Activity

30 days up to

User

Subprojects

Activity

From 11/12/2019 to 12/11/2019

12/11/2019

11:42 PM pfSense Packages Bug #9967 (Rejected): SSL Filter enable stopped Squid Proxy and guard filter services: Please post on the forum to discuss and identify the issue. There is not enough information here to know what the iss... Jim Pingle
10:12 PM pfSense Packages Bug #9967 (Rejected): SSL Filter enable stopped Squid Proxy and guard filter services: ear in pf sense 2.4.4-DEVELOPMENT (AMD64) when squid proxy sever enable the squid SSL Filtering option for block secu... Noman Akbar
06:06 PM Revision 6c665431: Update status.php to read swanctl.conf, not ipsec.conf: Also ensure that secrets are redacted, and change the strongswan.conf
command to match. Jim Pingle
04:45 PM Revision aa689bbc: Fix 2.4.5 repo ports branch (take 2): Renato Botelho
04:38 PM Revision fa463ace: Fix 2.4.5 repo ports branch: Renato Botelho
04:35 PM Revision 686068b0: Fix 2.5.0/2.4.5 repo configs: Renato Botelho
04:08 PM Revision 09b6735d: allow to disable APIPA blocking: Viktor Gurov
10:25 AM Feature #9966 (Pull Request Review): allow to disable APIPA blocking: Jim Pingle
10:13 AM Feature #9966 (Resolved): allow to disable APIPA blocking: allow to disable APIPA blocking,
some providers may utilize APIPA space for interconnect interfaces
see also htt... Viktor Gurov
10:22 AM Bug #9873 (In Progress): Switching the System Update to Development renders the system unbootable: Renato Botelho
10:09 AM Bug #2073: APIPA broadcasts forwarded by route-to: https://github.com/pfsense/pfsense/pull/4128 Viktor Gurov
08:13 AM pfSense Packages Bug #9965 (Resolved): Since 0.15.7_2, legit LDAP server certs cannot be selected anymore: Thanks for testing! Jim Pingle
08:00 AM pfSense Packages Bug #9965: Since 0.15.7_2, legit LDAP server certs cannot be selected anymore: Excellent; thank you very much! I can confirm this is fixed here! Didier Raboud
07:50 AM pfSense Packages Bug #9965 (Feedback): Since 0.15.7_2, legit LDAP server certs cannot be selected anymore: Fixed in 0.15.7_7 Jim Pingle
05:29 AM pfSense Packages Bug #9965 (Resolved): Since 0.15.7_2, legit LDAP server certs cannot be selected anymore: It seems that https://github.com/pfsense/FreeBSD-ports/commit/8cbbd84a374f4942e082c5898e93040c5ac65bbb broke the `/pk... Didier Raboud
07:53 AM pfSense Packages Bug #9962: HAproxy Upgrade needed HTTP/2 CVE-2019-19330: The new versions are in the ports tree in master, but need picked back to devel, RELENG_2_4_4, and RELENG_2_4_5 Jim Pingle
07:25 AM Feature #9754 (Resolved): Add separate authentication log: OpenVPN authentication is already placed in the auth log.... Jim Pingle
04:47 AM Feature #9754: Add separate authentication log: Jim Pingle wrote:
> I'm still not seeing a viable way to get the IPsec logs out when strongSwan handles the authenti... Viktor Gurov
07:22 AM Bug #9764 (Resolved): status.php: Sanitize barnyard_dbpwd: Jim Pingle
06:38 AM Bug #9764: status.php: Sanitize barnyard_dbpwd: Jim Pingle wrote:
> Needs checked and/or tested again on 2.4.5 snapshots
tested on 2.4.5.a.20191209.0732
Resolved Viktor Gurov
07:22 AM Bug #9727 (Resolved): status.php: Sanitize influx_pass: Jim Pingle
06:38 AM Bug #9727: status.php: Sanitize influx_pass: Jim Pingle wrote:
> Needs checked and/or tested again on 2.4.5 snapshots
tested on 2.4.5.a.20191209.0732
Resolved Viktor Gurov
07:21 AM Bug #9728 (Resolved): status.php: Sanitize tinc private key: Jim Pingle
06:37 AM Bug #9728: status.php: Sanitize tinc private key: Jim Pingle wrote:
> Needs checked and/or tested again on 2.4.5 snapshots
tested on 2.4.5.a.20191209.0732
Resolved Viktor Gurov
07:21 AM Bug #9729 (Resolved): status.php: Sanitize zabbix-agent tlspsk key: Jim Pingle
06:36 AM Bug #9729: status.php: Sanitize zabbix-agent tlspsk key: Jim Pingle wrote:
> Needs checked and/or tested again on 2.4.5 snapshots
tested on 2.4.5.a.20191209.0732
Resolved Viktor Gurov
07:21 AM Bug #9784 (Resolved): status.php: Sanitize bandwidthd db password: Jim Pingle
06:36 AM Bug #9784: status.php: Sanitize bandwidthd db password: Jim Pingle wrote:
> Needs checked and/or tested again on 2.4.5 snapshots
tested on 2.4.5.a.20191209.0732
Resolved Viktor Gurov
07:16 AM Bug #9744 (Resolved): fatal error if ECDH Curve not default: Jim Pingle
04:41 AM Bug #9744: fatal error if ECDH Curve not default: Jim Pingle wrote:
> I pushed an update in commit:ca3cddbec4 to change the OpenVPN curve list to match IPsec
teste... Viktor Gurov
07:16 AM Bug #9936 (Resolved): zombie alias check errors if no alises exist: Jim Pingle
04:38 AM Bug #9936: zombie alias check errors if no alises exist: Jim Pingle wrote:
> Applied in changeset commit:e99c638b78540efa478dbb3360943c67de72c1af.
tested on 2.5.0.a.20191... Viktor Gurov
07:16 AM Feature #9771 (Resolved): diag_reboot.php: add ability to reroot and reboot with fsck to WebGUI: Jim Pingle
04:14 AM Feature #9771: diag_reboot.php: add ability to reroot and reboot with fsck to WebGUI: Renato Botelho wrote:
> PR has been merged. Thanks
tested on 2.5.0.a.20191210.1722
Resolved Viktor Gurov
07:16 AM Bug #9964 (Duplicate): first step wizard error on SG-1000: That syntax error was fixed over a month ago, and the build issue that led to it being a problem in snapshots was fix... Jim Pingle
05:10 AM Bug #9964 (Duplicate): first step wizard error on SG-1000: After setting the admin password, I received a CSRF verification error, and after refreshing the page:... Viktor Gurov

12/06/2019

11:47 PM Bug #9961 (Resolved): status_upnp: UPnP status not showing rules when using override WAN address option: When using the override WAN address option (say for a CARP VIP), the Status / UPnP & NAT-PMP page shows NO entries, e... Christian McDonald
10:40 PM pfSense Packages Bug #9960 (Rejected): SSL Filter enable stopped Squid Proxy and guard filter services: Do not open issues here for this. Post on the forum to discuss and diagnose the problem and obtain more information. ... Jim Pingle
10:38 PM pfSense Packages Bug #9960 (Rejected): SSL Filter enable stopped Squid Proxy and guard filter services: dear in pf sense 2.5.0-DEVELOPMENT (AMD64) when squid proxy sever enable the squid SSL Filtering option for block sec... Noman Akbar
10:32 PM pfSense Packages Feature #9959 (Rejected): SSL Filter enable stopped Squid Proxy and guard filter services: Please post on the forum to discuss and identify the issue. There is not enough information here. 2.5.0 is in develop... Jim Pingle
10:29 PM pfSense Packages Feature #9959 (Rejected): SSL Filter enable stopped Squid Proxy and guard filter services: dear in pf sense 2.5.0-DEVELOPMENT (AMD64) when squid proxy sever enable the squid SSL Filtering option for block sec... Noman Akbar
03:41 PM Bug #9938: Queue stats parser broken if bytes > 9999999999: PR link: https://github.com/pfsense/pfsense/pull/4123 Jim Pingle
03:12 PM Todo #9245: Update copyright notices to 2020: See also: commit:38809d476acd3939b64bf3f3317792b99e5a1b9f Jim Pingle
01:02 PM Revision 62bac37e: Lower default_cert_expiredays warning threshold to 27 days: Even at 28, ACME still sometimes warns unnecessarily just before renewal. Jim Pingle
12:59 PM Revision c01a28ac: OpenVPN server cert default lifetime 825 days: (cherry picked from commit c576842887ac696dd5faf9d86d5447538d316069) Viktor Gurov
12:59 PM Revision 07f51b2f: Merge pull request #4126 from vktg/ovpnwiz825: Jim Pingle
09:24 AM Bug #9954 (Resolved): status_ipsec.php: Unable to manually connect P2 when P1 is up but not P2: On status_ipsec.php, if IKE (P1) is up but Child SAs (P2s) are not connected, there is no way to connect them without... Jim Pingle
08:16 AM Revision c5768428: OpenVPN server cert default lifetime 825 days: Viktor Gurov
07:38 AM Bug #9763 (Resolved): Trying to set VLAN Priority causes error: Jim Pingle
07:33 AM Bug #9763: Trying to set VLAN Priority causes error: Jim Pingle wrote:
> Needs checked and/or tested again on 2.4.5 snapshots
tested on 2.4.5.a.20191205.1442_3
ok,... Viktor Gurov
07:31 AM Bug #9867 (Resolved): Packet Capture IPv6 rejects all packets if CARP type is set in Protocol field: Jim Pingle
07:31 AM Bug #9867: Packet Capture IPv6 rejects all packets if CARP type is set in Protocol field: Jim Pingle wrote:
> Needs checked and/or tested again on 2.4.5 snapshots
tested on 2.4.5.a.20191205.1442_3
ok,... Viktor Gurov
07:30 AM Todo #9868 (Resolved): Add clientAuth EKU to Server type certificates: Jim Pingle
07:29 AM Todo #9868: Add clientAuth EKU to Server type certificates: Jim Pingle wrote:
> Needs checked and/or tested again on 2.4.5 snapshots
tested on 2.4.5.a.20191205.1442_3:
...
... Viktor Gurov
06:58 AM Feature #9825 (Resolved): Requirements for trusted certificates in iOS 13 and macOS 10.15: Viktor Gurov wrote:
> Change default GUI cert lifetime to 825 days - *OK*
That's all that needed testing, so it's... Jim Pingle
03:55 AM Feature #9825: Requirements for trusted certificates in iOS 13 and macOS 10.15: mark certificates with lifetime > 825 days:
https://github.com/pfsense/pfsense/pull/4127 Viktor Gurov
02:29 AM Feature #9825: Requirements for trusted certificates in iOS 13 and macOS 10.15: reduce OpenVPN wizard server cert lifetime to 825:
https://github.com/pfsense/pfsense/pull/4126 Viktor Gurov
02:28 AM Feature #9825: Requirements for trusted certificates in iOS 13 and macOS 10.15: Jim Pingle wrote:
> The default GUI cert lifetime of 825 days needs checked on 2.4.5 snapshots. If it's OK, move tar... Viktor Gurov
06:58 AM Bug #9953 (Not a Bug): no meta.txz, Unable to retrieve package information: It's expected to happen since we didn't make packages public yet while we do first round of tests Renato Botelho
12:37 AM Bug #9953 (Not a Bug): no meta.txz, Unable to retrieve package information: got 'Unable to retrieve package information.' error on package manager page
in console:... Viktor Gurov
06:56 AM Bug #9748 (Resolved): openvpn_wizard.xml: DH 15360 and 16384 fall back to 1024: Jim Pingle
02:05 AM Bug #9748: openvpn_wizard.xml: DH 15360 and 16384 fall back to 1024: Jim Pingle wrote:
> Needs checked and/or tested again on 2.4.5 snapshots
tested on 2.4.5.a.20191205.1442_3
ok,... Viktor Gurov
06:56 AM Bug #9719 (Resolved): system_certmanager.php - Descriptive name field disappeared when adding certificate for user: Jim Pingle
01:57 AM Bug #9719: system_certmanager.php - Descriptive name field disappeared when adding certificate for user: Jim Pingle wrote:
> Needs checked and/or tested again on 2.4.5 snapshots
tested on 2.4.5.a.20191205.1442_3
ok,... Viktor Gurov
06:56 AM Bug #9722 (Resolved): services_captiveportal_vouchers.php wrong status icon link: Jim Pingle
01:34 AM Bug #9722: services_captiveportal_vouchers.php wrong status icon link: Jim Pingle wrote:
> Needs checked and/or tested again on 2.4.5 snapshots
tested on 2.4.5.a.20191205.1442_3
ok,... Viktor Gurov
06:56 AM Bug #9756 (Resolved): vpn_openvpn_(client|server).php: js issue when selecting multiple NCP: Jim Pingle
01:30 AM Bug #9756: vpn_openvpn_(client|server).php: js issue when selecting multiple NCP: Jim Pingle wrote:
> Needs checked and/or tested again on 2.4.5 snapshots
tested on 2.4.5.a.20191205.1442_3
ok,... Viktor Gurov
06:13 AM Bug #9946: package install failed: unset the 'vital' flag with: pkg set -v 0 pfSense: James Dekker wrote:
> With the proper test repo pointing at 2.4.5, the packages install successfully.
gitsync is ... Renato Botelho
04:15 AM Bug #9944: cron package tries to send out mail with non-existing sendmail tool: Thanks for the explanation. In that case it would be nice to somehow utilize pfSense's notification settings (System/... Alex Kolesnik
01:59 AM Bug #9790: firewall aliases table with fqdn stays in system after deleting: Renato Botelho wrote:
> PR has been merged. Thanks!
tested on 2.5.0.a.20191205.1852
works, Resolved Viktor Gurov

12/05/2019

09:01 PM Revision 7ba6c13b: status_ipsec.php improvements: * Fixes Child SA button JS hide. Fixes #8847
* Adds Child SA count to JS button
* Fixes alignment of 'Connect' button... Jim Pingle
08:29 PM Revision c6220dcf: IPsec swanctl conversion. Implements #9603: * Converted IPsec configuration code from ipsec.conf ipsec/stroke style
to swanctl.conf swanctl/vici style. Issue #... Jim Pingle
07:34 PM Revision f9fbba13: 2.4.5 repo doesn't use ARCH_NEW: Renato Botelho
07:20 PM Revision 7b2fae37: Add 2.4.5 repo and use it as default: Renato Botelho
07:09 PM Revision 3414daaf: Point to devel repo by default: Renato Botelho
07:01 PM Revision ee4cfea3: Fix is_set/isset: (cherry picked from commit cb442cfa7406e561761a52c826c9c58e7a4ee2bc) Steve Beaver
06:35 PM Revision 55343921: Add packages to version string to support composite update: (cherry picked from commit 725c8134d390eefb4bb258893a27a278176158ac) Steve Beaver
05:23 PM Revision 1b16ff0d: Fix is_set/isset: (cherry picked from commit cb442cfa7406e561761a52c826c9c58e7a4ee2bc) Steve Beaver
04:33 PM Bug #9946: package install failed: unset the 'vital' flag with: pkg set -v 0 pfSense: With the proper test repo pointing at 2.4.5, the packages install successfully. Anonymous
04:13 PM Bug #9946 (Feedback): package install failed: unset the 'vital' flag with: pkg set -v 0 pfSense: (mistake on my end, error is still present)
putting back to Feedback for now. Anonymous
03:57 PM Bug #9946 (Resolved): package install failed: unset the 'vital' flag with: pkg set -v 0 pfSense: tested on 2.4.5 gitsync'd to RELENG_2_4_5, worked as expected, packages mentioned above installed without issue. (mis... Anonymous
01:14 PM Bug #9946 (Feedback): package install failed: unset the 'vital' flag with: pkg set -v 0 pfSense: It was caused because image was pointing to 2.4.4 repository by default.
I pushed a fix and it will be available o... Renato Botelho
11:23 AM Bug #9946: package install failed: unset the 'vital' flag with: pkg set -v 0 pfSense: FreeRADIUS
zabbix-proxy
avahi
frr
pfBlockerNG
pfBlockerNG-devel
suricata
snort
...need to test all package... Viktor Gurov
10:52 AM Bug #9946 (Resolved): package install failed: unset the 'vital' flag with: pkg set -v 0 pfSense: ... Viktor Gurov
04:00 PM Feature #9757 (Resolved): DH groups 25,26,27 not listed for phase1 & phase2: tested on 2.4.5 gitsync'd to RELENG_2_4_5, works as expected. Anonymous
03:12 PM Feature #9757 (Feedback): DH groups 25,26,27 not listed for phase1 & phase2: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:53 PM Bug #9945 (Resolved): wizard error on clean install: Jim Pingle
03:44 PM Bug #9945: wizard error on clean install: tested on 2.4.5 gitsync'd to RELENG_2_4_5, worked as expected. Anonymous
11:24 AM Bug #9945 (Feedback): wizard error on clean install: Fixed by commit:1b16ff0d5c Jim Pingle
10:45 AM Bug #9945 (Resolved): wizard error on clean install: after Time Server Information configuration page in wizard:... Viktor Gurov
03:29 PM Bug #9801: VTI IPv6 addresses don't get assigned: They are not public yet, but will be soon. We are doing some internal testing to catch obvious issues before pushing ... Jim Pingle
03:26 PM Bug #9801: VTI IPv6 addresses don't get assigned: I can do it but I can't see a download for 2.4.5 snapshot builds? Only 2.5. Ben Hughes
03:12 PM Bug #9801 (Feedback): VTI IPv6 addresses don't get assigned: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Feature #9911 (Feedback): Show confirmation box before disconnecting PPPoE: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Todo #9868 (Feedback): Add clientAuth EKU to Server type certificates: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9867 (Feedback): Packet Capture IPv6 rejects all packets if CARP type is set in Protocol field: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9851 (Feedback): PHP error in logs: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Feature #9791 (Feedback): Ability to filter Diagnostics ARP Table by IP range (DHCP): Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9784 (Feedback): status.php: Sanitize bandwidthd db password: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9764 (Feedback): status.php: Sanitize barnyard_dbpwd: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9763 (Feedback): Trying to set VLAN Priority causes error: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9756 (Feedback): vpn_openvpn_(client|server).php: js issue when selecting multiple NCP: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9748 (Feedback): openvpn_wizard.xml: DH 15360 and 16384 fall back to 1024: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9741 (Feedback): interfaces_ppps_edit.php: WebGUI don't show local ip / gateway ip values: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9736 (Feedback): status.php: Sanitize oinkcode and etprocode of snort/surricata: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9729 (Feedback): status.php: Sanitize zabbix-agent tlspsk key: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9728 (Feedback): status.php: Sanitize tinc private key: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9727 (Feedback): status.php: Sanitize influx_pass: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9722 (Feedback): services_captiveportal_vouchers.php wrong status icon link: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9719 (Feedback): system_certmanager.php - Descriptive name field disappeared when adding certificate for user: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9708 (Feedback): /etc/inc/unbound.inc: Pfsense Default Unbound Configuration does not Prevent DNS Rebinding Attacks Against Localhost: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Feature #9695 (Feedback): Add Ability to Force NAT-T Encapsulation on IKEv2 Peers: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Feature #9694 (Feedback): Redact ACB encryption password from status.php: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Feature #9693 (Feedback): Bypass automatic backups: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Feature #9620 (Feedback): User privilege to manage integrated switch: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9586 (Feedback): Unbound Access List /31 UI Issue: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9584 (Feedback): Potential XSS in services_acb.php via hostname parameter with legacy settings: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9582 (Feedback): PHP error setting up VLANs from the console: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9569 (Feedback): Fix serial console terminal size issues: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9558 (Feedback): GPS NTP source PHP errors: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9550 (Feedback): New privilege matching method does not allow menu or tab links to anchors (#foo): Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9543 (Feedback): diag_dns.php: Reverse lookup of IPv6 fails with "Host must be a valid hostname or IP address.": Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9541 (Feedback): Non-admin user with admin rights is given the wrong URL for the user manager: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9540 (Feedback): PHP Uncaught Error in Status/System Logs/Firewall/Dynamic View: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Feature #9532 (Feedback): GUI indication and options for MDS mitigation: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9522 (Feedback): Diagnostics > System Activity shows only the header: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9466 (Feedback): DHCP (IPv4) relay mistakenly listening on upstream interface: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9448 (Feedback): Dynamic DNS options showing in GUI for IPv6 when not in use: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Feature #9412 (Feedback): Add sorting and search/filtering to CA/Certificates: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Feature #9323 (Feedback): Option to hide 'Kernel PTI' from sysinfo widget: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9296 (Feedback): Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9292 (Feedback): Default route as indicated by "(Default)" does not match the actual default route on the OS.: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Feature #9285 (Feedback): Add an option to disable the ping-check in dhcpd: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9258 (Feedback): Error deleting tunnel type P2 when mixed with VTI: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9218 (Feedback): SNMP sysDescr does not display hostname and patch version: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Feature #9111 (Feedback): Add IPsec VTI interface MTU support: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Feature #7791 (Feedback): include /usr/bin/strings in core pfSense: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:11 PM Feature #3792 (Feedback): Group name size limit too restrictive on Active Directory Users: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:07 PM Bug #8847: IPsec status "Show Child SA entries" button only expands and never collapses: I backported the status_ipsec.php changes that fixed this to 2.4.5 as well, see commit:7ba6c13bc6 Jim Pingle
02:40 PM Bug #8847 (Feedback): IPsec status "Show Child SA entries" button only expands and never collapses: Applied in changeset commit:c6220dcf7faf3492713c6c30bb86d3971b2772a9. Jim Pingle
01:42 PM Bug #8847 (In Progress): IPsec status "Show Child SA entries" button only expands and never collapses: I've fixed this as a part of a larger set of changes about to be committed. Jim Pingle
02:40 PM Todo #9603 (Feedback): Strongswan stroke is deprecated, move to swanctl/vici: Applied in changeset commit:c6220dcf7faf3492713c6c30bb86d3971b2772a9. Jim Pingle
02:35 PM Bug #8472 (Feedback): IPsec with "Split connections" enabled (multiple P2's) - new added P2's are not coming up (between two pfsense's 2.4.3): This needs tested again on a 2.5.0 snapshot after the changes for #9603 are available in a build. Jim Pingle
02:35 PM Bug #8015 (Feedback): IPsec VPN Not Reconnecting until complete reboot: This needs tested again on a 2.5.0 snapshot after the changes for #9603 are available in a build. Jim Pingle
11:54 AM pfSense Docs Correction #9951 (Closed): Feedback on VPN — OpenVPN — Configuring a Single Multi-Purpose OpenVPN Instance: *Page:* https://docs.netgate.com/pfsense/en/latest/recipes/openvpn-multi-purpose.html
*Feedback:* These instructio... Nicholas Walker
11:24 AM Bug #9949 (Duplicate): openvpn wizard error: Duplicate of #9945 Jim Pingle
11:12 AM Bug #9949 (Duplicate): openvpn wizard error: ... Viktor Gurov
10:29 AM Bug #9944 (Not a Bug): cron package tries to send out mail with non-existing sendmail tool: That's sort of on purpose. We don't ship anything like sendmail in the base system.
There is a sendmail work-alike... Jim Pingle
10:11 AM Bug #9944 (Not a Bug): cron package tries to send out mail with non-existing sendmail tool: Hi,
To reproduce, create a simple cron job, like:... Alex Kolesnik
07:59 AM Feature #9869 (Resolved): Allow CRL entries to be made by serial number: Jim Pingle
07:56 AM Feature #9943 (Pull Request Review): status_ipsec.php: show encr-keysize: Jim Pingle
03:00 AM Feature #9943 (Duplicate): status_ipsec.php: show encr-keysize: Show size of selected encryption algo on Status \ IPsec page
without it, AES-GCM 128/192/256 is always displayed AES... Viktor Gurov
07:20 AM Bug #9914: dhcp6c wont work on reboot, only after service restart: Yes. The default installation configuration of some devices such as our XG-7100 includes VLAN on LAGG, and dhcp6c is ... Jim Pingle
07:17 AM Bug #9914: dhcp6c wont work on reboot, only after service restart: Did you use VLAN on your lagg? I can reproduce the issue when using VLAN on a lagg in a fresh installed pfsense VM. Seyfidin Hamraoui

12/04/2019

11:41 PM Feature #9869: Allow CRL entries to be made by serial number: tested on 2.5.0.a.20191203.0148
Resolved Viktor Gurov
04:32 PM Revision 864cf5e1: Revert "Enable Multipath in FRR 7. Implements #9545": This reverts commit 5fc75545d779e56468ec8c30e573c87f491a980a. Renato Botelho
04:32 PM Revision b0e6754e: Revert "Restore newline at EOF": This reverts commit bb51e33ba32e0e9b4b6925564c1183cc77923900. Renato Botelho
03:57 PM Revision 66d76b76: Fix #6846: Properly detect Super Micro C2558/C2758: (cherry picked from commit 4de6f04d5f4eb69e9293dad6f47ce66f7d3baec1) Renato Botelho
03:37 PM Revision 2c63d42e: Add RFC 8031 Group 31 to IPsec. Implements #9531: (cherry picked from commit 4fc267484e604509b072b398642f19cb6797ef21) Jim Pingle
10:06 AM Feature #9531: [IPSEC] Add additional curve-based DH Groups (31+): Jim Pingle wrote:
> I picked back the Group 31 change only to 2.4.5 to test since it was reported to function. If it... Jens Groh
09:38 AM Feature #9531 (Feedback): [IPSEC] Add additional curve-based DH Groups (31+): I picked back the Group 31 change only to 2.4.5 to test since it was reported to function. If it works, re-target thi... Jim Pingle
08:03 AM Feature #9825 (Feedback): Requirements for trusted certificates in iOS 13 and macOS 10.15: The default GUI cert lifetime of 825 days needs checked on 2.4.5 snapshots. If it's OK, move target back to 2.5.0 sin... Jim Pingle
06:34 AM Bug #9723 (Not a Bug): DHCPv6 server for several interfaces isn't working on all interfaces: Jim Pingle
02:23 AM Bug #9723: DHCPv6 server for several interfaces isn't working on all interfaces: I cannot reproduce this any more. I don't know how this happened but now it's working. Pim Pish
02:20 AM Feature #9942 (New): Give pfSense the possibility to change the keyboard Layout for console users: In pfSense 2.4.4 you can choose a keyboard Layout during installation but the selection won't affect the system. Keyb... Pim Pish

12/03/2019

04:52 PM Revision e79fdf50: Fix the build of miniupnpd in 12, disable CHECK_PORTINUSE.: (cherry picked from commit b761d75c2edc056576c669d36574793c5d13bdda) Luiz Souza
04:37 PM Revision 8df1dee2: Remove zabbix 3.2 and 3.4 options: (cherry picked from commit 1b5941ebe023ad5f72c93325cc427d2e7af5bd56) Renato Botelho
04:36 PM Revision 3b8482db: Enable LDAP for sudo and build nss_ldap. Fixes #9399: (cherry picked from commit 7db5a396d398b010bfb70048881a6cec0577338f) Jim Pingle
04:34 PM Revision 239192a0: Set bind 9.12 options: (cherry picked from commit 342519c47e300cd355d8dbe023704ebba4235299) Renato Botelho
04:33 PM Revision bb51e33b: Restore newline at EOF: (cherry picked from commit 840a0d4335182056f6eb0942d5661e83b400ac8b) Renato Botelho
04:33 PM Revision 5fc75545: Enable Multipath in FRR 7. Implements #9545: (cherry picked from commit 1836b0c237efdf9bf2ce9fab798f2718f0fd6028) Jim Pingle
04:29 PM Revision ed236d9a: Remove zabbix 2.2 leftovers: Renato Botelho
03:49 PM Revision 328d24fe: Remove zabbix 2.2, 3.2 and 3.4 packages: Renato Botelho
03:35 PM Revision e34757e3: Fix drm port name: Renato Botelho
03:33 PM Revision 95a45da5: Revert "Build net/ng_etf-kmod": Add it to 2.4.5 kernel
This reverts commit 82887eb03ff3d3c83a3cc6295ad73214284329d0. Renato Botelho
01:49 PM Revision 4e02ccf7: Bump version to 2.4.5: Renato Botelho
01:36 PM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: Luiz Souza wrote:
> A fix based on Gavin's PR was committed, please let me know if the problem persists.
>
> Than... Robert Gijsen
10:14 AM Bug #9941: Enabling OpenVPN interface should not validate PPPoE passwords: You can apply the patch from the other issue to test using the System Patches package -- if you need help figuring th... Jim Pingle
10:07 AM Bug #9941: Enabling OpenVPN interface should not validate PPPoE passwords: Jim Pingle wrote:
> This is probably solved by #9864, if not, it's your browser auto-fill that is the problem here.
... Nick DeMarco
09:56 AM Bug #9941 (Duplicate): Enabling OpenVPN interface should not validate PPPoE passwords: This is probably solved by #9864, if not, it's your browser auto-fill that is the problem here. Jim Pingle
09:54 AM Bug #9941 (Duplicate): Enabling OpenVPN interface should not validate PPPoE passwords: Enabling the OpenVPN interface fails if the browser autofills a password in the hidden field PPPoE Password. The brow... Nick DeMarco
01:51 AM Feature #9939: Scheduled update or upgrade option: Jim Pingle wrote:
> That is still very dangerous. An upgrade should always be directly monitored by the admin in cas... Robbie van Moerkerk

12/02/2019

07:04 PM Revision 9d6adc62: "don't" -> "doesn't" (typo fix for help text): something-big
05:16 PM Bug #9296 (Resolved): Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: Luiz Souza
02:41 PM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: * Luiz Souza wrote:
> A fix based on Gavin's PR was committed, please let me know if the problem persists.
Conf... Christian Ullrich
08:40 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: * Robert Gijsen wrote:
> Maybe a stupic question, but as I don't have any git or build tools available within pfSe... Christian Ullrich
05:25 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: Luiz Souza wrote:
> A fix based on Gavin's PR was committed, please let me know if the problem persists.
>
> Than... Robert Gijsen
04:26 PM pfSense Packages Bug #9849: NUT not starting as root? Isn't loading USB drivers?: Braden McGrath wrote:
> Ryan McCullough wrote:
> > It looks like the NUT/UPS driver isn't loading the USB driver un... Ryan McCullough
04:16 PM pfSense Packages Bug #9849: NUT not starting as root? Isn't loading USB drivers?: Ryan McCullough wrote:
> It looks like the NUT/UPS driver isn't loading the USB driver unless I pass the "-u root" p... Braden McGrath
01:57 PM Revision 5a0f6513: simplify queue stats parser: Lucas Held
01:24 PM pfSense Packages Bug #9940 (Duplicate): Removing "default" view under monitoring blocked: Duplicate of #9352 Jim Pingle
12:56 PM pfSense Packages Bug #9940 (Duplicate): Removing "default" view under monitoring blocked: I managed to add a extra view named "default" in the monitoring page. When trying to remove said misstake it is not p... Joakim Dellrud
09:35 AM Feature #9939: Scheduled update or upgrade option: That is still very dangerous. An upgrade should always be directly monitored by the admin in case it does not go as p... Jim Pingle
08:20 AM Feature #9939: Scheduled update or upgrade option: Jim Pingle wrote:
> Having any kind of fully automated update function is very dangerous. Since the process can be t... Robbie van Moerkerk
07:33 AM Feature #9939 (Rejected): Scheduled update or upgrade option: Having any kind of fully automated update function is very dangerous. Since the process can be triggered from the con... Jim Pingle
05:37 AM Feature #9939 (Rejected): Scheduled update or upgrade option: While updating our pfsense cluster we would like to schedule the update/ upgrade found. Please implement an option to... Robbie van Moerkerk
07:33 AM Bug #9938 (Pull Request Review): Queue stats parser broken if bytes > 9999999999: Jim Pingle

12/01/2019

05:34 PM Revision e5deede5: support variable value length in queue stats parser: Lucas Held
01:03 PM Bug #9938 (Resolved): Queue stats parser broken if bytes > 9999999999: Hello,
currently the queue stats parser in the file "/etc/inc/shaper.inc" assumes that the bytes value does not exce... Lucas Held

11/29/2019

09:39 PM Feature #9639: Cloudflare DDNS "API Token": +1 to getting them supported in the Dynamic DNS service.
They are already supported in the "acme" plugin, but they... John M
07:05 PM Revision 7ee29634: curve_compatible_list - array of all compat curves: Viktor Gurov
02:41 PM Revision e99c638b: Init aliases array before use. Fixes #9936: Jim Pingle
02:08 PM Revision 5b535261: Allow revoking serial '0' by number. Fixes #9869: Jim Pingle
01:49 PM Revision 1b970bb2: Only try existent devices when looking for the dump device.: Luiz Souza
08:50 AM Bug #9936 (Feedback): zombie alias check errors if no alises exist: Applied in changeset commit:e99c638b78540efa478dbb3360943c67de72c1af. Jim Pingle
08:41 AM Bug #9936 (In Progress): zombie alias check errors if no alises exist: Jim Pingle
08:46 AM Feature #9937: OpenVPN Login User Privilege: If this is added it would have to be off by default and enabled on a per-server basis. Jim Pingle
08:29 AM pfSense Packages Bug #9935 (Pull Request Review): hide ECDSA certs for Zabbix: Jim Pingle
08:27 AM Feature #9842 (Pull Request Review): Add CA/certificate renewal function: Jim Pingle
08:15 AM Feature #9869 (Feedback): Allow CRL entries to be made by serial number: Applied in changeset commit:5b535261acc969af2e22dcbd6798c881d42a576a. Jim Pingle
07:41 AM Feature #9869 (In Progress): Allow CRL entries to be made by serial number: Jim Pingle
08:11 AM Bug #9785 (Resolved): ACB permits manual backup attempt when disabled: Jim Pingle
07:41 AM pfSense Packages Bug #9932 (Rejected): Squid is not showing CAs for SSL Interception: Can't reproduce this on 2.5.0 or 2.4.4 Both show CAs as they should. Post on the forum if you are still having issues. Jim Pingle

11/28/2019

02:33 PM Revision 6c97c186: Typo fix: (cherry picked from commit 463d5d11726084575b166dffe4b85164b2f5a5c3) Steve Beaver
01:46 PM Revision 00d9ce91: typo: Viktor Gurov
01:37 PM Revision 941470ef: prime256v1 ec curve for renew: Viktor Gurov
11:42 AM Feature #9937 (New): OpenVPN Login User Privilege: Hello pfsense development Team,
It would be awesome to have a "VPN - User: Openvpn Dialin" privilege in the Group ... Arthur Besnard
11:24 AM Bug #9936 (Resolved): zombie alias check errors if no alises exist: It appears not to check if aliases exist on the system before trying to load the array throwing this error:... Steve Wheeler
10:18 AM pfSense Packages Bug #9935 (Resolved): hide ECDSA certs for Zabbix: ECDSA certificates are not yet supported in Zabbix
see https://support.zabbix.com/browse/ZBXNEXT-5475
https:/... Viktor Gurov
08:59 AM Bug #8468: Status / Queues show mostly NaN: Same problem here, some values are displayed as NaN in the status_queues page.
2 screenshots attached, the diag_pfto... Jo S
08:00 AM pfSense Packages Bug #9934: suricata update kills WAN interface: Suricata is running in INLINE IPS mode. Every time, when suricata is stopped or started, it does a link up/down. Is t... Srijan Nandi
07:28 AM pfSense Packages Bug #9934 (Closed): suricata update kills WAN interface: Hello Everyone,
I am running pfSense *2.4.4-RELEASE-p3 (amd64*) with suricata *VERSION 4.1.5_2*. I had set suricat... Srijan Nandi
07:43 AM Feature #9842: Add CA/certificate renewal function: https://github.com/pfsense/pfsense/pull/4122
I think that we need to decide which EC is minimum.
prime256v1 or se... Viktor Gurov
03:40 AM Feature #9842: Add CA/certificate renewal function: Jim Pingle wrote:
> This should be complete for now. I didn't add a CLI script, as it didn't seem necessary yet. On ... Viktor Gurov
07:31 AM Bug #9296 (Feedback): Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: A fix based on Gavin's PR was committed, please let me know if the problem persists.
Thanks Luiz Souza
05:29 AM Bug #9933 (Resolved): Captive Portal + Voucher not keeping auto-added "Pass-through MAC Auto Entry": With Captive Portal, the "Enabled Pass-through MAC Auto Entry" should normally keep definitvly the MAC address into t... Johan DEVELON
04:45 AM Feature #9862 (Resolved): Add support for waiting between ping-packages on diag_ping.php: Renato Botelho
04:15 AM Feature #9862: Add support for waiting between ping-packages on diag_ping.php: Renato Botelho wrote:
> PR has been merged. Thanks!
tested on pfSense 2.5.0.a.20191127.2047
works as expected,... Viktor Gurov
04:17 AM Bug #9785: ACB permits manual backup attempt when disabled: tested on pfSense 2.5.0.a.20191127.2047
'backup' button is inactive when ACB disabled
Resolved Viktor Gurov
03:47 AM Feature #9869: Allow CRL entries to be made by serial number: tested on pfSense 2.5.0.a.20191127.2047
it do not save serial number 0 (zero) Viktor Gurov
02:55 AM pfSense Packages Feature #9901 (Resolved): show ECDSA CAs only with correct curves: tested on pfSense 2.5.0.a.20191127.2047 with squid 0.4.44_9
correct, resolved Viktor Gurov
02:54 AM pfSense Packages Feature #9906 (Resolved): show ECDSA CAs and certs only with correct curves: tested on pfSense 2.5.0.a.20191127.2047 with freeradius3 0.15.7_6
correct, resolved Viktor Gurov
02:53 AM pfSense Packages Bug #9919 (Resolved): stunnel server connection failure if ECDSA cert is not in IPsec list: tested on pfSense 2.5.0.a.20191127.2047 with stunnel 5.50_2
correct, resolved Viktor Gurov
02:51 AM pfSense Packages Feature #9929 (Resolved): show only ECDSA-safe exports packages: tested on pfSense 2.5.0.a.20191127.2047 with openvpn-client-export 1.4.19_1
correct, resolved Viktor Gurov

11/27/2019

04:32 PM Revision f6e1c731: Switch default NTP pool server. Fixes #9931: 2.<x> pools contain both IPv4 and IPv6 hosts.
(cherry picked from commit ae132b611439c15003578e38ec338a60eb9ed904) Jim Pingle
04:32 PM Revision 65db2067: Switch default NTP pool server. Fixes #9931: 2.<x> pools contain both IPv4 and IPv6 hosts. Jim Pingle
04:31 PM Revision 0f64460f: Merge pull request #4098 from vktg/delzombiealiases: Renato Botelho
04:29 PM Revision 3b2fb394: Merge pull request #4105 from vktg/guirebootarmcheck: Renato Botelho
04:28 PM Revision fcb61f94: Make hostname optional for for DNS-O-Matic.: This resolves ticket #7601.
(cherry picked from commit 1ccc327f0014d74de501a066df556add28c38e78) gizmotronic
04:28 PM Revision bc542876: Merge pull request #4120 from gizmotronic/dnsomatic-hostname-optional: Renato Botelho
12:06 PM pfSense Packages Bug #9932: Squid is not showing CAs for SSL Interception: Correct Version: 0.4.44_9 Nicolas Bezutt
11:58 AM pfSense Packages Bug #9932 (Rejected): Squid is not showing CAs for SSL Interception: After update to 0.4.4_9, the CA field in SSL Man In The Middle Filtering is no more showing any certificates. Older V... Nicolas Bezutt
11:26 AM Feature #9883 (Resolved): Allow CAs to use randomized serials when signing: Jim Pingle
11:12 AM Feature #9883: Allow CAs to use randomized serials when signing: tested on pfSense 2.5.0.a.20191126.1832
it successfully creates random serials when creating certificates or sig... Viktor Gurov
10:40 AM Bug #9931 (Feedback): 0.pfsense.pool.ntp.org doesn't work on IPv6 only installations: Applied in changeset commit:65db20674d716208e340b96471ff98d1bb0c957b. Jim Pingle
10:34 AM Bug #9931: 0.pfsense.pool.ntp.org doesn't work on IPv6 only installations: I didn't see the PR and had already made the change after testing it out locally, it will show up soon. Jim Pingle
10:15 AM Bug #9931: 0.pfsense.pool.ntp.org doesn't work on IPv6 only installations: Changed in https://github.com/pfsense/pfsense/pull/4121 Isaac McDonald
09:59 AM Bug #9931 (Resolved): 0.pfsense.pool.ntp.org doesn't work on IPv6 only installations: I debated whether this should be considered a bug or a feature. I ultimately decided it should be considered a bug se... Isaac McDonald
10:32 AM Bug #9790 (Feedback): firewall aliases table with fqdn stays in system after deleting: PR has been merged. Thanks! Renato Botelho
10:30 AM Feature #9771 (Feedback): diag_reboot.php: add ability to reroot and reboot with fsck to WebGUI: Renato Botelho
10:30 AM Feature #9771: diag_reboot.php: add ability to reroot and reboot with fsck to WebGUI: PR has been merged. Thanks Renato Botelho
10:29 AM Bug #7601 (Feedback): Dynamic DNS - Hostname should not be required for DNS-O-Matic: PR has been merged. Thanks! Renato Botelho
07:42 AM Bug #7601 (Pull Request Review): Dynamic DNS - Hostname should not be required for DNS-O-Matic: Jim Pingle
10:24 AM pfSense Packages Feature #9929 (Feedback): show only ECDSA-safe exports packages: PR has been merged. Thanks! Renato Botelho
07:59 AM pfSense Packages Feature #9929 (Pull Request Review): show only ECDSA-safe exports packages: Jim Pingle
04:32 AM pfSense Packages Feature #9929: show only ECDSA-safe exports packages: two more packages with certificates left - Zabbix-agent and Net-SNMP Viktor Gurov
04:29 AM pfSense Packages Feature #9929 (Resolved): show only ECDSA-safe exports packages: show only ECDSA-safe exports packages on OpenVPN \ Client Export Utility page
i.e. certs with prime256v1, secp384r... Viktor Gurov
10:23 AM pfSense Packages Feature #9901 (Feedback): show ECDSA CAs only with correct curves: PR has been merged. Thanls! Renato Botelho
09:23 AM Revision 192d769c: switch to IPsec cert list: Viktor Gurov
09:16 AM Revision 0619c2b5: cosmetic: Viktor Gurov
09:13 AM Revision 0de3991f: Merge branch 'master' into p11ipsec: vktg
08:59 AM Revision aad37244: rebase: Viktor Gurov
08:57 AM Revision 2d604c8b: successful connection: Viktor Gurov
08:57 AM Revision 5fe27d1c: more: Viktor Gurov
08:34 AM Revision 8b859d91: first steps: Viktor Gurov
08:26 AM Revision 43996917: merge with upstream: Viktor Gurov
07:50 AM Bug #9296 (Pull Request Review): Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: Jim Pingle
04:27 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: I have a fix for this, and have created a pull request.
https://github.com/pfsense/FreeBSD-ports/pull/714 Gavin Stewart
12:29 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: Gavin Stewart wrote:
> I now have a minimal and repeatable set of steps to reproduce this.
Actually, I have revis... Gavin Stewart
07:47 AM Feature #9928 (Duplicate): Allow keyless certificates in the Cert Client admin tool: Duplicate of #9834 Jim Pingle
02:55 AM Feature #9928 (Duplicate): Allow keyless certificates in the Cert Client admin tool: Would be useful to also allow for certificates without a key to be created/managed in the cert admin tool.
E.g. ... Dirk-Willem van Gulik
07:46 AM Feature #9927 (Duplicate): Allow Aliases in fields on VPN/OpenVPN/Servers/Edit - in particular for "IPv4 Local network(s)": Duplicate of #2668 Jim Pingle
02:52 AM Feature #9927 (Duplicate): Allow Aliases in fields on VPN/OpenVPN/Servers/Edit - in particular for "IPv4 Local network(s)": Would be useful to allow Aliases in particularly the "IPv4 Local network(s)" of the OpenVPN server setup.
As this... Dirk-Willem van Gulik
07:45 AM Bug #9920 (Resolved): system_crlmanager.php: CRL export file is empty if CA key type is ECDSA: My PR was merged upstream and we're on the latest version as well now, without needing a patch. That was finished the... Jim Pingle
12:08 AM Bug #9920: system_crlmanager.php: CRL export file is empty if CA key type is ECDSA: Jim Pingle wrote:
> I added that patch to our port:
>
> https://github.com/pfsense/FreeBSD-ports/commit/1bdb4e58d... Viktor Gurov
07:41 AM Feature #9896 (Resolved): Add poly1305-chacha20 to the TLSv1.2 cipher list in nginx: Jim Pingle
06:38 AM Feature #9896: Add poly1305-chacha20 to the TLSv1.2 cipher list in nginx: Renato Botelho wrote:
> PR has been merged. Thanks
Tested on pfSense 2.5.0.a.20191126.1832... Viktor Gurov
07:40 AM Bug #9930 (Not a Bug): Dpinger fills log with sendto errors when VPN is down: We do not maintain dpinger, if you want to suggest a change to dpinger, raise it on their bug tracker: https://github... Jim Pingle
07:10 AM Bug #9930 (Not a Bug): Dpinger fills log with sendto errors when VPN is down: I have configured a tinc VPN Interface and I have a Gateway on that connection. If the remote host goes down (meaning... Flole Systems
07:02 AM Feature #9905 (Resolved): ospf / ospv3 packet capture: Renato Botelho
04:37 AM Feature #9905: ospf / ospv3 packet capture: tested on 2.5.0.a.20191126.1832
works, Resolved Viktor Gurov
05:22 AM Revision 647bbe86: array_diff fix: Viktor Gurov
05:20 AM Revision 75b83f36: array_diff fix: Viktor Gurov
05:11 AM Revision 96d0cb2d: php_uname func: Viktor Gurov
02:43 AM Revision 1ccc327f: Make hostname optional for for DNS-O-Matic.: This resolves ticket #7601. gizmotronic

11/26/2019

08:19 PM Revision 176c7256: traffic-graphs, don't stop drawing graphs when a interface is disabled: traffic-graphs, don't stop drawing graphs when a interface is disabled Pi Ba
04:56 PM Revision f61a794a: Unset temp vars when refreshing CRLs. Issue #9915: Otherwise it might unintentionally add a CRL to a server which does not
have one selected Jim Pingle
04:05 PM Revision 475d712b: When refreshing CRLs, increment suffix, do not clean up. Fixes #9915: While here, fix a bug with refresh path. Jim Pingle
04:00 PM pfSense Docs Correction #9926 (Closed): Feedback on Virtualization — Virtualizing pfSense with VMware vSphere / ESXi: Thanks! Jim Pingle
03:39 PM pfSense Docs Correction #9926 (Closed): Feedback on Virtualization — Virtualizing pfSense with VMware vSphere / ESXi: *Page:* https://docs.netgate.com/pfsense/en/latest/virtualization/virtualizing-pfsense-with-vmware-vsphere-esxi.html
... Bjorn Formo
03:15 PM Revision 84041dcf: Correctly populate CRL issuer in crl_contains_cert. Fixes #9924: Jim Pingle
03:07 PM pfSense Docs Correction #9925 (Closed): Feedback on VPN — OpenVPN — Troubleshooting Windows OpenVPN Client Connectivity: *Page:* https://docs.netgate.com/pfsense/en/latest/vpn/openvpn/troubleshooting-windows-openvpn-client-connectivity.ht... Steve Wheeler
02:22 PM Feature #9828: L2TP (long) username containing @ (realm separator): Any proposed changes should be submitted via pull request so they can be reviewed, discussed, and merged.
https://... Jim Pingle
01:47 PM Feature #9828: L2TP (long) username containing @ (realm separator): bump, anyone? Arjan van der Oest
02:21 PM Todo #9603 (In Progress): Strongswan stroke is deprecated, move to swanctl/vici: I'm looking this over. A few more useful links:
swanctl.conf format:
https://wiki.strongswan.org/projects/strongs... Jim Pingle
02:14 PM Revision 3c1249b3: Add 'none' option to cert_build_list. Issue #9923: Jim Pingle
10:15 AM Todo #9915 (Feedback): Convert OpenVPN to CAPath: Applied in changeset commit:475d712b910e197256c06634051e1ad75be4bdfe. Jim Pingle
10:03 AM Todo #9915: Convert OpenVPN to CAPath: That method does work to update CRLs, so I'll adjust the code to work that way.
Still doesn't work for intermediat... Jim Pingle
09:47 AM Todo #9915 (In Progress): Convert OpenVPN to CAPath: Something else to consider is to increment the CRL suffix number (e.g. r0 -> r1 -> r2), which may trick OpenSSL into ... Jim Pingle
09:44 AM Todo #9915: Convert OpenVPN to CAPath: While the new structure functions well at startup, it does appear as though the CRL status is cached at startup. When... Jim Pingle
09:25 AM Bug #9924 (Feedback): crl_contains_cert() does not correctly report revoked status for intermediate CAs: Applied in changeset commit:84041dcfd744d2dbbcee90338705c12b4c844e96. Jim Pingle
09:14 AM Bug #9924 (Resolved): crl_contains_cert() does not correctly report revoked status for intermediate CAs: If a certificate is issued by an intermediate CA and revoked in a CRL for that intermediate CA, @crl_contains_cert()@... Jim Pingle

11/25/2019

09:50 PM Revision 348c2af1: Restructure OpenVPN settings directory layout: * Changed from /var/etc/openvpn[-csc]/<mode><id>.<file> to
/var/etc/openvpn/<mode><id>/<x>
* This keeps all settings ... Jim Pingle
05:24 PM Revision 67f362de: Merge pull request #4114 from vktg/ospfpcap: Renato Botelho
05:18 PM Revision 22820e3a: Merge pull request #4107 from Godwottery/Godwottery-ping-wait: Renato Botelho
05:17 PM Revision fb8ee03c: Merge pull request #4108 from Augustin-FL/Augustin-FL-patch-builder-common: Renato Botelho
05:10 PM Revision d4b090cb: Merge pull request #4112 from vktg/poly1305tls12: Renato Botelho
04:42 PM Revision 59fac81f: Add select_source compatible output to cert_build_list(). Implements #9923: Jim Pingle
04:00 PM Todo #9915 (Feedback): Convert OpenVPN to CAPath: Applied in changeset commit:348c2af1671d8f11c5d9ca67a32cbb28940ef19a. Jim Pingle
03:07 PM Revision ab5ef410: Enforce limiter delay 0<=x<=10000. Fixes #9921: (cherry picked from commit 8afa74bb099d75962a5efb8a603981c0249f91a0) Jim Pingle
03:06 PM Revision 8afa74bb: Enforce limiter delay 0<=x<=10000. Fixes #9921: Jim Pingle
02:02 PM Revision 1a969ea2: Remove zabbix 2.2 leftovers: Renato Botelho
11:24 AM Feature #9905 (Feedback): ospf / ospv3 packet capture: PR has been merged. Thanks! Renato Botelho
11:19 AM Feature #9862 (Feedback): Add support for waiting between ping-packages on diag_ping.php: PR has been merged. Thanks! Renato Botelho
11:12 AM Feature #9896 (Feedback): Add poly1305-chacha20 to the TLSv1.2 cipher list in nginx: PR has been merged. Thanks Renato Botelho
10:50 AM Feature #9923 (Feedback): Add select_source compatible output to cert_build_list(): Applied in changeset commit:59fac81f316b0616e0c50ec47ffa9cfa97a10ebb. Jim Pingle
10:42 AM Feature #9923 (Resolved): Add select_source compatible output to cert_build_list(): Rather than duplicate the effort in many packages, add support to @cert_build_list()@ to generate an array compatible... Jim Pingle
10:40 AM pfSense Packages Bug #9919 (Feedback): stunnel server connection failure if ECDSA cert is not in IPsec list: PR has been merged. Thanks! Renato Botelho
10:38 AM pfSense Packages Feature #9906 (Feedback): show ECDSA CAs and certs only with correct curves: PR has been merged. Thanks! Renato Botelho
10:27 AM Bug #9920 (Feedback): system_crlmanager.php: CRL export file is empty if CA key type is ECDSA: I added that patch to our port:
https://github.com/pfsense/FreeBSD-ports/commit/1bdb4e58dd3802abbd25acc5ff8da23336... Jim Pingle
10:01 AM Bug #9920: system_crlmanager.php: CRL export file is empty if CA key type is ECDSA: I submitted a PR to their project to add support for ECDSA CAs, it didn't take much:
https://github.com/ukrbublik/... Jim Pingle
09:15 AM Bug #9921 (Feedback): Limiters allow invalid delay values: Applied in changeset commit:8afa74bb099d75962a5efb8a603981c0249f91a0. Jim Pingle
08:46 AM pfSense Packages Bug #9922 (Feedback): haproxy_version does not use full path to haproxy, leads to errors when run during cron: Fixed:
https://github.com/pfsense/FreeBSD-ports/commit/47f4f91aa8159e47f24990eb2496784cb9ef07c6
https://github.co... Jim Pingle
08:41 AM pfSense Packages Bug #9922 (Resolved): haproxy_version does not use full path to haproxy, leads to errors when run during cron: When /etc/rc.filter_configure_sync is run from cron, it yields errors from haproxy. For example in this simulated run... Jim Pingle

11/24/2019

09:10 AM Feature #9918: check user certificates for correct ECDSA curves: In the GUI, yes, but admins could be using them for other purposes. It's best to filter them at the point we know the... Jim Pingle
03:55 AM Feature #9918: check user certificates for correct ECDSA curves: Jim Pingle wrote:
> We don't know what they are using them for necessarily.
As I understand user certs can be use... Viktor Gurov
08:51 AM Bug #9921 (Resolved): Limiters allow invalid delay values: When creating Limiters the GUI allows delay values above 10000ms. The config also allow this and it is written into t... Steve Wheeler
04:42 AM Bug #1943: PPPoE won't reconnect after link loss when using vr(4) NICs on certain ISPs only: I am experiencing the same issue with version 2.4.4-p3 on x86 hardware (re network interfaces). Yuran Yastreb

11/23/2019

11:00 PM pfSense Packages Bug #9919 (Pull Request Review): stunnel server connection failure if ECDSA cert is not in IPsec list: Jim Pingle
03:03 AM pfSense Packages Bug #9919: stunnel server connection failure if ECDSA cert is not in IPsec list: https://github.com/pfsense/FreeBSD-ports/pull/712 Viktor Gurov
02:42 AM pfSense Packages Bug #9919 (Resolved): stunnel server connection failure if ECDSA cert is not in IPsec list: stunnel client can use cert with any ECDSA curve,
but if stunnel server use incorrect (not prime256v1, secp384r1, se... Viktor Gurov
10:58 PM Feature #8289 (Resolved): OpenVPN - configurable username as common name: Thanks for testing! Jim Pingle
02:39 AM Feature #8289: OpenVPN - configurable username as common name: Thanks Jim.
Works. Greg M
10:58 PM Feature #9918 (Closed): check user certificates for correct ECDSA curves: I don't think we should limit this here. When creating/assigning the certs, it's really up to the admin. We don't kno... Jim Pingle
01:27 AM Feature #9918 (Closed): check user certificates for correct ECDSA curves: Show only correct (IPsec = OpenVPN) ECDSA when adding existing certificates to users,
'Choose an Existing Certifica... Viktor Gurov
10:56 PM Bug #9917 (Pull Request Review): Widget Refresh Logic Flawed: Jim Pingle
12:33 AM Bug #9917 (Closed): Widget Refresh Logic Flawed: Hello team,
I have forked pfSense and resolved this in a feature branch, but need to have a redmine issue for refe... Christopher Embry
11:12 AM Bug #9920: system_crlmanager.php: CRL export file is empty if CA key type is ECDSA: it looks like ukrbublik/openssl_x509_crl do not support ECDSA -
https://github.com/ukrbublik/openssl_x509_crl/blob... Viktor Gurov
10:49 AM Bug #9920: system_crlmanager.php: CRL export file is empty if CA key type is ECDSA: in case of ECDSA CA <text></text> field of <crl></crl> is always empty in config.xml Viktor Gurov
10:30 AM Bug #9920 (Resolved): system_crlmanager.php: CRL export file is empty if CA key type is ECDSA: CRL export file is empty if CA key type is ECDSA
certs inside this CRL can be RSA or ECDSA
if CRL CA key type is ... Viktor Gurov
12:15 AM Feature #9878: IPsec PKCS#11 authentication: for today only CheckPoint support PKCS#11 tokens
most of other vendors (Palo Alto, Riverbed, Huawei, Fortinet, F5)... Viktor Gurov

11/22/2019

08:40 PM Revision b3395df2: Add OpenVPN Keepalive/Ping/Inactive input validation. Fixes #3473: (cherry picked from commit 4a5875a1771d286aee1c1e90d7f45991f9892a68) Jim Pingle
08:37 PM Revision 4a5875a1: Add OpenVPN Keepalive/Ping/Inactive input validation. Fixes #3473: Jim Pingle
07:19 PM Revision e5c4f2a7: Make OpenVPN username-as-common-name options. Implements #8289: Jim Pingle
06:59 PM Revision 7591a72a: Add exit notify to OpenVPN servers/clients. Implements #9078: Jim Pingle
05:31 PM Bug #9321: Traffic Graphs on Dashboard not loading with certain types of interfaces: This seems to be a race condition somehow, it doesn't always happen and I think it was loading for me before after di... Flole Systems
04:41 PM Revision 19a0636d: Prevent OpenVPN tunnel network reuse. Fixes #3244: Ensures that a submitted tunnel network is not already in use on other
OpenVPN client or server instances, to avoid c... Jim Pingle
02:45 PM Feature #3473 (Feedback): Allow configuration of OpenVPN keepalive: Applied in changeset commit:4a5875a1771d286aee1c1e90d7f45991f9892a68. Jim Pingle
01:22 PM Feature #3473 (In Progress): Allow configuration of OpenVPN keepalive: This is missing input validation. I'll add it. Jim Pingle
02:39 PM Feature #7803 (Closed): Include more OpenVPN Options in GUI: @--inactive@ was covered by the implementation for #3473, anything else can be handled on specific case-by-case revie... Jim Pingle
01:44 PM Revision ca3cddbe: Update OpenVPN EC list based on testing. Issue #9744: Jim Pingle
01:38 PM Revision 809e196a: CDATA escape more auth-related fields. Fixes #9327: (cherry picked from commit 327ad811aa5f965ba805ea78f879c759ca0fdafa) Jim Pingle
01:35 PM Revision df1de4df: Correct VTI IPv6 test and syntax. Fixes #9801: (cherry picked from commit 1d9fbb716543110ac245e2749f8c06fc77480a77) Jim Pingle
01:25 PM Feature #8289 (Feedback): OpenVPN - configurable username as common name: Applied in changeset commit:e5c4f2a7d977fb1fd6c7b4446e187486b72285be. Jim Pingle
01:10 PM Feature #9078 (Feedback): Investigate adding knobs for explicit-exit-notify in OpenVPN: Applied in changeset commit:7591a72a5108a2ac28d28745cec43ea282869aae. Jim Pingle
10:50 AM Feature #3244 (Feedback): Check that OpenVPN tunnel network does not overlap any other subnet: Applied in changeset commit:19a0636d7c0e0178209406480cc383853f0d3f72. Jim Pingle
08:11 AM pfSense Packages Feature #9742: Print Patch ID in log while patching: The sshguard log message wouldn't be related.
I see logs for manual patching and reverting, but no log messages wh... Jim Pingle
01:23 AM pfSense Packages Feature #9742: Print Patch ID in log while patching: tested on pfSense 2.5.0.a.20191121.2127 with System_Patches 1.2_4
test patch: https://github.com/pfsense/pfsense/com... Viktor Gurov
07:46 AM Bug #9744: fatal error if ECDH Curve not default: I pushed an update in commit:ca3cddbec4 to change the OpenVPN curve list to match IPsec Jim Pingle
01:17 AM Bug #9744: fatal error if ECDH Curve not default: last test result with pfSense 2.5.0.a.20191121.2127 (OpenVPN 2.4.8) and Debian 10.2 client (OpenVPN 2.4.7)
server ... Viktor Gurov
07:35 AM Bug #9801 (Resolved): VTI IPv6 addresses don't get assigned: Thanks for testing! Jim Pingle
07:34 AM Bug #9801: VTI IPv6 addresses don't get assigned: I've tested with the latest 2.5 development snapshot and it seems to be working correctly now. Ben Hughes
01:26 AM pfSense Packages Bug #9850 (Resolved): show huperscan option only for x86 arch: Tested on 2.5.0.a.20191121.1639 (SG-1000, arm) and suricata 4.1.5_2
Ok, Resolved Viktor Gurov

11/21/2019

09:31 PM Revision efe83ab9: Enable OpenVPN x509-alt-username build option. Fixes #9884: Jim Pingle
09:22 PM Revision 327ad811: CDATA escape more auth-related fields. Fixes #9327: Jim Pingle
09:02 PM Revision fd04c00c: Hide OpenVPN 'interface' when multihome is selected. Fixes #7840: (cherry picked from commit 5a9dc1dc278c6c537bfd5289125607117ceb99df) Jim Pingle
09:01 PM Revision 5a9dc1dc: Hide OpenVPN 'interface' when multihome is selected. Fixes #7840: Jim Pingle
08:19 PM Revision 53ede603: OpenVPN page sorting tweaks: (cherry picked from commit 41025f6094ed34406cdf23097656ea7cae4483ae) Jim Pingle
08:19 PM Revision 3e42a128: OpenVPN status page sent/recv bytes sorting changes. Fixes #7359: (cherry picked from commit f467ea24cb3c3a98b370c2427ff1aa53d25f14a1) Jim Pingle
07:41 PM Revision bc3e78ab: OpenVPN ECDH/ECDSA filtering. Fixes #9744: Can be revisited in the future if the corresponding OpenVPN bug is
resolved. Jim Pingle
07:09 PM Revision f467ea24: OpenVPN status page sent/recv bytes sorting changes. Fixes #7359: Jim Pingle
06:36 PM Revision 41025f60: OpenVPN page sorting tweaks: Jim Pingle
05:09 PM Revision 20cd68d2: Add copy action to OpenVPN pages. Implements #5851: Added to Server, Client, and Client-Specific Override pages
(cherry picked from commit d86c28bc833cdeb8eb90525d930ff... Jim Pingle
05:08 PM Revision d86c28bc: Add copy action to OpenVPN pages. Implements #5851: Added to Server, Client, and Client-Specific Override pages Jim Pingle
04:43 PM Bug #9212 (Not a Bug): OpenVPN Client can't connect over IPv6 in "multihome": OK, that does sound more like an OpenVPN or config issue. Jim Pingle
04:38 PM Bug #9212: OpenVPN Client can't connect over IPv6 in "multihome": Oh, I totally forgot about this problem.
I finally found the solution and I think the problem comes from OpenVPN a... benoit moreau
03:16 PM Bug #9212 (Incomplete): OpenVPN Client can't connect over IPv6 in "multihome": The description is a bit vague:
* Is pfSense the server in this scenario, or the client?
* If the client is not p... Jim Pingle
04:34 PM Revision f6636150: arm check fix with get_single_sysctl(): Viktor Gurov
03:40 PM Feature #9884 (Feedback): Add support for OpenVPN --x509-username-field: Applied in changeset commit:efe83ab95d64d8d364d8a210d709fa49a551e718. Jim Pingle
03:32 PM Feature #9884: Add support for OpenVPN --x509-username-field: I'm not seeing any negative effects to enabling that build option, so it should be fine for testing. Jim Pingle
03:30 PM Bug #9327 (Feedback): Using the character "¤" in OpenVPN password field creates invalid config.xml: Applied in changeset commit:327ad811aa5f965ba805ea78f879c759ca0fdafa. Jim Pingle
03:22 PM Bug #9327: Using the character "¤" in OpenVPN password field creates invalid config.xml: Looks like the easiest fix is to CDATA escape that field. Jim Pingle
03:10 PM Bug #7840 (Feedback): OpenVPN 2.4 Server: Hide Interface when Protocol is Multihome: Applied in changeset commit:5a9dc1dc278c6c537bfd5289125607117ceb99df. Jim Pingle
02:55 PM Feature #7353 (Closed): Openvpn Logins page: On 2.5.0 there is a dedicated authentication log, which you could filter for OpenVPN and see most of what you are aft... Jim Pingle
02:48 PM Feature #7078: Allow reordering of client specific overrides in OpenVPN: While not a persistent reordering, I added sorting to the list in commit:41025f6094ed34406cdf23097656ea7cae4483ae
Jim Pingle
02:47 PM Feature #4728 (Duplicate): Expose ``nopool`` server option in the OpenVPN Server GUI: This was duplicated by #7567 which was solved a couple years ago. Jim Pingle
02:43 PM Feature #3244: Check that OpenVPN tunnel network does not overlap any other subnet: Thinking about this a bit since I noticed the lack of validation when implementing #5851. It makes sense that an Open... Jim Pingle
02:28 PM pfSense Packages Feature #9874 (Pull Request Review): safesearch enforcing: Jim Pingle
03:24 AM pfSense Packages Feature #9874: safesearch enforcing: received email from Yandex support with the list of domains for redirection:... Viktor Gurov
02:27 PM pfSense Packages Feature #9916 (Pull Request Review): Check allow-transfer in custom option when the zone is slave: Jim Pingle
01:32 PM pfSense Packages Feature #9916 (Resolved): Check allow-transfer in custom option when the zone is slave: If i add custom option (allow-transfer) to my slave zone, bind exit with error, because say already defined this opti... Am1g0 B0y
01:50 PM Bug #9744 (Feedback): fatal error if ECDH Curve not default: Applied in changeset commit:bc3e78ab3dd4bffb89cb8d2533199e37f92fcbf2. Jim Pingle
01:20 PM Bug #7359 (Feedback): Status/OpenVPN Page Sorts Incorrectly: Applied in changeset commit:f467ea24cb3c3a98b370c2427ff1aa53d25f14a1. Jim Pingle
11:38 AM Feature #5851: Add copy action to OpenVPN client / server: Thank you! PT Rich
11:15 AM Feature #5851 (Feedback): Add copy action to OpenVPN client / server: Applied in changeset commit:d86c28bc833cdeb8eb90525d930ff81fa3738cc9. Jim Pingle

11/20/2019

04:47 PM Revision 1d9fbb71: Correct VTI IPv6 test and syntax. Fixes #9801: Jim Pingle
04:29 PM Revision 94ce250e: Move CA random serial option to upper section. Issue #9883: This allows it to be set when creating a new CA, so it doesn't have to
be edited in later.
Also show the next serial... Jim Pingle
03:00 PM Todo #9915 (Resolved): Convert OpenVPN to CAPath: While investigating #9889, I found that OpenVPN recently introduced a new style of specifying CA and CRLs in a single... Jim Pingle
02:44 PM Bug #4521: OpenVPN authentication and certificate validation fail due to size of data passed through ``fcgicli``: This is likely less of an issue now that emailAddress is no longer usable in the subject, but might still be hit with... Jim Pingle
02:29 PM Bug #9744: fatal error if ECDH Curve not default: If it works with the secp* curves then maybe we should filter the list like we have done for HTTPS and IPsec. At leas... Jim Pingle
01:16 PM Feature #9309 (Pull Request Review): Allow manual selection of IPsec IKE Pseudo-Random Function (PRF): Jim Pingle
01:10 PM Feature #3718: radvd - enhancement proposal: ability to advertise routes and some fixes - patches attached: Can you submit this as a pull request on github, rather than attaching patches?
https://docs.netgate.com/pfsense/e... Jim Pingle
10:55 AM Bug #9801 (Feedback): VTI IPv6 addresses don't get assigned: Applied in changeset commit:1d9fbb716543110ac245e2749f8c06fc77480a77. Jim Pingle
10:47 AM Bug #9801 (In Progress): VTI IPv6 addresses don't get assigned: Jim Pingle
08:05 AM Bug #9577: radvd send_ra_forall failed on interface / can't join ipv6-allrouters: Ronald Schellberg wrote:
> On a side note, why has issue dropped from the 2.5 issue list????
It was never assigne... Jim Pingle

11/19/2019

04:43 PM Revision d1f5587d: Rename IPsec "RSA" options to "Certificate". Implements #9903: Jim Pingle
02:21 PM Bug #9873: Switching the System Update to Development renders the system unbootable: If it can help. I was able to correct the issue by running:
ssh to pfsense
cd /usr/local/lib/php/
ln -s 2017071... Alex D
01:45 PM pfSense Packages Bug #9795: FRR add two or more ipv6 BGP Neighbors will system down: i try setup use openbgpd normarl work ipv6 with openvpn. so i think the frr sure has bugs. yon Liu
12:12 PM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: Jim Pingle wrote:
> John K wrote:
> > What's the status here? Has Netgate been able to reproduce this issue?
>
... John K
10:50 AM Todo #9903 (Feedback): Rename IPsec "RSA" options to more generic "Certificate" options: Applied in changeset commit:d1f5587d48af48817336fdf8644ea7d7679cf037. Jim Pingle
09:15 AM Bug #9646: OpenSSL 1.1.1 does not list engines for AES-NI or BSD crypto: On my beyond 2.5 version (12.1 based), the devcryto patch applied, and after the devcrypto.ko is loaded:... Ronald Schellberg
04:57 AM Bug #9646: OpenSSL 1.1.1 does not list engines for AES-NI or BSD crypto: https://forum.netgate.com/topic/148171/openvpn-no-option-for-aes-ni/6
openssl speed -engine rdrand -evp aes-128-gc... yon Liu
07:59 AM Bug #9914 (Rejected): dhcp6c wont work on reboot, only after service restart: This doesn't appear to be a general issue with dhcp6c, but it may be specific to something in your settings or enviro... Jim Pingle
05:35 AM Bug #9914 (Rejected): dhcp6c wont work on reboot, only after service restart: The dhcp6c service is not working after a reboot, I have to restart the service to get it working. The log file has t... Seyfidin Hamraoui
07:51 AM Bug #3965: dhcp6c started before bridge configured at boot, preventing interface tracking: See also: #6529 Jim Pingle
07:51 AM Bug #6529 (Duplicate): dhcp6c fails to start with track6 on a bridge interface: Duplicate of #3965 Jim Pingle
05:55 AM Feature #7791 (Resolved): include /usr/bin/strings in core pfSense: Renato Botelho
12:10 AM pfSense Packages Feature #9913 (Resolved): Adding note Squid Traffic Managment Settings about feature limit: Squid Traffic Managment Settings mostly works with generic HTTP, so that, it may not work without HTTPS Interception ... Constantine Kormashev

11/18/2019

10:33 PM Feature #7791: include /usr/bin/strings in core pfSense: I can confirm that /usr/bin/strings gets included in new builds. Ronald Schellberg
11:00 AM Feature #7791 (Feedback): include /usr/bin/strings in core pfSense: Applied in changeset commit:6ecea21ad2b6b7912968fb1240ee5d32649bbdf1. Renato Botelho
10:29 AM Feature #7791: include /usr/bin/strings in core pfSense: If there an explicit non-plan for this to be addressed, could it be so noted? Royce Williams
09:46 PM Revision 9540eac2: fix: Viktor Gurov
09:30 PM Feature #9911 (Resolved): Show confirmation box before disconnecting PPPoE: Great, thanks for testing! Jim Pingle
09:19 PM Feature #9911: Show confirmation box before disconnecting PPPoE: I can confirm this patch works. Nice red button and it requests confirmation of the selection to disconnect. Ronald Schellberg
09:18 PM Feature #9911: Show confirmation box before disconnecting PPPoE: Hi Jim.
I've applied the patch and I'm happy to confirm that yes, it works perfectly!
I like the fact it's now RED ... Anonymous
03:28 PM Feature #9911: Show confirmation box before disconnecting PPPoE: You're welcome! Did you have a chance to test the patch? You should be able to apply commit 4193cc185ef55e2260dae4ff2... Jim Pingle
03:05 PM Feature #9911: Show confirmation box before disconnecting PPPoE: Unsure if it's appropriate to say "Thanks" in the bugtracker, but *thanks!!* Especially for such a prompt patch. App... Anonymous
01:45 PM Feature #9911 (Feedback): Show confirmation box before disconnecting PPPoE: Applied in changeset commit:b8b0c2a320166a3b5732354d35edad47d0f05a04. Jim Pingle
07:19 AM Feature #9911: Show confirmation box before disconnecting PPPoE: This should be as easy as changing the button from a warning class to a danger class, which automatically gets a JS c... Jim Pingle
12:11 AM Feature #9911 (Resolved): Show confirmation box before disconnecting PPPoE: The *Status->Interfaces* page (_status_interfaces.php_) is very useful for showing Interface details.
On systems tha... Anonymous
07:38 PM Revision 53f5bc4b: more pretty func: Viktor Gurov
07:38 PM Revision 4193cc18: Change interface disconnect/release button to 'danger'. Fixes #9911: While here, add the interface name to the button text.
Net effect is a confirmation box to ensure the user wants to ... Jim Pingle
07:37 PM Revision b8b0c2a3: Change interface disconnect/release button to 'danger'. Fixes #9911: While here, add the interface name to the button text.
Net effect is a confirmation box to ensure the user wants to ... Jim Pingle
07:29 PM Revision b1ffc46f: extra switch case for !ospf: Viktor Gurov
06:57 PM Revision 46ca1080: fixes: Viktor Gurov
04:52 PM Revision 7eed5588: Fix #7791: strings binary can be useful for troubleshooting: Renato Botelho
04:52 PM Revision 6ecea21a: Fix #7791: strings binary can be useful for troubleshooting: Renato Botelho
10:57 AM pfSense Packages Feature #9912 (New): add custom DPI to ntopng: hi, since you don't read a conf file at startup, could you add the -p parameter to the startup script and point it to... ROB VANHOOREN
07:54 AM Bug #9566: Traffic graph displays traffic incorrectly: See also #9910 which suggests it may be related to limiters, though this one mentions ALTQ. Jim Pingle
07:54 AM Bug #9910 (Duplicate): When using limiters, traffic on wan out is doubled: Duplicate of #9566 Jim Pingle
07:52 AM Feature #9909 (Pull Request Review): Add option to (dis)allow unauthenticated LDAP binds: Jim Pingle
07:46 AM Bug #9907 (Pull Request Review): Do not show incompatible ECDSA certs for DNS Resolver: Jim Pingle
07:40 AM Bug #9908 (Duplicate): hn0: driver does not support altq: Duplicate of #9647 Jim Pingle
07:39 AM Bug #9899 (Resolved): PHP Error: DateTime::diff() expects parameter 1 to be DateTimeInterface, bool given in /etc/inc/certs.inc on line 1958: OK, thanks for testing! Jim Pingle
07:35 AM pfSense Packages Feature #9906 (Pull Request Review): show ECDSA CAs and certs only with correct curves: Jim Pingle
07:33 AM Feature #9905 (Pull Request Review): ospf / ospv3 packet capture: Jim Pingle
07:17 AM Bug #9643: Limiters do not function properly on 2.5 snapshots: Nothing yet, but since we are rebasing on FreeBSD 12.1 soon, it will need to wait until after that happens. Jim Pingle
12:41 AM Bug #9643: Limiters do not function properly on 2.5 snapshots: Hi.
Any update on this one?
Thanks! Greg M
12:47 AM Bug #9646: OpenSSL 1.1.1 does not list engines for AES-NI or BSD crypto: This issue caught my eye, so I enabled the devcrypto patch on my version based on 12.1. On my VM, after loading the ... Ronald Schellberg

11/17/2019

03:12 PM Bug #9872: Error during build when compiling a non pfSense software: Another suggested edit to builder_common.sh would be to remove the console redirection on line 1717:
poudriere ... Ronald Schellberg
10:20 AM Bug #9910 (Duplicate): When using limiters, traffic on wan out is doubled: As title says.
Attached screenshot.
Can`t test on 2.5.0 as limiters on WAN on 2.5.0 kill all traffic. Greg M

11/16/2019

08:35 PM Revision ec2ff822: del unused code: Viktor Gurov
02:54 PM Feature #9909: Add option to (dis)allow unauthenticated LDAP binds: Pull Request : https://github.com/pfsense/pfsense/pull/4116 A FL
02:53 PM Feature #9909 (Resolved): Add option to (dis)allow unauthenticated LDAP binds: Hello,
Microsoft AD make the (stupid...) assumption that when an empty password is provided to the LDAP server, th... A FL
02:32 PM Revision 9d9dae5e: cert_build_list() func for certs: Viktor Gurov
12:56 PM Bug #9908: hn0: driver does not support altq: Line 587?
https://github.com/pfsense/FreeBSD-src/blob/RELENG_2_5/sys/dev/hyperv/netvsc/if_hn.c Greg M
12:52 PM Bug #9908 (Duplicate): hn0: driver does not support altq: Hi!
Referenced from here: https://redmine.pfsense.org/issues/8954
I created loader.conf.local with this line in... Greg M
12:48 PM Bug #9899: PHP Error: DateTime::diff() expects parameter 1 to be DateTimeInterface, bool given in /etc/inc/certs.inc on line 1958: Hi.
Confirmed fixed.
Cert expired and it had end date. Greg M
08:41 AM Bug #9907 (Resolved): Do not show incompatible ECDSA certs for DNS Resolver: Do not show incompatible ECDSA certs for DNS Resolver
It is difficult to find EC curves supported by each DNS implem... Viktor Gurov
07:38 AM Bug #9745: can't add ECDSA certificate key when signing CSR: Jim Pingle wrote:
> I made a couple changes that might help here, but I don't have a cert/key made that way to test.... Viktor Gurov
06:17 AM Revision 2a54b4cd: pcap ospf/ospfv3 support: Viktor Gurov
03:05 AM pfSense Packages Feature #9906 (Resolved): show ECDSA CAs and certs only with correct curves: Do not show incompatible ECDSA CAs or certs for FreeRADIUS
same as https://redmine.pfsense.org/issues/9897
... Viktor Gurov
12:40 AM Feature #9905 (Resolved): ospf / ospv3 packet capture: Adds the ability to select OSPF in the protocol field
It can capture OSPF, OSPFv3 or both, depending of Address Fami... Viktor Gurov

11/15/2019

10:51 PM Bug #9904 (Rejected): Unable to edit DHCP interface PPPoE Password and confirmed password must match: It's your browser and/or password manager.
It should be solved by #9864, at least as much as possible.
If the b... Jim Pingle
08:30 PM Bug #9904 (Rejected): Unable to edit DHCP interface PPPoE Password and confirmed password must match: I am unable to edit an interface that is DHCP with the error showing that my PPPoE Password and confirmed password mu... Mathew Keith
04:46 PM Revision 836f6ea5: Test DNS Hostnames separtely from GWs when storing new values. Fixes #9898: (cherry picked from commit 0d192133299b02efcb1db8f72bdce85a32a96631) Jim Pingle
04:24 PM Revision 0d192133: Test DNS Hostnames separtely from GWs when storing new values. Fixes #9898: Jim Pingle
04:02 PM Revision 9dfd57c0: Attempt to fetch EC curve OID if name is blank. Issue #9745: Jim Pingle
03:51 PM Revision 1120b85c: Certificate date calculation changes. Fixes #9899: Make the certificate date calculation more general and also try multiple ways
to determine the date (both timestamp a... Jim Pingle
03:13 PM Feature #4991: WebGUI does not support ECDSA certificates for IPSec Stage 1: I split the task of renaming the options/fixing the backend code to change from "RSA" to "Certificate" into a new iss... Jim Pingle
03:12 PM Todo #9903 (Resolved): Rename IPsec "RSA" options to more generic "Certificate" options: IPsec can use both RSA and ECDSA certificates, so we need to rename any IPsec Certificate-based authentication method... Jim Pingle
03:05 PM pfSense Packages Todo #9900: Status -> Monitoring -> Add View: Thanks Jim a "pkg upgrade -y pfSense-Status_Monitoring" fixed it.
[2.4.4-RELEASE][admin@pfsense]/root: pkg info -x... Andy Kniveton
07:24 AM pfSense Packages Todo #9900 (Duplicate): Status -> Monitoring -> Add View: Duplicate of #9681
See also: https://forum.netgate.com/topic/147819/cannot-create-new-monitoring-views/2 Jim Pingle
04:46 AM pfSense Packages Todo #9900 (Duplicate): Status -> Monitoring -> Add View: View names now seem to be forced lower case, seems odd as the default interface names are in upper case.
Andy Kniveton
02:24 PM Bug #9267: dhclient does not handle protocol timeouts or script failures correctly: The change is included in FreeBSD 12.1. Once we move pfSense to FreeBSD 12.1 (which will happen before 2.5.0-RELEASE)... Jim Pingle
02:19 PM Bug #9267: dhclient does not handle protocol timeouts or script failures correctly: Any status on this? It pretty much breaks our router being able to handle power outages. Patrick Staton
12:00 PM pfSense Packages Feature #9902 (Resolved): add sticky filter for Alert Log please: hi, could the filter be made sticky?
it's not (as of 4.1.5_2)
thanks!
R.
*observed behaviour:*
services>... ROB VANHOOREN
10:35 AM Bug #9898 (Feedback): DNS over TLS hostname verification does not save: Applied in changeset commit:0d192133299b02efcb1db8f72bdce85a32a96631. Jim Pingle
07:46 AM Bug #9898: DNS over TLS hostname verification does not save: I can reproduce this, but only when the system in question is not Multi-WAN so the DNS server list does not show the ... Jim Pingle
10:16 AM pfSense Packages Bug #9740 (Resolved): empty Status / Tinc VPN page on latest 2.5: Tested on pfSense 2.5.0.a.20191114.1802
tinc 1.0.35_2
OK, Resolved Viktor Gurov
10:04 AM Bug #9745: can't add ECDSA certificate key when signing CSR: I made a couple changes that might help here, but I don't have a cert/key made that way to test. See commit:9dfd57c04... Jim Pingle
09:29 AM Bug #9745: can't add ECDSA certificate key when signing CSR: if key created without _-param_enc explicit_ option, everything is ok:... Viktor Gurov
08:24 AM Bug #9745: can't add ECDSA certificate key when signing CSR: Renato Botelho wrote:
> PR has been merged. Thanks!
Tested on 2.5.0.a.20191114.1802
CSR with key can be signed -... Viktor Gurov
10:00 AM Bug #9899 (Feedback): PHP Error: DateTime::diff() expects parameter 1 to be DateTimeInterface, bool given in /etc/inc/certs.inc on line 1958: Applied in changeset commit:1120b85cb2a275de3ffe337c4c3ac781c2ccfb9e. Jim Pingle
07:37 AM Bug #9899: PHP Error: DateTime::diff() expects parameter 1 to be DateTimeInterface, bool given in /etc/inc/certs.inc on line 1958: Do you have a CA or certificate in your list which has a missing end date?
If so, do you mind sharing the contents... Jim Pingle
12:45 AM Bug #9899 (Resolved): PHP Error: DateTime::diff() expects parameter 1 to be DateTimeInterface, bool given in /etc/inc/certs.inc on line 1958: Hi.
In latest snapshot there is:
Crash report begins. Anonymous machine information:
amd64
12.0-RELEASE-p1... Greg M
07:33 AM Todo #9897 (Resolved): Warn user when using incompatible ECDSA cert curves for WebGUI: I didn't put secp521r1 on the HTTP list for that reason. If it isn't widely compatible, it's best not to recommend it... Jim Pingle
01:35 AM Todo #9897: Warn user when using incompatible ECDSA cert curves for WebGUI: Make central functions to check and test ECDSA compatibility. Issue #9843
Filter incompatible certificates from be... Viktor Gurov
07:22 AM pfSense Packages Feature #9901 (Pull Request Review): show ECDSA CAs only with correct curves: Jim Pingle
05:22 AM pfSense Packages Feature #9901: show ECDSA CAs only with correct curves: https://github.com/pfsense/FreeBSD-ports/pull/709 Viktor Gurov
05:21 AM pfSense Packages Feature #9901 (Resolved): show ECDSA CAs only with correct curves: Do not show incompatible ECDSA CAs for Squid HTTPS/SSL Interception
same as https://redmine.pfsense.org/issues/9897 Viktor Gurov
07:22 AM pfSense Packages Todo #9158: Updates for Squid 4.x: Updated title. 2.5.0 snapshots are already using Squid 4.x (squid-4.8_1), but it may need adjustments to account for ... Jim Pingle
02:34 AM Feature #9896: Add poly1305-chacha20 to the TLSv1.2 cipher list in nginx: Jim Pingle wrote:
> Actually this appears to be unnecessary. It's already enabled by default for TLS 1.3, but that s... Viktor Gurov

11/14/2019

08:59 PM Revision cffcf9bf: GUI improvements for ECDSA certificate handling: * Make central functions to check and test ECDSA compatibility. Issue #9843
* Filter incompatible certificates from b... Jim Pingle
05:48 PM Bug #9898 (Resolved): DNS over TLS hostname verification does not save: Adding a DNS hostname to System>General settings is not being saved. The page reloads with the fields blank and the r... Mathew Keith
04:08 PM Revision b58fe676: order fix: Viktor Gurov
03:05 PM Feature #4991 (Feedback): WebGUI does not support ECDSA certificates for IPSec Stage 1: Applied in changeset commit:cffcf9bfaa1a054917d3427cbc7885b97db8902c. Jim Pingle
01:10 PM Feature #4991 (In Progress): WebGUI does not support ECDSA certificates for IPSec Stage 1: ECDSA keys do work with IPsec, but the OP is right that the key type in ipsec.secrets is incorrect. It needs a fix th... Jim Pingle
08:09 AM Feature #4991: WebGUI does not support ECDSA certificates for IPSec Stage 1: While support for ECDSA certificates is in 2.5.0, it needs tested with IPsec specifically to ensure it works.
Also... Jim Pingle
03:05 PM Todo #9897 (Feedback): Warn user when using incompatible ECDSA cert curves for WebGUI: Applied in changeset commit:cffcf9bfaa1a054917d3427cbc7885b97db8902c. Jim Pingle
01:10 PM Todo #9897 (In Progress): Warn user when using incompatible ECDSA cert curves for WebGUI: Jim Pingle
10:32 AM Todo #9897: Warn user when using incompatible ECDSA cert curves for WebGUI: https://github.com/pfsense/pfsense/pull/4113 Viktor Gurov
09:31 AM Todo #9897: Warn user when using incompatible ECDSA cert curves for WebGUI: Corrected title.
More discussion: https://forum.netgate.com/topic/148128/ecdsa-curve-certificates-on-2-5-0 Jim Pingle
08:18 AM Todo #9897: Warn user when using incompatible ECDSA cert curves for WebGUI: It works fine with the right curve. Only @prime256v1@ and @secp384r1@ will work from our list with TLS v1.3. See comm... Jim Pingle
08:16 AM Todo #9897 (Resolved): Warn user when using incompatible ECDSA cert curves for WebGUI: if you create ECDSA server cert ( https://redmine.pfsense.org/issues/9843 ) and set it to WebGUI HTTPS,
you got such... Viktor Gurov
01:55 PM Revision f660c27d: add poly1305-chacha20 to nginx cipher list: Viktor Gurov
01:43 PM Revision c3cda38e: Change default ECSDA curve to prime256v1. Issue #9843: Previous default was brainpool, but brainpool curves are not (widely?)
supported by browsers and were deprecated by I... Jim Pingle
10:46 AM Feature #3718: radvd - enhancement proposal: ability to advertise routes and some fixes - patches attached: I've tried to update the patch for version 2.4.4 here. Magnus Holmgren
10:02 AM Feature #3718: radvd - enhancement proposal: ability to advertise routes and some fixes - patches attached: Any interest in implementing this? I find it a bit lacking that the UI doesn't support configuring what routes to adv... Magnus Holmgren
10:18 AM Feature #9896 (Pull Request Review): Add poly1305-chacha20 to the TLSv1.2 cipher list in nginx: Actually this appears to be unnecessary. It's already enabled by default for TLS 1.3, but that scanner (nmap ssl-enum... Jim Pingle
08:02 AM Feature #9896 (Resolved): Add poly1305-chacha20 to the TLSv1.2 cipher list in nginx: as part of NGE
https://tools.ietf.org/html/rfc7905
test result (nmap):... Viktor Gurov
02:38 AM pfSense Packages Bug #9860 (Resolved): Illegal string offset 'config' in /usr/local/pkg/tinc.inc on line 83: tested on tinc 1.0.35_2
pfSense 2.5.0.a.20191113.1759
Resolved Viktor Gurov
12:16 AM pfSense Packages Bug #9895 (New): snort reinstallation failed: got such errors during snort pkg update:... Viktor Gurov

11/13/2019

11:23 PM Feature #4991: WebGUI does not support ECDSA certificates for IPSec Stage 1: can be closed
currently pfSense support ECDSA. see https://redmine.pfsense.org/issues/9843 Viktor Gurov
11:19 PM Revision eeceb2ca: Add option to disallow unauthenticated LDAP binds: A FL
06:28 PM Revision 4b4df568: Revert "RADVD: In "managed" or "stateless_dhcp" mode, don't use default values for DNS servers etc (these should come from DHCPv6)": This reverts commit dcc887a355aae49c7df0c29752c04e12922aca83. Jim Pingle
01:30 PM Revision 555e75fe: Zabbix 2.2 packages are gone: Renato Botelho
01:00 PM Feature #9302: radvd always advertises DNS servers and Domain Search List regardless of M or O flag: Jim Pingle wrote:
> Yes, it should be a feature request (which I just changed). It should be made optional, off by d... Rick Coats
12:29 PM Feature #9302: radvd always advertises DNS servers and Domain Search List regardless of M or O flag: Yes, it should be a feature request (which I just changed). It should be made optional, off by default, and have a se... Jim Pingle
11:55 AM Feature #9302: radvd always advertises DNS servers and Domain Search List regardless of M or O flag: Shouldn't this be changed to a Feature Request?
The Requestor has not shown any documentation that this is a bug. ... Rick Coats
10:08 AM Feature #9302 (Pull Request Review): radvd always advertises DNS servers and Domain Search List regardless of M or O flag: Jim Pingle
10:08 AM Bug #9893 (Duplicate): RDNSS is broken in 2.5 for Android and leightweight Clients: Rather than duplicate the info, let's keep all this on #9302 since it's the same issue. Jim Pingle
08:27 AM pfSense Packages Feature #9875 (Feedback): add extra engines safe search: PR has been merged. Thanks! Renato Botelho
07:59 AM pfSense Packages Bug #8258 (Feedback): BIND responds with SERVFAIL when adding/changing records if 'allow-update' is configured for a zone: PR has been merged. Thanks! Renato Botelho
07:54 AM pfSense Packages Bug #9850 (Feedback): show huperscan option only for x86 arch: PR has been merged. Thanks! Renato Botelho

11/12/2019

07:46 PM Bug #9893: RDNSS is broken in 2.5 for Android and leightweight Clients: We are just going to have to disagree then because multiple RFC's say the same thing. I have been writing and reading... Rick Coats
05:07 PM Bug #9893: RDNSS is broken in 2.5 for Android and leightweight Clients: The extract that you've posted is in Section 1.2 which immediately follows Section 1.1 (which describes how RDNSS in ... Elbin Teh
01:17 PM Bug #9893: RDNSS is broken in 2.5 for Android and leightweight Clients: You need to read to the end of RFC 8106. Section 1 is the rational why RDNSS was added to the Router Announcements.
... Rick Coats
01:28 AM Bug #9893: RDNSS is broken in 2.5 for Android and leightweight Clients: While this is convenient to you as you have a dynamic prefix, there are some situations where this might not be desir... Elbin Teh
04:57 PM Feature #9302: radvd always advertises DNS servers and Domain Search List regardless of M or O flag: The extract that you've posted is in Section 1.2 which immediately follows Section 1.1 (which describes how RDNSS in ... Elbin Teh
12:58 PM Feature #9302: radvd always advertises DNS servers and Domain Search List regardless of M or O flag: Elbin Teh wrote:
> Agreed it would be the responsibility of the network administrator to configure RDNSS or DNSSL or... Rick Coats
01:32 AM Feature #9302: radvd always advertises DNS servers and Domain Search List regardless of M or O flag: Agreed it would be the responsibility of the network administrator to configure RDNSS or DNSSL or disable them comple... Elbin Teh
03:21 PM Revision c2517ce8: Fix #3743: Allow OpenVPN keepalive configuration: - Remove hardcoded 'keepalive 10 60' configuration
- Added 'inactive seconds' option
- Let user configure 'keepalive ... Renato Botelho
03:02 PM Revision e5c893cd: Show DNS server help when server list is empty: (cherry picked from commit 05025e63edf9f85b679de8f99d38d6600e8ad5e3) Steve Beaver
03:02 PM Revision 772e21e0: Allow packet capture to match IPv4+IPv6 CARP. Fixes #9867: (cherry picked from commit b86891b1d5d62d30bc8f1bf3a7fdfee7030ed82b) Jim Pingle
03:02 PM Revision 58b2334f: Add clientAuth EKU to Server type certificates. Fixes #9868: (cherry picked from commit 46869dd2b5ebf32e8297d65f98444fb38d314336) Jim Pingle
03:02 PM Revision 88677f87: Suppress errors from touch when marking GW down. Fixes #9851: (cherry picked from commit 83794361b7135aaef4e47b35bd27df7da6ce023c) Jim Pingle
03:02 PM Revision f6323615: Use full path since this pkg prefix is /usr: (cherry picked from commit 14d49fba46389e3f90d26c6316044dfb52f98fc9) Renato Botelho
03:02 PM Revision 123c3cbf: Fix #9612: Run fsck -z once during upgrade: (cherry picked from commit 7373049764f144b2ea7c891bd60760ab64b41160) Renato Botelho
03:01 PM Revision db95c2d8: Only redirects the user to the default page if no specific page page was set in the querystring: (cherry picked from commit 57b2f31714a77d86e51e09758e20da372c224826) bechaire
03:01 PM Revision c9451253: making sure my tabs align with upstream: (cherry picked from commit 7e114786e63619aaf803a5db33c55a92e2b34123) James Lavoy
03:01 PM Revision 168d3972: adjust GEOM rebuild notifications to only notify the user when raid rebuild hits 25% increments: When a geom rebuild is occurring, this script by default notices that the device status has changed every time the re... James Lavoy
03:01 PM Revision 30ca068b: Add search/filter to DHCP/DHCPv6 leases, ARP, and NDP. Implements #9791: (cherry picked from commit 9297ad6504618c5ffcee9f8fe02535cb33f570c9) Jim Pingle
03:01 PM Revision 076a82d1: Removed escaping of CSS classes: (cherry picked from commit c8954c9f0957264a0287d3591b44fab5d52d0998) Sebastian Fiebig
03:00 PM Revision 46c976a9: Initialize JSON data to avoid warning.: Avoid warning/error for not initialized JSON variable.
(cherry picked from commit 6f2192d44689066e55cb7af6d19323edfc... Sebastian Fiebig
03:00 PM Revision 66a1eb93: Fix malformed JSON: Fix malformed JSON using json_encode().
(cherry picked from commit a9941bf65f82bd0a5491c693a55bc2163a43676d) Sebastian Fiebig
03:00 PM Revision 44a87108: Fix OpenVPN keepalive default values. Fixes #3473: (cherry picked from commit 99d7e8c10e96e6f22ad47973d07258cd02426fe6) Jim Pingle
02:55 PM Bug #9872: Error during build when compiling a non pfSense software: Noticed this error as well, thanks for finding the issue. I have incorporated your PR into my builds.
Maybe a low... Ronald Schellberg
02:17 PM Revision 05025e63: Show DNS server help when server list is empty: Steve Beaver
10:06 AM Bug #9533: XG-7100 FAT config restore not working post-install: Revisiting this after hitting it on another system. Adding the following to loader.conf (or loader.conf.local) allows... Steve Wheeler
06:57 AM Todo #9868 (Resolved): Add clientAuth EKU to Server type certificates: Jim Pingle
02:57 AM Todo #9868: Add clientAuth EKU to Server type certificates: Jim Pingle wrote:
> Applied in changeset commit:46869dd2b5ebf32e8297d65f98444fb38d314336.
Tested on 2.5.0.a.20191... Viktor Gurov

Also available in: Atom

Project

General

Profile

pfSense

Activity

Activity

12/11/2019

12/10/2019

12/09/2019

12/08/2019

12/07/2019

12/06/2019

12/05/2019

12/04/2019

12/03/2019

12/02/2019

12/01/2019

11/29/2019

11/28/2019

11/27/2019

11/26/2019

11/25/2019

11/24/2019

11/23/2019

11/22/2019

11/21/2019

11/20/2019

11/19/2019

11/18/2019

11/17/2019

11/16/2019

11/15/2019

11/14/2019

11/13/2019

11/12/2019