Project

General

Profile

Activity

From 04/12/2019 to 05/11/2019

05/11/2019

10:55 PM Revision 7ccb4524: Fix ACB privileges. Fixes #9519
(cherry picked from commit 18c1de41332473dacd8a24ddf34e558f6366c714) Jim Pingle
10:55 PM Revision 18c1de41: Fix ACB privileges. Fixes #9519
Jim Pingle
07:38 PM pfSense Docs Correction #9520 (Closed): Feedback on Routing and Multi-WAN — Gateway Settings
*Page:* https://docs.netgate.com/pfsense/en/latest/routing/gateway-configure.html
*Feedback:* There is no document... Brendon Baumgartner
06:05 PM Bug #9470 (Feedback): unbound remotecontrol.conf not rewritten when the file is empty
Jim Pingle
06:05 PM Bug #9519 (Feedback): Fix ACB Privileges
Applied in changeset commit:18c1de41332473dacd8a24ddf34e558f6366c714. Jim Pingle
05:48 PM Bug #9519 (Resolved): Fix ACB Privileges
ACB pages have missing/incorrect privilege headers, and are not listed in the privilege list properly. Jim Pingle
06:05 PM Bug #9446 (Feedback): Filter reload error with NAT reflection enabled
Jim Pingle
06:05 PM Feature #9290 (Feedback): Need a way to suppress status output display in /status.php
Jim Pingle
06:05 PM Bug #9281 (Feedback): ZFS encrypted+mirrored swap may not be activated on 2.4.4-p2
Jim Pingle
06:05 PM Bug #9276 (Feedback): DNS troubleshooting tool incorrectly reporting "ai." as an invalid hostname
Jim Pingle
06:04 PM Bug #9275 (Feedback): ip tools link not working
Jim Pingle
06:04 PM Bug #9264 (Feedback): Disabling "IPv6 over IPv4 Tunneling" breaks config
Jim Pingle
06:04 PM Bug #9239 (Feedback): WebGUI: Diagnostics > Packet Capture will try to display any size of pcap file.
Jim Pingle
06:04 PM Bug #9231 (Feedback): firewall_aliases_edit.php: pf keyword matching is not catching some problem cases
Jim Pingle
06:04 PM Bug #9193 (Feedback): firewall_nat.php: PHP error deleting an imported NAT rule with no firewall rules present
Jim Pingle
06:04 PM Feature #8602 (Feedback): DNS over TLS host verification
Jim Pingle
05:21 PM Feature #9096 (Feedback): Login Page: Make pfSense Login Page Tab Name More Unique
Implemented in commit:814a7c2f1d828fedef13bb2bf326d8014e9e25bf (master) and commit:87642f6bd1fc96f116ee6756a15ef2a9cf... Jim Pingle
09:17 AM Bug #9514 (Not a Bug): DNS servers
The DNS Resolver (Unbound) doesn't work that way.
You can do that in the DNS forwarder by telling it to query sequ... Jim Pingle
08:56 AM Bug #9514 (Not a Bug): DNS servers
Right now, the query order for DNS servers can vary based on query times. Using DNS from multiple providers is great ... Dallas Haselhorst

05/10/2019

08:20 PM Revision 6cb5a937: Rewrite unbound remotecontrol.conf when it is empty. Fixes #9470
(cherry picked from commit 4b70a2006e6afb7813344eec8cafb8570e67256b) Jim Pingle
08:20 PM Revision 44fb8aca: Add back DNS over TLS host verification code. Fixes #8602
Requires Unbound 1.9.0_1 from pfsense/freebsd-ports, which fixes a bug
in Unbound 1.9.0 which did not fully implement... Jim Pingle
08:19 PM Revision fdb7f0a5: status.php updates
* Ensure firewall info is generated when run from the CLI
* For SG-1100, also include its public key
(cherry picked ... Jim Pingle
08:19 PM Revision c6d54302: Fix another typo
(cherry picked from commit a0930ca608eb6b22b256c95ab2d829932b085f82) Jim Pingle
08:19 PM Revision ff32782a: Add parens around NAT reflection rule interface. Fixes #9446
(cherry picked from commit 8800ee6f90d2ac91ca9c2886bd260bc1a4e12893) Jim Pingle
08:19 PM Revision 1f5fcdb7: Fix typo
(cherry picked from commit 929cc874f6d32908739cc30e70c0eeba25127fb8) Jim Pingle
07:55 PM Revision 70f50a2b: Fix a typo.
Reported by: jimt
(cherry picked from commit b0945941088c7383882688a6c6e774eb831f6486) Luiz Souza
07:55 PM Revision 87642f6b: #9096 - updated login title
(cherry picked from commit 814a7c2f1d828fedef13bb2bf326d8014e9e25bf) Clinton Cory
07:55 PM Revision efdba6ca: LDAP TLS option update. Implements #9417
(cherry picked from commit 996a1ad90e5682bf881bafd8b75d1b1a7e3f7831) Jim Pingle
07:52 PM Revision 4a762cf0: Update copyright notices to 2019. Happy New Year
(cherry picked from commit 0b4c14a491664053aad3cc76e1ffd67b70ff2da1) Steve Beaver
07:30 PM Revision ffe379ad: Strengthen path privilege check. Fixes #9513
* Removes/resolves any relative paths in the submitted URL
* Validates that the file exists
* Trims the path componen... Jim Pingle
07:28 PM Revision 0604f688: Strengthen path privilege check. Fixes #9513
* Removes/resolves any relative paths in the submitted URL
* Validates that the file exists
* Trims the path componen... Jim Pingle
02:40 PM Bug #9513 (Feedback): Privilege bypass due to relative paths in URL after initial page filename
Applied in changeset commit:0604f68855ff65b92cdebd57a08a2ceccbef675c. Jim Pingle
02:27 PM Bug #9513: Privilege bypass due to relative paths in URL after initial page filename
I was finally able to reproduce this, it took some extra parameters in cURL to make it happen.
Setup:
* Create a ... Jim Pingle
10:35 AM Bug #9294 (Feedback): XSS issues on multiple pages
These have all been handled but need testing and confirmation of the fixes. Jim Pingle

05/09/2019

08:40 PM Revision 2d7ec8bf: Make widget privilege matching more specific. Fixes #9512
(cherry picked from commit bc319bc01a4d709b39e4c93c7223d277ee666bff) Jim Pingle
08:39 PM Revision bc319bc0: Make widget privilege matching more specific. Fixes #9512
Jim Pingle
08:23 PM Revision a8a07cfb: Add warning for OpenVPN client, server, and override privileges.
Since these can use OpenVPN advanced directives to call external
scripts, they can be used to run commands that the u... Jim Pingle
08:22 PM Revision f75b0eb8: Add warning for OpenVPN client, server, and override privileges.
Since these can use OpenVPN advanced directives to call external
scripts, they can be used to run commands that the u... Jim Pingle
07:17 PM Revision 48ab49ab: Encode download parameter before use. Fixes #9508
(cherry picked from commit ce77c104eee92cfbbc0d84980e60899295dadeac) Jim Pingle
07:17 PM Revision ce77c104: Encode download parameter before use. Fixes #9508
Jim Pingle
06:20 PM Todo #6647: Enable Additional Security Headers
A quick test with the below inserted into head.inc... Bill Marquette
05:26 PM Bug #6167: IPsec IPComp not working
Is this actually ever going to happen? For three years now, this is just moving from one release to the next, without... Ronald Antony
03:51 PM Bug #9513 (Resolved): Privilege bypass due to relative paths in URL after initial page filename
N.B.: I have not yet managed to reproduce this, adding it based on a user report.
Due to the way the privilege sys... Jim Pingle
03:45 PM Bug #9512 (Feedback): Privilege bypass due to match style used by widget privileges
Applied in changeset commit:bc319bc01a4d709b39e4c93c7223d277ee666bff. Jim Pingle
03:39 PM Bug #9512: Privilege bypass due to match style used by widget privileges
Changing the match to start with the path to the widgets works around the problem:... Jim Pingle
03:37 PM Bug #9512 (Resolved): Privilege bypass due to match style used by widget privileges
The current dashboard and widget privileges specify a leading wildcard, for example:... Jim Pingle
03:19 PM Bug #9489: pfsense with ha closing sessions when apply any rule, xmlrpc erros are shown
This is not a bug, but a problem with your configuration. This site is not for support or diagnostic discussion.
F... Jim Pingle
03:06 PM Bug #9489: pfsense with ha closing sessions when apply any rule, xmlrpc erros are shown
running packages:
pfBlockerNG-devel
Service_Watchdog
snort
squid
squidGuard
 chris j
03:04 PM Bug #9489: pfsense with ha closing sessions when apply any rule, xmlrpc erros are shown
A communications error occurred while attempting to call XMLRPC method restore_config_section: @ 2019-05-09 20:54:59
... chris j
03:03 PM Bug #9489: pfsense with ha closing sessions when apply any rule, xmlrpc erros are shown
I 2nd this issue, brand new install setup HA cluster with just two machines, everything seems fine and config seems t... chris j
03:17 PM Todo #9511: OpenVPN server/client/override advanced settings privilege separation
If or when this is implemented, the warnings added for #9510 can be removed. Jim Pingle
03:15 PM Todo #9511 (Resolved): OpenVPN server/client/override advanced settings privilege separation
This issue needs some additional thought and debate.
Due to advanced directives in OpenVPN it is possible for user... Jim Pingle
02:25 PM Bug #9508 (Feedback): Potential XSS in services_acb.php via download parameter
Applied in changeset commit:ce77c104eee92cfbbc0d84980e60899295dadeac. Jim Pingle
02:16 PM Bug #9508 (Resolved): Potential XSS in services_acb.php via download parameter
Attempt to load /services_acb.php?download=%22%3E%3Cscript%3Ealert(1)%3C/script%3E and the client displays a JS alert... Jim Pingle

05/08/2019

08:44 PM Revision 5b5bb248: Encode descr in the WOL widget. Fixes #9507
(cherry picked from commit 5789a02eab9b2ebbcb1f28d1d037b408b436a853) Jim Pingle
08:44 PM Revision 5789a02e: Encode descr in the WOL widget. Fixes #9507
Jim Pingle
03:50 PM Bug #9507 (Feedback): Potential XSS in WOL widget (widgets/widgets/wage_on_lan_widget.php) via WOL entry description
Applied in changeset commit:5789a02eab9b2ebbcb1f28d1d037b408b436a853. Jim Pingle
03:44 PM Bug #9507 (Resolved): Potential XSS in WOL widget (widgets/widgets/wage_on_lan_widget.php) via WOL entry description
The WOL widget, widgets/widgets/wage_on_lan_widget.php, does not encode the description before display, so user-enter... Jim Pingle
09:06 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries
As a workaround I have installed the Cron package with the following additional entries:... Gavin Stewart
05:07 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries
I see this behavior on 2.4.4_p2, on 2.4.5-dev and on 2.5.0-dev.
As workaround we can:
- in console run 'pkill filte... Azamat Khakimyanov
08:41 AM pfSense Packages Bug #9502: ACME's XMLRPC restart of remote webgui sometimes retains old certificates
I am not sure it would be related to what you saw, but you might give the newest version of the ACME package a try (0... Jim Pingle
08:40 AM pfSense Packages Bug #9492 (Resolved): Cannot reload remote haproxy via ACME package
Great! Jim Pingle
08:39 AM pfSense Packages Bug #9492: Cannot reload remote haproxy via ACME package
Works. Thx! Florian Apolloner
08:00 AM pfSense Packages Bug #9492: Cannot reload remote haproxy via ACME package
I pushed another change just now that might help. Not sure it will, but it's worth a try.
 Jim Pingle
07:57 AM pfSense Packages Bug #9492: Cannot reload remote haproxy via ACME package
Hi Jim. Yes Haproxy did restart. While I agree that the sync error should be from something else it still seems to be... Florian Apolloner
07:58 AM pfSense Packages Feature #9498: ACME Package: Sorting on name, expiration, etc
Pushed a new fix just now, try the next version when it shows up. Jim Pingle
01:09 AM pfSense Packages Feature #9498: ACME Package: Sorting on name, expiration, etc
Hi!
Great job, but sorting date does not work OK.
 Greg M

05/07/2019

10:03 AM pfSense Packages Bug #9492: Cannot reload remote haproxy via ACME package
There is no error in that output related to the service restart. The error at the top is from config sync, which isn'... Jim Pingle
02:24 AM pfSense Packages Bug #9492: Cannot reload remote haproxy via ACME package
I just installed, 0.5.7 but it still throws an error (Interestingly only on the firewall running ACME). Can I get mor... Florian Apolloner
07:53 AM pfSense Packages Bug #9502 (Not a Bug): ACME's XMLRPC restart of remote webgui sometimes retains old certificates
That isn't possible as the code that does the sync comes before the reload, and the sync process blocks. I haven't se... Jim Pingle
07:49 AM Bug #9503 (Not a Bug): Granting "WebCfg - OpenVPN: Clients" privilege does not display the "VPN" > "OpenVPN" > "Clients" menu in the menu bar
That isn't how privileges and menu entries work. The menu has no means by which it can know about access to other tab... Jim Pingle
02:34 AM Bug #9503 (Not a Bug): Granting "WebCfg - OpenVPN: Clients" privilege does not display the "VPN" > "OpenVPN" > "Clients" menu in the menu bar
Hi,
I granted a user the "WebCfg - OpenVPN: Clients" privilege.
He can access the settings typing directly /vpn... Antoine Brodin
07:46 AM Feature #9504: Include hostname being updated in Dynamic DNS notifications
OK sorry, didn't intend to be rude. robi robi
07:45 AM Feature #9504: Include hostname being updated in Dynamic DNS notifications
I was agreeing with you, the attitude is unnecessary. Jim Pingle
07:43 AM Feature #9504: Include hostname being updated in Dynamic DNS notifications
Perhaps???
On WAN1 we have 7 different hostnames, on WAN2 we have 3 different hostnames. Sometimes we need to chan... robi robi
07:33 AM Feature #9504: Include hostname being updated in Dynamic DNS notifications
The text could be a little more descriptive, perhaps.
The messages are already grouped. If multiple messages fire ... Jim Pingle
07:17 AM Feature #9504 (Resolved): Include hostname being updated in Dynamic DNS notifications
We have multiple Dynamic DNSes set up for multiple interfaces. Several WANs, each with several Dynamic DNS entries. W... robi robi
07:45 AM Bug #9505: Multiple Dynamic DNS update notifications for the same interface, with the same text
10 seconds? Aaaahhh....
OK robi robi
07:41 AM Bug #9505: Multiple Dynamic DNS update notifications for the same interface, with the same text
It works fine, I get multiple grouped messages every day for various things when testing. The window is 10s. If you w... Jim Pingle
07:40 AM Bug #9505: Multiple Dynamic DNS update notifications for the same interface, with the same text
Unfortunately grouping doesn't work correctly then. All events happen withing 20 seconds or so, and we get separate m... robi robi
07:35 AM Bug #9505: Multiple Dynamic DNS update notifications for the same interface, with the same text
See my comments on the other message, then. There is already code to handle that. Either this is a duplicate or it's ... Jim Pingle
07:31 AM Bug #9505: Multiple Dynamic DNS update notifications for the same interface, with the same text
I wouldn't say this is a duplicate, because this bug is about sending too many messages after each other about (almos... robi robi
07:25 AM Bug #9505 (Duplicate): Multiple Dynamic DNS update notifications for the same interface, with the same text
Duplicate of #9504 Jim Pingle
07:19 AM Bug #9505 (Duplicate): Multiple Dynamic DNS update notifications for the same interface, with the same text
We have multiple Dynamic DNSes set up for the same interface. Whenever an update happens, we get as many e-mails as m... robi robi
07:27 AM Bug #9506 (Duplicate): Dynamic DNS update notification sent even if IP address didn't change
pfSense sends Dynamic DNS update notifications even in the cases when IP address doesn't change.
For some reason, th... robi robi

05/06/2019

09:54 PM pfSense Packages Bug #9502 (Not a Bug): ACME's XMLRPC restart of remote webgui sometimes retains old certificates
I have two hosts using HA syncing to push the certificate store from host1 (primary) to host2 (backup). ACME renewal ... Mike Barnes
01:02 PM pfSense Packages Bug #9492 (Feedback): Cannot reload remote haproxy via ACME package
Give 0.5.7 a try when it shows up shortly. It should work. Jim Pingle
02:27 AM pfSense Packages Bug #9492: Cannot reload remote haproxy via ACME package
OK, thanks, I was highly optimistic about having found a probable cause for a minute there, but I guess I get to go b... Mike Barnes
02:00 AM pfSense Packages Bug #9492: Cannot reload remote haproxy via ACME package
I does not affect the webgui because it uses another xmlrpc call. It affects every normal service though. I could als... Florian Apolloner
01:02 PM pfSense Packages Feature #9498 (Feedback): ACME Package: Sorting on name, expiration, etc
ACME pkg 0.5.7 now has search and sorting. Jim Pingle
10:31 AM Todo #9501: turn off form autocompletion on OpenVPN client config page (maybe the whole web interface)
Not effectively, because they also key off the form field labels, and then it becomes a never-ending whack-a-mole of ... Jim Pingle
10:18 AM Todo #9501: turn off form autocompletion on OpenVPN client config page (maybe the whole web interface)
Sorry, should have done my homework first.
https://stackoverflow.com/questions/15738259/disabling-chrome-autofill
... Corey Boyle
09:29 AM Todo #9501 (Not a Bug): turn off form autocompletion on OpenVPN client config page (maybe the whole web interface)
Browsers no longer respect autocomplete settings in HTML. We can set the tags, but browsers and password manager plug... Jim Pingle
08:48 AM Todo #9501 (Not a Bug): turn off form autocompletion on OpenVPN client config page (maybe the whole web interface)
Some of the fields (usually the proxy info) will get autofilled by the browser with random data.
 Corey Boyle

05/05/2019

08:15 PM pfSense Packages Bug #9492: Cannot reload remote haproxy via ACME package
Would this affect more than just haproxy? This fits a failure to restart the webui on a remote system that occurred f... Mike Barnes

05/04/2019

08:51 AM pfSense Packages Bug #9500 (New): HAproxy does not delete non-applicable action config
The steps to reproduce this are:
# Create a HAproxy frontend
# Create an action and populate its options
# Expor... Greg Toombs

05/03/2019

07:25 PM Revision 41c9fac8: Encode output in status_filter_reload.php. Fixes #9499
(cherry picked from commit 1af9400d594cd183d011f22fa9b3a7630570a250) Jim Pingle
07:24 PM Revision 1af9400d: Encode output in status_filter_reload.php. Fixes #9499
Jim Pingle
02:30 PM Bug #9499 (Feedback): Potential XSS in status_filter_reload.php via NAT rule description
Applied in changeset commit:1af9400d594cd183d011f22fa9b3a7630570a250. Jim Pingle
02:24 PM Bug #9499 (Resolved): Potential XSS in status_filter_reload.php via NAT rule description
status_filter_reload.php does not encode the output before display, so user-entered free-form text such as rule descr... Jim Pingle
01:29 PM Revision 42d32909: Init array before use
Jim Pingle
01:29 PM Revision 89c1390a: Init array before use
(cherry picked from commit a8a0b1321d2a477772aac4d0034d819b61f2c9bf) Jim Pingle
01:20 PM pfSense Packages Bug #9355: Telegraf Package - https for InfluxDB Server
https is working for me: https://maxammann.org/posts/2019/05/pfsense-telegraf-letsencrypt/ Max Ammann
01:54 AM pfSense Packages Bug #9211: GeoIP broken in pfSense-pkg-ntopng-0.8.13_3
Mark Vejvoda wrote:
> I got this working on my SG-3100 by copying files from:
>
> https://centminmod.com/centminm... Tj Ng

05/02/2019

09:50 PM pfSense Packages Bug #9211: GeoIP broken in pfSense-pkg-ntopng-0.8.13_3
I got this working on my SG-3100 by copying files from:
https://centminmod.com/centminmodparts/geoip-legacy/
to... Mark Vejvoda
05:52 PM pfSense Packages Feature #9498: ACME Package: Sorting on name, expiration, etc
The ACME package has been working flawless for me now, for well over a year, I've migrated all of my ACME certs to it... Dan Thunder
05:44 PM pfSense Packages Feature #9498 (Resolved): ACME Package: Sorting on name, expiration, etc

The ACME package has been working flawless for me now, for well over a year, I've migrated all of my ACME certs t... Dan Thunder

05/01/2019

02:58 PM pfSense Packages Bug #9492 (Assigned): Cannot reload remote haproxy via ACME package
Yeah, you're right. I didn't have a setup to test that handy, but it would have to come earlier. I'll come up with a ... Jim Pingle
02:51 PM pfSense Packages Bug #9492: Cannot reload remote haproxy via ACME package
Jim Pingle wrote:
> Fixed in ACME pkg v0.5.6
I just tried this and it still throws an error, to the best of my un... Florian Apolloner
10:52 AM pfSense Packages Bug #9492 (Feedback): Cannot reload remote haproxy via ACME package
Fixed in ACME pkg v0.5.6 Jim Pingle
10:54 AM pfSense Packages Bug #9368 (Resolved): ACME certificates cannot have more than ~35 SAN entries due to input variable limits
Jim Pingle
10:54 AM pfSense Packages Feature #8613 (Resolved): pfSense-pkg-acme: acme_certificates_edit.php - Add support for --challenge-alias acme.sh flag
Jim Pingle
10:54 AM pfSense Packages Feature #8490 (Resolved): pfSense-pkg-acme: acme_certificates_edit.php - Add ability to specify (vs generate) private key
Jim Pingle
10:53 AM pfSense Packages Feature #8211 (Resolved): ACME cron job <- log activity
Jim Pingle
10:52 AM pfSense Packages Bug #9340 (Feedback): Buypass CA does not support wildcard
Fixed in ACME pkg v0.5.6 Jim Pingle
10:14 AM pfSense Packages Bug #9495: AWS VPC VPN wizard produces incorrect config (SHA256 should be SHA1)
So far I have been unable to replicate this.
Tested with a 7100 and 1100 against us-west-2 and us-east-2 using AWS W... Steve Wheeler
10:06 AM pfSense Packages Bug #9497: AWS VPN Wizard: WebGUI times out.
When you apply the settings at step 3 the GUI times out. If you check AWS suring that time the Virtual Private Gatewa... Steve Wheeler

04/30/2019

01:42 PM pfSense Packages Bug #9497 (New): AWS VPN Wizard: WebGUI times out.
When creating a new VPN using the AWS VPN Wizard the webgui times out at step 3 going to step 4 and also at step 4 go... Steve Wheeler
11:03 AM Feature #9496 (Duplicate): Include the athp(4) driver.
It would be great to get the athp driver into a 2.5 snapshot for testing. Even if it's not loaded by default.
https:... Steve Wheeler
09:53 AM pfSense Packages Bug #9495: AWS VPC VPN wizard produces incorrect config (SHA256 should be SHA1)
Sorry, forgot to add: in looking over the download configuration from AWS, I noticed that it also recommends the Phas... Frank Hecker
09:24 AM pfSense Packages Bug #9495 (New): AWS VPC VPN wizard produces incorrect config (SHA256 should be SHA1)
I was trying to create a site-to-site VPN to my AWS default VPC in the us-west-2 region using the AWS VPC VPN Wizard ... Frank Hecker
07:05 AM Bug #9460 (Resolved): OpenVPN local auth failing due to fcgicli output
Jim Pingle

04/29/2019

10:19 PM Bug #9460: OpenVPN local auth failing due to fcgicli output
OpenVPN auth both local and radius are now functioning for me Jake K
02:00 PM pfSense Docs Correction #9494 (Resolved): Feedback on VPN — IPsec — NAT with IPsec Phase 2 Networks
*Page:* https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/phase-2-nat.html
*Feedback:*
https://docs.netgate.co... Wayne Johnson
11:41 AM Feature #9493 (Closed): XMLRPC Sync to ECMP clusters
That is not what the XMLRPC sync features was designed to do, or to be. It is only intended to be used for two nodes ... Jim Pingle
11:33 AM Feature #9493 (Closed): XMLRPC Sync to ECMP clusters
We scale PFSense by running ECMP though BGP and taking advantage of pfsync to keep up to six firewalls active simulta... Eric Houston
08:20 AM Bug #9491: Can't create vlans or change interfaces when logged in as AD-User via LLDP
Jim Pingle wrote:
> Almost certainly a problem with your configuration, such as accidentally selecting "Deny Config ... David Teslow
07:54 AM Bug #9491 (Not a Bug): Can't create vlans or change interfaces when logged in as AD-User via LLDP
Almost certainly a problem with your configuration, such as accidentally selecting "Deny Config Write" on the group f... Jim Pingle
06:23 AM Bug #9491: Can't create vlans or change interfaces when logged in as AD-User via LLDP
Sorry i ment LDAP in the subjects field not LLDP. David Teslow
04:59 AM Bug #9491 (Not a Bug): Can't create vlans or change interfaces when logged in as AD-User via LLDP
Hello pfSense Team,
as described in the subject that pretty much the problem that i noticed.
Create a vlan and pr... David Teslow
07:53 AM Feature #8602 (Resolved): DNS over TLS host verification
Jim Pingle
07:53 AM Bug #9446 (Resolved): Filter reload error with NAT reflection enabled
Jim Pingle
07:52 AM Bug #9470 (Resolved): unbound remotecontrol.conf not rewritten when the file is empty
Jim Pingle
07:52 AM Feature #9412 (Resolved): Add sorting and search/filtering to CA/Certificates
Jim Pingle
06:33 AM Bug #9488: No console when booting CE Memstick UEFI.
The ISO image behaves exactly the same. There is no output after root is mounted other than the interface state chang... Steve Wheeler
06:04 AM Bug #9488: No console when booting CE Memstick UEFI.
ISO image is hybrid and can be used to boot using a flash drive. Can you try it to see if the results are the same? Renato Botelho
05:20 AM pfSense Packages Bug #9492: Cannot reload remote haproxy via ACME package
If I replace:... Florian Apolloner
05:14 AM pfSense Packages Bug #9492 (Resolved): Cannot reload remote haproxy via ACME package
The acme instance cannot restart a remote haproxy service. I looked at the code and found this snippet: https://githu... Florian Apolloner

04/28/2019

11:49 PM Feature #8602: DNS over TLS host verification
Similar results here. Mismatched FQDN for the server results in a certificate verify error for unbound:
Apr 29 04:48... Chris Linstruth
11:37 PM Bug #9446: Filter reload error with NAT reflection enabled
Getting parens on that interface. No rule loading errors:
eg. no nat on vtnet0 proto tcp from (vtnet0) to 172.25.236... Chris Linstruth
11:30 PM Bug #9470: unbound remotecontrol.conf not rewritten when the file is empty
Looks good here. cp /dev/null /var/etc/unbound.conf then a save of the unbound configuration populated the file. Chris Linstruth
11:25 PM Feature #9412: Add sorting and search/filtering to CA/Certificates
This looks great to me. Searching and column sorting work. Chris Linstruth
10:13 PM Bug #9490 (Not a Bug): PFSense fails to mount drives under KVM/QEMU
Nothing for pfSense to do there. That's all between FreeBSD and your hypervisor. Maybe choosing a different partition... Jim Pingle
09:29 PM Bug #9490 (Not a Bug): PFSense fails to mount drives under KVM/QEMU
I'm not sure if this is relevant to the pfsense code itself, but caught me this afternoon so will pass along for refe... B C
09:53 PM pfSense Packages Bug #9211: GeoIP broken in pfSense-pkg-ntopng-0.8.13_3
Looks like it :(. Anybody knows how to do a quick workaround and install 3.8 manually? or can I download the old vers... Tj Ng
07:30 PM Bug #9489 (Not a Bug): pfsense with ha closing sessions when apply any rule, xmlrpc erros are shown
You have a configuration error, probably a down gateway triggering state killing. Keep the discussion on the forum. Jim Pingle
07:05 PM Bug #9489 (Not a Bug): pfsense with ha closing sessions when apply any rule, xmlrpc erros are shown
Cloned from:
https://forum.netgate.com/topic/131916/pfsense-with-ha-closing-sessions-when-apply-any-rule
On XG-71... Daniele Palumbo
05:32 PM Bug #8235: The browser must support cookies to login
I'm getting affected by this as well, under similar circumstances.
Jim Pingle wrote:
> Does the same thing happen... Greg Toombs
07:50 AM Bug #9488 (Resolved): No console when booting CE Memstick UEFI.
Testing 2.5 snapshots. When booting the VGA Memstick image as UEFI there is no usable console presented.
This appl... Steve Wheeler

04/27/2019

12:33 PM Bug #8987: Web GUI main page very slow to load if wan interface is enabled but not connected.
I currently have a DNS server configured in "System->General Setup" and have the DNS Resolver enabled so I can do loo... Rafael Possamai

04/26/2019

06:18 PM Revision b8d74978: Fix #9451: Enable build of zabbix 4.2
Renato Botelho
06:17 PM Revision 30335336: Fix #9451: Enable build of zabbix 4.2
Renato Botelho
05:43 PM Revision 1b5941eb: Remove zabbix 3.2 and 3.4 options
Renato Botelho
05:42 PM Revision f5adb939: Add Zabbix 4.2 config options
(cherry picked from commit 169754517a586b259677025e551b8e972de310e5) Danilo Baio
05:42 PM Revision 92e209a4: Merge pull request #4065 from dbaio/zabbix42
Renato Botelho
01:59 PM pfSense Packages Bug #9487: FRR package sending dual Hello packets on carp (OSPF)
v 2.4.4 FRR 0.2_8 Andres Noriega
01:59 PM pfSense Packages Bug #9487 (Rejected): FRR package sending dual Hello packets on carp (OSPF)
There is not enough information here to identify anything with certainty. Nothing about the versions, your config, et... Jim Pingle
01:56 PM pfSense Packages Bug #9487 (Rejected): FRR package sending dual Hello packets on carp (OSPF)
I have detected FRR package on an OSPF implementation sending hello packets related to the protocol, with 2 ips
car... Andres Noriega
01:31 PM Revision 16975451: Add Zabbix 4.2 config options
Danilo Baio
01:25 PM pfSense Packages Bug #9451 (Feedback): Add Zabbix 4.2 (agent and proxy) packages
Applied in changeset pfsense:commit:30335336358db3bcdc0ede634a4f81b7f3273c7b. Renato Botelho
12:47 PM pfSense Packages Bug #9451: Add Zabbix 4.2 (agent and proxy) packages
PR adding make.conf items was merged and original commit adding 4.2 to ports tree cherry-picked Renato Botelho
01:08 AM pfSense Packages Bug #9451: Add Zabbix 4.2 (agent and proxy) packages
4.2 seems to be available in FreeBSD Ports now. https://www.freebsd.org/cgi/ports.cgi?query=zabbix&stype=all Sebastian Werner
01:16 PM pfSense Packages Bug #9486 (New): ifindex values used for softflowd are incorrect
With this patch, we now pass ifIndex values to softflowd for inclusion in the flow packets:
https://github.com/pfs... Jesse White
08:52 AM Bug #9485 (New): password match error on system_usermanager causes Group membership to be reset.
I went to set the pre-shared key on my own account. In the process, a browser form filler entered my password on the... Wayne Johnson
07:24 AM Bug #9431 (Resolved): Upgrading to 2.5.0 with devel/aws-sdk-php installed fails
Jim Pingle
05:59 AM Bug #9431: Upgrading to 2.5.0 with devel/aws-sdk-php installed fails
It is :)
Thanks! Greg M

04/25/2019

01:21 PM Bug #9484 (Closed): With proper timing on boot dhclient won't be started for WAN without manual intervention
My setup
* Pfsense WAN (igb0) connected directly to ISP modem (configured as bridge)
* Pfesnse LAN (igb1 - with a f... Tomasz K.
07:29 AM Bug #9479 (Duplicate): Alias table not updated when adding new entry
Jim Pingle
02:18 AM Bug #9479: Alias table not updated when adding new entry
Removed FQDN's - it didn't happen. Looks 9296 related. Vladimir Lind

04/24/2019

11:59 AM Feature #9104: Add a FAT32 partition to memstick installer images
Just tried this rescuing a 2.4.4-p2 config.xml
System installed correctly, and config was restored, but packages t... James Tandy
12:29 AM Revision 6a4635fc: Unbound python mod - services.inc
* Include any additional functions as defined by python script include file
* Add missing escapeshellarg()'s
* Make g... BBcan177 .

04/23/2019

04:43 PM pfSense Packages Feature #9238: Add support for Zerotier
I don't think my code would be of much use, I was just trying to get the package to work with the latest pfS version.... Corey Boyle
04:12 PM pfSense Packages Feature #9238: Add support for Zerotier
Seconding this request!
It seems Corey has and ChanceM have already done most of the heavy lifting:
Ref: https... Christian McDonald
10:29 AM Bug #9431 (Feedback): Upgrading to 2.5.0 with devel/aws-sdk-php installed fails
It should be fixed in pfSense-upgrade 0.67 Renato Botelho
07:48 AM Bug #9431: Upgrading to 2.5.0 with devel/aws-sdk-php installed fails
Greg M wrote:
> Great!
>
> Are you able to replicate?
>
> If not what else can we provide to help troubleshoot... Renato Botelho
07:29 AM Bug #9431: Upgrading to 2.5.0 with devel/aws-sdk-php installed fails
Great!
Are you able to replicate?
If not what else can we provide to help troubleshoot it? Greg M

04/22/2019

06:49 PM Revision 40a8898b: Stop building zabbix 3.2 and 3.4 since they will be deprecated from FreeBSD ports tree in few days
Renato Botelho
02:41 PM Bug #9431 (In Progress): Upgrading to 2.5.0 with devel/aws-sdk-php installed fails
I'll work on it Renato Botelho
02:00 PM Bug #9483 (Resolved): UFS filesystem is not being mounted noatime.
On a clean CE install using the default options the / filesystem is not mounted noatime.
This is leading to increa... Steve Wheeler
01:54 PM pfSense Packages Todo #9482 (Resolved): Remove zabbix 3.2 and 3.4 from pfSense
Zabbix ports versions 3.2.x and 3.4.x will be removed from FreeBSD ports tree in Apr 2019. Remove them from pfSense Renato Botelho

04/21/2019

09:27 AM pfSense Packages Bug #9451: Add Zabbix 4.2 (agent and proxy) packages
We don't use precompiled binaries from other sites. It has to be in FreeBSD ports. Jim Pingle
08:48 AM pfSense Packages Todo #9200: Add DNS support for Google domain to Acme manager
I would also like to see Google Domains added into the list of supported validation methods. Don McLean

04/20/2019

11:51 PM pfSense Packages Bug #9451: Add Zabbix 4.2 (agent and proxy) packages
there is a freebsd package on official site https://www.zabbix.com/download_agents rub man

04/18/2019

08:17 PM Revision 80e50918: Update status.php to use ping-auth for pubkey
Jim Pingle
08:01 AM Bug #9431: Upgrading to 2.5.0 with devel/aws-sdk-php installed fails
Hi!
I have:
a) Removed all packages via GUI and upgraded, same error
b) Used command "pkg delete pfSense-pkg-... Greg M
07:10 AM Bug #9248: Dynamic dns updates on azure ipv6 service is not working properly
PR: https://github.com/pfsense/pfsense/pull/4064 Jim Pingle
03:09 AM Revision 1ca156ea: Fix AzureV6 DynDNS client
`AAAARecords` in the Azure DNS API is case sensitive
Documentation: https://docs.microsoft.com/en-us/rest/api/dns/re... Tyler Szabo

04/17/2019

03:24 PM pfSense Packages Bug #9481 (Closed): traffic totals documentation link goes to 404 page
The question mark on the top right corner goes
Page not found: https://www.netgate.com/docs/pfsense/index.php/Traf... Brendon Baumgartner
01:54 PM Bug #9459: patch pf: silence a runtime warning pfr_update_stats: assertion failed.
Update: I was able to stop the warnings by disabling nat reflection.
Possible bug?
!https://forum.netgate.com/a... rub man
08:26 AM pfSense Packages Bug #9211: GeoIP broken in pfSense-pkg-ntopng-0.8.13_3
It seems clear no one at Netgate is reading this ticket. :-( B D
07:29 AM Bug #9479: Alias table not updated when adding new entry
Try to replicate without the FQDNs. If the issue doesn't happen, then this can be closed in favor of the earlier ticket. Jim Pingle
07:22 AM Bug #9479: Alias table not updated when adding new entry
Yes, it does contain a couple of FQDNs in both cases. Vladimir Lind
07:18 AM Bug #9479: Alias table not updated when adding new entry
Does the alias contain any FQDNs? Or only IP addresses and subnets? If it contains FQDNs, this may be a duplicate of ... Jim Pingle
01:55 AM Bug #9479 (Duplicate): Alias table not updated when adding new entry
On 2.4.4-p2 CE and arm - tested on MBT2220 and SG3100:
I can't replicate it every time - I would say the majority ... Vladimir Lind
06:44 AM Bug #9480 (Not a Bug): sylogd crash with misconfigured static arp entries
That's not a syslogd problem, just a symptom of your misconfiguration. It can't send the packet out due to your broke... Jim Pingle
06:32 AM Bug #9480 (Not a Bug): sylogd crash with misconfigured static arp entries
Hi,
h2. My setup
* 2 pfSense boxes running in HA setup
* Remote logging enabled
* DHCP servers with failover ... Boris Lechner

04/16/2019

10:43 AM Bug #9478 (Resolved): Unable to check for updates from the GUI when using a proxy with authentication
When pfSense is set to use an upstream proxy with authentication, the update check fails to run from the GUI. It work... Jim Pingle

04/15/2019

05:20 PM Bug #9477 (Not a Bug): 2.4.4-RELEASE-p2 + XG-1537 SFP+ port issue - critical
This seems more like a configuration issue, such as not having a high enough mbuf allocation setup.
Please post to... Jim Pingle
04:18 PM Bug #9477 (Not a Bug): 2.4.4-RELEASE-p2 + XG-1537 SFP+ port issue - critical
If something is installed in the SFP+ Ports on the XG-1537 then the interfaces ix0 and ix1 will not come up during bo... Kristian Junkov
03:12 PM Revision a0930ca6: Fix another typo
Jim Pingle
02:59 PM Revision 2309b26a: status.php updates
* Ensure firewall info is generated when run from the CLI
* For SG-1100, also include its public key Jim Pingle
01:53 PM Revision b0945941: Fix a typo.
Reported by: jimt Luiz Souza
12:05 PM Revision 929cc874: Fix typo
Jim Pingle
11:56 AM pfSense Packages Bug #9473 (Resolved): Lightsquid 1.8_5 doesn't ensure line breaks between cert and key when generating cert.pem file
Fixed in lightsquid pkg version 3.0.6_6. Jim Pingle
10:44 AM pfSense Packages Feature #6226: Add usb_modeswitch to the pfSense package repo
Docs have been updated. Jim Pingle
08:08 AM pfSense Packages Feature #6226: Add usb_modeswitch to the pfSense package repo
Jim Pingle wrote:
> usb_modeswitch has been available from the pfSense (not FreeBSD) repo for months now, including ... Savas Yucedag
07:23 AM pfSense Packages Feature #6226 (Closed): Add usb_modeswitch to the pfSense package repo
usb_modeswitch has been available from the pfSense (not FreeBSD) repo for months now, including in the latest release... Jim Pingle
04:27 AM pfSense Packages Feature #6226: Add usb_modeswitch to the pfSense package repo
khaled osama wrote:
> update for pfsense 2.4.4
>
> run the following command to support pfsense 2.4.4
>
> pkg ... Savas Yucedag
09:32 AM pfSense Packages Bug #9475 (Duplicate): Monitoring "add view" bug
Duplicate of #9352 Jim Pingle
09:05 AM pfSense Packages Bug #9475 (Duplicate): Monitoring "add view" bug
1. Open Status/Monitoring
2. Expand Settings
3. Click Display Advanced
4. Click Add View and then Cancel (or Esc)
... Alex Kolesnik
09:12 AM Bug #9476 (Rejected): pfSense 2.4.x sending ARP replies with non-CARP source MAC address

pfSense 2.4.x will send ARP replies for CARP interfaces with the local system's "real" source MAC address, instead ... Michael Reygers
07:57 AM Bug #9474 (Not a Bug): no default gateway after changing the wan interface ipv4 configuration type from dhcp to fixed ip
what started the problem
- ISP unexpectedly changed it's router configuration from dhcp to static ip but all IP ar... david stievenard

04/14/2019

02:15 PM Bug #8987: Web GUI main page very slow to load if wan interface is enabled but not connected.
With WAN down and that being the only default route, this should result in an "No route to host" error, and no connec... Anonymous
02:08 AM Bug #8987: Web GUI main page very slow to load if wan interface is enabled but not connected.
Well I think it's only because ews.netgate.com is down. I've override the host to localhost and this solves the probl... Car F

04/13/2019

10:38 PM pfSense Packages Bug #9473 (Resolved): Lightsquid 1.8_5 doesn't ensure line breaks between cert and key when generating cert.pem file
similar to stunnel Bug #9118
If user imported key doesn't contain a trailing line break, the cert.pem will not con... Marc Skarshinski

04/12/2019

05:18 PM Bug #9472 (Resolved): Unable to select QinQ interfaces for PPP interface
After a QinQ interface has been created eg. vmx0.13.2 , this interface isn't available in the drop-down menu when sel... Tony Jago
03:23 PM Bug #8987: Web GUI main page very slow to load if wan interface is enabled but not connected.
Hello Gentlemen,
Been sandbagging this thread as I've ran into this issue several times and I think I have an easy... Anonymous
02:31 PM Bug #8987: Web GUI main page very slow to load if wan interface is enabled but not connected.
https://ews.netgate.com/copyright is down right now (504 Gateway Timeout): all attempts at loading the dashboard are ... Mr Reed
01:09 PM Bug #8987: Web GUI main page very slow to load if wan interface is enabled but not connected.
Speaking from some recent experience:
This behavior interferes with troubleshooting if the root cause is a WAN fai... John Burwell
12:32 PM Bug #8987: Web GUI main page very slow to load if wan interface is enabled but not connected.
Since 3 hours I'm having the exact same issue! Car F
02:52 PM Bug #9471 (Resolved): GIF tunnel not added to interface group after reboot
Hello!
I have a GIF tunnel (gif0, opt4, TUN_6IN4_HE) configured as part of an interface group (PFORWARD_WAN). It g... Foster Snowhill
 

Also available in: Atom