Activity

30 days up to

User

Subprojects

Activity

From 05/04/2019 to 06/02/2019

06/02/2019

08:38 PM pfSense Packages Bug #8577 (Resolved): Snort - Log retention not working: Jim Pingle
07:29 PM pfSense Packages Bug #8577: Snort - Log retention not working: This issue is resolved and this ticket can be closed. Bill Meeks
08:38 PM pfSense Packages Bug #9188 (Resolved): Suricata GUI Package fails to send SIGHUP to the Suricata binary process when truncating/rotating the log files: Jim Pingle
07:25 PM pfSense Packages Bug #9188: Suricata GUI Package fails to send SIGHUP to the Suricata binary process when truncating/rotating the log files: This issue is resolved in the latest Suricata 4.1.4 package. Bill Meeks
07:23 PM pfSense Packages Bug #9573: GeoIP database FAIL to download - Suricata package: You do not need to do anything to use the free GeoIP2 Lite database with Suricata on pfSense. It is automatically se... Bill Meeks
12:26 AM pfSense Packages Bug #9573 (Rejected): GeoIP database FAIL to download - Suricata package: Hi, to everyone
Suricata v4.1.4 on pfSense 2.4.4-RELEASE-p3 (amd64)
Brand new suricata install, trying to get ... Carlos Montalvo J.
03:38 PM Bug #9572: uPNP not working - miniupnpd needs an update, reporting "interface index not matching", which has been fixed upstream: @[2.4.4-RELEASE][admin@x.com]/var/log: cat /etc/version.patch
3
[2.4.4-RELEASE][admin@x.com]/var/log: pkg info | gr... Anonymous
11:24 AM Bug #9484: With proper timing on boot dhclient won't be started for WAN without manual intervention: Short note for the future reference. It still works, but I found out that it won't work for default protocol timings ... Tomasz K.
04:35 AM Feature #9574 (New): Show changelog at package upgrade: Hello,
it would be useful if we can show a short changelog description on package upgrade page.
Thank you! B P

05/29/2019

09:18 PM pfSense Packages Bug #9568 (New): UFSSwapDir::openLog: Failed to open swap log.: After a 3 days of been stopped Squid and SquidGuard, once started again Squid cannot start and the message is:
UFS... Julian Pinzón
05:51 PM Revision 84bbc637: Fix DynDNS widget hostname function. Fixes #9564: Jim Pingle
04:31 PM Bug #9567 (Not a Bug): Unbound DNS Resolver does not start up when using IPv6 DHHCPv6 WAN DHCPv6 LAN coupled with v6 Prefix Delegation: When operating with a dual IPv4/IPv6 stack, on a consumer modem (Comcast),
with WAN DHCP single internet-routable... Eric Veum
01:52 PM Bug #9565: Too many redirects error in /services_unbound_acls.php: Yes, sorry, it looks to be machine-specific. It did it when I'd rebooted and started without addons, tried over diffe... Ansley Barnes
01:06 PM Bug #9565 (Not a Bug): Too many redirects error in /services_unbound_acls.php: Can't duplicate it here.
Please post to the forum and include more details about your configuration for that tab t... Jim Pingle
12:54 PM Bug #9565 (Not a Bug): Too many redirects error in /services_unbound_acls.php: Reproducible in Safari 12.1.1. I don't remember what previous release I had worked with before where it loaded succes... Ansley Barnes
01:46 PM Bug #9566 (New): Traffic graph displays traffic incorrectly: A computer is connected to a netgate SG-2440 device
6 Mbps upstream traffic started on the computer (traffic rate ve... David G
01:00 PM Bug #9564 (Feedback): Dynamic DNS Status - IPv4 format error for 'Cached IP': Applied in changeset commit:84bbc6373afeb929a6ca7663c8fbc8e1ab03e125. Jim Pingle
10:58 AM Bug #9564 (Confirmed): Dynamic DNS Status - IPv4 format error for 'Cached IP': Confrimed here as well. It appears to only affect Namecheap, my others are working as expected. The status on service... Jim Pingle
10:54 AM Bug #9564: Dynamic DNS Status - IPv4 format error for 'Cached IP': 2.5.0-DEVELOPMENT - running the current dev branch Eric Veum
10:53 AM Bug #9564 (Resolved): Dynamic DNS Status - IPv4 format error for 'Cached IP': On the service dashboard, the 'Dynamic DNS status' is not printing the correct IPv4. The underlying service appears t... Eric Veum
12:53 PM Revision de0e62a1: Rename pfSense-pkg-bind9 to pfSense-pkg-bind: Renato Botelho
12:53 PM Revision 478d5fc8: Rename pfSense-pkg-bind9 to pfSense-pkg-bind: Renato Botelho
11:16 AM pfSense Packages Bug #9546: Snort fails to load/start with host_attribute_table: This issue is fixed in the upcoming snort-2.9.13_1 package that will be available for pfSense-2.5-DEVEL in the near f... Bill Meeks
07:59 AM Bug #6994 (Closed): [Portuguese] - Traffic graphs shows overwritten words by traffic values: I've checked on current version and it's not happening anymore Renato Botelho
07:55 AM pfSense Packages Bug #7161 (Feedback): pfSense-pkg-bind9 changelog pointing to non-existent location: Renamed port from pfSense-pkg-bind9 to pfSense-pkg-bind, which matches PORTNAME that is used to construct Changelog URL Renato Botelho
06:30 AM Bug #9562 (Duplicate): User manager problem: Jim Pingle
01:37 AM Bug #9562: User manager problem: Sorry! This bug already submitted before - https://redmine.pfsense.org/issues/9541 Max Green
01:34 AM Bug #9562 (Duplicate): User manager problem: Think I was finding some issue with user manager. I was performed clean install the last pfsense (2.4.4-release-p3), ... Max Green
02:28 AM pfSense Packages Feature #9563 (Resolved): Syslog-ng TLS support: Hi,
I'm trying to send syslog over TLS. Added syslog-ng package and configure TLS. But syslog-ng does not start. I... Ken-ichi Sasaki

05/28/2019

07:27 PM pfSense Packages Bug #9195: Suricata (latest): very large number of rules cause errors due to unknown reference keys on Rebuild with Interface SID Management List Assignments: Snort3 rules are incompatible with Suricata 4.x. If you install those rules, they will overwrite some critical confi... Bill Meeks
06:45 PM pfSense Packages Bug #9195: Suricata (latest): very large number of rules cause errors due to unknown reference keys on Rebuild with Interface SID Management List Assignments: I ran into this issue as well after having tried the Snort3 rules and reverted to 2.9 - Suricata is far pickier about... John Silva
07:11 PM Revision 5c3db960: Use correct test type POST variable for SMART. Fixes #9560: Jim Pingle
06:00 PM Revision 89b123fb: Ensure NTP values are treated as numbers before use. Fixes #9558: (cherry picked from commit c92dbfc189ee4cc66726d817f47e5473f8ffe147) Jim Pingle
06:00 PM Revision c92dbfc1: Ensure NTP values are treated as numbers before use. Fixes #9558: Jim Pingle
04:31 PM Bug #9561 (Duplicate): PPPoe 6RD broken in 2.5: Been using 2.5 for a while when I noticed that I had disabled ipv6 on 2.4 before upgrading. Tried enabling a Centuryl... Ronald Schellberg
02:20 PM Bug #9560 (Feedback): SMART tests not working: Applied in changeset commit:5c3db9609d3a8705090b60a822ae2b66dda3bbbe. Jim Pingle
02:10 PM Bug #9560 (Resolved): SMART tests not working: On 2.5.0, SMART tests are not working. Input validation claims the test is invalid no matter what is submitted by the... Jim Pingle
01:10 PM Bug #9558 (Feedback): GPS NTP source PHP errors: Applied in changeset commit:c92dbfc189ee4cc66726d817f47e5473f8ffe147. Jim Pingle
11:41 AM Bug #9558 (Resolved): GPS NTP source PHP errors: The output from a non-sync'd GPS set as an NTP source produces PHP errors in the NTP status. Both the main status pag... Steve Wheeler
12:33 PM pfSense Docs Correction #9559 (Closed): Feedback on L2TP VPN — L2TP Server Configuration: *Page:* https://docs.netgate.com/pfsense/en/latest/book/l2tp/l2tp-server-configuration.html
*Feedback:*
In this... Chris Linstruth
11:05 AM pfSense Packages Bug #9557 (Resolved): FRR Upgrades: FRR 6.0.x seems to be OK on pfSense 2.5.0, so we need to play a bit of musical FRR upgrades:
* Copy FRR 6.0.x back... Jim Pingle
11:02 AM Todo #8886: Update downloads page once hybrid iso/img installers are implemented: "Not a Bug" is a closed state so it's all good as-is. Jim Pingle
10:50 AM Todo #8886: Update downloads page once hybrid iso/img installers are implemented: Ah. Should this be closed then? (Doesn't seem I have the option to close it in status options...) Jared Dillard
09:56 AM Todo #8886 (Not a Bug): Update downloads page once hybrid iso/img installers are implemented: We won't unify memstick and ISO images in order to preserve the FAT partition we added to memstick that can be used t... Renato Botelho
09:35 AM pfSense Packages Bug #9556 (Feedback): Encoding/validation issues in apcupsd_status.php: Fix is in apcupsd 0.3.91_5 Jim Pingle
09:15 AM pfSense Packages Bug #9556 (Resolved): Encoding/validation issues in apcupsd_status.php: apcupsd_status.php does not validate input or encode user input before use, leading to potential abuse (XSS, ACE). Jim Pingle
08:35 AM pfSense Packages Bug #9554 (Feedback): Stored XSS in ACME Package (version 0.5.7_1) /acme/acme_accountkeys_edit.php: Fixed in ACME 0.5.8 Jim Pingle
08:35 AM pfSense Packages Bug #9553 (Feedback): ACME package menus do not appear for user other than "admin": Fixed in ACME 0.5.8 Jim Pingle

05/27/2019

07:54 PM Revision ad1d975a: Fix #9443: Use phpseclib to create RSA key: OpenSSL doesn't allow to create a 64 RSA key anymore. Use phpseclib to
do it using PHP. Renato Botelho
05:36 PM Bug #9362: rc.dyndns.update: Cloudflare DDNS with proxy enabled doesn't work at all: Berzerker Berzerker wrote:
> Chiming in that this is broken for me as well, as described in the original description... Arian K.
04:45 PM Revision ffa8f605: Retire now unused is_jumbo_capable(): Renato Botelho
04:43 PM Revision 08fe7601: Fix #9548: Do not rely on VLANMTU flag: Do not consider VLAN capable only interfaces that have VLANMTU flag.
This flag is used to determine if that interface... Renato Botelho
03:05 PM Bug #9443 (Feedback): Captive Portal Vouchers feature is broken in 2.5.0: Applied in changeset commit:ad1d975acce7a0b7562baca0a6cadab2629de51e. Renato Botelho
02:00 PM Revision 1842cd92: Bump Copyright to 2019: Renato Botelho
01:50 PM Revision 1ead3516: Fix #8821: Deprecate Growl Notifications: Growl appears to be abandoned upstream. No updates in ~5 years, and few if
any users on pfSense Renato Botelho
01:37 PM Revision b4f499f0: Remove code commented out in 2013: Renato Botelho
11:55 AM Bug #9548 (Feedback): Do not use VLANMTU flag to decide if interface supports to run VLAN: Applied in changeset commit:08fe7601ef535aa354255658215475223a23ddee. Renato Botelho
11:51 AM Bug #7307: ZFS installer - shuts down instead of rebooting: Clinton,
Can you check if it's still happening on 2.5.0 snapshots? Renato Botelho
09:03 AM pfSense Packages Feature #9387 (Resolved): Update telegraf to 1.9.3 from ports: already moved to 1.10.1 Renato Botelho
09:00 AM Todo #9360 (Feedback): Switch to Python 3.x: Already done. Python 2.x is not required anymore Renato Botelho
09:00 AM Todo #8821 (Feedback): Remove Growl Notifications: Applied in changeset commit:1ead351615ad1fc8f78684fb0ffff83c9e4355a7. Renato Botelho
08:56 AM pfSense Packages Todo #9482 (Resolved): Remove zabbix 3.2 and 3.4 from pfSense: Both versions were removed Renato Botelho
07:48 AM pfSense Packages Feature #9555 (Resolved): pimd package: Folks - as it seems that IGMP Proxy is "broken" and pimd works is it possible to add (or replace) IGMP Proxy with pim... Michael Pelley
01:36 AM Bug #9054: Gateway Group slow (or never) to switch back to Tier 1: Vasyl Semenchuk wrote:
> Did you try restart service dpinger? In my case this helps switch back to WAN1
Actually ... Bob Guo
01:35 AM Bug #9054: Gateway Group slow (or never) to switch back to Tier 1: Mitch Claborn wrote:
> @VasylSemenchuk Are your gateway groups set to trigger level "Packet Loss or High Latency" or... Bob Guo
01:34 AM Bug #9054: Gateway Group slow (or never) to switch back to Tier 1: Generally same problem here, BUT EVEN HAVE PROBLEM WHEN THE GATEWAY GROUP ISN'T PFSENSE DEFAULT GATEWAY. After diggin... Bob Guo

05/26/2019

12:24 PM Bug #9534: Captive Portal users can't disconnect after reboot ?: hello,
this is a duplicate of #8616 and #5644
fix are available and have been published as pull requests. Waiti... A FL
09:15 AM Bug #9535: Captive Portal users can't access internet after reboot ?: hello,
this is a duplicate of #8616 and #5644
fix are available and have been published as pull requests. wait... A FL
07:39 AM Bug #9267: dhclient does not handle protocol timeouts or script failures correctly: See also: https://lists.freebsd.org/pipermail/freebsd-net/2019-February/052894.html
This appears to have been comm... Steve Wheeler

05/25/2019

04:17 PM pfSense Packages Bug #9554: Stored XSS in ACME Package (version 0.5.7_1) /acme/acme_accountkeys_edit.php: In the future, do not report security issues via Redmine. See https://www.netgate.com/security/ Jim Pingle
04:05 PM pfSense Packages Bug #9554 (Resolved): Stored XSS in ACME Package (version 0.5.7_1) /acme/acme_accountkeys_edit.php: Stored XSS vulnerability occurs due to input validation errors in "Name" and "Description" fields when adding new acc... Chi Tran
03:37 PM pfSense Packages Bug #9553: ACME package menus do not appear for user other than "admin": Example Screenshot Chris Linstruth
03:34 PM pfSense Packages Bug #9553 (Resolved): ACME package menus do not appear for user other than "admin": ACME package menus do not appear for user other than "admin" Chris Linstruth
01:47 PM Bug #9552 (Rejected): DNS lookups intermittently timing out: There is not enough information here for a valid bug report. Please discuss the issue on a forum until a more specifi... Jim Pingle
01:44 PM Bug #9552 (Rejected): DNS lookups intermittently timing out: Using DNS Resolver, DNS lookups by clients intermittently timing out and or extremely delayed in receiving response s... John Higham
09:57 AM pfSense Packages Feature #9551 (Duplicate): Add py-speedtest-cli to package repo: Jim Pingle
09:12 AM pfSense Packages Feature #9551: Add py-speedtest-cli to package repo: And it has always been there, next time I will be more diligent. Anyway, needed to use py27-speedtest-cli on 2.4.x an... Adam Jaremko
08:50 AM pfSense Packages Feature #9551 (Duplicate): Add py-speedtest-cli to package repo: Just a simple request to add py-speedtest-cli to the package repo
https://www.freshports.org/net/py-speedtest-cli/ Adam Jaremko

05/24/2019

07:49 PM Revision f8560a14: Privilege matching -- allow JS anchors. Fixes #9550: Attempts to detect a special case where a file does not actually
exist, and yet should be allowed since it is used by... Jim Pingle
07:47 PM Revision bdbd8534: Privilege matching -- allow JS anchors. Fixes #9550: Attempts to detect a special case where a file does not actually
exist, and yet should be allowed since it is used by... Jim Pingle
02:55 PM Bug #9550 (Feedback): New privilege matching method does not allow menu or tab links to anchors (#foo): Applied in changeset commit:bdbd8534eef5b93370065340de225a1cd5e5faa8. Jim Pingle
02:30 PM Bug #9550 (Resolved): New privilege matching method does not allow menu or tab links to anchors (#foo): The new privilege matching method does not allow menu or tab links to anchors, such as @#foo@. Since these are not pa... Jim Pingle
02:20 PM Bug #9484 (Closed): With proper timing on boot dhclient won't be started for WAN without manual intervention: Jim Pingle
02:10 PM Bug #9484: With proper timing on boot dhclient won't be started for WAN without manual intervention: It looks that with version *2.4.4-RELEASE-p3* problem no longer exists. Tomasz K.
02:20 PM Feature #9549 (Rejected): Carp alters for backup after secondary link crash.: Without preempt, you'll get systems with a mix of MASTER/BACKUP status or nothing will trigger a failover. That isn't... Jim Pingle
01:54 PM Feature #9549 (Rejected): Carp alters for backup after secondary link crash.: Greetings,
Today when working with CARP with several links we have a problem where the master detects the down of ... Heliton Martins
01:19 PM Bug #9548 (Resolved): Do not use VLANMTU flag to decide if interface supports to run VLAN: Today there is a function called is_jumbo_capable() that detects if VLANMTU flag is supported by interface and this f... Renato Botelho
07:55 AM Bug #9547 (Duplicate): altq on vlan interfaces not supported: Duplicate of #9413 Jim Pingle
07:54 AM Bug #9547: altq on vlan interfaces not supported: btw - on XG-1541 Vladimir Lind
07:53 AM Bug #9547 (Duplicate): altq on vlan interfaces not supported: on 2.5.0-DEVELOPMENT (amd64)
built on Thu May 23 20:41:57 EDT 2019
FreeBSD 12.0-RELEASE-p4
There were error(s... Vladimir Lind

05/23/2019

07:22 PM pfSense Packages Bug #9211: GeoIP broken in pfSense-pkg-ntopng-0.8.13_3: YP Lo wrote:
> Found out recently that ntopng v3.6 is already using GeoLite2 database, and hooked up the remaining G... Tj Ng
07:32 AM pfSense Packages Bug #9211: GeoIP broken in pfSense-pkg-ntopng-0.8.13_3: Found out recently that ntopng v3.6 is already using GeoLite2 database, and hooked up the remaining GeoLite2 update s... YP Lo
03:16 PM pfSense Packages Bug #9546 (Resolved): Snort fails to load/start with host_attribute_table: Using the PfSense gui to load and import an attribute table will cause Snort to error on startup. It will not start.
... Bill B
04:17 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: I know it's targeted for 2.5.0, but still I'd like to inform people here that 2.4.4_3 does indeed NOT fix this, makin... Robert Gijsen

05/22/2019

08:50 PM pfSense Packages Feature #9238: Add support for Zerotier: I think it would be pretty awesome if PF supported this. ZT is a great and simple way of securing devices in a virtua... Deon George
08:20 PM Revision 00680d36: Add GUI components for MDS mitigation. Implements #9532: While here, add option to disable PTI display in sysinfo widget.
Implements #9323
(cherry picked from commit 42c48ef... Jim Pingle
08:19 PM Revision 42c48efe: Add GUI components for MDS mitigation. Implements #9532: While here, add option to disable PTI display in sysinfo widget.
Implements #9323 Jim Pingle
06:06 PM Revision ac0bb6bc: Use correct variable in IP address validation check for DNS. Fixes #9543: (cherry picked from commit 912562c4d76e9b629e99d44c56b363147d9ded0d) Jim Pingle
06:05 PM Revision 912562c4: Use correct variable in IP address validation check for DNS. Fixes #9543: Jim Pingle
03:30 PM Feature #9323 (Feedback): Option to hide 'Kernel PTI' from sysinfo widget: Applied in changeset commit:42c48efe1c326273079ac38176098a1993f8ae88. Jim Pingle
03:22 PM Feature #9323 (In Progress): Option to hide 'Kernel PTI' from sysinfo widget: Jim Pingle
03:30 PM Feature #9532 (Feedback): GUI indication and options for MDS mitigation: Applied in changeset commit:42c48efe1c326273079ac38176098a1993f8ae88. Jim Pingle
02:40 PM Feature #9532 (In Progress): GUI indication and options for MDS mitigation: Jim Pingle
02:54 PM Feature #9545 (Resolved): Enable Multipath Routing in the Kernel: Now that @ROUTE_MPATH@ is in the default kernel on FreeBSD 14 and @net.route.multipath@ is on (@1@), enable the MULTI... Jim Pingle
02:51 PM Feature #9544 (Closed): Enable ``ROUTE_MPATH`` multipath routing: Add ROUTE_MPATH to the kernel, assuming it does not cause any conflicts with existing options we need.
Jim Pingle
01:15 PM Bug #9543 (Feedback): diag_dns.php: Reverse lookup of IPv6 fails with "Host must be a valid hostname or IP address.": Applied in changeset commit:912562c4d76e9b629e99d44c56b363147d9ded0d. Jim Pingle
01:05 PM Bug #9543 (Resolved): diag_dns.php: Reverse lookup of IPv6 fails with "Host must be a valid hostname or IP address.": Attempting to reverse resolve an IPv6 address on diag_dns.php fails with the error "Host must be a valid hostname or ... Jim Pingle
02:52 AM Feature #6626: Support for IPv6 firewall entries with dynamic delegated prefix and static host address: I think this issue really needs to be adressed ASAP. If I understand this correctly it means that today the best work... Pim Pish

05/21/2019

06:53 PM Revision b9ed452d: Remove wildcards incorrectly used in isAllowedPage(). Fixes #9541: (cherry picked from commit cf529cbe33ae53f3f95b37a227da141b97465f20) Jim Pingle
06:53 PM Revision cf529cbe: Remove wildcards incorrectly used in isAllowedPage(). Fixes #9541: Jim Pingle
05:49 PM Revision e905762d: Add sysutils/ccze to the repo: Renato Botelho
05:49 PM Revision e82e602d: Add sysutils/ccze to the repo: Renato Botelho
02:45 PM Bug #9539: HA: admin user's authorized key(s) won't get synced: Discussion ongoing in PR 4068 - https://github.com/pfsense/pfsense/pull/4068 James Webb
02:00 PM Bug #9541 (Feedback): Non-admin user with admin rights is given the wrong URL for the user manager: Applied in changeset commit:cf529cbe33ae53f3f95b37a227da141b97465f20. Jim Pingle
01:52 PM Bug #9541 (In Progress): Non-admin user with admin rights is given the wrong URL for the user manager: Looks like it's due to an instance of an incorrect usage of a wildcard when attempting to patch the page. The new str... Jim Pingle
07:47 AM Bug #9541: Non-admin user with admin rights is given the wrong URL for the user manager: Also get https://x.x.x.x/system_usermanager_passwordmg.php when you use FreeRadius for the user auth. Andy Kniveton

05/20/2019

09:46 PM pfSense Packages Bug #9542 (Closed): FreeRadius with MySQL not started and require mysql-client packet: Hello!
Freedaius start log (with Mysql-enable)
> Could not link driver rlm_sql_mysql: Shared object "libmysqlclient... Konstantin Ab
07:49 PM Bug #9541 (Resolved): Non-admin user with admin rights is given the wrong URL for the user manager: In 2.4.4p3 a user with admin rights that is not the admin user is given when opening the user manager:
https://x.x.x... Steve Wheeler
06:44 PM Bug #9539: HA: admin user's authorized key(s) won't get synced: This is to do with how users are synced in /usr/local/www/xmlrpc.php
In this file one will find:... James Webb
03:54 AM Bug #9539 (Resolved): HA: admin user's authorized key(s) won't get synced: Follow up from the forums: https://forum.netgate.com/topic/143452/admin-user-not-fully-synced/3
We had that tested... Jens Groh
03:36 PM Revision 057d15dc: Fix a potential source of PHP errors when saving per-log settings. Fixes #9540: While here, fix save descriptions.
(cherry picked from commit 303641f8283016a88f53c7743c962e16ba683579) Jim Pingle
03:35 PM Revision 303641f8: Fix a potential source of PHP errors when saving per-log settings. Fixes #9540: While here, fix save descriptions. Jim Pingle
10:45 AM Bug #9540 (Feedback): PHP Uncaught Error in Status/System Logs/Firewall/Dynamic View: Applied in changeset commit:303641f8283016a88f53c7743c962e16ba683579. Jim Pingle
10:33 AM Bug #9540: PHP Uncaught Error in Status/System Logs/Firewall/Dynamic View: I can't reproduce this on 2.5.0 or 2.4.4-p3. I can change the setting every which way, no errors. That said, I can so... Jim Pingle
09:19 AM Bug #9540 (Resolved): PHP Uncaught Error in Status/System Logs/Firewall/Dynamic View: I clicked the wrench in the upper-right corner to change the display to reverse order (newest first) and I got this f... Jay Simons
08:14 AM Bug #9362: rc.dyndns.update: Cloudflare DDNS with proxy enabled doesn't work at all: Chiming in that this is broken for me as well, as described in the original description.
2.4.4-p2 Berzerker Berzerker

05/19/2019

08:21 PM Bug #9294 (Resolved): XSS issues on multiple pages: Jim Pingle
08:20 PM Todo #9511 (Resolved): OpenVPN server/client/override advanced settings privilege separation: Jim Pingle
06:27 AM Feature #9538 (Resolved): add support for athp(4) driver: It would be great to get the athp driver into a 2.5 snapshot for testing. what we need is kernel with option ALQ and ... Manuel Piovan
05:43 AM pfSense Packages Bug #9537 (New): One month offset in displayed data between time changes: There is a bug in the Status > Traffic Totals package with a one-month offset in displaying data. The offset occurs a... Anonymous

05/18/2019

11:52 AM Bug #9535: Captive Portal users can't access internet after reboot ?: this issue is already discussed there but can't find any solution.
https://forum.netgate.com/topic/136262/clients-... Adeel Asghar
11:31 AM Bug #9535 (Rejected): Captive Portal users can't access internet after reboot ?: There is not enough information here for a valid bug report. Post on the forum to discuss and diagnose the issue befo... Jim Pingle
05:30 AM Bug #9535 (Rejected): Captive Portal users can't access internet after reboot ?: Hi,
in Pfsense after 2.4.4 upgarade captive portal users remain logged in after system reboot but can't access to in... Adeel Asghar
11:40 AM Feature #9536 (New): Support dynamic prefix in DHCPv6 Server: Most of the ISPs using dynamic IPv6 PD. Pfsense receive the prefix and can allocate a /64 prefix on LAN interfaces (T... Jozsef Krizsik

05/17/2019

08:08 PM Bug #9534 (Rejected): Captive Portal users can't disconnect after reboot ?: Do not report bugs against outdated versions. Update to the latest supported version and if you can reproduce the iss... Jim Pingle
06:13 PM Bug #9534 (Rejected): Captive Portal users can't disconnect after reboot ?: Hi,
in Pfsense 2.4.4 captive portal users remain logged in after system reboot but can't access to internet and the... Adeel Asghar
04:02 PM Feature #9531: [IPSEC] Add additional curve-based DH Groups (31+): Alright will test within our lab setup and try it with the customer if that works. Will report back! Jens Groh
03:46 PM Feature #9531: [IPSEC] Add additional curve-based DH Groups (31+): The first patch above, commit:4fc267484e604509b072b398642f19cb6797ef21, applies cleanly to 2.4.4-p2 and 2.4.4-p3 and ... Jim Pingle
03:37 PM Feature #9531: [IPSEC] Add additional curve-based DH Groups (31+): Jim Pingle wrote:
> The first patch to add group 31 might, but the 32 would not since it requires a patch to strongS... Jens Groh
03:31 PM Feature #9531: [IPSEC] Add additional curve-based DH Groups (31+): Jens Groh wrote:
> Just curious: would the changeset be appliable to 2.4.4-p3 when released?
The first patch to a... Jim Pingle
03:28 PM Feature #9531: [IPSEC] Add additional curve-based DH Groups (31+): Just curious: would the changeset be appliable to 2.4.4-p3 when released?
I have a current customer that would lik... Jens Groh
03:08 PM Feature #9531 (Feedback): [IPSEC] Add additional curve-based DH Groups (31+): Looks good on the current snapshot with group 31 and 32
Jim Pingle
10:27 AM Feature #9531 (In Progress): [IPSEC] Add additional curve-based DH Groups (31+): That was quick. Fix is in upstream: https://wiki.strongswan.org/projects/strongswan/repository/revisions/97708f7ff757... Jim Pingle
10:15 AM Feature #9531 (Feedback): [IPSEC] Add additional curve-based DH Groups (31+): Applied in changeset commit:4fc267484e604509b072b398642f19cb6797ef21. Jim Pingle
10:04 AM Feature #9531: [IPSEC] Add additional curve-based DH Groups (31+): Group 31 (curve25519) works. Group 32 (curve448) does not. Appears to be a strongSwan issue, I raised a bug report up... Jim Pingle
08:16 AM Feature #9531 (In Progress): [IPSEC] Add additional curve-based DH Groups (31+): Jim Pingle
06:13 AM Feature #9531 (Resolved): [IPSEC] Add additional curve-based DH Groups (31+): DH Group 31/32 (incl. curve25519) variants are available in Strongswan and it would be nice to have them as additions... Jens Groh
03:44 PM Revision 3f45cc99: Add in DH 32, a patch for strongSwan will be in soon to test with. Issue #9531: Jim Pingle
03:06 PM Revision 4fc26748: Add RFC 8031 Group 31 to IPsec. Implements #9531: Jim Pingle
01:44 PM Bug #9478: Unable to check for updates from the GUI when using a proxy with authentication: This also affects console option 13. I can't run option 13 with proxy+auth set, but if I drop to a shell, pfSense-upg... Jim Pingle
01:20 PM Feature #2358: NAT64 support: I was disappointed that this has not been at least added to the roadmap for 2.5. It seems as though Netgate didn't ca... Rick Coats
12:21 PM Bug #9533: XG-7100 FAT config restore not working post-install: It looks to me like the USB drive is being detected and loaded after the ECL has run which why it does not see the co... Steve Wheeler
11:37 AM Bug #9533 (Resolved): XG-7100 FAT config restore not working post-install: With the recent pfSense releases, it's possible to restore a configuration by copying the config.xml to a FAT partiti... Clinton Cory
10:42 AM Feature #9532 (Resolved): GUI indication and options for MDS mitigation: Similar to the option for Kernel PTI on system_advanced_misc.php we should have an option for MDS.
It is controlle... Jim Pingle

05/16/2019

08:44 PM pfSense Packages Feature #9530 (Duplicate): FRR package add sync function to HA / backup firewall: If you're using FRR and the existing feature;
*CARP Status IP* _Used to determine the CARP status. When the CARP vhi... Steven Perreau
08:42 PM Bug #1605: DHCP Server should group known clients by interface: Segregation by class (assumed to be directly linked to interface) is now possible.
https://github.com/pfsense/pfse... Daniel Koh
08:36 PM pfSense Packages Feature #9529 (Resolved): Version upgrade for FRR package and support new faster OSPF convergence features: Version bump up in FRR and please add GUI support for faster convergence features in latest FRR;
*ip ospf dead-int... Steven Perreau
08:24 PM pfSense Packages Bug #9528 (Duplicate): FRR OSPF state stuck in Extart / Exchange because of MTU following pfSense restart: 1. Build FRR with OSPF, build the VTi interfaces, etc. Start OSPF and it will work. OSFP will link up neighbor state ... Steven Perreau
12:53 PM Revision 0a9163aa: Feature #9527 - LDAP extended query on groups in RFC2307 containers.: Steve Powers
11:35 AM Bug #9390 (Resolved): diag_backup.php: Backup output generation failure with CSRF script tag inserted into XML: Unable to reproduce on -p3. Looks good all around.
No CSRF string in a previously affected system, and also a comp... Jim Pingle
11:30 AM Bug #9508 (Resolved): Potential XSS in services_acb.php via download parameter: Unable to reproduce on -p3. Looks good. Jim Pingle
11:27 AM Bug #9499 (Resolved): Potential XSS in status_filter_reload.php via NAT rule description: Unable to reproduce on -p3. Looks good.
Jim Pingle
11:27 AM Bug #9507 (Resolved): Potential XSS in WOL widget (widgets/widgets/wage_on_lan_widget.php) via WOL entry description: Unable to reproduce on -p3. Looks good.
Jim Pingle
11:14 AM Bug #9519 (Resolved): Fix ACB Privileges: Privileges are not present on -p2
Privileges are on -p3 and work as intended
Jim Pingle
11:08 AM Bug #9313 (Resolved): PHP Fatal error: Uncaught Error: Call to a member function addGlobal() on null in /usr/local/www/firewall_shaper_vinterface.php:415: Tested on a different system. Saw the PHP the error on 2.4.4-p2, upgraded to -p3 and only the nice "Queue not found" ... Jim Pingle
08:03 AM Feature #9527: Add ability for LDAP extended query on groups in RFC2307 containers.: Jim Pingle wrote:
> This looks good to me at a glance, do you mind submitting this as a pull request on Github?
>
... Steve Powers
07:21 AM Feature #9527: Add ability for LDAP extended query on groups in RFC2307 containers.: I noticed there was an erroneous reference to $userdn in the last debug() function, this updated patch removes that:
Steve Powers
07:19 AM Feature #9527: Add ability for LDAP extended query on groups in RFC2307 containers.: This looks good to me at a glance, do you mind submitting this as a pull request on Github?
https://docs.netgate.c... Jim Pingle
07:08 AM Feature #9527 (Resolved): Add ability for LDAP extended query on groups in RFC2307 containers.: We have successfully deployed OpenLDAP authentication on several pfSense units, but needed to limit access to certain... Steve Powers

05/15/2019

08:24 PM Bug #9526: /var/log/nginx/error.log - Never cleared, invisible, always grows until /var overflows :(: For the vast majority of users, the nginx log does not contain much of anything. I'd look into what you've got going ... Jim Pingle
08:22 PM Bug #9526: /var/log/nginx/error.log - Never cleared, invisible, always grows until /var overflows :(: Half-baked workaround: add an earlyshellcmd of... Pete Holzmann
07:30 PM Bug #9526: /var/log/nginx/error.log - Never cleared, invisible, always grows until /var overflows :(: Jim Pingle wrote:
> Will be irrelevant soon due to #8350
In the meantime, a real killer ;)
Pete Holzmann
07:28 PM Bug #9526 (Duplicate): /var/log/nginx/error.log - Never cleared, invisible, always grows until /var overflows :(: Will be irrelevant soon due to #8350 Jim Pingle
07:26 PM Bug #9526 (Duplicate): /var/log/nginx/error.log - Never cleared, invisible, always grows until /var overflows :(: +*SYMPTOMS*+
* My /var partition overflowed, causing havoc.
* Found a huge /log/nginx/error.log with many weeks of ... Pete Holzmann
08:18 PM Revision 2bf6d432: Revert "LDAP TLS option update. Implements #9417": This reverts commit efdba6ca75e001e8426b2ecab49f71b53d5c9e30. Jim Pingle
05:43 PM Revision 22d6b2c4: Use correct certificate path for LDAP: Jim Pingle
04:19 PM Bug #9223 (Resolved): SSHGUARD doesn't work as expected: Confirmed against CE 2.4.4p2. Triggering lockout via SSH still allows unlimited login attempts at the gui.
Confirm... Steve Wheeler
03:35 PM Todo #9417: Convert LDAP TLS setup from environment to LDAP_OPT_X_TLS_* set options: It looks like LDAP_OPT_X_TLS_CACERTDIR and LDAP_OPT_X_TLS_CACERTFILE are being set but for some reason not honored as... Jim Pingle
03:28 PM Todo #9417 (New): Convert LDAP TLS setup from environment to LDAP_OPT_X_TLS_* set options: Jim Pingle
03:25 PM Todo #9417 (Feedback): Convert LDAP TLS setup from environment to LDAP_OPT_X_TLS_* set options: Applied in changeset commit:2bf6d4322622765bd1ce6ca8915ff75890885566. Jim Pingle
03:17 PM Todo #9417 (New): Convert LDAP TLS setup from environment to LDAP_OPT_X_TLS_* set options: Upon further testing this does not appear to be working for self-signed certificates. It works for global, however. W... Jim Pingle
11:18 AM Todo #9417 (Resolved): Convert LDAP TLS setup from environment to LDAP_OPT_X_TLS_* set options: Jim Pingle
01:12 PM Bug #4584: Static Mapped clients on one LAN get a DHCP IP from another LAN even when Deny unknown clients is checked on the other LAN: New PR to fix this: https://github.com/pfsense/pfsense/pull/4066 Daniel Koh
12:38 PM Bug #9225: Gateway group routing not updated on OpenVPN client reconnect: I too have this exact problem, on multiple installations...
The problem exists with two PPPoE connections too.
Ha... Riccardo Di Sarcina
12:05 PM Feature #9525: Automatic checksums on GPS init strings: Sorry, I must have had potatoes on my eyes...
...thanks for pointing out what should have been obvious. Ronald Antony
11:14 AM Feature #9525 (Rejected): Automatic checksums on GPS init strings: There is already a checkbox to automatically correct lines and add checksums. Jim Pingle
12:06 AM Feature #9525 (Rejected): Automatic checksums on GPS init strings: Under
Services > NTP > Serial GPS there's a section GPS Initialization that takes command strings.
It would be n... Ronald Antony
11:39 AM Bug #9359 (Resolved): diag_tables.php duplicate entries from webConfigurator lockout table: Jim Pingle
11:29 AM Bug #9359: diag_tables.php duplicate entries from webConfigurator lockout table: 2.4.4-p3 looks good
Tested against sshguard table since webConfiguratorlockout table has been deprecated by #9223 ... Chris Linstruth
11:13 AM Bug #9513: Privilege bypass due to relative paths in URL after initial page filename: I was able to get the configuration xml following the commands above on the :
2.4.4-RELEASE-p2 (arm64)
built on W... Danilo Zrenjanin
11:03 AM Bug #9513 (Resolved): Privilege bypass due to relative paths in URL after initial page filename: A few of us have been hammering on this internally and thus far haven't been able to break it with the patch applied.... Jim Pingle
03:41 AM Bug #9513: Privilege bypass due to relative paths in URL after initial page filename: I am not 100% confident that I am testing this correctly but I was able to get the configuration xml from 1 2.4.4-p2 ... Chris Linstruth
11:12 AM Bug #9207 (Resolved): Phase1s created before pfSense 2.1.0 no longer work after upgrade to 2.4.3: IPsec ERROR: Could not find phase 1 source for connection [redacted]. Omitting from configuration file.: Jim Pingle
01:12 AM Bug #9207: Phase1s created before pfSense 2.1.0 no longer work after upgrade to 2.4.3: IPsec ERROR: Could not find phase 1 source for connection [redacted]. Omitting from configuration file.: 2.4.4-p3
Restored an 18.9 configuration with protocol intentionally removed. The configuration was updated to 19.1... Chris Linstruth
11:12 AM Bug #9281 (Resolved): ZFS encrypted+mirrored swap may not be activated on 2.4.4-p2: Jim Pingle
01:50 AM Bug #9281: ZFS encrypted+mirrored swap may not be activated on 2.4.4-p2: 2.4.4-p3
Installed 2.4.4-p1 with ZFS Mirrored, Encrypted swap. Looked good.
Upgraded to 2.4.4-p2 - No swap availa... Chris Linstruth
08:36 AM Bug #9512 (Resolved): Privilege bypass due to match style used by widget privileges: Jim Pingle
03:48 AM Bug #9512: Privilege bypass due to match style used by widget privileges: Confirmed user could access any page by appending ?&.widget.php to the URL in 2.4.4-p2. 2.4.4-p3 only allowed access ... Chris Linstruth
03:26 AM pfSense Packages Bug #9524: HAProxy-Backend blocks routed vlan traffic: Hi guys,
thanks for your answers.
I didn't recognize the warning above the the "Use Client-IP" feature. I am sorry... Jonas Bechtel

05/14/2019

11:09 PM pfSense Packages Bug #9424: arpwatch package logs CARP MAC address changes: Just a note that upstream arpwatch from FreeBSD was updated.
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=235... Art Manion
11:08 PM Todo #9417: Convert LDAP TLS setup from environment to LDAP_OPT_X_TLS_* set options: 2.4.4-p3
This all seems to work. It also seems much more consistent as posited in the description. I did a lot of ... Chris Linstruth
01:44 PM pfSense Packages Bug #9524: HAProxy-Backend blocks routed vlan traffic: Its likely because of transparent-client-ip feature enabled in the backend of haproxy, combined with the 'bug' / miss... Pi Ba
10:26 AM pfSense Packages Bug #9524 (Not a Bug): HAProxy-Backend blocks routed vlan traffic: This is almost certainly a configuration issue, and this site is not for support or diagnostic discussion.
For ass... Jim Pingle
09:56 AM pfSense Packages Bug #9524 (Not a Bug): HAProxy-Backend blocks routed vlan traffic: Hi everybody,
we have a weird haproxy-backend problem. HAProxy-backends seems to block routet traffic between two co... Jonas Bechtel
12:12 PM Bug #9317 (Resolved): Warning/crash when adding a new user and choosing to generate a certificate: Jim Pingle
12:11 PM Bug #9317 (Rejected): Warning/crash when adding a new user and choosing to generate a certificate: Jim Pingle
11:42 AM Bug #9317: Warning/crash when adding a new user and choosing to generate a certificate: Tried on 2.4.4-p3. I do not observe the issue. User and its cert were created without errors and warnings. I tried to... Constantine Kormashev
10:32 AM Bug #9409 (Resolved): Crash dumps cannot be saved when RAM disks are enabled for /var: Jim Pingle
10:30 AM Bug #9409: Crash dumps cannot be saved when RAM disks are enabled for /var: Tried on 2.4.4-p3. Set RAM Disk Size to 100 (enable swap) and perform sysctl debug.kdb.panic=1, /var/crash contains d... Constantine Kormashev
10:28 AM Bug #9264 (Resolved): Disabling "IPv6 over IPv4 Tunneling" breaks config: Jim Pingle
08:04 AM Bug #9264: Disabling "IPv6 over IPv4 Tunneling" breaks config: Tried on 2.4.4-p3. I do not observe the issue.
0. set IPv6 on LAN
1. enable "IPv6 over IPv4 Tunneling" and set an... Constantine Kormashev
09:40 AM Bug #4584: Static Mapped clients on one LAN get a DHCP IP from another LAN even when Deny unknown clients is checked on the other LAN: Bringing this up again to see if anyone will fix. Daniel Koh
07:14 AM Bug #9193 (Resolved): firewall_nat.php: PHP error deleting an imported NAT rule with no firewall rules present: Jim Pingle
05:01 AM Bug #9193: firewall_nat.php: PHP error deleting an imported NAT rule with no firewall rules present: Tried on 2.4.4-p3, I do not observe the issue. I could upload config with empty firewall rule list <filter></filter>,... Constantine Kormashev
07:14 AM Bug #9316 (Resolved): diag_backup.php: Parse error: syntax error, unexpected ';' in /usr/local/www/diag_backup.php on line 333: Jim Pingle
12:12 AM Bug #9316: diag_backup.php: Parse error: syntax error, unexpected ';' in /usr/local/www/diag_backup.php on line 333: 2.3.3-p3 looks good:
Verified configuration can be backed up and restored and also verified the missing close-pare... Chris Linstruth
07:14 AM Bug #9283 (Resolved): Not obvious that HA sync will still sync certs if cert sync disabled but OpenVPN sync enabled: Jim Pingle
07:14 AM Bug #9275 (Resolved): ip tools link not working: Jim Pingle
07:14 AM Bug #9276 (Resolved): DNS troubleshooting tool incorrectly reporting "ai." as an invalid hostname: Jim Pingle
07:13 AM Bug #9446 (Resolved): Filter reload error with NAT reflection enabled: Jim Pingle
07:13 AM Feature #9290 (Resolved): Need a way to suppress status output display in /status.php: Jim Pingle
07:13 AM Bug #9470 (Resolved): unbound remotecontrol.conf not rewritten when the file is empty: Jim Pingle
07:13 AM Bug #9231 (Resolved): firewall_aliases_edit.php: pf keyword matching is not catching some problem cases: Jim Pingle
07:12 AM Bug #9239 (Resolved): WebGUI: Diagnostics > Packet Capture will try to display any size of pcap file.: Jim Pingle
07:12 AM Feature #8602 (Resolved): DNS over TLS host verification: Jim Pingle
06:24 AM Bug #9004 (Resolved): Default gateway IPv4 set to a group fails after restart on 2.4.4: Renato Botelho
04:26 AM Bug #9004: Default gateway IPv4 set to a group fails after restart on 2.4.4: 2.4.4-p3 does not observe the issue.
WAN_Failover GW Group with 2 links: WAN Tier1 and WAN2 Tier2, set as default GW... Constantine Kormashev
06:23 AM Bug #9308 (Resolved): Missing countries from list used on certificate pages: Renato Botelho
12:02 AM Bug #9308: Missing countries from list used on certificate pages: 2.4.4-p3 looks good:
Country list populated and /etc/ca_countries removed. Chris Linstruth

05/13/2019

11:57 PM Bug #9283: Not obvious that HA sync will still sync certs if cert sync disabled but OpenVPN sync enabled: 2.4.4-p3 looks good:
NAT configuration
IPsec configuration
OpenVPN configuration (Implies CA/Cert/CRL Sync)
DHC... Chris Linstruth
11:53 PM Bug #9275: ip tools link not working: 2.4.4-p3
Links not present in *Diagnostics > DNS Lookup* nor *Diagnostics > Traceroute* results. Chris Linstruth
11:47 PM Bug #9276: DNS troubleshooting tool incorrectly reporting "ai." as an invalid hostname: 2.4.4-p3
*Diagnostics > DNS Lookup* accepts _ai._ as a hostname and returns valid results. Ran a couple other quer... Chris Linstruth
11:44 PM Bug #9446: Filter reload error with NAT reflection enabled: 2.4.4-p3 looks good:
# Reflection redirects and NAT for 1:1 mappings
rdr on { vtnet0 vtnet2 enc0 openvpn } from a... Chris Linstruth
10:18 PM Feature #9290: Need a way to suppress status output display in /status.php: 2.4.4-p3:
Tested normal, archiveonly, nocleanup and from the shell. All looked good. Thank you so much for this. Chris Linstruth
10:12 PM Bug #9470: unbound remotecontrol.conf not rewritten when the file is empty: 2.4.4-p3 Looks good:
cp /dev/null /var/unbound/remotecontrol.conf
Save unbound configuration
/var/unbound/remote... Chris Linstruth
10:08 PM Bug #9231: firewall_aliases_edit.php: pf keyword matching is not catching some problem cases: 2.4.4-p3:
Could not create aliases with the same name as the pfSense interface name or the descriptive name of any e... Chris Linstruth
10:03 PM Bug #9239: WebGUI: Diagnostics > Packet Capture will try to display any size of pcap file.: Looks good.
Packet capture file is too large to display in the GUI.
Download the file, or view it in the console ... Chris Linstruth
09:51 PM Feature #8602 (Feedback): DNS over TLS host verification: Looks good with the new build with unbound 1.9.1. Only fails with a bogus hostname defined. Works with either 149.112... Chris Linstruth
02:44 PM Feature #8602 (Assigned): DNS over TLS host verification: Looks like we'll need to import Unbound 1.9.0 Jim Pingle
02:41 PM Feature #8602: DNS over TLS host verification: 2.4.4-p3:
May 13 19:39:24 unbound 82673:1 error: no name verification functionality in ssl library, ignored nam... Chris Linstruth
03:36 PM Revision 657ab393: Welcome 2.4.4-RELEASE-p3: Renato Botelho
03:22 PM Bug #9214 (Resolved): Packages fail to reinstall after restoring config.xml from the installer: Jim Pingle
02:57 PM Bug #9214: Packages fail to reinstall after restoring config.xml from the installer: I upgraded from 2.4.4-p2 to 2.4.4-p3 using the iso and confix.xml recovery.
Got the banner that package install wa... Chris Linstruth
10:35 AM Bug #9214 (Feedback): Packages fail to reinstall after restoring config.xml from the installer: Jim Pingle
03:02 PM Revision 92d5396f: Implement new OpenVPN advanced options privilege. Fixes #9511: (cherry picked from commit 4a1841a1fabcba0100f6a4f505fc1e132c29da20) Jim Pingle
03:02 PM Revision 0dd99de7: Remove Advanced box from OpenVPN Wizard. Issue #9511: (cherry picked from commit b8ca6554d022e99921835a2fdb35103f41a7302e) Jim Pingle
03:01 PM Revision 4a1841a1: Implement new OpenVPN advanced options privilege. Fixes #9511: Jim Pingle
03:01 PM Revision b8ca6554: Remove Advanced box from OpenVPN Wizard. Issue #9511: Jim Pingle
02:50 PM Feature #9096 (Resolved): Login Page: Make pfSense Login Page Tab Name More Unique: Short hostname seems good enough to me. If you have enough tabs open to need the distinction, the size of most tabs w... Jim Pingle
02:47 PM Feature #9096: Login Page: Make pfSense Login Page Tab Name More Unique: This is a big help. Looks good. Thank you. Not sure if this should be the entire FQDN like the post-login title.
Chris Linstruth
10:58 AM Bug #9459: patch pf: silence a runtime warning pfr_update_stats: assertion failed.: So I was able to find another way to keep nat reflection turned on and stop the spam. I changed one of the port forwa... rub man
10:42 AM Bug #8970: Queues Menu item ends with ":": This was fixed likely before -p3, but those versions are closed, so I'll move it to -p3. Jim Pingle
10:10 AM Todo #9511 (Feedback): OpenVPN server/client/override advanced settings privilege separation: Applied in changeset commit:4a1841a1fabcba0100f6a4f505fc1e132c29da20. Jim Pingle
10:01 AM Todo #9511: OpenVPN server/client/override advanced settings privilege separation: * Removed Advanced options from the OpenVPN wizard. If a user has privileges for it, they can add the settings later.... Jim Pingle
06:37 AM Feature #1189: Gateway: Multiple monitor ips: +1
Please consider implementing this. I just experienced my first down time because 1.0.0.1 was unavailable from You... Stefan B. Christensen

05/12/2019

11:15 PM pfSense Packages Bug #9502: ACME's XMLRPC restart of remote webgui sometimes retains old certificates: Jim Pingle wrote:
> I am not sure it would be related to what you saw, but you might give the newest version of the ... Mike Barnes
11:02 AM pfSense Packages Feature #9523: LADVD: Feature to enable setting interface descriptions: Looking at FreeNAS, they've got a much more succinct description and only added support for the -z option, which seem... Jason Unovitch
10:21 AM pfSense Packages Feature #9523 (Resolved): LADVD: Feature to enable setting interface descriptions: Good day. I'd be interested in seeing options for the -y and -z flag to LADVD get added.
These are explain in ladv... Jason Unovitch
07:54 AM Bug #9223: SSHGUARD doesn't work as expected: Jim Pingle wrote:
>
> We opted not to add any more patches on top of sshguard, but you should absolutely submit th... Joshua Sign
06:41 AM Bug #9522 (Resolved): Diagnostics > System Activity shows only the header: In current 2.5 snapshots the 'top' output in Diagnostics > System Activity seems truncated.
I see only:... Steve Wheeler
05:33 AM pfSense Packages Feature #9521 (Resolved): Upgrade to HAProxy 1.9: Some of our backends support HTTP/2, but it seems that HAProxy 1.8 only support HTTP/2 for the frontends.
The latest... S. Debreuil

05/11/2019

10:55 PM Revision 7ccb4524: Fix ACB privileges. Fixes #9519: (cherry picked from commit 18c1de41332473dacd8a24ddf34e558f6366c714) Jim Pingle
10:55 PM Revision 18c1de41: Fix ACB privileges. Fixes #9519: Jim Pingle
07:38 PM pfSense Docs Correction #9520 (Closed): Feedback on Routing and Multi-WAN — Gateway Settings: *Page:* https://docs.netgate.com/pfsense/en/latest/routing/gateway-configure.html
*Feedback:* There is no document... Brendon Baumgartner
06:05 PM Bug #9470 (Feedback): unbound remotecontrol.conf not rewritten when the file is empty: Jim Pingle
06:05 PM Bug #9519 (Feedback): Fix ACB Privileges: Applied in changeset commit:18c1de41332473dacd8a24ddf34e558f6366c714. Jim Pingle
05:48 PM Bug #9519 (Resolved): Fix ACB Privileges: ACB pages have missing/incorrect privilege headers, and are not listed in the privilege list properly. Jim Pingle
06:05 PM Bug #9446 (Feedback): Filter reload error with NAT reflection enabled: Jim Pingle
06:05 PM Feature #9290 (Feedback): Need a way to suppress status output display in /status.php: Jim Pingle
06:05 PM Bug #9281 (Feedback): ZFS encrypted+mirrored swap may not be activated on 2.4.4-p2: Jim Pingle
06:05 PM Bug #9276 (Feedback): DNS troubleshooting tool incorrectly reporting "ai." as an invalid hostname: Jim Pingle
06:04 PM Bug #9275 (Feedback): ip tools link not working: Jim Pingle
06:04 PM Bug #9264 (Feedback): Disabling "IPv6 over IPv4 Tunneling" breaks config: Jim Pingle
06:04 PM Bug #9239 (Feedback): WebGUI: Diagnostics > Packet Capture will try to display any size of pcap file.: Jim Pingle
06:04 PM Bug #9231 (Feedback): firewall_aliases_edit.php: pf keyword matching is not catching some problem cases: Jim Pingle
06:04 PM Bug #9193 (Feedback): firewall_nat.php: PHP error deleting an imported NAT rule with no firewall rules present: Jim Pingle
06:04 PM Feature #8602 (Feedback): DNS over TLS host verification: Jim Pingle
05:21 PM Feature #9096 (Feedback): Login Page: Make pfSense Login Page Tab Name More Unique: Implemented in commit:814a7c2f1d828fedef13bb2bf326d8014e9e25bf (master) and commit:87642f6bd1fc96f116ee6756a15ef2a9cf... Jim Pingle
09:17 AM Bug #9514 (Not a Bug): DNS servers: The DNS Resolver (Unbound) doesn't work that way.
You can do that in the DNS forwarder by telling it to query sequ... Jim Pingle
08:56 AM Bug #9514 (Not a Bug): DNS servers: Right now, the query order for DNS servers can vary based on query times. Using DNS from multiple providers is great ... Dallas Haselhorst

05/10/2019

08:20 PM Revision 6cb5a937: Rewrite unbound remotecontrol.conf when it is empty. Fixes #9470: (cherry picked from commit 4b70a2006e6afb7813344eec8cafb8570e67256b) Jim Pingle
08:20 PM Revision 44fb8aca: Add back DNS over TLS host verification code. Fixes #8602: Requires Unbound 1.9.0_1 from pfsense/freebsd-ports, which fixes a bug
in Unbound 1.9.0 which did not fully implement... Jim Pingle
08:19 PM Revision fdb7f0a5: status.php updates: * Ensure firewall info is generated when run from the CLI
* For SG-1100, also include its public key
(cherry picked ... Jim Pingle
08:19 PM Revision c6d54302: Fix another typo: (cherry picked from commit a0930ca608eb6b22b256c95ab2d829932b085f82) Jim Pingle
08:19 PM Revision ff32782a: Add parens around NAT reflection rule interface. Fixes #9446: (cherry picked from commit 8800ee6f90d2ac91ca9c2886bd260bc1a4e12893) Jim Pingle
08:19 PM Revision 1f5fcdb7: Fix typo: (cherry picked from commit 929cc874f6d32908739cc30e70c0eeba25127fb8) Jim Pingle
07:55 PM Revision 70f50a2b: Fix a typo.: Reported by: jimt
(cherry picked from commit b0945941088c7383882688a6c6e774eb831f6486) Luiz Souza
07:55 PM Revision 87642f6b: #9096 - updated login title: (cherry picked from commit 814a7c2f1d828fedef13bb2bf326d8014e9e25bf) Clinton Cory
07:55 PM Revision efdba6ca: LDAP TLS option update. Implements #9417: (cherry picked from commit 996a1ad90e5682bf881bafd8b75d1b1a7e3f7831) Jim Pingle
07:52 PM Revision 4a762cf0: Update copyright notices to 2019. Happy New Year: (cherry picked from commit 0b4c14a491664053aad3cc76e1ffd67b70ff2da1) Steve Beaver
07:30 PM Revision ffe379ad: Strengthen path privilege check. Fixes #9513: * Removes/resolves any relative paths in the submitted URL
* Validates that the file exists
* Trims the path componen... Jim Pingle
07:28 PM Revision 0604f688: Strengthen path privilege check. Fixes #9513: * Removes/resolves any relative paths in the submitted URL
* Validates that the file exists
* Trims the path componen... Jim Pingle
02:40 PM Bug #9513 (Feedback): Privilege bypass due to relative paths in URL after initial page filename: Applied in changeset commit:0604f68855ff65b92cdebd57a08a2ceccbef675c. Jim Pingle
02:27 PM Bug #9513: Privilege bypass due to relative paths in URL after initial page filename: I was finally able to reproduce this, it took some extra parameters in cURL to make it happen.
Setup:
* Create a ... Jim Pingle
10:35 AM Bug #9294 (Feedback): XSS issues on multiple pages: These have all been handled but need testing and confirmation of the fixes. Jim Pingle

05/09/2019

08:40 PM Revision 2d7ec8bf: Make widget privilege matching more specific. Fixes #9512: (cherry picked from commit bc319bc01a4d709b39e4c93c7223d277ee666bff) Jim Pingle
08:39 PM Revision bc319bc0: Make widget privilege matching more specific. Fixes #9512: Jim Pingle
08:23 PM Revision a8a07cfb: Add warning for OpenVPN client, server, and override privileges.: Since these can use OpenVPN advanced directives to call external
scripts, they can be used to run commands that the u... Jim Pingle
08:22 PM Revision f75b0eb8: Add warning for OpenVPN client, server, and override privileges.: Since these can use OpenVPN advanced directives to call external
scripts, they can be used to run commands that the u... Jim Pingle
07:17 PM Revision 48ab49ab: Encode download parameter before use. Fixes #9508: (cherry picked from commit ce77c104eee92cfbbc0d84980e60899295dadeac) Jim Pingle
07:17 PM Revision ce77c104: Encode download parameter before use. Fixes #9508: Jim Pingle
06:20 PM Todo #6647: Enable Additional Security Headers: A quick test with the below inserted into head.inc... Bill Marquette
05:26 PM Bug #6167: IPsec IPComp not working: Is this actually ever going to happen? For three years now, this is just moving from one release to the next, without... Ronald Antony
03:51 PM Bug #9513 (Resolved): Privilege bypass due to relative paths in URL after initial page filename: N.B.: I have not yet managed to reproduce this, adding it based on a user report.
Due to the way the privilege sys... Jim Pingle
03:45 PM Bug #9512 (Feedback): Privilege bypass due to match style used by widget privileges: Applied in changeset commit:bc319bc01a4d709b39e4c93c7223d277ee666bff. Jim Pingle
03:39 PM Bug #9512: Privilege bypass due to match style used by widget privileges: Changing the match to start with the path to the widgets works around the problem:... Jim Pingle
03:37 PM Bug #9512 (Resolved): Privilege bypass due to match style used by widget privileges: The current dashboard and widget privileges specify a leading wildcard, for example:... Jim Pingle
03:19 PM Bug #9489: pfsense with ha closing sessions when apply any rule, xmlrpc erros are shown: This is not a bug, but a problem with your configuration. This site is not for support or diagnostic discussion.
F... Jim Pingle
03:06 PM Bug #9489: pfsense with ha closing sessions when apply any rule, xmlrpc erros are shown: running packages:
pfBlockerNG-devel
Service_Watchdog
snort
squid
squidGuard
chris j
03:04 PM Bug #9489: pfsense with ha closing sessions when apply any rule, xmlrpc erros are shown: A communications error occurred while attempting to call XMLRPC method restore_config_section: @ 2019-05-09 20:54:59
... chris j
03:03 PM Bug #9489: pfsense with ha closing sessions when apply any rule, xmlrpc erros are shown: I 2nd this issue, brand new install setup HA cluster with just two machines, everything seems fine and config seems t... chris j
03:17 PM Todo #9511: OpenVPN server/client/override advanced settings privilege separation: If or when this is implemented, the warnings added for #9510 can be removed. Jim Pingle
03:15 PM Todo #9511 (Resolved): OpenVPN server/client/override advanced settings privilege separation: This issue needs some additional thought and debate.
Due to advanced directives in OpenVPN it is possible for user... Jim Pingle
02:25 PM Bug #9508 (Feedback): Potential XSS in services_acb.php via download parameter: Applied in changeset commit:ce77c104eee92cfbbc0d84980e60899295dadeac. Jim Pingle
02:16 PM Bug #9508 (Resolved): Potential XSS in services_acb.php via download parameter: Attempt to load /services_acb.php?download=%22%3E%3Cscript%3Ealert(1)%3C/script%3E and the client displays a JS alert... Jim Pingle

05/08/2019

08:44 PM Revision 5b5bb248: Encode descr in the WOL widget. Fixes #9507: (cherry picked from commit 5789a02eab9b2ebbcb1f28d1d037b408b436a853) Jim Pingle
08:44 PM Revision 5789a02e: Encode descr in the WOL widget. Fixes #9507: Jim Pingle
03:50 PM Bug #9507 (Feedback): Potential XSS in WOL widget (widgets/widgets/wage_on_lan_widget.php) via WOL entry description: Applied in changeset commit:5789a02eab9b2ebbcb1f28d1d037b408b436a853. Jim Pingle
03:44 PM Bug #9507 (Resolved): Potential XSS in WOL widget (widgets/widgets/wage_on_lan_widget.php) via WOL entry description: The WOL widget, widgets/widgets/wage_on_lan_widget.php, does not encode the description before display, so user-enter... Jim Pingle
09:06 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: As a workaround I have installed the Cron package with the following additional entries:... Gavin Stewart
05:07 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: I see this behavior on 2.4.4_p2, on 2.4.5-dev and on 2.5.0-dev.
As workaround we can:
- in console run 'pkill filte... Azamat Khakimyanov
08:41 AM pfSense Packages Bug #9502: ACME's XMLRPC restart of remote webgui sometimes retains old certificates: I am not sure it would be related to what you saw, but you might give the newest version of the ACME package a try (0... Jim Pingle
08:40 AM pfSense Packages Bug #9492 (Resolved): Cannot reload remote haproxy via ACME package: Great! Jim Pingle
08:39 AM pfSense Packages Bug #9492: Cannot reload remote haproxy via ACME package: Works. Thx! Florian Apolloner
08:00 AM pfSense Packages Bug #9492: Cannot reload remote haproxy via ACME package: I pushed another change just now that might help. Not sure it will, but it's worth a try.
Jim Pingle
07:57 AM pfSense Packages Bug #9492: Cannot reload remote haproxy via ACME package: Hi Jim. Yes Haproxy did restart. While I agree that the sync error should be from something else it still seems to be... Florian Apolloner
07:58 AM pfSense Packages Feature #9498: ACME Package: Sorting on name, expiration, etc: Pushed a new fix just now, try the next version when it shows up. Jim Pingle
01:09 AM pfSense Packages Feature #9498: ACME Package: Sorting on name, expiration, etc: Hi!
Great job, but sorting date does not work OK.
Greg M

05/07/2019

10:03 AM pfSense Packages Bug #9492: Cannot reload remote haproxy via ACME package: There is no error in that output related to the service restart. The error at the top is from config sync, which isn'... Jim Pingle
02:24 AM pfSense Packages Bug #9492: Cannot reload remote haproxy via ACME package: I just installed, 0.5.7 but it still throws an error (Interestingly only on the firewall running ACME). Can I get mor... Florian Apolloner
07:53 AM pfSense Packages Bug #9502 (Not a Bug): ACME's XMLRPC restart of remote webgui sometimes retains old certificates: That isn't possible as the code that does the sync comes before the reload, and the sync process blocks. I haven't se... Jim Pingle
07:49 AM Bug #9503 (Not a Bug): Granting "WebCfg - OpenVPN: Clients" privilege does not display the "VPN" > "OpenVPN" > "Clients" menu in the menu bar: That isn't how privileges and menu entries work. The menu has no means by which it can know about access to other tab... Jim Pingle
02:34 AM Bug #9503 (Not a Bug): Granting "WebCfg - OpenVPN: Clients" privilege does not display the "VPN" > "OpenVPN" > "Clients" menu in the menu bar: Hi,
I granted a user the "WebCfg - OpenVPN: Clients" privilege.
He can access the settings typing directly /vpn... Antoine Brodin
07:46 AM Feature #9504: Include hostname being updated in Dynamic DNS notifications: OK sorry, didn't intend to be rude. robi robi
07:45 AM Feature #9504: Include hostname being updated in Dynamic DNS notifications: I was agreeing with you, the attitude is unnecessary. Jim Pingle
07:43 AM Feature #9504: Include hostname being updated in Dynamic DNS notifications: Perhaps???
On WAN1 we have 7 different hostnames, on WAN2 we have 3 different hostnames. Sometimes we need to chan... robi robi
07:33 AM Feature #9504: Include hostname being updated in Dynamic DNS notifications: The text could be a little more descriptive, perhaps.
The messages are already grouped. If multiple messages fire ... Jim Pingle
07:17 AM Feature #9504 (Resolved): Include hostname being updated in Dynamic DNS notifications: We have multiple Dynamic DNSes set up for multiple interfaces. Several WANs, each with several Dynamic DNS entries. W... robi robi
07:45 AM Bug #9505: Multiple Dynamic DNS update notifications for the same interface, with the same text: 10 seconds? Aaaahhh....
OK robi robi
07:41 AM Bug #9505: Multiple Dynamic DNS update notifications for the same interface, with the same text: It works fine, I get multiple grouped messages every day for various things when testing. The window is 10s. If you w... Jim Pingle
07:40 AM Bug #9505: Multiple Dynamic DNS update notifications for the same interface, with the same text: Unfortunately grouping doesn't work correctly then. All events happen withing 20 seconds or so, and we get separate m... robi robi
07:35 AM Bug #9505: Multiple Dynamic DNS update notifications for the same interface, with the same text: See my comments on the other message, then. There is already code to handle that. Either this is a duplicate or it's ... Jim Pingle
07:31 AM Bug #9505: Multiple Dynamic DNS update notifications for the same interface, with the same text: I wouldn't say this is a duplicate, because this bug is about sending too many messages after each other about (almos... robi robi
07:25 AM Bug #9505 (Duplicate): Multiple Dynamic DNS update notifications for the same interface, with the same text: Duplicate of #9504 Jim Pingle
07:19 AM Bug #9505 (Duplicate): Multiple Dynamic DNS update notifications for the same interface, with the same text: We have multiple Dynamic DNSes set up for the same interface. Whenever an update happens, we get as many e-mails as m... robi robi
07:27 AM Bug #9506 (Duplicate): Dynamic DNS update notification sent even if IP address didn't change: pfSense sends Dynamic DNS update notifications even in the cases when IP address doesn't change.
For some reason, th... robi robi

05/06/2019

09:54 PM pfSense Packages Bug #9502 (Not a Bug): ACME's XMLRPC restart of remote webgui sometimes retains old certificates: I have two hosts using HA syncing to push the certificate store from host1 (primary) to host2 (backup). ACME renewal ... Mike Barnes
01:02 PM pfSense Packages Bug #9492 (Feedback): Cannot reload remote haproxy via ACME package: Give 0.5.7 a try when it shows up shortly. It should work. Jim Pingle
02:27 AM pfSense Packages Bug #9492: Cannot reload remote haproxy via ACME package: OK, thanks, I was highly optimistic about having found a probable cause for a minute there, but I guess I get to go b... Mike Barnes
02:00 AM pfSense Packages Bug #9492: Cannot reload remote haproxy via ACME package: I does not affect the webgui because it uses another xmlrpc call. It affects every normal service though. I could als... Florian Apolloner
01:02 PM pfSense Packages Feature #9498 (Feedback): ACME Package: Sorting on name, expiration, etc: ACME pkg 0.5.7 now has search and sorting. Jim Pingle
10:31 AM Todo #9501: turn off form autocompletion on OpenVPN client config page (maybe the whole web interface): Not effectively, because they also key off the form field labels, and then it becomes a never-ending whack-a-mole of ... Jim Pingle
10:18 AM Todo #9501: turn off form autocompletion on OpenVPN client config page (maybe the whole web interface): Sorry, should have done my homework first.
https://stackoverflow.com/questions/15738259/disabling-chrome-autofill
... Corey Boyle
09:29 AM Todo #9501 (Not a Bug): turn off form autocompletion on OpenVPN client config page (maybe the whole web interface): Browsers no longer respect autocomplete settings in HTML. We can set the tags, but browsers and password manager plug... Jim Pingle
08:48 AM Todo #9501 (Not a Bug): turn off form autocompletion on OpenVPN client config page (maybe the whole web interface): Some of the fields (usually the proxy info) will get autofilled by the browser with random data.
Corey Boyle

05/05/2019

08:15 PM pfSense Packages Bug #9492: Cannot reload remote haproxy via ACME package: Would this affect more than just haproxy? This fits a failure to restart the webui on a remote system that occurred f... Mike Barnes

05/04/2019

08:51 AM pfSense Packages Bug #9500 (New): HAproxy does not delete non-applicable action config: The steps to reproduce this are:
# Create a HAproxy frontend
# Create an action and populate its options
# Expor... Greg Toombs

Also available in: Atom

Project

General

Profile

pfSense

Activity

Activity

06/02/2019

06/01/2019

05/31/2019

05/30/2019

05/29/2019

05/28/2019

05/27/2019

05/26/2019

05/25/2019

05/24/2019

05/23/2019

05/22/2019

05/21/2019

05/20/2019

05/19/2019

05/18/2019

05/17/2019

05/16/2019

05/15/2019

05/14/2019

05/13/2019

05/12/2019

05/11/2019

05/10/2019

05/09/2019

05/08/2019

05/07/2019

05/06/2019

05/05/2019

05/04/2019