Project

General

Profile

Activity

From 02/25/2020 to 03/25/2020

03/25/2020

12:34 PM Feature #10340: IPsec Mobile GUI Improvement (Dashboard and Status > IPsec > Leases)
Appreciate Jim's idea: either *bolding* the green lines (like when pfSense indicates that it is up to date) or possib... Jum Pers
09:04 AM Bug #10375 (Resolved): Double zfs entry in loader.conf
Clean 2.4.5 install on ZFS,
after checking loader.conf I see double _zfs_load="YES"_ entries:... Viktor Gurov
08:26 AM Feature #10374 (Resolved): Add ARM32/64 network booting support to dhcpd
Similar to Bug #5046 which added EFI64 (arch = 00:09) support to DHCPd, but this is for ARM 32/64 architecture (arch ... Michael Boever
03:12 AM Bug #10373: Incorrect copyright year
same on the Dashboard copyright notice:
https://github.com/pfsense/pfsense/blob/d5cbbe6a0fa23a45525019f0bca1af613cf3... Viktor Gurov
02:11 AM Bug #10373 (Resolved): Incorrect copyright year
Latest 2.4.5 build shows:
_pfSense is Copyright 2004-2019 Rubicon Communications, LLC (Netgate)._
it should be:
... Viktor Gurov

03/24/2020

04:25 PM Bug #6481: loading EAP_RADIUS method failed
This bug keep in 2.4.4 release. Rafael Sant'Anna
02:34 PM Todo #10349: status.php: Sanitize ldapbindpass and ldap_pass
OK on 2.5.0.a.20200323.0902:... Viktor Gurov
02:23 PM Feature #10348 (Resolved): Add localhost to NTP Interfaces
works as expected on 2.5.0.a.20200323.0902 Viktor Gurov
11:40 AM pfSense Docs Correction #10371: Update flow control tuning doc for chelsio
It may also be good to recommend disablement of the non-router related resource allocations so the NIC can use its en... Ansley Barnes
02:39 AM pfSense Docs Correction #10371 (Resolved): Update flow control tuning doc for chelsio
It would be good to add into Flow Contol section of https://docs.netgate.com/pfsense/en/latest/hardware/tuning-and-tr... Constantine Kormashev
07:26 AM Bug #10372: PfSense crashes for TIL
ANyone, pls help us. DO not know what to do with Pfsense crashing p k
07:25 AM Bug #10372 (Rejected): PfSense crashes for TIL
PfSense crashes for TIL often. PFA crash logs. p k

03/23/2020

10:58 PM Todo #9734: Re-evaluate log size, line defaults, and limits
I was going to file a similar ticket, but found this one searching for "511488"...
I'm not sure how typical my set... Sean McBride
06:06 PM pfSense Packages Bug #10370 (New): ntopng Timeseries not send to InfluxDB
When moving timeseries from rrd to influxdb it initial configures the db but does not send data to Influxdb.
Netga... Alex Garcia
03:52 PM Feature #1019: Lagg Failover Mode Master Interface
https://github.com/pfsense/pfsense/pull/4249 Viktor Gurov
02:28 PM pfSense Packages Bug #10369: Remote OpenVPN server protocol definition
https://github.com/pfsense/FreeBSD-ports/pull/808 Viktor Gurov
02:25 PM pfSense Packages Bug #10369 (Resolved): Remote OpenVPN server protocol definition
An exact definition of the OpenVPN remote server protocol must be present,
Otherwise, it may try to establish a conn... Viktor Gurov
01:44 PM Bug #10368: OpenVPN server no definition of protocol to use (udp4)
This PR adds protocol definition:
https://github.com/pfsense/pfsense/pull/4248
TODO: same for OpenVPN client ex... Viktor Gurov
12:58 AM Bug #10368 (Resolved): OpenVPN server no definition of protocol to use (udp4)
When implementing a OpenVPN server and selecting the protocol "udp on ipv4 only" i expect, that that is exaclty what ... Bjarne Schmidt
07:33 AM Bug #9267: dhclient does not handle protocol timeouts or script failures correctly
Patch to pfSense-dhclient-script was applied on 2.4.5 as well Renato Botelho
04:11 AM Feature #7783: Support for hosting VMs on pfSense using bhyve
Hello. This is something more and more are after.
Separate Pfsense core installation from other addons/install pack... Tobias Müllauer
03:30 AM Bug #10359: Require State Filter setting breaks filter rule link to associated states
Re-tested on latest 2.4.5-RC, still working as expected. Jens Groh
03:21 AM Bug #10359: Require State Filter setting breaks filter rule link to associated states
Cherry-picked and manually installed "b9ab356250f68213fe36b6cba1758feee581ac83" via System Patches to 2.4.5-RC
Wor... Jens Groh

03/22/2020

03:05 PM pfSense Packages Bug #8625: PFsense squidGuard faulty URL check
https://github.com/pfsense/FreeBSD-ports/pull/806 Viktor Gurov
02:59 PM Feature #3718: radvd - enhancement proposal: ability to advertise routes and some fixes - patches attached
A short update:
The Router lifetime/AdvDefaultLifetime point tortured my mind last night.
Today I did some experime... Marc Posch
02:16 PM Feature #10341 (Resolved): Exclude unsupported interfaces from DHCP Relay
works as expected on 2.5.0.a.20200321.2101 Viktor Gurov
02:14 PM Bug #10359 (Resolved): Require State Filter setting breaks filter rule link to associated states
Viktor Gurov
02:14 PM Bug #10359: Require State Filter setting breaks filter rule link to associated states
works as expected on 2.5.0.a.20200321.2101 Viktor Gurov
02:11 PM Bug #10362 (Resolved): Error renewing cert if SAN contains IP Address
renewing is OK on 2.5.0.a.20200321.2101 Viktor Gurov
01:40 PM pfSense Packages Bug #10367: squid reverse proxy not starting
Fix:
https://github.com/pfsense/FreeBSD-ports/pull/805 Viktor Gurov
08:06 AM pfSense Packages Bug #10367 (Resolved): squid reverse proxy not starting
FATAL: Bungled /usr/local/etc/squid/squid.conf line 89: http_port Array:80 accel defaultsite=mysite.com vhost
http... Manuel Piovan
07:40 AM Bug #9488: No console when booting CE Memstick UEFI.
Jim Pingle wrote:
> OK, we'll mark this resolved for now, can revisit if it turns out to be a general issue.
It's... Grzegorz Krzystek

03/21/2020

04:52 PM Bug #10366 (Closed): Captive Portal Allowed MAC bandwidth Issue
Services----> Captive Portal -----> MACs
Given bandwidth for allowed MAC fallback to bandwidth defined in captive... Muhammad Waseem Ul Haq
04:40 PM Feature #3718: radvd - enhancement proposal: ability to advertise routes and some fixes - patches attached
Hello Magnus,
I am glad that you found my enhancement useful and updated it for the 2.4.4 version.
I didn't menti... Marc Posch
12:23 PM Bug #8585: Logical interface MTU matches configuration of its physical port channel, not its own configuration
This PR adds additional checking for lagg vlan interface (lagg with dot) to set_interface_mtu():
https://github.com/... Viktor Gurov
05:37 AM Bug #10365: LAGG member event causes filter to reload
This PR adds the same code for LAGG members checking,
and fixes LAGG Ports field on the Status / Interfaces page:
h... Viktor Gurov
04:49 AM Bug #10365 (Resolved): LAGG member event causes filter to reload
The LAGG interface member is cxl0 and cxl1,
if one of these interfaces is down, it triggers check_reload_status:
<p... Viktor Gurov
01:46 AM Feature #10323: Allow limiting NTP pool server usage count
It always require to fill the 'Max Pool Peers' field,
Fix allowing to use empty(default value) 'Max Pool Peers' fi... Viktor Gurov

03/20/2020

11:19 PM Bug #10364: 2nd LAN tracking IPv6 from a 2nd WAN not obtaining an IPv6 nor hosts behind it are getting an Global Rotatable IPv6
Jim Pingle wrote:
> That is almost certainly a configuration problem and not a bug. Post more details of your config... Al Mello
11:05 PM Bug #10364 (Rejected): 2nd LAN tracking IPv6 from a 2nd WAN not obtaining an IPv6 nor hosts behind it are getting an Global Rotatable IPv6
That is almost certainly a configuration problem and not a bug. Post more details of your configuration on the forum ... Jim Pingle
09:44 PM Bug #10364: 2nd LAN tracking IPv6 from a 2nd WAN not obtaining an IPv6 nor hosts behind it are getting an Global Rotatable IPv6
Correction: Seen at 2.4.4 p3 Al Mello
09:16 PM Bug #10364 (Rejected): 2nd LAN tracking IPv6 from a 2nd WAN not obtaining an IPv6 nor hosts behind it are getting an Global Rotatable IPv6
Physical pfSense
Version 2.4.4-RELEASE-p3 (amd64)
built on Wed May 15 18:53:44 EDT 2019
FreeBSD 11.2-RELEASE-p10
... Al Mello
01:00 PM Bug #10363 (Resolved): Clarify behavior of OpenVPN server option for Duplicate Connections
In the OpenVPN tunnel settings, vpn_openvpn_server.php, the *Duplicate Connections* setting could be more explicit. I... Jared Dillard
10:49 AM Feature #10350 (Resolved): Add OpenVPN configuration file(s) to status.php file
tested on 2.5.0.a.20200319.0930
Nice, I see OpenVPN client/server files with appropriate content:
OpenVPN-Configu... Viktor Gurov
08:25 AM Bug #7386 (Feedback): IPv6 not disabled in mpd.conf w/ IPv6 GUI option set to 'disabled'
PR has been merged. Thanks! Renato Botelho
08:21 AM Feature #10341 (Feedback): Exclude unsupported interfaces from DHCP Relay
PR has been merged. Thanks! Renato Botelho
08:20 AM Feature #10323 (Feedback): Allow limiting NTP pool server usage count
PR has been merged. Thanks! Renato Botelho
08:19 AM Feature #10301 (Feedback): Password confirmation when exporting encrypted backup file
PR has been merged. Thanks! Renato Botelho
08:18 AM Bug #8256 (Feedback): IPv6 IP Alias VIP not added to Interface Network Macros
PR has been merged. Thanks! Renato Botelho
08:16 AM Feature #2568 (Feedback): Allow dashed DUID to be entered in a DHCPv6 Mapping
PR has been merged. Thanks! Renato Botelho
08:13 AM Bug #10327 (Feedback): Fix/Update GPS initialization commands for Garmin devices.
PR has been merged. Thanks! Renato Botelho
08:12 AM Feature #10348 (Feedback): Add localhost to NTP Interfaces
PR has been merged. Thanks! Renato Botelho
08:10 AM Bug #8990 (Feedback): Additional BOOTP/DHCP Options per host
PR has been merged. Thanks! Renato Botelho
08:08 AM Feature #2850 (Feedback): add units in ntp status page
PR has been merged. Thanks! Renato Botelho
08:06 AM Todo #10349 (Feedback): status.php: Sanitize ldapbindpass and ldap_pass
PR has been merged. Thanks! Renato Botelho
08:04 AM Bug #10359 (Feedback): Require State Filter setting breaks filter rule link to associated states
PR has been merged. Thanks! Renato Botelho
08:02 AM Bug #10295 (Resolved): Unescaped characters in dhcp-client-identifier prevent DHCPD from starting on interface
fine on 2.5.0.a.20200319.0930 Viktor Gurov
07:59 AM Bug #10351 (Feedback): Saving IPSEC connection breaks FRR BGP on VTI interfaces
PR has been merged. Thanks! Renato Botelho
07:54 AM Bug #10351 (Pull Request Review): Saving IPSEC connection breaks FRR BGP on VTI interfaces
Jim Pingle
07:58 AM Bug #10362 (Feedback): Error renewing cert if SAN contains IP Address
PR has been merged. Thanks! Renato Botelho
07:46 AM Bug #10362 (Pull Request Review): Error renewing cert if SAN contains IP Address
Jim Pingle
04:47 AM Bug #10362: Error renewing cert if SAN contains IP Address
https://www.openssl.org/docs/manmaster/man5/x509v3_config.html#Subject-Alternative-Name:... Viktor Gurov
01:17 AM Bug #10362 (Resolved): Error renewing cert if SAN contains IP Address
example SAN: DNS:tkWAN2, IP Address:10.123.123.4
If I try to renew it, I get the message 'Error renewing Certifica... Viktor Gurov
07:55 AM Bug #9282 (Resolved): Add static mapping count to DHCP Server interface tabs
OK on 2.5.0.a.20200319.0930 Viktor Gurov
07:53 AM Bug #7622 (Resolved): Don't include disabled ipsec phase2 entries on pf table vpn_networks
tested on 2.5.0.a.20200319.0930
now it's OK Viktor Gurov
07:52 AM Feature #3567 (Pull Request Review): Option to disable NTP
Jim Pingle
03:29 AM Feature #3567: Option to disable NTP
Updated PR:
https://github.com/pfsense/pfsense/pull/4243 Viktor Gurov
07:45 AM pfSense Packages Bug #8887 (Pull Request Review): Squid Proxy Interface not assignee to IPv6
Jim Pingle
06:21 AM pfSense Packages Bug #8887: Squid Proxy Interface not assignee to IPv6
Squid IPv6 addresses needs square brackets
Otherwise, you will get:... Viktor Gurov
01:11 AM Bug #10360 (Resolved): PHP error when renewing a CA used by services
renewing is OK on 2.5.0.a.20200319.0930
tested with IPsec, OpenVPN and DNS Resolver services Viktor Gurov

03/19/2020

09:44 PM Bug #10351: Saving IPSEC connection breaks FRR BGP on VTI interfaces
Created pull request: https://github.com/pfsense/pfsense/pull/4242 Steven Brown
06:47 PM Feature #4242: Two Factor or OTP Authentication for Admin Interface
This is even more necessary with the recent vulnerabilities that were released. Justin P
03:05 PM Bug #10359 (Pull Request Review): Require State Filter setting breaks filter rule link to associated states
Jim Pingle
08:02 AM Bug #10359: Require State Filter setting breaks filter rule link to associated states
Firewall rules page uses $_REQUEST['ruleid'], but diag_dump_states.php checks only for $_POST['filter'] and requirest... Viktor Gurov
07:00 AM Bug #10359 (Resolved): Require State Filter setting breaks filter rule link to associated states
If one configures
System > General Setup
- Require State Filter -> yes (enabled checkbox)
that's a great way ... Jens Groh
03:04 PM pfSense Packages Feature #10357 (Pull Request Review): Add Iperf verbose output option
Jim Pingle
01:17 AM pfSense Packages Feature #10357: Add Iperf verbose output option
https://github.com/pfsense/FreeBSD-ports/pull/801 Viktor Gurov
01:12 AM pfSense Packages Feature #10357 (Resolved): Add Iperf verbose output option
iperf verbose output (-V) shows more detailed information, including TCP MSS, CPU utilization, time and version:
<pr... Viktor Gurov
03:01 PM pfSense Packages Feature #10356 (Pull Request Review): Support for additional Notification Support
PR: https://github.com/pfsense/FreeBSD-ports/pull/800 Jim Pingle
02:59 PM Feature #10354 (Pull Request Review): Telegram Notification Support
PR: https://github.com/pfsense/pfsense/pull/4240 Jim Pingle
02:38 PM Feature #10361 (Duplicate): Openvpn added the option to copy tunnels.
Duplicate of #5851 and it's already been implemented in 2.4.5. Jim Pingle
02:25 PM Feature #10361 (Duplicate): Openvpn added the option to copy tunnels.
It would be interesting that in openvpn tunnels you have the option to copy the tunnels as it exists in ipsec.
foll... Marcio Gomes
01:49 PM pfSense Docs New Content #8773 (Feedback): Add VPN Throughput Tuning info
All this and more...
https://docs.netgate.com/pfsense/en/latest/vpn/scaling.html Jim Pingle
08:35 AM Bug #10360 (Feedback): PHP error when renewing a CA used by services
Applied in changeset commit:8142358358ab20758bd78d53a934ef090bb981b9. Jim Pingle
08:28 AM Bug #10360 (Resolved): PHP error when renewing a CA used by services
When renewing a CA which is in use by a service, the restart may fail with an error such as:... Jim Pingle
02:23 AM pfSense Packages Feature #10358 (New): Stage FRR Configuration Changes
Changes made to the configuration on any FRR Component are applied immediate when hitting the save button. If a large... Luki TJ

03/18/2020

08:06 PM pfSense Packages Feature #10356 (Resolved): Support for additional Notification Support
Refer to feature #10354 Telegram Notification Support in the main pfsense package.
In order for the service watch... John Kap
02:15 PM Bug #10355 (Resolved): diag_ping.php: Potential XSS via Hostname parameter
Improper input is rejected by validation on 2.4.5.r.20200318.1200 Jim Pingle
09:05 AM Bug #10355 (Feedback): diag_ping.php: Potential XSS via Hostname parameter
Applied in changeset commit:cc3990a334059018b004c91eeb66c147d8afe83d. Jim Pingle
08:56 AM Bug #10355: diag_ping.php: Potential XSS via Hostname parameter
diag_traceroute.php is unaffected but I made the same changes there to be safe. Jim Pingle
08:54 AM Bug #10355 (Resolved): diag_ping.php: Potential XSS via Hostname parameter
On diag_ping.php, the hostname isn't fully validated and the output is not encoded, leading to a potential XSS.
Us... Jim Pingle
07:03 AM Feature #10354: Telegram Notification Support
Please submit your code as a pull request on github:
https://docs.netgate.com/pfsense/en/latest/development/submit... Viktor Gurov
06:07 AM Feature #3718: radvd - enhancement proposal: ability to advertise routes and some fixes - patches attached
I'm about to submit a PR now. However, there's one issue I'd like to figure out first:
The info text added by the ... Magnus Holmgren
05:39 AM Bug #9596 (Resolved): DHCPv6 Range should not be mandatory if Stateless DHCP selected as router mode
works as expected on 2.5.0.a.20200317.1949
I see the route to the default gateway via interface:... Viktor Gurov
05:32 AM Feature #9834 (Resolved): system_certmanager.php: add ability to import certificate without private key
works as expected on 2.5.0.a.20200317.1949 Viktor Gurov
05:28 AM Feature #10274 (Resolved): DNS64 support
works as expected on 2.5.0.a.20200317.1949 Viktor Gurov
05:25 AM Bug #10305 (Resolved): Using special character in Schedules description
OK on 2.5.0.a.20200317.1949 Viktor Gurov

03/17/2020

07:38 PM Feature #10354 (Resolved): Telegram Notification Support
In addition to providing SMTP notifications, give the option to send notifications to the Telegram application via it... John Kap
04:45 PM pfSense Docs Correction #10334 (Closed): Feedback on Firewall — Allowing Remote Access to the webGUI
This was fixed in https://github.com/pfsense/docs/commit/5ea5ff5352149e9509f303711963ade1ef602fbd. Thanks for the exa... Jared Dillard
11:19 AM Todo #10349: status.php: Sanitize ldapbindpass and ldap_pass
https://github.com/pfsense/pfsense/pull/4239 Viktor Gurov
09:51 AM Todo #10349 (Pull Request Review): status.php: Sanitize ldapbindpass and ldap_pass
See comments on the PR Jim Pingle
02:33 AM Todo #10349: status.php: Sanitize ldapbindpass and ldap_pass
This PR also removes double lighttpd_ls_password and sorts all values alphabetically:
https://gitlab.netgate.com/pfS... Viktor Gurov
10:51 AM Todo #10353 (Resolved): Update pkg to 1.13.x
pkg 1.13.x updated metadata version to 2. There is a bug on poudriere where package repositores are created with met... Renato Botelho
10:45 AM Feature #10350 (Feedback): Add OpenVPN configuration file(s) to status.php file
Applied in changeset commit:edc7e81f621805af8174fd7cf7299eb6afe1969c. Jim Pingle
09:58 AM Feature #2850 (Pull Request Review): add units in ntp status page
Jim Pingle
03:37 AM Feature #2850: add units in ntp status page
https://github.com/pfsense/pfsense/pull/4238 Viktor Gurov
09:46 AM Feature #10348 (Pull Request Review): Add localhost to NTP Interfaces
Jim Pingle
07:32 AM Feature #10348: Add localhost to NTP Interfaces
I also had a PR ready but I was waiting for the other requests to be merged
i had a different mods for that, i put i... Manuel Piovan
09:27 AM Bug #10352 (New): RADIUS authentication fails with MSCHAPv1 or MSCHAPv2 when passwords contain international characters
RADIUS authentication fails with the authentication server entry set to use MSCHAPv1 or MSCHAPv2 when passwords conta... Jim Pingle
07:05 AM Feature #10321 (Resolved): URL/URL Table alias with IDN hostnames
works as expected on 2.5.0.a.20200317.0046
 Viktor Gurov
07:04 AM Bug #10336 (Resolved): fatal error on firewall_aliases_edit.php
no such error on 2.5.0.a.20200317.0046... Viktor Gurov
03:52 AM Feature #7361: 2.3.4 - Add possibility to modify UDP (First, Single, Multiple) and TCP Timeouts per rule and not only per global parameter
It is not the duplicate of #1635!
I'd like to have this possibility too. Dmitry Shumilin
02:28 AM Bug #10351: Saving IPSEC connection breaks FRR BGP on VTI interfaces
I should have made it clearer that /etc/rc.newipsecdns is run post-patch. Steven Brown
02:28 AM Bug #10351 (Resolved): Saving IPSEC connection breaks FRR BGP on VTI interfaces
I believe this is related to Bug #9668.
When editing a Phase 1 IPSEC connection and clicking save and then apply, ... Steven Brown

03/16/2020

06:10 PM Feature #10350 (Resolved): Add OpenVPN configuration file(s) to status.php file
On status.php, we include the IPsec configuration file but we don't include the equivalent for OpenVPN (for example /... Anonymous
04:28 PM Todo #10349 (Resolved): status.php: Sanitize ldapbindpass and ldap_pass
config-sanitized.xml contains clear-text passwords:
<ldapbindpass> - squidguard LDAP DN Password (squidguard.xml)
<... Viktor Gurov
04:17 PM Feature #10348: Add localhost to NTP Interfaces
NTPD listens for 127.0.0.1:123 and :: 1: 123 anyway, but this PR allows you to select _only_ Loopback as the listenin... Viktor Gurov
09:02 AM Bug #10327 (Pull Request Review): Fix/Update GPS initialization commands for Garmin devices.
Jim Pingle
08:28 AM Bug #10327: Fix/Update GPS initialization commands for Garmin devices.
PR https://github.com/pfsense/pfsense/pull/4236 Manuel Piovan
08:06 AM pfSense Packages Bug #8774 (Pull Request Review): Whitelist ALC type not supported by ssl_bump
Jim Pingle
08:04 AM Bug #10346 (Pull Request Review): DHCPv6 service Dynamic DNS errors
Jim Pingle
07:56 AM Feature #10340: IPsec Mobile GUI Improvement (Dashboard and Status > IPsec > Leases)
If this is done, the distinction should include an icon or other formatting change. Using red/green only as visual in... Jim Pingle
07:56 AM Feature #10345: Improve distinction between online and idle/offline entries in DHCP lease list
If this is done, the distinction should include an icon or other formatting change. Using red/green only as visual in... Jim Pingle
07:48 AM Bug #3176: Hosts file corrupted when using "Register DHCP leases in DNS forwarder"
Just had something that looks exactly like this happen in 2.4.4-RELEASE-p3 with my overrides list truncated in the mi... Erik Fonnesbeck
03:23 AM Feature #10273: OpenVPN compile with --enable-async-push
Hi,
Please be aware that a fix for openvpn (--enable-async-push is broken on FreeBSD) has been committed to master... Lev Stipakov

03/15/2020

08:48 PM Feature #10348 (Resolved): Add localhost to NTP Interfaces
When selecting interfaces its not possible to select localhost unless deselecting all interfaces and enabling the use... B T
04:59 PM Bug #9267: dhclient does not handle protocol timeouts or script failures correctly
This looks good in 2.4.5 with the patch to the script and the patched binary in place.
Without the patches dhclien... Steve Wheeler
02:24 PM Feature #1557 (Resolved): Add the Interface descriptions to the OS interface descriptions
works as expected on 2.5.0.a.20200314.1917:... Viktor Gurov
02:02 PM pfSense Packages Bug #8774: Whitelist ALC type not supported by ssl_bump
https://github.com/pfsense/FreeBSD-ports/pull/799 Viktor Gurov
12:25 PM Feature #10231 (Duplicate): Replace --route-nopul with --pull-filter
#10347 Jim Pingle
10:53 AM Feature #10231: Replace --route-nopul with --pull-filter
Posted this in the wrong place.
Please close or delete.
Thanks. Pippin MMD
10:58 AM Feature #9702: OpenVPN "push-reset" option in Client Specific Override breaks "subnet" topology
+1 for this option to be added.
A checkbox, when ticked reveals a box to enter the options to remove.
Thanks. Pippin MMD
10:51 AM pfSense Packages Feature #10347 (New): Request to add pull-filter
Since the option --route-nopull is under discussion to be deprecated I would like to propose --pull-filter to be adde... Pippin MMD
08:03 AM Bug #10344 (Rejected): DNS Resolver requires full system restart before applying Host Overrides
Can't reproduce this as stated and, like the last comment states, most likely would have been something else causing ... Jim Pingle
06:51 AM Bug #10344: DNS Resolver requires full system restart before applying Host Overrides
Hmmm, this might have been due to having my VPN running at the same time. I've just hit something else that was fish... Shareef Jalloq
07:53 AM Bug #10346: DHCPv6 service Dynamic DNS errors
https://github.com/pfsense/pfsense/pull/4235 Viktor Gurov
07:48 AM Bug #10346 (Resolved): DHCPv6 service Dynamic DNS errors
1) The DHCPv6 Server & RA page is not allow to enter IPv6 address in DDNS Server IP field (IPv4?)
2) The DHCPv6 Serv... Viktor Gurov
04:33 AM Bug #6239: DHCP server NTP fields should allow hostnames
Beat Siegenthaler wrote:
> Chris Buechler wrote:
> > Same restriction exists on DHCPv6 Server, but dhcpd won't star... Viktor Gurov

03/14/2020

10:14 PM Feature #10345 (Resolved): Improve distinction between online and idle/offline entries in DHCP lease list
On the +*Status / DHCP Leases*+ page the distinction between *on*-line and *off*-line is not very clear.
Would it ... Chris Klomp
02:13 PM Feature #4881: Allow NPt to use dynamic IPv6 networks
Holger Glemser wrote:
> CK, are you sure that you cannot get a "real" prefix from your ISP?...
Thanks Holger, now... Csoban Kesmarki
10:20 AM Bug #10344 (Rejected): DNS Resolver requires full system restart before applying Host Overrides
I've just hit a bug where after creating a new Host Override in the DNS Resolver, I've had to restart pfSense before ... Shareef Jalloq
05:51 AM Bug #6239: DHCP server NTP fields should allow hostnames
Chris Buechler wrote:
> Same restriction exists on DHCPv6 Server, but dhcpd won't start with FQDNs there so that's c... Beat Siegenthaler

03/13/2020

07:31 PM Bug #10343 (Rejected): unbound crashes repeatedly when using acme plugin
I can't reproduce this. I use ACME certs and DNS resolver on numerous lab systems and none behave this way.
Please... Jim Pingle
06:38 PM Bug #10343 (Rejected): unbound crashes repeatedly when using acme plugin
I had a working pfSense for a long time. Today, I installed and configured the acme package to generate a LetsEncryp... Jeremy  99
10:06 AM Bug #10342 (New): Unbound domain overrides stop resolving periodically. They only resume after the service has been restarted.
Here is the original description of the problem: https://forum.netgate.com/topic/150898/unbound-domain-overrides-stop... Charles Hamilton
08:22 AM Bug #8256 (Pull Request Review): IPv6 IP Alias VIP not added to Interface Network Macros
Jim Pingle
06:12 AM Bug #8256: IPv6 IP Alias VIP not added to Interface Network Macros
Fix:
https://github.com/pfsense/pfsense/pull/4234 Viktor Gurov
08:16 AM Feature #2568 (Pull Request Review): Allow dashed DUID to be entered in a DHCPv6 Mapping
Jim Pingle
04:58 AM Feature #2568: Allow dashed DUID to be entered in a DHCPv6 Mapping
https://github.com/pfsense/pfsense/pull/4233 Viktor Gurov
08:11 AM Feature #10341 (Pull Request Review): Exclude unsupported interfaces from DHCP Relay
Jim Pingle
03:24 AM Feature #10341: Exclude unsupported interfaces from DHCP Relay
Viktor Gurov wrote:
> Such interfaces as VTI, GIF, GRE and L2TP is unsupported by DHCP Relay:
> [...]
>
> They m... sezer h
02:36 AM Feature #10341: Exclude unsupported interfaces from DHCP Relay
https://github.com/pfsense/pfsense/pull/4232 Viktor Gurov
02:28 AM Feature #10341 (Resolved): Exclude unsupported interfaces from DHCP Relay
Such interfaces as VTI, GIF, GRE and L2TP is unsupported by DHCP Relay:... Viktor Gurov
08:11 AM Bug #7778 (Pull Request Review): DHCP relay not working correctly with bridges
Possibly also solved by https://github.com/pfsense/pfsense/pull/4232 Jim Pingle
07:52 AM Bug #10307 (Resolved): NTP status widget doesn't display stratum
work ok with any address on 2.5.0.a.20200312.1334 Viktor Gurov
07:34 AM Bug #10307: NTP status widget doesn't display stratum
yup work ok with my long ipv6 address too Manuel Piovan
03:09 AM Feature #9828 (Resolved): L2TP (long) username containing @ (realm separator)
works ok on 2.5.0.a.20200312.1334 Viktor Gurov
03:06 AM Bug #9401 (Resolved): 26 to 31 character VPN interface names cause gateway names to exceed 31 character limit
works as expected on 2.5.0.a.20200312.1334
 Viktor Gurov
02:56 AM Bug #4866 (Resolved): L2TP server are restarted after adding/modifying L2TP users (mpd.secret)
works as expected on 2.5.0.a.20200311.1716 Viktor Gurov

03/12/2020

04:55 PM Bug #10307: NTP status widget doesn't display stratum
Latest commit appears to work even for the peer on the last line. Thanks Ronald Schellberg
12:40 PM Bug #10307 (Feedback): NTP status widget doesn't display stratum
Applied in changeset commit:d09e19adf4253251dc2aa6d9edc3043e69096d4f. Jim Pingle
12:34 PM Bug #10307: NTP status widget doesn't display stratum
I just pushed a new version using awk instead of sed which fixes the reported problem plus the other problem I found. Jim Pingle
09:30 AM Bug #10307 (In Progress): NTP status widget doesn't display stratum
Looks like the sed pattern I suggested will skip the last line in certain cases. Need to tinker with it some more. It... Jim Pingle
03:03 PM Feature #10340: IPsec Mobile GUI Improvement (Dashboard and Status > IPsec > Leases)
(For me personally: the Dashboard widget is the more important of the two) Jum Pers
02:58 PM Feature #10340: IPsec Mobile GUI Improvement (Dashboard and Status > IPsec > Leases)
(the images are sanitized and the second is for the Status > IPsec > Leases page) Jum Pers
02:56 PM Feature #10340 (Resolved): IPsec Mobile GUI Improvement (Dashboard and Status > IPsec > Leases)
A usability request:
I have a number of (Cisco) IPSEC mobile clients connecting to the latest stable of pfSense an... Jum Pers
01:33 PM pfSense Packages Todo #9200: Add DNS support for Google domain to Acme manager
The question is how is certbot doing it using a plugin called dns-google
It is a python plugin Manvir Randhawa
01:17 PM Bug #10339: dhcp relay does'nt work behind ipsec network beacuse wangw bridge
hi again,
my configuration like below
wangw pppoe
dhcprelay host 10.1.1.1
dhcprelay host 10.1.1.2
but thes... sezer h
10:18 AM Bug #10339 (Rejected): dhcp relay does'nt work behind ipsec network beacuse wangw bridge
There isn't enough information here for a coherent bug report, and it doesn't look like a new or unique issue that we... Jim Pingle
09:55 AM Bug #10339 (Rejected): dhcp relay does'nt work behind ipsec network beacuse wangw bridge
hi everyone,
i trying to use dhcprelay behind ipsec.
the pfsense dosent know dhcp relay ip address beacuse ipad... sezer h
09:58 AM Feature #3329 (Pull Request Review): Allow creating "not" rules for IPsec Phase 2
Jim Pingle
07:02 AM Feature #3329: Allow creating "not" rules for IPsec Phase 2
https://github.com/pfsense/pfsense/pull/4230 Viktor Gurov
09:50 AM Feature #10301 (Pull Request Review): Password confirmation when exporting encrypted backup file
Jim Pingle
08:17 AM Feature #10301: Password confirmation when exporting encrypted backup file
This PR adds password confirmation:
https://github.com/pfsense/pfsense/pull/4231 Viktor Gurov
09:47 AM Bug #7386 (Pull Request Review): IPv6 not disabled in mpd.conf w/ IPv6 GUI option set to 'disabled'
Jim Pingle
12:58 AM Bug #7386: IPv6 not disabled in mpd.conf w/ IPv6 GUI option set to 'disabled'
https://github.com/pfsense/pfsense/pull/4228 Viktor Gurov
09:13 AM pfSense Packages Bug #10338 (Pull Request Review): FRR OSPF6 Router-ID configuration statement has changed
Jim Pingle
12:13 AM Bug #7255: Firewall alias FQDN field rejects IDNs (Internationalized domain names)
You can use URL/URL Table alias for IDN hostnames:
https://redmine.pfsense.org/issues/10321 Viktor Gurov

03/11/2020

10:13 PM pfSense Packages Todo #9200: Add DNS support for Google domain to Acme manager
Google Domains currently does not have any API that allows DNS records to be managed programmatically, so no ACME cli... Jeremy  99
04:09 PM pfSense Packages Bug #10338: FRR OSPF6 Router-ID configuration statement has changed
Only a quick fix so submitted a PR.
https://github.com/pfsense/FreeBSD-ports/pull/798 Ben Hughes
03:51 PM pfSense Packages Bug #10338 (Resolved): FRR OSPF6 Router-ID configuration statement has changed
Trying out the latest 2.4.5 RC and I noticed that my ospf6 router-id had reverted to the default of picking the highe... Ben Hughes
01:30 PM Bug #10327: Fix/Update GPS initialization commands for Garmin devices.
i partially agree with this
the default now is
$PGRMC,,,,,,,,,,3,,2,8*5E <-- NMEA Baud rate = 4800, pps on, For GP... Manuel Piovan
08:11 AM Bug #10327: Fix/Update GPS initialization commands for Garmin devices.
I have found the same issue in my use of the Garmin 18x LVC on pfSense.
In my opinion it would be preferable to se... Christian Borchert
10:34 AM Bug #10336: fatal error on firewall_aliases_edit.php
Viktor Gurov wrote:
> worked before: https://redmine.pfsense.org/issues/10321
> it looks like php73-intl is removed... Renato Botelho
08:01 AM Bug #10336: fatal error on firewall_aliases_edit.php
That wouldn't belong on a PR or change for this issue. Jim Pingle
07:57 AM Bug #10336: fatal error on firewall_aliases_edit.php
if i can also say something about line 2384 ..
/* NOTE: fgetss() is not a typo RTFM before being smart */
it should... Manuel Piovan
07:34 AM Bug #10336: fatal error on firewall_aliases_edit.php
worked before: https://redmine.pfsense.org/issues/10321
it looks like php73-intl is removed from the last build and ... Viktor Gurov
06:34 AM Bug #10336: fatal error on firewall_aliases_edit.php
the function idn_to_asci is inside php-intl
this package need to be installed:
php73-intl: 7.3.15 [pfSe... Manuel Piovan
05:54 AM Bug #10336 (Resolved): fatal error on firewall_aliases_edit.php
if i try to insert a URL(IP)
and try to save
Fatal error: Uncaught Error: Call to undefined function idn_to_ascii... Manuel Piovan
10:15 AM Bug #7815: IPSec MSS Clamping is matching traffic not related to IPSec
This can be caused by too wide traffic selector
Example:
pfSense routes traffic between local networks 10.1.0.0/1... Viktor Gurov
09:59 AM Bug #10303: pfSense-upgrade is not upgrading itself
I added a note to the 2.4.5 release notes and to the blog post, so there shouldn't be anything else left to do here. Jim Pingle
09:22 AM Bug #10337 (Needs Patch): OpenVPN CSO changes require server restart
If we are rewriting the files and OpenVPN isn't re-reading them when the client connects, there isn't much else we ca... Jim Pingle
08:27 AM Bug #10337: OpenVPN CSO changes require server restart
this is bug
from https://openvpn.net/community-resources/controlling-a-running-openvpn-process/:
client-config-di... Viktor Gurov
08:02 AM Bug #10337 (Closed): OpenVPN CSO changes require server restart
It may be good to add notice 'Setting CSO changes are applied only after OpenVPN server restart' after saving CSO cha... Viktor Gurov
08:10 AM Bug #10331: French language give a Warning: sprintf(): in system_advanced_admin.php
Jim Pingle wrote:
> Working fine on 2.4.5 as of 2.4.5.r.20200311.0600
>
> 2.5.0 (2.5.0.a.20200311.0759) still pro... Renato Botelho
08:02 AM Bug #10331: French language give a Warning: sprintf(): in system_advanced_admin.php
Jim Pingle wrote:
> Working fine on 2.4.5 as of 2.4.5.r.20200311.0600
>
> 2.5.0 (2.5.0.a.20200311.0759) still pro... Anthony hesnaux
07:58 AM Bug #10331 (New): French language give a Warning: sprintf(): in system_advanced_admin.php
Working fine on 2.4.5 as of 2.4.5.r.20200311.0600
2.5.0 (2.5.0.a.20200311.0759) still produces an error. Since it'... Jim Pingle
08:07 AM Bug #9622 (Feedback): Changing admins membership does not replicate correctly to HA slave
PR has been merged. Thanks! Renato Botelho
08:07 AM Feature #7284 (Feedback): NTPd Autoset GPS device baud rate
PR has been merged. Thanks! Renato Botelho
08:07 AM Bug #7622 (Feedback): Don't include disabled ipsec phase2 entries on pf table vpn_networks
PR has been merged. Thanks! Renato Botelho
07:17 AM Bug #7622 (Pull Request Review): Don't include disabled ipsec phase2 entries on pf table vpn_networks
Jim Pingle
04:52 AM Bug #7622: Don't include disabled ipsec phase2 entries on pf table vpn_networks
Fix:
https://github.com/pfsense/pfsense/pull/4227 Viktor Gurov
07:49 AM Feature #8624 (Resolved): DNS Resolver Resolve IPv6 OpenVPN Client Addresses
works as expected on 2.5.0.a.20200310.1958... Viktor Gurov
07:15 AM Feature #10333 (Pull Request Review): Increase the number of DHCP NTP server options to three for DHCP Static Mappings
Jim Pingle
04:32 AM Feature #10333: Increase the number of DHCP NTP server options to three for DHCP Static Mappings
work as expected ! thanks Victor
tested on a dhcp static mapped machine... Manuel Piovan
01:11 AM Feature #10333: Increase the number of DHCP NTP server options to three for DHCP Static Mappings
added to https://github.com/pfsense/pfsense/pull/4225 Viktor Gurov
06:58 AM Bug #9282 (Feedback): Add static mapping count to DHCP Server interface tabs
PR has been merged. Thanks! Renato Botelho
06:58 AM Bug #10307 (Feedback): NTP status widget doesn't display stratum
PR has been merged. Thanks! Renato Botelho
06:58 AM Feature #10293 (Feedback): DNS flag day - EDNS buffer size recommendation
PR has been merged. Thanks! Renato Botelho
06:48 AM pfSense Packages Bug #10320 (Feedback): lcdproc Crash report begins
PR has been merged. Thanks! Renato Botelho
01:24 AM pfSense Packages Feature #10335 (Resolved): Squid IPv6 transparent mode
Add IPv6 transparent mode feature to Squid
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=193568#c2:
Your PF... Viktor Gurov

03/10/2020

08:44 PM pfSense Docs Correction #10334 (Closed): Feedback on Firewall — Allowing Remote Access to the webGUI
*Page:* https://docs.netgate.com/pfsense/en/latest/firewall/remote-firewall-administration.html
*Feedback:* https:... Anonymous
03:09 PM Feature #10333 (Resolved): Increase the number of DHCP NTP server options to three for DHCP Static Mappings
based on this https://redmine.pfsense.org/issues/9661
there should be 3 NTP server defined also in DHCP Static Mappi... Manuel Piovan
02:55 PM Bug #10307 (Pull Request Review): NTP status widget doesn't display stratum
Jim Pingle
12:09 PM Bug #10331 (Feedback): French language give a Warning: sprintf(): in system_advanced_admin.php
Renato Botelho
12:06 PM Bug #10331: French language give a Warning: sprintf(): in system_advanced_admin.php
Fixed at Zanata and a direct commit to 2.4.5 Renato Botelho
10:54 AM Bug #10331: French language give a Warning: sprintf(): in system_advanced_admin.php
A string in the French translation file is broken.
It is:... Jim Pingle
07:46 AM Bug #10331 (Resolved): French language give a Warning: sprintf(): in system_advanced_admin.php
Hello all,
If you select French langage and you go to "system_advanced_admin.php" page you have this warning and it'... Anthony hesnaux
11:16 AM Bug #10303 (Resolved): pfSense-upgrade is not upgrading itself
I've been upgrading VMs here with success on 2.5.0 and 2.4.5 around these times and it's been OK. Even some older VMs... Jim Pingle
11:14 AM pfSense Packages Bug #10332 (Closed): PFBlockerNG loading GeoLite2-Country.mmdb
Running pfsense 2.4.5.r.20200305.1800 with pfBlockerNG-devel 2.2.5_29
After downloading GeoLite2-Country.tar.gz, p... John Clark
10:03 AM Bug #9282 (Pull Request Review): Add static mapping count to DHCP Server interface tabs
Jim Pingle
05:42 AM Bug #9282: Add static mapping count to DHCP Server interface tabs
This PR adds static mappings counter:
https://github.com/pfsense/pfsense/pull/4226 Viktor Gurov
09:59 AM Bug #8990 (Pull Request Review): Additional BOOTP/DHCP Options per host
Jim Pingle
05:29 AM Bug #8990: Additional BOOTP/DHCP Options per host
This PR adds missing options (LDAP, Network Booting, Additional Options) on the Static DHCP Mapping page:
https://gi... Viktor Gurov
09:57 AM Feature #9891 (Pull Request Review): QLogic 10 Gigabit Ethernet driver (qlxgb)
Jim Pingle
04:13 AM Feature #9891: QLogic 10 Gigabit Ethernet driver (qlxgb)
https://github.com/pfsense/FreeBSD-src/pull/28 Viktor Gurov
09:47 AM pfSense Packages Bug #10326 (Not a Bug): Snort - Blocked Alert - Show IP but Description loss -> "Alert Description No Longer Available"
Jim Pingle
09:47 AM Bug #10325 (Feedback): System/Advanced/Notifications/E-Mail - SMTP Notification E-Mail auth password Unexpected Bahaviour
Jim Pingle
04:58 AM Bug #10325: System/Advanced/Notifications/E-Mail - SMTP Notification E-Mail auth password Unexpected Bahaviour
Ok, will wait for 2.4.5
That case sounds similar but im not 100% but if it works on yours as expected at those rel... Mr B
09:42 AM Feature #10323 (Pull Request Review): Allow limiting NTP pool server usage count
Jim Pingle
05:34 AM pfSense Packages Bug #10330 (Feedback): BIND zone configuration displays wrong DS resource record with inline DNSSEC signing enabled
Hi everybody
The zone GUI for the BIND DNS server helpfully displays the DS resource records to transfer to the pa... Andreas Grommek

03/09/2020

07:15 PM Feature #10323: Allow limiting NTP pool server usage count
Thanks for checking and for the feedback!
corrected Manuel Piovan
06:35 PM Feature #10323: Allow limiting NTP pool server usage count
Thanks!
Unfortunately I note a small spelling error (_Maximun_ instead of _maximum_). Also the @tos maxclock@ dire... David Burns
04:33 PM Feature #10323: Allow limiting NTP pool server usage count

PR : https://github.com/pfsense/pfsense/pull/4224 Manuel Piovan
10:08 AM Feature #10323: Allow limiting NTP pool server usage count
I agree, it would be best to allow the user to configure that value rather than limiting it unilaterally. Jim Pingle
06:20 AM Feature #10323 (Resolved): Allow limiting NTP pool server usage count
Summary: pfSense default NTP configuration using NTP Pool servers appears to result in polling of an excessive number... David Burns
06:48 PM pfSense Packages Bug #10326: Snort - Blocked Alert - Show IP but Description loss -> "Alert Description No Longer Available"
This is not a bug. It's caused by the alert log file getting purged by either getting rotated as part of the periodic... Bill Meeks
12:13 PM pfSense Packages Bug #10326 (Not a Bug): Snort - Blocked Alert - Show IP but Description loss -> "Alert Description No Longer Available"
Snort v 3.2.9.10
Package Dependencies:
snort-2.9.15  barnyard2-1.13_1
In the blocked tab show data in the IP C... Diego Leon
06:08 PM Bug #10325: System/Advanced/Notifications/E-Mail - SMTP Notification E-Mail auth password Unexpected Bahaviour
i think it's a duplicate of https://redmine.pfsense.org/issues/9684
and it is already been corrected with https://gi... Manuel Piovan
10:44 AM Bug #10325 (New): System/Advanced/Notifications/E-Mail - SMTP Notification E-Mail auth password Unexpected Bahaviour
Hi,
In System/Advanced/Notifications/E-Mail - SMTP Notification E-Mail auth password, if i wish to CHANGE the passwo... Mr B
02:31 PM Bug #10328 (Needs Patch): LTE (USB) connection on 2.5.0-DEV locks the system up right after its established
Probably nothing for us to do here, needs to be solved upstream in FreeBSD.
It could be the driver for that specif... Jim Pingle
02:18 PM Bug #10328: LTE (USB) connection on 2.5.0-DEV locks the system up right after its established
The modem worked on 2.4, it connects on 2.5 too get ip address but box locks up in 30 sec after connection establishe... Csaba Bistey
02:12 PM Bug #10328 (Needs Patch): LTE (USB) connection on 2.5.0-DEV locks the system up right after its established
Crash report begins. Anonymous machine information:
amd64
12.0-RELEASE-p10
FreeBSD 12.0-RELEASE-p10 ce9563d5729... Csaba Bistey
01:25 PM Bug #10324 (Resolved): system_usermanager_addprivs.php: User account full name is not encoded before output
OK on 2.4.5.r.20200309.1200
OK on 2.5.0 via gitsync Jim Pingle
09:36 AM Bug #10324 (Feedback): system_usermanager_addprivs.php: User account full name is not encoded before output
Fixed by commit:3c1e53dabe966f27c9097a5a923e77f49ae5fffa (master) and commit:63b2d08b84b5c1707db809209d7a30569ec2e1e1... Jim Pingle
07:54 AM Bug #10324 (Resolved): system_usermanager_addprivs.php: User account full name is not encoded before output
On system_usermanager_addprivs.php, the user name and full name are displayed at the top of the page for reference. T... Jim Pingle
12:35 PM Bug #10327 (Resolved): Fix/Update GPS initialization commands for Garmin devices.
I'm currently using a Garmin GPS 18x LVC receiver (FW 4.40), with PPS connected, as a reference clock for NTP on the ... Grimson Gretzleburg
10:58 AM pfSense Packages Feature #9003 (Feedback): Add 'Copy Running to Saved' option to the raw config
PR has been merged. Thanks! Renato Botelho
10:53 AM pfSense Packages Feature #8196 (Feedback): pfSense-pkg-LCDproc: add a shutdown/reboot control menu
PR has been merged. Thanks! Renato Botelho
10:52 AM pfSense Packages Feature #8198 (Feedback): pfSense-pkg-LCDproc: Add a link status screen for each interface
PR has been merged. Thanks! Renato Botelho
10:45 AM pfSense Packages Feature #8574 (Feedback): Enable AgentX-support in lldpd using GUI
PR has been merged. Thanks! Renato Botelho
10:32 AM pfSense Packages Bug #8887 (Feedback): Squid Proxy Interface not assignee to IPv6
PR has been merged on 2.4.5 and 2.5.0. Thanks! Renato Botelho
10:28 AM pfSense Packages Feature #10297 (Feedback): IPv6 user attributes
PR has been merged. Thanks! Renato Botelho
10:26 AM Bug #8522 (Feedback): SMTP test says success when actually fails
PR has been merged. Thanks! Renato Botelho
10:08 AM Feature #1557 (Feedback): Add the Interface descriptions to the OS interface descriptions
PR has been merged. Thanks! Renato Botelho
09:41 AM Feature #1557 (Pull Request Review): Add the Interface descriptions to the OS interface descriptions
Jim Pingle
10:03 AM pfSense Packages Feature #9272 (Pull Request Review): Allow multiple IP in ListenIP for Zabbix Agent
Jim Pingle
04:48 AM pfSense Packages Feature #9272: Allow multiple IP in ListenIP for Zabbix Agent
Fix + allow to use :: and ::/1 IPv6 addresses:
https://github.com/pfsense/FreeBSD-ports/pull/791 Viktor Gurov
09:56 AM pfSense Packages Bug #10320 (Pull Request Review): lcdproc Crash report begins
Jim Pingle
09:55 AM Bug #9622 (Pull Request Review): Changing admins membership does not replicate correctly to HA slave
Jim Pingle
08:59 AM Bug #8987 (Feedback): Web GUI main page very slow to load if wan interface is enabled but not connected.
PR https://github.com/pfsense/pfsense/pull/4170 has been merged. Thanks! Renato Botelho
08:24 AM Bug #10236: Cannot add more than 2 VMXNET3 Adapters in vSphere
I appear to have made a typo. It should be more than 3 adapters. I checked ran into it again a week or two ago, it ... Patrick Sanderson
08:15 AM Feature #8624 (Feedback): DNS Resolver Resolve IPv6 OpenVPN Client Addresses
PR has been merged. Thanks! Renato Botelho
08:14 AM Feature #10274 (Feedback): DNS64 support
PR has been merged. Thanks! Renato Botelho
08:09 AM Feature #9834 (Feedback): system_certmanager.php: add ability to import certificate without private key
PR has been merged. Thanks! Renato Botelho
08:07 AM Bug #9401 (Feedback): 26 to 31 character VPN interface names cause gateway names to exceed 31 character limit
PR has been merged. Thanks! Renato Botelho
08:06 AM Bug #9596 (Feedback): DHCPv6 Range should not be mandatory if Stateless DHCP selected as router mode
PR has been merged. Thanks! Renato Botelho
08:05 AM Bug #7380 (Feedback): WAN DHCP Gateway Outside of Subnet Causing Route Issues
PR has been merged. Thanks! Renato Botelho
08:04 AM Feature #9828 (Feedback): L2TP (long) username containing @ (realm separator)
PR has been merged. Thanks! Renato Botelho
08:03 AM Bug #10306 (Feedback): Incorrect IPsec service status
PR has been merged. Thanks! Renato Botelho
08:02 AM Bug #10276 (Feedback): NTP "No Select" does not work
PR has been merged. Thanks! Renato Botelho
08:00 AM Bug #10295 (Feedback): Unescaped characters in dhcp-client-identifier prevent DHCPD from starting on interface
PR has been merged. Thanks! Renato Botelho
07:59 AM Bug #10305 (Feedback): Using special character in Schedules description
PR has been merged. Thanks! Renato Botelho
07:56 AM Bug #4866 (Feedback): L2TP server are restarted after adding/modifying L2TP users (mpd.secret)
PR has been merged. Thanks! Renato Botelho
07:55 AM Feature #8160 (Feedback): Accomodate both RADIUS and pool IP addresses in IPsec
PR has been merged. Thanks! Renato Botelho
07:54 AM Bug #10317 (Feedback): SMTP notifications validating SSL when option disabled
PR has been merged. Thanks! Renato Botelho
07:49 AM Bug #10307: NTP status widget doesn't display stratum
We've hit that newline issue before with @ntpq@ output -- see #4815
Probably will break more than it helps by addi... Jim Pingle
07:19 AM Bug #10307: NTP status widget doesn't display stratum
of course
the problwm with the -w flag is that If this requires more than 15 characters, display the full value, emi... Manuel Piovan
06:56 AM Bug #10307: NTP status widget doesn't display stratum
Thanks for testing!
Can you show 'ntpq -pn -w' output? Viktor Gurov
06:11 AM Bug #10307: NTP status widget doesn't display stratum
screenshot added Manuel Piovan
06:02 AM Bug #10307: NTP status widget doesn't display stratum
tested it, work partially
NTP status page is wrong for me the table is shifted of 1 place after the long ipv6 addr... Manuel Piovan
07:48 AM Feature #10214 (Feedback): Allow IPsec duplicate endpoints
PR has been merged. Thanks! Renato Botelho
07:44 AM Feature #10321 (Feedback): URL/URL Table alias with IDN hostnames
PR has been merged. Thanks! Renato Botelho

03/08/2020

04:09 PM Bug #10307: NTP status widget doesn't display stratum
Also NTP status page shows truncated IPv6 address
from ntpq(1):... Viktor Gurov
06:03 AM Bug #10307: NTP status widget doesn't display stratum
affected version also 2.5.0
Candidate 192.168.10.200 .GPS. 1 u 28 64 17 0.187 -0.436 0.048
Candidate 172.17.0.100 ... Manuel Piovan
02:12 PM Feature #10322: Force ipv4/ipv6 DNS resolution for NTP servers
Jim,
For an unknown reason - even though my setup is configured for only ipv4, sometimes NTP will randomly resolve... Christian Borchert
01:09 PM Feature #10322: Force ipv4/ipv6 DNS resolution for NTP servers
It's not a bug, it's just not supported.
It could be added. For example, with an option for each server in the NTP... Jim Pingle
12:05 PM Feature #10322 (Resolved): Force ipv4/ipv6 DNS resolution for NTP servers
Per http://doc.ntp.org/current-stable/confopt.html one should be able to prefix an NTP server hostname with either '-... Christian Borchert
05:08 AM Feature #10321: URL/URL Table alias with IDN hostnames
https://github.com/pfsense/pfsense/pull/4222 Viktor Gurov
04:56 AM Feature #10321 (Resolved): URL/URL Table alias with IDN hostnames
Add ability to use IDN hostnames ('täst.de') in URL/URL Tables files
idn_to_ascii() is used to convert IDN to punn... Viktor Gurov

03/07/2020

09:19 PM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries
This bug still persists in Build 2.4.5.r.20200307.0900.
. Chris Poillion
05:14 PM pfSense Packages Bug #10320: lcdproc Crash report begins
for($i = 0; $i < ($lcdpanel_height - 1) && i < count($traffic); $i++)... Manuel Piovan
05:07 PM pfSense Packages Bug #10320: lcdproc Crash report begins
the first crash seem to be related to the last option undere screen, Addresses by traffic
i add this information: WA... Manuel Piovan
05:04 PM pfSense Packages Bug #10320: lcdproc Crash report begins
if i stop the service lcdproc i have another crash report for a while, i think LCDd is killed but lcdproc took some t... Manuel Piovan
03:33 PM pfSense Packages Bug #10320 (Resolved): lcdproc Crash report begins
Crash report begins. Anonymous machine information:
amd64
12.0-RELEASE-p10
FreeBSD 12.0-RELEASE-p10 ce9563d5729(... Manuel Piovan
05:06 PM pfSense Docs New Content #10311: Default net.link.ifqmaxlen value leads to packet loss under load in OpenVPN
I am continuing to investigate OpenVPN Performance using PFSense as virtual machine under VMWare.
Following tweaks... Alexey Ab
03:37 PM Bug #10319 (Needs Patch): VTI statistics are incorrect
If that is still a problem on 2.4.5 and 2.5.0, that should be reported upstream to FreeBSD (Assuming it can be replic... Jim Pingle
01:06 PM Bug #10319 (Needs Patch): VTI statistics are incorrect
The statistics reported by status/interfaces are wrong for IPsec VTIs.
All the values are mixed and reported as "o... Frederic Bor
12:26 PM pfSense Packages Bug #6690: SURICATA IPS Issue - Kills VLANS & Traffic Shaper
Tenzen Tunkman wrote:
> This issue is still not solved - Inline filtering will break traffic shaping as well as for ... Bill Meeks
08:19 AM pfSense Packages Bug #6690: SURICATA IPS Issue - Kills VLANS & Traffic Shaper
This issue is still not solved - Inline filtering will break traffic shaping as well as for example traffic graph fun... Tenzen Tunkman
05:38 AM Bug #9622: Changing admins membership does not replicate correctly to HA slave
Updated PR with added checkbox to on/off feature:
https://github.com/pfsense/pfsense/pull/4221 Viktor Gurov
04:03 AM Bug #10236: Cannot add more than 2 VMXNET3 Adapters in vSphere
Upgraded 2.4.4-p3 to snapshot 2020-03-07 0136
I have 3 VMX connected and all seems to be working. No issues. Tommy Kuhler
01:08 AM Feature #1557: Add the Interface descriptions to the OS interface descriptions
https://github.com/pfsense/pfsense/pull/4220 Viktor Gurov

03/06/2020

08:19 PM Bug #9577: radvd send_ra_forall failed on interface / can't join ipv6-allrouters
Can you add a link to the PR?
[[https://github.com/pfsense/FreeBSD-ports/pull/773]]
 Ronald Schellberg
02:28 PM Bug #8522 (Pull Request Review): SMTP test says success when actually fails
Jim Pingle
03:22 AM Bug #8522: SMTP test says success when actually fails
This PR adds extra input validation:
https://github.com/pfsense/pfsense/pull/4218 Viktor Gurov
02:17 PM Bug #10317 (Pull Request Review): SMTP notifications validating SSL when option disabled
Jim Pingle
12:28 AM Bug #10317: SMTP notifications validating SSL when option disabled
Correct,
from https://www.php.net/manual/en/context.ssl.php:... Viktor Gurov
02:15 PM Bug #10314 (Resolved): Per-user IKEv2 settings are not functioning on 2.5.0
Jim Pingle
02:13 PM Feature #8160 (Pull Request Review): Accomodate both RADIUS and pool IP addresses in IPsec
Jim Pingle
08:53 AM Feature #8160: Accomodate both RADIUS and pool IP addresses in IPsec
works as expected on 2.5.0.a.20200305.2255
but some minor fixes:
https://github.com/pfsense/pfsense/pull/4219
 Viktor Gurov
09:49 AM Feature #10316: Add year in log format
Actually got the answer. Thank you jsinix na
09:47 AM Feature #10316: Add year in log format
Jim Pingle wrote:
> Already implemented in #9808 (Enable RFC 5424 log mode on 2.5.0)
I am on 2.4.4, So I need to... jsinix na
09:05 AM Feature #10318 (Resolved): Do not restart PPPoE server after adding/modifying users
Full daemon restart drops PPPoE clients sessions and may cause issues with other packages.
This is useless since mpd... Viktor Gurov
08:00 AM Bug #10296 (Resolved): swanctl.conf may need multiple pools to support IPv4 and IPv6
tested on 2.5.0.a.20200305.2255
works ok now,- mobile-pools inherits attributes Viktor Gurov
06:05 AM pfSense Packages Bug #8729 (Resolved): IPv6 - FRR BGP issue with Redistribute connected networks
tested on 2.5.0.a.20200305.2255 with frr 0.6.4_2
works as expected - address family sections now looks good
 Viktor Gurov

03/05/2020

11:50 PM Bug #10317 (Resolved): SMTP notifications validating SSL when option disabled
The function send_smtp_message in etc/inc/notices.inc will try to verify the SSL certificate, even though the Validat... John Clark
07:04 PM Feature #10316 (Duplicate): Add year in log format
Already implemented in #9808 (Enable RFC 5424 log mode on 2.5.0) Jim Pingle
06:22 PM Feature #10316 (Duplicate): Add year in log format
hello , the logs under /var/log/* on pfsense doesn't have a year in the timestamp . can it be added ?
Mar 5 18:31... jsinix na
02:49 PM Bug #10315: Cannot add network devices using PCI Passthrough from QEMU hypervisor
We can't keep open duplicate entries for everything in the FreeBSD PR system, even if they might be relevant to certa... Jim Pingle
07:24 AM Bug #10315 (Needs Patch): Cannot add network devices using PCI Passthrough from QEMU hypervisor
There is nothing actionable for us here. It's a problem in FreeBSD that must be addressed upstream.
 Jim Pingle
04:27 AM Bug #10315: Cannot add network devices using PCI Passthrough from QEMU hypervisor
Update to details above:
Passing through the PCIe-based WiFi is necessary for a proxmox hypervisor because proxmox d... Bryon Baker
04:25 AM Bug #10315 (Needs Patch): Cannot add network devices using PCI Passthrough from QEMU hypervisor
When running pfSense as a VM in QEMU you are unable to use PCIe passthrough of network devices.
For example, you can... Bryon Baker
10:11 AM Bug #10295 (Pull Request Review): Unescaped characters in dhcp-client-identifier prevent DHCPD from starting on interface
Jim Pingle
10:08 AM Bug #4866 (Pull Request Review): L2TP server are restarted after adding/modifying L2TP users (mpd.secret)
Jim Pingle
07:20 AM Bug #4866: L2TP server are restarted after adding/modifying L2TP users (mpd.secret)
If this works, we should also change the PPPoE server to behave the same way. That should be a separate Redmine issue... Jim Pingle
07:12 AM Bug #4866: L2TP server are restarted after adding/modifying L2TP users (mpd.secret)
This PR moves creation of the mpd.secret file to a separate function that does not restart mpd daemon:
https://githu... Viktor Gurov
05:47 AM Feature #8794: NTP authentication support
Currently supported NTP auth hashes by vendors:
Juniper - MD5, SHA1, SHA256
Huawei - MD5, SHA256
Palo Alto - MD5, ... Viktor Gurov

03/04/2020

11:50 PM Bug #10281: I can unassign interface even if it is used in FRR OSPF
from https://redmine.pfsense.org/issues/9789:
_There is no elegant or simple way for notifying a running package tha... Viktor Gurov
03:20 PM Bug #10314 (Feedback): Per-user IKEv2 settings are not functioning on 2.5.0
Applied in changeset commit:faf07413977457bc0aa3fccf64ff724e79d79da2. Jim Pingle
03:11 PM Bug #10314 (In Progress): Per-user IKEv2 settings are not functioning on 2.5.0
Jim Pingle
03:10 PM Bug #10314 (Resolved): Per-user IKEv2 settings are not functioning on 2.5.0
Since the swanctl conversion, per-user settings do not appear to function properly. This is a regression but only aff... Jim Pingle
03:20 PM Bug #10296 (Feedback): swanctl.conf may need multiple pools to support IPv4 and IPv6
Applied in changeset commit:faf07413977457bc0aa3fccf64ff724e79d79da2. Jim Pingle
03:11 PM Bug #10296: swanctl.conf may need multiple pools to support IPv4 and IPv6
See also: #10314 Jim Pingle
12:02 PM pfSense Docs Correction #9638: Feedback on High Availability — Configuring High Availability
A few extra notes from an overlapping entry in the internal Redmine:
> The book still shows you can only use admin... Jim Pingle

03/03/2020

11:51 AM Bug #10308 (Resolved): PHP error in /etc/inc/service-utils.inc on line 378
Looks good Jim Pingle
11:41 AM Bug #10235 (Resolved): OpenVPN server tries to push compress parameter when it's empty
No problems on current snapshots that I can see, with the proper combinations of settings. Jim Pingle
11:40 AM Bug #10255 (Resolved): status_logs_filter.php: PHP error when log entry contains invalid port
No PHP error with the affected log messages on 2.4.5.r.20200302.1200 Jim Pingle
07:51 AM Bug #10254 (Resolved): pf error "too many elements" when attempting to load large tables
Jim Pingle
07:51 AM Bug #10254: pf error "too many elements" when attempting to load large tables
Systems where this problem was due to loader.conf issues appear to be OK on current snapshots. I've upgraded a system... Jim Pingle
06:04 AM Feature #10312 (New): Reordering of NAT rules without dragging
When dragging of rules is disabled in general setup, filter rules can be reordered using the checkbox/anchor controls... Christian Ullrich

03/02/2020

10:04 PM pfSense Docs New Content #10311: Default net.link.ifqmaxlen value leads to packet loss under load in OpenVPN
Commenting to watch. (Personally I expect that 128 has been chosen as good trade off between performance and keeping... Anonymous
09:04 PM pfSense Docs New Content #10311 (New): Default net.link.ifqmaxlen value leads to packet loss under load in OpenVPN
Default value for net.link.ifqmaxlen is 128.
When OpenVPN is under load and transfer speed reaches 20-30 MBit, we ... Alexey Ab
02:47 PM Bug #10310 (New): Systems with low RAM and several packages may temporarily fail to load large tables after an upgrade
Systems with lower amounts of RAM and with many packages installed may temporarily fail to load tables at boot time o... Jim Pingle
12:58 PM pfSense Packages Bug #10309 (Rejected): frr in pf2.4.5
Most of these are not bugs but just a fact of how the FRR package works. Configuring FRR manually in Linux (or even F... Jim Pingle
12:45 PM pfSense Packages Bug #10309 (Rejected): frr in pf2.4.5
1.when i deleted an Neighbor via web gui, but this session still run in frr. i have to restart pf system.
2.when i c... yon Liu
11:03 AM pfSense Packages Bug #10185 (Closed): Suricata 'Alert Log View Filter' undesirably port matches substrings instead of exact port
Jim Pingle
11:03 AM pfSense Packages Feature #9848 (Closed): file-store retention limits
Jim Pingle
11:03 AM pfSense Packages Bug #10244 (Closed): PHP crash: suricata
Jim Pingle
11:02 AM Bug #10306 (Pull Request Review): Incorrect IPsec service status
Jim Pingle
10:55 AM Bug #10305 (Pull Request Review): Using special character in Schedules description
Jim Pingle
10:44 AM Feature #7284 (Pull Request Review): NTPd Autoset GPS device baud rate
Jim Pingle
10:30 AM Feature #9828 (Pull Request Review): L2TP (long) username containing @ (realm separator)
Jim Pingle
07:50 AM Bug #10308 (Feedback): PHP error in /etc/inc/service-utils.inc on line 378
Applied in changeset commit:bb3d662a963b56694d9aa8c9509ab70775c1b263. Jim Pingle
07:41 AM Bug #10308 (In Progress): PHP error in /etc/inc/service-utils.inc on line 378
Jim Pingle
07:41 AM Bug #10308 (Resolved): PHP error in /etc/inc/service-utils.inc on line 378
If the configuration contains no @load_balancer@ section, a PHP error may occur:... Jim Pingle
06:55 AM Bug #10303: pfSense-upgrade is not upgrading itself
Due to change of pfSense-upgrade dependency to pfSense meta package, before upgrade cycle it was not registered as a ... Renato Botelho

03/01/2020

06:07 PM pfSense Packages Bug #10279: pfSense's OpenVM Tools on ESXi 6.7 no longer provides guest vm functionality
Thanks for the info! Looking ahead, ESXi 7.0 is headed toward a launch at VMworld late August 2020. That said, if 2... Travis McMurry
10:14 AM Bug #10307: NTP status widget doesn't display stratum
Ohhh... as soon as it selects a sane peer, the problem goes away.
Now I don't know if the problem is "Outlier" or if... Adam Thompson
10:11 AM Bug #10307 (Resolved): NTP status widget doesn't display stratum
On 2.4.4-RELEASE-p3, if I have a) an IPv6 NTP server, and b) the NTP status widget on the dashboard, the widget doesn... Adam Thompson

02/29/2020

09:19 PM pfSense Packages Bug #10185: Suricata 'Alert Log View Filter' undesirably port matches substrings instead of exact port
The requested feature has been added to the Filter Panel on the ALERTS tab of the latest Suricata GUI package release... Bill Meeks
09:16 PM pfSense Packages Feature #9848: file-store retention limits
This feature has been added to the LOGS MGMT tab in Suricata and also code was added to the logs and space management... Bill Meeks
09:13 PM pfSense Packages Bug #10244: PHP crash: suricata
This is addressed by the latest posted versions of the Suricata GUI packages for pfSense 2.4.5-RC and 2.5-DEVEL. The ... Bill Meeks
05:05 PM Feature #8786: Wireguard VPN
See these links:
https://svnweb.freebsd.org/base?view=revision&revision=357986
https://svnweb.freebsd.org/base?view... Lai Wei-Hwa
04:47 PM Bug #10303: pfSense-upgrade is not upgrading itself
https://forum.netgate.com/topic/150931/update
Looks like a bug or two still.
Follow Peters fix above if this go... Chris Palmer
10:17 AM Bug #10303: pfSense-upgrade is not upgrading itself
Yes there is currently something going wrong here. I updated to 2.4.5.r.20200229.0900 a moment ago, using the WebUI:
... Grimson Gretzleburg
12:34 AM Bug #10303: pfSense-upgrade is not upgrading itself
Peter Pain wrote:
> I got a
>
> /bin/sh: cannot open /usr/local/sbin/pfSense-upgrade: No such file or directory
... Chris Palmer
10:56 AM Feature #10301: Password confirmation when exporting encrypted backup file
I see ... Viktor Gurov
08:15 AM Bug #10306: Incorrect IPsec service status
This PR adds extra charon process checking:
https://github.com/pfsense/pfsense/pull/4215 Viktor Gurov
08:12 AM Bug #10306 (Resolved): Incorrect IPsec service status
If you do some changes on the IPsec Mobile or IPsec Advanced tab and press apply,
Strongswan daemon restarted, but y... Viktor Gurov
02:51 AM Bug #10305: Using special character in Schedules description
> ... Viktor Gurov
02:45 AM Bug #10305 (Resolved): Using special character in Schedules description
When using special characters in Schedules and timeranges description fields
firewall_schedule.php page shows escapi... Viktor Gurov
01:46 AM Bug #10304 (Closed): ``radvd`` only responds to the first Router Solicitation received after each multicast Router Advertisement
I've noticed that radvd will only respond to the first Router Solicitation received by the router after a multicast R... Kev Kitchens
01:00 AM Feature #7284: NTPd Autoset GPS device baud rate
Updated PR:
https://github.com/pfsense/pfsense/pull/4213 Viktor Gurov
12:24 AM Feature #9828: L2TP (long) username containing @ (realm separator)
L2TP username containing @ (realm separator):
https://github.com/pfsense/pfsense/pull/4212
There is no issue with... Viktor Gurov
12:11 AM Bug #10295: Unescaped characters in dhcp-client-identifier prevent DHCPD from starting on interface
This fix replaces the double quote character with '&quot':
https://github.com/pfsense/pfsense/pull/4211
There is ... Viktor Gurov

02/28/2020

04:42 PM Bug #10303: pfSense-upgrade is not upgrading itself
I got a
/bin/sh: cannot open /usr/local/sbin/pfSense-upgrade: No such file or directory
after updating to *2.4.... Peter Pain
12:45 PM Bug #10303: pfSense-upgrade is not upgrading itself
Fix pushed. pfSense-upgrade 0.78 Renato Botelho
12:44 PM Bug #10303 (Resolved): pfSense-upgrade is not upgrading itself
pfSense-upgrade was being registered as a dependency of pfSense-repo pkg. Because of that, when pfSense-repo package... Renato Botelho
10:09 AM pfSense Packages Bug #10302: LIGHTSQUID - Running When Squid Disabled - 2.4
Reporting bugs against outdated versions is not allowed, either.
Post on a forum thread for assistance, not here. Jim Pingle
10:03 AM pfSense Packages Bug #10302: LIGHTSQUID - Running When Squid Disabled - 2.4
2.4.3-RELEASE
been up for 13 days
lightsquid package version has not been updated in a while
Lightsquid www 3.... Web Dawg
09:56 AM pfSense Packages Bug #10302: LIGHTSQUID - Running When Squid Disabled - 2.4
I can stop it from services. I can't reboot this router to test right now. Web Dawg
09:54 AM pfSense Packages Bug #10302 (Rejected): LIGHTSQUID - Running When Squid Disabled - 2.4
There is not nearly enough information here for a proper bug report.
This site is not for support or diagnostic di... Jim Pingle
09:52 AM pfSense Packages Bug #10302 (Rejected): LIGHTSQUID - Running When Squid Disabled - 2.4
I have my squid proxy disabled:
@
7445/tcp open ssl/http lighttpd 1.4.48
| http-auth:
| HTTP/1.1 401 Unauth... Web Dawg
08:47 AM Feature #10301 (Resolved): Password confirmation when exporting encrypted backup file
I would highly recommend to implement password confirmation so you have to insert the password two times when exporti... Peter Pan
08:29 AM Bug #10296 (In Progress): swanctl.conf may need multiple pools to support IPv4 and IPv6
Jim Pingle
05:27 AM Bug #10296: swanctl.conf may need multiple pools to support IPv4 and IPv6
> Maybe the commons attrs should be included in the v4 pool or both for now?
This is true, although not mentioned in... Viktor Gurov
08:16 AM Bug #7380 (Pull Request Review): WAN DHCP Gateway Outside of Subnet Causing Route Issues
Jim Pingle
12:48 AM Bug #7380: WAN DHCP Gateway Outside of Subnet Causing Route Issues
fixed/resolved PR:
https://github.com/pfsense/pfsense/pull/4209 Viktor Gurov
08:14 AM pfSense Packages Feature #8196 (Pull Request Review): pfSense-pkg-LCDproc: add a shutdown/reboot control menu
Jim Pingle
12:36 AM pfSense Packages Feature #8196: pfSense-pkg-LCDproc: add a shutdown/reboot control menu
fixed/resolved PR:
https://github.com/pfsense/FreeBSD-ports/pull/784 Viktor Gurov
08:10 AM Feature #10280 (Pull Request Review): DHCP Leases widget
Jim Pingle
12:18 AM Feature #10280: DHCP Leases widget
https://github.com/pfsense/pfsense/pull/4208 Viktor Gurov
08:05 AM pfSense Packages Feature #8198 (Pull Request Review): pfSense-pkg-LCDproc: Add a link status screen for each interface
Jim Pingle
12:08 AM pfSense Packages Feature #8198: pfSense-pkg-LCDproc: Add a link status screen for each interface
fixed/resolved PR:
https://github.com/pfsense/FreeBSD-ports/pull/783 Viktor Gurov
08:01 AM pfSense Docs Correction #10300 (Rejected): Feedback on Configuration — Setup Wizard
Plenty of people have valid uses for using a TLD on their firewall, like with ACME or in business environments which ... Jim Pingle
04:30 AM Bug #10287 (Resolved): OpenVPN TLS key direction value added to existing tunnels is 0.
tested on 2.4.5.r.20200228.0300
works as expected on the Client/Server pages Viktor Gurov
01:37 AM Bug #9654 (New): After reboot, the DNS resolver must be restarted before it will advertise the ipv6 DNS address of the router.
looks like same track interface issue: https://redmine.pfsense.org/issues/8273
services try to run on track interf... Viktor Gurov
01:26 AM Bug #10284 (Resolved): Exporting p12 for CSR causes a crash report
tested on 2.5.0.a.20200227.1722
works as expected - hides PKCS#12 export icons/buttons if private key does not exist Viktor Gurov

02/27/2020

11:17 PM Bug #9830 (Resolved): NTP ACLs vs. NTP pools
works as expected on 2.5.0.a.20200227.1722 Viktor Gurov
05:37 AM Bug #9830 (Feedback): NTP ACLs vs. NTP pools
PR has been merged. Thanks! Renato Botelho
07:59 PM pfSense Docs Correction #10300 (Rejected): Feedback on Configuration — Setup Wizard
*Page:* https://docs.netgate.com/pfsense/en/latest/book/config/setup-wizard.html
*Feedback:*
Update the Domain re... Paighton Bisconer
05:08 PM Bug #10296: swanctl.conf may need multiple pools to support IPv4 and IPv6
The mobile-pool-v4 and mobile-pool-v6 pools are created as expected.
But seems that "addrs" is required for each... Michael Smith
02:23 PM Bug #10296: swanctl.conf may need multiple pools to support IPv4 and IPv6
I have the common parameters in mobile-pool now and then separate v4 and v6 pools which use that as a template with t... Jim Pingle
01:45 PM Bug #10296 (Feedback): swanctl.conf may need multiple pools to support IPv4 and IPv6
Applied in changeset commit:407a5c28093d46cb39cc1bba75740523a1ee97e6. Jim Pingle
01:24 PM Bug #10296 (In Progress): swanctl.conf may need multiple pools to support IPv4 and IPv6
I think I have a somewhat easy way around this. Commit coming momentarily. Jim Pingle
09:21 AM Bug #10296: swanctl.conf may need multiple pools to support IPv4 and IPv6
In this case we also need to expand the 'Accomodate both RADIUS and pool IP addresses in IPsec.' feature to select wh... Viktor Gurov
02:49 PM Todo #9864: Set autocomplete=new-password for user/password fields in forms
On what version? This fix has been applied on 2.4.5 and 2.5.0, and on those versions I do not see the browser attempt... Jim Pingle
02:45 PM Todo #9864: Set autocomplete=new-password for user/password fields in forms
I have this issue with the OpenVPN Server and Client pages always getting the Proxy username/pass autofilled. Corey Boyle
02:26 PM pfSense Packages Bug #10299: Snort - Blocked Alert - Description loss -> Alert Description No Longer Available
Bill Meeks wrote:
> Diego Leon wrote:
> > Snort v 3.2.9.10
> >
> > Package Dependencies:
> > snort-2.9.15  ... Diego Leon
12:54 PM pfSense Packages Bug #10299 (Not a Bug): Snort - Blocked Alert - Description loss -> Alert Description No Longer Available
Jim Pingle
12:54 PM pfSense Packages Bug #10299: Snort - Blocked Alert - Description loss -> Alert Description No Longer Available
Diego Leon wrote:
> Snort v 3.2.9.10
>
> Package Dependencies:
> snort-2.9.15  barnyard2-1.13_1
>
> The S... Bill Meeks
10:19 AM pfSense Packages Bug #10299 (Not a Bug): Snort - Blocked Alert - Description loss -> Alert Description No Longer Available
Snort v 3.2.9.10
Package Dependencies:
snort-2.9.15  barnyard2-1.13_1
The Snort first report in Blocked ta... Diego Leon
01:47 PM Bug #10254 (Feedback): pf error "too many elements" when attempting to load large tables
- pfSense-upgrade was copying loader.conf to a tmp file before upgrade kernel/rc and copying it back to place after t... Renato Botelho
01:02 PM pfSense Packages Bug #10292: Suricata not respecting SID Mgmt list
There were zero changes to that part of the Suricata code in version 4.1.6_3. In fact, both updates to 4.1.6_2 and 4.... Bill Meeks
10:47 AM Feature #9680: Seperate DHCP Server and relay per interface
Vöggur Guðmundsson wrote:
> I vote for this :)
> Also support multiple relays/helper address.
You can add multip... Viktor Gurov
10:14 AM Feature #9680: Seperate DHCP Server and relay per interface
I vote for this :)
Also support multiple relays/helper address. Vöggur Guðmundsson
10:42 AM pfSense Docs Correction #10257 (Closed): incorrect Cisco-AVPair example
Fixed via PR from Viktor. Jared Dillard
10:30 AM pfSense Docs Correction #10257: incorrect Cisco-AVPair example
https://gitlab.netgate.com/docs/pfSense-book/merge_requests/1 Viktor Gurov
10:12 AM pfSense Packages Bug #10265: Adding a Note with malformed title will force system restore
It is not viable to set that list up dynamically, since if a user removes the package, the value is still in the conf... Jim Pingle
10:10 AM pfSense Packages Bug #10265: Adding a Note with malformed title will force system restore
Jim Pingle wrote:
>
> Yes that's a general issue with XML storage but it's unrelated to this specific bug. We use ... Viktor Gurov
08:27 AM Todo #10298 (Resolved): Use SHA-512 for user password hashes
function local_user_set_password() from auth.inc,
for now uses password_hash($password, PASSWORD_BCRYPT) function to... Viktor Gurov
08:03 AM pfSense Packages Feature #8574 (Pull Request Review): Enable AgentX-support in lldpd using GUI
Jim Pingle
05:35 AM pfSense Packages Feature #8574: Enable AgentX-support in lldpd using GUI
https://github.com/pfsense/FreeBSD-ports/pull/782 Viktor Gurov
07:31 AM pfSense Packages Feature #9989 (Pull Request Review): Add FreeBSD port and pfSense plugin for HoneyTrap
PR: https://github.com/pfsense/FreeBSD-ports/pull/772 Jim Pingle
07:24 AM pfSense Packages Feature #10297 (Pull Request Review): IPv6 user attributes
Jim Pingle
03:24 AM pfSense Packages Feature #10297: IPv6 user attributes
https://github.com/pfsense/FreeBSD-ports/pull/781 Viktor Gurov
01:09 AM pfSense Packages Feature #10297 (Assigned): IPv6 user attributes
Add IPv6 related attributes no the user configuration page in the same way as existing IPv4 Network Configuration:
F... Viktor Gurov
05:37 AM Bug #10284 (Feedback): Exporting p12 for CSR causes a crash report
PR has been merged. Thanks! Renato Botelho
05:34 AM pfSense Packages Feature #9249 (Feedback): [siproxd] Add config for siptrunk plugin
PR has been merged. Thanks! Renato Botelho
05:32 AM pfSense Packages Feature #8878 (Feedback): Propagate user's description field into QR code for FreeRADIUS
PR has been merged. Thanks! Renato Botelho
05:28 AM pfSense Packages Bug #8729 (Feedback): IPv6 - FRR BGP issue with Redistribute connected networks
PR has been merged. Thanks! Renato Botelho
05:21 AM pfSense Packages Bug #4497 (Feedback): Using a specific password within FreeRADIUS user management causes pfSense to restore a backup!
Renato Botelho

02/26/2020

06:09 PM Bug #10296 (Resolved): swanctl.conf may need multiple pools to support IPv4 and IPv6
In 2.5.0-DEVELOPMENT after IPsec swanctl conversion, it looks like the mobile-pool may need to be split now to suppor... Michael Smith
02:32 PM Bug #10295 (Resolved): Unescaped characters in dhcp-client-identifier prevent DHCPD from starting on interface
The following is allowed by the webgui in a static mapping: Client Identifier: 32" Sony Trinitron
That creates a c... Chris Linstruth
02:14 PM Bug #9577: radvd send_ra_forall failed on interface / can't join ipv6-allrouters
Ronald Schellberg wrote:
> Pull Request # 773 submitted
Can you add a link to the PR? Michael Smith
08:28 AM Bug #9577: radvd send_ra_forall failed on interface / can't join ipv6-allrouters
Ronald Schellberg wrote:
>
> The ravdv-2.18_5-v2.5test.txz file is attached.
My bare metal router running my ve... Ronald Schellberg
02:03 PM pfSense Packages Bug #10291 (Resolved): Export using DDNS hostnames (port forward targets) does not include domain name for split DDNS types
Works as expected now. Full hostname is observed in @remote@ statements which only had the short hostname before. Ent... Jim Pingle
11:08 AM pfSense Packages Bug #10294 (New): FRR Route Counts Incorrect on Status Page
Something is still truncating the route counts on the FRR status pages. Seems to be intermittent.
Zebra Routes D... Chris Linstruth
10:44 AM Bug #10276: NTP "No Select" does not work
Manuel Piovan wrote:
> that is normal behavior,not a bug, from the man page
> noselect only work for "server" and "... Christian Borchert
09:07 AM Bug #10276 (Pull Request Review): NTP "No Select" does not work
Jim Pingle
10:07 AM Bug #9830 (Pull Request Review): NTP ACLs vs. NTP pools
Jim Pingle
08:52 AM Bug #9830: NTP ACLs vs. NTP pools
That's correct
Fix:
https://github.com/pfsense/pfsense/pull/4207 Viktor Gurov
10:05 AM Bug #9596 (Pull Request Review): DHCPv6 Range should not be mandatory if Stateless DHCP selected as router mode
Jim Pingle
08:27 AM Bug #9596: DHCPv6 Range should not be mandatory if Stateless DHCP selected as router mode
https://github.com/pfsense/pfsense/pull/4206 Viktor Gurov
10:02 AM pfSense Packages Feature #9249 (Pull Request Review): [siproxd] Add config for siptrunk plugin
Jim Pingle
04:37 AM pfSense Packages Feature #9249: [siproxd] Add config for siptrunk plugin
from siproxd.conf.example:... Viktor Gurov
09:57 AM pfSense Packages Feature #8878 (Pull Request Review): Propagate user's description field into QR code for FreeRADIUS
Jim Pingle
03:27 AM pfSense Packages Feature #8878: Propagate user's description field into QR code for FreeRADIUS
https://github.com/pfsense/FreeBSD-ports/pull/779 Viktor Gurov
09:51 AM Bug #9401 (Pull Request Review): 26 to 31 character VPN interface names cause gateway names to exceed 31 character limit
Jim Pingle
02:38 AM Bug #9401: 26 to 31 character VPN interface names cause gateway names to exceed 31 character limit
This is caused by special suffixes added to some special interfaces:
_VPNV4 and _VPNV6 for OpenVPN and VTI interface... Viktor Gurov
09:42 AM Bug #10284 (Pull Request Review): Exporting p12 for CSR causes a crash report
Jim Pingle
01:13 AM Bug #10284: Exporting p12 for CSR causes a crash report
Unfortunately openssl_pkcs12_export() do not allow to create PKCS#12 without private key,
Therefore, we need to hide... Viktor Gurov
09:25 AM Feature #10293 (Pull Request Review): DNS flag day - EDNS buffer size recommendation
Jim Pingle
12:03 AM Feature #10293: DNS flag day - EDNS buffer size recommendation
https://github.com/pfsense/pfsense/pull/4203 Viktor Gurov
12:00 AM Feature #10293 (Resolved): DNS flag day - EDNS buffer size recommendation
https://dnsflagday.net/2020/:
*Message Size Considerations*
The optimum DNS message size to avoid IP fragmentation ... Viktor Gurov
03:43 AM pfSense Packages Bug #8885 (Closed): HAProxy "Log hostname parameter broke local syslog
no such issue with haproxy-devel 0.60_3 on pfSense 2.4.5.r.20200225.2100 and 2.5.0.a.20200225.0859
- hostname field... Viktor Gurov

02/25/2020

05:10 PM pfSense Packages Bug #10292 (Not a Bug): Suricata not respecting SID Mgmt list
I am running pfSense 2.4.4-RELEASE-p3 (amd64) with Suricata VERSION 4.1.6_3 on an SG-2440.
Suricata is inspecting ... Markus P
10:45 AM pfSense Packages Bug #10291 (Feedback): Export using DDNS hostnames (port forward targets) does not include domain name for split DDNS types
Pushed a fix in OpenVPN client export pkg version 1.4.20 Jim Pingle
10:41 AM pfSense Packages Bug #10291 (Resolved): Export using DDNS hostnames (port forward targets) does not include domain name for split DDNS types
Some Dynamic DNS entries are considered "split" so they have the hostname and domain name in separate variables (e.g.... Jim Pingle
08:05 AM Bug #10287 (Feedback): OpenVPN TLS key direction value added to existing tunnels is 0.
Applied in changeset commit:d2011b0addd27766e6b402270c79d06c6c485f04. Jim Pingle
07:08 AM Feature #10290 (New): Firewall Aliases Add button on top of list
It would be good if we one more Add button would add on top of list. If adding new aliases happens often, then Add on... Constantine Kormashev
06:43 AM Feature #7467: Add iPhone/Android/Generic USB tethering support
I've also added the modules to 2.4.5 Renato Botelho
 

Also available in: Atom