Activity

30 days up to

User

Subprojects

Activity

From 11/18/2019 to 12/17/2019

12/17/2019

09:57 PM Revision 8af4e81e: Include more information in status_ipsec.php. Fixes #9979: Jim Pingle
08:29 PM pfSense Packages Bug #9980: Fresh install of Suricata 4.1.5 package warns about CVE-2015-3152; need newer MySQL: Thanks for the fast response!
I don't use Barnyard2, so that's good news for me.
But for others... is this ther... Sean McBride
08:21 PM pfSense Packages Bug #9980: Fresh install of Suricata 4.1.5 package warns about CVE-2015-3152; need newer MySQL: The MySQL dependency is actually being pulled in by Barnyard2 and not Suricata itself. So long as you do not configur... Bill Meeks
06:17 PM pfSense Packages Bug #9980 (Closed): Fresh install of Suricata 4.1.5 package warns about CVE-2015-3152; need newer MySQL: 5 minutes ago I installed Suricata 4.1.5 package on pfSense 2.4.4-RELEASE-p3 (both newest at this time). It output a... Sean McBride
08:24 PM pfSense Packages Bug #9981: Suricata "Use IP Reputation Lists on this interface." actually defaults to ON, despite incorrect comment.: Internal bug tracking list? Should I be filing somewhere else than here? Sean McBride
08:22 PM pfSense Packages Bug #9981: Suricata "Use IP Reputation Lists on this interface." actually defaults to ON, despite incorrect comment.: I'll look into this and add it to my internal bug tracking list for Suricata. Bill Meeks
06:32 PM pfSense Packages Bug #9981 (Resolved): Suricata "Use IP Reputation Lists on this interface." actually defaults to ON, despite incorrect comment.: See attached.
Despite the comment, that option is *ON* by default. I just did a fresh install. Sean McBride
07:27 PM Revision 795ec316: Keep "Show all configured leases" enabled after deleting DHCP leases.: (cherry picked from commit 59385e0413d77079c8acaf796868429475865603) nanocaiordo
07:22 PM Revision 952c8812: Fix tlsauth_keydir read on vpn_openvpn_server.php. Fixes #9030: (cherry picked from commit 20cb21ee5b71be43b16280b337bb24bcf5a1d17d) Jim Pingle
07:22 PM Revision 20cb21ee: Fix tlsauth_keydir read on vpn_openvpn_server.php. Fixes #9030: Jim Pingle
07:16 PM Revision f8e25fe8: Fix tlsauth_keydir save on vpn_openvpn_server.php. Fixes #9030: (cherry picked from commit 7dca65a19d08393cdb36f22fe98b847b46d9caf9) Jim Pingle
07:15 PM Revision 7dca65a1: Fix tlsauth_keydir save on vpn_openvpn_server.php. Fixes #9030: Jim Pingle
06:58 PM Revision 9449906b: Prevent OpenVPN tunnel network reuse. Fixes #3244: Ensures that a submitted tunnel network is not already in use on other
OpenVPN client or server instances, to avoid c... Jim Pingle
05:50 PM Revision f8f84bc6: Add IPFW table contents to status.php: (cherry picked from commit 47f555e2e0718a188bc86d4dac801d32645d8a05) Jim Pingle
05:50 PM Revision 47f555e2: Add IPFW table contents to status.php: Jim Pingle
04:51 PM Revision 1e8b2c9c: Use full path for pkg-static: Renato Botelho
04:51 PM Revision cd91a57c: Use full path for pkg-static: Renato Botelho
04:48 PM Revision dc2eed4e: Use full path for pkg-static: Renato Botelho
04:05 PM Bug #9979 (Feedback): status_ipsec.php missing information: Applied in changeset commit:8af4e81eb530af959e43cfa1afcc6446a7969b28. Jim Pingle
03:57 PM Bug #9979 (Resolved): status_ipsec.php missing information: status_ipsec.php is missing some available information. It's in the IPsec status we receive from strongSwan, but not ... Jim Pingle
03:31 PM Revision 09646aef: Remove superfluous ( )'s: → luckman212
02:31 PM Revision 29b21d38: Fix GUI display of CARP capture contents. Issue #9867: (cherry picked from commit dd79aac6bfe13ee93177fcd0664115e7cfa25562) Jim Pingle
02:31 PM Revision dd79aac6: Fix GUI display of CARP capture contents. Issue #9867: Jim Pingle
02:27 PM Bug #9978 (Duplicate): Error on XML while updating pfsense from multiple sources: Duplicate of #8285
Jim Pingle
02:16 PM Bug #9978 (Duplicate): Error on XML while updating pfsense from multiple sources: While adding rules, editing alias, NAT, Packages.. etc. from different computers at the same time a bug comes up, rul... Andres Noriega
02:24 PM Revision c58e56fb: 3rd try - change config names: → luckman212
02:23 PM Bug #7037: CPU frequency in System Information: Is there any chance of reconsidering this? The problem is the whole rest of the column continually jumping up and do... Steve Russell
02:16 PM Bug #9954 (Resolved): status_ipsec.php: Unable to manually connect P2 when P1 is up but not P2: Button behaves as intended on 2.4.5.a.20191217.0637
If I manually disconnect all IPsec children, the button appear... Jim Pingle
02:14 PM Bug #9921 (Resolved): Limiters allow invalid delay values: Limiter delay value is correctly enforced on 2.4.5.a.20191217.0637 Jim Pingle
02:13 PM Bug #9931 (Resolved): 0.pfsense.pool.ntp.org doesn't work on IPv6 only installations: ... Jim Pingle
02:11 PM Feature #9911 (Resolved): Show confirmation box before disconnecting PPPoE: Looks good on 2.4.5.a.20191217.0637
Buttons are red and trigger the JS confirmation dialog. Canceling the dialog r... Jim Pingle
02:08 PM Todo #9864 (Resolved): Set autocomplete=new-password for user/password fields in forms: This appears to be working as intended and it doing a nice job. Pages that were particularly annoying before (like sy... Jim Pingle
02:06 PM Todo #9799 (Resolved): Create custom CSRF callback page with proper theme & more warnings: This is working as intended on 2.4.5.a.20191217.0637
If a client triggers a CSRF failure, they are presented with ... Jim Pingle
02:04 PM Feature #9791 (Resolved): Ability to filter Diagnostics ARP Table by IP range (DHCP): Search and sort works on all the pages listed in the commit on 2.4.5.a.20191217.0637. Jim Pingle
02:00 PM Bug #9770 (Resolved): XML-based Packages do not activate shortcuts: Shortcuts are activated for packages on 2.4.5.a.20191217.0637
The only package currently using shortcuts is iperf,... Jim Pingle
01:58 PM Revision 2c6e3337: Enable build of node_exporter: Renato Botelho
01:57 PM Bug #9708 (Resolved): /etc/inc/unbound.inc: Pfsense Default Unbound Configuration does not Prevent DNS Rebinding Attacks Against Localhost: New value is present on 2.4.5.a.20191217.0637... Jim Pingle
01:55 PM Feature #9705 (Resolved): Add kernel memory usage to status.php: Information is present in status.php output on 2.4.5.a.20191217.0637 Jim Pingle
01:54 PM Bug #9692 (Resolved): system_authservers.php: Descriptive name can be changed by removing read-only property via inspect element: Changes are rejected when attempted in this manner on 2.4.5.a.20191217.0637 Jim Pingle
01:51 PM Bug #9569 (Resolved): Fix serial console terminal size issues: Looks good on 2.4.5.a.20191217.0644 Jim Pingle
01:49 PM Bug #9540 (Resolved): PHP Uncaught Error in Status/System Logs/Firewall/Dynamic View: Looks good on 2.4.5.a.20191217.0637 Jim Pingle
01:47 PM Feature #9532 (Resolved): GUI indication and options for MDS mitigation: Works as expected. The mitigation can be enabled or disabled via system_advanced_misc.php and the status is correctly... Jim Pingle
01:45 PM Feature #9531 (Resolved): [IPSEC] Add additional curve-based DH Groups (31+): Group 31 can be selected and works when chosen on 2.4.5.
2.4.5.a.20191217.0637 Jim Pingle
01:43 PM Bug #9448 (Resolved): Dynamic DNS options showing in GUI for IPv6 when not in use: When saving on services_dhcpv6.php without any DDNS options entered, the section stays collapsed as expected now.
... Jim Pingle
01:41 PM Bug #9522 (Resolved): Diagnostics > System Activity shows only the header: On 2.4.5, the display shows the large process list and updates as expected.
2.4.5.a.20191217.0637 Jim Pingle
01:38 PM Feature #9323 (Resolved): Option to hide 'Kernel PTI' from sysinfo widget: PTI and MDS display in the system info widget can be disabled individually (or together) as expected on 2.4.5 and 2.5... Jim Pingle
01:38 PM Revision d237ba46: Add exit notify to OpenVPN servers/clients. Implements #9078: (cherry picked from commit 7591a72a5108a2ac28d28745cec43ea282869aae) Jim Pingle
01:36 PM Bug #9218 (Resolved): SNMP sysDescr does not display hostname and patch version: Works as intended now on 2.4.5 and 2.5.0, all the expected information is present. For good measure I applied it agai... Jim Pingle
01:29 PM Bug #9133: "Show all configured leases" does not stay set after deleting a lease: The commit for this wasn't cherry-picked to RELENG_2_4_5. I just picked it back.
I applied the change manually and... Jim Pingle
01:25 PM Feature #9030 (Feedback): Allow TLS Key Direction with OpenVPN: Applied in changeset commit:7dca65a19d08393cdb36f22fe98b847b46d9caf9. Jim Pingle
01:23 PM Feature #9030: Allow TLS Key Direction with OpenVPN: Value was also not read properly on page load, but I've pushed a fix for that as well. Jim Pingle
01:15 PM Feature #9030 (New): Allow TLS Key Direction with OpenVPN: The value does not get stored when changed on the server settings. I'll push a fix shortly. Jim Pingle
01:12 PM Revision bc18c480: Merge pull request #4109 from vktg/p11ipsec: Renato Botelho
01:08 PM Revision 50ceeac3: Ticket #9878: Add OPTIONS for opensc: Renato Botelho
01:06 PM Bug #8847 (Resolved): IPsec status "Show Child SA entries" button only expands and never collapses: When clicked, the button disappears and the child list is expanded, which is the intended behavior.
2.4.5.a.20191217... Jim Pingle
01:04 PM Bug #7840 (Resolved): OpenVPN 2.4 Server: Hide Interface when Protocol is Multihome: Control shows and hides as expected on 2.4.5 snapshots. Jim Pingle
01:04 PM Feature #7791 (Resolved): include /usr/bin/strings in core pfSense: @/usr/bin/strings@ is present and works on 2.4.5 snapshots. Jim Pingle
01:02 PM Revision e9063651: Merge pull request #4115 from vktg/unboundecdsa: Renato Botelho
01:02 PM Feature #5851 (Resolved): Add copy action to OpenVPN client / server: Seems to work fine for me on 2.4.5 snaps. The icon is there, I can make copies, they save and run OK.
I was able t... Jim Pingle
01:00 PM Revision 79fc17f9: Merge pull request #4122 from vktg/ecdsarenew: Renato Botelho
12:59 PM Feature #3244: Check that OpenVPN tunnel network does not overlap any other subnet: Picked this back to 2.4.5, since #5851 is already on 2.4.5 and this error will be more common with that available. Jim Pingle
12:58 PM Revision 68bd425e: DigitalOcean DynDNS description update. Close #9602: The description for DigitalOcean dynamic DNS is incorrect. The documentation currently states to "Enter @ as the host... karlhaworth
12:57 PM Revision f46036d1: Merge pull request #4131 from karlhaworth/pfsense-kh-patch-1: Renato Botelho
12:56 PM Revision 592b06fa: escapeshellarg(): (cherry picked from commit 6ad0603b9fc9a65a9bd10390976676ae48b3fbd0) Viktor Gurov
12:56 PM Revision 87417401: escapeshellarg(): (cherry picked from commit e43f0619b0f0937689ad78c023dfe077b1f84a10) Viktor Gurov
12:56 PM Revision 46b8e221: more readable: (cherry picked from commit c1c375e6fab9b334af8c290912324bf6aa42591b) Viktor Gurov
12:56 PM Revision c987c982: full cmd: route delete $fml $tgt $gw: (cherry picked from commit 3e20d17562406d1735720fe6b083e702cfc43de3) Viktor Gurov
12:56 PM Revision d1e3dcb2: Merge pull request #4130 from vktg/delstaticroutes: Renato Botelho
11:56 AM Revision 37d7a4d4: Calculate poudriere PARALLEL_JOBS based on hw.ncpu: Renato Botelho
11:56 AM Revision 3023bc21: Calculate poudriere PARALLEL_JOBS based on hw.ncpu: Renato Botelho
11:56 AM Revision 0e491fe2: Calculate poudriere PARALLEL_JOBS based on hw.ncpu: Renato Botelho
10:56 AM Revision dd580dd8: allow ca cert without prv for ipsec&ovpn: Viktor Gurov
10:53 AM Feature #9970 (Pull Request Review): Captive Portal and SAML2 Integration: Jim Pingle
10:49 AM Feature #9970: Captive Portal and SAML2 Integration: Pull request: https://github.com/pfsense/pfsense/pull/4133 Mauro Braggio
10:42 AM Revision e43c71ce: do not show certs without prv by default: Viktor Gurov
10:01 AM Bug #9977 (Resolved): Enabling Captive Portal on 2.4.5 breaks network connectivity: Enabling Captive Portal on 2.4.5 breaks connectivity even on interfaces which are not involved in Captive Portal. The... Jim Pingle
09:40 AM Todo #9976 (Feedback): strongswan: Update to 5.8.2: Renato Botelho
09:40 AM Todo #9976 (Resolved): strongswan: Update to 5.8.2: strongswan 5.8.2 was released Renato Botelho
09:32 AM Bug #9975 (Resolved): PHP error on upgrade from 2.4.4-p3 to 2.4.5: The following PHP errors come up when upgrading from 2.4.4-p3 to 2.4.5. They are not harmful, but are due to the libr... Jim Pingle
08:01 AM pfSense Packages Feature #9974 (Feedback): Add pfSense package for sysutils/node_exporter: PR has been manually merged. Thanks! Renato Botelho
08:00 AM pfSense Packages Feature #9974 (Resolved): Add pfSense package for sysutils/node_exporter: PR: https://github.com/pfsense/FreeBSD-ports/pull/653 Renato Botelho
07:58 AM pfSense Packages Bug #9807: Packets Monitoring graphs are being incorrectly scaled: This was picked back to 2.4.5 as well, so needs testing there. Jim Pingle
06:28 AM pfSense Packages Bug #9807 (Feedback): Packets Monitoring graphs are being incorrectly scaled: PR has been merged. Thanks! Renato Botelho
07:41 AM Feature #9078: Investigate adding knobs for explicit-exit-notify in OpenVPN: Applies cleanly to 2.4.5, so I picked it back. Jim Pingle
07:28 AM Feature #9972 (Pull Request Review): cert_build_list(): by default don't show certs without prv key: Jim Pingle
04:50 AM Feature #9972 (Resolved): cert_build_list(): by default don't show certs without prv key: by default don't show certs without prv key
allow to show it with using extra $noprv arg (can be used for CA certs)
... Viktor Gurov
07:28 AM pfSense Packages Feature #9973: Nagios NRPE package isn't IPv6 capable: Not a bug, but a missing feature. Jim Pingle
04:54 AM pfSense Packages Feature #9973 (New): Nagios NRPE package isn't IPv6 capable: In pfSense 2.4.4p3 Nagios NRPE package lacks IPv6 capabilities.
1. binding IP: I can only give one IP. For Dual St... Pim Pish
07:18 AM Feature #9111: Add IPsec VTI interface MTU support: I applied this patch to my 2.4.4 machines. They have been running for a while without issue. When I change the MTU it... Mix Room
07:13 AM Feature #9878 (Feedback): IPsec PKCS#11 authentication: PR has been merged. Thanks! Renato Botelho
07:02 AM Bug #9907 (Feedback): Do not show incompatible ECDSA certs for DNS Resolver: PR has been merged. Thanks! Renato Botelho
07:01 AM Feature #9842 (Feedback): Add CA/certificate renewal function: PR has been merged. Thanks! Renato Botelho
06:58 AM Bug #9602 (Feedback): Dynamic DNS with DigitalOcean not working: PR has been merged. Thanks! Renato Botelho
06:56 AM Bug #9969 (Feedback): static route remain in the OS routing table after deletion: PR has been merged. Thanks! Renato Botelho
06:19 AM pfSense Packages Bug #9219 (Feedback): STunnel: .pem files are created with incorrect permissions.: PR has been merged. Thanks! Renato Botelho
06:16 AM Bug #9873: Switching the System Update to Development renders the system unbootable: I've added a workaround on pfSense-repo post-install script to replace the call to `pkg info` by `pkg-static info` on... Renato Botelho

12/16/2019

11:52 PM Revision 9f6432f0: 2nd try: change config option to avoid positive checkbox = negative option → luckman212
10:18 PM Feature #9695 (Resolved): Add Ability to Force NAT-T Encapsulation on IKEv2 Peers: Jim Pingle
08:50 PM Feature #9695: Add Ability to Force NAT-T Encapsulation on IKEv2 Peers: Looks good in 2.4.5: WAN udp 172.25.228.9:4500 -> 172.25.228.13:4500 MULTIPLE:MULTIPLE 29 / 29 3 KiB / 3 KiB Chris Linstruth
08:30 PM Revision 8bd02833: Revise jquery/jquery-ui in csrf_error page, which needs its own copy: (cherry picked from commit fb249aefa378172d6c246e62d15a8da40d80c5b6) Steve Beaver
08:30 PM Revision fecb3f60: Correct jQuery include: (cherry picked from commit bb31e48e2c1eea6a7a3925f5398bce17c19f3af4) Steve Beaver
08:30 PM Revision 4398e08f: Renamed jQuery-ui files for consistency with jQuery naming: (cherry picked from commit b1a3d89a0278ff16c270b86fca8621e5457c05fd) Steve Beaver
08:30 PM Revision 16eae2f4: Fixed #9407: (cherry picked from commit df4262d0e1d8d460ba93b9fcde16476306ee21f6) Steve Beaver
06:09 PM Revision 88a34f7a: Add 2.4.5-DEVELOPMENT repository: Renato Botelho
06:07 PM Revision f02260ac: Add 2.4.5-DEVELOPMENT repository: Renato Botelho
05:33 PM Revision f645d52a: Token -> PKCS#11: Viktor Gurov
05:28 PM Revision 6ad0603b: escapeshellarg(): Viktor Gurov
05:27 PM Revision e43f0619: escapeshellarg(): Viktor Gurov
03:36 PM Bug #9971: sshguard error: Logging subprocess <pid> (exec /usr/local/sbin/sshguard) exited with status 1.: Looks like in https://bitbucket.org/sshguard/sshguard/commits/600ce84ff6ab745d5507b3b147f37890a1451a7e they changed i... Jim Pingle
02:59 PM Bug #9971 (Resolved): sshguard error: Logging subprocess <pid> (exec /usr/local/sbin/sshguard) exited with status 1.: sshguard logs an error repeatedly on recent snapshots:... Jim Pingle
02:44 PM Bug #9407: Update jQuery to current version (3.3.1 or later): I picked this back to 2.4.5, needs tested there, too. Move back to 2.5.0 after for good measure, though if it was goi... Jim Pingle
12:22 PM Revision 24df8e83: Revert "Fix the build of miniupnpd in 12, disable CHECK_PORTINUSE.": This reverts commit e79fdf50be24375840011100440c9edee8c978dd. Renato Botelho
12:22 PM Revision ea4f5078: Revert "Fix the build of miniupnpd in 12, disable CHECK_PORTINUSE.": This reverts commit b761d75c2edc056576c669d36574793c5d13bdda. Renato Botelho
10:32 AM Bug #9969 (Pull Request Review): static route remain in the OS routing table after deletion: Jim Pingle
10:24 AM Bug #9602 (Pull Request Review): Dynamic DNS with DigitalOcean not working: Jim Pingle
10:23 AM pfSense Packages Bug #9220 (Pull Request Review): STunnel: Tunnel list does not show certificate: Jim Pingle
09:01 AM pfSense Packages Bug #9220: STunnel: Tunnel list does not show certificate: https://github.com/pfsense/FreeBSD-ports/pull/720 Viktor Gurov
10:23 AM pfSense Packages Bug #9652 (Pull Request Review): Squid Proxy Server /var/squid/lib/ssl_db directory not found in squid.inc: Jim Pingle
10:23 AM pfSense Packages Bug #9219 (Pull Request Review): STunnel: .pem files are created with incorrect permissions.: Jim Pingle
10:22 AM pfSense Packages Bug #9807 (Pull Request Review): Packets Monitoring graphs are being incorrectly scaled: Jim Pingle
09:00 AM Feature #9970 (New): Captive Portal and SAML2 Integration: Adding a section in Captive Portal to perform authentication against a remote IdP via SAML.
I'd propose to use OneLo... Mauro Braggio
07:24 AM Todo #9603: Strongswan stroke is deprecated, move to swanctl/vici: Don't post anything here, but start a thread at https://forum.netgate.com/category/78/2-5-development-snapshots with ... Jim Pingle
01:52 AM Revision fe7a2304: DigitalOcean DynDNS description update. Close #9602: The description for DigitalOcean dynamic DNS is incorrect. The documentation currently states to "Enter @ as the host... karlhaworth

12/15/2019

07:56 PM Bug #9602: Dynamic DNS with DigitalOcean not working: Submitted PR : https://github.com/pfsense/pfsense/pull/4131 Crusty Cheeze
04:50 PM Bug #9602: Dynamic DNS with DigitalOcean not working: I got this same message.
The information inside pfsense is bad. "Cloudflare and DigitalOcean: Enter @ as the hostn... Crusty Cheeze
12:49 PM Bug #8413: Virtual IP on PPPOE interface no longer working with 2.4.3: Hi,
I am getting this exact same error when my PPPoE connection drops and pfSense tries to reestablish it.
At l... Nick R

12/14/2019

11:47 PM Todo #9603: Strongswan stroke is deprecated, move to swanctl/vici: Jim Pingle wrote:
> Applied in changeset commit:c6220dcf7faf3492713c6c30bb86d3971b2772a9.
Hello,
My setup has ... Florin Samareanu
04:48 PM Revision c1c375e6: more readable: Viktor Gurov
04:32 PM Revision 3e20d175: full cmd: route delete $fml $tgt $gw: Viktor Gurov
02:48 PM Revision e194f002: gui renaming pkcs11 -> token + show ID: Viktor Gurov
02:10 PM Revision efacf294: cert on token check: Viktor Gurov
02:10 PM Revision 367d8609: cert on token check: Viktor Gurov
11:07 AM Revision 403add46: cosmetic: Viktor Gurov
11:03 AM Revision 3edfe694: working: Viktor Gurov
10:37 AM Bug #9969: static route remain in the OS routing table after deletion: https://github.com/pfsense/pfsense/pull/4130 Viktor Gurov
09:57 AM Revision e881843a: pcscd service: Viktor Gurov
02:00 AM pfSense Packages Bug #9652: Squid Proxy Server /var/squid/lib/ssl_db directory not found in squid.inc: https://github.com/pfsense/FreeBSD-ports/pull/719 Viktor Gurov

12/13/2019

11:37 PM pfSense Packages Bug #9219: STunnel: .pem files are created with incorrect permissions.: https://github.com/pfsense/FreeBSD-ports/pull/718 Viktor Gurov
08:19 PM Revision 5f143b6e: some progress: Viktor Gurov
06:39 PM Revision 58264457: Fix #9873: Use pkg-static: When pkg repo points to a new major version pkg is updated, use
pkg-static binary to check PHP version and make sure ... Renato Botelho
06:36 PM Revision b71df062: Fix #9873: Use pkg-static: When pkg repo points to a new major version pkg is updated, use
pkg-static binary to check PHP version and make sure ... Renato Botelho
06:34 PM Revision 6cadca6b: Fix #9873: Use pkg-static: When pkg repo points to a new major version pkg is updated, use
pkg-static binary to check PHP version and make sure ... Renato Botelho
01:38 PM Bug #9123: Adding/configuring vlan on ixl-devices causes aq_add_macvlan err -53, aq_error 14: Hi,
As I explained in the forum : this is my currently working solution while runing 2.4.4p3:
- Using lagg in fai... Eric Machabert
01:38 PM Revision ef30c0a7: Move syslog format var to syslog.inc. Issue #9808: In some cases, PHP is unhappy with calls to gettext() in globals.inc Jim Pingle
12:45 PM Bug #9873 (Feedback): Switching the System Update to Development renders the system unbootable: Applied in changeset commit:6cadca6b1665260f7feac90e8c2345234ab66154. Renato Botelho
10:23 AM Bug #9969 (Resolved): static route remain in the OS routing table after deletion: after deleting static route on System / Routing / Static Routes page and/or deleting gateway on System / Routing / Ga... Viktor Gurov
10:04 AM Bug #9968: Configuration of assigned interfaces is deployed to unassigned ones: For good measure, I decided to try it out. Made a VM on ESX 6.7 with 10 NICs. Installed, configured 5 of them, left t... Jim Pingle
08:01 AM Bug #9968 (Not a Bug): Configuration of assigned interfaces is deployed to unassigned ones: This looks more like an issue with your config.xml or environment, and more discussion and detail is necessary. For e... Jim Pingle
07:56 AM Bug #9968 (Not a Bug): Configuration of assigned interfaces is deployed to unassigned ones: *Background:*
We are running pfSense virtualized on VMware vSphere platform with 10 vmxnet3 NICs (vmx0-vmx9), hardwa... Marek Částek
01:41 AM Revision e26ad76e: Add opts to services_dhcpv6.php and services_router_advertisements.php: Adds config options to disable pushing DNS server options to dhcp6
clients via dhcpd or radvd. Fixes an issue when us... → luckman212

12/12/2019

08:47 PM Feature #9302: radvd always advertises DNS servers and Domain Search List regardless of M or O flag: I only stumbled onto this issue after I had already found my own need for it and made a small patch for it. It's not ... → luckman212
07:25 PM Revision b16c3a12: Add option for RFC5424 syslog format. Implements #9808: Jim Pingle
03:50 PM Revision ce1ff928: small fixes: Viktor Gurov
01:35 PM Todo #9808 (Feedback): status_logs_settings.php: Add GUI option for syslog format: Applied in changeset commit:b16c3a12c61c117e9c8140b115efc7f9acea96c5. Jim Pingle
01:28 PM pfSense Packages Bug #9807: Packets Monitoring graphs are being incorrectly scaled: https://github.com/pfsense/FreeBSD-ports/pull/717 Viktor Gurov
07:02 AM pfSense Packages Bug #9807: Packets Monitoring graphs are being incorrectly scaled: They are a part of the Status_Monitoring package (which is included in the base install), so the files are in the fre... Jim Pingle
06:41 AM pfSense Packages Bug #9807: Packets Monitoring graphs are being incorrectly scaled: for some reason there is no rrd_fetch_json.php and status_monitoring.php files on github
fixed version:... Viktor Gurov
07:04 AM Todo #9903 (Resolved): Rename IPsec "RSA" options to more generic "Certificate" options: Jim Pingle
01:41 AM Todo #9903: Rename IPsec "RSA" options to more generic "Certificate" options: Jim Pingle wrote:
> Applied in changeset commit:d1f5587d48af48817336fdf8644ea7d7679cf037.
tested on 2.5.0.a.20191... Viktor Gurov
07:04 AM Bug #9879 (Resolved): PHP Warning: count(): Parameter must be an array or an object that implements Countable in /usr/local/www/system_crlmanager.php: Jim Pingle
01:39 AM Bug #9879: PHP Warning: count(): Parameter must be an array or an object that implements Countable in /usr/local/www/system_crlmanager.php: Jim Pingle wrote:
> Applied in changeset commit:a6487fc84dc85113354730ffe7f1d4a1141cf0c5.
tested on 2.5.0.a.20191... Viktor Gurov

12/11/2019

11:42 PM pfSense Packages Bug #9967 (Rejected): SSL Filter enable stopped Squid Proxy and guard filter services: Please post on the forum to discuss and identify the issue. There is not enough information here to know what the iss... Jim Pingle
10:12 PM pfSense Packages Bug #9967 (Rejected): SSL Filter enable stopped Squid Proxy and guard filter services: ear in pf sense 2.4.4-DEVELOPMENT (AMD64) when squid proxy sever enable the squid SSL Filtering option for block secu... Noman Akbar
06:06 PM Revision 6c665431: Update status.php to read swanctl.conf, not ipsec.conf: Also ensure that secrets are redacted, and change the strongswan.conf
command to match. Jim Pingle
04:45 PM Revision aa689bbc: Fix 2.4.5 repo ports branch (take 2): Renato Botelho
04:38 PM Revision fa463ace: Fix 2.4.5 repo ports branch: Renato Botelho
04:35 PM Revision 686068b0: Fix 2.5.0/2.4.5 repo configs: Renato Botelho
04:08 PM Revision 09b6735d: allow to disable APIPA blocking: Viktor Gurov
10:25 AM Feature #9966 (Pull Request Review): allow to disable APIPA blocking: Jim Pingle
10:13 AM Feature #9966 (Resolved): allow to disable APIPA blocking: allow to disable APIPA blocking,
some providers may utilize APIPA space for interconnect interfaces
see also htt... Viktor Gurov
10:22 AM Bug #9873 (In Progress): Switching the System Update to Development renders the system unbootable: Renato Botelho
10:09 AM Bug #2073: APIPA broadcasts forwarded by route-to: https://github.com/pfsense/pfsense/pull/4128 Viktor Gurov
08:13 AM pfSense Packages Bug #9965 (Resolved): Since 0.15.7_2, legit LDAP server certs cannot be selected anymore: Thanks for testing! Jim Pingle
08:00 AM pfSense Packages Bug #9965: Since 0.15.7_2, legit LDAP server certs cannot be selected anymore: Excellent; thank you very much! I can confirm this is fixed here! Didier Raboud
07:50 AM pfSense Packages Bug #9965 (Feedback): Since 0.15.7_2, legit LDAP server certs cannot be selected anymore: Fixed in 0.15.7_7 Jim Pingle
05:29 AM pfSense Packages Bug #9965 (Resolved): Since 0.15.7_2, legit LDAP server certs cannot be selected anymore: It seems that https://github.com/pfsense/FreeBSD-ports/commit/8cbbd84a374f4942e082c5898e93040c5ac65bbb broke the `/pk... Didier Raboud
07:53 AM pfSense Packages Bug #9962: HAproxy Upgrade needed HTTP/2 CVE-2019-19330: The new versions are in the ports tree in master, but need picked back to devel, RELENG_2_4_4, and RELENG_2_4_5 Jim Pingle
07:25 AM Feature #9754 (Resolved): Add separate authentication log: OpenVPN authentication is already placed in the auth log.... Jim Pingle
04:47 AM Feature #9754: Add separate authentication log: Jim Pingle wrote:
> I'm still not seeing a viable way to get the IPsec logs out when strongSwan handles the authenti... Viktor Gurov
07:22 AM Bug #9764 (Resolved): status.php: Sanitize barnyard_dbpwd: Jim Pingle
06:38 AM Bug #9764: status.php: Sanitize barnyard_dbpwd: Jim Pingle wrote:
> Needs checked and/or tested again on 2.4.5 snapshots
tested on 2.4.5.a.20191209.0732
Resolved Viktor Gurov
07:22 AM Bug #9727 (Resolved): status.php: Sanitize influx_pass: Jim Pingle
06:38 AM Bug #9727: status.php: Sanitize influx_pass: Jim Pingle wrote:
> Needs checked and/or tested again on 2.4.5 snapshots
tested on 2.4.5.a.20191209.0732
Resolved Viktor Gurov
07:21 AM Bug #9728 (Resolved): status.php: Sanitize tinc private key: Jim Pingle
06:37 AM Bug #9728: status.php: Sanitize tinc private key: Jim Pingle wrote:
> Needs checked and/or tested again on 2.4.5 snapshots
tested on 2.4.5.a.20191209.0732
Resolved Viktor Gurov
07:21 AM Bug #9729 (Resolved): status.php: Sanitize zabbix-agent tlspsk key: Jim Pingle
06:36 AM Bug #9729: status.php: Sanitize zabbix-agent tlspsk key: Jim Pingle wrote:
> Needs checked and/or tested again on 2.4.5 snapshots
tested on 2.4.5.a.20191209.0732
Resolved Viktor Gurov
07:21 AM Bug #9784 (Resolved): status.php: Sanitize bandwidthd db password: Jim Pingle
06:36 AM Bug #9784: status.php: Sanitize bandwidthd db password: Jim Pingle wrote:
> Needs checked and/or tested again on 2.4.5 snapshots
tested on 2.4.5.a.20191209.0732
Resolved Viktor Gurov
07:16 AM Bug #9744 (Resolved): fatal error if ECDH Curve not default: Jim Pingle
04:41 AM Bug #9744: fatal error if ECDH Curve not default: Jim Pingle wrote:
> I pushed an update in commit:ca3cddbec4 to change the OpenVPN curve list to match IPsec
teste... Viktor Gurov
07:16 AM Bug #9936 (Resolved): zombie alias check errors if no alises exist: Jim Pingle
04:38 AM Bug #9936: zombie alias check errors if no alises exist: Jim Pingle wrote:
> Applied in changeset commit:e99c638b78540efa478dbb3360943c67de72c1af.
tested on 2.5.0.a.20191... Viktor Gurov
07:16 AM Feature #9771 (Resolved): diag_reboot.php: add ability to reroot and reboot with fsck to WebGUI: Jim Pingle
04:14 AM Feature #9771: diag_reboot.php: add ability to reroot and reboot with fsck to WebGUI: Renato Botelho wrote:
> PR has been merged. Thanks
tested on 2.5.0.a.20191210.1722
Resolved Viktor Gurov
07:16 AM Bug #9964 (Duplicate): first step wizard error on SG-1000: That syntax error was fixed over a month ago, and the build issue that led to it being a problem in snapshots was fix... Jim Pingle
05:10 AM Bug #9964 (Duplicate): first step wizard error on SG-1000: After setting the admin password, I received a CSRF verification error, and after refreshing the page:... Viktor Gurov

12/06/2019

11:47 PM Bug #9961 (Resolved): status_upnp: UPnP status not showing rules when using override WAN address option: When using the override WAN address option (say for a CARP VIP), the Status / UPnP & NAT-PMP page shows NO entries, e... Christian McDonald
10:40 PM pfSense Packages Bug #9960 (Rejected): SSL Filter enable stopped Squid Proxy and guard filter services: Do not open issues here for this. Post on the forum to discuss and diagnose the problem and obtain more information. ... Jim Pingle
10:38 PM pfSense Packages Bug #9960 (Rejected): SSL Filter enable stopped Squid Proxy and guard filter services: dear in pf sense 2.5.0-DEVELOPMENT (AMD64) when squid proxy sever enable the squid SSL Filtering option for block sec... Noman Akbar
10:32 PM pfSense Packages Feature #9959 (Rejected): SSL Filter enable stopped Squid Proxy and guard filter services: Please post on the forum to discuss and identify the issue. There is not enough information here. 2.5.0 is in develop... Jim Pingle
10:29 PM pfSense Packages Feature #9959 (Rejected): SSL Filter enable stopped Squid Proxy and guard filter services: dear in pf sense 2.5.0-DEVELOPMENT (AMD64) when squid proxy sever enable the squid SSL Filtering option for block sec... Noman Akbar
03:41 PM Bug #9938: Queue stats parser broken if bytes > 9999999999: PR link: https://github.com/pfsense/pfsense/pull/4123 Jim Pingle
03:12 PM Todo #9245: Update copyright notices to 2020: See also: commit:38809d476acd3939b64bf3f3317792b99e5a1b9f Jim Pingle
01:02 PM Revision 62bac37e: Lower default_cert_expiredays warning threshold to 27 days: Even at 28, ACME still sometimes warns unnecessarily just before renewal. Jim Pingle
12:59 PM Revision c01a28ac: OpenVPN server cert default lifetime 825 days: (cherry picked from commit c576842887ac696dd5faf9d86d5447538d316069) Viktor Gurov
12:59 PM Revision 07f51b2f: Merge pull request #4126 from vktg/ovpnwiz825: Jim Pingle
09:24 AM Bug #9954 (Resolved): status_ipsec.php: Unable to manually connect P2 when P1 is up but not P2: On status_ipsec.php, if IKE (P1) is up but Child SAs (P2s) are not connected, there is no way to connect them without... Jim Pingle
08:16 AM Revision c5768428: OpenVPN server cert default lifetime 825 days: Viktor Gurov
07:38 AM Bug #9763 (Resolved): Trying to set VLAN Priority causes error: Jim Pingle
07:33 AM Bug #9763: Trying to set VLAN Priority causes error: Jim Pingle wrote:
> Needs checked and/or tested again on 2.4.5 snapshots
tested on 2.4.5.a.20191205.1442_3
ok,... Viktor Gurov
07:31 AM Bug #9867 (Resolved): Packet Capture IPv6 rejects all packets if CARP type is set in Protocol field: Jim Pingle
07:31 AM Bug #9867: Packet Capture IPv6 rejects all packets if CARP type is set in Protocol field: Jim Pingle wrote:
> Needs checked and/or tested again on 2.4.5 snapshots
tested on 2.4.5.a.20191205.1442_3
ok,... Viktor Gurov
07:30 AM Todo #9868 (Resolved): Add clientAuth EKU to Server type certificates: Jim Pingle
07:29 AM Todo #9868: Add clientAuth EKU to Server type certificates: Jim Pingle wrote:
> Needs checked and/or tested again on 2.4.5 snapshots
tested on 2.4.5.a.20191205.1442_3:
...
... Viktor Gurov
06:58 AM Feature #9825 (Resolved): Requirements for trusted certificates in iOS 13 and macOS 10.15: Viktor Gurov wrote:
> Change default GUI cert lifetime to 825 days - *OK*
That's all that needed testing, so it's... Jim Pingle
03:55 AM Feature #9825: Requirements for trusted certificates in iOS 13 and macOS 10.15: mark certificates with lifetime > 825 days:
https://github.com/pfsense/pfsense/pull/4127 Viktor Gurov
02:29 AM Feature #9825: Requirements for trusted certificates in iOS 13 and macOS 10.15: reduce OpenVPN wizard server cert lifetime to 825:
https://github.com/pfsense/pfsense/pull/4126 Viktor Gurov
02:28 AM Feature #9825: Requirements for trusted certificates in iOS 13 and macOS 10.15: Jim Pingle wrote:
> The default GUI cert lifetime of 825 days needs checked on 2.4.5 snapshots. If it's OK, move tar... Viktor Gurov
06:58 AM Bug #9953 (Not a Bug): no meta.txz, Unable to retrieve package information: It's expected to happen since we didn't make packages public yet while we do first round of tests Renato Botelho
12:37 AM Bug #9953 (Not a Bug): no meta.txz, Unable to retrieve package information: got 'Unable to retrieve package information.' error on package manager page
in console:... Viktor Gurov
06:56 AM Bug #9748 (Resolved): openvpn_wizard.xml: DH 15360 and 16384 fall back to 1024: Jim Pingle
02:05 AM Bug #9748: openvpn_wizard.xml: DH 15360 and 16384 fall back to 1024: Jim Pingle wrote:
> Needs checked and/or tested again on 2.4.5 snapshots
tested on 2.4.5.a.20191205.1442_3
ok,... Viktor Gurov
06:56 AM Bug #9719 (Resolved): system_certmanager.php - Descriptive name field disappeared when adding certificate for user: Jim Pingle
01:57 AM Bug #9719: system_certmanager.php - Descriptive name field disappeared when adding certificate for user: Jim Pingle wrote:
> Needs checked and/or tested again on 2.4.5 snapshots
tested on 2.4.5.a.20191205.1442_3
ok,... Viktor Gurov
06:56 AM Bug #9722 (Resolved): services_captiveportal_vouchers.php wrong status icon link: Jim Pingle
01:34 AM Bug #9722: services_captiveportal_vouchers.php wrong status icon link: Jim Pingle wrote:
> Needs checked and/or tested again on 2.4.5 snapshots
tested on 2.4.5.a.20191205.1442_3
ok,... Viktor Gurov
06:56 AM Bug #9756 (Resolved): vpn_openvpn_(client|server).php: js issue when selecting multiple NCP: Jim Pingle
01:30 AM Bug #9756: vpn_openvpn_(client|server).php: js issue when selecting multiple NCP: Jim Pingle wrote:
> Needs checked and/or tested again on 2.4.5 snapshots
tested on 2.4.5.a.20191205.1442_3
ok,... Viktor Gurov
06:13 AM Bug #9946: package install failed: unset the 'vital' flag with: pkg set -v 0 pfSense: James Dekker wrote:
> With the proper test repo pointing at 2.4.5, the packages install successfully.
gitsync is ... Renato Botelho
04:15 AM Bug #9944: cron package tries to send out mail with non-existing sendmail tool: Thanks for the explanation. In that case it would be nice to somehow utilize pfSense's notification settings (System/... Alex Kolesnik
01:59 AM Bug #9790: firewall aliases table with fqdn stays in system after deleting: Renato Botelho wrote:
> PR has been merged. Thanks!
tested on 2.5.0.a.20191205.1852
works, Resolved Viktor Gurov

12/05/2019

09:01 PM Revision 7ba6c13b: status_ipsec.php improvements: * Fixes Child SA button JS hide. Fixes #8847
* Adds Child SA count to JS button
* Fixes alignment of 'Connect' button... Jim Pingle
08:29 PM Revision c6220dcf: IPsec swanctl conversion. Implements #9603: * Converted IPsec configuration code from ipsec.conf ipsec/stroke style
to swanctl.conf swanctl/vici style. Issue #... Jim Pingle
07:34 PM Revision f9fbba13: 2.4.5 repo doesn't use ARCH_NEW: Renato Botelho
07:20 PM Revision 7b2fae37: Add 2.4.5 repo and use it as default: Renato Botelho
07:09 PM Revision 3414daaf: Point to devel repo by default: Renato Botelho
07:01 PM Revision ee4cfea3: Fix is_set/isset: (cherry picked from commit cb442cfa7406e561761a52c826c9c58e7a4ee2bc) Steve Beaver
06:35 PM Revision 55343921: Add packages to version string to support composite update: (cherry picked from commit 725c8134d390eefb4bb258893a27a278176158ac) Steve Beaver
05:23 PM Revision 1b16ff0d: Fix is_set/isset: (cherry picked from commit cb442cfa7406e561761a52c826c9c58e7a4ee2bc) Steve Beaver
04:33 PM Bug #9946: package install failed: unset the 'vital' flag with: pkg set -v 0 pfSense: With the proper test repo pointing at 2.4.5, the packages install successfully. Anonymous
04:13 PM Bug #9946 (Feedback): package install failed: unset the 'vital' flag with: pkg set -v 0 pfSense: (mistake on my end, error is still present)
putting back to Feedback for now. Anonymous
03:57 PM Bug #9946 (Resolved): package install failed: unset the 'vital' flag with: pkg set -v 0 pfSense: tested on 2.4.5 gitsync'd to RELENG_2_4_5, worked as expected, packages mentioned above installed without issue. (mis... Anonymous
01:14 PM Bug #9946 (Feedback): package install failed: unset the 'vital' flag with: pkg set -v 0 pfSense: It was caused because image was pointing to 2.4.4 repository by default.
I pushed a fix and it will be available o... Renato Botelho
11:23 AM Bug #9946: package install failed: unset the 'vital' flag with: pkg set -v 0 pfSense: FreeRADIUS
zabbix-proxy
avahi
frr
pfBlockerNG
pfBlockerNG-devel
suricata
snort
...need to test all package... Viktor Gurov
10:52 AM Bug #9946 (Resolved): package install failed: unset the 'vital' flag with: pkg set -v 0 pfSense: ... Viktor Gurov
04:00 PM Feature #9757 (Resolved): DH groups 25,26,27 not listed for phase1 & phase2: tested on 2.4.5 gitsync'd to RELENG_2_4_5, works as expected. Anonymous
03:12 PM Feature #9757 (Feedback): DH groups 25,26,27 not listed for phase1 & phase2: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:53 PM Bug #9945 (Resolved): wizard error on clean install: Jim Pingle
03:44 PM Bug #9945: wizard error on clean install: tested on 2.4.5 gitsync'd to RELENG_2_4_5, worked as expected. Anonymous
11:24 AM Bug #9945 (Feedback): wizard error on clean install: Fixed by commit:1b16ff0d5c Jim Pingle
10:45 AM Bug #9945 (Resolved): wizard error on clean install: after Time Server Information configuration page in wizard:... Viktor Gurov
03:29 PM Bug #9801: VTI IPv6 addresses don't get assigned: They are not public yet, but will be soon. We are doing some internal testing to catch obvious issues before pushing ... Jim Pingle
03:26 PM Bug #9801: VTI IPv6 addresses don't get assigned: I can do it but I can't see a download for 2.4.5 snapshot builds? Only 2.5. Ben Hughes
03:12 PM Bug #9801 (Feedback): VTI IPv6 addresses don't get assigned: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Feature #9911 (Feedback): Show confirmation box before disconnecting PPPoE: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Todo #9868 (Feedback): Add clientAuth EKU to Server type certificates: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9867 (Feedback): Packet Capture IPv6 rejects all packets if CARP type is set in Protocol field: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9851 (Feedback): PHP error in logs: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Feature #9791 (Feedback): Ability to filter Diagnostics ARP Table by IP range (DHCP): Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9784 (Feedback): status.php: Sanitize bandwidthd db password: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9764 (Feedback): status.php: Sanitize barnyard_dbpwd: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9763 (Feedback): Trying to set VLAN Priority causes error: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9756 (Feedback): vpn_openvpn_(client|server).php: js issue when selecting multiple NCP: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9748 (Feedback): openvpn_wizard.xml: DH 15360 and 16384 fall back to 1024: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9741 (Feedback): interfaces_ppps_edit.php: WebGUI don't show local ip / gateway ip values: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9736 (Feedback): status.php: Sanitize oinkcode and etprocode of snort/surricata: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9729 (Feedback): status.php: Sanitize zabbix-agent tlspsk key: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9728 (Feedback): status.php: Sanitize tinc private key: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9727 (Feedback): status.php: Sanitize influx_pass: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9722 (Feedback): services_captiveportal_vouchers.php wrong status icon link: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9719 (Feedback): system_certmanager.php - Descriptive name field disappeared when adding certificate for user: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9708 (Feedback): /etc/inc/unbound.inc: Pfsense Default Unbound Configuration does not Prevent DNS Rebinding Attacks Against Localhost: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Feature #9695 (Feedback): Add Ability to Force NAT-T Encapsulation on IKEv2 Peers: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Feature #9694 (Feedback): Redact ACB encryption password from status.php: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Feature #9693 (Feedback): Bypass automatic backups: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Feature #9620 (Feedback): User privilege to manage integrated switch: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9586 (Feedback): Unbound Access List /31 UI Issue: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9584 (Feedback): Potential XSS in services_acb.php via hostname parameter with legacy settings: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9582 (Feedback): PHP error setting up VLANs from the console: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9569 (Feedback): Fix serial console terminal size issues: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9558 (Feedback): GPS NTP source PHP errors: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9550 (Feedback): New privilege matching method does not allow menu or tab links to anchors (#foo): Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9543 (Feedback): diag_dns.php: Reverse lookup of IPv6 fails with "Host must be a valid hostname or IP address.": Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9541 (Feedback): Non-admin user with admin rights is given the wrong URL for the user manager: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9540 (Feedback): PHP Uncaught Error in Status/System Logs/Firewall/Dynamic View: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Feature #9532 (Feedback): GUI indication and options for MDS mitigation: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9522 (Feedback): Diagnostics > System Activity shows only the header: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9466 (Feedback): DHCP (IPv4) relay mistakenly listening on upstream interface: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9448 (Feedback): Dynamic DNS options showing in GUI for IPv6 when not in use: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Feature #9412 (Feedback): Add sorting and search/filtering to CA/Certificates: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Feature #9323 (Feedback): Option to hide 'Kernel PTI' from sysinfo widget: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9296 (Feedback): Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9292 (Feedback): Default route as indicated by "(Default)" does not match the actual default route on the OS.: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Feature #9285 (Feedback): Add an option to disable the ping-check in dhcpd: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9258 (Feedback): Error deleting tunnel type P2 when mixed with VTI: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9218 (Feedback): SNMP sysDescr does not display hostname and patch version: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Feature #9111 (Feedback): Add IPsec VTI interface MTU support: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Feature #7791 (Feedback): include /usr/bin/strings in core pfSense: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:11 PM Feature #3792 (Feedback): Group name size limit too restrictive on Active Directory Users: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:07 PM Bug #8847: IPsec status "Show Child SA entries" button only expands and never collapses: I backported the status_ipsec.php changes that fixed this to 2.4.5 as well, see commit:7ba6c13bc6 Jim Pingle
02:40 PM Bug #8847 (Feedback): IPsec status "Show Child SA entries" button only expands and never collapses: Applied in changeset commit:c6220dcf7faf3492713c6c30bb86d3971b2772a9. Jim Pingle
01:42 PM Bug #8847 (In Progress): IPsec status "Show Child SA entries" button only expands and never collapses: I've fixed this as a part of a larger set of changes about to be committed. Jim Pingle
02:40 PM Todo #9603 (Feedback): Strongswan stroke is deprecated, move to swanctl/vici: Applied in changeset commit:c6220dcf7faf3492713c6c30bb86d3971b2772a9. Jim Pingle
02:35 PM Bug #8472 (Feedback): IPsec with "Split connections" enabled (multiple P2's) - new added P2's are not coming up (between two pfsense's 2.4.3): This needs tested again on a 2.5.0 snapshot after the changes for #9603 are available in a build. Jim Pingle
02:35 PM Bug #8015 (Feedback): IPsec VPN Not Reconnecting until complete reboot: This needs tested again on a 2.5.0 snapshot after the changes for #9603 are available in a build. Jim Pingle
11:54 AM pfSense Docs Correction #9951 (Closed): Feedback on VPN — OpenVPN — Configuring a Single Multi-Purpose OpenVPN Instance: *Page:* https://docs.netgate.com/pfsense/en/latest/recipes/openvpn-multi-purpose.html
*Feedback:* These instructio... Nicholas Walker
11:24 AM Bug #9949 (Duplicate): openvpn wizard error: Duplicate of #9945 Jim Pingle
11:12 AM Bug #9949 (Duplicate): openvpn wizard error: ... Viktor Gurov
10:29 AM Bug #9944 (Not a Bug): cron package tries to send out mail with non-existing sendmail tool: That's sort of on purpose. We don't ship anything like sendmail in the base system.
There is a sendmail work-alike... Jim Pingle
10:11 AM Bug #9944 (Not a Bug): cron package tries to send out mail with non-existing sendmail tool: Hi,
To reproduce, create a simple cron job, like:... Alex Kolesnik
07:59 AM Feature #9869 (Resolved): Allow CRL entries to be made by serial number: Jim Pingle
07:56 AM Feature #9943 (Pull Request Review): status_ipsec.php: show encr-keysize: Jim Pingle
03:00 AM Feature #9943 (Duplicate): status_ipsec.php: show encr-keysize: Show size of selected encryption algo on Status \ IPsec page
without it, AES-GCM 128/192/256 is always displayed AES... Viktor Gurov
07:20 AM Bug #9914: dhcp6c wont work on reboot, only after service restart: Yes. The default installation configuration of some devices such as our XG-7100 includes VLAN on LAGG, and dhcp6c is ... Jim Pingle
07:17 AM Bug #9914: dhcp6c wont work on reboot, only after service restart: Did you use VLAN on your lagg? I can reproduce the issue when using VLAN on a lagg in a fresh installed pfsense VM. Seyfidin Hamraoui

12/04/2019

11:41 PM Feature #9869: Allow CRL entries to be made by serial number: tested on 2.5.0.a.20191203.0148
Resolved Viktor Gurov
04:32 PM Revision 864cf5e1: Revert "Enable Multipath in FRR 7. Implements #9545": This reverts commit 5fc75545d779e56468ec8c30e573c87f491a980a. Renato Botelho
04:32 PM Revision b0e6754e: Revert "Restore newline at EOF": This reverts commit bb51e33ba32e0e9b4b6925564c1183cc77923900. Renato Botelho
03:57 PM Revision 66d76b76: Fix #6846: Properly detect Super Micro C2558/C2758: (cherry picked from commit 4de6f04d5f4eb69e9293dad6f47ce66f7d3baec1) Renato Botelho
03:37 PM Revision 2c63d42e: Add RFC 8031 Group 31 to IPsec. Implements #9531: (cherry picked from commit 4fc267484e604509b072b398642f19cb6797ef21) Jim Pingle
10:06 AM Feature #9531: [IPSEC] Add additional curve-based DH Groups (31+): Jim Pingle wrote:
> I picked back the Group 31 change only to 2.4.5 to test since it was reported to function. If it... Jens Groh
09:38 AM Feature #9531 (Feedback): [IPSEC] Add additional curve-based DH Groups (31+): I picked back the Group 31 change only to 2.4.5 to test since it was reported to function. If it works, re-target thi... Jim Pingle
08:03 AM Feature #9825 (Feedback): Requirements for trusted certificates in iOS 13 and macOS 10.15: The default GUI cert lifetime of 825 days needs checked on 2.4.5 snapshots. If it's OK, move target back to 2.5.0 sin... Jim Pingle
06:34 AM Bug #9723 (Not a Bug): DHCPv6 server for several interfaces isn't working on all interfaces: Jim Pingle
02:23 AM Bug #9723: DHCPv6 server for several interfaces isn't working on all interfaces: I cannot reproduce this any more. I don't know how this happened but now it's working. Pim Pish
02:20 AM Feature #9942 (New): Give pfSense the possibility to change the keyboard Layout for console users: In pfSense 2.4.4 you can choose a keyboard Layout during installation but the selection won't affect the system. Keyb... Pim Pish

12/03/2019

04:52 PM Revision e79fdf50: Fix the build of miniupnpd in 12, disable CHECK_PORTINUSE.: (cherry picked from commit b761d75c2edc056576c669d36574793c5d13bdda) Luiz Souza
04:37 PM Revision 8df1dee2: Remove zabbix 3.2 and 3.4 options: (cherry picked from commit 1b5941ebe023ad5f72c93325cc427d2e7af5bd56) Renato Botelho
04:36 PM Revision 3b8482db: Enable LDAP for sudo and build nss_ldap. Fixes #9399: (cherry picked from commit 7db5a396d398b010bfb70048881a6cec0577338f) Jim Pingle
04:34 PM Revision 239192a0: Set bind 9.12 options: (cherry picked from commit 342519c47e300cd355d8dbe023704ebba4235299) Renato Botelho
04:33 PM Revision bb51e33b: Restore newline at EOF: (cherry picked from commit 840a0d4335182056f6eb0942d5661e83b400ac8b) Renato Botelho
04:33 PM Revision 5fc75545: Enable Multipath in FRR 7. Implements #9545: (cherry picked from commit 1836b0c237efdf9bf2ce9fab798f2718f0fd6028) Jim Pingle
04:29 PM Revision ed236d9a: Remove zabbix 2.2 leftovers: Renato Botelho
03:49 PM Revision 328d24fe: Remove zabbix 2.2, 3.2 and 3.4 packages: Renato Botelho
03:35 PM Revision e34757e3: Fix drm port name: Renato Botelho
03:33 PM Revision 95a45da5: Revert "Build net/ng_etf-kmod": Add it to 2.4.5 kernel
This reverts commit 82887eb03ff3d3c83a3cc6295ad73214284329d0. Renato Botelho
01:49 PM Revision 4e02ccf7: Bump version to 2.4.5: Renato Botelho
01:36 PM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: Luiz Souza wrote:
> A fix based on Gavin's PR was committed, please let me know if the problem persists.
>
> Than... Robert Gijsen
10:14 AM Bug #9941: Enabling OpenVPN interface should not validate PPPoE passwords: You can apply the patch from the other issue to test using the System Patches package -- if you need help figuring th... Jim Pingle
10:07 AM Bug #9941: Enabling OpenVPN interface should not validate PPPoE passwords: Jim Pingle wrote:
> This is probably solved by #9864, if not, it's your browser auto-fill that is the problem here.
... Nick DeMarco
09:56 AM Bug #9941 (Duplicate): Enabling OpenVPN interface should not validate PPPoE passwords: This is probably solved by #9864, if not, it's your browser auto-fill that is the problem here. Jim Pingle
09:54 AM Bug #9941 (Duplicate): Enabling OpenVPN interface should not validate PPPoE passwords: Enabling the OpenVPN interface fails if the browser autofills a password in the hidden field PPPoE Password. The brow... Nick DeMarco
01:51 AM Feature #9939: Scheduled update or upgrade option: Jim Pingle wrote:
> That is still very dangerous. An upgrade should always be directly monitored by the admin in cas... Robbie van Moerkerk

12/02/2019

07:04 PM Revision 9d6adc62: "don't" -> "doesn't" (typo fix for help text): something-big
05:16 PM Bug #9296 (Resolved): Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: Luiz Souza
02:41 PM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: * Luiz Souza wrote:
> A fix based on Gavin's PR was committed, please let me know if the problem persists.
Conf... Christian Ullrich
08:40 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: * Robert Gijsen wrote:
> Maybe a stupic question, but as I don't have any git or build tools available within pfSe... Christian Ullrich
05:25 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: Luiz Souza wrote:
> A fix based on Gavin's PR was committed, please let me know if the problem persists.
>
> Than... Robert Gijsen
04:26 PM pfSense Packages Bug #9849: NUT not starting as root? Isn't loading USB drivers?: Braden McGrath wrote:
> Ryan McCullough wrote:
> > It looks like the NUT/UPS driver isn't loading the USB driver un... Ryan McCullough
04:16 PM pfSense Packages Bug #9849: NUT not starting as root? Isn't loading USB drivers?: Ryan McCullough wrote:
> It looks like the NUT/UPS driver isn't loading the USB driver unless I pass the "-u root" p... Braden McGrath
01:57 PM Revision 5a0f6513: simplify queue stats parser: Lucas Held
01:24 PM pfSense Packages Bug #9940 (Duplicate): Removing "default" view under monitoring blocked: Duplicate of #9352 Jim Pingle
12:56 PM pfSense Packages Bug #9940 (Duplicate): Removing "default" view under monitoring blocked: I managed to add a extra view named "default" in the monitoring page. When trying to remove said misstake it is not p... Joakim Dellrud
09:35 AM Feature #9939: Scheduled update or upgrade option: That is still very dangerous. An upgrade should always be directly monitored by the admin in case it does not go as p... Jim Pingle
08:20 AM Feature #9939: Scheduled update or upgrade option: Jim Pingle wrote:
> Having any kind of fully automated update function is very dangerous. Since the process can be t... Robbie van Moerkerk
07:33 AM Feature #9939 (Rejected): Scheduled update or upgrade option: Having any kind of fully automated update function is very dangerous. Since the process can be triggered from the con... Jim Pingle
05:37 AM Feature #9939 (Rejected): Scheduled update or upgrade option: While updating our pfsense cluster we would like to schedule the update/ upgrade found. Please implement an option to... Robbie van Moerkerk
07:33 AM Bug #9938 (Pull Request Review): Queue stats parser broken if bytes > 9999999999: Jim Pingle

12/01/2019

05:34 PM Revision e5deede5: support variable value length in queue stats parser: Lucas Held
01:03 PM Bug #9938 (Resolved): Queue stats parser broken if bytes > 9999999999: Hello,
currently the queue stats parser in the file "/etc/inc/shaper.inc" assumes that the bytes value does not exce... Lucas Held

11/29/2019

09:39 PM Feature #9639: Cloudflare DDNS "API Token": +1 to getting them supported in the Dynamic DNS service.
They are already supported in the "acme" plugin, but they... John M
07:05 PM Revision 7ee29634: curve_compatible_list - array of all compat curves: Viktor Gurov
02:41 PM Revision e99c638b: Init aliases array before use. Fixes #9936: Jim Pingle
02:08 PM Revision 5b535261: Allow revoking serial '0' by number. Fixes #9869: Jim Pingle
01:49 PM Revision 1b970bb2: Only try existent devices when looking for the dump device.: Luiz Souza
08:50 AM Bug #9936 (Feedback): zombie alias check errors if no alises exist: Applied in changeset commit:e99c638b78540efa478dbb3360943c67de72c1af. Jim Pingle
08:41 AM Bug #9936 (In Progress): zombie alias check errors if no alises exist: Jim Pingle
08:46 AM Feature #9937: OpenVPN Login User Privilege: If this is added it would have to be off by default and enabled on a per-server basis. Jim Pingle
08:29 AM pfSense Packages Bug #9935 (Pull Request Review): hide ECDSA certs for Zabbix: Jim Pingle
08:27 AM Feature #9842 (Pull Request Review): Add CA/certificate renewal function: Jim Pingle
08:15 AM Feature #9869 (Feedback): Allow CRL entries to be made by serial number: Applied in changeset commit:5b535261acc969af2e22dcbd6798c881d42a576a. Jim Pingle
07:41 AM Feature #9869 (In Progress): Allow CRL entries to be made by serial number: Jim Pingle
08:11 AM Bug #9785 (Resolved): ACB permits manual backup attempt when disabled: Jim Pingle
07:41 AM pfSense Packages Bug #9932 (Rejected): Squid is not showing CAs for SSL Interception: Can't reproduce this on 2.5.0 or 2.4.4 Both show CAs as they should. Post on the forum if you are still having issues. Jim Pingle

11/28/2019

02:33 PM Revision 6c97c186: Typo fix: (cherry picked from commit 463d5d11726084575b166dffe4b85164b2f5a5c3) Steve Beaver
01:46 PM Revision 00d9ce91: typo: Viktor Gurov
01:37 PM Revision 941470ef: prime256v1 ec curve for renew: Viktor Gurov
11:42 AM Feature #9937 (New): OpenVPN Login User Privilege: Hello pfsense development Team,
It would be awesome to have a "VPN - User: Openvpn Dialin" privilege in the Group ... Arthur Besnard
11:24 AM Bug #9936 (Resolved): zombie alias check errors if no alises exist: It appears not to check if aliases exist on the system before trying to load the array throwing this error:... Steve Wheeler
10:18 AM pfSense Packages Bug #9935 (Resolved): hide ECDSA certs for Zabbix: ECDSA certificates are not yet supported in Zabbix
see https://support.zabbix.com/browse/ZBXNEXT-5475
https:/... Viktor Gurov
08:59 AM Bug #8468: Status / Queues show mostly NaN: Same problem here, some values are displayed as NaN in the status_queues page.
2 screenshots attached, the diag_pfto... Jo S
08:00 AM pfSense Packages Bug #9934: suricata update kills WAN interface: Suricata is running in INLINE IPS mode. Every time, when suricata is stopped or started, it does a link up/down. Is t... Srijan Nandi
07:28 AM pfSense Packages Bug #9934 (Closed): suricata update kills WAN interface: Hello Everyone,
I am running pfSense *2.4.4-RELEASE-p3 (amd64*) with suricata *VERSION 4.1.5_2*. I had set suricat... Srijan Nandi
07:43 AM Feature #9842: Add CA/certificate renewal function: https://github.com/pfsense/pfsense/pull/4122
I think that we need to decide which EC is minimum.
prime256v1 or se... Viktor Gurov
03:40 AM Feature #9842: Add CA/certificate renewal function: Jim Pingle wrote:
> This should be complete for now. I didn't add a CLI script, as it didn't seem necessary yet. On ... Viktor Gurov
07:31 AM Bug #9296 (Feedback): Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: A fix based on Gavin's PR was committed, please let me know if the problem persists.
Thanks Luiz Souza
05:29 AM Bug #9933 (Resolved): Captive Portal + Voucher not keeping auto-added "Pass-through MAC Auto Entry": With Captive Portal, the "Enabled Pass-through MAC Auto Entry" should normally keep definitvly the MAC address into t... Johan DEVELON
04:45 AM Feature #9862 (Resolved): Add support for waiting between ping-packages on diag_ping.php: Renato Botelho
04:15 AM Feature #9862: Add support for waiting between ping-packages on diag_ping.php: Renato Botelho wrote:
> PR has been merged. Thanks!
tested on pfSense 2.5.0.a.20191127.2047
works as expected,... Viktor Gurov
04:17 AM Bug #9785: ACB permits manual backup attempt when disabled: tested on pfSense 2.5.0.a.20191127.2047
'backup' button is inactive when ACB disabled
Resolved Viktor Gurov
03:47 AM Feature #9869: Allow CRL entries to be made by serial number: tested on pfSense 2.5.0.a.20191127.2047
it do not save serial number 0 (zero) Viktor Gurov
02:55 AM pfSense Packages Feature #9901 (Resolved): show ECDSA CAs only with correct curves: tested on pfSense 2.5.0.a.20191127.2047 with squid 0.4.44_9
correct, resolved Viktor Gurov
02:54 AM pfSense Packages Feature #9906 (Resolved): show ECDSA CAs and certs only with correct curves: tested on pfSense 2.5.0.a.20191127.2047 with freeradius3 0.15.7_6
correct, resolved Viktor Gurov
02:53 AM pfSense Packages Bug #9919 (Resolved): stunnel server connection failure if ECDSA cert is not in IPsec list: tested on pfSense 2.5.0.a.20191127.2047 with stunnel 5.50_2
correct, resolved Viktor Gurov
02:51 AM pfSense Packages Feature #9929 (Resolved): show only ECDSA-safe exports packages: tested on pfSense 2.5.0.a.20191127.2047 with openvpn-client-export 1.4.19_1
correct, resolved Viktor Gurov

11/27/2019

04:32 PM Revision f6e1c731: Switch default NTP pool server. Fixes #9931: 2.<x> pools contain both IPv4 and IPv6 hosts.
(cherry picked from commit ae132b611439c15003578e38ec338a60eb9ed904) Jim Pingle
04:32 PM Revision 65db2067: Switch default NTP pool server. Fixes #9931: 2.<x> pools contain both IPv4 and IPv6 hosts. Jim Pingle
04:31 PM Revision 0f64460f: Merge pull request #4098 from vktg/delzombiealiases: Renato Botelho
04:29 PM Revision 3b2fb394: Merge pull request #4105 from vktg/guirebootarmcheck: Renato Botelho
04:28 PM Revision fcb61f94: Make hostname optional for for DNS-O-Matic.: This resolves ticket #7601.
(cherry picked from commit 1ccc327f0014d74de501a066df556add28c38e78) gizmotronic
04:28 PM Revision bc542876: Merge pull request #4120 from gizmotronic/dnsomatic-hostname-optional: Renato Botelho
12:06 PM pfSense Packages Bug #9932: Squid is not showing CAs for SSL Interception: Correct Version: 0.4.44_9 Nicolas Bezutt
11:58 AM pfSense Packages Bug #9932 (Rejected): Squid is not showing CAs for SSL Interception: After update to 0.4.4_9, the CA field in SSL Man In The Middle Filtering is no more showing any certificates. Older V... Nicolas Bezutt
11:26 AM Feature #9883 (Resolved): Allow CAs to use randomized serials when signing: Jim Pingle
11:12 AM Feature #9883: Allow CAs to use randomized serials when signing: tested on pfSense 2.5.0.a.20191126.1832
it successfully creates random serials when creating certificates or sig... Viktor Gurov
10:40 AM Bug #9931 (Feedback): 0.pfsense.pool.ntp.org doesn't work on IPv6 only installations: Applied in changeset commit:65db20674d716208e340b96471ff98d1bb0c957b. Jim Pingle
10:34 AM Bug #9931: 0.pfsense.pool.ntp.org doesn't work on IPv6 only installations: I didn't see the PR and had already made the change after testing it out locally, it will show up soon. Jim Pingle
10:15 AM Bug #9931: 0.pfsense.pool.ntp.org doesn't work on IPv6 only installations: Changed in https://github.com/pfsense/pfsense/pull/4121 Isaac McDonald
09:59 AM Bug #9931 (Resolved): 0.pfsense.pool.ntp.org doesn't work on IPv6 only installations: I debated whether this should be considered a bug or a feature. I ultimately decided it should be considered a bug se... Isaac McDonald
10:32 AM Bug #9790 (Feedback): firewall aliases table with fqdn stays in system after deleting: PR has been merged. Thanks! Renato Botelho
10:30 AM Feature #9771 (Feedback): diag_reboot.php: add ability to reroot and reboot with fsck to WebGUI: Renato Botelho
10:30 AM Feature #9771: diag_reboot.php: add ability to reroot and reboot with fsck to WebGUI: PR has been merged. Thanks Renato Botelho
10:29 AM Bug #7601 (Feedback): Dynamic DNS - Hostname should not be required for DNS-O-Matic: PR has been merged. Thanks! Renato Botelho
07:42 AM Bug #7601 (Pull Request Review): Dynamic DNS - Hostname should not be required for DNS-O-Matic: Jim Pingle
10:24 AM pfSense Packages Feature #9929 (Feedback): show only ECDSA-safe exports packages: PR has been merged. Thanks! Renato Botelho
07:59 AM pfSense Packages Feature #9929 (Pull Request Review): show only ECDSA-safe exports packages: Jim Pingle
04:32 AM pfSense Packages Feature #9929: show only ECDSA-safe exports packages: two more packages with certificates left - Zabbix-agent and Net-SNMP Viktor Gurov
04:29 AM pfSense Packages Feature #9929 (Resolved): show only ECDSA-safe exports packages: show only ECDSA-safe exports packages on OpenVPN \ Client Export Utility page
i.e. certs with prime256v1, secp384r... Viktor Gurov
10:23 AM pfSense Packages Feature #9901 (Feedback): show ECDSA CAs only with correct curves: PR has been merged. Thanls! Renato Botelho
09:23 AM Revision 192d769c: switch to IPsec cert list: Viktor Gurov
09:16 AM Revision 0619c2b5: cosmetic: Viktor Gurov
09:13 AM Revision 0de3991f: Merge branch 'master' into p11ipsec: vktg
08:59 AM Revision aad37244: rebase: Viktor Gurov
08:57 AM Revision 2d604c8b: successful connection: Viktor Gurov
08:57 AM Revision 5fe27d1c: more: Viktor Gurov
08:34 AM Revision 8b859d91: first steps: Viktor Gurov
08:26 AM Revision 43996917: merge with upstream: Viktor Gurov
07:50 AM Bug #9296 (Pull Request Review): Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: Jim Pingle
04:27 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: I have a fix for this, and have created a pull request.
https://github.com/pfsense/FreeBSD-ports/pull/714 Gavin Stewart
12:29 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: Gavin Stewart wrote:
> I now have a minimal and repeatable set of steps to reproduce this.
Actually, I have revis... Gavin Stewart
07:47 AM Feature #9928 (Duplicate): Allow keyless certificates in the Cert Client admin tool: Duplicate of #9834 Jim Pingle
02:55 AM Feature #9928 (Duplicate): Allow keyless certificates in the Cert Client admin tool: Would be useful to also allow for certificates without a key to be created/managed in the cert admin tool.
E.g. ... Dirk-Willem van Gulik
07:46 AM Feature #9927 (Duplicate): Allow Aliases in fields on VPN/OpenVPN/Servers/Edit - in particular for "IPv4 Local network(s)": Duplicate of #2668 Jim Pingle
02:52 AM Feature #9927 (Duplicate): Allow Aliases in fields on VPN/OpenVPN/Servers/Edit - in particular for "IPv4 Local network(s)": Would be useful to allow Aliases in particularly the "IPv4 Local network(s)" of the OpenVPN server setup.
As this... Dirk-Willem van Gulik
07:45 AM Bug #9920 (Resolved): system_crlmanager.php: CRL export file is empty if CA key type is ECDSA: My PR was merged upstream and we're on the latest version as well now, without needing a patch. That was finished the... Jim Pingle
12:08 AM Bug #9920: system_crlmanager.php: CRL export file is empty if CA key type is ECDSA: Jim Pingle wrote:
> I added that patch to our port:
>
> https://github.com/pfsense/FreeBSD-ports/commit/1bdb4e58d... Viktor Gurov
07:41 AM Feature #9896 (Resolved): Add poly1305-chacha20 to the TLSv1.2 cipher list in nginx: Jim Pingle
06:38 AM Feature #9896: Add poly1305-chacha20 to the TLSv1.2 cipher list in nginx: Renato Botelho wrote:
> PR has been merged. Thanks
Tested on pfSense 2.5.0.a.20191126.1832... Viktor Gurov
07:40 AM Bug #9930 (Not a Bug): Dpinger fills log with sendto errors when VPN is down: We do not maintain dpinger, if you want to suggest a change to dpinger, raise it on their bug tracker: https://github... Jim Pingle
07:10 AM Bug #9930 (Not a Bug): Dpinger fills log with sendto errors when VPN is down: I have configured a tinc VPN Interface and I have a Gateway on that connection. If the remote host goes down (meaning... Flole Systems
07:02 AM Feature #9905 (Resolved): ospf / ospv3 packet capture: Renato Botelho
04:37 AM Feature #9905: ospf / ospv3 packet capture: tested on 2.5.0.a.20191126.1832
works, Resolved Viktor Gurov
05:22 AM Revision 647bbe86: array_diff fix: Viktor Gurov
05:20 AM Revision 75b83f36: array_diff fix: Viktor Gurov
05:11 AM Revision 96d0cb2d: php_uname func: Viktor Gurov
02:43 AM Revision 1ccc327f: Make hostname optional for for DNS-O-Matic.: This resolves ticket #7601. gizmotronic

11/26/2019

08:19 PM Revision 176c7256: traffic-graphs, don't stop drawing graphs when a interface is disabled: traffic-graphs, don't stop drawing graphs when a interface is disabled Pi Ba
04:56 PM Revision f61a794a: Unset temp vars when refreshing CRLs. Issue #9915: Otherwise it might unintentionally add a CRL to a server which does not
have one selected Jim Pingle
04:05 PM Revision 475d712b: When refreshing CRLs, increment suffix, do not clean up. Fixes #9915: While here, fix a bug with refresh path. Jim Pingle
04:00 PM pfSense Docs Correction #9926 (Closed): Feedback on Virtualization — Virtualizing pfSense with VMware vSphere / ESXi: Thanks! Jim Pingle
03:39 PM pfSense Docs Correction #9926 (Closed): Feedback on Virtualization — Virtualizing pfSense with VMware vSphere / ESXi: *Page:* https://docs.netgate.com/pfsense/en/latest/virtualization/virtualizing-pfsense-with-vmware-vsphere-esxi.html
... Bjorn Formo
03:15 PM Revision 84041dcf: Correctly populate CRL issuer in crl_contains_cert. Fixes #9924: Jim Pingle
03:07 PM pfSense Docs Correction #9925 (Closed): Feedback on VPN — OpenVPN — Troubleshooting Windows OpenVPN Client Connectivity: *Page:* https://docs.netgate.com/pfsense/en/latest/vpn/openvpn/troubleshooting-windows-openvpn-client-connectivity.ht... Steve Wheeler
02:22 PM Feature #9828: L2TP (long) username containing @ (realm separator): Any proposed changes should be submitted via pull request so they can be reviewed, discussed, and merged.
https://... Jim Pingle
01:47 PM Feature #9828: L2TP (long) username containing @ (realm separator): bump, anyone? Arjan van der Oest
02:21 PM Todo #9603 (In Progress): Strongswan stroke is deprecated, move to swanctl/vici: I'm looking this over. A few more useful links:
swanctl.conf format:
https://wiki.strongswan.org/projects/strongs... Jim Pingle
02:14 PM Revision 3c1249b3: Add 'none' option to cert_build_list. Issue #9923: Jim Pingle
10:15 AM Todo #9915 (Feedback): Convert OpenVPN to CAPath: Applied in changeset commit:475d712b910e197256c06634051e1ad75be4bdfe. Jim Pingle
10:03 AM Todo #9915: Convert OpenVPN to CAPath: That method does work to update CRLs, so I'll adjust the code to work that way.
Still doesn't work for intermediat... Jim Pingle
09:47 AM Todo #9915 (In Progress): Convert OpenVPN to CAPath: Something else to consider is to increment the CRL suffix number (e.g. r0 -> r1 -> r2), which may trick OpenSSL into ... Jim Pingle
09:44 AM Todo #9915: Convert OpenVPN to CAPath: While the new structure functions well at startup, it does appear as though the CRL status is cached at startup. When... Jim Pingle
09:25 AM Bug #9924 (Feedback): crl_contains_cert() does not correctly report revoked status for intermediate CAs: Applied in changeset commit:84041dcfd744d2dbbcee90338705c12b4c844e96. Jim Pingle
09:14 AM Bug #9924 (Resolved): crl_contains_cert() does not correctly report revoked status for intermediate CAs: If a certificate is issued by an intermediate CA and revoked in a CRL for that intermediate CA, @crl_contains_cert()@... Jim Pingle

11/25/2019

09:50 PM Revision 348c2af1: Restructure OpenVPN settings directory layout: * Changed from /var/etc/openvpn[-csc]/<mode><id>.<file> to
/var/etc/openvpn/<mode><id>/<x>
* This keeps all settings ... Jim Pingle
05:24 PM Revision 67f362de: Merge pull request #4114 from vktg/ospfpcap: Renato Botelho
05:18 PM Revision 22820e3a: Merge pull request #4107 from Godwottery/Godwottery-ping-wait: Renato Botelho
05:17 PM Revision fb8ee03c: Merge pull request #4108 from Augustin-FL/Augustin-FL-patch-builder-common: Renato Botelho
05:10 PM Revision d4b090cb: Merge pull request #4112 from vktg/poly1305tls12: Renato Botelho
04:42 PM Revision 59fac81f: Add select_source compatible output to cert_build_list(). Implements #9923: Jim Pingle
04:00 PM Todo #9915 (Feedback): Convert OpenVPN to CAPath: Applied in changeset commit:348c2af1671d8f11c5d9ca67a32cbb28940ef19a. Jim Pingle
03:07 PM Revision ab5ef410: Enforce limiter delay 0<=x<=10000. Fixes #9921: (cherry picked from commit 8afa74bb099d75962a5efb8a603981c0249f91a0) Jim Pingle
03:06 PM Revision 8afa74bb: Enforce limiter delay 0<=x<=10000. Fixes #9921: Jim Pingle
02:02 PM Revision 1a969ea2: Remove zabbix 2.2 leftovers: Renato Botelho
11:24 AM Feature #9905 (Feedback): ospf / ospv3 packet capture: PR has been merged. Thanks! Renato Botelho
11:19 AM Feature #9862 (Feedback): Add support for waiting between ping-packages on diag_ping.php: PR has been merged. Thanks! Renato Botelho
11:12 AM Feature #9896 (Feedback): Add poly1305-chacha20 to the TLSv1.2 cipher list in nginx: PR has been merged. Thanks Renato Botelho
10:50 AM Feature #9923 (Feedback): Add select_source compatible output to cert_build_list(): Applied in changeset commit:59fac81f316b0616e0c50ec47ffa9cfa97a10ebb. Jim Pingle
10:42 AM Feature #9923 (Resolved): Add select_source compatible output to cert_build_list(): Rather than duplicate the effort in many packages, add support to @cert_build_list()@ to generate an array compatible... Jim Pingle
10:40 AM pfSense Packages Bug #9919 (Feedback): stunnel server connection failure if ECDSA cert is not in IPsec list: PR has been merged. Thanks! Renato Botelho
10:38 AM pfSense Packages Feature #9906 (Feedback): show ECDSA CAs and certs only with correct curves: PR has been merged. Thanks! Renato Botelho
10:27 AM Bug #9920 (Feedback): system_crlmanager.php: CRL export file is empty if CA key type is ECDSA: I added that patch to our port:
https://github.com/pfsense/FreeBSD-ports/commit/1bdb4e58dd3802abbd25acc5ff8da23336... Jim Pingle
10:01 AM Bug #9920: system_crlmanager.php: CRL export file is empty if CA key type is ECDSA: I submitted a PR to their project to add support for ECDSA CAs, it didn't take much:
https://github.com/ukrbublik/... Jim Pingle
09:15 AM Bug #9921 (Feedback): Limiters allow invalid delay values: Applied in changeset commit:8afa74bb099d75962a5efb8a603981c0249f91a0. Jim Pingle
08:46 AM pfSense Packages Bug #9922 (Feedback): haproxy_version does not use full path to haproxy, leads to errors when run during cron: Fixed:
https://github.com/pfsense/FreeBSD-ports/commit/47f4f91aa8159e47f24990eb2496784cb9ef07c6
https://github.co... Jim Pingle
08:41 AM pfSense Packages Bug #9922 (Resolved): haproxy_version does not use full path to haproxy, leads to errors when run during cron: When /etc/rc.filter_configure_sync is run from cron, it yields errors from haproxy. For example in this simulated run... Jim Pingle

11/24/2019

09:10 AM Feature #9918: check user certificates for correct ECDSA curves: In the GUI, yes, but admins could be using them for other purposes. It's best to filter them at the point we know the... Jim Pingle
03:55 AM Feature #9918: check user certificates for correct ECDSA curves: Jim Pingle wrote:
> We don't know what they are using them for necessarily.
As I understand user certs can be use... Viktor Gurov
08:51 AM Bug #9921 (Resolved): Limiters allow invalid delay values: When creating Limiters the GUI allows delay values above 10000ms. The config also allow this and it is written into t... Steve Wheeler
04:42 AM Bug #1943: PPPoE won't reconnect after link loss when using vr(4) NICs on certain ISPs only: I am experiencing the same issue with version 2.4.4-p3 on x86 hardware (re network interfaces). Yuran Yastreb

11/23/2019

11:00 PM pfSense Packages Bug #9919 (Pull Request Review): stunnel server connection failure if ECDSA cert is not in IPsec list: Jim Pingle
03:03 AM pfSense Packages Bug #9919: stunnel server connection failure if ECDSA cert is not in IPsec list: https://github.com/pfsense/FreeBSD-ports/pull/712 Viktor Gurov
02:42 AM pfSense Packages Bug #9919 (Resolved): stunnel server connection failure if ECDSA cert is not in IPsec list: stunnel client can use cert with any ECDSA curve,
but if stunnel server use incorrect (not prime256v1, secp384r1, se... Viktor Gurov
10:58 PM Feature #8289 (Resolved): OpenVPN - configurable username as common name: Thanks for testing! Jim Pingle
02:39 AM Feature #8289: OpenVPN - configurable username as common name: Thanks Jim.
Works. Greg M
10:58 PM Feature #9918 (Closed): check user certificates for correct ECDSA curves: I don't think we should limit this here. When creating/assigning the certs, it's really up to the admin. We don't kno... Jim Pingle
01:27 AM Feature #9918 (Closed): check user certificates for correct ECDSA curves: Show only correct (IPsec = OpenVPN) ECDSA when adding existing certificates to users,
'Choose an Existing Certifica... Viktor Gurov
10:56 PM Bug #9917 (Pull Request Review): Widget Refresh Logic Flawed: Jim Pingle
12:33 AM Bug #9917 (Closed): Widget Refresh Logic Flawed: Hello team,
I have forked pfSense and resolved this in a feature branch, but need to have a redmine issue for refe... Christopher Embry
11:12 AM Bug #9920: system_crlmanager.php: CRL export file is empty if CA key type is ECDSA: it looks like ukrbublik/openssl_x509_crl do not support ECDSA -
https://github.com/ukrbublik/openssl_x509_crl/blob... Viktor Gurov
10:49 AM Bug #9920: system_crlmanager.php: CRL export file is empty if CA key type is ECDSA: in case of ECDSA CA <text></text> field of <crl></crl> is always empty in config.xml Viktor Gurov
10:30 AM Bug #9920 (Resolved): system_crlmanager.php: CRL export file is empty if CA key type is ECDSA: CRL export file is empty if CA key type is ECDSA
certs inside this CRL can be RSA or ECDSA
if CRL CA key type is ... Viktor Gurov
12:15 AM Feature #9878: IPsec PKCS#11 authentication: for today only CheckPoint support PKCS#11 tokens
most of other vendors (Palo Alto, Riverbed, Huawei, Fortinet, F5)... Viktor Gurov

11/22/2019

08:40 PM Revision b3395df2: Add OpenVPN Keepalive/Ping/Inactive input validation. Fixes #3473: (cherry picked from commit 4a5875a1771d286aee1c1e90d7f45991f9892a68) Jim Pingle
08:37 PM Revision 4a5875a1: Add OpenVPN Keepalive/Ping/Inactive input validation. Fixes #3473: Jim Pingle
07:19 PM Revision e5c4f2a7: Make OpenVPN username-as-common-name options. Implements #8289: Jim Pingle
06:59 PM Revision 7591a72a: Add exit notify to OpenVPN servers/clients. Implements #9078: Jim Pingle
05:31 PM Bug #9321: Traffic Graphs on Dashboard not loading with certain types of interfaces: This seems to be a race condition somehow, it doesn't always happen and I think it was loading for me before after di... Flole Systems
04:41 PM Revision 19a0636d: Prevent OpenVPN tunnel network reuse. Fixes #3244: Ensures that a submitted tunnel network is not already in use on other
OpenVPN client or server instances, to avoid c... Jim Pingle
02:45 PM Feature #3473 (Feedback): Allow configuration of OpenVPN keepalive: Applied in changeset commit:4a5875a1771d286aee1c1e90d7f45991f9892a68. Jim Pingle
01:22 PM Feature #3473 (In Progress): Allow configuration of OpenVPN keepalive: This is missing input validation. I'll add it. Jim Pingle
02:39 PM Feature #7803 (Closed): Include more OpenVPN Options in GUI: @--inactive@ was covered by the implementation for #3473, anything else can be handled on specific case-by-case revie... Jim Pingle
01:44 PM Revision ca3cddbe: Update OpenVPN EC list based on testing. Issue #9744: Jim Pingle
01:38 PM Revision 809e196a: CDATA escape more auth-related fields. Fixes #9327: (cherry picked from commit 327ad811aa5f965ba805ea78f879c759ca0fdafa) Jim Pingle
01:35 PM Revision df1de4df: Correct VTI IPv6 test and syntax. Fixes #9801: (cherry picked from commit 1d9fbb716543110ac245e2749f8c06fc77480a77) Jim Pingle
01:25 PM Feature #8289 (Feedback): OpenVPN - configurable username as common name: Applied in changeset commit:e5c4f2a7d977fb1fd6c7b4446e187486b72285be. Jim Pingle
01:10 PM Feature #9078 (Feedback): Investigate adding knobs for explicit-exit-notify in OpenVPN: Applied in changeset commit:7591a72a5108a2ac28d28745cec43ea282869aae. Jim Pingle
10:50 AM Feature #3244 (Feedback): Check that OpenVPN tunnel network does not overlap any other subnet: Applied in changeset commit:19a0636d7c0e0178209406480cc383853f0d3f72. Jim Pingle
08:11 AM pfSense Packages Feature #9742: Print Patch ID in log while patching: The sshguard log message wouldn't be related.
I see logs for manual patching and reverting, but no log messages wh... Jim Pingle
01:23 AM pfSense Packages Feature #9742: Print Patch ID in log while patching: tested on pfSense 2.5.0.a.20191121.2127 with System_Patches 1.2_4
test patch: https://github.com/pfsense/pfsense/com... Viktor Gurov
07:46 AM Bug #9744: fatal error if ECDH Curve not default: I pushed an update in commit:ca3cddbec4 to change the OpenVPN curve list to match IPsec Jim Pingle
01:17 AM Bug #9744: fatal error if ECDH Curve not default: last test result with pfSense 2.5.0.a.20191121.2127 (OpenVPN 2.4.8) and Debian 10.2 client (OpenVPN 2.4.7)
server ... Viktor Gurov
07:35 AM Bug #9801 (Resolved): VTI IPv6 addresses don't get assigned: Thanks for testing! Jim Pingle
07:34 AM Bug #9801: VTI IPv6 addresses don't get assigned: I've tested with the latest 2.5 development snapshot and it seems to be working correctly now. Ben Hughes
01:26 AM pfSense Packages Bug #9850 (Resolved): show huperscan option only for x86 arch: Tested on 2.5.0.a.20191121.1639 (SG-1000, arm) and suricata 4.1.5_2
Ok, Resolved Viktor Gurov

11/21/2019

09:31 PM Revision efe83ab9: Enable OpenVPN x509-alt-username build option. Fixes #9884: Jim Pingle
09:22 PM Revision 327ad811: CDATA escape more auth-related fields. Fixes #9327: Jim Pingle
09:02 PM Revision fd04c00c: Hide OpenVPN 'interface' when multihome is selected. Fixes #7840: (cherry picked from commit 5a9dc1dc278c6c537bfd5289125607117ceb99df) Jim Pingle
09:01 PM Revision 5a9dc1dc: Hide OpenVPN 'interface' when multihome is selected. Fixes #7840: Jim Pingle
08:19 PM Revision 53ede603: OpenVPN page sorting tweaks: (cherry picked from commit 41025f6094ed34406cdf23097656ea7cae4483ae) Jim Pingle
08:19 PM Revision 3e42a128: OpenVPN status page sent/recv bytes sorting changes. Fixes #7359: (cherry picked from commit f467ea24cb3c3a98b370c2427ff1aa53d25f14a1) Jim Pingle
07:41 PM Revision bc3e78ab: OpenVPN ECDH/ECDSA filtering. Fixes #9744: Can be revisited in the future if the corresponding OpenVPN bug is
resolved. Jim Pingle
07:09 PM Revision f467ea24: OpenVPN status page sent/recv bytes sorting changes. Fixes #7359: Jim Pingle
06:36 PM Revision 41025f60: OpenVPN page sorting tweaks: Jim Pingle
05:09 PM Revision 20cd68d2: Add copy action to OpenVPN pages. Implements #5851: Added to Server, Client, and Client-Specific Override pages
(cherry picked from commit d86c28bc833cdeb8eb90525d930ff... Jim Pingle
05:08 PM Revision d86c28bc: Add copy action to OpenVPN pages. Implements #5851: Added to Server, Client, and Client-Specific Override pages Jim Pingle
04:43 PM Bug #9212 (Not a Bug): OpenVPN Client can't connect over IPv6 in "multihome": OK, that does sound more like an OpenVPN or config issue. Jim Pingle
04:38 PM Bug #9212: OpenVPN Client can't connect over IPv6 in "multihome": Oh, I totally forgot about this problem.
I finally found the solution and I think the problem comes from OpenVPN a... benoit moreau
03:16 PM Bug #9212 (Incomplete): OpenVPN Client can't connect over IPv6 in "multihome": The description is a bit vague:
* Is pfSense the server in this scenario, or the client?
* If the client is not p... Jim Pingle
04:34 PM Revision f6636150: arm check fix with get_single_sysctl(): Viktor Gurov
03:40 PM Feature #9884 (Feedback): Add support for OpenVPN --x509-username-field: Applied in changeset commit:efe83ab95d64d8d364d8a210d709fa49a551e718. Jim Pingle
03:32 PM Feature #9884: Add support for OpenVPN --x509-username-field: I'm not seeing any negative effects to enabling that build option, so it should be fine for testing. Jim Pingle
03:30 PM Bug #9327 (Feedback): Using the character "¤" in OpenVPN password field creates invalid config.xml: Applied in changeset commit:327ad811aa5f965ba805ea78f879c759ca0fdafa. Jim Pingle
03:22 PM Bug #9327: Using the character "¤" in OpenVPN password field creates invalid config.xml: Looks like the easiest fix is to CDATA escape that field. Jim Pingle
03:10 PM Bug #7840 (Feedback): OpenVPN 2.4 Server: Hide Interface when Protocol is Multihome: Applied in changeset commit:5a9dc1dc278c6c537bfd5289125607117ceb99df. Jim Pingle
02:55 PM Feature #7353 (Closed): Openvpn Logins page: On 2.5.0 there is a dedicated authentication log, which you could filter for OpenVPN and see most of what you are aft... Jim Pingle
02:48 PM Feature #7078: Allow reordering of client specific overrides in OpenVPN: While not a persistent reordering, I added sorting to the list in commit:41025f6094ed34406cdf23097656ea7cae4483ae
Jim Pingle
02:47 PM Feature #4728 (Duplicate): Expose ``nopool`` server option in the OpenVPN Server GUI: This was duplicated by #7567 which was solved a couple years ago. Jim Pingle
02:43 PM Feature #3244: Check that OpenVPN tunnel network does not overlap any other subnet: Thinking about this a bit since I noticed the lack of validation when implementing #5851. It makes sense that an Open... Jim Pingle
02:28 PM pfSense Packages Feature #9874 (Pull Request Review): safesearch enforcing: Jim Pingle
03:24 AM pfSense Packages Feature #9874: safesearch enforcing: received email from Yandex support with the list of domains for redirection:... Viktor Gurov
02:27 PM pfSense Packages Feature #9916 (Pull Request Review): Check allow-transfer in custom option when the zone is slave: Jim Pingle
01:32 PM pfSense Packages Feature #9916 (Resolved): Check allow-transfer in custom option when the zone is slave: If i add custom option (allow-transfer) to my slave zone, bind exit with error, because say already defined this opti... Am1g0 B0y
01:50 PM Bug #9744 (Feedback): fatal error if ECDH Curve not default: Applied in changeset commit:bc3e78ab3dd4bffb89cb8d2533199e37f92fcbf2. Jim Pingle
01:20 PM Bug #7359 (Feedback): Status/OpenVPN Page Sorts Incorrectly: Applied in changeset commit:f467ea24cb3c3a98b370c2427ff1aa53d25f14a1. Jim Pingle
11:38 AM Feature #5851: Add copy action to OpenVPN client / server: Thank you! PT Rich
11:15 AM Feature #5851 (Feedback): Add copy action to OpenVPN client / server: Applied in changeset commit:d86c28bc833cdeb8eb90525d930ff81fa3738cc9. Jim Pingle

11/20/2019

04:47 PM Revision 1d9fbb71: Correct VTI IPv6 test and syntax. Fixes #9801: Jim Pingle
04:29 PM Revision 94ce250e: Move CA random serial option to upper section. Issue #9883: This allows it to be set when creating a new CA, so it doesn't have to
be edited in later.
Also show the next serial... Jim Pingle
03:00 PM Todo #9915 (Resolved): Convert OpenVPN to CAPath: While investigating #9889, I found that OpenVPN recently introduced a new style of specifying CA and CRLs in a single... Jim Pingle
02:44 PM Bug #4521: OpenVPN authentication and certificate validation fail due to size of data passed through ``fcgicli``: This is likely less of an issue now that emailAddress is no longer usable in the subject, but might still be hit with... Jim Pingle
02:29 PM Bug #9744: fatal error if ECDH Curve not default: If it works with the secp* curves then maybe we should filter the list like we have done for HTTPS and IPsec. At leas... Jim Pingle
01:16 PM Feature #9309 (Pull Request Review): Allow manual selection of IPsec IKE Pseudo-Random Function (PRF): Jim Pingle
01:10 PM Feature #3718: radvd - enhancement proposal: ability to advertise routes and some fixes - patches attached: Can you submit this as a pull request on github, rather than attaching patches?
https://docs.netgate.com/pfsense/e... Jim Pingle
10:55 AM Bug #9801 (Feedback): VTI IPv6 addresses don't get assigned: Applied in changeset commit:1d9fbb716543110ac245e2749f8c06fc77480a77. Jim Pingle
10:47 AM Bug #9801 (In Progress): VTI IPv6 addresses don't get assigned: Jim Pingle
08:05 AM Bug #9577: radvd send_ra_forall failed on interface / can't join ipv6-allrouters: Ronald Schellberg wrote:
> On a side note, why has issue dropped from the 2.5 issue list????
It was never assigne... Jim Pingle

11/19/2019

04:43 PM Revision d1f5587d: Rename IPsec "RSA" options to "Certificate". Implements #9903: Jim Pingle
02:21 PM Bug #9873: Switching the System Update to Development renders the system unbootable: If it can help. I was able to correct the issue by running:
ssh to pfsense
cd /usr/local/lib/php/
ln -s 2017071... Alex D
01:45 PM pfSense Packages Bug #9795: FRR add two or more ipv6 BGP Neighbors will system down: i try setup use openbgpd normarl work ipv6 with openvpn. so i think the frr sure has bugs. yon Liu
12:12 PM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: Jim Pingle wrote:
> John K wrote:
> > What's the status here? Has Netgate been able to reproduce this issue?
>
... John K
10:50 AM Todo #9903 (Feedback): Rename IPsec "RSA" options to more generic "Certificate" options: Applied in changeset commit:d1f5587d48af48817336fdf8644ea7d7679cf037. Jim Pingle
09:15 AM Bug #9646: OpenSSL 1.1.1 does not list engines for AES-NI or BSD crypto: On my beyond 2.5 version (12.1 based), the devcryto patch applied, and after the devcrypto.ko is loaded:... Ronald Schellberg
04:57 AM Bug #9646: OpenSSL 1.1.1 does not list engines for AES-NI or BSD crypto: https://forum.netgate.com/topic/148171/openvpn-no-option-for-aes-ni/6
openssl speed -engine rdrand -evp aes-128-gc... yon Liu
07:59 AM Bug #9914 (Rejected): dhcp6c wont work on reboot, only after service restart: This doesn't appear to be a general issue with dhcp6c, but it may be specific to something in your settings or enviro... Jim Pingle
05:35 AM Bug #9914 (Rejected): dhcp6c wont work on reboot, only after service restart: The dhcp6c service is not working after a reboot, I have to restart the service to get it working. The log file has t... Seyfidin Hamraoui
07:51 AM Bug #3965: dhcp6c started before bridge configured at boot, preventing interface tracking: See also: #6529 Jim Pingle
07:51 AM Bug #6529 (Duplicate): dhcp6c fails to start with track6 on a bridge interface: Duplicate of #3965 Jim Pingle
05:55 AM Feature #7791 (Resolved): include /usr/bin/strings in core pfSense: Renato Botelho
12:10 AM pfSense Packages Feature #9913 (Resolved): Adding note Squid Traffic Managment Settings about feature limit: Squid Traffic Managment Settings mostly works with generic HTTP, so that, it may not work without HTTPS Interception ... Constantine Kormashev

11/18/2019

10:33 PM Feature #7791: include /usr/bin/strings in core pfSense: I can confirm that /usr/bin/strings gets included in new builds. Ronald Schellberg
11:00 AM Feature #7791 (Feedback): include /usr/bin/strings in core pfSense: Applied in changeset commit:6ecea21ad2b6b7912968fb1240ee5d32649bbdf1. Renato Botelho
10:29 AM Feature #7791: include /usr/bin/strings in core pfSense: If there an explicit non-plan for this to be addressed, could it be so noted? Royce Williams
09:46 PM Revision 9540eac2: fix: Viktor Gurov
09:30 PM Feature #9911 (Resolved): Show confirmation box before disconnecting PPPoE: Great, thanks for testing! Jim Pingle
09:19 PM Feature #9911: Show confirmation box before disconnecting PPPoE: I can confirm this patch works. Nice red button and it requests confirmation of the selection to disconnect. Ronald Schellberg
09:18 PM Feature #9911: Show confirmation box before disconnecting PPPoE: Hi Jim.
I've applied the patch and I'm happy to confirm that yes, it works perfectly!
I like the fact it's now RED ... Anonymous
03:28 PM Feature #9911: Show confirmation box before disconnecting PPPoE: You're welcome! Did you have a chance to test the patch? You should be able to apply commit 4193cc185ef55e2260dae4ff2... Jim Pingle
03:05 PM Feature #9911: Show confirmation box before disconnecting PPPoE: Unsure if it's appropriate to say "Thanks" in the bugtracker, but *thanks!!* Especially for such a prompt patch. App... Anonymous
01:45 PM Feature #9911 (Feedback): Show confirmation box before disconnecting PPPoE: Applied in changeset commit:b8b0c2a320166a3b5732354d35edad47d0f05a04. Jim Pingle
07:19 AM Feature #9911: Show confirmation box before disconnecting PPPoE: This should be as easy as changing the button from a warning class to a danger class, which automatically gets a JS c... Jim Pingle
12:11 AM Feature #9911 (Resolved): Show confirmation box before disconnecting PPPoE: The *Status->Interfaces* page (_status_interfaces.php_) is very useful for showing Interface details.
On systems tha... Anonymous
07:38 PM Revision 53f5bc4b: more pretty func: Viktor Gurov
07:38 PM Revision 4193cc18: Change interface disconnect/release button to 'danger'. Fixes #9911: While here, add the interface name to the button text.
Net effect is a confirmation box to ensure the user wants to ... Jim Pingle
07:37 PM Revision b8b0c2a3: Change interface disconnect/release button to 'danger'. Fixes #9911: While here, add the interface name to the button text.
Net effect is a confirmation box to ensure the user wants to ... Jim Pingle
07:29 PM Revision b1ffc46f: extra switch case for !ospf: Viktor Gurov
06:57 PM Revision 46ca1080: fixes: Viktor Gurov
04:52 PM Revision 7eed5588: Fix #7791: strings binary can be useful for troubleshooting: Renato Botelho
04:52 PM Revision 6ecea21a: Fix #7791: strings binary can be useful for troubleshooting: Renato Botelho
10:57 AM pfSense Packages Feature #9912 (New): add custom DPI to ntopng: hi, since you don't read a conf file at startup, could you add the -p parameter to the startup script and point it to... ROB VANHOOREN
07:54 AM Bug #9566: Traffic graph displays traffic incorrectly: See also #9910 which suggests it may be related to limiters, though this one mentions ALTQ. Jim Pingle
07:54 AM Bug #9910 (Duplicate): When using limiters, traffic on wan out is doubled: Duplicate of #9566 Jim Pingle
07:52 AM Feature #9909 (Pull Request Review): Add option to (dis)allow unauthenticated LDAP binds: Jim Pingle
07:46 AM Bug #9907 (Pull Request Review): Do not show incompatible ECDSA certs for DNS Resolver: Jim Pingle
07:40 AM Bug #9908 (Duplicate): hn0: driver does not support altq: Duplicate of #9647 Jim Pingle
07:39 AM Bug #9899 (Resolved): PHP Error: DateTime::diff() expects parameter 1 to be DateTimeInterface, bool given in /etc/inc/certs.inc on line 1958: OK, thanks for testing! Jim Pingle
07:35 AM pfSense Packages Feature #9906 (Pull Request Review): show ECDSA CAs and certs only with correct curves: Jim Pingle
07:33 AM Feature #9905 (Pull Request Review): ospf / ospv3 packet capture: Jim Pingle
07:17 AM Bug #9643: Limiters do not function properly on 2.5 snapshots: Nothing yet, but since we are rebasing on FreeBSD 12.1 soon, it will need to wait until after that happens. Jim Pingle
12:41 AM Bug #9643: Limiters do not function properly on 2.5 snapshots: Hi.
Any update on this one?
Thanks! Greg M
12:47 AM Bug #9646: OpenSSL 1.1.1 does not list engines for AES-NI or BSD crypto: This issue caught my eye, so I enabled the devcrypto patch on my version based on 12.1. On my VM, after loading the ... Ronald Schellberg

Also available in: Atom

Project

General

Profile

pfSense

Activity

Activity

12/17/2019

12/16/2019

12/15/2019

12/14/2019

12/13/2019

12/12/2019

12/11/2019

12/10/2019

12/09/2019

12/08/2019

12/07/2019

12/06/2019

12/05/2019

12/04/2019

12/03/2019

12/02/2019

12/01/2019

11/29/2019

11/28/2019

11/27/2019

11/26/2019

11/25/2019

11/24/2019

11/23/2019

11/22/2019

11/21/2019

11/20/2019

11/19/2019

11/18/2019