Activity

30 days up to

User

Subprojects

Activity

From 08/20/2019 to 09/18/2019

09/18/2019

11:22 PM Bug #6846: System misreporting Super Micro C2558 platform as Super Micro C2758: A1SAi Travis Erdmann
07:03 AM Bug #6846: System misreporting Super Micro C2558 platform as Super Micro C2758: Travis Erdmann wrote:
> hw.model: Intel(R) Atom(TM) CPU C2558 @ 2.40GHz
And what is the output of:... Renato Botelho
08:23 PM Revision 3abcd547: Setup shortcuts for packages. Fixes #9770: Jim Pingle
08:23 PM Revision f14ab2c6: Setup shortcuts for packages. Fixes #9770: (cherry picked from commit 37213abe96e83884b4a8ffbbbb7cc759cd2799ec) Jim Pingle
05:10 PM Revision 9f2a58b5: Remove variable from gettext string: Renato Botelho
05:10 PM Revision 4597011d: Remove line commented out in 2015: Renato Botelho
05:01 PM Revision 1889f3e7: Remove code commented out in 2008: Renato Botelho
03:42 PM Revision bf03bee2: Allow Dynamic DNS wildcards for Route53 #9053: (cherry picked from commit 0b230bb2957d32059ea4610965a9507346a1d3e9) Tom Embt
03:39 PM Revision 9133e01d: Fix #9285: Move ping-check option from global to per-subnet: (cherry picked from commit 5197e3e3a3b0ee048785e2ffb4222d7cba4e6c74) Renato Botelho
03:38 PM Revision 13980a4f: Add IPsec DH/PFS groups 25/26/27. Implements #9757: (cherry picked from commit 21bee0287caf76bb7ab63ec29b0ecf7435940a06) Jim Pingle
03:38 PM Revision a033a446: Add wizard select_source & use for OpenVPN DH. Fixes #9748: (cherry picked from commit 52f686a97f77cfd00ddb69088bef7164676d4117) Jim Pingle
03:38 PM Revision a4bcbc3e: Add additional DHCPv6 prefix delegation size options to dropdown list on interface settings.: - implements #9590
(cherry picked from commit 51dc008bfebef50bc4be9ff2a894e176ba013866) Andreas Bleischwitz
03:38 PM Revision 789b545b: openvpn: cleaning default case handling in switch statements: (cherry picked from commit f93ec3853fc0c01760606994422e9e8fc0d645c9) Vito Piserchia
03:38 PM Revision 83011d13: change after review: (cherry picked from commit f08369ec248f2733eb2b69db23aa042e27ec04de) Vito Piserchia
03:38 PM Revision 83929cea: Update text: (cherry picked from commit cef01bcb95add6acc13edb16739e10d7ed8ba6e2) Vito Piserchia
03:38 PM Revision 45d6f551: Added tlsauth keydir options to openvpn client and server: (cherry picked from commit 8698f918d170d3836037d3a39b4e1f8aa6389f6d) Vito Piserchia
03:38 PM Revision 6c203c2f: Deduplicate code in openvpn.inc: (cherry picked from commit f7335af377d41262654bdbd7d7cf0e2993fb71d1) Renato Botelho
03:38 PM Revision 22ee846c: Remove unnecessary variable: (cherry picked from commit 1d13560cb36db0d5f7cec9fa9d6295445333ba95) Renato Botelho
03:37 PM Revision 1bcb05e4: Improve efficiency of resync checks.: GW Group changes are checked iff the interface is not the empty string or the interface in question is not the same a... James Webb
03:37 PM Revision f5e2f7dc: Add ability for OpenVPN instances to resync on IP changes and on boot.: OpenVPN instances resync if interface IP change occurs.
At boot, the interface is the empty string, so resync is mand... James Webb
03:37 PM Revision 2b909be9: Add else clause for cases when OpenVPN interface file does not exist.: - Prevents potential race condition at startup resulting in failure to start OpenVPN instances.
- In cases where inte... James Webb
03:37 PM Revision c3b023f5: Update openvpn.inc to allow OpenVPN instances to resync when running on a gateway group.: Implementation now checks if OpenVPN client/server running on gateway group should resync when IP changes occur or if... James Webb
03:37 PM Revision 86040ba2: Remove deprecated comments since username tag got CDATA: (cherry picked from commit 1dcaf2d816721704bfb05ae2587c09e37c873e71) Renato Botelho
03:37 PM Revision 994f803f: Ticket #6195: Use CDATA on username tag: After discuss with JimP we agreed it would be a better approach than
bdaa5235d4 if we add username tag to the list of... Renato Botelho
03:37 PM Revision b0f317fd: Fix interface/config alignment on interfaces_ppps_edit.php. Fixes #9741: (cherry picked from commit d81f270454ec66680cb645c0d3c13f9431d9c026) Jim Pingle
03:37 PM Revision 88a41391: Fix handing of DNSimple API response: It seems DNSimple started using HTTP/2, which broke the regex the dnsimple updater was using to check for success. I ... Paul Sadauskas
03:37 PM Revision 9f36302e: Was failing the check if clicking test notifications twice in a row. So it was saving the asterisks and overwriting the current password.: (cherry picked from commit 6176862f98749e15524e02ccaa705b65c498ceed) John Forte
03:36 PM Revision 535b07f7: Do not use constructor with the same name of class, it's going to be deprecated: (cherry picked from commit d43154fee7d7c2a5a007f36da7d86a94bd197a85) Renato Botelho
03:36 PM Revision 0ffbf1e7: Fix PHP warning: (cherry picked from commit b94eb4b90540dfb294376d6578aa9e9cbec63be9) Renato Botelho
03:36 PM Revision 15d4aede: Fixed #8014: Fixed wildcard variable not being set correctly.
Updated CURLOPT_URL according to provider's documentation.
Added sup... kristoffer-ekenstam
03:36 PM Revision 7112400e: Add more color choices for login screen: (cherry picked from commit 1fe82d1dc90969fad058819ce6e7b6001382191e) Mix Room
03:36 PM Revision 5725f53c: Make factory test case insensitive: (cherry picked from commit 552a41fbd37aa61f50e62f29876485c9775345cc) Steve Beaver
03:36 PM Revision e553d3d0: Revise update check to provide a more consistent version string, and to provide it in JSON format: (cherry picked from commit 819165020041ee46f423a7ead5aca855dac28cdb) Steve Beaver
03:36 PM Revision 8c501800: IPsec ID type parsing changes. Fixes #9243: * Move code to function to avoid unnecessary duplication of code
* Clean up the logic to avoid further redundancies
*... Jim Pingle
03:36 PM Revision a00fcaa6: Fix CA/Cert search description. Issue #9412: (cherry picked from commit f30da999bc135fe80eda2eeddcc0cc1350a989d3) Jim Pingle
03:36 PM Revision 886a03a4: Fix bonus closing tag. Issue #9412: (cherry picked from commit dd4fb72cfa8c0904d3cc7eae6ec01c2493f113f7) Jim Pingle
03:36 PM Revision ebfbb362: Add sorting and search to CA/Certs. Implements #9412: (cherry picked from commit 14973058752f8b19f63af5c45b3f7b42560ae432) Jim Pingle
03:36 PM Revision df40c93b: Routing, actually show the "(default)" mark on the default route as it is present on the OS: Most obvious problem was when manually switching from WANGW1 to WANGW2 it showed both as (default) after saving the s... PiBa-NL
03:36 PM Revision ef2e3b5d: Also trim if() statement: (cherry picked from commit d6601c8f0012f8eb784a285636ba9cca19d37f89) A FL
03:36 PM Revision a9a90af6: add trim() to $_POST['auth_user'] & $_POST['auth_user2']: (cherry picked from commit 28a5469e25229ee0b922c7cd976cf510b73b5c7d) jeroen van breedam
03:35 PM Revision 1ef5b31b: Bug #9218: (cherry picked from commit adc6ddbdbbb465fd3cb58d931465ac93b1fdedb6) d j
03:35 PM Revision 399e1385: Only apply group size restriction to local groups. Implements #3792: (cherry picked from commit 8d4f79cd5fdfe1c5c47f39bc0f92f63268b4593e) Jim Pingle
03:35 PM Revision 3184695e: Fixed #9693: Allow ACB to be suppressed by including magic string in the backup description
Transmit max number of manual backups ... Steve Beaver
03:35 PM Revision de209dea: Fixed #9687: Remove all referenes to legact/Gold ABC system
(cherry picked from commit f01c09914d50618b29f17853d4a69ed6973330cd) Steve Beaver
03:35 PM Revision 7ba8d654: Instead of restarting pkgs, add an IPsec reload hook they can use instead. Fixes #9668: (cherry picked from commit a264f870479c36ac1599b936bbdd547f0f8a99ec) Jim Pingle
03:34 PM Revision 64c18f53: Restart packages at the end of rc.newipsecdns. Fixes #9668: Not an ideal solution but it does ensure that FRR routes function after
an IPsec event.
(cherry picked from commit 1... Jim Pingle
03:34 PM Revision aa08527d: Fixed #9586 by detecting if option list includes /0 or not: (cherry picked from commit 7ec80e763f7e8357a4e5b0d2d57546cfd5d0f0f0) Steve Beaver
03:33 PM Revision 2c29eaf9: Allow Dynamic DNS wildcards for Cloudflare #9361: (cherry picked from commit acfc36435c5a06e188917d11598f999a37f78469) Tom Embt
03:33 PM Revision 65916f88: Update dyndns.class: (cherry picked from commit 0c43f8256edf08e473caae8c7dad0936ada2fd90) Matthew Fine
03:33 PM Revision a7a19a8b: Update services.inc: (cherry picked from commit 443a8b1beca07d1490f170c972c1c00ecb39baa7) Matthew Fine
03:33 PM Revision 8c6b6ea2: Update services_dyndns_edit.php: (cherry picked from commit 8b3e2e26f3082c78979842992acd1849ba42fcb3) Matthew Fine
03:33 PM Revision 98375c63: Azure DDNS whitespace only: (cherry picked from commit ed5b58a752a2241ce052851def2a7c846361146d) Tom Embt
03:32 PM Revision d94886a8: Linode Dynamic DNS syntax fixes: (cherry picked from commit bd0a29ea21d0a5230b74410a7a4c1289fef38e89) Tom Embt
03:32 PM Revision e77f993f: Add Dynamic DNS support for Linode #9268: (cherry picked from commit b923a8251ca4b899936156db48fb9253745c41e3) Tom Embt
03:30 PM Bug #9770 (Feedback): XML-based Packages do not activate shortcuts: Applied in changeset commit:f14ab2c616e12e083143de458af67ebd08aa1636. Jim Pingle
03:23 PM Bug #9770 (Resolved): XML-based Packages do not activate shortcuts: When using XML-based packages like stunnel or iperf, shortcuts are not activated as the package does not have a way t... Jim Pingle
03:27 PM Revision 2fb3b9bd: Fix AzureV6 DynDNS client: `AAAARecords` in the Azure DNS API is case sensitive
Documentation: https://docs.microsoft.com/en-us/rest/api/dns/re... Tyler Szabo
03:05 PM Revision 5beb11e6: Fixed #8907: Support field size option in select control
(cherry picked from commit 7f486e5af62396622ca63b922ec6725de4df2bb5) Steve Beaver
09:35 AM pfSense Packages Feature #9751 (Resolved): Need an "inclusive" and "exclusive" method of specifying ports: Jim Pingle
09:31 AM pfSense Packages Feature #9751: Need an "inclusive" and "exclusive" method of specifying ports: Works great now! Thanks! George Phillips
01:08 AM pfSense Packages Feature #9751: Need an "inclusive" and "exclusive" method of specifying ports: Good change Jim Denny Page
07:34 AM Bug #9478 (Resolved): Unable to check for updates from the GUI when using a proxy with authentication: Nice!
It works from the GUI and shell now. Jim Pingle
06:14 AM Feature #9769: listallcerts - pfSsh.php script to show all certificates in console: https://github.com/pfsense/pfsense/pull/4088 Viktor Gurov
06:13 AM Feature #9769 (Closed): listallcerts - pfSsh.php script to show all certificates in console: Show you all certificates in console, like System / Certificate Manager / Certificates
code mostly taken from syst... Viktor Gurov

09/17/2019

07:45 PM Bug #6846: System misreporting Super Micro C2558 platform as Super Micro C2758: hw.model: Intel(R) Atom(TM) CPU C2558 @ 2.40GHz Travis Erdmann
03:38 PM Bug #6846 (Feedback): System misreporting Super Micro C2558 platform as Super Micro C2758: Travis, could you please run the following command and show me the output?... Renato Botelho
03:52 PM Revision 7529f168: Add GUI option for IPsec tunnel closeaction. Fixes #9767: (cherry picked from commit 85c85e89ec7fad6974cd008d1f25676adf8e288d) Jim Pingle
03:52 PM Revision 85c85e89: Add GUI option for IPsec tunnel closeaction. Fixes #9767: Jim Pingle
02:59 PM Revision 5197e3e3: Fix #9285: Move ping-check option from global to per-subnet: Renato Botelho
02:44 PM Revision cea3a6b1: Remove redundant if: Renato Botelho
11:00 AM Bug #9767 (Feedback): Interesting Traffic Will not Initiate an IPsec VTI tunnel.: Applied in changeset commit:85c85e89ec7fad6974cd008d1f25676adf8e288d. Jim Pingle
08:20 AM Bug #9767: Interesting Traffic Will not Initiate an IPsec VTI tunnel.: The behavior is consistent with the config, which is set for @auto=start@. That connects at startup, but won't reconn... Jim Pingle
10:05 AM Bug #6843 (Not a Bug): Version inconsistency after updating to 2.3.2_1: Probably a local issue, pfSense-upgraded changed a lot since then and it's working much better these days Renato Botelho
10:05 AM Feature #9285 (Feedback): Add an option to disable the ping-check in dhcpd: Applied in changeset commit:5197e3e3a3b0ee048785e2ffb4222d7cba4e6c74. Renato Botelho
10:04 AM pfSense Packages Bug #7471 (Rejected): Cellular pkg errors on install: Probably it was fixed by other changes but today package can be installed/deinstalled and upgraded without any issues... Renato Botelho
08:27 AM Revision 524f1e87: cosmetic fixes,- tabs, spaces: Viktor Gurov
08:16 AM Bug #9478 (Feedback): Unable to check for updates from the GUI when using a proxy with authentication: pfSense-upgrade 0.69 should fix it Renato Botelho
08:00 AM pfSense Packages Bug #9760 (Resolved): FRR: "Log Adjacency Changes" Option in "OSPF Settings" not working.: Jim Pingle
07:52 AM pfSense Packages Bug #9760: FRR: "Log Adjacency Changes" Option in "OSPF Settings" not working.: I tested the fix and it works well.
Thank you very much! Bruno Solal

09/16/2019

06:16 PM Feature #9768: IPsec for site-to-site scenario where one side has dynamic ip: Other areas of pfSense assume things about that address, like making static routes for the peer, setting up DNS monit... Jim Pingle
05:45 PM Feature #9768: IPsec for site-to-site scenario where one side has dynamic ip: IPsec settings of pfSense is only wrapper for the strongSwan.
You need only generate correct ipsec.conf from webform... Vladimir Dzhivsanov
05:39 PM Feature #9768: IPsec for site-to-site scenario where one side has dynamic ip: Where did I say that? It might be nice to have eventually. This is still open, not rejected. But it's not as simple a... Jim Pingle
05:36 PM Feature #9768: IPsec for site-to-site scenario where one side has dynamic ip: Why you don't want implement it ? Vladimir Dzhivsanov
05:33 PM Feature #9768: IPsec for site-to-site scenario where one side has dynamic ip: Yes, hence "Room for improvement".
The subject and description imply it isn't possible at all. No mention of multi... Jim Pingle
05:31 PM Feature #9768: IPsec for site-to-site scenario where one side has dynamic ip: Jim Pingle wrote:
> We have not ignored this. You can already do this now. Use DynDNS hostname for the peer, or othe... Vladimir Dzhivsanov
05:26 PM Feature #9768: IPsec for site-to-site scenario where one side has dynamic ip: We have not ignored this. You can already do this now. Use DynDNS hostname for the peer, or other methods like using ... Jim Pingle
05:17 PM Feature #9768 (Duplicate): IPsec for site-to-site scenario where one side has dynamic ip: In practice really many sys admins have a need to configure IPsec tunnel for the situation as in subject.
I have s... Vladimir Dzhivsanov
06:11 PM Revision 7e531471: same boolean logic as for hosts: Viktor Gurov
05:44 PM Revision 8e7a1515: Sanitize barnyard_dbpwd in status.php output. Fixes #9764: (cherry picked from commit 24994f9a9df9a44e36cb544586684a5fecd61cda) Jim Pingle
05:44 PM Revision e3f64473: status.php: Sanitize snort/suricata oink and etpro codes.: (cherry picked from commit 17640476a57a41415fec579c40faebbfeff0022d) Jim Pingle
05:44 PM Revision 18f632b9: status.php: Restrict thoth tests to arm64. Fixes NG 2569: (cherry picked from commit 12cf8e3fd03ab48f8798e148378e532758621a50) Jim Pingle
05:42 PM Revision 24994f9a: Sanitize barnyard_dbpwd in status.php output. Fixes #9764: Jim Pingle
05:38 PM Revision 9f5ce9d4: Correct input validation for firewall rule VLAN priority/set. Fixes #9763: (cherry picked from commit 93db39ba1b7a72ad936a76aee2fe059a35b8af40) Jim Pingle
05:37 PM Revision 93db39ba: Correct input validation for firewall rule VLAN priority/set. Fixes #9763: Jim Pingle
03:08 PM Revision 34cfd588: added to input space-separated list of ports: Viktor Gurov
02:54 PM Revision b729b5b8: restartallwan script: Viktor Gurov
02:29 PM Bug #9767 (Resolved): Interesting Traffic Will not Initiate an IPsec VTI tunnel.: Interesting Traffic Will not Initiate an IPsec VTI tunnel.
Steps to reproduce:
Configure a VTI tunnel between t... Chris Linstruth
12:51 PM pfSense Packages Bug #9760 (Feedback): FRR: "Log Adjacency Changes" Option in "OSPF Settings" not working.: You are correct, that test was wrong. I pushed a fix. Thanks! Jim Pingle
12:50 PM Bug #9764 (Feedback): status.php: Sanitize barnyard_dbpwd: Applied in changeset commit:24994f9a9df9a44e36cb544586684a5fecd61cda. Jim Pingle
03:51 AM Bug #9764: status.php: Sanitize barnyard_dbpwd: snort only issue,
suricata ok:... Viktor Gurov
03:43 AM Bug #9764 (Resolved): status.php: Sanitize barnyard_dbpwd: config-sanitized.xml retain <barnyard_dbpwd> entry:... Viktor Gurov
12:45 PM Bug #9763 (Feedback): Trying to set VLAN Priority causes error: Applied in changeset commit:93db39ba1b7a72ad936a76aee2fe059a35b8af40. Jim Pingle
11:08 AM pfSense Packages Feature #9765: Update iperf package to iperf3: Didn't add any options yet, only converted the existing setup to iperf3. If it works as expected, then we can look at... Jim Pingle
11:07 AM pfSense Packages Feature #9765 (Feedback): Update iperf package to iperf3: Jim Pingle
09:41 AM pfSense Packages Feature #9765 (Resolved): Update iperf package to iperf3: iperf2 is obsolete at this point and iperf3 contains a number of useful additional features such as reverse testing a... Steve Wheeler
10:21 AM Feature #9766: diag_packet_capture.php: allow to input multiple tcp/udp ports: https://github.com/pfsense/pfsense/pull/4087 Viktor Gurov
10:20 AM Feature #9766 (Resolved): diag_packet_capture.php: allow to input multiple tcp/udp ports: Ability to use space-separated list of TCP/UDP ports in diag_packet_capture.php
it uses count() for loop instead o... Viktor Gurov

09/14/2019

11:28 AM Bug #9763 (Confirmed): Trying to set VLAN Priority causes error: Jim Pingle
10:58 AM Bug #9763 (Resolved): Trying to set VLAN Priority causes error: I used to have a rule with VLAN Prio set to VOICE since a few years (so this rule was there during the upgrade to cur... Flole Systems
09:50 AM pfSense Packages Feature #9762 (Pull Request Review): Squid Reverse Proxy Change redir domain(s) to use regex: Jim Pingle
07:05 AM pfSense Packages Feature #9762 (Resolved): Squid Reverse Proxy Change redir domain(s) to use regex: Change the ACL for reverse proxy redirects from using the rather limited "dstdomain" to using "dstdom_rexex".
This m... Johan Samuelsson
09:49 AM Bug #9761 (Not a Bug): Crash report details: No PHP errors found.: There isn't enough information here to say what happened or if it was a bug, and that info file isn't a crash report.... Jim Pingle
06:31 AM Bug #9761 (Not a Bug): Crash report details: No PHP errors found.: This is the first time I have had a crash occur on pfSense. I am just a (simple) user. I do not know if the crash mig... Jerry Sels

09/13/2019

05:43 PM pfSense Packages Bug #9760 (Resolved): FRR: "Log Adjacency Changes" Option in "OSPF Settings" not working.: When the option "Log Adjacency Changes" is selected in the GUI in "OSPF Settings" tab, no changes are made in frr con... Bruno Solal
03:02 PM Revision 21bee028: Add IPsec DH/PFS groups 25/26/27. Implements #9757: Jim Pingle
02:40 PM Feature #9754 (Feedback): Add separate authentication log: I'm still not seeing a viable way to get the IPsec logs out when strongSwan handles the authentication internally (e.... Jim Pingle
01:34 PM Bug #9758 (Feedback): dhcpleases does not handle spaces in DHCP lease hostnames: dhcpleases 0.4 should fix it Renato Botelho
09:43 AM Bug #9758 (Resolved): dhcpleases does not handle spaces in DHCP lease hostnames: Some not-particularly-well-behaved DHCP clients put spaces in the hostname. For example:... Jim Pingle
12:05 PM pfSense Packages Bug #9759 (Duplicate): new vnstat doesn't work on latest 2.5, need script update: Duplicate of #9392 Jim Pingle
12:04 PM pfSense Packages Bug #9759 (Duplicate): new vnstat doesn't work on latest 2.5, need script update: After pressing "Enable Graphing" button got error:
Error: Unable to open database "/var/db/vnstat/vnstat.db": No s... Viktor Gurov
11:01 AM pfSense Packages Feature #9751 (Feedback): Need an "inclusive" and "exclusive" method of specifying ports: Implemented in Avahi pkg version 2.1. Jim Pingle
10:52 AM pfSense Packages Feature #9751: Need an "inclusive" and "exclusive" method of specifying ports: Looks like Avahi fails to parse the line when the total length of the line (including "allow-interfaces=") is greater... Jim Pingle
10:20 AM pfSense Packages Bug #8067 (Closed): Avahi can't be stopped from registering on unassigned interfaces: Since Avahi pkg version 2.0.x, it switched to using whitelisting, so this is no longer relevant. Jim Pingle
10:20 AM pfSense Packages Bug #7755 (Closed): Avahi package is not secure by default: Since Avahi pkg version 2.0.x, it switched to using whitelisting, so this is no longer relevant. Jim Pingle
10:10 AM Feature #9757 (Feedback): DH groups 25,26,27 not listed for phase1 & phase2: Applied in changeset commit:21bee0287caf76bb7ab63ec29b0ecf7435940a06. Jim Pingle
10:04 AM Feature #9757: DH groups 25,26,27 not listed for phase1 & phase2: Added them in and tried 26. Showed as working and in-use on both ends, so it looks OK, no extra plugins to enable or ... Jim Pingle
09:57 AM Feature #9757: DH groups 25,26,27 not listed for phase1 & phase2: Not a bug, but a missing feature. Jim Pingle
09:26 AM Feature #9757 (Resolved): DH groups 25,26,27 not listed for phase1 & phase2: groups 25 (ecp192), 26 (ecp224) and 27 (ecp224bp) is in list of supported by strongswan:... Viktor Gurov
09:44 AM Bug #3500: DHCP Leases List Not Showing Hostname in Some Cases: dhcpleases issue moved over to #9758 Jim Pingle
09:40 AM Bug #3500 (Resolved): DHCP Leases List Not Showing Hostname in Some Cases: OK, I'll make one shortly. Closing this. Jim Pingle
09:39 AM Bug #3500: DHCP Leases List Not Showing Hostname in Some Cases: Jim Pingle wrote:
> It looks like dhcpleases having the wrong name is the problem here. The page is only displaying ... Renato Botelho
09:36 AM Bug #3500: DHCP Leases List Not Showing Hostname in Some Cases: It looks like dhcpleases having the wrong name is the problem here. The page is only displaying the result it receive... Jim Pingle
07:51 AM Bug #3500 (In Progress): DHCP Leases List Not Showing Hostname in Some Cases: I'm not seeing any change here:
Lease DB:... Jim Pingle
07:22 AM Bug #9755: package description wrong link https://www.freshports.org/security/openvpn-client-export: There is no way for any package to control what those links do, so it's not a problem with the package, but in the ba... Jim Pingle
05:20 AM Bug #9755 (New): package description wrong link https://www.freshports.org/security/openvpn-client-export: Package Dependencies:
openvpn-client-export-2.4.7 - wrong link
https://www.freshports.org/security/open... Viktor Gurov
06:45 AM Bug #7958: Upgrade 2.4.0: IP alias with FQDN doesn't work any more: I believe this one's different from #9296 . I've 2 x 2.4.4-p3 in different locations but with similar configs and I'm... Netnewb net
06:00 AM Bug #9756 (Resolved): vpn_openvpn_(client|server).php: js issue when selecting multiple NCP: If you press and select multiple NCP algorithms it create separate string with selected algo
more clear here:
htt... Viktor Gurov

09/12/2019

08:33 PM Revision 49967ae7: Add dedicated auth log. Implements #9754: Jim Pingle
08:19 PM Revision 882af7b4: Fix blank/empty lines in some auth syslog messages: Jim Pingle
07:21 PM Revision a9941bf6: Fix malformed JSON: Fix malformed JSON using json_encode(). Sebastian Fiebig
05:56 PM Bug #8616 (Resolved): When reconfiguring a captiveportal, connected users get disconnected and can't login back: Renato Botelho
04:21 PM Bug #8616: When reconfiguring a captiveportal, connected users get disconnected and can't login back: I just tested, the PR is working well. Users are not disconnected anymore when updating captive portal.
This issue... A FL
08:21 AM Bug #8616 (Feedback): When reconfiguring a captiveportal, connected users get disconnected and can't login back: PR has been merged. Thanks! Renato Botelho
05:46 PM Bug #3500 (Feedback): DHCP Leases List Not Showing Hostname in Some Cases: Jim Pingle wrote:
> Looks OK for the most part, though I do have one weird device that doesn't match in the leases d... Renato Botelho
04:10 PM Revision 87fb98b9: Ensure log cat programs do not emit error messages.: Jim Pingle
03:42 PM Feature #9754 (In Progress): Add separate authentication log: Still need to poke at IPsec a bit to see if there is another way to get just the auth messages out of it. Might not b... Jim Pingle
03:40 PM Feature #9754 (Feedback): Add separate authentication log: Applied in changeset commit:49967ae74aeb6ac116d7a0662bcbb1da70a09b8f. Jim Pingle
03:31 PM Feature #9754 (Resolved): Add separate authentication log: Would be nice to have a log dedicated to authentication events (ssh, gui, VPNs, etc).
Most things will be caught b... Jim Pingle
03:30 PM Bug #7198 (Feedback): nginx-error.log is not circular and can fill filesystem: This was fixed by #9714 -- there is no longer a dedicated nginx error log, it's all in nginx.log which now has rotation. Jim Pingle
03:12 PM pfSense Docs New Content #9753 (Closed): Feedback on Installing and Upgrading — Writing Disk Images: *Page:* https://docs.netgate.com/pfsense/en/latest/install/write-memstick.html
*Feedback:*
I believe the majority... Paighton Bisconer
02:53 PM pfSense Packages Bug #9752 (Resolved): ACME - Actions have no access to additionally generated certificate files.: The additionally generated certificate files are only available after the actions ("postscripts") have been run. This... Sebastian Fiebig
02:36 PM Revision 52f686a9: Add wizard select_source & use for OpenVPN DH. Fixes #9748: Jim Pingle
01:59 PM Revision 17d967af: Merge pull request #4082 from ableischwitz/master: Renato Botelho
01:56 PM Revision 20be1970: Merge pull request #3999 from vpiserchia/master: Renato Botelho
01:41 PM pfSense Packages Feature #9751 (Resolved): Need an "inclusive" and "exclusive" method of specifying ports: At this time, Avahi doesn't seem to like to run if the "allow-interfaces" config item contains more than 33 interface... George Phillips
01:21 PM Revision 39ce86a7: Merge pull request #4042 from plumbeo/fix-reconfig: Renato Botelho
12:10 PM Revision e72c15ba: Merge pull request #3985 from luckman212/system-general-sr-fix1: Renato Botelho
11:29 AM pfSense Packages Bug #9750 (Resolved): squidguard_blacklist.php & squidguard_log.php wrong status icon link: If you are on page Package / SquidGuard / Blacklists or Package / SquidGuard / Logs
and press status icon
you got /... Viktor Gurov
10:33 AM pfSense Packages Feature #9749 (New): 95th percentile missing for quality in monitoring: 95th percentile missing for quality also old graphs use to draw a line for 95th percentile Michael Kellogg
09:45 AM Bug #9748 (Feedback): openvpn_wizard.xml: DH 15360 and 16384 fall back to 1024: Applied in changeset commit:52f686a97f77cfd00ddb69088bef7164676d4117. Jim Pingle
07:44 AM Bug #9748 (Confirmed): openvpn_wizard.xml: DH 15360 and 16384 fall back to 1024: Looking deeper at the code, "this is expected":https://docs.netgate.com/pfsense/en/latest/certificates/dh-parameters.... Jim Pingle
05:23 AM Bug #9748: openvpn_wizard.xml: DH 15360 and 16384 fall back to 1024: It shows correct number in config.xml:
<dh_length>16384</dh_length>
And on VPN / OpenVPN / Servers page
but it... Viktor Gurov
05:14 AM Bug #9748 (Resolved): openvpn_wizard.xml: DH 15360 and 16384 fall back to 1024: If you select DH Parameters Length above 8192, i.e. 15360 or 16384, it creates server instance with DH length 1024
A... Viktor Gurov
09:05 AM Feature #9590 (Feedback): RFE: Add additional prefix delegation size entries to dropdown-list: Applied in changeset commit:51dc008bfebef50bc4be9ff2a894e176ba013866. Andreas Bleischwitz
08:57 AM Feature #9030 (Feedback): Allow TLS Key Direction with OpenVPN: PR has been merged. Thanks Renato Botelho
07:11 AM Bug #8922 (Feedback): Static routes set by system.inc for DNS gateway bindings are not removed: PR has been merged. Thanks! Renato Botelho

09/11/2019

07:28 PM Revision f7335af3: Deduplicate code in openvpn.inc: Renato Botelho
07:08 PM Revision 1d13560c: Remove unnecessary variable: Renato Botelho
07:04 PM Revision 33187646: Merge pull request #4072 from jwsi/openvpn-gwgroup: Renato Botelho
03:15 PM Bug #9747: IPsec widget - Missing escape of domain backslash: Pull request: https://github.com/pfsense/pfsense/pull/4085 Sebastian Fiebig
02:52 PM Bug #9747 (Resolved): IPsec widget - Missing escape of domain backslash: The IPSec widget does not work as soon as one user, e.g., from a windows domain with a username like "domain\user" ha... Sebastian Fiebig
02:45 PM Bug #1605: DHCP Server should group known clients by interface: I'll work on it Renato Botelho
02:41 PM Bug #9595 (Feedback): OpenVPN does not resync when running on a gateway group: PR has been merged. Thanks Renato Botelho
02:12 PM Feature #9302 (Pull Request Review): radvd always advertises DNS servers and Domain Search List regardless of M or O flag: Jim Pingle
02:12 PM Bug #9539 (Pull Request Review): HA: admin user's authorized key(s) won't get synced: Jim Pingle
02:09 PM Feature #790 (Pull Request Review): Advanced options for dnsclient (resolv.conf): Jim Pingle
02:09 PM Bug #8922 (Pull Request Review): Static routes set by system.inc for DNS gateway bindings are not removed: Jim Pingle
02:09 PM Feature #9688 (Pull Request Review): restartallwan - pfSsh.php script to restart all wan interfaces: Jim Pingle
02:09 PM Bug #3334 (Pull Request Review): Status/Traffic Graph isn't IPv6 ready: Jim Pingle
02:07 PM Feature #1257 (Pull Request Review): Handle encypted CA/Certificate private keys: Jim Pingle
02:07 PM Bug #9592 (Pull Request Review): VTI interface down because interface number created is greater than ipsec32768: Jim Pingle
02:07 PM Bug #8616 (Pull Request Review): When reconfiguring a captiveportal, connected users get disconnected and can't login back: Jim Pingle
01:59 PM Revision 1dcaf2d8: Remove deprecated comments since username tag got CDATA: Renato Botelho
01:59 PM Revision c244b2be: Revert "Fix #6195: Allow to change NAT Outbound mode": This reverts commit bdaa5235d4c3f4e226e4e7ebee55fc7ff5fd4360. Renato Botelho
01:57 PM Revision ce76d1e4: Ticket #6195: Use CDATA on username tag: After discuss with JimP we agreed it would be a better approach than
bdaa5235d4 if we add username tag to the list of... Renato Botelho
01:31 PM Revision bdaa5235: Fix #6195: Allow to change NAT Outbound mode: make_config_revision_entry() second parameter expects a username to
override current logged in user in special cases.... Renato Botelho
10:46 AM Todo #9746 (Rejected): Openvpn user get disconnected at same time.: This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
10:15 AM Todo #9746 (Rejected): Openvpn user get disconnected at same time.: Hello Team,
we have almost 10-15 users using OpenVPN get disconnected at a same time.
kindly help with this wha... ajinkya mulik
09:58 AM Bug #9745: can't add ECDSA certificate key when signing CSR: This is probably the check needing to recognize the EC key header text since it's different. Jim Pingle
09:46 AM Bug #9745 (Resolved): can't add ECDSA certificate key when signing CSR: If you try to sign CSR it not allow to add Key data with following errors:... Viktor Gurov
09:57 AM Bug #9744: fatal error if ECDH Curve not default: That's internal to OpenVPN/OpenSSL. The GUI presents the curves it claims to support exactly (From @/usr/local/sbin/o... Jim Pingle
09:11 AM Bug #9744 (Resolved): fatal error if ECDH Curve not default: If you select ECDH Curve server option other than default, <ecdh_curve>Oakley-EC2N-4</ecdh_curve> as example, you got... Viktor Gurov
08:40 AM Bug #6195 (Feedback): Cannot set Manual Outbound NAT when Language is pt_BR: Applied in changeset commit:bdaa5235d4c3f4e226e4e7ebee55fc7ff5fd4360. Renato Botelho
08:31 AM Bug #9743: Missing dependency check(s) on aliases in static routes: forgot the "pre" tags around the example so just ignore the strike-through ;) Can't edit the original ticket :/ Jens Groh
08:21 AM Bug #9743 (Duplicate): Missing dependency check(s) on aliases in static routes: Using aliases in static routes is a nice thing as it makes handling those a bit easier by grouping your networks firs... Jens Groh

09/10/2019

11:50 PM pfSense Packages Feature #8547: fwknop Port Knocking Package: Just started using pfSense recently and I'm really surprised fwknop is not available. I can install fwknop on OpenWrt... William Evans
04:24 PM Feature #895: PPP subsystem MPPE/MPPC support: Is there a .override file, or documentation I can follow to add this so that pfsense doesn't overwrite my .conf modif... Coenraad Loubser
03:51 PM Revision d81f2704: Fix interface/config alignment on interfaces_ppps_edit.php. Fixes #9741: Jim Pingle
01:52 PM Revision 9b738be9: Note in the system log when bootup is complete.: Jim Pingle
01:14 PM Feature #9718: Make diag_states_summary table sortable: Looks like this will require redesigning the page a bit. The sortable library does not handle rowspan/colspan as they... Jim Pingle
11:00 AM Bug #9741 (Feedback): interfaces_ppps_edit.php: WebGUI don't show local ip / gateway ip values: Applied in changeset commit:d81f270454ec66680cb645c0d3c13f9431d9c026. Jim Pingle
10:38 AM Bug #9741 (Assigned): interfaces_ppps_edit.php: WebGUI don't show local ip / gateway ip values: Jim Pingle
10:30 AM Bug #9741: interfaces_ppps_edit.php: WebGUI don't show local ip / gateway ip values: The way the page is rendered is odd.
* The Local IP address, mask, and gateway are stored in an array indexed by a... Jim Pingle
10:12 AM Bug #9741 (Confirmed): interfaces_ppps_edit.php: WebGUI don't show local ip / gateway ip values: Jim Pingle
05:58 AM Bug #9741 (Resolved): interfaces_ppps_edit.php: WebGUI don't show local ip / gateway ip values: After adding L2TP / PPTP interfaces on Interfaces / PPPs pages
it add Local IP Address and Gateway IP or Hostname to... Viktor Gurov
10:48 AM pfSense Packages Feature #9742 (Resolved): Print Patch ID in log while patching: that would be very useful for support and security perspective.
for now it only run ACB backup while patching. Viktor Gurov
04:41 AM pfSense Packages Bug #9740 (Resolved): empty Status / Tinc VPN page on latest 2.5: Simple p2p connection between pfSense-2.4.4-p3 and pfSense-2.5.0
tinc-1.0.35 on both
nothing on Status / Tinc VPN... Viktor Gurov

09/09/2019

09:21 PM Bug #9739 (Rejected): Multiple ipsec connected to same destination.: Not enough information here, sounds more like a support request than a bug. Please post on the forum to discuss the p... Jim Pingle
09:18 PM Bug #9739 (Rejected): Multiple ipsec connected to same destination.: I have an ipsec set up with one of my clients, however for a while now, started to close ipsec connections to the sam... Heliton Martins
07:40 PM Revision a7a863a8: Specify portal auth and DHCP logs by selector not by facility. Fixes #1375: Jim Pingle
06:54 PM Revision 1521f0b2: Filter/manage cleanup for new logs. Issue #9714: * Disable 'manage' for utx & userlog
* Fix filter form labels for utx to match column headers Jim Pingle
06:24 PM Revision f9d9d054: Log setting/size review. Fixes #9734: * Move default GUI line limit and log size defaults to $g rather than
hardcoding.
* Set default GUI line limit to 500... Jim Pingle
04:50 PM Revision 972de4c7: Revise regex and redirect on failure: Steve Beaver
03:40 PM Revision 17640476: status.php: Sanitize snort/suricata oink and etpro codes.: Jim Pingle
02:50 PM Bug #1375 (Feedback): Captive portal logs: mixed with logs from other sources (squid, php): Applied in changeset commit:a7a863a81cab694ccaaae6da74e45cfeee858a40. Jim Pingle
01:36 PM pfSense Packages Bug #9738 (Resolved): Client IP address validation disallows CIDR notation: Hi,
As specified in the FreeRADIUS documentation, `ipaddr` can be supplied in CIDR format when defining clients:
... Tom Whitwell
01:30 PM Todo #9734 (Feedback): Re-evaluate log size, line defaults, and limits: Applied in changeset commit:f9d9d054a6615a3ad2730ca2b7702daeafc63b25. Jim Pingle
10:41 AM Bug #9736 (Feedback): status.php: Sanitize oinkcode and etprocode of snort/surricata: Fixed in commit:17640476a57a41415fec579c40faebbfeff0022d Jim Pingle
05:45 AM Bug #9736 (Resolved): status.php: Sanitize oinkcode and etprocode of snort/surricata: config-sanitized.xml keep <oincmastercode> and <etpro_code> of snort package
and <oinkcode> and <etprocode> of suric... Viktor Gurov
09:30 AM Feature #8786: Wireguard VPN: They have made a secure and audited release.
We'd prefer to use pfSense but are using OpenWRT for wireguard support. Shannon Barber
08:23 AM Feature #9735: DHCP option 43 and 120 for Skype 4 Business phones: If it's still a problem, start a new forum thread and discuss it there. The fact that the forum thread is 6 years old... Jim Pingle
08:15 AM Feature #9735: DHCP option 43 and 120 for Skype 4 Business phones: Jim Pingle wrote:
> The linked message is over 6 years old. Use the GUI options to add custom DHCP option numbers. I... Chris Theodorakakos
08:07 AM Feature #9735 (Rejected): DHCP option 43 and 120 for Skype 4 Business phones: The linked message is over 6 years old. Use the GUI options to add custom DHCP option numbers. If you cannot express ... Jim Pingle
04:45 AM Feature #9735 (Rejected): DHCP option 43 and 120 for Skype 4 Business phones: Hi all, we moved our DHCP server to pfsense and we are currently trying to configure the VLAN in which we have our me... Chris Theodorakakos
06:35 AM Bug #9737 (New): traffic-graphs.js shows incorrect units inside the chart: https://github.com/pfsense/pfsense/blob/42839d824d51cad3a8a55fccb2dc96368568ce8e/src/usr/local/www/js/traffic-graphs.... Alex Kolesnik
04:01 AM Feature #9309: Allow manual selection of IPsec IKE Pseudo-Random Function (PRF): Jim Pingle wrote:
> Adding another selector to set the prf (with an option to automatically assume it based on Hash ... Viktor Gurov

09/08/2019

11:40 AM Todo #9734 (Resolved): Re-evaluate log size, line defaults, and limits: The current limits for log sizes, default lines to display, and maximum lines that can be shown are all from times wh... Jim Pingle
05:09 AM Bug #1375: Captive portal logs: mixed with logs from other sources (squid, php): I can also confirm that XMLRPC sync logs are still ending in Portal Auth logs.
Here is a screenshot of portal au... A FL
02:53 AM Bug #9733: MAC Address linked to IPv4 & IPv6: Jim Pingle wrote:
> No. A DUID identifies a machine. A MAC identifies a NIC. And by the time you add all the other s... Dean Attewell

09/07/2019

11:49 PM Bug #9733: MAC Address linked to IPv4 & IPv6: No. A DUID identifies a machine. A MAC identifies a NIC. And by the time you add all the other stuff in, all you've d... Jim Pingle
11:47 PM Bug #9733: MAC Address linked to IPv4 & IPv6: Jim Pingle wrote:
> IPv6 addresses are allocated by DUID, not by MAC, so this is not possible.
Can you not have
... Dean Attewell
10:57 PM Bug #9733 (Rejected): MAC Address linked to IPv4 & IPv6: IPv6 addresses are allocated by DUID, not by MAC, so this is not possible. Jim Pingle
10:53 PM Bug #9733 (Rejected): MAC Address linked to IPv4 & IPv6: Can you please enhance pfSense to allow MAC addresses to be the primary key for setting IPv4 & IPv6 addresses.
I wa... Dean Attewell
01:40 PM Bug #5999: IPv6 IP Alias prevents Track Interface from working with DHCPv6 and RA: I encountered this issue while attempting to host internal web services via IPv6 using a dynamic external IP address.... Allen Balaj

09/06/2019

08:38 PM Feature #9732 (New): System UTC time offset in DHCP Option 2: Please implement that the DHCP server can dynamically add DHCP Option 2 value based on the actual system UTC time off... David G
05:21 PM Feature #9693 (Closed): Bypass automatic backups: This was fixed moments after the original push Anonymous
04:27 PM Feature #9693 (New): Bypass automatic backups: Jim Pingle
04:04 PM Feature #9693: Bypass automatic backups: James Dekker wrote:
> Tested on 2.5.0.a.20190830.1941, works as expected.
There's a typo on line 190 (in src/etc/in... Gerwim F
05:15 PM Revision ac9e8f8b: Fixed #9731: by validating widget key with regex
(cherry picked from commit 42839d824d51cad3a8a55fccb2dc96368568ce8e) Steve Beaver
04:59 PM Revision 42839d82: Fixed #9731: by validating widget key with regex Steve Beaver
03:07 PM Bug #1375 (New): Captive portal logs: mixed with logs from other sources (squid, php): Apparently still happening: https://forum.netgate.com/topic/146335/feedback-logging-2-5-snap Jim Pingle
02:30 PM Revision c63ae216: Fix rotation count check. Issue #9711: While here, fixup default static newsyslog entries. Issue #8350 Jim Pingle
02:13 PM Revision aa2cac18: Incorporate filter_log.inc into syslog.inc. Issue #8350: Now all log-related functions are together. Jim Pingle
01:54 PM Revision 55beed7e: Relocate newsyslog cron install task. Fixes #9730: Jim Pingle
01:36 PM Revision 24b1410a: Don't add .log to filename twice. Issue #8350: Jim Pingle
12:43 PM Revision 6ab24f7c: Finish utx lastlog display. Issue #9714: Jim Pingle
12:42 PM Revision ee4390ff: Code refactoring/simplification. Issue #9714: Jim Pingle
12:41 PM Revision 9eeb6178: Fix package log header. Issue #9714: Jim Pingle
12:05 PM Bug #9731: Path Traversal vulnerability in picture widget: Applied in changeset commit:42839d824d51cad3a8a55fccb2dc96368568ce8e. Anonymous
12:01 PM Bug #9731 (Feedback): Path Traversal vulnerability in picture widget: Validate widget key by regex before accepting new image Anonymous
10:13 AM Bug #9731 (Duplicate): Path Traversal vulnerability in picture widget: Vulnerability Description :- The `pfSense` firewall is vulnerable to Remote Code Execution due to `Path Traversal vul... Anonymous
10:54 AM Feature #7767: OCSP support for OpenVPN server: The link above seems to be dead, but there is an example script in https://github.com/OpenVPN/openvpn/blob/master/con... Jim Pingle
09:33 AM Todo #8350 (Feedback): Remove clog in favor of standard syslogd or syslogd alternative with rotation via newsyslog or logrotate: This should be ready for general feedback once the latest changes are in snapshots. Jim Pingle
09:33 AM Todo #9713 (Resolved): Review log rotation behavior: Everything looks OK here with the latest code. Packages may need other/individual attention but those can get their o... Jim Pingle
09:00 AM Bug #9730 (Feedback): newsyslog cron job not present after every upgrade: Applied in changeset commit:55beed7ef4a4730b46c43a705a8cc6392f85d365. Jim Pingle
08:52 AM Bug #9730 (Resolved): newsyslog cron job not present after every upgrade: Some systems do not have the newsyslog job after upgrade. Jim Pingle
08:37 AM Todo #9714 (Feedback): Add page to view "other" logs: Doing a general page for 'other' logs didn't work out, so I added the orphaned log files to their own individual tabs. Jim Pingle

09/05/2019

09:04 PM Revision db948c42: Additional logs & optimizations. Issue #9714: * Add log tabs for nginx, userlog, and some other previously hidden logs
* Start working on output of utx log via lis... Jim Pingle
06:45 PM Bug #9720: vpn_ipsec_phase2.php - no remote network field in VTI mode: This appears to be true with all IPSEC vpn modes. If you delete the phase 2 section then create a new one the remote ... Gary Williams
05:53 PM Revision 1544d718: status.php: Sanitize zabbix TLS psk info. Fixes #9729: (cherry picked from commit 60a7d1e1201f43ec48b0ad374ded1c15eb29e14e) Jim Pingle
05:53 PM Revision 60a7d1e1: status.php: Sanitize zabbix TLS psk info. Fixes #9729: Jim Pingle
05:51 PM Revision 12cf8e3f: status.php: Restrict thoth tests to arm64. Fixes NG 2569: Jim Pingle
04:57 PM Bug #6167: IPsec IPComp not working: I have this enabled with other firewall solutions and observed noticeable savings in bandwidth usage. I was hoping t... Adam Gibson
04:32 PM Revision f314a7d9: status.php: Sanitize influx_pass and cert_key. Fixes #9727 Fixes #9728: (cherry picked from commit 8bc944bbcba57f74934b87dcea4e7621f0743584) Jim Pingle
04:31 PM Revision 8bc944bb: status.php: Sanitize influx_pass and cert_key. Fixes #9727 Fixes #9728: Jim Pingle
03:37 PM Revision 5457213f: Rename status_pkglogs.php to status_logs_packages.php. Issue #9714: Jim Pingle
03:25 PM Revision 4cce0ada: Standardize pkg log display. Issue #9714: * Add common log code as needed
* Define options to fine-tune package log display
* Add filtering Jim Pingle
02:27 PM Bug #2218: CARP VIPs can become master too early at boot time: I agree with @BlackBinary. The second optional should be the normal operation. A reboot should automatically trigge... Greg Harris
01:00 PM Bug #9729 (Feedback): status.php: Sanitize zabbix-agent tlspsk key: Applied in changeset commit:60a7d1e1201f43ec48b0ad374ded1c15eb29e14e. Jim Pingle
11:47 AM Bug #9729 (Resolved): status.php: Sanitize zabbix-agent tlspsk key: config-sanitized.xml keep <tlspskfile> of zabbix-agent:
$ grep tlspsk config-sanitized.xml
... Viktor Gurov
11:40 AM Bug #9728 (Feedback): status.php: Sanitize tinc private key: Applied in changeset commit:8bc944bbcba57f74934b87dcea4e7621f0743584. Jim Pingle
11:21 AM Bug #9728: status.php: Sanitize tinc private key: This is in status.php, not the package. Jim Pingle
11:14 AM Bug #9728 (Resolved): status.php: Sanitize tinc private key: config-sanitized.xml keep <cert_key> of tinc package
2.5.0-DEVELOPMENT (amd64)
built on Wed Sep 04 20:39:01 E... Viktor Gurov
11:40 AM Bug #9727 (Feedback): status.php: Sanitize influx_pass: Applied in changeset commit:8bc944bbcba57f74934b87dcea4e7621f0743584. Jim Pingle
11:20 AM Bug #9727: status.php: Sanitize influx_pass: This is in status.php, not the package. Jim Pingle
11:03 AM Bug #9727 (Resolved): status.php: Sanitize influx_pass: config-sanitized.xml keep hash of influx_pass (Telegraf package):
$ grep influx config-sanitized.xml
... Viktor Gurov
08:29 AM Bug #9649: IPv6 6RD Tunnel: Ronald Schellberg wrote:
> Created a pull request to FreeBSD-src to apply the 6RD changes to 2.5
Updated the pull... Ronald Schellberg
06:32 AM pfSense Packages Bug #9724: pfblockerng-firewall-filter-service-will-not-start: PR https://github.com/pfsense/FreeBSD-ports/pull/670 Manuel Piovan

09/04/2019

08:33 PM Revision 280a2ca2: Move Package Logs in with rest of logs. Issue #9714: Standardize log tab behavior Jim Pingle
08:08 PM Revision 6b061c1a: Add a method for packages to set log owner on rotation. Issue #9712: Jim Pingle
03:21 PM Revision 3a26e715: Move log-related functions to their own file. Issue #8350: Also add a simple shell program that will dump all log entries for a given
log + all rotated/compressed logs in order. Jim Pingle
03:12 PM Todo #9712: Add code for packages to set their own log rotation parameters: See also:
* Example of display-only log: https://github.com/pfsense/FreeBSD-ports/blob/devel/emulators/pfSense-pkg... Jim Pingle
02:08 PM Feature #9726 (Resolved): Hash Algorithm configured on child ESP/AH proposals using AES GCM though strongswan strips them: One might want to allow transform sets on a Phase 2 like this:
AES128/192/256-CBC with SHA256
AES128-GCM with no ... Chris Linstruth
06:17 AM pfSense Packages Bug #9724: pfblockerng-firewall-filter-service-will-not-start: affected version:
2.5.0-DEVELOPMENT (amd64)
built on Tue Sep 03 08:57:57 EDT 2019
FreeBSD 12.0-RELEASE-p10
... Manuel Piovan
05:20 AM pfSense Packages Bug #9724: pfblockerng-firewall-filter-service-will-not-start: a possible solution :
on /usr/local/etc/rc.d/pfb_filter.sh
from
/usr/local/sbin/clog_pfb -f /var/log/filter.log | ... Manuel Piovan
04:56 AM pfSense Packages Bug #9724 (New): pfblockerng-firewall-filter-service-will-not-start: pfblockerng service does not start - because clog is missing
https://forum.netgate.com/topic/146191/pfblockerng-f... Manuel Piovan
04:59 AM pfSense Packages Feature #9725 (New): Ability to use template variables in acme package: would be very helpful to be able to use variables in acme package action section
Using variables something like that... Tobi Miller
03:54 AM Bug #9723 (Not a Bug): DHCPv6 server for several interfaces isn't working on all interfaces: Hi,
I have a virtualized pfSense 2.4.4 p3 running with several downstream interfaces.
On some interfaces DHCPv6 s... Pim Pish

09/03/2019

08:34 PM Revision a40c9cf2: Log rotation settings. Issue #9711 and Issue #9712: * Add rotation count GUI option and per-log option
* Add settings for packages to override more fields not supported ... Jim Pingle
07:26 PM Revision 7d918dab: Fix log size text in common log settings. Issue #9711: Jim Pingle
07:16 PM Revision 8a86d7be: Move log rotation options to their own section. Issue #9711: While here, fix log size description to fit new behavior. Jim Pingle
06:44 PM Revision 3aea6230: IPSec: Just destroy interface if it exists and it's not booting: Based on PR: https://github.com/pfsense/pfsense/pull/4076 Renato Botelho
06:43 PM Revision f8c4bfc5: IPSec: Just destroy interface if it exists and it's not booting: Based on PR: https://github.com/pfsense/pfsense/pull/4076 Renato Botelho
06:39 PM Revision 03cdd6ad: Add log compression type option. Issue #9711: Jim Pingle
06:19 PM Revision 15f8062b: Improve efficiency of resync checks.: GW Group changes are checked iff the interface is not the empty string or the interface in question is not the same a... James Webb
03:38 PM Todo #9711: Add GUI options to control log rotation: The compression is configurable now but it is a global only option and NOT a per-log setting. While it may be possibl... Jim Pingle
03:37 PM Todo #9711 (Feedback): Add GUI options to control log rotation: The time, flags, pid/cmd, and signal fields are not necessary for the GUI, the others are sufficient. There is a mech... Jim Pingle
03:36 PM Todo #9712 (Feedback): Add code for packages to set their own log rotation parameters: Jim Pingle
03:32 PM Todo #9712: Add code for packages to set their own log rotation parameters: For reference, the supported fields are now:... Jim Pingle
01:52 PM Revision 73a4e1f2: Merge branch 'master' into system-general-sr-fix1: Renato Botelho
01:37 PM Revision 5ae31b9e: Merge pull request #4070 from paul/patch-1: Renato Botelho
01:24 PM Revision e187842d: Merge pull request #4079 from johnforte/master: Renato Botelho
01:20 PM Revision d43154fe: Do not use constructor with the same name of class, it's going to be deprecated: Renato Botelho
01:18 PM Revision b94eb4b9: Fix PHP warning: Renato Botelho
01:10 PM Revision cf019954: Merge pull request #4083 from kristoffer-ekenstam/master: Renato Botelho
01:08 PM Revision e3de4f13: Merge pull request #4084 from Godwottery/master: Renato Botelho
12:57 PM Revision b4df3414: Merge pull request #4074 from NanoCaiordo/dhcp_show_all: Renato Botelho
12:04 PM Bug #9722 (Resolved): services_captiveportal_vouchers.php wrong status icon link: When you are at services_captiveportal_vouchers.php page, clicking on "Related status" icon redirects to
services_ca... Viktor Gurov
11:02 AM pfSense Packages Feature #9721 (Resolved): add squidclient -h 127.0.0.1 mgr:info output to Diagnostics / Squid and status.php: "squidclient -h 127.0.0.1 mgr:info" gives a very useful info for diagnostics:
like
Resource usage for squid:
UP T... Viktor Gurov
10:57 AM Bug #9522 (Resolved): Diagnostics > System Activity shows only the header: Looks good:... Steve Wheeler
10:23 AM Bug #9720 (Resolved): vpn_ipsec_phase2.php - no remote network field in VTI mode: under VPN / IPsec / Tunnels / Edit Phase 2
if you select Transport Mode
and then VTI mode
there is no "Remote Netw... Viktor Gurov
10:11 AM Bug #9719 (Resolved): system_certmanager.php - Descriptive name field disappeared when adding certificate for user: if under user manager / users / edit
you select add certificate,
then select "choose an existing certificate"
and... Viktor Gurov
08:45 AM Feature #9718 (New): Make diag_states_summary table sortable: Make diag_states_summary table sortable so users can chose the way they want to sort it.
Discussed at https://gith... Renato Botelho
08:38 AM Bug #9580 (Feedback): Dynamic DNS DNSimple client errors: PR has been merged. Thanks! Renato Botelho
08:25 AM Bug #9684 (Feedback): System Notifications: Asterisks over writing current password causing notifications to stop working.: PR has been merged. Thanks! Renato Botelho
08:12 AM Bug #8014 (Feedback): DynDNS wildcard option doesn't work for provider Loopia: PR has been merged. Thanks! Renato Botelho
08:09 AM Feature #9706 (Feedback): Increased number of colors for login screen: PR has been merged. Thanks! Renato Botelho
08:09 AM Bug #9133 (Feedback): "Show all configured leases" does not stay set after deleting a lease: PR has been merged. Thanks! Renato Botelho
07:21 AM Bug #8040 (Resolved): diag_dns.php - external links to DNSstuff: These links were all removed a while ago Jim Pingle
07:05 AM Feature #9717 (New): Search box for pfsense ?: I can never remember where things are within pfsense and wondered if a search box on the top bar would be a good idea... randombits b

09/02/2019

06:46 PM Revision 098e57c5: Revert "Add a control file to be used as trigger to sync files to S3": This reverts commit 1e2990aa0a9debd5ccdc31e42ca6fe93a31c5dd3. Renato Botelho
06:46 PM Revision 95470886: Revert "Add a control file to be used as trigger to sync files to S3": This reverts commit 8129d78071fdf592f7f33a715405c065a76cebc3. Renato Botelho
06:40 PM Revision 64290b3c: Do not send unneeded files to S3 and also delete old files from it: Renato Botelho
06:14 PM Revision 5c0d30fb: Do not send unneeded files to S3 and also delete old files from it: Renato Botelho
02:29 PM Revision 7071aab3: Add ability for OpenVPN instances to resync on IP changes and on boot.: OpenVPN instances resync if interface IP change occurs.
At boot, the interface is the empty string, so resync is mand... James Webb

09/01/2019

11:16 PM Revision a71b23db: Include system.inc in prefixes.php. Fixes #9715: Jim Pingle
06:25 PM Bug #9715 (Feedback): Call to undefined function sort_related_log_files: Applied in changeset commit:a71b23dbc6ebc39c42586f98b3da05969c4724e5. Jim Pingle
06:31 AM Feature #9716 (Resolved): Italian translation: i've completed italian translation on zanata month ago
as soon as you can I would like to see it inserted also in or... Manuel Piovan
03:51 AM Bug #9595: OpenVPN does not resync when running on a gateway group: "Current Full Patch":https://github.com/pfsense/pfsense/pull/4072.patch James Webb
02:50 AM pfSense Packages Bug #8454: Arpwatch package break email notifications from other sources: This issue forced me to uninstall arpwatch, as I can't just handle receive tons of emails from other daemons (like Cl... Ter Ted

08/31/2019

11:39 PM Revision 614ca41e: Add else clause for cases when OpenVPN interface file does not exist.: - Prevents potential race condition at startup resulting in failure to start OpenVPN instances.
- In cases where inte... James Webb
06:13 PM Bug #9715 (Resolved): Call to undefined function sort_related_log_files: https://forum.netgate.com/topic/146189/crash-report-after-update
add ->
require_once("functions.inc");
ins... Manuel Piovan
04:18 PM Feature #9693 (Resolved): Bypass automatic backups: Tested on 2.5.0.a.20190830.1941, works as expected. Anonymous
04:13 PM Feature #9694 (Resolved): Redact ACB encryption password from status.php: Tested on 2.5.0.a.20190830.1941, encryption password is redacted. Anonymous
03:09 AM Bug #8207: 2.4 cannot boot as a Xen VM with more than 7 NICs: Same problem here with the newest Version (2.4.4-RELEASE-p3) of PFSense.
Any ideas or solutions?
Best regards Elias Seccom

08/26/2019

11:49 PM Feature #6960: Introduce Kea DHCP as an alternative DHCP server for IPv4 and IPv6: Hey Dan, we definitely know who you guys are. We use Kea on tnsr. Jim Thompson
08:27 PM Feature #6960: Introduce Kea DHCP as an alternative DHCP server for IPv4 and IPv6: For what it's worth, for my dayjob, run ISC's internal office network with a pair of pfsense boxen (official hardware... Dan Mahoney
08:44 PM Revision 0dd016d4: Add some exception handling to auth attempts. Fixes #9150: (cherry picked from commit d832b6ce47a90fea03443401d072eb91906b6fc7) Jim Pingle
08:43 PM Revision d832b6ce: Add some exception handling to auth attempts. Fixes #9150: Jim Pingle
07:25 PM Revision 5f66269d: Fix state kill ordering in rc.newwanip. Fixes #4674: Move state kill to after new rules and routing have been setup.
Otherwise there is a race condition where new states ... Jim Pingle
07:24 PM Revision 86e6e0bc: Fix state kill ordering in rc.newwanip. Fixes #4674: Move state kill to after new rules and routing have been setup.
Otherwise there is a race condition where new states ... Jim Pingle
03:50 PM Bug #9150 (Feedback): Web authentication RADIUS package shows PHP error if unable to resolve FQDN of RADIUS server: Applied in changeset commit:d832b6ce47a90fea03443401d072eb91906b6fc7. Jim Pingle
03:44 PM Bug #9150: Web authentication RADIUS package shows PHP error if unable to resolve FQDN of RADIUS server: I never could reproduce this with any combination of DNS failures (no server, server timeout, nxdomain, etc) but I ad... Jim Pingle
02:56 PM Bug #7848: NDP Table Sort by Expiration Error: The sortable library doesn't have a sorting type that can parse the duration in the format output by ndp and I didn't... Jim Pingle
02:35 PM Bug #4674 (Feedback): invalid state table entries after WAN IP change: Applied in changeset commit:86e6e0bcffcbb988dc7f80ac0aed25cad28d79eb. Jim Pingle
01:57 PM Bug #9550 (Resolved): New privilege matching method does not allow menu or tab links to anchors (#foo): Users with permissions for only traffic totals can see the tabs and change between them. Jim Pingle
01:51 PM Bug #9543 (Resolved): diag_dns.php: Reverse lookup of IPv6 fails with "Host must be a valid hostname or IP address.": Works fine now Jim Pingle
01:49 PM Bug #9582 (Resolved): PHP error setting up VLANs from the console: Jim Pingle
01:29 PM Bug #9447: Configuring LAGG at XG-7100 Switch Ports Broken: Patched attached for those who would like to test this against 2.4.4-p3. Jim Pingle
01:22 PM pfSense Packages Feature #9399 (Resolved): pkg support for SSH + sudo authentication via LDAP: requested package and options are present. Jim Pingle
01:21 PM Bug #9466 (Resolved): DHCP (IPv4) relay mistakenly listening on upstream interface: All feedback I have seen thus far has been positive. Jim Pingle
01:21 PM Feature #9531 (Resolved): [IPSEC] Add additional curve-based DH Groups (31+): Jim Pingle
01:20 PM Todo #9607 (Resolved): Update web server TLS versions for 2.5.0: This has been working fine, no reports of breakage that I've seen either. Jim Pingle
01:16 PM Bug #9584 (Resolved): Potential XSS in services_acb.php via hostname parameter with legacy settings: Legacy options are moot now, they have been removed. Jim Pingle
01:07 PM Bug #9564 (Resolved): Dynamic DNS Status - IPv4 format error for 'Cached IP': Still working fine with my Namecheap entries which failed before. Jim Pingle
01:05 PM Bug #9540 (Resolved): PHP Uncaught Error in Status/System Logs/Firewall/Dynamic View: Jim Pingle
01:04 PM Bug #9421 (Resolved): crypt_data() needs to support stronger key derivation: Jim Pingle
01:04 PM Bug #9408 (Resolved): OCSP stapling detection broken on 2.5.0: This has been fine since the fix I put in, no signs of it breaking again that I've noticed. Jim Pingle
01:02 PM Bug #9400 (Resolved): PHP scandir() error at boot: Jim Pingle
11:17 AM Bug #9699: WAN Interfaces Page - PPPoE breaks randomly when changes are made: That isn't enough. You need to start a forum thread to discuss the problem and provide a lot more detail, things like... Jim Pingle
11:07 AM Bug #9699: WAN Interfaces Page - PPPoE breaks randomly when changes are made: After the initial setup of a PPPoE connection on WAN interfaces page, changing settings on this page will randoml... Steven Cedrone
07:15 AM Bug #9699 (Not a Bug): WAN Interfaces Page - PPPoE breaks randomly when changes are made: Not enough information here for a valid bug report. I have several systems with PPPoE interfaces and none of them bre... Jim Pingle
02:53 AM Bug #9699: WAN Interfaces Page - PPPoE breaks randomly when changes are made: After the initial setup of a PPPoE connection on WAN interfaces page, changing settings on this page will randoml... Steven Cedrone
02:51 AM Bug #9699 (Not a Bug): WAN Interfaces Page - PPPoE breaks randomly when changes are made: After the initial setup of a PPPoE connection on WAN interfaces change changing settings on this page will randomly b... Steven Cedrone
09:37 AM Bug #9643: Limiters do not function properly on 2.5 snapshots: I experienced the same behavior as Greg M when updating from 2.4.4-p3 to 2.5.0. This was on a bare-metal install. Grant Peier
09:24 AM pfSense Packages Feature #4503: GNUGateKeeper H.323 Proxy Package: Hi guys!
I recently had the case of using a VSX 7000 polycom videoconferencing that necessarily uses the H323 or H46... Wesley Lucio dos Santos
07:50 AM pfSense Packages Bug #9681 (Feedback): [Monitoring] New views title are always in lower case.: PR has been merged. Thanks! Renato Botelho
07:13 AM pfSense Packages Feature #9701 (Rejected): Squid WPAD/PAC Settings: Since this would turn the firewall web server into a WPAD web server for the local network, it will never be added. T... Jim Pingle
04:48 AM pfSense Packages Feature #9701 (Rejected): Squid WPAD/PAC Settings: Adds a new tab to the Squid Server Web GUI to configure WPAD settings and setup a PAC file.
This would give users th... Kyle Klouzal
07:03 AM Feature #9702 (Resolved): OpenVPN "push-reset" option in Client Specific Override breaks "subnet" topology: Hi.
I have configured an OpenVPN server in Remote Access (SSL/TLS) mode with the "subnet" topology (preferred topo... Damien Gombault
03:32 AM pfSense Packages Feature #9700 (Feedback): Secure Squid HTTPS Proxy: As described here: https://forum.netgate.com/topic/145940/secure-squid-https-proxy
Squid Documentation: http://www.s... Kyle Klouzal
02:09 AM Bug #9698 (New): Monitoring graphs do not retain state after auto-refresh: When a monitoring graph is set to auto refresh it returns to its default configuration each time it refreshes. If ind... Christian Ullrich
01:58 AM pfSense Docs Correction #9697 (Resolved): Feedback on System Monitoring — Monitoring Graphs: *Page:* https://docs.netgate.com/pfsense/en/latest/monitoring/graphs/index.html
*Feedback:*
This page should me... Christian Ullrich

08/25/2019

07:23 AM Feature #2634: No IPv6 networks in firewall NAT rules: Thanks! Guy B

08/24/2019

06:29 PM Bug #9600 (Resolved): Add athp to wireless device regex list: This looks good:... Steve Wheeler
04:34 PM Bug #9669: dhcrelay stops working after certain time: Just rebooted the Server after ~15 Days uptime without any issues. I would say the fix is fine for that matter. Case ... Luki TJ

08/23/2019

01:36 PM Bug #9696 (Not a Bug): ACB fails if the Revision Reason contains 'Snort': Jim Pingle
01:34 PM Bug #9696 (Rejected): ACB fails if the Revision Reason contains 'Snort': Yeah, this is 'not a bug'. It deliberately does this to prevent Snort filling all the backup space with pointless ide... Steve Wheeler
01:22 PM Bug #9696 (Not a Bug): ACB fails if the Revision Reason contains 'Snort': If you run a manual 'Backup now' the back will fail if the Revision Reason field contains the word 'Snort'.
Howeve... Steve Wheeler

08/22/2019

06:10 PM Revision 0bdd1774: Fix manual backup flag: Steve Beaver
01:39 PM Revision 463d5d11: Typo fix: Steve Beaver
01:38 PM Revision cb442cfa: Fix is_set/isset: Steve Beaver
01:20 PM Revision 7f486e5a: Fixed #8907: Support field size option in select control Steve Beaver
12:16 PM Feature #9695: Add Ability to Force NAT-T Encapsulation on IKEv2 Peers: The code to handle that directive already there in the nat_traversal option but we disable that for IKEv2, looks like... Jim Pingle
11:49 AM Feature #9695 (Resolved): Add Ability to Force NAT-T Encapsulation on IKEv2 Peers: The strongswan documentation includes:
UDP encapsulation may also be forced, even if no NAT situation is detected,... Chris Linstruth
11:34 AM Feature #7671: Gateway Monitoring Via Custom Script or Telnet.: I do not know what I have to do here to help. I can help work on this (I can develop), but I have no idea how the co... Web Dawg
11:15 AM Feature #4354: Allow dpinger to ping more than one destination for a gateway.: Ultimately it's not seeing any traction because the suggested solution isn't right. Essentially @dpinger@ is only a d... Jim Pingle
10:59 AM Feature #4354: Allow dpinger to ping more than one destination for a gateway.: I think that pfSense should use:
ping (ICMP)
https/http
DNS
You should be able to configure these dynamically... Web Dawg
10:19 AM Feature #7882 (Rejected): Seperator feature in DHCP Static mapping for this feature: The separator system was written for firewall rules which have selector checkboxes, have a specific order and draggab... Anonymous
08:30 AM Bug #8907 (Feedback): wizard.php - $field['type'] - "Select" doesn't have the attribute "Size" defined: Applied in changeset commit:7f486e5af62396622ca63b922ec6725de4df2bb5. Anonymous
08:12 AM Revision cedc8184: Fixed #8014: Fixed wildcard variable not being set correctly.
Updated CURLOPT_URL according to provider's documentation.
Added sup... kristoffer-ekenstam
06:59 AM Bug #8014: DynDNS wildcard option doesn't work for provider Loopia: Thanks! Jim Pingle
03:23 AM Bug #8014: DynDNS wildcard option doesn't work for provider Loopia: https://github.com/pfsense/pfsense/pull/4083 Kristoffer Ekenstam
02:24 AM Bug #9692: system_authservers.php: Descriptive name can be changed by removing read-only property via inspect element: I only figured this out because an auto-fill addon of the browser filled in that particular field, so yes I dont cons... Alex Z
01:04 AM Bug #9362: rc.dyndns.update: Cloudflare DDNS with proxy enabled doesn't work at all: Nathan Hand wrote:
> Underlying problem is /etc/inc/dyndns.class line 799. The value of dnsProxied is passed directl... Berzerker Berzerker

08/21/2019

06:47 PM Revision 6f6299a3: Fixed #9693: Allow ACB to be suppressed by including magic string in the backup description
Transmit max number of manual backups ... Steve Beaver
04:54 PM pfSense Docs Correction #9381 (Resolved): FreeRadius 2.X package documentation and CaptivePortal associated documentation are mostly outdated: Jim Pingle
04:29 PM pfSense Docs Correction #9381: FreeRadius 2.X package documentation and CaptivePortal associated documentation are mostly outdated: This issue can be now marked as resolved I think A FL
04:12 PM Revision f01c0991: Fixed #9687: Remove all referenes to legact/Gold ABC system Steve Beaver
02:32 PM Feature #9694 (Resolved): Redact ACB encryption password from status.php: Currently the redacted config does not redact that particular password, other parts are redacted:... Steve Wheeler
01:55 PM Feature #9693 (Feedback): Bypass automatic backups: Applied in changeset commit:6f6299a3a6aca1b7baf5d80d6d24325100363939. Anonymous
01:45 PM Feature #9693 (Resolved): Bypass automatic backups: If the reason/description string of a config back contains the string "-NoReMoTeBaCkUp" no ACB will be performed. The... Anonymous
01:48 PM Feature #7077: Display negotiated data encryption algorithm in OpenVPN connection status: Looks like this was finally merged in but it's not slated to be in an OpenVPN release until they put out 2.5. Jim Pingle
01:18 PM Feature #9538 (Resolved): add support for athp(4) driver: Renato Botelho
11:20 AM Feature #9538: add support for athp(4) driver: athp now loads correctly with the modules present and loader variable set:... Steve Wheeler
11:17 AM Bug #4231 (Resolved): bridge or lagg of openvpn link down after reboot: As stated, bridge is OK, LAGG is not. Closing this in favor of #9183 which is specific to LAGG and has a proposed fix. Jim Pingle
11:17 AM pfSense Packages Bug #9691: Suricata ips_mode Legacy not blocking: This issue was resolved via the Netgate Forum. The user had bypassed the pfSense GUI package installation process and... Bill Meeks
11:11 AM pfSense Packages Bug #7595: suricata custom SID Mgmt configuration missing after full system restore: This is no longer an issue with either the Suricata or Snort packages. Both packages now have the SID MGMT lists stor... Bill Meeks
11:10 AM Bug #9558 (Resolved): GPS NTP source PHP errors: This is fixed.
Tested against:... Steve Wheeler
10:41 AM Feature #4242: Two Factor or OTP Authentication for Admin Interface: Charlie Ross wrote:
> Hi developers!
>
> In a never-ending quest to beef up security, it would be great to have t... Dan Journo
10:40 AM Feature #9496 (Duplicate): Include the athp(4) driver.: Duplicated by #9538 but it has been worked on, so close this one Jim Pingle
10:26 AM Bug #9630 (Duplicate): cannot config WAN down que (Codel limiters) in floating rule without blocking incoming traffic.: Duplicated by #9643, but it has more complete information Jim Pingle
10:24 AM pfSense Packages Bug #9352 (Resolved): Duplicate default views in Status Monitoring that can't be removed.: Fixed by #9679 Jim Pingle
09:59 AM Bug #7419 (Duplicate): CloudFlare DDNS Not working for wildcard updates: Duplicated by #9361 but it has a PR which has been merged. Jim Pingle
09:47 AM Bug #8492: Enable setting PKCS#12 export password in Certificate Manager: The other request mentions 3DES but it isn't about 3DES, it's about encrypting exported private keys, which covers th... Jim Pingle
09:13 AM Bug #8492: Enable setting PKCS#12 export password in Certificate Manager: Bug #1192 refers to 3DES encryption which should no longer be used. The need to encrypt / protect a private key on ex... Hyrum Smith
09:46 AM Bug #7892 (Closed): AutoConfigBackup status reported incorrectly: This affects only the legacy "Gold" ACB system which is no longer in use. Anonymous
09:39 AM Feature #5437 (Closed): Auto Config Backup Stats display latest backup date-time: This feature no longer applies to the current ACB system which accommodates only a single host. Anonymous
09:29 AM Feature #8378 (Duplicate): allow webconfigurator to be configured to listen on only specified interface[s]: Duplicate of #628 Jim Pingle
09:20 AM Feature #9122 (Duplicate): Custom (failover) lagg interface order (UI): Duplicate of #1019 Jim Pingle
09:14 AM Feature #8558: Add more table sorting in various UI pages: Certs have sorting (and searching) now, see #9412
The other two could still be useful Jim Pingle
09:12 AM Bug #8481 (Duplicate): Editing multiple entries in multiple browser tabs causes problems or doesn't work: Duplicate of #8285 Jim Pingle
09:11 AM Bug #8462 (Not a Bug): UI - small gear icon/animation not centered: That's all handled by Font Awesome (it's fa-cog, fa-spin) so if there is an issue, it needs to be raised upstream. Th... Jim Pingle
09:06 AM Bug #8111 (Resolved): Disabled 1:1 NATs are not passed the "disabled" class (not greyed out): This has been in place for some time now. Jim Pingle
09:05 AM Bug #8002 (Not a Bug): wan not connected, no updates check: This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
09:01 AM Bug #7620 (Resolved): State table cannot be displayed because lack of PHP memory: This was addressed a while ago. System > General, tick Require State Filter. Then large state tables won't be loaded ... Jim Pingle
08:59 AM Feature #8284 (Duplicate): Add duplicate option next to OpenVPN servers and clients: Duplicate of #5851 Jim Pingle
08:56 AM Bug #3445 (Resolved): Proxy URL behaviour for package list - trailing slash: Jim Pingle
08:54 AM Feature #5083 (Duplicate): Allow bridge members to be hidden from menu: Jim Pingle
07:33 AM Revision 51dc008b: Add additional DHCPv6 prefix delegation size options to dropdown list on interface settings.: - implements #9590 Andreas Bleischwitz
07:09 AM Bug #9692: system_authservers.php: Descriptive name can be changed by removing read-only property via inspect element: We can fix this, but it's not really what I'd consider a bug. We disable the field so the user can't do that easily a... Jim Pingle
03:06 AM Bug #9692 (Resolved): system_authservers.php: Descriptive name can be changed by removing read-only property via inspect element: +Steps to reproduce:+
* Go to System -> User Mgmt -> Authentication Servers
* Edit an existing entry
* Open sour... Alex Z
07:03 AM Feature #9590: RFE: Add additional prefix delegation size entries to dropdown-list: Thanks! Jim Pingle
02:43 AM Feature #9590: RFE: Add additional prefix delegation size entries to dropdown-list: Jim Pingle wrote:
> Can you submit that change as a pull request on Github?
>
> https://docs.netgate.com/pfsense/... Andreas Bleischwitz

08/20/2019

03:49 PM Feature #6908: Alias copy, sort, search/replace functions: Sorting is possible now (click column headers) but the copy and search/replace are still desirable features to add. Jim Pingle
03:48 PM Feature #3506 (Duplicate): Firewall:Aliases - Sort/Move Function: Sorting aliases in the GUI can be done now (click column headers), other parts are covered by #6908 Jim Pingle
03:45 PM Bug #6588 (Closed): PHP suhosin max value length prevents Quagga OSPF from storing a very large zebra.conf: That limitation shouldn't be present these days (no suhosin on current PHP versions) Jim Pingle
03:41 PM Bug #6525 (Resolved): Mobile web interface can't scroll down all items in sub-menus: Linked PR has been merged, and the other parts appear to be covered by #6361 Jim Pingle
03:37 PM Feature #2049: Show Auto Generated Rules and Use them to turn features on/off when applicable: See also: #4828 Jim Pingle
03:37 PM Feature #4828 (Duplicate): Advanced option to show hidden firewall rules in web gui: Duplicate of #2049 Jim Pingle
03:35 PM Feature #1405 (Duplicate): Show interface in the Floating Rules list: Duplicated by #4629 but it had a PR, so keep it instead. Jim Pingle
03:34 PM Feature #4194 (Duplicate): Mass maintenance tools :-): Some of this we already have and the other parts are covered by other more specific (and individual) feature requests... Jim Pingle
03:29 PM Feature #4789 (Resolved): user interface / text fields are too short to display long alias names: After the Bootstrap change this doesn't appear to be an issue. Jim Pingle
03:28 PM Bug #4431 (Duplicate): Bandwidth not reported correctly in "Status: Traffic shaper: Queues": Duplicate of #4467 Jim Pingle
03:26 PM Feature #3508 (Closed): DNS Lookup - Additional links: We removed all tools links from the DNS lookup page a while ago. Third party sites are not reliable to link to in thi... Jim Pingle
03:24 PM Bug #3467 (Resolved): pfTop [Queue] doesn't show P/S or B/S: Fixed a few years ago, probably with commit:9a9661252aa6115d0fd0243bf303436d53afaaa3 Jim Pingle
03:17 PM Bug #6749 (Duplicate): Still responds to ARP after removing one of several Virtual IP - choparp not reconfigured: Duplicated by #7379 but it has a proposed fix Jim Pingle
03:16 PM Feature #7554 (Resolved): Sort list of Virtual-IPs: PR was merged two years ago Jim Pingle
03:15 PM Bug #9539: HA: admin user's authorized key(s) won't get synced: Fixing this may also fix #9622 Jim Pingle
03:15 PM Bug #9622: Changing admins membership does not replicate correctly to HA slave: Probably related to #9539 Jim Pingle
03:13 PM Bug #8051: XG-2758 - Wrong Interface Assignment: Looks like the 'RCC' model detection for mapping cards is not present in source:src/etc/inc/config.console.inc on CE.... Jim Pingle
03:10 PM Bug #8051: XG-2758 - Wrong Interface Assignment: Verified this is still different on 2.4.4-p3 CE Clinton Cory
03:05 PM Feature #7369 (Duplicate): user privileges - refine users rights to prevent admins to tamper with other admins accounts but still manage to the configuration: Duplicate of #5850 Jim Pingle
03:04 PM Feature #6794 (Resolved): Chinese Version Language Translation: We've had Chinese translations for some time now (zh_CN, zh_Hans_CN, zh_HK, zh_TW) Jim Pingle
03:01 PM Feature #997 (Closed): Add per-user setting for activating menu: Since many of the menu functions would require elevated privileges, I don't see this being as useful as I thought it ... Jim Pingle
02:57 PM Feature #8109 (Duplicate): UPnP & NAT-PMP ACL Aliases: Duplicate of #4265 Jim Pingle
02:57 PM Feature #4265: UPNP allow use of alias and schedule: The PR above for multiple ACLs was merged a long time ago, but there is still no support for Aliases for schedules. M... Jim Pingle
02:52 PM Bug #8135 (Closed): pfSense deletes itself after upgrade from 2.2.6 to 2.3.5 with haproxy installed: IIRC This was due to some of the dependencies involved, and it's been fixed for quite a while now. Jim Pingle
02:51 PM Bug #8016 (Closed): 1 pfsense out of several shows 2.4.0 available, not 2.4.1: Probably an issue with the local pkg environment. We have several documented workarounds in the upgrade guide for how... Jim Pingle
02:51 PM Bug #7955 (Closed): Upgrade in 2.4 GUI appears to fail when it actually succeeded (no D/L completion or reboot message, or sign of completion): This hasn't happened in quite a long time. Jim Pingle
02:50 PM Bug #7873 (Closed): When upgrading, some services/packages do not come back online on the first reboot (but do on the second): Either it was solved in the last couple years or was something local. I can't reproduce it here. The packages mention... Jim Pingle
02:49 PM pfSense Packages Bug #7595 (Not a Bug): suricata custom SID Mgmt configuration missing after full system restore: Jim Pingle
02:48 PM Bug #6233 (Closed): Bootloop with Alix after 2.3 upgrade: Problem is with 32-bit hardware which is no longer a supported architecture. Jim Pingle
02:47 PM Feature #2523 (Closed): Prompt for confirmation before upgrading to different architecture: This is no longer a concern. Jim Pingle
02:44 PM Bug #8468 (Rejected): Status / Queues show mostly NaN: Not enough information here for a valid bug report. Jim Pingle
02:43 PM Bug #8282 (Resolved): Enabling CODELQ on virtual interface VLAN crashes appliance: Old report and no recent recurrences. Lots of things in this area have changed, so most likely it's either fixed no l... Jim Pingle
02:42 PM Bug #8061 (Resolved): LAN WAN Interfaces missing in Traffichshaper: These all appear to be old driver-specific instances of ALTQ support not being present for specific drivers at the time. Jim Pingle
02:39 PM Bug #4424 (Closed): Adding and removing shaper repeatedly causing interface crash: Old report and no recent recurrences. Lots of things in this area have changed, so most likely it's either fixed no l... Jim Pingle
02:38 PM Feature #2960 (Closed): Add queue length adjustment capabilities to traffic shaper based on network size: As noted, it doesn't appear to be viable. Jim Pingle
02:22 PM Feature #3156: Grouping rules: Then it's a duplicate of #8365
There isn't anything unique here, it's covered by other existing feature requests, ... Jim Pingle
01:18 PM Feature #3156: Grouping rules: Wrong. It's not a duplicate.
I want to create a group like templates and than assign it to one or more interfaces. Grischa Zengel
12:46 PM Feature #3156 (Duplicate): Grouping rules: Duplicate of #1937 Jim Pingle
01:43 PM Bug #6799 (New): Negating ``<interface> net`` when a VIP exists on the interface results in unintended behavior: OK, I was going mostly off the subject + comments which didn't mention the negate specifically. Updated subject. Jim Pingle
01:29 PM Bug #6799: Negating ``<interface> net`` when a VIP exists on the interface results in unintended behavior: I believe that the negate address match rules not "blocking" any traffic is worth a deeper look. This wasn't really a... Chris Linstruth
01:16 PM Bug #6799 (Not a Bug): Negating ``<interface> net`` when a VIP exists on the interface results in unintended behavior: Adding alias nets to the interface macros was deliberate, so I'd say the only problem here is that pfBlocker won't le... Jim Pingle
01:39 PM Bug #3334: Status/Traffic Graph isn't IPv6 ready: See also: #7224 Jim Pingle
01:39 PM Feature #7224 (Duplicate): Abandon rate in favor of iftop: There is a PR for this which is under #3334 Jim Pingle
01:38 PM Bug #8217 (Resolved): Traffic Graph widget can not handle more than 4 interfaces: Jim Pingle
01:36 PM Bug #7312 (Not a Bug): Trafic Graph Widget Bug: Sounds like you had an interface there before and then removed it. The old interfaces will still show up, since pfSen... Jim Pingle
01:34 PM Feature #9587 (Duplicate): ZFS Mirror status dashboard widget: Duplicate of #7974 Jim Pingle
01:33 PM pfSense Packages Bug #9233 (Duplicate): Error adding new status monitoring view: Probably the same issue as #9679 which has been resolved. Jim Pingle
01:31 PM Feature #5922 (Closed): SNMP - enable SNMP v3 functionality: SNMPv3 (and IPv6!) is possible using the NET-SNMP package. Jim Pingle
01:30 PM Bug #4930 (Closed): IPSec interface missing in SNMP: Not sure what OP is referring to here. It was never a choice for binding, and it's there in the interface table from ... Jim Pingle
01:28 PM Feature #1169 (Closed): Add load balancer status in SNMP: Those who want to do this can set it up using the NET-SNMP package and custom extended commands. Jim Pingle
01:23 PM Feature #806 (Duplicate): Add private networks to rules dropdown: Duplicated by #1979 but it has more up-to-date info (IPv6, etc) Jim Pingle
01:22 PM Feature #8841 (Duplicate): Floating rules : add interface column: Duplicate of #4629 Jim Pingle
01:20 PM Feature #8713 (Duplicate): Allow user to disable/enable multiple firewall rules at one time: Duplicate of #2505 Jim Pingle
01:18 PM Bug #8636 (Resolved): pfSense_kill_states function does not parse protocol parameter correctly: PR was merged several months ago. Jim Pingle
01:13 PM Bug #8247 (Not a Bug): When in bridge / transparent mode, pfSense blocks UDP/4500 & ESP traffic regardless of origin: I don't see a bug here, but quirky remote equipment that needs special rules to handle those quirks. Of course a fire... Jim Pingle
01:11 PM Bug #8327 (Not a Bug): VLAN net, Default Deny and spoofed packets: There is not enough information here to classify this as a bug. Interfaces all have an implicit deny. If that is not ... Jim Pingle
01:09 PM Feature #1947: Option to kill all states when creating a block rule: See also: #8171 Jim Pingle
01:09 PM Feature #8171 (Duplicate): Close TCP connections if associated rule just has been disabled: Duplicate of #1947 Jim Pingle
12:58 PM Feature #7381 (Resolved): Option to disable alias popups in rules: PR at https://github.com/pfsense/pfsense/pull/3643 was merged long ago. Jim Pingle
12:56 PM Feature #7361 (Duplicate): 2.3.4 - Add possibility to modify UDP (First, Single, Multiple) and TCP Timeouts per rule and not only per global parameter: Duplicate of #1635 Jim Pingle
12:55 PM Feature #6392 (Duplicate): Allow folding based on separators in firewall rules: Duplicate of #1937 Jim Pingle
12:53 PM Feature #8140 (Duplicate): Feature Request: Zone Firewall between interfaces: Duplicate of #4165 Jim Pingle
12:52 PM Feature #4629: Rules Floating tab doesn't display interfaces: Though the PR at https://github.com/pfsense/pfsense/pull/1616 was merged a long time ago, it doesn't look like this s... Jim Pingle
12:44 PM Feature #2634 (Resolved): No IPv6 networks in firewall NAT rules: Last I saw, this was working for rdr, you just need to make sure everything you specify is the same address family. Jim Pingle
12:42 PM Feature #1937: Support for rule groupings: We have rule separators for this now, though being able to collapse items between separator bars may still be useful. Jim Pingle
12:41 PM Feature #1683: PF scrub min-ttl option: The pf @scrub@ directive supports the @min-ttl@ option, but there is no @max-ttl@. Jim Pingle
12:39 PM Feature #1064 (Closed): VoIP - Dynamic Pinholes for RTP: As stated, not something we will implement natively, and the third party code never appeared. People have been using ... Jim Pingle
12:36 PM Bug #7818 (Duplicate): NTP clock frequency not plotting on monitor graph: Duplicate of #6503 Jim Pingle
12:35 PM Bug #9266 (Not a Bug): status_monitoring.php : failed to have quality graph: Sounds like some kind of local system corruption in that RRD file. Resetting the RRD contents should fix it. Post on ... Jim Pingle
12:31 PM Bug #8151: Changing name on a gateway is not allowed: See also: #8218 Jim Pingle
12:31 PM Bug #8218 (Duplicate): Changing an interface name will break the manual created gateway-group: Gateways do not support being renamed, which is what happens if you rename a WAN with dynamic gateways. See #8151 Jim Pingle
12:27 PM Bug #9474 (Not a Bug): no default gateway after changing the wan interface ipv4 configuration type from dhcp to fixed ip: Sounds like a config issue but there isn't enough detail to say for certain.
For assistance in solving problems, p... Jim Pingle
12:20 PM pfSense Packages Feature #6508 (Closed): OSPF v3 - Quagga OSPF6d: It won't happen for Quagga, but it's in FRR now and works. Jim Pingle
12:19 PM Bug #5833 (Closed): OpenVPN reports "no route to host" although a GW Group is selected for failover: Old report and no recent recurrences. Lots of things in this area have changed, so most likely it's either fixed no l... Jim Pingle
11:04 AM Feature #6384 (Duplicate): Allow IPSEC P1 to have 2 peer remote gateway IP addresses to allow VPN failover faster without requiring DDNS: Jim Pingle
11:03 AM Bug #7536 (Duplicate): <sendpacket> sendmsg on cpsw0: Permission denied: Duplicate of #8271 Jim Pingle
10:59 AM Feature #9590: RFE: Add additional prefix delegation size entries to dropdown-list: Can you submit that change as a pull request on Github?
https://docs.netgate.com/pfsense/en/latest/development/sub... Jim Pingle
10:47 AM Bug #8271 (Closed): <sendpacket> sendmsg on cpsw0: Permission denied: I can't reproduce this here and the report is a bit old. If you can come up with a way to reliably reproduce the erro... Jim Pingle
10:43 AM Bug #8081 (Closed): NICs malfunction: This report is from a few pfSense and FreeBSD versions ago. Please re-test this on a current release. If there is sti... Jim Pingle
10:35 AM Bug #7673 (Not a Bug): multi wan 0.0.0.0: Old report and I'm not sure there is a bug here. The description says the same IP address is used multiple times, and... Jim Pingle
10:32 AM Bug #7639 (Not a Bug): NAT does not work between OpenVPN and IPsec tunnels: NAT for IPsec must be done using P2 NAT entries not NAT rules. Jim Pingle
10:30 AM Bug #7534 (Not a Bug): gif interface with /64 subnet gets configured as /128: Having /128 on the gifX interface is normal and expected. The other things here appear to be fixed. Users are not all... Jim Pingle
10:26 AM Feature #4209 (Resolved): Releasing DHCP on WAN interface should send a release: PR was merged years ago. Jim Pingle
10:26 AM Bug #6921 (Not a Bug): Poor speed with Chelsio T420-CR: There isn't enough information here to prove a bug and it's been several years (and pfSense versions) since the initi... Jim Pingle
10:20 AM Feature #3162: MLPPP Status of connections: See also: #9633 Jim Pingle
10:14 AM Bug #781 (Resolved): Entering sim code problem on a Huawei E1752: Please re-test on a current version and report back. I recall this being worked on and fixed several years ago. Jim Pingle
10:12 AM Bug #8882 (Incomplete): Interface assignments lost on reboot: There is not enough information here for a valid bug report, and this site is not for support or diagnostic discussio... Jim Pingle
10:05 AM Bug #2754 (Duplicate): PPP and 3G: Setting PIN in advanced options not working, stick works after removing SIM PIN: Jim Pingle
09:55 AM pfSense Packages Bug #7107 (Resolved): IPv6 blocklists generate IPv4 auto-rules: Jim Pingle
09:08 AM pfSense Packages Bug #7107: IPv6 blocklists generate IPv4 auto-rules: This is resolved in pfBlockerNG-devel and can be closed. BBcan177 .
08:56 AM pfSense Packages Bug #7993 (Closed): zabbix 3.4 agent: Outdated report. Stated version is EOL, and the stated version of Zabbix is no longer available either. Jim Pingle
08:44 AM Bug #8960 (Resolved): VGA console won't boot in 2.4.4 upgrade - Bug: Probably a duplicate of #9021, and if not, then it's most likely solved on 2.5.0 (FreeBSD 12.x) Jim Pingle
08:42 AM Bug #8336 (Closed): ESXi 6.5u1 displays superfluous error message with Netgate OVA iamge: OVA was discontinued some time ago, and this particular error has been solved in recent ESX/vmware tools versions any... Jim Pingle
08:39 AM Feature #7962 (Resolved): Support for Intel 553 network card: FreeBSD appears to have added support for that card a while back. Re-test on a current version (2.4.4-p3 or later), a... Jim Pingle
08:30 AM pfSense Packages Bug #9691 (Rejected): Suricata ips_mode Legacy not blocking: This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
08:09 AM pfSense Packages Bug #9691 (Rejected): Suricata ips_mode Legacy not blocking: Good Morning.
I running suricata in pfSense 2.4.4 - p3 in "Legacy" mode, but not blocking.
I noticed in suricata lo... Wesley Peres
07:18 AM Bug #8294: Icmp redirect doesn't use CARP IP: ICMP is connectionless, the OS will reply from whichever address is "closest" to the target. The firewall cannot tell... Jim Pingle
02:35 AM Bug #8294: Icmp redirect doesn't use CARP IP: Not sure it is the same thing.
I am not talking about some devices that check the src mac address, I am talking abou... Denis Grilli
07:14 AM Bug #8014 (New): DynDNS wildcard option doesn't work for provider Loopia: OK, can you submit that change as a pull request on Github then? Thanks!
https://docs.netgate.com/pfsense/en/lates... Jim Pingle
03:48 AM Bug #8014: DynDNS wildcard option doesn't work for provider Loopia: PR 3753 didn't solve this problem, have checked the latest version.
$this->_dnsWildcard is either ON or 1. Never O... Kristoffer Ekenstam
01:40 AM Bug #9362: rc.dyndns.update: Cloudflare DDNS with proxy enabled doesn't work at all: Nathan Hand wrote:
> Underlying problem is /etc/inc/dyndns.class line 799. The value of dnsProxied is passed directl... Emmanuel Cardenas

Also available in: Atom

Project

General

Profile

pfSense

Activity

Activity

09/18/2019

09/17/2019

09/16/2019

09/14/2019

09/13/2019

09/12/2019

09/11/2019

09/10/2019

09/09/2019

09/08/2019

09/07/2019

09/06/2019

09/05/2019

09/04/2019

09/03/2019

09/02/2019

09/01/2019

08/31/2019

08/30/2019

08/29/2019

08/28/2019

08/27/2019

08/26/2019

08/25/2019

08/24/2019

08/23/2019

08/22/2019

08/21/2019

08/20/2019