Activity

30 days up to

User

Subprojects

Activity

From 01/15/2020 to 02/13/2020

02/13/2020

10:11 PM Revision 30bbc0a6: Update loader.conf when maximumtableentries changes: On Firewall -> Advanced -> Firewall, when maximumtableentries item
changes, make sure /boot/loader.conf is changed ac... Renato Botelho
10:11 PM Revision 4329a405: Add net.pf.request_maxcount to loader.conf: On FreeBSD 12 and newer pf uses this sysctl to define maximum number of
items supported by its allocations. Make sur... Renato Botelho
08:11 PM Revision 5e3b7c18: Revert "Ticket #3334: Retire additional iftop package": This reverts commit 4f473cd68074af4235971a278ae672d10e1e34a5. Renato Botelho
08:01 PM Revision 1f89dbe3: Ticket #3334: Retire additional iftop package: Renato Botelho
08:00 PM Revision 4f473cd6: Ticket #3334: Retire additional iftop package: Renato Botelho
07:47 PM Revision fa062b53: Merge pull request #4187 from zeroxx1986/master: Renato Botelho
07:42 PM Revision 5c52a260: Feature #9661: Manuel Piovan
07:38 PM Revision b7440bc6: Merge pull request #4186 from vktg/slaacusev4iface: Renato Botelho
07:37 PM Revision 86d933e3: Merge pull request #4189 from vktg/supressdnserror: Renato Botelho
07:35 PM Revision 107d50af: Merge pull request #4192 from vktg/openvpnacl: Renato Botelho
06:30 PM Revision 66a4e05e: Use sh -T to make sure child processes are trapped: Renato Botelho
06:30 PM Revision 9020723c: Use sh -T to make sure child processes are trapped: Renato Botelho
04:14 PM Revision 75a7ebd3: Revert "Implement -a on build_snapshots.sh": This reverts commit 597852052ffa85ca02caa8a8aa79526f8f9595bd. Renato Botelho
04:14 PM Revision c31ef6aa: Revert "Implement -a on build_snapshots.sh": This reverts commit 597852052ffa85ca02caa8a8aa79526f8f9595bd. Renato Botelho
01:47 PM Bug #10241: Updating Dynamic DNS provider Hover is not working: PR has been merged. Thanks! Renato Botelho
01:40 PM Feature #9661 (Feedback): Increase the number of DHCP/DHCPv6 NTP server options to three (or more): PR has been merged. Thanks! Renato Botelho
01:39 PM Bug #9324 (Feedback): IPv6 on top of a PPPOE ipv4 interface assigns parent interface to default route, not pppoe interface: PR has been merged. Thanks! Renato Botelho
01:37 PM Bug #9405 (Feedback): IPsec IPv6 dynamic FQDN Remote Gateways / util.inc resolve_retry() IPv6 support: PR has been merged. Thanks! Renato Botelho
01:36 PM Feature #9206 (Feedback): OpenVPN+RADIUS+Cisco AVPair ACL Enhancements/BugFixes: PR has been merged. Thanks! Renato Botelho
11:09 AM Revision 59785205: Implement -a on build_snapshots.sh: Renato Botelho
11:09 AM Revision 689865c1: Implement -a on build_snapshots.sh: Renato Botelho
09:09 AM Bug #7420: ipsec status freezing: That doesn't quite line up because strongSwan may have many worker threads running, but it still only has a few open ... Jim Pingle
04:32 AM Bug #7420: ipsec status freezing: it works OK if you disable IPsec Mobile
"Several of the threads from the thread pool are "reserved" for long runn... Viktor Gurov
09:03 AM Bug #3334: Status/Traffic Graph isn't IPv6 ready: Also it looks like there is an odd condition where the first time you switch to iftop, it doesn't want to display any... Jim Pingle
09:01 AM Bug #3334 (In Progress): Status/Traffic Graph isn't IPv6 ready: There is still a problem or two here.
The iftop binary is not present unless you manually install the pkg. Also th... Jim Pingle
12:31 AM Bug #3334 (Resolved): Status/Traffic Graph isn't IPv6 ready: tested on 2.5.0.a.20200212.1057
works as expected Viktor Gurov
08:15 AM Feature #10259: Missing linux_common and linprocfs kernel modules: There are other packages which display messages like that which are not necessarily relevant to pfSense. It may not m... Jim Pingle
08:07 AM Feature #10259: Missing linux_common and linprocfs kernel modules: Understood, thanks Jim. I will leave the port as-is for now and look at re-working the gosigar module used in Beats t... Paul Godard
07:45 AM Feature #10259 (Rejected): Missing linux_common and linprocfs kernel modules: The Linux emulation system is not suitable for use in a firewall appliance. It isn't something we would consider addi... Jim Pingle
07:30 AM Feature #10259 (Rejected): Missing linux_common and linprocfs kernel modules: I'm currently working on an updated FreeBSD Port for Beats (https://www.freshports.org/sysutils/beats/ - it’s not yet... Paul Godard
07:54 AM Feature #10258: allow to sign CA: What is the use case for this?
We used to allow something similar in the past but removed it several years ago (CA... Jim Pingle
05:27 AM Feature #10258 (New): allow to sign CA: To create cross-signed intermediate CA,
This feature can be added to the page System / Certificate Manager / CAs /... Viktor Gurov
05:21 AM Revision ae472dc1: OpenVPN radius ACL enhancements. Issue #9206: Shawn Bruce
04:12 AM Bug #4521 (Confirmed): OpenVPN authentication and certificate validation fail due to size of data passed through ``fcgicli``: same issue on pfSense 2.5.0.a.20200212.1057
it fails if subject string > 128
https://github.com/pfsense/FreeBSD... Viktor Gurov

02/12/2020

11:32 PM pfSense Docs Correction #10257 (Closed): incorrect Cisco-AVPair example: https://docs.netgate.com/pfsense/en/latest/book/openvpn/controlling-client-parameters-via-radius.html:
Inbound firew... Viktor Gurov
07:02 PM pfSense Packages Bug #10244: PHP crash: suricata: If I had to choose I'd choose to not use preg_quote() so that pcre works as expected.
I think this could be done s... John Silva
04:27 PM pfSense Packages Bug #10244: PHP crash: suricata: John Silva wrote:
> I think the issue is traced to the following line:
>
> [...]
>
> Unlike snort, the suricat... Bill Meeks
03:56 PM Revision ae9d8b76: get_service_with_port(): Validate port contents. Fixes #10255: Jim Pingle
03:56 PM Revision 7e7572ba: get_service_with_port(): Validate port contents. Fixes #10255: Jim Pingle
03:24 PM Bug #9801: VTI IPv6 addresses don't get assigned: Yep can also confirm it seems to be working as expected. Ben Hughes
03:32 AM Bug #9801 (Resolved): VTI IPv6 addresses don't get assigned: tested on 2.4.5.r.20200211.0854 and 2.5.0.a.20200211.1811
works as expected, /64 netmask Viktor Gurov
02:09 PM Bug #9577: radvd send_ra_forall failed on interface / can't join ipv6-allrouters: Attached is a compiled RADVD for 2.5 with the above patch (slightly modified) incorporated. Added a logging message ... Ronald Schellberg
12:46 PM Feature #10256: Add support for IPv6 to No-IP Dynamic DNS: Changed from Bug to Feature Request as it's not a bug, but a missing feature. Corrected subject to match.
Can you ... Jim Pingle
12:34 PM Feature #10256 (Resolved): Add support for IPv6 to No-IP Dynamic DNS: Suggesting an update to the /etc/inc/services.inc and /etc/int/dyndns.class to support IPv6 Dynamic DNS update for no... Csoban Kesmarki
11:42 AM Bug #10254: pf error "too many elements" when attempting to load large tables: https://github.com/pfsense/FreeBSD-src/commit/8f7d14d3049de4fb6f82c7e97153c4372674a1e7 might need to be reverted, or ... Jim Pingle
11:28 AM Bug #10254: pf error "too many elements" when attempting to load large tables: Looks to be failing around 65k, which was the default limit on @net.pf.request_maxcount@... Jim Pingle
11:10 AM Bug #10254: pf error "too many elements" when attempting to load large tables: Current snapshots have that change reverted but are still not behaving properly. Even though there appears to be suff... Jim Pingle
10:05 AM Bug #10255 (Feedback): status_logs_filter.php: PHP error when log entry contains invalid port: Applied in changeset commit:7e7572ba93c741454c0d8cc5f35a42da100e0ae4. Jim Pingle
09:53 AM Bug #10255 (Resolved): status_logs_filter.php: PHP error when log entry contains invalid port: On status_logs_filter.php if the filter.log contains a log entry with an invalid port, then a PHP error occurs:
<p... Jim Pingle
09:08 AM Revision 9210d0aa: Extra parameter SLAACuseIPv4iface. Issue #9324: Viktor Gurov
08:16 AM Bug #9405 (Pull Request Review): IPsec IPv6 dynamic FQDN Remote Gateways / util.inc resolve_retry() IPv6 support: Jim Pingle
01:22 AM Bug #9405: IPsec IPv6 dynamic FQDN Remote Gateways / util.inc resolve_retry() IPv6 support: Suppress dns_get_record() errors fix:
https://github.com/pfsense/pfsense/pull/4189 Viktor Gurov
07:18 AM Revision 8f85087b: Suppress dns_get_record() errors. Issue #9405: Viktor Gurov
06:18 AM Bug #9533 (Resolved): XG-7100 FAT config restore not working post-install: Jim Pingle
06:14 AM Bug #9533: XG-7100 FAT config restore not working post-install: I have tested both options:
*- update to*
2.4.5-RC (amd64)
built on Tue Feb 11 09:27:41 EST 2020
FreeBSD 1... Danilo Zrenjanin
04:26 AM Bug #1605 (Resolved): DHCP Server should group known clients by interface: tested on 2.5.0.a.20200211.1811
all three modes works as expected Viktor Gurov
01:51 AM Bug #6518 (Closed): IPsec phase 1 VPN not working with IPv6+DNS with "My IP Address" as identifier: no such issue on 2.4.4-p3 and 2.5.0.a.20200211.1811 Viktor Gurov
12:23 AM pfSense Packages Feature #10220 (Resolved): Add softflow 1.0.0 features - sampling and PSAMP export: tested on pfSense 2.5.0.a.20200211.1811 with softflowd 1.2.6
works as expected Viktor Gurov
12:21 AM pfSense Packages Feature #7895 (Resolved): Add a script for CARP monitoring to NRPE: tested on pfSense 2.5.0.a.20200211.1811 with nrpe 3.1_2
ok now Viktor Gurov
12:17 AM Bug #9334 (Resolved): bogus dialogue on Limiter deletion: works as expected on 2.5.0.a.20200211.1811 Viktor Gurov
12:15 AM Feature #10221 (Resolved): Update DH group warnings to say that group 5 is also weak: ok on 2.5.0.a.20200211.1811 Viktor Gurov
12:14 AM Feature #9309 (Resolved): Allow manual selection of IPsec IKE Pseudo-Random Function (PRF): works as expected on 2.5.0.a.20200211.1811 Viktor Gurov

02/11/2020

05:18 PM pfSense Packages Bug #10252: pfblockerng-devel: Grimson Gretzleburg wrote:
> Quote from the VIP section of the DNSBL Webserver Config:
> > Changes to the DNSBL VIP... Chris Roadfeldt
05:17 PM pfSense Packages Bug #10252: pfblockerng-devel: When you change the DNSBL VIP a *Force Update* will not change the Sinkhole'd IPs already established in the pfb_dnsb... BBcan177 .
09:02 AM pfSense Packages Bug #10252 (Not a Bug): pfblockerng-devel: The issue I want to address here is with the pfb_dnsbl.conf file. The IPs are incorrect and do not match the VIP I ha... Chris Roadfeldt
03:06 PM Bug #10254: pf error "too many elements" when attempting to load large tables: Looking in the FreeBSD source, it appears that the code which produces the error (r343520) is present on the branch u... Jim Pingle
02:39 PM Bug #10254: pf error "too many elements" when attempting to load large tables: The easiest way to reproduce the problem is to enable blocking of Bogons on any interface with IPv6 configured. Jim Pingle
02:35 PM Bug #10254 (Resolved): pf error "too many elements" when attempting to load large tables: On at least pfSense-base-2.4.5.r.20200210.0912 and later, pf fails to load large tables no matter what the limits are... Jim Pingle
02:45 PM Revision c7c438fc: comma: Frederic Bor
02:12 PM Revision e0479d47: post-review additional sanity checking of parse_url output #8987: Tom Embt
01:55 PM Revision 322f9f6c: Fix flagged syntax errors.: Jim Pingle
01:54 PM Revision edf8ce05: Point to a checkip doc URL that exists now.: (cherry picked from commit b2bfc3399c802760f25cdc02611b5e79fa3afcd6) Jim Pingle
01:53 PM Revision b2bfc339: Point to a checkip doc URL that exists now.: Jim Pingle
01:35 PM Revision f5e8bd4d: post-review changes to URL parsing and conditional style #8987: Tom Embt
11:39 AM Bug #10248 (Resolved): PHP Warning: A non-numeric value encountered in /etc/inc/rrd.inc on line 418: Jim Pingle
10:55 AM Bug #10248: PHP Warning: A non-numeric value encountered in /etc/inc/rrd.inc on line 418: This tests good here. No more errors. Thanks. Chris Linstruth
09:18 AM pfSense Packages Bug #10251: Avahi-daemon choosing VIP instead of interface IP: Chris Roadfeldt wrote:
> Jim Pingle wrote:
> > Avahi operates using interfaces and selects the addresses automatica... Chris Roadfeldt
09:08 AM pfSense Packages Bug #10251: Avahi-daemon choosing VIP instead of interface IP: Jim Pingle wrote:
> Avahi operates using interfaces and selects the addresses automatically. All the config can do i... Chris Roadfeldt
09:05 AM pfSense Packages Bug #10251 (Not a Bug): Avahi-daemon choosing VIP instead of interface IP: Avahi operates using interfaces and selects the addresses automatically. All the config can do is tell it to use or n... Jim Pingle
08:55 AM pfSense Packages Bug #10251 (Not a Bug): Avahi-daemon choosing VIP instead of interface IP: I have pfblockerng-devel installed and configured with DNSBL on most of my interfaces and VLANs. I also have avahi-da... Chris Roadfeldt
09:17 AM pfSense Packages Bug #10253 (New): pfblockerng-devel uses user interface for VIP causing issues with other services: I have pfblockerng-devel installed and configured with DNSBL on most of my interfaces and VLANs. I also have avahi-da... Chris Roadfeldt
08:09 AM Bug #8987: Web GUI main page very slow to load if wan interface is enabled but not connected.: For anyone reviewing or testing, my steps to reproduce are roughly:
# break your WAN connectivity in some way that t... Tom Embt
07:53 AM pfSense Docs New Content #10007: Feedback on Services — Dynamic DNS: There is a typo in the URL but even spelled correctly, the target page doesn't exist yet. This issue is to create the... Jim Pingle
04:32 AM pfSense Docs New Content #10007: Feedback on Services — Dynamic DNS: That link appears to have a typo. Instead of
https://docs.netgate.com/pfsense/en/latest/book/services/dynamic-dns-... Craig McQueen
07:47 AM Feature #10250: DHCP lease view by interface: The leases are not tracked by interface, so this is not easily possible. Others have requested similar things in the ... Jim Pingle
06:11 AM Feature #10250 (New): DHCP lease view by interface: Improve view: Group customers by interface. Ciro Maretto
04:31 AM Feature #10096: Update services_checkip_edit.php to include a link to The pfSense Book, rather than the community maintained documentation: I saw that this link is in pfSense 2.4.5-RC (amd64) built on Sat Feb 08 13:43:43 EST 2020, but the link doesn't exist... Craig McQueen

02/10/2020

10:02 PM pfSense Packages Bug #10245 (Not a Bug): PHP errors in snort package: Jim Pingle
09:19 PM pfSense Packages Bug #10245: PHP errors in snort package: I think you're correct. This isn't a bug in your code.
There are a couple of things going on.
First, my SID ma... John Silva
10:56 AM pfSense Packages Bug #10245: PHP errors in snort package: I don't believe this is a bug in the Snort package source code. I think it is instead a problem with your search term... Bill Meeks
09:28 PM pfSense Packages Bug #10244: PHP crash: suricata: I think the issue is traced to the following line:... John Silva
08:45 PM pfSense Packages Bug #10244: PHP crash: suricata: Thanks for checking, Bill. These patterns worked OK in 2.4.4-p3 before the 2.4.5-RC upgrade. I do see a pattern typ... John Silva
11:02 AM pfSense Packages Bug #10244: PHP crash: suricata: Same as the issue you reported for the Snort package, I don't believe this is a bug in the Suricata package source co... Bill Meeks
08:41 PM Revision c52c0982: routing warning: Frederic Bor
08:28 PM Revision 10a35d8e: Add e2guardian options: Renato Botelho
08:27 PM Revision f350c6ea: Add e2guardian options: Renato Botelho
07:04 PM pfSense Docs New Content #9753 (Feedback): Feedback on Installing and Upgrading — Writing Disk Images: Jared Dillard
07:03 PM pfSense Docs New Content #9753: Feedback on Installing and Upgrading — Writing Disk Images: If you could provide a short write-up, similar to the others, I can put it in place. Jared Dillard
06:04 PM Revision 386db806: Fix braces. Issue #10246: (cherry picked from commit c03557a25af6a41cb84078416e4f7023449305b2) Jim Pingle
06:03 PM Revision c03557a2: Fix braces. Issue #10246: Jim Pingle
04:08 PM Revision a3ab75ba: NAT rule dst port reference corrections. Fixes #10246: When negating, the number of elements in $dstaddr_port is different. Do
not hardcode the index of the assumed last va... Jim Pingle
04:08 PM Revision f9a16422: NAT rule dst port reference corrections. Fixes #10246: When negating, the number of elements in $dstaddr_port is different. Do
not hardcode the index of the assumed last va... Jim Pingle
03:55 PM Bug #10246 (Resolved): NAT: Syntax error when "Automatic create outbound NAT rules that direct traffic back out to the same subnet it originated from" is enabled: Thanks for testing! Jim Pingle
03:38 PM Bug #10246: NAT: Syntax error when "Automatic create outbound NAT rules that direct traffic back out to the same subnet it originated from" is enabled: Thanks for the quick turnaround @jimp, appreciate it
I can confirm your changes in revision 386db806 resolve the i... James L
02:43 PM Bug #10246: NAT: Syntax error when "Automatic create outbound NAT rules that direct traffic back out to the same subnet it originated from" is enabled: As always, *Thanks Jim*!
Will test shortly. Anonymous
10:15 AM Bug #10246 (Feedback): NAT: Syntax error when "Automatic create outbound NAT rules that direct traffic back out to the same subnet it originated from" is enabled: Applied in changeset commit:f9a16422dcfcc06e5093e33ee91dbce9e4295906. Jim Pingle
03:17 PM Revision 4cd9bc90: Merge pull request #4177 from vktg/gremtu: Renato Botelho
03:15 PM Revision 7d0bed43: Merge pull request #4184 from vktg/dhcpmaclimit: Renato Botelho
03:15 PM Revision 68114fc1: IPsec VTI IPv6 address correction. Fixes #9801: When setting up IPv6 VTI, assume /64 -- Previous code was assuming /32
which wasn't correct, and it can't be /128 eit... Jim Pingle
03:13 PM Revision c519b62f: IPsec VTI IPv6 address correction. Fixes #9801: When setting up IPv6 VTI, assume /64 -- Previous code was assuming /32
which wasn't correct, and it can't be /128 eit... Jim Pingle
02:50 PM Revision 0c448224: Ensure ALTQ bw is treated as int when factoring RRD values. Fixes #10248: (cherry picked from commit 3c95346d32bf4b243b242b73f91c5204ebf16d86) Jim Pingle
02:49 PM Revision 3c95346d: Ensure ALTQ bw is treated as int when factoring RRD values. Fixes #10248: Jim Pingle
02:33 PM pfSense Packages Feature #10242 (In Progress): E2guardian Web filtering package: PR has been merged and code review / improvement just started but we won't build public packages while it's not finished Renato Botelho
08:02 AM pfSense Packages Feature #10242 (Pull Request Review): E2guardian Web filtering package: Did you check with / confirm this was OK with the package author? Jim Pingle
02:11 PM Revision a62ceb92: Revert "Fix #10235": This reverts commit 64e656556369fe61fe4315fac4c1b78e4763e35f. Jim Pingle
02:10 PM Revision ac91bbaa: Revert "Fix #10235": This reverts commit 32218e9e1e69a0e2b91bcd829fcba04ec8586bdc. Jim Pingle
01:30 PM Revision 8c92a782: Merge pull request #4188 from vktg/ipsecph2nohash: Renato Botelho
12:52 PM Revision e6ae7acf: Merge pull request #4185 from vktg/dh5warningph1: Renato Botelho
12:14 PM Bug #10249: Syntax error in filter.inc with 2.4.5.r.20200210.1126 introduced in revision a3ab75ba7d9632eba2dee0d2a1d986949d207ce4: Check the issue again. There is a later commit which corrects the error. Jim Pingle
12:13 PM Bug #10249: Syntax error in filter.inc with 2.4.5.r.20200210.1126 introduced in revision a3ab75ba7d9632eba2dee0d2a1d986949d207ce4: Jim Pingle wrote:
> Fixed on #10246
Nope you introduced a new syntax error that prevents filter.inc from working ... Grimson Gretzleburg
12:05 PM Bug #10249 (Duplicate): Syntax error in filter.inc with 2.4.5.r.20200210.1126 introduced in revision a3ab75ba7d9632eba2dee0d2a1d986949d207ce4: Fixed on #10246 Jim Pingle
11:55 AM Bug #10249 (Duplicate): Syntax error in filter.inc with 2.4.5.r.20200210.1126 introduced in revision a3ab75ba7d9632eba2dee0d2a1d986949d207ce4: Here is the crash report:
> Crash report begins. Anonymous machine information:
>
> amd64
> 11.3-STABLE
> Fr... Grimson Gretzleburg
09:34 AM pfSense Packages Feature #10243 (Feedback): rawserial driver for lcdproc: PR has been merged. Thanks! Renato Botelho
08:03 AM pfSense Packages Feature #10243 (Pull Request Review): rawserial driver for lcdproc: Jim Pingle
09:25 AM Bug #9801 (Feedback): VTI IPv6 addresses don't get assigned: Applied in changeset commit:c519b62f8fc3ed094952c6289d21c429df139c51. Jim Pingle
09:18 AM Bug #9801: VTI IPv6 addresses don't get assigned: I just pushed a change which works on my test setup for existing and new connections.
The GUI still shows 0 but on... Jim Pingle
09:17 AM Feature #10222 (Feedback): Tune GRE MTU if GRE over IPsec is used: PR has been merged. Thanks! Renato Botelho
09:15 AM Bug #1605 (Feedback): DHCP Server should group known clients by interface: PR has been merged. Thanks! Renato Botelho
09:14 AM Bug #9533 (Feedback): XG-7100 FAT config restore not working post-install: Added kern.cam.boot_delay to default loader.conf and also a script to set it during upgrade Renato Botelho
09:00 AM Bug #10248 (Feedback): PHP Warning: A non-numeric value encountered in /etc/inc/rrd.inc on line 418: Applied in changeset commit:3c95346d32bf4b243b242b73f91c5204ebf16d86. Jim Pingle
08:51 AM Bug #10248 (In Progress): PHP Warning: A non-numeric value encountered in /etc/inc/rrd.inc on line 418: Jim Pingle
08:26 AM Bug #10248: PHP Warning: A non-numeric value encountered in /etc/inc/rrd.inc on line 418: Looks like that line is trying to get bandwidth on an ALTQ queue.... Jim Pingle
08:21 AM Bug #10247: Duplicate Outbound NAT entries when creating L2TP server: Setting to 2.5.0 since it's harmless/cosmetic. Jim Pingle
08:12 AM Bug #10235 (Feedback): OpenVPN server tries to push compress parameter when it's empty: I reverted the change here, since it wasn't correct. Jim Pingle
08:08 AM Bug #10235 (In Progress): OpenVPN server tries to push compress parameter when it's empty: I think the change didn't do what was intended here. The 'none' setting should end up with @compress@ only in the con... Jim Pingle
07:59 AM Bug #9663 (Feedback): panic on boot when IPv6 option "Do not wait for a RA" is enabled: Jim Pingle
07:58 AM Bug #9405 (In Progress): IPsec IPv6 dynamic FQDN Remote Gateways / util.inc resolve_retry() IPv6 support: Jim Pingle
07:48 AM Bug #10241 (Pull Request Review): Updating Dynamic DNS provider Hover is not working: Jim Pingle
07:45 AM Bug #10240: Incorrect interface assignment after switching from PPPoE: There was a similar problem in the past ( #1420 ) but this doesn't seem like quite the same issue.
Most likely not... Jim Pingle
07:39 AM Bug #9324 (Pull Request Review): IPv6 on top of a PPPOE ipv4 interface assigns parent interface to default route, not pppoe interface: Jim Pingle
07:38 AM Bug #10239 (Rejected): Crash dump: You have a hardware problem, not a bug.... Jim Pingle
07:37 AM pfSense Packages Feature #10220 (Feedback): Add softflow 1.0.0 features - sampling and PSAMP export: PR merged. Thanks! Renato Botelho
07:26 AM pfSense Packages Feature #10220 (Pull Request Review): Add softflow 1.0.0 features - sampling and PSAMP export: Jim Pingle
07:31 AM Feature #9309: Allow manual selection of IPsec IKE Pseudo-Random Function (PRF): Viktor Gurov wrote:
> If no IPsec PH2 hashes selected (i.e. AES-GCM) after pressing 'apply' you got:
> [...]
>
>... Renato Botelho
07:18 AM pfSense Packages Feature #7895 (Feedback): Add a script for CARP monitoring to NRPE: Fixed on version 3.1_2 Renato Botelho

02/09/2020

06:04 PM Bug #10248 (Resolved): PHP Warning: A non-numeric value encountered in /etc/inc/rrd.inc on line 418: Getting this on boot after upgrading to 2.4.5. Saw it on ARM and amd64.... Chris Linstruth
03:42 PM Bug #10246: NAT: Syntax error when "Automatic create outbound NAT rules that direct traffic back out to the same subnet it originated from" is enabled: Hi,
I also encountered this error a few months back, I forgot to log a redmine for it, but I did post on the forum... Anonymous
02:40 PM Bug #10246 (Resolved): NAT: Syntax error when "Automatic create outbound NAT rules that direct traffic back out to the same subnet it originated from" is enabled: I have the following port forward NAT rule to redirect DNS from LAN clients to a pi-hole:... James L
02:46 PM Bug #10247 (Resolved): Duplicate Outbound NAT entries when creating L2TP server: When enabling and configuring the L2TP server, I noticed that it creates duplicate entries in outbound NAT for the re... James L

02/08/2020

05:26 PM Revision ffcfddc6: Fix IPsec issue if no PH2 hashes selected. Issue #9309: Viktor Gurov
03:16 PM Bug #9801 (In Progress): VTI IPv6 addresses don't get assigned: Somehow it's not auto-setting the prefix length when saving. The one I already have in place is fine, but new ones ar... Jim Pingle
12:27 PM Bug #9801: VTI IPv6 addresses don't get assigned: I've just been testing this out on the latest RC version and it seems to be assigning the IPv6 a /32 subnet now for s... Ben Hughes
02:43 PM Bug #10235: OpenVPN server tries to push compress parameter when it's empty: regression?
2 openvpn, server is 2.5.0 client is 2.4.5-rc
both had -> Compression = "Disable compression, retain co... Manuel Piovan
12:03 PM Revision b08a1fa1: Set correct default MTU for GRE,GIF and GRE/IPsec. Issue #10222: Viktor Gurov
12:02 PM pfSense Packages Bug #10245 (Not a Bug): PHP errors in snort package: Running 2.4.5-RC with Snort package.
Crash Reporter is reporting an error in the snort package. Crash report foll... John Silva
11:59 AM pfSense Packages Bug #10244 (Closed): PHP crash: suricata: Running 2.4.5-RC with Suricata package.
Crash Reporter is reporting an error in the suricata package. Crash repor... John Silva
11:40 AM Revision 35bc0edf: DHCP group known clients by interface. Issue #1605: Daniel Koh
11:31 AM Feature #9309 (Feedback): Allow manual selection of IPsec IKE Pseudo-Random Function (PRF): If no IPsec PH2 hashes selected (i.e. AES-GCM) after pressing 'apply' you got:... Viktor Gurov
12:49 AM Feature #9309 (Resolved): Allow manual selection of IPsec IKE Pseudo-Random Function (PRF): works as expected on 2.5.0.a.20200207.2007 Viktor Gurov
10:24 AM Revision e9015d70: fixing bug https://redmine.pfsense.org/issues/10241: Tibor Bacsi
09:59 AM pfSense Packages Bug #9935 (Resolved): hide ECDSA certs for Zabbix: tested on pfSense 2.5.0.a.20200207.2007 with zabbix-agent44 1.0.4_3 and zabbix-proxy44 1.0.4_3
works as expected -... Viktor Gurov
09:11 AM pfSense Packages Feature #10243: rawserial driver for lcdproc: https://github.com/pfsense/FreeBSD-ports/pull/768 Viktor Gurov
09:09 AM pfSense Packages Feature #10243 (Resolved): rawserial driver for lcdproc: Rawserial driver has been avalbile since 0.5.7 this will dump raw serial data to the serial port. Hackers/makers can ... Viktor Gurov
08:56 AM pfSense Packages Feature #10242: E2guardian Web filtering package: https://github.com/pfsense/FreeBSD-ports/pull/767
initial version - copy of original package with changed director... Viktor Gurov
08:48 AM pfSense Packages Feature #10242 (New): E2guardian Web filtering package: E2guardian Web filtering http://e2guardian.org
original package by Marcello Coutinho (Apache 2 license):
https://... Viktor Gurov
07:19 AM pfSense Packages Feature #7895: Add a script for CARP monitoring to NRPE: fix that adds ${MKDIR} ${STAGEDIR}${PREFIX}/libexec/nagios line to Makefile:
https://github.com/pfsense/FreeBSD-port... Viktor Gurov
06:49 AM Bug #9663: panic on boot when IPv6 option "Do not wait for a RA" is enabled: Need more information to reproduce
no such issue on VM (qemu) pfSense 2.5.0.a.20200207.2007
and SG-1100 pfSense 2... Viktor Gurov
06:44 AM Revision 81a58f83: DH group 5 warnings for IPsec Phase 1. Issue #10221: Viktor Gurov
06:19 AM Bug #9405: IPsec IPv6 dynamic FQDN Remote Gateways / util.inc resolve_retry() IPv6 support: There is only one problem -
after loosing internet connection:... Viktor Gurov
01:53 AM Bug #9405 (Resolved): IPsec IPv6 dynamic FQDN Remote Gateways / util.inc resolve_retry() IPv6 support: ipv4/ipv6/both - works as expected on 2.5.0.a.20200207.2007 Viktor Gurov
04:52 AM Bug #10241: Updating Dynamic DNS provider Hover is not working: Tibor Bacsi wrote:
> When using Hover as a DNS NS, in pfSense the updates are not working, no matter what you write ... Tibor Bacsi
04:24 AM Bug #10241 (Resolved): Updating Dynamic DNS provider Hover is not working: When using Hover as a DNS NS, in pfSense the updates are not working, no matter what you write into the hostname/doma... Tibor Bacsi
04:21 AM Bug #10240 (Resolved): Incorrect interface assignment after switching from PPPoE: vtnet0 - LAN
vtnet1 - WAN
If you switch WAN interface configuration type to PPPoE
and then switch to other type,... Viktor Gurov
03:39 AM Bug #9324 (Feedback): IPv6 on top of a PPPOE ipv4 interface assigns parent interface to default route, not pppoe interface: small update:
https://github.com/pfsense/pfsense/pull/4186
It adds $slaacusev4iface parameter,
Otherwise using ... Viktor Gurov
12:10 AM Bug #9324 (Resolved): IPv6 on top of a PPPOE ipv4 interface assigns parent interface to default route, not pppoe interface: works as expected on 2.5.0.a.20200207.1337 Viktor Gurov
03:13 AM Bug #10239 (Rejected): Crash dump: Good day,
Alix apu3, latest 2.4.5rc, 2.4.5.r.20200207.1113
Attached all files, output.txt contains text copied from... Claudiu Mihai
01:12 AM pfSense Packages Feature #10220: Add softflow 1.0.0 features - sampling and PSAMP export: This PR fix input validation, to allow select PSAMP protocol version:
https://github.com/pfsense/FreeBSD-ports/pull/... Viktor Gurov
12:46 AM Feature #10221: Update DH group warnings to say that group 5 is also weak: additional PR for IPsec Phase 1 warning:
https://github.com/pfsense/pfsense/pull/4185
Viktor Gurov
12:28 AM Bug #9472 (Resolved): Unable to select QinQ interfaces for PPP interface: works as expected on 2.5.0.a.20200207.2007
Viktor Gurov

02/07/2020

11:15 PM pfSense Packages Bug #10218 (Resolved): Telegraf: Error creating the telegraf.ca file when you have more then one CA in pfSense: works as expected on pfSense 2.5.0.a.20200207.2007 and 2.4.5.r.20200206.1944
Telegraf 0.9_2
Viktor Gurov
08:06 AM pfSense Packages Bug #10218 (Feedback): Telegraf: Error creating the telegraf.ca file when you have more then one CA in pfSense: Pull request has been merged. Thanks! Renato Botelho
11:08 PM pfSense Packages Feature #7895: Add a script for CARP monitoring to NRPE: I'm getting a build error with the addition of the script:... Ronald Schellberg
11:00 PM Feature #9769 (Closed): listallcerts - pfSsh.php script to show all certificates in console: No special need for this feature.
If someone really needs it, he can use this PR as a template. Viktor Gurov
07:30 PM Revision ab380916: fix requested changes: Frederic Bor
07:12 PM Revision 538d28dc: Merge pull request #4116 from Augustin-FL/ldap: Renato Botelho
06:59 PM Revision 4cbc82ee: PHP: array and string access with curly braces is deprecated: Renato Botelho
06:58 PM Revision 42e4de7c: Merge pull request #4049 from Hobby-Student/master: Renato Botelho
06:47 PM Revision f75f20cb: Merge pull request #4171 from apollo13/patch-1: Renato Botelho
06:41 PM Revision 2db4be52: Merge pull request #4169 from vktg/slaaconpppoe: Renato Botelho
04:17 PM Revision a8287828: Merge pull request #4165 from vktg/resolve46: Renato Botelho
04:14 PM Revision fa2801a1: Merge pull request #4172 from vktg/compare6vip: Renato Botelho
04:13 PM Revision 5426f30c: cherry-pick e8a1e9e1288e5a3a2bd9ca5479ac19c8fcfb4c2d: Steve Beaver
04:10 PM Revision ccbe8887: Merge pull request #4174 from vktg/dh5warning: Renato Botelho
03:56 PM Revision 23e0b2a7: Merge pull request #4180 from vktg/qinqppp: Renato Botelho
03:54 PM Revision 3b42dbb8: Merge pull request #4179 from vktg/shapernowarn: Renato Botelho
03:53 PM Revision 996ddb55: Merge pull request #4183 from stephenw10/master: Renato Botelho
03:51 PM Revision e541d719: Merge pull request #4181 from vktg/iftopstatus: Renato Botelho
03:48 PM Revision 984d45b9: Merge pull request #4106 from vktg/prfipsec: Renato Botelho
01:13 PM Feature #9909 (Feedback): Add option to (dis)allow unauthenticated LDAP binds: Pull request has been merged. Thanks! Renato Botelho
01:00 PM Bug #9320 (Feedback): Outbound NAT and multiple IPSEC IPs for mobile warriors: Pull request has been merged. Thanks! Renato Botelho
12:47 PM Bug #10200 (Feedback): DHCPv6 domain-search list not sent to clients: Pull request has been merged. Thanks! Renato Botelho
12:41 PM Bug #9324 (Feedback): IPv6 on top of a PPPOE ipv4 interface assigns parent interface to default route, not pppoe interface: Pull request has been merged. Thanks! Renato Botelho
12:05 PM Bug #9577: radvd send_ra_forall failed on interface / can't join ipv6-allrouters: After shifting from RELENG 12.1 to Stable/12, I noticed that the commit labeled MFC r355881 on 12/25/19 again trigger... Ronald Schellberg
11:29 AM Feature #10238: Periodic Scrub of ZFS filesystem: I was able to add a package CRON and add the following to it:
0 0 1 * * root /sbin/zpool scrub zroot
This s... Mathew Keith
10:40 AM Feature #10238 (New): Periodic Scrub of ZFS filesystem: Add support for a periodic zfs scrub of the ZFS filesystem through the GUI.
Selecting an interval (weekly or monthly... Mathew Keith
10:33 AM Feature #10237 (Closed): Take ZFS snapshot on Upgrade: If PFSense is running on a zfs filesystem then take a snapshot prior to upgrade. The snapshot should be named to indi... Mathew Keith
10:17 AM Bug #9405 (Feedback): IPsec IPv6 dynamic FQDN Remote Gateways / util.inc resolve_retry() IPv6 support: Pull request has been merged. Thanks! Renato Botelho
10:14 AM Bug #6579 (Feedback): IPv6 CARP VIPs lost upon config sync where they include non-significant zeros: Pull request has been merged. Thanks! Renato Botelho
10:10 AM Feature #10221 (Feedback): Update DH group warnings to say that group 5 is also weak: Pull request has been merged. Thanks! Renato Botelho
09:56 AM Bug #9472 (Feedback): Unable to select QinQ interfaces for PPP interface: Pull request has been merged. Thanks! Renato Botelho
09:54 AM Bug #9334 (Feedback): bogus dialogue on Limiter deletion: Pull request has been merged. Thanks! Renato Botelho
09:52 AM Bug #3334 (Feedback): Status/Traffic Graph isn't IPv6 ready: Pull request has been merged. Thanks! Renato Botelho
09:48 AM Feature #9309 (Feedback): Allow manual selection of IPsec IKE Pseudo-Random Function (PRF): Pull request has been merged. Thanks! Renato Botelho
09:09 AM Feature #10231: Replace --route-nopul with --pull-filter: Pippin MMD wrote:
> Since the option --route-nopull is under discussion to be deprecated I would like to propose it ... Pippin MMD
09:05 AM Feature #9797 (Closed): services_unbound_advanced.php: add prefer-ip6 option to dns resolver gui: Not so necessary
Can be entered in the 'custom options' field Viktor Gurov
08:39 AM pfSense Packages Feature #10140 (Closed): allow to select webserver certificate: we discussed this with BBcan177 - this is unnecessary
I think this can be useful only if the company uses a specia... Viktor Gurov
08:18 AM pfSense Packages Bug #8830: Automatic flowbit resolution setting does not match description: Pull Request only applied on 2.5.0 Renato Botelho
08:16 AM pfSense Packages Bug #8830 (Feedback): Automatic flowbit resolution setting does not match description: Pull request has been merged. Thanks! Renato Botelho
08:11 AM pfSense Packages Feature #9916 (Feedback): Check allow-transfer in custom option when the zone is slave: Pull request has been merged. Thanks! Renato Botelho
08:08 AM pfSense Packages Feature #10220 (Feedback): Add softflow 1.0.0 features - sampling and PSAMP export: Pull request has been merged. Thanks! Renato Botelho
06:25 AM Bug #10230 (Resolved): Typo in the setup wizard final page: Fixed Renato Botelho
05:20 AM Bug #10230: Typo in the setup wizard final page: Patch added on:
2.4.5-RC (arm)
built on Tue Jan 28 23:45:14 EST 2020
FreeBSD 11.3-STABLE
Looks good.
!Scr... Danilo Zrenjanin
06:24 AM Bug #10217 (Resolved): PHP Warning: Invalid argument supplied for foreach() in /etc/inc/ipsec.inc on line 952: Fixed Renato Botelho
04:51 AM pfSense Packages Bug #9934 (New): suricata update kills WAN interface: same issue on XG-1537 (pfSense 2.4.4-p3, suricata 4.1.6_3) with ix interface,
I found that killing suricata process ... Viktor Gurov
01:21 AM Bug #10235 (Resolved): OpenVPN server tries to push compress parameter when it's empty: works as expected on 2.4.5.r.20200206.1944 Viktor Gurov
01:05 AM Bug #8611: unable to receive IPv6 RA's on SG-1000, default route lost: no such issue on pfSense 2.5.0.a.20200205.1753
pfSense 2.4.4-p3 on SG-3100 as DHCP6/RA server
SG-1000 cpsw0 inter... Viktor Gurov

02/06/2020

03:56 PM pfSense Packages Feature #8547: fwknop Port Knocking Package: Jim Pingle wrote:
> If you want secure remote access, use a VPN. If someone wants to make a package for this, we cou... Kurt Yoder
03:31 PM Bug #10236 (Rejected): Cannot add more than 2 VMXNET3 Adapters in vSphere: When adding a 3rd or more VMXNET3 interface in vSphere 6.7(vm version 14) and 6.7u2 (other versions not tested) the a... Patrick Sanderson
02:24 PM pfSense Packages Bug #9934 (Not a Bug): suricata update kills WAN interface: Jim Pingle
01:51 PM pfSense Packages Bug #9934: suricata update kills WAN interface: Suricata running with Inline IPS Mode uses the netmap kernel device. When Suricata stops and restarts, that also stop... Bill Meeks
03:38 AM pfSense Packages Bug #9934: suricata update kills WAN interface: You can set Suricata to "Live Reload" the new rules without restarting itself.
Enable this global option to preven... Danilo Zrenjanin
07:14 AM Bug #7420: ipsec status freezing: You are chasing the wrong end of the problem. We know that it can't talk to the VICI socket. What we do not know is w... Jim Pingle

02/05/2020

11:51 PM Bug #7420: ipsec status freezing: this is CE version of 2.4.4-p3:
FreeBSD pfsense28.bvt.de 11.2-RELEASE-p10 FreeBSD 11.2-RELEASE-p10 #9 4a2bfdce133(RE... Viktor Gurov
11:15 PM Bug #7420: ipsec status freezing: status_ipsec.php and widget use these functions:
ipsec_dump_spd(); - # /sbin/setkey -DP
ipsec_dump_sad(); - # /... Viktor Gurov
09:18 PM Revision 64e65655: Fix #10235: Add a missing break to case statement. Without it, $compression was
being filled with a bad value and also if push c... Renato Botelho
09:14 PM Revision 32218e9e: Fix #10235: Add a missing break to case statement. Without it, $compression was
being filled with a bad value and also if push c... Renato Botelho
06:51 PM Revision 15c2e494: Add iftop support to status_graph.php. Issue #3334: Joshua Sign
05:22 PM Revision b53d4287: Partial/future work-around for #10216 - When checking to see if the copyright notice has changed (and should be displayed) only check the first HTML <DIV>. This will avoid the notice popping up if the survey text is changed.: Steve Beaver
05:19 PM Revision 47944568: Partial/future work-around for #10216 - When checking to see if the copyright notice has changed (and should be displayed) only check the first HTML <DIV>. This will avoid the notice popping up if the survey text is changed.: Steve Beaver
04:28 PM Revision 33d5e623: Correct typo: Steve Wheeler
04:27 PM Revision 3cf46c0f: Correct typo: (cherry picked from commit 108a640d66f5666feca530e038831155bfd4577b) Steve Wheeler
03:25 PM Bug #10235 (Feedback): OpenVPN server tries to push compress parameter when it's empty: Applied in changeset commit:32218e9e1e69a0e2b91bcd829fcba04ec8586bdc. Renato Botelho
03:11 PM Bug #10235 (Resolved): OpenVPN server tries to push compress parameter when it's empty: Define a Server with Compression option set to Disabled and click option "Push the selected compression setting to co... Renato Botelho
02:24 PM Revision a673bafb: Re-add jquery-ui themes. Fixes #10233: (cherry picked from commit b6063aa7cbb6c7f9c1e365097685a84e97516b49) Jim Pingle
02:24 PM Revision b6063aa7: Re-add jquery-ui themes. Fixes #10233: Jim Pingle
01:56 PM Bug #10233 (Resolved): jquery-ui theme files missing: Jim Pingle
01:19 PM Bug #10233: jquery-ui theme files missing: Thanks Jim,
I can confirm problem is fixed with update 2.4.5.r.20200205.0809 Dean Olivas
08:30 AM Bug #10233 (Feedback): jquery-ui theme files missing: Applied in changeset commit:b6063aa7cbb6c7f9c1e365097685a84e97516b49. Jim Pingle
07:59 AM Bug #10233: jquery-ui theme files missing: The pfSense-dark-BETA theme does not include that file, however. So we have a couple choices:
1. Add the dark-hive... Jim Pingle
07:48 AM Bug #10233: jquery-ui theme files missing: Looks like a few different jquery-ui themes were removed when we updated jquery ( #9407 ): dark-hive and smoothness
... Jim Pingle
02:55 AM Bug #10233 (Resolved): jquery-ui theme files missing: I am seeing this error in the system log after updating this evening to 2.4.5.r.20200204.1736
If I change back to ... Dean Olivas
01:08 PM Revision c600e53c: Disable rust on suricata for aarch64: While https://reviews.freebsd.org/D23133 is not accepted, disable rust
on aarch64 suricata Renato Botelho
01:07 PM Revision b52e3cb7: Disable rust on suricata for aarch64: While https://reviews.freebsd.org/D23133 is not accepted, disable rust
on aarch64 suricata Renato Botelho
10:51 AM Bug #10230 (Feedback): Typo in the setup wizard final page: PR merged Jim Pingle
10:26 AM Bug #10230 (Pull Request Review): Typo in the setup wizard final page: Jim Pingle
06:28 AM Bug #10234 (Duplicate): ikev2 should be able to handle multiple phase1 with the same ip: Duplicate of #9768 Jim Pingle
04:28 AM Bug #10234 (Duplicate): ikev2 should be able to handle multiple phase1 with the same ip: reference
https://forum.netgate.com/topic/150118/how-to-config-2-or-more-dailup-ipsec-vpn-tunnel-using-remote-gatewa... Manuel Piovan
06:27 AM Feature #10214 (Pull Request Review): Allow IPsec duplicate endpoints: Jim Pingle
06:22 AM Feature #8786: Wireguard VPN: See note 5 on this issue: https://redmine.pfsense.org/issues/8786#note-5
Linux is not FreeBSD. Jim Pingle
01:43 AM Feature #8786: Wireguard VPN: Now that wireguard is officially linux upstream, which is a proof of trust to a certain level, you may want to recons... Guy Godfroy

02/04/2020

06:07 PM Feature #8786: Wireguard VPN: PLEASE add WireGuard support! Thank you. Aaron Shaffer
05:26 PM Bug #10232 (Rejected): [WAN] Crash saving PPPoE Description or changing ipv6 settings: Not enough information here to classify it as a bug, and merely saving the settings is not enough to repeat the issue... Jim Pingle
04:44 PM Bug #10232 (Rejected): [WAN] Crash saving PPPoE Description or changing ipv6 settings: I've got this bug multiple times while setting ipv6 on WAN. When saving and aplying changes, sometimes system become... Samuel Castro
02:05 PM Revision a7fc9e53: Create DISTFILES_CACHE if it doesn't exist: Renato Botelho
02:05 PM Revision ac8967e9: Create DISTFILES_CACHE if it doesn't exist: Renato Botelho
02:04 PM Revision 88340f50: Create DISTFILES_CACHE if it doesn't exist: Renato Botelho
01:17 PM Revision 32a473c0: Move /etc/rc.ramdisk_functions.sh to rc pkg: (cherry picked from commit 764c009a586af20573b6eb23d5400824f2aba92f) Jim Pingle
01:17 PM Revision 764c009a: Move /etc/rc.ramdisk_functions.sh to rc pkg: Jim Pingle
11:13 AM Feature #10231 (Duplicate): Replace --route-nopul with --pull-filter: Since the option --route-nopull is under discussion to be deprecated I would like to propose it to be replaced by --p... Pippin MMD
10:05 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: Fabián Burbano wrote:
> Version 2.4.5 already has several RCs. I think it is safer to upgrade to the RC than to do s... Eduard Rozenberg

02/03/2020

11:54 PM Revision 108a640d: Correct typo: Steve Wheeler
07:28 PM Revision 29aef439: RAM Disk robustness improvements. Fixes NG 3173: * Prevents RAM disk from being partially enabled and left in a broken
state if the RAM disks cannot be created
* Prev... Jim Pingle
07:24 PM Revision 82bf21fc: RAM Disk robustness improvements. Fixes NG 3173: * Prevents RAM disk from being partially enabled and left in a broken
state if the RAM disks cannot be created
* Prev... Jim Pingle
05:58 PM Bug #10230: Typo in the setup wizard final page: https://github.com/pfsense/pfsense/pull/4183 Steve Wheeler
05:57 PM Bug #10230 (Resolved): Typo in the setup wizard final page: The page shows:... Steve Wheeler
03:39 PM pfSense Docs Correction #9673 (Closed): Feedback on Installing and Upgrading — Download Installation Media: This has been fixed. Jared Dillard
03:36 PM Bug #10229: IPv6 Options > IPv6 DNS entry - setting is ignored: Indeed, I was mistaken as to the purpose of that setting. I apologize. I believe I had previously commented out the R... Mark Baker
01:55 PM Bug #10229 (Not a Bug): IPv6 Options > IPv6 DNS entry - setting is ignored: That option sets @ipv6dontcreatelocaldns@ which only affects creation of local hostnames for things like /etc/hosts -... Jim Pingle
01:29 PM Bug #10229 (Not a Bug): IPv6 Options > IPv6 DNS entry - setting is ignored: In the 2.4.5.r.20200202.1951 build, the setting for "Do not generate local IPv6 DNS entries for LAN interfaces" in Sy... Mark Baker
02:46 PM pfSense Docs New Content #10225: Add cryptographic hardware info to the SG-3100 manual: As of recently, that will no longer be necessary: https://redmine.netgate.com/issues/3180 Jared Dillard
12:49 PM pfSense Docs Correction #10163 (Closed): Feedback on VPN — OpenVPN — Routing Internet traffic through a site-to-site OpenVPN-connection in PfSense software version 2.1: This was fixed in https://github.com/pfsense/docs/commit/fe4c2913c0a125241fd14c6968ff8f0fcf086879 Jared Dillard
12:38 PM pfSense Docs Correction #9644 (Closed): Feedback on Network Address Translation — Accessing Port Forwards from Local Networks: This was fixed in https://github.com/pfsense/docs/commit/1009774af07acde8e7afcf06411d1a127ec0e393 Jared Dillard
11:47 AM Bug #9998: DHCP6c and Unbound DNS Server Boot-Up Configuration Failure: Jim Pingle wrote:
> He's talking about two routers attached to the same LAN, not WAN. For example, an HA pair. Or a ... Rick Coats
08:16 AM Bug #9998: DHCP6c and Unbound DNS Server Boot-Up Configuration Failure: (4): HA comment: If you are using a HA pair, yes, they'd both have the same hard-coded alias, so that would seem prob... Eric Veum
07:53 AM Bug #9998: DHCP6c and Unbound DNS Server Boot-Up Configuration Failure: He's talking about two routers attached to the same LAN, not WAN. For example, an HA pair. Or a case where you have a... Jim Pingle
07:48 AM Bug #9998: DHCP6c and Unbound DNS Server Boot-Up Configuration Failure: (1) Rick - there is no WAN interface taking the alias fe80::1:1 -- its only on the IPv6 LAN interface. none of the ro... Eric Veum
07:37 AM Bug #9998 (Feedback): DHCP6c and Unbound DNS Server Boot-Up Configuration Failure: It might be, though with IPv6, DAD will typically kick in and one of them will back off using the address automatical... Jim Pingle
07:41 AM pfSense Packages Bug #8830 (Pull Request Review): Automatic flowbit resolution setting does not match description: Jim Pingle
07:40 AM Bug #9472 (Pull Request Review): Unable to select QinQ interfaces for PPP interface: Jim Pingle
07:38 AM Bug #9334 (Pull Request Review): bogus dialogue on Limiter deletion: Jim Pingle
07:35 AM Bug #10224 (Pull Request Review): DHCP DDNS does not add zone entries for keys when using static host DDNS definitions: Jim Pingle
04:33 AM pfSense Packages Feature #10227 (Resolved): ACME: Do not show passwords: Those DNS validation methods that uses ordinary username/password for authentication (such as DNS-GratisDNS) should n... Torben Hørup

02/02/2020

08:29 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: Eduard Rozenberg wrote:
> Still not working properly, at least a couple of IP's are still not populating in the tabl... Fabián Burbano
02:08 AM Bug #10226: Thermal Sensors Widget Shows CPU Temp in Wrong Scale: Doh! Ok.... But then shouldn't "Show temp in Fahrenheit" be greyed out if "Show raw output" is selected. Its conf... Paul Magid

02/01/2020

09:01 PM Bug #10226 (Not a Bug): Thermal Sensors Widget Shows CPU Temp in Wrong Scale: It's doing exactly what you told it to do. When it is showing the raw values it does not alter them in any way. Which... Jim Pingle
08:08 PM Bug #10226: Thermal Sensors Widget Shows CPU Temp in Wrong Scale: Thanks for the workaround.... It worked for me too. Paul Magid
06:32 PM Bug #10226: Thermal Sensors Widget Shows CPU Temp in Wrong Scale: Yes I see the issue also. removing the check mark from the Show raw output (no graph) does allow it to show in Fahren... Dean Olivas
11:47 AM Bug #10226: Thermal Sensors Widget Shows CPU Temp in Wrong Scale: Here is a screen shot. Paul Magid
11:46 AM Bug #10226 (Not a Bug): Thermal Sensors Widget Shows CPU Temp in Wrong Scale: The show temp in Fahrenheit check box is not honored. Can toggle the checkbox and un-toggle it and save; and the cp... Paul Magid
07:37 PM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: Still not working properly, at least a couple of IP's are still not populating in the table. Giving up for now, will ... Eduard Rozenberg
06:48 PM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: It appears a reboot was required on each firewall after updating the filterdns package to my custom built one (2.0_3)... Eduard Rozenberg
10:20 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: Christian Ullrich wrote:
> * Robert Gijsen wrote:
>
> > Maybe a stupic question, but as I don't have any git or b... Eduard Rozenberg
09:47 AM Bug #8770: QinQ interfaces always show as active: This is FreeBSD issue
same on 12.1 for VLAN and QinQ interfaces Viktor Gurov
09:02 AM Revision e7a5a990: Allow to select QinQ interfaces for PPP interface. Issue #9472: Viktor Gurov
09:00 AM Bug #7420 (New): ipsec status freezing: The same problem was detected on 2.4.4-p3 after upgrading from 2.4.4-p1 in one ticket:... Viktor Gurov
06:44 AM Revision 86c560d9: Remove bogus warning on limiter/shaper deletion. Issue #9334: Viktor Gurov
06:19 AM pfSense Packages Bug #8830: Automatic flowbit resolution setting does not match description: This PR simply sets the default value for this checkbox to on when adding a new interface:
https://github.com/pfsens... Viktor Gurov
03:10 AM Bug #9472: Unable to select QinQ interfaces for PPP interface: This PR adds QinQ to the list of Link Interface(s) on the Interfaces / PPPs / Edit page
It also adds “(vhid: x)” t... Viktor Gurov
12:47 AM Bug #9334: bogus dialogue on Limiter deletion: https://github.com/pfsense/pfsense/pull/4179 Viktor Gurov

01/31/2020

11:30 PM pfSense Docs New Content #10225 (Resolved): Add cryptographic hardware info to the SG-3100 manual: There is no information on supported cryptographic hardware and its configuration in the SG-3100 manual
Only forum... Viktor Gurov
09:38 PM pfSense Packages Feature #9238: Add support for Zerotier: Package has been updated to run on 2.4.4-RELEASE-p3. Still some work to be done on setting up the interfaces, right n... Gregory Moore
08:36 PM pfSense Docs Correction #10004 (Closed): Feedback on Packages: The note and preceding sentence regarding NanoBSD has been removed. Jared Dillard
08:20 PM pfSense Docs Correction #9559 (Closed): Feedback on L2TP VPN — L2TP Server Configuration: This has been fixed. Jared Dillard
08:12 PM pfSense Docs Correction #9853 (Closed): Feedback on VPN — IPsec — Routing Internet Traffic Through a Site-to-Site IPsec VPN: I updated the link to a similar resource. Jared Dillard
08:03 PM pfSense Docs Correction #10005 (Closed): Feedback on Installing and Upgrading — Upgrading pfSense Software Installations: I removed the errant "**". Jared Dillard
07:20 PM pfSense Docs Correction #10181 (Closed): Feedback on Packages — Installing Packages: I replaced the image with another package installed. You may have to clear your cache to see it. Jared Dillard
07:02 PM pfSense Docs Correction #10191 (Closed): Feedback on L2TP VPN — L2TP Server Configuration: This is fixed now (removed an extra space). Jared Dillard
06:57 PM pfSense Docs Correction #10205 (Closed): Feedback on Installing and Upgrading — Upgrading pfSense Software Installations: I removed the "Manual Updates" section in https://github.com/pfsense/docs/commit/2820998f3dbcc73ddddbb6731fc084843465... Jared Dillard
02:44 PM Bug #9998: DHCP6c and Unbound DNS Server Boot-Up Configuration Failure: Isn't it a potential issue when you use a fixed ip such as fe80::1:1 that another router or host has already claimed ... Rick Coats
11:57 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: Great to hear about the fix! Would have loved to see a 2.4.4 update with this fixed package, or even just a fixed fil... Eduard Rozenberg
11:41 AM Bug #10224: DHCP DDNS does not add zone entries for keys when using static host DDNS definitions: Created pull request:
https://github.com/pfsense/pfsense/pull/4178 Andreas Bleischwitz
06:37 AM Bug #10224: DHCP DDNS does not add zone entries for keys when using static host DDNS definitions: By further looking at the code, I get the feeling that the configuration for DHCP should be made modular.
Currently ... Andreas Bleischwitz
06:18 AM Bug #10224 (Resolved): DHCP DDNS does not add zone entries for keys when using static host DDNS definitions: The current implementation of @dhcpdzones()@ in @etc/inc/services.inc@ does not take the per host defined ddns zone a... Andreas Bleischwitz
08:33 AM pfSense Packages Bug #8538 (Closed): arpwatch missing ethercodes.dat: already in 0.2.0:... Viktor Gurov
07:48 AM Feature #10222 (Pull Request Review): Tune GRE MTU if GRE over IPsec is used: Jim Pingle
02:32 AM Feature #10222: Tune GRE MTU if GRE over IPsec is used: When you first create GRE/GIF interfaces, pfSense sets the correct MTU for it - 1476/1280
But with any change on the... Viktor Gurov
12:15 AM Feature #10223 (New): Add the ability to create additional loopback interfaces: This is important for setting up dynamic routing protocols such as BGP, OSPF, and so on.
FreeBSD already has such fu... Valery V.Smirnov

01/30/2020

05:22 PM Revision 4480b443: Consume 2.4.5 packages during build: Renato Botelho
12:14 PM Feature #7332: Provide certificate expiry warning: Ho, cool =D Thank you. Waiting 2.5 stable! DRago_Angel [InV@DER]
10:42 AM Feature #10222 (Resolved): Tune GRE MTU if GRE over IPsec is used: Default GRE MTU value is 1500 (it should be 1476 as maximum for ethernet),
This is impossible in most cases when GRE... Viktor Gurov
09:26 AM pfSense Packages Feature #10165: Add High-Availability tracking to avahi package.: Renato Botelho wrote:
> PR has been merged on 2.5.0 and 2.4.5 branches. Thanks!
do you plan to merge it on 2.4.4 ... Viktor Gurov
08:03 AM pfSense Packages Feature #7895 (Pull Request Review): Add a script for CARP monitoring to NRPE: Jim Pingle
05:43 AM pfSense Packages Feature #7895: Add a script for CARP monitoring to NRPE: https://github.com/pfsense/FreeBSD-ports/pull/759 Viktor Gurov
06:56 AM pfSense Packages Bug #8194 (Closed): BIND fails to respond after interface goes down: no such issue on pfSense 2.4.5.r.20200128.2345 with BIND 9.14_1 Viktor Gurov
06:12 AM pfSense Packages Bug #8400 (Closed): FreeRadius 3 EAP-TLS Missing O.U. Option: Duplicate of https://redmine.pfsense.org/issues/8224 Viktor Gurov
05:14 AM pfSense Packages Bug #8195 (Closed): BIND packages launches two instances of /usr/local/sbin/named on boot: no such issue with BIND package 9.14_1
tested on pfSense 2.4.5.r.20200128.2118 and 2.5.0.a.20200129.1414 Viktor Gurov
02:31 AM pfSense Packages Feature #9916: Check allow-transfer in custom option when the zone is slave: updated PR:
https://github.com/pfsense/FreeBSD-ports/pull/758 Viktor Gurov
01:00 AM Feature #1192 (Resolved): Certificate Manager - Ability to Encrypt Private Keys When Exporting: Renato Botelho wrote:
> PR has been merged. Thanks!
tested on 2.5.0.a.20200129.1414
export of encrypted privat... Viktor Gurov
12:19 AM Bug #9331: Parallel Rekey fails for multiple Child SAs: updated PR:
https://github.com/pfsense/pfsense/pull/4176 Viktor Gurov

01/29/2020

10:10 AM Revision 4423176e: Update DH group warnings to say that group 5 is also weak. Issue #10221: Sean McBride
07:31 AM Bug #10219: PHP error - missing function: True that, maybe I`ve synced master.
Will resolve on my own.
Thanks! Greg M
07:28 AM Bug #10219: PHP error - missing function: We've done that with numerous systems internally and haven't seen anything like this. Maybe you have something in you... Jim Pingle
07:23 AM Bug #10219: PHP error - missing function: This happend when I upgraded from 2.4.5 snapshot to 2.4.5 RC.
On snapshot there was no error at all.
Weird Greg M
07:14 AM Bug #10219 (Rejected): PHP error - missing function: That file is not present in the 2.4.5 branch of the source repository, only 2.5.0. Nor is it present on 2.4.5 RC snap... Jim Pingle
01:38 AM Bug #10219 (Rejected): PHP error - missing function: Hi!
Dropping in a bug:
Crash report details:
PHP Errors:
[29-Jan-2020 03:01:00 Europe/Berlin] PHP Fatal err... Greg M
07:20 AM Feature #10221 (Pull Request Review): Update DH group warnings to say that group 5 is also weak: Jim Pingle
04:13 AM Feature #10221: Update DH group warnings to say that group 5 is also weak: https://github.com/pfsense/pfsense/pull/4174 Viktor Gurov
04:09 AM Feature #10221 (Resolved): Update DH group warnings to say that group 5 is also weak: from https://wiki.strongswan.org/projects/strongswan/wiki/SecurityRecommendations:
_It is advised to adhere to the r... Viktor Gurov
07:18 AM pfSense Packages Feature #10220 (Pull Request Review): Add softflow 1.0.0 features - sampling and PSAMP export: Jim Pingle
03:58 AM pfSense Packages Feature #10220: Add softflow 1.0.0 features - sampling and PSAMP export: https://github.com/pfsense/FreeBSD-ports/pull/757 Viktor Gurov
03:14 AM pfSense Packages Feature #10220 (Resolved): Add softflow 1.0.0 features - sampling and PSAMP export: Add sampling configuration to softflowd package:... Viktor Gurov
07:16 AM pfSense Packages Bug #10218 (Pull Request Review): Telegraf: Error creating the telegraf.ca file when you have more then one CA in pfSense: Jim Pingle
12:46 AM pfSense Packages Bug #10218: Telegraf: Error creating the telegraf.ca file when you have more then one CA in pfSense: https://github.com/pfsense/FreeBSD-ports/pull/756 Viktor Gurov
05:53 AM Feature #8645: Upload certificate file instead of pasting: updated PR:
https://github.com/pfsense/pfsense/pull/4175 Viktor Gurov

01/28/2020

10:09 PM Bug #3312: Gateway on IPsec rules is not functional in pf: -I blocked by this problem.-
-Using pfsense 2.4.4-
-Are there any workaround?-
I don't known why it is working... Chunlin Yao
09:24 PM Revision 0812e3cf: Fix PHP error in ipsec_reload_package_hook(). Fixes #10217: Jim Pingle
03:43 PM pfSense Packages Bug #10218 (Resolved): Telegraf: Error creating the telegraf.ca file when you have more then one CA in pfSense: I'm running the 2.4.5-RC with Telegraf package 0.9_1 and found that Telegraf wouldn't start when I have more then one... Grimson Gretzleburg
03:41 PM Revision ac3ab1b2: Adjust PKG_REPO_BRANCH release and devel to match 2.4.4 and 2.4.5: Renato Botelho
03:35 PM Bug #10217 (Feedback): PHP Warning: Invalid argument supplied for foreach() in /etc/inc/ipsec.inc on line 952: Applied in changeset commit:0812e3cf417ab30afa05182bdba101591d2da886. Jim Pingle
03:27 PM Bug #10217: PHP Warning: Invalid argument supplied for foreach() in /etc/inc/ipsec.inc on line 952: This was already fixed on 2.5.0. Made a separate fix to 2.4.5. Jim Pingle
03:15 PM Bug #10217 (In Progress): PHP Warning: Invalid argument supplied for foreach() in /etc/inc/ipsec.inc on line 952: Looks like the config.xml on the target system is missing the @<installedpackages>@ tag, which is not atypical, so th... Jim Pingle
03:12 PM Bug #10217 (Resolved): PHP Warning: Invalid argument supplied for foreach() in /etc/inc/ipsec.inc on line 952: Crash report begins. Anonymous machine information:
arm
11.3-STABLE
FreeBSD 11.3-STABLE #66 7a31f290955(factory... Matthew Stribling
03:30 PM Revision bc6de8ee: Use release server to hold RC packages: Renato Botelho
03:29 PM Revision 4b4ccc20: Use release server to hold RC packages: Renato Botelho
03:28 PM Revision 9b17dac8: Use release server to hold RC packages: Renato Botelho
01:42 PM Bug #10215: Crash on 2.4.5-RC (Jan 28 12:12:41 EST 2020): Thanks. Sorry for bothering. Peter Pain
01:37 PM Bug #10215 (Rejected): Crash on 2.4.5-RC (Jan 28 12:12:41 EST 2020): Not enough information here to do anything with it. The backtrace doesn't suggest anything in particular. You'll need... Jim Pingle
01:32 PM Bug #10215 (Rejected): Crash on 2.4.5-RC (Jan 28 12:12:41 EST 2020): Fatal trap 12: page fault while in kernel mode
cpuid = 3; apic id = 03
fault virtual address = 0x20
fault code = ... Peter Pain
01:22 PM Revision d0cd4fc7: enable gateway duplicates on ipsec: Frederic Bor

01/27/2020

05:57 PM Bug #10206: VIP alias-ip's disappear from nic (caused by running ifconfig twice.?.): Well maybe its fixed in the FreeBSD-OS, however maybe it was never broken in the FreeBSD-OS in the first place? (as p... Pi Ba
05:36 PM Revision ad27fe61: Silence warning when conditionar is not satisfied: Renato Botelho
05:36 PM Revision 09fd7be5: Silence warning when conditionar is not satisfied: Renato Botelho
01:54 PM Revision f02c7466: Update branch description: Renato Botelho
01:54 PM Revision 6e05e25d: Update branch description: Renato Botelho
01:53 PM Revision 3f5eab1a: Update branch description: Renato Botelho
01:51 PM Revision fccad733: Welcome 2.4.5-RC: Renato Botelho
12:18 PM pfSense Packages Bug #10212 (Not a Bug): Don't show services not running when they are disabled: That is only true of system services, not packages. Packages have no central enable/disable mechanism for services, s... Jim Pingle
12:00 PM pfSense Packages Bug #10212 (Not a Bug): Don't show services not running when they are disabled: If I disable DNSBL it still reports that the service isn't running, as the documentation says:
"A service is also ... Patrik Baat
12:18 PM pfSense Packages Bug #10213 (Not a Bug): Don't show services not running when they are disabled: That is only true of system services, not packages. Packages have no central enable/disable mechanism for services, s... Jim Pingle
12:02 PM pfSense Packages Bug #10213 (Not a Bug): Don't show services not running when they are disabled: If I disable Antivirus it still reports that the services (clam and icap) isn't running, as the documentation says:
... Patrik Baat
12:18 PM Feature #10214 (Resolved): Allow IPsec duplicate endpoints: In a multi-WAN scenario, it can be desirable to setup multiple tunnels to the same remote host.
It is currently proh... Frederic Bor
07:36 AM Bug #10211 (Feedback): Limiters ECN input validation problem: I can't reproduce that error here.
It works fine if your selected QMA and scheduler support it from what I can tel... Jim Pingle
06:11 AM Bug #10211 (Resolved): Limiters ECN input validation problem: Hi.
You create limiters with ECN.
Then you decide to remove ECN and so remove ECN checkbox.
Limiter should be ... Greg M

01/26/2020

02:55 AM Bug #9334: bogus dialogue on Limiter deletion: David Burns wrote:
> When deleting the last row of the Limiter config - an error "The last row may not be deleted." ... Johnny Good

01/25/2020

10:58 PM pfSense Docs Correction #10210 (Closed): Feedback on Product Manuals: Nice catch, this is fixed. Luckily, there were only a few 404s from those links. Jared Dillard
10:58 PM pfSense Docs Correction #10210: Feedback on Product Manuals: Nice catch, this is fixed. Luckily, there were only a few 404s from those links. Jared Dillard
05:27 PM pfSense Docs Correction #10210 (Closed): Feedback on Product Manuals: *Page:* https://docs.netgate.com/pfsense/en/latest/product-manuals.html
*Feedback:*
All product pages for 1U de... Steve Wheeler
03:53 PM Revision 84052eb7: Compare compressed IPv6 CARP VIP. Issue #6579: Viktor Gurov
11:34 AM pfSense Packages Bug #10209: Canceling Status - Monitoring - Add View results in duplicate Default Views which can't be deleted: Jim Pingle wrote:
> The duplicate and case issues are both resolved in the current version of the status monitoring ... mastr boy
11:07 AM pfSense Packages Bug #10209: Canceling Status - Monitoring - Add View results in duplicate Default Views which can't be deleted: I just tried it with the command: pkg upgrade -y pfSense-Status_Monitoring
Then the most elegant temporary solution ... Fabián Burbano
09:55 AM pfSense Packages Bug #10209: Canceling Status - Monitoring - Add View results in duplicate Default Views which can't be deleted: The duplicate and case issues are both resolved in the current version of the status monitoring code (there are separ... Jim Pingle
09:49 AM pfSense Packages Bug #10209: Canceling Status - Monitoring - Add View results in duplicate Default Views which can't be deleted: I ask:
If it is marked as a duplicate of a resolved bug, is this bug considered resolved?
It is definitely not re... Fabián Burbano
09:01 AM pfSense Packages Bug #10209 (Duplicate): Canceling Status - Monitoring - Add View results in duplicate Default Views which can't be deleted: Duplicate of #9679 Jim Pingle
08:49 AM pfSense Packages Bug #10209: Canceling Status - Monitoring - Add View results in duplicate Default Views which can't be deleted: mastr boy wrote:
> Canceling Status - Monitoring - Add View results in duplicate Default Views which can't be delete... Fabián Burbano
06:42 AM pfSense Packages Bug #10209 (Duplicate): Canceling Status - Monitoring - Add View results in duplicate Default Views which can't be deleted: Canceling Status - Monitoring - Add View results in duplicate Default Views which can't be deleted:
!https://i.imgur... mastr boy
11:00 AM Bug #9647: hn0: driver does not support altq: https://github.com/pfsense/FreeBSD-src/blob/RELENG_2_5/sys/dev/hyperv/netvsc/if_hn.c#L587
Change needed from:
hn_... Greg M
10:54 AM Bug #9647: hn0: driver does not support altq: Hi,
are there any plans to correct this behaviour?
Is this possibly resolved in next freebsd release?
Thanks! Greg M
09:06 AM Bug #6579 (Pull Request Review): IPv6 CARP VIPs lost upon config sync where they include non-significant zeros: Jim Pingle
12:57 AM Bug #6579: IPv6 CARP VIPs lost upon config sync where they include non-significant zeros: Chris Buechler wrote:
> If you have IPv6 CARP VIPs specified with non-significant zeros, such as fdaa:1234:0012::1, ... Viktor Gurov
08:57 AM Bug #10189 (Resolved): pfsense calculates wrong ip header checksum when reassambling packages with different mtu: Great, so it looks like the issue is resolved in FreeBSD. I'll close this for now. Jim Pingle
06:42 AM Bug #10189: pfsense calculates wrong ip header checksum when reassambling packages with different mtu: I replicated the issue on SG-1100 2.4.4-p3, following the steps from the description. Ping was failing when the packe... Danilo Zrenjanin
08:55 AM Bug #10208 (Not a Bug): incorrect range aliases creation if type is network(s): That is valid and correct. It made a set of CIDR networks which cover the range you requested, which did not align to... Jim Pingle
06:07 AM Bug #10208 (Not a Bug): incorrect range aliases creation if type is network(s): On the page Firewall \ Aliases \ Edit
If you select the *Network(s) Type* and enter ip range (i.e. 192.168.1.1-192.1... Viktor Gurov
04:15 AM pfSense Packages Bug #10197 (Resolved): freeRADIUS virtual-server-default: modules daily, weekly, monthly, forever in authorize section prevent virtual server from loading: tested on 2.4.5.a.20200124.0853 with freeradius3 0.15.7_10
works as expected Viktor Gurov

01/24/2020

06:45 PM Revision 5e830cdf: Enable build of pimd pkg. Issue #9555: (cherry picked from commit 7351189a84b3029c95a649cbd23f57e886d57325) Jim Pingle
05:06 PM Revision d3ac1cea: IPsec IPv6 dynamic FQDN Remote Gateways, resolve_retry() IPv6 support. Issue #9405: Viktor Gurov
03:34 PM pfSense Packages Feature #10207 (Rejected): OpenBGPD - Prefix Filter: OpenBGPD won't be receiving any new development. Use FRR instead. Jim Pingle
03:27 PM pfSense Packages Feature #10207 (Rejected): OpenBGPD - Prefix Filter: Add an option to limit the allowed prefixes in OpenBGP.
It would be a global option, but would be located at the ... Kevin Wier
02:48 PM pfSense Packages Feature #9555: pimd package: This is also now available to install and test on 2.4.4-p3. Jim Pingle
12:19 PM Revision f5ddbec1: Allow manual selection of IPsec IKE Pseudo-Random Function (PRF). Issue #9309: Viktor Gurov
11:55 AM Revision 23328e8d: Revert "Disable the build of www/pound for now, it is not compatible with OpenSSL 1.1.0.": This reverts commit a73f3147e21012da34299a7b4fb007d90d322a10. Renato Botelho
10:06 AM pfSense Packages Bug #10188: Reputation tab is not working: No this page is built by the MaxMind GeoIP update process since the "Reputation" functionality requires GeoIP Data. T... BBcan177 .
09:08 AM pfSense Packages Feature #10165 (Resolved): Add High-Availability tracking to avahi package.: Renato Botelho wrote:
> PR has been merged on 2.5.0 and 2.4.5 branches. Thanks!
works as expected - start/stop on... Viktor Gurov
08:10 AM Bug #6579: IPv6 CARP VIPs lost upon config sync where they include non-significant zeros: Agreed, there is definitely something up with IPv6 addresses that contain capital letters. If I include such letters,... Tobias McNulty
08:09 AM Bug #9468 (Resolved): Removing the last limiter does not sync to secondary via XMLRPC: works as expected on 2.4.5.a.20200123.1100 Viktor Gurov
08:09 AM Bug #9469 (Resolved): Removing the last ATLQ traffic shaper queue does not sync to secondary via XMLRPC: works as expected on 2.4.5.a.20200123.1100 Viktor Gurov
07:55 AM pfSense Packages Feature #10202 (Feedback): redistribute bgp + route-map filtering in OSPF6: Everything we can do in OSPF6 here is now in pkg v 0.6.4, which will show up soon for everyone.
Due to limitations... Jim Pingle

01/23/2020

06:22 PM Bug #10206: VIP alias-ip's disappear from nic (caused by running ifconfig twice.?.): The down/up loss is already covered by #8815
Might not be much to do here but wait until 2.5.x moves to a FreeBSD ... Jim Pingle
05:27 PM Bug #10206 (Resolved): VIP alias-ip's disappear from nic (caused by running ifconfig twice.?.): Using "pfSense-CE-2.5.0-DEVELOPMENT-amd64-20200123-1059.iso" for a fresh install on a VirtualBox VM my configured VIP... Pi Ba
03:58 PM Revision 79e2f0ab: Sync translations with 2.5.0: Renato Botelho
03:52 PM Revision 5f15f5b9: Update translation files: Renato Botelho
03:49 PM Revision 1d6e101b: Regenerate pot: Renato Botelho
03:08 PM pfSense Docs Correction #10205 (Closed): Feedback on Installing and Upgrading — Upgrading pfSense Software Installations: *Page:* https://docs.netgate.com/pfsense/en/latest/install/upgrading-pfsense-software-installations.html
*Feedback... Anonymous
02:49 PM pfSense Packages Feature #10202 (In Progress): redistribute bgp + route-map filtering in OSPF6: Jim Pingle
03:05 AM pfSense Packages Feature #10202 (Resolved): redistribute bgp + route-map filtering in OSPF6: Add ability to redistribute routes from BGP
and filter redistributed data with route-map (distribute-list is not sup... Viktor Gurov
02:21 PM pfSense Packages Feature #9555: pimd package: This is now available to install on 2.4.5 and 2.5.0 snapshots, and is ready for testing.
Forum thread for feedback... Jim Pingle
01:04 PM Feature #10204 (New): Possible clarification of Track IPv6 Interface Subnet ID: On the Interface Configuration / Track IPv6 Interface:
Suggest change “IPv6 Prefix ID” to “IPv6 Subnet ID” or “IPV6 ... Rick Coats
11:07 AM pfSense Packages Bug #10197 (Feedback): freeRADIUS virtual-server-default: modules daily, weekly, monthly, forever in authorize section prevent virtual server from loading: PR has been merged. Thanks! Renato Botelho
07:28 AM pfSense Packages Bug #10197 (Pull Request Review): freeRADIUS virtual-server-default: modules daily, weekly, monthly, forever in authorize section prevent virtual server from loading: Jim Pingle
01:45 AM pfSense Packages Bug #10197: freeRADIUS virtual-server-default: modules daily, weekly, monthly, forever in authorize section prevent virtual server from loading: That's correct, see https://fossies.org/linux/freeradius-server/raddb/mods-available/README.rst:
_Conditional Modu... Viktor Gurov
10:34 AM Bug #10203 (Rejected): some aliases entries is not loaded: There isn't enough information here. If it still happens on 2.4.5 and we can narrow down specifics, an issue can be o... Jim Pingle
10:10 AM Bug #10203 (Rejected): some aliases entries is not loaded: I have host(s) aliases tables with N entries,
and I don’t see some of it's entries on the Diagnostics / Tables page
... Viktor Gurov
10:28 AM pfSense Packages Feature #10165 (Feedback): Add High-Availability tracking to avahi package.: PR has been merged on 2.5.0 and 2.4.5 branches. Thanks! Renato Botelho
09:00 AM Bug #10195 (Resolved): radvd spamming routing log with "IPv6 forwarding on interface seems to be disabled, but continuing anyway": Looks good here as well on CE and Factory. Jim Pingle
08:42 AM Bug #10195: radvd spamming routing log with "IPv6 forwarding on interface seems to be disabled, but continuing anyway": radvd 2.18_2 fixes it for me. Ronald Schellberg
07:55 AM Bug #10201 (Not a Bug): IPv6 rule is not created if only a link-local address is present: Since the interface doesn't technically have an IP address assigned here, I'm not sure it's behaving improperly. I kn... Jim Pingle
01:07 AM Bug #10201 (Not a Bug): IPv6 rule is not created if only a link-local address is present: fw rules is not created if source/destination is an interface address ('WAN address') without IPv6 address ('none')
... Viktor Gurov
04:44 AM pfSense Packages Bug #9836 (Resolved): OpenBGPD package deamon starts twice: tested 2.5.0.a.20200122.2323 on with OpenBGPD 0.11_11
starts fine Viktor Gurov
01:52 AM pfSense Packages Bug #10198 (Closed): Zabbix agents: Not listening on IPsec VTI interface: Alex Diamantopulo wrote:
> Attempt to make Zabbix agent or proxy listen on IPsec VTI interface fails with following ... Viktor Gurov
01:15 AM Bug #9469: Removing the last ATLQ traffic shaper queue does not sync to secondary via XMLRPC: Renato Botelho wrote:
> PR has been merged. Thanks!
works as expected on 2.5.0.a.20200122.2323 Viktor Gurov
01:15 AM Bug #9468: Removing the last limiter does not sync to secondary via XMLRPC: Renato Botelho wrote:
> PR has been merged. Thanks!
works as expected on 2.5.0.a.20200122.2323 Viktor Gurov

01/22/2020

09:40 PM Revision 1df15c54: Enable build of pimd pkg. Issue #9555: (cherry picked from commit 7351189a84b3029c95a649cbd23f57e886d57325) Jim Pingle
09:39 PM Revision 7351189a: Enable build of pimd pkg. Issue #9555: Jim Pingle
09:08 PM Revision 2811aba1: Enable build of pimd: (cherry picked from commit 4fe81c1b754683b41a65176f0b7652375c307e08) Jim Pingle
09:08 PM Revision 4fe81c1b: Enable build of pimd: Jim Pingle
04:11 PM Revision afd8177f: Fixed dhcpdv6 config generation for domain-list option. Fixes #10200: Florian Apolloner
03:44 PM Bug #10200 (Pull Request Review): DHCPv6 domain-search list not sent to clients: Jim Pingle
10:13 AM Bug #10200: DHCPv6 domain-search list not sent to clients: I have opened a PR at https://github.com/pfsense/pfsense/pull/4171 -- the relevant documentation can be found at http... Florian Apolloner
10:11 AM Bug #10200 (Resolved): DHCPv6 domain-search list not sent to clients: After tcpdumping dhcp requests and responses I realized that `option domain-search` in `/var/dhcpd/etc/dhcpdv6.conf` ... Florian Apolloner
03:43 PM pfSense Packages Feature #9555 (Feedback): pimd package: Should be available to install as a package on 2.5.0 and 2.4.5 snapshot builds soon. Jim Pingle
03:06 PM pfSense Packages Feature #9555: pimd package: I've been tinkering with this and just about have it ready. Will commit soon. Jim Pingle
03:35 PM Revision 3c07f498: Avoid very slow GUI loads when ews.netgate.com can't be resolved #8987: Tom Embt
09:47 AM Bug #8987: Web GUI main page very slow to load if wan interface is enabled but not connected.: Since I haven't seen any movement on this and I too find it annoying that the interface gets slow exactly when I need... Tom Embt
09:21 AM Todo #10199: Improve Spanish translation interface: Need to improve spanish translation on interface, some texts are translated incorrectly Aluisco Miguel Ricardo Mastrapa
09:20 AM Todo #10199 (New): Improve Spanish translation interface: Aluisco Miguel Ricardo Mastrapa
07:29 AM Bug #10195 (New): radvd spamming routing log with "IPv6 forwarding on interface seems to be disabled, but continuing anyway": radvd 2.18_1 is only showing up on Factory, and even there, the message is still in the logs, so something isn't quit... Jim Pingle
07:17 AM Bug #10196 (Resolved): Cloudflare dyndns not working (Invalid TTL): Code is present in current snapshots, marking this as resolved. Jim Pingle
02:13 AM Bug #10196: Cloudflare dyndns not working (Invalid TTL): It's working for me as well! László Dobó
05:53 AM pfSense Packages Bug #10198 (Closed): Zabbix agents: Not listening on IPsec VTI interface: Attempt to make Zabbix agent or proxy listen on IPsec VTI interface fails with following error (GUI):
The followin... Alex Diamantopulo
02:31 AM pfSense Packages Bug #10197 (Resolved): freeRADIUS virtual-server-default: modules daily, weekly, monthly, forever in authorize section prevent virtual server from loading: When using freeRADIUS 3 package with mysql enabled for accounting only and using pfsense gui for users/authorization,... Michael Lazernik

01/21/2020

07:38 PM Revision c9b49393: Use IPv4 connectivity as parent interface for SLAAC. Issue #9324: Viktor Gurov
02:55 PM Bug #9324 (Pull Request Review): IPv6 on top of a PPPOE ipv4 interface assigns parent interface to default route, not pppoe interface: Jim Pingle
01:42 PM Bug #9324: IPv6 on top of a PPPOE ipv4 interface assigns parent interface to default route, not pppoe interface: https://github.com/pfsense/pfsense/pull/4169 Viktor Gurov
01:57 PM Revision 8d9e01ab: CF DDNS wants int for TTL. Issue #10196: (cherry picked from commit e9869c5abc70dc4aa7cd27d2a139696a1970903f) Jim Pingle
01:57 PM Revision e9869c5a: CF DDNS wants int for TTL. Issue #10196: Jim Pingle
01:38 PM Revision ce1b0326: Add TTL for CloudFlare DDNS. Fixes #10196: (cherry picked from commit 9404b54a44a820b9c0332149a6ea794eed54bdac) Jim Pingle
01:37 PM Revision 9404b54a: Add TTL for CloudFlare DDNS. Fixes #10196: Jim Pingle
12:45 PM Bug #10195 (Feedback): radvd spamming routing log with "IPv6 forwarding on interface seems to be disabled, but continuing anyway": As pointed out in #9577, this warning is harmless in FreeBSD.
Warning silenced in radvd-2.18_1. Luiz Souza
08:44 AM Bug #10196: Cloudflare dyndns not working (Invalid TTL): Correct, working! János K
07:58 AM Bug #10196: Cloudflare dyndns not working (Invalid TTL): Fixed diff (CF wants TTL to be an integer type). Jim Pingle
07:45 AM Bug #10196 (Feedback): Cloudflare dyndns not working (Invalid TTL): Applied in changeset commit:9404b54a44a820b9c0332149a6ea794eed54bdac. Jim Pingle
07:36 AM Bug #10196: Cloudflare dyndns not working (Invalid TTL): Try applying the change in the attached diff and see if it works for you. Jim Pingle
07:27 AM Bug #10196 (In Progress): Cloudflare dyndns not working (Invalid TTL): What exact set of @{}@ did you remove? I do not see any in the cloudflare query setup that look like they should be r... Jim Pingle
06:21 AM Bug #10196: Cloudflare dyndns not working (Invalid TTL): János K wrote:
> László Dobó wrote:
> > Cloudflare DynDNS was working fine until today. I think that Cloudflare cha... László Dobó
05:49 AM Bug #10196: Cloudflare dyndns not working (Invalid TTL): László Dobó wrote:
> Cloudflare DynDNS was working fine until today. I think that Cloudflare changed their API and b... János K
02:22 AM Bug #10196: Cloudflare dyndns not working (Invalid TTL): "Related CloudFlare Api Documentation (v4) entry":https://api.cloudflare.com/#dns-records-for-a-zone-update-dns-record László Dobó
02:08 AM Bug #10196 (Resolved): Cloudflare dyndns not working (Invalid TTL): Cloudflare DynDNS was working fine until today. I think that Cloudflare changed their API and because of that, the dy... László Dobó
08:26 AM Bug #9634 (Pull Request Review): rc.newwanipv6 is called although dhcp6c should discard Request messages: Jim Pingle
01:46 AM Bug #9634: rc.newwanipv6 is called although dhcp6c should discard Request messages: https://tools.ietf.org/html/rfc8415#section-16.4
ignore REQUEST messages fix:
https://github.com/pfsense/pfsense/... Viktor Gurov
08:24 AM Bug #9357 (Closed): rc.newwanipv6 called regardless of REASON: Jim Pingle
01:20 AM Bug #9357: rc.newwanipv6 called regardless of REASON: Flole Systems wrote:
> Actually the script posted above is only used if "don't wait for RA" is set, otherwise the "o... Viktor Gurov
08:23 AM Bug #7614 (Pull Request Review): Port forwards where the destination is a network alias can create invalid refection rules if multiple subnets are in that alias.: Jim Pingle
05:00 AM Bug #7614: Port forwards where the destination is a network alias can create invalid refection rules if multiple subnets are in that alias.: https://github.com/pfsense/pfsense/pull/4168 Viktor Gurov
07:40 AM pfSense Packages Bug #6684 (Resolved): Setting IKEv2 Phase 2 in Mobile Config appears to generate invalid Apple Profile: Jim Pingle
02:31 AM pfSense Packages Bug #6684: Setting IKEv2 Phase 2 in Mobile Config appears to generate invalid Apple Profile: tested on pfSense 2.4.5.a.20200120.1342 with ipsec-profile-wizard 0.12
no such issue - you can set DH group in bot... Viktor Gurov
07:39 AM Bug #9225 (Closed): Gateway group routing not updated on OpenVPN client reconnect: Jim Pingle
07:23 AM Bug #9225: Gateway group routing not updated on OpenVPN client reconnect: no such issue on pfSense 2.5.0.a.20200119.2335
After disabling/enabling PPPoE link, it set group GW to GWTest_Gro... Viktor Gurov
07:37 AM Revision 8788b061: DHCP6 client discard REQUEST messages. Issue #9634: Viktor Gurov
12:08 AM pfSense Packages Bug #9738 (Resolved): Client IP address validation disallows CIDR notation: Renato Botelho wrote:
> PR has been merged. Thanks!
tested on 2.5.0.a.20200119.2335 with freeradius30.15.7_9
w... Viktor Gurov
12:01 AM Feature #10186 (Resolved): Ability to do inverse matching of tags in floating rules: Renato Botelho wrote:
> PR has been merged. Thanks!
tested on 2.5.0.a.20200119.2335
works as expected Viktor Gurov

01/20/2020

11:53 PM Bug #10190 (Resolved): can't disable Phase 1 when Phase 2 is VTI: Renato Botelho wrote:
> PR has been merged. Thanks!
tested on 2.5.0.a.20200119.2335
works as expected
Viktor Gurov
02:44 PM pfSense Packages Bug #9583 (Resolved): Freeradius 3 auth error on OTP (only on PFSense 2.5-dev): Works fine on _9. Jim Pingle
02:20 PM Bug #10179 (Resolved): incorrect encrypted backup restore error handling: This is not detecting the incorrect password case on current 2.4.5 snapshots. I don't get a blank page on error like ... Jim Pingle
10:21 AM Bug #10195 (Resolved): radvd spamming routing log with "IPv6 forwarding on interface seems to be disabled, but continuing anyway": On 2.4.5 and 2.5.0, radvd is filling the routing.log with the following error:... Jim Pingle
10:07 AM Bug #10194: NAT rule not working when multiple hosts under one alias: Thanks Jim. Please close issue. I will retest once version 2.4.5 comes out as production. John Beaudoin
09:34 AM Bug #10194 (Duplicate): NAT rule not working when multiple hosts under one alias: Almost certainly a duplicate of #9296 Jim Pingle
09:21 AM Bug #10194 (Duplicate): NAT rule not working when multiple hosts under one alias: Running a secure ftp server under tcp/990 and passive ports tcp/50000-50010
created alias "allcustomers" added fqd... John Beaudoin
07:24 AM Bug #10189: pfsense calculates wrong ip header checksum when reassambling packages with different mtu: If it's fixed in 13, there is a possibility that the fix was MFCd from 13 to 12-STABLE and back to 11-STABLE. 2.4.5 i... Jim Pingle
07:04 AM Bug #10189: pfsense calculates wrong ip header checksum when reassambling packages with different mtu: No, i haven't tried these versions yet and currently don't have time to do more investigation.
If 2.4.5 becomes stab... Stefan Mark
06:38 AM Bug #10189: pfsense calculates wrong ip header checksum when reassambling packages with different mtu: Have you also tried on pfSense 2.4.5 and 2.5.0 snapshots to see if it persists there as well? Jim Pingle
03:21 AM Bug #10189: pfsense calculates wrong ip header checksum when reassambling packages with different mtu: I tried to reproduce this with different freebsd versions:
- 13.0 : OK
- 11.2 : Fails
- 9.3 : OK
It seems that... Stefan Mark
06:41 AM Bug #10193 (Rejected): PPPoE wrong default route: Please post on the forum to discuss and diagnose the issue. It is more likely you have a configuration issue here and... Jim Pingle
05:36 AM Bug #10193 (Rejected): PPPoE wrong default route: I'm running newest stable pfSense 2.4.4 in KVM virt (pcie passed through NICs, should be identical to physical/bareme... Mark Aradi
06:19 AM Bug #8987: Web GUI main page very slow to load if wan interface is enabled but not connected.: Still an issue here too somehow, a year later - it's the one thing that's close to driving me to migrate to opnsense.... Jon Sands

01/19/2020

09:54 AM Bug #10192 (Duplicate): 在没有互联网（内网）的情况下登录异常的慢（最少需要10秒）: #1 - All submissions here must be in English
#2 - This is a duplicate of #8987 Jim Pingle
03:32 AM Bug #10192 (Duplicate): 在没有互联网（内网）的情况下登录异常的慢（最少需要10秒）: 目前查看的原因在于登录时会自动检测更新，而此时没有互联网就卡住了（我开了系统更新里面的仪表盘不更新，依旧会卡住）。还有一个是检查插件跟在线检测模块（都是基于互联网）
建议不要在首次登录做这些操作，可以放在其他页面以增加用户体验。 zisain pan

01/15/2020

04:06 PM Feature #10186 (Resolved): Ability to do inverse matching of tags in floating rules: *Summary:*
I would love to be able to set up floating rules that match traffic on an interface that has NOT been t... Soren Petersen
12:28 PM pfSense Packages Bug #10185: Suricata 'Alert Log View Filter' undesirably port matches substrings instead of exact port: Sean McBride wrote:
> Or even just adding some text under the input fields to specify that it takes regexes.
Yeah... Bill Meeks
09:53 AM pfSense Packages Bug #10185: Suricata 'Alert Log View Filter' undesirably port matches substrings instead of exact port: Or even just adding some text under the input fields to specify that it takes regexes. Sean McBride
09:30 AM pfSense Packages Bug #10185: Suricata 'Alert Log View Filter' undesirably port matches substrings instead of exact port: The alerts log filtering tool uses Perl regular expression syntax. If you want to find say just Port 25, then try thi... Bill Meeks

Also available in: Atom

Project

General

Profile

pfSense

Activity

Activity

02/13/2020

02/12/2020

02/11/2020

02/10/2020

02/09/2020

02/08/2020

02/07/2020

02/06/2020

02/05/2020

02/04/2020

02/03/2020

02/02/2020

02/01/2020

01/31/2020

01/30/2020

01/29/2020

01/28/2020

01/27/2020

01/26/2020

01/25/2020

01/24/2020

01/23/2020

01/22/2020

01/21/2020

01/20/2020

01/19/2020

01/18/2020

01/17/2020

01/16/2020

01/15/2020