Activity

30 days up to

User

Subprojects

Activity

From 04/15/2019 to 05/14/2019

05/14/2019

11:09 PM pfSense Packages Bug #9424: arpwatch package logs CARP MAC address changes: Just a note that upstream arpwatch from FreeBSD was updated.
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=235... Art Manion
11:08 PM Todo #9417: Convert LDAP TLS setup from environment to LDAP_OPT_X_TLS_* set options: 2.4.4-p3
This all seems to work. It also seems much more consistent as posited in the description. I did a lot of ... Chris Linstruth
01:44 PM pfSense Packages Bug #9524: HAProxy-Backend blocks routed vlan traffic: Its likely because of transparent-client-ip feature enabled in the backend of haproxy, combined with the 'bug' / miss... Pi Ba
10:26 AM pfSense Packages Bug #9524 (Not a Bug): HAProxy-Backend blocks routed vlan traffic: This is almost certainly a configuration issue, and this site is not for support or diagnostic discussion.
For ass... Jim Pingle
09:56 AM pfSense Packages Bug #9524 (Not a Bug): HAProxy-Backend blocks routed vlan traffic: Hi everybody,
we have a weird haproxy-backend problem. HAProxy-backends seems to block routet traffic between two co... Jonas Bechtel
12:12 PM Bug #9317 (Resolved): Warning/crash when adding a new user and choosing to generate a certificate: Jim Pingle
12:11 PM Bug #9317 (Rejected): Warning/crash when adding a new user and choosing to generate a certificate: Jim Pingle
11:42 AM Bug #9317: Warning/crash when adding a new user and choosing to generate a certificate: Tried on 2.4.4-p3. I do not observe the issue. User and its cert were created without errors and warnings. I tried to... Constantine Kormashev
10:32 AM Bug #9409 (Resolved): Crash dumps cannot be saved when RAM disks are enabled for /var: Jim Pingle
10:30 AM Bug #9409: Crash dumps cannot be saved when RAM disks are enabled for /var: Tried on 2.4.4-p3. Set RAM Disk Size to 100 (enable swap) and perform sysctl debug.kdb.panic=1, /var/crash contains d... Constantine Kormashev
10:28 AM Bug #9264 (Resolved): Disabling "IPv6 over IPv4 Tunneling" breaks config: Jim Pingle
08:04 AM Bug #9264: Disabling "IPv6 over IPv4 Tunneling" breaks config: Tried on 2.4.4-p3. I do not observe the issue.
0. set IPv6 on LAN
1. enable "IPv6 over IPv4 Tunneling" and set an... Constantine Kormashev
09:40 AM Bug #4584: Static Mapped clients on one LAN get a DHCP IP from another LAN even when Deny unknown clients is checked on the other LAN: Bringing this up again to see if anyone will fix. Daniel Koh
07:14 AM Bug #9193 (Resolved): firewall_nat.php: PHP error deleting an imported NAT rule with no firewall rules present: Jim Pingle
05:01 AM Bug #9193: firewall_nat.php: PHP error deleting an imported NAT rule with no firewall rules present: Tried on 2.4.4-p3, I do not observe the issue. I could upload config with empty firewall rule list <filter></filter>,... Constantine Kormashev
07:14 AM Bug #9316 (Resolved): diag_backup.php: Parse error: syntax error, unexpected ';' in /usr/local/www/diag_backup.php on line 333: Jim Pingle
12:12 AM Bug #9316: diag_backup.php: Parse error: syntax error, unexpected ';' in /usr/local/www/diag_backup.php on line 333: 2.3.3-p3 looks good:
Verified configuration can be backed up and restored and also verified the missing close-pare... Chris Linstruth
07:14 AM Bug #9283 (Resolved): Not obvious that HA sync will still sync certs if cert sync disabled but OpenVPN sync enabled: Jim Pingle
07:14 AM Bug #9275 (Resolved): ip tools link not working: Jim Pingle
07:14 AM Bug #9276 (Resolved): DNS troubleshooting tool incorrectly reporting "ai." as an invalid hostname: Jim Pingle
07:13 AM Bug #9446 (Resolved): Filter reload error with NAT reflection enabled: Jim Pingle
07:13 AM Feature #9290 (Resolved): Need a way to suppress status output display in /status.php: Jim Pingle
07:13 AM Bug #9470 (Resolved): unbound remotecontrol.conf not rewritten when the file is empty: Jim Pingle
07:13 AM Bug #9231 (Resolved): firewall_aliases_edit.php: pf keyword matching is not catching some problem cases: Jim Pingle
07:12 AM Bug #9239 (Resolved): WebGUI: Diagnostics > Packet Capture will try to display any size of pcap file.: Jim Pingle
07:12 AM Feature #8602 (Resolved): DNS over TLS host verification: Jim Pingle
06:24 AM Bug #9004 (Resolved): Default gateway IPv4 set to a group fails after restart on 2.4.4: Renato Botelho
04:26 AM Bug #9004: Default gateway IPv4 set to a group fails after restart on 2.4.4: 2.4.4-p3 does not observe the issue.
WAN_Failover GW Group with 2 links: WAN Tier1 and WAN2 Tier2, set as default GW... Constantine Kormashev
06:23 AM Bug #9308 (Resolved): Missing countries from list used on certificate pages: Renato Botelho
12:02 AM Bug #9308: Missing countries from list used on certificate pages: 2.4.4-p3 looks good:
Country list populated and /etc/ca_countries removed. Chris Linstruth

05/13/2019

11:57 PM Bug #9283: Not obvious that HA sync will still sync certs if cert sync disabled but OpenVPN sync enabled: 2.4.4-p3 looks good:
NAT configuration
IPsec configuration
OpenVPN configuration (Implies CA/Cert/CRL Sync)
DHC... Chris Linstruth
11:53 PM Bug #9275: ip tools link not working: 2.4.4-p3
Links not present in *Diagnostics > DNS Lookup* nor *Diagnostics > Traceroute* results. Chris Linstruth
11:47 PM Bug #9276: DNS troubleshooting tool incorrectly reporting "ai." as an invalid hostname: 2.4.4-p3
*Diagnostics > DNS Lookup* accepts _ai._ as a hostname and returns valid results. Ran a couple other quer... Chris Linstruth
11:44 PM Bug #9446: Filter reload error with NAT reflection enabled: 2.4.4-p3 looks good:
# Reflection redirects and NAT for 1:1 mappings
rdr on { vtnet0 vtnet2 enc0 openvpn } from a... Chris Linstruth
10:18 PM Feature #9290: Need a way to suppress status output display in /status.php: 2.4.4-p3:
Tested normal, archiveonly, nocleanup and from the shell. All looked good. Thank you so much for this. Chris Linstruth
10:12 PM Bug #9470: unbound remotecontrol.conf not rewritten when the file is empty: 2.4.4-p3 Looks good:
cp /dev/null /var/unbound/remotecontrol.conf
Save unbound configuration
/var/unbound/remote... Chris Linstruth
10:08 PM Bug #9231: firewall_aliases_edit.php: pf keyword matching is not catching some problem cases: 2.4.4-p3:
Could not create aliases with the same name as the pfSense interface name or the descriptive name of any e... Chris Linstruth
10:03 PM Bug #9239: WebGUI: Diagnostics > Packet Capture will try to display any size of pcap file.: Looks good.
Packet capture file is too large to display in the GUI.
Download the file, or view it in the console ... Chris Linstruth
09:51 PM Feature #8602 (Feedback): DNS over TLS host verification: Looks good with the new build with unbound 1.9.1. Only fails with a bogus hostname defined. Works with either 149.112... Chris Linstruth
02:44 PM Feature #8602 (Assigned): DNS over TLS host verification: Looks like we'll need to import Unbound 1.9.0 Jim Pingle
02:41 PM Feature #8602: DNS over TLS host verification: 2.4.4-p3:
May 13 19:39:24 unbound 82673:1 error: no name verification functionality in ssl library, ignored nam... Chris Linstruth
03:22 PM Bug #9214 (Resolved): Packages fail to reinstall after restoring config.xml from the installer: Jim Pingle
02:57 PM Bug #9214: Packages fail to reinstall after restoring config.xml from the installer: I upgraded from 2.4.4-p2 to 2.4.4-p3 using the iso and confix.xml recovery.
Got the banner that package install wa... Chris Linstruth
10:35 AM Bug #9214 (Feedback): Packages fail to reinstall after restoring config.xml from the installer: Jim Pingle
02:50 PM Feature #9096 (Resolved): Login Page: Make pfSense Login Page Tab Name More Unique: Short hostname seems good enough to me. If you have enough tabs open to need the distinction, the size of most tabs w... Jim Pingle
02:47 PM Feature #9096: Login Page: Make pfSense Login Page Tab Name More Unique: This is a big help. Looks good. Thank you. Not sure if this should be the entire FQDN like the post-login title.
Chris Linstruth
10:58 AM Bug #9459: patch pf: silence a runtime warning pfr_update_stats: assertion failed.: So I was able to find another way to keep nat reflection turned on and stop the spam. I changed one of the port forwa... rub man
10:42 AM Bug #8970: Queues Menu item ends with ":": This was fixed likely before -p3, but those versions are closed, so I'll move it to -p3. Jim Pingle
10:10 AM Todo #9511 (Feedback): OpenVPN server/client/override advanced settings privilege separation: Applied in changeset commit:4a1841a1fabcba0100f6a4f505fc1e132c29da20. Jim Pingle
10:01 AM Todo #9511: OpenVPN server/client/override advanced settings privilege separation: * Removed Advanced options from the OpenVPN wizard. If a user has privileges for it, they can add the settings later.... Jim Pingle
06:37 AM Feature #1189: Gateway: Multiple monitor ips: +1
Please consider implementing this. I just experienced my first down time because 1.0.0.1 was unavailable from You... Stefan B. Christensen

05/12/2019

11:15 PM pfSense Packages Bug #9502: ACME's XMLRPC restart of remote webgui sometimes retains old certificates: Jim Pingle wrote:
> I am not sure it would be related to what you saw, but you might give the newest version of the ... Mike Barnes
11:02 AM pfSense Packages Feature #9523: LADVD: Feature to enable setting interface descriptions: Looking at FreeNAS, they've got a much more succinct description and only added support for the -z option, which seem... Jason Unovitch
10:21 AM pfSense Packages Feature #9523 (Resolved): LADVD: Feature to enable setting interface descriptions: Good day. I'd be interested in seeing options for the -y and -z flag to LADVD get added.
These are explain in ladv... Jason Unovitch
07:54 AM Bug #9223: SSHGUARD doesn't work as expected: Jim Pingle wrote:
>
> We opted not to add any more patches on top of sshguard, but you should absolutely submit th... Joshua Sign
06:41 AM Bug #9522 (Resolved): Diagnostics > System Activity shows only the header: In current 2.5 snapshots the 'top' output in Diagnostics > System Activity seems truncated.
I see only:... Steve Wheeler
05:33 AM pfSense Packages Feature #9521 (Resolved): Upgrade to HAProxy 1.9: Some of our backends support HTTP/2, but it seems that HAProxy 1.8 only support HTTP/2 for the frontends.
The latest... S. Debreuil

05/11/2019

07:38 PM pfSense Docs Correction #9520 (Closed): Feedback on Routing and Multi-WAN — Gateway Settings: *Page:* https://docs.netgate.com/pfsense/en/latest/routing/gateway-configure.html
*Feedback:* There is no document... Brendon Baumgartner
06:05 PM Bug #9470 (Feedback): unbound remotecontrol.conf not rewritten when the file is empty: Jim Pingle
06:05 PM Bug #9519 (Feedback): Fix ACB Privileges: Applied in changeset commit:18c1de41332473dacd8a24ddf34e558f6366c714. Jim Pingle
05:48 PM Bug #9519 (Resolved): Fix ACB Privileges: ACB pages have missing/incorrect privilege headers, and are not listed in the privilege list properly. Jim Pingle
06:05 PM Bug #9446 (Feedback): Filter reload error with NAT reflection enabled: Jim Pingle
06:05 PM Feature #9290 (Feedback): Need a way to suppress status output display in /status.php: Jim Pingle
06:05 PM Bug #9281 (Feedback): ZFS encrypted+mirrored swap may not be activated on 2.4.4-p2: Jim Pingle
06:05 PM Bug #9276 (Feedback): DNS troubleshooting tool incorrectly reporting "ai." as an invalid hostname: Jim Pingle
06:04 PM Bug #9275 (Feedback): ip tools link not working: Jim Pingle
06:04 PM Bug #9264 (Feedback): Disabling "IPv6 over IPv4 Tunneling" breaks config: Jim Pingle
06:04 PM Bug #9239 (Feedback): WebGUI: Diagnostics > Packet Capture will try to display any size of pcap file.: Jim Pingle
06:04 PM Bug #9231 (Feedback): firewall_aliases_edit.php: pf keyword matching is not catching some problem cases: Jim Pingle
06:04 PM Bug #9193 (Feedback): firewall_nat.php: PHP error deleting an imported NAT rule with no firewall rules present: Jim Pingle
06:04 PM Feature #8602 (Feedback): DNS over TLS host verification: Jim Pingle
05:21 PM Feature #9096 (Feedback): Login Page: Make pfSense Login Page Tab Name More Unique: Implemented in commit:814a7c2f1d828fedef13bb2bf326d8014e9e25bf (master) and commit:87642f6bd1fc96f116ee6756a15ef2a9cf... Jim Pingle
09:17 AM Bug #9514 (Not a Bug): DNS servers: The DNS Resolver (Unbound) doesn't work that way.
You can do that in the DNS forwarder by telling it to query sequ... Jim Pingle
08:56 AM Bug #9514 (Not a Bug): DNS servers: Right now, the query order for DNS servers can vary based on query times. Using DNS from multiple providers is great ... Dallas Haselhorst

05/10/2019

02:40 PM Bug #9513 (Feedback): Privilege bypass due to relative paths in URL after initial page filename: Applied in changeset commit:0604f68855ff65b92cdebd57a08a2ceccbef675c. Jim Pingle
02:27 PM Bug #9513: Privilege bypass due to relative paths in URL after initial page filename: I was finally able to reproduce this, it took some extra parameters in cURL to make it happen.
Setup:
* Create a ... Jim Pingle
10:35 AM Bug #9294 (Feedback): XSS issues on multiple pages: These have all been handled but need testing and confirmation of the fixes. Jim Pingle

05/09/2019

06:20 PM Todo #6647: Enable Additional Security Headers: A quick test with the below inserted into head.inc... Bill Marquette
05:26 PM Bug #6167: IPsec IPComp not working: Is this actually ever going to happen? For three years now, this is just moving from one release to the next, without... Ronald Antony
03:51 PM Bug #9513 (Resolved): Privilege bypass due to relative paths in URL after initial page filename: N.B.: I have not yet managed to reproduce this, adding it based on a user report.
Due to the way the privilege sys... Jim Pingle
03:45 PM Bug #9512 (Feedback): Privilege bypass due to match style used by widget privileges: Applied in changeset commit:bc319bc01a4d709b39e4c93c7223d277ee666bff. Jim Pingle
03:39 PM Bug #9512: Privilege bypass due to match style used by widget privileges: Changing the match to start with the path to the widgets works around the problem:... Jim Pingle
03:37 PM Bug #9512 (Resolved): Privilege bypass due to match style used by widget privileges: The current dashboard and widget privileges specify a leading wildcard, for example:... Jim Pingle
03:19 PM Bug #9489: pfsense with ha closing sessions when apply any rule, xmlrpc erros are shown: This is not a bug, but a problem with your configuration. This site is not for support or diagnostic discussion.
F... Jim Pingle
03:06 PM Bug #9489: pfsense with ha closing sessions when apply any rule, xmlrpc erros are shown: running packages:
pfBlockerNG-devel
Service_Watchdog
snort
squid
squidGuard
chris j
03:04 PM Bug #9489: pfsense with ha closing sessions when apply any rule, xmlrpc erros are shown: A communications error occurred while attempting to call XMLRPC method restore_config_section: @ 2019-05-09 20:54:59
... chris j
03:03 PM Bug #9489: pfsense with ha closing sessions when apply any rule, xmlrpc erros are shown: I 2nd this issue, brand new install setup HA cluster with just two machines, everything seems fine and config seems t... chris j
03:17 PM Todo #9511: OpenVPN server/client/override advanced settings privilege separation: If or when this is implemented, the warnings added for #9510 can be removed. Jim Pingle
03:15 PM Todo #9511 (Resolved): OpenVPN server/client/override advanced settings privilege separation: This issue needs some additional thought and debate.
Due to advanced directives in OpenVPN it is possible for user... Jim Pingle
02:25 PM Bug #9508 (Feedback): Potential XSS in services_acb.php via download parameter: Applied in changeset commit:ce77c104eee92cfbbc0d84980e60899295dadeac. Jim Pingle
02:16 PM Bug #9508 (Resolved): Potential XSS in services_acb.php via download parameter: Attempt to load /services_acb.php?download=%22%3E%3Cscript%3Ealert(1)%3C/script%3E and the client displays a JS alert... Jim Pingle

05/08/2019

03:50 PM Bug #9507 (Feedback): Potential XSS in WOL widget (widgets/widgets/wage_on_lan_widget.php) via WOL entry description: Applied in changeset commit:5789a02eab9b2ebbcb1f28d1d037b408b436a853. Jim Pingle
03:44 PM Bug #9507 (Resolved): Potential XSS in WOL widget (widgets/widgets/wage_on_lan_widget.php) via WOL entry description: The WOL widget, widgets/widgets/wage_on_lan_widget.php, does not encode the description before display, so user-enter... Jim Pingle
09:06 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: As a workaround I have installed the Cron package with the following additional entries:... Gavin Stewart
05:07 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: I see this behavior on 2.4.4_p2, on 2.4.5-dev and on 2.5.0-dev.
As workaround we can:
- in console run 'pkill filte... Azamat Khakimyanov
08:41 AM pfSense Packages Bug #9502: ACME's XMLRPC restart of remote webgui sometimes retains old certificates: I am not sure it would be related to what you saw, but you might give the newest version of the ACME package a try (0... Jim Pingle
08:40 AM pfSense Packages Bug #9492 (Resolved): Cannot reload remote haproxy via ACME package: Great! Jim Pingle
08:39 AM pfSense Packages Bug #9492: Cannot reload remote haproxy via ACME package: Works. Thx! Florian Apolloner
08:00 AM pfSense Packages Bug #9492: Cannot reload remote haproxy via ACME package: I pushed another change just now that might help. Not sure it will, but it's worth a try.
Jim Pingle
07:57 AM pfSense Packages Bug #9492: Cannot reload remote haproxy via ACME package: Hi Jim. Yes Haproxy did restart. While I agree that the sync error should be from something else it still seems to be... Florian Apolloner
07:58 AM pfSense Packages Feature #9498: ACME Package: Sorting on name, expiration, etc: Pushed a new fix just now, try the next version when it shows up. Jim Pingle
01:09 AM pfSense Packages Feature #9498: ACME Package: Sorting on name, expiration, etc: Hi!
Great job, but sorting date does not work OK.
Greg M

05/07/2019

10:03 AM pfSense Packages Bug #9492: Cannot reload remote haproxy via ACME package: There is no error in that output related to the service restart. The error at the top is from config sync, which isn'... Jim Pingle
02:24 AM pfSense Packages Bug #9492: Cannot reload remote haproxy via ACME package: I just installed, 0.5.7 but it still throws an error (Interestingly only on the firewall running ACME). Can I get mor... Florian Apolloner
07:53 AM pfSense Packages Bug #9502 (Not a Bug): ACME's XMLRPC restart of remote webgui sometimes retains old certificates: That isn't possible as the code that does the sync comes before the reload, and the sync process blocks. I haven't se... Jim Pingle
07:49 AM Bug #9503 (Not a Bug): Granting "WebCfg - OpenVPN: Clients" privilege does not display the "VPN" > "OpenVPN" > "Clients" menu in the menu bar: That isn't how privileges and menu entries work. The menu has no means by which it can know about access to other tab... Jim Pingle
02:34 AM Bug #9503 (Not a Bug): Granting "WebCfg - OpenVPN: Clients" privilege does not display the "VPN" > "OpenVPN" > "Clients" menu in the menu bar: Hi,
I granted a user the "WebCfg - OpenVPN: Clients" privilege.
He can access the settings typing directly /vpn... Antoine Brodin
07:46 AM Feature #9504: Include hostname being updated in Dynamic DNS notifications: OK sorry, didn't intend to be rude. robi robi
07:45 AM Feature #9504: Include hostname being updated in Dynamic DNS notifications: I was agreeing with you, the attitude is unnecessary. Jim Pingle
07:43 AM Feature #9504: Include hostname being updated in Dynamic DNS notifications: Perhaps???
On WAN1 we have 7 different hostnames, on WAN2 we have 3 different hostnames. Sometimes we need to chan... robi robi
07:33 AM Feature #9504: Include hostname being updated in Dynamic DNS notifications: The text could be a little more descriptive, perhaps.
The messages are already grouped. If multiple messages fire ... Jim Pingle
07:17 AM Feature #9504 (Resolved): Include hostname being updated in Dynamic DNS notifications: We have multiple Dynamic DNSes set up for multiple interfaces. Several WANs, each with several Dynamic DNS entries. W... robi robi
07:45 AM Bug #9505: Multiple Dynamic DNS update notifications for the same interface, with the same text: 10 seconds? Aaaahhh....
OK robi robi
07:41 AM Bug #9505: Multiple Dynamic DNS update notifications for the same interface, with the same text: It works fine, I get multiple grouped messages every day for various things when testing. The window is 10s. If you w... Jim Pingle
07:40 AM Bug #9505: Multiple Dynamic DNS update notifications for the same interface, with the same text: Unfortunately grouping doesn't work correctly then. All events happen withing 20 seconds or so, and we get separate m... robi robi
07:35 AM Bug #9505: Multiple Dynamic DNS update notifications for the same interface, with the same text: See my comments on the other message, then. There is already code to handle that. Either this is a duplicate or it's ... Jim Pingle
07:31 AM Bug #9505: Multiple Dynamic DNS update notifications for the same interface, with the same text: I wouldn't say this is a duplicate, because this bug is about sending too many messages after each other about (almos... robi robi
07:25 AM Bug #9505 (Duplicate): Multiple Dynamic DNS update notifications for the same interface, with the same text: Duplicate of #9504 Jim Pingle
07:19 AM Bug #9505 (Duplicate): Multiple Dynamic DNS update notifications for the same interface, with the same text: We have multiple Dynamic DNSes set up for the same interface. Whenever an update happens, we get as many e-mails as m... robi robi
07:27 AM Bug #9506 (Duplicate): Dynamic DNS update notification sent even if IP address didn't change: pfSense sends Dynamic DNS update notifications even in the cases when IP address doesn't change.
For some reason, th... robi robi

05/06/2019

09:54 PM pfSense Packages Bug #9502 (Not a Bug): ACME's XMLRPC restart of remote webgui sometimes retains old certificates: I have two hosts using HA syncing to push the certificate store from host1 (primary) to host2 (backup). ACME renewal ... Mike Barnes
01:02 PM pfSense Packages Bug #9492 (Feedback): Cannot reload remote haproxy via ACME package: Give 0.5.7 a try when it shows up shortly. It should work. Jim Pingle
02:27 AM pfSense Packages Bug #9492: Cannot reload remote haproxy via ACME package: OK, thanks, I was highly optimistic about having found a probable cause for a minute there, but I guess I get to go b... Mike Barnes
02:00 AM pfSense Packages Bug #9492: Cannot reload remote haproxy via ACME package: I does not affect the webgui because it uses another xmlrpc call. It affects every normal service though. I could als... Florian Apolloner
01:02 PM pfSense Packages Feature #9498 (Feedback): ACME Package: Sorting on name, expiration, etc: ACME pkg 0.5.7 now has search and sorting. Jim Pingle
10:31 AM Todo #9501: turn off form autocompletion on OpenVPN client config page (maybe the whole web interface): Not effectively, because they also key off the form field labels, and then it becomes a never-ending whack-a-mole of ... Jim Pingle
10:18 AM Todo #9501: turn off form autocompletion on OpenVPN client config page (maybe the whole web interface): Sorry, should have done my homework first.
https://stackoverflow.com/questions/15738259/disabling-chrome-autofill
... Corey Boyle
09:29 AM Todo #9501 (Not a Bug): turn off form autocompletion on OpenVPN client config page (maybe the whole web interface): Browsers no longer respect autocomplete settings in HTML. We can set the tags, but browsers and password manager plug... Jim Pingle
08:48 AM Todo #9501 (Not a Bug): turn off form autocompletion on OpenVPN client config page (maybe the whole web interface): Some of the fields (usually the proxy info) will get autofilled by the browser with random data.
Corey Boyle

05/05/2019

08:15 PM pfSense Packages Bug #9492: Cannot reload remote haproxy via ACME package: Would this affect more than just haproxy? This fits a failure to restart the webui on a remote system that occurred f... Mike Barnes

05/04/2019

08:51 AM pfSense Packages Bug #9500 (New): HAproxy does not delete non-applicable action config: The steps to reproduce this are:
# Create a HAproxy frontend
# Create an action and populate its options
# Expor... Greg Toombs

05/03/2019

02:30 PM Bug #9499 (Feedback): Potential XSS in status_filter_reload.php via NAT rule description: Applied in changeset commit:1af9400d594cd183d011f22fa9b3a7630570a250. Jim Pingle
02:24 PM Bug #9499 (Resolved): Potential XSS in status_filter_reload.php via NAT rule description: status_filter_reload.php does not encode the output before display, so user-entered free-form text such as rule descr... Jim Pingle
01:20 PM pfSense Packages Bug #9355: Telegraf Package - https for InfluxDB Server: https is working for me: https://maxammann.org/posts/2019/05/pfsense-telegraf-letsencrypt/ Max Ammann
01:54 AM pfSense Packages Bug #9211: GeoIP broken in pfSense-pkg-ntopng-0.8.13_3: Mark Vejvoda wrote:
> I got this working on my SG-3100 by copying files from:
>
> https://centminmod.com/centminm... Tj Ng

05/02/2019

09:50 PM pfSense Packages Bug #9211: GeoIP broken in pfSense-pkg-ntopng-0.8.13_3: I got this working on my SG-3100 by copying files from:
https://centminmod.com/centminmodparts/geoip-legacy/
to... Mark Vejvoda
05:52 PM pfSense Packages Feature #9498: ACME Package: Sorting on name, expiration, etc: The ACME package has been working flawless for me now, for well over a year, I've migrated all of my ACME certs to it... Dan Thunder
05:44 PM pfSense Packages Feature #9498 (Resolved): ACME Package: Sorting on name, expiration, etc: The ACME package has been working flawless for me now, for well over a year, I've migrated all of my ACME certs t... Dan Thunder

05/01/2019

02:58 PM pfSense Packages Bug #9492 (Assigned): Cannot reload remote haproxy via ACME package: Yeah, you're right. I didn't have a setup to test that handy, but it would have to come earlier. I'll come up with a ... Jim Pingle
02:51 PM pfSense Packages Bug #9492: Cannot reload remote haproxy via ACME package: Jim Pingle wrote:
> Fixed in ACME pkg v0.5.6
I just tried this and it still throws an error, to the best of my un... Florian Apolloner
10:52 AM pfSense Packages Bug #9492 (Feedback): Cannot reload remote haproxy via ACME package: Fixed in ACME pkg v0.5.6 Jim Pingle
10:54 AM pfSense Packages Bug #9368 (Resolved): ACME certificates cannot have more than ~35 SAN entries due to input variable limits: Jim Pingle
10:54 AM pfSense Packages Feature #8613 (Resolved): pfSense-pkg-acme: acme_certificates_edit.php - Add support for --challenge-alias acme.sh flag: Jim Pingle
10:54 AM pfSense Packages Feature #8490 (Resolved): pfSense-pkg-acme: acme_certificates_edit.php - Add ability to specify (vs generate) private key: Jim Pingle
10:53 AM pfSense Packages Feature #8211 (Resolved): ACME cron job <- log activity: Jim Pingle
10:52 AM pfSense Packages Bug #9340 (Feedback): Buypass CA does not support wildcard: Fixed in ACME pkg v0.5.6 Jim Pingle
10:14 AM pfSense Packages Bug #9495: AWS VPC VPN wizard produces incorrect config (SHA256 should be SHA1): So far I have been unable to replicate this.
Tested with a 7100 and 1100 against us-west-2 and us-east-2 using AWS W... Steve Wheeler
10:06 AM pfSense Packages Bug #9497: AWS VPN Wizard: WebGUI times out.: When you apply the settings at step 3 the GUI times out. If you check AWS suring that time the Virtual Private Gatewa... Steve Wheeler

04/30/2019

01:42 PM pfSense Packages Bug #9497 (New): AWS VPN Wizard: WebGUI times out.: When creating a new VPN using the AWS VPN Wizard the webgui times out at step 3 going to step 4 and also at step 4 go... Steve Wheeler
11:03 AM Feature #9496 (Duplicate): Include the athp(4) driver.: It would be great to get the athp driver into a 2.5 snapshot for testing. Even if it's not loaded by default.
https:... Steve Wheeler
09:53 AM pfSense Packages Bug #9495: AWS VPC VPN wizard produces incorrect config (SHA256 should be SHA1): Sorry, forgot to add: in looking over the download configuration from AWS, I noticed that it also recommends the Phas... Frank Hecker
09:24 AM pfSense Packages Bug #9495 (New): AWS VPC VPN wizard produces incorrect config (SHA256 should be SHA1): I was trying to create a site-to-site VPN to my AWS default VPC in the us-west-2 region using the AWS VPC VPN Wizard ... Frank Hecker
07:05 AM Bug #9460 (Resolved): OpenVPN local auth failing due to fcgicli output: Jim Pingle

04/29/2019

10:19 PM Bug #9460: OpenVPN local auth failing due to fcgicli output: OpenVPN auth both local and radius are now functioning for me Jake K
02:00 PM pfSense Docs Correction #9494 (Resolved): Feedback on VPN — IPsec — NAT with IPsec Phase 2 Networks: *Page:* https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/phase-2-nat.html
*Feedback:*
https://docs.netgate.co... Wayne Johnson
11:41 AM Feature #9493 (Closed): XMLRPC Sync to ECMP clusters: That is not what the XMLRPC sync features was designed to do, or to be. It is only intended to be used for two nodes ... Jim Pingle
11:33 AM Feature #9493 (Closed): XMLRPC Sync to ECMP clusters: We scale PFSense by running ECMP though BGP and taking advantage of pfsync to keep up to six firewalls active simulta... Eric Houston
08:20 AM Bug #9491: Can't create vlans or change interfaces when logged in as AD-User via LLDP: Jim Pingle wrote:
> Almost certainly a problem with your configuration, such as accidentally selecting "Deny Config ... David Teslow
07:54 AM Bug #9491 (Not a Bug): Can't create vlans or change interfaces when logged in as AD-User via LLDP: Almost certainly a problem with your configuration, such as accidentally selecting "Deny Config Write" on the group f... Jim Pingle
06:23 AM Bug #9491: Can't create vlans or change interfaces when logged in as AD-User via LLDP: Sorry i ment LDAP in the subjects field not LLDP. David Teslow
04:59 AM Bug #9491 (Not a Bug): Can't create vlans or change interfaces when logged in as AD-User via LLDP: Hello pfSense Team,
as described in the subject that pretty much the problem that i noticed.
Create a vlan and pr... David Teslow
07:53 AM Feature #8602 (Resolved): DNS over TLS host verification: Jim Pingle
07:53 AM Bug #9446 (Resolved): Filter reload error with NAT reflection enabled: Jim Pingle
07:52 AM Bug #9470 (Resolved): unbound remotecontrol.conf not rewritten when the file is empty: Jim Pingle
07:52 AM Feature #9412 (Resolved): Add sorting and search/filtering to CA/Certificates: Jim Pingle
06:33 AM Bug #9488: No console when booting CE Memstick UEFI.: The ISO image behaves exactly the same. There is no output after root is mounted other than the interface state chang... Steve Wheeler
06:04 AM Bug #9488: No console when booting CE Memstick UEFI.: ISO image is hybrid and can be used to boot using a flash drive. Can you try it to see if the results are the same? Renato Botelho
05:20 AM pfSense Packages Bug #9492: Cannot reload remote haproxy via ACME package: If I replace:... Florian Apolloner
05:14 AM pfSense Packages Bug #9492 (Resolved): Cannot reload remote haproxy via ACME package: The acme instance cannot restart a remote haproxy service. I looked at the code and found this snippet: https://githu... Florian Apolloner

04/28/2019

11:49 PM Feature #8602: DNS over TLS host verification: Similar results here. Mismatched FQDN for the server results in a certificate verify error for unbound:
Apr 29 04:48... Chris Linstruth
11:37 PM Bug #9446: Filter reload error with NAT reflection enabled: Getting parens on that interface. No rule loading errors:
eg. no nat on vtnet0 proto tcp from (vtnet0) to 172.25.236... Chris Linstruth
11:30 PM Bug #9470: unbound remotecontrol.conf not rewritten when the file is empty: Looks good here. cp /dev/null /var/etc/unbound.conf then a save of the unbound configuration populated the file. Chris Linstruth
11:25 PM Feature #9412: Add sorting and search/filtering to CA/Certificates: This looks great to me. Searching and column sorting work. Chris Linstruth
10:13 PM Bug #9490 (Not a Bug): PFSense fails to mount drives under KVM/QEMU: Nothing for pfSense to do there. That's all between FreeBSD and your hypervisor. Maybe choosing a different partition... Jim Pingle
09:29 PM Bug #9490 (Not a Bug): PFSense fails to mount drives under KVM/QEMU: I'm not sure if this is relevant to the pfsense code itself, but caught me this afternoon so will pass along for refe... B C
09:53 PM pfSense Packages Bug #9211: GeoIP broken in pfSense-pkg-ntopng-0.8.13_3: Looks like it :(. Anybody knows how to do a quick workaround and install 3.8 manually? or can I download the old vers... Tj Ng
07:30 PM Bug #9489 (Not a Bug): pfsense with ha closing sessions when apply any rule, xmlrpc erros are shown: You have a configuration error, probably a down gateway triggering state killing. Keep the discussion on the forum. Jim Pingle
07:05 PM Bug #9489 (Not a Bug): pfsense with ha closing sessions when apply any rule, xmlrpc erros are shown: Cloned from:
https://forum.netgate.com/topic/131916/pfsense-with-ha-closing-sessions-when-apply-any-rule
On XG-71... Daniele Palumbo
05:32 PM Bug #8235: The browser must support cookies to login: I'm getting affected by this as well, under similar circumstances.
Jim Pingle wrote:
> Does the same thing happen... Greg Toombs
07:50 AM Bug #9488 (Resolved): No console when booting CE Memstick UEFI.: Testing 2.5 snapshots. When booting the VGA Memstick image as UEFI there is no usable console presented.
This appl... Steve Wheeler

04/27/2019

12:33 PM Bug #8987: Web GUI main page very slow to load if wan interface is enabled but not connected.: I currently have a DNS server configured in "System->General Setup" and have the DNS Resolver enabled so I can do loo... Rafael Possamai

04/26/2019

01:59 PM pfSense Packages Bug #9487: FRR package sending dual Hello packets on carp (OSPF): v 2.4.4 FRR 0.2_8 Andres Noriega
01:59 PM pfSense Packages Bug #9487 (Rejected): FRR package sending dual Hello packets on carp (OSPF): There is not enough information here to identify anything with certainty. Nothing about the versions, your config, et... Jim Pingle
01:56 PM pfSense Packages Bug #9487 (Rejected): FRR package sending dual Hello packets on carp (OSPF): I have detected FRR package on an OSPF implementation sending hello packets related to the protocol, with 2 ips
car... Andres Noriega
01:25 PM pfSense Packages Bug #9451 (Feedback): Add Zabbix 4.2 (agent and proxy) packages: Applied in changeset pfsense:commit:30335336358db3bcdc0ede634a4f81b7f3273c7b. Renato Botelho
12:47 PM pfSense Packages Bug #9451: Add Zabbix 4.2 (agent and proxy) packages: PR adding make.conf items was merged and original commit adding 4.2 to ports tree cherry-picked Renato Botelho
01:08 AM pfSense Packages Bug #9451: Add Zabbix 4.2 (agent and proxy) packages: 4.2 seems to be available in FreeBSD Ports now. https://www.freebsd.org/cgi/ports.cgi?query=zabbix&stype=all Sebastian Werner
01:16 PM pfSense Packages Bug #9486 (New): ifindex values used for softflowd are incorrect: With this patch, we now pass ifIndex values to softflowd for inclusion in the flow packets:
https://github.com/pfs... Jesse White
08:52 AM Bug #9485 (New): password match error on system_usermanager causes Group membership to be reset.: I went to set the pre-shared key on my own account. In the process, a browser form filler entered my password on the... Wayne Johnson
07:24 AM Bug #9431 (Resolved): Upgrading to 2.5.0 with devel/aws-sdk-php installed fails: Jim Pingle
05:59 AM Bug #9431: Upgrading to 2.5.0 with devel/aws-sdk-php installed fails: It is :)
Thanks! Greg M

04/25/2019

01:21 PM Bug #9484 (Closed): With proper timing on boot dhclient won't be started for WAN without manual intervention: My setup
* Pfsense WAN (igb0) connected directly to ISP modem (configured as bridge)
* Pfesnse LAN (igb1 - with a f... Tomasz K.
07:29 AM Bug #9479 (Duplicate): Alias table not updated when adding new entry: Jim Pingle
02:18 AM Bug #9479: Alias table not updated when adding new entry: Removed FQDN's - it didn't happen. Looks 9296 related. Vladimir Lind

04/24/2019

11:59 AM Feature #9104: Add a FAT32 partition to memstick installer images: Just tried this rescuing a 2.4.4-p2 config.xml
System installed correctly, and config was restored, but packages t... James Tandy

04/23/2019

04:43 PM pfSense Packages Feature #9238: Add support for Zerotier: I don't think my code would be of much use, I was just trying to get the package to work with the latest pfS version.... Corey Boyle
04:12 PM pfSense Packages Feature #9238: Add support for Zerotier: Seconding this request!
It seems Corey has and ChanceM have already done most of the heavy lifting:
Ref: https... Christian McDonald
10:29 AM Bug #9431 (Feedback): Upgrading to 2.5.0 with devel/aws-sdk-php installed fails: It should be fixed in pfSense-upgrade 0.67 Renato Botelho
07:48 AM Bug #9431: Upgrading to 2.5.0 with devel/aws-sdk-php installed fails: Greg M wrote:
> Great!
>
> Are you able to replicate?
>
> If not what else can we provide to help troubleshoot... Renato Botelho
07:29 AM Bug #9431: Upgrading to 2.5.0 with devel/aws-sdk-php installed fails: Great!
Are you able to replicate?
If not what else can we provide to help troubleshoot it? Greg M

04/22/2019

02:41 PM Bug #9431 (In Progress): Upgrading to 2.5.0 with devel/aws-sdk-php installed fails: I'll work on it Renato Botelho
02:00 PM Bug #9483 (Resolved): UFS filesystem is not being mounted noatime.: On a clean CE install using the default options the / filesystem is not mounted noatime.
This is leading to increa... Steve Wheeler
01:54 PM pfSense Packages Todo #9482 (Resolved): Remove zabbix 3.2 and 3.4 from pfSense: Zabbix ports versions 3.2.x and 3.4.x will be removed from FreeBSD ports tree in Apr 2019. Remove them from pfSense Renato Botelho

04/21/2019

09:27 AM pfSense Packages Bug #9451: Add Zabbix 4.2 (agent and proxy) packages: We don't use precompiled binaries from other sites. It has to be in FreeBSD ports. Jim Pingle
08:48 AM pfSense Packages Todo #9200: Add DNS support for Google domain to Acme manager: I would also like to see Google Domains added into the list of supported validation methods. Don McLean

04/20/2019

11:51 PM pfSense Packages Bug #9451: Add Zabbix 4.2 (agent and proxy) packages: there is a freebsd package on official site https://www.zabbix.com/download_agents rub man

04/18/2019

08:01 AM Bug #9431: Upgrading to 2.5.0 with devel/aws-sdk-php installed fails: Hi!
I have:
a) Removed all packages via GUI and upgraded, same error
b) Used command "pkg delete pfSense-pkg-... Greg M
07:10 AM Bug #9248: Dynamic dns updates on azure ipv6 service is not working properly: PR: https://github.com/pfsense/pfsense/pull/4064 Jim Pingle

04/17/2019

03:24 PM pfSense Packages Bug #9481 (Closed): traffic totals documentation link goes to 404 page: The question mark on the top right corner goes
Page not found: https://www.netgate.com/docs/pfsense/index.php/Traf... Brendon Baumgartner
01:54 PM Bug #9459: patch pf: silence a runtime warning pfr_update_stats: assertion failed.: Update: I was able to stop the warnings by disabling nat reflection.
Possible bug?
!https://forum.netgate.com/a... rub man
08:26 AM pfSense Packages Bug #9211: GeoIP broken in pfSense-pkg-ntopng-0.8.13_3: It seems clear no one at Netgate is reading this ticket. :-( B D
07:29 AM Bug #9479: Alias table not updated when adding new entry: Try to replicate without the FQDNs. If the issue doesn't happen, then this can be closed in favor of the earlier ticket. Jim Pingle
07:22 AM Bug #9479: Alias table not updated when adding new entry: Yes, it does contain a couple of FQDNs in both cases. Vladimir Lind
07:18 AM Bug #9479: Alias table not updated when adding new entry: Does the alias contain any FQDNs? Or only IP addresses and subnets? If it contains FQDNs, this may be a duplicate of ... Jim Pingle
01:55 AM Bug #9479 (Duplicate): Alias table not updated when adding new entry: On 2.4.4-p2 CE and arm - tested on MBT2220 and SG3100:
I can't replicate it every time - I would say the majority ... Vladimir Lind
06:44 AM Bug #9480 (Not a Bug): sylogd crash with misconfigured static arp entries: That's not a syslogd problem, just a symptom of your misconfiguration. It can't send the packet out due to your broke... Jim Pingle
06:32 AM Bug #9480 (Not a Bug): sylogd crash with misconfigured static arp entries: Hi,
h2. My setup
* 2 pfSense boxes running in HA setup
* Remote logging enabled
* DHCP servers with failover ... Boris Lechner

04/16/2019

10:43 AM Bug #9478 (Resolved): Unable to check for updates from the GUI when using a proxy with authentication: When pfSense is set to use an upstream proxy with authentication, the update check fails to run from the GUI. It work... Jim Pingle

04/15/2019

05:20 PM Bug #9477 (Not a Bug): 2.4.4-RELEASE-p2 + XG-1537 SFP+ port issue - critical: This seems more like a configuration issue, such as not having a high enough mbuf allocation setup.
Please post to... Jim Pingle
04:18 PM Bug #9477 (Not a Bug): 2.4.4-RELEASE-p2 + XG-1537 SFP+ port issue - critical: If something is installed in the SFP+ Ports on the XG-1537 then the interfaces ix0 and ix1 will not come up during bo... Kristian Junkov
11:56 AM pfSense Packages Bug #9473 (Resolved): Lightsquid 1.8_5 doesn't ensure line breaks between cert and key when generating cert.pem file: Fixed in lightsquid pkg version 3.0.6_6. Jim Pingle
10:44 AM pfSense Packages Feature #6226: Add usb_modeswitch to the pfSense package repo: Docs have been updated. Jim Pingle
08:08 AM pfSense Packages Feature #6226: Add usb_modeswitch to the pfSense package repo: Jim Pingle wrote:
> usb_modeswitch has been available from the pfSense (not FreeBSD) repo for months now, including ... Savas Yucedag
07:23 AM pfSense Packages Feature #6226 (Closed): Add usb_modeswitch to the pfSense package repo: usb_modeswitch has been available from the pfSense (not FreeBSD) repo for months now, including in the latest release... Jim Pingle
04:27 AM pfSense Packages Feature #6226: Add usb_modeswitch to the pfSense package repo: khaled osama wrote:
> update for pfsense 2.4.4
>
> run the following command to support pfsense 2.4.4
>
> pkg ... Savas Yucedag
09:32 AM pfSense Packages Bug #9475 (Duplicate): Monitoring "add view" bug: Duplicate of #9352 Jim Pingle
09:05 AM pfSense Packages Bug #9475 (Duplicate): Monitoring "add view" bug: 1. Open Status/Monitoring
2. Expand Settings
3. Click Display Advanced
4. Click Add View and then Cancel (or Esc)
... Alex Kolesnik
09:12 AM Bug #9476 (Rejected): pfSense 2.4.x sending ARP replies with non-CARP source MAC address: pfSense 2.4.x will send ARP replies for CARP interfaces with the local system's "real" source MAC address, instead ... Michael Reygers
07:57 AM Bug #9474 (Not a Bug): no default gateway after changing the wan interface ipv4 configuration type from dhcp to fixed ip: what started the problem
- ISP unexpectedly changed it's router configuration from dhcp to static ip but all IP ar... david stievenard

Also available in: Atom

Project

General

Profile

pfSense

Activity

Activity

05/14/2019

05/13/2019

05/12/2019

05/11/2019

05/10/2019

05/09/2019

05/08/2019

05/07/2019

05/06/2019

05/05/2019

05/04/2019

05/03/2019

05/02/2019

05/01/2019

04/30/2019

04/29/2019

04/28/2019

04/27/2019

04/26/2019

04/25/2019

04/24/2019

04/23/2019

04/22/2019

04/21/2019

04/20/2019

04/18/2019

04/17/2019

04/16/2019

04/15/2019