Project

General

Profile

Activity

From 10/23/2019 to 11/21/2019

11/21/2019

09:31 PM Revision efe83ab9: Enable OpenVPN x509-alt-username build option. Fixes #9884
Jim Pingle
09:22 PM Revision 327ad811: CDATA escape more auth-related fields. Fixes #9327
Jim Pingle
09:02 PM Revision fd04c00c: Hide OpenVPN 'interface' when multihome is selected. Fixes #7840
(cherry picked from commit 5a9dc1dc278c6c537bfd5289125607117ceb99df) Jim Pingle
09:01 PM Revision 5a9dc1dc: Hide OpenVPN 'interface' when multihome is selected. Fixes #7840
Jim Pingle
08:19 PM Revision 53ede603: OpenVPN page sorting tweaks
(cherry picked from commit 41025f6094ed34406cdf23097656ea7cae4483ae) Jim Pingle
08:19 PM Revision 3e42a128: OpenVPN status page sent/recv bytes sorting changes. Fixes #7359
(cherry picked from commit f467ea24cb3c3a98b370c2427ff1aa53d25f14a1) Jim Pingle
07:41 PM Revision bc3e78ab: OpenVPN ECDH/ECDSA filtering. Fixes #9744
Can be revisited in the future if the corresponding OpenVPN bug is
resolved. Jim Pingle
07:09 PM Revision f467ea24: OpenVPN status page sent/recv bytes sorting changes. Fixes #7359
Jim Pingle
06:36 PM Revision 41025f60: OpenVPN page sorting tweaks
Jim Pingle
05:09 PM Revision 20cd68d2: Add copy action to OpenVPN pages. Implements #5851
Added to Server, Client, and Client-Specific Override pages
(cherry picked from commit d86c28bc833cdeb8eb90525d930ff... Jim Pingle
05:08 PM Revision d86c28bc: Add copy action to OpenVPN pages. Implements #5851
Added to Server, Client, and Client-Specific Override pages Jim Pingle
04:43 PM Bug #9212 (Not a Bug): OpenVPN Client can't connect over IPv6 in "multihome"
OK, that does sound more like an OpenVPN or config issue. Jim Pingle
04:38 PM Bug #9212: OpenVPN Client can't connect over IPv6 in "multihome"
Oh, I totally forgot about this problem.
I finally found the solution and I think the problem comes from OpenVPN a... benoit moreau
03:16 PM Bug #9212 (Incomplete): OpenVPN Client can't connect over IPv6 in "multihome"
The description is a bit vague:
* Is pfSense the server in this scenario, or the client?
* If the client is not p... Jim Pingle
04:34 PM Revision f6636150: arm check fix with get_single_sysctl()
Viktor Gurov
03:40 PM Feature #9884 (Feedback): Add support for OpenVPN --x509-username-field
Applied in changeset commit:efe83ab95d64d8d364d8a210d709fa49a551e718. Jim Pingle
03:32 PM Feature #9884: Add support for OpenVPN --x509-username-field
I'm not seeing any negative effects to enabling that build option, so it should be fine for testing. Jim Pingle
03:30 PM Bug #9327 (Feedback): Using the character "¤" in OpenVPN password field creates invalid config.xml
Applied in changeset commit:327ad811aa5f965ba805ea78f879c759ca0fdafa. Jim Pingle
03:22 PM Bug #9327: Using the character "¤" in OpenVPN password field creates invalid config.xml
Looks like the easiest fix is to CDATA escape that field. Jim Pingle
03:10 PM Bug #7840 (Feedback): OpenVPN 2.4 Server: Hide Interface when Protocol is Multihome
Applied in changeset commit:5a9dc1dc278c6c537bfd5289125607117ceb99df. Jim Pingle
02:55 PM Feature #7353 (Closed): Openvpn Logins page
On 2.5.0 there is a dedicated authentication log, which you could filter for OpenVPN and see most of what you are aft... Jim Pingle
02:48 PM Feature #7078: Allow reordering of client specific overrides in OpenVPN
While not a persistent reordering, I added sorting to the list in commit:41025f6094ed34406cdf23097656ea7cae4483ae
 Jim Pingle
02:47 PM Feature #4728 (Duplicate): Expose ``nopool`` server option in the OpenVPN Server GUI
This was duplicated by #7567 which was solved a couple years ago. Jim Pingle
02:43 PM Feature #3244: Check that OpenVPN tunnel network does not overlap any other subnet
Thinking about this a bit since I noticed the lack of validation when implementing #5851. It makes sense that an Open... Jim Pingle
02:28 PM pfSense Packages Feature #9874 (Pull Request Review): safesearch enforcing
Jim Pingle
03:24 AM pfSense Packages Feature #9874: safesearch enforcing
received email from Yandex support with the list of domains for redirection:... Viktor Gurov
02:27 PM pfSense Packages Feature #9916 (Pull Request Review): Check allow-transfer in custom option when the zone is slave
Jim Pingle
01:32 PM pfSense Packages Feature #9916 (Resolved): Check allow-transfer in custom option when the zone is slave
If i add custom option (allow-transfer) to my slave zone, bind exit with error, because say already defined this opti... Am1g0 B0y
01:50 PM Bug #9744 (Feedback): fatal error if ECDH Curve not default
Applied in changeset commit:bc3e78ab3dd4bffb89cb8d2533199e37f92fcbf2. Jim Pingle
01:20 PM Bug #7359 (Feedback): Status/OpenVPN Page Sorts Incorrectly
Applied in changeset commit:f467ea24cb3c3a98b370c2427ff1aa53d25f14a1. Jim Pingle
11:38 AM Feature #5851: Add copy action to OpenVPN client / server
Thank you! PT Rich
11:15 AM Feature #5851 (Feedback): Add copy action to OpenVPN client / server
Applied in changeset commit:d86c28bc833cdeb8eb90525d930ff81fa3738cc9. Jim Pingle

11/20/2019

04:47 PM Revision 1d9fbb71: Correct VTI IPv6 test and syntax. Fixes #9801
Jim Pingle
04:29 PM Revision 94ce250e: Move CA random serial option to upper section. Issue #9883
This allows it to be set when creating a new CA, so it doesn't have to
be edited in later.
Also show the next serial... Jim Pingle
03:00 PM Todo #9915 (Resolved): Convert OpenVPN to CAPath
While investigating #9889, I found that OpenVPN recently introduced a new style of specifying CA and CRLs in a single... Jim Pingle
02:44 PM Bug #4521: OpenVPN authentication and certificate validation fail due to size of data passed through ``fcgicli``
This is likely less of an issue now that emailAddress is no longer usable in the subject, but might still be hit with... Jim Pingle
02:29 PM Bug #9744: fatal error if ECDH Curve not default
If it works with the secp* curves then maybe we should filter the list like we have done for HTTPS and IPsec. At leas... Jim Pingle
01:16 PM Feature #9309 (Pull Request Review): Allow manual selection of IPsec IKE Pseudo-Random Function (PRF)
Jim Pingle
01:10 PM Feature #3718: radvd - enhancement proposal: ability to advertise routes and some fixes - patches attached
Can you submit this as a pull request on github, rather than attaching patches?
https://docs.netgate.com/pfsense/e... Jim Pingle
10:55 AM Bug #9801 (Feedback): VTI IPv6 addresses don't get assigned
Applied in changeset commit:1d9fbb716543110ac245e2749f8c06fc77480a77. Jim Pingle
10:47 AM Bug #9801 (In Progress): VTI IPv6 addresses don't get assigned
Jim Pingle
08:05 AM Bug #9577: radvd send_ra_forall failed on interface / can't join ipv6-allrouters
Ronald Schellberg wrote:
> On a side note, why has issue dropped from the 2.5 issue list????
It was never assigne... Jim Pingle

11/19/2019

04:43 PM Revision d1f5587d: Rename IPsec "RSA" options to "Certificate". Implements #9903
Jim Pingle
02:21 PM Bug #9873: Switching the System Update to Development renders the system unbootable
If it can help. I was able to correct the issue by running:
ssh to pfsense
cd /usr/local/lib/php/
ln -s 2017071... Alex D
01:45 PM pfSense Packages Bug #9795: FRR add two or more ipv6 BGP Neighbors will system down
i try setup use openbgpd normarl work ipv6 with openvpn. so i think the frr sure has bugs. yon Liu
12:12 PM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries
Jim Pingle wrote:
> John K wrote:
> > What's the status here? Has Netgate been able to reproduce this issue?
>
... John K
10:50 AM Todo #9903 (Feedback): Rename IPsec "RSA" options to more generic "Certificate" options
Applied in changeset commit:d1f5587d48af48817336fdf8644ea7d7679cf037. Jim Pingle
09:15 AM Bug #9646: OpenSSL 1.1.1 does not list engines for AES-NI or BSD crypto
On my beyond 2.5 version (12.1 based), the devcryto patch applied, and after the devcrypto.ko is loaded:... Ronald Schellberg
04:57 AM Bug #9646: OpenSSL 1.1.1 does not list engines for AES-NI or BSD crypto
https://forum.netgate.com/topic/148171/openvpn-no-option-for-aes-ni/6
openssl speed -engine rdrand -evp aes-128-gc... yon Liu
07:59 AM Bug #9914 (Rejected): dhcp6c wont work on reboot, only after service restart
This doesn't appear to be a general issue with dhcp6c, but it may be specific to something in your settings or enviro... Jim Pingle
05:35 AM Bug #9914 (Rejected): dhcp6c wont work on reboot, only after service restart
The dhcp6c service is not working after a reboot, I have to restart the service to get it working. The log file has t... Seyfidin Hamraoui
07:51 AM Bug #3965: dhcp6c started before bridge configured at boot, preventing interface tracking
See also: #6529 Jim Pingle
07:51 AM Bug #6529 (Duplicate): dhcp6c fails to start with track6 on a bridge interface
Duplicate of #3965 Jim Pingle
05:55 AM Feature #7791 (Resolved): include /usr/bin/strings in core pfSense
Renato Botelho
12:10 AM pfSense Packages Feature #9913 (Resolved): Adding note Squid Traffic Managment Settings about feature limit
Squid Traffic Managment Settings mostly works with generic HTTP, so that, it may not work without HTTPS Interception ... Constantine Kormashev

11/18/2019

10:33 PM Feature #7791: include /usr/bin/strings in core pfSense
I can confirm that /usr/bin/strings gets included in new builds. Ronald Schellberg
11:00 AM Feature #7791 (Feedback): include /usr/bin/strings in core pfSense
Applied in changeset commit:6ecea21ad2b6b7912968fb1240ee5d32649bbdf1. Renato Botelho
10:29 AM Feature #7791: include /usr/bin/strings in core pfSense
If there an explicit non-plan for this to be addressed, could it be so noted? Royce Williams
09:46 PM Revision 9540eac2: fix
Viktor Gurov
09:30 PM Feature #9911 (Resolved): Show confirmation box before disconnecting PPPoE
Great, thanks for testing! Jim Pingle
09:19 PM Feature #9911: Show confirmation box before disconnecting PPPoE
I can confirm this patch works. Nice red button and it requests confirmation of the selection to disconnect. Ronald Schellberg
09:18 PM Feature #9911: Show confirmation box before disconnecting PPPoE
Hi Jim.
I've applied the patch and I'm happy to confirm that yes, it works perfectly!
I like the fact it's now RED ... Anonymous
03:28 PM Feature #9911: Show confirmation box before disconnecting PPPoE
You're welcome! Did you have a chance to test the patch? You should be able to apply commit 4193cc185ef55e2260dae4ff2... Jim Pingle
03:05 PM Feature #9911: Show confirmation box before disconnecting PPPoE
Unsure if it's appropriate to say "Thanks" in the bugtracker, but *thanks!!* Especially for such a prompt patch. App... Anonymous
01:45 PM Feature #9911 (Feedback): Show confirmation box before disconnecting PPPoE
Applied in changeset commit:b8b0c2a320166a3b5732354d35edad47d0f05a04. Jim Pingle
07:19 AM Feature #9911: Show confirmation box before disconnecting PPPoE
This should be as easy as changing the button from a warning class to a danger class, which automatically gets a JS c... Jim Pingle
12:11 AM Feature #9911 (Resolved): Show confirmation box before disconnecting PPPoE
The *Status->Interfaces* page (_status_interfaces.php_) is very useful for showing Interface details.
On systems tha... Anonymous
07:38 PM Revision 53f5bc4b: more pretty func
Viktor Gurov
07:38 PM Revision 4193cc18: Change interface disconnect/release button to 'danger'. Fixes #9911
While here, add the interface name to the button text.
Net effect is a confirmation box to ensure the user wants to ... Jim Pingle
07:37 PM Revision b8b0c2a3: Change interface disconnect/release button to 'danger'. Fixes #9911
While here, add the interface name to the button text.
Net effect is a confirmation box to ensure the user wants to ... Jim Pingle
07:29 PM Revision b1ffc46f: extra switch case for !ospf
Viktor Gurov
06:57 PM Revision 46ca1080: fixes
Viktor Gurov
04:52 PM Revision 7eed5588: Fix #7791: strings binary can be useful for troubleshooting
Renato Botelho
04:52 PM Revision 6ecea21a: Fix #7791: strings binary can be useful for troubleshooting
Renato Botelho
10:57 AM pfSense Packages Feature #9912 (New): add custom DPI to ntopng
hi, since you don't read a conf file at startup, could you add the -p parameter to the startup script and point it to... ROB VANHOOREN
07:54 AM Bug #9566: Traffic graph displays traffic incorrectly
See also #9910 which suggests it may be related to limiters, though this one mentions ALTQ. Jim Pingle
07:54 AM Bug #9910 (Duplicate): When using limiters, traffic on wan out is doubled
Duplicate of #9566 Jim Pingle
07:52 AM Feature #9909 (Pull Request Review): Add option to (dis)allow unauthenticated LDAP binds
Jim Pingle
07:46 AM Bug #9907 (Pull Request Review): Do not show incompatible ECDSA certs for DNS Resolver
Jim Pingle
07:40 AM Bug #9908 (Duplicate): hn0: driver does not support altq
Duplicate of #9647 Jim Pingle
07:39 AM Bug #9899 (Resolved): PHP Error: DateTime::diff() expects parameter 1 to be DateTimeInterface, bool given in /etc/inc/certs.inc on line 1958
OK, thanks for testing! Jim Pingle
07:35 AM pfSense Packages Feature #9906 (Pull Request Review): show ECDSA CAs and certs only with correct curves
Jim Pingle
07:33 AM Feature #9905 (Pull Request Review): ospf / ospv3 packet capture
Jim Pingle
07:17 AM Bug #9643: Limiters do not function properly on 2.5 snapshots
Nothing yet, but since we are rebasing on FreeBSD 12.1 soon, it will need to wait until after that happens. Jim Pingle
12:41 AM Bug #9643: Limiters do not function properly on 2.5 snapshots
Hi.
Any update on this one?
Thanks! Greg M
12:47 AM Bug #9646: OpenSSL 1.1.1 does not list engines for AES-NI or BSD crypto
This issue caught my eye, so I enabled the devcrypto patch on my version based on 12.1. On my VM, after loading the ... Ronald Schellberg

11/17/2019

03:12 PM Bug #9872: Error during build when compiling a non pfSense software
Another suggested edit to builder_common.sh would be to remove the console redirection on line 1717:
poudriere ... Ronald Schellberg
10:20 AM Bug #9910 (Duplicate): When using limiters, traffic on wan out is doubled
As title says.
Attached screenshot.
Can`t test on 2.5.0 as limiters on WAN on 2.5.0 kill all traffic. Greg M

11/16/2019

08:35 PM Revision ec2ff822: del unused code
Viktor Gurov
02:54 PM Feature #9909: Add option to (dis)allow unauthenticated LDAP binds
Pull Request : https://github.com/pfsense/pfsense/pull/4116 A FL
02:53 PM Feature #9909 (Resolved): Add option to (dis)allow unauthenticated LDAP binds
Hello,
Microsoft AD make the (stupid...) assumption that when an empty password is provided to the LDAP server, th... A FL
02:32 PM Revision 9d9dae5e: cert_build_list() func for certs
Viktor Gurov
12:56 PM Bug #9908: hn0: driver does not support altq
Line 587?
https://github.com/pfsense/FreeBSD-src/blob/RELENG_2_5/sys/dev/hyperv/netvsc/if_hn.c Greg M
12:52 PM Bug #9908 (Duplicate): hn0: driver does not support altq
Hi!
Referenced from here: https://redmine.pfsense.org/issues/8954
I created loader.conf.local with this line in... Greg M
12:48 PM Bug #9899: PHP Error: DateTime::diff() expects parameter 1 to be DateTimeInterface, bool given in /etc/inc/certs.inc on line 1958
Hi.
Confirmed fixed.
Cert expired and it had end date. Greg M
08:41 AM Bug #9907 (Resolved): Do not show incompatible ECDSA certs for DNS Resolver
Do not show incompatible ECDSA certs for DNS Resolver
It is difficult to find EC curves supported by each DNS implem... Viktor Gurov
07:38 AM Bug #9745: can't add ECDSA certificate key when signing CSR
Jim Pingle wrote:
> I made a couple changes that might help here, but I don't have a cert/key made that way to test.... Viktor Gurov
06:17 AM Revision 2a54b4cd: pcap ospf/ospfv3 support
Viktor Gurov
03:05 AM pfSense Packages Feature #9906 (Resolved): show ECDSA CAs and certs only with correct curves
Do not show incompatible ECDSA CAs or certs for FreeRADIUS
same as https://redmine.pfsense.org/issues/9897
... Viktor Gurov
12:40 AM Feature #9905 (Resolved): ospf / ospv3 packet capture
Adds the ability to select OSPF in the protocol field
It can capture OSPF, OSPFv3 or both, depending of Address Fami... Viktor Gurov

11/15/2019

10:51 PM Bug #9904 (Rejected): Unable to edit DHCP interface PPPoE Password and confirmed password must match
It's your browser and/or password manager.
It should be solved by #9864, at least as much as possible.
If the b... Jim Pingle
08:30 PM Bug #9904 (Rejected): Unable to edit DHCP interface PPPoE Password and confirmed password must match
I am unable to edit an interface that is DHCP with the error showing that my PPPoE Password and confirmed password mu... Mathew Keith
04:46 PM Revision 836f6ea5: Test DNS Hostnames separtely from GWs when storing new values. Fixes #9898
(cherry picked from commit 0d192133299b02efcb1db8f72bdce85a32a96631) Jim Pingle
04:24 PM Revision 0d192133: Test DNS Hostnames separtely from GWs when storing new values. Fixes #9898
Jim Pingle
04:02 PM Revision 9dfd57c0: Attempt to fetch EC curve OID if name is blank. Issue #9745
Jim Pingle
03:51 PM Revision 1120b85c: Certificate date calculation changes. Fixes #9899
Make the certificate date calculation more general and also try multiple ways
to determine the date (both timestamp a... Jim Pingle
03:13 PM Feature #4991: WebGUI does not support ECDSA certificates for IPSec Stage 1
I split the task of renaming the options/fixing the backend code to change from "RSA" to "Certificate" into a new iss... Jim Pingle
03:12 PM Todo #9903 (Resolved): Rename IPsec "RSA" options to more generic "Certificate" options
IPsec can use both RSA and ECDSA certificates, so we need to rename any IPsec Certificate-based authentication method... Jim Pingle
03:05 PM pfSense Packages Todo #9900: Status -> Monitoring -> Add View
Thanks Jim a "pkg upgrade -y pfSense-Status_Monitoring" fixed it.
[2.4.4-RELEASE][admin@pfsense]/root: pkg info -x... Andy Kniveton
07:24 AM pfSense Packages Todo #9900 (Duplicate): Status -> Monitoring -> Add View
Duplicate of #9681
See also: https://forum.netgate.com/topic/147819/cannot-create-new-monitoring-views/2 Jim Pingle
04:46 AM pfSense Packages Todo #9900 (Duplicate): Status -> Monitoring -> Add View
View names now seem to be forced lower case, seems odd as the default interface names are in upper case.
 Andy Kniveton
02:24 PM Bug #9267: dhclient does not handle protocol timeouts or script failures correctly
The change is included in FreeBSD 12.1. Once we move pfSense to FreeBSD 12.1 (which will happen before 2.5.0-RELEASE)... Jim Pingle
02:19 PM Bug #9267: dhclient does not handle protocol timeouts or script failures correctly
Any status on this? It pretty much breaks our router being able to handle power outages. Patrick Staton
12:00 PM pfSense Packages Feature #9902 (Resolved): add sticky filter for Alert Log please
hi, could the filter be made sticky?
it's not (as of 4.1.5_2)
thanks!
R.
*observed behaviour:*
services>... ROB VANHOOREN
10:35 AM Bug #9898 (Feedback): DNS over TLS hostname verification does not save
Applied in changeset commit:0d192133299b02efcb1db8f72bdce85a32a96631. Jim Pingle
07:46 AM Bug #9898: DNS over TLS hostname verification does not save
I can reproduce this, but only when the system in question is not Multi-WAN so the DNS server list does not show the ... Jim Pingle
10:16 AM pfSense Packages Bug #9740 (Resolved): empty Status / Tinc VPN page on latest 2.5

Tested on pfSense 2.5.0.a.20191114.1802
tinc 1.0.35_2
OK, Resolved Viktor Gurov
10:04 AM Bug #9745: can't add ECDSA certificate key when signing CSR
I made a couple changes that might help here, but I don't have a cert/key made that way to test. See commit:9dfd57c04... Jim Pingle
09:29 AM Bug #9745: can't add ECDSA certificate key when signing CSR
if key created without _-param_enc explicit_ option, everything is ok:... Viktor Gurov
08:24 AM Bug #9745: can't add ECDSA certificate key when signing CSR
Renato Botelho wrote:
> PR has been merged. Thanks!
Tested on 2.5.0.a.20191114.1802
CSR with key can be signed -... Viktor Gurov
10:00 AM Bug #9899 (Feedback): PHP Error: DateTime::diff() expects parameter 1 to be DateTimeInterface, bool given in /etc/inc/certs.inc on line 1958
Applied in changeset commit:1120b85cb2a275de3ffe337c4c3ac781c2ccfb9e. Jim Pingle
07:37 AM Bug #9899: PHP Error: DateTime::diff() expects parameter 1 to be DateTimeInterface, bool given in /etc/inc/certs.inc on line 1958
Do you have a CA or certificate in your list which has a missing end date?
If so, do you mind sharing the contents... Jim Pingle
12:45 AM Bug #9899 (Resolved): PHP Error: DateTime::diff() expects parameter 1 to be DateTimeInterface, bool given in /etc/inc/certs.inc on line 1958
Hi.
In latest snapshot there is:
Crash report begins. Anonymous machine information:
amd64
12.0-RELEASE-p1... Greg M
07:33 AM Todo #9897 (Resolved): Warn user when using incompatible ECDSA cert curves for WebGUI
I didn't put secp521r1 on the HTTP list for that reason. If it isn't widely compatible, it's best not to recommend it... Jim Pingle
01:35 AM Todo #9897: Warn user when using incompatible ECDSA cert curves for WebGUI

Make central functions to check and test ECDSA compatibility. Issue #9843
Filter incompatible certificates from be... Viktor Gurov
07:22 AM pfSense Packages Feature #9901 (Pull Request Review): show ECDSA CAs only with correct curves
Jim Pingle
05:22 AM pfSense Packages Feature #9901: show ECDSA CAs only with correct curves
https://github.com/pfsense/FreeBSD-ports/pull/709 Viktor Gurov
05:21 AM pfSense Packages Feature #9901 (Resolved): show ECDSA CAs only with correct curves
Do not show incompatible ECDSA CAs for Squid HTTPS/SSL Interception
same as https://redmine.pfsense.org/issues/9897 Viktor Gurov
07:22 AM pfSense Packages Todo #9158: Updates for Squid 4.x
Updated title. 2.5.0 snapshots are already using Squid 4.x (squid-4.8_1), but it may need adjustments to account for ... Jim Pingle
02:34 AM Feature #9896: Add poly1305-chacha20 to the TLSv1.2 cipher list in nginx
Jim Pingle wrote:
> Actually this appears to be unnecessary. It's already enabled by default for TLS 1.3, but that s... Viktor Gurov

11/14/2019

08:59 PM Revision cffcf9bf: GUI improvements for ECDSA certificate handling
* Make central functions to check and test ECDSA compatibility. Issue #9843
* Filter incompatible certificates from b... Jim Pingle
05:48 PM Bug #9898 (Resolved): DNS over TLS hostname verification does not save
Adding a DNS hostname to System>General settings is not being saved. The page reloads with the fields blank and the r... Mathew Keith
04:08 PM Revision b58fe676: order fix
Viktor Gurov
03:05 PM Feature #4991 (Feedback): WebGUI does not support ECDSA certificates for IPSec Stage 1
Applied in changeset commit:cffcf9bfaa1a054917d3427cbc7885b97db8902c. Jim Pingle
01:10 PM Feature #4991 (In Progress): WebGUI does not support ECDSA certificates for IPSec Stage 1
ECDSA keys do work with IPsec, but the OP is right that the key type in ipsec.secrets is incorrect. It needs a fix th... Jim Pingle
08:09 AM Feature #4991: WebGUI does not support ECDSA certificates for IPSec Stage 1
While support for ECDSA certificates is in 2.5.0, it needs tested with IPsec specifically to ensure it works.
Also... Jim Pingle
03:05 PM Todo #9897 (Feedback): Warn user when using incompatible ECDSA cert curves for WebGUI
Applied in changeset commit:cffcf9bfaa1a054917d3427cbc7885b97db8902c. Jim Pingle
01:10 PM Todo #9897 (In Progress): Warn user when using incompatible ECDSA cert curves for WebGUI
Jim Pingle
10:32 AM Todo #9897: Warn user when using incompatible ECDSA cert curves for WebGUI
https://github.com/pfsense/pfsense/pull/4113 Viktor Gurov
09:31 AM Todo #9897: Warn user when using incompatible ECDSA cert curves for WebGUI
Corrected title.
More discussion: https://forum.netgate.com/topic/148128/ecdsa-curve-certificates-on-2-5-0 Jim Pingle
08:18 AM Todo #9897: Warn user when using incompatible ECDSA cert curves for WebGUI
It works fine with the right curve. Only @prime256v1@ and @secp384r1@ will work from our list with TLS v1.3. See comm... Jim Pingle
08:16 AM Todo #9897 (Resolved): Warn user when using incompatible ECDSA cert curves for WebGUI
if you create ECDSA server cert ( https://redmine.pfsense.org/issues/9843 ) and set it to WebGUI HTTPS,
you got such... Viktor Gurov
01:55 PM Revision f660c27d: add poly1305-chacha20 to nginx cipher list
Viktor Gurov
01:43 PM Revision c3cda38e: Change default ECSDA curve to prime256v1. Issue #9843
Previous default was brainpool, but brainpool curves are not (widely?)
supported by browsers and were deprecated by I... Jim Pingle
10:46 AM Feature #3718: radvd - enhancement proposal: ability to advertise routes and some fixes - patches attached
I've tried to update the patch for version 2.4.4 here. Magnus Holmgren
10:02 AM Feature #3718: radvd - enhancement proposal: ability to advertise routes and some fixes - patches attached
Any interest in implementing this? I find it a bit lacking that the UI doesn't support configuring what routes to adv... Magnus Holmgren
10:18 AM Feature #9896 (Pull Request Review): Add poly1305-chacha20 to the TLSv1.2 cipher list in nginx
Actually this appears to be unnecessary. It's already enabled by default for TLS 1.3, but that scanner (nmap ssl-enum... Jim Pingle
08:02 AM Feature #9896 (Resolved): Add poly1305-chacha20 to the TLSv1.2 cipher list in nginx
as part of NGE
https://tools.ietf.org/html/rfc7905
test result (nmap):... Viktor Gurov
02:38 AM pfSense Packages Bug #9860 (Resolved): Illegal string offset 'config' in /usr/local/pkg/tinc.inc on line 83
tested on tinc 1.0.35_2
pfSense 2.5.0.a.20191113.1759
Resolved Viktor Gurov
12:16 AM pfSense Packages Bug #9895 (New): snort reinstallation failed
got such errors during snort pkg update:... Viktor Gurov

11/13/2019

11:23 PM Feature #4991: WebGUI does not support ECDSA certificates for IPSec Stage 1

can be closed
currently pfSense support ECDSA. see https://redmine.pfsense.org/issues/9843 Viktor Gurov
11:19 PM Revision eeceb2ca: Add option to disallow unauthenticated LDAP binds
A FL
06:28 PM Revision 4b4df568: Revert "RADVD: In "managed" or "stateless_dhcp" mode, don't use default values for DNS servers etc (these should come from DHCPv6)"
This reverts commit dcc887a355aae49c7df0c29752c04e12922aca83. Jim Pingle
01:30 PM Revision 555e75fe: Zabbix 2.2 packages are gone
Renato Botelho
01:00 PM Feature #9302: radvd always advertises DNS servers and Domain Search List regardless of M or O flag
Jim Pingle wrote:
> Yes, it should be a feature request (which I just changed). It should be made optional, off by d... Rick Coats
12:29 PM Feature #9302: radvd always advertises DNS servers and Domain Search List regardless of M or O flag
Yes, it should be a feature request (which I just changed). It should be made optional, off by default, and have a se... Jim Pingle
11:55 AM Feature #9302: radvd always advertises DNS servers and Domain Search List regardless of M or O flag
Shouldn't this be changed to a Feature Request?
The Requestor has not shown any documentation that this is a bug. ... Rick Coats
10:08 AM Feature #9302 (Pull Request Review): radvd always advertises DNS servers and Domain Search List regardless of M or O flag
Jim Pingle
10:08 AM Bug #9893 (Duplicate): RDNSS is broken in 2.5 for Android and leightweight Clients
Rather than duplicate the info, let's keep all this on #9302 since it's the same issue. Jim Pingle
08:27 AM pfSense Packages Feature #9875 (Feedback): add extra engines safe search
PR has been merged. Thanks! Renato Botelho
07:59 AM pfSense Packages Bug #8258 (Feedback): BIND responds with SERVFAIL when adding/changing records if 'allow-update' is configured for a zone
PR has been merged. Thanks! Renato Botelho
07:54 AM pfSense Packages Bug #9850 (Feedback): show huperscan option only for x86 arch
PR has been merged. Thanks! Renato Botelho

11/12/2019

07:46 PM Bug #9893: RDNSS is broken in 2.5 for Android and leightweight Clients
We are just going to have to disagree then because multiple RFC's say the same thing. I have been writing and reading... Rick Coats
05:07 PM Bug #9893: RDNSS is broken in 2.5 for Android and leightweight Clients
The extract that you've posted is in Section 1.2 which immediately follows Section 1.1 (which describes how RDNSS in ... Elbin Teh
01:17 PM Bug #9893: RDNSS is broken in 2.5 for Android and leightweight Clients
You need to read to the end of RFC 8106. Section 1 is the rational why RDNSS was added to the Router Announcements.
... Rick Coats
01:28 AM Bug #9893: RDNSS is broken in 2.5 for Android and leightweight Clients
While this is convenient to you as you have a dynamic prefix, there are some situations where this might not be desir... Elbin Teh
04:57 PM Feature #9302: radvd always advertises DNS servers and Domain Search List regardless of M or O flag
The extract that you've posted is in Section 1.2 which immediately follows Section 1.1 (which describes how RDNSS in ... Elbin Teh
12:58 PM Feature #9302: radvd always advertises DNS servers and Domain Search List regardless of M or O flag
Elbin Teh wrote:
> Agreed it would be the responsibility of the network administrator to configure RDNSS or DNSSL or... Rick Coats
01:32 AM Feature #9302: radvd always advertises DNS servers and Domain Search List regardless of M or O flag
Agreed it would be the responsibility of the network administrator to configure RDNSS or DNSSL or disable them comple... Elbin Teh
03:21 PM Revision c2517ce8: Fix #3743: Allow OpenVPN keepalive configuration
- Remove hardcoded 'keepalive 10 60' configuration
- Added 'inactive seconds' option
- Let user configure 'keepalive ... Renato Botelho
03:02 PM Revision e5c893cd: Show DNS server help when server list is empty
(cherry picked from commit 05025e63edf9f85b679de8f99d38d6600e8ad5e3) Steve Beaver
03:02 PM Revision 772e21e0: Allow packet capture to match IPv4+IPv6 CARP. Fixes #9867
(cherry picked from commit b86891b1d5d62d30bc8f1bf3a7fdfee7030ed82b) Jim Pingle
03:02 PM Revision 58b2334f: Add clientAuth EKU to Server type certificates. Fixes #9868
(cherry picked from commit 46869dd2b5ebf32e8297d65f98444fb38d314336) Jim Pingle
03:02 PM Revision 88677f87: Suppress errors from touch when marking GW down. Fixes #9851
(cherry picked from commit 83794361b7135aaef4e47b35bd27df7da6ce023c) Jim Pingle
03:02 PM Revision f6323615: Use full path since this pkg prefix is /usr
(cherry picked from commit 14d49fba46389e3f90d26c6316044dfb52f98fc9) Renato Botelho
03:02 PM Revision 123c3cbf: Fix #9612: Run fsck -z once during upgrade
(cherry picked from commit 7373049764f144b2ea7c891bd60760ab64b41160) Renato Botelho
03:01 PM Revision db95c2d8: Only redirects the user to the default page if no specific page page was set in the querystring
(cherry picked from commit 57b2f31714a77d86e51e09758e20da372c224826) bechaire
03:01 PM Revision c9451253: making sure my tabs align with upstream
(cherry picked from commit 7e114786e63619aaf803a5db33c55a92e2b34123) James Lavoy
03:01 PM Revision 168d3972: adjust GEOM rebuild notifications to only notify the user when raid rebuild hits 25% increments
When a geom rebuild is occurring, this script by default notices that the device status has changed every time the re... James Lavoy
03:01 PM Revision 30ca068b: Add search/filter to DHCP/DHCPv6 leases, ARP, and NDP. Implements #9791
(cherry picked from commit 9297ad6504618c5ffcee9f8fe02535cb33f570c9) Jim Pingle
03:01 PM Revision 076a82d1: Removed escaping of CSS classes
(cherry picked from commit c8954c9f0957264a0287d3591b44fab5d52d0998) Sebastian Fiebig
03:00 PM Revision 46c976a9: Initialize JSON data to avoid warning.
Avoid warning/error for not initialized JSON variable.
(cherry picked from commit 6f2192d44689066e55cb7af6d19323edfc... Sebastian Fiebig
03:00 PM Revision 66a1eb93: Fix malformed JSON
Fix malformed JSON using json_encode().
(cherry picked from commit a9941bf65f82bd0a5491c693a55bc2163a43676d) Sebastian Fiebig
03:00 PM Revision 44a87108: Fix OpenVPN keepalive default values. Fixes #3473
(cherry picked from commit 99d7e8c10e96e6f22ad47973d07258cd02426fe6) Jim Pingle
02:55 PM Bug #9872: Error during build when compiling a non pfSense software
Noticed this error as well, thanks for finding the issue. I have incorporated your PR into my builds.
Maybe a low... Ronald Schellberg
02:17 PM Revision 05025e63: Show DNS server help when server list is empty
Steve Beaver
10:06 AM Bug #9533: XG-7100 FAT config restore not working post-install
Revisiting this after hitting it on another system. Adding the following to loader.conf (or loader.conf.local) allows... Steve Wheeler
06:57 AM Todo #9868 (Resolved): Add clientAuth EKU to Server type certificates
Jim Pingle
02:57 AM Todo #9868: Add clientAuth EKU to Server type certificates
Jim Pingle wrote:
> Applied in changeset commit:46869dd2b5ebf32e8297d65f98444fb38d314336.
Tested on 2.5.0.a.20191... Viktor Gurov

11/11/2019

06:19 PM Feature #9302: radvd always advertises DNS servers and Domain Search List regardless of M or O flag
Elbin Teh wrote:
> Hi,
>
> I did some more research and investigation on this, and on further thought I think thi... Rick Coats
05:36 PM Feature #9302: radvd always advertises DNS servers and Domain Search List regardless of M or O flag
Hi,
I did some more research and investigation on this, and on further thought I think this needs to be revisited.... Elbin Teh
04:56 PM Feature #9302: radvd always advertises DNS servers and Domain Search List regardless of M or O flag
If you look at the last paragraph of the blog from 2012 that you referenced:
"One thing to note, I have found that... Rick Coats
04:11 PM Feature #9302: radvd always advertises DNS servers and Domain Search List regardless of M or O flag
Elbin Teh wrote:
> I totally agree that when using "M" mode that RDNSS should not be disabled.
>
> In fact, the ... Rick Coats
05:10 PM Bug #9893 (Duplicate): RDNSS is broken in 2.5 for Android and leightweight Clients
Version of PfSense under Test:
2.5.0-DEVELOPMENT (amd64)
built on Sun Nov 10 20:08:03 EST 2019
FreeBSD 12.0-RELEAS... Rick Coats

11/10/2019

10:35 AM Feature #9843 (Resolved): allow to generate cert/csr with ECDSA key
Jim Pingle
04:40 AM Feature #9843: allow to generate cert/csr with ECDSA key
Jim Pingle wrote:
> PR has been merged
Tested on 2.5.0.a.20191109.1723
Resolved Viktor Gurov
10:35 AM Feature #9825 (Resolved): Requirements for trusted certificates in iOS 13 and macOS 10.15
Jim Pingle
04:37 AM Feature #9825: Requirements for trusted certificates in iOS 13 and macOS 10.15
Tested on 2.5.0.a.20191109.1723
Change default GUI cert lifetime to 825 days - OK
Add notes on CA/Cert pages abo... Viktor Gurov
10:35 AM Bug #9867 (Resolved): Packet Capture IPv6 rejects all packets if CARP type is set in Protocol field
Jim Pingle
07:37 AM Feature #9891 (Resolved): QLogic 10 Gigabit Ethernet driver (qlxgb)
It seems that *qlxgb* driver is not compiled on pfSense,
see https://forum.netgate.com/topic/139931/hp-qlogic-nc523s... Viktor Gurov
03:26 AM pfSense Packages Feature #9874: safesearch enforcing
PR updated with Firefox DoH blocking support
(see https://forum.netgate.com/topic/133679/heads-up-be-aware-of-truste... Viktor Gurov

11/09/2019

11:55 PM Bug #9867: Packet Capture IPv6 rejects all packets if CARP type is set in Protocol field
Jim Pingle wrote:
> Applied in changeset commit:b86891b1d5d62d30bc8f1bf3a7fdfee7030ed82b.
Tested on 2.5.0.a.20191... Viktor Gurov
10:29 PM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries
Jim Pingle wrote:
> John K wrote:
> > What's the status here? Has Netgate been able to reproduce this issue?
>
... Gavin Stewart
02:04 PM pfSense Packages Feature #6022: Consider MLVPN for bonded VPN
https://forum.netgate.com/topic/144050/multi-wan-bonding-150
Added my 2 cents to the forum post, and added $100 to... James Tandy
02:59 AM pfSense Packages Feature #9874: safesearch enforcing
https://github.com/pfsense/FreeBSD-ports/pull/701 Viktor Gurov

11/08/2019

01:03 PM Feature #4632: Support for Multipath TCP (MPTCP)
+1 Bouke Henstra
11:04 AM pfSense Packages Feature #9890 (Needs Patch): Improves Network Quality on a High-latency Lossy Link by using Forward Error Correction
Jim Pingle
11:02 AM pfSense Packages Feature #9890 (Needs Patch): Improves Network Quality on a High-latency Lossy Link by using Forward Error Correction
Network packet loss occurs frequently on long-distance international networks. like: use openvpn gre so on.
I think ... yon Liu
11:01 AM Bug #9889 (Resolved): Cannot validate Certificates against Certificate Revocation Lists for Intermediate Certificate Authorities
Adding this for tracking, but I don't think it's a bug in pfSense or FreeBSD, but OpenSSL itself. It could potentiall... Jim Pingle
09:51 AM pfSense Packages Bug #9888 (Feedback): ACME output sent to browser without encoding
Fixed in ACME package version 0.6.3_1
https://github.com/pfsense/FreeBSD-ports/commit/a6f443cde51e7fcf17e51f16014d... Jim Pingle
09:46 AM pfSense Packages Bug #9888 (Resolved): ACME output sent to browser without encoding
ACME issue/renew output is sent directly to the browser without encoding. In some cases, user input may be included i... Jim Pingle
05:11 AM pfSense Packages Feature #9885 (Resolved): OpenVPN client 2.4.8 update
Renato Botelho
03:29 AM pfSense Packages Feature #9885: OpenVPN client 2.4.8 update
Hi!
Works.
Thanks!
Regards,
G Greg M
03:33 AM Feature #6240: vxlan driver
+1 Gianluca Semprini

11/07/2019

04:50 PM Revision b8b33a3e: Use more accurate date calculations for CA/Cert operations.
Otherwise calculations could fail on ARM Jim Pingle
04:49 PM Revision 26c4679b: Lower default cert expire days to 28.
At 30 days, an ACME cert may not have triggered automatic renewal yet,
so it would warn unnecessarily. Jim Pingle
09:58 AM pfSense Packages Bug #9886 (Rejected): Open-VM-Tools 10.1.0_2,1 on ESXi 6.5 causes gateway disconnects
This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
09:50 AM Bug #6801: Rule separators are moving when multiple firewall rules are deleted together
I couldn't reproduce the exact same bug stated here, but I did manage to reproduce a similar one. I opened #9887 and ... Jim Pingle
02:18 AM Bug #6801: Rule separators are moving when multiple firewall rules are deleted together
It seems that the bug has returned, as I just had this exact issue when deleting multiple firewall rules with version... Max Frames
09:49 AM Bug #9887 (Resolved): Rule separator positions change when deleting multiple rules
When deleting rules around a separator at the end of the ruleset, separator positions can change unintentionally. Sim... Jim Pingle
08:36 AM pfSense Packages Bug #8454: Arpwatch package break email notifications from other sources
Hi, is there a chance this problem will be fixed? Christian Rhomberg

11/06/2019

08:59 PM Revision 96773352: Add edit screen for Certificate entries.
* Allows editing the name/descr. Implements #7861
* Adds a (not stored) password field and buttons for exporting encr... Jim Pingle
06:16 PM Revision f0b38e39: CA/Cert optimizations
* Actions are now by refid rather than array index, which is more
accurate and not as prone to being affected by para... Jim Pingle
03:10 PM Feature #1192 (Feedback): Certificate Manager - Ability to Encrypt Private Keys When Exporting
Applied in changeset commit:967733529244944d751003517a1e42fba1b29c07. Jim Pingle
02:31 PM Feature #1192 (In Progress): Certificate Manager - Ability to Encrypt Private Keys When Exporting
Jim Pingle
03:10 PM Feature #7861 (Feedback): Make "Descriptive name" of certificates editable
Applied in changeset commit:967733529244944d751003517a1e42fba1b29c07. Jim Pingle
02:31 PM Feature #7861 (In Progress): Make "Descriptive name" of certificates editable
Jim Pingle
02:29 PM pfSense Packages Feature #9871 (Resolved): Snort - User Forced Disabled Rules Ordering
Jim Pingle
01:58 PM pfSense Packages Feature #9871: Snort - User Forced Disabled Rules Ordering
This ticket can be closed as "RESOLVED". Column sorting is now available on the RULES tab in the DEVEL and RELEASE br... Bill Meeks
02:10 PM pfSense Packages Bug #9740 (Feedback): empty Status / Tinc VPN page on latest 2.5
PR has been merged. Thanks! Renato Botelho
02:10 PM pfSense Packages Bug #9860 (Feedback): Illegal string offset 'config' in /usr/local/pkg/tinc.inc on line 83
PR has been merged. Thanks! Renato Botelho
08:08 AM pfSense Packages Feature #9885 (Feedback): OpenVPN client 2.4.8 update
OpenVPN Client Export package version 1.4.19 is up with Windows installers for OpenVPN 2.4.8 (Win10 and Win7) Jim Pingle
07:23 AM pfSense Packages Feature #9885: OpenVPN client 2.4.8 update
Hi!
Yes, I was reffering to client in the export page. Sorry for confusion :) Greg M
07:16 AM pfSense Packages Feature #9885: OpenVPN client 2.4.8 update
I do not see anything in the changelog that makes it compelling to rush a move on the base/FreeBSD side of things. We... Jim Pingle
02:30 AM pfSense Packages Feature #9885 (Resolved): OpenVPN client 2.4.8 update
Hi!
Since OpenVPN 2.4.8 has been released it would be nice to include it in all branches of pfsense.
Thanks! Greg M
03:35 AM pfSense Packages Bug #9886 (Rejected): Open-VM-Tools 10.1.0_2,1 on ESXi 6.5 causes gateway disconnects
I run pfSense 2.4.4 on ESXi 6.5 on a 2010 Mac Mini.
After updating Open-VM-Tools to 10.1.0_2,1 I started getting ... Tim Preston

11/05/2019

11:18 PM pfSense Packages Feature #9871: Snort - User Forced Disabled Rules Ordering
I've added sortable columns to the RULES tab. You can now sort on all of the columns except *State* (that is an icon)... Bill Meeks
09:50 PM Revision ecb594d0: Use central download function
Reduce duplicated/inconsistent code by using the new download function. Jim Pingle
09:06 PM Revision 7e83055a: CA/Cert/CRL code optimizations
While here, use the new download function when exporting items Jim Pingle
09:04 PM Revision 1342f80f: Add central file download function for use throughout the GUI.
Jim Pingle
04:31 PM Revision a6bd9e78: Validate CA/CRL serial input. Issue #9883 Issue #9869
Jim Pingle
01:32 PM Revision a9769a8c: Update privilege definitions
Jim Pingle
01:32 PM Revision d5a222cc: Update privilege definitions
Jim Pingle
07:54 AM Feature #9884: Add support for OpenVPN --x509-username-field
That is true, but it doesn't seem to affect "plugin /usr/local/lib/openvpn/plugins/openvpn-plugin-auth-script.so /usr... Florian Apolloner
07:47 AM Feature #9884: Add support for OpenVPN --x509-username-field
We currently force on username-as-common-name so I don't think you could override that behavior with this new option ... Jim Pingle
07:41 AM Feature #9884: Add support for OpenVPN --x509-username-field
Sorry, I realized that it's not a bug immediately after clicking save, but I cannot edit anything :/
> Even if it ... Florian Apolloner
07:21 AM Feature #9884: Add support for OpenVPN --x509-username-field
This isn't a bug, but a missing feature. Even if it is enabled, it would still need GUI code to configure the behavio... Jim Pingle
05:20 AM Feature #9884 (Resolved): Add support for OpenVPN --x509-username-field
The openvpn shipped with pfsense has enable_x509_alt_username=no as compilation option. It would be great if that cou... Florian Apolloner

11/04/2019

07:30 PM Revision 3a877e4a: Enforce a max lifetime for CA/Cert/CRL. Issue #3956
Jim Pingle
07:02 PM Revision 2c9601c9: Add support for randomized cert serial numbers. Implements #9883
Jim Pingle
06:21 PM Feature #4821: PPPoE WANs do not take full advantage of NIC driver queues for receiving traffic
Interestingly I appear to have rss working on pppoe using igb driver.
the tx is very misbalanced about 10:1 but rx... Chris Collins
04:38 PM Feature #7537 (Feedback): Include mellanox mlx4 and mlx5 ethernet driver
Next round of snapshots will have mlx4en/mlx5en support built in pfSense kernel Renato Botelho
02:59 PM Feature #7537 (In Progress): Include mellanox mlx4 and mlx5 ethernet driver
Renato Botelho
03:26 PM Bug #3956: Check for invalid CA on generating new certificate
It looks good.
Thx. Grischa Zengel
02:51 PM Bug #3956 (Feedback): Check for invalid CA on generating new certificate
It should be good now with the checks I added earlier today. Jim Pingle
09:16 AM Bug #3956: Check for invalid CA on generating new certificate
Grischa Zengel wrote:
> On import you should check the limits too.
That won't matter. Since the CA fails to parse... Jim Pingle
08:47 AM Bug #3956: Check for invalid CA on generating new certificate
On import you should check the limits too. Grischa Zengel
07:59 AM Bug #3956 (In Progress): Check for invalid CA on generating new certificate
I tried a few large but more sane values and I'd say around 12000 is probably the highest lifetime we should allow fo... Jim Pingle
07:51 AM Bug #3956: Check for invalid CA on generating new certificate
If you use a lifetime that long, the CA is generated, but nothing can parse it properly (not even OpenSSL at the CLI)... Jim Pingle
01:35 PM Revision a6487fc8: CRL Fixes
* Correct a PHP error in non-edit CRL actions. Fixes #9879
* Correct display of revoke by serial options when the CRL... Jim Pingle
01:10 PM Feature #9883 (Feedback): Allow CAs to use randomized serials when signing
Applied in changeset commit:2c9601c978589f34089f25cc7569ed67dbbc37e8. Jim Pingle
01:02 PM Feature #9883 (Resolved): Allow CAs to use randomized serials when signing
Various guidelines suggest using randomized serial numbers when signing certificates, rather than using sequential nu... Jim Pingle
12:15 PM Feature #9882 (Duplicate): Alias feature request
Duplicate of #1979 Jim Pingle
12:14 PM Feature #9882 (Duplicate): Alias feature request
Hi, I'm using pfsense for over two years and i have to say that it is a great product!
Thank you for your effort!
I... Federico Galli
07:45 AM Bug #9879 (Feedback): PHP Warning: count(): Parameter must be an array or an object that implements Countable in /usr/local/www/system_crlmanager.php
Applied in changeset commit:a6487fc84dc85113354730ffe7f1d4a1141cf0c5. Jim Pingle
07:13 AM Bug #9881 (Duplicate): Traffic Graphs
Almost certainly a duplicate of #9566 Jim Pingle
12:26 AM Bug #9881 (Duplicate): Traffic Graphs
Hello
The problem is that at the same time, the graphs from the dashboard and the status section show different valu... Andrey Kirilov

11/03/2019

05:16 PM pfSense Packages Todo #9880 (Pull Request Review): Remove Zabbix 2.2 Packages
Jim Pingle
04:30 PM pfSense Packages Todo #9880: Remove Zabbix 2.2 Packages
https://github.com/pfsense/FreeBSD-ports/pull/696
https://github.com/pfsense/pfsense/pull/4110 Danilo Baio
04:29 PM pfSense Packages Todo #9880 (Resolved): Remove Zabbix 2.2 Packages
End of life was August, 2019.
Ports will expire after November, 30 on FreeBSD.
https://svnweb.freebsd.org/ports?vie... Danilo Baio
05:09 PM Revision 7997506f: Update globals.inc
vktg
05:08 PM Revision e15ceee7: fixes
vktg
04:58 PM Revision 783e9a2a: Update globals.inc
vktg
04:57 PM Revision 703018ad: Update guiconfig.inc
vktg
02:55 PM Revision 2fc1e9a2: successful connection
Viktor Gurov
02:34 PM Revision 12deb411: more
Viktor Gurov
01:45 PM Revision 0265d4f9: first steps
Viktor Gurov
11:25 AM Feature #2358: NAT64 support
Bipin Chandra wrote:
> UPVOTE - we need this feature desperately and if this isn't coming then it will be a deciding... Dmitri Toubelis
12:37 AM Feature #2358: NAT64 support
UPVOTE - we need this feature desperately and if this isnt coming then it will be a deciding point for us to move to ... Bipin Chandra
10:27 AM Bug #9879 (Resolved): PHP Warning: count(): Parameter must be an array or an object that implements Countable in /usr/local/www/system_crlmanager.php
Crash report begins. Anonymous machine information:
amd64
12.0-RELEASE-p10
FreeBSD 12.0-RELEASE-p10 42c493096e7... Travis Scotts
09:26 AM Feature #9878 (Pull Request Review): IPsec PKCS#11 authentication
Jim Pingle
09:20 AM Feature #9878: IPsec PKCS#11 authentication
https://github.com/pfsense/pfsense/pull/4109 Viktor Gurov
09:19 AM Feature #9878 (Resolved): IPsec PKCS#11 authentication
Add ability to select and configure PKCS#11 RSA authentication in WebGUI
you need to install packages: ccid-1.4.30... Viktor Gurov
04:48 AM pfSense Packages Feature #9874: safesearch enforcing
* *DuckDuckGo*: duckduckgo.com CNAME safe.duckduckgo.com (54.229.105.151)
see https://help.duckduckgo.com/duckduckgo... Viktor Gurov

11/02/2019

10:51 AM pfSense Packages Feature #9044: Add SoftEther
Yes, softether seems to be a descent option for openvpn and is discussed on many forums incl. its installation on pfs... Stan Odd
10:44 AM Bug #9577: radvd send_ra_forall failed on interface / can't join ipv6-allrouters
Ronald Schellberg wrote:
> I can confirm tomorrow, as it would stop working for me after about 24 hours.
>
> I ... Ronald Schellberg
08:53 AM pfSense Packages Feature #9875 (Pull Request Review): add extra engines safe search
Jim Pingle
06:16 AM pfSense Packages Feature #9875: add extra engines safe search
https://github.com/pfsense/FreeBSD-ports/pull/695 Viktor Gurov
06:14 AM pfSense Packages Feature #9875 (Resolved): add extra engines safe search
qwant.com keys from https://github.com/serv-inc/safe-search
rambler.ru keys from help page https://help.rambler.ru/r... Viktor Gurov
08:48 AM Bug #3956: Check for invalid CA on generating new certificate
Meanwhile this bug doesn't exist like described.
I think I created a CA with pfsense and a high life time (100 yea... Grischa Zengel
08:03 AM Feature #9877 (Resolved): QEMU Guest Agent
Add QEMU Guest Agent to base system or as extra package
https://github.com/aborche/qemu-guest-agent
Makefile patc... Viktor Gurov
07:38 AM Feature #9876 (New): PFsense on KVM: Web interface hint to disable "Hardware Checksum Offloading"
According to
https://docs.netgate.com/pfsense/en/latest/virtualization/virtio-driver-support.html
it is necessary ... thal unil
05:33 AM pfSense Packages Feature #9874 (Resolved): safesearch enforcing
Add ability to force safesearch via special DNS entries.
* *Google*: 216.239.38.120 google.com
see https://suppor... Viktor Gurov

11/01/2019

08:14 PM Revision 63fb68d7: CRL management overhaul
* Allow revoking by serial number or cert. Implements #9869
* Allow revoking multiple entries at a time. Implements #... Jim Pingle
06:51 PM Bug #9873 (Resolved): Switching the System Update to Development renders the system unbootable
If you select Development Snapshots branch in System > Update > Update Settings and then switch back to the Latest St... Steve Wheeler
03:20 PM Feature #3258 (Feedback): Allow multiple certificates to be revoked in a single step
Applied in changeset commit:63fb68d71384d3b819bb87fbbef28507b5330955. Jim Pingle
03:20 PM Feature #9869 (Feedback): Allow CRL entries to be made by serial number
Applied in changeset commit:63fb68d71384d3b819bb87fbbef28507b5330955. Jim Pingle
03:17 PM Feature #1268: Allow mass renewing of certs
I've investigated a couple different ways to do this and didn't really care for how any of them turned out. Trying to... Jim Pingle
02:58 PM pfSense Packages Feature #9871: Snort - User Forced Disabled Rules Ordering
I believe I can add sortable columns (at least for some of the columns) so the RULES tab behaves the same as the ALER... Bill Meeks
05:08 AM pfSense Packages Feature #9871 (Resolved): Snort - User Forced Disabled Rules Ordering
Any chance of forcing the order GID then SID of the displayed rules, its a bit of a pain when your trying to audit wh... Andy Kniveton
11:42 AM Revision 13f6078b: Remove pfSense-upgrade move
A FL
10:05 AM Feature #2358: NAT64 support
UPVOTE here, put politics aside please, regardless if you hate NAT or not, this feature should at least be added.
... Chris Collins
06:53 AM Bug #9872 (Resolved): Error during build when compiling a non pfSense software
Hello,
I am facing a (non-critical) error when building non-pfSense software... A FL
12:11 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries
Art Manion wrote:
> Netgate SG-4860 running 2.4.4-RELEASE-p3 (amd64). At least twice I've experienced issues, I ass... Art Manion

10/31/2019

08:34 PM Revision 8d4663c1: Also refresh trust store when renewing. Issue #4068
Jim Pingle
08:28 PM Revision 7daab3d8: Add option to trust local CA entries. Implements #4068
Similar to closed PR #3558 from overhacked, but with a number of
changes. Jim Pingle
08:04 PM Revision e78fe74d: Make value of cert notify setting consistent with others. Issue #7332
Jim Pingle
06:40 PM Revision d1b23f75: Remove duplicate DHCP log block.
Jim Pingle
05:59 PM Revision b86891b1: Allow packet capture to match IPv4+IPv6 CARP. Fixes #9867
Jim Pingle
05:53 PM Bug #9870 (Not a Bug): DNS fails to resolve CNAME records
There is not enough information here to definitively say it's a bug and not a problem with your settings or elsewhere... Jim Pingle
05:13 PM Bug #9870 (Not a Bug): DNS fails to resolve CNAME records
I have a pfSense router (2.4.4-RELEASE-p3 using unbound Version 1.9.1) in a home environment and it is also serving a... Brian Saia
05:30 PM Revision 746c9afc: CA validity checks. Fixes #3956
Jim Pingle
05:23 PM Revision 46869dd2: Add clientAuth EKU to Server type certificates. Fixes #9868
Jim Pingle
05:12 PM Revision 71185882: Reduce default GUI cert lifetime to 825 days. Issue #9825
Jim Pingle
05:10 PM Revision 3f0b7bc3: Certificate strength improvements. Fixes #9825
* Change default GUI cert lifetime to 825 days
* Add notes on CA/Cert pages about using potentially insecure paramete... Jim Pingle
03:41 PM Feature #9869 (Resolved): Allow CRL entries to be made by serial number
CRL entries are made by serial number internally, but the only way to revoke in the GUI is to have the certificate im... Jim Pingle
03:40 PM Feature #4068 (Feedback): CAs present on CERT manager are not trusted from pfSense
Applied in changeset commit:7daab3d8dc4cc045db22925cccbde22c23083c03. Jim Pingle
03:28 PM Feature #4068 (In Progress): CAs present on CERT manager are not trusted from pfSense
Jim Pingle
01:05 PM Bug #9867 (Feedback): Packet Capture IPv6 rejects all packets if CARP type is set in Protocol field
Applied in changeset commit:b86891b1d5d62d30bc8f1bf3a7fdfee7030ed82b. Jim Pingle
08:03 AM Bug #9867: Packet Capture IPv6 rejects all packets if CARP type is set in Protocol field
A "silly" workaround might be renaming *CARP* in dropdown _Protocol_ list to *CARP IPv4*. Constantine Kormashev
08:02 AM Bug #9867: Packet Capture IPv6 rejects all packets if CARP type is set in Protocol field
It appears both are caught by "proto 112", so it might not be too difficult to solve that way. Jim Pingle
07:53 AM Bug #9867 (Resolved): Packet Capture IPv6 rejects all packets if CARP type is set in Protocol field
Packet Capture IPv6 rejects all packets if *CARP* type is set in *Protocol* field.
It might be an upstream issue.
... Constantine Kormashev
12:40 PM Bug #3956 (Feedback): Check for invalid CA on generating new certificate
Applied in changeset commit:746c9afc0e9bd632a8b7ee2f8cc2d63a0974dd88. Jim Pingle
12:28 PM Bug #3956 (In Progress): Check for invalid CA on generating new certificate
Unless we can get a copy of a certificate that shows the behavior, I don't see any problems here. I'm adding some pro... Jim Pingle
12:30 PM Todo #9868 (Feedback): Add clientAuth EKU to Server type certificates
Applied in changeset commit:46869dd2b5ebf32e8297d65f98444fb38d314336. Jim Pingle
10:46 AM Todo #9868 (Resolved): Add clientAuth EKU to Server type certificates
Some cases may require a server certificate to be used to authenticate a server (to client) and authenticate as a cli... Jim Pingle
12:15 PM Feature #7248: Web UI for IPSec settings should warn about poor security choices
This could probably use a similar technique to the one I implemented for Certificates on #9825
See commit:3f0b7bc3ae Jim Pingle
12:14 PM Feature #9825 (Feedback): Requirements for trusted certificates in iOS 13 and macOS 10.15
I just pushed changes that should fully address the remaining concerns here.
Once on a snapshot with these changes... Jim Pingle
11:56 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries
Vinicius DellAglio wrote:
> I just installed a brand new pfsense box and once I created an alias with an FQDN it did... John K
07:38 AM pfSense Packages Bug #9866 (Feedback): freeradius_view_config.php: File contents are displayed without encoding
Fixed in FreeRADIUS3 pkg version 0.15.7_3
https://github.com/pfsense/FreeBSD-ports/commit/30b22b6b0db7b73732a5da34... Jim Pingle
07:31 AM pfSense Packages Bug #9866 (Resolved): freeradius_view_config.php: File contents are displayed without encoding
freeradius_view_config.php reads and displays the contents of several FreeRADIUS-related files. The contents are disp... Jim Pingle
07:09 AM Feature #9865 (Needs Patch): DNS Forwarder Interfaces list should be a list of checkboxes
The DNS forwarder is no longer actively developed since it was replaced by the DNS Resolver. As such, it's unlikely t... Jim Pingle

10/30/2019

11:07 PM Feature #9865 (Needs Patch): DNS Forwarder Interfaces list should be a list of checkboxes
The DNS Forwarder Interfaces selection UI is too small, and as a multiple selection dropdown is very awkward to use w... Ben L
08:35 PM Revision e655d548: Fix whitespace
Jim Pingle
06:21 PM Revision 6729b786: Update default config to match current default/version.
Jim Pingle
06:11 PM Revision b5d2d8d8: Add daily certificate expiration notice. Issue #7332
Jim Pingle
06:09 PM Revision 4bbdd9b0: Add periodic framework to allow for daily/weekly/monthly tasks. Issue #7332
Jim Pingle
05:35 PM Revision ddcc83f2: Fix Cert expire threshold input validation to allow empty values.
Jim Pingle
05:26 PM Revision 7f3bc6b1: Set autocomplete=new-password for auth forms around the GUI. Implements #9864
(cherry picked from commit 659a8a26d12b75399063dae060fa32fa23751dbf) Jim Pingle
05:26 PM Revision 659a8a26: Set autocomplete=new-password for auth forms around the GUI. Implements #9864
Jim Pingle
04:26 PM Revision 83bf2511: Update diag_ping.php
Mix Room
04:23 PM Revision e00d0c0c: Update diag_ping.php
Mix Room
03:19 PM Revision 90661d90: Update diag_ping.php
As per comment. Hint left for sake of consistency. Mix Room
03:17 PM Bug #9646: OpenSSL 1.1.1 does not list engines for AES-NI or BSD crypto
For the sake of those Googling or searching for the error, the following message was showing up in the logs and on th... Jim Pingle
03:16 PM Bug #9646 (In Progress): OpenSSL 1.1.1 does not list engines for AES-NI or BSD crypto
Patch reverted after we see problems with it applied Renato Botelho
03:13 PM Revision 1ab01fee: Cert expire threshold input validation
Jim Pingle
02:07 PM Revision 0a6222e5: Update diag_ping.php
Mix Room
02:06 PM Revision fb228a34: Update diag_ping.php
Fix missing '$' Mix Room
02:00 PM Feature #9842 (Feedback): Add CA/certificate renewal function
This should be complete for now. I didn't add a CLI script, as it didn't seem necessary yet. On a related note, the G... Jim Pingle
01:56 PM Revision 88ccb45b: Update diag_ping.php
Mix Room
01:46 PM Revision 740e289b: Update diag_ping.php
Mix Room
01:40 PM Revision 2d0b01e0: Update diag_ping.php
Add support for setting wait period between pings Mix Room
01:24 PM Feature #7332 (Feedback): Provide certificate expiry warning
This is now implemented.
There is a GUI setting to enable/disable the expiration notifications, and they are on by... Jim Pingle
12:39 PM Revision b0790fc0: Add missing newline after Must Staple cert info.
Jim Pingle
12:35 PM Todo #9864 (Feedback): Set autocomplete=new-password for user/password fields in forms
Applied in changeset commit:659a8a26d12b75399063dae060fa32fa23751dbf. Jim Pingle
11:02 AM Todo #9864 (Resolved): Set autocomplete=new-password for user/password fields in forms
It looks like at least Firefox and Chrome current versions suppress autocomplete for usernames and passwords when usi... Jim Pingle
10:37 AM Feature #9863 (Duplicate): Ability to select multiple firewall rules and then toggle them all on (enabled) or off (disabled) with one click
Duplicate of #2505 Jim Pingle
10:19 AM Feature #9863 (Duplicate): Ability to select multiple firewall rules and then toggle them all on (enabled) or off (disabled) with one click
It would be nice, when doing a major rule overhaul (like I just had to do on multiple firewalls) or testing before/af... Max Frames
10:35 AM Feature #9862 (Pull Request Review): Add support for waiting between ping-packages on diag_ping.php
Jim Pingle
09:11 AM Feature #9862 (Resolved): Add support for waiting between ping-packages on diag_ping.php
I wanted to wait a longer time between sending pings. The diag_ping.php interface does not have support for this. Mix Room
10:09 AM pfSense Packages Bug #9860 (Pull Request Review): Illegal string offset 'config' in /usr/local/pkg/tinc.inc on line 83
Jim Pingle
09:27 AM pfSense Packages Bug #9860: Illegal string offset 'config' in /usr/local/pkg/tinc.inc on line 83
https://github.com/pfsense/FreeBSD-ports/pull/694 Viktor Gurov
07:22 AM pfSense Packages Bug #9860: Illegal string offset 'config' in /usr/local/pkg/tinc.inc on line 83
Probably because that array isn't fully initialized before use. It needs to be initialized at each level, not just th... Jim Pingle
01:46 AM pfSense Packages Bug #9860: Illegal string offset 'config' in /usr/local/pkg/tinc.inc on line 83
got this errors when Tinc Hosts is empty Viktor Gurov
01:44 AM pfSense Packages Bug #9860 (Resolved): Illegal string offset 'config' in /usr/local/pkg/tinc.inc on line 83
Crash report details:
PHP Errors:
[30-Oct-2019 08:46:07 Europe/Moscow] PHP Warning: Illegal string offset 'confi... Viktor Gurov
09:32 AM Bug #9577: radvd send_ra_forall failed on interface / can't join ipv6-allrouters
After several failed attempts at creating a 12.1 version, the process that worked was to create a new branch from pfS... Ronald Schellberg
07:17 AM Bug #9861 (Not a Bug): All traffic passing through OpenVPN even if redirect gateway unchecked
That is a configuration problem, not a bug. This site is not for support or diagnostic discussion.
For assistance ... Jim Pingle
02:38 AM Bug #9861 (Not a Bug): All traffic passing through OpenVPN even if redirect gateway unchecked
An OpenVPN has been configured on pfSense and working well, but I noticed that even the "Redirect IPv4 Gateway" is un... Nico .
06:22 AM Bug #9851 (Resolved): PHP error in logs
Renato Botelho
12:09 AM Bug #9851: PHP error in logs
Upgraded and the error is gone. Thank you. Florin Samareanu

10/29/2019

11:11 PM pfSense Packages Bug #9665 (Resolved): acme.sh deleting A record for domain along with TXT record for _acme-challenge
Jim Pingle
11:10 PM pfSense Packages Bug #9665: acme.sh deleting A record for domain along with TXT record for _acme-challenge
Sorry for the late response. But I can confirm that ACME 0.6 does fix the issue for me. This ticket can be closed now. Ronnie Thomas
08:56 PM Revision 38e7b336: Add settings to control certificate expiration notifications. Issue #7332
Note that the notices themselves do not yet exist. Those are still a
work in progress. Jim Pingle
06:45 PM Revision 93f1121f: Add certificate lifetime to infoblock. Issue #7332
* Adds the total lifetime and lifetime remaining before expiration to
the info block
* Adds a visual indication to th... Jim Pingle
01:47 PM Feature #7332 (In Progress): Provide certificate expiry warning
I do not think there will be a per-certificate setting for this (at least for now), but for starters I have added a v... Jim Pingle
08:59 AM Bug #9851: PHP error in logs
I gave a look at PHP source code and I have a doubt, what is the gateway name? Nano Caiordo
07:21 AM Bug #9851: PHP error in logs
If that were the case it would happen to everyone all the time, which isn't true. Also the order of operations is bac... Jim Pingle
06:15 AM Bug #9851: PHP error in logs
It might be a permission issue, php docs about file_exists() states: ... Nano Caiordo
08:45 AM Feature #5851: Add copy action to OpenVPN client / server
A huge benefit as ISPs seem to be starting to pick off VPN connections and blocking access to VPN servers that are se... PT Rich
07:16 AM Bug #9859 (Rejected): Memory exhaustion by hundreds of minicron and php-cgi processes.
There is not enough solid information here to classify this as an identifiable or reproducible bug. This site is not ... Jim Pingle
04:10 AM Bug #9859 (Rejected): Memory exhaustion by hundreds of minicron and php-cgi processes.
After repeated gateway failovers I noticed I wasn't able to login any more using https or ssh.
I would then get an e... Joel Linn
07:14 AM Bug #9646 (Feedback): OpenSSL 1.1.1 does not list engines for AES-NI or BSD crypto
I've cherry-picked that patch to 2.5.0. Thanks for pointing that out Renato Botelho
02:36 AM Bug #9646: OpenSSL 1.1.1 does not list engines for AES-NI or BSD crypto
discussion and patch in freebsd mailing list:
https://lists.freebsd.org/pipermail/freebsd-current/2018-December/0724... Viktor Gurov
07:11 AM Feature #9831 (Resolved): diag_packet_capture.php: print packet capture start time
Renato Botelho
12:04 AM Feature #9831: diag_packet_capture.php: print packet capture start time
Renato Botelho wrote:
> PR has been merged. Thanks!
Tested on 2.5.0.a.20191028.1847
Works, resolved Viktor Gurov
07:09 AM Feature #9766 (Resolved): diag_packet_capture.php: allow to input multiple tcp/udp ports
Renato Botelho
12:04 AM Feature #9766: diag_packet_capture.php: allow to input multiple tcp/udp ports
Renato Botelho wrote:
> PR has been merged. Thanks!
Tested on 2.5.0.a.20191028.1847
Works, resolved Viktor Gurov
02:51 AM Bug #9858 (Rejected): adding gateway
Hello,
There is not enough information here to consider this a bug. Please use https://forum.netgate.com for troub... Paighton Bisconer
02:27 AM Bug #9858 (Rejected): adding gateway
We have deployed pfsense VM on VMware ESXi, can communicate with pfsense gateway among the VMs, but outside VMs netwo... geetha subramani
02:07 AM Feature #9857 (New): IPsec Down/Up SMTP Notifications
Currently if Phase1 or Phase 2 go offline no SMTP notification is given. It will be very helpful to have them. Auto p... DRago_Angel [InV@DER]

10/28/2019

08:46 PM Revision b6196922: Show detailed infoblock on CA and Cert pages. Implements #9856
* Moved info block to common function
* Used that function on CA and Cert pages
* Added more information to the info ... Jim Pingle
03:55 PM Todo #9856 (Feedback): Add certificate detail infoblock to CA list
Applied in changeset commit:b61969226691bb776bf21f1c1121b41519ad5e22. Jim Pingle
03:42 PM Todo #9856 (Resolved): Add certificate detail infoblock to CA list
The certificate list has a nice infoblock that expands with more details about the certificate. This should also work... Jim Pingle
03:23 PM Revision 725c8134: Add packages to version string to support composite update
Steve Beaver
12:11 PM Revision 83794361: Suppress errors from touch when marking GW down. Fixes #9851
Jim Pingle
07:44 AM Bug #9855 (Resolved): CSRF error at login when clicking the 'sign in' button multiple times
When logging in, if a user clicks 'sign in' and then waits a moment and clicks 'sign in' again before the login compl... Jim Pingle
07:20 AM Bug #9851 (Feedback): PHP error in logs
Applied in changeset commit:83794361b7135aaef4e47b35bd27df7da6ce023c. Jim Pingle
07:14 AM Bug #9851: PHP error in logs
I've seen that happen before. Looks like a race condition of some sort since there is a test just before that checkin... Jim Pingle
05:13 AM pfSense Packages Bug #9854: pfBlockerNG Message: Allowed memory size of 536870912 bytes exhausted
... lexxai lexxai
05:11 AM pfSense Packages Bug #9854 (Closed): pfBlockerNG Message: Allowed memory size of 536870912 bytes exhausted
PHP ERROR: Type: 1, File: /usr/local/www/pfblockerng/pfblockerng_alerts.php, Line: 644, Message: Allowed memory size ... lexxai lexxai

10/27/2019

05:27 PM pfSense Docs Correction #9853 (Closed): Feedback on VPN — IPsec — Routing Internet Traffic Through a Site-to-Site IPsec VPN
*Page:* https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/routing-internet-traffic-through-a-site-to-site-ipsec-vp... Phil Six
10:50 AM pfSense Packages Bug #9849: NUT not starting as root? Isn't loading USB drivers?
I think I found a work-around. I went into the Services > UPS and then selected the UPS Settings tab. From there, cli... Ryan McCullough
10:12 AM Revision da77bc71: renamed click to select
Viktor Gurov
10:04 AM Feature #7467: Add iPhone/Android/Generic USB tethering support
Not sure why you keep pushing back the target, its 2 mins to add a few words to the kernel module build command and t... Chris Collins
09:37 AM pfSense Packages Feature #9852 (Resolved): show File-Store directory listing
add extra "Alert"-style page with File-Store directory listing
add download icon,
add “i” icon to check the sha25... Viktor Gurov
05:08 AM pfSense Packages Bug #9850: show huperscan option only for x86 arch
https://github.com/pfsense/FreeBSD-ports/pull/693 Viktor Gurov
02:21 AM Bug #9851 (Resolved): PHP error in logs
Hello,
After upgrading to 2.5.0-DEVELOPMENT (amd64) built on Mon Oct 21 20:52:27 EDT 2019 I get the following warn... Florin Samareanu

10/26/2019

06:23 PM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries
Jim Pingle wrote:
> John K wrote:
> > What's the status here? Has Netgate been able to reproduce this issue?
>
... Vinicius DellAglio
05:27 PM pfSense Packages Bug #9850 (Resolved): show huperscan option only for x86 arch
Hyperscan will run on x86 processors in 64-bit (Intel® 64 Architecture) and 32-bit (IA-32 Architecture) modes.
hid... Viktor Gurov
05:09 PM pfSense Packages Bug #9849 (Rejected): NUT not starting as root? Isn't loading USB drivers?
It looks like the NUT/UPS driver isn't loading the USB driver unless I pass the "-u root" parameter to the command:
... Ryan McCullough
04:55 PM pfSense Packages Feature #9848 (Closed): file-store retention limits
Add File-Store limit to clean captured files by total size or age Viktor Gurov
10:03 AM Revision a5a8e816: upstream upd
Viktor Gurov
10:00 AM Revision e6e64544: fix
Viktor Gurov
09:57 AM Revision 916b6353: fix
Viktor Gurov
09:56 AM Revision 8cdb5a5c: fix
Viktor Gurov

10/25/2019

11:44 PM Bug #9847 (Not a Bug): Periodic Crash
There isn't enough information here to classify it as a bug. Your ESX version is very old, which is likely a source o... Jim Pingle
09:19 PM Bug #9847 (Not a Bug): Periodic Crash
I'm experiencing periodic lockups (every 2-3 weeks).
This is pfSense 2.4.4-p3 running as VM on ESXi 5.5.0
I have ha... Denis Johnson
08:38 PM Revision 03a84081: Add GUI code and more backend for CA/Cert Renewal. Issue #9842
Jim Pingle
07:03 PM pfSense Packages Bug #9795: FRR add two or more ipv6 BGP Neighbors will system down
i test find this frr with openvpn happen issue, when frr use two ipv6 BGP Neighbors, then the issue will happen. yon Liu
04:05 PM Feature #9843 (Feedback): allow to generate cert/csr with ECDSA key
PR has been merged Jim Pingle
03:42 PM Feature #9842: Add CA/certificate renewal function
I just committed the GUI code for this plus some more backend functions. There are still a couple items left, but not... Jim Pingle
01:27 PM Revision dc56eafa: Merge pull request #4104 from vktg/geneckey
Jim Pingle
12:17 PM Feature #9309: Allow manual selection of IPsec IKE Pseudo-Random Function (PRF)
https://github.com/pfsense/pfsense/pull/4106 Viktor Gurov
09:14 AM Feature #6775: Strongswan PKCS#11 Support

Tested, with editing of ipsec.secrets, ipsec.conf and charon.conf
+ installing packages: ccid-1.4.30.txz, opensc-0... Viktor Gurov
08:05 AM pfSense Packages Bug #9846 (Feedback): pfBlockerNG log file download/clear lacks validation
Fix submitted by BBcan177 and committed.
https://github.com/pfsense/FreeBSD-ports/commit/38be8c32b1638b230310c0a54... Jim Pingle
07:51 AM pfSense Packages Bug #9846 (Resolved): pfBlockerNG log file download/clear lacks validation
The 'logfile' parameter in pfblockerng_log.php is not validated, and allows working on files outside of the expected ... Jim Pingle
06:04 AM Revision bc985fed: show the key type and related info in the per-cert info block
Viktor Gurov
02:58 AM Bug #9821: pfSense IPsec not reload configs on connectivity issues with DDNS
Jim Pingle wrote:
> IPsec with DDNS works fine for many users (myself included) -- you haven't presented any evidenc... DRago_Angel [InV@DER]

10/24/2019

08:59 PM Revision 14d49fba: Use full path since this pkg prefix is /usr
Renato Botelho
02:28 PM pfSense Packages Bug #9844 (Resolved): System_Patches 1.2_2 syntax error
Confirmed fixed. Jim Pingle
07:12 AM pfSense Packages Bug #9844 (Feedback): System_Patches 1.2_2 syntax error
Fix pushed. Jim Pingle
07:28 AM Bug #9845 (Not a Bug): diag_dump_states.php: can't use extended filter expressions
It's in the pfSense module:
https://github.com/pfsense/FreeBSD-ports/blob/devel/devel/php-pfSense-module/files/pfS... Jim Pingle
07:22 AM Bug #9845 (Not a Bug): diag_dump_states.php: can't use extended filter expressions
I can't filter expressions for grep-style queries, like "tcp 192.168 ESTABLISHED" or "icmp 172.16.0"
Only single val... Viktor Gurov
01:16 AM Bug #9837: ipv6 is not completely disabled on the interfaces
Manuel Piovan wrote:
> Do not configure IPv6 addresses with no link-local address by using
> ifconfig. It... Viktor Gurov
12:52 AM pfSense Packages Feature #9742: Print Patch ID in log while patching
fixes to PR:
https://github.com/pfsense/FreeBSD-ports/pull/692 Viktor Gurov

10/23/2019

08:23 PM Revision 9e80dd44: Add ca/certificate renew function backend (no GUI code yet). Issue #9842
Jim Pingle
08:06 PM pfSense Packages Bug #9844 (Resolved): System_Patches 1.2_2 syntax error
After install updated package System_Patches 1.2.2 it crashes
PATCH Menu is also GONE from system after update
Cr... Carlos Rocha
04:33 PM Revision ff5bc49c: spaces to tabs
Viktor Gurov
03:40 PM Revision 2d13c7fc: spaces to tabs
Viktor Gurov
03:34 PM Revision 3b9015b2: ARM checks
Viktor Gurov
03:27 PM Feature #9825: Requirements for trusted certificates in iOS 13 and macOS 10.15
Not a resolution, but a related note: I am adding code to renew certificates with an option to enforce these paramete... Jim Pingle
03:18 PM Feature #9842 (In Progress): Add CA/certificate renewal function
Second guessing the removal of deprecated subject items, since if the subject and key stay the same, then clients wou... Jim Pingle
02:57 PM Revision e0f8d364: fixes
Viktor Gurov
02:47 PM Revision de78ec77: Merge pull request #4086 from vktg/restartallwan
Renato Botelho
02:46 PM Revision b99b254e: Merge pull request #4103 from vktg/csreckey
Renato Botelho
02:46 PM Revision a1942bd3: Merge pull request #4101 from vktg/pcapstart
Renato Botelho
02:30 PM Bug #8179: Incorrect reverse DNS zone in DHCP server config for non-octet-aligned subnet mask
Yousif Hassan wrote:
> While the suggested code fix does in fact generate the more correct classless zone name, it... Yousif Hassan
01:34 PM Bug #9837: ipv6 is not completely disabled on the interfaces
be careful
https://www.freebsd.org/cgi/man.cgi?query=ifconfig&sektion=8&manpath=freebsd-release-ports#end
BUGS
... Manuel Piovan
12:37 PM pfSense Packages Bug #9740: empty Status / Tinc VPN page on latest 2.5
https://github.com/pfsense/FreeBSD-ports/pull/691
There is no /usr/local/sbin/clog in pfSense 2.5
using "cat" ins... Viktor Gurov
12:27 PM Revision 7df98f28: Add root warning to HA node sync privilege.
(cherry picked from commit 03b8b94ed86ca85510e7d00e035d30eab7e3a43b) Jim Pingle
12:26 PM Revision 03b8b94e: Add root warning to HA node sync privilege.
Jim Pingle
10:38 AM Feature #9771: diag_reboot.php: add ability to reroot and reboot with fsck to WebGUI
Jim Pingle wrote:
> It just hasn't made it into a Factory snapshot yet. It's already in the tree there.
additions... Viktor Gurov
09:47 AM Feature #9831 (Feedback): diag_packet_capture.php: print packet capture start time
PR has been merged. Thanks! Renato Botelho
09:47 AM Bug #9745 (Feedback): can't add ECDSA certificate key when signing CSR
PR has been merged. Thanks! Renato Botelho
09:47 AM Feature #9688 (Feedback): restartallwan - pfSsh.php script to restart all wan interfaces
PR has been merged. Thanks! Renato Botelho
09:40 AM pfSense Packages Feature #9824 (Feedback): Add support for DuckDuckGo's Safe Search
PR has been merged. Thanks! Renato Botelho
09:40 AM pfSense Packages Bug #9811 (Feedback): apcupsd - can not set BATTERYLEVEL and MINUTES to -1 although these are valid values
PR has been merged. Thanks! Renato Botelho
09:36 AM pfSense Packages Feature #9742 (Feedback): Print Patch ID in log while patching
PR has been merged. Thanks! Renato Botelho
09:36 AM pfSense Packages Feature #9521 (Feedback): Upgrade to HAProxy 1.9
PR has been merged. Thanks! Renato Botelho
09:29 AM pfSense Packages Bug #9836 (Feedback): OpenBGPD package deamon starts twice
PR has been merged. Thanks! Renato Botelho
08:46 AM Revision 68690e0d: initial version
Viktor Gurov
07:59 AM Feature #9843 (Pull Request Review): allow to generate cert/csr with ECDSA key
Jim Pingle
03:52 AM Feature #9843: allow to generate cert/csr with ECDSA key
https://github.com/pfsense/pfsense/pull/4104 Viktor Gurov
03:50 AM Feature #9843 (Resolved): allow to generate cert/csr with ECDSA key
Add ability to generate certificates/CSRs with ECDSA keys. Viktor Gurov
07:47 AM Revision 5a828267: cosmetic
vktg
07:45 AM Revision 4985c900: spaces
vktg
07:41 AM Revision ec2c7f75: touch() if action == Start
vktg
 

Also available in: Atom