Activity
From 11/07/2018 to 12/06/2018
12/06/2018
-
09:24 PM Revision 26b51f81: Merge remote-tracking branch 'refs/remotes/pfsense/master'
-
08:40 PM pfSense Packages Bug #9177 (Not a Bug): FRR 0.2_4 installation broken with pfSense 2.4.4_1
- The package doesn't like 2.4.4+...
-
03:28 PM pfSense Packages Bug #9176 (Closed): Spelling error in Acme package (0.3.2_4)
- I fixed the typo but did not bump the package for that minor of a change. The fix will come with whatever update happ...
-
03:22 PM
pfSense Packages
Bug #9176 (Closed): Spelling error in Acme package (0.3.2_4)
- At Services > Acme Certificates > General settings, under Cron Entry, successful is misspelled as ...
-
12:49 PM Bug #9160: OCSP Must-Staple, when checked on the System > Advanced AND on the System > General Setup some IPv6 DNS servers are listed, then the nginx web configurator file will a contain syntax error
- ?! You are right. Forgot all about that one.
Zap my staple story : that "true" one is probably right after all.
Tha... -
- When you have a certificate that requires stapling, you can't disable it or it will break GUI access. Hiding the chec...
-
- Not related, but while I was stapling :...
-
09:40 AM Bug #9175 (Duplicate): pfsense does not send out IPv6 UDP fragments for packets created local
- When using Strongswan as VPN Endpoint on pfsense with IPSEC sometimes "oversized" UDP packets are created in the IKE ...
-
08:45 AM pfSense Packages Bug #9174 (Resolved): Suricata rulesets in 2.4.4_1
- I cannot see rulesets when i create a new interface in Suricata with the Duplicate button from another interface. If ...
-
- There is not enough information here for a valid bug report. I cannot reproduce the problem with only the stated opti...
-
03:31 AM Bug #9172 (Rejected): There were error(s) loading the rules: /tmp/rules.debug
- With NAT Reflection enabled to Pure NAT and option "Automatic create outbound NAT rules that direct traffic back out ...
-
- There is not enough information here for a valid bug report. Please start a thread on the forum at https://forum.netg...
-
04:25 AM Bug #9173 (Rejected): Webgui does not start after reboot
- Hi
I configured my home pfsense to reboot at 4:00 am everyday. However after reboot, the webgui does not restart, ...
12/05/2018
-
11:37 PM Bug #9171 (Resolved): Fix DigitalOcean Dynamic DNS client
- DigitalOcean has updated the returned headers that breaks the check on the return.
-
- (cherry picked from commit f5f79fcc24241f0a76f6a7fe9b32917bee64e393)
-
-
- fe80 is not "LAN Net". It's link-local traffic that can never leave the segment. It shouldn't be hitting the firewall...
-
- Good on latest snap as well.
-
07:49 AM Bug #9163: NPt rule is omitted when /128 mask is given
- Applied from the system patches package and it works perfect
-
- Applied in changeset commit:f5f79fcc24241f0a76f6a7fe9b32917bee64e393.
-
- Note: This also only affects the wizard when setting a static WAN and upstream gateway.
Fix pushed, will show up m... -
- If a gateway existed but was deleted, the config can be left with @<gateways></gateways>@ which leads to a PHP error ...
-
02:53 AM Bug #9169: carriage return handling in OpenVPN custom Options
- Ok, my bad. But this is counter intuitive as the field itself is multi-line capable, and OpenVPN syntaxe doesn't need...
-
02:46 AM Bug #9169 (Rejected): carriage return handling in OpenVPN custom Options
- Separate your custom options with a semicolon as the field instructions and documentation state.
Enter any additio... -
- For one of my OpenVPN server, I use the custom options field to push routes to my client. Eg, I add
push "route 10...
12/04/2018
-
04:01 PM Bug #9168 (Not a Bug): "LAN net" Does Not Include the IPv6 Addresses Like Link Local Addresses and Privacy Addresses
- The Default Allow rule that pfSense generates on the LAN for IPv6 traffic are supposed to allow all IPV6 traffic from...
-
- According to:
https://tools.ietf.org/html/rfc4890#section-4.3.1
"4.3.1. Traffic That Must Not Be Dropped
Err... -
- Please read the upgrade guide. Looks like normal errors that happen during the upgrade from a version <= 2.4.3 to >= ...
-
02:16 PM Bug #9166 (Not a Bug): Failed loading extensions
- Hi, I updated to the latest version 2.4.4 release P1, and I'm getting these errors:
PHP Warning: Failed loading Z... -
- (cherry picked from commit e9446f537051c7b536d0b3fbb5ebd00c3766001a)
-
-
12:41 PM Feature #9165 (New): only IPs can be added to sshguard whitelist
- The new sshguard list feature (see #8864) does only allow addition of IP addresses. I do have the need to include DNS...
-
- Reported in the forum: https://forum.netgate.com/topic/138350/npt-rules-are-not-created-and-no-error-warning-appears
-
- Applied in changeset commit:e9446f537051c7b536d0b3fbb5ebd00c3766001a.
-
- NPt validation skips over a valid rule when the mask of either the source or destination is set to /128.
-
10:50 AM pfSense Packages Bug #9164: Snort barnyard2 / pfSense 2.4.4-p1 issue
- Thanks Jim the pkg install -fy mysql56-client has fixed the issue.
-
- That library is a part of mysql56-client-5.6.41 which is there for 2.4.4-p1. If it isn't pulled in by barnyard2 that'...
-
- After updating to 2.4.4-p1 barnyard2 will no longer run as libmysqlclient.so.18 is missing.
Dec 3 16:34:51 php-fpm... -
09:21 AM Bug #9004: Default gateway IPv4 set to a group fails after restart on 2.4.4
- 2.4.4p1 also affected.
-
08:27 AM Bug #9004: Default gateway IPv4 set to a group fails after restart on 2.4.4
- We also experienced this issue today. Had to set the "Default gateway IPv4" setting to WANGW so that pfSense could ge...
-
- All of the bogon rules get the same tracking ID.
And it's blocked because you didn't solicit that request, and you...
12/03/2018
-
05:21 PM Bug #9059: Update Unbound to 1.8.1
- I was asking if:
@server:@
@so-reuseport: no@
was set in 2.4.4-p1. I guess the answer is no it did not. This i... -
05:11 PM
Bug #9059: Update Unbound to 1.8.1
- Isaac McDonald wrote:
> Did this make it into 2.4.4_1 ?
Huh? We're discussing the bug right now, so I can't see ... -
- Did this make it into 2.4.4_1 ?
-
04:53 PM
Bug #9059: Update Unbound to 1.8.1
- I'm an idiot....
-
04:45 PM
Bug #9059: Update Unbound to 1.8.1
- I found this on the unbound mailing list: https://nlnetlabs.nl/pipermail/unbound-users/2018-October/010991.html
> ... -
04:38 PM
Bug #9059: Update Unbound to 1.8.1
- I can confirm I see the same after 2.4.4-p1...
-
- I updated Unbound to 1.8.1
@pkg update; pkg upgrade unbound@
After the upgrade I found that Unbound appears ... -
04:59 PM Bug #9162 (Not a Bug): Bogon rule confusion?
- WAN 0.0.0.0:68 255.255.255.255:67 UDP
block bogon IPv6 networks from GIF (11000)
I am unclear how (DHCPv4 b... -
- I am requesting that the rule descriptions in Status -> System Logs -> Firewall be shown for disabled rules and rules...
-
- ... and the result will be : no more GUI.
To begin with, one should have a certificate with the "OCSP Must Staple"... -
- I am requeting an option in Status -> System Logs -> Firewall to filter on the Rule ID #.
-
03:49 PM Revision 2ce775ca: Add Korean to the list of available languages
-
-
-
-
-
12/02/2018
-
03:25 PM pfSense Packages Todo #9158 (Resolved): Updates for Squid 4.x
- hi
the version 4 of squid proxy for "production use" are available
and it's seems that provide better support f...
12/01/2018
-
05:59 PM Feature #8578: /var/unbound/test/unbound_server.pem: No such file or directory
- Cannot restore 'DNS Resolver' or 'All' from browser, both result in NGINX error (500 I think, I didn't write it down)...
-
- I deselected OPT3 (the interface with the changed IP address) from Unbound listening but it makes no difference. When...
-
- I changed the IP address of my OPT3 interface today and now have the same error. Unbound was already listening on thi...
11/30/2018
-
03:48 AM Bug #9023: is_fqdn() validation
- I'm testing via System Patcher since https://github.com/pfsense/pfsense/pull/3998 went into approved/needs testing an...
11/29/2018
-
04:43 PM Feature #9157 (Rejected): Allow custom DHCP Options per Host
- I have a few raspberry pi's that need a specific option 60 and option 43 in order to do PXE Booting. Setting those op...
-
10:16 AM
Bug #8970 (Feedback): Queues Menu item ends with ":"
- I am now unable to reproduce this.
When first investigating this issue I found that "warteschlangen" had a spuriou... -
09:42 AM Bug #8973: Traffic not going to Limiter queues
- Thanks Luiz and Jim!
While on 2.4.4, I manually switched to Worst-case Weighted fair Queueing (WF2Q+) and seems to... -
- Looks good here. New limiters have WF2Q+ as default. When editing a saved limiter with that scheduler, the new descri...
-
- 0.0.0.0/0 is in the left/rightsubnet list and based on forum feedback this appears to be working with multiple third-...
-
- Starting with @<dhcpd></dhcpd>@ in the config I can reproduce the error without the fix and it works with the fix app...
-
- Based on multiple reports of it being fixed with this change I'd say it looks good. If someone has a different variat...
-
-
06:39 AM Feature #9156: OpenVPN: Add tickbox for 'nopool' directive
- Sorry, I try to edit, it should be under Feature.
-
- Please see here:
https://forum.netgate.com/topic/138156/limit-dhcp-ip-range-for-openvpn-clients-gui-only
Can we h... -
- [quote]I believe that without that option, a client-disconnect script won't be called.[/quote]
After the time-out de... -
03:44 AM Feature #9155 (Resolved): Add driver bnxt for Broadcom NetXtreme interfaces
- The driver for Broadcom NetXtreme-C/E cards is missing in pfSense 2.4.4-RELEASE (amd64), despite being present in the...
11/28/2018
-
06:03 PM Bug #9153: default gateway feature not working properly with gateway groups
- Daniele Sorrenti wrote:
> Already reported here: https://redmine.pfsense.org/issues/9004
Thank you. I didn't find... -
-
- Already reported here: https://redmine.pfsense.org/issues/9004
-
09:35 AM Bug #4479: Firewall rules won't match GRE interface after applying IPSEC transport encryption on GRE tunnel
- I confirm the problem in the version 2.4.4
-
-
-
- See also: #9153
-
03:43 AM pfSense Packages Feature #6226: Add usb_modeswitch to the pfSense package repo
- i tried on pfsense 2.4.4 with same huawei model
and it worked fine
-
- Applied in changeset pfsense:commit:1b988ed0e7168ada9e6260274f63fd84b15873a1.
-
- update for pfsense 2.4.4
run the following command to support pfsense 2.4.4
pkg add http://pkg.freebsd.org/free... -
12:06 AM Bug #9148: PPPoE over a VLAN fails to reconnect.
- I can confirm this fixes the issue.
I also created a failure upstream bringing down one ppp interface. The rest rema...
11/27/2018
-
10:24 PM pfSense Packages Bug #8761: Port Forwarding Rules Stop Working when HAProxy is Configured
- Tj Ng wrote:
> ACat L. Check your HAProxy's advanced settings. Turn off "Transparent ClientIP" and see if NAT works ... -
08:42 PM pfSense Packages Bug #8761: Port Forwarding Rules Stop Working when HAProxy is Configured
- ACat L. Check your HAProxy's advanced settings. Turn off "Transparent ClientIP" and see if NAT works again.
Captiv... -
-
07:35 PM Revision c9f69485: Do not call interfaces_vlan_configure() every time an interface is edited in GUI.
- This is just necessary when a parent interface is changed and we have to propagate the changes to all clones (MTU, FL...
-
- This is just necessary when a parent interface is changed and we have to propagate the changes to all clones (MTU, FL...
-
04:51 PM Bug #9148: PPPoE over a VLAN fails to reconnect.
- Steve Wheeler wrote:
> There looks to be a good chance this is resolved by this:
>
> https://github.com/pfsense/p... -
02:26 PM Bug #9148: PPPoE over a VLAN fails to reconnect.
- There looks to be a good chance this is resolved by this:
https://github.com/pfsense/pfsense/commit/433a8e71f3b68c... -
- The fix for #9115 has made this much better but I still see these issues:
Editing/Saving the VLAN parent interface... -
- I split the parent interface issue off to #9154 -- this one can be closed.
-
- Looks a lot better here with the new method. Editing the parent is still a problem, however, but that can be split of...
-
- This regression is now fixed and only when really necessary the VLANs will be recreated.
-
-
- See #9115 for details/logs. After fixing #9115, editing other VLAN interfaces works well, but editing the VLAN parent...
-
-
- +1. This problem also affects my environment. Default route is not set after restart if default gw is a group gw, and...
-
- It should be resolved now but it's hard to reproduce. We can revisit if bug show up again
-
- Do not enable it by default for now and move to 2.4.5
-
- Works great now!
-
- Works
-
- Works
-
10:03 AM Bug #9075: Firewall rules with aliases are not applied in upgraded 2.4.4
- I am having this issue too, on at least two of my routers. One is a fresh install of 2.4.4_1 with a config uploaded f...
-
- Works
-
- Daniel Clasen wrote:
> Sorry but I can't see how it is not a topic for the ticket system to ask if that is fixed in ... -
06:05 AM Bug #5319: Error message "No config named" in charon daemon
- Sorry but I can't see how it is not a topic for the ticket system to ask if that is fixed in a newer/supported releas...
11/26/2018
-
- The new default gateway feature introduced in 2.4.4 does not appear to work properly with gateway groups.
Steps to... -
- Just adding a new vlan also brings down all pppoe interfaces, with the same exact error.
-
- I can confirm. After making a change to one of the interfaces and hit apply, my pppoe connection over vlan 6 disconne...
-
- I've improted the same patch to pkg's internal libfetch. It'll be available on pkg-1.10.5_6
-
- Fetch works at the command line but @pkg@ still does not....
-
12:11 PM Feature #9152 (Duplicate): Sort diag_states_summary.php by states
- Small improvement to diag_states_summary.php, sort array by states to put top talkers to the top of the tables.
As... -
09:06 AM Feature #6626: Support for IPv6 firewall entries with dynamic delegated prefix and static host address
- On generating the interface identifier using EUI-64 (based on MAC address), the interface identifier are independed b...
-
08:59 AM Bug #8993: PHP error from filter_rules_sort() when config.xml contains no rules
- Ah, cool! Thanks!
-
- Apply the commit listed above using the System Patches package: https://www.netgate.com/docs/pfsense/development/syst...
-
08:43 AM Feature #9032: RADIUS MAC Authentication: display the login page when MAC auth failed
- Ok, I can confirm this works, if we set our login.php (`Portal page contents`) to the error.php (`Auth error page con...
-
- That is not a topic for the ticket system, however, but something you should ask on the forum. The older versions are...
-
- Jim Pingle wrote:
> Testing on 2.4.2 is meaningless. That version is over a year old and 4 (almost 5) releases behin... -
- Testing on 2.4.2 is meaningless. That version is over a year old and 4 (almost 5) releases behind, and several strong...
-
- Still present in 2.4.2-RELEASE-p1
Took me a full day to figure out that this was the problem... Will the bug be fixe... -
08:21 AM Bug #9151: Console menu entry (14 SSH) is not updated properly after performing actions
- Maybe it would be better to update status immediately after changing, redraw menu with state what would be the result...
-
- IT happens because menu will only change after SSHd is really configured and running and it takes some time depending...
-
- If SSH is disabled from menu, the menu might entry still show Disable Secure Shell. And vice versa if SSH is enabled ...
-
- There is no sync in Quagga or OpenBGPD either.
AFAIR it was done deliberately since in nearly all cases it would b... -
- That's a side effect of how pf parses and reports the rules.
We write out the rule just once with a tracking ID in... -
- Given that issue, this is almost certainly a duplicate of #3334
-
- The @rate@ daemon that gathers data for the table does not support IPv6, which most likely accounts for the discrepan...
11/25/2018
-
- Any way to fix this manually? (i.e. if I don't want to update to dev)
-
03:45 PM Bug #9150 (Resolved): Web authentication RADIUS package shows PHP error if unable to resolve FQDN of RADIUS server
- When the DNS record for the RADIUS server used to configure authentication of the web console was temporarily unavail...
-
12:51 PM Bug #9114: Captive Portal Blocked MAC Address Redirect URL not working
- Vladimir Lind wrote:
> Not seeing redirection to block page with enabled MAC block and block URL with IP from the la...
11/24/2018
-
11:56 AM Bug #9149 (Rejected): Continued issues with /tmp and /var in RAM on 2.4
- I've had repeated trouble with upgrades and even non-upgrade-related reboots with pkg configuration. 2.3.5 through 2...
11/23/2018
-
-
- would it be possible to close this issue?
Alternate solutions have been given and this behaviour will likely not ...
11/22/2018
-
- Looks good in:
2.4.5-DEVELOPMENT (arm)
built on Wed Nov 21 05:47:41 EST 2018 -
- PR has been merged. Thanks!
-
- The WF2Q+ was the default scheduler in previous versions, it is well tested and support dynamic queues.
Add a note f... -
- The WF2Q+ was the default scheduler in previous versions, it is well tested and support dynamic queues.
Add a note f... -
-
11:37 AM pfSense Packages Bug #9135: Suricata in inline modus blocks some downloads
- Bill Meeks wrote:
> This bug needs to be reported upstream to the Suricata team. When you use Inline IPS mode, you ... -
- Also include that and Digital Ocean in the help text.
(cherry picked from commit 92c39e9b923792a58b56323a7e2fb46f608... -
-
- In some situations PPPoE fails to reconnect after an upstream outage or making a change locally. The system file logs...
-
- Run it with sudo or use admin/root, not an unprivileged user.
-
10:08 AM Bug #9147 (Rejected): Unable to open /cf/conf/config.xml for writing in write_config() when set easyrule from ssh
- I am using user "ssh" and assinged admins group to ssh pfsense from another server.
When i set easyrule such as "eas... -
- Duplicate of #9119
-
- co da wrote:
> Hi everyone,
> I met crash when set easyrule by command line
> easyrule block lan 192.168.2.2
> me... -
- Hi everyone,
I met crash when set easyrule by command line
easyrule block lan 192.168.2.2
message:
PHP ERROR: Typ... -
07:53 AM Bug #6880: Multiple DHCP6 WAN connections leads to multiple dhcp6c clients
- I have the same issue.
Is there still some work on this bug?
Thanks! -
07:24 AM pfSense Packages Bug #9143: ntopng not displaying values in historical correctly
- I forgot to list versions...
pfSense: ... -
07:18 AM Bug #9145 (Rejected): user based policies with automated client logedon user identification
- It would be great to define policies based on active directory / LDAP or local users and groups.
Also for this to... -
- Sorry everyone, there is some confusion around this bug.
The FIFO scheduler never was the default scheduler and th... -
-
05:19 AM Bug #8914: Gateway switch events cause a huge amount of log spew
- Tested on VM HA cluster - CE 2.4.5-DEVELOPMENT (amd64) built on Tue Nov 20 16:55:31 EST 2018:
No "Gateways status ... -
04:00 AM Bug #8914: Gateway switch events cause a huge amount of log spew
- Not sure what the acceptable level of log spam is:
Nov 22 09:56:56 check_reload_status Reloading filter
Nov 22 0... -
-
-
03:55 AM Bug #9144: Set interface IP address from console crashes if DHCP is selected
- Wasnt able to reproduce the bug with MBT 4220 pfsense version 2.4.4
-
- On 2.4.5-DEVELOPMENT (amd64) built on Tue Nov 20 18:52:24 EST 2018:
: set | grep http
http_proxy 10.1.1.1:31... -
- Tried on 2.4.5-DEVELOPMENT (amd64) built on Tue Nov 20 16:55:31 EST 2018 (ran pfSsh.php playback gitsync master to ...
-
- Also include that and Digital Ocean in the help text.
11/21/2018
-
-
-
07:37 PM Bug #8993 (Resolved): PHP error from filter_rules_sort() when config.xml contains no rules
- Was able to replicate this after verifying <filter></filter> in config, connecting on the Anti-lockout rule, and tryi...
-
- You have to delete all of the rules in the config so it only has @<filter></filter>@
So you'd have to hit it from ... -
01:42 PM Bug #8993: PHP error from filter_rules_sort() when config.xml contains no rules
- I couldn't replicate this one on:
SG-3100
2.4.4-RELEASE (arm)
built on Thu Sep 20 09:33:19 EDT 2018
FreeBSD 11.... -
-
-
- This should fix that: https://github.com/pfsense/pfsense/pull/4017
-
- Tested in:
2.4.5-DEVELOPMENT (arm)
built on Tue Nov 20 08:56:03 EST 2018
The update completes OK:... -
- Using a host override to cause a hostname mismatch on a server with a valid certificate I was able to confirm mail co...
-
11:57 AM
Feature #9001: Add checkbox to disable SSL peer verification for SMTP notifications
- On 2.4.5.a.20181120.0754, feature is present. However, without a misconfigured email server, I can't tell if the feat...
-
-
-
- Tested on CE build from Friday November 16th. Duplicated missing default gateway on primary node after failover and f...
-
03:54 PM
Bug #9121 (Resolved): PHP array reference Cleanup
-
01:40 PM
Bug #9121: PHP array reference Cleanup
- Tested the DNS forwarder configuration that threw the php issue (https://redmine.pfsense.org/issues/9121#note-1), on ...
-
- Applied in changeset commit:c6c398c6c51e48893f658eb6e6c08b47f41b085d.
-
07:47 AM
Bug #9121: PHP array reference Cleanup
- Those two error appear to be unrelated to the original issue. I have pushed a fix for them both.
-
- Applied in changeset commit:9607d4871584890633cd7a70b4f15c1f0951011c.
-
-
02:00 PM Bug #9144 (Resolved): Set interface IP address from console crashes if DHCP is selected
- Steps to reproduce:
- Go to VGA console
- Option 2, Set interface IP address
- go through the wizard, when it asks... -
02:27 PM Bug #9024: Ping packet loss under load when using limiters
- I would try to update this bug to make it more specific to limiters but I don't seem to hav privs
-
- In NTOPNG > Interfaces > Historical it's not displaying traffic values correctly, it seems to cap around 10Mbps.
H... - 01:52 PM Revision 6f9729c0: Minor fixes related to #9121
-
- This is resolved, turns out the issue with ISP, spoke to 'em and they sorted it.
I'm not sure how to close the tic... -
- Installing ntopng failed, it threw this error to ...
-
-
-
12:02 PM
Bug #8937 (Resolved): LAGG shows wrong ether address
- Tested on 2.4.5.a.20181120.0754 gitsync'd to master, works as expected. Lists ether and hwaddr.
-
- Applied in changeset commit:ede4faa74ca16e5ca0fe437beaf7f181eae1b60a.
-
-
-
-
- FRR seems to be missing the option to sync the config viar XLMRPC.
-
-
-
-
-
-
-
05:19 AM Bug #9131: Captive Portal Radius Accounting "unauthenticated"
- Thanks!!
The patch works great.
Federico
11/20/2018
-
- interfaces_carp_set_maintenancemode() calls interface_carp_configure()
to each configured CARP and it ends up reconfi... -
-
- interfaces_carp_set_maintenancemode() calls interface_carp_configure()
to each configured CARP and it ends up reconfi... -
-
04:26 PM Revision 79765f9c: Fix few spelling issues
- Ticket #9134
(cherry picked from commit 85a8f9b0ce0d0fac6f361bc5dfd09c67607020f1) -
-
- Ticket #9131
(cherry picked from commit f790565a7514662b1fe97fc7c79b56838597965c) -
-
- Redmine #9114
(cherry picked from commit 83a6f504d6eb4d1925c4745a6457805fbbe308d9) -
- 04:21 PM Revision a247e5ae: Update src/usr/local/www/vendor/d3/d3.min.js
- Restored d3.min.js
(cherry picked from commit 2dd0ba04705396981dfc6d75ec6910799ba8846d) - 04:21 PM Revision 8efe5c95: Update src/usr/local/www/vendor/d3/d3.min.js
- make sure to only pass valid options when supported by the browser
(cherry picked from commit 125ae17e59a54c2315c683... - 04:21 PM Revision fe794e51: Removed js warnings
- (cherry picked from commit 36742b464a1b4449e52cbd0b539fece507a3b23e)
-
-
-
- Applied in changeset commit:8bffe226d5183dda310dde2a89c78f2d8d79789c.
-
12:50 PM Bug #9024: Ping packet loss under load when using limiters
- Using limiters on an interface, with outgoing NAT enabled, causes all ICMP echo reply packets to drop, coming back in...
-
11:51 AM
Bug #8921 (Resolved): dpinger without .pid files.?. 'pending' status
-
- As already written in the Forum, I would like to know what NIC and Configuration are you using (LACP etc.).
-
09:51 AM Bug #8831: Radvd causes latency spikes
- I was seeing the exact same thing
ServicesDHCPv6 Server & RALANDHCPv6 Server
Disabled the above - the issue mos... -
- PR merged, thanks!
-
-
- PR merged. Thanks
-
-
- PR merged. Thanks!
-
08:55 AM Bug #8294: Icmp redirect doesn't use CARP IP
- Bug still present in 2.4.4
-
08:40 AM Bug #8192: dpinger - Change in ISP link-local IPv6 address drops connectivity
- I spoke with my ISP. It appears as part of a load balancing script on their end the PPPoE session will be dropped an...
-
07:48 AM Bug #9140 (New): Unexpected rule can be displayed when looking up filter log entry with multiple matching rules
- When using Port aliases, in the firewall log, when clicking on 'action' the triggering port seems to always be the fi...
-
-
02:27 AM pfSense Packages Bug #9139 (New): telegraf: add ping for default gateway(s)
- It would be nice if telegraf plugin could generate config lines for pinging default gateway.
there's a minor issue... -
- there should be a textarea input for adding extra config lines to telegraf config.
11/19/2018
-
04:49 PM pfSense Packages Bug #9135: Suricata in inline modus blocks some downloads
- This bug needs to be reported upstream to the Suricata team. When you use Inline IPS mode, you are using code straig...
-
10:59 AM Bug #8001: Invalid FQDN in alias causes alias table to fail *silently*
- Verified that the bad FQDN doesn't fail the tables any longer.
There's still no error. There should at least be a... -
- Thanks!
-
- Not enough information here for a complete and valid bug report. Post on the forum to discuss and gather more informa...
-
04:26 AM Bug #9137 (Rejected): Fails to assign static IPv6
- I have xbox, static IPv4, and also IPv6, for both Wireless and wired MAC addresses
Wan DHCPv6/56
Lan Tracked
... -
- I also see this, IPv6 static leases disappearing
11/18/2018
-
11:15 PM pfSense Packages Bug #6784: HAProxy version .48 will not use URL Table Alias for front end listener
- Quick up.
I just stumbled upon a scenario where having support for URL Table Alias would be helpful or desirable, ... -
- I'm seeing this again in 2.4.4. Disabling gateway monitoring and gateway monitoring action in 2.4.2 100% resolved th...
-
- Confirmed that a RADIUS server named radius.name was placed into strongswan.conf named radius_name and charon had no ...
-
- Created host alias with these FQDNs
www.pfsense-bug-8001.com
www.google.com
www.yahoo.com
www.netgate.com
www.... -
- I can confirm a positive feedback for the applied changes, but i don't know if we should replicate these changes to o...
-
- The log messages look the same as #9115, might possibly be the same root cause.
-
- IPv6 assigned to inside interfaces seem to lose their assignments one by one over time upon renewal or interface rese...
-
- I'm unable to replicate this is 2.4.4. I configured 3 WANs, all DHCP with one that fails to find a server. Only that ...
-
- Suricata in the inline mode blocks some downloads mostly from Subdomains but some downloads it blocked from normal do...
-
- Ticket #9134
-
- Ticket #9131
-
- There's few typos in captive portal settings page.
I made a pull request ( https://github.com/pfsense/pfsense/pull... -
- Hello,
Thank you for reporting this issue!
I just submitted a pull request fixing it ( https://github.com/pfse...
11/17/2018
-
06:29 PM Bug #9133 (Resolved): "Show all configured leases" does not stay set after deleting a lease
- If you select "Show all configured leases", the setting returns to "Show active and static leases only" if you delete...
-
- When you open up the traffic graph to display the list of hosts and their corresponding bandwidth in / out, the insta...
-
-
- Jim Pingle wrote:
> So this is working OK now?
>
> If so, we can close it out, or mark it as a duplicate of #9019... -
05:05 PM
Bug #9098 (Resolved): Default CRL lifetime of 9999 rolls over at 2038 on ARM
- Tested on 2.4.5.a.20181116.1325, works as expected.
-
11:41 AM Feature #9062: Add "email notification" when the WAN interface change its public IP
- Jim Pingle wrote:
> If you want that, setup dynamic DNS, and it can find the actual public address and notify when i... -
08:27 AM Feature #9130: Request ID [#INC-16195]: DHCP - PXE Boot
- This is what I'm trying to do:
next-server 192.168.5.2;
if exists user-class and option user-class = "iPXE" {
... -
- I wanted to follow up with issue 765 (https://redmine.pfsense.org/issues/765) and see if we can add this issue with a...
-
- Hi,
when setup a Radius Mac auth, pfSense send to external freeradius the value "unauthenticated" as User-Name in Ac...
11/16/2018
-
09:00 PM
Bug #9071: Package restore after fresh install can fail, claiming packages do not exist
- Cannot reproduce on oldest or newest available 2.4.x snapshots. Looks like the issue is no longer present.
-
07:50 PM Bug #8512: PPPoE reconnect fails after interface flap
- I think those topics are related.
https://forum.netgate.com/topic/137790/pppoe-client-goes-down-after-any-other-inte... -
- Replicated in 2.4.4.
Configured CP for auth against local database and added a test user. Changed system language to... -
07:19 PM
Bug #9083 (Resolved): Config upgrade issue with empty IPsec P1
- Tested on 2.4.4, was able to reproduce the bad behavior. Tested on 2.4.5.a.20181116.1325 and the behavior could not b...
-
- On 2.4.5-DEVELOPMENT (amd64) built on Wed Oct 03 17:24:18 EDT 2018 edited config.xml - cut out content between <phase...
-
- Tested on 2.4.5.a.20181116.1325
New user with no privileges receives "No page assigned to user"
After adding "W... -
- If you want that, setup dynamic DNS, and it can find the actual public address and notify when it updates.
Otherwi... -
- I am sorry. It was my mistake that I did not describe the request properly.
Some Internet Service Providers are gi... -
03:28 AM Feature #9062: Add "email notification" when the WAN interface change its public IP
- TCI User wrote:
> It would be helpful if an email is send when the WAN interface change its public IP.
> Here is an... -
11:01 AM
Bug #9100 (Resolved): CA/Cert valid end dates after 2038 are blank on ARM
-
11:01 AM
Bug #9100: CA/Cert valid end dates after 2038 are blank on ARM
- Certificate and CA created with lifetime 7300 which did not properly show the end date in 2.4.4, showed the date fine...
-
10:37 AM Bug #9009: Cannot create Schedule
- Can you create a system patch for this?
-
- Disabling hardware checksums did not disable IPv6 transmit checksum on 2.4.4-RELEASE.
After upgrading to:... -
07:49 AM Bug #9054: Gateway Group slow (or never) to switch back to Tier 1
- HI! After some tests noticed that problem appear only when my "Gateway Group" set as Default gateway
If set WAN1 or ... -
- Confirmed on 2.4.4.
Tested:
2.4.5-DEVELOPMENT (amd64)
built on Sat Nov 10 16:12:27 EST 2018
Disabled rule dr... -
- Duplicate of #4128
-
- Hey guys
I (and a lot of guys outside the internet) prefer a possibility to have choices in the notifications. Like...
11/15/2018
-
06:48 PM
Bug #9121: PHP array reference Cleanup
- Tested on 2.4.5.a.20181114.1947, hit the following php error with a DNS forwarder domain override in place:...
-
- There have been a number of PHP errors on 2.4.4 as a result of uninitialized arrays being used with references. I've ...
-
- Added info to the docs about using the sysctl tunable to work around this. There doesn't appear to be anything more w...
-
12:33 PM
Feature #9104 (Resolved): Add a FAT32 partition to memstick installer images
-
12:31 PM
Feature #9104: Add a FAT32 partition to memstick installer images
- Tested on 2.4.5.a.20181114.2257, works as expected.
-
- PR: https://github.com/pfsense/pfsense/pull/3990
Changes header to remove the "Drag to reorder" text when that fea... -
10:50 AM Bug #9123 (Feedback): Adding/configuring vlan on ixl-devices causes aq_add_macvlan err -53, aq_error 14
- The actual vlan addition/configuring process is triggering error "aq_add_macvlan err -53, aq_error 14" on ixl-devices...
-
- In latest ui it is not possbile to reorder interfaces for defining a failover-lagg-interface.
FreeBSD uses the first... -
- I believe this only affects captive portal logins. We were not able to replicate it any other way. Testing that now....
-
- Tested against:
2.4.5-DEVELOPMENT (amd64)
built on Wed Nov 14 19:48:37 EST 2018
No longer seeing that error on ... -
-
- Imported patch from https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=220468 to fix libfetch
-
07:31 AM Bug #9120: dhcrelay crush with error Unsupported device type 24 for "lo0" but listen another ethernet adapter
- !!
-
- There isn't enough information here to form a valid bug report. Please post on the forum at https://forum.netgate.com...
-
- pfsense 2.4.4-RELEASE (amd64)
-
- Nov 15 15:16:24 dhcpd For info, please visit https://www.isc.org/software/dhcp/
Nov 15 15:16:24 dhcpd All righ... -
06:54 AM
Feature #9032 (Resolved): RADIUS MAC Authentication: display the login page when MAC auth failed
-
06:46 AM
Feature #9032 (Closed): RADIUS MAC Authentication: display the login page when MAC auth failed
-
06:49 AM
Bug #8956 (Resolved): traffic shaper after upgrade to 2.4.4 not showing queue under each limiter
-
06:48 AM
Bug #8995 (Resolved): MTU Trouble with Orange is back
-
06:42 AM
Bug #9081 (Closed): signed long rollover in "Log file size (Bytes)" can cause self-inflicted DoS
-
06:39 AM
Bug #9080 (Closed): firewall_nat_1to1.php: PHP error with empty 1:1 NAT rule list
-
-
- 2.4.5-DEVELOPMENT (amd64)
built on Wed Nov 14 23:01:04 EST 2018
On this snap - OK. -
- That snapshot is from before the fix was committed. Try again on the next snapshot, or gitsync.
-
- Getting error on 2.4.5-DEVELOPMENT (amd64) built on Wed Nov 14 10:25:41 EST 2018 FreeBSD 11.2-RELEASE-p4:
[2.4.... -
- Nothing special about the setup. The packages are listed in the output in the problem description.
In this case it... -
-
- Created, edited, assigned QinQ interface - without errors.
11/14/2018
-
- (cherry picked from commit b55d94e80eeed57e39d33c643bf00be6565c1938)
-
-
- I did a fresh 2.4.4 recovery install on SG-3100. After restoring config file with installed packages all worked as ex...
-
- Applied in changeset commit:4be5ed9f144a6d93499fdee6e2a50d0edbed8a98.
-
-
-
-
-
-
- Applied in changeset commit:b55d94e80eeed57e39d33c643bf00be6565c1938.
-
- When the aliases section of config.xml is empty, easyrule fails with a PHP error:...
-
-
-
- Redmine #9114
-
- Fixed in stunnel pkg version 5.47
-
- stunnel wants the private key, certificate, etc all inside a single file. However, it does not ensure that a newline ...
-
- Applied in changeset commit:592bec817f152a7536572a675079776138827cc8.
-
- The OLSRD package was removed long ago (not converted to 2.3) and there is still some code around the base system tha...
-
07:45 AM Bug #9114: Captive Portal Blocked MAC Address Redirect URL not working
>
> The reason why this behavior has been updated is that it was quite strange to display an error message before...-
- Forum link: https://forum.netgate.com/topic/137627/blocked-mac-address-redirect-url-not-working
Well,
It is tr... -
-
02:41 AM Bug #9116: IPsec VTI routes not applied at boot time when gateway monitoring is disabled
- Jim Pingle wrote:
> Applied in changeset commit:ed104a182a95f0ce4e6df76a8c3f0698ff7ce092.
Fix works fine! Tnx! -
11/13/2018
-
- (cherry picked from commit ed104a182a95f0ce4e6df76a8c3f0698ff7ce092)
-
-
- I believe it was accepted.
-
06:24 PM Feature #4821: PPPoE WANs do not take full advantage of NIC driver queues for receiving traffic
- Testing net.isr.dispatch on the NetGate SG-4860 on a 1 Gbps PPPoE connection (each result is averaged across 10 runs)...
-
- Applied in changeset commit:ed104a182a95f0ce4e6df76a8c3f0698ff7ce092.
-
- With gateway monitoring enabled, an interface event kicks off a restart of other scripts which apply the routing and ...
-
- I generated a configuration with 250 VLANs (assigned, enabled, with DHCP active) based on a user complaint of problem...
-
- The issue was not properly defined and we need to discuss the issue to find out more about it before jumping straight...
-
- Jim Pingle wrote:
> The only problem here is that your static routes are not present at boot time.
Hi Jim Pingle... -
- It doesn't sound like that has anything at all to do with Google, so the description/subject may be completely inaccu...
-
- Hi,
I created routed/VTI site-to-site vpn from my pfsense box to google cloud (https://cloud.google.com/vpn/docs/h... -
- Prior to version 2.4.4-RELEASE, devices listed in Captive Portal "MACs" section would never see a login prompt, and d...
-
- That is almost certainly a hardware/disk issue. Most likely the filesystem is corrupt and needs fsck run a few times ...
-
03:16 AM Bug #9112 (Rejected): hosts corrupted
- pfSens 2.4.4
the first 0x2000 bytes of /etc/hosts are filled with Zero!
This happens every couple of weeks.
000... -
11/12/2018
-
- (cherry picked from commit 360737f6345e376f2de6d2810a1f345a018480e5)
-
-
- (cherry picked from commit eb6a022efaa19ce146990e0e4a57e421ddbad8bb)
-
-
- (cherry picked from commit 16b78f3879bdf658274caf750c9360ec97bb8f77)
-
-
- (cherry picked from commit cc955fe63ad44b5aac66721e54965d9bc13e990c)
-
-
- (cherry picked from commit 439d9beba0213c96281d8ff6b09ccb8136b1a0aa)
-
-
- Currently, IPsec VTI interfaces have no special handling for MTU. It is possible to nudge it manually after the syste...
-
- So this is working OK now?
If so, we can close it out, or mark it as a duplicate of #9019 if the root cause was id... -
- Does the same thing happen with an incognito/private mode browser session that has never visited that firewall before...
-
11:53 AM Bug #8235: The browser must support cookies to login
- Scott Phillips wrote:
> I updated pfsense to use secure socket that utilizes port 443 to login as the adminstrator. ... -
- I've added LICENSE files inside the 36Mb FAT32 partition and changed code to be able to restore a /config.xml of /con...
-
- Applied in changeset commit:cc955fe63ad44b5aac66721e54965d9bc13e990c.
-
- FYI: The error did not show up in the GUI or logs, but when running @ipsec start@ from the command line, the followin...
-
- At least in one case this is due to charon failing to parse a RADIUS server name containing a period. Apparently this...
-
- I request that we finally do the change necessary to fix #1635, that way it would be possible to set a custom state t...
-
- Applied in changeset commit:439d9beba0213c96281d8ff6b09ccb8136b1a0aa.
-
- When editing QinQ entries on interfaces_qinq_edit.php, a PHP error can occur:...
-
- PR has been merged
-
11/11/2018
-
06:53 PM pfSense Packages Bug #9108: OpenVPN client without "explicit-exit-notify" does not trigger client-disconnect portion of /usr/local/sbin/openvpn.attributes.sh
- Sorry, forgot the pre tags:...
-
- In relation to Feature Request #9805, to avoid overriding the default client-connect/client-disconnect script I reloc...
-
- This problem is addressed by the pull request https://github.com/pfsense/FreeBSD-ports/pull/592 that updates the GUI ...
-
- Matt _ wrote:
> For the original issue,
>
> [...]
>
> seems to fix this, as well as disabling any checksum off... -
- Renato Botelho wrote:
> FreeBSD r339863 was cherry-picked to RELENG_2_4_4
I updated to the latest snapshot as of ...
11/10/2018
-
05:03 PM Bug #9004: Default gateway IPv4 set to a group fails after restart on 2.4.4
- Daniel Williams wrote:
> This is repeatable.
+1, i have had the same.
Also
https://www.netgate.com/blog/pfsen... -
Renato wrote:
> When voucher is used, disconnected or expired, sync it in both
> directions using HA main infor...
11/09/2018
-
09:12 PM
Bug #9105 (Resolved): WebGUI option toggles that need nginx restart are not triggering when disabled
-
09:12 PM
Bug #9105: WebGUI option toggles that need nginx restart are not triggering when disabled
- Tested on 2.4.5.a.20181109.1326, works as expected.
-
01:42 PM Bug #9107 (Closed): New AutoConfigBackup - Cannot Access Settings When Not Connected to Internet
- I have a router I had an issue with. I am moving it over to new hardware, because the old hardware does not support ...
-
- Some users on 2.4.4 and 2.4.5 snapshots with strongSwan 5.7.1 have found that IPsec is not working.
strongSwan will ... -
-
-
- Also i noticed in my case helps when restart openvpn client.
After restart OpenVPN, vpn and other traffic switch bac... -
- Did you try restart service dpinger? In my case this helps switch back to WAN1
-
- Set to trigger level "Packet Loss or High Latency"
I will set trigger level "Member Down" and let you know on monday... -
- @VasylSemenchuk Are your gateway groups set to trigger level "Packet Loss or High Latency" or "Member Down"? Does it ...
-
- The same problem on all my devices (20 devices) after upgrading
-
08:09 AM Bug #9049: IPSec statuspage shows both connected and connecting tunnel
- Ges Ture wrote:
> Since bugnumber 8117 has been served off as not a bug, and no further response is given I'd like t... -
- Should be fixed by the new filterdns (see #8758 too).
If you have issues, please let us know.
-
- Fixed in the new filterdns.
-
- This issue was one of fixes included in the new filterdns (version 2.0).
If you still have issues, please let us k... -
- Applied in changeset commit:e1a6074dc8918d756a73efc8cf251318b735f000.
-
-
11/08/2018
-
- (cherry picked from commit 8207fac69158ad4a56deab4a4b4f6f4c3c361b81)
-
-
-
-
01:30 PM pfSense Packages Bug #9082: freeradius eap-tls CA validation trying to use fields that may not exist
- can confirm. it is working.
-
- Fixed in pkg version 0.15.7
-
- Looks like the config shouldn't put a trailing @/@ on the subject.
Though the more I think about it, I wonder why ... -
08:49 AM pfSense Packages Bug #9082: freeradius eap-tls CA validation trying to use fields that may not exist
it's in the right order :
Auth: tls: Certificate issuer (/C=FR/ST=Ain/L=Jassans-Riottier/O=pfvpn/emailAddress=...-
12:58 PM Feature #8284: Add duplicate option next to OpenVPN servers and clients
- Ivor Kreso wrote:
> It would be very convenient to have a "duplicate" icon next to OpenVPN servers and clients list.... -
- Applied in changeset commit:8207fac69158ad4a56deab4a4b4f6f4c3c361b81.
-
- Some of the option GUI toggles like the WebGUI redirect are supposed to trigger a restart of nginx when they change. ...
-
-
- I've upgraded to:
2.4.5-DEVELOPMENT (ARM)
built on Wed Nov 07 16:23:36 EST 2018
FreeBSD 11.2-RELEASE-p4
Conf... -
- ntopng appears to have removed all of that code. It went from enable-flow-activity to enable-flow-scripts to enable-u...
-
- Jim Pingle wrote:
> The activity map is not relevant to this ticket, only the version, which appears to be OK.
>
... -
- The activity map is not relevant to this ticket, only the version, which appears to be OK.
FYI: ntopng disabled th... -
- On 2.4.5-DEVELOPMENT (arm) built on Mon Nov 05 15:36:37 EST 2018 FreeBSD 11.2-RELEASE-p4:
I don't see activity map o... -
- Adding a FAT32 partition on the installer image, as we have on ARM recovery images currently, means:
* We can drop... -
-
-
- Seems good to me. This issue be marked as resolved.
-
- Jane Doe wrote:
> The fall back seems not to respect the setting *Use custom captive portal page* as it always shows... -
- This but only applies to installer image, not to installed system. Our memstick installer image uses MBR since May, w...
-
-
11/07/2018
-
- On 2.4.5-DEVELOPMENT (arm) Mon Nov 05 15:36:37 EST 2018 FreeBSD 11.2-RELEASE-p4:
Created a test cert, then opened... -
- On 3100 2.4.5-DEVELOPMENT (arm) сделан Mon Nov 05 15:36:37 EST 2018 changed language to Russian, then logged out and ...
-
08:38 PM Bug #8465: Lost default gateway after recover from failover with CARP VIP and HA
- I'm having the exact same issue with 2.4.4. Using IPs outside the WAN-VIP subnet on the WAN interfaces forces the d...
-
- No negative feedback from testing, time for a wider push.
This helps with third party devices that require 0.0.0.0/0... -
- No negative feedback from testing, time for a wider push.
This helps with third party devices that require 0.0.0.0/0... -
- The default action is to validate the certificate. If the user knows the
server does not have a valid certificate (e.... -
- The default action is to validate the certificate. If the user knows the
server does not have a valid certificate (e.... -
- Seems like the order in which cert fields are presented is also an issue. Still getting error despite matching exactl...
-
- Fixed in pkg version 0.15.6.
Fields left blank will not be added to the subject to validate.
If someone was rel... -
- Applied in changeset commit:5c4aa94a90256b13b19209f11e4c75b2d0e85ece.
-
- Applied in changeset commit:7da466e1c4b6873b9fb80e862faf8f799a6d4531.
-
- Duplicate of #8964 (it came later, but has more detail and comments with additional info)
-
- This was picked back to 2.4.4 last week. Looks good, no complaints or errors encountered.
-
- Looks like that might be something in FreeBSD but needs more research. It doesn't seem to matter if @console="efi,com...
-
- In that case, it is NOT a routed setup, so the document is not relevant to what the user is doing.
-
07:11 AM pfSense Docs Correction #9103 (Rejected): Feedback on Routing — Routing Public IP Addresses
- *Page:* https://www.netgate.com/docs/pfsense/book/routing/routing-public-ip-addresses.html
*Feedback:*
If the u...
Also available in: Atom