Activity

30 days up to

User

Subprojects

Activity

From 06/06/2020 to 07/05/2020

07/05/2020

04:13 PM Revision 1b54754b: IDN symbols in DNS Resolver ACL. Fixes #10730: Viktor Gurov
02:14 PM Feature #9717: Search box for pfsense ?: I would also like to suggest a search function be added to the PFsense GUI.
Perhaps right on the top menu should be ... Tony Burns
11:14 AM Bug #10730: Unable to use IDN symbols in DNS Resolver ACL: https://github.com/pfsense/pfsense/pull/4389 Viktor Gurov
11:08 AM Bug #10730 (Resolved): Unable to use IDN symbols in DNS Resolver ACL: https://forum.netgate.com/topic/153501/dns-resolver-and-access-list-access-list-entry-is-not-saved:
It's the first t... Viktor Gurov
11:04 AM pfSense Packages Bug #10688 (Resolved): Remove Zabbix 4.2 ports: removed from 2.4 and 2.5 repo Viktor Gurov
10:59 AM pfSense Packages Bug #9813 (Resolved): Fails saving accountkeys if name contains non-English characters: Fixed in #10442 Viktor Gurov
10:55 AM pfSense Packages Bug #7271: Co-existence of unbound and BIND/named: https://github.com/pfsense/FreeBSD-ports/pull/896 Viktor Gurov
10:40 AM pfSense Packages Bug #8254 (Resolved): BIND, Register DHCP static mappings and Subzones: no such issue with 9.16_1, https://github.com/pfsense/FreeBSD-ports/blob/devel/dns/pfSense-pkg-bind/files/usr/local/p... Viktor Gurov
10:14 AM pfSense Packages Bug #10507: Unable to use forwarders: Fix:
https://github.com/pfsense/FreeBSD-ports/pull/895 Viktor Gurov
07:51 AM Bug #10716: Policy routing rules are not written correctly for a down gateway: Tested the new patch with gateway group rules again 2.4.5p1. Seems to work as expected in all conditions.
Tested g... Steve Wheeler
06:55 AM pfSense Packages Bug #10506: Recursion not working on fresh BIND install: fix:
https://github.com/pfsense/FreeBSD-ports/pull/894 Viktor Gurov
06:10 AM pfSense Packages Bug #10445: BIND crashed when added RPZ. rpz is not a master or slave zone.: Fixes:
https://github.com/pfsense/FreeBSD-ports/pull/893 Viktor Gurov
02:52 AM pfSense Packages Bug #10330: BIND zone configuration displays wrong DS resource record with inline DNSSEC signing enabled: Fix:
https://github.com/pfsense/FreeBSD-ports/pull/892 Viktor Gurov
01:12 AM Bug #10729 (New): Certificate verification failed for pkg.freebsd.org: https://forum.netgate.com/topic/155037/pkg-add-authentication-error-connecting-to-pkg-freebsd-org-let-s-encrypt-cert:... Viktor Gurov
12:40 AM Bug #10542: Exclamation marks in the description field of a floating rule result in a filter reload error.: seems related to https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=182819 Viktor Gurov

07/04/2020

10:10 PM Feature #10728 (Closed): Request - widen the columns in VPN > IPSEC > Status > Overview: I am finding that sometimes, the width of the element that encompasses all the columns isn't enough to show the "conn... A P
08:30 PM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: Thanks for the detailed instructions Gavin.
I pushed a fix which should do the right thing in this case.
Please... Luiz Souza
03:21 PM Bug #10726: Sticky-connections option is bugged - sticky-address cannot be redefined: It looks like, that bug has not been resolved since 8 years..
https://redmine.pfsense.org/issues/2493 Fritz Lakritz
08:11 AM Bug #10726: Sticky-connections option is bugged - sticky-address cannot be redefined: seems pfctl icmp-type + sticky-address issue,
but only if you select icmp message types (icmp any works fine),
same... Viktor Gurov
07:22 AM Bug #10726 (New): Sticky-connections option is bugged - sticky-address cannot be redefined: As already described in https://forum.netgate.com/topic/154821/strange-firewall-rules-behaviour-with-sticky-connectio... Fritz Lakritz
02:02 PM Revision 9544cf66: Gateway down policy rule fix. Issue #10716: Viktor Gurov
01:03 PM Revision c4fc5142: Limiter default bw type in Mbit/s. Implements #10727: Viktor Gurov
12:11 PM pfSense Packages Bug #10693: pfSense Bind Zone Editor UI does not update zone serial number when a change is made: Viktor Gurov wrote:
> > The broken behavior is observed with Bind package 9.14_4
>
> did it work differently befo... Jeffrey Altman
11:47 AM pfSense Packages Bug #10693: pfSense Bind Zone Editor UI does not update zone serial number when a change is made: > The broken behavior is observed with Bind package 9.14_4
did it work differently before?
you need to manually c... Viktor Gurov
12:06 PM pfSense Packages Feature #8188 (Resolved): Support response policy zones in bind package: merged in 9.12 Viktor Gurov
10:47 AM Feature #10696 (Resolved): status.php: Add config history: works as expected on 2.5.0.a.20200703.1850
Config History file content:... Viktor Gurov
10:31 AM Revision 00bf92ce: Shaper check prio only for CBQ/FAIRQ/PRIQ. Issue #1353: Viktor Gurov
08:05 AM Feature #10727: Limiter bw type in Mbit/s: https://github.com/pfsense/pfsense/pull/4388 Viktor Gurov
07:47 AM Feature #10727 (Resolved): Limiter bw type in Mbit/s: https://forum.netgate.com/topic/154812/limiter-bandwidth-type-default:
Just a suggestion, might make the default Mbi... Viktor Gurov
05:33 AM Bug #1353: Number of queues possible: Check for priority value duplication only for CBQ/FAIRQ/PRIQ queues:
https://github.com/pfsense/pfsense/pull/4387
... Viktor Gurov
04:28 AM pfSense Packages Feature #10725: Squid disable multiple login sessions: https://github.com/pfsense/FreeBSD-ports/pull/891 Viktor Gurov
12:27 AM pfSense Packages Feature #10725 (Resolved): Squid disable multiple login sessions: https://forum.netgate.com/topic/154741/squid-disable-multiple-sessions:
Hello, I want to set a server running pfsens... Viktor Gurov
04:04 AM pfSense Packages Bug #10692: PIMD starts twice at boot: Viktor,
"many thanks!!"
I did install PIMD again and will test it as soon as the fix is in the snapshots
... Louis B
02:50 AM pfSense Packages Bug #10692: PIMD starts twice at boot: Louis van Breda wrote:
> Hello,
>
> I just discoverd a critical error in the pfSense boot sequence.
> - Indepen... Viktor Gurov
03:00 AM Bug #7378 (Resolved): pfctl: ix0: driver does not support altq: Tested okay on SG-5100. Luiz Souza
01:40 AM Bug #9383 (Feedback): dhcpleases kqueue error: Fixed in dhcpleases-0.5. Luiz Souza
12:43 AM Revision c968ef7e: Make sure dhcpleases is killed before writing the hosts file.: Needs to happen before fopen($hosts, "w") as it is going to truncate the file
and that breaks the tracking of hosts s... Luiz Souza

07/03/2020

04:43 PM Revision 5fe8efc2: Allowed Hostnames add/delete multiple A entries. Fixes #10724: Viktor Gurov
03:41 PM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: I just ran into this today. I was using IP addresses for the bookkeeper. She finally got a hostname with DynDNS.
... Rob Shiras
11:46 AM Bug #10724: Allowed Hostnames adds/deletes only one A entry: https://github.com/pfsense/pfsense/pull/4386 Viktor Gurov
11:41 AM Bug #10724 (Resolved): Allowed Hostnames adds/deletes only one A entry: If you add a hostname on services_captiveportal_hostname.php page,
it adds only single IP (A entry) from DNS answer,... Viktor Gurov
10:03 AM Bug #10716: Policy routing rules are not written correctly for a down gateway: But it sets the value of the gateway variable to 'empty' as Jim commented above so that's OK. Steve Wheeler
09:47 AM Bug #10716: Policy routing rules are not written correctly for a down gateway: Tested this patch. It corrects the 'Skip rules when gateway is down' setting but not the default 'omit gateway from t... Steve Wheeler
02:44 AM Bug #10716: Policy routing rules are not written correctly for a down gateway: Jim Pingle wrote:
> Having @$GWGW2@ on the rule when the content of @$GWGW2@ is empty is fine. That effectively mean... Viktor Gurov
09:05 AM Bug #3039 (Feedback): New vouchers doesn't sync with CARP slave: already merged Viktor Gurov
07:11 AM Feature #9876: PFsense on KVM: Web interface hint to disable "Hardware Checksum Offloading": https://github.com/pfsense/pfsense/pull/4384
see also #10723 Viktor Gurov
07:11 AM Feature #10723: Disable "Hardware Checksum Offloading" if VM is detected: https://github.com/pfsense/pfsense/pull/4385 Viktor Gurov
07:07 AM Feature #10723 (Resolved): Disable "Hardware Checksum Offloading" if VM is detected: It would be better to disable "Hardware Checksum Offloading" on first boot if a VM system is detected
Viktor Gurov
06:30 AM Feature #3031: Message is false after changing Hardware Checksum Offloading setting: https://github.com/pfsense/pfsense/pull/4384 Viktor Gurov
06:01 AM Revision 6fab11cc: Setup Wizard DNS IPv6 support. Fixes #10720: Viktor Gurov
03:20 AM pfSense Packages Feature #9852: show File-Store directory listing: + https://www.joesandbox.com/
+ https://opentip.kaspersky.com/ Viktor Gurov
01:05 AM Bug #10720: Setup Wizard DNS Server validation JavaScript incorrectly claims IPv6 address is invalid: Fix:
https://github.com/pfsense/pfsense/pull/4382
TODO #3087 Viktor Gurov

07/02/2020

11:35 PM Bug #9459 (Feedback): patch pf: silence a runtime warning pfr_update_stats: assertion failed.: This fix is already merged to 2.5 sources.
Should not be an issue anymore, please confirm with a newer snapshot. Luiz Souza
11:15 PM Bug #3488 (Feedback): Deleting an interface doesn't delete associated shaper queues: PR merged. Luiz Souza
09:00 PM Bug #10722 (Duplicate): Update jQuery to 3.5.1: In bug #9407, jQuery was updated to 3.4.1.
However, jQuery 3.5.1 fixes two security issues, one of which is a cros... Logan Marchione
06:31 PM Revision 5ed493d8: Block additional Captive Portal Logins. Implements #9432: Viktor Gurov
01:20 PM Revision 8b348d2b: Fix indenting: Steve Beaver
09:15 AM pfSense Packages Bug #10721 (Rejected): PHP Startup: Unable to load dynamic library 'readline.so': That is not a bug, but a problem with your installation.
This site is not for support or diagnostic discussion.
... Jim Pingle
09:14 AM pfSense Packages Bug #10721 (Rejected): PHP Startup: Unable to load dynamic library 'readline.so': Crash report begins. Anonymous machine information:
amd64
11.2-RELEASE-p10
FreeBSD 11.2-RELEASE-p10 #9 4a2bfdce... Vincenzo Pace
08:51 AM Bug #10720 (Resolved): Setup Wizard DNS Server validation JavaScript incorrectly claims IPv6 address is invalid: In the setup wizard, if a user places an IPv6 address in the primary or secondary DNS server box, a JavaScript popup ... Jim Pingle

07/01/2020

08:16 PM Revision 32750350: Fix typo in comment: Steve Beaver
08:08 PM Revision 2cff9cf0: Revise return_gateways_array() to include the tier name in hte returned array. This avoids the need to call the function for every gateway in the array and makes life easier for system_gateways.php, which no longer needs to call multiple functions to get the display information.: Steve Beaver
03:30 PM Revision 5a764497: Fix indenting: Steve Beaver
03:27 PM Revision 8326101f: Fixed #10719 by adding tooltips and help text: Steve Beaver
12:31 PM Bug #10650: OpenVPN TCP in 2.4.5-p1 not working: I was hit by the same issue, taking the code from the PR worked but it was a bit unfortunate to go to what appeared t... Scott Zawalski
10:35 AM Bug #10719 (Feedback): Gateway page displays mystery icons: Applied in changeset commit:8326101f42ec638533f6a0831a6dac4f1c5aa279. Anonymous
10:10 AM Bug #10719 (Resolved): Gateway page displays mystery icons: system_gateways.php displays various icons in the gateway table without indicating what they mean.
Help text and t... Anonymous
09:22 AM Feature #9432 (Pull Request Review): Block additional Captive Portal Logins: Jim Pingle
09:14 AM Bug #10716: Policy routing rules are not written correctly for a down gateway: Having @$GWGW2@ on the rule when the content of @$GWGW2@ is empty is fine. That effectively means the gateway is not ... Jim Pingle
05:50 AM Feature #10718: Email notifications - add new field to enter a from: name: Currently email notifications have a "from name" of "Firewall Email Report". It would be nice to have a field to cust... Joseph McGuirl
05:49 AM Feature #10718 (New): Email notifications - add new field to enter a from: name: Currently email notifications have a "from name" of "Firewall Email Report". It would be nice to customize this to s... Joseph McGuirl

06/30/2020

01:48 PM Bug #9476 (Rejected): pfSense 2.4.x sending ARP replies with non-CARP source MAC address: I'm closing this ticket because the requested functionality cannot be implemented with the current CARP support in Fr... Luiz Souza
01:22 PM Bug #10717 (Rejected): Dynamic DNS update uses wrong interface for request; updates fail: Really doesn't have anything to do with Dynamic DNS but how routing works in general from the firewall itself, and it... Jim Pingle
01:16 PM Bug #10717 (Rejected): Dynamic DNS update uses wrong interface for request; updates fail: Configuration:
Multi-WAN with interfaces including:
- "COMCASTBUSINESS" (static IP, interface em0)
- "COMCASTHOM... David Gilmour
11:37 AM Bug #10716 (Resolved): Policy routing rules are not written correctly for a down gateway: There are two options for the behaviour of policy routing rules that reference a gateway that is down.
The default b... Steve Wheeler
08:30 AM Feature #9432: Block additional Captive Portal Logins: https://github.com/pfsense/pfsense/pull/4381 Viktor Gurov
07:52 AM Feature #2146: Allow concurrent logins when using vouchers: Jim Pingle wrote:
> We can try this but I seem to remember a problem with this in the past. If I recall correctly it... Viktor Gurov
12:17 AM Bug #10712: "default allow LAN IPv6 to any" rule does not work right after boot when using IPv6 PD: This can also be reproduced by reinstalling the Suricata package. In addition to the workaround posted in the bug, yo... Offstage Roller

06/29/2020

04:25 PM Bug #9577: radvd send_ra_forall failed on interface / can't join ipv6-allrouters: > The patch should resolve the issue until PR #773 gets incorporated.
>
> I have had installs run for more tha... Michael Geiger
02:12 PM Revision c82a10a8: Merge pull request #4350 from vktg/ipsecgwdescr: Renato Botelho
02:11 PM Revision d2f18281: Merge pull request #4379 from vktg/clearl2tpsecret: Renato Botelho
02:11 PM Revision 69858120: Merge pull request #4380 from vktg/dhcrelayovpntap: Renato Botelho
02:11 PM Revision 7eac01f9: Merge pull request #4377 from vktg/dhcpv6lifetimecheck: Renato Botelho
12:37 PM Bug #10713: assigning a virtual IPv6 IP to an interface that has IPv6 PD track interface enabled makes the Virtual IP the primary IP after reboot: I should add, the reason why I was using a Virtual IP here is that this is currently the only way of assigning multip... Robby Moeyaert
04:56 AM Bug #10713 (Duplicate): assigning a virtual IPv6 IP to an interface that has IPv6 PD track interface enabled makes the Virtual IP the primary IP after reboot: https://forum.netgate.com/topic/154856/multiple-ipv6-bugs-quirks-in-pfsense:
Situation: you have a LAN interface tha... Viktor Gurov
12:04 PM Revision 7890aeda: Merge pull request #4375 from vktg/nat11extip: Renato Botelho
09:16 AM Bug #10709: services_router_advertisements.php: radvd won't start if Default valid lifetime is less than Default preferred lifetime: That was super quick. Thanks a lot! Mike Murdoch
09:12 AM Bug #10709 (Feedback): services_router_advertisements.php: radvd won't start if Default valid lifetime is less than Default preferred lifetime: PR has been merged. Thanks! Renato Botelho
07:59 AM Bug #10709 (Pull Request Review): services_router_advertisements.php: radvd won't start if Default valid lifetime is less than Default preferred lifetime: Jim Pingle
01:00 AM Bug #10709: services_router_advertisements.php: radvd won't start if Default valid lifetime is less than Default preferred lifetime: Fix:
https://github.com/pfsense/pfsense/pull/4377 Viktor Gurov
09:12 AM Feature #10711 (Feedback): Allow to use OpenVPN TAP interfaces in DHCP Relay: PR has been merged. Thanks! Renato Botelho
07:57 AM Feature #10711 (Pull Request Review): Allow to use OpenVPN TAP interfaces in DHCP Relay: Jim Pingle
06:26 AM Feature #10711: Allow to use OpenVPN TAP interfaces in DHCP Relay: https://github.com/pfsense/pfsense/pull/4380 Viktor Gurov
03:32 AM Feature #10711 (Resolved): Allow to use OpenVPN TAP interfaces in DHCP Relay: https://forum.netgate.com/topic/154867/dhcp-relay-and-vpn
OpenVPN TAP interfaces can be used by dhcrelay Viktor Gurov
09:12 AM Bug #10710 (Feedback): L2TP secret uses empty value: PR has been merged. Thanks! Renato Botelho
07:56 AM Bug #10710 (Pull Request Review): L2TP secret uses empty value: Jim Pingle
03:05 AM Bug #10710: L2TP secret uses empty value: Fix:
https://github.com/pfsense/pfsense/pull/4379 Viktor Gurov
03:03 AM Bug #10710 (Resolved): L2TP secret uses empty value: If you set the L2TP shared secret and then remove it,
an empty value will still be used in mpd.conf:... Viktor Gurov
09:12 AM Feature #7095 (Feedback): Improve Remote Gateway field description for IPSec VPN Phase 1: PR has been merged. Thanks! Renato Botelho
09:11 AM Revision d191d35d: Allow to use OpenVPN TAP interfaces in DHCP Relay. Implements #10711: Viktor Gurov
08:32 AM Feature #9432 (New): Block additional Captive Portal Logins: that's a different issue, see https://forum.netgate.com/topic/136995/one-voucher-per-device Viktor Gurov
08:05 AM Bug #10703 (Pull Request Review): OpenVPN copy doesn't save auth_pass: Jim Pingle
01:46 AM Bug #10703: OpenVPN copy doesn't save auth_pass: https://github.com/pfsense/pfsense/pull/4378 Viktor Gurov
08:04 AM Revision 58b9baee: L2TP empty secret fix. Issue #10710: Viktor Gurov
07:05 AM Feature #7705 (Feedback): Support dynamic interface address for 1:1 NAT: PR has been merged. Thanks! Renato Botelho
05:58 AM Revision 1d0608f3: RA lifetime input validation. Fixes #10709: Viktor Gurov
05:01 AM Bug #10715 (New): DHCPv6 relay always uses the "first" IPv6 address of an interface: https://forum.netgate.com/topic/154856/multiple-ipv6-bugs-quirks-in-pfsense:
Situation: you have multiple IPv6 addre... Viktor Gurov
04:58 AM Bug #10714 (New): radvd only gives out the prefix of the "first" IPv6 address of an interface: https://forum.netgate.com/topic/154856/multiple-ipv6-bugs-quirks-in-pfsense:
Situation: When multiple prefixes are a... Viktor Gurov
04:54 AM Bug #10712 (New): "default allow LAN IPv6 to any" rule does not work right after boot when using IPv6 PD: https://forum.netgate.com/topic/154856/multiple-ipv6-bugs-quirks-in-pfsense:
Quite simply, you boot, you get an IPv6... Viktor Gurov
02:48 AM pfSense Packages Bug #10700: not all VPN IPs added with vpnaddresses option: Suricata 4 PR:
https://github.com/pfsense/FreeBSD-ports/pull/889 Viktor Gurov

06/28/2020

02:05 PM Bug #10702: Todays Snapshot System does crash and does not start any more: Louis- There are no problems with the snapshots on my end either. I try to test every release that comes out. Pleas... Chris Palmer
12:35 PM Bug #10702: Todays Snapshot System does crash and does not start any more: Jim,
It is not related to PIMD. In the past week I had many crashes related to swithing interfaces on or off yes o... Louis B
05:50 AM Bug #10709 (Resolved): services_router_advertisements.php: radvd won't start if Default valid lifetime is less than Default preferred lifetime: Hello,
the user interface allows the `Default valid lifetime` field to be set to a lower value than `Default prefe... Mike Murdoch

06/27/2020

01:49 PM Bug #10702: Todays Snapshot System does crash and does not start any more: Jim,
I can easely reproduce this issue on a running system:
- disable on of the interfaces
- stop pimd (e.g. pim... Louis B
06:44 AM Revision e5e7d84c: Support dynamic interface address for 1:1 NAT. Implements #7705: Viktor Gurov
12:52 AM Bug #10708: ZFS bootpool boot symlink issue: To clarify: upon upgrade a physical directory called boot is created in the zroot pool over the symlink... Paul Magid
12:49 AM Bug #10708 (New): ZFS bootpool boot symlink issue: Using 2.5.0-DEVELOPMENT when I do an install that creates a zfs mirror (MBR), the boot directory is actually a symlin... Paul Magid

06/26/2020

07:06 PM Bug #9277 (New): MBT-4220/2220: pfSense hangs when running sysctl -a: It looks like this might be a problem with the way the dashboard system information widget reads the sysctls when you... Steve Wheeler
04:00 PM Revision 523d8c3f: Merge pull request #4175 from vktg/importpkcs12: Renato Botelho
04:00 PM Revision e6a82348: Merge pull request #4240 from Kapmeister/master: Renato Botelho
03:54 PM Revision 9e2f1840: Merge pull request #4376 from travisboss/master: Renato Botelho
03:51 PM Revision 9561664d: Merge pull request #4374 from vktg/eoipfwproto: Renato Botelho
03:50 PM Revision 642783a2: Merge pull request #4373 from vktg/syncfwruledescrfix: Renato Botelho
03:50 PM Revision e396e963: Merge pull request #4372 from vktg/ipv6subnet11natfix: Renato Botelho
03:49 PM Revision e0db41c0: Merge pull request #4371 from vktg/statusconfhistory: Renato Botelho
01:29 PM pfSense Packages Bug #10697 (Feedback): Missing New Line After NCP Parameter in Client Config: PR has been merged. Thanks! Renato Botelho
11:34 AM pfSense Packages Bug #8688 (Feedback): Pass List Snort: PR has been merged. Thanks! Renato Botelho
11:32 AM pfSense Packages Bug #10700 (Feedback): not all VPN IPs added with vpnaddresses option: PR has been merged. Thanks! Renato Botelho
11:30 AM pfSense Packages Bug #10552 (Feedback): Typo in OpenBGPD's settings page: PR has been merged. Thanks! Renato Botelho
11:00 AM Feature #8645 (Feedback): Upload certificate file instead of pasting: PR has been merged. Thanks! Renato Botelho
11:00 AM Feature #10354 (Feedback): Telegram Notification Support: PR has been merged. Thanks! Renato Botelho
10:54 AM Feature #10696 (Feedback): status.php: Add config history: PR has been merged. Thanks! Renato Botelho
10:54 AM Bug #7742 (Feedback): 1:1 NAT for IPv6 applies wrong subnet mask to "Single Host": PR has been merged. Thanks! Renato Botelho
10:54 AM Bug #1478 (Feedback): some characters in FW rule descriptions do not sync properly: PR has been merged. Thanks! Renato Botelho
10:54 AM Feature #10698 (Feedback): Allow to select EoIP protocol: PR has been merged. Thanks! Renato Botelho
10:54 AM Bug #10705 (Feedback): Difficult to see multiple selection form-control: PR has been merged. Thanks! Renato Botelho
08:14 AM Bug #10705 (Pull Request Review): Difficult to see multiple selection form-control: Jim Pingle
09:58 AM Bug #10706: Kernel route table entries are removed if they match disabled static route entries: Jim Pingle wrote:
> You shouldn't have static routes for OpenVPN networks, they have to be managed by OpenVPN.
I ... Christian Fertig
08:13 AM Bug #10706 (Not a Bug): Kernel route table entries are removed if they match disabled static route entries: You shouldn't have static routes for OpenVPN networks, they have to be managed by OpenVPN.
Disabled routes are cle... Jim Pingle
04:01 AM Bug #10706: Kernel route table entries are removed if they match disabled static route entries: In my case test system is a SG-3100 with 2.4.5-RELEASE-p1 (arm) Christian Fertig
04:00 AM Bug #10706 (Resolved): Kernel route table entries are removed if they match disabled static route entries: Hi,
this is the ticket for this forum post https://forum.netgate.com/topic/149330/disabled-static-route-deletes-op... Christian Fertig
06:51 AM pfSense Docs Correction #10707 (Resolved): Feedback on Backup and Restore — Automatically Restore a pfSense Configuration During Installation: *Page:* https://docs.netgate.com/pfsense/en/latest/backup/restore-during-install.html
*Feedback:*
Hello,
I ... Louis B

06/25/2020

11:52 PM Revision d1c779e0: enhance the look of form-control multiple select: Travis Boss
07:51 PM Bug #10705: Difficult to see multiple selection form-control: https://github.com/pfsense/pfsense/pull/4376 Anonymous
06:51 PM Bug #10705 (Resolved): Difficult to see multiple selection form-control: pfsense-BETA-dark
Specifically in Avahi, it is hard to see what interfaces you have selected due to the grays bein... Anonymous
02:44 PM Bug #10699 (Needs Patch): CRL php error: I am able to reproduce the crash with the CA provided by OP. Crash happens on 2.4.5-p1 and 2.5.0. It appears to be du... Jim Pingle
10:46 AM Bug #10699: CRL php error: Continuing the discussion here: https://forum.netgate.com/topic/154788/crl-don-t-works/ Jim Pingle
10:25 AM Bug #10699: CRL php error: Jim Pingle wrote:
> Nothing looks obviously wrong in that, but still it's confusing the CRL routines somehow.
>
>... Dario Martino
09:52 AM Bug #10699: CRL php error: Nothing looks obviously wrong in that, but still it's confusing the CRL routines somehow.
If you don't mind to sen... Jim Pingle
09:04 AM Bug #10699: CRL php error: Nothing seems wrong in my CA:
#openssl rsa -in pfsense.pter.it.key -check -noout
RSA key ok
#openssl x509 -in ... Dario Martino
08:38 AM Bug #10699: CRL php error: Hi Jim,
thanks for your reply.
Jim Pingle wrote:
> That looks like a problem with your certificate. It can't rea... Dario Martino
07:49 AM Bug #10699 (Feedback): CRL php error: That looks like a problem with your certificate. It can't read the time stamp from the certificate data.
Can you a... Jim Pingle
05:01 AM Bug #10699 (Needs Patch): CRL php error: Hello,
I have a php error when I try to add a certificate issued for openvpn client to a CRL. I can create the CRL, ... Dario Martino
01:55 PM Bug #10702: Todays Snapshot System does crash and does not start any more: We constantly monitor the forum, that is not a concern. Jim Pingle
01:40 PM Bug #10702: Todays Snapshot System does crash and does not start any more: Jim
the reason to post it here, is that I was very afraid that other people would become in trouble
And depending... Louis B
01:30 PM Bug #10702: Todays Snapshot System does crash and does not start any more: You should post these kinds of things on the forum and not here. That is the proper place to discuss and diagnose wha... Jim Pingle
01:25 PM Bug #10702: Todays Snapshot System does crash and does not start any more: Jim,
I did a new install using the today 650 snapshot, since the update had failed.
Then I installed the config f... Louis B
09:48 AM Bug #10702: Todays Snapshot System does crash and does not start any more: See my previous comment. That is most likely a problem with your installation, not a bug in the snapshots. Main suspe... Jim Pingle
09:39 AM Bug #10702: Todays Snapshot System does crash and does not start any more: Hereby two fotos captured via mobile using the "KVM-switch". Perhaps helpfull.
Louis Louis B
09:34 AM Bug #10702 (Not a Bug): Todays Snapshot System does crash and does not start any more: No problems here on the latest snapshot. That seems more like you have a local failure (perhaps a storage problem or ... Jim Pingle
08:37 AM Bug #10702 (Not a Bug): Todays Snapshot System does crash and does not start any more: Hello,
Two hours ago I did upgrade to latest snapshot, during the related reboot the system never came back.
I ... Louis B
01:37 PM Bug #8890: Register DHCP leases in the DNS Resolver has no effect: Oh man, I hit this bug today bigtime on a 2.4.4-p3 system. Took awhile to figure out why DNS was resolving incorrectl... → luckman212
01:11 PM pfSense Packages Bug #10692: PIMD starts twice at boot: With "the patch emulated" (by stopping pimd, disabling and anabling interfaced, stating pimd again) it is working mor... Louis B
11:12 AM Bug #10691: Issue with rules (firewall and NAT) being reloaded after changes made: Yes, that's all covered by my previous note.
Kill the firewall states after making a change like that if disconnec... Jim Pingle
11:07 AM Bug #10691: Issue with rules (firewall and NAT) being reloaded after changes made: A SSH connection is also held open after the NAT rule is disabled.
So if there is an unknown breach/connection act... John Weithman
11:08 AM Todo #10704 (Resolved): Work around PHP issues with SSL LDAP and multiple authentication servers: Based on a report from a customer, the PHP environment we have to setup for SSL LDAP clients does not appear to grace... Jim Pingle
10:52 AM Bug #10703: OpenVPN copy doesn't save auth_pass: Copying my note here from github:
The password issue is probably because of the Confirm box on the page, which rea... Jim Pingle
10:50 AM Bug #10703 (Resolved): OpenVPN copy doesn't save auth_pass: This happened to me when I copied a OpenVPN client and only changed the host address. The resulting copy doesn't incl... Viktor Gurov
09:55 AM Feature #7705 (Pull Request Review): Support dynamic interface address for 1:1 NAT: Jim Pingle
09:12 AM Feature #7705: Support dynamic interface address for 1:1 NAT: https://github.com/pfsense/pfsense/pull/4375 Viktor Gurov
08:30 AM Revision b0ecf4e1: Allow to select EoIP protocol. Implements #10698: Viktor Gurov
07:46 AM pfSense Packages Bug #10700 (Pull Request Review): not all VPN IPs added with vpnaddresses option: Jim Pingle
05:19 AM pfSense Packages Bug #10700: not all VPN IPs added with vpnaddresses option: https://github.com/pfsense/FreeBSD-ports/pull/888 Viktor Gurov
05:05 AM pfSense Packages Bug #10700 (Resolved): not all VPN IPs added with vpnaddresses option: Suricata uses filter_get_vpns_list() to get vpnaddresses list
filter_get_vpns_list() returns only:
IPsec Mobile I... Viktor Gurov
07:45 AM pfSense Packages Bug #10552 (Pull Request Review): Typo in OpenBGPD's settings page: Jim Pingle
05:00 AM pfSense Packages Bug #10552: Typo in OpenBGPD's settings page: Fix:
https://github.com/pfsense/FreeBSD-ports/pull/887 Viktor Gurov
07:44 AM Feature #10698 (Pull Request Review): Allow to select EoIP protocol: Jim Pingle
03:31 AM Feature #10698: Allow to select EoIP protocol: https://github.com/pfsense/pfsense/pull/4374 Viktor Gurov
03:30 AM Feature #10698 (Resolved): Allow to select EoIP protocol: Allow to select EoIP (97 or etherip in FreeBSD) protocol in the Protocol drop-down menu
See https://tools.ietf.org... Viktor Gurov
07:43 AM Bug #1478 (Pull Request Review): some characters in FW rule descriptions do not sync properly: Jim Pingle
02:36 AM Bug #1478: some characters in FW rule descriptions do not sync properly: https://github.com/pfsense/pfsense/pull/4373 Viktor Gurov
07:40 AM pfSense Packages Bug #10697 (Pull Request Review): Missing New Line After NCP Parameter in Client Config: Jim Pingle
01:31 AM pfSense Packages Bug #10697: Missing New Line After NCP Parameter in Client Config: https://github.com/pfsense/FreeBSD-ports/pull/809 Viktor Gurov
01:31 AM pfSense Packages Bug #10697 (Resolved): Missing New Line After NCP Parameter in Client Config: "auth alg" digest algorithm client config parameter is erroneously merged into the same config line as the "ncp-disab... Viktor Gurov
07:38 AM Bug #7742 (Pull Request Review): 1:1 NAT for IPv6 applies wrong subnet mask to "Single Host": Jim Pingle
01:19 AM Bug #7742: 1:1 NAT for IPv6 applies wrong subnet mask to "Single Host": Fix:
https://github.com/pfsense/pfsense/pull/4372 Viktor Gurov
07:36 AM Bug #10701: Firewall Log too wide with Rule Description Column: That's because you have the rule descriptions as a column instead of an extra row. There is no way that is all going ... Jim Pingle
05:41 AM Bug #10701 (New): Firewall Log too wide with Rule Description Column: Hello,
I just noticed that at least with systemlog firewall the layout does not fit inside the page any more. May ... Louis B
07:33 AM Revision 1660f4b3: Sync filter CDATA encoded descr fields. Fixes #1478: Viktor Gurov
06:17 AM Revision 91efd993: 1:1 NAT IPv6 subnet mask fix. Issue #7742: Viktor Gurov
03:14 AM pfSense Packages Bug #8688: Pass List Snort: Snort 3.x (pfSense 2.4.5) PR:
https://github.com/pfsense/FreeBSD-ports/pull/886 Viktor Gurov
02:56 AM pfSense Packages Bug #10679 (Resolved): Squid reverse proxy CA cert without prv key: squid pkg 0.4.44_28 shows CA without private key on the Squid Reverse Proxy configuration page Viktor Gurov

06/24/2020

11:56 PM Todo #10533: Change default domain for new installations from "localdomain" to "home.arpa": I'd suggest one of the following instead, since many pfSense installs are not used in home environments.
https://... → luckman212
05:35 PM Bug #10666: DHCP Server sends NAK messages for declined offers: Hi Jim,
Thanks for your feedback. For future reference, by reading the ISC DHCP manual I found this configuration ... Alfredo Pironti
03:31 PM Bug #9476: pfSense 2.4.x sending ARP replies with non-CARP source MAC address: Viktor Gurov wrote:
> See #6957 and https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=141023#c4:
> _According to RF... Marc H
09:58 AM Bug #9476: pfSense 2.4.x sending ARP replies with non-CARP source MAC address: See #6957 and https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=141023#c4:
_According to RFC826, which is current st... Viktor Gurov
02:29 PM Revision 26516e8a: Remove Zabbix 4.2 support: Zabbix 4.2 ports were removed from the FreeBSD ports tree (End of Life).
(cherry picked from commit c38796f133762b41... Danilo Baio
02:29 PM Revision a3dea116: Merge pull request #4365 from dbaio/zabbix42-eol: Renato Botelho
02:27 PM Revision 34185e00: Merge pull request #4359 from bmhughes/frr-enable-snmp: Renato Botelho
02:27 PM Revision 6cfebd7d: Merge pull request #4358 from vktg/shaperpriqcheck: Renato Botelho
02:27 PM Revision 6e4fa0a5: Merge pull request #4361 from vktg/dhcpnewlinefix: Renato Botelho
02:27 PM Revision 880cc378: Merge pull request #4362 from vktg/pf25rtwnregexp: Renato Botelho
02:26 PM Revision e0c955a6: Merge pull request #4368 from vktg/usercertsel: Renato Botelho
02:26 PM Revision 56ff6c6d: Merge pull request #4367 from vktg/noshowgw: Renato Botelho
02:26 PM Revision e3b8be57: Merge pull request #4366 from vktg/rfc2307userdn: Renato Botelho
02:26 PM Revision 4874d203: Merge pull request #4363 from vktg/wifi40mhz: Renato Botelho
02:25 PM Revision 8f5f783e: Merge pull request #4370 from vktg/is_subnet_rfc4291par222: Renato Botelho
02:25 PM Revision bc4c5791: Merge pull request #4199 from vktg/rarouter: Renato Botelho
02:05 PM Revision db95baf1: status.php: Add config history. Implements #10696: Viktor Gurov
09:37 AM Feature #10696 (Pull Request Review): status.php: Add config history: Jim Pingle
09:01 AM Feature #10696: status.php: Add config history: https://github.com/pfsense/pfsense/pull/4371 Viktor Gurov
08:49 AM Feature #10696: status.php: Add config history: source:src/etc/rc.restore_config_backup has some code that could probably be reused for this. Jim Pingle
05:13 AM Feature #10696 (Resolved): status.php: Add config history: Add get_backups() output formatted as Diagnostics / Backup & Restore / Config History to the status_output.tgz file Viktor Gurov
09:34 AM pfSense Packages Feature #10689 (Feedback): Squid Reverse proxy IPv6 and HA support: PR has been merged. Thanks! Renato Botelho
09:34 AM pfSense Packages Bug #10679 (Feedback): Squid reverse proxy CA cert without prv key: PR has been merged. Thanks! Renato Botelho
09:29 AM Bug #9710 (Feedback): IPv6 RA: prefix option does not contain router address in spite of "R" flag being set: PR has been merged. Thanks! Renato Botelho
09:29 AM Bug #10694 (Feedback): Firewall Alias does not allow an ipv6 network alias in the format x:x:x:x:x:x:d.d.d.d where the 'd's are the decimal values of the four low-order 8-bit pieces of the address (standard IPv4 representation): PR has been merged. Thanks! Renato Botelho
08:56 AM Bug #10694 (Pull Request Review): Firewall Alias does not allow an ipv6 network alias in the format x:x:x:x:x:x:d.d.d.d where the 'd's are the decimal values of the four low-order 8-bit pieces of the address (standard IPv4 representation): Jim Pingle
01:32 AM Bug #10694: Firewall Alias does not allow an ipv6 network alias in the format x:x:x:x:x:x:d.d.d.d where the 'd's are the decimal values of the four low-order 8-bit pieces of the address (standard IPv4 representation): Fix:
https://github.com/pfsense/pfsense/pull/4370 Viktor Gurov
09:29 AM Feature #10678 (Feedback): Allow to select 802.11n channel width (HT): PR has been merged. Thanks! Renato Botelho
09:29 AM Feature #9527 (Feedback): Add ability for LDAP extended query on groups in RFC2307 containers.: PR has been merged. Thanks! Renato Botelho
09:29 AM Feature #885 (Feedback): Show gateway/group IPs on mouseover: PR has been merged. Thanks! Renato Botelho
09:29 AM Feature #10658 (Feedback): Allow to generate ECDSA certs on User Manager page: PR has been merged. Thanks! Renato Botelho
09:29 AM pfSense Packages Bug #10688 (Feedback): Remove Zabbix 4.2 ports: PR has been merged. Thanks! Renato Botelho
09:29 AM Bug #10677 (Feedback): pfSense 2.5 incorrect rtwn(4) wireless regexp: PR has been merged. Thanks! Renato Botelho
09:29 AM Bug #10675 (Feedback): DHCPv6 config not all directives start on a new line as expected: PR has been merged. Thanks! Renato Botelho
09:29 AM Bug #10660 (Feedback): PHP errors in the traffic shaper wizard: PR has been merged. Thanks! Renato Botelho
09:23 AM pfSense Packages Bug #10692: PIMD starts twice at boot: I solved the "no enabled vifs" issue by changing in menu pimd/interfaces/interface binding from default to "Always bi... Louis B
04:49 AM pfSense Packages Bug #10692: PIMD starts twice at boot: Hello,
I did some tests in advance of this patch. I could do that by forcing a reread of the vifs by disabling and... Louis B
07:36 AM Bug #10685: DNS queries of RBLs does not work any more since 2.4.5: Thanks for your reply.
After adding... Manfred Bongard
06:27 AM Revision 35c60e99: is_subnet() RFC4291 par 2.2.2 format support. Fixes #10694: Viktor Gurov
04:49 AM pfSense Packages Bug #10695 (New): FreeRadius Accounting skipping MBs after reboot due to power down: I am running 2.4.5-RELEASE (amd64) version.
I am setting up Captive Portal with FreeRadius to limit users monthly qo... AbdElrahman Eid

06/23/2020

11:00 PM Bug #10694 (Resolved): Firewall Alias does not allow an ipv6 network alias in the format x:x:x:x:x:x:d.d.d.d where the 'd's are the decimal values of the four low-order 8-bit pieces of the address (standard IPv4 representation): Firewall Alias does not allow an ipv6 network alias in the format described by RFC4291 par 2.2.2 in the format x:x:x:... Rick Coats
08:23 PM Revision 58312bfa: Revert "Enable ALTQ on ix interfaces": This reverts commit be22be7a8b2964a3d63852d6e31da7749405bdf9. Renato Botelho
08:03 PM Revision be22be7a: Enable ALTQ on ix interfaces: Renato Botelho
08:02 PM Revision 9ff453fc: Enable ALTQ on ix interfaces: Renato Botelho
07:29 PM Revision 7ab1a0a3: Fix thermal sensors on SG-5100: Renato Botelho
07:29 PM Revision 06b5448a: Fix thermal sensors on SG-5100: Renato Botelho
03:24 PM pfSense Packages Bug #10693 (New): pfSense Bind Zone Editor UI does not update zone serial number when a change is made: /pkg_edit.php?xml=bind_zones.xml&act=edit&id=0
populates the "Serial" field with the serial number of the current... Jeffrey Altman
03:24 PM Bug #7378 (Feedback): pfctl: ix0: driver does not support altq: I've re-enabled it on 2.5.0 snapshots so we can get it tested again Renato Botelho
12:57 PM pfSense Packages Bug #10692 (Confirmed): PIMD starts twice at boot: Hello,
I just discoverd a critical error in the pfSense boot sequence.
- Independed if you have enabled the PIMD... Louis B
11:07 AM Bug #10691 (Not a Bug): Issue with rules (firewall and NAT) being reloaded after changes made: Existing states are not cleared, and your browser is holding open a connection. You would need to close/reopen the br... Jim Pingle
11:01 AM Bug #10691: Issue with rules (firewall and NAT) being reloaded after changes made: Running 2.4.5-RELEASE-p1 (amd64) John Weithman
11:01 AM Bug #10691 (Not a Bug): Issue with rules (firewall and NAT) being reloaded after changes made: I have a web admin page for an email server that I've historically managed after VPN'ing into my network. I wanted to... John Weithman
09:46 AM Revision 039ba57a: Complete IPv6 router address in radvd.conf prefix. Issue #9710: Viktor Gurov
09:20 AM Bug #10532 (Pull Request Review): Mobile PSK users don't have 'mobile-userpool' section: Jim Pingle
02:07 AM Bug #10532: Mobile PSK users don't have 'mobile-userpool' section: Jim Pingle wrote:
> It may be as easy as removing the EAP check at source:src/etc/inc/ipsec.inc#L1596 -- but non-EAP... Viktor Gurov
07:23 AM Revision 91fd7459: Allow to change WiFi channel width. Implements #10678: Viktor Gurov
03:57 AM Bug #10661 (Resolved): pfSense configures fe80::1:1 on lan interface without track6: works fine on 2.5.0.a.20200622.1850 - fe80::1:1 successfully removed from interface after switching from Track Interf... Viktor Gurov
02:56 AM Bug #10690 (New): Not possible to make UFS install on ZFS formatted drive: If you want, to make pfSense UFS install over ZFS formatted drive (previous pfSense installation, for example)
you g... Viktor Gurov

06/22/2020

04:01 PM Bug #10558 (Feedback): Multicast daemons work at boot, but fail if restarted: The most recent snapshot has the latest fix and it appears to work. I can stop and restart pimd without errors. Leavi... Jim Pingle
11:57 AM Bug #10558: Multicast daemons work at boot, but fail if restarted: Anything not directly related to the specific multicast issue caused by the FreeBSD bug does not belong on this issue... Jim Pingle
11:57 AM Bug #10558: Multicast daemons work at boot, but fail if restarted: We are aware, and are in direct communication with the FreeBSD developer who made the commits. I mentioned above alre... Jim Pingle
11:31 AM Bug #10558: Multicast daemons work at boot, but fail if restarted: Hello,
Be aware there were multiple things fixed in FreeBSD and placed in the snapshots. Latest message I got from... Louis B
07:28 AM Bug #10558 (New): Multicast daemons work at boot, but fail if restarted: An additional fix has been added to FreeBSD that we need to pull into snapshots.
https://bugs.freebsd.org/bugzilla... Jim Pingle
01:11 PM Revision e912f0cf: Improve gateways popup. Implements #885: Viktor Gurov
12:54 PM Bug #10680 (Pull Request Review): Improve interface caching when we have many interfaces: Jim Pingle
12:48 PM Feature #9527 (Pull Request Review): Add ability for LDAP extended query on groups in RFC2307 containers.: Jim Pingle
03:07 AM Feature #9527: Add ability for LDAP extended query on groups in RFC2307 containers.: Chris Linstruth wrote:
> I don't think this is quite flexible enough. In the case of FreeIPA, for instance, the posi... Viktor Gurov
12:44 PM Feature #10678 (Pull Request Review): Allow to select 802.11n channel width (HT): Jim Pingle
12:21 PM pfSense Packages Feature #10689 (Pull Request Review): Squid Reverse proxy IPv6 and HA support: Jim Pingle
10:53 AM pfSense Packages Feature #10689: Squid Reverse proxy IPv6 and HA support: https://github.com/pfsense/FreeBSD-ports/pull/885 Viktor Gurov
03:22 AM pfSense Packages Feature #10689 (Resolved): Squid Reverse proxy IPv6 and HA support: allow to listen on IPv4/IPv6/IPv4+IPv6 interfaces, see #8887
and add ability to select CARP interfaces, see #5168 Viktor Gurov
12:04 PM Revision ccb301a4: Allow to generate ECDSA certs on User Manager page. Implements #10658: Viktor Gurov
10:04 AM Bug #10565: WAN_DHCP6 Stuck Pending / Unknown: I am also seeing this issue after upgrading to 2.4.5-RELEASE-p1. The networking seems to be working, but the Gateways... Jeremy Beker
08:06 AM Revision e924485c: Use user DN for RFC2307 membership search. Issue #9527: Viktor Gurov
07:51 AM Bug #10610: Package upgrade or reinstall hangs indefintely on the console: Same issue here. I can reproduce this reliably (any of upgrade, reinstall or fresh install) and and pressing the "Sav... Stefan Beckers
07:36 AM Feature #10658 (Pull Request Review): Allow to generate ECDSA certs on User Manager page: Jim Pingle
07:06 AM Feature #10658: Allow to generate ECDSA certs on User Manager page: https://github.com/pfsense/pfsense/pull/4368 Viktor Gurov
07:33 AM Feature #885 (Pull Request Review): Show gateway/group IPs on mouseover: Jim Pingle
04:51 AM Feature #885: Show gateway/group IPs on mouseover: fixed/improved:
https://github.com/pfsense/pfsense/pull/4367 Viktor Gurov
07:29 AM pfSense Packages Bug #10688 (Pull Request Review): Remove Zabbix 4.2 ports: Jim Pingle
07:27 AM Bug #10687: IPsec / CESA memory issue: If the problem has already been addressed on 12.x there may be nothing more we need to do here. Needs confirmed on a ... Jim Pingle
07:24 AM Bug #10685 (Not a Bug): DNS queries of RBLs does not work any more since 2.4.5: This is due to the change in #9708 on 2.4.5 -- 127.0.0.1 is considered a private result now so you will need to tell ... Jim Pingle
07:11 AM pfSense Packages Bug #10654 (Resolved): Whitelisted domains starting with a dot are ignored: pfSense-pkg-squid 0.4.44_27 - work as expected Viktor Gurov
06:27 AM Feature #8712: QOS on ipsec links: same on FreeBSD 12.1 (pfSense 2.5.0.a.20200621.1850) Viktor Gurov

06/21/2020

07:10 PM Revision c38796f1: Remove Zabbix 4.2 support: Zabbix 4.2 ports were removed from the FreeBSD ports tree (End of Life). Danilo Baio
02:45 PM pfSense Packages Bug #10688: Remove Zabbix 4.2 ports: https://github.com/pfsense/pfsense/pull/4365
https://github.com/pfsense/FreeBSD-ports/pull/884 Danilo Baio
02:42 PM pfSense Packages Bug #10688 (Resolved): Remove Zabbix 4.2 ports: - Remove Zabbix 4.2 ports.
- Fix typos, reported on https://github.com/pfsense/FreeBSD-ports/pull/876
Zabbix 4.2 ... Danilo Baio
08:14 AM Bug #10558: Multicast daemons work at boot, but fail if restarted: Hello,
I am not the only one noticeing that there is still a problem :) So the problem was updated in the FreeBSD ... Louis B
07:40 AM Bug #10687 (Resolved): IPsec / CESA memory issue: We have approximately 30 ipsec tunnels on a netgate SG-3100. We've been getting errors that stop tunnels from coming... Graham Collinson

06/20/2020

01:35 PM Bug #6880: Multiple DHCP6 WAN connections leads to multiple dhcp6c clients: I have the same problem with 2.4.5-p1. Still no fix? Car F
10:23 AM pfSense Docs Correction #10686 (Duplicate): Feedback on Development — Obtaining Panic Information for Developers: *Page:* https://docs.netgate.com/pfsense/en/latest/development/obtaining-panic-information-for-developers.html
*Fe... chris j
09:25 AM Bug #10558: Multicast daemons work at boot, but fail if restarted: Oeps,
I did forget to add two config examples (I did test other PIMD-configs as well).
So here they are.
Louis Louis B
08:09 AM Bug #10558: Multicast daemons work at boot, but fail if restarted: Hello,
I did a lot of tests related to IGMP-proxy and PIMD using snapshot 2.5.0.a.20200620.0050
Dispite what I h... Louis B
09:19 AM Bug #10685 (Not a Bug): DNS queries of RBLs does not work any more since 2.4.5: Since upgrade to 2.4.5, DNS queries of RBLs returned with no answer.
queries on shell:... Manfred Bongard
07:49 AM Bug #10684 (Resolved): RFC 2136 incomplete options: The topic has been dealt with before and marked as done in #1327.
But in the current version, the zone parameter is ... Philip Schmalz

06/19/2020

09:41 PM Revision 51e2d459: Bump up config version to 20.6.: Create an upgrade function to run console_configure() and force an update
of the boot loader settings.
This is inten... Luiz Souza
08:26 PM Bug #10558 (Feedback): Multicast daemons work at boot, but fail if restarted: The fix was merged to pfSense sources.
Please test with the next snapshot. Luiz Souza
03:14 PM pfSense Docs Correction #10683 (Rejected): Feedback on Firewall — Preventing RFC1918 Traffic from Exiting a WAN Interface: You are talking about a completely different issue than that page is describing.
That section describes a method o... Chris Linstruth
03:03 PM pfSense Docs Correction #10683: Feedback on Firewall — Preventing RFC1918 Traffic from Exiting a WAN Interface: Apologies. Just when I was reiterating my thought process on why I opened this feedback issue, I noticed that I swapp... G Mulder
02:43 PM pfSense Docs Correction #10683 (Rejected): Feedback on Firewall — Preventing RFC1918 Traffic from Exiting a WAN Interface: *Page:* https://docs.netgate.com/pfsense/en/latest/firewall/preventing-rfc1918-traffic-from-exiting-a-wan-interface.h... G Mulder
01:41 PM Revision e2e4c0d5: Updated jQuery to 3.5.1 - jQuery-ui does not need to be updated: Steve Beaver
01:02 PM Bug #9647: hn0: driver does not support altq: I tried with todays snapshot and have the same issue.
What can we do next? Greg M
08:24 AM Bug #9647 (New): hn0: driver does not support altq: It should be. I also tested the most recent snapshot from this morning and altq did not work there, either. Jim Pingle
01:08 AM Bug #9647: hn0: driver does not support altq: So I tried with: pfSense-CE-2.5.0-DEVELOPMENT-amd64-20200618-1024
Still same message about ALTQ support. Is this c... Greg M
12:47 PM Revision 66c614af: Fixed #10674 byt replacing .click() with .change(): Steve Beaver
12:39 PM Bug #10682 (Duplicate): Routed IPSEC VTI - Packets with higher MTU (above Interface MTU) are DROPPED, fragmentation is done wrong on the destination LAN Interface: Most likely the same root cause as #7801 Jim Pingle
11:53 AM Bug #10682 (Duplicate): Routed IPSEC VTI - Packets with higher MTU (above Interface MTU) are DROPPED, fragmentation is done wrong on the destination LAN Interface: Hi,
Packets with higher MTU (above the destination LAN's Interface MTU) are DROPPED, after they are fragmented cor... Andrei Boghiu
10:56 AM Bug #9577: radvd send_ra_forall failed on interface / can't join ipv6-allrouters: Ronald Schellberg wrote:
> Attached is a compiled RADVD for 2.5 with the above patch (slightly modified) incorporate... Ronald Schellberg
10:54 AM Bug #10681 (Not a Bug): No PHP errors in syslog: Works fine here, tried a couple systems on snaps from the last couple days (including today's)... Jim Pingle
10:46 AM Bug #10681 (Not a Bug): No PHP errors in syslog: On the latest 2.5.0.a.20200618.1024 I see only daemons log messages in /var/log/system.log (and /var/log/*)
If I i... Viktor Gurov
09:56 AM Bug #10680: Improve interface caching when we have many interfaces: Link to GitHub pull request: https://github.com/pfsense/pfsense/pull/4364 Jonas Christoffersen
09:39 AM Bug #10680 (Resolved): Improve interface caching when we have many interfaces: In interfaces.inc there's a caching system to avoid too many calls to pfSense_interface_listget().
This cache is inv... Jonas Christoffersen
09:10 AM pfSense Packages Bug #10679 (Pull Request Review): Squid reverse proxy CA cert without prv key: Jim Pingle
09:05 AM pfSense Packages Bug #10679: Squid reverse proxy CA cert without prv key: https://github.com/pfsense/FreeBSD-ports/pull/883 Viktor Gurov
08:55 AM pfSense Packages Bug #10679 (Resolved): Squid reverse proxy CA cert without prv key: from https://forum.netgate.com/topic/154504/squid-0-4-44_26-cannot-select-external-ca-s
Currently is not possible to... Viktor Gurov
08:42 AM Todo #10676 (Feedback): JQuery 1.2 < 3.5.0 Multiple XSS From Nessus: Anonymous
08:42 AM Todo #10676: JQuery 1.2 < 3.5.0 Multiple XSS From Nessus: jQuery updated to 3.5.1
jQuery-ui unchanged
Anonymous
08:08 AM Bug #7986: WLAN card no longer properly initialized under 2.4.0: See #10678 for changing channel width from the WebGUI Viktor Gurov
08:07 AM Feature #10678: Allow to select 802.11n channel width (HT): https://github.com/pfsense/pfsense/pull/4363 Viktor Gurov
08:04 AM Feature #10678 (Resolved): Allow to select 802.11n channel width (HT): using `ifconfig -v <wirelessinf> list chan` possible to see supported HT modes:... Viktor Gurov
08:02 AM Bug #10677 (Pull Request Review): pfSense 2.5 incorrect rtwn(4) wireless regexp: Jim Pingle
02:50 AM Bug #10677: pfSense 2.5 incorrect rtwn(4) wireless regexp: https://github.com/pfsense/pfsense/pull/4362 Viktor Gurov
02:48 AM Bug #10677 (Resolved): pfSense 2.5 incorrect rtwn(4) wireless regexp: FreeBSD 12 uses 'rtwn' instead of 'urtwn' for rtwn(4) wireless devices:... Viktor Gurov
08:02 AM Bug #9649 (Resolved): IPv6 6RD Tunnel: Jim Pingle
02:16 AM Bug #9649: IPv6 6RD Tunnel: Thanks for committing the PR. I can confirm that the next snapshot fixes the issue. Ronald Schellberg
07:59 AM Bug #10675 (Pull Request Review): DHCPv6 config not all directives start on a new line as expected: Jim Pingle
12:38 AM Bug #10675: DHCPv6 config not all directives start on a new line as expected: https://github.com/pfsense/pfsense/pull/4361 Viktor Gurov
07:58 AM Bug #9467 (Resolved): vmx(4) interfaces do not have ALTQ support on pfSense 2.5, they had ALTQ support on 2.4: Yep, this looks good on a current snapshot. No errors, rules are loaded, I'm seeing traffic in queues on vmx interfac... Jim Pingle
07:55 AM Bug #10674: Port Forward Address Fields not becoming active in Safari: Applied in changeset commit:66c614af0fc9785a4644c63ac54d178c2285a5ee. Anonymous
07:49 AM Bug #10674 (Feedback): Port Forward Address Fields not becoming active in Safari: Anonymous
07:49 AM Revision 38a65678: pfSense 2.5 rtwn(4) wireless regexp. Fixes #10677: Viktor Gurov
05:59 AM Revision ad543535: Improve Remote Gateway field description for IPSec VPN Phase 1. Implements #7095: Viktor Gurov
05:33 AM Revision 610cbfdc: DHCPv6 config newline fix. Issue #10675: Viktor Gurov
03:46 AM pfSense Packages Feature #8727 (Resolved): Clone button in cron pkg: Cron 0.3.7_4 - works as expected Viktor Gurov
03:44 AM Bug #8464: Wireless USB card does not connect to WiFi automatically after reboot/halt: no such issue with rtwn (TP-LINK TL-WN725N USB) on 2.5.0.a.20200618.1024,
it correctly connects to WiFi after reboot... Viktor Gurov
02:24 AM Feature #10639: Add rtwn(4) wireless support: now it's fine on 2.5.0.a.20200618.1024 (TP-LINK TL-WN725N):... Viktor Gurov
01:51 AM Bug #5325 (Closed): Traffic shaping wizard creates an unloadable rule-set if using HFSC on a LAN interface that is not up when the rules are loaded.: no such issue on the current 2.4.5 or 2.5,
WAN 'download' value from the wizard step2 is used to calculate bandwidth... Viktor Gurov
01:18 AM pfSense Packages Feature #9765 (Resolved): Update iperf package to iperf3: pfSense 2.4.5 and 2.5 use iperf3
see also #10357 Viktor Gurov
01:12 AM pfSense Packages Bug #10611 (Resolved): FRR applies file permissions to missing files: resolved in frr 0.6.6 Viktor Gurov
01:11 AM pfSense Packages Bug #10657 (Resolved): FRR: AS-Path Filter doesn't work anymore: frr 0.6.6 generates a configuration with the correct as-path:... Viktor Gurov

06/18/2020

08:06 PM Bug #9467: vmx(4) interfaces do not have ALTQ support on pfSense 2.5, they had ALTQ support on 2.4: vmx(4) now uses iflib and it seems to support ALTQ by default. this is still an issue ? Luiz Souza
07:41 PM Bug #9649 (Feedback): IPv6 6RD Tunnel: PR committed.
Please test with the next snapshot. Luiz Souza
05:51 PM Bug #10674 (Assigned): Port Forward Address Fields not becoming active in Safari: Anonymous
03:43 PM Bug #10674: Port Forward Address Fields not becoming active in Safari: Tested working on Firefox. Field updates as expected. Kris Phillips
03:29 PM Bug #10674: Port Forward Address Fields not becoming active in Safari: Same on recent 2.5.0. Chris Linstruth
03:25 PM Bug #10674 (Closed): Port Forward Address Fields not becoming active in Safari: When you select a method that should allow address/network/alias input in a NAT Port Forward in Safari, the fields ar... Chris Linstruth
04:30 PM Todo #10676 (Resolved): JQuery 1.2 < 3.5.0 Multiple XSS From Nessus: LocalNetwork / Plugin #136929
Plugin Details
Severity: Medium
ID: 136929
Version: 1.5
Type: remote
Family... Erik Mathis
03:35 PM Bug #10675 (Resolved): DHCPv6 config not all directives start on a new line as expected: In the DHCPv6 config, "prefix6" is not starting on its own new line. Probably the line before is missing a \n at the ... Jim Pingle
03:31 PM Revision 2aba40bd: Bridge with GIF interface bootup fix. Issue #10524: Viktor Gurov
02:52 PM Revision db030401: Enable FRR SNMP AgentX support: Ben Hughes
01:33 PM Revision 1090b1b6: Merge pull request #4354 from vktg/delfe8011: Renato Botelho
01:33 PM Revision 85ccf69c: Merge pull request #4353 from vktg/shaperfix: Renato Botelho
11:26 AM pfSense Packages Bug #10673 (Rejected): Avahi interface list is missing interfaces: Avahi already shows all enabled interfaces
all you need to do is assign and enable the OpenVPN interface Viktor Gurov
10:23 AM pfSense Packages Bug #10673 (Rejected): Avahi interface list is missing interfaces: In avahi_settings.php, there is a list of network interfaces. Mine shows LAN, DMZ, WAN2. The list is missing my "WA... Jeremy 99
10:49 AM Bug #10524 (Pull Request Review): Bridge that includes a GIF interface does not come up at boot: Jim Pingle
10:19 AM Bug #10669 (Not a Bug): v. 2.4.5-RELEASE-p1 (amd64) non working vlans in xen (xcp-ng): After #9548 the test which restricted it before is no longer present. The change suggested on that blog post is no lo... Jim Pingle
09:00 AM pfSense Packages Feature #10441 (Feedback): Integration of bfd daemon: PR has been merged. Thanks! Renato Botelho
08:46 AM Bug #10672 (Not a Bug): PfSense crashes if enable vpn client from the internal network: Not enough info here to classify it as a bug in pfSense specifically. Given the backtrace it looks like an issue with... Jim Pingle
08:13 AM Bug #10672: PfSense crashes if enable vpn client from the internal network: That seems Suricata + bge(4) driver (netmap) issue:... Viktor Gurov
06:17 AM Bug #10672: PfSense crashes if enable vpn client from the internal network: HPE DL360G10
Intel Xeon Bronze 3104 CPU
64GB RAM Dmitry Axelis
06:15 AM Bug #10672 (Not a Bug): PfSense crashes if enable vpn client from the internal network: PfSense crashes if i'm enable the vpn client from the internal network. It doesn't matter which computer, but if I us... Dmitry Axelis
08:45 AM pfSense Packages Bug #10654 (Feedback): Whitelisted domains starting with a dot are ignored: PR has been merged. Thanks! Renato Botelho
08:42 AM pfSense Packages Bug #10611 (Feedback): FRR applies file permissions to missing files: PR has been merged. Thanks! Renato Botelho
08:42 AM pfSense Packages Bug #10657 (Feedback): FRR: AS-Path Filter doesn't work anymore: PR has been merged. Thanks! Renato Botelho
08:33 AM Bug #1353 (Feedback): Number of queues possible: PR has been merged. Thanks! Renato Botelho
08:33 AM Bug #10661 (Feedback): pfSense configures fe80::1:1 on lan interface without track6: PR has been merged. Thanks! Renato Botelho
07:38 AM Bug #10558: Multicast daemons work at boot, but fail if restarted: It requires a new kernel, so no way to reliably test outside of snapshots. We'll pick up the change soon. Jim Pingle
07:21 AM Bug #10558: Multicast daemons work at boot, but fail if restarted: Yep,
Exactly, now we have momentum to get things fixed. If we find a bug lateron the momentum and the timslot is g... Louis B
07:02 AM Bug #10558: Multicast daemons work at boot, but fail if restarted: Jim Pingle wrote:
> I already answered that in comment 23
I myself read his question as: "Is there an option to t... Marc J
07:27 AM Feature #10597 (Resolved): Setting host-uniq for PPPoE: correctly sets Host-Uniq value on 2.5.0.a.20200617.1250:... Viktor Gurov
05:04 AM Feature #6377 (Resolved): 6rd ipv6 tunnel: MTU settings not editable and not correlated to interface MTU (hardcoded to 1280): works as expected on 2.5.0.a.20200617.1250 -
sets the MTU value for '_stf' interface as parent MTU - 20. Viktor Gurov
03:00 AM Feature #6908 (Resolved): Alias copy, sort, search/replace functions: alias copy function works as expected on 2.5.0.a.20200617.1250 Viktor Gurov
02:55 AM Bug #10613 (Resolved): cleanup status_queues.php code: unused code removed
pfSense 2.5.0.a.20200617.1250 Viktor Gurov
02:12 AM Bug #10650 (Resolved): OpenVPN TCP in 2.4.5-p1 not working: no errors on 2.5.0.a.20200617.1250
TCP4/TCP6/TCP-multihome Client/Server tested Viktor Gurov

06/17/2020

10:14 PM Feature #9527: Add ability for LDAP extended query on groups in RFC2307 containers.: I don't think this is quite flexible enough. In the case of FreeIPA, for instance, the posixGroups list the member DN... Chris Linstruth
07:38 PM Revision 21568e75: More complete IPsec close_action conversion. Fixes #10632: Jim Pingle
05:15 PM Bug #9649: IPv6 6RD Tunnel: PR #25 got closed today without being applied. Looks like it may be a while for this Issue to be resolved. Ronald Schellberg
05:14 PM Bug #10671 (New): pfsense 2.4.5_1 does not boot on Gen2 2012R2 HyperV VM: After upgrade to 2.4.5_1, the boot fails with Input/Output error when loading the kernel. Tested on 2 VMs, both suffe... Jan de Groot
04:38 PM Bug #9647 (Resolved): hn0: driver does not support altq: Committed. Luiz Souza
04:37 PM Feature #10639 (Resolved): Add rtwn(4) wireless support: Committed. Thanks! Luiz Souza
04:05 PM Feature #8958: Dynamic DNS - CARP Address: It makes sense to have in pfsense the possibility to select in the Dynamic DNS CARP interface for high availability i... Marcio Gomes
03:16 PM Feature #9155 (Resolved): Add driver bnxt for Broadcom NetXtreme interfaces: Committed. Thanks! Luiz Souza
02:50 PM Revision 03545538: Comment typo: (cherry picked from commit 51b0b50b1931d7809efcaf6a59ae9625f1eb9bff) Jim Pingle
02:50 PM Revision 51b0b50b: Comment typo: Jim Pingle
02:47 PM Bug #10670: Floating rules stopped working after upgrading from version 2.4.4 to version 2.4.5-1: That kind of discussion is best kept on the forum until a bug can be identified, however. There doesn't appear to be ... Jim Pingle
02:29 PM Bug #10670: Floating rules stopped working after upgrading from version 2.4.4 to version 2.4.5-1: Jim Pingle wrote:
> I see no evidence of a general problem here. I checked several 2.4.5-p1 systems I have with floa... Tácio Andrade
02:26 PM Bug #10670 (Not a Bug): Floating rules stopped working after upgrading from version 2.4.4 to version 2.4.5-1: I see no evidence of a general problem here. I checked several 2.4.5-p1 systems I have with floating rules, and all o... Jim Pingle
02:16 PM Bug #10670 (Not a Bug): Floating rules stopped working after upgrading from version 2.4.4 to version 2.4.5-1: I upgraded from version 2.4.4 to version 2.4.5-1 of pfSense this weekend and ended up realizing that all the rules in... Tácio Andrade
02:45 PM Bug #10632 (Feedback): Incorrect swanctl.conf syntax from Child SA Close Action: Applied in changeset commit:21568e753abb092747fddeeda41a9952827b06d1. Jim Pingle
01:07 PM Bug #10632 (In Progress): Incorrect swanctl.conf syntax from Child SA Close Action: This is still not 100% right.
|_. Old |_. New |
| @none@ | @none@ |
| @restart@ | @start@ |
| @clear@ | @none@ ... Jim Pingle
02:15 PM Bug #10558: Multicast daemons work at boot, but fail if restarted: I already answered that in comment 23 Jim Pingle
01:31 PM Bug #10558: Multicast daemons work at boot, but fail if restarted: Louis van Breda wrote:
> Jim,
>
> Very good news!
>
> Is there an option to test it here on my system running ... Marc J
01:29 PM Bug #10558: Multicast daemons work at boot, but fail if restarted: Jim,
Very good news!
Is there an option to test it here on my system running latest snapshotbuild!
(yep I did ... Louis B
01:09 PM Bug #10558: Multicast daemons work at boot, but fail if restarted: Per bz, Fix works and is awaiting review upstream and will be committed to HEAD, then stable/12. Once it's in stable/... Jim Pingle
01:51 PM Revision 36c5c493: Send correct version to prodtrack: Use $g['product_version'] to get running version. The way it was
implemented before was getting version of pfSense-b... Renato Botelho
01:50 PM Revision f0b61754: Send correct version to prodtrack: Use $g['product_version'] to get running version. The way it was
implemented before was getting version of pfSense-b... Renato Botelho
12:07 PM Revision 734848b6: Shaper root queue percent bw fix. Issue #10660: Viktor Gurov
11:54 AM Bug #9311 (Resolved): Captive Portal continues to limit per-user bandwidth when not enabled: works as expected on 2.5.0.a.20200616.1850
now it correctly checks/removes <bwdefaultdn> and <bwdefaultup> Viktor Gurov
11:46 AM Feature #10583 (Resolved): status.php: Add L2TP VPN configuration: works as expected on 2.5.0.a.20200616.1850
status_output.tgz contains L2TP-Configuration.txt with redacted passwor... Viktor Gurov
11:41 AM Bug #10626 (Resolved): get_interface_list() shows _stf (6RD/6to4) interfaces as parent: Renato Botelho wrote:
> PR has been merged. Thanks!
tested on 2.5.0.a.20200616.1850
works as expected, correc... Viktor Gurov
08:15 AM Bug #10660: PHP errors in the traffic shaper wizard: another error after applying PR:... Viktor Gurov
07:13 AM Bug #10660: PHP errors in the traffic shaper wizard: Jim Pingle wrote:
> That is most likely because, as Viktor noted, you tried to use % bandwidth on an interface that ... Viktor Gurov
06:27 AM Bug #10669 (Not a Bug): v. 2.4.5-RELEASE-p1 (amd64) non working vlans in xen (xcp-ng): With version 2.4.4-RELEASE-p3 (amd64) in xcp-ng (xen) hypervisor the non working vlans could be fixed by adding the f... Petri Nikkonen
05:54 AM Bug #9123: Adding/configuring vlan on ixl-devices causes aq_add_macvlan err -53, aq_error 14: Some more data/observations:
* NIC: Intel X710-DA4 (Quad Port 10Gb)
* pfSense version 2.4.4-p3
* One LAGG group (l... Marc L
05:06 AM Bug #10668 (Resolved): curl -T "{file1,file2}" loops forever eating up the RAM: Running pfSense 2.4.5-RELEASE-p1, using curl in ACME certificates Actions list to upload the updated certs from pfSen... robi robi
04:40 AM Bug #10524: Bridge that includes a GIF interface does not come up at boot: Fix:
https://github.com/pfsense/pfsense/pull/4360 Viktor Gurov
01:41 AM Bug #10667 (Resolved): Separator bars on Floating rules do not cover the full table width: separator width is OK on 2.5.0.a.20200616.1850 Viktor Gurov
01:36 AM Feature #9909 (Resolved): Add option to (dis)allow unauthenticated LDAP binds: tested on 2.5.0.a.20200616.1850 + Win2008R2 AD
works as expected - when the "Allow unauthenticated bind" checkbox ... Viktor Gurov

06/16/2020

05:09 PM Revision f06b389e: Apply style and space fixes: Renato Botelho
05:09 PM Revision dd6f5778: Replace pfSense by global var product_name: Renato Botelho
05:09 PM Revision e1fb434d: Add a note to convert it to json_encode: Renato Botelho
05:09 PM Revision a001cffd: Apply style and space fixes: Renato Botelho
05:05 PM Revision 7338ea88: Apply style and space fixes: Renato Botelho
04:58 PM Revision 79b954ec: Replace pfSense by global var product_name: Renato Botelho
04:57 PM Revision cea44261: Add a note to convert it to json_encode: Renato Botelho
04:57 PM Revision 30a79756: Apply style and space fixes: Renato Botelho
04:29 PM Bug #6167: IPsec IPComp not working: Seeing that 2.5 is progressing, any chance this will finally make it?
Not sure what sort of wide, bandwidth-is-no-... Ronald Antony
04:24 PM Feature #8786: Wireguard VPN: Lai Wei-Hwa wrote:
> See these links:
> https://svnweb.freebsd.org/base?view=revision&revision=357986
> https://sv... Ronald Antony
03:49 PM Feature #7332: Provide certificate expiry warning: It's in 2.5.0 snapshots which are still in development. There has not been a 2.5.0 release yet.
There is no 2.5.1,... Jim Pingle
03:33 PM Feature #7332: Provide certificate expiry warning: Hi - What version is this implemented in?
I've got a 2.4.4-RELEASE-p3 and a 2.5.1 pfsense - and I can't see any h... Ian Collins
02:39 PM Bug #10558: Multicast daemons work at boot, but fail if restarted: Jim Pingle wrote:
> I know, I was talking with that developer directly. We would need to test that change locally fi... Marc J
02:12 PM Bug #10558: Multicast daemons work at boot, but fail if restarted: I know, I was talking with that developer directly. We would need to test that change locally first before bringing i... Jim Pingle
01:36 PM Bug #10558: Multicast daemons work at boot, but fail if restarted: Jim Pingle wrote:
> That FreeBSD bug report does appear to be related, we'll try to draw some attention to that.
> ... Marc J
02:09 PM Feature #10597: Setting host-uniq for PPPoE: Hello,
It looks like I found the problem. The solution was quite simple, however it did cost me nearly two days to... Louis B
01:12 AM Feature #10597: Setting host-uniq for PPPoE: Hello,
A few days ago I updated 2.5 and ..... what broke my PPPOE connection (*fatal*). I have a strong verdict th... Louis B
02:09 PM Revision 8b5eda65: Fix column count for floating rules tab. Fixes #10667: (cherry picked from commit f9e656505ef20c8a1f95177e59dfbf4b020d1e3a) Jim Pingle
02:08 PM Revision f9e65650: Fix column count for floating rules tab. Fixes #10667: Jim Pingle
09:15 AM Bug #10667 (Feedback): Separator bars on Floating rules do not cover the full table width: Applied in changeset commit:f9e656505ef20c8a1f95177e59dfbf4b020d1e3a. Jim Pingle
09:07 AM Bug #10667 (Resolved): Separator bars on Floating rules do not cover the full table width: The floating rules tab recently gained a new column, Interfaces, and after that, separator bars do not cover the full... Jim Pingle
06:19 AM Bug #10666: DHCP Server sends NAK messages for declined offers: We do not control the DHCP daemon on that level, that's up to the ISC DHCP daemon. Take it up with them, but I doubt ... Jim Pingle
02:35 AM Bug #10666: DHCP Server sends NAK messages for declined offers: Hi Jim,
Looking at RFC 2131, this actually looks like a legit configuration. Various excerpts of the RFC seem to e... Alfredo Pironti

06/15/2020

08:44 PM Bug #10666 (Rejected): DHCP Server sends NAK messages for declined offers: There is no bug. That is not a valid configuration. You can't have two DHCP servers in one segment. Jim Pingle
06:52 PM Bug #10666 (Rejected): DHCP Server sends NAK messages for declined offers: Test Scenario:
pfSense is configured to host two DHCP servers on the same network segment. Namely, configure two i... Alfredo Pironti
05:45 PM Revision f6e2e5aa: Create meta.conf symlink: Renato Botelho
05:45 PM Revision 18c764f6: Create meta.conf symlink: Renato Botelho
04:09 PM Revision 00177918: Fix implode() param order. Issue #10659: Jim Pingle
03:09 PM Bug #10610: Package upgrade or reinstall hangs indefintely on the console: Just had this issue while upgrading FFR package at one site, initialized from GUI. Open another Tab, go to Services -... Luki TJ
03:03 PM Bug #8429: radvd/IPv6 broken in 2.4.3 when using a LAN bridge: Hello,
this problem still persists. PRTG Syslog is being spammed with:... Edwin T
01:36 PM Revision c2a3954d: Merge pull request #4356 from vktg/gwgroupcheck: Jim Pingle
11:07 AM Todo #10659: PHP: Update to 7.4.x: Reading through the various notes for 7.4 (https://www.php.net/manual/en/migration74.php), the only bits which stand ... Jim Pingle
10:00 AM pfSense Packages Feature #10665 (Resolved): Manual OSPF neighbor definitions: OSPF interface modes "non-broadcast" and "point-to-miltipoint" rely on being able to manually define specific OSPF ne... Jim Pingle
09:34 AM Bug #10558: Multicast daemons work at boot, but fail if restarted: Understood..
Thanks for the follow up and info. Anything you can do from your side to draw some attention to it wo... Marc J
08:34 AM Bug #10558: Multicast daemons work at boot, but fail if restarted: That FreeBSD bug report does appear to be related, we'll try to draw some attention to that.
> -Basically, I am as... Jim Pingle
09:20 AM Bug #10660: PHP errors in the traffic shaper wizard: I'd at least expected the UI to load instead of just showing an full-screen error and forcing me to revert using back... Vincent Jansen
08:22 AM Bug #10660: PHP errors in the traffic shaper wizard: That is most likely because, as Viktor noted, you tried to use % bandwidth on an interface that can't properly identi... Jim Pingle
08:52 AM Bug #10663 (Not a Bug): dhcpd issues duplicate addresses in certain situations on 2.4.5-p1 in HA mode.: Jim Pingle
08:42 AM Feature #9891: QLogic 10 Gigabit Ethernet driver (qlxgb): It is present in the kernel config and in the kernel. Same output as on 2.4.5-p1 in my comment above.
Note that th... Jim Pingle
08:36 AM Bug #9435 (Feedback): Dynamic DNS Update events do not occur after certain failover event cases: PR merged Jim Pingle
07:49 AM Bug #9435 (Pull Request Review): Dynamic DNS Update events do not occur after certain failover event cases: Jim Pingle
08:26 AM Bug #10661 (Pull Request Review): pfSense configures fe80::1:1 on lan interface without track6: Jim Pingle
08:23 AM Feature #9155 (Pull Request Review): Add driver bnxt for Broadcom NetXtreme interfaces: Jim Pingle
07:59 AM Bug #10664 (Not a Bug): After 2.4.5_1 upgrade OpenVPN connections started leaking WAN IP DNS: There is not nearly enough detail here to classify this as a bug and not a symptom of some other problem. It sounds m... Jim Pingle
04:48 AM Bug #10664 (Not a Bug): After 2.4.5_1 upgrade OpenVPN connections started leaking WAN IP DNS: I was fiddling with browsers x webrtc leaks and then I found out that all OpenVPN connections were leaking my WAN IP ... Averium Prog
07:38 AM Bug #7725: Support for iwm: imho it would have been better to compile them out as modules instead
there is the possibility that the wrong driv... Manuel Piovan

06/14/2020

07:54 PM Revision d6eecfdc: DynDNS gateway group fix. Issue #9435: Viktor Gurov
04:11 PM Bug #9435: Dynamic DNS Update events do not occur after certain failover event cases: Thanks. Manually applied the commit and PHP dump is gone on reboot. Ronald Schellberg
02:58 PM Bug #9435: Dynamic DNS Update events do not occur after certain failover event cases: Ronald Schellberg wrote:
> The PR/Commit is triggering PHP errors on booting, see "PHP Errors after latest update (a... Viktor Gurov
11:06 AM Bug #9435: Dynamic DNS Update events do not occur after certain failover event cases: The PR/Commit is triggering PHP errors on booting, see "PHP Errors after latest update (amd64) built on Thu Jun 11 13... Ronald Schellberg
12:50 PM Bug #10663: dhcpd issues duplicate addresses in certain situations on 2.4.5-p1 in HA mode.: After further investigation, here is what occurred:
1. We previously used a combination of ifupdown and network ma... Chris Apsey
11:44 AM Bug #10663 (Not a Bug): dhcpd issues duplicate addresses in certain situations on 2.4.5-p1 in HA mode.: Ref: https://www.reddit.com/r/PFSENSE/comments/h8mwpn/dhcp_in_ha_mode_issuing_duplicate_addresses_in/?utm_source=shar... Chris Apsey
12:19 PM Bug #10558: Multicast daemons work at boot, but fail if restarted: Hello,
I completely agree that this problem is almost certain related to the FreeBSD bug
https://bugs.freebsd.o... Louis B
07:19 AM Bug #10558: Multicast daemons work at boot, but fail if restarted: Jim Pingle wrote:
> It might be that it only runs the first time after a reboot and anything that triggers the servi... Marc J
11:10 AM Feature #6626: Support for IPv6 firewall entries with dynamic delegated prefix and static host address: Some form of management for dynamic PD for IPv6 would be nice. It seems there are several, maybe many, ISPs that are ... Netnewb net
08:08 AM Feature #6626: Support for IPv6 firewall entries with dynamic delegated prefix and static host address: This issue should get a higher priority IMO. It renders IPv6 pretty much inoperable on (domestic) connections with ch... mpfusion _

06/13/2020

12:46 PM Bug #10662 (Resolved): Restoring from AutoConfigBackup presents reboot type selection option then reboots automatically: When restoring an AutoConfigBackup a "Yes" to reboot button is presented followed by a pulldown menu of the reboot st... Chris Linstruth
12:30 PM Revision 2bdf0364: Remove fe80::1:1 from interface. Issue #10661: Viktor Gurov
12:16 PM Bug #10660: PHP errors in the traffic shaper wizard: Opt1 = openvpn Vincent Jansen
11:53 AM Bug #10660: PHP errors in the traffic shaper wizard: Vincent Jansen wrote:
> 2.4.5-p1
What is your interface?
I got the same issue with _vtnet_ interface
This m... Viktor Gurov
11:37 AM Bug #10660: PHP errors in the traffic shaper wizard: Fix:
https://github.com/pfsense/pfsense/pull/4355 Viktor Gurov
09:55 AM Bug #10661: pfSense configures fe80::1:1 on lan interface without track6: Viktor Gurov wrote:
> but when I go to the Interfaces / LAN page, it shows IPv6 Configuration Type = None,
> becaus... Viktor Gurov
07:33 AM Bug #10661: pfSense configures fe80::1:1 on lan interface without track6: Remove fe80::1:1 alias from interface in interface_configure() "remove all IPv4 and IPv6 addresses" loop:
https://gi... Viktor Gurov
04:53 AM Bug #10661: pfSense configures fe80::1:1 on lan interface without track6: Found the issue -
on initial interface setup in console, it automatically set
DHCP + DHCP6 on the WAN interface, a... Viktor Gurov
04:10 AM Bug #10661 (Resolved): pfSense configures fe80::1:1 on lan interface without track6: While creating CARP IPv6 VIP interface on clean pfSense CE 2.4.5-p1 install,
I noticed that both nodes have fe80::1:... Viktor Gurov
01:49 AM Feature #9891: QLogic 10 Gigabit Ethernet driver (qlxgb): not present in 2.5 Viktor Gurov
01:46 AM Feature #9155: Add driver bnxt for Broadcom NetXtreme interfaces: https://github.com/pfsense/FreeBSD-src/pull/33 Viktor Gurov

06/12/2020

06:53 PM Bug #10660: PHP errors in the traffic shaper wizard: 2.4.5-p1 Vincent Jansen
06:51 PM Bug #10660: PHP errors in the traffic shaper wizard: % on opt1 was issue. Using mbps fixed it. Vincent Jansen
06:47 PM Bug #10660 (Resolved): PHP errors in the traffic shaper wizard: Created a shaper on interface, did not apply, set bandwidth to "100%", clicked apply
Cannot open firewall_shaper.php... Vincent Jansen
06:34 PM Bug #10636 (Resolved): The firmware table is filled: Looks good now.... Steve Wheeler
07:24 AM Bug #10636 (Feedback): The firmware table is filled: Jens Leinenbach wrote:
> Well the problem should be gone with the next FreeBSD version:
> https://github.com/freebs... Renato Botelho
07:02 AM Bug #10636: The firmware table is filled: Well the problem should be gone with the next FreeBSD version:
https://github.com/freebsd/freebsd/commit/7dfd7b3b1a0... Jens Leinenbach
06:57 AM Bug #10636: The firmware table is filled: I get the same error messages and some seem to be successful with FIRMWARE_MAX 100.
There is a similar discussion he... Jens Leinenbach
01:40 PM Todo #10659 (Resolved): PHP: Update to 7.4.x: Move PHP to 7.4.x Renato Botelho
09:50 AM pfSense Packages Bug #10656 (Pull Request Review): Acme letsencrypt doesn't change private key type: Jim Pingle
07:39 AM pfSense Packages Bug #10656: Acme letsencrypt doesn't change private key type: Fix:
https://github.com/pfsense/FreeBSD-ports/pull/881 Viktor Gurov
06:45 AM pfSense Packages Bug #10656 (Confirmed): Acme letsencrypt doesn't change private key type: Right, got the same issue Viktor Gurov
05:56 AM pfSense Packages Bug #10656: Acme letsencrypt doesn't change private key type: It isn't really a duplicate of that bug. The fallout of that bug sets up the conditions where you might want to chan... Howard Holm
12:23 AM pfSense Packages Bug #10656 (Rejected): Acme letsencrypt doesn't change private key type: Duplicate of #10655
Please add any additional comments to that issue. Viktor Gurov
09:44 AM pfSense Packages Bug #10654 (Pull Request Review): Whitelisted domains starting with a dot are ignored: Jim Pingle
06:48 AM pfSense Packages Bug #10654: Whitelisted domains starting with a dot are ignored: Fix:
https://github.com/pfsense/FreeBSD-ports/pull/880 Viktor Gurov
09:42 AM pfSense Packages Bug #10657 (Pull Request Review): FRR: AS-Path Filter doesn't work anymore: Jim Pingle
04:58 AM pfSense Packages Bug #10657: FRR: AS-Path Filter doesn't work anymore: Correct, see http://docs.frrouting.org/en/latest/bgp.html#as-path-access-lists
Fix:
https://github.com/pfsense/Fr... Viktor Gurov
04:21 AM pfSense Packages Bug #10657: FRR: AS-Path Filter doesn't work anymore: Syntax for as-path acl has changed in frr ...
Now it's ... Luki TJ
03:54 AM pfSense Packages Bug #10657 (Resolved): FRR: AS-Path Filter doesn't work anymore: Hi,
after upgrade from 2.4.4_p3 to 2.4.5_p1 route-maps for BGP metric altering based on AS-Path match don't work a... Luki TJ
09:41 AM pfSense Packages Bug #10655 (Resolved): ntopng fails with letsencrypt ECC certificates: If it works on the latest ntopng then it's already been fixed upstream. It may also be fixed by the newer OpenSSL on ... Jim Pingle
04:40 AM pfSense Packages Bug #10655: ntopng fails with letsencrypt ECC certificates: It seems ntopng 3.8 issue, is the same error ERR_SSL_VERSION_OR_CIPHER_MISMATCH with EC-256 certificate
but there ... Viktor Gurov
09:40 AM pfSense Packages Bug #8688 (Pull Request Review): Pass List Snort: Jim Pingle
01:38 AM pfSense Packages Bug #8688: Pass List Snort: https://github.com/pfsense/FreeBSD-ports/pull/878
see also #10493 Viktor Gurov
07:12 AM pfSense Packages Feature #10557 (Resolved): Add Zabbix 5.0 LTS (agent and proxy) packages: Renato Botelho
05:23 AM Feature #10658 (Resolved): Allow to generate ECDSA certs on User Manager page: Currently, if you are creating a new user on the system_usermanager.php?act=new page,
'Click to create a user certif... Viktor Gurov

06/11/2020

09:49 PM pfSense Packages Bug #10656 (Closed): Acme letsencrypt doesn't change private key type: As alluded to in this year and a half old post (https://forum.netgate.com/topic/116404/ntopng-and-let-s-encrypt-certi... Howard Holm
09:43 PM pfSense Packages Bug #10655 (Resolved): ntopng fails with letsencrypt ECC certificates: Configuring ntopng to use letsencrypt certificates (via the Acme package) works with default RSA 2048 bit certificate... Howard Holm
05:40 PM Revision 26665a25: Add Zabbix 5 config options: (cherry picked from commit 82376829119b61f9ab8eb81a82a2962e847c1c06) Danilo Baio
01:05 PM pfSense Packages Feature #10557: Add Zabbix 5.0 LTS (agent and proxy) packages: Seems to work for me Pim Janssen
12:55 PM pfSense Packages Feature #10557: Add Zabbix 5.0 LTS (agent and proxy) packages: Danilo Baio wrote:
> Yes, it's missing zabbix config options for the 2.4.5 packages:
> https://github.com/pfsense/F... Danilo Baio
12:31 PM pfSense Packages Feature #10557: Add Zabbix 5.0 LTS (agent and proxy) packages: Pim Janssen wrote:
> Thanks, i just upgraded my zabbix-proxy on pfsense.
> Now i am getting the following error:
>... Danilo Baio
11:55 AM pfSense Packages Feature #10557: Add Zabbix 5.0 LTS (agent and proxy) packages: Thanks, i just upgraded my zabbix-proxy on pfsense.
Now i am getting the following error:
`connection to database '... Pim Janssen
11:04 AM pfSense Packages Bug #10654 (Resolved): Whitelisted domains starting with a dot are ignored: https://forum.netgate.com/topic/153933/solved-squid-0-4-44_25-assertion-failed-http-cc-1533-comm-monitorsread-serverc... Viktor Gurov
09:58 AM pfSense Packages Bug #10146 (Resolved): squid4 obsolete options: OK - no NO_SSLv2 option in squid pkg 0.4.44_26 Viktor Gurov
09:55 AM Bug #10625 (Resolved): PFTop filter hide: works as expected on 2.5.0.a.20200611.0650 Viktor Gurov
08:50 AM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: The latest 2.5.0 snapshot now contains miniupnpd-2.2.0.r1,1 for testing Jim Pingle
08:21 AM Bug #10565: WAN_DHCP6 Stuck Pending / Unknown: I just upgraded from 2.4.5 to 2.4.5-RELEASE-p1 and now I am seeing the same issue. I have 3 gateways--ipv4 and ipv6 ... Thomas Clark
08:05 AM Bug #1353 (Pull Request Review): Number of queues possible: Jim Pingle
01:56 AM Bug #1353: Number of queues possible: error on the latest snapshot:... Viktor Gurov
06:52 AM Revision cd0c9e11: PRIQ queue array check. Issue #1353: Viktor Gurov
06:39 AM pfSense Docs Correction #10648: Feedback on IPsec — Mobile IPsec — Windows IKEv2 Client Configuration: need to add more info about Win10 rekeying issue:
https://wiki.strongswan.org/issues/3400 Viktor Gurov
04:38 AM pfSense Packages Feature #9874 (Resolved): safesearch enforcing: link is ok now Viktor Gurov
04:37 AM pfSense Packages Feature #10627 (Resolved): add Yandex Site Checker link: works as expected on the latest pfBlockerNG-devel Viktor Gurov
04:02 AM Bug #10337 (Closed): OpenVPN CSO changes require server restart: no such issue on 2.4.5-p1 and the latest 2.5
this seems to be fixed in OpenVPN 2.4.9 Viktor Gurov
01:21 AM pfSense Packages Feature #10653 (New): Allow to download frr_status: Add a button on the status_frr.php page to load all the frr status output as a txt file. Viktor Gurov
01:08 AM pfSense Packages Feature #10628 (Resolved): Allow to change url_rewrite_children options: pfSense-pkg-squidGuard-1.16.18_6 works as expected Viktor Gurov

06/10/2020

06:09 PM Revision 6b624e41: Merge pull request #4327 from vktg/prioinputvalid: Renato Botelho
05:28 PM pfSense Packages Bug #10642: ACME certificate renewal with DNS-Gandi method fails when using multiple Gandi keys: I don't have SSH access to the router, so unfortunately I cannot run acme.sh outside pfSense. I suppose the answer li... Oriane Tury
05:24 PM Revision e2456a7a: Fix syntax error in shaper.inc: Jim Pingle
05:01 PM Revision 7e4e04ef: Fix duplicate upgrade function. Fixes #10652: Jim Pingle
04:51 PM Revision b0f0993d: PRIQ queue input validation. Issue #1353: Viktor Gurov
04:04 PM Revision f266729e: Enable build of zabbix 5 packages: Renato Botelho
04:04 PM Revision 24d814e0: Enable build of zabbix 5 packages: Renato Botelho
03:18 PM Revision e1c689ee: OpenVPN TCP client fix. Issue #10650: (cherry picked from commit 6ac20ad3db7bcb34ab72dcb16ced6c1e89802595) Viktor Gurov
03:04 PM Revision f4311a4f: Merge pull request #4321 from vktg/sanitizeacme: Renato Botelho
03:04 PM Revision 71d6bb91: Merge pull request #4322 from vktg/captivedisableperuserbw: Renato Botelho
03:04 PM Revision 5d40d3a8: Merge pull request #4323 from vktg/captiveautomacfix: Renato Botelho
03:04 PM Revision d2b35ca7: Merge pull request #4324 from vktg/statusl2tp: Renato Botelho
03:03 PM Revision 5a649783: Merge pull request #4352 from vktg/ovpntcpfix: Renato Botelho
02:56 PM Revision 057fd00a: Merge pull request #4328 from vktg/dnqueuerename: Renato Botelho
02:55 PM Revision bb2f2ab3: Merge pull request #4329 from vktg/gwhover: Renato Botelho
02:53 PM Revision 7b1ec2a4: Merge pull request #4335 from vktg/qlxgbaltq: Renato Botelho
02:52 PM Revision 4e164672: Merge pull request #4332 from vktg/gwfoverdyndns: Renato Botelho
02:51 PM Revision c1224a09: Merge pull request #4330 from vktg/doublerootqueuefix: Renato Botelho
02:49 PM Revision 79e269c9: Merge pull request #4337 from vktg/pppoehostuniq: Renato Botelho
02:45 PM Revision a7db13ac: Merge pull request #4150 from Augustin-FL/captiveportal-db-sync: Renato Botelho
02:33 PM Revision 0a904b81: Merge pull request #4338 from vktg/conferrorfix: Renato Botelho
02:31 PM Revision 57bb85a3: Merge pull request #4340 from vktg/6rd6to4mtu: Renato Botelho
02:30 PM Revision 6ac20ad3: OpenVPN TCP client fix. Issue #10650: Viktor Gurov
02:30 PM Revision b7f20acb: Merge pull request #4341 from vktg/6rdfloatfwfix: Renato Botelho
02:29 PM Revision 92b7987b: Merge pull request #4334 from csobankesmarki/master: Renato Botelho
02:27 PM Revision ded0357a: Merge pull request #4342 from vktg/6rddyndns: Renato Botelho
02:24 PM Revision e68308ae: Merge pull request #4343 from vktg/cleanupshapercode: Renato Botelho
02:23 PM Revision 5825b481: Merge pull request #4344 from einichi/master: Renato Botelho
02:22 PM Revision 7c5c9f90: PFTop filter hide for non-states views. Issue #10625: (cherry picked from commit 253102fd66c35762a28d44ceffdfba7f1752fcda) Viktor Gurov
02:22 PM Revision 7ca3a30c: Merge pull request #4345 from vktg/pftopview: Renato Botelho
02:21 PM Revision 47b10da2: Do not show stf(6RD/6to4) interface as parent physical. Issue #10626: (cherry picked from commit d764f8fc68f603eb164b830af9c7c7a4125d21fa) Viktor Gurov
02:21 PM Revision ccd9caac: Merge pull request #4346 from vktg/hidestfint: Renato Botelho
02:19 PM Revision f37ca3fc: Merge pull request #4347 from vktg/gifgreparentvlan: Renato Botelho
02:17 PM Revision 2d0b5798: Merge pull request #4348 from vktg/noreassign: Renato Botelho
02:15 PM Revision 61e98e28: Merge pull request #4339 from bailsman/rc-initial-multiple-parameters: Renato Botelho
02:14 PM Revision a0a6a205: Merge pull request #4349 from dbaio/zabbix5: Renato Botelho
02:12 PM Revision aed29c3b: Merge pull request #4351 from vktg/ovpnpushremove: Renato Botelho
01:29 PM Feature #7727 (Feedback): uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: Jim Pingle
01:28 PM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: We have added the 2.2.0-RC1 version of miniupnpd to the repository for pfSense 2.5.0 and so it should be included in ... Jim Pingle
01:12 PM Bug #9647: hn0: driver does not support altq: Luiz, can you check this one please?
Renato Botelho
01:09 PM Bug #1353 (Feedback): Number of queues possible: PR has been merged. Thanks! Renato Botelho
12:56 PM pfSense Packages Bug #10649: OpenVPN Cllient Export Wizard Using Wrong Root CA Certificate: Jim Pingle wrote:
> That particular document is outdated, the Cert Manager supports forming chains on its own now. I... Dennis Adler
12:15 PM pfSense Packages Bug #10649: OpenVPN Cllient Export Wizard Using Wrong Root CA Certificate: That particular document is outdated, the Cert Manager supports forming chains on its own now. I have a setup with in... Jim Pingle
12:10 PM pfSense Packages Bug #10649: OpenVPN Cllient Export Wizard Using Wrong Root CA Certificate: > Either your CA/Cert subjects are not unique and it formed an incorrect internal association on import, or you impor... Dennis Adler
08:42 AM pfSense Packages Bug #10649 (Not a Bug): OpenVPN Cllient Export Wizard Using Wrong Root CA Certificate: Either your CA/Cert subjects are not unique and it formed an incorrect internal association on import, or you importe... Jim Pingle
04:07 AM pfSense Packages Bug #10649: OpenVPN Cllient Export Wizard Using Wrong Root CA Certificate: Note: I posted this initially on the Netgate forums. Several views but no feedback. Perhaps not many people set up a ... Dennis Adler
04:05 AM pfSense Packages Bug #10649 (Not a Bug): OpenVPN Cllient Export Wizard Using Wrong Root CA Certificate: This occurs using pfSense 2.4.5-RELEASE (arm) on an SG-3100. OpenVPN CE Wizard v1.4.23.
I had two Root CAs in pfSe... Dennis Adler
12:10 PM Bug #10652 (Feedback): Duplicate upgrade_203_to_204() function in upgrade_config.inc: Applied in changeset commit:7e4e04efe923bcdfd3fe11ba4cf0a068714078bc. Jim Pingle
12:01 PM Bug #10652 (Resolved): Duplicate upgrade_203_to_204() function in upgrade_config.inc: After merging PR 4150, there are two @upgrade_203_to_204()@ functions, the newly merged one needs changed to @upgrade... Jim Pingle
11:32 AM Feature #10651: Remove/replace deprecated OpenVPN options: Pippin MMD wrote:
> From today's meeting:
> "(13:45:40) dazo: We also need to un-deprecate comp-lzo in the wiki"
... Jim Pingle
11:25 AM Feature #10651: Remove/replace deprecated OpenVPN options: From today's meeting:
"(13:45:40) dazo: We also need to un-deprecate comp-lzo in the wiki"
https://community.open... Pippin MMD
10:19 AM Feature #10651: Remove/replace deprecated OpenVPN options: We already have options for the new compress style. The older options are still there as well, but they can stay unti... Jim Pingle
10:17 AM Feature #10651 (New): Remove/replace deprecated OpenVPN options: some changes from https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst:... Viktor Gurov
11:04 AM pfSense Packages Feature #10557 (Feedback): Add Zabbix 5.0 LTS (agent and proxy) packages: PR has been merged. Thanks! Renato Botelho
11:01 AM pfSense Packages Feature #9874 (Feedback): safesearch enforcing: PR has been merged. Thanks! Renato Botelho
10:53 AM pfSense Packages Feature #10628 (Feedback): Allow to change url_rewrite_children options: PR has been merged. Thanks! Renato Botelho
10:53 AM pfSense Packages Feature #10627 (Feedback): add Yandex Site Checker link: PR has been merged. Thanks! Renato Botelho
10:52 AM pfSense Packages Feature #10618 (Feedback): Set sysDescr the same as bsnmpd unless overriden with net-snmp: PR has been merged. Thanks! Renato Botelho
10:51 AM pfSense Packages Bug #10146 (Feedback): squid4 obsolete options: PR has been merged. Thanks! Renato Botelho
10:50 AM pfSense Packages Bug #5168 (Feedback): squid doesn't function during/after HA failover: PR has been merged. Thanks! Renato Botelho
10:49 AM pfSense Packages Feature #9793 (Feedback): Add support for HAProxy ACLs "src -f /ipalias.lst" to use pfBlockerNG IP Alias Native: PR has been merged. Thanks! Renato Botelho
10:48 AM pfSense Packages Feature #8727 (Feedback): Clone button in cron pkg: PR has been merged. Thanks! Renato Botelho
10:11 AM pfSense Packages Bug #10647 (Feedback): FRR BGP Advanced > Aggregated Addresses ignores ipv6 subnets: PR has been merged. Thanks! Renato Botelho
09:19 AM pfSense Packages Bug #10647 (Pull Request Review): FRR BGP Advanced > Aggregated Addresses ignores ipv6 subnets: Jim Pingle
01:48 AM pfSense Packages Bug #10647: FRR BGP Advanced > Aggregated Addresses ignores ipv6 subnets: Fix:
https://github.com/pfsense/FreeBSD-ports/pull/877 Viktor Gurov
10:04 AM Bug #10650 (Feedback): OpenVPN TCP in 2.4.5-p1 not working: PR has been merged. Thanks! Renato Botelho
09:02 AM Bug #10650 (Pull Request Review): OpenVPN TCP in 2.4.5-p1 not working: Jim Pingle
08:55 AM Bug #10650: OpenVPN TCP in 2.4.5-p1 not working: https://github.com/pfsense/pfsense/pull/4352 Viktor Gurov
08:50 AM Bug #10650 (Resolved): OpenVPN TCP in 2.4.5-p1 not working: https://forum.netgate.com/topic/154365/openvpn-tcp-in-2-4-5-p1-not-working:
Hi, just upgraded to 2.4.5p1 last night ... Viktor Gurov
10:04 AM Feature #10583 (Feedback): status.php: Add L2TP VPN configuration: PR has been merged. Thanks! Renato Botelho
10:04 AM Bug #9933 (Feedback): Captive Portal + Voucher not keeping auto-added "Pass-through MAC Auto Entry": PR has been merged. Thanks! Renato Botelho
10:04 AM Bug #9311 (Feedback): Captive Portal continues to limit per-user bandwidth when not enabled: PR has been merged. Thanks! Renato Botelho
10:04 AM Bug #10569 (Feedback): Sanitize ACME passwords: PR has been merged. Thanks! Renato Botelho
09:56 AM Bug #3924 (Feedback): Renaming limiters removes them from firewall rules: PR has been merged. Thanks! Renato Botelho
09:55 AM Feature #885 (Feedback): Show gateway/group IPs on mouseover: PR has been merged. Thanks! Renato Botelho
09:53 AM Bug #10594 (Feedback): add QLogic 10 Gigabit Ethernet driver (qlxgb) to the ALTQ-capable list: PR has been merged. Thanks! Renato Botelho
09:52 AM Bug #9435 (Feedback): Dynamic DNS Update events do not occur after certain failover event cases: PR has been merged. Thanks! Renato Botelho
09:50 AM Bug #3381 (Feedback): LAN interface root Queue Bandwidth calculation is exactly double the total of the other child queues: PR has been merged. Thanks! Renato Botelho
09:49 AM Feature #10597 (Feedback): Setting host-uniq for PPPoE: PR has been merged. Thanks! Renato Botelho
09:47 AM Feature #97 (Feedback): Captive Portal should sync its database to other members of clusters: PR has been merged. Thanks! Renato Botelho
09:47 AM Bug #8807 (Feedback): HA sync : files voucher_{$cpzone}.cfg and voucher_{$cpzone}.public are not created on save in /var/save when enabling vouchers on master.: PR has been merged. Thanks! Renato Botelho
09:47 AM Bug #8809 (Feedback): HA sync : changing a voucher roll on master does not reset active tickets on slave.: PR has been merged. Thanks! Renato Botelho
09:47 AM Bug #9303 (Feedback): HA sync : disabling captive portal HA sync does remove all zones on slave: PR has been merged. Thanks! Renato Botelho
09:34 AM Feature #10556 (Feedback): Change action on 'XML configuration file not found' error: PR has been merged. Thanks! Renato Botelho
09:31 AM Feature #6377 (Feedback): 6rd ipv6 tunnel: MTU settings not editable and not correlated to interface MTU (hardcoded to 1280): PR has been merged. Thanks! Renato Botelho
09:30 AM Bug #7142 (Feedback): IPv6: Floating rules on 6rd enabled WAN interfaces doesn't get bound to wan_stf: PR has been merged. Thanks! Renato Botelho
09:29 AM Bug #10592 (Feedback): DigitalOcean DNS update adds new DNS record instead of update: PR has been merged. Thanks! Renato Botelho
09:27 AM Bug #9641 (Feedback): Dynamic DNS cannot update AAAA records on 6rd tunnel interfaces bound to PPPoE interfaces: PR has been merged. Thanks! Renato Botelho
09:24 AM Bug #10613 (Feedback): cleanup status_queues.php code: PR has been merged. Thanks! Renato Botelho
09:23 AM Feature #10617 (Feedback): freeDNS Dynamic DNS API v2 Support: PR has been merged. Thanks! Renato Botelho
09:22 AM Bug #10625 (Feedback): PFTop filter hide: PR has been merged. Thanks! Renato Botelho
09:20 AM Bug #10626 (Feedback): get_interface_list() shows _stf (6RD/6to4) interfaces as parent: PR has been merged. Thanks! Renato Botelho
09:20 AM Bug #10623 (Feedback): Wrong Route configured for GIF interface on VLAN on LAGG: PR has been merged. Thanks! Renato Botelho
09:17 AM Bug #10383 (Feedback): Additional interfaces do not survive a reboot before the setup wizard has been run: PR has been merged. Thanks! Renato Botelho
09:15 AM Feature #10603 (Feedback): Handle -c commands with arguments in rc.initial: PR has been merged. Thanks! Renato Botelho
09:14 AM pfSense Docs Correction #10648 (Pull Request Review): Feedback on IPsec — Mobile IPsec — Windows IKEv2 Client Configuration: Jim Pingle
02:12 AM pfSense Docs Correction #10648: Feedback on IPsec — Mobile IPsec — Windows IKEv2 Client Configuration: https://gitlab.netgate.com/docs/pfSense-book/-/merge_requests/6 Viktor Gurov
12:18 AM pfSense Docs Correction #10648 (Closed): Feedback on IPsec — Mobile IPsec — Windows IKEv2 Client Configuration: *Page:* https://docs.netgate.com/pfsense/en/latest/book/ipsec/mobile-ipsec-client-windows.html
*Feedback:*
need... Viktor Gurov
09:13 AM Feature #9702 (Feedback): OpenVPN "push-reset" option in Client Specific Override breaks "subnet" topology: PR has been merged. Thanks! Renato Botelho
09:07 AM Feature #9702 (Pull Request Review): OpenVPN "push-reset" option in Client Specific Override breaks "subnet" topology: Jim Pingle
03:53 AM Feature #9702: OpenVPN "push-reset" option in Client Specific Override breaks "subnet" topology: https://github.com/pfsense/pfsense/pull/4351 Viktor Gurov
08:49 AM Revision 8d44d56a: OpenVPN CSO remove routes option. Implements #9702: Viktor Gurov
06:13 AM pfSense Packages Feature #10599: Add support for hitless-reloads of HAproxy config: Thanks and sorry, missed it DRago_Angel [InV@DER]
05:40 AM pfSense Packages Feature #10599 (Rejected): Add support for hitless-reloads of HAproxy config: Already supported:
see https://github.com/pfsense/FreeBSD-ports/blob/76396719e6e1b7c0c54dc70c2bb91c127a7ff8c4/net/... Viktor Gurov

06/09/2020

02:36 PM pfSense Packages Bug #10647 (Resolved): FRR BGP Advanced > Aggregated Addresses ignores ipv6 subnets: The php script generating the bgp.conf file only writes out the configuration if the subnet is an ipv4 subnet: https:... Max Maton
11:49 AM pfSense Packages Bug #10646 (Resolved): Reinstall package process stalls at pfBlockerNG when restoring a config: The package install process for pfBlockerNG completes but the processes do not close out preventing subsequent packag... Steve Wheeler
11:17 AM Feature #10645 (New): Choosing active repo after restoring config but before starting pkgs auto-installing: The current behavior is if a certain repo is set, config contains an entry for this, like @<pkg_repo_conf_path>/usr/l... Constantine Kormashev
09:14 AM Feature #10644: Feature request: MAC-based VLAN: You setup trunking between pfSense and your switch. All VLANs are carried on a single port.
This site is not for s... Jim Pingle
09:07 AM Feature #10644: Feature request: MAC-based VLAN: Jim Pingle wrote:
> That would be done on your switch (L2), not a firewall.
But the only way to manage multiple V... Christian Clark
08:57 AM Feature #10644 (Rejected): Feature request: MAC-based VLAN: That would be done on your switch (L2), not a firewall. Jim Pingle
08:50 AM Feature #10644 (Rejected): Feature request: MAC-based VLAN: Using the instructions here (https://docs.netgate.com/pfsense/en/latest/development/requesting-new-pfsense-features.h... Christian Clark
07:55 AM pfSense Packages Bug #10642: ACME certificate renewal with DNS-Gandi method fails when using multiple Gandi keys: Have you tried doing this with acme.sh on its own (not through pfSense)? It may be a problem in the Gandi script, it ... Jim Pingle
07:24 AM pfSense Docs Correction #10643 (Closed): Feedback on Routing and Multi-WAN — Gateway Settings: *Page:* https://docs.netgate.com/pfsense/en/latest/routing/gateway-configure.html
*Feedback:*
This doesn't seem t... Steve Scott

06/08/2020

03:17 PM pfSense Packages Bug #10642 (Duplicate): ACME certificate renewal with DNS-Gandi method fails when using multiple Gandi keys: With the ACME service, when trying to issue/renew a certificate on 2 domain names (or more) using the DNS-Gandi Live ... Oriane Tury
10:52 AM Bug #10558 (Confirmed): Multicast daemons work at boot, but fail if restarted: Jim Pingle
09:19 AM Feature #10641: Move logic code outside of /usr/local/www: Ok, thanks for your answer.
Let us know if we can contribute in any way to your long term plan to release an API (... Frederic Bor
08:31 AM Feature #10641 (Closed): Move logic code outside of /usr/local/www: That's part of a longer term plan for rewrite/integrating an API/etc. We'd rather not do it piecemeal in this fashion. Jim Pingle
09:11 AM pfSense Packages Feature #10640 (Rejected): Request addition of ZNC to Package Manager available packages: In my opinion, that kind of service is a poor fit for a firewall. Especially given its "poor security history":https:... Jim Pingle
09:06 AM Bug #9647 (Pull Request Review): hn0: driver does not support altq: Jim Pingle
09:05 AM Feature #7095 (Pull Request Review): Improve Remote Gateway field description for IPSec VPN Phase 1: Jim Pingle
08:45 AM Feature #10639 (Pull Request Review): Add rtwn(4) wireless support: Jim Pingle
08:41 AM pfSense Packages Feature #10557 (Pull Request Review): Add Zabbix 5.0 LTS (agent and proxy) packages: Jim Pingle

06/07/2020

04:01 PM Bug #9643: Limiters do not function properly on 2.5 snapshots: I'm having the same issue, running on a VK-T40E:
2.5.0.a.20200603.1253
If I enable the floating rule, I lose al... Tom Fuke
03:43 PM Feature #10641 (Closed): Move logic code outside of /usr/local/www: Hello,
We are developping ansible modules for pfSense (https://github.com/opoplawski/ansible-pfsense). Since there... Frederic Bor

06/06/2020

04:24 PM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: Thomas BERNARD wrote:
> please test with miniupnpd-2.2.0-RC1.tar.gz
> released on https://miniupnp.tuxfamily.org/fi... Marc 05
01:36 PM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: please test with miniupnpd-2.2.0-RC1.tar.gz
released on https://miniupnp.tuxfamily.org/files/ Thomas BERNARD
02:40 PM pfSense Packages Feature #10640 (Rejected): Request addition of ZNC to Package Manager available packages: I would like to request the addition of the ZNC package for installation via the pfSense Package Manager, pfSense rel... Murray Williams
11:30 AM Bug #9647: hn0: driver does not support altq: https://github.com/pfsense/FreeBSD-src/pull/32 Viktor Gurov
09:23 AM Bug #10638: ipsec VTI interface not setting tunnel parameters when phase1 Remote Gateway is 0.0.0.0: > You can create Site-to-Site VPN and set 0.0.0.0 as remote gateway address, see #7095 and #7410
Yes that is what ... Tim Carre
08:16 AM Bug #10638: ipsec VTI interface not setting tunnel parameters when phase1 Remote Gateway is 0.0.0.0: Tim Carre wrote:
> Jim Pingle wrote:
> > No, the IP address must be present when the interface is created. You end ... Viktor Gurov
08:46 AM Feature #7095: Improve Remote Gateway field description for IPSec VPN Phase 1: https://github.com/pfsense/pfsense/pull/4350 Viktor Gurov
05:36 AM Bug #8087: Provide Calling-Station-ID to RADIUS backed VPN connections: Calling-Station-Id is already supported by EAP-RADIUS strongswan plugin, see https://wiki.strongswan.org/projects/str... Viktor Gurov
02:23 AM Feature #10639: Add rtwn(4) wireless support: The current conf works with only with FreeBSD 11:
https://www.freebsd.org/cgi/man.cgi?query=rtwn&apropos=0&sektion=4... Viktor Gurov
01:40 AM Feature #10639 (Resolved): Add rtwn(4) wireless support: Current 2.5 kernel contains only rtwn firmwares:... Viktor Gurov

Also available in: Atom

Project

General

Profile

pfSense

Activity

Activity

07/05/2020

07/04/2020

07/03/2020

07/02/2020

07/01/2020

06/30/2020

06/29/2020

06/28/2020

06/27/2020

06/26/2020

06/25/2020

06/24/2020

06/23/2020

06/22/2020

06/21/2020

06/20/2020

06/19/2020

06/18/2020

06/17/2020

06/16/2020

06/15/2020

06/14/2020

06/13/2020

06/12/2020

06/11/2020

06/10/2020

06/09/2020

06/08/2020

06/07/2020

06/06/2020