Activity

30 days up to

User

Subprojects

Activity

From 05/27/2020 to 06/25/2020

06/25/2020

11:52 PM Revision d1c779e0: enhance the look of form-control multiple select: Travis Boss
07:51 PM Bug #10705: Difficult to see multiple selection form-control: https://github.com/pfsense/pfsense/pull/4376 Anonymous
06:51 PM Bug #10705 (Resolved): Difficult to see multiple selection form-control: pfsense-BETA-dark
Specifically in Avahi, it is hard to see what interfaces you have selected due to the grays bein... Anonymous
02:44 PM Bug #10699 (Needs Patch): CRL php error: I am able to reproduce the crash with the CA provided by OP. Crash happens on 2.4.5-p1 and 2.5.0. It appears to be du... Jim Pingle
10:46 AM Bug #10699: CRL php error: Continuing the discussion here: https://forum.netgate.com/topic/154788/crl-don-t-works/ Jim Pingle
10:25 AM Bug #10699: CRL php error: Jim Pingle wrote:
> Nothing looks obviously wrong in that, but still it's confusing the CRL routines somehow.
>
>... Dario Martino
09:52 AM Bug #10699: CRL php error: Nothing looks obviously wrong in that, but still it's confusing the CRL routines somehow.
If you don't mind to sen... Jim Pingle
09:04 AM Bug #10699: CRL php error: Nothing seems wrong in my CA:
#openssl rsa -in pfsense.pter.it.key -check -noout
RSA key ok
#openssl x509 -in ... Dario Martino
08:38 AM Bug #10699: CRL php error: Hi Jim,
thanks for your reply.
Jim Pingle wrote:
> That looks like a problem with your certificate. It can't rea... Dario Martino
07:49 AM Bug #10699 (Feedback): CRL php error: That looks like a problem with your certificate. It can't read the time stamp from the certificate data.
Can you a... Jim Pingle
05:01 AM Bug #10699 (Needs Patch): CRL php error: Hello,
I have a php error when I try to add a certificate issued for openvpn client to a CRL. I can create the CRL, ... Dario Martino
01:55 PM Bug #10702: Todays Snapshot System does crash and does not start any more: We constantly monitor the forum, that is not a concern. Jim Pingle
01:40 PM Bug #10702: Todays Snapshot System does crash and does not start any more: Jim
the reason to post it here, is that I was very afraid that other people would become in trouble
And depending... Louis B
01:30 PM Bug #10702: Todays Snapshot System does crash and does not start any more: You should post these kinds of things on the forum and not here. That is the proper place to discuss and diagnose wha... Jim Pingle
01:25 PM Bug #10702: Todays Snapshot System does crash and does not start any more: Jim,
I did a new install using the today 650 snapshot, since the update had failed.
Then I installed the config f... Louis B
09:48 AM Bug #10702: Todays Snapshot System does crash and does not start any more: See my previous comment. That is most likely a problem with your installation, not a bug in the snapshots. Main suspe... Jim Pingle
09:39 AM Bug #10702: Todays Snapshot System does crash and does not start any more: Hereby two fotos captured via mobile using the "KVM-switch". Perhaps helpfull.
Louis Louis B
09:34 AM Bug #10702 (Not a Bug): Todays Snapshot System does crash and does not start any more: No problems here on the latest snapshot. That seems more like you have a local failure (perhaps a storage problem or ... Jim Pingle
08:37 AM Bug #10702 (Not a Bug): Todays Snapshot System does crash and does not start any more: Hello,
Two hours ago I did upgrade to latest snapshot, during the related reboot the system never came back.
I ... Louis B
01:37 PM Bug #8890: Register DHCP leases in the DNS Resolver has no effect: Oh man, I hit this bug today bigtime on a 2.4.4-p3 system. Took awhile to figure out why DNS was resolving incorrectl... → luckman212
01:11 PM pfSense Packages Bug #10692: PIMD starts twice at boot: With "the patch emulated" (by stopping pimd, disabling and anabling interfaced, stating pimd again) it is working mor... Louis B
11:12 AM Bug #10691: Issue with rules (firewall and NAT) being reloaded after changes made: Yes, that's all covered by my previous note.
Kill the firewall states after making a change like that if disconnec... Jim Pingle
11:07 AM Bug #10691: Issue with rules (firewall and NAT) being reloaded after changes made: A SSH connection is also held open after the NAT rule is disabled.
So if there is an unknown breach/connection act... John Weithman
11:08 AM Todo #10704 (Resolved): Work around PHP issues with SSL LDAP and multiple authentication servers: Based on a report from a customer, the PHP environment we have to setup for SSL LDAP clients does not appear to grace... Jim Pingle
10:52 AM Bug #10703: OpenVPN copy doesn't save auth_pass: Copying my note here from github:
The password issue is probably because of the Confirm box on the page, which rea... Jim Pingle
10:50 AM Bug #10703 (Resolved): OpenVPN copy doesn't save auth_pass: This happened to me when I copied a OpenVPN client and only changed the host address. The resulting copy doesn't incl... Viktor Gurov
09:55 AM Feature #7705 (Pull Request Review): Support dynamic interface address for 1:1 NAT: Jim Pingle
09:12 AM Feature #7705: Support dynamic interface address for 1:1 NAT: https://github.com/pfsense/pfsense/pull/4375 Viktor Gurov
08:30 AM Revision b0ecf4e1: Allow to select EoIP protocol. Implements #10698: Viktor Gurov
07:46 AM pfSense Packages Bug #10700 (Pull Request Review): not all VPN IPs added with vpnaddresses option: Jim Pingle
05:19 AM pfSense Packages Bug #10700: not all VPN IPs added with vpnaddresses option: https://github.com/pfsense/FreeBSD-ports/pull/888 Viktor Gurov
05:05 AM pfSense Packages Bug #10700 (Resolved): not all VPN IPs added with vpnaddresses option: Suricata uses filter_get_vpns_list() to get vpnaddresses list
filter_get_vpns_list() returns only:
IPsec Mobile I... Viktor Gurov
07:45 AM pfSense Packages Bug #10552 (Pull Request Review): Typo in OpenBGPD's settings page: Jim Pingle
05:00 AM pfSense Packages Bug #10552: Typo in OpenBGPD's settings page: Fix:
https://github.com/pfsense/FreeBSD-ports/pull/887 Viktor Gurov
07:44 AM Feature #10698 (Pull Request Review): Allow to select EoIP protocol: Jim Pingle
03:31 AM Feature #10698: Allow to select EoIP protocol: https://github.com/pfsense/pfsense/pull/4374 Viktor Gurov
03:30 AM Feature #10698 (Resolved): Allow to select EoIP protocol: Allow to select EoIP (97 or etherip in FreeBSD) protocol in the Protocol drop-down menu
See https://tools.ietf.org... Viktor Gurov
07:43 AM Bug #1478 (Pull Request Review): some characters in FW rule descriptions do not sync properly: Jim Pingle
02:36 AM Bug #1478: some characters in FW rule descriptions do not sync properly: https://github.com/pfsense/pfsense/pull/4373 Viktor Gurov
07:40 AM pfSense Packages Bug #10697 (Pull Request Review): Missing New Line After NCP Parameter in Client Config: Jim Pingle
01:31 AM pfSense Packages Bug #10697: Missing New Line After NCP Parameter in Client Config: https://github.com/pfsense/FreeBSD-ports/pull/809 Viktor Gurov
01:31 AM pfSense Packages Bug #10697 (Resolved): Missing New Line After NCP Parameter in Client Config: "auth alg" digest algorithm client config parameter is erroneously merged into the same config line as the "ncp-disab... Viktor Gurov
07:38 AM Bug #7742 (Pull Request Review): 1:1 NAT for IPv6 applies wrong subnet mask to "Single Host": Jim Pingle
01:19 AM Bug #7742: 1:1 NAT for IPv6 applies wrong subnet mask to "Single Host": Fix:
https://github.com/pfsense/pfsense/pull/4372 Viktor Gurov
07:36 AM Bug #10701: Firewall Log too wide with Rule Description Column: That's because you have the rule descriptions as a column instead of an extra row. There is no way that is all going ... Jim Pingle
05:41 AM Bug #10701 (New): Firewall Log too wide with Rule Description Column: Hello,
I just noticed that at least with systemlog firewall the layout does not fit inside the page any more. May ... Louis B
07:33 AM Revision 1660f4b3: Sync filter CDATA encoded descr fields. Fixes #1478: Viktor Gurov
06:17 AM Revision 91efd993: 1:1 NAT IPv6 subnet mask fix. Issue #7742: Viktor Gurov
03:14 AM pfSense Packages Bug #8688: Pass List Snort: Snort 3.x (pfSense 2.4.5) PR:
https://github.com/pfsense/FreeBSD-ports/pull/886 Viktor Gurov
02:56 AM pfSense Packages Bug #10679 (Resolved): Squid reverse proxy CA cert without prv key: squid pkg 0.4.44_28 shows CA without private key on the Squid Reverse Proxy configuration page Viktor Gurov

06/24/2020

11:56 PM Todo #10533: Change default domain for new installations from "localdomain" to "home.arpa": I'd suggest one of the following instead, since many pfSense installs are not used in home environments.
https://... → luckman212
05:35 PM Bug #10666: DHCP Server sends NAK messages for declined offers: Hi Jim,
Thanks for your feedback. For future reference, by reading the ISC DHCP manual I found this configuration ... Alfredo Pironti
03:31 PM Bug #9476: pfSense 2.4.x sending ARP replies with non-CARP source MAC address: Viktor Gurov wrote:
> See #6957 and https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=141023#c4:
> _According to RF... Marc H
09:58 AM Bug #9476: pfSense 2.4.x sending ARP replies with non-CARP source MAC address: See #6957 and https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=141023#c4:
_According to RFC826, which is current st... Viktor Gurov
02:29 PM Revision 26516e8a: Remove Zabbix 4.2 support: Zabbix 4.2 ports were removed from the FreeBSD ports tree (End of Life).
(cherry picked from commit c38796f133762b41... Danilo Baio
02:29 PM Revision a3dea116: Merge pull request #4365 from dbaio/zabbix42-eol: Renato Botelho
02:27 PM Revision 34185e00: Merge pull request #4359 from bmhughes/frr-enable-snmp: Renato Botelho
02:27 PM Revision 6cfebd7d: Merge pull request #4358 from vktg/shaperpriqcheck: Renato Botelho
02:27 PM Revision 6e4fa0a5: Merge pull request #4361 from vktg/dhcpnewlinefix: Renato Botelho
02:27 PM Revision 880cc378: Merge pull request #4362 from vktg/pf25rtwnregexp: Renato Botelho
02:26 PM Revision e0c955a6: Merge pull request #4368 from vktg/usercertsel: Renato Botelho
02:26 PM Revision 56ff6c6d: Merge pull request #4367 from vktg/noshowgw: Renato Botelho
02:26 PM Revision e3b8be57: Merge pull request #4366 from vktg/rfc2307userdn: Renato Botelho
02:26 PM Revision 4874d203: Merge pull request #4363 from vktg/wifi40mhz: Renato Botelho
02:25 PM Revision 8f5f783e: Merge pull request #4370 from vktg/is_subnet_rfc4291par222: Renato Botelho
02:25 PM Revision bc4c5791: Merge pull request #4199 from vktg/rarouter: Renato Botelho
02:05 PM Revision db95baf1: status.php: Add config history. Implements #10696: Viktor Gurov
09:37 AM Feature #10696 (Pull Request Review): status.php: Add config history: Jim Pingle
09:01 AM Feature #10696: status.php: Add config history: https://github.com/pfsense/pfsense/pull/4371 Viktor Gurov
08:49 AM Feature #10696: status.php: Add config history: source:src/etc/rc.restore_config_backup has some code that could probably be reused for this. Jim Pingle
05:13 AM Feature #10696 (Resolved): status.php: Add config history: Add get_backups() output formatted as Diagnostics / Backup & Restore / Config History to the status_output.tgz file Viktor Gurov
09:34 AM pfSense Packages Feature #10689 (Feedback): Squid Reverse proxy IPv6 and HA support: PR has been merged. Thanks! Renato Botelho
09:34 AM pfSense Packages Bug #10679 (Feedback): Squid reverse proxy CA cert without prv key: PR has been merged. Thanks! Renato Botelho
09:29 AM Bug #9710 (Feedback): IPv6 RA: prefix option does not contain router address in spite of "R" flag being set: PR has been merged. Thanks! Renato Botelho
09:29 AM Bug #10694 (Feedback): Firewall Alias does not allow an ipv6 network alias in the format x:x:x:x:x:x:d.d.d.d where the 'd's are the decimal values of the four low-order 8-bit pieces of the address (standard IPv4 representation): PR has been merged. Thanks! Renato Botelho
08:56 AM Bug #10694 (Pull Request Review): Firewall Alias does not allow an ipv6 network alias in the format x:x:x:x:x:x:d.d.d.d where the 'd's are the decimal values of the four low-order 8-bit pieces of the address (standard IPv4 representation): Jim Pingle
01:32 AM Bug #10694: Firewall Alias does not allow an ipv6 network alias in the format x:x:x:x:x:x:d.d.d.d where the 'd's are the decimal values of the four low-order 8-bit pieces of the address (standard IPv4 representation): Fix:
https://github.com/pfsense/pfsense/pull/4370 Viktor Gurov
09:29 AM Feature #10678 (Feedback): Allow to select 802.11n channel width (HT): PR has been merged. Thanks! Renato Botelho
09:29 AM Feature #9527 (Feedback): Add ability for LDAP extended query on groups in RFC2307 containers.: PR has been merged. Thanks! Renato Botelho
09:29 AM Feature #885 (Feedback): Show gateway/group IPs on mouseover: PR has been merged. Thanks! Renato Botelho
09:29 AM Feature #10658 (Feedback): Allow to generate ECDSA certs on User Manager page: PR has been merged. Thanks! Renato Botelho
09:29 AM pfSense Packages Bug #10688 (Feedback): Remove Zabbix 4.2 ports: PR has been merged. Thanks! Renato Botelho
09:29 AM Bug #10677 (Feedback): pfSense 2.5 incorrect rtwn(4) wireless regexp: PR has been merged. Thanks! Renato Botelho
09:29 AM Bug #10675 (Feedback): DHCPv6 config not all directives start on a new line as expected: PR has been merged. Thanks! Renato Botelho
09:29 AM Bug #10660 (Feedback): PHP errors in the traffic shaper wizard: PR has been merged. Thanks! Renato Botelho
09:23 AM pfSense Packages Bug #10692: PIMD starts twice at boot: I solved the "no enabled vifs" issue by changing in menu pimd/interfaces/interface binding from default to "Always bi... Louis B
04:49 AM pfSense Packages Bug #10692: PIMD starts twice at boot: Hello,
I did some tests in advance of this patch. I could do that by forcing a reread of the vifs by disabling and... Louis B
07:36 AM Bug #10685: DNS queries of RBLs does not work any more since 2.4.5: Thanks for your reply.
After adding... Manfred Bongard
06:27 AM Revision 35c60e99: is_subnet() RFC4291 par 2.2.2 format support. Fixes #10694: Viktor Gurov
04:49 AM pfSense Packages Bug #10695 (New): FreeRadius Accounting skipping MBs after reboot due to power down: I am running 2.4.5-RELEASE (amd64) version.
I am setting up Captive Portal with FreeRadius to limit users monthly qo... AbdElrahman Eid

06/23/2020

11:00 PM Bug #10694 (Resolved): Firewall Alias does not allow an ipv6 network alias in the format x:x:x:x:x:x:d.d.d.d where the 'd's are the decimal values of the four low-order 8-bit pieces of the address (standard IPv4 representation): Firewall Alias does not allow an ipv6 network alias in the format described by RFC4291 par 2.2.2 in the format x:x:x:... Rick Coats
08:23 PM Revision 58312bfa: Revert "Enable ALTQ on ix interfaces": This reverts commit be22be7a8b2964a3d63852d6e31da7749405bdf9. Renato Botelho
08:03 PM Revision be22be7a: Enable ALTQ on ix interfaces: Renato Botelho
08:02 PM Revision 9ff453fc: Enable ALTQ on ix interfaces: Renato Botelho
07:29 PM Revision 7ab1a0a3: Fix thermal sensors on SG-5100: Renato Botelho
07:29 PM Revision 06b5448a: Fix thermal sensors on SG-5100: Renato Botelho
03:24 PM pfSense Packages Bug #10693 (New): pfSense Bind Zone Editor UI does not update zone serial number when a change is made: /pkg_edit.php?xml=bind_zones.xml&act=edit&id=0
populates the "Serial" field with the serial number of the current... Jeffrey Altman
03:24 PM Bug #7378 (Feedback): pfctl: ix0: driver does not support altq: I've re-enabled it on 2.5.0 snapshots so we can get it tested again Renato Botelho
12:57 PM pfSense Packages Bug #10692 (Confirmed): PIMD starts twice at boot: Hello,
I just discoverd a critical error in the pfSense boot sequence.
- Independed if you have enabled the PIMD... Louis B
11:07 AM Bug #10691 (Not a Bug): Issue with rules (firewall and NAT) being reloaded after changes made: Existing states are not cleared, and your browser is holding open a connection. You would need to close/reopen the br... Jim Pingle
11:01 AM Bug #10691: Issue with rules (firewall and NAT) being reloaded after changes made: Running 2.4.5-RELEASE-p1 (amd64) John Weithman
11:01 AM Bug #10691 (Not a Bug): Issue with rules (firewall and NAT) being reloaded after changes made: I have a web admin page for an email server that I've historically managed after VPN'ing into my network. I wanted to... John Weithman
09:46 AM Revision 039ba57a: Complete IPv6 router address in radvd.conf prefix. Issue #9710: Viktor Gurov
09:20 AM Bug #10532 (Pull Request Review): Mobile PSK users don't have 'mobile-userpool' section: Jim Pingle
02:07 AM Bug #10532: Mobile PSK users don't have 'mobile-userpool' section: Jim Pingle wrote:
> It may be as easy as removing the EAP check at source:src/etc/inc/ipsec.inc#L1596 -- but non-EAP... Viktor Gurov
07:23 AM Revision 91fd7459: Allow to change WiFi channel width. Implements #10678: Viktor Gurov
03:57 AM Bug #10661 (Resolved): pfSense configures fe80::1:1 on lan interface without track6: works fine on 2.5.0.a.20200622.1850 - fe80::1:1 successfully removed from interface after switching from Track Interf... Viktor Gurov
02:56 AM Bug #10690 (New): Not possible to make UFS install on ZFS formatted drive: If you want, to make pfSense UFS install over ZFS formatted drive (previous pfSense installation, for example)
you g... Viktor Gurov

06/22/2020

04:01 PM Bug #10558 (Feedback): Multicast daemons work at boot, but fail if restarted: The most recent snapshot has the latest fix and it appears to work. I can stop and restart pimd without errors. Leavi... Jim Pingle
11:57 AM Bug #10558: Multicast daemons work at boot, but fail if restarted: Anything not directly related to the specific multicast issue caused by the FreeBSD bug does not belong on this issue... Jim Pingle
11:57 AM Bug #10558: Multicast daemons work at boot, but fail if restarted: We are aware, and are in direct communication with the FreeBSD developer who made the commits. I mentioned above alre... Jim Pingle
11:31 AM Bug #10558: Multicast daemons work at boot, but fail if restarted: Hello,
Be aware there were multiple things fixed in FreeBSD and placed in the snapshots. Latest message I got from... Louis B
07:28 AM Bug #10558 (New): Multicast daemons work at boot, but fail if restarted: An additional fix has been added to FreeBSD that we need to pull into snapshots.
https://bugs.freebsd.org/bugzilla... Jim Pingle
01:11 PM Revision e912f0cf: Improve gateways popup. Implements #885: Viktor Gurov
12:54 PM Bug #10680 (Pull Request Review): Improve interface caching when we have many interfaces: Jim Pingle
12:48 PM Feature #9527 (Pull Request Review): Add ability for LDAP extended query on groups in RFC2307 containers.: Jim Pingle
03:07 AM Feature #9527: Add ability for LDAP extended query on groups in RFC2307 containers.: Chris Linstruth wrote:
> I don't think this is quite flexible enough. In the case of FreeIPA, for instance, the posi... Viktor Gurov
12:44 PM Feature #10678 (Pull Request Review): Allow to select 802.11n channel width (HT): Jim Pingle
12:21 PM pfSense Packages Feature #10689 (Pull Request Review): Squid Reverse proxy IPv6 and HA support: Jim Pingle
10:53 AM pfSense Packages Feature #10689: Squid Reverse proxy IPv6 and HA support: https://github.com/pfsense/FreeBSD-ports/pull/885 Viktor Gurov
03:22 AM pfSense Packages Feature #10689 (Resolved): Squid Reverse proxy IPv6 and HA support: allow to listen on IPv4/IPv6/IPv4+IPv6 interfaces, see #8887
and add ability to select CARP interfaces, see #5168 Viktor Gurov
12:04 PM Revision ccb301a4: Allow to generate ECDSA certs on User Manager page. Implements #10658: Viktor Gurov
10:04 AM Bug #10565: WAN_DHCP6 Stuck Pending / Unknown: I am also seeing this issue after upgrading to 2.4.5-RELEASE-p1. The networking seems to be working, but the Gateways... Jeremy Beker
08:06 AM Revision e924485c: Use user DN for RFC2307 membership search. Issue #9527: Viktor Gurov
07:51 AM Bug #10610: Package upgrade or reinstall hangs indefintely on the console: Same issue here. I can reproduce this reliably (any of upgrade, reinstall or fresh install) and and pressing the "Sav... Stefan Beckers
07:36 AM Feature #10658 (Pull Request Review): Allow to generate ECDSA certs on User Manager page: Jim Pingle
07:06 AM Feature #10658: Allow to generate ECDSA certs on User Manager page: https://github.com/pfsense/pfsense/pull/4368 Viktor Gurov
07:33 AM Feature #885 (Pull Request Review): Show gateway/group IPs on mouseover: Jim Pingle
04:51 AM Feature #885: Show gateway/group IPs on mouseover: fixed/improved:
https://github.com/pfsense/pfsense/pull/4367 Viktor Gurov
07:29 AM pfSense Packages Bug #10688 (Pull Request Review): Remove Zabbix 4.2 ports: Jim Pingle
07:27 AM Bug #10687: IPsec / CESA memory issue: If the problem has already been addressed on 12.x there may be nothing more we need to do here. Needs confirmed on a ... Jim Pingle
07:24 AM Bug #10685 (Not a Bug): DNS queries of RBLs does not work any more since 2.4.5: This is due to the change in #9708 on 2.4.5 -- 127.0.0.1 is considered a private result now so you will need to tell ... Jim Pingle
07:11 AM pfSense Packages Bug #10654 (Resolved): Whitelisted domains starting with a dot are ignored: pfSense-pkg-squid 0.4.44_27 - work as expected Viktor Gurov
06:27 AM Feature #8712: QOS on ipsec links: same on FreeBSD 12.1 (pfSense 2.5.0.a.20200621.1850) Viktor Gurov

06/21/2020

07:10 PM Revision c38796f1: Remove Zabbix 4.2 support: Zabbix 4.2 ports were removed from the FreeBSD ports tree (End of Life). Danilo Baio
02:45 PM pfSense Packages Bug #10688: Remove Zabbix 4.2 ports: https://github.com/pfsense/pfsense/pull/4365
https://github.com/pfsense/FreeBSD-ports/pull/884 Danilo Baio
02:42 PM pfSense Packages Bug #10688 (Resolved): Remove Zabbix 4.2 ports: - Remove Zabbix 4.2 ports.
- Fix typos, reported on https://github.com/pfsense/FreeBSD-ports/pull/876
Zabbix 4.2 ... Danilo Baio
08:14 AM Bug #10558: Multicast daemons work at boot, but fail if restarted: Hello,
I am not the only one noticeing that there is still a problem :) So the problem was updated in the FreeBSD ... Louis B
07:40 AM Bug #10687 (Resolved): IPsec / CESA memory issue: We have approximately 30 ipsec tunnels on a netgate SG-3100. We've been getting errors that stop tunnels from coming... Graham Collinson

06/20/2020

01:35 PM Bug #6880: Multiple DHCP6 WAN connections leads to multiple dhcp6c clients: I have the same problem with 2.4.5-p1. Still no fix? Car F
10:23 AM pfSense Docs Correction #10686 (Duplicate): Feedback on Development — Obtaining Panic Information for Developers: *Page:* https://docs.netgate.com/pfsense/en/latest/development/obtaining-panic-information-for-developers.html
*Fe... chris j
09:25 AM Bug #10558: Multicast daemons work at boot, but fail if restarted: Oeps,
I did forget to add two config examples (I did test other PIMD-configs as well).
So here they are.
Louis Louis B
08:09 AM Bug #10558: Multicast daemons work at boot, but fail if restarted: Hello,
I did a lot of tests related to IGMP-proxy and PIMD using snapshot 2.5.0.a.20200620.0050
Dispite what I h... Louis B
09:19 AM Bug #10685 (Not a Bug): DNS queries of RBLs does not work any more since 2.4.5: Since upgrade to 2.4.5, DNS queries of RBLs returned with no answer.
queries on shell:... Manfred Bongard
07:49 AM Bug #10684 (Resolved): RFC 2136 incomplete options: The topic has been dealt with before and marked as done in #1327.
But in the current version, the zone parameter is ... Philip Schmalz

06/19/2020

09:41 PM Revision 51e2d459: Bump up config version to 20.6.: Create an upgrade function to run console_configure() and force an update
of the boot loader settings.
This is inten... Luiz Souza
08:26 PM Bug #10558 (Feedback): Multicast daemons work at boot, but fail if restarted: The fix was merged to pfSense sources.
Please test with the next snapshot. Luiz Souza
03:14 PM pfSense Docs Correction #10683 (Rejected): Feedback on Firewall — Preventing RFC1918 Traffic from Exiting a WAN Interface: You are talking about a completely different issue than that page is describing.
That section describes a method o... Chris Linstruth
03:03 PM pfSense Docs Correction #10683: Feedback on Firewall — Preventing RFC1918 Traffic from Exiting a WAN Interface: Apologies. Just when I was reiterating my thought process on why I opened this feedback issue, I noticed that I swapp... G Mulder
02:43 PM pfSense Docs Correction #10683 (Rejected): Feedback on Firewall — Preventing RFC1918 Traffic from Exiting a WAN Interface: *Page:* https://docs.netgate.com/pfsense/en/latest/firewall/preventing-rfc1918-traffic-from-exiting-a-wan-interface.h... G Mulder
01:41 PM Revision e2e4c0d5: Updated jQuery to 3.5.1 - jQuery-ui does not need to be updated: Steve Beaver
01:02 PM Bug #9647: hn0: driver does not support altq: I tried with todays snapshot and have the same issue.
What can we do next? Greg M
08:24 AM Bug #9647 (New): hn0: driver does not support altq: It should be. I also tested the most recent snapshot from this morning and altq did not work there, either. Jim Pingle
01:08 AM Bug #9647: hn0: driver does not support altq: So I tried with: pfSense-CE-2.5.0-DEVELOPMENT-amd64-20200618-1024
Still same message about ALTQ support. Is this c... Greg M
12:47 PM Revision 66c614af: Fixed #10674 byt replacing .click() with .change(): Steve Beaver
12:39 PM Bug #10682 (Duplicate): Routed IPSEC VTI - Packets with higher MTU (above Interface MTU) are DROPPED, fragmentation is done wrong on the destination LAN Interface: Most likely the same root cause as #7801 Jim Pingle
11:53 AM Bug #10682 (Duplicate): Routed IPSEC VTI - Packets with higher MTU (above Interface MTU) are DROPPED, fragmentation is done wrong on the destination LAN Interface: Hi,
Packets with higher MTU (above the destination LAN's Interface MTU) are DROPPED, after they are fragmented cor... Andrei Boghiu
10:56 AM Bug #9577: radvd send_ra_forall failed on interface / can't join ipv6-allrouters: Ronald Schellberg wrote:
> Attached is a compiled RADVD for 2.5 with the above patch (slightly modified) incorporate... Ronald Schellberg
10:54 AM Bug #10681 (Not a Bug): No PHP errors in syslog: Works fine here, tried a couple systems on snaps from the last couple days (including today's)... Jim Pingle
10:46 AM Bug #10681 (Not a Bug): No PHP errors in syslog: On the latest 2.5.0.a.20200618.1024 I see only daemons log messages in /var/log/system.log (and /var/log/*)
If I i... Viktor Gurov
09:56 AM Bug #10680: Improve interface caching when we have many interfaces: Link to GitHub pull request: https://github.com/pfsense/pfsense/pull/4364 Jonas Christoffersen
09:39 AM Bug #10680 (Resolved): Improve interface caching when we have many interfaces: In interfaces.inc there's a caching system to avoid too many calls to pfSense_interface_listget().
This cache is inv... Jonas Christoffersen
09:10 AM pfSense Packages Bug #10679 (Pull Request Review): Squid reverse proxy CA cert without prv key: Jim Pingle
09:05 AM pfSense Packages Bug #10679: Squid reverse proxy CA cert without prv key: https://github.com/pfsense/FreeBSD-ports/pull/883 Viktor Gurov
08:55 AM pfSense Packages Bug #10679 (Resolved): Squid reverse proxy CA cert without prv key: from https://forum.netgate.com/topic/154504/squid-0-4-44_26-cannot-select-external-ca-s
Currently is not possible to... Viktor Gurov
08:42 AM Todo #10676 (Feedback): JQuery 1.2 < 3.5.0 Multiple XSS From Nessus: Anonymous
08:42 AM Todo #10676: JQuery 1.2 < 3.5.0 Multiple XSS From Nessus: jQuery updated to 3.5.1
jQuery-ui unchanged
Anonymous
08:08 AM Bug #7986: WLAN card no longer properly initialized under 2.4.0: See #10678 for changing channel width from the WebGUI Viktor Gurov
08:07 AM Feature #10678: Allow to select 802.11n channel width (HT): https://github.com/pfsense/pfsense/pull/4363 Viktor Gurov
08:04 AM Feature #10678 (Resolved): Allow to select 802.11n channel width (HT): using `ifconfig -v <wirelessinf> list chan` possible to see supported HT modes:... Viktor Gurov
08:02 AM Bug #10677 (Pull Request Review): pfSense 2.5 incorrect rtwn(4) wireless regexp: Jim Pingle
02:50 AM Bug #10677: pfSense 2.5 incorrect rtwn(4) wireless regexp: https://github.com/pfsense/pfsense/pull/4362 Viktor Gurov
02:48 AM Bug #10677 (Resolved): pfSense 2.5 incorrect rtwn(4) wireless regexp: FreeBSD 12 uses 'rtwn' instead of 'urtwn' for rtwn(4) wireless devices:... Viktor Gurov
08:02 AM Bug #9649 (Resolved): IPv6 6RD Tunnel: Jim Pingle
02:16 AM Bug #9649: IPv6 6RD Tunnel: Thanks for committing the PR. I can confirm that the next snapshot fixes the issue. Ronald Schellberg
07:59 AM Bug #10675 (Pull Request Review): DHCPv6 config not all directives start on a new line as expected: Jim Pingle
12:38 AM Bug #10675: DHCPv6 config not all directives start on a new line as expected: https://github.com/pfsense/pfsense/pull/4361 Viktor Gurov
07:58 AM Bug #9467 (Resolved): vmx(4) interfaces do not have ALTQ support on pfSense 2.5, they had ALTQ support on 2.4: Yep, this looks good on a current snapshot. No errors, rules are loaded, I'm seeing traffic in queues on vmx interfac... Jim Pingle
07:55 AM Bug #10674: Port Forward Address Fields not becoming active in Safari: Applied in changeset commit:66c614af0fc9785a4644c63ac54d178c2285a5ee. Anonymous
07:49 AM Bug #10674 (Feedback): Port Forward Address Fields not becoming active in Safari: Anonymous
07:49 AM Revision 38a65678: pfSense 2.5 rtwn(4) wireless regexp. Fixes #10677: Viktor Gurov
05:59 AM Revision ad543535: Improve Remote Gateway field description for IPSec VPN Phase 1. Implements #7095: Viktor Gurov
05:33 AM Revision 610cbfdc: DHCPv6 config newline fix. Issue #10675: Viktor Gurov
03:46 AM pfSense Packages Feature #8727 (Resolved): Clone button in cron pkg: Cron 0.3.7_4 - works as expected Viktor Gurov
03:44 AM Bug #8464: Wireless USB card does not connect to WiFi automatically after reboot/halt: no such issue with rtwn (TP-LINK TL-WN725N USB) on 2.5.0.a.20200618.1024,
it correctly connects to WiFi after reboot... Viktor Gurov
02:24 AM Feature #10639: Add rtwn(4) wireless support: now it's fine on 2.5.0.a.20200618.1024 (TP-LINK TL-WN725N):... Viktor Gurov
01:51 AM Bug #5325 (Closed): Traffic shaping wizard creates an unloadable rule-set if using HFSC on a LAN interface that is not up when the rules are loaded.: no such issue on the current 2.4.5 or 2.5,
WAN 'download' value from the wizard step2 is used to calculate bandwidth... Viktor Gurov
01:18 AM pfSense Packages Feature #9765 (Resolved): Update iperf package to iperf3: pfSense 2.4.5 and 2.5 use iperf3
see also #10357 Viktor Gurov
01:12 AM pfSense Packages Bug #10611 (Resolved): FRR applies file permissions to missing files: resolved in frr 0.6.6 Viktor Gurov
01:11 AM pfSense Packages Bug #10657 (Resolved): FRR: AS-Path Filter doesn't work anymore: frr 0.6.6 generates a configuration with the correct as-path:... Viktor Gurov

06/18/2020

08:06 PM Bug #9467: vmx(4) interfaces do not have ALTQ support on pfSense 2.5, they had ALTQ support on 2.4: vmx(4) now uses iflib and it seems to support ALTQ by default. this is still an issue ? Luiz Souza
07:41 PM Bug #9649 (Feedback): IPv6 6RD Tunnel: PR committed.
Please test with the next snapshot. Luiz Souza
05:51 PM Bug #10674 (Assigned): Port Forward Address Fields not becoming active in Safari: Anonymous
03:43 PM Bug #10674: Port Forward Address Fields not becoming active in Safari: Tested working on Firefox. Field updates as expected. Kris Phillips
03:29 PM Bug #10674: Port Forward Address Fields not becoming active in Safari: Same on recent 2.5.0. Chris Linstruth
03:25 PM Bug #10674 (Closed): Port Forward Address Fields not becoming active in Safari: When you select a method that should allow address/network/alias input in a NAT Port Forward in Safari, the fields ar... Chris Linstruth
04:30 PM Todo #10676 (Resolved): JQuery 1.2 < 3.5.0 Multiple XSS From Nessus: LocalNetwork / Plugin #136929
Plugin Details
Severity: Medium
ID: 136929
Version: 1.5
Type: remote
Family... Erik Mathis
03:35 PM Bug #10675 (Resolved): DHCPv6 config not all directives start on a new line as expected: In the DHCPv6 config, "prefix6" is not starting on its own new line. Probably the line before is missing a \n at the ... Jim Pingle
03:31 PM Revision 2aba40bd: Bridge with GIF interface bootup fix. Issue #10524: Viktor Gurov
02:52 PM Revision db030401: Enable FRR SNMP AgentX support: Ben Hughes
01:33 PM Revision 1090b1b6: Merge pull request #4354 from vktg/delfe8011: Renato Botelho
01:33 PM Revision 85ccf69c: Merge pull request #4353 from vktg/shaperfix: Renato Botelho
11:26 AM pfSense Packages Bug #10673 (Rejected): Avahi interface list is missing interfaces: Avahi already shows all enabled interfaces
all you need to do is assign and enable the OpenVPN interface Viktor Gurov
10:23 AM pfSense Packages Bug #10673 (Rejected): Avahi interface list is missing interfaces: In avahi_settings.php, there is a list of network interfaces. Mine shows LAN, DMZ, WAN2. The list is missing my "WA... Jeremy 99
10:49 AM Bug #10524 (Pull Request Review): Bridge that includes a GIF interface does not come up at boot: Jim Pingle
10:19 AM Bug #10669 (Not a Bug): v. 2.4.5-RELEASE-p1 (amd64) non working vlans in xen (xcp-ng): After #9548 the test which restricted it before is no longer present. The change suggested on that blog post is no lo... Jim Pingle
09:00 AM pfSense Packages Feature #10441 (Feedback): Integration of bfd daemon: PR has been merged. Thanks! Renato Botelho
08:46 AM Bug #10672 (Not a Bug): PfSense crashes if enable vpn client from the internal network: Not enough info here to classify it as a bug in pfSense specifically. Given the backtrace it looks like an issue with... Jim Pingle
08:13 AM Bug #10672: PfSense crashes if enable vpn client from the internal network: That seems Suricata + bge(4) driver (netmap) issue:... Viktor Gurov
06:17 AM Bug #10672: PfSense crashes if enable vpn client from the internal network: HPE DL360G10
Intel Xeon Bronze 3104 CPU
64GB RAM Dmitry Axelis
06:15 AM Bug #10672 (Not a Bug): PfSense crashes if enable vpn client from the internal network: PfSense crashes if i'm enable the vpn client from the internal network. It doesn't matter which computer, but if I us... Dmitry Axelis
08:45 AM pfSense Packages Bug #10654 (Feedback): Whitelisted domains starting with a dot are ignored: PR has been merged. Thanks! Renato Botelho
08:42 AM pfSense Packages Bug #10611 (Feedback): FRR applies file permissions to missing files: PR has been merged. Thanks! Renato Botelho
08:42 AM pfSense Packages Bug #10657 (Feedback): FRR: AS-Path Filter doesn't work anymore: PR has been merged. Thanks! Renato Botelho
08:33 AM Bug #1353 (Feedback): Number of queues possible: PR has been merged. Thanks! Renato Botelho
08:33 AM Bug #10661 (Feedback): pfSense configures fe80::1:1 on lan interface without track6: PR has been merged. Thanks! Renato Botelho
07:38 AM Bug #10558: Multicast daemons work at boot, but fail if restarted: It requires a new kernel, so no way to reliably test outside of snapshots. We'll pick up the change soon. Jim Pingle
07:21 AM Bug #10558: Multicast daemons work at boot, but fail if restarted: Yep,
Exactly, now we have momentum to get things fixed. If we find a bug lateron the momentum and the timslot is g... Louis B
07:02 AM Bug #10558: Multicast daemons work at boot, but fail if restarted: Jim Pingle wrote:
> I already answered that in comment 23
I myself read his question as: "Is there an option to t... Marc J
07:27 AM Feature #10597 (Resolved): Setting host-uniq for PPPoE: correctly sets Host-Uniq value on 2.5.0.a.20200617.1250:... Viktor Gurov
05:04 AM Feature #6377 (Resolved): 6rd ipv6 tunnel: MTU settings not editable and not correlated to interface MTU (hardcoded to 1280): works as expected on 2.5.0.a.20200617.1250 -
sets the MTU value for '_stf' interface as parent MTU - 20. Viktor Gurov
03:00 AM Feature #6908 (Resolved): Alias copy, sort, search/replace functions: alias copy function works as expected on 2.5.0.a.20200617.1250 Viktor Gurov
02:55 AM Bug #10613 (Resolved): cleanup status_queues.php code: unused code removed
pfSense 2.5.0.a.20200617.1250 Viktor Gurov
02:12 AM Bug #10650 (Resolved): OpenVPN TCP in 2.4.5-p1 not working: no errors on 2.5.0.a.20200617.1250
TCP4/TCP6/TCP-multihome Client/Server tested Viktor Gurov

06/17/2020

10:14 PM Feature #9527: Add ability for LDAP extended query on groups in RFC2307 containers.: I don't think this is quite flexible enough. In the case of FreeIPA, for instance, the posixGroups list the member DN... Chris Linstruth
07:38 PM Revision 21568e75: More complete IPsec close_action conversion. Fixes #10632: Jim Pingle
05:15 PM Bug #9649: IPv6 6RD Tunnel: PR #25 got closed today without being applied. Looks like it may be a while for this Issue to be resolved. Ronald Schellberg
05:14 PM Bug #10671 (New): pfsense 2.4.5_1 does not boot on Gen2 2012R2 HyperV VM: After upgrade to 2.4.5_1, the boot fails with Input/Output error when loading the kernel. Tested on 2 VMs, both suffe... Jan de Groot
04:38 PM Bug #9647 (Resolved): hn0: driver does not support altq: Committed. Luiz Souza
04:37 PM Feature #10639 (Resolved): Add rtwn(4) wireless support: Committed. Thanks! Luiz Souza
04:05 PM Feature #8958: Dynamic DNS - CARP Address: It makes sense to have in pfsense the possibility to select in the Dynamic DNS CARP interface for high availability i... Marcio Gomes
03:16 PM Feature #9155 (Resolved): Add driver bnxt for Broadcom NetXtreme interfaces: Committed. Thanks! Luiz Souza
02:50 PM Revision 03545538: Comment typo: (cherry picked from commit 51b0b50b1931d7809efcaf6a59ae9625f1eb9bff) Jim Pingle
02:50 PM Revision 51b0b50b: Comment typo: Jim Pingle
02:47 PM Bug #10670: Floating rules stopped working after upgrading from version 2.4.4 to version 2.4.5-1: That kind of discussion is best kept on the forum until a bug can be identified, however. There doesn't appear to be ... Jim Pingle
02:29 PM Bug #10670: Floating rules stopped working after upgrading from version 2.4.4 to version 2.4.5-1: Jim Pingle wrote:
> I see no evidence of a general problem here. I checked several 2.4.5-p1 systems I have with floa... Tácio Andrade
02:26 PM Bug #10670 (Not a Bug): Floating rules stopped working after upgrading from version 2.4.4 to version 2.4.5-1: I see no evidence of a general problem here. I checked several 2.4.5-p1 systems I have with floating rules, and all o... Jim Pingle
02:16 PM Bug #10670 (Not a Bug): Floating rules stopped working after upgrading from version 2.4.4 to version 2.4.5-1: I upgraded from version 2.4.4 to version 2.4.5-1 of pfSense this weekend and ended up realizing that all the rules in... Tácio Andrade
02:45 PM Bug #10632 (Feedback): Incorrect swanctl.conf syntax from Child SA Close Action: Applied in changeset commit:21568e753abb092747fddeeda41a9952827b06d1. Jim Pingle
01:07 PM Bug #10632 (In Progress): Incorrect swanctl.conf syntax from Child SA Close Action: This is still not 100% right.
|_. Old |_. New |
| @none@ | @none@ |
| @restart@ | @start@ |
| @clear@ | @none@ ... Jim Pingle
02:15 PM Bug #10558: Multicast daemons work at boot, but fail if restarted: I already answered that in comment 23 Jim Pingle
01:31 PM Bug #10558: Multicast daemons work at boot, but fail if restarted: Louis van Breda wrote:
> Jim,
>
> Very good news!
>
> Is there an option to test it here on my system running ... Marc J
01:29 PM Bug #10558: Multicast daemons work at boot, but fail if restarted: Jim,
Very good news!
Is there an option to test it here on my system running latest snapshotbuild!
(yep I did ... Louis B
01:09 PM Bug #10558: Multicast daemons work at boot, but fail if restarted: Per bz, Fix works and is awaiting review upstream and will be committed to HEAD, then stable/12. Once it's in stable/... Jim Pingle
01:51 PM Revision 36c5c493: Send correct version to prodtrack: Use $g['product_version'] to get running version. The way it was
implemented before was getting version of pfSense-b... Renato Botelho
01:50 PM Revision f0b61754: Send correct version to prodtrack: Use $g['product_version'] to get running version. The way it was
implemented before was getting version of pfSense-b... Renato Botelho
12:07 PM Revision 734848b6: Shaper root queue percent bw fix. Issue #10660: Viktor Gurov
11:54 AM Bug #9311 (Resolved): Captive Portal continues to limit per-user bandwidth when not enabled: works as expected on 2.5.0.a.20200616.1850
now it correctly checks/removes <bwdefaultdn> and <bwdefaultup> Viktor Gurov
11:46 AM Feature #10583 (Resolved): status.php: Add L2TP VPN configuration: works as expected on 2.5.0.a.20200616.1850
status_output.tgz contains L2TP-Configuration.txt with redacted passwor... Viktor Gurov
11:41 AM Bug #10626 (Resolved): get_interface_list() shows _stf (6RD/6to4) interfaces as parent: Renato Botelho wrote:
> PR has been merged. Thanks!
tested on 2.5.0.a.20200616.1850
works as expected, correc... Viktor Gurov
08:15 AM Bug #10660: PHP errors in the traffic shaper wizard: another error after applying PR:... Viktor Gurov
07:13 AM Bug #10660: PHP errors in the traffic shaper wizard: Jim Pingle wrote:
> That is most likely because, as Viktor noted, you tried to use % bandwidth on an interface that ... Viktor Gurov
06:27 AM Bug #10669 (Not a Bug): v. 2.4.5-RELEASE-p1 (amd64) non working vlans in xen (xcp-ng): With version 2.4.4-RELEASE-p3 (amd64) in xcp-ng (xen) hypervisor the non working vlans could be fixed by adding the f... Petri Nikkonen
05:54 AM Bug #9123: Adding/configuring vlan on ixl-devices causes aq_add_macvlan err -53, aq_error 14: Some more data/observations:
* NIC: Intel X710-DA4 (Quad Port 10Gb)
* pfSense version 2.4.4-p3
* One LAGG group (l... Marc L
05:06 AM Bug #10668 (Resolved): curl -T "{file1,file2}" loops forever eating up the RAM: Running pfSense 2.4.5-RELEASE-p1, using curl in ACME certificates Actions list to upload the updated certs from pfSen... robi robi
04:40 AM Bug #10524: Bridge that includes a GIF interface does not come up at boot: Fix:
https://github.com/pfsense/pfsense/pull/4360 Viktor Gurov
01:41 AM Bug #10667 (Resolved): Separator bars on Floating rules do not cover the full table width: separator width is OK on 2.5.0.a.20200616.1850 Viktor Gurov
01:36 AM Feature #9909 (Resolved): Add option to (dis)allow unauthenticated LDAP binds: tested on 2.5.0.a.20200616.1850 + Win2008R2 AD
works as expected - when the "Allow unauthenticated bind" checkbox ... Viktor Gurov

06/16/2020

05:09 PM Revision f06b389e: Apply style and space fixes: Renato Botelho
05:09 PM Revision dd6f5778: Replace pfSense by global var product_name: Renato Botelho
05:09 PM Revision e1fb434d: Add a note to convert it to json_encode: Renato Botelho
05:09 PM Revision a001cffd: Apply style and space fixes: Renato Botelho
05:05 PM Revision 7338ea88: Apply style and space fixes: Renato Botelho
04:58 PM Revision 79b954ec: Replace pfSense by global var product_name: Renato Botelho
04:57 PM Revision cea44261: Add a note to convert it to json_encode: Renato Botelho
04:57 PM Revision 30a79756: Apply style and space fixes: Renato Botelho
04:29 PM Bug #6167: IPsec IPComp not working: Seeing that 2.5 is progressing, any chance this will finally make it?
Not sure what sort of wide, bandwidth-is-no-... Ronald Antony
04:24 PM Feature #8786: Wireguard VPN: Lai Wei-Hwa wrote:
> See these links:
> https://svnweb.freebsd.org/base?view=revision&revision=357986
> https://sv... Ronald Antony
03:49 PM Feature #7332: Provide certificate expiry warning: It's in 2.5.0 snapshots which are still in development. There has not been a 2.5.0 release yet.
There is no 2.5.1,... Jim Pingle
03:33 PM Feature #7332: Provide certificate expiry warning: Hi - What version is this implemented in?
I've got a 2.4.4-RELEASE-p3 and a 2.5.1 pfsense - and I can't see any h... Ian Collins
02:39 PM Bug #10558: Multicast daemons work at boot, but fail if restarted: Jim Pingle wrote:
> I know, I was talking with that developer directly. We would need to test that change locally fi... Marc J
02:12 PM Bug #10558: Multicast daemons work at boot, but fail if restarted: I know, I was talking with that developer directly. We would need to test that change locally first before bringing i... Jim Pingle
01:36 PM Bug #10558: Multicast daemons work at boot, but fail if restarted: Jim Pingle wrote:
> That FreeBSD bug report does appear to be related, we'll try to draw some attention to that.
> ... Marc J
02:09 PM Feature #10597: Setting host-uniq for PPPoE: Hello,
It looks like I found the problem. The solution was quite simple, however it did cost me nearly two days to... Louis B
01:12 AM Feature #10597: Setting host-uniq for PPPoE: Hello,
A few days ago I updated 2.5 and ..... what broke my PPPOE connection (*fatal*). I have a strong verdict th... Louis B
02:09 PM Revision 8b5eda65: Fix column count for floating rules tab. Fixes #10667: (cherry picked from commit f9e656505ef20c8a1f95177e59dfbf4b020d1e3a) Jim Pingle
02:08 PM Revision f9e65650: Fix column count for floating rules tab. Fixes #10667: Jim Pingle
09:15 AM Bug #10667 (Feedback): Separator bars on Floating rules do not cover the full table width: Applied in changeset commit:f9e656505ef20c8a1f95177e59dfbf4b020d1e3a. Jim Pingle
09:07 AM Bug #10667 (Resolved): Separator bars on Floating rules do not cover the full table width: The floating rules tab recently gained a new column, Interfaces, and after that, separator bars do not cover the full... Jim Pingle
06:19 AM Bug #10666: DHCP Server sends NAK messages for declined offers: We do not control the DHCP daemon on that level, that's up to the ISC DHCP daemon. Take it up with them, but I doubt ... Jim Pingle
02:35 AM Bug #10666: DHCP Server sends NAK messages for declined offers: Hi Jim,
Looking at RFC 2131, this actually looks like a legit configuration. Various excerpts of the RFC seem to e... Alfredo Pironti

06/15/2020

08:44 PM Bug #10666 (Rejected): DHCP Server sends NAK messages for declined offers: There is no bug. That is not a valid configuration. You can't have two DHCP servers in one segment. Jim Pingle
06:52 PM Bug #10666 (Rejected): DHCP Server sends NAK messages for declined offers: Test Scenario:
pfSense is configured to host two DHCP servers on the same network segment. Namely, configure two i... Alfredo Pironti
05:45 PM Revision f6e2e5aa: Create meta.conf symlink: Renato Botelho
05:45 PM Revision 18c764f6: Create meta.conf symlink: Renato Botelho
04:09 PM Revision 00177918: Fix implode() param order. Issue #10659: Jim Pingle
03:09 PM Bug #10610: Package upgrade or reinstall hangs indefintely on the console: Just had this issue while upgrading FFR package at one site, initialized from GUI. Open another Tab, go to Services -... Luki TJ
03:03 PM Bug #8429: radvd/IPv6 broken in 2.4.3 when using a LAN bridge: Hello,
this problem still persists. PRTG Syslog is being spammed with:... Edwin T
01:36 PM Revision c2a3954d: Merge pull request #4356 from vktg/gwgroupcheck: Jim Pingle
11:07 AM Todo #10659: PHP: Update to 7.4.x: Reading through the various notes for 7.4 (https://www.php.net/manual/en/migration74.php), the only bits which stand ... Jim Pingle
10:00 AM pfSense Packages Feature #10665 (Resolved): Manual OSPF neighbor definitions: OSPF interface modes "non-broadcast" and "point-to-miltipoint" rely on being able to manually define specific OSPF ne... Jim Pingle
09:34 AM Bug #10558: Multicast daemons work at boot, but fail if restarted: Understood..
Thanks for the follow up and info. Anything you can do from your side to draw some attention to it wo... Marc J
08:34 AM Bug #10558: Multicast daemons work at boot, but fail if restarted: That FreeBSD bug report does appear to be related, we'll try to draw some attention to that.
> -Basically, I am as... Jim Pingle
09:20 AM Bug #10660: PHP errors in the traffic shaper wizard: I'd at least expected the UI to load instead of just showing an full-screen error and forcing me to revert using back... Vincent Jansen
08:22 AM Bug #10660: PHP errors in the traffic shaper wizard: That is most likely because, as Viktor noted, you tried to use % bandwidth on an interface that can't properly identi... Jim Pingle
08:52 AM Bug #10663 (Not a Bug): dhcpd issues duplicate addresses in certain situations on 2.4.5-p1 in HA mode.: Jim Pingle
08:42 AM Feature #9891: QLogic 10 Gigabit Ethernet driver (qlxgb): It is present in the kernel config and in the kernel. Same output as on 2.4.5-p1 in my comment above.
Note that th... Jim Pingle
08:36 AM Bug #9435 (Feedback): Dynamic DNS Update events do not occur after certain failover event cases: PR merged Jim Pingle
07:49 AM Bug #9435 (Pull Request Review): Dynamic DNS Update events do not occur after certain failover event cases: Jim Pingle
08:26 AM Bug #10661 (Pull Request Review): pfSense configures fe80::1:1 on lan interface without track6: Jim Pingle
08:23 AM Feature #9155 (Pull Request Review): Add driver bnxt for Broadcom NetXtreme interfaces: Jim Pingle
07:59 AM Bug #10664 (Not a Bug): After 2.4.5_1 upgrade OpenVPN connections started leaking WAN IP DNS: There is not nearly enough detail here to classify this as a bug and not a symptom of some other problem. It sounds m... Jim Pingle
04:48 AM Bug #10664 (Not a Bug): After 2.4.5_1 upgrade OpenVPN connections started leaking WAN IP DNS: I was fiddling with browsers x webrtc leaks and then I found out that all OpenVPN connections were leaking my WAN IP ... Averium Prog
07:38 AM Bug #7725: Support for iwm: imho it would have been better to compile them out as modules instead
there is the possibility that the wrong driv... Manuel Piovan

06/14/2020

07:54 PM Revision d6eecfdc: DynDNS gateway group fix. Issue #9435: Viktor Gurov
04:11 PM Bug #9435: Dynamic DNS Update events do not occur after certain failover event cases: Thanks. Manually applied the commit and PHP dump is gone on reboot. Ronald Schellberg
02:58 PM Bug #9435: Dynamic DNS Update events do not occur after certain failover event cases: Ronald Schellberg wrote:
> The PR/Commit is triggering PHP errors on booting, see "PHP Errors after latest update (a... Viktor Gurov
11:06 AM Bug #9435: Dynamic DNS Update events do not occur after certain failover event cases: The PR/Commit is triggering PHP errors on booting, see "PHP Errors after latest update (amd64) built on Thu Jun 11 13... Ronald Schellberg
12:50 PM Bug #10663: dhcpd issues duplicate addresses in certain situations on 2.4.5-p1 in HA mode.: After further investigation, here is what occurred:
1. We previously used a combination of ifupdown and network ma... Chris Apsey
11:44 AM Bug #10663 (Not a Bug): dhcpd issues duplicate addresses in certain situations on 2.4.5-p1 in HA mode.: Ref: https://www.reddit.com/r/PFSENSE/comments/h8mwpn/dhcp_in_ha_mode_issuing_duplicate_addresses_in/?utm_source=shar... Chris Apsey
12:19 PM Bug #10558: Multicast daemons work at boot, but fail if restarted: Hello,
I completely agree that this problem is almost certain related to the FreeBSD bug
https://bugs.freebsd.o... Louis B
07:19 AM Bug #10558: Multicast daemons work at boot, but fail if restarted: Jim Pingle wrote:
> It might be that it only runs the first time after a reboot and anything that triggers the servi... Marc J
11:10 AM Feature #6626: Support for IPv6 firewall entries with dynamic delegated prefix and static host address: Some form of management for dynamic PD for IPv6 would be nice. It seems there are several, maybe many, ISPs that are ... Netnewb net
08:08 AM Feature #6626: Support for IPv6 firewall entries with dynamic delegated prefix and static host address: This issue should get a higher priority IMO. It renders IPv6 pretty much inoperable on (domestic) connections with ch... mpfusion _

06/13/2020

12:46 PM Bug #10662 (Resolved): Restoring from AutoConfigBackup presents reboot type selection option then reboots automatically: When restoring an AutoConfigBackup a "Yes" to reboot button is presented followed by a pulldown menu of the reboot st... Chris Linstruth
12:30 PM Revision 2bdf0364: Remove fe80::1:1 from interface. Issue #10661: Viktor Gurov
12:16 PM Bug #10660: PHP errors in the traffic shaper wizard: Opt1 = openvpn Vincent Jansen
11:53 AM Bug #10660: PHP errors in the traffic shaper wizard: Vincent Jansen wrote:
> 2.4.5-p1
What is your interface?
I got the same issue with _vtnet_ interface
This m... Viktor Gurov
11:37 AM Bug #10660: PHP errors in the traffic shaper wizard: Fix:
https://github.com/pfsense/pfsense/pull/4355 Viktor Gurov
09:55 AM Bug #10661: pfSense configures fe80::1:1 on lan interface without track6: Viktor Gurov wrote:
> but when I go to the Interfaces / LAN page, it shows IPv6 Configuration Type = None,
> becaus... Viktor Gurov
07:33 AM Bug #10661: pfSense configures fe80::1:1 on lan interface without track6: Remove fe80::1:1 alias from interface in interface_configure() "remove all IPv4 and IPv6 addresses" loop:
https://gi... Viktor Gurov
04:53 AM Bug #10661: pfSense configures fe80::1:1 on lan interface without track6: Found the issue -
on initial interface setup in console, it automatically set
DHCP + DHCP6 on the WAN interface, a... Viktor Gurov
04:10 AM Bug #10661 (Resolved): pfSense configures fe80::1:1 on lan interface without track6: While creating CARP IPv6 VIP interface on clean pfSense CE 2.4.5-p1 install,
I noticed that both nodes have fe80::1:... Viktor Gurov
01:49 AM Feature #9891: QLogic 10 Gigabit Ethernet driver (qlxgb): not present in 2.5 Viktor Gurov
01:46 AM Feature #9155: Add driver bnxt for Broadcom NetXtreme interfaces: https://github.com/pfsense/FreeBSD-src/pull/33 Viktor Gurov

06/12/2020

06:53 PM Bug #10660: PHP errors in the traffic shaper wizard: 2.4.5-p1 Vincent Jansen
06:51 PM Bug #10660: PHP errors in the traffic shaper wizard: % on opt1 was issue. Using mbps fixed it. Vincent Jansen
06:47 PM Bug #10660 (Resolved): PHP errors in the traffic shaper wizard: Created a shaper on interface, did not apply, set bandwidth to "100%", clicked apply
Cannot open firewall_shaper.php... Vincent Jansen
06:34 PM Bug #10636 (Resolved): The firmware table is filled: Looks good now.... Steve Wheeler
07:24 AM Bug #10636 (Feedback): The firmware table is filled: Jens Leinenbach wrote:
> Well the problem should be gone with the next FreeBSD version:
> https://github.com/freebs... Renato Botelho
07:02 AM Bug #10636: The firmware table is filled: Well the problem should be gone with the next FreeBSD version:
https://github.com/freebsd/freebsd/commit/7dfd7b3b1a0... Jens Leinenbach
06:57 AM Bug #10636: The firmware table is filled: I get the same error messages and some seem to be successful with FIRMWARE_MAX 100.
There is a similar discussion he... Jens Leinenbach
01:40 PM Todo #10659 (Resolved): PHP: Update to 7.4.x: Move PHP to 7.4.x Renato Botelho
09:50 AM pfSense Packages Bug #10656 (Pull Request Review): Acme letsencrypt doesn't change private key type: Jim Pingle
07:39 AM pfSense Packages Bug #10656: Acme letsencrypt doesn't change private key type: Fix:
https://github.com/pfsense/FreeBSD-ports/pull/881 Viktor Gurov
06:45 AM pfSense Packages Bug #10656 (Confirmed): Acme letsencrypt doesn't change private key type: Right, got the same issue Viktor Gurov
05:56 AM pfSense Packages Bug #10656: Acme letsencrypt doesn't change private key type: It isn't really a duplicate of that bug. The fallout of that bug sets up the conditions where you might want to chan... Howard Holm
12:23 AM pfSense Packages Bug #10656 (Rejected): Acme letsencrypt doesn't change private key type: Duplicate of #10655
Please add any additional comments to that issue. Viktor Gurov
09:44 AM pfSense Packages Bug #10654 (Pull Request Review): Whitelisted domains starting with a dot are ignored: Jim Pingle
06:48 AM pfSense Packages Bug #10654: Whitelisted domains starting with a dot are ignored: Fix:
https://github.com/pfsense/FreeBSD-ports/pull/880 Viktor Gurov
09:42 AM pfSense Packages Bug #10657 (Pull Request Review): FRR: AS-Path Filter doesn't work anymore: Jim Pingle
04:58 AM pfSense Packages Bug #10657: FRR: AS-Path Filter doesn't work anymore: Correct, see http://docs.frrouting.org/en/latest/bgp.html#as-path-access-lists
Fix:
https://github.com/pfsense/Fr... Viktor Gurov
04:21 AM pfSense Packages Bug #10657: FRR: AS-Path Filter doesn't work anymore: Syntax for as-path acl has changed in frr ...
Now it's ... Luki TJ
03:54 AM pfSense Packages Bug #10657 (Resolved): FRR: AS-Path Filter doesn't work anymore: Hi,
after upgrade from 2.4.4_p3 to 2.4.5_p1 route-maps for BGP metric altering based on AS-Path match don't work a... Luki TJ
09:41 AM pfSense Packages Bug #10655 (Resolved): ntopng fails with letsencrypt ECC certificates: If it works on the latest ntopng then it's already been fixed upstream. It may also be fixed by the newer OpenSSL on ... Jim Pingle
04:40 AM pfSense Packages Bug #10655: ntopng fails with letsencrypt ECC certificates: It seems ntopng 3.8 issue, is the same error ERR_SSL_VERSION_OR_CIPHER_MISMATCH with EC-256 certificate
but there ... Viktor Gurov
09:40 AM pfSense Packages Bug #8688 (Pull Request Review): Pass List Snort: Jim Pingle
01:38 AM pfSense Packages Bug #8688: Pass List Snort: https://github.com/pfsense/FreeBSD-ports/pull/878
see also #10493 Viktor Gurov
07:12 AM pfSense Packages Feature #10557 (Resolved): Add Zabbix 5.0 LTS (agent and proxy) packages: Renato Botelho
05:23 AM Feature #10658 (Resolved): Allow to generate ECDSA certs on User Manager page: Currently, if you are creating a new user on the system_usermanager.php?act=new page,
'Click to create a user certif... Viktor Gurov

06/11/2020

09:49 PM pfSense Packages Bug #10656 (Closed): Acme letsencrypt doesn't change private key type: As alluded to in this year and a half old post (https://forum.netgate.com/topic/116404/ntopng-and-let-s-encrypt-certi... Howard Holm
09:43 PM pfSense Packages Bug #10655 (Resolved): ntopng fails with letsencrypt ECC certificates: Configuring ntopng to use letsencrypt certificates (via the Acme package) works with default RSA 2048 bit certificate... Howard Holm
05:40 PM Revision 26665a25: Add Zabbix 5 config options: (cherry picked from commit 82376829119b61f9ab8eb81a82a2962e847c1c06) Danilo Baio
01:05 PM pfSense Packages Feature #10557: Add Zabbix 5.0 LTS (agent and proxy) packages: Seems to work for me Pim Janssen
12:55 PM pfSense Packages Feature #10557: Add Zabbix 5.0 LTS (agent and proxy) packages: Danilo Baio wrote:
> Yes, it's missing zabbix config options for the 2.4.5 packages:
> https://github.com/pfsense/F... Danilo Baio
12:31 PM pfSense Packages Feature #10557: Add Zabbix 5.0 LTS (agent and proxy) packages: Pim Janssen wrote:
> Thanks, i just upgraded my zabbix-proxy on pfsense.
> Now i am getting the following error:
>... Danilo Baio
11:55 AM pfSense Packages Feature #10557: Add Zabbix 5.0 LTS (agent and proxy) packages: Thanks, i just upgraded my zabbix-proxy on pfsense.
Now i am getting the following error:
`connection to database '... Pim Janssen
11:04 AM pfSense Packages Bug #10654 (Resolved): Whitelisted domains starting with a dot are ignored: https://forum.netgate.com/topic/153933/solved-squid-0-4-44_25-assertion-failed-http-cc-1533-comm-monitorsread-serverc... Viktor Gurov
09:58 AM pfSense Packages Bug #10146 (Resolved): squid4 obsolete options: OK - no NO_SSLv2 option in squid pkg 0.4.44_26 Viktor Gurov
09:55 AM Bug #10625 (Resolved): PFTop filter hide: works as expected on 2.5.0.a.20200611.0650 Viktor Gurov
08:50 AM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: The latest 2.5.0 snapshot now contains miniupnpd-2.2.0.r1,1 for testing Jim Pingle
08:21 AM Bug #10565: WAN_DHCP6 Stuck Pending / Unknown: I just upgraded from 2.4.5 to 2.4.5-RELEASE-p1 and now I am seeing the same issue. I have 3 gateways--ipv4 and ipv6 ... Thomas Clark
08:05 AM Bug #1353 (Pull Request Review): Number of queues possible: Jim Pingle
01:56 AM Bug #1353: Number of queues possible: error on the latest snapshot:... Viktor Gurov
06:52 AM Revision cd0c9e11: PRIQ queue array check. Issue #1353: Viktor Gurov
06:39 AM pfSense Docs Correction #10648: Feedback on IPsec — Mobile IPsec — Windows IKEv2 Client Configuration: need to add more info about Win10 rekeying issue:
https://wiki.strongswan.org/issues/3400 Viktor Gurov
04:38 AM pfSense Packages Feature #9874 (Resolved): safesearch enforcing: link is ok now Viktor Gurov
04:37 AM pfSense Packages Feature #10627 (Resolved): add Yandex Site Checker link: works as expected on the latest pfBlockerNG-devel Viktor Gurov
04:02 AM Bug #10337 (Closed): OpenVPN CSO changes require server restart: no such issue on 2.4.5-p1 and the latest 2.5
this seems to be fixed in OpenVPN 2.4.9 Viktor Gurov
01:21 AM pfSense Packages Feature #10653 (New): Allow to download frr_status: Add a button on the status_frr.php page to load all the frr status output as a txt file. Viktor Gurov
01:08 AM pfSense Packages Feature #10628 (Resolved): Allow to change url_rewrite_children options: pfSense-pkg-squidGuard-1.16.18_6 works as expected Viktor Gurov

06/10/2020

06:09 PM Revision 6b624e41: Merge pull request #4327 from vktg/prioinputvalid: Renato Botelho
05:28 PM pfSense Packages Bug #10642: ACME certificate renewal with DNS-Gandi method fails when using multiple Gandi keys: I don't have SSH access to the router, so unfortunately I cannot run acme.sh outside pfSense. I suppose the answer li... Oriane Tury
05:24 PM Revision e2456a7a: Fix syntax error in shaper.inc: Jim Pingle
05:01 PM Revision 7e4e04ef: Fix duplicate upgrade function. Fixes #10652: Jim Pingle
04:51 PM Revision b0f0993d: PRIQ queue input validation. Issue #1353: Viktor Gurov
04:04 PM Revision f266729e: Enable build of zabbix 5 packages: Renato Botelho
04:04 PM Revision 24d814e0: Enable build of zabbix 5 packages: Renato Botelho
03:18 PM Revision e1c689ee: OpenVPN TCP client fix. Issue #10650: (cherry picked from commit 6ac20ad3db7bcb34ab72dcb16ced6c1e89802595) Viktor Gurov
03:04 PM Revision f4311a4f: Merge pull request #4321 from vktg/sanitizeacme: Renato Botelho
03:04 PM Revision 71d6bb91: Merge pull request #4322 from vktg/captivedisableperuserbw: Renato Botelho
03:04 PM Revision 5d40d3a8: Merge pull request #4323 from vktg/captiveautomacfix: Renato Botelho
03:04 PM Revision d2b35ca7: Merge pull request #4324 from vktg/statusl2tp: Renato Botelho
03:03 PM Revision 5a649783: Merge pull request #4352 from vktg/ovpntcpfix: Renato Botelho
02:56 PM Revision 057fd00a: Merge pull request #4328 from vktg/dnqueuerename: Renato Botelho
02:55 PM Revision bb2f2ab3: Merge pull request #4329 from vktg/gwhover: Renato Botelho
02:53 PM Revision 7b1ec2a4: Merge pull request #4335 from vktg/qlxgbaltq: Renato Botelho
02:52 PM Revision 4e164672: Merge pull request #4332 from vktg/gwfoverdyndns: Renato Botelho
02:51 PM Revision c1224a09: Merge pull request #4330 from vktg/doublerootqueuefix: Renato Botelho
02:49 PM Revision 79e269c9: Merge pull request #4337 from vktg/pppoehostuniq: Renato Botelho
02:45 PM Revision a7db13ac: Merge pull request #4150 from Augustin-FL/captiveportal-db-sync: Renato Botelho
02:33 PM Revision 0a904b81: Merge pull request #4338 from vktg/conferrorfix: Renato Botelho
02:31 PM Revision 57bb85a3: Merge pull request #4340 from vktg/6rd6to4mtu: Renato Botelho
02:30 PM Revision 6ac20ad3: OpenVPN TCP client fix. Issue #10650: Viktor Gurov
02:30 PM Revision b7f20acb: Merge pull request #4341 from vktg/6rdfloatfwfix: Renato Botelho
02:29 PM Revision 92b7987b: Merge pull request #4334 from csobankesmarki/master: Renato Botelho
02:27 PM Revision ded0357a: Merge pull request #4342 from vktg/6rddyndns: Renato Botelho
02:24 PM Revision e68308ae: Merge pull request #4343 from vktg/cleanupshapercode: Renato Botelho
02:23 PM Revision 5825b481: Merge pull request #4344 from einichi/master: Renato Botelho
02:22 PM Revision 7c5c9f90: PFTop filter hide for non-states views. Issue #10625: (cherry picked from commit 253102fd66c35762a28d44ceffdfba7f1752fcda) Viktor Gurov
02:22 PM Revision 7ca3a30c: Merge pull request #4345 from vktg/pftopview: Renato Botelho
02:21 PM Revision 47b10da2: Do not show stf(6RD/6to4) interface as parent physical. Issue #10626: (cherry picked from commit d764f8fc68f603eb164b830af9c7c7a4125d21fa) Viktor Gurov
02:21 PM Revision ccd9caac: Merge pull request #4346 from vktg/hidestfint: Renato Botelho
02:19 PM Revision f37ca3fc: Merge pull request #4347 from vktg/gifgreparentvlan: Renato Botelho
02:17 PM Revision 2d0b5798: Merge pull request #4348 from vktg/noreassign: Renato Botelho
02:15 PM Revision 61e98e28: Merge pull request #4339 from bailsman/rc-initial-multiple-parameters: Renato Botelho
02:14 PM Revision a0a6a205: Merge pull request #4349 from dbaio/zabbix5: Renato Botelho
02:12 PM Revision aed29c3b: Merge pull request #4351 from vktg/ovpnpushremove: Renato Botelho
01:29 PM Feature #7727 (Feedback): uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: Jim Pingle
01:28 PM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: We have added the 2.2.0-RC1 version of miniupnpd to the repository for pfSense 2.5.0 and so it should be included in ... Jim Pingle
01:12 PM Bug #9647: hn0: driver does not support altq: Luiz, can you check this one please?
Renato Botelho
01:09 PM Bug #1353 (Feedback): Number of queues possible: PR has been merged. Thanks! Renato Botelho
12:56 PM pfSense Packages Bug #10649: OpenVPN Cllient Export Wizard Using Wrong Root CA Certificate: Jim Pingle wrote:
> That particular document is outdated, the Cert Manager supports forming chains on its own now. I... Dennis Adler
12:15 PM pfSense Packages Bug #10649: OpenVPN Cllient Export Wizard Using Wrong Root CA Certificate: That particular document is outdated, the Cert Manager supports forming chains on its own now. I have a setup with in... Jim Pingle
12:10 PM pfSense Packages Bug #10649: OpenVPN Cllient Export Wizard Using Wrong Root CA Certificate: > Either your CA/Cert subjects are not unique and it formed an incorrect internal association on import, or you impor... Dennis Adler
08:42 AM pfSense Packages Bug #10649 (Not a Bug): OpenVPN Cllient Export Wizard Using Wrong Root CA Certificate: Either your CA/Cert subjects are not unique and it formed an incorrect internal association on import, or you importe... Jim Pingle
04:07 AM pfSense Packages Bug #10649: OpenVPN Cllient Export Wizard Using Wrong Root CA Certificate: Note: I posted this initially on the Netgate forums. Several views but no feedback. Perhaps not many people set up a ... Dennis Adler
04:05 AM pfSense Packages Bug #10649 (Not a Bug): OpenVPN Cllient Export Wizard Using Wrong Root CA Certificate: This occurs using pfSense 2.4.5-RELEASE (arm) on an SG-3100. OpenVPN CE Wizard v1.4.23.
I had two Root CAs in pfSe... Dennis Adler
12:10 PM Bug #10652 (Feedback): Duplicate upgrade_203_to_204() function in upgrade_config.inc: Applied in changeset commit:7e4e04efe923bcdfd3fe11ba4cf0a068714078bc. Jim Pingle
12:01 PM Bug #10652 (Resolved): Duplicate upgrade_203_to_204() function in upgrade_config.inc: After merging PR 4150, there are two @upgrade_203_to_204()@ functions, the newly merged one needs changed to @upgrade... Jim Pingle
11:32 AM Feature #10651: Remove/replace deprecated OpenVPN options: Pippin MMD wrote:
> From today's meeting:
> "(13:45:40) dazo: We also need to un-deprecate comp-lzo in the wiki"
... Jim Pingle
11:25 AM Feature #10651: Remove/replace deprecated OpenVPN options: From today's meeting:
"(13:45:40) dazo: We also need to un-deprecate comp-lzo in the wiki"
https://community.open... Pippin MMD
10:19 AM Feature #10651: Remove/replace deprecated OpenVPN options: We already have options for the new compress style. The older options are still there as well, but they can stay unti... Jim Pingle
10:17 AM Feature #10651 (New): Remove/replace deprecated OpenVPN options: some changes from https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst:... Viktor Gurov
11:04 AM pfSense Packages Feature #10557 (Feedback): Add Zabbix 5.0 LTS (agent and proxy) packages: PR has been merged. Thanks! Renato Botelho
11:01 AM pfSense Packages Feature #9874 (Feedback): safesearch enforcing: PR has been merged. Thanks! Renato Botelho
10:53 AM pfSense Packages Feature #10628 (Feedback): Allow to change url_rewrite_children options: PR has been merged. Thanks! Renato Botelho
10:53 AM pfSense Packages Feature #10627 (Feedback): add Yandex Site Checker link: PR has been merged. Thanks! Renato Botelho
10:52 AM pfSense Packages Feature #10618 (Feedback): Set sysDescr the same as bsnmpd unless overriden with net-snmp: PR has been merged. Thanks! Renato Botelho
10:51 AM pfSense Packages Bug #10146 (Feedback): squid4 obsolete options: PR has been merged. Thanks! Renato Botelho
10:50 AM pfSense Packages Bug #5168 (Feedback): squid doesn't function during/after HA failover: PR has been merged. Thanks! Renato Botelho
10:49 AM pfSense Packages Feature #9793 (Feedback): Add support for HAProxy ACLs "src -f /ipalias.lst" to use pfBlockerNG IP Alias Native: PR has been merged. Thanks! Renato Botelho
10:48 AM pfSense Packages Feature #8727 (Feedback): Clone button in cron pkg: PR has been merged. Thanks! Renato Botelho
10:11 AM pfSense Packages Bug #10647 (Feedback): FRR BGP Advanced > Aggregated Addresses ignores ipv6 subnets: PR has been merged. Thanks! Renato Botelho
09:19 AM pfSense Packages Bug #10647 (Pull Request Review): FRR BGP Advanced > Aggregated Addresses ignores ipv6 subnets: Jim Pingle
01:48 AM pfSense Packages Bug #10647: FRR BGP Advanced > Aggregated Addresses ignores ipv6 subnets: Fix:
https://github.com/pfsense/FreeBSD-ports/pull/877 Viktor Gurov
10:04 AM Bug #10650 (Feedback): OpenVPN TCP in 2.4.5-p1 not working: PR has been merged. Thanks! Renato Botelho
09:02 AM Bug #10650 (Pull Request Review): OpenVPN TCP in 2.4.5-p1 not working: Jim Pingle
08:55 AM Bug #10650: OpenVPN TCP in 2.4.5-p1 not working: https://github.com/pfsense/pfsense/pull/4352 Viktor Gurov
08:50 AM Bug #10650 (Resolved): OpenVPN TCP in 2.4.5-p1 not working: https://forum.netgate.com/topic/154365/openvpn-tcp-in-2-4-5-p1-not-working:
Hi, just upgraded to 2.4.5p1 last night ... Viktor Gurov
10:04 AM Feature #10583 (Feedback): status.php: Add L2TP VPN configuration: PR has been merged. Thanks! Renato Botelho
10:04 AM Bug #9933 (Feedback): Captive Portal + Voucher not keeping auto-added "Pass-through MAC Auto Entry": PR has been merged. Thanks! Renato Botelho
10:04 AM Bug #9311 (Feedback): Captive Portal continues to limit per-user bandwidth when not enabled: PR has been merged. Thanks! Renato Botelho
10:04 AM Bug #10569 (Feedback): Sanitize ACME passwords: PR has been merged. Thanks! Renato Botelho
09:56 AM Bug #3924 (Feedback): Renaming limiters removes them from firewall rules: PR has been merged. Thanks! Renato Botelho
09:55 AM Feature #885 (Feedback): Show gateway/group IPs on mouseover: PR has been merged. Thanks! Renato Botelho
09:53 AM Bug #10594 (Feedback): add QLogic 10 Gigabit Ethernet driver (qlxgb) to the ALTQ-capable list: PR has been merged. Thanks! Renato Botelho
09:52 AM Bug #9435 (Feedback): Dynamic DNS Update events do not occur after certain failover event cases: PR has been merged. Thanks! Renato Botelho
09:50 AM Bug #3381 (Feedback): LAN interface root Queue Bandwidth calculation is exactly double the total of the other child queues: PR has been merged. Thanks! Renato Botelho
09:49 AM Feature #10597 (Feedback): Setting host-uniq for PPPoE: PR has been merged. Thanks! Renato Botelho
09:47 AM Feature #97 (Feedback): Captive Portal should sync its database to other members of clusters: PR has been merged. Thanks! Renato Botelho
09:47 AM Bug #8807 (Feedback): HA sync : files voucher_{$cpzone}.cfg and voucher_{$cpzone}.public are not created on save in /var/save when enabling vouchers on master.: PR has been merged. Thanks! Renato Botelho
09:47 AM Bug #8809 (Feedback): HA sync : changing a voucher roll on master does not reset active tickets on slave.: PR has been merged. Thanks! Renato Botelho
09:47 AM Bug #9303 (Feedback): HA sync : disabling captive portal HA sync does remove all zones on slave: PR has been merged. Thanks! Renato Botelho
09:34 AM Feature #10556 (Feedback): Change action on 'XML configuration file not found' error: PR has been merged. Thanks! Renato Botelho
09:31 AM Feature #6377 (Feedback): 6rd ipv6 tunnel: MTU settings not editable and not correlated to interface MTU (hardcoded to 1280): PR has been merged. Thanks! Renato Botelho
09:30 AM Bug #7142 (Feedback): IPv6: Floating rules on 6rd enabled WAN interfaces doesn't get bound to wan_stf: PR has been merged. Thanks! Renato Botelho
09:29 AM Bug #10592 (Feedback): DigitalOcean DNS update adds new DNS record instead of update: PR has been merged. Thanks! Renato Botelho
09:27 AM Bug #9641 (Feedback): Dynamic DNS cannot update AAAA records on 6rd tunnel interfaces bound to PPPoE interfaces: PR has been merged. Thanks! Renato Botelho
09:24 AM Bug #10613 (Feedback): cleanup status_queues.php code: PR has been merged. Thanks! Renato Botelho
09:23 AM Feature #10617 (Feedback): freeDNS Dynamic DNS API v2 Support: PR has been merged. Thanks! Renato Botelho
09:22 AM Bug #10625 (Feedback): PFTop filter hide: PR has been merged. Thanks! Renato Botelho
09:20 AM Bug #10626 (Feedback): get_interface_list() shows _stf (6RD/6to4) interfaces as parent: PR has been merged. Thanks! Renato Botelho
09:20 AM Bug #10623 (Feedback): Wrong Route configured for GIF interface on VLAN on LAGG: PR has been merged. Thanks! Renato Botelho
09:17 AM Bug #10383 (Feedback): Additional interfaces do not survive a reboot before the setup wizard has been run: PR has been merged. Thanks! Renato Botelho
09:15 AM Feature #10603 (Feedback): Handle -c commands with arguments in rc.initial: PR has been merged. Thanks! Renato Botelho
09:14 AM pfSense Docs Correction #10648 (Pull Request Review): Feedback on IPsec — Mobile IPsec — Windows IKEv2 Client Configuration: Jim Pingle
02:12 AM pfSense Docs Correction #10648: Feedback on IPsec — Mobile IPsec — Windows IKEv2 Client Configuration: https://gitlab.netgate.com/docs/pfSense-book/-/merge_requests/6 Viktor Gurov
12:18 AM pfSense Docs Correction #10648 (Closed): Feedback on IPsec — Mobile IPsec — Windows IKEv2 Client Configuration: *Page:* https://docs.netgate.com/pfsense/en/latest/book/ipsec/mobile-ipsec-client-windows.html
*Feedback:*
need... Viktor Gurov
09:13 AM Feature #9702 (Feedback): OpenVPN "push-reset" option in Client Specific Override breaks "subnet" topology: PR has been merged. Thanks! Renato Botelho
09:07 AM Feature #9702 (Pull Request Review): OpenVPN "push-reset" option in Client Specific Override breaks "subnet" topology: Jim Pingle
03:53 AM Feature #9702: OpenVPN "push-reset" option in Client Specific Override breaks "subnet" topology: https://github.com/pfsense/pfsense/pull/4351 Viktor Gurov
08:49 AM Revision 8d44d56a: OpenVPN CSO remove routes option. Implements #9702: Viktor Gurov
06:13 AM pfSense Packages Feature #10599: Add support for hitless-reloads of HAproxy config: Thanks and sorry, missed it DRago_Angel [InV@DER]
05:40 AM pfSense Packages Feature #10599 (Rejected): Add support for hitless-reloads of HAproxy config: Already supported:
see https://github.com/pfsense/FreeBSD-ports/blob/76396719e6e1b7c0c54dc70c2bb91c127a7ff8c4/net/... Viktor Gurov

06/09/2020

02:36 PM pfSense Packages Bug #10647 (Resolved): FRR BGP Advanced > Aggregated Addresses ignores ipv6 subnets: The php script generating the bgp.conf file only writes out the configuration if the subnet is an ipv4 subnet: https:... Max Maton
11:49 AM pfSense Packages Bug #10646 (Resolved): Reinstall package process stalls at pfBlockerNG when restoring a config: The package install process for pfBlockerNG completes but the processes do not close out preventing subsequent packag... Steve Wheeler
11:17 AM Feature #10645 (New): Choosing active repo after restoring config but before starting pkgs auto-installing: The current behavior is if a certain repo is set, config contains an entry for this, like @<pkg_repo_conf_path>/usr/l... Constantine Kormashev
09:14 AM Feature #10644: Feature request: MAC-based VLAN: You setup trunking between pfSense and your switch. All VLANs are carried on a single port.
This site is not for s... Jim Pingle
09:07 AM Feature #10644: Feature request: MAC-based VLAN: Jim Pingle wrote:
> That would be done on your switch (L2), not a firewall.
But the only way to manage multiple V... Christian Clark
08:57 AM Feature #10644 (Rejected): Feature request: MAC-based VLAN: That would be done on your switch (L2), not a firewall. Jim Pingle
08:50 AM Feature #10644 (Rejected): Feature request: MAC-based VLAN: Using the instructions here (https://docs.netgate.com/pfsense/en/latest/development/requesting-new-pfsense-features.h... Christian Clark
07:55 AM pfSense Packages Bug #10642: ACME certificate renewal with DNS-Gandi method fails when using multiple Gandi keys: Have you tried doing this with acme.sh on its own (not through pfSense)? It may be a problem in the Gandi script, it ... Jim Pingle
07:24 AM pfSense Docs Correction #10643 (Closed): Feedback on Routing and Multi-WAN — Gateway Settings: *Page:* https://docs.netgate.com/pfsense/en/latest/routing/gateway-configure.html
*Feedback:*
This doesn't seem t... Steve Scott

06/08/2020

03:17 PM pfSense Packages Bug #10642 (Duplicate): ACME certificate renewal with DNS-Gandi method fails when using multiple Gandi keys: With the ACME service, when trying to issue/renew a certificate on 2 domain names (or more) using the DNS-Gandi Live ... Oriane Tury
10:52 AM Bug #10558 (Confirmed): Multicast daemons work at boot, but fail if restarted: Jim Pingle
09:19 AM Feature #10641: Move logic code outside of /usr/local/www: Ok, thanks for your answer.
Let us know if we can contribute in any way to your long term plan to release an API (... Frederic Bor
08:31 AM Feature #10641 (Closed): Move logic code outside of /usr/local/www: That's part of a longer term plan for rewrite/integrating an API/etc. We'd rather not do it piecemeal in this fashion. Jim Pingle
09:11 AM pfSense Packages Feature #10640 (Rejected): Request addition of ZNC to Package Manager available packages: In my opinion, that kind of service is a poor fit for a firewall. Especially given its "poor security history":https:... Jim Pingle
09:06 AM Bug #9647 (Pull Request Review): hn0: driver does not support altq: Jim Pingle
09:05 AM Feature #7095 (Pull Request Review): Improve Remote Gateway field description for IPSec VPN Phase 1: Jim Pingle
08:45 AM Feature #10639 (Pull Request Review): Add rtwn(4) wireless support: Jim Pingle
08:41 AM pfSense Packages Feature #10557 (Pull Request Review): Add Zabbix 5.0 LTS (agent and proxy) packages: Jim Pingle

06/07/2020

04:01 PM Bug #9643: Limiters do not function properly on 2.5 snapshots: I'm having the same issue, running on a VK-T40E:
2.5.0.a.20200603.1253
If I enable the floating rule, I lose al... Tom Fuke
03:43 PM Feature #10641 (Closed): Move logic code outside of /usr/local/www: Hello,
We are developping ansible modules for pfSense (https://github.com/opoplawski/ansible-pfsense). Since there... Frederic Bor

06/06/2020

04:24 PM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: Thomas BERNARD wrote:
> please test with miniupnpd-2.2.0-RC1.tar.gz
> released on https://miniupnp.tuxfamily.org/fi... Marc 05
01:36 PM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: please test with miniupnpd-2.2.0-RC1.tar.gz
released on https://miniupnp.tuxfamily.org/files/ Thomas BERNARD
02:40 PM pfSense Packages Feature #10640 (Rejected): Request addition of ZNC to Package Manager available packages: I would like to request the addition of the ZNC package for installation via the pfSense Package Manager, pfSense rel... Murray Williams
11:30 AM Bug #9647: hn0: driver does not support altq: https://github.com/pfsense/FreeBSD-src/pull/32 Viktor Gurov
09:23 AM Bug #10638: ipsec VTI interface not setting tunnel parameters when phase1 Remote Gateway is 0.0.0.0: > You can create Site-to-Site VPN and set 0.0.0.0 as remote gateway address, see #7095 and #7410
Yes that is what ... Tim Carre
08:16 AM Bug #10638: ipsec VTI interface not setting tunnel parameters when phase1 Remote Gateway is 0.0.0.0: Tim Carre wrote:
> Jim Pingle wrote:
> > No, the IP address must be present when the interface is created. You end ... Viktor Gurov
08:46 AM Feature #7095: Improve Remote Gateway field description for IPSec VPN Phase 1: https://github.com/pfsense/pfsense/pull/4350 Viktor Gurov
05:36 AM Bug #8087: Provide Calling-Station-ID to RADIUS backed VPN connections: Calling-Station-Id is already supported by EAP-RADIUS strongswan plugin, see https://wiki.strongswan.org/projects/str... Viktor Gurov
02:23 AM Feature #10639: Add rtwn(4) wireless support: The current conf works with only with FreeBSD 11:
https://www.freebsd.org/cgi/man.cgi?query=rtwn&apropos=0&sektion=4... Viktor Gurov
01:40 AM Feature #10639 (Resolved): Add rtwn(4) wireless support: Current 2.5 kernel contains only rtwn firmwares:... Viktor Gurov

06/05/2020

08:20 PM pfSense Packages Feature #10557: Add Zabbix 5.0 LTS (agent and proxy) packages: Danilo Baio wrote:
> I'll open a PR later today for this...
https://github.com/pfsense/FreeBSD-ports/pull/876
ht... Danilo Baio
08:44 AM pfSense Packages Feature #10557: Add Zabbix 5.0 LTS (agent and proxy) packages: I'll open a PR later today for this... Danilo Baio
01:26 PM Bug #10638: ipsec VTI interface not setting tunnel parameters when phase1 Remote Gateway is 0.0.0.0: Jim Pingle wrote:
> No, the IP address must be present when the interface is created. You end up in a catch-22 where... Tim Carre
01:14 PM Bug #10638 (Not a Bug): ipsec VTI interface not setting tunnel parameters when phase1 Remote Gateway is 0.0.0.0: No, the IP address must be present when the interface is created. You end up in a catch-22 where the tunnel wouldn't ... Jim Pingle
01:10 PM Bug #10638 (Not a Bug): ipsec VTI interface not setting tunnel parameters when phase1 Remote Gateway is 0.0.0.0: Hello everyone,
I am very interested in the Route-Based IPsec VPN and all the possibilities in dynamic routing mad... Tim Carre
10:04 AM Bug #8686: IPsec VTI: Assigned interface firewall rules are never parsed: It doesn't appear to be related. Setting that sysctl to 1, the traffic still arrives on enc0 and is blocked by pf inb... Jim Pingle
08:44 AM pfSense Packages Todo #9880 (Resolved): Remove Zabbix 2.2 Packages: Jim Pingle
08:43 AM pfSense Packages Todo #9880: Remove Zabbix 2.2 Packages: This can be closed Danilo Baio
08:29 AM Bug #10176: Multiple duplicate / overlapping phase 2 Child SAs on IPsec tunnels: All of my test pairs still only have a single SA this morning (2.4.5 and 2.5.0, multiple causes and changes mentioned... Jim Pingle
08:18 AM Bug #10176: Multiple duplicate / overlapping phase 2 Child SAs on IPsec tunnels: If it happens on disconnect/reconnect that is more likely the race condition case and not the reauth case. I wouldn't... Jim Pingle
05:14 AM Bug #10176: Multiple duplicate / overlapping phase 2 Child SAs on IPsec tunnels: I have a GNS3 lab setup with two pfSense VMs connected via IPSec (IKEv2, VTI). Multi-WAN with failover on one side. W... Marc L
07:26 AM Feature #10637 (Resolved): Turn of spell checking on package upgrade progress textarea: When upgrading or installing a package the progress is shown in a html textarea
On my FireFox with Dutch spell che... Jos Groot Lipman

06/04/2020

07:38 PM Revision 82376829: Add Zabbix 5 config options: Danilo Baio
07:09 PM Revision 9a69dd4b: Fix VTI responder only on 2.4.x. Fixes #10176: This only affects 2.4.x, the swanctl rewrite in 2.5.0 fixed this already Jim Pingle
06:13 PM Bug #9634: rc.newwanipv6 is called although dhcp6c should discard Request messages: just to put you right on this Jim as there seems some confusion. The REQUEST you see in the ENV VAR REASON is just dh... Martin Wasley
05:34 PM Revision 31a6bd5e: Use close_action=trap, not hold. Fixes #10632: Jim Pingle
02:20 PM Bug #10176 (Feedback): Multiple duplicate / overlapping phase 2 Child SAs on IPsec tunnels: Applied in changeset commit:9a69dd4b8ff6eeeaf5779b7388a10743afae8e91. Jim Pingle
02:20 PM Bug #10176: Multiple duplicate / overlapping phase 2 Child SAs on IPsec tunnels: There is a small bug on 2.4.x which prevents responder only from working on VTI, I've pushed a fix for that, but it's... Jim Pingle
01:38 PM Bug #10176: Multiple duplicate / overlapping phase 2 Child SAs on IPsec tunnels: Digging deeper in strongSwan most of the times this has happened in the past have been due to the use of IKEv2 with r... Jim Pingle
01:03 PM Bug #10636 (Resolved): The firmware table is filled: In current 12.1-stable based 2.5 snapshots even the default config exhausts the available firmware space at boot:
<p... Steve Wheeler
12:45 PM Revision 772e14a2: Do not reset/reassign interfaces in certain cases. Fixes #10383: Viktor Gurov
12:45 PM Bug #10632 (Feedback): Incorrect swanctl.conf syntax from Child SA Close Action: Applied in changeset commit:31a6bd5e8fb5984e4e8a5a89126b7206f92fde5d. Jim Pingle
12:27 PM Bug #10632 (Confirmed): Incorrect swanctl.conf syntax from Child SA Close Action: You are right, that did change:
https://wiki.strongswan.org/projects/strongswan/wiki/Fromipsecconf
In the old f... Jim Pingle
03:34 AM Bug #10632: Incorrect swanctl.conf syntax from Child SA Close Action: To duplicate this issue, all I think you need to do is change a working IKEv2 connection "Child SA Close Action" to "... Jonathan Grande
02:23 AM Bug #10632 (Resolved): Incorrect swanctl.conf syntax from Child SA Close Action: I was trying the latest pfsense build (2.5.0.a.20200603.1253) when I ran across a snag with IPsec. If you set an IPse... Jonathan Grande
12:19 PM Bug #10383 (Pull Request Review): Additional interfaces do not survive a reboot before the setup wizard has been run: Jim Pingle
07:48 AM Bug #10383: Additional interfaces do not survive a reboot before the setup wizard has been run: Fix:
https://github.com/pfsense/pfsense/pull/4348 Viktor Gurov
12:18 PM pfSense Docs Correction #10631 (Resolved): Feedback on Packages — Fixing a Broken pkg Database: PR merged Jim Pingle
01:13 AM pfSense Docs Correction #10631: Feedback on Packages — Fixing a Broken pkg Database: https://github.com/pfsense/docs/pull/131 Viktor Gurov
01:10 AM pfSense Docs Correction #10631 (Resolved): Feedback on Packages — Fixing a Broken pkg Database: *Page:* https://docs.netgate.com/pfsense/en/latest/packages/fixing-a-broken-pkg-database.html
*Feedback:*
incor... Viktor Gurov
11:44 AM Feature #10635 (Resolved): status.php: Add DNS Resolver configuration: Add /var/unbound/unbound.conf
Useful for:
- Checking custom options
- Interface IP(s) to bind to (mostly IPv6 issu... Viktor Gurov
09:38 AM Bug #10634 (Not a Bug): Sticky connections not working with dual WAN: There isn't enough information here to definitely say there is a bug, it could very well be a configuration or test i... Jim Pingle
08:54 AM Bug #10634: Sticky connections not working with dual WAN: To clarify when I said, "it's not due to the states but I tried setting it to 1200 seconds", I was referring to the "... David Askew
08:45 AM Bug #10634 (Not a Bug): Sticky connections not working with dual WAN: I have sticky connections enabled and have been having issues browsing more than one site that requires me to login (... David Askew
07:38 AM Feature #10633: Add one a new "Server Mode" to the OpenVPN server configuration page or add the missing settings to an existing mode.: Jim Pingle wrote:
> We've considered that before and rejected it for a few reasons:
>
> 1. You shouldn't be mixin... alzee bum
07:20 AM Feature #10633 (Rejected): Add one a new "Server Mode" to the OpenVPN server configuration page or add the missing settings to an existing mode.: We've considered that before and rejected it for a few reasons:
1. You shouldn't be mixing purposes like that (pee... Jim Pingle
06:59 AM Feature #10633 (Rejected): Add one a new "Server Mode" to the OpenVPN server configuration page or add the missing settings to an existing mode.: "Server Mode" is a pfSense invention that determines what settings to expose in the GUI. The issue we're currently h... alzee bum
03:01 AM pfSense Packages Feature #10557: Add Zabbix 5.0 LTS (agent and proxy) packages: The above issue has now status fixed. Pim Janssen

06/03/2020

06:09 PM Bug #10630 (Not a Bug): ipsec p2 entries go down and doesn't reconnect: Not enough information here to say it's a bug. More likely a configuration issue. Post on the forum for assistance in... Jim Pingle
05:36 PM Bug #10630 (Not a Bug): ipsec p2 entries go down and doesn't reconnect: After upgrading to 2.4.5 ipsec vpn tunnels will go down several times per day. In fact it's only the P2 tunnels that ... Peter Ompeli
11:51 AM Bug #10629: miniupnp failed to migrate interface: Jim Pingle wrote:
> There isn't a problem with miniupnpd that I can see here. It had to have been elsewhere in your ... Tom Cosmos
11:09 AM Bug #10629 (Not a Bug): miniupnp failed to migrate interface: There isn't a problem with miniupnpd that I can see here. It had to have been elsewhere in your configuration.
The... Jim Pingle
11:03 AM Bug #10629 (Not a Bug): miniupnp failed to migrate interface: I recently went through a backup/restore to a new device (newer hardware, more interfaces, etc). My design, for conv... Tom Cosmos
11:34 AM Bug #10591 (Resolved): Cannot set a value for NAT Reflection timeout: works as expected on 2.4.5-p1
I can see correct <reflectiontimeout> in /cf/conf/config.xml and in /var/etc/xinetd.... Viktor Gurov
10:58 AM pfSense Packages Feature #10628 (Pull Request Review): Allow to change url_rewrite_children options: Jim Pingle
10:49 AM pfSense Packages Feature #10628: Allow to change url_rewrite_children options: https://github.com/pfsense/FreeBSD-ports/pull/875 Viktor Gurov
08:17 AM pfSense Packages Feature #10628 (Resolved): Allow to change url_rewrite_children options: https://forum.netgate.com/topic/153877/squid-and-squidguard-on-pfsense-for-large-deployment/2:... Viktor Gurov
10:39 AM pfSense Packages Bug #10611 (Pull Request Review): FRR applies file permissions to missing files: Jim Pingle
07:53 AM pfSense Packages Bug #10611: FRR applies file permissions to missing files: Fix:
https://github.com/pfsense/FreeBSD-ports/pull/874 Viktor Gurov
10:38 AM pfSense Packages Feature #10627 (Pull Request Review): add Yandex Site Checker link: Jim Pingle
07:05 AM pfSense Packages Feature #10627: add Yandex Site Checker link: https://github.com/pfsense/FreeBSD-ports/pull/873 Viktor Gurov
07:03 AM pfSense Packages Feature #10627 (Resolved): add Yandex Site Checker link: add link to https://yandex.com/safety/?url=_SITE_ on pfblockerng_threats.php page
See https://yandex.com/support/sea... Viktor Gurov
10:31 AM Bug #10623 (Pull Request Review): Wrong Route configured for GIF interface on VLAN on LAGG: Jim Pingle
03:10 AM Bug #10623: Wrong Route configured for GIF interface on VLAN on LAGG: Fix:
https://github.com/pfsense/pfsense/pull/4347 Viktor Gurov
10:26 AM Bug #10626 (Pull Request Review): get_interface_list() shows _stf (6RD/6to4) interfaces as parent: Jim Pingle
02:31 AM Bug #10626: get_interface_list() shows _stf (6RD/6to4) interfaces as parent: Fix:
https://github.com/pfsense/pfsense/pull/4346 Viktor Gurov
02:28 AM Bug #10626 (Resolved): get_interface_list() shows _stf (6RD/6to4) interfaces as parent: get_interface_list() shows _stf (6RD/6to4) interfaces as parent,
this is not correct since this function must not re... Viktor Gurov
10:24 AM Bug #10625 (Pull Request Review): PFTop filter hide: Jim Pingle
01:51 AM Bug #10625: PFTop filter hide: https://github.com/pfsense/pfsense/pull/4345 Viktor Gurov
01:48 AM Bug #10625 (Resolved): PFTop filter hide: https://forum.netgate.com/topic/154036/pftop-rules-filter-syntax
As filter rule can be used only with states https... Viktor Gurov
09:10 AM Bug #10176: Multiple duplicate / overlapping phase 2 Child SAs on IPsec tunnels: Contrary to my last note, I am seeing this still, but it still appears to be unpredictable. A system that doesn't sho... Jim Pingle
08:59 AM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: I started a forum thread for people to share experiences testing this: https://forum.netgate.com/topic/154153/test-re... Jim Pingle
08:36 AM Revision 082e92af: Use VLAN interface as parent for GIF/GRE. Fixes #10623: Viktor Gurov
07:30 AM Revision d764f8fc: Do not show stf(6RD/6to4) interface as parent physical. Issue #10626: Viktor Gurov
06:49 AM Revision 253102fd: PFTop filter hide for non-states views. Issue #10625: Viktor Gurov

06/02/2020

08:25 PM Revision dba74e12: Fix Google Cloud Platform spelling: (cherry picked from commit 8a162959a3107f607722024356f788f610ac7fdf) Steve Beaver
08:25 PM Revision 107a8042: Deect Azure and differentiate from Hyper-V by looking at hte bios version: (cherry picked from commit 1279a7ac6890386a4224b6f7300e47cadfd6dbe7) Steve Beaver
08:25 PM Revision 123ac7a8: Fixed #10621. Identify Amazon AWS instances without breaking Hyper-V: (cherry picked from commit 6f552d6a5294bda42b5b205351c972892e9c135e) Steve Beaver
08:25 PM Revision 242f8d8d: Fixed #10621. Identify Amazon AWS instances: (cherry picked from commit f3df1d3eaa564da1d1b2c535a59ec269a9edab0f) Steve Beaver
07:34 PM Revision 8a162959: Fix Google Cloud Platform spelling: Steve Beaver
07:31 PM Revision 1279a7ac: Deect Azure and differentiate from Hyper-V by looking at hte bios version: Steve Beaver
06:31 PM Bug #10624 (Resolved): Memory leak in Unbound with Python module and DHCP lease registration active: Issue reported and diagnosed on forums here: Was able to see evidence of this on SG-1100 and SG-3100.
https://for... Adrien Carlyle
06:04 PM Revision 6f552d6a: Fixed #10621. Identify Amazon AWS instances without breaking Hyper-V: Steve Beaver
05:56 PM Revision f3df1d3e: Fixed #10621. Identify Amazon AWS instances: Steve Beaver
02:55 PM Bug #10623: Wrong Route configured for GIF interface on VLAN on LAGG: To add to this: I did select the WAN Interface in the GIF Configuration, so I would expect it to use my selected inte... Flole Systems
02:53 PM Bug #10623 (Resolved): Wrong Route configured for GIF interface on VLAN on LAGG: I am using a VLAN on a LAGG for WAN connectivity. When I configure a GIF, there is a static route forcing traffic to ... Flole Systems
01:05 PM Feature #10621 (Feedback): Update system.inc/system_identify_specific_platform() update to accommodate AWS, Azure and GCP: Applied in changeset commit:f3df1d3eaa564da1d1b2c535a59ec269a9edab0f. Anonymous
12:11 PM Feature #10621 (Resolved): Update system.inc/system_identify_specific_platform() update to accommodate AWS, Azure and GCP: The function system_identify_specific_platform() identifies the platform we are running on, but it needs to be update... Anonymous
10:25 AM Bug #10607 (Resolved): Remote syslog for "General Authentication Events" using wrong selectors: Jim Pingle
10:25 AM Bug #10607: Remote syslog for "General Authentication Events" using wrong selectors: Makes complete sense, thanks for clarifying. And appreciate all the help! Russell Morris
10:21 AM Bug #10607: Remote syslog for "General Authentication Events" using wrong selectors: auth and authpriv are facilities, not process names, so that would not work. It's correct as it is. That section isn'... Jim Pingle
09:57 AM Bug #10607: Remote syslog for "General Authentication Events" using wrong selectors: Hi,
2.5.0 got updated today (or late yesterday) ... :-). So I installed, and it works - thanks! Just one minor thi... Russell Morris
09:57 AM Bug #8686: IPsec VTI: Assigned interface firewall rules are never parsed: That is certainly worth testing but we've had problems flipping that in the past (See #2993, #2636, and several forum... Jim Pingle
12:55 AM Bug #8686: IPsec VTI: Assigned interface firewall rules are never parsed: Is this related:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=232522
filtertunnel sysctls seem to be 0 in pf... Ari Suutari
09:32 AM Bug #9476: pfSense 2.4.x sending ARP replies with non-CARP source MAC address: This is a problem for cable modem setups in particular. Many providers are willing to issue multiple IPs to allow CA... Marc H

06/01/2020

09:15 PM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: Gavin Stewart wrote:
> This is confirmed.
>
> I am able to replicate the failure in a test VM, using my instructi... Gavin Stewart
08:18 PM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: Donn Lasher wrote:
> Same problem here - 2.4.5-RELEASE (amd64)
This is confirmed.
I am able to replicate the f... Gavin Stewart
08:43 PM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: I disabled IPv6 from the WAN interface as I don't use it anyways.
Now I get this in the logs:
Seems possibly r... Marc J
03:45 PM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: I don't have two identical consoles with identical online games to test, but just testing with a upnp client I see th... Jim Pingle
02:54 PM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: According to one of our other developers, the @(name)@ syntax is resolved by pfctl so it isn't in the API. It uses @i... Jim Pingle
02:22 PM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: I don't know how that might be expressed in the ioctl/API, unfortunately. I've posed the question to some of our othe... Jim Pingle
04:38 PM Revision c7df496c: Adjusted freedns v2 API var name to be more readable: Ricky Burgin
02:44 PM Revision f9981994: Include platform name in update check JSON: Steve Beaver
02:33 PM Revision 12a3708e: Include platform name in update check JSON: Steve Beaver
02:00 PM Revision e07f6851: NAT Reflection timeout set fix. Issue #10591: (cherry picked from commit b8d9968cf44bc171c0b3eb020a72589d6c85d94e) Viktor Gurov
02:00 PM Revision bfa5b809: Merge pull request #4333 from vktg/reflectiontimeoutfix: Renato Botelho
01:51 PM pfSense Packages Feature #10618 (Pull Request Review): Set sysDescr the same as bsnmpd unless overriden with net-snmp: Jim Pingle
11:59 AM pfSense Packages Feature #10618 (Resolved): Set sysDescr the same as bsnmpd unless overriden with net-snmp: The current behaviour breaks detection with SNMP NMS' where it will show as a generic FreeBSD box.
https://github.... Ben Hughes
01:49 PM pfSense Packages Feature #10619 (Pull Request Review): Various FRR enhancements: Jim Pingle
12:01 PM pfSense Packages Feature #10619: Various FRR enhancements: Github PR: https://github.com/pfsense/FreeBSD-ports/pull/869 Ben Hughes
12:00 PM pfSense Packages Feature #10619 (Resolved): Various FRR enhancements: Started off tidying up the BFD integrating in #835 and found a few other things to tidy up.
1. Extend #10441 to be... Ben Hughes
01:41 PM pfSense Docs Correction #10593 (Closed): Feedback on Third Party Software and pfSense — Configure BIND as an RFC 2136 Dynamic DNS Server: Thanks! This has been merged. Jared Dillard
11:38 AM Revision 49d54787: Add support for freeDNS DynDNS v2 API refs #10617: Ricky Burgin
10:02 AM Bug #10613 (Pull Request Review): cleanup status_queues.php code: Jim Pingle
10:01 AM pfSense Packages Bug #10146 (Pull Request Review): squid4 obsolete options: Jim Pingle
09:58 AM pfSense Packages Bug #5168 (Pull Request Review): squid doesn't function during/after HA failover: Jim Pingle
09:57 AM Bug #9641 (Pull Request Review): Dynamic DNS cannot update AAAA records on 6rd tunnel interfaces bound to PPPoE interfaces: Jim Pingle
09:01 AM Bug #10591 (Feedback): Cannot set a value for NAT Reflection timeout: PR has been merged. Thanks! Renato Botelho
06:40 AM Feature #10617: freeDNS Dynamic DNS API v2 Support: Github PR URL: https://github.com/pfsense/pfsense/pull/4344 Ricky Burgin
06:31 AM Feature #10617 (Resolved): freeDNS Dynamic DNS API v2 Support: This adds support for freeDNS (afraid.org)'s DynDNS service's more recent API version, which hosts a IPv6 only endpoi... Ricky Burgin
06:31 AM Bug #10614: Unable to update packages due to missing/invalid certs: hi everyone,
first off all you need open this file /usr/local/share/cert/ca-root-nss.txt
and you need the delet... sezer h
06:30 AM Bug #10616: Out of date CA root store - FreeDNS (DynDNS) not working anymore: hi everyone,
first off all you need open this file /usr/local/share/cert/ca-root-nss.txt
and you need the dele... sezer h

05/31/2020

09:47 PM pfSense Docs New Content #10311: Default net.link.ifqmaxlen value leads to packet loss under load in OpenVPN: Tried simple setup of PFSense 2.4.5 (without bridges, just TUN adapter) on VPS server.
Same effect - 20-30 mbit O... Alexey Ab
03:33 PM Bug #10616 (Rejected): Out of date CA root store - FreeDNS (DynDNS) not working anymore: This is not a bug in the pfSense firewall software. The FreeDNS https server is misconfigured and is offering an expi... Chris Linstruth
01:09 PM Bug #10616: Out of date CA root store - FreeDNS (DynDNS) not working anymore: Same Problem for pfBlockerNG, while updating Blocking Lists:
@[ EasyList ] Downloading update . cURL Error: 60
... Johannes Wanink
12:14 PM Bug #10616 (Rejected): Out of date CA root store - FreeDNS (DynDNS) not working anymore: DynDNS FreeDNS is not working anymore. I get the following errors in the logs:
@Curl error occurred: SSL certifica... Johannes Wanink

05/30/2020

03:50 PM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: Same problem here - 2.4.5-RELEASE (amd64)... Donn Lasher
02:06 PM Revision b362e8c2: Cleanup status_queues.php code. Issue #10613: Viktor Gurov
12:26 PM Bug #10614 (Resolved): Unable to update packages due to missing/invalid certs: This was a server side issue and has been resolved. Jim Pingle
09:20 AM Bug #10614 (Resolved): Unable to update packages due to missing/invalid certs: Fresh pfSense 2.4.5-RELEASE installation. The package manager in the web interface states "Unable to retrieve packag... alzee bum
11:12 AM Feature #10615 (Closed): Allow to load kernel from previous release: It would be nice to add /boot/kernel.prev to enable kernel boot from a previous release for emergency/testing cases.
... Viktor Gurov
09:07 AM Bug #10613: cleanup status_queues.php code: https://github.com/pfsense/pfsense/pull/4343 Viktor Gurov
09:06 AM Bug #10613 (Resolved): cleanup status_queues.php code: remove old/unused code from status_queues.php
see
https://github.com/pfsense/pfsense/pull/4330#pullrequestreview-... Viktor Gurov
08:47 AM pfSense Packages Bug #10146: squid4 obsolete options: https://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit#Troubleshooting:
_NO_SSLv2 is relevant only fo... Viktor Gurov
06:43 AM pfSense Packages Bug #5168: squid doesn't function during/after HA failover: https://github.com/pfsense/FreeBSD-ports/pull/867
This is mainly for Transparent mode and IPv6 squid configuration... Viktor Gurov
06:11 AM Revision 30466aef: Allow to use 6RD/6to4 interfaces for DynDNS. Fixes #9641: Viktor Gurov
01:16 AM Bug #9641: Dynamic DNS cannot update AAAA records on 6rd tunnel interfaces bound to PPPoE interfaces: Fix:
https://github.com/pfsense/pfsense/pull/4342 Viktor Gurov

05/29/2020

11:31 PM pfSense Packages Feature #10612 (Resolved): Add pfSense package for Zeek (formerly Bro) Network Security Monitor: PR: https://github.com/pfsense/FreeBSD-ports/pull/866 Prosper Doko
09:24 PM Feature #2983: DHCPD: Add vendor-class-identifier and MAC-OIDs: I second the need for this feature. Ben Tyger
08:22 PM Revision fb477a9d: Fixed whitespace issues as requested by jim-p in the review.: Csoban Kesmarki
05:38 PM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: I don't know the equivalent of using '(re0)' with the ioctl() API. any pointer will be appreciated.
could you plea... Thomas BERNARD
01:34 PM Revision bae04c37: Floating rules 6RD and 6to4 interface. Fixes #7142: Viktor Gurov
01:00 PM pfSense Packages Bug #10611 (Resolved): FRR applies file permissions to missing files: When FRR starts it tries to apply file permissions to all the conf files for it's daemons. Including those that are n... Steve Wheeler
12:41 PM Bug #10610 (Resolved): Package upgrade or reinstall hangs indefintely on the console: Installing or upgrading FRR from the CLI hangs indefinitely when FRR is enabled and configured.
At some point duri... Jim Pingle
11:49 AM pfSense Packages Bug #10444 (Resolved): FRR will not start in 2.4.5 aarch64: Same here on SG-1100, services start and I am seeing neighbors and routes exchanged. Jim Pingle
11:47 AM pfSense Packages Bug #10444: FRR will not start in 2.4.5 aarch64: This looks good in 0.6.5. Service starts as expected.
Tested an SG-1100 running 2.4.5p1. Steve Wheeler
10:37 AM pfSense Packages Bug #10444: FRR will not start in 2.4.5 aarch64: Please re-test with pfSense-pkg-frr 0.6.5 / frr7-7.3.1 to make sure problem persists Renato Botelho
11:06 AM pfSense Packages Bug #10573 (Resolved): Netgate_Coreboot_Upgrade cannot write to flash in 2.4.5: Jim Pingle
11:04 AM pfSense Packages Bug #10573: Netgate_Coreboot_Upgrade cannot write to flash in 2.4.5: This works correctly in the 0.28 package.
Tested on an SG-4860 in a 2.4.5p1 snapshot.
!Selection_849.png!
Steve Wheeler
10:50 AM Bug #7142: IPv6: Floating rules on 6rd enabled WAN interfaces doesn't get bound to wan_stf: Viktor Gurov wrote:
> Fix:
> https://github.com/pfsense/pfsense/pull/4341
Wow.. two 6rd fixes in two days, you'r... Kewin Christensen
08:54 AM Bug #7142 (Pull Request Review): IPv6: Floating rules on 6rd enabled WAN interfaces doesn't get bound to wan_stf: Jim Pingle
08:37 AM Bug #7142: IPv6: Floating rules on 6rd enabled WAN interfaces doesn't get bound to wan_stf: Fix:
https://github.com/pfsense/pfsense/pull/4341 Viktor Gurov
10:26 AM Revision 5fff62d9: Do not halt on configuration file not found error. Implements #10556: Viktor Gurov
10:25 AM Bug #10351 (Resolved): Saving IPSEC connection breaks FRR BGP on VTI interfaces: This appears to be doing as much as it can. There may be other similar/related issues but this specific case appears ... Jim Pingle
10:19 AM Bug #9634 (Resolved): rc.newwanipv6 is called although dhcp6c should discard Request messages: Confirmed as resolved Jim Pingle
07:13 AM Bug #9634: rc.newwanipv6 is called although dhcp6c should discard Request messages: Daryl Morse wrote:
> Jim Pingle wrote:
> > By taking action we aren't technically discarding the message. It should... Jim Pingle
10:03 AM Todo #10609 (Resolved): Fix for CVE-2020-12762 (CVSS 3: 7.8) - json-c integer overflow and out-of-bounds write: New version is present in the staging repo. Jim Pingle
08:20 AM Todo #10609 (Feedback): Fix for CVE-2020-12762 (CVSS 3: 7.8) - json-c integer overflow and out-of-bounds write: Version 0.14 cherry-picked Renato Botelho
06:37 AM Todo #10609 (Resolved): Fix for CVE-2020-12762 (CVSS 3: 7.8) - json-c integer overflow and out-of-bounds write: Running "pkg audit -F" on a 2.4.5-RELEASE box yields:
Fetching vuln.xml.bz2: 100% 853 KiB 873.2kB/s 00:01
... e 1/1
06:28 AM Revision 4fa69727: 6RD and 6to4 interface MTU set fix. Issue #6377: Viktor Gurov
05:07 AM pfSense Packages Bug #10502: LLDP spamming errors on Netgate XG-7100: So maybe we can track this issue https://github.com/vincentbernat/lldpd/issues/394 and till it (or if it will not) fi... DRago_Angel [InV@DER]
04:53 AM pfSense Packages Bug #10502: LLDP spamming errors on Netgate XG-7100: DRago_Angel [InV@DER] wrote:
> Additionally LLDPd with active NDP (enabled and forced) throw errors if chosen interf... Viktor Gurov
04:27 AM Bug #9471: GIF tunnel not added to interface group after reboot: no such issue on 2.4.5-p1,
I added the GIF, GRE, VTI, and OPT1 interface to the group of interfaces and can see them... Viktor Gurov
02:43 AM Bug #10317 (Resolved): SMTP notifications validating SSL when option disabled: works as expected on 2.4.5-p1 - no SSL errors if 'Validate SSL/TLS' checkbox is not set Viktor Gurov
12:43 AM pfSense Packages Bug #10608 (Closed): Update squid port to 4.11-p2: Current pfSense ports squid version 4.10 contains a bug that may cause a crash when users navigate the Internet,
See... Viktor Gurov

05/28/2020

11:43 PM Bug #9634: rc.newwanipv6 is called although dhcp6c should discard Request messages: Jim Pingle wrote:
> Daryl Morse wrote:
> > Jim Pingle wrote:
> > > The intent of the patch was to not run rc.newwa... Daryl Morse
07:59 PM Bug #9634: rc.newwanipv6 is called although dhcp6c should discard Request messages: Daryl Morse wrote:
> Jim Pingle wrote:
> > The intent of the patch was to not run rc.newwanipv6 and the "without RA... Jim Pingle
07:21 PM Bug #9634: rc.newwanipv6 is called although dhcp6c should discard Request messages: Jim Pingle wrote:
> The intent of the patch was to not run rc.newwanipv6 and the "without RA" path wasn't doing that... Daryl Morse
06:10 PM Revision e2119c73: Correct selectors for remote auth logs. Fixes #10607: Jim Pingle
06:09 PM Revision c472f9a1: Reindex users before performing XMLRPC auth. Fixes #10585: The users may have changed between XMLRPC calls, so take that into
account. Jim Pingle
01:49 PM Bug #10607: Remote syslog for "General Authentication Events" using wrong selectors: Sounds great, thanks! And appreciate all the help!
Russell Morris
01:38 PM Bug #10607: Remote syslog for "General Authentication Events" using wrong selectors: It will be in the next 2.5.0 snapshot that includes it, so as soon as the build happens, likely later today. Jim Pingle
01:22 PM Bug #10607: Remote syslog for "General Authentication Events" using wrong selectors: Thanks! Sorry, but a dumb question ... how to know when this will show up in an "official" build (to install, and con... Russell Morris
01:20 PM Bug #10607 (Feedback): Remote syslog for "General Authentication Events" using wrong selectors: Applied in changeset commit:e2119c732291143e0e0eff4f2aa1be70554b6315. Jim Pingle
01:08 PM Bug #10607 (Resolved): Remote syslog for "General Authentication Events" using wrong selectors: When "General Authentication Events" is selected, the remote syslog line uses "*.*" and not "auth.*;authpriv.*". This... Jim Pingle
01:15 PM Bug #10585 (Feedback): auth.inc: Exception calling XMLRPC method restore_config_section #-1 : Authentication failed: Invalid username or password: Applied in changeset commit:c472f9a103be09a023141207ed2d2dc94dd3002e. Jim Pingle
01:12 PM Bug #10588: syslog (remote) receiving DHCP logging, even when disabled: NP, thanks!
Russell Morris
01:11 PM Bug #10588: syslog (remote) receiving DHCP logging, even when disabled: OK, I was able to reproduce the problem with the auth log, I moved it over to #10607 -- it may be what caused the pro... Jim Pingle
12:58 PM Feature #6377 (Pull Request Review): 6rd ipv6 tunnel: MTU settings not editable and not correlated to interface MTU (hardcoded to 1280): Jim Pingle
11:01 AM Feature #6377: 6rd ipv6 tunnel: MTU settings not editable and not correlated to interface MTU (hardcoded to 1280): https://github.com/pfsense/pfsense/pull/4340 Viktor Gurov
10:06 AM pfSense Packages Bug #10606: Snort Inline stopped working after upgrade to FreeBSD 12.1 (network traffic blocked after heavy load randomly): You might post on the IDS/IPS category of the forum to catch the snort developer's attention there. Similar issues ha... Jim Pingle
10:02 AM pfSense Packages Bug #10606 (New): Snort Inline stopped working after upgrade to FreeBSD 12.1 (network traffic blocked after heavy load randomly): Snort Inline stopped working after upgrade to FreeBSD 12.1 (network traffic blocked after heavy load randomly).
Ne... David Rupprechter
10:01 AM pfSense Packages Feature #10605 (Resolved): Add certificates from Trusted Store to Squid cert store: PfSense 2.5 has the 'add to Trust Store' feature #4068, which allows you to add pfSense certificates to /etc/ssl/cert... Viktor Gurov
08:49 AM Feature #10603 (Pull Request Review): Handle -c commands with arguments in rc.initial: Jim Pingle
08:47 AM pfSense Docs Correction #10604 (Resolved): Feedback on System Monitoring — Monitoring Bandwidth Usage: PR merged Jim Pingle
12:57 AM pfSense Docs Correction #10604: Feedback on System Monitoring — Monitoring Bandwidth Usage: fix:
https://github.com/pfsense/docs/pull/130 Viktor Gurov
08:46 AM pfSense Docs Correction #10598 (Resolved): Feedback on Cellular Wireless — Known Working 3G-4G Modems: PR merged Jim Pingle
08:13 AM Bug #9246 (Closed): dhcp configuration v4/v6 ignores VLAN priority configuration: This is correct behavior,
see https://redmine.pfsense.org/issues/7425#note-21:
Bob Gray wrote:
> In 2.4.4-RELEA... Viktor Gurov
06:46 AM Revision 71465708: Setting host-uniq for PPPoE. Implements #10597: Viktor Gurov
04:44 AM Bug #6579 (Resolved): IPv6 CARP VIPs lost upon config sync where they include non-significant zeros: works as expected on 2.4.5-p1 HA pair,
I can set fc00:3::512/64, fc00:003::512/64, fc00:0003::0512/64, etc. CARP VIP... Viktor Gurov
04:40 AM Bug #3896 (Resolved): ipv6 pppoe ISP with static adress: Resolved in #7598 Viktor Gurov
04:34 AM Bug #7822 (Closed): pppoe gui ivp6 set to none still enables in conf: Duplicate of #7386 Viktor Gurov
01:55 AM Feature #7618: Add support for user-supplied Host-Uniq tag and handle PADM messages in Netgraph PPPoE: > We’ll pull the support for this in as soon as FreeBSD accepts it. (It’s too big to carry.)
Accepted: https://githu... Viktor Gurov
01:07 AM Revision 0cf9ffc2: rc.initial: handle -c command with arguments: before this change rc.initial only passes the first -c parameter.
instead passing every parameter allows you to run c... Emanuel Rietveld

05/27/2020

08:14 PM Feature #10603: Handle -c commands with arguments in rc.initial: Pull request submitted https://github.com/pfsense/pfsense/pull/4339 Emanuel Rietveld
08:10 PM Feature #10603: Handle -c commands with arguments in rc.initial: Patch attached. Emanuel Rietveld
08:05 PM Feature #10603 (Resolved): Handle -c commands with arguments in rc.initial: Following #4422 rc.initial now handles a -c parameter consisting of a single command with no arguments.
With this ... Emanuel Rietveld
08:11 PM pfSense Docs Correction #10604 (Resolved): Feedback on System Monitoring — Monitoring Bandwidth Usage: *Page:* https://docs.netgate.com/pfsense/en/latest/monitoring/monitoring-bandwidth-usage.html
*Feedback:*
ntopng ... Paighton Bisconer
07:44 PM pfSense Packages Bug #10602 (Resolved): Dashboard->Traffic Graphs bandwidth designations on hover pop-ups: The scales are reporting Mbytes/sec but the pop-up is using the Mbits/sec designation: Mb/s. Needs to be corrected ... Randall Barth
07:42 PM pfSense Packages Bug #10601 (New): Dashboard->Traffic Graphs Scale is capped for outbound: The WAN out and LAN in scales are capped at 1 Mbyte/sec. They should adjust scale range as do the WAN in and LAN out. Randall Barth
03:32 PM Bug #10430: Captive Portal shows 404 post login after upgrade to 2.4.5: "After authentication Redirection URL" works for me when I have the client load the portal login page and login. Afte... Jim Pingle
12:15 PM Bug #10430: Captive Portal shows 404 post login after upgrade to 2.4.5: Hi, Jim, I can confirm that something must have changed, possibly during the upgrade, between the two settings "Pre-a... simon lock
03:13 PM Feature #10556 (Pull Request Review): Change action on 'XML configuration file not found' error: Jim Pingle
08:55 AM Feature #10556: Change action on 'XML configuration file not found' error: With this PR it goes forward and shows a console menu that allow you to make a factory reset for example:
https://gi... Viktor Gurov
03:08 PM pfSense Packages Feature #10600: Add support for pfBlockerNG "Action list" feature: It would be cool if you add both flows. Thank you guys. And about HAproxy Reload Integration it better to be done as ... DRago_Angel [InV@DER]
03:04 PM pfSense Packages Feature #10600 (New): Add support for pfBlockerNG "Action list" feature: Some other plugins that can use pfBlockerNG native aliases can need additional reload/restart action to load new IPs ... DRago_Angel [InV@DER]
03:03 PM Feature #10597 (Pull Request Review): Setting host-uniq for PPPoE: Jim Pingle
04:18 AM Feature #10597: Setting host-uniq for PPPoE: https://github.com/pfsense/pfsense/pull/4337 Viktor Gurov
01:27 AM Feature #10597 (Resolved): Setting host-uniq for PPPoE: https://forum.netgate.com/topic/153911/setting-host-uniq-for-pppoe:
"My ISP uses the host-uniq part of the PPPoE PAD... Viktor Gurov
02:48 PM pfSense Packages Feature #9793 (Pull Request Review): Add support for HAProxy ACLs "src -f /ipalias.lst" to use pfBlockerNG IP Alias Native: Jim Pingle
01:24 PM pfSense Packages Feature #9793: Add support for HAProxy ACLs "src -f /ipalias.lst" to use pfBlockerNG IP Alias Native: Ok, thanks DRago_Angel [InV@DER]
12:15 PM pfSense Packages Feature #9793: Add support for HAProxy ACLs "src -f /ipalias.lst" to use pfBlockerNG IP Alias Native: it would be nice to use "hitless-reloads" with 'action list'
Please create a new redmine issue for this
Viktor Gurov
11:43 AM pfSense Packages Feature #9793: Add support for HAProxy ACLs "src -f /ipalias.lst" to use pfBlockerNG IP Alias Native: Tested this patch, it works as expected, thanks!
Could you please advice what the best|correct way(command) to recre... DRago_Angel [InV@DER]
11:24 AM pfSense Packages Feature #9793: Add support for HAProxy ACLs "src -f /ipalias.lst" to use pfBlockerNG IP Alias Native: Yep, this fine. And yes, I understand what this commit adds, thanks =)
Will try to test it now. DRago_Angel [InV@DER]
11:04 AM pfSense Packages Feature #9793: Add support for HAProxy ACLs "src -f /ipalias.lst" to use pfBlockerNG IP Alias Native: This PR adds support for the URL Table alias type, and it can be not only the pfBlockerNG URL, but also a list on you... Viktor Gurov
10:39 AM pfSense Packages Feature #9793: Add support for HAProxy ACLs "src -f /ipalias.lst" to use pfBlockerNG IP Alias Native: Hi Viktor,
I speak with @bbcan177 about this initially and tested changing files on filesystem. Reloading of SrcIPs ... DRago_Angel [InV@DER]
03:30 AM pfSense Packages Feature #9793: Add support for HAProxy ACLs "src -f /ipalias.lst" to use pfBlockerNG IP Alias Native: Allows to use URL Table type alias:
https://github.com/pfsense/FreeBSD-ports/pull/865 Viktor Gurov
02:44 PM Bug #9450 (Pull Request Review): Multiwan gateway group fail-over not working as expected (possible race condition): Proposed fix PR: https://github.com/pfsense/pfsense/pull/4336 Jim Pingle
02:44 PM Bug #10546 (Pull Request Review): Gateways removed from routing groups based on low alert thresholds: Proposed fix PR: https://github.com/pfsense/pfsense/pull/4336 Jim Pingle
01:34 PM pfSense Packages Feature #10599 (Rejected): Add support for hitless-reloads of HAproxy config: HAproxy allows reload configs without restart of service via socket command: https://www.haproxy.com/blog/hitless-rel... DRago_Angel [InV@DER]
01:33 PM Revision 658b4b7f: Do not halt on configuration file not found error. Implements #10556: Viktor Gurov
06:13 AM Bug #9643: Limiters do not function properly on 2.5 snapshots: not working for me either
2.5.0.a.20200522.0732
I need to disable the floating rule to make internet work again Manuel Piovan
02:01 AM pfSense Docs Correction #10598: Feedback on Cellular Wireless — Known Working 3G-4G Modems: https://github.com/pfsense/docs/pull/129 Viktor Gurov
01:51 AM pfSense Docs Correction #10598 (Resolved): Feedback on Cellular Wireless — Known Working 3G-4G Modems: *Page:* https://docs.netgate.com/pfsense/en/latest/cellular/known-working-3g-4g-modems.html
*Feedback:*
add Sie... Viktor Gurov

Also available in: Atom

Project

General

Profile

pfSense

Activity

Activity

06/25/2020

06/24/2020

06/23/2020

06/22/2020

06/21/2020

06/20/2020

06/19/2020

06/18/2020

06/17/2020

06/16/2020

06/15/2020

06/14/2020

06/13/2020

06/12/2020

06/11/2020

06/10/2020

06/09/2020

06/08/2020

06/07/2020

06/06/2020

06/05/2020

06/04/2020

06/03/2020

06/02/2020

06/01/2020

05/31/2020

05/30/2020

05/29/2020

05/28/2020

05/27/2020