Activity

30 days up to

User

Subprojects

Activity

From 01/02/2021 to 01/31/2021

01/31/2021

08:34 PM Bug #11352 (New): CTF types > 2^15 in the pfSense kernel config results in DTrace failing: The pfSense kernel config adds a number of additional subystems and drivers to the FreeBSD GENERIC kernel.
This ad... Peter Grehan
01:44 PM Bug #11311 (Resolved): Listen and peer port validation in wg.inc: Tested on the latest 2.5 image. It's working as expected. I'll mark it as resolved. Max Leighton
09:56 AM pfSense Packages Todo #11351 (Not a Bug): updated version to pfsense 2.4.5_1: you did released updated version (1.16.18_14) for pfsense 2.5.devel
but pfsense 2.4.5_1 still at version (1.16.18_... khaled osama
09:31 AM Bug #11337: Interface column empty in list of GIF tunnels when using IP Alias on CARP VIP as Interface: instead of having multiple CARP VIPs attached to WAN, I have one CARP VIP and the IP Aliases that follow that CARP VI... Christian McDonald
01:00 AM Bug #11338: WireGuard cannot connect to an IPv6 endpoint: if_wg.diff - kernel diff
wg_tools - wireguard_tools diff Peter Grehan
12:43 AM Bug #11338: WireGuard cannot connect to an IPv6 endpoint: The above wasn't correct: just another misconfiguration :(
There are a number of issues, all boiling down to "stru... Peter Grehan

01/30/2021

10:54 PM Bug #11350 (Rejected): Multi wan default gateway bug and gateway monitoring bug: Hello,
My setup is so easy, i have two wan lines which are working in pppoe and one lan network, i have a gateway ... Samuel Hanna
05:24 PM pfSense Packages Feature #6022: Consider MLVPN for bonded VPN: +1 for this feature.
As I understand it (which may be incorrect), pfSense "bonding" only load-balances by number of ... Val Schmidt
05:10 PM pfSense Packages Feature #9238: Add support for Zerotier: +1 for this feature!!! Val Schmidt
10:32 AM Bug #11297 (Resolved): strongSwan doesn't support wildcard certificates: Tested on the latest release. It works as expected. Ticket resolved. Danilo Zrenjanin
10:32 AM Bug #11190: IPsec VTI outbound NAT to interface address not working (pfsense 2.4.5-p1): Kevin Mychal Ong wrote:
> Jim Pingle wrote:
> > Correct. Keep any further discussion on the forum, though.
>
> T... Kevin Mychal Ong
10:08 AM pfSense Packages Bug #11331: FreeRADIUS latest package upgrade broke Plain Mac Authentication: I am not sure whether I tested it correctly, though. I used a LapTop as a client trying to authenticate through FreeR... Danilo Zrenjanin
05:58 AM pfSense Packages Bug #11331: FreeRADIUS latest package upgrade broke Plain Mac Authentication: Tested on the latest release. Plain Mac Authentication is not working. When it's enabled, I can log in with the wrong... Danilo Zrenjanin
09:20 AM pfSense Packages Bug #11333: Incorrect community-list format: works as expected on 2.5 branch
2.4.5 fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/41 Viktor Gurov
08:43 AM pfSense Packages Feature #11349 (Resolved): Allow to set minimum TLS version: EAP methods allows to set 'tls_min_version',
which is 1.0 by default
WebGUI dropdown option needed to select betw... Viktor Gurov
07:57 AM pfSense Packages Bug #7271 (Resolved): Co-existence of unbound and BIND/named: this fix is only for clean BIND install
9.16_9 works as expected Viktor Gurov
06:51 AM pfSense Packages Bug #7271: Co-existence of unbound and BIND/named: Tested on the latest release. Bind package version 9.16_9. It's still not fixed. Please check. Danilo Zrenjanin
07:42 AM pfSense Packages Bug #11001 (Resolved): freeradius lose sql lib every pfsense update: works as expected Viktor Gurov
06:26 AM Feature #6626: Support for IPv6 firewall entries with dynamic delegated prefix and static host address: This request is now 4,5 years old and has not seen any relevant activity.
As ISPs in Europe still provide users with... A J
06:15 AM Bug #11250 (Resolved): disabled FTP-Proxy service starts on boot: Tested on the latest release. It works as expected. Ticket resolved. Danilo Zrenjanin
06:07 AM Bug #11254 (Resolved): Some OpenVPN configuration files remain after deleting an instance: Tested on the latest release. It works as expected. Ticket resolved. Danilo Zrenjanin
05:38 AM pfSense Packages Bug #11321 (Resolved): Clamd service fails to start upon reboot when Block PUA option is checked on Squid Proxy Server Package: 0.4.45_2 fixed Viktor Gurov
05:35 AM Bug #11348: Sanitize PKCS#11 PIN from swanctl.conf: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/116 Viktor Gurov
05:33 AM Bug #11348 (Resolved): Sanitize PKCS#11 PIN from swanctl.conf: Sanitize "pin = " from IPsec-Configuration Viktor Gurov
04:20 AM pfSense Packages Bug #11346: Raw-Config not working: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/40 Viktor Gurov
03:32 AM pfSense Packages Bug #11346 (Resolved): Raw-Config not working: https://forum.netgate.com/topic/160365/frr-raw-config-not-working:
since an update it seems not to be possible to us... Viktor Gurov
03:42 AM pfSense Packages Bug #11345: FRR-OSPF - No "prefix-list" possible: same issue with Access lists
fix: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/39 Viktor Gurov
03:21 AM pfSense Packages Bug #11345 (Resolved): FRR-OSPF - No "prefix-list" possible: https://forum.netgate.com/topic/160363/frr-ospf-no-prefix-list-possible:
currently it is not possible for me to conf... Viktor Gurov
03:17 AM pfSense Packages Bug #11054: Check Client Certificate CN not working as described: more fixes:
- Fixes SQL backend user existing check;
- Fixes counters issue (`$varsqlconfauthcounters` lines)
http... Viktor Gurov
02:48 AM Bug #11338: WireGuard cannot connect to an IPv6 endpoint: Took a while to set this up, but I can get a repro with an OpenBSD client.
Tunnel traffic is being delivered to wg... Peter Grehan
01:08 AM Bug #11338 (New): WireGuard cannot connect to an IPv6 endpoint: Viktor Gurov
02:42 AM Bug #11337: Interface column empty in list of GIF tunnels when using IP Alias on CARP VIP as Interface: Ok... The tunnel works fine, this is just a cosmetic issue, not looking for support. It's trivially reproducible on m... Christian McDonald
12:03 AM Bug #11337 (Rejected): Interface column empty in list of GIF tunnels when using IP Alias on CARP VIP as Interface: Unable to reproduce it on the latest 2.5 snapshot,
Interface column is OK if I select CARP VIP as a parent interface... Viktor Gurov
02:19 AM Bug #11344: Sanitize Squid securiteinfo_id: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/115 Viktor Gurov
02:17 AM Bug #11344 (Resolved): Sanitize Squid securiteinfo_id: Sanitize "<securiteinfo_id>" antivirus subscription IO
related to #11202 Viktor Gurov
01:16 AM pfSense Packages Bug #11343 (Resolved): Invalid link to pfSense-pkg-bind changelog: If you go to "Installed Packages" (/pkg_mgr_installed.php) or "Available Packages" (/pkg_mgr.php), there is a link to... Anthony Pants
01:05 AM Bug #11342: Sanitize DHCP DDNS keys: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/114 Viktor Gurov
12:57 AM Bug #11342 (Resolved): Sanitize DHCP DDNS keys: <ddnsdomainkey> from config.xml
and 'secret = ' from DHCP-IPv4 Configuration and DHCP-IPv6-Configuration Viktor Gurov
12:28 AM Bug #11341: PresharedKey is not sanitized from status_output config file: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/113 Viktor Gurov
12:24 AM Bug #11341 (Resolved): PresharedKey is not sanitized from status_output config file: PresharedKey is not sanitized from config file
WireGuard-Configuration File wg0.conf:... Viktor Gurov
12:22 AM pfSense Packages Bug #11325 (Resolved): BGP MD5 Keys Dropping Unintentionally: Viktor Gurov

01/29/2021

11:42 PM Bug #11340: Hide WG interfaces on DHCP/DHCPv6 Relay pages: - Hide WireGuard interfaces on DHCP/DHCPv6 Relay pages;
- Hide mediaopt field for WireGuard interfaces on interfaces... Viktor Gurov
11:39 PM Bug #11340 (Resolved): Hide WG interfaces on DHCP/DHCPv6 Relay pages: DHCP/DHCPv6 Relay doesn't support WireGuard interfaces:... Viktor Gurov
11:19 PM pfSense Packages Bug #11234 (Resolved): Filer not create missing necessary folders: Viktor Gurov
10:02 PM pfSense Packages Bug #11234: Filer not create missing necessary folders: I was able to create a folder ,
Example:
/var/folder/test1/test2
folder >> folder.
test1 >> folder.
test2... Alhusein Zawi
11:17 PM Bug #11338 (Feedback): WireGuard cannot connect to an IPv6 endpoint: Viktor Gurov
01:03 PM Bug #11338: WireGuard cannot connect to an IPv6 endpoint: Sample config, after my config file fix:... Jim Pingle
12:50 PM Bug #11338 (Resolved): WireGuard cannot connect to an IPv6 endpoint: WireGuard won't connect if using an IPv6 endpoint address on either end.
The IPv6 address in the config file doesn... Jim Pingle
09:41 PM pfSense Packages Bug #11325: BGP MD5 Keys Dropping Unintentionally: pressing "save" is not interrupting the adjacency. (fixed).
2.5.0.a.20210129.1122 Alhusein Zawi
08:06 AM pfSense Packages Bug #11325 (Feedback): BGP MD5 Keys Dropping Unintentionally: PR has been merged. Thanks! Renato Botelho
07:32 AM pfSense Packages Bug #11325 (Pull Request Review): BGP MD5 Keys Dropping Unintentionally: Jim Pingle
06:01 AM pfSense Packages Bug #11325: BGP MD5 Keys Dropping Unintentionally: - restart setkey only if parameters are changed;
- start setkey on service startup (frr.sh rc file fix);

https:/... Viktor Gurov
12:09 AM pfSense Packages Bug #11325: BGP MD5 Keys Dropping Unintentionally: pressing "save" interrupts the adjacency.
2.5.0.a.20210127.2350
Alhusein Zawi
09:25 PM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: I can confirm that this is still a problem in 2.5.0.a.20210129.1122.
I upgraded a school system today from 2.3.x to... Polar Nerd
06:54 PM Revision f32e1438: Add brackets around IPv6 endpoint address. Issue #11338: Jim Pingle
06:27 PM Bug #11339 (Not a Bug): Odd console output when WireGuard is running: I'm not sure what triggers the output (see image attached), and I'm not completely certain that it's WireGuard to beg... Marcos M
06:11 PM Bug #11323 (Resolved): Removing a WireGuard tunnel can cause others to be renumbered: Tested on Jan 29 build. Looks good. Marcos M
06:04 PM Bug #11322: WireGuard Public Key should not be entered by the user: Tested on Jan 29 build. Looks good.
The "Copy" link is a little odd in that it scrolls the viewport when clicking ... Marcos M
05:36 PM Bug #11312 (Resolved): Unable to edit or add WireGuard peers: Marcos M
05:34 PM Bug #11312: Unable to edit or add WireGuard peers: Tested on Jan 29 build. Looks good. Marcos M
04:49 PM Bug #11328: OpenVPN Ciphers will not stick in 2.5: Here is video of it occurring. It seems a bit random, sometimes it works, sometimes you end up with a completely diff... John Griffin
08:22 AM Bug #11328 (Rejected): OpenVPN Ciphers will not stick in 2.5: I can't reproduce this as stated. I was able to edit an existing client as well as create a new client, both times it... Jim Pingle
02:28 PM Revision 37a21d1b: Clarify that Peer WireGuard Address can be multiple addrs.: Jim Pingle
01:04 PM Revision c86937e9: Merge pull request #4498 from BBcan177/Fixes: Renato Botelho
12:36 PM Bug #11337 (Resolved): Interface column empty in list of GIF tunnels when using IP Alias on CARP VIP as Interface: If a GIF instance has its interface set to an IP Alias VIP which uses a CARP VIP as its own interface, the Interface ... Christian McDonald
11:13 AM Bug #11336 (Pull Request Review): Hide TLS keydir for p2p openvpn mode: Jim Pingle
09:39 AM Bug #11336: Hide TLS keydir for p2p openvpn mode: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/111 Viktor Gurov
09:38 AM Bug #11336 (Resolved): Hide TLS keydir for p2p openvpn mode: TLS keydir (as other TLS options) is not needed for "Peer to Peer (Shared Key)" mode Viktor Gurov
09:42 AM Bug #11272 (Resolved): OCSP settings only for TLS auth: 2.5.0.a.20210128.2350 - OK Viktor Gurov
09:36 AM pfSense Packages Bug #10429: Status Traffic Total broken 2.4.5: Patch works for me
2.4.5-RELEASE-p1 (amd64)
built on Tue Jun 02 17:51:17 EDT 2020
FreeBSD 11.3-STABLE
Status... Andres Mora
09:26 AM Regression #11316: Unbound crashes with signal 11 when reloading: Behavior on other systems (even FreeBSD) isn't directly relevant to pfSense software. They may be similar, but it's n... Jim Pingle
09:10 AM Regression #11316: Unbound crashes with signal 11 when reloading: In the "competitor's" forum, there are several pages of error descriptions and error analyses for Unbound 1.13.0. Als... Martin Müller
07:51 AM Regression #11316: Unbound crashes with signal 11 when reloading: Keep the discussion on the forum. If it's still happening, there is no evidence there. Last post was over a week ago ... Jim Pingle
07:36 AM Regression #11316: Unbound crashes with signal 11 when reloading: I have the same problem. it happens only when the option "Register DHCP leases in the DNS Resolver" is set.
it loo... Daniel Keller
09:10 AM Bug #11335 (New): Spoofing the MAC on a LAGG interface does not work for some NIC types.: When you spoof the MAC on an assigned LAGG interface in the webgui the new MAC is shown immediately as the 'ether' ad... Steve Wheeler
08:58 AM Bug #11212 (Resolved): PHP error on Mobile IPsec input validating error: 2.5.0.a.20210128.2350 fixed Viktor Gurov
08:57 AM pfSense Packages Bug #11334 (Feedback): FRR IPv4 OSPF passive-interface not working: Pushed a fix which works for me.
https://github.com/pfsense/FreeBSD-ports/commit/e1a9a4159ad577877ff378bf288cd8ec9... Jim Pingle
08:51 AM pfSense Packages Bug #11334 (Resolved): FRR IPv4 OSPF passive-interface not working: In frr_ospf.inc the list of passive interfaces is built by frr_generate_config_ospf_interfaces(), but that is run aft... Jim Pingle
08:05 AM pfSense Packages Bug #11333 (Feedback): Incorrect community-list format: PR has been merged. Thanks! Renato Botelho
07:36 AM pfSense Packages Bug #11333 (Pull Request Review): Incorrect community-list format: Jim Pingle
07:20 AM pfSense Packages Bug #11333: Incorrect community-list format: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/37 Viktor Gurov
06:34 AM pfSense Packages Bug #11333 (Resolved): Incorrect community-list format: /var/log/frr/frr-reload.log:... Viktor Gurov
08:04 AM pfSense Packages Bug #11321 (Feedback): Clamd service fails to start upon reboot when Block PUA option is checked on Squid Proxy Server Package: PR has been merged. Thanks! Renato Botelho
07:26 AM pfSense Packages Bug #11321 (Pull Request Review): Clamd service fails to start upon reboot when Block PUA option is checked on Squid Proxy Server Package: Jim Pingle
01:26 AM pfSense Packages Bug #11321: Clamd service fails to start upon reboot when Block PUA option is checked on Squid Proxy Server Package: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/35
Viktor Gurov
08:01 AM pfSense Packages Bug #11331 (Feedback): FreeRADIUS latest package upgrade broke Plain Mac Authentication: PR has been merged. Thanks! Renato Botelho
07:25 AM pfSense Packages Bug #11331 (Pull Request Review): FreeRADIUS latest package upgrade broke Plain Mac Authentication: Jim Pingle
01:06 AM pfSense Packages Bug #11331: FreeRADIUS latest package upgrade broke Plain Mac Authentication: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/34 Viktor Gurov
01:01 AM pfSense Packages Bug #11331 (Feedback): FreeRADIUS latest package upgrade broke Plain Mac Authentication: https://forum.netgate.com/topic/160323/freeradius-latest-package-upgrade:
From system logs:... Viktor Gurov
07:37 AM Bug #11332: Using LDAP-authentication against an pfsense+HAProxy -balanced ldap-endpoint does not work: Sure thing that was what I did. The response on the forum was to create a bugreport. So here I am.
https://forum.n... Thomas Malmberg
07:30 AM Bug #11332 (Not a Bug): Using LDAP-authentication against an pfsense+HAProxy -balanced ldap-endpoint does not work: I would suggest, before anything else, to try the same configuration on a 2.5.0 snapshot, where the LDAP code was cha... Jim Pingle
05:17 AM Bug #11332 (Not a Bug): Using LDAP-authentication against an pfsense+HAProxy -balanced ldap-endpoint does not work: The scenario is as follows. pfsense-01 is using pfsense-02/haproxy with ssl-termination as an authentication server l... Thomas Malmberg
07:24 AM Bug #11327: No WAN IP on Optimum Online Dynamic IP: A support subscription isn't all that relevant here, unless it's a configuration problem in pfSense software itself w... Jim Pingle
07:12 AM Bug #11319 (Resolved): Mobile IPsec certificate type validation: Tested on the latest release. It works fine. Ticket resolved. Danilo Zrenjanin
06:47 AM Bug #11303 (Resolved): Sticky connections units: Tested on the latest snapshot. It looks fine. Ticket resolved. Danilo Zrenjanin
04:24 AM Revision 00e2a771: Update vpn_wg_edit.php: * Text edits
* Formatting
* Remove debug console.log() BBcan177 .
03:31 AM Bug #11330: IGMP Proxy upgrade to latest version: I decided to test the OPNsense igmp proxy 0.3 package by force installing it over the version (0.2.1) that comes with... Patrick Monfette
01:35 AM Bug #11330: IGMP Proxy upgrade to latest version: Attached are the crashdump files.
You'll also see in the backlogs that because it rebooted so often in loop that I... Patrick Monfette
12:37 AM Bug #11329 (Duplicate): DHCP static map assigns IP to client even if "Deny unknown clients" is set.: fixed in 2.5
see #1605 Viktor Gurov

01/28/2021

09:50 PM Bug #11330 (Resolved): IGMP Proxy upgrade to latest version: IGMP Proxy has been updated to 0.3
https://github.com/pali/igmpproxy/releases/tag/0.3
Would it be possible to i... Patrick Monfette
06:26 PM Bug #11329 (Duplicate): DHCP static map assigns IP to client even if "Deny unknown clients" is set.: DHCP static map assigns IP to client even if "Deny unknown clients" is set, when the client's mac address has bee... Chris M
04:50 PM Bug #11327: No WAN IP on Optimum Online Dynamic IP: Jim Pingle wrote:
> If they suddenly stopped working without changing anything on the firewall the cause is unlikely... Gus Gemmiti
02:46 PM Bug #11327: No WAN IP on Optimum Online Dynamic IP: If they suddenly stopped working without changing anything on the firewall the cause is unlikely to be in pfSense sof... Jim Pingle
02:39 PM Bug #11327: No WAN IP on Optimum Online Dynamic IP: Jim Pingle wrote:
> There isn't any evidence of an actionable bug in pfSense yet. Keep the discussion on the forum f... Gus Gemmiti
02:26 PM Bug #11327 (Rejected): No WAN IP on Optimum Online Dynamic IP: There isn't any evidence of an actionable bug in pfSense yet. Keep the discussion on the forum for now.
This site ... Jim Pingle
02:04 PM Bug #11327 (Rejected): No WAN IP on Optimum Online Dynamic IP: I've been successfully using pfSense on this ISP for many years. Recently (a couple of months ago) it would no longe... Gus Gemmiti
03:56 PM Bug #11328 (Resolved): OpenVPN Ciphers will not stick in 2.5: So I upgraded my production home firwewall to 2.5 dev yesterday. None of the OpenVPN clients work after the upgrade d... John Griffin
03:43 PM Revision 9985ed7f: Gateway Group Policy rule creation fix. Issue #11298: Viktor Gurov
03:43 PM Revision 70ffbad3: OpenVPN Server page fields hide fix. #11272: Viktor Gurov
03:42 PM Revision 79ec3f15: Delete all OpenVPN related files on instance deletion. Issue #11254: Viktor Gurov
02:58 PM Revision c66b71c8: Mute console before load crypto modules: Renato Botelho
01:10 PM Bug #10919 (Resolved): Improve handling of OpenVPN data cipher negotiation options: Tested again on today's snapshot, and all works as expected now. I'll set the ticket to resolved. Max Leighton
11:17 AM pfSense Packages Bug #11325 (Feedback): BGP MD5 Keys Dropping Unintentionally: PR has been merged. Thanks! Renato Botelho
06:47 AM pfSense Packages Bug #11325: BGP MD5 Keys Dropping Unintentionally: Great thanks! Christian McDonald
01:10 AM pfSense Packages Bug #11325: BGP MD5 Keys Dropping Unintentionally: fix: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/32 Viktor Gurov
11:15 AM pfSense Packages Feature #11320 (Feedback): Update NAS client type: PR has been merged. Thanks! Renato Botelho
11:12 AM pfSense Packages Bug #11054 (Feedback): Check Client Certificate CN not working as described: PR has been merged. Thanks! Renato Botelho
07:11 AM pfSense Packages Bug #11054: Check Client Certificate CN not working as described: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/33 Viktor Gurov
11:03 AM pfSense Packages Bug #11001 (Feedback): freeradius lose sql lib every pfsense update: PR has been merged. Thanks! Renato Botelho
12:11 AM pfSense Packages Bug #11001 (Confirmed): freeradius lose sql lib every pfsense update: see https://forum.netgate.com/topic/149828/freeradius3-0-15-7_9-2020-01-20-its-stops-can-t-find-libmysqlclient-so-20/... Viktor Gurov
11:01 AM pfSense Packages Bug #8466 (Feedback): radiusd crash: PR has been merged. Thanks! Renato Botelho
10:22 AM Feature #11302: WireGuard XMLRPC sync: As a general rule, anyone using HA would not be using Automatic Outbound NAT -- they would be using Manual Outbound N... Jim Pingle
09:53 AM Feature #11302: WireGuard XMLRPC sync: I've been really running wireguard through it's paces and I have some thoughts concerning this.
So I have a typica... Christian McDonald
10:01 AM pfSense Packages Bug #4088 (Feedback): Buggy squidgurd config file is created: PR has been merged. Thanks! Renato Botelho
10:01 AM pfSense Packages Bug #3085 (Feedback): squidguard: problems when importing a blacklist archive containing soft-links: PR has been merged. Thanks! Renato Botelho
10:01 AM pfSense Packages Feature #11248 (Feedback): SafeSearch update: PR has been merged. Thanks! Renato Botelho
09:52 AM Bug #11250 (Feedback): disabled FTP-Proxy service starts on boot: PR has been merged. Thanks! Renato Botelho
09:51 AM pfSense Packages Bug #11274 (Feedback): ntopng https web server does not present full certificate chain: PR has been merged. Thanks! Renato Botelho
09:49 AM pfSense Packages Feature #11060 (Feedback): Block access to consumer Google accounts: PR has been merged. Thanks! Renato Botelho
09:47 AM pfSense Packages Bug #11234 (Feedback): Filer not create missing necessary folders: PR has been merged. Thanks! Renato Botelho
09:44 AM Bug #11254 (Feedback): Some OpenVPN configuration files remain after deleting an instance: PR has been merged. Thanks! Renato Botelho
09:43 AM Bug #11272 (Feedback): OCSP settings only for TLS auth: PR has been merged. Thanks! Renato Botelho
09:43 AM Bug #11298 (Feedback): Gateway Group Offline Bug: PR has been merged. Thanks! Renato Botelho
09:35 AM pfSense Packages Feature #11301 (Feedback): Switch FRR to use default rc file as a service control base: PR has been merged. Thanks! Renato Botelho
09:35 AM pfSense Packages Bug #11271 (Feedback): Setting default-originate in FRR/BGP Silently Appends a route-map: PR has been merged. Thanks! Renato Botelho
09:15 AM Todo #11278 (Feedback): Update dnsmasq to >=2.8.3: 2.84 is now imported to 2.5.0 repo Renato Botelho
08:37 AM Bug #11326: WireGuard peer allowedips is overriding system's static routes in System > Routing: Seems like you have a flawed configuration/design issue there but it's hard to tell without more information. Post on... Jim Pingle
08:28 AM Bug #11326: WireGuard peer allowedips is overriding system's static routes in System > Routing: Jim Pingle wrote:
> That's the expected behavior. By adding it as an Allowed IPs entry you told the system you _want... Adam Severns
08:01 AM Bug #11326 (Not a Bug): WireGuard peer allowedips is overriding system's static routes in System > Routing: That's the expected behavior. By adding it as an Allowed IPs entry you told the system you _wanted_ that traffic rout... Jim Pingle
07:51 AM Bug #11326 (Not a Bug): WireGuard peer allowedips is overriding system's static routes in System > Routing: If you create a peer on a wg interface that contains an allowedip that also happens to be a static route in System > ... Adam Severns
08:34 AM pfSense Packages Bug #11261: pfBlockerNG ASN numbers in IPv4 (/IPv6) Custom_List generate error(s) "Invalid numeric literal at line 1, column 7": The error may appear when the ASN is empty. See:
[ AS36229_v4 ] Downloading update .parse error: Invalid num... P L
03:57 AM pfSense Packages Bug #11259 (Closed): pfBlockerNG-devel fails to update all IP addresses for ASN using IPv4 Source Definitions: 31.13.71.50 is in
https://api.bgpview.io/asn/32934/prefixes:... Viktor Gurov

01/27/2021

05:06 PM Revision 0c68239a: Fix WireGuard interface name assignment. Fixes #11323: Only set the name when it's empty/unset (e.g. when first created),
automatically determine the next available wg inte... Jim Pingle
05:01 PM Bug #10966: IPv6 - WAN does not renew address when upstream fails: Same here - it's a very common issue for me as well, more than happy to get involved in helping nail this one if I can. Stephen Baines
04:57 PM Bug #10966: IPv6 - WAN does not renew address when upstream fails: Really keen to see some progress with this, it's impacting me on an almost weekly basis.
Please let me know if the... Sam McLeod
04:22 PM Revision 4fdcc82b: WireGuard: Always derive public key. Issue #11322: If the user enters a different private key, using the supplied public
key would lead to a mismatch. So always derive ... Jim Pingle
04:11 PM Revision 2ccdb454: WireGuard: Make pubkey read only, populate automatically. Fixes #11322: While here, add a link to copy the public key to the clipboard. Jim Pingle
04:09 PM pfSense Packages Bug #11325 (Resolved): BGP MD5 Keys Dropping Unintentionally: FRR 1.0.0 on latest v2.5 snapshots.
I'm peering with an upstream that requires a neighbor password.
If I run 's... Christian McDonald
03:20 PM Revision 51fa9278: Merge branch 'viktor/pfSense-ipsecmobileinperror': Jim Pingle
11:18 AM Regression #11316: Unbound crashes with signal 11 when reloading: https://forum.netgate.com/topic/160005/pfsense-2-50-snapshots-have-been-dying-for-the-past-couple-of-days Greg M
11:15 AM Bug #11323 (Feedback): Removing a WireGuard tunnel can cause others to be renumbered: Applied in changeset commit:0c68239a28d3e7a2ee3b58e60b0dd0e0081d7731. Jim Pingle
10:53 AM Bug #11323 (In Progress): Removing a WireGuard tunnel can cause others to be renumbered: Jim Pingle
10:46 AM Bug #11323 (Resolved): Removing a WireGuard tunnel can cause others to be renumbered: * Configure two WireGuard tunnels, wg0 and wg1
* Delete wg0
* Tunnel list shows only wg1
* Edit/Save wg1
* Tunnel... Jim Pingle
10:47 AM Feature #11324 (New): Separate syslog "Remote log servers" Parameters: Currently when setting Multiple Remote log servers, the "Remote Syslog Contents" is GLOBAL. Feature request to set e... Mark WILLIAMS
10:31 AM Bug #11322: WireGuard Public Key should not be entered by the user: gitsync'ed and looking good so far Christian McDonald
10:20 AM Bug #11322 (Feedback): WireGuard Public Key should not be entered by the user: Applied in changeset commit:2ccdb45478a4a7056929e455be9e0841bc8a4280. Jim Pingle
10:10 AM Bug #11322 (In Progress): WireGuard Public Key should not be entered by the user: Jim Pingle
10:05 AM Bug #11322 (Resolved): WireGuard Public Key should not be entered by the user: The WireGuard tunnel public key is derived from the private key. There isn't a compelling reason to allow the user to... Jim Pingle
09:21 AM Feature #11293 (Pull Request Review): New Dynamic DNS Provider: one.com: Jim Pingle
12:05 AM Feature #11293: New Dynamic DNS Provider: one.com: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/242 Viktor Gurov
09:20 AM Bug #11212 (Feedback): PHP error on Mobile IPsec input validating error: PR merged Jim Pingle
12:01 AM Bug #11212 (New): PHP error on Mobile IPsec input validating error: same issue with Group Authentication / Authentication Groups field,
fix: https://gitlab.netgate.com/pfSense/pfSense/... Viktor Gurov
09:18 AM Bug #11319 (Feedback): Mobile IPsec certificate type validation: PR merged Jim Pingle
01:22 AM Bug #11319: Mobile IPsec certificate type validation: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/110 Viktor Gurov
01:01 AM Bug #11319 (Resolved): Mobile IPsec certificate type validation: Mobile IPsec mode doesn't support User Certificates
extra input validation required Viktor Gurov
09:16 AM pfSense Packages Feature #11320 (Pull Request Review): Update NAS client type: Jim Pingle
03:47 AM pfSense Packages Feature #11320: Update NAS client type: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/30 Viktor Gurov
03:09 AM pfSense Packages Feature #11320 (Resolved): Update NAS client type: Client Type field needs update,
Current list of NAT types:
cisco
computone
livingston
max40xx
multitech
nets... Viktor Gurov
09:13 AM Bug #11288 (Resolved): Wireguard: Peer PSK is auto-filled to the keepalive field: Jim Pingle
08:05 AM Bug #11288: Wireguard: Peer PSK is auto-filled to the keepalive field: tested on gitsync yesterday and today via normal snapshot upgrade, both look good here. Christian McDonald
08:03 AM pfSense Packages Bug #9542: FreeRadius with MySQL not started and require mysql-client packet: see #11001 Viktor Gurov
08:02 AM pfSense Packages Bug #10976: Freeradius dont start with SQL configuration: see #11001 Viktor Gurov
07:15 AM Revision f7bc20ef: Mobile IPsec certificate validation. Issue #11319: Viktor Gurov
06:39 AM pfSense Packages Bug #11321 (Resolved): Clamd service fails to start upon reboot when Block PUA option is checked on Squid Proxy Server Package: The Clamd service fails to start upon reboot when Block PUA option is checked on Squid Proxy Server Package with the ... RED SKULL
05:58 AM Revision 3b592d01: Fix PHP error in Mobile IPsec validation if Group Auth is selected. Fixes #11212: Viktor Gurov
12:43 AM pfSense Docs Correction #11318 (Closed): Feedback on pfSense Configuration Recipes — IPsec Site-to-Site VPN Example with Certificate Authentication: incorrect, only required for IPsec Mobile server Viktor Gurov
12:18 AM pfSense Docs Correction #11318 (Closed): Feedback on pfSense Configuration Recipes — IPsec Site-to-Site VPN Example with Certificate Authentication: *Page:* https://docs.netgate.com/pfsense/en/latest/recipes/ipsec-s2s-tls.html
*Feedback:*
"Set the Certificate ... Viktor Gurov
12:10 AM Feature #11317 (Closed): Backup/Restore WireGuard config: already in the latest snapshots Viktor Gurov
12:07 AM Feature #11317 (Closed): Backup/Restore WireGuard config: WireGuard backup/restore on diag_backup.php page Viktor Gurov

01/26/2021

09:38 PM Bug #10966: IPv6 - WAN does not renew address when upstream fails: Hi, considering the fact that the user only saw the patched version not fix the issue one time, would it be possible ... John Griffin
08:51 PM Revision 002a038f: Update OpenVPN Wizard to match current server options. Fixes #10919: Jim Pingle
04:13 PM Revision 9f127e7e: Fix WG Keep Alive field variable name. Fixes #11288: Jim Pingle
03:32 PM Revision 6f78203a: Fix WG Generate button descr.: Jim Pingle
03:30 PM Bug #11307 (Resolved): PHP error when attempting to edit Wireguard peer after creation: No sign of this on snapshots from today, for new or existing peers. Jim Pingle
03:29 PM Bug #11304 (Resolved): DNS-Problems after Configuring VPN-WireGuard with IPv4 & IPv6 Address: Could easily replicate the problem on previous snapshot, current snapshot is working well. The entries in the DNS res... Jim Pingle
03:28 PM Bug #11300 (Resolved): WireGuard Gateway Should Monitor the Remote Peer, not the Local Peer.: Working as intended on current snapshots, for both IPv4 and IPv6. Jim Pingle
09:23 AM Bug #11300: WireGuard Gateway Should Monitor the Remote Peer, not the Local Peer.: Nice. Patched up this morning on my boxes and this is looking good so far Christian McDonald
03:27 PM Bug #11291 (Resolved): WireGuard MTU Can Flap between 1420 and 1500: MTU is stable on current snapshots. It's 1420 even after save/apply on an assigned interface. Jim Pingle
03:26 PM Bug #11289 (Resolved): Wireguard: Automatic outbound NAT rules are applied to the WG interface: OK on current snapshots. The automatic outbound NAT rules are not being applied to WireGuard interfaces (assigned or ... Jim Pingle
03:14 PM Revision 4efba66a: Improve WireGuard field labels & descriptions.: Jim Pingle
03:06 PM Bug #11286 (Resolved): Endpoint port is mandatory if Endpoint is defined: OK on current snapshot. If the endpoint is filled in and port is blank, the default port is used. Jim Pingle
03:05 PM Bug #10919 (Feedback): Improve handling of OpenVPN data cipher negotiation options: Applied in changeset commit:002a038f4e9d4ce4cb4f8e5dec5036eb822017a6. Jim Pingle
02:48 PM Regression #11316 (Rejected): Unbound crashes with signal 11 when reloading: There is not nearly enough information here to constitute a proper bug report, and I cannot reproduce the problem as ... Jim Pingle
02:21 PM Regression #11316 (Resolved): Unbound crashes with signal 11 when reloading: Seems to be the same as here...
https://forum.opnsense.org/index.php?topic=20516.0
My workaround: I have moved t... Martin Müller
02:48 PM Bug #11288: Wireguard: Peer PSK is auto-filled to the keepalive field: Excellent, will test! Thanks Christian McDonald
10:15 AM Bug #11288 (Feedback): Wireguard: Peer PSK is auto-filled to the keepalive field: I found a typo in the variable name used to populate the value in the GUI, but the backend appears to be using it app... Jim Pingle
10:03 AM Bug #11288: Wireguard: Peer PSK is auto-filled to the keepalive field: I'm still having issues with the Keepalive field. When I edit and peer and set the keepalive value, save and come bac... Christian McDonald
02:36 PM Revision 0a0ef335: Improve WireGuard port validation. Fixes #11311: Jim Pingle
02:15 PM Revision cd4103cd: Encode WireGuard tunnel edit/peer values. Issue #11312: Jim Pingle
02:07 PM Revision 7e226dc7: Encode WireGuard tunnel list values. Issue #11312: Jim Pingle
01:37 PM Revision b505e3ae: Suppress errors when opening router file. Fixes #11314: Jim Pingle
01:10 PM Revision 73bd9c00: Merge branch 'viktor/pfSense-checkipsecwildcardcert': Jim Pingle
01:02 PM Bug #11315 (Duplicate): Traffic Graph. shows flat line for wireguard interface: Already being tracked internally (NG 5522) Jim Pingle
12:54 PM Bug #11315 (Duplicate): Traffic Graph. shows flat line for wireguard interface: I'm running... Felix G
12:02 PM Revision 1b165375: IPsec wildcard certificates input validation. Implements #11297: Viktor Gurov
09:20 AM Bug #11312: Unable to edit or add WireGuard peers: I had an string that included a single quote encased by the <descr></descr> variable so it lines up perfectly with yo... RED SKULL
08:25 AM Bug #11312 (Feedback): Unable to edit or add WireGuard peers: I found a couple issues on the page that could be a problem if the description contained a single quote (@'@) which c... Jim Pingle
07:15 AM Bug #11312: Unable to edit or add WireGuard peers: What did you have in those fields?
The keepalive value is numeric so it's unlikely to be that. Description is CDAT... Jim Pingle
08:45 AM Bug #11311 (Feedback): Listen and peer port validation in wg.inc: Applied in changeset commit:0a0ef3352ad9a9c3710c1349a9e91da3209050df. Jim Pingle
07:45 AM Bug #11314 (Feedback): PHP error in gwlb.inc (potential race): Applied in changeset commit:b505e3aecc11b8f8e42c8a3fd7c8b9537c3264a2. Jim Pingle
07:36 AM Bug #11314 (Resolved): PHP error in gwlb.inc (potential race): I can't reproduce this reliably, but occasionally there is a PHP error at boot time:... Jim Pingle
07:20 AM Bug #11297: strongSwan doesn't support wildcard certificates: Applied in changeset commit:1b1653756bf5c087ccb11a7f82202e155cd3fcf2. Viktor Gurov
07:12 AM Bug #11297 (Feedback): strongSwan doesn't support wildcard certificates: Jim Pingle
07:10 AM Bug #11313: Netgate SG-5100 has not received 2.5.0 development update since 11-27-2020: Jim Pingle wrote:
> We are aware. All factory snapshots are currently disabled for internal testing.
Thanks Jim. ... Craig Weber
07:09 AM Bug #11313 (Not a Bug): Netgate SG-5100 has not received 2.5.0 development update since 11-27-2020: We are aware. All factory snapshots are currently disabled for internal testing. Jim Pingle
06:44 AM Bug #11313 (Not a Bug): Netgate SG-5100 has not received 2.5.0 development update since 11-27-2020: Hello,
I've been running the 2.5.0 Development build and for many months would receive regular updates daily. My a... Craig Weber

01/25/2021

11:04 PM Bug #11312: Unable to edit or add WireGuard peers: Ability to edit wireguard peers was regained by editing /cf/conf/config.xml and removing values from the following va... RED SKULL
09:55 PM Bug #11312 (Resolved): Unable to edit or add WireGuard peers: After upgrading from test build 2.5.0.a.20210122.2350 to 2.5.0.a.20210125.0856:
-- I am unable to edit all existi... RED SKULL
09:05 PM Revision ed837d48: Attempt to use peer wg address if possible for gateway. Implements #11300: Jim Pingle
08:43 PM Bug #11311 (Resolved): Listen and peer port validation in wg.inc: The listen port in function wg_validate_post and the peer port in function wg_validate_peer do not appear to be valid... John Clark
04:13 PM Revision 7f56c539: Add WireGuard to backup areas. Implements NG 5485: Jim Pingle
04:02 PM Revision 0c3fff67: Refine Unbound auto ACL generation. Implements #11309: Jim Pingle
03:28 PM Revision 7fe0979b: Rework WireGuard tonatsubnets/unbound ACL entries. Fixes #11304: Jim Pingle
03:15 PM Bug #11300 (Feedback): WireGuard Gateway Should Monitor the Remote Peer, not the Local Peer.: Applied in changeset commit:ed837d48335b1cafdaae3c8320c3a78229e57386. Jim Pingle
02:37 PM Bug #11300 (New): WireGuard Gateway Should Monitor the Remote Peer, not the Local Peer.: I thought up a viable way to do it. Not as clean/elegant as I wanted, but it works. Jim Pingle
08:01 AM Bug #11300: WireGuard Gateway Should Monitor the Remote Peer, not the Local Peer.: The main problem is that there isn't a way for the gateway system to know a viable remote peer address to monitor.
... Jim Pingle
02:14 PM Revision 2924fc26: Init var before use. Fixes #11307: Jim Pingle
01:51 PM Revision 81f10ba1: Add units to source tracking timeout description. Fixes #11303: Jim Pingle
01:41 PM Revision f25efb4b: Allowe peer port < 512: Steve Beaver
01:40 PM Revision 94230d38: Allowe listen port < 512: Steve Beaver
01:33 PM Revision 8b9d2275: Use correct default MTU for WireGuard. Fixes #11291: Jim Pingle
11:59 AM Bug #9450 (Resolved): Multiwan gateway group fail-over not working as expected (possible race condition): I can not reproduce this in 2.5 under the same conditions that cause it in 2.4.5p1. Dee D's response sounds like the ... Max Leighton
11:44 AM Bug #6880: Multiple DHCP6 WAN connections leads to multiple dhcp6c clients: Yes, still there :( Tobias H
11:39 AM pfSense Packages Bug #11271: Setting default-originate in FRR/BGP Silently Appends a route-map: I know you _can_ but why limit the configuration in such a fashion?
Checkbox for enabling default-originate IPv4 w... Chris Linstruth
11:28 AM pfSense Packages Bug #11271: Setting default-originate in FRR/BGP Silently Appends a route-map: Chris Linstruth wrote:
> Shouldn't there be a separate route map selection for each address family?
You can match... Ben Hughes
08:00 AM pfSense Packages Bug #11271: Setting default-originate in FRR/BGP Silently Appends a route-map: Shouldn't there be a separate route map selection for each address family? Chris Linstruth
07:19 AM pfSense Packages Bug #11271 (Pull Request Review): Setting default-originate in FRR/BGP Silently Appends a route-map: Jim Pingle
10:10 AM Todo #11309 (Feedback): DNS Resolver automatic ACL entries need refinement: Applied in changeset commit:0c3fff676c104ca720f251a28b99d2d285298f8f. Jim Pingle
09:34 AM Todo #11309 (Resolved): DNS Resolver automatic ACL entries need refinement: The way the DNS resolver backend code in unbound.inc generates the automatic access list entries is inefficient.
T... Jim Pingle
10:06 AM Bug #11308 (Duplicate): NTP Trying IPv6 when no IPv6 connectivity is available or configured.: See #10322 Jim Pingle
09:34 AM Bug #11308: NTP Trying IPv6 when no IPv6 connectivity is available or configured.: Screen recording of bouncing NTPD. Christian McDonald
09:31 AM Bug #11308 (Duplicate): NTP Trying IPv6 when no IPv6 connectivity is available or configured.: My firewall has IPv6 traffic explicitly blocked and no IPv6 configured on any WAN interfaces.
NTP tries to hit IPv... Christian McDonald
09:56 AM pfSense Packages Feature #11310: Adding a widget to apcupsd plug-in: Link to pull request: https://github.com/pfsense/FreeBSD-ports/pull/1034 Andrew S
09:45 AM pfSense Packages Feature #11310 (Resolved): Adding a widget to apcupsd plug-in: I was inspired to create a widget for the apcupsd plug-in that is included with pfSense and I would like to contribut... Andrew S
09:35 AM Bug #11304 (Feedback): DNS-Problems after Configuring VPN-WireGuard with IPv4 & IPv6 Address: Applied in changeset commit:7fe0979bc0de358a95767c25cfcbddec4a932ce4. Jim Pingle
07:56 AM Bug #11304 (In Progress): DNS-Problems after Configuring VPN-WireGuard with IPv4 & IPv6 Address: Jim Pingle
08:20 AM Bug #11307 (Feedback): PHP error when attempting to edit Wireguard peer after creation: Applied in changeset commit:2924fc260c5c9cbdd03aaa02f9c10944336c6787. Jim Pingle
08:11 AM Bug #11307 (In Progress): PHP error when attempting to edit Wireguard peer after creation: Jim Pingle
08:07 AM Feature #11306 (Duplicate): Switchable time-out for remote admin (like “reload in min / reload cancel” in CISCO): Duplicate of #3895 Jim Pingle
08:05 AM Bug #11290 (Closed): Package ``<plugins>`` and ``<tabs>`` content missing from configuration in some cases: I'll close this out for now, but if someone can reproduce it, we can open it back up with more details about exactly ... Jim Pingle
08:00 AM Bug #11303 (Feedback): Sticky connections units: Applied in changeset commit:81f10ba1d0b64e23b7386e21730d4acee2e2944c. Jim Pingle
07:52 AM Bug #11303: Sticky connections units: Load Balancer is gone, so this is technically now only a multi-wan setting.
I committed a different change to ment... Jim Pingle
07:54 AM Bug #11291: WireGuard MTU Can Flap between 1420 and 1500: Looks good, thanks for the quick update Christian McDonald
07:40 AM Bug #11291 (Feedback): WireGuard MTU Can Flap between 1420 and 1500: Applied in changeset commit:8b9d2275015be7bf8febb1714f8a979d7c5f2beb. Jim Pingle
07:22 AM Bug #11291 (In Progress): WireGuard MTU Can Flap between 1420 and 1500: Jim Pingle
07:49 AM pfSense Packages Bug #8466 (Pull Request Review): radiusd crash: Jim Pingle
07:48 AM Feature #11294 (Pull Request Review): New Dynamic DNS Provider: Yandex PDD: Jim Pingle
07:48 AM Feature #11302: WireGuard XMLRPC sync: Might be tricky since if it was allowed, it couldn't be assigned, or else we'd have to code around allowing it to be ... Jim Pingle
07:45 AM pfSense Packages Feature #11301 (Pull Request Review): Switch FRR to use default rc file as a service control base: Jim Pingle
07:43 AM Bug #11299 (Pull Request Review): Unused L2TP VPN files are not removed when the service is disabled: Jim Pingle
07:42 AM Bug #11296 (Pull Request Review): Static route targets may still reachable via default route when the gateway they should route through is down: Jim Pingle
07:40 AM Bug #11297 (Pull Request Review): strongSwan doesn't support wildcard certificates: Jim Pingle
07:39 AM Bug #11298 (Pull Request Review): Gateway Group Offline Bug: Jim Pingle
07:37 AM Bug #11292 (Duplicate): in the wireguard page double clicking existing tunnel doesn't open the configuration page: This was fixed several days ago, see commit:56a4e2d56f66432a596329bc65cde4c159951829
Duplicate of an entry in our ... Jim Pingle

01/24/2021

11:02 PM Bug #11307 (Resolved): PHP error when attempting to edit Wireguard peer after creation: Version:... Peter Potvin
02:43 PM Bug #11279 (Resolved): Typo in WireGuard Configuration: Confirmed that this typo is fixed in the latest build. Marking the ticket as resolved Max Leighton
02:11 PM Bug #11291: WireGuard MTU Can Flap between 1420 and 1500: I've nailed down clear reproduction steps...assuming that you have a WG tunnel and it's corresponding wg interface as... Christian McDonald
02:04 PM Bug #11290: Package ``<plugins>`` and ``<tabs>`` content missing from configuration in some cases: I experienced this with a very simple OSPF configuration that I had on the 2.4 stable branch. This was an in-place up... Christian McDonald
01:28 AM Feature #11306 (Duplicate): Switchable time-out for remote admin (like “reload in min / reload cancel” in CISCO): Implementation of timeout for remote administration when some change (in ACL for example, in fw rules, etc., ) may ca... Sergei Shablovsky
01:02 AM Bug #11305 (Duplicate): Gateway Group Trigger Level 'Packet Loss or High Latency' Broken: Duplicate of #11298 Viktor Gurov
12:09 AM pfSense Packages Feature #10816 (Resolved): Allow FRR BGP Neighbors to be active in both IPv4 and IPv6: Tested on 21.02-DEVELOPMENT (amd64)
built on Sat Jan 23 00:06:39 EST 2021
FreeBSD 12.2-STABLE
Checkbox "Address ... Azamat Khakimyanov
12:04 AM pfSense Packages Feature #11202 (Resolved): Antivirus feature update: Tested on 21.02-DEVELOPMENT (amd64)
built on Sat Jan 23 00:06:39 EST 2021
FreeBSD 12.2-STABLE
All these new feat... Azamat Khakimyanov

01/23/2021

09:15 PM Bug #11290: Package ``<plugins>`` and ``<tabs>`` content missing from configuration in some cases: please provide the Steps to reproduce the issue. Alhusein Zawi
06:52 PM Bug #11290: Package ``<plugins>`` and ``<tabs>`` content missing from configuration in some cases: Update: I'm not seeing this in the latest snapshots now. So I'm not entirely sure what's going on. There might be an ... Christian McDonald
06:44 PM Bug #11300: WireGuard Gateway Should Monitor the Remote Peer, not the Local Peer.: I guess I'm not familiar enough with the current codebase to follow the reasoning here, but I've created a few manual... Christian McDonald
09:23 AM Bug #11300 (Rejected): WireGuard Gateway Should Monitor the Remote Peer, not the Local Peer.: It's not viable, unfortunately. I tried doing it a few different ways but the current behavior is the best so far.
... Jim Pingle
08:57 AM Bug #11300 (Resolved): WireGuard Gateway Should Monitor the Remote Peer, not the Local Peer.: Not sure the value of monitoring the local/self peer on WireGuard gateways. These should monitor the far/remote end. ... Christian McDonald
06:01 PM Bug #11305 (Duplicate): Gateway Group Trigger Level 'Packet Loss or High Latency' Broken: Whenever I'm doing PBR using a gateway group with a trigger level of 'Packet Loss or High Latency', the firewall rule... Christian McDonald
03:54 PM Bug #11304 (Resolved): DNS-Problems after Configuring VPN-WireGuard with IPv4 & IPv6 Address: VPN / WireGuard / Tunnels
Address: 172.16.16.1/24 -> Everything ist OK
Also allowed is a Comma separated lis... Stephan Hartenauer
03:32 PM pfSense Packages Bug #8047: XG-2758 - Coreboot Upgrade - Different ROM size: Renato Botelho wrote:
> According ADI engineers XG-2758 requires a physical power cycle after upgrade coreboot and b... Arthur Brownlee IV
12:52 PM Bug #11303: Sticky connections units: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/107 Danilo Zrenjanin
12:32 PM Bug #11303 (Resolved): Sticky connections units: Under System/Advanced/Miscellaneous - LoadBalancing description, it is not clear what is the measurement unit(seconds... Danilo Zrenjanin
11:38 AM pfSense Packages Bug #8466: radiusd crash: Fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/29 Danilo Zrenjanin
10:49 AM Feature #11294: New Dynamic DNS Provider: Yandex PDD: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/242 Viktor Gurov
09:45 AM Bug #11288 (Resolved): Wireguard: Peer PSK is auto-filled to the keepalive field: 2.5.0.a.20210122.2350 fixed Viktor Gurov
09:44 AM Bug #11283 (Resolved): Incorrect WireGuard help page: 2.5.0.a.20210122.2350 fixed Viktor Gurov
09:43 AM Feature #11302 (New): WireGuard XMLRPC sync: It would be nice to sync WireGuard configuration and automatically set it to 'disabled' state on the secondary node
... Viktor Gurov
09:20 AM pfSense Packages Feature #11301: Switch FRR to use default rc file as a service control base: PR: https://github.com/pfsense/FreeBSD-ports/pull/1033 Ben Hughes
09:20 AM pfSense Packages Feature #11301 (Feedback): Switch FRR to use default rc file as a service control base: Switch FRR to use default rc file as a service control base

- Set rc.conf.d/frr for watchfrr service action su... Ben Hughes
08:53 AM Bug #11299: Unused L2TP VPN files are not removed when the service is disabled: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/105 Viktor Gurov
08:51 AM Bug #11299 (Resolved): Unused L2TP VPN files are not removed when the service is disabled: `/var/etc/l2tp-vpn` files are not deleted if you disable L2TP VPN Viktor Gurov
08:37 AM Bug #11282 (Resolved): php error on creating new PPPoE server instance: works as expected on 2.5.0.a.20210122.2350 Viktor Gurov
08:35 AM pfSense Packages Feature #11102 (Resolved): Include a dictionary for mpd5 in Freeradius: dictionary.mpd is included Viktor Gurov
08:24 AM Bug #11296: Static route targets may still reachable via default route when the gateway they should route through is down: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/104 Viktor Gurov
02:54 AM Bug #11296 (New): Static route targets may still reachable via default route when the gateway they should route through is down: https://forum.netgate.com/topic/160103/static-routes-not-as-expected:
When WAN gateway is down, I can still access/p... Viktor Gurov
06:25 AM Bug #11297: strongSwan doesn't support wildcard certificates: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/103 Viktor Gurov
03:18 AM Bug #11297 (Resolved): strongSwan doesn't support wildcard certificates: Wildcard certificates are declared deprecated in RFC 6125.
A check which would prevent users from adding a wildcar... Danilo Zrenjanin
04:49 AM Bug #11298: Gateway Group Offline Bug: fix: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/102
see also #10716 Viktor Gurov
03:43 AM Bug #11298 (Resolved): Gateway Group Offline Bug: https://forum.netgate.com/topic/160153/gateway-group-offline-bug:
In 2.5.0.a.20210121.2350 I discovered an issue t... Viktor Gurov

01/22/2021

11:48 PM pfSense Packages Feature #11295 (Resolved): DNSBL IDN support: Add IDN domains support to:
- DNSBL Whitelist
- DNSBL Custom_List
- Python no AAAA List
- IPv4 Custom_List (domai... Viktor Gurov
11:46 PM pfSense Packages Feature #9249 (Resolved): [siproxd] Add config for siptrunk plugin: Viktor Gurov
11:13 PM pfSense Packages Feature #9249: [siproxd] Add config for siptrunk plugin: The configuration has been added to /usr/local/etc/siproxd.conf after Enabling SIP Trunk Plugin
load_plugin=plugin... Alhusein Zawi
11:09 PM Feature #11294 (Closed): New Dynamic DNS Provider: Yandex PDD: Add support for pddimp.yandex.ru dyndns:
https://yandex.com/dev/connect/directory/api/concepts/domains/dns-records-v... Viktor Gurov
11:01 PM Feature #11293 (Closed): New Dynamic DNS Provider: one.com: Add support for one.com DDNS, see:
https://forum.netgate.com/topic/124904/dynamic-dns-one-com Viktor Gurov
09:26 PM Bug #11292 (Duplicate): in the wireguard page double clicking existing tunnel doesn't open the configuration page: in the wireguard page
double clicking existing tunnel doesn't open the configuration page
like others pfsense p... khaled osama
09:05 PM Bug #11283: Incorrect WireGuard help page: 21.02.a.20210120.2350 fixed
2.5.0.a.20210121.2350 not fixed Alhusein Zawi
07:20 AM Bug #11283 (Feedback): Incorrect WireGuard help page: Applied in changeset commit:16a294f7678a4be1a0e7fc066300958dc734deb3. Jim Pingle
02:26 AM Bug #11283: Incorrect WireGuard help page: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/100 Viktor Gurov
02:23 AM Bug #11283 (Resolved): Incorrect WireGuard help page: Clicking on the help icon redirects to https://docs.netgate.com/pfsense/en/latest/index.html instead of https://docs.... Viktor Gurov
06:23 PM Revision fedf01cd: Fix length check for WireGuard interface descriptions: Jim Pingle
06:23 PM Revision e1afb219: Add WireGuard to easyrule: Jim Pingle
06:11 PM Bug #11291 (Resolved): WireGuard MTU Can Flap between 1420 and 1500: The default WireGuard MTU is typically 1420. However , I’ve observed cases where the wg interfaces will flap between ... Christian McDonald
05:40 PM Revision bc8cf86b: Exclude wg(4) from auto outbound NAT. Fixes #11289: Jim Pingle
04:02 PM Revision a0103e4b: PPPoE Server users create and instance delete fix. Issue #11282: Viktor Gurov
04:00 PM Revision d3eb9b35: Fixed 11287 by moving style to css: Steve Beaver
03:55 PM Revision c0d26370: Use gettext() on WireGuard endpoint text. Issue #11286: Jim Pingle
03:52 PM Revision e801e55b: Assume default WG port if empty. Fixes #11286: While here, print a more user-friendly value when peer endpoints are
empty. Jim Pingle
03:30 PM Revision 262dba24: Fix populating keepalive value. Fixes #11288: Jim Pingle
03:24 PM Revision df799f2c: Assume default WG port if empty. Fixes #11286: Jim Pingle
03:17 PM pfSense Packages Bug #11271: Setting default-originate in FRR/BGP Silently Appends a route-map: Chris Linstruth wrote:
> I suggest a checkbox to enable default-originate and a pulldown that lists the route maps f... Ben Hughes
03:15 PM pfSense Packages Bug #11271: Setting default-originate in FRR/BGP Silently Appends a route-map: PR: https://github.com/pfsense/FreeBSD-ports/pull/1032 Ben Hughes
02:46 PM pfSense Packages Bug #11271: Setting default-originate in FRR/BGP Silently Appends a route-map: I suggest a checkbox to enable default-originate and a pulldown that lists the route maps for OPTIONAL inclusion. Chris Linstruth
01:36 PM pfSense Packages Bug #11271: Setting default-originate in FRR/BGP Silently Appends a route-map: George Phillips wrote:
> Basically, that drop-down menu should be empty unless the user defines their own route-maps... Ben Hughes
01:35 PM pfSense Packages Bug #11271: Setting default-originate in FRR/BGP Silently Appends a route-map: Yeh it's a bug, if you select IPv4+IPv6 then it'll work as expected but everything else it'll interpret at a route ma... Ben Hughes
12:14 PM pfSense Packages Bug #11271: Setting default-originate in FRR/BGP Silently Appends a route-map: Basically, that drop-down menu should be empty unless the user defines their own route-maps. The ipv4, ipv6, and ipv... George Phillips
03:17 PM Revision 56a4e2d5: Add doubleclick handlers to WireGuard tables: Steve Beaver
02:18 PM Bug #11290 (Resolved): Package ``<plugins>`` and ``<tabs>`` content missing from configuration in some cases: FRR 1.0.0 is not properly starting/stopping in regards to the configured CARP status IP. Christian McDonald
01:34 PM pfSense Packages Bug #8466: radiusd crash: I tested on the latest snapshot. It still allows entering " as the first character.
e.g., entering the password _... Danilo Zrenjanin
01:15 PM Revision 171b0eb2: Revert "Add wg to ALTQ list. Implements #11280": Unstable. See #11285
This reverts commit 4a49b0d9b182c76f658201124c43278a65542c98. Jim Pingle
01:13 PM Revision 16a294f7: Add help.php entries for Wireguard pages. NG 5455 and Fixes #11283: Jim Pingle
01:02 PM Bug #10919 (In Progress): Improve handling of OpenVPN data cipher negotiation options: Jim Pingle
11:50 AM Bug #11289 (Feedback): Wireguard: Automatic outbound NAT rules are applied to the WG interface: Applied in changeset commit:bc8cf86b8f1d83677c43ba4501704b9192501495. Jim Pingle
11:41 AM Bug #11289: Wireguard: Automatic outbound NAT rules are applied to the WG interface: It should be excluded from automatic outbound NAT, but it does belong in tonatsubnets (so it gets NAT out WANs).
C... Jim Pingle
11:21 AM Bug #11289 (Resolved): Wireguard: Automatic outbound NAT rules are applied to the WG interface: It's unexpected that they should be there for a site-to-site setup.
Additionally the WG interface subnet is includ... Steve Wheeler
10:43 AM pfSense Packages Bug #11054: Check Client Certificate CN not working as described: see http://freeradius.1045715.n5.nabble.com/user-name-and-EAP-TLS-td5714550.html:... Viktor Gurov
10:23 AM Bug #11287 (Resolved): The Wireguard Peers list is not Dark theme compatible: Looks good after a gitsync. It's respecting the CSS change now. Jim Pingle
10:00 AM Bug #11287 (Feedback): The Wireguard Peers list is not Dark theme compatible: Anonymous
08:49 AM Bug #11287 (Resolved): The Wireguard Peers list is not Dark theme compatible: The text is white in the Dark Theme which makes it almost impossible to view again the light blue background.
See:... Steve Wheeler
10:05 AM pfSense Packages Bug #11055 (Resolved): Insecure FreeRADIUS defaults: Tested on the latest snapshot. It's fixed. Ticket resolved. Danilo Zrenjanin
10:03 AM Bug #11282 (Feedback): php error on creating new PPPoE server instance: PR merged Jim Pingle
02:14 AM Bug #11282: php error on creating new PPPoE server instance: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/99 Viktor Gurov
01:41 AM Bug #11282 (Resolved): php error on creating new PPPoE server instance: If you create a new PPPoE Server instance with a 1+ users, a will PHP error occur:... Viktor Gurov
10:00 AM Bug #11286 (Feedback): Endpoint port is mandatory if Endpoint is defined: Applied in changeset commit:e801e55ba199db0cddeb05f5e0b8a0f7ba75c384. Jim Pingle
09:52 AM Bug #11286 (In Progress): Endpoint port is mandatory if Endpoint is defined: One more little thing, in the tunnel list it isn't assuming the default port in the display. Also it's showing ":" fo... Jim Pingle
09:30 AM Bug #11286 (Feedback): Endpoint port is mandatory if Endpoint is defined: Applied in changeset commit:df799f2c43441dc80174f6360ecdab0e78b15eb4. Jim Pingle
09:19 AM Bug #11286: Endpoint port is mandatory if Endpoint is defined: In this case we should assume the default port (@51820@) rather than making the field required. I'll take a look at it. Jim Pingle
08:46 AM Bug #11286: Endpoint port is mandatory if Endpoint is defined: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/101 Viktor Gurov
08:34 AM Bug #11286 (Resolved): Endpoint port is mandatory if Endpoint is defined: It's not possible to define endpoint without port, i.e.... Viktor Gurov
09:40 AM Bug #11288 (Feedback): Wireguard: Peer PSK is auto-filled to the keepalive field: Applied in changeset commit:262dba240a74a4b70cacbe6835dcef344d44f316. Jim Pingle
09:25 AM Bug #11288: Wireguard: Peer PSK is auto-filled to the keepalive field: fix in https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/101/ Viktor Gurov
09:21 AM Bug #11288 (Resolved): Wireguard: Peer PSK is auto-filled to the keepalive field: If you configure a PSK on a WireGuard peer and then edit that peer the keep-alive field will be populated by the PSK ... Steve Wheeler
07:28 AM Todo #11280 (New): Add WireGuard to ALTQ list: Jim Pingle
07:25 AM Todo #11280 (Feedback): Add WireGuard to ALTQ list: Applied in changeset commit:171b0eb2d69dc6737c63e5f6a2be63d705678c04. Jim Pingle
07:16 AM Todo #11280 (New): Add WireGuard to ALTQ list: Reverted this change for now since ALTQ on WireGuard is not stable. See #11285 Jim Pingle
04:46 AM Todo #11280 (Resolved): Add WireGuard to ALTQ list: 2.5.0.a.20210121.2350 - I can successfully create a traffic shaper on the wg* interfaces Viktor Gurov
07:21 AM Bug #11284: php waring in interfaces after upgrading to latest dev version: I didn't see any recent changes which might have introduced a problem on the lines in the error, so it definitely nee... Jim Pingle
04:32 AM Bug #11284 (Rejected): php waring in interfaces after upgrading to latest dev version: This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Viktor Gurov
03:26 AM Bug #11284 (Rejected): php waring in interfaces after upgrading to latest dev version: i updated to the dev version 2.5.0.a.20210121.1437
it gave the following crash report
Crash report begins. Ano... khaled osama
07:17 AM Bug #11285: Kernel crash on ALTQ-enabled wg interfaces: Moving ahead, no time to address this one for now. Reverted the change allowing ALTQ to be used with WireGuard for now. Jim Pingle
06:02 AM Bug #11285 (Closed): Kernel crash on ALTQ-enabled wg interfaces: If you create a traffic shaper queue on the assigned wg* interface,
any WireGuard manipulation (add peer / delete in... Viktor Gurov
07:08 AM Feature #11281 (Duplicate): Generating WireGuard QR codes for fast mobile deployments: Already covered in the plan for config export under NG 5436 Jim Pingle
12:22 AM Feature #11281 (Duplicate): Generating WireGuard QR codes for fast mobile deployments: It would be nice to add QR code generator for fast mobile (Android/iOS) deployments,
Use FreeRADIUS QR code generato... Viktor Gurov
05:05 AM Bug #11277 (Resolved): Hide WireGuard interfaces from Interface Assignments pages: works as expected on 2.5.0.a.20210121.2350 Viktor Gurov
04:41 AM Bug #11275 (Resolved): Certificate import of a signed certificate signing request is not offered: resolved on 2.5.0.a.20210121.2350 Viktor Gurov
02:33 AM Feature #9942: Give pfSense the possibility to change the keyboard Layout for console users: localization steps:
https://forum.netgate.com/topic/159666/pfsense-localization-connecting-on-console-or-via-ssh Viktor Gurov

01/21/2021

11:02 PM Bug #9296 (Confirmed): Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: see also #7209 Viktor Gurov
01:06 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: same issue on 2.5.0.a.20210120.1500
mixed alias entries:
- yandex.ru
- 1.2.3.4... Viktor Gurov
09:57 PM Revision 8dffba30: Fix WireGuard case: Jim Pingle
09:55 PM Revision 5a33a16c: Ticket #5186: Enable Wireguard firewall rules tab: Jim Pingle
09:32 PM Revision e42e51fe: Correct typo. Fixes #11279: Jim Pingle
09:31 PM Revision 4a49b0d9: Add wg to ALTQ list. Implements #11280: Jim Pingle
09:19 PM Revision eb099537: Prevent invalid WireGuard assignments. Fixes #11277: Jim Pingle
08:57 PM Revision db2fefc5: Show WireGuard interface description during assignment. Issue #11277: Jim Pingle
07:55 PM Revision f50c6543: WireGuard assignment/disable behavior improvements. NG 5518: * Do not allow a WireGuard instance to be removed while assigned
* Do not allow a WireGuard instance to be disabled w... Jim Pingle
04:42 PM Revision c3c257e4: Add WireGuard info to status output. NG 5483: Jim Pingle
04:03 PM Revision 488672e3: WireGuard default port usage fix. NG 5482: Jim Pingle
03:52 PM Bug #7209: Something is seriously wrong with firewall aliases: This bug / #9296 was easily reproducible 3 years ago when I first hit it and still is today on 2.4.5-p1. Just make a... Stuart Wyatt
01:06 AM Bug #7209: Something is seriously wrong with firewall aliases: see #9296 Viktor Gurov
03:40 PM Bug #11279 (Feedback): Typo in WireGuard Configuration: Applied in changeset commit:e42e51fefbaf93d8be3f4d2524f72a0bf2c4b543. Jim Pingle
03:32 PM Bug #11279 (In Progress): Typo in WireGuard Configuration: Yep, typo. Fix incoming. Jim Pingle
03:28 PM Bug #11279 (Resolved): Typo in WireGuard Configuration: There´s a typo in the WireGuard peer configuration
I think this should be IPv4 or IPv6 address? Moritz Schwarz
03:40 PM Todo #11280 (Feedback): Add WireGuard to ALTQ list: Applied in changeset commit:4a49b0d9b182c76f658201124c43278a65542c98. Jim Pingle
03:31 PM Todo #11280 (New): Add WireGuard to ALTQ list: wg interfaces support ALTQ, so can be added to the list.
Jim Pingle
03:25 PM Bug #11277 (Feedback): Hide WireGuard interfaces from Interface Assignments pages: Applied in changeset commit:eb0995379ee6778af0b82a28122a9f36a8bd075a. Jim Pingle
03:21 PM Bug #11277: Hide WireGuard interfaces from Interface Assignments pages: Commit is coming momentarily which prevents WireGuard interfaces from being used in VLAN, QinQ, LAGG, and Bridges.
... Jim Pingle
03:19 PM Bug #11277 (In Progress): Hide WireGuard interfaces from Interface Assignments pages: Jim Pingle
11:12 AM Bug #11277 (Resolved): Hide WireGuard interfaces from Interface Assignments pages: it's not needed on VLAN, QinQ, PPP, BRIDGES pages
also: VPN / L2TP, PPPoE server
IPsec, OpenVPN ? Viktor Gurov
03:00 PM Revision e7e4ba5a: Signed CSR import fix. Issue #11275: Viktor Gurov
01:35 PM Todo #11278: Update dnsmasq to >=2.8.3: We are aware, but for the most part it wouldn't impact us. These are all issues in dnsmasq, which while included in p... Jim Pingle
01:08 PM Todo #11278 (Resolved): Update dnsmasq to >=2.8.3: Not really a bug, but are you aware of DNSpooq?
https://www.jsof-tech.com/disclosures/dnspooq/
AFAIK, it was just... Logan Marchione
10:54 AM Feature #8786: Wireguard VPN: Renato Botelho wrote:
> Initial kernel version wireguard support is now in place
FYI. I have receiving fetch err... Ronald Schellberg
09:44 AM Bug #11272 (Pull Request Review): OCSP settings only for TLS auth: Jim Pingle
12:16 AM Bug #11272: OCSP settings only for TLS auth: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/97 Viktor Gurov
09:42 AM pfSense Packages Bug #11274 (Pull Request Review): ntopng https web server does not present full certificate chain: Jim Pingle
08:04 AM pfSense Packages Bug #11274: ntopng https web server does not present full certificate chain: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/28 Viktor Gurov
06:50 AM pfSense Packages Bug #11274 (Resolved): ntopng https web server does not present full certificate chain: The https protected web frontend (port 3000) of ntopng 0.8.13_6 (tested on pfSense CE 2.4.5_1) does not work correctl... Martin Bartosch
09:41 AM Bug #11275 (Feedback): Certificate import of a signed certificate signing request is not offered: PR merged Jim Pingle
09:01 AM Bug #11275: Certificate import of a signed certificate signing request is not offered: Fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/98 Viktor Gurov
06:57 AM Bug #11275 (Resolved): Certificate import of a signed certificate signing request is not offered: Testing the current pfSense 2.5.0-DEVELOPMENT version I encountered a problem with the certificate manager. When requ... Martin Bartosch
09:27 AM Bug #11276 (Rejected): CARP both master master: There is a problem with your configuration or environment. This site is not for support or diagnostic discussion.
... Jim Pingle
09:18 AM Bug #11276 (Rejected): CARP both master master: Hi,
I've an issue with two CARP interfaces. Both are seen as Master/master. All of others CARP interfaces are work... Nazar Hassan
08:08 AM pfSense Packages Bug #11271: Setting default-originate in FRR/BGP Silently Appends a route-map: Looks like 2.5.0 still appends a route-map to me.... Chris Linstruth
07:52 AM pfSense Packages Bug #11273 (Not a Bug): ntopng password reset does not work: unable to reproduce - I can successfully update admin password
you need to use pfSense WebGUI to change password, no... Viktor Gurov
06:45 AM pfSense Packages Bug #11273 (Not a Bug): ntopng password reset does not work: Modifying the admin password in the ntopng settings does not seem to work.
Versions: ntopng 0.8.13_6 on pfSense CE... Martin Bartosch
04:59 AM Bug #11082: XMLRPC synchronization restarts all OpenVPN instances on the secondary node when making any change on the primary node: Hello everyone,
This issue is also affecting us, do you know approximately when an official update is going to fix... Ferran Peinado
02:34 AM Bug #11256: Cannot add alias with multiple URLs: I can reproduce it on 2.4.5-p1,
but it works fine on 2.5.0.a.20210120.1500 Viktor Gurov
12:46 AM pfSense Packages Bug #11261: pfBlockerNG ASN numbers in IPv4 (/IPv6) Custom_List generate error(s) "Invalid numeric literal at line 1, column 7": no such issue with pfBlockerNG-devel 3.0.0_8 - I can successfully add AS number to IPv4/IPv6 Custom_List and see no e... Viktor Gurov
12:18 AM Revision e564dbd6: Add ^wg to list of interface mimatch types: Steve Beaver

01/20/2021

11:43 PM Bug #11272 (Resolved): OCSP settings only for TLS auth: There is no need to show OCSP settings for "Peer to Peer (Shared Key)" and "Remote Access (User Auth)" auth modes Viktor Gurov
11:25 PM pfSense Packages Bug #11271: Setting default-originate in FRR/BGP Silently Appends a route-map: > Selecting IPv4+IPv6 announces the route but it is counter-intuitive for someone creating an IPv4-only peer to selec... Viktor Gurov
08:12 PM pfSense Packages Bug #11271 (Resolved): Setting default-originate in FRR/BGP Silently Appends a route-map: When setting default-priginate on a BGP neighbor thew user is presented with four choices by default:
* No
* IPv4... Chris Linstruth
11:16 PM pfSense Packages Feature #10789 (Feedback): FRR integrated configuration and hitless reloads: Merged Viktor Gurov
08:27 PM Revision 8e48b2e2: Add OS routes using WireGuard Peer AllowedIPs. Part of NG 5437: Jim Pingle
07:50 PM Revision 45ae5c55: Remove WireGuard peernwks field which is not needed. Part of NG 5437: Jim Pingle
07:43 PM Revision 6e23ca79: Fix some bad WireGuard capitalization: Jim Pingle
07:39 PM Revision 236f8ecc: Automatic WireGuard interface gateways. Part of NG 5437: Jim Pingle
05:40 PM Revision a0341111: Update translation files: Renato Botelho
05:37 PM Revision 9661de36: Regenerate pot: Renato Botelho
05:27 PM Revision 3856366b: Retire VXLAN support: VXLAN support is not enterprise ready and after internal discussion we
decided we are not able to support it. We are... Renato Botelho
03:34 PM Feature #11270: Consider integrating Nebula mesh VPN: Forgot to add the link...
https://github.com/slackhq/nebula Jeff Wischkaemper
03:34 PM Feature #11270 (New): Consider integrating Nebula mesh VPN: Slack's Nebula VPN is a very slick system that more-or-less uses Wireguard tunnels, but a sane and scaleable key/cert... Jeff Wischkaemper
01:44 PM Revision 55da9aef: Change XML listtag entry for peer to wgpeer for issue #5186: Jim Pingle
10:28 AM Bug #11267 (Resolved): PHP Error in FRR after WireGuard merge: Renato Botelho
10:01 AM Bug #11267: PHP Error in FRR after WireGuard merge: I applied the patch and the neighbors came back. Thanks for the quick fix! Zachary McGibbon
09:46 AM Bug #11267 (Feedback): PHP Error in FRR after WireGuard merge: This is due to WireGuard trying to use the 'peer' tag as a list when it should be using 'wgpeer' which didn't carry o... Jim Pingle
07:38 AM Bug #11267 (Resolved): PHP Error in FRR after WireGuard merge: Testing:... Steve Wheeler
09:46 AM pfSense Packages Bug #11269 (Duplicate): FRR BGP neighbors missing after update: We are aware -- it's not a problem in FRR, but in the base system. See #11267 Jim Pingle
09:39 AM pfSense Packages Bug #11269: FRR BGP neighbors missing after update: Just found a crash report too:... Zachary McGibbon
09:37 AM pfSense Packages Bug #11269 (Duplicate): FRR BGP neighbors missing after update: Just upgraded to beta 2.5.0.a.20210119.2350 and my bgp neighbors are missing their IP address. If I try and add the ... Zachary McGibbon
08:45 AM Bug #11268 (Resolved): Cookie named ``id`` prevents some forms from being loaded or saved properly: If you have a cookie set with a name 'id' (any value), and you try to edit something, e.g. a firewall rule, the form ... Matthew Fearnley

01/19/2021

08:05 PM Revision ef0b6170: Fix copyright notices: Renato Botelho
08:05 PM Revision b386d073: Remove commented out code: Renato Botelho
08:05 PM Revision 1566a360: Spell WireGuard properly: Renato Botelho
06:58 PM Feature #11266 (Resolved): Option to list AutoConfigBackup entries in "reverse" order (newest at top): I'm sure there are others like me that prefer and that are used to latest entries being at the top.
Just today whe... Brandon Jackson
06:34 PM Revision 6f0fbd64: Fixed #11265 - Remove unwanted log messages: Steve Beaver
02:35 PM Revision 06dda92e: wg: Deny toconfigure IP address on wg interfaces: Ticket #5186 Renato Botelho
02:35 PM Revision 6facda79: Add igc to ALTQ list. Issue NG 5185: Jim Pingle
02:35 PM Revision c9706433: Preserve wireguard address after interface assign: Renato Botelho
02:35 PM Revision 4efe99c6: Improve code readability: Renato Botelho
02:35 PM Revision c3acf286: Fixed #5486 by making peer endpoint and port optional: Steve Beaver
02:35 PM Revision f88a9797: Warn user if peer table has changed before leaving page: Steve Beaver
02:35 PM Revision 422f8a04: Added new Wireguard config fields peernwks and peerwgaddr per #5437: Steve Beaver
02:35 PM Revision 282d8ee7: wg: Configure static routes: When configuring a wg tunnel, update static routes associated with that
interface Renato Botelho
02:35 PM Revision d1ac0394: Update copyright year: Renato Botelho
02:35 PM Revision fbf0a83d: Fix typo: Jim Pingle
02:35 PM Revision 39a615f0: Ticket #5186: Re-create config files during boot: Renato Botelho
02:35 PM Revision 948266c7: Load file on pressing 'Enter' key: Steve Beaver
02:35 PM Revision 580c7a4f: Ticket #5186: Implement is_wg_enabled(): Renato Botelho
02:35 PM Revision 07aa50fd: Ticket #5186: Fix comment: Renato Botelho
02:35 PM Revision aea837f8: #5186 - Revised peer configuration to use 'wgpeer' rather than 'peer': Steve Beaver
02:35 PM Revision a0669cfb: wg: Do not check assigned interface (Ticket #5186): When saving changes on wireguard, do not check address conflict on
interface assigned to that tunnel, otherwise, it w... Renato Botelho
02:35 PM Revision b0c94a2e: wg: Fix indent and improve code readability: Renato Botelho
02:35 PM Revision 69ae8263: wg: Adjust priv entries: Renato Botelho
02:35 PM Revision 97e391de: wg: Use a more generic function to detect IP address: Renato Botelho
02:35 PM Revision 835e6895: wg: Remove extra spaces: Renato Botelho
02:35 PM Revision 50bd4119: wg: isset() just before is_array() is redundant: Renato Botelho
02:35 PM Revision d763c52b: wg: unlink_if_exists() can deal with glob matches: Renato Botelho
02:35 PM Revision e340cb98: wg: Style fixes: Renato Botelho
02:35 PM Revision cfc9bcc7: wg: Fix gettext() calls: Renato Botelho
02:35 PM Revision 4e43d19d: wg: Simplify logic: Renato Botelho
02:35 PM Revision 21e74d25: Fix Wireguard tunnel save with zero peers: Steve Beaver
02:35 PM Revision 2b0b1f3b: Completed revision of wg config edit fors: Steve Beaver
02:35 PM Revision ae53a939: Revised wg edit system to use peer table as source of truth: Steve Beaver
02:35 PM Revision 971d1374: Eliminate ghost lines in modal: Steve Beaver
02:35 PM Revision 6fca3062: revised peer display/edit form: Steve Beaver
02:35 PM Revision bff120fb: Revise appearance of save and PSK buttons: Steve Beaver
02:35 PM Revision e773d8fe: Added allowed ip validation: Steve Beaver
02:35 PM Revision 566facd9: #5186 fixed validation issues as requested: Steve Beaver
02:35 PM Revision a76f22d7: #5186 - Provide 'generate PSK' butoon. Some fixes to validation: Steve Beaver
02:35 PM Revision 165b5c4f: #5186 - Add ability to mark row-helper help text as required (underlined) by pre-pendinf text with '*'. No longer clear help text when adding new peer.: Steve Beaver
02:35 PM Revision db784b1a: #5186 Added keepalive units, clarified Address text, added incremented port placeholder, minor validation changes: Steve Beaver
02:35 PM Revision 065847a4: Added user input validation for Wireguard config. Marked certain values as required: Steve Beaver
02:35 PM Revision f319adf4: Add the tunnel address to WG interface.: Wireguard support is now functional. Luiz Souza
02:35 PM Revision 4103ddd6: Fix the wireguard configuration file, start tunnels at boot.: Add the Endpoint port, fix the configuration permissions.
Remove the WG tunnel when a tunnel is removed. Luiz Souza
02:35 PM Revision 1698954c: Added support for wireguard pre-shared keys: Steve Beaver
02:35 PM Revision b8abb69c: Optionally generate keys in JSON: Steve Beaver
02:35 PM Revision 7d18cbb6: Added ability to generate a new public/private key pair for hte interface. Public key is displayed on the tunnel edit form: Steve Beaver
02:35 PM Revision 0f674c32: Fixes the saving of peers settings in GUI.: The previous commits had a few mistakes which were fixed in here.
Fixes the WG configuration path and creation.
The... Luiz Souza
02:35 PM Revision 5f4b92c2: Rename the Wireguard peers entries in configuration XML to 'peer'.: 'peer' is already properly handled by the XML routines as a list entry, which
is not the case of 'peers'.
This fixes... Luiz Souza
02:35 PM Revision 52a5f91f: Fix a typo.: No functional change. Luiz Souza
02:35 PM Revision f8fac290: Fix the file name in header.: Remove the mention from m0n0wall, this code was created for pfSense. Luiz Souza
02:35 PM Revision c5070198: Moved wg.inc to proper location: Steve Beaver
02:35 PM Revision eebd46d0: Dim row when tunnel is disabled: Steve Beaver
02:35 PM Revision efb7b532: Removed peer file. No longer needed: Steve Beaver
02:35 PM Revision e5f5c961: Revised tunnel table, added firewall key display, added key generation code: Steve Beaver
02:35 PM Revision 77084fc6: Add tunnel name (wg?) to tunnel so that tunnels can be deleted without renumbering the remaining tunnels: Steve Beaver
02:35 PM Revision 02b75dc3: Completed tunnel delete logic: Steve Beaver
02:35 PM Revision 42c33bac: Completed new tunnel functionality when no tunnels exist in hte config: Steve Beaver
02:35 PM Revision ea07ba5a: Completed config file update: Steve Beaver
02:35 PM Revision 42fc38a3: Add new tunnel functionality: Steve Beaver
02:35 PM Revision 7ce95691: Completed 'row helper' stuff to allow peers to be added and deleted: Steve Beaver
02:35 PM Revision 8a31882d: Split peer form into two rows with custom Javascript methods: Steve Beaver
02:35 PM Revision b445ccbf: Added form elements to edit interface: Steve Beaver
02:35 PM Revision 80af47f0: Prototyped main wireguard UI page: Steve Beaver
02:35 PM Revision 54ff075d: Accommodate PersistentKeepalive and PresharedKey peer options: Steve Beaver
02:35 PM Revision 729c4d55: <peer> => <peers>: Steve Beaver
02:35 PM Revision 82bcf46c: Outlined Wireguard GUI pages and added it to the VPN menu: Steve Beaver
02:35 PM Revision c6cdaad1: Outlines config.xml => wireguard config files utility: Steve Beaver
02:35 PM Revision 9922914d: Build the Wireguard module: Renato Botelho
12:40 PM Bug #11265: Remove log spam due to bootstrap map file: Applied in changeset commit:6f0fbd6406d5a7ebfa60c56c7755cd0815c883d5. Anonymous
12:34 PM Bug #11265 (Feedback): Remove log spam due to bootstrap map file: Anonymous
12:28 PM Bug #11265 (Resolved): Remove log spam due to bootstrap map file: Bootstrap is making unneeded log file entries when trying to access bootstrap.css.map Anonymous
10:31 AM Feature #11264 (Closed): Redirect Captive Portal users to login page after they logout: Currently (i.e when a custom logout page is present) when a user clicks on logout , a window with the logout message ... much nuks
08:41 AM Feature #8786 (Feedback): Wireguard VPN: Initial kernel version wireguard support is now in place Renato Botelho
07:06 AM pfSense Packages Bug #11185: Redis service stopping before NtopNg: Yes, because patched version is 0.8.13_8 if nothing changed
I really doesn't understand when packages are pushed t... DRago_Angel [InV@DER]
06:30 AM pfSense Packages Bug #11185 (Assigned): Redis service stopping before NtopNg: Tested on 2.4.5_p1 (2 versions of NtopNG: 0.8.13_5 and 0.8.13_6) and on 2.5-DEVELOPMENT (built on Tue Jan 19 00:05:03... Azamat Khakimyanov

01/18/2021

10:27 PM Bug #11263 (Not a Bug): Unbound fails to parse config if DNS Query Forwarding and custom options are enabled: It's a known and well documented case. Given the wide variety of what users may want to do with custom options, the U... Jim Pingle
10:05 PM Bug #11263: Unbound fails to parse config if DNS Query Forwarding and custom options are enabled: Looks like this can be "fixed" by prepending "server:" before the list of custom options.
This wasn't obvious from t... Konstantin Svist
09:33 PM Bug #11263 (Not a Bug): Unbound fails to parse config if DNS Query Forwarding and custom options are enabled: I tried to enable DNS Query Forwarding and I have a custom option.
unbound-checkconf fails pointing to the custom op... Konstantin Svist
09:25 PM Bug #8468: Status / Queues show mostly NaN: Not sure why this is rejected, a bunch of users see this issue.
It's a quick patch, just edit /usr/local/www/status_... Konstantin Svist
05:23 PM Feature #11262 (New): Time Based Rules - selects all days in the current month: *Page:* https://docs.netgate.com/pfsense/en/latest/firewall/time-based-rules.html
*Feedback:*
I don't know i... Andrei Caba
05:02 PM pfSense Packages Bug #11259: pfBlockerNG-devel fails to update all IP addresses for ASN using IPv4 Source Definitions: I may not be able to reproduce this bug now. P L
03:39 PM pfSense Packages Bug #11259 (Closed): pfBlockerNG-devel fails to update all IP addresses for ASN using IPv4 Source Definitions: pfBlockerNG-devel v3.0.0_8
pfBlockerNG-devel fails to update all IP addresses for ASN using IPv4 Source Definition... P L
05:00 PM pfSense Packages Bug #11261 (New): pfBlockerNG ASN numbers in IPv4 (/IPv6) Custom_List generate error(s) "Invalid numeric literal at line 1, column 7": If AS numbers are entered in IPv4 Custom_List or IPv6 Custom_List, an error message, "Invalid numeric literal at line... P L
03:46 PM pfSense Packages Feature #11260 (New): pfBlockerNG: predefined ASN groups for Google, Facebook, Apple, etc with useful selections: pfBlockerNG has the useful feature to create Aliases of IP addresses using ASN number(s).
This is useful for defin... P L
03:29 PM Bug #11255: ipv6 unable to get delegation: Jim Pingle wrote:
> There is no evidence that it is a bug -- which is why you must discuss it first on the forum. "I... William Warren
03:23 PM Bug #11255: ipv6 unable to get delegation: There is no evidence that it is a bug -- which is why you must discuss it first on the forum. "It works here but not ... Jim Pingle
03:05 PM Bug #11255: ipv6 unable to get delegation: Jim Pingle wrote:
> This site is not for support or diagnostic discussion.
>
> For assistance in solving problems... William Warren
03:03 PM Bug #11255 (Rejected): ipv6 unable to get delegation: This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
03:00 PM Feature #11207 (Closed): Add watchfrr to routing log: Jim Pingle
03:00 PM pfSense Packages Feature #11233 (Closed): Add 'Allow IP options' interface fw rule note: Jim Pingle
03:00 PM Bug #11254 (Pull Request Review): Some OpenVPN configuration files remain after deleting an instance: Jim Pingle
02:54 PM pfSense Docs Correction #11258 (Closed): Feedback on Installing and Upgrading — Prepare Installation Media — Prepare a USB Memstick: *Page:* https://docs.netgate.com/pfsense/en/latest/install/write-memstick.html#connect-the-usb-memstick-to-the-workst... Anonymous
02:51 PM Bug #11256: Cannot add alias with multiple URLs: Same goes for URLs with ports lists. Andreas Lindhé
10:45 AM Feature #11257 (New): Installed Packages: Update all button: Hi, when you have more then 10 packages on pfsense it hard to update each one by one, but update all button simply mi... DRago_Angel [InV@DER]
04:59 AM Bug #7209: Something is seriously wrong with firewall aliases: I can confirm that I have the same issue on 2.4.4-RELEASE-p1. please reopen this. Chris Tsou

01/17/2021

03:46 PM Bug #10919: Improve handling of OpenVPN data cipher negotiation options: The OpenVPN Server Wizard doesn't seem to be updated to reflect these changes. When running through the Wizard the fi... Max Leighton
07:09 AM Bug #11256 (Rejected): Cannot add alias with multiple URLs: When adding an URL alias with multiple URLs, only the last URL ever gets resolved.
*Expected behavior:* every URL ... Andreas Lindhé
03:21 AM Feature #11207: Add watchfrr to routing log: Are you saying there's something not working? As that output looks as expected to me. Ben Hughes

01/16/2021

09:10 PM Bug #11255 (Rejected): ipv6 unable to get delegation: I have a netgear cm1000 modem and for some reason with pfsense I cannot get an IPV6 allocation. I have plugged in my ... William Warren
06:44 PM Feature #11207: Add watchfrr to routing log: Status>System Logs>System >Routing :
Jan 17 00:34:04 watchfrr 75512 watchfrr 7.5 starting: vty@0
Jan 17 00:34:04 ... Alhusein Zawi
03:21 PM Bug #9643: Limiters do not function properly on 2.5 snapshots: I've tested FQ_CODEL Too, but not working.
i have dual wan setup, and i have 4 different limiters (2) for every wan ... Samuel Hanna
02:29 PM pfSense Packages Feature #11233: Add 'Allow IP options' interface fw rule note: The Note has been added.
2.5.0.a.20210115.2350 pimd 0.0.3_4
Alhusein Zawi
10:56 AM Bug #11254: Some OpenVPN configuration files remain after deleting an instance: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/96 Viktor Gurov
10:09 AM Bug #11254 (Resolved): Some OpenVPN configuration files remain after deleting an instance: If you delete OpenVPN Server/Client in the WebGUI, no all config files/directories will be deleted:... Viktor Gurov
06:38 AM pfSense Packages Bug #4088: Buggy squidgurd config file is created: > 1) Do not write out sources for disabled ACLs, or squidguard treats these
sources as "always pass"!
fix:
https... Viktor Gurov
05:45 AM pfSense Docs Correction #11253 (Resolved): Feedback on Multiple WAN Connections — Load Balancing and Failover with Gateway Groups: *Page:* https://docs.netgate.com/pfsense/en/latest/multiwan/load-balance-and-failover.html
*Feedback:*
Minor typo... Garry Page
04:26 AM Bug #11249 (Resolved): openvpn peer to peer shared key deprecated warning: works as expected on 2.5.0.a.20210115.2350 Viktor Gurov
03:55 AM Feature #7467 (Resolved): Add iPhone/Android/Generic USB tethering support: works as expected with Android:... Viktor Gurov
03:39 AM pfSense Packages Bug #11252 (Duplicate): Error importing UT1 blacklist: Duplicate of #3085 Viktor Gurov
01:53 AM pfSense Packages Bug #11252 (Duplicate): Error importing UT1 blacklist: errors on importing ftp://ftp.ut-capitole.fr/pub/reseau/cache/squidguard_contrib/blacklists.tar.gz DB (used by pfBloc... Viktor Gurov
03:38 AM pfSense Packages Bug #3085: squidguard: problems when importing a blacklist archive containing soft-links: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/26 Viktor Gurov
01:39 AM pfSense Packages Bug #6378 (Resolved): inline background styles in squidguard package: works as expected Viktor Gurov
01:39 AM pfSense Packages Bug #9364 (Resolved): squidguard int error page does not use https: works as expected:... Viktor Gurov
12:44 AM pfSense Packages Feature #7903: Duo ssh package: duo_unix is already in the port collection:
https://www.freshports.org/security/duo/ Viktor Gurov

01/15/2021

09:01 PM Bug #10680 (Resolved): Improve interface caching when we have many interfaces: I was able to test this in 2.4.5p1 and 2.5. Boot time and GUI navigation speeds with 400 VLANs are significantly incr... Max Leighton
09:00 PM Feature #10972 (Resolved): Add IPv6 DDNS support for easyDNS: Unable to test that this is working. I'll mark resolved since there is no recent feedback. Max Leighton
04:32 PM pfSense Packages Feature #11186: Allow lo0/Loopback as a valid interface in OSPF/OSPF6: Just enable connected redistribution and they’ll be redistributed into OSPF. Then use route-map/access-list to filter... Ben Hughes
04:04 PM Revision d9f8094b: Blacklist => Blocklist, Whitelist => Pass list: Steve Beaver
03:38 PM Bug #8070 (Closed): IKEv2 IPSec tunnel under load crashes pfSense when AES-NI is enabled: Seems this is the same as:
https://redmine.pfsense.org/issues/8961
https://redmine.pfsense.org/issues/8964
Closi... Marcos M
03:11 PM Todo #11020 (Resolved): Update OpenVPN to 2.5.0: Jim Pingle
03:10 PM Revision a2ba5b6c: OpenVPN genkey secret command fix. Issue #11249: Viktor Gurov
02:23 PM Revision a847ee75: Revert "Do not build drm2 kernel module, we want drm-mod from ports": This reverts commit a8a1fb54b706f8f320b130bb3a4a9d290089f5f4. Renato Botelho
02:23 PM Revision 67d1f4f8: Revert "Revert "Remove drm-kmod"": This reverts commit d52832b5c4c195614d2826f772166c253390222f. Renato Botelho
12:23 PM pfSense Docs Correction #11244: Feedback on Packages — Nut package: This link: https://forum.netgate.com/topic/102959/nut-package
The package info link was changed last week to a doc... Denny Page
11:09 AM pfSense Docs Correction #11244: Feedback on Packages — Nut package: Denny Page wrote:
> *Page:* https://docs.netgate.com/pfsense/en/latest/packages/nut.html
>
> *Feedback:*
>
> M... Michael Spears
11:08 AM Bug #11250: disabled FTP-Proxy service starts on boot: It's there and working, but you may not have access as it's not a public copy of the repository. Jim Pingle
11:03 AM Bug #11250: disabled FTP-Proxy service starts on boot: Viktor Gurov wrote:
> https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/25
Unable to view this li... Michael Spears
05:34 AM Bug #11250: disabled FTP-Proxy service starts on boot: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/25 Viktor Gurov
05:30 AM Bug #11250 (Resolved): disabled FTP-Proxy service starts on boot: after disabling FTP-Proxy in the WebGUI rc file is not deleted
and the service starts at boot Viktor Gurov
10:19 AM Bug #11251: Alias JS validation rejects  193.122.208.0/20: I tried in Chrome and I do not have an issue. I scrubbed the text in notepad to make sure there is not html being pa... Kristopher Kolpin
10:15 AM Bug #11251: Alias JS validation rejects  193.122.208.0/20: That's what I used, same version, on Linux Mint and Windows 10.
Maybe a browser add-on or similar, something cache... Jim Pingle
10:13 AM Bug #11251: Alias JS validation rejects  193.122.208.0/20: Can you try latest Firefox 84.0.2 64-bit? Kristopher Kolpin
10:10 AM Bug #11251 (Not a Bug): Alias JS validation rejects  193.122.208.0/20: Must be something in your browser. I can't replicate this on 2.4.5-p1 or 2.5.0 on amd64 or ARM. The provided value wo... Jim Pingle
10:04 AM Bug #11251 (Not a Bug): Alias JS validation rejects  193.122.208.0/20: Hi Everyone,
Got a weird issue here. The validation in Alias' does not seem to like CIDR range  193.122.208.0/20.... Kristopher Kolpin
09:40 AM pfSense Packages Bug #11247 (Rejected): pfBlockerNG DNSBL service refused to start: This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
04:38 AM pfSense Packages Bug #11247: pfBlockerNG DNSBL service refused to start: khaled osama wrote:
> pfBlockerNG DNSBL service refused to start
>
> [2.5.0-DEVELOPMENT]/root: /usr/local/etc/rc... khaled osama
09:10 AM Bug #11249 (Feedback): openvpn peer to peer shared key deprecated warning: PR has been merged. Thanks! Renato Botelho
07:29 AM Bug #11249: openvpn peer to peer shared key deprecated warning: another deprecated option:
https://community.openvpn.net/openvpn/wiki/DeprecatedOptions#Option:--route-nopull
https... Viktor Gurov
07:15 AM Bug #11249: openvpn peer to peer shared key deprecated warning: Fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/95
see https://community.openvpn.net/openvpn/wik... Viktor Gurov
05:09 AM Bug #11249 (Resolved): openvpn peer to peer shared key deprecated warning: 2.5.0-DEVELOPMENT (amd64)
built on Thu Jan 07 21:49:54 EST 2021
FreeBSD 12.2-STABLE
create a new openvpn server ... Manuel Piovan
08:13 AM Bug #10224 (Resolved): DHCP DDNS does not add zone entries for keys when using static host DDNS definitions: works as expected on 2.5.0.a.20210114.2350
dhcpd.conf example:... Viktor Gurov
05:32 AM pfSense Packages Bug #11236 (Resolved): A Link to the Virtual IP setup doesn't work under Frontend setup: Tested on the latest snapshot. It works fine. Ticket resolved. Danilo Zrenjanin
04:12 AM pfSense Packages Feature #11248: SafeSearch update: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/24 Viktor Gurov
03:45 AM pfSense Packages Feature #11248 (Resolved): SafeSearch update: Add Ecosia and Onesearch safesearch support
see also https://github.com/serv-inc/safe-search Viktor Gurov
03:44 AM pfSense Packages Bug #11246 (Closed): Squid Reverse proxy 'https_port option cert=' startup error: Manual squid configuration issue Viktor Gurov
03:42 AM pfSense Packages Feature #11060: Block access to consumer Google accounts: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/23 Viktor Gurov

01/14/2021

11:12 PM pfSense Packages Bug #11234: Filer not create missing necessary folders: recursive mkdir fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/22
> Also here is question... Viktor Gurov
11:10 PM pfSense Packages Bug #11247 (Rejected): pfBlockerNG DNSBL service refused to start: pfBlockerNG DNSBL service refused to start
[2.5.0-DEVELOPMENT]/root: /usr/local/etc/rc.d/pfb_dnsbl.sh restart
2... khaled osama
03:02 PM Feature #11243: individual pfctl snort2c tables per interface only blocking IPs for specific interface when a rule triggers in snort/suricata: I understand better now. I am not against having unique blocking tables for each interface, but implementing that req... Bill Meeks
01:15 PM Revision 16ea962d: Static DHCP mappings DDNS tabs fix. Issue #10224: Viktor Gurov
12:20 PM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: I just registered here to say that I believe I'm experiencing this exact bug (see https://forum.netgate.com/topic/159... Max Knabe
08:19 AM pfSense Packages Bug #11185 (Feedback): Redis service stopping before NtopNg: PR has been merged. Thanks! Renato Botelho
08:08 AM Bug #1635 (Resolved): timeout setting on firewall rules does not work for UDP: works as expected on 2.5.0.a.20210113.0250 -
pfctl successfully loads rules with `udp.multiple` and `other.multiple... Viktor Gurov
07:42 AM pfSense Packages Bug #11055 (Feedback): Insecure FreeRADIUS defaults: PR has been merged. Thanks! Renato Botelho
07:37 AM Bug #10224 (Feedback): DHCP DDNS does not add zone entries for keys when using static host DDNS definitions: Merged Renato Botelho
07:36 AM Bug #10224 (Pull Request Review): DHCP DDNS does not add zone entries for keys when using static host DDNS definitions: Jim Pingle
07:17 AM Bug #10224: DHCP DDNS does not add zone entries for keys when using static host DDNS definitions: minor tabs fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/94 Viktor Gurov
07:34 AM pfSense Packages Feature #11202 (Feedback): Antivirus feature update: PR has been merged. Thanks! Renato Botelho
04:43 AM pfSense Packages Feature #11202: Antivirus feature update: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/21 Viktor Gurov
07:34 AM pfSense Packages Feature #10541 (Feedback): Squid failover and load balancing: PR has been merged. Thanks! Renato Botelho
06:45 AM pfSense Packages Bug #11246 (Closed): Squid Reverse proxy 'https_port option cert=' startup error: https://forum.netgate.com/topic/159859/squid-version-4-10-cant-start-service:... Viktor Gurov
06:25 AM pfSense Packages Feature #11233 (Feedback): Add 'Allow IP options' interface fw rule note: PR has been merged. Thanks! Renato Botelho
06:11 AM pfSense Packages Bug #11236 (Feedback): A Link to the Virtual IP setup doesn't work under Frontend setup: PR has been merged. Thanks! Renato Botelho
06:09 AM Bug #11237: Incorrect copyright year: Tested on the latest snapshot.
It looks fine.
Ticket resolved. Danilo Zrenjanin
06:09 AM Bug #11237 (Resolved): Incorrect copyright year: Danilo confirmed it's OK Renato Botelho
05:23 AM Bug #11237: Incorrect copyright year: Alhusein Zawi wrote:
> it is still 2020 (attached)
>
> 2.5.0.a.20210113.0250
This one comes from Prodtrack an... Renato Botelho

01/13/2021

11:10 PM pfSense Docs Correction #11245 (Resolved): Feedback on Virtual Private Networks — IPsec — IPsec Configuration: *Page:* https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/configure.html
*Feedback:*
Description of the Dyna... Viktor Gurov
05:09 PM Revision d52832b5: Revert "Remove drm-kmod": This reverts commit 86afee72c80bee8dd09a40fc801fe718044794a9. Renato Botelho
05:08 PM Revision a8a1fb54: Do not build drm2 kernel module, we want drm-mod from ports: Renato Botelho
04:34 PM Bug #11237: Incorrect copyright year: it is still 2020 (attached)
2.5.0.a.20210113.0250 Alhusein Zawi
03:51 PM Feature #4821: PPPoE WANs do not take full advantage of NIC driver queues for receiving traffic: Can we get some kind of CAPTCHA on here to rid ourselves of this polluting junk?? → luckman212
01:14 PM pfSense Packages Feature #11233: Add 'Allow IP options' interface fw rule note: I've added the note.
https://github.com/pfsense/FreeBSD-ports/pull/1027 Danilo Zrenjanin
04:41 AM pfSense Packages Feature #10541: Squid failover and load balancing: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/20 Viktor Gurov
04:35 AM Feature #11243: individual pfctl snort2c tables per interface only blocking IPs for specific interface when a rule triggers in snort/suricata: Bill, thank you for getting back to me that fast!
Indeed you are correct with you summary. A main challenge is the d... Felix S
12:41 AM Todo #204 (Resolved): All write_config() statements should include a reason of some sort: tested on 2.5.0.a.20210112.0250
all write_config() calls have messages Viktor Gurov
12:00 AM pfSense Docs Correction #11244 (Resolved): Feedback on Packages — Nut package: *Page:* https://docs.netgate.com/pfsense/en/latest/packages/nut.html
*Feedback:*
Might want to maintain a link ... Denny Page

01/12/2021

11:30 PM Bug #11142 (Resolved): rc.newwanip restarts VPN services when the IP matches: Alhusein Zawi wrote:
> Danilo Zrenjanin wrote:
>
> ipsec tunnel will be restarted if you hit apply at any interfa... Viktor Gurov
11:04 PM pfSense Packages Feature #11113 (Resolved): New phishing feeds: Viktor Gurov
08:06 PM Feature #11243: individual pfctl snort2c tables per interface only blocking IPs for specific interface when a rule triggers in snort/suricata: I'm not sure I completely understand your request reasoning. In a typical default installation of the IDS packages al... Bill Meeks
09:25 AM Feature #11243 (New): individual pfctl snort2c tables per interface only blocking IPs for specific interface when a rule triggers in snort/suricata: Feature Request Background:
The snort2c table is used for blocking any connections to any IP address which is put in... Felix S
07:56 AM Bug #11242 (Rejected): virtual ip alias prefix gets removed from routing table after 1 min: I cannot reproduce this here, there must be some other problem in your environment causing the behavior you have obse... Jim Pingle
05:37 AM Bug #11242 (Rejected): virtual ip alias prefix gets removed from routing table after 1 min: We have a virtual ip alias called 192.168.100.254/24, when i add it then it adds 192.168.100.0/24 to the routing tabl... Daniel Frantzen
06:14 AM pfSense Packages Todo #11215 (Resolved): Update NtopNG to 4.2: Renato Botelho
03:56 AM pfSense Packages Todo #11215: Update NtopNG to 4.2: Thank you DRago_Angel [InV@DER]
02:09 AM pfSense Packages Bug #11101 (Resolved): Bind DNS Server won't start: Tested on 2.4.5_p1 and on 2.5-DEVELOPMENT (built on Mon Jan 11 11:12:41 EST 2021).
On 2.4.5_p1 (Bind package versi... Azamat Khakimyanov

01/11/2021

05:50 PM Revision e733f5b2: DHCPD ARPA zone trailing dot. Fixes #11224: Viktor Gurov
04:49 PM Feature #9703: Certificate Manager Expiration Notification: Orion Poplawski wrote:
> I just got hit by this as well. Notification email is definitely needed. Thanks.
I can... DRago_Angel [InV@DER]
04:33 PM Feature #9703: Certificate Manager Expiration Notification: I just got hit by this as well. Notification email is definitely needed. Thanks. Orion Poplawski
12:55 PM pfSense Docs Correction #11241: Feedback on Backup and Recovery — Restoring from Backups: This is the case when restoring an OpenVPN configuration. I'm unsure what other areas it may apply to. Marcos M
12:54 PM pfSense Docs Correction #11241 (Resolved): Feedback on Backup and Recovery — Restoring from Backups: *Page:* https://docs.netgate.com/pfsense/en/latest/backup/restore.html
*Feedback:*
On the "Restore area" section ... Marcos M
12:00 PM Bug #11224: dhcpd.conf creation - zone declarations: Applied in changeset commit:e733f5b2d0d35b68746efe8035af1688dfdd0103. Viktor Gurov
11:51 AM Bug #11224 (Feedback): dhcpd.conf creation - zone declarations: PR has been merged. Thanks! Renato Botelho
11:55 AM Bug #11237 (Feedback): Incorrect copyright year: Fixed Renato Botelho
11:53 AM pfSense Packages Todo #11215 (Feedback): Update NtopNG to 4.2: It happened automagically when I merged 2021Q1 quarterly branch into FreeBSD-ports Renato Botelho
11:48 AM Todo #11020: Update OpenVPN to 2.5.0: >Exported what from 2.4.5-p1? The client config? Or the pfSense configuration?
Exported the server config from 2.4... Marcos M
10:59 AM Todo #11020: Update OpenVPN to 2.5.0: Exported what from 2.4.5-p1? The client config? Or the pfSense configuration?
The client export package wouldn't h... Jim Pingle
10:34 AM Todo #11020: Update OpenVPN to 2.5.0: Thanks for the detailed response Jim.
> If the user had exported a configuration in the past it shouldn't end up a... Marcos M
08:38 AM Todo #11020: Update OpenVPN to 2.5.0: Marcos Mendoza wrote:... Jim Pingle
10:40 AM pfSense Packages Bug #10749 (Resolved): squid + captive portal authentication not working: Tested on 2.4.5_p1 (Squid package: 0.4.44_36) and on 2.5-DEV (built on Thu Jan 07 21:49:58 EST 2021) (Squid package: ... Azamat Khakimyanov
09:43 AM Bug #6030 (Resolved): Duplicated tracker IDs on block private networks rules: Jim Pingle
09:43 AM Bug #7307 (Closed): ZFS installer - shuts down instead of rebooting: Jim Pingle
09:20 AM Bug #6025 (Resolved): Load balancing fails when one gateway has a weight of 1 and another gateway has a weight >1: Jim Pingle
08:58 AM pfSense Packages Bug #11236 (Pull Request Review): A Link to the Virtual IP setup doesn't work under Frontend setup: Jim Pingle
08:56 AM Feature #7842 (Pull Request Review): New Dynamic DNS Provider: Mythic-Beasts: Jim Pingle
08:13 AM Bug #11240 (Rejected): lan port on backup recenltly loose its static ip and take the vip lan: You almost certainly have a problem with your configuration. This site is not for support or diagnostic discussion.
... Jim Pingle
08:07 AM Bug #11240 (Rejected): lan port on backup recenltly loose its static ip and take the vip lan: hi all,
i have recently problem with my setup
i have two PFsense instances on ProLiant DL20 Gen9 with two onboa... khaled osama
08:06 AM Todo #11219: Improve IPsec GUI options for P1/P2 reauth/rekey: When testing one thing I'm looking for is that the GUI settings put in manually correspond with the values in @/var/e... Jim Pingle
03:25 AM pfSense Packages Feature #10665 (Resolved): Manual OSPF neighbor definitions: Retested on 2.5-DEVELOPMENT (built on Thu Jan 07 21:49:58 EST 2021)
'Non-broadcast' mode works for me too now.
... Azamat Khakimyanov

01/10/2021

06:30 PM pfSense Docs Correction #11239 (Rejected): Feedback on pfSense Configuration Recipes — Virtualizing pfSense with VMware vSphere / ESXi: *Page:* https://docs.netgate.com/pfsense/en/latest/recipes/virtualize-esxi.html
*Feedback:*
For vmware 7 you need... Joseph Conley
03:11 PM Bug #11050 (Resolved): "Backup extra data" does not behave properly: Tested in a recent build and am seeing that the extra data is being cleared. No duplicate tags are present on second ... Max Leighton

01/09/2021

09:42 PM pfSense Packages Bug #11098: Backup Files and Directories plugin crashes firewall if /root specified as backup location: Attempted creating backup for '/' on XG-7100 on ZFS
received following
PHP ERROR: Type: 1, File: /usr/local/ww... Jordan G
09:15 PM pfSense Packages Feature #11113: New phishing feeds: see these listed feeds plus other updates
2.4.5p1 w/ pfBlockerNG 3.0.0_8 Jordan G
06:05 PM Todo #11020: Update OpenVPN to 2.5.0: IPv6 tunnel networks aren't supported by the UI, it would seem. Getting an error stating "The field 'Tunnel Network'... Kris Phillips
05:32 PM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: Based on Feedback from testers on the forums, they are stating this is not fixed currently.
https://forum.netgate.... Kris Phillips
05:16 PM Bug #6030: Duplicated tracker IDs on block private networks rules: Steve Beaver wrote:
> Please confirm fix
Looks good from what I can tell. Michael Spears
05:05 PM Bug #7307: ZFS installer - shuts down instead of rebooting: This issue is no longer present in Jan 8th builds of pfSense when installing with ZFS. Kris Phillips
03:00 PM Revision 1045afc5: Fixed #5454 require => require_once: Steve Beaver
12:56 PM Bug #8136: dpinger for WAN DHCPv6 gets fails to update gateway IP: Can you provide more details on how to replicate the issue? Is it related only to the PPPoE link? Can you provide the... Danilo Zrenjanin
12:45 PM Feature #10984 (Resolved): Port Forward IPv6: IPv6 port forwarding is working as expected and aliases are also working. I'm marking this as resolved. Max Leighton
07:34 AM pfSense Docs New Content #11238 (Closed): LAGG (Link Aggregation): https://docs.netgate.com/pfsense/en/latest/interfaces/lagg.html
It would be helpful to add a note that there is no... Danilo Zrenjanin

01/08/2021

11:02 PM Bug #11142: rc.newwanip restarts VPN services when the IP matches: Danilo Zrenjanin wrote:
> Tested on:
> [...]
>
> It doesn't restart services anymore if the IP address stays the... Alhusein Zawi
10:18 PM Revision 1ba5f7d6: Keep makewhatis while pkg post-install is not fixed: Renato Botelho
06:21 PM Feature #11125: Kernel module for RTL8153 driver: my usb adapter it does not show the speed of the link, it tells me in netgate that it is because of the driver it use... Jesus Vina Trujillo
04:31 PM Bug #7020: <Hostname> is omitted when sending logs on syslog: Jim Pingle wrote:
> An RFC 5424 option was added to 2.5.0 almost a year ago, you can test it there: #9808
Setting... Michael Spears
03:33 PM Bug #6025: Load balancing fails when one gateway has a weight of 1 and another gateway has a weight >1: Verified that weights of 1 and 2 resulted in 2 and 4 entries in the rule set:... Chris Linstruth
12:47 PM pfSense Packages Feature #11206: FRR 7.5: I'm still not following what this has to do with making the loopback participate in OSPF? You can set the OSPF/BGP/OS... Ben Hughes
12:31 AM pfSense Packages Feature #11206: FRR 7.5: Network engineer here - have been configuring routers since the early 90's (Cisco IOS/IOS-XR/Nexus, Juniper, Alcatel-... Gavin Owen
11:10 AM pfSense Packages Bug #11236 (New): A Link to the Virtual IP setup doesn't work under Frontend setup: Danilo Zrenjanin
10:00 AM pfSense Packages Bug #11236 (Feedback): A Link to the Virtual IP setup doesn't work under Frontend setup: Danilo Zrenjanin
10:00 AM pfSense Packages Bug #11236: A Link to the Virtual IP setup doesn't work under Frontend setup: Fix:
https://github.com/pfsense/FreeBSD-ports/pull/1023 Danilo Zrenjanin
08:27 AM pfSense Packages Bug #11236 (Resolved): A Link to the Virtual IP setup doesn't work under Frontend setup: There is a note under the External address setup. If you click at "Virtal IP" from the note it leads to a 404 error... Danilo Zrenjanin
11:04 AM Bug #11237 (Resolved): Incorrect copyright year: Still 2020:
https://github.com/pfsense/FreeBSD-src/blob/07db36d3ee1826462a18c79c663d89df3f1f4030/release/rc.local#L88 Viktor Gurov
10:48 AM pfSense Packages Feature #10605 (Feedback): Add certificates from Trusted Store to Squid cert store: PR has been merged. Thanks! Renato Botelho
10:48 AM pfSense Packages Bug #10749 (Feedback): squid + captive portal authentication not working: PR has been merged. Thanks! Renato Botelho
10:45 AM pfSense Packages Feature #11102 (Feedback): Include a dictionary for mpd5 in Freeradius: PR has been merged. Thanks! Renato Botelho
10:45 AM pfSense Packages Bug #8466 (Feedback): radiusd crash: PR has been merged. Thanks! Renato Botelho
08:53 AM Bug #11232: Fix pfSense_fsync: For information, the function safe_write_file in config.lib.inc, used for writing the configuration file after a rest... Martin VENÇON
08:09 AM Bug #11063 (Resolved): PHP error if SMTP notification fails: I couldn't replicate the issue on the latest release. Ticket resolved. Danilo Zrenjanin
07:27 AM pfSense Packages Bug #11180: Filer run action for files on sync that wan't been modified: Renato Botelho wrote:
> PR has been merged. Thanks!
Hi, Thank you! I created new issues and also want ask you or... DRago_Angel [InV@DER]
06:56 AM pfSense Packages Bug #11180 (Feedback): Filer run action for files on sync that wan't been modified: PR has been merged. Thanks! Renato Botelho
06:53 AM pfSense Packages Bug #11180: Filer run action for files on sync that wan't been modified: DRago_Angel [InV@DER] wrote:
> Hi Viktor, thank you. Fix for this bug working. Tested:
> 1. modified file without s... Renato Botelho
07:24 AM pfSense Packages Bug #11235 (New): Filer run script when "state" unchanged: When file not modified action still triggered, it would be cool to check:
# file permissions
# file data
# file ... DRago_Angel [InV@DER]
07:20 AM pfSense Packages Bug #11234 (Resolved): Filer not create missing necessary folders: When you say filer create file for directory that not exists yet on pfSense - it not create this directory and of cou... DRago_Angel [InV@DER]
06:50 AM pfSense Packages Bug #11101 (Feedback): Bind DNS Server won't start: Renato Botelho
06:46 AM pfSense Packages Bug #11101: Bind DNS Server won't start: PR has been merged. Thanks! Renato Botelho
06:46 AM pfSense Packages Bug #7271: Co-existence of unbound and BIND/named: PR has been merged. Thanks! Renato Botelho
06:37 AM pfSense Packages Bug #11098 (Feedback): Backup Files and Directories plugin crashes firewall if /root specified as backup location: PR has been merged. Thanks! Renato Botelho
04:59 AM Feature #7842: New Dynamic DNS Provider: Mythic-Beasts: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/93 Viktor Gurov
03:29 AM Bug #11212 (Resolved): PHP error on Mobile IPsec input validating error: no such error on 2.5.0.a.20210107.2142
Viktor Gurov
02:00 AM Todo #11219: Improve IPsec GUI options for P1/P2 reauth/rekey: I’ve been testing this using system patches for 12 hours+ and it seems to work fine. P1 is rekey, for p2 only life ti... Florin Samareanu
01:56 AM Todo #6638 (Resolved): Update no-ip DDNS to new API: Viktor Gurov
01:42 AM Todo #6638: Update no-ip DDNS to new API: Tested on the latest snapshot. Works fine.
Ticket resolved. Danilo Zrenjanin
12:34 AM pfSense Packages Feature #11233 (Closed): Add 'Allow IP options' interface fw rule note: Add a note to pimd_interfaces.xml:
"A firewall rule with the 'Allow IP options' advanced option must exist in order ... Viktor Gurov
12:09 AM Feature #10931 (Resolved): system.php: Add option to omit DNS Servers from resolv.conf: tested on 2.5.0.a.20210104.0250
all modes change resolv.conf accordingly Viktor Gurov

01/07/2021

08:19 PM Bug #11231: OpenVPN tunnel exiting wrong interface: "itself a suboptimal practice" - in most scenarios it would be, but I would have to explain the network topology for ... Gavin Owen
08:03 PM Bug #11231: OpenVPN tunnel exiting wrong interface: Thank you very much for the clarifcation - I will remove the unnecessary filter rules. Gavin Owen
08:59 AM Bug #11231 (Not a Bug): OpenVPN tunnel exiting wrong interface: This isn't a bug, but a side effect of your manual rule causing traffic to not hit a built-in rule that it needs to u... Jim Pingle
08:25 AM Bug #11231: OpenVPN tunnel exiting wrong interface: After wiresharking in the lab, it seems I have miscategorised this issue. When the afforementioned floating tab filte... Gavin Owen
07:00 AM Bug #11231 (Not a Bug): OpenVPN tunnel exiting wrong interface: In a multi-WAN environment with multiple OpenVPN tunnels, it seems the tunnels can egress the incorrect WAN interface... Gavin Owen
07:59 PM Bug #11230: Firewall match rules incorrectly matching multiple OpenVPN tunnel interfaces: Hi Jim I started a thread already but there are currently no responses
https://forum.netgate.com/topic/159662/incorr... Gavin Owen
09:09 AM Bug #11230 (Not a Bug): Firewall match rules incorrectly matching multiple OpenVPN tunnel interfaces: Sounds more like a problem with your testing methodology than the way match rules work. Start a forum thread for more... Jim Pingle
06:12 AM Bug #11230: Firewall match rules incorrectly matching multiple OpenVPN tunnel interfaces: correcting obvious typo:
FW-A (WAN1) <--> (WAN1) FW-B
FW-A (WAN2) <--> (WAN2) FW-B Gavin Owen
06:10 AM Bug #11230 (Not a Bug): Firewall match rules incorrectly matching multiple OpenVPN tunnel interfaces: It would seem that that the firewall match rules match *any* OpenVPN tunnel rather than just the tunnel interface whi... Gavin Owen
05:40 PM Todo #11020: Update OpenVPN to 2.5.0: I have a mobile client using OpenVPN for Android with a config that contains:... Marcos M
04:17 PM Todo #11020: Update OpenVPN to 2.5.0: That is expected and will work fine. The options changed names and purposes in OpenVPN 2.5.0. There is no reason to h... Jim Pingle
04:01 PM Todo #11020: Update OpenVPN to 2.5.0: Restoring an openvpn config from 2.4.5p1 into latest 2.5 does not retain some settings which may potentially break ex... Marcos M
04:26 PM Feature #9260 (Resolved): ssh_tunnel_shell: Disable console message output: Alhusein Zawi
03:54 PM Feature #9527 (Resolved): Add ability for LDAP extended query on groups in RFC2307 containers.: Tested against FreeIPA. Looks like it works great. Thank you! Chris Linstruth
01:58 PM pfSense Packages Feature #10242: E2guardian Web filtering package: There are lines with write_config(); that should be updated to include a description before public release. Marcos M
01:36 PM pfSense Packages Bug #10429 (New): Status Traffic Total broken 2.4.5: Jim Pingle
01:11 PM Bug #7020 (Duplicate): <Hostname> is omitted when sending logs on syslog: Jim Pingle
12:18 PM pfSense Packages Bug #11055: Insecure FreeRADIUS defaults: https://github.com/pfsense/FreeBSD-ports/pull/1022 - description update. Danilo Zrenjanin
05:26 AM pfSense Packages Bug #11055: Insecure FreeRADIUS defaults: ... Danilo Zrenjanin
03:34 AM pfSense Packages Bug #11055: Insecure FreeRADIUS defaults: Changing the default values would potentially break current setups where the weak types are already selected.
... Danilo Zrenjanin
12:14 PM Bug #11224 (Pull Request Review): dhcpd.conf creation - zone declarations: > If you do not end your zone name in a ".", the DHCP server will figure it out.
The quoted text seems to suggest... Jim Pingle
12:10 PM Bug #11229 (Pull Request Review): Harmless error when enabling traffic shaper: Jim Pingle
03:10 AM Bug #11229: Harmless error when enabling traffic shaper: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/92 Viktor Gurov
03:07 AM Bug #11229 (Closed): Harmless error when enabling traffic shaper: ... Viktor Gurov
12:08 PM Feature #11228: Replace HTTP links with HTTPS in the GUI: Worth doing but not yet. Jim Pingle
10:00 AM Feature #11228: Replace HTTP links with HTTPS in the GUI: From what I can tell, these are all links to external sites, and they all redirect to HTTPS when accessed. There's mo... Michael Spears
01:35 AM Feature #11228: Replace HTTP links with HTTPS in the GUI: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/91 Viktor Gurov
01:22 AM Feature #11228 (Resolved): Replace HTTP links with HTTPS in the GUI: There are many HTTP links on the WebGUI pages:... Viktor Gurov
09:05 AM Bug #11232: Fix pfSense_fsync: It's been disabled for 2 years, I'm not sure we still want or need it.
Might be better to remove it than to fix it... Jim Pingle
07:34 AM Bug #11232 (New): Fix pfSense_fsync: Hello,

pfSense_fsync has not been working for a while as this commit: https://github.com/pfsense/pfsense/commi... Martin VENÇON
07:13 AM Todo #10533 (Resolved): Change default domain for new installations from "localdomain" to "home.arpa": There have been no other issues observed here, so I will mark it as resolved. Max Leighton
06:39 AM Feature #2146 (Resolved): Allow concurrent logins when using vouchers: works as expected in all modes
2.5.0.a.20210104.0250 Viktor Gurov
03:04 AM Bug #6277 (Resolved): RRD graphs are not created correctly for interfaces using CODELQ: works as expected on 2.5.0.a.20210104.0250 -
there is no such errors with CODELQ Viktor Gurov
01:46 AM Feature #11171 (Resolved): Remove debug log entries present following "Block additional logins" feature request: works as expected on 2.5.0.a.20210104.0250
no more extra debug messages
https://github.com/pfsense/pfsense/commit/f... Viktor Gurov
12:11 AM pfSense Packages Feature #11227 (New): Feeds update: Remove:
- www.reputationauthority.org/toptens.php (WatchGuard feed) has no DNS A entry;
- www.badips.com - unable t... Viktor Gurov

01/06/2021

11:20 PM Bug #11224: dhcpd.conf creation - zone declarations: from https://www.freebsd.org/cgi/man.cgi?query=dhcpd.conf&apropos=0&sektion=0&manpath=FreeBSD+12.2-RELEASE+and+Ports&... Viktor Gurov
02:30 AM Bug #11224 (Resolved): dhcpd.conf creation - zone declarations: ARPA zones lack a trailing period. Currently
zone 16.172.in-addr.arpa {
Should be:
zone 16.172.in-addr.arpa... A S
05:40 PM Bug #10942 (Resolved): LDAP Auth error after update 2.5.0.a.20200930.1303: I haven't been able to reproduce on any recent builds, so I will mark this ticket as resolved. Max Leighton
05:10 PM Bug #11226 (Resolved): IPsec VTI phase 2 traffic selectors default to address when defined as a network: The IPSec P2 edit page in the GUI (/vpn_ipsec_phase2.php) defaults the local and remote network type value to 'Addres... Steve Wheeler
04:03 PM pfSense Packages Feature #11186: Allow lo0/Loopback as a valid interface in OSPF/OSPF6: I've never gotten that to work. Adding VIPs to lo0 and then assigning that interface as a passive interface (after mo... Christian McDonald
01:29 PM pfSense Packages Feature #11186: Allow lo0/Loopback as a valid interface in OSPF/OSPF6: I'm probably missing something obviously but I don't see what this achieves? You can already redistribution extra add... Ben Hughes
12:23 PM Bug #11187: WAN_DHCP6 down, but IPv6 actually works: Also, sometimes the gateway shows as "online" after I changed some WAN settings -> "Save" -> "Apply changes". And reb... Aleksandr Mezin
12:20 PM Bug #11187: WAN_DHCP6 down, but IPv6 actually works: Yes, sometimes it just spontaneously starts working (showing the gateway is "online") after a few days (and sometimes... Aleksandr Mezin
11:01 AM Bug #11187: WAN_DHCP6 down, but IPv6 actually works: Having more than one link-local address on an interface can be normal. On the screenshot, you have the PD for the WAN... Marcos M
11:44 AM pfSense Packages Feature #11206: FRR 7.5: If we are moving forward with 7.5, we should consider including the loopback interface ospf modification here too htt... Christian McDonald
09:54 AM pfSense Docs Correction #11221: Feedback on pfSense Configuration Recipes — Routing Internet Traffic Through A Site-To-Site OpenVPN Tunnel: FYI, many screenshots need to be updated. See:
https://redmine.pfsense.org/issues/9370 Marcos M
09:42 AM Feature #11225 (Rejected): Change Host Alias range when it is made from CIDR: The alias doesn't know or care how it's used. It covers the entire subnet. There is no concept for network ID/broadca... Jim Pingle
09:29 AM Feature #11225 (Rejected): Change Host Alias range when it is made from CIDR: Now if I make an Alias using CIDR like 192.168.1.*2*/30 it makes 4 entries which starts from 1st host in the given ra... Constantine Kormashev
07:35 AM Bug #9029: Proxy authentication is not working for HTTPS: Post on the forum first to diagnose your issue. Jim Pingle
07:32 AM Bug #9029: Proxy authentication is not working for HTTPS: I have a fresh pfSense 2.4.5 installation here, same problem with pkg.
Fetch command works but pkg doesn't.
pkg -... Alex D
12:09 AM Bug #11192: Using Limiters causes out of order packets within one TCP or UDP flow: I've succesfully used kernel.hz=1000 and limiter delay=1ms as workaround to fix this problem.
I've also posted mes... Alexey Ab

01/05/2021

09:11 PM Revision 391591ef: IPsec P1/P2 expiration and replacement refresh. Implements #11219: Jim Pingle
03:20 PM Todo #11219 (Feedback): Improve IPsec GUI options for P1/P2 reauth/rekey: I just pushed a set of changes to address all of the above points. GUI fields are now present in both P1 and P2 as la... Jim Pingle
01:13 PM pfSense Docs Correction #11223 (Resolved): Azure Marketplace links are invalid: Links to the pfSense for Azure marketplace page go to https://azuremarketplace.microsoft.com/en-us/marketplace/apps/n... Max Leighton
12:59 PM Revision f4479f0d: Identify minnowboard with BIOS 1.0: Intel has changed MBT identification
Obtained from: https://github.com/pfsense/pfsense/pull/4495 Renato Botelho
12:49 PM Revision 8f00a31d: Merge pull request #4493 from bmhughes/add-watchfrr-to-routing-log: Renato Botelho
12:48 PM Revision 7e5b8cee: Merge pull request #4494 from bmhughes/fix_pkg_edit_button_descr: Renato Botelho
10:18 AM Bug #11222 (Rejected): Firewall rule ignoring custom gateway in advanced section: Not nearly enough information here, and it's not reproducible. Almost certainly something in your config/environment ... Jim Pingle
10:04 AM Bug #11222 (Rejected): Firewall rule ignoring custom gateway in advanced section: Created a custom firewall rule in interface to route traffic to an external gateway.
The rule is applied and correct... Chris Pazz
09:47 AM pfSense Packages Feature #11155: SafeSearch AAAA: Do we need to use a redirect/local-zone for these CNAMES?
Are there any other sub-domains other than the "www." v... BBcan177 .
09:23 AM pfSense Packages Feature #11155 (Pull Request Review): SafeSearch AAAA: Jim Pingle
09:46 AM pfSense Packages Feature #11206 (Pull Request Review): FRR 7.5: Jim Pingle
09:21 AM pfSense Packages Bug #11204 (Pull Request Review): Fix net-snmp logging to syslog: Jim Pingle
09:19 AM Bug #11220 (Rejected): Alert: XMLRPC method captive_portal_sync: I can't reproduce this here and there isn't nearly enough information to determine any possible cause in your environ... Jim Pingle
03:41 AM Bug #11220 (Rejected): Alert: XMLRPC method captive_portal_sync: Hi all,
on an HA system running on 2.4.5p1, fully functional, without problems in all conditions, if I upgrade on ... Luca De Andreis
08:05 AM pfSense Docs Correction #11221: Feedback on pfSense Configuration Recipes — Routing Internet Traffic Through A Site-To-Site OpenVPN Tunnel: By the way:
Section:
https://docs.netgate.com/pfsense/en/latest/recipes/openvpn-s2s-route-internet-traffic.html#set... Michael Huck
07:59 AM pfSense Docs Correction #11221 (Closed): Feedback on pfSense Configuration Recipes — Routing Internet Traffic Through A Site-To-Site OpenVPN Tunnel: *Page:* https://docs.netgate.com/pfsense/en/latest/recipes/openvpn-s2s-route-internet-traffic.html
*Feedback:*
Th... Michael Huck
07:16 AM Feature #11207 (Feedback): Add watchfrr to routing log: Renato Botelho
07:00 AM Feature #11207: Add watchfrr to routing log: PR has been merged. Thanks! Renato Botelho
07:11 AM pfSense Packages Feature #11186: Allow lo0/Loopback as a valid interface in OSPF/OSPF6: Any update on this PRR?
Seems like a pretty benign easily validated pull request. I've been running this code for ... Christian McDonald
07:02 AM Bug #9242 (Feedback): MBT-4220/2220 not recognized by pfsense correctly after UEFI upgraded to 1.00: PRs have been merged. Thanks! Renato Botelho
06:48 AM Bug #11208 (Feedback): pkg_edit uses incorrect description for pkg_edit buttons: PR has been merged. Thanks! Renato Botelho

01/04/2021

09:05 PM Revision 5f555ece: Remove zabbix44 packages due to EOL: Renato Botelho
04:15 PM Revision 99aa6737: Fix PHP error in Mobile IPsec validation. Fixes #11212: Jim Pingle
02:30 PM Revision 0f2a455f: Update translation files: Renato Botelho
02:27 PM Revision 1452926e: Regenerate pot: Renato Botelho
02:01 PM Todo #11219 (Resolved): Improve IPsec GUI options for P1/P2 reauth/rekey: Additional options are available to control for P1 and P2 renegotiation but we either calculate them or accept the de... Jim Pingle
01:43 PM Bug #9242: MBT-4220/2220 not recognized by pfsense correctly after UEFI upgraded to 1.00: proposed fix for pfsense added in
for gui config added in https://github.com/pfsense/pfsense/pull/4495
And fix for... Grzegorz Krzystek
11:30 AM pfSense Packages Feature #11206: FRR 7.5: pfSense-pkg-frr Port PR: https://github.com/pfsense/FreeBSD-ports/pull/1021 Ben Hughes
11:27 AM pfSense Packages Feature #11206: FRR 7.5: frr7 Port PR: https://github.com/pfsense/FreeBSD-ports/pull/1020 Ben Hughes
10:01 AM pfSense Packages Feature #11206: FRR 7.5: Ok sounds a plan, as you say in hindsight I should've started at 1.0.0 when first starting the move to a integrated c... Ben Hughes
09:56 AM pfSense Packages Feature #11206: FRR 7.5: Ben Hughes wrote:
> I've bumped the port version to 0.7.0 for pfSense-pkg-frr because of the changes, but looking ba... Jim Pingle
11:09 AM Feature #8786: Wireguard VPN: It's still being worked on (and has been the whole time). There are ongoing stability issues that have yet to be fixe... Jim Pingle
10:34 AM Feature #8786: Wireguard VPN: From https://svnweb.freebsd.org/base?view=revision&revision=368163
> Sponsored by: Rubicon LLC, (Netgate)
Just want... Christian Weiss
10:26 AM Bug #11183 (Duplicate): Mutliply OpenVPN Backend for authentication lead to permanent AUTH_FAIL: Duplicate of #11104 Jim Pingle
10:25 AM Bug #11212 (Feedback): PHP error on Mobile IPsec input validating error: Applied in changeset commit:99aa67376e4f654be8a46c27ae4a57ee16cbd26d. Jim Pingle
10:14 AM Bug #11212 (In Progress): PHP error on Mobile IPsec input validating error: I can reproduce it here, too. I have a fix, pushing shortly. Jim Pingle
10:23 AM pfSense Packages Bug #11214 (Resolved): mail reports typo "Define reports to by sent periodically via email. ": Not a docs issue, but a typo on the page.
Fix pushed.
Jim Pingle
10:16 AM pfSense Packages Bug #11175 (Resolved): FRR OSPFv6 config missing default area: Jim Pingle
10:11 AM Feature #11211 (Pull Request Review): GUI option to set RADIUS Timeout for EAP-RADIUS: Jim Pingle
10:01 AM Feature #11140 (Pull Request Review): Allow the firewall to use DNS servers provided to an OpenVPN client instance: Jim Pingle
09:57 AM pfSense Packages Feature #10605 (Pull Request Review): Add certificates from Trusted Store to Squid cert store: Jim Pingle
09:55 AM Bug #11208 (Pull Request Review): pkg_edit uses incorrect description for pkg_edit buttons: Jim Pingle
09:52 AM Feature #11207 (Pull Request Review): Add watchfrr to routing log: Jim Pingle
09:34 AM pfSense Packages Bug #11217 (Feedback): tun-ipv6 is depracated on OpenVPN 2.4: Fixed in v1.5_5. Now only added when "legacy" is checked. Jim Pingle
03:48 AM pfSense Packages Bug #11217 (Resolved): tun-ipv6 is depracated on OpenVPN 2.4: Hi, if export OpenVPN config via pfSense Client Export Utility with disabled "Legacy Client" on latest tunnelblink on... DRago_Angel [InV@DER]
09:15 AM Bug #11218 (Rejected): /rc.carpmaster: New alert found: A communications error occurred while attempting to call XMLRPC method captive_portal_sync:: I can't reproduce this here and there isn't nearly enough information to determine any possible cause in your environ... Jim Pingle
08:17 AM Bug #11218: /rc.carpmaster: New alert found: A communications error occurred while attempting to call XMLRPC method captive_portal_sync:: More details:
- When motion master to slave (enter in persistant mode...) no alert
- When reenable old master to ... Luca De Andreis
07:35 AM Bug #11218 (Rejected): /rc.carpmaster: New alert found: A communications error occurred while attempting to call XMLRPC method captive_portal_sync:: Hi,
Two nodes in last 2.5 release, when I reboot the master node or when move the master to secondary I see this a... Luca De Andreis
08:40 AM Bug #10943 (Resolved): boot fail after upgrade to the latest snapshot 20201001.0050. if bios is set to efi: Renato Botelho
07:39 AM pfSense Packages Feature #10739: Update HAproxy-devel package to 2.2 and HAproxy to 2.0: As I mentioned in #11216 (Duplicate):
pfSense-pkg-haproxy is still using haproxy18 where as pfSense-pkg-haproxy-deve... Torben Hørup
07:31 AM pfSense Packages Feature #11216 (Duplicate): haproxy 2.x: Jim Pingle
07:14 AM pfSense Packages Feature #11216: haproxy 2.x: Sorry - dublicate of #10739
just close again Torben Hørup
03:11 AM pfSense Packages Feature #11216 (Duplicate): haproxy 2.x: pfSense-pkg-haproxy is still using haproxy18 where as pfSense-pkg-haproxy-devel is using haproxy (which currently poi... Torben Hørup
12:47 AM pfSense Packages Todo #11215 (Resolved): Update NtopNG to 4.2: Hi there latest ntopng 4.2 stable version is available for freebsd 12, could you please update to it in 2.5.x? DRago_Angel [InV@DER]

01/03/2021

04:34 PM Bug #11183: Mutliply OpenVPN Backend for authentication lead to permanent AUTH_FAIL: Hi Viktor, changed OpenVPN settings to use 2 auth backends after adjust CA to Global CA list, and still same AUTH_FAI... DRago_Angel [InV@DER]
12:28 PM Revision 8f585441: Update the Copyright year.: A subsequent commit will deal with .po's. Luiz Souza
10:04 AM pfSense Packages Feature #9833: ACME: add ability to use custom ACME server: Stanislav Dimov wrote:
> +1. Any progress on this?
+1 on this as well. Have recently setup an ACME server locall... Michael .
08:29 AM pfSense Packages Bug #11214 (Resolved): mail reports typo "Define reports to by sent periodically via email. ": /status_mail_report.php
Email Reports
Define reports to by sent periodically via email.
should be
Define re... gavin penney
07:09 AM Feature #11213 (New): Option to mark gateway as down directly from Table: Hello
Sometimes it happened to me to put in down state a gateway that was part of a group of Gateways.
To do this, ... Stefano Mereghetti
02:33 AM Bug #11192: Using Limiters causes out of order packets within one TCP or UDP flow: I have tried to disable whole if (/*dn_cfg.io_fast */ && ...) via patching /boot/kernel/dummynet.ko .
Traffic then... Alexey Ab

01/02/2021

09:07 PM pfSense Packages Feature #10818: UDP Broadcast Relay: Would absolutely love to see this becoming a pfSense package. Thank you Chetan and Garth for taking a shot at this. Kevin L
08:17 PM pfSense Packages Feature #11201: Show iTLD Allow IDN domains: Those don't provide a number of domains per TLD. BBcan177 .
08:09 PM Feature #8786: Wireguard VPN: Wireguard has been merged into freebsd 13
https://svnweb.freebsd.org/base?view=revision&revision=368163
https:/... Jamie Murphy
05:42 PM Bug #10943: boot fail after upgrade to the latest snapshot 20201001.0050. if bios is set to efi: sorry, i didn't noticed a notification for this,
i was able to try ISO [datastore1] pfSense-CE-2.5.0-DEVELOPMENT-amd... Manuel Piovan
02:13 PM pfSense Packages Bug #11175: FRR OSPFv6 config missing default area: Fixed
Default Area is added to OSPF6 configuration
router ospf6
area 0.0.0.0 range 684d:1111:222:3333::/64 co... Alhusein Zawi
11:25 AM pfSense Packages Feature #11155: SafeSearch AAAA: Added description regarding IPv4/IPv6 redirect support by search engines.
https://github.com/pfsense/FreeBSD-ports/p... Danilo Zrenjanin
09:01 AM Feature #11211: GUI option to set RADIUS Timeout for EAP-RADIUS: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/89 Viktor Gurov
07:18 AM Feature #11211 (Closed): GUI option to set RADIUS Timeout for EAP-RADIUS: see https://forum.netgate.com/topic/108637/ipsec-ikev2-with-eap-radius-vpn-azure-multi-factor-authentication
and htt... Viktor Gurov
08:49 AM Bug #11212 (Resolved): PHP error on Mobile IPsec input validating error: If you make any input validating error on the vpn_ipsec_mobile.php page,
and you have more then one auth source:
<... Viktor Gurov
02:50 AM Feature #11140: Allow the firewall to use DNS servers provided to an OpenVPN client instance: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/88 Viktor Gurov
02:04 AM Bug #11192: Using Limiters causes out of order packets within one TCP or UDP flow: And the same commented code in pfsense repository.
https://github.com/pfsense/FreeBSD-src/blob/devel-12/sys/netpfi... Alexey Ab
01:48 AM Bug #11192: Using Limiters causes out of order packets within one TCP or UDP flow: Since net.inet.ip.dummynet.io_fast does split path of packets for saturated/unsaturated pipe mode, then this setting ... Alexey Ab

Also available in: Atom

Project

General

Profile

pfSense

Activity

Activity

01/31/2021

01/30/2021

01/29/2021

01/28/2021

01/27/2021

01/26/2021

01/25/2021

01/24/2021

01/23/2021

01/22/2021

01/21/2021

01/20/2021

01/19/2021

01/18/2021

01/17/2021

01/16/2021

01/15/2021

01/14/2021

01/13/2021

01/12/2021

01/11/2021

01/10/2021

01/09/2021

01/08/2021

01/07/2021

01/06/2021

01/05/2021

01/04/2021

01/03/2021

01/02/2021