Activity

30 days up to

User

Subprojects

Activity

From 01/10/2021 to 02/08/2021

02/08/2021

07:04 PM Revision 83081d3a: Revert "Refactor system_advanced_misc for MVC": This reverts commit c33b0ab6c2fcd4c9786d1b5e7903c01fa1fafa7d. Steve Beaver
07:03 PM Revision b29e6e1b: Revert "Refactor system_advanced_misc for MVC": This reverts commit c33b0ab6c2fcd4c9786d1b5e7903c01fa1fafa7d. Steve Beaver
06:07 PM Revision 5898a649: Refactor system_advanced_misc for MVC: Steve Beaver
06:07 PM Revision c33b0ab6: Refactor system_advanced_misc for MVC: Steve Beaver
06:01 PM Revision 66933ee4: Typo: Steve Beaver
06:00 PM Revision 1965b431: Typo: Steve Beaver
05:54 PM Revision d1216ae0: Add registered trdemark symbol where appropriate: Steve Beaver
05:53 PM Revision b34b2151: Add registered trdemark symbol where appropriate: Steve Beaver
05:52 PM Bug #10966: IPv6 - WAN does not renew address when upstream fails: Apart from the initial failure to get an address on the WAN interface, i've not lost DHCPv6 on the WAN interface in 5... John Griffin
03:39 PM Bug #11384 (Rejected): cannot load "/etc/bogonsv6": Invalid argument: This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
03:37 PM Bug #11384 (Rejected): cannot load "/etc/bogonsv6": Invalid argument: I use latest stable version and get constantly the following Notice.
There were error(s) loading the rules: /tmp/r... jan peter
02:40 PM pfSense Docs Correction #11244 (Resolved): Feedback on Packages — Nut package: I added a link to the forum thread on the docs page. Having a link to the forum thread for assistance is good.
The... Jim Pingle
01:23 PM Revision d6b55b5f: Nested alias checking fix. Issue #11372: Viktor Gurov
01:22 PM Revision 65371889: Nested alias checking fix. Issue #11372: Viktor Gurov
01:22 PM Revision 4f630b14: Return correct Track IPv6 address if >1 VIP on interface. Issue #5999: Viktor Gurov
12:17 PM pfSense Packages Feature #8547: fwknop Port Knocking Package: Kurt Yoder wrote:
> > Because security bugs are frequently discovered in all sorts of software, *including security... David Yon
11:23 AM Revision 7409f072: Fix branch name: devel -> master: Renato Botelho
09:11 AM Bug #11378 (Feedback): Unknown OID error on ZFS install: It was removing CDDL from installer. I've pushed a fix. Renato Botelho
07:49 AM Bug #11378: Unknown OID error on ZFS install: Confirmed here as well. After selecting the disk for ZFS and opting to continue, it stops with that error and won't p... Jim Pingle
05:18 AM Bug #11378: Unknown OID error on ZFS install: I experience the same phenomenon when I try to install 2.5.0 Snapshot on TrueNAS with ZFS as target filesystem. When ... Pim Pish
09:06 AM Bug #9643: Limiters do not function properly on 2.5 snapshots: Hi. I am also able to reproduce this. It works fine on 2.4.5, but on 2.5.0, the minute the floating rule is enable, I... Kevin S
03:26 AM Bug #9643: Limiters do not function properly on 2.5 snapshots: I'm able to reproduce this. As mentioned in earlier comments, the issue only shows when the inbound queue is enabled.... Peter Grehan
07:42 AM Bug #11383: pfSense Proxy Authentication not working: Confirmed here as well, if I set a system to use a proxy that requires auth, it can't communicate with the package se... Jim Pingle
07:19 AM Bug #11383 (Closed): pfSense Proxy Authentication not working: Proxy Username/Password on the system_advanced_misc.php is being ignored
You can see them in `env`:... Viktor Gurov
07:33 AM pfSense Packages Bug #11373 (Feedback): FRR: BGP neighbor remote-as external doesn't work: Merged Renato Botelho
07:17 AM pfSense Packages Bug #11373 (Pull Request Review): FRR: BGP neighbor remote-as external doesn't work: Jim Pingle
07:33 AM pfSense Packages Bug #11376 (Feedback): BGP MD5 keys are not removed on service stop: Merged Renato Botelho
07:19 AM pfSense Packages Bug #11376 (Pull Request Review): BGP MD5 keys are not removed on service stop: Jim Pingle
07:29 AM pfSense Packages Feature #10605 (Feedback): Add certificates from Trusted Store to Squid cert store: Merged Renato Botelho
05:16 AM pfSense Packages Feature #10605: Add certificates from Trusted Store to Squid cert store: 2.4.5 fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/47 Viktor Gurov
04:06 AM pfSense Packages Feature #10605 (New): Add certificates from Trusted Store to Squid cert store: works fine on 2.5, but produces php error on 2.4.5 if 'Extra Trusted CA' != none:... Viktor Gurov
07:28 AM pfSense Packages Bug #11381 (Feedback): PHP error after clean Zeek install: Merged Renato Botelho
07:23 AM Bug #5999 (Feedback): IPv6 IP Alias prevents Track Interface from working with DHCPv6 and RA: Merged Renato Botelho
07:22 AM Bug #5999 (Pull Request Review): IPv6 IP Alias prevents Track Interface from working with DHCPv6 and RA: Jim Pingle
07:23 AM Bug #11372 (Feedback): I can delete nested alias even if it is in use: Merged Renato Botelho
07:18 AM Bug #11372 (Pull Request Review): I can delete nested alias even if it is in use: Jim Pingle
07:21 AM pfSense Packages Bug #11377 (Pull Request Review): FRR deinstall: Removing the leftover files is fine but I don't think this package needs the ability to reset/wipe the config. Too da... Jim Pingle
07:19 AM Feature #11380 (Pull Request Review): PHP shell playback script to modify Alias contents: Renato Botelho
07:19 AM Bug #11382 (Pull Request Review): OpenVPN client configuration page displays Shared Key option when set for SSL/TLS: Renato Botelho
02:19 AM Bug #11382: OpenVPN client configuration page displays Shared Key option when set for SSL/TLS: it also hides the `tlsauth_keydir` field for 'Shared Key" mode (see #11336):
https://gitlab.netgate.com/pfSense/pfSe... Viktor Gurov
02:02 AM Bug #11382 (Resolved): OpenVPN client configuration page displays Shared Key option when set for SSL/TLS: If you create an OpenVPN client instance in the 'Shared Key' mode and then switch it to "SSL/TLS" mode, the WebGUI st... Viktor Gurov
07:18 AM Feature #7077 (Pull Request Review): Display negotiated data encryption algorithm in OpenVPN connection status: Renato Botelho
04:49 AM Feature #7077 (New): Display negotiated data encryption algorithm in OpenVPN connection status: sample output:... Viktor Gurov
07:13 AM Feature #11374: WireGuard Status in GUI: I agree that it would be nice but the WireGuard utility @wg@ does not expose any of that information for us to use. T... Jim Pingle
05:57 AM Bug #6028 (Resolved): no firewall rules loaded after reboot with invalid ruleset: tested with patch on 2.5.0.a.20210204.2250
works as expected Viktor Gurov
12:51 AM pfSense Packages Feature #11295: DNSBL IDN support: https://github.com/pfsense/FreeBSD-ports/pull/1036 Viktor Gurov
12:32 AM Bug #11254 (Resolved): Some OpenVPN configuration files remain after deleting an instance: Viktor Gurov

02/07/2021

05:43 PM Bug #11254: Some OpenVPN configuration files remain after deleting an instance: In the February 4 image of 2.5, I can no longer get the PHP crash after deleting the server/client instance of OpenVP... Max Leighton
05:21 PM Feature #7077: Display negotiated data encryption algorithm in OpenVPN connection status: Now that OpenVPN 2.5.0 is released and will be included pfSense 2.5.0, can this feature request be reopened? Matthew Ray
03:30 PM Bug #11367 (Resolved): radvd.conf keeps old configuration: Tested on
2.5.0-DEVELOPMENT (amd64)
built on Thu Feb 04 22:53:51 CST 2021
FreeBSD 12.2-STABLE
With router ad... Max Leighton
12:41 PM Revision 89c7e448: Return correct Track IPv6 address if >1 VIP on interface. Issue #5999: Viktor Gurov
12:37 PM Bug #5999: IPv6 IP Alias prevents Track Interface from working with DHCPv6 and RA: Hey Viktor,
Thanks for the update. Given your feedback, I was able to download the latest snapshot and re-test thi... Allen Balaj
06:46 AM Bug #5999: IPv6 IP Alias prevents Track Interface from working with DHCPv6 and RA: Return correct Track IPv6 address if >1 VIP on interface:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_request... Viktor Gurov
01:23 AM Bug #5999: IPv6 IP Alias prevents Track Interface from working with DHCPv6 and RA: Allen Balaj wrote:
> I'm currently on 2.5.0.a.20201124.0050. My firewall is single LAN, single WAN, ~2 dozen VLANs, ... Viktor Gurov
10:44 AM pfSense Packages Bug #11381: PHP error after clean Zeek install: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/46 Viktor Gurov
09:48 AM pfSense Packages Bug #11381 (Resolved): PHP error after clean Zeek install: If you press save on the Zeek package configuration page without any options/checkboxes, PHP errors will occur:
<pre... Viktor Gurov
07:48 AM Feature #11380: PHP shell playback script to modify Alias contents: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/125 Viktor Gurov
05:38 AM Feature #11380 (Resolved): PHP shell playback script to modify Alias contents: It would be very helpful
/etc/phpshellsessions/aliasmod script with a syntax:
aliasmod <add/del> <Aliasname> <Entry... Viktor Gurov
05:40 AM pfSense Packages Bug #3085 (Resolved): squidguard: problems when importing a blacklist archive containing soft-links: works as expected, see https://forum.netgate.com/topic/160607/squidguard-ut1-blacklist-support Viktor Gurov
05:26 AM Feature #11379 (New): Template Roll Printer: It would be nice to add a 'Voucher Roll Print' page to print Captive Portal's vouchers using templates.
see https:... Viktor Gurov
04:00 AM pfSense Packages Bug #11334 (Resolved): FRR IPv4 OSPF passive-interface not working: 1.1.0_3, /var/etc/frr/frr.conf:... Viktor Gurov
03:52 AM Bug #11378 (Resolved): Unknown OID error on ZFS install: https://forum.netgate.com/topic/160599/2-5-0-development-unknown-oid:
This installation error has been seen in ... p... Viktor Gurov
03:28 AM pfSense Packages Feature #11199 (Resolved): Minor updates: pfBlockerNG-devel 3.0.0_9 - all OK Viktor Gurov
03:21 AM pfSense Packages Bug #11377: FRR deinstall: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/45 Viktor Gurov
03:03 AM pfSense Packages Bug #11377 (Pull Request Review): FRR deinstall: After uninstalling FRR all '<frr*>' entries are still in config.xml
`/var/etc/frr' also contains config files Viktor Gurov
03:00 AM pfSense Packages Bug #11376: BGP MD5 keys are not removed on service stop: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/44 Viktor Gurov
02:56 AM pfSense Packages Bug #11376 (Resolved): BGP MD5 keys are not removed on service stop: 'setkey -D' keeps showing key association when you stop/disable FRR service.
see also #11325 Viktor Gurov
01:53 AM pfSense Packages Bug #11375 (Closed): UPS Type <BLANK> for USB APC: there is no issue Viktor Gurov
01:32 AM pfSense Packages Bug #11375 (New): UPS Type <BLANK> for USB APC: https://forum.netgate.com/topic/158235/potential-bug-found-with-apcupsd-package-version-0-3-91_8-and-configuring-it-i... Viktor Gurov
01:00 AM Bug #11372: I can delete nested alias even if it is in use: I can reproduce it on 2.4.5/2.5
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/123 Viktor Gurov
12:08 AM pfSense Packages Bug #11373: FRR: BGP neighbor remote-as external doesn't work: fix:
2.5:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/42
2.4.5:
https://gitlab.netgate.... Viktor Gurov

02/06/2021

11:03 PM pfSense Packages Bug #11191 (Resolved): Installing and Removing pfBlockerNG Leaves Shell Scripts in webConfigurator Messages: Viktor Gurov
05:19 PM pfSense Packages Bug #11191: Installing and Removing pfBlockerNG Leaves Shell Scripts in webConfigurator Messages: Verified that this is no longer a problem. Unchecking the save settings checkbox and then removing the package prope... Kris Phillips
10:14 PM pfSense Packages Bug #11343: Invalid link to pfSense-pkg-bind changelog: Anthony Pants wrote:
> If you go to "Installed Packages" (/pkg_mgr_installed.php) or "Available Packages" (/pkg_mgr.... Michael Spears
10:39 AM Feature #11374 (Closed): WireGuard Status in GUI: A usability request:
WireGuard in 2.5.0devel is indeed very performant. I have been testing it in pfSense (as 'ser... Jum Pers
10:33 AM pfSense Packages Feature #10619 (Resolved): Various FRR enhancements: Tested on 21.02-DEVELOPMENT (built on Thu Feb 04 22:53:54 CST 2021)
I see all these enhancements enabled.
This ... Azamat Khakimyanov
10:15 AM pfSense Packages Bug #11373 (Resolved): FRR: BGP neighbor remote-as external doesn't work: if you put `external` in the web GUI as the remote-as the generated configuration doesn't include a `neighbor <ip-add... Joel Gallun
09:43 AM Bug #7313 (Feedback): Crazy behviour of Virtual IP: This was likely due to inconsistent interface and/or port names across the nodes. Setting to feedback for now, then c... Marcos M
09:35 AM Bug #11368 (Resolved): OpenVPN Remote Access (User Auth): Tested with
2.5.0-DEVELOPMENT (amd64)
built on Thu Feb 04 22:53:51 CST 2021
FreeBSD 12.2-STABLE
Remote Access... Max Leighton
04:07 AM pfSense Packages Feature #10202 (Resolved): redistribute bgp + route-map filtering in OSPF6: Tested on 21.02-DEVELOPMENT (built on Thu Feb 04 22:53:54 CST 2021)
There are redistribute bgp + route-map filteri... Azamat Khakimyanov

02/05/2021

04:49 PM Bug #11372: I can delete nested alias even if it is in use: Alexey Muzychenko wrote:
> If I define an alias, use it in any firewall rule directly and try to delete the alias - ... Michael Spears
01:55 AM Bug #11372 (Closed): I can delete nested alias even if it is in use: If I define an alias, use it in any firewall rule directly and try to delete the alias - I get an error "Cannot delet... Alexey Muzychenko
03:15 PM pfSense Docs New Content #11150 (Feedback): vpn_ipsec_export_win.php missing from help.php: Documentation is now in place:
https://docs.netgate.com/pfsense/en/latest/packages/ipsec-export.html Jim Pingle
01:52 PM pfSense Docs New Content #11150: vpn_ipsec_export_win.php missing from help.php: I added vpn_ipsec_export_win.php and vpn_ipsec_profile.php to help.php, the documentation is still a work in progress. Jim Pingle
01:58 PM Revision fa0dc0f0: Respect REPO_BRANCH_PREFIX on FREEBSD_BRANCH: Renato Botelho
01:57 PM Revision be3503ca: Respect REPO_BRANCH_PREFIX on FREEBSD_BRANCH: Renato Botelho
01:07 PM Revision ed5564a3: Fix branch name: Renato Botelho
11:39 AM Revision 3537f4a8: Welcome 2.5.0-RC: Renato Botelho
11:31 AM Revision 87b93bb8: It's time to move to 2.6.0-DEVELOPMENT: Renato Botelho
09:57 AM Feature #11354 (Feedback): WireGuard should respond from the address used by peer: Latest snapshot has the changes from the patch above, and the responses are sent back from the address used to contac... Jim Pingle
09:38 AM Bug #6028: no firewall rules loaded after reboot with invalid ruleset: Chris Linstruth wrote:
> Manually created an invalid configuration by modifying config.xml to make an HFSC queue tha... Renato Botelho
09:25 AM Bug #6028: no firewall rules loaded after reboot with invalid ruleset: Chris Linstruth wrote:
> Manually created an invalid configuration by modifying config.xml to make an HFSC queue tha... Renato Botelho
09:12 AM Bug #6028: no firewall rules loaded after reboot with invalid ruleset: Manually created an invalid configuration by modifying config.xml to make an HFSC queue that cannot load because the ... Chris Linstruth
09:23 AM pfSense Packages Bug #11271 (Resolved): Setting default-originate in FRR/BGP Silently Appends a route-map: Renato Botelho
08:03 AM pfSense Packages Bug #11271: Setting default-originate in FRR/BGP Silently Appends a route-map: This works as expected for one route map spanning both families. Much better. Thank you. Chris Linstruth
08:31 AM pfSense Packages Bug #11346 (Resolved): Raw-Config not working: Jim Pingle
08:31 AM Bug #11371 (Rejected): package install failed pfSense: 2.4.5_1: This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
08:29 AM pfSense Packages Bug #6818: WAN traffic graph displays inverted bandwidth columns: I was checking traffic today, in a situation of heavy file upload to the internet, and i'm seeing that everything is ... Fernando Rapetti
07:37 AM pfSense Docs Correction #11170 (Resolved): Feedback on Routing — Static Routes: Thank you very much. Resolving. Chris Linstruth
04:54 AM pfSense Packages Feature #11155: SafeSearch AAAA: Renato Botelho wrote:
> PR has been merged. Thanks!
PR 1035 containing this change has been merged. Thanks! Renato Botelho
04:52 AM pfSense Packages Feature #11155 (Feedback): SafeSearch AAAA: PR has been merged. Thanks! Renato Botelho
04:53 AM pfSense Packages Feature #11022 (Feedback): Add feeds from Firebog.net to pfBlockerNG: PR 1035 containing this change has been merged. Thanks! Renato Botelho
04:48 AM pfSense Packages Feature #11201 (Feedback): Show iTLD Allow IDN domains: PR has been merged. Thanks! Renato Botelho
04:46 AM pfSense Packages Feature #11199 (Feedback): Minor updates: PR has been merged. Thanks! Renato Botelho
04:44 AM pfSense Packages Bug #11191 (Feedback): Installing and Removing pfBlockerNG Leaves Shell Scripts in webConfigurator Messages: PR has been merged. Thanks! Renato Botelho

02/04/2021

11:03 PM pfSense Packages Bug #11345: FRR-OSPF - No "prefix-list" possible: * prefix can be chosen from Route Filtering in OSPF area.
* Configuration is reflected in config. file.
!
rou... Alhusein Zawi
10:18 PM Bug #11371 (Rejected): package install failed pfSense: 2.4.5_1: I setup PFsence with a basic setup back in November and finally got around to moving my network over to it. I just tr... Brian Nerny
09:29 PM pfSense Packages Bug #11346: Raw-Config not working: Issue is fixed
* updated the running config (or created new configuration)
* changed the configuration.
* pre... Alhusein Zawi
06:54 PM Feature #11354: WireGuard should respond from the address used by peer: I only tried with reboot failover which simplifies the problem: there are no races where packets can be queued awaiti... Peter Grehan
08:49 AM Feature #11354: WireGuard should respond from the address used by peer: Done Renato Botelho
08:46 AM Feature #11354: WireGuard should respond from the address used by peer: I'm going to merge this patch before next snapshot
Renato Botelho
08:05 AM Feature #11354 (New): WireGuard should respond from the address used by peer: It's definitely better with that if_wg.ko. When the peer sends packets, it replies from the correct address.
Testi... Jim Pingle
06:07 AM Feature #11354 (Feedback): WireGuard should respond from the address used by peer: I believe this is now fixed. The destination address of ingress wg packets wasn't being saved. This is now being done... Peter Grehan
06:13 PM Revision 21c2bb34: Remove what I suspect is a debug leftover: Renato Botelho
03:12 PM Revision 93830bec: OpenVPN rmdir fix. Issue #11254: Viktor Gurov
03:07 PM Revision 91cd1741: Check RA service on interface IPv6 type change. Fixes #11367: Viktor Gurov
01:17 PM Bug #8686: IPsec VTI: Assigned interface firewall rules are never parsed: I made patch (attached) that adds a GUI option to toggle between the two behaviors: Filtering on enc0 (tunnel+vti), a... Jim Pingle
12:18 PM pfSense Packages Bug #11135: HAproxy OCSP reponse crontab bug: Do not set target version on package tickets Renato Botelho
12:18 PM Bug #11370 (Closed): firewall_aliases_edit.php is limited in the number of input entries it can save to an alias: This is likely related to #10937
When creating a new alias of type "host", the number of entries that get saved is... Marcos M
12:17 PM Bug #11159 (Resolved): Allow wildcard dns record of type A in the DynDNS client for DNS provider Gandi: Renato Botelho
12:15 PM Bug #9796: kernel panic after removing interfaces: gauthier segond wrote:
> hello.
>
> I had the same problem on the 11/11/2020 build. i made a video and here are t... Renato Botelho
12:03 PM Bug #8136: dpinger for WAN DHCPv6 gets fails to update gateway IP: Danilo Zrenjanin wrote:
> Can you provide more details on how to replicate the issue? Is it related only to the PPPo... Renato Botelho
12:01 PM Feature #8786 (Resolved): Wireguard VPN: Import of wireguard is complete. Issues are being tracked on separate tickets Renato Botelho
12:00 PM Bug #11265 (Resolved): Remove log spam due to bootstrap map file: Renato Botelho
11:30 AM Revision 3673b6d0: Style fixes: Renato Botelho
11:06 AM Bug #11363: Clean Install 2.5.0 fails due to hardware incompability: Probably not much to do if it's specific to certain hardware like that except trying a BIOS update and changing boot ... Jim Pingle
11:03 AM Feature #10010 (Resolved): Update infoblock on the Dashboard to include a link to The pfSense Book, rather than the community maintained documentation: Yep, this was fixed quite a while ago. Jim Pingle
03:38 AM Feature #10010: Update infoblock on the Dashboard to include a link to The pfSense Book, rather than the community maintained documentation: The above links now point to the same location. GChuf 6
11:03 AM Revision 729a4540: OpenVPN User Auth fix. Issue #11368: Viktor Gurov
10:56 AM Bug #11361: ISO Installer not functioning on latest snapshots: Adding another data point, the latest snapshot installs as expected. Jim Pingle
06:27 AM Bug #11361: ISO Installer not functioning on latest snapshots: I can confirm. The latest release works fine. Thank you. Danilo Zrenjanin
05:43 AM Bug #11361 (Resolved): ISO Installer not functioning on latest snapshots: memstick is also working Renato Botelho
05:33 AM Bug #11361: ISO Installer not functioning on latest snapshots: yon Liu wrote:
> @jimp Do you get the same behavior with the memstick?
>
> yes. i am using memstick, it still can... Renato Botelho
10:44 AM Bug #11365: dhcpv6 cannot push ipv6 gateway address: I can't reproduce this here. radvd is running, clients on LAN get an IPv6 gateway and full connectivity. DHCPv6 serve... Jim Pingle
10:38 AM Bug #11365 (New): dhcpv6 cannot push ipv6 gateway address: not such issue on my other VM (on the same Proxmox host, same 2.5.0.a.20210203.1432)
seems like VM/Hypervisor specific Viktor Gurov
09:35 AM Bug #11365: dhcpv6 cannot push ipv6 gateway address: bug in pf2.5
2.5.0-DEVELOPMENT (amd64)
built on Wed Feb 03 14:36:18 CST 2021
FreeBSD 12.2-STABLE
!https://i.im... yon Liu
01:08 AM Bug #11365 (Confirmed): dhcpv6 cannot push ipv6 gateway address: no such issue on 2.4.5-p1,
radvd -d5 -m stderr -n -C /var/etc/radvd.conf
2.5.0.a.20210203.1432 output:... Viktor Gurov
10:16 AM Bug #11364 (Rejected): php-fpm and netstat taking very high CPU: There isn't nearly enough information here to qualify this as a bug. Keep the discussion on the forum for now. Jim Pingle
09:43 AM Feature #11369 (Resolved): add Enabling IPv6 Source Address Validation support: i have no find about this how do it Enabling IPv6 Source Address Validation support in pfsense system?
After t... yon Liu
09:15 AM Bug #11367: radvd.conf keeps old configuration: Applied in changeset commit:91cd17417d7cba3ab5dbe55f0ced02eaef78c45b. Viktor Gurov
09:08 AM Bug #11367 (Feedback): radvd.conf keeps old configuration: Merged Renato Botelho
05:24 AM Bug #11367 (Pull Request Review): radvd.conf keeps old configuration: Renato Botelho
02:04 AM Bug #11367: radvd.conf keeps old configuration: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/120 Viktor Gurov
01:35 AM Bug #11367 (Resolved): radvd.conf keeps old configuration: radvd.conf keeps the old configuration when you switch "IPv6 Configuration Type" to non-Static (DHCP6,SLAAC) IPv6 typ... Viktor Gurov
09:12 AM Bug #11254 (Feedback): Some OpenVPN configuration files remain after deleting an instance: Merged Renato Botelho
05:24 AM Bug #11254 (Pull Request Review): Some OpenVPN configuration files remain after deleting an instance: Renato Botelho
04:29 AM Bug #11254 (New): Some OpenVPN configuration files remain after deleting an instance: sometime for some reason it shows PHP error:... Viktor Gurov
09:11 AM Feature #7727 (Feedback): uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: Keith contacted me and said it will be tested during the weekend. Leave it in feedback state until hear about results Renato Botelho
05:53 AM Bug #10966 (In Progress): IPv6 - WAN does not renew address when upstream fails: Renato Botelho
05:42 AM Bug #10966: IPv6 - WAN does not renew address when upstream fails: But I do a manual release / renew and it picks up an address
Logs Attached showing the reboot releasing (?) the ... John Griffin
05:35 AM Bug #10966: IPv6 - WAN does not renew address when upstream fails: I updated this morning to the latest 2.5 release which had the dhcp6-20080615.2_4 client. I then rebooted this aftern... John Griffin
05:50 AM Bug #11272: OCSP settings only for TLS auth: this is incorrect, fixed in #11368
the only difference between "SSL/TLS + User Auth" and "User Auth" is the `verif... Viktor Gurov
05:47 AM Bug #11362 (Closed): Peer Certificate Options Missing when creating new Server in 2.5x in User/Auth Mode: fix in #11368 Viktor Gurov
03:13 AM Bug #11362 (Feedback): Peer Certificate Options Missing when creating new Server in 2.5x in User/Auth Mode: Tested on the latest release.
I could successfully apply the changes without error messages, but the OpenVPN serve... Danilo Zrenjanin
12:49 AM Bug #11362 (Resolved): Peer Certificate Options Missing when creating new Server in 2.5x in User/Auth Mode: 2.5.0.a.20210203.1432 fixed Viktor Gurov
05:26 AM pfSense Packages Bug #11366: Arpwatch Cron Notification every 15 minutes: Viktor Gurov wrote:
> You need to check "Disable Cron emails" option
> see #10771
Option is already checked, I'v... Abdul Khaliq
05:18 AM Bug #11368 (Feedback): OpenVPN Remote Access (User Auth): Renato Botelho
05:18 AM Bug #11368: OpenVPN Remote Access (User Auth): PR has been merged. Thanks! Renato Botelho
04:18 AM Bug #11368: OpenVPN Remote Access (User Auth): TLS parameters "dh, capath, cert, key" etc, is a mandatory for all modes except p2p_shared_key ('client')
revert #... Viktor Gurov
03:29 AM Bug #11368 (Resolved): OpenVPN Remote Access (User Auth): The OpenVPN service won't start if I choose _Remote Access (User Auth)_ server mode.
Status>OpenVPN:... Danilo Zrenjanin
05:15 AM Bug #11330 (Resolved): IGMP Proxy upgrade to latest version: Renato Botelho
12:29 AM pfSense Docs Correction #11161 (Resolved): Feedback on Virtual Private Networks — IPsec — Routed IPsec (VTI): looks good Viktor Gurov

02/03/2021

11:17 PM pfSense Packages Bug #11366 (Rejected): Arpwatch Cron Notification every 15 minutes: You need to check "Disable Cron emails" option
see #10771 Viktor Gurov
10:11 PM pfSense Packages Bug #11366 (Resolved): Arpwatch Cron Notification every 15 minutes: Every 15 mins or so I receive an email containing :
Subject Arpwatch Notification : Cron <root@firewall> /etc/rc.f... Abdul Khaliq
11:09 PM pfSense Docs Correction #11160 (Resolved): Feedback on Services — SNMP: looks good Viktor Gurov
01:23 PM pfSense Docs Correction #11160 (Feedback): Feedback on Services — SNMP: Link added. Jim Pingle
10:21 PM Bug #11330: IGMP Proxy upgrade to latest version: Confirmed, I see 0.3 now, thank you.
I still need to run watchdog to get the process restarted after initial bootu... Patrick Monfette
08:26 PM Revision 1feccc87: Convert fonts to woff2: GChuf 6
07:37 PM Bug #11364: php-fpm and netstat taking very high CPU: 2021/02/04 09:33:29 [error] 38147#100184: *3 upstream timed out (60: Operation timed out) while reading response head... yon Liu
07:13 PM Bug #11364 (Rejected): php-fpm and netstat taking very high CPU: I stopped the FRR service, but there are still processes taking very high CPU
[2.5.0-DEVELOPMENT][admin@face.x... yon Liu
07:35 PM Bug #11365: dhcpv6 cannot push ipv6 gateway address: /status_services.php: The command '/usr/local/sbin/radvd -p /var/run/radvd.pid -C /var/etc/radvd.conf -m syslog' retu... yon Liu
07:16 PM Bug #11365 (Not a Bug): dhcpv6 cannot push ipv6 gateway address: dhcpv6 cannot push ipv6 gateway addressto lan, stateless and assisted mode all can't normal work.
tested in window... yon Liu
07:08 PM Bug #11361: ISO Installer not functioning on latest snapshots: @jimp Do you get the same behavior with the memstick?
yes. i am using memstick, it still can't work.
only the v... yon Liu
12:15 PM Bug #11361: ISO Installer not functioning on latest snapshots: Danilo Zrenjanin wrote:
> Tested on the latest release (pfSense-CE-2.5.0-DEVELOPMENT-amd64-latest.iso)
>
> I stil... Renato Botelho
11:58 AM Bug #11361: ISO Installer not functioning on latest snapshots: Tested on the latest release (pfSense-CE-2.5.0-DEVELOPMENT-amd64-latest.iso)
I still can't pass the Copyright and ... Danilo Zrenjanin
11:14 AM Bug #11361 (Feedback): ISO Installer not functioning on latest snapshots: Fixed Renato Botelho
02:44 PM pfSense Docs Correction #11258 (Feedback): Feedback on Installing and Upgrading — Prepare Installation Media — Prepare a USB Memstick: I pushed a correction for that typo, thanks! Jim Pingle
10:45 AM pfSense Docs Correction #11258: Feedback on Installing and Upgrading — Prepare Installation Media — Prepare a USB Memstick: The suggested text is a minor change, I'll try to bold the word. Basically, change "must" to "much":
Current:
On... Anonymous
10:40 AM pfSense Docs Correction #11258: Feedback on Installing and Upgrading — Prepare Installation Media — Prepare a USB Memstick: I could be mistaken, but the current and suggested text look to be the same to me. Jared Dillard
02:32 PM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: I just updated net/miniupnpd to 2.2.1 so it would be nice to get it tested again after that Renato Botelho
02:02 PM pfSense Docs Correction #11241 (Resolved): Feedback on Backup and Recovery — Restoring from Backups: Looks good! Marcos M
01:38 PM pfSense Docs Correction #11241 (Feedback): Feedback on Backup and Recovery — Restoring from Backups: Additional warning now in place, will show up shortly when it rebuilds. Jim Pingle
10:52 AM pfSense Docs Correction #11241 (In Progress): Feedback on Backup and Recovery — Restoring from Backups: OK, the description did not mention upgrade code at all, or hint at it. I can add that as well. Jim Pingle
10:48 AM pfSense Docs Correction #11241: Feedback on Backup and Recovery — Restoring from Backups: My intent was to hint towards the potential issue of restoring a specific area (e.g. openvpn) and not having upgrade ... Marcos M
09:25 AM pfSense Docs Correction #11241 (Feedback): Feedback on Backup and Recovery — Restoring from Backups: Added warning: https://docs.netgate.com/pfsense/en/latest/backup/restore.html#restore-options Jim Pingle
01:25 PM pfSense Docs Correction #11239 (Rejected): Feedback on pfSense Configuration Recipes — Virtualizing pfSense with VMware vSphere / ESXi: It's standard practice to match the version of the guest OS, there isn't any reason why someone should pick FreeBSD 1... Jim Pingle
01:21 PM pfSense Docs Correction #11170 (Feedback): Feedback on Routing — Static Routes: Warning added. Jim Pingle
01:17 PM Bug #11363 (New): Clean Install 2.5.0 fails due to hardware incompability: System freezes soon after boot. Known problem without any known workarounds, like kern.vty=sc or changing bios UEFI/L... Niklas H
01:06 PM pfSense Docs Correction #9378 (Feedback): Feedback on Virtualization — Virtualizing pfSense with Proxmox: I updated the recipe a bit since a lot of it didn't match current versions of Proxmox, and added a stronger wording a... Jim Pingle
12:43 PM Revision bfde8f08: OpenVPN input validation fix. Issue #11362: Viktor Gurov
10:34 AM pfSense Docs Correction #9951 (Feedback): Feedback on VPN — OpenVPN — Configuring a Single Multi-Purpose OpenVPN Instance: Added bullet mentioning the topology setting. Jim Pingle
10:30 AM pfSense Docs Correction #11253 (Resolved): Feedback on Multiple WAN Connections — Load Balancing and Failover with Gateway Groups: Fixed Jim Pingle
10:30 AM pfSense Docs Correction #10562 (Resolved): Feedback on L2TP VPN — L2TP with IPsec: I added "Auto" to the recipe as an alternate setting, the other changes largely depend on the client being used. The ... Jim Pingle
10:26 AM pfSense Docs Correction #11245 (Resolved): Feedback on Virtual Private Networks — IPsec — IPsec Configuration: looks good Viktor Gurov
10:15 AM pfSense Docs Correction #11245 (Feedback): Feedback on Virtual Private Networks — IPsec — IPsec Configuration: Fixed. Jim Pingle
10:22 AM pfSense Docs Correction #11161 (Feedback): Feedback on Virtual Private Networks — IPsec — Routed IPsec (VTI): Link added Jim Pingle
10:05 AM pfSense Docs New Content #11238 (Feedback): LAGG (Link Aggregation): Note added: https://docs.netgate.com/pfsense/en/latest/interfaces/lagg.html#lagg-interface-configuration Jim Pingle
10:00 AM pfSense Docs Correction #11162: Feedback on Backup and Recovery — Making Backups in the GUI: Jim Pingle wrote:
> Unless I'm misreading the intent here, the first note (point 1) is irrelevant. It has never been... Viktor Gurov
09:36 AM pfSense Docs Correction #11162 (Feedback): Feedback on Backup and Recovery — Making Backups in the GUI: Added section on encrypted backups with the commands:
https://docs.netgate.com/pfsense/en/latest/backup/restore.ht... Jim Pingle
09:01 AM pfSense Docs Correction #11162: Feedback on Backup and Recovery — Making Backups in the GUI: Unless I'm misreading the intent here, the first note (point 1) is irrelevant. It has never been possible to restore ... Jim Pingle
09:34 AM pfSense Docs Correction #9057 (Resolved): [feedback form] Missing info on advanced networking page: I updated this page a couple months ago, it's there now:
https://docs.netgate.com/pfsense/en/latest/config/advance... Jim Pingle
08:10 AM Bug #10176 (Resolved): Multiple duplicate / overlapping phase 2 Child SAs on IPsec tunnels: Between the new default behaviors, the updated documentation/configuration guidance, and the new options on 2.5.0 (#1... Jim Pingle
08:07 AM Todo #11309 (Resolved): DNS Resolver automatic ACL entries need refinement: Tested on several different setups and they all appear to be as expected. Contents working and sorted properly. Jim Pingle
07:17 AM Bug #9058: Kernel panic during L2TP retransmit: It still happens in rare conditions and we didn't came up with a solution in time for 2.5.0 Renato Botelho
06:46 AM Bug #11362 (Feedback): Peer Certificate Options Missing when creating new Server in 2.5x in User/Auth Mode: PR has been merged. Thanks! Renato Botelho
01:15 AM Bug #11362: Peer Certificate Options Missing when creating new Server in 2.5x in User/Auth Mode: regression of #11272
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/119 Viktor Gurov
12:35 AM Bug #11362 (Closed): Peer Certificate Options Missing when creating new Server in 2.5x in User/Auth Mode: When creating a new OpenVPN Server in 2.5x, if you choose "User Auth" mode, you cannot save, as it insists that the S... John Griffin
06:05 AM Bug #8954 (Resolved): hn0: driver does not support altq: Renato Botelho
12:00 AM Bug #8954: hn0: driver does not support altq: Did upgrade and it works. Greg M
03:56 AM Bug #11360 (Resolved): captive portal custom logo error: 2.5.0.a.20210202.2250 fixed Viktor Gurov
02:36 AM Bug #11298 (Resolved): Gateway Group Offline Bug: roundrobin/failover, down/packet loss/high latency/packet loss or high latency - all works as expected
2.5.0.a.202... Viktor Gurov
12:16 AM Bug #9998 (Resolved): DHCP6c and Unbound DNS Server Boot-Up Configuration Failure: 2.5.0.a.20210201.2350
works as expected Viktor Gurov
12:04 AM Bug #11336 (Resolved): Hide TLS keydir for p2p openvpn mode: 2.5.0.a.20210201.2350 fixed Viktor Gurov
12:02 AM Bug #9324 (Resolved): IPv6 on top of a PPPOE ipv4 interface assigns parent interface to default route, not pppoe interface: 2.5.0.a.20210201.2350 fixed Viktor Gurov

02/02/2021

11:55 PM Bug #11224 (Resolved): dhcpd.conf creation - zone declarations: /var/dhcpd/etc/dhcpd.conf:... Viktor Gurov
11:53 PM Bug #11348 (Resolved): Sanitize PKCS#11 PIN from swanctl.conf: 2.5.0.a.20210201.2350
works as expected Viktor Gurov
06:23 PM Revision 2521eced: Fixed #11328 by fixing jQuery and error when 'protocol' is undefined: Steve Beaver
06:13 PM Feature #8786: Wireguard VPN: Renato Botelho wrote:
> Project was hosted on an internal server but is now replicated to github at https://github.c... Ronald Schellberg
11:47 AM Feature #8786: Wireguard VPN: Ronald Schellberg wrote:
> Renato Botelho wrote:
> > Initial kernel version wireguard support is now in place
>
... Renato Botelho
06:13 PM Feature #11354: WireGuard should respond from the address used by peer: Actually: the code is already doing this - it may not be saving the incoming source addr in all situations. Will chec... Peter Grehan
06:02 PM Feature #11354: WireGuard should respond from the address used by peer: I've had a look at this: it may not be too bad.
The source address for the peer is already recorded to be used in ... Peter Grehan
02:05 PM Bug #11361: ISO Installer not functioning on latest snapshots: Manuel Piovan wrote:
> i can barely see, when i press enter,
>
> /etc/rc.local: bsdinstall: not found
>
> late... Michael Spears
01:18 PM Bug #11361: ISO Installer not functioning on latest snapshots: i can barely see, when i press enter,
/etc/rc.local: bsdinstall: not found
latest iso is only 175MB
Manuel Piovan
12:25 PM Bug #11361 (Resolved): ISO Installer not functioning on latest snapshots: The installer ISO is not functioning on the latest 2.5.0 snapshots. More information in the forum thread at https://f... Jim Pingle
01:48 PM Revision 2d51537f: Captive Portal custom logo fix. Issue #11360: Viktor Gurov
01:32 PM Bug #8686: IPsec VTI: Assigned interface firewall rules are never parsed: In addition to the above, the BPF mask also needs changed.
The complete set of required sysctl values are:
<pre... Jim Pingle
12:46 PM Bug #11328 (Resolved): OpenVPN Ciphers will not stick in 2.5: Works OK now in Chrome and FireFox. No JS errors on the list page or edit page. Jim Pingle
12:30 PM Bug #11328: OpenVPN Ciphers will not stick in 2.5: Applied in changeset commit:2521eced153b0c96bf6375787c607377e89639ed. Anonymous
12:27 PM Bug #11328 (Feedback): OpenVPN Ciphers will not stick in 2.5: Anonymous
09:09 AM Bug #11328 (In Progress): OpenVPN Ciphers will not stick in 2.5: Anonymous
08:52 AM Bug #11328 (New): OpenVPN Ciphers will not stick in 2.5: OK, I can reproduce it that way, but only in Chrome. Watching the network panel as it makes the POST, for whatever re... Jim Pingle
11:18 AM Feature #7727 (New): uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: Renato Botelho
11:16 AM Bug #11208 (Resolved): pkg_edit uses incorrect description for pkg_edit buttons: Renato Botelho
11:16 AM Bug #9592 (Resolved): VTI interface down because interface number created is greater than ipsec32768: Renato Botelho
11:15 AM Todo #11219 (Resolved): Improve IPsec GUI options for P1/P2 reauth/rekey: Renato Botelho
11:13 AM Bug #9242 (Resolved): MBT-4220/2220 not recognized by pfsense correctly after UEFI upgraded to 1.00: Renato Botelho
11:12 AM Bug #11314 (Resolved): PHP error in gwlb.inc (potential race): Renato Botelho
11:09 AM Todo #11278 (Resolved): Update dnsmasq to >=2.8.3: Renato Botelho
11:07 AM Todo #10997 (Resolved): Retire m0n0wall config support: Renato Botelho
08:11 AM Bug #11360 (Feedback): captive portal custom logo error: PR has been merged. Thanks! Renato Botelho
08:02 AM Bug #11360: captive portal custom logo error: Tested that patch against:... Steve Wheeler
07:52 AM Bug #11360 (Pull Request Review): captive portal custom logo error: Jim Pingle
07:50 AM Bug #11360: captive portal custom logo error: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/118 Viktor Gurov
07:29 AM Bug #11360: captive portal custom logo error: To be clear this is triggered when enabling the custom logo option and then not uploading a file. Or by not also uplo... Steve Wheeler
07:12 AM Bug #11360 (Resolved): captive portal custom logo error: https://forum.netgate.com/topic/160450/crash-report:
It crashed abruptly when trying to configure captive portal. Al... Viktor Gurov
08:05 AM Bug #11338 (Resolved): WireGuard cannot connect to an IPv6 endpoint: Latest snapshot looks good!... Jim Pingle
07:36 AM Bug #11359 (Duplicate): Multi-WAN issue - unable to connect to interface with not-default gateway: You didn't mention WireGuard in the subject or description but since the category is set to WireGuard, I'm assuming t... Jim Pingle
03:02 AM Bug #11359 (Duplicate): Multi-WAN issue - unable to connect to interface with not-default gateway: I have 4 Internet links, so 4 gateways is configured and only one of them is configured as default gateway.
Firewall... Alexey Muzychenko
06:29 AM Feature #11358 (Pull Request Review): New Dynamic DNS Provider: NIC.RU: Renato Botelho
06:13 AM Feature #11358: New Dynamic DNS Provider: NIC.RU: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/242 Viktor Gurov
12:53 AM Feature #11358 (Closed): New Dynamic DNS Provider: NIC.RU: https://www.nic.ru/help/dynamic-dns-for-developers_5810.html:
Request for IP address update looks like this:
GET ... Viktor Gurov
06:23 AM Bug #11344 (Resolved): Sanitize Squid securiteinfo_id: ... Viktor Gurov
06:16 AM Bug #11342 (Resolved): Sanitize DHCP DDNS keys: works as expected:... Viktor Gurov
04:29 AM Bug #11340 (Resolved): Hide WG interfaces on DHCP/DHCPv6 Relay pages: > Hide WireGuard interfaces on DHCP/DHCPv6 Relay pages
Works as expected
> Hide mediaopt field for WireGuard inte... Viktor Gurov
04:26 AM Bug #11341 (Resolved): PresharedKey is not sanitized from status_output config file: 2.5.0.a.20210201.1628 works as expected:
WireGuard-Configuration File wg0.conf... Viktor Gurov
03:24 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: Same sentiment here as Robert Gijsen's above.
Do we at least know whether the bug is in filterdns itself (generati... Christian Ullrich
03:11 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: Wait wut? This got postponed AGAIN? This is a breaking issue for two years and a few days now, and still it's priorit... Robert Gijsen

02/01/2021

11:28 PM Feature #11357 (Duplicate): Support for DynDNS provider deSEC.io: see https://forum.netgate.com/topic/103067/support-for-dyndns-provider-desec-io
API: https://desec.readthedocs.io/... Viktor Gurov
07:05 PM Bug #11328: OpenVPN Ciphers will not stick in 2.5: Sorry about the video's, they should be viewable now.
You are correct, I cannot replicate the issue in Firefox. I ... John Griffin
07:39 AM Bug #11328: OpenVPN Ciphers will not stick in 2.5: Those videos are private and cannot be viewed.
I tried again and can't replicate the problem here. Maybe write out... Jim Pingle
05:41 PM Revision d9e8e80e: Fix #8954: Enable hn_altq_enable on default config: Renato Botelho
04:11 PM Revision 86b28a02: Refactored system_advanced_* pages for MVC: Steve Beaver
02:47 PM Feature #11354: WireGuard should respond from the address used by peer: Christian McDonald wrote:
> One solution that was offered is to use a inbound NAT rule to port forward 51820 (or wha... Jim Pingle
02:44 PM Feature #11354: WireGuard should respond from the address used by peer: I added notes about this limitation in the docs for now: https://docs.netgate.com/pfsense/en/latest/vpn/wireguard/lim... Jim Pingle
02:00 PM Feature #11354: WireGuard should respond from the address used by peer: Was just about to post this exact issue. As it stands currently, I don't believe there is a way to utilize a CARP VIP... Christian McDonald
12:44 PM Feature #11354: WireGuard should respond from the address used by peer: Not a blocker since, if it is possible, this is likely non-trivial. Jim Pingle
12:43 PM Feature #11354 (Resolved): WireGuard should respond from the address used by peer: When a WireGuard peer contacts the firewall, the firewall always responds from the address it deems closest to the cl... Jim Pingle
02:42 PM Feature #11302: WireGuard XMLRPC sync: Until the other issue is addressed, I have noted the limitation here: https://docs.netgate.com/pfsense/en/latest/vpn/... Jim Pingle
12:46 PM Feature #11302: WireGuard XMLRPC sync: After testing this for a while in several different configuration styles, it's not viable yet. NAT doesn't help, at b... Jim Pingle
02:18 PM Bug #11330 (Feedback): IGMP Proxy upgrade to latest version: Version 0.3 was cherry-picked from FreeBSD and will be available on next round of snapshots Renato Botelho
02:18 PM Bug #11356 (Not a Bug): Copy firewall rule from one interface to another interface: It works fine as-is. Click copy, then set the interface to the new one, then save. Jim Pingle
02:01 PM Bug #11356 (Not a Bug): Copy firewall rule from one interface to another interface: Please, add this functionality on firewall rules:
Copy selected firewall rule from one interface to another interf... Teste Teste
02:17 PM Revision ab9a819b: Sanitize PKCS11 PIN from swanctl.conf. Issue #11348: Viktor Gurov
02:16 PM Revision 51a34b1f: Sanitize securiteinfo_id. Issue #11344: Viktor Gurov
02:16 PM Revision f1895d6a: Sanitize DHCP DDNS keys. Issue #11342: Viktor Gurov
02:15 PM Revision 294bb15c: Sanitize WireGuard PresharedKey from config. Fixes #11341: Viktor Gurov
02:14 PM Bug #11256 (Feedback): Cannot add alias with multiple URLs: Viktor says it works on 2.5.0. Leaving it at feedback state for now Renato Botelho
02:14 PM Revision 90749e06: Issue #11340: Hide WireGuard interfaces on DHCP/DHCPv6 Relay pages,
Hide mediaopt field for WireGuard interfaces on interfaces.php ... Viktor Gurov
02:13 PM Revision 48c91226: Hide TLS keydir for p2p openvpn mode. Issue #11336: Viktor Gurov
02:12 PM Bug #10966 (Feedback): IPv6 - WAN does not renew address when upstream fails: I've imported debian patch - https://sources.debian.org/patches/wide-dhcpv6/20080615-23/0018-dhcpv6-ignore-advertise-... Renato Botelho
01:23 PM Bug #11355 (Not a Bug): interfaces / assign interfaces / vxlan missing from menu: That is correct, there were issues in VXLAN which made it non ready for production use and it was removed. Jim Pingle
01:19 PM Bug #11355: interfaces / assign interfaces / vxlan missing from menu: i found out that vxlan has been retired https://redmine.pfsense.org/projects/pfsense/repository/revisions/3856366b4fb... Manuel Piovan
01:14 PM Bug #11355: interfaces / assign interfaces / vxlan missing from menu: https://redmine.pfsense.org/projects/pfsense/repository/revisions/3856366b4fb3823d02108c0ee63043509a89e0db
Grimson Gretzleburg
01:05 PM Bug #11355 (Not a Bug): interfaces / assign interfaces / vxlan missing from menu: 2.5.0-DEVELOPMENT (amd64)
built on Mon Feb 01 00:03:10 EST 2021
FreeBSD 12.2-STABLE
i can manually load the page... Manuel Piovan
11:51 AM Bug #8954 (Feedback): hn0: driver does not support altq: I've enabled hn_altq_enable option on default config. It was missing
I've also added needed loader tuning to inst... Renato Botelho
11:41 AM Bug #8954: hn0: driver does not support altq: Moving target to 2.5.0 since it regressed Renato Botelho
08:52 AM Bug #11339: Odd console output when WireGuard is running: For completeness sake, this is confirmed to be WireGuard.... Marcos M
08:36 AM Bug #11339: Odd console output when WireGuard is running: If your gateway was set to automatic there is a high chance that wireguard took over as the default gateway. At least... Jim Pingle
08:31 AM Bug #11339: Odd console output when WireGuard is running: That was not the case here, though I did have the gateway selection set to automatic. However, given that the WAN gat... Marcos M
07:45 AM Bug #11339: Odd console output when WireGuard is running: When Steve saw it, I think he had a routing loop of sorts -- the outer WireGuard traffic was attempting to go over th... Jim Pingle
08:24 AM pfSense Packages Bug #11333: Incorrect community-list format: 2.4.5 PR has been merged. Thanks! Renato Botelho
08:22 AM pfSense Packages Bug #11346 (Feedback): Raw-Config not working: PR has been merged. Thanks! Renato Botelho
07:57 AM pfSense Packages Bug #11346 (Pull Request Review): Raw-Config not working: Jim Pingle
08:22 AM pfSense Packages Bug #11345 (Feedback): FRR-OSPF - No "prefix-list" possible: PR has been merged. Thanks! Renato Botelho
07:55 AM pfSense Packages Bug #11345 (Pull Request Review): FRR-OSPF - No "prefix-list" possible: Jim Pingle
08:20 AM pfSense Packages Bug #11054 (Feedback): Check Client Certificate CN not working as described: PR has been merged. Thanks! Renato Botelho
07:54 AM pfSense Packages Bug #11054 (Pull Request Review): Check Client Certificate CN not working as described: Jim Pingle
08:20 AM Bug #11341: PresharedKey is not sanitized from status_output config file: Applied in changeset commit:294bb15c5230bd389bd1a6b738297bf4d57afb98. Viktor Gurov
08:15 AM Bug #11341 (Feedback): PresharedKey is not sanitized from status_output config file: PR has been merged. Thanks! Renato Botelho
07:49 AM Bug #11341 (Pull Request Review): PresharedKey is not sanitized from status_output config file: Jim Pingle
08:17 AM Bug #11348 (Feedback): Sanitize PKCS#11 PIN from swanctl.conf: PR has been merged. Thanks! Renato Botelho
07:57 AM Bug #11348 (Pull Request Review): Sanitize PKCS#11 PIN from swanctl.conf: Jim Pingle
08:17 AM Bug #11344 (Feedback): Sanitize Squid securiteinfo_id: PR has been merged. Thanks! Renato Botelho
07:53 AM Bug #11344 (Pull Request Review): Sanitize Squid securiteinfo_id: Jim Pingle
08:16 AM Bug #11342 (Feedback): Sanitize DHCP DDNS keys: PR has been merged. Thanks! Renato Botelho
07:52 AM Bug #11342 (Pull Request Review): Sanitize DHCP DDNS keys: Jim Pingle
08:14 AM Bug #11340 (Feedback): Hide WG interfaces on DHCP/DHCPv6 Relay pages: PR has been merged. Thanks! Renato Botelho
07:47 AM Bug #11340 (Pull Request Review): Hide WG interfaces on DHCP/DHCPv6 Relay pages: Jim Pingle
08:14 AM Bug #11336 (Feedback): Hide TLS keydir for p2p openvpn mode: PR has been merged. Thanks! Renato Botelho
08:09 AM Bug #11353 (Not a Bug): Changing of gateway order in gateway groups is not applied to firewall rules on "Apply": I can't replicate this on 2.5.0. Might have been fixed since 2.4.5.
The apply process already performs a filter re... Jim Pingle
03:00 AM Bug #11353 (Not a Bug): Changing of gateway order in gateway groups is not applied to firewall rules on "Apply": Suppose you have gateway group with two gateways: GW1 = Tier1, GW2 = Tier2.
Then you change order: GW1 = Tier2, G... Alexey Ab
08:00 AM pfSense Packages Todo #11351 (Not a Bug): updated version to pfsense 2.4.5_1: At this point, the 2.5.0 release is close enough that backporting all the changes is unlikely. Jim Pingle
07:59 AM Bug #11350 (Rejected): Multi wan default gateway bug and gateway monitoring bug: Default gateway groups can only be failover, not load balance. There is no way to have two default gateways of equal ... Jim Pingle
07:34 AM Bug #11337 (New): Interface column empty in list of GIF tunnels when using IP Alias on CARP VIP as Interface: The description was inaccurate. As stated, there was no problem. The problem exists only when the interface is set to... Jim Pingle
07:25 AM pfSense Packages Feature #9555 (Resolved): pimd package: Tested on 2.4.5_p1 and on 21.02-DEVELOPMENT (built on Mon Feb 01 00:05:45 EST 2021)
Tested with 3 different multic... Azamat Khakimyanov
06:39 AM Bug #11338 (Feedback): WireGuard cannot connect to an IPv6 endpoint: Peter Grehan wrote:
> if_wg.diff - kernel diff
> wg_tools - wireguard_tools diff
I've imported both patches and ... Renato Botelho
06:26 AM Bug #11322 (Resolved): WireGuard Public Key should not be entered by the user: Renato Botelho

01/31/2021

08:34 PM Bug #11352 (New): CTF types > 2^15 in the pfSense kernel config results in DTrace failing: The pfSense kernel config adds a number of additional subystems and drivers to the FreeBSD GENERIC kernel.
This ad... Peter Grehan
01:44 PM Bug #11311 (Resolved): Listen and peer port validation in wg.inc: Tested on the latest 2.5 image. It's working as expected. I'll mark it as resolved. Max Leighton
09:56 AM pfSense Packages Todo #11351 (Not a Bug): updated version to pfsense 2.4.5_1: you did released updated version (1.16.18_14) for pfsense 2.5.devel
but pfsense 2.4.5_1 still at version (1.16.18_... khaled osama
09:31 AM Bug #11337: Interface column empty in list of GIF tunnels when using IP Alias on CARP VIP as Interface: instead of having multiple CARP VIPs attached to WAN, I have one CARP VIP and the IP Aliases that follow that CARP VI... Christian McDonald
01:00 AM Bug #11338: WireGuard cannot connect to an IPv6 endpoint: if_wg.diff - kernel diff
wg_tools - wireguard_tools diff Peter Grehan
12:43 AM Bug #11338: WireGuard cannot connect to an IPv6 endpoint: The above wasn't correct: just another misconfiguration :(
There are a number of issues, all boiling down to "stru... Peter Grehan

01/30/2021

10:54 PM Bug #11350 (Rejected): Multi wan default gateway bug and gateway monitoring bug: Hello,
My setup is so easy, i have two wan lines which are working in pppoe and one lan network, i have a gateway ... Samuel Hanna
05:24 PM pfSense Packages Feature #6022: Consider MLVPN for bonded VPN: +1 for this feature.
As I understand it (which may be incorrect), pfSense "bonding" only load-balances by number of ... Val Schmidt
05:10 PM pfSense Packages Feature #9238: Add support for Zerotier: +1 for this feature!!! Val Schmidt
10:32 AM Bug #11297 (Resolved): strongSwan doesn't support wildcard certificates: Tested on the latest release. It works as expected. Ticket resolved. Danilo Zrenjanin
10:32 AM Bug #11190: IPsec VTI outbound NAT to interface address not working (pfsense 2.4.5-p1): Kevin Mychal Ong wrote:
> Jim Pingle wrote:
> > Correct. Keep any further discussion on the forum, though.
>
> T... Kevin Mychal Ong
10:08 AM pfSense Packages Bug #11331: FreeRADIUS latest package upgrade broke Plain Mac Authentication: I am not sure whether I tested it correctly, though. I used a LapTop as a client trying to authenticate through FreeR... Danilo Zrenjanin
05:58 AM pfSense Packages Bug #11331: FreeRADIUS latest package upgrade broke Plain Mac Authentication: Tested on the latest release. Plain Mac Authentication is not working. When it's enabled, I can log in with the wrong... Danilo Zrenjanin
09:20 AM pfSense Packages Bug #11333: Incorrect community-list format: works as expected on 2.5 branch
2.4.5 fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/41 Viktor Gurov
08:43 AM pfSense Packages Feature #11349 (Resolved): Allow to set minimum TLS version: EAP methods allows to set 'tls_min_version',
which is 1.0 by default
WebGUI dropdown option needed to select betw... Viktor Gurov
07:57 AM pfSense Packages Bug #7271 (Resolved): Co-existence of unbound and BIND/named: this fix is only for clean BIND install
9.16_9 works as expected Viktor Gurov
06:51 AM pfSense Packages Bug #7271: Co-existence of unbound and BIND/named: Tested on the latest release. Bind package version 9.16_9. It's still not fixed. Please check. Danilo Zrenjanin
07:42 AM pfSense Packages Bug #11001 (Resolved): freeradius lose sql lib every pfsense update: works as expected Viktor Gurov
06:26 AM Feature #6626: Support for IPv6 firewall entries with dynamic delegated prefix and static host address: This request is now 4,5 years old and has not seen any relevant activity.
As ISPs in Europe still provide users with... A J
06:15 AM Bug #11250 (Resolved): disabled FTP-Proxy service starts on boot: Tested on the latest release. It works as expected. Ticket resolved. Danilo Zrenjanin
06:07 AM Bug #11254 (Resolved): Some OpenVPN configuration files remain after deleting an instance: Tested on the latest release. It works as expected. Ticket resolved. Danilo Zrenjanin
05:38 AM pfSense Packages Bug #11321 (Resolved): Clamd service fails to start upon reboot when Block PUA option is checked on Squid Proxy Server Package: 0.4.45_2 fixed Viktor Gurov
05:35 AM Bug #11348: Sanitize PKCS#11 PIN from swanctl.conf: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/116 Viktor Gurov
05:33 AM Bug #11348 (Resolved): Sanitize PKCS#11 PIN from swanctl.conf: Sanitize "pin = " from IPsec-Configuration Viktor Gurov
04:20 AM pfSense Packages Bug #11346: Raw-Config not working: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/40 Viktor Gurov
03:32 AM pfSense Packages Bug #11346 (Resolved): Raw-Config not working: https://forum.netgate.com/topic/160365/frr-raw-config-not-working:
since an update it seems not to be possible to us... Viktor Gurov
03:42 AM pfSense Packages Bug #11345: FRR-OSPF - No "prefix-list" possible: same issue with Access lists
fix: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/39 Viktor Gurov
03:21 AM pfSense Packages Bug #11345 (Resolved): FRR-OSPF - No "prefix-list" possible: https://forum.netgate.com/topic/160363/frr-ospf-no-prefix-list-possible:
currently it is not possible for me to conf... Viktor Gurov
03:17 AM pfSense Packages Bug #11054: Check Client Certificate CN not working as described: more fixes:
- Fixes SQL backend user existing check;
- Fixes counters issue (`$varsqlconfauthcounters` lines)
http... Viktor Gurov
02:48 AM Bug #11338: WireGuard cannot connect to an IPv6 endpoint: Took a while to set this up, but I can get a repro with an OpenBSD client.
Tunnel traffic is being delivered to wg... Peter Grehan
01:08 AM Bug #11338 (New): WireGuard cannot connect to an IPv6 endpoint: Viktor Gurov
02:42 AM Bug #11337: Interface column empty in list of GIF tunnels when using IP Alias on CARP VIP as Interface: Ok... The tunnel works fine, this is just a cosmetic issue, not looking for support. It's trivially reproducible on m... Christian McDonald
12:03 AM Bug #11337 (Rejected): Interface column empty in list of GIF tunnels when using IP Alias on CARP VIP as Interface: Unable to reproduce it on the latest 2.5 snapshot,
Interface column is OK if I select CARP VIP as a parent interface... Viktor Gurov
02:19 AM Bug #11344: Sanitize Squid securiteinfo_id: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/115 Viktor Gurov
02:17 AM Bug #11344 (Resolved): Sanitize Squid securiteinfo_id: Sanitize "<securiteinfo_id>" antivirus subscription IO
related to #11202 Viktor Gurov
01:16 AM pfSense Packages Bug #11343 (Resolved): Invalid link to pfSense-pkg-bind changelog: If you go to "Installed Packages" (/pkg_mgr_installed.php) or "Available Packages" (/pkg_mgr.php), there is a link to... Anthony Pants
01:05 AM Bug #11342: Sanitize DHCP DDNS keys: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/114 Viktor Gurov
12:57 AM Bug #11342 (Resolved): Sanitize DHCP DDNS keys: <ddnsdomainkey> from config.xml
and 'secret = ' from DHCP-IPv4 Configuration and DHCP-IPv6-Configuration Viktor Gurov
12:28 AM Bug #11341: PresharedKey is not sanitized from status_output config file: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/113 Viktor Gurov
12:24 AM Bug #11341 (Resolved): PresharedKey is not sanitized from status_output config file: PresharedKey is not sanitized from config file
WireGuard-Configuration File wg0.conf:... Viktor Gurov
12:22 AM pfSense Packages Bug #11325 (Resolved): BGP MD5 Keys Dropping Unintentionally: Viktor Gurov

01/29/2021

11:42 PM Bug #11340: Hide WG interfaces on DHCP/DHCPv6 Relay pages: - Hide WireGuard interfaces on DHCP/DHCPv6 Relay pages;
- Hide mediaopt field for WireGuard interfaces on interfaces... Viktor Gurov
11:39 PM Bug #11340 (Resolved): Hide WG interfaces on DHCP/DHCPv6 Relay pages: DHCP/DHCPv6 Relay doesn't support WireGuard interfaces:... Viktor Gurov
11:19 PM pfSense Packages Bug #11234 (Resolved): Filer not create missing necessary folders: Viktor Gurov
10:02 PM pfSense Packages Bug #11234: Filer not create missing necessary folders: I was able to create a folder ,
Example:
/var/folder/test1/test2
folder >> folder.
test1 >> folder.
test2... Alhusein Zawi
11:17 PM Bug #11338 (Feedback): WireGuard cannot connect to an IPv6 endpoint: Viktor Gurov
01:03 PM Bug #11338: WireGuard cannot connect to an IPv6 endpoint: Sample config, after my config file fix:... Jim Pingle
12:50 PM Bug #11338 (Resolved): WireGuard cannot connect to an IPv6 endpoint: WireGuard won't connect if using an IPv6 endpoint address on either end.
The IPv6 address in the config file doesn... Jim Pingle
09:41 PM pfSense Packages Bug #11325: BGP MD5 Keys Dropping Unintentionally: pressing "save" is not interrupting the adjacency. (fixed).
2.5.0.a.20210129.1122 Alhusein Zawi
08:06 AM pfSense Packages Bug #11325 (Feedback): BGP MD5 Keys Dropping Unintentionally: PR has been merged. Thanks! Renato Botelho
07:32 AM pfSense Packages Bug #11325 (Pull Request Review): BGP MD5 Keys Dropping Unintentionally: Jim Pingle
06:01 AM pfSense Packages Bug #11325: BGP MD5 Keys Dropping Unintentionally: - restart setkey only if parameters are changed;
- start setkey on service startup (frr.sh rc file fix);

https:/... Viktor Gurov
12:09 AM pfSense Packages Bug #11325: BGP MD5 Keys Dropping Unintentionally: pressing "save" interrupts the adjacency.
2.5.0.a.20210127.2350
Alhusein Zawi
09:25 PM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: I can confirm that this is still a problem in 2.5.0.a.20210129.1122.
I upgraded a school system today from 2.3.x to... Polar Nerd
06:54 PM Revision f32e1438: Add brackets around IPv6 endpoint address. Issue #11338: Jim Pingle
06:27 PM Bug #11339 (Not a Bug): Odd console output when WireGuard is running: I'm not sure what triggers the output (see image attached), and I'm not completely certain that it's WireGuard to beg... Marcos M
06:11 PM Bug #11323 (Resolved): Removing a WireGuard tunnel can cause others to be renumbered: Tested on Jan 29 build. Looks good. Marcos M
06:04 PM Bug #11322: WireGuard Public Key should not be entered by the user: Tested on Jan 29 build. Looks good.
The "Copy" link is a little odd in that it scrolls the viewport when clicking ... Marcos M
05:36 PM Bug #11312 (Resolved): Unable to edit or add WireGuard peers: Marcos M
05:34 PM Bug #11312: Unable to edit or add WireGuard peers: Tested on Jan 29 build. Looks good. Marcos M
04:49 PM Bug #11328: OpenVPN Ciphers will not stick in 2.5: Here is video of it occurring. It seems a bit random, sometimes it works, sometimes you end up with a completely diff... John Griffin
08:22 AM Bug #11328 (Rejected): OpenVPN Ciphers will not stick in 2.5: I can't reproduce this as stated. I was able to edit an existing client as well as create a new client, both times it... Jim Pingle
02:28 PM Revision 37a21d1b: Clarify that Peer WireGuard Address can be multiple addrs.: Jim Pingle
01:04 PM Revision c86937e9: Merge pull request #4498 from BBcan177/Fixes: Renato Botelho
12:36 PM Bug #11337 (Resolved): Interface column empty in list of GIF tunnels when using IP Alias on CARP VIP as Interface: If a GIF instance has its interface set to an IP Alias VIP which uses a CARP VIP as its own interface, the Interface ... Christian McDonald
11:13 AM Bug #11336 (Pull Request Review): Hide TLS keydir for p2p openvpn mode: Jim Pingle
09:39 AM Bug #11336: Hide TLS keydir for p2p openvpn mode: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/111 Viktor Gurov
09:38 AM Bug #11336 (Resolved): Hide TLS keydir for p2p openvpn mode: TLS keydir (as other TLS options) is not needed for "Peer to Peer (Shared Key)" mode Viktor Gurov
09:42 AM Bug #11272 (Resolved): OCSP settings only for TLS auth: 2.5.0.a.20210128.2350 - OK Viktor Gurov
09:36 AM pfSense Packages Bug #10429: Status Traffic Total broken 2.4.5: Patch works for me
2.4.5-RELEASE-p1 (amd64)
built on Tue Jun 02 17:51:17 EDT 2020
FreeBSD 11.3-STABLE
Status... Andres Mora
09:26 AM Regression #11316: Unbound crashes with signal 11 when reloading: Behavior on other systems (even FreeBSD) isn't directly relevant to pfSense software. They may be similar, but it's n... Jim Pingle
09:10 AM Regression #11316: Unbound crashes with signal 11 when reloading: In the "competitor's" forum, there are several pages of error descriptions and error analyses for Unbound 1.13.0. Als... Martin Müller
07:51 AM Regression #11316: Unbound crashes with signal 11 when reloading: Keep the discussion on the forum. If it's still happening, there is no evidence there. Last post was over a week ago ... Jim Pingle
07:36 AM Regression #11316: Unbound crashes with signal 11 when reloading: I have the same problem. it happens only when the option "Register DHCP leases in the DNS Resolver" is set.
it loo... Daniel Keller
09:10 AM Bug #11335 (New): Spoofing the MAC on a LAGG interface does not work for some NIC types.: When you spoof the MAC on an assigned LAGG interface in the webgui the new MAC is shown immediately as the 'ether' ad... Steve Wheeler
08:58 AM Bug #11212 (Resolved): PHP error on Mobile IPsec input validating error: 2.5.0.a.20210128.2350 fixed Viktor Gurov
08:57 AM pfSense Packages Bug #11334 (Feedback): FRR IPv4 OSPF passive-interface not working: Pushed a fix which works for me.
https://github.com/pfsense/FreeBSD-ports/commit/e1a9a4159ad577877ff378bf288cd8ec9... Jim Pingle
08:51 AM pfSense Packages Bug #11334 (Resolved): FRR IPv4 OSPF passive-interface not working: In frr_ospf.inc the list of passive interfaces is built by frr_generate_config_ospf_interfaces(), but that is run aft... Jim Pingle
08:05 AM pfSense Packages Bug #11333 (Feedback): Incorrect community-list format: PR has been merged. Thanks! Renato Botelho
07:36 AM pfSense Packages Bug #11333 (Pull Request Review): Incorrect community-list format: Jim Pingle
07:20 AM pfSense Packages Bug #11333: Incorrect community-list format: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/37 Viktor Gurov
06:34 AM pfSense Packages Bug #11333 (Resolved): Incorrect community-list format: /var/log/frr/frr-reload.log:... Viktor Gurov
08:04 AM pfSense Packages Bug #11321 (Feedback): Clamd service fails to start upon reboot when Block PUA option is checked on Squid Proxy Server Package: PR has been merged. Thanks! Renato Botelho
07:26 AM pfSense Packages Bug #11321 (Pull Request Review): Clamd service fails to start upon reboot when Block PUA option is checked on Squid Proxy Server Package: Jim Pingle
01:26 AM pfSense Packages Bug #11321: Clamd service fails to start upon reboot when Block PUA option is checked on Squid Proxy Server Package: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/35
Viktor Gurov
08:01 AM pfSense Packages Bug #11331 (Feedback): FreeRADIUS latest package upgrade broke Plain Mac Authentication: PR has been merged. Thanks! Renato Botelho
07:25 AM pfSense Packages Bug #11331 (Pull Request Review): FreeRADIUS latest package upgrade broke Plain Mac Authentication: Jim Pingle
01:06 AM pfSense Packages Bug #11331: FreeRADIUS latest package upgrade broke Plain Mac Authentication: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/34 Viktor Gurov
01:01 AM pfSense Packages Bug #11331 (Feedback): FreeRADIUS latest package upgrade broke Plain Mac Authentication: https://forum.netgate.com/topic/160323/freeradius-latest-package-upgrade:
From system logs:... Viktor Gurov
07:37 AM Bug #11332: Using LDAP-authentication against an pfsense+HAProxy -balanced ldap-endpoint does not work: Sure thing that was what I did. The response on the forum was to create a bugreport. So here I am.
https://forum.n... Thomas Malmberg
07:30 AM Bug #11332 (Not a Bug): Using LDAP-authentication against an pfsense+HAProxy -balanced ldap-endpoint does not work: I would suggest, before anything else, to try the same configuration on a 2.5.0 snapshot, where the LDAP code was cha... Jim Pingle
05:17 AM Bug #11332 (Not a Bug): Using LDAP-authentication against an pfsense+HAProxy -balanced ldap-endpoint does not work: The scenario is as follows. pfsense-01 is using pfsense-02/haproxy with ssl-termination as an authentication server l... Thomas Malmberg
07:24 AM Bug #11327: No WAN IP on Optimum Online Dynamic IP: A support subscription isn't all that relevant here, unless it's a configuration problem in pfSense software itself w... Jim Pingle
07:12 AM Bug #11319 (Resolved): Mobile IPsec certificate type validation: Tested on the latest release. It works fine. Ticket resolved. Danilo Zrenjanin
06:47 AM Bug #11303 (Resolved): Sticky connections units: Tested on the latest snapshot. It looks fine. Ticket resolved. Danilo Zrenjanin
04:24 AM Revision 00e2a771: Update vpn_wg_edit.php: * Text edits
* Formatting
* Remove debug console.log() BBcan177 .
03:31 AM Bug #11330: IGMP Proxy upgrade to latest version: I decided to test the OPNsense igmp proxy 0.3 package by force installing it over the version (0.2.1) that comes with... Patrick Monfette
01:35 AM Bug #11330: IGMP Proxy upgrade to latest version: Attached are the crashdump files.
You'll also see in the backlogs that because it rebooted so often in loop that I... Patrick Monfette
12:37 AM Bug #11329 (Duplicate): DHCP static map assigns IP to client even if "Deny unknown clients" is set.: fixed in 2.5
see #1605 Viktor Gurov

01/28/2021

09:50 PM Bug #11330 (Resolved): IGMP Proxy upgrade to latest version: IGMP Proxy has been updated to 0.3
https://github.com/pali/igmpproxy/releases/tag/0.3
Would it be possible to i... Patrick Monfette
06:26 PM Bug #11329 (Duplicate): DHCP static map assigns IP to client even if "Deny unknown clients" is set.: DHCP static map assigns IP to client even if "Deny unknown clients" is set, when the client's mac address has bee... Chris M
04:50 PM Bug #11327: No WAN IP on Optimum Online Dynamic IP: Jim Pingle wrote:
> If they suddenly stopped working without changing anything on the firewall the cause is unlikely... Gus Gemmiti
02:46 PM Bug #11327: No WAN IP on Optimum Online Dynamic IP: If they suddenly stopped working without changing anything on the firewall the cause is unlikely to be in pfSense sof... Jim Pingle
02:39 PM Bug #11327: No WAN IP on Optimum Online Dynamic IP: Jim Pingle wrote:
> There isn't any evidence of an actionable bug in pfSense yet. Keep the discussion on the forum f... Gus Gemmiti
02:26 PM Bug #11327 (Rejected): No WAN IP on Optimum Online Dynamic IP: There isn't any evidence of an actionable bug in pfSense yet. Keep the discussion on the forum for now.
This site ... Jim Pingle
02:04 PM Bug #11327 (Rejected): No WAN IP on Optimum Online Dynamic IP: I've been successfully using pfSense on this ISP for many years. Recently (a couple of months ago) it would no longe... Gus Gemmiti
03:56 PM Bug #11328 (Resolved): OpenVPN Ciphers will not stick in 2.5: So I upgraded my production home firwewall to 2.5 dev yesterday. None of the OpenVPN clients work after the upgrade d... John Griffin
03:43 PM Revision 9985ed7f: Gateway Group Policy rule creation fix. Issue #11298: Viktor Gurov
03:43 PM Revision 70ffbad3: OpenVPN Server page fields hide fix. #11272: Viktor Gurov
03:42 PM Revision 79ec3f15: Delete all OpenVPN related files on instance deletion. Issue #11254: Viktor Gurov
02:58 PM Revision c66b71c8: Mute console before load crypto modules: Renato Botelho
01:10 PM Bug #10919 (Resolved): Improve handling of OpenVPN data cipher negotiation options: Tested again on today's snapshot, and all works as expected now. I'll set the ticket to resolved. Max Leighton
11:17 AM pfSense Packages Bug #11325 (Feedback): BGP MD5 Keys Dropping Unintentionally: PR has been merged. Thanks! Renato Botelho
06:47 AM pfSense Packages Bug #11325: BGP MD5 Keys Dropping Unintentionally: Great thanks! Christian McDonald
01:10 AM pfSense Packages Bug #11325: BGP MD5 Keys Dropping Unintentionally: fix: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/32 Viktor Gurov
11:15 AM pfSense Packages Feature #11320 (Feedback): Update NAS client type: PR has been merged. Thanks! Renato Botelho
11:12 AM pfSense Packages Bug #11054 (Feedback): Check Client Certificate CN not working as described: PR has been merged. Thanks! Renato Botelho
07:11 AM pfSense Packages Bug #11054: Check Client Certificate CN not working as described: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/33 Viktor Gurov
11:03 AM pfSense Packages Bug #11001 (Feedback): freeradius lose sql lib every pfsense update: PR has been merged. Thanks! Renato Botelho
12:11 AM pfSense Packages Bug #11001 (Confirmed): freeradius lose sql lib every pfsense update: see https://forum.netgate.com/topic/149828/freeradius3-0-15-7_9-2020-01-20-its-stops-can-t-find-libmysqlclient-so-20/... Viktor Gurov
11:01 AM pfSense Packages Bug #8466 (Feedback): radiusd crash: PR has been merged. Thanks! Renato Botelho
10:22 AM Feature #11302: WireGuard XMLRPC sync: As a general rule, anyone using HA would not be using Automatic Outbound NAT -- they would be using Manual Outbound N... Jim Pingle
09:53 AM Feature #11302: WireGuard XMLRPC sync: I've been really running wireguard through it's paces and I have some thoughts concerning this.
So I have a typica... Christian McDonald
10:01 AM pfSense Packages Bug #4088 (Feedback): Buggy squidgurd config file is created: PR has been merged. Thanks! Renato Botelho
10:01 AM pfSense Packages Bug #3085 (Feedback): squidguard: problems when importing a blacklist archive containing soft-links: PR has been merged. Thanks! Renato Botelho
10:01 AM pfSense Packages Feature #11248 (Feedback): SafeSearch update: PR has been merged. Thanks! Renato Botelho
09:52 AM Bug #11250 (Feedback): disabled FTP-Proxy service starts on boot: PR has been merged. Thanks! Renato Botelho
09:51 AM pfSense Packages Bug #11274 (Feedback): ntopng https web server does not present full certificate chain: PR has been merged. Thanks! Renato Botelho
09:49 AM pfSense Packages Feature #11060 (Feedback): Block access to consumer Google accounts: PR has been merged. Thanks! Renato Botelho
09:47 AM pfSense Packages Bug #11234 (Feedback): Filer not create missing necessary folders: PR has been merged. Thanks! Renato Botelho
09:44 AM Bug #11254 (Feedback): Some OpenVPN configuration files remain after deleting an instance: PR has been merged. Thanks! Renato Botelho
09:43 AM Bug #11272 (Feedback): OCSP settings only for TLS auth: PR has been merged. Thanks! Renato Botelho
09:43 AM Bug #11298 (Feedback): Gateway Group Offline Bug: PR has been merged. Thanks! Renato Botelho
09:35 AM pfSense Packages Feature #11301 (Feedback): Switch FRR to use default rc file as a service control base: PR has been merged. Thanks! Renato Botelho
09:35 AM pfSense Packages Bug #11271 (Feedback): Setting default-originate in FRR/BGP Silently Appends a route-map: PR has been merged. Thanks! Renato Botelho
09:15 AM Todo #11278 (Feedback): Update dnsmasq to >=2.8.3: 2.84 is now imported to 2.5.0 repo Renato Botelho
08:37 AM Bug #11326: WireGuard peer allowedips is overriding system's static routes in System > Routing: Seems like you have a flawed configuration/design issue there but it's hard to tell without more information. Post on... Jim Pingle
08:28 AM Bug #11326: WireGuard peer allowedips is overriding system's static routes in System > Routing: Jim Pingle wrote:
> That's the expected behavior. By adding it as an Allowed IPs entry you told the system you _want... Adam Severns
08:01 AM Bug #11326 (Not a Bug): WireGuard peer allowedips is overriding system's static routes in System > Routing: That's the expected behavior. By adding it as an Allowed IPs entry you told the system you _wanted_ that traffic rout... Jim Pingle
07:51 AM Bug #11326 (Not a Bug): WireGuard peer allowedips is overriding system's static routes in System > Routing: If you create a peer on a wg interface that contains an allowedip that also happens to be a static route in System > ... Adam Severns
08:34 AM pfSense Packages Bug #11261: pfBlockerNG ASN numbers in IPv4 (/IPv6) Custom_List generate error(s) "Invalid numeric literal at line 1, column 7": The error may appear when the ASN is empty. See:
[ AS36229_v4 ] Downloading update .parse error: Invalid num... P L
03:57 AM pfSense Packages Bug #11259 (Closed): pfBlockerNG-devel fails to update all IP addresses for ASN using IPv4 Source Definitions: 31.13.71.50 is in
https://api.bgpview.io/asn/32934/prefixes:... Viktor Gurov

01/27/2021

05:06 PM Revision 0c68239a: Fix WireGuard interface name assignment. Fixes #11323: Only set the name when it's empty/unset (e.g. when first created),
automatically determine the next available wg inte... Jim Pingle
05:01 PM Bug #10966: IPv6 - WAN does not renew address when upstream fails: Same here - it's a very common issue for me as well, more than happy to get involved in helping nail this one if I can. Stephen Baines
04:57 PM Bug #10966: IPv6 - WAN does not renew address when upstream fails: Really keen to see some progress with this, it's impacting me on an almost weekly basis.
Please let me know if the... Sam McLeod
04:22 PM Revision 4fdcc82b: WireGuard: Always derive public key. Issue #11322: If the user enters a different private key, using the supplied public
key would lead to a mismatch. So always derive ... Jim Pingle
04:11 PM Revision 2ccdb454: WireGuard: Make pubkey read only, populate automatically. Fixes #11322: While here, add a link to copy the public key to the clipboard. Jim Pingle
04:09 PM pfSense Packages Bug #11325 (Resolved): BGP MD5 Keys Dropping Unintentionally: FRR 1.0.0 on latest v2.5 snapshots.
I'm peering with an upstream that requires a neighbor password.
If I run 's... Christian McDonald
03:20 PM Revision 51fa9278: Merge branch 'viktor/pfSense-ipsecmobileinperror': Jim Pingle
11:18 AM Regression #11316: Unbound crashes with signal 11 when reloading: https://forum.netgate.com/topic/160005/pfsense-2-50-snapshots-have-been-dying-for-the-past-couple-of-days Greg M
11:15 AM Bug #11323 (Feedback): Removing a WireGuard tunnel can cause others to be renumbered: Applied in changeset commit:0c68239a28d3e7a2ee3b58e60b0dd0e0081d7731. Jim Pingle
10:53 AM Bug #11323 (In Progress): Removing a WireGuard tunnel can cause others to be renumbered: Jim Pingle
10:46 AM Bug #11323 (Resolved): Removing a WireGuard tunnel can cause others to be renumbered: * Configure two WireGuard tunnels, wg0 and wg1
* Delete wg0
* Tunnel list shows only wg1
* Edit/Save wg1
* Tunnel... Jim Pingle
10:47 AM Feature #11324 (New): Separate syslog "Remote log servers" Parameters: Currently when setting Multiple Remote log servers, the "Remote Syslog Contents" is GLOBAL. Feature request to set e... Mark WILLIAMS
10:31 AM Bug #11322: WireGuard Public Key should not be entered by the user: gitsync'ed and looking good so far Christian McDonald
10:20 AM Bug #11322 (Feedback): WireGuard Public Key should not be entered by the user: Applied in changeset commit:2ccdb45478a4a7056929e455be9e0841bc8a4280. Jim Pingle
10:10 AM Bug #11322 (In Progress): WireGuard Public Key should not be entered by the user: Jim Pingle
10:05 AM Bug #11322 (Resolved): WireGuard Public Key should not be entered by the user: The WireGuard tunnel public key is derived from the private key. There isn't a compelling reason to allow the user to... Jim Pingle
09:21 AM Feature #11293 (Pull Request Review): New Dynamic DNS Provider: one.com: Jim Pingle
12:05 AM Feature #11293: New Dynamic DNS Provider: one.com: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/242 Viktor Gurov
09:20 AM Bug #11212 (Feedback): PHP error on Mobile IPsec input validating error: PR merged Jim Pingle
12:01 AM Bug #11212 (New): PHP error on Mobile IPsec input validating error: same issue with Group Authentication / Authentication Groups field,
fix: https://gitlab.netgate.com/pfSense/pfSense/... Viktor Gurov
09:18 AM Bug #11319 (Feedback): Mobile IPsec certificate type validation: PR merged Jim Pingle
01:22 AM Bug #11319: Mobile IPsec certificate type validation: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/110 Viktor Gurov
01:01 AM Bug #11319 (Resolved): Mobile IPsec certificate type validation: Mobile IPsec mode doesn't support User Certificates
extra input validation required Viktor Gurov
09:16 AM pfSense Packages Feature #11320 (Pull Request Review): Update NAS client type: Jim Pingle
03:47 AM pfSense Packages Feature #11320: Update NAS client type: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/30 Viktor Gurov
03:09 AM pfSense Packages Feature #11320 (Resolved): Update NAS client type: Client Type field needs update,
Current list of NAT types:
cisco
computone
livingston
max40xx
multitech
nets... Viktor Gurov
09:13 AM Bug #11288 (Resolved): Wireguard: Peer PSK is auto-filled to the keepalive field: Jim Pingle
08:05 AM Bug #11288: Wireguard: Peer PSK is auto-filled to the keepalive field: tested on gitsync yesterday and today via normal snapshot upgrade, both look good here. Christian McDonald
08:03 AM pfSense Packages Bug #9542: FreeRadius with MySQL not started and require mysql-client packet: see #11001 Viktor Gurov
08:02 AM pfSense Packages Bug #10976: Freeradius dont start with SQL configuration: see #11001 Viktor Gurov
07:15 AM Revision f7bc20ef: Mobile IPsec certificate validation. Issue #11319: Viktor Gurov
06:39 AM pfSense Packages Bug #11321 (Resolved): Clamd service fails to start upon reboot when Block PUA option is checked on Squid Proxy Server Package: The Clamd service fails to start upon reboot when Block PUA option is checked on Squid Proxy Server Package with the ... RED SKULL
05:58 AM Revision 3b592d01: Fix PHP error in Mobile IPsec validation if Group Auth is selected. Fixes #11212: Viktor Gurov
12:43 AM pfSense Docs Correction #11318 (Closed): Feedback on pfSense Configuration Recipes — IPsec Site-to-Site VPN Example with Certificate Authentication: incorrect, only required for IPsec Mobile server Viktor Gurov
12:18 AM pfSense Docs Correction #11318 (Closed): Feedback on pfSense Configuration Recipes — IPsec Site-to-Site VPN Example with Certificate Authentication: *Page:* https://docs.netgate.com/pfsense/en/latest/recipes/ipsec-s2s-tls.html
*Feedback:*
"Set the Certificate ... Viktor Gurov
12:10 AM Feature #11317 (Closed): Backup/Restore WireGuard config: already in the latest snapshots Viktor Gurov
12:07 AM Feature #11317 (Closed): Backup/Restore WireGuard config: WireGuard backup/restore on diag_backup.php page Viktor Gurov

01/26/2021

09:38 PM Bug #10966: IPv6 - WAN does not renew address when upstream fails: Hi, considering the fact that the user only saw the patched version not fix the issue one time, would it be possible ... John Griffin
08:51 PM Revision 002a038f: Update OpenVPN Wizard to match current server options. Fixes #10919: Jim Pingle
04:13 PM Revision 9f127e7e: Fix WG Keep Alive field variable name. Fixes #11288: Jim Pingle
03:32 PM Revision 6f78203a: Fix WG Generate button descr.: Jim Pingle
03:30 PM Bug #11307 (Resolved): PHP error when attempting to edit Wireguard peer after creation: No sign of this on snapshots from today, for new or existing peers. Jim Pingle
03:29 PM Bug #11304 (Resolved): DNS-Problems after Configuring VPN-WireGuard with IPv4 & IPv6 Address: Could easily replicate the problem on previous snapshot, current snapshot is working well. The entries in the DNS res... Jim Pingle
03:28 PM Bug #11300 (Resolved): WireGuard Gateway Should Monitor the Remote Peer, not the Local Peer.: Working as intended on current snapshots, for both IPv4 and IPv6. Jim Pingle
09:23 AM Bug #11300: WireGuard Gateway Should Monitor the Remote Peer, not the Local Peer.: Nice. Patched up this morning on my boxes and this is looking good so far Christian McDonald
03:27 PM Bug #11291 (Resolved): WireGuard MTU Can Flap between 1420 and 1500: MTU is stable on current snapshots. It's 1420 even after save/apply on an assigned interface. Jim Pingle
03:26 PM Bug #11289 (Resolved): Wireguard: Automatic outbound NAT rules are applied to the WG interface: OK on current snapshots. The automatic outbound NAT rules are not being applied to WireGuard interfaces (assigned or ... Jim Pingle
03:14 PM Revision 4efba66a: Improve WireGuard field labels & descriptions.: Jim Pingle
03:06 PM Bug #11286 (Resolved): Endpoint port is mandatory if Endpoint is defined: OK on current snapshot. If the endpoint is filled in and port is blank, the default port is used. Jim Pingle
03:05 PM Bug #10919 (Feedback): Improve handling of OpenVPN data cipher negotiation options: Applied in changeset commit:002a038f4e9d4ce4cb4f8e5dec5036eb822017a6. Jim Pingle
02:48 PM Regression #11316 (Rejected): Unbound crashes with signal 11 when reloading: There is not nearly enough information here to constitute a proper bug report, and I cannot reproduce the problem as ... Jim Pingle
02:21 PM Regression #11316 (Resolved): Unbound crashes with signal 11 when reloading: Seems to be the same as here...
https://forum.opnsense.org/index.php?topic=20516.0
My workaround: I have moved t... Martin Müller
02:48 PM Bug #11288: Wireguard: Peer PSK is auto-filled to the keepalive field: Excellent, will test! Thanks Christian McDonald
10:15 AM Bug #11288 (Feedback): Wireguard: Peer PSK is auto-filled to the keepalive field: I found a typo in the variable name used to populate the value in the GUI, but the backend appears to be using it app... Jim Pingle
10:03 AM Bug #11288: Wireguard: Peer PSK is auto-filled to the keepalive field: I'm still having issues with the Keepalive field. When I edit and peer and set the keepalive value, save and come bac... Christian McDonald
02:36 PM Revision 0a0ef335: Improve WireGuard port validation. Fixes #11311: Jim Pingle
02:15 PM Revision cd4103cd: Encode WireGuard tunnel edit/peer values. Issue #11312: Jim Pingle
02:07 PM Revision 7e226dc7: Encode WireGuard tunnel list values. Issue #11312: Jim Pingle
01:37 PM Revision b505e3ae: Suppress errors when opening router file. Fixes #11314: Jim Pingle
01:10 PM Revision 73bd9c00: Merge branch 'viktor/pfSense-checkipsecwildcardcert': Jim Pingle
01:02 PM Bug #11315 (Duplicate): Traffic Graph. shows flat line for wireguard interface: Already being tracked internally (NG 5522) Jim Pingle
12:54 PM Bug #11315 (Duplicate): Traffic Graph. shows flat line for wireguard interface: I'm running... Felix G
12:02 PM Revision 1b165375: IPsec wildcard certificates input validation. Implements #11297: Viktor Gurov
09:20 AM Bug #11312: Unable to edit or add WireGuard peers: I had an string that included a single quote encased by the <descr></descr> variable so it lines up perfectly with yo... RED SKULL
08:25 AM Bug #11312 (Feedback): Unable to edit or add WireGuard peers: I found a couple issues on the page that could be a problem if the description contained a single quote (@'@) which c... Jim Pingle
07:15 AM Bug #11312: Unable to edit or add WireGuard peers: What did you have in those fields?
The keepalive value is numeric so it's unlikely to be that. Description is CDAT... Jim Pingle
08:45 AM Bug #11311 (Feedback): Listen and peer port validation in wg.inc: Applied in changeset commit:0a0ef3352ad9a9c3710c1349a9e91da3209050df. Jim Pingle
07:45 AM Bug #11314 (Feedback): PHP error in gwlb.inc (potential race): Applied in changeset commit:b505e3aecc11b8f8e42c8a3fd7c8b9537c3264a2. Jim Pingle
07:36 AM Bug #11314 (Resolved): PHP error in gwlb.inc (potential race): I can't reproduce this reliably, but occasionally there is a PHP error at boot time:... Jim Pingle
07:20 AM Bug #11297: strongSwan doesn't support wildcard certificates: Applied in changeset commit:1b1653756bf5c087ccb11a7f82202e155cd3fcf2. Viktor Gurov
07:12 AM Bug #11297 (Feedback): strongSwan doesn't support wildcard certificates: Jim Pingle
07:10 AM Bug #11313: Netgate SG-5100 has not received 2.5.0 development update since 11-27-2020: Jim Pingle wrote:
> We are aware. All factory snapshots are currently disabled for internal testing.
Thanks Jim. ... Craig Weber
07:09 AM Bug #11313 (Not a Bug): Netgate SG-5100 has not received 2.5.0 development update since 11-27-2020: We are aware. All factory snapshots are currently disabled for internal testing. Jim Pingle
06:44 AM Bug #11313 (Not a Bug): Netgate SG-5100 has not received 2.5.0 development update since 11-27-2020: Hello,
I've been running the 2.5.0 Development build and for many months would receive regular updates daily. My a... Craig Weber

01/25/2021

11:04 PM Bug #11312: Unable to edit or add WireGuard peers: Ability to edit wireguard peers was regained by editing /cf/conf/config.xml and removing values from the following va... RED SKULL
09:55 PM Bug #11312 (Resolved): Unable to edit or add WireGuard peers: After upgrading from test build 2.5.0.a.20210122.2350 to 2.5.0.a.20210125.0856:
-- I am unable to edit all existi... RED SKULL
09:05 PM Revision ed837d48: Attempt to use peer wg address if possible for gateway. Implements #11300: Jim Pingle
08:43 PM Bug #11311 (Resolved): Listen and peer port validation in wg.inc: The listen port in function wg_validate_post and the peer port in function wg_validate_peer do not appear to be valid... John Clark
04:13 PM Revision 7f56c539: Add WireGuard to backup areas. Implements NG 5485: Jim Pingle
04:02 PM Revision 0c3fff67: Refine Unbound auto ACL generation. Implements #11309: Jim Pingle
03:28 PM Revision 7fe0979b: Rework WireGuard tonatsubnets/unbound ACL entries. Fixes #11304: Jim Pingle
03:15 PM Bug #11300 (Feedback): WireGuard Gateway Should Monitor the Remote Peer, not the Local Peer.: Applied in changeset commit:ed837d48335b1cafdaae3c8320c3a78229e57386. Jim Pingle
02:37 PM Bug #11300 (New): WireGuard Gateway Should Monitor the Remote Peer, not the Local Peer.: I thought up a viable way to do it. Not as clean/elegant as I wanted, but it works. Jim Pingle
08:01 AM Bug #11300: WireGuard Gateway Should Monitor the Remote Peer, not the Local Peer.: The main problem is that there isn't a way for the gateway system to know a viable remote peer address to monitor.
... Jim Pingle
02:14 PM Revision 2924fc26: Init var before use. Fixes #11307: Jim Pingle
01:51 PM Revision 81f10ba1: Add units to source tracking timeout description. Fixes #11303: Jim Pingle
01:41 PM Revision f25efb4b: Allowe peer port < 512: Steve Beaver
01:40 PM Revision 94230d38: Allowe listen port < 512: Steve Beaver
01:33 PM Revision 8b9d2275: Use correct default MTU for WireGuard. Fixes #11291: Jim Pingle
11:59 AM Bug #9450 (Resolved): Multiwan gateway group fail-over not working as expected (possible race condition): I can not reproduce this in 2.5 under the same conditions that cause it in 2.4.5p1. Dee D's response sounds like the ... Max Leighton
11:44 AM Bug #6880: Multiple DHCP6 WAN connections leads to multiple dhcp6c clients: Yes, still there :( Tobias H
11:39 AM pfSense Packages Bug #11271: Setting default-originate in FRR/BGP Silently Appends a route-map: I know you _can_ but why limit the configuration in such a fashion?
Checkbox for enabling default-originate IPv4 w... Chris Linstruth
11:28 AM pfSense Packages Bug #11271: Setting default-originate in FRR/BGP Silently Appends a route-map: Chris Linstruth wrote:
> Shouldn't there be a separate route map selection for each address family?
You can match... Ben Hughes
08:00 AM pfSense Packages Bug #11271: Setting default-originate in FRR/BGP Silently Appends a route-map: Shouldn't there be a separate route map selection for each address family? Chris Linstruth
07:19 AM pfSense Packages Bug #11271 (Pull Request Review): Setting default-originate in FRR/BGP Silently Appends a route-map: Jim Pingle
10:10 AM Todo #11309 (Feedback): DNS Resolver automatic ACL entries need refinement: Applied in changeset commit:0c3fff676c104ca720f251a28b99d2d285298f8f. Jim Pingle
09:34 AM Todo #11309 (Resolved): DNS Resolver automatic ACL entries need refinement: The way the DNS resolver backend code in unbound.inc generates the automatic access list entries is inefficient.
T... Jim Pingle
10:06 AM Bug #11308 (Duplicate): NTP Trying IPv6 when no IPv6 connectivity is available or configured.: See #10322 Jim Pingle
09:34 AM Bug #11308: NTP Trying IPv6 when no IPv6 connectivity is available or configured.: Screen recording of bouncing NTPD. Christian McDonald
09:31 AM Bug #11308 (Duplicate): NTP Trying IPv6 when no IPv6 connectivity is available or configured.: My firewall has IPv6 traffic explicitly blocked and no IPv6 configured on any WAN interfaces.
NTP tries to hit IPv... Christian McDonald
09:56 AM pfSense Packages Feature #11310: Adding a widget to apcupsd plug-in: Link to pull request: https://github.com/pfsense/FreeBSD-ports/pull/1034 Andrew S
09:45 AM pfSense Packages Feature #11310 (Resolved): Adding a widget to apcupsd plug-in: I was inspired to create a widget for the apcupsd plug-in that is included with pfSense and I would like to contribut... Andrew S
09:35 AM Bug #11304 (Feedback): DNS-Problems after Configuring VPN-WireGuard with IPv4 & IPv6 Address: Applied in changeset commit:7fe0979bc0de358a95767c25cfcbddec4a932ce4. Jim Pingle
07:56 AM Bug #11304 (In Progress): DNS-Problems after Configuring VPN-WireGuard with IPv4 & IPv6 Address: Jim Pingle
08:20 AM Bug #11307 (Feedback): PHP error when attempting to edit Wireguard peer after creation: Applied in changeset commit:2924fc260c5c9cbdd03aaa02f9c10944336c6787. Jim Pingle
08:11 AM Bug #11307 (In Progress): PHP error when attempting to edit Wireguard peer after creation: Jim Pingle
08:07 AM Feature #11306 (Duplicate): Switchable time-out for remote admin (like “reload in min / reload cancel” in CISCO): Duplicate of #3895 Jim Pingle
08:05 AM Bug #11290 (Closed): Package ``<plugins>`` and ``<tabs>`` content missing from configuration in some cases: I'll close this out for now, but if someone can reproduce it, we can open it back up with more details about exactly ... Jim Pingle
08:00 AM Bug #11303 (Feedback): Sticky connections units: Applied in changeset commit:81f10ba1d0b64e23b7386e21730d4acee2e2944c. Jim Pingle
07:52 AM Bug #11303: Sticky connections units: Load Balancer is gone, so this is technically now only a multi-wan setting.
I committed a different change to ment... Jim Pingle
07:54 AM Bug #11291: WireGuard MTU Can Flap between 1420 and 1500: Looks good, thanks for the quick update Christian McDonald
07:40 AM Bug #11291 (Feedback): WireGuard MTU Can Flap between 1420 and 1500: Applied in changeset commit:8b9d2275015be7bf8febb1714f8a979d7c5f2beb. Jim Pingle
07:22 AM Bug #11291 (In Progress): WireGuard MTU Can Flap between 1420 and 1500: Jim Pingle
07:49 AM pfSense Packages Bug #8466 (Pull Request Review): radiusd crash: Jim Pingle
07:48 AM Feature #11294 (Pull Request Review): New Dynamic DNS Provider: Yandex PDD: Jim Pingle
07:48 AM Feature #11302: WireGuard XMLRPC sync: Might be tricky since if it was allowed, it couldn't be assigned, or else we'd have to code around allowing it to be ... Jim Pingle
07:45 AM pfSense Packages Feature #11301 (Pull Request Review): Switch FRR to use default rc file as a service control base: Jim Pingle
07:43 AM Bug #11299 (Pull Request Review): Unused L2TP VPN files are not removed when the service is disabled: Jim Pingle
07:42 AM Bug #11296 (Pull Request Review): Static route targets may still reachable via default route when the gateway they should route through is down: Jim Pingle
07:40 AM Bug #11297 (Pull Request Review): strongSwan doesn't support wildcard certificates: Jim Pingle
07:39 AM Bug #11298 (Pull Request Review): Gateway Group Offline Bug: Jim Pingle
07:37 AM Bug #11292 (Duplicate): in the wireguard page double clicking existing tunnel doesn't open the configuration page: This was fixed several days ago, see commit:56a4e2d56f66432a596329bc65cde4c159951829
Duplicate of an entry in our ... Jim Pingle

01/24/2021

11:02 PM Bug #11307 (Resolved): PHP error when attempting to edit Wireguard peer after creation: Version:... Peter Potvin
02:43 PM Bug #11279 (Resolved): Typo in WireGuard Configuration: Confirmed that this typo is fixed in the latest build. Marking the ticket as resolved Max Leighton
02:11 PM Bug #11291: WireGuard MTU Can Flap between 1420 and 1500: I've nailed down clear reproduction steps...assuming that you have a WG tunnel and it's corresponding wg interface as... Christian McDonald
02:04 PM Bug #11290: Package ``<plugins>`` and ``<tabs>`` content missing from configuration in some cases: I experienced this with a very simple OSPF configuration that I had on the 2.4 stable branch. This was an in-place up... Christian McDonald
01:28 AM Feature #11306 (Duplicate): Switchable time-out for remote admin (like “reload in min / reload cancel” in CISCO): Implementation of timeout for remote administration when some change (in ACL for example, in fw rules, etc., ) may ca... Sergei Shablovsky
01:02 AM Bug #11305 (Duplicate): Gateway Group Trigger Level 'Packet Loss or High Latency' Broken: Duplicate of #11298 Viktor Gurov
12:09 AM pfSense Packages Feature #10816 (Resolved): Allow FRR BGP Neighbors to be active in both IPv4 and IPv6: Tested on 21.02-DEVELOPMENT (amd64)
built on Sat Jan 23 00:06:39 EST 2021
FreeBSD 12.2-STABLE
Checkbox "Address ... Azamat Khakimyanov
12:04 AM pfSense Packages Feature #11202 (Resolved): Antivirus feature update: Tested on 21.02-DEVELOPMENT (amd64)
built on Sat Jan 23 00:06:39 EST 2021
FreeBSD 12.2-STABLE
All these new feat... Azamat Khakimyanov

01/23/2021

09:15 PM Bug #11290: Package ``<plugins>`` and ``<tabs>`` content missing from configuration in some cases: please provide the Steps to reproduce the issue. Alhusein Zawi
06:52 PM Bug #11290: Package ``<plugins>`` and ``<tabs>`` content missing from configuration in some cases: Update: I'm not seeing this in the latest snapshots now. So I'm not entirely sure what's going on. There might be an ... Christian McDonald
06:44 PM Bug #11300: WireGuard Gateway Should Monitor the Remote Peer, not the Local Peer.: I guess I'm not familiar enough with the current codebase to follow the reasoning here, but I've created a few manual... Christian McDonald
09:23 AM Bug #11300 (Rejected): WireGuard Gateway Should Monitor the Remote Peer, not the Local Peer.: It's not viable, unfortunately. I tried doing it a few different ways but the current behavior is the best so far.
... Jim Pingle
08:57 AM Bug #11300 (Resolved): WireGuard Gateway Should Monitor the Remote Peer, not the Local Peer.: Not sure the value of monitoring the local/self peer on WireGuard gateways. These should monitor the far/remote end. ... Christian McDonald
06:01 PM Bug #11305 (Duplicate): Gateway Group Trigger Level 'Packet Loss or High Latency' Broken: Whenever I'm doing PBR using a gateway group with a trigger level of 'Packet Loss or High Latency', the firewall rule... Christian McDonald
03:54 PM Bug #11304 (Resolved): DNS-Problems after Configuring VPN-WireGuard with IPv4 & IPv6 Address: VPN / WireGuard / Tunnels
Address: 172.16.16.1/24 -> Everything ist OK
Also allowed is a Comma separated lis... Stephan Hartenauer
03:32 PM pfSense Packages Bug #8047: XG-2758 - Coreboot Upgrade - Different ROM size: Renato Botelho wrote:
> According ADI engineers XG-2758 requires a physical power cycle after upgrade coreboot and b... Arthur Brownlee IV
12:52 PM Bug #11303: Sticky connections units: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/107 Danilo Zrenjanin
12:32 PM Bug #11303 (Resolved): Sticky connections units: Under System/Advanced/Miscellaneous - LoadBalancing description, it is not clear what is the measurement unit(seconds... Danilo Zrenjanin
11:38 AM pfSense Packages Bug #8466: radiusd crash: Fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/29 Danilo Zrenjanin
10:49 AM Feature #11294: New Dynamic DNS Provider: Yandex PDD: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/242 Viktor Gurov
09:45 AM Bug #11288 (Resolved): Wireguard: Peer PSK is auto-filled to the keepalive field: 2.5.0.a.20210122.2350 fixed Viktor Gurov
09:44 AM Bug #11283 (Resolved): Incorrect WireGuard help page: 2.5.0.a.20210122.2350 fixed Viktor Gurov
09:43 AM Feature #11302 (New): WireGuard XMLRPC sync: It would be nice to sync WireGuard configuration and automatically set it to 'disabled' state on the secondary node
... Viktor Gurov
09:20 AM pfSense Packages Feature #11301: Switch FRR to use default rc file as a service control base: PR: https://github.com/pfsense/FreeBSD-ports/pull/1033 Ben Hughes
09:20 AM pfSense Packages Feature #11301 (Feedback): Switch FRR to use default rc file as a service control base: Switch FRR to use default rc file as a service control base

- Set rc.conf.d/frr for watchfrr service action su... Ben Hughes
08:53 AM Bug #11299: Unused L2TP VPN files are not removed when the service is disabled: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/105 Viktor Gurov
08:51 AM Bug #11299 (Resolved): Unused L2TP VPN files are not removed when the service is disabled: `/var/etc/l2tp-vpn` files are not deleted if you disable L2TP VPN Viktor Gurov
08:37 AM Bug #11282 (Resolved): php error on creating new PPPoE server instance: works as expected on 2.5.0.a.20210122.2350 Viktor Gurov
08:35 AM pfSense Packages Feature #11102 (Resolved): Include a dictionary for mpd5 in Freeradius: dictionary.mpd is included Viktor Gurov
08:24 AM Bug #11296: Static route targets may still reachable via default route when the gateway they should route through is down: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/104 Viktor Gurov
02:54 AM Bug #11296 (New): Static route targets may still reachable via default route when the gateway they should route through is down: https://forum.netgate.com/topic/160103/static-routes-not-as-expected:
When WAN gateway is down, I can still access/p... Viktor Gurov
06:25 AM Bug #11297: strongSwan doesn't support wildcard certificates: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/103 Viktor Gurov
03:18 AM Bug #11297 (Resolved): strongSwan doesn't support wildcard certificates: Wildcard certificates are declared deprecated in RFC 6125.
A check which would prevent users from adding a wildcar... Danilo Zrenjanin
04:49 AM Bug #11298: Gateway Group Offline Bug: fix: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/102
see also #10716 Viktor Gurov
03:43 AM Bug #11298 (Resolved): Gateway Group Offline Bug: https://forum.netgate.com/topic/160153/gateway-group-offline-bug:
In 2.5.0.a.20210121.2350 I discovered an issue t... Viktor Gurov

01/22/2021

11:48 PM pfSense Packages Feature #11295 (Resolved): DNSBL IDN support: Add IDN domains support to:
- DNSBL Whitelist
- DNSBL Custom_List
- Python no AAAA List
- IPv4 Custom_List (domai... Viktor Gurov
11:46 PM pfSense Packages Feature #9249 (Resolved): [siproxd] Add config for siptrunk plugin: Viktor Gurov
11:13 PM pfSense Packages Feature #9249: [siproxd] Add config for siptrunk plugin: The configuration has been added to /usr/local/etc/siproxd.conf after Enabling SIP Trunk Plugin
load_plugin=plugin... Alhusein Zawi
11:09 PM Feature #11294 (Closed): New Dynamic DNS Provider: Yandex PDD: Add support for pddimp.yandex.ru dyndns:
https://yandex.com/dev/connect/directory/api/concepts/domains/dns-records-v... Viktor Gurov
11:01 PM Feature #11293 (Closed): New Dynamic DNS Provider: one.com: Add support for one.com DDNS, see:
https://forum.netgate.com/topic/124904/dynamic-dns-one-com Viktor Gurov
09:26 PM Bug #11292 (Duplicate): in the wireguard page double clicking existing tunnel doesn't open the configuration page: in the wireguard page
double clicking existing tunnel doesn't open the configuration page
like others pfsense p... khaled osama
09:05 PM Bug #11283: Incorrect WireGuard help page: 21.02.a.20210120.2350 fixed
2.5.0.a.20210121.2350 not fixed Alhusein Zawi
07:20 AM Bug #11283 (Feedback): Incorrect WireGuard help page: Applied in changeset commit:16a294f7678a4be1a0e7fc066300958dc734deb3. Jim Pingle
02:26 AM Bug #11283: Incorrect WireGuard help page: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/100 Viktor Gurov
02:23 AM Bug #11283 (Resolved): Incorrect WireGuard help page: Clicking on the help icon redirects to https://docs.netgate.com/pfsense/en/latest/index.html instead of https://docs.... Viktor Gurov
06:23 PM Revision fedf01cd: Fix length check for WireGuard interface descriptions: Jim Pingle
06:23 PM Revision e1afb219: Add WireGuard to easyrule: Jim Pingle
06:11 PM Bug #11291 (Resolved): WireGuard MTU Can Flap between 1420 and 1500: The default WireGuard MTU is typically 1420. However , I’ve observed cases where the wg interfaces will flap between ... Christian McDonald
05:40 PM Revision bc8cf86b: Exclude wg(4) from auto outbound NAT. Fixes #11289: Jim Pingle
04:02 PM Revision a0103e4b: PPPoE Server users create and instance delete fix. Issue #11282: Viktor Gurov
04:00 PM Revision d3eb9b35: Fixed 11287 by moving style to css: Steve Beaver
03:55 PM Revision c0d26370: Use gettext() on WireGuard endpoint text. Issue #11286: Jim Pingle
03:52 PM Revision e801e55b: Assume default WG port if empty. Fixes #11286: While here, print a more user-friendly value when peer endpoints are
empty. Jim Pingle
03:30 PM Revision 262dba24: Fix populating keepalive value. Fixes #11288: Jim Pingle
03:24 PM Revision df799f2c: Assume default WG port if empty. Fixes #11286: Jim Pingle
03:17 PM pfSense Packages Bug #11271: Setting default-originate in FRR/BGP Silently Appends a route-map: Chris Linstruth wrote:
> I suggest a checkbox to enable default-originate and a pulldown that lists the route maps f... Ben Hughes
03:15 PM pfSense Packages Bug #11271: Setting default-originate in FRR/BGP Silently Appends a route-map: PR: https://github.com/pfsense/FreeBSD-ports/pull/1032 Ben Hughes
02:46 PM pfSense Packages Bug #11271: Setting default-originate in FRR/BGP Silently Appends a route-map: I suggest a checkbox to enable default-originate and a pulldown that lists the route maps for OPTIONAL inclusion. Chris Linstruth
01:36 PM pfSense Packages Bug #11271: Setting default-originate in FRR/BGP Silently Appends a route-map: George Phillips wrote:
> Basically, that drop-down menu should be empty unless the user defines their own route-maps... Ben Hughes
01:35 PM pfSense Packages Bug #11271: Setting default-originate in FRR/BGP Silently Appends a route-map: Yeh it's a bug, if you select IPv4+IPv6 then it'll work as expected but everything else it'll interpret at a route ma... Ben Hughes
12:14 PM pfSense Packages Bug #11271: Setting default-originate in FRR/BGP Silently Appends a route-map: Basically, that drop-down menu should be empty unless the user defines their own route-maps. The ipv4, ipv6, and ipv... George Phillips
03:17 PM Revision 56a4e2d5: Add doubleclick handlers to WireGuard tables: Steve Beaver
02:18 PM Bug #11290 (Resolved): Package ``<plugins>`` and ``<tabs>`` content missing from configuration in some cases: FRR 1.0.0 is not properly starting/stopping in regards to the configured CARP status IP. Christian McDonald
01:34 PM pfSense Packages Bug #8466: radiusd crash: I tested on the latest snapshot. It still allows entering " as the first character.
e.g., entering the password _... Danilo Zrenjanin
01:15 PM Revision 171b0eb2: Revert "Add wg to ALTQ list. Implements #11280": Unstable. See #11285
This reverts commit 4a49b0d9b182c76f658201124c43278a65542c98. Jim Pingle
01:13 PM Revision 16a294f7: Add help.php entries for Wireguard pages. NG 5455 and Fixes #11283: Jim Pingle
01:02 PM Bug #10919 (In Progress): Improve handling of OpenVPN data cipher negotiation options: Jim Pingle
11:50 AM Bug #11289 (Feedback): Wireguard: Automatic outbound NAT rules are applied to the WG interface: Applied in changeset commit:bc8cf86b8f1d83677c43ba4501704b9192501495. Jim Pingle
11:41 AM Bug #11289: Wireguard: Automatic outbound NAT rules are applied to the WG interface: It should be excluded from automatic outbound NAT, but it does belong in tonatsubnets (so it gets NAT out WANs).
C... Jim Pingle
11:21 AM Bug #11289 (Resolved): Wireguard: Automatic outbound NAT rules are applied to the WG interface: It's unexpected that they should be there for a site-to-site setup.
Additionally the WG interface subnet is includ... Steve Wheeler
10:43 AM pfSense Packages Bug #11054: Check Client Certificate CN not working as described: see http://freeradius.1045715.n5.nabble.com/user-name-and-EAP-TLS-td5714550.html:... Viktor Gurov
10:23 AM Bug #11287 (Resolved): The Wireguard Peers list is not Dark theme compatible: Looks good after a gitsync. It's respecting the CSS change now. Jim Pingle
10:00 AM Bug #11287 (Feedback): The Wireguard Peers list is not Dark theme compatible: Anonymous
08:49 AM Bug #11287 (Resolved): The Wireguard Peers list is not Dark theme compatible: The text is white in the Dark Theme which makes it almost impossible to view again the light blue background.
See:... Steve Wheeler
10:05 AM pfSense Packages Bug #11055 (Resolved): Insecure FreeRADIUS defaults: Tested on the latest snapshot. It's fixed. Ticket resolved. Danilo Zrenjanin
10:03 AM Bug #11282 (Feedback): php error on creating new PPPoE server instance: PR merged Jim Pingle
02:14 AM Bug #11282: php error on creating new PPPoE server instance: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/99 Viktor Gurov
01:41 AM Bug #11282 (Resolved): php error on creating new PPPoE server instance: If you create a new PPPoE Server instance with a 1+ users, a will PHP error occur:... Viktor Gurov
10:00 AM Bug #11286 (Feedback): Endpoint port is mandatory if Endpoint is defined: Applied in changeset commit:e801e55ba199db0cddeb05f5e0b8a0f7ba75c384. Jim Pingle
09:52 AM Bug #11286 (In Progress): Endpoint port is mandatory if Endpoint is defined: One more little thing, in the tunnel list it isn't assuming the default port in the display. Also it's showing ":" fo... Jim Pingle
09:30 AM Bug #11286 (Feedback): Endpoint port is mandatory if Endpoint is defined: Applied in changeset commit:df799f2c43441dc80174f6360ecdab0e78b15eb4. Jim Pingle
09:19 AM Bug #11286: Endpoint port is mandatory if Endpoint is defined: In this case we should assume the default port (@51820@) rather than making the field required. I'll take a look at it. Jim Pingle
08:46 AM Bug #11286: Endpoint port is mandatory if Endpoint is defined: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/101 Viktor Gurov
08:34 AM Bug #11286 (Resolved): Endpoint port is mandatory if Endpoint is defined: It's not possible to define endpoint without port, i.e.... Viktor Gurov
09:40 AM Bug #11288 (Feedback): Wireguard: Peer PSK is auto-filled to the keepalive field: Applied in changeset commit:262dba240a74a4b70cacbe6835dcef344d44f316. Jim Pingle
09:25 AM Bug #11288: Wireguard: Peer PSK is auto-filled to the keepalive field: fix in https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/101/ Viktor Gurov
09:21 AM Bug #11288 (Resolved): Wireguard: Peer PSK is auto-filled to the keepalive field: If you configure a PSK on a WireGuard peer and then edit that peer the keep-alive field will be populated by the PSK ... Steve Wheeler
07:28 AM Todo #11280 (New): Add WireGuard to ALTQ list: Jim Pingle
07:25 AM Todo #11280 (Feedback): Add WireGuard to ALTQ list: Applied in changeset commit:171b0eb2d69dc6737c63e5f6a2be63d705678c04. Jim Pingle
07:16 AM Todo #11280 (New): Add WireGuard to ALTQ list: Reverted this change for now since ALTQ on WireGuard is not stable. See #11285 Jim Pingle
04:46 AM Todo #11280 (Resolved): Add WireGuard to ALTQ list: 2.5.0.a.20210121.2350 - I can successfully create a traffic shaper on the wg* interfaces Viktor Gurov
07:21 AM Bug #11284: php waring in interfaces after upgrading to latest dev version: I didn't see any recent changes which might have introduced a problem on the lines in the error, so it definitely nee... Jim Pingle
04:32 AM Bug #11284 (Rejected): php waring in interfaces after upgrading to latest dev version: This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Viktor Gurov
03:26 AM Bug #11284 (Rejected): php waring in interfaces after upgrading to latest dev version: i updated to the dev version 2.5.0.a.20210121.1437
it gave the following crash report
Crash report begins. Ano... khaled osama
07:17 AM Bug #11285: Kernel crash on ALTQ-enabled wg interfaces: Moving ahead, no time to address this one for now. Reverted the change allowing ALTQ to be used with WireGuard for now. Jim Pingle
06:02 AM Bug #11285 (Closed): Kernel crash on ALTQ-enabled wg interfaces: If you create a traffic shaper queue on the assigned wg* interface,
any WireGuard manipulation (add peer / delete in... Viktor Gurov
07:08 AM Feature #11281 (Duplicate): Generating WireGuard QR codes for fast mobile deployments: Already covered in the plan for config export under NG 5436 Jim Pingle
12:22 AM Feature #11281 (Duplicate): Generating WireGuard QR codes for fast mobile deployments: It would be nice to add QR code generator for fast mobile (Android/iOS) deployments,
Use FreeRADIUS QR code generato... Viktor Gurov
05:05 AM Bug #11277 (Resolved): Hide WireGuard interfaces from Interface Assignments pages: works as expected on 2.5.0.a.20210121.2350 Viktor Gurov
04:41 AM Bug #11275 (Resolved): Certificate import of a signed certificate signing request is not offered: resolved on 2.5.0.a.20210121.2350 Viktor Gurov
02:33 AM Feature #9942: Give pfSense the possibility to change the keyboard Layout for console users: localization steps:
https://forum.netgate.com/topic/159666/pfsense-localization-connecting-on-console-or-via-ssh Viktor Gurov

01/21/2021

11:02 PM Bug #9296 (Confirmed): Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: see also #7209 Viktor Gurov
01:06 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: same issue on 2.5.0.a.20210120.1500
mixed alias entries:
- yandex.ru
- 1.2.3.4... Viktor Gurov
09:57 PM Revision 8dffba30: Fix WireGuard case: Jim Pingle
09:55 PM Revision 5a33a16c: Ticket #5186: Enable Wireguard firewall rules tab: Jim Pingle
09:32 PM Revision e42e51fe: Correct typo. Fixes #11279: Jim Pingle
09:31 PM Revision 4a49b0d9: Add wg to ALTQ list. Implements #11280: Jim Pingle
09:19 PM Revision eb099537: Prevent invalid WireGuard assignments. Fixes #11277: Jim Pingle
08:57 PM Revision db2fefc5: Show WireGuard interface description during assignment. Issue #11277: Jim Pingle
07:55 PM Revision f50c6543: WireGuard assignment/disable behavior improvements. NG 5518: * Do not allow a WireGuard instance to be removed while assigned
* Do not allow a WireGuard instance to be disabled w... Jim Pingle
04:42 PM Revision c3c257e4: Add WireGuard info to status output. NG 5483: Jim Pingle
04:03 PM Revision 488672e3: WireGuard default port usage fix. NG 5482: Jim Pingle
03:52 PM Bug #7209: Something is seriously wrong with firewall aliases: This bug / #9296 was easily reproducible 3 years ago when I first hit it and still is today on 2.4.5-p1. Just make a... Stuart Wyatt
01:06 AM Bug #7209: Something is seriously wrong with firewall aliases: see #9296 Viktor Gurov
03:40 PM Bug #11279 (Feedback): Typo in WireGuard Configuration: Applied in changeset commit:e42e51fefbaf93d8be3f4d2524f72a0bf2c4b543. Jim Pingle
03:32 PM Bug #11279 (In Progress): Typo in WireGuard Configuration: Yep, typo. Fix incoming. Jim Pingle
03:28 PM Bug #11279 (Resolved): Typo in WireGuard Configuration: There´s a typo in the WireGuard peer configuration
I think this should be IPv4 or IPv6 address? Moritz Schwarz
03:40 PM Todo #11280 (Feedback): Add WireGuard to ALTQ list: Applied in changeset commit:4a49b0d9b182c76f658201124c43278a65542c98. Jim Pingle
03:31 PM Todo #11280 (New): Add WireGuard to ALTQ list: wg interfaces support ALTQ, so can be added to the list.
Jim Pingle
03:25 PM Bug #11277 (Feedback): Hide WireGuard interfaces from Interface Assignments pages: Applied in changeset commit:eb0995379ee6778af0b82a28122a9f36a8bd075a. Jim Pingle
03:21 PM Bug #11277: Hide WireGuard interfaces from Interface Assignments pages: Commit is coming momentarily which prevents WireGuard interfaces from being used in VLAN, QinQ, LAGG, and Bridges.
... Jim Pingle
03:19 PM Bug #11277 (In Progress): Hide WireGuard interfaces from Interface Assignments pages: Jim Pingle
11:12 AM Bug #11277 (Resolved): Hide WireGuard interfaces from Interface Assignments pages: it's not needed on VLAN, QinQ, PPP, BRIDGES pages
also: VPN / L2TP, PPPoE server
IPsec, OpenVPN ? Viktor Gurov
03:00 PM Revision e7e4ba5a: Signed CSR import fix. Issue #11275: Viktor Gurov
01:35 PM Todo #11278: Update dnsmasq to >=2.8.3: We are aware, but for the most part it wouldn't impact us. These are all issues in dnsmasq, which while included in p... Jim Pingle
01:08 PM Todo #11278 (Resolved): Update dnsmasq to >=2.8.3: Not really a bug, but are you aware of DNSpooq?
https://www.jsof-tech.com/disclosures/dnspooq/
AFAIK, it was just... Logan Marchione
10:54 AM Feature #8786: Wireguard VPN: Renato Botelho wrote:
> Initial kernel version wireguard support is now in place
FYI. I have receiving fetch err... Ronald Schellberg
09:44 AM Bug #11272 (Pull Request Review): OCSP settings only for TLS auth: Jim Pingle
12:16 AM Bug #11272: OCSP settings only for TLS auth: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/97 Viktor Gurov
09:42 AM pfSense Packages Bug #11274 (Pull Request Review): ntopng https web server does not present full certificate chain: Jim Pingle
08:04 AM pfSense Packages Bug #11274: ntopng https web server does not present full certificate chain: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/28 Viktor Gurov
06:50 AM pfSense Packages Bug #11274 (Resolved): ntopng https web server does not present full certificate chain: The https protected web frontend (port 3000) of ntopng 0.8.13_6 (tested on pfSense CE 2.4.5_1) does not work correctl... Martin Bartosch
09:41 AM Bug #11275 (Feedback): Certificate import of a signed certificate signing request is not offered: PR merged Jim Pingle
09:01 AM Bug #11275: Certificate import of a signed certificate signing request is not offered: Fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/98 Viktor Gurov
06:57 AM Bug #11275 (Resolved): Certificate import of a signed certificate signing request is not offered: Testing the current pfSense 2.5.0-DEVELOPMENT version I encountered a problem with the certificate manager. When requ... Martin Bartosch
09:27 AM Bug #11276 (Rejected): CARP both master master: There is a problem with your configuration or environment. This site is not for support or diagnostic discussion.
... Jim Pingle
09:18 AM Bug #11276 (Rejected): CARP both master master: Hi,
I've an issue with two CARP interfaces. Both are seen as Master/master. All of others CARP interfaces are work... Nazar Hassan
08:08 AM pfSense Packages Bug #11271: Setting default-originate in FRR/BGP Silently Appends a route-map: Looks like 2.5.0 still appends a route-map to me.... Chris Linstruth
07:52 AM pfSense Packages Bug #11273 (Not a Bug): ntopng password reset does not work: unable to reproduce - I can successfully update admin password
you need to use pfSense WebGUI to change password, no... Viktor Gurov
06:45 AM pfSense Packages Bug #11273 (Not a Bug): ntopng password reset does not work: Modifying the admin password in the ntopng settings does not seem to work.
Versions: ntopng 0.8.13_6 on pfSense CE... Martin Bartosch
04:59 AM Bug #11082: XMLRPC synchronization restarts all OpenVPN instances on the secondary node when making any change on the primary node: Hello everyone,
This issue is also affecting us, do you know approximately when an official update is going to fix... Ferran Peinado
02:34 AM Bug #11256: Cannot add alias with multiple URLs: I can reproduce it on 2.4.5-p1,
but it works fine on 2.5.0.a.20210120.1500 Viktor Gurov
12:46 AM pfSense Packages Bug #11261: pfBlockerNG ASN numbers in IPv4 (/IPv6) Custom_List generate error(s) "Invalid numeric literal at line 1, column 7": no such issue with pfBlockerNG-devel 3.0.0_8 - I can successfully add AS number to IPv4/IPv6 Custom_List and see no e... Viktor Gurov
12:18 AM Revision e564dbd6: Add ^wg to list of interface mimatch types: Steve Beaver

01/20/2021

11:43 PM Bug #11272 (Resolved): OCSP settings only for TLS auth: There is no need to show OCSP settings for "Peer to Peer (Shared Key)" and "Remote Access (User Auth)" auth modes Viktor Gurov
11:25 PM pfSense Packages Bug #11271: Setting default-originate in FRR/BGP Silently Appends a route-map: > Selecting IPv4+IPv6 announces the route but it is counter-intuitive for someone creating an IPv4-only peer to selec... Viktor Gurov
08:12 PM pfSense Packages Bug #11271 (Resolved): Setting default-originate in FRR/BGP Silently Appends a route-map: When setting default-priginate on a BGP neighbor thew user is presented with four choices by default:
* No
* IPv4... Chris Linstruth
11:16 PM pfSense Packages Feature #10789 (Feedback): FRR integrated configuration and hitless reloads: Merged Viktor Gurov
08:27 PM Revision 8e48b2e2: Add OS routes using WireGuard Peer AllowedIPs. Part of NG 5437: Jim Pingle
07:50 PM Revision 45ae5c55: Remove WireGuard peernwks field which is not needed. Part of NG 5437: Jim Pingle
07:43 PM Revision 6e23ca79: Fix some bad WireGuard capitalization: Jim Pingle
07:39 PM Revision 236f8ecc: Automatic WireGuard interface gateways. Part of NG 5437: Jim Pingle
05:40 PM Revision a0341111: Update translation files: Renato Botelho
05:37 PM Revision 9661de36: Regenerate pot: Renato Botelho
05:27 PM Revision 3856366b: Retire VXLAN support: VXLAN support is not enterprise ready and after internal discussion we
decided we are not able to support it. We are... Renato Botelho
03:34 PM Feature #11270: Consider integrating Nebula mesh VPN: Forgot to add the link...
https://github.com/slackhq/nebula Jeff Wischkaemper
03:34 PM Feature #11270 (New): Consider integrating Nebula mesh VPN: Slack's Nebula VPN is a very slick system that more-or-less uses Wireguard tunnels, but a sane and scaleable key/cert... Jeff Wischkaemper
01:44 PM Revision 55da9aef: Change XML listtag entry for peer to wgpeer for issue #5186: Jim Pingle
10:28 AM Bug #11267 (Resolved): PHP Error in FRR after WireGuard merge: Renato Botelho
10:01 AM Bug #11267: PHP Error in FRR after WireGuard merge: I applied the patch and the neighbors came back. Thanks for the quick fix! Zachary McGibbon
09:46 AM Bug #11267 (Feedback): PHP Error in FRR after WireGuard merge: This is due to WireGuard trying to use the 'peer' tag as a list when it should be using 'wgpeer' which didn't carry o... Jim Pingle
07:38 AM Bug #11267 (Resolved): PHP Error in FRR after WireGuard merge: Testing:... Steve Wheeler
09:46 AM pfSense Packages Bug #11269 (Duplicate): FRR BGP neighbors missing after update: We are aware -- it's not a problem in FRR, but in the base system. See #11267 Jim Pingle
09:39 AM pfSense Packages Bug #11269: FRR BGP neighbors missing after update: Just found a crash report too:... Zachary McGibbon
09:37 AM pfSense Packages Bug #11269 (Duplicate): FRR BGP neighbors missing after update: Just upgraded to beta 2.5.0.a.20210119.2350 and my bgp neighbors are missing their IP address. If I try and add the ... Zachary McGibbon
08:45 AM Bug #11268 (Resolved): Cookie named ``id`` prevents some forms from being loaded or saved properly: If you have a cookie set with a name 'id' (any value), and you try to edit something, e.g. a firewall rule, the form ... Matthew Fearnley

01/19/2021

08:05 PM Revision ef0b6170: Fix copyright notices: Renato Botelho
08:05 PM Revision b386d073: Remove commented out code: Renato Botelho
08:05 PM Revision 1566a360: Spell WireGuard properly: Renato Botelho
06:58 PM Feature #11266 (Resolved): Option to list AutoConfigBackup entries in "reverse" order (newest at top): I'm sure there are others like me that prefer and that are used to latest entries being at the top.
Just today whe... Brandon Jackson
06:34 PM Revision 6f0fbd64: Fixed #11265 - Remove unwanted log messages: Steve Beaver
02:35 PM Revision 06dda92e: wg: Deny toconfigure IP address on wg interfaces: Ticket #5186 Renato Botelho
02:35 PM Revision 6facda79: Add igc to ALTQ list. Issue NG 5185: Jim Pingle
02:35 PM Revision c9706433: Preserve wireguard address after interface assign: Renato Botelho
02:35 PM Revision 4efe99c6: Improve code readability: Renato Botelho
02:35 PM Revision c3acf286: Fixed #5486 by making peer endpoint and port optional: Steve Beaver
02:35 PM Revision f88a9797: Warn user if peer table has changed before leaving page: Steve Beaver
02:35 PM Revision 422f8a04: Added new Wireguard config fields peernwks and peerwgaddr per #5437: Steve Beaver
02:35 PM Revision 282d8ee7: wg: Configure static routes: When configuring a wg tunnel, update static routes associated with that
interface Renato Botelho
02:35 PM Revision d1ac0394: Update copyright year: Renato Botelho
02:35 PM Revision fbf0a83d: Fix typo: Jim Pingle
02:35 PM Revision 39a615f0: Ticket #5186: Re-create config files during boot: Renato Botelho
02:35 PM Revision 948266c7: Load file on pressing 'Enter' key: Steve Beaver
02:35 PM Revision 580c7a4f: Ticket #5186: Implement is_wg_enabled(): Renato Botelho
02:35 PM Revision 07aa50fd: Ticket #5186: Fix comment: Renato Botelho
02:35 PM Revision aea837f8: #5186 - Revised peer configuration to use 'wgpeer' rather than 'peer': Steve Beaver
02:35 PM Revision a0669cfb: wg: Do not check assigned interface (Ticket #5186): When saving changes on wireguard, do not check address conflict on
interface assigned to that tunnel, otherwise, it w... Renato Botelho
02:35 PM Revision b0c94a2e: wg: Fix indent and improve code readability: Renato Botelho
02:35 PM Revision 69ae8263: wg: Adjust priv entries: Renato Botelho
02:35 PM Revision 97e391de: wg: Use a more generic function to detect IP address: Renato Botelho
02:35 PM Revision 835e6895: wg: Remove extra spaces: Renato Botelho
02:35 PM Revision 50bd4119: wg: isset() just before is_array() is redundant: Renato Botelho
02:35 PM Revision d763c52b: wg: unlink_if_exists() can deal with glob matches: Renato Botelho
02:35 PM Revision e340cb98: wg: Style fixes: Renato Botelho
02:35 PM Revision cfc9bcc7: wg: Fix gettext() calls: Renato Botelho
02:35 PM Revision 4e43d19d: wg: Simplify logic: Renato Botelho
02:35 PM Revision 21e74d25: Fix Wireguard tunnel save with zero peers: Steve Beaver
02:35 PM Revision 2b0b1f3b: Completed revision of wg config edit fors: Steve Beaver
02:35 PM Revision ae53a939: Revised wg edit system to use peer table as source of truth: Steve Beaver
02:35 PM Revision 971d1374: Eliminate ghost lines in modal: Steve Beaver
02:35 PM Revision 6fca3062: revised peer display/edit form: Steve Beaver
02:35 PM Revision bff120fb: Revise appearance of save and PSK buttons: Steve Beaver
02:35 PM Revision e773d8fe: Added allowed ip validation: Steve Beaver
02:35 PM Revision 566facd9: #5186 fixed validation issues as requested: Steve Beaver
02:35 PM Revision a76f22d7: #5186 - Provide 'generate PSK' butoon. Some fixes to validation: Steve Beaver
02:35 PM Revision 165b5c4f: #5186 - Add ability to mark row-helper help text as required (underlined) by pre-pendinf text with '*'. No longer clear help text when adding new peer.: Steve Beaver
02:35 PM Revision db784b1a: #5186 Added keepalive units, clarified Address text, added incremented port placeholder, minor validation changes: Steve Beaver
02:35 PM Revision 065847a4: Added user input validation for Wireguard config. Marked certain values as required: Steve Beaver
02:35 PM Revision f319adf4: Add the tunnel address to WG interface.: Wireguard support is now functional. Luiz Souza
02:35 PM Revision 4103ddd6: Fix the wireguard configuration file, start tunnels at boot.: Add the Endpoint port, fix the configuration permissions.
Remove the WG tunnel when a tunnel is removed. Luiz Souza
02:35 PM Revision 1698954c: Added support for wireguard pre-shared keys: Steve Beaver
02:35 PM Revision b8abb69c: Optionally generate keys in JSON: Steve Beaver
02:35 PM Revision 7d18cbb6: Added ability to generate a new public/private key pair for hte interface. Public key is displayed on the tunnel edit form: Steve Beaver
02:35 PM Revision 0f674c32: Fixes the saving of peers settings in GUI.: The previous commits had a few mistakes which were fixed in here.
Fixes the WG configuration path and creation.
The... Luiz Souza
02:35 PM Revision 5f4b92c2: Rename the Wireguard peers entries in configuration XML to 'peer'.: 'peer' is already properly handled by the XML routines as a list entry, which
is not the case of 'peers'.
This fixes... Luiz Souza
02:35 PM Revision 52a5f91f: Fix a typo.: No functional change. Luiz Souza
02:35 PM Revision f8fac290: Fix the file name in header.: Remove the mention from m0n0wall, this code was created for pfSense. Luiz Souza
02:35 PM Revision c5070198: Moved wg.inc to proper location: Steve Beaver
02:35 PM Revision eebd46d0: Dim row when tunnel is disabled: Steve Beaver
02:35 PM Revision efb7b532: Removed peer file. No longer needed: Steve Beaver
02:35 PM Revision e5f5c961: Revised tunnel table, added firewall key display, added key generation code: Steve Beaver
02:35 PM Revision 77084fc6: Add tunnel name (wg?) to tunnel so that tunnels can be deleted without renumbering the remaining tunnels: Steve Beaver
02:35 PM Revision 02b75dc3: Completed tunnel delete logic: Steve Beaver
02:35 PM Revision 42c33bac: Completed new tunnel functionality when no tunnels exist in hte config: Steve Beaver
02:35 PM Revision ea07ba5a: Completed config file update: Steve Beaver
02:35 PM Revision 42fc38a3: Add new tunnel functionality: Steve Beaver
02:35 PM Revision 7ce95691: Completed 'row helper' stuff to allow peers to be added and deleted: Steve Beaver
02:35 PM Revision 8a31882d: Split peer form into two rows with custom Javascript methods: Steve Beaver
02:35 PM Revision b445ccbf: Added form elements to edit interface: Steve Beaver
02:35 PM Revision 80af47f0: Prototyped main wireguard UI page: Steve Beaver
02:35 PM Revision 54ff075d: Accommodate PersistentKeepalive and PresharedKey peer options: Steve Beaver
02:35 PM Revision 729c4d55: <peer> => <peers>: Steve Beaver
02:35 PM Revision 82bcf46c: Outlined Wireguard GUI pages and added it to the VPN menu: Steve Beaver
02:35 PM Revision c6cdaad1: Outlines config.xml => wireguard config files utility: Steve Beaver
02:35 PM Revision 9922914d: Build the Wireguard module: Renato Botelho
12:40 PM Bug #11265: Remove log spam due to bootstrap map file: Applied in changeset commit:6f0fbd6406d5a7ebfa60c56c7755cd0815c883d5. Anonymous
12:34 PM Bug #11265 (Feedback): Remove log spam due to bootstrap map file: Anonymous
12:28 PM Bug #11265 (Resolved): Remove log spam due to bootstrap map file: Bootstrap is making unneeded log file entries when trying to access bootstrap.css.map Anonymous
10:31 AM Feature #11264 (Closed): Redirect Captive Portal users to login page after they logout: Currently (i.e when a custom logout page is present) when a user clicks on logout , a window with the logout message ... much nuks
08:41 AM Feature #8786 (Feedback): Wireguard VPN: Initial kernel version wireguard support is now in place Renato Botelho
07:06 AM pfSense Packages Bug #11185: Redis service stopping before NtopNg: Yes, because patched version is 0.8.13_8 if nothing changed
I really doesn't understand when packages are pushed t... DRago_Angel [InV@DER]
06:30 AM pfSense Packages Bug #11185 (Assigned): Redis service stopping before NtopNg: Tested on 2.4.5_p1 (2 versions of NtopNG: 0.8.13_5 and 0.8.13_6) and on 2.5-DEVELOPMENT (built on Tue Jan 19 00:05:03... Azamat Khakimyanov

01/18/2021

10:27 PM Bug #11263 (Not a Bug): Unbound fails to parse config if DNS Query Forwarding and custom options are enabled: It's a known and well documented case. Given the wide variety of what users may want to do with custom options, the U... Jim Pingle
10:05 PM Bug #11263: Unbound fails to parse config if DNS Query Forwarding and custom options are enabled: Looks like this can be "fixed" by prepending "server:" before the list of custom options.
This wasn't obvious from t... Konstantin Svist
09:33 PM Bug #11263 (Not a Bug): Unbound fails to parse config if DNS Query Forwarding and custom options are enabled: I tried to enable DNS Query Forwarding and I have a custom option.
unbound-checkconf fails pointing to the custom op... Konstantin Svist
09:25 PM Bug #8468: Status / Queues show mostly NaN: Not sure why this is rejected, a bunch of users see this issue.
It's a quick patch, just edit /usr/local/www/status_... Konstantin Svist
05:23 PM Feature #11262 (New): Time Based Rules - selects all days in the current month: *Page:* https://docs.netgate.com/pfsense/en/latest/firewall/time-based-rules.html
*Feedback:*
I don't know i... Andrei Caba
05:02 PM pfSense Packages Bug #11259: pfBlockerNG-devel fails to update all IP addresses for ASN using IPv4 Source Definitions: I may not be able to reproduce this bug now. P L
03:39 PM pfSense Packages Bug #11259 (Closed): pfBlockerNG-devel fails to update all IP addresses for ASN using IPv4 Source Definitions: pfBlockerNG-devel v3.0.0_8
pfBlockerNG-devel fails to update all IP addresses for ASN using IPv4 Source Definition... P L
05:00 PM pfSense Packages Bug #11261 (New): pfBlockerNG ASN numbers in IPv4 (/IPv6) Custom_List generate error(s) "Invalid numeric literal at line 1, column 7": If AS numbers are entered in IPv4 Custom_List or IPv6 Custom_List, an error message, "Invalid numeric literal at line... P L
03:46 PM pfSense Packages Feature #11260 (New): pfBlockerNG: predefined ASN groups for Google, Facebook, Apple, etc with useful selections: pfBlockerNG has the useful feature to create Aliases of IP addresses using ASN number(s).
This is useful for defin... P L
03:29 PM Bug #11255: ipv6 unable to get delegation: Jim Pingle wrote:
> There is no evidence that it is a bug -- which is why you must discuss it first on the forum. "I... William Warren
03:23 PM Bug #11255: ipv6 unable to get delegation: There is no evidence that it is a bug -- which is why you must discuss it first on the forum. "It works here but not ... Jim Pingle
03:05 PM Bug #11255: ipv6 unable to get delegation: Jim Pingle wrote:
> This site is not for support or diagnostic discussion.
>
> For assistance in solving problems... William Warren
03:03 PM Bug #11255 (Rejected): ipv6 unable to get delegation: This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
03:00 PM Feature #11207 (Closed): Add watchfrr to routing log: Jim Pingle
03:00 PM pfSense Packages Feature #11233 (Closed): Add 'Allow IP options' interface fw rule note: Jim Pingle
03:00 PM Bug #11254 (Pull Request Review): Some OpenVPN configuration files remain after deleting an instance: Jim Pingle
02:54 PM pfSense Docs Correction #11258 (Closed): Feedback on Installing and Upgrading — Prepare Installation Media — Prepare a USB Memstick: *Page:* https://docs.netgate.com/pfsense/en/latest/install/write-memstick.html#connect-the-usb-memstick-to-the-workst... Anonymous
02:51 PM Bug #11256: Cannot add alias with multiple URLs: Same goes for URLs with ports lists. Andreas Lindhé
10:45 AM Feature #11257 (New): Installed Packages: Update all button: Hi, when you have more then 10 packages on pfsense it hard to update each one by one, but update all button simply mi... DRago_Angel [InV@DER]
04:59 AM Bug #7209: Something is seriously wrong with firewall aliases: I can confirm that I have the same issue on 2.4.4-RELEASE-p1. please reopen this. Chris Tsou

01/17/2021

03:46 PM Bug #10919: Improve handling of OpenVPN data cipher negotiation options: The OpenVPN Server Wizard doesn't seem to be updated to reflect these changes. When running through the Wizard the fi... Max Leighton
07:09 AM Bug #11256 (Rejected): Cannot add alias with multiple URLs: When adding an URL alias with multiple URLs, only the last URL ever gets resolved.
*Expected behavior:* every URL ... Andreas Lindhé
03:21 AM Feature #11207: Add watchfrr to routing log: Are you saying there's something not working? As that output looks as expected to me. Ben Hughes

01/16/2021

09:10 PM Bug #11255 (Rejected): ipv6 unable to get delegation: I have a netgear cm1000 modem and for some reason with pfsense I cannot get an IPV6 allocation. I have plugged in my ... William Warren
06:44 PM Feature #11207: Add watchfrr to routing log: Status>System Logs>System >Routing :
Jan 17 00:34:04 watchfrr 75512 watchfrr 7.5 starting: vty@0
Jan 17 00:34:04 ... Alhusein Zawi
03:21 PM Bug #9643: Limiters do not function properly on 2.5 snapshots: I've tested FQ_CODEL Too, but not working.
i have dual wan setup, and i have 4 different limiters (2) for every wan ... Samuel Hanna
02:29 PM pfSense Packages Feature #11233: Add 'Allow IP options' interface fw rule note: The Note has been added.
2.5.0.a.20210115.2350 pimd 0.0.3_4
Alhusein Zawi
10:56 AM Bug #11254: Some OpenVPN configuration files remain after deleting an instance: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/96 Viktor Gurov
10:09 AM Bug #11254 (Resolved): Some OpenVPN configuration files remain after deleting an instance: If you delete OpenVPN Server/Client in the WebGUI, no all config files/directories will be deleted:... Viktor Gurov
06:38 AM pfSense Packages Bug #4088: Buggy squidgurd config file is created: > 1) Do not write out sources for disabled ACLs, or squidguard treats these
sources as "always pass"!
fix:
https... Viktor Gurov
05:45 AM pfSense Docs Correction #11253 (Resolved): Feedback on Multiple WAN Connections — Load Balancing and Failover with Gateway Groups: *Page:* https://docs.netgate.com/pfsense/en/latest/multiwan/load-balance-and-failover.html
*Feedback:*
Minor typo... Garry Page
04:26 AM Bug #11249 (Resolved): openvpn peer to peer shared key deprecated warning: works as expected on 2.5.0.a.20210115.2350 Viktor Gurov
03:55 AM Feature #7467 (Resolved): Add iPhone/Android/Generic USB tethering support: works as expected with Android:... Viktor Gurov
03:39 AM pfSense Packages Bug #11252 (Duplicate): Error importing UT1 blacklist: Duplicate of #3085 Viktor Gurov
01:53 AM pfSense Packages Bug #11252 (Duplicate): Error importing UT1 blacklist: errors on importing ftp://ftp.ut-capitole.fr/pub/reseau/cache/squidguard_contrib/blacklists.tar.gz DB (used by pfBloc... Viktor Gurov
03:38 AM pfSense Packages Bug #3085: squidguard: problems when importing a blacklist archive containing soft-links: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/26 Viktor Gurov
01:39 AM pfSense Packages Bug #6378 (Resolved): inline background styles in squidguard package: works as expected Viktor Gurov
01:39 AM pfSense Packages Bug #9364 (Resolved): squidguard int error page does not use https: works as expected:... Viktor Gurov
12:44 AM pfSense Packages Feature #7903: Duo ssh package: duo_unix is already in the port collection:
https://www.freshports.org/security/duo/ Viktor Gurov

01/15/2021

09:01 PM Bug #10680 (Resolved): Improve interface caching when we have many interfaces: I was able to test this in 2.4.5p1 and 2.5. Boot time and GUI navigation speeds with 400 VLANs are significantly incr... Max Leighton
09:00 PM Feature #10972 (Resolved): Add IPv6 DDNS support for easyDNS: Unable to test that this is working. I'll mark resolved since there is no recent feedback. Max Leighton
04:32 PM pfSense Packages Feature #11186: Allow lo0/Loopback as a valid interface in OSPF/OSPF6: Just enable connected redistribution and they’ll be redistributed into OSPF. Then use route-map/access-list to filter... Ben Hughes
04:04 PM Revision d9f8094b: Blacklist => Blocklist, Whitelist => Pass list: Steve Beaver
03:38 PM Bug #8070 (Closed): IKEv2 IPSec tunnel under load crashes pfSense when AES-NI is enabled: Seems this is the same as:
https://redmine.pfsense.org/issues/8961
https://redmine.pfsense.org/issues/8964
Closi... Marcos M
03:11 PM Todo #11020 (Resolved): Update OpenVPN to 2.5.0: Jim Pingle
03:10 PM Revision a2ba5b6c: OpenVPN genkey secret command fix. Issue #11249: Viktor Gurov
02:23 PM Revision a847ee75: Revert "Do not build drm2 kernel module, we want drm-mod from ports": This reverts commit a8a1fb54b706f8f320b130bb3a4a9d290089f5f4. Renato Botelho
02:23 PM Revision 67d1f4f8: Revert "Revert "Remove drm-kmod"": This reverts commit d52832b5c4c195614d2826f772166c253390222f. Renato Botelho
12:23 PM pfSense Docs Correction #11244: Feedback on Packages — Nut package: This link: https://forum.netgate.com/topic/102959/nut-package
The package info link was changed last week to a doc... Denny Page
11:09 AM pfSense Docs Correction #11244: Feedback on Packages — Nut package: Denny Page wrote:
> *Page:* https://docs.netgate.com/pfsense/en/latest/packages/nut.html
>
> *Feedback:*
>
> M... Michael Spears
11:08 AM Bug #11250: disabled FTP-Proxy service starts on boot: It's there and working, but you may not have access as it's not a public copy of the repository. Jim Pingle
11:03 AM Bug #11250: disabled FTP-Proxy service starts on boot: Viktor Gurov wrote:
> https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/25
Unable to view this li... Michael Spears
05:34 AM Bug #11250: disabled FTP-Proxy service starts on boot: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/25 Viktor Gurov
05:30 AM Bug #11250 (Resolved): disabled FTP-Proxy service starts on boot: after disabling FTP-Proxy in the WebGUI rc file is not deleted
and the service starts at boot Viktor Gurov
10:19 AM Bug #11251: Alias JS validation rejects  193.122.208.0/20: I tried in Chrome and I do not have an issue. I scrubbed the text in notepad to make sure there is not html being pa... Kristopher Kolpin
10:15 AM Bug #11251: Alias JS validation rejects  193.122.208.0/20: That's what I used, same version, on Linux Mint and Windows 10.
Maybe a browser add-on or similar, something cache... Jim Pingle
10:13 AM Bug #11251: Alias JS validation rejects  193.122.208.0/20: Can you try latest Firefox 84.0.2 64-bit? Kristopher Kolpin
10:10 AM Bug #11251 (Not a Bug): Alias JS validation rejects  193.122.208.0/20: Must be something in your browser. I can't replicate this on 2.4.5-p1 or 2.5.0 on amd64 or ARM. The provided value wo... Jim Pingle
10:04 AM Bug #11251 (Not a Bug): Alias JS validation rejects  193.122.208.0/20: Hi Everyone,
Got a weird issue here. The validation in Alias' does not seem to like CIDR range  193.122.208.0/20.... Kristopher Kolpin
09:40 AM pfSense Packages Bug #11247 (Rejected): pfBlockerNG DNSBL service refused to start: This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
04:38 AM pfSense Packages Bug #11247: pfBlockerNG DNSBL service refused to start: khaled osama wrote:
> pfBlockerNG DNSBL service refused to start
>
> [2.5.0-DEVELOPMENT]/root: /usr/local/etc/rc... khaled osama
09:10 AM Bug #11249 (Feedback): openvpn peer to peer shared key deprecated warning: PR has been merged. Thanks! Renato Botelho
07:29 AM Bug #11249: openvpn peer to peer shared key deprecated warning: another deprecated option:
https://community.openvpn.net/openvpn/wiki/DeprecatedOptions#Option:--route-nopull
https... Viktor Gurov
07:15 AM Bug #11249: openvpn peer to peer shared key deprecated warning: Fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/95
see https://community.openvpn.net/openvpn/wik... Viktor Gurov
05:09 AM Bug #11249 (Resolved): openvpn peer to peer shared key deprecated warning: 2.5.0-DEVELOPMENT (amd64)
built on Thu Jan 07 21:49:54 EST 2021
FreeBSD 12.2-STABLE
create a new openvpn server ... Manuel Piovan
08:13 AM Bug #10224 (Resolved): DHCP DDNS does not add zone entries for keys when using static host DDNS definitions: works as expected on 2.5.0.a.20210114.2350
dhcpd.conf example:... Viktor Gurov
05:32 AM pfSense Packages Bug #11236 (Resolved): A Link to the Virtual IP setup doesn't work under Frontend setup: Tested on the latest snapshot. It works fine. Ticket resolved. Danilo Zrenjanin
04:12 AM pfSense Packages Feature #11248: SafeSearch update: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/24 Viktor Gurov
03:45 AM pfSense Packages Feature #11248 (Resolved): SafeSearch update: Add Ecosia and Onesearch safesearch support
see also https://github.com/serv-inc/safe-search Viktor Gurov
03:44 AM pfSense Packages Bug #11246 (Closed): Squid Reverse proxy 'https_port option cert=' startup error: Manual squid configuration issue Viktor Gurov
03:42 AM pfSense Packages Feature #11060: Block access to consumer Google accounts: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/23 Viktor Gurov

01/14/2021

11:12 PM pfSense Packages Bug #11234: Filer not create missing necessary folders: recursive mkdir fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/22
> Also here is question... Viktor Gurov
11:10 PM pfSense Packages Bug #11247 (Rejected): pfBlockerNG DNSBL service refused to start: pfBlockerNG DNSBL service refused to start
[2.5.0-DEVELOPMENT]/root: /usr/local/etc/rc.d/pfb_dnsbl.sh restart
2... khaled osama
03:02 PM Feature #11243: individual pfctl snort2c tables per interface only blocking IPs for specific interface when a rule triggers in snort/suricata: I understand better now. I am not against having unique blocking tables for each interface, but implementing that req... Bill Meeks
01:15 PM Revision 16ea962d: Static DHCP mappings DDNS tabs fix. Issue #10224: Viktor Gurov
12:20 PM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: I just registered here to say that I believe I'm experiencing this exact bug (see https://forum.netgate.com/topic/159... Max Knabe
08:19 AM pfSense Packages Bug #11185 (Feedback): Redis service stopping before NtopNg: PR has been merged. Thanks! Renato Botelho
08:08 AM Bug #1635 (Resolved): timeout setting on firewall rules does not work for UDP: works as expected on 2.5.0.a.20210113.0250 -
pfctl successfully loads rules with `udp.multiple` and `other.multiple... Viktor Gurov
07:42 AM pfSense Packages Bug #11055 (Feedback): Insecure FreeRADIUS defaults: PR has been merged. Thanks! Renato Botelho
07:37 AM Bug #10224 (Feedback): DHCP DDNS does not add zone entries for keys when using static host DDNS definitions: Merged Renato Botelho
07:36 AM Bug #10224 (Pull Request Review): DHCP DDNS does not add zone entries for keys when using static host DDNS definitions: Jim Pingle
07:17 AM Bug #10224: DHCP DDNS does not add zone entries for keys when using static host DDNS definitions: minor tabs fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/94 Viktor Gurov
07:34 AM pfSense Packages Feature #11202 (Feedback): Antivirus feature update: PR has been merged. Thanks! Renato Botelho
04:43 AM pfSense Packages Feature #11202: Antivirus feature update: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/21 Viktor Gurov
07:34 AM pfSense Packages Feature #10541 (Feedback): Squid failover and load balancing: PR has been merged. Thanks! Renato Botelho
06:45 AM pfSense Packages Bug #11246 (Closed): Squid Reverse proxy 'https_port option cert=' startup error: https://forum.netgate.com/topic/159859/squid-version-4-10-cant-start-service:... Viktor Gurov
06:25 AM pfSense Packages Feature #11233 (Feedback): Add 'Allow IP options' interface fw rule note: PR has been merged. Thanks! Renato Botelho
06:11 AM pfSense Packages Bug #11236 (Feedback): A Link to the Virtual IP setup doesn't work under Frontend setup: PR has been merged. Thanks! Renato Botelho
06:09 AM Bug #11237: Incorrect copyright year: Tested on the latest snapshot.
It looks fine.
Ticket resolved. Danilo Zrenjanin
06:09 AM Bug #11237 (Resolved): Incorrect copyright year: Danilo confirmed it's OK Renato Botelho
05:23 AM Bug #11237: Incorrect copyright year: Alhusein Zawi wrote:
> it is still 2020 (attached)
>
> 2.5.0.a.20210113.0250
This one comes from Prodtrack an... Renato Botelho

01/13/2021

11:10 PM pfSense Docs Correction #11245 (Resolved): Feedback on Virtual Private Networks — IPsec — IPsec Configuration: *Page:* https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/configure.html
*Feedback:*
Description of the Dyna... Viktor Gurov
05:09 PM Revision d52832b5: Revert "Remove drm-kmod": This reverts commit 86afee72c80bee8dd09a40fc801fe718044794a9. Renato Botelho
05:08 PM Revision a8a1fb54: Do not build drm2 kernel module, we want drm-mod from ports: Renato Botelho
04:34 PM Bug #11237: Incorrect copyright year: it is still 2020 (attached)
2.5.0.a.20210113.0250 Alhusein Zawi
03:51 PM Feature #4821: PPPoE WANs do not take full advantage of NIC driver queues for receiving traffic: Can we get some kind of CAPTCHA on here to rid ourselves of this polluting junk?? → luckman212
01:14 PM pfSense Packages Feature #11233: Add 'Allow IP options' interface fw rule note: I've added the note.
https://github.com/pfsense/FreeBSD-ports/pull/1027 Danilo Zrenjanin
04:41 AM pfSense Packages Feature #10541: Squid failover and load balancing: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/20 Viktor Gurov
04:35 AM Feature #11243: individual pfctl snort2c tables per interface only blocking IPs for specific interface when a rule triggers in snort/suricata: Bill, thank you for getting back to me that fast!
Indeed you are correct with you summary. A main challenge is the d... Felix S
12:41 AM Todo #204 (Resolved): All write_config() statements should include a reason of some sort: tested on 2.5.0.a.20210112.0250
all write_config() calls have messages Viktor Gurov
12:00 AM pfSense Docs Correction #11244 (Resolved): Feedback on Packages — Nut package: *Page:* https://docs.netgate.com/pfsense/en/latest/packages/nut.html
*Feedback:*
Might want to maintain a link ... Denny Page

01/12/2021

11:30 PM Bug #11142 (Resolved): rc.newwanip restarts VPN services when the IP matches: Alhusein Zawi wrote:
> Danilo Zrenjanin wrote:
>
> ipsec tunnel will be restarted if you hit apply at any interfa... Viktor Gurov
11:04 PM pfSense Packages Feature #11113 (Resolved): New phishing feeds: Viktor Gurov
08:06 PM Feature #11243: individual pfctl snort2c tables per interface only blocking IPs for specific interface when a rule triggers in snort/suricata: I'm not sure I completely understand your request reasoning. In a typical default installation of the IDS packages al... Bill Meeks
09:25 AM Feature #11243 (New): individual pfctl snort2c tables per interface only blocking IPs for specific interface when a rule triggers in snort/suricata: Feature Request Background:
The snort2c table is used for blocking any connections to any IP address which is put in... Felix S
07:56 AM Bug #11242 (Rejected): virtual ip alias prefix gets removed from routing table after 1 min: I cannot reproduce this here, there must be some other problem in your environment causing the behavior you have obse... Jim Pingle
05:37 AM Bug #11242 (Rejected): virtual ip alias prefix gets removed from routing table after 1 min: We have a virtual ip alias called 192.168.100.254/24, when i add it then it adds 192.168.100.0/24 to the routing tabl... Daniel Frantzen
06:14 AM pfSense Packages Todo #11215 (Resolved): Update NtopNG to 4.2: Renato Botelho
03:56 AM pfSense Packages Todo #11215: Update NtopNG to 4.2: Thank you DRago_Angel [InV@DER]
02:09 AM pfSense Packages Bug #11101 (Resolved): Bind DNS Server won't start: Tested on 2.4.5_p1 and on 2.5-DEVELOPMENT (built on Mon Jan 11 11:12:41 EST 2021).
On 2.4.5_p1 (Bind package versi... Azamat Khakimyanov

01/11/2021

05:50 PM Revision e733f5b2: DHCPD ARPA zone trailing dot. Fixes #11224: Viktor Gurov
04:49 PM Feature #9703: Certificate Manager Expiration Notification: Orion Poplawski wrote:
> I just got hit by this as well. Notification email is definitely needed. Thanks.
I can... DRago_Angel [InV@DER]
04:33 PM Feature #9703: Certificate Manager Expiration Notification: I just got hit by this as well. Notification email is definitely needed. Thanks. Orion Poplawski
12:55 PM pfSense Docs Correction #11241: Feedback on Backup and Recovery — Restoring from Backups: This is the case when restoring an OpenVPN configuration. I'm unsure what other areas it may apply to. Marcos M
12:54 PM pfSense Docs Correction #11241 (Resolved): Feedback on Backup and Recovery — Restoring from Backups: *Page:* https://docs.netgate.com/pfsense/en/latest/backup/restore.html
*Feedback:*
On the "Restore area" section ... Marcos M
12:00 PM Bug #11224: dhcpd.conf creation - zone declarations: Applied in changeset commit:e733f5b2d0d35b68746efe8035af1688dfdd0103. Viktor Gurov
11:51 AM Bug #11224 (Feedback): dhcpd.conf creation - zone declarations: PR has been merged. Thanks! Renato Botelho
11:55 AM Bug #11237 (Feedback): Incorrect copyright year: Fixed Renato Botelho
11:53 AM pfSense Packages Todo #11215 (Feedback): Update NtopNG to 4.2: It happened automagically when I merged 2021Q1 quarterly branch into FreeBSD-ports Renato Botelho
11:48 AM Todo #11020: Update OpenVPN to 2.5.0: >Exported what from 2.4.5-p1? The client config? Or the pfSense configuration?
Exported the server config from 2.4... Marcos M
10:59 AM Todo #11020: Update OpenVPN to 2.5.0: Exported what from 2.4.5-p1? The client config? Or the pfSense configuration?
The client export package wouldn't h... Jim Pingle
10:34 AM Todo #11020: Update OpenVPN to 2.5.0: Thanks for the detailed response Jim.
> If the user had exported a configuration in the past it shouldn't end up a... Marcos M
08:38 AM Todo #11020: Update OpenVPN to 2.5.0: Marcos Mendoza wrote:... Jim Pingle
10:40 AM pfSense Packages Bug #10749 (Resolved): squid + captive portal authentication not working: Tested on 2.4.5_p1 (Squid package: 0.4.44_36) and on 2.5-DEV (built on Thu Jan 07 21:49:58 EST 2021) (Squid package: ... Azamat Khakimyanov
09:43 AM Bug #6030 (Resolved): Duplicated tracker IDs on block private networks rules: Jim Pingle
09:43 AM Bug #7307 (Closed): ZFS installer - shuts down instead of rebooting: Jim Pingle
09:20 AM Bug #6025 (Resolved): Load balancing fails when one gateway has a weight of 1 and another gateway has a weight >1: Jim Pingle
08:58 AM pfSense Packages Bug #11236 (Pull Request Review): A Link to the Virtual IP setup doesn't work under Frontend setup: Jim Pingle
08:56 AM Feature #7842 (Pull Request Review): New Dynamic DNS Provider: Mythic-Beasts: Jim Pingle
08:13 AM Bug #11240 (Rejected): lan port on backup recenltly loose its static ip and take the vip lan: You almost certainly have a problem with your configuration. This site is not for support or diagnostic discussion.
... Jim Pingle
08:07 AM Bug #11240 (Rejected): lan port on backup recenltly loose its static ip and take the vip lan: hi all,
i have recently problem with my setup
i have two PFsense instances on ProLiant DL20 Gen9 with two onboa... khaled osama
08:06 AM Todo #11219: Improve IPsec GUI options for P1/P2 reauth/rekey: When testing one thing I'm looking for is that the GUI settings put in manually correspond with the values in @/var/e... Jim Pingle
03:25 AM pfSense Packages Feature #10665 (Resolved): Manual OSPF neighbor definitions: Retested on 2.5-DEVELOPMENT (built on Thu Jan 07 21:49:58 EST 2021)
'Non-broadcast' mode works for me too now.
... Azamat Khakimyanov

01/10/2021

06:30 PM pfSense Docs Correction #11239 (Rejected): Feedback on pfSense Configuration Recipes — Virtualizing pfSense with VMware vSphere / ESXi: *Page:* https://docs.netgate.com/pfsense/en/latest/recipes/virtualize-esxi.html
*Feedback:*
For vmware 7 you need... Joseph Conley
03:11 PM Bug #11050 (Resolved): "Backup extra data" does not behave properly: Tested in a recent build and am seeing that the extra data is being cleared. No duplicate tags are present on second ... Max Leighton

Also available in: Atom

Project

General

Profile

pfSense

Activity

Activity

02/08/2021

02/07/2021

02/06/2021

02/05/2021

02/04/2021

02/03/2021

02/02/2021

02/01/2021

01/31/2021

01/30/2021

01/29/2021

01/28/2021

01/27/2021

01/26/2021

01/25/2021

01/24/2021

01/23/2021

01/22/2021

01/21/2021

01/20/2021

01/19/2021

01/18/2021

01/17/2021

01/16/2021

01/15/2021

01/14/2021

01/13/2021

01/12/2021

01/11/2021

01/10/2021