Activity

30 days up to

User

Subprojects

Activity

From 11/23/2019 to 12/22/2019

12/22/2019

05:01 PM Bug #9804: services_captiveportal.php: Image upload does not validate file type: I tested this and was unable to upload a small php script named phpinfo.gif into the picture widget.
I also tried ... Chris Linstruth
04:23 PM Bug #9938 (Resolved): Queue stats parser broken if bytes > 9999999999: Jim Pingle
04:21 PM Bug #9938: Queue stats parser broken if bytes > 9999999999: Status_queues looks fine here:
[ pkts: 90492841 bytes: 71051952021 dropped pkts: 82974 bytes: 62613863 ]
... Chris Linstruth
04:23 PM Bug #9447 (Resolved): Configuring LAGG at XG-7100 Switch Ports Broken: Jim Pingle
03:13 PM Bug #9447: Configuring LAGG at XG-7100 Switch Ports Broken: Setting 7 and 8 to lagg group 1 results in:
laggroup0:
members 9,10
laggroup1:
members 7,8
Setting 5 and 6 t... Chris Linstruth
04:23 PM Bug #9548: Do not use VLANMTU flag to decide if interface supports to run VLAN: The only way to really try it is to track down a bit of hardware that didn't allow VLANs before, but does now.
But... Jim Pingle
02:06 PM Bug #9548: Do not use VLANMTU flag to decide if interface supports to run VLAN: Evaluated this but could not figure out how to test it in the negative sense. Tried to make existing NICs drop the VL... Chris Linstruth
04:21 PM Bug #9668 (Resolved): Running /etc/rc.newipsecdns breaks FRR BGP on VTI interfaces: Jim Pingle
01:42 PM Bug #9668: Running /etc/rc.newipsecdns breaks FRR BGP on VTI interfaces: In addition to using this patch on a couple of customer sites with success, I just specifically tested this again bet... Chris Linstruth
07:13 AM Bug #9992: CCP: parameter negotiation failed: Thanks for looking at this, however, I'm not alone. Please see the forum: https://forum.netgate.com/topic/147120/malf... simon lock
07:06 AM Bug #9993: invalid cipher specified in ipsec config: What seems to fix it is toggling between ciphers (switch to aes in both duplicated tabs, save,edit again, select init... Florin Samareanu
06:58 AM Bug #9993 (Duplicate): invalid cipher specified in ipsec config: Seems something broke in latest 2.5.0 dev. Configuring ipsec p1 using aes-128-gcm and xcbc leads to this:
Dec 22 1... Florin Samareanu

12/21/2019

03:39 PM Bug #9992 (Rejected): CCP: parameter negotiation failed: There isn't anything here to suggest this is an actionable bug in pfSense. Please post on the forum for assistance wi... Jim Pingle
01:08 PM Bug #9992 (Rejected): CCP: parameter negotiation failed: I am interconnecting via L2TP PFSense Over AWS to my Local GW. The connection is OK, as I try to move very large file... MMaxymo Mora
10:32 AM Bug #9991 (Rejected): wol sends invalid data 2.4.4-p3: I can't reproduce this. I tried on 2.4.4-p3, 2.4.5, and 2.5.0. A proper WOL packet was shown in Wireshark each time. ... Jim Pingle
08:47 AM Bug #9991 (Rejected): wol sends invalid data 2.4.4-p3: When issuing a wol command from pfsense to a pc running wireshark (directly connected and not via a switch) the corru... simon lock
09:12 AM Bug #9873 (Resolved): Switching the System Update to Development renders the system unbootable: Jim Pingle
05:34 AM Bug #9873: Switching the System Update to Development renders the system unbootable: tested on pfSense 2.4.5.a.20191220.1407
Resolved Viktor Gurov
09:12 AM Bug #9924 (Resolved): crl_contains_cert() does not correctly report revoked status for intermediate CAs: Jim Pingle
05:29 AM Bug #9924: crl_contains_cert() does not correctly report revoked status for intermediate CAs: tested on pfSense 2.5.0.a.20191220.1354
works as expected,
Resolved Viktor Gurov
09:09 AM Bug #9296 (Resolved): Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: Jim Pingle
01:11 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: Jim Pingle wrote:
> Needs checked and/or tested again on 2.4.5 snapshots
tested on pfSense 2.4.5.a.20191220.1407
... Viktor Gurov
09:09 AM pfSense Packages Bug #9962 (Resolved): HAproxy Upgrade needed HTTP/2 CVE-2019-19330: Jim Pingle
12:43 AM pfSense Packages Bug #9962: HAproxy Upgrade needed HTTP/2 CVE-2019-19330: Jim Pingle wrote:
> The packages will show up on 2.4.4 immediately, they are already there:
> [...]
>
> For 2.4.... Viktor Gurov
09:08 AM Bug #9674 (Resolved): hidden OpenVPN settings are validated and written to file: Jim Pingle
12:38 AM Bug #9674: hidden OpenVPN settings are validated and written to file: tested on pfSense 2.4.5.a.20191220.1407
works as expected,
Resolved Viktor Gurov
09:08 AM Bug #9292 (Resolved): Default route as indicated by "(Default)" does not match the actual default route on the OS.: Jim Pingle
12:24 AM Bug #9292: Default route as indicated by "(Default)" does not match the actual default route on the OS.: Jim Pingle wrote:
> Needs checked and/or tested again on 2.4.5 snapshots
tested on pfSense 2.4.5.a.20191220.1407
... Viktor Gurov
09:08 AM Bug #9969 (Resolved): static route remain in the OS routing table after deletion: Jim Pingle
12:04 AM Bug #9969: static route remain in the OS routing table after deletion: tested on pfSense 2.4.5.a.20191220.1407
works, Resolved Viktor Gurov
09:08 AM Bug #8907 (Resolved): wizard.php - $field['type'] - "Select" doesn't have the attribute "Size" defined: Jim Pingle
12:03 AM Bug #8907: wizard.php - $field['type'] - "Select" doesn't have the attribute "Size" defined: tested on pfSense 2.4.5.a.20191220.1407
Resolved Viktor Gurov
09:07 AM Todo #9245: Update copyright notices to 2020: Those are all pulled in from non-base packages built from the freebsd-ports repository, too.
They do need updated,... Jim Pingle
12:33 AM Todo #9245: Update copyright notices to 2020: Jim Pingle wrote:
> That's a package, this issue only covers the base OS.
tested on pfSense 2.4.5.a.20191220.1407... Viktor Gurov
05:17 AM pfSense Packages Bug #9807 (Resolved): Packets Monitoring graphs are being incorrectly scaled: tested on pfSense 2.4.5.a.20191220.1407
works,
Resolved Viktor Gurov
03:59 AM Bug #9349: IPSec service start/stop/restart fails after settings change: works fine on pfSense 2.5.0.a.20191220.0438
with Chromium 78.0.3904.108 and Firefox 68.2 Viktor Gurov
03:35 AM Bug #9483: UFS filesystem is not being mounted noatime.: force noatime mount option:
https://github.com/pfsense/pfsense/pull/4138 Viktor Gurov

12/20/2019

10:18 PM Feature #9970: Captive Portal and SAML2 Integration: The PR is actually great but it would be better to integrate SAML auth mechanism with the user manager A FL
06:52 PM Revision 7cafdb92: Fix manual backup flag: (cherry picked from commit 0bdd1774a1666852e35452ea3f17bb9dc075ecec) Steve Beaver
04:04 PM Revision 64031495: Update copyright notice years. Issue #9245: Jim Pingle
03:18 PM Bug #9977: Enabling Captive Portal on 2.4.5 breaks network connectivity: Luiz is looking into this one Jim Pingle
03:15 PM pfSense Packages Feature #9973 (New): Nagios NRPE package isn't IPv6 capable: That PR didn't turn out to be necessary. IPv6 addresses are accepted in the GUI already. If they are rejected for you... Jim Pingle
02:46 PM Bug #9582 (Resolved): PHP error setting up VLANs from the console: No errors on 2.4.5.a.20191220.0501 when starting with the stated problem config. Jim Pingle
02:42 PM Bug #9801 (Resolved): VTI IPv6 addresses don't get assigned: VTI IPv6 is assigned as expected and works on 2.4.5.a.20191220.0501... Jim Pingle
02:40 PM Feature #9111 (Resolved): Add IPsec VTI interface MTU support: VTI MTU is applied as expected and survives reboot on 2.4.5.a.20191220.0501 Jim Pingle
02:28 PM Bug #9781 (Resolved): Fix IPsec VTI interface creation logic: VTI interfaces are created as expected when creating a tunnel and at reboot.
2.4.5.a.20191220.0501
Jim Pingle
02:27 PM Revision 47799389: check that revokeserial is not empty: Viktor Gurov
02:23 PM Bug #9258 (Resolved): Error deleting tunnel type P2 when mixed with VTI: Deleting a "tunnel" type P2 when a VTI P2 exists is now allowed as expected.
2.4.5.a.20191220.0501
Jim Pingle
02:11 PM Revision ff0b9aff: check every value for ASN.1: Viktor Gurov
02:04 PM Revision 8471df75: fixed incorrect serial checking: Viktor Gurov
01:46 PM Revision bcb5dfad: Merge pull request #4136 from vktg/hidecertexppass: Renato Botelho
01:40 PM Bug #9243 (Resolved): IPsec ID type keyid not explicitly set: Keyid now has the appropriate prefix, and works as expected on 2.4.5.a.20191220.0501... Jim Pingle
01:31 PM pfSense Packages Bug #9220 (Resolved): STunnel: Tunnel list does not show certificate: Looks good on stunnel 5.50_4 Jim Pingle
07:44 AM pfSense Packages Bug #9220 (Feedback): STunnel: Tunnel list does not show certificate: PR has been merged. Thanks! Renato Botelho
01:25 PM Todo #9245: Update copyright notices to 2020: That's a package, this issue only covers the base OS. Jim Pingle
10:16 AM Todo #9245: Update copyright notices to 2020: 2.4.5 looks OK, still had some stragglers on 2.5.0. Jim Pingle
01:24 PM Bug #9558 (Resolved): GPS NTP source PHP errors: I've unplugged/replugged the GPS and stopped/started NTPD in various combinations while watching the status, no PHP e... Jim Pingle
01:18 PM Bug #6846 (Resolved): System misreporting Super Micro C2558 platform as Super Micro C2758: No response from the OP after the fix was committed. Looks OK to me. Jim Pingle
01:10 PM Bug #9584 (Resolved): Potential XSS in services_acb.php via hostname parameter with legacy settings: The affected code has been completely removed from 2.4.5 and later, so this has become moot. Jim Pingle
01:02 PM Revision 67b49e4c: hide exportpass field on cert import: Viktor Gurov
12:54 PM Feature #9693 (Feedback): Bypass automatic backups: Cherry picked commit:0bdd1774a1666852e35452ea3f17bb9dc075ecec which fixed it on master.
I tested the @NoReMoTeBaCk... Jim Pingle
12:50 PM Feature #9693 (In Progress): Bypass automatic backups: Manual backups with a reason entered by the user aren't getting the correct string appended, so MaNuAlBaCkUp is showi... Jim Pingle
11:49 AM Bug #9961 (Resolved): status_upnp: UPnP status not showing rules when using override WAN address option: UPnP rules show as expected in both scenarios now, with and without the customized external address.
2.4.5.a.2019122... Jim Pingle
11:48 AM pfSense Packages Bug #9652: Squid Proxy Server /var/squid/lib/ssl_db directory not found in squid.inc: Looks like the new program called 'security_file_certgen' replace ssl_crtd in the latest version of squid.
Exist 1 ... Peter Moreno
10:32 AM pfSense Packages Bug #9652: Squid Proxy Server /var/squid/lib/ssl_db directory not found in squid.inc: Hello
I modified squid.inc adding security_file_certgen instead ssl_crtd (PF ver 2.4.5) but the result is:... Stefano Mereghetti
10:35 AM Feature #9285 (Resolved): Add an option to disable the ping-check in dhcpd: Option is now present in the GUI and appears to work as expected on a per-subnet basis.
2.4.5.a.20191220.0501
Jim Pingle
10:31 AM pfSense Packages Bug #9986: Squid package Transparent Mode MITM: This issue is closed since it was a duplicate report of another issue. If you have information to add, add it as a co... Jim Pingle
10:30 AM pfSense Packages Bug #9986: Squid package Transparent Mode MITM: Hello
I modified squid.inc in my installation 2.4.5 but the result is:... Stefano Mereghetti
10:30 AM Bug #9150 (Resolved): Web authentication RADIUS package shows PHP error if unable to resolve FQDN of RADIUS server: I still was not able to reproduce this, even on 2.4.4-p3, but it all works as expected on 2.4.5. Auth appears to fail... Jim Pingle
10:05 AM pfSense Packages Feature #9982: basic_ldap_auth TLS connection: updated:
https://github.com/pfsense/FreeBSD-ports/pull/725 Viktor Gurov
10:02 AM Bug #6195 (Resolved): Cannot set Manual Outbound NAT when Language is pt_BR: When set to pt_BR, I can now save manual outbound NAT as expected and it sticks. Jim Pingle
09:53 AM Feature #9966 (Resolved): allow to disable APIPA blocking: Option is present and works as expected on 2.4.5.a.20191220.0501 Jim Pingle
03:38 AM Feature #9966 (Feedback): allow to disable APIPA blocking: PR has been merged. Thanks! Renato Botelho
09:52 AM Feature #9256 (Resolved): adjust frequency of geom rebuild notifications.: Tested on 2.4.5.a.20191220.0501, notifications only happened at status change, 25/50/75/100% as expected. Jim Pingle
09:37 AM Revision e3ad0988: cosmetic: (cherry picked from commit f1c43228ab62ffae24dd6059049d2d03dbee10a8) Viktor Gurov
09:37 AM Revision 9ba3d307: fix: (cherry picked from commit 2edf9abaacbecbc173262bccc8d797b9553096ca) Viktor Gurov
09:37 AM Revision 02d79fcc: allow to disable APIPA blocking: (cherry picked from commit 09b6735d1c936ad7962d66af17a32f8a0bb9f9ed) Viktor Gurov
09:37 AM Revision b7144f55: Merge pull request #4128 from vktg/disableapipa: Renato Botelho
08:21 AM Bug #9779 (Resolved): Dynamic DNS class constructor uses deprecated function name: Other DynDNS tests have passed. If this was going to be a problem, DynDNS would be completely broken by it. Jim Pingle
08:19 AM pfSense Packages Feature #9989: Add FreeBSD port and pfSense plugin for HoneyTrap: Might be something we could consider but I do not like the idea of running a service like this on a firewall. Deliber... Jim Pingle
08:08 AM pfSense Packages Feature #9989 (Rejected): Add FreeBSD port and pfSense plugin for HoneyTrap: Ezri Mudde
08:16 AM Bug #9053 (Resolved): Dynamic DNS will not allow Route 53 wildcard record: Thanks for testing! Jim Pingle
08:14 AM Bug #9053: Dynamic DNS will not allow Route 53 wildcard record: Tested in a current snapshot of 2.4.5 and was able to create a Route53 wildcard entry Tom Embt
08:09 AM Feature #3258 (Pull Request Review): Allow multiple certificates to be revoked in a single step: Jim Pingle
08:07 AM Feature #3258: Allow multiple certificates to be revoked in a single step: tested on pfSense 2.5.0.a.20191220.0438
invalid input validation, multiple serials not allowed
fixed:
https://gi... Viktor Gurov
08:06 AM Bug #9361: Cloudflare Not Allowing "*" Hostname Entry in Dynamic DNS: That is likely a good enough test, but I'll hold this open for a bit yet in case someone can do a functional test aga... Jim Pingle
08:05 AM Bug #9361: Cloudflare Not Allowing "*" Hostname Entry in Dynamic DNS: Testing in a current 2.4.5 snapshot. I don't have a Cloudflare account to see if the update happens, but the pfSense... Tom Embt
08:05 AM Bug #9271 (Resolved): Azure DDNS whitespace cleanup: Thanks for testing! Jim Pingle
08:01 AM Bug #9271: Azure DDNS whitespace cleanup: This looks good to me in the latest snapshot of 2.4.5. This has no functional changes but formatting appears correct... Tom Embt
08:04 AM Feature #3792 (Resolved): Group name size limit too restrictive on Active Directory Users: Works as expected on 2.4.5.a.20191218.2354
Long group names are allowed when adding or editing a group set to Remo... Jim Pingle
08:02 AM Bug #9541 (Resolved): Non-admin user with admin rights is given the wrong URL for the user manager: Works as expected on 2.4.5.a.20191218.2354
Jim Pingle
07:57 AM Feature #9268 (Resolved): Add Linode Dynamic DNS support: Thanks for testing! Jim Pingle
07:55 AM Feature #9268: Add Linode Dynamic DNS support: This is working correctly for me in the latest snapshot of 2.4.5 Tom Embt
07:46 AM Feature #1192 (Feedback): Certificate Manager - Ability to Encrypt Private Keys When Exporting: PR merged Renato Botelho
07:18 AM Feature #1192 (Pull Request Review): Certificate Manager - Ability to Encrypt Private Keys When Exporting: Jim Pingle
07:04 AM Feature #1192: Certificate Manager - Ability to Encrypt Private Keys When Exporting: works ok, but it should hide exportpass field on non-edit (certificate import) page:
https://github.com/pfsense/pfse... Viktor Gurov
07:41 AM Bug #9984 (Resolved): PHP error in 2.4.5 services_dyndns_edit.php: Thanks for testing! Jim Pingle
07:41 AM Bug #9984: PHP error in 2.4.5 services_dyndns_edit.php: Can confirm - the issue is fixed in a newer snapshot Tom Embt
07:32 AM pfSense Packages Bug #9988 (Duplicate): Squid - SSL Inspection: Duplicate of #9652 Jim Pingle
05:31 AM pfSense Packages Bug #9988 (Duplicate): Squid - SSL Inspection: Hello
with 2.4.5 snapshot, I tried to enable SSL inspection using an OLD CA and a new CA.
The result is:... Stefano Mereghetti
07:25 AM pfSense Packages Bug #9962: HAproxy Upgrade needed HTTP/2 CVE-2019-19330: The packages will show up on 2.4.4 immediately, they are already there:... Jim Pingle
06:14 AM pfSense Packages Bug #9962: HAproxy Upgrade needed HTTP/2 CVE-2019-19330: pfSense find it =) DRago_Angel [InV@DER]
06:02 AM pfSense Packages Bug #9962: HAproxy Upgrade needed HTTP/2 CVE-2019-19330: Renato Botelho wrote:
> 2.0.10 / 1.8.23 and 1.7 .12 were pushed to proper branches
Thanks, how can I trigger upgr... DRago_Angel [InV@DER]
05:56 AM pfSense Packages Bug #9962 (Feedback): HAproxy Upgrade needed HTTP/2 CVE-2019-19330: 2.0.10 / 1.8.23 and 1.7 .12 were pushed to proper branches Renato Botelho
03:49 AM pfSense Packages Bug #9962 (In Progress): HAproxy Upgrade needed HTTP/2 CVE-2019-19330: Renato Botelho
07:19 AM Feature #7861 (Resolved): Make "Descriptive name" of certificates editable: Jim Pingle
06:38 AM Feature #7861: Make "Descriptive name" of certificates editable: tested on pfSense 2.5.0.a.20191219.1908
works, Resolved Viktor Gurov
07:19 AM Feature #4068 (Resolved): CAs present on CERT manager are not trusted from pfSense: Jim Pingle
06:44 AM Feature #4068: CAs present on CERT manager are not trusted from pfSense: tested on pfSense 2.5.0.a.20191219.1908
works, Resolved Viktor Gurov
07:18 AM Bug #9979 (Resolved): status_ipsec.php missing information: Jim Pingle
06:47 AM Bug #9979: status_ipsec.php missing information: tested on pfSense 2.5.0.a.20191220.0438
Rekey timer (only reauth is printed) - ok
Encryption algorithm key size (... Viktor Gurov
07:17 AM pfSense Packages Feature #9875 (Resolved): add extra engines safe search: The note is correct when I just installed the package, and it's correct in all the right branches of the repository. ... Jim Pingle
12:22 AM pfSense Packages Feature #9875: add extra engines safe search: Renato Botelho wrote:
> PR has been merged. Thanks!
Tested on pfSense 2.5.0.a.20191219.1908 with squidGuard 1.16.... Viktor Gurov

12/19/2019

10:44 PM pfSense Packages Todo #9392: Status_Traffic_Totals needs updated for vnstat 2.0: Affects both 2.5.0 and 2.4.5 Jim Pingle
10:44 PM pfSense Packages Bug #9987 (Duplicate): Bug #9759 from 2.5 is repro'ing on 2.4.5 as well: Duplicate of #9392 Jim Pingle
09:58 PM pfSense Packages Bug #9987 (Duplicate): Bug #9759 from 2.5 is repro'ing on 2.4.5 as well: I'm guessing the same new version of vnstat is now also being used on 2.4.5 and so the vnstat -u command no longer wo... Richard Powell
08:35 PM pfSense Packages Bug #9652: Squid Proxy Server /var/squid/lib/ssl_db directory not found in squid.inc: This will need picked back to RELENG_2_4_5 when merged. Jim Pingle
08:35 PM pfSense Packages Bug #9986 (Duplicate): Squid package Transparent Mode MITM: Duplicate of #9652 Jim Pingle
08:10 PM pfSense Packages Bug #9986 (Duplicate): Squid package Transparent Mode MITM: This issue is related to squid version 4.9.x, this new version no longer use ssl_crtd now is called 'security_file_ce... Peter Moreno
07:38 PM Revision 96701431: Fix #9285: Move ping-check option from global to per-subnet: (cherry picked from commit 5197e3e3a3b0ee048785e2ffb4222d7cba4e6c74) Renato Botelho
07:38 PM Revision 0e0797a1: use disablepingcheck as option name: (cherry picked from commit a0541b292d4cde76b9e95c1d8cbd99f5f26afee5) Arthur Wiebe
07:38 PM Revision 583433e5: add an option to the DHCP server to disable the ping check feature: (cherry picked from commit 7847e55fa2cd5813adb1ee4aa888b694957109b9) Arthur Wiebe
07:37 PM Revision c11240ac: Revert "Fix #9285: Move ping-check option from global to per-subnet": This reverts commit 9133e01dc049920d716b045a86e78a9a05d98354. Jim Pingle
07:18 PM Revision 8f58f8e5: Update copyright notice years. Issue #9245: Jim Pingle
07:09 PM Revision 21aaa00b: Update copyright notice years. Issue #9245: Jim Pingle
03:50 PM Revision 6df12a8e: Add Gandi LiveDNS DynDNS client.: (cherry picked from commit edfe22f8bae894eb678f3e7060cc91cea6f664da) Eric VANTILLARD
03:50 PM Revision e248f02f: Add back inadvertently removed line: (cherry picked from commit 946238ef46e766e46392b7b9aed444cbc3a43909) Jim Pingle
03:50 PM Revision 0d6be361: Fix syntax error in services_dyndns_edit.php, reformat statement.: (cherry picked from commit 1c11171b19ee8cabcbdaa5ffa433238033c510a2) Jim Pingle
03:32 PM Bug #9466 (Resolved): DHCP (IPv4) relay mistakenly listening on upstream interface: Runs as expected with the new correct parameters on 2.4.5.a.20191218.2354 Jim Pingle
03:32 PM Bug #8443 (Resolved): DHCP relay not starting after ovpnc interface is unchecked - vm 2.4.3: As expected, OpenVPN interfaces are not available for selection in DHCP Relay on 2.4.5.a.20191218.2354 Jim Pingle
03:02 PM Feature #7537 (Resolved): Include mellanox mlx4 and mlx5 ethernet driver: Drivers are in the kernel on 2.4.5.a.20191218.2354... Jim Pingle
03:00 PM Bug #9543 (Resolved): diag_dns.php: Reverse lookup of IPv6 fails with "Host must be a valid hostname or IP address.": Works as expected on 2.4.5.a.20191218.2354
Jim Pingle
01:41 PM Feature #9285 (Feedback): Add an option to disable the ping-check in dhcpd: Should be OK now:
* commit:c11240ac15bfeb65f5ceec4173223f9b7ab9b39b
* commit:583433e5a69aae9b997057c650b8fcf1a9db... Jim Pingle
01:36 PM Feature #9285 (In Progress): Add an option to disable the ping-check in dhcpd: It looks like the main part of this PR was not picked back, only a later commit
PR link: https://github.com/pfsens... Jim Pingle
01:32 PM Bug #9684 (Resolved): System Notifications: Asterisks over writing current password causing notifications to stop working.: Looks OK on 2.4.5.a.20191219.0146 Jim Pingle
01:31 PM Feature #9620 (Resolved): User privilege to manage integrated switch: Privilege is present and works as expected on 2.4.5.a.20191219.0146 Jim Pingle
01:26 PM Todo #9245 (Feedback): Update copyright notices to 2020: Updated those (and more I found) here and in factory. Should all be set now. Jim Pingle
01:05 PM Todo #9245 (New): Update copyright notices to 2020: Still lots of files in the 2.4.5 branch with old years:... Jim Pingle
01:23 PM Feature #3473 (Resolved): Allow configuration of OpenVPN keepalive: Options are present and appear to work as intended.
2.4.5.a.20191218.2354
Jim Pingle
01:22 PM Bug #7359 (Resolved): Status/OpenVPN Page Sorts Incorrectly: Sort order looks good on 2.4.5.a.20191218.2354
Jim Pingle
01:22 PM Feature #9078 (Resolved): Investigate adding knobs for explicit-exit-notify in OpenVPN: Options are present and appear to work as intended.
2.4.5.a.20191218.2354
Jim Pingle
01:14 PM Bug #9234 (Resolved): Wording consistency in Certificate Management notifications: Errors are correct on 2.4.5.a.20191218.2354
Jim Pingle
01:01 PM Bug #9259 (Resolved): User with "Deny Config Write" privilege is not fully prevented from creating accounts: Works as expected on 2.4.5.a.20191218.2354
GUI user is not presented with options to add an account. If they do ma... Jim Pingle
12:57 PM Bug #9327 (Resolved): Using the character "¤" in OpenVPN password field creates invalid config.xml: The problem password saves as expected on 2.4.5.a.20191218.2354 -- Field is CDATA protected and does not result in an... Jim Pingle
12:53 PM Bug #9407 (Resolved): Update jQuery to current version (3.3.1 or later): 3.4.1 is present on 2.4.5.a.20191218.2354, no problems observed so far. Can reopen or open new issues if JS problems ... Jim Pingle
12:51 PM Bug #9550 (Resolved): New privilege matching method does not allow menu or tab links to anchors (#foo): Privileges work as expected in the stated scenario on 2.4.5.a.20191218.2354 Jim Pingle
12:49 PM Feature #9590 (Resolved): RFE: Add additional prefix delegation size entries to dropdown-list: The additional delegation sizes are present on 2.4.5.a.20191218.2354
Jim Pingle
12:44 PM Bug #9767 (Resolved): Interesting Traffic Will not Initiate an IPsec VTI tunnel.: Close Action option is present in the GUI and is working as expected in 2.4.5.a.20191218.2354
Jim Pingle
12:29 PM Bug #9782 (Resolved): XMLRPC auth error message format is inconsistent with GUI auth error message: Error message is correct on 2.4.5.a.20191219.0146 Jim Pingle
12:26 PM Bug #9780 (Resolved): PHP warning in diag_dump_states.php: Works as expected on 2.4.5.a.20191219.0146 Jim Pingle
12:23 PM Bug #9851 (Resolved): PHP error in logs: No sign of this error during upgrade or any time after on multiple 2.4.5 systems. Jim Pingle
12:23 PM Bug #9898 (Resolved): DNS over TLS hostname verification does not save: Works as expected on 2.4.5.a.20191219.0146 Jim Pingle
12:23 PM Bug #9963 (Resolved): DNS servers assigned dynamically are omitted if also assigned manually when override is disallowed: Works as expected on 2.4.5.a.20191219.0146 Jim Pingle
11:57 AM Todo #9976 (Resolved): strongswan: Update to 5.8.2: ... Jim Pingle
10:50 AM Feature #9985 (Resolved): Build virtio_console.ko: Hello,
Please include the virtio_console.ko kernel module, it's needed by the qemu-guest-agent (open-vm-tools of t... Nux Ro
10:12 AM Bug #9971: sshguard error: Logging subprocess <pid> (exec /usr/local/sbin/sshguard) exited with status 1.: Since 2.4.5 is still using clog, at least there the only option appears to be patching out the error/exit. Jim Pingle
10:02 AM Bug #9984 (Feedback): PHP error in 2.4.5 services_dyndns_edit.php: Jim Pingle
09:54 AM Bug #9984: PHP error in 2.4.5 services_dyndns_edit.php: I applied all the missing commits from master (including the ones you mentioned, plus commit:edfe22f8bae894eb678f3e70... Jim Pingle
09:38 AM Bug #9984 (In Progress): PHP error in 2.4.5 services_dyndns_edit.php: Jim Pingle
09:05 AM Bug #9984: PHP error in 2.4.5 services_dyndns_edit.php: Seen in:
2.4.5-DEVELOPMENT (amd64)
built on Wed Dec 18 23:54:57 EST 2019 Tom Embt
09:03 AM Bug #9984 (Resolved): PHP error in 2.4.5 services_dyndns_edit.php: RELENG_2_4_5 has a PHP syntax error when trying to add a Dynamic DNS client (just clicking the green Add button will ... Tom Embt
09:54 AM Feature #9452: Add Gandi LiveDNS DynDNS client.: I picked this back as a part of fixing #9984 Jim Pingle
07:41 AM Feature #8786: Wireguard VPN: Thats sad, I really hope WireGuard could be implemented in pfSense as soon as possible. The performance and security ... Ter Ted

12/18/2019

09:27 PM Revision 9701089e: Rework IPsec P1 Lifetime GUI options. Fixes #9983: Jim Pingle
03:35 PM Bug #9983 (Feedback): Reauth vs Rekey UI and behavior for swanctl: Applied in changeset commit:9701089ebd5151593390749ddae090a6afe7f360. Jim Pingle
03:27 PM Bug #9983: Reauth vs Rekey UI and behavior for swanctl: Looks like using lifetime=>reauth_time is best, due to POLA and maintaining consistent behavior. Users can always cho... Jim Pingle
02:41 PM Bug #9983 (Resolved): Reauth vs Rekey UI and behavior for swanctl: The IPsec P1 GUI has one "lifetime" box and separate checkboxes to disable reauth and rekey, though as far as I can s... Jim Pingle
03:17 PM Revision f1c43228: cosmetic: Viktor Gurov
09:06 AM Revision 2edf9aba: fix: Viktor Gurov
08:00 AM pfSense Packages Feature #9973 (Pull Request Review): Nagios NRPE package isn't IPv6 capable: Jim Pingle
07:52 AM pfSense Packages Feature #9973: Nagios NRPE package isn't IPv6 capable: Jim Pingle wrote:
> Not a bug, but a missing feature.
binding IP: I can only give one IP. For Dual Stack I need t... Viktor Gurov
07:52 AM Feature #3244 (Resolved): Check that OpenVPN tunnel network does not overlap any other subnet: Works as expected on 2.4.5.a.20191217.2126, exact matches are rejected. Jim Pingle
07:52 AM Feature #9030 (Resolved): Allow TLS Key Direction with OpenVPN: Works as expected for both clients and servers on 2.4.5.a.20191217.2126 Jim Pingle
07:51 AM Bug #9133 (Resolved): "Show all configured leases" does not stay set after deleting a lease: Works as expected on 2.4.5.a.20191217.2126 Jim Pingle
07:38 AM Revision cb74fa6b: some mistake: Viktor Gurov
07:36 AM Revision 9bb0e987: fix: Viktor Gurov
07:34 AM Revision 2ff3a3d7: fix: Viktor Gurov
07:32 AM Revision d250c48b: fix: Viktor Gurov
06:49 AM pfSense Packages Feature #9824 (Resolved): Add support for DuckDuckGo's Safe Search: Tested on pfSense 2.5.0.a.20191217.2217, squid 0.4.44_9
Resolved Viktor Gurov
06:41 AM Bug #9907 (Resolved): Do not show incompatible ECDSA certs for DNS Resolver: Jim Pingle
03:17 AM Bug #9907: Do not show incompatible ECDSA certs for DNS Resolver: Renato Botelho wrote:
> PR has been merged. Thanks!
Tested on pfSense 2.5.0.a.20191217.2217
Resolved Viktor Gurov
06:40 AM Feature #9842 (Resolved): Add CA/certificate renewal function: Jim Pingle
03:25 AM Feature #9842: Add CA/certificate renewal function: Renato Botelho wrote:
> PR has been merged. Thanks!
Tested on pfSense 2.5.0.a.20191217.2217
Resolved Viktor Gurov
06:40 AM pfSense Packages Feature #9982 (Pull Request Review): basic_ldap_auth TLS connection: Jim Pingle
05:47 AM pfSense Packages Feature #9982 (Feedback): basic_ldap_auth TLS connection: Allow to use -Z option by basic_ldap_auth for TLS LDAP connection
see:
http://www.squid-cache.org/Versions/v3/3.2... Viktor Gurov
06:34 AM Feature #9943 (Duplicate): status_ipsec.php: show encr-keysize: Superseded by #9979 Jim Pingle
03:40 AM Feature #9943: status_ipsec.php: show encr-keysize: can be closed
https://redmine.pfsense.org/issues/9979 Viktor Gurov
06:09 AM pfSense Packages Bug #9962: HAproxy Upgrade needed HTTP/2 CVE-2019-19330: any update of status? DRago_Angel [InV@DER]
03:14 AM pfSense Packages Bug #9219 (Resolved): STunnel: .pem files are created with incorrect permissions.: Renato Botelho wrote:
> PR has been merged. Thanks!
Tested on pfSense 2.5.0.a.20191217.2217 with stunnel 5.50_3
... Viktor Gurov

12/17/2019

09:57 PM Revision 8af4e81e: Include more information in status_ipsec.php. Fixes #9979: Jim Pingle
08:29 PM pfSense Packages Bug #9980: Fresh install of Suricata 4.1.5 package warns about CVE-2015-3152; need newer MySQL: Thanks for the fast response!
I don't use Barnyard2, so that's good news for me.
But for others... is this ther... Sean McBride
08:21 PM pfSense Packages Bug #9980: Fresh install of Suricata 4.1.5 package warns about CVE-2015-3152; need newer MySQL: The MySQL dependency is actually being pulled in by Barnyard2 and not Suricata itself. So long as you do not configur... Bill Meeks
06:17 PM pfSense Packages Bug #9980 (Closed): Fresh install of Suricata 4.1.5 package warns about CVE-2015-3152; need newer MySQL: 5 minutes ago I installed Suricata 4.1.5 package on pfSense 2.4.4-RELEASE-p3 (both newest at this time). It output a... Sean McBride
08:24 PM pfSense Packages Bug #9981: Suricata "Use IP Reputation Lists on this interface." actually defaults to ON, despite incorrect comment.: Internal bug tracking list? Should I be filing somewhere else than here? Sean McBride
08:22 PM pfSense Packages Bug #9981: Suricata "Use IP Reputation Lists on this interface." actually defaults to ON, despite incorrect comment.: I'll look into this and add it to my internal bug tracking list for Suricata. Bill Meeks
06:32 PM pfSense Packages Bug #9981 (Resolved): Suricata "Use IP Reputation Lists on this interface." actually defaults to ON, despite incorrect comment.: See attached.
Despite the comment, that option is *ON* by default. I just did a fresh install. Sean McBride
07:27 PM Revision 795ec316: Keep "Show all configured leases" enabled after deleting DHCP leases.: (cherry picked from commit 59385e0413d77079c8acaf796868429475865603) nanocaiordo
07:22 PM Revision 952c8812: Fix tlsauth_keydir read on vpn_openvpn_server.php. Fixes #9030: (cherry picked from commit 20cb21ee5b71be43b16280b337bb24bcf5a1d17d) Jim Pingle
07:22 PM Revision 20cb21ee: Fix tlsauth_keydir read on vpn_openvpn_server.php. Fixes #9030: Jim Pingle
07:16 PM Revision f8e25fe8: Fix tlsauth_keydir save on vpn_openvpn_server.php. Fixes #9030: (cherry picked from commit 7dca65a19d08393cdb36f22fe98b847b46d9caf9) Jim Pingle
07:15 PM Revision 7dca65a1: Fix tlsauth_keydir save on vpn_openvpn_server.php. Fixes #9030: Jim Pingle
06:58 PM Revision 9449906b: Prevent OpenVPN tunnel network reuse. Fixes #3244: Ensures that a submitted tunnel network is not already in use on other
OpenVPN client or server instances, to avoid c... Jim Pingle
05:50 PM Revision f8f84bc6: Add IPFW table contents to status.php: (cherry picked from commit 47f555e2e0718a188bc86d4dac801d32645d8a05) Jim Pingle
05:50 PM Revision 47f555e2: Add IPFW table contents to status.php: Jim Pingle
04:51 PM Revision 1e8b2c9c: Use full path for pkg-static: Renato Botelho
04:51 PM Revision cd91a57c: Use full path for pkg-static: Renato Botelho
04:48 PM Revision dc2eed4e: Use full path for pkg-static: Renato Botelho
04:05 PM Bug #9979 (Feedback): status_ipsec.php missing information: Applied in changeset commit:8af4e81eb530af959e43cfa1afcc6446a7969b28. Jim Pingle
03:57 PM Bug #9979 (Resolved): status_ipsec.php missing information: status_ipsec.php is missing some available information. It's in the IPsec status we receive from strongSwan, but not ... Jim Pingle
03:31 PM Revision 09646aef: Remove superfluous ( )'s: → luckman212
02:31 PM Revision 29b21d38: Fix GUI display of CARP capture contents. Issue #9867: (cherry picked from commit dd79aac6bfe13ee93177fcd0664115e7cfa25562) Jim Pingle
02:31 PM Revision dd79aac6: Fix GUI display of CARP capture contents. Issue #9867: Jim Pingle
02:27 PM Bug #9978 (Duplicate): Error on XML while updating pfsense from multiple sources: Duplicate of #8285
Jim Pingle
02:16 PM Bug #9978 (Duplicate): Error on XML while updating pfsense from multiple sources: While adding rules, editing alias, NAT, Packages.. etc. from different computers at the same time a bug comes up, rul... Andres Noriega
02:24 PM Revision c58e56fb: 3rd try - change config names: → luckman212
02:23 PM Bug #7037: CPU frequency in System Information: Is there any chance of reconsidering this? The problem is the whole rest of the column continually jumping up and do... Steve Russell
02:16 PM Bug #9954 (Resolved): status_ipsec.php: Unable to manually connect P2 when P1 is up but not P2: Button behaves as intended on 2.4.5.a.20191217.0637
If I manually disconnect all IPsec children, the button appear... Jim Pingle
02:14 PM Bug #9921 (Resolved): Limiters allow invalid delay values: Limiter delay value is correctly enforced on 2.4.5.a.20191217.0637 Jim Pingle
02:13 PM Bug #9931 (Resolved): 0.pfsense.pool.ntp.org doesn't work on IPv6 only installations: ... Jim Pingle
02:11 PM Feature #9911 (Resolved): Show confirmation box before disconnecting PPPoE: Looks good on 2.4.5.a.20191217.0637
Buttons are red and trigger the JS confirmation dialog. Canceling the dialog r... Jim Pingle
02:08 PM Todo #9864 (Resolved): Set autocomplete=new-password for user/password fields in forms: This appears to be working as intended and it doing a nice job. Pages that were particularly annoying before (like sy... Jim Pingle
02:06 PM Todo #9799 (Resolved): Create custom CSRF callback page with proper theme & more warnings: This is working as intended on 2.4.5.a.20191217.0637
If a client triggers a CSRF failure, they are presented with ... Jim Pingle
02:04 PM Feature #9791 (Resolved): Ability to filter Diagnostics ARP Table by IP range (DHCP): Search and sort works on all the pages listed in the commit on 2.4.5.a.20191217.0637. Jim Pingle
02:00 PM Bug #9770 (Resolved): XML-based Packages do not activate shortcuts: Shortcuts are activated for packages on 2.4.5.a.20191217.0637
The only package currently using shortcuts is iperf,... Jim Pingle
01:58 PM Revision 2c6e3337: Enable build of node_exporter: Renato Botelho
01:57 PM Bug #9708 (Resolved): /etc/inc/unbound.inc: Pfsense Default Unbound Configuration does not Prevent DNS Rebinding Attacks Against Localhost: New value is present on 2.4.5.a.20191217.0637... Jim Pingle
01:55 PM Feature #9705 (Resolved): Add kernel memory usage to status.php: Information is present in status.php output on 2.4.5.a.20191217.0637 Jim Pingle
01:54 PM Bug #9692 (Resolved): system_authservers.php: Descriptive name can be changed by removing read-only property via inspect element: Changes are rejected when attempted in this manner on 2.4.5.a.20191217.0637 Jim Pingle
01:51 PM Bug #9569 (Resolved): Fix serial console terminal size issues: Looks good on 2.4.5.a.20191217.0644 Jim Pingle
01:49 PM Bug #9540 (Resolved): PHP Uncaught Error in Status/System Logs/Firewall/Dynamic View: Looks good on 2.4.5.a.20191217.0637 Jim Pingle
01:47 PM Feature #9532 (Resolved): GUI indication and options for MDS mitigation: Works as expected. The mitigation can be enabled or disabled via system_advanced_misc.php and the status is correctly... Jim Pingle
01:45 PM Feature #9531 (Resolved): [IPSEC] Add additional curve-based DH Groups (31+): Group 31 can be selected and works when chosen on 2.4.5.
2.4.5.a.20191217.0637 Jim Pingle
01:43 PM Bug #9448 (Resolved): Dynamic DNS options showing in GUI for IPv6 when not in use: When saving on services_dhcpv6.php without any DDNS options entered, the section stays collapsed as expected now.
... Jim Pingle
01:41 PM Bug #9522 (Resolved): Diagnostics > System Activity shows only the header: On 2.4.5, the display shows the large process list and updates as expected.
2.4.5.a.20191217.0637 Jim Pingle
01:38 PM Feature #9323 (Resolved): Option to hide 'Kernel PTI' from sysinfo widget: PTI and MDS display in the system info widget can be disabled individually (or together) as expected on 2.4.5 and 2.5... Jim Pingle
01:38 PM Revision d237ba46: Add exit notify to OpenVPN servers/clients. Implements #9078: (cherry picked from commit 7591a72a5108a2ac28d28745cec43ea282869aae) Jim Pingle
01:36 PM Bug #9218 (Resolved): SNMP sysDescr does not display hostname and patch version: Works as intended now on 2.4.5 and 2.5.0, all the expected information is present. For good measure I applied it agai... Jim Pingle
01:29 PM Bug #9133: "Show all configured leases" does not stay set after deleting a lease: The commit for this wasn't cherry-picked to RELENG_2_4_5. I just picked it back.
I applied the change manually and... Jim Pingle
01:25 PM Feature #9030 (Feedback): Allow TLS Key Direction with OpenVPN: Applied in changeset commit:7dca65a19d08393cdb36f22fe98b847b46d9caf9. Jim Pingle
01:23 PM Feature #9030: Allow TLS Key Direction with OpenVPN: Value was also not read properly on page load, but I've pushed a fix for that as well. Jim Pingle
01:15 PM Feature #9030 (New): Allow TLS Key Direction with OpenVPN: The value does not get stored when changed on the server settings. I'll push a fix shortly. Jim Pingle
01:12 PM Revision bc18c480: Merge pull request #4109 from vktg/p11ipsec: Renato Botelho
01:08 PM Revision 50ceeac3: Ticket #9878: Add OPTIONS for opensc: Renato Botelho
01:06 PM Bug #8847 (Resolved): IPsec status "Show Child SA entries" button only expands and never collapses: When clicked, the button disappears and the child list is expanded, which is the intended behavior.
2.4.5.a.20191217... Jim Pingle
01:04 PM Bug #7840 (Resolved): OpenVPN 2.4 Server: Hide Interface when Protocol is Multihome: Control shows and hides as expected on 2.4.5 snapshots. Jim Pingle
01:04 PM Feature #7791 (Resolved): include /usr/bin/strings in core pfSense: @/usr/bin/strings@ is present and works on 2.4.5 snapshots. Jim Pingle
01:02 PM Revision e9063651: Merge pull request #4115 from vktg/unboundecdsa: Renato Botelho
01:02 PM Feature #5851 (Resolved): Add copy action to OpenVPN client / server: Seems to work fine for me on 2.4.5 snaps. The icon is there, I can make copies, they save and run OK.
I was able t... Jim Pingle
01:00 PM Revision 79fc17f9: Merge pull request #4122 from vktg/ecdsarenew: Renato Botelho
12:59 PM Feature #3244: Check that OpenVPN tunnel network does not overlap any other subnet: Picked this back to 2.4.5, since #5851 is already on 2.4.5 and this error will be more common with that available. Jim Pingle
12:58 PM Revision 68bd425e: DigitalOcean DynDNS description update. Close #9602: The description for DigitalOcean dynamic DNS is incorrect. The documentation currently states to "Enter @ as the host... karlhaworth
12:57 PM Revision f46036d1: Merge pull request #4131 from karlhaworth/pfsense-kh-patch-1: Renato Botelho
12:56 PM Revision 592b06fa: escapeshellarg(): (cherry picked from commit 6ad0603b9fc9a65a9bd10390976676ae48b3fbd0) Viktor Gurov
12:56 PM Revision 87417401: escapeshellarg(): (cherry picked from commit e43f0619b0f0937689ad78c023dfe077b1f84a10) Viktor Gurov
12:56 PM Revision 46b8e221: more readable: (cherry picked from commit c1c375e6fab9b334af8c290912324bf6aa42591b) Viktor Gurov
12:56 PM Revision c987c982: full cmd: route delete $fml $tgt $gw: (cherry picked from commit 3e20d17562406d1735720fe6b083e702cfc43de3) Viktor Gurov
12:56 PM Revision d1e3dcb2: Merge pull request #4130 from vktg/delstaticroutes: Renato Botelho
11:56 AM Revision 37d7a4d4: Calculate poudriere PARALLEL_JOBS based on hw.ncpu: Renato Botelho
11:56 AM Revision 3023bc21: Calculate poudriere PARALLEL_JOBS based on hw.ncpu: Renato Botelho
11:56 AM Revision 0e491fe2: Calculate poudriere PARALLEL_JOBS based on hw.ncpu: Renato Botelho
10:56 AM Revision dd580dd8: allow ca cert without prv for ipsec&ovpn: Viktor Gurov
10:53 AM Feature #9970 (Pull Request Review): Captive Portal and SAML2 Integration: Jim Pingle
10:49 AM Feature #9970: Captive Portal and SAML2 Integration: Pull request: https://github.com/pfsense/pfsense/pull/4133 Mauro Braggio
10:42 AM Revision e43c71ce: do not show certs without prv by default: Viktor Gurov
10:01 AM Bug #9977 (Resolved): Enabling Captive Portal on 2.4.5 breaks network connectivity: Enabling Captive Portal on 2.4.5 breaks connectivity even on interfaces which are not involved in Captive Portal. The... Jim Pingle
09:40 AM Todo #9976 (Feedback): strongswan: Update to 5.8.2: Renato Botelho
09:40 AM Todo #9976 (Resolved): strongswan: Update to 5.8.2: strongswan 5.8.2 was released Renato Botelho
09:32 AM Bug #9975 (Resolved): PHP error on upgrade from 2.4.4-p3 to 2.4.5: The following PHP errors come up when upgrading from 2.4.4-p3 to 2.4.5. They are not harmful, but are due to the libr... Jim Pingle
08:01 AM pfSense Packages Feature #9974 (Feedback): Add pfSense package for sysutils/node_exporter: PR has been manually merged. Thanks! Renato Botelho
08:00 AM pfSense Packages Feature #9974 (Resolved): Add pfSense package for sysutils/node_exporter: PR: https://github.com/pfsense/FreeBSD-ports/pull/653 Renato Botelho
07:58 AM pfSense Packages Bug #9807: Packets Monitoring graphs are being incorrectly scaled: This was picked back to 2.4.5 as well, so needs testing there. Jim Pingle
06:28 AM pfSense Packages Bug #9807 (Feedback): Packets Monitoring graphs are being incorrectly scaled: PR has been merged. Thanks! Renato Botelho
07:41 AM Feature #9078: Investigate adding knobs for explicit-exit-notify in OpenVPN: Applies cleanly to 2.4.5, so I picked it back. Jim Pingle
07:28 AM Feature #9972 (Pull Request Review): cert_build_list(): by default don't show certs without prv key: Jim Pingle
04:50 AM Feature #9972 (Resolved): cert_build_list(): by default don't show certs without prv key: by default don't show certs without prv key
allow to show it with using extra $noprv arg (can be used for CA certs)
... Viktor Gurov
07:28 AM pfSense Packages Feature #9973: Nagios NRPE package isn't IPv6 capable: Not a bug, but a missing feature. Jim Pingle
04:54 AM pfSense Packages Feature #9973 (New): Nagios NRPE package isn't IPv6 capable: In pfSense 2.4.4p3 Nagios NRPE package lacks IPv6 capabilities.
1. binding IP: I can only give one IP. For Dual St... Pim Pish
07:18 AM Feature #9111: Add IPsec VTI interface MTU support: I applied this patch to my 2.4.4 machines. They have been running for a while without issue. When I change the MTU it... Mix Room
07:13 AM Feature #9878 (Feedback): IPsec PKCS#11 authentication: PR has been merged. Thanks! Renato Botelho
07:02 AM Bug #9907 (Feedback): Do not show incompatible ECDSA certs for DNS Resolver: PR has been merged. Thanks! Renato Botelho
07:01 AM Feature #9842 (Feedback): Add CA/certificate renewal function: PR has been merged. Thanks! Renato Botelho
06:58 AM Bug #9602 (Feedback): Dynamic DNS with DigitalOcean not working: PR has been merged. Thanks! Renato Botelho
06:56 AM Bug #9969 (Feedback): static route remain in the OS routing table after deletion: PR has been merged. Thanks! Renato Botelho
06:19 AM pfSense Packages Bug #9219 (Feedback): STunnel: .pem files are created with incorrect permissions.: PR has been merged. Thanks! Renato Botelho
06:16 AM Bug #9873: Switching the System Update to Development renders the system unbootable: I've added a workaround on pfSense-repo post-install script to replace the call to `pkg info` by `pkg-static info` on... Renato Botelho

12/16/2019

11:52 PM Revision 9f6432f0: 2nd try: change config option to avoid positive checkbox = negative option → luckman212
10:18 PM Feature #9695 (Resolved): Add Ability to Force NAT-T Encapsulation on IKEv2 Peers: Jim Pingle
08:50 PM Feature #9695: Add Ability to Force NAT-T Encapsulation on IKEv2 Peers: Looks good in 2.4.5: WAN udp 172.25.228.9:4500 -> 172.25.228.13:4500 MULTIPLE:MULTIPLE 29 / 29 3 KiB / 3 KiB Chris Linstruth
08:30 PM Revision 8bd02833: Revise jquery/jquery-ui in csrf_error page, which needs its own copy: (cherry picked from commit fb249aefa378172d6c246e62d15a8da40d80c5b6) Steve Beaver
08:30 PM Revision fecb3f60: Correct jQuery include: (cherry picked from commit bb31e48e2c1eea6a7a3925f5398bce17c19f3af4) Steve Beaver
08:30 PM Revision 4398e08f: Renamed jQuery-ui files for consistency with jQuery naming: (cherry picked from commit b1a3d89a0278ff16c270b86fca8621e5457c05fd) Steve Beaver
08:30 PM Revision 16eae2f4: Fixed #9407: (cherry picked from commit df4262d0e1d8d460ba93b9fcde16476306ee21f6) Steve Beaver
06:09 PM Revision 88a34f7a: Add 2.4.5-DEVELOPMENT repository: Renato Botelho
06:07 PM Revision f02260ac: Add 2.4.5-DEVELOPMENT repository: Renato Botelho
05:33 PM Revision f645d52a: Token -> PKCS#11: Viktor Gurov
05:28 PM Revision 6ad0603b: escapeshellarg(): Viktor Gurov
05:27 PM Revision e43f0619: escapeshellarg(): Viktor Gurov
03:36 PM Bug #9971: sshguard error: Logging subprocess <pid> (exec /usr/local/sbin/sshguard) exited with status 1.: Looks like in https://bitbucket.org/sshguard/sshguard/commits/600ce84ff6ab745d5507b3b147f37890a1451a7e they changed i... Jim Pingle
02:59 PM Bug #9971 (Resolved): sshguard error: Logging subprocess <pid> (exec /usr/local/sbin/sshguard) exited with status 1.: sshguard logs an error repeatedly on recent snapshots:... Jim Pingle
02:44 PM Bug #9407: Update jQuery to current version (3.3.1 or later): I picked this back to 2.4.5, needs tested there, too. Move back to 2.5.0 after for good measure, though if it was goi... Jim Pingle
12:22 PM Revision 24df8e83: Revert "Fix the build of miniupnpd in 12, disable CHECK_PORTINUSE.": This reverts commit e79fdf50be24375840011100440c9edee8c978dd. Renato Botelho
12:22 PM Revision ea4f5078: Revert "Fix the build of miniupnpd in 12, disable CHECK_PORTINUSE.": This reverts commit b761d75c2edc056576c669d36574793c5d13bdda. Renato Botelho
10:32 AM Bug #9969 (Pull Request Review): static route remain in the OS routing table after deletion: Jim Pingle
10:24 AM Bug #9602 (Pull Request Review): Dynamic DNS with DigitalOcean not working: Jim Pingle
10:23 AM pfSense Packages Bug #9220 (Pull Request Review): STunnel: Tunnel list does not show certificate: Jim Pingle
09:01 AM pfSense Packages Bug #9220: STunnel: Tunnel list does not show certificate: https://github.com/pfsense/FreeBSD-ports/pull/720 Viktor Gurov
10:23 AM pfSense Packages Bug #9652 (Pull Request Review): Squid Proxy Server /var/squid/lib/ssl_db directory not found in squid.inc: Jim Pingle
10:23 AM pfSense Packages Bug #9219 (Pull Request Review): STunnel: .pem files are created with incorrect permissions.: Jim Pingle
10:22 AM pfSense Packages Bug #9807 (Pull Request Review): Packets Monitoring graphs are being incorrectly scaled: Jim Pingle
09:00 AM Feature #9970 (New): Captive Portal and SAML2 Integration: Adding a section in Captive Portal to perform authentication against a remote IdP via SAML.
I'd propose to use OneLo... Mauro Braggio
07:24 AM Todo #9603: Strongswan stroke is deprecated, move to swanctl/vici: Don't post anything here, but start a thread at https://forum.netgate.com/category/78/2-5-development-snapshots with ... Jim Pingle
01:52 AM Revision fe7a2304: DigitalOcean DynDNS description update. Close #9602: The description for DigitalOcean dynamic DNS is incorrect. The documentation currently states to "Enter @ as the host... karlhaworth

12/15/2019

07:56 PM Bug #9602: Dynamic DNS with DigitalOcean not working: Submitted PR : https://github.com/pfsense/pfsense/pull/4131 Crusty Cheeze
04:50 PM Bug #9602: Dynamic DNS with DigitalOcean not working: I got this same message.
The information inside pfsense is bad. "Cloudflare and DigitalOcean: Enter @ as the hostn... Crusty Cheeze
12:49 PM Bug #8413: Virtual IP on PPPOE interface no longer working with 2.4.3: Hi,
I am getting this exact same error when my PPPoE connection drops and pfSense tries to reestablish it.
At l... Nick R

12/14/2019

11:47 PM Todo #9603: Strongswan stroke is deprecated, move to swanctl/vici: Jim Pingle wrote:
> Applied in changeset commit:c6220dcf7faf3492713c6c30bb86d3971b2772a9.
Hello,
My setup has ... Florin Samareanu
04:48 PM Revision c1c375e6: more readable: Viktor Gurov
04:32 PM Revision 3e20d175: full cmd: route delete $fml $tgt $gw: Viktor Gurov
02:48 PM Revision e194f002: gui renaming pkcs11 -> token + show ID: Viktor Gurov
02:10 PM Revision efacf294: cert on token check: Viktor Gurov
02:10 PM Revision 367d8609: cert on token check: Viktor Gurov
11:07 AM Revision 403add46: cosmetic: Viktor Gurov
11:03 AM Revision 3edfe694: working: Viktor Gurov
10:37 AM Bug #9969: static route remain in the OS routing table after deletion: https://github.com/pfsense/pfsense/pull/4130 Viktor Gurov
09:57 AM Revision e881843a: pcscd service: Viktor Gurov
02:00 AM pfSense Packages Bug #9652: Squid Proxy Server /var/squid/lib/ssl_db directory not found in squid.inc: https://github.com/pfsense/FreeBSD-ports/pull/719 Viktor Gurov

12/13/2019

11:37 PM pfSense Packages Bug #9219: STunnel: .pem files are created with incorrect permissions.: https://github.com/pfsense/FreeBSD-ports/pull/718 Viktor Gurov
08:19 PM Revision 5f143b6e: some progress: Viktor Gurov
06:39 PM Revision 58264457: Fix #9873: Use pkg-static: When pkg repo points to a new major version pkg is updated, use
pkg-static binary to check PHP version and make sure ... Renato Botelho
06:36 PM Revision b71df062: Fix #9873: Use pkg-static: When pkg repo points to a new major version pkg is updated, use
pkg-static binary to check PHP version and make sure ... Renato Botelho
06:34 PM Revision 6cadca6b: Fix #9873: Use pkg-static: When pkg repo points to a new major version pkg is updated, use
pkg-static binary to check PHP version and make sure ... Renato Botelho
01:38 PM Bug #9123: Adding/configuring vlan on ixl-devices causes aq_add_macvlan err -53, aq_error 14: Hi,
As I explained in the forum : this is my currently working solution while runing 2.4.4p3:
- Using lagg in fai... Eric Machabert
01:38 PM Revision ef30c0a7: Move syslog format var to syslog.inc. Issue #9808: In some cases, PHP is unhappy with calls to gettext() in globals.inc Jim Pingle
12:45 PM Bug #9873 (Feedback): Switching the System Update to Development renders the system unbootable: Applied in changeset commit:6cadca6b1665260f7feac90e8c2345234ab66154. Renato Botelho
10:23 AM Bug #9969 (Resolved): static route remain in the OS routing table after deletion: after deleting static route on System / Routing / Static Routes page and/or deleting gateway on System / Routing / Ga... Viktor Gurov
10:04 AM Bug #9968: Configuration of assigned interfaces is deployed to unassigned ones: For good measure, I decided to try it out. Made a VM on ESX 6.7 with 10 NICs. Installed, configured 5 of them, left t... Jim Pingle
08:01 AM Bug #9968 (Not a Bug): Configuration of assigned interfaces is deployed to unassigned ones: This looks more like an issue with your config.xml or environment, and more discussion and detail is necessary. For e... Jim Pingle
07:56 AM Bug #9968 (Not a Bug): Configuration of assigned interfaces is deployed to unassigned ones: *Background:*
We are running pfSense virtualized on VMware vSphere platform with 10 vmxnet3 NICs (vmx0-vmx9), hardwa... Marek Částek
01:41 AM Revision e26ad76e: Add opts to services_dhcpv6.php and services_router_advertisements.php: Adds config options to disable pushing DNS server options to dhcp6
clients via dhcpd or radvd. Fixes an issue when us... → luckman212

12/12/2019

08:47 PM Feature #9302: radvd always advertises DNS servers and Domain Search List regardless of M or O flag: I only stumbled onto this issue after I had already found my own need for it and made a small patch for it. It's not ... → luckman212
07:25 PM Revision b16c3a12: Add option for RFC5424 syslog format. Implements #9808: Jim Pingle
03:50 PM Revision ce1ff928: small fixes: Viktor Gurov
01:35 PM Todo #9808 (Feedback): status_logs_settings.php: Add GUI option for syslog format: Applied in changeset commit:b16c3a12c61c117e9c8140b115efc7f9acea96c5. Jim Pingle
01:28 PM pfSense Packages Bug #9807: Packets Monitoring graphs are being incorrectly scaled: https://github.com/pfsense/FreeBSD-ports/pull/717 Viktor Gurov
07:02 AM pfSense Packages Bug #9807: Packets Monitoring graphs are being incorrectly scaled: They are a part of the Status_Monitoring package (which is included in the base install), so the files are in the fre... Jim Pingle
06:41 AM pfSense Packages Bug #9807: Packets Monitoring graphs are being incorrectly scaled: for some reason there is no rrd_fetch_json.php and status_monitoring.php files on github
fixed version:... Viktor Gurov
07:04 AM Todo #9903 (Resolved): Rename IPsec "RSA" options to more generic "Certificate" options: Jim Pingle
01:41 AM Todo #9903: Rename IPsec "RSA" options to more generic "Certificate" options: Jim Pingle wrote:
> Applied in changeset commit:d1f5587d48af48817336fdf8644ea7d7679cf037.
tested on 2.5.0.a.20191... Viktor Gurov
07:04 AM Bug #9879 (Resolved): PHP Warning: count(): Parameter must be an array or an object that implements Countable in /usr/local/www/system_crlmanager.php: Jim Pingle
01:39 AM Bug #9879: PHP Warning: count(): Parameter must be an array or an object that implements Countable in /usr/local/www/system_crlmanager.php: Jim Pingle wrote:
> Applied in changeset commit:a6487fc84dc85113354730ffe7f1d4a1141cf0c5.
tested on 2.5.0.a.20191... Viktor Gurov

12/11/2019

11:42 PM pfSense Packages Bug #9967 (Rejected): SSL Filter enable stopped Squid Proxy and guard filter services: Please post on the forum to discuss and identify the issue. There is not enough information here to know what the iss... Jim Pingle
10:12 PM pfSense Packages Bug #9967 (Rejected): SSL Filter enable stopped Squid Proxy and guard filter services: ear in pf sense 2.4.4-DEVELOPMENT (AMD64) when squid proxy sever enable the squid SSL Filtering option for block secu... Noman Akbar
06:06 PM Revision 6c665431: Update status.php to read swanctl.conf, not ipsec.conf: Also ensure that secrets are redacted, and change the strongswan.conf
command to match. Jim Pingle
04:45 PM Revision aa689bbc: Fix 2.4.5 repo ports branch (take 2): Renato Botelho
04:38 PM Revision fa463ace: Fix 2.4.5 repo ports branch: Renato Botelho
04:35 PM Revision 686068b0: Fix 2.5.0/2.4.5 repo configs: Renato Botelho
04:08 PM Revision 09b6735d: allow to disable APIPA blocking: Viktor Gurov
10:25 AM Feature #9966 (Pull Request Review): allow to disable APIPA blocking: Jim Pingle
10:13 AM Feature #9966 (Resolved): allow to disable APIPA blocking: allow to disable APIPA blocking,
some providers may utilize APIPA space for interconnect interfaces
see also htt... Viktor Gurov
10:22 AM Bug #9873 (In Progress): Switching the System Update to Development renders the system unbootable: Renato Botelho
10:09 AM Bug #2073: APIPA broadcasts forwarded by route-to: https://github.com/pfsense/pfsense/pull/4128 Viktor Gurov
08:13 AM pfSense Packages Bug #9965 (Resolved): Since 0.15.7_2, legit LDAP server certs cannot be selected anymore: Thanks for testing! Jim Pingle
08:00 AM pfSense Packages Bug #9965: Since 0.15.7_2, legit LDAP server certs cannot be selected anymore: Excellent; thank you very much! I can confirm this is fixed here! Didier Raboud
07:50 AM pfSense Packages Bug #9965 (Feedback): Since 0.15.7_2, legit LDAP server certs cannot be selected anymore: Fixed in 0.15.7_7 Jim Pingle
05:29 AM pfSense Packages Bug #9965 (Resolved): Since 0.15.7_2, legit LDAP server certs cannot be selected anymore: It seems that https://github.com/pfsense/FreeBSD-ports/commit/8cbbd84a374f4942e082c5898e93040c5ac65bbb broke the `/pk... Didier Raboud
07:53 AM pfSense Packages Bug #9962: HAproxy Upgrade needed HTTP/2 CVE-2019-19330: The new versions are in the ports tree in master, but need picked back to devel, RELENG_2_4_4, and RELENG_2_4_5 Jim Pingle
07:25 AM Feature #9754 (Resolved): Add separate authentication log: OpenVPN authentication is already placed in the auth log.... Jim Pingle
04:47 AM Feature #9754: Add separate authentication log: Jim Pingle wrote:
> I'm still not seeing a viable way to get the IPsec logs out when strongSwan handles the authenti... Viktor Gurov
07:22 AM Bug #9764 (Resolved): status.php: Sanitize barnyard_dbpwd: Jim Pingle
06:38 AM Bug #9764: status.php: Sanitize barnyard_dbpwd: Jim Pingle wrote:
> Needs checked and/or tested again on 2.4.5 snapshots
tested on 2.4.5.a.20191209.0732
Resolved Viktor Gurov
07:22 AM Bug #9727 (Resolved): status.php: Sanitize influx_pass: Jim Pingle
06:38 AM Bug #9727: status.php: Sanitize influx_pass: Jim Pingle wrote:
> Needs checked and/or tested again on 2.4.5 snapshots
tested on 2.4.5.a.20191209.0732
Resolved Viktor Gurov
07:21 AM Bug #9728 (Resolved): status.php: Sanitize tinc private key: Jim Pingle
06:37 AM Bug #9728: status.php: Sanitize tinc private key: Jim Pingle wrote:
> Needs checked and/or tested again on 2.4.5 snapshots
tested on 2.4.5.a.20191209.0732
Resolved Viktor Gurov
07:21 AM Bug #9729 (Resolved): status.php: Sanitize zabbix-agent tlspsk key: Jim Pingle
06:36 AM Bug #9729: status.php: Sanitize zabbix-agent tlspsk key: Jim Pingle wrote:
> Needs checked and/or tested again on 2.4.5 snapshots
tested on 2.4.5.a.20191209.0732
Resolved Viktor Gurov
07:21 AM Bug #9784 (Resolved): status.php: Sanitize bandwidthd db password: Jim Pingle
06:36 AM Bug #9784: status.php: Sanitize bandwidthd db password: Jim Pingle wrote:
> Needs checked and/or tested again on 2.4.5 snapshots
tested on 2.4.5.a.20191209.0732
Resolved Viktor Gurov
07:16 AM Bug #9744 (Resolved): fatal error if ECDH Curve not default: Jim Pingle
04:41 AM Bug #9744: fatal error if ECDH Curve not default: Jim Pingle wrote:
> I pushed an update in commit:ca3cddbec4 to change the OpenVPN curve list to match IPsec
teste... Viktor Gurov
07:16 AM Bug #9936 (Resolved): zombie alias check errors if no alises exist: Jim Pingle
04:38 AM Bug #9936: zombie alias check errors if no alises exist: Jim Pingle wrote:
> Applied in changeset commit:e99c638b78540efa478dbb3360943c67de72c1af.
tested on 2.5.0.a.20191... Viktor Gurov
07:16 AM Feature #9771 (Resolved): diag_reboot.php: add ability to reroot and reboot with fsck to WebGUI: Jim Pingle
04:14 AM Feature #9771: diag_reboot.php: add ability to reroot and reboot with fsck to WebGUI: Renato Botelho wrote:
> PR has been merged. Thanks
tested on 2.5.0.a.20191210.1722
Resolved Viktor Gurov
07:16 AM Bug #9964 (Duplicate): first step wizard error on SG-1000: That syntax error was fixed over a month ago, and the build issue that led to it being a problem in snapshots was fix... Jim Pingle
05:10 AM Bug #9964 (Duplicate): first step wizard error on SG-1000: After setting the admin password, I received a CSRF verification error, and after refreshing the page:... Viktor Gurov

12/06/2019

11:47 PM Bug #9961 (Resolved): status_upnp: UPnP status not showing rules when using override WAN address option: When using the override WAN address option (say for a CARP VIP), the Status / UPnP & NAT-PMP page shows NO entries, e... Christian McDonald
10:40 PM pfSense Packages Bug #9960 (Rejected): SSL Filter enable stopped Squid Proxy and guard filter services: Do not open issues here for this. Post on the forum to discuss and diagnose the problem and obtain more information. ... Jim Pingle
10:38 PM pfSense Packages Bug #9960 (Rejected): SSL Filter enable stopped Squid Proxy and guard filter services: dear in pf sense 2.5.0-DEVELOPMENT (AMD64) when squid proxy sever enable the squid SSL Filtering option for block sec... Noman Akbar
10:32 PM pfSense Packages Feature #9959 (Rejected): SSL Filter enable stopped Squid Proxy and guard filter services: Please post on the forum to discuss and identify the issue. There is not enough information here. 2.5.0 is in develop... Jim Pingle
10:29 PM pfSense Packages Feature #9959 (Rejected): SSL Filter enable stopped Squid Proxy and guard filter services: dear in pf sense 2.5.0-DEVELOPMENT (AMD64) when squid proxy sever enable the squid SSL Filtering option for block sec... Noman Akbar
03:41 PM Bug #9938: Queue stats parser broken if bytes > 9999999999: PR link: https://github.com/pfsense/pfsense/pull/4123 Jim Pingle
03:12 PM Todo #9245: Update copyright notices to 2020: See also: commit:38809d476acd3939b64bf3f3317792b99e5a1b9f Jim Pingle
01:02 PM Revision 62bac37e: Lower default_cert_expiredays warning threshold to 27 days: Even at 28, ACME still sometimes warns unnecessarily just before renewal. Jim Pingle
12:59 PM Revision c01a28ac: OpenVPN server cert default lifetime 825 days: (cherry picked from commit c576842887ac696dd5faf9d86d5447538d316069) Viktor Gurov
12:59 PM Revision 07f51b2f: Merge pull request #4126 from vktg/ovpnwiz825: Jim Pingle
09:24 AM Bug #9954 (Resolved): status_ipsec.php: Unable to manually connect P2 when P1 is up but not P2: On status_ipsec.php, if IKE (P1) is up but Child SAs (P2s) are not connected, there is no way to connect them without... Jim Pingle
08:16 AM Revision c5768428: OpenVPN server cert default lifetime 825 days: Viktor Gurov
07:38 AM Bug #9763 (Resolved): Trying to set VLAN Priority causes error: Jim Pingle
07:33 AM Bug #9763: Trying to set VLAN Priority causes error: Jim Pingle wrote:
> Needs checked and/or tested again on 2.4.5 snapshots
tested on 2.4.5.a.20191205.1442_3
ok,... Viktor Gurov
07:31 AM Bug #9867 (Resolved): Packet Capture IPv6 rejects all packets if CARP type is set in Protocol field: Jim Pingle
07:31 AM Bug #9867: Packet Capture IPv6 rejects all packets if CARP type is set in Protocol field: Jim Pingle wrote:
> Needs checked and/or tested again on 2.4.5 snapshots
tested on 2.4.5.a.20191205.1442_3
ok,... Viktor Gurov
07:30 AM Todo #9868 (Resolved): Add clientAuth EKU to Server type certificates: Jim Pingle
07:29 AM Todo #9868: Add clientAuth EKU to Server type certificates: Jim Pingle wrote:
> Needs checked and/or tested again on 2.4.5 snapshots
tested on 2.4.5.a.20191205.1442_3:
...
... Viktor Gurov
06:58 AM Feature #9825 (Resolved): Requirements for trusted certificates in iOS 13 and macOS 10.15: Viktor Gurov wrote:
> Change default GUI cert lifetime to 825 days - *OK*
That's all that needed testing, so it's... Jim Pingle
03:55 AM Feature #9825: Requirements for trusted certificates in iOS 13 and macOS 10.15: mark certificates with lifetime > 825 days:
https://github.com/pfsense/pfsense/pull/4127 Viktor Gurov
02:29 AM Feature #9825: Requirements for trusted certificates in iOS 13 and macOS 10.15: reduce OpenVPN wizard server cert lifetime to 825:
https://github.com/pfsense/pfsense/pull/4126 Viktor Gurov
02:28 AM Feature #9825: Requirements for trusted certificates in iOS 13 and macOS 10.15: Jim Pingle wrote:
> The default GUI cert lifetime of 825 days needs checked on 2.4.5 snapshots. If it's OK, move tar... Viktor Gurov
06:58 AM Bug #9953 (Not a Bug): no meta.txz, Unable to retrieve package information: It's expected to happen since we didn't make packages public yet while we do first round of tests Renato Botelho
12:37 AM Bug #9953 (Not a Bug): no meta.txz, Unable to retrieve package information: got 'Unable to retrieve package information.' error on package manager page
in console:... Viktor Gurov
06:56 AM Bug #9748 (Resolved): openvpn_wizard.xml: DH 15360 and 16384 fall back to 1024: Jim Pingle
02:05 AM Bug #9748: openvpn_wizard.xml: DH 15360 and 16384 fall back to 1024: Jim Pingle wrote:
> Needs checked and/or tested again on 2.4.5 snapshots
tested on 2.4.5.a.20191205.1442_3
ok,... Viktor Gurov
06:56 AM Bug #9719 (Resolved): system_certmanager.php - Descriptive name field disappeared when adding certificate for user: Jim Pingle
01:57 AM Bug #9719: system_certmanager.php - Descriptive name field disappeared when adding certificate for user: Jim Pingle wrote:
> Needs checked and/or tested again on 2.4.5 snapshots
tested on 2.4.5.a.20191205.1442_3
ok,... Viktor Gurov
06:56 AM Bug #9722 (Resolved): services_captiveportal_vouchers.php wrong status icon link: Jim Pingle
01:34 AM Bug #9722: services_captiveportal_vouchers.php wrong status icon link: Jim Pingle wrote:
> Needs checked and/or tested again on 2.4.5 snapshots
tested on 2.4.5.a.20191205.1442_3
ok,... Viktor Gurov
06:56 AM Bug #9756 (Resolved): vpn_openvpn_(client|server).php: js issue when selecting multiple NCP: Jim Pingle
01:30 AM Bug #9756: vpn_openvpn_(client|server).php: js issue when selecting multiple NCP: Jim Pingle wrote:
> Needs checked and/or tested again on 2.4.5 snapshots
tested on 2.4.5.a.20191205.1442_3
ok,... Viktor Gurov
06:13 AM Bug #9946: package install failed: unset the 'vital' flag with: pkg set -v 0 pfSense: James Dekker wrote:
> With the proper test repo pointing at 2.4.5, the packages install successfully.
gitsync is ... Renato Botelho
04:15 AM Bug #9944: cron package tries to send out mail with non-existing sendmail tool: Thanks for the explanation. In that case it would be nice to somehow utilize pfSense's notification settings (System/... Alex Kolesnik
01:59 AM Bug #9790: firewall aliases table with fqdn stays in system after deleting: Renato Botelho wrote:
> PR has been merged. Thanks!
tested on 2.5.0.a.20191205.1852
works, Resolved Viktor Gurov

12/05/2019

09:01 PM Revision 7ba6c13b: status_ipsec.php improvements: * Fixes Child SA button JS hide. Fixes #8847
* Adds Child SA count to JS button
* Fixes alignment of 'Connect' button... Jim Pingle
08:29 PM Revision c6220dcf: IPsec swanctl conversion. Implements #9603: * Converted IPsec configuration code from ipsec.conf ipsec/stroke style
to swanctl.conf swanctl/vici style. Issue #... Jim Pingle
07:34 PM Revision f9fbba13: 2.4.5 repo doesn't use ARCH_NEW: Renato Botelho
07:20 PM Revision 7b2fae37: Add 2.4.5 repo and use it as default: Renato Botelho
07:09 PM Revision 3414daaf: Point to devel repo by default: Renato Botelho
07:01 PM Revision ee4cfea3: Fix is_set/isset: (cherry picked from commit cb442cfa7406e561761a52c826c9c58e7a4ee2bc) Steve Beaver
06:35 PM Revision 55343921: Add packages to version string to support composite update: (cherry picked from commit 725c8134d390eefb4bb258893a27a278176158ac) Steve Beaver
05:23 PM Revision 1b16ff0d: Fix is_set/isset: (cherry picked from commit cb442cfa7406e561761a52c826c9c58e7a4ee2bc) Steve Beaver
04:33 PM Bug #9946: package install failed: unset the 'vital' flag with: pkg set -v 0 pfSense: With the proper test repo pointing at 2.4.5, the packages install successfully. Anonymous
04:13 PM Bug #9946 (Feedback): package install failed: unset the 'vital' flag with: pkg set -v 0 pfSense: (mistake on my end, error is still present)
putting back to Feedback for now. Anonymous
03:57 PM Bug #9946 (Resolved): package install failed: unset the 'vital' flag with: pkg set -v 0 pfSense: tested on 2.4.5 gitsync'd to RELENG_2_4_5, worked as expected, packages mentioned above installed without issue. (mis... Anonymous
01:14 PM Bug #9946 (Feedback): package install failed: unset the 'vital' flag with: pkg set -v 0 pfSense: It was caused because image was pointing to 2.4.4 repository by default.
I pushed a fix and it will be available o... Renato Botelho
11:23 AM Bug #9946: package install failed: unset the 'vital' flag with: pkg set -v 0 pfSense: FreeRADIUS
zabbix-proxy
avahi
frr
pfBlockerNG
pfBlockerNG-devel
suricata
snort
...need to test all package... Viktor Gurov
10:52 AM Bug #9946 (Resolved): package install failed: unset the 'vital' flag with: pkg set -v 0 pfSense: ... Viktor Gurov
04:00 PM Feature #9757 (Resolved): DH groups 25,26,27 not listed for phase1 & phase2: tested on 2.4.5 gitsync'd to RELENG_2_4_5, works as expected. Anonymous
03:12 PM Feature #9757 (Feedback): DH groups 25,26,27 not listed for phase1 & phase2: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:53 PM Bug #9945 (Resolved): wizard error on clean install: Jim Pingle
03:44 PM Bug #9945: wizard error on clean install: tested on 2.4.5 gitsync'd to RELENG_2_4_5, worked as expected. Anonymous
11:24 AM Bug #9945 (Feedback): wizard error on clean install: Fixed by commit:1b16ff0d5c Jim Pingle
10:45 AM Bug #9945 (Resolved): wizard error on clean install: after Time Server Information configuration page in wizard:... Viktor Gurov
03:29 PM Bug #9801: VTI IPv6 addresses don't get assigned: They are not public yet, but will be soon. We are doing some internal testing to catch obvious issues before pushing ... Jim Pingle
03:26 PM Bug #9801: VTI IPv6 addresses don't get assigned: I can do it but I can't see a download for 2.4.5 snapshot builds? Only 2.5. Ben Hughes
03:12 PM Bug #9801 (Feedback): VTI IPv6 addresses don't get assigned: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Feature #9911 (Feedback): Show confirmation box before disconnecting PPPoE: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Todo #9868 (Feedback): Add clientAuth EKU to Server type certificates: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9867 (Feedback): Packet Capture IPv6 rejects all packets if CARP type is set in Protocol field: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9851 (Feedback): PHP error in logs: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Feature #9791 (Feedback): Ability to filter Diagnostics ARP Table by IP range (DHCP): Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9784 (Feedback): status.php: Sanitize bandwidthd db password: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9764 (Feedback): status.php: Sanitize barnyard_dbpwd: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9763 (Feedback): Trying to set VLAN Priority causes error: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9756 (Feedback): vpn_openvpn_(client|server).php: js issue when selecting multiple NCP: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9748 (Feedback): openvpn_wizard.xml: DH 15360 and 16384 fall back to 1024: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9741 (Feedback): interfaces_ppps_edit.php: WebGUI don't show local ip / gateway ip values: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9736 (Feedback): status.php: Sanitize oinkcode and etprocode of snort/surricata: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9729 (Feedback): status.php: Sanitize zabbix-agent tlspsk key: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9728 (Feedback): status.php: Sanitize tinc private key: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9727 (Feedback): status.php: Sanitize influx_pass: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9722 (Feedback): services_captiveportal_vouchers.php wrong status icon link: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9719 (Feedback): system_certmanager.php - Descriptive name field disappeared when adding certificate for user: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9708 (Feedback): /etc/inc/unbound.inc: Pfsense Default Unbound Configuration does not Prevent DNS Rebinding Attacks Against Localhost: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Feature #9695 (Feedback): Add Ability to Force NAT-T Encapsulation on IKEv2 Peers: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Feature #9694 (Feedback): Redact ACB encryption password from status.php: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Feature #9693 (Feedback): Bypass automatic backups: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Feature #9620 (Feedback): User privilege to manage integrated switch: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9586 (Feedback): Unbound Access List /31 UI Issue: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9584 (Feedback): Potential XSS in services_acb.php via hostname parameter with legacy settings: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9582 (Feedback): PHP error setting up VLANs from the console: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9569 (Feedback): Fix serial console terminal size issues: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9558 (Feedback): GPS NTP source PHP errors: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9550 (Feedback): New privilege matching method does not allow menu or tab links to anchors (#foo): Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9543 (Feedback): diag_dns.php: Reverse lookup of IPv6 fails with "Host must be a valid hostname or IP address.": Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9541 (Feedback): Non-admin user with admin rights is given the wrong URL for the user manager: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9540 (Feedback): PHP Uncaught Error in Status/System Logs/Firewall/Dynamic View: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Feature #9532 (Feedback): GUI indication and options for MDS mitigation: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9522 (Feedback): Diagnostics > System Activity shows only the header: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9466 (Feedback): DHCP (IPv4) relay mistakenly listening on upstream interface: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9448 (Feedback): Dynamic DNS options showing in GUI for IPv6 when not in use: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Feature #9412 (Feedback): Add sorting and search/filtering to CA/Certificates: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Feature #9323 (Feedback): Option to hide 'Kernel PTI' from sysinfo widget: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9296 (Feedback): Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9292 (Feedback): Default route as indicated by "(Default)" does not match the actual default route on the OS.: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Feature #9285 (Feedback): Add an option to disable the ping-check in dhcpd: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9258 (Feedback): Error deleting tunnel type P2 when mixed with VTI: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Bug #9218 (Feedback): SNMP sysDescr does not display hostname and patch version: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Feature #9111 (Feedback): Add IPsec VTI interface MTU support: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:12 PM Feature #7791 (Feedback): include /usr/bin/strings in core pfSense: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:11 PM Feature #3792 (Feedback): Group name size limit too restrictive on Active Directory Users: Needs checked and/or tested again on 2.4.5 snapshots Jim Pingle
03:07 PM Bug #8847: IPsec status "Show Child SA entries" button only expands and never collapses: I backported the status_ipsec.php changes that fixed this to 2.4.5 as well, see commit:7ba6c13bc6 Jim Pingle
02:40 PM Bug #8847 (Feedback): IPsec status "Show Child SA entries" button only expands and never collapses: Applied in changeset commit:c6220dcf7faf3492713c6c30bb86d3971b2772a9. Jim Pingle
01:42 PM Bug #8847 (In Progress): IPsec status "Show Child SA entries" button only expands and never collapses: I've fixed this as a part of a larger set of changes about to be committed. Jim Pingle
02:40 PM Todo #9603 (Feedback): Strongswan stroke is deprecated, move to swanctl/vici: Applied in changeset commit:c6220dcf7faf3492713c6c30bb86d3971b2772a9. Jim Pingle
02:35 PM Bug #8472 (Feedback): IPsec with "Split connections" enabled (multiple P2's) - new added P2's are not coming up (between two pfsense's 2.4.3): This needs tested again on a 2.5.0 snapshot after the changes for #9603 are available in a build. Jim Pingle
02:35 PM Bug #8015 (Feedback): IPsec VPN Not Reconnecting until complete reboot: This needs tested again on a 2.5.0 snapshot after the changes for #9603 are available in a build. Jim Pingle
11:54 AM pfSense Docs Correction #9951 (Closed): Feedback on VPN — OpenVPN — Configuring a Single Multi-Purpose OpenVPN Instance: *Page:* https://docs.netgate.com/pfsense/en/latest/recipes/openvpn-multi-purpose.html
*Feedback:* These instructio... Nicholas Walker
11:24 AM Bug #9949 (Duplicate): openvpn wizard error: Duplicate of #9945 Jim Pingle
11:12 AM Bug #9949 (Duplicate): openvpn wizard error: ... Viktor Gurov
10:29 AM Bug #9944 (Not a Bug): cron package tries to send out mail with non-existing sendmail tool: That's sort of on purpose. We don't ship anything like sendmail in the base system.
There is a sendmail work-alike... Jim Pingle
10:11 AM Bug #9944 (Not a Bug): cron package tries to send out mail with non-existing sendmail tool: Hi,
To reproduce, create a simple cron job, like:... Alex Kolesnik
07:59 AM Feature #9869 (Resolved): Allow CRL entries to be made by serial number: Jim Pingle
07:56 AM Feature #9943 (Pull Request Review): status_ipsec.php: show encr-keysize: Jim Pingle
03:00 AM Feature #9943 (Duplicate): status_ipsec.php: show encr-keysize: Show size of selected encryption algo on Status \ IPsec page
without it, AES-GCM 128/192/256 is always displayed AES... Viktor Gurov
07:20 AM Bug #9914: dhcp6c wont work on reboot, only after service restart: Yes. The default installation configuration of some devices such as our XG-7100 includes VLAN on LAGG, and dhcp6c is ... Jim Pingle
07:17 AM Bug #9914: dhcp6c wont work on reboot, only after service restart: Did you use VLAN on your lagg? I can reproduce the issue when using VLAN on a lagg in a fresh installed pfsense VM. Seyfidin Hamraoui

12/04/2019

11:41 PM Feature #9869: Allow CRL entries to be made by serial number: tested on 2.5.0.a.20191203.0148
Resolved Viktor Gurov
04:32 PM Revision 864cf5e1: Revert "Enable Multipath in FRR 7. Implements #9545": This reverts commit 5fc75545d779e56468ec8c30e573c87f491a980a. Renato Botelho
04:32 PM Revision b0e6754e: Revert "Restore newline at EOF": This reverts commit bb51e33ba32e0e9b4b6925564c1183cc77923900. Renato Botelho
03:57 PM Revision 66d76b76: Fix #6846: Properly detect Super Micro C2558/C2758: (cherry picked from commit 4de6f04d5f4eb69e9293dad6f47ce66f7d3baec1) Renato Botelho
03:37 PM Revision 2c63d42e: Add RFC 8031 Group 31 to IPsec. Implements #9531: (cherry picked from commit 4fc267484e604509b072b398642f19cb6797ef21) Jim Pingle
10:06 AM Feature #9531: [IPSEC] Add additional curve-based DH Groups (31+): Jim Pingle wrote:
> I picked back the Group 31 change only to 2.4.5 to test since it was reported to function. If it... Jens Groh
09:38 AM Feature #9531 (Feedback): [IPSEC] Add additional curve-based DH Groups (31+): I picked back the Group 31 change only to 2.4.5 to test since it was reported to function. If it works, re-target thi... Jim Pingle
08:03 AM Feature #9825 (Feedback): Requirements for trusted certificates in iOS 13 and macOS 10.15: The default GUI cert lifetime of 825 days needs checked on 2.4.5 snapshots. If it's OK, move target back to 2.5.0 sin... Jim Pingle
06:34 AM Bug #9723 (Not a Bug): DHCPv6 server for several interfaces isn't working on all interfaces: Jim Pingle
02:23 AM Bug #9723: DHCPv6 server for several interfaces isn't working on all interfaces: I cannot reproduce this any more. I don't know how this happened but now it's working. Pim Pish
02:20 AM Feature #9942 (New): Give pfSense the possibility to change the keyboard Layout for console users: In pfSense 2.4.4 you can choose a keyboard Layout during installation but the selection won't affect the system. Keyb... Pim Pish

12/03/2019

04:52 PM Revision e79fdf50: Fix the build of miniupnpd in 12, disable CHECK_PORTINUSE.: (cherry picked from commit b761d75c2edc056576c669d36574793c5d13bdda) Luiz Souza
04:37 PM Revision 8df1dee2: Remove zabbix 3.2 and 3.4 options: (cherry picked from commit 1b5941ebe023ad5f72c93325cc427d2e7af5bd56) Renato Botelho
04:36 PM Revision 3b8482db: Enable LDAP for sudo and build nss_ldap. Fixes #9399: (cherry picked from commit 7db5a396d398b010bfb70048881a6cec0577338f) Jim Pingle
04:34 PM Revision 239192a0: Set bind 9.12 options: (cherry picked from commit 342519c47e300cd355d8dbe023704ebba4235299) Renato Botelho
04:33 PM Revision bb51e33b: Restore newline at EOF: (cherry picked from commit 840a0d4335182056f6eb0942d5661e83b400ac8b) Renato Botelho
04:33 PM Revision 5fc75545: Enable Multipath in FRR 7. Implements #9545: (cherry picked from commit 1836b0c237efdf9bf2ce9fab798f2718f0fd6028) Jim Pingle
04:29 PM Revision ed236d9a: Remove zabbix 2.2 leftovers: Renato Botelho
03:49 PM Revision 328d24fe: Remove zabbix 2.2, 3.2 and 3.4 packages: Renato Botelho
03:35 PM Revision e34757e3: Fix drm port name: Renato Botelho
03:33 PM Revision 95a45da5: Revert "Build net/ng_etf-kmod": Add it to 2.4.5 kernel
This reverts commit 82887eb03ff3d3c83a3cc6295ad73214284329d0. Renato Botelho
01:49 PM Revision 4e02ccf7: Bump version to 2.4.5: Renato Botelho
01:36 PM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: Luiz Souza wrote:
> A fix based on Gavin's PR was committed, please let me know if the problem persists.
>
> Than... Robert Gijsen
10:14 AM Bug #9941: Enabling OpenVPN interface should not validate PPPoE passwords: You can apply the patch from the other issue to test using the System Patches package -- if you need help figuring th... Jim Pingle
10:07 AM Bug #9941: Enabling OpenVPN interface should not validate PPPoE passwords: Jim Pingle wrote:
> This is probably solved by #9864, if not, it's your browser auto-fill that is the problem here.
... Nick DeMarco
09:56 AM Bug #9941 (Duplicate): Enabling OpenVPN interface should not validate PPPoE passwords: This is probably solved by #9864, if not, it's your browser auto-fill that is the problem here. Jim Pingle
09:54 AM Bug #9941 (Duplicate): Enabling OpenVPN interface should not validate PPPoE passwords: Enabling the OpenVPN interface fails if the browser autofills a password in the hidden field PPPoE Password. The brow... Nick DeMarco
01:51 AM Feature #9939: Scheduled update or upgrade option: Jim Pingle wrote:
> That is still very dangerous. An upgrade should always be directly monitored by the admin in cas... Robbie van Moerkerk

12/02/2019

07:04 PM Revision 9d6adc62: "don't" -> "doesn't" (typo fix for help text): something-big
05:16 PM Bug #9296 (Resolved): Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: Luiz Souza
02:41 PM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: * Luiz Souza wrote:
> A fix based on Gavin's PR was committed, please let me know if the problem persists.
Conf... Christian Ullrich
08:40 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: * Robert Gijsen wrote:
> Maybe a stupic question, but as I don't have any git or build tools available within pfSe... Christian Ullrich
05:25 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: Luiz Souza wrote:
> A fix based on Gavin's PR was committed, please let me know if the problem persists.
>
> Than... Robert Gijsen
04:26 PM pfSense Packages Bug #9849: NUT not starting as root? Isn't loading USB drivers?: Braden McGrath wrote:
> Ryan McCullough wrote:
> > It looks like the NUT/UPS driver isn't loading the USB driver un... Ryan McCullough
04:16 PM pfSense Packages Bug #9849: NUT not starting as root? Isn't loading USB drivers?: Ryan McCullough wrote:
> It looks like the NUT/UPS driver isn't loading the USB driver unless I pass the "-u root" p... Braden McGrath
01:57 PM Revision 5a0f6513: simplify queue stats parser: Lucas Held
01:24 PM pfSense Packages Bug #9940 (Duplicate): Removing "default" view under monitoring blocked: Duplicate of #9352 Jim Pingle
12:56 PM pfSense Packages Bug #9940 (Duplicate): Removing "default" view under monitoring blocked: I managed to add a extra view named "default" in the monitoring page. When trying to remove said misstake it is not p... Joakim Dellrud
09:35 AM Feature #9939: Scheduled update or upgrade option: That is still very dangerous. An upgrade should always be directly monitored by the admin in case it does not go as p... Jim Pingle
08:20 AM Feature #9939: Scheduled update or upgrade option: Jim Pingle wrote:
> Having any kind of fully automated update function is very dangerous. Since the process can be t... Robbie van Moerkerk
07:33 AM Feature #9939 (Rejected): Scheduled update or upgrade option: Having any kind of fully automated update function is very dangerous. Since the process can be triggered from the con... Jim Pingle
05:37 AM Feature #9939 (Rejected): Scheduled update or upgrade option: While updating our pfsense cluster we would like to schedule the update/ upgrade found. Please implement an option to... Robbie van Moerkerk
07:33 AM Bug #9938 (Pull Request Review): Queue stats parser broken if bytes > 9999999999: Jim Pingle

12/01/2019

05:34 PM Revision e5deede5: support variable value length in queue stats parser: Lucas Held
01:03 PM Bug #9938 (Resolved): Queue stats parser broken if bytes > 9999999999: Hello,
currently the queue stats parser in the file "/etc/inc/shaper.inc" assumes that the bytes value does not exce... Lucas Held

11/29/2019

09:39 PM Feature #9639: Cloudflare DDNS "API Token": +1 to getting them supported in the Dynamic DNS service.
They are already supported in the "acme" plugin, but they... John M
07:05 PM Revision 7ee29634: curve_compatible_list - array of all compat curves: Viktor Gurov
02:41 PM Revision e99c638b: Init aliases array before use. Fixes #9936: Jim Pingle
02:08 PM Revision 5b535261: Allow revoking serial '0' by number. Fixes #9869: Jim Pingle
01:49 PM Revision 1b970bb2: Only try existent devices when looking for the dump device.: Luiz Souza
08:50 AM Bug #9936 (Feedback): zombie alias check errors if no alises exist: Applied in changeset commit:e99c638b78540efa478dbb3360943c67de72c1af. Jim Pingle
08:41 AM Bug #9936 (In Progress): zombie alias check errors if no alises exist: Jim Pingle
08:46 AM Feature #9937: OpenVPN Login User Privilege: If this is added it would have to be off by default and enabled on a per-server basis. Jim Pingle
08:29 AM pfSense Packages Bug #9935 (Pull Request Review): hide ECDSA certs for Zabbix: Jim Pingle
08:27 AM Feature #9842 (Pull Request Review): Add CA/certificate renewal function: Jim Pingle
08:15 AM Feature #9869 (Feedback): Allow CRL entries to be made by serial number: Applied in changeset commit:5b535261acc969af2e22dcbd6798c881d42a576a. Jim Pingle
07:41 AM Feature #9869 (In Progress): Allow CRL entries to be made by serial number: Jim Pingle
08:11 AM Bug #9785 (Resolved): ACB permits manual backup attempt when disabled: Jim Pingle
07:41 AM pfSense Packages Bug #9932 (Rejected): Squid is not showing CAs for SSL Interception: Can't reproduce this on 2.5.0 or 2.4.4 Both show CAs as they should. Post on the forum if you are still having issues. Jim Pingle

11/28/2019

02:33 PM Revision 6c97c186: Typo fix: (cherry picked from commit 463d5d11726084575b166dffe4b85164b2f5a5c3) Steve Beaver
01:46 PM Revision 00d9ce91: typo: Viktor Gurov
01:37 PM Revision 941470ef: prime256v1 ec curve for renew: Viktor Gurov
11:42 AM Feature #9937 (New): OpenVPN Login User Privilege: Hello pfsense development Team,
It would be awesome to have a "VPN - User: Openvpn Dialin" privilege in the Group ... Arthur Besnard
11:24 AM Bug #9936 (Resolved): zombie alias check errors if no alises exist: It appears not to check if aliases exist on the system before trying to load the array throwing this error:... Steve Wheeler
10:18 AM pfSense Packages Bug #9935 (Resolved): hide ECDSA certs for Zabbix: ECDSA certificates are not yet supported in Zabbix
see https://support.zabbix.com/browse/ZBXNEXT-5475
https:/... Viktor Gurov
08:59 AM Bug #8468: Status / Queues show mostly NaN: Same problem here, some values are displayed as NaN in the status_queues page.
2 screenshots attached, the diag_pfto... Jo S
08:00 AM pfSense Packages Bug #9934: suricata update kills WAN interface: Suricata is running in INLINE IPS mode. Every time, when suricata is stopped or started, it does a link up/down. Is t... Srijan Nandi
07:28 AM pfSense Packages Bug #9934 (Closed): suricata update kills WAN interface: Hello Everyone,
I am running pfSense *2.4.4-RELEASE-p3 (amd64*) with suricata *VERSION 4.1.5_2*. I had set suricat... Srijan Nandi
07:43 AM Feature #9842: Add CA/certificate renewal function: https://github.com/pfsense/pfsense/pull/4122
I think that we need to decide which EC is minimum.
prime256v1 or se... Viktor Gurov
03:40 AM Feature #9842: Add CA/certificate renewal function: Jim Pingle wrote:
> This should be complete for now. I didn't add a CLI script, as it didn't seem necessary yet. On ... Viktor Gurov
07:31 AM Bug #9296 (Feedback): Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: A fix based on Gavin's PR was committed, please let me know if the problem persists.
Thanks Luiz Souza
05:29 AM Bug #9933 (Resolved): Captive Portal + Voucher not keeping auto-added "Pass-through MAC Auto Entry": With Captive Portal, the "Enabled Pass-through MAC Auto Entry" should normally keep definitvly the MAC address into t... Johan DEVELON
04:45 AM Feature #9862 (Resolved): Add support for waiting between ping-packages on diag_ping.php: Renato Botelho
04:15 AM Feature #9862: Add support for waiting between ping-packages on diag_ping.php: Renato Botelho wrote:
> PR has been merged. Thanks!
tested on pfSense 2.5.0.a.20191127.2047
works as expected,... Viktor Gurov
04:17 AM Bug #9785: ACB permits manual backup attempt when disabled: tested on pfSense 2.5.0.a.20191127.2047
'backup' button is inactive when ACB disabled
Resolved Viktor Gurov
03:47 AM Feature #9869: Allow CRL entries to be made by serial number: tested on pfSense 2.5.0.a.20191127.2047
it do not save serial number 0 (zero) Viktor Gurov
02:55 AM pfSense Packages Feature #9901 (Resolved): show ECDSA CAs only with correct curves: tested on pfSense 2.5.0.a.20191127.2047 with squid 0.4.44_9
correct, resolved Viktor Gurov
02:54 AM pfSense Packages Feature #9906 (Resolved): show ECDSA CAs and certs only with correct curves: tested on pfSense 2.5.0.a.20191127.2047 with freeradius3 0.15.7_6
correct, resolved Viktor Gurov
02:53 AM pfSense Packages Bug #9919 (Resolved): stunnel server connection failure if ECDSA cert is not in IPsec list: tested on pfSense 2.5.0.a.20191127.2047 with stunnel 5.50_2
correct, resolved Viktor Gurov
02:51 AM pfSense Packages Feature #9929 (Resolved): show only ECDSA-safe exports packages: tested on pfSense 2.5.0.a.20191127.2047 with openvpn-client-export 1.4.19_1
correct, resolved Viktor Gurov

11/27/2019

04:32 PM Revision f6e1c731: Switch default NTP pool server. Fixes #9931: 2.<x> pools contain both IPv4 and IPv6 hosts.
(cherry picked from commit ae132b611439c15003578e38ec338a60eb9ed904) Jim Pingle
04:32 PM Revision 65db2067: Switch default NTP pool server. Fixes #9931: 2.<x> pools contain both IPv4 and IPv6 hosts. Jim Pingle
04:31 PM Revision 0f64460f: Merge pull request #4098 from vktg/delzombiealiases: Renato Botelho
04:29 PM Revision 3b2fb394: Merge pull request #4105 from vktg/guirebootarmcheck: Renato Botelho
04:28 PM Revision fcb61f94: Make hostname optional for for DNS-O-Matic.: This resolves ticket #7601.
(cherry picked from commit 1ccc327f0014d74de501a066df556add28c38e78) gizmotronic
04:28 PM Revision bc542876: Merge pull request #4120 from gizmotronic/dnsomatic-hostname-optional: Renato Botelho
12:06 PM pfSense Packages Bug #9932: Squid is not showing CAs for SSL Interception: Correct Version: 0.4.44_9 Nicolas Bezutt
11:58 AM pfSense Packages Bug #9932 (Rejected): Squid is not showing CAs for SSL Interception: After update to 0.4.4_9, the CA field in SSL Man In The Middle Filtering is no more showing any certificates. Older V... Nicolas Bezutt
11:26 AM Feature #9883 (Resolved): Allow CAs to use randomized serials when signing: Jim Pingle
11:12 AM Feature #9883: Allow CAs to use randomized serials when signing: tested on pfSense 2.5.0.a.20191126.1832
it successfully creates random serials when creating certificates or sig... Viktor Gurov
10:40 AM Bug #9931 (Feedback): 0.pfsense.pool.ntp.org doesn't work on IPv6 only installations: Applied in changeset commit:65db20674d716208e340b96471ff98d1bb0c957b. Jim Pingle
10:34 AM Bug #9931: 0.pfsense.pool.ntp.org doesn't work on IPv6 only installations: I didn't see the PR and had already made the change after testing it out locally, it will show up soon. Jim Pingle
10:15 AM Bug #9931: 0.pfsense.pool.ntp.org doesn't work on IPv6 only installations: Changed in https://github.com/pfsense/pfsense/pull/4121 Isaac McDonald
09:59 AM Bug #9931 (Resolved): 0.pfsense.pool.ntp.org doesn't work on IPv6 only installations: I debated whether this should be considered a bug or a feature. I ultimately decided it should be considered a bug se... Isaac McDonald
10:32 AM Bug #9790 (Feedback): firewall aliases table with fqdn stays in system after deleting: PR has been merged. Thanks! Renato Botelho
10:30 AM Feature #9771 (Feedback): diag_reboot.php: add ability to reroot and reboot with fsck to WebGUI: Renato Botelho
10:30 AM Feature #9771: diag_reboot.php: add ability to reroot and reboot with fsck to WebGUI: PR has been merged. Thanks Renato Botelho
10:29 AM Bug #7601 (Feedback): Dynamic DNS - Hostname should not be required for DNS-O-Matic: PR has been merged. Thanks! Renato Botelho
07:42 AM Bug #7601 (Pull Request Review): Dynamic DNS - Hostname should not be required for DNS-O-Matic: Jim Pingle
10:24 AM pfSense Packages Feature #9929 (Feedback): show only ECDSA-safe exports packages: PR has been merged. Thanks! Renato Botelho
07:59 AM pfSense Packages Feature #9929 (Pull Request Review): show only ECDSA-safe exports packages: Jim Pingle
04:32 AM pfSense Packages Feature #9929: show only ECDSA-safe exports packages: two more packages with certificates left - Zabbix-agent and Net-SNMP Viktor Gurov
04:29 AM pfSense Packages Feature #9929 (Resolved): show only ECDSA-safe exports packages: show only ECDSA-safe exports packages on OpenVPN \ Client Export Utility page
i.e. certs with prime256v1, secp384r... Viktor Gurov
10:23 AM pfSense Packages Feature #9901 (Feedback): show ECDSA CAs only with correct curves: PR has been merged. Thanls! Renato Botelho
09:23 AM Revision 192d769c: switch to IPsec cert list: Viktor Gurov
09:16 AM Revision 0619c2b5: cosmetic: Viktor Gurov
09:13 AM Revision 0de3991f: Merge branch 'master' into p11ipsec: vktg
08:59 AM Revision aad37244: rebase: Viktor Gurov
08:57 AM Revision 2d604c8b: successful connection: Viktor Gurov
08:57 AM Revision 5fe27d1c: more: Viktor Gurov
08:34 AM Revision 8b859d91: first steps: Viktor Gurov
08:26 AM Revision 43996917: merge with upstream: Viktor Gurov
07:50 AM Bug #9296 (Pull Request Review): Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: Jim Pingle
04:27 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: I have a fix for this, and have created a pull request.
https://github.com/pfsense/FreeBSD-ports/pull/714 Gavin Stewart
12:29 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: Gavin Stewart wrote:
> I now have a minimal and repeatable set of steps to reproduce this.
Actually, I have revis... Gavin Stewart
07:47 AM Feature #9928 (Duplicate): Allow keyless certificates in the Cert Client admin tool: Duplicate of #9834 Jim Pingle
02:55 AM Feature #9928 (Duplicate): Allow keyless certificates in the Cert Client admin tool: Would be useful to also allow for certificates without a key to be created/managed in the cert admin tool.
E.g. ... Dirk-Willem van Gulik
07:46 AM Feature #9927 (Duplicate): Allow Aliases in fields on VPN/OpenVPN/Servers/Edit - in particular for "IPv4 Local network(s)": Duplicate of #2668 Jim Pingle
02:52 AM Feature #9927 (Duplicate): Allow Aliases in fields on VPN/OpenVPN/Servers/Edit - in particular for "IPv4 Local network(s)": Would be useful to allow Aliases in particularly the "IPv4 Local network(s)" of the OpenVPN server setup.
As this... Dirk-Willem van Gulik
07:45 AM Bug #9920 (Resolved): system_crlmanager.php: CRL export file is empty if CA key type is ECDSA: My PR was merged upstream and we're on the latest version as well now, without needing a patch. That was finished the... Jim Pingle
12:08 AM Bug #9920: system_crlmanager.php: CRL export file is empty if CA key type is ECDSA: Jim Pingle wrote:
> I added that patch to our port:
>
> https://github.com/pfsense/FreeBSD-ports/commit/1bdb4e58d... Viktor Gurov
07:41 AM Feature #9896 (Resolved): Add poly1305-chacha20 to the TLSv1.2 cipher list in nginx: Jim Pingle
06:38 AM Feature #9896: Add poly1305-chacha20 to the TLSv1.2 cipher list in nginx: Renato Botelho wrote:
> PR has been merged. Thanks
Tested on pfSense 2.5.0.a.20191126.1832... Viktor Gurov
07:40 AM Bug #9930 (Not a Bug): Dpinger fills log with sendto errors when VPN is down: We do not maintain dpinger, if you want to suggest a change to dpinger, raise it on their bug tracker: https://github... Jim Pingle
07:10 AM Bug #9930 (Not a Bug): Dpinger fills log with sendto errors when VPN is down: I have configured a tinc VPN Interface and I have a Gateway on that connection. If the remote host goes down (meaning... Flole Systems
07:02 AM Feature #9905 (Resolved): ospf / ospv3 packet capture: Renato Botelho
04:37 AM Feature #9905: ospf / ospv3 packet capture: tested on 2.5.0.a.20191126.1832
works, Resolved Viktor Gurov
05:22 AM Revision 647bbe86: array_diff fix: Viktor Gurov
05:20 AM Revision 75b83f36: array_diff fix: Viktor Gurov
05:11 AM Revision 96d0cb2d: php_uname func: Viktor Gurov
02:43 AM Revision 1ccc327f: Make hostname optional for for DNS-O-Matic.: This resolves ticket #7601. gizmotronic

11/26/2019

08:19 PM Revision 176c7256: traffic-graphs, don't stop drawing graphs when a interface is disabled: traffic-graphs, don't stop drawing graphs when a interface is disabled Pi Ba
04:56 PM Revision f61a794a: Unset temp vars when refreshing CRLs. Issue #9915: Otherwise it might unintentionally add a CRL to a server which does not
have one selected Jim Pingle
04:05 PM Revision 475d712b: When refreshing CRLs, increment suffix, do not clean up. Fixes #9915: While here, fix a bug with refresh path. Jim Pingle
04:00 PM pfSense Docs Correction #9926 (Closed): Feedback on Virtualization — Virtualizing pfSense with VMware vSphere / ESXi: Thanks! Jim Pingle
03:39 PM pfSense Docs Correction #9926 (Closed): Feedback on Virtualization — Virtualizing pfSense with VMware vSphere / ESXi: *Page:* https://docs.netgate.com/pfsense/en/latest/virtualization/virtualizing-pfsense-with-vmware-vsphere-esxi.html
... Bjorn Formo
03:15 PM Revision 84041dcf: Correctly populate CRL issuer in crl_contains_cert. Fixes #9924: Jim Pingle
03:07 PM pfSense Docs Correction #9925 (Closed): Feedback on VPN — OpenVPN — Troubleshooting Windows OpenVPN Client Connectivity: *Page:* https://docs.netgate.com/pfsense/en/latest/vpn/openvpn/troubleshooting-windows-openvpn-client-connectivity.ht... Steve Wheeler
02:22 PM Feature #9828: L2TP (long) username containing @ (realm separator): Any proposed changes should be submitted via pull request so they can be reviewed, discussed, and merged.
https://... Jim Pingle
01:47 PM Feature #9828: L2TP (long) username containing @ (realm separator): bump, anyone? Arjan van der Oest
02:21 PM Todo #9603 (In Progress): Strongswan stroke is deprecated, move to swanctl/vici: I'm looking this over. A few more useful links:
swanctl.conf format:
https://wiki.strongswan.org/projects/strongs... Jim Pingle
02:14 PM Revision 3c1249b3: Add 'none' option to cert_build_list. Issue #9923: Jim Pingle
10:15 AM Todo #9915 (Feedback): Convert OpenVPN to CAPath: Applied in changeset commit:475d712b910e197256c06634051e1ad75be4bdfe. Jim Pingle
10:03 AM Todo #9915: Convert OpenVPN to CAPath: That method does work to update CRLs, so I'll adjust the code to work that way.
Still doesn't work for intermediat... Jim Pingle
09:47 AM Todo #9915 (In Progress): Convert OpenVPN to CAPath: Something else to consider is to increment the CRL suffix number (e.g. r0 -> r1 -> r2), which may trick OpenSSL into ... Jim Pingle
09:44 AM Todo #9915: Convert OpenVPN to CAPath: While the new structure functions well at startup, it does appear as though the CRL status is cached at startup. When... Jim Pingle
09:25 AM Bug #9924 (Feedback): crl_contains_cert() does not correctly report revoked status for intermediate CAs: Applied in changeset commit:84041dcfd744d2dbbcee90338705c12b4c844e96. Jim Pingle
09:14 AM Bug #9924 (Resolved): crl_contains_cert() does not correctly report revoked status for intermediate CAs: If a certificate is issued by an intermediate CA and revoked in a CRL for that intermediate CA, @crl_contains_cert()@... Jim Pingle

11/25/2019

09:50 PM Revision 348c2af1: Restructure OpenVPN settings directory layout: * Changed from /var/etc/openvpn[-csc]/<mode><id>.<file> to
/var/etc/openvpn/<mode><id>/<x>
* This keeps all settings ... Jim Pingle
05:24 PM Revision 67f362de: Merge pull request #4114 from vktg/ospfpcap: Renato Botelho
05:18 PM Revision 22820e3a: Merge pull request #4107 from Godwottery/Godwottery-ping-wait: Renato Botelho
05:17 PM Revision fb8ee03c: Merge pull request #4108 from Augustin-FL/Augustin-FL-patch-builder-common: Renato Botelho
05:10 PM Revision d4b090cb: Merge pull request #4112 from vktg/poly1305tls12: Renato Botelho
04:42 PM Revision 59fac81f: Add select_source compatible output to cert_build_list(). Implements #9923: Jim Pingle
04:00 PM Todo #9915 (Feedback): Convert OpenVPN to CAPath: Applied in changeset commit:348c2af1671d8f11c5d9ca67a32cbb28940ef19a. Jim Pingle
03:07 PM Revision ab5ef410: Enforce limiter delay 0<=x<=10000. Fixes #9921: (cherry picked from commit 8afa74bb099d75962a5efb8a603981c0249f91a0) Jim Pingle
03:06 PM Revision 8afa74bb: Enforce limiter delay 0<=x<=10000. Fixes #9921: Jim Pingle
02:02 PM Revision 1a969ea2: Remove zabbix 2.2 leftovers: Renato Botelho
11:24 AM Feature #9905 (Feedback): ospf / ospv3 packet capture: PR has been merged. Thanks! Renato Botelho
11:19 AM Feature #9862 (Feedback): Add support for waiting between ping-packages on diag_ping.php: PR has been merged. Thanks! Renato Botelho
11:12 AM Feature #9896 (Feedback): Add poly1305-chacha20 to the TLSv1.2 cipher list in nginx: PR has been merged. Thanks Renato Botelho
10:50 AM Feature #9923 (Feedback): Add select_source compatible output to cert_build_list(): Applied in changeset commit:59fac81f316b0616e0c50ec47ffa9cfa97a10ebb. Jim Pingle
10:42 AM Feature #9923 (Resolved): Add select_source compatible output to cert_build_list(): Rather than duplicate the effort in many packages, add support to @cert_build_list()@ to generate an array compatible... Jim Pingle
10:40 AM pfSense Packages Bug #9919 (Feedback): stunnel server connection failure if ECDSA cert is not in IPsec list: PR has been merged. Thanks! Renato Botelho
10:38 AM pfSense Packages Feature #9906 (Feedback): show ECDSA CAs and certs only with correct curves: PR has been merged. Thanks! Renato Botelho
10:27 AM Bug #9920 (Feedback): system_crlmanager.php: CRL export file is empty if CA key type is ECDSA: I added that patch to our port:
https://github.com/pfsense/FreeBSD-ports/commit/1bdb4e58dd3802abbd25acc5ff8da23336... Jim Pingle
10:01 AM Bug #9920: system_crlmanager.php: CRL export file is empty if CA key type is ECDSA: I submitted a PR to their project to add support for ECDSA CAs, it didn't take much:
https://github.com/ukrbublik/... Jim Pingle
09:15 AM Bug #9921 (Feedback): Limiters allow invalid delay values: Applied in changeset commit:8afa74bb099d75962a5efb8a603981c0249f91a0. Jim Pingle
08:46 AM pfSense Packages Bug #9922 (Feedback): haproxy_version does not use full path to haproxy, leads to errors when run during cron: Fixed:
https://github.com/pfsense/FreeBSD-ports/commit/47f4f91aa8159e47f24990eb2496784cb9ef07c6
https://github.co... Jim Pingle
08:41 AM pfSense Packages Bug #9922 (Resolved): haproxy_version does not use full path to haproxy, leads to errors when run during cron: When /etc/rc.filter_configure_sync is run from cron, it yields errors from haproxy. For example in this simulated run... Jim Pingle

11/24/2019

09:10 AM Feature #9918: check user certificates for correct ECDSA curves: In the GUI, yes, but admins could be using them for other purposes. It's best to filter them at the point we know the... Jim Pingle
03:55 AM Feature #9918: check user certificates for correct ECDSA curves: Jim Pingle wrote:
> We don't know what they are using them for necessarily.
As I understand user certs can be use... Viktor Gurov
08:51 AM Bug #9921 (Resolved): Limiters allow invalid delay values: When creating Limiters the GUI allows delay values above 10000ms. The config also allow this and it is written into t... Steve Wheeler
04:42 AM Bug #1943: PPPoE won't reconnect after link loss when using vr(4) NICs on certain ISPs only: I am experiencing the same issue with version 2.4.4-p3 on x86 hardware (re network interfaces). Yuran Yastreb

11/23/2019

11:00 PM pfSense Packages Bug #9919 (Pull Request Review): stunnel server connection failure if ECDSA cert is not in IPsec list: Jim Pingle
03:03 AM pfSense Packages Bug #9919: stunnel server connection failure if ECDSA cert is not in IPsec list: https://github.com/pfsense/FreeBSD-ports/pull/712 Viktor Gurov
02:42 AM pfSense Packages Bug #9919 (Resolved): stunnel server connection failure if ECDSA cert is not in IPsec list: stunnel client can use cert with any ECDSA curve,
but if stunnel server use incorrect (not prime256v1, secp384r1, se... Viktor Gurov
10:58 PM Feature #8289 (Resolved): OpenVPN - configurable username as common name: Thanks for testing! Jim Pingle
02:39 AM Feature #8289: OpenVPN - configurable username as common name: Thanks Jim.
Works. Greg M
10:58 PM Feature #9918 (Closed): check user certificates for correct ECDSA curves: I don't think we should limit this here. When creating/assigning the certs, it's really up to the admin. We don't kno... Jim Pingle
01:27 AM Feature #9918 (Closed): check user certificates for correct ECDSA curves: Show only correct (IPsec = OpenVPN) ECDSA when adding existing certificates to users,
'Choose an Existing Certifica... Viktor Gurov
10:56 PM Bug #9917 (Pull Request Review): Widget Refresh Logic Flawed: Jim Pingle
12:33 AM Bug #9917 (Closed): Widget Refresh Logic Flawed: Hello team,
I have forked pfSense and resolved this in a feature branch, but need to have a redmine issue for refe... Christopher Embry
11:12 AM Bug #9920: system_crlmanager.php: CRL export file is empty if CA key type is ECDSA: it looks like ukrbublik/openssl_x509_crl do not support ECDSA -
https://github.com/ukrbublik/openssl_x509_crl/blob... Viktor Gurov
10:49 AM Bug #9920: system_crlmanager.php: CRL export file is empty if CA key type is ECDSA: in case of ECDSA CA <text></text> field of <crl></crl> is always empty in config.xml Viktor Gurov
10:30 AM Bug #9920 (Resolved): system_crlmanager.php: CRL export file is empty if CA key type is ECDSA: CRL export file is empty if CA key type is ECDSA
certs inside this CRL can be RSA or ECDSA
if CRL CA key type is ... Viktor Gurov
12:15 AM Feature #9878: IPsec PKCS#11 authentication: for today only CheckPoint support PKCS#11 tokens
most of other vendors (Palo Alto, Riverbed, Huawei, Fortinet, F5)... Viktor Gurov

Also available in: Atom

Project

General

Profile

pfSense

Activity

Activity

12/22/2019

12/21/2019

12/20/2019

12/19/2019

12/18/2019

12/17/2019

12/16/2019

12/15/2019

12/14/2019

12/13/2019

12/12/2019

12/11/2019

12/10/2019

12/09/2019

12/08/2019

12/07/2019

12/06/2019

12/05/2019

12/04/2019

12/03/2019

12/02/2019

12/01/2019

11/29/2019

11/28/2019

11/27/2019

11/26/2019

11/25/2019

11/24/2019

11/23/2019