Project

General

Profile

Activity

From 03/18/2020 to 04/16/2020

04/16/2020

08:55 PM Bug #10414: Very high CPU usage of pfctl and more causing very high load and a hardly usable internet connection
+1 exactly the same issue here. Rich Mawdsley
05:00 PM Todo #10464 (Closed): Don't change the current update repo when new releases are available
I use a SG-1100 that was running 2.4.4-p3 and I noticed today there were updates for a couple of packages I had insta... Craig Leres
11:38 AM Revision abded4e4: Add ARM netboot services_dhcp_edit.php refs #10374
Michael Boever
11:30 AM Revision dd7188a8: Add ARM netboot to services_dhcp.php. refs #10374
Michael Boever
11:18 AM Revision 4c85579b: Add ARM32/64 netboot to services.inc. refs #10374
Michael Boever
08:52 AM Bug #10463 (Resolved): The ng_etf module is missing from base in armv6 and aarch64
ng_etf was available as a package in 2.4.4 for all architectures. In 2.4.5 it was included in base and hence not buil... Steve Wheeler
08:14 AM Feature #10448 (Pull Request Review): DHCPv6 RA - show default values in certain fields
Jim Pingle
05:31 AM Feature #10448: DHCPv6 RA - show default values in certain fields
PR:
https://github.com/pfsense/pfsense/pull/4278
It shows default values from services.inc
what about Router lif... Viktor Gurov
08:10 AM Feature #7284 (Pull Request Review): NTPd Autoset GPS device baud rate
Jim Pingle
04:54 AM Feature #7284: NTPd Autoset GPS device baud rate
tested and working on my 2.5.0
previusly speed was always set to 4800 now it work with this patch... Manuel Piovan
04:38 AM Feature #7284: NTPd Autoset GPS device baud rate
Fix to correctly set GPS baud rate
see https://forum.netgate.com/topic/152369/ntp-gps-settings-serial-port-speed
... Viktor Gurov
08:08 AM pfSense Packages Bug #10369 (Pull Request Review): Remote OpenVPN server protocol definition
Jim Pingle
03:14 AM pfSense Packages Bug #10369: Remote OpenVPN server protocol definition
OpenVPN < 2.4 doesn't support remote IPv4/IPv6 protocol definition (udp4/udp6/tcp4/tcp6),
If checkbox **Legacy Clien... Viktor Gurov
08:06 AM Bug #10460 (Pull Request Review): OpenVPN does not add IPv6 prefix to unbound DNS resolver
Jim Pingle
01:40 AM Bug #10460: OpenVPN does not add IPv6 prefix to unbound DNS resolver
Fix:
https://github.com/pfsense/pfsense/pull/4276
It adds OpenVPN IPv6 Tunnel Networks and IPsec Mobile Virtual I... Viktor Gurov
08:04 AM Bug #10461 (Not a Bug): Serial Installation fails if already on disk
There isn't enough information here to state definitively if there is a bug. Please post on the forum and describe th... Jim Pingle
01:00 AM Bug #10461 (Not a Bug): Serial Installation fails if already on disk
Having installed pfSense 2.4.5 on an PC Engines APU2E4 Board with 16GB SSD and 4GB of RAM. Due to some misconfigurati... Chris Knebb
07:44 AM Bug #9187 (Resolved): Status->Interfaces doesn't show useful data for lagg
now it shows LAGG members and MASTER/ACTIVE status (failover mode) on the dashboard widget and Status / Interface pag... Viktor Gurov
06:54 AM Feature #10374: Add ARM32/64 network booting support to dhcpd
Previous PR#4250 closed (was targeting stable release branch). New PR #4279 entered targeting master branch. Commit m... Michael Boever
06:32 AM Revision 79eef195: OpenVPN/IPsec IPv6 prefix in DNS Resolver access list. Issue #10460
Viktor Gurov
05:07 AM Bug #10386 (Resolved): A NTP Time Server name may only contain the characters a-z, 0-9, '-' and '.'.
input validation on 2.5.0.a.20200415.0942 is correct Viktor Gurov
01:05 AM pfSense Packages Feature #10462 (Resolved): CPU Temp Screen
Hello, is it possible to add to the lcdproc package on pfsense a screen with the CPU-Temperature? I know that is not ... odo maitre

04/15/2020

08:51 PM Revision f338b271: Improve help message for limiter/queue masks.
The user-facing most important change is that when setting masks on
Queues, we are not creating dynamic pipes (but qu... Felix Wolfsteller
07:17 PM Bug #10460 (Resolved): OpenVPN does not add IPv6 prefix to unbound DNS resolver
I added a private local IPv6 network (fd32:..../64) on the OpenVPN server setup. The idea was to avoid any real IP an... MIchael K
06:34 PM Revision 11360468: Fixed syntax issues
Ben Tyger
06:16 PM Revision 0bdae0b4: fixed tab issue
Fixed tab issue Ben Tyger
05:59 PM Revision 30c7b89b: Adding DynDNS response logging
When verbose logging is enabled for a dynamic DNS provider, the DynDNS code will now write the HTTP response to the s... Ben Tyger
01:42 PM Revision bee76575: More safety belts for upgrade_174_to_175(). Fixes #10458
(cherry picked from commit ca676aa35482c4e4fd64bfdcee9afe6d33b6c5fe) Jim Pingle
01:41 PM Revision ca676aa3: More safety belts for upgrade_174_to_175(). Fixes #10458
Jim Pingle
01:27 PM Feature #10459 (Pull Request Review): Improved DynDNS Logging
OK, that looks good then. Jim Pingle
01:20 PM Feature #10459: Improved DynDNS Logging
I updated the code to add the logging.
https://github.com/pfsense/pfsense/pull/4274 Ben Tyger
01:20 PM Feature #10459: Improved DynDNS Logging
I know but that verbose logging doesn't show the HTTP responses, only the request. The only way to get it the respons... Ben Tyger
01:17 PM Feature #10459 (Rejected): Improved DynDNS Logging
There is already a "verbose logging" checkbox on dyndns entries to do this. Jim Pingle
01:10 PM Feature #10459 (Resolved): Improved DynDNS Logging
Add improved DynDNS debugging log message. Currently, dynamic DNS HTTP API responses are not logged so it can't be de... Ben Tyger
10:44 AM pfSense Packages Bug #9350 (Pull Request Review): not appear proxy config
Jim Pingle
10:24 AM pfSense Packages Bug #9350: not appear proxy config
Fix:
https://github.com/pfsense/FreeBSD-ports/pull/841 Viktor Gurov
10:43 AM pfSense Packages Bug #9776 (Pull Request Review): Wrong function in squidguard_log.php
Jim Pingle
10:24 AM pfSense Packages Bug #9776: Wrong function in squidguard_log.php
PR: https://github.com/pfsense/FreeBSD-ports/pull/841
it also fixes https://redmine.pfsense.org/issues/9350 Viktor Gurov
10:41 AM Feature #10454 (Pull Request Review): OpenVPN+RADIUS+Cisco-AVPair IPv6 ACL
Viktor Gurov wrote:
> I think is better to have one vpn.attributes.php for both OpenVPN and IPsec
That should be ... Jim Pingle
10:28 AM Feature #10454: OpenVPN+RADIUS+Cisco-AVPair IPv6 ACL
I think is better to have one vpn.attributes.php for both OpenVPN and IPsec Viktor Gurov
09:18 AM Bug #10456 (Not a Bug): WAN DHCP6 Gateway pending in status
This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
12:05 AM Bug #10456 (Not a Bug): WAN DHCP6 Gateway pending in status
I have here an cosmetic bug. Everything is working fine since 2.4.x
In Status / Gateways the WAN DHCP6 Gateway is ... Thilo Gass
09:08 AM Bug #10433 (Resolved): addMask() js code resets netmask size to 128/32
tested on 2.5.0.a.20200414.1347
works as expected - now doesn't allow to select /32 netmask on the firewall_nat_1t... Viktor Gurov
09:05 AM Feature #10449 (Resolved): Aggressive NSEC option
tested on 2.5.0.a.20200414.1347
works as expected,
I can see _aggressive-nsec: yes/no_ option in /var/unbound/un... Viktor Gurov
08:50 AM Bug #10458 (Feedback): Config update error: /etc/inc/upgrade_config.inc:5492
Applied in changeset commit:ca676aa35482c4e4fd64bfdcee9afe6d33b6c5fe. Jim Pingle
08:23 AM Bug #10458 (Resolved): Config update error: /etc/inc/upgrade_config.inc:5492
Importing an older config, v11.9 here, that contains:... Steve Wheeler
08:08 AM Bug #10457 (Not a Bug): Alias list freezes when trying to make edits
There is no limit that would act in the way you describe. That behavior is from your browser having problems renderin... Jim Pingle
08:00 AM Bug #10457 (Not a Bug): Alias list freezes when trying to make edits
I have an alias that has grown and when I try to load the page to make edits it freezes for ages. I'm on 2.4.5-RELEAS... Agustin Escoto
04:13 AM pfSense Packages Feature #9762: Squid Reverse Proxy Change redir domain(s) to use regex
Updated PR with checkbox switch:
https://github.com/pfsense/FreeBSD-ports/pull/840 Viktor Gurov

04/14/2020

07:16 PM Revision 6c773de2: status.php: Add upgrade_log.latest.txt. Issue #10455
Viktor Gurov
05:47 PM Revision 722e0b13: Merge pull request #4269 from vktg/ntpsrvnamevalidation
Renato Botelho
05:47 PM Revision f403b470: Merge pull request #4270 from vktg/ntpdisablefix
Renato Botelho
05:47 PM Revision 2fb29e99: Merge pull request #4271 from vktg/aggressivensec
Renato Botelho
04:49 PM Feature #10454: OpenVPN+RADIUS+Cisco-AVPair IPv6 ACL
https://github.com/pfsense/pfsense/pull/4273 Viktor Gurov
02:06 PM Feature #10454 (Resolved): OpenVPN+RADIUS+Cisco-AVPair IPv6 ACL
openvpn.attributes.php currently only supports Cisco-AVPair IPv4 ACL parsing,
Need to add IPv6 ACL support, to par... Viktor Gurov
02:21 PM Feature #10455 (Pull Request Review): status.php: Add upgrade_log.latest.txt
Jim Pingle
02:17 PM Feature #10455: status.php: Add upgrade_log.latest.txt
https://github.com/pfsense/pfsense/pull/4272 Viktor Gurov
02:14 PM Feature #10455 (Resolved): status.php: Add upgrade_log.latest.txt
upgrade_log.latest.txt contains more informative data than upgrade_log.txt, and is very useful for analyzing update i... Viktor Gurov
02:00 PM Feature #9206 (Resolved): OpenVPN+RADIUS+Cisco AVPair ACL Enhancements/BugFixes
works as expected on 2.5.0.a.20200414.0021
test radius attributes:... Viktor Gurov
01:45 PM Feature #9156: OpenVPN: Add tickbox for 'nopool' directive
Although, even nicer to just be able to define the pool as well in the GUI. Orion Poplawski
01:43 PM Feature #9156: OpenVPN: Add tickbox for 'nopool' directive
This would be very nice to have. Orion Poplawski
01:02 PM pfSense Packages Feature #10428 (Resolved): LCDProc: Add the EZIO driver to the lcdproc config page
Looks good. Tested using an EZIO-300
Tested package: 0.10.6_10 in: 2.4.5-rel Steve Wheeler
12:42 PM pfSense Packages Feature #10428 (Feedback): LCDProc: Add the EZIO driver to the lcdproc config page
PR has been merged. Thanks! Renato Botelho
12:57 PM pfSense Packages Feature #10356 (Feedback): Support for additional Notification Support
PR has been merged. Thanks! Renato Botelho
12:47 PM Feature #10449 (Feedback): Aggressive NSEC option
PR has been merged. Thanks! Renato Botelho
12:47 PM Feature #3567 (Feedback): Option to disable NTP
PR has been merged. Thanks! Renato Botelho
12:47 PM Bug #10386 (Feedback): A NTP Time Server name may only contain the characters a-z, 0-9, '-' and '.'.
PR has been merged. Thanks! Renato Botelho
12:43 PM pfSense Packages Feature #10297 (Feedback): IPv6 user attributes
PR has been merged. Thanks! Renato Botelho
12:37 PM pfSense Packages Bug #10450 (Feedback): Squid reverse proxy switching peers
PR has been merged. Thanks! Renato Botelho
11:40 AM Bug #10453 (Duplicate): Debugging output can be collected to share with pfSense developers or others providing support or assistance.
Duplicate of #9975
If you still have problems, please post on the "Netgate Forum":https://forum.netgate.com or the... Jim Pingle
11:35 AM Bug #10453 (Duplicate): Debugging output can be collected to share with pfSense developers or others providing support or assistance.
Crash report begins. Anonymous machine information:
amd64
11.2-RELEASE-p10
FreeBSD 11.2-RELEASE-p10 #9 4a2bfdce... Joel Enriquez Moya
11:22 AM pfSense Packages Bug #10452 (Resolved): acme - new DNS-Api namemaster.de in overview hash visible
Hi,
the new dnsapi-plugin for namemaster.de made it into my pfsense with package version 0.6.6
in Services / Ac... Thilo Gass
09:30 AM Bug #10398: RFC1918 external address in miniupnp does not work after upgrade to 2.4.5
There us a patch available to remove that behavior in miniupnpd that needs testing:
https://github.com/miniupnp/mini... Steve Wheeler
01:39 AM Bug #7721 (Closed): NTPd stops using external peers if listening on one interface only in a muliwan setup
no such issue on 2.4.5 and 2.5.0.a.20200409.0657
seems to be fixed in ntpd upstream Viktor Gurov

04/13/2020

09:24 PM Revision 89757dbe: Revert "Disable ntopng until it's fixed on armv7"
This reverts commit 4243cb0553f46f3b3568bb49effb1a45f04f7daf. Renato Botelho
06:29 PM Revision 4243cb05: Disable ntopng until it's fixed on armv7
Renato Botelho
03:16 PM Revision 7e9d72cf: Aggressive NSEC option. Issue #10449
Viktor Gurov
02:05 PM Bug #10414: Very high CPU usage of pfctl and more causing very high load and a hardly usable internet connection
I can verify this issue.
CPU Type Intel(R) Xeon(R) CPU E5645 @ 2.40GHz
12 CPUs: 2 package(s) x 6 core(s)
Memory ... Wesley Kirby
12:03 PM Feature #10449: Aggressive NSEC option
+1 DRago_Angel [InV@DER]
09:41 AM Feature #10449 (Pull Request Review): Aggressive NSEC option
Jim Pingle
02:30 AM Feature #10449: Aggressive NSEC option
https://github.com/pfsense/pfsense/pull/4271 Viktor Gurov
02:27 AM Feature #10449 (Resolved): Aggressive NSEC option
Very nice feature for DNS optimization, which can reduce the number of queries to authoritative name servers.
See ht... Viktor Gurov
11:25 AM Bug #7614 (Resolved): Port forwards where the destination is a network alias can create invalid refection rules if multiple subnets are in that alias.
resolved by https://redmine.pfsense.org/issues/10246
tested on 2.4.5 and 2.5.0.a.20200409.0657 Viktor Gurov
10:54 AM pfSense Docs Correction #10451 (Closed): Feedback on Releases — Versions of pfSense and FreeBSD
*Page:* https://docs.netgate.com/pfsense/en/latest/releases/versions-of-pfsense-and-freebsd.html
*Feedback:*
Th... Viktor Gurov
09:42 AM pfSense Packages Bug #7797 (Pull Request Review): Squid Reverse Proxy alternating between destinations
PR: https://github.com/pfsense/FreeBSD-ports/pull/839 Jim Pingle
09:42 AM pfSense Packages Bug #10450 (Pull Request Review): Squid reverse proxy switching peers
Jim Pingle
05:28 AM pfSense Packages Bug #10450: Squid reverse proxy switching peers
https://github.com/pfsense/FreeBSD-ports/pull/839 Viktor Gurov
05:25 AM pfSense Packages Bug #10450 (Feedback): Squid reverse proxy switching peers
https://forum.netgate.com/topic/118255/squid-reverse-proxy-switching-peers:
I want Squid to direct incoming requests... Viktor Gurov

04/12/2020

09:28 PM Bug #9610: picture.widget.php: Arbitrary file read/write
Hello,
I request the CVEID CVE-2019-16915.
and my id is LoRexxar@knownsec 404team.
I hope to change my id to... LoRexxar Romer
09:27 PM Bug #9609: Reflective xss in services_captiveportal_mac.php
Hello,
I request the CVEID CVE-2019-16914.
and my id is LoRexxar@knownsec 404team.
I hope to change my id to... LoRexxar Romer
05:57 PM pfSense Packages Bug #10427 (Resolved): LCDproc: Handle multiple lcdproc clients
This works in as far as it avoids blowing up if there is more than one client. It now successfully kills all php clie... Steve Wheeler
10:43 AM pfSense Packages Bug #10320 (Resolved): lcdproc Crash report begins
Looks good. Enabling the 'Addresses by traffic' screen shows the correct data and no longer throws a php error.
Te... Steve Wheeler
10:36 AM pfSense Packages Feature #10243 (Resolved): rawserial driver for lcdproc
Looks good. Size, speed and port are passed correctly to the conf file:... Steve Wheeler
10:21 AM pfSense Packages Feature #8198 (Resolved): pfSense-pkg-LCDproc: Add a link status screen for each interface
Looks good. Tested in lcdproc 0.10.6_9, pfSense 2.4.5-rel Steve Wheeler

04/11/2020

11:45 AM Feature #10448 (Resolved): DHCPv6 RA - show default values in certain fields
In Services -> DHCPv6 Server & RA -> Router Advertisements there are some fields - Minimum RA interval, Maximum RA in... e 1/1
02:42 AM pfSense Packages Feature #9217 (Resolved): Squid LDAP Authentication - spaces in ldif values
squid pkg 0.4.44_21 - works as expected Viktor Gurov
02:40 AM pfSense Packages Feature #10434 (Resolved): Squid whitelist/blacklist with IDN hostnames
squid pkg 0.4.44_21 works as expected Viktor Gurov
02:39 AM pfSense Packages Bug #10440 (Resolved): Squid proxy ignoring allowed_subnets after package upgrade 0.4.44_9 ==> 0.4.44_19
squid pkg 0.4.44_21 - OK Viktor Gurov

04/10/2020

02:03 PM Revision c62e31f2: NTP disable checkbox fix. Issue #3567
Viktor Gurov
09:47 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries

This bug still persists in Build 2.4.5 date:2020.04.10
I can confirm my issue is the same as described by the ... Gabriel Ribeiro
09:38 AM Feature #3567 (Pull Request Review): Option to disable NTP
Jim Pingle
09:05 AM Feature #3567: Option to disable NTP
enable checkbox fix:
https://github.com/pfsense/pfsense/pull/4270 Viktor Gurov
09:37 AM pfSense Packages Bug #10447 (Pull Request Review): Framed-IP-Address with plus sign is deprecated
Jim Pingle
07:38 AM pfSense Packages Bug #10447: Framed-IP-Address with plus sign is deprecated
added to https://github.com/pfsense/FreeBSD-ports/pull/810 Viktor Gurov
02:13 AM pfSense Packages Bug #10447 (Resolved): Framed-IP-Address with plus sign is deprecated
if you use Framed-IP-Address with plus sign, i.e.... Viktor Gurov
09:21 AM pfSense Packages Bug #10442 (Pull Request Review): ACME: special characters in descriptions trigger silent error and rollback
Jim Pingle
05:13 AM pfSense Packages Bug #10442: ACME: special characters in descriptions trigger silent error and rollback
this fix uses descr field name instead of desc,
it's included in the $cdata_fields of xmlparser.inc:
https://github... Viktor Gurov
09:19 AM Bug #10386 (Pull Request Review): A NTP Time Server name may only contain the characters a-z, 0-9, '-' and '.'.
Jim Pingle
04:13 AM Bug #10386 (New): A NTP Time Server name may only contain the characters a-z, 0-9, '-' and '.'.
same fix for services_ntpd.php:
https://github.com/pfsense/pfsense/pull/4269 Viktor Gurov
03:39 AM Bug #10386 (Resolved): A NTP Time Server name may only contain the characters a-z, 0-9, '-' and '.'.
works OK on 2.5.0.a.20200409.0657,
I see an updated and more correct validation code:... Viktor Gurov
09:09 AM Revision cb92c086: NTP Time Server input validation. Issue #10386
Viktor Gurov
03:30 AM pfSense Packages Bug #7654 (Resolved): Can't use a LDAP search filter containing an accent
works as expected on 2.5.0.a.20200409.0657:... Viktor Gurov
03:26 AM Bug #10368 (Resolved): OpenVPN server no definition of protocol to use (udp4)
IPv4/IPv6, UDP/TCP tested on 2.5.0.a.20200409.0657
works as expected Viktor Gurov
03:22 AM Bug #7558 (Resolved): l2tp configure kills and sleeps even if first time
works as expected on 2.5.0.a.20200409.0657 Viktor Gurov
03:21 AM Bug #7562 (Resolved): l2tp remoteip confusion
works as expected on 2.5.0.a.20200409.0657 Viktor Gurov
03:16 AM Bug #10264 (Resolved): Gateways created at the console do not apply the naming convention used in the GUI
works as expected on 2.5.0.a.20200409.0657 Viktor Gurov
01:44 AM pfSense Packages Bug #10369 (Resolved): Remote OpenVPN server protocol definition
openvpn-client-export 1.4.21
IPv4/IPv6 tested
works as expected Viktor Gurov

04/09/2020

07:59 PM Revision b3a077c2: Revert "Temporary fix to let 2.5.0 poudriere to run"
This reverts commit 248909c2e37b45e9dbb8d4b5104e00f7683cd99a. Renato Botelho
07:58 PM Revision 7546cbce: Temporary fix to let 2.5.0 poudriere to run
Renato Botelho
07:56 PM Revision 248909c2: Temporary fix to let 2.5.0 poudriere to run
Renato Botelho
06:32 PM Bug #8179: Incorrect reverse DNS zone in DHCP server config for non-octet-aligned subnet mask
The PR is appreciated - However may I ask how this is going to help us? dhcpd doesn’t support the classless notation ... Yousif Hassan
06:20 AM Bug #8179 (Feedback): Incorrect reverse DNS zone in DHCP server config for non-octet-aligned subnet mask
PR has been merged. Thanks! Renato Botelho
05:46 PM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries
How it was tested ? What was the result ? How it failed ? Luiz Souza
05:04 PM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries

This bug still persists in Build 2.4.5 date:2020.04.09 Gabriel Ribeiro
03:05 PM Bug #10376: Duplicate logs from charon
I don't know about 2.5.0, but I can assure you it is not fixed in 2.4.5. Christian Ullrich
11:23 AM Revision bd78aead: Merge pull request #4262 from vktg/lagginfo
Renato Botelho
11:20 AM Revision 56241e59: Merge pull request #4266 from vktg/reversednsdhcp
Renato Botelho
11:12 AM Revision 061c1a1b: Merge pull request #4264 from vktg/addmaskfix
Renato Botelho
11:04 AM Revision 42d3d5fc: DigitalOcean IPv6 DDNS Client to find IPv6 entries when updating. Issue #10390
-[] Redmine Issue: https://redmine.pfsense.org/issues/10390
-[] Ready for review
(cherry picked from commit 08939cf... Csoban Kesmarki
11:03 AM Revision 22a94088: Merge pull request #4268 from csobankesmarki/master
Renato Botelho
11:01 AM Revision f0b343a2: Merge pull request #4235 from vktg/dhcpv6dyndns
Renato Botelho
10:56 AM Revision 0249b6f8: Style fixes
Renato Botelho
10:52 AM Revision 707db1bc: Merge pull request #4141 from vktg/set6routesmtu
Renato Botelho
10:38 AM Feature #10446: VIP address is not shown in firewall rules
Jim Pingle wrote:
> It's not a bug, but perhaps a feature request.
OK, let it be a feature request.
I think it... Silmor Senedlen
09:56 AM Feature #10446: VIP address is not shown in firewall rules
It's not a bug, but perhaps a feature request.
It's generally not necessary on firewall rules because they don't h... Jim Pingle
09:37 AM Feature #10446 (New): VIP address is not shown in firewall rules
Good day
I noticed that VIP address(Type: IP Alias) is not shown in Source/Destination drop-down menu in Firewall ru... Silmor Senedlen
07:10 AM pfSense Packages Feature #10428 (Pull Request Review): LCDProc: Add the EZIO driver to the lcdproc config page
Jim Pingle
06:22 AM Bug #9187 (Feedback): Status->Interfaces doesn't show useful data for lagg
PR has been merged. Thanks! Renato Botelho
06:12 AM Bug #10433 (Feedback): addMask() js code resets netmask size to 128/32
PR has been merged. Thanks! Renato Botelho
06:03 AM Bug #10390 (Feedback): Fix DigitalOcean Dynamic DNS client for IPv6
PR has been merged. Thanks! Renato Botelho
06:02 AM Bug #10346 (Feedback): DHCPv6 service Dynamic DNS errors
PR has been merged. Thanks! Renato Botelho
06:02 AM Feature #6600 (Feedback): DHCP Server - Primary DDNS Address won't accept IPv6 address
PR has been merged. Thanks! Renato Botelho
05:57 AM Bug #6868 (Feedback): Interface MTU Setting not applied to all IPv6 routes
PR has been merged. Thanks! Renato Botelho
04:49 AM pfSense Packages Bug #10445: BIND crashed when added RPZ. rpz is not a master or slave zone.
i was able to reproduce it here
https://forum.netgate.com/topic/152274/rpz-rpz-local-is-not-a-master-or-slave-zone-c... Manuel Piovan

04/08/2020

04:11 PM pfSense Packages Feature #8196 (Resolved): pfSense-pkg-LCDproc: add a shutdown/reboot control menu
Tested on several LCDs with lcdproc 0.10.6_9.
Works well. Steve Wheeler
02:09 PM pfSense Docs Correction #10417: Feedback on Packages — Package List
I added a basic description, it probably wants to be improved over time: https://docs.netgate.com/pfsense/en/latest/p... Jared Dillard
01:43 PM Revision 9fbd8f71: DHCPv6 service Dynamic DNS fix. Issue #10346
Viktor Gurov
12:31 PM pfSense Docs Correction #10435 (Closed): Console connection guide for PuTTY uses incorrect order of operations on first run of PuTTY
Thanks! The text has been updated to:... Jared Dillard
07:09 AM Feature #9251: DNS Resolver (Unbound) Python Integration
It's nice that there is the added option in the web config, but there is no hint whatsoever where to put these Python... Carsten Grafflage

04/07/2020

05:46 PM pfSense Packages Bug #10445 (Feedback): BIND crashed when added RPZ. rpz is not a master or slave zone.
Before upgrade pfsense to version 2.4.5 i try update packages on 2.4.4p3.
After updating BIND to 9.14_3 (Package Dep... lexxai lexxai
03:58 PM Feature #10237: Take ZFS snapshot on Upgrade
+1 for this feature (I don't see a voting button) David Reitz
03:23 PM pfSense Packages Bug #10444 (Resolved): FRR will not start in 2.4.5 aarch64
We have an internal bug open for this but it's not public.
https://redmine.netgate.com/issues/3765
Updates will b... Steve Wheeler
03:02 PM Bug #9263: Incorrect ICMP reply when using limiters
The ticket is explicitly for 2.4.4. Given that 2.4.5 is out now, the same issue is also impacting 2.4.5.
In my cas... Miroslav Shubernetskiy
11:44 AM pfSense Packages Bug #10443 (Closed): pfSense-pkg-squid-0.4.44_19 and pfSense-pkg-squid-0.4.44_20
Fixed:
see https://redmine.pfsense.org/issues/10434#note-4
and PR https://github.com/pfsense/FreeBSD-ports/pull/836 Viktor Gurov
11:00 AM pfSense Packages Bug #10443 (Closed): pfSense-pkg-squid-0.4.44_19 and pfSense-pkg-squid-0.4.44_20
After update from pfSense-pkg-squid-0.4.44_18 to pfSense-pkg-squid-0.4.44_19 Reverse proxy stopped working.
Squid do... Ilian Cheneshev
11:36 AM pfSense Packages Feature #10434 (Pull Request Review): Squid whitelist/blacklist with IDN hostnames
Jim Pingle
11:32 AM pfSense Packages Feature #10434: Squid whitelist/blacklist with IDN hostnames
Use idn_to_ascii() only for ACL
Otherwise sq_text_area_decode() create incorrect files (i.e. crt or key files)
Fi... Viktor Gurov
09:38 AM pfSense Packages Bug #10442: ACME: special characters in descriptions trigger silent error and rollback
Ah I see. Would just filtering out those characters via an error message before trying to save it be a better approac... Jens Groh
09:30 AM pfSense Packages Bug #10442: ACME: special characters in descriptions trigger silent error and rollback
No, it's not from htmlentities. It's that those characters are not valid in XML. So the field probably needs to have ... Jim Pingle
09:25 AM pfSense Packages Bug #10442: ACME: special characters in descriptions trigger silent error and rollback
small addition:
is related to Acme 0.6.6 (still happens on 2.5.x snapshots)
There are special chars that work (... Jens Groh
09:19 AM pfSense Packages Bug #10442 (Resolved): ACME: special characters in descriptions trigger silent error and rollback
pfSense: 2.4.5
Acme: 0.6.6
Re-create:
1) ACME > Certificates: create new certificate
2) enter any settings fo... Jens Groh
09:35 AM pfSense Packages Bug #10439: BandwidthD stopped working after update
Jim Pingle wrote:
> It works fine here on 2.4.5, and you did not provide enough detail to even guess at what might b... Mark Grant
08:05 AM pfSense Packages Bug #10439 (Rejected): BandwidthD stopped working after update
It works fine here on 2.4.5, and you did not provide enough detail to even guess at what might be wrong in your speci... Jim Pingle
09:17 AM pfSense Packages Bug #10440 (Feedback): Squid proxy ignoring allowed_subnets after package upgrade 0.4.44_9 ==> 0.4.44_19
PR has been merged. Thanks! Renato Botelho
08:50 AM pfSense Packages Bug #10440: Squid proxy ignoring allowed_subnets after package upgrade 0.4.44_9 ==> 0.4.44_19
Thanks for your quick update :)
I patched the file and it works as before. Tobias Meyer
08:06 AM pfSense Packages Bug #10440 (Pull Request Review): Squid proxy ignoring allowed_subnets after package upgrade 0.4.44_9 ==> 0.4.44_19
Jim Pingle
05:32 AM pfSense Packages Bug #10440: Squid proxy ignoring allowed_subnets after package upgrade 0.4.44_9 ==> 0.4.44_19
ACLs are blank on pre-2.4.5 pfSense,
caused by the absence of _idn_to_ascii()_
Fix:
https://github.com/pfsense/F... Viktor Gurov
02:59 AM pfSense Packages Bug #10440: Squid proxy ignoring allowed_subnets after package upgrade 0.4.44_9 ==> 0.4.44_19
Viktor Gurov wrote:
> can you check it in your squid.conf?
> Need more information
I can see the subnet on the U... Tobias Meyer
02:47 AM pfSense Packages Bug #10440: Squid proxy ignoring allowed_subnets after package upgrade 0.4.44_9 ==> 0.4.44_19
There is only one change in https://github.com/pfsense/FreeBSD-ports/pull/830
- fixes IPv6 duplicate addresses in lo... Viktor Gurov
02:31 AM pfSense Packages Bug #10440 (Resolved): Squid proxy ignoring allowed_subnets after package upgrade 0.4.44_9 ==> 0.4.44_19
We allow an additional subnet (OpenVPN Roadwarriors) on our squid proxy server additionally to the LAN interface.
... Tobias Meyer
08:22 AM pfSense Packages Feature #10441 (Pull Request Review): Integration of bfd daemon
Jim Pingle
07:48 AM pfSense Packages Feature #10441: Integration of bfd daemon
Corresponding PR :
https://github.com/pfsense/FreeBSD-ports/pull/835 Emmanuel Roger
07:34 AM pfSense Packages Feature #10441 (Resolved): Integration of bfd daemon
FRR package already include bfd daemon and it could be use to reduce fault detection.
Some changes are needed in o... Emmanuel Roger
07:59 AM pfSense Packages Bug #10338 (Resolved): FRR OSPF6 Router-ID configuration statement has changed
OK on frr 0.6.4_3 Viktor Gurov
07:15 AM Feature #10323 (Resolved): Allow limiting NTP pool server usage count
works fine on 2.5.0.a.20200404.2224 Viktor Gurov
03:30 AM pfSense Packages Bug #7048 (Resolved): Add IPv6 support to squid
resolved in https://redmine.pfsense.org/issues/10335
and https://redmine.pfsense.org/issues/8887 Viktor Gurov
03:26 AM pfSense Packages Feature #10335 (Resolved): Squid IPv6 transparent mode
works as expected on 2.4.5/2.5 with squid 0.4.44_19 Viktor Gurov
01:01 AM pfSense Packages Bug #10422 (Resolved): Squid LDAP auth must use LDAPURI option
works as expected on 2.4.5 with squid 0.4.44_19 Viktor Gurov
12:59 AM pfSense Packages Bug #10378 (Resolved): Add IPv6 network to Squid localnet
works as expected on 2.4.5 with squid 0.4.44_19 Viktor Gurov
12:54 AM pfSense Packages Bug #10379 (Resolved): squid not authenticate LDAP/RADIUS
works as expected on 2.4.5 with squid 0.4.44_19 Viktor Gurov

04/06/2020

07:19 PM pfSense Packages Bug #10436: softflowd no longer sends flow data after upgrade (v0.9.9_1 -> v1.0.0)
Manuel Piovan wrote:
> me too
> can you try with the flag -P udp from console and report back?
> example /usr/loca... Mark Hassman
06:25 AM pfSense Packages Bug #10436: softflowd no longer sends flow data after upgrade (v0.9.9_1 -> v1.0.0)
me too
can you try with the flag -P udp from console and report back?
example /usr/local/bin/softflowd -D -i 1:vmx1... Manuel Piovan
02:01 AM pfSense Packages Bug #10436 (Feedback): softflowd no longer sends flow data after upgrade (v0.9.9_1 -> v1.0.0)
Hi, after upgrading pfsense from v2.4.4_3 -> v2.4.5 (which included an upgrade of softflowd from v0.9.9_1 -> v1.0), s... Mark Hassman
06:49 PM pfSense Packages Bug #10439 (Rejected): BandwidthD stopped working after update
BandwidthD package stopped working after an update.
it installs fine, but no graphs.
deinstall/reinstall, same ... Mark Grant
04:19 PM Revision 08939cfb: DigitalOcean IPv6 DDNS Client to find IPv6 entries when updating. Issue #10390
-[] Redmine Issue: https://redmine.pfsense.org/issues/10390
-[] Ready for review Csoban Kesmarki
04:04 PM Revision 779b5ee5: Merge pull request #4267 from vktg/l2tpradiusissue
Renato Botelho
04:04 PM Revision 4e3ba659: Merge pull request #4265 from vktg/squidauthumlaut
Renato Botelho
04:04 PM Revision 9ea5f56e: Merge pull request #4263 from vktg/dhcpv6updstatleases
Renato Botelho
03:08 PM Bug #10438 (Resolved): Prepare pfSense-upgrade to deal with pkg 1.13.x+
pkg 1.13.x bumped repository meta version from 1 -> 2 and older versions can't read new repo metadata.
Change pfS... Renato Botelho
02:21 PM pfSense Packages Feature #10428: LCDProc: Add the EZIO driver to the lcdproc config page
tested here https://forum.netgate.com/topic/115071/ezio-driver-for-lcdproc/115
PR https://github.com/pfsense/FreeBSD... Manuel Piovan
01:51 PM Revision ad1a6de3: L2TP RADIUS issued IPs fix. Issue #7562
Viktor Gurov
01:30 PM Bug #10437: Changing interface description will break gateway groups
Looking through the config.xml, I can see what you mean about DHCP interfaces (deriving names from the description)..... Jon Brabender
12:43 PM Bug #10437: Changing interface description will break gateway groups
Thanks, I guess it just confusing because it is "allowed", but the side effects are not clear. Is there anything else... Jon Brabender
12:30 PM Bug #10437: Changing interface description will break gateway groups
In effect the "description" of the interface is its name in this context. It alters the name of the gateway. The fiel... Jim Pingle
12:29 PM Bug #10437: Changing interface description will break gateway groups
Those issues are "changing the name"...this is "changing the description"...I realize changing the "name" is not allo... Jon Brabender
11:41 AM Bug #10437 (Duplicate): Changing interface description will break gateway groups
This is the same root issue as #8218 / #8151, so it doesn't need its own entry.
This would only happen with dynami... Jim Pingle
11:28 AM Bug #10437 (Duplicate): Changing interface description will break gateway groups
Reproduce:
* System with Multiple Wans (Description/Interface= WAN/em0, WAN2/em1)
* Create an gateway group using t... Jon Brabender
01:13 PM Bug #10420 (Confirmed): Miscellaneous page with pre-existing RAM disks config can't be saved
I was able to replicate this on an ARM system (SG-3100).
Kernel Memory before activating RAM disks:... Jim Pingle
11:33 AM Bug #10390: Fix DigitalOcean Dynamic DNS client for IPv6
Corrected pull request: https://github.com/pfsense/pfsense/pull/4268 Csoban Kesmarki
11:04 AM Bug #7562 (Feedback): l2tp remoteip confusion
PR has been merged. Thanks! Renato Botelho
09:13 AM Bug #7562 (Pull Request Review): l2tp remoteip confusion
Jim Pingle
09:01 AM Bug #7562: l2tp remoteip confusion
https://github.com/pfsense/pfsense/pull/4267 Viktor Gurov
11:04 AM pfSense Packages Bug #7654 (Feedback): Can't use a LDAP search filter containing an accent
PR has been merged. Thanks! Renato Botelho
07:55 AM pfSense Packages Bug #7654 (Pull Request Review): Can't use a LDAP search filter containing an accent
Jim Pingle
11:04 AM Feature #10412 (Feedback): DHCPv6 Static Entries are not updated on external DDNS server
PR has been merged. Thanks! Renato Botelho
07:50 AM Feature #10412 (Pull Request Review): DHCPv6 Static Entries are not updated on external DDNS server
Jim Pingle
11:04 AM Feature #9439: Poll Interval For GPS and PPS
Here is a link to the official documentation: https://www.eecis.udel.edu/~mills/ntp/html/poll.html
The FreeBSD docum... Pierre Poutine
08:23 AM Feature #9439: Poll Interval For GPS and PPS
> 3 offers reduced jitter over 4.
> Low poll interval is also valuable for polling a server on a low latency network... Jim Pingle
11:01 AM pfSense Packages Bug #10432 (Feedback): Arpwatch show unknown vendor
PR has been merged. Thanks! Renato Botelho
08:17 AM pfSense Packages Bug #10432 (Pull Request Review): Arpwatch show unknown vendor
Jim Pingle
11:00 AM pfSense Packages Feature #10434 (Feedback): Squid whitelist/blacklist with IDN hostnames
PR has been merged. Thanks! Renato Botelho
07:57 AM pfSense Packages Feature #10434 (Pull Request Review): Squid whitelist/blacklist with IDN hostnames
Jim Pingle
11:00 AM pfSense Packages Feature #10335 (Feedback): Squid IPv6 transparent mode
PR has been merged. Thanks! Renato Botelho
08:10 AM pfSense Packages Feature #10335 (Pull Request Review): Squid IPv6 transparent mode
Jim Pingle
10:55 AM pfSense Packages Bug #10427 (Feedback): LCDproc: Handle multiple lcdproc clients
PR has been merged. Thanks! Renato Botelho
07:49 AM pfSense Packages Bug #10427 (Pull Request Review): LCDproc: Handle multiple lcdproc clients
Jim Pingle
10:55 AM pfSense Packages Bug #10385 (Feedback): Pb with Username authorized characters when OTP is disabled
PR has been merged. Thanks! Renato Botelho
07:48 AM pfSense Packages Bug #10385 (Pull Request Review): Pb with Username authorized characters when OTP is disabled
Jim Pingle
09:58 AM Bug #10418 (New): IPsec VTI address/mask selection not functional
Reopening this since it's not quite so clear that we should lock this down after all. Maybe we should default it to a... Jim Pingle
09:31 AM Bug #10375: Double zfs entry in loader.conf
Jim Pingle wrote:
> Is it still there after the next reboot?
Same
>
> How about after saving under System > Ad... Viktor Gurov
09:14 AM Bug #7558 (Pull Request Review): l2tp configure kills and sleeps even if first time
Jim Pingle
09:02 AM Bug #7558: l2tp configure kills and sleeps even if first time
https://github.com/pfsense/pfsense/pull/4267 Viktor Gurov
08:16 AM Feature #7287 (Pull Request Review): NTP add support for ACTS ref clock
Jim Pingle
08:12 AM Bug #8179 (Pull Request Review): Incorrect reverse DNS zone in DHCP server config for non-octet-aligned subnet mask
Jim Pingle
07:58 AM Bug #9187 (Pull Request Review): Status->Interfaces doesn't show useful data for lagg
Jim Pingle
07:52 AM Bug #10433 (Pull Request Review): addMask() js code resets netmask size to 128/32
Jim Pingle
04:27 AM Bug #10414: Very high CPU usage of pfctl and more causing very high load and a hardly usable internet connection
I can confirm this problem. If there are changes to the routing table (because there is packet loss on some OpenVPN I... W M

04/05/2020

10:23 PM Revision d95e86dc: Reverse DDNS zone in DHCP server for non-octet-aligned subnet. Issue #8179
Viktor Gurov
08:26 PM Feature #9439: Poll Interval For GPS and PPS
Jim Pingle wrote:
> What advantage would 3 have over 4 when using a local GPS though? Why would it need to probe tha... Pierre Poutine
07:05 PM Revision f14c9058: CDATA encode Squid LDAP options. Issue #7654
Viktor Gurov
05:39 PM pfSense Docs Correction #10435 (Closed): Console connection guide for PuTTY uses incorrect order of operations on first run of PuTTY
https://docs.netgate.com/pfsense/en/latest/solutions/sg-1100/connect-to-console.html
and the other "connect to con... Anonymous
05:26 PM Bug #8179: Incorrect reverse DNS zone in DHCP server config for non-octet-aligned subnet mask
Fix:
https://github.com/pfsense/pfsense/pull/4266 Viktor Gurov
03:38 PM Revision 44aea2e1: addMask() netmask reset fix. Issue #10433
Viktor Gurov
03:05 PM Bug #10420: Miscellaneous page with pre-existing RAM disks config can't be saved
I did not see the behavior on another installation I upgraded today neither. Adrian Zaugg
03:03 PM pfSense Packages Feature #10434: Squid whitelist/blacklist with IDN hostnames
https://github.com/pfsense/FreeBSD-ports/pull/832 Viktor Gurov
02:58 PM pfSense Packages Feature #10434 (Resolved): Squid whitelist/blacklist with IDN hostnames
Squid doesn't block non-ascii domans
non-ascii domains must first be converted to punycode:
https://unix.stackexcha... Viktor Gurov
02:11 PM pfSense Packages Bug #7654: Can't use a LDAP search filter containing an accent
TODO:
CDATA encode FreeRADIUS LDAP options Viktor Gurov
02:10 PM pfSense Packages Bug #7654: Can't use a LDAP search filter containing an accent
CDATA encode Squid LDAP options:
https://github.com/pfsense/pfsense/pull/4265 Viktor Gurov
12:53 PM Revision 1a618dc0: DHCPv6 update-static-leases. Issue #10412
Viktor Gurov
10:40 AM Bug #10433: addMask() js code resets netmask size to 128/32
Fix:
https://github.com/pfsense/pfsense/pull/4264 Viktor Gurov
10:37 AM Bug #10433 (Closed): addMask() js code resets netmask size to 128/32
from https://github.com/pfsense/pfsense/pull/4200:... Viktor Gurov
08:58 AM Bug #10430 (Not a Bug): Captive Portal shows 404 post login after upgrade to 2.4.5
There was no change in the configuration between 2.4.4-p3 and 2.4.5
The post-auth redirect URL should always have ... Jim Pingle
04:08 AM Bug #10430: Captive Portal shows 404 post login after upgrade to 2.4.5
I figured out the issue. It appears to be configuration problem, possible as a result of the upgrade. The default red... Jimmy Chen
04:02 AM Bug #10430: Captive Portal shows 404 post login after upgrade to 2.4.5
Testing the Captive Portal in a Windows machine allowed me to see the URL it's hitting post login.
https://guest.e... Jimmy Chen
03:47 AM Bug #10430 (Not a Bug): Captive Portal shows 404 post login after upgrade to 2.4.5
I just upgraded to 2.4.5 and when a user signs in via Captive Portal it immediately shows a "404 Not Found" nginx err... Jimmy Chen
07:56 AM Feature #10412: DHCPv6 Static Entries are not updated on external DDNS server
Right, https://ftp.isc.org/isc/dhcp/4.4.1/dhcp-4.4.1-RELNOTES:... Viktor Gurov
07:10 AM pfSense Packages Feature #10428: LCDProc: Add the EZIO driver to the lcdproc config page
EZIO is a serial connection type for HD44780. It must be set for the server to be able to talk to it.
https://github... Steve Wheeler
07:05 AM pfSense Packages Feature #10428: LCDProc: Add the EZIO driver to the lcdproc config page
https://github.com/lcdproc/lcdproc/releases
HD44780 connection type "serial" supports Portwell EZIO-100 and EZIO-300... Manuel Piovan
06:00 AM pfSense Packages Bug #10432: Arpwatch show unknown vendor
this is due to $oui = strtoupper(substr($mac, 0, 8));
the content of ethercodes.dat is not uppercase
PR https://... Manuel Piovan
05:55 AM pfSense Packages Bug #10432 (Resolved): Arpwatch show unknown vendor
arpwatch.inc
line 164
if (preg_match("/^$oui\s+(.*)$/m", file_get_contents(ARPWATCH_LOCAL_DIR.'/ethercodes.dat'), $... Manuel Piovan
05:31 AM pfSense Packages Bug #10431: pfBlockerNG Cron Job wrong - Clear IP / DNSBL Statistics
Preview function is your friend. Cron looks like... Luki TJ
05:26 AM pfSense Packages Bug #10431 (Resolved): pfBlockerNG Cron Job wrong - Clear IP / DNSBL Statistics
Configuring on the pfBlockerNG Widget the Statistic clearance on a weekly frequency results in this cron config:
*... Luki TJ

04/04/2020

05:10 PM pfSense Packages Feature #10335: Squid IPv6 transparent mode
https://github.com/pfsense/FreeBSD-ports/pull/830 Viktor Gurov
01:28 PM pfSense Packages Bug #10429: Status Traffic Total broken 2.4.5
https://forum.netgate.com/topic/151914/traffic-totals-hourly-report-problem/ Manuel Piovan
01:22 PM pfSense Packages Bug #10429 (New): Status Traffic Total broken 2.4.5
it's broken on 2.4.5
Hourly and Daily tab show data in the future
top 10 show ... some strange geometric figure Manuel Piovan
12:25 PM Revision 49e36202: Show LAGG Members info. Issue #9187
Viktor Gurov
10:33 AM Bug #8981 (Resolved): Uncheck DHCP registration does not clear entries
works as expected on 2.5.0.a.20200403.1936 Viktor Gurov
10:26 AM Feature #1019 (Resolved): Lagg Failover Mode Master Interface
works as expected on 2.5.0.a.20200403.1936 Viktor Gurov
10:24 AM Bug #8054 (Resolved): DHCP server accepts trailing dot in domain names, DNS resolver adds another and breaks
works as expected on 2.5.0.a.20200403.1936 Viktor Gurov
10:20 AM pfSense Packages Feature #10428: LCDProc: Add the EZIO driver to the lcdproc config page
LCDd.conf not lcdproc.conf Steve Wheeler
10:18 AM pfSense Packages Feature #10428 (Resolved): LCDProc: Add the EZIO driver to the lcdproc config page
The EZIO driver was written by forum member fmertz and accepted upstream, it's now part of the package but there is n... Steve Wheeler
10:15 AM pfSense Packages Bug #10427: LCDproc: Handle multiple lcdproc clients
https://github.com/pfsense/FreeBSD-ports/pull/829 Viktor Gurov
10:13 AM pfSense Packages Bug #10427 (Resolved): LCDproc: Handle multiple lcdproc clients
Return only one argument from pgrep to avoid breaking [ ]. Without that the client processes are not killed if there ... Viktor Gurov
09:55 AM pfSense Packages Bug #10422: Squid LDAP auth must use LDAPURI option
I upgraded squid to 0.4.44_18 on 2.4.5/2.5 but can't see this code
 Viktor Gurov
08:49 AM Bug #10424 (Resolved): status.php: Calls using pkg should use pkg-static
Works as expected Jim Pingle
08:49 AM Todo #10423 (Resolved): status.php: Add kernel modules
Jim Pingle
05:02 AM Todo #10423: status.php: Add kernel modules
tested on 2.5.0.a.20200403.1936
OS-Kernel Modules.txt is OK. Viktor Gurov
08:44 AM Bug #10414: Very high CPU usage of pfctl and more causing very high load and a hardly usable internet connection
I can reproduce this at will. My hardware is a Supermicro 5018D-FN4T (Same as XG-1541). I can provide a config file i... John Jacobs
08:02 AM Bug #10418 (Resolved): IPsec VTI address/mask selection not functional
tested on 2.5.0.a.20200403.1936
OK now, I can see correct netmask:... Viktor Gurov
07:51 AM Feature #9251: DNS Resolver (Unbound) Python Integration
About python module and python files, suggestion "option two":
add Notice *(i) to Python Module Script about:
1. If... DRago_Angel [InV@DER]
04:34 AM Feature #9251: DNS Resolver (Unbound) Python Integration
@Jim maybe cool idea to add option to paste python files to unbound chroot like it done in HAproxy package from GUI s... DRago_Angel [InV@DER]
07:28 AM Bug #9187: Status->Interfaces doesn't show useful data for lagg
Fix:
https://github.com/pfsense/pfsense/pull/4262 Viktor Gurov
06:22 AM pfSense Packages Bug #10426 (Resolved): Filer must validate that File name is uniq
Filer Plugin allow create multiply files with same name which is not have any usecase. I think this bug. DRago_Angel [InV@DER]
04:56 AM pfSense Packages Bug #10385: Pb with Username authorized characters when OTP is disabled
MILO MEDIN wrote:
> There is also an issue with being able to user MAC addresses in the FreeRadius username in the X... Viktor Gurov
03:28 AM Feature #7287: NTP add support for ACTS ref clock
updated PR:
https://github.com/pfsense/pfsense/pull/4261 Viktor Gurov

04/03/2020

08:10 PM pfSense Packages Feature #10425 (Resolved): upgrade ntopng to 4.0.0
ntopng 4.0.0 has been released.
https://github.com/ntop/ntopng/commits/4.0
Could the ntopng package for pfSense... Jeffrey Altman
07:04 PM Revision b4ce86dc: status.php updates
* Add kldstat verbose output. Implements #10423
* Change pkg calls to pkg-static. Fixes #10424
(cherry picked from c... Jim Pingle
07:03 PM Revision b943d20d: status.php updates
* Add kldstat verbose output. Implements #10423
* Change pkg calls to pkg-static. Fixes #10424 Jim Pingle
04:13 PM Revision 6e2d9fa9: Deprecated is more appropriate
Renato Botelho
04:13 PM Revision ebbe8260: Deprecated is more appropriate
Renato Botelho
04:13 PM Revision b1f1c16f: Deprecated is more appropriate
Renato Botelho
03:42 PM Revision 411579d8: Reset PRODUCT_REVISION
Renato Botelho
03:02 PM Revision bad84d07: Merge pull request #4245 from vktg/defntpmaxpeers
Renato Botelho
03:01 PM Revision 15abd092: Merge pull request #4247 from vktg/laggmembermtu
Renato Botelho
03:00 PM Revision a98b3d58: Merge pull request #4248 from vktg/ovpnclientproto
Renato Botelho
02:59 PM Revision 56281195: Merge pull request #4252 from vktg/cleandnsdhcpleases
Renato Botelho
02:55 PM Revision f16b44a3: Merge pull request #4254 from kiokoman/master
Renato Botelho
02:55 PM Revision f380af3f: Merge pull request #4243 from vktg/ntpdisable
Renato Botelho
02:54 PM Revision 4fc1f7d6: Merge pull request #4246 from vktg/ignorelaggmemevent
Renato Botelho
02:53 PM Revision 47fb41cc: Merge pull request #4251 from vktg/sysdomainfix
Renato Botelho
02:48 PM Revision 76a102fb: Merge pull request #4249 from vktg/laggfailovermaster
Renato Botelho
02:44 PM Revision 3610b37a: Merge pull request #4260 from vktg/ipsecvti30
Renato Botelho
02:10 PM Bug #10424 (Feedback): status.php: Calls using pkg should use pkg-static
Applied in changeset commit:b943d20dcd9a580c18ce804b47f512855272f1dd. Jim Pingle
02:03 PM Bug #10424 (Resolved): status.php: Calls using pkg should use pkg-static
The status.php items which use @pkg@ should use @pkg-static@ instead, to avoid potential problems on systems which ar... Jim Pingle
02:10 PM Todo #10423 (Feedback): status.php: Add kernel modules
Applied in changeset commit:b943d20dcd9a580c18ce804b47f512855272f1dd. Jim Pingle
02:02 PM Todo #10423 (Resolved): status.php: Add kernel modules
The list of loaded kernel modules from @kldstat@ should be added to status.php Jim Pingle
01:50 PM Revision 159df52d: Rename 2.4.4 repo files
Renato Botelho
01:50 PM Revision 76d9d592: Rename 2.4.4 repo files
Renato Botelho
01:49 PM Revision e72665ec: Rename 2.4.4 repo files
Renato Botelho
01:26 PM Revision d4aa3c9d: Let user to stay on 2.4.4 for some time
Renato Botelho
01:25 PM Revision 9cc713c6: Let user to stay on 2.4.4 for some time
Renato Botelho
01:24 PM Revision 73c6bbaa: Let user to stay on 2.4.4 for some time
Renato Botelho
12:34 PM Revision 92ab21bb: IPsec VTI /30 netmask. Issue #10418
Viktor Gurov
12:08 PM pfSense Packages Bug #10422 (Feedback): Squid LDAP auth must use LDAPURI option
PR has been merged. Thanks! Renato Botelho
11:45 AM pfSense Packages Bug #10422: Squid LDAP auth must use LDAPURI option
Fix:
https://github.com/pfsense/FreeBSD-ports/pull/823
This PR also changes STARTTLS -Z option to -ZZ,
it's used... Viktor Gurov
11:39 AM pfSense Packages Bug #10422 (Resolved): Squid LDAP auth must use LDAPURI option
basic_ldap_auth must use LDAPURI option (-H) to successfully connect using ldaps.
see https://forum.netgate.com/topi... Viktor Gurov
10:41 AM Bug #10420: Miscellaneous page with pre-existing RAM disks config can't be saved
I have not seen that happen here when I was testing this initially, but I don't currently have any systems with RAM d... Jim Pingle
10:12 AM Bug #10420 (Resolved): Miscellaneous page with pre-existing RAM disks config can't be saved
Having an installation of pfSense using RAM disks one can't save any other changes made on the System->Advanced->Misc... Adrian Zaugg
10:31 AM pfSense Packages Feature #10421 (Resolved): suricata unix_stream support for telegraf
it would be nice if there was support for telegraf under suricata
input.suricata need unix socket to be created for ... Manuel Piovan
10:25 AM pfSense Packages Todo #10419 (Feedback): Update haproxy ports
Done. Bumped haproxy and haproxy-devel pfSense packages to 0.60_4 to let users to see a new version Renato Botelho
08:26 AM pfSense Packages Todo #10419 (Closed): Update haproxy ports
pfSense-pkg-haproxy depends on net/haproxy18 which is currently 1.8.23
pfSense-pkg-haproxy-devel depends on net/hapr... Jim Pingle
10:19 AM pfSense Packages Bug #10369 (Feedback): Remote OpenVPN server protocol definition
PR has been merged. Thanks! Renato Botelho
10:19 AM pfSense Packages Bug #10393 (Feedback): Syslog-ng TLS support is broken
PR has been merged. Thanks! Renato Botelho
10:17 AM pfSense Packages Bug #10413 (Feedback): BIND plugins are not copied into chroot
PR has been merged. Thanks! Renato Botelho
10:16 AM pfSense Packages Bug #10378 (Feedback): Add IPv6 network to Squid localnet
PR has been merged. Thanks! Renato Botelho
07:19 AM pfSense Packages Bug #10378 (Pull Request Review): Add IPv6 network to Squid localnet
Jim Pingle
10:16 AM pfSense Packages Feature #10415 (Feedback): FreeRADIUS Package: Add option to enter NT or MD5 prehashed passwords in configuration
PR has been merged. Thanks! Renato Botelho
07:28 AM pfSense Packages Feature #10415 (Pull Request Review): FreeRADIUS Package: Add option to enter NT or MD5 prehashed passwords in configuration
Jim Pingle
10:02 AM Feature #10323 (Feedback): Allow limiting NTP pool server usage count
PR has been merged. Thanks! Renato Botelho
10:01 AM Bug #8585 (Feedback): Logical interface MTU matches configuration of its physical port channel, not its own configuration
PR has been merged. Thanks! Renato Botelho
10:00 AM Bug #10368 (Feedback): OpenVPN server no definition of protocol to use (udp4)
PR has been merged. Thanks! Renato Botelho
10:00 AM Bug #8981 (Feedback): Uncheck DHCP registration does not clear entries
PR has been merged. Thanks! Renato Botelho
09:58 AM Feature #10374 (Pull Request Review): Add ARM32/64 network booting support to dhcpd
Ops, my mistake here. PR was not merged yet Renato Botelho
09:56 AM Feature #10374 (Feedback): Add ARM32/64 network booting support to dhcpd
PR has been merged. Thanks! Renato Botelho
09:56 AM Bug #10386 (Feedback): A NTP Time Server name may only contain the characters a-z, 0-9, '-' and '.'.
PR has been merged. Thanks! Renato Botelho
09:54 AM Feature #3567 (Feedback): Option to disable NTP
PR has been merged. Thanks! Renato Botelho
09:53 AM Bug #10365 (Feedback): LAGG member event causes filter to reload
PR has been merged. Thanks! Renato Botelho
09:52 AM Bug #8054 (Feedback): DHCP server accepts trailing dot in domain names, DNS resolver adds another and breaks
PR has been merged. Thanks! Renato Botelho
09:48 AM Feature #1019 (Feedback): Lagg Failover Mode Master Interface
PR has been merged. Thanks! Renato Botelho
09:44 AM Bug #10418 (Feedback): IPsec VTI address/mask selection not functional
PR has been merged. Thanks! Renato Botelho
07:53 AM Bug #10418 (Pull Request Review): IPsec VTI address/mask selection not functional
Jim Pingle
07:36 AM Bug #10418: IPsec VTI address/mask selection not functional
/30 netmask fix:
https://github.com/pfsense/pfsense/pull/4260 Viktor Gurov
07:25 AM Bug #10418: IPsec VTI address/mask selection not functional
Viktor Gurov wrote:
> _2. After IPsec interface assignment it doesn't appear under Firewall/Rules:_
> I found that ... Jim Pingle
07:19 AM Bug #10418: IPsec VTI address/mask selection not functional
_1. Once the IPsec interface is assigned, it gets /32 subnet instead of /30._
simple fix in ipsec.inc
https://githu... Viktor Gurov
06:33 AM Bug #10418 (Resolved): IPsec VTI address/mask selection not functional
There are couple of oddities in 2.4.5.
1. Once the IPsec interface is assigned, it gets /32 subnet instead of /30.
... Danilo Zrenjanin
09:21 AM Bug #10416: dhcrelay command line options not properly configured for some DHCP failover scenarios
Jim Pingle wrote:
> Having separate choices for upstream and downstream would give the user manual control over whic... John Steele
09:09 AM Bug #10416: dhcrelay command line options not properly configured for some DHCP failover scenarios
John Steele wrote:
> Jim Pingle wrote:
> > Why would you need to relay to a server in the same subnet as the client... Jim Pingle
09:02 AM Bug #10416: dhcrelay command line options not properly configured for some DHCP failover scenarios
Jim Pingle wrote:
> Why would you need to relay to a server in the same subnet as the clients it serves and the fire... John Steele
07:37 AM Bug #10416: dhcrelay command line options not properly configured for some DHCP failover scenarios
Why would you need to relay to a server in the same subnet as the clients it serves and the firewall? They can get a ... Jim Pingle
01:31 AM Bug #10416 (Resolved): dhcrelay command line options not properly configured for some DHCP failover scenarios
Scenario: ISC DHCP failover, with one of the 2 servers in the failover association residing in a subnet that also se... John Steele
07:53 AM Bug #10414: Very high CPU usage of pfctl and more causing very high load and a hardly usable internet connection
Likely the same root cause as #10310 though that doesn't have quite the same symptoms.
> Cause:
> - it may be rel... Jim Pingle
07:07 AM Bug #10414: Very high CPU usage of pfctl and more causing very high load and a hardly usable internet connection
A few additions:
- it seems to happen more often if pfSense is installed and used in a virtual environement
- it se... Tobias H
07:05 AM Revision 09b9977b: Lagg Failover Mode Master Interface select. Issue #1019
Viktor Gurov
04:29 AM pfSense Docs Correction #10417 (Closed): Feedback on Packages — Package List
*Page:* https://docs.netgate.com/pfsense/en/latest/packages/list.html
*Feedback:*
Need to add info about PIMD p... Viktor Gurov
12:55 AM Feature #10293 (Resolved): DNS flag day - EDNS buffer size recommendation
works as expected on 2.5.0.a.20200402.0149 Viktor Gurov

04/02/2020

11:38 PM Bug #10380: Unable to upgrade from 2.4.4 p3 to 2.4.5
Peter Cronwright wrote:
> Just had the same thing
I am also experiencing the same issue ... houmehr aghabozorgi
09:50 PM pfSense Packages Feature #10415: FreeRADIUS Package: Add option to enter NT or MD5 prehashed passwords in configuration
Link to pull request: https://github.com/pfsense/FreeBSD-ports/pull/822 Implements #10415 Adds prehashed NT-Password ... Tet-Woo Lee
09:19 PM pfSense Packages Feature #10415 (Resolved): FreeRADIUS Package: Add option to enter NT or MD5 prehashed passwords in configuration
The FreeRADIUS Package currently provides the option to use 'Cleartext-Password' and only hashing option - 'MD5-Passw... Tet-Woo Lee
08:57 PM Bug #10414 (Resolved): Very high CPU usage of pfctl and more causing very high load and a hardly usable internet connection
There are several threads in the forum complaining about high CPU usage of pfctl and some other processs. This is cau... Tobias H
03:19 PM pfSense Packages Bug #10413 (Pull Request Review): BIND plugins are not copied into chroot
PR: https://github.com/pfsense/FreeBSD-ports/pull/816 Jim Pingle
02:55 PM pfSense Packages Bug #10413 (Resolved): BIND plugins are not copied into chroot
BIND 9.13.5 introduced a new plugin system, and the filter-aaaa support was moved to a plugin, so we need to copy the... Scott Dial
03:07 PM pfSense Packages Bug #10378: Add IPv6 network to Squid localnet
Fix:
https://github.com/pfsense/FreeBSD-ports/pull/817 Viktor Gurov
02:59 PM Todo #10349 (Resolved): status.php: Sanitize ldapbindpass and ldap_pass
Jim Pingle
01:08 PM Bug #10390 (Pull Request Review): Fix DigitalOcean Dynamic DNS client for IPv6
Jim Pingle
01:07 PM Bug #10390: Fix DigitalOcean Dynamic DNS client for IPv6
Yes sir, just did: https://github.com/pfsense/pfsense/pull/4259 Csoban Kesmarki
01:07 PM pfSense Packages Bug #10411: ACME only uses DoH, Broken renewal
Jim Pingle wrote:
> Still seems like acme.sh should handle that more gracefully without relying on such a long timeo... theodore adams
12:44 PM pfSense Packages Bug #10411: ACME only uses DoH, Broken renewal
Still seems like acme.sh should handle that more gracefully without relying on such a long timeout, or have an option... Jim Pingle
12:41 PM pfSense Packages Bug #10411: ACME only uses DoH, Broken renewal
Thank you for reviewing Jim.
I have been researching further and found closed issues on the acme.sh github:
https... theodore adams
10:36 AM pfSense Packages Bug #10411 (Needs Patch): ACME only uses DoH, Broken renewal
That will need to be raised as an issue directly with acme.sh not here. Jim Pingle
10:21 AM pfSense Packages Bug #10411 (Needs Patch): ACME only uses DoH, Broken renewal
The issue is described on the forum here:
> https://forum.netgate.com/topic/150984/doh-verification-method
DoH ap... theodore adams
12:30 PM Feature #10412: DHCPv6 Static Entries are not updated on external DDNS server
Suggesting the following change (based on the services.inc in 2.4.5):
--- old/src/etc/inc/services.inc 2020-03-17 ... Csoban Kesmarki
12:29 PM Feature #10412 (Resolved): DHCPv6 Static Entries are not updated on external DDNS server
Since pfSense 2.4.5 the isc-dhcp-server is 4.4.1 which supports "update-static-leases" statment for DHCPv6, too. Csoban Kesmarki
12:25 PM Bug #10346: DHCPv6 service Dynamic DNS errors
See also: #6600 (some overlap in the PR) Jim Pingle
12:25 PM Feature #6600 (Pull Request Review): DHCP Server - Primary DDNS Address won't accept IPv6 address
Jim Pingle
10:54 AM Feature #6600: DHCP Server - Primary DDNS Address won't accept IPv6 address
see https://redmine.pfsense.org/issues/10346
fix in progress: https://github.com/pfsense/pfsense/pull/4235 Viktor Gurov
12:25 PM pfSense Packages Bug #10379 (Feedback): squid not authenticate LDAP/RADIUS
PR 814 was merged Jim Pingle
12:07 PM Bug #8522 (Resolved): SMTP test says success when actually fails
works as expected on 2.5.0.a.20200331.2303 Viktor Gurov
11:40 AM Revision 8ee5aa03: DHCP Domain trailing dot validation. Issue #8054
Viktor Gurov
11:00 AM Bug #10306 (Resolved): Incorrect IPsec service status
Renato Botelho wrote:
> PR has been merged. Thanks!
works as expected on 2.5.0.a.20200331.2303 Viktor Gurov
07:42 AM Feature #10410 (Rejected): Display changelog on update in System->Package Manager
There is no "changelog" to display. There is no viable way to accomplish this automatically. Even linking to things l... Jim Pingle
05:31 AM Feature #10410 (Rejected): Display changelog on update in System->Package Manager
It good to know what changes was done in new version of package or even get link to git merge commit and so on. DRago_Angel [InV@DER]
07:40 AM Bug #10409 (Pull Request Review): OpenVPN client without userpass hangs system startup
Copying note here from Github:
I seem to recall there was a specific reason we allowed the password to be empty. ... Jim Pingle
04:32 AM Bug #10409: OpenVPN client without userpass hangs system startup
OpenVPN client userpass is mandatory
Fix:
https://github.com/pfsense/pfsense/pull/4257 Viktor Gurov
04:16 AM Bug #10409 (Resolved): OpenVPN client without userpass hangs system startup
If you create OpenVPN client connection with user authentication,
but don’t enter the password
System hangs on star... Viktor Gurov
07:21 AM Bug #10408 (Rejected): Unable to upgrade from 2.4.4 p3 to 2.4.5
This site is not for support or diagnostic discussion. Please post on the forum for assistance. Jim Pingle
03:24 AM Bug #10408: Unable to upgrade from 2.4.4 p3 to 2.4.5
ask for help/ check the forum, not here https://forum.netgate.com/topic/151403/readline-so-0-bytes-after-upgrade/7 Manuel Piovan
12:19 AM Bug #10408 (Rejected): Unable to upgrade from 2.4.4 p3 to 2.4.5
Error: Warning: PHP Startup: Unable to load dynamic library 'readline.so' (tried: /usr/local/lib/php/20170718/readlin... Joseph Comendador
07:20 AM Bug #10396 (Not a Bug): rc.start_packages after modem loose connection
OK, if you do manage to track down the source of the problem and have enough detail for others to reproduce it and so... Jim Pingle
12:42 AM Bug #10396: rc.start_packages after modem loose connection
I think it can be closed. After some further investigations I am sure it is not a problem with the rc.start_packages ... odo maitre
07:15 AM Bug #10407 (Needs Patch): L2TP static route not re-added after connection down/up
The L2TP WAN-type interface design is not designed to be used with VPNs. It may work, but not intentionally. It is de... Jim Pingle
01:54 AM Bug #10397: Changing default or static route gateway on 2.5.0 does not remove old route
Jim Pingle wrote:
> This also affects static routes. Changing a route gateway does not remove the old route.
It i... Viktor Gurov

04/01/2020

06:03 PM Bug #10407: L2TP static route not re-added after connection down/up
Better explanation on Reddit: https://www.reddit.com/r/PFSENSE/comments/dt6181/static_route_problem_with_l2tpipsec_vpn/ Federico Chiaravalli
05:59 PM Bug #10407 (Resolved): L2TP static route not re-added after connection down/up
How to recreate:
Create L2TP VPN
Create a default gw to the VPN subnet
Create the static route
* route is added t... Federico Chiaravalli
02:21 PM pfSense Packages Bug #9347 (Resolved): Domain SAN list displays "Key Algorithm: HMAC-MD5, API Endpoint: portal.nexcess.net"
Jim Pingle
02:17 PM pfSense Packages Feature #10403 (Feedback): Add Proxy support to ACME package
This has been implemented in ACME package version 0.6.6
I tested it against a local squid instance and it worked. ... Jim Pingle
09:49 AM pfSense Packages Feature #10403 (Resolved): Add Proxy support to ACME package
The ACME package does not utilize the system proxy settings when making outbound queries.
Though there is not spec... Jim Pingle
02:16 PM pfSense Packages Bug #10405 (Feedback): Additional instances of ACME Domain SAN list entries with passwords are rendered as checkboxes
This is fixed in ACME package version 0.6.6 Jim Pingle
10:29 AM pfSense Packages Bug #10405 (Resolved): Additional instances of ACME Domain SAN list entries with passwords are rendered as checkboxes
When adding more than one Domain SAN list entry to an ACME certificate, password type fields are rendered as checkbox... Jim Pingle
01:30 PM Bug #10406 (Confirmed): Interfaces.php PPPoE selection display inappropriate "Toggle All" button when periodic reset set to "pre-set"
I did, but apparently I was looking on the actual PPP interface settings page not interfaces.php. I see it there.
... Jim Pingle
01:23 PM Bug #10406: Interfaces.php PPPoE selection display inappropriate "Toggle All" button when periodic reset set to "pre-set"
Did you choose Pre-Set at "Periodic reset" ? Grischa Zengel
12:52 PM Bug #10406: Interfaces.php PPPoE selection display inappropriate "Toggle All" button when periodic reset set to "pre-set"
It should always show the button, even for you.
If I have this:... Grischa Zengel
12:22 PM Bug #10406: Interfaces.php PPPoE selection display inappropriate "Toggle All" button when periodic reset set to "pre-set"
Are you sure?
I get it with Linux Firefox, Windows 10 Edge.
From different customers intranet.
Even with Netgate... Grischa Zengel
11:44 AM Bug #10406 (Rejected): Interfaces.php PPPoE selection display inappropriate "Toggle All" button when periodic reset set to "pre-set"
I don't see a "Toggle All" button on the page in the source or rendered in the browser. I tried in Firefox and Chrome... Jim Pingle
10:39 AM Bug #10406 (Resolved): Interfaces.php PPPoE selection display inappropriate "Toggle All" button when periodic reset set to "pre-set"
"cron based reset" for PPPoE connections at interfaces.php uses radio buttons and shows Toggle All Button.... Grischa Zengel
12:08 PM Bug #5413: Reduce disruptions when changing DNS records from DHCP leases in Unbound
Thanks @Nick B this workaround works well. Brittney Lars
10:54 AM Feature #10404: Consider using chrony for NTP services
Forgot to add - it might be a good topic for when TNSR's base gets to be CentOS 8. e 1/1
10:07 AM Feature #10404 (New): Consider using chrony for NTP services
Please consider chronyd's advantages and disadvantages vs ntpd - see https://chrony.tuxfamily.org/comparison.html
... e 1/1
09:47 AM Bug #10400: SystemUser ManagerUsers add buttom does not appear
If I may - a suggestion: show the add and delete buttons, but have them "greyed out", and when the mouse is hovered o... e 1/1
07:24 AM Feature #10402: OpenVPN ifconfig-pool
Sorry, missed the #9156, thank you Jim.
I hope it will be available soon, it's open more than a year. Norbert Csanádi
07:16 AM Feature #10402 (Duplicate): OpenVPN ifconfig-pool
There is already an open issue for nopool: #9156 Jim Pingle
05:08 AM Feature #10402 (Duplicate): OpenVPN ifconfig-pool
The ifconfig-pool option is missing from OpenVPN settings and it could be conflict with static IP address assigned wi... Norbert Csanádi
05:14 AM Bug #10380: Unable to upgrade from 2.4.4 p3 to 2.4.5
Just had the same thing Peter Cronwright
01:33 AM pfSense Packages Bug #10379: squid not authenticate LDAP/RADIUS
Ismael Peixoto Azambuja wrote:
> O 71 wrote:
> > Hi Ismael,
> >
> > Can you give me the line write in the squid... O 71

03/31/2020

09:37 PM Revision c4c42f28: Correct Indentation
if statement covering multiple lines was formatted incorrectly. John Kap
08:02 PM Revision 84422a37: Ignore events on LAGG members. Issue #10365
Viktor Gurov
07:57 PM Revision b5d5da0c: Add option to disable NTP server. Issue #3567
Viktor Gurov
06:29 PM pfSense Packages Bug #10379: squid not authenticate LDAP/RADIUS
O 71 wrote:
> Hi Ismael,
>
> Can you give me the line write in the squid.conf file ?
> If you check or uncheck "... Ismael Peixoto Azambuja
03:43 PM pfSense Packages Bug #10379 (Pull Request Review): squid not authenticate LDAP/RADIUS
Jim Pingle
02:53 PM pfSense Packages Bug #10379: squid not authenticate LDAP/RADIUS
Fix: https://github.com/pfsense/FreeBSD-ports/pull/814 Viktor Gurov
10:05 AM pfSense Packages Bug #10379: squid not authenticate LDAP/RADIUS
I test and it works if I modify the file /usr/local/pkg/squid.inc like this :... O 71
04:37 AM pfSense Packages Bug #10379: squid not authenticate LDAP/RADIUS
Hi Ismael,
Can you give me the line write in the squid.conf file ?
If you check or uncheck "LDAP follow referrals... O 71
02:06 AM pfSense Packages Bug #10379: squid not authenticate LDAP/RADIUS
available update: 0.4.44_16, here all work perfect now.
do not know who to thank, but thanks for the correction! Ismael Peixoto Azambuja
04:48 PM Feature #10401 (New): Request: ability to sort/separate stopped/running Service(s) on Dashboard -> Services Status widget
The Dashboard -> Services Status widget provides no sorting on the status (or a separation area) of stopped vs. runni... P L
04:25 PM Bug #10396: rc.start_packages after modem loose connection
After some further research and back and forth posts in the forum thread on this issue, I am pretty confident it is n... Bill Meeks
07:22 AM Bug #10396 (Incomplete): rc.start_packages after modem loose connection
There is not nearly enough information here for a valid bug report. Please keep the discussion on your forum thread u... Jim Pingle
02:21 AM Bug #10396 (Not a Bug): rc.start_packages after modem loose connection
Hello,
I found this issue in conjunction with Snort and after a discussion with bmeeks (https://forum.netgate.com/to... odo maitre
12:53 PM Bug #10400 (Rejected): SystemUser ManagerUsers add buttom does not appear
This is not a bug. Your user and/or group have the "Deny Config Write" privilege. Fix your privileges. Jim Pingle
12:48 PM Bug #10400 (Rejected): SystemUser ManagerUsers add buttom does not appear
378/5000
after upgrading to PFSENSE 2.4.5-RELEASE (amd64) the ADD and DELETE buttons in System / User Manager / User... Pedro Luis Dominguez
10:33 AM pfSense Packages Bug #10385: Pb with Username authorized characters when OTP is disabled
There is also an issue with being able to user MAC addresses in the FreeRadius username in the XX:XX:XX:XX:XX:XX beca... MILO MEDIN
09:55 AM Bug #10398: RFC1918 external address in miniupnp does not work after upgrade to 2.4.5
Ok, I opened an issue on the miniupnp tracker for this -
https://github.com/miniupnp/miniupnp/issues/433 Andy Kwong
09:17 AM Bug #10398: RFC1918 external address in miniupnp does not work after upgrade to 2.4.5
I agree, the changes in miniupnpd are unnecessary and harmful to some use cases. They should at least provide an opti... Jim Pingle
09:07 AM Bug #10398: RFC1918 external address in miniupnp does not work after upgrade to 2.4.5
>That's what the "Override WAN address" option does.
Thanks. So that's passed through as the ext_ip. I did some ad... Andy Kwong
08:01 AM Bug #10398 (Needs Patch): RFC1918 external address in miniupnp does not work after upgrade to 2.4.5
We've seen this internally as well. This must be solved by miniupnpd.
> One of the solutions recommended is to sta... Jim Pingle
07:53 AM Bug #10398 (Needs Patch): RFC1918 external address in miniupnp does not work after upgrade to 2.4.5
After upgrading pfSense to 2.4.5, MiniUPnP refuses to assign port mappings when the WAN interface is RFC1918 -
ISP... Andy Kwong
09:14 AM Bug #10399 (Rejected): On upgrading to 2.4.5 /usr/local/lib/php/20170718 is not created or is deleted shortly after upgrade.
The PHP errors during the upgrade are normal and are resolved by the end of the entire process. You might have logged... Jim Pingle
09:06 AM Bug #10399 (Rejected): On upgrading to 2.4.5 /usr/local/lib/php/20170718 is not created or is deleted shortly after upgrade.
On upgrading (from the previous latest version to 2.4.5) the system came up and then reported an php error in all of ... And Ritchie
09:03 AM Feature #10000: Enable ``@`` support for Azure in Dynamic DNS
Workaround
1. azure dns create record
- name: test
- type: A
2. azure dns create record
- name: @
-... Dominik Hürzeler
08:27 AM Feature #10000: Enable ``@`` support for Azure in Dynamic DNS
Affected Version: 2.4.5 Dominik Hürzeler
07:56 AM Bug #10397: Changing default or static route gateway on 2.5.0 does not remove old route
This also affects static routes. Changing a route gateway does not remove the old route. Jim Pingle
07:51 AM Bug #10397 (Resolved): Changing default or static route gateway on 2.5.0 does not remove old route
2.5.0 has multi-path (RADIX_MPATH) enabled in its kernel (#9544) which allows multiple routes to the same destination... Jim Pingle
07:53 AM Feature #9544: Enable ``ROUTE_MPATH`` multipath routing
See also: #10397 Jim Pingle
07:10 AM Bug #10394 (Rejected): NAT Portmap: Source host/net field not editable
I can't reproduce this as stated either. Please start a forum thread to discuss the issue first, and provide more det... Jim Pingle
07:05 AM Bug #10394: NAT Portmap: Source host/net field not editable
i have no problem with that on my 2.4.5, i checked with firefox/chrome and edge, did you try to clean browser cache? Manuel Piovan
02:41 AM Feature #10374: Add ARM32/64 network booting support to dhcpd
I tested the PR with the "System Patches" package details from https://docs.netgate.com/pfsense/en/latest/development... Michael Boever
12:45 AM Revision 9948b5b5: Logic & Formatting
Corrected logic not to perform API to Telegram under certain conditions.
Edited to comply with standard formatting r... John Kap

03/30/2020

11:08 PM Revision 518fa664: Update system.php
is_ipaddr + error reword Manuel Piovan
09:28 PM Bug #5413: Reduce disruptions when changing DNS records from DHCP leases in Unbound
Brittney Lars wrote:
> How are other people dealing with this issue or working around it? For me it's causing such f... Nick B
04:26 PM Bug #5413: Reduce disruptions when changing DNS records from DHCP leases in Unbound
How are other people dealing with this issue or working around it? For me it's causing such frequent internet outages... Brittney Lars
07:34 PM Feature #10395 (New): Add Dashboard System Information support for more PC Engines APU boards
Running pfSense 2.4.4-p3 on a PC Engines APU4.
In the Dashboard System Information panel - a PC Engines APU4 board... David Burns
05:44 PM Bug #10394 (Rejected): NAT Portmap: Source host/net field not editable
Noticed since upgrading to 2.4.5:
Add new NAT Portmap item -> can't edit Advanced...Source field.
Workaround:
... Eduard Rozenberg
05:09 PM pfSense Packages Bug #10379: squid not authenticate LDAP/RADIUS
Hello,
I update to 0.4.44_16, I use LDAP Authentification. The password is ok, but it doesn't work correctly with ... O 71
12:45 PM pfSense Packages Bug #10379 (Feedback): squid not authenticate LDAP/RADIUS
PR was merged Jim Pingle
03:13 PM Revision a5d17952: Revert "Attempt to build telegraf on armv6"
This reverts commit e8a9c9b431f8ebb0200f84c466a5b0638278edc9. Renato Botelho
03:13 PM Revision 2c9e1e43: Revert "Attempt to build telegraf on armv7"
This reverts commit 2c61d1deb9000fdbae69bfacfc7744e0820839e9. Renato Botelho
02:56 PM pfSense Packages Bug #10393 (Pull Request Review): Syslog-ng TLS support is broken
Jim Pingle
02:53 PM pfSense Packages Bug #10393 (Resolved): Syslog-ng TLS support is broken
The TLS support currently is broken because the CA certificate file name is not correct. For this reason the clients ... Daniel Fariña
02:48 PM Revision e8a9c9b4: Attempt to build telegraf on armv6
Renato Botelho
02:48 PM Revision 2c61d1de: Attempt to build telegraf on armv7
Renato Botelho
02:40 PM Bug #10386 (Pull Request Review): A NTP Time Server name may only contain the characters a-z, 0-9, '-' and '.'.
Jim Pingle
02:35 PM pfSense Packages Feature #10297 (Pull Request Review): IPv6 user attributes
Jim Pingle
02:23 PM Feature #10374: Add ARM32/64 network booting support to dhcpd
PR: https://github.com/pfsense/pfsense/pull/4250 Jim Pingle
02:22 PM Feature #10374 (Pull Request Review): Add ARM32/64 network booting support to dhcpd
Jim Pingle
02:19 PM Bug #10365 (Pull Request Review): LAGG member event causes filter to reload
Jim Pingle
02:05 PM Bug #8981 (Pull Request Review): Uncheck DHCP registration does not clear entries
Jim Pingle
02:03 PM Bug #8054 (Pull Request Review): DHCP server accepts trailing dot in domain names, DNS resolver adds another and breaks
Jim Pingle
02:01 PM Feature #1019 (Pull Request Review): Lagg Failover Mode Master Interface
Jim Pingle
01:55 PM pfSense Packages Bug #10369 (Pull Request Review): Remote OpenVPN server protocol definition
Jim Pingle
01:54 PM Bug #10368 (Pull Request Review): OpenVPN server no definition of protocol to use (udp4)
Jim Pingle
01:16 PM Bug #8585 (Pull Request Review): Logical interface MTU matches configuration of its physical port channel, not its own configuration
Jim Pingle
01:14 PM Feature #10323 (Pull Request Review): Allow limiting NTP pool server usage count
Jim Pingle
12:38 PM Feature #10392: GRE: Tunnels cannot have IPv6 and IPv4 addresses at the same time
It may be in the RFC but have you confirmed that it actually works on FreeBSD? Jim Pingle
12:34 PM Feature #10392: GRE: Tunnels cannot have IPv6 and IPv4 addresses at the same time
Skyler Mäntysaari wrote:
> For some unknown reason, pfSense does not ask in the GUI for local/remote IPv6 addresses ... Skyler Mäntysaari
12:33 PM Feature #10392 (Resolved): GRE: Tunnels cannot have IPv6 and IPv4 addresses at the same time
For some unknown reason, pfSense does not ask in the GUI for local/remote IPv6 addresses when a user wants to use it ... Skyler Mäntysaari
11:43 AM pfSense Packages Feature #10377: Allow usage of TOTP (Google-Authenticator) without PIN
Since the user enters the PIN alongside the randomly generated OTP code (password=PIN+CODE) I am not seeing how any c... Jim Pingle
11:36 AM pfSense Packages Feature #10377: Allow usage of TOTP (Google-Authenticator) without PIN
Thanks for your answers.
I would agree, generally the 4 digit pin + totp makes the system safer.
Here are our t... Andreas Heckmann
10:23 AM pfSense Packages Feature #10377: Allow usage of TOTP (Google-Authenticator) without PIN
While the GA script allows omitting the PIN I don't see why you'd want to reduce the security in that way. Part of th... Jim Pingle
11:10 AM Bug #10391 (Rejected): Hostname not showing up in Arp Table
You seem to have some fundamental misunderstanding of how that page works/doesn't work, and this site is not for supp... Jim Pingle
06:46 AM Bug #10391: Hostname not showing up in Arp Table
I found a old post from 2006 that describe this
https://forum.netgate.com/topic/649/dnsmasq-error-reading-var-db-... Tobias Müllauer
06:20 AM Bug #10391: Hostname not showing up in Arp Table
IN -> diag_arp.php
// Read in leases file
$leasesfile = "{$g['dhcpd_chroot_path']}/var/db/dhcpd.leases";
Comment... Tobias Müllauer
06:17 AM Bug #10391 (Rejected): Hostname not showing up in Arp Table
Ok i start to get tyerd of this problem.
after a reboot i check arp table(diag_arp.php) and find all IP and hostn... Tobias Müllauer
11:08 AM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port
That isn't relevant to this feature. It's a different FreeBSD issue. I don't see anything about masquerade being adde... Jim Pingle
11:06 AM Bug #10390: Fix DigitalOcean Dynamic DNS client for IPv6
Can you submit that change as a pull request on Github?
https://docs.netgate.com/pfsense/en/latest/development/sub... Jim Pingle
11:04 AM Feature #10389 (Duplicate): 2.4.5: *reload* unbound to avoid constant service outages, rather than restart
Duplicate of #5413 Jim Pingle
11:03 AM Bug #10381 (Rejected): dhcrelay does not start after upgrade to 2.4.5
DHCP Relay doesn't like to run on OpenVPN (any more?) See #8443
That may depend on specific OpenVPN modes/options,... Jim Pingle
10:56 AM Feature #10388: Upgrade to Python 3.8
It's already at python 3.7.x on pfSense 2.4.5-RELEASE and pfSense 2.5.0 snapshots. AFAIK we're using whatever the def... Jim Pingle
10:50 AM Bug #10384 (Rejected): 2.4.5 breaks apipa-nat rules
I tested the option and it's working as expected. When the box is checked, the APIPA rules are omitted. When unchecke... Jim Pingle
10:39 AM Bug #9467: vmx(4) interfaces do not have ALTQ support on pfSense 2.5, they had ALTQ support on 2.4
"shamelessly copied" meant I copied the text of the issue directly, only changing the version numbers.
ALTQ for vm... Jim Pingle
10:38 AM Feature #9439 (New): Poll Interval For GPS and PPS
What advantage would 3 have over 4 when using a local GPS though? Why would it need to probe that frequently?
If w... Jim Pingle
10:28 AM Bug #10380 (Rejected): Unable to upgrade from 2.4.4 p3 to 2.4.5
This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
10:02 AM Bug #10376 (Rejected): Duplicate logs from charon
Fairly certain this has been solved on at least 2.5.0, if not also on 2.4.5. I used to see this regularly and haven't... Jim Pingle
09:47 AM Bug #10375: Double zfs entry in loader.conf
Is it still there after the next reboot?
How about after saving under System > Advanced? Jim Pingle
09:44 AM Bug #10372 (Rejected): PfSense crashes for TIL
This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
08:31 AM Bug #9267 (Resolved): dhclient does not handle protocol timeouts or script failures correctly
Jim Pingle
04:19 AM pfSense Packages Bug #10261: Arpwatch fails to download ethercodes.dat
This is still a issue !!
I have all vendors as unknown.
I fix it and after a while it get broken again.
Us... Tobias Müllauer

03/29/2020

10:45 PM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port
Jim Pingle wrote:
> AFAIK This is because last I looked, miniupnpd doesn't support its "masquerade" options on FreeB... Russell Graville
02:58 PM Bug #10390: Fix DigitalOcean Dynamic DNS client for IPv6
The corresponding line causes the failure is in /etc/in/dyndns.class, line 1054 (in pfSense v2.4.5 RELEASE):
if ($th... Csoban Kesmarki
02:55 PM Bug #10390 (Resolved): Fix DigitalOcean Dynamic DNS client for IPv6
The DigitalOcean IPv6 Dynamic DNS Client could not find the proper IPv6 entry when updating and fails with the error ... Csoban Kesmarki
01:36 PM pfSense Packages Bug #10379: squid not authenticate LDAP/RADIUS
O 71 wrote:
> I have the same problem after update.
>
> I think the problem comes from the -w parameter. It shoul... Viktor Gurov
08:13 AM pfSense Packages Bug #10379: squid not authenticate LDAP/RADIUS
A picture of my test to illustrate O 71
08:06 AM pfSense Packages Bug #10379: squid not authenticate LDAP/RADIUS
I have the same problem after update.
I think the problem comes from the -w parameter. It should be done like this... O 71
05:36 AM pfSense Packages Bug #10379: squid not authenticate LDAP/RADIUS
Ismael Peixoto Azambuja wrote:
> Hi, i test this fix, but dont work here...
I have successfully tested this PR w... Viktor Gurov
01:19 PM Bug #10381: dhcrelay does not start after upgrade to 2.4.5
Thing is - windows OpenVPN clients got DHCP IP address all along, with no fw rules and no dhcrelay running.
macOS cl... Ivars Strazdins
01:10 PM Bug #10381: dhcrelay does not start after upgrade to 2.4.5
Ivars Strazdins wrote:
>
> However, after reading that _DHCP is a special case on pfSense, it is allowed with hidd... Viktor Gurov
08:29 AM Bug #10381: dhcrelay does not start after upgrade to 2.4.5
> Do you select only one interface and two upstream servers from the same network?
Yes. I don't have anything more... Ivars Strazdins
07:37 AM Bug #10381: dhcrelay does not start after upgrade to 2.4.5
Ivars Strazdins wrote:
> Thanks.
> I applied the patch, but dhcrelay still doesn't start.
>
Can you provide mo... Viktor Gurov
01:17 PM Feature #10389 (Duplicate): 2.4.5: *reload* unbound to avoid constant service outages, rather than restart
Unbound is not fast to restart:... Brittney Lars
12:09 PM Feature #10388 (Rejected): Upgrade to Python 3.8
I saw that in pfSense 2.5.0, Python will be upgraded from 2.7 to 3.6. Why not upgrade to the latest version (currentl... retnikt the

03/28/2020

06:48 PM Bug #9263: Incorrect ICMP reply when using limiters
People on forum are wrongly attributing this issue as the same as #932 which is something quite different, omitting r... Kacper Michajłow
06:21 PM pfSense Packages Bug #10379: squid not authenticate LDAP/RADIUS
Viktor Gurov wrote:
> Local and RADIUS auth works fine
>
> LDAP auth fix:
> https://github.com/pfsense/FreeBSD-p... Ismael Peixoto Azambuja
04:16 AM pfSense Packages Bug #10379: squid not authenticate LDAP/RADIUS
Local and RADIUS auth works fine
LDAP auth fix:
https://github.com/pfsense/FreeBSD-ports/pull/811 Viktor Gurov
12:57 AM pfSense Packages Bug #10379: squid not authenticate LDAP/RADIUS
I have not found the problem yet, but I did test on an outdated server, 2.4.4p3 squid 0.4.44_8 and everything works p... Ismael Peixoto Azambuja
06:18 PM Revision 53d5cc19: Bug #10386
Manuel Piovan
05:00 PM Feature #10387 (Resolved): Reevaluate the GUI upgrade language presented to the user
When a user is performing an upgrade using the Web GUI they are presented with this message after the files are copie... Chris Linstruth
03:00 PM Bug #10381: dhcrelay does not start after upgrade to 2.4.5
Thanks.
I applied the patch, but dhcrelay still doesn't start.
Mar 28 21:54:27 gw php-fpm: /system_patches.php: B... Ivars Strazdins
09:53 AM Bug #10381 (New): dhcrelay does not start after upgrade to 2.4.5
Ivars Strazdins wrote:
> You're not paying attention. This setup is working and is required to OpenVPN clients to ge... Viktor Gurov
08:57 AM Bug #10381: dhcrelay does not start after upgrade to 2.4.5
You're not paying attention. This setup is working and is required to OpenVPN clients to get DHCP address from intern... Ivars Strazdins
01:21 PM Bug #10386: A NTP Time Server name may only contain the characters a-z, 0-9, '-' and '.'.
Manuel Piovan wrote:
> System / General Setup
> localization -> time server
> if it is populated with an ipv6 ser... Manuel Piovan
01:10 PM Bug #10386 (Resolved): A NTP Time Server name may only contain the characters a-z, 0-9, '-' and '.'.
System / General Setup
localization -> time server
if it is populated with an ipv6 server you can't save anymore
... Manuel Piovan
12:58 PM pfSense Packages Bug #10385: Pb with Username authorized characters when OTP is disabled
Hi, thanks for your fast answer.
So I have modifief the file /usr/local/pkg/freeradius.inc, line 3668 and 3669 wit... Olivier GUENET
12:08 PM pfSense Packages Bug #10385: Pb with Username authorized characters when OTP is disabled
need to revert back https://github.com/pfsense/FreeBSD-ports/pull/775/
and cherry-pick https://redmine.pfsense.org... Viktor Gurov
11:34 AM pfSense Packages Bug #10385 (Resolved): Pb with Username authorized characters when OTP is disabled
Hi,
I have done the update to the 2.4.5 version of pfsense, with the update of the last package of freeradius3.
... Olivier GUENET
12:01 PM pfSense Packages Feature #8878 (Resolved): Propagate user's description field into QR code for FreeRADIUS
works as expected on pfSense 2.4.5 with freeradius3 0.15.7_11 Viktor Gurov
08:38 AM Bug #10384 (Rejected): 2.4.5 breaks apipa-nat rules
had a setup running under 2.4.4-RELEASE-p3 which worked fine, but stopped working after the 2.4.5 update.
I have a... Tim Hartmann
05:17 AM Bug #9467: vmx(4) interfaces do not have ALTQ support on pfSense 2.5, they had ALTQ support on 2.4
Don't think it's "shamelessly copied". 7066 was Affected Version: 2.4.0 from a 2.3 upgrade.
This is 2.5.0, it was fi... Justin Smith
01:07 AM Bug #8357 (Resolved): Static mapping of dhcp leases on bridge interfaces links to the real interface.
static mapping correctly works on bridge or lagg interfaces,
tested on 2.4.5 and 2.5.0.a.20200325.1429 Viktor Gurov
12:57 AM pfSense Packages Feature #10297: IPv6 user attributes
https://forum.netgate.com/topic/151725/freeradius-ipv6-framed-ip-issue-with-2-4-5:... Viktor Gurov

03/27/2020

10:12 PM Feature #9439: Poll Interval For GPS and PPS
Jim Pingle wrote:
> The GUI part of this is I mentioned is in #6787
>
> This can remain open to investigate wheth... Pierre Poutine
08:31 PM Bug #10383 (Resolved): Additional interfaces do not survive a reboot before the setup wizard has been run
In a fresh install before the setup wizard has been run or dismissed the file /conf/trigger_initial_wizard exists.
... Steve Wheeler
08:01 PM Bug #9179: NAT reflection fix implemented for #8604 is causing WebUI and XMLRPC to fail on slave
This affects 2.4.5 as well Valentin N
05:49 PM pfSense Docs Correction #10382 (Closed): Feedback on Hardware — Tuning and Troubleshooting Network Cards
*Page:* https://docs.netgate.com/pfsense/en/latest/hardware/tune.html
*Feedback:* This section in the documentatio... Anonymous
12:48 PM Bug #10381 (Closed): dhcrelay does not start after upgrade to 2.4.5
Ivars Strazdins wrote:
> LAN interface == bce1
> LAN network 10.67.20.0/24
> DHCP servers are 10.67.20.31 and 10.6... Viktor Gurov
11:18 AM Bug #10381: dhcrelay does not start after upgrade to 2.4.5
LAN interface == bce1
LAN network 10.67.20.0/24
DHCP servers are 10.67.20.31 and 10.67.20.34 - ISC DHCP servers wit... Ivars Strazdins
11:15 AM Bug #10381: dhcrelay does not start after upgrade to 2.4.5
Interface details:
[2.4.5-RELEASE][admin@gw]/root: ifconfig
bce0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTIC... Ivars Strazdins
11:01 AM Bug #10381: dhcrelay does not start after upgrade to 2.4.5
Please post more details to reproduce:
Destination server IP,
All interfaces IPs
it seems interface/server netwo... Viktor Gurov
10:38 AM Bug #10381: dhcrelay does not start after upgrade to 2.4.5
Sorry, I meant *dhcrelay* service, NOT dhclient service. Ivars Strazdins
10:36 AM Bug #10381 (Rejected): dhcrelay does not start after upgrade to 2.4.5
After upgrade to version 2.4.5 dhclient service does not start from GUI.
Trying to start it produces error
Mar 27 1... Ivars Strazdins
09:38 AM Bug #10380 (Rejected): Unable to upgrade from 2.4.4 p3 to 2.4.5
Error: Warning: PHP Startup: Unable to load dynamic library 'readline.so' (tried: /usr/local/lib/php/20170718/readlin... Al Mello
09:31 AM pfSense Packages Bug #10379: squid not authenticate LDAP/RADIUS
Cache.log
[2.4.4-RELEASE][admin@PFLog01.intra.uergs.rs]/var/squid/logs: cat cache.log
2020/03/27 10:29:52 kid1| S... Ismael Peixoto Azambuja
09:18 AM pfSense Packages Bug #10379: squid not authenticate LDAP/RADIUS
Apparently everything is right in the configuration, when I type user and password, in the log appears users. In this... Ismael Peixoto Azambuja
09:07 AM pfSense Packages Bug #10379: squid not authenticate LDAP/RADIUS
Ismael Peixoto Azambuja wrote:
> pfsense 2.4.4p3 with all packages updated, using squid with LDAP authentication wa... Viktor Gurov
08:36 AM pfSense Packages Bug #10379: squid not authenticate LDAP/RADIUS
seems regression by https://redmine.pfsense.org/issues/9217 Viktor Gurov
05:19 AM pfSense Packages Bug #10379 (Resolved): squid not authenticate LDAP/RADIUS
pfsense 2.4.4p3 with all packages updated, using squid with LDAP authentication was working perfectly, server with 2 ... Ismael Peixoto Azambuja
04:40 AM pfSense Packages Bug #10367 (Resolved): squid reverse proxy not starting
works as expected on 2.5.0.a.20200326.1148 with squid 0.4.44_15 Viktor Gurov
02:22 AM pfSense Packages Bug #10367: squid reverse proxy not starting
tested on 2.4.5 with squid 0.4.44_15
reverse proxy starts successfully Viktor Gurov
03:50 AM Bug #10359: Require State Filter setting breaks filter rule link to associated states
Jens Groh wrote:
> Just as a short question: I suppose after following the quick release of 2.4.5 that fix didn't go... Viktor Gurov
02:38 AM Bug #10359: Require State Filter setting breaks filter rule link to associated states
Just as a short question: I suppose after following the quick release of 2.4.5 that fix didn't go into 2.4.5, too? Ju... Jens Groh
03:18 AM pfSense Packages Bug #8774 (Resolved): Whitelist ALC type not supported by ssl_bump
tested on 2.4.5 with squid 0.4.44_15
works as expected Viktor Gurov
02:19 AM pfSense Packages Bug #10378 (Resolved): Add IPv6 network to Squid localnet
Currently, the “Allow users in the interface” option only adds the IPv4 interface subnet to the list of allowed subne... Viktor Gurov
02:13 AM pfSense Packages Bug #8887 (Resolved): Squid Proxy Interface not assignee to IPv6
tested on 2.4.5 with squid 0.4.44_15
now it works as expected Viktor Gurov
02:04 AM pfSense Packages Feature #10357 (Resolved): Add Iperf verbose output option
works as expected on 2.4.5 with iperf 3.0.2_4 Viktor Gurov
02:02 AM pfSense Packages Feature #9272 (Resolved): Allow multiple IP in ListenIP for Zabbix Agent
works as expected on 2.4.5 with zabbix-agent44 1.0.4_4 Viktor Gurov
01:30 AM Bug #4218 (Resolved): Bridge does not have AUTO_LINKLOCAL flag
works as expected on 2.4.4-p3, 2.4.5 and 2.5.0.a.20200325.1429 Viktor Gurov

03/26/2020

12:57 PM pfSense Packages Feature #10377: Allow usage of TOTP (Google-Authenticator) without PIN
Pardon my lack of experience using openvpn, but would this request mean all someone needs is the username? TOTP reall... Ben Cronce
09:10 AM pfSense Packages Feature #10377 (New): Allow usage of TOTP (Google-Authenticator) without PIN
Currently it is not possible to create a radius user with TOTP enabled without entering an additional pin.
So to aut... Andreas Heckmann
12:21 PM Revision 7e79c173: Clear DNS dhcpleases entries. Issue #8981
Viktor Gurov
08:54 AM Feature #8027 (Closed): Add second password field for validation when doing encrypted config.xml backup
fixed in https://redmine.pfsense.org/issues/10301 Viktor Gurov
08:53 AM Feature #10301 (Resolved): Password confirmation when exporting encrypted backup file
works as expected on 2.5.0.a.20200325.1429 Viktor Gurov
08:30 AM Feature #10333 (Resolved): Increase the number of DHCP NTP server options to three for DHCP Static Mappings
see https://redmine.pfsense.org/issues/8990
works as expected on 2.5.0.a.20200325.1429 Viktor Gurov
08:30 AM Bug #8990 (Resolved): Additional BOOTP/DHCP Options per host
works as expected on 2.5.0.a.20200325.1429 Viktor Gurov
06:30 AM pfSense Packages Feature #9272 (Feedback): Allow multiple IP in ListenIP for Zabbix Agent
Renato Botelho
06:29 AM pfSense Packages Bug #10338 (Feedback): FRR OSPF6 Router-ID configuration statement has changed
PR has been merged. Thanks! Renato Botelho
06:29 AM pfSense Packages Feature #10357 (Feedback): Add Iperf verbose output option
PR has been merged. Thanks! Renato Botelho
06:24 AM pfSense Packages Bug #8774 (Feedback): Whitelist ALC type not supported by ssl_bump
PR has been merged. Thanks! Renato Botelho
06:24 AM pfSense Packages Bug #8887 (Feedback): Squid Proxy Interface not assignee to IPv6
PR has been merged. Thanks! Renato Botelho
06:24 AM pfSense Packages Bug #10367 (Feedback): squid reverse proxy not starting
PR has been merged. Thanks! Renato Botelho
06:19 AM pfSense Packages Bug #8625 (Feedback): PFsense squidGuard faulty URL check
PR has been merged. Thanks! Renato Botelho
05:26 AM Bug #8981: Uncheck DHCP registration does not clear entries
Unchecking "static entries" successfully updates host_entries.conf,- tested on 2.5.0.a.20200325.1429
dhcpleases_en... Viktor Gurov
02:53 AM Bug #8054: DHCP server accepts trailing dot in domain names, DNS resolver adds another and breaks
This is true only for the DHCP static mapping "domain name" or the System / General / Domain, but not for the "domain... Viktor Gurov
01:55 AM Bug #5806 (Closed): Alias URL table containing an unresolvable FQDN entry causes rules to not load
no such issue on 2.4.5 and 2.5.0.a.20200324.1145
it ignores unresolved hosts, putting only valid IPs in /var/db/alia... Viktor Gurov
01:31 AM Bug #10376: Duplicate logs from charon
pfSense is 2.4.4-p3. Christian Ullrich
01:30 AM Bug #10376 (Rejected): Duplicate logs from charon
Intermittently the IPsec log receives every log line from charon twice, formatted slightly differently. The differenc... Christian Ullrich
12:42 AM Bug #10276 (Resolved): NTP "No Select" does not work
works as expected on 2.5.0.a.20200324.1145 Viktor Gurov
12:39 AM Feature #2850 (Resolved): add units in ntp status page
OK on 2.5.0.a.20200324.1145 Viktor Gurov
12:38 AM Feature #2568 (Resolved): Allow dashed DUID to be entered in a DHCPv6 Mapping
works as expected on 2.5.0.a.20200324.1145 Viktor Gurov

03/25/2020

10:22 PM Revision 3e851891: Be ready for 2.4.5-RELEASE
Renato Botelho
10:19 PM Revision dddcbffc: Be ready for 2.4.5-RELEASE
Renato Botelho
12:34 PM Feature #10340: IPsec Mobile GUI Improvement (Dashboard and Status > IPsec > Leases)
Appreciate Jim's idea: either *bolding* the green lines (like when pfSense indicates that it is up to date) or possib... Jum Pers
09:04 AM Bug #10375 (Resolved): Double zfs entry in loader.conf
Clean 2.4.5 install on ZFS,
after checking loader.conf I see double _zfs_load="YES"_ entries:... Viktor Gurov
08:26 AM Feature #10374 (Resolved): Add ARM32/64 network booting support to dhcpd
Similar to Bug #5046 which added EFI64 (arch = 00:09) support to DHCPd, but this is for ARM 32/64 architecture (arch ... Michael Boever
03:12 AM Bug #10373: Incorrect copyright year
same on the Dashboard copyright notice:
https://github.com/pfsense/pfsense/blob/d5cbbe6a0fa23a45525019f0bca1af613cf3... Viktor Gurov
02:11 AM Bug #10373 (Resolved): Incorrect copyright year
Latest 2.4.5 build shows:
_pfSense is Copyright 2004-2019 Rubicon Communications, LLC (Netgate)._
it should be:
... Viktor Gurov

03/24/2020

04:25 PM Bug #6481: loading EAP_RADIUS method failed
This bug keep in 2.4.4 release. Rafael Sant'Anna
02:34 PM Todo #10349: status.php: Sanitize ldapbindpass and ldap_pass
OK on 2.5.0.a.20200323.0902:... Viktor Gurov
02:23 PM Feature #10348 (Resolved): Add localhost to NTP Interfaces
works as expected on 2.5.0.a.20200323.0902 Viktor Gurov
11:40 AM pfSense Docs Correction #10371: Update flow control tuning doc for chelsio
It may also be good to recommend disablement of the non-router related resource allocations so the NIC can use its en... Ansley Barnes
02:39 AM pfSense Docs Correction #10371 (Resolved): Update flow control tuning doc for chelsio
It would be good to add into Flow Contol section of https://docs.netgate.com/pfsense/en/latest/hardware/tuning-and-tr... Constantine Kormashev
07:26 AM Bug #10372: PfSense crashes for TIL
ANyone, pls help us. DO not know what to do with Pfsense crashing p k
07:25 AM Bug #10372 (Rejected): PfSense crashes for TIL
PfSense crashes for TIL often. PFA crash logs. p k

03/23/2020

11:11 PM Revision 1c2926e6: Update notices.inc
Formatting corrections on if statements. John Kap
10:58 PM Todo #9734: Re-evaluate log size, line defaults, and limits
I was going to file a similar ticket, but found this one searching for "511488"...
I'm not sure how typical my set... Sean McBride
06:42 PM Revision bd1291d0: Remote OpenVPN server proto definition. Issue #10368
Viktor Gurov
06:06 PM pfSense Packages Bug #10370 (New): ntopng Timeseries not send to InfluxDB
When moving timeseries from rrd to influxdb it initial configures the db but does not send data to Influxdb.
Netga... Alex Garcia
03:52 PM Feature #1019: Lagg Failover Mode Master Interface
https://github.com/pfsense/pfsense/pull/4249 Viktor Gurov
02:28 PM pfSense Packages Bug #10369: Remote OpenVPN server protocol definition
https://github.com/pfsense/FreeBSD-ports/pull/808 Viktor Gurov
02:25 PM pfSense Packages Bug #10369 (Resolved): Remote OpenVPN server protocol definition
An exact definition of the OpenVPN remote server protocol must be present,
Otherwise, it may try to establish a conn... Viktor Gurov
01:44 PM Bug #10368: OpenVPN server no definition of protocol to use (udp4)
This PR adds protocol definition:
https://github.com/pfsense/pfsense/pull/4248
TODO: same for OpenVPN client ex... Viktor Gurov
12:58 AM Bug #10368 (Resolved): OpenVPN server no definition of protocol to use (udp4)
When implementing a OpenVPN server and selecting the protocol "udp on ipv4 only" i expect, that that is exaclty what ... Bjarne Schmidt
12:31 PM Revision f8ac7bdc: Ticket #9267: Fix dhclient-script to handle error properly
Renato Botelho
12:30 PM Revision d5cbbe6a: Ticket #9267: Fix dhclient-script to handle error properly
Renato Botelho
07:33 AM Bug #9267: dhclient does not handle protocol timeouts or script failures correctly
Patch to pfSense-dhclient-script was applied on 2.4.5 as well Renato Botelho
04:11 AM Feature #7783: Support for hosting VMs on pfSense using bhyve
Hello. This is something more and more are after.
Separate Pfsense core installation from other addons/install pack... Tobias Müllauer
03:30 AM Bug #10359: Require State Filter setting breaks filter rule link to associated states
Re-tested on latest 2.4.5-RC, still working as expected. Jens Groh
03:21 AM Bug #10359: Require State Filter setting breaks filter rule link to associated states
Cherry-picked and manually installed "b9ab356250f68213fe36b6cba1758feee581ac83" via System Patches to 2.4.5-RC
Wor... Jens Groh

03/22/2020

08:46 PM Revision c3d53b06: Changes to Checkbox & others
Changed the approach of the option from checking box to disable to checking the box to enable.
Test return from API ... John Kap
03:05 PM pfSense Packages Bug #8625: PFsense squidGuard faulty URL check
https://github.com/pfsense/FreeBSD-ports/pull/806 Viktor Gurov
02:59 PM Feature #3718: radvd - enhancement proposal: ability to advertise routes and some fixes - patches attached
A short update:
The Router lifetime/AdvDefaultLifetime point tortured my mind last night.
Today I did some experime... Marc Posch
02:16 PM Feature #10341 (Resolved): Exclude unsupported interfaces from DHCP Relay
works as expected on 2.5.0.a.20200321.2101 Viktor Gurov
02:14 PM Bug #10359 (Resolved): Require State Filter setting breaks filter rule link to associated states
Viktor Gurov
02:14 PM Bug #10359: Require State Filter setting breaks filter rule link to associated states
works as expected on 2.5.0.a.20200321.2101 Viktor Gurov
02:11 PM Bug #10362 (Resolved): Error renewing cert if SAN contains IP Address
renewing is OK on 2.5.0.a.20200321.2101 Viktor Gurov
01:40 PM pfSense Packages Bug #10367: squid reverse proxy not starting
Fix:
https://github.com/pfsense/FreeBSD-ports/pull/805 Viktor Gurov
08:06 AM pfSense Packages Bug #10367 (Resolved): squid reverse proxy not starting
FATAL: Bungled /usr/local/etc/squid/squid.conf line 89: http_port Array:80 accel defaultsite=mysite.com vhost
http... Manuel Piovan
07:40 AM Bug #9488: No console when booting CE Memstick UEFI.
Jim Pingle wrote:
> OK, we'll mark this resolved for now, can revisit if it turns out to be a general issue.
It's... Grzegorz Krzystek

03/21/2020

05:20 PM Revision 0f1c8e5b: LAGG VLAN MTU fix. Issue #8585
Viktor Gurov
04:52 PM Bug #10366 (Closed): Captive Portal Allowed MAC bandwidth Issue
Services----> Captive Portal -----> MACs
Given bandwidth for allowed MAC fallback to bandwidth defined in captive... Muhammad Waseem Ul Haq
04:40 PM Feature #3718: radvd - enhancement proposal: ability to advertise routes and some fixes - patches attached
Hello Magnus,
I am glad that you found my enhancement useful and updated it for the 2.4.4 version.
I didn't menti... Marc Posch
12:23 PM Bug #8585: Logical interface MTU matches configuration of its physical port channel, not its own configuration
This PR adds additional checking for lagg vlan interface (lagg with dot) to set_interface_mtu():
https://github.com/... Viktor Gurov
07:10 AM Revision 96d78012: Allow import of PKCS12 (pfx) certificates. Issue #8645
Viktor Gurov
06:38 AM Revision bfcf5d7c: NTP maxpeers default value fix. Issue #10323
Viktor Gurov
05:37 AM Bug #10365: LAGG member event causes filter to reload
This PR adds the same code for LAGG members checking,
and fixes LAGG Ports field on the Status / Interfaces page:
h... Viktor Gurov
04:49 AM Bug #10365 (Resolved): LAGG member event causes filter to reload
The LAGG interface member is cxl0 and cxl1,
if one of these interfaces is down, it triggers check_reload_status:
<p... Viktor Gurov
01:46 AM Feature #10323: Allow limiting NTP pool server usage count
It always require to fill the 'Max Pool Peers' field,
Fix allowing to use empty(default value) 'Max Pool Peers' fi... Viktor Gurov

03/20/2020

11:19 PM Bug #10364: 2nd LAN tracking IPv6 from a 2nd WAN not obtaining an IPv6 nor hosts behind it are getting an Global Rotatable IPv6
Jim Pingle wrote:
> That is almost certainly a configuration problem and not a bug. Post more details of your config... Al Mello
11:05 PM Bug #10364 (Rejected): 2nd LAN tracking IPv6 from a 2nd WAN not obtaining an IPv6 nor hosts behind it are getting an Global Rotatable IPv6
That is almost certainly a configuration problem and not a bug. Post more details of your configuration on the forum ... Jim Pingle
09:44 PM Bug #10364: 2nd LAN tracking IPv6 from a 2nd WAN not obtaining an IPv6 nor hosts behind it are getting an Global Rotatable IPv6
Correction: Seen at 2.4.4 p3 Al Mello
09:16 PM Bug #10364 (Rejected): 2nd LAN tracking IPv6 from a 2nd WAN not obtaining an IPv6 nor hosts behind it are getting an Global Rotatable IPv6
Physical pfSense
Version 2.4.4-RELEASE-p3 (amd64)
built on Wed May 15 18:53:44 EDT 2019
FreeBSD 11.2-RELEASE-p10
... Al Mello
01:24 PM Revision 892d8a10: Merge pull request #4228 from vktg/pppoeno6
Renato Botelho
01:21 PM Revision 4471eb26: Merge pull request #4232 from vktg/dhcprelayintfilter
Renato Botelho
01:20 PM Revision 55920eea: Merge pull request #4224 from kiokoman/master
Renato Botelho
01:19 PM Revision 83174e31: Merge pull request #4231 from vktg/passconf
Renato Botelho
01:17 PM Revision 2fd2fff5: Merge pull request #4234 from vktg/ipv6aliasmacros
Renato Botelho
01:17 PM Revision 8d2f8069: Merge pull request #4233 from vktg/dashedduid
Renato Botelho
01:13 PM Revision aea0f1d2: Merge pull request #4236 from kiokoman/Garmin-gps-init
Renato Botelho
01:12 PM Revision 2e46d7d8: Merge pull request #4237 from vktg/ntplocalhost
Renato Botelho
01:10 PM Revision 3f9d433a: Merge pull request #4225 from vktg/hostdhcpoptions
Renato Botelho
01:07 PM Revision 9a656d4c: Merge pull request #vktg:ntpunits from vktg/ntpunits
Renato Botelho
01:06 PM Revision a2d658d5: Merge pull request #4239 from vktg/squidldappwsanitize
Renato Botelho
01:05 PM Revision b9ab3562: Merge pull request #4241 from vktg/statefiltfix
Renato Botelho
01:00 PM Bug #10363 (Resolved): Clarify behavior of OpenVPN server option for Duplicate Connections
In the OpenVPN tunnel settings, vpn_openvpn_server.php, the *Duplicate Connections* setting could be more explicit. I... Jared Dillard
12:59 PM Revision dd3b3c98: Merge pull request #4242 from brownowski/ipsec_package_reload_patch
Renato Botelho
12:58 PM Revision d7bada5e: Merge pull request #4244 from vktg/ipaddsanfix
Renato Botelho
12:58 PM Revision 04094be9: Update translation files
Renato Botelho
12:58 PM Revision 967eb746: Regenerate pot
Renato Botelho
10:49 AM Feature #10350 (Resolved): Add OpenVPN configuration file(s) to status.php file
tested on 2.5.0.a.20200319.0930
Nice, I see OpenVPN client/server files with appropriate content:
OpenVPN-Configu... Viktor Gurov
09:43 AM Revision 3fdd559e: Renew cert with IP Address SAN. Issue #10362
Viktor Gurov
08:25 AM Bug #7386 (Feedback): IPv6 not disabled in mpd.conf w/ IPv6 GUI option set to 'disabled'
PR has been merged. Thanks! Renato Botelho
08:21 AM Feature #10341 (Feedback): Exclude unsupported interfaces from DHCP Relay
PR has been merged. Thanks! Renato Botelho
08:20 AM Feature #10323 (Feedback): Allow limiting NTP pool server usage count
PR has been merged. Thanks! Renato Botelho
08:19 AM Feature #10301 (Feedback): Password confirmation when exporting encrypted backup file
PR has been merged. Thanks! Renato Botelho
08:18 AM Bug #8256 (Feedback): IPv6 IP Alias VIP not added to Interface Network Macros
PR has been merged. Thanks! Renato Botelho
08:16 AM Feature #2568 (Feedback): Allow dashed DUID to be entered in a DHCPv6 Mapping
PR has been merged. Thanks! Renato Botelho
08:13 AM Bug #10327 (Feedback): Fix/Update GPS initialization commands for Garmin devices.
PR has been merged. Thanks! Renato Botelho
08:12 AM Feature #10348 (Feedback): Add localhost to NTP Interfaces
PR has been merged. Thanks! Renato Botelho
08:10 AM Bug #8990 (Feedback): Additional BOOTP/DHCP Options per host
PR has been merged. Thanks! Renato Botelho
08:08 AM Feature #2850 (Feedback): add units in ntp status page
PR has been merged. Thanks! Renato Botelho
08:06 AM Todo #10349 (Feedback): status.php: Sanitize ldapbindpass and ldap_pass
PR has been merged. Thanks! Renato Botelho
08:04 AM Bug #10359 (Feedback): Require State Filter setting breaks filter rule link to associated states
PR has been merged. Thanks! Renato Botelho
08:02 AM Bug #10295 (Resolved): Unescaped characters in dhcp-client-identifier prevent DHCPD from starting on interface
fine on 2.5.0.a.20200319.0930 Viktor Gurov
07:59 AM Bug #10351 (Feedback): Saving IPSEC connection breaks FRR BGP on VTI interfaces
PR has been merged. Thanks! Renato Botelho
07:54 AM Bug #10351 (Pull Request Review): Saving IPSEC connection breaks FRR BGP on VTI interfaces
Jim Pingle
07:58 AM Bug #10362 (Feedback): Error renewing cert if SAN contains IP Address
PR has been merged. Thanks! Renato Botelho
07:46 AM Bug #10362 (Pull Request Review): Error renewing cert if SAN contains IP Address
Jim Pingle
04:47 AM Bug #10362: Error renewing cert if SAN contains IP Address
https://www.openssl.org/docs/manmaster/man5/x509v3_config.html#Subject-Alternative-Name:... Viktor Gurov
01:17 AM Bug #10362 (Resolved): Error renewing cert if SAN contains IP Address
example SAN: DNS:tkWAN2, IP Address:10.123.123.4
If I try to renew it, I get the message 'Error renewing Certifica... Viktor Gurov
07:55 AM Bug #9282 (Resolved): Add static mapping count to DHCP Server interface tabs
OK on 2.5.0.a.20200319.0930 Viktor Gurov
07:53 AM Bug #7622 (Resolved): Don't include disabled ipsec phase2 entries on pf table vpn_networks
tested on 2.5.0.a.20200319.0930
now it's OK Viktor Gurov
07:52 AM Feature #3567 (Pull Request Review): Option to disable NTP
Jim Pingle
03:29 AM Feature #3567: Option to disable NTP
Updated PR:
https://github.com/pfsense/pfsense/pull/4243 Viktor Gurov
07:45 AM pfSense Packages Bug #8887 (Pull Request Review): Squid Proxy Interface not assignee to IPv6
Jim Pingle
06:21 AM pfSense Packages Bug #8887: Squid Proxy Interface not assignee to IPv6
Squid IPv6 addresses needs square brackets
Otherwise, you will get:... Viktor Gurov
02:41 AM Revision 4aebc4ba: Update vpn_ipsec.php
Add ipsec_reload_package_hook() to apply function.
Fixes Bug #10351 brownowski
01:11 AM Bug #10360 (Resolved): PHP error when renewing a CA used by services
renewing is OK on 2.5.0.a.20200319.0930
tested with IPsec, OpenVPN and DNS Resolver services Viktor Gurov

03/19/2020

10:56 PM Revision 51a12198: Update notices.inc
John Kap
10:42 PM Revision 0b2a89bd: Update notices.inc
John Kap
09:44 PM Bug #10351: Saving IPSEC connection breaks FRR BGP on VTI interfaces
Created pull request: https://github.com/pfsense/pfsense/pull/4242 Steven Brown
06:47 PM Feature #4242: Two Factor or OTP Authentication for Admin Interface
This is even more necessary with the recent vulnerabilities that were released. Justin P
03:05 PM Bug #10359 (Pull Request Review): Require State Filter setting breaks filter rule link to associated states
Jim Pingle
08:02 AM Bug #10359: Require State Filter setting breaks filter rule link to associated states
Firewall rules page uses $_REQUEST['ruleid'], but diag_dump_states.php checks only for $_POST['filter'] and requirest... Viktor Gurov
07:00 AM Bug #10359 (Resolved): Require State Filter setting breaks filter rule link to associated states
If one configures
System > General Setup
- Require State Filter -> yes (enabled checkbox)
that's a great way ... Jens Groh
03:04 PM pfSense Packages Feature #10357 (Pull Request Review): Add Iperf verbose output option
Jim Pingle
01:17 AM pfSense Packages Feature #10357: Add Iperf verbose output option
https://github.com/pfsense/FreeBSD-ports/pull/801 Viktor Gurov
01:12 AM pfSense Packages Feature #10357 (Resolved): Add Iperf verbose output option
iperf verbose output (-V) shows more detailed information, including TCP MSS, CPU utilization, time and version:
<pr... Viktor Gurov
03:01 PM pfSense Packages Feature #10356 (Pull Request Review): Support for additional Notification Support
PR: https://github.com/pfsense/FreeBSD-ports/pull/800 Jim Pingle
02:59 PM Feature #10354 (Pull Request Review): Telegram Notification Support
PR: https://github.com/pfsense/pfsense/pull/4240 Jim Pingle
02:38 PM Feature #10361 (Duplicate): Openvpn added the option to copy tunnels.
Duplicate of #5851 and it's already been implemented in 2.4.5. Jim Pingle
02:25 PM Feature #10361 (Duplicate): Openvpn added the option to copy tunnels.
It would be interesting that in openvpn tunnels you have the option to copy the tunnels as it exists in ipsec.
foll... Marcio Gomes
01:49 PM pfSense Docs New Content #8773 (Feedback): Add VPN Throughput Tuning info
All this and more...
https://docs.netgate.com/pfsense/en/latest/vpn/scaling.html Jim Pingle
01:29 PM Revision 81423583: Require service-utils.inc before using a function from it. Fixes #10360
Jim Pingle
01:00 PM Revision afb4cdcd: Firewall rule states link and Require State Filter option fix. Issue #10359
Viktor Gurov
11:10 AM Revision 7bf57a35: Restore %%REPO_BRANCH_PREFIX%% to devel repo
Renato Botelho
10:55 AM Revision f9265a68: Update translation files
Renato Botelho
10:41 AM Revision 5fdf0ee0: Regenerate pot
Renato Botelho
10:41 AM Revision 1e4909c0: Upgrade zanata.xml to internal server
Renato Botelho
08:35 AM Bug #10360 (Feedback): PHP error when renewing a CA used by services
Applied in changeset commit:8142358358ab20758bd78d53a934ef090bb981b9. Jim Pingle
08:28 AM Bug #10360 (Resolved): PHP error when renewing a CA used by services
When renewing a CA which is in use by a service, the restart may fail with an error such as:... Jim Pingle
02:23 AM pfSense Packages Feature #10358 (New): Stage FRR Configuration Changes
Changes made to the configuration on any FRR Component are applied immediate when hitting the save button. If a large... Luki TJ
12:35 AM Revision ded59fb6: Telegram Notification Support. Feature #10354
Readmine feature https://redmine.pfsense.org/issues/10354 ready for review. John Kap

03/18/2020

08:29 PM Revision 1370d006: Fix 2.5.0 URL
Renato Botelho
08:06 PM pfSense Packages Feature #10356 (Resolved): Support for additional Notification Support
Refer to feature #10354 Telegram Notification Support in the main pfsense package.
In order for the service watch... John Kap
07:39 PM Revision 03de4431: The time has come for 2.4.5-RELEASE
Renato Botelho
02:29 PM Revision 14b52494: IPsec PH2 bypass mode. Issue #3329
Viktor Gurov
02:15 PM Bug #10355 (Resolved): diag_ping.php: Potential XSS via Hostname parameter
Improper input is rejected by validation on 2.4.5.r.20200318.1200 Jim Pingle
09:05 AM Bug #10355 (Feedback): diag_ping.php: Potential XSS via Hostname parameter
Applied in changeset commit:cc3990a334059018b004c91eeb66c147d8afe83d. Jim Pingle
08:56 AM Bug #10355: diag_ping.php: Potential XSS via Hostname parameter
diag_traceroute.php is unaffected but I made the same changes there to be safe. Jim Pingle
08:54 AM Bug #10355 (Resolved): diag_ping.php: Potential XSS via Hostname parameter
On diag_ping.php, the hostname isn't fully validated and the output is not encoded, leading to a potential XSS.
Us... Jim Pingle
01:56 PM Revision f3761c15: Validation and encoding for Ping and Traceroute. Fixes #10355
(cherry picked from commit cc3990a334059018b004c91eeb66c147d8afe83d) Jim Pingle
01:55 PM Revision cc3990a3: Validation and encoding for Ping and Traceroute. Fixes #10355
Jim Pingle
07:03 AM Feature #10354: Telegram Notification Support
Please submit your code as a pull request on github:
https://docs.netgate.com/pfsense/en/latest/development/submit... Viktor Gurov
06:07 AM Feature #3718: radvd - enhancement proposal: ability to advertise routes and some fixes - patches attached
I'm about to submit a PR now. However, there's one issue I'd like to figure out first:
The info text added by the ... Magnus Holmgren
05:39 AM Bug #9596 (Resolved): DHCPv6 Range should not be mandatory if Stateless DHCP selected as router mode
works as expected on 2.5.0.a.20200317.1949
I see the route to the default gateway via interface:... Viktor Gurov
05:32 AM Feature #9834 (Resolved): system_certmanager.php: add ability to import certificate without private key
works as expected on 2.5.0.a.20200317.1949 Viktor Gurov
05:28 AM Feature #10274 (Resolved): DNS64 support
works as expected on 2.5.0.a.20200317.1949 Viktor Gurov
05:25 AM Bug #10305 (Resolved): Using special character in Schedules description
OK on 2.5.0.a.20200317.1949 Viktor Gurov
 

Also available in: Atom