Project

General

Profile

Activity

From 01/20/2021 to 02/18/2021

02/18/2021

11:52 PM Bug #11457 (Rejected): Client DNS doesn't resolve when using VIP in place of interface IP
https://forum.netgate.com/topic/161056/client-dns-doesn-t-resolve-when-using-vip-in-place-of-interface-ip:
"My ins... Viktor Gurov
10:57 PM Bug #11296 (Resolved): Static route targets may still reachable via default route when the gateway they should route through is down
Fixed.
If WAN GW is down I cannot ping even if there was static route.
2.5.0-RELEASE (amd64)
built on Tue Feb ... Alhusein Zawi
10:30 AM Bug #11296: Static route targets may still reachable via default route when the gateway they should route through is down
Applied in changeset commit:3fca57f8fae3733845c90338943c418bb77e68b7. Viktor Gurov
10:23 AM Bug #11296 (Feedback): Static route targets may still reachable via default route when the gateway they should route through is down
PR has been merged. Thanks! Renato Botelho
10:20 PM pfSense Packages Bug #11449: BIND fails during/after upgrade to 21.02/2.50
I'm also hitting the same problem on my SG-3100.
Seeing the same permissions problems here is what I'm seeing:
... Tchello Mello
12:30 PM pfSense Packages Bug #11449 (Resolved): BIND fails during/after upgrade to 21.02/2.50
After upgrading to 21.02, the named service wouldn’t start and the logs said it was segfaulting ("signal 11"). So I r... Anthony Pants
10:01 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information
I am having this issue as well. Starting with 2.5. Without manually overriding gateway monitoring for the ipv6 gatewa... Hayden Hill
09:11 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information
"Me too"... After upgrading to 2.5.0, IPv6 did not work until I manually added an address for monitoring. After doing... Anonymous
05:28 PM Bug #11454 (Resolved): Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information
Post update to 2.5.0 dpinger is not functioning for IPv6 gateway monitoring
Wan interface set to DHCPv6, WAN Inter... Mike McV
10:00 PM Bug #11453: ``wpa_supplicant`` uses 100% of a CPU core at boot
I am also having this issue. Started with 21.02 (2.5)
Matt Johnson wrote:
> https://github.com/MonkWho/pfatt
>
... Hayden Hill
04:16 PM Bug #11453 (Closed): ``wpa_supplicant`` uses 100% of a CPU core at boot
https://github.com/MonkWho/pfatt
Part of the project above is to use netgraph as a way to bypass the at&t provided... Matt Johnson
08:34 PM Bug #11456 (Resolved): Unbound Python Integration repeatedly mounts ``dev`` without unmounting
+As reported here+:
https://www.reddit.com/r/pfBlockerNG/comments/ln1gx1/pfblockerngdevel_leaking_mounts/
In file... BBcan177 .
07:45 PM Revision 01388d99: Add getVIPs() function for MVC
Steve Beaver
07:45 PM Revision 0d2a423c: Revised firewall_virtual_ip_edit for MVC
Steve Beaver
07:39 PM Revision f871d487: Fix broken help link.
(cherry picked from commit 0a73926193d7d344b28d68a94e2f8bf2009ca119) Jim Pingle
07:39 PM Revision 0a739261: Fix broken help link.
Jim Pingle
06:48 PM Revision 4ccf553a: firewall_virtual_ip refactored fro MVC
Steve Beaver
06:37 PM Regression #11455 (Not a Bug): The ipsec configuration migrated from 2.4.x to 2.5 fails in certain cases.
An ipsec configuration with version 2.4.x that contains these values
<rekey_time>0</rekey_time>
<reauth_time>0</rea... oscar sacristan
05:30 PM Bug #10671: pfsense 2.4.5_1 does not boot on Gen2 2012R2 HyperV VM
This also applies to pfsense 2.5.0. Also stalls on boot with input/output error. Jan de Groot
05:15 PM Revision d30498df: Fix filename in copyright message
Renato Botelho
05:01 PM Revision cc28c45f: Refactored system_advanced_misc for MVC
Steve Beaver
04:59 PM Bug #11452 (Duplicate): pkg breakage related to yet to be installed 21.02 base system
Part of that is expected (use @pkg-static@) but the real fix will come with #10464 Jim Pingle
04:08 PM Bug #11452 (Duplicate): pkg breakage related to yet to be installed 21.02 base system
It would appear merely running "pkg" in the shell of a 2.4.5_1 base system results in:
> @pkg: Warning: Major OS v... Craig Leres
04:59 PM Bug #11450: Problem with IPv6 netmask /128 in WireGuard
Hi Jim,
Patch applied and the problem persists. Marcelo Gondim
03:22 PM Bug #11450: Problem with IPv6 netmask /128 in WireGuard
Can you test this with the patch from #11433 applied?
commit:087d28fa3f5cfebfd4af7f4a4479b0fac053e062 Jim Pingle
01:57 PM Bug #11450: Problem with IPv6 netmask /128 in WireGuard
If I run: route -6 delete fc00:1111::1/128
It removes 7400:1000::/0 from the route table. Marcelo Gondim
12:52 PM Bug #11450 (Rejected): Problem with IPv6 netmask /128 in WireGuard
Hi All,
Creating a WireGuard VPN, I realized that when registering a Peer in "Allowed IPs" he accepts to enter an ... Marcelo Gondim
04:31 PM Revision 087d28fa: Non local gateways fix. Issue #11433
Viktor Gurov
04:29 PM Revision 4e5e99a6: Show switch tagging ports on status_interfaces page. Implements #10804
Viktor Gurov
04:27 PM Revision b785f439: RTL8153 USB ethernet module. Implements #11125
Viktor Gurov
04:25 PM Revision 47df65c3: Replace HTTP links to HTTPS. Implemets #11228
Viktor Gurov
04:22 PM Revision 3fca57f8: Delete static routes on gateway down. Fixes #11296
Viktor Gurov
04:21 PM Revision 16d5365c: Remove unused L2TP VPN directory. Fixes #11299
Viktor Gurov
04:20 PM Revision a628e8ca: Hide MAC address field for pseudo-interfaces. Issue #11387
Viktor Gurov
04:19 PM Revision 57dc81ea: Authentication Servers copy button. Feature #11390
Viktor Gurov
04:18 PM Revision 8673ae11: Unbound ip6.arpa local-zone type. Fixes #11403
Viktor Gurov
04:08 PM Revision 861d6eef: aliasmod shell script. Implements #11380
Viktor Gurov
04:06 PM Revision 1d378c4e: Set correct TCP MSS for IPv6. Fixes #11409
Viktor Gurov
04:05 PM Revision 7c4b3d3c: Allow to use host portion of IPv6 in firewall rules. Feature #6626
Viktor Gurov
04:05 PM Revision 6e281116: L2TP VPN MTU option. Feature #11406
Viktor Gurov
04:02 PM Revision 5e280f4b: Xen console support. Feature #11402
Viktor Gurov
04:00 PM Revision f5736d98: Display negotiated cipher on Status / OpenVPN page. Implements #7077
Viktor Gurov
04:00 PM Revision 10eb0425: Do not prefix FQDN IPsec IDs with @. Fixes #11442
(cherry picked from commit c09137ab4726dc492c658c27b6c46e25f0fbb55b) Jim Pingle
04:00 PM Revision 57beb9ad: Find IPsec IKE SAs by their full name. Issue #11435
(cherry picked from commit 95a4e1a0e42392fe4523bf769589f74864446f8c) Jim Pingle
04:00 PM Revision ead65156: Find IPsec IKE SAs by their full name. Issue #11435
(cherry picked from commit 4e5857b656c7bfd59efadbb9a124876a5516c7df) Jim Pingle
04:00 PM Revision 9d08d4bf: Fix custom XMLRPC port for Captive Portal. Fixes #11425
(cherry picked from commit fef846ce7ec4158a140f359b0fb35182f6ae9db9) Jim Pingle
03:59 PM Revision f22b2155: Hide Shared Key field on OpenVPN client page in SSL/TLS mode. Fixes #11382
Viktor Gurov
03:58 PM Revision fe6b1252: Mythic-Beasts.com DynDNS provider support. Implements #7842
Viktor Gurov
03:57 PM Revision 6542fe08: RADIUS Advanced parameters. Feature #11211
Viktor Gurov
03:49 PM Regression #11316 (New): Unbound crashes with signal 11 when reloading
Now that there have been responses from several others on the forum post with info, it does appear there is a problem... Jim Pingle
03:22 PM Regression #11433: Gateways with "Use non-local gateway" set are not added to routing table
This could also be related to #11450 since it uses that function in this way Jim Pingle
11:29 AM Regression #11433 (Waiting on Merge): Gateways with "Use non-local gateway" set are not added to routing table
Renato Botelho
11:21 AM Regression #11433: Gateways with "Use non-local gateway" set are not added to routing table
Can confirm it fixes the issue for me :-) Daniel Berteaud
10:31 AM Regression #11433 (Feedback): Gateways with "Use non-local gateway" set are not added to routing table
PR has been merged. Thanks! Renato Botelho
10:19 AM Regression #11433: Gateways with "Use non-local gateway" set are not added to routing table
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/139 Viktor Gurov
07:19 AM Regression #11433: Gateways with "Use non-local gateway" set are not added to routing table
Indeed, forgot to mention I'm assigning a static /32 IPv4 on my WAN interface, not with DHCP Daniel Berteaud
07:17 AM Regression #11433: Gateways with "Use non-local gateway" set are not added to routing table
I can replicate this!
I was about to respond that this "works for me" because I have a pfSense demo VPS with a clo... M Felden
03:19 PM Bug #11437 (Pull Request Review): WireGuard group is not printed in the interface column of the NAT rule list
Jim Pingle
11:37 AM Bug #11437: WireGuard group is not printed in the interface column of the NAT rule list
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/140 Viktor Gurov
08:01 AM Bug #11437: WireGuard group is not printed in the interface column of the NAT rule list
Updating subject to make it a little more clear.
If you look at the generated ruleset in @/tmp/rules.debug@, does ... Jim Pingle
03:18 PM Regression #11443 (Pull Request Review): Disabling 'State Table Size' in the System Information widget prevents other data from being displayed
Jim Pingle
01:21 PM Regression #11443: Disabling 'State Table Size' in the System Information widget prevents other data from being displayed
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/141 Viktor Gurov
09:29 AM Regression #11443 (Resolved): Disabling 'State Table Size' in the System Information widget prevents other data from being displayed
In the dashboard System Information widget if you set the 'State Table Size' to not show the CPU usage and version up... Steve Wheeler
03:17 PM Regression #11451 (Not a Bug): Openvpn wants to use route it should create first
I'm not sure if this is a change in OpenVPN 2.5.0 or pfSense 2.5.0 here. I don't recall that working the way you desc... Jim Pingle
02:57 PM Regression #11451 (Not a Bug): Openvpn wants to use route it should create first
Since Pfsense version 2.5 openvpn is no longer able to connect to the server when the default gateway points to a vpn... Rene Hutschreuther
03:06 PM Revision c09137ab: Do not prefix FQDN IPsec IDs with @. Fixes #11442
Jim Pingle
02:48 PM Revision 819bd77c: Show gateway groups in OpenVPN Wizard. Fixes #11141
Viktor Gurov
02:45 PM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
I can reproduce this here as well. It was working not too long ago, though. It doesn't seem to affect everything, how... Jim Pingle
06:16 AM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
Have same issue, started on devel 2.5. Posted some details at https://forum.netgate.com/topic/159354/pfsense-2-5-0-a-... DRago_Angel [InV@DER]
02:43 PM Revision a2076602: Check that DHCP has gateway in interface_has_gateway(). Fixes #5135
Viktor Gurov
02:41 PM Revision 25e8eb57: Randomize ACB cron minutes. Implements #10811
Viktor Gurov
02:39 PM Revision 54b3109f: RADVD set AdvRDNSSLifetime. Fixes #11105
Viktor Gurov
02:38 PM Revision 9115501d: Down disabled interfaces on boot. Fixes #11091
Viktor Gurov
02:32 PM Revision 23fcdccc: Do not restart unchanged services on XMLRPC sync. Fixes #11082
Viktor Gurov
01:59 PM Bug #11428: CPU details are incorrect in the System Information widget after resetting log files
Same issue with finding the CPU flags to see what the CPU supports.
On older versions, dmesg.boot wasn't cleared, ... Jim Pingle
01:26 PM Bug #11428: CPU details are incorrect in the System Information widget after resetting log files
Jim Pingle wrote:
> This is because the number of packages and cores is currently scraped from /var/log/dmesg.boot, ... B. B.
12:50 PM Feature #11125: Kernel module for RTL8153 driver
Genevieve Kidwell wrote:
> Does this mean this was implemented in 2.6.x experimental?
yes, and will be available ... Renato Botelho
12:39 PM Feature #11125: Kernel module for RTL8153 driver
Does this mean this was implemented in 2.6.x experimental? Genevieve Kidwell
10:35 AM Feature #11125: Kernel module for RTL8153 driver
Applied in changeset commit:b785f439ab50b0d7a981a15ccd465ca8353a97ea. Viktor Gurov
10:27 AM Feature #11125 (Feedback): Kernel module for RTL8153 driver
PR has been merged. Thanks! Renato Botelho
12:40 PM Feature #11438: Allow multiple cryptographic accelerator modules to be loaded at the same time
That OpenVPN option probably needs to go away. Historically it has been pretty much a no-op. You can pick an engine t... Jim Pingle
11:47 AM Feature #11438: Allow multiple cryptographic accelerator modules to be loaded at the same time
Good point Jim,
probably i got mislead by openvpn configuration menu, showing me no available crypto acceleration on... Grzegorz Krzystek
11:32 AM Feature #11438: Allow multiple cryptographic accelerator modules to be loaded at the same time
We're still testing whether it's useful/possible to have multiple modules enabled, so making them mutually exclusive ... Jim Pingle
12:10 AM Feature #11438 (New): Allow multiple cryptographic accelerator modules to be loaded at the same time
not every service is able utilise QAT.
so it seems to be reasonable to do not unload AES-NI and bsdcrypto while QAT... Grzegorz Krzystek
12:34 PM pfSense Packages Bug #11434 (Feedback): SquidGuard over 1.16.18_11
Fix pushed to version 1.16.18_15. Thank you! Renato Botelho
12:21 PM pfSense Packages Bug #11434: SquidGuard over 1.16.18_11
I found the problem in /usr/local/pkg/squidguard_configurator.inc
Line: 903... Eduardo Silva
10:04 AM pfSense Packages Bug #11434: SquidGuard over 1.16.18_11
Hi, i have same problem. i try change Client (source) with ip, domain, etc.. and config file is written with correct ... Eduardo Silva
12:26 PM Bug #11448 (Closed): Incorrect order of ``route-nopull`` option in OpenVPN client-specific override configuration
https://openvpn.net/faq/overriding-a-pushed-route-in-the-clients-config-throws-an-error/:
When connecting to server ... Viktor Gurov
12:24 PM Bug #11383: pfSense Proxy Authentication not working
From a much older release, yes, but not from the last public release. It was broken in 2.4.5-p1 thus not a new regres... Jim Pingle
10:20 AM Bug #11383: pfSense Proxy Authentication not working
Renato Botelho wrote:
> Not a regression, move to next release.
IMHO, shouldn't this technically be considering a... Michael Spears
11:24 AM Regression #11447 (Closed): EAP-RADIUS Mobile IPsec clients with RADIUS-assigned addresses do not get additional configuration attributes
When using IKEv2 EAP-RADIUS mobile IPsec and assigning client addresses from RADIUS, the pools configuration is omitt... Jim Pingle
11:16 AM Bug #11446 (Closed): Mobile IPsec DNS server input validation does not reject unsupported IPv4-mapped IPv6 addresses
Adding an IPv4-mapped IPv6 address as a mobile IPsec DNS server on vpn_ipsec_mobile.php (ex: @fd00::1.2.3.4@) causes ... Jim Pingle
10:41 AM pfSense Packages Bug #11445: bgp as-path in wrong position
fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/53 Viktor Gurov
10:24 AM pfSense Packages Bug #11445 (Resolved): bgp as-path in wrong position
https://forum.netgate.com/topic/160998/frr-7-5-full-bgp-table-very-slow-and-as-paths-not-working/4:... Viktor Gurov
10:35 AM pfSense Plus Feature #10804: Interface Status page information for switch uplinks may be replaced by switch port data when media state monitoring is set
Applied in changeset commit:4e5e99a61d422941e69b2caa11e948363409e48c. Viktor Gurov
10:29 AM pfSense Plus Feature #10804 (Feedback): Interface Status page information for switch uplinks may be replaced by switch port data when media state monitoring is set
PR has been merged. Thanks! Renato Botelho
10:30 AM Bug #11299: Unused L2TP VPN files are not removed when the service is disabled
Applied in changeset commit:16d5365ce65660f715fd521fae8aeb3b6b7a151a. Viktor Gurov
10:21 AM Bug #11299 (Feedback): Unused L2TP VPN files are not removed when the service is disabled
PR has been merged. Thanks! Renato Botelho
10:26 AM Feature #11228 (Feedback): Replace HTTP links with HTTPS in the GUI
PR has been merged. Thanks! Renato Botelho
10:25 AM Bug #11403: DNS Resolver does not add a ``local-zone`` type for ``ip6.arpa`` domain override
Applied in changeset commit:8673ae11ac96fbd2934133268d56829d6225b1c5. Viktor Gurov
10:18 AM Bug #11403 (Feedback): DNS Resolver does not add a ``local-zone`` type for ``ip6.arpa`` domain override
PR has been merged. Thanks! Renato Botelho
10:20 AM Bug #11387 (Feedback): Interfaces page displays MAC Address field for interfaces which do not support L2
PR has been merged. Thanks! Renato Botelho
10:19 AM Feature #11390 (Feedback): Copy button for Authentication Server entries
PR has been merged. Thanks! Renato Botelho
10:15 AM Feature #11380: PHP shell playback script to modify Alias contents
Applied in changeset commit:861d6eef97bc14679db7818a33cd9193ffe2eaf6. Viktor Gurov
10:08 AM Feature #11380 (Feedback): PHP shell playback script to modify Alias contents
PR has been merged. Thanks! Renato Botelho
10:15 AM Bug #11409: IPv4 MSS value is incorrectly applied to IPv6 packets
Applied in changeset commit:1d378c4ec6c440dabffba41bf5e4ef291acb9aa2. Viktor Gurov
10:07 AM Bug #11409 (Feedback): IPv4 MSS value is incorrectly applied to IPv6 packets
PR has been merged. Thanks! Renato Botelho
10:10 AM Feature #7077: Display negotiated data encryption algorithm in OpenVPN connection status
Applied in changeset commit:f5736d9827cf1997b648481c50993d69e3caedff. Viktor Gurov
10:00 AM Feature #7077 (Feedback): Display negotiated data encryption algorithm in OpenVPN connection status
PR has been merged. Thanks! Renato Botelho
10:06 AM Feature #6626 (Feedback): Support for IPv6 firewall entries with dynamic delegated prefix and static host address
PR has been merged. Thanks! Renato Botelho
10:05 AM Feature #11406 (Feedback): GUI option to set MTU for L2TP VPN server
PR has been merged. Thanks! Renato Botelho
10:05 AM Bug #11382: OpenVPN client configuration page displays Shared Key option when set for SSL/TLS
Applied in changeset commit:f22b21557e6a745dbb447ea488b97424e595efd7. Viktor Gurov
10:00 AM Bug #11382 (Feedback): OpenVPN client configuration page displays Shared Key option when set for SSL/TLS
PR has been merged. Thanks! Renato Botelho
10:05 AM Feature #7842: New Dynamic DNS Provider: Mythic-Beasts
Applied in changeset commit:fe6b125233f40f5919746b1cb90c39b459aa39fd. Viktor Gurov
09:59 AM Feature #7842 (Feedback): New Dynamic DNS Provider: Mythic-Beasts
PR has been merged. Thanks! Renato Botelho
10:02 AM Feature #11402 (Feedback): Xen console support
PR has been merged. Thanks! Renato Botelho
10:01 AM Bug #11425 (Feedback): XMLRPC error with Captive Portal and CARP failover when GUI is on non-standard port
Picked back Jim Pingle
09:57 AM Bug #11393: Incorrect copyright year on 2.5.0-RC (CE)
It's right on the server. That's a local cached copy. It should update itself within ~24hrs. Not sure if there is any... Jim Pingle
03:47 AM Bug #11393: Incorrect copyright year on 2.5.0-RC (CE)
same on 21.02 (SG-3100) Viktor Gurov
09:57 AM Feature #11211 (Feedback): GUI option to set RADIUS Timeout for EAP-RADIUS
PR has been merged. Thanks! Renato Botelho
09:49 AM pfSense Packages Bug #11404 (Feedback): Incorrect prefix/access lists migration on update
Merged Renato Botelho
09:48 AM pfSense Packages Feature #11405 (Feedback): add RPKI route map in GUI
Merged Renato Botelho
09:48 AM pfSense Packages Bug #8466 (Feedback): radiusd crash
Merged Renato Botelho
09:33 AM pfSense Plus Regression #11444: SG-3100 doesn't pass traffic after upgrade to 21.02
could be related: #11436 #11418 Viktor Gurov
09:30 AM pfSense Plus Regression #11444 (Resolved): SG-3100 doesn't pass traffic after upgrade to 21.02
After upgrading SG-3100 to pfSense Plus 21.02 NAT stopped working.
Test:
LAN PC (192.168.10.132):... Viktor Gurov
09:15 AM Regression #11442 (Feedback): Distinguished Name (FQDN) IPsec peer identifier type is not formatted properly in ``swanctl.conf`` secrets
Applied in changeset commit:c09137ab4726dc492c658c27b6c46e25f0fbb55b. Jim Pingle
09:04 AM Regression #11442 (Resolved): Distinguished Name (FQDN) IPsec peer identifier type is not formatted properly in ``swanctl.conf`` secrets
IPsec tunnels using an identifier type of "Distinguished Name" are not working properly. It appears that the identifi... Jim Pingle
08:55 AM Bug #11141: OpenVPN Wizard does not support gateway groups
Applied in changeset commit:819bd77ce13154ad3911310c6f3cb076a82e5fcb. Viktor Gurov
08:49 AM Bug #11141 (Feedback): OpenVPN Wizard does not support gateway groups
PR has been merged. Thanks! Renato Botelho
08:55 AM Bug #5135: DHCP interfaces are always treated as having a gateway, even if one is not assigned by the upstream DHCP server
Applied in changeset commit:a207660205a8c82466b63381f48a0355a32d8866. Viktor Gurov
08:47 AM Bug #5135 (Feedback): DHCP interfaces are always treated as having a gateway, even if one is not assigned by the upstream DHCP server
PR has been merged. Thanks! Renato Botelho
08:50 AM Feature #10811: Randomize time of scheduled AutoConfigBackup runs
Applied in changeset commit:25e8eb5772fd6d50c40c5eaf69805d94e5f89204. Viktor Gurov
08:43 AM Feature #10811 (Feedback): Randomize time of scheduled AutoConfigBackup runs
PR has been merged. Thanks! Renato Botelho
08:50 AM Bug #11105: IPv6 RA RDNSS lifetime is too short, not compliant with RFC 8106
Applied in changeset commit:54b3109f0b1978e22866117b6d93715eb8d78c29. Viktor Gurov
08:41 AM Bug #11105 (Feedback): IPv6 RA RDNSS lifetime is too short, not compliant with RFC 8106
PR has been merged. Thanks! Renato Botelho
08:45 AM Bug #11091: Interfaces set as disabled in the configuration have an UP status in the operating system at boot
Applied in changeset commit:9115501d6ab5197d9caf499e90779c020d711dca. Viktor Gurov
08:39 AM Bug #11091 (Feedback): Interfaces set as disabled in the configuration have an UP status in the operating system at boot
PR has been merged. Thanks! Renato Botelho
08:45 AM Bug #11082: XMLRPC synchronization restarts all OpenVPN instances on the secondary node when making any change on the primary node
Applied in changeset commit:23fcdcccd369603f4af6a89a0ec0a81505173f40. Viktor Gurov
08:36 AM Bug #11082 (Feedback): XMLRPC synchronization restarts all OpenVPN instances on the secondary node when making any change on the primary node
PR has been merged. Thanks! Renato Botelho
08:28 AM Regression #11441 (Rejected): Unable to create static routes
Something is not right on your system (maybe a broken upgrade ??). Line 764 of system.inc doesn't have a call to rou... Renato Botelho
08:16 AM Regression #11441 (Rejected): Unable to create static routes
Upon upgrading to 2.5.0, my pfSense instance was inaccessible. After some playing around with interfaces etc. it appe... Adam McKissock
08:09 AM pfSense Packages Feature #10858: OpenVPN Client silent install
Jordan Fishman wrote:
> Hello,
>
> There appears to be a bug in the page, where the "Save as default" button does... Viktor Gurov
08:03 AM Feature #11440: Expand collapsed sections by clicking anywhere on header
Updating the subject so it's more clear what you're asking for. Rather than clicking only on the +/- you want to expa... Jim Pingle
07:45 AM Feature #11440 (New): Expand collapsed sections by clicking anywhere on header
Hi! I would like to point out a little thing that could improve the pfSense user experience. I think it should be pos... Federico Galli
04:57 AM Feature #11439: IPv6 support in ``easyrule`` CLI script
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/138 Viktor Gurov
03:06 AM Feature #11439 (Resolved): IPv6 support in ``easyrule`` CLI script
https://forum.netgate.com/topic/160578/getting-errors-loading-rules-after-using-easyrule:
I recently tried to use ... Viktor Gurov
03:27 AM Revision e01266c0: Improve the handling of crypto offload hardware.
Remove support to deprecated hardware.
Task: #11426 Luiz Souza

02/17/2021

10:13 PM Bug #11437 (Closed): WireGuard group is not printed in the interface column of the NAT rule list
Hi all,
When creating a "NAT Outbound" rule and selecting the WireGuard interface, it does not appear in the liste... Marcelo Gondim
09:56 PM Revision 95a4e1a0: Find IPsec IKE SAs by their full name. Issue #11435
Jim Pingle
09:39 PM Revision 4e5857b6: Find IPsec IKE SAs by their full name. Issue #11435
Jim Pingle
08:38 PM pfSense Packages Feature #10779: HAProxy SSL/TLS Compatibility Mode
... DRago_Angel [InV@DER]
08:32 PM pfSense Packages Feature #10739: Update HAproxy-devel package to 2.2 and HAproxy to 2.0
Hi Actually my ticket was much before of "duplicate", and my ticket contain details, that now issue with 2.2 in 2.5 p... DRago_Angel [InV@DER]
08:30 PM Revision edd24218: Update comments
Steve Beaver
08:27 PM Revision f483c24b: Provide system_advanced_firewall.inc
Steve Beaver
08:21 PM Revision f010f43c: Revised system_advanced_notificaions for MVC
Steve Beaver
08:10 PM Revision 9f5fbb5d: Merged system_advanced_network for MVC
Steve Beaver
08:06 PM Revision 93fee0fd: remove obsolete system_advanced.inc
Steve Beaver
07:58 PM Revision 33db4727: Fix hnaltqenable setting
Steve Beaver
05:14 PM Bug #10966: IPv6 - WAN does not renew address when upstream fails
Thanks all for your efforts on this, great to see it in the 2.5.0 release today! Sam McLeod
04:28 PM pfSense Plus Regression #11436 (Resolved): State matching problem with reponses to packets arriving on non-default WANs
I have quite specific multiwan setup
WAN (symmetric pppoe) port forward for ssh to lan (rpi)
WAN2 (symmetric comm... Grzegorz Krzystek
04:27 PM Revision 370baf79: Build 245 repo
Renato Botelho
04:12 PM Revision eaf6cfb5: Make default repo to be 2.5.0
Renato Botelho
03:58 PM Regression #11435 (Feedback): IPsec status incorrect for entries using expanded IKE connection numbers
I checked in a fix for the widget now as well. Worked on two systems here (one which worked before, another which did... Jim Pingle
03:40 PM Regression #11435: IPsec status incorrect for entries using expanded IKE connection numbers
I pushed a fix for the status page, widget works much differently so it needs handled another way. Jim Pingle
02:37 PM Regression #11435 (Closed): IPsec status incorrect for entries using expanded IKE connection numbers
IPsec status is not correctly matching some tunnels. #9592 introduced a mechanism to accommodate large numbers of VTI... Jim Pingle
02:18 PM Revision 219a41be: Split system_admin.inc into separate files per tab
Steve Beaver
01:23 PM pfSense Packages Bug #11434 (Resolved): SquidGuard over 1.16.18_11
Hi, first problem thatI found is when we are using ldapusersearch on groups acl.
In older version when I insert ldap... Robson Ferreira
11:54 AM Regression #11433: Gateways with "Use non-local gateway" set are not added to routing table
Attached is a screenshot of my VM during boot. Not sure if it's a symptom or a consequence of the default route missing Daniel Berteaud
11:36 AM Regression #11433: Gateways with "Use non-local gateway" set are not added to routing table
Do you see any errors in the console output while it boots when that happens?
There were numerous changes to gatew... Jim Pingle
11:31 AM Regression #11433 (Resolved): Gateways with "Use non-local gateway" set are not added to routing table
I'm using a non-local gateway as my default gateway (ticking the "Use non-local gateway through interface specific ro... Daniel Berteaud
11:33 AM Bug #11432: status_dhcp_leases.php doesn't load
Reset the install and restored back from the same config file and now it loads with minimal devices listed. Michael Walker
10:57 AM Bug #11432 (Rejected): status_dhcp_leases.php doesn't load
I can't replicate this here and there isn't nearly enough information to go by.
This site is not for support or di... Jim Pingle
10:13 AM Bug #11432 (Rejected): status_dhcp_leases.php doesn't load
Trying to access the DHCP leases page (https://UR_IP/status_dhcp_leases.php) but its never loads you end up getting 5... Michael Walker
11:04 AM Bug #11431 (Rejected): WAN IPv6 via Prefix Delegation over PPPoE
There were numerous improvements in IPv6 on PPPoE in 2.5.0 which was just released. If you can still replicate this p... Jim Pingle
09:58 AM Bug #11431 (Rejected): WAN IPv6 via Prefix Delegation over PPPoE
Hello,
the following wan setup is working with my provider.
WAN:
* IPv4 Configuration Type PPPoE
* IPv6 Configu... Jost Schoenleben
09:49 AM Bug #11401 (Resolved): Upgrade broken due to need to reinstall pkg
Jim Pingle
09:06 AM Bug #11428: CPU details are incorrect in the System Information widget after resetting log files
This is because the number of packages and cores is currently scraped from /var/log/dmesg.boot, and when you reset al... Jim Pingle
08:38 AM Bug #11416 (New): OpenVPN IPv4 Tunnel Network incorrectly allows hostnames
OK so you literally meant a host address inside a network, and not the network address.
We could do one of two thi... Jim Pingle
01:58 AM Bug #11416: OpenVPN IPv4 Tunnel Network incorrectly allows hostnames
A single host address with a CIDR mask. e.g., 10.0.8.1/24. Danilo Zrenjanin
08:36 AM Bug #11429: System Log / Settings form activates "Reset Log Files" button on enter
It is expected behavior, but if it's easy to change and improves the user experience, we may as well look into it. Jim Pingle
03:58 AM Bug #11429: System Log / Settings form activates "Reset Log Files" button on enter
I would say this is expected behavior. If you go to Firewall/Rules and hit Enter, the Delete button will be triggered... Danilo Zrenjanin
07:48 AM Bug #11430 (New): PHP console spam after Assigning Interfaces
After (re)assigning the interfaces at the console following a mismatch the WAN interface triggers a number or scripts... Steve Wheeler

02/16/2021

09:08 PM Revision fef846ce: Fix custom XMLRPC port for Captive Portal. Fixes #11425
Jim Pingle
06:49 PM Bug #11429 (New): System Log / Settings form activates "Reset Log Files" button on enter
I ran into this when I went to increase the size of my log files. Happy to see the action prompts for confirmation.
... Kai Groner
05:50 PM Revision d6db3d73: Completed networking section, subject to testing
Steve Beaver
03:43 PM Bug #11425 (Waiting on Merge): XMLRPC error with Captive Portal and CARP failover when GUI is on non-standard port
Jim Pingle
03:32 PM Bug #11425 (In Progress): XMLRPC error with Captive Portal and CARP failover when GUI is on non-standard port
Needs picked back after the release is tagged. Jim Pingle
03:15 PM Bug #11425 (Feedback): XMLRPC error with Captive Portal and CARP failover when GUI is on non-standard port
Applied in changeset commit:fef846ce7ec4158a140f359b0fb35182f6ae9db9. Jim Pingle
08:26 AM Bug #11425: XMLRPC error with Captive Portal and CARP failover when GUI is on non-standard port
Luca De Andreis wrote:
> .... after countless attempts and two tickets that you closed for me, I found the cause of ... Luca De Andreis
07:57 AM Bug #11425: XMLRPC error with Captive Portal and CARP failover when GUI is on non-standard port
Previous issues: #11218, #11220
Though you still did not provide enough information here, I managed to piece toget... Jim Pingle
05:02 AM Bug #11425 (Resolved): XMLRPC error with Captive Portal and CARP failover when GUI is on non-standard port
.... after countless attempts and two tickets that you closed for me, I found the cause of the problem.
The tcp por... Luca De Andreis
03:40 PM Bug #11428: CPU details are incorrect in the System Information widget after resetting log files
First reported here:
https://forum.netgate.com/topic/160762/cpu-info-disappear-on-pfsense-2-5-0-rc/2 B. B.
02:54 PM Bug #11428 (Resolved): CPU details are incorrect in the System Information widget after resetting log files
Some CPU Type information disappear after reset the log files under Status.
This happen on VMWare with 2.5.0 RC and ... B. B.
01:22 PM Revision 6fb4b1b0: Welcome pfSense 2.5.0-RELEASE
Renato Botelho
01:21 PM Revision 9f3752d8: Mark 2.5.0 as current stable version
Renato Botelho
01:19 PM Revision 2972e3fa: Mark 2.5.0 as current stable version
Renato Botelho
01:18 PM Revision 5b4f6490: Do not exclude unlisted package
Renato Botelho
01:18 PM Revision 6c5774dc: Mark 2.5.0 as current stable version
Renato Botelho
12:43 PM Bug #11427 (Incomplete): IPSEC Status page shows Connections twice (connected and disconnected)
You haven't provided nearly enough information. At a minimum, provide the IPsec configuration as well as the output o... Jim Pingle
12:38 PM Bug #11427 (Duplicate): IPSEC Status page shows Connections twice (connected and disconnected)
Hi,
I have two IPSEC connections, both are running fine.
On the Statuspage, the entries seams to be splittend in a ... Stefan Heck
09:49 AM Todo #11426 (Closed): Deprecate old cryptographic accelerator hardware which is not viable on modern systems
We are carrying drivers for a few bits of crypto hardware which do not make sense on current systems. Either due to l... Jim Pingle
08:49 AM Feature #6626 (Pull Request Review): Support for IPv6 firewall entries with dynamic delegated prefix and static host address
Jim Pingle
08:47 AM Bug #11409 (Pull Request Review): IPv4 MSS value is incorrectly applied to IPv6 packets
Jim Pingle
08:43 AM pfSense Docs Correction #11413 (Rejected): Feedback on Virtual LANs (VLANs) — pfSense VLAN Configuration
I think mentioning that might be confusing. It's pretty well established in the docs that the parent is completely un... Jim Pingle
08:41 AM Feature #2400 (Pull Request Review): GUI options for WPA Enterprise with identity/password
Jim Pingle
08:38 AM pfSense Packages Bug #8466 (Pull Request Review): radiusd crash
Jim Pingle
08:35 AM Bug #11416 (Feedback): OpenVPN IPv4 Tunnel Network incorrectly allows hostnames
By "host address" do you mean a single IP address without a CIDR mask ("x.x.x.x") or an FQDN? Jim Pingle
08:28 AM Bug #11415 (Rejected): fe80::1:1 duplicate from secondary pfSense
This seems unnecessary now -- the fe80::1:1 address was removed in #10661 on 2.5.0 (and HA isn't compatible with dyna... Jim Pingle
08:25 AM Bug #11418: 'NAT-T: Force' is broken for IPv6 IPsec
This is a problem in strongSwan and/or FreeBSD and not in pfSense software. See https://wiki.strongswan.org/issues/93... Jim Pingle
08:18 AM Feature #11420 (Pull Request Review): New Dynamic DNS Provider: Gandi LiveDNS IPv6
Jim Pingle
08:17 AM Bug #11424: Toggling pfSense update branch can lead to deinstall of packages without user confirmation
In the upgrade case, the branch is switched automatically. In your case, you did it manually. Same root cause.
 Jim Pingle
08:15 AM Bug #11424: Toggling pfSense update branch can lead to deinstall of packages without user confirmation
I just want to clarify: In the case here the user does nothing to trigger a package update.
Merely toggling the b... M Felden
08:07 AM Bug #11424 (Duplicate): Toggling pfSense update branch can lead to deinstall of packages without user confirmation
Same root issue as #10464
Some of that can't be avoided due to conflict prevention, but solving the existing issue... Jim Pingle
08:15 AM pfSense Docs Todo #11421 (Resolved): Replace iTerm on iTerm2 due iTerm project close.
I fixed it, but it's fairly obvious. If someone searches for "iterm" they get led to the iterm2 page in several ways.... Jim Pingle
08:11 AM pfSense Docs New Content #11422 (Rejected): Add info about storing SSH public key in Backup
User SSH keys are public keys. There is nothing private/secret about them.
There is no more security loss by keepi... Jim Pingle
06:51 AM Bug #11423 (Duplicate): pfSense won't trust SMTP server TLS certificate signed by private CA
Renato Botelho
06:42 AM Bug #11423: pfSense won't trust SMTP server TLS certificate signed by private CA
Doh! Yep, I believe this issue can be closed as a duplicate of #4068.
Searching for issues regarding pfSense inter... Jonathon Reinhart
12:32 AM Bug #11423: pfSense won't trust SMTP server TLS certificate signed by private CA
https://redmine.pfsense.org/issues/4068 it's already done for 2.5.0 try the RC.
 Grimson Gretzleburg

02/15/2021

09:31 PM Bug #11424 (Duplicate): Toggling pfSense update branch can lead to deinstall of packages without user confirmation
2.4.5_1
Expected Behavior:
Merely changing update branch in System -> Update -> Update settings to RC should ... M Felden
07:16 PM pfSense Packages Feature #10858: OpenVPN Client silent install
Hello,
There appears to be a bug in the page, where the "Save as default" button does not save/apply the "silent i... Jordan Fishman
04:40 PM Bug #11423 (Duplicate): pfSense won't trust SMTP server TLS certificate signed by private CA
h1. TL;DR
I was surprised to find that there is no way in the pfSense UI to add external CA certificates that are ... Jonathon Reinhart
01:17 PM pfSense Docs New Content #11422 (Rejected): Add info about storing SSH public key in Backup
The "*AutoConfigBackup Service*" section https://docs.netgate.com/pfsense/en/latest/backup/autoconfigbackup.html
a... Sergei Shablovsky
11:01 AM pfSense Docs Todo #11421 (Resolved): Replace iTerm on iTerm2 due iTerm project close.
Dear pfSense DevTeam!
In pfSense Documents Secure Shell (SSH) section (https://docs.netgate.com/pfsense/en/latest/... Sergei Shablovsky
08:46 AM pfSense Packages Feature #11043: pfSense GUI for iperf3 / perf
Jim Pingle wrote:
> Maintaining a list of public servers is outside the scope of the package, and encouraging users ... Sergei Shablovsky
01:20 AM Revision 2efdd601: Add IPv6 support for Gandi LiveDNS dynamic DNS handler
* Simplify the use of the LiveDNS API by using another API call that
handles both creating and updating for a given n... bitscher

02/14/2021

07:38 PM Feature #11420: New Dynamic DNS Provider: Gandi LiveDNS IPv6
PR: https://github.com/pfsense/pfsense/pull/4500 Romain Bitschene
07:35 PM Feature #11420 (Closed): New Dynamic DNS Provider: Gandi LiveDNS IPv6
The current implementation of the dynamic DNS feature for Gandi LiveDNS in pfSense does not allow updates of AAAA rec... Romain Bitschene
03:03 AM Bug #11187: WAN_DHCP6 down, but IPv6 actually works
Still present on the current 2.5.0-RC
Simply rebooting also sometimes (in 50% cases maybe) fixes the issue.
Als... Aleksandr Mezin
02:21 AM Bug #11418 (Resolved): 'NAT-T: Force' is broken for IPv6 IPsec
While I tested IPsec I found that 'NAT-T: Force' is broken for IPv6. I've tried IKEv1 and IKEv2 with both 'Mutual cer... Azamat Khakimyanov

02/13/2021

11:11 PM pfSense Packages Feature #11022: Add feeds from Firebog.net to pfBlockerNG
2.4.5p1 w/ pfblockerng-devel 3.0.0_10 shows additional firebog entries in feeds Jordan G
04:58 PM pfSense Packages Bug #11333: Incorrect community-list format

/var/log/frr/frr-reload.log is not generated in 2.4.5
2.4.5-RELEASE-p1 FRR 0.6.7_7
FRR 1.1.0_4 is n... Alhusein Zawi
10:32 AM pfSense Docs Todo #11417 (Closed): Feedback on Services — DNS Resolver — DNS Resolver Advanced Options
*Page:* https://docs.netgate.com/pfsense/en/latest/services/dns/resolver-advanced.html
*Feedback:*
Missing info... Viktor Gurov
06:53 AM Bug #11415: fe80::1:1 duplicate from secondary pfSense
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/137 Viktor Gurov
03:22 AM Bug #11415 (Rejected): fe80::1:1 duplicate from secondary pfSense
https://forum.netgate.com/topic/160181/fe80-1-1-duplicate-from-secondary-pfsense:
I've got a small setup with two ... Viktor Gurov
05:33 AM Bug #11416 (Resolved): OpenVPN IPv4 Tunnel Network incorrectly allows hostnames
If you enter a host address instead of a network address into the *IPv4 Tunnel Network* field, the setup will be acce... Danilo Zrenjanin
05:23 AM pfSense Packages Bug #8466: radiusd crash
I retested and added another minor fix.
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/51 Danilo Zrenjanin
05:00 AM Feature #2400: GUI options for WPA Enterprise with identity/password
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/136 Viktor Gurov
02:46 AM pfSense Packages Bug #11414 (New): Enabling feed "Public_DNS4_all" breaks some Google services
It seems at some point either public-dns.info added a wrong IP to their list of public DNS servers, Google changed so... T Toft
02:25 AM pfSense Packages Bug #11131 (Resolved): pfblockerng-devel 3.0.0_2 logs when logging is disabled
Viktor Gurov
02:09 AM pfSense Packages Bug #11131: pfblockerng-devel 3.0.0_2 logs when logging is disabled
I completely forgot about this bug report and now it is resolved. Sorry, please close (I don't think I can?). T Toft
01:08 AM pfSense Packages Bug #8607: Suricata package fails to prune suricata.log
Got this error again today with Suricata 5.0.4_2.... Car F
12:38 AM pfSense Docs Correction #11413 (Rejected): Feedback on Virtual LANs (VLANs) — pfSense VLAN Configuration
*Page:* https://docs.netgate.com/pfsense/en/latest/vlan/configuration.html
*Feedback:*
It should be noted that ... Viktor Gurov
12:14 AM Bug #11409: IPv4 MSS value is incorrectly applied to IPv6 packets
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/135 Viktor Gurov

02/12/2021

11:35 PM Feature #6626: Support for IPv6 firewall entries with dynamic delegated prefix and static host address
Allow to use host portion of IPv6 in firewall rules:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/134 Viktor Gurov
09:29 PM pfSense Packages Feature #11411: Smokeping as a default latency measurement tool
Sergei Shablovsky wrote:
> The main advantages:
> - very flexible system of a measurements (due a lot of probes htt... Sergei Shablovsky
05:12 PM pfSense Packages Feature #11411: Smokeping as a default latency measurement tool
Sergei Shablovsky wrote:
> Dear pfSense DevTeam!
>
> Please add Smokeping for monitoring WAN and LAN links state.... Sergei Shablovsky
04:43 PM pfSense Packages Feature #11411 (New): Smokeping as a default latency measurement tool
Dear pfSense DevTeam!
Please add Smokeping for monitoring WAN and LAN links state.
The main advantages:
- very... Sergei Shablovsky
08:12 PM Bug #11412 (New): LLDPD Package Doesn't Work with Switchports
When running the LLDP daemon from the lldpd package on an interface that is a logical VLAN interface (such as the swi... Kris Phillips
06:29 PM Revision 3f4949b6: Add input_errors to returned array
Steve Beaver
04:34 PM Revision c040bd1d: Revised system_advanced_notifications for MVC
Steve Beaver
03:53 PM pfSense Packages Feature #11410 (New): adding bpytop (former Bashtop)
Dear pfSense DevTeam!
Adding bpytop (former Bashtop) for local monitoring of pfSense-based firewall state: hardwar... Sergei Shablovsky
03:26 PM Bug #8576 (Feedback): pfSense stops passing traffic after some time when using Outbound NAT pool w/ Sticky Address
There is not enough information to reasonably infer much. It's highly unlikely that all interfaces would stop passing... Marcos M
03:08 PM pfSense Docs Correction #11399: SG-3100 M.2 Installation Guide Reinstall Corrections
1. I believe "run recovery" wipes emmc, so separate instructions here may not be needed.
2. It would be handy to hav... Marcos M
01:51 PM Revision 5e9b5483: Fix WireGuard add/next name behavior. Fixes #11407
* No need to set index when creating a new entry
* WireGuard interface name label was assuming array index=wg if name... Jim Pingle
01:50 PM Revision 11fd7da7: Fix WireGuard add/next name behavior. Fixes #11407
* No need to set index when creating a new entry
* WireGuard interface name label was assuming array index=wg if name... Jim Pingle
01:15 PM Bug #7313 (Closed): Crazy behviour of Virtual IP
Marcos M
12:42 PM Feature #11406 (Pull Request Review): GUI option to set MTU for L2TP VPN server
Jim Pingle
06:59 AM Feature #11406: GUI option to set MTU for L2TP VPN server
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/133 Viktor Gurov
06:33 AM Feature #11406 (Resolved): GUI option to set MTU for L2TP VPN server
Allow to set MTU on L2TP VPN server (useful for IPsec/L2TP configurations) Viktor Gurov
12:36 PM pfSense Packages Feature #11405 (Pull Request Review): add RPKI route map in GUI
Jim Pingle
02:16 AM pfSense Packages Feature #11405: add RPKI route map in GUI
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/50
see https://docs.frrouting.org/en/latest/bgp.... Viktor Gurov
01:54 AM pfSense Packages Feature #11405 (Resolved): add RPKI route map in GUI
Allow to select `match rpki` in the WebGUI:... Viktor Gurov
12:35 PM pfSense Packages Bug #11404 (Pull Request Review): Incorrect prefix/access lists migration on update
Jim Pingle
01:51 AM pfSense Packages Bug #11404: Incorrect prefix/access lists migration on update
fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/49 Viktor Gurov
12:04 AM pfSense Packages Bug #11404 (New): Incorrect prefix/access lists migration on update
https://forum.netgate.com/topic/160694/frr-7-3-7-5-bgp-not-announcing-routes:
I notice it now has an IP type selec... Viktor Gurov
12:34 PM Bug #11403 (Pull Request Review): DNS Resolver does not add a ``local-zone`` type for ``ip6.arpa`` domain override
Jim Pingle
12:12 PM Bug #11409 (Closed): IPv4 MSS value is incorrectly applied to IPv6 packets
Follows from discussion at https://forum.netgate.com/topic/152935/ipv6-pppoe-mss-incorrect/.
When setting up MSS c... Michael Smith
10:53 AM Bug #9643: Limiters do not function properly on 2.5 snapshots
Yeah I can do that at a later date. I will keep it out of this report now. Chris Collins
10:47 AM Bug #9643: Limiters do not function properly on 2.5 snapshots
At this point I'd say open a new and more specific bug report for that once you have all the info collected and re-te... Jim Pingle
10:43 AM Bug #9643: Limiters do not function properly on 2.5 snapshots
It did work yes, the reason for the configuration is, the firewall is in front of a webserver, and I want people who ... Chris Collins
10:40 AM Bug #9643: Limiters do not function properly on 2.5 snapshots
Chris Collins wrote:
> It goes into a black hole on inbound WAN matching.
>
> If I keep the match rule but remove... Jim Pingle
10:25 AM Bug #9643: Limiters do not function properly on 2.5 snapshots
I only have it configured with ipv4. Chris Collins
10:04 AM Bug #9643: Limiters do not function properly on 2.5 snapshots
Chris Collins wrote:
> Ok to summarise.
>
> It works on outbound WAN matching (this was broken before the patch).... Jesse Beauclaire
03:11 AM Bug #9643: Limiters do not function properly on 2.5 snapshots
Ok to summarise.
It works on outbound WAN matching (this was broken before the patch).
It works on inbound and ou... Chris Collins
02:59 AM Bug #9643: Limiters do not function properly on 2.5 snapshots
I updated to the latest stable (new RC 2.5)
Sadly I still have the same problem, I am still checking stuff to make... Chris Collins
10:35 AM pfSense Packages Feature #11408 (Rejected): Store 'Device Key' in config.xml
This would be better served by #11118 Jim Pingle
10:07 AM pfSense Packages Feature #11408 (Rejected): Store 'Device Key' in config.xml
Storing the ACB device key in config.xml allows users to use the latest config.xml backup as a safe copy of the Devic... Viktor Gurov
08:00 AM Bug #11407 (Feedback): Removing a WireGuard tunnel in a middle position can break Add button behavior
Applied in changeset commit:11fd7da72502c991b1f1c0e886ea212235f4a505. Jim Pingle
07:40 AM Bug #11407 (Closed): Removing a WireGuard tunnel in a middle position can break Add button behavior
If there are three WireGuard tunnels (wg0, wg1, wg2) and the middle tunnel (wg1) is removed, the add button links to ... Jim Pingle
06:59 AM Bug #10734: PFsense don't use wrong proposals
Same issue here.
P1 settings:
AES, 256 bits, SHA1, DH group 2 (1024 bit)
AES, 256 bits, SHA256, DH group 2 (1024... Petr H
04:43 AM pfSense Packages Bug #11391 (Confirmed): Zeek crashes on 2.5.0
running `zeekctl deploy` fixes this issue Viktor Gurov
03:49 AM pfSense Packages Bug #11381 (Resolved): PHP error after clean Zeek install
Fixed Viktor Gurov
03:42 AM pfSense Packages Feature #10605 (Resolved): Add certificates from Trusted Store to Squid cert store
squid pkg 0.4.45_3 - fixed Viktor Gurov
03:35 AM Feature #11402: Xen console support
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/132 Viktor Gurov
02:17 AM Bug #11397 (Resolved): Incorrect html encoding in the description of the "Duplicate gateway" option
2.5.0.r.20210211.1637 fixed Viktor Gurov
02:11 AM Bug #11364: php-fpm and netstat taking very high CPU
Turns out my issue was unrelated. My issue was https://redmine.pfsense.org/issues/11404
My instance was accepting... M Felden

02/11/2021

11:58 PM Bug #11403: DNS Resolver does not add a ``local-zone`` type for ``ip6.arpa`` domain override
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/131 Viktor Gurov
11:45 PM Bug #11403 (Resolved): DNS Resolver does not add a ``local-zone`` type for ``ip6.arpa`` domain override
If you configured domain override for the *.in-addr.arpa domain it correctly sets the zone type to `typetransparent`:... Viktor Gurov
11:47 PM pfSense Packages Bug #11373 (Resolved): FRR: BGP neighbor remote-as external doesn't work
Viktor Gurov
11:47 PM pfSense Packages Bug #11376 (Resolved): BGP MD5 keys are not removed on service stop
Viktor Gurov
11:37 PM Feature #11402 (Closed): Xen console support
To be able to use `xm console` to connect to the pfSense console,
the following line must be added to '/etc/ttys':
... Viktor Gurov
11:31 PM Bug #5999 (Resolved): IPv6 IP Alias prevents Track Interface from working with DHCPv6 and RA
my test:
DHCPv6 server with fc00:623:5::-fc00:623:50:: /52 PD
pfSense 2.5.0.r.20210211.1637 client with two IP ... Viktor Gurov
08:27 PM Revision 1bc20f0d: Handle case where copyright file is downloaded but has a size of zero
Steve Beaver
08:26 PM Revision c7e8d310: Handle case where copyright file is downloaded but has a size of zero
Steve Beaver
07:52 PM Bug #11364: php-fpm and netstat taking very high CPU

ps aux
USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND
root 88102 29.8 0.2 52392 ... yon Liu
07:44 PM Bug #11364: php-fpm and netstat taking very high CPU

vmstat 1 5
procs memory page disks faults cpu
r b w avm fre flt re ... yon Liu
11:17 AM Bug #11401 (Feedback): Upgrade broken due to need to reinstall pkg
Fixed by pfSense-upgrade 0.88 on 2.4.5 and 0.91 on 2.5.0/2.6.0 Renato Botelho
10:52 AM Bug #11401 (Resolved): Upgrade broken due to need to reinstall pkg
Sometimes, without any good reason, pkg doesn't download itself when running `pkg upgrade -F` but then, when final `p... Renato Botelho
10:45 AM Revision 3c97d1b7: Do not exclude unlisted package
Renato Botelho
10:44 AM Revision b0ac3491: Do not build unused packages
Renato Botelho
10:44 AM Revision 998c898f: Do not build unused packages
Renato Botelho
09:24 AM Bug #9643 (Closed): Limiters do not function properly on 2.5 snapshots
Luiz Souza
08:02 AM Bug #9643: Limiters do not function properly on 2.5 snapshots
Make a post on the forum and discuss it there, that's the best way to diagnose your issue. Jim Pingle
07:58 AM Bug #9643: Limiters do not function properly on 2.5 snapshots
Jim Pingle wrote:
> That doesn't appear to be related to this specific issue, it looks like a problem with your rule... Jesse Beauclaire
07:55 AM Bug #9643: Limiters do not function properly on 2.5 snapshots
That doesn't appear to be related to this specific issue, it looks like a problem with your rule / state of your system. Jim Pingle
07:53 AM Bug #9643: Limiters do not function properly on 2.5 snapshots
I'm not sure if this is related, my understanding of this is limited. After creating/enabling CODEL traffic limiters ... Jesse Beauclaire
07:05 AM Bug #9643: Limiters do not function properly on 2.5 snapshots
Looks good here as well. Not only can I pass traffic with limiters on, I am back to an A on the bufferbloat test than... Jim Pingle
05:38 AM Bug #9643 (Resolved): Limiters do not function properly on 2.5 snapshots
Renato Botelho
01:01 AM Bug #9643: Limiters do not function properly on 2.5 snapshots
I can confirm working too. Greg M
08:58 AM Bug #11393: Incorrect copyright year on 2.5.0-RC (CE)
issue on https://ews.netgate.com/copyright... Viktor Gurov
08:26 AM Bug #3334: Status/Traffic Graph isn't IPv6 ready
Thank you for pointing that out. Now it shows IPv6 addresses. Great work. Pim Pish
07:44 AM Bug #3334: Status/Traffic Graph isn't IPv6 ready
It doesn't change to the new mode automatically. You have to change it from rate to iftop..
* *Status > Traffic Gr... Jim Pingle
02:07 AM Bug #3334: Status/Traffic Graph isn't IPv6 ready
I've upgraded to pfSense 2.5 RC but still there are no IPv6 addresses shown in the traffic graph for me. What am I do... Pim Pish
07:42 AM Bug #8136 (Resolved): dpinger for WAN DHCPv6 gets fails to update gateway IP
No more reports but it's not happening anymore on my home router, so I believe it's safe to say it's resolved. Renato Botelho
01:08 AM pfSense Packages Bug #11392: FRR - Advanced Routing Behavior - Network Import Check: Flag should be reversed
Ok I am up and running now and after some testing I can rephrase the issue more clearly.
- We have some changes be... M Felden

02/10/2021

10:50 PM pfSense Packages Bug #11373: FRR: BGP neighbor remote-as external doesn't work
Remote-as external/internal is reflected in configuration and Neighbor-ship is established
router bgp 61000
n... Alhusein Zawi
10:24 PM pfSense Packages Bug #11376: BGP MD5 keys are not removed on service stop
if FRR service stopped/disabled
"setkey -D" is not showing entries "No SAD entries"
if FRR is not stopped ... Alhusein Zawi
08:14 PM Bug #11364: php-fpm and netstat taking very high CPU
M Felden wrote:
> I just ran into the same thing on one out of 3 lab machines.
>
> Each one announces one /44 or ... yon Liu
08:08 PM Bug #11364: php-fpm and netstat taking very high CPU
i have no install vmware, I installed the pfsense 2.5 system on the hardware server. AMD CPU and DDR3 16G RAM.SSD DIS... yon Liu
07:38 PM Bug #11364: php-fpm and netstat taking very high CPU
I just ran into the same thing on one out of 3 lab machines.
Each one announces one /44 or /48, receives default r... M Felden
08:10 PM Revision 9c29259d: Revert copyright symbols
Steve Beaver
08:03 PM Revision c67c74dd: Revert copyright symbols
Steve Beaver
06:15 PM Revision cb0a23f2: Add option to set IPsec filtering mode. Implements #11395
User can choose between filtering enc (tunnel+VTI) or filtering on
assigned VTI interface tabs (VTI only, drops all t... Jim Pingle
05:17 PM Bug #9643: Limiters do not function properly on 2.5 snapshots
Luiz Souza wrote:
> All the fixes from 2.4.5 are now merged.
>
> Initial tests looks good.
I can confirm this ... Sish Kitane
08:28 AM Bug #9643 (Feedback): Limiters do not function properly on 2.5 snapshots
All the fixes from 2.4.5 are now merged.
Initial tests looks good. Luiz Souza
04:35 PM pfSense Docs Correction #11400: Feedback on pfSense Configuration Recipes — Virtualizing with Proxmox
That is not our site. The only official source of documentation is docs.netgate.com Jim Pingle
04:16 PM pfSense Docs Correction #11400: Feedback on pfSense Configuration Recipes — Virtualizing with Proxmox
Jim Pingle wrote:
> This was just recently changed in the last week or so. That the guide now advises to use *Host* ... Caleb Robinson
02:44 PM pfSense Docs Correction #11400 (Rejected): Feedback on pfSense Configuration Recipes — Virtualizing with Proxmox
Jim Pingle
02:44 PM pfSense Docs Correction #11400 (Not a Bug): Feedback on pfSense Configuration Recipes — Virtualizing with Proxmox
This was just recently changed in the last week or so. That the guide now advises to use *Host* as the CPU type, not ... Jim Pingle
02:41 PM pfSense Docs Correction #11400 (Rejected): Feedback on pfSense Configuration Recipes — Virtualizing with Proxmox
*Page:* https://docs.netgate.com/pfsense/en/latest/recipes/virtualize-proxmox.html
*Feedback:*
I moved my bare ... Caleb Robinson
03:28 PM Revision a57003ef: Fix Microsoft's idea of an apostropphe
Steve Beaver
03:27 PM Revision c512df2d: Fix Microsoft's idea of an apostropphe
Steve Beaver
02:51 PM Bug #11397 (Feedback): Incorrect html encoding in the description of the "Duplicate gateway" option
Fixed in all branches Anonymous
01:24 PM Bug #11397 (Resolved): Incorrect html encoding in the description of the "Duplicate gateway" option
vpn_ipsec_phase1.php page:
Enable this to allow multiple phase 1 configurations with the same endpoint. When enabled... Viktor Gurov
02:39 PM pfSense Docs Correction #11399 (Rejected): SG-3100 M.2 Installation Guide Reinstall Corrections
Guide located here:
https://docs.netgate.com/pfsense/en/latest/solutions/sg-3100/m-2-sata-installation.html
We sh... Kris Phillips
02:29 PM pfSense Packages Bug #11398: pfBlocker upgrade hangs forever
At work, but this has happened with every pfblocker upgrade since trialing pfSense 2.5 and then moving to pfblocker 3... andreas vesalius
02:06 PM pfSense Packages Bug #11398: pfBlocker upgrade hangs forever
andreas vesalius wrote:
> Also, the bigger issue as the pfblocker-devel package manager upgrade will complete, is th... Renato Botelho
02:03 PM pfSense Packages Bug #11398: pfBlocker upgrade hangs forever
Also, the bigger issue as the pfblocker-devel package manager upgrade will complete, is that unbound fails to restart... andreas vesalius
01:34 PM pfSense Packages Bug #11398 (Resolved): pfBlocker upgrade hangs forever
It was first reported at https://redmine.pfsense.org/issues/10610#note-11 but since it never happened again with any ... Renato Botelho
01:35 PM pfSense Packages Feature #11396 (Rejected): Add Zeek as an installable package
It is already a pfSense package on 2.5.0: pfSense-pkg-zeek-3.0.6_1 Jim Pingle
01:18 PM pfSense Packages Feature #11396 (Rejected): Add Zeek as an installable package
Base install:
Supported in FreeBSD (https://www.freshports.org/security/zeek) so installation and updates should be ... Charles Johnston
12:58 PM Revision b6ed7d8b: Increment requested copyright version
Steve Beaver
12:58 PM Revision d7769375: Increment requested copyright version
Steve Beaver
12:25 PM Feature #11395 (Feedback): Option to switch IPsec filtering modes to choose between ``enc`` and ``if_ipsec`` filtering
Applied in changeset commit:cb0a23f29237d86fbc40259882bba2b5b9d419f5. Jim Pingle
12:14 PM Feature #11395 (Closed): Option to switch IPsec filtering modes to choose between ``enc`` and ``if_ipsec`` filtering
Due to the limitations mentioned in #8686 FreeBSD can filter IPsec in one of two ways:
* Filter on enc0 for all IP... Jim Pingle
12:15 PM Bug #8686: IPsec VTI: Assigned interface firewall rules are never parsed
I'm moving the option I mentioned above to a separate issue: #11395
This can remain open for the longer term quest... Jim Pingle
09:34 AM Bug #11394 (Not a Bug): Diagnostics - Tables page does not show last update date
It is working properly, most tables don't have data showing when they were last updated. That is primarily useful for... Jim Pingle
09:24 AM Bug #11394 (Not a Bug): Diagnostics - Tables page does not show last update date
the alias table page shows unknown in the field where the last alias update should display. Victor França Machado de Araújo
08:54 AM pfSense Packages Bug #11388 (Feedback): Captive Portal authentication error with MySQL backend
merged Renato Botelho
07:58 AM pfSense Packages Bug #11366: Arpwatch Cron Notification every 15 minutes
Adam French wrote:
> Abdul Khaliq wrote:
> > Viktor Gurov wrote:
> > > You need to check "Disable Cron emails" opt... Abdul Khaliq
07:54 AM pfSense Packages Bug #11366: Arpwatch Cron Notification every 15 minutes
Abdul Khaliq wrote:
> Viktor Gurov wrote:
> > You need to check "Disable Cron emails" option
> > see #10771
>
>... Adam French
07:30 AM Bug #11393 (Resolved): Incorrect copyright year on 2.5.0-RC (CE)
pfSense 2.5.0.r.20210210.0300:
Copyright © *2004-2020*. Electric Sheep Fencing LLC ("ESF"). All Rights Reserved.
... Viktor Gurov
04:46 AM pfSense Packages Bug #11392 (Closed): FRR - Advanced Routing Behavior - Network Import Check: Flag should be reversed
In Services -> FRR -> BGP -> Advanced -> Advanced Routing Behavior
There is a "Network Import Check" that is not ... M Felden
02:17 AM Bug #11383: pfSense Proxy Authentication not working
Hi
the problem exists since my oldest existing installation (here) FW:2.4.4p1. It was tested OK in Mid 2018 on 2.4.2... Michael Samer
01:52 AM Revision e5b9b569: Revise copyright modal to accommodate larger content
Steve Beaver
01:52 AM Revision c121648c: Revise copyright modal to accommodate larger content
Steve Beaver

02/09/2021

08:27 PM Revision 94bd74a8: Add pfSense 2.5.0 repositories
Renato Botelho
08:22 PM Revision 00c9d739: Use new URLs for pkg repo
Renato Botelho
08:22 PM Revision 976b6ecf: Use new URLs for pkg repo
Renato Botelho
06:53 PM Revision 098bf8e9: Use Netgate domain for bogons. Issue NG 5446
(cherry picked from commit 4a30c608aacdcb8a467e97d9ccda514e412731bf) Jim Pingle
06:53 PM Revision 4a30c608: Use Netgate domain for bogons. Issue NG 5446
Jim Pingle
05:01 PM Revision 67947a5f: Detect Plus by product label
Renato Botelho
05:01 PM Revision 5e3df7f4: Detect Plus by product label
Renato Botelho
04:54 PM Revision 98528dce: Rename Factory -> Plus
Renato Botelho
04:54 PM Revision 99809731: Rename Factory -> Plus
Renato Botelho
04:15 PM Revision c33ebcbc: This file moved, remove old copy. Fixes #11389
(cherry picked from commit 860391bfcb5d273daef32780003014cfdd557a6d) Jim Pingle
04:15 PM Revision 860391bf: This file moved, remove old copy. Fixes #11389
Jim Pingle
03:13 PM pfSense Packages Bug #11391 (Resolved): Zeek crashes on 2.5.0
Trying to use zeek on 2.5.0 RC and I get a crash email and the service will not start. Also, chose 'sudo' category a... Zachary McGibbon
01:31 PM Bug #11372 (Closed): I can delete nested alias even if it is in use
This is working fine. On current code I can't delete an alias which is nested in another in-use alias. Jim Pingle
12:53 PM Todo #10704 (Resolved): Work around PHP issues with SSL LDAP and multiple authentication servers
Renato Botelho
12:51 PM Todo #10704: Work around PHP issues with SSL LDAP and multiple authentication servers
Marking it as resolved since nobody answered in 3 months Renato Botelho
12:52 PM Bug #9796 (Resolved): kernel panic after removing interfaces
Not reproducible recently. If it happens again we can re-visit Renato Botelho
12:51 PM Todo #9417 (Resolved): Convert LDAP TLS setup from environment to LDAP_OPT_X_TLS_* set options
Marking it as resolved since nobody answered in 3 months Renato Botelho
12:39 PM Bug #11256 (Rejected): Cannot add alias with multiple URLs
It works on 2.5.0 Renato Botelho
12:18 PM Feature #11354 (Resolved): WireGuard should respond from the address used by peer
It's working as expected Renato Botelho
12:17 PM Feature #7727 (In Progress): uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port
There is clearly more to be done here. Move to 2.5next Renato Botelho
10:38 AM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port

> I can confirm that this is still a problem in 2.5.0.a.20210129.1122.
> I upgraded a school system today from 2.... Polar Nerd
09:05 AM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port
YP Lo wrote:
> I think other than adding the static NAT port entry (which is only for the single port requested by t... Jim Pingle
08:34 AM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port
YP Lo wrote:
> Is it possible to have miniuPnP add the port-forwarding entry without NAT?
Can you explain in more... Marc 05
08:23 AM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port
I think other than adding the static NAT port entry (which is only for the single port requested by the console for e... YP Lo
12:14 PM Bug #11387 (Pull Request Review): Interfaces page displays MAC Address field for interfaces which do not support L2
Renato Botelho
01:11 AM Bug #11387: Interfaces page displays MAC Address field for interfaces which do not support L2
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/128 Viktor Gurov
12:55 AM Bug #11387 (Resolved): Interfaces page displays MAC Address field for interfaces which do not support L2
Only hardware interfaces and OpenVPN TAP have a MAC address
There is no needs to show the 'MAC address' field for ps... Viktor Gurov
12:14 PM Feature #11390 (Pull Request Review): Copy button for Authentication Server entries
Renato Botelho
11:21 AM Feature #11390: Copy button for Authentication Server entries
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/130 Viktor Gurov
09:01 AM Feature #11390: Copy button for Authentication Server entries
see also #6908 #8952 Viktor Gurov
09:00 AM Feature #11390 (Resolved): Copy button for Authentication Server entries
It would be helpful to have a copy button for quick creating of the Master/Backup RADIUS/LDAP servers configuration. Viktor Gurov
12:08 PM Bug #11383: pfSense Proxy Authentication not working
See also: #9029 Jim Pingle
12:07 PM Bug #11383: pfSense Proxy Authentication not working
Not a regression, move to next release. Renato Botelho
11:15 AM Bug #11383: pfSense Proxy Authentication not working
The values in the config.xml file appear to be correctly recorded:... Anonymous
11:00 AM Bug #11383 (In Progress): pfSense Proxy Authentication not working
Anonymous
12:03 PM Bug #11365: dhcpv6 cannot push ipv6 gateway address
too late for 2.5.0 Renato Botelho
11:07 AM Bug #11389 (Resolved): Mixed-case or Uppercase Alias names will not resolve when nested within another Alias
Jim Pingle
10:58 AM Bug #11389: Mixed-case or Uppercase Alias names will not resolve when nested within another Alias
Confirmed working now with the old file deleted in my 2.5 VM. This issue can be marked resolved. Bill Meeks
10:25 AM Bug #11389: Mixed-case or Uppercase Alias names will not resolve when nested within another Alias
Applied in changeset commit:860391bfcb5d273daef32780003014cfdd557a6d. Jim Pingle
10:21 AM Bug #11389: Mixed-case or Uppercase Alias names will not resolve when nested within another Alias
Thanks! Good catch. I was pulling my hair out, because I could see what "should" be bypassing the problem but it wasn... Bill Meeks
10:16 AM Bug #11389 (Feedback): Mixed-case or Uppercase Alias names will not resolve when nested within another Alias
Changed my mind, I added an entry to remove the old file. It's a simple change and may prevent others from having the... Jim Pingle
10:13 AM Bug #11389 (Not a Bug): Mixed-case or Uppercase Alias names will not resolve when nested within another Alias
OK I figured out what caused this. It's not a problem in current code, but somewhere along the way snapshots had alia... Jim Pingle
09:40 AM Bug #11389: Mixed-case or Uppercase Alias names will not resolve when nested within another Alias
Still failed for me with that patch applied. Ends up with lowercase contents every time I try it. Jim Pingle
09:39 AM Bug #11389: Mixed-case or Uppercase Alias names will not resolve when nested within another Alias
I am unable to pull down the changes from that private repo, so can't test. Will depend on Jim to test from his end.
... Bill Meeks
09:31 AM Bug #11389: Mixed-case or Uppercase Alias names will not resolve when nested within another Alias
extra checks:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/129 Viktor Gurov
09:28 AM Bug #11389: Mixed-case or Uppercase Alias names will not resolve when nested within another Alias
I am also wondering if it is some kind of "race" thing perhaps???
I see a check in the new code that tests each va... Bill Meeks
09:24 AM Bug #11389: Mixed-case or Uppercase Alias names will not resolve when nested within another Alias
Might be something in your running state, but it happens consistently every time for me here. I don't have any of the... Jim Pingle
09:16 AM Bug #11389: Mixed-case or Uppercase Alias names will not resolve when nested within another Alias
hm, my test configuration:... Viktor Gurov
09:14 AM Bug #11389: Mixed-case or Uppercase Alias names will not resolve when nested within another Alias
If #10968 fixed it then something else broke it again. I can reproduce it easily here.... Jim Pingle
09:08 AM Bug #11389 (New): Mixed-case or Uppercase Alias names will not resolve when nested within another Alias
Jim Pingle
09:01 AM Bug #11389: Mixed-case or Uppercase Alias names will not resolve when nested within another Alias
Viktor: this is the version I am testing on --
2.5.0-DEVELOPMENT (amd64)
built on Thu Feb 04 22:53:51 CST 2021
... Bill Meeks
08:53 AM Bug #11389 (Feedback): Mixed-case or Uppercase Alias names will not resolve when nested within another Alias
unable to reproduce on 2.5.0.a.20210204.2250
fixed in #10968 Viktor Gurov
07:54 AM Bug #11389: Mixed-case or Uppercase Alias names will not resolve when nested within another Alias
I failed to note that mixed-case alias names will correctly resolve when nested in pfSense-2.4.5, so this appears lim... Bill Meeks
07:43 AM Bug #11389 (Resolved): Mixed-case or Uppercase Alias names will not resolve when nested within another Alias
The inclusion of calls to the PHP function idn_to_utf8() and idn_to_ascii() in pfSense-2.5 appear to have inadvertent... Bill Meeks
10:28 AM pfSense Packages Bug #11375: UPS Type <BLANK> for USB APC
For clarity can the labels be changed slightly? As I wrote in the forum the column labels look like "UPSTYPEDEVICE" ... Steve Y
10:19 AM Bug #11378: Unknown OID error on ZFS install
Works here as well now. Install completed with ZFS and the resulting system has the correct filesystem type/layout. Jim Pingle
12:58 AM Bug #11378 (Resolved): Unknown OID error on ZFS install
works as expected on 21.02-RC-amd64-20210208-1744 Viktor Gurov
05:16 AM Bug #10966 (Resolved): IPv6 - WAN does not renew address when upstream fails
Thanks for letting us know Renato Botelho
05:05 AM pfSense Packages Feature #11386: Add WireGuard tunneled networks to vpnaddresses list
https://github.com/pfsense/FreeBSD-ports/pull/1038 Viktor Gurov
12:29 AM pfSense Packages Feature #11386 (Resolved): Add WireGuard tunneled networks to vpnaddresses list
Currently it adds (#8688):
- IPsec Mobile IPv4 subnet
- IPsec site-to-site networks
- OpenVPN client/server Tunnel... Viktor Gurov
04:49 AM pfSense Packages Feature #11385: Add WireGuard tunneled networks to vpnaddresses list
https://github.com/pfsense/FreeBSD-ports/pull/1037 Viktor Gurov
12:27 AM pfSense Packages Feature #11385 (Resolved): Add WireGuard tunneled networks to vpnaddresses list
Currently it adds (#10700):
- IPsec Mobile IPv4 subnet
- IPsec site-to-site networks
- OpenVPN client/server Tunne... Viktor Gurov
04:23 AM pfSense Packages Bug #11388: Captive Portal authentication error with MySQL backend
fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/48 Viktor Gurov
04:13 AM pfSense Packages Bug #11388 (Feedback): Captive Portal authentication error with MySQL backend
https://forum.netgate.com/topic/160549/captive-portal-error:
has anyone encountered this particular issue with Freer... Viktor Gurov
02:43 AM Bug #11184: PF: State policy cannot be configurable
Hello,
Do you have any news about this patch?
Thank you
 Yannis Planus

02/08/2021

07:04 PM Revision 83081d3a: Revert "Refactor system_advanced_misc for MVC"
This reverts commit c33b0ab6c2fcd4c9786d1b5e7903c01fa1fafa7d. Steve Beaver
07:03 PM Revision b29e6e1b: Revert "Refactor system_advanced_misc for MVC"
This reverts commit c33b0ab6c2fcd4c9786d1b5e7903c01fa1fafa7d. Steve Beaver
06:07 PM Revision 5898a649: Refactor system_advanced_misc for MVC
Steve Beaver
06:07 PM Revision c33b0ab6: Refactor system_advanced_misc for MVC
Steve Beaver
06:01 PM Revision 66933ee4: Typo
Steve Beaver
06:00 PM Revision 1965b431: Typo
Steve Beaver
05:54 PM Revision d1216ae0: Add registered trdemark symbol where appropriate
Steve Beaver
05:53 PM Revision b34b2151: Add registered trdemark symbol where appropriate
Steve Beaver
05:52 PM Bug #10966: IPv6 - WAN does not renew address when upstream fails
Apart from the initial failure to get an address on the WAN interface, i've not lost DHCPv6 on the WAN interface in 5... John Griffin
03:39 PM Bug #11384 (Rejected): cannot load &quot;/etc/bogonsv6&quot;: Invalid argument
This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
03:37 PM Bug #11384 (Rejected): cannot load &quot;/etc/bogonsv6&quot;: Invalid argument
I use latest stable version and get constantly the following Notice.
There were error(s) loading the rules: /tmp/r... jan peter
02:40 PM pfSense Docs Correction #11244 (Resolved): Feedback on Packages — Nut package
I added a link to the forum thread on the docs page. Having a link to the forum thread for assistance is good.
The... Jim Pingle
01:23 PM Revision d6b55b5f: Nested alias checking fix. Issue #11372
Viktor Gurov
01:22 PM Revision 65371889: Nested alias checking fix. Issue #11372
Viktor Gurov
01:22 PM Revision 4f630b14: Return correct Track IPv6 address if >1 VIP on interface. Issue #5999
Viktor Gurov
12:17 PM pfSense Packages Feature #8547: fwknop Port Knocking Package
Kurt Yoder wrote:
> > Because security bugs are frequently discovered in all sorts of software, *including security... David Yon
11:23 AM Revision 7409f072: Fix branch name: devel -> master
Renato Botelho
09:11 AM Bug #11378 (Feedback): Unknown OID error on ZFS install
It was removing CDDL from installer. I've pushed a fix. Renato Botelho
07:49 AM Bug #11378: Unknown OID error on ZFS install
Confirmed here as well. After selecting the disk for ZFS and opting to continue, it stops with that error and won't p... Jim Pingle
05:18 AM Bug #11378: Unknown OID error on ZFS install
I experience the same phenomenon when I try to install 2.5.0 Snapshot on TrueNAS with ZFS as target filesystem. When ... Pim Pish
09:06 AM Bug #9643: Limiters do not function properly on 2.5 snapshots
Hi. I am also able to reproduce this. It works fine on 2.4.5, but on 2.5.0, the minute the floating rule is enable, I... Kevin S
03:26 AM Bug #9643: Limiters do not function properly on 2.5 snapshots
I'm able to reproduce this. As mentioned in earlier comments, the issue only shows when the inbound queue is enabled.... Peter Grehan
07:42 AM Bug #11383: pfSense Proxy Authentication not working
Confirmed here as well, if I set a system to use a proxy that requires auth, it can't communicate with the package se... Jim Pingle
07:19 AM Bug #11383 (Closed): pfSense Proxy Authentication not working
Proxy Username/Password on the system_advanced_misc.php is being ignored
You can see them in `env`:... Viktor Gurov
07:33 AM pfSense Packages Bug #11373 (Feedback): FRR: BGP neighbor remote-as external doesn't work
Merged Renato Botelho
07:17 AM pfSense Packages Bug #11373 (Pull Request Review): FRR: BGP neighbor remote-as external doesn't work
Jim Pingle
07:33 AM pfSense Packages Bug #11376 (Feedback): BGP MD5 keys are not removed on service stop
Merged Renato Botelho
07:19 AM pfSense Packages Bug #11376 (Pull Request Review): BGP MD5 keys are not removed on service stop
Jim Pingle
07:29 AM pfSense Packages Feature #10605 (Feedback): Add certificates from Trusted Store to Squid cert store
Merged Renato Botelho
05:16 AM pfSense Packages Feature #10605: Add certificates from Trusted Store to Squid cert store
2.4.5 fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/47 Viktor Gurov
04:06 AM pfSense Packages Feature #10605 (New): Add certificates from Trusted Store to Squid cert store
works fine on 2.5, but produces php error on 2.4.5 if 'Extra Trusted CA' != none:... Viktor Gurov
07:28 AM pfSense Packages Bug #11381 (Feedback): PHP error after clean Zeek install
Merged Renato Botelho
07:23 AM Bug #5999 (Feedback): IPv6 IP Alias prevents Track Interface from working with DHCPv6 and RA
Merged Renato Botelho
07:22 AM Bug #5999 (Pull Request Review): IPv6 IP Alias prevents Track Interface from working with DHCPv6 and RA
Jim Pingle
07:23 AM Bug #11372 (Feedback): I can delete nested alias even if it is in use
Merged Renato Botelho
07:18 AM Bug #11372 (Pull Request Review): I can delete nested alias even if it is in use
Jim Pingle
07:21 AM pfSense Packages Bug #11377 (Pull Request Review): FRR deinstall
Removing the leftover files is fine but I don't think this package needs the ability to reset/wipe the config. Too da... Jim Pingle
07:19 AM Feature #11380 (Pull Request Review): PHP shell playback script to modify Alias contents
Renato Botelho
07:19 AM Bug #11382 (Pull Request Review): OpenVPN client configuration page displays Shared Key option when set for SSL/TLS
Renato Botelho
02:19 AM Bug #11382: OpenVPN client configuration page displays Shared Key option when set for SSL/TLS
it also hides the `tlsauth_keydir` field for 'Shared Key" mode (see #11336):
https://gitlab.netgate.com/pfSense/pfSe... Viktor Gurov
02:02 AM Bug #11382 (Resolved): OpenVPN client configuration page displays Shared Key option when set for SSL/TLS
If you create an OpenVPN client instance in the 'Shared Key' mode and then switch it to "SSL/TLS" mode, the WebGUI st... Viktor Gurov
07:18 AM Feature #7077 (Pull Request Review): Display negotiated data encryption algorithm in OpenVPN connection status
Renato Botelho
04:49 AM Feature #7077 (New): Display negotiated data encryption algorithm in OpenVPN connection status
sample output:... Viktor Gurov
07:13 AM Feature #11374: WireGuard Status in GUI
I agree that it would be nice but the WireGuard utility @wg@ does not expose any of that information for us to use. T... Jim Pingle
05:57 AM Bug #6028 (Resolved): no firewall rules loaded after reboot with invalid ruleset
tested with patch on 2.5.0.a.20210204.2250
works as expected Viktor Gurov
12:51 AM pfSense Packages Feature #11295: DNSBL IDN support
https://github.com/pfsense/FreeBSD-ports/pull/1036 Viktor Gurov
12:32 AM Bug #11254 (Resolved): Some OpenVPN configuration files remain after deleting an instance
Viktor Gurov

02/07/2021

05:43 PM Bug #11254: Some OpenVPN configuration files remain after deleting an instance
In the February 4 image of 2.5, I can no longer get the PHP crash after deleting the server/client instance of OpenVP... Max Leighton
05:21 PM Feature #7077: Display negotiated data encryption algorithm in OpenVPN connection status
Now that OpenVPN 2.5.0 is released and will be included pfSense 2.5.0, can this feature request be reopened? Matthew Ray
03:30 PM Bug #11367 (Resolved): radvd.conf keeps old configuration
Tested on
2.5.0-DEVELOPMENT (amd64)
built on Thu Feb 04 22:53:51 CST 2021
FreeBSD 12.2-STABLE
With router ad... Max Leighton
12:41 PM Revision 89c7e448: Return correct Track IPv6 address if >1 VIP on interface. Issue #5999
Viktor Gurov
12:37 PM Bug #5999: IPv6 IP Alias prevents Track Interface from working with DHCPv6 and RA
Hey Viktor,
Thanks for the update. Given your feedback, I was able to download the latest snapshot and re-test thi... Allen Balaj
06:46 AM Bug #5999: IPv6 IP Alias prevents Track Interface from working with DHCPv6 and RA
Return correct Track IPv6 address if >1 VIP on interface:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_request... Viktor Gurov
01:23 AM Bug #5999: IPv6 IP Alias prevents Track Interface from working with DHCPv6 and RA
Allen Balaj wrote:
> I'm currently on 2.5.0.a.20201124.0050. My firewall is single LAN, single WAN, ~2 dozen VLANs, ... Viktor Gurov
10:44 AM pfSense Packages Bug #11381: PHP error after clean Zeek install
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/46 Viktor Gurov
09:48 AM pfSense Packages Bug #11381 (Resolved): PHP error after clean Zeek install
If you press save on the Zeek package configuration page without any options/checkboxes, PHP errors will occur:
<pre... Viktor Gurov
07:48 AM Feature #11380: PHP shell playback script to modify Alias contents
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/125 Viktor Gurov
05:38 AM Feature #11380 (Resolved): PHP shell playback script to modify Alias contents
It would be very helpful
/etc/phpshellsessions/aliasmod script with a syntax:
aliasmod <add/del> <Aliasname> <Entry... Viktor Gurov
05:40 AM pfSense Packages Bug #3085 (Resolved): squidguard: problems when importing a blacklist archive containing soft-links
works as expected, see https://forum.netgate.com/topic/160607/squidguard-ut1-blacklist-support Viktor Gurov
05:26 AM Feature #11379 (New): Template Roll Printer
It would be nice to add a 'Voucher Roll Print' page to print Captive Portal's vouchers using templates.
see https:... Viktor Gurov
04:00 AM pfSense Packages Bug #11334 (Resolved): FRR IPv4 OSPF passive-interface not working
1.1.0_3, /var/etc/frr/frr.conf:... Viktor Gurov
03:52 AM Bug #11378 (Resolved): Unknown OID error on ZFS install
https://forum.netgate.com/topic/160599/2-5-0-development-unknown-oid:
This installation error has been seen in ... p... Viktor Gurov
03:28 AM pfSense Packages Feature #11199 (Resolved): Minor updates
pfBlockerNG-devel 3.0.0_9 - all OK Viktor Gurov
03:21 AM pfSense Packages Bug #11377: FRR deinstall
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/45 Viktor Gurov
03:03 AM pfSense Packages Bug #11377 (Pull Request Review): FRR deinstall
After uninstalling FRR all '<frr*>' entries are still in config.xml
`/var/etc/frr' also contains config files Viktor Gurov
03:00 AM pfSense Packages Bug #11376: BGP MD5 keys are not removed on service stop
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/44 Viktor Gurov
02:56 AM pfSense Packages Bug #11376 (Resolved): BGP MD5 keys are not removed on service stop
'setkey -D' keeps showing key association when you stop/disable FRR service.
see also #11325 Viktor Gurov
01:53 AM pfSense Packages Bug #11375 (Closed): UPS Type <BLANK> for USB APC
there is no issue Viktor Gurov
01:32 AM pfSense Packages Bug #11375 (New): UPS Type <BLANK> for USB APC
https://forum.netgate.com/topic/158235/potential-bug-found-with-apcupsd-package-version-0-3-91_8-and-configuring-it-i... Viktor Gurov
01:00 AM Bug #11372: I can delete nested alias even if it is in use
I can reproduce it on 2.4.5/2.5
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/123 Viktor Gurov
12:08 AM pfSense Packages Bug #11373: FRR: BGP neighbor remote-as external doesn't work
fix:
2.5:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/42
2.4.5:
https://gitlab.netgate.... Viktor Gurov

02/06/2021

11:03 PM pfSense Packages Bug #11191 (Resolved): Installing and Removing pfBlockerNG Leaves Shell Scripts in webConfigurator Messages
Viktor Gurov
05:19 PM pfSense Packages Bug #11191: Installing and Removing pfBlockerNG Leaves Shell Scripts in webConfigurator Messages
Verified that this is no longer a problem. Unchecking the save settings checkbox and then removing the package prope... Kris Phillips
10:14 PM pfSense Packages Bug #11343: Invalid link to pfSense-pkg-bind changelog
Anthony Pants wrote:
> If you go to "Installed Packages" (/pkg_mgr_installed.php) or "Available Packages" (/pkg_mgr.... Michael Spears
10:39 AM Feature #11374 (Closed): WireGuard Status in GUI
A usability request:
WireGuard in 2.5.0devel is indeed very performant. I have been testing it in pfSense (as 'ser... Jum Pers
10:33 AM pfSense Packages Feature #10619 (Resolved): Various FRR enhancements
Tested on 21.02-DEVELOPMENT (built on Thu Feb 04 22:53:54 CST 2021)
I see all these enhancements enabled.
This ... Azamat Khakimyanov
10:15 AM pfSense Packages Bug #11373 (Resolved): FRR: BGP neighbor remote-as external doesn't work
if you put `external` in the web GUI as the remote-as the generated configuration doesn't include a `neighbor <ip-add... Joel Gallun
09:43 AM Bug #7313 (Feedback): Crazy behviour of Virtual IP
This was likely due to inconsistent interface and/or port names across the nodes. Setting to feedback for now, then c... Marcos M
09:35 AM Bug #11368 (Resolved): OpenVPN Remote Access (User Auth)
Tested with
2.5.0-DEVELOPMENT (amd64)
built on Thu Feb 04 22:53:51 CST 2021
FreeBSD 12.2-STABLE
Remote Access... Max Leighton
04:07 AM pfSense Packages Feature #10202 (Resolved): redistribute bgp + route-map filtering in OSPF6
Tested on 21.02-DEVELOPMENT (built on Thu Feb 04 22:53:54 CST 2021)
There are redistribute bgp + route-map filteri... Azamat Khakimyanov

02/05/2021

04:49 PM Bug #11372: I can delete nested alias even if it is in use
Alexey Muzychenko wrote:
> If I define an alias, use it in any firewall rule directly and try to delete the alias - ... Michael Spears
01:55 AM Bug #11372 (Closed): I can delete nested alias even if it is in use
If I define an alias, use it in any firewall rule directly and try to delete the alias - I get an error "Cannot delet... Alexey Muzychenko
03:15 PM pfSense Docs New Content #11150 (Feedback): vpn_ipsec_export_win.php missing from help.php
Documentation is now in place:
https://docs.netgate.com/pfsense/en/latest/packages/ipsec-export.html Jim Pingle
01:52 PM pfSense Docs New Content #11150: vpn_ipsec_export_win.php missing from help.php
I added vpn_ipsec_export_win.php and vpn_ipsec_profile.php to help.php, the documentation is still a work in progress. Jim Pingle
01:58 PM Revision fa0dc0f0: Respect REPO_BRANCH_PREFIX on FREEBSD_BRANCH
Renato Botelho
01:57 PM Revision be3503ca: Respect REPO_BRANCH_PREFIX on FREEBSD_BRANCH
Renato Botelho
01:07 PM Revision ed5564a3: Fix branch name
Renato Botelho
11:39 AM Revision 3537f4a8: Welcome 2.5.0-RC
Renato Botelho
11:31 AM Revision 87b93bb8: It's time to move to 2.6.0-DEVELOPMENT
Renato Botelho
09:57 AM Feature #11354 (Feedback): WireGuard should respond from the address used by peer
Latest snapshot has the changes from the patch above, and the responses are sent back from the address used to contac... Jim Pingle
09:38 AM Bug #6028: no firewall rules loaded after reboot with invalid ruleset
Chris Linstruth wrote:
> Manually created an invalid configuration by modifying config.xml to make an HFSC queue tha... Renato Botelho
09:25 AM Bug #6028: no firewall rules loaded after reboot with invalid ruleset
Chris Linstruth wrote:
> Manually created an invalid configuration by modifying config.xml to make an HFSC queue tha... Renato Botelho
09:12 AM Bug #6028: no firewall rules loaded after reboot with invalid ruleset
Manually created an invalid configuration by modifying config.xml to make an HFSC queue that cannot load because the ... Chris Linstruth
09:23 AM pfSense Packages Bug #11271 (Resolved): Setting default-originate in FRR/BGP Silently Appends a route-map
Renato Botelho
08:03 AM pfSense Packages Bug #11271: Setting default-originate in FRR/BGP Silently Appends a route-map
This works as expected for one route map spanning both families. Much better. Thank you. Chris Linstruth
08:31 AM pfSense Packages Bug #11346 (Resolved): Raw-Config not working
Jim Pingle
08:31 AM Bug #11371 (Rejected): package install failed pfSense: 2.4.5_1
This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
08:29 AM pfSense Packages Bug #6818: WAN traffic graph displays inverted bandwidth columns
I was checking traffic today, in a situation of heavy file upload to the internet, and i'm seeing that everything is ... Fernando Rapetti
07:37 AM pfSense Docs Correction #11170 (Resolved): Feedback on Routing — Static Routes
Thank you very much. Resolving. Chris Linstruth
04:54 AM pfSense Packages Feature #11155: SafeSearch AAAA
Renato Botelho wrote:
> PR has been merged. Thanks!
PR 1035 containing this change has been merged. Thanks! Renato Botelho
04:52 AM pfSense Packages Feature #11155 (Feedback): SafeSearch AAAA
PR has been merged. Thanks! Renato Botelho
04:53 AM pfSense Packages Feature #11022 (Feedback): Add feeds from Firebog.net to pfBlockerNG
PR 1035 containing this change has been merged. Thanks! Renato Botelho
04:48 AM pfSense Packages Feature #11201 (Feedback): Show iTLD Allow IDN domains
PR has been merged. Thanks! Renato Botelho
04:46 AM pfSense Packages Feature #11199 (Feedback): Minor updates
PR has been merged. Thanks! Renato Botelho
04:44 AM pfSense Packages Bug #11191 (Feedback): Installing and Removing pfBlockerNG Leaves Shell Scripts in webConfigurator Messages
PR has been merged. Thanks! Renato Botelho

02/04/2021

11:03 PM pfSense Packages Bug #11345: FRR-OSPF - No "prefix-list" possible
* prefix can be chosen from Route Filtering in OSPF area.
* Configuration is reflected in config. file.
!
rou... Alhusein Zawi
10:18 PM Bug #11371 (Rejected): package install failed pfSense: 2.4.5_1
I setup PFsence with a basic setup back in November and finally got around to moving my network over to it. I just tr... Brian Nerny
09:29 PM pfSense Packages Bug #11346: Raw-Config not working
Issue is fixed
* updated the running config (or created new configuration)
* changed the configuration.
* pre... Alhusein Zawi
06:54 PM Feature #11354: WireGuard should respond from the address used by peer
I only tried with reboot failover which simplifies the problem: there are no races where packets can be queued awaiti... Peter Grehan
08:49 AM Feature #11354: WireGuard should respond from the address used by peer
Done Renato Botelho
08:46 AM Feature #11354: WireGuard should respond from the address used by peer
I'm going to merge this patch before next snapshot
 Renato Botelho
08:05 AM Feature #11354 (New): WireGuard should respond from the address used by peer
It's definitely better with that if_wg.ko. When the peer sends packets, it replies from the correct address.
Testi... Jim Pingle
06:07 AM Feature #11354 (Feedback): WireGuard should respond from the address used by peer
I believe this is now fixed. The destination address of ingress wg packets wasn't being saved. This is now being done... Peter Grehan
06:13 PM Revision 21c2bb34: Remove what I suspect is a debug leftover
Renato Botelho
03:12 PM Revision 93830bec: OpenVPN rmdir fix. Issue #11254
Viktor Gurov
03:07 PM Revision 91cd1741: Check RA service on interface IPv6 type change. Fixes #11367
Viktor Gurov
01:17 PM Bug #8686: IPsec VTI: Assigned interface firewall rules are never parsed
I made patch (attached) that adds a GUI option to toggle between the two behaviors: Filtering on enc0 (tunnel+vti), a... Jim Pingle
12:18 PM pfSense Packages Bug #11135: HAproxy OCSP reponse crontab bug
Do not set target version on package tickets Renato Botelho
12:18 PM Bug #11370 (Closed): firewall_aliases_edit.php is limited in the number of input entries it can save to an alias
This is likely related to #10937
When creating a new alias of type "host", the number of entries that get saved is... Marcos M
12:17 PM Bug #11159 (Resolved): Allow wildcard dns record of type A in the DynDNS client for DNS provider Gandi
Renato Botelho
12:15 PM Bug #9796: kernel panic after removing interfaces
gauthier segond wrote:
> hello.
>
> I had the same problem on the 11/11/2020 build. i made a video and here are t... Renato Botelho
12:03 PM Bug #8136: dpinger for WAN DHCPv6 gets fails to update gateway IP
Danilo Zrenjanin wrote:
> Can you provide more details on how to replicate the issue? Is it related only to the PPPo... Renato Botelho
12:01 PM Feature #8786 (Resolved): Wireguard VPN
Import of wireguard is complete. Issues are being tracked on separate tickets Renato Botelho
12:00 PM Bug #11265 (Resolved): Remove log spam due to bootstrap map file
Renato Botelho
11:30 AM Revision 3673b6d0: Style fixes
Renato Botelho
11:06 AM Bug #11363: Clean Install 2.5.0 fails due to hardware incompability
Probably not much to do if it's specific to certain hardware like that except trying a BIOS update and changing boot ... Jim Pingle
11:03 AM Feature #10010 (Resolved): Update infoblock on the Dashboard to include a link to The pfSense Book, rather than the community maintained documentation
Yep, this was fixed quite a while ago. Jim Pingle
03:38 AM Feature #10010: Update infoblock on the Dashboard to include a link to The pfSense Book, rather than the community maintained documentation
The above links now point to the same location. GChuf 6
11:03 AM Revision 729a4540: OpenVPN User Auth fix. Issue #11368
Viktor Gurov
10:56 AM Bug #11361: ISO Installer not functioning on latest snapshots
Adding another data point, the latest snapshot installs as expected. Jim Pingle
06:27 AM Bug #11361: ISO Installer not functioning on latest snapshots
I can confirm. The latest release works fine. Thank you. Danilo Zrenjanin
05:43 AM Bug #11361 (Resolved): ISO Installer not functioning on latest snapshots
memstick is also working Renato Botelho
05:33 AM Bug #11361: ISO Installer not functioning on latest snapshots
yon Liu wrote:
> @jimp Do you get the same behavior with the memstick?
>
> yes. i am using memstick, it still can... Renato Botelho
10:44 AM Bug #11365: dhcpv6 cannot push ipv6 gateway address
I can't reproduce this here. radvd is running, clients on LAN get an IPv6 gateway and full connectivity. DHCPv6 serve... Jim Pingle
10:38 AM Bug #11365 (New): dhcpv6 cannot push ipv6 gateway address
not such issue on my other VM (on the same Proxmox host, same 2.5.0.a.20210203.1432)
seems like VM/Hypervisor specific Viktor Gurov
09:35 AM Bug #11365: dhcpv6 cannot push ipv6 gateway address
bug in pf2.5
2.5.0-DEVELOPMENT (amd64)
built on Wed Feb 03 14:36:18 CST 2021
FreeBSD 12.2-STABLE
!https://i.im... yon Liu
01:08 AM Bug #11365 (Confirmed): dhcpv6 cannot push ipv6 gateway address
no such issue on 2.4.5-p1,
radvd -d5 -m stderr -n -C /var/etc/radvd.conf
2.5.0.a.20210203.1432 output:... Viktor Gurov
10:16 AM Bug #11364 (Rejected): php-fpm and netstat taking very high CPU
There isn't nearly enough information here to qualify this as a bug. Keep the discussion on the forum for now. Jim Pingle
09:43 AM Feature #11369 (Resolved): add Enabling IPv6 Source Address Validation support

i have no find about this how do it Enabling IPv6 Source Address Validation support in pfsense system?
After t... yon Liu
09:15 AM Bug #11367: radvd.conf keeps old configuration
Applied in changeset commit:91cd17417d7cba3ab5dbe55f0ced02eaef78c45b. Viktor Gurov
09:08 AM Bug #11367 (Feedback): radvd.conf keeps old configuration
Merged Renato Botelho
05:24 AM Bug #11367 (Pull Request Review): radvd.conf keeps old configuration
Renato Botelho
02:04 AM Bug #11367: radvd.conf keeps old configuration
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/120 Viktor Gurov
01:35 AM Bug #11367 (Resolved): radvd.conf keeps old configuration
radvd.conf keeps the old configuration when you switch "IPv6 Configuration Type" to non-Static (DHCP6,SLAAC) IPv6 typ... Viktor Gurov
09:12 AM Bug #11254 (Feedback): Some OpenVPN configuration files remain after deleting an instance
Merged Renato Botelho
05:24 AM Bug #11254 (Pull Request Review): Some OpenVPN configuration files remain after deleting an instance
Renato Botelho
04:29 AM Bug #11254 (New): Some OpenVPN configuration files remain after deleting an instance
sometime for some reason it shows PHP error:... Viktor Gurov
09:11 AM Feature #7727 (Feedback): uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port
Keith contacted me and said it will be tested during the weekend. Leave it in feedback state until hear about results Renato Botelho
05:53 AM Bug #10966 (In Progress): IPv6 - WAN does not renew address when upstream fails
Renato Botelho
05:42 AM Bug #10966: IPv6 - WAN does not renew address when upstream fails

But I do a manual release / renew and it picks up an address
Logs Attached showing the reboot releasing (?) the ... John Griffin
05:35 AM Bug #10966: IPv6 - WAN does not renew address when upstream fails
I updated this morning to the latest 2.5 release which had the dhcp6-20080615.2_4 client. I then rebooted this aftern... John Griffin
05:50 AM Bug #11272: OCSP settings only for TLS auth
this is incorrect, fixed in #11368
the only difference between "SSL/TLS + User Auth" and "User Auth" is the `verif... Viktor Gurov
05:47 AM Bug #11362 (Closed): Peer Certificate Options Missing when creating new Server in 2.5x in User/Auth Mode
fix in #11368 Viktor Gurov
03:13 AM Bug #11362 (Feedback): Peer Certificate Options Missing when creating new Server in 2.5x in User/Auth Mode
Tested on the latest release.
I could successfully apply the changes without error messages, but the OpenVPN serve... Danilo Zrenjanin
12:49 AM Bug #11362 (Resolved): Peer Certificate Options Missing when creating new Server in 2.5x in User/Auth Mode
2.5.0.a.20210203.1432 fixed Viktor Gurov
05:26 AM pfSense Packages Bug #11366: Arpwatch Cron Notification every 15 minutes
Viktor Gurov wrote:
> You need to check "Disable Cron emails" option
> see #10771
Option is already checked, I'v... Abdul Khaliq
05:18 AM Bug #11368 (Feedback): OpenVPN Remote Access (User Auth)
Renato Botelho
05:18 AM Bug #11368: OpenVPN Remote Access (User Auth)
PR has been merged. Thanks! Renato Botelho
04:18 AM Bug #11368: OpenVPN Remote Access (User Auth)
TLS parameters "dh, capath, cert, key" etc, is a mandatory for all modes except p2p_shared_key ('client')
revert #... Viktor Gurov
03:29 AM Bug #11368 (Resolved): OpenVPN Remote Access (User Auth)
The OpenVPN service won't start if I choose _Remote Access (User Auth)_ server mode.
Status>OpenVPN:... Danilo Zrenjanin
05:15 AM Bug #11330 (Resolved): IGMP Proxy upgrade to latest version
Renato Botelho
12:29 AM pfSense Docs Correction #11161 (Resolved): Feedback on Virtual Private Networks — IPsec — Routed IPsec (VTI)
looks good Viktor Gurov

02/03/2021

11:17 PM pfSense Packages Bug #11366 (Rejected): Arpwatch Cron Notification every 15 minutes
You need to check "Disable Cron emails" option
see #10771 Viktor Gurov
10:11 PM pfSense Packages Bug #11366 (Resolved): Arpwatch Cron Notification every 15 minutes
Every 15 mins or so I receive an email containing :
Subject Arpwatch Notification : Cron <root@firewall> /etc/rc.f... Abdul Khaliq
11:09 PM pfSense Docs Correction #11160 (Resolved): Feedback on Services — SNMP
looks good Viktor Gurov
01:23 PM pfSense Docs Correction #11160 (Feedback): Feedback on Services — SNMP
Link added. Jim Pingle
10:21 PM Bug #11330: IGMP Proxy upgrade to latest version
Confirmed, I see 0.3 now, thank you.
I still need to run watchdog to get the process restarted after initial bootu... Patrick Monfette
08:26 PM Revision 1feccc87: Convert fonts to woff2
GChuf 6
07:37 PM Bug #11364: php-fpm and netstat taking very high CPU
2021/02/04 09:33:29 [error] 38147#100184: *3 upstream timed out (60: Operation timed out) while reading response head... yon Liu
07:13 PM Bug #11364 (Rejected): php-fpm and netstat taking very high CPU

I stopped the FRR service, but there are still processes taking very high CPU
[2.5.0-DEVELOPMENT][admin@face.x... yon Liu
07:35 PM Bug #11365: dhcpv6 cannot push ipv6 gateway address
/status_services.php: The command '/usr/local/sbin/radvd -p /var/run/radvd.pid -C /var/etc/radvd.conf -m syslog' retu... yon Liu
07:16 PM Bug #11365 (Not a Bug): dhcpv6 cannot push ipv6 gateway address
dhcpv6 cannot push ipv6 gateway addressto lan, stateless and assisted mode all can't normal work.
tested in window... yon Liu
07:08 PM Bug #11361: ISO Installer not functioning on latest snapshots
@jimp Do you get the same behavior with the memstick?
yes. i am using memstick, it still can't work.
only the v... yon Liu
12:15 PM Bug #11361: ISO Installer not functioning on latest snapshots
Danilo Zrenjanin wrote:
> Tested on the latest release (pfSense-CE-2.5.0-DEVELOPMENT-amd64-latest.iso)
>
> I stil... Renato Botelho
11:58 AM Bug #11361: ISO Installer not functioning on latest snapshots
Tested on the latest release (pfSense-CE-2.5.0-DEVELOPMENT-amd64-latest.iso)
I still can't pass the Copyright and ... Danilo Zrenjanin
11:14 AM Bug #11361 (Feedback): ISO Installer not functioning on latest snapshots
Fixed Renato Botelho
02:44 PM pfSense Docs Correction #11258 (Feedback): Feedback on Installing and Upgrading — Prepare Installation Media — Prepare a USB Memstick
I pushed a correction for that typo, thanks! Jim Pingle
10:45 AM pfSense Docs Correction #11258: Feedback on Installing and Upgrading — Prepare Installation Media — Prepare a USB Memstick
The suggested text is a minor change, I'll try to bold the word. Basically, change "must" to "much":
Current:
On... Anonymous
10:40 AM pfSense Docs Correction #11258: Feedback on Installing and Upgrading — Prepare Installation Media — Prepare a USB Memstick
I could be mistaken, but the current and suggested text look to be the same to me. Jared Dillard
02:32 PM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port
I just updated net/miniupnpd to 2.2.1 so it would be nice to get it tested again after that Renato Botelho
02:02 PM pfSense Docs Correction #11241 (Resolved): Feedback on Backup and Recovery — Restoring from Backups
Looks good! Marcos M
01:38 PM pfSense Docs Correction #11241 (Feedback): Feedback on Backup and Recovery — Restoring from Backups
Additional warning now in place, will show up shortly when it rebuilds. Jim Pingle
10:52 AM pfSense Docs Correction #11241 (In Progress): Feedback on Backup and Recovery — Restoring from Backups
OK, the description did not mention upgrade code at all, or hint at it. I can add that as well. Jim Pingle
10:48 AM pfSense Docs Correction #11241: Feedback on Backup and Recovery — Restoring from Backups
My intent was to hint towards the potential issue of restoring a specific area (e.g. openvpn) and not having upgrade ... Marcos M
09:25 AM pfSense Docs Correction #11241 (Feedback): Feedback on Backup and Recovery — Restoring from Backups
Added warning: https://docs.netgate.com/pfsense/en/latest/backup/restore.html#restore-options Jim Pingle
01:25 PM pfSense Docs Correction #11239 (Rejected): Feedback on pfSense Configuration Recipes — Virtualizing pfSense with VMware vSphere / ESXi
It's standard practice to match the version of the guest OS, there isn't any reason why someone should pick FreeBSD 1... Jim Pingle
01:21 PM pfSense Docs Correction #11170 (Feedback): Feedback on Routing — Static Routes
Warning added. Jim Pingle
01:17 PM Bug #11363 (New): Clean Install 2.5.0 fails due to hardware incompability
System freezes soon after boot. Known problem without any known workarounds, like kern.vty=sc or changing bios UEFI/L... Niklas H
01:06 PM pfSense Docs Correction #9378 (Feedback): Feedback on Virtualization — Virtualizing pfSense with Proxmox
I updated the recipe a bit since a lot of it didn't match current versions of Proxmox, and added a stronger wording a... Jim Pingle
12:43 PM Revision bfde8f08: OpenVPN input validation fix. Issue #11362
Viktor Gurov
10:34 AM pfSense Docs Correction #9951 (Feedback): Feedback on VPN — OpenVPN — Configuring a Single Multi-Purpose OpenVPN Instance
Added bullet mentioning the topology setting. Jim Pingle
10:30 AM pfSense Docs Correction #11253 (Resolved): Feedback on Multiple WAN Connections — Load Balancing and Failover with Gateway Groups
Fixed Jim Pingle
10:30 AM pfSense Docs Correction #10562 (Resolved): Feedback on L2TP VPN — L2TP with IPsec
I added "Auto" to the recipe as an alternate setting, the other changes largely depend on the client being used. The ... Jim Pingle
10:26 AM pfSense Docs Correction #11245 (Resolved): Feedback on Virtual Private Networks — IPsec — IPsec Configuration
looks good Viktor Gurov
10:15 AM pfSense Docs Correction #11245 (Feedback): Feedback on Virtual Private Networks — IPsec — IPsec Configuration
Fixed. Jim Pingle
10:22 AM pfSense Docs Correction #11161 (Feedback): Feedback on Virtual Private Networks — IPsec — Routed IPsec (VTI)
Link added Jim Pingle
10:05 AM pfSense Docs New Content #11238 (Feedback): LAGG (Link Aggregation)
Note added: https://docs.netgate.com/pfsense/en/latest/interfaces/lagg.html#lagg-interface-configuration Jim Pingle
10:00 AM pfSense Docs Correction #11162: Feedback on Backup and Recovery — Making Backups in the GUI
Jim Pingle wrote:
> Unless I'm misreading the intent here, the first note (point 1) is irrelevant. It has never been... Viktor Gurov
09:36 AM pfSense Docs Correction #11162 (Feedback): Feedback on Backup and Recovery — Making Backups in the GUI
Added section on encrypted backups with the commands:
https://docs.netgate.com/pfsense/en/latest/backup/restore.ht... Jim Pingle
09:01 AM pfSense Docs Correction #11162: Feedback on Backup and Recovery — Making Backups in the GUI
Unless I'm misreading the intent here, the first note (point 1) is irrelevant. It has never been possible to restore ... Jim Pingle
09:34 AM pfSense Docs Correction #9057 (Resolved): [feedback form] Missing info on advanced networking page
I updated this page a couple months ago, it's there now:
https://docs.netgate.com/pfsense/en/latest/config/advance... Jim Pingle
08:10 AM Bug #10176 (Resolved): Multiple duplicate / overlapping phase 2 Child SAs on IPsec tunnels
Between the new default behaviors, the updated documentation/configuration guidance, and the new options on 2.5.0 (#1... Jim Pingle
08:07 AM Todo #11309 (Resolved): DNS Resolver automatic ACL entries need refinement
Tested on several different setups and they all appear to be as expected. Contents working and sorted properly. Jim Pingle
07:17 AM Bug #9058: Kernel panic during L2TP retransmit
It still happens in rare conditions and we didn't came up with a solution in time for 2.5.0 Renato Botelho
06:46 AM Bug #11362 (Feedback): Peer Certificate Options Missing when creating new Server in 2.5x in User/Auth Mode
PR has been merged. Thanks! Renato Botelho
01:15 AM Bug #11362: Peer Certificate Options Missing when creating new Server in 2.5x in User/Auth Mode
regression of #11272
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/119 Viktor Gurov
12:35 AM Bug #11362 (Closed): Peer Certificate Options Missing when creating new Server in 2.5x in User/Auth Mode
When creating a new OpenVPN Server in 2.5x, if you choose "User Auth" mode, you cannot save, as it insists that the S... John Griffin
06:05 AM Bug #8954 (Resolved): hn0: driver does not support altq
Renato Botelho
12:00 AM Bug #8954: hn0: driver does not support altq
Did upgrade and it works. Greg M
03:56 AM Bug #11360 (Resolved): captive portal custom logo error
2.5.0.a.20210202.2250 fixed Viktor Gurov
02:36 AM Bug #11298 (Resolved): Gateway Group Offline Bug
roundrobin/failover, down/packet loss/high latency/packet loss or high latency - all works as expected
2.5.0.a.202... Viktor Gurov
12:16 AM Bug #9998 (Resolved): DHCP6c and Unbound DNS Server Boot-Up Configuration Failure
2.5.0.a.20210201.2350
works as expected Viktor Gurov
12:04 AM Bug #11336 (Resolved): Hide TLS keydir for p2p openvpn mode
2.5.0.a.20210201.2350 fixed Viktor Gurov
12:02 AM Bug #9324 (Resolved): IPv6 on top of a PPPOE ipv4 interface assigns parent interface to default route, not pppoe interface
2.5.0.a.20210201.2350 fixed Viktor Gurov

02/02/2021

11:55 PM Bug #11224 (Resolved): dhcpd.conf creation - zone declarations
/var/dhcpd/etc/dhcpd.conf:... Viktor Gurov
11:53 PM Bug #11348 (Resolved): Sanitize PKCS#11 PIN from swanctl.conf
2.5.0.a.20210201.2350
works as expected Viktor Gurov
06:23 PM Revision 2521eced: Fixed #11328 by fixing jQuery and error when 'protocol' is undefined
Steve Beaver
06:13 PM Feature #8786: Wireguard VPN
Renato Botelho wrote:
> Project was hosted on an internal server but is now replicated to github at https://github.c... Ronald Schellberg
11:47 AM Feature #8786: Wireguard VPN
Ronald Schellberg wrote:
> Renato Botelho wrote:
> > Initial kernel version wireguard support is now in place
>
... Renato Botelho
06:13 PM Feature #11354: WireGuard should respond from the address used by peer
Actually: the code is already doing this - it may not be saving the incoming source addr in all situations. Will chec... Peter Grehan
06:02 PM Feature #11354: WireGuard should respond from the address used by peer
I've had a look at this: it may not be too bad.
The source address for the peer is already recorded to be used in ... Peter Grehan
02:05 PM Bug #11361: ISO Installer not functioning on latest snapshots
Manuel Piovan wrote:
> i can barely see, when i press enter,
>
> /etc/rc.local: bsdinstall: not found
>
> late... Michael Spears
01:18 PM Bug #11361: ISO Installer not functioning on latest snapshots
i can barely see, when i press enter,
/etc/rc.local: bsdinstall: not found
latest iso is only 175MB
 Manuel Piovan
12:25 PM Bug #11361 (Resolved): ISO Installer not functioning on latest snapshots
The installer ISO is not functioning on the latest 2.5.0 snapshots. More information in the forum thread at https://f... Jim Pingle
01:48 PM Revision 2d51537f: Captive Portal custom logo fix. Issue #11360
Viktor Gurov
01:32 PM Bug #8686: IPsec VTI: Assigned interface firewall rules are never parsed
In addition to the above, the BPF mask also needs changed.
The complete set of required sysctl values are:
<pre... Jim Pingle
12:46 PM Bug #11328 (Resolved): OpenVPN Ciphers will not stick in 2.5
Works OK now in Chrome and FireFox. No JS errors on the list page or edit page. Jim Pingle
12:30 PM Bug #11328: OpenVPN Ciphers will not stick in 2.5
Applied in changeset commit:2521eced153b0c96bf6375787c607377e89639ed. Anonymous
12:27 PM Bug #11328 (Feedback): OpenVPN Ciphers will not stick in 2.5
Anonymous
09:09 AM Bug #11328 (In Progress): OpenVPN Ciphers will not stick in 2.5
Anonymous
08:52 AM Bug #11328 (New): OpenVPN Ciphers will not stick in 2.5
OK, I can reproduce it that way, but only in Chrome. Watching the network panel as it makes the POST, for whatever re... Jim Pingle
11:18 AM Feature #7727 (New): uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port
Renato Botelho
11:16 AM Bug #11208 (Resolved): pkg_edit uses incorrect description for pkg_edit buttons
Renato Botelho
11:16 AM Bug #9592 (Resolved): VTI interface down because interface number created is greater than ipsec32768
Renato Botelho
11:15 AM Todo #11219 (Resolved): Improve IPsec GUI options for P1/P2 reauth/rekey
Renato Botelho
11:13 AM Bug #9242 (Resolved): MBT-4220/2220 not recognized by pfsense correctly after UEFI upgraded to 1.00
Renato Botelho
11:12 AM Bug #11314 (Resolved): PHP error in gwlb.inc (potential race)
Renato Botelho
11:09 AM Todo #11278 (Resolved): Update dnsmasq to >=2.8.3
Renato Botelho
11:07 AM Todo #10997 (Resolved): Retire m0n0wall config support
Renato Botelho
08:11 AM Bug #11360 (Feedback): captive portal custom logo error
PR has been merged. Thanks! Renato Botelho
08:02 AM Bug #11360: captive portal custom logo error
Tested that patch against:... Steve Wheeler
07:52 AM Bug #11360 (Pull Request Review): captive portal custom logo error
Jim Pingle
07:50 AM Bug #11360: captive portal custom logo error
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/118 Viktor Gurov
07:29 AM Bug #11360: captive portal custom logo error
To be clear this is triggered when enabling the custom logo option and then not uploading a file. Or by not also uplo... Steve Wheeler
07:12 AM Bug #11360 (Resolved): captive portal custom logo error
https://forum.netgate.com/topic/160450/crash-report:
It crashed abruptly when trying to configure captive portal. Al... Viktor Gurov
08:05 AM Bug #11338 (Resolved): WireGuard cannot connect to an IPv6 endpoint
Latest snapshot looks good!... Jim Pingle
07:36 AM Bug #11359 (Duplicate): Multi-WAN issue - unable to connect to interface with not-default gateway
You didn't mention WireGuard in the subject or description but since the category is set to WireGuard, I'm assuming t... Jim Pingle
03:02 AM Bug #11359 (Duplicate): Multi-WAN issue - unable to connect to interface with not-default gateway
I have 4 Internet links, so 4 gateways is configured and only one of them is configured as default gateway.
Firewall... Alexey Muzychenko
06:29 AM Feature #11358 (Pull Request Review): New Dynamic DNS Provider: NIC.RU
Renato Botelho
06:13 AM Feature #11358: New Dynamic DNS Provider: NIC.RU
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/242 Viktor Gurov
12:53 AM Feature #11358 (Closed): New Dynamic DNS Provider: NIC.RU
https://www.nic.ru/help/dynamic-dns-for-developers_5810.html:
Request for IP address update looks like this:
GET ... Viktor Gurov
06:23 AM Bug #11344 (Resolved): Sanitize Squid securiteinfo_id
... Viktor Gurov
06:16 AM Bug #11342 (Resolved): Sanitize DHCP DDNS keys
works as expected:... Viktor Gurov
04:29 AM Bug #11340 (Resolved): Hide WG interfaces on DHCP/DHCPv6 Relay pages
> Hide WireGuard interfaces on DHCP/DHCPv6 Relay pages
Works as expected
> Hide mediaopt field for WireGuard inte... Viktor Gurov
04:26 AM Bug #11341 (Resolved): PresharedKey is not sanitized from status_output config file
2.5.0.a.20210201.1628 works as expected:
WireGuard-Configuration File wg0.conf... Viktor Gurov
03:24 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries
Same sentiment here as Robert Gijsen's above.
Do we at least know whether the bug is in filterdns itself (generati... Christian Ullrich
03:11 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries
Wait wut? This got postponed AGAIN? This is a breaking issue for two years and a few days now, and still it's priorit... Robert Gijsen

02/01/2021

11:28 PM Feature #11357 (Duplicate): Support for DynDNS provider deSEC.io
see https://forum.netgate.com/topic/103067/support-for-dyndns-provider-desec-io
API: https://desec.readthedocs.io/... Viktor Gurov
07:05 PM Bug #11328: OpenVPN Ciphers will not stick in 2.5
Sorry about the video's, they should be viewable now.
You are correct, I cannot replicate the issue in Firefox. I ... John Griffin
07:39 AM Bug #11328: OpenVPN Ciphers will not stick in 2.5
Those videos are private and cannot be viewed.
I tried again and can't replicate the problem here. Maybe write out... Jim Pingle
05:41 PM Revision d9e8e80e: Fix #8954: Enable hn_altq_enable on default config
Renato Botelho
04:11 PM Revision 86b28a02: Refactored system_advanced_* pages for MVC
Steve Beaver
02:47 PM Feature #11354: WireGuard should respond from the address used by peer
Christian McDonald wrote:
> One solution that was offered is to use a inbound NAT rule to port forward 51820 (or wha... Jim Pingle
02:44 PM Feature #11354: WireGuard should respond from the address used by peer
I added notes about this limitation in the docs for now: https://docs.netgate.com/pfsense/en/latest/vpn/wireguard/lim... Jim Pingle
02:00 PM Feature #11354: WireGuard should respond from the address used by peer
Was just about to post this exact issue. As it stands currently, I don't believe there is a way to utilize a CARP VIP... Christian McDonald
12:44 PM Feature #11354: WireGuard should respond from the address used by peer
Not a blocker since, if it is possible, this is likely non-trivial. Jim Pingle
12:43 PM Feature #11354 (Resolved): WireGuard should respond from the address used by peer
When a WireGuard peer contacts the firewall, the firewall always responds from the address it deems closest to the cl... Jim Pingle
02:42 PM Feature #11302: WireGuard XMLRPC sync
Until the other issue is addressed, I have noted the limitation here: https://docs.netgate.com/pfsense/en/latest/vpn/... Jim Pingle
12:46 PM Feature #11302: WireGuard XMLRPC sync
After testing this for a while in several different configuration styles, it's not viable yet. NAT doesn't help, at b... Jim Pingle
02:18 PM Bug #11330 (Feedback): IGMP Proxy upgrade to latest version
Version 0.3 was cherry-picked from FreeBSD and will be available on next round of snapshots Renato Botelho
02:18 PM Bug #11356 (Not a Bug): Copy firewall rule from one interface to another interface
It works fine as-is. Click copy, then set the interface to the new one, then save. Jim Pingle
02:01 PM Bug #11356 (Not a Bug): Copy firewall rule from one interface to another interface
Please, add this functionality on firewall rules:
Copy selected firewall rule from one interface to another interf... Teste Teste
02:17 PM Revision ab9a819b: Sanitize PKCS11 PIN from swanctl.conf. Issue #11348
Viktor Gurov
02:16 PM Revision 51a34b1f: Sanitize securiteinfo_id. Issue #11344
Viktor Gurov
02:16 PM Revision f1895d6a: Sanitize DHCP DDNS keys. Issue #11342
Viktor Gurov
02:15 PM Revision 294bb15c: Sanitize WireGuard PresharedKey from config. Fixes #11341
Viktor Gurov
02:14 PM Bug #11256 (Feedback): Cannot add alias with multiple URLs
Viktor says it works on 2.5.0. Leaving it at feedback state for now Renato Botelho
02:14 PM Revision 90749e06: Issue #11340
Hide WireGuard interfaces on DHCP/DHCPv6 Relay pages,
Hide mediaopt field for WireGuard interfaces on interfaces.php ... Viktor Gurov
02:13 PM Revision 48c91226: Hide TLS keydir for p2p openvpn mode. Issue #11336
Viktor Gurov
02:12 PM Bug #10966 (Feedback): IPv6 - WAN does not renew address when upstream fails
I've imported debian patch - https://sources.debian.org/patches/wide-dhcpv6/20080615-23/0018-dhcpv6-ignore-advertise-... Renato Botelho
01:23 PM Bug #11355 (Not a Bug): interfaces / assign interfaces / vxlan missing from menu
That is correct, there were issues in VXLAN which made it non ready for production use and it was removed. Jim Pingle
01:19 PM Bug #11355: interfaces / assign interfaces / vxlan missing from menu
i found out that vxlan has been retired https://redmine.pfsense.org/projects/pfsense/repository/revisions/3856366b4fb... Manuel Piovan
01:14 PM Bug #11355: interfaces / assign interfaces / vxlan missing from menu
https://redmine.pfsense.org/projects/pfsense/repository/revisions/3856366b4fb3823d02108c0ee63043509a89e0db
 Grimson Gretzleburg
01:05 PM Bug #11355 (Not a Bug): interfaces / assign interfaces / vxlan missing from menu
2.5.0-DEVELOPMENT (amd64)
built on Mon Feb 01 00:03:10 EST 2021
FreeBSD 12.2-STABLE
i can manually load the page... Manuel Piovan
11:51 AM Bug #8954 (Feedback): hn0: driver does not support altq
I've enabled hn_altq_enable option on default config. It was missing
I've also added needed loader tuning to inst... Renato Botelho
11:41 AM Bug #8954: hn0: driver does not support altq
Moving target to 2.5.0 since it regressed Renato Botelho
08:52 AM Bug #11339: Odd console output when WireGuard is running
For completeness sake, this is confirmed to be WireGuard.... Marcos M
08:36 AM Bug #11339: Odd console output when WireGuard is running
If your gateway was set to automatic there is a high chance that wireguard took over as the default gateway. At least... Jim Pingle
08:31 AM Bug #11339: Odd console output when WireGuard is running
That was not the case here, though I did have the gateway selection set to automatic. However, given that the WAN gat... Marcos M
07:45 AM Bug #11339: Odd console output when WireGuard is running
When Steve saw it, I think he had a routing loop of sorts -- the outer WireGuard traffic was attempting to go over th... Jim Pingle
08:24 AM pfSense Packages Bug #11333: Incorrect community-list format
2.4.5 PR has been merged. Thanks! Renato Botelho
08:22 AM pfSense Packages Bug #11346 (Feedback): Raw-Config not working
PR has been merged. Thanks! Renato Botelho
07:57 AM pfSense Packages Bug #11346 (Pull Request Review): Raw-Config not working
Jim Pingle
08:22 AM pfSense Packages Bug #11345 (Feedback): FRR-OSPF - No "prefix-list" possible
PR has been merged. Thanks! Renato Botelho
07:55 AM pfSense Packages Bug #11345 (Pull Request Review): FRR-OSPF - No "prefix-list" possible
Jim Pingle
08:20 AM pfSense Packages Bug #11054 (Feedback): Check Client Certificate CN not working as described
PR has been merged. Thanks! Renato Botelho
07:54 AM pfSense Packages Bug #11054 (Pull Request Review): Check Client Certificate CN not working as described
Jim Pingle
08:20 AM Bug #11341: PresharedKey is not sanitized from status_output config file
Applied in changeset commit:294bb15c5230bd389bd1a6b738297bf4d57afb98. Viktor Gurov
08:15 AM Bug #11341 (Feedback): PresharedKey is not sanitized from status_output config file
PR has been merged. Thanks! Renato Botelho
07:49 AM Bug #11341 (Pull Request Review): PresharedKey is not sanitized from status_output config file
Jim Pingle
08:17 AM Bug #11348 (Feedback): Sanitize PKCS#11 PIN from swanctl.conf
PR has been merged. Thanks! Renato Botelho
07:57 AM Bug #11348 (Pull Request Review): Sanitize PKCS#11 PIN from swanctl.conf
Jim Pingle
08:17 AM Bug #11344 (Feedback): Sanitize Squid securiteinfo_id
PR has been merged. Thanks! Renato Botelho
07:53 AM Bug #11344 (Pull Request Review): Sanitize Squid securiteinfo_id
Jim Pingle
08:16 AM Bug #11342 (Feedback): Sanitize DHCP DDNS keys
PR has been merged. Thanks! Renato Botelho
07:52 AM Bug #11342 (Pull Request Review): Sanitize DHCP DDNS keys
Jim Pingle
08:14 AM Bug #11340 (Feedback): Hide WG interfaces on DHCP/DHCPv6 Relay pages
PR has been merged. Thanks! Renato Botelho
07:47 AM Bug #11340 (Pull Request Review): Hide WG interfaces on DHCP/DHCPv6 Relay pages
Jim Pingle
08:14 AM Bug #11336 (Feedback): Hide TLS keydir for p2p openvpn mode
PR has been merged. Thanks! Renato Botelho
08:09 AM Bug #11353 (Not a Bug): Changing of gateway order in gateway groups is not applied to firewall rules on "Apply"
I can't replicate this on 2.5.0. Might have been fixed since 2.4.5.
The apply process already performs a filter re... Jim Pingle
03:00 AM Bug #11353 (Not a Bug): Changing of gateway order in gateway groups is not applied to firewall rules on "Apply"
Suppose you have gateway group with two gateways: GW1 = Tier1, GW2 = Tier2.
Then you change order: GW1 = Tier2, G... Alexey Ab
08:00 AM pfSense Packages Todo #11351 (Not a Bug): updated version to pfsense 2.4.5_1
At this point, the 2.5.0 release is close enough that backporting all the changes is unlikely. Jim Pingle
07:59 AM Bug #11350 (Rejected): Multi wan default gateway bug and gateway monitoring bug
Default gateway groups can only be failover, not load balance. There is no way to have two default gateways of equal ... Jim Pingle
07:34 AM Bug #11337 (New): Interface column empty in list of GIF tunnels when using IP Alias on CARP VIP as Interface
The description was inaccurate. As stated, there was no problem. The problem exists only when the interface is set to... Jim Pingle
07:25 AM pfSense Packages Feature #9555 (Resolved): pimd package
Tested on 2.4.5_p1 and on 21.02-DEVELOPMENT (built on Mon Feb 01 00:05:45 EST 2021)
Tested with 3 different multic... Azamat Khakimyanov
06:39 AM Bug #11338 (Feedback): WireGuard cannot connect to an IPv6 endpoint
Peter Grehan wrote:
> if_wg.diff - kernel diff
> wg_tools - wireguard_tools diff
I've imported both patches and ... Renato Botelho
06:26 AM Bug #11322 (Resolved): WireGuard Public Key should not be entered by the user
Renato Botelho

01/31/2021

08:34 PM Bug #11352 (New): CTF types > 2^15 in the pfSense kernel config results in DTrace failing
The pfSense kernel config adds a number of additional subystems and drivers to the FreeBSD GENERIC kernel.
This ad... Peter Grehan
01:44 PM Bug #11311 (Resolved): Listen and peer port validation in wg.inc
Tested on the latest 2.5 image. It's working as expected. I'll mark it as resolved. Max Leighton
09:56 AM pfSense Packages Todo #11351 (Not a Bug): updated version to pfsense 2.4.5_1
you did released updated version (1.16.18_14) for pfsense 2.5.devel
but pfsense 2.4.5_1 still at version (1.16.18_... khaled osama
09:31 AM Bug #11337: Interface column empty in list of GIF tunnels when using IP Alias on CARP VIP as Interface
instead of having multiple CARP VIPs attached to WAN, I have one CARP VIP and the IP Aliases that follow that CARP VI... Christian McDonald
01:00 AM Bug #11338: WireGuard cannot connect to an IPv6 endpoint
if_wg.diff - kernel diff
wg_tools - wireguard_tools diff Peter Grehan
12:43 AM Bug #11338: WireGuard cannot connect to an IPv6 endpoint
The above wasn't correct: just another misconfiguration :(
There are a number of issues, all boiling down to "stru... Peter Grehan

01/30/2021

10:54 PM Bug #11350 (Rejected): Multi wan default gateway bug and gateway monitoring bug
Hello,
My setup is so easy, i have two wan lines which are working in pppoe and one lan network, i have a gateway ... Samuel Hanna
05:24 PM pfSense Packages Feature #6022: Consider MLVPN for bonded VPN
+1 for this feature.
As I understand it (which may be incorrect), pfSense "bonding" only load-balances by number of ... Val Schmidt
05:10 PM pfSense Packages Feature #9238: Add support for Zerotier
+1 for this feature!!! Val Schmidt
10:32 AM Bug #11297 (Resolved): strongSwan doesn't support wildcard certificates
Tested on the latest release. It works as expected. Ticket resolved. Danilo Zrenjanin
10:32 AM Bug #11190: IPsec VTI outbound NAT to interface address not working (pfsense 2.4.5-p1)
Kevin Mychal Ong wrote:
> Jim Pingle wrote:
> > Correct. Keep any further discussion on the forum, though.
>
> T... Kevin Mychal Ong
10:08 AM pfSense Packages Bug #11331: FreeRADIUS latest package upgrade broke Plain Mac Authentication
I am not sure whether I tested it correctly, though. I used a LapTop as a client trying to authenticate through FreeR... Danilo Zrenjanin
05:58 AM pfSense Packages Bug #11331: FreeRADIUS latest package upgrade broke Plain Mac Authentication
Tested on the latest release. Plain Mac Authentication is not working. When it's enabled, I can log in with the wrong... Danilo Zrenjanin
09:20 AM pfSense Packages Bug #11333: Incorrect community-list format
works as expected on 2.5 branch
2.4.5 fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/41 Viktor Gurov
08:43 AM pfSense Packages Feature #11349 (Resolved): Allow to set minimum TLS version
EAP methods allows to set 'tls_min_version',
which is 1.0 by default
WebGUI dropdown option needed to select betw... Viktor Gurov
07:57 AM pfSense Packages Bug #7271 (Resolved): Co-existence of unbound and BIND/named
this fix is only for clean BIND install
9.16_9 works as expected Viktor Gurov
06:51 AM pfSense Packages Bug #7271: Co-existence of unbound and BIND/named
Tested on the latest release. Bind package version 9.16_9. It's still not fixed. Please check. Danilo Zrenjanin
07:42 AM pfSense Packages Bug #11001 (Resolved): freeradius lose sql lib every pfsense update
works as expected Viktor Gurov
06:26 AM Feature #6626: Support for IPv6 firewall entries with dynamic delegated prefix and static host address
This request is now 4,5 years old and has not seen any relevant activity.
As ISPs in Europe still provide users with... A J
06:15 AM Bug #11250 (Resolved): disabled FTP-Proxy service starts on boot
Tested on the latest release. It works as expected. Ticket resolved. Danilo Zrenjanin
06:07 AM Bug #11254 (Resolved): Some OpenVPN configuration files remain after deleting an instance
Tested on the latest release. It works as expected. Ticket resolved. Danilo Zrenjanin
05:38 AM pfSense Packages Bug #11321 (Resolved): Clamd service fails to start upon reboot when Block PUA option is checked on Squid Proxy Server Package
0.4.45_2 fixed Viktor Gurov
05:35 AM Bug #11348: Sanitize PKCS#11 PIN from swanctl.conf
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/116 Viktor Gurov
05:33 AM Bug #11348 (Resolved): Sanitize PKCS#11 PIN from swanctl.conf
Sanitize "pin = " from IPsec-Configuration Viktor Gurov
04:20 AM pfSense Packages Bug #11346: Raw-Config not working
fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/40 Viktor Gurov
03:32 AM pfSense Packages Bug #11346 (Resolved): Raw-Config not working
https://forum.netgate.com/topic/160365/frr-raw-config-not-working:
since an update it seems not to be possible to us... Viktor Gurov
03:42 AM pfSense Packages Bug #11345: FRR-OSPF - No "prefix-list" possible
same issue with Access lists
fix: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/39 Viktor Gurov
03:21 AM pfSense Packages Bug #11345 (Resolved): FRR-OSPF - No "prefix-list" possible
https://forum.netgate.com/topic/160363/frr-ospf-no-prefix-list-possible:
currently it is not possible for me to conf... Viktor Gurov
03:17 AM pfSense Packages Bug #11054: Check Client Certificate CN not working as described
more fixes:
- Fixes SQL backend user existing check;
- Fixes counters issue (`$varsqlconfauthcounters` lines)
http... Viktor Gurov
02:48 AM Bug #11338: WireGuard cannot connect to an IPv6 endpoint
Took a while to set this up, but I can get a repro with an OpenBSD client.
Tunnel traffic is being delivered to wg... Peter Grehan
01:08 AM Bug #11338 (New): WireGuard cannot connect to an IPv6 endpoint
Viktor Gurov
02:42 AM Bug #11337: Interface column empty in list of GIF tunnels when using IP Alias on CARP VIP as Interface
Ok... The tunnel works fine, this is just a cosmetic issue, not looking for support. It's trivially reproducible on m... Christian McDonald
12:03 AM Bug #11337 (Rejected): Interface column empty in list of GIF tunnels when using IP Alias on CARP VIP as Interface
Unable to reproduce it on the latest 2.5 snapshot,
Interface column is OK if I select CARP VIP as a parent interface... Viktor Gurov
02:19 AM Bug #11344: Sanitize Squid securiteinfo_id
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/115 Viktor Gurov
02:17 AM Bug #11344 (Resolved): Sanitize Squid securiteinfo_id
Sanitize "<securiteinfo_id>" antivirus subscription IO
related to #11202 Viktor Gurov
01:16 AM pfSense Packages Bug #11343 (Resolved): Invalid link to pfSense-pkg-bind changelog
If you go to "Installed Packages" (/pkg_mgr_installed.php) or "Available Packages" (/pkg_mgr.php), there is a link to... Anthony Pants
01:05 AM Bug #11342: Sanitize DHCP DDNS keys
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/114 Viktor Gurov
12:57 AM Bug #11342 (Resolved): Sanitize DHCP DDNS keys
<ddnsdomainkey> from config.xml
and 'secret = ' from DHCP-IPv4 Configuration and DHCP-IPv6-Configuration Viktor Gurov
12:28 AM Bug #11341: PresharedKey is not sanitized from status_output config file
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/113 Viktor Gurov
12:24 AM Bug #11341 (Resolved): PresharedKey is not sanitized from status_output config file
PresharedKey is not sanitized from config file
WireGuard-Configuration File wg0.conf:... Viktor Gurov
12:22 AM pfSense Packages Bug #11325 (Resolved): BGP MD5 Keys Dropping Unintentionally
Viktor Gurov

01/29/2021

11:42 PM Bug #11340: Hide WG interfaces on DHCP/DHCPv6 Relay pages
- Hide WireGuard interfaces on DHCP/DHCPv6 Relay pages;
- Hide mediaopt field for WireGuard interfaces on interfaces... Viktor Gurov
11:39 PM Bug #11340 (Resolved): Hide WG interfaces on DHCP/DHCPv6 Relay pages
DHCP/DHCPv6 Relay doesn't support WireGuard interfaces:... Viktor Gurov
11:19 PM pfSense Packages Bug #11234 (Resolved): Filer not create missing necessary folders
Viktor Gurov
10:02 PM pfSense Packages Bug #11234: Filer not create missing necessary folders
I was able to create a folder ,
Example:
/var/folder/test1/test2
folder >> folder.
test1 >> folder.
test2... Alhusein Zawi
11:17 PM Bug #11338 (Feedback): WireGuard cannot connect to an IPv6 endpoint
Viktor Gurov
01:03 PM Bug #11338: WireGuard cannot connect to an IPv6 endpoint
Sample config, after my config file fix:... Jim Pingle
12:50 PM Bug #11338 (Resolved): WireGuard cannot connect to an IPv6 endpoint
WireGuard won't connect if using an IPv6 endpoint address on either end.
The IPv6 address in the config file doesn... Jim Pingle
09:41 PM pfSense Packages Bug #11325: BGP MD5 Keys Dropping Unintentionally

pressing "save" is not interrupting the adjacency. (fixed).
2.5.0.a.20210129.1122 Alhusein Zawi
08:06 AM pfSense Packages Bug #11325 (Feedback): BGP MD5 Keys Dropping Unintentionally
PR has been merged. Thanks! Renato Botelho
07:32 AM pfSense Packages Bug #11325 (Pull Request Review): BGP MD5 Keys Dropping Unintentionally
Jim Pingle
06:01 AM pfSense Packages Bug #11325: BGP MD5 Keys Dropping Unintentionally
- restart setkey only if parameters are changed;
- start setkey on service startup (frr.sh rc file fix);

https:/... Viktor Gurov
12:09 AM pfSense Packages Bug #11325: BGP MD5 Keys Dropping Unintentionally

pressing "save" interrupts the adjacency.
2.5.0.a.20210127.2350
 Alhusein Zawi
09:25 PM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port
I can confirm that this is still a problem in 2.5.0.a.20210129.1122.
I upgraded a school system today from 2.3.x to... Polar Nerd
06:54 PM Revision f32e1438: Add brackets around IPv6 endpoint address. Issue #11338
Jim Pingle
06:27 PM Bug #11339 (Not a Bug): Odd console output when WireGuard is running
I'm not sure what triggers the output (see image attached), and I'm not completely certain that it's WireGuard to beg... Marcos M
06:11 PM Bug #11323 (Resolved): Removing a WireGuard tunnel can cause others to be renumbered
Tested on Jan 29 build. Looks good. Marcos M
06:04 PM Bug #11322: WireGuard Public Key should not be entered by the user
Tested on Jan 29 build. Looks good.
The "Copy" link is a little odd in that it scrolls the viewport when clicking ... Marcos M
05:36 PM Bug #11312 (Resolved): Unable to edit or add WireGuard peers
Marcos M
05:34 PM Bug #11312: Unable to edit or add WireGuard peers
Tested on Jan 29 build. Looks good. Marcos M
04:49 PM Bug #11328: OpenVPN Ciphers will not stick in 2.5
Here is video of it occurring. It seems a bit random, sometimes it works, sometimes you end up with a completely diff... John Griffin
08:22 AM Bug #11328 (Rejected): OpenVPN Ciphers will not stick in 2.5
I can't reproduce this as stated. I was able to edit an existing client as well as create a new client, both times it... Jim Pingle
02:28 PM Revision 37a21d1b: Clarify that Peer WireGuard Address can be multiple addrs.
Jim Pingle
01:04 PM Revision c86937e9: Merge pull request #4498 from BBcan177/Fixes
Renato Botelho
12:36 PM Bug #11337 (Resolved): Interface column empty in list of GIF tunnels when using IP Alias on CARP VIP as Interface
If a GIF instance has its interface set to an IP Alias VIP which uses a CARP VIP as its own interface, the Interface ... Christian McDonald
11:13 AM Bug #11336 (Pull Request Review): Hide TLS keydir for p2p openvpn mode
Jim Pingle
09:39 AM Bug #11336: Hide TLS keydir for p2p openvpn mode
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/111 Viktor Gurov
09:38 AM Bug #11336 (Resolved): Hide TLS keydir for p2p openvpn mode
TLS keydir (as other TLS options) is not needed for "Peer to Peer (Shared Key)" mode Viktor Gurov
09:42 AM Bug #11272 (Resolved): OCSP settings only for TLS auth
2.5.0.a.20210128.2350 - OK Viktor Gurov
09:36 AM pfSense Packages Bug #10429: Status Traffic Total broken 2.4.5
Patch works for me
2.4.5-RELEASE-p1 (amd64)
built on Tue Jun 02 17:51:17 EDT 2020
FreeBSD 11.3-STABLE
Status... Andres Mora
09:26 AM Regression #11316: Unbound crashes with signal 11 when reloading
Behavior on other systems (even FreeBSD) isn't directly relevant to pfSense software. They may be similar, but it's n... Jim Pingle
09:10 AM Regression #11316: Unbound crashes with signal 11 when reloading
In the "competitor's" forum, there are several pages of error descriptions and error analyses for Unbound 1.13.0. Als... Martin Müller
07:51 AM Regression #11316: Unbound crashes with signal 11 when reloading
Keep the discussion on the forum. If it's still happening, there is no evidence there. Last post was over a week ago ... Jim Pingle
07:36 AM Regression #11316: Unbound crashes with signal 11 when reloading
I have the same problem. it happens only when the option "Register DHCP leases in the DNS Resolver" is set.
it loo... Daniel Keller
09:10 AM Bug #11335 (New): Spoofing the MAC on a LAGG interface does not work for some NIC types.
When you spoof the MAC on an assigned LAGG interface in the webgui the new MAC is shown immediately as the 'ether' ad... Steve Wheeler
08:58 AM Bug #11212 (Resolved): PHP error on Mobile IPsec input validating error
2.5.0.a.20210128.2350 fixed Viktor Gurov
08:57 AM pfSense Packages Bug #11334 (Feedback): FRR IPv4 OSPF passive-interface not working
Pushed a fix which works for me.
https://github.com/pfsense/FreeBSD-ports/commit/e1a9a4159ad577877ff378bf288cd8ec9... Jim Pingle
08:51 AM pfSense Packages Bug #11334 (Resolved): FRR IPv4 OSPF passive-interface not working
In frr_ospf.inc the list of passive interfaces is built by frr_generate_config_ospf_interfaces(), but that is run aft... Jim Pingle
08:05 AM pfSense Packages Bug #11333 (Feedback): Incorrect community-list format
PR has been merged. Thanks! Renato Botelho
07:36 AM pfSense Packages Bug #11333 (Pull Request Review): Incorrect community-list format
Jim Pingle
07:20 AM pfSense Packages Bug #11333: Incorrect community-list format
fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/37 Viktor Gurov
06:34 AM pfSense Packages Bug #11333 (Resolved): Incorrect community-list format
/var/log/frr/frr-reload.log:... Viktor Gurov
08:04 AM pfSense Packages Bug #11321 (Feedback): Clamd service fails to start upon reboot when Block PUA option is checked on Squid Proxy Server Package
PR has been merged. Thanks! Renato Botelho
07:26 AM pfSense Packages Bug #11321 (Pull Request Review): Clamd service fails to start upon reboot when Block PUA option is checked on Squid Proxy Server Package
Jim Pingle
01:26 AM pfSense Packages Bug #11321: Clamd service fails to start upon reboot when Block PUA option is checked on Squid Proxy Server Package
fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/35
 Viktor Gurov
08:01 AM pfSense Packages Bug #11331 (Feedback): FreeRADIUS latest package upgrade broke Plain Mac Authentication
PR has been merged. Thanks! Renato Botelho
07:25 AM pfSense Packages Bug #11331 (Pull Request Review): FreeRADIUS latest package upgrade broke Plain Mac Authentication
Jim Pingle
01:06 AM pfSense Packages Bug #11331: FreeRADIUS latest package upgrade broke Plain Mac Authentication
fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/34 Viktor Gurov
01:01 AM pfSense Packages Bug #11331 (Feedback): FreeRADIUS latest package upgrade broke Plain Mac Authentication
https://forum.netgate.com/topic/160323/freeradius-latest-package-upgrade:
From system logs:... Viktor Gurov
07:37 AM Bug #11332: Using LDAP-authentication against an pfsense+HAProxy -balanced ldap-endpoint does not work
Sure thing that was what I did. The response on the forum was to create a bugreport. So here I am.
https://forum.n... Thomas Malmberg
07:30 AM Bug #11332 (Not a Bug): Using LDAP-authentication against an pfsense+HAProxy -balanced ldap-endpoint does not work
I would suggest, before anything else, to try the same configuration on a 2.5.0 snapshot, where the LDAP code was cha... Jim Pingle
05:17 AM Bug #11332 (Not a Bug): Using LDAP-authentication against an pfsense+HAProxy -balanced ldap-endpoint does not work
The scenario is as follows. pfsense-01 is using pfsense-02/haproxy with ssl-termination as an authentication server l... Thomas Malmberg
07:24 AM Bug #11327: No WAN IP on Optimum Online Dynamic IP
A support subscription isn't all that relevant here, unless it's a configuration problem in pfSense software itself w... Jim Pingle
07:12 AM Bug #11319 (Resolved): Mobile IPsec certificate type validation
Tested on the latest release. It works fine. Ticket resolved. Danilo Zrenjanin
06:47 AM Bug #11303 (Resolved): Sticky connections units
Tested on the latest snapshot. It looks fine. Ticket resolved. Danilo Zrenjanin
04:24 AM Revision 00e2a771: Update vpn_wg_edit.php
* Text edits
* Formatting
* Remove debug console.log() BBcan177 .
03:31 AM Bug #11330: IGMP Proxy upgrade to latest version
I decided to test the OPNsense igmp proxy 0.3 package by force installing it over the version (0.2.1) that comes with... Patrick Monfette
01:35 AM Bug #11330: IGMP Proxy upgrade to latest version
Attached are the crashdump files.
You'll also see in the backlogs that because it rebooted so often in loop that I... Patrick Monfette
12:37 AM Bug #11329 (Duplicate): DHCP static map assigns IP to client even if "Deny unknown clients" is set.
fixed in 2.5
see #1605 Viktor Gurov

01/28/2021

09:50 PM Bug #11330 (Resolved): IGMP Proxy upgrade to latest version
IGMP Proxy has been updated to 0.3
https://github.com/pali/igmpproxy/releases/tag/0.3
Would it be possible to i... Patrick Monfette
06:26 PM Bug #11329 (Duplicate): DHCP static map assigns IP to client even if "Deny unknown clients" is set.

DHCP static map assigns IP to client even if "Deny unknown clients" is set, when the client's mac address has bee... Chris M
04:50 PM Bug #11327: No WAN IP on Optimum Online Dynamic IP
Jim Pingle wrote:
> If they suddenly stopped working without changing anything on the firewall the cause is unlikely... Gus Gemmiti
02:46 PM Bug #11327: No WAN IP on Optimum Online Dynamic IP
If they suddenly stopped working without changing anything on the firewall the cause is unlikely to be in pfSense sof... Jim Pingle
02:39 PM Bug #11327: No WAN IP on Optimum Online Dynamic IP
Jim Pingle wrote:
> There isn't any evidence of an actionable bug in pfSense yet. Keep the discussion on the forum f... Gus Gemmiti
02:26 PM Bug #11327 (Rejected): No WAN IP on Optimum Online Dynamic IP
There isn't any evidence of an actionable bug in pfSense yet. Keep the discussion on the forum for now.
This site ... Jim Pingle
02:04 PM Bug #11327 (Rejected): No WAN IP on Optimum Online Dynamic IP
I've been successfully using pfSense on this ISP for many years. Recently (a couple of months ago) it would no longe... Gus Gemmiti
03:56 PM Bug #11328 (Resolved): OpenVPN Ciphers will not stick in 2.5
So I upgraded my production home firwewall to 2.5 dev yesterday. None of the OpenVPN clients work after the upgrade d... John Griffin
03:43 PM Revision 9985ed7f: Gateway Group Policy rule creation fix. Issue #11298
Viktor Gurov
03:43 PM Revision 70ffbad3: OpenVPN Server page fields hide fix. #11272
Viktor Gurov
03:42 PM Revision 79ec3f15: Delete all OpenVPN related files on instance deletion. Issue #11254
Viktor Gurov
02:58 PM Revision c66b71c8: Mute console before load crypto modules
Renato Botelho
01:10 PM Bug #10919 (Resolved): Improve handling of OpenVPN data cipher negotiation options
Tested again on today's snapshot, and all works as expected now. I'll set the ticket to resolved. Max Leighton
11:17 AM pfSense Packages Bug #11325 (Feedback): BGP MD5 Keys Dropping Unintentionally
PR has been merged. Thanks! Renato Botelho
06:47 AM pfSense Packages Bug #11325: BGP MD5 Keys Dropping Unintentionally
Great thanks! Christian McDonald
01:10 AM pfSense Packages Bug #11325: BGP MD5 Keys Dropping Unintentionally
fix: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/32 Viktor Gurov
11:15 AM pfSense Packages Feature #11320 (Feedback): Update NAS client type
PR has been merged. Thanks! Renato Botelho
11:12 AM pfSense Packages Bug #11054 (Feedback): Check Client Certificate CN not working as described
PR has been merged. Thanks! Renato Botelho
07:11 AM pfSense Packages Bug #11054: Check Client Certificate CN not working as described
fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/33 Viktor Gurov
11:03 AM pfSense Packages Bug #11001 (Feedback): freeradius lose sql lib every pfsense update
PR has been merged. Thanks! Renato Botelho
12:11 AM pfSense Packages Bug #11001 (Confirmed): freeradius lose sql lib every pfsense update
see https://forum.netgate.com/topic/149828/freeradius3-0-15-7_9-2020-01-20-its-stops-can-t-find-libmysqlclient-so-20/... Viktor Gurov
11:01 AM pfSense Packages Bug #8466 (Feedback): radiusd crash
PR has been merged. Thanks! Renato Botelho
10:22 AM Feature #11302: WireGuard XMLRPC sync
As a general rule, anyone using HA would not be using Automatic Outbound NAT -- they would be using Manual Outbound N... Jim Pingle
09:53 AM Feature #11302: WireGuard XMLRPC sync
I've been really running wireguard through it's paces and I have some thoughts concerning this.
So I have a typica... Christian McDonald
10:01 AM pfSense Packages Bug #4088 (Feedback): Buggy squidgurd config file is created
PR has been merged. Thanks! Renato Botelho
10:01 AM pfSense Packages Bug #3085 (Feedback): squidguard: problems when importing a blacklist archive containing soft-links
PR has been merged. Thanks! Renato Botelho
10:01 AM pfSense Packages Feature #11248 (Feedback): SafeSearch update
PR has been merged. Thanks! Renato Botelho
09:52 AM Bug #11250 (Feedback): disabled FTP-Proxy service starts on boot
PR has been merged. Thanks! Renato Botelho
09:51 AM pfSense Packages Bug #11274 (Feedback): ntopng https web server does not present full certificate chain
PR has been merged. Thanks! Renato Botelho
09:49 AM pfSense Packages Feature #11060 (Feedback): Block access to consumer Google accounts
PR has been merged. Thanks! Renato Botelho
09:47 AM pfSense Packages Bug #11234 (Feedback): Filer not create missing necessary folders
PR has been merged. Thanks! Renato Botelho
09:44 AM Bug #11254 (Feedback): Some OpenVPN configuration files remain after deleting an instance
PR has been merged. Thanks! Renato Botelho
09:43 AM Bug #11272 (Feedback): OCSP settings only for TLS auth
PR has been merged. Thanks! Renato Botelho
09:43 AM Bug #11298 (Feedback): Gateway Group Offline Bug
PR has been merged. Thanks! Renato Botelho
09:35 AM pfSense Packages Feature #11301 (Feedback): Switch FRR to use default rc file as a service control base
PR has been merged. Thanks! Renato Botelho
09:35 AM pfSense Packages Bug #11271 (Feedback): Setting default-originate in FRR/BGP Silently Appends a route-map
PR has been merged. Thanks! Renato Botelho
09:15 AM Todo #11278 (Feedback): Update dnsmasq to >=2.8.3
2.84 is now imported to 2.5.0 repo Renato Botelho
08:37 AM Bug #11326: WireGuard peer allowedips is overriding system's static routes in System > Routing
Seems like you have a flawed configuration/design issue there but it's hard to tell without more information. Post on... Jim Pingle
08:28 AM Bug #11326: WireGuard peer allowedips is overriding system's static routes in System > Routing
Jim Pingle wrote:
> That's the expected behavior. By adding it as an Allowed IPs entry you told the system you _want... Adam Severns
08:01 AM Bug #11326 (Not a Bug): WireGuard peer allowedips is overriding system's static routes in System > Routing
That's the expected behavior. By adding it as an Allowed IPs entry you told the system you _wanted_ that traffic rout... Jim Pingle
07:51 AM Bug #11326 (Not a Bug): WireGuard peer allowedips is overriding system's static routes in System > Routing
If you create a peer on a wg interface that contains an allowedip that also happens to be a static route in System > ... Adam Severns
08:34 AM pfSense Packages Bug #11261: pfBlockerNG ASN numbers in IPv4 (/IPv6) Custom_List generate error(s) "Invalid numeric literal at line 1, column 7"
The error may appear when the ASN is empty. See:
[ AS36229_v4 ] Downloading update .parse error: Invalid num... P L
03:57 AM pfSense Packages Bug #11259 (Closed): pfBlockerNG-devel fails to update all IP addresses for ASN using IPv4 Source Definitions
31.13.71.50 is in
https://api.bgpview.io/asn/32934/prefixes:... Viktor Gurov

01/27/2021

05:06 PM Revision 0c68239a: Fix WireGuard interface name assignment. Fixes #11323
Only set the name when it's empty/unset (e.g. when first created),
automatically determine the next available wg inte... Jim Pingle
05:01 PM Bug #10966: IPv6 - WAN does not renew address when upstream fails
Same here - it's a very common issue for me as well, more than happy to get involved in helping nail this one if I can. Stephen Baines
04:57 PM Bug #10966: IPv6 - WAN does not renew address when upstream fails
Really keen to see some progress with this, it's impacting me on an almost weekly basis.
Please let me know if the... Sam McLeod
04:22 PM Revision 4fdcc82b: WireGuard: Always derive public key. Issue #11322
If the user enters a different private key, using the supplied public
key would lead to a mismatch. So always derive ... Jim Pingle
04:11 PM Revision 2ccdb454: WireGuard: Make pubkey read only, populate automatically. Fixes #11322
While here, add a link to copy the public key to the clipboard. Jim Pingle
04:09 PM pfSense Packages Bug #11325 (Resolved): BGP MD5 Keys Dropping Unintentionally
FRR 1.0.0 on latest v2.5 snapshots.
I'm peering with an upstream that requires a neighbor password.
If I run 's... Christian McDonald
03:20 PM Revision 51fa9278: Merge branch 'viktor/pfSense-ipsecmobileinperror'
Jim Pingle
11:18 AM Regression #11316: Unbound crashes with signal 11 when reloading
https://forum.netgate.com/topic/160005/pfsense-2-50-snapshots-have-been-dying-for-the-past-couple-of-days Greg M
11:15 AM Bug #11323 (Feedback): Removing a WireGuard tunnel can cause others to be renumbered
Applied in changeset commit:0c68239a28d3e7a2ee3b58e60b0dd0e0081d7731. Jim Pingle
10:53 AM Bug #11323 (In Progress): Removing a WireGuard tunnel can cause others to be renumbered
Jim Pingle
10:46 AM Bug #11323 (Resolved): Removing a WireGuard tunnel can cause others to be renumbered
* Configure two WireGuard tunnels, wg0 and wg1
* Delete wg0
* Tunnel list shows only wg1
* Edit/Save wg1
* Tunnel... Jim Pingle
10:47 AM Feature #11324 (New): Separate syslog "Remote log servers" Parameters
Currently when setting Multiple Remote log servers, the "Remote Syslog Contents" is GLOBAL. Feature request to set e... Mark WILLIAMS
10:31 AM Bug #11322: WireGuard Public Key should not be entered by the user
gitsync'ed and looking good so far Christian McDonald
10:20 AM Bug #11322 (Feedback): WireGuard Public Key should not be entered by the user
Applied in changeset commit:2ccdb45478a4a7056929e455be9e0841bc8a4280. Jim Pingle
10:10 AM Bug #11322 (In Progress): WireGuard Public Key should not be entered by the user
Jim Pingle
10:05 AM Bug #11322 (Resolved): WireGuard Public Key should not be entered by the user
The WireGuard tunnel public key is derived from the private key. There isn't a compelling reason to allow the user to... Jim Pingle
09:21 AM Feature #11293 (Pull Request Review): New Dynamic DNS Provider: one.com
Jim Pingle
12:05 AM Feature #11293: New Dynamic DNS Provider: one.com
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/242 Viktor Gurov
09:20 AM Bug #11212 (Feedback): PHP error on Mobile IPsec input validating error
PR merged Jim Pingle
12:01 AM Bug #11212 (New): PHP error on Mobile IPsec input validating error
same issue with Group Authentication / Authentication Groups field,
fix: https://gitlab.netgate.com/pfSense/pfSense/... Viktor Gurov
09:18 AM Bug #11319 (Feedback): Mobile IPsec certificate type validation
PR merged Jim Pingle
01:22 AM Bug #11319: Mobile IPsec certificate type validation
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/110 Viktor Gurov
01:01 AM Bug #11319 (Resolved): Mobile IPsec certificate type validation
Mobile IPsec mode doesn't support User Certificates
extra input validation required Viktor Gurov
09:16 AM pfSense Packages Feature #11320 (Pull Request Review): Update NAS client type
Jim Pingle
03:47 AM pfSense Packages Feature #11320: Update NAS client type
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/30 Viktor Gurov
03:09 AM pfSense Packages Feature #11320 (Resolved): Update NAS client type
Client Type field needs update,
Current list of NAT types:
cisco
computone
livingston
max40xx
multitech
nets... Viktor Gurov
09:13 AM Bug #11288 (Resolved): Wireguard: Peer PSK is auto-filled to the keepalive field
Jim Pingle
08:05 AM Bug #11288: Wireguard: Peer PSK is auto-filled to the keepalive field
tested on gitsync yesterday and today via normal snapshot upgrade, both look good here. Christian McDonald
08:03 AM pfSense Packages Bug #9542: FreeRadius with MySQL not started and require mysql-client packet
see #11001 Viktor Gurov
08:02 AM pfSense Packages Bug #10976: Freeradius dont start with SQL configuration
see #11001 Viktor Gurov
07:15 AM Revision f7bc20ef: Mobile IPsec certificate validation. Issue #11319
Viktor Gurov
06:39 AM pfSense Packages Bug #11321 (Resolved): Clamd service fails to start upon reboot when Block PUA option is checked on Squid Proxy Server Package
The Clamd service fails to start upon reboot when Block PUA option is checked on Squid Proxy Server Package with the ... RED SKULL
05:58 AM Revision 3b592d01: Fix PHP error in Mobile IPsec validation if Group Auth is selected. Fixes #11212
Viktor Gurov
12:43 AM pfSense Docs Correction #11318 (Closed): Feedback on pfSense Configuration Recipes — IPsec Site-to-Site VPN Example with Certificate Authentication
incorrect, only required for IPsec Mobile server Viktor Gurov
12:18 AM pfSense Docs Correction #11318 (Closed): Feedback on pfSense Configuration Recipes — IPsec Site-to-Site VPN Example with Certificate Authentication
*Page:* https://docs.netgate.com/pfsense/en/latest/recipes/ipsec-s2s-tls.html
*Feedback:*
"Set the Certificate ... Viktor Gurov
12:10 AM Feature #11317 (Closed): Backup/Restore WireGuard config
already in the latest snapshots Viktor Gurov
12:07 AM Feature #11317 (Closed): Backup/Restore WireGuard config
WireGuard backup/restore on diag_backup.php page Viktor Gurov

01/26/2021

09:38 PM Bug #10966: IPv6 - WAN does not renew address when upstream fails
Hi, considering the fact that the user only saw the patched version not fix the issue one time, would it be possible ... John Griffin
08:51 PM Revision 002a038f: Update OpenVPN Wizard to match current server options. Fixes #10919
Jim Pingle
04:13 PM Revision 9f127e7e: Fix WG Keep Alive field variable name. Fixes #11288
Jim Pingle
03:32 PM Revision 6f78203a: Fix WG Generate button descr.
Jim Pingle
03:30 PM Bug #11307 (Resolved): PHP error when attempting to edit Wireguard peer after creation
No sign of this on snapshots from today, for new or existing peers. Jim Pingle
03:29 PM Bug #11304 (Resolved): DNS-Problems after Configuring VPN-WireGuard with IPv4 & IPv6 Address
Could easily replicate the problem on previous snapshot, current snapshot is working well. The entries in the DNS res... Jim Pingle
03:28 PM Bug #11300 (Resolved): WireGuard Gateway Should Monitor the Remote Peer, not the Local Peer.
Working as intended on current snapshots, for both IPv4 and IPv6. Jim Pingle
09:23 AM Bug #11300: WireGuard Gateway Should Monitor the Remote Peer, not the Local Peer.
Nice. Patched up this morning on my boxes and this is looking good so far Christian McDonald
03:27 PM Bug #11291 (Resolved): WireGuard MTU Can Flap between 1420 and 1500
MTU is stable on current snapshots. It's 1420 even after save/apply on an assigned interface. Jim Pingle
03:26 PM Bug #11289 (Resolved): Wireguard: Automatic outbound NAT rules are applied to the WG interface
OK on current snapshots. The automatic outbound NAT rules are not being applied to WireGuard interfaces (assigned or ... Jim Pingle
03:14 PM Revision 4efba66a: Improve WireGuard field labels & descriptions.
Jim Pingle
03:06 PM Bug #11286 (Resolved): Endpoint port is mandatory if Endpoint is defined
OK on current snapshot. If the endpoint is filled in and port is blank, the default port is used. Jim Pingle
03:05 PM Bug #10919 (Feedback): Improve handling of OpenVPN data cipher negotiation options
Applied in changeset commit:002a038f4e9d4ce4cb4f8e5dec5036eb822017a6. Jim Pingle
02:48 PM Regression #11316 (Rejected): Unbound crashes with signal 11 when reloading
There is not nearly enough information here to constitute a proper bug report, and I cannot reproduce the problem as ... Jim Pingle
02:21 PM Regression #11316 (Resolved): Unbound crashes with signal 11 when reloading
Seems to be the same as here...
https://forum.opnsense.org/index.php?topic=20516.0
My workaround: I have moved t... Martin Müller
02:48 PM Bug #11288: Wireguard: Peer PSK is auto-filled to the keepalive field
Excellent, will test! Thanks Christian McDonald
10:15 AM Bug #11288 (Feedback): Wireguard: Peer PSK is auto-filled to the keepalive field
I found a typo in the variable name used to populate the value in the GUI, but the backend appears to be using it app... Jim Pingle
10:03 AM Bug #11288: Wireguard: Peer PSK is auto-filled to the keepalive field
I'm still having issues with the Keepalive field. When I edit and peer and set the keepalive value, save and come bac... Christian McDonald
02:36 PM Revision 0a0ef335: Improve WireGuard port validation. Fixes #11311
Jim Pingle
02:15 PM Revision cd4103cd: Encode WireGuard tunnel edit/peer values. Issue #11312
Jim Pingle
02:07 PM Revision 7e226dc7: Encode WireGuard tunnel list values. Issue #11312
Jim Pingle
01:37 PM Revision b505e3ae: Suppress errors when opening router file. Fixes #11314
Jim Pingle
01:10 PM Revision 73bd9c00: Merge branch 'viktor/pfSense-checkipsecwildcardcert'
Jim Pingle
01:02 PM Bug #11315 (Duplicate): Traffic Graph. shows flat line for wireguard interface
Already being tracked internally (NG 5522) Jim Pingle
12:54 PM Bug #11315 (Duplicate): Traffic Graph. shows flat line for wireguard interface
I'm running... Felix G
12:02 PM Revision 1b165375: IPsec wildcard certificates input validation. Implements #11297
Viktor Gurov
09:20 AM Bug #11312: Unable to edit or add WireGuard peers
I had an string that included a single quote encased by the <descr></descr> variable so it lines up perfectly with yo... RED SKULL
08:25 AM Bug #11312 (Feedback): Unable to edit or add WireGuard peers
I found a couple issues on the page that could be a problem if the description contained a single quote (@'@) which c... Jim Pingle
07:15 AM Bug #11312: Unable to edit or add WireGuard peers
What did you have in those fields?
The keepalive value is numeric so it's unlikely to be that. Description is CDAT... Jim Pingle
08:45 AM Bug #11311 (Feedback): Listen and peer port validation in wg.inc
Applied in changeset commit:0a0ef3352ad9a9c3710c1349a9e91da3209050df. Jim Pingle
07:45 AM Bug #11314 (Feedback): PHP error in gwlb.inc (potential race)
Applied in changeset commit:b505e3aecc11b8f8e42c8a3fd7c8b9537c3264a2. Jim Pingle
07:36 AM Bug #11314 (Resolved): PHP error in gwlb.inc (potential race)
I can't reproduce this reliably, but occasionally there is a PHP error at boot time:... Jim Pingle
07:20 AM Bug #11297: strongSwan doesn't support wildcard certificates
Applied in changeset commit:1b1653756bf5c087ccb11a7f82202e155cd3fcf2. Viktor Gurov
07:12 AM Bug #11297 (Feedback): strongSwan doesn't support wildcard certificates
Jim Pingle
07:10 AM Bug #11313: Netgate SG-5100 has not received 2.5.0 development update since 11-27-2020
Jim Pingle wrote:
> We are aware. All factory snapshots are currently disabled for internal testing.
Thanks Jim. ... Craig Weber
07:09 AM Bug #11313 (Not a Bug): Netgate SG-5100 has not received 2.5.0 development update since 11-27-2020
We are aware. All factory snapshots are currently disabled for internal testing. Jim Pingle
06:44 AM Bug #11313 (Not a Bug): Netgate SG-5100 has not received 2.5.0 development update since 11-27-2020
Hello,
I've been running the 2.5.0 Development build and for many months would receive regular updates daily. My a... Craig Weber

01/25/2021

11:04 PM Bug #11312: Unable to edit or add WireGuard peers
Ability to edit wireguard peers was regained by editing /cf/conf/config.xml and removing values from the following va... RED SKULL
09:55 PM Bug #11312 (Resolved): Unable to edit or add WireGuard peers
After upgrading from test build 2.5.0.a.20210122.2350 to 2.5.0.a.20210125.0856:
-- I am unable to edit all existi... RED SKULL
09:05 PM Revision ed837d48: Attempt to use peer wg address if possible for gateway. Implements #11300
Jim Pingle
08:43 PM Bug #11311 (Resolved): Listen and peer port validation in wg.inc
The listen port in function wg_validate_post and the peer port in function wg_validate_peer do not appear to be valid... John Clark
04:13 PM Revision 7f56c539: Add WireGuard to backup areas. Implements NG 5485
Jim Pingle
04:02 PM Revision 0c3fff67: Refine Unbound auto ACL generation. Implements #11309
Jim Pingle
03:28 PM Revision 7fe0979b: Rework WireGuard tonatsubnets/unbound ACL entries. Fixes #11304
Jim Pingle
03:15 PM Bug #11300 (Feedback): WireGuard Gateway Should Monitor the Remote Peer, not the Local Peer.
Applied in changeset commit:ed837d48335b1cafdaae3c8320c3a78229e57386. Jim Pingle
02:37 PM Bug #11300 (New): WireGuard Gateway Should Monitor the Remote Peer, not the Local Peer.
I thought up a viable way to do it. Not as clean/elegant as I wanted, but it works. Jim Pingle
08:01 AM Bug #11300: WireGuard Gateway Should Monitor the Remote Peer, not the Local Peer.
The main problem is that there isn't a way for the gateway system to know a viable remote peer address to monitor.
... Jim Pingle
02:14 PM Revision 2924fc26: Init var before use. Fixes #11307
Jim Pingle
01:51 PM Revision 81f10ba1: Add units to source tracking timeout description. Fixes #11303
Jim Pingle
01:41 PM Revision f25efb4b: Allowe peer port < 512
Steve Beaver
01:40 PM Revision 94230d38: Allowe listen port < 512
Steve Beaver
01:33 PM Revision 8b9d2275: Use correct default MTU for WireGuard. Fixes #11291
Jim Pingle
11:59 AM Bug #9450 (Resolved): Multiwan gateway group fail-over not working as expected (possible race condition)
I can not reproduce this in 2.5 under the same conditions that cause it in 2.4.5p1. Dee D's response sounds like the ... Max Leighton
11:44 AM Bug #6880: Multiple DHCP6 WAN connections leads to multiple dhcp6c clients
Yes, still there :( Tobias H
11:39 AM pfSense Packages Bug #11271: Setting default-originate in FRR/BGP Silently Appends a route-map
I know you _can_ but why limit the configuration in such a fashion?
Checkbox for enabling default-originate IPv4 w... Chris Linstruth
11:28 AM pfSense Packages Bug #11271: Setting default-originate in FRR/BGP Silently Appends a route-map
Chris Linstruth wrote:
> Shouldn't there be a separate route map selection for each address family?
You can match... Ben Hughes
08:00 AM pfSense Packages Bug #11271: Setting default-originate in FRR/BGP Silently Appends a route-map
Shouldn't there be a separate route map selection for each address family? Chris Linstruth
07:19 AM pfSense Packages Bug #11271 (Pull Request Review): Setting default-originate in FRR/BGP Silently Appends a route-map
Jim Pingle
10:10 AM Todo #11309 (Feedback): DNS Resolver automatic ACL entries need refinement
Applied in changeset commit:0c3fff676c104ca720f251a28b99d2d285298f8f. Jim Pingle
09:34 AM Todo #11309 (Resolved): DNS Resolver automatic ACL entries need refinement
The way the DNS resolver backend code in unbound.inc generates the automatic access list entries is inefficient.
T... Jim Pingle
10:06 AM Bug #11308 (Duplicate): NTP Trying IPv6 when no IPv6 connectivity is available or configured.
See #10322 Jim Pingle
09:34 AM Bug #11308: NTP Trying IPv6 when no IPv6 connectivity is available or configured.
Screen recording of bouncing NTPD. Christian McDonald
09:31 AM Bug #11308 (Duplicate): NTP Trying IPv6 when no IPv6 connectivity is available or configured.
My firewall has IPv6 traffic explicitly blocked and no IPv6 configured on any WAN interfaces.
NTP tries to hit IPv... Christian McDonald
09:56 AM pfSense Packages Feature #11310: Adding a widget to apcupsd plug-in
Link to pull request: https://github.com/pfsense/FreeBSD-ports/pull/1034 Andrew S
09:45 AM pfSense Packages Feature #11310 (Resolved): Adding a widget to apcupsd plug-in
I was inspired to create a widget for the apcupsd plug-in that is included with pfSense and I would like to contribut... Andrew S
09:35 AM Bug #11304 (Feedback): DNS-Problems after Configuring VPN-WireGuard with IPv4 & IPv6 Address
Applied in changeset commit:7fe0979bc0de358a95767c25cfcbddec4a932ce4. Jim Pingle
07:56 AM Bug #11304 (In Progress): DNS-Problems after Configuring VPN-WireGuard with IPv4 & IPv6 Address
Jim Pingle
08:20 AM Bug #11307 (Feedback): PHP error when attempting to edit Wireguard peer after creation
Applied in changeset commit:2924fc260c5c9cbdd03aaa02f9c10944336c6787. Jim Pingle
08:11 AM Bug #11307 (In Progress): PHP error when attempting to edit Wireguard peer after creation
Jim Pingle
08:07 AM Feature #11306 (Duplicate): Switchable time-out for remote admin (like “reload in min / reload cancel” in CISCO)
Duplicate of #3895 Jim Pingle
08:05 AM Bug #11290 (Closed): Package ``<plugins>`` and ``<tabs>`` content missing from configuration in some cases
I'll close this out for now, but if someone can reproduce it, we can open it back up with more details about exactly ... Jim Pingle
08:00 AM Bug #11303 (Feedback): Sticky connections units
Applied in changeset commit:81f10ba1d0b64e23b7386e21730d4acee2e2944c. Jim Pingle
07:52 AM Bug #11303: Sticky connections units
Load Balancer is gone, so this is technically now only a multi-wan setting.
I committed a different change to ment... Jim Pingle
07:54 AM Bug #11291: WireGuard MTU Can Flap between 1420 and 1500
Looks good, thanks for the quick update Christian McDonald
07:40 AM Bug #11291 (Feedback): WireGuard MTU Can Flap between 1420 and 1500
Applied in changeset commit:8b9d2275015be7bf8febb1714f8a979d7c5f2beb. Jim Pingle
07:22 AM Bug #11291 (In Progress): WireGuard MTU Can Flap between 1420 and 1500
Jim Pingle
07:49 AM pfSense Packages Bug #8466 (Pull Request Review): radiusd crash
Jim Pingle
07:48 AM Feature #11294 (Pull Request Review): New Dynamic DNS Provider: Yandex PDD
Jim Pingle
07:48 AM Feature #11302: WireGuard XMLRPC sync
Might be tricky since if it was allowed, it couldn't be assigned, or else we'd have to code around allowing it to be ... Jim Pingle
07:45 AM pfSense Packages Feature #11301 (Pull Request Review): Switch FRR to use default rc file as a service control base
Jim Pingle
07:43 AM Bug #11299 (Pull Request Review): Unused L2TP VPN files are not removed when the service is disabled
Jim Pingle
07:42 AM Bug #11296 (Pull Request Review): Static route targets may still reachable via default route when the gateway they should route through is down
Jim Pingle
07:40 AM Bug #11297 (Pull Request Review): strongSwan doesn't support wildcard certificates
Jim Pingle
07:39 AM Bug #11298 (Pull Request Review): Gateway Group Offline Bug
Jim Pingle
07:37 AM Bug #11292 (Duplicate): in the wireguard page double clicking existing tunnel doesn't open the configuration page
This was fixed several days ago, see commit:56a4e2d56f66432a596329bc65cde4c159951829
Duplicate of an entry in our ... Jim Pingle

01/24/2021

11:02 PM Bug #11307 (Resolved): PHP error when attempting to edit Wireguard peer after creation
Version:... Peter Potvin
02:43 PM Bug #11279 (Resolved): Typo in WireGuard Configuration
Confirmed that this typo is fixed in the latest build. Marking the ticket as resolved Max Leighton
02:11 PM Bug #11291: WireGuard MTU Can Flap between 1420 and 1500
I've nailed down clear reproduction steps...assuming that you have a WG tunnel and it's corresponding wg interface as... Christian McDonald
02:04 PM Bug #11290: Package ``<plugins>`` and ``<tabs>`` content missing from configuration in some cases
I experienced this with a very simple OSPF configuration that I had on the 2.4 stable branch. This was an in-place up... Christian McDonald
01:28 AM Feature #11306 (Duplicate): Switchable time-out for remote admin (like “reload in min / reload cancel” in CISCO)
Implementation of timeout for remote administration when some change (in ACL for example, in fw rules, etc., ) may ca... Sergei Shablovsky
01:02 AM Bug #11305 (Duplicate): Gateway Group Trigger Level 'Packet Loss or High Latency' Broken
Duplicate of #11298 Viktor Gurov
12:09 AM pfSense Packages Feature #10816 (Resolved): Allow FRR BGP Neighbors to be active in both IPv4 and IPv6
Tested on 21.02-DEVELOPMENT (amd64)
built on Sat Jan 23 00:06:39 EST 2021
FreeBSD 12.2-STABLE
Checkbox "Address ... Azamat Khakimyanov
12:04 AM pfSense Packages Feature #11202 (Resolved): Antivirus feature update
Tested on 21.02-DEVELOPMENT (amd64)
built on Sat Jan 23 00:06:39 EST 2021
FreeBSD 12.2-STABLE
All these new feat... Azamat Khakimyanov

01/23/2021

09:15 PM Bug #11290: Package ``<plugins>`` and ``<tabs>`` content missing from configuration in some cases
please provide the Steps to reproduce the issue. Alhusein Zawi
06:52 PM Bug #11290: Package ``<plugins>`` and ``<tabs>`` content missing from configuration in some cases
Update: I'm not seeing this in the latest snapshots now. So I'm not entirely sure what's going on. There might be an ... Christian McDonald
06:44 PM Bug #11300: WireGuard Gateway Should Monitor the Remote Peer, not the Local Peer.
I guess I'm not familiar enough with the current codebase to follow the reasoning here, but I've created a few manual... Christian McDonald
09:23 AM Bug #11300 (Rejected): WireGuard Gateway Should Monitor the Remote Peer, not the Local Peer.
It's not viable, unfortunately. I tried doing it a few different ways but the current behavior is the best so far.
... Jim Pingle
08:57 AM Bug #11300 (Resolved): WireGuard Gateway Should Monitor the Remote Peer, not the Local Peer.
Not sure the value of monitoring the local/self peer on WireGuard gateways. These should monitor the far/remote end. ... Christian McDonald
06:01 PM Bug #11305 (Duplicate): Gateway Group Trigger Level 'Packet Loss or High Latency' Broken
Whenever I'm doing PBR using a gateway group with a trigger level of 'Packet Loss or High Latency', the firewall rule... Christian McDonald
03:54 PM Bug #11304 (Resolved): DNS-Problems after Configuring VPN-WireGuard with IPv4 & IPv6 Address
VPN / WireGuard / Tunnels
Address: 172.16.16.1/24 -> Everything ist OK
Also allowed is a Comma separated lis... Stephan Hartenauer
03:32 PM pfSense Packages Bug #8047: XG-2758 - Coreboot Upgrade - Different ROM size
Renato Botelho wrote:
> According ADI engineers XG-2758 requires a physical power cycle after upgrade coreboot and b... Arthur Brownlee IV
12:52 PM Bug #11303: Sticky connections units
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/107 Danilo Zrenjanin
12:32 PM Bug #11303 (Resolved): Sticky connections units
Under System/Advanced/Miscellaneous - LoadBalancing description, it is not clear what is the measurement unit(seconds... Danilo Zrenjanin
11:38 AM pfSense Packages Bug #8466: radiusd crash
Fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/29 Danilo Zrenjanin
10:49 AM Feature #11294: New Dynamic DNS Provider: Yandex PDD
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/242 Viktor Gurov
09:45 AM Bug #11288 (Resolved): Wireguard: Peer PSK is auto-filled to the keepalive field
2.5.0.a.20210122.2350 fixed Viktor Gurov
09:44 AM Bug #11283 (Resolved): Incorrect WireGuard help page
2.5.0.a.20210122.2350 fixed Viktor Gurov
09:43 AM Feature #11302 (New): WireGuard XMLRPC sync
It would be nice to sync WireGuard configuration and automatically set it to 'disabled' state on the secondary node
... Viktor Gurov
09:20 AM pfSense Packages Feature #11301: Switch FRR to use default rc file as a service control base
PR: https://github.com/pfsense/FreeBSD-ports/pull/1033 Ben Hughes
09:20 AM pfSense Packages Feature #11301 (Feedback): Switch FRR to use default rc file as a service control base
Switch FRR to use default rc file as a service control base

- Set rc.conf.d/frr for watchfrr service action su... Ben Hughes
08:53 AM Bug #11299: Unused L2TP VPN files are not removed when the service is disabled
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/105 Viktor Gurov
08:51 AM Bug #11299 (Resolved): Unused L2TP VPN files are not removed when the service is disabled
`/var/etc/l2tp-vpn` files are not deleted if you disable L2TP VPN Viktor Gurov
08:37 AM Bug #11282 (Resolved): php error on creating new PPPoE server instance
works as expected on 2.5.0.a.20210122.2350 Viktor Gurov
08:35 AM pfSense Packages Feature #11102 (Resolved): Include a dictionary for mpd5 in Freeradius
dictionary.mpd is included Viktor Gurov
08:24 AM Bug #11296: Static route targets may still reachable via default route when the gateway they should route through is down
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/104 Viktor Gurov
02:54 AM Bug #11296 (New): Static route targets may still reachable via default route when the gateway they should route through is down
https://forum.netgate.com/topic/160103/static-routes-not-as-expected:
When WAN gateway is down, I can still access/p... Viktor Gurov
06:25 AM Bug #11297: strongSwan doesn't support wildcard certificates
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/103 Viktor Gurov
03:18 AM Bug #11297 (Resolved): strongSwan doesn't support wildcard certificates
Wildcard certificates are declared deprecated in RFC 6125.
A check which would prevent users from adding a wildcar... Danilo Zrenjanin
04:49 AM Bug #11298: Gateway Group Offline Bug
fix: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/102
see also #10716 Viktor Gurov
03:43 AM Bug #11298 (Resolved): Gateway Group Offline Bug
https://forum.netgate.com/topic/160153/gateway-group-offline-bug:
In 2.5.0.a.20210121.2350 I discovered an issue t... Viktor Gurov

01/22/2021

11:48 PM pfSense Packages Feature #11295 (Resolved): DNSBL IDN support
Add IDN domains support to:
- DNSBL Whitelist
- DNSBL Custom_List
- Python no AAAA List
- IPv4 Custom_List (domai... Viktor Gurov
11:46 PM pfSense Packages Feature #9249 (Resolved): [siproxd] Add config for siptrunk plugin
Viktor Gurov
11:13 PM pfSense Packages Feature #9249: [siproxd] Add config for siptrunk plugin
The configuration has been added to /usr/local/etc/siproxd.conf after Enabling SIP Trunk Plugin
load_plugin=plugin... Alhusein Zawi
11:09 PM Feature #11294 (Closed): New Dynamic DNS Provider: Yandex PDD
Add support for pddimp.yandex.ru dyndns:
https://yandex.com/dev/connect/directory/api/concepts/domains/dns-records-v... Viktor Gurov
11:01 PM Feature #11293 (Closed): New Dynamic DNS Provider: one.com
Add support for one.com DDNS, see:
https://forum.netgate.com/topic/124904/dynamic-dns-one-com Viktor Gurov
09:26 PM Bug #11292 (Duplicate): in the wireguard page double clicking existing tunnel doesn't open the configuration page
in the wireguard page
double clicking existing tunnel doesn't open the configuration page
like others pfsense p... khaled osama
09:05 PM Bug #11283: Incorrect WireGuard help page

21.02.a.20210120.2350 fixed
2.5.0.a.20210121.2350 not fixed Alhusein Zawi
07:20 AM Bug #11283 (Feedback): Incorrect WireGuard help page
Applied in changeset commit:16a294f7678a4be1a0e7fc066300958dc734deb3. Jim Pingle
02:26 AM Bug #11283: Incorrect WireGuard help page
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/100 Viktor Gurov
02:23 AM Bug #11283 (Resolved): Incorrect WireGuard help page
Clicking on the help icon redirects to https://docs.netgate.com/pfsense/en/latest/index.html instead of https://docs.... Viktor Gurov
06:23 PM Revision fedf01cd: Fix length check for WireGuard interface descriptions
Jim Pingle
06:23 PM Revision e1afb219: Add WireGuard to easyrule
Jim Pingle
06:11 PM Bug #11291 (Resolved): WireGuard MTU Can Flap between 1420 and 1500
The default WireGuard MTU is typically 1420. However , I’ve observed cases where the wg interfaces will flap between ... Christian McDonald
05:40 PM Revision bc8cf86b: Exclude wg(4) from auto outbound NAT. Fixes #11289
Jim Pingle
04:02 PM Revision a0103e4b: PPPoE Server users create and instance delete fix. Issue #11282
Viktor Gurov
04:00 PM Revision d3eb9b35: Fixed 11287 by moving style to css
Steve Beaver
03:55 PM Revision c0d26370: Use gettext() on WireGuard endpoint text. Issue #11286
Jim Pingle
03:52 PM Revision e801e55b: Assume default WG port if empty. Fixes #11286
While here, print a more user-friendly value when peer endpoints are
empty. Jim Pingle
03:30 PM Revision 262dba24: Fix populating keepalive value. Fixes #11288
Jim Pingle
03:24 PM Revision df799f2c: Assume default WG port if empty. Fixes #11286
Jim Pingle
03:17 PM pfSense Packages Bug #11271: Setting default-originate in FRR/BGP Silently Appends a route-map
Chris Linstruth wrote:
> I suggest a checkbox to enable default-originate and a pulldown that lists the route maps f... Ben Hughes
03:15 PM pfSense Packages Bug #11271: Setting default-originate in FRR/BGP Silently Appends a route-map
PR: https://github.com/pfsense/FreeBSD-ports/pull/1032 Ben Hughes
02:46 PM pfSense Packages Bug #11271: Setting default-originate in FRR/BGP Silently Appends a route-map
I suggest a checkbox to enable default-originate and a pulldown that lists the route maps for OPTIONAL inclusion. Chris Linstruth
01:36 PM pfSense Packages Bug #11271: Setting default-originate in FRR/BGP Silently Appends a route-map
George Phillips wrote:
> Basically, that drop-down menu should be empty unless the user defines their own route-maps... Ben Hughes
01:35 PM pfSense Packages Bug #11271: Setting default-originate in FRR/BGP Silently Appends a route-map
Yeh it's a bug, if you select IPv4+IPv6 then it'll work as expected but everything else it'll interpret at a route ma... Ben Hughes
12:14 PM pfSense Packages Bug #11271: Setting default-originate in FRR/BGP Silently Appends a route-map
Basically, that drop-down menu should be empty unless the user defines their own route-maps. The ipv4, ipv6, and ipv... George Phillips
03:17 PM Revision 56a4e2d5: Add doubleclick handlers to WireGuard tables
Steve Beaver
02:18 PM Bug #11290 (Resolved): Package ``<plugins>`` and ``<tabs>`` content missing from configuration in some cases
FRR 1.0.0 is not properly starting/stopping in regards to the configured CARP status IP. Christian McDonald
01:34 PM pfSense Packages Bug #8466: radiusd crash
I tested on the latest snapshot. It still allows entering " as the first character.
e.g., entering the password _... Danilo Zrenjanin
01:15 PM Revision 171b0eb2: Revert "Add wg to ALTQ list. Implements #11280"
Unstable. See #11285
This reverts commit 4a49b0d9b182c76f658201124c43278a65542c98. Jim Pingle
01:13 PM Revision 16a294f7: Add help.php entries for Wireguard pages. NG 5455 and Fixes #11283
Jim Pingle
01:02 PM Bug #10919 (In Progress): Improve handling of OpenVPN data cipher negotiation options
Jim Pingle
11:50 AM Bug #11289 (Feedback): Wireguard: Automatic outbound NAT rules are applied to the WG interface
Applied in changeset commit:bc8cf86b8f1d83677c43ba4501704b9192501495. Jim Pingle
11:41 AM Bug #11289: Wireguard: Automatic outbound NAT rules are applied to the WG interface
It should be excluded from automatic outbound NAT, but it does belong in tonatsubnets (so it gets NAT out WANs).
C... Jim Pingle
11:21 AM Bug #11289 (Resolved): Wireguard: Automatic outbound NAT rules are applied to the WG interface
It's unexpected that they should be there for a site-to-site setup.
Additionally the WG interface subnet is includ... Steve Wheeler
10:43 AM pfSense Packages Bug #11054: Check Client Certificate CN not working as described
see http://freeradius.1045715.n5.nabble.com/user-name-and-EAP-TLS-td5714550.html:... Viktor Gurov
10:23 AM Bug #11287 (Resolved): The Wireguard Peers list is not Dark theme compatible
Looks good after a gitsync. It's respecting the CSS change now. Jim Pingle
10:00 AM Bug #11287 (Feedback): The Wireguard Peers list is not Dark theme compatible
Anonymous
08:49 AM Bug #11287 (Resolved): The Wireguard Peers list is not Dark theme compatible
The text is white in the Dark Theme which makes it almost impossible to view again the light blue background.
See:... Steve Wheeler
10:05 AM pfSense Packages Bug #11055 (Resolved): Insecure FreeRADIUS defaults
Tested on the latest snapshot. It's fixed. Ticket resolved. Danilo Zrenjanin
10:03 AM Bug #11282 (Feedback): php error on creating new PPPoE server instance
PR merged Jim Pingle
02:14 AM Bug #11282: php error on creating new PPPoE server instance
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/99 Viktor Gurov
01:41 AM Bug #11282 (Resolved): php error on creating new PPPoE server instance
If you create a new PPPoE Server instance with a 1+ users, a will PHP error occur:... Viktor Gurov
10:00 AM Bug #11286 (Feedback): Endpoint port is mandatory if Endpoint is defined
Applied in changeset commit:e801e55ba199db0cddeb05f5e0b8a0f7ba75c384. Jim Pingle
09:52 AM Bug #11286 (In Progress): Endpoint port is mandatory if Endpoint is defined
One more little thing, in the tunnel list it isn't assuming the default port in the display. Also it's showing ":" fo... Jim Pingle
09:30 AM Bug #11286 (Feedback): Endpoint port is mandatory if Endpoint is defined
Applied in changeset commit:df799f2c43441dc80174f6360ecdab0e78b15eb4. Jim Pingle
09:19 AM Bug #11286: Endpoint port is mandatory if Endpoint is defined
In this case we should assume the default port (@51820@) rather than making the field required. I'll take a look at it. Jim Pingle
08:46 AM Bug #11286: Endpoint port is mandatory if Endpoint is defined
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/101 Viktor Gurov
08:34 AM Bug #11286 (Resolved): Endpoint port is mandatory if Endpoint is defined
It's not possible to define endpoint without port, i.e.... Viktor Gurov
09:40 AM Bug #11288 (Feedback): Wireguard: Peer PSK is auto-filled to the keepalive field
Applied in changeset commit:262dba240a74a4b70cacbe6835dcef344d44f316. Jim Pingle
09:25 AM Bug #11288: Wireguard: Peer PSK is auto-filled to the keepalive field
fix in https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/101/ Viktor Gurov
09:21 AM Bug #11288 (Resolved): Wireguard: Peer PSK is auto-filled to the keepalive field
If you configure a PSK on a WireGuard peer and then edit that peer the keep-alive field will be populated by the PSK ... Steve Wheeler
07:28 AM Todo #11280 (New): Add WireGuard to ALTQ list
Jim Pingle
07:25 AM Todo #11280 (Feedback): Add WireGuard to ALTQ list
Applied in changeset commit:171b0eb2d69dc6737c63e5f6a2be63d705678c04. Jim Pingle
07:16 AM Todo #11280 (New): Add WireGuard to ALTQ list
Reverted this change for now since ALTQ on WireGuard is not stable. See #11285 Jim Pingle
04:46 AM Todo #11280 (Resolved): Add WireGuard to ALTQ list
2.5.0.a.20210121.2350 - I can successfully create a traffic shaper on the wg* interfaces Viktor Gurov
07:21 AM Bug #11284: php waring in interfaces after upgrading to latest dev version
I didn't see any recent changes which might have introduced a problem on the lines in the error, so it definitely nee... Jim Pingle
04:32 AM Bug #11284 (Rejected): php waring in interfaces after upgrading to latest dev version
This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Viktor Gurov
03:26 AM Bug #11284 (Rejected): php waring in interfaces after upgrading to latest dev version
i updated to the dev version 2.5.0.a.20210121.1437
it gave the following crash report
Crash report begins. Ano... khaled osama
07:17 AM Bug #11285: Kernel crash on ALTQ-enabled wg interfaces
Moving ahead, no time to address this one for now. Reverted the change allowing ALTQ to be used with WireGuard for now. Jim Pingle
06:02 AM Bug #11285 (Closed): Kernel crash on ALTQ-enabled wg interfaces
If you create a traffic shaper queue on the assigned wg* interface,
any WireGuard manipulation (add peer / delete in... Viktor Gurov
07:08 AM Feature #11281 (Duplicate): Generating WireGuard QR codes for fast mobile deployments
Already covered in the plan for config export under NG 5436 Jim Pingle
12:22 AM Feature #11281 (Duplicate): Generating WireGuard QR codes for fast mobile deployments
It would be nice to add QR code generator for fast mobile (Android/iOS) deployments,
Use FreeRADIUS QR code generato... Viktor Gurov
05:05 AM Bug #11277 (Resolved): Hide WireGuard interfaces from Interface Assignments pages
works as expected on 2.5.0.a.20210121.2350 Viktor Gurov
04:41 AM Bug #11275 (Resolved): Certificate import of a signed certificate signing request is not offered
resolved on 2.5.0.a.20210121.2350 Viktor Gurov
02:33 AM Feature #9942: Give pfSense the possibility to change the keyboard Layout for console users
localization steps:
https://forum.netgate.com/topic/159666/pfsense-localization-connecting-on-console-or-via-ssh Viktor Gurov

01/21/2021

11:02 PM Bug #9296 (Confirmed): Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries
see also #7209 Viktor Gurov
01:06 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries
same issue on 2.5.0.a.20210120.1500
mixed alias entries:
- yandex.ru
- 1.2.3.4... Viktor Gurov
09:57 PM Revision 8dffba30: Fix WireGuard case
Jim Pingle
09:55 PM Revision 5a33a16c: Ticket #5186: Enable Wireguard firewall rules tab
Jim Pingle
09:32 PM Revision e42e51fe: Correct typo. Fixes #11279
Jim Pingle
09:31 PM Revision 4a49b0d9: Add wg to ALTQ list. Implements #11280
Jim Pingle
09:19 PM Revision eb099537: Prevent invalid WireGuard assignments. Fixes #11277
Jim Pingle
08:57 PM Revision db2fefc5: Show WireGuard interface description during assignment. Issue #11277
Jim Pingle
07:55 PM Revision f50c6543: WireGuard assignment/disable behavior improvements. NG 5518
* Do not allow a WireGuard instance to be removed while assigned
* Do not allow a WireGuard instance to be disabled w... Jim Pingle
04:42 PM Revision c3c257e4: Add WireGuard info to status output. NG 5483
Jim Pingle
04:03 PM Revision 488672e3: WireGuard default port usage fix. NG 5482
Jim Pingle
03:52 PM Bug #7209: Something is seriously wrong with firewall aliases
This bug / #9296 was easily reproducible 3 years ago when I first hit it and still is today on 2.4.5-p1. Just make a... Stuart Wyatt
01:06 AM Bug #7209: Something is seriously wrong with firewall aliases
see #9296 Viktor Gurov
03:40 PM Bug #11279 (Feedback): Typo in WireGuard Configuration
Applied in changeset commit:e42e51fefbaf93d8be3f4d2524f72a0bf2c4b543. Jim Pingle
03:32 PM Bug #11279 (In Progress): Typo in WireGuard Configuration
Yep, typo. Fix incoming. Jim Pingle
03:28 PM Bug #11279 (Resolved): Typo in WireGuard Configuration
There´s a typo in the WireGuard peer configuration
I think this should be IPv4 or IPv6 address? Moritz Schwarz
03:40 PM Todo #11280 (Feedback): Add WireGuard to ALTQ list
Applied in changeset commit:4a49b0d9b182c76f658201124c43278a65542c98. Jim Pingle
03:31 PM Todo #11280 (New): Add WireGuard to ALTQ list
wg interfaces support ALTQ, so can be added to the list.
 Jim Pingle
03:25 PM Bug #11277 (Feedback): Hide WireGuard interfaces from Interface Assignments pages
Applied in changeset commit:eb0995379ee6778af0b82a28122a9f36a8bd075a. Jim Pingle
03:21 PM Bug #11277: Hide WireGuard interfaces from Interface Assignments pages
Commit is coming momentarily which prevents WireGuard interfaces from being used in VLAN, QinQ, LAGG, and Bridges.
... Jim Pingle
03:19 PM Bug #11277 (In Progress): Hide WireGuard interfaces from Interface Assignments pages
Jim Pingle
11:12 AM Bug #11277 (Resolved): Hide WireGuard interfaces from Interface Assignments pages
it's not needed on VLAN, QinQ, PPP, BRIDGES pages
also: VPN / L2TP, PPPoE server
IPsec, OpenVPN ? Viktor Gurov
03:00 PM Revision e7e4ba5a: Signed CSR import fix. Issue #11275
Viktor Gurov
01:35 PM Todo #11278: Update dnsmasq to >=2.8.3
We are aware, but for the most part it wouldn't impact us. These are all issues in dnsmasq, which while included in p... Jim Pingle
01:08 PM Todo #11278 (Resolved): Update dnsmasq to >=2.8.3
Not really a bug, but are you aware of DNSpooq?
https://www.jsof-tech.com/disclosures/dnspooq/
AFAIK, it was just... Logan Marchione
10:54 AM Feature #8786: Wireguard VPN
Renato Botelho wrote:
> Initial kernel version wireguard support is now in place
FYI. I have receiving fetch err... Ronald Schellberg
09:44 AM Bug #11272 (Pull Request Review): OCSP settings only for TLS auth
Jim Pingle
12:16 AM Bug #11272: OCSP settings only for TLS auth
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/97 Viktor Gurov
09:42 AM pfSense Packages Bug #11274 (Pull Request Review): ntopng https web server does not present full certificate chain
Jim Pingle
08:04 AM pfSense Packages Bug #11274: ntopng https web server does not present full certificate chain
fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/28 Viktor Gurov
06:50 AM pfSense Packages Bug #11274 (Resolved): ntopng https web server does not present full certificate chain
The https protected web frontend (port 3000) of ntopng 0.8.13_6 (tested on pfSense CE 2.4.5_1) does not work correctl... Martin Bartosch
09:41 AM Bug #11275 (Feedback): Certificate import of a signed certificate signing request is not offered
PR merged Jim Pingle
09:01 AM Bug #11275: Certificate import of a signed certificate signing request is not offered
Fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/98 Viktor Gurov
06:57 AM Bug #11275 (Resolved): Certificate import of a signed certificate signing request is not offered
Testing the current pfSense 2.5.0-DEVELOPMENT version I encountered a problem with the certificate manager. When requ... Martin Bartosch
09:27 AM Bug #11276 (Rejected): CARP both master master
There is a problem with your configuration or environment. This site is not for support or diagnostic discussion.
... Jim Pingle
09:18 AM Bug #11276 (Rejected): CARP both master master
Hi,
I've an issue with two CARP interfaces. Both are seen as Master/master. All of others CARP interfaces are work... Nazar Hassan
08:08 AM pfSense Packages Bug #11271: Setting default-originate in FRR/BGP Silently Appends a route-map
Looks like 2.5.0 still appends a route-map to me.... Chris Linstruth
07:52 AM pfSense Packages Bug #11273 (Not a Bug): ntopng password reset does not work
unable to reproduce - I can successfully update admin password
you need to use pfSense WebGUI to change password, no... Viktor Gurov
06:45 AM pfSense Packages Bug #11273 (Not a Bug): ntopng password reset does not work
Modifying the admin password in the ntopng settings does not seem to work.
Versions: ntopng 0.8.13_6 on pfSense CE... Martin Bartosch
04:59 AM Bug #11082: XMLRPC synchronization restarts all OpenVPN instances on the secondary node when making any change on the primary node
Hello everyone,
This issue is also affecting us, do you know approximately when an official update is going to fix... Ferran Peinado
02:34 AM Bug #11256: Cannot add alias with multiple URLs
I can reproduce it on 2.4.5-p1,
but it works fine on 2.5.0.a.20210120.1500 Viktor Gurov
12:46 AM pfSense Packages Bug #11261: pfBlockerNG ASN numbers in IPv4 (/IPv6) Custom_List generate error(s) "Invalid numeric literal at line 1, column 7"
no such issue with pfBlockerNG-devel 3.0.0_8 - I can successfully add AS number to IPv4/IPv6 Custom_List and see no e... Viktor Gurov
12:18 AM Revision e564dbd6: Add ^wg to list of interface mimatch types
Steve Beaver

01/20/2021

11:43 PM Bug #11272 (Resolved): OCSP settings only for TLS auth
There is no need to show OCSP settings for "Peer to Peer (Shared Key)" and "Remote Access (User Auth)" auth modes Viktor Gurov
11:25 PM pfSense Packages Bug #11271: Setting default-originate in FRR/BGP Silently Appends a route-map
> Selecting IPv4+IPv6 announces the route but it is counter-intuitive for someone creating an IPv4-only peer to selec... Viktor Gurov
08:12 PM pfSense Packages Bug #11271 (Resolved): Setting default-originate in FRR/BGP Silently Appends a route-map
When setting default-priginate on a BGP neighbor thew user is presented with four choices by default:
* No
* IPv4... Chris Linstruth
11:16 PM pfSense Packages Feature #10789 (Feedback): FRR integrated configuration and hitless reloads
Merged Viktor Gurov
08:27 PM Revision 8e48b2e2: Add OS routes using WireGuard Peer AllowedIPs. Part of NG 5437
Jim Pingle
07:50 PM Revision 45ae5c55: Remove WireGuard peernwks field which is not needed. Part of NG 5437
Jim Pingle
07:43 PM Revision 6e23ca79: Fix some bad WireGuard capitalization
Jim Pingle
07:39 PM Revision 236f8ecc: Automatic WireGuard interface gateways. Part of NG 5437
Jim Pingle
05:40 PM Revision a0341111: Update translation files
Renato Botelho
05:37 PM Revision 9661de36: Regenerate pot
Renato Botelho
05:27 PM Revision 3856366b: Retire VXLAN support
VXLAN support is not enterprise ready and after internal discussion we
decided we are not able to support it. We are... Renato Botelho
03:34 PM Feature #11270: Consider integrating Nebula mesh VPN
Forgot to add the link...
https://github.com/slackhq/nebula Jeff Wischkaemper
03:34 PM Feature #11270 (New): Consider integrating Nebula mesh VPN
Slack's Nebula VPN is a very slick system that more-or-less uses Wireguard tunnels, but a sane and scaleable key/cert... Jeff Wischkaemper
01:44 PM Revision 55da9aef: Change XML listtag entry for peer to wgpeer for issue #5186
Jim Pingle
10:28 AM Bug #11267 (Resolved): PHP Error in FRR after WireGuard merge
Renato Botelho
10:01 AM Bug #11267: PHP Error in FRR after WireGuard merge
I applied the patch and the neighbors came back. Thanks for the quick fix! Zachary McGibbon
09:46 AM Bug #11267 (Feedback): PHP Error in FRR after WireGuard merge
This is due to WireGuard trying to use the 'peer' tag as a list when it should be using 'wgpeer' which didn't carry o... Jim Pingle
07:38 AM Bug #11267 (Resolved): PHP Error in FRR after WireGuard merge
Testing:... Steve Wheeler
09:46 AM pfSense Packages Bug #11269 (Duplicate): FRR BGP neighbors missing after update
We are aware -- it's not a problem in FRR, but in the base system. See #11267 Jim Pingle
09:39 AM pfSense Packages Bug #11269: FRR BGP neighbors missing after update
Just found a crash report too:... Zachary McGibbon
09:37 AM pfSense Packages Bug #11269 (Duplicate): FRR BGP neighbors missing after update
Just upgraded to beta 2.5.0.a.20210119.2350 and my bgp neighbors are missing their IP address. If I try and add the ... Zachary McGibbon
08:45 AM Bug #11268 (Resolved): Cookie named ``id`` prevents some forms from being loaded or saved properly
If you have a cookie set with a name 'id' (any value), and you try to edit something, e.g. a firewall rule, the form ... Matthew Fearnley
 

Also available in: Atom