Activity
From 10/27/2018 to 11/25/2018
11/25/2018
-
04:45 PM Bug #8993: PHP error from filter_rules_sort() when config.xml contains no rules
- Any way to fix this manually? (i.e. if I don't want to update to dev)
-
03:45 PM Bug #9150 (Resolved): Web authentication RADIUS package shows PHP error if unable to resolve FQDN of RADIUS server
- When the DNS record for the RADIUS server used to configure authentication of the web console was temporarily unavail...
-
12:51 PM Bug #9114: Captive Portal Blocked MAC Address Redirect URL not working
- Vladimir Lind wrote:
> Not seeing redirection to block page with enabled MAC block and block URL with IP from the la...
11/24/2018
-
11:56 AM Bug #9149 (Rejected): Continued issues with /tmp and /var in RAM on 2.4
- I've had repeated trouble with upgrades and even non-upgrade-related reboots with pkg configuration. 2.3.5 through 2...
11/23/2018
-
09:21 AM Bug #9064 (Not a Bug): voucher to device binding
-
- would it be possible to close this issue?
Alternate solutions have been given and this behaviour will likely not ...
11/22/2018
-
03:24 PM Bug #8924 (Resolved): FreeDNS Dynamic DNS update needs IP
- Looks good in:
2.4.5-DEVELOPMENT (arm)
built on Wed Nov 21 05:47:41 EST 2018 -
- PR has been merged. Thanks!
-
02:38 PM Revision fb1d9dca: Make the WF2Q+ the default scheduler for the dummynet limiters.
- The WF2Q+ was the default scheduler in previous versions, it is well tested and support dynamic queues.
Add a note f... -
- The WF2Q+ was the default scheduler in previous versions, it is well tested and support dynamic queues.
Add a note f... -
-
11:37 AM pfSense Packages Bug #9135: Suricata in inline modus blocks some downloads
- Bill Meeks wrote:
> This bug needs to be reported upstream to the Suricata team. When you use Inline IPS mode, you ... -
- Also include that and Digital Ocean in the help text.
(cherry picked from commit 92c39e9b923792a58b56323a7e2fb46f608... -
-
- In some situations PPPoE fails to reconnect after an upstream outage or making a change locally. The system file logs...
-
10:19 AM Bug #9147 (Rejected): Unable to open /cf/conf/config.xml for writing in write_config() when set easyrule from ssh
- Run it with sudo or use admin/root, not an unprivileged user.
-
10:08 AM Bug #9147 (Rejected): Unable to open /cf/conf/config.xml for writing in write_config() when set easyrule from ssh
- I am using user "ssh" and assinged admins group to ssh pfsense from another server.
When i set easyrule such as "eas... -
- Duplicate of #9119
-
- co da wrote:
> Hi everyone,
> I met crash when set easyrule by command line
> easyrule block lan 192.168.2.2
> me... -
- Hi everyone,
I met crash when set easyrule by command line
easyrule block lan 192.168.2.2
message:
PHP ERROR: Typ... -
07:53 AM Bug #6880: Multiple DHCP6 WAN connections leads to multiple dhcp6c clients
- I have the same issue.
Is there still some work on this bug?
Thanks! -
07:24 AM pfSense Packages Bug #9143: ntopng not displaying values in historical correctly
- I forgot to list versions...
pfSense: ... -
07:18 AM Bug #9145 (Rejected): user based policies with automated client logedon user identification
- It would be great to define policies based on active directory / LDAP or local users and groups.
Also for this to... -
- Sorry everyone, there is some confusion around this bug.
The FIFO scheduler never was the default scheduler and th... -
-
05:19 AM Bug #8914: Gateway switch events cause a huge amount of log spew
- Tested on VM HA cluster - CE 2.4.5-DEVELOPMENT (amd64) built on Tue Nov 20 16:55:31 EST 2018:
No "Gateways status ... -
04:00 AM Bug #8914: Gateway switch events cause a huge amount of log spew
- Not sure what the acceptable level of log spam is:
Nov 22 09:56:56 check_reload_status Reloading filter
Nov 22 0... -
-
-
03:55 AM Bug #9144: Set interface IP address from console crashes if DHCP is selected
- Wasnt able to reproduce the bug with MBT 4220 pfsense version 2.4.4
-
- On 2.4.5-DEVELOPMENT (amd64) built on Tue Nov 20 18:52:24 EST 2018:
: set | grep http
http_proxy 10.1.1.1:31... -
- Tried on 2.4.5-DEVELOPMENT (amd64) built on Tue Nov 20 16:55:31 EST 2018 (ran pfSsh.php playback gitsync master to ...
-
- Also include that and Digital Ocean in the help text.
11/21/2018
-
-
-
07:37 PM Bug #8993 (Resolved): PHP error from filter_rules_sort() when config.xml contains no rules
- Was able to replicate this after verifying <filter></filter> in config, connecting on the Anti-lockout rule, and tryi...
-
- You have to delete all of the rules in the config so it only has @<filter></filter>@
So you'd have to hit it from ... -
01:42 PM Bug #8993: PHP error from filter_rules_sort() when config.xml contains no rules
- I couldn't replicate this one on:
SG-3100
2.4.4-RELEASE (arm)
built on Thu Sep 20 09:33:19 EDT 2018
FreeBSD 11.... -
-
-
- This should fix that: https://github.com/pfsense/pfsense/pull/4017
-
- Tested in:
2.4.5-DEVELOPMENT (arm)
built on Tue Nov 20 08:56:03 EST 2018
The update completes OK:... -
06:51 PM Feature #9001: Add checkbox to disable SSL peer verification for SMTP notifications
- Using a host override to cause a hostname mismatch on a server with a valid certificate I was able to confirm mail co...
-
11:57 AM
Feature #9001: Add checkbox to disable SSL peer verification for SMTP notifications
- On 2.4.5.a.20181120.0754, feature is present. However, without a misconfigured email server, I can't tell if the feat...
-
-
-
- Tested on CE build from Friday November 16th. Duplicated missing default gateway on primary node after failover and f...
-
03:54 PM
Bug #9121 (Resolved): PHP array reference Cleanup
-
01:40 PM
Bug #9121: PHP array reference Cleanup
- Tested the DNS forwarder configuration that threw the php issue (https://redmine.pfsense.org/issues/9121#note-1), on ...
-
- Applied in changeset commit:c6c398c6c51e48893f658eb6e6c08b47f41b085d.
-
07:47 AM
Bug #9121: PHP array reference Cleanup
- Those two error appear to be unrelated to the original issue. I have pushed a fix for them both.
-
- Applied in changeset commit:9607d4871584890633cd7a70b4f15c1f0951011c.
-
-
02:00 PM Bug #9144 (Resolved): Set interface IP address from console crashes if DHCP is selected
- Steps to reproduce:
- Go to VGA console
- Option 2, Set interface IP address
- go through the wizard, when it asks... -
02:27 PM Bug #9024: Ping packet loss under load when using limiters
- I would try to update this bug to make it more specific to limiters but I don't seem to hav privs
-
- In NTOPNG > Interfaces > Historical it's not displaying traffic values correctly, it seems to cap around 10Mbps.
H... - 01:52 PM Revision 6f9729c0: Minor fixes related to #9121
-
- This is resolved, turns out the issue with ISP, spoke to 'em and they sorted it.
I'm not sure how to close the tic... -
- Installing ntopng failed, it threw this error to ...
-
-
-
12:02 PM
Bug #8937 (Resolved): LAGG shows wrong ether address
- Tested on 2.4.5.a.20181120.0754 gitsync'd to master, works as expected. Lists ether and hwaddr.
-
- Applied in changeset commit:ede4faa74ca16e5ca0fe437beaf7f181eae1b60a.
-
-
-
-
- FRR seems to be missing the option to sync the config viar XLMRPC.
-
-
-
-
-
-
-
05:19 AM Bug #9131: Captive Portal Radius Accounting "unauthenticated"
- Thanks!!
The patch works great.
Federico
11/20/2018
-
- interfaces_carp_set_maintenancemode() calls interface_carp_configure()
to each configured CARP and it ends up reconfi... -
-
- interfaces_carp_set_maintenancemode() calls interface_carp_configure()
to each configured CARP and it ends up reconfi... -
-
04:26 PM Revision 79765f9c: Fix few spelling issues
- Ticket #9134
(cherry picked from commit 85a8f9b0ce0d0fac6f361bc5dfd09c67607020f1) -
-
- Ticket #9131
(cherry picked from commit f790565a7514662b1fe97fc7c79b56838597965c) -
-
- Redmine #9114
(cherry picked from commit 83a6f504d6eb4d1925c4745a6457805fbbe308d9) -
- 04:21 PM Revision a247e5ae: Update src/usr/local/www/vendor/d3/d3.min.js
- Restored d3.min.js
(cherry picked from commit 2dd0ba04705396981dfc6d75ec6910799ba8846d) - 04:21 PM Revision 8efe5c95: Update src/usr/local/www/vendor/d3/d3.min.js
- make sure to only pass valid options when supported by the browser
(cherry picked from commit 125ae17e59a54c2315c683... - 04:21 PM Revision fe794e51: Removed js warnings
- (cherry picked from commit 36742b464a1b4449e52cbd0b539fece507a3b23e)
-
-
-
- Applied in changeset commit:8bffe226d5183dda310dde2a89c78f2d8d79789c.
-
12:50 PM Bug #9024: Ping packet loss under load when using limiters
- Using limiters on an interface, with outgoing NAT enabled, causes all ICMP echo reply packets to drop, coming back in...
-
11:51 AM
Bug #8921 (Resolved): dpinger without .pid files.?. 'pending' status
-
11:18 AM Bug #8831: Radvd causes latency spikes
- As already written in the Forum, I would like to know what NIC and Configuration are you using (LACP etc.).
-
09:51 AM Bug #8831: Radvd causes latency spikes
- I was seeing the exact same thing
ServicesDHCPv6 Server & RALANDHCPv6 Server
Disabled the above - the issue mos... -
- PR merged, thanks!
-
-
- PR merged. Thanks
-
-
- PR merged. Thanks!
-
08:55 AM Bug #8294: Icmp redirect doesn't use CARP IP
- Bug still present in 2.4.4
-
08:40 AM Bug #8192: dpinger - Change in ISP link-local IPv6 address drops connectivity
- I spoke with my ISP. It appears as part of a load balancing script on their end the PPPoE session will be dropped an...
-
07:48 AM Bug #9140 (New): Unexpected rule can be displayed when looking up filter log entry with multiple matching rules
- When using Port aliases, in the firewall log, when clicking on 'action' the triggering port seems to always be the fi...
-
-
02:27 AM pfSense Packages Bug #9139 (New): telegraf: add ping for default gateway(s)
- It would be nice if telegraf plugin could generate config lines for pinging default gateway.
there's a minor issue... -
- there should be a textarea input for adding extra config lines to telegraf config.
11/19/2018
-
04:49 PM pfSense Packages Bug #9135: Suricata in inline modus blocks some downloads
- This bug needs to be reported upstream to the Suricata team. When you use Inline IPS mode, you are using code straig...
-
10:59 AM Bug #8001: Invalid FQDN in alias causes alias table to fail *silently*
- Verified that the bad FQDN doesn't fail the tables any longer.
There's still no error. There should at least be a... -
- Thanks!
-
- Not enough information here for a complete and valid bug report. Post on the forum to discuss and gather more informa...
-
04:26 AM Bug #9137 (Rejected): Fails to assign static IPv6
- I have xbox, static IPv4, and also IPv6, for both Wireless and wired MAC addresses
Wan DHCPv6/56
Lan Tracked
... -
- I also see this, IPv6 static leases disappearing
11/18/2018
-
11:15 PM pfSense Packages Bug #6784: HAProxy version .48 will not use URL Table Alias for front end listener
- Quick up.
I just stumbled upon a scenario where having support for URL Table Alias would be helpful or desirable, ... -
- I'm seeing this again in 2.4.4. Disabling gateway monitoring and gateway monitoring action in 2.4.2 100% resolved th...
-
- Confirmed that a RADIUS server named radius.name was placed into strongswan.conf named radius_name and charon had no ...
-
- Created host alias with these FQDNs
www.pfsense-bug-8001.com
www.google.com
www.yahoo.com
www.netgate.com
www.... -
- I can confirm a positive feedback for the applied changes, but i don't know if we should replicate these changes to o...
-
- The log messages look the same as #9115, might possibly be the same root cause.
-
- IPv6 assigned to inside interfaces seem to lose their assignments one by one over time upon renewal or interface rese...
-
- I'm unable to replicate this is 2.4.4. I configured 3 WANs, all DHCP with one that fails to find a server. Only that ...
-
- Suricata in the inline mode blocks some downloads mostly from Subdomains but some downloads it blocked from normal do...
-
- Ticket #9134
-
- Ticket #9131
-
- There's few typos in captive portal settings page.
I made a pull request ( https://github.com/pfsense/pfsense/pull... -
- Hello,
Thank you for reporting this issue!
I just submitted a pull request fixing it ( https://github.com/pfse...
11/17/2018
-
06:29 PM Bug #9133 (Resolved): "Show all configured leases" does not stay set after deleting a lease
- If you select "Show all configured leases", the setting returns to "Show active and static leases only" if you delete...
-
- When you open up the traffic graph to display the list of hosts and their corresponding bandwidth in / out, the insta...
-
-
- Jim Pingle wrote:
> So this is working OK now?
>
> If so, we can close it out, or mark it as a duplicate of #9019... -
05:05 PM
Bug #9098 (Resolved): Default CRL lifetime of 9999 rolls over at 2038 on ARM
- Tested on 2.4.5.a.20181116.1325, works as expected.
-
11:41 AM Feature #9062: Add "email notification" when the WAN interface change its public IP
- Jim Pingle wrote:
> If you want that, setup dynamic DNS, and it can find the actual public address and notify when i... -
08:27 AM Feature #9130: Request ID [#INC-16195]: DHCP - PXE Boot
- This is what I'm trying to do:
next-server 192.168.5.2;
if exists user-class and option user-class = "iPXE" {
... -
- I wanted to follow up with issue 765 (https://redmine.pfsense.org/issues/765) and see if we can add this issue with a...
-
- Hi,
when setup a Radius Mac auth, pfSense send to external freeradius the value "unauthenticated" as User-Name in Ac...
11/16/2018
-
09:00 PM
Bug #9071: Package restore after fresh install can fail, claiming packages do not exist
- Cannot reproduce on oldest or newest available 2.4.x snapshots. Looks like the issue is no longer present.
-
07:50 PM Bug #8512: PPPoE reconnect fails after interface flap
- I think those topics are related.
https://forum.netgate.com/topic/137790/pppoe-client-goes-down-after-any-other-inte... -
- Replicated in 2.4.4.
Configured CP for auth against local database and added a test user. Changed system language to... -
07:19 PM
Bug #9083 (Resolved): Config upgrade issue with empty IPsec P1
- Tested on 2.4.4, was able to reproduce the bad behavior. Tested on 2.4.5.a.20181116.1325 and the behavior could not b...
-
- On 2.4.5-DEVELOPMENT (amd64) built on Wed Oct 03 17:24:18 EDT 2018 edited config.xml - cut out content between <phase...
-
- Tested on 2.4.5.a.20181116.1325
New user with no privileges receives "No page assigned to user"
After adding "W... -
- If you want that, setup dynamic DNS, and it can find the actual public address and notify when it updates.
Otherwi... -
- I am sorry. It was my mistake that I did not describe the request properly.
Some Internet Service Providers are gi... -
03:28 AM Feature #9062: Add "email notification" when the WAN interface change its public IP
- TCI User wrote:
> It would be helpful if an email is send when the WAN interface change its public IP.
> Here is an... -
11:01 AM
Bug #9100 (Resolved): CA/Cert valid end dates after 2038 are blank on ARM
-
11:01 AM
Bug #9100: CA/Cert valid end dates after 2038 are blank on ARM
- Certificate and CA created with lifetime 7300 which did not properly show the end date in 2.4.4, showed the date fine...
-
10:37 AM Bug #9009: Cannot create Schedule
- Can you create a system patch for this?
-
- Disabling hardware checksums did not disable IPv6 transmit checksum on 2.4.4-RELEASE.
After upgrading to:... -
07:49 AM Bug #9054: Gateway Group slow (or never) to switch back to Tier 1
- HI! After some tests noticed that problem appear only when my "Gateway Group" set as Default gateway
If set WAN1 or ... -
- Confirmed on 2.4.4.
Tested:
2.4.5-DEVELOPMENT (amd64)
built on Sat Nov 10 16:12:27 EST 2018
Disabled rule dr... -
- Duplicate of #4128
-
- Hey guys
I (and a lot of guys outside the internet) prefer a possibility to have choices in the notifications. Like...
11/15/2018
-
06:48 PM
Bug #9121: PHP array reference Cleanup
- Tested on 2.4.5.a.20181114.1947, hit the following php error with a DNS forwarder domain override in place:...
-
- There have been a number of PHP errors on 2.4.4 as a result of uninitialized arrays being used with references. I've ...
-
- Added info to the docs about using the sysctl tunable to work around this. There doesn't appear to be anything more w...
-
12:33 PM
Feature #9104 (Resolved): Add a FAT32 partition to memstick installer images
-
12:31 PM
Feature #9104: Add a FAT32 partition to memstick installer images
- Tested on 2.4.5.a.20181114.2257, works as expected.
-
- PR: https://github.com/pfsense/pfsense/pull/3990
Changes header to remove the "Drag to reorder" text when that fea... -
10:50 AM Bug #9123 (Feedback): Adding/configuring vlan on ixl-devices causes aq_add_macvlan err -53, aq_error 14
- The actual vlan addition/configuring process is triggering error "aq_add_macvlan err -53, aq_error 14" on ixl-devices...
-
- In latest ui it is not possbile to reorder interfaces for defining a failover-lagg-interface.
FreeBSD uses the first... -
- I believe this only affects captive portal logins. We were not able to replicate it any other way. Testing that now....
-
- Tested against:
2.4.5-DEVELOPMENT (amd64)
built on Wed Nov 14 19:48:37 EST 2018
No longer seeing that error on ... -
-
- Imported patch from https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=220468 to fix libfetch
-
07:31 AM Bug #9120: dhcrelay crush with error Unsupported device type 24 for "lo0" but listen another ethernet adapter
- !!
-
- There isn't enough information here to form a valid bug report. Please post on the forum at https://forum.netgate.com...
-
- pfsense 2.4.4-RELEASE (amd64)
-
- Nov 15 15:16:24 dhcpd For info, please visit https://www.isc.org/software/dhcp/
Nov 15 15:16:24 dhcpd All righ... -
06:54 AM
Feature #9032 (Resolved): RADIUS MAC Authentication: display the login page when MAC auth failed
-
06:46 AM
Feature #9032 (Closed): RADIUS MAC Authentication: display the login page when MAC auth failed
-
06:49 AM
Bug #8956 (Resolved): traffic shaper after upgrade to 2.4.4 not showing queue under each limiter
-
06:48 AM
Bug #8995 (Resolved): MTU Trouble with Orange is back
-
06:42 AM
Bug #9081 (Closed): signed long rollover in "Log file size (Bytes)" can cause self-inflicted DoS
-
06:39 AM
Bug #9080 (Closed): firewall_nat_1to1.php: PHP error with empty 1:1 NAT rule list
-
-
- 2.4.5-DEVELOPMENT (amd64)
built on Wed Nov 14 23:01:04 EST 2018
On this snap - OK. -
- That snapshot is from before the fix was committed. Try again on the next snapshot, or gitsync.
-
- Getting error on 2.4.5-DEVELOPMENT (amd64) built on Wed Nov 14 10:25:41 EST 2018 FreeBSD 11.2-RELEASE-p4:
[2.4.... -
- Nothing special about the setup. The packages are listed in the output in the problem description.
In this case it... -
-
- Created, edited, assigned QinQ interface - without errors.
11/14/2018
-
- (cherry picked from commit b55d94e80eeed57e39d33c643bf00be6565c1938)
-
-
- I did a fresh 2.4.4 recovery install on SG-3100. After restoring config file with installed packages all worked as ex...
-
- Applied in changeset commit:4be5ed9f144a6d93499fdee6e2a50d0edbed8a98.
-
-
-
-
-
-
- Applied in changeset commit:b55d94e80eeed57e39d33c643bf00be6565c1938.
-
- When the aliases section of config.xml is empty, easyrule fails with a PHP error:...
-
-
-
- Redmine #9114
-
- Fixed in stunnel pkg version 5.47
-
- stunnel wants the private key, certificate, etc all inside a single file. However, it does not ensure that a newline ...
-
- Applied in changeset commit:592bec817f152a7536572a675079776138827cc8.
-
- The OLSRD package was removed long ago (not converted to 2.3) and there is still some code around the base system tha...
-
07:45 AM Bug #9114: Captive Portal Blocked MAC Address Redirect URL not working
>
> The reason why this behavior has been updated is that it was quite strange to display an error message before...-
- Forum link: https://forum.netgate.com/topic/137627/blocked-mac-address-redirect-url-not-working
Well,
It is tr... -
-
02:41 AM Bug #9116: IPsec VTI routes not applied at boot time when gateway monitoring is disabled
- Jim Pingle wrote:
> Applied in changeset commit:ed104a182a95f0ce4e6df76a8c3f0698ff7ce092.
Fix works fine! Tnx! -
11/13/2018
-
- (cherry picked from commit ed104a182a95f0ce4e6df76a8c3f0698ff7ce092)
-
-
07:01 PM Feature #7618: Add support for user-supplied Host-Uniq tag and handle PADM messages in Netgraph PPPoE
- I believe it was accepted.
-
06:24 PM Feature #4821: PPPoE WANs do not take full advantage of NIC driver queues for receiving traffic
- Testing net.isr.dispatch on the NetGate SG-4860 on a 1 Gbps PPPoE connection (each result is averaged across 10 runs)...
-
- Applied in changeset commit:ed104a182a95f0ce4e6df76a8c3f0698ff7ce092.
-
- With gateway monitoring enabled, an interface event kicks off a restart of other scripts which apply the routing and ...
-
- I generated a configuration with 250 VLANs (assigned, enabled, with DHCP active) based on a user complaint of problem...
-
- The issue was not properly defined and we need to discuss the issue to find out more about it before jumping straight...
-
- Jim Pingle wrote:
> The only problem here is that your static routes are not present at boot time.
Hi Jim Pingle... -
- It doesn't sound like that has anything at all to do with Google, so the description/subject may be completely inaccu...
-
- Hi,
I created routed/VTI site-to-site vpn from my pfsense box to google cloud (https://cloud.google.com/vpn/docs/h... -
- Prior to version 2.4.4-RELEASE, devices listed in Captive Portal "MACs" section would never see a login prompt, and d...
-
- That is almost certainly a hardware/disk issue. Most likely the filesystem is corrupt and needs fsck run a few times ...
-
03:16 AM Bug #9112 (Rejected): hosts corrupted
- pfSens 2.4.4
the first 0x2000 bytes of /etc/hosts are filled with Zero!
This happens every couple of weeks.
000... -
11/12/2018
-
- (cherry picked from commit 360737f6345e376f2de6d2810a1f345a018480e5)
-
-
- (cherry picked from commit eb6a022efaa19ce146990e0e4a57e421ddbad8bb)
-
-
- (cherry picked from commit 16b78f3879bdf658274caf750c9360ec97bb8f77)
-
-
- (cherry picked from commit cc955fe63ad44b5aac66721e54965d9bc13e990c)
-
-
- (cherry picked from commit 439d9beba0213c96281d8ff6b09ccb8136b1a0aa)
-
-
- Currently, IPsec VTI interfaces have no special handling for MTU. It is possible to nudge it manually after the syste...
-
- So this is working OK now?
If so, we can close it out, or mark it as a duplicate of #9019 if the root cause was id... -
- Does the same thing happen with an incognito/private mode browser session that has never visited that firewall before...
-
11:53 AM Bug #8235: The browser must support cookies to login
- Scott Phillips wrote:
> I updated pfsense to use secure socket that utilizes port 443 to login as the adminstrator. ... -
- I've added LICENSE files inside the 36Mb FAT32 partition and changed code to be able to restore a /config.xml of /con...
-
- Applied in changeset commit:cc955fe63ad44b5aac66721e54965d9bc13e990c.
-
- FYI: The error did not show up in the GUI or logs, but when running @ipsec start@ from the command line, the followin...
-
- At least in one case this is due to charon failing to parse a RADIUS server name containing a period. Apparently this...
-
- I request that we finally do the change necessary to fix #1635, that way it would be possible to set a custom state t...
-
- Applied in changeset commit:439d9beba0213c96281d8ff6b09ccb8136b1a0aa.
-
- When editing QinQ entries on interfaces_qinq_edit.php, a PHP error can occur:...
-
- PR has been merged
-
11/11/2018
-
06:53 PM pfSense Packages Bug #9108: OpenVPN client without "explicit-exit-notify" does not trigger client-disconnect portion of /usr/local/sbin/openvpn.attributes.sh
- Sorry, forgot the pre tags:...
-
- In relation to Feature Request #9805, to avoid overriding the default client-connect/client-disconnect script I reloc...
-
- This problem is addressed by the pull request https://github.com/pfsense/FreeBSD-ports/pull/592 that updates the GUI ...
-
- Matt _ wrote:
> For the original issue,
>
> [...]
>
> seems to fix this, as well as disabling any checksum off... -
- Renato Botelho wrote:
> FreeBSD r339863 was cherry-picked to RELENG_2_4_4
I updated to the latest snapshot as of ...
11/10/2018
-
05:03 PM Bug #9004: Default gateway IPv4 set to a group fails after restart on 2.4.4
- Daniel Williams wrote:
> This is repeatable.
+1, i have had the same.
Also
https://www.netgate.com/blog/pfsen... -
Renato wrote:
> When voucher is used, disconnected or expired, sync it in both
> directions using HA main infor...
11/09/2018
-
09:12 PM
Bug #9105 (Resolved): WebGUI option toggles that need nginx restart are not triggering when disabled
-
09:12 PM
Bug #9105: WebGUI option toggles that need nginx restart are not triggering when disabled
- Tested on 2.4.5.a.20181109.1326, works as expected.
-
01:42 PM Bug #9107 (Closed): New AutoConfigBackup - Cannot Access Settings When Not Connected to Internet
- I have a router I had an issue with. I am moving it over to new hardware, because the old hardware does not support ...
-
- Some users on 2.4.4 and 2.4.5 snapshots with strongSwan 5.7.1 have found that IPsec is not working.
strongSwan will ... -
-
-
- Also i noticed in my case helps when restart openvpn client.
After restart OpenVPN, vpn and other traffic switch bac... -
- Did you try restart service dpinger? In my case this helps switch back to WAN1
-
- Set to trigger level "Packet Loss or High Latency"
I will set trigger level "Member Down" and let you know on monday... -
- @VasylSemenchuk Are your gateway groups set to trigger level "Packet Loss or High Latency" or "Member Down"? Does it ...
-
- The same problem on all my devices (20 devices) after upgrading
-
08:09 AM Bug #9049: IPSec statuspage shows both connected and connecting tunnel
- Ges Ture wrote:
> Since bugnumber 8117 has been served off as not a bug, and no further response is given I'd like t... -
- Should be fixed by the new filterdns (see #8758 too).
If you have issues, please let us know.
-
- Fixed in the new filterdns.
-
- This issue was one of fixes included in the new filterdns (version 2.0).
If you still have issues, please let us k... -
- Applied in changeset commit:e1a6074dc8918d756a73efc8cf251318b735f000.
-
-
11/08/2018
-
- (cherry picked from commit 8207fac69158ad4a56deab4a4b4f6f4c3c361b81)
-
-
-
-
01:30 PM pfSense Packages Bug #9082: freeradius eap-tls CA validation trying to use fields that may not exist
- can confirm. it is working.
-
- Fixed in pkg version 0.15.7
-
- Looks like the config shouldn't put a trailing @/@ on the subject.
Though the more I think about it, I wonder why ... -
08:49 AM pfSense Packages Bug #9082: freeradius eap-tls CA validation trying to use fields that may not exist
it's in the right order :
Auth: tls: Certificate issuer (/C=FR/ST=Ain/L=Jassans-Riottier/O=pfvpn/emailAddress=...-
12:58 PM Feature #8284: Add duplicate option next to OpenVPN servers and clients
- Ivor Kreso wrote:
> It would be very convenient to have a "duplicate" icon next to OpenVPN servers and clients list.... -
- Applied in changeset commit:8207fac69158ad4a56deab4a4b4f6f4c3c361b81.
-
- Some of the option GUI toggles like the WebGUI redirect are supposed to trigger a restart of nginx when they change. ...
-
-
- I've upgraded to:
2.4.5-DEVELOPMENT (ARM)
built on Wed Nov 07 16:23:36 EST 2018
FreeBSD 11.2-RELEASE-p4
Conf... -
- ntopng appears to have removed all of that code. It went from enable-flow-activity to enable-flow-scripts to enable-u...
-
10:28 AM pfSense Packages Todo #9041: update ntopng 3.6.0
- Jim Pingle wrote:
> The activity map is not relevant to this ticket, only the version, which appears to be OK.
>
... -
- The activity map is not relevant to this ticket, only the version, which appears to be OK.
FYI: ntopng disabled th... -
- On 2.4.5-DEVELOPMENT (arm) built on Mon Nov 05 15:36:37 EST 2018 FreeBSD 11.2-RELEASE-p4:
I don't see activity map o... -
- Adding a FAT32 partition on the installer image, as we have on ARM recovery images currently, means:
* We can drop... -
-
-
- Seems good to me. This issue be marked as resolved.
-
- Jane Doe wrote:
> The fall back seems not to respect the setting *Use custom captive portal page* as it always shows... -
- This but only applies to installer image, not to installed system. Our memstick installer image uses MBR since May, w...
-
-
11/07/2018
-
- On 2.4.5-DEVELOPMENT (arm) Mon Nov 05 15:36:37 EST 2018 FreeBSD 11.2-RELEASE-p4:
Created a test cert, then opened... -
- On 3100 2.4.5-DEVELOPMENT (arm) сделан Mon Nov 05 15:36:37 EST 2018 changed language to Russian, then logged out and ...
-
08:38 PM Bug #8465: Lost default gateway after recover from failover with CARP VIP and HA
- I'm having the exact same issue with 2.4.4. Using IPs outside the WAN-VIP subnet on the WAN interfaces forces the d...
-
- No negative feedback from testing, time for a wider push.
This helps with third party devices that require 0.0.0.0/0... -
- No negative feedback from testing, time for a wider push.
This helps with third party devices that require 0.0.0.0/0... -
- The default action is to validate the certificate. If the user knows the
server does not have a valid certificate (e.... -
- The default action is to validate the certificate. If the user knows the
server does not have a valid certificate (e.... -
- Seems like the order in which cert fields are presented is also an issue. Still getting error despite matching exactl...
-
- Fixed in pkg version 0.15.6.
Fields left blank will not be added to the subject to validate.
If someone was rel... -
- Applied in changeset commit:5c4aa94a90256b13b19209f11e4c75b2d0e85ece.
-
- Applied in changeset commit:7da466e1c4b6873b9fb80e862faf8f799a6d4531.
-
- Duplicate of #8964 (it came later, but has more detail and comments with additional info)
-
- This was picked back to 2.4.4 last week. Looks good, no complaints or errors encountered.
-
- Looks like that might be something in FreeBSD but needs more research. It doesn't seem to matter if @console="efi,com...
-
- In that case, it is NOT a routed setup, so the document is not relevant to what the user is doing.
-
07:11 AM pfSense Docs Correction #9103 (Rejected): Feedback on Routing — Routing Public IP Addresses
- *Page:* https://www.netgate.com/docs/pfsense/book/routing/routing-public-ip-addresses.html
*Feedback:*
If the u...
11/06/2018
-
- (cherry picked from commit 3fec247042a91642a22a8761d3c8a1f9df119817)
-
-
- (cherry picked from commit 9aa8f6a864905c0e3738c337a51f0772b0c5eb93)
-
-
- (cherry picked from commit ca4456b95c53e89cf6b428a999ae15367b753073)
-
-
- Tested against:
2.4.5-DEVELOPMENT (amd64)
built on Tue Nov 06 11:45:54 EST 2018
After restoring a config with p... -
- Tested against:
2.4.5-DEVELOPMENT (amd64)
built on Tue Nov 06 11:45:54 EST 2018
Repeated above steps. Log setti... -
- Based on a forum post I performed some testing.
If I started a download in Firefox then used the same Firefox brow... -
- The console order appears to be correctly forced:...
-
- Tested against:
2.4.5-DEVELOPMENT (amd64)
built on Tue Nov 06 11:45:54 EST 2018
With serial console enabled loa... -
- Applied in changeset commit:3fec247042a91642a22a8761d3c8a1f9df119817.
-
- In the CA and Cert lists, if an entry has a valid end date after the UNIX timestamp signed 32-bit int rollover time i...
-
- Applied in changeset commit:9aa8f6a864905c0e3738c337a51f0772b0c5eb93.
-
- CA and Certs get the correct/expected end date in the data, but the GUI doesn't show the dates. Moved that to #9100
-
- FreeBSD r339863 was cherry-picked to RELENG_2_4_4
-
11:22 AM pfSense Packages Bug #8607: Suricata package fails to prune suricata.log
- I also got hit by this now when trying to open suricata.log. The crashing suricata.log file was 103MB. Suricata.log o...
-
- Applied in changeset commit:ca4456b95c53e89cf6b428a999ae15367b753073.
-
- If the config.xml contains an empty certificate (@<cert></cert>@) it leads to a PHP error when attempting to add a ne...
-
-
08:51 AM
pfSense Packages
Bug #8491: ACME: DNS-Luadns not working
- Problem is solved.
-
- With the Gateway Group set to "Packet Loss or High Latency" this problem definitely shows up much more often.
-
04:10 AM Bug #9058: Kernel panic during L2TP retransmit
- This seems to be an upstream bug in FreeBSD mpd5 - today I got the same crash on my L2TP Server (FreeBSD 11.2-RELEASE...
11/05/2018
-
- Verified that the checkbox toggles the AllowAgentForwarding in sshd_config and that agent forwarding is both enabled ...
-
- (cherry picked from commit 8bd36425b4bc46e5bbcc940a4d20bfbb2a0011ba)
-
-
- (cherry picked from commit 4c4e294b0f1523827fa21066521674a435c8f670)
-
-
- Avoids foot-shooting by restoring a config with serial enabled.
(cherry picked from commit 5e5df38fcd3116c4d0f3fc716... -
- (cherry picked from commit 2f73f2f9eca656c2de5b836f4d0292186147e788)
-
- Avoids foot-shooting by restoring a config with serial enabled.
-
-
- The default lifetime on a CRL is 9999 days, which currently puts it expiring in 2046. On ARM, this seems to lead to a...
-
02:50 PM Bug #9081: signed long rollover in "Log file size (Bytes)" can cause self-inflicted DoS
- That'll do. I mean, other than actually fixing clog. But that is a whole other ball of wax and just another reason ...
-
- Applied in changeset commit:8bd36425b4bc46e5bbcc940a4d20bfbb2a0011ba.
-
02:36 PM Bug #9097 (Resolved): ECL can't locate config.xml unless device is MBR-partitioned
- Follow-on to #9089, but this one needs to be fixed in code, IMHO:
* GPT devices show up as da1p1, not da1s1, so ca... -
- Applied in changeset commit:4c4e294b0f1523827fa21066521674a435c8f670.
-
- If config.xml contains no log settings, but has an empty syslog section (@<syslog></syslog>@) this can lead to a PHP ...
-
02:17 PM Feature #9096 (Resolved): Login Page: Make pfSense Login Page Tab Name More Unique
- Currently, the tab name (i.e., the name that appears in the tab in Google Chrome and other browsers) for pfSense's Lo...
-
- Fixed.
-
- Applied in changeset commit:5e5df38fcd3116c4d0f3fc71622643e962f982a8.
-
- We have code in source:src/etc/inc/pfsense-utils.inc#L1226 that checks for the MBT models and sets @$hdmi_only@ but t...
-
- Applied in changeset commit:2f73f2f9eca656c2de5b836f4d0292186147e788.
-
- Fixed in php-pfSense-module 0.65
-
- If all of your interfaces are assigned, none are free to be added to a lagg. This is normal and not a bug. Post on th...
-
06:07 AM Bug #9093 (Not a Bug): Blank Parent Interfaces while creating LAGG
- Hi Team,
I am using 2.4.4 physical and 2.4.3 on a VM, while creating a new LAGG I see that the Parent Interfaces s... -
11/04/2018
-
03:16 PM Feature #9092 (Resolved): Option to set interval of forced Dynamic DNS updates
- I use dy.fi dynamic DNS service. It requires refreshing the IP every 7 days (even if it does not change) or it is rel...
-
03:07 PM Feature #9091 (Resolved): Chelsio TOE support using the ``t4_tom`` module
- Please add t4_tom.ko to the kernel so Chelsio cards TOE functionality can be enabled as discussed on this forum post ...
11/03/2018
- 11:31 PM Revision 2dd0ba04: Update src/usr/local/www/vendor/d3/d3.min.js
- Restored d3.min.js
-
06:29 PM
Bug #9066 (Resolved): ecl.php: Checking /config path is not working due to lack of trailing slash
- Tested on pfSense-CE-memstick-ADI-2.4.5-DEVELOPMENT-amd64-20181103-0458, works as expected (config.xml in /config/ on...
-
- The other issue is still open. This is not necessary.
-
02:19 AM Bug #9090 (Duplicate): Traffic graph widget mouse over always shows b/s even when the value is in B/s
- As the description, the mouse over display is always shown as b/s regardless on the bits/Bytes setting.
Same as Bug ... -
- Bug still present on 2.4.4
11/02/2018
-
- The glob() pattern in source:src/etc/ecl.php#L40 's get_disk_slices() implicitly limits the function to finding confi...
-
04:23 PM
Bug #9061 (Resolved): PowerD command parameter validation and escaping
-
04:23 PM
Bug #9061: PowerD command parameter validation and escaping
- Could recreate the behavior on 2.4.4. On 2.4.5.a.20181102.0213, could not reproduce the behavior, received ...
-
03:31 PM Feature #9088: Indication of package upgrades in dashboard widget “System Information”
- Jim Pingle wrote:
> There is a packages widget that checks for package updates. It won't be added to the main system... -
- There is a packages widget that checks for package updates. It won't be added to the main system information widget.
... -
- It would be very helpful if the ”System Information” widget could indicate if packages need to be updated. Currently ...
-
03:09 PM
Todo #8898: Update strongswan to 5.7.1
- On 2.4.5.a.20181102.0213, strongswan version is 5.7.1.
-
- Corey Boyle wrote:
> Why even have the option to disable PTI?
The user may have a use case where the original pro... -
03:05 PM Todo #9026: PTI checkbox wording can be confusing, should give a little more detail and show current PTI status
- Why even have the option to disable PTI?
-
03:05 PM
Bug #8864 (Resolved): SSH Guard Sensitivity/Whitelist on 2.4.4
-
03:04 PM
Bug #8864: SSH Guard Sensitivity/Whitelist on 2.4.4
- On 2.4.5.a.20181102.0213, works as expected. Address(es) added to the whitelist are not subject to SSH Guard detection.
-
12:50 PM Bug #7869: Hyper-v vm traffic shaper error: hn0: driver does not support altq
- altq regressed to broken in hyper-v in 2.4.4, but this is fixed already per this bug report:
https://redmine.pfsense... -
- In case anyone has already upgraded to 2.4.4 and wants to workaround the issue without waiting for a patch or downgra...
-
-
- The fix Renato pushed yesterday has fixed the issue! Traffic shaper starts up no problem now.
Looks like the firs... -
- Set it to Future until a new patch is submitted
-
11/01/2018
-
11:51 PM Bug #9087 (New): Traffic Graph Widget Legend Not Updating
- This issue was first posted to the Netgate Forums, but no solution was posted.
The traffic graph widget shows a le... -
-
-
-
-
-
-
- I pushed a fix on FreeBSD-src. Please try next round of 2.4.5 snapshots
-
- I've created a new "System Tunable" with : hw.hn.use_if_start with value of 1 Then rebooted the VM.
Output of s... -
- Ben T wrote:
> On psense 2.4.4 running as vm gen2 on windows 10 build 1803 Hyper-V, the output of the command: (scre... -
- On psense 2.4.4 running as vm gen2 on windows 10 build 1803 Hyper-V, the output of the command: (screenshot also atta...
-
-
- Jon Gav wrote:
> > hyper-v 2016
> > gen1 and gen2
>
> Issue persistent in 2.4.5.development as well
can you p... -
- A user reported this problem on a pt_BR group. After changing language it stopped working. I noted it is storing tran...
-
08:44 AM Bug #9064: voucher to device binding
- Jim Pingle wrote:
> If you add a pass-through MAC, the time on the voucher is irrelevant. Don't set it that long.
... -
- If you add a pass-through MAC, the time on the voucher is irrelevant. Don't set it that long.
-
- Jim Pingle wrote:
> If the voucher adds a pass-thru MAC, then you could also make the voucher only last 1 minute. Sm... -
- A FL wrote:
> This is actually not a bug.
>
> If the MAC address of the previous computer has been added as pass-... -
- If the voucher adds a pass-thru MAC, then you could also make the voucher only last 1 minute. Smaller window for abus...
-
- This is actually not a bug.
If the MAC address of the previous computer has been added as pass-through, "Disable c... -
- json-c upgrade was not necessary since we don't have plans to import a new quarterly to 2.4.4 branch.
-
-
- Both 5.7.0 and 5.7.1 commits were cherry-picked to 2.4.4 branch
-
- yes it's always the same (except the hex addresses)...
-
- OK, and is the backtrace in the crash report always the same?
I have not seen a recurrence of this on my local set... -
- Thanks for waiting. My pfsense crashed two times in the last two days. From the monitoring (telegraf, 300s interval) ...
- 05:17 AM Revision 125ae17e: Update src/usr/local/www/vendor/d3/d3.min.js
- make sure to only pass valid options when supported by the browser
- 04:33 AM Revision 36742b46: Removed js warnings
10/31/2018
-
- I'm running pfSense 2.4.4 and the Windows openVPN 2.4.6 client.
I was trying to get the openVPN server to log *use... - 05:07 PM Revision e65a15e4: Add help text to sshguard whitelist
- Reduce delete button size
Change label text to "Add address"
(cherry picked from commit 5514e368421171482e3e5b945f4c... -
- (cherry picked from commit 024e5de242661219bb8a62f183b1601cec44aa3c)
-
- 02:34 PM Revision 5514e368: Add help text to sshguard whitelist
- Reduce delete button size
Change label text to "Add address" -
-
-
- Applied in changeset commit:024e5de242661219bb8a62f183b1601cec44aa3c.
-
- An older configuration will fail to upgrade with an incomplete or empty IPsec Phase 1 section:...
-
- The Gateway Group was set as Trigger Level: Packet Loss or High Latency. I changed that to "Member Down" and now the...
-
- Duplicate of #9080 which is already fixed in the repo.
-
10:45 AM Bug #9084 (Duplicate): PHP crash after deleting NAT 1:1 rule
- There was only one rule on the NAT 1:1 list. After deleting it the the crash occurred. This happened several times an...
-
- Applied in changeset commit:ef4a242c0df1b69b3348997165afc8555471202c.
10/30/2018
-
- This issue is reproduced in this thread: https://forum.netgate.com/topic/137168/freeradius-ca-validation-broken-2-4-5...
-
- (cherry picked from commit 42ad3b8b51e12b9e4c89b94e2a191495318f42dc)
-
- 02:18 PM Revision f5c56bf8: Fix issue where Alias URL lists are not correctly stored
-
- That certainly sounds fun. I'll have a look.
-
- Values between 2147483648 and 4294967295 and cause fire-y disk-full death at the hands of @clog -i -s@
-
- Applied in changeset commit:42ad3b8b51e12b9e4c89b94e2a191495318f42dc.
-
-
- ...
-
- It's not clear there is anything we can do at all here. This is most likely an issue in ntopng itself, not something ...
-
09:22 AM pfSense Packages Bug #9079: High CPU usage of ntopng even during IDLE and no network traffic
- TOP shows that the ntopng process is in the only one in nanslp (nanosleep) mode if this helps.
-
- With pfSense version 2.4.4 and the usage of ntopng package the CPU is constantly on a high load.
Reducing ntopng tas... -
09:21 AM Bug #9074: Alias URL lists only storing last-most list in config.
- Submitted pull request:
https://github.com/pfsense/pfsense/pull/4002 -
- Cherry picked a270651cc45b428b5f8167d1d533c50e5ee958c2 to devel. If it's OK on 2.4.5 we can consider picking it back ...
10/29/2018
-
- explicit-exit-notify looks like it can greatly speed up recovery time on OpenVPN process restarts and potentially HA ...
-
- This reverts commit 2e618c0d285a242b8cc8004f0907ddbb227ecfe9.
-
09:13 AM Feature #9032: RADIUS MAC Authentication: display the login page when MAC auth failed
- The fall back seems not to respect the setting *Use custom captive portal page* as it always shows the default login ...
-
- There still appeared to be some odd behaviour with the change I did above where it was not always appending the array...
-
- There is not enough detail here to reproduce or identify a problem. Aliases are working fine in lab and production se...
-
04:06 AM Bug #9075 (Not a Bug): Firewall rules with aliases are not applied in upgraded 2.4.4
- HI,
I have an upgraded pfsense from 2.4.3 to 2.4.4 and then all the firewall rules with aliases are not applied co... -
- This needs discussion on the forum. It's working fine for thousands and thousands of installs. If there is an issue h...
-
04:44 AM Bug #9076 (Not a Bug): DHCP RENEW PROBLEM
- Hello,
Since two weeks we have a problem on our DHCP Server with dhcp adress renew on our clients.
All 24 hours, ... -
- When having lots of ACL rules and action rules it would be nice if it was possible to insert seperator lines with a n...
10/28/2018
-
-
- Looks good here. Thanks.
-
-
- Works as expected. Thank you.
-
- When creating an Alias URL list under Firewall->Aliases->URLs, only the IP's from the last-most URL in the list is wh...
10/27/2018
-
01:35 PM Bug #9073: "private-domain" in custom options results in invalid config (syntax error)
- Thanks, Jim! It didn't occur to me that the @server@ block could be specified twice. Can confirm the config now che...
-
- With custom options it is up to the user to ensure the config is in the correct section of the config. For example in...
-
- Ahah, I think the actual issue is that *Custom options* are being after the @forward-zone@ directive, which means the...
-
- Adding the following to the DNS Resolver *Custom options* field:...
-
- OK, we'll wait for some more feedback here to see what happens.
-
- After a few more crashes with different error messages, I ran a memory test, which showed errors. RAM is replaced and...
Also available in: Atom