Activity

30 days up to

User

Subprojects

Activity

From 01/09/2020 to 02/07/2020

02/07/2020

11:15 PM pfSense Packages Bug #10218 (Resolved): Telegraf: Error creating the telegraf.ca file when you have more then one CA in pfSense: works as expected on pfSense 2.5.0.a.20200207.2007 and 2.4.5.r.20200206.1944
Telegraf 0.9_2
Viktor Gurov
08:06 AM pfSense Packages Bug #10218 (Feedback): Telegraf: Error creating the telegraf.ca file when you have more then one CA in pfSense: Pull request has been merged. Thanks! Renato Botelho
11:08 PM pfSense Packages Feature #7895: Add a script for CARP monitoring to NRPE: I'm getting a build error with the addition of the script:... Ronald Schellberg
11:00 PM Feature #9769 (Closed): listallcerts - pfSsh.php script to show all certificates in console: No special need for this feature.
If someone really needs it, he can use this PR as a template. Viktor Gurov
07:30 PM Revision ab380916: fix requested changes: Frederic Bor
07:12 PM Revision 538d28dc: Merge pull request #4116 from Augustin-FL/ldap: Renato Botelho
06:59 PM Revision 4cbc82ee: PHP: array and string access with curly braces is deprecated: Renato Botelho
06:58 PM Revision 42e4de7c: Merge pull request #4049 from Hobby-Student/master: Renato Botelho
06:47 PM Revision f75f20cb: Merge pull request #4171 from apollo13/patch-1: Renato Botelho
06:41 PM Revision 2db4be52: Merge pull request #4169 from vktg/slaaconpppoe: Renato Botelho
04:17 PM Revision a8287828: Merge pull request #4165 from vktg/resolve46: Renato Botelho
04:14 PM Revision fa2801a1: Merge pull request #4172 from vktg/compare6vip: Renato Botelho
04:13 PM Revision 5426f30c: cherry-pick e8a1e9e1288e5a3a2bd9ca5479ac19c8fcfb4c2d: Steve Beaver
04:10 PM Revision ccbe8887: Merge pull request #4174 from vktg/dh5warning: Renato Botelho
03:56 PM Revision 23e0b2a7: Merge pull request #4180 from vktg/qinqppp: Renato Botelho
03:54 PM Revision 3b42dbb8: Merge pull request #4179 from vktg/shapernowarn: Renato Botelho
03:53 PM Revision 996ddb55: Merge pull request #4183 from stephenw10/master: Renato Botelho
03:51 PM Revision e541d719: Merge pull request #4181 from vktg/iftopstatus: Renato Botelho
03:48 PM Revision 984d45b9: Merge pull request #4106 from vktg/prfipsec: Renato Botelho
01:13 PM Feature #9909 (Feedback): Add option to (dis)allow unauthenticated LDAP binds: Pull request has been merged. Thanks! Renato Botelho
01:00 PM Bug #9320 (Feedback): Outbound NAT and multiple IPSEC IPs for mobile warriors: Pull request has been merged. Thanks! Renato Botelho
12:47 PM Bug #10200 (Feedback): DHCPv6 domain-search list not sent to clients: Pull request has been merged. Thanks! Renato Botelho
12:41 PM Bug #9324 (Feedback): IPv6 on top of a PPPOE ipv4 interface assigns parent interface to default route, not pppoe interface: Pull request has been merged. Thanks! Renato Botelho
12:05 PM Bug #9577: radvd send_ra_forall failed on interface / can't join ipv6-allrouters: After shifting from RELENG 12.1 to Stable/12, I noticed that the commit labeled MFC r355881 on 12/25/19 again trigger... Ronald Schellberg
11:29 AM Feature #10238: Periodic Scrub of ZFS filesystem: I was able to add a package CRON and add the following to it:
0 0 1 * * root /sbin/zpool scrub zroot
This s... Mathew Keith
10:40 AM Feature #10238 (New): Periodic Scrub of ZFS filesystem: Add support for a periodic zfs scrub of the ZFS filesystem through the GUI.
Selecting an interval (weekly or monthly... Mathew Keith
10:33 AM Feature #10237 (Closed): Take ZFS snapshot on Upgrade: If PFSense is running on a zfs filesystem then take a snapshot prior to upgrade. The snapshot should be named to indi... Mathew Keith
10:17 AM Bug #9405 (Feedback): IPsec IPv6 dynamic FQDN Remote Gateways / util.inc resolve_retry() IPv6 support: Pull request has been merged. Thanks! Renato Botelho
10:14 AM Bug #6579 (Feedback): IPv6 CARP VIPs lost upon config sync where they include non-significant zeros: Pull request has been merged. Thanks! Renato Botelho
10:10 AM Feature #10221 (Feedback): Update DH group warnings to say that group 5 is also weak: Pull request has been merged. Thanks! Renato Botelho
09:56 AM Bug #9472 (Feedback): Unable to select QinQ interfaces for PPP interface: Pull request has been merged. Thanks! Renato Botelho
09:54 AM Bug #9334 (Feedback): bogus dialogue on Limiter deletion: Pull request has been merged. Thanks! Renato Botelho
09:52 AM Bug #3334 (Feedback): Status/Traffic Graph isn't IPv6 ready: Pull request has been merged. Thanks! Renato Botelho
09:48 AM Feature #9309 (Feedback): Allow manual selection of IPsec IKE Pseudo-Random Function (PRF): Pull request has been merged. Thanks! Renato Botelho
09:09 AM Feature #10231: Replace --route-nopul with --pull-filter: Pippin MMD wrote:
> Since the option --route-nopull is under discussion to be deprecated I would like to propose it ... Pippin MMD
09:05 AM Feature #9797 (Closed): services_unbound_advanced.php: add prefer-ip6 option to dns resolver gui: Not so necessary
Can be entered in the 'custom options' field Viktor Gurov
08:39 AM pfSense Packages Feature #10140 (Closed): allow to select webserver certificate: we discussed this with BBcan177 - this is unnecessary
I think this can be useful only if the company uses a specia... Viktor Gurov
08:18 AM pfSense Packages Bug #8830: Automatic flowbit resolution setting does not match description: Pull Request only applied on 2.5.0 Renato Botelho
08:16 AM pfSense Packages Bug #8830 (Feedback): Automatic flowbit resolution setting does not match description: Pull request has been merged. Thanks! Renato Botelho
08:11 AM pfSense Packages Feature #9916 (Feedback): Check allow-transfer in custom option when the zone is slave: Pull request has been merged. Thanks! Renato Botelho
08:08 AM pfSense Packages Feature #10220 (Feedback): Add softflow 1.0.0 features - sampling and PSAMP export: Pull request has been merged. Thanks! Renato Botelho
06:25 AM Bug #10230 (Resolved): Typo in the setup wizard final page: Fixed Renato Botelho
05:20 AM Bug #10230: Typo in the setup wizard final page: Patch added on:
2.4.5-RC (arm)
built on Tue Jan 28 23:45:14 EST 2020
FreeBSD 11.3-STABLE
Looks good.
!Scr... Danilo Zrenjanin
06:24 AM Bug #10217 (Resolved): PHP Warning: Invalid argument supplied for foreach() in /etc/inc/ipsec.inc on line 952: Fixed Renato Botelho
04:51 AM pfSense Packages Bug #9934 (New): suricata update kills WAN interface: same issue on XG-1537 (pfSense 2.4.4-p3, suricata 4.1.6_3) with ix interface,
I found that killing suricata process ... Viktor Gurov
01:21 AM Bug #10235 (Resolved): OpenVPN server tries to push compress parameter when it's empty: works as expected on 2.4.5.r.20200206.1944 Viktor Gurov
01:05 AM Bug #8611: unable to receive IPv6 RA's on SG-1000, default route lost: no such issue on pfSense 2.5.0.a.20200205.1753
pfSense 2.4.4-p3 on SG-3100 as DHCP6/RA server
SG-1000 cpsw0 inter... Viktor Gurov

02/06/2020

03:56 PM pfSense Packages Feature #8547: fwknop Port Knocking Package: Jim Pingle wrote:
> If you want secure remote access, use a VPN. If someone wants to make a package for this, we cou... Kurt Yoder
03:31 PM Bug #10236 (Rejected): Cannot add more than 2 VMXNET3 Adapters in vSphere: When adding a 3rd or more VMXNET3 interface in vSphere 6.7(vm version 14) and 6.7u2 (other versions not tested) the a... Patrick Sanderson
02:24 PM pfSense Packages Bug #9934 (Not a Bug): suricata update kills WAN interface: Jim Pingle
01:51 PM pfSense Packages Bug #9934: suricata update kills WAN interface: Suricata running with Inline IPS Mode uses the netmap kernel device. When Suricata stops and restarts, that also stop... Bill Meeks
03:38 AM pfSense Packages Bug #9934: suricata update kills WAN interface: You can set Suricata to "Live Reload" the new rules without restarting itself.
Enable this global option to preven... Danilo Zrenjanin
07:14 AM Bug #7420: ipsec status freezing: You are chasing the wrong end of the problem. We know that it can't talk to the VICI socket. What we do not know is w... Jim Pingle

02/05/2020

11:51 PM Bug #7420: ipsec status freezing: this is CE version of 2.4.4-p3:
FreeBSD pfsense28.bvt.de 11.2-RELEASE-p10 FreeBSD 11.2-RELEASE-p10 #9 4a2bfdce133(RE... Viktor Gurov
11:15 PM Bug #7420: ipsec status freezing: status_ipsec.php and widget use these functions:
ipsec_dump_spd(); - # /sbin/setkey -DP
ipsec_dump_sad(); - # /... Viktor Gurov
09:18 PM Revision 64e65655: Fix #10235: Add a missing break to case statement. Without it, $compression was
being filled with a bad value and also if push c... Renato Botelho
09:14 PM Revision 32218e9e: Fix #10235: Add a missing break to case statement. Without it, $compression was
being filled with a bad value and also if push c... Renato Botelho
06:51 PM Revision 15c2e494: Add iftop support to status_graph.php. Issue #3334: Joshua Sign
05:22 PM Revision b53d4287: Partial/future work-around for #10216 - When checking to see if the copyright notice has changed (and should be displayed) only check the first HTML <DIV>. This will avoid the notice popping up if the survey text is changed.: Steve Beaver
05:19 PM Revision 47944568: Partial/future work-around for #10216 - When checking to see if the copyright notice has changed (and should be displayed) only check the first HTML <DIV>. This will avoid the notice popping up if the survey text is changed.: Steve Beaver
04:28 PM Revision 33d5e623: Correct typo: Steve Wheeler
04:27 PM Revision 3cf46c0f: Correct typo: (cherry picked from commit 108a640d66f5666feca530e038831155bfd4577b) Steve Wheeler
03:25 PM Bug #10235 (Feedback): OpenVPN server tries to push compress parameter when it's empty: Applied in changeset commit:32218e9e1e69a0e2b91bcd829fcba04ec8586bdc. Renato Botelho
03:11 PM Bug #10235 (Resolved): OpenVPN server tries to push compress parameter when it's empty: Define a Server with Compression option set to Disabled and click option "Push the selected compression setting to co... Renato Botelho
02:24 PM Revision a673bafb: Re-add jquery-ui themes. Fixes #10233: (cherry picked from commit b6063aa7cbb6c7f9c1e365097685a84e97516b49) Jim Pingle
02:24 PM Revision b6063aa7: Re-add jquery-ui themes. Fixes #10233: Jim Pingle
01:56 PM Bug #10233 (Resolved): jquery-ui theme files missing: Jim Pingle
01:19 PM Bug #10233: jquery-ui theme files missing: Thanks Jim,
I can confirm problem is fixed with update 2.4.5.r.20200205.0809 Dean Olivas
08:30 AM Bug #10233 (Feedback): jquery-ui theme files missing: Applied in changeset commit:b6063aa7cbb6c7f9c1e365097685a84e97516b49. Jim Pingle
07:59 AM Bug #10233: jquery-ui theme files missing: The pfSense-dark-BETA theme does not include that file, however. So we have a couple choices:
1. Add the dark-hive... Jim Pingle
07:48 AM Bug #10233: jquery-ui theme files missing: Looks like a few different jquery-ui themes were removed when we updated jquery ( #9407 ): dark-hive and smoothness
... Jim Pingle
02:55 AM Bug #10233 (Resolved): jquery-ui theme files missing: I am seeing this error in the system log after updating this evening to 2.4.5.r.20200204.1736
If I change back to ... Dean Olivas
01:08 PM Revision c600e53c: Disable rust on suricata for aarch64: While https://reviews.freebsd.org/D23133 is not accepted, disable rust
on aarch64 suricata Renato Botelho
01:07 PM Revision b52e3cb7: Disable rust on suricata for aarch64: While https://reviews.freebsd.org/D23133 is not accepted, disable rust
on aarch64 suricata Renato Botelho
10:51 AM Bug #10230 (Feedback): Typo in the setup wizard final page: PR merged Jim Pingle
10:26 AM Bug #10230 (Pull Request Review): Typo in the setup wizard final page: Jim Pingle
06:28 AM Bug #10234 (Duplicate): ikev2 should be able to handle multiple phase1 with the same ip: Duplicate of #9768 Jim Pingle
04:28 AM Bug #10234 (Duplicate): ikev2 should be able to handle multiple phase1 with the same ip: reference
https://forum.netgate.com/topic/150118/how-to-config-2-or-more-dailup-ipsec-vpn-tunnel-using-remote-gatewa... Manuel Piovan
06:27 AM Feature #10214 (Pull Request Review): Allow IPsec duplicate endpoints: Jim Pingle
06:22 AM Feature #8786: Wireguard VPN: See note 5 on this issue: https://redmine.pfsense.org/issues/8786#note-5
Linux is not FreeBSD. Jim Pingle
01:43 AM Feature #8786: Wireguard VPN: Now that wireguard is officially linux upstream, which is a proof of trust to a certain level, you may want to recons... Guy Godfroy

02/04/2020

06:07 PM Feature #8786: Wireguard VPN: PLEASE add WireGuard support! Thank you. Aaron Shaffer
05:26 PM Bug #10232 (Rejected): [WAN] Crash saving PPPoE Description or changing ipv6 settings: Not enough information here to classify it as a bug, and merely saving the settings is not enough to repeat the issue... Jim Pingle
04:44 PM Bug #10232 (Rejected): [WAN] Crash saving PPPoE Description or changing ipv6 settings: I've got this bug multiple times while setting ipv6 on WAN. When saving and aplying changes, sometimes system become... Samuel Castro
02:05 PM Revision a7fc9e53: Create DISTFILES_CACHE if it doesn't exist: Renato Botelho
02:05 PM Revision ac8967e9: Create DISTFILES_CACHE if it doesn't exist: Renato Botelho
02:04 PM Revision 88340f50: Create DISTFILES_CACHE if it doesn't exist: Renato Botelho
01:17 PM Revision 32a473c0: Move /etc/rc.ramdisk_functions.sh to rc pkg: (cherry picked from commit 764c009a586af20573b6eb23d5400824f2aba92f) Jim Pingle
01:17 PM Revision 764c009a: Move /etc/rc.ramdisk_functions.sh to rc pkg: Jim Pingle
11:13 AM Feature #10231 (Duplicate): Replace --route-nopul with --pull-filter: Since the option --route-nopull is under discussion to be deprecated I would like to propose it to be replaced by --p... Pippin MMD
10:05 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: Fabián Burbano wrote:
> Version 2.4.5 already has several RCs. I think it is safer to upgrade to the RC than to do s... Eduard Rozenberg

02/03/2020

11:54 PM Revision 108a640d: Correct typo: Steve Wheeler
07:28 PM Revision 29aef439: RAM Disk robustness improvements. Fixes NG 3173: * Prevents RAM disk from being partially enabled and left in a broken
state if the RAM disks cannot be created
* Prev... Jim Pingle
07:24 PM Revision 82bf21fc: RAM Disk robustness improvements. Fixes NG 3173: * Prevents RAM disk from being partially enabled and left in a broken
state if the RAM disks cannot be created
* Prev... Jim Pingle
05:58 PM Bug #10230: Typo in the setup wizard final page: https://github.com/pfsense/pfsense/pull/4183 Steve Wheeler
05:57 PM Bug #10230 (Resolved): Typo in the setup wizard final page: The page shows:... Steve Wheeler
03:39 PM pfSense Docs Correction #9673 (Closed): Feedback on Installing and Upgrading — Download Installation Media: This has been fixed. Jared Dillard
03:36 PM Bug #10229: IPv6 Options > IPv6 DNS entry - setting is ignored: Indeed, I was mistaken as to the purpose of that setting. I apologize. I believe I had previously commented out the R... Mark Baker
01:55 PM Bug #10229 (Not a Bug): IPv6 Options > IPv6 DNS entry - setting is ignored: That option sets @ipv6dontcreatelocaldns@ which only affects creation of local hostnames for things like /etc/hosts -... Jim Pingle
01:29 PM Bug #10229 (Not a Bug): IPv6 Options > IPv6 DNS entry - setting is ignored: In the 2.4.5.r.20200202.1951 build, the setting for "Do not generate local IPv6 DNS entries for LAN interfaces" in Sy... Mark Baker
02:46 PM pfSense Docs New Content #10225: Add cryptographic hardware info to the SG-3100 manual: As of recently, that will no longer be necessary: https://redmine.netgate.com/issues/3180 Jared Dillard
12:49 PM pfSense Docs Correction #10163 (Closed): Feedback on VPN — OpenVPN — Routing Internet traffic through a site-to-site OpenVPN-connection in PfSense software version 2.1: This was fixed in https://github.com/pfsense/docs/commit/fe4c2913c0a125241fd14c6968ff8f0fcf086879 Jared Dillard
12:38 PM pfSense Docs Correction #9644 (Closed): Feedback on Network Address Translation — Accessing Port Forwards from Local Networks: This was fixed in https://github.com/pfsense/docs/commit/1009774af07acde8e7afcf06411d1a127ec0e393 Jared Dillard
11:47 AM Bug #9998: DHCP6c and Unbound DNS Server Boot-Up Configuration Failure: Jim Pingle wrote:
> He's talking about two routers attached to the same LAN, not WAN. For example, an HA pair. Or a ... Rick Coats
08:16 AM Bug #9998: DHCP6c and Unbound DNS Server Boot-Up Configuration Failure: (4): HA comment: If you are using a HA pair, yes, they'd both have the same hard-coded alias, so that would seem prob... Eric Veum
07:53 AM Bug #9998: DHCP6c and Unbound DNS Server Boot-Up Configuration Failure: He's talking about two routers attached to the same LAN, not WAN. For example, an HA pair. Or a case where you have a... Jim Pingle
07:48 AM Bug #9998: DHCP6c and Unbound DNS Server Boot-Up Configuration Failure: (1) Rick - there is no WAN interface taking the alias fe80::1:1 -- its only on the IPv6 LAN interface. none of the ro... Eric Veum
07:37 AM Bug #9998 (Feedback): DHCP6c and Unbound DNS Server Boot-Up Configuration Failure: It might be, though with IPv6, DAD will typically kick in and one of them will back off using the address automatical... Jim Pingle
07:41 AM pfSense Packages Bug #8830 (Pull Request Review): Automatic flowbit resolution setting does not match description: Jim Pingle
07:40 AM Bug #9472 (Pull Request Review): Unable to select QinQ interfaces for PPP interface: Jim Pingle
07:38 AM Bug #9334 (Pull Request Review): bogus dialogue on Limiter deletion: Jim Pingle
07:35 AM Bug #10224 (Pull Request Review): DHCP DDNS does not add zone entries for keys when using static host DDNS definitions: Jim Pingle
04:33 AM pfSense Packages Feature #10227 (Resolved): ACME: Do not show passwords: Those DNS validation methods that uses ordinary username/password for authentication (such as DNS-GratisDNS) should n... Torben Hørup

02/02/2020

08:29 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: Eduard Rozenberg wrote:
> Still not working properly, at least a couple of IP's are still not populating in the tabl... Fabián Burbano
02:08 AM Bug #10226: Thermal Sensors Widget Shows CPU Temp in Wrong Scale: Doh! Ok.... But then shouldn't "Show temp in Fahrenheit" be greyed out if "Show raw output" is selected. Its conf... Paul Magid

02/01/2020

09:01 PM Bug #10226 (Not a Bug): Thermal Sensors Widget Shows CPU Temp in Wrong Scale: It's doing exactly what you told it to do. When it is showing the raw values it does not alter them in any way. Which... Jim Pingle
08:08 PM Bug #10226: Thermal Sensors Widget Shows CPU Temp in Wrong Scale: Thanks for the workaround.... It worked for me too. Paul Magid
06:32 PM Bug #10226: Thermal Sensors Widget Shows CPU Temp in Wrong Scale: Yes I see the issue also. removing the check mark from the Show raw output (no graph) does allow it to show in Fahren... Dean Olivas
11:47 AM Bug #10226: Thermal Sensors Widget Shows CPU Temp in Wrong Scale: Here is a screen shot. Paul Magid
11:46 AM Bug #10226 (Not a Bug): Thermal Sensors Widget Shows CPU Temp in Wrong Scale: The show temp in Fahrenheit check box is not honored. Can toggle the checkbox and un-toggle it and save; and the cp... Paul Magid
07:37 PM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: Still not working properly, at least a couple of IP's are still not populating in the table. Giving up for now, will ... Eduard Rozenberg
06:48 PM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: It appears a reboot was required on each firewall after updating the filterdns package to my custom built one (2.0_3)... Eduard Rozenberg
10:20 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: Christian Ullrich wrote:
> * Robert Gijsen wrote:
>
> > Maybe a stupic question, but as I don't have any git or b... Eduard Rozenberg
09:47 AM Bug #8770: QinQ interfaces always show as active: This is FreeBSD issue
same on 12.1 for VLAN and QinQ interfaces Viktor Gurov
09:02 AM Revision e7a5a990: Allow to select QinQ interfaces for PPP interface. Issue #9472: Viktor Gurov
09:00 AM Bug #7420 (New): ipsec status freezing: The same problem was detected on 2.4.4-p3 after upgrading from 2.4.4-p1 in one ticket:... Viktor Gurov
06:44 AM Revision 86c560d9: Remove bogus warning on limiter/shaper deletion. Issue #9334: Viktor Gurov
06:19 AM pfSense Packages Bug #8830: Automatic flowbit resolution setting does not match description: This PR simply sets the default value for this checkbox to on when adding a new interface:
https://github.com/pfsens... Viktor Gurov
03:10 AM Bug #9472: Unable to select QinQ interfaces for PPP interface: This PR adds QinQ to the list of Link Interface(s) on the Interfaces / PPPs / Edit page
It also adds “(vhid: x)” t... Viktor Gurov
12:47 AM Bug #9334: bogus dialogue on Limiter deletion: https://github.com/pfsense/pfsense/pull/4179 Viktor Gurov

01/31/2020

11:30 PM pfSense Docs New Content #10225 (Resolved): Add cryptographic hardware info to the SG-3100 manual: There is no information on supported cryptographic hardware and its configuration in the SG-3100 manual
Only forum... Viktor Gurov
09:38 PM pfSense Packages Feature #9238: Add support for Zerotier: Package has been updated to run on 2.4.4-RELEASE-p3. Still some work to be done on setting up the interfaces, right n... Gregory Moore
08:36 PM pfSense Docs Correction #10004 (Closed): Feedback on Packages: The note and preceding sentence regarding NanoBSD has been removed. Jared Dillard
08:20 PM pfSense Docs Correction #9559 (Closed): Feedback on L2TP VPN — L2TP Server Configuration: This has been fixed. Jared Dillard
08:12 PM pfSense Docs Correction #9853 (Closed): Feedback on VPN — IPsec — Routing Internet Traffic Through a Site-to-Site IPsec VPN: I updated the link to a similar resource. Jared Dillard
08:03 PM pfSense Docs Correction #10005 (Closed): Feedback on Installing and Upgrading — Upgrading pfSense Software Installations: I removed the errant "**". Jared Dillard
07:20 PM pfSense Docs Correction #10181 (Closed): Feedback on Packages — Installing Packages: I replaced the image with another package installed. You may have to clear your cache to see it. Jared Dillard
07:02 PM pfSense Docs Correction #10191 (Closed): Feedback on L2TP VPN — L2TP Server Configuration: This is fixed now (removed an extra space). Jared Dillard
06:57 PM pfSense Docs Correction #10205 (Closed): Feedback on Installing and Upgrading — Upgrading pfSense Software Installations: I removed the "Manual Updates" section in https://github.com/pfsense/docs/commit/2820998f3dbcc73ddddbb6731fc084843465... Jared Dillard
02:44 PM Bug #9998: DHCP6c and Unbound DNS Server Boot-Up Configuration Failure: Isn't it a potential issue when you use a fixed ip such as fe80::1:1 that another router or host has already claimed ... Rick Coats
11:57 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: Great to hear about the fix! Would have loved to see a 2.4.4 update with this fixed package, or even just a fixed fil... Eduard Rozenberg
11:41 AM Bug #10224: DHCP DDNS does not add zone entries for keys when using static host DDNS definitions: Created pull request:
https://github.com/pfsense/pfsense/pull/4178 Andreas Bleischwitz
06:37 AM Bug #10224: DHCP DDNS does not add zone entries for keys when using static host DDNS definitions: By further looking at the code, I get the feeling that the configuration for DHCP should be made modular.
Currently ... Andreas Bleischwitz
06:18 AM Bug #10224 (Resolved): DHCP DDNS does not add zone entries for keys when using static host DDNS definitions: The current implementation of @dhcpdzones()@ in @etc/inc/services.inc@ does not take the per host defined ddns zone a... Andreas Bleischwitz
08:33 AM pfSense Packages Bug #8538 (Closed): arpwatch missing ethercodes.dat: already in 0.2.0:... Viktor Gurov
07:48 AM Feature #10222 (Pull Request Review): Tune GRE MTU if GRE over IPsec is used: Jim Pingle
02:32 AM Feature #10222: Tune GRE MTU if GRE over IPsec is used: When you first create GRE/GIF interfaces, pfSense sets the correct MTU for it - 1476/1280
But with any change on the... Viktor Gurov
12:15 AM Feature #10223 (New): Add the ability to create additional loopback interfaces: This is important for setting up dynamic routing protocols such as BGP, OSPF, and so on.
FreeBSD already has such fu... Valery V.Smirnov

01/30/2020

05:22 PM Revision 4480b443: Consume 2.4.5 packages during build: Renato Botelho
12:14 PM Feature #7332: Provide certificate expiry warning: Ho, cool =D Thank you. Waiting 2.5 stable! DRago_Angel [InV@DER]
10:42 AM Feature #10222 (Resolved): Tune GRE MTU if GRE over IPsec is used: Default GRE MTU value is 1500 (it should be 1476 as maximum for ethernet),
This is impossible in most cases when GRE... Viktor Gurov
09:26 AM pfSense Packages Feature #10165: Add High-Availability tracking to avahi package.: Renato Botelho wrote:
> PR has been merged on 2.5.0 and 2.4.5 branches. Thanks!
do you plan to merge it on 2.4.4 ... Viktor Gurov
08:03 AM pfSense Packages Feature #7895 (Pull Request Review): Add a script for CARP monitoring to NRPE: Jim Pingle
05:43 AM pfSense Packages Feature #7895: Add a script for CARP monitoring to NRPE: https://github.com/pfsense/FreeBSD-ports/pull/759 Viktor Gurov
06:56 AM pfSense Packages Bug #8194 (Closed): BIND fails to respond after interface goes down: no such issue on pfSense 2.4.5.r.20200128.2345 with BIND 9.14_1 Viktor Gurov
06:12 AM pfSense Packages Bug #8400 (Closed): FreeRadius 3 EAP-TLS Missing O.U. Option: Duplicate of https://redmine.pfsense.org/issues/8224 Viktor Gurov
05:14 AM pfSense Packages Bug #8195 (Closed): BIND packages launches two instances of /usr/local/sbin/named on boot: no such issue with BIND package 9.14_1
tested on pfSense 2.4.5.r.20200128.2118 and 2.5.0.a.20200129.1414 Viktor Gurov
02:31 AM pfSense Packages Feature #9916: Check allow-transfer in custom option when the zone is slave: updated PR:
https://github.com/pfsense/FreeBSD-ports/pull/758 Viktor Gurov
01:00 AM Feature #1192 (Resolved): Certificate Manager - Ability to Encrypt Private Keys When Exporting: Renato Botelho wrote:
> PR has been merged. Thanks!
tested on 2.5.0.a.20200129.1414
export of encrypted privat... Viktor Gurov
12:19 AM Bug #9331: Parallel Rekey fails for multiple Child SAs: updated PR:
https://github.com/pfsense/pfsense/pull/4176 Viktor Gurov

01/29/2020

10:10 AM Revision 4423176e: Update DH group warnings to say that group 5 is also weak. Issue #10221: Sean McBride
07:31 AM Bug #10219: PHP error - missing function: True that, maybe I`ve synced master.
Will resolve on my own.
Thanks! Greg M
07:28 AM Bug #10219: PHP error - missing function: We've done that with numerous systems internally and haven't seen anything like this. Maybe you have something in you... Jim Pingle
07:23 AM Bug #10219: PHP error - missing function: This happend when I upgraded from 2.4.5 snapshot to 2.4.5 RC.
On snapshot there was no error at all.
Weird Greg M
07:14 AM Bug #10219 (Rejected): PHP error - missing function: That file is not present in the 2.4.5 branch of the source repository, only 2.5.0. Nor is it present on 2.4.5 RC snap... Jim Pingle
01:38 AM Bug #10219 (Rejected): PHP error - missing function: Hi!
Dropping in a bug:
Crash report details:
PHP Errors:
[29-Jan-2020 03:01:00 Europe/Berlin] PHP Fatal err... Greg M
07:20 AM Feature #10221 (Pull Request Review): Update DH group warnings to say that group 5 is also weak: Jim Pingle
04:13 AM Feature #10221: Update DH group warnings to say that group 5 is also weak: https://github.com/pfsense/pfsense/pull/4174 Viktor Gurov
04:09 AM Feature #10221 (Resolved): Update DH group warnings to say that group 5 is also weak: from https://wiki.strongswan.org/projects/strongswan/wiki/SecurityRecommendations:
_It is advised to adhere to the r... Viktor Gurov
07:18 AM pfSense Packages Feature #10220 (Pull Request Review): Add softflow 1.0.0 features - sampling and PSAMP export: Jim Pingle
03:58 AM pfSense Packages Feature #10220: Add softflow 1.0.0 features - sampling and PSAMP export: https://github.com/pfsense/FreeBSD-ports/pull/757 Viktor Gurov
03:14 AM pfSense Packages Feature #10220 (Resolved): Add softflow 1.0.0 features - sampling and PSAMP export: Add sampling configuration to softflowd package:... Viktor Gurov
07:16 AM pfSense Packages Bug #10218 (Pull Request Review): Telegraf: Error creating the telegraf.ca file when you have more then one CA in pfSense: Jim Pingle
12:46 AM pfSense Packages Bug #10218: Telegraf: Error creating the telegraf.ca file when you have more then one CA in pfSense: https://github.com/pfsense/FreeBSD-ports/pull/756 Viktor Gurov
05:53 AM Feature #8645: Upload certificate file instead of pasting: updated PR:
https://github.com/pfsense/pfsense/pull/4175 Viktor Gurov

01/28/2020

10:09 PM Bug #3312: Gateway on IPsec rules is not functional in pf: -I blocked by this problem.-
-Using pfsense 2.4.4-
-Are there any workaround?-
I don't known why it is working... Chunlin Yao
09:24 PM Revision 0812e3cf: Fix PHP error in ipsec_reload_package_hook(). Fixes #10217: Jim Pingle
03:43 PM pfSense Packages Bug #10218 (Resolved): Telegraf: Error creating the telegraf.ca file when you have more then one CA in pfSense: I'm running the 2.4.5-RC with Telegraf package 0.9_1 and found that Telegraf wouldn't start when I have more then one... Grimson Gretzleburg
03:41 PM Revision ac3ab1b2: Adjust PKG_REPO_BRANCH release and devel to match 2.4.4 and 2.4.5: Renato Botelho
03:35 PM Bug #10217 (Feedback): PHP Warning: Invalid argument supplied for foreach() in /etc/inc/ipsec.inc on line 952: Applied in changeset commit:0812e3cf417ab30afa05182bdba101591d2da886. Jim Pingle
03:27 PM Bug #10217: PHP Warning: Invalid argument supplied for foreach() in /etc/inc/ipsec.inc on line 952: This was already fixed on 2.5.0. Made a separate fix to 2.4.5. Jim Pingle
03:15 PM Bug #10217 (In Progress): PHP Warning: Invalid argument supplied for foreach() in /etc/inc/ipsec.inc on line 952: Looks like the config.xml on the target system is missing the @<installedpackages>@ tag, which is not atypical, so th... Jim Pingle
03:12 PM Bug #10217 (Resolved): PHP Warning: Invalid argument supplied for foreach() in /etc/inc/ipsec.inc on line 952: Crash report begins. Anonymous machine information:
arm
11.3-STABLE
FreeBSD 11.3-STABLE #66 7a31f290955(factory... Matthew Stribling
03:30 PM Revision bc6de8ee: Use release server to hold RC packages: Renato Botelho
03:29 PM Revision 4b4ccc20: Use release server to hold RC packages: Renato Botelho
03:28 PM Revision 9b17dac8: Use release server to hold RC packages: Renato Botelho
01:42 PM Bug #10215: Crash on 2.4.5-RC (Jan 28 12:12:41 EST 2020): Thanks. Sorry for bothering. Peter Pain
01:37 PM Bug #10215 (Rejected): Crash on 2.4.5-RC (Jan 28 12:12:41 EST 2020): Not enough information here to do anything with it. The backtrace doesn't suggest anything in particular. You'll need... Jim Pingle
01:32 PM Bug #10215 (Rejected): Crash on 2.4.5-RC (Jan 28 12:12:41 EST 2020): Fatal trap 12: page fault while in kernel mode
cpuid = 3; apic id = 03
fault virtual address = 0x20
fault code = ... Peter Pain
01:22 PM Revision d0cd4fc7: enable gateway duplicates on ipsec: Frederic Bor

01/27/2020

05:57 PM Bug #10206: VIP alias-ip's disappear from nic (caused by running ifconfig twice.?.): Well maybe its fixed in the FreeBSD-OS, however maybe it was never broken in the FreeBSD-OS in the first place? (as p... Pi Ba
05:36 PM Revision ad27fe61: Silence warning when conditionar is not satisfied: Renato Botelho
05:36 PM Revision 09fd7be5: Silence warning when conditionar is not satisfied: Renato Botelho
01:54 PM Revision f02c7466: Update branch description: Renato Botelho
01:54 PM Revision 6e05e25d: Update branch description: Renato Botelho
01:53 PM Revision 3f5eab1a: Update branch description: Renato Botelho
01:51 PM Revision fccad733: Welcome 2.4.5-RC: Renato Botelho
12:18 PM pfSense Packages Bug #10212 (Not a Bug): Don't show services not running when they are disabled: That is only true of system services, not packages. Packages have no central enable/disable mechanism for services, s... Jim Pingle
12:00 PM pfSense Packages Bug #10212 (Not a Bug): Don't show services not running when they are disabled: If I disable DNSBL it still reports that the service isn't running, as the documentation says:
"A service is also ... Patrik Baat
12:18 PM pfSense Packages Bug #10213 (Not a Bug): Don't show services not running when they are disabled: That is only true of system services, not packages. Packages have no central enable/disable mechanism for services, s... Jim Pingle
12:02 PM pfSense Packages Bug #10213 (Not a Bug): Don't show services not running when they are disabled: If I disable Antivirus it still reports that the services (clam and icap) isn't running, as the documentation says:
... Patrik Baat
12:18 PM Feature #10214 (Resolved): Allow IPsec duplicate endpoints: In a multi-WAN scenario, it can be desirable to setup multiple tunnels to the same remote host.
It is currently proh... Frederic Bor
07:36 AM Bug #10211 (Feedback): Limiters ECN input validation problem: I can't reproduce that error here.
It works fine if your selected QMA and scheduler support it from what I can tel... Jim Pingle
06:11 AM Bug #10211 (Resolved): Limiters ECN input validation problem: Hi.
You create limiters with ECN.
Then you decide to remove ECN and so remove ECN checkbox.
Limiter should be ... Greg M

01/26/2020

02:55 AM Bug #9334: bogus dialogue on Limiter deletion: David Burns wrote:
> When deleting the last row of the Limiter config - an error "The last row may not be deleted." ... Johnny Good

01/25/2020

10:58 PM pfSense Docs Correction #10210 (Closed): Feedback on Product Manuals: Nice catch, this is fixed. Luckily, there were only a few 404s from those links. Jared Dillard
10:58 PM pfSense Docs Correction #10210: Feedback on Product Manuals: Nice catch, this is fixed. Luckily, there were only a few 404s from those links. Jared Dillard
05:27 PM pfSense Docs Correction #10210 (Closed): Feedback on Product Manuals: *Page:* https://docs.netgate.com/pfsense/en/latest/product-manuals.html
*Feedback:*
All product pages for 1U de... Steve Wheeler
03:53 PM Revision 84052eb7: Compare compressed IPv6 CARP VIP. Issue #6579: Viktor Gurov
11:34 AM pfSense Packages Bug #10209: Canceling Status - Monitoring - Add View results in duplicate Default Views which can't be deleted: Jim Pingle wrote:
> The duplicate and case issues are both resolved in the current version of the status monitoring ... mastr boy
11:07 AM pfSense Packages Bug #10209: Canceling Status - Monitoring - Add View results in duplicate Default Views which can't be deleted: I just tried it with the command: pkg upgrade -y pfSense-Status_Monitoring
Then the most elegant temporary solution ... Fabián Burbano
09:55 AM pfSense Packages Bug #10209: Canceling Status - Monitoring - Add View results in duplicate Default Views which can't be deleted: The duplicate and case issues are both resolved in the current version of the status monitoring code (there are separ... Jim Pingle
09:49 AM pfSense Packages Bug #10209: Canceling Status - Monitoring - Add View results in duplicate Default Views which can't be deleted: I ask:
If it is marked as a duplicate of a resolved bug, is this bug considered resolved?
It is definitely not re... Fabián Burbano
09:01 AM pfSense Packages Bug #10209 (Duplicate): Canceling Status - Monitoring - Add View results in duplicate Default Views which can't be deleted: Duplicate of #9679 Jim Pingle
08:49 AM pfSense Packages Bug #10209: Canceling Status - Monitoring - Add View results in duplicate Default Views which can't be deleted: mastr boy wrote:
> Canceling Status - Monitoring - Add View results in duplicate Default Views which can't be delete... Fabián Burbano
06:42 AM pfSense Packages Bug #10209 (Duplicate): Canceling Status - Monitoring - Add View results in duplicate Default Views which can't be deleted: Canceling Status - Monitoring - Add View results in duplicate Default Views which can't be deleted:
!https://i.imgur... mastr boy
11:00 AM Bug #9647: hn0: driver does not support altq: https://github.com/pfsense/FreeBSD-src/blob/RELENG_2_5/sys/dev/hyperv/netvsc/if_hn.c#L587
Change needed from:
hn_... Greg M
10:54 AM Bug #9647: hn0: driver does not support altq: Hi,
are there any plans to correct this behaviour?
Is this possibly resolved in next freebsd release?
Thanks! Greg M
09:06 AM Bug #6579 (Pull Request Review): IPv6 CARP VIPs lost upon config sync where they include non-significant zeros: Jim Pingle
12:57 AM Bug #6579: IPv6 CARP VIPs lost upon config sync where they include non-significant zeros: Chris Buechler wrote:
> If you have IPv6 CARP VIPs specified with non-significant zeros, such as fdaa:1234:0012::1, ... Viktor Gurov
08:57 AM Bug #10189 (Resolved): pfsense calculates wrong ip header checksum when reassambling packages with different mtu: Great, so it looks like the issue is resolved in FreeBSD. I'll close this for now. Jim Pingle
06:42 AM Bug #10189: pfsense calculates wrong ip header checksum when reassambling packages with different mtu: I replicated the issue on SG-1100 2.4.4-p3, following the steps from the description. Ping was failing when the packe... Danilo Zrenjanin
08:55 AM Bug #10208 (Not a Bug): incorrect range aliases creation if type is network(s): That is valid and correct. It made a set of CIDR networks which cover the range you requested, which did not align to... Jim Pingle
06:07 AM Bug #10208 (Not a Bug): incorrect range aliases creation if type is network(s): On the page Firewall \ Aliases \ Edit
If you select the *Network(s) Type* and enter ip range (i.e. 192.168.1.1-192.1... Viktor Gurov
04:15 AM pfSense Packages Bug #10197 (Resolved): freeRADIUS virtual-server-default: modules daily, weekly, monthly, forever in authorize section prevent virtual server from loading: tested on 2.4.5.a.20200124.0853 with freeradius3 0.15.7_10
works as expected Viktor Gurov

01/24/2020

06:45 PM Revision 5e830cdf: Enable build of pimd pkg. Issue #9555: (cherry picked from commit 7351189a84b3029c95a649cbd23f57e886d57325) Jim Pingle
05:06 PM Revision d3ac1cea: IPsec IPv6 dynamic FQDN Remote Gateways, resolve_retry() IPv6 support. Issue #9405: Viktor Gurov
03:34 PM pfSense Packages Feature #10207 (Rejected): OpenBGPD - Prefix Filter: OpenBGPD won't be receiving any new development. Use FRR instead. Jim Pingle
03:27 PM pfSense Packages Feature #10207 (Rejected): OpenBGPD - Prefix Filter: Add an option to limit the allowed prefixes in OpenBGP.
It would be a global option, but would be located at the ... Kevin Wier
02:48 PM pfSense Packages Feature #9555: pimd package: This is also now available to install and test on 2.4.4-p3. Jim Pingle
12:19 PM Revision f5ddbec1: Allow manual selection of IPsec IKE Pseudo-Random Function (PRF). Issue #9309: Viktor Gurov
11:55 AM Revision 23328e8d: Revert "Disable the build of www/pound for now, it is not compatible with OpenSSL 1.1.0.": This reverts commit a73f3147e21012da34299a7b4fb007d90d322a10. Renato Botelho
10:06 AM pfSense Packages Bug #10188: Reputation tab is not working: No this page is built by the MaxMind GeoIP update process since the "Reputation" functionality requires GeoIP Data. T... BBcan177 .
09:08 AM pfSense Packages Feature #10165 (Resolved): Add High-Availability tracking to avahi package.: Renato Botelho wrote:
> PR has been merged on 2.5.0 and 2.4.5 branches. Thanks!
works as expected - start/stop on... Viktor Gurov
08:10 AM Bug #6579: IPv6 CARP VIPs lost upon config sync where they include non-significant zeros: Agreed, there is definitely something up with IPv6 addresses that contain capital letters. If I include such letters,... Tobias McNulty
08:09 AM Bug #9468 (Resolved): Removing the last limiter does not sync to secondary via XMLRPC: works as expected on 2.4.5.a.20200123.1100 Viktor Gurov
08:09 AM Bug #9469 (Resolved): Removing the last ATLQ traffic shaper queue does not sync to secondary via XMLRPC: works as expected on 2.4.5.a.20200123.1100 Viktor Gurov
07:55 AM pfSense Packages Feature #10202 (Feedback): redistribute bgp + route-map filtering in OSPF6: Everything we can do in OSPF6 here is now in pkg v 0.6.4, which will show up soon for everyone.
Due to limitations... Jim Pingle

01/23/2020

06:22 PM Bug #10206: VIP alias-ip's disappear from nic (caused by running ifconfig twice.?.): The down/up loss is already covered by #8815
Might not be much to do here but wait until 2.5.x moves to a FreeBSD ... Jim Pingle
05:27 PM Bug #10206 (Resolved): VIP alias-ip's disappear from nic (caused by running ifconfig twice.?.): Using "pfSense-CE-2.5.0-DEVELOPMENT-amd64-20200123-1059.iso" for a fresh install on a VirtualBox VM my configured VIP... Pi Ba
03:58 PM Revision 79e2f0ab: Sync translations with 2.5.0: Renato Botelho
03:52 PM Revision 5f15f5b9: Update translation files: Renato Botelho
03:49 PM Revision 1d6e101b: Regenerate pot: Renato Botelho
03:08 PM pfSense Docs Correction #10205 (Closed): Feedback on Installing and Upgrading — Upgrading pfSense Software Installations: *Page:* https://docs.netgate.com/pfsense/en/latest/install/upgrading-pfsense-software-installations.html
*Feedback... Anonymous
02:49 PM pfSense Packages Feature #10202 (In Progress): redistribute bgp + route-map filtering in OSPF6: Jim Pingle
03:05 AM pfSense Packages Feature #10202 (Resolved): redistribute bgp + route-map filtering in OSPF6: Add ability to redistribute routes from BGP
and filter redistributed data with route-map (distribute-list is not sup... Viktor Gurov
02:21 PM pfSense Packages Feature #9555: pimd package: This is now available to install on 2.4.5 and 2.5.0 snapshots, and is ready for testing.
Forum thread for feedback... Jim Pingle
01:04 PM Feature #10204 (New): Possible clarification of Track IPv6 Interface Subnet ID: On the Interface Configuration / Track IPv6 Interface:
Suggest change “IPv6 Prefix ID” to “IPv6 Subnet ID” or “IPV6 ... Rick Coats
11:07 AM pfSense Packages Bug #10197 (Feedback): freeRADIUS virtual-server-default: modules daily, weekly, monthly, forever in authorize section prevent virtual server from loading: PR has been merged. Thanks! Renato Botelho
07:28 AM pfSense Packages Bug #10197 (Pull Request Review): freeRADIUS virtual-server-default: modules daily, weekly, monthly, forever in authorize section prevent virtual server from loading: Jim Pingle
01:45 AM pfSense Packages Bug #10197: freeRADIUS virtual-server-default: modules daily, weekly, monthly, forever in authorize section prevent virtual server from loading: That's correct, see https://fossies.org/linux/freeradius-server/raddb/mods-available/README.rst:
_Conditional Modu... Viktor Gurov
10:34 AM Bug #10203 (Rejected): some aliases entries is not loaded: There isn't enough information here. If it still happens on 2.4.5 and we can narrow down specifics, an issue can be o... Jim Pingle
10:10 AM Bug #10203 (Rejected): some aliases entries is not loaded: I have host(s) aliases tables with N entries,
and I don’t see some of it's entries on the Diagnostics / Tables page
... Viktor Gurov
10:28 AM pfSense Packages Feature #10165 (Feedback): Add High-Availability tracking to avahi package.: PR has been merged on 2.5.0 and 2.4.5 branches. Thanks! Renato Botelho
09:00 AM Bug #10195 (Resolved): radvd spamming routing log with "IPv6 forwarding on interface seems to be disabled, but continuing anyway": Looks good here as well on CE and Factory. Jim Pingle
08:42 AM Bug #10195: radvd spamming routing log with "IPv6 forwarding on interface seems to be disabled, but continuing anyway": radvd 2.18_2 fixes it for me. Ronald Schellberg
07:55 AM Bug #10201 (Not a Bug): IPv6 rule is not created if only a link-local address is present: Since the interface doesn't technically have an IP address assigned here, I'm not sure it's behaving improperly. I kn... Jim Pingle
01:07 AM Bug #10201 (Not a Bug): IPv6 rule is not created if only a link-local address is present: fw rules is not created if source/destination is an interface address ('WAN address') without IPv6 address ('none')
... Viktor Gurov
04:44 AM pfSense Packages Bug #9836 (Resolved): OpenBGPD package deamon starts twice: tested 2.5.0.a.20200122.2323 on with OpenBGPD 0.11_11
starts fine Viktor Gurov
01:52 AM pfSense Packages Bug #10198 (Closed): Zabbix agents: Not listening on IPsec VTI interface: Alex Diamantopulo wrote:
> Attempt to make Zabbix agent or proxy listen on IPsec VTI interface fails with following ... Viktor Gurov
01:15 AM Bug #9469: Removing the last ATLQ traffic shaper queue does not sync to secondary via XMLRPC: Renato Botelho wrote:
> PR has been merged. Thanks!
works as expected on 2.5.0.a.20200122.2323 Viktor Gurov
01:15 AM Bug #9468: Removing the last limiter does not sync to secondary via XMLRPC: Renato Botelho wrote:
> PR has been merged. Thanks!
works as expected on 2.5.0.a.20200122.2323 Viktor Gurov

01/22/2020

09:40 PM Revision 1df15c54: Enable build of pimd pkg. Issue #9555: (cherry picked from commit 7351189a84b3029c95a649cbd23f57e886d57325) Jim Pingle
09:39 PM Revision 7351189a: Enable build of pimd pkg. Issue #9555: Jim Pingle
09:08 PM Revision 2811aba1: Enable build of pimd: (cherry picked from commit 4fe81c1b754683b41a65176f0b7652375c307e08) Jim Pingle
09:08 PM Revision 4fe81c1b: Enable build of pimd: Jim Pingle
04:11 PM Revision afd8177f: Fixed dhcpdv6 config generation for domain-list option. Fixes #10200: Florian Apolloner
03:44 PM Bug #10200 (Pull Request Review): DHCPv6 domain-search list not sent to clients: Jim Pingle
10:13 AM Bug #10200: DHCPv6 domain-search list not sent to clients: I have opened a PR at https://github.com/pfsense/pfsense/pull/4171 -- the relevant documentation can be found at http... Florian Apolloner
10:11 AM Bug #10200 (Resolved): DHCPv6 domain-search list not sent to clients: After tcpdumping dhcp requests and responses I realized that `option domain-search` in `/var/dhcpd/etc/dhcpdv6.conf` ... Florian Apolloner
03:43 PM pfSense Packages Feature #9555 (Feedback): pimd package: Should be available to install as a package on 2.5.0 and 2.4.5 snapshot builds soon. Jim Pingle
03:06 PM pfSense Packages Feature #9555: pimd package: I've been tinkering with this and just about have it ready. Will commit soon. Jim Pingle
03:35 PM Revision 3c07f498: Avoid very slow GUI loads when ews.netgate.com can't be resolved #8987: Tom Embt
09:47 AM Bug #8987: Web GUI main page very slow to load if wan interface is enabled but not connected.: Since I haven't seen any movement on this and I too find it annoying that the interface gets slow exactly when I need... Tom Embt
09:21 AM Todo #10199: Improve Spanish translation interface: Need to improve spanish translation on interface, some texts are translated incorrectly Aluisco Miguel Ricardo Mastrapa
09:20 AM Todo #10199 (New): Improve Spanish translation interface: Aluisco Miguel Ricardo Mastrapa
07:29 AM Bug #10195 (New): radvd spamming routing log with "IPv6 forwarding on interface seems to be disabled, but continuing anyway": radvd 2.18_1 is only showing up on Factory, and even there, the message is still in the logs, so something isn't quit... Jim Pingle
07:17 AM Bug #10196 (Resolved): Cloudflare dyndns not working (Invalid TTL): Code is present in current snapshots, marking this as resolved. Jim Pingle
02:13 AM Bug #10196: Cloudflare dyndns not working (Invalid TTL): It's working for me as well! László Dobó
05:53 AM pfSense Packages Bug #10198 (Closed): Zabbix agents: Not listening on IPsec VTI interface: Attempt to make Zabbix agent or proxy listen on IPsec VTI interface fails with following error (GUI):
The followin... Alex Diamantopulo
02:31 AM pfSense Packages Bug #10197 (Resolved): freeRADIUS virtual-server-default: modules daily, weekly, monthly, forever in authorize section prevent virtual server from loading: When using freeRADIUS 3 package with mysql enabled for accounting only and using pfsense gui for users/authorization,... Michael Lazernik

01/21/2020

07:38 PM Revision c9b49393: Use IPv4 connectivity as parent interface for SLAAC. Issue #9324: Viktor Gurov
02:55 PM Bug #9324 (Pull Request Review): IPv6 on top of a PPPOE ipv4 interface assigns parent interface to default route, not pppoe interface: Jim Pingle
01:42 PM Bug #9324: IPv6 on top of a PPPOE ipv4 interface assigns parent interface to default route, not pppoe interface: https://github.com/pfsense/pfsense/pull/4169 Viktor Gurov
01:57 PM Revision 8d9e01ab: CF DDNS wants int for TTL. Issue #10196: (cherry picked from commit e9869c5abc70dc4aa7cd27d2a139696a1970903f) Jim Pingle
01:57 PM Revision e9869c5a: CF DDNS wants int for TTL. Issue #10196: Jim Pingle
01:38 PM Revision ce1b0326: Add TTL for CloudFlare DDNS. Fixes #10196: (cherry picked from commit 9404b54a44a820b9c0332149a6ea794eed54bdac) Jim Pingle
01:37 PM Revision 9404b54a: Add TTL for CloudFlare DDNS. Fixes #10196: Jim Pingle
12:45 PM Bug #10195 (Feedback): radvd spamming routing log with "IPv6 forwarding on interface seems to be disabled, but continuing anyway": As pointed out in #9577, this warning is harmless in FreeBSD.
Warning silenced in radvd-2.18_1. Luiz Souza
08:44 AM Bug #10196: Cloudflare dyndns not working (Invalid TTL): Correct, working! János K
07:58 AM Bug #10196: Cloudflare dyndns not working (Invalid TTL): Fixed diff (CF wants TTL to be an integer type). Jim Pingle
07:45 AM Bug #10196 (Feedback): Cloudflare dyndns not working (Invalid TTL): Applied in changeset commit:9404b54a44a820b9c0332149a6ea794eed54bdac. Jim Pingle
07:36 AM Bug #10196: Cloudflare dyndns not working (Invalid TTL): Try applying the change in the attached diff and see if it works for you. Jim Pingle
07:27 AM Bug #10196 (In Progress): Cloudflare dyndns not working (Invalid TTL): What exact set of @{}@ did you remove? I do not see any in the cloudflare query setup that look like they should be r... Jim Pingle
06:21 AM Bug #10196: Cloudflare dyndns not working (Invalid TTL): János K wrote:
> László Dobó wrote:
> > Cloudflare DynDNS was working fine until today. I think that Cloudflare cha... László Dobó
05:49 AM Bug #10196: Cloudflare dyndns not working (Invalid TTL): László Dobó wrote:
> Cloudflare DynDNS was working fine until today. I think that Cloudflare changed their API and b... János K
02:22 AM Bug #10196: Cloudflare dyndns not working (Invalid TTL): "Related CloudFlare Api Documentation (v4) entry":https://api.cloudflare.com/#dns-records-for-a-zone-update-dns-record László Dobó
02:08 AM Bug #10196 (Resolved): Cloudflare dyndns not working (Invalid TTL): Cloudflare DynDNS was working fine until today. I think that Cloudflare changed their API and because of that, the dy... László Dobó
08:26 AM Bug #9634 (Pull Request Review): rc.newwanipv6 is called although dhcp6c should discard Request messages: Jim Pingle
01:46 AM Bug #9634: rc.newwanipv6 is called although dhcp6c should discard Request messages: https://tools.ietf.org/html/rfc8415#section-16.4
ignore REQUEST messages fix:
https://github.com/pfsense/pfsense/... Viktor Gurov
08:24 AM Bug #9357 (Closed): rc.newwanipv6 called regardless of REASON: Jim Pingle
01:20 AM Bug #9357: rc.newwanipv6 called regardless of REASON: Flole Systems wrote:
> Actually the script posted above is only used if "don't wait for RA" is set, otherwise the "o... Viktor Gurov
08:23 AM Bug #7614 (Pull Request Review): Port forwards where the destination is a network alias can create invalid refection rules if multiple subnets are in that alias.: Jim Pingle
05:00 AM Bug #7614: Port forwards where the destination is a network alias can create invalid refection rules if multiple subnets are in that alias.: https://github.com/pfsense/pfsense/pull/4168 Viktor Gurov
07:40 AM pfSense Packages Bug #6684 (Resolved): Setting IKEv2 Phase 2 in Mobile Config appears to generate invalid Apple Profile: Jim Pingle
02:31 AM pfSense Packages Bug #6684: Setting IKEv2 Phase 2 in Mobile Config appears to generate invalid Apple Profile: tested on pfSense 2.4.5.a.20200120.1342 with ipsec-profile-wizard 0.12
no such issue - you can set DH group in bot... Viktor Gurov
07:39 AM Bug #9225 (Closed): Gateway group routing not updated on OpenVPN client reconnect: Jim Pingle
07:23 AM Bug #9225: Gateway group routing not updated on OpenVPN client reconnect: no such issue on pfSense 2.5.0.a.20200119.2335
After disabling/enabling PPPoE link, it set group GW to GWTest_Gro... Viktor Gurov
07:37 AM Revision 8788b061: DHCP6 client discard REQUEST messages. Issue #9634: Viktor Gurov
12:08 AM pfSense Packages Bug #9738 (Resolved): Client IP address validation disallows CIDR notation: Renato Botelho wrote:
> PR has been merged. Thanks!
tested on 2.5.0.a.20200119.2335 with freeradius30.15.7_9
w... Viktor Gurov
12:01 AM Feature #10186 (Resolved): Ability to do inverse matching of tags in floating rules: Renato Botelho wrote:
> PR has been merged. Thanks!
tested on 2.5.0.a.20200119.2335
works as expected Viktor Gurov

01/20/2020

11:53 PM Bug #10190 (Resolved): can't disable Phase 1 when Phase 2 is VTI: Renato Botelho wrote:
> PR has been merged. Thanks!
tested on 2.5.0.a.20200119.2335
works as expected
Viktor Gurov
02:44 PM pfSense Packages Bug #9583 (Resolved): Freeradius 3 auth error on OTP (only on PFSense 2.5-dev): Works fine on _9. Jim Pingle
02:20 PM Bug #10179 (Resolved): incorrect encrypted backup restore error handling: This is not detecting the incorrect password case on current 2.4.5 snapshots. I don't get a blank page on error like ... Jim Pingle
10:21 AM Bug #10195 (Resolved): radvd spamming routing log with "IPv6 forwarding on interface seems to be disabled, but continuing anyway": On 2.4.5 and 2.5.0, radvd is filling the routing.log with the following error:... Jim Pingle
10:07 AM Bug #10194: NAT rule not working when multiple hosts under one alias: Thanks Jim. Please close issue. I will retest once version 2.4.5 comes out as production. John Beaudoin
09:34 AM Bug #10194 (Duplicate): NAT rule not working when multiple hosts under one alias: Almost certainly a duplicate of #9296 Jim Pingle
09:21 AM Bug #10194 (Duplicate): NAT rule not working when multiple hosts under one alias: Running a secure ftp server under tcp/990 and passive ports tcp/50000-50010
created alias "allcustomers" added fqd... John Beaudoin
07:24 AM Bug #10189: pfsense calculates wrong ip header checksum when reassambling packages with different mtu: If it's fixed in 13, there is a possibility that the fix was MFCd from 13 to 12-STABLE and back to 11-STABLE. 2.4.5 i... Jim Pingle
07:04 AM Bug #10189: pfsense calculates wrong ip header checksum when reassambling packages with different mtu: No, i haven't tried these versions yet and currently don't have time to do more investigation.
If 2.4.5 becomes stab... Stefan Mark
06:38 AM Bug #10189: pfsense calculates wrong ip header checksum when reassambling packages with different mtu: Have you also tried on pfSense 2.4.5 and 2.5.0 snapshots to see if it persists there as well? Jim Pingle
03:21 AM Bug #10189: pfsense calculates wrong ip header checksum when reassambling packages with different mtu: I tried to reproduce this with different freebsd versions:
- 13.0 : OK
- 11.2 : Fails
- 9.3 : OK
It seems that... Stefan Mark
06:41 AM Bug #10193 (Rejected): PPPoE wrong default route: Please post on the forum to discuss and diagnose the issue. It is more likely you have a configuration issue here and... Jim Pingle
05:36 AM Bug #10193 (Rejected): PPPoE wrong default route: I'm running newest stable pfSense 2.4.4 in KVM virt (pcie passed through NICs, should be identical to physical/bareme... Mark Aradi
06:19 AM Bug #8987: Web GUI main page very slow to load if wan interface is enabled but not connected.: Still an issue here too somehow, a year later - it's the one thing that's close to driving me to migrate to opnsense.... Jon Sands

01/19/2020

09:54 AM Bug #10192 (Duplicate): 在没有互联网（内网）的情况下登录异常的慢（最少需要10秒）: #1 - All submissions here must be in English
#2 - This is a duplicate of #8987 Jim Pingle
03:32 AM Bug #10192 (Duplicate): 在没有互联网（内网）的情况下登录异常的慢（最少需要10秒）: 目前查看的原因在于登录时会自动检测更新，而此时没有互联网就卡住了（我开了系统更新里面的仪表盘不更新，依旧会卡住）。还有一个是检查插件跟在线检测模块（都是基于互联网）
建议不要在首次登录做这些操作，可以放在其他页面以增加用户体验。 zisain pan

01/15/2020

04:06 PM Feature #10186 (Resolved): Ability to do inverse matching of tags in floating rules: *Summary:*
I would love to be able to set up floating rules that match traffic on an interface that has NOT been t... Soren Petersen
12:28 PM pfSense Packages Bug #10185: Suricata 'Alert Log View Filter' undesirably port matches substrings instead of exact port: Sean McBride wrote:
> Or even just adding some text under the input fields to specify that it takes regexes.
Yeah... Bill Meeks
09:53 AM pfSense Packages Bug #10185: Suricata 'Alert Log View Filter' undesirably port matches substrings instead of exact port: Or even just adding some text under the input fields to specify that it takes regexes. Sean McBride
09:30 AM pfSense Packages Bug #10185: Suricata 'Alert Log View Filter' undesirably port matches substrings instead of exact port: The alerts log filtering tool uses Perl regular expression syntax. If you want to find say just Port 25, then try thi... Bill Meeks

01/14/2020

08:11 PM Revision 12ade1e2: Enable RUST on native build: Renato Botelho
08:11 PM Revision 78a6cfe3: Enable RUST on native build: Renato Botelho
06:39 PM Revision 84801cc2: Update repository info before checking for updates: (cherry picked from commit ff90ae73c35f293f370104c18d386c08e9e813c7) Steve Beaver
06:17 PM Revision 24da61c6: add fe80::1:1 as an alias. Issue #9998: Viktor Gurov
05:35 PM Revision c9a96f16: XMLRPC: fix last shaper/limiter removing. Issue #9468-9469: Viktor Gurov
05:28 PM Revision 8e4ad4c8: encrypt exported key with AES-256. Issue #1192: Viktor Gurov
05:13 PM Revision 153f78af: fix incorrect encrypted backup restore error handling. Issue #10179: Viktor Gurov
04:56 PM Revision d6138c50: Link to the book, not old OpenBSD docs. Fixes #10184: (cherry picked from commit 1bcc6e56e51b8ac1e329c9c0dd2bfc0f40983ead) Jim Pingle
04:56 PM Revision 1bcc6e56: Link to the book, not old OpenBSD docs. Fixes #10184: Jim Pingle
04:45 PM Bug #5413: Reduce disruptions when changing DNS records from DHCP leases in Unbound: [[https://github.com/pfsense/FreeBSD-ports/pull/751]] Alexander Berkes
03:42 PM Bug #5413: Reduce disruptions when changing DNS records from DHCP leases in Unbound: Alexander Berkes wrote:
> Renato Botelho wrote:
> > https://github.com/pfsense/FreeBSD-ports/blob/devel/sysutils/dh... Renato Botelho
03:02 PM Bug #5413: Reduce disruptions when changing DNS records from DHCP leases in Unbound: Renato Botelho wrote:
> https://github.com/pfsense/FreeBSD-ports/blob/devel/sysutils/dhcpleases/files/dhcpleases.c
... Alexander Berkes
04:19 PM pfSense Packages Bug #10185 (Closed): Suricata 'Alert Log View Filter' undesirably port matches substrings instead of exact port: See attached screenshot. When I put a port number, like "25" in the 'destination port' field, I would expect to get ... Sean McBride
02:22 PM Revision 07060399: diag_packet_capture.php: Input and error checks. Fixes #10183: * Prevent selecting Address Family and ARP, it is not a valid
combination.
* Prevent PHP errors when the capture file... Jim Pingle
02:19 PM Revision 27f52f53: diag_packet_capture.php: Input and error checks. Fixes #10183: * Prevent selecting Address Family and ARP, it is not a valid
combination.
* Prevent PHP errors when the capture file... Jim Pingle
12:34 PM Bug #10184 (Resolved): Shaper Add Child Scheduler options Codel wrong description link: Looks good after a gitsync. Jim Pingle
11:05 AM Bug #10184 (Feedback): Shaper Add Child Scheduler options Codel wrong description link: Applied in changeset commit:1bcc6e56e51b8ac1e329c9c0dd2bfc0f40983ead. Jim Pingle
12:19 PM Bug #9998: DHCP6c and Unbound DNS Server Boot-Up Configuration Failure: https://github.com/pfsense/pfsense/pull/4163 Viktor Gurov
12:10 PM pfSense Packages Todo #9392 (Resolved): Status_Traffic_Totals needs updated for vnstat 2.0: Totals match up with expectations on pkg v 2.3.1. Jim Pingle
08:34 AM pfSense Packages Todo #9392 (Feedback): Status_Traffic_Totals needs updated for vnstat 2.0: Try again once pkg 2.3.1 is available with the next snapshot run. Jim Pingle
08:16 AM pfSense Packages Todo #9392: Status_Traffic_Totals needs updated for vnstat 2.0: I have a fix for this. Values are coming in Bytes by default, old base was KiB, so it needs adjusted to match. Jim Pingle
08:11 AM pfSense Packages Todo #9392 (In Progress): Status_Traffic_Totals needs updated for vnstat 2.0: I'm seeing that now as well. The command line shows what appears to be more accurate data.... Jim Pingle
01:35 AM pfSense Packages Todo #9392: Status_Traffic_Totals needs updated for vnstat 2.0: something is off in units on 2.5 at least since up date from 12:00 to 2:30 in morning and on 18M dsl its already show... Michael Kellogg
12:09 PM Bug #10183 (Resolved): diag_packet_capture.php: Capture for 'pfsync' fails: Works fine on 2.4.5.a.20200114.0923 Jim Pingle
08:30 AM Bug #10183 (Feedback): diag_packet_capture.php: Capture for 'pfsync' fails: Applied in changeset commit:27f52f5385a46f3896b08a7a90258be43fadb8de. Jim Pingle
07:43 AM Bug #10183 (In Progress): diag_packet_capture.php: Capture for 'pfsync' fails: Jim Pingle
06:44 AM Bug #10183: diag_packet_capture.php: Capture for 'pfsync' fails: With the combination Address family: IPv4 and ARP protocol i have the same warning Raul Ramos
12:09 PM Feature #9905: ospf / ospv3 packet capture: Works fine on 2.4.5.a.20200114.0923 Jim Pingle
12:08 PM Feature #9905 (Resolved): ospf / ospv3 packet capture: Jim Pingle wrote:
> Needs a quick re-test on 2.4.5 once it's in a snapshot.
tested on 2.4.5.a.20200114.0923
wo... Viktor Gurov
12:08 PM Feature #9766 (Resolved): diag_packet_capture.php: allow to input multiple tcp/udp ports: Works fine on 2.4.5.a.20200114.0923 Jim Pingle
12:03 PM Feature #9831 (Resolved): diag_packet_capture.php: print packet capture start time: Jim Pingle wrote:
> Needs a quick re-test on 2.4.5 once it's in a snapshot.
tested on 2.4.5.a.20200114.0923
wo... Viktor Gurov
12:00 PM Feature #9251 (Resolved): DNS Resolver (Unbound) Python Integration: Appears to work fine now on 2.4.5.a.20200114.0923 and 2.5.0.a.20200113.1543 Jim Pingle

01/13/2020

11:53 PM Bug #10182: BGP learned routes dropping from routing table: Hi Jim,
I used the patches commit:64c18f53 and commit:7ba8d654 which working around the issue by toggling the vti ... Luki TJ
12:15 PM Bug #10182: BGP learned routes dropping from routing table: Thank you Jim, going to test these patches on 2.4.4-p3 and will report back results soon. Luki TJ
11:24 AM Bug #10182 (Duplicate): BGP learned routes dropping from routing table: This is probably a duplicate of #9668 -- Please post on the forum to discuss if the problem is still observed on a 2.... Jim Pingle
11:21 AM Bug #10182 (Duplicate): BGP learned routes dropping from routing table: Hi,
I'm running pfSense as VPN Head-end with multiple Site-to-Site IPSEC Connections. Most of theses connection ar... Luki TJ
11:29 PM Bug #10184: Shaper Add Child Scheduler options Codel wrong description link: current link is https://web.archive.org/web/20160404153707/http://www.openbsd.org/faq/pf/queueing.html#ecn Constantine Kormashev
11:28 PM Bug #10184 (Resolved): Shaper Add Child Scheduler options Codel wrong description link: In Add Child web-page of Shaper interface Scheduler options checkbox Codel Active Queue leads to page which does not ... Constantine Kormashev
08:39 PM Revision 3f571682: Sync diag_packet_capture.php with master: * Adds multiple TCP/UDP port input. Issue #9766
* Adds packet capture start time info. Issue #9831
* Adds OSPF protoc... Jim Pingle
08:17 PM Revision 1d2dbda2: Use correct pfsync packet capture syntax. Fixes #10183: Jim Pingle
03:39 PM Feature #3178 (Duplicate): IPSec dynamic hosts for IPv6: Duplicated by #9405 but it has a proposed fix, so keep that one. Jim Pingle
02:50 PM Bug #10183 (Feedback): diag_packet_capture.php: Capture for 'pfsync' fails: Applied in changeset commit:1d2dbda287ecf650f5957689bd2346adb98f6360. Jim Pingle
02:00 PM Bug #10183 (In Progress): diag_packet_capture.php: Capture for 'pfsync' fails: Jim Pingle
01:59 PM Bug #10183 (Resolved): diag_packet_capture.php: Capture for 'pfsync' fails: On diag_packet_capture.php, attempting to capture traffic fails when the protocol is set to 'pfsync'.
This happens... Jim Pingle
02:43 PM Feature #9905 (Feedback): ospf / ospv3 packet capture: Needs a quick re-test on 2.4.5 once it's in a snapshot. Jim Pingle
02:43 PM Feature #9766 (Feedback): diag_packet_capture.php: allow to input multiple tcp/udp ports: Needs a quick re-test on 2.4.5 once it's in a snapshot. Jim Pingle
02:43 PM Feature #9831 (Feedback): diag_packet_capture.php: print packet capture start time: Needs a quick re-test on 2.4.5 once it's in a snapshot. Jim Pingle
11:25 AM Bug #9998: DHCP6c and Unbound DNS Server Boot-Up Configuration Failure: To review that properly for inclusion, it must be submitted as a pull request on Github: https://docs.netgate.com/pfs... Jim Pingle
11:22 AM Bug #9998: DHCP6c and Unbound DNS Server Boot-Up Configuration Failure: Patch file supplied to set fe80::1:1 as an IPv6 alias (and NOT remove the native IPv6 link-local), to clean up the in... Eric Veum
11:07 AM Bug #9469 (Pull Request Review): Removing the last ATLQ traffic shaper queue does not sync to secondary via XMLRPC: Jim Pingle
11:07 AM Bug #9468 (Pull Request Review): Removing the last limiter does not sync to secondary via XMLRPC: Jim Pingle
06:36 AM Feature #10174: Internet Bandwidth per USER: That is a support question. This site is not for support. Ask questions like that on the forum at https://forum.netga... Jim Pingle
06:27 AM Feature #10174: Internet Bandwidth per USER: Mohamed Abdelaal wrote:
> Dear All,
> I'm in-love with pfSense and really it's a great project BUT i'm facing a pro... Mohamed Abdelaal
05:36 AM Bug #5413: Reduce disruptions when changing DNS records from DHCP leases in Unbound: Alexander Berkes wrote:
> Hi all,
>
> I have been looking at this issue for the last few days, because I am affec... Renato Botelho

01/12/2020

12:13 AM Revision eb10e329: Update help.php: update crash_reporter.php to a more useful resource jamesdekker

01/11/2020

06:33 PM pfSense Docs Correction #10181 (Closed): Feedback on Packages — Installing Packages: *Page:* https://docs.netgate.com/pfsense/en/latest/book/packages/managing-packages.html
*Feedback:* https://docs.n... Anonymous
06:04 PM pfSense Docs Correction #10180 (Resolved): Feedback on Development — Obtaining Panic Information for Developers: *Page:* https://docs.netgate.com/pfsense/en/latest/development/panic-information.html
*Feedback:* https://docs.net... Anonymous
04:30 PM Feature #6626: Support for IPv6 firewall entries with dynamic delegated prefix and static host address: The global prefix variable should be available to the Dynamic DNS tool as well. Currently the Dynamic DNS tool has an... B P
04:02 PM Bug #10179 (Pull Request Review): incorrect encrypted backup restore error handling: Jim Pingle
02:56 AM Bug #10179 (Resolved): incorrect encrypted backup restore error handling: If you trying to restore encrypted backup, but select invalid file, you got blank page after pressing "restore" ( cau... Viktor Gurov
03:59 PM Bug #9998: DHCP6c and Unbound DNS Server Boot-Up Configuration Failure: Once upon a time we started using fe80::1:1 as a predictable local address sort of like 192.168.1.1, but I don't thin... Jim Pingle
01:06 AM Bug #9998: DHCP6c and Unbound DNS Server Boot-Up Configuration Failure: I found that the interface_track6_configure() function switches original link-local address to fe80::1:1
Why do we n... Viktor Gurov
03:56 PM Bug #10159 (Resolved): nginx error " 48: Address already in use" sometimes displayed in the logs when reconfiguring captive portal: Jim Pingle
11:26 AM Bug #10159: nginx error " 48: Address already in use" sometimes displayed in the logs when reconfiguring captive portal: this issue can be marked as resolved A FL
01:36 PM Feature #2358: NAT64 support: Please add NAT64 we need this feature! Car F
08:51 AM Bug #10177 (Not a Bug): OpenVPN Server Compression option missing (No compression): Omitting the directive uses the OpenVPN default, which is what the option already says, and that was an intentional c... Jim Pingle
07:30 AM Bug #10177: OpenVPN Server Compression option missing (No compression): After reading your patch and the complete file, I got the fealing that the "default" value Line 135: '' => gettext("O... Cullen Trey
03:35 AM Bug #10177 (New): OpenVPN Server Compression option missing (No compression): That seems correct,
From openvpn(8):
If the algorithm parameter is empty, compression will be turned off, b... Viktor Gurov
02:46 AM Bug #10178 (Resolved): crypt.inc: crypt_data() legacy mode using wrong message digest: tested on 2.5.0.a.20200110.1822 with 2.4.4-p3 and 2.5 encrypted backups Viktor Gurov
01:20 AM pfSense Packages Bug #10146 (Resolved): squid4 obsolete options: tested on 2.5.0.a.20200110.1822 with squid-0.4.44_13
works as expected
Viktor Gurov

01/10/2020

08:21 PM Revision d83d2280: Mount devfs for unbound when python is enabled. Fixes #9251: (cherry picked from commit 741892ee23a9085b71fa94fcfb8375044fec6ee2) Jim Pingle
08:21 PM Revision 741892ee: Mount devfs for unbound when python is enabled. Fixes #9251: Jim Pingle
06:29 PM Revision ff383f32: Use correct md value in crypt_data(). Fixes #10178: Jim Pingle
06:17 PM Bug #5413: Reduce disruptions when changing DNS records from DHCP leases in Unbound: Hi all,
I have been looking at this issue for the last few days, because I am affected by myself and would like th... Alexander Berkes
05:29 PM Revision 175f3ac6: Use correct syntax for /bin/sh for loop in ovpn_auth_verify Fixes #7767: It's not bash. Jim Pingle
05:28 PM Revision ffc44c36: openvpn.tls-verify.php syntax fixes. Issue #7767: Jim Pingle
05:28 PM Revision 3db11061: Fix openvpn.tls-verify.php whitespace. Issue #7767: Jim Pingle
02:45 PM pfSense Packages Todo #9392 (Resolved): Status_Traffic_Totals needs updated for vnstat 2.0: I've tried this on a variety of 2.4.5 and 2.5.0 systems both CE and Factory and with pkg version 2.3 it seems to be O... Jim Pingle
07:03 AM pfSense Packages Todo #9392 (Feedback): Status_Traffic_Totals needs updated for vnstat 2.0: Jared pushed the remaining required fixes yesterday, so it should be ready to test once that's in snapshots Jim Pingle
02:30 PM Feature #9251 (Feedback): DNS Resolver (Unbound) Python Integration: Applied in changeset commit:741892ee23a9085b71fa94fcfb8375044fec6ee2. Jim Pingle
02:22 PM Feature #9251: DNS Resolver (Unbound) Python Integration: Mounting devfs does fix the problem. I added some code to set that up as needed when the module is enabled. Jim Pingle
02:00 PM Revision b9f3dfd2: Reword option help text for issue #9302: Jim Pingle
01:18 PM Bug #10172 (Resolved): A few places in the UI still refer to "SSL" instead of "SSL/TLS": Looks good to me. All the places I noted use SSL/TLS now on 2.5.0 and where possible on 2.4.5. Jim Pingle
01:11 PM Feature #7767: OCSP support for OpenVPN server: Also working here after all patches applied - server and client logs are clean. Thanks for the quick fix Jim! Steve Wilson
01:11 PM Feature #7767: OCSP support for OpenVPN server: Great, thanks!
I'm leaving this on feedback for now since the original functionality added here (OCSP support) sti... Jim Pingle
01:03 PM Feature #7767: OCSP support for OpenVPN server: confirmed working now with all three patches. Ronald Schellberg
12:59 PM Feature #7767: OCSP support for OpenVPN server: You will need commit:3db110612dbf30cbb5855490525f03e4742dfe6e , commit:ffc44c36d9ac001bbebcc6334e014dde8a11c8f4 , and... Jim Pingle
12:55 PM Feature #7767: OCSP support for OpenVPN server: only saw one. I'll check again. Ronald Schellberg
12:46 PM Feature #7767: OCSP support for OpenVPN server: Did you apply all three commits? It works for me with all current changes. I tested it on three different lab boxes.... Jim Pingle
12:35 PM Feature #7767: OCSP support for OpenVPN server: hand applied the changeset, didn't fix the problem. Log now shows:
@Jan 10 11:32:51 openvpn 64931 xxx.xxx.xxx.... Ronald Schellberg
12:00 PM Feature #7767: OCSP support for OpenVPN server: See attached. The Certificate depth is set to One. The CA is a self signed pfsense with a number of certificates c... Ronald Schellberg
11:35 AM Feature #7767 (Feedback): OCSP support for OpenVPN server: Applied in changeset commit:175f3ac6b671182e2cf9968f5e820188d9e1573f. Jim Pingle
11:27 AM Feature #7767: OCSP support for OpenVPN server: I see the problems, push coming shortly. Jim Pingle
11:10 AM Feature #7767 (In Progress): OCSP support for OpenVPN server: OK, I see this now as well after updating a VM here. I'll look into it ASAP. Jim Pingle
10:58 AM Feature #7767: OCSP support for OpenVPN server: OpenVPN TLS handshake also failing here after update. OCSP Verify box is unchecked, Certificate Depth check set to "... Steve Wilson
09:23 AM Feature #7767 (New): OCSP support for OpenVPN server: Can you provide any additional detail about your settings and certificate structure? Jim Pingle
08:52 AM Feature #7767: OCSP support for OpenVPN server: I think this PR caused my OpenVPN TLS handshake to start failing. The openvpn.tls-verify.php call results in a "2" r... Ronald Schellberg
12:35 PM Bug #10178 (Feedback): crypt.inc: crypt_data() legacy mode using wrong message digest: Applied in changeset commit:ff383f323c0f8104e227d8af7401fdad6d383bbe. Jim Pingle
12:23 PM Bug #10178 (Resolved): crypt.inc: crypt_data() legacy mode using wrong message digest: On 2.4.x with OpenSSL 1.0.x, the default message digest (md) value was "md5" (eew). On 2.5.0 with OpenSSL 1.1.1 we ma... Jim Pingle
12:34 PM Bug #10177 (Not a Bug): OpenVPN Server Compression option missing (No compression): This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
12:24 PM Bug #10177: OpenVPN Server Compression option missing (No compression): Sorry it is the "compress" statement:
"Community edition: OpenVPN 2.3.x and OpenVPN 2.4.x
If a soft migration is ... Cullen Trey
12:18 PM Bug #10177 (Not a Bug): OpenVPN Server Compression option missing (No compression): Hi,
I was just wondering why the deactivate compression option within the OpenVpn Server config does not disable c... Cullen Trey
10:58 AM Todo #9245 (Resolved): Update copyright notices to 2020: Everything in the repos is good for CE and Factory on 2.4.5 and 2.5.0 as far as I can see. Packages look good in the ... Jim Pingle
08:01 AM Feature #9302: radvd always advertises DNS servers and Domain Search List regardless of M or O flag: Looks fine here in the latest Firefox and Chrome. Even so, I pushed a change to reword the help text a bit. Jim Pingle
01:44 AM Feature #9302: radvd always advertises DNS servers and Domain Search List regardless of M or O flag: tested on 2.5.0.a.20200109.0836
works as expected,
but WebGUI looks weird -
unchecked by default, but "Unchec... Viktor Gurov
07:10 AM pfSense Packages Bug #10146 (Feedback): squid4 obsolete options: This was merged a few days ago Jim Pingle
06:29 AM pfSense Packages Bug #10152 (Resolved): Squid: "unexpected operator" error in squid rc script: Jim Pingle
06:05 AM pfSense Packages Bug #10152: Squid: "unexpected operator" error in squid rc script: Hello
With the last merge and in a new fresh install... no issues. Stefano Mereghetti
06:28 AM Bug #10175 (Duplicate): VTI tunnels to AWS drop and do not automatically reconnect: Duplicate of #9767
Please post on the forum to discuss issues before opening bug reports, and search for existing ... Jim Pingle
05:08 AM Bug #10175: VTI tunnels to AWS drop and do not automatically reconnect: Note that in the above, the closing @</pre-shared-key>@ tag was mangled by redmine to just @</pre>@
Brian Candler
03:47 AM Bug #10175 (Duplicate): VTI tunnels to AWS drop and do not automatically reconnect: On a HA pair of XG-1537, I have four VTI tunnels to AWS - two each to two different accounts, with BGP failover on ea... Brian Candler
06:25 AM Bug #10176 (Duplicate): Multiple duplicate / overlapping phase 2 Child SAs on IPsec tunnels: If there is anything actionable here it's almost certainly solved by #9603 and needs tested on 2.5.0 snapshots.
If... Jim Pingle
05:04 AM Bug #10176: Multiple duplicate / overlapping phase 2 Child SAs on IPsec tunnels: I should add: these overlapping SAs _don't_ occur for VTI tunnels to AWS. I consistently get only a single phase2 SA... Brian Candler
04:27 AM Bug #10176 (Resolved): Multiple duplicate / overlapping phase 2 Child SAs on IPsec tunnels: This might be a configuration error, but if so, I can't see it. The problem occurs with VTI tunnels between:
- "A... Brian Candler
06:22 AM Feature #10174 (Rejected): Internet Bandwidth per USER: What is possible, is already possible. Jim Pingle
03:52 AM Feature #10174: Internet Bandwidth per USER: Mohamed Abdelaal wrote:
> Dear All,
> I'm in-love with pfSense and really it's a great project BUT i'm facing a pro... Viktor Gurov
03:15 AM Feature #10174 (Rejected): Internet Bandwidth per USER: Dear All,
I'm in-love with pfSense and really it's a great project BUT i'm facing a problem and looking for solution... Mohamed Abdelaal

01/09/2020

11:38 PM Bug #8922 (Resolved): Static routes set by system.inc for DNS gateway bindings are not removed: Renato Botelho wrote:
> PR has been merged. Thanks!
tested on 2.5.0.a.20200109.0836
both bugs are resolved
Viktor Gurov
01:35 PM Revision 84a80f54: Merge pull request #4158 from vktg/systemphproutedel: Renato Botelho
10:17 AM Feature #9816 (Resolved): firewall_aliases.php: add ability to export list of aliases: tested on 2.4.5.a.20200108.1746
works as expected
Viktor Gurov
08:36 AM pfSense Packages Feature #10165 (Pull Request Review): Add High-Availability tracking to avahi package.: Jim Pingle
08:18 AM pfSense Packages Feature #10165: Add High-Availability tracking to avahi package.: https://github.com/pfsense/FreeBSD-ports/pull/750 Viktor Gurov
08:01 AM Revision ded361f5: system.php: full route delete syntax: Viktor Gurov
07:35 AM Bug #10001 (Pull Request Review): incorrect route deletion on 2.5: Jim Pingle
07:35 AM Bug #10001: incorrect route deletion on 2.5: Viktor Gurov wrote:
> Renato Botelho wrote:
> > PR has been merged. Thanks!
>
> same fix for system.php:
> http... Renato Botelho
02:03 AM Bug #10001: incorrect route deletion on 2.5: Renato Botelho wrote:
> PR has been merged. Thanks!
same fix for system.php:
https://github.com/pfsense/pfsense/... Viktor Gurov
07:34 AM Feature #1192 (Pull Request Review): Certificate Manager - Ability to Encrypt Private Keys When Exporting: Jim Pingle
12:32 AM Bug #8531 (Resolved): URL Table aliases don't support FQDNs or names that return >1 IP: Renato Botelho wrote:
> PR has been merged. Thanks!
tested on 2.4.5.a.20200108.1746
works as expected Viktor Gurov

Also available in: Atom

Project

General

Profile

pfSense

Activity

Activity

02/07/2020

02/06/2020

02/05/2020

02/04/2020

02/03/2020

02/02/2020

02/01/2020

01/31/2020

01/30/2020

01/29/2020

01/28/2020

01/27/2020

01/26/2020

01/25/2020

01/24/2020

01/23/2020

01/22/2020

01/21/2020

01/20/2020

01/19/2020

01/18/2020

01/17/2020

01/16/2020

01/15/2020

01/14/2020

01/13/2020

01/12/2020

01/11/2020

01/10/2020

01/09/2020