Project

General

Profile

Activity

From 06/21/2020 to 07/20/2020

07/20/2020

05:40 PM Bug #9413 (Feedback): VLAN driver missing ALTQ support
ALTQ support committed to 2.5 branch.
Please test with the next snapshot. Luiz Souza
02:56 PM Bug #9647 (Resolved): hn0: driver does not support altq
Luiz Souza
02:02 PM pfSense Packages Bug #10775 (Pull Request Review): pfblockerNG SBL_ADs and hpHosts are not reachable anymore
Jim Pingle
03:57 AM pfSense Packages Bug #10775: pfblockerNG SBL_ADs and hpHosts are not reachable anymore
*Remove:*
Abuse Ransomware Tracker:... Viktor Gurov
01:46 AM pfSense Packages Bug #10775: pfblockerNG SBL_ADs and hpHosts are not reachable anymore
Comments:
https://forums.malwarebytes.com/topic/258056-hosts-filenet-domain-lists-are-broken-what-happened/
https:/... Viktor Gurov
02:01 PM pfSense Packages Feature #10769 (Pull Request Review): Prevent users from creating new ACMEv1 keys
Jim Pingle
12:59 PM Bug #9663 (Resolved): panic on boot when IPv6 option "Do not wait for a RA" is enabled
Renato Botelho
12:30 PM Bug #9663: panic on boot when IPv6 option "Do not wait for a RA" is enabled
I can confirm that the issue is gone with 2.5
Can be closed. Michael Geiger
12:02 PM pfSense Packages Feature #10779 (Resolved): HAProxy SSL/TLS Compatibility Mode
Allow to select SSL/TLS Compatibility Mode in the same manner as Squid SSL Proxy Compatibility Mode option.
Interm... Viktor Gurov
11:05 AM Bug #10772 (Not a Bug): Firewall Rules Lan to Floating Rules
This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
05:27 AM Bug #10772: Firewall Rules Lan to Floating Rules
Hi,
Wrong way, floating block rule have disconnect my lan rules.
D. V. David Verhaeghe
11:03 AM Bug #10776 (Feedback): filterlog: Loopback source/destination sometimes reports 127.0.0.1 as 127.0.01
Bertram,
Can you check and confirm that the form of the address you see in the log is not present on your interfac... Jim Pingle
10:46 AM Bug #10206: VIP alias-ip's disappear from nic (caused by running ifconfig twice.?.)
Jim Pingle wrote:
> FreeBSD dropped the /32 requirement years ago, though, and it's been working fine until recently... Ronald Schellberg
10:07 AM Bug #10206 (Feedback): VIP alias-ip's disappear from nic (caused by running ifconfig twice.?.)
FreeBSD dropped the /32 requirement years ago, though, and it's been working fine until recently. Still feels like a ... Jim Pingle
07:41 AM Bug #10206 (Not a Bug): VIP alias-ip's disappear from nic (caused by running ifconfig twice.?.)
Luiz Souza
07:40 AM Bug #10206: VIP alias-ip's disappear from nic (caused by running ifconfig twice.?.)
Louis van Breda wrote:
> Hello,
>
> Sometime I have the same verdict! If you see what happens during boot, things... Luiz Souza
07:37 AM Bug #10206: VIP alias-ip's disappear from nic (caused by running ifconfig twice.?.)
Ronald Schellberg wrote:
> I can reproduce it here
>
> @[2.5.0-DEVELOPMENT][root@Gateway.localdomain]/root: ifco... Luiz Souza
10:44 AM Bug #9577 (Resolved): radvd send_ra_forall failed on interface / can't join ipv6-allrouters
Jim Pingle
09:47 AM pfSense Docs Correction #10778 (Closed): Feedback on Virtual LANs (VLANs) — pfSense VLAN Configuration
*Page:* https://docs.netgate.com/pfsense/en/latest/book/vlan/pfsense-vlan-configuration.html
*Feedback:*
Bonj... DJIBRIL CISSE
04:55 AM Feature #9527 (Feedback): Add ability for LDAP extended query on groups in RFC2307 containers.
it works only if parent container is selected in the Authentication containers field, i.e.:
Authentication container... Viktor Gurov
01:07 AM Bug #8377 (Resolved): Traffic graph widget mouse over always shows b/s even when the value is in B/s
no such issue on 2.5,
seems to be fixed in #9072
 Viktor Gurov

07/19/2020

01:49 PM pfSense Docs Correction #10777 (Closed): SG-1100 Product Page mentions HA support
Product page for SG-1100 claims support for high-availability. This is a bullet point under the 'grows with you secti... Jordan G
01:37 PM Bug #10206: VIP alias-ip's disappear from nic (caused by running ifconfig twice.?.)
Hello,
Sometime I have the same verdict! If you see what happens during boot, things are beeing started *over and ... Louis B
10:35 AM Bug #10776 (Closed): filterlog: Loopback source/destination sometimes reports 127.0.0.1 as 127.0.01
I'm setting up remote logging of the pfSense filterlog to my ES server, and seems that some of the logs are failing t... Bertram Truong
05:48 AM pfSense Packages Bug #10775 (Resolved): pfblockerNG SBL_ADs and hpHosts are not reachable anymore
Following entries of pfblockerNG pkg are not reachable for a long time, we have some tickets and also I can see some ... Constantine Kormashev
03:55 AM pfSense Packages Bug #10692: PIMD starts twice at boot
As allready reported startup behavoir is not yet ok (pimd starting *5 times !!*). Hereby some info form today bootlog... Louis B

07/17/2020

03:42 PM Revision 14d2f872: Add a system option to handle the queue API usage in hn NICs.
A single queue is used in order to enable the ALTQ support, but some people may
prefer performance over the ALTQ feat... Luiz Souza
03:32 PM Revision b6d6cd61: 'hw.usb.no_pf' is deprecated now.
Luiz Souza
02:56 PM Revision 154a8854: Fix the repeated entries in loader.conf.
Ticket: #9647 Luiz Souza
02:10 PM pfSense Docs New Content #10774 (Resolved): Feedback on Installing and Upgrading — Upgrade Troubleshooting
*Page:* https://docs.netgate.com/pfsense/en/latest/troubleshooting/upgrades.html
*Feedback:* Please include the hi... Bouke Henstra
12:52 PM Bug #10773 (Resolved): if_em VLAN interfaces wont pass traffic after reboot
Post the merge of the remote-tracking branch 'origin/stable/12' into devel-12 on Jun 12th. if_em0 interfaces wont pas... Steve Harrington
12:00 PM Bug #10206: VIP alias-ip's disappear from nic (caused by running ifconfig twice.?.)
I can reproduce it here
@[2.5.0-DEVELOPMENT][root@Gateway.localdomain]/root: ifconfig em0
em0: flags=8843<UP,BRO... Ronald Schellberg
11:34 AM Bug #10206 (Feedback): VIP alias-ip's disappear from nic (caused by running ifconfig twice.?.)
I can't reproduce any of the two reported issues with a current 2.5 snapshots.
Repeated ifconfig commands for add ... Luiz Souza
11:46 AM Bug #10745: crashes/panics in pfsense 2.4.x FreeBSD 11.x with enabled IPSec and ipv4 forwarding
Luiz Souza wrote:
> This fix is already merged in our tree.
>
> Thanks!
can you please specify in which versio... Igor G
10:49 AM Bug #10745 (Resolved): crashes/panics in pfsense 2.4.x FreeBSD 11.x with enabled IPSec and ipv4 forwarding
This fix is already merged in our tree.
Thanks! Luiz Souza
11:46 AM Bug #8380: OpenVPN RADIUS password length is not constant
seems related to #4521 Viktor Gurov
11:45 AM Bug #9647: hn0: driver does not support altq
Gitsynced, deleted all entries rebooted twice and it works.
Thanks. Greg M
11:14 AM Bug #9647: hn0: driver does not support altq
Sorry for the breakage, should be fixed now.
I couldn't reproduce the order issue, please let me know if this is s... Luiz Souza
11:25 AM Bug #10687 (Resolved): IPsec / CESA memory issue
Fix merged to 11 based branches.
As mentioned, this is not necessary for 2.5.
Marking as resolved. Luiz Souza
09:27 AM pfSense Packages Feature #10769: Prevent users from creating new ACMEv1 keys
https://github.com/pfsense/FreeBSD-ports/pull/908 Viktor Gurov
08:57 AM Bug #10772 (Not a Bug): Firewall Rules Lan to Floating Rules
"/firewall_rules.php?if=lan"
Hello, long time ago.
I create a rule in the Lan part admitting for example the port... David Verhaeghe
08:06 AM Feature #5461 (Resolved): Add RFC2307bis (LDAP) group membership support to user authentication
Resolved in #9527 Viktor Gurov
08:05 AM Feature #9527 (Resolved): Add ability for LDAP extended query on groups in RFC2307 containers.
works as expected on 2.5.0.a.20200716.1250
tested with FreeIPA server 4.8.4
Search example:... Viktor Gurov
07:32 AM Bug #9577: radvd send_ra_forall failed on interface / can't join ipv6-allrouters
Luiz Souza wrote:
> Fixed in FreeBSD, the port workaround is unnecessary now.
>
> Thanks for all the details Rona... Ronald Schellberg
07:00 AM pfSense Packages Bug #10768 (Rejected): Squidguard overwrites Advanced Config from Squid Proxy in HA Configurations
+ squidGuard doesn't remove Custom Options (Before Auth), Custom Options (After Auth) and Custom Options (SSL/MITM) Viktor Gurov
06:16 AM pfSense Packages Bug #10771 (Resolved): arpwatch: option to not send hourly email notification on cron run
dirty workaround by editing /usr/local/arpwatch/sendmail_proxy.php
< if (false !== $message) {
> if ((false !==... IT IGP
06:10 AM pfSense Packages Bug #10770 (Resolved): arpwatch: cannot remove email once it has been entered into settings
there is currently no way to disable email notifications once you have enabled them by entering a email adress. you s... IT IGP

07/16/2020

10:40 PM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries
Luiz Souza wrote:
> Please test the new version (filterdns-2.0_4) and let me know if the problem persists.
This... Gavin Stewart
02:04 PM Revision fb5cd351: Merge pull request #4401 from vktg/binat6rdfix
Renato Botelho
11:33 AM pfSense Packages Bug #10768: Squidguard overwrites Advanced Config from Squid Proxy in HA Configurations
> If you are using a PFsense HA configuration with a virtual HA_IP, you have to add these HA virtual IP to the advanc... Viktor Gurov
10:47 AM pfSense Packages Bug #10768 (Rejected): Squidguard overwrites Advanced Config from Squid Proxy in HA Configurations
If you are using a PFsense HA configuration with a virtual HA_IP, you have to add these HA virtual IP to the advanced... Andreas Tillwicks
11:29 AM pfSense Packages Feature #10769 (Resolved): Prevent users from creating new ACMEv1 keys
It's better to prevent users from creating new ACMEv1 keys in order to avoid errors, such as:... Viktor Gurov
09:08 AM Feature #9527: Add ability for LDAP extended query on groups in RFC2307 containers.
See also #5461 Viktor Gurov
09:07 AM pfSense Packages Bug #10763 (Feedback): Incorrect link to frr_bgp.xml
PR has been merged. Thanks! Renato Botelho
09:07 AM pfSense Packages Feature #9913 (Feedback): Adding note Squid Traffic Managment Settings about feature limit
PR has been merged. Thanks! Renato Botelho
09:05 AM Feature #5461: Add RFC2307bis (LDAP) group membership support to user authentication
See https://redmine.pfsense.org/issues/9527#note-8 Viktor Gurov
09:04 AM Bug #10757 (Feedback): IPv6: NPt rules on 6rd enabled WAN interfaces don't get bound to wan_stf
PR has been merged. Thanks! Renato Botelho
07:24 AM Feature #4035 (Resolved): AutoConfigBackup - selective deletion of automatic and manual backups
Anonymous
07:15 AM Bug #9917 (Closed): Widget Refresh Logic Flawed
Anonymous
07:14 AM Bug #10733 (Resolved): return_gateways_array() is called too many times
Anonymous
02:39 AM pfSense Packages Bug #10692: PIMD starts twice at boot
I did retest today e.g. using a clean install. Still bizar how many times pimd is started and stopped during boot. On... Louis B
12:39 AM Bug #9647: hn0: driver does not support altq
After 2 reboots file looks like this:... Greg M
12:06 AM pfSense Packages Bug #10767 (Rejected): squidGuard still not upgrading
stop Squid service first,
then ... Viktor Gurov

07/15/2020

10:50 PM pfSense Packages Bug #10767 (Rejected): squidGuard still not upgrading
Just upgraded squid to 0.4.44_29, it did not confirm a successful upgrade as I am used to but after a reboot it showe... Marcel Beerli
05:40 PM Revision 6b9f638a: Fix syntax error.
Jim Pingle
01:43 PM Revision 2360abcc: Fix #9647.
Instead of forcing the defaults in the OS driver (introducing yet another
change), set the default to enable ALTQ sup... Luiz Souza
12:49 PM Revision a039347b: Merge pull request #4402 from vktg/bnxtaltq
Ticket: #10762
* 'bnxtaltq' of https://github.com/vktg/pfsense:
add Broadcom NetXtreme to ALTQ-capable list. Implem... Luiz Souza
12:42 PM Bug #9647: hn0: driver does not support altq
And some more info...
This does NOT work:
kern.cam.boot_delay=10000
kern.ipc.nmbclusters="1000000"
kern.ipc.n... Greg M
12:31 PM Bug #9647: hn0: driver does not support altq
It works.
But did few reboots and there are MANY same settings added to loader.conf
Additional syntax error occur... Greg M
09:00 AM Bug #9647 (Feedback): hn0: driver does not support altq
Applied in changeset commit:2360abcc392bcca1fb7c0a9126a37d77a0e8f03d. Luiz Souza
12:41 PM Bug #10766 (Resolved): Syntax error
Fixed in commit:6b9f638a7a9d1cb3bcdc8b9ae7e79d00949c6ab4 Jim Pingle
12:25 PM Bug #10766 (Resolved): Syntax error
https://forum.netgate.com/topic/155303/latest-snap-broken
 Greg M
11:04 AM Bug #10765 (New): Ampersands in ldap_extended_query are escaped twice
Hello,
I recently ran into an issue with an LDAP server whose Query field contained an ampersand.
The field is se... Louis Sautier
07:53 AM Feature #10762 (Feedback): add Broadcom NetXtreme to ALTQ-capable list
Committed. Thanks Viktor. Luiz Souza
07:40 AM Feature #10762 (Pull Request Review): add Broadcom NetXtreme to ALTQ-capable list
Jim Pingle
01:02 AM Feature #10762: add Broadcom NetXtreme to ALTQ-capable list
https://github.com/pfsense/pfsense/pull/4402 Viktor Gurov
12:38 AM Feature #10762 (Resolved): add Broadcom NetXtreme to ALTQ-capable list
After adding bnxt(4) driver to pfSense (see #9155),
it must be added to the ALTQ-capable list Viktor Gurov
07:48 AM pfSense Packages Feature #9913 (Pull Request Review): Adding note Squid Traffic Managment Settings about feature limit
Jim Pingle
07:19 AM pfSense Packages Feature #9913: Adding note Squid Traffic Managment Settings about feature limit
https://github.com/pfsense/FreeBSD-ports/pull/906 Viktor Gurov
07:41 AM pfSense Packages Bug #10763 (Pull Request Review): Incorrect link to frr_bgp.xml
Jim Pingle
02:24 AM pfSense Packages Bug #10763: Incorrect link to frr_bgp.xml
https://github.com/pfsense/FreeBSD-ports/pull/904 Viktor Gurov
02:22 AM pfSense Packages Bug #10763 (Resolved): Incorrect link to frr_bgp.xml
If you are trying to access the menu item Services / FRR BGP, for example, from Services / Snort / Interfaces,
you'l... Viktor Gurov
07:29 AM pfSense Packages Bug #10764 (Not a Bug): FRR 0.6.7_1 does not work
That message is not a bug, it's output from the FreeBSD package installation and can be ignored. If you have a proble... Jim Pingle
07:24 AM pfSense Packages Bug #10764 (Not a Bug): FRR 0.6.7_1 does not work
After update to FRR 0.6.7_1 ospf stop working
Message from frr7-7.3.1:
--
FRR's OSPF daemons tries to allocate... Ilian Cheneshev
06:37 AM pfSense Packages Bug #10445: BIND crashed when added RPZ. rpz is not a master or slave zone.
Typo fix:
https://github.com/pfsense/FreeBSD-ports/pull/905 Viktor Gurov
06:20 AM pfSense Packages Feature #10619: Various FRR enhancements
Ben Hughes wrote:
> Yes I had a look back at the FRR commit history and found only that as well.
>
> It will fai... Renato Botelho
06:01 AM Revision a92ec4b1: add Broadcom NetXtreme to ALTQ-capable list. Implements #10762
Viktor Gurov
12:34 AM Feature #9155: Add driver bnxt for Broadcom NetXtreme interfaces
tested on 2.5.0.a.20200709.1250:... Viktor Gurov

07/14/2020

02:04 PM pfSense Packages Feature #10619: Various FRR enhancements
Yes I had a look back at the FRR commit history and found only that as well.
It will fail to start complaining ab... Ben Hughes
01:12 PM pfSense Packages Feature #10619: Various FRR enhancements
Ben Hughes wrote:
> Argh i've had a bit of a freudian slip there, I meant @libunwind@.
What is the error you see ... Renato Botelho
11:48 AM pfSense Packages Feature #10619: Various FRR enhancements
Argh i've had a bit of a freudian slip there, I meant @libunwind@. Ben Hughes
11:47 AM pfSense Packages Feature #10619: Various FRR enhancements
Ben Hughes wrote:
> No problem, glad to get it in there!
>
> I've just been re-reviewing this looking forward to ... Renato Botelho
09:42 AM pfSense Packages Feature #10619: Various FRR enhancements
No problem, glad to get it in there!
I've just been re-reviewing this looking forward to getting off my custom pac... Ben Hughes
08:09 AM pfSense Packages Feature #10619 (Feedback): Various FRR enhancements
PR has been merged. Thanks! Renato Botelho
01:33 PM pfSense Packages Bug #10692: PIMD starts twice at boot
I just did a clean install (built on Tue Jul 14 09:23:16 EDT 2020) and PIMD 0.03 Significant issues left, but the boo... Louis B
01:26 PM Revision c271375e: 6RD/6to4 NAT rules fix. Issue #10757
Viktor Gurov
12:18 PM Revision 94be51d7: Merge pull request #4399 from vktg/dyndnsbackup
Renato Botelho
12:18 PM Revision b79526df: Merge pull request #4398 from vktg/limiterbackup
Renato Botelho
12:18 PM Revision d5cd602e: Merge pull request #4397 from vktg/cpvoucherrestore
Renato Botelho
11:37 AM Bug #9647: hn0: driver does not support altq
So I did some more digging...
Added /boot/loader.conf.local with contents:... Greg M
11:24 AM pfSense Packages Bug #10741 (Closed): Fails with CARP VIP Status - SQUID
Viktor Gurov
11:12 AM pfSense Packages Bug #10741: Fails with CARP VIP Status - SQUID
Thiago Orico wrote:
> adjusted the setting and it looks like it worked.
>
> We will monitor new tests.
Case so... Thiago Orico
09:27 AM Bug #10757 (Pull Request Review): IPv6: NPt rules on 6rd enabled WAN interfaces don't get bound to wan_stf
Jim Pingle
08:30 AM Bug #10757: IPv6: NPt rules on 6rd enabled WAN interfaces don't get bound to wan_stf
Fix:
https://github.com/pfsense/pfsense/pull/4401 Viktor Gurov
07:26 AM Bug #10757 (New): IPv6: NPt rules on 6rd enabled WAN interfaces don't get bound to wan_stf
pfctl creates binat rule only for the first binat rule interface, i.e.:... Viktor Gurov
07:31 AM Feature #3559: add option for backup ddns ( dynamic dns ) in restore area
thanks Luis Couto
07:19 AM Feature #3559 (Feedback): add option for backup ddns ( dynamic dns ) in restore area
PR has been merged. Thanks! Renato Botelho
07:19 AM Feature #4763 (Feedback): Restore from backup that contains only area Traffic Shaper doesn't restore Limiters
PR has been merged. Thanks! Renato Botelho
07:18 AM Bug #3128 (Feedback): Active voucher status not restored from backup
PR has been merged. Thanks! Renato Botelho
07:15 AM pfSense Packages Bug #10507 (Feedback): Unable to use forwarders
PR has been merged. Thanks! Renato Botelho
06:24 AM pfSense Packages Bug #10697 (Resolved): Missing New Line After NCP Parameter in Client Config
1.4.23_1, fixed:... Viktor Gurov
05:04 AM Bug #10730 (Resolved): Unable to use IDN symbols in DNS Resolver ACL
OK on 2.5.0.a.20200709.1250 Viktor Gurov
05:03 AM Bug #10742 (Resolved): unable to save DNS ACL in non-English interface
tested with Russian and French
works as expected on 2.5.0.a.20200709.1250 Viktor Gurov
04:59 AM Bug #9933 (Resolved): Captive Portal + Voucher not keeping auto-added "Pass-through MAC Auto Entry"
works as expected on 2.5.0.a.20200709.1250 Viktor Gurov
04:25 AM Bug #10724 (Resolved): Allowed Hostnames adds/deletes only one A entry
works as expected on 2.5.0.a.20200709.1250 Viktor Gurov

07/13/2020

08:35 PM pfSense Packages Feature #10421 (Resolved): suricata unix_stream support for telegraf
Jim Pingle
07:41 PM pfSense Packages Feature #10421: suricata unix_stream support for telegraf
Support for the requested feature has been added to the latest version of the Suricata GUI package, version 5.0.3. Th... Bill Meeks
08:35 PM pfSense Packages Bug #10751 (Resolved): Incorrect syslog() params on Suricata 5 pkg
Jim Pingle
07:39 PM pfSense Packages Bug #10751: Incorrect syslog() params on Suricata 5 pkg
This bug has been corrected in the latest version of the Suricata GUI package, version 5.0.3. The pull request has be... Bill Meeks
03:07 PM Revision c5c8893b: Add build_mask_rules for scheduler
before:
sched 7 config pipe 7 type fq_codel target 5ms interval 100ms quantum 300 limit 20480 flows 65535 noecn
afte... bonald
02:38 PM Revision 071c4ee8: Merge pull request #4395 from vktg/binatsrcfix
Renato Botelho
02:17 PM Bug #9577: radvd send_ra_forall failed on interface / can't join ipv6-allrouters
"One additional change FreeBSD-src that would make the #2878 Leave_group call unnecessary would be to eliminate the e... Ronald Schellberg
08:38 AM Bug #9577: radvd send_ra_forall failed on interface / can't join ipv6-allrouters
Don't know that anyone has noticed but the build system has stopped posting snaps since 7/9 00:50, which makes it mor... Ronald Schellberg
02:12 PM Feature #3559 (Pull Request Review): add option for backup ddns ( dynamic dns ) in restore area
Jim Pingle
02:11 PM Feature #4763 (Pull Request Review): Restore from backup that contains only area Traffic Shaper doesn't restore Limiters
Jim Pingle
02:10 PM Bug #3128 (Pull Request Review): Active voucher status not restored from backup
Jim Pingle
01:53 PM pfSense Packages Bug #10741: Fails with CARP VIP Status - SQUID
adjusted the setting and it looks like it worked.
We will monitor new tests. Thiago Orico
01:14 PM pfSense Packages Bug #10741: Fails with CARP VIP Status - SQUID
Symptoms persist.
Details:
inside the squid packet, the advanced rule of port 3128 of the proxy does not automa... Thiago Orico
10:31 AM Bug #10708: ZFS bootpool boot symlink issue
Reading this symlink issue I do remember that in the past days I did notice messages, indication that some files coul... Louis B
09:39 AM Bug #10752 (Feedback): 1:1 NAT issue if Internal IP has VIPs
PR has been merged. Thanks! Renato Botelho
08:29 AM Feature #10748 (Pull Request Review): Add support for limiting IPsec VPN access per user group via RADIUS
Jim Pingle
08:29 AM Bug #10758: Group Authentication is never used
If I remember right, it was used with the old Racoon IPsec implementation and may have been left out when we moved to... Jim Pingle
08:04 AM Bug #10755 (Rejected): NAT rules not updating.
I can't reproduce this. If the user had selected "<interface name> address" e.g. "WAN Address" in the rules, the conf... Jim Pingle
06:19 AM Bug #9796: kernel panic after removing interfaces
Hello,
I have crashes when switching interfaces off and on again. Especially when pimd is installed. That might be... Louis B
02:14 AM Feature #6544: RFC 3046 DHCP Option 82 support (and RFC 3315/4649/4580 for IPv6)
comment from https://forum.netgate.com/topic/64792/usd-50-dhcp-option-82-on-status_dhcp_leases-php-page/12:
Please s... Viktor Gurov

07/12/2020

02:07 PM pfSense Packages Feature #10761: Multiple domains in one SAN entry would be very useful
Thanks Jim, I used the wrong terminology re domains/SANs.
The intention is still valid - would be good to have a s... Eduard Rozenberg
12:57 PM pfSense Packages Feature #10761 (Rejected): Multiple domains in one SAN entry would be very useful
That's not how Let's Encrypt/ACME works. Let's Encrypt must verify all entries separately. There is no way to put all... Jim Pingle
12:48 PM pfSense Packages Feature #10761: Multiple domains in one SAN entry would be very useful
For now I just gave up and used a wildcard, let the hackers have at it. Eduard Rozenberg
12:46 PM pfSense Packages Feature #10761: Multiple domains in one SAN entry would be very useful
I was referring to multiple domains inside a *single* SAN - otherwise the same DNS keys, API tokens, etc are copied m... Eduard Rozenberg
12:40 PM pfSense Packages Feature #10761: Multiple domains in one SAN entry would be very useful
Hello -
Please post to the forum for assistance. There is an ACME-specific category at https://forum.netgate.com/c... Chris Linstruth
12:22 PM pfSense Packages Feature #10761 (Rejected): Multiple domains in one SAN entry would be very useful
In the Domain SAN list, I'm not currently able to add multiple domains in the 'Domainname' box, for ex. cannot use:
... Eduard Rozenberg

07/11/2020

10:46 PM Bug #9796: kernel panic after removing interfaces
There's been some activity around miniupnpd over on #7727. There's a new version built in now, wonder if this could h... → luckman212
04:54 PM Revision fb3b20c3: Backup/Restore DynDNS. Implements #3559
Viktor Gurov
04:53 PM pfSense Packages Bug #10760: pfSense BIND 9.14.12 server terminates due to assertion failure
Secondary question, is there is method to configure pfSense to auto-restart named on failure? Jeffrey Altman
04:34 PM pfSense Packages Bug #10760: pfSense BIND 9.14.12 server terminates due to assertion failure
The assertion failure is in ns_client_error() which means that its impossible to file a reasonable report upstream wi... Jeffrey Altman
04:02 PM pfSense Packages Bug #10760 (New): pfSense BIND 9.14.12 server terminates due to assertion failure
BIND is periodically terminating and not automatically restarted. The system log shows:
Jul 6 13:13:21 named 6... Jeffrey Altman
04:49 PM Revision b9d689e7: Backup/restore Limiters. Implements #4763
Viktor Gurov
03:43 PM Feature #855: Ability to selectively kill states on gateway recovery
+1 - this is a badly needed feature with multi WAN where one connection is truly a "backup only" connection. High co... Marc H
03:38 PM Revision f21d4f79: Active voucher restore from backup. Implements #3128
Viktor Gurov
12:51 PM pfSense Packages Feature #6831: Snort does not support aliases containing FQDN
It can be a one-time name resolution, like HAproxy ACL (network/url/urltable aliases),
see #9793 for example Viktor Gurov
12:33 PM pfSense Packages Bug #10647 (Resolved): FRR BGP Advanced > Aggregated Addresses ignores ipv6 subnets
works as expected:... Viktor Gurov
12:24 PM pfSense Packages Feature #10618 (Resolved): Set sysDescr the same as bsnmpd unless overriden with net-snmp
works as expected:... Viktor Gurov
11:54 AM Feature #3559: add option for backup ddns ( dynamic dns ) in restore area
https://github.com/pfsense/pfsense/pull/4399 Viktor Gurov
11:51 AM Feature #4763: Restore from backup that contains only area Traffic Shaper doesn't restore Limiters
Backup/restore Limiters:
https://github.com/pfsense/pfsense/pull/4398 Viktor Gurov
10:50 AM Bug #3128: Active voucher status not restored from backup
https://github.com/pfsense/pfsense/pull/4397 Viktor Gurov
10:09 AM Bug #10759: HSFC traffic shaper error
Sorry didn`t see it.
Gitsynced and it`s working just fine.
But still cant use it because of https://redmine.pfs... Greg M
07:06 AM Bug #10759 (Rejected): HSFC traffic shaper error
Fixed in https://redmine.pfsense.org/issues/1353#note-9
Please wait for the next snapshot Viktor Gurov
06:45 AM Bug #10759 (Rejected): HSFC traffic shaper error
Hi!
Version:
2.5.0-DEVELOPMENT (amd64)
built on Thu Jul 09 01:01:26 EDT 2020
FreeBSD 12.1-STABLE
Create new ... Greg M
10:08 AM Bug #9647: hn0: driver does not support altq
Hi!
Is there anything else to try? Greg M
07:46 AM pfSense Packages Bug #10749: squid + captive portal authentication not working
I have same problem (WPAD + explicit Squid with Captive Portal authentication) since I update pfSense to 2.4.5 and sq... Christophe PLUMEL
06:06 AM Feature #10545: RADIUS authenticated users should be able to log in via ssh
see also #935 Viktor Gurov
05:24 AM Feature #10748: Add support for limiting IPsec VPN access per user group via RADIUS
Relates to #935, which was apparently already requested 10 years ago, and implemented 5 years ago, but then got lost ... Yury Zaytsev
05:05 AM Feature #10748: Add support for limiting IPsec VPN access per user group via RADIUS
https://github.com/pfsense/pfsense/pull/4396 Viktor Gurov
04:08 AM Feature #10756 (Closed): Captive Portal Active Vouchers Restore
dup of #3128 Viktor Gurov
02:32 AM Feature #10756 (Closed): Captive Portal Active Vouchers Restore
https://forum.netgate.com/topic/152863/captive-portal-active-card-restore-100/
i want to restore active cards to be ... Viktor Gurov
03:48 AM Bug #10758 (Closed): Group Authentication is never used
IPsec / Mobile Clients -> 'Group Authentication' is never used on the 2.4.5-p1 or 2.5 pfSense:... Viktor Gurov
03:18 AM Bug #10757 (Rejected): IPv6: NPt rules on 6rd enabled WAN interfaces don't get bound to wan_stf
Fixed in #7142 Viktor Gurov
02:53 AM Bug #10757 (Resolved): IPv6: NPt rules on 6rd enabled WAN interfaces don't get bound to wan_stf
I believe there is a bug in the handling of NPt rules when they need to be applied to 6rd enabled interfaces (which a... Adam Risoldi

07/10/2020

07:40 PM Bug #10755 (Rejected): NAT rules not updating.
if I restore the configuration from old file , translation address (Outbound NAT rules) will be the wan address of ol... Alhusein Zawi
07:26 PM Bug #10754 (Rejected): NAT rules not updating.
Will be re-done. Chris Linstruth
07:05 PM Bug #10754 (Rejected): NAT rules not updating.
if I restore the configuration from old file , translation address (Outbound NAT rules) will be the wan address of ol... Alhusein Zawi
06:40 PM Revision 3a0b772f: Merge pull request #4394 from vktg/get_interface_subnet_fix
Renato Botelho
06:39 PM Revision a32a5230: Merge pull request #4393 from vktg/cpidn
Renato Botelho
06:39 PM Revision 43d47ed6: Merge pull request #4392 from Rooke/google-stadia-wiz
Renato Botelho
06:38 PM Revision 79e8fe7e: Merge pull request #4391 from vktg/dhcp6leasesprefixpage
Renato Botelho
06:38 PM Revision 0f0c406a: Merge pull request #4384 from vktg/hwchksumrebootnotify
Renato Botelho
06:37 PM Revision 75cd7b7d: Merge pull request #4389 from vktg/unboundidnacl
Renato Botelho
06:37 PM Revision 388f9d64: Merge pull request #4388 from vktg/limmbits
Renato Botelho
06:36 PM Revision 2365982c: Merge pull request #4387 from vktg/priqonlychk
Renato Botelho
06:36 PM Revision a2910d05: Merge pull request #4386 from vktg/captivednsmultiip
Renato Botelho
06:35 PM Revision f390a3f3: Merge pull request #4383 from vktg/gwdownpolfix
Renato Botelho
06:35 PM Revision cfb78e2d: Fix unparenthesized expression deprecation notice
Renato Botelho
06:33 PM Revision 75307f69: Merge pull request #4381 from vktg/voucherconlogopt
Renato Botelho
06:32 PM Revision a71671f4: Merge pull request #4382 from vktg/wizardipv6dns
Renato Botelho
04:47 PM Revision 2922c1d1: 1:1 NAT net fix. Issue #10752
Viktor Gurov
02:46 PM Bug #10740 (Resolved): Console menu shows static subnet for dhcp connections.
Yup that got it!... Steve Wheeler
01:40 PM Bug #10740 (Feedback): Console menu shows static subnet for dhcp connections.
PR has been merged. Thanks! Renato Botelho
07:48 AM Bug #10740 (Pull Request Review): Console menu shows static subnet for dhcp connections.
Jim Pingle
06:56 AM Bug #10740: Console menu shows static subnet for dhcp connections.
Fix:
https://github.com/pfsense/pfsense/pull/4394 Viktor Gurov
02:24 PM Bug #10752 (Pull Request Review): 1:1 NAT issue if Internal IP has VIPs
Jim Pingle
11:54 AM Bug #10752: 1:1 NAT issue if Internal IP has VIPs
https://github.com/pfsense/pfsense/pull/4395 Viktor Gurov
11:30 AM Bug #10752 (Resolved): 1:1 NAT issue if Internal IP has VIPs
If you set 'Internal IP' on the firewall_nat_1to1_edit.php to net (OPT1 net, for example)
and OPT1 interface has any... Viktor Gurov
02:12 PM pfSense Packages Bug #10330 (Feedback): BIND zone configuration displays wrong DS resource record with inline DNSSEC signing enabled
PR has been merged. Thanks! Renato Botelho
02:12 PM pfSense Packages Bug #10445 (Feedback): BIND crashed when added RPZ. rpz is not a master or slave zone.
PR has been merged. Thanks! Renato Botelho
02:12 PM pfSense Packages Bug #10506 (Feedback): Recursion not working on fresh BIND install
PR has been merged. Thanks! Renato Botelho
02:12 PM pfSense Packages Bug #7271 (Feedback): Co-existence of unbound and BIND/named
PR has been merged. Thanks! Renato Botelho
02:04 PM pfSense Packages Bug #10692 (Feedback): PIMD starts twice at boot
PR has been merged. Thanks! Renato Botelho
02:02 PM pfSense Packages Feature #10725 (Feedback): Squid disable multiple login sessions
PR has been merged. Thanks! Renato Botelho
02:01 PM pfSense Packages Bug #10737 (Feedback): FRR attempts to cycle IPsec VTI interfaces even when disabled/not running
PR has been merged. Thanks! Renato Botelho
02:00 PM pfSense Packages Bug #10656 (Feedback): Acme letsencrypt doesn't change private key type
PR has been merged. Thanks! Renato Botelho
01:39 PM Feature #10747 (Feedback): Captive Portal IDN hostname support
PR has been merged. Thanks! Renato Botelho
07:46 AM Feature #10747 (Pull Request Review): Captive Portal IDN hostname support
Jim Pingle
03:17 AM Feature #10747: Captive Portal IDN hostname support
https://github.com/pfsense/pfsense/pull/4393 Viktor Gurov
01:12 AM Feature #10747 (Resolved): Captive Portal IDN hostname support
Currently it's not possible to add IDN hostnames on the 'Allowed Hostnames' tab Viktor Gurov
01:39 PM Feature #10743 (Feedback): Traffic shaper wizard: Add Google Stadia port range
PR has been merged. Thanks! Renato Botelho
01:38 PM Bug #7443 (Feedback): Issues Creating IPv6 Static Mappings
PR has been merged. Thanks! Renato Botelho
01:38 PM Feature #3031 (Feedback): Message is false after changing Hardware Checksum Offloading setting
PR has been merged. Thanks! Renato Botelho
01:37 PM Bug #10730 (Feedback): Unable to use IDN symbols in DNS Resolver ACL
PR has been merged. Thanks! Renato Botelho
01:37 PM Feature #10727 (Feedback): Limiter bw type in Mbit/s
PR has been merged. Thanks! Renato Botelho
01:37 PM Bug #1353 (Feedback): Number of queues possible
PR has been merged. Thanks! Renato Botelho
01:36 PM pfSense Packages Feature #10753: Acme DNS-01 for Hurricane Electric needs to be updated for new dynamic update methods
Thanks for the insight. I've opened https://github.com/acmesh-official/acme.sh/issues/3038 which will hopefully lead... Howard Holm
12:55 PM pfSense Packages Feature #10753: Acme DNS-01 for Hurricane Electric needs to be updated for new dynamic update methods
Has the new method been updated in acme.sh upstream? ( https://github.com/acmesh-official/acme.sh ) -- If not, it mus... Jim Pingle
12:48 PM pfSense Packages Feature #10753 (Closed): Acme DNS-01 for Hurricane Electric needs to be updated for new dynamic update methods
Hurricane Electric has added (as of two days ago - see http://dns.he.net) dynamic DNS support for TXT records allow f... Howard Holm
01:36 PM Bug #10724 (Feedback): Allowed Hostnames adds/deletes only one A entry
PR has been merged. Thanks! Renato Botelho
01:35 PM Bug #10716 (Feedback): Policy routing rules are not written correctly for a down gateway
PR has been merged. Thanks! Renato Botelho
01:35 PM Feature #9432 (Feedback): Block additional Captive Portal Logins
PR has been merged. Thanks! Renato Botelho
01:32 PM Bug #10720 (Feedback): Setup Wizard DNS Server validation JavaScript incorrectly claims IPv6 address is invalid
PR has been merged. Thanks! Renato Botelho
01:30 PM Bug #10750: (vlan)interfaces not properly handled in relation multicast (e.g. triggered by pimd)
The correct place for this is the forum, not a bug report. Keep it on the forum. Opening issues without concrete info... Jim Pingle
01:03 PM Bug #10750: (vlan)interfaces not properly handled in relation multicast (e.g. triggered by pimd)
Jim,
This is not the first time you make me angry! You consequently refuse to accept issues which are clearly the... Louis B
12:55 PM Bug #10750 (Rejected): (vlan)interfaces not properly handled in relation multicast (e.g. triggered by pimd)
Please keep these kinds of things on the forum until a more definite issue can be identified here. Far too much specu... Jim Pingle
08:35 AM Bug #10750 (Rejected): (vlan)interfaces not properly handled in relation multicast (e.g. triggered by pimd)
Hello,
As known I try to get pimd running, but up to now that does not work. Interfaces are not treated correctly ... Louis B
11:55 AM Revision e5c60be1: get_interface_subnet() improvement. Fixes #10740
Viktor Gurov
10:11 AM pfSense Packages Bug #10751: Incorrect syslog() params on Suricata 5 pkg
Fix:
https://github.com/pfsense/FreeBSD-ports/pull/899 Viktor Gurov
09:58 AM pfSense Packages Bug #10751 (Resolved): Incorrect syslog() params on Suricata 5 pkg
If you don't select any rules for the interface and click the "Save" button:... Viktor Gurov
09:08 AM Bug #8013: IPsec MSS clamping value shared for IPv4 and IPv6
See also #10493 Viktor Gurov
08:15 AM Revision 5e3ed2be: Captive Portal IDN hostname support. Implements #10747
Viktor Gurov
07:45 AM pfSense Packages Feature #10746 (Rejected): FRR OSPF network
What you describe is already possible in the current FRR GUI.
This site is not for support or diagnostic discussio... Jim Pingle
06:35 AM pfSense Packages Bug #10749 (Resolved): squid + captive portal authentication not working
https://forum.netgate.com/topic/155148/squid-captive-portal-authentication:
Since the last update (2.4.5-RELEASE-p1)... Viktor Gurov
06:13 AM Feature #10748 (Resolved): Add support for limiting IPsec VPN access per user group via RADIUS
Hello,
We've set up an IPsec VPN for road warriors with RADIUS auth, but, unfortunately, it seems that there is cu... Yury Zaytsev
05:53 AM Bug #10713: assigning a virtual IPv6 IP to an interface that has IPv6 PD track interface enabled makes the Virtual IP the primary IP after reboot
@Louis
The "corresponding application" here would be the DHCPv6 relay that forwards to a DHCPv6 server that gives ... Robby Moeyaert
02:30 AM Bug #10713: assigning a virtual IPv6 IP to an interface that has IPv6 PD track interface enabled makes the Virtual IP the primary IP after reboot
I do not understand this remark. Muliple address are only relevant (I think) if there are related to corresponding ap... Louis B
01:14 AM Bug #3128 (New): Active voucher status not restored from backup
still an issue,
as a workaround '/var/db/voucher_*.db' files can be backed up,
See https://forum.netgate.com/topic/... Viktor Gurov

07/09/2020

11:54 PM pfSense Packages Feature #10746 (Rejected): FRR OSPF network
Add feature to specify which network should be adverting to OSPF .
if I choose Route Redistribution (such as Conne... Alhusein Zawi
04:04 PM Bug #10745 (Resolved): crashes/panics in pfsense 2.4.x FreeBSD 11.x with enabled IPSec and ipv4 forwarding
please this forum thread:
https://forum.netgate.com/topic/151329/pfsense-active-carp-member-crashed-aesni_process-c... Igor G
01:18 PM Revision 05a15216: Add Google Stadia ports to traffic shaper wizard
- According to https://support.google.com/stadia/answer/9595943?hl=en-CA Google Stadia uses "traffic on ports in the ... Mike Rooke
01:13 PM Revision 417c2438: Match case of button text put through gettext in unbound ACL save. Fixes #10742
(cherry picked from commit 7da6d332599d01b058740d9c8f48642a63c04e6d) Jim Pingle
01:12 PM Revision 7da6d332: Match case of button text put through gettext in unbound ACL save. Fixes #10742
Jim Pingle
01:08 PM Revision aa97d3a0: DHCPv6 Leases prefix display fix. Issue #7443
Viktor Gurov
10:49 AM pfSense Packages Bug #10741: Fails with CARP VIP Status - SQUID
Viktor Gurov wrote:
> squid pkg 0.4.44_28 on 2.4.5-p1 (clean install) - no such issue, HA works as expected
> it se... Thiago Orico
05:09 AM pfSense Packages Bug #10741: Fails with CARP VIP Status - SQUID
squid pkg 0.4.44_28 on 2.4.5-p1 (clean install) - no such issue, HA works as expected
it seems something incorrect i... Viktor Gurov
10:15 AM Bug #10744: Unable to kill IPv6 client connection
The same with IPv4 client
outdated ajax code?
tested on Chromium 80.0.3987.162 and Firefox 68.10.0esr (Debian 10) Viktor Gurov
09:43 AM Bug #10744 (Closed): Unable to kill IPv6 client connection
Unable to kill client connection on status_openvpn.php page if it's connected via IPv6,
'Kill client connection' but... Viktor Gurov
09:15 AM Bug #10742: unable to save DNS ACL in non-English interface
Applied in changeset commit:7da6d332599d01b058740d9c8f48642a63c04e6d. Jim Pingle
09:02 AM Bug #10742 (Feedback): unable to save DNS ACL in non-English interface
I pushed a fix for this, it will show up once the repos sync in a bit. Jim Pingle
08:12 AM Bug #10742 (In Progress): unable to save DNS ACL in non-English interface
Jim Pingle
02:05 AM Bug #10742 (Resolved): unable to save DNS ACL in non-English interface
https://forum.netgate.com/topic/153501/resolved-but-there-is-a-bug-in-the-french-interface-dns-resolver-and-access-li... Viktor Gurov
08:39 AM Feature #10743 (Pull Request Review): Traffic shaper wizard: Add Google Stadia port range
PR: https://github.com/pfsense/pfsense/pull/4392 Jim Pingle
08:17 AM Feature #10743 (Resolved): Traffic shaper wizard: Add Google Stadia port range
This feature adds support in the traffic shaping wizard for the port range used by Google Stadia. According to https:... Mike Rooke
08:16 AM Bug #7443 (Pull Request Review): Issues Creating IPv6 Static Mappings
Jim Pingle
08:14 AM Bug #7443: Issues Creating IPv6 Static Mappings
Daryl Morse wrote:
> There are a few issues creating IPv6 static mappings.
> ..
>
> However, Status / DHCPv6 Lea... Viktor Gurov
08:12 AM Bug #9577 (Feedback): radvd send_ra_forall failed on interface / can't join ipv6-allrouters
Fixed in FreeBSD, the port workaround is unnecessary now.
Thanks for all the details Ronald. Luiz Souza
07:59 AM pfSense Packages Bug #10737 (Pull Request Review): FRR attempts to cycle IPsec VTI interfaces even when disabled/not running
Jim Pingle
01:29 AM pfSense Packages Bug #10737: FRR attempts to cycle IPsec VTI interfaces even when disabled/not running
Fix:
https://github.com/pfsense/FreeBSD-ports/pull/897 Viktor Gurov
07:55 AM pfSense Packages Todo #10419 (Closed): Update haproxy ports
Jim Pingle
03:07 AM pfSense Packages Todo #10419: Update haproxy ports
All works fine on 2.0.14 DRago_Angel [InV@DER]
07:30 AM Revision 5d882f71: Reboot message after changing Hardware Checksum Offloading setting. Implements #3031
Viktor Gurov
03:55 AM Bug #10726: Sticky-connections option is bugged - sticky-address cannot be redefined
https://github.com/pfsense/FreeBSD-src/blob/devel-12/sbin/pfctl/parse.y#L4133-L4137:... Viktor Gurov
02:50 AM Feature #10723: Disable "Hardware Checksum Offloading" if VM is detected
Jim Pingle wrote:
> See my note on the PR, but that seems far too broad/general. It should only be disabled on the s... Viktor Gurov

07/08/2020

10:12 PM pfSense Packages Bug #10741 (Closed): Fails with CARP VIP Status - SQUID
Tests with CARP protocol, using CARP VIP option Squid status activated, the CARP IP type does not assume in the secon... Thiago Orico
08:24 AM Bug #10740 (Resolved): Console menu shows static subnet for dhcp connections.
The interfaces list shown in the console will show a subnet value from the config file if it is present for a DHCP co... Steve Wheeler
05:04 AM pfSense Packages Feature #10739 (Feedback): Update HAproxy-devel package to 2.2 and HAproxy to 2.0
Announced new stable version of HAproxy 2.2: https://www.haproxy.com/blog/announcing-haproxy-2-2/
There is bunch of ... DRago_Angel [InV@DER]
12:36 AM Bug #6370: IPSEC bound to WAN gateway group and Dynamic DNS doesn't to fail back tunnel to WAN on DDNS update
This is a real problem when backup WAN is a high cost or low capacity link such as LTE/3G mobile. The objective is t... Marc H

07/07/2020

11:51 PM pfSense Packages Bug #10738 (Duplicate): ipsec apply issue
Duplicate of #10737 (and #10736) Jim Pingle
08:28 PM pfSense Packages Bug #10738 (Duplicate): ipsec apply issue
Note: I suspect this is related to the fix for bug #10351 or related to the bug itself however it is marked resolved.... Andrew Johnson
06:43 PM Feature #9536: Support dynamic prefix in DHCPv6 Server
This would be a very useful feature.
The prefix delegations handed out by the DHCPv6 Server are currently static o... Steve Wheeler
02:44 PM Bug #10736: Phase 2 VTI mode, causes GUI to time out.
This is actually an FRR bug, not a VTI bug. Moved to #10737 Jim Pingle
02:14 PM Bug #10736 (Not a Bug): Phase 2 VTI mode, causes GUI to time out.
I can't reproduce this as stated on 2.4.5-p1 amd64. I can create a VTI P2 and then make other actions in the GUI on t... Jim Pingle
09:34 AM Bug #10736 (Not a Bug): Phase 2 VTI mode, causes GUI to time out.
After creating a phase 2 in VTI mode, all other changes related to the IPsec setup causes GUI to timeout.
Changes ... Danilo Zrenjanin
02:43 PM pfSense Packages Bug #10737 (Resolved): FRR attempts to cycle IPsec VTI interfaces even when disabled/not running
If FRR is installed but disabled or otherwise not running, @frr_ipsec_reload()@ will still attempt to send an FRR con... Jim Pingle
01:21 PM Bug #10730 (Pull Request Review): Unable to use IDN symbols in DNS Resolver ACL
Jim Pingle
01:20 PM pfSense Packages Bug #7271 (Pull Request Review): Co-existence of unbound and BIND/named
Jim Pingle
01:12 PM pfSense Packages Bug #10507 (Pull Request Review): Unable to use forwarders
Jim Pingle
01:07 PM pfSense Packages Bug #10506 (Pull Request Review): Recursion not working on fresh BIND install
Jim Pingle
12:57 PM pfSense Packages Bug #10445 (Pull Request Review): BIND crashed when added RPZ. rpz is not a master or slave zone.
Jim Pingle
12:56 PM pfSense Packages Bug #10330 (Pull Request Review): BIND zone configuration displays wrong DS resource record with inline DNSSEC signing enabled
Jim Pingle
12:50 PM Bug #10542: Exclamation marks in the description field of a floating rule result in a filter reload error.
That makes sense, many parsers treat @\@ at the end of a line as an instruction to join it with the following line.
... Jim Pingle
12:46 PM Feature #10727 (Pull Request Review): Limiter bw type in Mbit/s
Jim Pingle
12:45 PM Bug #1353 (Pull Request Review): Number of queues possible
Jim Pingle
12:43 PM pfSense Packages Feature #10725 (Pull Request Review): Squid disable multiple login sessions
Jim Pingle
12:29 PM pfSense Packages Bug #10692 (Pull Request Review): PIMD starts twice at boot
Jim Pingle
12:19 PM Bug #10724 (Pull Request Review): Allowed Hostnames adds/deletes only one A entry
Jim Pingle
12:16 PM Feature #10723 (Pull Request Review): Disable "Hardware Checksum Offloading" if VM is detected
See my note on the PR, but that seems far too broad/general. It should only be disabled on the specific platforms whe... Jim Pingle
12:13 PM Feature #3031 (Pull Request Review): Message is false after changing Hardware Checksum Offloading setting
Jim Pingle
12:09 PM Bug #10716 (Pull Request Review): Policy routing rules are not written correctly for a down gateway
Jim Pingle
10:01 AM Bug #10720 (Pull Request Review): Setup Wizard DNS Server validation JavaScript incorrectly claims IPv6 address is invalid
Jim Pingle
08:51 AM Bug #10734 (Rejected): PFsense don't use wrong proposals
It must be in your settings but there is not nearly enough information to say for sure.
This site is not for suppo... Jim Pingle
07:57 AM Bug #10735 (Not a Bug): Track Interface for 2nd LAN IPv6 Fails
There is no bug. Your WAN interface delegation size setting is wrong.
This site is not for support or diagnostic d... Jim Pingle
04:21 AM Bug #10735 (Not a Bug): Track Interface for 2nd LAN IPv6 Fails
Virtualbox running PfSense 2.5.0 latest
Setup IPv6 on LAN1 to TrackInterface - only option allowed is 0 for IPv6 pre... Rick McGonegal

07/06/2020

10:39 PM Bug #10734 (Rejected): PFsense don't use wrong proposals
Hello.
I use pfsense + miktorik
Configured IPSec (v1):
phase 1 int L2TP 10.100.0.132 main 3DES SHA1 2 (10... DeeZ A
07:55 PM Revision 1cf01478: Revise default gateway handling for speed
Steve Beaver
03:43 PM Feature #10728: Request - widen the columns in VPN > IPSEC > Status > Overview
See #9979 Jim Pingle
03:41 PM Feature #10728 (Closed): Request - widen the columns in VPN > IPSEC > Status > Overview
That page has already been redesigned on 2.5.0 with less columns and this is most likely no longer an issue there.
... Jim Pingle
03:25 PM Bug #10722 (Duplicate): Update jQuery to 3.5.1
Already done: #10676 Jim Pingle
02:44 PM Revision a2ec7b0a: Move gateway interface friendly name functionality to gwlb.inc
Steve Beaver
02:39 PM Bug #8502: main (top) menu items do not drop down in some cases
FYI- This no longer affects the IPsec Profile Wizard package as of v 1.0, since it has been changed to use a traditio... Jim Pingle
02:39 PM pfSense Packages Bug #10003: Visiting VPN > Apple IPsec Profile renders the navigation dropdown buttons useless
FYI- This is now moot on IPsec Profile Wizard pkg v 1.0, since it has been changed to use a traditional GUI page and ... Jim Pingle
01:33 PM Bug #10733 (Resolved): return_gateways_array() is called too many times
This is a large and expensive function which really only needs to be called once on loading the page, not eight times... Anonymous
10:16 AM Bug #9270: "Remove all states to and from the filtered address" does not remove all states
@jim This is very annoying bug and makes troubleshooting more difficult. Any chance to address it in the next point ... Yuri Weinstein
05:56 AM Bug #9577: radvd send_ra_forall failed on interface / can't join ipv6-allrouters
Hi,
I installed the patch and a lot of messages where gone. What was in the log after reboot is
Jul 6 12:31:08 pf... Louis B
05:41 AM Feature #10732 (New): Warning banner for secondary HA node
It would be good if the secondary HA node has a banner with a warning all management actions have to be performed on ... Constantine Kormashev
05:38 AM Feature #10731 (New): XML-sync primary/secondary config flag
To prevent XML-sync misconfiguring on a HA cluster, it would be good to make a config flag that can be used for disti... Constantine Kormashev

07/05/2020

04:13 PM Revision 1b54754b: IDN symbols in DNS Resolver ACL. Fixes #10730
Viktor Gurov
02:14 PM Feature #9717: Search box for pfsense ?
I would also like to suggest a search function be added to the PFsense GUI.
Perhaps right on the top menu should be ... Tony Burns
11:14 AM Bug #10730: Unable to use IDN symbols in DNS Resolver ACL
https://github.com/pfsense/pfsense/pull/4389 Viktor Gurov
11:08 AM Bug #10730 (Resolved): Unable to use IDN symbols in DNS Resolver ACL
https://forum.netgate.com/topic/153501/dns-resolver-and-access-list-access-list-entry-is-not-saved:
It's the first t... Viktor Gurov
11:04 AM pfSense Packages Bug #10688 (Resolved): Remove Zabbix 4.2 ports
removed from 2.4 and 2.5 repo Viktor Gurov
10:59 AM pfSense Packages Bug #9813 (Resolved): Fails saving accountkeys if name contains non-English characters
Fixed in #10442 Viktor Gurov
10:55 AM pfSense Packages Bug #7271: Co-existence of unbound and BIND/named
https://github.com/pfsense/FreeBSD-ports/pull/896 Viktor Gurov
10:40 AM pfSense Packages Bug #8254 (Resolved): BIND, Register DHCP static mappings and Subzones
no such issue with 9.16_1, https://github.com/pfsense/FreeBSD-ports/blob/devel/dns/pfSense-pkg-bind/files/usr/local/p... Viktor Gurov
10:14 AM pfSense Packages Bug #10507: Unable to use forwarders
Fix:
https://github.com/pfsense/FreeBSD-ports/pull/895 Viktor Gurov
07:51 AM Bug #10716: Policy routing rules are not written correctly for a down gateway
Tested the new patch with gateway group rules again 2.4.5p1. Seems to work as expected in all conditions.
Tested g... Steve Wheeler
06:55 AM pfSense Packages Bug #10506: Recursion not working on fresh BIND install
fix:
https://github.com/pfsense/FreeBSD-ports/pull/894 Viktor Gurov
06:10 AM pfSense Packages Bug #10445: BIND crashed when added RPZ. rpz is not a master or slave zone.
Fixes:
https://github.com/pfsense/FreeBSD-ports/pull/893 Viktor Gurov
02:52 AM pfSense Packages Bug #10330: BIND zone configuration displays wrong DS resource record with inline DNSSEC signing enabled
Fix:
https://github.com/pfsense/FreeBSD-ports/pull/892 Viktor Gurov
01:12 AM Bug #10729 (New): Certificate verification failed for pkg.freebsd.org
https://forum.netgate.com/topic/155037/pkg-add-authentication-error-connecting-to-pkg-freebsd-org-let-s-encrypt-cert:... Viktor Gurov
12:40 AM Bug #10542: Exclamation marks in the description field of a floating rule result in a filter reload error.
seems related to https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=182819 Viktor Gurov

07/04/2020

10:10 PM Feature #10728 (Closed): Request - widen the columns in VPN > IPSEC > Status > Overview
I am finding that sometimes, the width of the element that encompasses all the columns isn't enough to show the "conn... A P
08:30 PM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries
Thanks for the detailed instructions Gavin.
I pushed a fix which should do the right thing in this case.
Please... Luiz Souza
03:21 PM Bug #10726: Sticky-connections option is bugged - sticky-address cannot be redefined
It looks like, that bug has not been resolved since 8 years..
https://redmine.pfsense.org/issues/2493 Fritz Lakritz
08:11 AM Bug #10726: Sticky-connections option is bugged - sticky-address cannot be redefined
seems pfctl icmp-type + sticky-address issue,
but only if you select icmp message types (icmp any works fine),
same... Viktor Gurov
07:22 AM Bug #10726 (New): Sticky-connections option is bugged - sticky-address cannot be redefined
As already described in https://forum.netgate.com/topic/154821/strange-firewall-rules-behaviour-with-sticky-connectio... Fritz Lakritz
02:02 PM Revision 9544cf66: Gateway down policy rule fix. Issue #10716
Viktor Gurov
01:03 PM Revision c4fc5142: Limiter default bw type in Mbit/s. Implements #10727
Viktor Gurov
12:11 PM pfSense Packages Bug #10693: pfSense Bind Zone Editor UI does not update zone serial number when a change is made
Viktor Gurov wrote:
> > The broken behavior is observed with Bind package 9.14_4
>
> did it work differently befo... Jeffrey Altman
11:47 AM pfSense Packages Bug #10693: pfSense Bind Zone Editor UI does not update zone serial number when a change is made
> The broken behavior is observed with Bind package 9.14_4
did it work differently before?
you need to manually c... Viktor Gurov
12:06 PM pfSense Packages Feature #8188 (Resolved): Support response policy zones in bind package
merged in 9.12 Viktor Gurov
10:47 AM Feature #10696 (Resolved): status.php: Add config history
works as expected on 2.5.0.a.20200703.1850
Config History file content:... Viktor Gurov
10:31 AM Revision 00bf92ce: Shaper check prio only for CBQ/FAIRQ/PRIQ. Issue #1353
Viktor Gurov
08:05 AM Feature #10727: Limiter bw type in Mbit/s
https://github.com/pfsense/pfsense/pull/4388 Viktor Gurov
07:47 AM Feature #10727 (Resolved): Limiter bw type in Mbit/s
https://forum.netgate.com/topic/154812/limiter-bandwidth-type-default:
Just a suggestion, might make the default Mbi... Viktor Gurov
05:33 AM Bug #1353: Number of queues possible
Check for priority value duplication only for CBQ/FAIRQ/PRIQ queues:
https://github.com/pfsense/pfsense/pull/4387
... Viktor Gurov
04:28 AM pfSense Packages Feature #10725: Squid disable multiple login sessions
https://github.com/pfsense/FreeBSD-ports/pull/891 Viktor Gurov
12:27 AM pfSense Packages Feature #10725 (Resolved): Squid disable multiple login sessions
https://forum.netgate.com/topic/154741/squid-disable-multiple-sessions:
Hello, I want to set a server running pfsens... Viktor Gurov
04:04 AM pfSense Packages Bug #10692: PIMD starts twice at boot
Viktor,
"many thanks!!"
I did install PIMD again and will test it as soon as the fix is in the snapshots
... Louis B
02:50 AM pfSense Packages Bug #10692: PIMD starts twice at boot
Louis van Breda wrote:
> Hello,
>
> I just discoverd a critical error in the pfSense boot sequence.
> - Indepen... Viktor Gurov
03:00 AM Bug #7378 (Resolved): pfctl: ix0: driver does not support altq
Tested okay on SG-5100. Luiz Souza
01:40 AM Bug #9383 (Feedback): dhcpleases kqueue error
Fixed in dhcpleases-0.5. Luiz Souza
12:43 AM Revision c968ef7e: Make sure dhcpleases is killed before writing the hosts file.
Needs to happen before fopen($hosts, "w") as it is going to truncate the file
and that breaks the tracking of hosts s... Luiz Souza

07/03/2020

04:43 PM Revision 5fe8efc2: Allowed Hostnames add/delete multiple A entries. Fixes #10724
Viktor Gurov
03:41 PM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries
I just ran into this today. I was using IP addresses for the bookkeeper. She finally got a hostname with DynDNS.
... Rob Shiras
11:46 AM Bug #10724: Allowed Hostnames adds/deletes only one A entry
https://github.com/pfsense/pfsense/pull/4386 Viktor Gurov
11:41 AM Bug #10724 (Resolved): Allowed Hostnames adds/deletes only one A entry
If you add a hostname on services_captiveportal_hostname.php page,
it adds only single IP (A entry) from DNS answer,... Viktor Gurov
10:03 AM Bug #10716: Policy routing rules are not written correctly for a down gateway
But it sets the value of the gateway variable to 'empty' as Jim commented above so that's OK. Steve Wheeler
09:47 AM Bug #10716: Policy routing rules are not written correctly for a down gateway
Tested this patch. It corrects the 'Skip rules when gateway is down' setting but not the default 'omit gateway from t... Steve Wheeler
02:44 AM Bug #10716: Policy routing rules are not written correctly for a down gateway
Jim Pingle wrote:
> Having @$GWGW2@ on the rule when the content of @$GWGW2@ is empty is fine. That effectively mean... Viktor Gurov
09:05 AM Bug #3039 (Feedback): New vouchers doesn't sync with CARP slave
already merged Viktor Gurov
07:11 AM Feature #9876: PFsense on KVM: Web interface hint to disable "Hardware Checksum Offloading"
https://github.com/pfsense/pfsense/pull/4384
see also #10723 Viktor Gurov
07:11 AM Feature #10723: Disable "Hardware Checksum Offloading" if VM is detected
https://github.com/pfsense/pfsense/pull/4385 Viktor Gurov
07:07 AM Feature #10723 (Resolved): Disable "Hardware Checksum Offloading" if VM is detected
It would be better to disable "Hardware Checksum Offloading" on first boot if a VM system is detected
 Viktor Gurov
06:30 AM Feature #3031: Message is false after changing Hardware Checksum Offloading setting
https://github.com/pfsense/pfsense/pull/4384 Viktor Gurov
06:01 AM Revision 6fab11cc: Setup Wizard DNS IPv6 support. Fixes #10720
Viktor Gurov
03:20 AM pfSense Packages Feature #9852: show File-Store directory listing
+ https://www.joesandbox.com/
+ https://opentip.kaspersky.com/ Viktor Gurov
01:05 AM Bug #10720: Setup Wizard DNS Server validation JavaScript incorrectly claims IPv6 address is invalid
Fix:
https://github.com/pfsense/pfsense/pull/4382
TODO #3087 Viktor Gurov

07/02/2020

11:35 PM Bug #9459 (Feedback): patch pf: silence a runtime warning pfr_update_stats: assertion failed.
This fix is already merged to 2.5 sources.
Should not be an issue anymore, please confirm with a newer snapshot. Luiz Souza
11:15 PM Bug #3488 (Feedback): Deleting an interface doesn't delete associated shaper queues
PR merged. Luiz Souza
09:00 PM Bug #10722 (Duplicate): Update jQuery to 3.5.1
In bug #9407, jQuery was updated to 3.4.1.
However, jQuery 3.5.1 fixes two security issues, one of which is a cros... Logan Marchione
06:31 PM Revision 5ed493d8: Block additional Captive Portal Logins. Implements #9432
Viktor Gurov
01:20 PM Revision 8b348d2b: Fix indenting
Steve Beaver
09:15 AM pfSense Packages Bug #10721 (Rejected): PHP Startup: Unable to load dynamic library 'readline.so'
That is not a bug, but a problem with your installation.
This site is not for support or diagnostic discussion.
... Jim Pingle
09:14 AM pfSense Packages Bug #10721 (Rejected): PHP Startup: Unable to load dynamic library 'readline.so'
Crash report begins. Anonymous machine information:
amd64
11.2-RELEASE-p10
FreeBSD 11.2-RELEASE-p10 #9 4a2bfdce... Vincenzo Pace
08:51 AM Bug #10720 (Resolved): Setup Wizard DNS Server validation JavaScript incorrectly claims IPv6 address is invalid
In the setup wizard, if a user places an IPv6 address in the primary or secondary DNS server box, a JavaScript popup ... Jim Pingle

07/01/2020

08:16 PM Revision 32750350: Fix typo in comment
Steve Beaver
08:08 PM Revision 2cff9cf0: Revise return_gateways_array() to include the tier name in hte returned array. This avoids the need to call the function for every gateway in the array and makes life easier for system_gateways.php, which no longer needs to call multiple functions to get the display information.
Steve Beaver
03:30 PM Revision 5a764497: Fix indenting
Steve Beaver
03:27 PM Revision 8326101f: Fixed #10719 by adding tooltips and help text
Steve Beaver
12:31 PM Bug #10650: OpenVPN TCP in 2.4.5-p1 not working
I was hit by the same issue, taking the code from the PR worked but it was a bit unfortunate to go to what appeared t... Scott Zawalski
10:35 AM Bug #10719 (Feedback): Gateway page displays mystery icons
Applied in changeset commit:8326101f42ec638533f6a0831a6dac4f1c5aa279. Anonymous
10:10 AM Bug #10719 (Resolved): Gateway page displays mystery icons
system_gateways.php displays various icons in the gateway table without indicating what they mean.
Help text and t... Anonymous
09:22 AM Feature #9432 (Pull Request Review): Block additional Captive Portal Logins
Jim Pingle
09:14 AM Bug #10716: Policy routing rules are not written correctly for a down gateway
Having @$GWGW2@ on the rule when the content of @$GWGW2@ is empty is fine. That effectively means the gateway is not ... Jim Pingle
05:50 AM Feature #10718: Email notifications - add new field to enter a from: name
Currently email notifications have a "from name" of "Firewall Email Report". It would be nice to have a field to cust... Joseph McGuirl
05:49 AM Feature #10718 (New): Email notifications - add new field to enter a from: name
Currently email notifications have a "from name" of "Firewall Email Report". It would be nice to customize this to s... Joseph McGuirl

06/30/2020

01:48 PM Bug #9476 (Rejected): pfSense 2.4.x sending ARP replies with non-CARP source MAC address
I'm closing this ticket because the requested functionality cannot be implemented with the current CARP support in Fr... Luiz Souza
01:22 PM Bug #10717 (Rejected): Dynamic DNS update uses wrong interface for request; updates fail
Really doesn't have anything to do with Dynamic DNS but how routing works in general from the firewall itself, and it... Jim Pingle
01:16 PM Bug #10717 (Rejected): Dynamic DNS update uses wrong interface for request; updates fail
Configuration:
Multi-WAN with interfaces including:
- "COMCASTBUSINESS" (static IP, interface em0)
- "COMCASTHOM... David Gilmour
11:37 AM Bug #10716 (Resolved): Policy routing rules are not written correctly for a down gateway
There are two options for the behaviour of policy routing rules that reference a gateway that is down.
The default b... Steve Wheeler
08:30 AM Feature #9432: Block additional Captive Portal Logins
https://github.com/pfsense/pfsense/pull/4381 Viktor Gurov
07:52 AM Feature #2146: Allow concurrent logins when using vouchers
Jim Pingle wrote:
> We can try this but I seem to remember a problem with this in the past. If I recall correctly it... Viktor Gurov
12:17 AM Bug #10712: "default allow LAN IPv6 to any" rule does not work right after boot when using IPv6 PD
This can also be reproduced by reinstalling the Suricata package. In addition to the workaround posted in the bug, yo... Offstage Roller

06/29/2020

04:25 PM Bug #9577: radvd send_ra_forall failed on interface / can't join ipv6-allrouters

> The patch should resolve the issue until PR #773 gets incorporated.
>
> I have had installs run for more tha... Michael Geiger
02:12 PM Revision c82a10a8: Merge pull request #4350 from vktg/ipsecgwdescr
Renato Botelho
02:11 PM Revision d2f18281: Merge pull request #4379 from vktg/clearl2tpsecret
Renato Botelho
02:11 PM Revision 69858120: Merge pull request #4380 from vktg/dhcrelayovpntap
Renato Botelho
02:11 PM Revision 7eac01f9: Merge pull request #4377 from vktg/dhcpv6lifetimecheck
Renato Botelho
12:37 PM Bug #10713: assigning a virtual IPv6 IP to an interface that has IPv6 PD track interface enabled makes the Virtual IP the primary IP after reboot
I should add, the reason why I was using a Virtual IP here is that this is currently the only way of assigning multip... Robby Moeyaert
04:56 AM Bug #10713 (Duplicate): assigning a virtual IPv6 IP to an interface that has IPv6 PD track interface enabled makes the Virtual IP the primary IP after reboot
https://forum.netgate.com/topic/154856/multiple-ipv6-bugs-quirks-in-pfsense:
Situation: you have a LAN interface tha... Viktor Gurov
12:04 PM Revision 7890aeda: Merge pull request #4375 from vktg/nat11extip
Renato Botelho
09:16 AM Bug #10709: services_router_advertisements.php: radvd won't start if Default valid lifetime is less than Default preferred lifetime
That was super quick. Thanks a lot! Mike Murdoch
09:12 AM Bug #10709 (Feedback): services_router_advertisements.php: radvd won't start if Default valid lifetime is less than Default preferred lifetime
PR has been merged. Thanks! Renato Botelho
07:59 AM Bug #10709 (Pull Request Review): services_router_advertisements.php: radvd won't start if Default valid lifetime is less than Default preferred lifetime
Jim Pingle
01:00 AM Bug #10709: services_router_advertisements.php: radvd won't start if Default valid lifetime is less than Default preferred lifetime
Fix:
https://github.com/pfsense/pfsense/pull/4377 Viktor Gurov
09:12 AM Feature #10711 (Feedback): Allow to use OpenVPN TAP interfaces in DHCP Relay
PR has been merged. Thanks! Renato Botelho
07:57 AM Feature #10711 (Pull Request Review): Allow to use OpenVPN TAP interfaces in DHCP Relay
Jim Pingle
06:26 AM Feature #10711: Allow to use OpenVPN TAP interfaces in DHCP Relay
https://github.com/pfsense/pfsense/pull/4380 Viktor Gurov
03:32 AM Feature #10711 (Resolved): Allow to use OpenVPN TAP interfaces in DHCP Relay
https://forum.netgate.com/topic/154867/dhcp-relay-and-vpn
OpenVPN TAP interfaces can be used by dhcrelay Viktor Gurov
09:12 AM Bug #10710 (Feedback): L2TP secret uses empty value
PR has been merged. Thanks! Renato Botelho
07:56 AM Bug #10710 (Pull Request Review): L2TP secret uses empty value
Jim Pingle
03:05 AM Bug #10710: L2TP secret uses empty value
Fix:
https://github.com/pfsense/pfsense/pull/4379 Viktor Gurov
03:03 AM Bug #10710 (Resolved): L2TP secret uses empty value
If you set the L2TP shared secret and then remove it,
an empty value will still be used in mpd.conf:... Viktor Gurov
09:12 AM Feature #7095 (Feedback): Improve Remote Gateway field description for IPSec VPN Phase 1
PR has been merged. Thanks! Renato Botelho
09:11 AM Revision d191d35d: Allow to use OpenVPN TAP interfaces in DHCP Relay. Implements #10711
Viktor Gurov
08:32 AM Feature #9432 (New): Block additional Captive Portal Logins
that's a different issue, see https://forum.netgate.com/topic/136995/one-voucher-per-device Viktor Gurov
08:05 AM Bug #10703 (Pull Request Review): OpenVPN copy doesn't save auth_pass
Jim Pingle
01:46 AM Bug #10703: OpenVPN copy doesn't save auth_pass
https://github.com/pfsense/pfsense/pull/4378 Viktor Gurov
08:04 AM Revision 58b9baee: L2TP empty secret fix. Issue #10710
Viktor Gurov
07:05 AM Feature #7705 (Feedback): Support dynamic interface address for 1:1 NAT
PR has been merged. Thanks! Renato Botelho
05:58 AM Revision 1d0608f3: RA lifetime input validation. Fixes #10709
Viktor Gurov
05:01 AM Bug #10715 (New): DHCPv6 relay always uses the "first" IPv6 address of an interface
https://forum.netgate.com/topic/154856/multiple-ipv6-bugs-quirks-in-pfsense:
Situation: you have multiple IPv6 addre... Viktor Gurov
04:58 AM Bug #10714 (New): radvd only gives out the prefix of the "first" IPv6 address of an interface
https://forum.netgate.com/topic/154856/multiple-ipv6-bugs-quirks-in-pfsense:
Situation: When multiple prefixes are a... Viktor Gurov
04:54 AM Bug #10712 (New): "default allow LAN IPv6 to any" rule does not work right after boot when using IPv6 PD
https://forum.netgate.com/topic/154856/multiple-ipv6-bugs-quirks-in-pfsense:
Quite simply, you boot, you get an IPv6... Viktor Gurov
02:48 AM pfSense Packages Bug #10700: not all VPN IPs added with vpnaddresses option
Suricata 4 PR:
https://github.com/pfsense/FreeBSD-ports/pull/889 Viktor Gurov

06/28/2020

02:05 PM Bug #10702: Todays Snapshot System does crash and does not start any more
Louis- There are no problems with the snapshots on my end either. I try to test every release that comes out. Pleas... Chris Palmer
12:35 PM Bug #10702: Todays Snapshot System does crash and does not start any more
Jim,
It is not related to PIMD. In the past week I had many crashes related to swithing interfaces on or off yes o... Louis B
05:50 AM Bug #10709 (Resolved): services_router_advertisements.php: radvd won't start if Default valid lifetime is less than Default preferred lifetime
Hello,
the user interface allows the `Default valid lifetime` field to be set to a lower value than `Default prefe... Mike Murdoch

06/27/2020

01:49 PM Bug #10702: Todays Snapshot System does crash and does not start any more
Jim,
I can easely reproduce this issue on a running system:
- disable on of the interfaces
- stop pimd (e.g. pim... Louis B
06:44 AM Revision e5e7d84c: Support dynamic interface address for 1:1 NAT. Implements #7705
Viktor Gurov
12:52 AM Bug #10708: ZFS bootpool boot symlink issue
To clarify: upon upgrade a physical directory called boot is created in the zroot pool over the symlink... Paul Magid
12:49 AM Bug #10708 (New): ZFS bootpool boot symlink issue
Using 2.5.0-DEVELOPMENT when I do an install that creates a zfs mirror (MBR), the boot directory is actually a symlin... Paul Magid

06/26/2020

07:06 PM Bug #9277 (New): MBT-4220/2220: pfSense hangs when running sysctl -a
It looks like this might be a problem with the way the dashboard system information widget reads the sysctls when you... Steve Wheeler
04:00 PM Revision 523d8c3f: Merge pull request #4175 from vktg/importpkcs12
Renato Botelho
04:00 PM Revision e6a82348: Merge pull request #4240 from Kapmeister/master
Renato Botelho
03:54 PM Revision 9e2f1840: Merge pull request #4376 from travisboss/master
Renato Botelho
03:51 PM Revision 9561664d: Merge pull request #4374 from vktg/eoipfwproto
Renato Botelho
03:50 PM Revision 642783a2: Merge pull request #4373 from vktg/syncfwruledescrfix
Renato Botelho
03:50 PM Revision e396e963: Merge pull request #4372 from vktg/ipv6subnet11natfix
Renato Botelho
03:49 PM Revision e0db41c0: Merge pull request #4371 from vktg/statusconfhistory
Renato Botelho
01:29 PM pfSense Packages Bug #10697 (Feedback): Missing New Line After NCP Parameter in Client Config
PR has been merged. Thanks! Renato Botelho
11:34 AM pfSense Packages Bug #8688 (Feedback): Pass List Snort
PR has been merged. Thanks! Renato Botelho
11:32 AM pfSense Packages Bug #10700 (Feedback): not all VPN IPs added with vpnaddresses option
PR has been merged. Thanks! Renato Botelho
11:30 AM pfSense Packages Bug #10552 (Feedback): Typo in OpenBGPD's settings page
PR has been merged. Thanks! Renato Botelho
11:00 AM Feature #8645 (Feedback): Upload certificate file instead of pasting
PR has been merged. Thanks! Renato Botelho
11:00 AM Feature #10354 (Feedback): Telegram Notification Support
PR has been merged. Thanks! Renato Botelho
10:54 AM Feature #10696 (Feedback): status.php: Add config history
PR has been merged. Thanks! Renato Botelho
10:54 AM Bug #7742 (Feedback): 1:1 NAT for IPv6 applies wrong subnet mask to "Single Host"
PR has been merged. Thanks! Renato Botelho
10:54 AM Bug #1478 (Feedback): some characters in FW rule descriptions do not sync properly
PR has been merged. Thanks! Renato Botelho
10:54 AM Feature #10698 (Feedback): Allow to select EoIP protocol
PR has been merged. Thanks! Renato Botelho
10:54 AM Bug #10705 (Feedback): Difficult to see multiple selection form-control
PR has been merged. Thanks! Renato Botelho
08:14 AM Bug #10705 (Pull Request Review): Difficult to see multiple selection form-control
Jim Pingle
09:58 AM Bug #10706: Kernel route table entries are removed if they match disabled static route entries
Jim Pingle wrote:
> You shouldn't have static routes for OpenVPN networks, they have to be managed by OpenVPN.
I ... Christian Fertig
08:13 AM Bug #10706 (Not a Bug): Kernel route table entries are removed if they match disabled static route entries
You shouldn't have static routes for OpenVPN networks, they have to be managed by OpenVPN.
Disabled routes are cle... Jim Pingle
04:01 AM Bug #10706: Kernel route table entries are removed if they match disabled static route entries
In my case test system is a SG-3100 with 2.4.5-RELEASE-p1 (arm) Christian Fertig
04:00 AM Bug #10706 (Resolved): Kernel route table entries are removed if they match disabled static route entries
Hi,
this is the ticket for this forum post https://forum.netgate.com/topic/149330/disabled-static-route-deletes-op... Christian Fertig
06:51 AM pfSense Docs Correction #10707 (Resolved): Feedback on Backup and Restore — Automatically Restore a pfSense Configuration During Installation
*Page:* https://docs.netgate.com/pfsense/en/latest/backup/restore-during-install.html
*Feedback:*
Hello,
I ... Louis B

06/25/2020

11:52 PM Revision d1c779e0: enhance the look of form-control multiple select
Travis Boss
07:51 PM Bug #10705: Difficult to see multiple selection form-control
https://github.com/pfsense/pfsense/pull/4376 Anonymous
06:51 PM Bug #10705 (Resolved): Difficult to see multiple selection form-control
pfsense-BETA-dark
Specifically in Avahi, it is hard to see what interfaces you have selected due to the grays bein... Anonymous
02:44 PM Bug #10699 (Needs Patch): CRL php error
I am able to reproduce the crash with the CA provided by OP. Crash happens on 2.4.5-p1 and 2.5.0. It appears to be du... Jim Pingle
10:46 AM Bug #10699: CRL php error
Continuing the discussion here: https://forum.netgate.com/topic/154788/crl-don-t-works/ Jim Pingle
10:25 AM Bug #10699: CRL php error
Jim Pingle wrote:
> Nothing looks obviously wrong in that, but still it's confusing the CRL routines somehow.
>
>... Dario Martino
09:52 AM Bug #10699: CRL php error
Nothing looks obviously wrong in that, but still it's confusing the CRL routines somehow.
If you don't mind to sen... Jim Pingle
09:04 AM Bug #10699: CRL php error
Nothing seems wrong in my CA:
#openssl rsa -in pfsense.pter.it.key -check -noout
RSA key ok
#openssl x509 -in ... Dario Martino
08:38 AM Bug #10699: CRL php error
Hi Jim,
thanks for your reply.
Jim Pingle wrote:
> That looks like a problem with your certificate. It can't rea... Dario Martino
07:49 AM Bug #10699 (Feedback): CRL php error
That looks like a problem with your certificate. It can't read the time stamp from the certificate data.
Can you a... Jim Pingle
05:01 AM Bug #10699 (Needs Patch): CRL php error
Hello,
I have a php error when I try to add a certificate issued for openvpn client to a CRL. I can create the CRL, ... Dario Martino
01:55 PM Bug #10702: Todays Snapshot System does crash and does not start any more
We constantly monitor the forum, that is not a concern. Jim Pingle
01:40 PM Bug #10702: Todays Snapshot System does crash and does not start any more
Jim
the reason to post it here, is that I was very afraid that other people would become in trouble
And depending... Louis B
01:30 PM Bug #10702: Todays Snapshot System does crash and does not start any more
You should post these kinds of things on the forum and not here. That is the proper place to discuss and diagnose wha... Jim Pingle
01:25 PM Bug #10702: Todays Snapshot System does crash and does not start any more
Jim,
I did a new install using the today 650 snapshot, since the update had failed.
Then I installed the config f... Louis B
09:48 AM Bug #10702: Todays Snapshot System does crash and does not start any more
See my previous comment. That is most likely a problem with your installation, not a bug in the snapshots. Main suspe... Jim Pingle
09:39 AM Bug #10702: Todays Snapshot System does crash and does not start any more
Hereby two fotos captured via mobile using the "KVM-switch". Perhaps helpfull.
Louis Louis B
09:34 AM Bug #10702 (Not a Bug): Todays Snapshot System does crash and does not start any more
No problems here on the latest snapshot. That seems more like you have a local failure (perhaps a storage problem or ... Jim Pingle
08:37 AM Bug #10702 (Not a Bug): Todays Snapshot System does crash and does not start any more
Hello,
Two hours ago I did upgrade to latest snapshot, during the related reboot the system never came back.
I ... Louis B
01:37 PM Bug #8890: Register DHCP leases in the DNS Resolver has no effect
Oh man, I hit this bug today bigtime on a 2.4.4-p3 system. Took awhile to figure out why DNS was resolving incorrectl... → luckman212
01:11 PM pfSense Packages Bug #10692: PIMD starts twice at boot
With "the patch emulated" (by stopping pimd, disabling and anabling interfaced, stating pimd again) it is working mor... Louis B
11:12 AM Bug #10691: Issue with rules (firewall and NAT) being reloaded after changes made
Yes, that's all covered by my previous note.
Kill the firewall states after making a change like that if disconnec... Jim Pingle
11:07 AM Bug #10691: Issue with rules (firewall and NAT) being reloaded after changes made
A SSH connection is also held open after the NAT rule is disabled.
So if there is an unknown breach/connection act... John Weithman
11:08 AM Todo #10704 (Resolved): Work around PHP issues with SSL LDAP and multiple authentication servers
Based on a report from a customer, the PHP environment we have to setup for SSL LDAP clients does not appear to grace... Jim Pingle
10:52 AM Bug #10703: OpenVPN copy doesn't save auth_pass
Copying my note here from github:
The password issue is probably because of the Confirm box on the page, which rea... Jim Pingle
10:50 AM Bug #10703 (Resolved): OpenVPN copy doesn't save auth_pass
This happened to me when I copied a OpenVPN client and only changed the host address. The resulting copy doesn't incl... Viktor Gurov
09:55 AM Feature #7705 (Pull Request Review): Support dynamic interface address for 1:1 NAT
Jim Pingle
09:12 AM Feature #7705: Support dynamic interface address for 1:1 NAT
https://github.com/pfsense/pfsense/pull/4375 Viktor Gurov
08:30 AM Revision b0ecf4e1: Allow to select EoIP protocol. Implements #10698
Viktor Gurov
07:46 AM pfSense Packages Bug #10700 (Pull Request Review): not all VPN IPs added with vpnaddresses option
Jim Pingle
05:19 AM pfSense Packages Bug #10700: not all VPN IPs added with vpnaddresses option
https://github.com/pfsense/FreeBSD-ports/pull/888 Viktor Gurov
05:05 AM pfSense Packages Bug #10700 (Resolved): not all VPN IPs added with vpnaddresses option
Suricata uses filter_get_vpns_list() to get vpnaddresses list
filter_get_vpns_list() returns only:
IPsec Mobile I... Viktor Gurov
07:45 AM pfSense Packages Bug #10552 (Pull Request Review): Typo in OpenBGPD's settings page
Jim Pingle
05:00 AM pfSense Packages Bug #10552: Typo in OpenBGPD's settings page
Fix:
https://github.com/pfsense/FreeBSD-ports/pull/887 Viktor Gurov
07:44 AM Feature #10698 (Pull Request Review): Allow to select EoIP protocol
Jim Pingle
03:31 AM Feature #10698: Allow to select EoIP protocol
https://github.com/pfsense/pfsense/pull/4374 Viktor Gurov
03:30 AM Feature #10698 (Resolved): Allow to select EoIP protocol
Allow to select EoIP (97 or etherip in FreeBSD) protocol in the Protocol drop-down menu
See https://tools.ietf.org... Viktor Gurov
07:43 AM Bug #1478 (Pull Request Review): some characters in FW rule descriptions do not sync properly
Jim Pingle
02:36 AM Bug #1478: some characters in FW rule descriptions do not sync properly
https://github.com/pfsense/pfsense/pull/4373 Viktor Gurov
07:40 AM pfSense Packages Bug #10697 (Pull Request Review): Missing New Line After NCP Parameter in Client Config
Jim Pingle
01:31 AM pfSense Packages Bug #10697: Missing New Line After NCP Parameter in Client Config
https://github.com/pfsense/FreeBSD-ports/pull/809 Viktor Gurov
01:31 AM pfSense Packages Bug #10697 (Resolved): Missing New Line After NCP Parameter in Client Config
"auth alg" digest algorithm client config parameter is erroneously merged into the same config line as the "ncp-disab... Viktor Gurov
07:38 AM Bug #7742 (Pull Request Review): 1:1 NAT for IPv6 applies wrong subnet mask to "Single Host"
Jim Pingle
01:19 AM Bug #7742: 1:1 NAT for IPv6 applies wrong subnet mask to "Single Host"
Fix:
https://github.com/pfsense/pfsense/pull/4372 Viktor Gurov
07:36 AM Bug #10701: Firewall Log too wide with Rule Description Column
That's because you have the rule descriptions as a column instead of an extra row. There is no way that is all going ... Jim Pingle
05:41 AM Bug #10701 (New): Firewall Log too wide with Rule Description Column
Hello,
I just noticed that at least with systemlog firewall the layout does not fit inside the page any more. May ... Louis B
07:33 AM Revision 1660f4b3: Sync filter CDATA encoded descr fields. Fixes #1478
Viktor Gurov
06:17 AM Revision 91efd993: 1:1 NAT IPv6 subnet mask fix. Issue #7742
Viktor Gurov
03:14 AM pfSense Packages Bug #8688: Pass List Snort
Snort 3.x (pfSense 2.4.5) PR:
https://github.com/pfsense/FreeBSD-ports/pull/886 Viktor Gurov
02:56 AM pfSense Packages Bug #10679 (Resolved): Squid reverse proxy CA cert without prv key
squid pkg 0.4.44_28 shows CA without private key on the Squid Reverse Proxy configuration page Viktor Gurov

06/24/2020

11:56 PM Todo #10533: Change default domain for new installations from "localdomain" to "home.arpa"
I'd suggest one of the following instead, since many pfSense installs are not used in home environments.
https://... → luckman212
05:35 PM Bug #10666: DHCP Server sends NAK messages for declined offers
Hi Jim,
Thanks for your feedback. For future reference, by reading the ISC DHCP manual I found this configuration ... Alfredo Pironti
03:31 PM Bug #9476: pfSense 2.4.x sending ARP replies with non-CARP source MAC address
Viktor Gurov wrote:
> See #6957 and https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=141023#c4:
> _According to RF... Marc H
09:58 AM Bug #9476: pfSense 2.4.x sending ARP replies with non-CARP source MAC address
See #6957 and https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=141023#c4:
_According to RFC826, which is current st... Viktor Gurov
02:29 PM Revision 26516e8a: Remove Zabbix 4.2 support
Zabbix 4.2 ports were removed from the FreeBSD ports tree (End of Life).
(cherry picked from commit c38796f133762b41... Danilo Baio
02:29 PM Revision a3dea116: Merge pull request #4365 from dbaio/zabbix42-eol
Renato Botelho
02:27 PM Revision 34185e00: Merge pull request #4359 from bmhughes/frr-enable-snmp
Renato Botelho
02:27 PM Revision 6cfebd7d: Merge pull request #4358 from vktg/shaperpriqcheck
Renato Botelho
02:27 PM Revision 6e4fa0a5: Merge pull request #4361 from vktg/dhcpnewlinefix
Renato Botelho
02:27 PM Revision 880cc378: Merge pull request #4362 from vktg/pf25rtwnregexp
Renato Botelho
02:26 PM Revision e0c955a6: Merge pull request #4368 from vktg/usercertsel
Renato Botelho
02:26 PM Revision 56ff6c6d: Merge pull request #4367 from vktg/noshowgw
Renato Botelho
02:26 PM Revision e3b8be57: Merge pull request #4366 from vktg/rfc2307userdn
Renato Botelho
02:26 PM Revision 4874d203: Merge pull request #4363 from vktg/wifi40mhz
Renato Botelho
02:25 PM Revision 8f5f783e: Merge pull request #4370 from vktg/is_subnet_rfc4291par222
Renato Botelho
02:25 PM Revision bc4c5791: Merge pull request #4199 from vktg/rarouter
Renato Botelho
02:05 PM Revision db95baf1: status.php: Add config history. Implements #10696
Viktor Gurov
09:37 AM Feature #10696 (Pull Request Review): status.php: Add config history
Jim Pingle
09:01 AM Feature #10696: status.php: Add config history
https://github.com/pfsense/pfsense/pull/4371 Viktor Gurov
08:49 AM Feature #10696: status.php: Add config history
source:src/etc/rc.restore_config_backup has some code that could probably be reused for this. Jim Pingle
05:13 AM Feature #10696 (Resolved): status.php: Add config history
Add get_backups() output formatted as Diagnostics / Backup & Restore / Config History to the status_output.tgz file Viktor Gurov
09:34 AM pfSense Packages Feature #10689 (Feedback): Squid Reverse proxy IPv6 and HA support
PR has been merged. Thanks! Renato Botelho
09:34 AM pfSense Packages Bug #10679 (Feedback): Squid reverse proxy CA cert without prv key
PR has been merged. Thanks! Renato Botelho
09:29 AM Bug #9710 (Feedback): IPv6 RA: prefix option does not contain router address in spite of "R" flag being set
PR has been merged. Thanks! Renato Botelho
09:29 AM Bug #10694 (Feedback): Firewall Alias does not allow an ipv6 network alias in the format x:x:x:x:x:x:d.d.d.d where the 'd's are the decimal values of the four low-order 8-bit pieces of the address (standard IPv4 representation)
PR has been merged. Thanks! Renato Botelho
08:56 AM Bug #10694 (Pull Request Review): Firewall Alias does not allow an ipv6 network alias in the format x:x:x:x:x:x:d.d.d.d where the 'd's are the decimal values of the four low-order 8-bit pieces of the address (standard IPv4 representation)
Jim Pingle
01:32 AM Bug #10694: Firewall Alias does not allow an ipv6 network alias in the format x:x:x:x:x:x:d.d.d.d where the 'd's are the decimal values of the four low-order 8-bit pieces of the address (standard IPv4 representation)
Fix:
https://github.com/pfsense/pfsense/pull/4370 Viktor Gurov
09:29 AM Feature #10678 (Feedback): Allow to select 802.11n channel width (HT)
PR has been merged. Thanks! Renato Botelho
09:29 AM Feature #9527 (Feedback): Add ability for LDAP extended query on groups in RFC2307 containers.
PR has been merged. Thanks! Renato Botelho
09:29 AM Feature #885 (Feedback): Show gateway/group IPs on mouseover
PR has been merged. Thanks! Renato Botelho
09:29 AM Feature #10658 (Feedback): Allow to generate ECDSA certs on User Manager page
PR has been merged. Thanks! Renato Botelho
09:29 AM pfSense Packages Bug #10688 (Feedback): Remove Zabbix 4.2 ports
PR has been merged. Thanks! Renato Botelho
09:29 AM Bug #10677 (Feedback): pfSense 2.5 incorrect rtwn(4) wireless regexp
PR has been merged. Thanks! Renato Botelho
09:29 AM Bug #10675 (Feedback): DHCPv6 config not all directives start on a new line as expected
PR has been merged. Thanks! Renato Botelho
09:29 AM Bug #10660 (Feedback): PHP errors in the traffic shaper wizard
PR has been merged. Thanks! Renato Botelho
09:23 AM pfSense Packages Bug #10692: PIMD starts twice at boot
I solved the "no enabled vifs" issue by changing in menu pimd/interfaces/interface binding from default to "Always bi... Louis B
04:49 AM pfSense Packages Bug #10692: PIMD starts twice at boot
Hello,
I did some tests in advance of this patch. I could do that by forcing a reread of the vifs by disabling and... Louis B
07:36 AM Bug #10685: DNS queries of RBLs does not work any more since 2.4.5
Thanks for your reply.
After adding... Manfred Bongard
06:27 AM Revision 35c60e99: is_subnet() RFC4291 par 2.2.2 format support. Fixes #10694
Viktor Gurov
04:49 AM pfSense Packages Bug #10695 (New): FreeRadius Accounting skipping MBs after reboot due to power down
I am running 2.4.5-RELEASE (amd64) version.
I am setting up Captive Portal with FreeRadius to limit users monthly qo... AbdElrahman Eid

06/23/2020

11:00 PM Bug #10694 (Resolved): Firewall Alias does not allow an ipv6 network alias in the format x:x:x:x:x:x:d.d.d.d where the 'd's are the decimal values of the four low-order 8-bit pieces of the address (standard IPv4 representation)
Firewall Alias does not allow an ipv6 network alias in the format described by RFC4291 par 2.2.2 in the format x:x:x:... Rick Coats
08:23 PM Revision 58312bfa: Revert "Enable ALTQ on ix interfaces"
This reverts commit be22be7a8b2964a3d63852d6e31da7749405bdf9. Renato Botelho
08:03 PM Revision be22be7a: Enable ALTQ on ix interfaces
Renato Botelho
08:02 PM Revision 9ff453fc: Enable ALTQ on ix interfaces
Renato Botelho
07:29 PM Revision 7ab1a0a3: Fix thermal sensors on SG-5100
Renato Botelho
07:29 PM Revision 06b5448a: Fix thermal sensors on SG-5100
Renato Botelho
03:24 PM pfSense Packages Bug #10693 (New): pfSense Bind Zone Editor UI does not update zone serial number when a change is made
/pkg_edit.php?xml=bind_zones.xml&act=edit&id=0
populates the "Serial" field with the serial number of the current... Jeffrey Altman
03:24 PM Bug #7378 (Feedback): pfctl: ix0: driver does not support altq
I've re-enabled it on 2.5.0 snapshots so we can get it tested again Renato Botelho
12:57 PM pfSense Packages Bug #10692 (Confirmed): PIMD starts twice at boot
Hello,
I just discoverd a critical error in the pfSense boot sequence.
- Independed if you have enabled the PIMD... Louis B
11:07 AM Bug #10691 (Not a Bug): Issue with rules (firewall and NAT) being reloaded after changes made
Existing states are not cleared, and your browser is holding open a connection. You would need to close/reopen the br... Jim Pingle
11:01 AM Bug #10691: Issue with rules (firewall and NAT) being reloaded after changes made
Running 2.4.5-RELEASE-p1 (amd64) John Weithman
11:01 AM Bug #10691 (Not a Bug): Issue with rules (firewall and NAT) being reloaded after changes made
I have a web admin page for an email server that I've historically managed after VPN'ing into my network. I wanted to... John Weithman
09:46 AM Revision 039ba57a: Complete IPv6 router address in radvd.conf prefix. Issue #9710
Viktor Gurov
09:20 AM Bug #10532 (Pull Request Review): Mobile PSK users don't have 'mobile-userpool' section
Jim Pingle
02:07 AM Bug #10532: Mobile PSK users don't have 'mobile-userpool' section
Jim Pingle wrote:
> It may be as easy as removing the EAP check at source:src/etc/inc/ipsec.inc#L1596 -- but non-EAP... Viktor Gurov
07:23 AM Revision 91fd7459: Allow to change WiFi channel width. Implements #10678
Viktor Gurov
03:57 AM Bug #10661 (Resolved): pfSense configures fe80::1:1 on lan interface without track6
works fine on 2.5.0.a.20200622.1850 - fe80::1:1 successfully removed from interface after switching from Track Interf... Viktor Gurov
02:56 AM Bug #10690 (New): Not possible to make UFS install on ZFS formatted drive
If you want, to make pfSense UFS install over ZFS formatted drive (previous pfSense installation, for example)
you g... Viktor Gurov

06/22/2020

04:01 PM Bug #10558 (Feedback): Multicast daemons work at boot, but fail if restarted
The most recent snapshot has the latest fix and it appears to work. I can stop and restart pimd without errors. Leavi... Jim Pingle
11:57 AM Bug #10558: Multicast daemons work at boot, but fail if restarted
Anything not directly related to the specific multicast issue caused by the FreeBSD bug does not belong on this issue... Jim Pingle
11:57 AM Bug #10558: Multicast daemons work at boot, but fail if restarted
We are aware, and are in direct communication with the FreeBSD developer who made the commits. I mentioned above alre... Jim Pingle
11:31 AM Bug #10558: Multicast daemons work at boot, but fail if restarted
Hello,
Be aware there were multiple things fixed in FreeBSD and placed in the snapshots. Latest message I got from... Louis B
07:28 AM Bug #10558 (New): Multicast daemons work at boot, but fail if restarted
An additional fix has been added to FreeBSD that we need to pull into snapshots.
https://bugs.freebsd.org/bugzilla... Jim Pingle
01:11 PM Revision e912f0cf: Improve gateways popup. Implements #885
Viktor Gurov
12:54 PM Bug #10680 (Pull Request Review): Improve interface caching when we have many interfaces
Jim Pingle
12:48 PM Feature #9527 (Pull Request Review): Add ability for LDAP extended query on groups in RFC2307 containers.
Jim Pingle
03:07 AM Feature #9527: Add ability for LDAP extended query on groups in RFC2307 containers.
Chris Linstruth wrote:
> I don't think this is quite flexible enough. In the case of FreeIPA, for instance, the posi... Viktor Gurov
12:44 PM Feature #10678 (Pull Request Review): Allow to select 802.11n channel width (HT)
Jim Pingle
12:21 PM pfSense Packages Feature #10689 (Pull Request Review): Squid Reverse proxy IPv6 and HA support
Jim Pingle
10:53 AM pfSense Packages Feature #10689: Squid Reverse proxy IPv6 and HA support
https://github.com/pfsense/FreeBSD-ports/pull/885 Viktor Gurov
03:22 AM pfSense Packages Feature #10689 (Resolved): Squid Reverse proxy IPv6 and HA support
allow to listen on IPv4/IPv6/IPv4+IPv6 interfaces, see #8887
and add ability to select CARP interfaces, see #5168 Viktor Gurov
12:04 PM Revision ccb301a4: Allow to generate ECDSA certs on User Manager page. Implements #10658
Viktor Gurov
10:04 AM Bug #10565: WAN_DHCP6 Stuck Pending / Unknown
I am also seeing this issue after upgrading to 2.4.5-RELEASE-p1. The networking seems to be working, but the Gateways... Jeremy Beker
08:06 AM Revision e924485c: Use user DN for RFC2307 membership search. Issue #9527
Viktor Gurov
07:51 AM Bug #10610: Package upgrade or reinstall hangs indefintely on the console
Same issue here. I can reproduce this reliably (any of upgrade, reinstall or fresh install) and and pressing the "Sav... Stefan Beckers
07:36 AM Feature #10658 (Pull Request Review): Allow to generate ECDSA certs on User Manager page
Jim Pingle
07:06 AM Feature #10658: Allow to generate ECDSA certs on User Manager page
https://github.com/pfsense/pfsense/pull/4368 Viktor Gurov
07:33 AM Feature #885 (Pull Request Review): Show gateway/group IPs on mouseover
Jim Pingle
04:51 AM Feature #885: Show gateway/group IPs on mouseover
fixed/improved:
https://github.com/pfsense/pfsense/pull/4367 Viktor Gurov
07:29 AM pfSense Packages Bug #10688 (Pull Request Review): Remove Zabbix 4.2 ports
Jim Pingle
07:27 AM Bug #10687: IPsec / CESA memory issue
If the problem has already been addressed on 12.x there may be nothing more we need to do here. Needs confirmed on a ... Jim Pingle
07:24 AM Bug #10685 (Not a Bug): DNS queries of RBLs does not work any more since 2.4.5
This is due to the change in #9708 on 2.4.5 -- 127.0.0.1 is considered a private result now so you will need to tell ... Jim Pingle
07:11 AM pfSense Packages Bug #10654 (Resolved): Whitelisted domains starting with a dot are ignored
pfSense-pkg-squid 0.4.44_27 - work as expected Viktor Gurov
06:27 AM Feature #8712: QOS on ipsec links
same on FreeBSD 12.1 (pfSense 2.5.0.a.20200621.1850) Viktor Gurov

06/21/2020

07:10 PM Revision c38796f1: Remove Zabbix 4.2 support
Zabbix 4.2 ports were removed from the FreeBSD ports tree (End of Life). Danilo Baio
02:45 PM pfSense Packages Bug #10688: Remove Zabbix 4.2 ports
https://github.com/pfsense/pfsense/pull/4365
https://github.com/pfsense/FreeBSD-ports/pull/884 Danilo Baio
02:42 PM pfSense Packages Bug #10688 (Resolved): Remove Zabbix 4.2 ports
- Remove Zabbix 4.2 ports.
- Fix typos, reported on https://github.com/pfsense/FreeBSD-ports/pull/876
Zabbix 4.2 ... Danilo Baio
08:14 AM Bug #10558: Multicast daemons work at boot, but fail if restarted
Hello,
I am not the only one noticeing that there is still a problem :) So the problem was updated in the FreeBSD ... Louis B
07:40 AM Bug #10687 (Resolved): IPsec / CESA memory issue
We have approximately 30 ipsec tunnels on a netgate SG-3100. We've been getting errors that stop tunnels from coming... Graham Collinson
 

Also available in: Atom