Activity

30 days up to

User

Subprojects

Activity

From 02/18/2020 to 03/18/2020

03/18/2020

08:29 PM Revision 1370d006: Fix 2.5.0 URL: Renato Botelho
08:06 PM pfSense Packages Feature #10356 (Resolved): Support for additional Notification Support: Refer to feature #10354 Telegram Notification Support in the main pfsense package.
In order for the service watch... John Kap
07:39 PM Revision 03de4431: The time has come for 2.4.5-RELEASE: Renato Botelho
02:29 PM Revision 14b52494: IPsec PH2 bypass mode. Issue #3329: Viktor Gurov
02:15 PM Bug #10355 (Resolved): diag_ping.php: Potential XSS via Hostname parameter: Improper input is rejected by validation on 2.4.5.r.20200318.1200 Jim Pingle
09:05 AM Bug #10355 (Feedback): diag_ping.php: Potential XSS via Hostname parameter: Applied in changeset commit:cc3990a334059018b004c91eeb66c147d8afe83d. Jim Pingle
08:56 AM Bug #10355: diag_ping.php: Potential XSS via Hostname parameter: diag_traceroute.php is unaffected but I made the same changes there to be safe. Jim Pingle
08:54 AM Bug #10355 (Resolved): diag_ping.php: Potential XSS via Hostname parameter: On diag_ping.php, the hostname isn't fully validated and the output is not encoded, leading to a potential XSS.
Us... Jim Pingle
01:56 PM Revision f3761c15: Validation and encoding for Ping and Traceroute. Fixes #10355: (cherry picked from commit cc3990a334059018b004c91eeb66c147d8afe83d) Jim Pingle
01:55 PM Revision cc3990a3: Validation and encoding for Ping and Traceroute. Fixes #10355: Jim Pingle
07:03 AM Feature #10354: Telegram Notification Support: Please submit your code as a pull request on github:
https://docs.netgate.com/pfsense/en/latest/development/submit... Viktor Gurov
06:07 AM Feature #3718: radvd - enhancement proposal: ability to advertise routes and some fixes - patches attached: I'm about to submit a PR now. However, there's one issue I'd like to figure out first:
The info text added by the ... Magnus Holmgren
05:39 AM Bug #9596 (Resolved): DHCPv6 Range should not be mandatory if Stateless DHCP selected as router mode: works as expected on 2.5.0.a.20200317.1949
I see the route to the default gateway via interface:... Viktor Gurov
05:32 AM Feature #9834 (Resolved): system_certmanager.php: add ability to import certificate without private key: works as expected on 2.5.0.a.20200317.1949 Viktor Gurov
05:28 AM Feature #10274 (Resolved): DNS64 support: works as expected on 2.5.0.a.20200317.1949 Viktor Gurov
05:25 AM Bug #10305 (Resolved): Using special character in Schedules description: OK on 2.5.0.a.20200317.1949 Viktor Gurov

03/17/2020

07:38 PM Feature #10354 (Resolved): Telegram Notification Support: In addition to providing SMTP notifications, give the option to send notifications to the Telegram application via it... John Kap
04:45 PM pfSense Docs Correction #10334 (Closed): Feedback on Firewall — Allowing Remote Access to the webGUI: This was fixed in https://github.com/pfsense/docs/commit/5ea5ff5352149e9509f303711963ade1ef602fbd. Thanks for the exa... Jared Dillard
04:17 PM Revision 787e634e: Sanitize ldapbindpass and ldap_pass. Issue #10349: Viktor Gurov
03:36 PM Revision edc7e81f: Add OpenVPN config files to status output. Implements #10350: This form will only work on 2.5.0 since the directory layout changed. Jim Pingle
03:21 PM Revision 46ab767e: Add units in ntp status page. Issue #2850: Viktor Gurov
02:42 PM Revision 6521c5f6: Disable autocomplete for pkg_edit password fields. Issue #9864: Jim Pingle
02:29 PM Revision 5ee65c00: CDATA encode FreeRADIUS user names/passwords. Issue #4497: Jim Pingle
12:58 PM Revision 3dd5090f: Additional BOOTP/DHCP Options per host. Issue #8990: Viktor Gurov
11:19 AM Todo #10349: status.php: Sanitize ldapbindpass and ldap_pass: https://github.com/pfsense/pfsense/pull/4239 Viktor Gurov
09:51 AM Todo #10349 (Pull Request Review): status.php: Sanitize ldapbindpass and ldap_pass: See comments on the PR Jim Pingle
02:33 AM Todo #10349: status.php: Sanitize ldapbindpass and ldap_pass: This PR also removes double lighttpd_ls_password and sorts all values alphabetically:
https://gitlab.netgate.com/pfS... Viktor Gurov
10:51 AM Todo #10353 (Resolved): Update pkg to 1.13.x: pkg 1.13.x updated metadata version to 2. There is a bug on poudriere where package repositores are created with met... Renato Botelho
10:45 AM Feature #10350 (Feedback): Add OpenVPN configuration file(s) to status.php file: Applied in changeset commit:edc7e81f621805af8174fd7cf7299eb6afe1969c. Jim Pingle
09:58 AM Feature #2850 (Pull Request Review): add units in ntp status page: Jim Pingle
03:37 AM Feature #2850: add units in ntp status page: https://github.com/pfsense/pfsense/pull/4238 Viktor Gurov
09:46 AM Feature #10348 (Pull Request Review): Add localhost to NTP Interfaces: Jim Pingle
07:32 AM Feature #10348: Add localhost to NTP Interfaces: I also had a PR ready but I was waiting for the other requests to be merged
i had a different mods for that, i put i... Manuel Piovan
09:27 AM Bug #10352 (New): RADIUS authentication fails with MSCHAPv1 or MSCHAPv2 when passwords contain international characters: RADIUS authentication fails with the authentication server entry set to use MSCHAPv1 or MSCHAPv2 when passwords conta... Jim Pingle
07:05 AM Feature #10321 (Resolved): URL/URL Table alias with IDN hostnames: works as expected on 2.5.0.a.20200317.0046
Viktor Gurov
07:04 AM Bug #10336 (Resolved): fatal error on firewall_aliases_edit.php: no such error on 2.5.0.a.20200317.0046... Viktor Gurov
03:52 AM Feature #7361: 2.3.4 - Add possibility to modify UDP (First, Single, Multiple) and TCP Timeouts per rule and not only per global parameter: It is not the duplicate of #1635!
I'd like to have this possibility too. Dmitry Shumilin
02:28 AM Bug #10351: Saving IPSEC connection breaks FRR BGP on VTI interfaces: I should have made it clearer that /etc/rc.newipsecdns is run post-patch. Steven Brown
02:28 AM Bug #10351 (Resolved): Saving IPSEC connection breaks FRR BGP on VTI interfaces: I believe this is related to Bug #9668.
When editing a Phase 1 IPSEC connection and clicking save and then apply, ... Steven Brown

03/16/2020

08:10 PM Revision 62725308: Add localhost to NTP Interfaces. Issue #10348: Viktor Gurov
06:10 PM Feature #10350 (Resolved): Add OpenVPN configuration file(s) to status.php file: On status.php, we include the IPsec configuration file but we don't include the equivalent for OpenVPN (for example /... Anonymous
04:28 PM Todo #10349 (Resolved): status.php: Sanitize ldapbindpass and ldap_pass: config-sanitized.xml contains clear-text passwords:
<ldapbindpass> - squidguard LDAP DN Password (squidguard.xml)
<... Viktor Gurov
04:17 PM Feature #10348: Add localhost to NTP Interfaces: NTPD listens for 127.0.0.1:123 and :: 1: 123 anyway, but this PR allows you to select _only_ Loopback as the listenin... Viktor Gurov
01:25 PM Revision eb677c34: Update services_ntpd_gps.php: Manuel Piovan
01:14 PM Revision 2912f94c: Update services_ntpd_gps.php: Manuel Piovan
09:02 AM Bug #10327 (Pull Request Review): Fix/Update GPS initialization commands for Garmin devices.: Jim Pingle
08:28 AM Bug #10327: Fix/Update GPS initialization commands for Garmin devices.: PR https://github.com/pfsense/pfsense/pull/4236 Manuel Piovan
08:06 AM pfSense Packages Bug #8774 (Pull Request Review): Whitelist ALC type not supported by ssl_bump: Jim Pingle
08:04 AM Bug #10346 (Pull Request Review): DHCPv6 service Dynamic DNS errors: Jim Pingle
07:56 AM Feature #10340: IPsec Mobile GUI Improvement (Dashboard and Status > IPsec > Leases): If this is done, the distinction should include an icon or other formatting change. Using red/green only as visual in... Jim Pingle
07:56 AM Feature #10345: Improve distinction between online and idle/offline entries in DHCP lease list: If this is done, the distinction should include an icon or other formatting change. Using red/green only as visual in... Jim Pingle
07:48 AM Bug #3176: Hosts file corrupted when using "Register DHCP leases in DNS forwarder": Just had something that looks exactly like this happen in 2.4.4-RELEASE-p3 with my overrides list truncated in the mi... Erik Fonnesbeck
03:23 AM Feature #10273: OpenVPN compile with --enable-async-push: Hi,
Please be aware that a fix for openvpn (--enable-async-push is broken on FreeBSD) has been committed to master... Lev Stipakov

03/15/2020

08:48 PM Feature #10348 (Resolved): Add localhost to NTP Interfaces: When selecting interfaces its not possible to select localhost unless deselecting all interfaces and enabling the use... B T
04:59 PM Bug #9267: dhclient does not handle protocol timeouts or script failures correctly: This looks good in 2.4.5 with the patch to the script and the patched binary in place.
Without the patches dhclien... Steve Wheeler
02:24 PM Feature #1557 (Resolved): Add the Interface descriptions to the OS interface descriptions: works as expected on 2.5.0.a.20200314.1917:... Viktor Gurov
02:02 PM pfSense Packages Bug #8774: Whitelist ALC type not supported by ssl_bump: https://github.com/pfsense/FreeBSD-ports/pull/799 Viktor Gurov
12:25 PM Feature #10231 (Duplicate): Replace --route-nopul with --pull-filter: #10347 Jim Pingle
10:53 AM Feature #10231: Replace --route-nopul with --pull-filter: Posted this in the wrong place.
Please close or delete.
Thanks. Pippin MMD
10:58 AM Feature #9702: OpenVPN "push-reset" option in Client Specific Override breaks "subnet" topology: +1 for this option to be added.
A checkbox, when ticked reveals a box to enter the options to remove.
Thanks. Pippin MMD
10:51 AM pfSense Packages Feature #10347 (New): Request to add pull-filter: Since the option --route-nopull is under discussion to be deprecated I would like to propose --pull-filter to be adde... Pippin MMD
08:03 AM Bug #10344 (Rejected): DNS Resolver requires full system restart before applying Host Overrides: Can't reproduce this as stated and, like the last comment states, most likely would have been something else causing ... Jim Pingle
06:51 AM Bug #10344: DNS Resolver requires full system restart before applying Host Overrides: Hmmm, this might have been due to having my VPN running at the same time. I've just hit something else that was fish... Shareef Jalloq
07:53 AM Bug #10346: DHCPv6 service Dynamic DNS errors: https://github.com/pfsense/pfsense/pull/4235 Viktor Gurov
07:48 AM Bug #10346 (Resolved): DHCPv6 service Dynamic DNS errors: 1) The DHCPv6 Server & RA page is not allow to enter IPv6 address in DDNS Server IP field (IPv4?)
2) The DHCPv6 Serv... Viktor Gurov
04:33 AM Bug #6239: DHCP server NTP fields should allow hostnames: Beat Siegenthaler wrote:
> Chris Buechler wrote:
> > Same restriction exists on DHCPv6 Server, but dhcpd won't star... Viktor Gurov

03/14/2020

10:14 PM Feature #10345 (Resolved): Improve distinction between online and idle/offline entries in DHCP lease list: On the +*Status / DHCP Leases*+ page the distinction between *on*-line and *off*-line is not very clear.
Would it ... Chris Klomp
02:13 PM Feature #4881: Allow NPt to use dynamic IPv6 networks: Holger Glemser wrote:
> CK, are you sure that you cannot get a "real" prefix from your ISP?...
Thanks Holger, now... Csoban Kesmarki
10:20 AM Bug #10344 (Rejected): DNS Resolver requires full system restart before applying Host Overrides: I've just hit a bug where after creating a new Host Override in the DNS Resolver, I've had to restart pfSense before ... Shareef Jalloq
05:51 AM Bug #6239: DHCP server NTP fields should allow hostnames: Chris Buechler wrote:
> Same restriction exists on DHCPv6 Server, but dhcpd won't start with FQDNs there so that's c... Beat Siegenthaler

03/08/2020

04:09 PM Bug #10307: NTP status widget doesn't display stratum: Also NTP status page shows truncated IPv6 address
from ntpq(1):... Viktor Gurov
06:03 AM Bug #10307: NTP status widget doesn't display stratum: affected version also 2.5.0
Candidate 192.168.10.200 .GPS. 1 u 28 64 17 0.187 -0.436 0.048
Candidate 172.17.0.100 ... Manuel Piovan
02:12 PM Feature #10322: Force ipv4/ipv6 DNS resolution for NTP servers: Jim,
For an unknown reason - even though my setup is configured for only ipv4, sometimes NTP will randomly resolve... Christian Borchert
01:09 PM Feature #10322: Force ipv4/ipv6 DNS resolution for NTP servers: It's not a bug, it's just not supported.
It could be added. For example, with an option for each server in the NTP... Jim Pingle
12:05 PM Feature #10322 (Resolved): Force ipv4/ipv6 DNS resolution for NTP servers: Per http://doc.ntp.org/current-stable/confopt.html one should be able to prefix an NTP server hostname with either '-... Christian Borchert
10:07 AM Revision 48a15754: URL/URL Table alias with IDN hostnames. Issue #10321: Viktor Gurov
05:08 AM Feature #10321: URL/URL Table alias with IDN hostnames: https://github.com/pfsense/pfsense/pull/4222 Viktor Gurov
04:56 AM Feature #10321 (Resolved): URL/URL Table alias with IDN hostnames: Add ability to use IDN hostnames ('täst.de') in URL/URL Tables files
idn_to_ascii() is used to convert IDN to punn... Viktor Gurov

03/07/2020

09:19 PM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: This bug still persists in Build 2.4.5.r.20200307.0900.
. Chris Poillion
05:14 PM pfSense Packages Bug #10320: lcdproc Crash report begins: for($i = 0; $i < ($lcdpanel_height - 1) && i < count($traffic); $i++)... Manuel Piovan
05:07 PM pfSense Packages Bug #10320: lcdproc Crash report begins: the first crash seem to be related to the last option undere screen, Addresses by traffic
i add this information: WA... Manuel Piovan
05:04 PM pfSense Packages Bug #10320: lcdproc Crash report begins: if i stop the service lcdproc i have another crash report for a while, i think LCDd is killed but lcdproc took some t... Manuel Piovan
03:33 PM pfSense Packages Bug #10320 (Resolved): lcdproc Crash report begins: Crash report begins. Anonymous machine information:
amd64
12.0-RELEASE-p10
FreeBSD 12.0-RELEASE-p10 ce9563d5729(... Manuel Piovan
05:06 PM pfSense Docs New Content #10311: Default net.link.ifqmaxlen value leads to packet loss under load in OpenVPN: I am continuing to investigate OpenVPN Performance using PFSense as virtual machine under VMWare.
Following tweaks... Alexey Ab
03:37 PM Bug #10319 (Needs Patch): VTI statistics are incorrect: If that is still a problem on 2.4.5 and 2.5.0, that should be reported upstream to FreeBSD (Assuming it can be replic... Jim Pingle
01:06 PM Bug #10319 (Needs Patch): VTI statistics are incorrect: The statistics reported by status/interfaces are wrong for IPsec VTIs.
All the values are mixed and reported as "o... Frederic Bor
12:26 PM pfSense Packages Bug #6690: SURICATA IPS Issue - Kills VLANS & Traffic Shaper: Tenzen Tunkman wrote:
> This issue is still not solved - Inline filtering will break traffic shaping as well as for ... Bill Meeks
08:19 AM pfSense Packages Bug #6690: SURICATA IPS Issue - Kills VLANS & Traffic Shaper: This issue is still not solved - Inline filtering will break traffic shaping as well as for example traffic graph fun... Tenzen Tunkman
06:56 AM Revision a675d425: Add interface description to OS interface description. Issue #1557: Viktor Gurov
05:38 AM Bug #9622: Changing admins membership does not replicate correctly to HA slave: Updated PR with added checkbox to on/off feature:
https://github.com/pfsense/pfsense/pull/4221 Viktor Gurov
05:19 AM Revision d5155a01: Notifications page input validation. Issue #8522: Viktor Gurov
04:03 AM Bug #10236: Cannot add more than 2 VMXNET3 Adapters in vSphere: Upgraded 2.4.4-p3 to snapshot 2020-03-07 0136
I have 3 VMX connected and all seems to be working. No issues. Tommy Kuhler
01:08 AM Feature #1557: Add the Interface descriptions to the OS interface descriptions: https://github.com/pfsense/pfsense/pull/4220 Viktor Gurov

03/06/2020

08:19 PM Bug #9577: radvd send_ra_forall failed on interface / can't join ipv6-allrouters: Can you add a link to the PR?
[[https://github.com/pfsense/FreeBSD-ports/pull/773]]
Ronald Schellberg
02:28 PM Bug #8522 (Pull Request Review): SMTP test says success when actually fails: Jim Pingle
03:22 AM Bug #8522: SMTP test says success when actually fails: This PR adds extra input validation:
https://github.com/pfsense/pfsense/pull/4218 Viktor Gurov
02:22 PM Revision bd46a6c0: IPsec mobile page minor fixes. Issue #8160: Viktor Gurov
02:17 PM Bug #10317 (Pull Request Review): SMTP notifications validating SSL when option disabled: Jim Pingle
12:28 AM Bug #10317: SMTP notifications validating SSL when option disabled: Correct,
from https://www.php.net/manual/en/context.ssl.php:... Viktor Gurov
02:15 PM Bug #10314 (Resolved): Per-user IKEv2 settings are not functioning on 2.5.0: Jim Pingle
02:13 PM Feature #8160 (Pull Request Review): Accomodate both RADIUS and pool IP addresses in IPsec: Jim Pingle
08:53 AM Feature #8160: Accomodate both RADIUS and pool IP addresses in IPsec: works as expected on 2.5.0.a.20200305.2255
but some minor fixes:
https://github.com/pfsense/pfsense/pull/4219
Viktor Gurov
09:49 AM Feature #10316: Add year in log format: Actually got the answer. Thank you jsinix na
09:47 AM Feature #10316: Add year in log format: Jim Pingle wrote:
> Already implemented in #9808 (Enable RFC 5424 log mode on 2.5.0)
I am on 2.4.4, So I need to... jsinix na
09:05 AM Feature #10318 (Resolved): Do not restart PPPoE server after adding/modifying users: Full daemon restart drops PPPoE clients sessions and may cause issues with other packages.
This is useless since mpd... Viktor Gurov
08:00 AM Bug #10296 (Resolved): swanctl.conf may need multiple pools to support IPv4 and IPv6: tested on 2.5.0.a.20200305.2255
works ok now,- mobile-pools inherits attributes Viktor Gurov
06:30 AM Revision 93166bdc: Fix SMTP SSL/TLS disable validation. Issue #10317: Viktor Gurov
06:05 AM pfSense Packages Bug #8729 (Resolved): IPv6 - FRR BGP issue with Redistribute connected networks: tested on 2.5.0.a.20200305.2255 with frr 0.6.4_2
works as expected - address family sections now looks good
Viktor Gurov

03/05/2020

11:50 PM Bug #10317 (Resolved): SMTP notifications validating SSL when option disabled: The function send_smtp_message in etc/inc/notices.inc will try to verify the SSL certificate, even though the Validat... John Clark
07:04 PM Feature #10316 (Duplicate): Add year in log format: Already implemented in #9808 (Enable RFC 5424 log mode on 2.5.0) Jim Pingle
06:22 PM Feature #10316 (Duplicate): Add year in log format: hello , the logs under /var/log/* on pfsense doesn't have a year in the timestamp . can it be added ?
Mar 5 18:31... jsinix na
04:35 PM Revision 81092348: Do not restart L2TP server after adding/modifying users. Issue #4866: Viktor Gurov
02:49 PM Bug #10315: Cannot add network devices using PCI Passthrough from QEMU hypervisor: We can't keep open duplicate entries for everything in the FreeBSD PR system, even if they might be relevant to certa... Jim Pingle
07:24 AM Bug #10315 (Needs Patch): Cannot add network devices using PCI Passthrough from QEMU hypervisor: There is nothing actionable for us here. It's a problem in FreeBSD that must be addressed upstream.
Jim Pingle
04:27 AM Bug #10315: Cannot add network devices using PCI Passthrough from QEMU hypervisor: Update to details above:
Passing through the PCIe-based WiFi is necessary for a proxmox hypervisor because proxmox d... Bryon Baker
04:25 AM Bug #10315 (Needs Patch): Cannot add network devices using PCI Passthrough from QEMU hypervisor: When running pfSense as a VM in QEMU you are unable to use PCIe passthrough of network devices.
For example, you can... Bryon Baker
10:11 AM Bug #10295 (Pull Request Review): Unescaped characters in dhcp-client-identifier prevent DHCPD from starting on interface: Jim Pingle
10:08 AM Bug #4866 (Pull Request Review): L2TP server are restarted after adding/modifying L2TP users (mpd.secret): Jim Pingle
07:20 AM Bug #4866: L2TP server are restarted after adding/modifying L2TP users (mpd.secret): If this works, we should also change the PPPoE server to behave the same way. That should be a separate Redmine issue... Jim Pingle
07:12 AM Bug #4866: L2TP server are restarted after adding/modifying L2TP users (mpd.secret): This PR moves creation of the mpd.secret file to a separate function that does not restart mpd daemon:
https://githu... Viktor Gurov
05:47 AM Feature #8794: NTP authentication support: Currently supported NTP auth hashes by vendors:
Juniper - MD5, SHA1, SHA256
Huawei - MD5, SHA256
Palo Alto - MD5, ... Viktor Gurov
05:39 AM Revision 00318445: Replace double quote character in DHCP client ID. Issue #10295: Viktor Gurov

03/04/2020

11:50 PM Bug #10281: I can unassign interface even if it is used in FRR OSPF: from https://redmine.pfsense.org/issues/9789:
_There is no elegant or simple way for notifying a running package tha... Viktor Gurov
09:12 PM Revision faf07413: Fix IPsec mobile user and pool references. Fixes #10296 Fixes #10314: Jim Pingle
03:20 PM Bug #10314 (Feedback): Per-user IKEv2 settings are not functioning on 2.5.0: Applied in changeset commit:faf07413977457bc0aa3fccf64ff724e79d79da2. Jim Pingle
03:11 PM Bug #10314 (In Progress): Per-user IKEv2 settings are not functioning on 2.5.0: Jim Pingle
03:10 PM Bug #10314 (Resolved): Per-user IKEv2 settings are not functioning on 2.5.0: Since the swanctl conversion, per-user settings do not appear to function properly. This is a regression but only aff... Jim Pingle
03:20 PM Bug #10296 (Feedback): swanctl.conf may need multiple pools to support IPv4 and IPv6: Applied in changeset commit:faf07413977457bc0aa3fccf64ff724e79d79da2. Jim Pingle
03:11 PM Bug #10296: swanctl.conf may need multiple pools to support IPv4 and IPv6: See also: #10314 Jim Pingle
12:02 PM pfSense Docs Correction #9638: Feedback on High Availability — Configuring High Availability: A few extra notes from an overlapping entry in the internal Redmine:
> The book still shows you can only use admin... Jim Pingle

03/03/2020

11:51 AM Bug #10308 (Resolved): PHP error in /etc/inc/service-utils.inc on line 378: Looks good Jim Pingle
11:41 AM Bug #10235 (Resolved): OpenVPN server tries to push compress parameter when it's empty: No problems on current snapshots that I can see, with the proper combinations of settings. Jim Pingle
11:40 AM Bug #10255 (Resolved): status_logs_filter.php: PHP error when log entry contains invalid port: No PHP error with the affected log messages on 2.4.5.r.20200302.1200 Jim Pingle
07:51 AM Bug #10254 (Resolved): pf error "too many elements" when attempting to load large tables: Jim Pingle
07:51 AM Bug #10254: pf error "too many elements" when attempting to load large tables: Systems where this problem was due to loader.conf issues appear to be OK on current snapshots. I've upgraded a system... Jim Pingle
06:04 AM Feature #10312 (New): Reordering of NAT rules without dragging: When dragging of rules is disabled in general setup, filter rules can be reordered using the checkbox/anchor controls... Christian Ullrich

03/02/2020

10:04 PM pfSense Docs New Content #10311: Default net.link.ifqmaxlen value leads to packet loss under load in OpenVPN: Commenting to watch. (Personally I expect that 128 has been chosen as good trade off between performance and keeping... Anonymous
09:04 PM pfSense Docs New Content #10311 (New): Default net.link.ifqmaxlen value leads to packet loss under load in OpenVPN: Default value for net.link.ifqmaxlen is 128.
When OpenVPN is under load and transfer speed reaches 20-30 MBit, we ... Alexey Ab
02:47 PM Bug #10310 (New): Systems with low RAM and several packages may temporarily fail to load large tables after an upgrade: Systems with lower amounts of RAM and with many packages installed may temporarily fail to load tables at boot time o... Jim Pingle
01:44 PM Revision bb3d662a: Fix potential PHP error in service-utils.inc. Fixes #10308: Jim Pingle
12:58 PM pfSense Packages Bug #10309 (Rejected): frr in pf2.4.5: Most of these are not bugs but just a fact of how the FRR package works. Configuring FRR manually in Linux (or even F... Jim Pingle
12:45 PM pfSense Packages Bug #10309 (Rejected): frr in pf2.4.5: 1.when i deleted an Neighbor via web gui, but this session still run in frr. i have to restart pf system.
2.when i c... yon Liu
11:03 AM pfSense Packages Bug #10185 (Closed): Suricata 'Alert Log View Filter' undesirably port matches substrings instead of exact port: Jim Pingle
11:03 AM pfSense Packages Feature #9848 (Closed): file-store retention limits: Jim Pingle
11:03 AM pfSense Packages Bug #10244 (Closed): PHP crash: suricata: Jim Pingle
11:02 AM Bug #10306 (Pull Request Review): Incorrect IPsec service status: Jim Pingle
10:55 AM Bug #10305 (Pull Request Review): Using special character in Schedules description: Jim Pingle
10:44 AM Feature #7284 (Pull Request Review): NTPd Autoset GPS device baud rate: Jim Pingle
10:30 AM Feature #9828 (Pull Request Review): L2TP (long) username containing @ (realm separator): Jim Pingle
07:50 AM Bug #10308 (Feedback): PHP error in /etc/inc/service-utils.inc on line 378: Applied in changeset commit:bb3d662a963b56694d9aa8c9509ab70775c1b263. Jim Pingle
07:41 AM Bug #10308 (In Progress): PHP error in /etc/inc/service-utils.inc on line 378: Jim Pingle
07:41 AM Bug #10308 (Resolved): PHP error in /etc/inc/service-utils.inc on line 378: If the configuration contains no @load_balancer@ section, a PHP error may occur:... Jim Pingle
06:55 AM Bug #10303: pfSense-upgrade is not upgrading itself: Due to change of pfSense-upgrade dependency to pfSense meta package, before upgrade cycle it was not registered as a ... Renato Botelho

03/01/2020

06:07 PM pfSense Packages Bug #10279: pfSense's OpenVM Tools on ESXi 6.7 no longer provides guest vm functionality: Thanks for the info! Looking ahead, ESXi 7.0 is headed toward a launch at VMworld late August 2020. That said, if 2... Travis McMurry
10:14 AM Bug #10307: NTP status widget doesn't display stratum: Ohhh... as soon as it selects a sane peer, the problem goes away.
Now I don't know if the problem is "Outlier" or if... Adam Thompson
10:11 AM Bug #10307 (Resolved): NTP status widget doesn't display stratum: On 2.4.4-RELEASE-p3, if I have a) an IPv6 NTP server, and b) the NTP status widget on the dashboard, the widget doesn... Adam Thompson

02/29/2020

09:19 PM pfSense Packages Bug #10185: Suricata 'Alert Log View Filter' undesirably port matches substrings instead of exact port: The requested feature has been added to the Filter Panel on the ALERTS tab of the latest Suricata GUI package release... Bill Meeks
09:16 PM pfSense Packages Feature #9848: file-store retention limits: This feature has been added to the LOGS MGMT tab in Suricata and also code was added to the logs and space management... Bill Meeks
09:13 PM pfSense Packages Bug #10244: PHP crash: suricata: This is addressed by the latest posted versions of the Suricata GUI packages for pfSense 2.4.5-RC and 2.5-DEVEL. The ... Bill Meeks
05:05 PM Feature #8786: Wireguard VPN: See these links:
https://svnweb.freebsd.org/base?view=revision&revision=357986
https://svnweb.freebsd.org/base?view... Lai Wei-Hwa
04:47 PM Bug #10303: pfSense-upgrade is not upgrading itself: https://forum.netgate.com/topic/150931/update
Looks like a bug or two still.
Follow Peters fix above if this go... Chris Palmer
10:17 AM Bug #10303: pfSense-upgrade is not upgrading itself: Yes there is currently something going wrong here. I updated to 2.4.5.r.20200229.0900 a moment ago, using the WebUI:
... Grimson Gretzleburg
12:34 AM Bug #10303: pfSense-upgrade is not upgrading itself: Peter Pain wrote:
> I got a
>
> /bin/sh: cannot open /usr/local/sbin/pfSense-upgrade: No such file or directory
... Chris Palmer
04:30 PM Revision 27e1febb: NTP WebGUI checkbox fix. Issue #10276: Viktor Gurov
02:13 PM Revision 60e34dde: Incorrect IPsec service status. Issue #10306: Viktor Gurov
10:56 AM Feature #10301: Password confirmation when exporting encrypted backup file: I see ... Viktor Gurov
08:47 AM Revision 008c1545: Special characters in Schedules descr and rangedescr fields. Issue #10305: Viktor Gurov
08:15 AM Bug #10306: Incorrect IPsec service status: This PR adds extra charon process checking:
https://github.com/pfsense/pfsense/pull/4215 Viktor Gurov
08:12 AM Bug #10306 (Resolved): Incorrect IPsec service status: If you do some changes on the IPsec Mobile or IPsec Advanced tab and press apply,
Strongswan daemon restarted, but y... Viktor Gurov
06:19 AM Revision f1efc792: L2TP username containing @ (realm separator). Issue #9828: Viktor Gurov
02:51 AM Bug #10305: Using special character in Schedules description: > ... Viktor Gurov
02:45 AM Bug #10305 (Resolved): Using special character in Schedules description: When using special characters in Schedules and timeranges description fields
firewall_schedule.php page shows escapi... Viktor Gurov
01:46 AM Bug #10304 (Closed): ``radvd`` only responds to the first Router Solicitation received after each multicast Router Advertisement: I've noticed that radvd will only respond to the first Router Solicitation received by the router after a multicast R... Kev Kitchens
01:00 AM Feature #7284: NTPd Autoset GPS device baud rate: Updated PR:
https://github.com/pfsense/pfsense/pull/4213 Viktor Gurov
12:24 AM Feature #9828: L2TP (long) username containing @ (realm separator): L2TP username containing @ (realm separator):
https://github.com/pfsense/pfsense/pull/4212
There is no issue with... Viktor Gurov
12:11 AM Bug #10295: Unescaped characters in dhcp-client-identifier prevent DHCPD from starting on interface: This fix replaces the double quote character with '&quot':
https://github.com/pfsense/pfsense/pull/4211
There is ... Viktor Gurov

02/28/2020

04:42 PM Bug #10303: pfSense-upgrade is not upgrading itself: I got a
/bin/sh: cannot open /usr/local/sbin/pfSense-upgrade: No such file or directory
after updating to *2.4.... Peter Pain
12:45 PM Bug #10303: pfSense-upgrade is not upgrading itself: Fix pushed. pfSense-upgrade 0.78 Renato Botelho
12:44 PM Bug #10303 (Resolved): pfSense-upgrade is not upgrading itself: pfSense-upgrade was being registered as a dependency of pfSense-repo pkg. Because of that, when pfSense-repo package... Renato Botelho
10:09 AM pfSense Packages Bug #10302: LIGHTSQUID - Running When Squid Disabled - 2.4: Reporting bugs against outdated versions is not allowed, either.
Post on a forum thread for assistance, not here. Jim Pingle
10:03 AM pfSense Packages Bug #10302: LIGHTSQUID - Running When Squid Disabled - 2.4: 2.4.3-RELEASE
been up for 13 days
lightsquid package version has not been updated in a while
Lightsquid www 3.... Web Dawg
09:56 AM pfSense Packages Bug #10302: LIGHTSQUID - Running When Squid Disabled - 2.4: I can stop it from services. I can't reboot this router to test right now. Web Dawg
09:54 AM pfSense Packages Bug #10302 (Rejected): LIGHTSQUID - Running When Squid Disabled - 2.4: There is not nearly enough information here for a proper bug report.
This site is not for support or diagnostic di... Jim Pingle
09:52 AM pfSense Packages Bug #10302 (Rejected): LIGHTSQUID - Running When Squid Disabled - 2.4: I have my squid proxy disabled:
@
7445/tcp open ssl/http lighttpd 1.4.48
| http-auth:
| HTTP/1.1 401 Unauth... Web Dawg
08:47 AM Feature #10301 (Resolved): Password confirmation when exporting encrypted backup file: I would highly recommend to implement password confirmation so you have to insert the password two times when exporti... Peter Pan
08:29 AM Bug #10296 (In Progress): swanctl.conf may need multiple pools to support IPv4 and IPv6: Jim Pingle
05:27 AM Bug #10296: swanctl.conf may need multiple pools to support IPv4 and IPv6: > Maybe the commons attrs should be included in the v4 pool or both for now?
This is true, although not mentioned in... Viktor Gurov
08:16 AM Bug #7380 (Pull Request Review): WAN DHCP Gateway Outside of Subnet Causing Route Issues: Jim Pingle
12:48 AM Bug #7380: WAN DHCP Gateway Outside of Subnet Causing Route Issues: fixed/resolved PR:
https://github.com/pfsense/pfsense/pull/4209 Viktor Gurov
08:14 AM pfSense Packages Feature #8196 (Pull Request Review): pfSense-pkg-LCDproc: add a shutdown/reboot control menu: Jim Pingle
12:36 AM pfSense Packages Feature #8196: pfSense-pkg-LCDproc: add a shutdown/reboot control menu: fixed/resolved PR:
https://github.com/pfsense/FreeBSD-ports/pull/784 Viktor Gurov
08:10 AM Feature #10280 (Pull Request Review): DHCP Leases widget: Jim Pingle
12:18 AM Feature #10280: DHCP Leases widget: https://github.com/pfsense/pfsense/pull/4208 Viktor Gurov
08:05 AM pfSense Packages Feature #8198 (Pull Request Review): pfSense-pkg-LCDproc: Add a link status screen for each interface: Jim Pingle
12:08 AM pfSense Packages Feature #8198: pfSense-pkg-LCDproc: Add a link status screen for each interface: fixed/resolved PR:
https://github.com/pfsense/FreeBSD-ports/pull/783 Viktor Gurov
08:01 AM pfSense Docs Correction #10300 (Rejected): Feedback on Configuration — Setup Wizard: Plenty of people have valid uses for using a TLD on their firewall, like with ACME or in business environments which ... Jim Pingle
06:46 AM Revision 9fde2b2b: Handle DHCP Lease when the assigned Gateway is Outside of Subnet. Issue #7380: Viktor Gurov
04:30 AM Bug #10287 (Resolved): OpenVPN TLS key direction value added to existing tunnels is 0.: tested on 2.4.5.r.20200228.0300
works as expected on the Client/Server pages Viktor Gurov
01:37 AM Bug #9654 (New): After reboot, the DNS resolver must be restarted before it will advertise the ipv6 DNS address of the router.: looks like same track interface issue: https://redmine.pfsense.org/issues/8273
services try to run on track interf... Viktor Gurov
01:26 AM Bug #10284 (Resolved): Exporting p12 for CSR causes a crash report: tested on 2.5.0.a.20200227.1722
works as expected - hides PKCS#12 export icons/buttons if private key does not exist Viktor Gurov

02/27/2020

11:17 PM Bug #9830 (Resolved): NTP ACLs vs. NTP pools: works as expected on 2.5.0.a.20200227.1722 Viktor Gurov
05:37 AM Bug #9830 (Feedback): NTP ACLs vs. NTP pools: PR has been merged. Thanks! Renato Botelho
07:59 PM pfSense Docs Correction #10300 (Rejected): Feedback on Configuration — Setup Wizard: *Page:* https://docs.netgate.com/pfsense/en/latest/book/config/setup-wizard.html
*Feedback:*
Update the Domain re... Paighton Bisconer
07:38 PM Revision 407a5c28: For mobile IPsec pools, use separate pool for v4 and v6. Fixes #10296: Jim Pingle
05:41 PM Revision ae94cdd1: Revert "Disable rust on suricata for aarch64": This reverts commit c600e53c34d0c5d054e45d9061710d01ca9f53c4. Renato Botelho
05:08 PM Bug #10296: swanctl.conf may need multiple pools to support IPv4 and IPv6: The mobile-pool-v4 and mobile-pool-v6 pools are created as expected.
But seems that "addrs" is required for each... Michael Smith
02:23 PM Bug #10296: swanctl.conf may need multiple pools to support IPv4 and IPv6: I have the common parameters in mobile-pool now and then separate v4 and v6 pools which use that as a template with t... Jim Pingle
01:45 PM Bug #10296 (Feedback): swanctl.conf may need multiple pools to support IPv4 and IPv6: Applied in changeset commit:407a5c28093d46cb39cc1bba75740523a1ee97e6. Jim Pingle
01:24 PM Bug #10296 (In Progress): swanctl.conf may need multiple pools to support IPv4 and IPv6: I think I have a somewhat easy way around this. Commit coming momentarily. Jim Pingle
09:21 AM Bug #10296: swanctl.conf may need multiple pools to support IPv4 and IPv6: In this case we also need to expand the 'Accomodate both RADIUS and pool IP addresses in IPsec.' feature to select wh... Viktor Gurov
04:35 PM Revision f5273eca: Add sysutils/screen to be built: Renato Botelho
04:35 PM Revision 12cc24be: Add sysutils/screen to be built: Renato Botelho
02:49 PM Todo #9864: Set autocomplete=new-password for user/password fields in forms: On what version? This fix has been applied on 2.4.5 and 2.5.0, and on those versions I do not see the browser attempt... Jim Pingle
02:45 PM Todo #9864: Set autocomplete=new-password for user/password fields in forms: I have this issue with the OpenVPN Server and Client pages always getting the Proxy username/pass autofilled. Corey Boyle
02:26 PM pfSense Packages Bug #10299: Snort - Blocked Alert - Description loss -> Alert Description No Longer Available: Bill Meeks wrote:
> Diego Leon wrote:
> > Snort v 3.2.9.10
> >
> > Package Dependencies:
> > snort-2.9.15 ... Diego Leon
12:54 PM pfSense Packages Bug #10299 (Not a Bug): Snort - Blocked Alert - Description loss -> Alert Description No Longer Available: Jim Pingle
12:54 PM pfSense Packages Bug #10299: Snort - Blocked Alert - Description loss -> Alert Description No Longer Available: Diego Leon wrote:
> Snort v 3.2.9.10
>
> Package Dependencies:
> snort-2.9.15 barnyard2-1.13_1
>
> The S... Bill Meeks
10:19 AM pfSense Packages Bug #10299 (Not a Bug): Snort - Blocked Alert - Description loss -> Alert Description No Longer Available: Snort v 3.2.9.10
Package Dependencies:
snort-2.9.15 barnyard2-1.13_1
The Snort first report in Blocked ta... Diego Leon
01:47 PM Bug #10254 (Feedback): pf error "too many elements" when attempting to load large tables: - pfSense-upgrade was copying loader.conf to a tmp file before upgrade kernel/rc and copying it back to place after t... Renato Botelho
01:02 PM pfSense Packages Bug #10292: Suricata not respecting SID Mgmt list: There were zero changes to that part of the Suricata code in version 4.1.6_3. In fact, both updates to 4.1.6_2 and 4.... Bill Meeks
11:37 AM Revision 5d30f8ca: Merge pull request #4207 from vktg/nonoserve: Renato Botelho
11:36 AM Revision 6681d415: Merge pull request #4204 from vktg/pkcs12nokey: Renato Botelho
10:47 AM Feature #9680: Seperate DHCP Server and relay per interface: Vöggur Guðmundsson wrote:
> I vote for this :)
> Also support multiple relays/helper address.
You can add multip... Viktor Gurov
10:14 AM Feature #9680: Seperate DHCP Server and relay per interface: I vote for this :)
Also support multiple relays/helper address. Vöggur Guðmundsson
10:42 AM pfSense Docs Correction #10257 (Closed): incorrect Cisco-AVPair example: Fixed via PR from Viktor. Jared Dillard
10:30 AM pfSense Docs Correction #10257: incorrect Cisco-AVPair example: https://gitlab.netgate.com/docs/pfSense-book/merge_requests/1 Viktor Gurov
10:12 AM pfSense Packages Bug #10265: Adding a Note with malformed title will force system restore: It is not viable to set that list up dynamically, since if a user removes the package, the value is still in the conf... Jim Pingle
10:10 AM pfSense Packages Bug #10265: Adding a Note with malformed title will force system restore: Jim Pingle wrote:
>
> Yes that's a general issue with XML storage but it's unrelated to this specific bug. We use ... Viktor Gurov
08:27 AM Todo #10298 (Resolved): Use SHA-512 for user password hashes: function local_user_set_password() from auth.inc,
for now uses password_hash($password, PASSWORD_BCRYPT) function to... Viktor Gurov
08:03 AM pfSense Packages Feature #8574 (Pull Request Review): Enable AgentX-support in lldpd using GUI: Jim Pingle
05:35 AM pfSense Packages Feature #8574: Enable AgentX-support in lldpd using GUI: https://github.com/pfsense/FreeBSD-ports/pull/782 Viktor Gurov
07:31 AM pfSense Packages Feature #9989 (Pull Request Review): Add FreeBSD port and pfSense plugin for HoneyTrap: PR: https://github.com/pfsense/FreeBSD-ports/pull/772 Jim Pingle
07:24 AM pfSense Packages Feature #10297 (Pull Request Review): IPv6 user attributes: Jim Pingle
03:24 AM pfSense Packages Feature #10297: IPv6 user attributes: https://github.com/pfsense/FreeBSD-ports/pull/781 Viktor Gurov
01:09 AM pfSense Packages Feature #10297 (Assigned): IPv6 user attributes: Add IPv6 related attributes no the user configuration page in the same way as existing IPv4 Network Configuration:
F... Viktor Gurov
05:37 AM Bug #10284 (Feedback): Exporting p12 for CSR causes a crash report: PR has been merged. Thanks! Renato Botelho
05:34 AM pfSense Packages Feature #9249 (Feedback): [siproxd] Add config for siptrunk plugin: PR has been merged. Thanks! Renato Botelho
05:32 AM pfSense Packages Feature #8878 (Feedback): Propagate user's description field into QR code for FreeRADIUS: PR has been merged. Thanks! Renato Botelho
05:30 AM Revision 5c533d72: DHCPv6 range is not mandatory for Stateless DHCP. Issue #9596: Viktor Gurov
05:28 AM pfSense Packages Bug #8729 (Feedback): IPv6 - FRR BGP issue with Redistribute connected networks: PR has been merged. Thanks! Renato Botelho
05:21 AM pfSense Packages Bug #4497 (Feedback): Using a specific password within FreeRADIUS user management causes pfSense to restore a backup!: Renato Botelho
05:14 AM Revision cec267cb: Special interfaces description length validation. Issue #9401: Viktor Gurov

02/26/2020

06:09 PM Bug #10296 (Resolved): swanctl.conf may need multiple pools to support IPv4 and IPv6: In 2.5.0-DEVELOPMENT after IPsec swanctl conversion, it looks like the mobile-pool may need to be split now to suppor... Michael Smith
02:49 PM Revision 61452020: NTP: do not add noserve to restrict source. Issue #9830: Viktor Gurov
02:32 PM Bug #10295 (Resolved): Unescaped characters in dhcp-client-identifier prevent DHCPD from starting on interface: The following is allowed by the webgui in a static mapping: Client Identifier: 32" Sony Trinitron
That creates a c... Chris Linstruth
02:14 PM Bug #9577: radvd send_ra_forall failed on interface / can't join ipv6-allrouters: Ronald Schellberg wrote:
> Pull Request # 773 submitted
Can you add a link to the PR? Michael Smith
08:28 AM Bug #9577: radvd send_ra_forall failed on interface / can't join ipv6-allrouters: Ronald Schellberg wrote:
>
> The ravdv-2.18_5-v2.5test.txz file is attached.
My bare metal router running my ve... Ronald Schellberg
02:03 PM pfSense Packages Bug #10291 (Resolved): Export using DDNS hostnames (port forward targets) does not include domain name for split DDNS types: Works as expected now. Full hostname is observed in @remote@ statements which only had the short hostname before. Ent... Jim Pingle
11:08 AM pfSense Packages Bug #10294 (New): FRR Route Counts Incorrect on Status Page: Something is still truncating the route counts on the FRR status pages. Seems to be intermittent.
Zebra Routes D... Chris Linstruth
10:44 AM Bug #10276: NTP "No Select" does not work: Manuel Piovan wrote:
> that is normal behavior,not a bug, from the man page
> noselect only work for "server" and "... Christian Borchert
09:07 AM Bug #10276 (Pull Request Review): NTP "No Select" does not work: Jim Pingle
10:07 AM Bug #9830 (Pull Request Review): NTP ACLs vs. NTP pools: Jim Pingle
08:52 AM Bug #9830: NTP ACLs vs. NTP pools: That's correct
Fix:
https://github.com/pfsense/pfsense/pull/4207 Viktor Gurov
10:05 AM Bug #9596 (Pull Request Review): DHCPv6 Range should not be mandatory if Stateless DHCP selected as router mode: Jim Pingle
08:27 AM Bug #9596: DHCPv6 Range should not be mandatory if Stateless DHCP selected as router mode: https://github.com/pfsense/pfsense/pull/4206 Viktor Gurov
10:02 AM pfSense Packages Feature #9249 (Pull Request Review): [siproxd] Add config for siptrunk plugin: Jim Pingle
04:37 AM pfSense Packages Feature #9249: [siproxd] Add config for siptrunk plugin: from siproxd.conf.example:... Viktor Gurov
09:57 AM pfSense Packages Feature #8878 (Pull Request Review): Propagate user's description field into QR code for FreeRADIUS: Jim Pingle
03:27 AM pfSense Packages Feature #8878: Propagate user's description field into QR code for FreeRADIUS: https://github.com/pfsense/FreeBSD-ports/pull/779 Viktor Gurov
09:51 AM Bug #9401 (Pull Request Review): 26 to 31 character VPN interface names cause gateway names to exceed 31 character limit: Jim Pingle
02:38 AM Bug #9401: 26 to 31 character VPN interface names cause gateway names to exceed 31 character limit: This is caused by special suffixes added to some special interfaces:
_VPNV4 and _VPNV6 for OpenVPN and VTI interface... Viktor Gurov
09:42 AM Bug #10284 (Pull Request Review): Exporting p12 for CSR causes a crash report: Jim Pingle
01:13 AM Bug #10284: Exporting p12 for CSR causes a crash report: Unfortunately openssl_pkcs12_export() do not allow to create PKCS#12 without private key,
Therefore, we need to hide... Viktor Gurov
09:25 AM Feature #10293 (Pull Request Review): DNS flag day - EDNS buffer size recommendation: Jim Pingle
12:03 AM Feature #10293: DNS flag day - EDNS buffer size recommendation: https://github.com/pfsense/pfsense/pull/4203 Viktor Gurov
12:00 AM Feature #10293 (Resolved): DNS flag day - EDNS buffer size recommendation: https://dnsflagday.net/2020/:
*Message Size Considerations*
The optimum DNS message size to avoid IP fragmentation ... Viktor Gurov
07:06 AM Revision 2e4372e3: Hide PKCS#12 export if private key is empty. Issue #10284: Viktor Gurov
03:43 AM pfSense Packages Bug #8885 (Closed): HAProxy "Log hostname parameter broke local syslog: no such issue with haproxy-devel 0.60_3 on pfSense 2.4.5.r.20200225.2100 and 2.5.0.a.20200225.0859
- hostname field... Viktor Gurov

02/25/2020

05:10 PM pfSense Packages Bug #10292 (Not a Bug): Suricata not respecting SID Mgmt list: I am running pfSense 2.4.4-RELEASE-p3 (amd64) with Suricata VERSION 4.1.6_3 on an SG-2440.
Suricata is inspecting ... Markus P
01:58 PM Revision c34a340e: Correct 'default' behavior of OpenVPN TLS key dir. Fixes #10287: (cherry picked from commit d2011b0addd27766e6b402270c79d06c6c485f04) Jim Pingle
01:58 PM Revision d2011b0a: Correct 'default' behavior of OpenVPN TLS key dir. Fixes #10287: Jim Pingle
12:43 PM Revision b7a45ee4: Fix USB tethering modules path: (cherry picked from commit 4b790bc6c29255cf32ef5830a20302608cb17342) Renato Botelho
12:43 PM Revision db4cf59b: Build modules needed to USB tethering: (cherry picked from commit 41e09c2264bcc8067c349213eab5c0dadfb5681f) Renato Botelho
10:45 AM pfSense Packages Bug #10291 (Feedback): Export using DDNS hostnames (port forward targets) does not include domain name for split DDNS types: Pushed a fix in OpenVPN client export pkg version 1.4.20 Jim Pingle
10:41 AM pfSense Packages Bug #10291 (Resolved): Export using DDNS hostnames (port forward targets) does not include domain name for split DDNS types: Some Dynamic DNS entries are considered "split" so they have the hostname and domain name in separate variables (e.g.... Jim Pingle
08:05 AM Bug #10287 (Feedback): OpenVPN TLS key direction value added to existing tunnels is 0.: Applied in changeset commit:d2011b0addd27766e6b402270c79d06c6c485f04. Jim Pingle
07:08 AM Feature #10290 (New): Firewall Aliases Add button on top of list: It would be good if we one more Add button would add on top of list. If adding new aliases happens often, then Add on... Constantine Kormashev
06:43 AM Feature #7467: Add iPhone/Android/Generic USB tethering support: I've also added the modules to 2.4.5 Renato Botelho

02/24/2020

10:16 PM Bug #9643: Limiters do not function properly on 2.5 snapshots: Experiencing same behavior as reported by Greg M on my physical install of pfsense 2.5 dev. Traffic just stops.
F... Ryl Thelandria
08:47 PM Bug #10288 (Rejected): Phone tethering to pfSense not updating interfaces to ue0: There is no sign of a bug there yet and not enough information to go on. Keep the discussion on the forum until there... Jim Pingle
08:44 PM Bug #10288 (Rejected): Phone tethering to pfSense not updating interfaces to ue0: Guide completed, however interface not updated.
Post [[https://forum.netgate.com/topic/102342/iphone-tethering-to-pf... K F
03:35 PM Bug #10287: OpenVPN TLS key direction value added to existing tunnels is 0.: In the selection list, when @tlsauth_keydir@ is empty/unset, both the list entry for default and 0 are marked with @s... Jim Pingle
03:22 PM Bug #10287 (In Progress): OpenVPN TLS key direction value added to existing tunnels is 0.: Jim Pingle
03:16 PM Bug #10287 (Resolved): OpenVPN TLS key direction value added to existing tunnels is 0.: Resaving an existing OpenVPN client in 2.4.5 adds additional values to the config.
The key direction value is set to... Steve Wheeler
02:31 PM Bug #9592: VTI interface down because interface number created is greater than ipsec32768: PR is now https://github.com/pfsense/pfsense/pull/4190 Jim Pingle
02:31 PM Bug #10285 (Duplicate): V2.4.4 p3 PSEC VTI tunnels > 32 fail.: Duplicate of #9592 Jim Pingle
02:29 PM Bug #10285 (Duplicate): V2.4.4 p3 PSEC VTI tunnels > 32 fail.: I have a very large pfsense installation with over 32 vpn connections. The HA pair's config was originally built with... Andrew Johnson
01:35 PM pfSense Packages Bug #10278 (New): pfBlockerNG: Formatting issue on DNSBL stats page: Jim Pingle
01:19 PM pfSense Packages Bug #10278: pfBlockerNG: Formatting issue on DNSBL stats page: Jim Pingle wrote:
> Did you mean pfBlockerNG? "pfsense-ng" is not a valid package name. For now I'll set this as pfB... Steve Klund
07:48 AM pfSense Packages Bug #10278 (Feedback): pfBlockerNG: Formatting issue on DNSBL stats page: Did you mean pfBlockerNG? "pfsense-ng" is not a valid package name. For now I'll set this as pfBlockerNG since that s... Jim Pingle
12:36 PM Revision 4b790bc6: Fix USB tethering modules path: Renato Botelho
12:27 PM Revision 41e09c22: Build modules needed to USB tethering: Renato Botelho
11:03 AM Bug #10276 (Not a Bug): NTP "No Select" does not work: Jim Pingle
10:34 AM Bug #10276: NTP "No Select" does not work: that is normal behavior,not a bug, from the man page
noselect only work for "server" and "peer" not for "pool" Manuel Piovan
08:13 AM Bug #10284: Exporting p12 for CSR causes a crash report: Looks like P12 export should be disabled either just for CSRs or perhaps for any entry which lacks a key (Which we al... Jim Pingle
03:30 AM Bug #10284 (Resolved): Exporting p12 for CSR causes a crash report: what i have done:
System / Certificate Manager / Certificates
select "Sign a certificate Signing request"
leave ke... Manuel Piovan
08:11 AM pfSense Packages Feature #9003: Add 'Copy Running to Saved' option to the raw config: Viktor Gurov wrote:
> I do not understand why quagga-way (saving configuration in base64 format in config.xml) may b... Ben Hughes
08:08 AM pfSense Packages Feature #9003 (Pull Request Review): Add 'Copy Running to Saved' option to the raw config: Jim Pingle
07:54 AM pfSense Packages Bug #8887 (Pull Request Review): Squid Proxy Interface not assignee to IPv6: Jim Pingle
07:46 AM Bug #10277: Sorting the log entries does not use year value: You can force the type by using @data-sortable-type="date"@ in the @<th>@ tag for the header row of this column, but ... Jim Pingle
07:39 AM pfSense Packages Bug #4497 (Pull Request Review): Using a specific password within FreeRADIUS user management causes pfSense to restore a backup!: Jim Pingle
07:38 AM pfSense Packages Bug #10265: Adding a Note with malformed title will force system restore: Viktor Gurov wrote:
> Jim Pingle wrote:
> > The string uses characters which are invalid in XML, and that field is ... Jim Pingle
07:34 AM pfSense Packages Bug #8729 (Pull Request Review): IPv6 - FRR BGP issue with Redistribute connected networks: Jim Pingle
07:28 AM Feature #8624 (Pull Request Review): DNS Resolver Resolve IPv6 OpenVPN Client Addresses: Jim Pingle
07:21 AM Bug #10283 (Not a Bug): Fatal error zend opcache cannot allocate buffer for interned strings: This is almost certainly a problem with your environment, not pfSense. I have a number of VMs on 2.4.5 and 2.5.0 that... Jim Pingle
07:00 AM Feature #7467 (In Progress): Add iPhone/Android/Generic USB tethering support: I've added if_urndis, if_cdce and if_ipheth modules to the build. They will be available on next 2.5.0 snapshots and... Renato Botelho
03:14 AM pfSense Packages Bug #10279: pfSense's OpenVM Tools on ESXi 6.7 no longer provides guest vm functionality: graceful shutdown work with esxi 6.7u3 and pfsense 2.5.0-dev Manuel Piovan

02/23/2020

04:32 PM Bug #10283 (Not a Bug): Fatal error zend opcache cannot allocate buffer for interned strings: I've upgraded my pfsense from 256meg to 512 and it no longer runs.
Receiving "Fatal error zend opcache cannot allo... Bob Franken
12:20 PM Bug #10254 (In Progress): pf error "too many elements" when attempting to load large tables: There is still a problem here we're investigating Jim Pingle
09:24 AM pfSense Packages Feature #9003: Add 'Copy Running to Saved' option to the raw config: I do not understand why quagga-way (saving configuration in base64 format in config.xml) may be error prone.
Both *... Viktor Gurov
08:43 AM Bug #10282 (Duplicate): DHCP Relay Listening On ALL Interfaces!: Most likely a duplicate of #9466 -- re-test on 2.4.5. Jim Pingle
05:07 AM Bug #10282 (Duplicate): DHCP Relay Listening On ALL Interfaces!: Hi,
I have configured DHCP Relay to listen on dedicated interfaces only (see pic).
The "GRUEN" interface is dedic... Chris Knebb
08:41 AM Bug #10281 (Not a Bug): I can unassign interface even if it is used in FRR OSPF: It's not a bug in FRR. There is no way for the base system to know that a package is using an interface, and no way f... Jim Pingle

02/22/2020

11:50 PM Bug #10281 (Not a Bug): I can unassign interface even if it is used in FRR OSPF: There was IPsec VTI tunnel with assigned interface. The interface was used in FRR OSPF settings as OSPF interface. If... Constantine Kormashev
08:19 PM Feature #10280: DHCP Leases widget: The author needs to submit that as a pull request. And that repository has not been updated in several years. Jim Pingle
06:21 PM Feature #10280 (New): DHCP Leases widget: DHCP Leases widget for pfSense
may be based on pfSense_widgets (https://github.com/fuzion9/pfSense_widgets). Sergei Shablovsky
08:16 PM pfSense Packages Bug #10279: pfSense's OpenVM Tools on ESXi 6.7 no longer provides guest vm functionality: Might need to try on 2.4.5 or 2.5.0 to get the updated ports. I don't have any problem with guest functionality there... Jim Pingle
12:52 PM pfSense Packages Bug #10279 (New): pfSense's OpenVM Tools on ESXi 6.7 no longer provides guest vm functionality: When I run pfSense on ESXi6.7 (Update 3) with Open-VM-Tools installed from Package Manager, ESXi sees the Open VM too... Travis McMurry
01:12 PM Revision 8c145373: Allow import cert without private key. Issue #9834: Viktor Gurov
10:46 AM pfSense Packages Feature #8181 (Resolved): Quagga OSPF failover mechanism takes too much time to converge in HA environments: successfully tested on 2.5.0.a.20200220.1948 with Quagga_OSPF 0.6.21_5 Viktor Gurov
10:37 AM pfSense Packages Bug #9652 (Resolved): Squid Proxy Server /var/squid/lib/ssl_db directory not found in squid.inc: Renato Botelho wrote:
> PR has been merged. Thanks!
works ok on 2.4.5.r.20200222.0000 and 2.5.0.a.20200221.1911 w... Viktor Gurov
10:33 AM pfSense Packages Bug #9681 (Resolved): [Monitoring] New views title are always in lower case.: mixed titles is ok on 2.5.0.a.20200221.1911 and 2.4.5.r.20200222.0000
Viktor Gurov
10:12 AM pfSense Packages Bug #8887: Squid Proxy Interface not assignee to IPv6: This fix allows you to select the IP protocol over which Squid will listen for connections:
https://github.com/pfsen... Viktor Gurov
10:11 AM Feature #4881: Allow NPt to use dynamic IPv6 networks: Csoban Kesmarki, are you sure that you cannot get a "real" prefix from your ISP? The correct way would be that you ge... Holger Glemser
09:49 AM Bug #10276: NTP "No Select" does not work: Viktor Gurov wrote:
> Can you attach /var/etc/ntpd.conf, and content of <ntpd></ntpd> from /cf/conf/config.xml, plea... Christian Borchert
09:25 AM Bug #10276: NTP "No Select" does not work: Christian Borchert wrote:
> Even after selecting the "No Select" checkbox (a second time and saving), the servers ... Viktor Gurov
08:30 AM Bug #10276: NTP "No Select" does not work: Viktor Gurov wrote:
> When you add a new server(s) on the Services / NTP / Settings page,
> it does not save the v... Christian Borchert
12:56 AM Bug #10276: NTP "No Select" does not work: When you add a new server(s) on the Services / NTP / Settings page,
it does not save the values of the checkboxes f... Viktor Gurov
09:42 AM Revision 585f268f: Register OpenVPN client IPv6 address in DNS Resolver. Issue #8624: Viktor Gurov
08:55 AM pfSense Packages Bug #10278 (New): pfBlockerNG: Formatting issue on DNSBL stats page: I have found that on the stats pages, the center bar that divides source from the pie charts is static.
I cannot... Steve Klund
08:12 AM Bug #10277 (New): Sorting the log entries does not use year value: If you have on the one Status / System Logs page log entries from different months and years
clicking on the 'Time' ... Viktor Gurov
07:41 AM pfSense Packages Bug #4497: Using a specific password within FreeRADIUS user management causes pfSense to restore a backup!: This fix allow to use only ^[a-zA-Z0-9_.-]*$ for usernames:
https://github.com/pfsense/FreeBSD-ports/pull/775 Viktor Gurov
07:32 AM pfSense Packages Bug #10265: Adding a Note with malformed title will force system restore: Jim Pingle wrote:
> The string uses characters which are invalid in XML, and that field is not protected. The packag... Viktor Gurov
07:08 AM pfSense Packages Bug #8729: IPv6 - FRR BGP issue with Redistribute connected networks: This PR allow to select No/IPv4/IPv6/IPv4+IPv6 in the Redistribute drop-down menu (where 'IPv4+IPv6' is 'yes' for bac... Viktor Gurov
03:49 AM Feature #8624: DNS Resolver Resolve IPv6 OpenVPN Client Addresses: Feature:
https://github.com/pfsense/pfsense/pull/4202
Viktor Gurov
01:03 AM Bug #10275 (Resolved): L2TP and PPPoE user password issues: tested on 2.4.5.r.20200221.2100
Passwords started with "!" - ok, WebGUI error message
Double quotes (") in passwo... Viktor Gurov

02/21/2020

11:43 PM Feature #9825 (Resolved): Requirements for trusted certificates in iOS 13 and macOS 10.15: tested on 2.5.0.a.20200221.1911:
default cert creation, openvpn wizard, new cert creation, renew/reissue cert - ok
... Viktor Gurov
08:35 AM Feature #9825 (Feedback): Requirements for trusted certificates in iOS 13 and macOS 10.15: Applied in changeset commit:f944f4a797d7d172d35ee09baffbfbb4bd2a559e. Jim Pingle
08:28 AM Feature #9825: Requirements for trusted certificates in iOS 13 and macOS 10.15: Made the change on both. Better to be safe. Jim Pingle
07:08 AM Feature #9825 (In Progress): Requirements for trusted certificates in iOS 13 and macOS 10.15: This has now been dropped to 398 days for certs made after September 1, so we may as well adjust that down now (maybe... Jim Pingle
11:34 PM Feature #9726 (Resolved): Hash Algorithm configured on child ESP/AH proposals using AES GCM though strongswan strips them: tested on 2.5.0.a.20200221.1911
now works as expected in all cases Viktor Gurov
10:11 AM Feature #9726 (Feedback): Hash Algorithm configured on child ESP/AH proposals using AES GCM though strongswan strips them: PR has been merged. Thanks! Renato Botelho
10:03 AM Feature #9726 (Pull Request Review): Hash Algorithm configured on child ESP/AH proposals using AES GCM though strongswan strips them: Jim Pingle
11:18 PM Bug #10276 (Resolved): NTP "No Select" does not work: System is using Garmin 18x LVC connected via serial port providing NEMA time and PPS.
Attached are two sets of scr... Christian Borchert
11:13 PM Feature #10273 (New): OpenVPN compile with --enable-async-push: Looks like that change has been committed to the ports tree, too Jim Pingle
09:52 PM Feature #10273: OpenVPN compile with --enable-async-push: Renato Botelho wrote:
> Since it was an easy change, I submitted a patch to FreeBSD ports
>
> https://bugs.freebs... Louis McLennan
11:44 AM Feature #10273: OpenVPN compile with --enable-async-push: Since it was an easy change, I submitted a patch to FreeBSD ports
https://bugs.freebsd.org/bugzilla/show_bug.cgi?i... Renato Botelho
10:08 AM Feature #10273 (Needs Patch): OpenVPN compile with --enable-async-push: There is no option in the FreeBSD port to enable that configure argument. The FreeBSD port maintainer will need to ad... Jim Pingle
06:48 PM Revision e6ea77eb: L2TP and PPPoE user password validation. Fixes #10275: (cherry picked from commit 48dae98cf7837af3071521bdabb788af6d3e0f41) Jim Pingle
06:48 PM Revision 48dae98c: L2TP and PPPoE user password validation. Fixes #10275: Jim Pingle
04:44 PM Revision dc104520: DNS64 support. Issue #10274: Viktor Gurov
04:11 PM Revision 4e2e05cb: Merge pull request #4198 from vktg/ipsecstripgcmhash: Renato Botelho
02:27 PM Revision 347ca360: Auto GUI/OpenVPN wizard cert lifetime reduced to 398. Fixes #9825: Jim Pingle
02:24 PM Revision f944f4a7: Server cert lifetime reduced to 398. Fixes #9825: New requirements coming this fall will require new certs to be valid for at most
398 days. Setup this new requirement... Jim Pingle
12:55 PM Bug #10275 (Feedback): L2TP and PPPoE user password issues: Applied in changeset commit:48dae98cf7837af3071521bdabb788af6d3e0f41. Jim Pingle
12:33 PM Bug #10275 (Resolved): L2TP and PPPoE user password issues: When defining local users in L2TP and PPPoE, there are two issues with passwords:
1. Passwords should not be allow... Jim Pingle
10:50 AM Bug #9654: After reboot, the DNS resolver must be restarted before it will advertise the ipv6 DNS address of the router.: You will have to set it up with ipv6 Track Interface. It doesn't show up with static.
Rick Coats
06:41 AM Bug #9654 (Feedback): After reboot, the DNS resolver must be restarted before it will advertise the ipv6 DNS address of the router.: unable to reproduce:
pfSense 2.4.4-p3 and latest 2.5 (VM, qemu),
static IPv4 and IPv6 addresses on LAN interface,... Viktor Gurov
10:09 AM Bug #9710 (Pull Request Review): IPv6 RA: prefix option does not contain router address in spite of "R" flag being set: Renato Botelho
12:55 AM Bug #9710: IPv6 RA: prefix option does not contain router address in spite of "R" flag being set: I also found that 'AdvRouterAddr on' is used everywhere in radvd.conf, but this is incorrect (radvd.conf(5)):
_When ... Viktor Gurov
09:57 AM Feature #10274 (Pull Request Review): DNS64 support: Jim Pingle
03:55 AM Feature #10274: DNS64 support: https://github.com/pfsense/pfsense/pull/4200 Viktor Gurov
03:45 AM Feature #10274 (Resolved): DNS64 support: Add DNS64 configuration to DNS Resolver WebGUI
from https://github.com/monero-project/unbound/blob/master/doc/READ... Viktor Gurov
09:29 AM Bug #10176: Multiple duplicate / overlapping phase 2 Child SAs on IPsec tunnels: Jim Pingle wrote:
> Was it 2.5.0 on both ends? If either end is 2.4.x, it still could be that side triggering the pr... Izaac Falken
08:24 AM Feature #4881: Allow NPt to use dynamic IPv6 networks: Got that point.
I did two things here with my NPt:
1. Now I have 4 networks (LAN, DMZ, GUEST, VPN), basically /80... Csoban Kesmarki
07:47 AM Feature #4881: Allow NPt to use dynamic IPv6 networks: NPt is "Network Prefix Translation" not "IPv6 outbound NAT", it is effectively "IPv6 1:1 NAT for single addresses or ... Jim Pingle
07:45 AM Feature #4881: Allow NPt to use dynamic IPv6 networks: Jim Pingle wrote:
> ...
Thank you!
I though much simpler at first by trying to follow my own manual steps when... Csoban Kesmarki
07:37 AM Feature #4881: Allow NPt to use dynamic IPv6 networks: Looks like the wanip is good enough if $rule['ipprotocol'] == "inet6". But the npt has no 'ipprotocol' attribute whic... Csoban Kesmarki
07:29 AM Feature #4881: Allow NPt to use dynamic IPv6 networks: That alone wouldn't do anything useful -- it would have to be the entire network, not a single address. If it's the e... Jim Pingle
07:24 AM Feature #4881: Allow NPt to use dynamic IPv6 networks: I think that these changes can basically do the job (take it as a high level plan):
1. Changing the /usr/local/www/f... Csoban Kesmarki
07:42 AM Bug #10254 (Feedback): pf error "too many elements" when attempting to load large tables: pfSense-upgrade 0.74 (on 2.5.0 and 2.4.5) and 0.63 on 2.4.4 will fix it Renato Botelho
05:30 AM Revision 9d60be2a: Strip IPsec PH2 hash for AEAD ciphers. Issue #9726: Viktor Gurov
03:48 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: I also have to come back to my conclusion it was ok with the rebuild filterdns. While working better than before, tab... Robert Gijsen

02/20/2020

11:34 PM Feature #9726: Hash Algorithm configured on child ESP/AH proposals using AES GCM though strongswan strips them: tested on 2.5.0.a.20200220.1948
This small fix is still needed for cases where both AEAD and non-AEAD ciphers are ... Viktor Gurov
09:30 AM Feature #9726 (Feedback): Hash Algorithm configured on child ESP/AH proposals using AES GCM though strongswan strips them: PR has been merged. Thanks! Renato Botelho
07:33 AM Feature #9726 (Pull Request Review): Hash Algorithm configured on child ESP/AH proposals using AES GCM though strongswan strips them: Jim Pingle
11:21 PM Bug #7163 (Resolved): IGMP Proxy does not valid inputs: works as expected on 2.5.0.a.20200220.1948 Viktor Gurov
09:30 AM Bug #7163 (Feedback): IGMP Proxy does not valid inputs: PR has been merged. Thanks! Renato Botelho
07:19 AM Bug #7163 (Pull Request Review): IGMP Proxy does not valid inputs: Jim Pingle
04:43 AM Bug #7163: IGMP Proxy does not valid inputs: fixes:
https://github.com/pfsense/pfsense/pull/4197 Viktor Gurov
10:20 PM Feature #10273 (Resolved): OpenVPN compile with --enable-async-push: --enable-async-push enable async-push support for plugins providing deferred authentication [default=no]
Not entir... Louis McLennan
04:25 PM Revision ce164bb8: Fix #10254: Default value is minimumtableentries_bogonsv6 from globals.inc: Renato Botelho
04:25 PM Revision 3b6ad495: Fix #10254: Default value is minimumtableentries_bogonsv6 from globals.inc: Renato Botelho
03:42 PM Bug #10254 (In Progress): pf error "too many elements" when attempting to load large tables: Something is still not quite right with this value post-upgrade. The first boot after any firmware upgrade (like one ... Jim Pingle
10:35 AM Bug #10254 (Feedback): pf error "too many elements" when attempting to load large tables: Applied in changeset commit:3b6ad495670ca387127dbf72cefb46d909be4fa9. Renato Botelho
03:31 PM Revision 8b4e89b9: Merge pull request #4194 from vktg/ipsecmultipools: Renato Botelho
03:31 PM Revision ea4a05ed: Merge pull request #4195 from netpok/feature/cloudflare-token: Renato Botelho
03:30 PM Revision 410b14cf: Merge pull request #4197 from vktg/igmpproxyvalid: Renato Botelho
03:30 PM Revision 4343505b: Merge pull request #4148 from vktg/ipsecnogcmhash: Renato Botelho
03:30 PM Revision 8bc138b3: Merge pull request #4193 from csobankesmarki/master: Renato Botelho
10:56 AM Revision 8d656a00: IGMP Proxy WebGUI input validation. Issue #7163: Viktor Gurov
09:38 AM Revision d5d1c0dd: Hide/strip IPsec PH2 hash algo from swanctl.conf. Issue #9726: Viktor Gurov
09:31 AM Feature #8160 (Feedback): Accomodate both RADIUS and pool IP addresses in IPsec: PR has been merged. Thanks! Renato Botelho
09:31 AM Feature #9639 (Feedback): Cloudflare DDNS "API Token": PR has been merged. Thanks! Renato Botelho
09:30 AM Feature #10256 (Feedback): Add support for IPv6 to No-IP Dynamic DNS: PR has been merged. Thanks! Renato Botelho
08:37 AM Feature #10256: Add support for IPv6 to No-IP Dynamic DNS: https://github.com/pfsense/pfsense/pull/4193 Csoban Kesmarki
09:17 AM pfSense Packages Bug #9934: suricata update kills WAN interface: A look through the Suricata source code shows that the Suricata binary, when running in PCAP mode, will send explicit... Bill Meeks
07:58 AM pfSense Packages Bug #9934: suricata update kills WAN interface: If Suricata is running using Legacy Mode Blocking, then the _libpcap_ library is used and bonded to the interface whe... Bill Meeks
08:39 AM Feature #4881: Allow NPt to use dynamic IPv6 networks: Does anybody aware of any preparation/planning or any other related work already done? Csoban Kesmarki
07:10 AM Feature #10272 (Duplicate): Quick toggle for logging filter rules: Duplicate of #7799 Jim Pingle
04:50 AM Feature #10272 (Duplicate): Quick toggle for logging filter rules: I'd like to propose to always show the logging icon in the filter rules screen but greyed out if not active and make ... Jens Groh
04:46 AM Feature #10271 (Resolved): Large number of VLAN/LANs make "Interfaces" menu hard to access: On our datacenter cluster we have a large number of VLANs and LANs (and we aren't close to finishing work - we have a... Jens Groh
04:20 AM Feature #10258: allow to sign CA: We could use that feature right now. We run multiple CA/intermediate CAs from our pfSense Clusters as we mostly need ... Jens Groh
04:07 AM Feature #10222 (Resolved): Tune GRE MTU if GRE over IPsec is used: tested on 2.5.0.a.20200219.1144
all three cases (GIF,GRE,GRE/IPsec) works as expected Viktor Gurov
04:00 AM Bug #10001 (Resolved): incorrect route deletion on 2.5: works as expected on 2.5.0.a.20200219.1144 Viktor Gurov
02:46 AM Bug #4521: OpenVPN authentication and certificate validation fail due to size of data passed through ``fcgicli``: short subject test:... Viktor Gurov

02/19/2020

11:25 PM pfSense Packages Bug #8830 (Resolved): Automatic flowbit resolution setting does not match description: works as expected on pfSense 2.4.5.a.20200123.1100 with snort 3.2.9.10_1 Viktor Gurov
06:37 PM Bug #9577: radvd send_ra_forall failed on interface / can't join ipv6-allrouters: Pull Request # 773 submitted Ronald Schellberg
05:31 PM Bug #9577: radvd send_ra_forall failed on interface / can't join ipv6-allrouters: There is not one yet, waiting for some confirmation from others. I'll submit one latter tonight. Ronald Schellberg
01:48 PM Bug #9577: radvd send_ra_forall failed on interface / can't join ipv6-allrouters: Is there a pull request on Github for this? I don't see one. If there is not, can you submit that source change as a ... Jim Pingle
04:43 PM Revision 01e77284: Add -o StrictHostKeyChecking=no to all ssh calls: Renato Botelho
04:43 PM Revision 547d0883: Add -o StrictHostKeyChecking=no to all ssh calls: Renato Botelho
01:45 PM pfSense Packages Bug #10261: Arpwatch fails to download ethercodes.dat: Samuel: /etc/inc/pfsense-utils.inc: function download_file($url, $destination, *$verify_ssl = true*, $connect_timeout... Manuel Piovan
01:40 PM pfSense Packages Feature #10227 (Resolved): ACME: Do not show passwords: Thanks for testing! Jim Pingle
01:39 PM pfSense Packages Feature #10227: ACME: Do not show passwords: It works nicely Torben Hørup
12:06 PM pfSense Packages Feature #10227 (Feedback): ACME: Do not show passwords: Fixed in ACME package version 0.6.5
As well as it can be in the current framework anyhow. Passwords and other sens... Jim Pingle
01:38 PM pfSense Packages Bug #10266: ACME: Changing validation from http to dns provokes ACME: Hi,
Confirmed (again), the issue described now works correctly.
A Andrew Nimmo
01:25 PM pfSense Packages Bug #10266 (Resolved): ACME: Changing validation from http to dns provokes ACME: Thanks! Jim Pingle
01:21 PM pfSense Packages Bug #10266: ACME: Changing validation from http to dns provokes ACME: Hi.
Confirmed working.
Regards,
M Greg M
12:07 PM pfSense Packages Bug #10266 (Feedback): ACME: Changing validation from http to dns provokes ACME: Should be fixed in ACME package version 0.6.5 which synced up to the latest acme.sh changes. Jim Pingle
01:36 PM Bug #10270: OMAPI / disableauthoritative / alwaysbroadcast not saved inside dhcpd.conf: From my comments on that thread (slightly edited to make sense here):
> It's using a variable set inside the per-i... Jim Pingle
01:27 PM Bug #10270 (Resolved): OMAPI / disableauthoritative / alwaysbroadcast not saved inside dhcpd.conf: discussion here
https://forum.netgate.com/topic/150658/no-config-entry-for-omapi
with multiple lan network if i s... Manuel Piovan
12:15 PM pfSense Packages Bug #7829 (Duplicate): Unable to expand the "Advanced Server Settings" in ACME certificate edit: Actually duplicated by #9347 but that had a more accurate description of what was happening. It should be better on A... Jim Pingle
12:12 PM pfSense Packages Bug #9347 (Feedback): Domain SAN list displays "Key Algorithm: HMAC-MD5, API Endpoint: portal.nexcess.net": This should be better in ACME package version 0.6.5. I added default values for those fields which are set to 'none' ... Jim Pingle
12:08 PM pfSense Packages Bug #9752 (Resolved): ACME - Actions have no access to additionally generated certificate files.: Fixed months ago, no additional feedback. Jim Pingle
12:08 PM pfSense Packages Bug #9888 (Resolved): ACME output sent to browser without encoding: Fixed months ago, no additional feedback. Jim Pingle
08:03 AM Bug #10269 (Not a Bug): Mutual PSK IPSec tunnels requiring certificate and thus failing authentication: I have several PSK-only tunnels on 2.4.5 and 2.5.0 that work without error. Post on the forum for help in diagnosing ... Jim Pingle
03:20 AM Bug #10269 (Not a Bug): Mutual PSK IPSec tunnels requiring certificate and thus failing authentication: Hi,
I've been running the 2.4.5 nightlies since beta at one site and since RC at two.
In the latest nightlies (... Chris Sutcliff
05:09 AM Feature #4632: Support for Multipath TCP (MPTCP): Well, I guess there's no further development right now. Last commit was 2019-12-12.
I couldn't find any hint if some... Jens Leinenbach

02/18/2020

05:06 PM Revision f9734a1a: Add spaces to concatenation: Balázs Váradi
04:52 PM Revision e845e7d8: Fix PHP syntax error in traffic_shaper_wizard_multi_all.inc: (cherry picked from commit 6dfef2df88a770058fdb2fce32749d3ce96a873e) Jim Pingle
04:52 PM Revision 6dfef2df: Fix PHP syntax error in traffic_shaper_wizard_multi_all.inc: Jim Pingle
04:50 PM Revision 3a95fe41: Fix PHP errors in traffic_shaper_wizard_dedicated.inc: (cherry picked from commit 9d141b4de6a5760b88b94100aa216e0559a102fc) Jim Pingle
04:50 PM Revision 9d141b4d: Fix PHP errors in traffic_shaper_wizard_dedicated.inc: Jim Pingle
03:45 PM Feature #6240: vxlan driver: Any updates on this? the pull request seems trivial. Jason Peron
03:29 PM pfSense Docs Todo #10268 (Closed): Feedback on Services: *Page:* https://docs.netgate.com/pfsense/en/latest/services/index.html
*Feedback:*
This could use a section on ... Chris Linstruth
02:12 PM Revision e59b9382: Fix formatting and remove empty strings: Balázs Váradi
12:44 PM Revision 1c67c475: Broke long lines to improve readability: Followed rbgarga's suggestions. Csoban Kesmarki
12:07 PM Revision 488fc5f8: Merge pull request #4196 from vktg/wangw: Renato Botelho
08:56 AM Bug #10267: DHCP Server PXE options: thank you Jim - interesting...
I thought that already and delete the "wrong" part. but after every service reload -... Ya Sin
07:55 AM Bug #10267 (Rejected): DHCP Server PXE options: The format in the first part is not present in pfSense code. It must have been manually edited into your firewall. On... Jim Pingle
03:28 AM Bug #10267: DHCP Server PXE options: just recognized one more thing:
within the subnet configuration - there is another config showing up the bootfiles... Ya Sin
02:49 AM Bug #10267 (Rejected): DHCP Server PXE options: I was trying to set up a news PXE environment and just recognized this.
see DHCP-Server config:
TFTP Server = 10... Ya Sin
08:30 AM Revision f9c9899b: Accomodate both RADIUS and pool IP addresses in IPsec. Issue #8160: Viktor Gurov
08:04 AM Bug #10176 (In Progress): Multiple duplicate / overlapping phase 2 Child SAs on IPsec tunnels: It took it longer to happen but it still happened when set that way. Still investigating. Jim Pingle
06:08 AM Bug #10264 (Feedback): Gateways created at the console do not apply the naming convention used in the GUI: PR has been merged, thanks! Renato Botelho
06:02 AM pfSense Packages Bug #8830: Automatic flowbit resolution setting does not match description: Viktor Gurov wrote:
> works as expected on 2.5.0.a.20200214.1446 with snort 4.0_11
>
> 2.4.5 PR:
> https://githu... Renato Botelho
05:10 AM pfSense Packages Bug #10266: ACME: Changing validation from http to dns provokes ACME: Subject cut; should read *ACME: Changing validation from http to dns provokes ACME bug* Andrew Nimmo
01:57 AM pfSense Packages Bug #10266 (Resolved): ACME: Changing validation from http to dns provokes ACME: ACME package version: 0.6.4
Updating the validation method of an existing certificate from http to dns causes an e... Andrew Nimmo

Also available in: Atom

Project

General

Profile

pfSense

Activity

Activity

03/18/2020

03/17/2020

03/16/2020

03/15/2020

03/14/2020

03/13/2020

03/12/2020

03/11/2020

03/10/2020

03/09/2020

03/08/2020

03/07/2020

03/06/2020

03/05/2020

03/04/2020

03/03/2020

03/02/2020

03/01/2020

02/29/2020

02/28/2020

02/27/2020

02/26/2020

02/25/2020

02/24/2020

02/23/2020

02/22/2020

02/21/2020

02/20/2020

02/19/2020

02/18/2020