick White
01:21 PM Bug #9073 (Not a Bug): "private-domain" in custom options results in invalid config (syntax error): With custom options it is up to the user to ensure the config is in the correct section of the config. For example in... Jim Pingle
01:21 PM Bug #9073: "private-domain" in custom options results in invalid config (syntax error): Ahah, I think the actual issue is that *Custom options* are being after the @forward-zone@ directive, which means the... Rick White
01:16 PM Bug #9073 (Not a Bug): "private-domain" in custom options results in invalid config (syntax error): Adding the following to the DNS Resolver *Custom options* field:... Rick White
08:18 AM Bug #9058 (Feedback): Kernel panic during L2TP retransmit: OK, we'll wait for some more feedback here to see what happens. Jim Pingle
05:46 AM Bug #9058: Kernel panic during L2TP retransmit: After a few more crashes with different error messages, I ran a memory test, which showed errors. RAM is replaced and... Bianco Veigel

10/26/2018

11:51 AM Bug #8937 (New): LAGG shows wrong ether address: From a quick look at utils.inc:get_interface_list() this would require the addition of some logic;
if $IFACE is me... Anonymous
09:37 AM Bug #8937 (In Progress): LAGG shows wrong ether address: Anonymous
10:42 AM Bug #9072 (Resolved): RRD graph mouseover information shows up as Mb when unit size is set to MB: The dashboard traffic graph widget shows mouse over information in Mb when the unit size is set to MB Luka Rojnica
09:36 AM Bug #9054: Gateway Group slow (or never) to switch back to Tier 1: To make things even more complicated, in the workaround mentioned above, the routing actually changes back to the Tie... Mitch Claborn
09:11 AM Bug #9071 (Resolved): Package restore after fresh install can fail, claiming packages do not exist: Tested on a fresh SG-1000 and SG-3100 after a recovery install and then config restore. In both cases, no packages we... Jim Pingle
05:27 AM Bug #8954: hn0: driver does not support altq: > hyper-v 2016
> gen1 and gen2
Issue persistent in 2.4.5.development as well Jon Gav

10/25/2018

07:40 PM Revision b77f0bf1: Initialize package arrays before use. Fixes #9067: (cherry picked from commit bfd3334b4bc9ae0d3c43f69e8305c83b0da3aa58) Jim Pingle
07:40 PM Revision bfd3334b: Initialize package arrays before use. Fixes #9067: Jim Pingle
07:00 PM Bug #9070 (Feedback): After performing in-place upgrade from 2.4.3-RELEASE-p1 to 2.4.4 DHCPV6 client fails to retireve a WAN address: Sounds like symptoms that others saw when using Hyper-V.
If you are using Hyper-V then this is a duplicate of #9019 Jim Pingle
06:15 PM Bug #9070 (Closed): After performing in-place upgrade from 2.4.3-RELEASE-p1 to 2.4.4 DHCPV6 client fails to retireve a WAN address: I upgraded my system a few days ago and realized last night that the hosts were no longer receiving IPV6 addresses. ... Tom Hebert
06:58 PM Bug #9069 (Duplicate): Config import not validated properly: Duplicate of #8994 which is already fixed for 2.4.4-p1. Jim Pingle
05:56 PM Bug #9069 (Duplicate): Config import not validated properly: I just imported a config file generated on another pfsense host onto a fresh install. Somehow that file ended up cont... Flole Systems
06:24 PM Revision 0fd2dd09: Add trailing slash to ECL check path for /config/. Fixes #9066: (cherry picked from commit c688c59b47a3ce138ffe094794d01f1e6fcc00df) Jim Pingle
06:24 PM Revision c688c59b: Add trailing slash to ECL check path for /config/. Fixes #9066: Jim Pingle
04:18 PM Bug #9068 (Rejected): Exported configuration contains string at the end that should not be there: I can't reproduce this here at all on 2.4.4 or 2.4.5 snapshots.
It may be specific to the combination of OS+Browse... Jim Pingle
04:13 PM Bug #9068 (Rejected): Exported configuration contains string at the end that should not be there: When I export a configuration, everything is normal until the last line, which reads... Flole Systems
02:50 PM Bug #9067 (Feedback): PHP error when installing first package with empty installedpackages tag: Applied in changeset commit:bfd3334b4bc9ae0d3c43f69e8305c83b0da3aa58. Jim Pingle
02:40 PM Bug #9067 (Resolved): PHP error when installing first package with empty installedpackages tag: If the configuration contains only @<installedpackages></installedpackages>@ then installing a package will fail with... Jim Pingle
01:30 PM Bug #9066 (Feedback): ecl.php: Checking /config path is not working due to lack of trailing slash: Applied in changeset commit:c688c59b47a3ce138ffe094794d01f1e6fcc00df. Jim Pingle
01:19 PM Bug #9066 (Resolved): ecl.php: Checking /config path is not working due to lack of trailing slash: At source:src/etc/ecl.php#L59 the locations for the external config locator (ECL) script are defined, but @/config@ d... Jim Pingle
06:47 AM Bug #9065 (Rejected): Well known ports: order them by number instead of name: The problem with this change is that people don't who do not know the numbers will want to find them by name, and wit... Jim Pingle
05:21 AM Bug #9065 (Rejected): Well known ports: order them by number instead of name: As a sysadmin, I always know the port I'm handling, but a lot of times I don't remember the +exact+ name of the servi... Filippo Tessarotto

10/24/2018

01:09 PM Bug #9064: voucher to device binding: ! ishtiaq ahmad
01:08 PM Bug #9064 (Not a Bug): voucher to device binding: dear all,
in version 2.4.4 we cant enforce one voucher per same device always. some naughty user switch from one to ... ishtiaq ahmad
11:53 AM Feature #9063 (New): Allow dynamic DNS client entry to specify which Check IP service to use: Please update the dynamic DNS client feature to allow specification of the Check IP service to use at the individual ... Mitch Claborn
01:31 AM Bug #8758: filterdns stops working on a regular basis.: Dear All
i am affected with same problem
it happens every day approx.
i must kill filterdns service and restart ... khaled osama

10/23/2018

06:19 PM Revision 20895301: Fix processing of the 'all' group. Fixes #9051: All the 'all' group to the list of groups at the end, rather than the
start. This way it will be considered no matter... Jim Pingle
06:17 PM Revision 4de15854: Fix processing of the 'all' group. Fixes #9051: All the 'all' group to the list of groups at the end, rather than the
start. This way it will be considered no matter... Jim Pingle
05:14 PM Revision c95a79d3: Validate and protect powerd option values. Fixes #9061: (cherry picked from commit 3be699295e5cb7be24cc5361700be1a8b759e26c) Jim Pingle
05:13 PM Revision 3be69929: Validate and protect powerd option values. Fixes #9061: Jim Pingle
01:25 PM Bug #9051 (Feedback): Privileges on 'all' group are not being honored: Applied in changeset commit:4de15854384e28004b0dc571dc8a40fda7eae694. Jim Pingle
01:07 PM Feature #9062 (Rejected): Add "email notification" when the WAN interface change its public IP: It would be helpful if an email is send when the WAN interface change its public IP.
Here is an example: https://www... TCI User
12:20 PM Bug #9061 (Feedback): PowerD command parameter validation and escaping: Applied in changeset commit:3be699295e5cb7be24cc5361700be1a8b759e26c. Jim Pingle
11:46 AM Bug #9061 (Resolved): PowerD command parameter validation and escaping: The powerd parameters @powerd_ac_mode@, @powerd_battery_mode@, and @powerd_normal_mode@ are not validated against the... Jim Pingle
08:39 AM Feature #9060 (New): add rule name filtering field for firewall log viewer: It would be very helpful to have a field available in the firewall log filter to search on matched rule name (i.e. Ev... Ansley Barnes
08:30 AM Bug #9059 (Resolved): Update Unbound to 1.8.1: Unbound 1.8.1 has fixed a few memory leaks, notably one in DNS over TLS that causes unbound to consume all memory and... Jim Pingle
08:21 AM Bug #9058: Kernel panic during L2TP retransmit: Right now it happens at least once a day, but at random times. I'll check if the amount of traffic might be related. Bianco Veigel
08:09 AM Bug #9058: Kernel panic during L2TP retransmit: I saw a crash with a backtrace like that once on a test VM with an L2TP WAN but only one time, not repeatedly, so I c... Jim Pingle
06:41 AM Bug #9058 (Resolved): Kernel panic during L2TP retransmit: I'm using a Multilink L2TP WAN. After a fresh reinstall of 2.4.4 and completely new config (no import) it crashes reg... Bianco Veigel
01:06 AM Bug #8937: LAGG shows wrong ether address: Create a new LAGG with some interfaces and save it. Once thats done, edit that LAGG and on everything interface name ... Flole Systems

10/22/2018

11:48 PM Bug #9051: Privileges on 'all' group are not being honored: removed the 'all' from both files and got access again, also admin is disabled using different user as admin Michael Kellogg
10:51 PM Bug #9051: Privileges on 'all' group are not being honored: I just upgraded and got no page assigned
Michael Kellogg
07:32 PM Revision 7a16a38c: Use the fw domain for DNS search when no other choices exist. Fixes #9056: (cherry picked from commit 74a8a219d33c9b87ab4b6b4026d247f0f6bdcaa6) Jim Pingle
07:31 PM Revision 74a8a219: Use the fw domain for DNS search when no other choices exist. Fixes #9056: Jim Pingle
06:36 PM pfSense Docs Correction #9057 (Resolved): [feedback form] Missing info on advanced networking page: *Page*: https://docs.netgate.com/pfsense/en/latest/config/advanced-networking.html
*Feedback*: Missing info on the... Jared Dillard
05:35 PM Revision aa733351: gateway monitoring, wait for apinger to terminate or remove its pid file when restarting it.: (cherry picked from commit 66491555711182d9176f6292fd58397c65e4b2af) PiBa-NL
05:35 PM Revision 8e823a93: generate a flag even if trying to perform RADIUS MAC authentication on a non-RADIUS server.: (cherry picked from commit 22e328743170b62b55d6e18b593c4005e8d6f892) A FL
05:35 PM Revision bb90e3c5: Implement login fallback for RADIUS MAC authentication: (cherry picked from commit 774ff51ba07f944a39fdc6859ec7d258b95315bf) A FL
05:29 PM Revision b950e991: Strictly define the EAP Identifier for custom local client entries. Fixes #9055: (cherry picked from commit 2d7ed31e3227566d0474929a3aed84509247f91e) Jim Pingle
05:28 PM Revision 2d7ed31e: Strictly define the EAP Identifier for custom local client entries. Fixes #9055: Jim Pingle
03:28 PM Revision 8be7aff9: Merge pull request #3987 from PiBa-NL/20180920-apinger-wait-for-terminate: Steve Beaver
03:22 PM Revision 768eccf9: Merge pull request #4000 from Augustin-FL/patch-cp-3: Steve Beaver
02:40 PM Bug #9056 (Feedback): DNS search domain omitted in some cases: Applied in changeset commit:74a8a219d33c9b87ab4b6b4026d247f0f6bdcaa6. Jim Pingle
02:31 PM Bug #9056 (Resolved): DNS search domain omitted in some cases: If a user has allowed DHCP override of DNS servers but there are no DCHP WANs, the search domain list will be empty.
... Jim Pingle
12:44 PM Bug #9054: Gateway Group slow (or never) to switch back to Tier 1: If I set the Tier 1 gateway as "Mark Gateway as Down" then turn that setting back off, the routing will correct itsel... Mitch Claborn
10:58 AM Bug #9054 (Resolved): Gateway Group slow (or never) to switch back to Tier 1: See https://forum.netgate.com/topic/136852/2-4-4-gateway-group-slow-or-never-to-switch-back-to-tier-1. (No responses... Mitch Claborn
12:35 PM Bug #9055 (Feedback): IKEv2 EAP Identity vs client ID matching for per-client settings with local users: Applied in changeset commit:2d7ed31e3227566d0474929a3aed84509247f91e. Jim Pingle
12:32 PM Bug #9055: IKEv2 EAP Identity vs client ID matching for per-client settings with local users: If we determine that there is a use case for allowing the other method, we can setup GUI controls for it later as a s... Jim Pingle
12:28 PM Bug #9055 (Resolved): IKEv2 EAP Identity vs client ID matching for per-client settings with local users: With IKEv2, the EAP Identity does not necessarily match the @rightid@ supplied by the client. For most common use cas... Jim Pingle
10:36 AM Bug #8964: IPsec async cryptography advanced setting - TCP traffic not passing through: I'm seeing this bug occur on my SG-3100s when using one of the AES-GCM based algorithms for my IPSEC Phase2 with asyn... Paul Bucher
10:29 AM Bug #8921: dpinger without .pid files.?. 'pending' status: PR tested and applied. Thanks. Anonymous
10:28 AM Bug #8921 (Feedback): dpinger without .pid files.?. 'pending' status: Anonymous
10:26 AM Bug #8937 (Feedback): LAGG shows wrong ether address: Please provide some more details of this issue. It is not clear from the description what the problem is. Where do yo... Anonymous
10:23 AM Feature #9032 (Feedback): RADIUS MAC Authentication: display the login page when MAC auth failed: Anonymous

10/21/2018

09:26 PM Bug #8555: Selectively killing states on WAN failure: don't kill states when failover gateway is down:
https://github.com/pfsense/pfsense/pull/4159 Steven Brown
12:09 PM pfSense Packages Bug #9050: Antartica does not make a rule: I am not actively working on the previous release.
The devel version will be the next release version in a short p... BBcan177 .
10:23 AM pfSense Packages Bug #8909: tinc package makes /rc.newwanip looping forever: I guess I found a workaround: define a static IP address into the interface, then enable it and use in firewall and o... Andrew Hotlab

10/20/2018

11:02 PM Bug #9053 (Resolved): Dynamic DNS will not allow Route 53 wildcard record: When configuring a dynamic DNS client to update Route 53 (AWS) records, the web form will not validate a hostname tha... Tim Gagnon
08:15 PM pfSense Packages Bug #9050: Antartica does not make a rule: How long does it take to make it to the main version? It's been months and multiple releases since it says it was fi... Stuart Wyatt
12:23 PM pfSense Packages Bug #9050: Antartica does not make a rule: This is fixed in the pfBlockerNG-devel version. BBcan177 .
12:30 PM Todo #9052 (Resolved): Update Font-Awesome: Font Awesome in pfSense is using version (4.5.0). v4.x has been marked as End-of-life:
https://github.com/pfsense/... BBcan177 .
10:15 AM Bug #9051: Privileges on 'all' group are not being honored: Should be easy to replicate, I just added a new user to admins group.
In the attached config I had added "page-d... Ronald Schellberg
09:16 AM Bug #9051 (In Progress): Privileges on 'all' group are not being honored: That should not have been caused by this but I'll test it some more.
This should have only _added_ privileges to t... Jim Pingle
08:55 AM Bug #9051: Privileges on 'all' group are not being honored: Jim Pingle wrote:
> All users are a member of the "All Users" group (actual group name internally: @all@).
>
> Pr... Ronald Schellberg

10/19/2018

01:40 PM Revision 65c71eb3: Consider the "all" group when determining privileges. Fixes #9051: (cherry picked from commit fe1afbb7549907e0d1cdfbf85d5f36d075a6a916) Jim Pingle
01:39 PM Revision fe1afbb7: Consider the "all" group when determining privileges. Fixes #9051: Jim Pingle
11:43 AM pfSense Packages Todo #9041: update ntopng 3.6.0: It's actually already at 3.6 on 2.4.5 snapshots, and trying to pick back changes proved to be a bit of a challenge. I... Jim Pingle
11:18 AM Feature #8946: Add field to show IA_PD to DHCP6 Server page: PR was closed. Awaiting new PR(s) Anonymous
08:50 AM Bug #9051 (Feedback): Privileges on 'all' group are not being honored: Applied in changeset commit:fe1afbb7549907e0d1cdfbf85d5f36d075a6a916. Jim Pingle
08:38 AM Bug #9051 (Resolved): Privileges on 'all' group are not being honored: All users are a member of the "All Users" group (actual group name internally: @all@).
Privileges can be added to ... Jim Pingle
08:16 AM Bug #7905: OpenVPN Authentication Against Backend Stalls All Server Traffic: Unfortunately, with pfSense version 2.4.4, the fallback to an alternative RADIUS server is still not operational.
... John Tikis

10/18/2018

03:15 PM Bug #8956: traffic shaper after upgrade to 2.4.4 not showing queue under each limiter: Just because two bugs affect the same subsystem doesn't mean they are related, though. Limiters work fine for many pe... Jim Pingle
03:06 PM Bug #8956: traffic shaper after upgrade to 2.4.4 not showing queue under each limiter: Yes, of course! I might not have been clear, I totally understand that these are bugs in two different areas of code.... Terence Kent
11:25 AM Bug #8956: traffic shaper after upgrade to 2.4.4 not showing queue under each limiter: They are unrelated, the only thing they have in common is that they are both limiter issues. One is a GUI parsing pro... Jim Pingle
11:06 AM Bug #8956: traffic shaper after upgrade to 2.4.4 not showing queue under each limiter: Ok, great - I'm glad you've seen it.
FWIW, I would vote for those two issues to go out together. While fixing the... Terence Kent
02:53 PM Revision 0edf0420: Rewrite /etc/rc.kill_states to use pfSense module state functions. Fixes #8554: Eliminates inaccurate shell exec/grep/preg_match syntax issues.
(cherry picked from commit 5142c80abbaa7b2dd219c03ed... Jim Pingle
02:52 PM Revision 5142c80a: Rewrite /etc/rc.kill_states to use pfSense module state functions. Fixes #8554: Eliminates inaccurate shell exec/grep/preg_match syntax issues. Jim Pingle
02:35 PM pfSense Packages Bug #9050 (Resolved): Antartica does not make a rule: If Antarctica entries with a count > 0 are added to the pfBlockerNG GeoIP, there won't be an Antarctica rule created.... Stuart Wyatt
11:30 AM Bug #8555: Selectively killing states on WAN failure: Well it still could be worth submitting the PR to get some other eyes on it.
Also, having it up on Github would ma... → luckman212
10:00 AM Bug #8554 (Feedback): /etc/rc.kill_states code not correctly parsing pfctl output: Applied in changeset commit:5142c80abbaa7b2dd219c03edd60c4f675d2fb62. Jim Pingle
09:54 AM Bug #8554: /etc/rc.kill_states code not correctly parsing pfctl output: I'd rather not change one funky regex matching pattern for another. I have a better fix. Push incoming. Jim Pingle
01:01 AM Bug #8554: /etc/rc.kill_states code not correctly parsing pfctl output: Did you ever submit a PR for this? → luckman212
07:47 AM Bug #9049 (Not a Bug): IPSec statuspage shows both connected and connecting tunnel: Since bugnumber 8117 has been served off as not a bug, and no further response is given I'd like to re-open this bug.... Ges Ture

10/17/2018

11:45 PM Bug #8555: Selectively killing states on WAN failure: Unfortunately, I never really had the opportunity to create a proper complete build or run this outside a virtual env... Steven Brown
10:44 PM Bug #8555: Selectively killing states on WAN failure: Steven, pretty impressive work you've done there. How have these patches been working for you? Have you gotten any ot... → luckman212
06:36 PM Bug #9048 (Not a Bug): Installer memsticks using GPT should always have partition count that is a multiple of 4: The memstick installers use GPT but they only include three partitions and not four. This can cause a problem when wr... Jim Pingle
01:51 PM Revision 5baf07c8: Simplify schedule validation: (cherry picked from commit bb7cabdb20e7bad06263d5b3888c71415d6861c1) Steve Beaver
01:50 PM Revision 619f9e51: Added #8976 Allow traffic graph settings to be saved: (cherry picked from commit dd8a6d75e7a7cadc9a182c0306e8d04799a63338) Stephen Jones
01:50 PM Revision 4bc2dab8: Disable display of Diagnostics->AutoConfigBackup menu item if config is restored from pfSense < 2.4.4: Fixed #8959
(cherry picked from commit 245bfa559b5d8ebcb13b21feceaa58257ee194da) Steve Beaver
01:50 PM Revision 613fa52d: Add top buttons if table > 24 rows: (cherry picked from commit e7299fd8c5ad6998aab372dc40f033f1dcb8d605) Steve Beaver
01:50 PM Revision 96101eb4: Fix German translation error. Also fixed in Zanata: (cherry picked from commit 84dc4a557c911d0a53a861d66021ff7f65400e87) Steve Beaver
01:50 PM Revision 050599fa: Fixed #9002 - PPPoE Service Name may contain ':': (cherry picked from commit dac4cd09699bdafa5bcf1cf7b699438e5f669b26) Steve Beaver
01:50 PM Revision bf6a27e4: Fix typo in error msg: (cherry picked from commit c921665902c0a0bccd2376437a1ab1118009f86f) Steve Beaver
01:50 PM Revision 1b1aef35: Default ACB schedule to every day at midnight: (cherry picked from commit ebbc9e97a62464650684033df7f9cd7c3d32e609) Steve Beaver
01:50 PM Revision 68cba33c: Fixes #8949 Looks like there was 2 variable names for the same variable shownetboot and netboot. It now just uses the variable name netboot: (cherry picked from commit e46ea2c60986c62371966025ab3068466217fefa) Stephen Jones
01:50 PM Revision b35a897b: Added scheduled config backup: Fixed: #8947
(cherry picked from commit a1aa91dec887ba929be08c993170803396a669b2) Steve Beaver
01:20 PM Bug #8956: traffic shaper after upgrade to 2.4.4 not showing queue under each limiter: I've seen it but it isn't directly relevant to this specific bug. This was only about the queues not showing. Jim Pingle
01:09 PM Bug #8956: traffic shaper after upgrade to 2.4.4 not showing queue under each limiter: Hey Jim. Glad to see this issue is getting fixed - that's great!
However, I want to be sure you've seen #8973, whi... Terence Kent
12:27 PM Bug #8974: system_advanced_admin.php: Inconsistent placement of ssh options and lack of initialization: Also relevant/related: commit:8038c4e807c88fda4e1bb5b37ac31c9dbb8395fe
Jim Pingle
12:25 PM Bug #9047 (Duplicate): SSH port is not being saved properly: This has already been fixed while addressing another issue, see #8974 Jim Pingle
12:22 PM Bug #9047 (Duplicate): SSH port is not being saved properly: Hi guys,
After upgrading from 2.4.3-RELEASE (amd64) to 2.4.4-RELEASE, I noticed that my config wasn't generated prop... Manoel Carvalho
12:23 PM Revision 517a683f: Add filer pkg, which was merged a while back but not set to build.: (cherry picked from commit 6b15f2c16b2a5396855751edf2983bcc2d12520e) Jim Pingle
12:23 PM Revision 6b15f2c1: Add filer pkg, which was merged a while back but not set to build.: Jim Pingle
10:46 AM pfSense Packages Feature #8869: HAproxy should use RFC 7919 DH parameter files: Understood.
I now remember where I had stumbled upon this idea in the first place, it goes back to a few years bac... Stéphane Lapie
08:56 AM pfSense Packages Feature #8869: HAproxy should use RFC 7919 DH parameter files: Accommodating SSL testers that have no concept of proper security procedures isn't something we should aspire to do. ... Jim Pingle
07:47 AM Bug #8859: VTI: Some third-party vendors require rightsubnet to have a mask for VTI, rather than address: If you did not need the patch, does adding the patch affect it negatively in any way? That is also an important quest... Jim Pingle
04:57 AM Bug #8859: VTI: Some third-party vendors require rightsubnet to have a mask for VTI, rather than address: Jim Pingle wrote:
> #1 Seems to be OK but could use more confirmation. Traffic from the firewall itself still leaves... Braden McGrath
07:40 AM pfSense Packages Feature #7179 (Feedback): Package Filer into 2.3: I added it to the list and bumped the package version to trigger a rebuild. It's up now for 2.4.4 and will go up with... Jim Pingle
07:21 AM pfSense Packages Feature #7179: Package Filer into 2.3: Looks like it was never added to the port build list at https://github.com/pfsense/pfsense/blob/master/tools/conf/pfP... Jim Pingle
07:18 AM pfSense Packages Feature #7179: Package Filer into 2.3: Where is the Filer package?
"PR #277":https://github.com/pfsense/FreeBSD-ports/pull/277 says "Merged" but I don't se... → luckman212

10/16/2018

10:24 PM pfSense Packages Feature #8869: HAproxy should use RFC 7919 DH parameter files: I understand the intent behind the stock DH parameter files, however some SSL testers raise known DH parameters as so... Stéphane Lapie
08:16 PM pfSense Packages Feature #9046 (New): telegraf feature request: we want to monitor the ntp service in pfsense, Now I manully add lines into telegraf.conf then manually start it, it ... mrco chen
08:00 PM Revision df9aa538: Fix Limiter validation check, which allows old queues to display. Fixes #8956: The AQM defaults to droptail when empty, but empty was being rejected as
invalid even though it was handled in the co... Jim Pingle
07:59 PM Revision cd3cde52: Fix Limiter validation check, which allows old queues to display. Fixes #8956: The AQM defaults to droptail when empty, but empty was being rejected as
invalid even though it was handled in the code. Jim Pingle
03:19 PM Revision d7f7ab4f: Solve a package reinstall/start race condition. Fixes #9045: (cherry picked from commit 84963037949aaf5225ae664cfe9b4e3b037beee0) Jim Pingle
03:18 PM Revision 84963037: Solve a package reinstall/start race condition. Fixes #9045: Jim Pingle
03:10 PM Bug #8956 (Feedback): traffic shaper after upgrade to 2.4.4 not showing queue under each limiter: Applied in changeset commit:cd3cde526a9215e914c2f420c7e9c74b059a2ad0. Jim Pingle
02:47 PM Bug #8964: IPsec async cryptography advanced setting - TCP traffic not passing through: System -> Cryptographic:
AES-NI and BSD Crypto Device (aesni, cryptodev)
IPSec -> Advanced Settings -> Asynchrono... Clinton Cory
03:18 AM Bug #8964: IPsec async cryptography advanced setting - TCP traffic not passing through: @Jim I mean "AES-NI and BSD Crypro Device" Vladimir Lind
10:25 AM Bug #9045 (Feedback): Race condition in package reinstall/startup after restore can lead to no packages restored: Applied in changeset commit:84963037949aaf5225ae664cfe9b4e3b037beee0. Jim Pingle
10:12 AM Bug #9045 (Resolved): Race condition in package reinstall/startup after restore can lead to no packages restored: rc.bootup triggers a rc.package_reinstall_all in the background with a delay, to reinstall all packages in the config... Jim Pingle
10:10 AM Bug #9042 (Resolved): Web GUI does not recognise NVMe devices as SMART capable: Jim Pingle
08:00 AM pfSense Packages Feature #9008 (Resolved): Add Zabbix 4 (agent and proxy) packages: Jim Pingle
07:38 AM pfSense Packages Feature #9008: Add Zabbix 4 (agent and proxy) packages: This can be closed.
Thanks! Danilo Baio
07:34 AM Bug #8070: IKEv2 IPSec tunnel under load crashes pfSense when AES-NI is enabled: It's entirely possible that the fixes referenced in the original description were only fully/completely integrated in... Jim Pingle
01:27 AM Bug #8070: IKEv2 IPSec tunnel under load crashes pfSense when AES-NI is enabled: Interestingly, it is seemingly working in 2.4.4-RELEASE. /var/etc/ipsec/ipsec.conf included for your entertainment:
... Rachel Chen

10/15/2018

10:00 PM Bug #8964: IPsec async cryptography advanced setting - TCP traffic not passing through: @luke they’re not for sale yet
@clinton please be more specific
@vladimir please explain how you enabled aes-ni on ... Jim Thompson
04:20 PM Bug #8964: IPsec async cryptography advanced setting - TCP traffic not passing through: Whoa, SG-1100 is out? Where do I get one? → luckman212
04:17 PM Bug #8964: IPsec async cryptography advanced setting - TCP traffic not passing through: I see the same issues on a SG-1100. Clinton Cory
07:21 PM Revision 82c85c97: Show nvme controllers in SMART list. Fixes #9042: (cherry picked from commit e738a4c9b2607ad3561a0fce89d903535ca71249) Jim Pingle
07:21 PM Revision e738a4c9: Show nvme controllers in SMART list. Fixes #9042: Jim Pingle
07:20 PM Revision 083e4291: Revert "Show nvme devices in SMART disk list. Fixes #9042": This reverts commit bdb6021f79f222b2c7d732436800e96cb34ea973.
(cherry picked from commit dba7debb2e6be1ef469d99fa5e9... Jim Pingle
07:20 PM Revision dba7debb: Revert "Show nvme devices in SMART disk list. Fixes #9042": This reverts commit bdb6021f79f222b2c7d732436800e96cb34ea973. Jim Pingle
06:46 PM Revision bdb6021f: Show nvme devices in SMART disk list. Fixes #9042: Jim Pingle
06:46 PM Revision 5ae720be: Show nvme devices in SMART disk list. Fixes #9042: (cherry picked from commit 89b4d4f30576908e36d5c6b70701db2f5e7363e6) Jim Pingle
05:25 PM Revision f646afcf: Enable Zabbix 4 packages build: Renato Botelho
05:24 PM Revision 4c05dca3: Enable Zabbix 4 packages build: Renato Botelho
03:54 PM Bug #8956: traffic shaper after upgrade to 2.4.4 not showing queue under each limiter: Please re-read https://redmine.pfsense.org/issues/8956#note-3 and gather the requested information. Jim Pingle
01:55 PM Bug #9042 (Feedback): Web GUI does not recognise NVMe devices as SMART capable: Applied in changeset commit:5ae720be09a8976834cc424ead5c720f5fa2e64e. Jim Pingle
09:37 AM Bug #9042: Web GUI does not recognise NVMe devices as SMART capable: This should be a one-line fix but I had a follow-up question about the devices (nvd vs nvme) since their examples wer... Jim Pingle

10/14/2018

07:21 PM Bug #8956: traffic shaper after upgrade to 2.4.4 not showing queue under each limiter: I just wanted to add that I am experiencing an issue with my limiter as well after upgrading to 2.4.4, but im not sur... jake xanaro
09:34 AM Bug #9043 (Not a Bug): openvpn 2.4.3-p1 -> 2.4.4, failed: Not enough info here for a valid bug report.
Please post on the forum at https://forum.netgate.com/ -- There are s... Jim Pingle
06:38 AM Bug #9043 (Not a Bug): openvpn 2.4.3-p1 -> 2.4.4, failed: hi
After the update has stopped working normally openvpn for Pfsense + mikrotik v6.43.2 (Protocol TCP and Device mod... Ivan Zagorodko
09:00 AM pfSense Packages Feature #9044 (New): Add SoftEther: It would be nice if you can add SoftEther program. It supports OpenVPN and it has more functions than the simple Open... John Smith

10/13/2018

11:34 PM Bug #8959 (Resolved): Restoring a <2.4.4 config with legacy gold auto backup package re-adds the menu option under Diagnostics: On 2.4.5.a.20181012.2248, restoring a config with AutoConfigBackup installed does not result in a system with Diagnos... Anonymous
09:31 PM Bug #9004: Default gateway IPv4 set to a group fails after restart on 2.4.4: I thought I was going crazy, because I have this same configuration 2 wans (1 cable, 1 4G/LTE) in a gateway group. T... Travis McMurry
06:27 PM Bug #9042 (Resolved): Web GUI does not recognise NVMe devices as SMART capable: It looks like it's only looking for ad, ada or da devices:
https://github.com/pfsense/pfsense/blob/c0787ee92aeaa51ce... Steve Wheeler
02:32 PM Bug #8973: Traffic not going to Limiter queues: > Samir Patel wrote
> ...Try Codel/Round-Robin. This seems to work and has been stable a couple of days now.
Than... Terence Kent
01:28 PM Bug #8973: Traffic not going to Limiter queues: Samir Patel wrote:
> Terence Kent wrote:
> > At this point, I've just disabled the limiters / queues. It's better f... Victor Preatoni
01:34 PM pfSense Packages Todo #9041 (Resolved): update ntopng 3.6.0: update ntoping to 3.6.0
and enable activity map
the latest version of pfsense seems dos not enable activity ... mom aiaz
08:08 AM Bug #9040 (Not a Bug): Invalid status for OpenVPN Point-to-Point Links: Jim Pingle
07:03 AM Bug #9040: Invalid status for OpenVPN Point-to-Point Links: *Update*
- After trying on a fresh install on my VM, the issue seems to no longer be present.
Please disregard th... James Webb
06:44 AM Bug #9040 (Not a Bug): Invalid status for OpenVPN Point-to-Point Links: *Background:*
If one defines multiple OpenVPN servers in a tun point-to-point mode (i.e. use a /30 subnet in the IPv... James Webb

Also available in: Atom

Project

General

Profile

pfSense

Activity

Activity

11/11/2018

11/10/2018

11/09/2018

11/08/2018

11/07/2018

11/06/2018

11/05/2018

11/04/2018

11/03/2018

11/02/2018

11/01/2018

10/31/2018

10/30/2018

10/29/2018

10/28/2018

10/27/2018

10/26/2018

10/25/2018

10/24/2018

10/23/2018

10/22/2018

10/21/2018

10/20/2018

10/19/2018

10/18/2018

10/17/2018

10/16/2018

10/15/2018

10/14/2018

10/13/2018