pfSense

07/28/2019

07:37 PM Bug #9362: rc.dyndns.update: Cloudflare DDNS with proxy enabled doesn't work at all

Underlying problem is /etc/inc/dyndns.class line 799. The value of dnsProxied is passed directly to Cloudflare.
<p... Nathan Hand

03:37 PM Bug #9649: IPv6 6RD Tunnel

Aaron Unpublished wrote:
> IPv6 6rd doesn't work on any 2.5.X versions at the moment.
>
> Have cable internet. ... Ronald Schellberg

03:20 PM pfSense Packages Bug #9655 (Not a Bug): NUT missing from netgate UI

After installing the nut package from the package manager on a new netgate system with the built-in theme, the NUT se... Richard Davis

02:53 PM Bug #9654 (New): After reboot, the DNS resolver must be restarted before it will advertise the ipv6 DNS address of the router.

When pfsense ipv6 is configured with DHCPv6 disabled and RA in "Unmanaged" mode, then after reboot, until the resolve... Rick Coats

02:20 PM Bug #7209: Something is seriously wrong with firewall aliases

I just hit this bug today on a fully updated 2.4.4-p3 firewall.
There was an IP Alias named "h_whitelist" containi... → luckman212

09:36 AM Feature #9653 (Rejected): Assign Alias from MAC address

No, aliases are for pf and it does not support filtering by MAC address. Jim Pingle

04:14 AM Feature #9653: Assign Alias from MAC address

Also, allows me to to assign ipv6 address alias when I have dynamic ipv6 gateway Dean Attewell

04:11 AM Feature #9653 (Rejected): Assign Alias from MAC address

Can you change Alias assignment to use MAC addresses as well as IP addresses?
So I can have a Xbox which dynamically... Dean Attewell

07/27/2019

05:07 PM pfSense Packages Bug #9652 (Resolved): Squid Proxy Server /var/squid/lib/ssl_db directory not found in squid.inc

When using the Squid Proxy Server package and Enabling SSL filtering in pfSense 2.5.0, I create an internal-CA and as... Brett Vernor

11:37 AM pfSense Docs Correction #9651: Feedback on Services — DHCP — Configuring the DHCPv6 Server

Ugh.
It looks like the range here should be changed to FC07:1010:1010:*FF00*:: to FC07:1010:1010:FFF0:: (16 /60s) ... Chris Linstruth

11:35 AM pfSense Docs Correction #9651 (Resolved): Feedback on Services — DHCP — Configuring the DHCPv6 Server

*Page:* https://docs.netgate.com/pfsense/en/latest/dhcp/dhcpv6-server.html
*Feedback:*
For example, if FC07:101... Chris Linstruth

07:14 AM Bug #9650 (New): IPv6 connection drops (ir-)regular on Kabelvodafone (German cable ISP)...

*Background information*
Kabel Vodafone is the successor of Kabeldeutschland, among other services they offer Busine... Ingo-Stefan Schilling

06:44 AM Bug #9649 (Resolved): IPv6 6RD Tunnel

IPv6 6rd doesn't work on any 2.5.X versions at the moment.
Have cable internet. Upgraded to the 2.5 and it brok... Aaron Unpublished

07/25/2019

08:03 PM Revision 57b2f317: Only redirects the user to the default page if no specific page page was set in the querystring

bechaire

04:44 PM Bug #9541 (Resolved): Non-admin user with admin rights is given the wrong URL for the user manager

On 20190725-0909, unable to reproduce the bad behavior. Anonymous

04:37 PM Bug #9611 (Resolved): PHP error on fresh 2.5.0 install or after factory reset

Anonymous

04:37 PM Bug #9611: PHP error on fresh 2.5.0 install or after factory reset

On 20190725-0909, the error is no longer present, new install and resets both work as expected. Anonymous

04:35 PM Feature #9620 (Resolved): User privilege to manage integrated switch

On 20190725-0909, the Switch options are present and work as expected. Anonymous

10:04 AM pfSense Packages Feature #9648: Multiple node Sync HAProxy configuration to backup CARP members via XMLRPC.

XMLRPC is not designed to be used with more than one node. It does, on occasion, but only by accident. Jim Pingle

10:00 AM pfSense Packages Feature #9648 (New): Multiple node Sync HAProxy configuration to backup CARP members via XMLRPC.

We have a cluster of 3x PFSense Firewalls running in 3 AZs on AWS.
FW-A (AZ-A) is configured to sync to FW-B (AZ-B... Frikkie Botha

04:37 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries

I think I have a similar problem.
My inbound rule did not work with an FQDN in the Alias. (Whitelist for source addr... Peter van der Kleij

07/24/2019

09:47 AM Bug #9646: OpenSSL 1.1.1 does not list engines for AES-NI or BSD crypto

I can confirm this, but it is not specific to OpenVPN.
OpenSSL 1.1.1 doesn't list AES-NI or the BSD crypto dev, ev... Jim Pingle

07:25 AM Bug #9646 (Resolved): OpenSSL 1.1.1 does not list engines for AES-NI or BSD crypto

Cannot select BSD Crypto Device under OPENVPN clients - Hardware Crypto, it only has No Hardware Crypto Acceleration. Vance Emerson

08:13 AM Bug #9647 (Resolved): hn0: driver does not support altq

As subject says, hn0 on 2.5.0 does not support ALTQ.
You get error after traffic shaper wizard starts to reload rule... Greg M

08:13 AM Bug #9643: Limiters do not function properly on 2.5 snapshots

Hmmm OK, I have Hyper-V, 2.5.0 and pppoe.
But weird is, that on when applied on IN direction on LAN it works ok. Greg M

07:09 AM Bug #9643: Limiters do not function properly on 2.5 snapshots

The two cannot be related. ALTQ is not used for limiters.
I have also seen a similar situation on 2.5 where limite... Jim Pingle

01:20 AM Bug #9643: Limiters do not function properly on 2.5 snapshots

Hi again.
I restored config on 2.4.4-p3 and this are working just fine there.
I believe this on is related to h... Greg M

07:10 AM Bug #8954: hn0: driver does not support altq

Please open a new issue with specific error messages and reference this one there. Jim Pingle

01:21 AM Bug #8954: hn0: driver does not support altq

Restored to 2.4.4-p3 and output is: hw.hn.use_if_start: 1
Clean install 2.5.0 snapshot: hw.hn.use_if_start: 0 Greg M

07/23/2019

03:39 PM Revision 84a5e2db: Revert "Disable snort3 on armv7. It's broken"

This reverts commit 987377b0c968f588997d111d5d4bc88293550d3b. Renato Botelho

01:33 PM Revision 9c763eb4: Make sure TSC is disabled on armv7

Renato Botelho

09:09 AM Bug #9645: "Bypass firewall rules for traffic on the same interface" does not work as expected

Perhaps the order or the length of the filters?
Or a race condition (https://lists.freebsd.org/pipermail/freebsd-net... Grischa Zengel

08:38 AM Bug #9645 (Not a Bug): "Bypass firewall rules for traffic on the same interface" does not work as expected

Your manual rule is functionally identical to the automatic rule. Something else must have changed.
There is no bu... Jim Pingle

07:19 AM Bug #8954: hn0: driver does not support altq

Hello!
This one is back in 2.5.0 snapshots. Greg M

07/22/2019

08:46 PM Bug #9645: "Bypass firewall rules for traffic on the same interface" does not work as expected

Here are my rules for this interface:... Grischa Zengel

08:38 PM Bug #9645 (Not a Bug): "Bypass firewall rules for traffic on the same interface" does not work as expected

I have to use asymmetric routing. P1 (default gateway) routes to P2 on the same subnet. ICMP redirect doesn't work be... Grischa Zengel

07:04 PM Bug #9450: Multiwan gateway group fail-over not working as expected (possible race condition)

Adding these log snippets. They are groups of dpinger gateway logs followed by the system logs for the corresponding ... Chris Linstruth

04:09 PM Bug #9577: radvd send_ra_forall failed on interface / can't join ipv6-allrouters

Greg M wrote:
> Now I don`t have above any more but I have this (but everything is working just fine):
>
IPv6 fo... Manuel Piovan

07:47 AM Bug #9577: radvd send_ra_forall failed on interface / can't join ipv6-allrouters

Now I don`t have above any more but I have this (but everything is working just fine):
Jul 22 14:44:54 radvd 406... Greg M

02:09 PM pfSense Docs Correction #9644 (Closed): Feedback on Network Address Translation — Accessing Port Forwards from Local Networks

*Page:* https://docs.netgate.com/pfsense/en/latest/nat/accessing-port-forwards-from-local-networks.html
*Feedback:... Steve Wheeler

10:05 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries

Rudolf Mayerhofer wrote:
> As a follow up: With 30 seconds resolve interval things are still working fine one month ... Eduard Rozenberg

07:17 AM Bug #9643 (Closed): Limiters do not function properly on 2.5 snapshots

Hi all!
Discussion here: https://forum.netgate.com/topic/145091/quick-question-about-limiters
I think there is ... Greg M

07/21/2019

03:53 PM Feature #6626: Support for IPv6 firewall entries with dynamic delegated prefix and static host address

A global variable with the current delegated IPv6 prefix in CIDR form, which could be used in firewall aliases would ... Michael Smith

11:40 AM Feature #9642: Add DDNS support for dynv6.com

Correction from above:
To update an A record use the following url:
https://ipv4.dynv6.com/api/update?hostname=yo... Isaac McDonald

11:33 AM Feature #9642 (Resolved): Add DDNS support for dynv6.com

Dynv6.com (https://dynv6.com/) provides dynamic DNS for A and AAAA records free of charge. The API is documented here... Isaac McDonald

11:20 AM Bug #9641: Dynamic DNS cannot update AAAA records on 6rd tunnel interfaces bound to PPPoE interfaces

I inadvertently opened this ticket while I was still in the process of creating it. Please disregard the original sub... Isaac McDonald

11:15 AM Bug #9641 (Resolved): Dynamic DNS cannot update AAAA records on 6rd tunnel interfaces bound to PPPoE interfaces

I get the following error when trying to update the AAAA record for a 6rd tunnel interface:
_/services_dyndns_edit... Isaac McDonald

07/19/2019

01:38 PM pfSense Packages Bug #9640 (Feedback): FRR redistribution route maps not functional

Fix is in FRR pkg version 0.6.2, which will be available shortly. Jim Pingle

01:34 PM pfSense Packages Bug #9640 (Resolved): FRR redistribution route maps not functional

Setting a route map on the redistribution options does not work.
In vtysh, doing a 'show' on the route map says OS... Jim Pingle

09:47 AM Bug #9295: IPv6 PD does not work with PPPOE (Server & Client)

Seems like IPv6 is not on the priority list of the currently active devs, or nobody fully understands it. There are q... Flole Systems

07:40 AM Feature #4881: Allow NPt to use dynamic IPv6 networks

Any update here? We need dynamic Prefix support for IPv6 Multi WAN. Car F

07/18/2019

10:47 PM Bug #8235: The browser must support cookies to login

I have the same problem under different circumstances. I bought a new firewall to upgrade hardware. Pfsense web ui wo... Bob Frank

08:49 PM Feature #6414: SSHD listening on multiple ports

You can port forward now in a handful of clicks, it's simple and not at all complicated. Listening on multiple ports ... Jim Pingle

08:47 PM Feature #6414: SSHD listening on multiple ports

Jim Pingle wrote:
> Never expose SSH to WAN. Security by obscurity is not obscurity.
The purpose of this is to we... Ben L

08:29 PM Feature #6414 (Rejected): SSHD listening on multiple ports

Never expose SSH to WAN. Security by obscurity is not obscurity.
And if you use key-only auth, the rest doesn't ma... Jim Pingle

08:04 PM Feature #6414: SSHD listening on multiple ports

One use case for this is exposing ssh on the WAN on a non-standard high port so as to minimise exposure to random dri... Ben L

12:59 PM Feature #9639 (Resolved): Cloudflare DDNS "API Token"

Request to add support for new Cloudflare API Token to allow for managed access and permissions for DDNS updates.
> ... theodore adams

12:06 PM Revision 987377b0: Disable snort3 on armv7. It's broken

Renato Botelho

11:57 AM Bug #9634: rc.newwanipv6 is called although dhcp6c should discard Request messages

The entire script is broken, even RENEW should be ignored and just REBIND should actually matter. See #9357 for a pat... Flole Systems

09:18 AM pfSense Docs Correction #9638 (Resolved): Feedback on High Availability — Configuring High Availability

*Page:* https://docs.netgate.com/pfsense/en/latest/highavailability/configuring-high-availability.html
*Feedback:*... Danilo Zrenjanin

09:11 AM Bug #9295: IPv6 PD does not work with PPPOE (Server & Client)

Sadly nobody is taking care of handling this bug... My ticket is 6 month old now. Dirk Steingäßer

08:49 AM Bug #9295: IPv6 PD does not work with PPPOE (Server & Client)

Do I get this bug right?
If my upstream WAN connection is PPPoE and I try to delegate prefixes via DHCPv6 it won't w... Pim Pish

08:42 AM pfSense Docs Correction #9637 (Resolved): Feedback on High Availability — Example Redundant Configuration

*Page:* https://docs.netgate.com/pfsense/en/latest/book/highavailability/example-redundant-configuration.html
*Fee... Danilo Zrenjanin

07:33 AM Bug #9636 (Not a Bug): uninstall packages

That sounds like a problem with your config or environment. I can't reproduce it here.
For assistance in solving p... Jim Pingle

07:23 AM Bug #9636 (Not a Bug): uninstall packages

if i try to uninstall any package
Package Removal
Please wait while the update system initializes
nothing else... Manuel Piovan

03:35 AM Feature #6240: vxlan driver

+1 Max Green

07/17/2019

08:20 PM Bug #9561: PPPoe 6RD broken in 2.5

Doesn't appear that "pfSense patch stf_6rd.diff", ticket 7272 (commit cb59ac304d30d5009537d7de0429792fb33d3db0 which ... Ronald Schellberg

06:22 PM pfSense Packages Bug #9635 (Resolved): lldpd (and probably ladvd) doesn't work on units with an integrated switch

It appears the GUI configuration doesn't probably figure out what interface is selected. For example,
No matter wh... Brendon Baumgartner

07/16/2019

04:10 PM pfSense Packages Bug #5168: squid doesn't function during/after HA failover

Zeev Zalessky wrote:
> Hello,
>
> any updates with this issue?
> i have 200 vlans on my firewall and adding 200... Adam Gibson

06:45 AM pfSense Packages Feature #9521: Upgrade to HAProxy 1.9

haproxy 2.0 is available in ports 2019Q3 Torben Hørup

07/15/2019

03:59 PM Bug #9634 (Resolved): rc.newwanipv6 is called although dhcp6c should discard Request messages

pfsense sends DHCPv6 Request messsages to ff02::1:2 on its WAN interface at an interval of about 7 seconds. As this i... Karl Klempner

01:52 PM Feature #9633 (New): PPPoE/L2TP Server Status Page

MPD includes a built-in web server that can be used to poll status information. There is also a telnet console, but t... Jim Pingle

06:25 AM Bug #9632: DynDNS not updating IP address for DNSExit

2.4.4-RELEASE-p3 (amd64) built on Wed May 15 18:53:44 EDT 2019 FreeBSD 11.2-RELEASE-p10
Jay Murphy

06:22 AM Bug #9632 (Resolved): DynDNS not updating IP address for DNSExit

When using the DNSExit dynamic DNS service, the IP address changes and the "Save & Force Update" button is clicked, t... Jay Murphy

07/14/2019

02:06 PM Feature #6626: Support for IPv6 firewall entries with dynamic delegated prefix and static host address

Same issue here. I need the ability to filter/firewall some hosts IPV6 traffic just the same as IPV4 traffic. Right n... Nathan Stansell

01:03 PM Bug #9631: Multicast-Routing realy supported in actual pfSense !!??

Discussion- https://forum.netgate.com/topic/139218/sonos-speakers-and-applications-on-different-subnets-vlan-s Chris Palmer

08:26 AM Bug #9631 (Closed): Multicast-Routing realy supported in actual pfSense !!??

Hello,
After realy huge effort trying to make multicast across subnets work, I seriously doubt if multicast is ena... Louis B

02:39 AM Bug #9630 (Duplicate): cannot config WAN down que (Codel limiters) in floating rule without blocking incoming traffic.

I had same configuration that worked in 2.4.4. I had Codel limiters set in floating rule to limit users for QOS. I h... Vance Emerson

07/13/2019

05:33 AM Bug #9629 (Duplicate): block bogon IPv4 flagged as IPv6

example: Firewall log: block bogon IPv6 network from WAN(11000) 100.68.208.12:47142
img attached Manuel Piovan

07/12/2019

02:38 PM Feature #7861: Make "Descriptive name" of certificates editable

Lars Möller wrote:
> Is there any chance you will add this feature? Is there anything I can do?
>
> Lars Möller
... Christian Borchert

08:52 AM Bug #9628: DHCP bind all interfaces even if not selected

Hi Jim, why not, binding services on different interfaces? Andrea Colonna Romano

07:38 AM Bug #9628 (Not a Bug): DHCP bind all interfaces even if not selected

That is expected. You cannot run both at the same time. Jim Pingle

04:53 AM Bug #9628 (Not a Bug): DHCP bind all interfaces even if not selected

Version: 2.4.4-RELEASE-p3 (amd64)
If I enable dhcp only on one interface, the daemon binds all the interfaces:
d... Andrea Colonna Romano

04:59 AM Feature #6240: vxlan driver

Oleg Novikov wrote:
> +1
+1
Dirk Bongard wrote:
> +1
Oleg Novikov wrote:
> +1
+1 Andrea Colonna Romano

07/11/2019

05:03 PM Feature #9627 (New): Captive Portal only shows authenticated users

https://forum.netgate.com/topic/144845/captive-portal-only-shows-authenticated-users
Would like to see all users/d... Trevor Leadley

09:11 AM Bug #9626 (New): When deny write permission is assigned to a user, there is no error feedback if the user tries to write something

I believe this would make it clear when someone can;t write config, as currently there is no error and simply the con... Alex B

07/10/2019

05:52 PM Revision b73d8949: Fixed #9245 updating copyright notices

Steve Beaver

05:26 PM Revision 7ec80e76: Fixed #9586 by detecting if option list includes /0 or not

Steve Beaver

01:00 PM Todo #9245: Update copyright notices to 2020

Applied in changeset commit:b73d8949df5fdfa5b6a798d393c685159f6266fd. Anonymous

12:53 PM Todo #9245 (Feedback): Update copyright notices to 2020

Updated with find/sed Anonymous

12:35 PM Bug #9586: Unbound Access List /31 UI Issue

Applied in changeset commit:7ec80e763f7e8357a4e5b0d2d57546cfd5d0f0f0. Anonymous

12:28 PM Bug #9586 (Feedback): Unbound Access List /31 UI Issue

Fixed by detecting if option list includes /0 or not Anonymous

09:22 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries

Rudolf Mayerhofer wrote:
> Setting "Aliases Hostnames Resolve Interval" to 30 seconds (which should be the minimum v... Rudolf Mayerhofer

07:53 AM Bug #9625 (Duplicate): wrong URL in main menu (for User Manager)

Duplicate of #9541 Jim Pingle

07:47 AM Bug #9625 (Duplicate): wrong URL in main menu (for User Manager)

https://yadi.sk/i/G2taeIIjyd8bZQ
User Manager in main navbar have wrong URL. Is URL for change password Konstantin Ab

04:10 AM Bug #9413: VLAN driver missing ALTQ support

On an upgrade to the 2.5 dev snapshot, I had multiple messages about this, warning me the em0.90 didnt support altq, ... James Tandy

03:50 AM Bug #9148: PPPoE over a VLAN fails to reconnect.

Steve Wheeler wrote:
> In some situations PPPoE fails to reconnect after an upstream outage or making a change local... gek Johnson

07/09/2019

02:58 PM pfSense Docs Correction #9624 (Rejected): Feedback on The pfSense Book

We have some diagrams on docs like https://docs.netgate.com/pfsense/en/latest/book/nat/ordering-of-nat-and-firewall-p... Jim Pingle

02:49 PM pfSense Docs Correction #9624 (Rejected): Feedback on The pfSense Book

*Page:* https://docs.netgate.com/pfsense/en/latest/book/index.html
*Feedback:*
_*Please add functional flow dia... Louis B

01:24 PM Bug #9615: Connections permitted by a schedule are not killed when that schedule expires.

UPDATE: The wifi router is behind the pfSense firewall. All devices on the network (including the wifi router) get t... Victor Rodriguez

07:36 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries

Gavin Stewart wrote:
> Very interesting. I'm not seeing that occur at all (and it was something I was monitoring clo... Mark Monaghan

07:31 AM Feature #9620 (Feedback): User privilege to manage integrated switch

Jim Pingle

07:30 AM Feature #9620: User privilege to manage integrated switch

The pages already contain the necessary metadata, it just hadn't been pulled into the privilege files. Should be an e... Jim Pingle

02:58 AM Feature #9620 (Resolved): User privilege to manage integrated switch

I wanted to grant a group/user the privilege to view (and administer) the integrated switch of a XG-7100 but couldn't... Anonymous

06:33 AM Bug #9623 (Duplicate): IPv6 Default gateway uses parent nic of PPPOE interface

Setup:
WAN - IPv4 PPPoE via re1, IPv6 via SLAAC.
Expected result: Stable IPv6 connectivity
Actual result:
Whe... James Tandy

05:42 AM Bug #9622 (Resolved): Changing admins membership does not replicate correctly to HA slave

To reproduce, on a pfSense 2.4.4-3 HA cluster
* On the master: create a user which is *not* a member of the "admin... Brian Candler

03:09 AM Feature #9621 (New): More convenient deletion of single user privileges

Currently when you remove a single granted attribute from a user (so not those granted via group membership) you get ... Anonymous

07/08/2019

09:52 AM Bug #9615: Connections permitted by a schedule are not killed when that schedule expires.

Screenshot of rules attached. Victor Rodriguez

07:43 AM pfSense Packages Bug #9619 (Not a Bug): FRR - Prefix Lists

The first rule is wrong because a prefix list must contain prefixes, thus it should be @0.0.0.0/0@. The second line i... Jim Pingle

12:32 AM pfSense Packages Bug #9619 (Not a Bug): FRR - Prefix Lists

PFSense 2.4.4_3
frr 0.5.2
Reproduce:
Services->FRR->Global Settings->Prefix Lists
Add new Prefix List
Name: ... Jarek Nowak

07/07/2019

06:38 PM pfSense Docs Correction #9618: Feedback on System Monitoring — Firewall Logs

Sorry for the remark on default rules. I noticed that the logfile settings have options for that.
Log packets mat... Louis B

06:22 PM pfSense Docs Correction #9618 (Resolved): Feedback on System Monitoring — Firewall Logs

*Page:* https://docs.netgate.com/pfsense/en/latest/monitoring/logs/firewall.html
*Feedback:*
- I assume that an A... Louis B

07/06/2019

03:22 PM Feature #9617: PPPoE Static IP Configuration in GUI

I did not mean to submit this as a bug, it is a feature request. D. Armstrong

03:21 PM Feature #9617 (New): PPPoE Static IP Configuration in GUI

Hello,
I recently had a little bit of trouble with PPPoE configuration, specifically under the circumstance of a s... D. Armstrong

11:08 AM pfSense Packages Feature #9616 (New): Package for Docs

Cen you please provide the docs as a package, so they can be accessed offline. Samantaz Fox

07/05/2019

12:26 PM Bug #9615 (Duplicate): Connections permitted by a schedule are not killed when that schedule expires.

On the /system_advanced_misc.php page, under Schedule States it states that "By default, when a schedule expires, con... Victor Rodriguez

07:27 AM pfSense Packages Bug #9614 (Not a Bug): Crash report begins. Anonymous machine information:

Not enough information here for a valid bug report. Something generated a huge page, but that's likely localized to y... Jim Pingle

12:20 AM pfSense Packages Bug #9614 (Not a Bug): Crash report begins. Anonymous machine information:

amd64
11.2-RELEASE-p10
FreeBSD 11.2-RELEASE-p10 #9 4a2bfdce133(RELENG_2_4_4): Wed May 15 18:54:42 EDT 2019 root... Abhishek Sharma

07/04/2019

05:51 PM Bug #9613 (Duplicate): MENU: System -> User Manager Inconsistent Behavior

Duplicate of #9541 Jim Pingle

05:50 PM Bug #9613 (Duplicate): MENU: System -> User Manager Inconsistent Behavior

When I'm logged in as admin, the System -> User Manager menu takes me to /system_usermanager.php, but when I log in a... Victor Rodriguez

07/03/2019

04:09 PM Revision 40caec85: Test for array before using as array. Fixes #9611

Jim Pingle

12:09 PM Bug #9612 (Resolved): Run fsck with -z for ufs on upgrade to address FreeBSD-SA-19:10.ufs

Full details at https://www.freebsd.org/security/advisories/FreeBSD-SA-19:10.ufs.asc but long story short, on UFS fil... Jim Pingle

11:15 AM Bug #9611 (Feedback): PHP error on fresh 2.5.0 install or after factory reset

Applied in changeset commit:40caec85cc115fa3249a08c328026c2c0749980a. Jim Pingle

11:08 AM Bug #9611 (Resolved): PHP error on fresh 2.5.0 install or after factory reset

First boot after a new install on a 2.5.0 snapshot or after factory reset has this error in the boot log:... Jim Pingle

08:03 AM Feature #9531: [IPSEC] Add additional curve-based DH Groups (31+)

Just as feedback: we had the first two tunnels set up with EC25519 / DH31 as Phase1 (and in one case Phase2, too) and... Jens Groh

07/02/2019

03:08 PM Bug #9043: openvpn 2.4.3-p1 -> 2.4.4, failed

Thanks for the information, I will try out with OS debian stable, version 2.4.x openvpn.
pfSense software 2.4.4-RE... Tomáš Bittner

02:37 PM Bug #9043: openvpn 2.4.3-p1 -> 2.4.4, failed

I ended up moving over to OPNSense, which works flawlessly with Mikrotik. They're using an OpenVPN version which is o... Rasmus Berg

02:36 PM Bug #9043: openvpn 2.4.3-p1 -> 2.4.4, failed

There is no pfSense bug here. Either it's a Mikrotik issue or a config issue. Post on the forum for assistance. Jim Pingle

02:34 PM Bug #9043: openvpn 2.4.3-p1 -> 2.4.4, failed

Hello everyone,
We have the same problems after the upgrade pfSense software from 2.3.x to 2.4.x.
We use Remote... Tomáš Bittner

07/01/2019

08:00 PM Revision e0bd07fd: Picture widget corrections. Fixes #9610

* Sanitize user input before using as path/filenames
* Use a more accurate method of determining image type on read
*... Jim Pingle

07:58 PM Revision 2c544ac6: Picture widget corrections. Fixes #9610

* Sanitize user input before using as path/filenames
* Use a more accurate method of determining image type on read
*... Jim Pingle

06:37 PM Revision 3c2cc702: Encode error output in services_captiveportal_mac.php. Fixes #9609

(cherry picked from commit d31362b69d5d52dc196dc72f66e830cd1e6e9a4f) Jim Pingle

06:37 PM Revision d31362b6: Encode error output in services_captiveportal_mac.php. Fixes #9609

Jim Pingle

03:05 PM Bug #9610 (Feedback): picture.widget.php: Arbitrary file read/write

Applied in changeset commit:2c544ac61ce98f716d50b8e5961d7dfba66804b5. Jim Pingle

02:56 PM Bug #9610: picture.widget.php: Arbitrary file read/write

I was able to replicate the problem.
To reproduce with cURL:
1. Login:... Jim Pingle

05:39 AM Bug #9610 (Resolved): picture.widget.php: Arbitrary file read/write

in `/widgets/widgets/picture.widget.php`, when we post a widgetkey and upload a image , we can create or read a arbit... LoRexxar Romer

01:45 PM Bug #9609 (Feedback): Reflective xss in services_captiveportal_mac.php

Applied in changeset commit:d31362b69d5d52dc196dc72f66e830cd1e6e9a4f. Jim Pingle

01:23 PM Bug #9609: Reflective xss in services_captiveportal_mac.php

I was able to replicate the problem, but there are a couple notable exceptions left out above:
1. There must be at... Jim Pingle

05:38 AM Bug #9609 (Resolved): Reflective xss in services_captiveportal_mac.php

in `services_captiveportal_mac.php` parameter username and parameter delmac be displayed without any filter.
!http... LoRexxar Romer

06:50 AM pfSense Packages Feature #7794 (Feedback): FRR pkg pfsense no metric-type option in OSPF redistribute section of web-interface

0.5.2 is not the latest version. The latest version is 0.6, which is what I said in my comment. FRR pkg version 0.6 i... Jim Pingle

12:42 AM pfSense Packages Feature #7794 (Assigned): FRR pkg pfsense no metric-type option in OSPF redistribute section of web-interface

I updated to latest FRR version: 0.5.2 which is based on frr6-6.0.2_1 and there is still not External type metrics se... Constantine Kormashev

06/30/2019

09:57 PM pfSense Packages Feature #7792 (Feedback): FRR pkg pfsense can not wok as ABR with stub areas (no stub area bit)

This should be possible with FRR pkg version 0.6: https://forum.netgate.com/topic/144572/frr-0-6-coming-big-changes-t... Jim Pingle

09:56 PM pfSense Packages Feature #7794 (Feedback): FRR pkg pfsense no metric-type option in OSPF redistribute section of web-interface

This should be possible with FRR pkg version 0.6: https://forum.netgate.com/topic/144572/frr-0-6-coming-big-changes-t... Jim Pingle

07:37 AM pfSense Docs New Content #9608 (Duplicate): Add note about disabling secure boot when configuring a Hyper-V Gen 2 VM

*Page:* https://docs.netgate.com/pfsense/en/latest/recipes/virtualize-hyper-v.html
*Feedback:*
Just to add to t... Fred Bergeron

06/29/2019

03:42 AM Bug #9577: radvd send_ra_forall failed on interface / can't join ipv6-allrouters

Now I have this as well:
Jun 29 07:17:29 radvd 62926 can't join ipv6-allrouters on hn0.10
Jun 29 07:15:22 rad... Greg M