Activity

30 days up to

User

Subprojects

Activity

From 02/09/2020 to 03/09/2020

03/09/2020

09:49 PM Revision 169f9eea: Update system.inc: change from space to tab Manuel Piovan
09:28 PM Revision 6fd99be0: Feature #10323: Manuel Piovan
09:24 PM Revision 91cbc62d: Feature #10323: Add min-max ntp peers default 4 Manuel Piovan
09:20 PM Revision 38fcf2c5: Feature #10323: added knob for max peers min 3 max 10 Manuel Piovan
07:15 PM Feature #10323: Allow limiting NTP pool server usage count: Thanks for checking and for the feedback!
corrected Manuel Piovan
06:35 PM Feature #10323: Allow limiting NTP pool server usage count: Thanks!
Unfortunately I note a small spelling error (_Maximun_ instead of _maximum_). Also the @tos maxclock@ dire... David Burns
04:33 PM Feature #10323: Allow limiting NTP pool server usage count: PR : https://github.com/pfsense/pfsense/pull/4224 Manuel Piovan
10:08 AM Feature #10323: Allow limiting NTP pool server usage count: I agree, it would be best to allow the user to configure that value rather than limiting it unilaterally. Jim Pingle
06:20 AM Feature #10323 (Resolved): Allow limiting NTP pool server usage count: Summary: pfSense default NTP configuration using NTP Pool servers appears to result in polling of an excessive number... David Burns
06:48 PM pfSense Packages Bug #10326: Snort - Blocked Alert - Show IP but Description loss -> "Alert Description No Longer Available": This is not a bug. It's caused by the alert log file getting purged by either getting rotated as part of the periodic... Bill Meeks
12:13 PM pfSense Packages Bug #10326 (Not a Bug): Snort - Blocked Alert - Show IP but Description loss -> "Alert Description No Longer Available": Snort v 3.2.9.10
Package Dependencies:
snort-2.9.15 barnyard2-1.13_1
In the blocked tab show data in the IP C... Diego Leon
06:08 PM Bug #10325: System/Advanced/Notifications/E-Mail - SMTP Notification E-Mail auth password Unexpected Bahaviour: i think it's a duplicate of https://redmine.pfsense.org/issues/9684
and it is already been corrected with https://gi... Manuel Piovan
10:44 AM Bug #10325 (New): System/Advanced/Notifications/E-Mail - SMTP Notification E-Mail auth password Unexpected Bahaviour: Hi,
In System/Advanced/Notifications/E-Mail - SMTP Notification E-Mail auth password, if i wish to CHANGE the passwo... Mr B
03:26 PM Revision 0ef202d1: Merge pull request #4218 from vktg/smtptest: Renato Botelho
03:08 PM Revision 14c55399: Merge pull request #4220 from vktg/infdescr: Renato Botelho
02:31 PM Bug #10328 (Needs Patch): LTE (USB) connection on 2.5.0-DEV locks the system up right after its established: Probably nothing for us to do here, needs to be solved upstream in FreeBSD.
It could be the driver for that specif... Jim Pingle
02:18 PM Bug #10328: LTE (USB) connection on 2.5.0-DEV locks the system up right after its established: The modem worked on 2.4, it connects on 2.5 too get ip address but box locks up in 30 sec after connection establishe... Csaba Bistey
02:12 PM Bug #10328 (Needs Patch): LTE (USB) connection on 2.5.0-DEV locks the system up right after its established: Crash report begins. Anonymous machine information:
amd64
12.0-RELEASE-p10
FreeBSD 12.0-RELEASE-p10 ce9563d5729... Csaba Bistey
01:59 PM Revision 85d5f8ab: Merge pull request #4170 from emmtbot/r8987-webgui-dns: Renato Botelho
01:25 PM Bug #10324 (Resolved): system_usermanager_addprivs.php: User account full name is not encoded before output: OK on 2.4.5.r.20200309.1200
OK on 2.5.0 via gitsync Jim Pingle
09:36 AM Bug #10324 (Feedback): system_usermanager_addprivs.php: User account full name is not encoded before output: Fixed by commit:3c1e53dabe966f27c9097a5a923e77f49ae5fffa (master) and commit:63b2d08b84b5c1707db809209d7a30569ec2e1e1... Jim Pingle
07:54 AM Bug #10324 (Resolved): system_usermanager_addprivs.php: User account full name is not encoded before output: On system_usermanager_addprivs.php, the user name and full name are displayed at the top of the page for reference. T... Jim Pingle
01:14 PM Revision 0d445748: Merge pull request #4202 from vktg/ovpn6resolve: Renato Botelho
01:13 PM Revision b9eba842: Merge pull request #4200 from vktg/dns64: Renato Botelho
01:08 PM Revision 57c58fac: Merge pull request #4102 from vktg/impcertonly: Renato Botelho
01:07 PM Revision a048bbe9: Merge pull request #4205 from vktg/intnamelenth: Renato Botelho
01:06 PM Revision 419260b2: Merge pull request #4206 from vktg/dhcp6stateless: Renato Botelho
01:05 PM Revision 133050c4: Merge pull request #4209 from vktg/dhcpgwoutside: Renato Botelho
01:04 PM Revision 2a58d475: Merge pull request #4212 from vktg/l2tpuserat: Renato Botelho
01:03 PM Revision c9a2f961: Merge pull request #4215 from vktg/ipsecguirestart: Renato Botelho
01:02 PM Revision 9319db41: Merge pull request #4201 from vktg/ntpguifix: Renato Botelho
01:00 PM Revision b23b28e9: Merge pull request #4211 from vktg/dhcpdescape: Renato Botelho
12:59 PM Revision 66398840: Merge pull request #4214 from vktg/schedulescdata: Renato Botelho
12:58 PM Revision f5642d50: Merge pull request #4216 from vktg/l2tpusernorestart: Renato Botelho
12:55 PM Revision 63b2d08b: Encode user descr before output. Fixes #103241: (cherry picked from commit 3c1e53dabe966f27c9097a5a923e77f49ae5fffa) Jim Pingle
12:55 PM Revision 3c1e53da: Encode user descr before output. Fixes #103241: Jim Pingle
12:55 PM Revision 86a89e48: Merge pull request #4219 from vktg/radiusippooldescr: Renato Botelho
12:54 PM Revision b51a6d5a: Merge pull request #4217 from vktg/smtpdisvalid: Renato Botelho
12:48 PM Revision bb3314e1: Merge pull request #4173 from f-bor/gw_duplicates: Renato Botelho
12:44 PM Revision 1786b6b4: Merge pull request #4222 from vktg/idnurltable: Renato Botelho
12:35 PM Bug #10327 (Resolved): Fix/Update GPS initialization commands for Garmin devices.: I'm currently using a Garmin GPS 18x LVC receiver (FW 4.40), with PPS connected, as a reference clock for NTP on the ... Grimson Gretzleburg
10:58 AM pfSense Packages Feature #9003 (Feedback): Add 'Copy Running to Saved' option to the raw config: PR has been merged. Thanks! Renato Botelho
10:53 AM pfSense Packages Feature #8196 (Feedback): pfSense-pkg-LCDproc: add a shutdown/reboot control menu: PR has been merged. Thanks! Renato Botelho
10:52 AM pfSense Packages Feature #8198 (Feedback): pfSense-pkg-LCDproc: Add a link status screen for each interface: PR has been merged. Thanks! Renato Botelho
10:45 AM pfSense Packages Feature #8574 (Feedback): Enable AgentX-support in lldpd using GUI: PR has been merged. Thanks! Renato Botelho
10:32 AM pfSense Packages Bug #8887 (Feedback): Squid Proxy Interface not assignee to IPv6: PR has been merged on 2.4.5 and 2.5.0. Thanks! Renato Botelho
10:28 AM pfSense Packages Feature #10297 (Feedback): IPv6 user attributes: PR has been merged. Thanks! Renato Botelho
10:26 AM Bug #8522 (Feedback): SMTP test says success when actually fails: PR has been merged. Thanks! Renato Botelho
10:08 AM Feature #1557 (Feedback): Add the Interface descriptions to the OS interface descriptions: PR has been merged. Thanks! Renato Botelho
09:41 AM Feature #1557 (Pull Request Review): Add the Interface descriptions to the OS interface descriptions: Jim Pingle
10:03 AM pfSense Packages Feature #9272 (Pull Request Review): Allow multiple IP in ListenIP for Zabbix Agent: Jim Pingle
04:48 AM pfSense Packages Feature #9272: Allow multiple IP in ListenIP for Zabbix Agent: Fix + allow to use :: and ::/1 IPv6 addresses:
https://github.com/pfsense/FreeBSD-ports/pull/791 Viktor Gurov
09:56 AM pfSense Packages Bug #10320 (Pull Request Review): lcdproc Crash report begins: Jim Pingle
09:55 AM Bug #9622 (Pull Request Review): Changing admins membership does not replicate correctly to HA slave: Jim Pingle
08:59 AM Bug #8987 (Feedback): Web GUI main page very slow to load if wan interface is enabled but not connected.: PR https://github.com/pfsense/pfsense/pull/4170 has been merged. Thanks! Renato Botelho
08:24 AM Bug #10236: Cannot add more than 2 VMXNET3 Adapters in vSphere: I appear to have made a typo. It should be more than 3 adapters. I checked ran into it again a week or two ago, it ... Patrick Sanderson
08:15 AM Feature #8624 (Feedback): DNS Resolver Resolve IPv6 OpenVPN Client Addresses: PR has been merged. Thanks! Renato Botelho
08:14 AM Feature #10274 (Feedback): DNS64 support: PR has been merged. Thanks! Renato Botelho
08:09 AM Feature #9834 (Feedback): system_certmanager.php: add ability to import certificate without private key: PR has been merged. Thanks! Renato Botelho
08:07 AM Bug #9401 (Feedback): 26 to 31 character VPN interface names cause gateway names to exceed 31 character limit: PR has been merged. Thanks! Renato Botelho
08:06 AM Bug #9596 (Feedback): DHCPv6 Range should not be mandatory if Stateless DHCP selected as router mode: PR has been merged. Thanks! Renato Botelho
08:05 AM Bug #7380 (Feedback): WAN DHCP Gateway Outside of Subnet Causing Route Issues: PR has been merged. Thanks! Renato Botelho
08:04 AM Feature #9828 (Feedback): L2TP (long) username containing @ (realm separator): PR has been merged. Thanks! Renato Botelho
08:03 AM Bug #10306 (Feedback): Incorrect IPsec service status: PR has been merged. Thanks! Renato Botelho
08:02 AM Bug #10276 (Feedback): NTP "No Select" does not work: PR has been merged. Thanks! Renato Botelho
08:00 AM Bug #10295 (Feedback): Unescaped characters in dhcp-client-identifier prevent DHCPD from starting on interface: PR has been merged. Thanks! Renato Botelho
07:59 AM Bug #10305 (Feedback): Using special character in Schedules description: PR has been merged. Thanks! Renato Botelho
07:56 AM Bug #4866 (Feedback): L2TP server are restarted after adding/modifying L2TP users (mpd.secret): PR has been merged. Thanks! Renato Botelho
07:55 AM Feature #8160 (Feedback): Accomodate both RADIUS and pool IP addresses in IPsec: PR has been merged. Thanks! Renato Botelho
07:54 AM Bug #10317 (Feedback): SMTP notifications validating SSL when option disabled: PR has been merged. Thanks! Renato Botelho
07:49 AM Bug #10307: NTP status widget doesn't display stratum: We've hit that newline issue before with @ntpq@ output -- see #4815
Probably will break more than it helps by addi... Jim Pingle
07:19 AM Bug #10307: NTP status widget doesn't display stratum: of course
the problwm with the -w flag is that If this requires more than 15 characters, display the full value, emi... Manuel Piovan
06:56 AM Bug #10307: NTP status widget doesn't display stratum: Thanks for testing!
Can you show 'ntpq -pn -w' output? Viktor Gurov
06:11 AM Bug #10307: NTP status widget doesn't display stratum: screenshot added Manuel Piovan
06:02 AM Bug #10307: NTP status widget doesn't display stratum: tested it, work partially
NTP status page is wrong for me the table is shifted of 1 place after the long ipv6 addr... Manuel Piovan
07:48 AM Feature #10214 (Feedback): Allow IPsec duplicate endpoints: PR has been merged. Thanks! Renato Botelho
07:44 AM Feature #10321 (Feedback): URL/URL Table alias with IDN hostnames: PR has been merged. Thanks! Renato Botelho

03/08/2020

04:09 PM Bug #10307: NTP status widget doesn't display stratum: Also NTP status page shows truncated IPv6 address
from ntpq(1):... Viktor Gurov
06:03 AM Bug #10307: NTP status widget doesn't display stratum: affected version also 2.5.0
Candidate 192.168.10.200 .GPS. 1 u 28 64 17 0.187 -0.436 0.048
Candidate 172.17.0.100 ... Manuel Piovan
02:12 PM Feature #10322: Force ipv4/ipv6 DNS resolution for NTP servers: Jim,
For an unknown reason - even though my setup is configured for only ipv4, sometimes NTP will randomly resolve... Christian Borchert
01:09 PM Feature #10322: Force ipv4/ipv6 DNS resolution for NTP servers: It's not a bug, it's just not supported.
It could be added. For example, with an option for each server in the NTP... Jim Pingle
12:05 PM Feature #10322 (Resolved): Force ipv4/ipv6 DNS resolution for NTP servers: Per http://doc.ntp.org/current-stable/confopt.html one should be able to prefix an NTP server hostname with either '-... Christian Borchert
10:07 AM Revision 48a15754: URL/URL Table alias with IDN hostnames. Issue #10321: Viktor Gurov
05:08 AM Feature #10321: URL/URL Table alias with IDN hostnames: https://github.com/pfsense/pfsense/pull/4222 Viktor Gurov
04:56 AM Feature #10321 (Resolved): URL/URL Table alias with IDN hostnames: Add ability to use IDN hostnames ('täst.de') in URL/URL Tables files
idn_to_ascii() is used to convert IDN to punn... Viktor Gurov

03/07/2020

09:19 PM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: This bug still persists in Build 2.4.5.r.20200307.0900.
. Chris Poillion
05:14 PM pfSense Packages Bug #10320: lcdproc Crash report begins: for($i = 0; $i < ($lcdpanel_height - 1) && i < count($traffic); $i++)... Manuel Piovan
05:07 PM pfSense Packages Bug #10320: lcdproc Crash report begins: the first crash seem to be related to the last option undere screen, Addresses by traffic
i add this information: WA... Manuel Piovan
05:04 PM pfSense Packages Bug #10320: lcdproc Crash report begins: if i stop the service lcdproc i have another crash report for a while, i think LCDd is killed but lcdproc took some t... Manuel Piovan
03:33 PM pfSense Packages Bug #10320 (Resolved): lcdproc Crash report begins: Crash report begins. Anonymous machine information:
amd64
12.0-RELEASE-p10
FreeBSD 12.0-RELEASE-p10 ce9563d5729(... Manuel Piovan
05:06 PM pfSense Docs New Content #10311: Default net.link.ifqmaxlen value leads to packet loss under load in OpenVPN: I am continuing to investigate OpenVPN Performance using PFSense as virtual machine under VMWare.
Following tweaks... Alexey Ab
03:37 PM Bug #10319 (Needs Patch): VTI statistics are incorrect: If that is still a problem on 2.4.5 and 2.5.0, that should be reported upstream to FreeBSD (Assuming it can be replic... Jim Pingle
01:06 PM Bug #10319 (Needs Patch): VTI statistics are incorrect: The statistics reported by status/interfaces are wrong for IPsec VTIs.
All the values are mixed and reported as "o... Frederic Bor
12:26 PM pfSense Packages Bug #6690: SURICATA IPS Issue - Kills VLANS & Traffic Shaper: Tenzen Tunkman wrote:
> This issue is still not solved - Inline filtering will break traffic shaping as well as for ... Bill Meeks
08:19 AM pfSense Packages Bug #6690: SURICATA IPS Issue - Kills VLANS & Traffic Shaper: This issue is still not solved - Inline filtering will break traffic shaping as well as for example traffic graph fun... Tenzen Tunkman
06:56 AM Revision a675d425: Add interface description to OS interface description. Issue #1557: Viktor Gurov
05:38 AM Bug #9622: Changing admins membership does not replicate correctly to HA slave: Updated PR with added checkbox to on/off feature:
https://github.com/pfsense/pfsense/pull/4221 Viktor Gurov
05:19 AM Revision d5155a01: Notifications page input validation. Issue #8522: Viktor Gurov
04:03 AM Bug #10236: Cannot add more than 2 VMXNET3 Adapters in vSphere: Upgraded 2.4.4-p3 to snapshot 2020-03-07 0136
I have 3 VMX connected and all seems to be working. No issues. Tommy Kuhler
01:08 AM Feature #1557: Add the Interface descriptions to the OS interface descriptions: https://github.com/pfsense/pfsense/pull/4220 Viktor Gurov

03/06/2020

08:19 PM Bug #9577: radvd send_ra_forall failed on interface / can't join ipv6-allrouters: Can you add a link to the PR?
[[https://github.com/pfsense/FreeBSD-ports/pull/773]]
Ronald Schellberg
02:28 PM Bug #8522 (Pull Request Review): SMTP test says success when actually fails: Jim Pingle
03:22 AM Bug #8522: SMTP test says success when actually fails: This PR adds extra input validation:
https://github.com/pfsense/pfsense/pull/4218 Viktor Gurov
02:22 PM Revision bd46a6c0: IPsec mobile page minor fixes. Issue #8160: Viktor Gurov
02:17 PM Bug #10317 (Pull Request Review): SMTP notifications validating SSL when option disabled: Jim Pingle
12:28 AM Bug #10317: SMTP notifications validating SSL when option disabled: Correct,
from https://www.php.net/manual/en/context.ssl.php:... Viktor Gurov
02:15 PM Bug #10314 (Resolved): Per-user IKEv2 settings are not functioning on 2.5.0: Jim Pingle
02:13 PM Feature #8160 (Pull Request Review): Accomodate both RADIUS and pool IP addresses in IPsec: Jim Pingle
08:53 AM Feature #8160: Accomodate both RADIUS and pool IP addresses in IPsec: works as expected on 2.5.0.a.20200305.2255
but some minor fixes:
https://github.com/pfsense/pfsense/pull/4219
Viktor Gurov
09:49 AM Feature #10316: Add year in log format: Actually got the answer. Thank you jsinix na
09:47 AM Feature #10316: Add year in log format: Jim Pingle wrote:
> Already implemented in #9808 (Enable RFC 5424 log mode on 2.5.0)
I am on 2.4.4, So I need to... jsinix na
09:05 AM Feature #10318 (Resolved): Do not restart PPPoE server after adding/modifying users: Full daemon restart drops PPPoE clients sessions and may cause issues with other packages.
This is useless since mpd... Viktor Gurov
08:00 AM Bug #10296 (Resolved): swanctl.conf may need multiple pools to support IPv4 and IPv6: tested on 2.5.0.a.20200305.2255
works ok now,- mobile-pools inherits attributes Viktor Gurov
06:30 AM Revision 93166bdc: Fix SMTP SSL/TLS disable validation. Issue #10317: Viktor Gurov
06:05 AM pfSense Packages Bug #8729 (Resolved): IPv6 - FRR BGP issue with Redistribute connected networks: tested on 2.5.0.a.20200305.2255 with frr 0.6.4_2
works as expected - address family sections now looks good
Viktor Gurov

03/05/2020

11:50 PM Bug #10317 (Resolved): SMTP notifications validating SSL when option disabled: The function send_smtp_message in etc/inc/notices.inc will try to verify the SSL certificate, even though the Validat... John Clark
07:04 PM Feature #10316 (Duplicate): Add year in log format: Already implemented in #9808 (Enable RFC 5424 log mode on 2.5.0) Jim Pingle
06:22 PM Feature #10316 (Duplicate): Add year in log format: hello , the logs under /var/log/* on pfsense doesn't have a year in the timestamp . can it be added ?
Mar 5 18:31... jsinix na
04:35 PM Revision 81092348: Do not restart L2TP server after adding/modifying users. Issue #4866: Viktor Gurov
02:49 PM Bug #10315: Cannot add network devices using PCI Passthrough from QEMU hypervisor: We can't keep open duplicate entries for everything in the FreeBSD PR system, even if they might be relevant to certa... Jim Pingle
07:24 AM Bug #10315 (Needs Patch): Cannot add network devices using PCI Passthrough from QEMU hypervisor: There is nothing actionable for us here. It's a problem in FreeBSD that must be addressed upstream.
Jim Pingle
04:27 AM Bug #10315: Cannot add network devices using PCI Passthrough from QEMU hypervisor: Update to details above:
Passing through the PCIe-based WiFi is necessary for a proxmox hypervisor because proxmox d... Bryon Baker
04:25 AM Bug #10315 (Needs Patch): Cannot add network devices using PCI Passthrough from QEMU hypervisor: When running pfSense as a VM in QEMU you are unable to use PCIe passthrough of network devices.
For example, you can... Bryon Baker
10:11 AM Bug #10295 (Pull Request Review): Unescaped characters in dhcp-client-identifier prevent DHCPD from starting on interface: Jim Pingle
10:08 AM Bug #4866 (Pull Request Review): L2TP server are restarted after adding/modifying L2TP users (mpd.secret): Jim Pingle
07:20 AM Bug #4866: L2TP server are restarted after adding/modifying L2TP users (mpd.secret): If this works, we should also change the PPPoE server to behave the same way. That should be a separate Redmine issue... Jim Pingle
07:12 AM Bug #4866: L2TP server are restarted after adding/modifying L2TP users (mpd.secret): This PR moves creation of the mpd.secret file to a separate function that does not restart mpd daemon:
https://githu... Viktor Gurov
05:47 AM Feature #8794: NTP authentication support: Currently supported NTP auth hashes by vendors:
Juniper - MD5, SHA1, SHA256
Huawei - MD5, SHA256
Palo Alto - MD5, ... Viktor Gurov
05:39 AM Revision 00318445: Replace double quote character in DHCP client ID. Issue #10295: Viktor Gurov

03/01/2020

06:07 PM pfSense Packages Bug #10279: pfSense's OpenVM Tools on ESXi 6.7 no longer provides guest vm functionality: Thanks for the info! Looking ahead, ESXi 7.0 is headed toward a launch at VMworld late August 2020. That said, if 2... Travis McMurry
10:14 AM Bug #10307: NTP status widget doesn't display stratum: Ohhh... as soon as it selects a sane peer, the problem goes away.
Now I don't know if the problem is "Outlier" or if... Adam Thompson
10:11 AM Bug #10307 (Resolved): NTP status widget doesn't display stratum: On 2.4.4-RELEASE-p3, if I have a) an IPv6 NTP server, and b) the NTP status widget on the dashboard, the widget doesn... Adam Thompson

02/29/2020

09:19 PM pfSense Packages Bug #10185: Suricata 'Alert Log View Filter' undesirably port matches substrings instead of exact port: The requested feature has been added to the Filter Panel on the ALERTS tab of the latest Suricata GUI package release... Bill Meeks
09:16 PM pfSense Packages Feature #9848: file-store retention limits: This feature has been added to the LOGS MGMT tab in Suricata and also code was added to the logs and space management... Bill Meeks
09:13 PM pfSense Packages Bug #10244: PHP crash: suricata: This is addressed by the latest posted versions of the Suricata GUI packages for pfSense 2.4.5-RC and 2.5-DEVEL. The ... Bill Meeks
05:05 PM Feature #8786: Wireguard VPN: See these links:
https://svnweb.freebsd.org/base?view=revision&revision=357986
https://svnweb.freebsd.org/base?view... Lai Wei-Hwa
04:47 PM Bug #10303: pfSense-upgrade is not upgrading itself: https://forum.netgate.com/topic/150931/update
Looks like a bug or two still.
Follow Peters fix above if this go... Chris Palmer
10:17 AM Bug #10303: pfSense-upgrade is not upgrading itself: Yes there is currently something going wrong here. I updated to 2.4.5.r.20200229.0900 a moment ago, using the WebUI:
... Grimson Gretzleburg
12:34 AM Bug #10303: pfSense-upgrade is not upgrading itself: Peter Pain wrote:
> I got a
>
> /bin/sh: cannot open /usr/local/sbin/pfSense-upgrade: No such file or directory
... Chris Palmer
04:30 PM Revision 27e1febb: NTP WebGUI checkbox fix. Issue #10276: Viktor Gurov
02:13 PM Revision 60e34dde: Incorrect IPsec service status. Issue #10306: Viktor Gurov
10:56 AM Feature #10301: Password confirmation when exporting encrypted backup file: I see ... Viktor Gurov
08:47 AM Revision 008c1545: Special characters in Schedules descr and rangedescr fields. Issue #10305: Viktor Gurov
08:15 AM Bug #10306: Incorrect IPsec service status: This PR adds extra charon process checking:
https://github.com/pfsense/pfsense/pull/4215 Viktor Gurov
08:12 AM Bug #10306 (Resolved): Incorrect IPsec service status: If you do some changes on the IPsec Mobile or IPsec Advanced tab and press apply,
Strongswan daemon restarted, but y... Viktor Gurov
06:19 AM Revision f1efc792: L2TP username containing @ (realm separator). Issue #9828: Viktor Gurov
02:51 AM Bug #10305: Using special character in Schedules description: > ... Viktor Gurov
02:45 AM Bug #10305 (Resolved): Using special character in Schedules description: When using special characters in Schedules and timeranges description fields
firewall_schedule.php page shows escapi... Viktor Gurov
01:46 AM Bug #10304 (Closed): ``radvd`` only responds to the first Router Solicitation received after each multicast Router Advertisement: I've noticed that radvd will only respond to the first Router Solicitation received by the router after a multicast R... Kev Kitchens
01:00 AM Feature #7284: NTPd Autoset GPS device baud rate: Updated PR:
https://github.com/pfsense/pfsense/pull/4213 Viktor Gurov
12:24 AM Feature #9828: L2TP (long) username containing @ (realm separator): L2TP username containing @ (realm separator):
https://github.com/pfsense/pfsense/pull/4212
There is no issue with... Viktor Gurov
12:11 AM Bug #10295: Unescaped characters in dhcp-client-identifier prevent DHCPD from starting on interface: This fix replaces the double quote character with '&quot':
https://github.com/pfsense/pfsense/pull/4211
There is ... Viktor Gurov

02/28/2020

04:42 PM Bug #10303: pfSense-upgrade is not upgrading itself: I got a
/bin/sh: cannot open /usr/local/sbin/pfSense-upgrade: No such file or directory
after updating to *2.4.... Peter Pain
12:45 PM Bug #10303: pfSense-upgrade is not upgrading itself: Fix pushed. pfSense-upgrade 0.78 Renato Botelho
12:44 PM Bug #10303 (Resolved): pfSense-upgrade is not upgrading itself: pfSense-upgrade was being registered as a dependency of pfSense-repo pkg. Because of that, when pfSense-repo package... Renato Botelho
10:09 AM pfSense Packages Bug #10302: LIGHTSQUID - Running When Squid Disabled - 2.4: Reporting bugs against outdated versions is not allowed, either.
Post on a forum thread for assistance, not here. Jim Pingle
10:03 AM pfSense Packages Bug #10302: LIGHTSQUID - Running When Squid Disabled - 2.4: 2.4.3-RELEASE
been up for 13 days
lightsquid package version has not been updated in a while
Lightsquid www 3.... Web Dawg
09:56 AM pfSense Packages Bug #10302: LIGHTSQUID - Running When Squid Disabled - 2.4: I can stop it from services. I can't reboot this router to test right now. Web Dawg
09:54 AM pfSense Packages Bug #10302 (Rejected): LIGHTSQUID - Running When Squid Disabled - 2.4: There is not nearly enough information here for a proper bug report.
This site is not for support or diagnostic di... Jim Pingle
09:52 AM pfSense Packages Bug #10302 (Rejected): LIGHTSQUID - Running When Squid Disabled - 2.4: I have my squid proxy disabled:
@
7445/tcp open ssl/http lighttpd 1.4.48
| http-auth:
| HTTP/1.1 401 Unauth... Web Dawg
08:47 AM Feature #10301 (Resolved): Password confirmation when exporting encrypted backup file: I would highly recommend to implement password confirmation so you have to insert the password two times when exporti... Peter Pan
08:29 AM Bug #10296 (In Progress): swanctl.conf may need multiple pools to support IPv4 and IPv6: Jim Pingle
05:27 AM Bug #10296: swanctl.conf may need multiple pools to support IPv4 and IPv6: > Maybe the commons attrs should be included in the v4 pool or both for now?
This is true, although not mentioned in... Viktor Gurov
08:16 AM Bug #7380 (Pull Request Review): WAN DHCP Gateway Outside of Subnet Causing Route Issues: Jim Pingle
12:48 AM Bug #7380: WAN DHCP Gateway Outside of Subnet Causing Route Issues: fixed/resolved PR:
https://github.com/pfsense/pfsense/pull/4209 Viktor Gurov
08:14 AM pfSense Packages Feature #8196 (Pull Request Review): pfSense-pkg-LCDproc: add a shutdown/reboot control menu: Jim Pingle
12:36 AM pfSense Packages Feature #8196: pfSense-pkg-LCDproc: add a shutdown/reboot control menu: fixed/resolved PR:
https://github.com/pfsense/FreeBSD-ports/pull/784 Viktor Gurov
08:10 AM Feature #10280 (Pull Request Review): DHCP Leases widget: Jim Pingle
12:18 AM Feature #10280: DHCP Leases widget: https://github.com/pfsense/pfsense/pull/4208 Viktor Gurov
08:05 AM pfSense Packages Feature #8198 (Pull Request Review): pfSense-pkg-LCDproc: Add a link status screen for each interface: Jim Pingle
12:08 AM pfSense Packages Feature #8198: pfSense-pkg-LCDproc: Add a link status screen for each interface: fixed/resolved PR:
https://github.com/pfsense/FreeBSD-ports/pull/783 Viktor Gurov
08:01 AM pfSense Docs Correction #10300 (Rejected): Feedback on Configuration — Setup Wizard: Plenty of people have valid uses for using a TLD on their firewall, like with ACME or in business environments which ... Jim Pingle
06:46 AM Revision 9fde2b2b: Handle DHCP Lease when the assigned Gateway is Outside of Subnet. Issue #7380: Viktor Gurov
04:30 AM Bug #10287 (Resolved): OpenVPN TLS key direction value added to existing tunnels is 0.: tested on 2.4.5.r.20200228.0300
works as expected on the Client/Server pages Viktor Gurov
01:37 AM Bug #9654 (New): After reboot, the DNS resolver must be restarted before it will advertise the ipv6 DNS address of the router.: looks like same track interface issue: https://redmine.pfsense.org/issues/8273
services try to run on track interf... Viktor Gurov
01:26 AM Bug #10284 (Resolved): Exporting p12 for CSR causes a crash report: tested on 2.5.0.a.20200227.1722
works as expected - hides PKCS#12 export icons/buttons if private key does not exist Viktor Gurov

02/27/2020

11:17 PM Bug #9830 (Resolved): NTP ACLs vs. NTP pools: works as expected on 2.5.0.a.20200227.1722 Viktor Gurov
05:37 AM Bug #9830 (Feedback): NTP ACLs vs. NTP pools: PR has been merged. Thanks! Renato Botelho
07:59 PM pfSense Docs Correction #10300 (Rejected): Feedback on Configuration — Setup Wizard: *Page:* https://docs.netgate.com/pfsense/en/latest/book/config/setup-wizard.html
*Feedback:*
Update the Domain re... Paighton Bisconer
07:38 PM Revision 407a5c28: For mobile IPsec pools, use separate pool for v4 and v6. Fixes #10296: Jim Pingle
05:41 PM Revision ae94cdd1: Revert "Disable rust on suricata for aarch64": This reverts commit c600e53c34d0c5d054e45d9061710d01ca9f53c4. Renato Botelho
05:08 PM Bug #10296: swanctl.conf may need multiple pools to support IPv4 and IPv6: The mobile-pool-v4 and mobile-pool-v6 pools are created as expected.
But seems that "addrs" is required for each... Michael Smith
02:23 PM Bug #10296: swanctl.conf may need multiple pools to support IPv4 and IPv6: I have the common parameters in mobile-pool now and then separate v4 and v6 pools which use that as a template with t... Jim Pingle
01:45 PM Bug #10296 (Feedback): swanctl.conf may need multiple pools to support IPv4 and IPv6: Applied in changeset commit:407a5c28093d46cb39cc1bba75740523a1ee97e6. Jim Pingle
01:24 PM Bug #10296 (In Progress): swanctl.conf may need multiple pools to support IPv4 and IPv6: I think I have a somewhat easy way around this. Commit coming momentarily. Jim Pingle
09:21 AM Bug #10296: swanctl.conf may need multiple pools to support IPv4 and IPv6: In this case we also need to expand the 'Accomodate both RADIUS and pool IP addresses in IPsec.' feature to select wh... Viktor Gurov
04:35 PM Revision f5273eca: Add sysutils/screen to be built: Renato Botelho
04:35 PM Revision 12cc24be: Add sysutils/screen to be built: Renato Botelho
02:49 PM Todo #9864: Set autocomplete=new-password for user/password fields in forms: On what version? This fix has been applied on 2.4.5 and 2.5.0, and on those versions I do not see the browser attempt... Jim Pingle
02:45 PM Todo #9864: Set autocomplete=new-password for user/password fields in forms: I have this issue with the OpenVPN Server and Client pages always getting the Proxy username/pass autofilled. Corey Boyle
02:26 PM pfSense Packages Bug #10299: Snort - Blocked Alert - Description loss -> Alert Description No Longer Available: Bill Meeks wrote:
> Diego Leon wrote:
> > Snort v 3.2.9.10
> >
> > Package Dependencies:
> > snort-2.9.15 ... Diego Leon
12:54 PM pfSense Packages Bug #10299 (Not a Bug): Snort - Blocked Alert - Description loss -> Alert Description No Longer Available: Jim Pingle
12:54 PM pfSense Packages Bug #10299: Snort - Blocked Alert - Description loss -> Alert Description No Longer Available: Diego Leon wrote:
> Snort v 3.2.9.10
>
> Package Dependencies:
> snort-2.9.15 barnyard2-1.13_1
>
> The S... Bill Meeks
10:19 AM pfSense Packages Bug #10299 (Not a Bug): Snort - Blocked Alert - Description loss -> Alert Description No Longer Available: Snort v 3.2.9.10
Package Dependencies:
snort-2.9.15 barnyard2-1.13_1
The Snort first report in Blocked ta... Diego Leon
01:47 PM Bug #10254 (Feedback): pf error "too many elements" when attempting to load large tables: - pfSense-upgrade was copying loader.conf to a tmp file before upgrade kernel/rc and copying it back to place after t... Renato Botelho
01:02 PM pfSense Packages Bug #10292: Suricata not respecting SID Mgmt list: There were zero changes to that part of the Suricata code in version 4.1.6_3. In fact, both updates to 4.1.6_2 and 4.... Bill Meeks
11:37 AM Revision 5d30f8ca: Merge pull request #4207 from vktg/nonoserve: Renato Botelho
11:36 AM Revision 6681d415: Merge pull request #4204 from vktg/pkcs12nokey: Renato Botelho
10:47 AM Feature #9680: Seperate DHCP Server and relay per interface: Vöggur Guðmundsson wrote:
> I vote for this :)
> Also support multiple relays/helper address.
You can add multip... Viktor Gurov
10:14 AM Feature #9680: Seperate DHCP Server and relay per interface: I vote for this :)
Also support multiple relays/helper address. Vöggur Guðmundsson
10:42 AM pfSense Docs Correction #10257 (Closed): incorrect Cisco-AVPair example: Fixed via PR from Viktor. Jared Dillard
10:30 AM pfSense Docs Correction #10257: incorrect Cisco-AVPair example: https://gitlab.netgate.com/docs/pfSense-book/merge_requests/1 Viktor Gurov
10:12 AM pfSense Packages Bug #10265: Adding a Note with malformed title will force system restore: It is not viable to set that list up dynamically, since if a user removes the package, the value is still in the conf... Jim Pingle
10:10 AM pfSense Packages Bug #10265: Adding a Note with malformed title will force system restore: Jim Pingle wrote:
>
> Yes that's a general issue with XML storage but it's unrelated to this specific bug. We use ... Viktor Gurov
08:27 AM Todo #10298 (Resolved): Use SHA-512 for user password hashes: function local_user_set_password() from auth.inc,
for now uses password_hash($password, PASSWORD_BCRYPT) function to... Viktor Gurov
08:03 AM pfSense Packages Feature #8574 (Pull Request Review): Enable AgentX-support in lldpd using GUI: Jim Pingle
05:35 AM pfSense Packages Feature #8574: Enable AgentX-support in lldpd using GUI: https://github.com/pfsense/FreeBSD-ports/pull/782 Viktor Gurov
07:31 AM pfSense Packages Feature #9989 (Pull Request Review): Add FreeBSD port and pfSense plugin for HoneyTrap: PR: https://github.com/pfsense/FreeBSD-ports/pull/772 Jim Pingle
07:24 AM pfSense Packages Feature #10297 (Pull Request Review): IPv6 user attributes: Jim Pingle
03:24 AM pfSense Packages Feature #10297: IPv6 user attributes: https://github.com/pfsense/FreeBSD-ports/pull/781 Viktor Gurov
01:09 AM pfSense Packages Feature #10297 (Assigned): IPv6 user attributes: Add IPv6 related attributes no the user configuration page in the same way as existing IPv4 Network Configuration:
F... Viktor Gurov
05:37 AM Bug #10284 (Feedback): Exporting p12 for CSR causes a crash report: PR has been merged. Thanks! Renato Botelho
05:34 AM pfSense Packages Feature #9249 (Feedback): [siproxd] Add config for siptrunk plugin: PR has been merged. Thanks! Renato Botelho
05:32 AM pfSense Packages Feature #8878 (Feedback): Propagate user's description field into QR code for FreeRADIUS: PR has been merged. Thanks! Renato Botelho
05:30 AM Revision 5c533d72: DHCPv6 range is not mandatory for Stateless DHCP. Issue #9596: Viktor Gurov
05:28 AM pfSense Packages Bug #8729 (Feedback): IPv6 - FRR BGP issue with Redistribute connected networks: PR has been merged. Thanks! Renato Botelho
05:21 AM pfSense Packages Bug #4497 (Feedback): Using a specific password within FreeRADIUS user management causes pfSense to restore a backup!: Renato Botelho
05:14 AM Revision cec267cb: Special interfaces description length validation. Issue #9401: Viktor Gurov

02/26/2020

06:09 PM Bug #10296 (Resolved): swanctl.conf may need multiple pools to support IPv4 and IPv6: In 2.5.0-DEVELOPMENT after IPsec swanctl conversion, it looks like the mobile-pool may need to be split now to suppor... Michael Smith
02:49 PM Revision 61452020: NTP: do not add noserve to restrict source. Issue #9830: Viktor Gurov
02:32 PM Bug #10295 (Resolved): Unescaped characters in dhcp-client-identifier prevent DHCPD from starting on interface: The following is allowed by the webgui in a static mapping: Client Identifier: 32" Sony Trinitron
That creates a c... Chris Linstruth
02:14 PM Bug #9577: radvd send_ra_forall failed on interface / can't join ipv6-allrouters: Ronald Schellberg wrote:
> Pull Request # 773 submitted
Can you add a link to the PR? Michael Smith
08:28 AM Bug #9577: radvd send_ra_forall failed on interface / can't join ipv6-allrouters: Ronald Schellberg wrote:
>
> The ravdv-2.18_5-v2.5test.txz file is attached.
My bare metal router running my ve... Ronald Schellberg
02:03 PM pfSense Packages Bug #10291 (Resolved): Export using DDNS hostnames (port forward targets) does not include domain name for split DDNS types: Works as expected now. Full hostname is observed in @remote@ statements which only had the short hostname before. Ent... Jim Pingle
11:08 AM pfSense Packages Bug #10294 (New): FRR Route Counts Incorrect on Status Page: Something is still truncating the route counts on the FRR status pages. Seems to be intermittent.
Zebra Routes D... Chris Linstruth
10:44 AM Bug #10276: NTP "No Select" does not work: Manuel Piovan wrote:
> that is normal behavior,not a bug, from the man page
> noselect only work for "server" and "... Christian Borchert
09:07 AM Bug #10276 (Pull Request Review): NTP "No Select" does not work: Jim Pingle
10:07 AM Bug #9830 (Pull Request Review): NTP ACLs vs. NTP pools: Jim Pingle
08:52 AM Bug #9830: NTP ACLs vs. NTP pools: That's correct
Fix:
https://github.com/pfsense/pfsense/pull/4207 Viktor Gurov
10:05 AM Bug #9596 (Pull Request Review): DHCPv6 Range should not be mandatory if Stateless DHCP selected as router mode: Jim Pingle
08:27 AM Bug #9596: DHCPv6 Range should not be mandatory if Stateless DHCP selected as router mode: https://github.com/pfsense/pfsense/pull/4206 Viktor Gurov
10:02 AM pfSense Packages Feature #9249 (Pull Request Review): [siproxd] Add config for siptrunk plugin: Jim Pingle
04:37 AM pfSense Packages Feature #9249: [siproxd] Add config for siptrunk plugin: from siproxd.conf.example:... Viktor Gurov
09:57 AM pfSense Packages Feature #8878 (Pull Request Review): Propagate user's description field into QR code for FreeRADIUS: Jim Pingle
03:27 AM pfSense Packages Feature #8878: Propagate user's description field into QR code for FreeRADIUS: https://github.com/pfsense/FreeBSD-ports/pull/779 Viktor Gurov
09:51 AM Bug #9401 (Pull Request Review): 26 to 31 character VPN interface names cause gateway names to exceed 31 character limit: Jim Pingle
02:38 AM Bug #9401: 26 to 31 character VPN interface names cause gateway names to exceed 31 character limit: This is caused by special suffixes added to some special interfaces:
_VPNV4 and _VPNV6 for OpenVPN and VTI interface... Viktor Gurov
09:42 AM Bug #10284 (Pull Request Review): Exporting p12 for CSR causes a crash report: Jim Pingle
01:13 AM Bug #10284: Exporting p12 for CSR causes a crash report: Unfortunately openssl_pkcs12_export() do not allow to create PKCS#12 without private key,
Therefore, we need to hide... Viktor Gurov
09:25 AM Feature #10293 (Pull Request Review): DNS flag day - EDNS buffer size recommendation: Jim Pingle
12:03 AM Feature #10293: DNS flag day - EDNS buffer size recommendation: https://github.com/pfsense/pfsense/pull/4203 Viktor Gurov
12:00 AM Feature #10293 (Resolved): DNS flag day - EDNS buffer size recommendation: https://dnsflagday.net/2020/:
*Message Size Considerations*
The optimum DNS message size to avoid IP fragmentation ... Viktor Gurov
07:06 AM Revision 2e4372e3: Hide PKCS#12 export if private key is empty. Issue #10284: Viktor Gurov
03:43 AM pfSense Packages Bug #8885 (Closed): HAProxy "Log hostname parameter broke local syslog: no such issue with haproxy-devel 0.60_3 on pfSense 2.4.5.r.20200225.2100 and 2.5.0.a.20200225.0859
- hostname field... Viktor Gurov

02/25/2020

05:10 PM pfSense Packages Bug #10292 (Not a Bug): Suricata not respecting SID Mgmt list: I am running pfSense 2.4.4-RELEASE-p3 (amd64) with Suricata VERSION 4.1.6_3 on an SG-2440.
Suricata is inspecting ... Markus P
01:58 PM Revision c34a340e: Correct 'default' behavior of OpenVPN TLS key dir. Fixes #10287: (cherry picked from commit d2011b0addd27766e6b402270c79d06c6c485f04) Jim Pingle
01:58 PM Revision d2011b0a: Correct 'default' behavior of OpenVPN TLS key dir. Fixes #10287: Jim Pingle
12:43 PM Revision b7a45ee4: Fix USB tethering modules path: (cherry picked from commit 4b790bc6c29255cf32ef5830a20302608cb17342) Renato Botelho
12:43 PM Revision db4cf59b: Build modules needed to USB tethering: (cherry picked from commit 41e09c2264bcc8067c349213eab5c0dadfb5681f) Renato Botelho
10:45 AM pfSense Packages Bug #10291 (Feedback): Export using DDNS hostnames (port forward targets) does not include domain name for split DDNS types: Pushed a fix in OpenVPN client export pkg version 1.4.20 Jim Pingle
10:41 AM pfSense Packages Bug #10291 (Resolved): Export using DDNS hostnames (port forward targets) does not include domain name for split DDNS types: Some Dynamic DNS entries are considered "split" so they have the hostname and domain name in separate variables (e.g.... Jim Pingle
08:05 AM Bug #10287 (Feedback): OpenVPN TLS key direction value added to existing tunnels is 0.: Applied in changeset commit:d2011b0addd27766e6b402270c79d06c6c485f04. Jim Pingle
07:08 AM Feature #10290 (New): Firewall Aliases Add button on top of list: It would be good if we one more Add button would add on top of list. If adding new aliases happens often, then Add on... Constantine Kormashev
06:43 AM Feature #7467: Add iPhone/Android/Generic USB tethering support: I've also added the modules to 2.4.5 Renato Botelho

02/24/2020

10:16 PM Bug #9643: Limiters do not function properly on 2.5 snapshots: Experiencing same behavior as reported by Greg M on my physical install of pfsense 2.5 dev. Traffic just stops.
F... Ryl Thelandria
08:47 PM Bug #10288 (Rejected): Phone tethering to pfSense not updating interfaces to ue0: There is no sign of a bug there yet and not enough information to go on. Keep the discussion on the forum until there... Jim Pingle
08:44 PM Bug #10288 (Rejected): Phone tethering to pfSense not updating interfaces to ue0: Guide completed, however interface not updated.
Post [[https://forum.netgate.com/topic/102342/iphone-tethering-to-pf... K F
03:35 PM Bug #10287: OpenVPN TLS key direction value added to existing tunnels is 0.: In the selection list, when @tlsauth_keydir@ is empty/unset, both the list entry for default and 0 are marked with @s... Jim Pingle
03:22 PM Bug #10287 (In Progress): OpenVPN TLS key direction value added to existing tunnels is 0.: Jim Pingle
03:16 PM Bug #10287 (Resolved): OpenVPN TLS key direction value added to existing tunnels is 0.: Resaving an existing OpenVPN client in 2.4.5 adds additional values to the config.
The key direction value is set to... Steve Wheeler
02:31 PM Bug #9592: VTI interface down because interface number created is greater than ipsec32768: PR is now https://github.com/pfsense/pfsense/pull/4190 Jim Pingle
02:31 PM Bug #10285 (Duplicate): V2.4.4 p3 PSEC VTI tunnels > 32 fail.: Duplicate of #9592 Jim Pingle
02:29 PM Bug #10285 (Duplicate): V2.4.4 p3 PSEC VTI tunnels > 32 fail.: I have a very large pfsense installation with over 32 vpn connections. The HA pair's config was originally built with... Andrew Johnson
01:35 PM pfSense Packages Bug #10278 (New): pfBlockerNG: Formatting issue on DNSBL stats page: Jim Pingle
01:19 PM pfSense Packages Bug #10278: pfBlockerNG: Formatting issue on DNSBL stats page: Jim Pingle wrote:
> Did you mean pfBlockerNG? "pfsense-ng" is not a valid package name. For now I'll set this as pfB... Steve Klund
07:48 AM pfSense Packages Bug #10278 (Feedback): pfBlockerNG: Formatting issue on DNSBL stats page: Did you mean pfBlockerNG? "pfsense-ng" is not a valid package name. For now I'll set this as pfBlockerNG since that s... Jim Pingle
12:36 PM Revision 4b790bc6: Fix USB tethering modules path: Renato Botelho
12:27 PM Revision 41e09c22: Build modules needed to USB tethering: Renato Botelho
11:03 AM Bug #10276 (Not a Bug): NTP "No Select" does not work: Jim Pingle
10:34 AM Bug #10276: NTP "No Select" does not work: that is normal behavior,not a bug, from the man page
noselect only work for "server" and "peer" not for "pool" Manuel Piovan
08:13 AM Bug #10284: Exporting p12 for CSR causes a crash report: Looks like P12 export should be disabled either just for CSRs or perhaps for any entry which lacks a key (Which we al... Jim Pingle
03:30 AM Bug #10284 (Resolved): Exporting p12 for CSR causes a crash report: what i have done:
System / Certificate Manager / Certificates
select "Sign a certificate Signing request"
leave ke... Manuel Piovan
08:11 AM pfSense Packages Feature #9003: Add 'Copy Running to Saved' option to the raw config: Viktor Gurov wrote:
> I do not understand why quagga-way (saving configuration in base64 format in config.xml) may b... Ben Hughes
08:08 AM pfSense Packages Feature #9003 (Pull Request Review): Add 'Copy Running to Saved' option to the raw config: Jim Pingle
07:54 AM pfSense Packages Bug #8887 (Pull Request Review): Squid Proxy Interface not assignee to IPv6: Jim Pingle
07:46 AM Bug #10277: Sorting the log entries does not use year value: You can force the type by using @data-sortable-type="date"@ in the @<th>@ tag for the header row of this column, but ... Jim Pingle
07:39 AM pfSense Packages Bug #4497 (Pull Request Review): Using a specific password within FreeRADIUS user management causes pfSense to restore a backup!: Jim Pingle
07:38 AM pfSense Packages Bug #10265: Adding a Note with malformed title will force system restore: Viktor Gurov wrote:
> Jim Pingle wrote:
> > The string uses characters which are invalid in XML, and that field is ... Jim Pingle
07:34 AM pfSense Packages Bug #8729 (Pull Request Review): IPv6 - FRR BGP issue with Redistribute connected networks: Jim Pingle
07:28 AM Feature #8624 (Pull Request Review): DNS Resolver Resolve IPv6 OpenVPN Client Addresses: Jim Pingle
07:21 AM Bug #10283 (Not a Bug): Fatal error zend opcache cannot allocate buffer for interned strings: This is almost certainly a problem with your environment, not pfSense. I have a number of VMs on 2.4.5 and 2.5.0 that... Jim Pingle
07:00 AM Feature #7467 (In Progress): Add iPhone/Android/Generic USB tethering support: I've added if_urndis, if_cdce and if_ipheth modules to the build. They will be available on next 2.5.0 snapshots and... Renato Botelho
03:14 AM pfSense Packages Bug #10279: pfSense's OpenVM Tools on ESXi 6.7 no longer provides guest vm functionality: graceful shutdown work with esxi 6.7u3 and pfsense 2.5.0-dev Manuel Piovan

02/23/2020

04:32 PM Bug #10283 (Not a Bug): Fatal error zend opcache cannot allocate buffer for interned strings: I've upgraded my pfsense from 256meg to 512 and it no longer runs.
Receiving "Fatal error zend opcache cannot allo... Bob Franken
12:20 PM Bug #10254 (In Progress): pf error "too many elements" when attempting to load large tables: There is still a problem here we're investigating Jim Pingle
09:24 AM pfSense Packages Feature #9003: Add 'Copy Running to Saved' option to the raw config: I do not understand why quagga-way (saving configuration in base64 format in config.xml) may be error prone.
Both *... Viktor Gurov
08:43 AM Bug #10282 (Duplicate): DHCP Relay Listening On ALL Interfaces!: Most likely a duplicate of #9466 -- re-test on 2.4.5. Jim Pingle
05:07 AM Bug #10282 (Duplicate): DHCP Relay Listening On ALL Interfaces!: Hi,
I have configured DHCP Relay to listen on dedicated interfaces only (see pic).
The "GRUEN" interface is dedic... Chris Knebb
08:41 AM Bug #10281 (Not a Bug): I can unassign interface even if it is used in FRR OSPF: It's not a bug in FRR. There is no way for the base system to know that a package is using an interface, and no way f... Jim Pingle

02/22/2020

11:50 PM Bug #10281 (Not a Bug): I can unassign interface even if it is used in FRR OSPF: There was IPsec VTI tunnel with assigned interface. The interface was used in FRR OSPF settings as OSPF interface. If... Constantine Kormashev
08:19 PM Feature #10280: DHCP Leases widget: The author needs to submit that as a pull request. And that repository has not been updated in several years. Jim Pingle
06:21 PM Feature #10280 (New): DHCP Leases widget: DHCP Leases widget for pfSense
may be based on pfSense_widgets (https://github.com/fuzion9/pfSense_widgets). Sergei Shablovsky
08:16 PM pfSense Packages Bug #10279: pfSense's OpenVM Tools on ESXi 6.7 no longer provides guest vm functionality: Might need to try on 2.4.5 or 2.5.0 to get the updated ports. I don't have any problem with guest functionality there... Jim Pingle
12:52 PM pfSense Packages Bug #10279 (New): pfSense's OpenVM Tools on ESXi 6.7 no longer provides guest vm functionality: When I run pfSense on ESXi6.7 (Update 3) with Open-VM-Tools installed from Package Manager, ESXi sees the Open VM too... Travis McMurry
01:12 PM Revision 8c145373: Allow import cert without private key. Issue #9834: Viktor Gurov
10:46 AM pfSense Packages Feature #8181 (Resolved): Quagga OSPF failover mechanism takes too much time to converge in HA environments: successfully tested on 2.5.0.a.20200220.1948 with Quagga_OSPF 0.6.21_5 Viktor Gurov
10:37 AM pfSense Packages Bug #9652 (Resolved): Squid Proxy Server /var/squid/lib/ssl_db directory not found in squid.inc: Renato Botelho wrote:
> PR has been merged. Thanks!
works ok on 2.4.5.r.20200222.0000 and 2.5.0.a.20200221.1911 w... Viktor Gurov
10:33 AM pfSense Packages Bug #9681 (Resolved): [Monitoring] New views title are always in lower case.: mixed titles is ok on 2.5.0.a.20200221.1911 and 2.4.5.r.20200222.0000
Viktor Gurov
10:12 AM pfSense Packages Bug #8887: Squid Proxy Interface not assignee to IPv6: This fix allows you to select the IP protocol over which Squid will listen for connections:
https://github.com/pfsen... Viktor Gurov
10:11 AM Feature #4881: Allow NPt to use dynamic IPv6 networks: Csoban Kesmarki, are you sure that you cannot get a "real" prefix from your ISP? The correct way would be that you ge... Holger Glemser
09:49 AM Bug #10276: NTP "No Select" does not work: Viktor Gurov wrote:
> Can you attach /var/etc/ntpd.conf, and content of <ntpd></ntpd> from /cf/conf/config.xml, plea... Christian Borchert
09:25 AM Bug #10276: NTP "No Select" does not work: Christian Borchert wrote:
> Even after selecting the "No Select" checkbox (a second time and saving), the servers ... Viktor Gurov
08:30 AM Bug #10276: NTP "No Select" does not work: Viktor Gurov wrote:
> When you add a new server(s) on the Services / NTP / Settings page,
> it does not save the v... Christian Borchert
12:56 AM Bug #10276: NTP "No Select" does not work: When you add a new server(s) on the Services / NTP / Settings page,
it does not save the values of the checkboxes f... Viktor Gurov
09:42 AM Revision 585f268f: Register OpenVPN client IPv6 address in DNS Resolver. Issue #8624: Viktor Gurov
08:55 AM pfSense Packages Bug #10278 (New): pfBlockerNG: Formatting issue on DNSBL stats page: I have found that on the stats pages, the center bar that divides source from the pie charts is static.
I cannot... Steve Klund
08:12 AM Bug #10277 (New): Sorting the log entries does not use year value: If you have on the one Status / System Logs page log entries from different months and years
clicking on the 'Time' ... Viktor Gurov
07:41 AM pfSense Packages Bug #4497: Using a specific password within FreeRADIUS user management causes pfSense to restore a backup!: This fix allow to use only ^[a-zA-Z0-9_.-]*$ for usernames:
https://github.com/pfsense/FreeBSD-ports/pull/775 Viktor Gurov
07:32 AM pfSense Packages Bug #10265: Adding a Note with malformed title will force system restore: Jim Pingle wrote:
> The string uses characters which are invalid in XML, and that field is not protected. The packag... Viktor Gurov
07:08 AM pfSense Packages Bug #8729: IPv6 - FRR BGP issue with Redistribute connected networks: This PR allow to select No/IPv4/IPv6/IPv4+IPv6 in the Redistribute drop-down menu (where 'IPv4+IPv6' is 'yes' for bac... Viktor Gurov
03:49 AM Feature #8624: DNS Resolver Resolve IPv6 OpenVPN Client Addresses: Feature:
https://github.com/pfsense/pfsense/pull/4202
Viktor Gurov
01:03 AM Bug #10275 (Resolved): L2TP and PPPoE user password issues: tested on 2.4.5.r.20200221.2100
Passwords started with "!" - ok, WebGUI error message
Double quotes (") in passwo... Viktor Gurov

02/21/2020

11:43 PM Feature #9825 (Resolved): Requirements for trusted certificates in iOS 13 and macOS 10.15: tested on 2.5.0.a.20200221.1911:
default cert creation, openvpn wizard, new cert creation, renew/reissue cert - ok
... Viktor Gurov
08:35 AM Feature #9825 (Feedback): Requirements for trusted certificates in iOS 13 and macOS 10.15: Applied in changeset commit:f944f4a797d7d172d35ee09baffbfbb4bd2a559e. Jim Pingle
08:28 AM Feature #9825: Requirements for trusted certificates in iOS 13 and macOS 10.15: Made the change on both. Better to be safe. Jim Pingle
07:08 AM Feature #9825 (In Progress): Requirements for trusted certificates in iOS 13 and macOS 10.15: This has now been dropped to 398 days for certs made after September 1, so we may as well adjust that down now (maybe... Jim Pingle
11:34 PM Feature #9726 (Resolved): Hash Algorithm configured on child ESP/AH proposals using AES GCM though strongswan strips them: tested on 2.5.0.a.20200221.1911
now works as expected in all cases Viktor Gurov
10:11 AM Feature #9726 (Feedback): Hash Algorithm configured on child ESP/AH proposals using AES GCM though strongswan strips them: PR has been merged. Thanks! Renato Botelho
10:03 AM Feature #9726 (Pull Request Review): Hash Algorithm configured on child ESP/AH proposals using AES GCM though strongswan strips them: Jim Pingle
11:18 PM Bug #10276 (Resolved): NTP "No Select" does not work: System is using Garmin 18x LVC connected via serial port providing NEMA time and PPS.
Attached are two sets of scr... Christian Borchert
11:13 PM Feature #10273 (New): OpenVPN compile with --enable-async-push: Looks like that change has been committed to the ports tree, too Jim Pingle
09:52 PM Feature #10273: OpenVPN compile with --enable-async-push: Renato Botelho wrote:
> Since it was an easy change, I submitted a patch to FreeBSD ports
>
> https://bugs.freebs... Louis McLennan
11:44 AM Feature #10273: OpenVPN compile with --enable-async-push: Since it was an easy change, I submitted a patch to FreeBSD ports
https://bugs.freebsd.org/bugzilla/show_bug.cgi?i... Renato Botelho
10:08 AM Feature #10273 (Needs Patch): OpenVPN compile with --enable-async-push: There is no option in the FreeBSD port to enable that configure argument. The FreeBSD port maintainer will need to ad... Jim Pingle
06:48 PM Revision e6ea77eb: L2TP and PPPoE user password validation. Fixes #10275: (cherry picked from commit 48dae98cf7837af3071521bdabb788af6d3e0f41) Jim Pingle
06:48 PM Revision 48dae98c: L2TP and PPPoE user password validation. Fixes #10275: Jim Pingle
04:44 PM Revision dc104520: DNS64 support. Issue #10274: Viktor Gurov
04:11 PM Revision 4e2e05cb: Merge pull request #4198 from vktg/ipsecstripgcmhash: Renato Botelho
02:27 PM Revision 347ca360: Auto GUI/OpenVPN wizard cert lifetime reduced to 398. Fixes #9825: Jim Pingle
02:24 PM Revision f944f4a7: Server cert lifetime reduced to 398. Fixes #9825: New requirements coming this fall will require new certs to be valid for at most
398 days. Setup this new requirement... Jim Pingle
12:55 PM Bug #10275 (Feedback): L2TP and PPPoE user password issues: Applied in changeset commit:48dae98cf7837af3071521bdabb788af6d3e0f41. Jim Pingle
12:33 PM Bug #10275 (Resolved): L2TP and PPPoE user password issues: When defining local users in L2TP and PPPoE, there are two issues with passwords:
1. Passwords should not be allow... Jim Pingle
10:50 AM Bug #9654: After reboot, the DNS resolver must be restarted before it will advertise the ipv6 DNS address of the router.: You will have to set it up with ipv6 Track Interface. It doesn't show up with static.
Rick Coats
06:41 AM Bug #9654 (Feedback): After reboot, the DNS resolver must be restarted before it will advertise the ipv6 DNS address of the router.: unable to reproduce:
pfSense 2.4.4-p3 and latest 2.5 (VM, qemu),
static IPv4 and IPv6 addresses on LAN interface,... Viktor Gurov
10:09 AM Bug #9710 (Pull Request Review): IPv6 RA: prefix option does not contain router address in spite of "R" flag being set: Renato Botelho
12:55 AM Bug #9710: IPv6 RA: prefix option does not contain router address in spite of "R" flag being set: I also found that 'AdvRouterAddr on' is used everywhere in radvd.conf, but this is incorrect (radvd.conf(5)):
_When ... Viktor Gurov
09:57 AM Feature #10274 (Pull Request Review): DNS64 support: Jim Pingle
03:55 AM Feature #10274: DNS64 support: https://github.com/pfsense/pfsense/pull/4200 Viktor Gurov
03:45 AM Feature #10274 (Resolved): DNS64 support: Add DNS64 configuration to DNS Resolver WebGUI
from https://github.com/monero-project/unbound/blob/master/doc/READ... Viktor Gurov
09:29 AM Bug #10176: Multiple duplicate / overlapping phase 2 Child SAs on IPsec tunnels: Jim Pingle wrote:
> Was it 2.5.0 on both ends? If either end is 2.4.x, it still could be that side triggering the pr... Izaac Falken
08:24 AM Feature #4881: Allow NPt to use dynamic IPv6 networks: Got that point.
I did two things here with my NPt:
1. Now I have 4 networks (LAN, DMZ, GUEST, VPN), basically /80... Csoban Kesmarki
07:47 AM Feature #4881: Allow NPt to use dynamic IPv6 networks: NPt is "Network Prefix Translation" not "IPv6 outbound NAT", it is effectively "IPv6 1:1 NAT for single addresses or ... Jim Pingle
07:45 AM Feature #4881: Allow NPt to use dynamic IPv6 networks: Jim Pingle wrote:
> ...
Thank you!
I though much simpler at first by trying to follow my own manual steps when... Csoban Kesmarki
07:37 AM Feature #4881: Allow NPt to use dynamic IPv6 networks: Looks like the wanip is good enough if $rule['ipprotocol'] == "inet6". But the npt has no 'ipprotocol' attribute whic... Csoban Kesmarki
07:29 AM Feature #4881: Allow NPt to use dynamic IPv6 networks: That alone wouldn't do anything useful -- it would have to be the entire network, not a single address. If it's the e... Jim Pingle
07:24 AM Feature #4881: Allow NPt to use dynamic IPv6 networks: I think that these changes can basically do the job (take it as a high level plan):
1. Changing the /usr/local/www/f... Csoban Kesmarki
07:42 AM Bug #10254 (Feedback): pf error "too many elements" when attempting to load large tables: pfSense-upgrade 0.74 (on 2.5.0 and 2.4.5) and 0.63 on 2.4.4 will fix it Renato Botelho
05:30 AM Revision 9d60be2a: Strip IPsec PH2 hash for AEAD ciphers. Issue #9726: Viktor Gurov
03:48 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: I also have to come back to my conclusion it was ok with the rebuild filterdns. While working better than before, tab... Robert Gijsen

02/20/2020

11:34 PM Feature #9726: Hash Algorithm configured on child ESP/AH proposals using AES GCM though strongswan strips them: tested on 2.5.0.a.20200220.1948
This small fix is still needed for cases where both AEAD and non-AEAD ciphers are ... Viktor Gurov
09:30 AM Feature #9726 (Feedback): Hash Algorithm configured on child ESP/AH proposals using AES GCM though strongswan strips them: PR has been merged. Thanks! Renato Botelho
07:33 AM Feature #9726 (Pull Request Review): Hash Algorithm configured on child ESP/AH proposals using AES GCM though strongswan strips them: Jim Pingle
11:21 PM Bug #7163 (Resolved): IGMP Proxy does not valid inputs: works as expected on 2.5.0.a.20200220.1948 Viktor Gurov
09:30 AM Bug #7163 (Feedback): IGMP Proxy does not valid inputs: PR has been merged. Thanks! Renato Botelho
07:19 AM Bug #7163 (Pull Request Review): IGMP Proxy does not valid inputs: Jim Pingle
04:43 AM Bug #7163: IGMP Proxy does not valid inputs: fixes:
https://github.com/pfsense/pfsense/pull/4197 Viktor Gurov
10:20 PM Feature #10273 (Resolved): OpenVPN compile with --enable-async-push: --enable-async-push enable async-push support for plugins providing deferred authentication [default=no]
Not entir... Louis McLennan
04:25 PM Revision ce164bb8: Fix #10254: Default value is minimumtableentries_bogonsv6 from globals.inc: Renato Botelho
04:25 PM Revision 3b6ad495: Fix #10254: Default value is minimumtableentries_bogonsv6 from globals.inc: Renato Botelho
03:42 PM Bug #10254 (In Progress): pf error "too many elements" when attempting to load large tables: Something is still not quite right with this value post-upgrade. The first boot after any firmware upgrade (like one ... Jim Pingle
10:35 AM Bug #10254 (Feedback): pf error "too many elements" when attempting to load large tables: Applied in changeset commit:3b6ad495670ca387127dbf72cefb46d909be4fa9. Renato Botelho
03:31 PM Revision 8b4e89b9: Merge pull request #4194 from vktg/ipsecmultipools: Renato Botelho
03:31 PM Revision ea4a05ed: Merge pull request #4195 from netpok/feature/cloudflare-token: Renato Botelho
03:30 PM Revision 410b14cf: Merge pull request #4197 from vktg/igmpproxyvalid: Renato Botelho
03:30 PM Revision 4343505b: Merge pull request #4148 from vktg/ipsecnogcmhash: Renato Botelho
03:30 PM Revision 8bc138b3: Merge pull request #4193 from csobankesmarki/master: Renato Botelho
10:56 AM Revision 8d656a00: IGMP Proxy WebGUI input validation. Issue #7163: Viktor Gurov
09:38 AM Revision d5d1c0dd: Hide/strip IPsec PH2 hash algo from swanctl.conf. Issue #9726: Viktor Gurov
09:31 AM Feature #8160 (Feedback): Accomodate both RADIUS and pool IP addresses in IPsec: PR has been merged. Thanks! Renato Botelho
09:31 AM Feature #9639 (Feedback): Cloudflare DDNS "API Token": PR has been merged. Thanks! Renato Botelho
09:30 AM Feature #10256 (Feedback): Add support for IPv6 to No-IP Dynamic DNS: PR has been merged. Thanks! Renato Botelho
08:37 AM Feature #10256: Add support for IPv6 to No-IP Dynamic DNS: https://github.com/pfsense/pfsense/pull/4193 Csoban Kesmarki
09:17 AM pfSense Packages Bug #9934: suricata update kills WAN interface: A look through the Suricata source code shows that the Suricata binary, when running in PCAP mode, will send explicit... Bill Meeks
07:58 AM pfSense Packages Bug #9934: suricata update kills WAN interface: If Suricata is running using Legacy Mode Blocking, then the _libpcap_ library is used and bonded to the interface whe... Bill Meeks
08:39 AM Feature #4881: Allow NPt to use dynamic IPv6 networks: Does anybody aware of any preparation/planning or any other related work already done? Csoban Kesmarki
07:10 AM Feature #10272 (Duplicate): Quick toggle for logging filter rules: Duplicate of #7799 Jim Pingle
04:50 AM Feature #10272 (Duplicate): Quick toggle for logging filter rules: I'd like to propose to always show the logging icon in the filter rules screen but greyed out if not active and make ... Jens Groh
04:46 AM Feature #10271 (Resolved): Large number of VLAN/LANs make "Interfaces" menu hard to access: On our datacenter cluster we have a large number of VLANs and LANs (and we aren't close to finishing work - we have a... Jens Groh
04:20 AM Feature #10258: allow to sign CA: We could use that feature right now. We run multiple CA/intermediate CAs from our pfSense Clusters as we mostly need ... Jens Groh
04:07 AM Feature #10222 (Resolved): Tune GRE MTU if GRE over IPsec is used: tested on 2.5.0.a.20200219.1144
all three cases (GIF,GRE,GRE/IPsec) works as expected Viktor Gurov
04:00 AM Bug #10001 (Resolved): incorrect route deletion on 2.5: works as expected on 2.5.0.a.20200219.1144 Viktor Gurov
02:46 AM Bug #4521: OpenVPN authentication and certificate validation fail due to size of data passed through ``fcgicli``: short subject test:... Viktor Gurov

02/19/2020

11:25 PM pfSense Packages Bug #8830 (Resolved): Automatic flowbit resolution setting does not match description: works as expected on pfSense 2.4.5.a.20200123.1100 with snort 3.2.9.10_1 Viktor Gurov
06:37 PM Bug #9577: radvd send_ra_forall failed on interface / can't join ipv6-allrouters: Pull Request # 773 submitted Ronald Schellberg
05:31 PM Bug #9577: radvd send_ra_forall failed on interface / can't join ipv6-allrouters: There is not one yet, waiting for some confirmation from others. I'll submit one latter tonight. Ronald Schellberg
01:48 PM Bug #9577: radvd send_ra_forall failed on interface / can't join ipv6-allrouters: Is there a pull request on Github for this? I don't see one. If there is not, can you submit that source change as a ... Jim Pingle
04:43 PM Revision 01e77284: Add -o StrictHostKeyChecking=no to all ssh calls: Renato Botelho
04:43 PM Revision 547d0883: Add -o StrictHostKeyChecking=no to all ssh calls: Renato Botelho
01:45 PM pfSense Packages Bug #10261: Arpwatch fails to download ethercodes.dat: Samuel: /etc/inc/pfsense-utils.inc: function download_file($url, $destination, *$verify_ssl = true*, $connect_timeout... Manuel Piovan
01:40 PM pfSense Packages Feature #10227 (Resolved): ACME: Do not show passwords: Thanks for testing! Jim Pingle
01:39 PM pfSense Packages Feature #10227: ACME: Do not show passwords: It works nicely Torben Hørup
12:06 PM pfSense Packages Feature #10227 (Feedback): ACME: Do not show passwords: Fixed in ACME package version 0.6.5
As well as it can be in the current framework anyhow. Passwords and other sens... Jim Pingle
01:38 PM pfSense Packages Bug #10266: ACME: Changing validation from http to dns provokes ACME: Hi,
Confirmed (again), the issue described now works correctly.
A Andrew Nimmo
01:25 PM pfSense Packages Bug #10266 (Resolved): ACME: Changing validation from http to dns provokes ACME: Thanks! Jim Pingle
01:21 PM pfSense Packages Bug #10266: ACME: Changing validation from http to dns provokes ACME: Hi.
Confirmed working.
Regards,
M Greg M
12:07 PM pfSense Packages Bug #10266 (Feedback): ACME: Changing validation from http to dns provokes ACME: Should be fixed in ACME package version 0.6.5 which synced up to the latest acme.sh changes. Jim Pingle
01:36 PM Bug #10270: OMAPI / disableauthoritative / alwaysbroadcast not saved inside dhcpd.conf: From my comments on that thread (slightly edited to make sense here):
> It's using a variable set inside the per-i... Jim Pingle
01:27 PM Bug #10270 (Resolved): OMAPI / disableauthoritative / alwaysbroadcast not saved inside dhcpd.conf: discussion here
https://forum.netgate.com/topic/150658/no-config-entry-for-omapi
with multiple lan network if i s... Manuel Piovan
12:15 PM pfSense Packages Bug #7829 (Duplicate): Unable to expand the "Advanced Server Settings" in ACME certificate edit: Actually duplicated by #9347 but that had a more accurate description of what was happening. It should be better on A... Jim Pingle
12:12 PM pfSense Packages Bug #9347 (Feedback): Domain SAN list displays "Key Algorithm: HMAC-MD5, API Endpoint: portal.nexcess.net": This should be better in ACME package version 0.6.5. I added default values for those fields which are set to 'none' ... Jim Pingle
12:08 PM pfSense Packages Bug #9752 (Resolved): ACME - Actions have no access to additionally generated certificate files.: Fixed months ago, no additional feedback. Jim Pingle
12:08 PM pfSense Packages Bug #9888 (Resolved): ACME output sent to browser without encoding: Fixed months ago, no additional feedback. Jim Pingle
08:03 AM Bug #10269 (Not a Bug): Mutual PSK IPSec tunnels requiring certificate and thus failing authentication: I have several PSK-only tunnels on 2.4.5 and 2.5.0 that work without error. Post on the forum for help in diagnosing ... Jim Pingle
03:20 AM Bug #10269 (Not a Bug): Mutual PSK IPSec tunnels requiring certificate and thus failing authentication: Hi,
I've been running the 2.4.5 nightlies since beta at one site and since RC at two.
In the latest nightlies (... Chris Sutcliff
05:09 AM Feature #4632: Support for Multipath TCP (MPTCP): Well, I guess there's no further development right now. Last commit was 2019-12-12.
I couldn't find any hint if some... Jens Leinenbach

02/18/2020

05:06 PM Revision f9734a1a: Add spaces to concatenation: Balázs Váradi
04:52 PM Revision e845e7d8: Fix PHP syntax error in traffic_shaper_wizard_multi_all.inc: (cherry picked from commit 6dfef2df88a770058fdb2fce32749d3ce96a873e) Jim Pingle
04:52 PM Revision 6dfef2df: Fix PHP syntax error in traffic_shaper_wizard_multi_all.inc: Jim Pingle
04:50 PM Revision 3a95fe41: Fix PHP errors in traffic_shaper_wizard_dedicated.inc: (cherry picked from commit 9d141b4de6a5760b88b94100aa216e0559a102fc) Jim Pingle
04:50 PM Revision 9d141b4d: Fix PHP errors in traffic_shaper_wizard_dedicated.inc: Jim Pingle
03:45 PM Feature #6240: vxlan driver: Any updates on this? the pull request seems trivial. Jason Peron
03:29 PM pfSense Docs Todo #10268 (Closed): Feedback on Services: *Page:* https://docs.netgate.com/pfsense/en/latest/services/index.html
*Feedback:*
This could use a section on ... Chris Linstruth
02:12 PM Revision e59b9382: Fix formatting and remove empty strings: Balázs Váradi
12:44 PM Revision 1c67c475: Broke long lines to improve readability: Followed rbgarga's suggestions. Csoban Kesmarki
12:07 PM Revision 488fc5f8: Merge pull request #4196 from vktg/wangw: Renato Botelho
08:56 AM Bug #10267: DHCP Server PXE options: thank you Jim - interesting...
I thought that already and delete the "wrong" part. but after every service reload -... Ya Sin
07:55 AM Bug #10267 (Rejected): DHCP Server PXE options: The format in the first part is not present in pfSense code. It must have been manually edited into your firewall. On... Jim Pingle
03:28 AM Bug #10267: DHCP Server PXE options: just recognized one more thing:
within the subnet configuration - there is another config showing up the bootfiles... Ya Sin
02:49 AM Bug #10267 (Rejected): DHCP Server PXE options: I was trying to set up a news PXE environment and just recognized this.
see DHCP-Server config:
TFTP Server = 10... Ya Sin
08:30 AM Revision f9c9899b: Accomodate both RADIUS and pool IP addresses in IPsec. Issue #8160: Viktor Gurov
08:04 AM Bug #10176 (In Progress): Multiple duplicate / overlapping phase 2 Child SAs on IPsec tunnels: It took it longer to happen but it still happened when set that way. Still investigating. Jim Pingle
06:08 AM Bug #10264 (Feedback): Gateways created at the console do not apply the naming convention used in the GUI: PR has been merged, thanks! Renato Botelho
06:02 AM pfSense Packages Bug #8830: Automatic flowbit resolution setting does not match description: Viktor Gurov wrote:
> works as expected on 2.5.0.a.20200214.1446 with snort 4.0_11
>
> 2.4.5 PR:
> https://githu... Renato Botelho
05:10 AM pfSense Packages Bug #10266: ACME: Changing validation from http to dns provokes ACME: Subject cut; should read *ACME: Changing validation from http to dns provokes ACME bug* Andrew Nimmo
01:57 AM pfSense Packages Bug #10266 (Resolved): ACME: Changing validation from http to dns provokes ACME: ACME package version: 0.6.4
Updating the validation method of an existing certificate from http to dns causes an e... Andrew Nimmo

02/17/2020

07:48 PM Revision b504ede5: Same gateway naming convention for the console and the WebGUI. Issue #10264: Viktor Gurov
04:50 PM Bug #10176 (Feedback): Multiple duplicate / overlapping phase 2 Child SAs on IPsec tunnels: I don't yet see a reason why it happened, but I caught one tunnel in my lab doing this, 2.5.0 to 2.5.0. An identical ... Jim Pingle
03:16 PM pfSense Packages Bug #10265: Adding a Note with malformed title will force system restore: The string uses characters which are invalid in XML, and that field is not protected. The package should probably val... Jim Pingle
02:27 PM pfSense Packages Bug #10265 (New): Adding a Note with malformed title will force system restore: This is related to using Notes package.
Add a new note with title
"Add/Change/Set the custom resolution of you... Yuri Weinstein
01:50 PM Bug #10264: Gateways created at the console do not apply the naming convention used in the GUI: Fix (+ the same for IPv6 gateways):
https://github.com/pfsense/pfsense/pull/4196 Viktor Gurov
12:04 PM Revision b9642855: Add help for Cloudflare username and password: Balázs Váradi
11:32 AM Revision e67f13c6: Implement Cloudflare DDNS with API token: Balázs Váradi
07:04 AM Bug #9647: hn0: driver does not support altq: still an issue on the latest builds... Dee D

02/16/2020

04:27 PM Bug #10264 (Resolved): Gateways created at the console do not apply the naming convention used in the GUI: When you create a gateway in the webgui by setting an interface as static and adding a new gateway it will, by defaul... Steve Wheeler
04:16 PM Bug #10263 (Not a Bug): Insufficient validation of alias name when restoring aliases: There are lots of ways you can create bad configurations by restoring things improperly. It's not viable to validate ... Jim Pingle
01:57 PM Bug #10263: Insufficient validation of alias name when restoring aliases: Category: Backup/Restore moon sec
01:53 PM Bug #10263 (Not a Bug): Insufficient validation of alias name when restoring aliases: When creating an alias using the GUI, the alias name is validated correctly (only "a-z, A-Z, 0-9 and _"). When Restor... moon sec

02/15/2020

09:31 AM Bug #10176: Multiple duplicate / overlapping phase 2 Child SAs on IPsec tunnels: Was it 2.5.0 on both ends? If either end is 2.4.x, it still could be that side triggering the problem. Jim Pingle
09:16 AM Bug #10176: Multiple duplicate / overlapping phase 2 Child SAs on IPsec tunnels: I just watched this happen in 2.5.0-DEVELOPMENT (amd64) with a configuration straight out of:
https://docs.netgate.c... Izaac Falken
09:06 AM Feature #8160 (Pull Request Review): Accomodate both RADIUS and pool IP addresses in IPsec: Jim Pingle
09:04 AM Feature #8160: Accomodate both RADIUS and pool IP addresses in IPsec: resolved with some extra bugfixes:
https://github.com/pfsense/pfsense/pull/4194 Viktor Gurov
06:44 AM pfSense Packages Bug #10261: Arpwatch fails to download ethercodes.dat: Viktor Gurov wrote:
> this is caused by the default connection timeout (5s) of the download_file() in arpwatch.inc:
... Samuel Scheetz
01:10 AM pfSense Packages Bug #10261: Arpwatch fails to download ethercodes.dat: this is caused by the default connection timeout (5s) of the download_file() in arpwatch.inc:... Viktor Gurov
01:35 AM pfSense Packages Bug #8830: Automatic flowbit resolution setting does not match description: works as expected on 2.5.0.a.20200214.1446 with snort 4.0_11
2.4.5 PR:
https://github.com/pfsense/FreeBSD-ports/p... Viktor Gurov

02/14/2020

08:50 PM Revision 91aa6dfd: Feature #10256: Csoban Kesmarki
07:41 PM Revision 69ad012c: Silence grep when loader.conf.local doesn't exist: Renato Botelho
07:41 PM Revision e2011fc1: Silence grep when loader.conf.local doesn't exist: Renato Botelho
06:53 PM Revision 9bdf3477: Ticket #10254: Set net.pf.request_maxcount on upgrade: Add pre-install script to pfSense-rc to set default value to
net.pf.request_maxcount before reboot Renato Botelho
06:52 PM Revision da569f45: Ticket #10254: Set net.pf.request_maxcount on upgrade: Add pre-install script to pfSense-rc to set default value to
net.pf.request_maxcount before reboot Renato Botelho
04:27 PM pfSense Packages Bug #10261: Arpwatch fails to download ethercodes.dat: I have a workaround in place which involves disabling the update vendors option and using cron to run the command bel... Samuel Scheetz
04:03 PM pfSense Packages Bug #10261: Arpwatch fails to download ethercodes.dat: This is version 2.4.4-RELEASE-p3 (arm64) Samuel Scheetz
04:01 PM pfSense Packages Bug #10261 (Resolved): Arpwatch fails to download ethercodes.dat: I noticed that the ethernet vendor field in arpwatch alerts is always unknown even though the update vendors option i... Samuel Scheetz
04:20 PM pfSense Docs Correction #10262 (Resolved): Feedback on High Availability — Configuring High Availability: *Page:* https://docs.netgate.com/pfsense/en/latest/highavailability/configuring-high-availability.html
*Feedback:*... Chris Linstruth
03:02 PM Bug #9649: IPv6 6RD Tunnel: Any concerns or progress with the Pull Request? I have applied slight variations to 2.5, RELENG 12.1 and Stable-12. ... Ronald Schellberg
03:00 PM Feature #10256 (Pull Request Review): Add support for IPv6 to No-IP Dynamic DNS: Jim Pingle
01:36 PM pfSense Packages Bug #10244: PHP crash: suricata: I think that forcing inclusion of the regex delimeter in the pcre: definition would be very flexible but would defini... John Silva
10:23 AM pfSense Packages Bug #10244: PHP crash: suricata: John Silva wrote:
> If I had to choose I'd choose to not use preg_quote() so that pcre works as expected.
>
> I t... Bill Meeks
12:09 PM Bug #10260 (Duplicate): "cannot define table bogonsv6: Invalid argument - The line in question reads" alert after 2.4.5rc1 update: Duplicate of #10254 Jim Pingle
12:04 PM Bug #10260: "cannot define table bogonsv6: Invalid argument - The line in question reads" alert after 2.4.5rc1 update: Ok, that's better. Those &lt &gt and &quot were literally in the output that I saw. Sean McBride
12:03 PM Bug #10260: "cannot define table bogonsv6: Invalid argument - The line in question reads" alert after 2.4.5rc1 update: ha, redmine has gone and interpreted that output, let me see if I can get it to appear literally how it was:... Sean McBride
12:01 PM Bug #10260 (Duplicate): "cannot define table bogonsv6: Invalid argument - The line in question reads" alert after 2.4.5rc1 update: I was running a nightly build of 2.4.5 from a few weeks ago (sorry forget which) and last night I updated to 2.4.5rc1... Sean McBride
08:15 AM Todo #9356: Find optimal default for net.pf.request_maxcount: This sysctl is on 2.4.5 as well, and the method described here is what we've used so far. The details of that are on ... Jim Pingle
08:02 AM Bug #10254: pf error "too many elements" when attempting to load large tables: Current snapshots have the code which allows us to set the request limit via @net.pf.request_maxcount@. However, it i... Jim Pingle
06:02 AM Bug #10241 (Feedback): Updating Dynamic DNS provider Hover is not working: Renato Botelho
06:01 AM Bug #10001 (Feedback): incorrect route deletion on 2.5: 2nd PR was merged Renato Botelho
06:01 AM Bug #9917: Widget Refresh Logic Flawed: PR https://github.com/pfsense/pfsense/pull/4117 Renato Botelho
06:00 AM Bug #9872 (Feedback): Error during build when compiling a non pfSense software: PR has been merged Renato Botelho
05:59 AM Bug #9806 (Feedback): Undefined variables in filter.inc openvpn aliases section: PR has been merged months ago Renato Botelho
05:58 AM Feature #9152 (New): Sort diag_states_summary.php by states: PR has been closed Renato Botelho
05:55 AM Feature #8160 (New): Accomodate both RADIUS and pool IP addresses in IPsec: PR has been closed due to inactivity Renato Botelho
05:52 AM Bug #9324 (Resolved): IPv6 on top of a PPPOE ipv4 interface assigns parent interface to default route, not pppoe interface: Renato Botelho
05:15 AM Bug #9324: IPv6 on top of a PPPOE ipv4 interface assigns parent interface to default route, not pppoe interface: Can confirm this is present and working on build 2.5.0.a.20200213.1525
Thanks :) James Tandy
03:09 AM Bug #9405 (Resolved): IPsec IPv6 dynamic FQDN Remote Gateways / util.inc resolve_retry() IPv6 support: now it's ok - no any crash reports
tested on 2.5.0.a.20200213.1525 Viktor Gurov
02:40 AM Bug #10200 (Resolved): DHCPv6 domain-search list not sent to clients: works as expected on 2.5.0.a.20200213.1525:... Viktor Gurov
12:34 AM Feature #9661 (Resolved): Increase the number of DHCP/DHCPv6 NTP server options to three (or more): tested on 2.5.0.a.20200213.1525
works as expected, I can see three NTP servers in DHCP Offer:... Viktor Gurov

02/13/2020

10:11 PM Revision 30bbc0a6: Update loader.conf when maximumtableentries changes: On Firewall -> Advanced -> Firewall, when maximumtableentries item
changes, make sure /boot/loader.conf is changed ac... Renato Botelho
10:11 PM Revision 4329a405: Add net.pf.request_maxcount to loader.conf: On FreeBSD 12 and newer pf uses this sysctl to define maximum number of
items supported by its allocations. Make sur... Renato Botelho
08:11 PM Revision 5e3b7c18: Revert "Ticket #3334: Retire additional iftop package": This reverts commit 4f473cd68074af4235971a278ae672d10e1e34a5. Renato Botelho
08:01 PM Revision 1f89dbe3: Ticket #3334: Retire additional iftop package: Renato Botelho
08:00 PM Revision 4f473cd6: Ticket #3334: Retire additional iftop package: Renato Botelho
07:47 PM Revision fa062b53: Merge pull request #4187 from zeroxx1986/master: Renato Botelho
07:42 PM Revision 5c52a260: Feature #9661: Manuel Piovan
07:38 PM Revision b7440bc6: Merge pull request #4186 from vktg/slaacusev4iface: Renato Botelho
07:37 PM Revision 86d933e3: Merge pull request #4189 from vktg/supressdnserror: Renato Botelho
07:35 PM Revision 107d50af: Merge pull request #4192 from vktg/openvpnacl: Renato Botelho
06:30 PM Revision 66a4e05e: Use sh -T to make sure child processes are trapped: Renato Botelho
06:30 PM Revision 9020723c: Use sh -T to make sure child processes are trapped: Renato Botelho
04:14 PM Revision 75a7ebd3: Revert "Implement -a on build_snapshots.sh": This reverts commit 597852052ffa85ca02caa8a8aa79526f8f9595bd. Renato Botelho
04:14 PM Revision c31ef6aa: Revert "Implement -a on build_snapshots.sh": This reverts commit 597852052ffa85ca02caa8a8aa79526f8f9595bd. Renato Botelho
01:47 PM Bug #10241: Updating Dynamic DNS provider Hover is not working: PR has been merged. Thanks! Renato Botelho
01:40 PM Feature #9661 (Feedback): Increase the number of DHCP/DHCPv6 NTP server options to three (or more): PR has been merged. Thanks! Renato Botelho
01:39 PM Bug #9324 (Feedback): IPv6 on top of a PPPOE ipv4 interface assigns parent interface to default route, not pppoe interface: PR has been merged. Thanks! Renato Botelho
01:37 PM Bug #9405 (Feedback): IPsec IPv6 dynamic FQDN Remote Gateways / util.inc resolve_retry() IPv6 support: PR has been merged. Thanks! Renato Botelho
01:36 PM Feature #9206 (Feedback): OpenVPN+RADIUS+Cisco AVPair ACL Enhancements/BugFixes: PR has been merged. Thanks! Renato Botelho
11:09 AM Revision 59785205: Implement -a on build_snapshots.sh: Renato Botelho
11:09 AM Revision 689865c1: Implement -a on build_snapshots.sh: Renato Botelho
09:09 AM Bug #7420: ipsec status freezing: That doesn't quite line up because strongSwan may have many worker threads running, but it still only has a few open ... Jim Pingle
04:32 AM Bug #7420: ipsec status freezing: it works OK if you disable IPsec Mobile
"Several of the threads from the thread pool are "reserved" for long runn... Viktor Gurov
09:03 AM Bug #3334: Status/Traffic Graph isn't IPv6 ready: Also it looks like there is an odd condition where the first time you switch to iftop, it doesn't want to display any... Jim Pingle
09:01 AM Bug #3334 (In Progress): Status/Traffic Graph isn't IPv6 ready: There is still a problem or two here.
The iftop binary is not present unless you manually install the pkg. Also th... Jim Pingle
12:31 AM Bug #3334 (Resolved): Status/Traffic Graph isn't IPv6 ready: tested on 2.5.0.a.20200212.1057
works as expected Viktor Gurov
08:15 AM Feature #10259: Missing linux_common and linprocfs kernel modules: There are other packages which display messages like that which are not necessarily relevant to pfSense. It may not m... Jim Pingle
08:07 AM Feature #10259: Missing linux_common and linprocfs kernel modules: Understood, thanks Jim. I will leave the port as-is for now and look at re-working the gosigar module used in Beats t... Paul Godard
07:45 AM Feature #10259 (Rejected): Missing linux_common and linprocfs kernel modules: The Linux emulation system is not suitable for use in a firewall appliance. It isn't something we would consider addi... Jim Pingle
07:30 AM Feature #10259 (Rejected): Missing linux_common and linprocfs kernel modules: I'm currently working on an updated FreeBSD Port for Beats (https://www.freshports.org/sysutils/beats/ - it’s not yet... Paul Godard
07:54 AM Feature #10258: allow to sign CA: What is the use case for this?
We used to allow something similar in the past but removed it several years ago (CA... Jim Pingle
05:27 AM Feature #10258 (New): allow to sign CA: To create cross-signed intermediate CA,
This feature can be added to the page System / Certificate Manager / CAs /... Viktor Gurov
05:21 AM Revision ae472dc1: OpenVPN radius ACL enhancements. Issue #9206: Shawn Bruce
04:12 AM Bug #4521 (Confirmed): OpenVPN authentication and certificate validation fail due to size of data passed through ``fcgicli``: same issue on pfSense 2.5.0.a.20200212.1057
it fails if subject string > 128
https://github.com/pfsense/FreeBSD... Viktor Gurov

02/12/2020

11:32 PM pfSense Docs Correction #10257 (Closed): incorrect Cisco-AVPair example: https://docs.netgate.com/pfsense/en/latest/book/openvpn/controlling-client-parameters-via-radius.html:
Inbound firew... Viktor Gurov
07:02 PM pfSense Packages Bug #10244: PHP crash: suricata: If I had to choose I'd choose to not use preg_quote() so that pcre works as expected.
I think this could be done s... John Silva
04:27 PM pfSense Packages Bug #10244: PHP crash: suricata: John Silva wrote:
> I think the issue is traced to the following line:
>
> [...]
>
> Unlike snort, the suricat... Bill Meeks
03:56 PM Revision ae9d8b76: get_service_with_port(): Validate port contents. Fixes #10255: Jim Pingle
03:56 PM Revision 7e7572ba: get_service_with_port(): Validate port contents. Fixes #10255: Jim Pingle
03:24 PM Bug #9801: VTI IPv6 addresses don't get assigned: Yep can also confirm it seems to be working as expected. Ben Hughes
03:32 AM Bug #9801 (Resolved): VTI IPv6 addresses don't get assigned: tested on 2.4.5.r.20200211.0854 and 2.5.0.a.20200211.1811
works as expected, /64 netmask Viktor Gurov
02:09 PM Bug #9577: radvd send_ra_forall failed on interface / can't join ipv6-allrouters: Attached is a compiled RADVD for 2.5 with the above patch (slightly modified) incorporated. Added a logging message ... Ronald Schellberg
12:46 PM Feature #10256: Add support for IPv6 to No-IP Dynamic DNS: Changed from Bug to Feature Request as it's not a bug, but a missing feature. Corrected subject to match.
Can you ... Jim Pingle
12:34 PM Feature #10256 (Resolved): Add support for IPv6 to No-IP Dynamic DNS: Suggesting an update to the /etc/inc/services.inc and /etc/int/dyndns.class to support IPv6 Dynamic DNS update for no... Csoban Kesmarki
11:42 AM Bug #10254: pf error "too many elements" when attempting to load large tables: https://github.com/pfsense/FreeBSD-src/commit/8f7d14d3049de4fb6f82c7e97153c4372674a1e7 might need to be reverted, or ... Jim Pingle
11:28 AM Bug #10254: pf error "too many elements" when attempting to load large tables: Looks to be failing around 65k, which was the default limit on @net.pf.request_maxcount@... Jim Pingle
11:10 AM Bug #10254: pf error "too many elements" when attempting to load large tables: Current snapshots have that change reverted but are still not behaving properly. Even though there appears to be suff... Jim Pingle
10:05 AM Bug #10255 (Feedback): status_logs_filter.php: PHP error when log entry contains invalid port: Applied in changeset commit:7e7572ba93c741454c0d8cc5f35a42da100e0ae4. Jim Pingle
09:53 AM Bug #10255 (Resolved): status_logs_filter.php: PHP error when log entry contains invalid port: On status_logs_filter.php if the filter.log contains a log entry with an invalid port, then a PHP error occurs:
<p... Jim Pingle
09:08 AM Revision 9210d0aa: Extra parameter SLAACuseIPv4iface. Issue #9324: Viktor Gurov
08:16 AM Bug #9405 (Pull Request Review): IPsec IPv6 dynamic FQDN Remote Gateways / util.inc resolve_retry() IPv6 support: Jim Pingle
01:22 AM Bug #9405: IPsec IPv6 dynamic FQDN Remote Gateways / util.inc resolve_retry() IPv6 support: Suppress dns_get_record() errors fix:
https://github.com/pfsense/pfsense/pull/4189 Viktor Gurov
07:18 AM Revision 8f85087b: Suppress dns_get_record() errors. Issue #9405: Viktor Gurov
06:18 AM Bug #9533 (Resolved): XG-7100 FAT config restore not working post-install: Jim Pingle
06:14 AM Bug #9533: XG-7100 FAT config restore not working post-install: I have tested both options:
*- update to*
2.4.5-RC (amd64)
built on Tue Feb 11 09:27:41 EST 2020
FreeBSD 1... Danilo Zrenjanin
04:26 AM Bug #1605 (Resolved): DHCP Server should group known clients by interface: tested on 2.5.0.a.20200211.1811
all three modes works as expected Viktor Gurov
01:51 AM Bug #6518 (Closed): IPsec phase 1 VPN not working with IPv6+DNS with "My IP Address" as identifier: no such issue on 2.4.4-p3 and 2.5.0.a.20200211.1811 Viktor Gurov
12:23 AM pfSense Packages Feature #10220 (Resolved): Add softflow 1.0.0 features - sampling and PSAMP export: tested on pfSense 2.5.0.a.20200211.1811 with softflowd 1.2.6
works as expected Viktor Gurov
12:21 AM pfSense Packages Feature #7895 (Resolved): Add a script for CARP monitoring to NRPE: tested on pfSense 2.5.0.a.20200211.1811 with nrpe 3.1_2
ok now Viktor Gurov
12:17 AM Bug #9334 (Resolved): bogus dialogue on Limiter deletion: works as expected on 2.5.0.a.20200211.1811 Viktor Gurov
12:15 AM Feature #10221 (Resolved): Update DH group warnings to say that group 5 is also weak: ok on 2.5.0.a.20200211.1811 Viktor Gurov
12:14 AM Feature #9309 (Resolved): Allow manual selection of IPsec IKE Pseudo-Random Function (PRF): works as expected on 2.5.0.a.20200211.1811 Viktor Gurov

02/11/2020

05:18 PM pfSense Packages Bug #10252: pfblockerng-devel: Grimson Gretzleburg wrote:
> Quote from the VIP section of the DNSBL Webserver Config:
> > Changes to the DNSBL VIP... Chris Roadfeldt
05:17 PM pfSense Packages Bug #10252: pfblockerng-devel: When you change the DNSBL VIP a *Force Update* will not change the Sinkhole'd IPs already established in the pfb_dnsb... BBcan177 .
09:02 AM pfSense Packages Bug #10252 (Not a Bug): pfblockerng-devel: The issue I want to address here is with the pfb_dnsbl.conf file. The IPs are incorrect and do not match the VIP I ha... Chris Roadfeldt
03:06 PM Bug #10254: pf error "too many elements" when attempting to load large tables: Looking in the FreeBSD source, it appears that the code which produces the error (r343520) is present on the branch u... Jim Pingle
02:39 PM Bug #10254: pf error "too many elements" when attempting to load large tables: The easiest way to reproduce the problem is to enable blocking of Bogons on any interface with IPv6 configured. Jim Pingle
02:35 PM Bug #10254 (Resolved): pf error "too many elements" when attempting to load large tables: On at least pfSense-base-2.4.5.r.20200210.0912 and later, pf fails to load large tables no matter what the limits are... Jim Pingle
02:45 PM Revision c7c438fc: comma: Frederic Bor
02:12 PM Revision e0479d47: post-review additional sanity checking of parse_url output #8987: Tom Embt
01:55 PM Revision 322f9f6c: Fix flagged syntax errors.: Jim Pingle
01:54 PM Revision edf8ce05: Point to a checkip doc URL that exists now.: (cherry picked from commit b2bfc3399c802760f25cdc02611b5e79fa3afcd6) Jim Pingle
01:53 PM Revision b2bfc339: Point to a checkip doc URL that exists now.: Jim Pingle
01:35 PM Revision f5e8bd4d: post-review changes to URL parsing and conditional style #8987: Tom Embt
11:39 AM Bug #10248 (Resolved): PHP Warning: A non-numeric value encountered in /etc/inc/rrd.inc on line 418: Jim Pingle
10:55 AM Bug #10248: PHP Warning: A non-numeric value encountered in /etc/inc/rrd.inc on line 418: This tests good here. No more errors. Thanks. Chris Linstruth
09:18 AM pfSense Packages Bug #10251: Avahi-daemon choosing VIP instead of interface IP: Chris Roadfeldt wrote:
> Jim Pingle wrote:
> > Avahi operates using interfaces and selects the addresses automatica... Chris Roadfeldt
09:08 AM pfSense Packages Bug #10251: Avahi-daemon choosing VIP instead of interface IP: Jim Pingle wrote:
> Avahi operates using interfaces and selects the addresses automatically. All the config can do i... Chris Roadfeldt
09:05 AM pfSense Packages Bug #10251 (Not a Bug): Avahi-daemon choosing VIP instead of interface IP: Avahi operates using interfaces and selects the addresses automatically. All the config can do is tell it to use or n... Jim Pingle
08:55 AM pfSense Packages Bug #10251 (Not a Bug): Avahi-daemon choosing VIP instead of interface IP: I have pfblockerng-devel installed and configured with DNSBL on most of my interfaces and VLANs. I also have avahi-da... Chris Roadfeldt
09:17 AM pfSense Packages Bug #10253 (New): pfblockerng-devel uses user interface for VIP causing issues with other services: I have pfblockerng-devel installed and configured with DNSBL on most of my interfaces and VLANs. I also have avahi-da... Chris Roadfeldt
08:09 AM Bug #8987: Web GUI main page very slow to load if wan interface is enabled but not connected.: For anyone reviewing or testing, my steps to reproduce are roughly:
# break your WAN connectivity in some way that t... Tom Embt
07:53 AM pfSense Docs New Content #10007: Feedback on Services — Dynamic DNS: There is a typo in the URL but even spelled correctly, the target page doesn't exist yet. This issue is to create the... Jim Pingle
04:32 AM pfSense Docs New Content #10007: Feedback on Services — Dynamic DNS: That link appears to have a typo. Instead of
https://docs.netgate.com/pfsense/en/latest/book/services/dynamic-dns-... Craig McQueen
07:47 AM Feature #10250: DHCP lease view by interface: The leases are not tracked by interface, so this is not easily possible. Others have requested similar things in the ... Jim Pingle
06:11 AM Feature #10250 (New): DHCP lease view by interface: Improve view: Group customers by interface. Ciro Maretto
04:31 AM Feature #10096: Update services_checkip_edit.php to include a link to The pfSense Book, rather than the community maintained documentation: I saw that this link is in pfSense 2.4.5-RC (amd64) built on Sat Feb 08 13:43:43 EST 2020, but the link doesn't exist... Craig McQueen

02/10/2020

10:02 PM pfSense Packages Bug #10245 (Not a Bug): PHP errors in snort package: Jim Pingle
09:19 PM pfSense Packages Bug #10245: PHP errors in snort package: I think you're correct. This isn't a bug in your code.
There are a couple of things going on.
First, my SID ma... John Silva
10:56 AM pfSense Packages Bug #10245: PHP errors in snort package: I don't believe this is a bug in the Snort package source code. I think it is instead a problem with your search term... Bill Meeks
09:28 PM pfSense Packages Bug #10244: PHP crash: suricata: I think the issue is traced to the following line:... John Silva
08:45 PM pfSense Packages Bug #10244: PHP crash: suricata: Thanks for checking, Bill. These patterns worked OK in 2.4.4-p3 before the 2.4.5-RC upgrade. I do see a pattern typ... John Silva
11:02 AM pfSense Packages Bug #10244: PHP crash: suricata: Same as the issue you reported for the Snort package, I don't believe this is a bug in the Suricata package source co... Bill Meeks
08:41 PM Revision c52c0982: routing warning: Frederic Bor
08:28 PM Revision 10a35d8e: Add e2guardian options: Renato Botelho
08:27 PM Revision f350c6ea: Add e2guardian options: Renato Botelho
07:04 PM pfSense Docs New Content #9753 (Feedback): Feedback on Installing and Upgrading — Writing Disk Images: Jared Dillard
07:03 PM pfSense Docs New Content #9753: Feedback on Installing and Upgrading — Writing Disk Images: If you could provide a short write-up, similar to the others, I can put it in place. Jared Dillard
06:04 PM Revision 386db806: Fix braces. Issue #10246: (cherry picked from commit c03557a25af6a41cb84078416e4f7023449305b2) Jim Pingle
06:03 PM Revision c03557a2: Fix braces. Issue #10246: Jim Pingle
04:08 PM Revision a3ab75ba: NAT rule dst port reference corrections. Fixes #10246: When negating, the number of elements in $dstaddr_port is different. Do
not hardcode the index of the assumed last va... Jim Pingle
04:08 PM Revision f9a16422: NAT rule dst port reference corrections. Fixes #10246: When negating, the number of elements in $dstaddr_port is different. Do
not hardcode the index of the assumed last va... Jim Pingle
03:55 PM Bug #10246 (Resolved): NAT: Syntax error when "Automatic create outbound NAT rules that direct traffic back out to the same subnet it originated from" is enabled: Thanks for testing! Jim Pingle
03:38 PM Bug #10246: NAT: Syntax error when "Automatic create outbound NAT rules that direct traffic back out to the same subnet it originated from" is enabled: Thanks for the quick turnaround @jimp, appreciate it
I can confirm your changes in revision 386db806 resolve the i... James L
02:43 PM Bug #10246: NAT: Syntax error when "Automatic create outbound NAT rules that direct traffic back out to the same subnet it originated from" is enabled: As always, *Thanks Jim*!
Will test shortly. Anonymous
10:15 AM Bug #10246 (Feedback): NAT: Syntax error when "Automatic create outbound NAT rules that direct traffic back out to the same subnet it originated from" is enabled: Applied in changeset commit:f9a16422dcfcc06e5093e33ee91dbce9e4295906. Jim Pingle
03:17 PM Revision 4cd9bc90: Merge pull request #4177 from vktg/gremtu: Renato Botelho
03:15 PM Revision 7d0bed43: Merge pull request #4184 from vktg/dhcpmaclimit: Renato Botelho
03:15 PM Revision 68114fc1: IPsec VTI IPv6 address correction. Fixes #9801: When setting up IPv6 VTI, assume /64 -- Previous code was assuming /32
which wasn't correct, and it can't be /128 eit... Jim Pingle
03:13 PM Revision c519b62f: IPsec VTI IPv6 address correction. Fixes #9801: When setting up IPv6 VTI, assume /64 -- Previous code was assuming /32
which wasn't correct, and it can't be /128 eit... Jim Pingle
02:50 PM Revision 0c448224: Ensure ALTQ bw is treated as int when factoring RRD values. Fixes #10248: (cherry picked from commit 3c95346d32bf4b243b242b73f91c5204ebf16d86) Jim Pingle
02:49 PM Revision 3c95346d: Ensure ALTQ bw is treated as int when factoring RRD values. Fixes #10248: Jim Pingle
02:33 PM pfSense Packages Feature #10242 (In Progress): E2guardian Web filtering package: PR has been merged and code review / improvement just started but we won't build public packages while it's not finished Renato Botelho
08:02 AM pfSense Packages Feature #10242 (Pull Request Review): E2guardian Web filtering package: Did you check with / confirm this was OK with the package author? Jim Pingle
02:11 PM Revision a62ceb92: Revert "Fix #10235": This reverts commit 64e656556369fe61fe4315fac4c1b78e4763e35f. Jim Pingle
02:10 PM Revision ac91bbaa: Revert "Fix #10235": This reverts commit 32218e9e1e69a0e2b91bcd829fcba04ec8586bdc. Jim Pingle
01:30 PM Revision 8c92a782: Merge pull request #4188 from vktg/ipsecph2nohash: Renato Botelho
12:52 PM Revision e6ae7acf: Merge pull request #4185 from vktg/dh5warningph1: Renato Botelho
12:14 PM Bug #10249: Syntax error in filter.inc with 2.4.5.r.20200210.1126 introduced in revision a3ab75ba7d9632eba2dee0d2a1d986949d207ce4: Check the issue again. There is a later commit which corrects the error. Jim Pingle
12:13 PM Bug #10249: Syntax error in filter.inc with 2.4.5.r.20200210.1126 introduced in revision a3ab75ba7d9632eba2dee0d2a1d986949d207ce4: Jim Pingle wrote:
> Fixed on #10246
Nope you introduced a new syntax error that prevents filter.inc from working ... Grimson Gretzleburg
12:05 PM Bug #10249 (Duplicate): Syntax error in filter.inc with 2.4.5.r.20200210.1126 introduced in revision a3ab75ba7d9632eba2dee0d2a1d986949d207ce4: Fixed on #10246 Jim Pingle
11:55 AM Bug #10249 (Duplicate): Syntax error in filter.inc with 2.4.5.r.20200210.1126 introduced in revision a3ab75ba7d9632eba2dee0d2a1d986949d207ce4: Here is the crash report:
> Crash report begins. Anonymous machine information:
>
> amd64
> 11.3-STABLE
> Fr... Grimson Gretzleburg
09:34 AM pfSense Packages Feature #10243 (Feedback): rawserial driver for lcdproc: PR has been merged. Thanks! Renato Botelho
08:03 AM pfSense Packages Feature #10243 (Pull Request Review): rawserial driver for lcdproc: Jim Pingle
09:25 AM Bug #9801 (Feedback): VTI IPv6 addresses don't get assigned: Applied in changeset commit:c519b62f8fc3ed094952c6289d21c429df139c51. Jim Pingle
09:18 AM Bug #9801: VTI IPv6 addresses don't get assigned: I just pushed a change which works on my test setup for existing and new connections.
The GUI still shows 0 but on... Jim Pingle
09:17 AM Feature #10222 (Feedback): Tune GRE MTU if GRE over IPsec is used: PR has been merged. Thanks! Renato Botelho
09:15 AM Bug #1605 (Feedback): DHCP Server should group known clients by interface: PR has been merged. Thanks! Renato Botelho
09:14 AM Bug #9533 (Feedback): XG-7100 FAT config restore not working post-install: Added kern.cam.boot_delay to default loader.conf and also a script to set it during upgrade Renato Botelho
09:00 AM Bug #10248 (Feedback): PHP Warning: A non-numeric value encountered in /etc/inc/rrd.inc on line 418: Applied in changeset commit:3c95346d32bf4b243b242b73f91c5204ebf16d86. Jim Pingle
08:51 AM Bug #10248 (In Progress): PHP Warning: A non-numeric value encountered in /etc/inc/rrd.inc on line 418: Jim Pingle
08:26 AM Bug #10248: PHP Warning: A non-numeric value encountered in /etc/inc/rrd.inc on line 418: Looks like that line is trying to get bandwidth on an ALTQ queue.... Jim Pingle
08:21 AM Bug #10247: Duplicate Outbound NAT entries when creating L2TP server: Setting to 2.5.0 since it's harmless/cosmetic. Jim Pingle
08:12 AM Bug #10235 (Feedback): OpenVPN server tries to push compress parameter when it's empty: I reverted the change here, since it wasn't correct. Jim Pingle
08:08 AM Bug #10235 (In Progress): OpenVPN server tries to push compress parameter when it's empty: I think the change didn't do what was intended here. The 'none' setting should end up with @compress@ only in the con... Jim Pingle
07:59 AM Bug #9663 (Feedback): panic on boot when IPv6 option "Do not wait for a RA" is enabled: Jim Pingle
07:58 AM Bug #9405 (In Progress): IPsec IPv6 dynamic FQDN Remote Gateways / util.inc resolve_retry() IPv6 support: Jim Pingle
07:48 AM Bug #10241 (Pull Request Review): Updating Dynamic DNS provider Hover is not working: Jim Pingle
07:45 AM Bug #10240: Incorrect interface assignment after switching from PPPoE: There was a similar problem in the past ( #1420 ) but this doesn't seem like quite the same issue.
Most likely not... Jim Pingle
07:39 AM Bug #9324 (Pull Request Review): IPv6 on top of a PPPOE ipv4 interface assigns parent interface to default route, not pppoe interface: Jim Pingle
07:38 AM Bug #10239 (Rejected): Crash dump: You have a hardware problem, not a bug.... Jim Pingle
07:37 AM pfSense Packages Feature #10220 (Feedback): Add softflow 1.0.0 features - sampling and PSAMP export: PR merged. Thanks! Renato Botelho
07:26 AM pfSense Packages Feature #10220 (Pull Request Review): Add softflow 1.0.0 features - sampling and PSAMP export: Jim Pingle
07:31 AM Feature #9309: Allow manual selection of IPsec IKE Pseudo-Random Function (PRF): Viktor Gurov wrote:
> If no IPsec PH2 hashes selected (i.e. AES-GCM) after pressing 'apply' you got:
> [...]
>
>... Renato Botelho
07:18 AM pfSense Packages Feature #7895 (Feedback): Add a script for CARP monitoring to NRPE: Fixed on version 3.1_2 Renato Botelho

02/09/2020

06:04 PM Bug #10248 (Resolved): PHP Warning: A non-numeric value encountered in /etc/inc/rrd.inc on line 418: Getting this on boot after upgrading to 2.4.5. Saw it on ARM and amd64.... Chris Linstruth
03:42 PM Bug #10246: NAT: Syntax error when "Automatic create outbound NAT rules that direct traffic back out to the same subnet it originated from" is enabled: Hi,
I also encountered this error a few months back, I forgot to log a redmine for it, but I did post on the forum... Anonymous
02:40 PM Bug #10246 (Resolved): NAT: Syntax error when "Automatic create outbound NAT rules that direct traffic back out to the same subnet it originated from" is enabled: I have the following port forward NAT rule to redirect DNS from LAN clients to a pi-hole:... James L
02:46 PM Bug #10247 (Resolved): Duplicate Outbound NAT entries when creating L2TP server: When enabling and configuring the L2TP server, I noticed that it creates duplicate entries in outbound NAT for the re... James L

Also available in: Atom

Project

General

Profile

pfSense

Activity

Activity

03/09/2020

03/08/2020

03/07/2020

03/06/2020

03/05/2020

03/04/2020

03/03/2020

03/02/2020

03/01/2020

02/29/2020

02/28/2020

02/27/2020

02/26/2020

02/25/2020

02/24/2020

02/23/2020

02/22/2020

02/21/2020

02/20/2020

02/19/2020

02/18/2020

02/17/2020

02/16/2020

02/15/2020

02/14/2020

02/13/2020

02/12/2020

02/11/2020

02/10/2020

02/09/2020