Activity

30 days up to

User

Subprojects

Activity

From 08/28/2019 to 09/26/2019

09/26/2019

03:58 PM Revision de9df940: Trim bonus '$' added by devd bug. Works around issue #9384: Jim Pingle
02:41 PM pfSense Packages Bug #9772 (Resolved): can't enable Split ANY-ANY option: Jim Pingle
02:27 PM pfSense Packages Bug #9772: can't enable Split ANY-ANY option: This issue can be marked as RESOLVED. The identified problem is fixed in this pull request submitted against pfSense-... Bill Meeks
02:41 PM pfSense Packages Bug #9789 (Resolved): snort process stays active after deleting interface: Jim Pingle
02:26 PM pfSense Packages Bug #9789: snort process stays active after deleting interface: This issue can be marked as RESOLVED. Pull request 678 has been submitted to teh pfSense-2.5-DEVEL branch here: http... Bill Meeks
11:40 AM pfSense Packages Bug #9789: snort process stays active after deleting interface: Corresponded with Jim Pingle about this issue. There is no elegant or simple way for notifying a running package (An ... Bill Meeks
01:41 PM Revision 88863533: Fixes #9362: proxied value must be a boolean: Robert Resch
01:00 PM Revision 2db1578d: Fix #9674: Do not set duplicate-cn in p2p_shared_key mode: Renato Botelho
01:00 PM Revision 743d7fc4: Ticket #9674: Do not check password when using shared key: Renato Botelho
01:00 PM Revision db499864: Clarify that error message is about proxy password: Renato Botelho
01:00 PM Revision 4e42da90: Fix #9674: Do not set duplicate-cn in p2p_shared_key mode: Renato Botelho
12:51 PM Revision 4d29b2de: Ticket #9674: Do not check password when using shared key: Renato Botelho
12:48 PM Revision c46ab687: Clarify that error message is about proxy password: Renato Botelho
12:37 PM Revision 0b48a22c: Fix #9719: Fix descriptive name field behavior: Renato Botelho
12:36 PM Revision aafc3602: Fix #9719: Fix descriptive name field behavior: Renato Botelho
12:11 PM Feature #9797 (Pull Request Review): services_unbound_advanced.php: add prefer-ip6 option to dns resolver gui: What is the use case for this vs changing the global setting under System > Advanced, Networking tab?
The number o... Jim Pingle
11:57 AM Feature #9797: services_unbound_advanced.php: add prefer-ip6 option to dns resolver gui: https://github.com/pfsense/pfsense/pull/4094 Viktor Gurov
11:56 AM Feature #9797 (Closed): services_unbound_advanced.php: add prefer-ip6 option to dns resolver gui: from man unbound.conf(5):... Viktor Gurov
10:45 AM Bug #9384: devd putting "$" before variable contents when using single quotes: Adjusted title. This is a devd issue, not anything wrong with check_reload_status. Also affects other systems like Op... Jim Pingle
09:55 AM Bug #9362 (Pull Request Review): rc.dyndns.update: Cloudflare DDNS with proxy enabled doesn't work at all: Jim Pingle
08:57 AM Bug #9362: rc.dyndns.update: Cloudflare DDNS with proxy enabled doesn't work at all: Berzerker Berzerker wrote:
> Nathan Hand wrote:
> > Underlying problem is /etc/inc/dyndns.class line 799. The value... Robert R.
09:37 AM Revision 846dda21: removed changes of config.xml: Viktor Gurov
09:20 AM Bug #9796 (Resolved): kernel panic after removing interfaces: When I did some tests and ran miniupnp on the VTI or GIF interfaces and then deleted those interfaces.
after some ti... Viktor Gurov
08:10 AM Bug #9674 (Feedback): hidden OpenVPN settings are validated and written to file: Applied in changeset commit:4e42da90bd8fd2d4202782e8e0633c0e8e5e3045. Renato Botelho
07:45 AM Bug #9719 (Feedback): system_certmanager.php - Descriptive name field disappeared when adding certificate for user: Applied in changeset commit:aafc3602dc0f79462f515276f0b53cb5c2201cd4. Renato Botelho
04:02 AM Bug #9719: system_certmanager.php - Descriptive name field disappeared when adding certificate for user: more clean here: https://youtu.be/EdFOwFFuKOY Viktor Gurov
07:32 AM pfSense Packages Bug #9795 (Not a Bug): FRR add two or more ipv6 BGP Neighbors will system down: In my lab, I have two interconnected instances of FRR with the same ASN on two neighbor entries and it's stable. It's... Jim Pingle
12:12 AM pfSense Packages Bug #9795 (Not a Bug): FRR add two or more ipv6 BGP Neighbors will system down: I found that the problem recurred,If I add two or more ipv6 BGP Neighbors, the Remote AS is the same ASN number. like... yon Liu
06:57 AM Bug #9649 (Pull Request Review): IPv6 6RD Tunnel: Pull Request: https://github.com/pfsense/FreeBSD-src/pull/25 Renato Botelho
06:56 AM pfSense Packages Feature #6866: Suricata multiple interfaces: Idar Lund wrote:
> You are only covering the first half of the description - which is of no relevance except giving ... Bill Meeks
12:41 AM pfSense Packages Feature #6866: Suricata multiple interfaces: You are only covering the first half of the description - which is of no relevance except giving you some background ... Idar Lund
04:02 AM Bug #9720: vpn_ipsec_phase2.php - no remote network field in VTI mode: more clean here: https://youtu.be/avQWWjNl53o Viktor Gurov
04:00 AM Bug #9790: firewall aliases table with fqdn stays in system after deleting: more clean here: https://youtu.be/3IPwE6o3Pw4 Viktor Gurov

09/25/2019

07:26 PM Revision 4a26ba22: Fix spacing of MAC OEM on ARP table: Jim Pingle
07:23 PM Revision 9297ad65: Add search/filter to DHCP/DHCPv6 leases, ARP, and NDP. Implements #9791: Jim Pingle
06:32 PM Bug #9794 (Duplicate): Users in Admins group cannot manage accounts in System => User Manager: Duplicate of #9541 Jim Pingle
06:28 PM Bug #9794 (Duplicate): Users in Admins group cannot manage accounts in System => User Manager: After upgrading pfSense to version 2.4.4-RELEASE-p3 users in the Admins group are unable to manage accounts or create... Tácio Andrade
02:42 PM pfSense Packages Feature #6785 (Resolved): Allow setting of suricata's meta-field-limt libhtp parameter: Jim Pingle
02:40 PM pfSense Packages Feature #6785: Allow setting of suricata's meta-field-limt libhtp parameter: This issue can be closed as RESOLVED. The requested change has been added to the Suricata GUI package in this pull re... Bill Meeks
02:35 PM Revision 51b6583d: fixes 25.09.19: Viktor Gurov
02:30 PM pfSense Packages Feature #6866 (Rejected): Suricata multiple interfaces: Jim Pingle
02:24 PM pfSense Packages Feature #6866: Suricata multiple interfaces: No, it is not possible to have Suricata see internal (post-NAT) addresses when it runs on the WAN. Suricata hooks int... Bill Meeks
02:30 PM Feature #9791 (Feedback): Ability to filter Diagnostics ARP Table by IP range (DHCP): Applied in changeset commit:9297ad6504618c5ffcee9f8fe02535cb33f570c9. Jim Pingle
10:07 AM Feature #9791: Ability to filter Diagnostics ARP Table by IP range (DHCP): I had requested an Alias feature which was pointed out to be already implemented (I have many configured - just forgo... John Weithman
07:25 AM Feature #9791 (Resolved): Ability to filter Diagnostics ARP Table by IP range (DHCP): It would be nice to be able to filter the ARP table to find a particular (new) device.
In my instance I have turne... John Weithman
02:27 PM pfSense Packages Bug #7223 (Resolved): IPv4 Rules not working in Inline Mode: Jim Pingle
02:20 PM pfSense Packages Bug #7223: IPv4 Rules not working in Inline Mode: This issue can be closed as "RESOLVED". It was caused by an overly broad automatic pass list mechanism that was initi... Bill Meeks
02:25 PM Revision 0263f8d1: Update openvpn.widget.php: d j
01:41 PM Revision cf9d29b2: Update openvpn.widget.php: d j
01:37 PM Revision 8ad987ee: Update status_openvpn.php: d j
01:06 PM pfSense Docs Correction #9783 (Resolved): Under "Gateway Settings" in the "Weight" paragraph there is a typo: Fixed Jim Pingle
12:57 PM Revision 92a9c71d: Fix #9488: Disable serial console on memstick images: Renato Botelho
12:57 PM Revision 4511fe40: Fix #9488: Disable serial console on memstick images: Renato Botelho
11:48 AM Revision e78de48d: Merge pull request #4085 from s-fiebig/master: Renato Botelho
08:13 AM pfSense Packages Feature #9793 (Resolved): Add support for HAProxy ACLs "src -f /ipalias.lst" to use pfBlockerNG IP Alias Native: Currently pfBlockerNG is power tool to create any IP aliases you can imagine: from domain resolving, ASNs, parser of ... DRago_Angel [InV@DER]
08:05 AM Bug #9488 (Feedback): No console when booting CE Memstick UEFI.: Applied in changeset commit:4511fe40ac329e3aee594f934c27a9a47d63acec. Renato Botelho
05:50 AM Bug #9488 (In Progress): No console when booting CE Memstick UEFI.: Renato Botelho
07:34 AM pfSense Packages Bug #9789: snort process stays active after deleting interface: This behavior will impact Barnyard2 and also Suricata (and Barnyard2 in a Suricata setup).
This behavior is also g... Bill Meeks
05:41 AM pfSense Packages Bug #9789: snort process stays active after deleting interface: perhaps the same behavior with barnyard2 Viktor Gurov
07:33 AM Feature #9792 (Rejected): Create Alias for IP blocks/ranges: You can make whatever aliases you like, call them what you want, and have the contents you want.
Having custom def... Jim Pingle
07:31 AM Feature #9792 (Rejected): Create Alias for IP blocks/ranges: To keep things simple I typically have any all devices get their address by DHCP. For many of those devices I set a s... John Weithman
06:49 AM Bug #9747 (Feedback): IPsec widget - Missing escape of domain backslash: PR has been merged. Thanks Renato Botelho
06:41 AM Revision 8a785efa: Update openvpn.widget.php: d j
06:39 AM Feature #9309: Allow manual selection of IPsec IKE Pseudo-Random Function (PRF): Currently manual selection of PRF supported by:
Cisco IOS/IOS-XE/ASA, Huawei routers/firewalls and Google CloudVPN
... Viktor Gurov
06:39 AM pfSense Packages Bug #9752 (Feedback): ACME - Actions have no access to additionally generated certificate files.: Renato Botelho
06:35 AM pfSense Packages Bug #9752: ACME - Actions have no access to additionally generated certificate files.: PR has been merged. Thanks! Renato Botelho
06:38 AM Revision 8b689c4c: Update status_openvpn.php: d j
04:55 AM Bug #9790 (Resolved): firewall aliases table with fqdn stays in system after deleting: If you create Alias table under Firewall / Aliases / IP with FQDNs,
PF table with such name stays in system after yo... Viktor Gurov
01:43 AM Feature #9788: Display number of connections in status_openvpn.php: PR against pfsense/master https://github.com/pfsense/pfsense/pull/4092 d j

09/24/2019

05:42 PM Bug #9488: No console when booting CE Memstick UEFI.: Confirmed. Both images boot fine on the MBT-4220 using that line:... Steve Wheeler
05:20 PM Bug #9488: No console when booting CE Memstick UEFI.: Setting boot_serial=NO on loader.conf fix the problem. I'll think about how is the best way to deal with that Renato Botelho
02:23 PM Bug #9488: No console when booting CE Memstick UEFI.: Re-tested with:
pfSense-CE-memstick-2.5.0-DEVELOPMENT-amd64-20190924-1135.img.gz
and:
FreeBSD-13.0-CURRENT-amd64-2... Steve Wheeler
03:34 PM Revision 99d7e8c1: Fix OpenVPN keepalive default values. Fixes #3473: Jim Pingle
01:38 PM Feature #9768: IPsec for site-to-site scenario where one side has dynamic ip: It can be used for any number of tunnels. If you have support questions, please take them to the forum or pfSense sub... Jim Pingle
01:32 PM Feature #9768: IPsec for site-to-site scenario where one side has dynamic ip: Jim Pingle wrote:
> We have not ignored this. You can already do this now. Use DynDNS hostname for the peer, or othe... lama lord
11:33 AM pfSense Packages Bug #9789 (Resolved): snort process stays active after deleting interface: after deleting interface on Interfaces / Interface Assignments page,
snort process stays active and you can't disabl... Viktor Gurov
10:59 AM Feature #9788: Display number of connections in status_openvpn.php: https://github.com/pfsense/pfsense/pull/4091 d j
10:42 AM Feature #9788 (Pull Request Review): Display number of connections in status_openvpn.php: Jim Pingle
10:41 AM Feature #9788: Display number of connections in status_openvpn.php: https://github.com/pfsense/pfsense/pull/4090 d j
10:36 AM Feature #9788 (Resolved): Display number of connections in status_openvpn.php: Display number of connections in status_openvpn.php on top of each server d j
10:40 AM Feature #3473 (Feedback): Allow configuration of OpenVPN keepalive: Applied in changeset commit:99d7e8c10e96e6f22ad47973d07258cd02426fe6. Jim Pingle
09:53 AM Feature #3473 (In Progress): Allow configuration of OpenVPN keepalive: I have not changed anything in my configuration, and after upgrading to a snapshot with these changes, I am seeing er... Jim Pingle
10:12 AM pfSense Packages Todo #9787 (Feedback): Update Mail Reports to deal with clog deprecation: Fixed in Mail Reports pkg version 3.6, for 2.5.0 only. Jim Pingle
09:48 AM pfSense Packages Todo #9787 (Resolved): Update Mail Reports to deal with clog deprecation: Since clog is deprecated, the Mail Reports package needs adjusted to handle the new log functions.
See Also: #8350
Jim Pingle
10:12 AM pfSense Packages Bug #8315 (Feedback): Mail Report mail_report_send() behavior different than notify_via_smtp(): This may have already been fixed since the patch didn't match the current code, but I removed the explicit set of SMT... Jim Pingle
09:48 AM Todo #8350: Remove clog in favor of standard syslogd or syslogd alternative with rotation via newsyslog or logrotate: I moved that to its own issue, since it isn't relevant to the base system: #9787 Jim Pingle

09/23/2019

08:34 PM Revision 016b6625: Redact BandwidthD postgres db password. Fixes #9784: Jim Pingle
08:34 PM Revision 1f2be937: Redact BandwidthD postgres db password. Fixes #9784: (cherry picked from commit ca3129138b9866f5c82ff80d59eeed3f746367a1) Jim Pingle
06:25 PM Revision e8a1e9e1: Provide optional "enable" argument to enable/disable form submit button: Steve Beaver
05:40 PM Todo #8350: Remove clog in favor of standard syslogd or syslogd alternative with rotation via newsyslog or logrotate: This stops MailReports package from working
(not a big deal - just letting you know)
This is a periodic report fr... Matt Gilchrist
03:55 PM Revision c8954c9f: Removed escaping of CSS classes: Sebastian Fiebig
03:40 PM Bug #9784 (Feedback): status.php: Sanitize bandwidthd db password: Applied in changeset commit:1f2be937ddbaf04a1704cac2aea3fc66bb196013. Jim Pingle
05:18 AM Bug #9784 (Resolved): status.php: Sanitize bandwidthd db password: config-satinized.xml keeps <postgresqlpasswordenc>:... Viktor Gurov
03:39 PM Revision 6f2192d4: Initialize JSON data to avoid warning.: Avoid warning/error for not initialized JSON variable. Sebastian Fiebig
03:35 PM Revision 0c8faa81: removed unused code, switch default, print <pre> fixes: Viktor Gurov
03:28 PM Revision ce9eb0fb: Fixed #9785: Steve Beaver
02:49 PM Revision 0ba34702: renaming: Viktor Gurov
02:45 PM Revision b4b46b46: dropdown menu to select reboot method: Viktor Gurov
02:34 PM Bug #9786: pfSense GUI allows incorrect VIP alias subnet.: Same here, and it works fine for me. It is not repeatable as you state. That's why it needs moved to the forum to gat... Jim Pingle
02:32 PM Bug #9786: pfSense GUI allows incorrect VIP alias subnet.: Thank you Jim, but I tested this via GUI, Not via CLI, and have been able to reproduce this multiple times with today... Anonymous
02:29 PM Bug #9786 (Rejected): pfSense GUI allows incorrect VIP alias subnet.: It was true years ago that /32 was required but that has not been the case for many years.
I have several /24 VIPs... Jim Pingle
02:21 PM Bug #9786 (Rejected): pfSense GUI allows incorrect VIP alias subnet.: As of last weeks updates for 2.5 (about Sept 20th, 2019) my VIP aliases stopped working, however the issue does not a... Anonymous
12:44 PM Revision 3209e782: Add a blank line to prevent breaking make.conf when it has no newline at EOF: Renato Botelho
12:43 PM Revision 840a0d43: Restore newline at EOF: Renato Botelho
11:42 AM pfSense Packages Feature #9315: Add Package: dnscrypt-proxy: The package 'unbound', used by FreeBSD, supports and uses DNScrypt from version 1.9.1
See: https://github.com/NLne... Carlo Hoffmann
11:19 AM pfSense Packages Bug #9752 (Pull Request Review): ACME - Actions have no access to additionally generated certificate files.: Jim Pingle
11:17 AM pfSense Packages Bug #9752: ACME - Actions have no access to additionally generated certificate files.: Pull request: https://github.com/pfsense/FreeBSD-ports/pull/675 Sebastian Fiebig
10:35 AM Bug #9785 (Feedback): ACB permits manual backup attempt when disabled: Applied in changeset commit:ce9eb0fb8db618f652fc1598d17c63f2f2d80c41. Anonymous
10:19 AM Bug #9785 (Resolved): ACB permits manual backup attempt when disabled: * curl should be set to require cert verification
* Error log message refers to obsolete package
* Comment specifie... Anonymous
01:03 AM Bug #1819: DNS Resolver Not Registering DHCP Server Specified Domain Name: Is this even still on the radar ? I saw it get pushed to 2.5 Lynn Dixon

09/22/2019

09:13 AM Bug #9777 (Duplicate): DNS resolver crass possible DoS: Jim Pingle
05:38 AM Bug #9777: DNS resolver crass possible DoS: it seems similar or the same as https://redmine.pfsense.org/issues/8054
i can't reproduce it on my 2.5.0 probably al... Manuel Piovan
06:29 AM pfSense Docs Correction #9783 (Resolved): Under "Gateway Settings" in the "Weight" paragraph there is a typo: https://docs.netgate.com/pfsense/en/latest/book/routing/gateway-settings.html
Under "Gateway Settings" in the "We... DANIEL HARRINGTON

09/21/2019

04:04 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: It's been about 8 months now that we are unable to update / patch our firewalls because of this. Yeah I know, open so... Robert Gijsen
02:16 AM pfSense Packages Bug #8404: IPSec pre-shared key: I have tried 2.4.4_3 today, but it shows the same behavior.
Still need to disable the VPN dashboard plugin to access... Lasse not relevant

09/20/2019

05:35 PM Revision 73730497: Fix #9612: Run fsck -z once during upgrade: Renato Botelho
04:51 PM Revision e400549f: cosmetic fixes: Viktor Gurov
02:39 PM Bug #9782 (Resolved): XMLRPC auth error message format is inconsistent with GUI auth error message: Fix the format of XMLRPC auth error to match GUI auth error, so it can be picked up by sshguard
This is already fi... Jim Pingle
02:37 PM Bug #9781 (Resolved): Fix IPsec VTI interface creation logic: There is a logic error when creating VTI interfaces. Per Renato, "The logic was reversed, it must use @and@"
See a... Jim Pingle
02:35 PM Bug #9780 (Resolved): PHP warning in diag_dump_states.php: @for@ statement usage syntax is causing a PHP error in diag_dump_states.php
This is already fixed, adding issue fo... Jim Pingle
02:33 PM Bug #9779 (Resolved): Dynamic DNS class constructor uses deprecated function name: Fix Dynamic DNS class constructor name so it does not use the class name, PHP is deprecating support for that usage.
... Jim Pingle
02:31 PM Bug #9778 (Resolved): Inconsistent update check results: Revise update check to provide a more consistent version string in JSON format & make factory test case insensitive
... Jim Pingle
01:21 PM Bug #9777 (Duplicate): DNS resolver crass possible DoS: Hi I am running 2.4.3-RELEASE-p1 (amd64) (FreeBSD 11.1-RELEASE-p10) and have vlan for hotspot and Register DHCP lease... Vöggur Guðmundsson
12:45 PM Bug #9612 (Feedback): Run fsck with -z for ufs on upgrade to address FreeBSD-SA-19:10.ufs: Applied in changeset commit:7373049764f144b2ea7c891bd60760ab64b41160. Renato Botelho
11:00 AM Revision bdb6ef95: two generic functions: precheck_hostport, hostport_array_fixer: Viktor Gurov
10:25 AM Revision 2dcbb2bc: functions fixup_host and fixup_port merged to fixup_hostport: Viktor Gurov
09:52 AM pfSense Packages Bug #9776 (Resolved): Wrong function in squidguard_log.php: There is an error on squidguard_log.php
This function needs to be changed... 2S Suchorski GAPLS
09:19 AM Feature #9775 (New): AutoConfigBackup - Rolling per day/hour cap on changes, retention policy: Autoconfigbackup right now will keep a complete revision history. Unfortunately, when making bulk changes (such as tr... tasty ratz
07:37 AM Bug #9744: fatal error if ECDH Curve not default: Looks like https://community.openvpn.net/openvpn/ticket/1177
The initial title of the bug mentions FIPS but later ... Jim Pingle
04:39 AM Bug #9744: fatal error if ECDH Curve not default: Jim Pingle wrote:
> That's internal to OpenVPN/OpenSSL. The GUI presents the curves it claims to support exactly (Fr... Viktor Gurov
07:25 AM Bug #9577: radvd send_ra_forall failed on interface / can't join ipv6-allrouters: Hi!
Can someone PLEASE take a look at this one.
Thanks! Greg M
04:25 AM Feature #1683: PF scrub min-ttl option: Sorry,i mean "max-mss" - Enforces a maximum segment size (MSS) for matching TCP packets. Nikolay Stoyanov
03:52 AM pfSense Packages Feature #9774 (New): Squid logs / remote logs: it would be nice to have a button for downloading squid logs like access.log
and / or
it would be nice to have it ... Manuel Piovan

09/19/2019

07:46 PM Revision 657b6b32: Remove old code commented out in 2014: Renato Botelho
04:57 PM Revision bf8aa114: Initialize array properly: (cherry picked from commit d4393366bc0c30437c234652a2f124e08281acd5) Renato Botelho
04:57 PM Revision 9b32254c: Redirect to status_captiveportal.php: (cherry picked from commit 15e8ee8621a552eb7d1b1a7749816846a24ae724) Renato Botelho
04:57 PM Revision 875b28f1: Fix #9722: Change voucher shortcut to point to voucher status page: (cherry picked from commit 4baf532b5b834e659f484fc2b79e73fcfd169e46) Renato Botelho
04:41 PM Revision 4baf532b: Fix #9722: Change voucher shortcut to point to voucher status page: Renato Botelho
04:41 PM Revision d4393366: Initialize array properly: Renato Botelho
04:41 PM Revision 15e8ee86: Redirect to status_captiveportal.php: Renato Botelho
04:27 PM Revision 1836b0c2: Enable Multipath in FRR 7. Implements #9545: Jim Pingle
01:04 PM Bug #6263 (Resolved): Encryption options for every P2 on a given P1 are written to each P2 individually inside ipsec.conf with multiple P2 entries + split conn entries: This looks good to me, duplicate items are no longer present. Jim Pingle
06:35 AM Bug #6263 (Feedback): Encryption options for every P2 on a given P1 are written to each P2 individually inside ipsec.conf with multiple P2 entries + split conn entries: Applied in changeset commit:e9c0484340a54b650dd6d9e78650ff01c9d91428. Renato Botelho
01:00 PM Revision 11f166d8: Ticket #6775: Enable strongswan pkcs11 plugin: Renato Botelho
12:54 PM pfSense Packages Feature #9773 (Duplicate): pimd to replace IGMP Proxy: Duplicate of #9555 Jim Pingle
12:19 PM pfSense Packages Feature #9773 (Duplicate): pimd to replace IGMP Proxy: I have had zero luck with IGMP proxy and have been told/found out that it is busted on the later releases of PFSense.... Forrest McMean
12:25 PM Revision 93da47e6: Fix #9756: Fix NCP multiple selection: (cherry picked from commit b0595985418416de4fe87063a1e21ffa1d2d5532) Renato Botelho
12:13 PM Revision bdb3bb8b: Fix #9716: Enable Italian translation: Renato Botelho
12:13 PM Revision 47254a66: Update a couple of Chinese locale codes: Renato Botelho
12:04 PM Revision 1455535b: Update translation files: Renato Botelho
11:56 AM Revision b8226867: Regenerate pot: Renato Botelho
11:50 AM Bug #9722 (Feedback): services_captiveportal_vouchers.php wrong status icon link: Applied in changeset commit:4baf532b5b834e659f484fc2b79e73fcfd169e46. Renato Botelho
11:45 AM Revision b0595985: Fix #9756: Fix NCP multiple selection: Renato Botelho
11:40 AM pfSense Packages Bug #9772 (Resolved): can't enable Split ANY-ANY option: If you enable *Split ANY-ANY* option on interface page is not enabled,
and it's disabled in config.xml:... Viktor Gurov
11:35 AM Feature #9545 (Feedback): Enable Multipath Routing in the Kernel: Applied in changeset pfsense:commit:1836b0c237efdf9bf2ce9fab798f2718f0fd6028. Jim Pingle
11:24 AM Revision e9c04843: Fix #6263: Deduplicate encryption options on ipsec.conf: On a configuration with multiple P2, all encryption options from all P2
are added to ipsec.conf. The list could have... Renato Botelho
11:05 AM Revision 7bd9419d: add ability to reroot and reboot with fsck to WebGUI: Viktor Gurov
11:04 AM Feature #9544 (Feedback): Enable ``ROUTE_MPATH`` multipath routing: option added to amd64/arm/arm64 kernels Renato Botelho
10:54 AM Revision 3bfecc81: Fix #3743: Allow OpenVPN keepalive configuration: - Remove hardcoded 'keepalive 10 60' configuration
- Added 'inactive seconds' option
- Let user configure 'keepalive ... Renato Botelho
10:52 AM Bug #9747 (Pull Request Review): IPsec widget - Missing escape of domain backslash: Jim Pingle
10:51 AM Feature #9766 (Pull Request Review): diag_packet_capture.php: allow to input multiple tcp/udp ports: Jim Pingle
10:40 AM Feature #9771 (Pull Request Review): diag_reboot.php: add ability to reroot and reboot with fsck to WebGUI: Jim Pingle
06:10 AM Feature #9771: diag_reboot.php: add ability to reroot and reboot with fsck to WebGUI: https://github.com/pfsense/pfsense/pull/4089 Viktor Gurov
06:08 AM Feature #9771 (Resolved): diag_reboot.php: add ability to reroot and reboot with fsck to WebGUI: Adds extra buttons for Reroot and Reboot with fsck to Diagnostics / Reboot
code mostly taken from /etc/rc.initial.... Viktor Gurov
10:39 AM Feature #9769 (Pull Request Review): listallcerts - pfSsh.php script to show all certificates in console: Jim Pingle
10:36 AM Revision 4de6f04d: Fix #6846: Properly detect Super Micro C2558/C2758: Renato Botelho
10:15 AM Bug #9756 (Resolved): vpn_openvpn_(client|server).php: js issue when selecting multiple NCP: This looks good now. Selecting multiples on either side has the intended effect. Jim Pingle
06:55 AM Bug #9756 (Feedback): vpn_openvpn_(client|server).php: js issue when selecting multiple NCP: Applied in changeset commit:b0595985418416de4fe87063a1e21ffa1d2d5532. Renato Botelho
08:05 AM Feature #6775 (Feedback): Strongswan PKCS#11 Support: Plugin support was added to strongswan port on pfSense 2.5.0
I still don't know exactly what to do on GUI Renato Botelho
07:20 AM pfSense Packages Bug #7293 (Feedback): dns/bind911 requires TCP_RFC7413 in kernel: TCP_RFC7413 is part of pfSense kernel on 2.5.0 Renato Botelho
07:20 AM Feature #9716 (Feedback): Italian translation: Applied in changeset commit:bdb3bb8b3c7a2c9f42b3ed82d70a53079eea2c0f. Renato Botelho
06:12 AM Feature #3473 (Feedback): Allow configuration of OpenVPN keepalive: Done. I used wrong ticket number in commit:3bfecc81db500415a6d61df318513ccb82f47a8c Renato Botelho
05:45 AM Bug #6846: System misreporting Super Micro C2558 platform as Super Micro C2758: Applied in changeset commit:4de6f04d5f4eb69e9293dad6f47ce66f7d3baec1. Renato Botelho

09/18/2019

11:22 PM Bug #6846: System misreporting Super Micro C2558 platform as Super Micro C2758: A1SAi Travis Erdmann
07:03 AM Bug #6846: System misreporting Super Micro C2558 platform as Super Micro C2758: Travis Erdmann wrote:
> hw.model: Intel(R) Atom(TM) CPU C2558 @ 2.40GHz
And what is the output of:... Renato Botelho
08:23 PM Revision 3abcd547: Setup shortcuts for packages. Fixes #9770: Jim Pingle
08:23 PM Revision f14ab2c6: Setup shortcuts for packages. Fixes #9770: (cherry picked from commit 37213abe96e83884b4a8ffbbbb7cc759cd2799ec) Jim Pingle
05:10 PM Revision 9f2a58b5: Remove variable from gettext string: Renato Botelho
05:10 PM Revision 4597011d: Remove line commented out in 2015: Renato Botelho
05:01 PM Revision 1889f3e7: Remove code commented out in 2008: Renato Botelho
03:42 PM Revision bf03bee2: Allow Dynamic DNS wildcards for Route53 #9053: (cherry picked from commit 0b230bb2957d32059ea4610965a9507346a1d3e9) Tom Embt
03:39 PM Revision 9133e01d: Fix #9285: Move ping-check option from global to per-subnet: (cherry picked from commit 5197e3e3a3b0ee048785e2ffb4222d7cba4e6c74) Renato Botelho
03:38 PM Revision 13980a4f: Add IPsec DH/PFS groups 25/26/27. Implements #9757: (cherry picked from commit 21bee0287caf76bb7ab63ec29b0ecf7435940a06) Jim Pingle
03:38 PM Revision a033a446: Add wizard select_source & use for OpenVPN DH. Fixes #9748: (cherry picked from commit 52f686a97f77cfd00ddb69088bef7164676d4117) Jim Pingle
03:38 PM Revision a4bcbc3e: Add additional DHCPv6 prefix delegation size options to dropdown list on interface settings.: - implements #9590
(cherry picked from commit 51dc008bfebef50bc4be9ff2a894e176ba013866) Andreas Bleischwitz
03:38 PM Revision 789b545b: openvpn: cleaning default case handling in switch statements: (cherry picked from commit f93ec3853fc0c01760606994422e9e8fc0d645c9) Vito Piserchia
03:38 PM Revision 83011d13: change after review: (cherry picked from commit f08369ec248f2733eb2b69db23aa042e27ec04de) Vito Piserchia
03:38 PM Revision 83929cea: Update text: (cherry picked from commit cef01bcb95add6acc13edb16739e10d7ed8ba6e2) Vito Piserchia
03:38 PM Revision 45d6f551: Added tlsauth keydir options to openvpn client and server: (cherry picked from commit 8698f918d170d3836037d3a39b4e1f8aa6389f6d) Vito Piserchia
03:38 PM Revision 6c203c2f: Deduplicate code in openvpn.inc: (cherry picked from commit f7335af377d41262654bdbd7d7cf0e2993fb71d1) Renato Botelho
03:38 PM Revision 22ee846c: Remove unnecessary variable: (cherry picked from commit 1d13560cb36db0d5f7cec9fa9d6295445333ba95) Renato Botelho
03:37 PM Revision 1bcb05e4: Improve efficiency of resync checks.: GW Group changes are checked iff the interface is not the empty string or the interface in question is not the same a... James Webb
03:37 PM Revision f5e2f7dc: Add ability for OpenVPN instances to resync on IP changes and on boot.: OpenVPN instances resync if interface IP change occurs.
At boot, the interface is the empty string, so resync is mand... James Webb
03:37 PM Revision 2b909be9: Add else clause for cases when OpenVPN interface file does not exist.: - Prevents potential race condition at startup resulting in failure to start OpenVPN instances.
- In cases where inte... James Webb
03:37 PM Revision c3b023f5: Update openvpn.inc to allow OpenVPN instances to resync when running on a gateway group.: Implementation now checks if OpenVPN client/server running on gateway group should resync when IP changes occur or if... James Webb
03:37 PM Revision 86040ba2: Remove deprecated comments since username tag got CDATA: (cherry picked from commit 1dcaf2d816721704bfb05ae2587c09e37c873e71) Renato Botelho
03:37 PM Revision 994f803f: Ticket #6195: Use CDATA on username tag: After discuss with JimP we agreed it would be a better approach than
bdaa5235d4 if we add username tag to the list of... Renato Botelho
03:37 PM Revision b0f317fd: Fix interface/config alignment on interfaces_ppps_edit.php. Fixes #9741: (cherry picked from commit d81f270454ec66680cb645c0d3c13f9431d9c026) Jim Pingle
03:37 PM Revision 88a41391: Fix handing of DNSimple API response: It seems DNSimple started using HTTP/2, which broke the regex the dnsimple updater was using to check for success. I ... Paul Sadauskas
03:37 PM Revision 9f36302e: Was failing the check if clicking test notifications twice in a row. So it was saving the asterisks and overwriting the current password.: (cherry picked from commit 6176862f98749e15524e02ccaa705b65c498ceed) John Forte
03:36 PM Revision 535b07f7: Do not use constructor with the same name of class, it's going to be deprecated: (cherry picked from commit d43154fee7d7c2a5a007f36da7d86a94bd197a85) Renato Botelho
03:36 PM Revision 0ffbf1e7: Fix PHP warning: (cherry picked from commit b94eb4b90540dfb294376d6578aa9e9cbec63be9) Renato Botelho
03:36 PM Revision 15d4aede: Fixed #8014: Fixed wildcard variable not being set correctly.
Updated CURLOPT_URL according to provider's documentation.
Added sup... kristoffer-ekenstam
03:36 PM Revision 7112400e: Add more color choices for login screen: (cherry picked from commit 1fe82d1dc90969fad058819ce6e7b6001382191e) Mix Room
03:36 PM Revision 5725f53c: Make factory test case insensitive: (cherry picked from commit 552a41fbd37aa61f50e62f29876485c9775345cc) Steve Beaver
03:36 PM Revision e553d3d0: Revise update check to provide a more consistent version string, and to provide it in JSON format: (cherry picked from commit 819165020041ee46f423a7ead5aca855dac28cdb) Steve Beaver
03:36 PM Revision 8c501800: IPsec ID type parsing changes. Fixes #9243: * Move code to function to avoid unnecessary duplication of code
* Clean up the logic to avoid further redundancies
*... Jim Pingle
03:36 PM Revision a00fcaa6: Fix CA/Cert search description. Issue #9412: (cherry picked from commit f30da999bc135fe80eda2eeddcc0cc1350a989d3) Jim Pingle
03:36 PM Revision 886a03a4: Fix bonus closing tag. Issue #9412: (cherry picked from commit dd4fb72cfa8c0904d3cc7eae6ec01c2493f113f7) Jim Pingle
03:36 PM Revision ebfbb362: Add sorting and search to CA/Certs. Implements #9412: (cherry picked from commit 14973058752f8b19f63af5c45b3f7b42560ae432) Jim Pingle
03:36 PM Revision df40c93b: Routing, actually show the "(default)" mark on the default route as it is present on the OS: Most obvious problem was when manually switching from WANGW1 to WANGW2 it showed both as (default) after saving the s... PiBa-NL
03:36 PM Revision ef2e3b5d: Also trim if() statement: (cherry picked from commit d6601c8f0012f8eb784a285636ba9cca19d37f89) A FL
03:36 PM Revision a9a90af6: add trim() to $_POST['auth_user'] & $_POST['auth_user2']: (cherry picked from commit 28a5469e25229ee0b922c7cd976cf510b73b5c7d) jeroen van breedam
03:35 PM Revision 1ef5b31b: Bug #9218: (cherry picked from commit adc6ddbdbbb465fd3cb58d931465ac93b1fdedb6) d j
03:35 PM Revision 399e1385: Only apply group size restriction to local groups. Implements #3792: (cherry picked from commit 8d4f79cd5fdfe1c5c47f39bc0f92f63268b4593e) Jim Pingle
03:35 PM Revision 3184695e: Fixed #9693: Allow ACB to be suppressed by including magic string in the backup description
Transmit max number of manual backups ... Steve Beaver
03:35 PM Revision de209dea: Fixed #9687: Remove all referenes to legact/Gold ABC system
(cherry picked from commit f01c09914d50618b29f17853d4a69ed6973330cd) Steve Beaver
03:35 PM Revision 7ba8d654: Instead of restarting pkgs, add an IPsec reload hook they can use instead. Fixes #9668: (cherry picked from commit a264f870479c36ac1599b936bbdd547f0f8a99ec) Jim Pingle
03:34 PM Revision 64c18f53: Restart packages at the end of rc.newipsecdns. Fixes #9668: Not an ideal solution but it does ensure that FRR routes function after
an IPsec event.
(cherry picked from commit 1... Jim Pingle
03:34 PM Revision aa08527d: Fixed #9586 by detecting if option list includes /0 or not: (cherry picked from commit 7ec80e763f7e8357a4e5b0d2d57546cfd5d0f0f0) Steve Beaver
03:33 PM Revision 2c29eaf9: Allow Dynamic DNS wildcards for Cloudflare #9361: (cherry picked from commit acfc36435c5a06e188917d11598f999a37f78469) Tom Embt
03:33 PM Revision 65916f88: Update dyndns.class: (cherry picked from commit 0c43f8256edf08e473caae8c7dad0936ada2fd90) Matthew Fine
03:33 PM Revision a7a19a8b: Update services.inc: (cherry picked from commit 443a8b1beca07d1490f170c972c1c00ecb39baa7) Matthew Fine
03:33 PM Revision 8c6b6ea2: Update services_dyndns_edit.php: (cherry picked from commit 8b3e2e26f3082c78979842992acd1849ba42fcb3) Matthew Fine
03:33 PM Revision 98375c63: Azure DDNS whitespace only: (cherry picked from commit ed5b58a752a2241ce052851def2a7c846361146d) Tom Embt
03:32 PM Revision d94886a8: Linode Dynamic DNS syntax fixes: (cherry picked from commit bd0a29ea21d0a5230b74410a7a4c1289fef38e89) Tom Embt
03:32 PM Revision e77f993f: Add Dynamic DNS support for Linode #9268: (cherry picked from commit b923a8251ca4b899936156db48fb9253745c41e3) Tom Embt
03:30 PM Bug #9770 (Feedback): XML-based Packages do not activate shortcuts: Applied in changeset commit:f14ab2c616e12e083143de458af67ebd08aa1636. Jim Pingle
03:23 PM Bug #9770 (Resolved): XML-based Packages do not activate shortcuts: When using XML-based packages like stunnel or iperf, shortcuts are not activated as the package does not have a way t... Jim Pingle
03:27 PM Revision 2fb3b9bd: Fix AzureV6 DynDNS client: `AAAARecords` in the Azure DNS API is case sensitive
Documentation: https://docs.microsoft.com/en-us/rest/api/dns/re... Tyler Szabo
03:05 PM Revision 5beb11e6: Fixed #8907: Support field size option in select control
(cherry picked from commit 7f486e5af62396622ca63b922ec6725de4df2bb5) Steve Beaver
09:35 AM pfSense Packages Feature #9751 (Resolved): Need an "inclusive" and "exclusive" method of specifying ports: Jim Pingle
09:31 AM pfSense Packages Feature #9751: Need an "inclusive" and "exclusive" method of specifying ports: Works great now! Thanks! George Phillips
01:08 AM pfSense Packages Feature #9751: Need an "inclusive" and "exclusive" method of specifying ports: Good change Jim Denny Page
07:34 AM Bug #9478 (Resolved): Unable to check for updates from the GUI when using a proxy with authentication: Nice!
It works from the GUI and shell now. Jim Pingle
06:14 AM Feature #9769: listallcerts - pfSsh.php script to show all certificates in console: https://github.com/pfsense/pfsense/pull/4088 Viktor Gurov
06:13 AM Feature #9769 (Closed): listallcerts - pfSsh.php script to show all certificates in console: Show you all certificates in console, like System / Certificate Manager / Certificates
code mostly taken from syst... Viktor Gurov

09/17/2019

07:45 PM Bug #6846: System misreporting Super Micro C2558 platform as Super Micro C2758: hw.model: Intel(R) Atom(TM) CPU C2558 @ 2.40GHz Travis Erdmann
03:38 PM Bug #6846 (Feedback): System misreporting Super Micro C2558 platform as Super Micro C2758: Travis, could you please run the following command and show me the output?... Renato Botelho
03:52 PM Revision 7529f168: Add GUI option for IPsec tunnel closeaction. Fixes #9767: (cherry picked from commit 85c85e89ec7fad6974cd008d1f25676adf8e288d) Jim Pingle
03:52 PM Revision 85c85e89: Add GUI option for IPsec tunnel closeaction. Fixes #9767: Jim Pingle
02:59 PM Revision 5197e3e3: Fix #9285: Move ping-check option from global to per-subnet: Renato Botelho
02:44 PM Revision cea3a6b1: Remove redundant if: Renato Botelho
11:00 AM Bug #9767 (Feedback): Interesting Traffic Will not Initiate an IPsec VTI tunnel.: Applied in changeset commit:85c85e89ec7fad6974cd008d1f25676adf8e288d. Jim Pingle
08:20 AM Bug #9767: Interesting Traffic Will not Initiate an IPsec VTI tunnel.: The behavior is consistent with the config, which is set for @auto=start@. That connects at startup, but won't reconn... Jim Pingle
10:05 AM Bug #6843 (Not a Bug): Version inconsistency after updating to 2.3.2_1: Probably a local issue, pfSense-upgraded changed a lot since then and it's working much better these days Renato Botelho
10:05 AM Feature #9285 (Feedback): Add an option to disable the ping-check in dhcpd: Applied in changeset commit:5197e3e3a3b0ee048785e2ffb4222d7cba4e6c74. Renato Botelho
10:04 AM pfSense Packages Bug #7471 (Rejected): Cellular pkg errors on install: Probably it was fixed by other changes but today package can be installed/deinstalled and upgraded without any issues... Renato Botelho
08:27 AM Revision 524f1e87: cosmetic fixes,- tabs, spaces: Viktor Gurov
08:16 AM Bug #9478 (Feedback): Unable to check for updates from the GUI when using a proxy with authentication: pfSense-upgrade 0.69 should fix it Renato Botelho
08:00 AM pfSense Packages Bug #9760 (Resolved): FRR: "Log Adjacency Changes" Option in "OSPF Settings" not working.: Jim Pingle
07:52 AM pfSense Packages Bug #9760: FRR: "Log Adjacency Changes" Option in "OSPF Settings" not working.: I tested the fix and it works well.
Thank you very much! Bruno Solal

09/16/2019

06:16 PM Feature #9768: IPsec for site-to-site scenario where one side has dynamic ip: Other areas of pfSense assume things about that address, like making static routes for the peer, setting up DNS monit... Jim Pingle
05:45 PM Feature #9768: IPsec for site-to-site scenario where one side has dynamic ip: IPsec settings of pfSense is only wrapper for the strongSwan.
You need only generate correct ipsec.conf from webform... Vladimir Dzhivsanov
05:39 PM Feature #9768: IPsec for site-to-site scenario where one side has dynamic ip: Where did I say that? It might be nice to have eventually. This is still open, not rejected. But it's not as simple a... Jim Pingle
05:36 PM Feature #9768: IPsec for site-to-site scenario where one side has dynamic ip: Why you don't want implement it ? Vladimir Dzhivsanov
05:33 PM Feature #9768: IPsec for site-to-site scenario where one side has dynamic ip: Yes, hence "Room for improvement".
The subject and description imply it isn't possible at all. No mention of multi... Jim Pingle
05:31 PM Feature #9768: IPsec for site-to-site scenario where one side has dynamic ip: Jim Pingle wrote:
> We have not ignored this. You can already do this now. Use DynDNS hostname for the peer, or othe... Vladimir Dzhivsanov
05:26 PM Feature #9768: IPsec for site-to-site scenario where one side has dynamic ip: We have not ignored this. You can already do this now. Use DynDNS hostname for the peer, or other methods like using ... Jim Pingle
05:17 PM Feature #9768 (Duplicate): IPsec for site-to-site scenario where one side has dynamic ip: In practice really many sys admins have a need to configure IPsec tunnel for the situation as in subject.
I have s... Vladimir Dzhivsanov
06:11 PM Revision 7e531471: same boolean logic as for hosts: Viktor Gurov
05:44 PM Revision 8e7a1515: Sanitize barnyard_dbpwd in status.php output. Fixes #9764: (cherry picked from commit 24994f9a9df9a44e36cb544586684a5fecd61cda) Jim Pingle
05:44 PM Revision e3f64473: status.php: Sanitize snort/suricata oink and etpro codes.: (cherry picked from commit 17640476a57a41415fec579c40faebbfeff0022d) Jim Pingle
05:44 PM Revision 18f632b9: status.php: Restrict thoth tests to arm64. Fixes NG 2569: (cherry picked from commit 12cf8e3fd03ab48f8798e148378e532758621a50) Jim Pingle
05:42 PM Revision 24994f9a: Sanitize barnyard_dbpwd in status.php output. Fixes #9764: Jim Pingle
05:38 PM Revision 9f5ce9d4: Correct input validation for firewall rule VLAN priority/set. Fixes #9763: (cherry picked from commit 93db39ba1b7a72ad936a76aee2fe059a35b8af40) Jim Pingle
05:37 PM Revision 93db39ba: Correct input validation for firewall rule VLAN priority/set. Fixes #9763: Jim Pingle
03:08 PM Revision 34cfd588: added to input space-separated list of ports: Viktor Gurov
02:54 PM Revision b729b5b8: restartallwan script: Viktor Gurov
02:29 PM Bug #9767 (Resolved): Interesting Traffic Will not Initiate an IPsec VTI tunnel.: Interesting Traffic Will not Initiate an IPsec VTI tunnel.
Steps to reproduce:
Configure a VTI tunnel between t... Chris Linstruth
12:51 PM pfSense Packages Bug #9760 (Feedback): FRR: "Log Adjacency Changes" Option in "OSPF Settings" not working.: You are correct, that test was wrong. I pushed a fix. Thanks! Jim Pingle
12:50 PM Bug #9764 (Feedback): status.php: Sanitize barnyard_dbpwd: Applied in changeset commit:24994f9a9df9a44e36cb544586684a5fecd61cda. Jim Pingle
03:51 AM Bug #9764: status.php: Sanitize barnyard_dbpwd: snort only issue,
suricata ok:... Viktor Gurov
03:43 AM Bug #9764 (Resolved): status.php: Sanitize barnyard_dbpwd: config-sanitized.xml retain <barnyard_dbpwd> entry:... Viktor Gurov
12:45 PM Bug #9763 (Feedback): Trying to set VLAN Priority causes error: Applied in changeset commit:93db39ba1b7a72ad936a76aee2fe059a35b8af40. Jim Pingle
11:08 AM pfSense Packages Feature #9765: Update iperf package to iperf3: Didn't add any options yet, only converted the existing setup to iperf3. If it works as expected, then we can look at... Jim Pingle
11:07 AM pfSense Packages Feature #9765 (Feedback): Update iperf package to iperf3: Jim Pingle
09:41 AM pfSense Packages Feature #9765 (Resolved): Update iperf package to iperf3: iperf2 is obsolete at this point and iperf3 contains a number of useful additional features such as reverse testing a... Steve Wheeler
10:21 AM Feature #9766: diag_packet_capture.php: allow to input multiple tcp/udp ports: https://github.com/pfsense/pfsense/pull/4087 Viktor Gurov
10:20 AM Feature #9766 (Resolved): diag_packet_capture.php: allow to input multiple tcp/udp ports: Ability to use space-separated list of TCP/UDP ports in diag_packet_capture.php
it uses count() for loop instead o... Viktor Gurov

09/14/2019

11:28 AM Bug #9763 (Confirmed): Trying to set VLAN Priority causes error: Jim Pingle
10:58 AM Bug #9763 (Resolved): Trying to set VLAN Priority causes error: I used to have a rule with VLAN Prio set to VOICE since a few years (so this rule was there during the upgrade to cur... Flole Systems
09:50 AM pfSense Packages Feature #9762 (Pull Request Review): Squid Reverse Proxy Change redir domain(s) to use regex: Jim Pingle
07:05 AM pfSense Packages Feature #9762 (Resolved): Squid Reverse Proxy Change redir domain(s) to use regex: Change the ACL for reverse proxy redirects from using the rather limited "dstdomain" to using "dstdom_rexex".
This m... Johan Samuelsson
09:49 AM Bug #9761 (Not a Bug): Crash report details: No PHP errors found.: There isn't enough information here to say what happened or if it was a bug, and that info file isn't a crash report.... Jim Pingle
06:31 AM Bug #9761 (Not a Bug): Crash report details: No PHP errors found.: This is the first time I have had a crash occur on pfSense. I am just a (simple) user. I do not know if the crash mig... Jerry Sels

09/13/2019

05:43 PM pfSense Packages Bug #9760 (Resolved): FRR: "Log Adjacency Changes" Option in "OSPF Settings" not working.: When the option "Log Adjacency Changes" is selected in the GUI in "OSPF Settings" tab, no changes are made in frr con... Bruno Solal
03:02 PM Revision 21bee028: Add IPsec DH/PFS groups 25/26/27. Implements #9757: Jim Pingle
02:40 PM Feature #9754 (Feedback): Add separate authentication log: I'm still not seeing a viable way to get the IPsec logs out when strongSwan handles the authentication internally (e.... Jim Pingle
01:34 PM Bug #9758 (Feedback): dhcpleases does not handle spaces in DHCP lease hostnames: dhcpleases 0.4 should fix it Renato Botelho
09:43 AM Bug #9758 (Resolved): dhcpleases does not handle spaces in DHCP lease hostnames: Some not-particularly-well-behaved DHCP clients put spaces in the hostname. For example:... Jim Pingle
12:05 PM pfSense Packages Bug #9759 (Duplicate): new vnstat doesn't work on latest 2.5, need script update: Duplicate of #9392 Jim Pingle
12:04 PM pfSense Packages Bug #9759 (Duplicate): new vnstat doesn't work on latest 2.5, need script update: After pressing "Enable Graphing" button got error:
Error: Unable to open database "/var/db/vnstat/vnstat.db": No s... Viktor Gurov
11:01 AM pfSense Packages Feature #9751 (Feedback): Need an "inclusive" and "exclusive" method of specifying ports: Implemented in Avahi pkg version 2.1. Jim Pingle
10:52 AM pfSense Packages Feature #9751: Need an "inclusive" and "exclusive" method of specifying ports: Looks like Avahi fails to parse the line when the total length of the line (including "allow-interfaces=") is greater... Jim Pingle
10:20 AM pfSense Packages Bug #8067 (Closed): Avahi can't be stopped from registering on unassigned interfaces: Since Avahi pkg version 2.0.x, it switched to using whitelisting, so this is no longer relevant. Jim Pingle
10:20 AM pfSense Packages Bug #7755 (Closed): Avahi package is not secure by default: Since Avahi pkg version 2.0.x, it switched to using whitelisting, so this is no longer relevant. Jim Pingle
10:10 AM Feature #9757 (Feedback): DH groups 25,26,27 not listed for phase1 & phase2: Applied in changeset commit:21bee0287caf76bb7ab63ec29b0ecf7435940a06. Jim Pingle
10:04 AM Feature #9757: DH groups 25,26,27 not listed for phase1 & phase2: Added them in and tried 26. Showed as working and in-use on both ends, so it looks OK, no extra plugins to enable or ... Jim Pingle
09:57 AM Feature #9757: DH groups 25,26,27 not listed for phase1 & phase2: Not a bug, but a missing feature. Jim Pingle
09:26 AM Feature #9757 (Resolved): DH groups 25,26,27 not listed for phase1 & phase2: groups 25 (ecp192), 26 (ecp224) and 27 (ecp224bp) is in list of supported by strongswan:... Viktor Gurov
09:44 AM Bug #3500: DHCP Leases List Not Showing Hostname in Some Cases: dhcpleases issue moved over to #9758 Jim Pingle
09:40 AM Bug #3500 (Resolved): DHCP Leases List Not Showing Hostname in Some Cases: OK, I'll make one shortly. Closing this. Jim Pingle
09:39 AM Bug #3500: DHCP Leases List Not Showing Hostname in Some Cases: Jim Pingle wrote:
> It looks like dhcpleases having the wrong name is the problem here. The page is only displaying ... Renato Botelho
09:36 AM Bug #3500: DHCP Leases List Not Showing Hostname in Some Cases: It looks like dhcpleases having the wrong name is the problem here. The page is only displaying the result it receive... Jim Pingle
07:51 AM Bug #3500 (In Progress): DHCP Leases List Not Showing Hostname in Some Cases: I'm not seeing any change here:
Lease DB:... Jim Pingle
07:22 AM Bug #9755: package description wrong link https://www.freshports.org/security/openvpn-client-export: There is no way for any package to control what those links do, so it's not a problem with the package, but in the ba... Jim Pingle
05:20 AM Bug #9755 (New): package description wrong link https://www.freshports.org/security/openvpn-client-export: Package Dependencies:
openvpn-client-export-2.4.7 - wrong link
https://www.freshports.org/security/open... Viktor Gurov
06:45 AM Bug #7958: Upgrade 2.4.0: IP alias with FQDN doesn't work any more: I believe this one's different from #9296 . I've 2 x 2.4.4-p3 in different locations but with similar configs and I'm... Netnewb net
06:00 AM Bug #9756 (Resolved): vpn_openvpn_(client|server).php: js issue when selecting multiple NCP: If you press and select multiple NCP algorithms it create separate string with selected algo
more clear here:
htt... Viktor Gurov

09/12/2019

08:33 PM Revision 49967ae7: Add dedicated auth log. Implements #9754: Jim Pingle
08:19 PM Revision 882af7b4: Fix blank/empty lines in some auth syslog messages: Jim Pingle
07:21 PM Revision a9941bf6: Fix malformed JSON: Fix malformed JSON using json_encode(). Sebastian Fiebig
05:56 PM Bug #8616 (Resolved): When reconfiguring a captiveportal, connected users get disconnected and can't login back: Renato Botelho
04:21 PM Bug #8616: When reconfiguring a captiveportal, connected users get disconnected and can't login back: I just tested, the PR is working well. Users are not disconnected anymore when updating captive portal.
This issue... A FL
08:21 AM Bug #8616 (Feedback): When reconfiguring a captiveportal, connected users get disconnected and can't login back: PR has been merged. Thanks! Renato Botelho
05:46 PM Bug #3500 (Feedback): DHCP Leases List Not Showing Hostname in Some Cases: Jim Pingle wrote:
> Looks OK for the most part, though I do have one weird device that doesn't match in the leases d... Renato Botelho
04:10 PM Revision 87fb98b9: Ensure log cat programs do not emit error messages.: Jim Pingle
03:42 PM Feature #9754 (In Progress): Add separate authentication log: Still need to poke at IPsec a bit to see if there is another way to get just the auth messages out of it. Might not b... Jim Pingle
03:40 PM Feature #9754 (Feedback): Add separate authentication log: Applied in changeset commit:49967ae74aeb6ac116d7a0662bcbb1da70a09b8f. Jim Pingle
03:31 PM Feature #9754 (Resolved): Add separate authentication log: Would be nice to have a log dedicated to authentication events (ssh, gui, VPNs, etc).
Most things will be caught b... Jim Pingle
03:30 PM Bug #7198 (Feedback): nginx-error.log is not circular and can fill filesystem: This was fixed by #9714 -- there is no longer a dedicated nginx error log, it's all in nginx.log which now has rotation. Jim Pingle
03:12 PM pfSense Docs New Content #9753 (Closed): Feedback on Installing and Upgrading — Writing Disk Images: *Page:* https://docs.netgate.com/pfsense/en/latest/install/write-memstick.html
*Feedback:*
I believe the majority... Paighton Bisconer
02:53 PM pfSense Packages Bug #9752 (Resolved): ACME - Actions have no access to additionally generated certificate files.: The additionally generated certificate files are only available after the actions ("postscripts") have been run. This... Sebastian Fiebig
02:36 PM Revision 52f686a9: Add wizard select_source & use for OpenVPN DH. Fixes #9748: Jim Pingle
01:59 PM Revision 17d967af: Merge pull request #4082 from ableischwitz/master: Renato Botelho
01:56 PM Revision 20be1970: Merge pull request #3999 from vpiserchia/master: Renato Botelho
01:41 PM pfSense Packages Feature #9751 (Resolved): Need an "inclusive" and "exclusive" method of specifying ports: At this time, Avahi doesn't seem to like to run if the "allow-interfaces" config item contains more than 33 interface... George Phillips
01:21 PM Revision 39ce86a7: Merge pull request #4042 from plumbeo/fix-reconfig: Renato Botelho
12:10 PM Revision e72c15ba: Merge pull request #3985 from luckman212/system-general-sr-fix1: Renato Botelho
11:29 AM pfSense Packages Bug #9750 (Resolved): squidguard_blacklist.php & squidguard_log.php wrong status icon link: If you are on page Package / SquidGuard / Blacklists or Package / SquidGuard / Logs
and press status icon
you got /... Viktor Gurov
10:33 AM pfSense Packages Feature #9749 (New): 95th percentile missing for quality in monitoring: 95th percentile missing for quality also old graphs use to draw a line for 95th percentile Michael Kellogg
09:45 AM Bug #9748 (Feedback): openvpn_wizard.xml: DH 15360 and 16384 fall back to 1024: Applied in changeset commit:52f686a97f77cfd00ddb69088bef7164676d4117. Jim Pingle
07:44 AM Bug #9748 (Confirmed): openvpn_wizard.xml: DH 15360 and 16384 fall back to 1024: Looking deeper at the code, "this is expected":https://docs.netgate.com/pfsense/en/latest/certificates/dh-parameters.... Jim Pingle
05:23 AM Bug #9748: openvpn_wizard.xml: DH 15360 and 16384 fall back to 1024: It shows correct number in config.xml:
<dh_length>16384</dh_length>
And on VPN / OpenVPN / Servers page
but it... Viktor Gurov
05:14 AM Bug #9748 (Resolved): openvpn_wizard.xml: DH 15360 and 16384 fall back to 1024: If you select DH Parameters Length above 8192, i.e. 15360 or 16384, it creates server instance with DH length 1024
A... Viktor Gurov
09:05 AM Feature #9590 (Feedback): RFE: Add additional prefix delegation size entries to dropdown-list: Applied in changeset commit:51dc008bfebef50bc4be9ff2a894e176ba013866. Andreas Bleischwitz
08:57 AM Feature #9030 (Feedback): Allow TLS Key Direction with OpenVPN: PR has been merged. Thanks Renato Botelho
07:11 AM Bug #8922 (Feedback): Static routes set by system.inc for DNS gateway bindings are not removed: PR has been merged. Thanks! Renato Botelho

09/11/2019

07:28 PM Revision f7335af3: Deduplicate code in openvpn.inc: Renato Botelho
07:08 PM Revision 1d13560c: Remove unnecessary variable: Renato Botelho
07:04 PM Revision 33187646: Merge pull request #4072 from jwsi/openvpn-gwgroup: Renato Botelho
03:15 PM Bug #9747: IPsec widget - Missing escape of domain backslash: Pull request: https://github.com/pfsense/pfsense/pull/4085 Sebastian Fiebig
02:52 PM Bug #9747 (Resolved): IPsec widget - Missing escape of domain backslash: The IPSec widget does not work as soon as one user, e.g., from a windows domain with a username like "domain\user" ha... Sebastian Fiebig
02:45 PM Bug #1605: DHCP Server should group known clients by interface: I'll work on it Renato Botelho
02:41 PM Bug #9595 (Feedback): OpenVPN does not resync when running on a gateway group: PR has been merged. Thanks Renato Botelho
02:12 PM Feature #9302 (Pull Request Review): radvd always advertises DNS servers and Domain Search List regardless of M or O flag: Jim Pingle
02:12 PM Bug #9539 (Pull Request Review): HA: admin user's authorized key(s) won't get synced: Jim Pingle
02:09 PM Feature #790 (Pull Request Review): Advanced options for dnsclient (resolv.conf): Jim Pingle
02:09 PM Bug #8922 (Pull Request Review): Static routes set by system.inc for DNS gateway bindings are not removed: Jim Pingle
02:09 PM Feature #9688 (Pull Request Review): restartallwan - pfSsh.php script to restart all wan interfaces: Jim Pingle
02:09 PM Bug #3334 (Pull Request Review): Status/Traffic Graph isn't IPv6 ready: Jim Pingle
02:07 PM Feature #1257 (Pull Request Review): Handle encypted CA/Certificate private keys: Jim Pingle
02:07 PM Bug #9592 (Pull Request Review): VTI interface down because interface number created is greater than ipsec32768: Jim Pingle
02:07 PM Bug #8616 (Pull Request Review): When reconfiguring a captiveportal, connected users get disconnected and can't login back: Jim Pingle
01:59 PM Revision 1dcaf2d8: Remove deprecated comments since username tag got CDATA: Renato Botelho
01:59 PM Revision c244b2be: Revert "Fix #6195: Allow to change NAT Outbound mode": This reverts commit bdaa5235d4c3f4e226e4e7ebee55fc7ff5fd4360. Renato Botelho
01:57 PM Revision ce76d1e4: Ticket #6195: Use CDATA on username tag: After discuss with JimP we agreed it would be a better approach than
bdaa5235d4 if we add username tag to the list of... Renato Botelho
01:31 PM Revision bdaa5235: Fix #6195: Allow to change NAT Outbound mode: make_config_revision_entry() second parameter expects a username to
override current logged in user in special cases.... Renato Botelho
10:46 AM Todo #9746 (Rejected): Openvpn user get disconnected at same time.: This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
10:15 AM Todo #9746 (Rejected): Openvpn user get disconnected at same time.: Hello Team,
we have almost 10-15 users using OpenVPN get disconnected at a same time.
kindly help with this wha... ajinkya mulik
09:58 AM Bug #9745: can't add ECDSA certificate key when signing CSR: This is probably the check needing to recognize the EC key header text since it's different. Jim Pingle
09:46 AM Bug #9745 (Resolved): can't add ECDSA certificate key when signing CSR: If you try to sign CSR it not allow to add Key data with following errors:... Viktor Gurov
09:57 AM Bug #9744: fatal error if ECDH Curve not default: That's internal to OpenVPN/OpenSSL. The GUI presents the curves it claims to support exactly (From @/usr/local/sbin/o... Jim Pingle
09:11 AM Bug #9744 (Resolved): fatal error if ECDH Curve not default: If you select ECDH Curve server option other than default, <ecdh_curve>Oakley-EC2N-4</ecdh_curve> as example, you got... Viktor Gurov
08:40 AM Bug #6195 (Feedback): Cannot set Manual Outbound NAT when Language is pt_BR: Applied in changeset commit:bdaa5235d4c3f4e226e4e7ebee55fc7ff5fd4360. Renato Botelho
08:31 AM Bug #9743: Missing dependency check(s) on aliases in static routes: forgot the "pre" tags around the example so just ignore the strike-through ;) Can't edit the original ticket :/ Jens Groh
08:21 AM Bug #9743 (Duplicate): Missing dependency check(s) on aliases in static routes: Using aliases in static routes is a nice thing as it makes handling those a bit easier by grouping your networks firs... Jens Groh

09/10/2019

11:50 PM pfSense Packages Feature #8547: fwknop Port Knocking Package: Just started using pfSense recently and I'm really surprised fwknop is not available. I can install fwknop on OpenWrt... William Evans
04:24 PM Feature #895: PPP subsystem MPPE/MPPC support: Is there a .override file, or documentation I can follow to add this so that pfsense doesn't overwrite my .conf modif... Coenraad Loubser
03:51 PM Revision d81f2704: Fix interface/config alignment on interfaces_ppps_edit.php. Fixes #9741: Jim Pingle
01:52 PM Revision 9b738be9: Note in the system log when bootup is complete.: Jim Pingle
01:14 PM Feature #9718: Make diag_states_summary table sortable: Looks like this will require redesigning the page a bit. The sortable library does not handle rowspan/colspan as they... Jim Pingle
11:00 AM Bug #9741 (Feedback): interfaces_ppps_edit.php: WebGUI don't show local ip / gateway ip values: Applied in changeset commit:d81f270454ec66680cb645c0d3c13f9431d9c026. Jim Pingle
10:38 AM Bug #9741 (Assigned): interfaces_ppps_edit.php: WebGUI don't show local ip / gateway ip values: Jim Pingle
10:30 AM Bug #9741: interfaces_ppps_edit.php: WebGUI don't show local ip / gateway ip values: The way the page is rendered is odd.
* The Local IP address, mask, and gateway are stored in an array indexed by a... Jim Pingle
10:12 AM Bug #9741 (Confirmed): interfaces_ppps_edit.php: WebGUI don't show local ip / gateway ip values: Jim Pingle
05:58 AM Bug #9741 (Resolved): interfaces_ppps_edit.php: WebGUI don't show local ip / gateway ip values: After adding L2TP / PPTP interfaces on Interfaces / PPPs pages
it add Local IP Address and Gateway IP or Hostname to... Viktor Gurov
10:48 AM pfSense Packages Feature #9742 (Resolved): Print Patch ID in log while patching: that would be very useful for support and security perspective.
for now it only run ACB backup while patching. Viktor Gurov
04:41 AM pfSense Packages Bug #9740 (Resolved): empty Status / Tinc VPN page on latest 2.5: Simple p2p connection between pfSense-2.4.4-p3 and pfSense-2.5.0
tinc-1.0.35 on both
nothing on Status / Tinc VPN... Viktor Gurov

09/09/2019

09:21 PM Bug #9739 (Rejected): Multiple ipsec connected to same destination.: Not enough information here, sounds more like a support request than a bug. Please post on the forum to discuss the p... Jim Pingle
09:18 PM Bug #9739 (Rejected): Multiple ipsec connected to same destination.: I have an ipsec set up with one of my clients, however for a while now, started to close ipsec connections to the sam... Heliton Martins
07:40 PM Revision a7a863a8: Specify portal auth and DHCP logs by selector not by facility. Fixes #1375: Jim Pingle
06:54 PM Revision 1521f0b2: Filter/manage cleanup for new logs. Issue #9714: * Disable 'manage' for utx & userlog
* Fix filter form labels for utx to match column headers Jim Pingle
06:24 PM Revision f9d9d054: Log setting/size review. Fixes #9734: * Move default GUI line limit and log size defaults to $g rather than
hardcoding.
* Set default GUI line limit to 500... Jim Pingle
04:50 PM Revision 972de4c7: Revise regex and redirect on failure: Steve Beaver
03:40 PM Revision 17640476: status.php: Sanitize snort/suricata oink and etpro codes.: Jim Pingle
02:50 PM Bug #1375 (Feedback): Captive portal logs: mixed with logs from other sources (squid, php): Applied in changeset commit:a7a863a81cab694ccaaae6da74e45cfeee858a40. Jim Pingle
01:36 PM pfSense Packages Bug #9738 (Resolved): Client IP address validation disallows CIDR notation: Hi,
As specified in the FreeRADIUS documentation, `ipaddr` can be supplied in CIDR format when defining clients:
... Tom Whitwell
01:30 PM Todo #9734 (Feedback): Re-evaluate log size, line defaults, and limits: Applied in changeset commit:f9d9d054a6615a3ad2730ca2b7702daeafc63b25. Jim Pingle
10:41 AM Bug #9736 (Feedback): status.php: Sanitize oinkcode and etprocode of snort/surricata: Fixed in commit:17640476a57a41415fec579c40faebbfeff0022d Jim Pingle
05:45 AM Bug #9736 (Resolved): status.php: Sanitize oinkcode and etprocode of snort/surricata: config-sanitized.xml keep <oincmastercode> and <etpro_code> of snort package
and <oinkcode> and <etprocode> of suric... Viktor Gurov
09:30 AM Feature #8786: Wireguard VPN: They have made a secure and audited release.
We'd prefer to use pfSense but are using OpenWRT for wireguard support. Shannon Barber
08:23 AM Feature #9735: DHCP option 43 and 120 for Skype 4 Business phones: If it's still a problem, start a new forum thread and discuss it there. The fact that the forum thread is 6 years old... Jim Pingle
08:15 AM Feature #9735: DHCP option 43 and 120 for Skype 4 Business phones: Jim Pingle wrote:
> The linked message is over 6 years old. Use the GUI options to add custom DHCP option numbers. I... Chris Theodorakakos
08:07 AM Feature #9735 (Rejected): DHCP option 43 and 120 for Skype 4 Business phones: The linked message is over 6 years old. Use the GUI options to add custom DHCP option numbers. If you cannot express ... Jim Pingle
04:45 AM Feature #9735 (Rejected): DHCP option 43 and 120 for Skype 4 Business phones: Hi all, we moved our DHCP server to pfsense and we are currently trying to configure the VLAN in which we have our me... Chris Theodorakakos
06:35 AM Bug #9737 (New): traffic-graphs.js shows incorrect units inside the chart: https://github.com/pfsense/pfsense/blob/42839d824d51cad3a8a55fccb2dc96368568ce8e/src/usr/local/www/js/traffic-graphs.... Alex Kolesnik
04:01 AM Feature #9309: Allow manual selection of IPsec IKE Pseudo-Random Function (PRF): Jim Pingle wrote:
> Adding another selector to set the prf (with an option to automatically assume it based on Hash ... Viktor Gurov

09/08/2019

11:40 AM Todo #9734 (Resolved): Re-evaluate log size, line defaults, and limits: The current limits for log sizes, default lines to display, and maximum lines that can be shown are all from times wh... Jim Pingle
05:09 AM Bug #1375: Captive portal logs: mixed with logs from other sources (squid, php): I can also confirm that XMLRPC sync logs are still ending in Portal Auth logs.
Here is a screenshot of portal au... A FL
02:53 AM Bug #9733: MAC Address linked to IPv4 & IPv6: Jim Pingle wrote:
> No. A DUID identifies a machine. A MAC identifies a NIC. And by the time you add all the other s... Dean Attewell

09/07/2019

11:49 PM Bug #9733: MAC Address linked to IPv4 & IPv6: No. A DUID identifies a machine. A MAC identifies a NIC. And by the time you add all the other stuff in, all you've d... Jim Pingle
11:47 PM Bug #9733: MAC Address linked to IPv4 & IPv6: Jim Pingle wrote:
> IPv6 addresses are allocated by DUID, not by MAC, so this is not possible.
Can you not have
... Dean Attewell
10:57 PM Bug #9733 (Rejected): MAC Address linked to IPv4 & IPv6: IPv6 addresses are allocated by DUID, not by MAC, so this is not possible. Jim Pingle
10:53 PM Bug #9733 (Rejected): MAC Address linked to IPv4 & IPv6: Can you please enhance pfSense to allow MAC addresses to be the primary key for setting IPv4 & IPv6 addresses.
I wa... Dean Attewell
01:40 PM Bug #5999: IPv6 IP Alias prevents Track Interface from working with DHCPv6 and RA: I encountered this issue while attempting to host internal web services via IPv6 using a dynamic external IP address.... Allen Balaj

09/06/2019

08:38 PM Feature #9732 (New): System UTC time offset in DHCP Option 2: Please implement that the DHCP server can dynamically add DHCP Option 2 value based on the actual system UTC time off... David G
05:21 PM Feature #9693 (Closed): Bypass automatic backups: This was fixed moments after the original push Anonymous
04:27 PM Feature #9693 (New): Bypass automatic backups: Jim Pingle
04:04 PM Feature #9693: Bypass automatic backups: James Dekker wrote:
> Tested on 2.5.0.a.20190830.1941, works as expected.
There's a typo on line 190 (in src/etc/in... Gerwim F
05:15 PM Revision ac9e8f8b: Fixed #9731: by validating widget key with regex
(cherry picked from commit 42839d824d51cad3a8a55fccb2dc96368568ce8e) Steve Beaver
04:59 PM Revision 42839d82: Fixed #9731: by validating widget key with regex Steve Beaver
03:07 PM Bug #1375 (New): Captive portal logs: mixed with logs from other sources (squid, php): Apparently still happening: https://forum.netgate.com/topic/146335/feedback-logging-2-5-snap Jim Pingle
02:30 PM Revision c63ae216: Fix rotation count check. Issue #9711: While here, fixup default static newsyslog entries. Issue #8350 Jim Pingle
02:13 PM Revision aa2cac18: Incorporate filter_log.inc into syslog.inc. Issue #8350: Now all log-related functions are together. Jim Pingle
01:54 PM Revision 55beed7e: Relocate newsyslog cron install task. Fixes #9730: Jim Pingle
01:36 PM Revision 24b1410a: Don't add .log to filename twice. Issue #8350: Jim Pingle
12:43 PM Revision 6ab24f7c: Finish utx lastlog display. Issue #9714: Jim Pingle
12:42 PM Revision ee4390ff: Code refactoring/simplification. Issue #9714: Jim Pingle
12:41 PM Revision 9eeb6178: Fix package log header. Issue #9714: Jim Pingle
12:05 PM Bug #9731: Path Traversal vulnerability in picture widget: Applied in changeset commit:42839d824d51cad3a8a55fccb2dc96368568ce8e. Anonymous
12:01 PM Bug #9731 (Feedback): Path Traversal vulnerability in picture widget: Validate widget key by regex before accepting new image Anonymous
10:13 AM Bug #9731 (Duplicate): Path Traversal vulnerability in picture widget: Vulnerability Description :- The `pfSense` firewall is vulnerable to Remote Code Execution due to `Path Traversal vul... Anonymous
10:54 AM Feature #7767: OCSP support for OpenVPN server: The link above seems to be dead, but there is an example script in https://github.com/OpenVPN/openvpn/blob/master/con... Jim Pingle
09:33 AM Todo #8350 (Feedback): Remove clog in favor of standard syslogd or syslogd alternative with rotation via newsyslog or logrotate: This should be ready for general feedback once the latest changes are in snapshots. Jim Pingle
09:33 AM Todo #9713 (Resolved): Review log rotation behavior: Everything looks OK here with the latest code. Packages may need other/individual attention but those can get their o... Jim Pingle
09:00 AM Bug #9730 (Feedback): newsyslog cron job not present after every upgrade: Applied in changeset commit:55beed7ef4a4730b46c43a705a8cc6392f85d365. Jim Pingle
08:52 AM Bug #9730 (Resolved): newsyslog cron job not present after every upgrade: Some systems do not have the newsyslog job after upgrade. Jim Pingle
08:37 AM Todo #9714 (Feedback): Add page to view "other" logs: Doing a general page for 'other' logs didn't work out, so I added the orphaned log files to their own individual tabs. Jim Pingle

09/05/2019

09:04 PM Revision db948c42: Additional logs & optimizations. Issue #9714: * Add log tabs for nginx, userlog, and some other previously hidden logs
* Start working on output of utx log via lis... Jim Pingle
06:45 PM Bug #9720: vpn_ipsec_phase2.php - no remote network field in VTI mode: This appears to be true with all IPSEC vpn modes. If you delete the phase 2 section then create a new one the remote ... Gary Williams
05:53 PM Revision 1544d718: status.php: Sanitize zabbix TLS psk info. Fixes #9729: (cherry picked from commit 60a7d1e1201f43ec48b0ad374ded1c15eb29e14e) Jim Pingle
05:53 PM Revision 60a7d1e1: status.php: Sanitize zabbix TLS psk info. Fixes #9729: Jim Pingle
05:51 PM Revision 12cf8e3f: status.php: Restrict thoth tests to arm64. Fixes NG 2569: Jim Pingle
04:57 PM Bug #6167: IPsec IPComp not working: I have this enabled with other firewall solutions and observed noticeable savings in bandwidth usage. I was hoping t... Adam Gibson
04:32 PM Revision f314a7d9: status.php: Sanitize influx_pass and cert_key. Fixes #9727 Fixes #9728: (cherry picked from commit 8bc944bbcba57f74934b87dcea4e7621f0743584) Jim Pingle
04:31 PM Revision 8bc944bb: status.php: Sanitize influx_pass and cert_key. Fixes #9727 Fixes #9728: Jim Pingle
03:37 PM Revision 5457213f: Rename status_pkglogs.php to status_logs_packages.php. Issue #9714: Jim Pingle
03:25 PM Revision 4cce0ada: Standardize pkg log display. Issue #9714: * Add common log code as needed
* Define options to fine-tune package log display
* Add filtering Jim Pingle
02:27 PM Bug #2218: CARP VIPs can become master too early at boot time: I agree with @BlackBinary. The second optional should be the normal operation. A reboot should automatically trigge... Greg Harris
01:00 PM Bug #9729 (Feedback): status.php: Sanitize zabbix-agent tlspsk key: Applied in changeset commit:60a7d1e1201f43ec48b0ad374ded1c15eb29e14e. Jim Pingle
11:47 AM Bug #9729 (Resolved): status.php: Sanitize zabbix-agent tlspsk key: config-sanitized.xml keep <tlspskfile> of zabbix-agent:
$ grep tlspsk config-sanitized.xml
... Viktor Gurov
11:40 AM Bug #9728 (Feedback): status.php: Sanitize tinc private key: Applied in changeset commit:8bc944bbcba57f74934b87dcea4e7621f0743584. Jim Pingle
11:21 AM Bug #9728: status.php: Sanitize tinc private key: This is in status.php, not the package. Jim Pingle
11:14 AM Bug #9728 (Resolved): status.php: Sanitize tinc private key: config-sanitized.xml keep <cert_key> of tinc package
2.5.0-DEVELOPMENT (amd64)
built on Wed Sep 04 20:39:01 E... Viktor Gurov
11:40 AM Bug #9727 (Feedback): status.php: Sanitize influx_pass: Applied in changeset commit:8bc944bbcba57f74934b87dcea4e7621f0743584. Jim Pingle
11:20 AM Bug #9727: status.php: Sanitize influx_pass: This is in status.php, not the package. Jim Pingle
11:03 AM Bug #9727 (Resolved): status.php: Sanitize influx_pass: config-sanitized.xml keep hash of influx_pass (Telegraf package):
$ grep influx config-sanitized.xml
... Viktor Gurov
08:29 AM Bug #9649: IPv6 6RD Tunnel: Ronald Schellberg wrote:
> Created a pull request to FreeBSD-src to apply the 6RD changes to 2.5
Updated the pull... Ronald Schellberg
06:32 AM pfSense Packages Bug #9724: pfblockerng-firewall-filter-service-will-not-start: PR https://github.com/pfsense/FreeBSD-ports/pull/670 Manuel Piovan

09/04/2019

08:33 PM Revision 280a2ca2: Move Package Logs in with rest of logs. Issue #9714: Standardize log tab behavior Jim Pingle
08:08 PM Revision 6b061c1a: Add a method for packages to set log owner on rotation. Issue #9712: Jim Pingle
03:21 PM Revision 3a26e715: Move log-related functions to their own file. Issue #8350: Also add a simple shell program that will dump all log entries for a given
log + all rotated/compressed logs in order. Jim Pingle
03:12 PM Todo #9712: Add code for packages to set their own log rotation parameters: See also:
* Example of display-only log: https://github.com/pfsense/FreeBSD-ports/blob/devel/emulators/pfSense-pkg... Jim Pingle
02:08 PM Feature #9726 (Resolved): Hash Algorithm configured on child ESP/AH proposals using AES GCM though strongswan strips them: One might want to allow transform sets on a Phase 2 like this:
AES128/192/256-CBC with SHA256
AES128-GCM with no ... Chris Linstruth
06:17 AM pfSense Packages Bug #9724: pfblockerng-firewall-filter-service-will-not-start: affected version:
2.5.0-DEVELOPMENT (amd64)
built on Tue Sep 03 08:57:57 EDT 2019
FreeBSD 12.0-RELEASE-p10
... Manuel Piovan
05:20 AM pfSense Packages Bug #9724: pfblockerng-firewall-filter-service-will-not-start: a possible solution :
on /usr/local/etc/rc.d/pfb_filter.sh
from
/usr/local/sbin/clog_pfb -f /var/log/filter.log | ... Manuel Piovan
04:56 AM pfSense Packages Bug #9724 (New): pfblockerng-firewall-filter-service-will-not-start: pfblockerng service does not start - because clog is missing
https://forum.netgate.com/topic/146191/pfblockerng-f... Manuel Piovan
04:59 AM pfSense Packages Feature #9725 (New): Ability to use template variables in acme package: would be very helpful to be able to use variables in acme package action section
Using variables something like that... Tobi Miller
03:54 AM Bug #9723 (Not a Bug): DHCPv6 server for several interfaces isn't working on all interfaces: Hi,
I have a virtualized pfSense 2.4.4 p3 running with several downstream interfaces.
On some interfaces DHCPv6 s... Pim Pish

09/03/2019

08:34 PM Revision a40c9cf2: Log rotation settings. Issue #9711 and Issue #9712: * Add rotation count GUI option and per-log option
* Add settings for packages to override more fields not supported ... Jim Pingle
07:26 PM Revision 7d918dab: Fix log size text in common log settings. Issue #9711: Jim Pingle
07:16 PM Revision 8a86d7be: Move log rotation options to their own section. Issue #9711: While here, fix log size description to fit new behavior. Jim Pingle
06:44 PM Revision 3aea6230: IPSec: Just destroy interface if it exists and it's not booting: Based on PR: https://github.com/pfsense/pfsense/pull/4076 Renato Botelho
06:43 PM Revision f8c4bfc5: IPSec: Just destroy interface if it exists and it's not booting: Based on PR: https://github.com/pfsense/pfsense/pull/4076 Renato Botelho
06:39 PM Revision 03cdd6ad: Add log compression type option. Issue #9711: Jim Pingle
06:19 PM Revision 15f8062b: Improve efficiency of resync checks.: GW Group changes are checked iff the interface is not the empty string or the interface in question is not the same a... James Webb
03:38 PM Todo #9711: Add GUI options to control log rotation: The compression is configurable now but it is a global only option and NOT a per-log setting. While it may be possibl... Jim Pingle
03:37 PM Todo #9711 (Feedback): Add GUI options to control log rotation: The time, flags, pid/cmd, and signal fields are not necessary for the GUI, the others are sufficient. There is a mech... Jim Pingle
03:36 PM Todo #9712 (Feedback): Add code for packages to set their own log rotation parameters: Jim Pingle
03:32 PM Todo #9712: Add code for packages to set their own log rotation parameters: For reference, the supported fields are now:... Jim Pingle
01:52 PM Revision 73a4e1f2: Merge branch 'master' into system-general-sr-fix1: Renato Botelho
01:37 PM Revision 5ae31b9e: Merge pull request #4070 from paul/patch-1: Renato Botelho
01:24 PM Revision e187842d: Merge pull request #4079 from johnforte/master: Renato Botelho
01:20 PM Revision d43154fe: Do not use constructor with the same name of class, it's going to be deprecated: Renato Botelho
01:18 PM Revision b94eb4b9: Fix PHP warning: Renato Botelho
01:10 PM Revision cf019954: Merge pull request #4083 from kristoffer-ekenstam/master: Renato Botelho
01:08 PM Revision e3de4f13: Merge pull request #4084 from Godwottery/master: Renato Botelho
12:57 PM Revision b4df3414: Merge pull request #4074 from NanoCaiordo/dhcp_show_all: Renato Botelho
12:04 PM Bug #9722 (Resolved): services_captiveportal_vouchers.php wrong status icon link: When you are at services_captiveportal_vouchers.php page, clicking on "Related status" icon redirects to
services_ca... Viktor Gurov
11:02 AM pfSense Packages Feature #9721 (Resolved): add squidclient -h 127.0.0.1 mgr:info output to Diagnostics / Squid and status.php: "squidclient -h 127.0.0.1 mgr:info" gives a very useful info for diagnostics:
like
Resource usage for squid:
UP T... Viktor Gurov
10:57 AM Bug #9522 (Resolved): Diagnostics > System Activity shows only the header: Looks good:... Steve Wheeler
10:23 AM Bug #9720 (Resolved): vpn_ipsec_phase2.php - no remote network field in VTI mode: under VPN / IPsec / Tunnels / Edit Phase 2
if you select Transport Mode
and then VTI mode
there is no "Remote Netw... Viktor Gurov
10:11 AM Bug #9719 (Resolved): system_certmanager.php - Descriptive name field disappeared when adding certificate for user: if under user manager / users / edit
you select add certificate,
then select "choose an existing certificate"
and... Viktor Gurov
08:45 AM Feature #9718 (New): Make diag_states_summary table sortable: Make diag_states_summary table sortable so users can chose the way they want to sort it.
Discussed at https://gith... Renato Botelho
08:38 AM Bug #9580 (Feedback): Dynamic DNS DNSimple client errors: PR has been merged. Thanks! Renato Botelho
08:25 AM Bug #9684 (Feedback): System Notifications: Asterisks over writing current password causing notifications to stop working.: PR has been merged. Thanks! Renato Botelho
08:12 AM Bug #8014 (Feedback): DynDNS wildcard option doesn't work for provider Loopia: PR has been merged. Thanks! Renato Botelho
08:09 AM Feature #9706 (Feedback): Increased number of colors for login screen: PR has been merged. Thanks! Renato Botelho
08:09 AM Bug #9133 (Feedback): "Show all configured leases" does not stay set after deleting a lease: PR has been merged. Thanks! Renato Botelho
07:21 AM Bug #8040 (Resolved): diag_dns.php - external links to DNSstuff: These links were all removed a while ago Jim Pingle
07:05 AM Feature #9717 (New): Search box for pfsense ?: I can never remember where things are within pfsense and wondered if a search box on the top bar would be a good idea... randombits b

09/02/2019

06:46 PM Revision 098e57c5: Revert "Add a control file to be used as trigger to sync files to S3": This reverts commit 1e2990aa0a9debd5ccdc31e42ca6fe93a31c5dd3. Renato Botelho
06:46 PM Revision 95470886: Revert "Add a control file to be used as trigger to sync files to S3": This reverts commit 8129d78071fdf592f7f33a715405c065a76cebc3. Renato Botelho
06:40 PM Revision 64290b3c: Do not send unneeded files to S3 and also delete old files from it: Renato Botelho
06:14 PM Revision 5c0d30fb: Do not send unneeded files to S3 and also delete old files from it: Renato Botelho
02:29 PM Revision 7071aab3: Add ability for OpenVPN instances to resync on IP changes and on boot.: OpenVPN instances resync if interface IP change occurs.
At boot, the interface is the empty string, so resync is mand... James Webb

09/01/2019

11:16 PM Revision a71b23db: Include system.inc in prefixes.php. Fixes #9715: Jim Pingle
06:25 PM Bug #9715 (Feedback): Call to undefined function sort_related_log_files: Applied in changeset commit:a71b23dbc6ebc39c42586f98b3da05969c4724e5. Jim Pingle
06:31 AM Feature #9716 (Resolved): Italian translation: i've completed italian translation on zanata month ago
as soon as you can I would like to see it inserted also in or... Manuel Piovan
03:51 AM Bug #9595: OpenVPN does not resync when running on a gateway group: "Current Full Patch":https://github.com/pfsense/pfsense/pull/4072.patch James Webb
02:50 AM pfSense Packages Bug #8454: Arpwatch package break email notifications from other sources: This issue forced me to uninstall arpwatch, as I can't just handle receive tons of emails from other daemons (like Cl... Ter Ted

08/31/2019

11:39 PM Revision 614ca41e: Add else clause for cases when OpenVPN interface file does not exist.: - Prevents potential race condition at startup resulting in failure to start OpenVPN instances.
- In cases where inte... James Webb
06:13 PM Bug #9715 (Resolved): Call to undefined function sort_related_log_files: https://forum.netgate.com/topic/146189/crash-report-after-update
add ->
require_once("functions.inc");
ins... Manuel Piovan
04:18 PM Feature #9693 (Resolved): Bypass automatic backups: Tested on 2.5.0.a.20190830.1941, works as expected. Anonymous
04:13 PM Feature #9694 (Resolved): Redact ACB encryption password from status.php: Tested on 2.5.0.a.20190830.1941, encryption password is redacted. Anonymous
03:09 AM Bug #8207: 2.4 cannot boot as a Xen VM with more than 7 NICs: Same problem here with the newest Version (2.4.4-RELEASE-p3) of PFSense.
Any ideas or solutions?
Best regards Elias Seccom

Also available in: Atom

Project

General

Profile

pfSense

Activity

Activity

09/26/2019

09/25/2019

09/24/2019

09/23/2019

09/22/2019

09/21/2019

09/20/2019

09/19/2019

09/18/2019

09/17/2019

09/16/2019

09/14/2019

09/13/2019

09/12/2019

09/11/2019

09/10/2019

09/09/2019

09/08/2019

09/07/2019

09/06/2019

09/05/2019

09/04/2019

09/03/2019

09/02/2019

09/01/2019

08/31/2019

08/30/2019

08/29/2019

08/28/2019