Activity

30 days up to

User

Subprojects

Activity

From 10/14/2019 to 11/12/2019

11/12/2019

07:46 PM Bug #9893: RDNSS is broken in 2.5 for Android and leightweight Clients: We are just going to have to disagree then because multiple RFC's say the same thing. I have been writing and reading... Rick Coats
05:07 PM Bug #9893: RDNSS is broken in 2.5 for Android and leightweight Clients: The extract that you've posted is in Section 1.2 which immediately follows Section 1.1 (which describes how RDNSS in ... Elbin Teh
01:17 PM Bug #9893: RDNSS is broken in 2.5 for Android and leightweight Clients: You need to read to the end of RFC 8106. Section 1 is the rational why RDNSS was added to the Router Announcements.
... Rick Coats
01:28 AM Bug #9893: RDNSS is broken in 2.5 for Android and leightweight Clients: While this is convenient to you as you have a dynamic prefix, there are some situations where this might not be desir... Elbin Teh
04:57 PM Feature #9302: radvd always advertises DNS servers and Domain Search List regardless of M or O flag: The extract that you've posted is in Section 1.2 which immediately follows Section 1.1 (which describes how RDNSS in ... Elbin Teh
12:58 PM Feature #9302: radvd always advertises DNS servers and Domain Search List regardless of M or O flag: Elbin Teh wrote:
> Agreed it would be the responsibility of the network administrator to configure RDNSS or DNSSL or... Rick Coats
01:32 AM Feature #9302: radvd always advertises DNS servers and Domain Search List regardless of M or O flag: Agreed it would be the responsibility of the network administrator to configure RDNSS or DNSSL or disable them comple... Elbin Teh
03:21 PM Revision c2517ce8: Fix #3743: Allow OpenVPN keepalive configuration: - Remove hardcoded 'keepalive 10 60' configuration
- Added 'inactive seconds' option
- Let user configure 'keepalive ... Renato Botelho
03:02 PM Revision e5c893cd: Show DNS server help when server list is empty: (cherry picked from commit 05025e63edf9f85b679de8f99d38d6600e8ad5e3) Steve Beaver
03:02 PM Revision 772e21e0: Allow packet capture to match IPv4+IPv6 CARP. Fixes #9867: (cherry picked from commit b86891b1d5d62d30bc8f1bf3a7fdfee7030ed82b) Jim Pingle
03:02 PM Revision 58b2334f: Add clientAuth EKU to Server type certificates. Fixes #9868: (cherry picked from commit 46869dd2b5ebf32e8297d65f98444fb38d314336) Jim Pingle
03:02 PM Revision 88677f87: Suppress errors from touch when marking GW down. Fixes #9851: (cherry picked from commit 83794361b7135aaef4e47b35bd27df7da6ce023c) Jim Pingle
03:02 PM Revision f6323615: Use full path since this pkg prefix is /usr: (cherry picked from commit 14d49fba46389e3f90d26c6316044dfb52f98fc9) Renato Botelho
03:02 PM Revision 123c3cbf: Fix #9612: Run fsck -z once during upgrade: (cherry picked from commit 7373049764f144b2ea7c891bd60760ab64b41160) Renato Botelho
03:01 PM Revision db95c2d8: Only redirects the user to the default page if no specific page page was set in the querystring: (cherry picked from commit 57b2f31714a77d86e51e09758e20da372c224826) bechaire
03:01 PM Revision c9451253: making sure my tabs align with upstream: (cherry picked from commit 7e114786e63619aaf803a5db33c55a92e2b34123) James Lavoy
03:01 PM Revision 168d3972: adjust GEOM rebuild notifications to only notify the user when raid rebuild hits 25% increments: When a geom rebuild is occurring, this script by default notices that the device status has changed every time the re... James Lavoy
03:01 PM Revision 30ca068b: Add search/filter to DHCP/DHCPv6 leases, ARP, and NDP. Implements #9791: (cherry picked from commit 9297ad6504618c5ffcee9f8fe02535cb33f570c9) Jim Pingle
03:01 PM Revision 076a82d1: Removed escaping of CSS classes: (cherry picked from commit c8954c9f0957264a0287d3591b44fab5d52d0998) Sebastian Fiebig
03:00 PM Revision 46c976a9: Initialize JSON data to avoid warning.: Avoid warning/error for not initialized JSON variable.
(cherry picked from commit 6f2192d44689066e55cb7af6d19323edfc... Sebastian Fiebig
03:00 PM Revision 66a1eb93: Fix malformed JSON: Fix malformed JSON using json_encode().
(cherry picked from commit a9941bf65f82bd0a5491c693a55bc2163a43676d) Sebastian Fiebig
03:00 PM Revision 44a87108: Fix OpenVPN keepalive default values. Fixes #3473: (cherry picked from commit 99d7e8c10e96e6f22ad47973d07258cd02426fe6) Jim Pingle
02:55 PM Bug #9872: Error during build when compiling a non pfSense software: Noticed this error as well, thanks for finding the issue. I have incorporated your PR into my builds.
Maybe a low... Ronald Schellberg
02:17 PM Revision 05025e63: Show DNS server help when server list is empty: Steve Beaver
10:06 AM Bug #9533: XG-7100 FAT config restore not working post-install: Revisiting this after hitting it on another system. Adding the following to loader.conf (or loader.conf.local) allows... Steve Wheeler
06:57 AM Todo #9868 (Resolved): Add clientAuth EKU to Server type certificates: Jim Pingle
02:57 AM Todo #9868: Add clientAuth EKU to Server type certificates: Jim Pingle wrote:
> Applied in changeset commit:46869dd2b5ebf32e8297d65f98444fb38d314336.
Tested on 2.5.0.a.20191... Viktor Gurov

11/11/2019

06:19 PM Feature #9302: radvd always advertises DNS servers and Domain Search List regardless of M or O flag: Elbin Teh wrote:
> Hi,
>
> I did some more research and investigation on this, and on further thought I think thi... Rick Coats
05:36 PM Feature #9302: radvd always advertises DNS servers and Domain Search List regardless of M or O flag: Hi,
I did some more research and investigation on this, and on further thought I think this needs to be revisited.... Elbin Teh
04:56 PM Feature #9302: radvd always advertises DNS servers and Domain Search List regardless of M or O flag: If you look at the last paragraph of the blog from 2012 that you referenced:
"One thing to note, I have found that... Rick Coats
04:11 PM Feature #9302: radvd always advertises DNS servers and Domain Search List regardless of M or O flag: Elbin Teh wrote:
> I totally agree that when using "M" mode that RDNSS should not be disabled.
>
> In fact, the ... Rick Coats
05:10 PM Bug #9893 (Duplicate): RDNSS is broken in 2.5 for Android and leightweight Clients: Version of PfSense under Test:
2.5.0-DEVELOPMENT (amd64)
built on Sun Nov 10 20:08:03 EST 2019
FreeBSD 12.0-RELEAS... Rick Coats

11/10/2019

10:35 AM Feature #9843 (Resolved): allow to generate cert/csr with ECDSA key: Jim Pingle
04:40 AM Feature #9843: allow to generate cert/csr with ECDSA key: Jim Pingle wrote:
> PR has been merged
Tested on 2.5.0.a.20191109.1723
Resolved Viktor Gurov
10:35 AM Feature #9825 (Resolved): Requirements for trusted certificates in iOS 13 and macOS 10.15: Jim Pingle
04:37 AM Feature #9825: Requirements for trusted certificates in iOS 13 and macOS 10.15: Tested on 2.5.0.a.20191109.1723
Change default GUI cert lifetime to 825 days - OK
Add notes on CA/Cert pages abo... Viktor Gurov
10:35 AM Bug #9867 (Resolved): Packet Capture IPv6 rejects all packets if CARP type is set in Protocol field: Jim Pingle
07:37 AM Feature #9891 (Resolved): QLogic 10 Gigabit Ethernet driver (qlxgb): It seems that *qlxgb* driver is not compiled on pfSense,
see https://forum.netgate.com/topic/139931/hp-qlogic-nc523s... Viktor Gurov
03:26 AM pfSense Packages Feature #9874: safesearch enforcing: PR updated with Firefox DoH blocking support
(see https://forum.netgate.com/topic/133679/heads-up-be-aware-of-truste... Viktor Gurov

11/09/2019

11:55 PM Bug #9867: Packet Capture IPv6 rejects all packets if CARP type is set in Protocol field: Jim Pingle wrote:
> Applied in changeset commit:b86891b1d5d62d30bc8f1bf3a7fdfee7030ed82b.
Tested on 2.5.0.a.20191... Viktor Gurov
10:29 PM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: Jim Pingle wrote:
> John K wrote:
> > What's the status here? Has Netgate been able to reproduce this issue?
>
... Gavin Stewart
02:04 PM pfSense Packages Feature #6022: Consider MLVPN for bonded VPN: https://forum.netgate.com/topic/144050/multi-wan-bonding-150
Added my 2 cents to the forum post, and added $100 to... James Tandy
02:59 AM pfSense Packages Feature #9874: safesearch enforcing: https://github.com/pfsense/FreeBSD-ports/pull/701 Viktor Gurov

11/08/2019

01:03 PM Feature #4632: Support for Multipath TCP (MPTCP): +1 Bouke Henstra
11:04 AM pfSense Packages Feature #9890 (Needs Patch): Improves Network Quality on a High-latency Lossy Link by using Forward Error Correction: Jim Pingle
11:02 AM pfSense Packages Feature #9890 (Needs Patch): Improves Network Quality on a High-latency Lossy Link by using Forward Error Correction: Network packet loss occurs frequently on long-distance international networks. like: use openvpn gre so on.
I think ... yon Liu
11:01 AM Bug #9889 (Resolved): Cannot validate Certificates against Certificate Revocation Lists for Intermediate Certificate Authorities: Adding this for tracking, but I don't think it's a bug in pfSense or FreeBSD, but OpenSSL itself. It could potentiall... Jim Pingle
09:51 AM pfSense Packages Bug #9888 (Feedback): ACME output sent to browser without encoding: Fixed in ACME package version 0.6.3_1
https://github.com/pfsense/FreeBSD-ports/commit/a6f443cde51e7fcf17e51f16014d... Jim Pingle
09:46 AM pfSense Packages Bug #9888 (Resolved): ACME output sent to browser without encoding: ACME issue/renew output is sent directly to the browser without encoding. In some cases, user input may be included i... Jim Pingle
05:11 AM pfSense Packages Feature #9885 (Resolved): OpenVPN client 2.4.8 update: Renato Botelho
03:29 AM pfSense Packages Feature #9885: OpenVPN client 2.4.8 update: Hi!
Works.
Thanks!
Regards,
G Greg M
03:33 AM Feature #6240: vxlan driver: +1 Gianluca Semprini

11/07/2019

04:50 PM Revision b8b33a3e: Use more accurate date calculations for CA/Cert operations.: Otherwise calculations could fail on ARM Jim Pingle
04:49 PM Revision 26c4679b: Lower default cert expire days to 28.: At 30 days, an ACME cert may not have triggered automatic renewal yet,
so it would warn unnecessarily. Jim Pingle
09:58 AM pfSense Packages Bug #9886 (Rejected): Open-VM-Tools 10.1.0_2,1 on ESXi 6.5 causes gateway disconnects: This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
09:50 AM Bug #6801: Rule separators are moving when multiple firewall rules are deleted together: I couldn't reproduce the exact same bug stated here, but I did manage to reproduce a similar one. I opened #9887 and ... Jim Pingle
02:18 AM Bug #6801: Rule separators are moving when multiple firewall rules are deleted together: It seems that the bug has returned, as I just had this exact issue when deleting multiple firewall rules with version... Max Frames
09:49 AM Bug #9887 (Resolved): Rule separator positions change when deleting multiple rules: When deleting rules around a separator at the end of the ruleset, separator positions can change unintentionally. Sim... Jim Pingle
08:36 AM pfSense Packages Bug #8454: Arpwatch package break email notifications from other sources: Hi, is there a chance this problem will be fixed? Christian Rhomberg

11/06/2019

08:59 PM Revision 96773352: Add edit screen for Certificate entries.: * Allows editing the name/descr. Implements #7861
* Adds a (not stored) password field and buttons for exporting encr... Jim Pingle
06:16 PM Revision f0b38e39: CA/Cert optimizations: * Actions are now by refid rather than array index, which is more
accurate and not as prone to being affected by para... Jim Pingle
03:10 PM Feature #1192 (Feedback): Certificate Manager - Ability to Encrypt Private Keys When Exporting: Applied in changeset commit:967733529244944d751003517a1e42fba1b29c07. Jim Pingle
02:31 PM Feature #1192 (In Progress): Certificate Manager - Ability to Encrypt Private Keys When Exporting: Jim Pingle
03:10 PM Feature #7861 (Feedback): Make "Descriptive name" of certificates editable: Applied in changeset commit:967733529244944d751003517a1e42fba1b29c07. Jim Pingle
02:31 PM Feature #7861 (In Progress): Make "Descriptive name" of certificates editable: Jim Pingle
02:29 PM pfSense Packages Feature #9871 (Resolved): Snort - User Forced Disabled Rules Ordering: Jim Pingle
01:58 PM pfSense Packages Feature #9871: Snort - User Forced Disabled Rules Ordering: This ticket can be closed as "RESOLVED". Column sorting is now available on the RULES tab in the DEVEL and RELEASE br... Bill Meeks
02:10 PM pfSense Packages Bug #9740 (Feedback): empty Status / Tinc VPN page on latest 2.5: PR has been merged. Thanks! Renato Botelho
02:10 PM pfSense Packages Bug #9860 (Feedback): Illegal string offset 'config' in /usr/local/pkg/tinc.inc on line 83: PR has been merged. Thanks! Renato Botelho
08:08 AM pfSense Packages Feature #9885 (Feedback): OpenVPN client 2.4.8 update: OpenVPN Client Export package version 1.4.19 is up with Windows installers for OpenVPN 2.4.8 (Win10 and Win7) Jim Pingle
07:23 AM pfSense Packages Feature #9885: OpenVPN client 2.4.8 update: Hi!
Yes, I was reffering to client in the export page. Sorry for confusion :) Greg M
07:16 AM pfSense Packages Feature #9885: OpenVPN client 2.4.8 update: I do not see anything in the changelog that makes it compelling to rush a move on the base/FreeBSD side of things. We... Jim Pingle
02:30 AM pfSense Packages Feature #9885 (Resolved): OpenVPN client 2.4.8 update: Hi!
Since OpenVPN 2.4.8 has been released it would be nice to include it in all branches of pfsense.
Thanks! Greg M
03:35 AM pfSense Packages Bug #9886 (Rejected): Open-VM-Tools 10.1.0_2,1 on ESXi 6.5 causes gateway disconnects: I run pfSense 2.4.4 on ESXi 6.5 on a 2010 Mac Mini.
After updating Open-VM-Tools to 10.1.0_2,1 I started getting ... Tim Preston

11/05/2019

11:18 PM pfSense Packages Feature #9871: Snort - User Forced Disabled Rules Ordering: I've added sortable columns to the RULES tab. You can now sort on all of the columns except *State* (that is an icon)... Bill Meeks
09:50 PM Revision ecb594d0: Use central download function: Reduce duplicated/inconsistent code by using the new download function. Jim Pingle
09:06 PM Revision 7e83055a: CA/Cert/CRL code optimizations: While here, use the new download function when exporting items Jim Pingle
09:04 PM Revision 1342f80f: Add central file download function for use throughout the GUI.: Jim Pingle
04:31 PM Revision a6bd9e78: Validate CA/CRL serial input. Issue #9883 Issue #9869: Jim Pingle
01:32 PM Revision a9769a8c: Update privilege definitions: Jim Pingle
01:32 PM Revision d5a222cc: Update privilege definitions: Jim Pingle
07:54 AM Feature #9884: Add support for OpenVPN --x509-username-field: That is true, but it doesn't seem to affect "plugin /usr/local/lib/openvpn/plugins/openvpn-plugin-auth-script.so /usr... Florian Apolloner
07:47 AM Feature #9884: Add support for OpenVPN --x509-username-field: We currently force on username-as-common-name so I don't think you could override that behavior with this new option ... Jim Pingle
07:41 AM Feature #9884: Add support for OpenVPN --x509-username-field: Sorry, I realized that it's not a bug immediately after clicking save, but I cannot edit anything :/
> Even if it ... Florian Apolloner
07:21 AM Feature #9884: Add support for OpenVPN --x509-username-field: This isn't a bug, but a missing feature. Even if it is enabled, it would still need GUI code to configure the behavio... Jim Pingle
05:20 AM Feature #9884 (Resolved): Add support for OpenVPN --x509-username-field: The openvpn shipped with pfsense has enable_x509_alt_username=no as compilation option. It would be great if that cou... Florian Apolloner

11/04/2019

07:30 PM Revision 3a877e4a: Enforce a max lifetime for CA/Cert/CRL. Issue #3956: Jim Pingle
07:02 PM Revision 2c9601c9: Add support for randomized cert serial numbers. Implements #9883: Jim Pingle
06:21 PM Feature #4821: PPPoE WANs do not take full advantage of NIC driver queues for receiving traffic: Interestingly I appear to have rss working on pppoe using igb driver.
the tx is very misbalanced about 10:1 but rx... Chris Collins
04:38 PM Feature #7537 (Feedback): Include mellanox mlx4 and mlx5 ethernet driver: Next round of snapshots will have mlx4en/mlx5en support built in pfSense kernel Renato Botelho
02:59 PM Feature #7537 (In Progress): Include mellanox mlx4 and mlx5 ethernet driver: Renato Botelho
03:26 PM Bug #3956: Check for invalid CA on generating new certificate: It looks good.
Thx. Grischa Zengel
02:51 PM Bug #3956 (Feedback): Check for invalid CA on generating new certificate: It should be good now with the checks I added earlier today. Jim Pingle
09:16 AM Bug #3956: Check for invalid CA on generating new certificate: Grischa Zengel wrote:
> On import you should check the limits too.
That won't matter. Since the CA fails to parse... Jim Pingle
08:47 AM Bug #3956: Check for invalid CA on generating new certificate: On import you should check the limits too. Grischa Zengel
07:59 AM Bug #3956 (In Progress): Check for invalid CA on generating new certificate: I tried a few large but more sane values and I'd say around 12000 is probably the highest lifetime we should allow fo... Jim Pingle
07:51 AM Bug #3956: Check for invalid CA on generating new certificate: If you use a lifetime that long, the CA is generated, but nothing can parse it properly (not even OpenSSL at the CLI)... Jim Pingle
01:35 PM Revision a6487fc8: CRL Fixes: * Correct a PHP error in non-edit CRL actions. Fixes #9879
* Correct display of revoke by serial options when the CRL... Jim Pingle
01:10 PM Feature #9883 (Feedback): Allow CAs to use randomized serials when signing: Applied in changeset commit:2c9601c978589f34089f25cc7569ed67dbbc37e8. Jim Pingle
01:02 PM Feature #9883 (Resolved): Allow CAs to use randomized serials when signing: Various guidelines suggest using randomized serial numbers when signing certificates, rather than using sequential nu... Jim Pingle
12:15 PM Feature #9882 (Duplicate): Alias feature request: Duplicate of #1979 Jim Pingle
12:14 PM Feature #9882 (Duplicate): Alias feature request: Hi, I'm using pfsense for over two years and i have to say that it is a great product!
Thank you for your effort!
I... Federico Galli
07:45 AM Bug #9879 (Feedback): PHP Warning: count(): Parameter must be an array or an object that implements Countable in /usr/local/www/system_crlmanager.php: Applied in changeset commit:a6487fc84dc85113354730ffe7f1d4a1141cf0c5. Jim Pingle
07:13 AM Bug #9881 (Duplicate): Traffic Graphs: Almost certainly a duplicate of #9566 Jim Pingle
12:26 AM Bug #9881 (Duplicate): Traffic Graphs: Hello
The problem is that at the same time, the graphs from the dashboard and the status section show different valu... Andrey Kirilov

11/03/2019

05:16 PM pfSense Packages Todo #9880 (Pull Request Review): Remove Zabbix 2.2 Packages: Jim Pingle
04:30 PM pfSense Packages Todo #9880: Remove Zabbix 2.2 Packages: https://github.com/pfsense/FreeBSD-ports/pull/696
https://github.com/pfsense/pfsense/pull/4110 Danilo Baio
04:29 PM pfSense Packages Todo #9880 (Resolved): Remove Zabbix 2.2 Packages: End of life was August, 2019.
Ports will expire after November, 30 on FreeBSD.
https://svnweb.freebsd.org/ports?vie... Danilo Baio
05:09 PM Revision 7997506f: Update globals.inc: vktg
05:08 PM Revision e15ceee7: fixes: vktg
04:58 PM Revision 783e9a2a: Update globals.inc: vktg
04:57 PM Revision 703018ad: Update guiconfig.inc: vktg
02:55 PM Revision 2fc1e9a2: successful connection: Viktor Gurov
02:34 PM Revision 12deb411: more: Viktor Gurov
01:45 PM Revision 0265d4f9: first steps: Viktor Gurov
11:25 AM Feature #2358: NAT64 support: Bipin Chandra wrote:
> UPVOTE - we need this feature desperately and if this isn't coming then it will be a deciding... Dmitri Toubelis
12:37 AM Feature #2358: NAT64 support: UPVOTE - we need this feature desperately and if this isnt coming then it will be a deciding point for us to move to ... Bipin Chandra
10:27 AM Bug #9879 (Resolved): PHP Warning: count(): Parameter must be an array or an object that implements Countable in /usr/local/www/system_crlmanager.php: Crash report begins. Anonymous machine information:
amd64
12.0-RELEASE-p10
FreeBSD 12.0-RELEASE-p10 42c493096e7... Travis Scotts
09:26 AM Feature #9878 (Pull Request Review): IPsec PKCS#11 authentication: Jim Pingle
09:20 AM Feature #9878: IPsec PKCS#11 authentication: https://github.com/pfsense/pfsense/pull/4109 Viktor Gurov
09:19 AM Feature #9878 (Resolved): IPsec PKCS#11 authentication: Add ability to select and configure PKCS#11 RSA authentication in WebGUI
you need to install packages: ccid-1.4.30... Viktor Gurov
04:48 AM pfSense Packages Feature #9874: safesearch enforcing: * *DuckDuckGo*: duckduckgo.com CNAME safe.duckduckgo.com (54.229.105.151)
see https://help.duckduckgo.com/duckduckgo... Viktor Gurov

11/02/2019

10:51 AM pfSense Packages Feature #9044: Add SoftEther: Yes, softether seems to be a descent option for openvpn and is discussed on many forums incl. its installation on pfs... Stan Odd
10:44 AM Bug #9577: radvd send_ra_forall failed on interface / can't join ipv6-allrouters: Ronald Schellberg wrote:
> I can confirm tomorrow, as it would stop working for me after about 24 hours.
>
> I ... Ronald Schellberg
08:53 AM pfSense Packages Feature #9875 (Pull Request Review): add extra engines safe search: Jim Pingle
06:16 AM pfSense Packages Feature #9875: add extra engines safe search: https://github.com/pfsense/FreeBSD-ports/pull/695 Viktor Gurov
06:14 AM pfSense Packages Feature #9875 (Resolved): add extra engines safe search: qwant.com keys from https://github.com/serv-inc/safe-search
rambler.ru keys from help page https://help.rambler.ru/r... Viktor Gurov
08:48 AM Bug #3956: Check for invalid CA on generating new certificate: Meanwhile this bug doesn't exist like described.
I think I created a CA with pfsense and a high life time (100 yea... Grischa Zengel
08:03 AM Feature #9877 (Resolved): QEMU Guest Agent: Add QEMU Guest Agent to base system or as extra package
https://github.com/aborche/qemu-guest-agent
Makefile patc... Viktor Gurov
07:38 AM Feature #9876 (New): PFsense on KVM: Web interface hint to disable "Hardware Checksum Offloading": According to
https://docs.netgate.com/pfsense/en/latest/virtualization/virtio-driver-support.html
it is necessary ... thal unil
05:33 AM pfSense Packages Feature #9874 (Resolved): safesearch enforcing: Add ability to force safesearch via special DNS entries.
* *Google*: 216.239.38.120 google.com
see https://suppor... Viktor Gurov

11/01/2019

08:14 PM Revision 63fb68d7: CRL management overhaul: * Allow revoking by serial number or cert. Implements #9869
* Allow revoking multiple entries at a time. Implements #... Jim Pingle
06:51 PM Bug #9873 (Resolved): Switching the System Update to Development renders the system unbootable: If you select Development Snapshots branch in System > Update > Update Settings and then switch back to the Latest St... Steve Wheeler
03:20 PM Feature #3258 (Feedback): Allow multiple certificates to be revoked in a single step: Applied in changeset commit:63fb68d71384d3b819bb87fbbef28507b5330955. Jim Pingle
03:20 PM Feature #9869 (Feedback): Allow CRL entries to be made by serial number: Applied in changeset commit:63fb68d71384d3b819bb87fbbef28507b5330955. Jim Pingle
03:17 PM Feature #1268: Allow mass renewing of certs: I've investigated a couple different ways to do this and didn't really care for how any of them turned out. Trying to... Jim Pingle
02:58 PM pfSense Packages Feature #9871: Snort - User Forced Disabled Rules Ordering: I believe I can add sortable columns (at least for some of the columns) so the RULES tab behaves the same as the ALER... Bill Meeks
05:08 AM pfSense Packages Feature #9871 (Resolved): Snort - User Forced Disabled Rules Ordering: Any chance of forcing the order GID then SID of the displayed rules, its a bit of a pain when your trying to audit wh... Andy Kniveton
11:42 AM Revision 13f6078b: Remove pfSense-upgrade move: A FL
10:05 AM Feature #2358: NAT64 support: UPVOTE here, put politics aside please, regardless if you hate NAT or not, this feature should at least be added.
... Chris Collins
06:53 AM Bug #9872 (Resolved): Error during build when compiling a non pfSense software: Hello,
I am facing a (non-critical) error when building non-pfSense software... A FL
12:11 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: Art Manion wrote:
> Netgate SG-4860 running 2.4.4-RELEASE-p3 (amd64). At least twice I've experienced issues, I ass... Art Manion

10/31/2019

08:34 PM Revision 8d4663c1: Also refresh trust store when renewing. Issue #4068: Jim Pingle
08:28 PM Revision 7daab3d8: Add option to trust local CA entries. Implements #4068: Similar to closed PR #3558 from overhacked, but with a number of
changes. Jim Pingle
08:04 PM Revision e78fe74d: Make value of cert notify setting consistent with others. Issue #7332: Jim Pingle
06:40 PM Revision d1b23f75: Remove duplicate DHCP log block.: Jim Pingle
05:59 PM Revision b86891b1: Allow packet capture to match IPv4+IPv6 CARP. Fixes #9867: Jim Pingle
05:53 PM Bug #9870 (Not a Bug): DNS fails to resolve CNAME records: There is not enough information here to definitively say it's a bug and not a problem with your settings or elsewhere... Jim Pingle
05:13 PM Bug #9870 (Not a Bug): DNS fails to resolve CNAME records: I have a pfSense router (2.4.4-RELEASE-p3 using unbound Version 1.9.1) in a home environment and it is also serving a... Brian Saia
05:30 PM Revision 746c9afc: CA validity checks. Fixes #3956: Jim Pingle
05:23 PM Revision 46869dd2: Add clientAuth EKU to Server type certificates. Fixes #9868: Jim Pingle
05:12 PM Revision 71185882: Reduce default GUI cert lifetime to 825 days. Issue #9825: Jim Pingle
05:10 PM Revision 3f0b7bc3: Certificate strength improvements. Fixes #9825: * Change default GUI cert lifetime to 825 days
* Add notes on CA/Cert pages about using potentially insecure paramete... Jim Pingle
03:41 PM Feature #9869 (Resolved): Allow CRL entries to be made by serial number: CRL entries are made by serial number internally, but the only way to revoke in the GUI is to have the certificate im... Jim Pingle
03:40 PM Feature #4068 (Feedback): CAs present on CERT manager are not trusted from pfSense: Applied in changeset commit:7daab3d8dc4cc045db22925cccbde22c23083c03. Jim Pingle
03:28 PM Feature #4068 (In Progress): CAs present on CERT manager are not trusted from pfSense: Jim Pingle
01:05 PM Bug #9867 (Feedback): Packet Capture IPv6 rejects all packets if CARP type is set in Protocol field: Applied in changeset commit:b86891b1d5d62d30bc8f1bf3a7fdfee7030ed82b. Jim Pingle
08:03 AM Bug #9867: Packet Capture IPv6 rejects all packets if CARP type is set in Protocol field: A "silly" workaround might be renaming *CARP* in dropdown _Protocol_ list to *CARP IPv4*. Constantine Kormashev
08:02 AM Bug #9867: Packet Capture IPv6 rejects all packets if CARP type is set in Protocol field: It appears both are caught by "proto 112", so it might not be too difficult to solve that way. Jim Pingle
07:53 AM Bug #9867 (Resolved): Packet Capture IPv6 rejects all packets if CARP type is set in Protocol field: Packet Capture IPv6 rejects all packets if *CARP* type is set in *Protocol* field.
It might be an upstream issue.
... Constantine Kormashev
12:40 PM Bug #3956 (Feedback): Check for invalid CA on generating new certificate: Applied in changeset commit:746c9afc0e9bd632a8b7ee2f8cc2d63a0974dd88. Jim Pingle
12:28 PM Bug #3956 (In Progress): Check for invalid CA on generating new certificate: Unless we can get a copy of a certificate that shows the behavior, I don't see any problems here. I'm adding some pro... Jim Pingle
12:30 PM Todo #9868 (Feedback): Add clientAuth EKU to Server type certificates: Applied in changeset commit:46869dd2b5ebf32e8297d65f98444fb38d314336. Jim Pingle
10:46 AM Todo #9868 (Resolved): Add clientAuth EKU to Server type certificates: Some cases may require a server certificate to be used to authenticate a server (to client) and authenticate as a cli... Jim Pingle
12:15 PM Feature #7248: Web UI for IPSec settings should warn about poor security choices: This could probably use a similar technique to the one I implemented for Certificates on #9825
See commit:3f0b7bc3ae Jim Pingle
12:14 PM Feature #9825 (Feedback): Requirements for trusted certificates in iOS 13 and macOS 10.15: I just pushed changes that should fully address the remaining concerns here.
Once on a snapshot with these changes... Jim Pingle
11:56 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: Vinicius DellAglio wrote:
> I just installed a brand new pfsense box and once I created an alias with an FQDN it did... John K
07:38 AM pfSense Packages Bug #9866 (Feedback): freeradius_view_config.php: File contents are displayed without encoding: Fixed in FreeRADIUS3 pkg version 0.15.7_3
https://github.com/pfsense/FreeBSD-ports/commit/30b22b6b0db7b73732a5da34... Jim Pingle
07:31 AM pfSense Packages Bug #9866 (Resolved): freeradius_view_config.php: File contents are displayed without encoding: freeradius_view_config.php reads and displays the contents of several FreeRADIUS-related files. The contents are disp... Jim Pingle
07:09 AM Feature #9865 (Needs Patch): DNS Forwarder Interfaces list should be a list of checkboxes: The DNS forwarder is no longer actively developed since it was replaced by the DNS Resolver. As such, it's unlikely t... Jim Pingle

10/30/2019

11:07 PM Feature #9865 (Needs Patch): DNS Forwarder Interfaces list should be a list of checkboxes: The DNS Forwarder Interfaces selection UI is too small, and as a multiple selection dropdown is very awkward to use w... Ben L
08:35 PM Revision e655d548: Fix whitespace: Jim Pingle
06:21 PM Revision 6729b786: Update default config to match current default/version.: Jim Pingle
06:11 PM Revision b5d2d8d8: Add daily certificate expiration notice. Issue #7332: Jim Pingle
06:09 PM Revision 4bbdd9b0: Add periodic framework to allow for daily/weekly/monthly tasks. Issue #7332: Jim Pingle
05:35 PM Revision ddcc83f2: Fix Cert expire threshold input validation to allow empty values.: Jim Pingle
05:26 PM Revision 7f3bc6b1: Set autocomplete=new-password for auth forms around the GUI. Implements #9864: (cherry picked from commit 659a8a26d12b75399063dae060fa32fa23751dbf) Jim Pingle
05:26 PM Revision 659a8a26: Set autocomplete=new-password for auth forms around the GUI. Implements #9864: Jim Pingle
04:26 PM Revision 83bf2511: Update diag_ping.php: Mix Room
04:23 PM Revision e00d0c0c: Update diag_ping.php: Mix Room
03:19 PM Revision 90661d90: Update diag_ping.php: As per comment. Hint left for sake of consistency. Mix Room
03:17 PM Bug #9646: OpenSSL 1.1.1 does not list engines for AES-NI or BSD crypto: For the sake of those Googling or searching for the error, the following message was showing up in the logs and on th... Jim Pingle
03:16 PM Bug #9646 (In Progress): OpenSSL 1.1.1 does not list engines for AES-NI or BSD crypto: Patch reverted after we see problems with it applied Renato Botelho
03:13 PM Revision 1ab01fee: Cert expire threshold input validation: Jim Pingle
02:07 PM Revision 0a6222e5: Update diag_ping.php: Mix Room
02:06 PM Revision fb228a34: Update diag_ping.php: Fix missing '$' Mix Room
02:00 PM Feature #9842 (Feedback): Add CA/certificate renewal function: This should be complete for now. I didn't add a CLI script, as it didn't seem necessary yet. On a related note, the G... Jim Pingle
01:56 PM Revision 88ccb45b: Update diag_ping.php: Mix Room
01:46 PM Revision 740e289b: Update diag_ping.php: Mix Room
01:40 PM Revision 2d0b01e0: Update diag_ping.php: Add support for setting wait period between pings Mix Room
01:24 PM Feature #7332 (Feedback): Provide certificate expiry warning: This is now implemented.
There is a GUI setting to enable/disable the expiration notifications, and they are on by... Jim Pingle
12:39 PM Revision b0790fc0: Add missing newline after Must Staple cert info.: Jim Pingle
12:35 PM Todo #9864 (Feedback): Set autocomplete=new-password for user/password fields in forms: Applied in changeset commit:659a8a26d12b75399063dae060fa32fa23751dbf. Jim Pingle
11:02 AM Todo #9864 (Resolved): Set autocomplete=new-password for user/password fields in forms: It looks like at least Firefox and Chrome current versions suppress autocomplete for usernames and passwords when usi... Jim Pingle
10:37 AM Feature #9863 (Duplicate): Ability to select multiple firewall rules and then toggle them all on (enabled) or off (disabled) with one click: Duplicate of #2505 Jim Pingle
10:19 AM Feature #9863 (Duplicate): Ability to select multiple firewall rules and then toggle them all on (enabled) or off (disabled) with one click: It would be nice, when doing a major rule overhaul (like I just had to do on multiple firewalls) or testing before/af... Max Frames
10:35 AM Feature #9862 (Pull Request Review): Add support for waiting between ping-packages on diag_ping.php: Jim Pingle
09:11 AM Feature #9862 (Resolved): Add support for waiting between ping-packages on diag_ping.php: I wanted to wait a longer time between sending pings. The diag_ping.php interface does not have support for this. Mix Room
10:09 AM pfSense Packages Bug #9860 (Pull Request Review): Illegal string offset 'config' in /usr/local/pkg/tinc.inc on line 83: Jim Pingle
09:27 AM pfSense Packages Bug #9860: Illegal string offset 'config' in /usr/local/pkg/tinc.inc on line 83: https://github.com/pfsense/FreeBSD-ports/pull/694 Viktor Gurov
07:22 AM pfSense Packages Bug #9860: Illegal string offset 'config' in /usr/local/pkg/tinc.inc on line 83: Probably because that array isn't fully initialized before use. It needs to be initialized at each level, not just th... Jim Pingle
01:46 AM pfSense Packages Bug #9860: Illegal string offset 'config' in /usr/local/pkg/tinc.inc on line 83: got this errors when Tinc Hosts is empty Viktor Gurov
01:44 AM pfSense Packages Bug #9860 (Resolved): Illegal string offset 'config' in /usr/local/pkg/tinc.inc on line 83: Crash report details:
PHP Errors:
[30-Oct-2019 08:46:07 Europe/Moscow] PHP Warning: Illegal string offset 'confi... Viktor Gurov
09:32 AM Bug #9577: radvd send_ra_forall failed on interface / can't join ipv6-allrouters: After several failed attempts at creating a 12.1 version, the process that worked was to create a new branch from pfS... Ronald Schellberg
07:17 AM Bug #9861 (Not a Bug): All traffic passing through OpenVPN even if redirect gateway unchecked: That is a configuration problem, not a bug. This site is not for support or diagnostic discussion.
For assistance ... Jim Pingle
02:38 AM Bug #9861 (Not a Bug): All traffic passing through OpenVPN even if redirect gateway unchecked: An OpenVPN has been configured on pfSense and working well, but I noticed that even the "Redirect IPv4 Gateway" is un... Nico .
06:22 AM Bug #9851 (Resolved): PHP error in logs: Renato Botelho
12:09 AM Bug #9851: PHP error in logs: Upgraded and the error is gone. Thank you. Florin Samareanu

10/29/2019

11:11 PM pfSense Packages Bug #9665 (Resolved): acme.sh deleting A record for domain along with TXT record for _acme-challenge: Jim Pingle
11:10 PM pfSense Packages Bug #9665: acme.sh deleting A record for domain along with TXT record for _acme-challenge: Sorry for the late response. But I can confirm that ACME 0.6 does fix the issue for me. This ticket can be closed now. Ronnie Thomas
08:56 PM Revision 38e7b336: Add settings to control certificate expiration notifications. Issue #7332: Note that the notices themselves do not yet exist. Those are still a
work in progress. Jim Pingle
06:45 PM Revision 93f1121f: Add certificate lifetime to infoblock. Issue #7332: * Adds the total lifetime and lifetime remaining before expiration to
the info block
* Adds a visual indication to th... Jim Pingle
01:47 PM Feature #7332 (In Progress): Provide certificate expiry warning: I do not think there will be a per-certificate setting for this (at least for now), but for starters I have added a v... Jim Pingle
08:59 AM Bug #9851: PHP error in logs: I gave a look at PHP source code and I have a doubt, what is the gateway name? Nano Caiordo
07:21 AM Bug #9851: PHP error in logs: If that were the case it would happen to everyone all the time, which isn't true. Also the order of operations is bac... Jim Pingle
06:15 AM Bug #9851: PHP error in logs: It might be a permission issue, php docs about file_exists() states: ... Nano Caiordo
08:45 AM Feature #5851: Add copy action to OpenVPN client / server: A huge benefit as ISPs seem to be starting to pick off VPN connections and blocking access to VPN servers that are se... PT Rich
07:16 AM Bug #9859 (Rejected): Memory exhaustion by hundreds of minicron and php-cgi processes.: There is not enough solid information here to classify this as an identifiable or reproducible bug. This site is not ... Jim Pingle
04:10 AM Bug #9859 (Rejected): Memory exhaustion by hundreds of minicron and php-cgi processes.: After repeated gateway failovers I noticed I wasn't able to login any more using https or ssh.
I would then get an e... Joel Linn
07:14 AM Bug #9646 (Feedback): OpenSSL 1.1.1 does not list engines for AES-NI or BSD crypto: I've cherry-picked that patch to 2.5.0. Thanks for pointing that out Renato Botelho
02:36 AM Bug #9646: OpenSSL 1.1.1 does not list engines for AES-NI or BSD crypto: discussion and patch in freebsd mailing list:
https://lists.freebsd.org/pipermail/freebsd-current/2018-December/0724... Viktor Gurov
07:11 AM Feature #9831 (Resolved): diag_packet_capture.php: print packet capture start time: Renato Botelho
12:04 AM Feature #9831: diag_packet_capture.php: print packet capture start time: Renato Botelho wrote:
> PR has been merged. Thanks!
Tested on 2.5.0.a.20191028.1847
Works, resolved Viktor Gurov
07:09 AM Feature #9766 (Resolved): diag_packet_capture.php: allow to input multiple tcp/udp ports: Renato Botelho
12:04 AM Feature #9766: diag_packet_capture.php: allow to input multiple tcp/udp ports: Renato Botelho wrote:
> PR has been merged. Thanks!
Tested on 2.5.0.a.20191028.1847
Works, resolved Viktor Gurov
02:51 AM Bug #9858 (Rejected): adding gateway: Hello,
There is not enough information here to consider this a bug. Please use https://forum.netgate.com for troub... Paighton Bisconer
02:27 AM Bug #9858 (Rejected): adding gateway: We have deployed pfsense VM on VMware ESXi, can communicate with pfsense gateway among the VMs, but outside VMs netwo... geetha subramani
02:07 AM Feature #9857 (New): IPsec Down/Up SMTP Notifications: Currently if Phase1 or Phase 2 go offline no SMTP notification is given. It will be very helpful to have them. Auto p... DRago_Angel [InV@DER]

10/28/2019

08:46 PM Revision b6196922: Show detailed infoblock on CA and Cert pages. Implements #9856: * Moved info block to common function
* Used that function on CA and Cert pages
* Added more information to the info ... Jim Pingle
03:55 PM Todo #9856 (Feedback): Add certificate detail infoblock to CA list: Applied in changeset commit:b61969226691bb776bf21f1c1121b41519ad5e22. Jim Pingle
03:42 PM Todo #9856 (Resolved): Add certificate detail infoblock to CA list: The certificate list has a nice infoblock that expands with more details about the certificate. This should also work... Jim Pingle
03:23 PM Revision 725c8134: Add packages to version string to support composite update: Steve Beaver
12:11 PM Revision 83794361: Suppress errors from touch when marking GW down. Fixes #9851: Jim Pingle
07:44 AM Bug #9855 (Resolved): CSRF error at login when clicking the 'sign in' button multiple times: When logging in, if a user clicks 'sign in' and then waits a moment and clicks 'sign in' again before the login compl... Jim Pingle
07:20 AM Bug #9851 (Feedback): PHP error in logs: Applied in changeset commit:83794361b7135aaef4e47b35bd27df7da6ce023c. Jim Pingle
07:14 AM Bug #9851: PHP error in logs: I've seen that happen before. Looks like a race condition of some sort since there is a test just before that checkin... Jim Pingle
05:13 AM pfSense Packages Bug #9854: pfBlockerNG Message: Allowed memory size of 536870912 bytes exhausted: ... lexxai lexxai
05:11 AM pfSense Packages Bug #9854 (Closed): pfBlockerNG Message: Allowed memory size of 536870912 bytes exhausted: PHP ERROR: Type: 1, File: /usr/local/www/pfblockerng/pfblockerng_alerts.php, Line: 644, Message: Allowed memory size ... lexxai lexxai

10/27/2019

05:27 PM pfSense Docs Correction #9853 (Closed): Feedback on VPN — IPsec — Routing Internet Traffic Through a Site-to-Site IPsec VPN: *Page:* https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/routing-internet-traffic-through-a-site-to-site-ipsec-vp... Phil Six
10:50 AM pfSense Packages Bug #9849: NUT not starting as root? Isn't loading USB drivers?: I think I found a work-around. I went into the Services > UPS and then selected the UPS Settings tab. From there, cli... Ryan McCullough
10:12 AM Revision da77bc71: renamed click to select: Viktor Gurov
10:04 AM Feature #7467: Add iPhone/Android/Generic USB tethering support: Not sure why you keep pushing back the target, its 2 mins to add a few words to the kernel module build command and t... Chris Collins
09:37 AM pfSense Packages Feature #9852 (Resolved): show File-Store directory listing: add extra "Alert"-style page with File-Store directory listing
add download icon,
add “i” icon to check the sha25... Viktor Gurov
05:08 AM pfSense Packages Bug #9850: show huperscan option only for x86 arch: https://github.com/pfsense/FreeBSD-ports/pull/693 Viktor Gurov
02:21 AM Bug #9851 (Resolved): PHP error in logs: Hello,
After upgrading to 2.5.0-DEVELOPMENT (amd64) built on Mon Oct 21 20:52:27 EDT 2019 I get the following warn... Florin Samareanu

10/26/2019

06:23 PM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: Jim Pingle wrote:
> John K wrote:
> > What's the status here? Has Netgate been able to reproduce this issue?
>
... Vinicius DellAglio
05:27 PM pfSense Packages Bug #9850 (Resolved): show huperscan option only for x86 arch: Hyperscan will run on x86 processors in 64-bit (Intel® 64 Architecture) and 32-bit (IA-32 Architecture) modes.
hid... Viktor Gurov
05:09 PM pfSense Packages Bug #9849 (Rejected): NUT not starting as root? Isn't loading USB drivers?: It looks like the NUT/UPS driver isn't loading the USB driver unless I pass the "-u root" parameter to the command:
... Ryan McCullough
04:55 PM pfSense Packages Feature #9848 (Closed): file-store retention limits: Add File-Store limit to clean captured files by total size or age Viktor Gurov
10:03 AM Revision a5a8e816: upstream upd: Viktor Gurov
10:00 AM Revision e6e64544: fix: Viktor Gurov
09:57 AM Revision 916b6353: fix: Viktor Gurov
09:56 AM Revision 8cdb5a5c: fix: Viktor Gurov

10/25/2019

11:44 PM Bug #9847 (Not a Bug): Periodic Crash: There isn't enough information here to classify it as a bug. Your ESX version is very old, which is likely a source o... Jim Pingle
09:19 PM Bug #9847 (Not a Bug): Periodic Crash: I'm experiencing periodic lockups (every 2-3 weeks).
This is pfSense 2.4.4-p3 running as VM on ESXi 5.5.0
I have ha... Denis Johnson
08:38 PM Revision 03a84081: Add GUI code and more backend for CA/Cert Renewal. Issue #9842: Jim Pingle
07:03 PM pfSense Packages Bug #9795: FRR add two or more ipv6 BGP Neighbors will system down: i test find this frr with openvpn happen issue, when frr use two ipv6 BGP Neighbors, then the issue will happen. yon Liu
04:05 PM Feature #9843 (Feedback): allow to generate cert/csr with ECDSA key: PR has been merged Jim Pingle
03:42 PM Feature #9842: Add CA/certificate renewal function: I just committed the GUI code for this plus some more backend functions. There are still a couple items left, but not... Jim Pingle
01:27 PM Revision dc56eafa: Merge pull request #4104 from vktg/geneckey: Jim Pingle
12:17 PM Feature #9309: Allow manual selection of IPsec IKE Pseudo-Random Function (PRF): https://github.com/pfsense/pfsense/pull/4106 Viktor Gurov
09:14 AM Feature #6775: Strongswan PKCS#11 Support: Tested, with editing of ipsec.secrets, ipsec.conf and charon.conf
+ installing packages: ccid-1.4.30.txz, opensc-0... Viktor Gurov
08:05 AM pfSense Packages Bug #9846 (Feedback): pfBlockerNG log file download/clear lacks validation: Fix submitted by BBcan177 and committed.
https://github.com/pfsense/FreeBSD-ports/commit/38be8c32b1638b230310c0a54... Jim Pingle
07:51 AM pfSense Packages Bug #9846 (Resolved): pfBlockerNG log file download/clear lacks validation: The 'logfile' parameter in pfblockerng_log.php is not validated, and allows working on files outside of the expected ... Jim Pingle
06:04 AM Revision bc985fed: show the key type and related info in the per-cert info block: Viktor Gurov
02:58 AM Bug #9821: pfSense IPsec not reload configs on connectivity issues with DDNS: Jim Pingle wrote:
> IPsec with DDNS works fine for many users (myself included) -- you haven't presented any evidenc... DRago_Angel [InV@DER]

10/24/2019

08:59 PM Revision 14d49fba: Use full path since this pkg prefix is /usr: Renato Botelho
02:28 PM pfSense Packages Bug #9844 (Resolved): System_Patches 1.2_2 syntax error: Confirmed fixed. Jim Pingle
07:12 AM pfSense Packages Bug #9844 (Feedback): System_Patches 1.2_2 syntax error: Fix pushed. Jim Pingle
07:28 AM Bug #9845 (Not a Bug): diag_dump_states.php: can't use extended filter expressions: It's in the pfSense module:
https://github.com/pfsense/FreeBSD-ports/blob/devel/devel/php-pfSense-module/files/pfS... Jim Pingle
07:22 AM Bug #9845 (Not a Bug): diag_dump_states.php: can't use extended filter expressions: I can't filter expressions for grep-style queries, like "tcp 192.168 ESTABLISHED" or "icmp 172.16.0"
Only single val... Viktor Gurov
01:16 AM Bug #9837: ipv6 is not completely disabled on the interfaces: Manuel Piovan wrote:
> Do not configure IPv6 addresses with no link-local address by using
> ifconfig. It... Viktor Gurov
12:52 AM pfSense Packages Feature #9742: Print Patch ID in log while patching: fixes to PR:
https://github.com/pfsense/FreeBSD-ports/pull/692 Viktor Gurov

10/23/2019

08:23 PM Revision 9e80dd44: Add ca/certificate renew function backend (no GUI code yet). Issue #9842: Jim Pingle
08:06 PM pfSense Packages Bug #9844 (Resolved): System_Patches 1.2_2 syntax error: After install updated package System_Patches 1.2.2 it crashes
PATCH Menu is also GONE from system after update
Cr... Carlos Rocha
04:33 PM Revision ff5bc49c: spaces to tabs: Viktor Gurov
03:40 PM Revision 2d13c7fc: spaces to tabs: Viktor Gurov
03:34 PM Revision 3b9015b2: ARM checks: Viktor Gurov
03:27 PM Feature #9825: Requirements for trusted certificates in iOS 13 and macOS 10.15: Not a resolution, but a related note: I am adding code to renew certificates with an option to enforce these paramete... Jim Pingle
03:18 PM Feature #9842 (In Progress): Add CA/certificate renewal function: Second guessing the removal of deprecated subject items, since if the subject and key stay the same, then clients wou... Jim Pingle
02:57 PM Revision e0f8d364: fixes: Viktor Gurov
02:47 PM Revision de78ec77: Merge pull request #4086 from vktg/restartallwan: Renato Botelho
02:46 PM Revision b99b254e: Merge pull request #4103 from vktg/csreckey: Renato Botelho
02:46 PM Revision a1942bd3: Merge pull request #4101 from vktg/pcapstart: Renato Botelho
02:30 PM Bug #8179: Incorrect reverse DNS zone in DHCP server config for non-octet-aligned subnet mask: Yousif Hassan wrote:
> While the suggested code fix does in fact generate the more correct classless zone name, it... Yousif Hassan
01:34 PM Bug #9837: ipv6 is not completely disabled on the interfaces: be careful
https://www.freebsd.org/cgi/man.cgi?query=ifconfig&sektion=8&manpath=freebsd-release-ports#end
BUGS
... Manuel Piovan
12:37 PM pfSense Packages Bug #9740: empty Status / Tinc VPN page on latest 2.5: https://github.com/pfsense/FreeBSD-ports/pull/691
There is no /usr/local/sbin/clog in pfSense 2.5
using "cat" ins... Viktor Gurov
12:27 PM Revision 7df98f28: Add root warning to HA node sync privilege.: (cherry picked from commit 03b8b94ed86ca85510e7d00e035d30eab7e3a43b) Jim Pingle
12:26 PM Revision 03b8b94e: Add root warning to HA node sync privilege.: Jim Pingle
10:38 AM Feature #9771: diag_reboot.php: add ability to reroot and reboot with fsck to WebGUI: Jim Pingle wrote:
> It just hasn't made it into a Factory snapshot yet. It's already in the tree there.
additions... Viktor Gurov
09:47 AM Feature #9831 (Feedback): diag_packet_capture.php: print packet capture start time: PR has been merged. Thanks! Renato Botelho
09:47 AM Bug #9745 (Feedback): can't add ECDSA certificate key when signing CSR: PR has been merged. Thanks! Renato Botelho
09:47 AM Feature #9688 (Feedback): restartallwan - pfSsh.php script to restart all wan interfaces: PR has been merged. Thanks! Renato Botelho
09:40 AM pfSense Packages Feature #9824 (Feedback): Add support for DuckDuckGo's Safe Search: PR has been merged. Thanks! Renato Botelho
09:40 AM pfSense Packages Bug #9811 (Feedback): apcupsd - can not set BATTERYLEVEL and MINUTES to -1 although these are valid values: PR has been merged. Thanks! Renato Botelho
09:36 AM pfSense Packages Feature #9742 (Feedback): Print Patch ID in log while patching: PR has been merged. Thanks! Renato Botelho
09:36 AM pfSense Packages Feature #9521 (Feedback): Upgrade to HAProxy 1.9: PR has been merged. Thanks! Renato Botelho
09:29 AM pfSense Packages Bug #9836 (Feedback): OpenBGPD package deamon starts twice: PR has been merged. Thanks! Renato Botelho
08:46 AM Revision 68690e0d: initial version: Viktor Gurov
07:59 AM Feature #9843 (Pull Request Review): allow to generate cert/csr with ECDSA key: Jim Pingle
03:52 AM Feature #9843: allow to generate cert/csr with ECDSA key: https://github.com/pfsense/pfsense/pull/4104 Viktor Gurov
03:50 AM Feature #9843 (Resolved): allow to generate cert/csr with ECDSA key: Add ability to generate certificates/CSRs with ECDSA keys. Viktor Gurov
07:47 AM Revision 5a828267: cosmetic: vktg
07:45 AM Revision 4985c900: spaces: vktg
07:41 AM Revision ec2c7f75: touch() if action == Start: vktg

10/22/2019

05:00 PM Revision 233544b3: Update diag_packet_capture.php: fixes vktg
04:13 PM Feature #7332: Provide certificate expiry warning: It would be great if Certificate Manager will support expiration notification option for each existing certificate in... DRago_Angel [InV@DER]
03:57 PM Feature #7332: Provide certificate expiry warning: See also: #9703 Jim Pingle
04:11 PM Feature #9703: Certificate Manager Expiration Notification: Ok, fair. DRago_Angel [InV@DER]
04:09 PM Feature #9703: Certificate Manager Expiration Notification: There is no distinction here when the feature doesn't exist. They are asking for the same thing, but in different way... Jim Pingle
04:05 PM Feature #9703: Certificate Manager Expiration Notification: Hi Jim, the idea is duplicate, but the task itself not. DRago_Angel [InV@DER]
03:57 PM Feature #9703 (Duplicate): Certificate Manager Expiration Notification: Duplicate of #7332 Jim Pingle
04:07 PM Feature #9842 (Resolved): Add CA/certificate renewal function: Currently there is no way to renew an existing certificate, you have to recreate it.
Add a function to renew a cer... Jim Pingle
03:49 PM Revision dace81a7: additions: Viktor Gurov
03:07 PM Revision dc9393ba: Initialize array to avoid a PHP error in upgrade_144_to_145(). Fixes #9840: (cherry picked from commit 8e0d33ec48792e13839a0181031664261269c220) Jim Pingle
03:07 PM Revision 8e0d33ec: Initialize array to avoid a PHP error in upgrade_144_to_145(). Fixes #9840: Jim Pingle
01:56 PM pfSense Packages Bug #9836 (Pull Request Review): OpenBGPD package deamon starts twice: Jim Pingle
01:51 PM pfSense Packages Bug #9836: OpenBGPD package deamon starts twice: Please consider the following pull request:
https://github.com/pfsense/FreeBSD-ports/pull/690
Dirk Meyer
10:43 AM Revision 47c46bbd: initial: Viktor Gurov
10:41 AM Bug #9841 (Rejected): pfSense shows wrong info about BIOS on Intel DH61BR motherboard: That's an issue with the BIOS/DMI/etc info supplied by your board, not pfSense. Jim Pingle
10:29 AM Bug #9841 (Rejected): pfSense shows wrong info about BIOS on Intel DH61BR motherboard: Hello, I have installed pfSense in Intel DH61BR motherboard but shows strange info on BIOS.
Everything else seems to... Horus Horus
10:22 AM pfSense Packages Bug #8258: BIND responds with SERVFAIL when adding/changing records if 'allow-update' is configured for a zone: Submitted a PR that fixes this: https://github.com/pfsense/FreeBSD-ports/pull/689 Ross Williams
10:15 AM Bug #9840 (Feedback): PHP7: Uninitialised array in upgrade_config.inc: Applied in changeset commit:8e0d33ec48792e13839a0181031664261269c220. Jim Pingle
09:49 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: John K wrote:
> What's the status here? Has Netgate been able to reproduce this issue?
Not that I have seen yet.... Jim Pingle
09:22 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: Jim Pingle wrote:
> If anyone can come up with simple cases that reliably reproduce the problem [...]
What's the ... John K
06:35 AM Revision b1370c94: if spaces fixes: Viktor Gurov
06:30 AM Revision 10703125: touch() fixes: vktg
05:27 AM Bug #9829: NTP Status vs. parsing NTP Access Restrictions: Dear Jim,
thanks for your reply, but I'm afraid I did not quite understand it...
If I check "Disable ntpq and n... Edgar Wiesmann

10/21/2019

05:05 PM Bug #9840 (Resolved): PHP7: Uninitialised array in upgrade_config.inc: Interfaces set to trackv6 against an interface that does not have an IPv6 config trigger this:... Steve Wheeler
03:30 PM Bug #9448 (Resolved): Dynamic DNS options showing in GUI for IPv6 when not in use: Actually, it is there even in your video. You scrolled by it. With a non-default algorithm, there are custom settings... Jim Pingle
03:26 PM Bug #9448 (Feedback): Dynamic DNS options showing in GUI for IPv6 when not in use: I can't reproduce that problem on a current snapshot. It's possible another change affected the behavior, such as the... Jim Pingle
02:43 PM Bug #9839: How to clean disable IPsec VTI Tunnel: I would agree, and sorry to make the title look like a question.
But the description states, that this is more like ... Thomas Spalinger
02:38 PM Bug #9839 (Not a Bug): How to clean disable IPsec VTI Tunnel: That is a support question, and this site is not for support or diagnostic discussion.
For assistance in solving p... Jim Pingle
02:30 PM Bug #9839 (Not a Bug): How to clean disable IPsec VTI Tunnel: I found the exact same question in issue #8691, but with a different purpose.
I have setup some VTI Site to Site t... Thomas Spalinger
08:04 AM Bug #9763 (Resolved): Trying to set VLAN Priority causes error: Jim Pingle
08:04 AM pfSense Packages Bug #9836: OpenBGPD package deamon starts twice: Nobody is currently maintaining the OpenBGPD package. It has been deprecated in favor of FRR, but remains available f... Jim Pingle
08:02 AM Feature #6103: DNS Resolver Outgoing Interfaces should be able to use Gateway Groups: That would still only do failover, and wouldn't have the behavior suggested by OP. It should be possible to populate ... Jim Pingle
08:00 AM Bug #9745 (Pull Request Review): can't add ECDSA certificate key when signing CSR: Jim Pingle
07:58 AM Bug #9823 (Closed): no l2tplink param in get_interface_info: Jim Pingle
07:57 AM Feature #9834 (Pull Request Review): system_certmanager.php: add ability to import certificate without private key: It's nowhere near that simple. In doing this, there would also have to be quite a bit of code preventing users from p... Jim Pingle
07:54 AM Bug #9832 (Not a Bug): DHCP relay stopped working after changing interface and vlan name: Did you reassign/move the interface or only change its name? I can see how it might break if you changed the interfac... Jim Pingle
07:46 AM Bug #9837: ipv6 is not completely disabled on the interfaces: That seems like it would not be desirable to set by default. There are people who want to run with linklocal addresse... Jim Pingle
07:42 AM Bug #9835 (Rejected): client's certificate and login/pass can be different (no conformity checks): The functionality is there already. Check "Enforce match" under Strict User-CN Matching. Then it will test the certif... Jim Pingle
07:40 AM Bug #9829: NTP Status vs. parsing NTP Access Restrictions: The page checks for settings, and if 'noquery' is set, then it assumes the daemon will be unreachable. It could maybe... Jim Pingle
07:27 AM pfSense Packages Feature #9824 (Pull Request Review): Add support for DuckDuckGo's Safe Search: Jim Pingle
07:23 AM pfSense Packages Feature #9742 (Pull Request Review): Print Patch ID in log while patching: Jim Pingle
07:16 AM Feature #9831 (Pull Request Review): diag_packet_capture.php: print packet capture start time: Jim Pingle

10/20/2019

10:08 PM Revision fb249aef: Revise jquery/jquery-ui in csrf_error page, which needs its own copy: Steve Beaver
09:00 PM pfSense Packages Feature #9555: pimd package: +1, igmpproxy stopped working for Sonos systems after pfsense update several years ago (I want to say 2.2 -> 2.3, but... Andy Shulman
03:20 PM Bug #9835: client's certificate and login/pass can be different (no conformity checks): https://forums.openvpn.net/viewtopic.php?t=18264
https://serverfault.com/questions/358855/how-to-prevent-users-fro... Viktor Gurov
02:12 PM Feature #9838 (New): PKCS11 support: There is no ability to use PKCS11 tokens with OpenVPN. because *[PKCS11]* feature is not compiled in:... Viktor Gurov
02:04 PM Bug #9837 (New): ipv6 is not completely disabled on the interfaces: When IPv6 Configuration Type is None on Interfaces configuration page, IPv6 link-local addresses still uses
You can ... Viktor Gurov
07:31 AM Feature #6103: DNS Resolver Outgoing Interfaces should be able to use Gateway Groups: You can select Loopback as Outgoing interface of DNS Resolver -
In this case it uses gateway group
Viktor Gurov
06:25 AM pfSense Packages Bug #9836 (Resolved): OpenBGPD package deamon starts twice: After reboot with OpenBGPD package
the bgpd starts twice.
logfile:
Oct 20 11:44:50 router bgpd[53729]: startup
... Dirk Meyer

10/19/2019

12:53 PM Revision c13a8a59: ec key parser: Viktor Gurov
08:33 AM Bug #9763: Trying to set VLAN Priority causes error: Jim Pingle wrote:
> Applied in changeset commit:93db39ba1b7a72ad936a76aee2fe059a35b8af40.
Tested on 2.5.0.a.20191... Viktor Gurov
08:00 AM Bug #9745: can't add ECDSA certificate key when signing CSR: https://github.com/pfsense/pfsense/pull/4103 Viktor Gurov
06:13 AM Bug #9823: no l2tplink param in get_interface_info: it successfully creates [l2tplink] entry after you select L2TP in IPv4 Configuration Type field on interface configur... Viktor Gurov
04:56 AM Feature #9834: system_certmanager.php: add ability to import certificate without private key: https://github.com/pfsense/pfsense/pull/4102 Viktor Gurov
04:13 AM Bug #9835 (Rejected): client's certificate and login/pass can be different (no conformity checks): Remote Access (SSL/TLS + User Auth) allow users created in Local Database to use login/pass of other users during Ope... Viktor Gurov

10/18/2019

06:02 PM Feature #9302: radvd always advertises DNS servers and Domain Search List regardless of M or O flag: DNS via RFC 8415 (DHCP) and via RFC 8106 (RDNSS) are independent functions which is as the current pfSense implementa... Rick Coats
05:30 PM Feature #9302: radvd always advertises DNS servers and Domain Search List regardless of M or O flag: Are you saying that the impact of this change, is that in the cases of "Managed" or "Stateless DHCP" then the bottom ... Rick Coats
03:51 PM Feature #9302: radvd always advertises DNS servers and Domain Search List regardless of M or O flag: I totally agree that when using "M" mode that RDNSS should not be disabled.
In fact, the change above only stops ... Elbin Teh
01:12 PM Feature #9302: radvd always advertises DNS servers and Domain Search List regardless of M or O flag: I think this change breaks ipv6 RFC compliance. The blogger article was written in 2012 and seems that the authors go... Rick Coats
03:15 PM Revision bb31e48e: Correct jQuery include: Steve Beaver
03:09 PM Revision b1a3d89a: Renamed jQuery-ui files for consistency with jQuery naming: Steve Beaver
02:59 PM Revision df4262d0: Fixed #9407: Steve Beaver
10:12 AM Bug #9407: Update jQuery to current version (3.3.1 or later): jQuery updated to 3.4.1
jQuery-ui updated to 1.12.1
www/vendor directory reorganized
Obsoleted files list updated
... Anonymous
10:05 AM Bug #9407 (Feedback): Update jQuery to current version (3.3.1 or later): Applied in changeset commit:df4262d0e1d8d460ba93b9fcde16476306ee21f6. Anonymous
09:13 AM Feature #9834 (Resolved): system_certmanager.php: add ability to import certificate without private key: This is needed in case when VPN clients uses PKCS#11 token for authentication, and they not able to export private key Viktor Gurov
04:52 AM pfSense Packages Feature #9833 (New): ACME: add ability to use custom ACME server: Hi, on September 2019 the Smallstep company released a feature on their +step-ca+ tool that allows to serve private C... Filippo Tessarotto
03:51 AM Bug #9832 (Not a Bug): DHCP relay stopped working after changing interface and vlan name: Hi
Interface and vlan was named AP_HBV, so i changed it to VLAN528_AP_HBV.
Afterwards DHCP Relay didnt work.
T... Michael Olesen

10/17/2019

05:07 PM pfSense Packages Feature #9820 (Resolved): Add Zabbix 4.4 (agent and proxy) packages: Renato Botelho
04:40 PM pfSense Packages Feature #9820: Add Zabbix 4.4 (agent and proxy) packages: Works for me thanks! Pim Janssen
08:51 AM Revision 52a950a2: workaround if capture already exist: Viktor Gurov
08:27 AM Revision 438870df: check if time file exist: Viktor Gurov
07:53 AM Revision a2f56f9d: print capture start time: Viktor Gurov
03:55 AM Feature #9831: diag_packet_capture.php: print packet capture start time: https://github.com/pfsense/pfsense/pull/4101 Viktor Gurov
03:55 AM Feature #9831 (Resolved): diag_packet_capture.php: print packet capture start time: Prints packet capture start time in extra field Viktor Gurov

10/16/2019

06:34 PM Revision 88b88d2d: Enable zabbix 4.4 build: Renato Botelho
06:34 PM Revision c8865ef3: Enable zabbix 4.4 build: Renato Botelho
06:25 PM Revision ee74e2c3: Add Zabbix 4.4 config options: (cherry picked from commit 04677464cd4bf73588934277d7ff7eb2dd3d5ceb) Danilo Baio
06:25 PM Revision 3be451cd: Merge pull request #4100 from dbaio/zabbix44: Renato Botelho
04:56 PM Feature #9828: L2TP (long) username containing @ (realm separator): ok it's because it's late for me then ^^
don't worry, some dev will read and answer here asap, if they want a PR for... Manuel Piovan
04:24 PM Feature #9828: L2TP (long) username containing @ (realm separator): I need a server, not a client :-)
The username/realm mod is exactly wat is needed and should me incorporated in th... Arjan van der Oest
04:04 PM Feature #9828: L2TP (long) username containing @ (realm separator): sorry man didn't understand clearly what you where doing from the start..
revert back my mods, that page is for conf... Manuel Piovan
01:22 PM Feature #9828: L2TP (long) username containing @ (realm separator): Well, changing the script allows to add the desired realms in the username, however the establishing of the l2tp tunn... Arjan van der Oest
11:17 AM Feature #9828: L2TP (long) username containing @ (realm separator): I will try and report back ASAP, thanks for the ultrafast response, I truly appreciate it. Arjan van der Oest
11:05 AM Feature #9828: L2TP (long) username containing @ (realm separator): /usr/local/www/vpn_l2tp_users_edit.php
change line 82
if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['usern... Manuel Piovan
09:06 AM Feature #9828 (Resolved): L2TP (long) username containing @ (realm separator): Hi Team,
I’m trying to use pfSense as LNS via L2TP. However my LAC always includes a realm in the username.
Fo... Arjan van der Oest
02:04 PM pfSense Packages Feature #9820 (Ready To Test): Add Zabbix 4.4 (agent and proxy) packages: PR has been merged. Thanks! Renato Botelho
07:06 AM pfSense Packages Feature #9820 (In Progress): Add Zabbix 4.4 (agent and proxy) packages: Danilo (dbaio@FreeBSD.org) is working to integrate zabbix 4.4 on pfSense as well Renato Botelho
05:03 AM pfSense Packages Feature #9820: Add Zabbix 4.4 (agent and proxy) packages: https://svnweb.freebsd.org/ports/head/net-mgmt/zabbix44-proxy/
https://svnweb.freebsd.org/ports/head/net-mgmt/zabbix... Pim Janssen
11:59 AM pfSense Docs Correction #9822: specify XG-7100 does not support NVMe: In addition to the XG-7100's, the note has been added to all systems that have an M.2 SATA drive upgrade option. Seem... Doug McIntire
11:30 AM Bug #9830 (Resolved): NTP ACLs vs. NTP pools: Starting with /var/etc/ntpd.conf containing:... Edgar Wiesmann
11:16 AM Bug #9829 (Resolved): NTP Status vs. parsing NTP Access Restrictions: Status/NTP displays "Statistics unavailable because ntpq and ntpdc queries are disabled in the NTP service settings" ... Edgar Wiesmann

10/15/2019

11:00 PM Revision 04677464: Add Zabbix 4.4 config options: Danilo Baio
05:38 PM Todo #8350: Remove clog in favor of standard syslogd or syslogd alternative with rotation via newsyslog or logrotate: That is not related to this change, so it cannot be considered on this issue. TCP syslog is not yet supported by Free... Jim Pingle
05:36 PM Todo #8350: Remove clog in favor of standard syslogd or syslogd alternative with rotation via newsyslog or logrotate: Testing 2.5.0-dev, found UI does not provide support for TCP syslog forwarding. I believe this results in truncation... Mark Rodman

10/14/2019

01:27 PM pfSense Docs Correction #9822 (Closed): specify XG-7100 does not support NVMe: Added note to state that NVMe is not supported on both the XG-7100 DT & 1U.
https://docs.netgate.com/pfsense/en/la... Doug McIntire
10:16 AM pfSense Packages Bug #9135 (Rejected): Suricata in inline modus blocks some downloads: As pointed by Bill, it's not a pfSense bug. Renato Botelho
08:40 AM Feature #9827 (Duplicate): Add default route indicator to gateways dashboard widget to indicate which interface is currently selected as default in a gateways group scenario: In System > Routing > Gateways the default route is indicated based on the state of the gateway group.
It would be u... And Ritchie
06:40 AM pfSense Packages Feature #9521 (Pull Request Review): Upgrade to HAProxy 1.9: Renato Botelho
03:13 AM pfSense Packages Feature #9521: Upgrade to HAProxy 1.9: now that pfsense/FreeBSD-ports has been updated to ports 2019Q3 i think it would make sense to bump haproxy versions
... Torben Hørup

Also available in: Atom

Project

General

Profile

pfSense

Activity

Activity

11/12/2019

11/11/2019

11/10/2019

11/09/2019

11/08/2019

11/07/2019

11/06/2019

11/05/2019

11/04/2019

11/03/2019

11/02/2019

11/01/2019

10/31/2019

10/30/2019

10/29/2019

10/28/2019

10/27/2019

10/26/2019

10/25/2019

10/24/2019

10/23/2019

10/22/2019

10/21/2019

10/20/2019

10/19/2019

10/18/2019

10/17/2019

10/16/2019

10/15/2019

10/14/2019