Activity
From 11/22/2018 to 12/21/2018
12/21/2018
- 11:51 PM Revision 369c8d1e: Merge branch 'master' into patch-is_fqdn
-
09:14 PM pfSense Packages Bug #9108: OpenVPN client without "explicit-exit-notify" does not trigger client-disconnect portion of /usr/local/sbin/openvpn.attributes.sh
- We already have a time conversion function :-)
"convert_seconds_to_dhms()":https://github.com/pfsense/pfsense/blob... -
06:35 PM pfSense Packages Bug #9108: OpenVPN client without "explicit-exit-notify" does not trigger client-disconnect portion of /usr/local/sbin/openvpn.attributes.sh
- I just :
- add the format_byte to bytes values
- add the duration time
- change format to be like others "openvpn ... -
01:00 PM Revision adc6ddbd: Bug #9218
-
- Correction pushed. The forum URL was also broken, and there were outdated links to the (now retired) mailing list. I ...
-
- https://github.com/gitdevmod/pfsense/commit/adc6ddbdbbb465fd3cb58d931465ac93b1fdedb6#diff-23f22aca2e953811c28d5b034d3...
-
- Hi,
With this command ...
12/20/2018
-
- Thank you very much Jim for your reply.
I can play with these variables now.
I'll post a feedback later about it ... -
12:24 AM pfSense Packages Feature #9217 (Resolved): Squid LDAP Authentication - spaces in ldif values
- If OU value or another ldif unit contains spaces, for example OU=all users, squid ldap auth works only if to put the ...
12/19/2018
-
08:22 PM
pfSense Docs
Correction #9216 (Resolved): pfSense Firewall/VPN/Router for Azure » Support Resources Outdated link
- At https://www.netgate.com/docs/pfsense/solutions/azure-appliance/support.html the current URL to obtain a support su...
-
05:18 PM Bug #5476: Does not appear possible to use policy routing for traffic originating from the firewall (self)
- Anything new on this or is this still an upstream issue?
-
04:54 PM Bug #9004: Default gateway IPv4 set to a group fails after restart on 2.4.4
- I had the same problem at a customer of mine. He has two WANs, one fiber and one LTE (configured as Backup-WAN - not ...
-
- Fixed https://www.netgate.com/docs/pfsense/book/multiwan/verifying-functionality.html
And a bonus fix on https://w... -
02:59 PM
pfSense Docs
Correction #9215 (Closed): Multi-WAN - Verifying functionality - Check IP sites need updated
- At https://www.netgate.com/docs/pfsense/book/multiwan/verifying-functionality.html#verifying-http-load-balancing, htt...
-
- Change committed to freebsd-src repo, should be in 2.4.5 snaps when they run next.
-
- When restoring a config.xml file in the installer, the script sets
@${BSDINSTALL_CHROOT}/cf/conf/needs_package_syn... -
01:27 PM Feature #3473: Allow configuration of OpenVPN keepalive
- Ran into the problem. Found out that you can comment-out or change the way the keepalive directive is added to new op...
-
10:12 AM
pfSense Packages
Bug #9181: Spelling error in gwled package (0.2.4_1)
- Confirmed resolved in pfSense-pkg-gwled 0.2.4_2
-
- Duplicated by #8187 which was implemented in 2.4.4.
12/18/2018
-
06:24 PM Revision 5ad5ead1: Add hostname to webConfigurator NAS ID
-
05:11 PM Bug #9212 (Not a Bug): OpenVPN Client can't connect over IPv6 in "multihome"
- When the protocol option is set to "UDP IPv4 and IPv6 on all interfaces (multihome)", the OpenVPN Client will fail to...
-
04:35 PM pfSense Packages Bug #9211 (Resolved): GeoIP broken in pfSense-pkg-ntopng-0.8.13_3
- Since upgrading ntopng (from previous to latest version), GeoIP support is broken. No flags are shown, listing by cou...
-
04:30 PM Revision 76bfc872: Captive portal: fix per-user traffic quotas
- Don't overwrite the global traffic quota value with a user's radius-provided value
that would then be reused in the s... -
- Don't overwrite the global session timeout value with a user's radius-provided timeout
that would then be reused in t... -
03:37 PM Bug #9210 (Not a Bug): dnsmadeeasy not working on PPPoE interface
- ...
-
-
- I wouldn't use @${bytes_sent} bytes@ or @${bytes_received} bytes@
Run them through "format_bytes()":https://github... -
- Thank you, i'll correct it.
I don't know where you find the "fucking manual" for these variables, if you got a link ... -
- (cherry picked from commit 701728c0778cbb4ccf95ebfad30bf56339d1a7e3)
-
- (cherry picked from commit d188b7251a83b4a8a39ba50dfaf9a1cba35cad17)
-
-
- PR: https://github.com/pfsense/pfsense/pull/4025
-
- Currently pfSense sets the RADIUS NAS Identifier to the hostname when logging into the web ui and is not very useful....
-
- PR: https://github.com/pfsense/pfsense/pull/4024
-
- When "Use RADIUS Session-Timeout attributes" is enabled the wrong session timeout value is used for users without a R...
-
08:53 AM Bug #9207: Phase1s created before pfSense 2.1.0 no longer work after upgrade to 2.4.3: IPsec ERROR: Could not find phase 1 source for connection [redacted]. Omitting from configuration file.
- Looks good to me, thanks for the quick fix!
-
- Applied in changeset commit:d188b7251a83b4a8a39ba50dfaf9a1cba35cad17.
-
- It would be better in a new upgrade code function, but that is certainly possible.
In the mean time, a simple edit... -
- Hi,
Before commit:e79b24ab3534ac2af7d832038155a99902bc2c49, a phase1 did not have a @protocol@ attribute. This a pro...
12/17/2018
-
- PR: https://github.com/pfsense/pfsense/pull/4026
-
- Hello,
I've fixed a race condition where disconnecting and reconnecting a session when using AVPair ACLs would res... -
01:19 PM pfSense Packages Feature #9085: OpenVPN connect/disconnect scripts
- The default for pfS is keepalive 10 60 on server side and will be automatically pushed to clients.
Please see "--k... -
12:58 PM pfSense Packages Bug #9195: Suricata (latest): very large number of rules cause errors due to unknown reference keys on Rebuild with Interface SID Management List Assignments
- I have made at least a couple of posts on the pfSense IDS/IPS forum about this: _snortrules-snapshot-3000.tar.gz (14...
-
04:11 AM Bug #9004: Default gateway IPv4 set to a group fails after restart on 2.4.4
- +1 had this on a system after a reboot but on a other system with multiple vlan interfaces i had to change the ip of ...
12/16/2018
-
06:38 PM pfSense Packages Bug #9204 (Needs Patch): ospfd: GRE tunnels became unnumbered since 2.4.4
- I have recently tested an upgrade to 2.4.4_1, from 2.4.3. It is a hub and spoke type setup with GRE over IPSec, ipv4 ...
-
05:54 PM pfSense Packages Bug #9195: Suricata (latest): very large number of rules cause errors due to unknown reference keys on Rebuild with Interface SID Management List Assignments
- The errors now appear to be due to illegal rules instead of "unknown reference key", with the exception an unknown ru...
-
- My bug report that re-installing Suricata does *not* restore important configuration files to their default settings ...
-
- This issue is still open. If a proposed workaround for this issue didn't fix it doesn't make that a new issue. It's s...
-
- Bug report #9202 was closed as a duplicate. However, bug #9202 relates to the failure of re-install options from fix...
-
04:38 PM pfSense Packages Bug #9108: OpenVPN client without "explicit-exit-notify" does not trigger client-disconnect portion of /usr/local/sbin/openvpn.attributes.sh
- Forgot to mention that I have changed my connect logger line to:...
-
- See my comment under https://redmine.pfsense.org/issues/9085. (Not 9805, sorry.)
I agree that the numbers could b... -
- See also here:
https://redmine.pfsense.org/issues/9085
-
- I think you're correct but I guess I didn't wait long enough for the keepalive timer to expire.
In testing this,... -
03:28 PM Feature #9203 (Closed): CRAM-MD5 for IMAP/SMTP
- Would it be possible to add ncrypted password key for IMAP/SMTP that uses CRAM-MD5? The current version uses plaintex...
-
02:40 PM pfSense Packages Bug #9079: High CPU usage of ntopng even during IDLE and no network traffic
- Thanks for the script. Since version 2.4.4-p1 with the new version of ntopng the CPU idle usage did improve:
(weaker... -
- Clearly, this is not the same bug report.
That was a bug with errors occuring with Suricata. This is a bug that t... -
- The other bug report is still open. Add notes there, don't open a new issue for the same problem.
-
- I have tried System -> Package Manager -> Installed Packages -> Suricata -> clicked Reinstall. Same issue (Bug #9195)...
-
- Anything like that would have to be self-contained on the firewall. Relying on an external/internet-based service is ...
12/15/2018
-
02:06 PM Bug #7142: IPv6: Floating rules on 6rd enabled WAN interfaces doesn't get bound to wan_stf
- This is still an issue.
-
- I'am looking for a way to join graphics/charts as image objects (png,gif,jpg,and so on...) in mail reports.
I notice... -
- I use ntop and didn't notice this problem.
Maybe some ntop options can cause more cpu usage...
I use Pfsense 2.4.... -
- And just for information : OpenVPN client without "explicit-exit-notify" *TRIG* the client-disconnect portion of /usr...
-
- I just test your logger lines, it is really fun to get the result :...
-
- Thank You.
I added this commit to my current PR : https://github.com/pfsense/FreeBSD-ports/pull/602/commits/b03293... -
07:00 AM pfSense Packages Bug #9196: mailreport stopped work
- Hi, Joshua.
Yes, that solved the problem, thanks. -
- Hi Alex,
Thank you for your reply.
As we can see in the telnet output you give : your mail server purpose START... -
- Ok.
[2.4.4-RELEASE][root@pfsense.mydomain]/root: telnet 10.1.97.12 25
Trying 10.1.97.12...
Connected to mail.myd... -
05:26 AM Bug #9183: OpenVPN Lagg Interface not working after restart or new start
- So i take some time to find out how the config work but now i have a workaround !!!
no thanks to all developer for... -
02:06 AM Bug #8429: radvd/IPv6 broken in 2.4.3 when using a LAN bridge
- I am receiving this error in the logs about once every 10-15 seconds
radvd invalid all-zeros prefix in /var/etc/radv...
12/14/2018
-
- I have tried System -> Package Manager -> Installed Packages -> Suricata -> clicked Reinstall. Same issue.
Will t... -
- config reference: McAfee http://vil.nai.com/vil/content/v_
I am unable to resolve "vil.nai.com". Problem? -
- cat /usr/local/etc/suricata/reference.config
config reference: arachNIDS http://www.whitehats.com/info/IDS
con... -
- I have clicked on Diagnostics -> Backup & Restore -> Backup & Restore -> Package Functions -> Reinstall Packages.
... -
- On the same page, I use: Snort IPS Policy selection -> Use IPS Policy (checked), Use rules from one of three pre-defi...
-
- I have uninstalled Suricata without preserving settings and re-installed from scratch. I still see these errors. I ...
-
- I have not been able to reproduce this error in any of my testing. I have tested updated an existing Suricata instal...
- 10:19 PM Revision 960a3893: Set Hyperscan to default to native arch
- The Hyperscan port configuration does not set the NATIVE option which allows for HS to be built with advanced instruc...
-
- The latest version of the acme.sh script (not the GUI package) has some support but it isn't like the other integrate...
-
08:21 PM pfSense Packages Todo #9200 (Resolved): Add DNS support for Google domain to Acme manager
- Please add DNS support of Acme manager for use with google domains. I'm using their DDNS feature and can't find them...
-
07:29 PM Revision 814a7c2f: #9096 - updated login title
-
- Alex,
In the "System/Advanced/Notifications/Test SMTP Settings" log there is "ehlo=1 mail=1 rcpt=1 data=1 quit=1 c... -
- The error seems to indicate that it fails to verify peer certificate because unknown CA.
The successfull test is m... -
03:52 PM Revision bfbb7a21: Enable lang/rust build
-
-
- Corrected the typo:
Commit fd1d1c086c844c32835d26b35cb1a7c1c88927ca
pfSense-pkg-gwled 0.2.4_2 -
-
11:31 AM Bug #8973: Traffic not going to Limiter queues
- I just noticed the updates - thanks for the fix and explanation Luiz!
-
- There is no such thing as "shaowsock".
If you meant shadowsocks proxy, then that appears to be something better su... -
04:05 AM Bug #9199 (Rejected): Can pfsense install the shaowsock plugin?
- Can pfsense install the shaowsock plugin? Because i need to browse foreign websites to use this plugin in china.
if ... -
02:01 AM Bug #9175: pfsense does not send out IPv6 UDP fragments for packets created local
- Can anyone comment on how to proceed or what might be needed to reproduce?
-
- Any chance to get fixed soon? This bug actually prevent our VPN from being usable for VoIP which uses UDP and in some...
12/13/2018
-
- Why then passes the test SMTP? Message from PF (shutdown for example) delivered successfully too. How to solve the pr...
-
- The latest version enabled Automatic TLS for improved security, and your mail server does not appear to have a valid ...
-
System/Advanced/Notifications/Test SMTP Settings
Dec 13 11:22:09 mail postfix/postscreen[8670]: CONNECT from [1...-
- After the update to version 3.4, the mailreport stopped work.
Dec 13 08:43:19 mail postfix/postscreen[18817]: CONN... -
- On "2.4.4-RELEASE-p2 (amd64) built on Wed Dec 12 07:39:09 EST 2018 FreeBSD 11.2-RELEASE-p6:
[2.4.4-RELEASE][root@... -
- Pull request : https://github.com/pfsense/FreeBSD-ports/pull/602
-
- I receive the errors on the following versions of pfSense:
2.4.4-RELEASE-p1 (amd64) (Netgate hardware) with Surica... -
- I receive a very (very) large number of these kinds of errors in the Suricata logs (and system logs) related to refer...
12/12/2018
-
-
- If $_GET['view'] is not set or empty, you cant save the default view.
This is because the view-title hidden input ... -
04:22 PM Bug #9192: PPPoE daemon selects wrong interface
- It seems this was an issue that about 5 years ago that has now resurfaced.
https://forum.netgate.com/topic/59789/i... -
- Note: One would expect the xx:xx:xx:xx:xx:04 interface to be chosen every time.
-
- I'm experiencing a strange issue where the pppoe daemon selects/reports the wrong interface for establishing an IPv6 ...
-
- Applied in changeset commit:701728c0778cbb4ccf95ebfad30bf56339d1a7e3.
-
- Scenario:
1. Empty firewall rule list @<filter></filter>@
2. Imported NAT rules that reference associated filter ru... -
-
- +1
The throughput on softether vpn is higher than OpenVPN.
12/11/2018
-
08:10 PM Revision 230c1808: Fix DigitalOcean DynDNS client
- Fixes the check on the return value since it's been updated to use
HTTP/2 syntax. Also adds logic to allow using `@` ... -
-
- (cherry picked from commit d36e5a49e6104c52bca2153eba45709d5af99599)
-
-
04:43 PM pfSense Packages Bug #9177: FRR 0.2_4 installation broken with pfSense 2.4.4_1
- Jim's reasoning turned out correct. A reinstall of 2.4.4, upgrade to p1 and package installation worked 100%.
This s... -
04:27 PM
Bug #9059: Update Unbound to 1.8.1
- Ben Hohendorf wrote:
> As per my thread on reddit, https://www.reddit.com/r/PFSENSE/comments/9wjjo2/sg3100_hard_cras... -
03:54 PM
Bug #9059: Update Unbound to 1.8.1
- As per my thread on reddit, https://www.reddit.com/r/PFSENSE/comments/9wjjo2/sg3100_hard_crash/
After updating my ... -
- (cherry picked from commit 4c6e3de40f56a1bd8d978a9dd4677d0ab025b8cb)
-
- 02:45 PM Revision 3409b0f6: Minor fixes related to #9121
- (cherry picked from commit 6f9729c0a53be67ced6d52e6e33dba6b237083ab)
-
02:44 PM Revision 04c64709: Fixed regression where calling station id was removed from openvpn
- (cherry picked from commit 95f3d049bfead1c6faf04c8a626a7ce868f8b6f8)
-
- (cherry picked from commit 592bec817f152a7536572a675079776138827cc8)
-
- Testing is super easy with ACME/LE certs. Edit the cert entry, check the box for stapling, and then renew the cert. I...
-
- Applied in changeset commit:4c6e3de40f56a1bd8d978a9dd4677d0ab025b8cb.
-
-
- PR merged and picked back to RELENG_2_4_4
-
- PR is at https://github.com/pfsense/pfsense/pull/4019 and needs tested/merged/picked
-
- Commit pushed to the installer to correct the install-time label generation. Should be fixed in the next new snapshot...
-
- Also note: This does not affect GPT installs, only ufs/MBR that I've seen thus far. GPT uses the GPT id in fstab, MBR...
-
- The installer still needs fixed so it doesn't generate an incorrect fstab.
I have pushed a workaround that will a... -
-
- We have confirmed it does affect the CE installer. Still checking on potential causes.
-
- I understood it correctly, and it's behaving exactly as expected. The system adds an internal "override" entry for th...
-
09:06 AM Bug #9190: host override for pfsense box DNS name does not override IP of LAN interface
- Jim Pingle wrote:
> Adding multiple overrides will return multiple records, not override the previous result.
>
>... -
- Adding multiple overrides will return multiple records, not override the previous result.
If you must have a diffe... -
- Setting up a hostoverride in _Services -> DNS Resolver -> Host Overrides_ for the name of the pfSense box itself (con...
-
- Fix also picked back to RELENG_2_4_4
-
- There was a forum user that reported a connectivity issue due to old/crusty olsrd settings that couldn't be removed b...
-
- Duplicate of #628
And it's really not a problem for HAProxy at all. There is no problem with binding haproxy to an... -
08:26 AM Bug #9191 (Duplicate): Cannot use HAProxy due to WebGUI
- Entering this as a bug since as it prevents standard use functionality. Suspect that this issue exists across all ve...
-
05:57 AM Feature #8187: Gateways, allow for configuring a gatewaygroup as the default gateway. #3781
- It seems gateway ordering it's broken.
Changes are not retained after I change the order and Save in system_gateways... -
04:33 AM Bug #9189: Broken host overrides in DNS resolver (sometimes)
- Sorry but you have not shown this to be happening... As I brought up over 2 years ago you sure your client is not poi...
12/10/2018
-
-
-
02:45 PM Bug #9189 (Rejected): Broken host overrides in DNS resolver (sometimes)
- Expected behavior:
If we have host override in pfSense "DNS resolver", pfSense should never ever return public IP fo... -
- PR is at https://github.com/pfsense/pfsense/pull/4020 and has been merged
RFC3580 is for 802.1x, not OpenVPN or R... -
- The captive portal underwent a major rewrite after 2.4.3-p1. You must upgrade to 2.4.4-p1 and test again before openi...
-
- The log truncation and rotation code in the Suricata GUI package is not sending a SIGHUP to the running Suricata proc...
-
06:40 AM Bug #8963: 2.4.4 Limiters don't work after CARP fail-over
- Hello,
I bought a Netgate HA bundle and I found the same bug #8963 together with release 2.4.4-p1.
Clear, because...
12/09/2018
-
09:17 PM Todo #8821: Remove Growl Notifications
- Regarding Growl, until the latest is x version we just didn’t have a lot of need to put out a new release. Things wor...
-
06:06 PM Bug #9187 (Resolved): Status->Interfaces doesn't show useful data for lagg
- I have a lagg with two ixl members. On top of that I have a few VLANs. In the attached screenshot, TRUNK is the lagg....
-
05:53 PM
Todo #9186 (Rejected): Features in captive portal with large number of users
- I am using Pfsense version 2.4.3p1 with the number of user captive portal is nearly 1000.
There is a problem here th... -
11:18 AM Bug #9178: openvpn.auth-user.php: calling_station_id was removed
- As mentionned on on the github PR, the best would be that *calling_station_id* contains the MAC address linked to the...
-
- In my opinion, it is better to set SMTPAutoTLS to TRUE because :
1 - if both actors (client and server) can use ST... -
- Pull request created : https://github.com/pfsense/FreeBSD-ports/pull/600
-
- I just done the modifications.
I will push them on the github.
But this is my first contribution to a project thr... -
- Pull request created : https://github.com/pfsense/FreeBSD-ports/pull/600
-
- i forget a ) in the code, the good one is :
$addresses = explode(",", $config['notifications']['smtp']['notifyemai... -
- In the field smtpnotifyemailaddress on the system_advanced_notifications.php we can put pultiple mail addresses with ...
-
09:06 AM Bug #9059: Update Unbound to 1.8.1
- Tim Harman wrote:
> I'm an idiot.
Been there, done that.
Should the advanced config be entered as two separate... -
07:10 AM Bug #9184 (Duplicate): TCP packet fragments over IPSEC ESP are not reassembled or forwarded
- Hi all,
I have an IPSEC VPN between PFsense and a Cisco ASA. The ASA does fragmentation before encryption (ASA com... -
03:53 AM
Bug #8970 (Resolved): Queues Menu item ends with ":"
-
12:57 AM Bug #8970: Queues Menu item ends with ":"
- I checked German language menu and did not observe the issue.
-
- I checked the issue on latest 2.4.5-DEV and did not observe it. Gateways and their routes were successfully deleted a...
-
- I checked files on latest 2.4.5-DEV and found only OLSRD mention in /etc/pfSense.obsoletedfiles and that is all.
12/08/2018
-
12:42 PM pfSense Packages Feature #6022: Consider MLVPN for bonded VPN
- +1 here...
Some countries, like where I am, we don't have a larger uplink DSL than 1MB!
more than 1MB should ha... -
12:32 PM Feature #8546: Ability to download pfSense updates via another gateway
- Going back on this issue to give an update :
Actually, I ended up implementing that by explicitly setting a gateway ... -
- What ? Really why is it possible to choose a openvpn interface in the lagg config if it is not supported ?
Who mak... -
- LAGG is not technically supported for OpenVPN. It may happen to work by coincidence, but it's not a configuration we ...
-
- I configured a LAGG Interface with 4 openvpn tap connections with round robin mode.
After a reboot or if i start t...
12/07/2018
-
- (cherry picked from commit ed76624bf01c0d1718d427919145bf4e5f949264)
-
-
06:40 PM Bug #9182 (Resolved): SWAP not working after clean install
- After 2.4.4_1 clean install, I realized swap is improperly configured (and not working of course). I used the automat...
-
- Fixes the check on the return value since it's been updated to use
HTTP/2 syntax. Also adds logic to allow using `@` ... -
- Applied in changeset commit:ed76624bf01c0d1718d427919145bf4e5f949264.
-
- When signing a CSR, selecting SHA512 yields an input error claiming the selected algorithm is invalid.
I can repro... -
- Clients self-generate those, not the firewall. The "LAN Net" Macro (really the interface name in pf) includes the con...
-
12:51 PM Bug #9168: "LAN net" Does Not Include the IPv6 Addresses Like Link Local Addresses and Privacy Addresses
- How about the "privacy addresses?" I'm assuming pfSense is generating them as part of the Privacy Exentions to SLAAC...
-
12:57 PM
pfSense Packages
Bug #9181 (Resolved): Spelling error in gwled package (0.2.4_1)
- At Interfaces > Gateway Status LEDs, periodic is misspelled as ...
-
- I appear to be having the same issue with pfSense 2.4.4-1:
https://forum.netgate.com/topic/138335/2-4-4_1-unbound-... - 12:45 PM Revision f0dd942c: Merge pull request #4020 from wokis/master
-
-
08:04 AM Bug #9179 (New): NAT reflection fix implemented for #8604 is causing WebUI and XMLRPC to fail on slave
- Ref: https://github.com/pfsense/pfsense/commit/6f8e648f5c88e04166539ab27872b13dfd587cb8 which fixed #8604
Whenever... -
- I can't replicate this on 2.4.4-p1.
Looks like you messed up the package repositories on that box somehow, like ma... -
05:16 AM pfSense Packages Bug #9012: Captive Portal authentication in Squid Proxy Server does not work
- In */etc/inc/captiportal.inc* (ee /etc/inc/captiveportal.inc)
approximatively line 699 (3128 = proxy port)
####... -
- Hello,
In commit f15fdef37ff7c1fcaecc73f2927ba1d7775032b0 the attribute calling_station_id was removed from openvp... -
03:35 AM pfSense Packages Bug #9139: telegraf: add ping for default gateway(s)
- Maybe a upgrade to telegraf 1.7 is sufficient to get ping working ?
From 1.7 changelog #4227: Use same flags for all...
12/06/2018
-
-
- The package doesn't like 2.4.4+...
-
- I fixed the typo but did not bump the package for that minor of a change. The fix will come with whatever update happ...
-
03:22 PM
pfSense Packages
Bug #9176 (Closed): Spelling error in Acme package (0.3.2_4)
- At Services > Acme Certificates > General settings, under Cron Entry, successful is misspelled as ...
-
12:49 PM Bug #9160: OCSP Must-Staple, when checked on the System > Advanced AND on the System > General Setup some IPv6 DNS servers are listed, then the nginx web configurator file will a contain syntax error
- ?! You are right. Forgot all about that one.
Zap my staple story : that "true" one is probably right after all.
Tha... -
- When you have a certificate that requires stapling, you can't disable it or it will break GUI access. Hiding the chec...
-
- Not related, but while I was stapling :...
-
- When using Strongswan as VPN Endpoint on pfsense with IPSEC sometimes "oversized" UDP packets are created in the IKE ...
-
08:45 AM pfSense Packages Bug #9174 (Resolved): Suricata rulesets in 2.4.4_1
- I cannot see rulesets when i create a new interface in Suricata with the Duplicate button from another interface. If ...
-
- There is not enough information here for a valid bug report. I cannot reproduce the problem with only the stated opti...
-
03:31 AM Bug #9172 (Rejected): There were error(s) loading the rules: /tmp/rules.debug
- With NAT Reflection enabled to Pure NAT and option "Automatic create outbound NAT rules that direct traffic back out ...
-
- There is not enough information here for a valid bug report. Please start a thread on the forum at https://forum.netg...
-
04:25 AM Bug #9173 (Rejected): Webgui does not start after reboot
- Hi
I configured my home pfsense to reboot at 4:00 am everyday. However after reboot, the webgui does not restart, ...
12/05/2018
-
- DigitalOcean has updated the returned headers that breaks the check on the return.
-
- (cherry picked from commit f5f79fcc24241f0a76f6a7fe9b32917bee64e393)
-
-
- fe80 is not "LAN Net". It's link-local traffic that can never leave the segment. It shouldn't be hitting the firewall...
-
- Good on latest snap as well.
-
07:49 AM Bug #9163: NPt rule is omitted when /128 mask is given
- Applied from the system patches package and it works perfect
-
- Applied in changeset commit:f5f79fcc24241f0a76f6a7fe9b32917bee64e393.
-
- Note: This also only affects the wizard when setting a static WAN and upstream gateway.
Fix pushed, will show up m... -
- If a gateway existed but was deleted, the config can be left with @<gateways></gateways>@ which leads to a PHP error ...
-
02:53 AM Bug #9169: carriage return handling in OpenVPN custom Options
- Ok, my bad. But this is counter intuitive as the field itself is multi-line capable, and OpenVPN syntaxe doesn't need...
-
02:46 AM Bug #9169 (Rejected): carriage return handling in OpenVPN custom Options
- Separate your custom options with a semicolon as the field instructions and documentation state.
Enter any additio... -
- For one of my OpenVPN server, I use the custom options field to push routes to my client. Eg, I add
push "route 10...
12/04/2018
-
- The Default Allow rule that pfSense generates on the LAN for IPv6 traffic are supposed to allow all IPV6 traffic from...
-
- According to:
https://tools.ietf.org/html/rfc4890#section-4.3.1
"4.3.1. Traffic That Must Not Be Dropped
Err... -
- Please read the upgrade guide. Looks like normal errors that happen during the upgrade from a version <= 2.4.3 to >= ...
-
02:16 PM Bug #9166 (Not a Bug): Failed loading extensions
- Hi, I updated to the latest version 2.4.4 release P1, and I'm getting these errors:
PHP Warning: Failed loading Z... -
- (cherry picked from commit e9446f537051c7b536d0b3fbb5ebd00c3766001a)
-
-
12:41 PM Feature #9165 (New): only IPs can be added to sshguard whitelist
- The new sshguard list feature (see #8864) does only allow addition of IP addresses. I do have the need to include DNS...
-
- Reported in the forum: https://forum.netgate.com/topic/138350/npt-rules-are-not-created-and-no-error-warning-appears
-
- Applied in changeset commit:e9446f537051c7b536d0b3fbb5ebd00c3766001a.
-
- NPt validation skips over a valid rule when the mask of either the source or destination is set to /128.
-
10:50 AM pfSense Packages Bug #9164: Snort barnyard2 / pfSense 2.4.4-p1 issue
- Thanks Jim the pkg install -fy mysql56-client has fixed the issue.
-
- That library is a part of mysql56-client-5.6.41 which is there for 2.4.4-p1. If it isn't pulled in by barnyard2 that'...
-
- After updating to 2.4.4-p1 barnyard2 will no longer run as libmysqlclient.so.18 is missing.
Dec 3 16:34:51 php-fpm... -
09:21 AM Bug #9004: Default gateway IPv4 set to a group fails after restart on 2.4.4
- 2.4.4p1 also affected.
-
08:27 AM Bug #9004: Default gateway IPv4 set to a group fails after restart on 2.4.4
- We also experienced this issue today. Had to set the "Default gateway IPv4" setting to WANGW so that pfSense could ge...
-
- All of the bogon rules get the same tracking ID.
And it's blocked because you didn't solicit that request, and you...
12/03/2018
-
05:21 PM Bug #9059: Update Unbound to 1.8.1
- I was asking if:
@server:@
@so-reuseport: no@
was set in 2.4.4-p1. I guess the answer is no it did not. This i... -
05:11 PM
Bug #9059: Update Unbound to 1.8.1
- Isaac McDonald wrote:
> Did this make it into 2.4.4_1 ?
Huh? We're discussing the bug right now, so I can't see ... -
- Did this make it into 2.4.4_1 ?
-
04:53 PM
Bug #9059: Update Unbound to 1.8.1
- I'm an idiot....
-
04:45 PM
Bug #9059: Update Unbound to 1.8.1
- I found this on the unbound mailing list: https://nlnetlabs.nl/pipermail/unbound-users/2018-October/010991.html
> ... -
04:38 PM
Bug #9059: Update Unbound to 1.8.1
- I can confirm I see the same after 2.4.4-p1...
-
- I updated Unbound to 1.8.1
@pkg update; pkg upgrade unbound@
After the upgrade I found that Unbound appears ... -
- WAN 0.0.0.0:68 255.255.255.255:67 UDP
block bogon IPv6 networks from GIF (11000)
I am unclear how (DHCPv4 b... -
- I am requesting that the rule descriptions in Status -> System Logs -> Firewall be shown for disabled rules and rules...
-
- ... and the result will be : no more GUI.
To begin with, one should have a certificate with the "OCSP Must Staple"... -
- I am requeting an option in Status -> System Logs -> Firewall to filter on the Rule ID #.
-
-
-
-
-
-
12/02/2018
-
03:25 PM pfSense Packages Todo #9158 (Resolved): Updates for Squid 4.x
- hi
the version 4 of squid proxy for "production use" are available
and it's seems that provide better support f...
12/01/2018
-
05:59 PM Feature #8578: /var/unbound/test/unbound_server.pem: No such file or directory
- Cannot restore 'DNS Resolver' or 'All' from browser, both result in NGINX error (500 I think, I didn't write it down)...
-
- I deselected OPT3 (the interface with the changed IP address) from Unbound listening but it makes no difference. When...
-
- I changed the IP address of my OPT3 interface today and now have the same error. Unbound was already listening on thi...
11/30/2018
-
- I'm testing via System Patcher since https://github.com/pfsense/pfsense/pull/3998 went into approved/needs testing an...
11/29/2018
-
04:43 PM Feature #9157 (Rejected): Allow custom DHCP Options per Host
- I have a few raspberry pi's that need a specific option 60 and option 43 in order to do PXE Booting. Setting those op...
-
10:16 AM
Bug #8970 (Feedback): Queues Menu item ends with ":"
- I am now unable to reproduce this.
When first investigating this issue I found that "warteschlangen" had a spuriou... -
- Thanks Luiz and Jim!
While on 2.4.4, I manually switched to Worst-case Weighted fair Queueing (WF2Q+) and seems to... -
- Looks good here. New limiters have WF2Q+ as default. When editing a saved limiter with that scheduler, the new descri...
-
- 0.0.0.0/0 is in the left/rightsubnet list and based on forum feedback this appears to be working with multiple third-...
-
- Starting with @<dhcpd></dhcpd>@ in the config I can reproduce the error without the fix and it works with the fix app...
-
- Based on multiple reports of it being fixed with this change I'd say it looks good. If someone has a different variat...
-
-
- Sorry, I try to edit, it should be under Feature.
-
- Please see here:
https://forum.netgate.com/topic/138156/limit-dhcp-ip-range-for-openvpn-clients-gui-only
Can we h... -
- [quote]I believe that without that option, a client-disconnect script won't be called.[/quote]
After the time-out de... -
03:44 AM Feature #9155 (Resolved): Add driver bnxt for Broadcom NetXtreme interfaces
- The driver for Broadcom NetXtreme-C/E cards is missing in pfSense 2.4.4-RELEASE (amd64), despite being present in the...
11/28/2018
-
06:03 PM Bug #9153: default gateway feature not working properly with gateway groups
- Daniele Sorrenti wrote:
> Already reported here: https://redmine.pfsense.org/issues/9004
Thank you. I didn't find... -
-
- Already reported here: https://redmine.pfsense.org/issues/9004
-
09:35 AM Bug #4479: Firewall rules won't match GRE interface after applying IPSEC transport encryption on GRE tunnel
- I confirm the problem in the version 2.4.4
-
-
-
- See also: #9153
-
03:43 AM pfSense Packages Feature #6226: Add usb_modeswitch to the pfSense package repo
- i tried on pfsense 2.4.4 with same huawei model
and it worked fine
-
- Applied in changeset pfsense:commit:1b988ed0e7168ada9e6260274f63fd84b15873a1.
-
- update for pfsense 2.4.4
run the following command to support pfsense 2.4.4
pkg add http://pkg.freebsd.org/free... -
12:06 AM Bug #9148: PPPoE over a VLAN fails to reconnect.
- I can confirm this fixes the issue.
I also created a failure upstream bringing down one ppp interface. The rest rema...
11/27/2018
-
10:24 PM pfSense Packages Bug #8761: Port Forwarding Rules Stop Working when HAProxy is Configured
- Tj Ng wrote:
> ACat L. Check your HAProxy's advanced settings. Turn off "Transparent ClientIP" and see if NAT works ... -
08:42 PM pfSense Packages Bug #8761: Port Forwarding Rules Stop Working when HAProxy is Configured
- ACat L. Check your HAProxy's advanced settings. Turn off "Transparent ClientIP" and see if NAT works again.
Captiv... -
-
07:35 PM Revision c9f69485: Do not call interfaces_vlan_configure() every time an interface is edited in GUI.
- This is just necessary when a parent interface is changed and we have to propagate the changes to all clones (MTU, FL...
-
- This is just necessary when a parent interface is changed and we have to propagate the changes to all clones (MTU, FL...
-
04:51 PM Bug #9148: PPPoE over a VLAN fails to reconnect.
- Steve Wheeler wrote:
> There looks to be a good chance this is resolved by this:
>
> https://github.com/pfsense/p... -
02:26 PM Bug #9148: PPPoE over a VLAN fails to reconnect.
- There looks to be a good chance this is resolved by this:
https://github.com/pfsense/pfsense/commit/433a8e71f3b68c... -
- The fix for #9115 has made this much better but I still see these issues:
Editing/Saving the VLAN parent interface... -
- I split the parent interface issue off to #9154 -- this one can be closed.
-
- Looks a lot better here with the new method. Editing the parent is still a problem, however, but that can be split of...
-
- This regression is now fixed and only when really necessary the VLANs will be recreated.
-
-
- See #9115 for details/logs. After fixing #9115, editing other VLAN interfaces works well, but editing the VLAN parent...
-
-
- +1. This problem also affects my environment. Default route is not set after restart if default gw is a group gw, and...
-
- It should be resolved now but it's hard to reproduce. We can revisit if bug show up again
-
- Do not enable it by default for now and move to 2.4.5
-
- Works great now!
-
- Works
-
- Works
-
10:03 AM Bug #9075: Firewall rules with aliases are not applied in upgraded 2.4.4
- I am having this issue too, on at least two of my routers. One is a fresh install of 2.4.4_1 with a config uploaded f...
-
- Works
-
- Daniel Clasen wrote:
> Sorry but I can't see how it is not a topic for the ticket system to ask if that is fixed in ... -
06:05 AM Bug #5319: Error message "No config named" in charon daemon
- Sorry but I can't see how it is not a topic for the ticket system to ask if that is fixed in a newer/supported releas...
11/26/2018
-
- The new default gateway feature introduced in 2.4.4 does not appear to work properly with gateway groups.
Steps to... -
- Just adding a new vlan also brings down all pppoe interfaces, with the same exact error.
-
- I can confirm. After making a change to one of the interfaces and hit apply, my pppoe connection over vlan 6 disconne...
-
- I've improted the same patch to pkg's internal libfetch. It'll be available on pkg-1.10.5_6
-
- Fetch works at the command line but @pkg@ still does not....
-
12:11 PM Feature #9152 (Duplicate): Sort diag_states_summary.php by states
- Small improvement to diag_states_summary.php, sort array by states to put top talkers to the top of the tables.
As... -
09:06 AM Feature #6626: Support for IPv6 firewall entries with dynamic delegated prefix and static host address
- On generating the interface identifier using EUI-64 (based on MAC address), the interface identifier are independed b...
-
08:59 AM Bug #8993: PHP error from filter_rules_sort() when config.xml contains no rules
- Ah, cool! Thanks!
-
- Apply the commit listed above using the System Patches package: https://www.netgate.com/docs/pfsense/development/syst...
-
08:43 AM Feature #9032: RADIUS MAC Authentication: display the login page when MAC auth failed
- Ok, I can confirm this works, if we set our login.php (`Portal page contents`) to the error.php (`Auth error page con...
-
- That is not a topic for the ticket system, however, but something you should ask on the forum. The older versions are...
-
- Jim Pingle wrote:
> Testing on 2.4.2 is meaningless. That version is over a year old and 4 (almost 5) releases behin... -
- Testing on 2.4.2 is meaningless. That version is over a year old and 4 (almost 5) releases behind, and several strong...
-
- Still present in 2.4.2-RELEASE-p1
Took me a full day to figure out that this was the problem... Will the bug be fixe... -
- Maybe it would be better to update status immediately after changing, redraw menu with state what would be the result...
-
- IT happens because menu will only change after SSHd is really configured and running and it takes some time depending...
-
- If SSH is disabled from menu, the menu might entry still show Disable Secure Shell. And vice versa if SSH is enabled ...
-
- There is no sync in Quagga or OpenBGPD either.
AFAIR it was done deliberately since in nearly all cases it would b... -
- That's a side effect of how pf parses and reports the rules.
We write out the rule just once with a tracking ID in... -
- Given that issue, this is almost certainly a duplicate of #3334
-
- The @rate@ daemon that gathers data for the table does not support IPv6, which most likely accounts for the discrepan...
11/25/2018
-
- Any way to fix this manually? (i.e. if I don't want to update to dev)
-
03:45 PM Bug #9150 (Resolved): Web authentication RADIUS package shows PHP error if unable to resolve FQDN of RADIUS server
- When the DNS record for the RADIUS server used to configure authentication of the web console was temporarily unavail...
-
- Vladimir Lind wrote:
> Not seeing redirection to block page with enabled MAC block and block URL with IP from the la...
11/24/2018
-
11:56 AM Bug #9149 (Rejected): Continued issues with /tmp and /var in RAM on 2.4
- I've had repeated trouble with upgrades and even non-upgrade-related reboots with pkg configuration. 2.3.5 through 2...
11/23/2018
-
-
- would it be possible to close this issue?
Alternate solutions have been given and this behaviour will likely not ...
11/22/2018
-
- Looks good in:
2.4.5-DEVELOPMENT (arm)
built on Wed Nov 21 05:47:41 EST 2018 -
- PR has been merged. Thanks!
-
- The WF2Q+ was the default scheduler in previous versions, it is well tested and support dynamic queues.
Add a note f... -
- The WF2Q+ was the default scheduler in previous versions, it is well tested and support dynamic queues.
Add a note f... -
-
11:37 AM pfSense Packages Bug #9135: Suricata in inline modus blocks some downloads
- Bill Meeks wrote:
> This bug needs to be reported upstream to the Suricata team. When you use Inline IPS mode, you ... -
- Also include that and Digital Ocean in the help text.
(cherry picked from commit 92c39e9b923792a58b56323a7e2fb46f608... -
-
- In some situations PPPoE fails to reconnect after an upstream outage or making a change locally. The system file logs...
-
- Run it with sudo or use admin/root, not an unprivileged user.
-
10:08 AM Bug #9147 (Rejected): Unable to open /cf/conf/config.xml for writing in write_config() when set easyrule from ssh
- I am using user "ssh" and assinged admins group to ssh pfsense from another server.
When i set easyrule such as "eas... -
- Duplicate of #9119
-
- co da wrote:
> Hi everyone,
> I met crash when set easyrule by command line
> easyrule block lan 192.168.2.2
> me... -
- Hi everyone,
I met crash when set easyrule by command line
easyrule block lan 192.168.2.2
message:
PHP ERROR: Typ... -
07:53 AM Bug #6880: Multiple DHCP6 WAN connections leads to multiple dhcp6c clients
- I have the same issue.
Is there still some work on this bug?
Thanks! -
07:24 AM pfSense Packages Bug #9143: ntopng not displaying values in historical correctly
- I forgot to list versions...
pfSense: ... -
07:18 AM Bug #9145 (Rejected): user based policies with automated client logedon user identification
- It would be great to define policies based on active directory / LDAP or local users and groups.
Also for this to... -
- Sorry everyone, there is some confusion around this bug.
The FIFO scheduler never was the default scheduler and th... -
-
- Tested on VM HA cluster - CE 2.4.5-DEVELOPMENT (amd64) built on Tue Nov 20 16:55:31 EST 2018:
No "Gateways status ... -
04:00 AM Bug #8914: Gateway switch events cause a huge amount of log spew
- Not sure what the acceptable level of log spam is:
Nov 22 09:56:56 check_reload_status Reloading filter
Nov 22 0... -
-
-
03:55 AM Bug #9144: Set interface IP address from console crashes if DHCP is selected
- Wasnt able to reproduce the bug with MBT 4220 pfsense version 2.4.4
-
- On 2.4.5-DEVELOPMENT (amd64) built on Tue Nov 20 18:52:24 EST 2018:
: set | grep http
http_proxy 10.1.1.1:31... -
- Tried on 2.4.5-DEVELOPMENT (amd64) built on Tue Nov 20 16:55:31 EST 2018 (ran pfSsh.php playback gitsync master to ...
-
- Also include that and Digital Ocean in the help text.
Also available in: Atom