Activity

30 days up to

User

Subprojects

Activity

From 04/20/2020 to 05/19/2020

05/19/2020

11:35 PM Bug #10574 (Not a Bug): nginx flooding syslog, but "Web Server Log" disabled: The checkbox controls errors, not the access log. And the access logging is only sent to remote syslog servers, not l... Jim Pingle
09:29 PM Bug #10574 (Not a Bug): nginx flooding syslog, but "Web Server Log" disabled: Hi,
I have the "Web Server Log" disabled ("If this is checked, errors from the web server process for the GUI or C... Russell Morris
02:57 PM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: Thomas BERNARD wrote:
> thanks, so
> [...]
> is the additional pf rule that need to be created for outbound traffi... Jim Pingle
02:38 PM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: thanks, so... Thomas BERNARD
09:38 AM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: Thomas BERNARD wrote:
> unfortunately it shows that everything is OK when the external port is mapped to the same in... Jim Pingle
01:08 PM Revision 6dee908b: Revert "Disable rust on suricata for aarch64": This reverts commit b52e3cb736148ed826908cb76e8da9982f8c3a6e. Renato Botelho
11:52 AM pfSense Packages Bug #10573 (Resolved): Netgate_Coreboot_Upgrade cannot write to flash in 2.4.5: The adi_flash_util binary appears to be handing bad parameters to flashrom in pfSense 2.4.5.
It can read the flash... Steve Wheeler
10:16 AM pfSense Packages Bug #10572 (Pull Request Review): STARTTLS option is ignored: Jim Pingle
08:46 AM pfSense Packages Bug #10572: STARTTLS option is ignored: https://github.com/pfsense/FreeBSD-ports/pull/862 Viktor Gurov
08:44 AM pfSense Packages Bug #10572 (Feedback): STARTTLS option is ignored: STARTTLS option ($usetls or "-ZZ") is never used as arg for _basic_ldap_auth_ Viktor Gurov
10:12 AM pfSense Packages Feature #10570: OpenVPN Export for iOS should use .ovpn12 for certs and private key: If we change anything at all, it should only affect the Viscosity bundle export format. Nothing else.
If Apple uti... Jim Pingle
03:04 AM pfSense Packages Feature #10570 (New): OpenVPN Export for iOS should use .ovpn12 for certs and private key: https://forum.netgate.com/topic/144204/openvpn-export-for-ios-should-use-ovpn12-for-certs-and-private-key:
Have a ... Viktor Gurov
10:08 AM Bug #10568 (Pull Request Review): Sanitize FreeRADIUS user password: Jim Pingle
01:33 AM Bug #10568: Sanitize FreeRADIUS user password: Fix:
https://github.com/pfsense/pfsense/pull/4319 Viktor Gurov
01:25 AM Bug #10568 (Resolved): Sanitize FreeRADIUS user password: fields to sanitize:
<varuserspassword>
<varsqlconfpassword>
<varsqlconf2password>
<varmodulesldappassword>
<varm... Viktor Gurov
10:07 AM pfSense Docs Correction #10567 (Resolved): Feedback on Cellular Wireless — Known Working 3G-4G Modems: PR merged. Jim Pingle
12:59 AM pfSense Docs Correction #10567: Feedback on Cellular Wireless — Known Working 3G-4G Modems: https://github.com/pfsense/docs/pull/123 Viktor Gurov
09:55 AM Bug #9643: Limiters do not function properly on 2.5 snapshots: Hi.
Same behavior on Proxmox/KVM - pfSense 2.5.0.a.20200518.1031 with vtnet driver.
Any update on this?
Thanks! Gyula Kelemen
09:43 AM Bug #10566: password for OpenDNS (under DynDNS) not being passed correctly: Does it work if you put the password in with the @&@ changed to &@amp;@?
Change this:... Jim Pingle
08:55 AM Revision b7e6b62e: Build HAProxy Package with buildin Prometheus exporter. Implement #10500: Viktor Gurov
08:39 AM pfSense Packages Feature #10500: Build HAProxy Package with buildin Prometheus exporter: Kilian Ries wrote:
> I'm also interested in the haproxy prometheus exporter - if you need a tester just let me know.... DRago_Angel [InV@DER]
07:34 AM pfSense Packages Feature #10500: Build HAProxy Package with buildin Prometheus exporter: I'm also interested in the haproxy prometheus exporter - if you need a tester just let me know... Kilian Ries
04:06 AM pfSense Packages Feature #10500: Build HAProxy Package with buildin Prometheus exporter: Hi @Viktor can I test it on my pfsense 2.4.5? And if yes - then how? I have System Patcher but doesn't know if it can... DRago_Angel [InV@DER]
03:57 AM pfSense Packages Feature #10500: Build HAProxy Package with buildin Prometheus exporter: https://github.com/pfsense/pfsense/pull/4320 Viktor Gurov
06:32 AM Revision e8bf78f2: Sanitize FreeRADIUS passwords. Fixes #10568: Viktor Gurov
05:58 AM Bug #7386 (Resolved): IPv6 not disabled in mpd.conf w/ IPv6 GUI option set to 'disabled': tested with PPP and PPPoE interfaces on 2.5.0.a.20200518.1031 Viktor Gurov
05:54 AM Feature #10538 (Resolved): DNS/Ping/Traceroute IDN support: works as expected on 2.5.0.a.20200518.1031 Viktor Gurov
05:52 AM Bug #10537 (Resolved): wrong link on diag_dns.php: tested on 2.5.0.a.20200518.1031 - OK Viktor Gurov
05:47 AM Bug #7255 (Resolved): Firewall alias FQDN field rejects IDNs (Internationalized domain names): editing, resolving, import/export - all works as expected
pfSense 2.5.0.a.20200518.1031 Viktor Gurov
04:26 AM pfSense Packages Feature #10571: Add zabbix-proxy50 and zabbix-agent50 packages: sorry, tried search before create ticket and doesn't saw this one. DRago_Angel [InV@DER]
04:15 AM pfSense Packages Feature #10571 (Rejected): Add zabbix-proxy50 and zabbix-agent50 packages: duplicate of #10557 Viktor Gurov
04:09 AM pfSense Packages Feature #10571 (Rejected): Add zabbix-proxy50 and zabbix-agent50 packages: Hi, there is some days ago was been released new version of Zabbix LTS 5.0, could you please add packages for it to p... DRago_Angel [InV@DER]
04:18 AM pfSense Packages Feature #10557: Add Zabbix 5.0 LTS (agent and proxy) packages: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=246447 Viktor Gurov
04:11 AM Revision c68acc14: Set the default ICMP data payload size to 1 in dpinger probes.: This fixes the dropping of the ICMP probes in some broken routers/ISPs.
There is no increase of the packet size on ... Luiz Souza
04:09 AM Revision ea0d5cbe: Set the default ICMP data payload size to 1 in dpinger probes.: This fixes the dropping of the ICMP probes in some broken routers/ISPs.
There is no increase of the packet size on ... Luiz Souza
02:29 AM Bug #10569 (Resolved): Sanitize ACME passwords: All <dns_***_key>, <dns_***_password>, <dns_***_secret>, <dns_***_token>, <dns_***_pwd> and <dns_***_pw> fields must ... Viktor Gurov

05/18/2020

11:59 PM pfSense Docs Correction #10567 (Resolved): Feedback on Cellular Wireless — Known Working 3G-4G Modems: *Page:* https://docs.netgate.com/pfsense/en/latest/cellular/known-working-3g-4g-modems.html
*Feedback:*
Add Hua... Viktor Gurov
06:03 PM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: Thank you very much, Thomas. I emailed the captures to you.
For what it's worth, I did have both PC's showing "Ope... Connor Ness
05:42 PM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: Connor Ness wrote:
> If you need me to check anything else, I may not be able to until tomorrow. Hopefully this he... Thomas BERNARD
05:28 PM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: I can test this right now. I currently have two PCs unable to play Call of Duty together behind a pfSense 2.4.4-RELEA... Connor Ness
02:59 PM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: Dakota Marshall wrote:
> At this point, what is needed to try and further troubleshoot this issue? I will be more th... Thomas BERNARD
12:48 PM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: I've been watching this bug for the past 2 years and am excited that there is some traction on it. Though I'm very di... Dakota Marshall
12:17 PM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: I removed the irrelevant comments made after the warning and locked their account. Further comments unrelated to the ... Jim Pingle
11:26 AM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: Joel S wrote:
> Jim Pingle wrote:
> > Joel,
> >
> > Please stop. That kind of unhelpful dialog is unproductive a... Thomas BERNARD
10:39 AM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: We have not enough precise details on the issue :
What AddPortMapping requests the XBoxes are doing and what traffic... Thomas BERNARD
10:02 AM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: Thomas BERNARD wrote:
> I have seen no detailed description of the problem (AddPortMapping requests from the console... Jim Pingle
09:26 AM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: Joel,
Please stop. That kind of unhelpful dialog is unproductive and not welcome here, and is getting in the way o... Jim Pingle
07:16 AM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: Thomas BERNARD wrote:
> Hello, I'm miniupnp main author.
>
> The user Joel S came from here to open an issue on h... Joel S
03:20 AM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: Hello, I'm miniupnp main author.
The user Joel S came from here to open an issue on https://github.com/miniupnp/mi... Thomas BERNARD
05:56 PM Bug #10566 (Closed): password for OpenDNS (under DynDNS) not being passed correctly: When utilizing the dynDNS service to update a WAN IP on the OpenDNS, the password was not accepted even though it was... Frank Graffagnino
04:36 PM Revision 146b0a43: Enforce saving logins across reboots when captive portal HA is enabled: Redmine #97 A FL
04:36 PM Revision f2708fe6: Do not remove captive portal zones on backup node if captive portal HA sync is disabled: Fix #9303 A FL
04:36 PM Revision 8e770b88: Reset in-use/expired vouchers on backup node if vouchers are reset on master node.: Redmine #8809 A FL
04:36 PM Revision 6960993d: Remove non captive-portal logs from Local4 syslog facility.: Various logs are recorded in local4 in HA situation. They should not be recorded here.
Redmine #97 A FL
04:36 PM Revision c392f1f5: Write vouchers public key and config in /var/db/ on backup node: Fix #8807 A FL
04:36 PM Revision 0eae38cd: Refresh connected users on primary when becoming master node.: Redmine #97 A FL
04:36 PM Revision 6bfb5b9e: Forward in-use/expired vouchers to the other node when performing a voucher expiration: Redmine #97 A FL
04:36 PM Revision 896889e9: Do not save in-use vouchers to config.: Saving in use/expired vouchers to XML config does trigger an ACB Save and has many undesirable effects in HA situatio... A FL
04:36 PM Revision 318e3f81: Forward in-use/expired vouchers to the other node when performing a voucher auth.: Redmine #97 A FL
04:36 PM Revision 78784180: Forward "Disconnect all" to the other node: Redmine #97 A FL
04:36 PM Revision 4a778ba9: Forward an user disconnection to the other node: Redmine #97 A FL
04:36 PM Revision 24600471: Forward an user connection to the backup node: Redmine #97 A FL
04:36 PM Revision 13164061: Do not perform RADIUS accounting/prune operations when node is in backup mode: Implement Redmine #97 A FL
04:35 PM Revision f72a37e7: Backup node : fetch user list and in-use/expired vouchers from master node.: Implement Redmine #97 A FL
04:35 PM Revision 06ef0830: Create a new page dedicated to backward sync: Implement Redmine #97 A FL
04:33 PM Revision 65a51647: Fix backward vouchers synchronization: Redmine #7972 A FL
02:42 PM Revision a0e4148c: Merge pull request #4306 from vktg/hidearmnetboot: Renato Botelho
02:42 PM Revision 3e1da340: Merge pull request #4304 from vktg/aliasclone: Renato Botelho
02:41 PM Revision 3215d564: Merge branch 'master' into aliasclone: Renato Botelho
02:38 PM Revision 5cd0ec9d: Merge pull request #4311 from vktg/dyndnscopy: Renato Botelho
02:37 PM Revision eeb38d3e: Merge pull request #4312 from vktg/dynv6: Renato Botelho
02:37 PM Revision 0d1adbeb: Merge pull request #4309 from vktg/idndnslookup: Renato Botelho
02:35 PM Revision 1c17a5fa: Merge pull request #4316 from vktg/idnalias: Renato Botelho
02:32 PM Revision 38247b49: is_proccess_running empty proc fix. Issue #10540: (cherry picked from commit 050e18cf3b37e67eda2a16b07f86217421f5b582) Viktor Gurov
02:32 PM Revision e724b5a8: Merge pull request #4318 from vktg/isprocfix: Renato Botelho
02:30 PM Bug #10565 (Rejected): WAN_DHCP6 Stuck Pending / Unknown: There isn't enough information to suggest it's a bug. Around that time is when the base OS moved to FreeBSD 12.1-STAB... Jim Pingle
12:35 PM Bug #10565 (Rejected): WAN_DHCP6 Stuck Pending / Unknown: Around May 8th, updated pfSense test system running development snapshot. Was working fine before update. After updat... Daryl Morse
02:30 PM Revision 341fa0b7: Merge pull request #4308 from xrm/master: Renato Botelho
10:40 AM Feature #2358: NAT64 support: Is it possible that anyone here is skilled in packaging?
Would it be possible for someone to make a Tayga package ... Brandon Jackson
10:32 AM Todo #10564 (Resolved): Update pkg to 1.13.x: In order to avoi any possible problems of building metadata with more recent pkg than installed on supported systems,... Renato Botelho
10:24 AM Bug #4765: NAT Reflection (Pure NAT) rules not setup for traffic originating from same subnet as final destination: I know this is an old issue, but I am hitting the same problem as the OP here.
I followed up on the thread as well..... Charles Ross
09:56 AM pfSense Packages Feature #10479 (Feedback): Keep settings after deinstall option: PR has been merged. Thanks! Renato Botelho
09:56 AM pfSense Packages Bug #9635 (Feedback): lldpd (and probably ladvd) doesn't work on units with an integrated switch: PR has been merged. Thanks! Renato Botelho
09:42 AM Feature #10374 (Feedback): Add ARM32/64 network booting support to dhcpd: PR has been merged. Thanks! Renato Botelho
09:42 AM Feature #6908 (Feedback): Alias copy, sort, search/replace functions: PR has been merged. Thanks! Renato Botelho
09:39 AM Feature #8952 (Feedback): Dynamic DNS Copy Button: PR has been merged. Thanks! Renato Botelho
09:38 AM Feature #9642 (Feedback): Add DDNS support for dynv6.com: PR has been merged. Thanks! Renato Botelho
09:37 AM Feature #10538 (Feedback): DNS/Ping/Traceroute IDN support: PR has been merged. Thanks! Renato Botelho
09:35 AM Bug #7255 (Feedback): Firewall alias FQDN field rejects IDNs (Internationalized domain names): PR has been merged. Thanks! Renato Botelho
09:34 AM Feature #6228: Please provide a means for IGMPv3 and MLDv2 support: FreeBSD seems to support MLDv2 since version 8R as per https://www.freebsd.org/releases/8.0R/relnotes.html
"The IG... Loh Phat
09:32 AM Bug #10540 (Feedback): is_process_running can generate error for empty process: PR has been merged. Thanks! Renato Botelho
09:31 AM Feature #10392 (Feedback): GRE: Tunnels cannot have IPv6 and IPv4 addresses at the same time: PR has been merged. Thanks! Renato Botelho
09:15 AM Feature #10563 (Rejected): Update Traffic Shaper Wizard Services: The traffic shaper wizard services list works on lists of ports, and most if not all those are web-based services whi... Jim Pingle

05/17/2020

07:52 PM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: Jim Pingle wrote:
>
> pf is capable of doing this kind of NAT, it's the same kind of NAT rules people set manuall... Joel S
07:40 PM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: Jim Pingle wrote:
>
> pf is capable of doing this kind of NAT, it's the same kind of NAT rules people set manually... Joel S
04:35 PM Bug #5999: IPv6 IP Alias prevents Track Interface from working with DHCPv6 and RA: Jim Pingle wrote:
> If it is "simple" and "not difficult", we would happily accept a pull request to fix the issue.
... Rick Coats
06:39 AM Bug #10558: Multicast daemons work at boot, but fail if restarted: I tested with PIMD because it does a similar job.
I tested with it installed and without it installed. Both the same... Maarten Hendrix
06:12 AM Bug #10558: Multicast daemons work at boot, but fail if restarted: Maarten Hendrix wrote:
> Problem:
> IGMPProxy (and PIMD) will not start after pfSense update on 05-02-2020.
Does... Jens Leinenbach
01:51 AM Feature #10563: Update Traffic Shaper Wizard Services: And PLEASE don't forget Twitch and other upload heavy streaming services. tag wolf
01:49 AM Feature #10563 (Rejected): Update Traffic Shaper Wizard Services: Please update traffic shaper wizard's services/games to relevant services/games such as:
(just a few examples. but I... tag wolf

05/15/2020

06:38 PM Revision f607e45c: L2TP server secret is not base64 encoded. Fixes #10527: (cherry picked from commit b3a226f0c6b6d110a1c1d8d8da8550782ea866fb) Jim Pingle
06:37 PM Revision b3a226f0: L2TP server secret is not base64 encoded. Fixes #10527: Jim Pingle
04:19 PM Bug #10558: Multicast daemons work at boot, but fail if restarted: I also did a full reinstall. Nothing changed. Maarten Hendrix
12:02 PM Bug #10558: Multicast daemons work at boot, but fail if restarted: Still same today:... Maarten Hendrix
03:55 PM pfSense Docs Correction #10562 (Resolved): Feedback on L2TP VPN — L2TP with IPsec: *Page:* https://docs.netgate.com/pfsense/en/latest/recipes/l2tp-ipsec.html
*Feedback:*
I struggle with this sig... Grant ZoBell
02:16 PM Bug #8987 (Resolved): Web GUI main page very slow to load if wan interface is enabled but not connected.: Dashboard loads in a reasonable amount of time with the WANs disconnected. Looks much better to me. Jim Pingle
02:07 PM Feature #7704 (Resolved): Destination port range "Any" in Port Forward UI doesn't work: Rule is now formed correctly and functions as expected. Jim Pingle
01:53 PM Bug #10499 (Resolved): Dark theme Auto-complete popup field has dark text on dark background: When using the dark theme, the autocomplete drop-down now has a light background and text is easy to read. Jim Pingle
01:52 PM pfSense Packages Bug #7654 (Resolved): Can't use a LDAP search filter containing an accent: Supplied string is saved as expected and without error. Jim Pingle
01:50 PM Bug #10527 (Resolved): L2TP shared secret is ignored: Working correctly now after a gitsync. Jim Pingle
01:45 PM Bug #10527 (Feedback): L2TP shared secret is ignored: Applied in changeset commit:b3a226f0c6b6d110a1c1d8d8da8550782ea866fb. Jim Pingle
01:19 PM Bug #10527 (In Progress): L2TP shared secret is ignored: This doesn't work. The secret has base64_decode run on it, but the secret was not stored with base64 encoding, so the... Jim Pingle
01:46 PM Bug #10460 (Resolved): OpenVPN does not add IPv6 prefix to unbound DNS resolver: OpenVPN IPv6 tunnel network is now added to DNS Resolver ACLs automatically. Jim Pingle
01:39 PM Bug #10531 (Resolved): L2TP client not able to use shared secret: Shared secret is now correctly populated in the client configuration and the client can connect to a server with a ma... Jim Pingle
01:20 PM Bug #10247 (Resolved): Duplicate Outbound NAT entries when creating L2TP server: L2TP server subnet(s) are only listed once in outbound NAT now. Jim Pingle
01:17 PM Bug #4866 (Resolved): L2TP server are restarted after adding/modifying L2TP users (mpd.secret): mpd process is no longer restarted after making changes to users.
Also confirmed that changing a password while it... Jim Pingle
01:12 PM Bug #10211 (Resolved): Limiters ECN input validation problem: No errors with this configuration now. When ECN is checked, a RED limiter has @ecn@ in the rule. When unchecked, it i... Jim Pingle
01:07 PM Bug #10368 (Resolved): OpenVPN server no definition of protocol to use (udp4): Protocol is now in client remote statements and they are connecting to servers as expected. Jim Pingle
11:30 AM Bug #10359 (Resolved): Require State Filter setting breaks filter rule link to associated states: Works as expected now. Filtered states are displayed when following the link from the rules list. Jim Pingle
11:11 AM pfSense Packages Feature #10500 (Pull Request Review): Build HAProxy Package with buildin Prometheus exporter: Jim Pingle
10:57 AM pfSense Packages Feature #10500: Build HAProxy Package with buildin Prometheus exporter: https://github.com/pfsense/FreeBSD-ports/pull/861 Viktor Gurov
10:59 AM Bug #9634 (Resolved): rc.newwanipv6 is called although dhcp6c should discard Request messages: This appears to be working OK. The generated script matches the new code, and I no longer see any logged messages abo... Jim Pingle
10:24 AM Bug #10508 (Resolved): Backup does not skip all RRD data: With an existing @<rrddata>@ section in the backup, now backups are generated without the tag entirely (skip RRD chec... Jim Pingle
08:35 AM pfSense Packages Bug #9635 (Pull Request Review): lldpd (and probably ladvd) doesn't work on units with an integrated switch: Jim Pingle
08:34 AM pfSense Packages Bug #10502 (Pull Request Review): LLDP spamming errors on Netgate XG-7100: Jim Pingle
07:58 AM Bug #10155: sshguard is not compatible with RFC 5424 log format: sshguard has added support for this log format in their repo, but it has not yet been released. Something to watch ou... Jim Pingle
07:54 AM pfSense Docs Correction #10561 (Closed): Feedback on Installing and Upgrading — Upgrade Troubleshooting: Jim Pingle
07:42 AM pfSense Docs Correction #10561: Feedback on Installing and Upgrading — Upgrade Troubleshooting: https://github.com/pfsense/docs/pull/122 Viktor Gurov
06:01 AM pfSense Docs Correction #10561 (Closed): Feedback on Installing and Upgrading — Upgrade Troubleshooting: *Page:* https://docs.netgate.com/pfsense/en/latest/install/upgrade-troubleshooting.html
Need to update links to 2.... Viktor Gurov
07:48 AM Bug #10560 (Not a Bug): Connection fails connecting to (my) OpenVPN instance.: This is working fine for myself and others, so it's almost certainly a problem in your config or environment and not ... Jim Pingle
05:27 AM Bug #10560: Connection fails connecting to (my) OpenVPN instance.: And with "the same options" I mean if I use the same command line as is used (I modified the script to print out all ... Stefan Smietanowski
05:19 AM Bug #10560: Connection fails connecting to (my) OpenVPN instance.: Obviously meant pfSense 2.5.0 and not OpenVPN 2.5.0 ... Stefan Smietanowski
05:17 AM Bug #10560 (Duplicate): Connection fails connecting to (my) OpenVPN instance.: When connecting using either OpenVPN Connect on Android using client certificate + username/password or OpenVPN clien... Stefan Smietanowski
03:54 AM pfSense Docs Correction #10559 (Resolved): Feedback on User Management — Granting Users Access to SSH: *Page:* https://docs.netgate.com/pfsense/en/latest/recipes/ssh-access.html
"Enable SSH via webGUI" section is outd... Viktor Gurov

05/14/2020

03:51 PM Bug #10558: Multicast daemons work at boot, but fail if restarted: After running that and restarting the pfSense box, IGMPProxy still won't start.... Maarten Hendrix
03:23 PM Bug #10558 (Feedback): Multicast daemons work at boot, but fail if restarted: If you have been tracking 2.5.0 snapshots since before early May, first make sure that igmpproxy gets reinstalled for... Jim Pingle
02:52 PM Bug #10558 (Resolved): Multicast daemons work at boot, but fail if restarted: Problem:
IGMPProxy (and PIMD) will not start after pfSense update on 05-02-2020.
Error message:... Maarten Hendrix
02:44 PM Bug #10416 (Resolved): dhcrelay command line options not properly configured for some DHCP failover scenarios: @dhcrelay@ is running with the expected options now, using @-i@ when an interface is detected as both upstream and do... Jim Pingle
02:42 PM Feature #10341 (Resolved): Exclude unsupported interfaces from DHCP Relay: Unsupported interfaces are no longer offered as choices. Jim Pingle
02:20 PM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: Yep. Same issue. Today got locked out again out of all our sites. My workaround is to use a personal VPN to force my ... Eduard Rozenberg
02:01 PM Revision dc062b76: Correct regex to remove redundant RRD tags from backup. Fixes #10508: While here, improve regex so it does not leave extra whitespace/blank
lines in the resulting backup.
(cherry picked ... Jim Pingle
02:00 PM Revision 4213d677: Correct regex to remove redundant RRD tags from backup. Fixes #10508: While here, improve regex so it does not leave extra whitespace/blank
lines in the resulting backup. Jim Pingle
01:19 PM Bug #10176: Multiple duplicate / overlapping phase 2 Child SAs on IPsec tunnels: Looking at this again on 2.5.0, now that it's on strongSwan 5.8.4. I do not see any of my VMs with multiple overlappi... Jim Pingle
10:53 AM Bug #10305 (Resolved): Using special character in Schedules description: GUI looks good with the supplied test string. Descriptions show the expected string, and when editing the schedule, t... Jim Pingle
10:50 AM Bug #9259 (Resolved): User with "Deny Config Write" privilege is not fully prevented from creating accounts: Unable to reproduce the problem after the latest commit. Jim Pingle
10:50 AM Feature #4629 (Resolved): Rules Floating tab doesn't display interfaces: Interface column is present in floating rules list and contains the interfaces selected for the rules. Jim Pingle
10:49 AM Bug #9320 (Resolved): Outbound NAT and multiple IPSEC IPs for mobile warriors: per-user IPsec subnets are now present in automatic outbound NAT rules. Jim Pingle
10:46 AM Bug #10542 (Resolved): Exclamation marks in the description field of a floating rule result in a filter reload error.: Description with @\@ is rejected as expected. Without that character, the description is accepted and works. Jim Pingle
10:43 AM Feature #9985 (Resolved): Build virtio_console.ko: Option is present in the kernel.... Jim Pingle
10:42 AM Feature #8289 (Resolved): OpenVPN - configurable username as common name: Option is present in the GUI and works as expected when set to either state (checked or unchecked). Jim Pingle
10:40 AM Feature #10348 (Resolved): Add localhost to NTP Interfaces: Localhost is present in the interface list, can be selected, and is in the configuration when chosen. ntpd is bound t... Jim Pingle
10:38 AM Bug #9334 (Resolved): bogus dialogue on Limiter deletion: Only one prompt with the expected warning now. Jim Pingle
10:37 AM Bug #10418 (Resolved): IPsec VTI address/mask selection not functional: Can now set the type to Network and select a specific mask if necessary. When loading the saved value, the type is se... Jim Pingle
10:33 AM Feature #10221 (Resolved): Update DH group warnings to say that group 5 is also weak: Group 5 is now visible in the warnings. Jim Pingle
10:32 AM Bug #7725 (Resolved): Support for iwm: Device appears to be present in the kernel.... Jim Pingle
10:15 AM pfSense Packages Bug #4497 (Resolved): Using a specific password within FreeRADIUS user management causes pfSense to restore a backup!: Field is CDATA escaped in the config. Password @W!f!4c3ss.@ was saved without error and present in the config after. Jim Pingle
10:13 AM Feature #9891 (Resolved): QLogic 10 Gigabit Ethernet driver (qlxgb): Appears to be present in the kernel.... Jim Pingle
10:05 AM Feature #10293 (Resolved): DNS flag day - EDNS buffer size recommendation: Expected value is present in the config by default in automatic mode and selecting an option manually is reflected pr... Jim Pingle
10:03 AM Feature #10455 (Resolved): status.php: Add upgrade_log.latest.txt: Output is present as expected in status.php Jim Pingle
10:03 AM Bug #10424 (Resolved): status.php: Calls using pkg should use pkg-static: Output is present as expected in status.php, and verified in the source that it is using @pkg-static@. Jim Pingle
10:02 AM Todo #10423 (Resolved): status.php: Add kernel modules: Output is present as expected in status.php Jim Pingle
10:02 AM Feature #10350 (Resolved): Add OpenVPN configuration file(s) to status.php file: Output is present as expected in status.php Jim Pingle
10:02 AM Todo #10349 (Resolved): status.php: Sanitize ldapbindpass and ldap_pass: Fields are in the list to sanitize. Jim Pingle
09:59 AM Feature #6600 (Resolved): DHCP Server - Primary DDNS Address won't accept IPv6 address: Input is accepted and the resulting config appears to be correct. No errors from DHCP. Jim Pingle
09:56 AM Bug #10200 (Resolved): DHCPv6 domain-search list not sent to clients: Correct option is present now. Jim Pingle
09:49 AM Feature #10448 (Resolved): DHCPv6 RA - show default values in certain fields: Defaults are visible and have the expected values. Jim Pingle
09:48 AM Bug #10264 (Resolved): Gateways created at the console do not apply the naming convention used in the GUI: Gateway created from the console is now @<interface name>GW@ which matches the default GUI name style. Jim Pingle
09:45 AM Bug #10509 (Resolved): unable to remove CA private key: Works now. Can edit a CA and blank out the private key, and when saved it is removed as expected. Jim Pingle
09:10 AM Bug #10508 (Feedback): Backup does not skip all RRD data: Applied in changeset commit:4213d677f6e665d1b391066c27c17155d8da1699. Jim Pingle
09:02 AM Bug #10508: Backup does not skip all RRD data: The old code doesn't appear to have ever worked properly as it was. I pushed some changes to the regex which make it ... Jim Pingle
08:59 AM Bug #10508 (In Progress): Backup does not skip all RRD data: Jim Pingle
08:40 AM pfSense Packages Bug #10502: LLDP spamming errors on Netgate XG-7100: https://github.com/pfsense/FreeBSD-ports/pull/860 Viktor Gurov
08:39 AM pfSense Packages Bug #9635: lldpd (and probably ladvd) doesn't work on units with an integrated switch: https://github.com/pfsense/FreeBSD-ports/pull/860 Viktor Gurov
05:17 AM pfSense Packages Bug #9635 (New): lldpd (and probably ladvd) doesn't work on units with an integrated switch: After I manually changed it to:
>
> After I manually changed it to:
> /usr/local/sbin/lldpd -l -I 'lagg0.4089' -C... Viktor Gurov
08:02 AM Bug #10554 (Not a Bug): private internet access vpn: There isn't any general problem here, it's specific to your config, provider, or environment. This site is not for su... Jim Pingle
08:01 AM Bug #10555 (Rejected): port forwarding via mac address: No. NAT is handled by pf, and pf doesn't work at L2.
You could assign a static address for a specific MAC, put tha... Jim Pingle
07:52 AM Feature #10556: Change action on 'XML configuration file not found' error: We already have some code that could handle this, which restores the last good backup when invalid XML is detected. I... Jim Pingle
02:38 AM Feature #10556 (Resolved): Change action on 'XML configuration file not found' error: After a shutdown/filesystem error I got on boot:... Viktor Gurov
06:45 AM pfSense Packages Feature #10557: Add Zabbix 5.0 LTS (agent and proxy) packages: The latest FreeBSD ports version is 4.4.7:
http://pkg.freebsd.org/freebsd:12:x86:64/latest/All/zabbix44-agent-4.4.7.... Viktor Gurov
05:31 AM pfSense Packages Feature #10557 (Resolved): Add Zabbix 5.0 LTS (agent and proxy) packages: New release from zabbix. Please add this new version.
https://www.zabbix.com/rn/rn5.0.0 Pim Janssen
05:11 AM Revision 050e18cf: is_proccess_running empty proc fix. Issue #10540: Viktor Gurov
01:22 AM Bug #8343: Gateway Routes (Default Routes) not removed in Kernel when removed from GUI: on 2.4.5 this is true only for dynamically assigned gateways (WAN_DHCP),
manually added gateways are correctly remov... Viktor Gurov
12:54 AM Bug #9806 (Resolved): Undefined variables in filter.inc openvpn aliases section: tested on 2.5.0.a.20200512.2320
after fixing and deleting dead code everything works fine Viktor Gurov

05/13/2020

11:15 PM Bug #10555 (Rejected): port forwarding via mac address: would it be possible to port forward via mac address, or create aliases via mac address, which ports can already be f... natalie sharpe
09:18 PM Bug #10553: Gateway Groups Tier 2 fail dropping states on Tier 1 connection: Hi Jim,
Is dpinger aware of the gateway groups tiers?
The states should only be dropped if the active tier is d... Daniel Subert
12:39 PM Bug #10553 (Not a Bug): Gateway Groups Tier 2 fail dropping states on Tier 1 connection: That's the expected behavior currently. There is no way to have it only kill states for connections on a specific WAN... Jim Pingle
08:50 PM Bug #10554 (Not a Bug): private internet access vpn: when using private internet access vpn provider, configured through open vpn, if the wan interface goes down so does ... natalie sharpe
08:04 PM Revision e93936ef: L2TP secret description fix. Issue #10531: (cherry picked from commit 9623ec5b2396392cde38231e21cb5d6746928bcf) Viktor Gurov
08:04 PM Revision e6edb571: Merge pull request #4305 from vktg/l2tpsecretdescr: Jim Pingle
07:54 PM Revision ccc94f0a: DynDNS DNSExit URL fix. Issue #9632: Adapted from 4f79a07e7aaa2eba78f73758573483c18b7ed4f9 Jim Pingle
07:53 PM Revision 2ec06184: Merge pull request #4310 from vktg/dnsexitfix: Jim Pingle
07:45 PM Revision bdd27096: Merge pull request #4307 from vktg/dnslinksfix: Jim Pingle
07:45 PM Revision 7cca4879: Fw rule description input validation. Issue #10542: (cherry picked from commit 82f088390fc90c9ee0b90714c496a73817157a4b) Viktor Gurov
07:44 PM Revision f5bd39e5: Merge pull request #4313 from vktg/fwruledescrvalid: Jim Pingle
03:46 PM Bug #10508 (New): Backup does not skip all RRD data: This doesn't appear to be working. Added some dummy RRD tags to a config and they are still there when downloading a ... Jim Pingle
03:05 PM Bug #10531 (Feedback): L2TP client not able to use shared secret: PR merged Jim Pingle
02:56 PM Bug #9632 (Feedback): DynDNS not updating IP address for DNSExit: PR merged, and a similar change made on RELENG_2_4_5 since the commit didn't apply cleanly to cherry-pick. Jim Pingle
02:52 PM Bug #10537 (Feedback): wrong link on diag_dns.php: This doesn't apply to 2.4.5-p1, it was introduced as part of a PR that didn't get picked back. I merged the PR but on... Jim Pingle
02:48 PM Bug #10542 (Feedback): Exclamation marks in the description field of a floating rule result in a filter reload error.: PR merged Jim Pingle
12:56 PM Bug #10414: Very high CPU usage of pfctl and more causing very high load and a hardly usable internet connection: Testing a kernel with the original fix taken out (so r345177 restored), and the new fix applied, it still look good t... Jim Pingle
12:40 PM Bug #10540 (Pull Request Review): is_process_running can generate error for empty process: Jim Pingle
03:45 AM Bug #10540: is_process_running can generate error for empty process: https://github.com/pfsense/pfsense/pull/4317 Viktor Gurov
12:40 PM pfSense Docs Correction #10543 (Closed): Feedback on User Management and Authentication — User Management: Closing as this looks good. Thanks Damon! Jared Dillard
12:35 PM pfSense Docs Correction #9461 (Closed): Feedback on Services — DNS — Configuring the DNS Resolver: Jim Pingle
06:24 AM pfSense Docs Correction #9461: Feedback on Services — DNS — Configuring the DNS Resolver: A warning here about network stoppage/pausing while unbound is reloaded might be helpful.
Steve Russell
03:49 AM pfSense Docs Correction #9461: Feedback on Services — DNS — Configuring the DNS Resolver: https://github.com/pfsense/docs/pull/121 Viktor Gurov

05/12/2020

10:54 PM Bug #10553 (Not a Bug): Gateway Groups Tier 2 fail dropping states on Tier 1 connection: Symptom:
State drops occurring incorrectly in certain fail-over conditions
Setup:
Gateway Group with 2 gateways ... Daniel Subert
04:10 PM Bug #10414: Very high CPU usage of pfctl and more causing very high load and a hardly usable internet connection: Luke Hamburg wrote:
> Thx Luiz! this is the commit, right?
> https://github.com/pfsense/FreeBSD-src/commit/6c7a5a8e... Luiz Souza
04:00 PM Revision ea12b607: Alias IDN hostnames support. Issue #7255: Viktor Gurov
10:52 AM pfSense Packages Bug #10552 (Resolved): Typo in OpenBGPD's settings page: There's a typo in OpenBGPD's settings page. Below "General Options" it says "Router IP" when in fact it should be say... Tim Wolter
10:16 AM Bug #10551 (Duplicate): gateway group not restoring the higher tier gateway: Not knowing the technical details, it's unclear to me if this is related to this bug,
https://redmine.pfsense.org/... Dee D
10:15 AM Bug #7255 (Pull Request Review): Firewall alias FQDN field rejects IDNs (Internationalized domain names): Jim Pingle
09:50 AM Bug #7255: Firewall alias FQDN field rejects IDNs (Internationalized domain names): https://github.com/pfsense/pfsense/pull/4316 Viktor Gurov
09:08 AM Bug #10200: DHCPv6 domain-search list not sent to clients: No, wait, such an option doesn't even exist. So should the text box be removed completely from the UI? Magnus Holmgren
08:55 AM Bug #10200: DHCPv6 domain-search list not sent to clients: Same thing with @option domain-name@, I'm pretty sure. Has that been fixed too?
Magnus Holmgren
07:29 AM Bug #10550 (Duplicate): Network interface mismatch after removing USB LTE modem: Duplicate of #9393 Jim Pingle
03:05 AM Bug #10550 (Duplicate): Network interface mismatch after removing USB LTE modem: How to reproduce:
1) Setup the USB LTE modem interface (ue0)
2) Reboot the appliance and remove the USB modem
3)... Viktor Gurov
06:27 AM pfSense Docs Correction #9305: Feedback on Virtual LANs (VLANs) — pfSense VLAN Configuration: https://gitlab.netgate.com/docs/pfSense-book/-/merge_requests/2 Viktor Gurov

05/11/2020

09:22 PM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: Jim Pingle wrote:
>
> pf is capable of doing this kind of NAT, it's the same kind of NAT rules people set manually... Joel S
09:19 AM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: Cameron O wrote:
> So is the pf-based miniupnpd just missing some internal or API feature that's in the netfilter-ba... Jim Pingle
08:56 PM Revision 4594c689: RADIUS authentication via shell/ssh. Implement #10545: Viktor Gurov
08:28 PM Revision 46764785: Update user index after making changes. Fixes #9259: (cherry picked from commit e6c79cd3aafdbd25971a62103b51584335523e33) Jim Pingle
08:27 PM Revision e6c79cd3: Update user index after making changes. Fixes #9259: Jim Pingle
07:22 PM Bug #10414: Very high CPU usage of pfctl and more causing very high load and a hardly usable internet connection: Imported markj@ fix to 2.5.0
https://svnweb.freebsd.org/base?view=revision&revision=360903 Renato Botelho
01:47 PM Bug #10414: Very high CPU usage of pfctl and more causing very high load and a hardly usable internet connection: A proposed fix: https://reviews.freebsd.org/D24803 Jim Pingle
03:35 PM Bug #9259 (Feedback): User with "Deny Config Write" privilege is not fully prevented from creating accounts: Applied in changeset commit:e6c79cd3aafdbd25971a62103b51584335523e33. Jim Pingle
03:28 PM Bug #9259 (Confirmed): User with "Deny Config Write" privilege is not fully prevented from creating accounts: OK, with those exact steps I can reproduce it, but only if I start without any other users. There must be some other ... Jim Pingle
02:45 AM Bug #9259: User with "Deny Config Write" privilege is not fully prevented from creating accounts: Hello Jim,
The issue with this problem is that even in my case, I could not reproduce the issue 100% of the time. ... Martin VENÇON
01:22 PM Feature #9544: Enable ``ROUTE_MPATH`` multipath routing: There are four known issues with RADIX_MPATH in FreeBSD, three of which can lead to a panic:
https://bugs.freebsd.... Jim Pingle
01:13 PM Feature #9544: Enable ``ROUTE_MPATH`` multipath routing: Still seeing reports of instability after moving to 12.1-STABLE. For example: https://forum.netgate.com/topic/153418/... Jim Pingle
09:46 AM pfSense Docs Correction #10543: Feedback on User Management and Authentication — User Management: That's fine. I mentioned it mostly to show that I had done my due diligence as a new issue reporter :)
Thanks for... Damon McDougall
09:00 AM pfSense Docs Correction #10543 (Feedback): Feedback on User Management and Authentication — User Management: The book source isn't public. I've updated the syntax to fix the note.
Thanks! Jim Pingle
09:34 AM Feature #10545 (Pull Request Review): RADIUS authenticated users should be able to log in via ssh: Jim Pingle
08:26 AM Feature #10545: RADIUS authenticated users should be able to log in via ssh: pam_radius is part of the base system
https://github.com/pfsense/pfsense/pull/4315 Viktor Gurov
09:04 AM Bug #10544 (Pull Request Review): It's not possible to add a user to group operator using the gui: Need to think on this a bit. It seems OK from a technical point of view, but security-wise, I'm not so certain. It ma... Jim Pingle
08:57 AM Bug #10542 (Pull Request Review): Exclamation marks in the description field of a floating rule result in a filter reload error.: Jim Pingle
08:54 AM Bug #10540: is_process_running can generate error for empty process: Since that can only happen by manually running an command with an invalid service name, it would be nice to address b... Jim Pingle
08:51 AM pfSense Packages Feature #10479 (Pull Request Review): Keep settings after deinstall option: Jim Pingle
08:50 AM pfSense Docs Correction #9638 (Resolved): Feedback on High Availability — Configuring High Availability: Jim Pingle
08:49 AM pfSense Docs Correction #10371 (Resolved): Update flow control tuning doc for chelsio: Jim Pingle
08:47 AM pfSense Docs Correction #10145 (Resolved): Feedback on Packages — Installing FreeBSD Packages: Jim Pingle
08:46 AM pfSense Docs Correction #9380 (Resolved): Feedback on Cache / Proxy — Tuning the Squid Package: Jim Pingle
08:45 AM pfSense Docs Correction #10534 (Resolved): Feedback on Cellular Wireless — Known Working 3G-4G Modems: Jim Pingle
08:44 AM Feature #9642 (Pull Request Review): Add DDNS support for dynv6.com: Jim Pingle
08:43 AM Feature #8952 (Pull Request Review): Dynamic DNS Copy Button: Jim Pingle
08:41 AM Bug #9632 (Pull Request Review): DynDNS not updating IP address for DNSExit: Jim Pingle
01:54 AM Feature #9165: only IPs can be added to sshguard whitelist: Semi-correct for me, as restart of sshguard or reboot will fix the situation without deeper knowledge of the "issue".... Stefan Beckers

05/10/2020

08:10 PM pfSense Packages Feature #10547 (New): Add package addrwatch. Addrwatch is like arpwatch but works with ipv4 and ipv6: From the developer website:
> This is a tool similar to arpwatch. It main purpose is to monitor network and log di... Rick Coats
06:27 PM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: I bought the SG-3100 because I wanted to have the BiS router for epic gaming moments
Turns out one of the "feature... Star Jesus
02:22 PM Revision 491217a6: Feature #10392: Improved/unified wording, removed link3, fixed empty() vs !== bug, fixed upgrade code. Increased config to 20.3.: sebastian nielsen
02:10 PM Bug #10546 (Resolved): Gateways removed from routing groups based on low alert thresholds: In a Multi-WAN failover scenario, individual gateways are added and removed from gateway groups based on dpinger alar... Vladimir Voskoboynikov
06:36 AM Feature #10545 (Resolved): RADIUS authenticated users should be able to log in via ssh: RADIUS authenticated users are unable to access the cli via ssh.
pam_radius module needed
see https://www.freeb... Viktor Gurov

05/09/2020

07:20 PM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: Hi, I'm also interested in this issue and really glad to see there's an active effort to get it resolved. Thanks Joel... Cameron O
05:30 PM Revision 82f08839: Fw rule description input validation. Issue #10542: Viktor Gurov
01:10 PM Bug #10544: It's not possible to add a user to group operator using the gui: Here's a pull request that implements my fix: "#4314":https://github.com/pfsense/pfsense/pull/4314 Craig Leres
01:05 PM Bug #10544 (New): It's not possible to add a user to group operator using the gui: I wanted to create a backup user that could dump the filesystem. I used the gui to create group operator which create... Craig Leres
12:32 PM Bug #10542: Exclamation marks in the description field of a floating rule result in a filter reload error.: The '\' character is not allowed in the Description field.
All other special characters are OK
Fix:
https://gith... Viktor Gurov
11:19 AM Bug #10542 (Resolved): Exclamation marks in the description field of a floating rule result in a filter reload error.: Some characters such as "/!\" in a floating rule description produce an error when the filter is reloaded.
Steps t... Léa Al
12:13 PM pfSense Docs Correction #10543: Feedback on User Management and Authentication — User Management: I tried to find the pfSense book source code in the 'pfsense' organisation on GitHub so that I could simply contribut... Damon McDougall
12:09 PM pfSense Docs Correction #10543 (Closed): Feedback on User Management and Authentication — User Management: *Page:* https://docs.netgate.com/pfsense/en/latest/book/usermanager/user-management.html
*Feedback:*
Looks like... Damon McDougall
10:02 AM Revision 96b2a66a: DynDNS dynv6.com support. Issue #9642: Viktor Gurov
10:00 AM pfSense Packages Feature #10541 (Feedback): Squid failover and load balancing: https://forum.netgate.com/topic/97328/work-in-progress-squid-failover-and-load-balancing-for-pfsense:
I'm seeking a ... Viktor Gurov
09:42 AM Bug #10540 (Resolved): is_process_running can generate error for empty process: When running svc status for an unknown service you get:... Orion Poplawski
09:16 AM Revision 08a0e055: DynDNS copy button. Issue #8952: Viktor Gurov
08:57 AM pfSense Packages Feature #10479: Keep settings after deinstall option: also remove /usr/local/etc/raddb on package uninstall:
https://github.com/pfsense/FreeBSD-ports/pull/859 Viktor Gurov
08:51 AM pfSense Packages Bug #10445: BIND crashed when added RPZ. rpz is not a master or slave zone.: I found that the issue was occurring for me because the *response-policy* setting was defined in the global *options*... Brandon Rock
08:42 AM pfSense Docs Correction #9638: Feedback on High Availability — Configuring High Availability: https://github.com/pfsense/docs/pull/120 Viktor Gurov
08:42 AM Revision 4f79a07e: DynDNS DNSExit URL fix. Issue #9632: Viktor Gurov
08:12 AM pfSense Docs Correction #10371: Update flow control tuning doc for chelsio: https://github.com/pfsense/docs/pull/119 Viktor Gurov
07:56 AM pfSense Docs Correction #10145: Feedback on Packages — Installing FreeBSD Packages: https://github.com/pfsense/docs/pull/118 Viktor Gurov
07:46 AM pfSense Docs Correction #9380: Feedback on Cache / Proxy — Tuning the Squid Package: http://www.squid-cache.org/Doc/config/range_offset_limit/:... Viktor Gurov
06:15 AM pfSense Docs Correction #10534: Feedback on Cellular Wireless — Known Working 3G-4G Modems: https://github.com/pfsense/docs/pull/116 Viktor Gurov
05:04 AM Feature #9642: Add DDNS support for dynv6.com: https://github.com/pfsense/pfsense/pull/4312 Viktor Gurov
04:18 AM Feature #8952: Dynamic DNS Copy Button: https://github.com/pfsense/pfsense/pull/4311 Viktor Gurov
03:44 AM Bug #9632: DynDNS not updating IP address for DNSExit: https://github.com/pfsense/pfsense/pull/4310 Viktor Gurov
03:00 AM pfSense Packages Bug #10522 (Resolved): Telegraf, Netstat fails (missing lsof): Good:... Viktor Gurov
02:16 AM Bug #3736 (Resolved): No static IPv6 address for WAN interface in Dashboard for PPPoE+static IPv6: no such issue on 2.4.5 and 2.5
all OK Viktor Gurov
01:40 AM Feature #9165: only IPs can be added to sshguard whitelist: Stefan Beckers wrote:
> The new sshguard list feature (see #8864) does only allow addition of IP addresses. I do hav... Viktor Gurov
01:30 AM Bug #3128 (Resolved): Active voucher status not restored from backup: no such issue on 2.4.5 and 2.5
active vouchers status successfully restored Viktor Gurov

05/08/2020

07:51 PM pfSense Packages Bug #10503: Flapping any GW in multi-WAN influences restating all IPsec tunnels in FRR which leads to dropping all IPsec VTI static routes and related BGP issues: Working around the issue by splitting FRR from Vti
- Add new VIPs to Local host. (one to each side , do not use th... Alhusein Zawi
04:41 PM Revision e8e3fd22: Feature #10392: Removed IPv4/IPv6 selection. Added code for configuration migration on upgrade.: sebastian nielsen
02:04 PM Feature #8511 (Resolved): Dynamic DNS: Cloudflare Add TTL option: resolved in 2.4.5
see https://redmine.pfsense.org/issues/10196 Viktor Gurov
02:04 PM Bug #5826 (Closed): Auto-exclude LAN address feature only works for the LAN interface: Closing in favor of #3329 -- The PR linked above is already mentioned there and solves this issue as well. Jim Pingle
02:00 PM Bug #5826: Auto-exclude LAN address feature only works for the LAN interface: https://github.com/pfsense/pfsense/pull/4230 Viktor Gurov
01:23 PM Bug #10414: Very high CPU usage of pfctl and more causing very high load and a hardly usable internet connection: Luke,
From what we can tell, pf is doing a ton of smp rendezvous zeroing per-CPU counters. The described "hang" s... Jim Thompson
01:19 PM Revision c8a39f1b: DNS/Ping/Traceroute IDN support. Issue #10538: Viktor Gurov
12:57 PM Revision 337cacac: diag_ping.php input validation fix. Issue #10537: Viktor Gurov
11:12 AM Bug #10539: OpenVPN incorrect validation of common name with external case-insensitive directory: Yep I know that not all LDAP providers are case insensitive, but most - is. And still even with case sensitive login ... DRago_Angel [InV@DER]
11:07 AM Bug #10539: OpenVPN incorrect validation of common name with external case-insensitive directory: We can maybe add a warning about it, but that is 100% a problem with the authentication server and OpenVPN itself. Th... Jim Pingle
10:35 AM Bug #10539: OpenVPN incorrect validation of common name with external case-insensitive directory: You mean there is no way to change way how username validated to (regex|case-insensitive) or change (strip|convert to... DRago_Angel [InV@DER]
08:31 AM Bug #10539 (Not a Bug): OpenVPN incorrect validation of common name with external case-insensitive directory: That's an issue in OpenVPN internally. You could disable username-as-common-name (checkbox in 2.5.0 or 2.4.5-p1) whic... Jim Pingle
08:26 AM Bug #10539: OpenVPN incorrect validation of common name with external case-insensitive directory: Possible fix addition:
In 1 and 2 common names must be all converted for example to lowercase before check - this wi... DRago_Angel [InV@DER]
08:23 AM Bug #10539 (Not a Bug): OpenVPN incorrect validation of common name with external case-insensitive directory: Now Common Name is case-sensetive validation field.
With Local Authorization it works fine as Unix local users are c... DRago_Angel [InV@DER]
10:33 AM Revision 5cb09a31: Feature #10392: GRE: Tunnels cannot have IPv6 and IPv4 addresses at the same time: sebastian nielsen
09:26 AM Feature #10392 (Pull Request Review): GRE: Tunnels cannot have IPv6 and IPv4 addresses at the same time: Jim Pingle
08:14 AM Feature #10392: GRE: Tunnels cannot have IPv6 and IPv4 addresses at the same time: Pull request for GRE part: https://github.com/pfsense/pfsense/pull/4308 Sebas tian
04:39 AM Feature #10392: GRE: Tunnels cannot have IPv6 and IPv4 addresses at the same time: I have implemented the necessary changes for GRE interfaces (and tested them with my setup – seems to be working). I ... Sebas tian
09:21 AM Feature #10538 (Pull Request Review): DNS/Ping/Traceroute IDN support: Jim Pingle
08:21 AM Feature #10538: DNS/Ping/Traceroute IDN support: https://github.com/pfsense/pfsense/pull/4309 Viktor Gurov
08:19 AM Feature #10538 (Resolved): DNS/Ping/Traceroute IDN support: Add support for IDN hostnames on the DNS/Ping/Traceroute diagnostics pages. Viktor Gurov
09:19 AM Bug #10537 (Pull Request Review): wrong link on diag_dns.php: Jim Pingle
07:58 AM Bug #10537: wrong link on diag_dns.php: https://github.com/pfsense/pfsense/pull/4307 Viktor Gurov
07:47 AM Bug #10537 (Resolved): wrong link on diag_dns.php: After resolving the DNS name, you can see at the bottom of the page:
More Information
Ping
Traceroute
If you cl... Viktor Gurov
07:28 AM pfSense Packages Bug #10536 (Not a Bug): Haproxy doesnt start and exits with error Lua init: table index is nil: That has to be something in your configuration, it's not a problem with the package in general. This site is not for ... Jim Pingle
04:42 AM pfSense Packages Bug #10536 (Not a Bug): Haproxy doesnt start and exits with error Lua init: table index is nil: I have just downgraded my SG-3100 from 2.4.5 to 2.4.4-p3 (due to the blocking cpu causing a bit lag.) I made a backup... Hector Sanchez

05/07/2020

04:08 PM Revision 9623ec5b: L2TP secret description fix. Issue #10531: Viktor Gurov
01:17 PM Bug #9259: User with "Deny Config Write" privilege is not fully prevented from creating accounts: I can't reproduce that problem. I've tried creating an account, deleting an account, various other actions, but nothi... Jim Pingle
04:40 AM Bug #9259: User with "Deny Config Write" privilege is not fully prevented from creating accounts: Hello,
I experienced the same issue described here, and the last changes that you have made did not fix the proble... Martin VENÇON
12:57 PM Bug #10414: Very high CPU usage of pfctl and more causing very high load and a hardly usable internet connection: Thx Luiz! this is the commit, right?
https://github.com/pfsense/FreeBSD-src/commit/6c7a5a8e69762db2ac0bc465f37c8f04a... → luckman212
09:54 AM Bug #10414: Very high CPU usage of pfctl and more causing very high load and a hardly usable internet connection: Fix committed.
Snapshots with this fix will be available soon (for general testing). Luiz Souza
12:50 PM Feature #10392: GRE: Tunnels cannot have IPv6 and IPv4 addresses at the same time: In that case it should be fairly easy to add that to the GUI by splitting it into separate IPv4 and IPv6 options. It ... Jim Pingle
12:16 PM Feature #10392: GRE: Tunnels cannot have IPv6 and IPv4 addresses at the same time: I manually executed ... Sebas tian
10:49 AM Feature #10374 (Pull Request Review): Add ARM32/64 network booting support to dhcpd: Jim Pingle
05:33 AM Feature #10374: Add ARM32/64 network booting support to dhcpd: Show/hide ARM32/64 booting options on pressing "Display Advanced" button:
https://github.com/pfsense/pfsense/pull/4306 Viktor Gurov
10:46 AM Bug #10531 (Pull Request Review): L2TP client not able to use shared secret: Jim Pingle
05:26 AM Bug #10531: L2TP client not able to use shared secret: description fix:
https://github.com/pfsense/pfsense/pull/4305 Viktor Gurov
10:31 AM Revision 5cb27937: Hide ARM32/64 network booting options. Issue #10374: Viktor Gurov
10:27 AM Feature #10504: Make LACP timeout PDU transmission speed configurable: It seems to be indicated by the flags value:... Jim Pingle
07:27 AM Feature #10504 (Resolved): Make LACP timeout PDU transmission speed configurable: works fine on 2.5.0.a.20200506.1402
but I still don't know how to see the current LACP timeout mode,
no any info... Viktor Gurov
08:21 AM Feature #10535 (Duplicate): Additional options to add to the dhcpd v4 and v6 configuration files: Duplicate of #5080 Jim Pingle
04:10 AM Feature #10535 (Duplicate): Additional options to add to the dhcpd v4 and v6 configuration files: As of right now the gui for the DHCP server (both v4 and v6) does allow for a limited number of global options. For e... Bogdan P
05:01 AM Bug #10240: Incorrect interface assignment after switching from PPPoE: Jim Pingle wrote:
> There was a similar problem in the past ( #1420 ) but this doesn't seem like quite the same issu... Viktor Gurov
12:24 AM pfSense Docs Correction #10534 (Resolved): Feedback on Cellular Wireless — Known Working 3G-4G Modems: *Page:* https://docs.netgate.com/pfsense/en/latest/cellular/known-working-3g-4g-modems.html
*Feedback:*
Add ZTE... Viktor Gurov

05/06/2020

05:09 PM Revision 4b41d250: L2TP client Shared Secret option. Issue #10531: (cherry picked from commit 8e267d3bc59a9d89cf74aa7616566e44b9c5bd69) Viktor Gurov
05:09 PM Revision 041bdc8b: Merge pull request #4303 from vktg/l2tpclientsecret: Renato Botelho
05:09 PM Revision e1f791a0: L2TP VPN shared secret. Issue #10527: (cherry picked from commit 8651a4a4f6923f05f73e65e8647804ad4621565c) Viktor Gurov
05:09 PM Revision ccf9a98a: Merge pull request #4302 from vktg/l2tpsecret: Renato Botelho
05:02 PM Revision 8651a4a4: L2TP VPN shared secret. Issue #10527: Viktor Gurov
04:53 PM Revision 8e267d3b: L2TP client Shared Secret option. Issue #10531: Viktor Gurov
04:12 PM Revision 6978b39e: Alias clone feature. Issue #6908: Viktor Gurov
02:10 PM Todo #10533 (Resolved): Change default domain for new installations from "localdomain" to "home.arpa": "RFC 8375":https://tools.ietf.org/html/rfc8375 sets aside "home.arpa" for "non-unique use in residential home network... Jim Pingle
01:22 PM pfSense Packages Feature #9874 (Resolved): safesearch enforcing: pfBlockerNG 2.2.5_32
works as expected Viktor Gurov
01:09 PM pfSense Packages Feature #9833: ACME: add ability to use custom ACME server: I'll add my voice to this request. I just set up a local step-ca ACME server and would love to use it with pfSense. Michael Long
12:53 PM Feature #9985 (Feedback): Build virtio_console.ko: Renato manually merged the PR Jim Pingle
12:26 PM Feature #9985: Build virtio_console.ko: https://github.com/pfsense/FreeBSD-src/pull/30 Viktor Gurov
12:10 PM Bug #10531 (Feedback): L2TP client not able to use shared secret: PR has been merged. Thanks! Renato Botelho
09:12 AM Bug #10531 (Pull Request Review): L2TP client not able to use shared secret: Jim Pingle
04:10 AM Bug #10531: L2TP client not able to use shared secret: some ISPs use this
Fix:
https://github.com/pfsense/pfsense/pull/4303 Viktor Gurov
01:22 AM Bug #10531 (Resolved): L2TP client not able to use shared secret: It is not possible to use Shared Secret by L2TP client,
no such field in WebGUI
http://mpd.sourceforge.net/doc5/m... Viktor Gurov
12:09 PM Bug #10527 (Feedback): L2TP shared secret is ignored: PR has been merged. Thanks! Renato Botelho
11:43 AM Feature #9891 (Feedback): QLogic 10 Gigabit Ethernet driver (qlxgb): Added to kernel Renato Botelho
10:45 AM Feature #6908 (Pull Request Review): Alias copy, sort, search/replace functions: Jim Pingle
09:58 AM Feature #6908: Alias copy, sort, search/replace functions: Alias copy/clone:
https://github.com/pfsense/pfsense/pull/4304 Viktor Gurov
10:33 AM pfSense Packages Todo #10528 (Resolved): OpenVPN client export - 2.4.9: All done and tested. Exported installer is 2.4.9 and it works (installs, connects, etc) as expected. Jim Pingle
09:57 AM pfSense Packages Todo #10528 (In Progress): OpenVPN client export - 2.4.9: Jim Pingle
08:54 AM Bug #1773 (Resolved): wrong URL is displayed for web interface access at console for DHCP: no such issue on 2.4.4-p3 + Viktor Gurov
08:13 AM Bug #10532: Mobile PSK users don't have 'mobile-userpool' section: It may be as easy as removing the EAP check at source:src/etc/inc/ipsec.inc#L1596 -- but non-EAP users were also excl... Jim Pingle
05:08 AM Bug #10532: Mobile PSK users don't have 'mobile-userpool' section: some on 2.4.5... Viktor Gurov
04:43 AM Bug #10532 (Resolved): Mobile PSK users don't have 'mobile-userpool' section: I don't see the 'mobile-userpool' section for PSK users, only for EAP:... Viktor Gurov
07:49 AM Feature #8775: Use SRV record for LDAP Authentication: unchanged since 2018:
https://bugs.php.net/bug.php?id=76757
Viktor Gurov
07:30 AM Feature #3907 (Resolved): OpenVPN widget connected client count display: > The Dashboard widget's title is "Server TCP:1194 Client connections". Could it be changed so it counts how much cli... Viktor Gurov
07:17 AM Bug #3038 (Resolved): CARP master not stopping slave's Captive portal: no such issue on 2.5.0.a.20200505.2130
start/stop works fine on both nodes Viktor Gurov
01:07 AM Bug #10493: filter_get_vpns_list() issues: it can also reduce the scope of #7815 Viktor Gurov
12:37 AM Feature #10340 (Resolved): IPsec Mobile GUI Improvement (Dashboard and Status > IPsec > Leases): OK on 2.5.0.a.20200505.0238
TODO: IPsec widget option to select default tab (Overview/Tunnels/Mobile) Viktor Gurov

05/05/2020

06:06 PM Revision c1fc5d87: DHCP Relay: Account for dual-role interfaces. Fixes #10416: Based on a patch from John Steele on the Redmine issue
(cherry picked from commit a76e61149b79fe2892f6083454a563b860... Jim Pingle
06:05 PM Revision a76e6114: DHCP Relay: Account for dual-role interfaces. Fixes #10416: Based on a patch from John Steele on the Redmine issue Jim Pingle
03:47 PM Bug #8686: IPsec VTI: Assigned interface firewall rules are never parsed: Re-tested this since we have a new base OS on 2.5.0. Unfortunately, this still behaves the same way on 12.1-STABLE:
... Jim Pingle
03:08 PM Revision 01f5db26: Merge pull request #4300 from vktg/lagginputvalfix: Renato Botelho
02:19 PM Revision e27e8e91: Allow 0 for IPsec P1 reauth/rekey/over. Fixes #10529: Jim Pingle
01:55 PM Revision 88f3d1a3: Fix #10525: Handle Chinese (Hong Kong / Taiwan) locale rename: Renato Botelho
01:53 PM Revision 249a0757: Fix #10525: Handle Chinese (Hong Kong / Taiwan) locale rename: Renato Botelho
01:15 PM Bug #10416 (Feedback): dhcrelay command line options not properly configured for some DHCP failover scenarios: Applied in changeset commit:a76e61149b79fe2892f6083454a563b860a035ab. Jim Pingle
01:04 PM Bug #10416 (In Progress): dhcrelay command line options not properly configured for some DHCP failover scenarios: I couldn't get the patch to work as-is, the downstream list always ended up empty, but I found a variation which appe... Jim Pingle
12:12 PM Bug #10527: L2TP shared secret is ignored: https://github.com/pfsense/pfsense/pull/4302 Viktor Gurov
05:30 AM Bug #10527 (Resolved): L2TP shared secret is ignored: Shared secret on vpn_l2tp.php page is never used,
I don't see any code that uses it, and there is no "set l2tp secre... Viktor Gurov
10:28 AM pfSense Packages Bug #10522: Telegraf, Netstat fails (missing lsof): Thanks very much for the quick action! Russell Morris
10:14 AM pfSense Packages Bug #10522 (Feedback): Telegraf, Netstat fails (missing lsof): PR has been merged. Thanks! Renato Botelho
08:22 AM pfSense Packages Bug #10522 (Pull Request Review): Telegraf, Netstat fails (missing lsof): Jim Pingle
05:14 AM pfSense Packages Bug #10522: Telegraf, Netstat fails (missing lsof): correct, see https://github.com/influxdata/telegraf/blob/master/plugins/inputs/net/NETSTAT_README.md:... Viktor Gurov
10:08 AM Feature #10504 (Feedback): Make LACP timeout PDU transmission speed configurable: PR has been merged. Thanks! Renato Botelho
09:58 AM Feature #4038 (Pull Request Review): Button to clear the arp cache: Jim Pingle
05:04 AM Feature #4038: Button to clear the arp cache: https://github.com/pfsense/pfsense/pull/4301 Viktor Gurov
09:56 AM Bug #10530 (New): Convert config version to be based on product version: Today config version is incremented numerically and is agnostic of product version. It makes impossible to add a new... Renato Botelho
09:25 AM Bug #10529 (Feedback): IPsec Phase 1 options Reauth and Rekey do not allow valid "0" value: Applied in changeset commit:e27e8e91e684d993fee62e2ad6cc7e4dd3d4b775. Jim Pingle
09:09 AM Bug #10529 (Resolved): IPsec Phase 1 options Reauth and Rekey do not allow valid "0" value: On vpn_ipsec_phase1.php the options for Reauth and Rekey say they should accept a value of 0, but the bootstrap input... Jim Pingle
09:00 AM Bug #10525 (Feedback): Chinese (taiwan) / HK Translation using incorrect identifier on 2.4.5: Applied in changeset commit:249a0757d5f86c7f0c4229dd45b634c83dfeccd4. Renato Botelho
08:24 AM pfSense Packages Todo #10528 (Resolved): OpenVPN client export - 2.4.9: OpenVPN client 2.4.9 was released.
It would be cool to have it updated: https://openvpn.net/community-downloads/
... Greg M

05/04/2020

07:01 PM Revision 72aa3cf9: CDATA encode Squid LDAP options. Issue #7654: (cherry picked from commit f14c90586d33493951debc977244f83dcd095b83) Viktor Gurov
07:01 PM Revision 29f87d21: CDATA encode FreeRADIUS user names/passwords. Issue #4497: (cherry picked from commit 5ee65c008f628340fede29d9fbf42a4a68dd63e1) Jim Pingle
07:01 PM Revision 360479cf: Special characters in Schedules descr and rangedescr fields. Issue #10305: (cherry picked from commit 008c15450ec5913c671bc8545682b35f92d63da8) Viktor Gurov
06:50 PM Revision ba77c383: L2TP duplicate outbound NAT fix. Issue 10247: (cherry picked from commit 8f74c44e459e7f9c3d6559bee5d9ca1e49694852) Viktor Gurov
06:49 PM Revision f7ecea49: L2TP username containing @ (realm separator). Issue #9828: (cherry picked from commit f1efc7922e731f8f7f6c02f62fa974eeb884ea85) Viktor Gurov
06:49 PM Revision 802c938b: Allow dashed DUID to be entered in a DHCPv6 Mapping. Issue #2568: (cherry picked from commit ebccd85b82f468ea83603574c8dc9c573b27ff55) Viktor Gurov
06:48 PM Revision c096e481: Fix SMTP SSL/TLS disable validation. Issue #10317: (cherry picked from commit 93166bdcffc51c85662c83ec7789855d72aa869b) Viktor Gurov
06:47 PM Revision da7b476a: Add localhost to NTP Interfaces. Issue #10348: (cherry picked from commit 627253089841122bea33f1d0f140fc55e78f611b) Viktor Gurov
06:43 PM Revision f7e29b5b: DH group 5 warnings for IPsec Phase 1. Issue #10221: (cherry picked from commit 81a58f837a0422890a12bcdf7b3e1b60a04fcbc5) Viktor Gurov
06:40 PM Revision 18c3bb70: Update DH group warnings to say that group 5 is also weak. Issue #10221: (cherry picked from commit 4423176ef39e0461be339b5ded087678f6711c91) Sean McBride
06:40 PM Revision 64f31e89: DHCPv6 RA show default values in certain fields. Issue #10448: (cherry picked from commit 4d7bdf64eb1922136082cfff82ee626b3a8ba35d) Viktor Gurov
06:39 PM Revision d027ed2d: Remove bogus warning on limiter/shaper deletion. Issue #9334: (cherry picked from commit 86c560d985b03d421f8b572c33f8e02b2f08ea56) Viktor Gurov
06:39 PM Revision aad53bc2: Sanitize ldapbindpass and ldap_pass. Issue #10349: (cherry picked from commit 787e634e7f801c8a83e2626d50fb98de041c72ea) Viktor Gurov
06:37 PM Revision 69a614a7: Remote OpenVPN server proto definition. Issue #10368: (cherry picked from commit bd1291d0e45ee982d5a65745086864bf36918dc7) Viktor Gurov
06:37 PM Revision 3050a5d7: RED/GRED limiters do not have noecn option. Issue #10211: (cherry picked from commit 75fb1d576ab12fd399bcfeb57a02545b449a1df4) Viktor Gurov
06:36 PM Revision bcab8a67: allow to disable IPsec P1 when P2 is disabled VTI. Issue #10190: (cherry picked from commit 903826b5b231e371fe934e7ecde2d4f7b6e1be2d) Viktor Gurov
06:36 PM Revision 3cb6e79d: Exclude unsupported interfaces from DHCP Relay. Issue #10341: (cherry picked from commit 5285aa842118fa893a275e46616734b2f54c7e4f) Viktor Gurov
06:34 PM Revision e0bfe3a4: Fixed dhcpdv6 config generation for domain-list option. Fixes #10200: (cherry picked from commit afd8177f803560a1fa7040bbe2b60e68a5ec3918) Florian Apolloner
06:24 PM Revision 30783b6e: URL/URL Table alias with IDN hostnames. Issue #10321: (cherry picked from commit 48a157543b9d4f66c6f0f24316c482db82a0aa1c) Viktor Gurov
06:23 PM Revision acbeb77d: Make OpenVPN username-as-common-name options. Implements #8289: (cherry picked from commit e5c4f2a7d977fb1fd6c7b4446e187486b72285be) Jim Pingle
06:23 PM Revision 345a232f: Do not restart L2TP server after adding/modifying users. Issue #4866: (cherry picked from commit 810923482479d09c4987f7f29b12299be15ac352) Viktor Gurov
06:23 PM Revision 2816960c: Do not include disabled IPSec P2 entries to <vpn_networks>. Issue #7622: (cherry picked from commit 12f9467e207e07bee4b93673b17b836e77216f6e) Viktor Gurov
06:22 PM Revision ae0dacfc: Add ipsec_reload_package_hook() to apply function. Fixes Bug #10351: Adapted From 4aebc4ba84aefa0be7084960cb1387352e6a3792 Jim Pingle
06:20 PM Revision d16276b4: DHCP6 client discard REQUEST messages. Issue #9634: (cherry picked from commit 8788b0613a66e48ff4da45f4228bda481c37f7a9) Viktor Gurov
06:19 PM Revision 27e83e10: Compare compressed IPv6 CARP VIP. Issue #6579: (cherry picked from commit 84052eb74b7c470ebf8fd0bb1b56ce475725b1a6) Viktor Gurov
06:18 PM Revision 7f9d80e1: Firewall rule states link and Require State Filter option fix. Issue #10359: (cherry picked from commit afb4cdcd2a96138b70b888c6750f8b1140ab8c2a) Viktor Gurov
03:31 PM Bug #7725: Support for iwm: Added to 2.4.5-p1 kernel Renato Botelho
02:11 PM pfSense Packages Bug #10522: Telegraf, Netstat fails (missing lsof): Yes, it works for me as well - after I manually install lsof. The reason I raised this is that lsof should be include... Russell Morris
01:57 PM pfSense Packages Bug #10522: Telegraf, Netstat fails (missing lsof): can't reproduce, it work for me
[2.4.5-RELEASE][root@pfSense.trmultiservice.lab]/root: telegraf --test --input-filte... Manuel Piovan
02:02 PM pfSense Packages Bug #7654 (Feedback): Can't use a LDAP search filter containing an accent: Jim Pingle
02:02 PM Bug #10305 (Feedback): Using special character in Schedules description: Jim Pingle
01:51 PM Bug #10247 (Feedback): Duplicate Outbound NAT entries when creating L2TP server: Original commit is commit:8f74c44e459e7f9c3d6559bee5d9ca1e49694852
Picked back in commit:ba77c38370 Jim Pingle
01:48 PM Feature #10348 (Feedback): Add localhost to NTP Interfaces: Jim Pingle
01:43 PM Feature #10221 (Feedback): Update DH group warnings to say that group 5 is also weak: Jim Pingle
01:40 PM Feature #10448 (Feedback): DHCPv6 RA - show default values in certain fields: Jim Pingle
01:39 PM Bug #9334 (Feedback): bogus dialogue on Limiter deletion: Jim Pingle
01:39 PM Todo #10349 (Feedback): status.php: Sanitize ldapbindpass and ldap_pass: Jim Pingle
01:38 PM Bug #10368 (Feedback): OpenVPN server no definition of protocol to use (udp4): Jim Pingle
01:37 PM Bug #10211 (Feedback): Limiters ECN input validation problem: Jim Pingle
01:36 PM Feature #10341 (Feedback): Exclude unsupported interfaces from DHCP Relay: Jim Pingle
01:35 PM Bug #10200 (Feedback): DHCPv6 domain-search list not sent to clients: Jim Pingle
01:24 PM Feature #10321 (Feedback): URL/URL Table alias with IDN hostnames: Jim Pingle
01:24 PM Feature #8289 (Feedback): OpenVPN - configurable username as common name: Jim Pingle
01:23 PM Bug #4866 (Feedback): L2TP server are restarted after adding/modifying L2TP users (mpd.secret): Jim Pingle
01:19 PM Bug #6579 (Feedback): IPv6 CARP VIPs lost upon config sync where they include non-significant zeros: Jim Pingle
01:19 PM Bug #10359 (Feedback): Require State Filter setting breaks filter rule link to associated states: Jim Pingle
09:08 AM Bug #10524: Bridge that includes a GIF interface does not come up at boot: Jim Pingle wrote:
> Did this work on a previous version?
I didn't use this combination in previous version. Howev... Yuran Yastreb
08:02 AM Bug #10524: Bridge that includes a GIF interface does not come up at boot: Did this work on a previous version? Jim Pingle
08:59 AM pfSense Packages Bug #10526: Package pfBlockerNG Crashes on Alert view: Looks like your alert log was allowed to grow too large.
Post on https://forum.netgate.com/category/62/pfblockerng... Jim Pingle
08:54 AM pfSense Packages Bug #10526 (New): Package pfBlockerNG Crashes on Alert view: Error Message:
Fatal error: Allowed memory size of 536870912 bytes exhausted (tried to allocate 513799651 bytes) in ... Larry Westfall
08:06 AM Feature #10523 (Rejected): Integrate remote backup (push) into ACB: ACB is the only method we plan on integrating for that functionality at this time. Other methods may be implemented m... Jim Pingle
07:59 AM Feature #10521: Syslog, Level Filter / Setting: Jim Pingle wrote:
> That kind of filtering should be done on a central log processing host, irrespective of the numb... Russell Morris
07:57 AM Feature #10521 (Rejected): Syslog, Level Filter / Setting: I'm not sure this would be viable as not everything gets tagged with relevant syslog levels, especially messages from... Jim Pingle
07:49 AM Feature #10504 (Pull Request Review): Make LACP timeout PDU transmission speed configurable: Jim Pingle
02:57 AM Bug #10525 (Resolved): Chinese (taiwan) / HK Translation using incorrect identifier on 2.4.5: When I using pfsense 2.4.4 upgrade to 2.4.5 the language change Chinese(Taiwan) or HK has error.
When I want chang... Roll Stone
01:30 AM Bug #9647: hn0: driver does not support altq: Hello.
Can someone please take a look at this one?
It seems trivial to fix or am I wrong? Greg M

05/03/2020

07:09 PM pfSense Packages Bug #10487: Telegraf package not sending logs to influxdb server: I confirm that I encounter the same issue with telegraf version 0.9_3 and pfsense 2.4.5 (on a Netgate SG-1100) device Joseph jk
06:44 PM Bug #8100: pfsync Initially Deletes States on Primary for Connections Established through Secondary: Verified still occurs on 12.1-STABLE/2.5.0. Chris Linstruth
03:22 PM Bug #10524 (Resolved): Bridge that includes a GIF interface does not come up at boot: I use pfsense version 2.4.5. This problem occurs when a gif port is added to the bridge. This bridge does not rise af... Yuran Yastreb
01:34 PM Bug #10518: Netmap appears broken in Snort and Suricata packages when Inline IPS Mode enabled: Confirmed after further testing by me and by feedback from impacted users. Deleting the package (Snort or Suricata) a... Bill Meeks
01:05 PM Bug #10518: Netmap appears broken in Snort and Suricata packages when Inline IPS Mode enabled: Upon further testing it appears this may not be an actual bug, but is more likely related to older FreeBSD-12.0 versi... Bill Meeks
10:19 AM Bug #9649: IPv6 6RD Tunnel: Ronald Schellberg wrote:
> Any concerns or progress with the Pull Request? I have applied slight variations to 2.5,... Ronald Schellberg
01:06 AM Feature #10523 (Rejected): Integrate remote backup (push) into ACB: Right now, the remote backup push method listed is not even recommended ([[https://docs.netgate.com/pfsense/en/latest... Tom Cosmos

05/02/2020

10:27 PM pfSense Packages Bug #10522 (Resolved): Telegraf, Netstat fails (missing lsof): Enabling netstat from the web interface (as part of Telegraf) ... fails. The error message can be seen from a command... Russell Morris
10:12 PM Feature #10521 (Rejected): Syslog, Level Filter / Setting: Hi,
It would be handy to be able to set the minimum level above which remote syslog records are sent to the define... Russell Morris
02:39 PM Revision a3a04401: LAGG proto input validation fix. Issue #10504: Viktor Gurov
11:29 AM Bug #10493: filter_get_vpns_list() issues: + I think it would be better to split "Advanced Firewall” to “Advanced Firewall” and “Packet Processing” sections:
... Viktor Gurov
07:58 AM Bug #10493: filter_get_vpns_list() issues: This fix allows you to select for which VPN types / IP proto do MSS clamping:
https://github.com/pfsense/pfsense/pul... Viktor Gurov
09:45 AM Feature #10504: Make LACP timeout PDU transmission speed configurable: works fine, but requires extra input validations:
https://github.com/pfsense/pfsense/pull/4300
Cisco 'show lacp n... Viktor Gurov
08:47 AM Bug #10520 (Not a Bug): Interfaces OPT1 and WAN are not functional after upgrade to 2.5.0.a.20200312.1338: That is quite an old snapshot and I've been running it on SG-3100 for months. This is not a general issue and might b... Jim Pingle
05:57 AM Bug #10520 (Not a Bug): Interfaces OPT1 and WAN are not functional after upgrade to 2.5.0.a.20200312.1338: After upgrade from fresh 2.4.5 install to the latest available 2.5.0 version (2.5.0.a.20200312.1338) on SG-3100, inte... Danilo Zrenjanin
04:13 AM Feature #3567 (Resolved): Option to disable NTP: now it's working fine
2.5.0.a.20200501.1824 Viktor Gurov
04:05 AM Bug #10433 (Closed): addMask() js code resets netmask size to 128/32: tested on 2.5.0.a.20200501.1824
reverted successfully
Viktor Gurov

05/01/2020

08:26 PM Revision 5e421859: Fix OpenVPN status.php output for 2.4.5 Implements #10350: Jim Pingle
05:32 PM Revision 32cd2d98: Factor existing RAM disk usage into kmem calculation. Fixes #10420: (cherry picked from commit 355aa65e684431fe435dcf51c92f17659b5b000d) Jim Pingle
05:31 PM Revision 355aa65e: Factor existing RAM disk usage into kmem calculation. Fixes #10420: Jim Pingle
03:45 PM Revision f63635f9: Fix #10273: Build OpenVPN with ASYNC_PUSH option: Renato Botelho
03:35 PM Feature #10350 (Feedback): Add OpenVPN configuration file(s) to status.php file: Applied in changeset commit:5e421859b258bccff7eb1e29fd4cff38b1c83123. Jim Pingle
03:27 PM Feature #10350 (In Progress): Add OpenVPN configuration file(s) to status.php file: Needs fixed to work on 2.4.5 Jim Pingle
03:27 PM Revision 5eb010e4: Merge pull request #4298 from vktg/ipsecleasesbold: Renato Botelho
12:58 PM Revision 58a8c231: Remove CA prv key fix. Issue #10509: (Based on 0447f01b1eb02354f5658d535bd33bfa022d6083, Adjusted for RELENG_2_4_5) Jim Pingle
12:56 PM Revision ac80714d: Merge pull request #4296 from vktg/remprivkey: Jim Pingle
12:55 PM Revision 1941a9cb: Avoid very slow GUI loads when ews.netgate.com can't be resolved #8987: (cherry picked from commit 3c07f4986e6dfdd552ba8c68bb6ae866dff91dd9) Tom Embt
12:40 PM Bug #10420 (Feedback): Miscellaneous page with pre-existing RAM disks config can't be saved: Applied in changeset commit:355aa65e684431fe435dcf51c92f17659b5b000d. Jim Pingle
12:32 PM Bug #10420: Miscellaneous page with pre-existing RAM disks config can't be saved: When I got the actual byte counts and calculated better, the numbers came out much closer, only within a couple MB, s... Jim Pingle
11:10 AM Bug #3152 (Closed): Updater should fall back to IPv4 if IPv6 fails: Since this bug was opened we moved to a completely different upgrade model using pkg Renato Botelho
11:00 AM Bug #7725 (Feedback): Support for iwm: Added iwm/iwmfw to pfSense kernel Renato Botelho
11:00 AM Revision 2e292243: IPsec Mobile status/widget online green-bold. Issue #10340: Viktor Gurov
10:52 AM Feature #3763 (Rejected): GUI: Packages: add 'non supported' or 'experimental' field: -devel suffix is used on experimental package name, like pfBlockerNG-devel. It's enough to let users know it's not a... Renato Botelho
10:50 AM Feature #10273 (Feedback): OpenVPN compile with --enable-async-push: Applied in changeset commit:f63635f94608b191944e60dc928b8d379316190f. Renato Botelho
10:46 AM Bug #10331 (Feedback): French language give a Warning: sprintf(): in system_advanced_admin.php: Renato Botelho
10:41 AM Bug #10438 (Feedback): Prepare pfSense-upgrade to deal with pkg 1.13.x+: Done Renato Botelho
10:40 AM Todo #10353 (Feedback): Update pkg to 1.13.x: Already changed to 1.13 on 2.5.0 snapshots and added necessary code on pfSense-upgrade to detect change to metaversio... Renato Botelho
10:39 AM Bug #10373 (Feedback): Incorrect copyright year: RELENG_2_4_5 was changed as well Renato Botelho
10:27 AM Feature #10340 (Feedback): IPsec Mobile GUI Improvement (Dashboard and Status > IPsec > Leases): PR has been merged. Thanks! Renato Botelho
10:26 AM pfSense Packages Feature #9874 (Feedback): safesearch enforcing: PR has been merged. Thanks! Renato Botelho
07:27 AM pfSense Packages Feature #9874 (Pull Request Review): safesearch enforcing: Jim Pingle
12:53 AM pfSense Packages Feature #9874: safesearch enforcing: Grimson Gretzleburg wrote:
> You forgot to add "/www/pfblockerng/pfblockerng_safesearch.php" to the package meta dat... Viktor Gurov
10:00 AM Revision 0447f01b: Remove CA prv key fix. Issue #10509: Viktor Gurov
09:43 AM Feature #7362 (Resolved): Add the default values of the TCP and UDP Timeouts on the WebUI depending on the "Firewall Optimization Options": OK on 2.5.0.a.20200430.1700 Viktor Gurov
09:02 AM Bug #10517: Mobile PSK user mobile-userpool is ignored: And I'm using the strongSwan app (v 2.2.1) on Android.
Is the ID actually configured as userfqdn in the client? Jim Pingle
08:59 AM Bug #10517: Mobile PSK user mobile-userpool is ignored: hm, this is strongswan-nm 5.7.2-1 on Debian 10
Viktor Gurov
08:31 AM Bug #10517 (Not a Bug): Mobile PSK user mobile-userpool is ignored: I'm not seeing a problem here.... Jim Pingle
07:20 AM Bug #10517: Mobile PSK user mobile-userpool is ignored: This was working not long ago, something else must have broken it again. Jim Pingle
06:13 AM Bug #10517 (Not a Bug): Mobile PSK user mobile-userpool is ignored: regardless of what you entered in the "Virtual Address Pool" on the VPN / IPsec / Pre-Shared Keys / Edit page,
mobil... Viktor Gurov
08:27 AM pfSense Packages Bug #9537: One month offset in displayed data between time changes: The underlying vnstat correctly reports the monthly data when run from the command line.
This is from vnstat:
v... Randall Barth
08:18 AM Bug #6579 (Resolved): IPv6 CARP VIPs lost upon config sync where they include non-significant zeros: successfully tested on 2.5.0.a.20200430.1700 HA cluster Viktor Gurov
08:01 AM Bug #10518 (Rejected): Netmap appears broken in Snort and Suricata packages when Inline IPS Mode enabled: The latest update to FreeBSD-12.1-STABLE for the pfSense-2.5 snapshots appears to have broken the netmap device used ... Bill Meeks
07:59 AM Bug #10509 (Feedback): unable to remove CA private key: PR merged, but didn't apply cleanly to RELENG_2_4_5 so I committed an adjusted version there Jim Pingle
07:55 AM Bug #8987 (Feedback): Web GUI main page very slow to load if wan interface is enabled but not connected.: Jim Pingle
01:39 AM Bug #8987 (Resolved): Web GUI main page very slow to load if wan interface is enabled but not connected.: tested on 2.5.0.a.20200430.1700
works as expected, nice feature! Viktor Gurov
07:26 AM Bug #9414 (Resolved): Hardware with Intel 82583V interface such as some Watchguard equipment fail to load interface: Jim Pingle
12:25 AM Bug #9414: Hardware with Intel 82583V interface such as some Watchguard equipment fail to load interface: This looks like it was fixed upstream. https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=235147 is now closed/fixe... Chris Palmer
03:54 AM pfSense Packages Bug #10475 (Resolved): pfSense-pkg-arpwatch unconditinally clobbers the arpwatch database files on upgrade: arpwatch 0.2.0_3 - OK Viktor Gurov
03:42 AM pfSense Packages Feature #10479 (Resolved): Keep settings after deinstall option: 0.15.7_15 works as expected Viktor Gurov
02:05 AM pfSense Packages Bug #9424 (Resolved): arpwatch package logs CARP MAC address changes: works fine on 2.4.5/2.5 and arpwatch pkg 0.2.0_3 Viktor Gurov

04/30/2020

09:17 PM pfSense Packages Bug #10516 (New): FRR Access list: When using Access list on BGP neighbor> Peer Filtering (in/out) , All routes will be blocked even if the rule was per... Alhusein Zawi
09:05 PM Feature #10515 (Rejected): Highlight fields that aren't consistent among all copies of a page: I don't see this ever being viable. There is no way it could know what you want it to do here, and trying to come up ... Jim Pingle
07:01 PM Feature #10515 (Rejected): Highlight fields that aren't consistent among all copies of a page: I'm running multiple VPN clients, and I expect their configurations to be identical except for necessary alterations ... Andrew Warren
06:32 PM Feature #10514 (New): Add to every page an unparsed Notes field for administrative reference: I would find it very helpful to have, at the top of the VPN Clients page, a note that said, "If you enable/disable an... Andrew Warren
06:29 PM pfSense Packages Feature #9874: safesearch enforcing: You forgot to add "/www/pfblockerng/pfblockerng_safesearch.php" to the package meta data, so it's not included in the... Grimson Gretzleburg
01:36 PM pfSense Packages Feature #9874 (Feedback): safesearch enforcing: PR has been merged. Thanks! Renato Botelho
05:55 PM Revision 1a2b1a47: Skip all RRD data on backup. Issue #10508: (cherry picked from commit 6c1b20af47553b6e95669b9ccc2d4109364c0d4c) Viktor Gurov
05:54 PM Revision 6ada0675: Merge pull request #4297 from vktg/rrdskip: Jim Pingle
05:43 PM Revision c97132ef: EDNS buffer size configuration. Issue #10293: (cherry picked from commit 09d529a6b3888479b015edba166d31cd214387cc) Viktor Gurov
05:42 PM Revision 4b08280f: DHCP Domain trailing dot validation. Issue #8054: (cherry picked from commit 8ee5aa03950902e8de301dedaa1fddda4a74e709) Viktor Gurov
05:42 PM Revision 46505ce4: Same gateway naming convention for the console and the WebGUI. Issue #10264: (cherry picked from commit b504ede55d68d82e84a5c48ff75ddc805b6ce391) Viktor Gurov
05:41 PM Revision 8cac9c25: Add OpenVPN config files to status output. Implements #10350: This form will only work on 2.5.0 since the directory layout changed.
(cherry picked from commit edc7e81f621805af817... Jim Pingle
05:39 PM Revision 8c57ad63: Port forward dst port Any fix. Issue #7704: (cherry picked from commit da7f67b8f0b1d55b3b0ebfb99b198abc9e47ff53) Viktor Gurov
05:39 PM Revision af6d81b3: requested changes: (cherry picked from commit b1c85ec0fc263a0b237bd3364b249eb5f85e35dc) christian christian
05:39 PM Revision fd5fcb27: Outbound NAT and multiple IPSEC IPs for mobile warriors: (cherry picked from commit 8897cbce7fc410029ac367eeee7c12261fec896f) christian christian
05:33 PM Revision 6b01ee93: status.php: Add upgrade_log.latest.txt. Issue #10455: (cherry picked from commit 6c773de2544d267b8834c09beb40f83d9a1c32d4) Viktor Gurov
05:33 PM Revision 720aab15: OpenVPN/IPsec IPv6 prefix in DNS Resolver access list. Issue #10460: (cherry picked from commit 79eef195a77d7c05628adaa7418d748c05d862a8) Viktor Gurov
05:32 PM Revision 4f4a2b48: IPsec VTI enable netmask. Issue #10418: (cherry picked from commit 0bb934e9d7dd8c852bae4b221501b90e8dc1569b) Viktor Gurov
05:32 PM Revision 7e51a68b: IPsec VTI /30 netmask. Issue #10418: (cherry picked from commit 92ab21bb3f74413654fefd7b7a451641cf7c02a7) Viktor Gurov
05:31 PM Revision 2b902892: Check IPv6 interface aliases for firewall rules. Issue #8256: (cherry picked from commit 453c3b38407cd5f804d40f0a9946a05297dd3655) Viktor Gurov
05:30 PM Revision 510007ee: DHCPv6 update-static-leases. Issue #10412: (cherry picked from commit 1a618dc0d1977120810bfd8454fd4deda0a4ed55) Viktor Gurov
05:28 PM Revision e9bf0124: DHCPv6 service Dynamic DNS fix. Issue #10346: (cherry picked from commit 9fbd8f713449b2315daac91e219e711c8954ce7c) Viktor Gurov
05:27 PM Revision f95442c6: pfSense copynotice.inc copyright 2020. Issue #10373: (cherry picked from commit 501c65dfb00cbfb737a659c6be0fd3113045980e) Viktor Gurov
05:26 PM Revision a6674a6f: Floating rules tab fix. Issue #4629: (cherry picked from commit 65d935bfddb2d4d0e4816d344573d03e2b73b464) Viktor Gurov
05:26 PM Revision 85f8eab1: Add Interfaces column to Floating Rules. Issue #4629: (cherry picked from commit bf83fb9ab93435e605d28b67e0352d32ce63ba2d) Viktor Gurov
05:25 PM Revision 7f4fc779: fix #10499 dark theme autocomplete popup not readable: (cherry picked from commit 1d06b51d92483b70be11dcb4ca1d78e2f2b5dd15) Marc 05
03:30 PM Bug #10513 (New): State issues with policy routing and HA failover: Seeing some odd behavior on HA pairs which have multiple WANs and use policy routing. In some cases, the states for a... Jim Pingle
02:45 PM Bug #10463 (Feedback): The ng_etf module is missing from base in armv6 and aarch64: I've pushed the changes on arm/arm64 kernels adding it Renato Botelho
12:48 PM Bug #10463: The ng_etf module is missing from base in armv6 and aarch64: Luiz told me he'd work on this Jim Pingle
02:32 PM Bug #10414: Very high CPU usage of pfctl and more causing very high load and a hardly usable internet connection: For people suffering from this now, until the next release, this _might_ help:
add the line below to */boot/loader.c... → luckman212
12:49 PM Bug #10414 (Feedback): Very high CPU usage of pfctl and more causing very high load and a hardly usable internet connection: Luiz said the corrections have been made in the src tree Jim Pingle
01:58 PM pfSense Docs Correction #10512 (Closed): Feedback on Routing and Multi-WAN — Using Multiple IPv4 WAN Connections: *Page:* https://docs.netgate.com/pfsense/en/latest/routing/multi-wan.html
*Feedback:*
I'm told that when https:... Steve Y
12:56 PM Bug #10508 (Feedback): Backup does not skip all RRD data: Jim Pingle
12:55 PM Bug #10508: Backup does not skip all RRD data: PR Merged & Picked Jim Pingle
08:56 AM Bug #10508 (Pull Request Review): Backup does not skip all RRD data: Jim Pingle
04:02 AM Bug #10508: Backup does not skip all RRD data: it's safe to always skip the wrong rrd tags section on export:
https://github.com/pfsense/pfsense/pull/4297 Viktor Gurov
12:48 PM pfSense Packages Bug #10444: FRR will not start in 2.4.5 aarch64: Luiz told me he'd work on this Jim Pingle
12:48 PM Bug #8256 (Feedback): IPv6 IP Alias VIP not added to Interface Network Macros: Jim Pingle
12:48 PM Bug #10418 (Feedback): IPsec VTI address/mask selection not functional: Jim Pingle
12:47 PM Bug #10460 (Feedback): OpenVPN does not add IPv6 prefix to unbound DNS resolver: Jim Pingle
12:43 PM Feature #10293 (Feedback): DNS flag day - EDNS buffer size recommendation: Jim Pingle
12:43 PM Todo #10423 (Feedback): status.php: Add kernel modules: Jim Pingle
12:42 PM Bug #10424 (Feedback): status.php: Calls using pkg should use pkg-static: Jim Pingle
12:42 PM Bug #8054 (Feedback): DHCP server accepts trailing dot in domain names, DNS resolver adds another and breaks: Jim Pingle
12:42 PM Bug #10264 (Feedback): Gateways created at the console do not apply the naming convention used in the GUI: Jim Pingle
12:41 PM Feature #10350 (Feedback): Add OpenVPN configuration file(s) to status.php file: Jim Pingle
12:39 PM Feature #7704 (Feedback): Destination port range "Any" in Port Forward UI doesn't work: Jim Pingle
12:39 PM Bug #9320 (Feedback): Outbound NAT and multiple IPSEC IPs for mobile warriors: Jim Pingle
12:33 PM Feature #10455 (Feedback): status.php: Add upgrade_log.latest.txt: Jim Pingle
12:27 PM Bug #10373 (New): Incorrect copyright year: src changes need picked back Jim Pingle
07:24 AM Bug #10373 (Feedback): Incorrect copyright year: PR has been merged. Thanks! Renato Botelho
12:27 PM Revision 22f8462d: Merge pull request #4295 from Marc05/master: Renato Botelho
12:26 PM Revision 983d4b6a: Merge pull request #4294 from vktg/lacpfast: Renato Botelho
12:26 PM Revision cf396c58: Merge pull request #4293 from vktg/defadaptivefields: Renato Botelho
12:25 PM Revision 6823e2d6: Merge pull request #4292 from vktg/ntprrdneg: Renato Botelho
12:25 PM Revision dabc0c87: Merge pull request #4291 from vktg/ntpenablefix: Renato Botelho
12:25 PM Revision 3aeb8600: Merge pull request #4290 from vktg/floatfwfix: Renato Botelho
12:24 PM Revision 9dfd5637: Merge pull request #4289 from vktg/revertpr10433: Renato Botelho
12:24 PM Revision a0c4fc85: Merge pull request #4288 from vktg/dashboardcr2020: Renato Botelho
12:09 PM Bug #8611: unable to receive IPv6 RA's on SG-1000, default route lost: Viktor Gurov wrote:
> no such issue on pfSense 2.5.0.a.20200205.1753
>
> pfSense 2.4.4-p3 on SG-3100 as DHCP6/RA ... Pete Wright
09:25 AM pfSense Packages Feature #10479 (Feedback): Keep settings after deinstall option: PR has been merged. Thanks! Renato Botelho
08:57 AM pfSense Packages Feature #10479 (Pull Request Review): Keep settings after deinstall option: Jim Pingle
06:28 AM pfSense Packages Feature #10479: Keep settings after deinstall option: small fix:
https://github.com/pfsense/FreeBSD-ports/pull/855 Viktor Gurov
09:22 AM pfSense Packages Bug #9211 (Pull Request Review): GeoIP broken in pfSense-pkg-ntopng-0.8.13_3: Jim Pingle
09:17 AM pfSense Packages Bug #9211: GeoIP broken in pfSense-pkg-ntopng-0.8.13_3: https://forum.netgate.com/topic/153105/ntopng-update-to-v0-8-13_4-crashes
clean install fix:
https://github.com/p... Viktor Gurov
07:33 AM pfSense Packages Bug #9211 (Feedback): GeoIP broken in pfSense-pkg-ntopng-0.8.13_3: PR has been merged. Thanks! Renato Botelho
09:04 AM Feature #10340 (Pull Request Review): IPsec Mobile GUI Improvement (Dashboard and Status > IPsec > Leases): Jim Pingle
07:50 AM Feature #10340: IPsec Mobile GUI Improvement (Dashboard and Status > IPsec > Leases): On the status_ipsec_leases.php sets online status to green bold
and sets the IPsec widget leases tab background-colo... Viktor Gurov
08:58 AM Revision 6c1b20af: Skip all RRD data on backup. Issue #10508: Viktor Gurov
08:55 AM Bug #10509 (Pull Request Review): unable to remove CA private key: Jim Pingle
03:14 AM Bug #10509: unable to remove CA private key: https://github.com/pfsense/pfsense/pull/4296 Viktor Gurov
03:11 AM Bug #10509 (Resolved): unable to remove CA private key: https://forum.netgate.com/topic/153020/removing-a-ca-key
If you edit CA and save, the key is still there.
Viktor Gurov
07:33 AM pfSense Packages Bug #10475 (Feedback): pfSense-pkg-arpwatch unconditinally clobbers the arpwatch database files on upgrade: PR has been merged. Thanks! Renato Botelho
07:27 AM Bug #10499 (Feedback): Dark theme Auto-complete popup field has dark text on dark background: PR has been merged. Thanks! Renato Botelho
07:27 AM Feature #10504 (Feedback): Make LACP timeout PDU transmission speed configurable: PR has been merged. Thanks! Renato Botelho
07:26 AM Feature #7362 (Feedback): Add the default values of the TCP and UDP Timeouts on the WebUI depending on the "Firewall Optimization Options": PR has been merged. Thanks! Renato Botelho
07:25 AM Bug #6503 (Feedback): rrd graph for ntp monitoring does not reflect freq when neg (-) value.: PR has been merged. Thanks! Renato Botelho
07:25 AM Feature #3567 (Feedback): Option to disable NTP: PR has been merged. Thanks! Renato Botelho
07:25 AM Feature #4629 (Feedback): Rules Floating tab doesn't display interfaces: PR has been merged. Thanks! Renato Botelho
07:24 AM Bug #10433 (Feedback): addMask() js code resets netmask size to 128/32: PR has been merged. Thanks! Renato Botelho

04/29/2020

03:00 PM Revision 06472551: Make LACP timeout PDU transmission speed configurable. Issue #10504: Viktor Gurov
11:16 AM Bug #10499: Dark theme Auto-complete popup field has dark text on dark background: @Jim
Thanks for your patience! Marc 05
09:55 AM Bug #10499 (Pull Request Review): Dark theme Auto-complete popup field has dark text on dark background: PR: https://github.com/pfsense/pfsense/pull/4295 Jim Pingle
11:06 AM Bug #10508: Backup does not skip all RRD data: If want to make everybody happy:
replace this ... Grischa Zengel
10:10 AM Bug #10508: Backup does not skip all RRD data: If it's an evolution problem, why not filtering wrong tags on export?
If you don't skip you will skip the wrong se... Grischa Zengel
09:35 AM Bug #10508 (Not a Bug): Backup does not skip all RRD data: Your config must have had older data already inside due to a different bug fixed a while back (like #8994) or restori... Jim Pingle
09:34 AM Bug #10508: Backup does not skip all RRD data: ... Grischa Zengel
09:08 AM Bug #10508 (Resolved): Backup does not skip all RRD data: If I backup with skip RRD data enabled I will get this:... Grischa Zengel
09:54 AM Bug #10505: Mobile PSK users have wrong type in swanctl.conf secrets: The code in @ipsec_setup_userpools()@ explicitly checks for a type of EAP before making a user pool. I'm not sure if ... Jim Pingle
09:50 AM Bug #10505: Mobile PSK users have wrong type in swanctl.conf secrets: tested on 2.5.0.a.20200428.1204
now it sets 'psk' prefix correctly, but I don't see the 'mobile-userpool' section ... Viktor Gurov
09:31 AM Bug #10505 (Resolved): Mobile PSK users have wrong type in swanctl.conf secrets: Confirmed working by the original reporter: https://forum.netgate.com/post/908737 Jim Pingle
09:19 AM Bug #10414: Very high CPU usage of pfctl and more causing very high load and a hardly usable internet connection: We have identified the cause of the problem, it is a change made in FreeBSD for a PR: https://bugs.freebsd.org/bugzil... Jim Pingle
01:41 AM Revision 1d06b51d: fix #10499 dark theme autocomplete popup not readable: Marc 05
12:29 AM pfSense Packages Bug #10507 (Resolved): Unable to use forwarders: When setting the forwarders in the settings tabs, the forwarders are added under the general "options" section.
Howe... Jocelyn Viau

04/25/2020

05:30 PM Revision 0b5b700d: NTP disable clean config fix. Issue #3567: Viktor Gurov
05:18 PM Revision 65d935bf: Floating rules tab fix. Issue #4629: Viktor Gurov
12:56 PM Feature #10484 (Closed): Add Disable/Enable Button for NAT rules: You can do it already by clicking the blue 'checkmark' icon to the left of the Interface column Viktor Gurov
12:33 PM Feature #3567: Option to disable NTP: fix for clean NTP configurations which don't have $config['ntpd']['enable'] entry:
https://github.com/pfsense/pfsens... Viktor Gurov
12:29 PM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: Jim Pingle wrote:
> That isn't relevant to this feature. It's a different FreeBSD issue. I don't see anything about ... Marc 05
12:24 PM Feature #4629: Rules Floating tab doesn't display interfaces: extra fixes:
https://github.com/pfsense/pfsense/pull/4290 Viktor Gurov
12:18 PM Bug #10499 (Resolved): Dark theme Auto-complete popup field has dark text on dark background: Using pfSense-dark.css, the auto-complete pop-up currently does not specify a background image. This leads to theme.c... Marc 05
12:16 PM Revision 84602d57: Revert addMask() max /31 netmask. Issue 10433: Viktor Gurov
12:10 PM Revision 501c65df: pfSense copynotice.inc copyright 2020. Issue #10373: Viktor Gurov
07:33 AM Bug #10211 (Resolved): Limiters ECN input validation problem: tested on 2.5.0.a.20200424.1759
now it correctly sets/unsets _ecn_ option for RED/GRED limiters Viktor Gurov
07:20 AM Bug #10433: addMask() js code resets netmask size to 128/32: revert it:
https://github.com/pfsense/pfsense/pull/4289 Viktor Gurov
07:11 AM Bug #10373: Incorrect copyright year: copynotice.inc fix:
https://github.com/pfsense/pfsense/pull/4288 Viktor Gurov
07:07 AM Bug #10373: Incorrect copyright year: rc.local fix:
https://github.com/pfsense/FreeBSD-src/pull/29 Viktor Gurov
03:42 AM Feature #10448 (Resolved): DHCPv6 RA - show default values in certain fields: tested on 2.5.0.a.20200423.1513
works as expected - shows default values in the _Default valid lifetime, Default p... Viktor Gurov
03:36 AM Bug #10460 (Resolved): OpenVPN does not add IPv6 prefix to unbound DNS resolver: tested on 2.5.0.a.20200423.1513
works as expected - adds IPsec Mobile Virtual IPv6 Address Pool and OpenVPN IPv6 T... Viktor Gurov

04/24/2020

03:13 PM pfSense Docs Correction #10498 (Closed): Feedback on IPsec — Site-to-Site: Jim Pingle
03:11 PM pfSense Docs Correction #10498: Feedback on IPsec — Site-to-Site: Please ignore, it was a configuration error on my part. I entered the wrong network for remote. Devan Bhagat
01:39 PM pfSense Docs Correction #10498 (Closed): Feedback on IPsec — Site-to-Site: *Page:* https://docs.netgate.com/pfsense/en/latest/book/ipsec/site-to-site.html
*Feedback:*
Thank you for provi... Devan Bhagat
01:12 PM Bug #9615: Connections permitted by a schedule are not killed when that schedule expires.: *To whom it may concern,*
I have also encountered this bug as documented in this NetGate forum thread:
"https:... Benjamin Lee
12:27 PM Bug #10497 (Not a Bug): Failed package install (suricata): Not a bug. You must be on 2.4.5 to install the latest packages.
Alternately, you may manually choose the 2.4.4 bra... Jim Pingle
11:46 AM Bug #10497 (Not a Bug): Failed package install (suricata): I was on 2.4.4 and tried to install suricata just now, and got an error "pkg-static: Cannot delete vital package: pfS... James no
11:40 AM Bug #9946: package install failed: unset the 'vital' flag with: pkg set -v 0 pfSense: Hi
I was on 2.4.4 and tried to install suricata just now, and got an error "pkg-static: Cannot delete vital package:... James no
10:07 AM Bug #10488 (Resolved): sshguard fails to run on pfSense 2.4.5: All indications are that this is OK now. I have tested on several different platforms (amd64, SG-1000, SG-1100, SG-31... Jim Pingle
09:27 AM pfSense Packages Bug #9776 (Resolved): Wrong function in squidguard_log.php: squidGuard 1.16.18_5 - works fine Viktor Gurov
09:27 AM pfSense Packages Bug #9350 (Resolved): not appear proxy config: squidGuard 1.16.18_5 - works fine Viktor Gurov
08:42 AM Feature #10455 (Resolved): status.php: Add upgrade_log.latest.txt: tested on 2.5.0.a.20200423.1513
_OS-Upgrade Log Latest.txt_ in the status_output.tgz file Viktor Gurov
08:36 AM pfSense Packages Feature #10474 (Resolved): Suppress notifications for specific MACs: arpwatch 0.2.0_2 works as expected Viktor Gurov
08:09 AM Bug #9968: Configuration of assigned interfaces is deployed to unassigned ones: Well, in our enviroment, this is still present and I can reproduce this behavior any time. I can also provide access ... Marek Částek
08:04 AM Bug #9801: VTI IPv6 addresses don't get assigned: It works for others. If it doesn't work for you, you need to post on a place where that can be diagnosed and discusse... Jim Pingle
07:53 AM Bug #9801: VTI IPv6 addresses don't get assigned: This not forum question:
My VTI with IPv6 work well only if there no IPv4. And vise versa. DRago_Angel [InV@DER]
07:14 AM Bug #9801: VTI IPv6 addresses don't get assigned: Post on the forum to discuss your problem. Jim Pingle
06:19 AM Bug #9801: VTI IPv6 addresses don't get assigned: Tried to configure it and doesn't have working solution on 2.4.5 release. How to accomplish this?
Tried to use uniq ... DRago_Angel [InV@DER]
08:02 AM pfSense Packages Bug #10494 (Resolved): Snort package Logs Management process not purging correctly: Jim Pingle
07:46 AM pfSense Packages Bug #10494: Snort package Logs Management process not purging correctly: The pull requests have been merged. This bug is corrected in the latest Snort package versions 3.2.9.11 (for pfSense-... Bill Meeks
07:13 AM Feature #10496 (Rejected): Add ability to mass import/export of Firewall Aliases: It's already present and there is no bug as stated. Post on the forum to discuss whatever your issue might be. Jim Pingle
03:41 AM Feature #10496: Add ability to mass import/export of Firewall Aliases: DRago_Angel [InV@DER] wrote:
> I found bug - when you go back to Aliases from Add new record page - import button no... Viktor Gurov
03:11 AM Feature #10496: Add ability to mass import/export of Firewall Aliases: Thank you for your reply, yes indeed it supported.
I found bug - when you go back to Aliases from Add new record pag... DRago_Angel [InV@DER]
02:57 AM Feature #10496: Add ability to mass import/export of Firewall Aliases: Starting from 2.4.5 you can export the list of aliases in text format:
https://redmine.pfsense.org/issues/9816 Viktor Gurov
02:47 AM Feature #10496 (Rejected): Add ability to mass import/export of Firewall Aliases: Now pfSense support import of IPs/Ports etc.
It cool, but it can be more enhanced to support export data as well and... DRago_Angel [InV@DER]
07:01 AM Feature #10495: Add support of Pushover API for notifications: https://pushover.net/ Jim Pingle
12:56 AM Feature #10495 (Resolved): Add support of Pushover API for notifications: DRago_Angel [InV@DER]
06:28 AM Bug #10247 (Resolved): Duplicate Outbound NAT entries when creating L2TP server: now it's ok on 2.5.0.a.20200423.1513 Viktor Gurov
06:21 AM Bug #9320 (Resolved): Outbound NAT and multiple IPSEC IPs for mobile warriors: works as expected on 2.5.0.a.20200423.1513 -
adds IP addresses from VPN / IPsec / Pre-Shared Keys pools to auto Outb... Viktor Gurov
05:52 AM Feature #7704 (Resolved): Destination port range "Any" in Port Forward UI doesn't work: works as expected on 2.5.0.a.20200423.1513
"10.11.11.1 -> 88.88.99.99 tcp any" example:... Viktor Gurov
03:54 AM pfSense Packages Bug #10475 (Resolved): pfSense-pkg-arpwatch unconditinally clobbers the arpwatch database files on upgrade: arpwatch 0.2.0_2 - works as expected Viktor Gurov
02:00 AM pfSense Packages Bug #10369 (Resolved): Remote OpenVPN server protocol definition: 1.4.22 - legacy client export is OK now Viktor Gurov
01:45 AM pfSense Packages Bug #10490 (Resolved): Syslog-ng syntax test failed: 1.15_5 works as expected Viktor Gurov
01:41 AM pfSense Packages Feature #9003 (Resolved): Add 'Copy Running to Saved' option to the raw config: now it works as expected on FRR 0.6.4_4 Viktor Gurov
01:36 AM pfSense Packages Bug #10442 (Resolved): ACME: special characters in descriptions trigger silent error and rollback: tested acme 0.6.7 - now you can use any characters in the Description field Viktor Gurov
01:34 AM pfSense Packages Bug #10452 (Resolved): acme - new DNS-Api namemaster.de in overview hash visible: acme 0.6.7 - resolved Viktor Gurov

04/23/2020

05:46 PM pfSense Packages Bug #10490: Syslog-ng syntax test failed: Works OK with version 1.15_5.
Thanks! e 1/1
12:40 PM pfSense Packages Bug #10490 (Feedback): Syslog-ng syntax test failed: PR has been merged. Thanks! Renato Botelho
07:34 AM pfSense Packages Bug #10490 (Pull Request Review): Syslog-ng syntax test failed: Jim Pingle
02:42 AM pfSense Packages Bug #10490: Syslog-ng syntax test failed: On initial setup, syslogng_build_cert() tries to get the parameters from $config, but it needs to get it from $post, ... Viktor Gurov
05:28 PM Revision dce43afd: Merge pull request #4287 from vktg/rednoencfix: Renato Botelho
05:27 PM Revision 75df4967: Merge pull request #4285 from vktg/fwdefplaceholder: Renato Botelho
05:26 PM Revision b5410de8: Merge pull request #4286 from vktg/inffloatingtab: Renato Botelho
05:25 PM Revision 41cfa1ce: Merge pull request #4284 from vktg/nol2tp: Renato Botelho
05:24 PM Revision 03b7565d: Merge pull request #4283 from vktg/portforwardanyfix: Renato Botelho
05:23 PM Revision 886426ef: Merge pull request #4277 from vktg/ntpgpsspeedfix: Renato Botelho
05:22 PM Revision ed2e5bf5: Merge pull request #4280 from vktg/ipsecvtirevertback: Renato Botelho
05:21 PM Revision ba639889: Merge pull request #4278 from vktg/radvdshowdefvalues: Renato Botelho
05:20 PM Revision a6e54b89: Merge pull request #4279 from Wasurerarenai/master: Renato Botelho
05:19 PM Revision 9fc75e67: Merge pull request #4276 from vktg/unboundauto6acl: Renato Botelho
05:18 PM Revision cd585183: Merge pull request #4275 from ecovillage/doc-dynamic_pipe_queue_help_text: Renato Botelho
05:17 PM Revision bcc0ba5f: Merge pull request #4274 from hydrian/master: Renato Botelho
05:16 PM Revision e08d8867: Merge pull request #4272 from vktg/statupupdatelatest: Renato Botelho
05:14 PM Revision c01fa17a: Merge pull request #4167 from vktg/discard6request: Renato Botelho
04:10 PM pfSense Packages Bug #10494: Snort package Logs Management process not purging correctly: Pull requests have been submitted to both the pfSense-2.4.5-RELEASE and pfSense-2.5-DEVEL branches to correct this is... Bill Meeks
01:19 PM pfSense Packages Bug #10494: Snort package Logs Management process not purging correctly: If one of the pfSense guys can edit the title of this Issue, please correct my typo in "Management" in the title. Bill Meeks
01:17 PM pfSense Packages Bug #10494: Snort package Logs Management process not purging correctly: Creating this and assigning it to me for tracking purposes. The fix for this will be submitted shortly.
Bill Bill Meeks
01:16 PM pfSense Packages Bug #10494 (Resolved): Snort package Logs Management process not purging correctly: The Logs Management process in Snort, when enabled, does not purge rotated alert logs that have exceeded the configur... Bill Meeks
03:25 PM Revision 58001982: Ignore user-config-readonly for admin/admins. Fixes #10492: (cherry picked from commit fa0ed29ef58fe6758f2cdc96f5bf68da32241faf) Jim Pingle
03:25 PM Revision fa0ed29e: Ignore user-config-readonly for admin/admins. Fixes #10492: Jim Pingle
12:43 PM pfSense Packages Feature #9762 (Feedback): Squid Reverse Proxy Change redir domain(s) to use regex: PR has been merged. Thanks! Renato Botelho
12:43 PM pfSense Packages Bug #9776 (Feedback): Wrong function in squidguard_log.php: PR has been merged. Thanks! Renato Botelho
12:43 PM pfSense Packages Bug #10369 (Feedback): Remote OpenVPN server protocol definition: PR has been merged. Thanks! Renato Botelho
12:42 PM pfSense Packages Feature #10479 (Feedback): Keep settings after deinstall option: PR has been merged. Thanks! Renato Botelho
12:41 PM pfSense Packages Feature #9003 (Feedback): Add 'Copy Running to Saved' option to the raw config: PR has been merged. Thanks! Renato Botelho
12:40 PM pfSense Packages Bug #10442 (Feedback): ACME: special characters in descriptions trigger silent error and rollback: PR has been merged. Thanks! Renato Botelho
12:40 PM pfSense Packages Bug #10452 (Feedback): acme - new DNS-Api namemaster.de in overview hash visible: PR has been merged. Thanks! Renato Botelho
07:25 AM pfSense Packages Bug #10452 (Pull Request Review): acme - new DNS-Api namemaster.de in overview hash visible: Jim Pingle
01:52 AM pfSense Packages Bug #10452: acme - new DNS-Api namemaster.de in overview hash visible: NameMaster.de uses _nm_sha256_ field name for password hash,
but only fields containing _key, secret, password_ or _... Viktor Gurov
12:39 PM pfSense Packages Feature #10474 (Feedback): Suppress notifications for specific MACs: PR has been merged. Thanks! Renato Botelho
12:39 PM pfSense Packages Bug #10475 (Feedback): pfSense-pkg-arpwatch unconditinally clobbers the arpwatch database files on upgrade: PR has been merged. Thanks! Renato Botelho
12:28 PM Bug #10211 (Feedback): Limiters ECN input validation problem: PR has been merged. Thanks! Renato Botelho
12:27 PM Feature #7362 (Feedback): Add the default values of the TCP and UDP Timeouts on the WebUI depending on the "Firewall Optimization Options": PR has been merged. Thanks! Renato Botelho
12:26 PM Feature #4629 (Feedback): Rules Floating tab doesn't display interfaces: PR has been merged. Thanks! Renato Botelho
12:25 PM Bug #10247 (Feedback): Duplicate Outbound NAT entries when creating L2TP server: PR has been merged. Thanks! Renato Botelho
12:24 PM Feature #7704 (Feedback): Destination port range "Any" in Port Forward UI doesn't work: PR has been merged. Thanks! Renato Botelho
12:23 PM Feature #7284 (Feedback): NTPd Autoset GPS device baud rate: PR has been merged. Thanks! Renato Botelho
12:22 PM Bug #10418 (Feedback): IPsec VTI address/mask selection not functional: PR has been merged. Thanks! Renato Botelho
12:21 PM Feature #10448 (Feedback): DHCPv6 RA - show default values in certain fields: PR has been merged. Thanks! Renato Botelho
12:20 PM Feature #10374 (Feedback): Add ARM32/64 network booting support to dhcpd: PR has been merged. Thanks! Renato Botelho
12:20 PM Bug #10398: RFC1918 external address in miniupnp does not work after upgrade to 2.4.5: Steve Wheeler wrote:
> There us a patch available to remove that behavior in miniupnpd that needs testing:
> https:... Shane Addinall
12:19 PM Bug #10460 (Feedback): OpenVPN does not add IPv6 prefix to unbound DNS resolver: PR has been merged. Thanks! Renato Botelho
12:17 PM Feature #10459 (Feedback): Improved DynDNS Logging: PR has been merged. Thanks! Renato Botelho
12:16 PM Feature #10455 (Feedback): status.php: Add upgrade_log.latest.txt: PR has been merged. Thanks! Renato Botelho
12:15 PM Bug #9634 (Feedback): rc.newwanipv6 is called although dhcp6c should discard Request messages: PR has been merged. Thanks! Renato Botelho
10:35 AM Bug #10492 (Feedback): LDAP groups conflict in privileges: Applied in changeset commit:fa0ed29ef58fe6758f2cdc96f5bf68da32241faf. Jim Pingle
10:01 AM Bug #10492: LDAP groups conflict in privileges: > In my opinion, if a user has the "WebCfg - All pages" privilege, pfSense should overwrite any lower right from bein... Jim Pingle
09:26 AM Bug #10492 (In Progress): LDAP groups conflict in privileges: Jim Pingle
01:27 AM Bug #10492 (Resolved): LDAP groups conflict in privileges: I am running pfSense 2.4.5-RELEASE with a 389 Directory Server for LDAP user authentication.
I have configured th... Viktor Gurov
09:02 AM Bug #10493: filter_get_vpns_list() issues: > 2) Because of filter_get_vpns_list() returns not only IPsec networks, IPsec MSS clamping option will affect unneces... Jim Pingle
08:47 AM Bug #10493 (New): filter_get_vpns_list() issues: 1) filter_get_vpns_list() returns only:
IPsec Mobile IPv4 subnet
IPsec site-to-site networks
OpenVPN client/ser... Viktor Gurov

04/22/2020

09:11 PM Bug #10488: sshguard fails to run on pfSense 2.4.5: Yes, now its working as expected. Max Green
03:08 PM Bug #10488 (Feedback): sshguard fails to run on pfSense 2.4.5: The sshguard port is now working and a new version has been built from it.
To obtain the corrected version of @ss... Jim Pingle
01:34 PM Bug #10488: sshguard fails to run on pfSense 2.4.5: I have a lead on what happened. Somehow the @sshguard@ port is missing at least one patch, @files/patch-src_sshguard.... Jim Pingle
12:58 PM Bug #10488 (Confirmed): sshguard fails to run on pfSense 2.4.5: We've been able to confirm this internally now, but it isn't consistent. Some work, some do not, across all platforms... Jim Pingle
09:05 AM Bug #10488 (Feedback): sshguard fails to run on pfSense 2.4.5: I can't reproduce this here on amd64, it blocks me when I try. I am on the default settings of 20/120/1800, but I als... Jim Pingle
02:52 PM Bug #10211 (Pull Request Review): Limiters ECN input validation problem: Jim Pingle
01:00 PM Bug #10491: Upgrade to 2.4.5 broke 802.1x RADIUS WiFi over VPN: Sorry, I didn't see the Reporting Issues page. I will start there. David Martin
12:56 PM Bug #10491 (Not a Bug): Upgrade to 2.4.5 broke 802.1x RADIUS WiFi over VPN: There isn't enough information here to concretely say this is a bug in pfSense, and this site is not for support or d... Jim Pingle
12:51 PM Bug #10491 (Not a Bug): Upgrade to 2.4.5 broke 802.1x RADIUS WiFi over VPN: Updating my OpenVPN host from pfSense 2.4.4-p3 to 2.4.5 broke 802.1x WPA2-Enterprise WiFi at the remote sites. The pr... David Martin
12:38 PM pfSense Packages Feature #10486: Feature Request: Ability to transmit to remote syslog server via TCP: Jim Pingle wrote:
> This site is not for support or diagnostic discussion.
>
> For assistance in solving problems... e 1/1
12:20 PM pfSense Packages Feature #10486: Feature Request: Ability to transmit to remote syslog server via TCP: This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
12:14 PM pfSense Packages Feature #10486: Feature Request: Ability to transmit to remote syslog server via TCP: Jim Pingle wrote:
> This is already possible with the syslog-ng package. The base system syslog daemon does not supp... e 1/1
12:09 PM pfSense Packages Bug #10490 (Resolved): Syslog-ng syntax test failed: Steps to reproduce:
-Install syslog-ng on a new pfSense instance, version 1.15_4;
-go to Package->Services: Syslog-... e 1/1
11:50 AM pfSense Docs New Content #10489 (Resolved): Feedback on System Monitoring — Remote Logging with Syslog: *Page:* https://docs.netgate.com/pfsense/en/latest/monitoring/logs/remote.html
*Feedback:*
1. Add paragraph in d... e 1/1
11:43 AM pfSense Packages Bug #10476: Services - Acme - Certificates using loopia API: Tobias Müllauer wrote:
> Jim Pingle wrote:
> > The TTL value of @60@ is hardcoded in the "dns_loopia.sh script":htt... Viktor Gurov
11:11 AM Bug #10414: Very high CPU usage of pfctl and more causing very high load and a hardly usable internet connection: +1
in my case it is the Filter Reload. I had this high CPU load every 15 minutes. All cores go to 100% for seconds. ... Manfred Bongard

04/21/2020

09:33 PM Revision 75fb1d57: RED/GRED limiters do not have noecn option. Issue #10211: Viktor Gurov
08:41 PM Bug #10488 (Resolved): sshguard fails to run on pfSense 2.4.5: After upgrade to 2.4.5 sshguard stop working.
To check this bug, I tried to connect using the user test. Screenshot ... Max Green
08:04 PM Revision 7e107c67: Add the default values of the TCP and UDP Timeouts on the WebUI. Issue #7362: Viktor Gurov
04:39 PM Bug #10211: Limiters ECN input validation problem: RED/GRED limiters do not have _noecn_ option, https://www.freebsd.org/cgi/man.cgi?ipfw(8):... Viktor Gurov
01:07 PM pfSense Packages Bug #10487 (New): Telegraf package not sending logs to influxdb server: On SG-1100, running 2.4.5-RELEASE, with pfSense-pkg-Telegraf-0.9_3, the Telegraf package does not function as expecte... Anonymous
11:02 AM pfSense Packages Feature #10486 (Rejected): Feature Request: Ability to transmit to remote syslog server via TCP: This is already possible with the syslog-ng package. The base system syslog daemon does not support TCP. Jim Pingle
10:58 AM pfSense Packages Feature #10486 (Rejected): Feature Request: Ability to transmit to remote syslog server via TCP: For those of us who care about our logs and want to ensure we don't drop events, it's standard practice to configure ... Bryan Sampsel
11:00 AM pfSense Packages Feature #10485 (Rejected): Feature Request: Ability to leverage a blocklist by domain name or URL, such as at https://www.cyberthreatcoalition.org/ -- the new Cyber Threat Coalition site.: pfBlockerNG can already reject by domain -- reach out on the forum and raise the topic there: https://forum.netgate.c... Jim Pingle
10:56 AM pfSense Packages Feature #10485 (Rejected): Feature Request: Ability to leverage a blocklist by domain name or URL, such as at https://www.cyberthreatcoalition.org/ -- the new Cyber Threat Coalition site.: There's a blocklist by domain name or URL at https://www.cyberthreatcoalition.org/
-- the new Cyber Threat Coalition... Bryan Sampsel
10:12 AM Revision bf83fb9a: Add Interfaces column to Floating Rules. Issue #4629: Viktor Gurov
09:35 AM Revision 8f74c44e: L2TP duplicate outbound NAT fix. Issue 10247: Viktor Gurov
08:45 AM Feature #4629 (Pull Request Review): Rules Floating tab doesn't display interfaces: Jim Pingle
05:15 AM Feature #4629: Rules Floating tab doesn't display interfaces: Jim Pingle wrote:
> Though the PR at https://github.com/pfsense/pfsense/pull/1616 was merged a long time ago, it doe... Viktor Gurov
08:02 AM pfSense Packages Feature #9003 (Pull Request Review): Add 'Copy Running to Saved' option to the raw config: Jim Pingle
03:50 AM pfSense Packages Feature #9003: Add 'Copy Running to Saved' option to the raw config: Renato Botelho wrote:
> PR has been merged. Thanks!
js function configCheck() is does not exist
This PR adds it... Viktor Gurov
07:54 AM Bug #10465: possible routing performance regression due to non use of ip_tryforward: The issue I believe has always been with FreeBSD base - and not pfSense defaults.
The MFC patch (https://svnweb.f... David Burns
07:37 AM Bug #10465: possible routing performance regression due to non use of ip_tryforward: ICMP redirects have been on by default in pfSense for as long as I can remember, though there may have been a bug or ... Jim Pingle
07:03 AM Bug #10465: possible routing performance regression due to non use of ip_tryforward: I understand your reluctance to vary FreeBSD defaults... however here is a brief summary of pfSense / FreeBSD behavio... David Burns
07:53 AM Feature #6626: Support for IPv6 firewall entries with dynamic delegated prefix and static host address: This issue should be adressed in the near future, as it may prevent the use of IPv6 in some instances, where filterin... A J
04:53 AM Feature #10484 (Closed): Add Disable/Enable Button for NAT rules: On pfSense GUI on firewall rules there is a graphical ENABLE/DISABLE button which allows to switch quickly between di... Peter Pan
04:24 AM Bug #10414: Very high CPU usage of pfctl and more causing very high load and a hardly usable internet connection: Not much to add, but getting same issue.
Not virtual - SG3100.
IPV6 enabled.
Snort + Pfblocker enabled.
Bogan b... Chris F

04/20/2020

10:13 AM pfSense Packages Feature #10479 (Pull Request Review): Keep settings after deinstall option: Jim Pingle
09:41 AM pfSense Packages Feature #10479: Keep settings after deinstall option: https://github.com/pfsense/FreeBSD-ports/pull/845 Viktor Gurov
10:11 AM pfSense Packages Bug #10476: Services - Acme - Certificates using loopia API: Jim Pingle wrote:
> The TTL value of @60@ is hardcoded in the "dns_loopia.sh script":https://github.com/acmesh-offic... Tobias Müllauer
08:57 AM pfSense Packages Bug #10476 (Needs Patch): Services - Acme - Certificates using loopia API: The TTL value of @60@ is hardcoded in the "dns_loopia.sh script":https://github.com/acmesh-official/acme.sh/blob/mast... Jim Pingle
10:00 AM Feature #10483 (Duplicate): Add UI for EAP configuration for WLAN interfaces: When using a Wi-Fi network as an uplink, EAP can be selected as the security mode, but there is nowhere in the UI to ... Tim Cappalli
09:11 AM Bug #10465: possible routing performance regression due to non use of ip_tryforward: I'm not sure we should change the default to disable ICMP redirects. A modest performance gain would be nice but most... Jim Pingle
09:05 AM Todo #10135: help.php: Update links: There are some suggestions for specific link replacements on #10481 Jim Pingle
09:04 AM Bug #10481 (Duplicate): Update doc links in WebGUI to reflect proper docs URLs: The help links are already covered under #10135
There are only two non-book non-help links in the code, and that's... Jim Pingle
09:00 AM Feature #10480 (Rejected): Support for Atheros AR8328 network controller: That kind of request needs to be raised upstream with FreeBSD. If they add it, eventually it will make its way into p... Jim Pingle
08:52 AM pfSense Packages Todo #8332: pfBlockerNG doesn't include L2TP interface in outbound floating rules: Rules shouldn't be needed for each individual L2TP interface. There is an interface group called "l2tp" which handles... Jim Pingle
08:50 AM Bug #10433 (New): addMask() js code resets netmask size to 128/32: Viktor Gurov wrote:
> This change has broken IPv6 port forward and NAT 1:1 - now it is not possible to enter netmask... Jim Pingle
08:48 AM pfSense Packages Feature #10474 (Pull Request Review): Suppress notifications for specific MACs: Jim Pingle
08:33 AM Feature #7362 (Pull Request Review): Add the default values of the TCP and UDP Timeouts on the WebUI depending on the "Firewall Optimization Options": Jim Pingle
08:29 AM pfSense Packages Bug #10475 (Pull Request Review): pfSense-pkg-arpwatch unconditinally clobbers the arpwatch database files on upgrade: Jim Pingle
08:21 AM Bug #10247 (Pull Request Review): Duplicate Outbound NAT entries when creating L2TP server: Jim Pingle
08:19 AM Bug #4727 (Not a Bug): Rules on L2TP VPN Tab are ignored. All traffic from clients always allowed.: There is an interface _group_ for l2tp, to which rules are applied. This works fine as-is.... Jim Pingle
08:12 AM Feature #7704 (Pull Request Review): Destination port range "Any" in Port Forward UI doesn't work: Jim Pingle

Also available in: Atom

Project

General

Profile

pfSense

Activity

Activity

05/19/2020

05/18/2020

05/17/2020

05/15/2020

05/14/2020

05/13/2020

05/12/2020

05/11/2020

05/10/2020

05/09/2020

05/08/2020

05/07/2020

05/06/2020

05/05/2020

05/04/2020

05/03/2020

05/02/2020

05/01/2020

04/30/2020

04/29/2020

04/28/2020

04/27/2020

04/26/2020

04/25/2020

04/24/2020

04/23/2020

04/22/2020

04/21/2020

04/20/2020