Project

General

Profile

Activity

From 07/14/2019 to 08/12/2019

08/12/2019

01:08 PM pfSense Packages Bug #9681: [Monitoring] New views title are always in lower case.
At older systems I still have titles with mixed case. But new titles are in lower case. Grischa Zengel
01:03 PM pfSense Packages Bug #9681 (Resolved): [Monitoring] New views title are always in lower case.
If I add "CamelCase" I will get "camelcase" as title.
With mixed upper and lower case the titles are more readable.
Grischa Zengel
12:58 PM pfSense Packages Bug #9679 (Resolved): [Monitoring] Add View does not work
Great, thanks for testing! Jim Pingle
12:57 PM pfSense Packages Bug #9679: [Monitoring] Add View does not work
There a no more new default tabs and removed the old one successfully with viconfig.
Thank you!
You can close t...
Grischa Zengel
12:07 PM pfSense Packages Bug #9679 (Feedback): [Monitoring] Add View does not work
I pushed a fix to avoid creating those extra "default" views, though they still cannot be deleted. You will have to m... Jim Pingle
11:50 AM pfSense Packages Bug #9679 (In Progress): [Monitoring] Add View does not work
Jim Pingle
11:33 AM pfSense Packages Bug #9679: [Monitoring] Add View does not work
The first bug is fixed. Thank you!
On cancel I still get new "default" views:...
Grischa Zengel
10:40 AM pfSense Packages Bug #9679 (Feedback): [Monitoring] Add View does not work
I was able to reproduce the problem here.
I pushed a new version of Status_Monitoring which corrects the usage of ...
Jim Pingle
07:31 AM pfSense Packages Bug #9679: [Monitoring] Add View does not work
That XML result looks like what happens when there is an attempt by the code to use an uninitialized array. Shouldn't... Jim Pingle
05:45 AM pfSense Packages Bug #9679 (Resolved): [Monitoring] Add View does not work
I added "WAN" as new View and got "wan" in lower letters. Why lower letters?
I removed it and now I can't add a new ...
Grischa Zengel
07:45 AM Feature #9680 (New): Seperate DHCP Server and relay per interface
Hello, as of now if you have dhcp relay enable you cannot enable the dhcp server on any other interface. It would be ... Mike LaCroix
07:30 AM Todo #9367 (Resolved): Update SMART Page with new capabilities
Jim Pingle
02:18 AM Todo #9367: Update SMART Page with new capabilities
Tested. Looks good. Chris Linstruth
07:30 AM Feature #9285 (New): Add an option to disable the ping-check in dhcpd
Jim Pingle
01:53 AM Feature #9285: Add an option to disable the ping-check in dhcpd
This looks like it should be added on a per-subnet basis instead of globally. As this patch stands right now if you d... Chris Linstruth
07:30 AM Bug #9569 (Resolved): Fix serial console terminal size issues
Jim Pingle
01:23 AM Bug #9569: Fix serial console terminal size issues
This looks like it works great. It tracks window size on login and changing window size on-the-fly. Welcome change. T... Chris Linstruth
07:29 AM Feature #9111 (Resolved): Add IPsec VTI interface MTU support
Jim Pingle
01:14 AM Feature #9111: Add IPsec VTI interface MTU support
Verified MTU settings are stored and applied properly. Loogs good. Chris Linstruth
07:23 AM Bug #7116: a floating 'match' rule on LAN does not put traffic from a broswer on a clientpc into a shaper queue
Im seeing this issue also on 2.4.4-RELEASE-p3 (amd64). I have several queues setup and sometimes traffic ends up in ... Adam Esslinger
12:28 AM pfSense Packages Bug #8811: in pfblockerng when change Rule Order generates duplicate all rules.
Its best to move to pfBlockerNG-devel which has this issue fixed plus many other improvements. These changes are not ... BBcan177 .
12:22 AM pfSense Packages Bug #9662: PfblockerNG do not update after pfsense reboot and wait for next cron task
If you are using RAMdisks, its not recommend for packages that store data in the /var folder as that folder is wiped ... BBcan177 .
12:20 AM pfSense Packages Bug #9676: AS lookup fails
The pkg uses the following service for ASN information:
https://api.bgpview.io/asn/8786/prefixes
Also BGP HE:
ht...
BBcan177 .

08/11/2019

04:59 PM Bug #9074 (Resolved): Alias URL lists only storing last-most list in config.
Jim Pingle
04:04 PM Bug #9074: Alias URL lists only storing last-most list in config.
Tested. Table populated with last URL contents under 2.4.4-p3 and both URL contents using latest snapshot. Looks good. Chris Linstruth
04:58 PM Feature #3792 (Resolved): Group name size limit too restrictive on Active Directory Users
Jim Pingle
03:32 PM Feature #3792: Group name size limit too restrictive on Active Directory Users
Tested. Group names longer that 16 characters are allowed only if the group type is Remote. Chris Linstruth
04:55 PM Bug #9357 (New): rc.newwanipv6 called regardless of REASON
Jim Pingle
08:18 AM Bug #9357: rc.newwanipv6 called regardless of REASON
Actually the script posted above is only used if "don't wait for RA" is set, otherwise the "old" script is still used... Flole Systems
04:54 PM Bug #9678 (Rejected): DHCP Relay (IPv4)
There is not enough information here for a valid bug report. Please start a thread on the forum and provide a lot mor... Jim Pingle
07:19 AM Bug #9678 (Rejected): DHCP Relay (IPv4)
DHCP Relay doesn't work.
Have DHCP server on my network, use pfSense to relay to that server, but clients don't ge...
Aaron Unpublished
07:30 AM Feature #9661: Increase the number of DHCP/DHCPv6 NTP server options to three (or more)
Yes, it is the role of ntpd, ntpdate, chronyd, etc. to make decisions on the quality of the clocks, and yes for most ... Paul Moore
04:49 AM Feature #9661: Increase the number of DHCP/DHCPv6 NTP server options to three (or more)
The "falsetickers" check is the role of ntpd / ntpdate which must be configured accordingly. however the dhcp client ... Manuel Piovan

08/10/2019

12:26 PM Feature #9661: Increase the number of DHCP/DHCPv6 NTP server options to three (or more)
I am referring to the number of NTP servers that pfSense send to DHCP clients as part of a DHCP exchange; I am not ta... Paul Moore
10:49 AM Feature #9661: Increase the number of DHCP/DHCPv6 NTP server options to three (or more)
you are talking about NTP servers but the client need only one address, you can configure the server to have as many ... Manuel Piovan

08/09/2019

09:26 PM Bug #9677 (New): Dashboard hangs when widget needs data from a remote host which is down
The pfsense dashboard will take a very long time to load (30sec to 1minute) when it contains a widget that needs data... M Jurgens
01:11 PM Bug #9466: DHCP (IPv4) relay mistakenly listening on upstream interface
See also #9669 for another problem that appears to be related, and which also appears to be fixed by this patch. Jim Pingle
01:10 PM Bug #9669 (Duplicate): dhcrelay stops working after certain time
That's great! I think it's fairly safe to say that this can be closed out as a duplicate of #9466 (different symptoms... Jim Pingle
01:08 PM Bug #9669: dhcrelay stops working after certain time
After more than 80 hours of service uptime for dhcrelay, I've restarted the Server and the address assignment process... Luki TJ

08/08/2019

06:35 AM pfSense Packages Bug #9676 (New): AS lookup fails
Using pfBlockerNG-devel 2.2.5_23
Trying to permit AS8786 gives no results (Other ASN works):...
Rolf Larsen
12:09 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries
Justin J: I took your advice and posted on the forum and was promptly referred back here. Here's the link in case y... Tom Hebert

08/07/2019

07:28 PM Revision 81f19e11: ipsec.inc: Safety belt in case package array is missing.
Jim Pingle
02:55 PM pfSense Packages Bug #9675 (Resolved): ACME package "domain alias mode" is ignored
I was already in there fixing something else which, as it turns out, had a similar root cause, so it all worked out.
...
Jim Pingle
02:50 PM pfSense Packages Bug #9675: ACME package "domain alias mode" is ignored
Jim Pingle wrote:
> This should be fixed in ACME pkg version 0.6.2, which is building now.
That was quick! Update...
Jonathan Grande
01:21 PM pfSense Packages Bug #9675 (Feedback): ACME package "domain alias mode" is ignored
This should be fixed in ACME pkg version 0.6.2, which is building now. Jim Pingle
11:56 AM pfSense Packages Bug #9675 (Resolved): ACME package "domain alias mode" is ignored
The domain alias mode check box seems to have no affect.
Expected result: --domain-alias added to to the acme.sh c...
Jonathan Grande
02:49 PM Revision ecfd1ddc: Fixup format of XMLRPC auth error to match GUI auth error.
(cherry picked from commit 6e0d47510ee553f5219c08c097c32d377985822b) Jim Pingle
02:48 PM Revision 6e0d4751: Fixup format of XMLRPC auth error to match GUI auth error.
Jim Pingle
08:29 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries
That sounds like it might be something else Tom. Check your output from the CLI with: pfctl -T show -t ALIASNAME
If...
Justin J

08/06/2019

05:06 PM pfSense Packages Feature #7449: feature request for openvpn-client-export package, add the support for openvpn up and down script, for mapping network drive
Pippin MMD wrote:
> This seems like not so good idea to me.
> One could setup a "Free VPN service" and execute scri...
MIchael K
04:44 PM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries
Most of you are more experienced at this than me so please be tolerant if this is a dumb question.
I added a Fir...
Tom Hebert
04:10 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries
I second Justins message / question. pfSense is completely unusable after 2.4.4 initial release. With filterdns not w... Robert Gijsen
03:52 PM pfSense Packages Bug #9665 (Feedback): acme.sh deleting A record for domain along with TXT record for _acme-challenge
This should be fixed in ACME pkg version 0.6 which will be up as soon as it builds. Jim Pingle
10:37 AM Bug #9674 (Resolved): hidden OpenVPN settings are validated and written to file
I had two instances where configurations not visible on the OpenVPN server creation window were affecting saving the ... Wayne Marsh
07:12 AM pfSense Packages Feature #7794 (Resolved): FRR pkg pfsense no metric-type option in OSPF redistribute section of web-interface
Jim Pingle
02:39 AM pfSense Packages Feature #7794: FRR pkg pfsense no metric-type option in OSPF redistribute section of web-interface
Tried latest stable 2.4.4-p3 with 6.0.2, everything is fine, I can assign metric type on any types of redistributed r... Constantine Kormashev
07:12 AM pfSense Packages Feature #7792 (Resolved): FRR pkg pfsense can not wok as ABR with stub areas (no stub area bit)
Jim Pingle
04:15 AM pfSense Packages Feature #7792: FRR pkg pfsense can not wok as ABR with stub areas (no stub area bit)
Tried on latest stable 2.4.4-p3 with 6.0.2, it works fine, stub areas are handled by cisco router without issue. Constantine Kormashev
05:10 AM Bug #9669: dhcrelay stops working after certain time
Thanks, I'll try it out and report back in a few of days. Luki TJ
02:06 AM pfSense Packages Bug #8811: in pfblockerng when change Rule Order generates duplicate all rules.
I experienced this bug in an even worse manner. It duplicated all rules until my pfSense installation crashed with an... Jens Rauch

08/05/2019

10:39 PM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries
Also experiencing this issue on 2.4.4-p2 and now 2.4.4-p3. If FQDNs are remove the table updates correctly. Due to ... Justin J
04:39 PM Revision a264f870: Instead of restarting pkgs, add an IPsec reload hook they can use instead. Fixes #9668
Jim Pingle
04:25 PM pfSense Docs Correction #9673 (Closed): Feedback on Installing and Upgrading — Download Installation Media
*Page:* https://docs.netgate.com/pfsense/en/latest/book/install/download-installer-image.html
*Feedback:*
Custo...
Doug McIntire
04:01 PM pfSense Docs Correction #9672 (Closed): Feedback on Backup and Recovery — Using the AutoConfigBackup Package
*Page:* https://docs.netgate.com/pfsense/en/latest/backup/autoconfigbackup.html
*Feedback:*
Page needs to be up...
Doug McIntire
03:43 PM pfSense Docs Correction #9671 (Closed): Feedback on Hardware — Hardware Selection
*Page:* https://docs.netgate.com/pfsense/en/latest/hardware/selection.html
*Feedback:*
"The SG-1000 firewall is...
Doug McIntire
03:33 PM Revision 15701e03: Restart packages at the end of rc.newipsecdns. Fixes #9668
Not an ideal solution but it does ensure that FRR routes function after
an IPsec event.
Jim Pingle
03:31 PM pfSense Docs Correction #9670 (Closed): Feedback on Backup and Recovery
*Page:* https://docs.netgate.com/pfsense/en/latest/backup/index.html
*Feedback:*
Reference to pfSense Gold Subs...
Doug McIntire
12:29 PM Bug #9669: dhcrelay stops working after certain time
commit:f427d68dbca5ed9941b3bc01be1c4d81417c134f is the one for RELENG_2_4_4 Jim Pingle
12:07 PM Bug #9669: dhcrelay stops working after certain time
Thank you for the quick response.
I can try out the Patch, but the issue is to minor to switch to a development re...
Luki TJ
07:16 AM Bug #9669 (Feedback): dhcrelay stops working after certain time
Can you test this, at least temporarily, on a 2.5.0 snapshot? Changes were made for #9466 which might affect this beh... Jim Pingle
06:34 AM Bug #9669: dhcrelay stops working after certain time
Edit:
Found some other reports on the Forum:
https://forum.netgate.com/topic/136135/pfsense-2-4-4-dhcp-relay-i...
Luki TJ
06:19 AM Bug #9669 (Duplicate): dhcrelay stops working after certain time
dhcrelay service stops working after a few days runtime of the process.
I have one host connected to igb5.8 (opt1) w...
Luki TJ
11:53 AM Bug #9668: Running /etc/rc.newipsecdns breaks FRR BGP on VTI interfaces
Second solution is better but still not ideal. Rather than restarting all packages, when IPsec is reloaded via rc.new... Jim Pingle
10:40 AM Bug #9668 (Feedback): Running /etc/rc.newipsecdns breaks FRR BGP on VTI interfaces
Applied in changeset commit:15701e03e36051907a23ddbe5ab04f42c94c0944. Jim Pingle
10:35 AM Bug #9668: Running /etc/rc.newipsecdns breaks FRR BGP on VTI interfaces
Not an FRR issue. The IPsec interface goes away and comes back, and it never latches back on. FRR needs to be restart... Jim Pingle
03:36 AM Bug #9668: Running /etc/rc.newipsecdns breaks FRR BGP on VTI interfaces
Confirmed same behavior on latest 2.5.0 snapshots. Chris Linstruth
03:03 AM Bug #9668 (Resolved): Running /etc/rc.newipsecdns breaks FRR BGP on VTI interfaces
Running /etc/rc.newipsecdns breaks FRR BGP on VTI interfaces
Create a simple FRR BGP session across an IPsec VTI
...
Chris Linstruth
07:19 AM Bug #9666 (Rejected): RADIUS Accounting Failed
There is not enough information here for a valid bug report. This site is not for support or diagnostic discussion.
...
Jim Pingle
12:28 AM Bug #9666 (Rejected): RADIUS Accounting Failed
Radius Accounting failure after update. No problem with previous version (2.4.4-P2) Sher Louie Sioteco
05:49 AM Bug #9634: rc.newwanipv6 is called although dhcp6c should discard Request messages
Seems to work just fine.
(I had to disable the periodic reset of the PPPoE-(WAN-)Interface for the test to work, bec...
Karl Klempner
03:00 AM Bug #9667 (Duplicate): Dynamic DNS is not updated when used with a Multi WAN gateway group
Hi.
I have recently upgraded my pfSense installation from a custom Supermicro server (old 2.1 version) to a NetGat...
Damien Gombault

08/04/2019

04:00 PM pfSense Packages Bug #9665 (Resolved): acme.sh deleting A record for domain along with TXT record for _acme-challenge
I was trying to set up a LetsEncrypt certificate for my domain using Linode's v4 DNS API. I was able to generate the ... Ronnie Thomas

08/03/2019

10:00 AM Bug #9664 (New): DynDNS and Dual-wan problem with CloudFlare (works with No-Ip)
I have a simple setup with dual-wan links and dynamic IPs. I use a No-ip Round Robin setup like this... F. D.Castel
06:26 AM Bug #9663 (Resolved): panic on boot when IPv6 option "Do not wait for a RA" is enabled
When pfsense reboots, it hangs in a boot loop because of a kernel panic.
It is reproducable that it occurs when the...
Michael Geiger

08/02/2019

04:24 AM Feature #1682: second MAC address for one IP address
Just tested this on the most recent release (2.4.4-RELEASE-p3) and it is not a problem anymore to have the same IP an... Adrian Zaugg
03:02 AM pfSense Packages Bug #9662 (New): PfblockerNG do not update after pfsense reboot and wait for next cron task
After rebooting pfsense, pfblockerNG do not launch cron process to update and wait for next cron time.
While next ...
Laurent BONNIN

08/01/2019

10:18 PM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries
Netgate SG-4860 running 2.4.4-RELEASE-p3 (amd64). At least twice I've experienced issues, I assume involving filterd... Art Manion
06:44 AM Feature #9661 (Resolved): Increase the number of DHCP/DHCPv6 NTP server options to three (or more)
It is considered a general best practice to use at least three NTP servers to help identify "falsetickers" (bad clock... Paul Moore

07/31/2019

08:16 AM pfSense Packages Bug #9619: FRR - Prefix Lists
thank you for your willingness to find out what i could have meant,
but really my problem was:
i really could not u...
Jarek Nowak
07:13 AM pfSense Packages Bug #9619: FRR - Prefix Lists
Jarek Nowak wrote:
> Also i did not ask for you validating my rules, if so your answer would be wrong because allowi...
Jim Pingle
02:12 AM pfSense Packages Bug #9619: FRR - Prefix Lists
Jim Pingle wrote:
> The first rule is wrong because a prefix list must contain prefixes, thus it should be @0.0.0.0/...
Jarek Nowak
07:16 AM Bug #9659 (Not a Bug): Failed to remount in single user mode when trying to reset password
You are using ZFS, those instructions are for UFS. You might have some other unrelated issue here, but this site is n... Jim Pingle
02:36 AM Bug #9659 (Not a Bug): Failed to remount in single user mode when trying to reset password
We were using pfSense CE 2.4.4. Since we accidentally
forgot our console admin password, we followed the instruction...
Jarry Shaw
05:50 AM Bug #9660 (Resolved): Syslogd keeps using old IP address after interface IP address change
- Have syslog configured to send log messages using a particular LAN interface
- Check Diagnostics > Sockets, you se...
Anonymous
05:19 AM Bug #9658: Gateway monitor IPs are being put into the routing table
In scenario 1, the firewall is sending traffic out to interfaces it's not supposed to do.
In scenario 2, the monit...
Anonymous

07/30/2019

07:05 PM pfSense Packages Bug #9655: NUT missing from netgate UI
Wow ... yes it is; thank you! ;) Richard Davis
07:01 AM pfSense Packages Bug #9655: NUT missing from netgate UI
Its in your Screenshot as "UPS". Flole Systems
12:58 PM Bug #9561: PPPoe 6RD broken in 2.5
Created a pull request to FreeBSD-src to apply the 6RD changes to 2.5 Ronald Schellberg
12:56 PM Bug #9649: IPv6 6RD Tunnel
Created a pull request to FreeBSD-src to apply the 6RD changes to 2.5 Ronald Schellberg
12:15 PM Bug #9658 (Not a Bug): Gateway monitor IPs are being put into the routing table
This is by design. It has to be that way, or it can't be sure that the monitor address will ping via the correct inte... Jim Pingle
11:17 AM Bug #9658 (Not a Bug): Gateway monitor IPs are being put into the routing table
As the subject says, fpsense puts the IP addresses that are configured as monitor IPs for gateways in the routing tab... Anonymous
11:47 AM Feature #9393: Improved support for USB interfaces that may not always be present
See: https://forum.netgate.com/topic/141347/option-to-hot-plug-some-interfaces Steve Wheeler
10:03 AM pfSense Packages Bug #9657 (Feedback): STunnel fails to generate an rc script
Should hopefully be fixed in pkg version 5.50. I removed one way it could have failed unexpectedly, potentially fixed... Jim Pingle
08:00 AM pfSense Packages Bug #9657 (Resolved): STunnel fails to generate an rc script
In some circumstances the STunnel package fails to generate a default certificate as part on it's install script and ... Steve Wheeler
07:21 AM Bug #9656 (Rejected): DHCPv6 Leases Allowed Memory Size Exhausted
There isn't enough information here for a proper bug report.
For assistance in solving problems, please post on th...
Jim Pingle
06:46 AM Bug #9656 (Rejected): DHCPv6 Leases Allowed Memory Size Exhausted
Hi, I have encountered a bug with the DHCPv6 Leases page under Status in pfSense.
The page crashes after a while of ...
Obel Net
07:16 AM Bug #9357 (Resolved): rc.newwanipv6 called regardless of REASON
Jim Pingle
06:52 AM Bug #9357: rc.newwanipv6 called regardless of REASON
Hi Karl,
thanks for pointing this out! In that case this is fixed in 2.4.4-p3 and it was simply not marked fixed h...
Flole Systems
06:39 AM Bug #9357: rc.newwanipv6 called regardless of REASON
Version 2.4.4-p3 has the following dhcp6c_wan_script.sh which should already ignore the RENEW reason:... Karl Klempner
06:47 AM Bug #9634: rc.newwanipv6 is called although dhcp6c should discard Request messages
I am now testing the following, modified /var/etc/dhcp6c_wan_script.sh:... Karl Klempner

07/29/2019

06:50 PM pfSense Packages Bug #9655: NUT missing from netgate UI
I've tried uninstalling, then installing, and "reinstalling" without success:
*Reinstallation log:*...
Richard Davis
07:17 AM pfSense Packages Bug #9655 (Not a Bug): NUT missing from netgate UI
You just need to reinstall the package. Somehow it isn't fully installed, and there isn't enough information here to ... Jim Pingle
05:50 PM Revision 38809d47: Fix copyright message years to reflect BSDP -> ESF -> Netgate
Renato Botelho
05:44 PM Bug #9362: rc.dyndns.update: Cloudflare DDNS with proxy enabled doesn't work at all
Nathan Hand wrote:
> Underlying problem is /etc/inc/dyndns.class line 799. The value of dnsProxied is passed directl...
Arian K.
11:58 AM Revision f83416bd: Normalize some copyright messages
Renato Botelho
10:57 AM Bug #9649: IPv6 6RD Tunnel
Ronald Schellberg wrote:
> Aaron Unpublished wrote:
> > IPv6 6rd doesn't work on any 2.5.X versions at the moment. ...
Aaron Unpublished

07/28/2019

07:37 PM Bug #9362: rc.dyndns.update: Cloudflare DDNS with proxy enabled doesn't work at all
Underlying problem is /etc/inc/dyndns.class line 799. The value of dnsProxied is passed directly to Cloudflare.
<p...
Nathan Hand
03:37 PM Bug #9649: IPv6 6RD Tunnel
Aaron Unpublished wrote:
> IPv6 6rd doesn't work on any 2.5.X versions at the moment.
>
> Have cable internet. ...
Ronald Schellberg
03:20 PM pfSense Packages Bug #9655 (Not a Bug): NUT missing from netgate UI
After installing the nut package from the package manager on a new netgate system with the built-in theme, the NUT se... Richard Davis
02:53 PM Bug #9654 (New): After reboot, the DNS resolver must be restarted before it will advertise the ipv6 DNS address of the router.
When pfsense ipv6 is configured with DHCPv6 disabled and RA in "Unmanaged" mode, then after reboot, until the resolve... Rick Coats
02:20 PM Bug #7209: Something is seriously wrong with firewall aliases
I just hit this bug today on a fully updated 2.4.4-p3 firewall.
There was an IP Alias named "h_whitelist" containi...
→ luckman212
09:36 AM Feature #9653 (Rejected): Assign Alias from MAC address
No, aliases are for pf and it does not support filtering by MAC address. Jim Pingle
04:14 AM Feature #9653: Assign Alias from MAC address
Also, allows me to to assign ipv6 address alias when I have dynamic ipv6 gateway Dean Attewell
04:11 AM Feature #9653 (Rejected): Assign Alias from MAC address
Can you change Alias assignment to use MAC addresses as well as IP addresses?
So I can have a Xbox which dynamically...
Dean Attewell

07/27/2019

05:07 PM pfSense Packages Bug #9652 (Resolved): Squid Proxy Server /var/squid/lib/ssl_db directory not found in squid.inc
When using the Squid Proxy Server package and Enabling SSL filtering in pfSense 2.5.0, I create an internal-CA and as... Brett Vernor
11:37 AM pfSense Docs Correction #9651: Feedback on Services — DHCP — Configuring the DHCPv6 Server
Ugh.
It looks like the range here should be changed to FC07:1010:1010:*FF00*:: to FC07:1010:1010:FFF0:: (16 /60s) ...
Chris Linstruth
11:35 AM pfSense Docs Correction #9651 (Resolved): Feedback on Services — DHCP — Configuring the DHCPv6 Server
*Page:* https://docs.netgate.com/pfsense/en/latest/dhcp/dhcpv6-server.html
*Feedback:*
For example, if FC07:101...
Chris Linstruth
07:14 AM Bug #9650 (New): IPv6 connection drops (ir-)regular on Kabelvodafone (German cable ISP)...
*Background information*
Kabel Vodafone is the successor of Kabeldeutschland, among other services they offer Busine...
Ingo-Stefan Schilling
06:44 AM Bug #9649 (Resolved): IPv6 6RD Tunnel
IPv6 6rd doesn't work on any 2.5.X versions at the moment.
Have cable internet. Upgraded to the 2.5 and it brok...
Aaron Unpublished

07/25/2019

08:03 PM Revision 57b2f317: Only redirects the user to the default page if no specific page page was set in the querystring
bechaire
04:44 PM Bug #9541 (Resolved): Non-admin user with admin rights is given the wrong URL for the user manager
On 20190725-0909, unable to reproduce the bad behavior. Anonymous
04:37 PM Bug #9611 (Resolved): PHP error on fresh 2.5.0 install or after factory reset
Anonymous
04:37 PM Bug #9611: PHP error on fresh 2.5.0 install or after factory reset
On 20190725-0909, the error is no longer present, new install and resets both work as expected. Anonymous
04:35 PM Feature #9620 (Resolved): User privilege to manage integrated switch
On 20190725-0909, the Switch options are present and work as expected. Anonymous
10:04 AM pfSense Packages Feature #9648: Multiple node Sync HAProxy configuration to backup CARP members via XMLRPC.
XMLRPC is not designed to be used with more than one node. It does, on occasion, but only by accident. Jim Pingle
10:00 AM pfSense Packages Feature #9648 (New): Multiple node Sync HAProxy configuration to backup CARP members via XMLRPC.
We have a cluster of 3x PFSense Firewalls running in 3 AZs on AWS.
FW-A (AZ-A) is configured to sync to FW-B (AZ-B...
Frikkie Botha
04:37 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries
I think I have a similar problem.
My inbound rule did not work with an FQDN in the Alias. (Whitelist for source addr...
Peter van der Kleij

07/24/2019

09:47 AM Bug #9646: OpenSSL 1.1.1 does not list engines for AES-NI or BSD crypto
I can confirm this, but it is not specific to OpenVPN.
OpenSSL 1.1.1 doesn't list AES-NI or the BSD crypto dev, ev...
Jim Pingle
07:25 AM Bug #9646 (Resolved): OpenSSL 1.1.1 does not list engines for AES-NI or BSD crypto
Cannot select BSD Crypto Device under OPENVPN clients - Hardware Crypto, it only has No Hardware Crypto Acceleration. Vance Emerson
08:13 AM Bug #9647 (Resolved): hn0: driver does not support altq
As subject says, hn0 on 2.5.0 does not support ALTQ.
You get error after traffic shaper wizard starts to reload rule...
Greg M
08:13 AM Bug #9643: Limiters do not function properly on 2.5 snapshots
Hmmm OK, I have Hyper-V, 2.5.0 and pppoe.
But weird is, that on when applied on IN direction on LAN it works ok.
Greg M
07:09 AM Bug #9643: Limiters do not function properly on 2.5 snapshots
The two cannot be related. ALTQ is not used for limiters.
I have also seen a similar situation on 2.5 where limite...
Jim Pingle
01:20 AM Bug #9643: Limiters do not function properly on 2.5 snapshots
Hi again.
I restored config on 2.4.4-p3 and this are working just fine there.
I believe this on is related to h...
Greg M
07:10 AM Bug #8954: hn0: driver does not support altq
Please open a new issue with specific error messages and reference this one there. Jim Pingle
01:21 AM Bug #8954: hn0: driver does not support altq
Restored to 2.4.4-p3 and output is: hw.hn.use_if_start: 1
Clean install 2.5.0 snapshot: hw.hn.use_if_start: 0
Greg M

07/23/2019

03:39 PM Revision 84a5e2db: Revert "Disable snort3 on armv7. It's broken"
This reverts commit 987377b0c968f588997d111d5d4bc88293550d3b. Renato Botelho
01:33 PM Revision 9c763eb4: Make sure TSC is disabled on armv7
Renato Botelho
09:09 AM Bug #9645: "Bypass firewall rules for traffic on the same interface" does not work as expected
Perhaps the order or the length of the filters?
Or a race condition (https://lists.freebsd.org/pipermail/freebsd-net...
Grischa Zengel
08:38 AM Bug #9645 (Not a Bug): "Bypass firewall rules for traffic on the same interface" does not work as expected
Your manual rule is functionally identical to the automatic rule. Something else must have changed.
There is no bu...
Jim Pingle
07:19 AM Bug #8954: hn0: driver does not support altq
Hello!
This one is back in 2.5.0 snapshots.
Greg M

07/22/2019

08:46 PM Bug #9645: "Bypass firewall rules for traffic on the same interface" does not work as expected
Here are my rules for this interface:... Grischa Zengel
08:38 PM Bug #9645 (Not a Bug): "Bypass firewall rules for traffic on the same interface" does not work as expected
I have to use asymmetric routing. P1 (default gateway) routes to P2 on the same subnet. ICMP redirect doesn't work be... Grischa Zengel
07:04 PM Bug #9450: Multiwan gateway group fail-over not working as expected (possible race condition)
Adding these log snippets. They are groups of dpinger gateway logs followed by the system logs for the corresponding ... Chris Linstruth
04:09 PM Bug #9577: radvd send_ra_forall failed on interface / can't join ipv6-allrouters
Greg M wrote:
> Now I don`t have above any more but I have this (but everything is working just fine):
>
IPv6 fo...
Manuel Piovan
07:47 AM Bug #9577: radvd send_ra_forall failed on interface / can't join ipv6-allrouters
Now I don`t have above any more but I have this (but everything is working just fine):
Jul 22 14:44:54 radvd 406...
Greg M
02:09 PM pfSense Docs Correction #9644 (Closed): Feedback on Network Address Translation — Accessing Port Forwards from Local Networks
*Page:* https://docs.netgate.com/pfsense/en/latest/nat/accessing-port-forwards-from-local-networks.html
*Feedback:...
Steve Wheeler
10:05 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries
Rudolf Mayerhofer wrote:
> As a follow up: With 30 seconds resolve interval things are still working fine one month ...
Eduard Rozenberg
07:17 AM Bug #9643 (Closed): Limiters do not function properly on 2.5 snapshots
Hi all!
Discussion here: https://forum.netgate.com/topic/145091/quick-question-about-limiters
I think there is ...
Greg M

07/21/2019

03:53 PM Feature #6626: Support for IPv6 firewall entries with dynamic delegated prefix and static host address
A global variable with the current delegated IPv6 prefix in CIDR form, which could be used in firewall aliases would ... Michael Smith
11:40 AM Feature #9642: Add DDNS support for dynv6.com
Correction from above:
To update an A record use the following url:
https://ipv4.dynv6.com/api/update?hostname=yo...
Isaac McDonald
11:33 AM Feature #9642 (Resolved): Add DDNS support for dynv6.com
Dynv6.com (https://dynv6.com/) provides dynamic DNS for A and AAAA records free of charge. The API is documented here... Isaac McDonald
11:20 AM Bug #9641: Dynamic DNS cannot update AAAA records on 6rd tunnel interfaces bound to PPPoE interfaces
I inadvertently opened this ticket while I was still in the process of creating it. Please disregard the original sub... Isaac McDonald
11:15 AM Bug #9641 (Resolved): Dynamic DNS cannot update AAAA records on 6rd tunnel interfaces bound to PPPoE interfaces
I get the following error when trying to update the AAAA record for a 6rd tunnel interface:
_/services_dyndns_edit...
Isaac McDonald

07/19/2019

01:38 PM pfSense Packages Bug #9640 (Feedback): FRR redistribution route maps not functional
Fix is in FRR pkg version 0.6.2, which will be available shortly. Jim Pingle
01:34 PM pfSense Packages Bug #9640 (Resolved): FRR redistribution route maps not functional
Setting a route map on the redistribution options does not work.
In vtysh, doing a 'show' on the route map says OS...
Jim Pingle
09:47 AM Bug #9295: IPv6 PD does not work with PPPOE (Server & Client)
Seems like IPv6 is not on the priority list of the currently active devs, or nobody fully understands it. There are q... Flole Systems
07:40 AM Feature #4881: Allow NPt to use dynamic IPv6 networks
Any update here? We need dynamic Prefix support for IPv6 Multi WAN. Car F

07/18/2019

10:47 PM Bug #8235: The browser must support cookies to login
I have the same problem under different circumstances. I bought a new firewall to upgrade hardware. Pfsense web ui wo... Bob Frank
08:49 PM Feature #6414: SSHD listening on multiple ports
You can port forward now in a handful of clicks, it's simple and not at all complicated. Listening on multiple ports ... Jim Pingle
08:47 PM Feature #6414: SSHD listening on multiple ports
Jim Pingle wrote:
> Never expose SSH to WAN. Security by obscurity is not obscurity.
The purpose of this is to we...
Ben L
08:29 PM Feature #6414 (Rejected): SSHD listening on multiple ports
Never expose SSH to WAN. Security by obscurity is not obscurity.
And if you use key-only auth, the rest doesn't ma...
Jim Pingle
08:04 PM Feature #6414: SSHD listening on multiple ports
One use case for this is exposing ssh on the WAN on a non-standard high port so as to minimise exposure to random dri... Ben L
12:59 PM Feature #9639 (Resolved): Cloudflare DDNS "API Token"
Request to add support for new Cloudflare API Token to allow for managed access and permissions for DDNS updates.
> ...
theodore adams
12:06 PM Revision 987377b0: Disable snort3 on armv7. It's broken
Renato Botelho
11:57 AM Bug #9634: rc.newwanipv6 is called although dhcp6c should discard Request messages
The entire script is broken, even RENEW should be ignored and just REBIND should actually matter. See #9357 for a pat... Flole Systems
09:18 AM pfSense Docs Correction #9638 (Resolved): Feedback on High Availability — Configuring High Availability
*Page:* https://docs.netgate.com/pfsense/en/latest/highavailability/configuring-high-availability.html
*Feedback:*...
Danilo Zrenjanin
09:11 AM Bug #9295: IPv6 PD does not work with PPPOE (Server & Client)
Sadly nobody is taking care of handling this bug... My ticket is 6 month old now. Dirk Steingäßer
08:49 AM Bug #9295: IPv6 PD does not work with PPPOE (Server & Client)
Do I get this bug right?
If my upstream WAN connection is PPPoE and I try to delegate prefixes via DHCPv6 it won't w...
Pim Pish
08:42 AM pfSense Docs Correction #9637 (Resolved): Feedback on High Availability — Example Redundant Configuration
*Page:* https://docs.netgate.com/pfsense/en/latest/book/highavailability/example-redundant-configuration.html
*Fee...
Danilo Zrenjanin
07:33 AM Bug #9636 (Not a Bug): uninstall packages
That sounds like a problem with your config or environment. I can't reproduce it here.
For assistance in solving p...
Jim Pingle
07:23 AM Bug #9636 (Not a Bug): uninstall packages
if i try to uninstall any package
Package Removal
Please wait while the update system initializes
nothing else...
Manuel Piovan
03:35 AM Feature #6240: vxlan driver
+1 Max Green

07/17/2019

08:20 PM Bug #9561: PPPoe 6RD broken in 2.5
Doesn't appear that "pfSense patch stf_6rd.diff", ticket 7272 (commit cb59ac304d30d5009537d7de0429792fb33d3db0 which ... Ronald Schellberg
06:22 PM pfSense Packages Bug #9635 (Resolved): lldpd (and probably ladvd) doesn't work on units with an integrated switch
It appears the GUI configuration doesn't probably figure out what interface is selected. For example,
No matter wh...
Brendon Baumgartner

07/16/2019

04:10 PM pfSense Packages Bug #5168: squid doesn't function during/after HA failover
Zeev Zalessky wrote:
> Hello,
>
> any updates with this issue?
> i have 200 vlans on my firewall and adding 200...
Adam Gibson
06:45 AM pfSense Packages Feature #9521: Upgrade to HAProxy 1.9
haproxy 2.0 is available in ports 2019Q3 Torben Hørup

07/15/2019

03:59 PM Bug #9634 (Resolved): rc.newwanipv6 is called although dhcp6c should discard Request messages
pfsense sends DHCPv6 Request messsages to ff02::1:2 on its WAN interface at an interval of about 7 seconds. As this i... Karl Klempner
01:52 PM Feature #9633 (New): PPPoE/L2TP Server Status Page
MPD includes a built-in web server that can be used to poll status information. There is also a telnet console, but t... Jim Pingle
06:25 AM Bug #9632: DynDNS not updating IP address for DNSExit
2.4.4-RELEASE-p3 (amd64) built on Wed May 15 18:53:44 EDT 2019 FreeBSD 11.2-RELEASE-p10
Jay Murphy
06:22 AM Bug #9632 (Resolved): DynDNS not updating IP address for DNSExit
When using the DNSExit dynamic DNS service, the IP address changes and the "Save & Force Update" button is clicked, t... Jay Murphy

07/14/2019

02:06 PM Feature #6626: Support for IPv6 firewall entries with dynamic delegated prefix and static host address
Same issue here. I need the ability to filter/firewall some hosts IPV6 traffic just the same as IPV4 traffic. Right n... Nathan Stansell
01:03 PM Bug #9631: Multicast-Routing realy supported in actual pfSense !!??

Discussion- https://forum.netgate.com/topic/139218/sonos-speakers-and-applications-on-different-subnets-vlan-s
Chris Palmer
08:26 AM Bug #9631 (Closed): Multicast-Routing realy supported in actual pfSense !!??
Hello,
After realy huge effort trying to make multicast across subnets work, I seriously doubt if multicast is ena...
Louis B
02:39 AM Bug #9630 (Duplicate): cannot config WAN down que (Codel limiters) in floating rule without blocking incoming traffic.
I had same configuration that worked in 2.4.4. I had Codel limiters set in floating rule to limit users for QOS. I h... Vance Emerson
 

Also available in: Atom