Project

General

Profile

Activity

From 02/15/2019 to 03/16/2019

03/16/2019

11:19 PM pfSense Docs Correction #9404 (Resolved): Bring RCC install guides up to date
The following guides are in a broken state.
https://docs.netgate.com/platforms/rcc-2758/pfsense.html
https://docs... Anonymous
09:04 PM pfSense Packages Feature #9289: Snort enable react
Snort on pfSense currently runs in what is really IDS mode using libpcap. The "blocking" done by Snort uses a custom... Bill Meeks
03:43 PM pfSense Packages Bug #9403 (Resolved): Suricata - Checkbox 'Traffic Flows' enables logging for both logging formats
The checkbox 'Traffic Flows' in 'EVE Output Settings' now enables netflow and flow output. (net)flow logging is quite... Julian Wecke

03/15/2019

05:21 PM Bug #9402: Netgate "DNS over TLS with pfSense" Blog Post recommends configuration vulnerable to MITM attacks from self signed certificates
Jim, thanks for the quick response. You replied so quickly that I was late in adding that I hadn't actually verified ... Richard Yao
05:20 PM Bug #9402: Netgate "DNS over TLS with pfSense" Blog Post recommends configuration vulnerable to MITM attacks from self signed certificates
One more remark. While I cited that blog post, I haven't actually taken the time to verify that this protects against... Richard Yao
05:19 PM Bug #9402 (Duplicate): Netgate "DNS over TLS with pfSense" Blog Post recommends configuration vulnerable to MITM attacks from self signed certificates
That doesn't actually verify anything. It logs that it does, but doesn't fail validation if the host doesn't match.
... Jim Pingle
05:16 PM Bug #9402: Netgate "DNS over TLS with pfSense" Blog Post recommends configuration vulnerable to MITM attacks from self signed certificates
There is a typo in my original report. The post should say:
server:
tls-cert-bundle: /usr/local/share/certs/ca-ro... Richard Yao
05:13 PM Bug #9402 (Duplicate): Netgate "DNS over TLS with pfSense" Blog Post recommends configuration vulnerable to MITM attacks from self signed certificates
Users should be told to set these options in unbound:
server:
tls-cert-bundle: /usr/local/share/certs/ca-root-nss... Richard Yao
04:18 PM Bug #9401 (Resolved): 26 to 31 character VPN interface names cause gateway names to exceed 31 character limit
If you make an OpenVPN interface name with 26 to 31 characters (in my case, I made them with exactly 26 and 31 charac... Richard Yao
11:28 AM Bug #9384: devd putting "$" before variable contents when using single quotes
This also appears to affect rc.carpmaster (and rc.carpbackup), which is also run through pfSctl... Jim Pingle
10:25 AM Bug #9400 (Feedback): PHP scandir() error at boot
Applied in changeset commit:d36cf2c9444fe01a504c1f36bccb6999f0ec329a. Jim Pingle
10:15 AM Bug #9400 (Resolved): PHP scandir() error at boot
On current 2.5.0 snapshots, systems may see the following error at boot time:... Jim Pingle
10:19 AM pfSense Packages Feature #9399: pkg support for SSH + sudo authentication via LDAP
nss_ladp and LDAP-enabled sudo are both now present on 2.5.0 snapshots. Jim Pingle
08:08 AM Bug #9388 (Feedback): Update ntpd
4.2.8p13 imported to devel branch Renato Botelho

03/14/2019

03:45 PM pfSense Packages Feature #9399 (Feedback): pkg support for SSH + sudo authentication via LDAP
Applied in changeset pfsense:commit:7db5a396d398b010bfb70048881a6cec0577338f. Jim Pingle
03:36 PM pfSense Packages Feature #9399: pkg support for SSH + sudo authentication via LDAP
Considering we already build pam_ldap I'm not sure why nss_ldap was omitted, so I added it to the build list for 2.5.... Jim Pingle
12:15 PM pfSense Packages Feature #9399 (Resolved): pkg support for SSH + sudo authentication via LDAP
Hi Folks,
You have a very usable and user-friendly webUI configuration tool for setting up LDAP authorization for ... Mark Staudinger
02:52 PM Feature #4881: Allow NPt to use dynamic IPv6 networks
This will be required for most consumer internet providers that give dynamic IPv6 addresses.
Verizon FiOS just en... Joshua Diamant
09:58 AM Feature #8650 (Bogus): DynDNS Update via HTTPS
The dyndns.org updater has only used HTTPS for as long as it's been in pfSense.
Current code: https://github.com/p... Jim Pingle
09:18 AM Todo #7091 (Not a Bug): Write upgrade code to rename igb devices to em
It's not happening anymore
https://lists.freebsd.org/pipermail/freebsd-current/2017-January/064370.html Renato Botelho
09:12 AM Todo #7091: Write upgrade code to rename igb devices to em
Maybe note this in release notes before snapshots go live Michael Kellogg

03/13/2019

02:19 PM Bug #9366 (Resolved): "Illegal string offset" PHP errors
I haven't seen any of these for a while. The patch that suppressed them is back, and the most common ones are corrected. Jim Pingle
01:20 PM Todo #9386 (Feedback): Deprecate built-in relayd Load Balancer
Applied in changeset commit:586c623a943f59486a461c1af9873dd6cc11a3b3. Jim Pingle

03/12/2019

04:49 PM pfSense Packages Feature #9387: Update telegraf to 1.9.3 from ports
Sounds good, thanks. John Silva
03:11 PM pfSense Packages Feature #9387: Update telegraf to 1.9.3 from ports
1.9.0 is available on pfSense 2.5.0 snapshots (which are not yet public)
That is the most recent release in the 20... Jim Pingle
03:51 PM pfSense Docs Correction #9394 (Closed): Feedback on Services — DNS — Configuring the DNS Resolver
*Page:* https://docs.netgate.com/pfsense/en/latest/services/dns/resolver.html
*Feedback:*
Does not explain how ... Rick Schmitz
03:37 PM pfSense Packages Bug #9339: Misc typos in pfsense/FreeBSD-ports
PR Link: https://github.com/pfsense/FreeBSD-ports/pull/624 Jim Pingle
03:30 PM Bug #9359 (Feedback): diag_tables.php duplicate entries from webConfigurator lockout table
Applied in changeset commit:9146639e722b4d437d19b5ade1157ae01849a313. Jim Pingle
03:20 PM Bug #9359: diag_tables.php duplicate entries from webConfigurator lockout table
I can't reproduce this as stated, but I can see how it might happen since the variable is used without being initiali... Jim Pingle
03:09 PM pfSense Packages Feature #9389 (Closed): More frequent package repo updates needed
Sounds good on paper, but doesn't work in practice.
We can't automatically track a branch because a base system pa... Jim Pingle
03:07 PM Bug #9223: SSHGUARD doesn't work as expected
Joshua Sign wrote:
> As it could be very interresting to have sshguard blocking ip by services, i just worked on it.... Jim Pingle
03:05 PM Bug #9223 (Feedback): SSHGUARD doesn't work as expected
sshguard 2.3.1 is now present on 2.5.0 snapshots being tested. It has the extra GUI table code removed.
Associated... Jim Pingle
01:49 PM Bug #9223: SSHGUARD doesn't work as expected
I pushed a change to remove the cron job. Additional changes are coming shortly. Jim Pingle

03/11/2019

09:40 PM Feature #9393 (Resolved): Improved support for USB interfaces that may not always be present
Currently if you have a USB 4g modem or any other removable interface you need to manually delete it or otherwise you... Xhivat Hoxhiq
06:53 PM Bug #9390: diag_backup.php: Backup output generation failure with CSRF script tag inserted into XML

Two reports of success with the committed patch, for different issues as well:
https://forum.netgate.com/post/82... Jim Pingle
03:19 PM Bug #7020: <Hostname> is omitted when sending logs on syslog
Then that is where you need to direct your attention. Comment there and let the FreeBSD developers know that it's a p... Jim Pingle
03:04 PM Bug #7020: <Hostname> is omitted when sending logs on syslog
A bug is already opened upstream, see https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=194231 Daniel Berteaud
01:07 PM pfSense Packages Todo #9392 (Resolved): Status_Traffic_Totals needs updated for vnstat 2.0
In the FreeBSD ports repository, vnstat has been upgraded to vnstat 2.0 (from 1.15).
vnstat 2.0 does not appear to... Jim Pingle
10:25 AM Bug #9391 (Duplicate): Can't access Backup & Restore Page
Duplicate of #9316 -- already fixed in the repository, but there are no more 2.4.5 snapshots. Jim Pingle
10:17 AM Bug #9391 (Duplicate): Can't access Backup & Restore Page
pfSense Version: 2.4.5.a.20190213.0609
I cannot access the Backup & Restore page at all from GUI. instead i get er... ahmed k
01:40 AM pfSense Packages Bug #9322: telegraf "Additional configuration for Telegraf" lost configuration after reboot
additional issue: running configurations will ALSO be lost after sometime, you'll have to re-click SAVE in "PackageSe... mrco chen

03/10/2019

06:50 PM Bug #9390 (Feedback): diag_backup.php: Backup output generation failure with CSRF script tag inserted into XML
Applied in changeset commit:4015b03d4b184e546cb3590430fee6f9953ce23e. Jim Pingle
05:59 PM Bug #9390: diag_backup.php: Backup output generation failure with CSRF script tag inserted into XML
You're entitled to your opinion but I disagree. Output buffering can cause other issues with downloading other than t... Jim Pingle
05:54 PM Bug #9390: diag_backup.php: Backup output generation failure with CSRF script tag inserted into XML
Look at PR 4055: https://github.com/pfsense/pfsense/pull/4055 Sam Likins
05:52 PM Bug #9390: diag_backup.php: Backup output generation failure with CSRF script tag inserted into XML
That is a bad solution, performing unnecessary complexity, when turning off the flag prior to outputting the payload ... Sam Likins
05:47 PM Bug #9390: diag_backup.php: Backup output generation failure with CSRF script tag inserted into XML
That PR is the wrong fix.
I haven't been able to reproduce this here, but it appears to be due to output buffering... Jim Pingle
05:39 PM Bug #9390: diag_backup.php: Backup output generation failure with CSRF script tag inserted into XML
PR #4055 Created Sam Likins
05:35 PM Bug #9390: diag_backup.php: Backup output generation failure with CSRF script tag inserted into XML
I can't reproduce this.
[2.4.4-RELEASE-p2 (amd64)
built on Wed Dec 12 07:40:18 EST 2018
FreeBSD 11.2-RELEASE-p6... Anonymous
04:59 PM Bug #9390 (Resolved): diag_backup.php: Backup output generation failure with CSRF script tag inserted into XML
Since the last update (ie: *2.4.4_2*), backups fail to restore; previously generated backups will restore, but new ba... Sam Likins
06:41 PM Bug #7020: <Hostname> is omitted when sending logs on syslog
If it's a bug, it's a bug in FreeBSD -- we use their syslogd and that's how it behaves. The default behavior is to ge... Jim Pingle
05:37 PM Bug #7020: <Hostname> is omitted when sending logs on syslog
This is clearly a bug, as PfSense is not sending valid syslog messages. It also affects Graylog (3.0). We have to use... Daniel Berteaud
01:15 PM pfSense Packages Feature #9389 (Closed): More frequent package repo updates needed
I've been noticing that the release package repo lags far behind the quarterly ports tree releases and the official p... John Silva
01:01 PM Bug #9388 (Resolved): Update ntpd
Ran pkg audit new install of 2.4.4-p2:... Chris Macmahon
12:27 PM pfSense Packages Feature #9387 (Resolved): Update telegraf to 1.9.3 from ports
Telegraf port in pfsense (1.6.3) is substantially behind upstream FreeBSD ports tree (1.9.3). 1.9.3 has support for ... John Silva

03/09/2019

07:40 PM Bug #8987: Web GUI main page very slow to load if wan interface is enabled but not connected.
Looks like Pieter and I have come to the same conclusion (see comment 10), hopefully a fix isn't too far out. Tom Embt
02:50 PM Bug #8987: Web GUI main page very slow to load if wan interface is enabled but not connected.
Hmm, nice find Pieter!
Maybe we need a function like *haveWorkingDns()* that returns a bool if DNS is working, and... → luckman212
01:08 PM Bug #8987: Web GUI main page very slow to load if wan interface is enabled but not connected.
We had the same issue. It's a pfSense 2.4.4p2 installation in an air-gapped environment and has never touched the int... Pieter .

03/08/2019

09:34 AM pfSense Packages Bug #9368 (Feedback): ACME certificates cannot have more than ~35 SAN entries due to input variable limits
PR Merged Jim Pingle

03/07/2019

05:49 PM Bug #8987: Web GUI main page very slow to load if wan interface is enabled but not connected.
could you confirm that adding DNS entries can be a workaround ? (if you can try to do it for testing purpose)
How ma... Joshua Sign
01:20 PM Bug #8987: Web GUI main page very slow to load if wan interface is enabled but not connected.
This is affecting our company's setup as well. Static public IPs /29 (total 5 available IPs) with one hooked up with ... Jamie Donovan

03/06/2019

04:28 PM pfSense Packages Bug #9368: ACME certificates cannot have more than ~35 SAN entries due to input variable limits
Should be fixed with this: https://github.com/pfsense/FreeBSD-ports/pull/626
Or would that possibly cause sideeffect... Pi Ba
09:22 AM pfSense Packages Bug #9368 (Resolved): ACME certificates cannot have more than ~35 SAN entries due to input variable limits
The way that acme_certificates_edit.php submits data results in a failure to add more SAN entries due to input variab... Jim Pingle
03:05 PM Todo #9386 (Resolved): Deprecate built-in relayd Load Balancer
As of now, relayd does not function on FreeBSD 12 due to OpenSSL 1.1.x. The port is currently "marked BROKEN":https:/... Jim Pingle
02:07 PM Bug #9385 (Closed): OpenVPN logs a "Device busy" error when opening tap interfaces, but continues to function
On 2.5.0 snapshots, when openvpn starts up, it logs a "Device busy" error, but the error does not appear to harm func... Jim Pingle
02:04 PM Bug #9384 (Confirmed): devd putting "$" before variable contents when using single quotes
On 2.5.0 snapshots, when @check_reload_status@ logs a linkup event, the message contains a @$@ before the interface n... Jim Pingle
02:01 PM Bug #9383 (Resolved): dhcpleases kqueue error
On 2.5.0 snapshots when DHCP lease integration is enabled for the DNS Resolver, the following error is logged at boot... Jim Pingle
01:59 PM Bug #9382 (Resolved): SNMP Undefined symbol "pf_altq"
On 2.5.0 snapshots, bsnmpd logs an error message when the pf module is enabled:... Jim Pingle
12:35 PM pfSense Docs Correction #9381: FreeRadius 2.X package documentation and CaptivePortal associated documentation are mostly outdated
Github User, https://github.com/Frotty, commented:
Also perhaps see https://redmine.pfsense.org/issues/8251
I ha... Jared Dillard
12:34 PM pfSense Docs Correction #9381: FreeRadius 2.X package documentation and CaptivePortal associated documentation are mostly outdated
Jimp commented:
I think we've had some discussion about this in the past on the forum. Since we don't support havi... Jared Dillard
12:25 PM pfSense Docs Correction #9381 (Resolved): FreeRadius 2.X package documentation and CaptivePortal associated documentation are mostly outdated
*Github user:* https://github.com/Augustin-FL
*Feedback:*
The FreeRadius 2.X documentation, https://www.netgate... Jared Dillard
12:14 PM pfSense Docs Correction #9380 (Resolved): Feedback on Cache / Proxy — Tuning the Squid Package
*Page:* https://www.netgate.com/docs/pfsense/cache-proxy/squid-package-tuning.html#caching-windows-updates
*Github... Jared Dillard
12:10 PM pfSense Docs Correction #9379 (Resolved): Feedback on Interfaces — Using a Large Number of Interfaces
*Page:* https://docs.netgate.com/pfsense/en/latest/interfaces/index.html#limitations
*Github user:* https://github... Jared Dillard
12:07 PM pfSense Docs Correction #9378 (Closed): Feedback on Virtualization — Virtualizing pfSense with Proxmox
*Page:* https://docs.netgate.com/pfsense/en/latest/recipes/virtualize-proxmox.html
*Github user:* https://github.c... Jared Dillard
12:07 PM pfSense Packages Feature #6651: Loopback interfaces
Slava Bendersky wrote:
> Hello Everyone,
> I would like place request add ability manipulate loopback interfaces th... Slava Bendersky
12:06 PM pfSense Docs Correction #9377 (Rejected): log file format : missing igmp. <protocol-specific-data> ::= <tcp-data> | <udp-data> | <icmp-data> | <carp-data>
*Page:* https://docs.netgate.com/pfsense/en/latest/monitoring/logs/raw-filter-format.html
*Github user:* https://g... Jared Dillard
12:05 PM pfSense Docs Correction #9376 (Resolved): Feedback on System Monitoring — Filter Log Format for pfSense 2.2
*Page:* https://docs.netgate.com/pfsense/en/latest/monitoring/logs/raw-filter-format.html
*Github user:* https://g... Jared Dillard
12:01 PM pfSense Docs Correction #9375 (Resolved): Feedback on ACME - no info on how to use cron
*Page:* https://docs.netgate.com/pfsense/en/latest/packages/acme/index.html
*Github user:* https://github.com/yuri... Jared Dillard
11:57 AM pfSense Docs Todo #9374 (Resolved): Update Virtualizing pfSense with Hyper-V recipe with more recent information
*Page:* https://docs.netgate.com/pfsense/en/latest/recipes/virtualize-hyper-v.html
*Feedback:*
The Hyper-V tuto... Jared Dillard
11:55 AM pfSense Docs Correction #9373 (Closed): Feedback on Services — DNS — Configuring the DNS Resolver
*Page:* https://docs.netgate.com/pfsense/en/latest/services/dns/resolver.html
*Github user:* https://github.com/ja... Jared Dillard
11:53 AM pfSense Docs Correction #9372 (Resolved): Feedback on User Management — Configuring User Authentication Servers
*Page:* https://docs.netgate.com/pfsense/en/latest/usermanager/authentication-servers.html
*Github user:* https://... Jared Dillard
11:50 AM pfSense Docs Correction #9371 (Resolved): Feedback on Testing the FreeRADIUS Package
*Page:* https://docs.netgate.com/pfsense/en/latest/packages/freeradius-test.html
*Github user:* https://github.com... Jared Dillard
11:37 AM pfSense Docs Correction #9370 (In Progress): Update old screenshots
Here is a list of pages that need updated screenshots:
- [ ] https://docs.netgate.com/pfsense/en/latest/recipes/ip... Jared Dillard
11:32 AM pfSense Docs New Content #9369 (New): Document remaining packages
Create pages for the currently undocumented packages in the Package List, https://docs.netgate.com/pfsense/en/latest/... Jared Dillard

03/05/2019

04:10 PM Todo #9367 (Feedback): Update SMART Page with new capabilities
Applied in changeset commit:1d92575e36db5fd0b9bf2cc6a236dde32aba9239. Jim Pingle
04:01 PM Todo #9367 (Resolved): Update SMART Page with new capabilities
@smartctl@ is capable of showing a lot more information than the current page supports. Update it to show things like... Jim Pingle
02:00 PM Bug #8465: Lost default gateway after recover from failover with CARP VIP and HA
Hi all
The problem is still (or again) reproducable.
Best regards
Tom Tom Huerlimann
12:23 PM Bug #9366 (Resolved): "Illegal string offset" PHP errors
We have a patch that suppresses some "Illegal string offset" PHP errors but if the ones we can spot are easy to fix w... Jim Pingle
12:20 PM Bug #9365: Use of "continue" in switch statements can be ambiguous
Two more:... Jim Pingle
11:13 AM Bug #9365 (Closed): Use of "continue" in switch statements can be ambiguous
PHP 7.3 is tightening down on the use of @continue@ in switches. There are instances where the code meant to continue... Jim Pingle
09:08 AM pfSense Packages Bug #9364 (Resolved): squidguard int error page does not use https
Hello,
I'm running these versions on my system(s):
pfSense 2.4.4-RELEASE-p2
squid 0.4.44_7
squidguard 1.16.18_1... Florian Stichlberger

03/04/2019

07:22 AM pfSense Docs Correction #9363 (Closed): Source Tracking Table
That only appears if you have Sticky connections enabled, otherwise it's not relevant. Jim Pingle
07:18 AM pfSense Docs Correction #9363 (Closed): Source Tracking Table
Docs » pfSense » Book » System Monitoring » Firewall States » Reset State Table / Source Tracking Table
The book s... Anonymous

03/03/2019

04:18 AM Bug #9362 (Resolved): rc.dyndns.update: Cloudflare DDNS with proxy enabled doesn't work at all
When updating the DNS record via services_dyndns_edit.php it works normally, but when it tries to update it automatic... Nico Schneider

03/02/2019

12:05 PM Bug #9361: Cloudflare Not Allowing "*" Hostname Entry in Dynamic DNS
https://github.com/pfsense/pfsense/pull/4053
- hide wildcard and MX checkboxes since neither are used by the Cloud... Tom Embt
11:47 AM Bug #9361: Cloudflare Not Allowing "*" Hostname Entry in Dynamic DNS
My comments about Route53 on #9053 likely also apply to Cloudflare here. Assuming so, the solution would differ slig... Tom Embt
11:55 AM Bug #9074: Alias URL lists only storing last-most list in config.
Applied https://github.com/pfsense/pfsense/pull/4002/commits/f5c56bf8189d515af203c398f473c9b3adfff98b and https://git... Danilo Zrenjanin
05:37 AM Bug #9320: Outbound NAT and multiple IPSEC IPs for mobile warriors
Applied https://github.com/pfsense/pfsense/pull/4049/commits/8897cbce7fc410029ac367eeee7c12261fec896f via system_pat... Vladimir Lind

03/01/2019

07:06 PM Bug #9361 (Resolved): Cloudflare Not Allowing "*" Hostname Entry in Dynamic DNS
Cloudflare allows wildcard A records and the pfSense DDNS page has a wildcard checkbox (since 2.3?), but it will thro... Will Rutherford
02:23 PM Todo #9360 (Resolved): Switch to Python 3.x
Python 2.7.x is not long for this world, going EOL on "Jan 1, 2020":https://pythonclock.org/
We need to ensure the... Jim Pingle
09:38 AM Bug #9223: SSHGUARD doesn't work as expected
FYI
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20798
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CV... Joshua Sign

02/28/2019

07:52 PM Bug #5999: IPv6 IP Alias prevents Track Interface from working with DHCPv6 and RA
As far as I can tell there are too many assumptions placed on the order of the addresses on the interfaces.
There ... Chris Linstruth
10:15 AM pfSense Packages Todo #9354 (Feedback): Update OpenVPN Client Export with OpenVPN 2.4.7
The OpenVPN 2.4.7 Windows installer is included in OpenVPN Client Export Package version 1.4.18_3, which is available... Jim Pingle
10:03 AM Bug #9359 (Resolved): diag_tables.php duplicate entries from webConfigurator lockout table

Entries in the webConfigurator Lockout Table are always listed, whatever the table you select.
Possible fix shou... Joshua Sign
09:35 AM pfSense Packages Bug #8476 (Resolved): OpenVPN Client Export TLS Key Direction Directive Location
ovpn configuration file exported from:
2.4.5-DEVELOPMENT (amd64)
built on Wed Feb 13 06:09:38 EST 2019
FreeBSD 11.... Danilo Zrenjanin
06:10 AM Bug #9358 (Closed): Lost default gateway after recover from failover with CARP VIP and HA
The same issue #8465 is back on 2.4.4-RELEASE-p2 (amd64) built on Wed Dec 12 07:40:18 EST 2018. Tested with one WAN I... Christian Grunfeld

02/27/2019

02:55 PM Bug #8465: Lost default gateway after recover from failover with CARP VIP and HA
The same issue is back in 2.4.4-RELEASE-p2 (amd64) built on Wed Dec 12 07:40:18 EST 2018. Tested with one WAN IP (/30... Christian Grunfeld
10:00 AM Bug #9357: rc.newwanipv6 called regardless of REASON
We probably need something like a "copy" of /usr/local/sbin/pfSense-dhclient-script here, just for IPv6 Flole Systems
09:56 AM Bug #9357 (Closed): rc.newwanipv6 called regardless of REASON
The dhcp6c_wan_script.sh does not honor the REASON-Variable set by the dhcp6c process. Even though it is RENEW and th... Flole Systems
07:31 AM Todo #9356 (Closed): Find optimal default for net.pf.request_maxcount
FreeBSD 12 introduced a new sysctl, @net.pf.request_maxcount@, which must be set in loader.conf (or loader.conf.local... Jim Pingle

02/26/2019

10:57 AM pfSense Packages Bug #9355 (Bogus): Telegraf Package - https for InfluxDB Server
Setup Telegraf to send stats to InfluxDB
When trying https:// in url no stats until http:// used.
Would prefer to... Erin O'Meara
08:43 AM pfSense Packages Todo #9354 (Resolved): Update OpenVPN Client Export with OpenVPN 2.4.7
OpenVPN 2.4.7 released last week, needs updated in the OpenVPN client export package: https://openvpn.net/community-d... Jim Pingle
08:35 AM pfSense Packages Bug #9345 (Resolved): Quagga Ospf MD5 interface password truncated to 15 characters
Jim Pingle
12:05 AM pfSense Packages Bug #9345: Quagga Ospf MD5 interface password truncated to 15 characters
Tested for FRR OSPF (version 0.2_7). Thank you for the quick fix. Henning Rogge

02/25/2019

04:15 PM Bug #9353 (New): PHPSession errors from limited access to dashboard and widgets
If you login with a user who has privilege 'WebCfg - System: Login / Logout / Dashboard' and you have widgets on the ... Steve Wheeler
04:04 PM pfSense Packages Bug #9352 (Resolved): Duplicate default views in Status Monitoring that can't be removed.
Ended up with multiple "Default" views under status monitoring that could not be removed. When attempting to create a... Mike A
03:15 PM Bug #9351: need option for repeated DHCP retries
the cable modem (Arris/Moto SB6183) has no ip, its a bridge, the gateway is somewhere at my ISP. the modem stays al... John Pierce
02:59 PM Bug #9351: need option for repeated DHCP retries
"propose you add an option to keep retrying DHCP renews on the WAN when the gateway becomes inaccessible." - Based on... Anonymous
02:41 PM Bug #9351 (Duplicate): need option for repeated DHCP retries
every time my cable company has an outage of more than a few minutes, pfsense ends up with no IP address on WAN, and ... John Pierce
02:26 PM Bug #6876 (Resolved): Firewall alias issue after adding a wrong alias
Anonymous

02/23/2019

11:41 AM pfSense Packages Bug #9350 (Resolved): not appear proxy config
This problem is observed when using "squid" and "squidguard" packages together. If you enter values in the "blacklist... Yuran Yastreb
11:24 AM Bug #9349: IPSec service start/stop/restart fails after settings change
Hi.
I mixed the logs (stop/restart) but the problem is the same and I understand your explanation. Nevertheless th... Markus Stockhausen
08:14 AM Bug #9349: IPSec service start/stop/restart fails after settings change
The mode on that says "stop", not restart.
Try a different browser, you may see a more informative error message.
... Jim Pingle
07:58 AM Bug #9349: IPSec service start/stop/restart fails after settings change
Hi Jim,
I do not think so. I captured the network traffic in the browser and can see the following request being s... Markus Stockhausen
07:50 AM Bug #9349: IPSec service start/stop/restart fails after settings change
This is most likely because your browser is refusing to refresh the page to update the controls because it would invo... Jim Pingle
07:17 AM Bug #9349 (Confirmed): IPSec service start/stop/restart fails after settings change
There seems to be some weird behaviour when changing things on the advance IPsec servie settings tab. As soon as you ... Markus Stockhausen

02/22/2019

12:08 PM pfSense Packages Bug #9348 (New): Results of Acme certificate issuance/renewal are not properly formatted
The results of an Acme certificate issuance/renewal aren't properly formatted. Even when there are no errors the resu... Isaac McDonald
11:21 AM pfSense Packages Bug #9347: Domain SAN list displays "Key Algorithm: HMAC-MD5, API Endpoint: portal.nexcess.net"
This happens because those options have drop-down selectors without a 'none' option (since it's required for their re... Jim Pingle
11:08 AM pfSense Packages Bug #9347 (Resolved): Domain SAN list displays "Key Algorithm: HMAC-MD5, API Endpoint: portal.nexcess.net"
The domain SAN list displays "Key Algorithm: HMAC-MD5, API Endpoint: portal.nexcess.net" regardless of the update met... Isaac McDonald
07:32 AM Bug #9344: OpenVPN click NCP Algorithms will always go to DH Parameters website(in Chinese-Taiwan)
There is a @</a>@ in the code, see source:src/usr/local/www/vpn_openvpn_server.php#L862 -- but it's run through @spri... Jim Pingle
12:29 AM Bug #9344: OpenVPN click NCP Algorithms will always go to DH Parameters website(in Chinese-Taiwan)
I found the problem.
HTML
請參閱〈a href="https://doc.pfsense.org/index.php/DH_Parameters"〉維基百科文章。
it's should add... Roll Stone
07:22 AM pfSense Packages Bug #9345 (Feedback): Quagga Ospf MD5 interface password truncated to 15 characters
Fix pushed. Will be available once the packages rebuild. Jim Pingle
07:20 AM pfSense Packages Bug #9345 (In Progress): Quagga Ospf MD5 interface password truncated to 15 characters
The code in the quagga was cutting it down to 15 characters, and that code was copied to FRR. Easy fix, will be up sh... Jim Pingle
02:03 AM pfSense Packages Bug #9345: Quagga Ospf MD5 interface password truncated to 15 characters
The same seems to be true for the FRR Ospfd package. Henning Rogge
01:40 AM pfSense Packages Bug #9345 (Resolved): Quagga Ospf MD5 interface password truncated to 15 characters
I am working with the quagga_ospf package for pfsense and noticed that the Web-GUI seems to cut of MD5 password strin... Henning Rogge
07:11 AM Bug #9346 (Not a Bug): Problem Check_MK port 6556
Issues on this tracker must be reported in English only.
Running the text through a translator, it looks like a su... Jim Pingle
04:38 AM Bug #9346 (Not a Bug): Problem Check_MK port 6556
Hallo,
habe check_mk seit vielen Jahren im Einsatz, läuft zu 100%.
Nun beim Kunden eine neue SG-3100 aufgestellt,... Richard Kohn
03:48 AM Bug #9338: igmpproxy ignoring downstream vlan interface
And it also ignores IGMPs from GRE interfaces:... Daniel Kucera

02/21/2019

09:24 PM Bug #9344 (New): OpenVPN click NCP Algorithms will always go to DH Parameters website(in Chinese-Taiwan)
OS:2.4.4-RELEASE-p2
When I using Chinese-Taiwan language.
And edit OpenVPN settings.
When click NCP Algorithms... Roll Stone
07:01 PM pfSense Packages Bug #9211: GeoIP broken in pfSense-pkg-ntopng-0.8.13_3
Any ETA on this please?
 B D
01:07 PM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries
I've also ruled out some other possibilities below -
Not the issue:
https://docs.netgate.com/pfsense/en/latest/fi... Eduard Rozenberg
12:14 PM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries
I can confirm my issue is the same as described by the other posters on this bug.
Logs show that filterdns claims ... Eduard Rozenberg
12:42 PM pfSense Packages Bug #9340: Buypass CA does not support wildcard
At Let's encrypt:
acme1: https://acme-staging.api.letsencrypt.org/directory
acme2: https://acme-staging-v02.api.let... Idar Lund
02:07 AM Bug #8463: Performance Regression in 2.4.3 under KVM
In the end I moved to FQ_CODEL so this ticket, while probably still an issue, can be closed. Anonymous
01:41 AM Bug #9343: diag_arp.php times out with large DHCPD leases table
I'm seeing slow or timed out page loads on systems with 10,000+ leases in the dhcpd file, 3.3mb+ in size. I'd review... Anthony Hernandez
01:38 AM Bug #9343 (New): diag_arp.php times out with large DHCPD leases table
the diag_arp.php file is reading and parsing the full dhcpd file for many items that it doesn't use or need.
 Anthony Hernandez

02/20/2019

08:24 PM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries
Shortly after I posted my problem above 20 days ago, it started working again on its own.
Then today, it is again ... Eduard Rozenberg
07:09 PM Bug #9342 (Not a Bug): SSH To Public IP Of pfSense Router Bricks Firewall Until Restart On XG-7100
Either a forum thread or open a support case at https://go.netgate.com -- It's definitely not typical, I ssh to the W... Jim Pingle
05:50 PM Bug #9342: SSH To Public IP Of pfSense Router Bricks Firewall Until Restart On XG-7100
@Tim:
Alright thanks for the response, sorry for clogging up your bug system! Alex Trottier
05:32 PM Bug #9342: SSH To Public IP Of pfSense Router Bricks Firewall Until Restart On XG-7100
I would suggest moving this to the forums. This certainly isn't a common/reproducible bug otherwise we'd all be stuf... Anonymous
05:15 PM Bug #9342: SSH To Public IP Of pfSense Router Bricks Firewall Until Restart On XG-7100
To clarify what I mean by brick is that all network related functionality seems to cease, my openvpn connection goes ... Alex Trottier
05:08 PM Bug #9342 (Not a Bug): SSH To Public IP Of pfSense Router Bricks Firewall Until Restart On XG-7100
Coreboot version: ADI_PLCC-01.00.00.10
pfSense version: 2.4.4-RELEASE-p2
Issue:
While doing some pen-testing o... Alex Trottier
02:19 PM Feature #9341 (Resolved): Support DNS Made Easy authentication without a username
Currently, pfSense's help says that the username field should hold the "Dynamic DNS ID" (the same as the hostname), w... Matthew Fearnley
09:27 AM pfSense Packages Bug #9340: Buypass CA does not support wildcard
We can remove the "ACME v2" label from Buypass but the error message you quote doesn't appear to come from this packa... Jim Pingle
09:21 AM pfSense Packages Bug #9340 (Resolved): Buypass CA does not support wildcard
The BuyPass server is listed as "acmev2":
BuyPass Production ACME v2 (Applies rate limits to certificate requests)
... Idar Lund

02/19/2019

09:33 PM pfSense Packages Bug #9339 (Resolved): Misc typos in pfsense/FreeBSD-ports
I'm not entirely sure where this belongs, but I wanted to point out a cross-post of mine for fixing some typos in the... Bryan Stenson
02:18 PM pfSense Packages Bug #9322: telegraf "Additional configuration for Telegraf" lost configuration after reboot
I can confirm the same issue. Aaron Morris
09:20 AM Bug #1943: PPPoE won't reconnect after link loss when using vr(4) NICs on certain ISPs only
Seems the bug is still present in 2.4.4 (running on SG-2220).
We got a wan interruption (they cut the cable while do... Max Power
07:00 AM Bug #9338 (New): igmpproxy ignoring downstream vlan interface
Hi,
following config doesn't accept any IGMP joins on VLAN 13 interface:... Daniel Kucera

02/18/2019

05:26 PM pfSense Packages Bug #8329 (Closed): Cellular Package Change link to symlink
PR looks like it was merged Jared Dillard
02:41 PM pfSense Packages Bug #9318 (Resolved): Acme - standalone validation takes long time to start internal server
Should be fixed in the ACME pkg update I just pushed, 0.5.4 Jim Pingle
07:28 AM pfSense Packages Bug #9318: Acme - standalone validation takes long time to start internal server
Fixed: https://github.com/Neilpang/acme.sh/commit/97147b594b185786ef1d69ce0d85b70a91f0ccc9
:) Greg M
11:49 AM Feature #9336: Make Dynamic DNS update notification e-mail optional
Jim Pingle wrote:
> Many do, but they don't necessarily change every day. But usually if someone has dynamic DNS the... Sven L
11:39 AM Feature #9336: Make Dynamic DNS update notification e-mail optional
Many do, but they don't necessarily change every day. But usually if someone has dynamic DNS they want to know that i... Jim Pingle
11:37 AM Feature #9336: Make Dynamic DNS update notification e-mail optional
Jim Pingle wrote:
> And you are wrong about what the majority of users wants. We've had numerous requests over the y... Sven L
10:59 AM Feature #9336: Make Dynamic DNS update notification e-mail optional
Blocking on the server side is possible for many (e.g. sieve on self-hosted servers, gmail filtering, etc). Most mail... Jim Pingle
10:52 AM Feature #9336: Make Dynamic DNS update notification e-mail optional
Jim Pingle wrote:
> Removed "useless" from the subject and reworded.
>
> You could also filter this easily on you... Sven L
10:26 AM Feature #9336: Make Dynamic DNS update notification e-mail optional
Removed "useless" from the subject and reworded.
You may not want it, that does not make it useless. There are man... Jim Pingle
10:18 AM Feature #9336 (New): Make Dynamic DNS update notification e-mail optional
I'd like to keep pfsense email notifications enabled, unfortunately we have a dynamic ip that changes every day and w... Sven L
10:40 AM pfSense Packages Bug #9337 (Closed): Telegraf ping input fails
The telegraf ping input does not work correctly as it appears to use Linux specific command line parameters for the p... Aaron Morris
10:19 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries
I've just downgraded a test-machine to 2.4.4 release, and that works fine. Keeping it there for a while. Robert Gijsen
07:52 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries
2.4.4-RELEASE-p2, I've had this multiple times. At the moment I can even sort of reproduce it.
When adding hosts to ... Robert Gijsen
09:42 AM Bug #7425: dhclient not sending option 77
That is exactly what the GUI option will put into the config but you have to ensure:
1. That you check the "Enable... Jim Pingle
09:35 AM pfSense Packages Bug #9335 (Feedback): Stored XSS in HAProxy / haproxy_listeners_edit.php
fix committed in haproxy pkg v 0.59_16 and haproxy-devel pkg v 0.59_17
* https://github.com/pfsense/FreeBSD-ports/... Jim Pingle
09:19 AM pfSense Packages Bug #9335 (Feedback): Stored XSS in HAProxy / haproxy_listeners_edit.php
There is a stored XSS on haproxy_listeners.php via parameters submitted on haproxy_listeners_edit.php:
The followi... Jim Pingle
07:55 AM Bug #9325: problem with flexible limiter in multiWAN environment
EDIT:
I found a workaround, i.e. I've set up floating rules (direction = in; attached to LAN interfaces; GW = GW1 fo... Adam Lewandowski
07:25 AM Bug #8758: filterdns stops working on a regular basis.
This is a closed/resolved issue. If you have problems with filterdns, they are likely already covered by #9296 -- add... Jim Pingle
07:21 AM Bug #8758: filterdns stops working on a regular basis.
2.4.4-RELEASE-p2, I've had this multiple times. At the moment I can even sort of reproduce it.
When adding hosts to ... Robert Gijsen
06:42 AM Bug #7958: Upgrade 2.4.0: IP alias with FQDN doesn't work any more
filterdns has been rewritten since this bug report. If there is an issue now, it is likely covered by #9296 Jim Pingle
03:43 AM Bug #7958: Upgrade 2.4.0: IP alias with FQDN doesn't work any more
We're running 2.4.4-RELEASE-p2 (amd64), but the issue is still there for us. Over the last two weeks I've had two occ... Robert Gijsen
06:40 AM Bug #9328 (Not a Bug): Static routes set by system.inc for DNS gateway bindings are not binded on the good NICs
Doesn't matter what you choose for the interface, overlapping subnets and duplicate gateways are not supported. Jim Pingle
02:54 AM Bug #9328: Static routes set by system.inc for DNS gateway bindings are not binded on the good NICs
Hello,
I discovered that this behaviour was related to the current settings, with 2 gateways on the same subnet, s... Alexandre Anriot

02/17/2019

10:23 PM Bug #9334 (Resolved): bogus dialogue on Limiter deletion
When deleting the last row of the Limiter config - an error "The last row may not be deleted." appears.
Clicking O... David Burns
10:10 PM Bug #9333: limiters still active when marked inactive
When any Limiter(s) is updated /tmp/rule.limiter is regenerated on Apply Changes.
Why doesn't a Diagnostics / Stat... David Burns
09:10 PM Bug #9333: limiters still active when marked inactive
If there are no connections it isn't "active" -- It may be in the list, but if nothing is using it, then it isn't "ac... Jim Pingle
09:08 PM Bug #9333: limiters still active when marked inactive
Thanks Jim
There were no active connections.
Regardless as per your suggestion I nuked the state table yet the... David Burns
08:54 PM Bug #9333 (Not a Bug): limiters still active when marked inactive
After making any change to limiters you must reset the state table, or old connections could still be active on the o... Jim Pingle
08:43 PM Bug #9333 (Not a Bug): limiters still active when marked inactive
Summary
Using limiters for network testing - it appears that modifying config of limiters so that they are inactive ... David Burns
04:07 AM Bug #9331: Parallel Rekey fails for multiple Child SAs
Thanks for the feedback about the pull request. I deleted the old one and added the sustained solution.
https://gi... Markus Stockhausen

02/16/2019

04:40 PM Bug #9332 (Not a Bug): PHP Fatal error: Allowed memory size of 536870912 bytes exhausted
Not really an error we can fix there. A command or bit of code run manually on that page used too much memory. Jim Pingle
04:20 PM Bug #9332 (Not a Bug): PHP Fatal error: Allowed memory size of 536870912 bytes exhausted
I have a Netgate XG-7100 at home and I noticed this php memory allocation error.
amd64
11.2-RELEASE-p6
FreeBSD ... Ken Vizena
12:54 PM Bug #9331: Parallel Rekey fails for multiple Child SAs
Pull request added https://github.com/pfsense/pfsense/pull/4051 Markus Stockhausen
12:40 PM Bug #9331 (Resolved): Parallel Rekey fails for multiple Child SAs
We are running a IKEv1 VPN connection towards a Watchguard firewall cluster. It has 10 Tunnel definitions. Whenever t... Markus Stockhausen
10:29 AM Feature #9330 (Closed): Failover automatically invokes Failback
Possible to request that the ability to automatically Failback post restoration of Primary is roadmapped or catered f... pat campbell

02/15/2019

09:58 AM Bug #9328 (Not a Bug): Static routes set by system.inc for DNS gateway bindings are not binded on the good NICs
Hello,
We are running a POC with 2 WAN gateways which use their own DNS servers on a per-FAI basis.
The 2 gatew... Alexandre Anriot
09:04 AM Bug #9264 (Resolved): Disabling "IPv6 over IPv4 Tunneling" breaks config
Tested on:
2.4.5-DEVELOPMENT (amd64)
built on Wed Feb 13 06:09:38 EST 2019
FreeBSD 11.2-RELEASE-p8
No warnin... Danilo Zrenjanin
08:47 AM Bug #9327: Using the character "¤" in OpenVPN password field creates invalid config.xml
It happens because that password field is not CDATA escaped or encoded with base64 in config.xml -- The character you... Jim Pingle
03:22 AM Bug #9327 (Resolved): Using the character "¤" in OpenVPN password field creates invalid config.xml
Hi!
Maybe you guys want to know about this one. First post for me to this bugtracker. Hope I'm doing things right he... Mikael Östergren
07:23 AM Bug #9004: Default gateway IPv4 set to a group fails after restart on 2.4.4
Renato Botelho wrote:
> PR has been merged, thanks
Thanks! Tiago Alves da Silva
07:23 AM Bug #9004: Default gateway IPv4 set to a group fails after restart on 2.4.4
Doesn't work on 2.4.4, but on 2.4.4-P1 is fine. Tiago Alves da Silva
 

Also available in: Atom