pfSense

03/24/2019

02:30 PM Bug #9429 (Rejected): When enabling https access to WebConfigurator

Running pfSense dev 2.5.0.a.20190322.1846 release (though issue is not new).
When I enable https for "System -> Ad... P L

12:31 PM Bug #6880: Multiple DHCP6 WAN connections leads to multiple dhcp6c clients

What's the status here? I'm waiting for the fix, too.
Jim Pingle wrote:
> Changing the dhcp6c process to use a si... Holger Glemser

04:50 AM Bug #9428 (Resolved): Unable to access "System: Authentication servers" if "WebCfg - System: User Password Manager" is set

Hello,
It seems that defining permission _page-system-usermanager-passwordmg_ completely blocks users from accessi... A FL

04:25 AM Feature #1455: Voucher manager only user

This issue can be closed.
As doktornotor said, it's been here since a while. A FL

03/23/2019

07:36 PM Bug #9427: OpenVPN Server Local User Auth fails

Windows, iOS, and macOS clients also show the same behavior when trying to login. Mohamed Eltantawi

07:27 PM Bug #9427 (Duplicate): OpenVPN Server Local User Auth fails

Just did a clean install of the latest pfSense-CE-2.5.0-DEVELOPMENT-amd64-20190322-1846.iso
Restored a backup config... Mohamed Eltantawi

07:05 AM Feature #9426 (Resolved): Show PPP uptime on the Dashboard - Interfaces Widget

This is similar to Feature #6032, only for PPP interfaces.
The interfaces widget should show the uptime for PPP inte... Peter Feichtinger

06:44 AM pfSense Packages Bug #9425 (Not a Bug): DHCP Leases don't show in GUI - Status/DHCP Leases

My setup has 3 WAN & 3 LAN segments (Green,WiFi & DMZ). All three LAN networks have both statically assigned IPs, as ... Sanjay Arora

03/22/2019

11:52 PM pfSense Packages Bug #9424 (Resolved): arpwatch package logs CARP MAC address changes

arpwatch on interfaces using CARP logs ethernet mismatch errors like these:... Art Manion

11:15 PM Feature #9423: MTR Port

I just tried it now, but that package has no options to configure any cmd line arguments...
Running mtr -w -c... BBcan177 .

11:01 PM Feature #9423 (Closed): MTR Port

mtr is already available as a package for those that want it, as mtr-nox11 Jim Pingle

10:57 PM Feature #9423 (Closed): MTR Port

Came across this post today:
https://lists.dns-oarc.net/pipermail/dns-operations/2019-March/018493.html
Using t... BBcan177 .

09:23 PM Feature #9422 (Rejected): Show actual configuration snippet on bottom of configuration pages (with ability to edit manually)

That is completely unrealistic. It would require an insane amount of effort for very little benefit. Jim Pingle

09:15 PM Feature #9422 (Rejected): Show actual configuration snippet on bottom of configuration pages (with ability to edit manually)

I believe I have seen this in another project (NAS4Free).
The idea is that at the bottom of a configuration page t... P L

03:21 PM Revision 6765f83a: Use new/stronger openssl options for crypt_data(). Fixes #9421

Retry with legacy options if new options fail, so we can still
read old style data from previous encryption runs (e.g... Jim Pingle

01:25 PM Revision 0939f37f: Update openssl syntax for crypt_data(). Fixes #9420

Jim Pingle

10:43 AM Bug #9410 (Resolved): Package install fails to run from GUI

This seems solved now. On the latest snapshot I can install packages without any issues. Jim Pingle

10:30 AM Bug #9421 (Feedback): crypt_data() needs to support stronger key derivation

Applied in changeset commit:6765f83ae75ee99141b2cd68c6e5134a51536e09. Jim Pingle

10:24 AM Bug #9421: crypt_data() needs to support stronger key derivation

Updated subject to match actual underlying issue. Fix inbound. Jim Pingle

09:59 AM Bug #9421 (In Progress): crypt_data() needs to support stronger key derivation

Jim Pingle

08:41 AM Bug #9421: crypt_data() needs to support stronger key derivation

This appears to be from crypt_data(), similar to #9420, so still a syntax issue remaining there.
If you run some d... Jim Pingle

08:37 AM Bug #9421 (Resolved): crypt_data() needs to support stronger key derivation

On 2.5.0 snapshots, if ACB is enabled, the following error is printed in the package install output when it writes co... Jim Pingle

08:35 AM Bug #9420 (Feedback): crypt_data() uses deprecated openssl syntax for passphrase

Applied in changeset commit:0939f37f1b6d2fae5fde6c1b1e7baa7a6c2e86e8. Jim Pingle

08:19 AM Bug #9420 (Resolved): crypt_data() uses deprecated openssl syntax for passphrase

According to https://wiki.openssl.org/index.php/Enc the current syntax used by @crypt_data()@ uses the deprecated @-k... Jim Pingle

03/21/2019

08:40 PM pfSense Packages Bug #9403: Suricata - Checkbox 'Traffic Flows' enables logging for both logging formats

This is fixed in the latest 4.1.3 version of the Suricata package that -is currently posted for review and merge into... Bill Meeks

07:40 PM Bug #9419 (Duplicate): Viewing logs at "Status -> System Logs -> Firewall -> Normal View" broken

Almost certainly a duplicate of #9411 and/or #9415
Logs are working fine on the latest snapshot. Once an entry is ... Jim Pingle

06:55 PM Bug #9419 (Duplicate): Viewing logs at "Status -> System Logs -> Firewall -> Normal View" broken

I updated to the most recent pfSense dev release earlier today. Afterwards, it reported that there are no log entrie... P L

07:31 PM Feature #9418 (Rejected): Three update channels: stable, dev, "more or less stable but still dev"

That would take lots more resources that aren't available. It's a lot of work for developers to pick changes all over... Jim Pingle

04:26 PM Feature #9418 (Rejected): Three update channels: stable, dev, "more or less stable but still dev"

On a number of occasions, I have updated my dev release to find rather serious bugs that are a show stopper.
Yes, ... P L

07:17 PM Revision 996a1ad9: LDAP TLS option update. Implements #9417

Jim Pingle

06:27 PM Bug #9410: Package install fails to run from GUI

Bill Meeks wrote:
> P Law wrote:
> > Update: I am able to delete Suricata but not add (it back again). I am now wi... P L

04:41 PM Bug #9410: Package install fails to run from GUI

P Law wrote:
> Update: I am able to delete Suricata but not add (it back again). I am now without Suricata.
>
> ... Bill Meeks

04:35 PM Bug #9410: Package install fails to run from GUI

Update: I am able to delete Suricata but not add (it back again). I am now without Suricata.
How do I get this fi... P L

04:28 PM Bug #9410: Package install fails to run from GUI

P Law wrote:
> I am unable to reinstall Suricata on pfSense latest 2.5.0.a.20190321.0930 . (Suricata warns, "The fo... Renato Botelho

04:13 PM Bug #9410: Package install fails to run from GUI

I am unable to reinstall Suricata on pfSense latest 2.5.0.a.20190321.0930 . (Suricata warns, "The following input er... P L

03:25 PM Bug #9410: Package install fails to run from GUI

Never mind. My mistake. Your update did fix it. I had inserted some debugging "echo" statements and noted that the... Bill Meeks

01:01 PM Bug #9410: Package install fails to run from GUI

Bill Meeks wrote:
> Renato:
> Your fix still does not work. The problem appears to be with the argument "%d" in th... Renato Botelho

11:14 AM Bug #9410: Package install fails to run from GUI

Renato:
Your fix still does not work. The problem appears to be with the argument "%d" in the __pkg rquery_ command... Bill Meeks

10:56 AM Bug #9410 (Feedback): Package install fails to run from GUI

Thanks Bill. I've pushed a fix. Renato Botelho

09:55 AM Bug #9410: Package install fails to run from GUI

I think I found where the problem is with this. It seems to be within the _pfsense-upgrade_ shell script in */usr/li... Bill Meeks

02:44 PM Revision 7671193b: Use the same regex used in parse_firewall_log_line().

No functional changes. Luiz Souza

02:25 PM Todo #9417 (Feedback): Convert LDAP TLS setup from environment to LDAP_OPT_X_TLS_* set options

Applied in changeset commit:996a1ad90e5682bf881bafd8b75d1b1a7e3f7831. Jim Pingle

01:42 PM Todo #9417 (Resolved): Convert LDAP TLS setup from environment to LDAP_OPT_X_TLS_* set options

PHP 7.1 "added support":http://php.net/manual/en/migration71.constants.php for configuring the "LDAP CA/Cert environm... Jim Pingle

01:38 PM Feature #8698: LDAP authenticated users should be able to log in via ssh

After #9399 this is one step closer. Jim Pingle

01:37 PM Feature #6855 (Resolved): Support STARTTLS in LDAP Server Configuration

This was PR https://github.com/pfsense/pfsense/pull/3240 and was merged years ago. Jim Pingle

01:32 PM Bug #8690 (Closed): PHP unable to init zend modules 2017 vs 2013

Fixed long ago. Jim Pingle

01:31 PM pfSense Packages Bug #8795 (Closed): PHP issues - illegal string; undef modules; init modules

Fixed long ago. Jim Pingle

11:23 AM Bug #9416: 2.5 Snapshot upgrade crashes on boot. AMD Ryzen platform.

Thanks for the answer, just FYI the board is on the latest UEFI from earlier this month. Ill give stock FreeBSD a test. Chris Sutcliff

11:14 AM Bug #9416: 2.5 Snapshot upgrade crashes on boot. AMD Ryzen platform.

That appears to be fairly low-level in FreeBSD, not likely something we can do anything about for that platform. It d... Jim Pingle

11:06 AM Bug #9416 (Closed): 2.5 Snapshot upgrade crashes on boot. AMD Ryzen platform.

Hi,
I wanted to test out the current snapshots on my AMD Ryzen based platform, mainly to see if the CPU temperatur... Chris Sutcliff

11:19 AM pfSense Docs Correction #9404: Bring RCC install guides up to date

Confirmed the guides are updated. Looks great, thanks Jim! Anonymous

11:17 AM pfSense Docs Correction #9404 (Resolved): Bring RCC install guides up to date

Those all pull from the same shared resource guide. It's updated now. Jim Pingle

10:28 AM Bug #9365: Use of "continue" in switch statements can be ambiguous

I just pushed a fix for the lcdproc errors. Looks like those @continue@ statements were unnecessary and could be remo... Jim Pingle

10:17 AM Bug #9415 (Resolved): Firewall log is empty in the GUI

Tested firewall logs on a variety of platforms, works everywhere now. Jim Pingle

10:16 AM Bug #9411 (Resolved): Firewall log does not contain valid entries

This looks good now. I tested on a variety of platforms, both CE and factory, amd64, SG-1000, SG-3100, SG-5100, and m... Jim Pingle

09:48 AM Bug #9382 (Resolved): SNMP Undefined symbol "pf_altq"

Looks good now, I no longer see that error in the system log when (re)starting SNMP Jim Pingle

03:48 AM Bug #9192: PPPoE daemon selects wrong interface

Confirmed on 2.4.4-p2, when using a pppoe connection, with an isp who supports native ipv4 and ipv6, multiple times p... James Tandy

03/20/2019

08:19 PM Revision af85efec: Fix empty log files in the GUI. Fixes #9415

Two ways they were empty that I found:
* filterlog log entries now have a pid after the process
* CARP/VRRP entries d... Jim Pingle

03:30 PM Bug #9415 (Feedback): Firewall log is empty in the GUI

Applied in changeset commit:af85efec3afa12c7b623d0f32ca4ed8f5797d903. Jim Pingle

12:54 PM Bug #9415 (Resolved): Firewall log is empty in the GUI

On SG-3100 (and likely others), the GUI firewall log is empty. The contents of /var/log/filter.log appear correct, bu... Jim Pingle

12:56 PM Bug #9382 (Feedback): SNMP Undefined symbol "pf_altq"

Fixed.
Please test with the next snapshot. Luiz Souza

12:23 PM Bug #9411 (In Progress): Firewall log does not contain valid entries

Luiz Souza

09:50 AM Feature #3652: OpenVPN - Dynamic IPv6 Tunnel Network

such a feature would be great! Thomas Holuba

03/19/2019

08:04 PM Bug #9414 (Resolved): Hardware with Intel 82583V interface such as some Watchguard equipment fail to load interface

Per the post https://forum.netgate.com/topic/141709/nics-not-detected-on-watchguard-xcs-call-this-solved
The Int... Chris Palmer

05:50 PM Revision f30da999: Fix CA/Cert search description. Issue #9412

Jim Pingle

02:53 PM Bug #9413 (Resolved): VLAN driver missing ALTQ support

The VLAN driver on 2.5.0 is missing ALTQ support... Jim Pingle

02:21 PM Bug #9365: Use of "continue" in switch statements can be ambiguous

Seeing in lcdproc too. Seems to be working OK though.... Steve Wheeler

01:25 PM Revision dd4fb72c: Fix bonus closing tag. Issue #9412

Jim Pingle

09:07 AM Bug #9411: Firewall log does not contain valid entries

Luiz offered to look at this Jim Pingle

03/18/2019

08:53 PM Revision 14973058: Add sorting and search to CA/Certs. Implements #9412

Jim Pingle

04:47 PM Revision 0d82f93b: Correct OSCP Must-Staple cert check for OpenSSL 1.1.1. Fixes #9408

Jim Pingle

04:44 PM Revision e788a9e2: Create /var/crash after creating /var RAM disk. Fixes #9409

(cherry picked from commit b39d615394eabd2d19afef0936219c609ef602e3) Jim Pingle

04:44 PM Revision b39d6153: Create /var/crash after creating /var RAM disk. Fixes #9409

Jim Pingle

04:00 PM Feature #9412 (Feedback): Add sorting and search/filtering to CA/Certificates

Applied in changeset commit:14973058752f8b19f63af5c45b3f7b42560ae432. Jim Pingle

03:53 PM Feature #9412 (Resolved): Add sorting and search/filtering to CA/Certificates

The CA and Certificate tabs of the certificate manager can grow quite large and can be difficult to locate items. Add... Jim Pingle

02:11 PM Bug #9411 (Resolved): Firewall log does not contain valid entries

On 2.5.0 snapshots, the firewall log at /var/log/filter.log does not contain valid entries.... Jim Pingle

12:46 PM Bug #9410 (Resolved): Package install fails to run from GUI

Attempting to install a package from the GUI fails on the latest 2.5.0 snapshot (2.5.0.a.20190317.1652)
Click "Ins... Jim Pingle

11:55 AM Bug #9408 (Feedback): OCSP stapling detection broken on 2.5.0

Applied in changeset commit:0d82f93b68b59ccfcf2bdbc9b73fc5da1d7eb9c7. Jim Pingle

11:29 AM Bug #9408 (Resolved): OCSP stapling detection broken on 2.5.0

Certificates with OCSP stapling are not detected as such on 2.5.0. If a cert with stapling is used as the GUI cert, t... Jim Pingle

11:50 AM Bug #9409 (Feedback): Crash dumps cannot be saved when RAM disks are enabled for /var

Applied in changeset commit:b39d615394eabd2d19afef0936219c609ef602e3. Jim Pingle

11:43 AM Bug #9409 (Resolved): Crash dumps cannot be saved when RAM disks are enabled for /var

When a system has RAM disks enabled for /var, the /var/crash directory is missing at bootup when the OS attempts to s... Jim Pingle

08:24 AM Bug #9407: Update jQuery to current version (3.3.1 or later)

There is an upgrade guide here: https://jquery.com/upgrade-guide/3.0/ which includes instructions on a migration prog... Jim Pingle

08:22 AM Bug #9407 (Resolved): Update jQuery to current version (3.3.1 or later)

pfSense has jQuery 1.12.0 which is no longer receiving security updates. 2.x has also been deprecated by jQuery.
W... Jim Pingle

03/17/2019

04:08 PM Bug #9283: Not obvious that HA sync will still sync certs if cert sync disabled but OpenVPN sync enabled

Then you are using ACME incorrectly. Read the previous comments or post on the forum if you have further questions. Y... Jim Pingle

03:53 PM Bug #9283: Not obvious that HA sync will still sync certs if cert sync disabled but OpenVPN sync enabled

Even openvpn needs synced certs I would like not to sync them because of ACME certs.
Or skip deleting used ACME ce... Grischa Zengel

03:42 PM Feature #9406 (Rejected): restart necessary to restore config file

Rebooting after restore is the safest way to ensure every setting has been applied. You can't always guarantee that a... Jim Pingle

02:18 PM Feature #9406 (Rejected): restart necessary to restore config file

Hi, first of all, I'm from Argentina, excuse me if I don't express myself accurately. I would like to request that pf... Federico Galli

12:26 PM pfSense Packages Bug #9204: ospfd: GRE tunnels became unnumbered since 2.4.4

I think the root of the problem is frr incorrectly detecting that GRE tunnels have /32 netmasks - this makes them unn... Firstname Surname

12:15 PM Feature #7746: Proxy NDP

Richard van Dijk wrote:
> It looks like now there is a possible solution of decent quality that can be further built... Firstname Surname

12:02 PM Bug #9405 (Resolved): IPsec IPv6 dynamic FQDN Remote Gateways / util.inc resolve_retry() IPv6 support

Here is one I have been manually patching for years. Since ever, resolve_retry() which is used to resolve an IPSec re... Firstname Surname

08:54 AM pfSense Packages Bug #9352: Duplicate default views in Status Monitoring that can't be removed.

I can confirm all of this.
Thanks for creating the redmine. Raul Ramos

03/16/2019

11:19 PM pfSense Docs Correction #9404 (Resolved): Bring RCC install guides up to date

The following guides are in a broken state.
https://docs.netgate.com/platforms/rcc-2758/pfsense.html
https://docs... Anonymous

09:04 PM pfSense Packages Feature #9289: Snort enable react

Snort on pfSense currently runs in what is really IDS mode using libpcap. The "blocking" done by Snort uses a custom... Bill Meeks

03:43 PM pfSense Packages Bug #9403 (Resolved): Suricata - Checkbox 'Traffic Flows' enables logging for both logging formats

The checkbox 'Traffic Flows' in 'EVE Output Settings' now enables netflow and flow output. (net)flow logging is quite... Julian Wecke

10:32 AM Revision 665cbe2a: do not look for other servers when an auth is successful

fix #9255 A FL

03/15/2019

05:21 PM Bug #9402: Netgate "DNS over TLS with pfSense" Blog Post recommends configuration vulnerable to MITM attacks from self signed certificates

Jim, thanks for the quick response. You replied so quickly that I was late in adding that I hadn't actually verified ... Richard Yao

05:20 PM Bug #9402: Netgate "DNS over TLS with pfSense" Blog Post recommends configuration vulnerable to MITM attacks from self signed certificates

One more remark. While I cited that blog post, I haven't actually taken the time to verify that this protects against... Richard Yao

05:19 PM Bug #9402 (Duplicate): Netgate "DNS over TLS with pfSense" Blog Post recommends configuration vulnerable to MITM attacks from self signed certificates

That doesn't actually verify anything. It logs that it does, but doesn't fail validation if the host doesn't match.
... Jim Pingle

05:16 PM Bug #9402: Netgate "DNS over TLS with pfSense" Blog Post recommends configuration vulnerable to MITM attacks from self signed certificates

There is a typo in my original report. The post should say:
server:
tls-cert-bundle: /usr/local/share/certs/ca-ro... Richard Yao

05:13 PM Bug #9402 (Duplicate): Netgate "DNS over TLS with pfSense" Blog Post recommends configuration vulnerable to MITM attacks from self signed certificates

Users should be told to set these options in unbound:
server:
tls-cert-bundle: /usr/local/share/certs/ca-root-nss... Richard Yao

04:18 PM Bug #9401 (Resolved): 26 to 31 character VPN interface names cause gateway names to exceed 31 character limit

If you make an OpenVPN interface name with 26 to 31 characters (in my case, I made them with exactly 26 and 31 charac... Richard Yao

04:15 PM Revision b7be92c5: Make it possible to fix armv6 -> armv7 config files

Renato Botelho

04:10 PM Revision 08acb533: Make it possible to fix armv6 -> armv7 config files

Renato Botelho

04:01 PM Revision 9d91dd67: Prepare repo templates for 2.5.0 based on FreeBSD 12

Renato Botelho

03:15 PM Revision d36cf2c9: Test modules path before scanning. Fixes #9400

Jim Pingle

11:28 AM Bug #9384: devd putting "$" before variable contents when using single quotes

This also appears to affect rc.carpmaster (and rc.carpbackup), which is also run through pfSctl... Jim Pingle

10:25 AM Bug #9400 (Feedback): PHP scandir() error at boot

Applied in changeset commit:d36cf2c9444fe01a504c1f36bccb6999f0ec329a. Jim Pingle

10:15 AM Bug #9400 (Resolved): PHP scandir() error at boot

On current 2.5.0 snapshots, systems may see the following error at boot time:... Jim Pingle

10:19 AM pfSense Packages Feature #9399: pkg support for SSH + sudo authentication via LDAP

nss_ladp and LDAP-enabled sudo are both now present on 2.5.0 snapshots. Jim Pingle

08:08 AM Bug #9388 (Feedback): Update ntpd

4.2.8p13 imported to devel branch Renato Botelho

03/14/2019

08:33 PM Revision 7db5a396: Enable LDAP for sudo and build nss_ldap. Fixes #9399

Jim Pingle

03:45 PM pfSense Packages Feature #9399 (Feedback): pkg support for SSH + sudo authentication via LDAP

Applied in changeset pfsense:commit:7db5a396d398b010bfb70048881a6cec0577338f. Jim Pingle

03:36 PM pfSense Packages Feature #9399: pkg support for SSH + sudo authentication via LDAP

Considering we already build pam_ldap I'm not sure why nss_ldap was omitted, so I added it to the build list for 2.5.... Jim Pingle

12:15 PM pfSense Packages Feature #9399 (Resolved): pkg support for SSH + sudo authentication via LDAP

Hi Folks,
You have a very usable and user-friendly webUI configuration tool for setting up LDAP authorization for ... Mark Staudinger

02:52 PM Feature #4881: Allow NPt to use dynamic IPv6 networks

This will be required for most consumer internet providers that give dynamic IPv6 addresses.
Verizon FiOS just en... Joshua Diamant

09:58 AM Feature #8650 (Bogus): DynDNS Update via HTTPS

The dyndns.org updater has only used HTTPS for as long as it's been in pfSense.
Current code: https://github.com/p... Jim Pingle

09:18 AM Todo #7091 (Not a Bug): Write upgrade code to rename igb devices to em

It's not happening anymore
https://lists.freebsd.org/pipermail/freebsd-current/2017-January/064370.html Renato Botelho

09:12 AM Todo #7091: Write upgrade code to rename igb devices to em

Maybe note this in release notes before snapshots go live Michael Kellogg

03/13/2019

07:44 PM Revision e078d316: Update obsoleted files from FreeBSD 11 -> 12

Renato Botelho

07:34 PM Revision 64d2dd61: Add missing obsoleted files

Renato Botelho

07:34 PM Revision b05d99e2: Add missing obsoleted files

Renato Botelho

06:13 PM Revision 586c623a: Deprecate the built-in relayd Load Balancer. Closes #9386

It is not available on FreeBSD 12 with OpenSSL 1.1.x.
Users can migrate to the HAProxy package. Jim Pingle

03:48 PM Revision 749dfdb7: Fix the spamming of warnings about ttyv0 not being available on ARM64 devices.

While here, use a more meaningful name for the function. Luiz Souza

03:37 PM Revision 91677c09: Generate hints for the kernel loader.

Luiz Souza

02:19 PM Bug #9366 (Resolved): "Illegal string offset" PHP errors

I haven't seen any of these for a while. The patch that suppressed them is back, and the most common ones are corrected. Jim Pingle

01:20 PM Todo #9386 (Feedback): Deprecate built-in relayd Load Balancer

Applied in changeset commit:586c623a943f59486a461c1af9873dd6cc11a3b3. Jim Pingle

03/12/2019

08:20 PM Revision b69eea46: Initialized entries variable before use. Fixes #9359

(cherry picked from commit 9146639e722b4d437d19b5ade1157ae01849a313) Jim Pingle

08:20 PM Revision 9146639e: Initialized entries variable before use. Fixes #9359

Jim Pingle

07:47 PM Revision d67449c6: Use only sshguard table for blocking ssh/gui attacks. Issue #9223

(cherry picked from commit 555a9ab5c01101ddab7daa41f35d379d1c39b26e) Jim Pingle

07:47 PM Revision 922a1ae3: Remove unnecessary expiretable cron jobs for ssh/gui lockout. Issue #9223

(cherry picked from commit 7a68df5efc35b6d1ee514bb87a2298f5180de001) Jim Pingle

07:46 PM Revision 555a9ab5: Use only sshguard table for blocking ssh/gui attacks. Issue #9223

Jim Pingle

07:46 PM Revision 7a68df5e: Remove unnecessary expiretable cron jobs for ssh/gui lockout. Issue #9223

Jim Pingle

06:42 PM Revision f1caf190: Remove unnecessary expiretable cron jobs for ssh/gui lockout. Issue #9223

(cherry picked from commit 397d9fff6df234d98ef2353b0b29912a14777442) Jim Pingle

06:41 PM Revision 397d9fff: Remove unnecessary expiretable cron jobs for ssh/gui lockout. Issue #9223

Jim Pingle

04:49 PM pfSense Packages Feature #9387: Update telegraf to 1.9.3 from ports

Sounds good, thanks. John Silva

03:11 PM pfSense Packages Feature #9387: Update telegraf to 1.9.3 from ports

1.9.0 is available on pfSense 2.5.0 snapshots (which are not yet public)
That is the most recent release in the 20... Jim Pingle

03:51 PM pfSense Docs Correction #9394 (Closed): Feedback on Services — DNS — Configuring the DNS Resolver

*Page:* https://docs.netgate.com/pfsense/en/latest/services/dns/resolver.html
*Feedback:*
Does not explain how ... Rick Schmitz

03:37 PM pfSense Packages Bug #9339: Misc typos in pfsense/FreeBSD-ports

PR Link: https://github.com/pfsense/FreeBSD-ports/pull/624 Jim Pingle

03:30 PM Bug #9359 (Feedback): diag_tables.php duplicate entries from webConfigurator lockout table

Applied in changeset commit:9146639e722b4d437d19b5ade1157ae01849a313. Jim Pingle

03:20 PM Bug #9359: diag_tables.php duplicate entries from webConfigurator lockout table

I can't reproduce this as stated, but I can see how it might happen since the variable is used without being initiali... Jim Pingle

03:09 PM pfSense Packages Feature #9389 (Closed): More frequent package repo updates needed

Sounds good on paper, but doesn't work in practice.
We can't automatically track a branch because a base system pa... Jim Pingle

03:07 PM Bug #9223: SSHGUARD doesn't work as expected

Joshua Sign wrote:
> As it could be very interresting to have sshguard blocking ip by services, i just worked on it.... Jim Pingle

03:05 PM Bug #9223 (Feedback): SSHGUARD doesn't work as expected

sshguard 2.3.1 is now present on 2.5.0 snapshots being tested. It has the extra GUI table code removed.
Associated... Jim Pingle

01:49 PM Bug #9223: SSHGUARD doesn't work as expected

I pushed a change to remove the cron job. Additional changes are coming shortly. Jim Pingle

03/11/2019

09:40 PM Feature #9393 (Resolved): Improved support for USB interfaces that may not always be present

Currently if you have a USB 4g modem or any other removable interface you need to manually delete it or otherwise you... Xhivat Hoxhiq

06:53 PM Bug #9390: diag_backup.php: Backup output generation failure with CSRF script tag inserted into XML

Two reports of success with the committed patch, for different issues as well:
https://forum.netgate.com/post/82... Jim Pingle

03:19 PM Bug #7020: <Hostname> is omitted when sending logs on syslog

Then that is where you need to direct your attention. Comment there and let the FreeBSD developers know that it's a p... Jim Pingle

03:04 PM Bug #7020: <Hostname> is omitted when sending logs on syslog

A bug is already opened upstream, see https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=194231 Daniel Berteaud

01:07 PM pfSense Packages Todo #9392 (Resolved): Status_Traffic_Totals needs updated for vnstat 2.0

In the FreeBSD ports repository, vnstat has been upgraded to vnstat 2.0 (from 1.15).
vnstat 2.0 does not appear to... Jim Pingle

10:25 AM Bug #9391 (Duplicate): Can't access Backup & Restore Page

Duplicate of #9316 -- already fixed in the repository, but there are no more 2.4.5 snapshots. Jim Pingle

10:17 AM Bug #9391 (Duplicate): Can't access Backup & Restore Page

pfSense Version: 2.4.5.a.20190213.0609
I cannot access the Backup & Restore page at all from GUI. instead i get er... ahmed k

01:40 AM pfSense Packages Bug #9322: telegraf "Additional configuration for Telegraf" lost configuration after reboot

additional issue： running configurations will ALSO be lost after sometime, you'll have to re-click SAVE in "PackageSe... mrco chen

03/10/2019

11:44 PM Revision 428f6f02: Fix output buffering when downloading config backups. Fixes #9390

(cherry picked from commit 4015b03d4b184e546cb3590430fee6f9953ce23e) Jim Pingle

11:43 PM Revision 4015b03d: Fix output buffering when downloading config backups. Fixes #9390

Jim Pingle

06:50 PM Bug #9390 (Feedback): diag_backup.php: Backup output generation failure with CSRF script tag inserted into XML

Applied in changeset commit:4015b03d4b184e546cb3590430fee6f9953ce23e. Jim Pingle

05:59 PM Bug #9390: diag_backup.php: Backup output generation failure with CSRF script tag inserted into XML

You're entitled to your opinion but I disagree. Output buffering can cause other issues with downloading other than t... Jim Pingle

05:54 PM Bug #9390: diag_backup.php: Backup output generation failure with CSRF script tag inserted into XML

Look at PR 4055: https://github.com/pfsense/pfsense/pull/4055 Sam Likins

05:52 PM Bug #9390: diag_backup.php: Backup output generation failure with CSRF script tag inserted into XML

That is a bad solution, performing unnecessary complexity, when turning off the flag prior to outputting the payload ... Sam Likins

05:47 PM Bug #9390: diag_backup.php: Backup output generation failure with CSRF script tag inserted into XML

That PR is the wrong fix.
I haven't been able to reproduce this here, but it appears to be due to output buffering... Jim Pingle

05:39 PM Bug #9390: diag_backup.php: Backup output generation failure with CSRF script tag inserted into XML

PR #4055 Created Sam Likins

05:35 PM Bug #9390: diag_backup.php: Backup output generation failure with CSRF script tag inserted into XML

I can't reproduce this.
[2.4.4-RELEASE-p2 (amd64)
built on Wed Dec 12 07:40:18 EST 2018
FreeBSD 11.2-RELEASE-p6... Anonymous

04:59 PM Bug #9390 (Resolved): diag_backup.php: Backup output generation failure with CSRF script tag inserted into XML

Since the last update (ie: *2.4.4_2*), backups fail to restore; previously generated backups will restore, but new ba... Sam Likins

06:41 PM Bug #7020: <Hostname> is omitted when sending logs on syslog

If it's a bug, it's a bug in FreeBSD -- we use their syslogd and that's how it behaves. The default behavior is to ge... Jim Pingle

05:37 PM Bug #7020: <Hostname> is omitted when sending logs on syslog

This is clearly a bug, as PfSense is not sending valid syslog messages. It also affects Graylog (3.0). We have to use... Daniel Berteaud

01:15 PM pfSense Packages Feature #9389 (Closed): More frequent package repo updates needed

I've been noticing that the release package repo lags far behind the quarterly ports tree releases and the official p... John Silva

01:01 PM Bug #9388 (Resolved): Update ntpd

Ran pkg audit new install of 2.4.4-p2:... Chris Macmahon

12:27 PM pfSense Packages Feature #9387 (Resolved): Update telegraf to 1.9.3 from ports

Telegraf port in pfsense (1.6.3) is substantially behind upstream FreeBSD ports tree (1.9.3). 1.9.3 has support for ... John Silva

03/09/2019

07:40 PM Bug #8987: Web GUI main page very slow to load if wan interface is enabled but not connected.

Looks like Pieter and I have come to the same conclusion (see comment 10), hopefully a fix isn't too far out. Tom Embt

02:50 PM Bug #8987: Web GUI main page very slow to load if wan interface is enabled but not connected.

Hmm, nice find Pieter!
Maybe we need a function like *haveWorkingDns()* that returns a bool if DNS is working, and... → luckman212

01:08 PM Bug #8987: Web GUI main page very slow to load if wan interface is enabled but not connected.

We had the same issue. It's a pfSense 2.4.4p2 installation in an air-gapped environment and has never touched the int... Pieter .

03/08/2019

09:34 AM pfSense Packages Bug #9368 (Feedback): ACME certificates cannot have more than ~35 SAN entries due to input variable limits

PR Merged Jim Pingle

03/07/2019

05:49 PM Bug #8987: Web GUI main page very slow to load if wan interface is enabled but not connected.

could you confirm that adding DNS entries can be a workaround ? (if you can try to do it for testing purpose)
How ma... Joshua Sign

01:20 PM Bug #8987: Web GUI main page very slow to load if wan interface is enabled but not connected.

This is affecting our company's setup as well. Static public IPs /29 (total 5 available IPs) with one hooked up with ... Jamie Donovan

03/06/2019

07:14 PM Revision 632f0dbf: Revert "Remove definitions of conf_mount_r[ow]"

Leave functions declaration for now to prevent errors during upgrade.
This reverts commit da3ef5a3b359edb27bb9bb2b88... Renato Botelho

04:28 PM pfSense Packages Bug #9368: ACME certificates cannot have more than ~35 SAN entries due to input variable limits

Should be fixed with this: https://github.com/pfsense/FreeBSD-ports/pull/626
Or would that possibly cause sideeffect... Pi Ba

09:22 AM pfSense Packages Bug #9368 (Resolved): ACME certificates cannot have more than ~35 SAN entries due to input variable limits

The way that acme_certificates_edit.php submits data results in a failure to add more SAN entries due to input variab... Jim Pingle

03:05 PM Todo #9386 (Resolved): Deprecate built-in relayd Load Balancer

As of now, relayd does not function on FreeBSD 12 due to OpenSSL 1.1.x. The port is currently "marked BROKEN":https:/... Jim Pingle

02:07 PM Bug #9385 (Closed): OpenVPN logs a "Device busy" error when opening tap interfaces, but continues to function

On 2.5.0 snapshots, when openvpn starts up, it logs a "Device busy" error, but the error does not appear to harm func... Jim Pingle

02:04 PM Bug #9384 (Confirmed): devd putting "$" before variable contents when using single quotes

On 2.5.0 snapshots, when @check_reload_status@ logs a linkup event, the message contains a @$@ before the interface n... Jim Pingle

02:01 PM Bug #9383 (Resolved): dhcpleases kqueue error

On 2.5.0 snapshots when DHCP lease integration is enabled for the DNS Resolver, the following error is logged at boot... Jim Pingle

01:59 PM Bug #9382 (Resolved): SNMP Undefined symbol "pf_altq"

On 2.5.0 snapshots, bsnmpd logs an error message when the pf module is enabled:... Jim Pingle

12:35 PM pfSense Docs Correction #9381: FreeRadius 2.X package documentation and CaptivePortal associated documentation are mostly outdated

Github User, https://github.com/Frotty, commented:
Also perhaps see https://redmine.pfsense.org/issues/8251
I ha... Jared Dillard

12:34 PM pfSense Docs Correction #9381: FreeRadius 2.X package documentation and CaptivePortal associated documentation are mostly outdated

Jimp commented:
I think we've had some discussion about this in the past on the forum. Since we don't support havi... Jared Dillard

12:25 PM pfSense Docs Correction #9381 (Resolved): FreeRadius 2.X package documentation and CaptivePortal associated documentation are mostly outdated

*Github user:* https://github.com/Augustin-FL
*Feedback:*
The FreeRadius 2.X documentation, https://www.netgate... Jared Dillard

12:14 PM pfSense Docs Correction #9380 (Resolved): Feedback on Cache / Proxy — Tuning the Squid Package

*Page:* https://www.netgate.com/docs/pfsense/cache-proxy/squid-package-tuning.html#caching-windows-updates
*Github... Jared Dillard

12:10 PM pfSense Docs Correction #9379 (Resolved): Feedback on Interfaces — Using a Large Number of Interfaces

*Page:* https://docs.netgate.com/pfsense/en/latest/interfaces/index.html#limitations
*Github user:* https://github... Jared Dillard

12:07 PM pfSense Docs Correction #9378 (Closed): Feedback on Virtualization — Virtualizing pfSense with Proxmox

*Page:* https://docs.netgate.com/pfsense/en/latest/recipes/virtualize-proxmox.html
*Github user:* https://github.c... Jared Dillard

12:07 PM pfSense Packages Feature #6651: Loopback interfaces

Slava Bendersky wrote:
> Hello Everyone,
> I would like place request add ability manipulate loopback interfaces th... Slava Bendersky

12:06 PM pfSense Docs Correction #9377 (Rejected): log file format : missing igmp. <protocol-specific-data> ::= <tcp-data> | <udp-data> | <icmp-data> | <carp-data>

*Page:* https://docs.netgate.com/pfsense/en/latest/monitoring/logs/raw-filter-format.html
*Github user:* https://g... Jared Dillard

12:05 PM pfSense Docs Correction #9376 (Resolved): Feedback on System Monitoring — Filter Log Format for pfSense 2.2

*Page:* https://docs.netgate.com/pfsense/en/latest/monitoring/logs/raw-filter-format.html
*Github user:* https://g... Jared Dillard

12:01 PM pfSense Docs Correction #9375 (Resolved): Feedback on ACME - no info on how to use cron

*Page:* https://docs.netgate.com/pfsense/en/latest/packages/acme/index.html
*Github user:* https://github.com/yuri... Jared Dillard

11:57 AM pfSense Docs Todo #9374 (Resolved): Update Virtualizing pfSense with Hyper-V recipe with more recent information

*Page:* https://docs.netgate.com/pfsense/en/latest/recipes/virtualize-hyper-v.html
*Feedback:*
The Hyper-V tuto... Jared Dillard

11:55 AM pfSense Docs Correction #9373 (Closed): Feedback on Services — DNS — Configuring the DNS Resolver

*Page:* https://docs.netgate.com/pfsense/en/latest/services/dns/resolver.html
*Github user:* https://github.com/ja... Jared Dillard

11:53 AM pfSense Docs Correction #9372 (Resolved): Feedback on User Management — Configuring User Authentication Servers

*Page:* https://docs.netgate.com/pfsense/en/latest/usermanager/authentication-servers.html
*Github user:* https://... Jared Dillard

11:50 AM pfSense Docs Correction #9371 (Resolved): Feedback on Testing the FreeRADIUS Package

*Page:* https://docs.netgate.com/pfsense/en/latest/packages/freeradius-test.html
*Github user:* https://github.com... Jared Dillard

11:37 AM pfSense Docs Correction #9370 (In Progress): Update old screenshots

Here is a list of pages that need updated screenshots:
- [ ] https://docs.netgate.com/pfsense/en/latest/recipes/ip... Jared Dillard

11:32 AM pfSense Docs New Content #9369 (New): Document remaining packages

Create pages for the currently undocumented packages in the Package List, https://docs.netgate.com/pfsense/en/latest/... Jared Dillard

03/05/2019

10:00 PM Revision 1d92575e: Update SMART status page with more detail/commands. Implements #9367

Jim Pingle

08:47 PM Revision 144863e3: Fix more illegal offset errors. Issue #9366

Jim Pingle

06:30 PM Revision 86ec819a: Target the proper loop in switch statements. Issue #9365

Jim Pingle

06:27 PM Revision b88050bb: Fix some illegal offset errors. Issue #9366

Jim Pingle

05:22 PM Revision 59449ddb: Fix deeper continues. Issue #9365

Jim Pingle

05:15 PM Revision 05221142: Target the proper loop in switch statements. Issue #9365

Jim Pingle

04:10 PM Todo #9367 (Feedback): Update SMART Page with new capabilities

Applied in changeset commit:1d92575e36db5fd0b9bf2cc6a236dde32aba9239. Jim Pingle

04:01 PM Todo #9367 (Resolved): Update SMART Page with new capabilities

@smartctl@ is capable of showing a lot more information than the current page supports. Update it to show things like... Jim Pingle

02:45 PM Revision f403491d: Move PHP to 7.3.x

Renato Botelho

02:44 PM Revision b2aae111: Add support for PHP 7.3.x

Renato Botelho

02:43 PM Revision ccc60c88: Remove PHP 5.x support

Renato Botelho

02:40 PM Revision 5ec87d10: Move PHP to 7.3.x

Renato Botelho

02:00 PM Bug #8465: Lost default gateway after recover from failover with CARP VIP and HA

Hi all
The problem is still (or again) reproducable.
Best regards
Tom Tom Huerlimann

12:23 PM Bug #9366 (Resolved): "Illegal string offset" PHP errors

We have a patch that suppresses some "Illegal string offset" PHP errors but if the ones we can spot are easy to fix w... Jim Pingle

12:20 PM Bug #9365: Use of "continue" in switch statements can be ambiguous

Two more:... Jim Pingle

11:13 AM Bug #9365 (Closed): Use of "continue" in switch statements can be ambiguous

PHP 7.3 is tightening down on the use of @continue@ in switches. There are instances where the code meant to continue... Jim Pingle

09:08 AM pfSense Packages Bug #9364 (Resolved): squidguard int error page does not use https

Hello,
I'm running these versions on my system(s):
pfSense 2.4.4-RELEASE-p2
squid 0.4.44_7
squidguard 1.16.18_1... Florian Stichlberger

03/04/2019

07:22 AM pfSense Docs Correction #9363 (Closed): Source Tracking Table

That only appears if you have Sticky connections enabled, otherwise it's not relevant. Jim Pingle

07:18 AM pfSense Docs Correction #9363 (Closed): Source Tracking Table

Docs » pfSense » Book » System Monitoring » Firewall States » Reset State Table / Source Tracking Table
The book s... Anonymous

03/03/2019

04:18 AM Bug #9362 (Resolved): rc.dyndns.update: Cloudflare DDNS with proxy enabled doesn't work at all

When updating the DNS record via services_dyndns_edit.php it works normally, but when it tries to update it automatic... Nico Schneider

03/02/2019

05:58 PM Revision acfc3643: Allow Dynamic DNS wildcards for Cloudflare #9361

Tom Embt

12:05 PM Bug #9361: Cloudflare Not Allowing "*" Hostname Entry in Dynamic DNS

https://github.com/pfsense/pfsense/pull/4053
- hide wildcard and MX checkboxes since neither are used by the Cloud... Tom Embt

11:47 AM Bug #9361: Cloudflare Not Allowing "*" Hostname Entry in Dynamic DNS

My comments about Route53 on #9053 likely also apply to Cloudflare here. Assuming so, the solution would differ slig... Tom Embt

11:55 AM Bug #9074: Alias URL lists only storing last-most list in config.

Applied https://github.com/pfsense/pfsense/pull/4002/commits/f5c56bf8189d515af203c398f473c9b3adfff98b and https://git... Danilo Zrenjanin

05:37 AM Bug #9320: Outbound NAT and multiple IPSEC IPs for mobile warriors

Applied https://github.com/pfsense/pfsense/pull/4049/commits/8897cbce7fc410029ac367eeee7c12261fec896f via system_pat... Vladimir Lind

03/01/2019

07:23 PM Revision ac512a11: Move to python 3.6 as default

Renato Botelho

07:06 PM Bug #9361 (Resolved): Cloudflare Not Allowing "*" Hostname Entry in Dynamic DNS

Cloudflare allows wildcard A records and the pfSense DDNS page has a wildcard checkbox (since 2.3?), but it will thro... Will Rutherford

02:23 PM Todo #9360 (Resolved): Switch to Python 3.x

Python 2.7.x is not long for this world, going EOL on "Jan 1, 2020":https://pythonclock.org/
We need to ensure the... Jim Pingle

09:38 AM Bug #9223: SSHGUARD doesn't work as expected

FYI
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20798
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CV... Joshua Sign

02/28/2019

07:52 PM Bug #5999: IPv6 IP Alias prevents Track Interface from working with DHCPv6 and RA

As far as I can tell there are too many assumptions placed on the order of the addresses on the interfaces.
There ... Chris Linstruth

05:48 PM Revision c5663bf5: Comment out all pfSense_fsync() calls until it's properly fixed

Renato Botelho

04:02 PM Revision c03dc57f: pfSense_fsync() call just before rename() is breaking it. Comment out for now until it's fixed

Renato Botelho

01:06 PM Revision da3ef5a3: Remove definitions of conf_mount_r[ow]

Renato Botelho

01:05 PM Revision 9c078e31: Remove /etc/conf_mount_r[ow]

Renato Botelho

12:49 PM Revision 522388a7: Remove all calls to conf_mount_r[ow]

Renato Botelho

10:15 AM pfSense Packages Todo #9354 (Feedback): Update OpenVPN Client Export with OpenVPN 2.4.7

The OpenVPN 2.4.7 Windows installer is included in OpenVPN Client Export Package version 1.4.18_3, which is available... Jim Pingle

10:03 AM Bug #9359 (Resolved): diag_tables.php duplicate entries from webConfigurator lockout table

Entries in the webConfigurator Lockout Table are always listed, whatever the table you select.
Possible fix shou... Joshua Sign

09:35 AM pfSense Packages Bug #8476 (Resolved): OpenVPN Client Export TLS Key Direction Directive Location

ovpn configuration file exported from:
2.4.5-DEVELOPMENT (amd64)
built on Wed Feb 13 06:09:38 EST 2019
FreeBSD 11.... Danilo Zrenjanin

09:35 AM Revision 9df78d6b: Do not initialize t_address in loop

Paul.Bramhall

06:10 AM Bug #9358 (Closed): Lost default gateway after recover from failover with CARP VIP and HA

The same issue #8465 is back on 2.4.4-RELEASE-p2 (amd64) built on Wed Dec 12 07:40:18 EST 2018. Tested with one WAN I... Christian Grunfeld

02/27/2019

10:02 PM Revision 90639e0a: Rename exclude files to work with armv7

Renato Botelho

09:03 PM Revision e200e241: Fix armv7 ABI string

Renato Botelho

07:34 PM Revision 82b59cee: On FreeBSD 12+ move from armv6 to armv7

Renato Botelho

04:22 PM Revision fe0a068b: Revert "pfSense_fsync() call just before rename() is breaking it. Comment out for now until it's fixed"

pfSense_fsync() is fixed now
This reverts commit cea9d3b7dc6f7ac8450a2a8f4b630b1b6b69827b. Renato Botelho

02:55 PM Bug #8465: Lost default gateway after recover from failover with CARP VIP and HA

The same issue is back in 2.4.4-RELEASE-p2 (amd64) built on Wed Dec 12 07:40:18 EST 2018. Tested with one WAN IP (/30... Christian Grunfeld

12:09 PM Revision 67f15b5e: Update loader.conf when maximumtableentries changes

On Firewall -> Advanced -> Firewall, when maximumtableentries item
changes, make sure /boot/loader.conf is changed ac... Renato Botelho

12:06 PM Revision 117f032c: Add net.pf.request_maxcount to loader.conf

On FreeBSD 12 and newer pf uses this sysctl to define maximum number of
items supported by its allocations. Make sur... Renato Botelho

10:00 AM Bug #9357: rc.newwanipv6 called regardless of REASON

We probably need something like a "copy" of /usr/local/sbin/pfSense-dhclient-script here, just for IPv6 Flole Systems

09:56 AM Bug #9357 (Closed): rc.newwanipv6 called regardless of REASON

The dhcp6c_wan_script.sh does not honor the REASON-Variable set by the dhcp6c process. Even though it is RENEW and th... Flole Systems

07:31 AM Todo #9356 (Closed): Find optimal default for net.pf.request_maxcount

FreeBSD 12 introduced a new sysctl, @net.pf.request_maxcount@, which must be set in loader.conf (or loader.conf.local... Jim Pingle

02/26/2019

08:15 PM Revision c16a2fe1: Remove invalid MACs from sshd_config

Renato Botelho

07:09 PM Revision cea9d3b7: pfSense_fsync() call just before rename() is breaking it. Comment out for now until it's fixed

Renato Botelho

05:04 PM Revision 295b0d2b: Fix path relative to MAKEOBJDIRPREFIX to FreeBSD 12+ reality

Renato Botelho

10:57 AM pfSense Packages Bug #9355 (Bogus): Telegraf Package - https for InfluxDB Server

Setup Telegraf to send stats to InfluxDB
When trying https:// in url no stats until http:// used.
Would prefer to... Erin O'Meara

08:43 AM pfSense Packages Todo #9354 (Resolved): Update OpenVPN Client Export with OpenVPN 2.4.7

OpenVPN 2.4.7 released last week, needs updated in the OpenVPN client export package: https://openvpn.net/community-d... Jim Pingle

08:35 AM pfSense Packages Bug #9345 (Resolved): Quagga Ospf MD5 interface password truncated to 15 characters

Jim Pingle

12:05 AM pfSense Packages Bug #9345: Quagga Ospf MD5 interface password truncated to 15 characters

Tested for FRR OSPF (version 0.2_7). Thank you for the quick fix. Henning Rogge

02/25/2019

04:15 PM Bug #9353 (New): PHPSession errors from limited access to dashboard and widgets

If you login with a user who has privilege 'WebCfg - System: Login / Logout / Dashboard' and you have widgets on the ... Steve Wheeler

04:04 PM pfSense Packages Bug #9352 (Resolved): Duplicate default views in Status Monitoring that can't be removed.

Ended up with multiple "Default" views under status monitoring that could not be removed. When attempting to create a... Mike A

03:15 PM Bug #9351: need option for repeated DHCP retries

the cable modem (Arris/Moto SB6183) has no ip, its a bridge, the gateway is somewhere at my ISP. the modem stays al... John Pierce

02:59 PM Bug #9351: need option for repeated DHCP retries

"propose you add an option to keep retrying DHCP renews on the WAN when the gateway becomes inaccessible." - Based on... Anonymous

02:41 PM Bug #9351 (Duplicate): need option for repeated DHCP retries

every time my cable company has an outage of more than a few minutes, pfsense ends up with no IP address on WAN, and ... John Pierce

02:56 PM Revision 4ee79051: Update translation files

Renato Botelho

02:56 PM Revision 7f58d21b: Regenerate pot

Renato Botelho

02:55 PM Revision 7fac4101: Update translation files

Renato Botelho

02:26 PM Bug #6876 (Resolved): Firewall alias issue after adding a wrong alias

Anonymous

02:09 PM Revision 303e7fed: Regenerate pot

Renato Botelho

02/24/2019

04:38 PM Revision 3cd21b4e: Routing, actually show the "(default)" mark on the default route as it is present on the OS

Most obvious problem was when manually switching from WANGW1 to WANGW2 it showed both as (default) after saving the s... PiBa-NL

02/23/2019

11:41 AM pfSense Packages Bug #9350 (Resolved): not appear proxy config

This problem is observed when using "squid" and "squidguard" packages together. If you enter values in the "blacklist... Yuran Yastreb

11:24 AM Bug #9349: IPSec service start/stop/restart fails after settings change

Hi.
I mixed the logs (stop/restart) but the problem is the same and I understand your explanation. Nevertheless th... Markus Stockhausen

08:14 AM Bug #9349: IPSec service start/stop/restart fails after settings change

The mode on that says "stop", not restart.
Try a different browser, you may see a more informative error message.
... Jim Pingle

07:58 AM Bug #9349: IPSec service start/stop/restart fails after settings change

Hi Jim,
I do not think so. I captured the network traffic in the browser and can see the following request being s... Markus Stockhausen

07:50 AM Bug #9349: IPSec service start/stop/restart fails after settings change

This is most likely because your browser is refusing to refresh the page to update the controls because it would invo... Jim Pingle

07:17 AM Bug #9349 (Confirmed): IPSec service start/stop/restart fails after settings change

There seems to be some weird behaviour when changing things on the advance IPsec servie settings tab. As soon as you ... Markus Stockhausen