Project

General

Profile

Activity

From 10/23/2019 to 11/21/2019

11/21/2019

04:43 PM Bug #9212 (Not a Bug): OpenVPN Client can't connect over IPv6 in "multihome"
OK, that does sound more like an OpenVPN or config issue. Jim Pingle
04:38 PM Bug #9212: OpenVPN Client can't connect over IPv6 in "multihome"
Oh, I totally forgot about this problem.
I finally found the solution and I think the problem comes from OpenVPN a... benoit moreau
03:16 PM Bug #9212 (Incomplete): OpenVPN Client can't connect over IPv6 in "multihome"
The description is a bit vague:
* Is pfSense the server in this scenario, or the client?
* If the client is not p... Jim Pingle
03:40 PM Feature #9884 (Feedback): Add support for OpenVPN --x509-username-field
Applied in changeset commit:efe83ab95d64d8d364d8a210d709fa49a551e718. Jim Pingle
03:32 PM Feature #9884: Add support for OpenVPN --x509-username-field
I'm not seeing any negative effects to enabling that build option, so it should be fine for testing. Jim Pingle
03:30 PM Bug #9327 (Feedback): Using the character "¤" in OpenVPN password field creates invalid config.xml
Applied in changeset commit:327ad811aa5f965ba805ea78f879c759ca0fdafa. Jim Pingle
03:22 PM Bug #9327: Using the character "¤" in OpenVPN password field creates invalid config.xml
Looks like the easiest fix is to CDATA escape that field. Jim Pingle
03:10 PM Bug #7840 (Feedback): OpenVPN 2.4 Server: Hide Interface when Protocol is Multihome
Applied in changeset commit:5a9dc1dc278c6c537bfd5289125607117ceb99df. Jim Pingle
02:55 PM Feature #7353 (Closed): Openvpn Logins page
On 2.5.0 there is a dedicated authentication log, which you could filter for OpenVPN and see most of what you are aft... Jim Pingle
02:48 PM Feature #7078: Allow reordering of client specific overrides in OpenVPN
While not a persistent reordering, I added sorting to the list in commit:41025f6094ed34406cdf23097656ea7cae4483ae
 Jim Pingle
02:47 PM Feature #4728 (Duplicate): Expose ``nopool`` server option in the OpenVPN Server GUI
This was duplicated by #7567 which was solved a couple years ago. Jim Pingle
02:43 PM Feature #3244: Check that OpenVPN tunnel network does not overlap any other subnet
Thinking about this a bit since I noticed the lack of validation when implementing #5851. It makes sense that an Open... Jim Pingle
02:28 PM pfSense Packages Feature #9874 (Pull Request Review): safesearch enforcing
Jim Pingle
03:24 AM pfSense Packages Feature #9874: safesearch enforcing
received email from Yandex support with the list of domains for redirection:... Viktor Gurov
02:27 PM pfSense Packages Feature #9916 (Pull Request Review): Check allow-transfer in custom option when the zone is slave
Jim Pingle
01:32 PM pfSense Packages Feature #9916 (Resolved): Check allow-transfer in custom option when the zone is slave
If i add custom option (allow-transfer) to my slave zone, bind exit with error, because say already defined this opti... Am1g0 B0y
01:50 PM Bug #9744 (Feedback): fatal error if ECDH Curve not default
Applied in changeset commit:bc3e78ab3dd4bffb89cb8d2533199e37f92fcbf2. Jim Pingle
01:20 PM Bug #7359 (Feedback): Status/OpenVPN Page Sorts Incorrectly
Applied in changeset commit:f467ea24cb3c3a98b370c2427ff1aa53d25f14a1. Jim Pingle
11:38 AM Feature #5851: Add copy action to OpenVPN client / server
Thank you! PT Rich
11:15 AM Feature #5851 (Feedback): Add copy action to OpenVPN client / server
Applied in changeset commit:d86c28bc833cdeb8eb90525d930ff81fa3738cc9. Jim Pingle

11/20/2019

03:00 PM Todo #9915 (Resolved): Convert OpenVPN to CAPath
While investigating #9889, I found that OpenVPN recently introduced a new style of specifying CA and CRLs in a single... Jim Pingle
02:44 PM Bug #4521: OpenVPN authentication and certificate validation fail due to size of data passed through ``fcgicli``
This is likely less of an issue now that emailAddress is no longer usable in the subject, but might still be hit with... Jim Pingle
02:29 PM Bug #9744: fatal error if ECDH Curve not default
If it works with the secp* curves then maybe we should filter the list like we have done for HTTPS and IPsec. At leas... Jim Pingle
01:16 PM Feature #9309 (Pull Request Review): Allow manual selection of IPsec IKE Pseudo-Random Function (PRF)
Jim Pingle
01:10 PM Feature #3718: radvd - enhancement proposal: ability to advertise routes and some fixes - patches attached
Can you submit this as a pull request on github, rather than attaching patches?
https://docs.netgate.com/pfsense/e... Jim Pingle
10:55 AM Bug #9801 (Feedback): VTI IPv6 addresses don't get assigned
Applied in changeset commit:1d9fbb716543110ac245e2749f8c06fc77480a77. Jim Pingle
10:47 AM Bug #9801 (In Progress): VTI IPv6 addresses don't get assigned
Jim Pingle
08:05 AM Bug #9577: radvd send_ra_forall failed on interface / can't join ipv6-allrouters
Ronald Schellberg wrote:
> On a side note, why has issue dropped from the 2.5 issue list????
It was never assigne... Jim Pingle

11/19/2019

02:21 PM Bug #9873: Switching the System Update to Development renders the system unbootable
If it can help. I was able to correct the issue by running:
ssh to pfsense
cd /usr/local/lib/php/
ln -s 2017071... Alex D
01:45 PM pfSense Packages Bug #9795: FRR add two or more ipv6 BGP Neighbors will system down
i try setup use openbgpd normarl work ipv6 with openvpn. so i think the frr sure has bugs. yon Liu
12:12 PM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries
Jim Pingle wrote:
> John K wrote:
> > What's the status here? Has Netgate been able to reproduce this issue?
>
... John K
10:50 AM Todo #9903 (Feedback): Rename IPsec "RSA" options to more generic "Certificate" options
Applied in changeset commit:d1f5587d48af48817336fdf8644ea7d7679cf037. Jim Pingle
09:15 AM Bug #9646: OpenSSL 1.1.1 does not list engines for AES-NI or BSD crypto
On my beyond 2.5 version (12.1 based), the devcryto patch applied, and after the devcrypto.ko is loaded:... Ronald Schellberg
04:57 AM Bug #9646: OpenSSL 1.1.1 does not list engines for AES-NI or BSD crypto
https://forum.netgate.com/topic/148171/openvpn-no-option-for-aes-ni/6
openssl speed -engine rdrand -evp aes-128-gc... yon Liu
07:59 AM Bug #9914 (Rejected): dhcp6c wont work on reboot, only after service restart
This doesn't appear to be a general issue with dhcp6c, but it may be specific to something in your settings or enviro... Jim Pingle
05:35 AM Bug #9914 (Rejected): dhcp6c wont work on reboot, only after service restart
The dhcp6c service is not working after a reboot, I have to restart the service to get it working. The log file has t... Seyfidin Hamraoui
07:51 AM Bug #3965: dhcp6c started before bridge configured at boot, preventing interface tracking
See also: #6529 Jim Pingle
07:51 AM Bug #6529 (Duplicate): dhcp6c fails to start with track6 on a bridge interface
Duplicate of #3965 Jim Pingle
05:55 AM Feature #7791 (Resolved): include /usr/bin/strings in core pfSense
Renato Botelho
12:10 AM pfSense Packages Feature #9913 (Resolved): Adding note Squid Traffic Managment Settings about feature limit
Squid Traffic Managment Settings mostly works with generic HTTP, so that, it may not work without HTTPS Interception ... Constantine Kormashev

11/18/2019

10:33 PM Feature #7791: include /usr/bin/strings in core pfSense
I can confirm that /usr/bin/strings gets included in new builds. Ronald Schellberg
11:00 AM Feature #7791 (Feedback): include /usr/bin/strings in core pfSense
Applied in changeset commit:6ecea21ad2b6b7912968fb1240ee5d32649bbdf1. Renato Botelho
10:29 AM Feature #7791: include /usr/bin/strings in core pfSense
If there an explicit non-plan for this to be addressed, could it be so noted? Royce Williams
09:30 PM Feature #9911 (Resolved): Show confirmation box before disconnecting PPPoE
Great, thanks for testing! Jim Pingle
09:19 PM Feature #9911: Show confirmation box before disconnecting PPPoE
I can confirm this patch works. Nice red button and it requests confirmation of the selection to disconnect. Ronald Schellberg
09:18 PM Feature #9911: Show confirmation box before disconnecting PPPoE
Hi Jim.
I've applied the patch and I'm happy to confirm that yes, it works perfectly!
I like the fact it's now RED ... Anonymous
03:28 PM Feature #9911: Show confirmation box before disconnecting PPPoE
You're welcome! Did you have a chance to test the patch? You should be able to apply commit 4193cc185ef55e2260dae4ff2... Jim Pingle
03:05 PM Feature #9911: Show confirmation box before disconnecting PPPoE
Unsure if it's appropriate to say "Thanks" in the bugtracker, but *thanks!!* Especially for such a prompt patch. App... Anonymous
01:45 PM Feature #9911 (Feedback): Show confirmation box before disconnecting PPPoE
Applied in changeset commit:b8b0c2a320166a3b5732354d35edad47d0f05a04. Jim Pingle
07:19 AM Feature #9911: Show confirmation box before disconnecting PPPoE
This should be as easy as changing the button from a warning class to a danger class, which automatically gets a JS c... Jim Pingle
12:11 AM Feature #9911 (Resolved): Show confirmation box before disconnecting PPPoE
The *Status->Interfaces* page (_status_interfaces.php_) is very useful for showing Interface details.
On systems tha... Anonymous
10:57 AM pfSense Packages Feature #9912 (New): add custom DPI to ntopng
hi, since you don't read a conf file at startup, could you add the -p parameter to the startup script and point it to... ROB VANHOOREN
07:54 AM Bug #9566: Traffic graph displays traffic incorrectly
See also #9910 which suggests it may be related to limiters, though this one mentions ALTQ. Jim Pingle
07:54 AM Bug #9910 (Duplicate): When using limiters, traffic on wan out is doubled
Duplicate of #9566 Jim Pingle
07:52 AM Feature #9909 (Pull Request Review): Add option to (dis)allow unauthenticated LDAP binds
Jim Pingle
07:46 AM Bug #9907 (Pull Request Review): Do not show incompatible ECDSA certs for DNS Resolver
Jim Pingle
07:40 AM Bug #9908 (Duplicate): hn0: driver does not support altq
Duplicate of #9647 Jim Pingle
07:39 AM Bug #9899 (Resolved): PHP Error: DateTime::diff() expects parameter 1 to be DateTimeInterface, bool given in /etc/inc/certs.inc on line 1958
OK, thanks for testing! Jim Pingle
07:35 AM pfSense Packages Feature #9906 (Pull Request Review): show ECDSA CAs and certs only with correct curves
Jim Pingle
07:33 AM Feature #9905 (Pull Request Review): ospf / ospv3 packet capture
Jim Pingle
07:17 AM Bug #9643: Limiters do not function properly on 2.5 snapshots
Nothing yet, but since we are rebasing on FreeBSD 12.1 soon, it will need to wait until after that happens. Jim Pingle
12:41 AM Bug #9643: Limiters do not function properly on 2.5 snapshots
Hi.
Any update on this one?
Thanks! Greg M
12:47 AM Bug #9646: OpenSSL 1.1.1 does not list engines for AES-NI or BSD crypto
This issue caught my eye, so I enabled the devcrypto patch on my version based on 12.1. On my VM, after loading the ... Ronald Schellberg

11/17/2019

03:12 PM Bug #9872: Error during build when compiling a non pfSense software
Another suggested edit to builder_common.sh would be to remove the console redirection on line 1717:
poudriere ... Ronald Schellberg
10:20 AM Bug #9910 (Duplicate): When using limiters, traffic on wan out is doubled
As title says.
Attached screenshot.
Can`t test on 2.5.0 as limiters on WAN on 2.5.0 kill all traffic. Greg M

11/16/2019

02:54 PM Feature #9909: Add option to (dis)allow unauthenticated LDAP binds
Pull Request : https://github.com/pfsense/pfsense/pull/4116 A FL
02:53 PM Feature #9909 (Resolved): Add option to (dis)allow unauthenticated LDAP binds
Hello,
Microsoft AD make the (stupid...) assumption that when an empty password is provided to the LDAP server, th... A FL
12:56 PM Bug #9908: hn0: driver does not support altq
Line 587?
https://github.com/pfsense/FreeBSD-src/blob/RELENG_2_5/sys/dev/hyperv/netvsc/if_hn.c Greg M
12:52 PM Bug #9908 (Duplicate): hn0: driver does not support altq
Hi!
Referenced from here: https://redmine.pfsense.org/issues/8954
I created loader.conf.local with this line in... Greg M
12:48 PM Bug #9899: PHP Error: DateTime::diff() expects parameter 1 to be DateTimeInterface, bool given in /etc/inc/certs.inc on line 1958
Hi.
Confirmed fixed.
Cert expired and it had end date. Greg M
08:41 AM Bug #9907 (Resolved): Do not show incompatible ECDSA certs for DNS Resolver
Do not show incompatible ECDSA certs for DNS Resolver
It is difficult to find EC curves supported by each DNS implem... Viktor Gurov
07:38 AM Bug #9745: can't add ECDSA certificate key when signing CSR
Jim Pingle wrote:
> I made a couple changes that might help here, but I don't have a cert/key made that way to test.... Viktor Gurov
03:05 AM pfSense Packages Feature #9906 (Resolved): show ECDSA CAs and certs only with correct curves
Do not show incompatible ECDSA CAs or certs for FreeRADIUS
same as https://redmine.pfsense.org/issues/9897
... Viktor Gurov
12:40 AM Feature #9905 (Resolved): ospf / ospv3 packet capture
Adds the ability to select OSPF in the protocol field
It can capture OSPF, OSPFv3 or both, depending of Address Fami... Viktor Gurov

11/15/2019

10:51 PM Bug #9904 (Rejected): Unable to edit DHCP interface PPPoE Password and confirmed password must match
It's your browser and/or password manager.
It should be solved by #9864, at least as much as possible.
If the b... Jim Pingle
08:30 PM Bug #9904 (Rejected): Unable to edit DHCP interface PPPoE Password and confirmed password must match
I am unable to edit an interface that is DHCP with the error showing that my PPPoE Password and confirmed password mu... Mathew Keith
03:13 PM Feature #4991: WebGUI does not support ECDSA certificates for IPSec Stage 1
I split the task of renaming the options/fixing the backend code to change from "RSA" to "Certificate" into a new iss... Jim Pingle
03:12 PM Todo #9903 (Resolved): Rename IPsec "RSA" options to more generic "Certificate" options
IPsec can use both RSA and ECDSA certificates, so we need to rename any IPsec Certificate-based authentication method... Jim Pingle
03:05 PM pfSense Packages Todo #9900: Status -> Monitoring -> Add View
Thanks Jim a "pkg upgrade -y pfSense-Status_Monitoring" fixed it.
[2.4.4-RELEASE][admin@pfsense]/root: pkg info -x... Andy Kniveton
07:24 AM pfSense Packages Todo #9900 (Duplicate): Status -> Monitoring -> Add View
Duplicate of #9681
See also: https://forum.netgate.com/topic/147819/cannot-create-new-monitoring-views/2 Jim Pingle
04:46 AM pfSense Packages Todo #9900 (Duplicate): Status -> Monitoring -> Add View
View names now seem to be forced lower case, seems odd as the default interface names are in upper case.
 Andy Kniveton
02:24 PM Bug #9267: dhclient does not handle protocol timeouts or script failures correctly
The change is included in FreeBSD 12.1. Once we move pfSense to FreeBSD 12.1 (which will happen before 2.5.0-RELEASE)... Jim Pingle
02:19 PM Bug #9267: dhclient does not handle protocol timeouts or script failures correctly
Any status on this? It pretty much breaks our router being able to handle power outages. Patrick Staton
12:00 PM pfSense Packages Feature #9902 (Resolved): add sticky filter for Alert Log please
hi, could the filter be made sticky?
it's not (as of 4.1.5_2)
thanks!
R.
*observed behaviour:*
services>... ROB VANHOOREN
10:35 AM Bug #9898 (Feedback): DNS over TLS hostname verification does not save
Applied in changeset commit:0d192133299b02efcb1db8f72bdce85a32a96631. Jim Pingle
07:46 AM Bug #9898: DNS over TLS hostname verification does not save
I can reproduce this, but only when the system in question is not Multi-WAN so the DNS server list does not show the ... Jim Pingle
10:16 AM pfSense Packages Bug #9740 (Resolved): empty Status / Tinc VPN page on latest 2.5

Tested on pfSense 2.5.0.a.20191114.1802
tinc 1.0.35_2
OK, Resolved Viktor Gurov
10:04 AM Bug #9745: can't add ECDSA certificate key when signing CSR
I made a couple changes that might help here, but I don't have a cert/key made that way to test. See commit:9dfd57c04... Jim Pingle
09:29 AM Bug #9745: can't add ECDSA certificate key when signing CSR
if key created without _-param_enc explicit_ option, everything is ok:... Viktor Gurov
08:24 AM Bug #9745: can't add ECDSA certificate key when signing CSR
Renato Botelho wrote:
> PR has been merged. Thanks!
Tested on 2.5.0.a.20191114.1802
CSR with key can be signed -... Viktor Gurov
10:00 AM Bug #9899 (Feedback): PHP Error: DateTime::diff() expects parameter 1 to be DateTimeInterface, bool given in /etc/inc/certs.inc on line 1958
Applied in changeset commit:1120b85cb2a275de3ffe337c4c3ac781c2ccfb9e. Jim Pingle
07:37 AM Bug #9899: PHP Error: DateTime::diff() expects parameter 1 to be DateTimeInterface, bool given in /etc/inc/certs.inc on line 1958
Do you have a CA or certificate in your list which has a missing end date?
If so, do you mind sharing the contents... Jim Pingle
12:45 AM Bug #9899 (Resolved): PHP Error: DateTime::diff() expects parameter 1 to be DateTimeInterface, bool given in /etc/inc/certs.inc on line 1958
Hi.
In latest snapshot there is:
Crash report begins. Anonymous machine information:
amd64
12.0-RELEASE-p1... Greg M
07:33 AM Todo #9897 (Resolved): Warn user when using incompatible ECDSA cert curves for WebGUI
I didn't put secp521r1 on the HTTP list for that reason. If it isn't widely compatible, it's best not to recommend it... Jim Pingle
01:35 AM Todo #9897: Warn user when using incompatible ECDSA cert curves for WebGUI

Make central functions to check and test ECDSA compatibility. Issue #9843
Filter incompatible certificates from be... Viktor Gurov
07:22 AM pfSense Packages Feature #9901 (Pull Request Review): show ECDSA CAs only with correct curves
Jim Pingle
05:22 AM pfSense Packages Feature #9901: show ECDSA CAs only with correct curves
https://github.com/pfsense/FreeBSD-ports/pull/709 Viktor Gurov
05:21 AM pfSense Packages Feature #9901 (Resolved): show ECDSA CAs only with correct curves
Do not show incompatible ECDSA CAs for Squid HTTPS/SSL Interception
same as https://redmine.pfsense.org/issues/9897 Viktor Gurov
07:22 AM pfSense Packages Todo #9158: Updates for Squid 4.x
Updated title. 2.5.0 snapshots are already using Squid 4.x (squid-4.8_1), but it may need adjustments to account for ... Jim Pingle
02:34 AM Feature #9896: Add poly1305-chacha20 to the TLSv1.2 cipher list in nginx
Jim Pingle wrote:
> Actually this appears to be unnecessary. It's already enabled by default for TLS 1.3, but that s... Viktor Gurov

11/14/2019

05:48 PM Bug #9898 (Resolved): DNS over TLS hostname verification does not save
Adding a DNS hostname to System>General settings is not being saved. The page reloads with the fields blank and the r... Mathew Keith
03:05 PM Feature #4991 (Feedback): WebGUI does not support ECDSA certificates for IPSec Stage 1
Applied in changeset commit:cffcf9bfaa1a054917d3427cbc7885b97db8902c. Jim Pingle
01:10 PM Feature #4991 (In Progress): WebGUI does not support ECDSA certificates for IPSec Stage 1
ECDSA keys do work with IPsec, but the OP is right that the key type in ipsec.secrets is incorrect. It needs a fix th... Jim Pingle
08:09 AM Feature #4991: WebGUI does not support ECDSA certificates for IPSec Stage 1
While support for ECDSA certificates is in 2.5.0, it needs tested with IPsec specifically to ensure it works.
Also... Jim Pingle
03:05 PM Todo #9897 (Feedback): Warn user when using incompatible ECDSA cert curves for WebGUI
Applied in changeset commit:cffcf9bfaa1a054917d3427cbc7885b97db8902c. Jim Pingle
01:10 PM Todo #9897 (In Progress): Warn user when using incompatible ECDSA cert curves for WebGUI
Jim Pingle
10:32 AM Todo #9897: Warn user when using incompatible ECDSA cert curves for WebGUI
https://github.com/pfsense/pfsense/pull/4113 Viktor Gurov
09:31 AM Todo #9897: Warn user when using incompatible ECDSA cert curves for WebGUI
Corrected title.
More discussion: https://forum.netgate.com/topic/148128/ecdsa-curve-certificates-on-2-5-0 Jim Pingle
08:18 AM Todo #9897: Warn user when using incompatible ECDSA cert curves for WebGUI
It works fine with the right curve. Only @prime256v1@ and @secp384r1@ will work from our list with TLS v1.3. See comm... Jim Pingle
08:16 AM Todo #9897 (Resolved): Warn user when using incompatible ECDSA cert curves for WebGUI
if you create ECDSA server cert ( https://redmine.pfsense.org/issues/9843 ) and set it to WebGUI HTTPS,
you got such... Viktor Gurov
10:46 AM Feature #3718: radvd - enhancement proposal: ability to advertise routes and some fixes - patches attached
I've tried to update the patch for version 2.4.4 here. Magnus Holmgren
10:02 AM Feature #3718: radvd - enhancement proposal: ability to advertise routes and some fixes - patches attached
Any interest in implementing this? I find it a bit lacking that the UI doesn't support configuring what routes to adv... Magnus Holmgren
10:18 AM Feature #9896 (Pull Request Review): Add poly1305-chacha20 to the TLSv1.2 cipher list in nginx
Actually this appears to be unnecessary. It's already enabled by default for TLS 1.3, but that scanner (nmap ssl-enum... Jim Pingle
08:02 AM Feature #9896 (Resolved): Add poly1305-chacha20 to the TLSv1.2 cipher list in nginx
as part of NGE
https://tools.ietf.org/html/rfc7905
test result (nmap):... Viktor Gurov
02:38 AM pfSense Packages Bug #9860 (Resolved): Illegal string offset 'config' in /usr/local/pkg/tinc.inc on line 83
tested on tinc 1.0.35_2
pfSense 2.5.0.a.20191113.1759
Resolved Viktor Gurov
12:16 AM pfSense Packages Bug #9895 (New): snort reinstallation failed
got such errors during snort pkg update:... Viktor Gurov

11/13/2019

11:23 PM Feature #4991: WebGUI does not support ECDSA certificates for IPSec Stage 1

can be closed
currently pfSense support ECDSA. see https://redmine.pfsense.org/issues/9843 Viktor Gurov
01:00 PM Feature #9302: radvd always advertises DNS servers and Domain Search List regardless of M or O flag
Jim Pingle wrote:
> Yes, it should be a feature request (which I just changed). It should be made optional, off by d... Rick Coats
12:29 PM Feature #9302: radvd always advertises DNS servers and Domain Search List regardless of M or O flag
Yes, it should be a feature request (which I just changed). It should be made optional, off by default, and have a se... Jim Pingle
11:55 AM Feature #9302: radvd always advertises DNS servers and Domain Search List regardless of M or O flag
Shouldn't this be changed to a Feature Request?
The Requestor has not shown any documentation that this is a bug. ... Rick Coats
10:08 AM Feature #9302 (Pull Request Review): radvd always advertises DNS servers and Domain Search List regardless of M or O flag
Jim Pingle
10:08 AM Bug #9893 (Duplicate): RDNSS is broken in 2.5 for Android and leightweight Clients
Rather than duplicate the info, let's keep all this on #9302 since it's the same issue. Jim Pingle
08:27 AM pfSense Packages Feature #9875 (Feedback): add extra engines safe search
PR has been merged. Thanks! Renato Botelho
07:59 AM pfSense Packages Bug #8258 (Feedback): BIND responds with SERVFAIL when adding/changing records if 'allow-update' is configured for a zone
PR has been merged. Thanks! Renato Botelho
07:54 AM pfSense Packages Bug #9850 (Feedback): show huperscan option only for x86 arch
PR has been merged. Thanks! Renato Botelho

11/12/2019

07:46 PM Bug #9893: RDNSS is broken in 2.5 for Android and leightweight Clients
We are just going to have to disagree then because multiple RFC's say the same thing. I have been writing and reading... Rick Coats
05:07 PM Bug #9893: RDNSS is broken in 2.5 for Android and leightweight Clients
The extract that you've posted is in Section 1.2 which immediately follows Section 1.1 (which describes how RDNSS in ... Elbin Teh
01:17 PM Bug #9893: RDNSS is broken in 2.5 for Android and leightweight Clients
You need to read to the end of RFC 8106. Section 1 is the rational why RDNSS was added to the Router Announcements.
... Rick Coats
01:28 AM Bug #9893: RDNSS is broken in 2.5 for Android and leightweight Clients
While this is convenient to you as you have a dynamic prefix, there are some situations where this might not be desir... Elbin Teh
04:57 PM Feature #9302: radvd always advertises DNS servers and Domain Search List regardless of M or O flag
The extract that you've posted is in Section 1.2 which immediately follows Section 1.1 (which describes how RDNSS in ... Elbin Teh
12:58 PM Feature #9302: radvd always advertises DNS servers and Domain Search List regardless of M or O flag
Elbin Teh wrote:
> Agreed it would be the responsibility of the network administrator to configure RDNSS or DNSSL or... Rick Coats
01:32 AM Feature #9302: radvd always advertises DNS servers and Domain Search List regardless of M or O flag
Agreed it would be the responsibility of the network administrator to configure RDNSS or DNSSL or disable them comple... Elbin Teh
02:55 PM Bug #9872: Error during build when compiling a non pfSense software
Noticed this error as well, thanks for finding the issue. I have incorporated your PR into my builds.
Maybe a low... Ronald Schellberg
10:06 AM Bug #9533: XG-7100 FAT config restore not working post-install
Revisiting this after hitting it on another system. Adding the following to loader.conf (or loader.conf.local) allows... Steve Wheeler
06:57 AM Todo #9868 (Resolved): Add clientAuth EKU to Server type certificates
Jim Pingle
02:57 AM Todo #9868: Add clientAuth EKU to Server type certificates
Jim Pingle wrote:
> Applied in changeset commit:46869dd2b5ebf32e8297d65f98444fb38d314336.
Tested on 2.5.0.a.20191... Viktor Gurov

11/11/2019

06:19 PM Feature #9302: radvd always advertises DNS servers and Domain Search List regardless of M or O flag
Elbin Teh wrote:
> Hi,
>
> I did some more research and investigation on this, and on further thought I think thi... Rick Coats
05:36 PM Feature #9302: radvd always advertises DNS servers and Domain Search List regardless of M or O flag
Hi,
I did some more research and investigation on this, and on further thought I think this needs to be revisited.... Elbin Teh
04:56 PM Feature #9302: radvd always advertises DNS servers and Domain Search List regardless of M or O flag
If you look at the last paragraph of the blog from 2012 that you referenced:
"One thing to note, I have found that... Rick Coats
04:11 PM Feature #9302: radvd always advertises DNS servers and Domain Search List regardless of M or O flag
Elbin Teh wrote:
> I totally agree that when using "M" mode that RDNSS should not be disabled.
>
> In fact, the ... Rick Coats
05:10 PM Bug #9893 (Duplicate): RDNSS is broken in 2.5 for Android and leightweight Clients
Version of PfSense under Test:
2.5.0-DEVELOPMENT (amd64)
built on Sun Nov 10 20:08:03 EST 2019
FreeBSD 12.0-RELEAS... Rick Coats

11/10/2019

10:35 AM Feature #9843 (Resolved): allow to generate cert/csr with ECDSA key
Jim Pingle
04:40 AM Feature #9843: allow to generate cert/csr with ECDSA key
Jim Pingle wrote:
> PR has been merged
Tested on 2.5.0.a.20191109.1723
Resolved Viktor Gurov
10:35 AM Feature #9825 (Resolved): Requirements for trusted certificates in iOS 13 and macOS 10.15
Jim Pingle
04:37 AM Feature #9825: Requirements for trusted certificates in iOS 13 and macOS 10.15
Tested on 2.5.0.a.20191109.1723
Change default GUI cert lifetime to 825 days - OK
Add notes on CA/Cert pages abo... Viktor Gurov
10:35 AM Bug #9867 (Resolved): Packet Capture IPv6 rejects all packets if CARP type is set in Protocol field
Jim Pingle
07:37 AM Feature #9891 (Resolved): QLogic 10 Gigabit Ethernet driver (qlxgb)
It seems that *qlxgb* driver is not compiled on pfSense,
see https://forum.netgate.com/topic/139931/hp-qlogic-nc523s... Viktor Gurov
03:26 AM pfSense Packages Feature #9874: safesearch enforcing
PR updated with Firefox DoH blocking support
(see https://forum.netgate.com/topic/133679/heads-up-be-aware-of-truste... Viktor Gurov

11/09/2019

11:55 PM Bug #9867: Packet Capture IPv6 rejects all packets if CARP type is set in Protocol field
Jim Pingle wrote:
> Applied in changeset commit:b86891b1d5d62d30bc8f1bf3a7fdfee7030ed82b.
Tested on 2.5.0.a.20191... Viktor Gurov
10:29 PM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries
Jim Pingle wrote:
> John K wrote:
> > What's the status here? Has Netgate been able to reproduce this issue?
>
... Gavin Stewart
02:04 PM pfSense Packages Feature #6022: Consider MLVPN for bonded VPN
https://forum.netgate.com/topic/144050/multi-wan-bonding-150
Added my 2 cents to the forum post, and added $100 to... James Tandy
02:59 AM pfSense Packages Feature #9874: safesearch enforcing
https://github.com/pfsense/FreeBSD-ports/pull/701 Viktor Gurov

11/08/2019

01:03 PM Feature #4632: Support for Multipath TCP (MPTCP)
+1 Bouke Henstra
11:04 AM pfSense Packages Feature #9890 (Needs Patch): Improves Network Quality on a High-latency Lossy Link by using Forward Error Correction
Jim Pingle
11:02 AM pfSense Packages Feature #9890 (Needs Patch): Improves Network Quality on a High-latency Lossy Link by using Forward Error Correction
Network packet loss occurs frequently on long-distance international networks. like: use openvpn gre so on.
I think ... yon Liu
11:01 AM Bug #9889 (Resolved): Cannot validate Certificates against Certificate Revocation Lists for Intermediate Certificate Authorities
Adding this for tracking, but I don't think it's a bug in pfSense or FreeBSD, but OpenSSL itself. It could potentiall... Jim Pingle
09:51 AM pfSense Packages Bug #9888 (Feedback): ACME output sent to browser without encoding
Fixed in ACME package version 0.6.3_1
https://github.com/pfsense/FreeBSD-ports/commit/a6f443cde51e7fcf17e51f16014d... Jim Pingle
09:46 AM pfSense Packages Bug #9888 (Resolved): ACME output sent to browser without encoding
ACME issue/renew output is sent directly to the browser without encoding. In some cases, user input may be included i... Jim Pingle
05:11 AM pfSense Packages Feature #9885 (Resolved): OpenVPN client 2.4.8 update
Renato Botelho
03:29 AM pfSense Packages Feature #9885: OpenVPN client 2.4.8 update
Hi!
Works.
Thanks!
Regards,
G Greg M
03:33 AM Feature #6240: vxlan driver
+1 Gianluca Semprini

11/07/2019

09:58 AM pfSense Packages Bug #9886 (Rejected): Open-VM-Tools 10.1.0_2,1 on ESXi 6.5 causes gateway disconnects
This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
09:50 AM Bug #6801: Rule separators are moving when multiple firewall rules are deleted together
I couldn't reproduce the exact same bug stated here, but I did manage to reproduce a similar one. I opened #9887 and ... Jim Pingle
02:18 AM Bug #6801: Rule separators are moving when multiple firewall rules are deleted together
It seems that the bug has returned, as I just had this exact issue when deleting multiple firewall rules with version... Max Frames
09:49 AM Bug #9887 (Resolved): Rule separator positions change when deleting multiple rules
When deleting rules around a separator at the end of the ruleset, separator positions can change unintentionally. Sim... Jim Pingle
08:36 AM pfSense Packages Bug #8454: Arpwatch package break email notifications from other sources
Hi, is there a chance this problem will be fixed? Christian Rhomberg

11/06/2019

03:10 PM Feature #1192 (Feedback): Certificate Manager - Ability to Encrypt Private Keys When Exporting
Applied in changeset commit:967733529244944d751003517a1e42fba1b29c07. Jim Pingle
02:31 PM Feature #1192 (In Progress): Certificate Manager - Ability to Encrypt Private Keys When Exporting
Jim Pingle
03:10 PM Feature #7861 (Feedback): Make "Descriptive name" of certificates editable
Applied in changeset commit:967733529244944d751003517a1e42fba1b29c07. Jim Pingle
02:31 PM Feature #7861 (In Progress): Make "Descriptive name" of certificates editable
Jim Pingle
02:29 PM pfSense Packages Feature #9871 (Resolved): Snort - User Forced Disabled Rules Ordering
Jim Pingle
01:58 PM pfSense Packages Feature #9871: Snort - User Forced Disabled Rules Ordering
This ticket can be closed as "RESOLVED". Column sorting is now available on the RULES tab in the DEVEL and RELEASE br... Bill Meeks
02:10 PM pfSense Packages Bug #9740 (Feedback): empty Status / Tinc VPN page on latest 2.5
PR has been merged. Thanks! Renato Botelho
02:10 PM pfSense Packages Bug #9860 (Feedback): Illegal string offset 'config' in /usr/local/pkg/tinc.inc on line 83
PR has been merged. Thanks! Renato Botelho
08:08 AM pfSense Packages Feature #9885 (Feedback): OpenVPN client 2.4.8 update
OpenVPN Client Export package version 1.4.19 is up with Windows installers for OpenVPN 2.4.8 (Win10 and Win7) Jim Pingle
07:23 AM pfSense Packages Feature #9885: OpenVPN client 2.4.8 update
Hi!
Yes, I was reffering to client in the export page. Sorry for confusion :) Greg M
07:16 AM pfSense Packages Feature #9885: OpenVPN client 2.4.8 update
I do not see anything in the changelog that makes it compelling to rush a move on the base/FreeBSD side of things. We... Jim Pingle
02:30 AM pfSense Packages Feature #9885 (Resolved): OpenVPN client 2.4.8 update
Hi!
Since OpenVPN 2.4.8 has been released it would be nice to include it in all branches of pfsense.
Thanks! Greg M
03:35 AM pfSense Packages Bug #9886 (Rejected): Open-VM-Tools 10.1.0_2,1 on ESXi 6.5 causes gateway disconnects
I run pfSense 2.4.4 on ESXi 6.5 on a 2010 Mac Mini.
After updating Open-VM-Tools to 10.1.0_2,1 I started getting ... Tim Preston

11/05/2019

11:18 PM pfSense Packages Feature #9871: Snort - User Forced Disabled Rules Ordering
I've added sortable columns to the RULES tab. You can now sort on all of the columns except *State* (that is an icon)... Bill Meeks
07:54 AM Feature #9884: Add support for OpenVPN --x509-username-field
That is true, but it doesn't seem to affect "plugin /usr/local/lib/openvpn/plugins/openvpn-plugin-auth-script.so /usr... Florian Apolloner
07:47 AM Feature #9884: Add support for OpenVPN --x509-username-field
We currently force on username-as-common-name so I don't think you could override that behavior with this new option ... Jim Pingle
07:41 AM Feature #9884: Add support for OpenVPN --x509-username-field
Sorry, I realized that it's not a bug immediately after clicking save, but I cannot edit anything :/
> Even if it ... Florian Apolloner
07:21 AM Feature #9884: Add support for OpenVPN --x509-username-field
This isn't a bug, but a missing feature. Even if it is enabled, it would still need GUI code to configure the behavio... Jim Pingle
05:20 AM Feature #9884 (Resolved): Add support for OpenVPN --x509-username-field
The openvpn shipped with pfsense has enable_x509_alt_username=no as compilation option. It would be great if that cou... Florian Apolloner

11/04/2019

06:21 PM Feature #4821: PPPoE WANs do not take full advantage of NIC driver queues for receiving traffic
Interestingly I appear to have rss working on pppoe using igb driver.
the tx is very misbalanced about 10:1 but rx... Chris Collins
04:38 PM Feature #7537 (Feedback): Include mellanox mlx4 and mlx5 ethernet driver
Next round of snapshots will have mlx4en/mlx5en support built in pfSense kernel Renato Botelho
02:59 PM Feature #7537 (In Progress): Include mellanox mlx4 and mlx5 ethernet driver
Renato Botelho
03:26 PM Bug #3956: Check for invalid CA on generating new certificate
It looks good.
Thx. Grischa Zengel
02:51 PM Bug #3956 (Feedback): Check for invalid CA on generating new certificate
It should be good now with the checks I added earlier today. Jim Pingle
09:16 AM Bug #3956: Check for invalid CA on generating new certificate
Grischa Zengel wrote:
> On import you should check the limits too.
That won't matter. Since the CA fails to parse... Jim Pingle
08:47 AM Bug #3956: Check for invalid CA on generating new certificate
On import you should check the limits too. Grischa Zengel
07:59 AM Bug #3956 (In Progress): Check for invalid CA on generating new certificate
I tried a few large but more sane values and I'd say around 12000 is probably the highest lifetime we should allow fo... Jim Pingle
07:51 AM Bug #3956: Check for invalid CA on generating new certificate
If you use a lifetime that long, the CA is generated, but nothing can parse it properly (not even OpenSSL at the CLI)... Jim Pingle
01:10 PM Feature #9883 (Feedback): Allow CAs to use randomized serials when signing
Applied in changeset commit:2c9601c978589f34089f25cc7569ed67dbbc37e8. Jim Pingle
01:02 PM Feature #9883 (Resolved): Allow CAs to use randomized serials when signing
Various guidelines suggest using randomized serial numbers when signing certificates, rather than using sequential nu... Jim Pingle
12:15 PM Feature #9882 (Duplicate): Alias feature request
Duplicate of #1979 Jim Pingle
12:14 PM Feature #9882 (Duplicate): Alias feature request
Hi, I'm using pfsense for over two years and i have to say that it is a great product!
Thank you for your effort!
I... Federico Galli
07:45 AM Bug #9879 (Feedback): PHP Warning: count(): Parameter must be an array or an object that implements Countable in /usr/local/www/system_crlmanager.php
Applied in changeset commit:a6487fc84dc85113354730ffe7f1d4a1141cf0c5. Jim Pingle
07:13 AM Bug #9881 (Duplicate): Traffic Graphs
Almost certainly a duplicate of #9566 Jim Pingle
12:26 AM Bug #9881 (Duplicate): Traffic Graphs
Hello
The problem is that at the same time, the graphs from the dashboard and the status section show different valu... Andrey Kirilov

11/03/2019

05:16 PM pfSense Packages Todo #9880 (Pull Request Review): Remove Zabbix 2.2 Packages
Jim Pingle
04:30 PM pfSense Packages Todo #9880: Remove Zabbix 2.2 Packages
https://github.com/pfsense/FreeBSD-ports/pull/696
https://github.com/pfsense/pfsense/pull/4110 Danilo Baio
04:29 PM pfSense Packages Todo #9880 (Resolved): Remove Zabbix 2.2 Packages
End of life was August, 2019.
Ports will expire after November, 30 on FreeBSD.
https://svnweb.freebsd.org/ports?vie... Danilo Baio
11:25 AM Feature #2358: NAT64 support
Bipin Chandra wrote:
> UPVOTE - we need this feature desperately and if this isn't coming then it will be a deciding... Dmitri Toubelis
12:37 AM Feature #2358: NAT64 support
UPVOTE - we need this feature desperately and if this isnt coming then it will be a deciding point for us to move to ... Bipin Chandra
10:27 AM Bug #9879 (Resolved): PHP Warning: count(): Parameter must be an array or an object that implements Countable in /usr/local/www/system_crlmanager.php
Crash report begins. Anonymous machine information:
amd64
12.0-RELEASE-p10
FreeBSD 12.0-RELEASE-p10 42c493096e7... Travis Scotts
09:26 AM Feature #9878 (Pull Request Review): IPsec PKCS#11 authentication
Jim Pingle
09:20 AM Feature #9878: IPsec PKCS#11 authentication
https://github.com/pfsense/pfsense/pull/4109 Viktor Gurov
09:19 AM Feature #9878 (Resolved): IPsec PKCS#11 authentication
Add ability to select and configure PKCS#11 RSA authentication in WebGUI
you need to install packages: ccid-1.4.30... Viktor Gurov
04:48 AM pfSense Packages Feature #9874: safesearch enforcing
* *DuckDuckGo*: duckduckgo.com CNAME safe.duckduckgo.com (54.229.105.151)
see https://help.duckduckgo.com/duckduckgo... Viktor Gurov

11/02/2019

10:51 AM pfSense Packages Feature #9044: Add SoftEther
Yes, softether seems to be a descent option for openvpn and is discussed on many forums incl. its installation on pfs... Stan Odd
10:44 AM Bug #9577: radvd send_ra_forall failed on interface / can't join ipv6-allrouters
Ronald Schellberg wrote:
> I can confirm tomorrow, as it would stop working for me after about 24 hours.
>
> I ... Ronald Schellberg
08:53 AM pfSense Packages Feature #9875 (Pull Request Review): add extra engines safe search
Jim Pingle
06:16 AM pfSense Packages Feature #9875: add extra engines safe search
https://github.com/pfsense/FreeBSD-ports/pull/695 Viktor Gurov
06:14 AM pfSense Packages Feature #9875 (Resolved): add extra engines safe search
qwant.com keys from https://github.com/serv-inc/safe-search
rambler.ru keys from help page https://help.rambler.ru/r... Viktor Gurov
08:48 AM Bug #3956: Check for invalid CA on generating new certificate
Meanwhile this bug doesn't exist like described.
I think I created a CA with pfsense and a high life time (100 yea... Grischa Zengel
08:03 AM Feature #9877 (Resolved): QEMU Guest Agent
Add QEMU Guest Agent to base system or as extra package
https://github.com/aborche/qemu-guest-agent
Makefile patc... Viktor Gurov
07:38 AM Feature #9876 (New): PFsense on KVM: Web interface hint to disable "Hardware Checksum Offloading"
According to
https://docs.netgate.com/pfsense/en/latest/virtualization/virtio-driver-support.html
it is necessary ... thal unil
05:33 AM pfSense Packages Feature #9874 (Resolved): safesearch enforcing
Add ability to force safesearch via special DNS entries.
* *Google*: 216.239.38.120 google.com
see https://suppor... Viktor Gurov

11/01/2019

06:51 PM Bug #9873 (Resolved): Switching the System Update to Development renders the system unbootable
If you select Development Snapshots branch in System > Update > Update Settings and then switch back to the Latest St... Steve Wheeler
03:20 PM Feature #3258 (Feedback): Allow multiple certificates to be revoked in a single step
Applied in changeset commit:63fb68d71384d3b819bb87fbbef28507b5330955. Jim Pingle
03:20 PM Feature #9869 (Feedback): Allow CRL entries to be made by serial number
Applied in changeset commit:63fb68d71384d3b819bb87fbbef28507b5330955. Jim Pingle
03:17 PM Feature #1268: Allow mass renewing of certs
I've investigated a couple different ways to do this and didn't really care for how any of them turned out. Trying to... Jim Pingle
02:58 PM pfSense Packages Feature #9871: Snort - User Forced Disabled Rules Ordering
I believe I can add sortable columns (at least for some of the columns) so the RULES tab behaves the same as the ALER... Bill Meeks
05:08 AM pfSense Packages Feature #9871 (Resolved): Snort - User Forced Disabled Rules Ordering
Any chance of forcing the order GID then SID of the displayed rules, its a bit of a pain when your trying to audit wh... Andy Kniveton
10:05 AM Feature #2358: NAT64 support
UPVOTE here, put politics aside please, regardless if you hate NAT or not, this feature should at least be added.
... Chris Collins
06:53 AM Bug #9872 (Resolved): Error during build when compiling a non pfSense software
Hello,
I am facing a (non-critical) error when building non-pfSense software... A FL
12:11 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries
Art Manion wrote:
> Netgate SG-4860 running 2.4.4-RELEASE-p3 (amd64). At least twice I've experienced issues, I ass... Art Manion

10/31/2019

05:53 PM Bug #9870 (Not a Bug): DNS fails to resolve CNAME records
There is not enough information here to definitively say it's a bug and not a problem with your settings or elsewhere... Jim Pingle
05:13 PM Bug #9870 (Not a Bug): DNS fails to resolve CNAME records
I have a pfSense router (2.4.4-RELEASE-p3 using unbound Version 1.9.1) in a home environment and it is also serving a... Brian Saia
03:41 PM Feature #9869 (Resolved): Allow CRL entries to be made by serial number
CRL entries are made by serial number internally, but the only way to revoke in the GUI is to have the certificate im... Jim Pingle
03:40 PM Feature #4068 (Feedback): CAs present on CERT manager are not trusted from pfSense
Applied in changeset commit:7daab3d8dc4cc045db22925cccbde22c23083c03. Jim Pingle
03:28 PM Feature #4068 (In Progress): CAs present on CERT manager are not trusted from pfSense
Jim Pingle
01:05 PM Bug #9867 (Feedback): Packet Capture IPv6 rejects all packets if CARP type is set in Protocol field
Applied in changeset commit:b86891b1d5d62d30bc8f1bf3a7fdfee7030ed82b. Jim Pingle
08:03 AM Bug #9867: Packet Capture IPv6 rejects all packets if CARP type is set in Protocol field
A "silly" workaround might be renaming *CARP* in dropdown _Protocol_ list to *CARP IPv4*. Constantine Kormashev
08:02 AM Bug #9867: Packet Capture IPv6 rejects all packets if CARP type is set in Protocol field
It appears both are caught by "proto 112", so it might not be too difficult to solve that way. Jim Pingle
07:53 AM Bug #9867 (Resolved): Packet Capture IPv6 rejects all packets if CARP type is set in Protocol field
Packet Capture IPv6 rejects all packets if *CARP* type is set in *Protocol* field.
It might be an upstream issue.
... Constantine Kormashev
12:40 PM Bug #3956 (Feedback): Check for invalid CA on generating new certificate
Applied in changeset commit:746c9afc0e9bd632a8b7ee2f8cc2d63a0974dd88. Jim Pingle
12:28 PM Bug #3956 (In Progress): Check for invalid CA on generating new certificate
Unless we can get a copy of a certificate that shows the behavior, I don't see any problems here. I'm adding some pro... Jim Pingle
12:30 PM Todo #9868 (Feedback): Add clientAuth EKU to Server type certificates
Applied in changeset commit:46869dd2b5ebf32e8297d65f98444fb38d314336. Jim Pingle
10:46 AM Todo #9868 (Resolved): Add clientAuth EKU to Server type certificates
Some cases may require a server certificate to be used to authenticate a server (to client) and authenticate as a cli... Jim Pingle
12:15 PM Feature #7248: Web UI for IPSec settings should warn about poor security choices
This could probably use a similar technique to the one I implemented for Certificates on #9825
See commit:3f0b7bc3ae Jim Pingle
12:14 PM Feature #9825 (Feedback): Requirements for trusted certificates in iOS 13 and macOS 10.15
I just pushed changes that should fully address the remaining concerns here.
Once on a snapshot with these changes... Jim Pingle
11:56 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries
Vinicius DellAglio wrote:
> I just installed a brand new pfsense box and once I created an alias with an FQDN it did... John K
07:38 AM pfSense Packages Bug #9866 (Feedback): freeradius_view_config.php: File contents are displayed without encoding
Fixed in FreeRADIUS3 pkg version 0.15.7_3
https://github.com/pfsense/FreeBSD-ports/commit/30b22b6b0db7b73732a5da34... Jim Pingle
07:31 AM pfSense Packages Bug #9866 (Resolved): freeradius_view_config.php: File contents are displayed without encoding
freeradius_view_config.php reads and displays the contents of several FreeRADIUS-related files. The contents are disp... Jim Pingle
07:09 AM Feature #9865 (Needs Patch): DNS Forwarder Interfaces list should be a list of checkboxes
The DNS forwarder is no longer actively developed since it was replaced by the DNS Resolver. As such, it's unlikely t... Jim Pingle

10/30/2019

11:07 PM Feature #9865 (Needs Patch): DNS Forwarder Interfaces list should be a list of checkboxes
The DNS Forwarder Interfaces selection UI is too small, and as a multiple selection dropdown is very awkward to use w... Ben L
03:17 PM Bug #9646: OpenSSL 1.1.1 does not list engines for AES-NI or BSD crypto
For the sake of those Googling or searching for the error, the following message was showing up in the logs and on th... Jim Pingle
03:16 PM Bug #9646 (In Progress): OpenSSL 1.1.1 does not list engines for AES-NI or BSD crypto
Patch reverted after we see problems with it applied Renato Botelho
02:00 PM Feature #9842 (Feedback): Add CA/certificate renewal function
This should be complete for now. I didn't add a CLI script, as it didn't seem necessary yet. On a related note, the G... Jim Pingle
01:24 PM Feature #7332 (Feedback): Provide certificate expiry warning
This is now implemented.
There is a GUI setting to enable/disable the expiration notifications, and they are on by... Jim Pingle
12:35 PM Todo #9864 (Feedback): Set autocomplete=new-password for user/password fields in forms
Applied in changeset commit:659a8a26d12b75399063dae060fa32fa23751dbf. Jim Pingle
11:02 AM Todo #9864 (Resolved): Set autocomplete=new-password for user/password fields in forms
It looks like at least Firefox and Chrome current versions suppress autocomplete for usernames and passwords when usi... Jim Pingle
10:37 AM Feature #9863 (Duplicate): Ability to select multiple firewall rules and then toggle them all on (enabled) or off (disabled) with one click
Duplicate of #2505 Jim Pingle
10:19 AM Feature #9863 (Duplicate): Ability to select multiple firewall rules and then toggle them all on (enabled) or off (disabled) with one click
It would be nice, when doing a major rule overhaul (like I just had to do on multiple firewalls) or testing before/af... Max Frames
10:35 AM Feature #9862 (Pull Request Review): Add support for waiting between ping-packages on diag_ping.php
Jim Pingle
09:11 AM Feature #9862 (Resolved): Add support for waiting between ping-packages on diag_ping.php
I wanted to wait a longer time between sending pings. The diag_ping.php interface does not have support for this. Mix Room
10:09 AM pfSense Packages Bug #9860 (Pull Request Review): Illegal string offset 'config' in /usr/local/pkg/tinc.inc on line 83
Jim Pingle
09:27 AM pfSense Packages Bug #9860: Illegal string offset 'config' in /usr/local/pkg/tinc.inc on line 83
https://github.com/pfsense/FreeBSD-ports/pull/694 Viktor Gurov
07:22 AM pfSense Packages Bug #9860: Illegal string offset 'config' in /usr/local/pkg/tinc.inc on line 83
Probably because that array isn't fully initialized before use. It needs to be initialized at each level, not just th... Jim Pingle
01:46 AM pfSense Packages Bug #9860: Illegal string offset 'config' in /usr/local/pkg/tinc.inc on line 83
got this errors when Tinc Hosts is empty Viktor Gurov
01:44 AM pfSense Packages Bug #9860 (Resolved): Illegal string offset 'config' in /usr/local/pkg/tinc.inc on line 83
Crash report details:
PHP Errors:
[30-Oct-2019 08:46:07 Europe/Moscow] PHP Warning: Illegal string offset 'confi... Viktor Gurov
09:32 AM Bug #9577: radvd send_ra_forall failed on interface / can't join ipv6-allrouters
After several failed attempts at creating a 12.1 version, the process that worked was to create a new branch from pfS... Ronald Schellberg
07:17 AM Bug #9861 (Not a Bug): All traffic passing through OpenVPN even if redirect gateway unchecked
That is a configuration problem, not a bug. This site is not for support or diagnostic discussion.
For assistance ... Jim Pingle
02:38 AM Bug #9861 (Not a Bug): All traffic passing through OpenVPN even if redirect gateway unchecked
An OpenVPN has been configured on pfSense and working well, but I noticed that even the "Redirect IPv4 Gateway" is un... Nico .
06:22 AM Bug #9851 (Resolved): PHP error in logs
Renato Botelho
12:09 AM Bug #9851: PHP error in logs
Upgraded and the error is gone. Thank you. Florin Samareanu

10/29/2019

11:11 PM pfSense Packages Bug #9665 (Resolved): acme.sh deleting A record for domain along with TXT record for _acme-challenge
Jim Pingle
11:10 PM pfSense Packages Bug #9665: acme.sh deleting A record for domain along with TXT record for _acme-challenge
Sorry for the late response. But I can confirm that ACME 0.6 does fix the issue for me. This ticket can be closed now. Ronnie Thomas
01:47 PM Feature #7332 (In Progress): Provide certificate expiry warning
I do not think there will be a per-certificate setting for this (at least for now), but for starters I have added a v... Jim Pingle
08:59 AM Bug #9851: PHP error in logs
I gave a look at PHP source code and I have a doubt, what is the gateway name? Nano Caiordo
07:21 AM Bug #9851: PHP error in logs
If that were the case it would happen to everyone all the time, which isn't true. Also the order of operations is bac... Jim Pingle
06:15 AM Bug #9851: PHP error in logs
It might be a permission issue, php docs about file_exists() states: ... Nano Caiordo
08:45 AM Feature #5851: Add copy action to OpenVPN client / server
A huge benefit as ISPs seem to be starting to pick off VPN connections and blocking access to VPN servers that are se... PT Rich
07:16 AM Bug #9859 (Rejected): Memory exhaustion by hundreds of minicron and php-cgi processes.
There is not enough solid information here to classify this as an identifiable or reproducible bug. This site is not ... Jim Pingle
04:10 AM Bug #9859 (Rejected): Memory exhaustion by hundreds of minicron and php-cgi processes.
After repeated gateway failovers I noticed I wasn't able to login any more using https or ssh.
I would then get an e... Joel Linn
07:14 AM Bug #9646 (Feedback): OpenSSL 1.1.1 does not list engines for AES-NI or BSD crypto
I've cherry-picked that patch to 2.5.0. Thanks for pointing that out Renato Botelho
02:36 AM Bug #9646: OpenSSL 1.1.1 does not list engines for AES-NI or BSD crypto
discussion and patch in freebsd mailing list:
https://lists.freebsd.org/pipermail/freebsd-current/2018-December/0724... Viktor Gurov
07:11 AM Feature #9831 (Resolved): diag_packet_capture.php: print packet capture start time
Renato Botelho
12:04 AM Feature #9831: diag_packet_capture.php: print packet capture start time
Renato Botelho wrote:
> PR has been merged. Thanks!
Tested on 2.5.0.a.20191028.1847
Works, resolved Viktor Gurov
07:09 AM Feature #9766 (Resolved): diag_packet_capture.php: allow to input multiple tcp/udp ports
Renato Botelho
12:04 AM Feature #9766: diag_packet_capture.php: allow to input multiple tcp/udp ports
Renato Botelho wrote:
> PR has been merged. Thanks!
Tested on 2.5.0.a.20191028.1847
Works, resolved Viktor Gurov
02:51 AM Bug #9858 (Rejected): adding gateway
Hello,
There is not enough information here to consider this a bug. Please use https://forum.netgate.com for troub... Paighton Bisconer
02:27 AM Bug #9858 (Rejected): adding gateway
We have deployed pfsense VM on VMware ESXi, can communicate with pfsense gateway among the VMs, but outside VMs netwo... geetha subramani
02:07 AM Feature #9857 (New): IPsec Down/Up SMTP Notifications
Currently if Phase1 or Phase 2 go offline no SMTP notification is given. It will be very helpful to have them. Auto p... DRago_Angel [InV@DER]

10/28/2019

03:55 PM Todo #9856 (Feedback): Add certificate detail infoblock to CA list
Applied in changeset commit:b61969226691bb776bf21f1c1121b41519ad5e22. Jim Pingle
03:42 PM Todo #9856 (Resolved): Add certificate detail infoblock to CA list
The certificate list has a nice infoblock that expands with more details about the certificate. This should also work... Jim Pingle
07:44 AM Bug #9855 (Resolved): CSRF error at login when clicking the 'sign in' button multiple times
When logging in, if a user clicks 'sign in' and then waits a moment and clicks 'sign in' again before the login compl... Jim Pingle
07:20 AM Bug #9851 (Feedback): PHP error in logs
Applied in changeset commit:83794361b7135aaef4e47b35bd27df7da6ce023c. Jim Pingle
07:14 AM Bug #9851: PHP error in logs
I've seen that happen before. Looks like a race condition of some sort since there is a test just before that checkin... Jim Pingle
05:13 AM pfSense Packages Bug #9854: pfBlockerNG Message: Allowed memory size of 536870912 bytes exhausted
... lexxai lexxai
05:11 AM pfSense Packages Bug #9854 (Closed): pfBlockerNG Message: Allowed memory size of 536870912 bytes exhausted
PHP ERROR: Type: 1, File: /usr/local/www/pfblockerng/pfblockerng_alerts.php, Line: 644, Message: Allowed memory size ... lexxai lexxai

10/27/2019

05:27 PM pfSense Docs Correction #9853 (Closed): Feedback on VPN — IPsec — Routing Internet Traffic Through a Site-to-Site IPsec VPN
*Page:* https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/routing-internet-traffic-through-a-site-to-site-ipsec-vp... Phil Six
10:50 AM pfSense Packages Bug #9849: NUT not starting as root? Isn't loading USB drivers?
I think I found a work-around. I went into the Services > UPS and then selected the UPS Settings tab. From there, cli... Ryan McCullough
10:04 AM Feature #7467: Add iPhone/Android/Generic USB tethering support
Not sure why you keep pushing back the target, its 2 mins to add a few words to the kernel module build command and t... Chris Collins
09:37 AM pfSense Packages Feature #9852 (Resolved): show File-Store directory listing
add extra "Alert"-style page with File-Store directory listing
add download icon,
add “i” icon to check the sha25... Viktor Gurov
05:08 AM pfSense Packages Bug #9850: show huperscan option only for x86 arch
https://github.com/pfsense/FreeBSD-ports/pull/693 Viktor Gurov
02:21 AM Bug #9851 (Resolved): PHP error in logs
Hello,
After upgrading to 2.5.0-DEVELOPMENT (amd64) built on Mon Oct 21 20:52:27 EDT 2019 I get the following warn... Florin Samareanu

10/26/2019

06:23 PM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries
Jim Pingle wrote:
> John K wrote:
> > What's the status here? Has Netgate been able to reproduce this issue?
>
... Vinicius DellAglio
05:27 PM pfSense Packages Bug #9850 (Resolved): show huperscan option only for x86 arch
Hyperscan will run on x86 processors in 64-bit (Intel® 64 Architecture) and 32-bit (IA-32 Architecture) modes.
hid... Viktor Gurov
05:09 PM pfSense Packages Bug #9849 (Rejected): NUT not starting as root? Isn't loading USB drivers?
It looks like the NUT/UPS driver isn't loading the USB driver unless I pass the "-u root" parameter to the command:
... Ryan McCullough
04:55 PM pfSense Packages Feature #9848 (Closed): file-store retention limits
Add File-Store limit to clean captured files by total size or age Viktor Gurov

10/25/2019

11:44 PM Bug #9847 (Not a Bug): Periodic Crash
There isn't enough information here to classify it as a bug. Your ESX version is very old, which is likely a source o... Jim Pingle
09:19 PM Bug #9847 (Not a Bug): Periodic Crash
I'm experiencing periodic lockups (every 2-3 weeks).
This is pfSense 2.4.4-p3 running as VM on ESXi 5.5.0
I have ha... Denis Johnson
07:03 PM pfSense Packages Bug #9795: FRR add two or more ipv6 BGP Neighbors will system down
i test find this frr with openvpn happen issue, when frr use two ipv6 BGP Neighbors, then the issue will happen. yon Liu
04:05 PM Feature #9843 (Feedback): allow to generate cert/csr with ECDSA key
PR has been merged Jim Pingle
03:42 PM Feature #9842: Add CA/certificate renewal function
I just committed the GUI code for this plus some more backend functions. There are still a couple items left, but not... Jim Pingle
12:17 PM Feature #9309: Allow manual selection of IPsec IKE Pseudo-Random Function (PRF)
https://github.com/pfsense/pfsense/pull/4106 Viktor Gurov
09:14 AM Feature #6775: Strongswan PKCS#11 Support

Tested, with editing of ipsec.secrets, ipsec.conf and charon.conf
+ installing packages: ccid-1.4.30.txz, opensc-0... Viktor Gurov
08:05 AM pfSense Packages Bug #9846 (Feedback): pfBlockerNG log file download/clear lacks validation
Fix submitted by BBcan177 and committed.
https://github.com/pfsense/FreeBSD-ports/commit/38be8c32b1638b230310c0a54... Jim Pingle
07:51 AM pfSense Packages Bug #9846 (Resolved): pfBlockerNG log file download/clear lacks validation
The 'logfile' parameter in pfblockerng_log.php is not validated, and allows working on files outside of the expected ... Jim Pingle
02:58 AM Bug #9821: pfSense IPsec not reload configs on connectivity issues with DDNS
Jim Pingle wrote:
> IPsec with DDNS works fine for many users (myself included) -- you haven't presented any evidenc... DRago_Angel [InV@DER]

10/24/2019

02:28 PM pfSense Packages Bug #9844 (Resolved): System_Patches 1.2_2 syntax error
Confirmed fixed. Jim Pingle
07:12 AM pfSense Packages Bug #9844 (Feedback): System_Patches 1.2_2 syntax error
Fix pushed. Jim Pingle
07:28 AM Bug #9845 (Not a Bug): diag_dump_states.php: can't use extended filter expressions
It's in the pfSense module:
https://github.com/pfsense/FreeBSD-ports/blob/devel/devel/php-pfSense-module/files/pfS... Jim Pingle
07:22 AM Bug #9845 (Not a Bug): diag_dump_states.php: can't use extended filter expressions
I can't filter expressions for grep-style queries, like "tcp 192.168 ESTABLISHED" or "icmp 172.16.0"
Only single val... Viktor Gurov
01:16 AM Bug #9837: ipv6 is not completely disabled on the interfaces
Manuel Piovan wrote:
> Do not configure IPv6 addresses with no link-local address by using
> ifconfig. It... Viktor Gurov
12:52 AM pfSense Packages Feature #9742: Print Patch ID in log while patching
fixes to PR:
https://github.com/pfsense/FreeBSD-ports/pull/692 Viktor Gurov

10/23/2019

08:06 PM pfSense Packages Bug #9844 (Resolved): System_Patches 1.2_2 syntax error
After install updated package System_Patches 1.2.2 it crashes
PATCH Menu is also GONE from system after update
Cr... Carlos Rocha
03:27 PM Feature #9825: Requirements for trusted certificates in iOS 13 and macOS 10.15
Not a resolution, but a related note: I am adding code to renew certificates with an option to enforce these paramete... Jim Pingle
03:18 PM Feature #9842 (In Progress): Add CA/certificate renewal function
Second guessing the removal of deprecated subject items, since if the subject and key stay the same, then clients wou... Jim Pingle
02:30 PM Bug #8179: Incorrect reverse DNS zone in DHCP server config for non-octet-aligned subnet mask
Yousif Hassan wrote:
> While the suggested code fix does in fact generate the more correct classless zone name, it... Yousif Hassan
01:34 PM Bug #9837: ipv6 is not completely disabled on the interfaces
be careful
https://www.freebsd.org/cgi/man.cgi?query=ifconfig&sektion=8&manpath=freebsd-release-ports#end
BUGS
... Manuel Piovan
12:37 PM pfSense Packages Bug #9740: empty Status / Tinc VPN page on latest 2.5
https://github.com/pfsense/FreeBSD-ports/pull/691
There is no /usr/local/sbin/clog in pfSense 2.5
using "cat" ins... Viktor Gurov
10:38 AM Feature #9771: diag_reboot.php: add ability to reroot and reboot with fsck to WebGUI
Jim Pingle wrote:
> It just hasn't made it into a Factory snapshot yet. It's already in the tree there.
additions... Viktor Gurov
09:47 AM Feature #9831 (Feedback): diag_packet_capture.php: print packet capture start time
PR has been merged. Thanks! Renato Botelho
09:47 AM Bug #9745 (Feedback): can't add ECDSA certificate key when signing CSR
PR has been merged. Thanks! Renato Botelho
09:47 AM Feature #9688 (Feedback): restartallwan - pfSsh.php script to restart all wan interfaces
PR has been merged. Thanks! Renato Botelho
09:40 AM pfSense Packages Feature #9824 (Feedback): Add support for DuckDuckGo's Safe Search
PR has been merged. Thanks! Renato Botelho
09:40 AM pfSense Packages Bug #9811 (Feedback): apcupsd - can not set BATTERYLEVEL and MINUTES to -1 although these are valid values
PR has been merged. Thanks! Renato Botelho
09:36 AM pfSense Packages Feature #9742 (Feedback): Print Patch ID in log while patching
PR has been merged. Thanks! Renato Botelho
09:36 AM pfSense Packages Feature #9521 (Feedback): Upgrade to HAProxy 1.9
PR has been merged. Thanks! Renato Botelho
09:29 AM pfSense Packages Bug #9836 (Feedback): OpenBGPD package deamon starts twice
PR has been merged. Thanks! Renato Botelho
07:59 AM Feature #9843 (Pull Request Review): allow to generate cert/csr with ECDSA key
Jim Pingle
03:52 AM Feature #9843: allow to generate cert/csr with ECDSA key
https://github.com/pfsense/pfsense/pull/4104 Viktor Gurov
03:50 AM Feature #9843 (Resolved): allow to generate cert/csr with ECDSA key
Add ability to generate certificates/CSRs with ECDSA keys. Viktor Gurov
 

Also available in: Atom