Activity

30 days up to

User

Subprojects

Activity

From 02/05/2019 to 03/06/2019

03/06/2019

07:14 PM Revision 632f0dbf: Revert "Remove definitions of conf_mount_r[ow]": Leave functions declaration for now to prevent errors during upgrade.
This reverts commit da3ef5a3b359edb27bb9bb2b88... Renato Botelho
04:28 PM pfSense Packages Bug #9368: ACME certificates cannot have more than ~35 SAN entries due to input variable limits: Should be fixed with this: https://github.com/pfsense/FreeBSD-ports/pull/626
Or would that possibly cause sideeffect... Pi Ba
09:22 AM pfSense Packages Bug #9368 (Resolved): ACME certificates cannot have more than ~35 SAN entries due to input variable limits: The way that acme_certificates_edit.php submits data results in a failure to add more SAN entries due to input variab... Jim Pingle
03:05 PM Todo #9386 (Resolved): Deprecate built-in relayd Load Balancer: As of now, relayd does not function on FreeBSD 12 due to OpenSSL 1.1.x. The port is currently "marked BROKEN":https:/... Jim Pingle
02:07 PM Bug #9385 (Closed): OpenVPN logs a "Device busy" error when opening tap interfaces, but continues to function: On 2.5.0 snapshots, when openvpn starts up, it logs a "Device busy" error, but the error does not appear to harm func... Jim Pingle
02:04 PM Bug #9384 (Confirmed): devd putting "$" before variable contents when using single quotes: On 2.5.0 snapshots, when @check_reload_status@ logs a linkup event, the message contains a @$@ before the interface n... Jim Pingle
02:01 PM Bug #9383 (Resolved): dhcpleases kqueue error: On 2.5.0 snapshots when DHCP lease integration is enabled for the DNS Resolver, the following error is logged at boot... Jim Pingle
01:59 PM Bug #9382 (Resolved): SNMP Undefined symbol "pf_altq": On 2.5.0 snapshots, bsnmpd logs an error message when the pf module is enabled:... Jim Pingle
12:35 PM pfSense Docs Correction #9381: FreeRadius 2.X package documentation and CaptivePortal associated documentation are mostly outdated: Github User, https://github.com/Frotty, commented:
Also perhaps see https://redmine.pfsense.org/issues/8251
I ha... Jared Dillard
12:34 PM pfSense Docs Correction #9381: FreeRadius 2.X package documentation and CaptivePortal associated documentation are mostly outdated: Jimp commented:
I think we've had some discussion about this in the past on the forum. Since we don't support havi... Jared Dillard
12:25 PM pfSense Docs Correction #9381 (Resolved): FreeRadius 2.X package documentation and CaptivePortal associated documentation are mostly outdated: *Github user:* https://github.com/Augustin-FL
*Feedback:*
The FreeRadius 2.X documentation, https://www.netgate... Jared Dillard
12:14 PM pfSense Docs Correction #9380 (Resolved): Feedback on Cache / Proxy — Tuning the Squid Package: *Page:* https://www.netgate.com/docs/pfsense/cache-proxy/squid-package-tuning.html#caching-windows-updates
*Github... Jared Dillard
12:10 PM pfSense Docs Correction #9379 (Resolved): Feedback on Interfaces — Using a Large Number of Interfaces: *Page:* https://docs.netgate.com/pfsense/en/latest/interfaces/index.html#limitations
*Github user:* https://github... Jared Dillard
12:07 PM pfSense Docs Correction #9378 (Closed): Feedback on Virtualization — Virtualizing pfSense with Proxmox: *Page:* https://docs.netgate.com/pfsense/en/latest/recipes/virtualize-proxmox.html
*Github user:* https://github.c... Jared Dillard
12:07 PM pfSense Packages Feature #6651: Loopback interfaces: Slava Bendersky wrote:
> Hello Everyone,
> I would like place request add ability manipulate loopback interfaces th... Slava Bendersky
12:06 PM pfSense Docs Correction #9377 (Rejected): log file format : missing igmp. <protocol-specific-data> ::= <tcp-data> | <udp-data> | <icmp-data> | <carp-data>: *Page:* https://docs.netgate.com/pfsense/en/latest/monitoring/logs/raw-filter-format.html
*Github user:* https://g... Jared Dillard
12:05 PM pfSense Docs Correction #9376 (Resolved): Feedback on System Monitoring — Filter Log Format for pfSense 2.2: *Page:* https://docs.netgate.com/pfsense/en/latest/monitoring/logs/raw-filter-format.html
*Github user:* https://g... Jared Dillard
12:01 PM pfSense Docs Correction #9375 (Resolved): Feedback on ACME - no info on how to use cron: *Page:* https://docs.netgate.com/pfsense/en/latest/packages/acme/index.html
*Github user:* https://github.com/yuri... Jared Dillard
11:57 AM pfSense Docs Todo #9374 (Resolved): Update Virtualizing pfSense with Hyper-V recipe with more recent information: *Page:* https://docs.netgate.com/pfsense/en/latest/recipes/virtualize-hyper-v.html
*Feedback:*
The Hyper-V tuto... Jared Dillard
11:55 AM pfSense Docs Correction #9373 (Closed): Feedback on Services — DNS — Configuring the DNS Resolver: *Page:* https://docs.netgate.com/pfsense/en/latest/services/dns/resolver.html
*Github user:* https://github.com/ja... Jared Dillard
11:53 AM pfSense Docs Correction #9372 (Resolved): Feedback on User Management — Configuring User Authentication Servers: *Page:* https://docs.netgate.com/pfsense/en/latest/usermanager/authentication-servers.html
*Github user:* https://... Jared Dillard
11:50 AM pfSense Docs Correction #9371 (Resolved): Feedback on Testing the FreeRADIUS Package: *Page:* https://docs.netgate.com/pfsense/en/latest/packages/freeradius-test.html
*Github user:* https://github.com... Jared Dillard
11:37 AM pfSense Docs Correction #9370 (In Progress): Update old screenshots: Here is a list of pages that need updated screenshots:
- [ ] https://docs.netgate.com/pfsense/en/latest/recipes/ip... Jared Dillard
11:32 AM pfSense Docs New Content #9369 (New): Document remaining packages: Create pages for the currently undocumented packages in the Package List, https://docs.netgate.com/pfsense/en/latest/... Jared Dillard

03/05/2019

10:00 PM Revision 1d92575e: Update SMART status page with more detail/commands. Implements #9367: Jim Pingle
08:47 PM Revision 144863e3: Fix more illegal offset errors. Issue #9366: Jim Pingle
06:30 PM Revision 86ec819a: Target the proper loop in switch statements. Issue #9365: Jim Pingle
06:27 PM Revision b88050bb: Fix some illegal offset errors. Issue #9366: Jim Pingle
05:22 PM Revision 59449ddb: Fix deeper continues. Issue #9365: Jim Pingle
05:15 PM Revision 05221142: Target the proper loop in switch statements. Issue #9365: Jim Pingle
04:10 PM Todo #9367 (Feedback): Update SMART Page with new capabilities: Applied in changeset commit:1d92575e36db5fd0b9bf2cc6a236dde32aba9239. Jim Pingle
04:01 PM Todo #9367 (Resolved): Update SMART Page with new capabilities: @smartctl@ is capable of showing a lot more information than the current page supports. Update it to show things like... Jim Pingle
02:45 PM Revision f403491d: Move PHP to 7.3.x: Renato Botelho
02:44 PM Revision b2aae111: Add support for PHP 7.3.x: Renato Botelho
02:43 PM Revision ccc60c88: Remove PHP 5.x support: Renato Botelho
02:40 PM Revision 5ec87d10: Move PHP to 7.3.x: Renato Botelho
02:00 PM Bug #8465: Lost default gateway after recover from failover with CARP VIP and HA: Hi all
The problem is still (or again) reproducable.
Best regards
Tom Tom Huerlimann
12:23 PM Bug #9366 (Resolved): "Illegal string offset" PHP errors: We have a patch that suppresses some "Illegal string offset" PHP errors but if the ones we can spot are easy to fix w... Jim Pingle
12:20 PM Bug #9365: Use of "continue" in switch statements can be ambiguous: Two more:... Jim Pingle
11:13 AM Bug #9365 (Closed): Use of "continue" in switch statements can be ambiguous: PHP 7.3 is tightening down on the use of @continue@ in switches. There are instances where the code meant to continue... Jim Pingle
09:08 AM pfSense Packages Bug #9364 (Resolved): squidguard int error page does not use https: Hello,
I'm running these versions on my system(s):
pfSense 2.4.4-RELEASE-p2
squid 0.4.44_7
squidguard 1.16.18_1... Florian Stichlberger

03/04/2019

07:22 AM pfSense Docs Correction #9363 (Closed): Source Tracking Table: That only appears if you have Sticky connections enabled, otherwise it's not relevant. Jim Pingle
07:18 AM pfSense Docs Correction #9363 (Closed): Source Tracking Table: Docs » pfSense » Book » System Monitoring » Firewall States » Reset State Table / Source Tracking Table
The book s... Anonymous

03/03/2019

04:18 AM Bug #9362 (Resolved): rc.dyndns.update: Cloudflare DDNS with proxy enabled doesn't work at all: When updating the DNS record via services_dyndns_edit.php it works normally, but when it tries to update it automatic... Nico Schneider

03/02/2019

05:58 PM Revision acfc3643: Allow Dynamic DNS wildcards for Cloudflare #9361: Tom Embt
12:05 PM Bug #9361: Cloudflare Not Allowing "*" Hostname Entry in Dynamic DNS: https://github.com/pfsense/pfsense/pull/4053
- hide wildcard and MX checkboxes since neither are used by the Cloud... Tom Embt
11:47 AM Bug #9361: Cloudflare Not Allowing "*" Hostname Entry in Dynamic DNS: My comments about Route53 on #9053 likely also apply to Cloudflare here. Assuming so, the solution would differ slig... Tom Embt
11:55 AM Bug #9074: Alias URL lists only storing last-most list in config.: Applied https://github.com/pfsense/pfsense/pull/4002/commits/f5c56bf8189d515af203c398f473c9b3adfff98b and https://git... Danilo Zrenjanin
05:37 AM Bug #9320: Outbound NAT and multiple IPSEC IPs for mobile warriors: Applied https://github.com/pfsense/pfsense/pull/4049/commits/8897cbce7fc410029ac367eeee7c12261fec896f via system_pat... Vladimir Lind

03/01/2019

07:23 PM Revision ac512a11: Move to python 3.6 as default: Renato Botelho
07:06 PM Bug #9361 (Resolved): Cloudflare Not Allowing "*" Hostname Entry in Dynamic DNS: Cloudflare allows wildcard A records and the pfSense DDNS page has a wildcard checkbox (since 2.3?), but it will thro... Will Rutherford
02:23 PM Todo #9360 (Resolved): Switch to Python 3.x: Python 2.7.x is not long for this world, going EOL on "Jan 1, 2020":https://pythonclock.org/
We need to ensure the... Jim Pingle
09:38 AM Bug #9223: SSHGUARD doesn't work as expected: FYI
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20798
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CV... Joshua Sign

02/28/2019

07:52 PM Bug #5999: IPv6 IP Alias prevents Track Interface from working with DHCPv6 and RA: As far as I can tell there are too many assumptions placed on the order of the addresses on the interfaces.
There ... Chris Linstruth
05:48 PM Revision c5663bf5: Comment out all pfSense_fsync() calls until it's properly fixed: Renato Botelho
04:02 PM Revision c03dc57f: pfSense_fsync() call just before rename() is breaking it. Comment out for now until it's fixed: Renato Botelho
01:06 PM Revision da3ef5a3: Remove definitions of conf_mount_r[ow]: Renato Botelho
01:05 PM Revision 9c078e31: Remove /etc/conf_mount_r[ow]: Renato Botelho
12:49 PM Revision 522388a7: Remove all calls to conf_mount_r[ow]: Renato Botelho
10:15 AM pfSense Packages Todo #9354 (Feedback): Update OpenVPN Client Export with OpenVPN 2.4.7: The OpenVPN 2.4.7 Windows installer is included in OpenVPN Client Export Package version 1.4.18_3, which is available... Jim Pingle
10:03 AM Bug #9359 (Resolved): diag_tables.php duplicate entries from webConfigurator lockout table: Entries in the webConfigurator Lockout Table are always listed, whatever the table you select.
Possible fix shou... Joshua Sign
09:35 AM pfSense Packages Bug #8476 (Resolved): OpenVPN Client Export TLS Key Direction Directive Location: ovpn configuration file exported from:
2.4.5-DEVELOPMENT (amd64)
built on Wed Feb 13 06:09:38 EST 2019
FreeBSD 11.... Danilo Zrenjanin
09:35 AM Revision 9df78d6b: Do not initialize t_address in loop: Paul.Bramhall
06:10 AM Bug #9358 (Closed): Lost default gateway after recover from failover with CARP VIP and HA: The same issue #8465 is back on 2.4.4-RELEASE-p2 (amd64) built on Wed Dec 12 07:40:18 EST 2018. Tested with one WAN I... Christian Grunfeld

02/27/2019

10:02 PM Revision 90639e0a: Rename exclude files to work with armv7: Renato Botelho
09:03 PM Revision e200e241: Fix armv7 ABI string: Renato Botelho
07:34 PM Revision 82b59cee: On FreeBSD 12+ move from armv6 to armv7: Renato Botelho
04:22 PM Revision fe0a068b: Revert "pfSense_fsync() call just before rename() is breaking it. Comment out for now until it's fixed": pfSense_fsync() is fixed now
This reverts commit cea9d3b7dc6f7ac8450a2a8f4b630b1b6b69827b. Renato Botelho
02:55 PM Bug #8465: Lost default gateway after recover from failover with CARP VIP and HA: The same issue is back in 2.4.4-RELEASE-p2 (amd64) built on Wed Dec 12 07:40:18 EST 2018. Tested with one WAN IP (/30... Christian Grunfeld
12:09 PM Revision 67f15b5e: Update loader.conf when maximumtableentries changes: On Firewall -> Advanced -> Firewall, when maximumtableentries item
changes, make sure /boot/loader.conf is changed ac... Renato Botelho
12:06 PM Revision 117f032c: Add net.pf.request_maxcount to loader.conf: On FreeBSD 12 and newer pf uses this sysctl to define maximum number of
items supported by its allocations. Make sur... Renato Botelho
10:00 AM Bug #9357: rc.newwanipv6 called regardless of REASON: We probably need something like a "copy" of /usr/local/sbin/pfSense-dhclient-script here, just for IPv6 Flole Systems
09:56 AM Bug #9357 (Closed): rc.newwanipv6 called regardless of REASON: The dhcp6c_wan_script.sh does not honor the REASON-Variable set by the dhcp6c process. Even though it is RENEW and th... Flole Systems
07:31 AM Todo #9356 (Closed): Find optimal default for net.pf.request_maxcount: FreeBSD 12 introduced a new sysctl, @net.pf.request_maxcount@, which must be set in loader.conf (or loader.conf.local... Jim Pingle

02/26/2019

08:15 PM Revision c16a2fe1: Remove invalid MACs from sshd_config: Renato Botelho
07:09 PM Revision cea9d3b7: pfSense_fsync() call just before rename() is breaking it. Comment out for now until it's fixed: Renato Botelho
05:04 PM Revision 295b0d2b: Fix path relative to MAKEOBJDIRPREFIX to FreeBSD 12+ reality: Renato Botelho
10:57 AM pfSense Packages Bug #9355 (Bogus): Telegraf Package - https for InfluxDB Server: Setup Telegraf to send stats to InfluxDB
When trying https:// in url no stats until http:// used.
Would prefer to... Erin O'Meara
08:43 AM pfSense Packages Todo #9354 (Resolved): Update OpenVPN Client Export with OpenVPN 2.4.7: OpenVPN 2.4.7 released last week, needs updated in the OpenVPN client export package: https://openvpn.net/community-d... Jim Pingle
08:35 AM pfSense Packages Bug #9345 (Resolved): Quagga Ospf MD5 interface password truncated to 15 characters: Jim Pingle
12:05 AM pfSense Packages Bug #9345: Quagga Ospf MD5 interface password truncated to 15 characters: Tested for FRR OSPF (version 0.2_7). Thank you for the quick fix. Henning Rogge

02/25/2019

04:15 PM Bug #9353 (New): PHPSession errors from limited access to dashboard and widgets: If you login with a user who has privilege 'WebCfg - System: Login / Logout / Dashboard' and you have widgets on the ... Steve Wheeler
04:04 PM pfSense Packages Bug #9352 (Resolved): Duplicate default views in Status Monitoring that can't be removed.: Ended up with multiple "Default" views under status monitoring that could not be removed. When attempting to create a... Mike A
03:15 PM Bug #9351: need option for repeated DHCP retries: the cable modem (Arris/Moto SB6183) has no ip, its a bridge, the gateway is somewhere at my ISP. the modem stays al... John Pierce
02:59 PM Bug #9351: need option for repeated DHCP retries: "propose you add an option to keep retrying DHCP renews on the WAN when the gateway becomes inaccessible." - Based on... Anonymous
02:41 PM Bug #9351 (Duplicate): need option for repeated DHCP retries: every time my cable company has an outage of more than a few minutes, pfsense ends up with no IP address on WAN, and ... John Pierce
02:56 PM Revision 4ee79051: Update translation files: Renato Botelho
02:56 PM Revision 7f58d21b: Regenerate pot: Renato Botelho
02:55 PM Revision 7fac4101: Update translation files: Renato Botelho
02:26 PM Bug #6876 (Resolved): Firewall alias issue after adding a wrong alias: Anonymous
02:09 PM Revision 303e7fed: Regenerate pot: Renato Botelho

02/24/2019

04:38 PM Revision 3cd21b4e: Routing, actually show the "(default)" mark on the default route as it is present on the OS: Most obvious problem was when manually switching from WANGW1 to WANGW2 it showed both as (default) after saving the s... PiBa-NL

02/23/2019

11:41 AM pfSense Packages Bug #9350 (Resolved): not appear proxy config: This problem is observed when using "squid" and "squidguard" packages together. If you enter values in the "blacklist... Yuran Yastreb
11:24 AM Bug #9349: IPSec service start/stop/restart fails after settings change: Hi.
I mixed the logs (stop/restart) but the problem is the same and I understand your explanation. Nevertheless th... Markus Stockhausen
08:14 AM Bug #9349: IPSec service start/stop/restart fails after settings change: The mode on that says "stop", not restart.
Try a different browser, you may see a more informative error message.
... Jim Pingle
07:58 AM Bug #9349: IPSec service start/stop/restart fails after settings change: Hi Jim,
I do not think so. I captured the network traffic in the browser and can see the following request being s... Markus Stockhausen
07:50 AM Bug #9349: IPSec service start/stop/restart fails after settings change: This is most likely because your browser is refusing to refresh the page to update the controls because it would invo... Jim Pingle
07:17 AM Bug #9349 (Confirmed): IPSec service start/stop/restart fails after settings change: There seems to be some weird behaviour when changing things on the advance IPsec servie settings tab. As soon as you ... Markus Stockhausen

02/22/2019

12:08 PM pfSense Packages Bug #9348 (New): Results of Acme certificate issuance/renewal are not properly formatted: The results of an Acme certificate issuance/renewal aren't properly formatted. Even when there are no errors the resu... Isaac McDonald
11:21 AM pfSense Packages Bug #9347: Domain SAN list displays "Key Algorithm: HMAC-MD5, API Endpoint: portal.nexcess.net": This happens because those options have drop-down selectors without a 'none' option (since it's required for their re... Jim Pingle
11:08 AM pfSense Packages Bug #9347 (Resolved): Domain SAN list displays "Key Algorithm: HMAC-MD5, API Endpoint: portal.nexcess.net": The domain SAN list displays "Key Algorithm: HMAC-MD5, API Endpoint: portal.nexcess.net" regardless of the update met... Isaac McDonald
07:32 AM Bug #9344: OpenVPN click NCP Algorithms will always go to DH Parameters website(in Chinese-Taiwan): There is a @</a>@ in the code, see source:src/usr/local/www/vpn_openvpn_server.php#L862 -- but it's run through @spri... Jim Pingle
12:29 AM Bug #9344: OpenVPN click NCP Algorithms will always go to DH Parameters website(in Chinese-Taiwan): I found the problem.
HTML
請參閱〈a href="https://doc.pfsense.org/index.php/DH_Parameters"〉維基百科文章。
it's should add... Roll Stone
07:22 AM pfSense Packages Bug #9345 (Feedback): Quagga Ospf MD5 interface password truncated to 15 characters: Fix pushed. Will be available once the packages rebuild. Jim Pingle
07:20 AM pfSense Packages Bug #9345 (In Progress): Quagga Ospf MD5 interface password truncated to 15 characters: The code in the quagga was cutting it down to 15 characters, and that code was copied to FRR. Easy fix, will be up sh... Jim Pingle
02:03 AM pfSense Packages Bug #9345: Quagga Ospf MD5 interface password truncated to 15 characters: The same seems to be true for the FRR Ospfd package. Henning Rogge
01:40 AM pfSense Packages Bug #9345 (Resolved): Quagga Ospf MD5 interface password truncated to 15 characters: I am working with the quagga_ospf package for pfsense and noticed that the Web-GUI seems to cut of MD5 password strin... Henning Rogge
07:11 AM Bug #9346 (Not a Bug): Problem Check_MK port 6556: Issues on this tracker must be reported in English only.
Running the text through a translator, it looks like a su... Jim Pingle
04:38 AM Bug #9346 (Not a Bug): Problem Check_MK port 6556: Hallo,
habe check_mk seit vielen Jahren im Einsatz, läuft zu 100%.
Nun beim Kunden eine neue SG-3100 aufgestellt,... Richard Kohn
03:48 AM Bug #9338: igmpproxy ignoring downstream vlan interface: And it also ignores IGMPs from GRE interfaces:... Daniel Kucera

02/21/2019

09:24 PM Bug #9344 (New): OpenVPN click NCP Algorithms will always go to DH Parameters website(in Chinese-Taiwan): OS:2.4.4-RELEASE-p2
When I using Chinese-Taiwan language.
And edit OpenVPN settings.
When click NCP Algorithms... Roll Stone
07:01 PM pfSense Packages Bug #9211: GeoIP broken in pfSense-pkg-ntopng-0.8.13_3: Any ETA on this please?
B D
04:19 PM Revision a1032feb: Update privileges: (cherry picked from commit 3b3e31c248b8185372251f8bd2fbc2a95652a7ec) Jim Pingle
04:18 PM Revision 3b3e31c2: Update privileges: Jim Pingle
01:07 PM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: I've also ruled out some other possibilities below -
Not the issue:
https://docs.netgate.com/pfsense/en/latest/fi... Eduard Rozenberg
12:14 PM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: I can confirm my issue is the same as described by the other posters on this bug.
Logs show that filterdns claims ... Eduard Rozenberg
12:42 PM pfSense Packages Bug #9340: Buypass CA does not support wildcard: At Let's encrypt:
acme1: https://acme-staging.api.letsencrypt.org/directory
acme2: https://acme-staging-v02.api.let... Idar Lund
02:07 AM Bug #8463: Performance Regression in 2.4.3 under KVM: In the end I moved to FQ_CODEL so this ticket, while probably still an issue, can be closed. Anonymous
01:41 AM Bug #9343: diag_arp.php times out with large DHCPD leases table: I'm seeing slow or timed out page loads on systems with 10,000+ leases in the dhcpd file, 3.3mb+ in size. I'd review... Anthony Hernandez
01:38 AM Bug #9343 (New): diag_arp.php times out with large DHCPD leases table: the diag_arp.php file is reading and parsing the full dhcpd file for many items that it doesn't use or need.
Anthony Hernandez

02/20/2019

08:24 PM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: Shortly after I posted my problem above 20 days ago, it started working again on its own.
Then today, it is again ... Eduard Rozenberg
07:09 PM Bug #9342 (Not a Bug): SSH To Public IP Of pfSense Router Bricks Firewall Until Restart On XG-7100: Either a forum thread or open a support case at https://go.netgate.com -- It's definitely not typical, I ssh to the W... Jim Pingle
05:50 PM Bug #9342: SSH To Public IP Of pfSense Router Bricks Firewall Until Restart On XG-7100: @Tim:
Alright thanks for the response, sorry for clogging up your bug system! Alex Trottier
05:32 PM Bug #9342: SSH To Public IP Of pfSense Router Bricks Firewall Until Restart On XG-7100: I would suggest moving this to the forums. This certainly isn't a common/reproducible bug otherwise we'd all be stuf... Anonymous
05:15 PM Bug #9342: SSH To Public IP Of pfSense Router Bricks Firewall Until Restart On XG-7100: To clarify what I mean by brick is that all network related functionality seems to cease, my openvpn connection goes ... Alex Trottier
05:08 PM Bug #9342 (Not a Bug): SSH To Public IP Of pfSense Router Bricks Firewall Until Restart On XG-7100: Coreboot version: ADI_PLCC-01.00.00.10
pfSense version: 2.4.4-RELEASE-p2
Issue:
While doing some pen-testing o... Alex Trottier
02:19 PM Feature #9341 (Resolved): Support DNS Made Easy authentication without a username: Currently, pfSense's help says that the username field should hold the "Dynamic DNS ID" (the same as the hostname), w... Matthew Fearnley
09:27 AM pfSense Packages Bug #9340: Buypass CA does not support wildcard: We can remove the "ACME v2" label from Buypass but the error message you quote doesn't appear to come from this packa... Jim Pingle
09:21 AM pfSense Packages Bug #9340 (Resolved): Buypass CA does not support wildcard: The BuyPass server is listed as "acmev2":
BuyPass Production ACME v2 (Applies rate limits to certificate requests)
... Idar Lund

02/19/2019

09:33 PM pfSense Packages Bug #9339 (Resolved): Misc typos in pfsense/FreeBSD-ports: I'm not entirely sure where this belongs, but I wanted to point out a cross-post of mine for fixing some typos in the... Bryan Stenson
02:18 PM pfSense Packages Bug #9322: telegraf "Additional configuration for Telegraf" lost configuration after reboot: I can confirm the same issue. Aaron Morris
12:15 PM Revision c93693aa: Remove www/squid from bulk list, it's listed as dependency now: Renato Botelho
09:20 AM Bug #1943: PPPoE won't reconnect after link loss when using vr(4) NICs on certain ISPs only: Seems the bug is still present in 2.4.4 (running on SG-2220).
We got a wan interruption (they cut the cable while do... Max Power
07:40 AM Revision 8897cbce: Outbound NAT and multiple IPSEC IPs for mobile warriors: christian christian
07:00 AM Bug #9338 (New): igmpproxy ignoring downstream vlan interface: Hi,
following config doesn't accept any IGMP joins on VLAN 13 interface:... Daniel Kucera

02/18/2019

07:19 PM Revision 28e3831c: Revert "Use the OpenSSL from ports for now.": This reverts commit d73d911c2a545d4485a3d752dd31759d4b96a445. Renato Botelho
07:19 PM Revision eb6653ca: Revert "Build p5-GSSAPI using MIT while using openssl from ports": This reverts commit b018b7afc71b26a75699a920c2434459546e5254. Renato Botelho
07:19 PM Revision 2c5fafae: Revert "Disable other GSSAPI options to prevent conflict": This reverts commit 6b2acc671a16a00d7cc2ee3813a65cccb2729a2f. Renato Botelho
07:19 PM Revision c7f35019: Revert "Make sure syslog-ng also uses openssl from ports": This reverts commit bc16670bdf5147e46ea155004d7d540ab21b4fba. Renato Botelho
05:27 PM Revision bc16670b: Make sure syslog-ng also uses openssl from ports: Renato Botelho
05:26 PM pfSense Packages Bug #8329 (Closed): Cellular Package Change link to symlink: PR looks like it was merged Jared Dillard
02:41 PM pfSense Packages Bug #9318 (Resolved): Acme - standalone validation takes long time to start internal server: Should be fixed in the ACME pkg update I just pushed, 0.5.4 Jim Pingle
07:28 AM pfSense Packages Bug #9318: Acme - standalone validation takes long time to start internal server: Fixed: https://github.com/Neilpang/acme.sh/commit/97147b594b185786ef1d69ce0d85b70a91f0ccc9
:) Greg M
11:49 AM Feature #9336: Make Dynamic DNS update notification e-mail optional: Jim Pingle wrote:
> Many do, but they don't necessarily change every day. But usually if someone has dynamic DNS the... Sven L
11:39 AM Feature #9336: Make Dynamic DNS update notification e-mail optional: Many do, but they don't necessarily change every day. But usually if someone has dynamic DNS they want to know that i... Jim Pingle
11:37 AM Feature #9336: Make Dynamic DNS update notification e-mail optional: Jim Pingle wrote:
> And you are wrong about what the majority of users wants. We've had numerous requests over the y... Sven L
10:59 AM Feature #9336: Make Dynamic DNS update notification e-mail optional: Blocking on the server side is possible for many (e.g. sieve on self-hosted servers, gmail filtering, etc). Most mail... Jim Pingle
10:52 AM Feature #9336: Make Dynamic DNS update notification e-mail optional: Jim Pingle wrote:
> Removed "useless" from the subject and reworded.
>
> You could also filter this easily on you... Sven L
10:26 AM Feature #9336: Make Dynamic DNS update notification e-mail optional: Removed "useless" from the subject and reworded.
You may not want it, that does not make it useless. There are man... Jim Pingle
10:18 AM Feature #9336 (New): Make Dynamic DNS update notification e-mail optional: I'd like to keep pfsense email notifications enabled, unfortunately we have a dynamic ip that changes every day and w... Sven L
10:40 AM pfSense Packages Bug #9337 (Closed): Telegraf ping input fails: The telegraf ping input does not work correctly as it appears to use Linux specific command line parameters for the p... Aaron Morris
10:19 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: I've just downgraded a test-machine to 2.4.4 release, and that works fine. Keeping it there for a while. Robert Gijsen
07:52 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: 2.4.4-RELEASE-p2, I've had this multiple times. At the moment I can even sort of reproduce it.
When adding hosts to ... Robert Gijsen
09:42 AM Bug #7425: dhclient not sending option 77: That is exactly what the GUI option will put into the config but you have to ensure:
1. That you check the "Enable... Jim Pingle
09:35 AM pfSense Packages Bug #9335 (Feedback): Stored XSS in HAProxy / haproxy_listeners_edit.php: fix committed in haproxy pkg v 0.59_16 and haproxy-devel pkg v 0.59_17
* https://github.com/pfsense/FreeBSD-ports/... Jim Pingle
09:19 AM pfSense Packages Bug #9335 (Feedback): Stored XSS in HAProxy / haproxy_listeners_edit.php: There is a stored XSS on haproxy_listeners.php via parameters submitted on haproxy_listeners_edit.php:
The followi... Jim Pingle
07:55 AM Bug #9325: problem with flexible limiter in multiWAN environment: EDIT:
I found a workaround, i.e. I've set up floating rules (direction = in; attached to LAN interfaces; GW = GW1 fo... Adam Lewandowski
07:25 AM Bug #8758: filterdns stops working on a regular basis.: This is a closed/resolved issue. If you have problems with filterdns, they are likely already covered by #9296 -- add... Jim Pingle
07:21 AM Bug #8758: filterdns stops working on a regular basis.: 2.4.4-RELEASE-p2, I've had this multiple times. At the moment I can even sort of reproduce it.
When adding hosts to ... Robert Gijsen
06:42 AM Bug #7958: Upgrade 2.4.0: IP alias with FQDN doesn't work any more: filterdns has been rewritten since this bug report. If there is an issue now, it is likely covered by #9296 Jim Pingle
03:43 AM Bug #7958: Upgrade 2.4.0: IP alias with FQDN doesn't work any more: We're running 2.4.4-RELEASE-p2 (amd64), but the issue is still there for us. Over the last two weeks I've had two occ... Robert Gijsen
06:40 AM Bug #9328 (Not a Bug): Static routes set by system.inc for DNS gateway bindings are not binded on the good NICs: Doesn't matter what you choose for the interface, overlapping subnets and duplicate gateways are not supported. Jim Pingle
02:54 AM Bug #9328: Static routes set by system.inc for DNS gateway bindings are not binded on the good NICs: Hello,
I discovered that this behaviour was related to the current settings, with 2 gateways on the same subnet, s... Alexandre Anriot

02/17/2019

10:23 PM Bug #9334 (Resolved): bogus dialogue on Limiter deletion: When deleting the last row of the Limiter config - an error "The last row may not be deleted." appears.
Clicking O... David Burns
10:10 PM Bug #9333: limiters still active when marked inactive: When any Limiter(s) is updated /tmp/rule.limiter is regenerated on Apply Changes.
Why doesn't a Diagnostics / Stat... David Burns
09:10 PM Bug #9333: limiters still active when marked inactive: If there are no connections it isn't "active" -- It may be in the list, but if nothing is using it, then it isn't "ac... Jim Pingle
09:08 PM Bug #9333: limiters still active when marked inactive: Thanks Jim
There were no active connections.
Regardless as per your suggestion I nuked the state table yet the... David Burns
08:54 PM Bug #9333 (Not a Bug): limiters still active when marked inactive: After making any change to limiters you must reset the state table, or old connections could still be active on the o... Jim Pingle
08:43 PM Bug #9333 (Not a Bug): limiters still active when marked inactive: Summary
Using limiters for network testing - it appears that modifying config of limiters so that they are inactive ... David Burns
04:07 AM Bug #9331: Parallel Rekey fails for multiple Child SAs: Thanks for the feedback about the pull request. I deleted the old one and added the sustained solution.
https://gi... Markus Stockhausen

02/16/2019

04:40 PM Bug #9332 (Not a Bug): PHP Fatal error: Allowed memory size of 536870912 bytes exhausted: Not really an error we can fix there. A command or bit of code run manually on that page used too much memory. Jim Pingle
04:20 PM Bug #9332 (Not a Bug): PHP Fatal error: Allowed memory size of 536870912 bytes exhausted: I have a Netgate XG-7100 at home and I noticed this php memory allocation error.
amd64
11.2-RELEASE-p6
FreeBSD ... Ken Vizena
12:54 PM Bug #9331: Parallel Rekey fails for multiple Child SAs: Pull request added https://github.com/pfsense/pfsense/pull/4051 Markus Stockhausen
12:40 PM Bug #9331 (Resolved): Parallel Rekey fails for multiple Child SAs: We are running a IKEv1 VPN connection towards a Watchguard firewall cluster. It has 10 Tunnel definitions. Whenever t... Markus Stockhausen
10:29 AM Feature #9330 (Closed): Failover automatically invokes Failback: Possible to request that the ability to automatically Failback post restoration of Primary is roadmapped or catered f... pat campbell

02/15/2019

09:58 AM Bug #9328 (Not a Bug): Static routes set by system.inc for DNS gateway bindings are not binded on the good NICs: Hello,
We are running a POC with 2 WAN gateways which use their own DNS servers on a per-FAI basis.
The 2 gatew... Alexandre Anriot
09:04 AM Bug #9264 (Resolved): Disabling "IPv6 over IPv4 Tunneling" breaks config: Tested on:
2.4.5-DEVELOPMENT (amd64)
built on Wed Feb 13 06:09:38 EST 2019
FreeBSD 11.2-RELEASE-p8
No warnin... Danilo Zrenjanin
08:47 AM Bug #9327: Using the character "¤" in OpenVPN password field creates invalid config.xml: It happens because that password field is not CDATA escaped or encoded with base64 in config.xml -- The character you... Jim Pingle
03:22 AM Bug #9327 (Resolved): Using the character "¤" in OpenVPN password field creates invalid config.xml: Hi!
Maybe you guys want to know about this one. First post for me to this bugtracker. Hope I'm doing things right he... Mikael Östergren
07:23 AM Bug #9004: Default gateway IPv4 set to a group fails after restart on 2.4.4: Renato Botelho wrote:
> PR has been merged, thanks
Thanks! Tiago Alves da Silva
07:23 AM Bug #9004: Default gateway IPv4 set to a group fails after restart on 2.4.4: Doesn't work on 2.4.4, but on 2.4.4-P1 is fine. Tiago Alves da Silva

02/14/2019

08:16 PM Revision 9ce9391a: Update gwlb.inc: (cherry picked from commit 58d009bc41137e77d799e53a8ce8c02215274eac) kkr0kk
08:16 PM Revision e8a6717c: Update gwlb.inc: Correct BUG 9004 -> set the default gateway when system start and a gateway_group is default IPV4 gateway
(cherry pi... kkr0kk
08:16 PM Revision ac3309d5: Merge pull request #4034 from kkr0kk/patch-2: Renato Botelho
05:29 PM Bug #9326 (Duplicate): Clearing states for specific IP won't work: This is almost certainly a duplicate of #9270 Jim Pingle
03:29 PM Bug #9326: Clearing states for specific IP won't work: I checked the changes and found nothing that could fix this behaviour and considered all the changes not worth updati... Flole Systems
02:50 PM Bug #9326: Clearing states for specific IP won't work: Please do not report bugs from anything but the current version, which is 2.4.4-p2. Chris Linstruth
02:46 PM Bug #9326: Clearing states for specific IP won't work: It's been in there since quite a while, I never reported it though. It's definitely in 2.4.4-RELEASE-p1. Flole Systems
02:42 PM Bug #9326: Clearing states for specific IP won't work: Everyone can just guess which version you're reporting this against? Anonymous
01:23 PM Bug #9326 (Duplicate): Clearing states for specific IP won't work: When I use the Webinterface to filter for a specific IP and then click on "clear all states" they are still staying t... Flole Systems
02:18 PM Bug #9004 (Feedback): Default gateway IPv4 set to a group fails after restart on 2.4.4: PR has been merged, thanks Renato Botelho
11:32 AM Bug #7425: dhclient not sending option 77: Luiz Souza wrote:
> It is now possible to set the VLAN Priority for DHCP requests (the same way that is done in DHCP... Bob Gray
05:15 AM pfSense Packages Bug #9318: Acme - standalone validation takes long time to start internal server: It IS bug, reported upstream: https://github.com/Neilpang/acme.sh/issues/2096
https://forum.netgate.com/topic/1405... Greg M
05:06 AM Bug #9325 (Not a Bug): problem with flexible limiter in multiWAN environment: Hi,
I'm observing serious problems with flexible limiters set using floating rules. Let me start from the beginnin... Adam Lewandowski
02:49 AM Bug #9324: IPv6 on top of a PPPOE ipv4 interface assigns parent interface to default route, not pppoe interface: https://gist.github.com/tandyuk/acc330c69f466177ba7877c7b7728d69 James Tandy
02:47 AM Bug #9324 (Resolved): IPv6 on top of a PPPOE ipv4 interface assigns parent interface to default route, not pppoe interface: Hi,
Have been seeing this since at least 2.4, and persists in 2.4.4-p2
WAN: vdsl, via modem on em1
ipv4 config:... James Tandy
02:41 AM Feature #9323 (Resolved): Option to hide 'Kernel PTI' from sysinfo widget: https://github.com/pfsense/pfsense/pull/4050 Ryan W

02/10/2019

04:50 PM pfSense Packages Feature #9315 (New): Add Package: dnscrypt-proxy: !https://i.ibb.co/1GdDyGs/dnscrypt-proxy.png!
Hi all,
I've lately been manually installing the awesome GitHub p... neo b.
03:01 PM Bug #9314 (Not a Bug): if interface list is longer then the browser window is high you cant manage all interfaces: That can only happen if you have the menu set to stay in the browser window when you scroll. Change it to stay at the... Jim Pingle
02:41 PM Bug #9314 (Not a Bug): if interface list is longer then the browser window is high you cant manage all interfaces: Hi!
We just added another 30 interfaces to our pfSense setup (Alot of VLAN) and i noticed that if the list of inte... Ola Ekegren
11:02 AM Bug #9313 (Resolved): PHP Fatal error: Uncaught Error: Call to a member function addGlobal() on null in /usr/local/www/firewall_shaper_vinterface.php:415: Crash report begins. Anonymous machine information:
arm
11.2-RELEASE-p6
FreeBSD 11.2-RELEASE-p6 #4 ed5153fb2b9(... Anonymous

02/09/2019

08:37 PM pfSense Packages Bug #9312 (Duplicate): Once nmap package completes a scan, the pfSense menu becomes unresponsive: Duplicate of #8502 Jim Pingle
01:54 PM pfSense Packages Bug #9312 (Duplicate): Once nmap package completes a scan, the pfSense menu becomes unresponsive: On latest 2.4.5 snapshot, with nmap package version 1.4.4_1, once a user runs a scan in the WebGUI with nmap, the pfS... Anonymous
03:10 AM Feature #6960: Introduce Kea DHCP as an alternative DHCP server for IPv4 and IPv6: Any progress on Kea dhcp? It looks like ISC has allocated more resources to Kea and put the legacy ISC dhcp in the ba... Bogdan P
01:29 AM Bug #9311 (Resolved): Captive Portal continues to limit per-user bandwidth when not enabled: In a Captive Portal, this bug occurs after using the "Enable per-user bandwidth restriction" feature and specifying d... Polar Nerd

02/08/2019

03:07 PM Bug #6876: Firewall alias issue after adding a wrong alias: Tried to reproduce on latest 2.4.5 snapshot:
Made a couple of aliases, one for the machine I am using to connect t... Anonymous
01:25 PM pfSense Docs Correction #9310: Appliances with internal switch need the MAC Address section of their Getting Started guides updated: For SG-1100 where the user wants to spoof the MAC address for WAN in a single-WAN configuration, the user can assign ... Anonymous
10:29 AM pfSense Packages Feature #9265 (Resolved): Add options to configure TIMEOUTclose and debug on stunnel package: Jim Pingle
10:23 AM pfSense Packages Feature #9265: Add options to configure TIMEOUTclose and debug on stunnel package: tested on CE built on Thu Feb 07 19:44:20 EST 2019 <--> factory built on Thu Feb 07 18:13:07 EST 2019
tested web ... Vladimir Lind
07:12 AM Bug #9004: Default gateway IPv4 set to a group fails after restart on 2.4.4: Normally work on 2.4.4 p1 & p2 for sure, maybe 2.4.4
try this :... jonathan MANTOVANI
07:06 AM Bug #9004: Default gateway IPv4 set to a group fails after restart on 2.4.4: Ioannis Kampolis wrote:
> jonathan's fix works.
>
> Thank you very much!
Tried on 2.4.4-RELEASE and the code g... Tiago Alves da Silva

02/07/2019

09:14 PM pfSense Docs Correction #9310 (Closed): Appliances with internal switch need the MAC Address section of their Getting Started guides updated: At https://docs.netgate.com/pfsense/en/latest/solutions/sg-1100/getting-started.html#mac-address
https://docs.netg... Anonymous
04:24 PM Revision 51b58d81: Ticket #9308: Sort country codes: Renato Botelho
04:24 PM Revision 63cf3f32: Ticket #9308: Sort country codes: Renato Botelho
03:48 PM Feature #1831: Captive portal IPv6 support: If authentication is based on IP Address yes, if it would be based on MAC Address then no.
If it's not MAC based t... Flole Systems
03:37 PM Revision 70cee41e: Fix #9308: Obsolete now unused /etc/ca_countries: Renato Botelho
03:37 PM Revision 54d88644: Ticket #9308: Replace use of /etc/ca_countries by get_cert_country_codes(): Renato Botelho
03:37 PM Revision a56762ba: Ticket #9308: Implement get_cert_country_codes() to get the list of country codes to be used by CAs and Certs: Renato Botelho
03:37 PM Revision 988640d3: Make get_countr_code() parameter default to 'ALL': Renato Botelho
03:35 PM Revision a2b80f45: Fix #9308: Obsolete now unused /etc/ca_countries: Renato Botelho
03:34 PM Revision 232b1a69: Ticket #9308: Replace use of /etc/ca_countries by get_cert_country_codes(): Renato Botelho
03:34 PM Revision 6a532672: Ticket #9308: Implement get_cert_country_codes() to get the list of country codes to be used by CAs and Certs: Renato Botelho
02:57 PM Revision d166b7e2: Make get_countr_code() parameter default to 'ALL': Renato Botelho
02:29 PM Feature #9309: Allow manual selection of IPsec IKE Pseudo-Random Function (PRF): Thanks Jim for pointing out the documentation - but the documentation does not match the implementation:
The docum... Florian K.
01:42 PM Feature #9309: Allow manual selection of IPsec IKE Pseudo-Random Function (PRF): That's what AES-XCBC is for:
https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/configuring-a-site-to-site-ipsec... Jim Pingle
01:26 PM Feature #9309 (Resolved): Allow manual selection of IPsec IKE Pseudo-Random Function (PRF): If you want to use AES-GCM, you don't need an integrity algorithm, but you do need a pseudo random function.
See h... Florian K.
10:59 AM Bug #9308: Missing countries from list used on certificate pages: Fix works for me here, will re-test once it's in a snapshot. Jim Pingle
09:45 AM Bug #9308 (Feedback): Missing countries from list used on certificate pages: Applied in changeset commit:a2b80f4510faf81850c7d51ba6ed7aacf978433c. Renato Botelho
09:28 AM Bug #9308 (Resolved): Missing countries from list used on certificate pages: Country codes list used when creating CAs and certs is obtained from /etc/ca_countries instead of Country list from I... Renato Botelho

02/06/2019

07:13 PM Revision 7e8bfed2: Add back DNS over TLS host verification code. Fixes #8602: Requires Unbound 1.9.0_1 from pfsense/freebsd-ports, which fixes a bug
in Unbound 1.9.0 which did not fully implement... Jim Pingle
03:27 PM Bug #9307: Virtual Address Pool in Pre-Shared Keys is not used: Jim Pingle wrote:
> Probably a configuration issue or it isn't matching the identifier as expected. Post on the foru... Florian K.
03:27 PM Bug #9307: Virtual Address Pool in Pre-Shared Keys is not used: Additional observation:
- On the status page under "Leases", it shows both pools, but 192.168.7.0 is never used.
- ... Florian K.
02:40 PM Bug #9307 (Not a Bug): Virtual Address Pool in Pre-Shared Keys is not used: Probably a configuration issue or it isn't matching the identifier as expected. Post on the forum unless a specific b... Jim Pingle
02:35 PM Bug #9307 (Not a Bug): Virtual Address Pool in Pre-Shared Keys is not used: For most of my road warriors, I want to have different firewall rules than for e.g. me.
Therefore, I assigned a defa... Florian K.
01:26 PM Feature #8602: DNS over TLS host verification: The next build that includes unbound 1.9.0_1 and the changes referenced on this issue will be ready for testing. Usin... Jim Pingle
01:20 PM Feature #8602 (Feedback): DNS over TLS host verification: Applied in changeset commit:7e8bfed216304b37342a0800eb35ef7c29546f5d. Jim Pingle
01:09 PM Feature #8602: DNS over TLS host verification: Unbound 1.9.0 added support for verifying hosts on OpenSSL 1.0.2, but it still doesn't seem to work. Unbound 1.9.0 is... Jim Pingle
08:17 AM Bug #9306 (Duplicate): DNS Made Easy client on PPPoE interface not working: To recreate, setup a DNS Made Easy DDNS client on a DHCP WAN interface and confirm that it works. Then switch the int... Corey Boyle

02/05/2019

11:52 AM pfSense Docs Correction #9305 (Resolved): Feedback on Virtual LANs (VLANs) — pfSense VLAN Configuration: *Page:* https://www.netgate.com/docs/pfsense/book/vlan/pfsense-vlan-configuration.html
*Feedback:* In the section ... Alex Brothman

Also available in: Atom

Project

General

Profile

pfSense

Activity

Activity

03/06/2019

03/05/2019

03/04/2019

03/03/2019

03/02/2019

03/01/2019

02/28/2019

02/27/2019

02/26/2019

02/25/2019

02/24/2019

02/23/2019

02/22/2019

02/21/2019

02/20/2019

02/19/2019

02/18/2019

02/17/2019

02/16/2019

02/15/2019

02/14/2019

02/13/2019

02/12/2019

02/11/2019

02/10/2019

02/09/2019

02/08/2019

02/07/2019

02/06/2019

02/05/2019