Activity

30 days up to

User

Subprojects

Activity

From 01/31/2021 to 03/01/2021

03/01/2021

11:44 PM Bug #11502: WireGuard ``matchaddr failed`` kernel messages in system log: This is not isolated to when using multiple peers. It also happens to many people with just 1 peer (site to site). Do... Kevin Mychal Ong
02:15 PM Bug #11502: WireGuard ``matchaddr failed`` kernel messages in system log: I have the same issue. Loads of "matchaddr failed" messages and any WG tunnel with more than a single peer fails.
I ... Mark Howells
11:20 PM pfSense Packages Bug #11591 (Duplicate): Could not install node exporter: duplicate of #11515
See fix in the next node_exporter version:
https://github.com/pfsense/FreeBSD-ports/commit/6e... Viktor Gurov
09:58 PM pfSense Packages Bug #11591 (Duplicate): Could not install node exporter: I tried to install node_exporter and whilst the install appeared to complete successfully, I noticed it did not appea... Mark De Souza
10:01 PM pfSense Packages Bug #11592 (New): Node exporter can not read system statistics: Each time I curl <ip of router>:9100 I receive the following log error:
level=error ts=2021-03-02T03:55:34.739Z ca... Mark De Souza
09:06 PM pfSense Packages Bug #11572: Auto created firewall rules have IPv4 as protocol only - even for IPv6 lists.: There are a couple items to iron out in devel, so don't think too long. BBcan177 .
04:02 PM pfSense Packages Bug #11572: Auto created firewall rules have IPv4 as protocol only - even for IPv6 lists.: Confirmed - created as an IPv6 rule in beta. Just means that all those out there using the "release" version are at r... Dave Tickem
09:01 PM pfSense Packages Bug #11590 (Closed): pfBlocker Issue when IPv6 is disabled: I noticed a crash report this morning when I logged into pfsense. I have ipv6 disabled on my pfsense box but it appea... Mark De Souza
06:52 PM Feature #11589 (Pull Request Review): Fix iftop experimental traffic fetcher, unify and improve output style: There were several problems with iftop fetcher.
Although it offered IPv6 unlike "rate" tool, its output is limited... Ashus CZ
06:34 PM pfSense Packages Bug #11585: WireGuard kernel panic when changing peer port on assigned WireGuard interface: Interestingly enough, I haven't had any panics on my cloud instances hosted on Vultr, though my instances hosted on-p... Christian McDonald
02:24 PM pfSense Packages Bug #11585: WireGuard kernel panic when changing peer port on assigned WireGuard interface: Parts of the backtrace are similar to #11586 but it's not an exact match. Jim Pingle
02:22 PM pfSense Packages Bug #11585 (New): WireGuard kernel panic when changing peer port on assigned WireGuard interface: Jim Pingle
02:22 PM pfSense Packages Bug #11585 (Closed): WireGuard kernel panic when changing peer port on assigned WireGuard interface: Jim Pingle
02:19 PM pfSense Packages Bug #11585: WireGuard kernel panic when changing peer port on assigned WireGuard interface: That does appear to be one we haven't seen yet:... Jim Pingle
02:06 PM pfSense Packages Bug #11585: WireGuard kernel panic when changing peer port on assigned WireGuard interface: Also hitting this when changing the port on the local wg interface...sometimes. Sometimes changing the port is fine, ... Christian McDonald
01:59 PM pfSense Packages Bug #11585 (Closed): WireGuard kernel panic when changing peer port on assigned WireGuard interface: All I did was change the port on peer 0. Christian McDonald
05:34 PM Regression #11316: Unbound crashes with signal 11 when reloading: I have the same issue, after updating two of my pfsense boxes I see abut 4 to 5 messages from each per hour
"Ser... Vöggur Guðmundsson
05:29 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: Greg Shaffer wrote:
> #echo $2 > /tmp/em0_routerv6
> echo "fe80::X:X:X:X" > /tmp/em0_routerv6
> #echo $2 > /tmp/em... Anonymous
12:12 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: Thank you @Greg Schaffer, that worked for me! Car F
02:49 PM Bug #11578 (Pull Request Review): Error when removing automatic DNS server route: Jim Pingle
02:30 PM Bug #11578: Error when removing automatic DNS server route: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/166 Viktor Gurov
07:45 AM Bug #11578: Error when removing automatic DNS server route: Looks like that route command is missing @-inet6@ somehow.
Fixed up subject and category. Jim Pingle
02:25 AM Bug #11578 (Closed): Error when removing automatic DNS server route: The log stats:
/system.php: The command '/sbin/route -q delete -host 2001:4860:4860::8888 'dynamic'' returned exit... Kristian Krautwald
02:47 PM pfSense Packages Bug #11582 (Pull Request Review): FreeRADIUS XML-RPC Sync doesn't sync all configuration sections: Jim Pingle
02:13 PM pfSense Packages Bug #11582: FreeRADIUS XML-RPC Sync doesn't sync all configuration sections: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/63 Viktor Gurov
09:25 AM pfSense Packages Bug #11582 (Resolved): FreeRADIUS XML-RPC Sync doesn't sync all configuration sections: Using the XML-RPC Sync feature of the FreeRADIUS package doesn't sync all configuration sections.
For example:
* ... Alexis Mestag
02:45 PM Bug #11581 (Pull Request Review): Cannot configure WAN IP address with ``/32`` CIDR mask via console menu: Jim Pingle
02:03 PM Bug #11581: Cannot configure WAN IP address with ``/32`` CIDR mask via console menu: Allow to enter /32 netmask and non-local gateway in the console menu:
https://gitlab.netgate.com/pfSense/pfSense/-/m... Viktor Gurov
09:21 AM Bug #11581 (Resolved): Cannot configure WAN IP address with ``/32`` CIDR mask via console menu: I logged in via the serial console and used the '2) Set interfaces(s) IP address' flow. That prompts for a WAN IP and... Ken Bass
02:37 PM Feature #11588 (New): Automatically suggest next IP address in Wireguard interface subnet when creating a peer: When creating a new WireGuard peer, we should suggest/pre-fill the AllowedIPs field with the next IP address in the W... Jim Pingle
02:28 PM Bug #11587 (Closed): WireGuard interfaces do not have data on traffic graphs: Moving over from NG 5522
Sending iperf3 traffic across a wireguard interface from a client on the LAN side to a se... Jim Pingle
02:25 PM Bug #11586: WireGuard panic when saving many times in a row: Textdump from one of the occurences Jim Pingle
02:24 PM Bug #11586: WireGuard panic when saving many times in a row: Parts of the backtrace are similar to #11585 but it's not an exact match. Jim Pingle
02:22 PM Bug #11586 (Not a Bug): WireGuard panic when saving many times in a row: Moving this over from NG 5538
There is still a lingering panic in WireGuard when saving on an interface, but it's ... Jim Pingle
02:25 PM Revision 7990de53: route_get() optimization. Fixes #11475: Viktor Gurov
02:24 PM Revision 490b5b48: Set correct DHCP failover peer IP on XMLRPC sync. Fixes #11519: Viktor Gurov
02:23 PM Revision e89e12e8: Move custom IPSEC NAT-T port settings to Advanced Options. Todo #11518: Viktor Gurov
02:23 PM Revision c08d270e: Set explicit-exit-notify to 1 for new OpenVPN Client instances. Implements #11521: Viktor Gurov
02:18 PM Revision 3939c0e3: IPsec Mobile users swanctl.conf fix. Issue #11564: Viktor Gurov
02:17 PM Revision 4a51b9cd: IPsec peer ID Any fix. Issue #11555: Viktor Gurov
02:17 PM Revision f4d883da: Cisco AVPair parse {clientip}. Fixes #11561: Viktor Gurov
02:16 PM Revision 44baf5a7: OpenVPN data-ciphers option length validation. Issue #11559: Viktor Gurov
02:15 PM Revision f725132e: OpenVPN ncp_enable checkbox fix. Issue #11554: Viktor Gurov
02:14 PM Revision a1fe8144: Restart unbound on interface recover. Fixes #11547: Viktor Gurov
02:13 PM Revision cfff0f35: IPsec VTI interfaces bootup fix. Issue #11537: Viktor Gurov
02:10 PM Revision 296c5881: WPA Enterprise PAP inner method support. Issue #2400: Viktor Gurov
02:06 PM pfSense Docs Correction #11584 (Resolved): Renaming Proxmox to Proxmox Virtual Environment or Proxmox VE: Fixed in https://gitlab.netgate.com/docs/pfSense-docs/-/commit/011d1208863cba0531065173fc63e93da09dcb2a Jim Pingle
01:58 PM pfSense Docs Correction #11584 (Resolved): Renaming Proxmox to Proxmox Virtual Environment or Proxmox VE: Received a request from Proxmox Marketing team to ensure we correctly use their mark in the documentation:
> May I... Jim Pingle
02:05 PM Revision 95e599a1: Show changed NAT timeouts on the system_advanced_firewall page. Issue #11565: Viktor Gurov
02:01 PM Revision 0e432655: Merge pull request #4504 from bashkarev/master: Renato Botelho
02:00 PM Revision f7e4e439: Merge pull request #4505 from woeperbe/patch-1: Renato Botelho
01:36 PM pfSense Packages Bug #11580 (Pull Request Review): FTP client proxy - source and destination bypass limitation: Jim Pingle
11:19 AM pfSense Packages Bug #11580: FTP client proxy - source and destination bypass limitation: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/62 Viktor Gurov
04:40 AM pfSense Packages Bug #11580 (Resolved): FTP client proxy - source and destination bypass limitation: Not able to use alias in Proxy Bypass: Source and Proxy Bypass: Destination.
I tried to manually add to config.xml a... Michal Kubin
01:24 PM Feature #7842 (Feedback): New Dynamic DNS Provider: Mythic-Beasts: Ronald Schellberg wrote:
> Viktor Gurov wrote:
> > Applied in changeset commit:fe6b125233f40f5919746b1cb90c39b459aa... Viktor Gurov
01:18 PM Bug #11583: dashboard nginx 504 Gateway time-out error: That could maybe happen with an excessively large log file size (downright huge if it's 59MB _compressed_) but ultima... Jim Pingle
12:26 PM Bug #11583: dashboard nginx 504 Gateway time-out error: I was finally able to login by deleting the filter.log.x.bz2 files in the /var/log directory. There were 6 of them an... Adam Esslinger
12:16 PM Bug #11583: dashboard nginx 504 Gateway time-out error: once I finally got logged in I see this in the system logs:
2021/03/01 13:12:17 [error] 88327#100711: *20 upstream... Adam Esslinger
12:15 PM Bug #11583 (Not a Bug): dashboard nginx 504 Gateway time-out error: There isn't enough information here to point to one specific issue and this site is not for support or diagnostic dis... Jim Pingle
11:59 AM Bug #11583 (Not a Bug): dashboard nginx 504 Gateway time-out error: Ever since upgrading to version 2.5 logging into the firewall takes a really long time. Once logged in and navigatin... Adam Esslinger
01:14 PM Bug #11187: WAN_DHCP6 down, but IPv6 actually works: Does pfSense track the changes to dhcp6c that are being made by Marjohn56 on the opn side? Not sure if this is direct... → luckman212
11:59 AM Revision 7b2bca91: Update services.inc: Corrects the error in the dynamic DNS widget
warning: array_combine(): both parameters should have an equal number of... Marc Buffet
11:22 AM Feature #11577: Syslog should not require binding to interface for remote logging: Ter Ted wrote:
> No, you have to bind to the port in order to receive events, not to send them. This is just a very ... Jim Pingle
11:14 AM Feature #11577: Syslog should not require binding to interface for remote logging: No, you have to bind to the port in order to receive events, not to send them. This is just a very basic concept for ... Ter Ted
07:36 AM Feature #11577 (Rejected): Syslog should not require binding to interface for remote logging: Binding to all interfaces is not binding to a specific interface ("All" is not "specific") and "All" is an option in ... Jim Pingle
10:21 AM pfSense Packages Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port: adding _nobind_ fixes the problems with viscosity on mac big sur not reconnecting after a disconnect. It continues to... IT Support
09:58 AM Bug #11330: IGMP Proxy upgrade to latest version: I did experience the kernel panic/reboot/kernel panic continuous loop again during 2.5 DEV versions a few weeks ago, ... Patrick Monfette
04:58 AM Bug #11330: IGMP Proxy upgrade to latest version: I think that I am currently having the same issues with igmp proxy since upgrading to pfsense 2.5.0:
2.5.0-RELEASE... simon lock
08:35 AM Regression #11475: Route tables with many entries can lead to PHP errors and timeouts when looking up routes: Applied in changeset commit:7990de53bfc8267d1dd96636a175929a35cbe664. Viktor Gurov
08:25 AM Regression #11475 (Feedback): Route tables with many entries can lead to PHP errors and timeouts when looking up routes: PR has been merged. Thanks! Renato Botelho
08:30 AM Regression #11519: Incorrect DHCP failover IP address configured on peer after XMLRPC sync: Applied in changeset commit:490b5b480f1b46a6f93e0ba99fff578a61f3293c. Viktor Gurov
08:24 AM Regression #11519 (Feedback): Incorrect DHCP failover IP address configured on peer after XMLRPC sync: PR has been merged. Thanks! Renato Botelho
08:30 AM Feature #11521: Set Explicit Exit Notify to ``1`` by default for new OpenVPN client instances: Applied in changeset commit:c08d270edc1f7439de103a205cd2a4262c3eb22d. Viktor Gurov
08:23 AM Feature #11521 (Feedback): Set Explicit Exit Notify to ``1`` by default for new OpenVPN client instances: PR has been merged. Thanks! Renato Botelho
08:25 AM Regression #11561: ACLs generated from RADIUS reply attributes do not parse ``{clientip}`` macro: Applied in changeset commit:f4d883dadee6e339997b29f5b4623a88b190b840. Viktor Gurov
08:17 AM Regression #11561 (Feedback): ACLs generated from RADIUS reply attributes do not parse ``{clientip}`` macro: PR has been merged. Thanks! Renato Botelho
08:24 AM Todo #11518 (Feedback): Move custom IPsec NAT-T port settings to Advanced Options: PR has been merged. Thanks! Renato Botelho
08:20 AM Bug #11547: DNS Resolver does not bind to an interface when it recovers from a down state: Applied in changeset commit:a1fe814421904ca00b6a04431d62ba18dcebf607. Viktor Gurov
08:14 AM Bug #11547 (Feedback): DNS Resolver does not bind to an interface when it recovers from a down state: PR has been merged. Thanks! Renato Botelho
08:18 AM Regression #11564 (Feedback): strongSwan configuration always contains user EAP/PSK values: PR has been merged. Thanks! Renato Botelho
08:18 AM Regression #11555 (Feedback): IPsec peer ID of "Any" does not generate a proper remote definition or related secrets: PR has been merged. Thanks! Renato Botelho
08:16 AM Bug #11559 (Feedback): OpenVPN does not start with a long list of Data Encryption Algorithms: PR has been merged. Thanks! Renato Botelho
08:16 AM Bug #11554 (Feedback): Selected Data Encryption Algorithms list items reset when an input validation error occurs: PR has been merged. Thanks! Renato Botelho
08:14 AM Regression #11537 (Feedback): IPsec VTI tunnel between IPv6 peers may not configure correctly: PR has been merged. Thanks! Renato Botelho
08:11 AM Feature #2400 (Feedback): GUI options for WPA Enterprise with identity/password: PR has been merged. Thanks! Renato Botelho
08:07 AM Feature #11420 (Feedback): New Dynamic DNS Provider: Gandi LiveDNS IPv6: PR has been merged. Thanks! Renato Botelho
08:02 AM Feature #11420 (Pull Request Review): New Dynamic DNS Provider: Gandi LiveDNS IPv6: New PR to fix syntax error introduced by the previous PR:
https://github.com/pfsense/pfsense/pull/4505 Jim Pingle
08:00 AM Feature #11420: New Dynamic DNS Provider: Gandi LiveDNS IPv6: There is an error introduced by this change and fixed by https://github.com/pfsense/pfsense/pull/4505 Renato Botelho
08:07 AM Regression #11565 (Feedback): Saved state timeout values not loaded into GUI fields on system_advanced_firewall.php: PR has been merged. Thanks! Renato Botelho
08:01 AM Bug #11569 (Feedback): ACLs generated from RADIUS reply attributes have incorrect syntax: PR has been merged. Thanks! Renato Botelho
07:56 AM pfSense Packages Bug #11459 (Feedback): pfBlockerNG doesn't include WireGuard interface in outbound floating rules: PR has been merged. Thanks! Renato Botelho
07:52 AM pfSense Packages Feature #11560 (Feedback): add ena(4) to the list of INLINE mode (netmap) supported cards: PR has been merged. Thanks! Renato Botelho
07:51 AM pfSense Packages Feature #11533 (Feedback): add ena(4) to the list of INLINE mode (netmap) supported cards: PR has been merged to 2.6.0/21.05 snapshots and will be cherry-picked to stable branches together with last binary up... Renato Botelho
07:49 AM Regression #11550: Segmentation fault when loading ALTQ traffic shaping rules using FAIRQ: Have you tried only using FAIRQ instead of only using PRIQ? It's not clear from the symptom behavior if the problem i... Jim Pingle
01:13 AM Regression #11550: Segmentation fault when loading ALTQ traffic shaping rules using FAIRQ: Jim Pingle wrote:
> Not that it should cause a segfault, but why are you mixing FAIRQ, PRIQ, and HFSC?
I used PRI... Thorsten Zitterell
07:48 AM pfSense Packages Bug #11546 (Feedback): incorrect 'set as-path' command: PR has been merged. Thanks! Renato Botelho
07:48 AM pfSense Packages Bug #11517 (Feedback): Zebra Access List Names don't prevent spaces, but a whitespace in the name will stop FRR from starting: PR has been merged. Thanks! Renato Botelho
07:48 AM pfSense Packages Bug #11511 (Feedback): OSPF distribute List always empty: PR has been merged. Thanks! Renato Botelho
07:41 AM Feature #11562: Syslog should not require binding to interface for remote logging: It is true as worded ("Any" is not "a specific interface").
Jim Pingle
12:02 AM Feature #11562: Syslog should not require binding to interface for remote logging: Jim Pingle wrote:
> It's to set the source address of the syslog traffic, not to bind the server. It's necessary for... Ter Ted
07:40 AM pfSense Packages Feature #10858 (Feedback): OpenVPN Client silent install: PR has been merged. Thanks! Renato Botelho
07:40 AM pfSense Packages Feature #11520 (Feedback): Add 'explicit-exit-notify' option by default: PR has been merged. Thanks! Renato Botelho
07:36 AM pfSense Packages Bug #11532 (Feedback): LCDproc service is not disabled: PR has been merged. Thanks! Renato Botelho
07:35 AM pfSense Packages Bug #11515 (Feedback): node_exporter 0.18.1_1 - Unable to interact or start the service from web ui: PR has been merged. Thanks! Renato Botelho
05:46 AM Bug #11464: Requests to ``ews.netgate.com`` do not honor proxy configuration: Steve Beaver wrote:
> Applied in changeset commit:2cb3c56db2366c9cadb04757bd3143ea0d7e7378.
I can confirm that th... Florian Apolloner
03:26 AM pfSense Packages Feature #11579 (New): Snort alerts or blocks trigger notifications: I use the default pfSense notifications under System -> Advanced -> Notifications, and I'd love to be able to receive... Offstage Roller
02:06 AM pfSense Plus Regression #11444: SG-3100 doesn't pass traffic after upgrade to 21.02: Let me share some of mny observartions in the last 3 days.
* hw.ncpu=unset, all non default Packages diabled = Sta... Marco Goetze

02/28/2021

11:58 PM Feature #11577 (Rejected): Syslog should not require binding to interface for remote logging: As of now, it is not possible to log to remote server without binding syslog to local interface. This shouldn't be re... Ter Ted
11:24 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: UPDATE:
Here is a diff of my changes to /etc/inc/interfaces.inc
Greg Shaffer
08:47 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: I noticed that both /tmp/em0_routerv6 and /tmp/em0_defaultgwv6 were empty while the ipv4 versions had the valid route... Greg Shaffer
02:52 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: If ManagedConfigFlag is set in rtsold, managedconf_script (-M) will execute instead of otherconf_script (-O)
pfsen... Tim Dunn
10:28 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: Michael Virgilio wrote:
> but routing is working. Without specifying a monitoring address, the status on the dashbo... Steve Y
09:45 PM pfSense Packages Bug #11572: Auto created firewall rules have IPv4 as protocol only - even for IPv6 lists.: Please update to pfBlockerNG-devel, as pfBlockerNG is not receiving many updates. This issue is resolved in devel. BBcan177 .
04:19 AM pfSense Packages Bug #11572 (New): Auto created firewall rules have IPv4 as protocol only - even for IPv6 lists.: Using any IPv6 list in pfblocker-ng "IPv6 settings" tab results in a firewall rule with the protocol set to IPv4. Thi... Dave Tickem
04:17 PM pfSense Packages Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port: OpenVPN 2.5.1 does not appear to make a difference for this. I built a package for FreeBSD and loaded it, as well as ... Jim Pingle
11:15 AM pfSense Packages Bug #11575 (Resolved): OpenVPN clients cannot pass traffic when reconnecting using the same source port: If an OpenVPN client reconnects immediately after disconnecting, in certain cases it cannot pass traffic.
This app... Jim Pingle
04:13 PM Bug #7801: UDP fragments received over IPsec tunnel are not properly reassembled and forwarded: I hit the same issue with EAP-TLS (Wireless authentication) UDP fragmented packages from AP to NPS (Radius) server no... Rai Wol
11:56 AM Feature #11576 (Closed): IPsec GUI option to control Child SA ``start_action``: Currently we set the child SA start option automatically depending on a few different factors, but it would be nice t... Jim Pingle
11:08 AM pfSense Packages Todo #11574 (Duplicate): Add "nobind" to exported OpenVPN configurations by default: Remote access OpenVPN clients should be using @nobind@ in their configurations so they use a random port and appropri... Jim Pingle
09:23 AM Bug #11541 (New): OpenVPN status does not work properly when set to TCP and Concurrent Connections = 1: I can replicate that here now even on Remote Access (not P2P) so it appears to be a limitation in OpenVPN itself when... Jim Pingle
09:10 AM Bug #11541: OpenVPN status does not work properly when set to TCP and Concurrent Connections = 1: Not that I'd expect that to cause a problem, but why would you set that to 1? It doesn't make much sense.
If you don... Jim Pingle
03:31 AM Bug #11541: OpenVPN status does not work properly when set to TCP and Concurrent Connections = 1: I've found that if I set the 'Concurrent connections' value to anything greater than 1, my client is now shown in the... Ryan Fitton
09:06 AM pfSense Packages Feature #11573: Custom Commands: That wouldn't be something we'd consider for the base system, but we might consider it if someone wanted to make a pa... Jim Pingle
07:17 AM pfSense Packages Feature #11573 (New): Custom Commands: Ability to store custom commands on pfsense, and able to run them from same page.
For example storing this command... Manjot Singh
06:49 AM Todo #10464: Don't change the current update repo when new releases are available: At least now I can't reproduce the spontaneous upgrade, which is good in this case, I suppose. I'm sorry if I was spr... Christian Ullrich

02/27/2021

09:21 PM Revision 321fbbdb: Fixed bug parsing netmask cisco acl: Dmitry Bashkarev
07:55 PM pfSense Packages Bug #10429: Status Traffic Total broken 2.4.5: The patch provided by me above with the instructions works to fix it on 2.4.5, or, you can also update to 2.5.0 which... Chris R
07:53 PM pfSense Packages Bug #10429: Status Traffic Total broken 2.4.5: hello guys.
has this been fixed in 4.5? Andres Mora
06:38 PM Feature #7842 (New): New Dynamic DNS Provider: Mythic-Beasts: Jim Pingle
06:24 PM Feature #7842: New Dynamic DNS Provider: Mythic-Beasts: Viktor Gurov wrote:
> Applied in changeset commit:fe6b125233f40f5919746b1cb90c39b459aa39fd.
The commit looks righ... Ronald Schellberg
05:00 PM Bug #11571 (Rejected): Spoofing MAC address on a WAN interface causes erratic behaviour when using an L2TP tunnel on the spoofed interface: The details here don't quite line up -- please start a forum thread to discuss and diagnose this problem in more deta... Jim Pingle
04:38 PM Bug #11571 (Rejected): Spoofing MAC address on a WAN interface causes erratic behaviour when using an L2TP tunnel on the spoofed interface: I use an L2TP tunnel by Andrews and Arnolds here in the UK, as allows for access to their network without being a ful... Aman Halai
04:49 PM Regression #11570: Gateway monitoring services is not always restarted on interface events, which may prevent a WAN from recovering back to an online state: I forgot to mention... this does problem only seems to occur when you fail the main by way of unplugging the WAN inte... M L
03:40 PM Regression #11570 (Closed): Gateway monitoring services is not always restarted on interface events, which may prevent a WAN from recovering back to an online state: Good evening. This seems to be a new bug in 2.5, and was not a problem in 2.4. In gateway group configured for main... M L
03:41 PM Regression #11565 (Pull Request Review): Saved state timeout values not loaded into GUI fields on system_advanced_firewall.php: Jim Pingle
09:05 AM Regression #11565: Saved state timeout values not loaded into GUI fields on system_advanced_firewall.php: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/164 Viktor Gurov
08:50 AM Regression #11565 (Closed): Saved state timeout values not loaded into GUI fields on system_advanced_firewall.php: In system -> advanced -> Firewall & NAT
UDP timeouts are not saved. Sometimes after setting, they show up correctl... Viktor Gurov
03:40 PM Regression #11564 (Pull Request Review): strongSwan configuration always contains user EAP/PSK values: The pre-shared key tab entries have uses with site-to-site tunnels they aren't solely for mobile setups.
EAP entri... Jim Pingle
08:37 AM Regression #11564: strongSwan configuration always contains user EAP/PSK values: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/163 Viktor Gurov
08:07 AM Regression #11564 (Closed): strongSwan configuration always contains user EAP/PSK values: /var/etc/ipsec/swanctl.conf always contains users eap/psk keys:... Viktor Gurov
03:31 PM Regression #11555 (Pull Request Review): IPsec peer ID of "Any" does not generate a proper remote definition or related secrets: Jim Pingle
06:39 AM Regression #11555: IPsec peer ID of "Any" does not generate a proper remote definition or related secrets: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/162 Viktor Gurov
03:18 PM Bug #11548 (New): "rule expands to no valid combination" error from port forward automatic rule mixing IPv4 and IPv6 elements: It could be a case where the invalid rule is generated when the interface doesn't have IPv4 configured yet. I thought... Jim Pingle
05:19 AM Bug #11548: "rule expands to no valid combination" error from port forward automatic rule mixing IPv4 and IPv6 elements: still unable to reproduce, works fine for me (pppoe0 is vtnet2 with DHCP6):... Viktor Gurov
03:39 AM Bug #11548: "rule expands to no valid combination" error from port forward automatic rule mixing IPv4 and IPv6 elements: Jonas Libbrecht wrote:
> When I look at the /tmp/rules.debug at this moment. I see the (recreated) rule in question ... Jonas Libbrecht
03:37 AM Bug #11548: "rule expands to no valid combination" error from port forward automatic rule mixing IPv4 and IPv6 elements: When I look at the /tmp/rules.debug at this moment. I see the (recreated) rule in question has been assigned a privat... Jonas Libbrecht
03:24 AM Bug #11548: "rule expands to no valid combination" error from port forward automatic rule mixing IPv4 and IPv6 elements: Jim Pingle wrote:
> It's not the port range or NAT reflection, it's the fact that the rule says @inet6@ and uses an ... Jonas Libbrecht
03:14 PM Bug #11569 (Pull Request Review): ACLs generated from RADIUS reply attributes have incorrect syntax: I thought this got fixed with #10803 but apparently not. Jim Pingle
03:07 PM Bug #11569: ACLs generated from RADIUS reply attributes have incorrect syntax: Ready for review: https://github.com/pfsense/pfsense/pull/4504 Dmitry Bashkarev
02:59 PM Bug #11569 (Resolved): ACLs generated from RADIUS reply attributes have incorrect syntax: FreeRADIUS ACLs:... Dmitry Bashkarev
03:05 PM Feature #11562 (Rejected): Syslog should not require binding to interface for remote logging: It's to set the source address of the syslog traffic, not to bind the server. It's necessary for things like tunnel m... Jim Pingle
03:27 AM Feature #11562 (Rejected): Syslog should not require binding to interface for remote logging: As of now, it is not possible to log to remote server without binding syslog to local interface. This shouldn't be re... Ter Ted
03:02 PM Regression #11561 (Pull Request Review): ACLs generated from RADIUS reply attributes do not parse ``{clientip}`` macro: Jim Pingle
02:00 AM Regression #11561: ACLs generated from RADIUS reply attributes do not parse ``{clientip}`` macro: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/161 Viktor Gurov
01:51 AM Regression #11561 (Closed): ACLs generated from RADIUS reply attributes do not parse ``{clientip}`` macro: Template variable "{clientip}" that is replaced with the connecting clients VPN IP (#9206) is not parsed:... Viktor Gurov
02:53 PM Bug #11541: OpenVPN status does not work properly when set to TCP and Concurrent Connections = 1: I don't see any significant differences in the status output contents other than the TCP version you printed has a lo... Jim Pingle
02:47 PM Bug #11541: OpenVPN status does not work properly when set to TCP and Concurrent Connections = 1: Yes, still the same result when the system has had a full reboot.
I've also installed a fresh copy of pfSense 2.5 ... Ryan Fitton
05:33 AM Bug #11541: OpenVPN status does not work properly when set to TCP and Concurrent Connections = 1: Ryan Fitton wrote:
> Also, I should mention when running 'nc -U /var/etc/openvpn/server2/sock' in TCP mode; it takes... Viktor Gurov
05:10 AM Bug #11541: OpenVPN status does not work properly when set to TCP and Concurrent Connections = 1: Also, I should mention when running 'nc -U /var/etc/openvpn/server2/sock' in TCP mode; it takes up to 1 minute for th... Ryan Fitton
05:07 AM Bug #11541: OpenVPN status does not work properly when set to TCP and Concurrent Connections = 1: I can confirm the system location for this server is, /var/etc/openvpn/server2/. Based on the commands you sent; the ... Ryan Fitton
02:48 PM Bug #11559 (Pull Request Review): OpenVPN does not start with a long list of Data Encryption Algorithms: Jim Pingle
12:20 AM Bug #11559: OpenVPN does not start with a long list of Data Encryption Algorithms: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/160 Viktor Gurov
12:03 AM Bug #11559 (Closed): OpenVPN does not start with a long list of Data Encryption Algorithms: If you select too many data ciphers OpenVPN won't start:... Viktor Gurov
02:45 PM Regression #11550: Segmentation fault when loading ALTQ traffic shaping rules using FAIRQ: Not that it should cause a segfault, but why are you mixing FAIRQ, PRIQ, and HFSC?
Does the crash happen if all yo... Jim Pingle
02:42 PM pfSense Packages Feature #11560 (Pull Request Review): add ena(4) to the list of INLINE mode (netmap) supported cards: Jim Pingle
12:30 AM pfSense Packages Feature #11560: add ena(4) to the list of INLINE mode (netmap) supported cards: https://github.com/pfsense/FreeBSD-ports/pull/1047 Viktor Gurov
12:22 AM pfSense Packages Feature #11560 (Resolved): add ena(4) to the list of INLINE mode (netmap) supported cards: add ena(4) to the list of INLINE mode (netmap) supported cards (pfSense 2.5/21.02)
see https://github.com/pfsense/... Viktor Gurov
02:38 PM Regression #11568 (Resolved): Alias name change is not reflected in firewall rules: Already fixed in NG 5685 and commit:6ecf793e0f4a5c3922c5c00a087a1adea104e50a (master) commit:585e7567d0e308ce440ff1b0... Jim Pingle
02:13 PM Regression #11568 (Resolved): Alias name change is not reflected in firewall rules: To reproduce the issue:
- Create an alias ( ip or port )
- Make a firewall rule containing the alias ( source or ... Vendel Cseh
01:55 PM Bug #4521: OpenVPN authentication and certificate validation fail due to size of data passed through ``fcgicli``: Replacing fcgicli with php-cgi works for me as well when using self generated cert, intermediate and root CA with len... Rick Frey
01:34 PM Todo #10464: Don't change the current update repo when new releases are available: [First off: This bug currently has priority "low". I suggest raising it to "RED ALERT!"]
Just a quick update: I wr... Christian Ullrich
12:30 PM pfSense Packages Feature #11567 (New): Email report add a note filed request: I think for the email reports it'd be highly useful to have a note filed added.
Here is a use case:
Say a user ... Yuri Weinstein
10:05 AM pfSense Packages Bug #11449: BIND fails during/after upgrade to 21.02/2.50: Hello team,
Any idea when this will be ported to armv7 arch (Netgate SG-3100)?
https://pkg.freebsd.org/FreeBSD... Tchello Mello
03:37 AM pfSense Packages Bug #11449: BIND fails during/after upgrade to 21.02/2.50: manual installation of the latest BIND version fixes the issue:... Viktor Gurov
10:01 AM Bug #11566 (Resolved): Firewall Maximum Table Entries "default size" is whatever is entered: On at least 2.4.5 and 2.5, Firewall Maximum Table Entries has text "On this system the default size is: 2000000." Wh... Steve Y
09:41 AM Feature #11125 (Resolved): Kernel module for RTL8153 driver: Looks good. Module is present and loads correctly:... Steve Wheeler
07:46 AM Bug #11387 (Resolved): Interfaces page displays MAC Address field for interfaces which do not support L2: Tested on the latest release. It looks fine. Ticket resolved. Danilo Zrenjanin
07:11 AM pfSense Packages Bug #11563 (Confirmed): BIND GUI writes TXT records > 255 characters: System: Netgate SG-3100, 2.4.5_1 (I checked the "git log":https://github.com/pfsense/FreeBSD-ports/commits/6209a37396... Bill McGonigle
06:40 AM Bug #11489 (Resolved): Invalid certificate data can cause a PHP error: Danilo Zrenjanin
06:35 AM Bug #11514 (Resolved): Renewing a self-signed CA or certificate does not update the serial number: Tested on the latest release.
Renewed certificate got a new serial number. It works as expected. Ticket resolved. Danilo Zrenjanin
03:01 AM pfSense Packages Bug #11182: NRPE in HA syncs the bind IP: I can confirm that behaviour as well as 2.4.5p1 and 2.5 Pim Pish
02:23 AM pfSense Packages Feature #10739: Update HAproxy-devel package to 2.2 and HAproxy to 2.0: And another point "Health Check Overhaul - now multiply healtchecks are possible for one backend so changes must be u... DRago_Angel [InV@DER]
02:22 AM pfSense Packages Bug #11491: haproxy-devel v0.62_2 - startup error 'httpchk': Because now correct syntax is another:
https://cbonte.github.io/haproxy-dconv/2.2/configuration.html#4.2-http-check%... DRago_Angel [InV@DER]

02/26/2021

10:52 PM pfSense Packages Bug #11477: FRR does not recognize some BFD options: looks ,FRR 7.5 does not have "default" and "label' options
pfSense.home.arpa(config-bfd-peer)#
detect-multiplie... Alhusein Zawi
05:18 PM Bug #11557: OpenVPN fails in tls-validate after upgrading to PfSense 2.5: It's not the cert subject per se but the underlying issue of the data from OpenVPN not passing through fcgicli to PHP... Jim Pingle
05:02 PM Bug #11557: OpenVPN fails in tls-validate after upgrading to PfSense 2.5: I had the error fixed by setting a fixed "Certificate Depth" (check_depth=2) instead of looping over the sequence. I ... Fold right
01:24 PM Bug #11557 (Duplicate): OpenVPN fails in tls-validate after upgrading to PfSense 2.5: Same root cause as #4521 (and a couple other similar issues that already exist)
Jim Pingle
01:23 PM Bug #11557 (Duplicate): OpenVPN fails in tls-validate after upgrading to PfSense 2.5: If OpenVPN server is configured with a "Certificate Depth" higher than 1, the _/usr/local/sbin/ovpn_auth_verify_ will... Fold right
05:10 PM Bug #4521: OpenVPN authentication and certificate validation fail due to size of data passed through ``fcgicli``: Nice! Thank you! Worked for me :)
// RESULT=$(/usr/local/sbin/fcgicli -f /etc/inc/openvpn.tls-verify.php -d "se... Robert Rumold
08:42 AM Bug #4521: OpenVPN authentication and certificate validation fail due to size of data passed through ``fcgicli``: Rick Frey wrote:
> Ran into this issue after updating pfsense (+) to 21.02 so appears problem still exists in latest... Viktor Gurov
03:10 PM Bug #11558 (Duplicate): WireGuard Panic: Same backtrace as #11538 Jim Pingle
02:43 PM Bug #11558 (Duplicate): WireGuard Panic: Hello,
While working today, my router randomly crashed and generated a crash report.
During this crash the web inte... Nick M
01:08 PM pfSense Packages Bug #11546: incorrect 'set as-path' command: No need for that, just pick "Set prepend" in the drop-down instead of "Set". The "Set" option is not in FRR now, but ... Jim Pingle
01:05 PM pfSense Packages Bug #11546: incorrect 'set as-path' command: work around:
- Copy commands: "set as-path 65001"
- add "prepend" : set as-path prepend 65001
- go to Service... Alhusein Zawi
07:33 AM pfSense Packages Bug #11546 (Pull Request Review): incorrect 'set as-path' command: Jim Pingle
12:55 AM pfSense Packages Bug #11546: incorrect 'set as-path' command: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/61 Viktor Gurov
12:18 AM pfSense Packages Bug #11546 (Resolved): incorrect 'set as-path' command: If you create a route map with AS Path Option = Set, an error will occur:... Viktor Gurov
01:05 PM Feature #11556: Kill states using the pre-NAT address: Correcting the category and subject
The ask here is for a way to kill based on the NAT address in the state instea... Jim Pingle
01:01 PM Feature #11556 (Resolved): Kill states using the pre-NAT address: Assume you have an external IP XXX
And an OpenVPN net 192.168.200.0/0
After OpenVPN client connects it gets a... Yuri Weinstein
12:50 PM Bug #9270: "Remove all states to and from the filtered address" does not remove all states: That's a different problem since it's a NAT address and not the final source or destination. Unrelated to this. I'm ... Jim Pingle
12:48 PM Bug #9270: "Remove all states to and from the filtered address" does not remove all states: Not sure if this should be added as a new issue
Assume you have an external IP XXX
And an OpenVPN net 192.168.200... Yuri Weinstein
12:33 PM Regression #11555 (Closed): IPsec peer ID of "Any" does not generate a proper remote definition or related secrets: When a peer identifier is set to "Any" the resulting swanctl.conf @remote@ block does not contain an @id@ line. Accor... Jim Pingle
11:47 AM Bug #11553: Unbound does not restart properly sometimes when DHCP Registration is enabled: Some additional info:
To work around the issue in this case this was reported from, one can do either of the follo... Marcos M
10:26 AM Bug #11553 (Duplicate): Unbound does not restart properly sometimes when DHCP Registration is enabled: Not specific to Plus.
The core of this is already covered by #5413 -- there may be some other Unbound bug beyond t... Jim Pingle
09:17 AM Bug #11553 (Duplicate): Unbound does not restart properly sometimes when DHCP Registration is enabled: Running the latest unbound (1.13.1) with the DHCP Registration setting enabled where DHCP entries get inserted in the... Kris Phillips
11:10 AM pfSense Packages Bug #11375 (New): UPS Type <BLANK> for USB APC: Viktor Gurov
11:07 AM Bug #11554 (Pull Request Review): Selected Data Encryption Algorithms list items reset when an input validation error occurs: Jim Pingle
11:01 AM Bug #11554: Selected Data Encryption Algorithms list items reset when an input validation error occurs: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/159 Viktor Gurov
10:34 AM Bug #11554 (Closed): Selected Data Encryption Algorithms list items reset when an input validation error occurs: How to reproduce:
1) Open OpenVPN instance for editing
2) Make any input error
3) Fix it and save
Now Data Ci... Viktor Gurov
10:57 AM Bug #11552 (Confirmed): Incorrect phase 2 entry removed when deleting multiple items consecutively: Confirmed here.
Test 1:
Made 6 P2 entries: 0 1 2 3 4 5
Deleted "1" P2: 0 2 3 4 5
Deleted "3" P2: 0 2 3 5
T... Jim Pingle
08:40 AM Bug #11552 (Resolved): Incorrect phase 2 entry removed when deleting multiple items consecutively: I had a phase1 entry with 6 phase2 entries. 3 of the phase2 entries were for tunnels to LAN and the other 3 were for... Dave Roberts
10:47 AM Bug #11547 (Pull Request Review): DNS Resolver does not bind to an interface when it recovers from a down state: Jim Pingle
10:02 AM Bug #11547: DNS Resolver does not bind to an interface when it recovers from a down state: rare issue, but could be fixed:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/158 Viktor Gurov
08:05 AM Bug #11547: DNS Resolver does not bind to an interface when it recovers from a down state: Ok thanks. Looks like setting it to "All" works for now. This behavior is new with the latest pfsense update. Never h... Frank Gouton
07:55 AM Bug #11547: DNS Resolver does not bind to an interface when it recovers from a down state: It's not a significant concern or it wouldn't be the default behavior. Both the firewall rules AND unbound ACLs preve... Jim Pingle
07:46 AM Bug #11547: DNS Resolver does not bind to an interface when it recovers from a down state: The option "All" includes the WAN interface too. Wouldn't it be a security risk to open the unbound port on the wan i... Frank Gouton
07:21 AM Bug #11547 (New): DNS Resolver does not bind to an interface when it recovers from a down state: Jim Pingle
07:21 AM Bug #11547 (Not a Bug): DNS Resolver does not bind to an interface when it recovers from a down state: This is very similar to #11087 -- Seems like you have specific interfaces selected for the resolver to use, and unbou... Jim Pingle
12:40 AM Bug #11547: DNS Resolver does not bind to an interface when it recovers from a down state: I'm made a mistake selecting the version. It's the latest stable version 2.5. Can you fix that please? Frank Gouton
12:38 AM Bug #11547 (Closed): DNS Resolver does not bind to an interface when it recovers from a down state: Unbound doesn't open a listening socket for an interface that has no active device. If you connect a device later it ... Frank Gouton
10:46 AM Bug #11541: OpenVPN status does not work properly when set to TCP and Concurrent Connections = 1: There may be some specific value in your OpenVPN status output tripping it up but debugging that is a little trickier... Jim Pingle
10:38 AM Bug #11541: OpenVPN status does not work properly when set to TCP and Concurrent Connections = 1: Hello,
Thankyou for both your quick replies.
In regards to your questions:
* "Are there any custom options def... Ryan Fitton
01:14 AM Bug #11541: OpenVPN status does not work properly when set to TCP and Concurrent Connections = 1: Unable to reproduce
TCP/UDP modes, Shared Key / SSL/TLS - I can always see the client connection on the Status / Op... Viktor Gurov
10:27 AM Bug #10624: Memory leak in Unbound with Python module and DHCP lease registration active: This would likely be fixed by also solving #5413 since it wouldn't restart in this case. Though the actual memory lea... Jim Pingle
09:33 AM pfSense Packages Feature #9238: Add support for Zerotier: @Netgate - Any chance this could be added to 2.5 ? Corey Boyle
09:07 AM Todo #11426 (Resolved): Deprecate old cryptographic accelerator hardware which is not viable on modern systems: Removed from 2.6.0
pfSense 2.4.5-p1:... Viktor Gurov
08:51 AM pfSense Packages Bug #11551: SG-3100 with pfBlockerNG doesn't pass traffic: Jim Pingle wrote:
> The PHP segfault may be similar to, or the same as, #11466
I definitely agree. Something weir... Bill Meeks
08:28 AM pfSense Packages Bug #11551: SG-3100 with pfBlockerNG doesn't pass traffic: The PHP segfault may be similar to, or the same as, #11466 Jim Pingle
08:15 AM pfSense Packages Bug #11551 (Closed): SG-3100 with pfBlockerNG doesn't pass traffic: SG-3100 appliance doesn't pass traffic on boot and I see error messages in `dmesg`:... Viktor Gurov
08:09 AM Regression #11550: Segmentation fault when loading ALTQ traffic shaping rules using FAIRQ: Jim Pingle wrote:
> Can you attach the config.xml entries for the shaper? It would help to see the queue settings an... Thorsten Zitterell
07:52 AM Regression #11550 (Feedback): Segmentation fault when loading ALTQ traffic shaping rules using FAIRQ: Unlikely that this is specific to Plus.
Can you attach the config.xml entries for the shaper? It would help to see... Jim Pingle
07:31 AM Regression #11550 (Resolved): Segmentation fault when loading ALTQ traffic shaping rules using FAIRQ: I have upgraded from 2.4.5p1 to 21.02/21.02p1 on my SG-4860.
Following traffic shaper rule causes an segmentation ... Thorsten Zitterell
08:01 AM Regression #11537 (Pull Request Review): IPsec VTI tunnel between IPv6 peers may not configure correctly: Jim Pingle
07:50 AM Regression #11537: IPsec VTI tunnel between IPv6 peers may not configure correctly: same issue with IPv4 VTI:... Viktor Gurov
07:48 AM Bug #11549 (Duplicate): DHCP relay not work behind gateway: Duplicate of #11523 Jim Pingle
07:31 AM Bug #11549 (Duplicate): DHCP relay not work behind gateway: Hello,
We have 2 XG-7100 and DHCP relay is working on multiple interfaces. Before upgrade (2.4.5_1), all worked fi... Anonymous
07:47 AM Bug #11548: "rule expands to no valid combination" error from port forward automatic rule mixing IPv4 and IPv6 elements: It's not the port range or NAT reflection, it's the fact that the rule says @inet6@ and uses an IPv6 gateway in reply... Jim Pingle
06:28 AM Bug #11548 (Feedback): "rule expands to no valid combination" error from port forward automatic rule mixing IPv4 and IPv6 elements: Jonas Libbrecht wrote:
> There were error(s) loading the rules: /tmp/rules.debug:245: rule expands to no valid combi... Viktor Gurov
01:49 AM Bug #11548: "rule expands to no valid combination" error from port forward automatic rule mixing IPv4 and IPv6 elements: Reddit post: https://www.reddit.com/r/PFSENSE/comments/loir4n/bug_pfsense_goes_in_denyall_after_upgrade_from/ Jonas Libbrecht
01:48 AM Bug #11548 (Closed): "rule expands to no valid combination" error from port forward automatic rule mixing IPv4 and IPv6 elements: After a upgrade from 2.4.5 (pfsense FE) to 21.02 (the new pfsense+), the router (Netgate SG-4860) goes on all network... Jonas Libbrecht
07:41 AM Regression #11545: Primary interface address is not always used when VIPs are present: Sounds more like a new variation or regression of #3997
Doubtful that this is specific to Plus, so moving to pfSense. Jim Pingle
01:00 AM Regression #11545: Primary interface address is not always used when VIPs are present: Could be the same issue as #5999 (service takes the first IP address on the interface, instead of a non-VIP address) Viktor Gurov
07:36 AM pfSense Plus Regression #11444: SG-3100 doesn't pass traffic after upgrade to 21.02: Marco Goetze wrote:
> Question: Was 21.02.p1 just a quick fix addind a cpu limit to laoder.conf or was the membar al... Jim Pingle
05:42 AM pfSense Plus Regression #11444: SG-3100 doesn't pass traffic after upgrade to 21.02: What Viktor mentioned could be a reason. In my tested and still failing SG-3100 it also used the pfBlockerNG-dev pack... Marco Goetze
04:18 AM pfSense Plus Regression #11444: SG-3100 doesn't pass traffic after upgrade to 21.02: same issue after upgrading to 21.02-p1:... Viktor Gurov
02:41 AM pfSense Plus Regression #11444: SG-3100 doesn't pass traffic after upgrade to 21.02: After the Problem occurred first time I applied the quick fix setting to 1 CPU in the loader.conf > hw.ncpu=1
Now ... Marco Goetze
05:24 AM Bug #11149: DHCP relay won't start with DHCP server behind gateway: John Cinuy wrote:
> I have the same problem after an upgrade with our XG 7100 with 21.02-RELEASE-p1
> The DHCP ser... Mark Lavrijsen
01:04 AM Bug #11149 (Duplicate): DHCP relay won't start with DHCP server behind gateway: see #11523 Viktor Gurov

02/25/2021

11:32 PM Bug #9643: Limiters do not function properly on 2.5 snapshots: I believe I have the same issue, I just upgraded from 2.4.5 to 2.5.0 and upload queues are empty.
I also use multi-W... Ashus CZ
11:20 PM pfSense Docs Todo #11536: Feedback on Virtual Private Networks — OpenVPN — Controlling Client Parameters via RADIUS: + add info about '{clientip}' template variable (#9206) Viktor Gurov
09:57 AM pfSense Docs Todo #11536 (Closed): Feedback on Virtual Private Networks — OpenVPN — Controlling Client Parameters via RADIUS: *Page:* https://docs.netgate.com/pfsense/en/latest/vpn/openvpn/client-parameters-radius.html
*Feedback:*
Parame... Viktor Gurov
09:20 PM Regression #11545: Primary interface address is not always used when VIPs are present: This appears to be a more general issue that can affect IPSec.
In some situations the interface can start to use a... Steve Wheeler
09:15 PM Regression #11545 (Resolved): Primary interface address is not always used when VIPs are present: If you have IP Aliases on a WAN interface that a Site to Site IPSec tunnel is riding over and upgrade from 2.4.5p1 to... Kris Phillips
08:34 PM Regression #11524: Using SHA1 or SHA256 with AES-NI may fail if AES-NI attempts to accelerate hashing: To addto the above: looks like TAC had one that was Plus 21.02 on an XG-7100 on one side and Azure VPN on the other. ... Chris Linstruth
08:31 PM Regression #11524: Using SHA1 or SHA256 with AES-NI may fail if AES-NI attempts to accelerate hashing: Interesting point to mention related to IPSec: If you lower the subnet size to something like a /30 this issue takes ... Kris Phillips
08:26 PM Regression #11524: Using SHA1 or SHA256 with AES-NI may fail if AES-NI attempts to accelerate hashing: This also affects Site to Site VPN tunnels. Please reference internal ticket 76224 for another example of this bug c... Kris Phillips
07:43 PM Regression #11316: Unbound crashes with signal 11 when reloading: Having segfault crashes on 1.13.1:
https://forum.netgate.com/topic/161372/2-5-0-unbound-1-13-1-exited-on-signal-8-... Christian Borchert
07:04 PM Regression #11316: Unbound crashes with signal 11 when reloading: It is normal for Unbound to restart often when DHCP hostname registration is on. This bug is only for the actual cras... Jim Pingle
07:03 PM Regression #11316: Unbound crashes with signal 11 when reloading: Registered just to add to this as DNS is quite important part of the network and needs to be fixed.
I am too having ... Vaidotas Butkus
04:47 PM Regression #11316: Unbound crashes with signal 11 when reloading: I was seeing unbound simply die about once a day since upgrading to 2.5.0-RELEASE. No info as to why in the service's... Scott B
11:46 AM Regression #11316: Unbound crashes with signal 11 when reloading: No need for that now, it's live in the 21.02 repository now that 21.02-p1 has been released to address SG-3100 stabil... Jim Pingle
10:29 AM Regression #11316: Unbound crashes with signal 11 when reloading: On 21.02, in the meantime, the following will upgrade unbound:... Marcos M
06:50 PM Bug #11542 (Rejected): Openvpn does not work correctly after updating to version 2.5.0: There isn't enough information here to suggest it's a bug in pfSense. Please post on the forum to discuss and diagnos... Jim Pingle
04:37 PM Bug #11542: Openvpn does not work correctly after updating to version 2.5.0: openvpn log in atach itfabrica Tech
04:05 PM Bug #11542 (Rejected): Openvpn does not work correctly after updating to version 2.5.0: Good day!
After updating from version 2.4.5-RELEASE-p1 to version 2.5.0, openvpn does not work correctly.
The first... itfabrica Tech
06:49 PM Bug #11544 (Rejected): DHCP relay won't start after upgrade 21.02: There isn't enough information here to classify it as a bug. Post on the forum to diagnose the issue and ensure it is... Jim Pingle
05:49 PM Bug #11544 (Rejected): DHCP relay won't start after upgrade 21.02: I have a problem after an upgrade with our XG 7100 with 21.02-RELEASE-p1
The DHCP server is in another subnet and th... John Cinuy
06:47 PM Revision 2169112c: Basic fiurewall_NAT MVC conversion: Steve Beaver
06:36 PM Bug #11365: dhcpv6 cannot push ipv6 gateway address: pf2.4.5 setup /48 lan is work, and setup in linux is work too. pf2.5 seems is can't work /48.
bgp can only be bro... yon Liu
12:32 PM Bug #11365 (Not a Bug): dhcpv6 cannot push ipv6 gateway address: You would never use a /48 _on an interface_. You can advertise a /48 in BGP without putting a /48 directly on an inte... Jim Pingle
12:08 PM Bug #11365: dhcpv6 cannot push ipv6 gateway address: RDVD log show not allow use /48 ipv6 in LAN interface, but i running bgp must use /48 or above prefixes in LAN interf... yon Liu
11:57 AM Bug #11365: dhcpv6 cannot push ipv6 gateway address: Jim Pingle wrote:
> I can't reproduce this here. radvd is running, clients on LAN get an IPv6 gateway and full conne... yon Liu
11:46 AM Bug #11365: dhcpv6 cannot push ipv6 gateway address: sometime, my devices get ipv6 getways address, but ipv6 still can't normal go to internet, use traceroute show ipv6... yon Liu
05:45 PM Bug #11149: DHCP relay won't start with DHCP server behind gateway: I have the same problem after an upgrade with our XG 7100 with 21.02-RELEASE-p1
The DHCP server is in another subne... John Cinuy
05:12 PM pfSense Packages Bug #11543 (Duplicate): SquidGuard 1.16.18_15 - returning wrong page: I have configurate squid+ squidguard, with autentication ldap, after Renato fixed problem with ldap filter.
So anoth... Robson Ferreira
04:01 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: Another day of frustrating, but ultimately not too productive, testing leads me to conclude this is something with 32... Bill Meeks
08:40 AM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: Steve Yates wrote:
> Simply out of curiosity I did a quick search and found this "not a bug" from 2008: https://bugs... Bill Meeks
03:53 PM Bug #11541 (Feedback): OpenVPN status does not work properly when set to TCP and Concurrent Connections = 1: Last time something like this happened the status output changed formats slightly for one reason or another.
It's ... Jim Pingle
03:44 PM Bug #11541: OpenVPN status does not work properly when set to TCP and Concurrent Connections = 1: Sorry, mistyped the screenshots.
Screenshot 1: OpenVPN Peer to Peer config settings
Screenshot 2: List of openvpn... Ryan Fitton
03:42 PM Bug #11541 (New): OpenVPN status does not work properly when set to TCP and Concurrent Connections = 1: Since updating from 2.4.5 to 2.5 I am having an issue with OpenVPN when using "Peer to Peer (SSL/TLS)" mode.
Netwo... Ryan Fitton
03:42 PM pfSense Plus Bug #11540 (Not a Bug): Nat not working: There isn't nearly enough information there to classify it as a bug, and this site is not for support or diagnostic d... Jim Pingle
03:29 PM pfSense Plus Bug #11540 (Not a Bug): Nat not working: Hello,
After updating to version 21.02 on SG-4860 nat stopped working.
What can we do to make nat work again?
... Alex Adati
02:30 PM Bug #11539 (Rejected): Mobile IPsec ``split_include`` value of ``0.0.0.0/0`` causes some clients to fail: Currently for mobile IPsec the code sets up @subnet@ and @split_include@ entries for IPv4/IPv6 pools based on the GUI... Jim Pingle
02:07 PM Bug #11482 (Pull Request Review): WireGuard interfaces do not always have proper MTU applied: Jim Pingle
11:16 AM Bug #11482: WireGuard interfaces do not always have proper MTU applied: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/156 Viktor Gurov
01:44 PM Bug #11538 (Closed): WireGuard Panic: A "forum user is hitting a panic on several systems when using WireGuard":https://forum.netgate.com/topic/161378/pfse... Jim Pingle
01:31 PM Regression #11537 (Closed): IPsec VTI tunnel between IPv6 peers may not configure correctly: The error in https://forum.netgate.com/post/965928 implies that an IPsec tunnel using VTI between two IPv6 peers may ... Jim Pingle
12:29 PM pfSense Packages Bug #11501: Daily acme "expiring soon" warnings about a test Let's Encrypt certificate that expired > 300 days ago: You delete the entry from the certificate manager, which is where the warning was generated. Not ACME.
Any further... Jim Pingle
11:40 AM pfSense Packages Bug #11501: Daily acme "expiring soon" warnings about a test Let's Encrypt certificate that expired > 300 days ago: When you said, "Delete it" I thought deleting the acme config in the gui would fix it. But no, I did that and still g... Craig Leres
11:11 AM pfSense Plus Regression #11444 (Resolved): SG-3100 doesn't pass traffic after upgrade to 21.02: Jim Pingle
10:52 AM Feature #11439 (Pull Request Review): IPv6 support in ``easyrule`` CLI script: Viktor Gurov
09:26 AM Regression #11535 (Duplicate): Integer Overflow in Certificate Expiration Dates: Duplicate of #11504 which already has a fix checked in. Jim Pingle
09:17 AM Regression #11535 (Duplicate): Integer Overflow in Certificate Expiration Dates: Certificates with very long expiration times displayed correctly before I upgraded to 21.02. In this version, the da... Russell Selph
08:39 AM pfSense Packages Regression #11534 (New): FreeRADIUS EAP anonymous connection forbidden out-of-tunnel: With an LDAP backend but no SQL backend, the virtual server configuration ends up as follows:... Didier Raboud
07:43 AM Feature #11521 (Pull Request Review): Set Explicit Exit Notify to ``1`` by default for new OpenVPN client instances: Jim Pingle
07:40 AM Feature #2400 (Pull Request Review): GUI options for WPA Enterprise with identity/password: Jim Pingle
07:39 AM pfSense Packages Bug #11532 (Pull Request Review): LCDproc service is not disabled: Jim Pingle
03:04 AM pfSense Packages Bug #11532: LCDproc service is not disabled: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/60 Viktor Gurov
03:02 AM pfSense Packages Bug #11532 (Resolved): LCDproc service is not disabled: LCDproc service is not disabled if you uncheck "Enable LCDproc at startup" checkbox
/usr/local/etc/rc.d/lcdproc.sh i... Viktor Gurov
06:36 AM pfSense Packages Feature #11533: add ena(4) to the list of INLINE mode (netmap) supported cards: https://github.com/pfsense/FreeBSD-ports/pull/1046 Viktor Gurov
03:58 AM pfSense Packages Feature #11533 (Resolved): add ena(4) to the list of INLINE mode (netmap) supported cards: add ena(4) to the list of INLINE mode (netmap) supported cards (pfSense 2.5/21.02)
see https://github.com/pfsense/... Viktor Gurov
04:16 AM pfSense Packages Bug #11449: BIND fails during/after upgrade to 21.02/2.50: related to named ACL
see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980786 Viktor Gurov
04:00 AM pfSense Packages Feature #11531: Show netmap compatible cards in IPS Mode note: + add ena(4) to the list of netmap-compatible cards (#11533) Viktor Gurov
03:13 AM pfSense Packages Feature #11531: Show netmap compatible cards in IPS Mode note: see also #10950 Viktor Gurov
02:51 AM pfSense Packages Feature #11531 (Resolved): Show netmap compatible cards in IPS Mode note: https://www.freebsd.org/cgi/man.cgi?query=netmap&sektion=4 ... Danilo Zrenjanin
02:55 AM pfSense Packages Bug #11529 (Rejected): zeek leaves traces after uninstall: fixed in #11381
now it correctly removes `/usr/local/etc/rc.d/zeek.sh`
see https://github.com/pfsense/FreeBSD-por... Viktor Gurov

02/24/2021

11:46 PM Feature #2400: GUI options for WPA Enterprise with identity/password: Tim Cappalli wrote:
> The PAP inner method is missing from EAP-TTLS in the pull request. PAP and MSCHAPv2 are the tw... Viktor Gurov
08:33 PM Feature #2400: GUI options for WPA Enterprise with identity/password: The PAP inner method is missing from EAP-TTLS in the pull request. PAP and MSCHAPv2 are the two most common inner met... Tim Cappalli
10:35 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: Simply out of curiosity I did a quick search and found this "not a bug" from 2008: https://bugs.php.net/bug.php?id=45... Steve Y
09:57 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: *Update on this issue*
The problem is somewhere within the PHP base function _preg_match()_.
Here is a PHP code... Bill Meeks
10:17 PM pfSense Packages Bug #11530 (Closed): ntopng 4.2 needs to be updated to 4.3, Bug when accessing a host for details: On pfsense 2.5, installing ntopng from package manager ntop 0.8.13_9 which is 4.2 version of ntopng, after logging in... Max D
10:11 PM pfSense Packages Bug #11529 (Rejected): zeek leaves traces after uninstall: Running latest 2.5 release of pfsense, I installed zeek to test out, but after removing the package, services still s... Max D
07:23 PM Revision f731957f: Correct location and config for Strict CRLs in IPsec. Fixes #11526: (cherry picked from commit 9a5bde87ce9fd0fad3a7f41750782b2dccce38d8) Jim Pingle
07:23 PM Revision 9a5bde87: Correct location and config for Strict CRLs in IPsec. Fixes #11526: Jim Pingle
06:04 PM Bug #11528 (Duplicate): IPsec tunnel status shows wrong status or hangs or doesn't bring up tunnels: Duplicate of #11435 and/or other existing issues that have already been solved for IPsec. Check the forum, there are ... Jim Pingle
06:01 PM Bug #11528 (Duplicate): IPsec tunnel status shows wrong status or hangs or doesn't bring up tunnels: Hi,
I've updated two pfSense instances so far from 2.4.5 to 2.5.0 and both have exhibited the same issues. The fi... Michael Knowles
05:47 PM Bug #11527 (Rejected): Bugs on pfsense 2.5.0: This site is not for support or diagnostic discussion, please post on the "Netgate Forum":https://forum.netgate.com t... Jim Pingle
05:37 PM Bug #11527 (Rejected): Bugs on pfsense 2.5.0: Good day everyone, so I currently have my pfsense running as an appliance in an old ASUS Laptop I have. It was runnin... Julius Caesar Dumaguing
01:30 PM Regression #11526 (Feedback): Mobile IPsec broken when using strict certificate revocation list checking: Applied in changeset commit:9a5bde87ce9fd0fad3a7f41750782b2dccce38d8. Jim Pingle
01:03 PM Regression #11526: Mobile IPsec broken when using strict certificate revocation list checking: This isn't specific to plus, and is a regression from 2.4.5.
Looks like the "parameter format changed":https://wik... Jim Pingle
12:39 PM Regression #11526 (Closed): Mobile IPsec broken when using strict certificate revocation list checking: Enabling Strict CRL Checking under Advanced Settings in IPSec produces the following error:
"loading connection 'c... Kris Phillips
10:53 AM pfSense Packages Bug #11525 (Closed): pfsense 2.5.0 release version for vlan issue to suricata: I have found that pfsense vlans have issues on suricata after updated to 2.5.0 release in esxi 7.0.1 virtual machine.... Ahmed Mohamed
10:49 AM Bug #4521 (Pull Request Review): OpenVPN authentication and certificate validation fail due to size of data passed through ``fcgicli``: Jim Pingle
10:05 AM Bug #4521: OpenVPN authentication and certificate validation fail due to size of data passed through ``fcgicli``: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/154 Viktor Gurov
10:37 AM Todo #11518 (Pull Request Review): Move custom IPsec NAT-T port settings to Advanced Options: Jim Pingle
04:16 AM Todo #11518: Move custom IPsec NAT-T port settings to Advanced Options: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/152 Viktor Gurov
03:20 AM Todo #11518 (Closed): Move custom IPsec NAT-T port settings to Advanced Options: custom IPsec NAT-T port settings (#10870) are very rarely used and in most cases can only confuse users
better to mo... Viktor Gurov
10:32 AM Regression #11523: Incorrect upstream interface: Feels to me like @guess_interface_from_ip()@ if it keeps using the full routing table would need to be changed so it ... Jim Pingle
09:48 AM Regression #11523: Incorrect upstream interface: Jim Pingle wrote:
> Does the patch from #11519 also solve this? If so, this can be closed and combined with it. Seem... Viktor Gurov
09:40 AM Regression #11523: Incorrect upstream interface: Does the patch from #11519 also solve this? If so, this can be closed and combined with it. Seems like the same root ... Jim Pingle
08:09 AM Regression #11523: Incorrect upstream interface: https://forum.netgate.com/topic/161063/update-to-2-5-0-broke-dhcp-relay Viktor Gurov
08:09 AM Regression #11523 (Duplicate): Incorrect upstream interface: another issue with `guess_interface_from_ip()` (see also #11519):
`services_dhcrelay_configure()` uses `guess_inte... Viktor Gurov
10:29 AM Regression #11519 (Pull Request Review): Incorrect DHCP failover IP address configured on peer after XMLRPC sync: Jim Pingle
04:06 AM Regression #11519: Incorrect DHCP failover IP address configured on peer after XMLRPC sync: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/151 Viktor Gurov
03:44 AM Regression #11519 (Closed): Incorrect DHCP failover IP address configured on peer after XMLRPC sync: `/etc/rc.filter_synchronize` uses `guess_interface_from_ip()` which returns only first (top-down) interface from the ... Viktor Gurov
10:20 AM pfSense Packages Bug #11515 (Pull Request Review): node_exporter 0.18.1_1 - Unable to interact or start the service from web ui: Jim Pingle
12:25 AM pfSense Packages Bug #11515: node_exporter 0.18.1_1 - Unable to interact or start the service from web ui: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/58 Viktor Gurov
10:19 AM pfSense Packages Bug #11517 (Pull Request Review): Zebra Access List Names don't prevent spaces, but a whitespace in the name will stop FRR from starting: Jim Pingle
09:56 AM pfSense Packages Bug #11511 (Pull Request Review): OSPF distribute List always empty: Jim Pingle
09:48 AM pfSense Packages Feature #11520 (Pull Request Review): Add 'explicit-exit-notify' option by default: Jim Pingle
06:50 AM pfSense Packages Feature #11520: Add 'explicit-exit-notify' option by default: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/59 Viktor Gurov
06:04 AM pfSense Packages Feature #11520: Add 'explicit-exit-notify' option by default: Also see:
https://redmine.pfsense.org/issues/9085
Pippin MMD
04:36 AM pfSense Packages Feature #11520 (Resolved): Add 'explicit-exit-notify' option by default: https://build.openvpn.net/man/openvpn-2.5/openvpn.8.html:... Viktor Gurov
09:46 AM Feature #11521: Set Explicit Exit Notify to ``1`` by default for new OpenVPN client instances: We already have a GUI option for this. It only works with UDP, so enabling it unilaterally is not viable. At most we ... Jim Pingle
07:06 AM Feature #11521: Set Explicit Exit Notify to ``1`` by default for new OpenVPN client instances: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/153 Viktor Gurov
07:00 AM Feature #11521 (Resolved): Set Explicit Exit Notify to ``1`` by default for new OpenVPN client instances: https://build.openvpn.net/man/openvpn-2.5/openvpn.8.html:... Viktor Gurov
09:42 AM Regression #11524: Using SHA1 or SHA256 with AES-NI may fail if AES-NI attempts to accelerate hashing: Another potential report at https://forum.netgate.com/topic/161354/ipsec-packet-loss-routing-issue-with-21-02-release... Jim Pingle
08:11 AM Regression #11524: Using SHA1 or SHA256 with AES-NI may fail if AES-NI attempts to accelerate hashing: Specifically, the hardware from the thread above is a Netgate 5100 running pfSense Plus, but this likely affects both... Jim Pingle
08:09 AM Regression #11524 (Closed): Using SHA1 or SHA256 with AES-NI may fail if AES-NI attempts to accelerate hashing: Based on at least one report, it appears AES-NI on Plus 21.02/2.5.0 has an issue with SHA-256 and some clients, notab... Jim Pingle
07:13 AM pfSense Packages Bug #11522 (New): fping6 error: we have a XG7100 (not updated to 2.5) with a running zabbix proxy. Now we discovered many entrys in the logfile with:... Viktor Gurov
02:43 AM Revision a33e8b1c: CaptivePortal: Redirect back to Login Page on Logout: Currently (i.e when a custom logout page is present) when a user clicks on logout , a window with the logout message ... nraven777 consec

02/23/2021

11:50 PM pfSense Plus Regression #11444: SG-3100 doesn't pass traffic after upgrade to 21.02: Scott Lang, that tracks along the same lines with the issues I was having back in Sep 2020: https://forum.netgate.com... Daniel Gordon
11:37 PM pfSense Packages Bug #11517: Zebra Access List Names don't prevent spaces, but a whitespace in the name will stop FRR from starting: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/57 Viktor Gurov
02:32 PM pfSense Packages Bug #11517 (Resolved): Zebra Access List Names don't prevent spaces, but a whitespace in the name will stop FRR from starting: Services/FRR/Global Settings/Edit/Access Lists allows saving the settings with a whitespace in the name, but this cau... Lennart dV
10:04 PM Revision 3987c45b: Improve CA/Self-Signed serial handling. Fixes #11514: (cherry picked from commit 4aa7c7aefc273464b8e66e6176a860b0246f8ee9) Jim Pingle
10:04 PM Revision 4aa7c7ae: Improve CA/Self-Signed serial handling. Fixes #11514: Jim Pingle
09:25 PM Revision 16c1d390: Try parsing four digit years in cert timestamps. Fixes #11504: (cherry picked from commit bdaa35dcf31def521ba8c60c0aa9c41bf5005311) Jim Pingle
09:24 PM Revision bdaa35dc: Try parsing four digit years in cert timestamps. Fixes #11504: Jim Pingle
09:12 PM Revision ad27159f: Do not deprecate prefix if AdvRASrcAddress is specified, refs: #11103: znerol
08:07 PM pfSense Packages Bug #11449: BIND fails during/after upgrade to 21.02/2.50: I also have this issue after upgrading to pfsense 2.5. I've noticed that if you reboot the named process doesn't seem... Stefan Andersson
07:22 PM Revision cb17faca: Improve handling of broken/invalid certs. Fixes #11489: (cherry picked from commit 29804b9e6ff07d0224d9396b063f88f486f0d231) Jim Pingle
07:21 PM Revision 29804b9e: Improve handling of broken/invalid certs. Fixes #11489: Jim Pingle
06:22 PM pfSense Packages Bug #11501: Daily acme "expiring soon" warnings about a test Let's Encrypt certificate that expired > 300 days ago: Jim Pingle wrote:
> Craig Leres wrote:
> > How was I able to go 390+ days before upgrading to 21.02 without getting... Craig Leres
04:10 PM Bug #11514 (Feedback): Renewing a self-signed CA or certificate does not update the serial number: Applied in changeset commit:4aa7c7aefc273464b8e66e6176a860b0246f8ee9. Jim Pingle
12:23 PM Bug #11514 (Closed): Renewing a self-signed CA or certificate does not update the serial number: When renewing a self-signed CA entry or self-signed certificate in the GUI the serial number is not replaced with a n... Jim Pingle
03:35 PM pfSense Plus Regression #11504 (Feedback): CA and certificate validity end dates after 2038 are not handled properly on 32-bit ARM: Applied in changeset pfsense:commit:bdaa35dcf31def521ba8c60c0aa9c41bf5005311. Jim Pingle
03:26 PM pfSense Plus Regression #11504: CA and certificate validity end dates after 2038 are not handled properly on 32-bit ARM: When applying the patch for this, you will probably need to apply @cb17faca3b07197db4b1eb1502a876873ddc222c@ first an... Jim Pingle
03:25 PM pfSense Plus Regression #11504: CA and certificate validity end dates after 2038 are not handled properly on 32-bit ARM: Looks like this is from the @validTo@ date in the parsed details using a four digit date and the code assumed a two d... Jim Pingle
03:25 PM Bug #11489: Invalid certificate data can cause a PHP error: I have applied the patch and the problem is fixed. I have deleted the offending cert. Thanks. Simon Brezovnik
01:30 PM Bug #11489: Invalid certificate data can cause a PHP error: Applied in changeset commit:29804b9e6ff07d0224d9396b063f88f486f0d231. Jim Pingle
01:29 PM Bug #11489: Invalid certificate data can cause a PHP error: You can use the "system patches package":https://docs.netgate.com/pfsense/en/latest/development/system-patches.html t... Jim Pingle
01:25 PM Bug #11489: Invalid certificate data can cause a PHP error: OK, with the cert you sent I can reproduce the error. The problem is that the certificate data in that snippet is cor... Jim Pingle
07:22 AM Bug #11489: Invalid certificate data can cause a PHP error: You can send the certificate to @jimp@ (a.t.) @netgate@ (d|o|t) @com@
Once I can reproduce the problem and work up... Jim Pingle
06:14 AM Bug #11489: Invalid certificate data can cause a PHP error: I get the following error in the GUI with know way to delete the offending cert, screen shot attached. Is reloading t... Simon Brezovnik
06:08 AM Bug #11489: Invalid certificate data can cause a PHP error: I have identified the certificate causing the problem. How would you like me to send it to you? The crt was created i... Simon Brezovnik
03:16 PM Feature #11103: Use virtual link local IP address as RA source address for HA environments: Thanks for merging. I just opened a PR for a small followup:
https://github.com/pfsense/pfsense/pull/4502
Sorry... znerol znerol
03:10 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: *Another Update*
None of the conditions described in this bug report occur on an SG-1100 (64-bit ARM CPU), and nei... Bill Meeks
11:40 AM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: Marcos:
-I'm running into difficulty updating my SG-1100 to the latest version. It is still on the 2.4.4 factory i... Bill Meeks
08:07 AM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: Thanks for the additional info. I will investigate further. The Signal 10 from the Snort binary I am not really surpr... Bill Meeks
01:21 AM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: The behavior with both Snort and Suricata installed was definitely strange and didn't make sense to me. I did a fresh... Marcos M
02:56 PM Revision 6f84dd13: On save return virtual IP id: Steve Beaver
01:44 PM Revision a397f9a8: Merge pull request #4501 from mschiegl/patch-1: Renato Botelho
01:43 PM Regression #11316: Unbound crashes with signal 11 when reloading: Will the update be made available to 21.02 soon? My 2.5.0 box finds it, but my 21.02 box does not.
Thanks! Tim Gagnon
01:05 PM Bug #11516 (Rejected): pfsync Synchronize Peer IP lost when upgrading from 2.4.5 to 2.5.0: There is not enough information to classify this as a bug. It sounds more like a configuration issue led to that, not... Jim Pingle
01:01 PM Bug #11516 (Rejected): pfsync Synchronize Peer IP lost when upgrading from 2.4.5 to 2.5.0: Having a an HA installation, upgrade the backup node from 2.4.5 to 2.5.0 with no problems, then upgraded the master n... Pablo Trincavelli
12:46 PM Revision 8b424bca: Use set_curlproxy() function for cURL proxy configuration. Issue #11476: Viktor Gurov
12:44 PM Revision c03a2049: IPsec Mobile EAP-RADIUS additional configuration fix. Issue #11447: Viktor Gurov
12:41 PM Revision 969574b6: Put OpenVPN route-nopull option after custom options. Fixes #11448: Viktor Gurov
12:36 PM pfSense Packages Bug #11515 (Feedback): node_exporter 0.18.1_1 - Unable to interact or start the service from web ui: This bug can be reproduced on my Netgate XG-7100 running 21.02-RELEASE
After installing the package for the first... dff dff
12:34 PM pfSense Packages Bug #11513: FFR won't show Access-List on Distribute List (OSPF): Can't access gitlab.netgate.com :/ F. M.
12:21 PM pfSense Packages Bug #11513 (Duplicate): FFR won't show Access-List on Distribute List (OSPF): Duplicate of #11511 Viktor Gurov
12:20 PM pfSense Packages Bug #11513 (Duplicate): FFR won't show Access-List on Distribute List (OSPF): Pfsense 2.5 and FRR 1.1.0_5.
You create an access list and expect to set it on OSPF "Distribute List".
However ... F. M.
12:30 PM Revision 19866d78: System Information widget fix. Issue #11443: Viktor Gurov
12:29 PM Revision 4fef1c10: WireGuard interface friendly description. Fixes #11437: Viktor Gurov
12:29 PM Revision ee712bbb: Allow to use OpenVPN provided DNS servers. Implements #11140: Viktor Gurov
12:27 PM Revision 5f120301: WPA Enterprise (PEAP/TLS/TTLS) client mode. Feature #2400: Viktor Gurov
12:23 PM Bug #11503: Using multiple authentication backends on an OpenVPN server fails: seems related to #9460 Viktor Gurov
12:18 PM pfSense Packages Bug #11511: OSPF distribute List always empty: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/56 Viktor Gurov
12:05 PM pfSense Packages Bug #11511 (Resolved): OSPF distribute List always empty: from https://forum.netgate.com/topic/161176/filter-some-routes:
The GUI does not find the configured ACL Lists any m... Viktor Gurov
12:12 PM Bug #11437 (Waiting on Merge): WireGuard group is not printed in the interface column of the NAT rule list: Jim Pingle
10:20 AM Bug #11437: WireGuard group is not printed in the interface column of the NAT rule list: Hi all,
Patch applied and bug fixed. Marcelo Gondim
06:35 AM Bug #11437: WireGuard group is not printed in the interface column of the NAT rule list: Applied in changeset commit:4fef1c109de562f9f97d7c04d4cf8f0f041811e0. Viktor Gurov
06:30 AM Bug #11437 (Feedback): WireGuard group is not printed in the interface column of the NAT rule list: PR has been merged. Thanks! Renato Botelho
12:08 PM Regression #11512 (Closed): DHCP Leases page and ARP table page fail to load if DNS is not available: From jimp: "Once upon a time it used to test for DNS on those pages and skip it if DNS didn't respond. Maybe that got... Brad Lavis
11:50 AM Regression #11510 (Closed): ARP Table populates hostname values using expired DHCP lease data: Description based on discussion from https://forum.netgate.com/topic/161139/arp-bug-pfsense-2-5-0
In *Diagnostic -... Tomasz K.
10:47 AM pfSense Packages Bug #11509 (Closed): LCD package - not starting at boot - stop and start in Status Window not possible: Hi all,
I'm using pfSense 2.5 on a WatchGuard XTM 510 on which I started using the built in LCD display. Got it work... The Cycler63
08:01 AM Regression #11443: Disabling 'State Table Size' in the System Information widget prevents other data from being displayed: Jim Pingle wrote:
> https://docs.netgate.com/pfsense/en/latest/development/system-patches.html
>
> Create an entr... Jason Hodgdon
07:44 AM Regression #11443: Disabling 'State Table Size' in the System Information widget prevents other data from being displayed: never mind I figured it out! thx :) Jason Hodgdon
07:40 AM Regression #11443: Disabling 'State Table Size' in the System Information widget prevents other data from being displayed: https://docs.netgate.com/pfsense/en/latest/development/system-patches.html
Create an entry for @19866d78540d498f23... Jim Pingle
07:33 AM Regression #11443: Disabling 'State Table Size' in the System Information widget prevents other data from being displayed: Renato Botelho wrote:
> Jason Hodgdon wrote:
> > Viktor Gurov wrote:
> > > fix:
> > > https://gitlab.netgate.com/... Jason Hodgdon
07:18 AM Regression #11443: Disabling 'State Table Size' in the System Information widget prevents other data from being displayed: Jason Hodgdon wrote:
> Viktor Gurov wrote:
> > fix:
> > https://gitlab.netgate.com/pfSense/pfSense/-/merge_request... Renato Botelho
07:08 AM Regression #11443: Disabling 'State Table Size' in the System Information widget prevents other data from being displayed: It's not down, that's our internal development git, not the public one which is on github. Jim Pingle
06:36 AM Regression #11443: Disabling 'State Table Size' in the System Information widget prevents other data from being displayed: Viktor Gurov wrote:
> fix:
> https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/141
anyone know why git... Jason Hodgdon
06:30 AM Regression #11443 (Feedback): Disabling 'State Table Size' in the System Information widget prevents other data from being displayed: PR has been merged. Thanks! Renato Botelho
07:45 AM Regression #11500 (Feedback): OpenVPN using the wrong OpenSSL command to list digest algorithms: PR has been merged. Thanks! Renato Botelho
07:42 AM Bug #11505 (Duplicate): PPPoE daemon selects wrong interface: The bug you reference is not fixed -- it's still open in a "New" state and nothing was done yet to correct it.
No ... Jim Pingle
07:26 AM Bug #10465 (Resolved): possible routing performance regression due to non use of ip_tryforward: Yes, this is fixed in 21.02/2.5.0 Jim Pingle
07:25 AM Bug #11506 (Duplicate): traffic graph dont show traffic for Wireguard interface: We're already tracking this internally (NG 5522). See also #11315 Jim Pingle
12:41 AM Bug #11506 (Duplicate): traffic graph dont show traffic for Wireguard interface: The traffic graph don´t register any traffic. The table show traffic correct but nothing in the graph. johan carlsson
06:52 AM pfSense Packages Bug #11477 (Feedback): FRR does not recognize some BFD options: PR has been merged. Thanks! Renato Botelho
06:52 AM pfSense Packages Bug #11392 (Feedback): FRR - Advanced Routing Behavior - Network Import Check: Flag should be reversed: PR has been merged. Thanks! Renato Botelho
06:52 AM pfSense Packages Bug #11445 (Feedback): bgp as-path in wrong position: PR has been merged. Thanks! Renato Botelho
06:50 AM Bug #11448: Incorrect order of ``route-nopull`` option in OpenVPN client-specific override configuration: Applied in changeset commit:969574b6dbb124e98595ca537c0d176d908707d0. Viktor Gurov
06:41 AM Bug #11448 (Feedback): Incorrect order of ``route-nopull`` option in OpenVPN client-specific override configuration: PR has been merged. Thanks! Renato Botelho
06:46 AM Bug #11476 (Feedback): Telegram and Pushover notification API calls do not respect proxy configuration: PR has been merged. Thanks! Renato Botelho
06:44 AM Regression #11447 (Feedback): EAP-RADIUS Mobile IPsec clients with RADIUS-assigned addresses do not get additional configuration attributes: PR has been merged. Thanks! Renato Botelho
06:35 AM Feature #11140: Allow the firewall to use DNS servers provided to an OpenVPN client instance: Applied in changeset commit:ee712bbb11bd04d442c545ab151a4df9e083edb6. Viktor Gurov
06:28 AM Feature #11140 (Feedback): Allow the firewall to use DNS servers provided to an OpenVPN client instance: PR has been merged. Thanks! Renato Botelho
06:27 AM Feature #2400 (Feedback): GUI options for WPA Enterprise with identity/password: PR has been merged. Thanks! Renato Botelho
02:58 AM Todo #11508 (Pull Request Review): Update SimplePie to to v1.5.6: Mostly bug and issue fixes, some new features. One micro-performance optimisation.
PR: https://github.com/pfsense/... GChuf 6
02:27 AM Todo #11507 (Resolved): Update font formats to WOFF2: Currently, the web fonts are stored in .ttf format. Since then, woff and woff2 formats have been invented, which don'... GChuf 6

02/22/2021

11:06 PM Bug #10465: possible routing performance regression due to non use of ip_tryforward: The 21.02 / 2.5 Release Notes lists this fix (in the Operating System section):
* Fixed a network performance regres... David Burns
09:49 PM Bug #10465: possible routing performance regression due to non use of ip_tryforward: Is this issue still applicable with 2.5 or should I re-enable ICMP redirect? Kevin Mychal Ong
10:20 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: So to make sure I understand, this only happens on an SG-3100 and you can't reproduce on x86 hardware.
The first t... Bill Meeks
07:04 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: They were not scrubbed. Here are the steps to reproduce it (was not able to reproduce on a x86 system).
Only Snort... Marcos M
06:43 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: Marcos Mendoza wrote:
> The ARM patch for snort is still there:
> https://github.com/pfsense/FreeBSD-ports/blob/dev... Bill Meeks
02:08 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: The ARM patch for snort is still there:
https://github.com/pfsense/FreeBSD-ports/blob/devel/security/snort/files/pat... Marcos M
06:56 PM pfSense Packages Bug #9204: ospfd: GRE tunnels became unnumbered since 2.4.4: ...I mean, this is not a proper test, I need to bring up a live tunnel and get some LSAs going first.
But when thi... Firstname Surname
03:56 PM pfSense Packages Bug #9204: ospfd: GRE tunnels became unnumbered since 2.4.4: OK - I just tested that fix.... Firstname Surname
03:37 PM pfSense Packages Bug #9204: ospfd: GRE tunnels became unnumbered since 2.4.4: Typically we would wait until it's in an official release. Jim Pingle
02:37 PM pfSense Packages Bug #9204: ospfd: GRE tunnels became unnumbered since 2.4.4: FRR have been silent, but it looks like the person who raised this has a patch. What's your policy here, do you apply... Firstname Surname
06:50 PM Bug #11505 (Duplicate): PPPoE daemon selects wrong interface: The defect was not properly addressed and assigned leading up to the 2.5.0 release.
The functionality is still bro... Kristopher Kolpin
06:38 PM Bug #9270: "Remove all states to and from the filtered address" does not remove all states: looks great in 2.5.0 thanks a million ! Yuri Weinstein
05:33 PM Revision 00995e1e: Fix a typo.: No functional changes. Luiz Souza
04:52 PM pfSense Plus Regression #11504 (Resolved): CA and certificate validity end dates after 2038 are not handled properly on 32-bit ARM: The expiry date rolls over and is shown as some time in that past. pfSense see it as expired/invalid. See attachment.... Steve Wheeler
04:01 PM Regression #11316: Unbound crashes with signal 11 when reloading: This is now in the 2.5.0 repository. To upgrade manually, run the following from an ssh or console shell prompt (not ... Jim Pingle
10:18 AM Regression #11316: Unbound crashes with signal 11 when reloading: The forum thread linked above has instructions for installing the updated version manually from the snapshot reposito... Jim Pingle
03:51 PM Bug #11503 (New): Using multiple authentication backends on an OpenVPN server fails: We did update our pfSense Cluster to 2.5.0. On our OpenVPN connection we do have multiple backends. Our main one (RAD... Silvano Giacomello
03:45 PM Revision dc572d38: Merge pull request #4491 from dsmackie/issue-9887: Renato Botelho
03:17 PM Bug #11502: WireGuard ``matchaddr failed`` kernel messages in system log: Peter fixed a similar error before the release, this may be similar. Jim Pingle
02:35 PM Bug #11502 (Not a Bug): WireGuard ``matchaddr failed`` kernel messages in system log: When I setup 1 wireguard interface things work normally with 1 peer. Once I add a second peer to the same interface I... Adam Esslinger
02:21 PM Bug #9541: Non-admin user with admin rights is given the wrong URL for the user manager: The code in 2.5.0 is the same as the post-patch code there. Perhaps you accidentally reverted that patch after being ... Jim Pingle
02:13 PM Bug #9541: Non-admin user with admin rights is given the wrong URL for the user manager: Testing this on 2.5.0-RELEASE, it looks like the bug is either still present or there's been a regression—screen capt... Michael Alden
02:16 PM Regression #11442: Distinguished Name (FQDN) IPsec peer identifier type is not formatted properly in ``swanctl.conf`` secrets: Patch 10eb04259fd139c62e08df8de877b71fdd0eedc8 is much appreciated, looking forward to P1 release in order to be able... e 1/1
02:15 PM Bug #9887: Rule separator positions change when deleting multiple rules: Applied in changeset commit:3e7a04be6ce4530bbb37b3c312fd2239a61967db. Dan Mackie
09:45 AM Bug #9887 (Feedback): Rule separator positions change when deleting multiple rules: PR has been merged. Thanks! Renato Botelho
01:32 PM Revision e81512fa: Revert "Welcome pfSense CE 2.5.0-RELEASE-p1": This reverts commit 57296da03385ccdc0d07ac8b6bd8f110f8d0314f. Renato Botelho
01:20 PM Bug #11494: Wireguard interface sends ICMP Redirect when routing between two peers: I was able to confirm that there does not appear to be any rate limiting, the overhead isn't terrible though as the I... Blaine Palmer
11:37 AM Bug #11494: Wireguard interface sends ICMP Redirect when routing between two peers: Another workaround is to do one peer per tunnel and a dynamic routing protocol like BGP, or routes using the remote p... Jim Pingle
11:28 AM Bug #11494: Wireguard interface sends ICMP Redirect when routing between two peers: I've disabled redirect via the sysctl/tunable as suggested already.
Just to clarify this is for every incoming pac... Blaine Palmer
10:21 AM Bug #11494: Wireguard interface sends ICMP Redirect when routing between two peers: This is likely a (mostly?) harmless side effect of how the routes in the routing table are added for WireGuard. Becau... Jim Pingle
01:00 PM pfSense Packages Bug #11501: Daily acme "expiring soon" warnings about a test Let's Encrypt certificate that expired > 300 days ago: Craig Leres wrote:
> How was I able to go 390+ days before upgrading to 21.02 without getting daily expiring message... Jim Pingle
12:40 PM pfSense Packages Bug #11501: Daily acme "expiring soon" warnings about a test Let's Encrypt certificate that expired > 300 days ago: And I should ask is there a way to delete the certificate but keep the test config in case I need to test in the futu... Craig Leres
12:38 PM pfSense Packages Bug #11501: Daily acme "expiring soon" warnings about a test Let's Encrypt certificate that expired > 300 days ago: Jim Pingle wrote:
> Delete it, it's not needed. It's a leftover from previous ACME certificates.
>
> Entries are ... Craig Leres
12:35 PM pfSense Packages Bug #11501 (Not a Bug): Daily acme "expiring soon" warnings about a test Let's Encrypt certificate that expired > 300 days ago: Delete it, it's not needed. It's a leftover from previous ACME certificates.
Entries are never removed automatical... Jim Pingle
12:25 PM pfSense Packages Bug #11501 (Not a Bug): Daily acme "expiring soon" warnings about a test Let's Encrypt certificate that expired > 300 days ago: When I setup acme on my pfsense box I used the same procedure as I would with a FreeBSD host; I created a test cert w... Craig Leres
12:35 PM Regression #11475: Route tables with many entries can lead to PHP errors and timeouts when looking up routes: Dirk Meyer wrote:
> Renato Botelho wrote:
> > Dirk,
> >
> > Can you try attached patch and let me know if it hel... Renato Botelho
12:26 PM Regression #11475: Route tables with many entries can lead to PHP errors and timeouts when looking up routes: Renato Botelho wrote:
> Dirk,
>
> Can you try attached patch and let me know if it helps?
The patch looks like... Dirk Meyer
09:36 AM Regression #11475 (In Progress): Route tables with many entries can lead to PHP errors and timeouts when looking up routes: Renato Botelho
09:36 AM Regression #11475: Route tables with many entries can lead to PHP errors and timeouts when looking up routes: Dirk,
Can you try attached patch and let me know if it helps? Renato Botelho
08:58 AM Regression #11475 (Pull Request Review): Route tables with many entries can lead to PHP errors and timeouts when looking up routes: Jim Pingle
12:33 PM Bug #4521: OpenVPN authentication and certificate validation fail due to size of data passed through ``fcgicli``: Ran into this issue after updating pfsense (+) to 21.02 so appears problem still exists in latest version. Have a se... Rick Frey
10:08 AM Bug #4521: OpenVPN authentication and certificate validation fail due to size of data passed through ``fcgicli``: That other issue is old/closed, not likely to be the same. Even so, if it came up again, it needs a fresh issue with ... Jim Pingle
12:07 PM pfSense Packages Bug #11490: Service Watchdog - Impacts Reboots and Package Updates: All fair points.
Have run into a couple occasions where something 'died' (such as Snort, Suricata, lldpd, haproxy)... A S
10:11 AM pfSense Packages Bug #11490: Service Watchdog - Impacts Reboots and Package Updates: This is a problem only with the package and also not likely one that will be solvable in an easy way.
The package ... Jim Pingle
11:25 AM Regression #11500 (Pull Request Review): OpenVPN using the wrong OpenSSL command to list digest algorithms: Jim Pingle
11:15 AM Regression #11500 (Closed): OpenVPN using the wrong OpenSSL command to list digest algorithms: At least in OpenSSL version 1.1.1i-freebsd, used by pfsense 2.5, there is no longer a "list-message-digest-algorithms... Markus Schiegl
11:14 AM Revision f37660de: Merge pull request #4500 from bitscher/master: Renato Botelho
11:06 AM Revision 50ae67cd: Merge pull request #4487 from znerol-forks/feature/master/radvd-linklocal-vip: Renato Botelho
10:46 AM Bug #11427 (Duplicate): IPSEC Status page shows Connections twice (connected and disconnected): This has been fixed already, see #11435 Jim Pingle
10:22 AM Bug #11427: IPSEC Status page shows Connections twice (connected and disconnected): We are having the same exact issue and despite I cannot provide any configuration at the moment I can provide some in... Denis Grilli
10:24 AM Regression #11495 (Pull Request Review): NTP widget displays incorrect status: Jim Pingle
10:19 AM pfSense Docs Todo #11499 (Closed): Feedback on Services — DHCPv4 Server: *Page:* https://docs.netgate.com/pfsense/en/latest/services/dhcp/ipv4.html
*Feedback:*
For "Failover Peer IP", ... Marcos M
10:12 AM pfSense Packages Feature #11492 (Duplicate): there is an Freebsd version available for a splunk universal forwarder: Duplicate of #7683 Jim Pingle
10:07 AM Bug #11482: WireGuard interfaces do not always have proper MTU applied: If you edit the assigned interface and save/apply, it does get the correct MTU applied. However, if you edit/save the... Jim Pingle
10:07 AM Bug #11484: Adding static routed subnets destroys the route at routing table: Sorry, yes you gave me the missing hint. To reach a static routed subnet via wireguard you just need to add the gatew... Dirk Steingäßer
09:56 AM Bug #11484 (Not a Bug): Adding static routed subnets destroys the route at routing table: By doing that you have added two static routes (since Allowed IPs entries get route table entries), so naturally one ... Jim Pingle
10:00 AM Bug #11489 (Feedback): Invalid certificate data can cause a PHP error: One or more of your certificate entries has an invalid or a date field that cannot be read. The code could handle thi... Jim Pingle
09:53 AM Bug #11481 (Rejected): NAT Reflection does not work when "NAT Reflection mode for port forwards" is set to "pure nat": There isn't nearly enough information here and this site is not for support or diagnostic discussion.
For assistan... Jim Pingle
09:51 AM pfSense Packages Bug #11465 (Pull Request Review): Input validation does not prevent multiple conflicting WireGuard peers on a single tunnel from attempting to act as default route: Jim Pingle
09:47 AM Bug #11480 (Duplicate): mDNS repeater (Avahi) over WireGuard not working at all: This is due to WireGuard on FreeBSD not passing multicast or broadcast traffic. We had an issue open on our internal ... Jim Pingle
09:46 AM Feature #11498 (New): WireGuard does not pass multicast traffic to peer: Moving this over from the internal Redmine (NG 5521)
From reports I've seen on other platforms, WireGuard should b... Jim Pingle
09:42 AM pfSense Packages Bug #11477 (Pull Request Review): FRR does not recognize some BFD options: Jim Pingle
09:40 AM Todo #10464: Don't change the current update repo when new releases are available: > What's keeping the dashboard from discovering new update branches on its own?
There is no mechanism to check it ... Jim Pingle
09:39 AM Bug #11478 (Duplicate): Restoring a backup on 2.4.5-p1 triggers an incomplete upgrade to 2.5.0: At it's core, it's a duplicate of #10464 -- solving that will also solve this. Jim Pingle
09:38 AM pfSense Packages Bug #11392 (Pull Request Review): FRR - Advanced Routing Behavior - Network Import Check: Flag should be reversed: Jim Pingle
09:38 AM pfSense Packages Bug #11445 (Pull Request Review): bgp as-path in wrong position: Jim Pingle
09:36 AM Bug #11476 (Pull Request Review): Telegram and Pushover notification API calls do not respect proxy configuration: Jim Pingle
09:33 AM Regression #11447 (Pull Request Review): EAP-RADIUS Mobile IPsec clients with RADIUS-assigned addresses do not get additional configuration attributes: Jim Pingle
08:51 AM Bug #11285: Kernel crash on ALTQ-enabled wg interfaces: That doesn't look like the same issue, the backtrace is a quite a bit different despite both mentioning CBQ. They cou... Jim Pingle
08:50 AM Regression #11470: Panic when using CBQ traffic shaping: That doesn't look like the same issue, the backtrace is a quite a bit different despite both mentioning CBQ. They cou... Jim Pingle
08:45 AM pfSense Docs Correction #11472 (Closed): Typo in https://docs.netgate.com/pfsense/en/latest/vpn/selection.html: Fixed. Just one missing word: "choices" Jim Pingle
08:05 AM Bug #11432: status_dhcp_leases.php doesn't load: We have the same problem after Upgrade to 21.02. A restart of the dhcpd helps for a short while but the problem comes... Christian Naumer
07:55 AM Bug #11497 (Duplicate): Dashboard: CPU Usage Meter Infinite Load: Jim Pingle
05:37 AM Bug #11497: Dashboard: CPU Usage Meter Infinite Load: Constantine Kormashev wrote:
> Probably related to https://redmine.pfsense.org/issues/11443
Can confirm. Re-enabl... Andy Dormire
05:30 AM Bug #11497: Dashboard: CPU Usage Meter Infinite Load: Probably related to https://redmine.pfsense.org/issues/11443 Constantine Kormashev
03:42 AM Bug #11497 (Duplicate): Dashboard: CPU Usage Meter Infinite Load: Howdy!
I worked with Netgate Support (ticket #76291) on an issue with my SG-5100 after upgrading to pfSense Plus 2... Andy Dormire
05:44 AM pfSense Packages Feature #11386 (Feedback): Add WireGuard tunneled networks to vpnaddresses list: PR has been merged. Thanks! Renato Botelho
05:42 AM pfSense Packages Feature #11385 (Feedback): Add WireGuard tunneled networks to vpnaddresses list: PR has been merged. Thanks! Renato Botelho
05:14 AM Feature #11420 (Feedback): New Dynamic DNS Provider: Gandi LiveDNS IPv6: PR has been merged. Thanks! Renato Botelho
05:09 AM Feature #11264 (Pull Request Review): Redirect Captive Portal users to login page after they logout: Renato Botelho
05:07 AM Feature #11103 (Feedback): Use virtual link local IP address as RA source address for HA environments: PR has been merged. Thanks! Renato Botelho
04:40 AM Bug #11483 (Feedback): Installer does not add required module to loader.conf when using ZFS: Fixed by commit de3efe409ae on FreeBSD-src... Renato Botelho
03:23 AM Bug #11483: Installer does not add required module to loader.conf when using ZFS: zfs_load="YES" to /boot/loader.conf workaround seems pretty good. Have one more fixed 21.02 ZFS device. Constantine Kormashev
02:57 AM Bug #10959: Traffic graph stopped on interface used via netmap: Can confirm this same behavior exists with Suricata with netmap enabled as well.
However, it appears to be an issu... Scott Morrison

02/21/2021

10:50 PM Feature #11496 (Resolved): Support for NTP Peer mode: If operating two pfSense machines, both of the same Stratum (for example both with GPS and stratum 1), it would be ni... Christian Borchert
07:49 PM Bug #11483: Installer does not add required module to loader.conf when using ZFS: Did a bit more testing and debugging.
The issue is not related to fstab or the drive order recognition.
The i... Sven Gruenitz
02:35 PM Revision 57296da0: Welcome pfSense CE 2.5.0-RELEASE-p1: Renato Botelho
02:28 PM Revision a97987a5: Non local gateways fix. Issue #11433: (cherry picked from commit 087d28fa3f5cfebfd4af7f4a4479b0fac053e062) Viktor Gurov
01:21 PM Regression #11495: NTP widget displays incorrect status: #3567 regression
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/150 Viktor Gurov
01:12 PM Regression #11495 (Closed): NTP widget displays incorrect status: https://forum.netgate.com/topic/160971/ntp-status:
On my dashboard GUI, I have a widget for NTP Status displayed. In... Viktor Gurov
12:44 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: I'm also having the same problem. Manually setting the monitor address to the link-local address has worked around th... Nick B
12:29 PM Bug #11494: Wireguard interface sends ICMP Redirect when routing between two peers: One last interesting tidbit, similar assumptions causing issues with p2p interfaces in ipv6 which caused issues for W... Blaine Palmer
12:22 PM Bug #11494: Wireguard interface sends ICMP Redirect when routing between two peers: It would appear this may need to be corrected in the FreeBSD upstream.
Possibly relevant:
https://github.com/free... Blaine Palmer
11:25 AM Bug #11494: Wireguard interface sends ICMP Redirect when routing between two peers: Just for reference, it appears a similar issue was observed early in WireGuard's original development.
https://git... Blaine Palmer
10:45 AM Bug #11494 (Rejected): Wireguard interface sends ICMP Redirect when routing between two peers: When PFSense is used to route traffic between two WireGuard peers, it send ICMP Redirect when both peers are on the s... Blaine Palmer
11:24 AM Regression #11316: Unbound crashes with signal 11 when reloading: Pim Janssen wrote:
> I never had any problem with the core system of pfSense on production. Today my unbound died. (... Renato Botelho
10:57 AM Regression #11316: Unbound crashes with signal 11 when reloading: I never had any problem with the core system of pfSense on production. Today my unbound died. (about 5 hours after up... Pim Janssen
08:27 AM Regression #11316 (Feedback): Unbound crashes with signal 11 when reloading: Renato Botelho
08:27 AM Regression #11316: Unbound crashes with signal 11 when reloading: 1.13.1 cherry-picked to 2.5.0 branch Renato Botelho
09:31 AM Bug #11453: ``wpa_supplicant`` uses 100% of a CPU core at boot: Jordan Greene wrote:
> I'm using this currently as well but have not encountered any issues with CPU usage on 21.02 ... Matt Johnson
12:10 AM Bug #11453: ``wpa_supplicant`` uses 100% of a CPU core at boot: Jordan Greene wrote:
> I'm using this currently as well but have not encountered any issues with CPU usage on 21.02 ... Hayden Hill
08:28 AM Regression #11433 (Feedback): Gateways with "Use non-local gateway" set are not added to routing table: Cherry picked to 2.5.0 Renato Botelho
05:31 AM pfSense Packages Bug #11493 (New): After upgrade zabbix proxy wont start: Due to database changes between zabbix-proxy versions. The proxy database needs to be removed after upgrading else th... Pim Janssen
03:37 AM Bug #11485 (Duplicate): Second WAN DHCPv6 does affect the first WAN DHCPv6 to not work: duplicate of #6880 Viktor Gurov
01:08 AM Bug #11485: Second WAN DHCPv6 does affect the first WAN DHCPv6 to not work: For sure no. There where too many bugs with IPv6 in general in the past on the WAN side. But with 2.5.0 a lot of them... Dirk Steingäßer
12:12 AM Bug #11485: Second WAN DHCPv6 does affect the first WAN DHCPv6 to not work: Dirk Steingäßer wrote:
> Adding a second DHCPv6 WAN affect the first DHCPv6 WAN to not work anymore. It just stays o... Hayden Hill
03:08 AM pfSense Packages Feature #11492 (Duplicate): there is an Freebsd version available for a splunk universal forwarder: Splunk is great log analyzer. As well there is a free version available.
I my opinion it might be a good idea to u... thiamata thiamata
03:01 AM Feature #11228 (Resolved): Replace HTTP links with HTTPS in the GUI: Viktor Gurov
01:19 AM Bug #9460: OpenVPN local auth failing due to fcgicli output: similar issue: #4521 Viktor Gurov
12:02 AM Bug #9460: OpenVPN local auth failing due to fcgicli output: I am also having the same issue using "Local Database".
The error in the OpenVPN server log is "Connection reset, ... Elon l
01:18 AM pfSense Packages Bug #11491 (Feedback): haproxy-devel v0.62_2 - startup error 'httpchk': Seeing this error message upon startup (under 2.5.0):
haproxy: startup error output!: [WARNING] 051/015053 (57019)... A S
01:18 AM Bug #4521: OpenVPN authentication and certificate validation fail due to size of data passed through ``fcgicli``: another php-cgi issue: #9460 Viktor Gurov
01:11 AM pfSense Packages Bug #11490 (New): Service Watchdog - Impacts Reboots and Package Updates: All - wasn't quite sure which to attribute this to as its a package, but is impacting standard operation.
Synopsis... A S

02/20/2021

11:06 PM Bug #11489 (Resolved): Invalid certificate data can cause a PHP error: I get the following message on the main admin page.
pfSense has detected a crash report or programming bug. Click ... Simon Brezovnik
10:28 PM Revision 2fe5cc52: Don't add empty pools line. Fixes #11488: (cherry picked from commit bb3a6eb44958841df4257ae7936e6714d1ed99a8) Jim Pingle
10:28 PM Revision bb3a6eb4: Don't add empty pools line. Fixes #11488: Jim Pingle
10:20 PM Revision afffe759: Fix child SA name generation. Fixes #11487: (cherry picked from commit eb5bd64face47422285cb883ad44fc5d77c361fa) Jim Pingle
10:20 PM Revision eb5bd64f: Fix child SA name generation. Fixes #11487: Jim Pingle
10:18 PM Revision ded7970b: Fix IPsec connect/disconnect for all tunnels. Fixes #11486: (cherry picked from commit 50c2b3f9586090593bf45a7c5c6d5873f7fd4cdf) Jim Pingle
10:16 PM Revision 50c2b3f9: Fix IPsec connect/disconnect for all tunnels. Fixes #11486: Jim Pingle
09:18 PM Bug #11453: ``wpa_supplicant`` uses 100% of a CPU core at boot: I'm using this currently as well but have not encountered any issues with CPU usage on 21.02 --- additional informati... Jordan G
08:28 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: Scott Long wrote:
> I don't think that this is related to https://redmine.pfsense.org/issues/11444.
I agree. The ... Bill Meeks
05:57 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: I don't think that this is related to https://redmine.pfsense.org/issues/11444. Scott Long
07:39 PM Bug #11483: Installer does not add required module to loader.conf when using ZFS: I am also running into this with the 21.02 recovery image on the SG-5100.
No issue with prior builds and no issue wh... Sven Gruenitz
12:49 PM Bug #11483: Installer does not add required module to loader.conf when using ZFS: I ran into this.. Trying to switch sg-4860 8GB/32GB eMMC model from UFS to ZFS doing clean install from USB boot.. JohnPoz _
12:46 PM Bug #11483: Installer does not add required module to loader.conf when using ZFS: The ZFS case fails in the same way whether installing to eMMC or mSATA.
See also: https://redmine.pfsense.org/issues... Steve Wheeler
12:44 PM Bug #11483 (Resolved): Installer does not add required module to loader.conf when using ZFS: The ADI installer image correctly installs to eMMC or mSATA creating a bootable install on RCC-VE with the default in... Steve Wheeler
06:43 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: Same issues as noted above.
I was able to get IP6 working after configuring IP6 gateway monitoring to IP6 addres... Pete C
05:59 PM pfSense Plus Regression #11444 (In Progress): SG-3100 doesn't pass traffic after upgrade to 21.02: Scott Long
05:56 PM pfSense Plus Regression #11444: SG-3100 doesn't pass traffic after upgrade to 21.02: There is a fix that passes my testing here:
https://reviews.freebsd.org/D28821
The above patch is for FreeBSD H... Scott Long
05:54 PM Regression #11433: Gateways with "Use non-local gateway" set are not added to routing table: I am facing the same problem at OVH. After the migration some pfSense stopped the gateway.
I found it strange beca... Tácio Andrade
04:35 PM Bug #11488 (Feedback): IPsec tunnel definitions have ``pools =`` entry in ``swanctl.conf`` with no value: Applied in changeset commit:bb3a6eb44958841df4257ae7936e6714d1ed99a8. Jim Pingle
04:26 PM Bug #11488 (Closed): IPsec tunnel definitions have ``pools =`` entry in ``swanctl.conf`` with no value: Some IPsec connections have "pools =" with no value. The line should be omitted in this case rather than being presen... Jim Pingle
04:30 PM Regression #11487 (Feedback): IPsec tunnels using expanded IKE connection numbers do not have proper child SA names in ``swanctl.conf``: Applied in changeset commit:eb5bd64face47422285cb883ad44fc5d77c361fa. Jim Pingle
04:10 PM Regression #11487 (Closed): IPsec tunnels using expanded IKE connection numbers do not have proper child SA names in ``swanctl.conf``: Tunnels with expanded IKE connection numbers (e.g. "con100000") are not forming proper child SA con numbers. The nume... Jim Pingle
04:25 PM Regression #11486 (Feedback): Connect and disconnect buttons on the IPsec status page do not work for all tunnels: Applied in changeset commit:50c2b3f9586090593bf45a7c5c6d5873f7fd4cdf. Jim Pingle
04:07 PM Regression #11486 (Closed): Connect and disconnect buttons on the IPsec status page do not work for all tunnels: The connect and disconnect buttons on IPsec status are not working for all tunnels. When they don't work, there appea... Jim Pingle
04:23 PM Regression #11455 (Not a Bug): The ipsec configuration migrated from 2.4.x to 2.5 fails in certain cases.: There is no problem with having 0 for those. It will still work properly and assume sane defaults as if they are blan... Jim Pingle
04:05 PM Bug #11485 (Duplicate): Second WAN DHCPv6 does affect the first WAN DHCPv6 to not work: Adding a second DHCPv6 WAN affect the first DHCPv6 WAN to not work anymore. It just stays on "pending" and does not r... Dirk Steingäßer
04:00 PM Bug #11484 (Not a Bug): Adding static routed subnets destroys the route at routing table: Adding static routed subnets to wireguard allowed subnets destroys the static route.
The subnet is then just added... Dirk Steingäßer
12:33 PM pfSense Packages Bug #8466 (Resolved): radiusd crash: Tested on the latest release.
It works as expected. Ticket resolved. Danilo Zrenjanin
12:18 PM Bug #11482 (Closed): WireGuard interfaces do not always have proper MTU applied: When you set the mtu of an assigned wg interface, that value is not honoured. The mtu of the interface is always 142... Derek Battams
11:44 AM Bug #11481 (Closed): NAT Reflection does not work when "NAT Reflection mode for port forwards" is set to "pure nat": Description:
i notice that when using nat+proxy then nat reflection works but when using pure nat then it does not. ... aniel arias
11:03 AM Feature #11228: Replace HTTP links with HTTPS in the GUI: Checked in:
2.6.0-DEVELOPMENT (amd64)
built on Sat Feb 20 01:03:44 EST 2021
FreeBSD 12.2-STABLE
These which a... Max Leighton
10:56 AM pfSense Packages Bug #11465: Input validation does not prevent multiple conflicting WireGuard peers on a single tunnel from attempting to act as default route: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/149 Viktor Gurov
10:06 AM Feature #11390 (Resolved): Copy button for Authentication Server entries: Tested in
2.6.0-DEVELOPMENT (amd64)
built on Sat Feb 20 01:03:44 EST 2021
FreeBSD 12.2-STABLE
It works well.... Max Leighton
09:35 AM Bug #11464: Requests to ``ews.netgate.com`` do not honor proxy configuration: Thank you for the quick turnaround Steve; I'll be back in office starting February and will verify it then. Florian Apolloner
07:48 AM Bug #9460: OpenVPN local auth failing due to fcgicli output: Aurelian Rau wrote:
> Hello, as Joakim Gilje mentioned, this issue is still present in the release version of pfSens... Viktor Gurov
06:23 AM Bug #9460: OpenVPN local auth failing due to fcgicli output: Hello, as Joakim Gilje mentioned, this issue is still present in the release version of pfSense 2.5. We had our OpenV... Aurelian Rau
06:04 AM Bug #11480 (Duplicate): mDNS repeater (Avahi) over WireGuard not working at all: Hi,
I've been enjoying WireGuard so far with the nightly builds of pfSense 2.5 and am happy to see the full releas... Michael .
05:57 AM pfSense Packages Bug #11477: FRR does not recognize some BFD options: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/55 Viktor Gurov
04:20 AM pfSense Packages Bug #11477 (Feedback): FRR does not recognize some BFD options: BFD daemon failed to start due to using incorrect command syntax:... Viktor Gurov
05:55 AM Revision bd5d33d8: Fix openssl digest algorithm param in openvpn.inc: At least in OpenSSL 1.1.1i-freebsd, used by pfsense 2.5, there is no longer a "list-message-digest-algorithms" parame... mschiegl
05:53 AM pfSense Packages Bug #11479 (New): snmptt 1.4.2 does not work in daemon mode: There is a bug in snmptt 1.4.2 that prevents it from starting up in daemon mode.
Upstream bug report: https://sour... Christian Ullrich
05:45 AM Todo #10464: Don't change the current update repo when new releases are available: > If you don't automatically offer the upgrade then the update check on the dashboard and so on is not useful.
Why... Christian Ullrich
05:26 AM Bug #11478 (Duplicate): Restoring a backup on 2.4.5-p1 triggers an incomplete upgrade to 2.5.0: After running in to some regressions on 2.5.0 covered by other bugs on the tracker, I decided to re-install pfSense 2... King J
03:05 AM pfSense Packages Bug #11392: FRR - Advanced Routing Behavior - Network Import Check: Flag should be reversed: add "no bgp network import-check" if unchecked:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/54 Viktor Gurov
02:41 AM Bug #11476: Telegram and Pushover notification API calls do not respect proxy configuration: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/148 Viktor Gurov
02:12 AM Bug #11476 (Closed): Telegram and Pushover notification API calls do not respect proxy configuration: Telegram and Pushover notifications ingore proxy configuration on "System -> Advanced -> Miscellaneous"
see also #... Viktor Gurov
01:13 AM Regression #11447: EAP-RADIUS Mobile IPsec clients with RADIUS-assigned addresses do not get additional configuration attributes: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/147 Viktor Gurov
12:34 AM Regression #11475: Route tables with many entries can lead to PHP errors and timeouts when looking up routes: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/146 Viktor Gurov

02/19/2021

11:44 PM Regression #11475 (Closed): Route tables with many entries can lead to PHP errors and timeouts when looking up routes: Pfsense with FFR crashes in the web interface after update from 2.4.5-p1 to Pfsense 2.5.0
Right after update the d... Dirk Meyer
11:09 PM Bug #11285: Kernel crash on ALTQ-enabled wg interfaces: seems related to #11470 Viktor Gurov
11:08 PM Regression #11470: Panic when using CBQ traffic shaping: same issue: #11285 Viktor Gurov
02:05 PM Regression #11470 (Resolved): Panic when using CBQ traffic shaping: A couple users have reported a panic when using CBQ traffic shaping. It may also require using CBQ on VLAN interfaces... Jim Pingle
10:42 PM Bug #11474 (Resolved): Broken help link on IPsec Advanced Settings tab: Already fixed in commit:0a73926193d7d344b28d68a94e2f8bf2009ca119 Jim Pingle
08:51 PM Bug #11474 (Resolved): Broken help link on IPsec Advanced Settings tab: when I am in VPN>IPsec>Advanced Settings and click for help "?" it takes me to wrong URLs
2.5.0-RELEASE (amd64)
... Alhusein Zawi
09:00 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: As noted in the thread now, this also affects firewall rules that make use of the Gateway option. Because the IPv6 ga... Anonymous
07:08 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: something wrong with @/var/etc/rtsold_{realif}_script.sh@ -
it saves empty @/tmp/{realif}_routerv6@ and @/tmp/{reali... Viktor Gurov
01:26 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: Same here after update from 2.4.5_1 to 2.5.0. IPv6 is working but Gateway only shows "~" and there is no IPv6 Gateway... Car F
08:12 PM Bug #11473 (New): System Activity shows invalid data on SG-3100: On the SG-3100 the first output from 'top -aSH' shows invalid data for system idle usage.
Subsequent output is corre... Steve Wheeler
07:37 PM Revision 585e7567: Fix alias renaming issue: Steve Beaver
06:54 PM pfSense Docs Correction #11399: SG-3100 M.2 Installation Guide Reinstall Corrections: Marcos Mendoza wrote:
> 1. I believe "run recovery" wipes emmc, so separate instructions here may not be needed.
> ... Kris Phillips
06:24 PM Revision 6ecf793e: Fixed #5685 - Renaming alias does not update firewall rules containg that alias: Steve Beaver
04:16 PM pfSense Docs Correction #11472 (Closed): Typo in https://docs.netgate.com/pfsense/en/latest/vpn/selection.html: One or more words are missing at the beginning of the section on "Choosing a VPN solution -> Interoperability":
To... Susan Kleinmann
03:52 PM Bug #11453: ``wpa_supplicant`` uses 100% of a CPU core at boot: Hayden Hill wrote:
> I am also having this issue. Started with 21.02 (2.5)
>
> Matt Johnson wrote:
> > https://g... Greg Revelle
03:46 PM Bug #11187: WAN_DHCP6 down, but IPv6 actually works: Still present on 2.5.0
Aforementioned error message is unrelated, happens even when all gateways are "online", wil... Aleksandr Mezin
03:36 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: The Signal 10 error occurs when an executable attempts to access a memory address on a non-word aligned boundary in A... Bill Meeks
03:19 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: Marcos Mendoza wrote:
> After installing Snort and starting the service on an interface, fails to start and the foll... Michael Spears
12:02 PM pfSense Plus Bug #11466 (Closed): PHP exits with signal 11 on SG-3100 when calling PCRE functions: After installing Snort and starting the service on an interface, fails to start and the following is reported on the ... Marcos M
03:28 PM Regression #11447: EAP-RADIUS Mobile IPsec clients with RADIUS-assigned addresses do not get additional configuration attributes: As a workaround, define a pool network. Clients will still pull their assigned addresses from RADIUS and the other se... Jim Pingle
03:19 PM Revision 2cb3c56d: Fixed #11464 by adding proxy configuration to web service calls: Steve Beaver
03:09 PM Bug #11463: Requirements for trusted certificates: The issue that most people will not see even that it changes color to yellow as change cert type much lower then vali... DRago_Angel [InV@DER]
08:10 AM Bug #11463 (Rejected): Requirements for trusted certificates: From the notes and commits on #9825 you can already see we lowered things to 398 days later in the issue, it did not ... Jim Pingle
07:59 AM Bug #11463: Requirements for trusted certificates: Oh, text says correctly: Server certificates should not have a lifetime over 398 days or some platforms may consider ... DRago_Angel [InV@DER]
07:47 AM Bug #11463 (Rejected): Requirements for trusted certificates: 1. Based on https://redmine.pfsense.org/issues/9825 must set validity time to 825 days for new SSL certs, but on 2.4.... DRago_Angel [InV@DER]
03:04 PM pfSense Packages Bug #11468: pfsense+ 21.02 missing zabbix44 package: Hi Jim, ok, thank you for reply DRago_Angel [InV@DER]
01:58 PM pfSense Packages Bug #11468 (Rejected): pfsense+ 21.02 missing zabbix44 package: It's expected, they are EOL and gone from ports so we have no way to keep them.... Jim Pingle
01:49 PM pfSense Packages Bug #11468 (Rejected): pfsense+ 21.02 missing zabbix44 package: Hi, after update to pfsense+ 21.02 my zabbix was been removed, I checked and installed 4.0, but my server is 4.4 so p... DRago_Angel [InV@DER]
02:52 PM pfSense Docs Correction #11471 (New): Inconsistencies in Developing Packages document (``config_file``/``configurationfile``): *Page:* https://docs.netgate.com/pfsense/en/latest/development/develop-packages.html
*Feedback:*
It seems like ... Andreas Lindhé
01:59 PM Bug #11469 (Duplicate): Pfsense 2.5.0 not working with Generation 2 Hyper-V VM: Already tracked at #10671 Jim Pingle
01:54 PM Bug #11469 (Duplicate): Pfsense 2.5.0 not working with Generation 2 Hyper-V VM: First Scenario
When I create a Hyper-V VM selecting generation 2 as the hardware, pfsense will install but after ins... Adam Esslinger
01:55 PM Bug #11467 (Rejected): RTSP issue: There isn't nearly enough detail here for a bug report, and this site is not for support or diagnostic discussion.
... Jim Pingle
12:13 PM Bug #11467 (Rejected): RTSP issue: I upgraded from 2.4.5 to 2.5 yesterday and since i can no longer see my video stream (Sounds still works but its supe... Antony Cossette
11:47 AM pfSense Packages Bug #11449: BIND fails during/after upgrade to 21.02/2.50: Thats running pfsense 2.5 upgraded from 2.4.5-p1 Wayne Graves
11:46 AM pfSense Packages Bug #11449: BIND fails during/after upgrade to 21.02/2.50: I'm using a Supermicro SuperServer E200-8D - Mini-1U - Xeon D-1528 1.9 GHz 32g ecc 500g ssd NMVe. A clean bind instal... Wayne Graves
10:41 AM pfSense Packages Bug #11449: BIND fails during/after upgrade to 21.02/2.50: I'll remove all the files tonight and then try it again with clean files.
It's running on a Netgate SG-3100
***... Tchello Mello
10:37 AM pfSense Packages Bug #11449: BIND fails during/after upgrade to 21.02/2.50: same issue with a clean BIND install?
pfSense Plus 21.02 or pfSense 2.5?
what kind of appliance? VM, Netgate applia... Viktor Gurov
09:10 AM pfSense Packages Bug #11449: BIND fails during/after upgrade to 21.02/2.50: -I'm going to check how can I install strace on this box to see if I can further debug it.
Used `truss` however, ... Tchello Mello
05:32 AM pfSense Packages Bug #11449: BIND fails during/after upgrade to 21.02/2.50: Wayne Graves wrote:
> unbound not running when this occurred on my pfsense 2.5.
Yea, ignore my comment (I deleted... Chris R
05:20 AM pfSense Packages Bug #11449: BIND fails during/after upgrade to 21.02/2.50: unbound not running when this occurred on my pfsense 2.5. Wayne Graves
04:20 AM pfSense Packages Bug #11449: BIND fails during/after upgrade to 21.02/2.50: can be related to #7271 Viktor Gurov
10:25 AM Todo #10464: Don't change the current update repo when new releases are available: If you don't automatically offer the upgrade then the update check on the dashboard and so on is not useful. The fire... Jim Pingle
09:35 AM Todo #10464: Don't change the current update repo when new releases are available: I think this is the wrong approach. Rather than preventing package updates if a pfSense version upgrade is pending, t... Christian Ullrich
09:40 AM Bug #11457: Client DNS doesn't resolve when using VIP in place of interface IP: After working on the forum thread, this is due to the "Enable SSL/TLS Service" setting which requires unbound have @i... Jim Pingle
08:44 AM Bug #11457 (Rejected): Client DNS doesn't resolve when using VIP in place of interface IP: "All" works fine for me here in an HA setup with CARP. Clients query the CARP VIP and receive responses from the CARP... Jim Pingle
08:23 AM Bug #11457: Client DNS doesn't resolve when using VIP in place of interface IP: The bug is the "All" Network Interface isn't including VIPs. If I manually select all of the network interfaces (exc... Travis McMurry
12:00 AM Bug #11457: Client DNS doesn't resolve when using VIP in place of interface IP: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/142 Viktor Gurov
09:25 AM Bug #11464: Requests to ``ews.netgate.com`` do not honor proxy configuration: Applied in changeset commit:2cb3c56db2366c9cadb04757bd3143ea0d7e7378. Anonymous
09:20 AM Bug #11464 (Feedback): Requests to ``ews.netgate.com`` do not honor proxy configuration: Fixed by adding proxy configuration to web service calls. Thanks! Anonymous
07:53 AM Bug #11464 (Resolved): Requests to ``ews.netgate.com`` do not honor proxy configuration: Our firewall rejects requests to ews.netgate.com, and we have configured a proxy in pfsense via "System -> Advanced -... Florian Apolloner
09:09 AM Bug #11462: Nested alias is not working on version 2.5.0: Really sorry, I have cleaned up my browser cache and it worked again.
Sorry about the inconvenience. Thiago Augusto Koroll
08:59 AM Bug #11462 (Rejected): Nested alias is not working on version 2.5.0: I can't reproduce the problem as stated even using your exact inputs. Either there is some missing factor not visible... Jim Pingle
07:05 AM Bug #11462 (Rejected): Nested alias is not working on version 2.5.0: Hi,
I just upgraded my pfSense from 2.4.5 to version 2.5.0 and I cannot edit or create nested alias.
I am getti... Thiago Augusto Koroll
08:11 AM Bug #11458 (Duplicate): Dashboard - Obtaining update status - forever: Yes, it is a duplicate of #11443 Jim Pingle
07:44 AM Bug #11458: Dashboard - Obtaining update status - forever: I believe this is a duplicate of #11443, which presents a workaround for this issue. Jove Too
02:50 AM Bug #11458: Dashboard - Obtaining update status - forever: This is Only happening on the dashboard
Obtaining update status never completes
going to system->update status retr... Jason Hodgdon
01:38 AM Bug #11458 (Duplicate): Dashboard - Obtaining update status - forever: This is Only happening on the dashboard
Obtaining update status never completes
going to system->update status retr... Jason Hodgdon
08:10 AM Todo #11426 (Feedback): Deprecate old cryptographic accelerator hardware which is not viable on modern systems: The support for the old hardware was removed from kernel and from the GUI. Luiz Souza
08:03 AM Bug #11437: WireGuard group is not printed in the interface column of the NAT rule list: The PR is still pending so there isn't anything to try yet. Once it's committed and this issue is in a Feedback state... Jim Pingle
06:04 AM Bug #11437: WireGuard group is not printed in the interface column of the NAT rule list: Hi all,
Do you need me to do some test here by my side? If you need, just say. Marcelo Gondim
08:01 AM Bug #11460: Adding a second peer results in Cannot allocate memory: Added new issue to create input validation which will protect against this misconfiguration: #11465 Jim Pingle
07:56 AM Bug #11460 (Rejected): Adding a second peer results in Cannot allocate memory: You cannot have multiple peers with "0.0.0.0/0" as AllowedIPs. It's an invalid configuration, WireGuard has no way to... Jim Pingle
04:14 AM Bug #11460 (Rejected): Adding a second peer results in Cannot allocate memory: One peer configured on my wg1 tunnel works fine:... pierre gleich
08:01 AM pfSense Packages Bug #11465 (Closed): Input validation does not prevent multiple conflicting WireGuard peers on a single tunnel from attempting to act as default route: WireGuard uses Allowed IPs for internal routing to decide where to send traffic to a peer. When a peer has Allowed IP... Jim Pingle
07:57 AM Regression #11451: Openvpn wants to use route it should create first: This is an error when openvpn does not use the outgoing interface specified in the openvpn settings and instead tries... Rene Hutschreuther
07:29 AM Regression #11451: Openvpn wants to use route it should create first: There is no bug here, it's a configuration problem, and this site is not for support or diagnostic discussion.
For... Jim Pingle
07:18 AM Regression #11451: Openvpn wants to use route it should create first: With a created static route to the Vpn server it only works if I use the Ip address of the vpn server and not the Dns... Rene Hutschreuther
05:55 AM Regression #11451: Openvpn wants to use route it should create first: The default route of the system is set in the Openvpn settings via Wan but Openvpn ignores the settings and continues... Rene Hutschreuther
07:56 AM Bug #9460: OpenVPN local auth failing due to fcgicli output: Hi all, after a recent upgrade to pfsense 2.5 as released, I had to manually apply the reverted patch ce76f299853dccb... Joakim Gilje
07:55 AM pfSense Packages Bug #11459 (Pull Request Review): pfBlockerNG doesn't include WireGuard interface in outbound floating rules: Jim Pingle
04:13 AM pfSense Packages Bug #11459: pfBlockerNG doesn't include WireGuard interface in outbound floating rules: https://github.com/pfsense/FreeBSD-ports/pull/1044 Viktor Gurov
04:07 AM pfSense Packages Bug #11459 (Resolved): pfBlockerNG doesn't include WireGuard interface in outbound floating rules: pfBlockerNG needs an option on the General tab for "WireGuard" similar to the "IPsec", "OpenVPN" and "L2TP VPN" optio... Viktor Gurov
07:55 AM pfSense Packages Feature #10739: Update HAproxy-devel package to 2.2 and HAproxy to 2.0: To add:
1. Now *Auto* SSL/TLS Compatibility Mode description says:
</code>If unsure leave it as 'Auto'</pre>
This ... DRago_Angel [InV@DER]
07:53 AM pfSense Plus Regression #11444: SG-3100 doesn't pass traffic after upgrade to 21.02: If you can re-enable those and test again, monitor the CPU usage, CPU temp, and so on to see if they are unusually hi... Jim Pingle
03:36 AM pfSense Plus Regression #11444: SG-3100 doesn't pass traffic after upgrade to 21.02: after uninstalling Snort and Suricata packages everything works fine
pfSense Plus 21.02 + pfBlockerNG-devel 3.0.0_10 Viktor Gurov
07:45 AM Bug #11446 (Pull Request Review): Mobile IPsec DNS server input validation does not reject unsupported IPv4-mapped IPv6 addresses: Jim Pingle
01:17 AM Bug #11446: Mobile IPsec DNS server input validation does not reject unsupported IPv4-mapped IPv6 addresses: check:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/145
see also #10694 Viktor Gurov
07:43 AM Regression #11443: Disabling 'State Table Size' in the System Information widget prevents other data from being displayed: This also prevents the System / Update / System Update menu item to work. Jove Too
07:41 AM Feature #11380: PHP shell playback script to modify Alias contents: Hi,
Would you mind putting an option to add a description on alias and entries?
Cheers, Thiago Augusto Koroll
07:41 AM Bug #11448 (Pull Request Review): Incorrect order of ``route-nopull`` option in OpenVPN client-specific override configuration: Jim Pingle
12:44 AM Bug #11448: Incorrect order of ``route-nopull`` option in OpenVPN client-specific override configuration: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/144 Viktor Gurov
07:41 AM Feature #9825: Requirements for trusted certificates in iOS 13 and macOS 10.15: Hi, actually new rules come in game: *from 1 September 2020*, SSL/TLS certificates cannot be issued for longer than 1... DRago_Angel [InV@DER]
07:40 AM Bug #11456 (Pull Request Review): Unbound Python Integration repeatedly mounts ``dev`` without unmounting: Jim Pingle
12:37 AM Bug #11456: Unbound Python Integration repeatedly mounts ``dev`` without unmounting: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/143 Viktor Gurov
07:24 AM pfSense Packages Bug #11461: zeek package - Web Interface does not display any log content Package/Zeek/Alerts/Real Time Inspection: Further problems identified in the zeek_alerts.php:
The content is updated every 10 seconds however, the results in ... Felix S
06:58 AM pfSense Packages Bug #11461: zeek package - Web Interface does not display any log content Package/Zeek/Alerts/Real Time Inspection: Further investigation seems to show that the web gui is leveraging zeek_alert_data.php for getting the data. However,... Felix S
04:44 AM pfSense Packages Bug #11461 (Resolved): zeek package - Web Interface does not display any log content Package/Zeek/Alerts/Real Time Inspection: Pfsense 2.5.0 - Release, Zeek 3.0.6_1
Confirmed that zeek is working properly by inspecting process list as well as ... Felix S
05:30 AM Revision da59b0a3: Merge branch 'master' into master: bitscher
02:31 AM Bug #11393 (Resolved): Incorrect copyright year on 2.5.0-RC (CE): Jim Pingle wrote:
> It's right on the server. That's a local cached copy. It should update itself within ~24hrs. Not... Viktor Gurov
02:11 AM pfSense Packages Bug #11333 (Resolved): Incorrect community-list format: 1.1.0_4 works as expected:... Viktor Gurov
01:55 AM Bug #11383: pfSense Proxy Authentication not working: Jim Pingle wrote:
> From a much older release, yes, but not from the last public release. It was broken in 2.4.5-p1 ... Michael Samer

02/18/2021

11:52 PM Bug #11457 (Rejected): Client DNS doesn't resolve when using VIP in place of interface IP: https://forum.netgate.com/topic/161056/client-dns-doesn-t-resolve-when-using-vip-in-place-of-interface-ip:
"My ins... Viktor Gurov
10:57 PM Bug #11296 (Resolved): Static route targets may still reachable via default route when the gateway they should route through is down: Fixed.
If WAN GW is down I cannot ping even if there was static route.
2.5.0-RELEASE (amd64)
built on Tue Feb ... Alhusein Zawi
10:30 AM Bug #11296: Static route targets may still reachable via default route when the gateway they should route through is down: Applied in changeset commit:3fca57f8fae3733845c90338943c418bb77e68b7. Viktor Gurov
10:23 AM Bug #11296 (Feedback): Static route targets may still reachable via default route when the gateway they should route through is down: PR has been merged. Thanks! Renato Botelho
10:20 PM pfSense Packages Bug #11449: BIND fails during/after upgrade to 21.02/2.50: I'm also hitting the same problem on my SG-3100.
Seeing the same permissions problems here is what I'm seeing:
... Tchello Mello
12:30 PM pfSense Packages Bug #11449 (Resolved): BIND fails during/after upgrade to 21.02/2.50: After upgrading to 21.02, the named service wouldn’t start and the logs said it was segfaulting ("signal 11"). So I r... Anthony Pants
10:01 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: I am having this issue as well. Starting with 2.5. Without manually overriding gateway monitoring for the ipv6 gatewa... Hayden Hill
09:11 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: "Me too"... After upgrading to 2.5.0, IPv6 did not work until I manually added an address for monitoring. After doing... Anonymous
05:28 PM Bug #11454 (Resolved): Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: Post update to 2.5.0 dpinger is not functioning for IPv6 gateway monitoring
Wan interface set to DHCPv6, WAN Inter... Mike McV
10:00 PM Bug #11453: ``wpa_supplicant`` uses 100% of a CPU core at boot: I am also having this issue. Started with 21.02 (2.5)
Matt Johnson wrote:
> https://github.com/MonkWho/pfatt
>
... Hayden Hill
04:16 PM Bug #11453 (Closed): ``wpa_supplicant`` uses 100% of a CPU core at boot: https://github.com/MonkWho/pfatt
Part of the project above is to use netgraph as a way to bypass the at&t provided... Matt Johnson
08:34 PM Bug #11456 (Resolved): Unbound Python Integration repeatedly mounts ``dev`` without unmounting: +As reported here+:
https://www.reddit.com/r/pfBlockerNG/comments/ln1gx1/pfblockerngdevel_leaking_mounts/
In file... BBcan177 .
07:45 PM Revision 01388d99: Add getVIPs() function for MVC: Steve Beaver
07:45 PM Revision 0d2a423c: Revised firewall_virtual_ip_edit for MVC: Steve Beaver
07:39 PM Revision f871d487: Fix broken help link.: (cherry picked from commit 0a73926193d7d344b28d68a94e2f8bf2009ca119) Jim Pingle
07:39 PM Revision 0a739261: Fix broken help link.: Jim Pingle
06:48 PM Revision 4ccf553a: firewall_virtual_ip refactored fro MVC: Steve Beaver
06:37 PM Regression #11455 (Not a Bug): The ipsec configuration migrated from 2.4.x to 2.5 fails in certain cases.: An ipsec configuration with version 2.4.x that contains these values
<rekey_time>0</rekey_time>
<reauth_time>0</rea... oscar sacristan
05:30 PM Bug #10671: pfsense 2.4.5_1 does not boot on Gen2 2012R2 HyperV VM: This also applies to pfsense 2.5.0. Also stalls on boot with input/output error. Jan de Groot
05:15 PM Revision d30498df: Fix filename in copyright message: Renato Botelho
05:01 PM Revision cc28c45f: Refactored system_advanced_misc for MVC: Steve Beaver
04:59 PM Bug #11452 (Duplicate): pkg breakage related to yet to be installed 21.02 base system: Part of that is expected (use @pkg-static@) but the real fix will come with #10464 Jim Pingle
04:08 PM Bug #11452 (Duplicate): pkg breakage related to yet to be installed 21.02 base system: It would appear merely running "pkg" in the shell of a 2.4.5_1 base system results in:
> @pkg: Warning: Major OS v... Craig Leres
04:59 PM Bug #11450: Problem with IPv6 netmask /128 in WireGuard: Hi Jim,
Patch applied and the problem persists. Marcelo Gondim
03:22 PM Bug #11450: Problem with IPv6 netmask /128 in WireGuard: Can you test this with the patch from #11433 applied?
commit:087d28fa3f5cfebfd4af7f4a4479b0fac053e062 Jim Pingle
01:57 PM Bug #11450: Problem with IPv6 netmask /128 in WireGuard: If I run: route -6 delete fc00:1111::1/128
It removes 7400:1000::/0 from the route table. Marcelo Gondim
12:52 PM Bug #11450 (Rejected): Problem with IPv6 netmask /128 in WireGuard: Hi All,
Creating a WireGuard VPN, I realized that when registering a Peer in "Allowed IPs" he accepts to enter an ... Marcelo Gondim
04:31 PM Revision 087d28fa: Non local gateways fix. Issue #11433: Viktor Gurov
04:29 PM Revision 4e5e99a6: Show switch tagging ports on status_interfaces page. Implements #10804: Viktor Gurov
04:27 PM Revision b785f439: RTL8153 USB ethernet module. Implements #11125: Viktor Gurov
04:25 PM Revision 47df65c3: Replace HTTP links to HTTPS. Implemets #11228: Viktor Gurov
04:22 PM Revision 3fca57f8: Delete static routes on gateway down. Fixes #11296: Viktor Gurov
04:21 PM Revision 16d5365c: Remove unused L2TP VPN directory. Fixes #11299: Viktor Gurov
04:20 PM Revision a628e8ca: Hide MAC address field for pseudo-interfaces. Issue #11387: Viktor Gurov
04:19 PM Revision 57dc81ea: Authentication Servers copy button. Feature #11390: Viktor Gurov
04:18 PM Revision 8673ae11: Unbound ip6.arpa local-zone type. Fixes #11403: Viktor Gurov
04:08 PM Revision 861d6eef: aliasmod shell script. Implements #11380: Viktor Gurov
04:06 PM Revision 1d378c4e: Set correct TCP MSS for IPv6. Fixes #11409: Viktor Gurov
04:05 PM Revision 7c4b3d3c: Allow to use host portion of IPv6 in firewall rules. Feature #6626: Viktor Gurov
04:05 PM Revision 6e281116: L2TP VPN MTU option. Feature #11406: Viktor Gurov
04:02 PM Revision 5e280f4b: Xen console support. Feature #11402: Viktor Gurov
04:00 PM Revision f5736d98: Display negotiated cipher on Status / OpenVPN page. Implements #7077: Viktor Gurov
04:00 PM Revision 10eb0425: Do not prefix FQDN IPsec IDs with @. Fixes #11442: (cherry picked from commit c09137ab4726dc492c658c27b6c46e25f0fbb55b) Jim Pingle
04:00 PM Revision 57beb9ad: Find IPsec IKE SAs by their full name. Issue #11435: (cherry picked from commit 95a4e1a0e42392fe4523bf769589f74864446f8c) Jim Pingle
04:00 PM Revision ead65156: Find IPsec IKE SAs by their full name. Issue #11435: (cherry picked from commit 4e5857b656c7bfd59efadbb9a124876a5516c7df) Jim Pingle
04:00 PM Revision 9d08d4bf: Fix custom XMLRPC port for Captive Portal. Fixes #11425: (cherry picked from commit fef846ce7ec4158a140f359b0fb35182f6ae9db9) Jim Pingle
03:59 PM Revision f22b2155: Hide Shared Key field on OpenVPN client page in SSL/TLS mode. Fixes #11382: Viktor Gurov
03:58 PM Revision fe6b1252: Mythic-Beasts.com DynDNS provider support. Implements #7842: Viktor Gurov
03:57 PM Revision 6542fe08: RADIUS Advanced parameters. Feature #11211: Viktor Gurov
03:49 PM Regression #11316 (New): Unbound crashes with signal 11 when reloading: Now that there have been responses from several others on the forum post with info, it does appear there is a problem... Jim Pingle
03:22 PM Regression #11433: Gateways with "Use non-local gateway" set are not added to routing table: This could also be related to #11450 since it uses that function in this way Jim Pingle
11:29 AM Regression #11433 (Waiting on Merge): Gateways with "Use non-local gateway" set are not added to routing table: Renato Botelho
11:21 AM Regression #11433: Gateways with "Use non-local gateway" set are not added to routing table: Can confirm it fixes the issue for me :-) Daniel Berteaud
10:31 AM Regression #11433 (Feedback): Gateways with "Use non-local gateway" set are not added to routing table: PR has been merged. Thanks! Renato Botelho
10:19 AM Regression #11433: Gateways with "Use non-local gateway" set are not added to routing table: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/139 Viktor Gurov
07:19 AM Regression #11433: Gateways with "Use non-local gateway" set are not added to routing table: Indeed, forgot to mention I'm assigning a static /32 IPv4 on my WAN interface, not with DHCP Daniel Berteaud
07:17 AM Regression #11433: Gateways with "Use non-local gateway" set are not added to routing table: I can replicate this!
I was about to respond that this "works for me" because I have a pfSense demo VPS with a clo... M Felden
03:19 PM Bug #11437 (Pull Request Review): WireGuard group is not printed in the interface column of the NAT rule list: Jim Pingle
11:37 AM Bug #11437: WireGuard group is not printed in the interface column of the NAT rule list: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/140 Viktor Gurov
08:01 AM Bug #11437: WireGuard group is not printed in the interface column of the NAT rule list: Updating subject to make it a little more clear.
If you look at the generated ruleset in @/tmp/rules.debug@, does ... Jim Pingle
03:18 PM Regression #11443 (Pull Request Review): Disabling 'State Table Size' in the System Information widget prevents other data from being displayed: Jim Pingle
01:21 PM Regression #11443: Disabling 'State Table Size' in the System Information widget prevents other data from being displayed: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/141 Viktor Gurov
09:29 AM Regression #11443 (Resolved): Disabling 'State Table Size' in the System Information widget prevents other data from being displayed: In the dashboard System Information widget if you set the 'State Table Size' to not show the CPU usage and version up... Steve Wheeler
03:17 PM Regression #11451 (Not a Bug): Openvpn wants to use route it should create first: I'm not sure if this is a change in OpenVPN 2.5.0 or pfSense 2.5.0 here. I don't recall that working the way you desc... Jim Pingle
02:57 PM Regression #11451 (Not a Bug): Openvpn wants to use route it should create first: Since Pfsense version 2.5 openvpn is no longer able to connect to the server when the default gateway points to a vpn... Rene Hutschreuther
03:06 PM Revision c09137ab: Do not prefix FQDN IPsec IDs with @. Fixes #11442: Jim Pingle
02:48 PM Revision 819bd77c: Show gateway groups in OpenVPN Wizard. Fixes #11141: Viktor Gurov
02:45 PM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs: I can reproduce this here as well. It was working not too long ago, though. It doesn't seem to affect everything, how... Jim Pingle
06:16 AM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs: Have same issue, started on devel 2.5. Posted some details at https://forum.netgate.com/topic/159354/pfsense-2-5-0-a-... DRago_Angel [InV@DER]
02:43 PM Revision a2076602: Check that DHCP has gateway in interface_has_gateway(). Fixes #5135: Viktor Gurov
02:41 PM Revision 25e8eb57: Randomize ACB cron minutes. Implements #10811: Viktor Gurov
02:39 PM Revision 54b3109f: RADVD set AdvRDNSSLifetime. Fixes #11105: Viktor Gurov
02:38 PM Revision 9115501d: Down disabled interfaces on boot. Fixes #11091: Viktor Gurov
02:32 PM Revision 23fcdccc: Do not restart unchanged services on XMLRPC sync. Fixes #11082: Viktor Gurov
01:59 PM Bug #11428: CPU details are incorrect in the System Information widget after resetting log files: Same issue with finding the CPU flags to see what the CPU supports.
On older versions, dmesg.boot wasn't cleared, ... Jim Pingle
01:26 PM Bug #11428: CPU details are incorrect in the System Information widget after resetting log files: Jim Pingle wrote:
> This is because the number of packages and cores is currently scraped from /var/log/dmesg.boot, ... B. B.
12:50 PM Feature #11125: Kernel module for RTL8153 driver: Genevieve Kidwell wrote:
> Does this mean this was implemented in 2.6.x experimental?
yes, and will be available ... Renato Botelho
12:39 PM Feature #11125: Kernel module for RTL8153 driver: Does this mean this was implemented in 2.6.x experimental? Genevieve Kidwell
10:35 AM Feature #11125: Kernel module for RTL8153 driver: Applied in changeset commit:b785f439ab50b0d7a981a15ccd465ca8353a97ea. Viktor Gurov
10:27 AM Feature #11125 (Feedback): Kernel module for RTL8153 driver: PR has been merged. Thanks! Renato Botelho
12:40 PM Feature #11438: Allow multiple cryptographic accelerator modules to be loaded at the same time: That OpenVPN option probably needs to go away. Historically it has been pretty much a no-op. You can pick an engine t... Jim Pingle
11:47 AM Feature #11438: Allow multiple cryptographic accelerator modules to be loaded at the same time: Good point Jim,
probably i got mislead by openvpn configuration menu, showing me no available crypto acceleration on... Grzegorz Krzystek
11:32 AM Feature #11438: Allow multiple cryptographic accelerator modules to be loaded at the same time: We're still testing whether it's useful/possible to have multiple modules enabled, so making them mutually exclusive ... Jim Pingle
12:10 AM Feature #11438 (New): Allow multiple cryptographic accelerator modules to be loaded at the same time: not every service is able utilise QAT.
so it seems to be reasonable to do not unload AES-NI and bsdcrypto while QAT... Grzegorz Krzystek
12:34 PM pfSense Packages Bug #11434 (Feedback): SquidGuard over 1.16.18_11: Fix pushed to version 1.16.18_15. Thank you! Renato Botelho
12:21 PM pfSense Packages Bug #11434: SquidGuard over 1.16.18_11: I found the problem in /usr/local/pkg/squidguard_configurator.inc
Line: 903... Eduardo Silva
10:04 AM pfSense Packages Bug #11434: SquidGuard over 1.16.18_11: Hi, i have same problem. i try change Client (source) with ip, domain, etc.. and config file is written with correct ... Eduardo Silva
12:26 PM Bug #11448 (Closed): Incorrect order of ``route-nopull`` option in OpenVPN client-specific override configuration: https://openvpn.net/faq/overriding-a-pushed-route-in-the-clients-config-throws-an-error/:
When connecting to server ... Viktor Gurov
12:24 PM Bug #11383: pfSense Proxy Authentication not working: From a much older release, yes, but not from the last public release. It was broken in 2.4.5-p1 thus not a new regres... Jim Pingle
10:20 AM Bug #11383: pfSense Proxy Authentication not working: Renato Botelho wrote:
> Not a regression, move to next release.
IMHO, shouldn't this technically be considering a... Michael Spears
11:24 AM Regression #11447 (Closed): EAP-RADIUS Mobile IPsec clients with RADIUS-assigned addresses do not get additional configuration attributes: When using IKEv2 EAP-RADIUS mobile IPsec and assigning client addresses from RADIUS, the pools configuration is omitt... Jim Pingle
11:16 AM Bug #11446 (Closed): Mobile IPsec DNS server input validation does not reject unsupported IPv4-mapped IPv6 addresses: Adding an IPv4-mapped IPv6 address as a mobile IPsec DNS server on vpn_ipsec_mobile.php (ex: @fd00::1.2.3.4@) causes ... Jim Pingle
10:41 AM pfSense Packages Bug #11445: bgp as-path in wrong position: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/53 Viktor Gurov
10:24 AM pfSense Packages Bug #11445 (Resolved): bgp as-path in wrong position: https://forum.netgate.com/topic/160998/frr-7-5-full-bgp-table-very-slow-and-as-paths-not-working/4:... Viktor Gurov
10:35 AM pfSense Plus Feature #10804: Interface Status page information for switch uplinks may be replaced by switch port data when media state monitoring is set: Applied in changeset commit:4e5e99a61d422941e69b2caa11e948363409e48c. Viktor Gurov
10:29 AM pfSense Plus Feature #10804 (Feedback): Interface Status page information for switch uplinks may be replaced by switch port data when media state monitoring is set: PR has been merged. Thanks! Renato Botelho
10:30 AM Bug #11299: Unused L2TP VPN files are not removed when the service is disabled: Applied in changeset commit:16d5365ce65660f715fd521fae8aeb3b6b7a151a. Viktor Gurov
10:21 AM Bug #11299 (Feedback): Unused L2TP VPN files are not removed when the service is disabled: PR has been merged. Thanks! Renato Botelho
10:26 AM Feature #11228 (Feedback): Replace HTTP links with HTTPS in the GUI: PR has been merged. Thanks! Renato Botelho
10:25 AM Bug #11403: DNS Resolver does not add a ``local-zone`` type for ``ip6.arpa`` domain override: Applied in changeset commit:8673ae11ac96fbd2934133268d56829d6225b1c5. Viktor Gurov
10:18 AM Bug #11403 (Feedback): DNS Resolver does not add a ``local-zone`` type for ``ip6.arpa`` domain override: PR has been merged. Thanks! Renato Botelho
10:20 AM Bug #11387 (Feedback): Interfaces page displays MAC Address field for interfaces which do not support L2: PR has been merged. Thanks! Renato Botelho
10:19 AM Feature #11390 (Feedback): Copy button for Authentication Server entries: PR has been merged. Thanks! Renato Botelho
10:15 AM Feature #11380: PHP shell playback script to modify Alias contents: Applied in changeset commit:861d6eef97bc14679db7818a33cd9193ffe2eaf6. Viktor Gurov
10:08 AM Feature #11380 (Feedback): PHP shell playback script to modify Alias contents: PR has been merged. Thanks! Renato Botelho
10:15 AM Bug #11409: IPv4 MSS value is incorrectly applied to IPv6 packets: Applied in changeset commit:1d378c4ec6c440dabffba41bf5e4ef291acb9aa2. Viktor Gurov
10:07 AM Bug #11409 (Feedback): IPv4 MSS value is incorrectly applied to IPv6 packets: PR has been merged. Thanks! Renato Botelho
10:10 AM Feature #7077: Display negotiated data encryption algorithm in OpenVPN connection status: Applied in changeset commit:f5736d9827cf1997b648481c50993d69e3caedff. Viktor Gurov
10:00 AM Feature #7077 (Feedback): Display negotiated data encryption algorithm in OpenVPN connection status: PR has been merged. Thanks! Renato Botelho
10:06 AM Feature #6626 (Feedback): Support for IPv6 firewall entries with dynamic delegated prefix and static host address: PR has been merged. Thanks! Renato Botelho
10:05 AM Feature #11406 (Feedback): GUI option to set MTU for L2TP VPN server: PR has been merged. Thanks! Renato Botelho
10:05 AM Bug #11382: OpenVPN client configuration page displays Shared Key option when set for SSL/TLS: Applied in changeset commit:f22b21557e6a745dbb447ea488b97424e595efd7. Viktor Gurov
10:00 AM Bug #11382 (Feedback): OpenVPN client configuration page displays Shared Key option when set for SSL/TLS: PR has been merged. Thanks! Renato Botelho
10:05 AM Feature #7842: New Dynamic DNS Provider: Mythic-Beasts: Applied in changeset commit:fe6b125233f40f5919746b1cb90c39b459aa39fd. Viktor Gurov
09:59 AM Feature #7842 (Feedback): New Dynamic DNS Provider: Mythic-Beasts: PR has been merged. Thanks! Renato Botelho
10:02 AM Feature #11402 (Feedback): Xen console support: PR has been merged. Thanks! Renato Botelho
10:01 AM Bug #11425 (Feedback): XMLRPC error with Captive Portal and CARP failover when GUI is on non-standard port: Picked back Jim Pingle
09:57 AM Bug #11393: Incorrect copyright year on 2.5.0-RC (CE): It's right on the server. That's a local cached copy. It should update itself within ~24hrs. Not sure if there is any... Jim Pingle
03:47 AM Bug #11393: Incorrect copyright year on 2.5.0-RC (CE): same on 21.02 (SG-3100) Viktor Gurov
09:57 AM Feature #11211 (Feedback): GUI option to set RADIUS Timeout for EAP-RADIUS: PR has been merged. Thanks! Renato Botelho
09:49 AM pfSense Packages Bug #11404 (Feedback): Incorrect prefix/access lists migration on update: Merged Renato Botelho
09:48 AM pfSense Packages Feature #11405 (Feedback): add RPKI route map in GUI: Merged Renato Botelho
09:48 AM pfSense Packages Bug #8466 (Feedback): radiusd crash: Merged Renato Botelho
09:33 AM pfSense Plus Regression #11444: SG-3100 doesn't pass traffic after upgrade to 21.02: could be related: #11436 #11418 Viktor Gurov
09:30 AM pfSense Plus Regression #11444 (Resolved): SG-3100 doesn't pass traffic after upgrade to 21.02: After upgrading SG-3100 to pfSense Plus 21.02 NAT stopped working.
Test:
LAN PC (192.168.10.132):... Viktor Gurov
09:15 AM Regression #11442 (Feedback): Distinguished Name (FQDN) IPsec peer identifier type is not formatted properly in ``swanctl.conf`` secrets: Applied in changeset commit:c09137ab4726dc492c658c27b6c46e25f0fbb55b. Jim Pingle
09:04 AM Regression #11442 (Resolved): Distinguished Name (FQDN) IPsec peer identifier type is not formatted properly in ``swanctl.conf`` secrets: IPsec tunnels using an identifier type of "Distinguished Name" are not working properly. It appears that the identifi... Jim Pingle
08:55 AM Bug #11141: OpenVPN Wizard does not support gateway groups: Applied in changeset commit:819bd77ce13154ad3911310c6f3cb076a82e5fcb. Viktor Gurov
08:49 AM Bug #11141 (Feedback): OpenVPN Wizard does not support gateway groups: PR has been merged. Thanks! Renato Botelho
08:55 AM Bug #5135: DHCP interfaces are always treated as having a gateway, even if one is not assigned by the upstream DHCP server: Applied in changeset commit:a207660205a8c82466b63381f48a0355a32d8866. Viktor Gurov
08:47 AM Bug #5135 (Feedback): DHCP interfaces are always treated as having a gateway, even if one is not assigned by the upstream DHCP server: PR has been merged. Thanks! Renato Botelho
08:50 AM Feature #10811: Randomize time of scheduled AutoConfigBackup runs: Applied in changeset commit:25e8eb5772fd6d50c40c5eaf69805d94e5f89204. Viktor Gurov
08:43 AM Feature #10811 (Feedback): Randomize time of scheduled AutoConfigBackup runs: PR has been merged. Thanks! Renato Botelho
08:50 AM Bug #11105: IPv6 RA RDNSS lifetime is too short, not compliant with RFC 8106: Applied in changeset commit:54b3109f0b1978e22866117b6d93715eb8d78c29. Viktor Gurov
08:41 AM Bug #11105 (Feedback): IPv6 RA RDNSS lifetime is too short, not compliant with RFC 8106: PR has been merged. Thanks! Renato Botelho
08:45 AM Bug #11091: Interfaces set as disabled in the configuration have an UP status in the operating system at boot: Applied in changeset commit:9115501d6ab5197d9caf499e90779c020d711dca. Viktor Gurov
08:39 AM Bug #11091 (Feedback): Interfaces set as disabled in the configuration have an UP status in the operating system at boot: PR has been merged. Thanks! Renato Botelho
08:45 AM Bug #11082: XMLRPC synchronization restarts all OpenVPN instances on the secondary node when making any change on the primary node: Applied in changeset commit:23fcdcccd369603f4af6a89a0ec0a81505173f40. Viktor Gurov
08:36 AM Bug #11082 (Feedback): XMLRPC synchronization restarts all OpenVPN instances on the secondary node when making any change on the primary node: PR has been merged. Thanks! Renato Botelho
08:28 AM Regression #11441 (Rejected): Unable to create static routes: Something is not right on your system (maybe a broken upgrade ??). Line 764 of system.inc doesn't have a call to rou... Renato Botelho
08:16 AM Regression #11441 (Rejected): Unable to create static routes: Upon upgrading to 2.5.0, my pfSense instance was inaccessible. After some playing around with interfaces etc. it appe... Adam McKissock
08:09 AM pfSense Packages Feature #10858: OpenVPN Client silent install: Jordan Fishman wrote:
> Hello,
>
> There appears to be a bug in the page, where the "Save as default" button does... Viktor Gurov
08:03 AM Feature #11440: Expand collapsed sections by clicking anywhere on header: Updating the subject so it's more clear what you're asking for. Rather than clicking only on the +/- you want to expa... Jim Pingle
07:45 AM Feature #11440 (New): Expand collapsed sections by clicking anywhere on header: Hi! I would like to point out a little thing that could improve the pfSense user experience. I think it should be pos... Federico Galli
04:57 AM Feature #11439: IPv6 support in ``easyrule`` CLI script: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/138 Viktor Gurov
03:06 AM Feature #11439 (Resolved): IPv6 support in ``easyrule`` CLI script: https://forum.netgate.com/topic/160578/getting-errors-loading-rules-after-using-easyrule:
I recently tried to use ... Viktor Gurov
03:27 AM Revision e01266c0: Improve the handling of crypto offload hardware.: Remove support to deprecated hardware.
Task: #11426 Luiz Souza

02/17/2021

10:13 PM Bug #11437 (Closed): WireGuard group is not printed in the interface column of the NAT rule list: Hi all,
When creating a "NAT Outbound" rule and selecting the WireGuard interface, it does not appear in the liste... Marcelo Gondim
09:56 PM Revision 95a4e1a0: Find IPsec IKE SAs by their full name. Issue #11435: Jim Pingle
09:39 PM Revision 4e5857b6: Find IPsec IKE SAs by their full name. Issue #11435: Jim Pingle
08:38 PM pfSense Packages Feature #10779: HAProxy SSL/TLS Compatibility Mode: ... DRago_Angel [InV@DER]
08:32 PM pfSense Packages Feature #10739: Update HAproxy-devel package to 2.2 and HAproxy to 2.0: Hi Actually my ticket was much before of "duplicate", and my ticket contain details, that now issue with 2.2 in 2.5 p... DRago_Angel [InV@DER]
08:30 PM Revision edd24218: Update comments: Steve Beaver
08:27 PM Revision f483c24b: Provide system_advanced_firewall.inc: Steve Beaver
08:21 PM Revision f010f43c: Revised system_advanced_notificaions for MVC: Steve Beaver
08:10 PM Revision 9f5fbb5d: Merged system_advanced_network for MVC: Steve Beaver
08:06 PM Revision 93fee0fd: remove obsolete system_advanced.inc: Steve Beaver
07:58 PM Revision 33db4727: Fix hnaltqenable setting: Steve Beaver
05:14 PM Bug #10966: IPv6 - WAN does not renew address when upstream fails: Thanks all for your efforts on this, great to see it in the 2.5.0 release today! Sam McLeod
04:28 PM pfSense Plus Regression #11436 (Resolved): State matching problem with reponses to packets arriving on non-default WANs: I have quite specific multiwan setup
WAN (symmetric pppoe) port forward for ssh to lan (rpi)
WAN2 (symmetric comm... Grzegorz Krzystek
04:27 PM Revision 370baf79: Build 245 repo: Renato Botelho
04:12 PM Revision eaf6cfb5: Make default repo to be 2.5.0: Renato Botelho
03:58 PM Regression #11435 (Feedback): IPsec status incorrect for entries using expanded IKE connection numbers: I checked in a fix for the widget now as well. Worked on two systems here (one which worked before, another which did... Jim Pingle
03:40 PM Regression #11435: IPsec status incorrect for entries using expanded IKE connection numbers: I pushed a fix for the status page, widget works much differently so it needs handled another way. Jim Pingle
02:37 PM Regression #11435 (Closed): IPsec status incorrect for entries using expanded IKE connection numbers: IPsec status is not correctly matching some tunnels. #9592 introduced a mechanism to accommodate large numbers of VTI... Jim Pingle
02:18 PM Revision 219a41be: Split system_admin.inc into separate files per tab: Steve Beaver
01:23 PM pfSense Packages Bug #11434 (Resolved): SquidGuard over 1.16.18_11: Hi, first problem thatI found is when we are using ldapusersearch on groups acl.
In older version when I insert ldap... Robson Ferreira
11:54 AM Regression #11433: Gateways with "Use non-local gateway" set are not added to routing table: Attached is a screenshot of my VM during boot. Not sure if it's a symptom or a consequence of the default route missing Daniel Berteaud
11:36 AM Regression #11433: Gateways with "Use non-local gateway" set are not added to routing table: Do you see any errors in the console output while it boots when that happens?
There were numerous changes to gatew... Jim Pingle
11:31 AM Regression #11433 (Resolved): Gateways with "Use non-local gateway" set are not added to routing table: I'm using a non-local gateway as my default gateway (ticking the "Use non-local gateway through interface specific ro... Daniel Berteaud
11:33 AM Bug #11432: status_dhcp_leases.php doesn't load: Reset the install and restored back from the same config file and now it loads with minimal devices listed. Michael Walker
10:57 AM Bug #11432 (Rejected): status_dhcp_leases.php doesn't load: I can't replicate this here and there isn't nearly enough information to go by.
This site is not for support or di... Jim Pingle
10:13 AM Bug #11432 (Rejected): status_dhcp_leases.php doesn't load: Trying to access the DHCP leases page (https://UR_IP/status_dhcp_leases.php) but its never loads you end up getting 5... Michael Walker
11:04 AM Bug #11431 (Rejected): WAN IPv6 via Prefix Delegation over PPPoE: There were numerous improvements in IPv6 on PPPoE in 2.5.0 which was just released. If you can still replicate this p... Jim Pingle
09:58 AM Bug #11431 (Rejected): WAN IPv6 via Prefix Delegation over PPPoE: Hello,
the following wan setup is working with my provider.
WAN:
* IPv4 Configuration Type PPPoE
* IPv6 Configu... Jost Schoenleben
09:49 AM Bug #11401 (Resolved): Upgrade broken due to need to reinstall pkg: Jim Pingle
09:06 AM Bug #11428: CPU details are incorrect in the System Information widget after resetting log files: This is because the number of packages and cores is currently scraped from /var/log/dmesg.boot, and when you reset al... Jim Pingle
08:38 AM Bug #11416 (New): OpenVPN IPv4 Tunnel Network incorrectly allows hostnames: OK so you literally meant a host address inside a network, and not the network address.
We could do one of two thi... Jim Pingle
01:58 AM Bug #11416: OpenVPN IPv4 Tunnel Network incorrectly allows hostnames: A single host address with a CIDR mask. e.g., 10.0.8.1/24. Danilo Zrenjanin
08:36 AM Bug #11429: System Log / Settings form activates "Reset Log Files" button on enter: It is expected behavior, but if it's easy to change and improves the user experience, we may as well look into it. Jim Pingle
03:58 AM Bug #11429: System Log / Settings form activates "Reset Log Files" button on enter: I would say this is expected behavior. If you go to Firewall/Rules and hit Enter, the Delete button will be triggered... Danilo Zrenjanin
07:48 AM Bug #11430 (New): PHP console spam after Assigning Interfaces: After (re)assigning the interfaces at the console following a mismatch the WAN interface triggers a number or scripts... Steve Wheeler

02/16/2021

09:08 PM Revision fef846ce: Fix custom XMLRPC port for Captive Portal. Fixes #11425: Jim Pingle
06:49 PM Bug #11429 (New): System Log / Settings form activates "Reset Log Files" button on enter: I ran into this when I went to increase the size of my log files. Happy to see the action prompts for confirmation.
... Kai Groner
05:50 PM Revision d6db3d73: Completed networking section, subject to testing: Steve Beaver
03:43 PM Bug #11425 (Waiting on Merge): XMLRPC error with Captive Portal and CARP failover when GUI is on non-standard port: Jim Pingle
03:32 PM Bug #11425 (In Progress): XMLRPC error with Captive Portal and CARP failover when GUI is on non-standard port: Needs picked back after the release is tagged. Jim Pingle
03:15 PM Bug #11425 (Feedback): XMLRPC error with Captive Portal and CARP failover when GUI is on non-standard port: Applied in changeset commit:fef846ce7ec4158a140f359b0fb35182f6ae9db9. Jim Pingle
08:26 AM Bug #11425: XMLRPC error with Captive Portal and CARP failover when GUI is on non-standard port: Luca De Andreis wrote:
> .... after countless attempts and two tickets that you closed for me, I found the cause of ... Luca De Andreis
07:57 AM Bug #11425: XMLRPC error with Captive Portal and CARP failover when GUI is on non-standard port: Previous issues: #11218, #11220
Though you still did not provide enough information here, I managed to piece toget... Jim Pingle
05:02 AM Bug #11425 (Resolved): XMLRPC error with Captive Portal and CARP failover when GUI is on non-standard port: .... after countless attempts and two tickets that you closed for me, I found the cause of the problem.
The tcp por... Luca De Andreis
03:40 PM Bug #11428: CPU details are incorrect in the System Information widget after resetting log files: First reported here:
https://forum.netgate.com/topic/160762/cpu-info-disappear-on-pfsense-2-5-0-rc/2 B. B.
02:54 PM Bug #11428 (Resolved): CPU details are incorrect in the System Information widget after resetting log files: Some CPU Type information disappear after reset the log files under Status.
This happen on VMWare with 2.5.0 RC and ... B. B.
01:22 PM Revision 6fb4b1b0: Welcome pfSense 2.5.0-RELEASE: Renato Botelho
01:21 PM Revision 9f3752d8: Mark 2.5.0 as current stable version: Renato Botelho
01:19 PM Revision 2972e3fa: Mark 2.5.0 as current stable version: Renato Botelho
01:18 PM Revision 5b4f6490: Do not exclude unlisted package: Renato Botelho
01:18 PM Revision 6c5774dc: Mark 2.5.0 as current stable version: Renato Botelho
12:43 PM Bug #11427 (Incomplete): IPSEC Status page shows Connections twice (connected and disconnected): You haven't provided nearly enough information. At a minimum, provide the IPsec configuration as well as the output o... Jim Pingle
12:38 PM Bug #11427 (Duplicate): IPSEC Status page shows Connections twice (connected and disconnected): Hi,
I have two IPSEC connections, both are running fine.
On the Statuspage, the entries seams to be splittend in a ... Stefan Heck
09:49 AM Todo #11426 (Closed): Deprecate old cryptographic accelerator hardware which is not viable on modern systems: We are carrying drivers for a few bits of crypto hardware which do not make sense on current systems. Either due to l... Jim Pingle
08:49 AM Feature #6626 (Pull Request Review): Support for IPv6 firewall entries with dynamic delegated prefix and static host address: Jim Pingle
08:47 AM Bug #11409 (Pull Request Review): IPv4 MSS value is incorrectly applied to IPv6 packets: Jim Pingle
08:43 AM pfSense Docs Correction #11413 (Rejected): Feedback on Virtual LANs (VLANs) — pfSense VLAN Configuration: I think mentioning that might be confusing. It's pretty well established in the docs that the parent is completely un... Jim Pingle
08:41 AM Feature #2400 (Pull Request Review): GUI options for WPA Enterprise with identity/password: Jim Pingle
08:38 AM pfSense Packages Bug #8466 (Pull Request Review): radiusd crash: Jim Pingle
08:35 AM Bug #11416 (Feedback): OpenVPN IPv4 Tunnel Network incorrectly allows hostnames: By "host address" do you mean a single IP address without a CIDR mask ("x.x.x.x") or an FQDN? Jim Pingle
08:28 AM Bug #11415 (Rejected): fe80::1:1 duplicate from secondary pfSense: This seems unnecessary now -- the fe80::1:1 address was removed in #10661 on 2.5.0 (and HA isn't compatible with dyna... Jim Pingle
08:25 AM Bug #11418: 'NAT-T: Force' is broken for IPv6 IPsec: This is a problem in strongSwan and/or FreeBSD and not in pfSense software. See https://wiki.strongswan.org/issues/93... Jim Pingle
08:18 AM Feature #11420 (Pull Request Review): New Dynamic DNS Provider: Gandi LiveDNS IPv6: Jim Pingle
08:17 AM Bug #11424: Toggling pfSense update branch can lead to deinstall of packages without user confirmation: In the upgrade case, the branch is switched automatically. In your case, you did it manually. Same root cause.
Jim Pingle
08:15 AM Bug #11424: Toggling pfSense update branch can lead to deinstall of packages without user confirmation: I just want to clarify: In the case here the user does nothing to trigger a package update.
Merely toggling the b... M Felden
08:07 AM Bug #11424 (Duplicate): Toggling pfSense update branch can lead to deinstall of packages without user confirmation: Same root issue as #10464
Some of that can't be avoided due to conflict prevention, but solving the existing issue... Jim Pingle
08:15 AM pfSense Docs Todo #11421 (Resolved): Replace iTerm on iTerm2 due iTerm project close.: I fixed it, but it's fairly obvious. If someone searches for "iterm" they get led to the iterm2 page in several ways.... Jim Pingle
08:11 AM pfSense Docs New Content #11422 (Rejected): Add info about storing SSH public key in Backup: User SSH keys are public keys. There is nothing private/secret about them.
There is no more security loss by keepi... Jim Pingle
06:51 AM Bug #11423 (Duplicate): pfSense won't trust SMTP server TLS certificate signed by private CA: Renato Botelho
06:42 AM Bug #11423: pfSense won't trust SMTP server TLS certificate signed by private CA: Doh! Yep, I believe this issue can be closed as a duplicate of #4068.
Searching for issues regarding pfSense inter... Jonathon Reinhart
12:32 AM Bug #11423: pfSense won't trust SMTP server TLS certificate signed by private CA: https://redmine.pfsense.org/issues/4068 it's already done for 2.5.0 try the RC.
Grimson Gretzleburg

02/15/2021

09:31 PM Bug #11424 (Duplicate): Toggling pfSense update branch can lead to deinstall of packages without user confirmation: 2.4.5_1
Expected Behavior:
Merely changing update branch in System -> Update -> Update settings to RC should ... M Felden
07:16 PM pfSense Packages Feature #10858: OpenVPN Client silent install: Hello,
There appears to be a bug in the page, where the "Save as default" button does not save/apply the "silent i... Jordan Fishman
04:40 PM Bug #11423 (Duplicate): pfSense won't trust SMTP server TLS certificate signed by private CA: h1. TL;DR
I was surprised to find that there is no way in the pfSense UI to add external CA certificates that are ... Jonathon Reinhart
01:17 PM pfSense Docs New Content #11422 (Rejected): Add info about storing SSH public key in Backup: The "*AutoConfigBackup Service*" section https://docs.netgate.com/pfsense/en/latest/backup/autoconfigbackup.html
a... Sergei Shablovsky
11:01 AM pfSense Docs Todo #11421 (Resolved): Replace iTerm on iTerm2 due iTerm project close.: Dear pfSense DevTeam!
In pfSense Documents Secure Shell (SSH) section (https://docs.netgate.com/pfsense/en/latest/... Sergei Shablovsky
08:46 AM pfSense Packages Feature #11043: pfSense GUI for iperf3 / perf: Jim Pingle wrote:
> Maintaining a list of public servers is outside the scope of the package, and encouraging users ... Sergei Shablovsky
01:20 AM Revision 2efdd601: Add IPv6 support for Gandi LiveDNS dynamic DNS handler: * Simplify the use of the LiveDNS API by using another API call that
handles both creating and updating for a given n... bitscher

02/14/2021

07:38 PM Feature #11420: New Dynamic DNS Provider: Gandi LiveDNS IPv6: PR: https://github.com/pfsense/pfsense/pull/4500 Romain Bitschene
07:35 PM Feature #11420 (Closed): New Dynamic DNS Provider: Gandi LiveDNS IPv6: The current implementation of the dynamic DNS feature for Gandi LiveDNS in pfSense does not allow updates of AAAA rec... Romain Bitschene
03:03 AM Bug #11187: WAN_DHCP6 down, but IPv6 actually works: Still present on the current 2.5.0-RC
Simply rebooting also sometimes (in 50% cases maybe) fixes the issue.
Als... Aleksandr Mezin
02:21 AM Bug #11418 (Resolved): 'NAT-T: Force' is broken for IPv6 IPsec: While I tested IPsec I found that 'NAT-T: Force' is broken for IPv6. I've tried IKEv1 and IKEv2 with both 'Mutual cer... Azamat Khakimyanov

02/13/2021

11:11 PM pfSense Packages Feature #11022: Add feeds from Firebog.net to pfBlockerNG: 2.4.5p1 w/ pfblockerng-devel 3.0.0_10 shows additional firebog entries in feeds Jordan G
04:58 PM pfSense Packages Bug #11333: Incorrect community-list format: /var/log/frr/frr-reload.log is not generated in 2.4.5
2.4.5-RELEASE-p1 FRR 0.6.7_7
FRR 1.1.0_4 is n... Alhusein Zawi
10:32 AM pfSense Docs Todo #11417 (Closed): Feedback on Services — DNS Resolver — DNS Resolver Advanced Options: *Page:* https://docs.netgate.com/pfsense/en/latest/services/dns/resolver-advanced.html
*Feedback:*
Missing info... Viktor Gurov
06:53 AM Bug #11415: fe80::1:1 duplicate from secondary pfSense: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/137 Viktor Gurov
03:22 AM Bug #11415 (Rejected): fe80::1:1 duplicate from secondary pfSense: https://forum.netgate.com/topic/160181/fe80-1-1-duplicate-from-secondary-pfsense:
I've got a small setup with two ... Viktor Gurov
05:33 AM Bug #11416 (Resolved): OpenVPN IPv4 Tunnel Network incorrectly allows hostnames: If you enter a host address instead of a network address into the *IPv4 Tunnel Network* field, the setup will be acce... Danilo Zrenjanin
05:23 AM pfSense Packages Bug #8466: radiusd crash: I retested and added another minor fix.
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/51 Danilo Zrenjanin
05:00 AM Feature #2400: GUI options for WPA Enterprise with identity/password: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/136 Viktor Gurov
02:46 AM pfSense Packages Bug #11414 (New): Enabling feed "Public_DNS4_all" breaks some Google services: It seems at some point either public-dns.info added a wrong IP to their list of public DNS servers, Google changed so... T Toft
02:25 AM pfSense Packages Bug #11131 (Resolved): pfblockerng-devel 3.0.0_2 logs when logging is disabled: Viktor Gurov
02:09 AM pfSense Packages Bug #11131: pfblockerng-devel 3.0.0_2 logs when logging is disabled: I completely forgot about this bug report and now it is resolved. Sorry, please close (I don't think I can?). T Toft
01:08 AM pfSense Packages Bug #8607: Suricata package fails to prune suricata.log: Got this error again today with Suricata 5.0.4_2.... Car F
12:38 AM pfSense Docs Correction #11413 (Rejected): Feedback on Virtual LANs (VLANs) — pfSense VLAN Configuration: *Page:* https://docs.netgate.com/pfsense/en/latest/vlan/configuration.html
*Feedback:*
It should be noted that ... Viktor Gurov
12:14 AM Bug #11409: IPv4 MSS value is incorrectly applied to IPv6 packets: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/135 Viktor Gurov

02/12/2021

11:35 PM Feature #6626: Support for IPv6 firewall entries with dynamic delegated prefix and static host address: Allow to use host portion of IPv6 in firewall rules:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/134 Viktor Gurov
09:29 PM pfSense Packages Feature #11411: Smokeping as a default latency measurement tool: Sergei Shablovsky wrote:
> The main advantages:
> - very flexible system of a measurements (due a lot of probes htt... Sergei Shablovsky
05:12 PM pfSense Packages Feature #11411: Smokeping as a default latency measurement tool: Sergei Shablovsky wrote:
> Dear pfSense DevTeam!
>
> Please add Smokeping for monitoring WAN and LAN links state.... Sergei Shablovsky
04:43 PM pfSense Packages Feature #11411 (New): Smokeping as a default latency measurement tool: Dear pfSense DevTeam!
Please add Smokeping for monitoring WAN and LAN links state.
The main advantages:
- very... Sergei Shablovsky
08:12 PM Bug #11412 (New): LLDPD Package Doesn't Work with Switchports: When running the LLDP daemon from the lldpd package on an interface that is a logical VLAN interface (such as the swi... Kris Phillips
06:29 PM Revision 3f4949b6: Add input_errors to returned array: Steve Beaver
04:34 PM Revision c040bd1d: Revised system_advanced_notifications for MVC: Steve Beaver
03:53 PM pfSense Packages Feature #11410 (New): adding bpytop (former Bashtop): Dear pfSense DevTeam!
Adding bpytop (former Bashtop) for local monitoring of pfSense-based firewall state: hardwar... Sergei Shablovsky
03:26 PM Bug #8576 (Feedback): pfSense stops passing traffic after some time when using Outbound NAT pool w/ Sticky Address: There is not enough information to reasonably infer much. It's highly unlikely that all interfaces would stop passing... Marcos M
03:08 PM pfSense Docs Correction #11399: SG-3100 M.2 Installation Guide Reinstall Corrections: 1. I believe "run recovery" wipes emmc, so separate instructions here may not be needed.
2. It would be handy to hav... Marcos M
01:51 PM Revision 5e9b5483: Fix WireGuard add/next name behavior. Fixes #11407: * No need to set index when creating a new entry
* WireGuard interface name label was assuming array index=wg if name... Jim Pingle
01:50 PM Revision 11fd7da7: Fix WireGuard add/next name behavior. Fixes #11407: * No need to set index when creating a new entry
* WireGuard interface name label was assuming array index=wg if name... Jim Pingle
01:15 PM Bug #7313 (Closed): Crazy behviour of Virtual IP: Marcos M
12:42 PM Feature #11406 (Pull Request Review): GUI option to set MTU for L2TP VPN server: Jim Pingle
06:59 AM Feature #11406: GUI option to set MTU for L2TP VPN server: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/133 Viktor Gurov
06:33 AM Feature #11406 (Resolved): GUI option to set MTU for L2TP VPN server: Allow to set MTU on L2TP VPN server (useful for IPsec/L2TP configurations) Viktor Gurov
12:36 PM pfSense Packages Feature #11405 (Pull Request Review): add RPKI route map in GUI: Jim Pingle
02:16 AM pfSense Packages Feature #11405: add RPKI route map in GUI: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/50
see https://docs.frrouting.org/en/latest/bgp.... Viktor Gurov
01:54 AM pfSense Packages Feature #11405 (Resolved): add RPKI route map in GUI: Allow to select `match rpki` in the WebGUI:... Viktor Gurov
12:35 PM pfSense Packages Bug #11404 (Pull Request Review): Incorrect prefix/access lists migration on update: Jim Pingle
01:51 AM pfSense Packages Bug #11404: Incorrect prefix/access lists migration on update: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/49 Viktor Gurov
12:04 AM pfSense Packages Bug #11404 (New): Incorrect prefix/access lists migration on update: https://forum.netgate.com/topic/160694/frr-7-3-7-5-bgp-not-announcing-routes:
I notice it now has an IP type selec... Viktor Gurov
12:34 PM Bug #11403 (Pull Request Review): DNS Resolver does not add a ``local-zone`` type for ``ip6.arpa`` domain override: Jim Pingle
12:12 PM Bug #11409 (Closed): IPv4 MSS value is incorrectly applied to IPv6 packets: Follows from discussion at https://forum.netgate.com/topic/152935/ipv6-pppoe-mss-incorrect/.
When setting up MSS c... Michael Smith
10:53 AM Bug #9643: Limiters do not function properly on 2.5 snapshots: Yeah I can do that at a later date. I will keep it out of this report now. Chris Collins
10:47 AM Bug #9643: Limiters do not function properly on 2.5 snapshots: At this point I'd say open a new and more specific bug report for that once you have all the info collected and re-te... Jim Pingle
10:43 AM Bug #9643: Limiters do not function properly on 2.5 snapshots: It did work yes, the reason for the configuration is, the firewall is in front of a webserver, and I want people who ... Chris Collins
10:40 AM Bug #9643: Limiters do not function properly on 2.5 snapshots: Chris Collins wrote:
> It goes into a black hole on inbound WAN matching.
>
> If I keep the match rule but remove... Jim Pingle
10:25 AM Bug #9643: Limiters do not function properly on 2.5 snapshots: I only have it configured with ipv4. Chris Collins
10:04 AM Bug #9643: Limiters do not function properly on 2.5 snapshots: Chris Collins wrote:
> Ok to summarise.
>
> It works on outbound WAN matching (this was broken before the patch).... Jesse Beauclaire
03:11 AM Bug #9643: Limiters do not function properly on 2.5 snapshots: Ok to summarise.
It works on outbound WAN matching (this was broken before the patch).
It works on inbound and ou... Chris Collins
02:59 AM Bug #9643: Limiters do not function properly on 2.5 snapshots: I updated to the latest stable (new RC 2.5)
Sadly I still have the same problem, I am still checking stuff to make... Chris Collins
10:35 AM pfSense Packages Feature #11408 (Rejected): Store 'Device Key' in config.xml: This would be better served by #11118 Jim Pingle
10:07 AM pfSense Packages Feature #11408 (Rejected): Store 'Device Key' in config.xml: Storing the ACB device key in config.xml allows users to use the latest config.xml backup as a safe copy of the Devic... Viktor Gurov
08:00 AM Bug #11407 (Feedback): Removing a WireGuard tunnel in a middle position can break Add button behavior: Applied in changeset commit:11fd7da72502c991b1f1c0e886ea212235f4a505. Jim Pingle
07:40 AM Bug #11407 (Closed): Removing a WireGuard tunnel in a middle position can break Add button behavior: If there are three WireGuard tunnels (wg0, wg1, wg2) and the middle tunnel (wg1) is removed, the add button links to ... Jim Pingle
06:59 AM Bug #10734: PFsense don't use wrong proposals: Same issue here.
P1 settings:
AES, 256 bits, SHA1, DH group 2 (1024 bit)
AES, 256 bits, SHA256, DH group 2 (1024... Petr H
04:43 AM pfSense Packages Bug #11391 (Confirmed): Zeek crashes on 2.5.0: running `zeekctl deploy` fixes this issue Viktor Gurov
03:49 AM pfSense Packages Bug #11381 (Resolved): PHP error after clean Zeek install: Fixed Viktor Gurov
03:42 AM pfSense Packages Feature #10605 (Resolved): Add certificates from Trusted Store to Squid cert store: squid pkg 0.4.45_3 - fixed Viktor Gurov
03:35 AM Feature #11402: Xen console support: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/132 Viktor Gurov
02:17 AM Bug #11397 (Resolved): Incorrect html encoding in the description of the "Duplicate gateway" option: 2.5.0.r.20210211.1637 fixed Viktor Gurov
02:11 AM Bug #11364: php-fpm and netstat taking very high CPU: Turns out my issue was unrelated. My issue was https://redmine.pfsense.org/issues/11404
My instance was accepting... M Felden

02/11/2021

11:58 PM Bug #11403: DNS Resolver does not add a ``local-zone`` type for ``ip6.arpa`` domain override: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/131 Viktor Gurov
11:45 PM Bug #11403 (Resolved): DNS Resolver does not add a ``local-zone`` type for ``ip6.arpa`` domain override: If you configured domain override for the *.in-addr.arpa domain it correctly sets the zone type to `typetransparent`:... Viktor Gurov
11:47 PM pfSense Packages Bug #11373 (Resolved): FRR: BGP neighbor remote-as external doesn't work: Viktor Gurov
11:47 PM pfSense Packages Bug #11376 (Resolved): BGP MD5 keys are not removed on service stop: Viktor Gurov
11:37 PM Feature #11402 (Closed): Xen console support: To be able to use `xm console` to connect to the pfSense console,
the following line must be added to '/etc/ttys':
... Viktor Gurov
11:31 PM Bug #5999 (Resolved): IPv6 IP Alias prevents Track Interface from working with DHCPv6 and RA: my test:
DHCPv6 server with fc00:623:5::-fc00:623:50:: /52 PD
pfSense 2.5.0.r.20210211.1637 client with two IP ... Viktor Gurov
08:27 PM Revision 1bc20f0d: Handle case where copyright file is downloaded but has a size of zero: Steve Beaver
08:26 PM Revision c7e8d310: Handle case where copyright file is downloaded but has a size of zero: Steve Beaver
07:52 PM Bug #11364: php-fpm and netstat taking very high CPU: ps aux
USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND
root 88102 29.8 0.2 52392 ... yon Liu
07:44 PM Bug #11364: php-fpm and netstat taking very high CPU: vmstat 1 5
procs memory page disks faults cpu
r b w avm fre flt re ... yon Liu
11:17 AM Bug #11401 (Feedback): Upgrade broken due to need to reinstall pkg: Fixed by pfSense-upgrade 0.88 on 2.4.5 and 0.91 on 2.5.0/2.6.0 Renato Botelho
10:52 AM Bug #11401 (Resolved): Upgrade broken due to need to reinstall pkg: Sometimes, without any good reason, pkg doesn't download itself when running `pkg upgrade -F` but then, when final `p... Renato Botelho
10:45 AM Revision 3c97d1b7: Do not exclude unlisted package: Renato Botelho
10:44 AM Revision b0ac3491: Do not build unused packages: Renato Botelho
10:44 AM Revision 998c898f: Do not build unused packages: Renato Botelho
09:24 AM Bug #9643 (Closed): Limiters do not function properly on 2.5 snapshots: Luiz Souza
08:02 AM Bug #9643: Limiters do not function properly on 2.5 snapshots: Make a post on the forum and discuss it there, that's the best way to diagnose your issue. Jim Pingle
07:58 AM Bug #9643: Limiters do not function properly on 2.5 snapshots: Jim Pingle wrote:
> That doesn't appear to be related to this specific issue, it looks like a problem with your rule... Jesse Beauclaire
07:55 AM Bug #9643: Limiters do not function properly on 2.5 snapshots: That doesn't appear to be related to this specific issue, it looks like a problem with your rule / state of your system. Jim Pingle
07:53 AM Bug #9643: Limiters do not function properly on 2.5 snapshots: I'm not sure if this is related, my understanding of this is limited. After creating/enabling CODEL traffic limiters ... Jesse Beauclaire
07:05 AM Bug #9643: Limiters do not function properly on 2.5 snapshots: Looks good here as well. Not only can I pass traffic with limiters on, I am back to an A on the bufferbloat test than... Jim Pingle
05:38 AM Bug #9643 (Resolved): Limiters do not function properly on 2.5 snapshots: Renato Botelho
01:01 AM Bug #9643: Limiters do not function properly on 2.5 snapshots: I can confirm working too. Greg M
08:58 AM Bug #11393: Incorrect copyright year on 2.5.0-RC (CE): issue on https://ews.netgate.com/copyright... Viktor Gurov
08:26 AM Bug #3334: Status/Traffic Graph isn't IPv6 ready: Thank you for pointing that out. Now it shows IPv6 addresses. Great work. Pim Pish
07:44 AM Bug #3334: Status/Traffic Graph isn't IPv6 ready: It doesn't change to the new mode automatically. You have to change it from rate to iftop..
* *Status > Traffic Gr... Jim Pingle
02:07 AM Bug #3334: Status/Traffic Graph isn't IPv6 ready: I've upgraded to pfSense 2.5 RC but still there are no IPv6 addresses shown in the traffic graph for me. What am I do... Pim Pish
07:42 AM Bug #8136 (Resolved): dpinger for WAN DHCPv6 gets fails to update gateway IP: No more reports but it's not happening anymore on my home router, so I believe it's safe to say it's resolved. Renato Botelho
01:08 AM pfSense Packages Bug #11392: FRR - Advanced Routing Behavior - Network Import Check: Flag should be reversed: Ok I am up and running now and after some testing I can rephrase the issue more clearly.
- We have some changes be... M Felden

02/10/2021

10:50 PM pfSense Packages Bug #11373: FRR: BGP neighbor remote-as external doesn't work: Remote-as external/internal is reflected in configuration and Neighbor-ship is established
router bgp 61000
n... Alhusein Zawi
10:24 PM pfSense Packages Bug #11376: BGP MD5 keys are not removed on service stop: if FRR service stopped/disabled
"setkey -D" is not showing entries "No SAD entries"
if FRR is not stopped ... Alhusein Zawi
08:14 PM Bug #11364: php-fpm and netstat taking very high CPU: M Felden wrote:
> I just ran into the same thing on one out of 3 lab machines.
>
> Each one announces one /44 or ... yon Liu
08:08 PM Bug #11364: php-fpm and netstat taking very high CPU: i have no install vmware, I installed the pfsense 2.5 system on the hardware server. AMD CPU and DDR3 16G RAM.SSD DIS... yon Liu
07:38 PM Bug #11364: php-fpm and netstat taking very high CPU: I just ran into the same thing on one out of 3 lab machines.
Each one announces one /44 or /48, receives default r... M Felden
08:10 PM Revision 9c29259d: Revert copyright symbols: Steve Beaver
08:03 PM Revision c67c74dd: Revert copyright symbols: Steve Beaver
06:15 PM Revision cb0a23f2: Add option to set IPsec filtering mode. Implements #11395: User can choose between filtering enc (tunnel+VTI) or filtering on
assigned VTI interface tabs (VTI only, drops all t... Jim Pingle
05:17 PM Bug #9643: Limiters do not function properly on 2.5 snapshots: Luiz Souza wrote:
> All the fixes from 2.4.5 are now merged.
>
> Initial tests looks good.
I can confirm this ... Sish Kitane
08:28 AM Bug #9643 (Feedback): Limiters do not function properly on 2.5 snapshots: All the fixes from 2.4.5 are now merged.
Initial tests looks good. Luiz Souza
04:35 PM pfSense Docs Correction #11400: Feedback on pfSense Configuration Recipes — Virtualizing with Proxmox: That is not our site. The only official source of documentation is docs.netgate.com Jim Pingle
04:16 PM pfSense Docs Correction #11400: Feedback on pfSense Configuration Recipes — Virtualizing with Proxmox: Jim Pingle wrote:
> This was just recently changed in the last week or so. That the guide now advises to use *Host* ... Caleb Robinson
02:44 PM pfSense Docs Correction #11400 (Rejected): Feedback on pfSense Configuration Recipes — Virtualizing with Proxmox: Jim Pingle
02:44 PM pfSense Docs Correction #11400 (Not a Bug): Feedback on pfSense Configuration Recipes — Virtualizing with Proxmox: This was just recently changed in the last week or so. That the guide now advises to use *Host* as the CPU type, not ... Jim Pingle
02:41 PM pfSense Docs Correction #11400 (Rejected): Feedback on pfSense Configuration Recipes — Virtualizing with Proxmox: *Page:* https://docs.netgate.com/pfsense/en/latest/recipes/virtualize-proxmox.html
*Feedback:*
I moved my bare ... Caleb Robinson
03:28 PM Revision a57003ef: Fix Microsoft's idea of an apostropphe: Steve Beaver
03:27 PM Revision c512df2d: Fix Microsoft's idea of an apostropphe: Steve Beaver
02:51 PM Bug #11397 (Feedback): Incorrect html encoding in the description of the "Duplicate gateway" option: Fixed in all branches Anonymous
01:24 PM Bug #11397 (Resolved): Incorrect html encoding in the description of the "Duplicate gateway" option: vpn_ipsec_phase1.php page:
Enable this to allow multiple phase 1 configurations with the same endpoint. When enabled... Viktor Gurov
02:39 PM pfSense Docs Correction #11399 (Rejected): SG-3100 M.2 Installation Guide Reinstall Corrections: Guide located here:
https://docs.netgate.com/pfsense/en/latest/solutions/sg-3100/m-2-sata-installation.html
We sh... Kris Phillips
02:29 PM pfSense Packages Bug #11398: pfBlocker upgrade hangs forever: At work, but this has happened with every pfblocker upgrade since trialing pfSense 2.5 and then moving to pfblocker 3... andreas vesalius
02:06 PM pfSense Packages Bug #11398: pfBlocker upgrade hangs forever: andreas vesalius wrote:
> Also, the bigger issue as the pfblocker-devel package manager upgrade will complete, is th... Renato Botelho
02:03 PM pfSense Packages Bug #11398: pfBlocker upgrade hangs forever: Also, the bigger issue as the pfblocker-devel package manager upgrade will complete, is that unbound fails to restart... andreas vesalius
01:34 PM pfSense Packages Bug #11398 (Resolved): pfBlocker upgrade hangs forever: It was first reported at https://redmine.pfsense.org/issues/10610#note-11 but since it never happened again with any ... Renato Botelho
01:35 PM pfSense Packages Feature #11396 (Rejected): Add Zeek as an installable package: It is already a pfSense package on 2.5.0: pfSense-pkg-zeek-3.0.6_1 Jim Pingle
01:18 PM pfSense Packages Feature #11396 (Rejected): Add Zeek as an installable package: Base install:
Supported in FreeBSD (https://www.freshports.org/security/zeek) so installation and updates should be ... Charles Johnston
12:58 PM Revision b6ed7d8b: Increment requested copyright version: Steve Beaver
12:58 PM Revision d7769375: Increment requested copyright version: Steve Beaver
12:25 PM Feature #11395 (Feedback): Option to switch IPsec filtering modes to choose between ``enc`` and ``if_ipsec`` filtering: Applied in changeset commit:cb0a23f29237d86fbc40259882bba2b5b9d419f5. Jim Pingle
12:14 PM Feature #11395 (Closed): Option to switch IPsec filtering modes to choose between ``enc`` and ``if_ipsec`` filtering: Due to the limitations mentioned in #8686 FreeBSD can filter IPsec in one of two ways:
* Filter on enc0 for all IP... Jim Pingle
12:15 PM Bug #8686: IPsec VTI: Assigned interface firewall rules are never parsed: I'm moving the option I mentioned above to a separate issue: #11395
This can remain open for the longer term quest... Jim Pingle
09:34 AM Bug #11394 (Not a Bug): Diagnostics - Tables page does not show last update date: It is working properly, most tables don't have data showing when they were last updated. That is primarily useful for... Jim Pingle
09:24 AM Bug #11394 (Not a Bug): Diagnostics - Tables page does not show last update date: the alias table page shows unknown in the field where the last alias update should display. Victor França Machado de Araújo
08:54 AM pfSense Packages Bug #11388 (Feedback): Captive Portal authentication error with MySQL backend: merged Renato Botelho
07:58 AM pfSense Packages Bug #11366: Arpwatch Cron Notification every 15 minutes: Adam French wrote:
> Abdul Khaliq wrote:
> > Viktor Gurov wrote:
> > > You need to check "Disable Cron emails" opt... Abdul Khaliq
07:54 AM pfSense Packages Bug #11366: Arpwatch Cron Notification every 15 minutes: Abdul Khaliq wrote:
> Viktor Gurov wrote:
> > You need to check "Disable Cron emails" option
> > see #10771
>
>... Adam French
07:30 AM Bug #11393 (Resolved): Incorrect copyright year on 2.5.0-RC (CE): pfSense 2.5.0.r.20210210.0300:
Copyright © *2004-2020*. Electric Sheep Fencing LLC ("ESF"). All Rights Reserved.
... Viktor Gurov
04:46 AM pfSense Packages Bug #11392 (Closed): FRR - Advanced Routing Behavior - Network Import Check: Flag should be reversed: In Services -> FRR -> BGP -> Advanced -> Advanced Routing Behavior
There is a "Network Import Check" that is not ... M Felden
02:17 AM Bug #11383: pfSense Proxy Authentication not working: Hi
the problem exists since my oldest existing installation (here) FW:2.4.4p1. It was tested OK in Mid 2018 on 2.4.2... Michael Samer
01:52 AM Revision e5b9b569: Revise copyright modal to accommodate larger content: Steve Beaver
01:52 AM Revision c121648c: Revise copyright modal to accommodate larger content: Steve Beaver

02/09/2021

08:27 PM Revision 94bd74a8: Add pfSense 2.5.0 repositories: Renato Botelho
08:22 PM Revision 00c9d739: Use new URLs for pkg repo: Renato Botelho
08:22 PM Revision 976b6ecf: Use new URLs for pkg repo: Renato Botelho
06:53 PM Revision 098bf8e9: Use Netgate domain for bogons. Issue NG 5446: (cherry picked from commit 4a30c608aacdcb8a467e97d9ccda514e412731bf) Jim Pingle
06:53 PM Revision 4a30c608: Use Netgate domain for bogons. Issue NG 5446: Jim Pingle
05:01 PM Revision 67947a5f: Detect Plus by product label: Renato Botelho
05:01 PM Revision 5e3df7f4: Detect Plus by product label: Renato Botelho
04:54 PM Revision 98528dce: Rename Factory -> Plus: Renato Botelho
04:54 PM Revision 99809731: Rename Factory -> Plus: Renato Botelho
04:15 PM Revision c33ebcbc: This file moved, remove old copy. Fixes #11389: (cherry picked from commit 860391bfcb5d273daef32780003014cfdd557a6d) Jim Pingle
04:15 PM Revision 860391bf: This file moved, remove old copy. Fixes #11389: Jim Pingle
03:13 PM pfSense Packages Bug #11391 (Resolved): Zeek crashes on 2.5.0: Trying to use zeek on 2.5.0 RC and I get a crash email and the service will not start. Also, chose 'sudo' category a... Zachary McGibbon
01:31 PM Bug #11372 (Closed): I can delete nested alias even if it is in use: This is working fine. On current code I can't delete an alias which is nested in another in-use alias. Jim Pingle
12:53 PM Todo #10704 (Resolved): Work around PHP issues with SSL LDAP and multiple authentication servers: Renato Botelho
12:51 PM Todo #10704: Work around PHP issues with SSL LDAP and multiple authentication servers: Marking it as resolved since nobody answered in 3 months Renato Botelho
12:52 PM Bug #9796 (Resolved): kernel panic after removing interfaces: Not reproducible recently. If it happens again we can re-visit Renato Botelho
12:51 PM Todo #9417 (Resolved): Convert LDAP TLS setup from environment to LDAP_OPT_X_TLS_* set options: Marking it as resolved since nobody answered in 3 months Renato Botelho
12:39 PM Bug #11256 (Rejected): Cannot add alias with multiple URLs: It works on 2.5.0 Renato Botelho
12:18 PM Feature #11354 (Resolved): WireGuard should respond from the address used by peer: It's working as expected Renato Botelho
12:17 PM Feature #7727 (In Progress): uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: There is clearly more to be done here. Move to 2.5next Renato Botelho
10:38 AM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: > I can confirm that this is still a problem in 2.5.0.a.20210129.1122.
> I upgraded a school system today from 2.... Polar Nerd
09:05 AM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: YP Lo wrote:
> I think other than adding the static NAT port entry (which is only for the single port requested by t... Jim Pingle
08:34 AM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: YP Lo wrote:
> Is it possible to have miniuPnP add the port-forwarding entry without NAT?
Can you explain in more... Marc 05
08:23 AM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: I think other than adding the static NAT port entry (which is only for the single port requested by the console for e... YP Lo
12:14 PM Bug #11387 (Pull Request Review): Interfaces page displays MAC Address field for interfaces which do not support L2: Renato Botelho
01:11 AM Bug #11387: Interfaces page displays MAC Address field for interfaces which do not support L2: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/128 Viktor Gurov
12:55 AM Bug #11387 (Resolved): Interfaces page displays MAC Address field for interfaces which do not support L2: Only hardware interfaces and OpenVPN TAP have a MAC address
There is no needs to show the 'MAC address' field for ps... Viktor Gurov
12:14 PM Feature #11390 (Pull Request Review): Copy button for Authentication Server entries: Renato Botelho
11:21 AM Feature #11390: Copy button for Authentication Server entries: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/130 Viktor Gurov
09:01 AM Feature #11390: Copy button for Authentication Server entries: see also #6908 #8952 Viktor Gurov
09:00 AM Feature #11390 (Resolved): Copy button for Authentication Server entries: It would be helpful to have a copy button for quick creating of the Master/Backup RADIUS/LDAP servers configuration. Viktor Gurov
12:08 PM Bug #11383: pfSense Proxy Authentication not working: See also: #9029 Jim Pingle
12:07 PM Bug #11383: pfSense Proxy Authentication not working: Not a regression, move to next release. Renato Botelho
11:15 AM Bug #11383: pfSense Proxy Authentication not working: The values in the config.xml file appear to be correctly recorded:... Anonymous
11:00 AM Bug #11383 (In Progress): pfSense Proxy Authentication not working: Anonymous
12:03 PM Bug #11365: dhcpv6 cannot push ipv6 gateway address: too late for 2.5.0 Renato Botelho
11:07 AM Bug #11389 (Resolved): Mixed-case or Uppercase Alias names will not resolve when nested within another Alias: Jim Pingle
10:58 AM Bug #11389: Mixed-case or Uppercase Alias names will not resolve when nested within another Alias: Confirmed working now with the old file deleted in my 2.5 VM. This issue can be marked resolved. Bill Meeks
10:25 AM Bug #11389: Mixed-case or Uppercase Alias names will not resolve when nested within another Alias: Applied in changeset commit:860391bfcb5d273daef32780003014cfdd557a6d. Jim Pingle
10:21 AM Bug #11389: Mixed-case or Uppercase Alias names will not resolve when nested within another Alias: Thanks! Good catch. I was pulling my hair out, because I could see what "should" be bypassing the problem but it wasn... Bill Meeks
10:16 AM Bug #11389 (Feedback): Mixed-case or Uppercase Alias names will not resolve when nested within another Alias: Changed my mind, I added an entry to remove the old file. It's a simple change and may prevent others from having the... Jim Pingle
10:13 AM Bug #11389 (Not a Bug): Mixed-case or Uppercase Alias names will not resolve when nested within another Alias: OK I figured out what caused this. It's not a problem in current code, but somewhere along the way snapshots had alia... Jim Pingle
09:40 AM Bug #11389: Mixed-case or Uppercase Alias names will not resolve when nested within another Alias: Still failed for me with that patch applied. Ends up with lowercase contents every time I try it. Jim Pingle
09:39 AM Bug #11389: Mixed-case or Uppercase Alias names will not resolve when nested within another Alias: I am unable to pull down the changes from that private repo, so can't test. Will depend on Jim to test from his end.
... Bill Meeks
09:31 AM Bug #11389: Mixed-case or Uppercase Alias names will not resolve when nested within another Alias: extra checks:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/129 Viktor Gurov
09:28 AM Bug #11389: Mixed-case or Uppercase Alias names will not resolve when nested within another Alias: I am also wondering if it is some kind of "race" thing perhaps???
I see a check in the new code that tests each va... Bill Meeks
09:24 AM Bug #11389: Mixed-case or Uppercase Alias names will not resolve when nested within another Alias: Might be something in your running state, but it happens consistently every time for me here. I don't have any of the... Jim Pingle
09:16 AM Bug #11389: Mixed-case or Uppercase Alias names will not resolve when nested within another Alias: hm, my test configuration:... Viktor Gurov
09:14 AM Bug #11389: Mixed-case or Uppercase Alias names will not resolve when nested within another Alias: If #10968 fixed it then something else broke it again. I can reproduce it easily here.... Jim Pingle
09:08 AM Bug #11389 (New): Mixed-case or Uppercase Alias names will not resolve when nested within another Alias: Jim Pingle
09:01 AM Bug #11389: Mixed-case or Uppercase Alias names will not resolve when nested within another Alias: Viktor: this is the version I am testing on --
2.5.0-DEVELOPMENT (amd64)
built on Thu Feb 04 22:53:51 CST 2021
... Bill Meeks
08:53 AM Bug #11389 (Feedback): Mixed-case or Uppercase Alias names will not resolve when nested within another Alias: unable to reproduce on 2.5.0.a.20210204.2250
fixed in #10968 Viktor Gurov
07:54 AM Bug #11389: Mixed-case or Uppercase Alias names will not resolve when nested within another Alias: I failed to note that mixed-case alias names will correctly resolve when nested in pfSense-2.4.5, so this appears lim... Bill Meeks
07:43 AM Bug #11389 (Resolved): Mixed-case or Uppercase Alias names will not resolve when nested within another Alias: The inclusion of calls to the PHP function idn_to_utf8() and idn_to_ascii() in pfSense-2.5 appear to have inadvertent... Bill Meeks
10:28 AM pfSense Packages Bug #11375: UPS Type <BLANK> for USB APC: For clarity can the labels be changed slightly? As I wrote in the forum the column labels look like "UPSTYPEDEVICE" ... Steve Y
10:19 AM Bug #11378: Unknown OID error on ZFS install: Works here as well now. Install completed with ZFS and the resulting system has the correct filesystem type/layout. Jim Pingle
12:58 AM Bug #11378 (Resolved): Unknown OID error on ZFS install: works as expected on 21.02-RC-amd64-20210208-1744 Viktor Gurov
05:16 AM Bug #10966 (Resolved): IPv6 - WAN does not renew address when upstream fails: Thanks for letting us know Renato Botelho
05:05 AM pfSense Packages Feature #11386: Add WireGuard tunneled networks to vpnaddresses list: https://github.com/pfsense/FreeBSD-ports/pull/1038 Viktor Gurov
12:29 AM pfSense Packages Feature #11386 (Resolved): Add WireGuard tunneled networks to vpnaddresses list: Currently it adds (#8688):
- IPsec Mobile IPv4 subnet
- IPsec site-to-site networks
- OpenVPN client/server Tunnel... Viktor Gurov
04:49 AM pfSense Packages Feature #11385: Add WireGuard tunneled networks to vpnaddresses list: https://github.com/pfsense/FreeBSD-ports/pull/1037 Viktor Gurov
12:27 AM pfSense Packages Feature #11385 (Resolved): Add WireGuard tunneled networks to vpnaddresses list: Currently it adds (#10700):
- IPsec Mobile IPv4 subnet
- IPsec site-to-site networks
- OpenVPN client/server Tunne... Viktor Gurov
04:23 AM pfSense Packages Bug #11388: Captive Portal authentication error with MySQL backend: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/48 Viktor Gurov
04:13 AM pfSense Packages Bug #11388 (Feedback): Captive Portal authentication error with MySQL backend: https://forum.netgate.com/topic/160549/captive-portal-error:
has anyone encountered this particular issue with Freer... Viktor Gurov
02:43 AM Bug #11184: PF: State policy cannot be configurable: Hello,
Do you have any news about this patch?
Thank you
Yannis Planus

02/08/2021

07:04 PM Revision 83081d3a: Revert "Refactor system_advanced_misc for MVC": This reverts commit c33b0ab6c2fcd4c9786d1b5e7903c01fa1fafa7d. Steve Beaver
07:03 PM Revision b29e6e1b: Revert "Refactor system_advanced_misc for MVC": This reverts commit c33b0ab6c2fcd4c9786d1b5e7903c01fa1fafa7d. Steve Beaver
06:07 PM Revision 5898a649: Refactor system_advanced_misc for MVC: Steve Beaver
06:07 PM Revision c33b0ab6: Refactor system_advanced_misc for MVC: Steve Beaver
06:01 PM Revision 66933ee4: Typo: Steve Beaver
06:00 PM Revision 1965b431: Typo: Steve Beaver
05:54 PM Revision d1216ae0: Add registered trdemark symbol where appropriate: Steve Beaver
05:53 PM Revision b34b2151: Add registered trdemark symbol where appropriate: Steve Beaver
05:52 PM Bug #10966: IPv6 - WAN does not renew address when upstream fails: Apart from the initial failure to get an address on the WAN interface, i've not lost DHCPv6 on the WAN interface in 5... John Griffin
03:39 PM Bug #11384 (Rejected): cannot load "/etc/bogonsv6": Invalid argument: This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
03:37 PM Bug #11384 (Rejected): cannot load "/etc/bogonsv6": Invalid argument: I use latest stable version and get constantly the following Notice.
There were error(s) loading the rules: /tmp/r... jan peter
02:40 PM pfSense Docs Correction #11244 (Resolved): Feedback on Packages — Nut package: I added a link to the forum thread on the docs page. Having a link to the forum thread for assistance is good.
The... Jim Pingle
01:23 PM Revision d6b55b5f: Nested alias checking fix. Issue #11372: Viktor Gurov
01:22 PM Revision 65371889: Nested alias checking fix. Issue #11372: Viktor Gurov
01:22 PM Revision 4f630b14: Return correct Track IPv6 address if >1 VIP on interface. Issue #5999: Viktor Gurov
12:17 PM pfSense Packages Feature #8547: fwknop Port Knocking Package: Kurt Yoder wrote:
> > Because security bugs are frequently discovered in all sorts of software, *including security... David Yon
11:23 AM Revision 7409f072: Fix branch name: devel -> master: Renato Botelho
09:11 AM Bug #11378 (Feedback): Unknown OID error on ZFS install: It was removing CDDL from installer. I've pushed a fix. Renato Botelho
07:49 AM Bug #11378: Unknown OID error on ZFS install: Confirmed here as well. After selecting the disk for ZFS and opting to continue, it stops with that error and won't p... Jim Pingle
05:18 AM Bug #11378: Unknown OID error on ZFS install: I experience the same phenomenon when I try to install 2.5.0 Snapshot on TrueNAS with ZFS as target filesystem. When ... Pim Pish
09:06 AM Bug #9643: Limiters do not function properly on 2.5 snapshots: Hi. I am also able to reproduce this. It works fine on 2.4.5, but on 2.5.0, the minute the floating rule is enable, I... Kevin S
03:26 AM Bug #9643: Limiters do not function properly on 2.5 snapshots: I'm able to reproduce this. As mentioned in earlier comments, the issue only shows when the inbound queue is enabled.... Peter Grehan
07:42 AM Bug #11383: pfSense Proxy Authentication not working: Confirmed here as well, if I set a system to use a proxy that requires auth, it can't communicate with the package se... Jim Pingle
07:19 AM Bug #11383 (Closed): pfSense Proxy Authentication not working: Proxy Username/Password on the system_advanced_misc.php is being ignored
You can see them in `env`:... Viktor Gurov
07:33 AM pfSense Packages Bug #11373 (Feedback): FRR: BGP neighbor remote-as external doesn't work: Merged Renato Botelho
07:17 AM pfSense Packages Bug #11373 (Pull Request Review): FRR: BGP neighbor remote-as external doesn't work: Jim Pingle
07:33 AM pfSense Packages Bug #11376 (Feedback): BGP MD5 keys are not removed on service stop: Merged Renato Botelho
07:19 AM pfSense Packages Bug #11376 (Pull Request Review): BGP MD5 keys are not removed on service stop: Jim Pingle
07:29 AM pfSense Packages Feature #10605 (Feedback): Add certificates from Trusted Store to Squid cert store: Merged Renato Botelho
05:16 AM pfSense Packages Feature #10605: Add certificates from Trusted Store to Squid cert store: 2.4.5 fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/47 Viktor Gurov
04:06 AM pfSense Packages Feature #10605 (New): Add certificates from Trusted Store to Squid cert store: works fine on 2.5, but produces php error on 2.4.5 if 'Extra Trusted CA' != none:... Viktor Gurov
07:28 AM pfSense Packages Bug #11381 (Feedback): PHP error after clean Zeek install: Merged Renato Botelho
07:23 AM Bug #5999 (Feedback): IPv6 IP Alias prevents Track Interface from working with DHCPv6 and RA: Merged Renato Botelho
07:22 AM Bug #5999 (Pull Request Review): IPv6 IP Alias prevents Track Interface from working with DHCPv6 and RA: Jim Pingle
07:23 AM Bug #11372 (Feedback): I can delete nested alias even if it is in use: Merged Renato Botelho
07:18 AM Bug #11372 (Pull Request Review): I can delete nested alias even if it is in use: Jim Pingle
07:21 AM pfSense Packages Bug #11377 (Pull Request Review): FRR deinstall: Removing the leftover files is fine but I don't think this package needs the ability to reset/wipe the config. Too da... Jim Pingle
07:19 AM Feature #11380 (Pull Request Review): PHP shell playback script to modify Alias contents: Renato Botelho
07:19 AM Bug #11382 (Pull Request Review): OpenVPN client configuration page displays Shared Key option when set for SSL/TLS: Renato Botelho
02:19 AM Bug #11382: OpenVPN client configuration page displays Shared Key option when set for SSL/TLS: it also hides the `tlsauth_keydir` field for 'Shared Key" mode (see #11336):
https://gitlab.netgate.com/pfSense/pfSe... Viktor Gurov
02:02 AM Bug #11382 (Resolved): OpenVPN client configuration page displays Shared Key option when set for SSL/TLS: If you create an OpenVPN client instance in the 'Shared Key' mode and then switch it to "SSL/TLS" mode, the WebGUI st... Viktor Gurov
07:18 AM Feature #7077 (Pull Request Review): Display negotiated data encryption algorithm in OpenVPN connection status: Renato Botelho
04:49 AM Feature #7077 (New): Display negotiated data encryption algorithm in OpenVPN connection status: sample output:... Viktor Gurov
07:13 AM Feature #11374: WireGuard Status in GUI: I agree that it would be nice but the WireGuard utility @wg@ does not expose any of that information for us to use. T... Jim Pingle
05:57 AM Bug #6028 (Resolved): no firewall rules loaded after reboot with invalid ruleset: tested with patch on 2.5.0.a.20210204.2250
works as expected Viktor Gurov
12:51 AM pfSense Packages Feature #11295: DNSBL IDN support: https://github.com/pfsense/FreeBSD-ports/pull/1036 Viktor Gurov
12:32 AM Bug #11254 (Resolved): Some OpenVPN configuration files remain after deleting an instance: Viktor Gurov

02/07/2021

05:43 PM Bug #11254: Some OpenVPN configuration files remain after deleting an instance: In the February 4 image of 2.5, I can no longer get the PHP crash after deleting the server/client instance of OpenVP... Max Leighton
05:21 PM Feature #7077: Display negotiated data encryption algorithm in OpenVPN connection status: Now that OpenVPN 2.5.0 is released and will be included pfSense 2.5.0, can this feature request be reopened? Matthew Ray
03:30 PM Bug #11367 (Resolved): radvd.conf keeps old configuration: Tested on
2.5.0-DEVELOPMENT (amd64)
built on Thu Feb 04 22:53:51 CST 2021
FreeBSD 12.2-STABLE
With router ad... Max Leighton
12:41 PM Revision 89c7e448: Return correct Track IPv6 address if >1 VIP on interface. Issue #5999: Viktor Gurov
12:37 PM Bug #5999: IPv6 IP Alias prevents Track Interface from working with DHCPv6 and RA: Hey Viktor,
Thanks for the update. Given your feedback, I was able to download the latest snapshot and re-test thi... Allen Balaj
06:46 AM Bug #5999: IPv6 IP Alias prevents Track Interface from working with DHCPv6 and RA: Return correct Track IPv6 address if >1 VIP on interface:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_request... Viktor Gurov
01:23 AM Bug #5999: IPv6 IP Alias prevents Track Interface from working with DHCPv6 and RA: Allen Balaj wrote:
> I'm currently on 2.5.0.a.20201124.0050. My firewall is single LAN, single WAN, ~2 dozen VLANs, ... Viktor Gurov
10:44 AM pfSense Packages Bug #11381: PHP error after clean Zeek install: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/46 Viktor Gurov
09:48 AM pfSense Packages Bug #11381 (Resolved): PHP error after clean Zeek install: If you press save on the Zeek package configuration page without any options/checkboxes, PHP errors will occur:
<pre... Viktor Gurov
07:48 AM Feature #11380: PHP shell playback script to modify Alias contents: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/125 Viktor Gurov
05:38 AM Feature #11380 (Resolved): PHP shell playback script to modify Alias contents: It would be very helpful
/etc/phpshellsessions/aliasmod script with a syntax:
aliasmod <add/del> <Aliasname> <Entry... Viktor Gurov
05:40 AM pfSense Packages Bug #3085 (Resolved): squidguard: problems when importing a blacklist archive containing soft-links: works as expected, see https://forum.netgate.com/topic/160607/squidguard-ut1-blacklist-support Viktor Gurov
05:26 AM Feature #11379 (New): Template Roll Printer: It would be nice to add a 'Voucher Roll Print' page to print Captive Portal's vouchers using templates.
see https:... Viktor Gurov
04:00 AM pfSense Packages Bug #11334 (Resolved): FRR IPv4 OSPF passive-interface not working: 1.1.0_3, /var/etc/frr/frr.conf:... Viktor Gurov
03:52 AM Bug #11378 (Resolved): Unknown OID error on ZFS install: https://forum.netgate.com/topic/160599/2-5-0-development-unknown-oid:
This installation error has been seen in ... p... Viktor Gurov
03:28 AM pfSense Packages Feature #11199 (Resolved): Minor updates: pfBlockerNG-devel 3.0.0_9 - all OK Viktor Gurov
03:21 AM pfSense Packages Bug #11377: FRR deinstall: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/45 Viktor Gurov
03:03 AM pfSense Packages Bug #11377 (Pull Request Review): FRR deinstall: After uninstalling FRR all '<frr*>' entries are still in config.xml
`/var/etc/frr' also contains config files Viktor Gurov
03:00 AM pfSense Packages Bug #11376: BGP MD5 keys are not removed on service stop: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/44 Viktor Gurov
02:56 AM pfSense Packages Bug #11376 (Resolved): BGP MD5 keys are not removed on service stop: 'setkey -D' keeps showing key association when you stop/disable FRR service.
see also #11325 Viktor Gurov
01:53 AM pfSense Packages Bug #11375 (Closed): UPS Type <BLANK> for USB APC: there is no issue Viktor Gurov
01:32 AM pfSense Packages Bug #11375 (New): UPS Type <BLANK> for USB APC: https://forum.netgate.com/topic/158235/potential-bug-found-with-apcupsd-package-version-0-3-91_8-and-configuring-it-i... Viktor Gurov
01:00 AM Bug #11372: I can delete nested alias even if it is in use: I can reproduce it on 2.4.5/2.5
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/123 Viktor Gurov
12:08 AM pfSense Packages Bug #11373: FRR: BGP neighbor remote-as external doesn't work: fix:
2.5:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/42
2.4.5:
https://gitlab.netgate.... Viktor Gurov

02/06/2021

11:03 PM pfSense Packages Bug #11191 (Resolved): Installing and Removing pfBlockerNG Leaves Shell Scripts in webConfigurator Messages: Viktor Gurov
05:19 PM pfSense Packages Bug #11191: Installing and Removing pfBlockerNG Leaves Shell Scripts in webConfigurator Messages: Verified that this is no longer a problem. Unchecking the save settings checkbox and then removing the package prope... Kris Phillips
10:14 PM pfSense Packages Bug #11343: Invalid link to pfSense-pkg-bind changelog: Anthony Pants wrote:
> If you go to "Installed Packages" (/pkg_mgr_installed.php) or "Available Packages" (/pkg_mgr.... Michael Spears
10:39 AM Feature #11374 (Closed): WireGuard Status in GUI: A usability request:
WireGuard in 2.5.0devel is indeed very performant. I have been testing it in pfSense (as 'ser... Jum Pers
10:33 AM pfSense Packages Feature #10619 (Resolved): Various FRR enhancements: Tested on 21.02-DEVELOPMENT (built on Thu Feb 04 22:53:54 CST 2021)
I see all these enhancements enabled.
This ... Azamat Khakimyanov
10:15 AM pfSense Packages Bug #11373 (Resolved): FRR: BGP neighbor remote-as external doesn't work: if you put `external` in the web GUI as the remote-as the generated configuration doesn't include a `neighbor <ip-add... Joel Gallun
09:43 AM Bug #7313 (Feedback): Crazy behviour of Virtual IP: This was likely due to inconsistent interface and/or port names across the nodes. Setting to feedback for now, then c... Marcos M
09:35 AM Bug #11368 (Resolved): OpenVPN Remote Access (User Auth): Tested with
2.5.0-DEVELOPMENT (amd64)
built on Thu Feb 04 22:53:51 CST 2021
FreeBSD 12.2-STABLE
Remote Access... Max Leighton
04:07 AM pfSense Packages Feature #10202 (Resolved): redistribute bgp + route-map filtering in OSPF6: Tested on 21.02-DEVELOPMENT (built on Thu Feb 04 22:53:54 CST 2021)
There are redistribute bgp + route-map filteri... Azamat Khakimyanov

02/05/2021

04:49 PM Bug #11372: I can delete nested alias even if it is in use: Alexey Muzychenko wrote:
> If I define an alias, use it in any firewall rule directly and try to delete the alias - ... Michael Spears
01:55 AM Bug #11372 (Closed): I can delete nested alias even if it is in use: If I define an alias, use it in any firewall rule directly and try to delete the alias - I get an error "Cannot delet... Alexey Muzychenko
03:15 PM pfSense Docs New Content #11150 (Feedback): vpn_ipsec_export_win.php missing from help.php: Documentation is now in place:
https://docs.netgate.com/pfsense/en/latest/packages/ipsec-export.html Jim Pingle
01:52 PM pfSense Docs New Content #11150: vpn_ipsec_export_win.php missing from help.php: I added vpn_ipsec_export_win.php and vpn_ipsec_profile.php to help.php, the documentation is still a work in progress. Jim Pingle
01:58 PM Revision fa0dc0f0: Respect REPO_BRANCH_PREFIX on FREEBSD_BRANCH: Renato Botelho
01:57 PM Revision be3503ca: Respect REPO_BRANCH_PREFIX on FREEBSD_BRANCH: Renato Botelho
01:07 PM Revision ed5564a3: Fix branch name: Renato Botelho
11:39 AM Revision 3537f4a8: Welcome 2.5.0-RC: Renato Botelho
11:31 AM Revision 87b93bb8: It's time to move to 2.6.0-DEVELOPMENT: Renato Botelho
09:57 AM Feature #11354 (Feedback): WireGuard should respond from the address used by peer: Latest snapshot has the changes from the patch above, and the responses are sent back from the address used to contac... Jim Pingle
09:38 AM Bug #6028: no firewall rules loaded after reboot with invalid ruleset: Chris Linstruth wrote:
> Manually created an invalid configuration by modifying config.xml to make an HFSC queue tha... Renato Botelho
09:25 AM Bug #6028: no firewall rules loaded after reboot with invalid ruleset: Chris Linstruth wrote:
> Manually created an invalid configuration by modifying config.xml to make an HFSC queue tha... Renato Botelho
09:12 AM Bug #6028: no firewall rules loaded after reboot with invalid ruleset: Manually created an invalid configuration by modifying config.xml to make an HFSC queue that cannot load because the ... Chris Linstruth
09:23 AM pfSense Packages Bug #11271 (Resolved): Setting default-originate in FRR/BGP Silently Appends a route-map: Renato Botelho
08:03 AM pfSense Packages Bug #11271: Setting default-originate in FRR/BGP Silently Appends a route-map: This works as expected for one route map spanning both families. Much better. Thank you. Chris Linstruth
08:31 AM pfSense Packages Bug #11346 (Resolved): Raw-Config not working: Jim Pingle
08:31 AM Bug #11371 (Rejected): package install failed pfSense: 2.4.5_1: This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
08:29 AM pfSense Packages Bug #6818: WAN traffic graph displays inverted bandwidth columns: I was checking traffic today, in a situation of heavy file upload to the internet, and i'm seeing that everything is ... Fernando Rapetti
07:37 AM pfSense Docs Correction #11170 (Resolved): Feedback on Routing — Static Routes: Thank you very much. Resolving. Chris Linstruth
04:54 AM pfSense Packages Feature #11155: SafeSearch AAAA: Renato Botelho wrote:
> PR has been merged. Thanks!
PR 1035 containing this change has been merged. Thanks! Renato Botelho
04:52 AM pfSense Packages Feature #11155 (Feedback): SafeSearch AAAA: PR has been merged. Thanks! Renato Botelho
04:53 AM pfSense Packages Feature #11022 (Feedback): Add feeds from Firebog.net to pfBlockerNG: PR 1035 containing this change has been merged. Thanks! Renato Botelho
04:48 AM pfSense Packages Feature #11201 (Feedback): Show iTLD Allow IDN domains: PR has been merged. Thanks! Renato Botelho
04:46 AM pfSense Packages Feature #11199 (Feedback): Minor updates: PR has been merged. Thanks! Renato Botelho
04:44 AM pfSense Packages Bug #11191 (Feedback): Installing and Removing pfBlockerNG Leaves Shell Scripts in webConfigurator Messages: PR has been merged. Thanks! Renato Botelho

02/04/2021

11:03 PM pfSense Packages Bug #11345: FRR-OSPF - No "prefix-list" possible: * prefix can be chosen from Route Filtering in OSPF area.
* Configuration is reflected in config. file.
!
rou... Alhusein Zawi
10:18 PM Bug #11371 (Rejected): package install failed pfSense: 2.4.5_1: I setup PFsence with a basic setup back in November and finally got around to moving my network over to it. I just tr... Brian Nerny
09:29 PM pfSense Packages Bug #11346: Raw-Config not working: Issue is fixed
* updated the running config (or created new configuration)
* changed the configuration.
* pre... Alhusein Zawi
06:54 PM Feature #11354: WireGuard should respond from the address used by peer: I only tried with reboot failover which simplifies the problem: there are no races where packets can be queued awaiti... Peter Grehan
08:49 AM Feature #11354: WireGuard should respond from the address used by peer: Done Renato Botelho
08:46 AM Feature #11354: WireGuard should respond from the address used by peer: I'm going to merge this patch before next snapshot
Renato Botelho
08:05 AM Feature #11354 (New): WireGuard should respond from the address used by peer: It's definitely better with that if_wg.ko. When the peer sends packets, it replies from the correct address.
Testi... Jim Pingle
06:07 AM Feature #11354 (Feedback): WireGuard should respond from the address used by peer: I believe this is now fixed. The destination address of ingress wg packets wasn't being saved. This is now being done... Peter Grehan
06:13 PM Revision 21c2bb34: Remove what I suspect is a debug leftover: Renato Botelho
03:12 PM Revision 93830bec: OpenVPN rmdir fix. Issue #11254: Viktor Gurov
03:07 PM Revision 91cd1741: Check RA service on interface IPv6 type change. Fixes #11367: Viktor Gurov
01:17 PM Bug #8686: IPsec VTI: Assigned interface firewall rules are never parsed: I made patch (attached) that adds a GUI option to toggle between the two behaviors: Filtering on enc0 (tunnel+vti), a... Jim Pingle
12:18 PM pfSense Packages Bug #11135: HAproxy OCSP reponse crontab bug: Do not set target version on package tickets Renato Botelho
12:18 PM Bug #11370 (Closed): firewall_aliases_edit.php is limited in the number of input entries it can save to an alias: This is likely related to #10937
When creating a new alias of type "host", the number of entries that get saved is... Marcos M
12:17 PM Bug #11159 (Resolved): Allow wildcard dns record of type A in the DynDNS client for DNS provider Gandi: Renato Botelho
12:15 PM Bug #9796: kernel panic after removing interfaces: gauthier segond wrote:
> hello.
>
> I had the same problem on the 11/11/2020 build. i made a video and here are t... Renato Botelho
12:03 PM Bug #8136: dpinger for WAN DHCPv6 gets fails to update gateway IP: Danilo Zrenjanin wrote:
> Can you provide more details on how to replicate the issue? Is it related only to the PPPo... Renato Botelho
12:01 PM Feature #8786 (Resolved): Wireguard VPN: Import of wireguard is complete. Issues are being tracked on separate tickets Renato Botelho
12:00 PM Bug #11265 (Resolved): Remove log spam due to bootstrap map file: Renato Botelho
11:30 AM Revision 3673b6d0: Style fixes: Renato Botelho
11:06 AM Bug #11363: Clean Install 2.5.0 fails due to hardware incompability: Probably not much to do if it's specific to certain hardware like that except trying a BIOS update and changing boot ... Jim Pingle
11:03 AM Feature #10010 (Resolved): Update infoblock on the Dashboard to include a link to The pfSense Book, rather than the community maintained documentation: Yep, this was fixed quite a while ago. Jim Pingle
03:38 AM Feature #10010: Update infoblock on the Dashboard to include a link to The pfSense Book, rather than the community maintained documentation: The above links now point to the same location. GChuf 6
11:03 AM Revision 729a4540: OpenVPN User Auth fix. Issue #11368: Viktor Gurov
10:56 AM Bug #11361: ISO Installer not functioning on latest snapshots: Adding another data point, the latest snapshot installs as expected. Jim Pingle
06:27 AM Bug #11361: ISO Installer not functioning on latest snapshots: I can confirm. The latest release works fine. Thank you. Danilo Zrenjanin
05:43 AM Bug #11361 (Resolved): ISO Installer not functioning on latest snapshots: memstick is also working Renato Botelho
05:33 AM Bug #11361: ISO Installer not functioning on latest snapshots: yon Liu wrote:
> @jimp Do you get the same behavior with the memstick?
>
> yes. i am using memstick, it still can... Renato Botelho
10:44 AM Bug #11365: dhcpv6 cannot push ipv6 gateway address: I can't reproduce this here. radvd is running, clients on LAN get an IPv6 gateway and full connectivity. DHCPv6 serve... Jim Pingle
10:38 AM Bug #11365 (New): dhcpv6 cannot push ipv6 gateway address: not such issue on my other VM (on the same Proxmox host, same 2.5.0.a.20210203.1432)
seems like VM/Hypervisor specific Viktor Gurov
09:35 AM Bug #11365: dhcpv6 cannot push ipv6 gateway address: bug in pf2.5
2.5.0-DEVELOPMENT (amd64)
built on Wed Feb 03 14:36:18 CST 2021
FreeBSD 12.2-STABLE
!https://i.im... yon Liu
01:08 AM Bug #11365 (Confirmed): dhcpv6 cannot push ipv6 gateway address: no such issue on 2.4.5-p1,
radvd -d5 -m stderr -n -C /var/etc/radvd.conf
2.5.0.a.20210203.1432 output:... Viktor Gurov
10:16 AM Bug #11364 (Rejected): php-fpm and netstat taking very high CPU: There isn't nearly enough information here to qualify this as a bug. Keep the discussion on the forum for now. Jim Pingle
09:43 AM Feature #11369 (Resolved): add Enabling IPv6 Source Address Validation support: i have no find about this how do it Enabling IPv6 Source Address Validation support in pfsense system?
After t... yon Liu
09:15 AM Bug #11367: radvd.conf keeps old configuration: Applied in changeset commit:91cd17417d7cba3ab5dbe55f0ced02eaef78c45b. Viktor Gurov
09:08 AM Bug #11367 (Feedback): radvd.conf keeps old configuration: Merged Renato Botelho
05:24 AM Bug #11367 (Pull Request Review): radvd.conf keeps old configuration: Renato Botelho
02:04 AM Bug #11367: radvd.conf keeps old configuration: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/120 Viktor Gurov
01:35 AM Bug #11367 (Resolved): radvd.conf keeps old configuration: radvd.conf keeps the old configuration when you switch "IPv6 Configuration Type" to non-Static (DHCP6,SLAAC) IPv6 typ... Viktor Gurov
09:12 AM Bug #11254 (Feedback): Some OpenVPN configuration files remain after deleting an instance: Merged Renato Botelho
05:24 AM Bug #11254 (Pull Request Review): Some OpenVPN configuration files remain after deleting an instance: Renato Botelho
04:29 AM Bug #11254 (New): Some OpenVPN configuration files remain after deleting an instance: sometime for some reason it shows PHP error:... Viktor Gurov
09:11 AM Feature #7727 (Feedback): uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: Keith contacted me and said it will be tested during the weekend. Leave it in feedback state until hear about results Renato Botelho
05:53 AM Bug #10966 (In Progress): IPv6 - WAN does not renew address when upstream fails: Renato Botelho
05:42 AM Bug #10966: IPv6 - WAN does not renew address when upstream fails: But I do a manual release / renew and it picks up an address
Logs Attached showing the reboot releasing (?) the ... John Griffin
05:35 AM Bug #10966: IPv6 - WAN does not renew address when upstream fails: I updated this morning to the latest 2.5 release which had the dhcp6-20080615.2_4 client. I then rebooted this aftern... John Griffin
05:50 AM Bug #11272: OCSP settings only for TLS auth: this is incorrect, fixed in #11368
the only difference between "SSL/TLS + User Auth" and "User Auth" is the `verif... Viktor Gurov
05:47 AM Bug #11362 (Closed): Peer Certificate Options Missing when creating new Server in 2.5x in User/Auth Mode: fix in #11368 Viktor Gurov
03:13 AM Bug #11362 (Feedback): Peer Certificate Options Missing when creating new Server in 2.5x in User/Auth Mode: Tested on the latest release.
I could successfully apply the changes without error messages, but the OpenVPN serve... Danilo Zrenjanin
12:49 AM Bug #11362 (Resolved): Peer Certificate Options Missing when creating new Server in 2.5x in User/Auth Mode: 2.5.0.a.20210203.1432 fixed Viktor Gurov
05:26 AM pfSense Packages Bug #11366: Arpwatch Cron Notification every 15 minutes: Viktor Gurov wrote:
> You need to check "Disable Cron emails" option
> see #10771
Option is already checked, I'v... Abdul Khaliq
05:18 AM Bug #11368 (Feedback): OpenVPN Remote Access (User Auth): Renato Botelho
05:18 AM Bug #11368: OpenVPN Remote Access (User Auth): PR has been merged. Thanks! Renato Botelho
04:18 AM Bug #11368: OpenVPN Remote Access (User Auth): TLS parameters "dh, capath, cert, key" etc, is a mandatory for all modes except p2p_shared_key ('client')
revert #... Viktor Gurov
03:29 AM Bug #11368 (Resolved): OpenVPN Remote Access (User Auth): The OpenVPN service won't start if I choose _Remote Access (User Auth)_ server mode.
Status>OpenVPN:... Danilo Zrenjanin
05:15 AM Bug #11330 (Resolved): IGMP Proxy upgrade to latest version: Renato Botelho
12:29 AM pfSense Docs Correction #11161 (Resolved): Feedback on Virtual Private Networks — IPsec — Routed IPsec (VTI): looks good Viktor Gurov

02/03/2021

11:17 PM pfSense Packages Bug #11366 (Rejected): Arpwatch Cron Notification every 15 minutes: You need to check "Disable Cron emails" option
see #10771 Viktor Gurov
10:11 PM pfSense Packages Bug #11366 (Resolved): Arpwatch Cron Notification every 15 minutes: Every 15 mins or so I receive an email containing :
Subject Arpwatch Notification : Cron <root@firewall> /etc/rc.f... Abdul Khaliq
11:09 PM pfSense Docs Correction #11160 (Resolved): Feedback on Services — SNMP: looks good Viktor Gurov
01:23 PM pfSense Docs Correction #11160 (Feedback): Feedback on Services — SNMP: Link added. Jim Pingle
10:21 PM Bug #11330: IGMP Proxy upgrade to latest version: Confirmed, I see 0.3 now, thank you.
I still need to run watchdog to get the process restarted after initial bootu... Patrick Monfette
08:26 PM Revision 1feccc87: Convert fonts to woff2: GChuf 6
07:37 PM Bug #11364: php-fpm and netstat taking very high CPU: 2021/02/04 09:33:29 [error] 38147#100184: *3 upstream timed out (60: Operation timed out) while reading response head... yon Liu
07:13 PM Bug #11364 (Rejected): php-fpm and netstat taking very high CPU: I stopped the FRR service, but there are still processes taking very high CPU
[2.5.0-DEVELOPMENT][admin@face.x... yon Liu
07:35 PM Bug #11365: dhcpv6 cannot push ipv6 gateway address: /status_services.php: The command '/usr/local/sbin/radvd -p /var/run/radvd.pid -C /var/etc/radvd.conf -m syslog' retu... yon Liu
07:16 PM Bug #11365 (Not a Bug): dhcpv6 cannot push ipv6 gateway address: dhcpv6 cannot push ipv6 gateway addressto lan, stateless and assisted mode all can't normal work.
tested in window... yon Liu
07:08 PM Bug #11361: ISO Installer not functioning on latest snapshots: @jimp Do you get the same behavior with the memstick?
yes. i am using memstick, it still can't work.
only the v... yon Liu
12:15 PM Bug #11361: ISO Installer not functioning on latest snapshots: Danilo Zrenjanin wrote:
> Tested on the latest release (pfSense-CE-2.5.0-DEVELOPMENT-amd64-latest.iso)
>
> I stil... Renato Botelho
11:58 AM Bug #11361: ISO Installer not functioning on latest snapshots: Tested on the latest release (pfSense-CE-2.5.0-DEVELOPMENT-amd64-latest.iso)
I still can't pass the Copyright and ... Danilo Zrenjanin
11:14 AM Bug #11361 (Feedback): ISO Installer not functioning on latest snapshots: Fixed Renato Botelho
02:44 PM pfSense Docs Correction #11258 (Feedback): Feedback on Installing and Upgrading — Prepare Installation Media — Prepare a USB Memstick: I pushed a correction for that typo, thanks! Jim Pingle
10:45 AM pfSense Docs Correction #11258: Feedback on Installing and Upgrading — Prepare Installation Media — Prepare a USB Memstick: The suggested text is a minor change, I'll try to bold the word. Basically, change "must" to "much":
Current:
On... Anonymous
10:40 AM pfSense Docs Correction #11258: Feedback on Installing and Upgrading — Prepare Installation Media — Prepare a USB Memstick: I could be mistaken, but the current and suggested text look to be the same to me. Jared Dillard
02:32 PM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: I just updated net/miniupnpd to 2.2.1 so it would be nice to get it tested again after that Renato Botelho
02:02 PM pfSense Docs Correction #11241 (Resolved): Feedback on Backup and Recovery — Restoring from Backups: Looks good! Marcos M
01:38 PM pfSense Docs Correction #11241 (Feedback): Feedback on Backup and Recovery — Restoring from Backups: Additional warning now in place, will show up shortly when it rebuilds. Jim Pingle
10:52 AM pfSense Docs Correction #11241 (In Progress): Feedback on Backup and Recovery — Restoring from Backups: OK, the description did not mention upgrade code at all, or hint at it. I can add that as well. Jim Pingle
10:48 AM pfSense Docs Correction #11241: Feedback on Backup and Recovery — Restoring from Backups: My intent was to hint towards the potential issue of restoring a specific area (e.g. openvpn) and not having upgrade ... Marcos M
09:25 AM pfSense Docs Correction #11241 (Feedback): Feedback on Backup and Recovery — Restoring from Backups: Added warning: https://docs.netgate.com/pfsense/en/latest/backup/restore.html#restore-options Jim Pingle
01:25 PM pfSense Docs Correction #11239 (Rejected): Feedback on pfSense Configuration Recipes — Virtualizing pfSense with VMware vSphere / ESXi: It's standard practice to match the version of the guest OS, there isn't any reason why someone should pick FreeBSD 1... Jim Pingle
01:21 PM pfSense Docs Correction #11170 (Feedback): Feedback on Routing — Static Routes: Warning added. Jim Pingle
01:17 PM Bug #11363 (New): Clean Install 2.5.0 fails due to hardware incompability: System freezes soon after boot. Known problem without any known workarounds, like kern.vty=sc or changing bios UEFI/L... Niklas H
01:06 PM pfSense Docs Correction #9378 (Feedback): Feedback on Virtualization — Virtualizing pfSense with Proxmox: I updated the recipe a bit since a lot of it didn't match current versions of Proxmox, and added a stronger wording a... Jim Pingle
12:43 PM Revision bfde8f08: OpenVPN input validation fix. Issue #11362: Viktor Gurov
10:34 AM pfSense Docs Correction #9951 (Feedback): Feedback on VPN — OpenVPN — Configuring a Single Multi-Purpose OpenVPN Instance: Added bullet mentioning the topology setting. Jim Pingle
10:30 AM pfSense Docs Correction #11253 (Resolved): Feedback on Multiple WAN Connections — Load Balancing and Failover with Gateway Groups: Fixed Jim Pingle
10:30 AM pfSense Docs Correction #10562 (Resolved): Feedback on L2TP VPN — L2TP with IPsec: I added "Auto" to the recipe as an alternate setting, the other changes largely depend on the client being used. The ... Jim Pingle
10:26 AM pfSense Docs Correction #11245 (Resolved): Feedback on Virtual Private Networks — IPsec — IPsec Configuration: looks good Viktor Gurov
10:15 AM pfSense Docs Correction #11245 (Feedback): Feedback on Virtual Private Networks — IPsec — IPsec Configuration: Fixed. Jim Pingle
10:22 AM pfSense Docs Correction #11161 (Feedback): Feedback on Virtual Private Networks — IPsec — Routed IPsec (VTI): Link added Jim Pingle
10:05 AM pfSense Docs New Content #11238 (Feedback): LAGG (Link Aggregation): Note added: https://docs.netgate.com/pfsense/en/latest/interfaces/lagg.html#lagg-interface-configuration Jim Pingle
10:00 AM pfSense Docs Correction #11162: Feedback on Backup and Recovery — Making Backups in the GUI: Jim Pingle wrote:
> Unless I'm misreading the intent here, the first note (point 1) is irrelevant. It has never been... Viktor Gurov
09:36 AM pfSense Docs Correction #11162 (Feedback): Feedback on Backup and Recovery — Making Backups in the GUI: Added section on encrypted backups with the commands:
https://docs.netgate.com/pfsense/en/latest/backup/restore.ht... Jim Pingle
09:01 AM pfSense Docs Correction #11162: Feedback on Backup and Recovery — Making Backups in the GUI: Unless I'm misreading the intent here, the first note (point 1) is irrelevant. It has never been possible to restore ... Jim Pingle
09:34 AM pfSense Docs Correction #9057 (Resolved): [feedback form] Missing info on advanced networking page: I updated this page a couple months ago, it's there now:
https://docs.netgate.com/pfsense/en/latest/config/advance... Jim Pingle
08:10 AM Bug #10176 (Resolved): Multiple duplicate / overlapping phase 2 Child SAs on IPsec tunnels: Between the new default behaviors, the updated documentation/configuration guidance, and the new options on 2.5.0 (#1... Jim Pingle
08:07 AM Todo #11309 (Resolved): DNS Resolver automatic ACL entries need refinement: Tested on several different setups and they all appear to be as expected. Contents working and sorted properly. Jim Pingle
07:17 AM Bug #9058: Kernel panic during L2TP retransmit: It still happens in rare conditions and we didn't came up with a solution in time for 2.5.0 Renato Botelho
06:46 AM Bug #11362 (Feedback): Peer Certificate Options Missing when creating new Server in 2.5x in User/Auth Mode: PR has been merged. Thanks! Renato Botelho
01:15 AM Bug #11362: Peer Certificate Options Missing when creating new Server in 2.5x in User/Auth Mode: regression of #11272
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/119 Viktor Gurov
12:35 AM Bug #11362 (Closed): Peer Certificate Options Missing when creating new Server in 2.5x in User/Auth Mode: When creating a new OpenVPN Server in 2.5x, if you choose "User Auth" mode, you cannot save, as it insists that the S... John Griffin
06:05 AM Bug #8954 (Resolved): hn0: driver does not support altq: Renato Botelho
12:00 AM Bug #8954: hn0: driver does not support altq: Did upgrade and it works. Greg M
03:56 AM Bug #11360 (Resolved): captive portal custom logo error: 2.5.0.a.20210202.2250 fixed Viktor Gurov
02:36 AM Bug #11298 (Resolved): Gateway Group Offline Bug: roundrobin/failover, down/packet loss/high latency/packet loss or high latency - all works as expected
2.5.0.a.202... Viktor Gurov
12:16 AM Bug #9998 (Resolved): DHCP6c and Unbound DNS Server Boot-Up Configuration Failure: 2.5.0.a.20210201.2350
works as expected Viktor Gurov
12:04 AM Bug #11336 (Resolved): Hide TLS keydir for p2p openvpn mode: 2.5.0.a.20210201.2350 fixed Viktor Gurov
12:02 AM Bug #9324 (Resolved): IPv6 on top of a PPPOE ipv4 interface assigns parent interface to default route, not pppoe interface: 2.5.0.a.20210201.2350 fixed Viktor Gurov

02/02/2021

11:55 PM Bug #11224 (Resolved): dhcpd.conf creation - zone declarations: /var/dhcpd/etc/dhcpd.conf:... Viktor Gurov
11:53 PM Bug #11348 (Resolved): Sanitize PKCS#11 PIN from swanctl.conf: 2.5.0.a.20210201.2350
works as expected Viktor Gurov
06:23 PM Revision 2521eced: Fixed #11328 by fixing jQuery and error when 'protocol' is undefined: Steve Beaver
06:13 PM Feature #8786: Wireguard VPN: Renato Botelho wrote:
> Project was hosted on an internal server but is now replicated to github at https://github.c... Ronald Schellberg
11:47 AM Feature #8786: Wireguard VPN: Ronald Schellberg wrote:
> Renato Botelho wrote:
> > Initial kernel version wireguard support is now in place
>
... Renato Botelho
06:13 PM Feature #11354: WireGuard should respond from the address used by peer: Actually: the code is already doing this - it may not be saving the incoming source addr in all situations. Will chec... Peter Grehan
06:02 PM Feature #11354: WireGuard should respond from the address used by peer: I've had a look at this: it may not be too bad.
The source address for the peer is already recorded to be used in ... Peter Grehan
02:05 PM Bug #11361: ISO Installer not functioning on latest snapshots: Manuel Piovan wrote:
> i can barely see, when i press enter,
>
> /etc/rc.local: bsdinstall: not found
>
> late... Michael Spears
01:18 PM Bug #11361: ISO Installer not functioning on latest snapshots: i can barely see, when i press enter,
/etc/rc.local: bsdinstall: not found
latest iso is only 175MB
Manuel Piovan
12:25 PM Bug #11361 (Resolved): ISO Installer not functioning on latest snapshots: The installer ISO is not functioning on the latest 2.5.0 snapshots. More information in the forum thread at https://f... Jim Pingle
01:48 PM Revision 2d51537f: Captive Portal custom logo fix. Issue #11360: Viktor Gurov
01:32 PM Bug #8686: IPsec VTI: Assigned interface firewall rules are never parsed: In addition to the above, the BPF mask also needs changed.
The complete set of required sysctl values are:
<pre... Jim Pingle
12:46 PM Bug #11328 (Resolved): OpenVPN Ciphers will not stick in 2.5: Works OK now in Chrome and FireFox. No JS errors on the list page or edit page. Jim Pingle
12:30 PM Bug #11328: OpenVPN Ciphers will not stick in 2.5: Applied in changeset commit:2521eced153b0c96bf6375787c607377e89639ed. Anonymous
12:27 PM Bug #11328 (Feedback): OpenVPN Ciphers will not stick in 2.5: Anonymous
09:09 AM Bug #11328 (In Progress): OpenVPN Ciphers will not stick in 2.5: Anonymous
08:52 AM Bug #11328 (New): OpenVPN Ciphers will not stick in 2.5: OK, I can reproduce it that way, but only in Chrome. Watching the network panel as it makes the POST, for whatever re... Jim Pingle
11:18 AM Feature #7727 (New): uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: Renato Botelho
11:16 AM Bug #11208 (Resolved): pkg_edit uses incorrect description for pkg_edit buttons: Renato Botelho
11:16 AM Bug #9592 (Resolved): VTI interface down because interface number created is greater than ipsec32768: Renato Botelho
11:15 AM Todo #11219 (Resolved): Improve IPsec GUI options for P1/P2 reauth/rekey: Renato Botelho
11:13 AM Bug #9242 (Resolved): MBT-4220/2220 not recognized by pfsense correctly after UEFI upgraded to 1.00: Renato Botelho
11:12 AM Bug #11314 (Resolved): PHP error in gwlb.inc (potential race): Renato Botelho
11:09 AM Todo #11278 (Resolved): Update dnsmasq to >=2.8.3: Renato Botelho
11:07 AM Todo #10997 (Resolved): Retire m0n0wall config support: Renato Botelho
08:11 AM Bug #11360 (Feedback): captive portal custom logo error: PR has been merged. Thanks! Renato Botelho
08:02 AM Bug #11360: captive portal custom logo error: Tested that patch against:... Steve Wheeler
07:52 AM Bug #11360 (Pull Request Review): captive portal custom logo error: Jim Pingle
07:50 AM Bug #11360: captive portal custom logo error: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/118 Viktor Gurov
07:29 AM Bug #11360: captive portal custom logo error: To be clear this is triggered when enabling the custom logo option and then not uploading a file. Or by not also uplo... Steve Wheeler
07:12 AM Bug #11360 (Resolved): captive portal custom logo error: https://forum.netgate.com/topic/160450/crash-report:
It crashed abruptly when trying to configure captive portal. Al... Viktor Gurov
08:05 AM Bug #11338 (Resolved): WireGuard cannot connect to an IPv6 endpoint: Latest snapshot looks good!... Jim Pingle
07:36 AM Bug #11359 (Duplicate): Multi-WAN issue - unable to connect to interface with not-default gateway: You didn't mention WireGuard in the subject or description but since the category is set to WireGuard, I'm assuming t... Jim Pingle
03:02 AM Bug #11359 (Duplicate): Multi-WAN issue - unable to connect to interface with not-default gateway: I have 4 Internet links, so 4 gateways is configured and only one of them is configured as default gateway.
Firewall... Alexey Muzychenko
06:29 AM Feature #11358 (Pull Request Review): New Dynamic DNS Provider: NIC.RU: Renato Botelho
06:13 AM Feature #11358: New Dynamic DNS Provider: NIC.RU: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/242 Viktor Gurov
12:53 AM Feature #11358 (Closed): New Dynamic DNS Provider: NIC.RU: https://www.nic.ru/help/dynamic-dns-for-developers_5810.html:
Request for IP address update looks like this:
GET ... Viktor Gurov
06:23 AM Bug #11344 (Resolved): Sanitize Squid securiteinfo_id: ... Viktor Gurov
06:16 AM Bug #11342 (Resolved): Sanitize DHCP DDNS keys: works as expected:... Viktor Gurov
04:29 AM Bug #11340 (Resolved): Hide WG interfaces on DHCP/DHCPv6 Relay pages: > Hide WireGuard interfaces on DHCP/DHCPv6 Relay pages
Works as expected
> Hide mediaopt field for WireGuard inte... Viktor Gurov
04:26 AM Bug #11341 (Resolved): PresharedKey is not sanitized from status_output config file: 2.5.0.a.20210201.1628 works as expected:
WireGuard-Configuration File wg0.conf... Viktor Gurov
03:24 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: Same sentiment here as Robert Gijsen's above.
Do we at least know whether the bug is in filterdns itself (generati... Christian Ullrich
03:11 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: Wait wut? This got postponed AGAIN? This is a breaking issue for two years and a few days now, and still it's priorit... Robert Gijsen

02/01/2021

11:28 PM Feature #11357 (Duplicate): Support for DynDNS provider deSEC.io: see https://forum.netgate.com/topic/103067/support-for-dyndns-provider-desec-io
API: https://desec.readthedocs.io/... Viktor Gurov
07:05 PM Bug #11328: OpenVPN Ciphers will not stick in 2.5: Sorry about the video's, they should be viewable now.
You are correct, I cannot replicate the issue in Firefox. I ... John Griffin
07:39 AM Bug #11328: OpenVPN Ciphers will not stick in 2.5: Those videos are private and cannot be viewed.
I tried again and can't replicate the problem here. Maybe write out... Jim Pingle
05:41 PM Revision d9e8e80e: Fix #8954: Enable hn_altq_enable on default config: Renato Botelho
04:11 PM Revision 86b28a02: Refactored system_advanced_* pages for MVC: Steve Beaver
02:47 PM Feature #11354: WireGuard should respond from the address used by peer: Christian McDonald wrote:
> One solution that was offered is to use a inbound NAT rule to port forward 51820 (or wha... Jim Pingle
02:44 PM Feature #11354: WireGuard should respond from the address used by peer: I added notes about this limitation in the docs for now: https://docs.netgate.com/pfsense/en/latest/vpn/wireguard/lim... Jim Pingle
02:00 PM Feature #11354: WireGuard should respond from the address used by peer: Was just about to post this exact issue. As it stands currently, I don't believe there is a way to utilize a CARP VIP... Christian McDonald
12:44 PM Feature #11354: WireGuard should respond from the address used by peer: Not a blocker since, if it is possible, this is likely non-trivial. Jim Pingle
12:43 PM Feature #11354 (Resolved): WireGuard should respond from the address used by peer: When a WireGuard peer contacts the firewall, the firewall always responds from the address it deems closest to the cl... Jim Pingle
02:42 PM Feature #11302: WireGuard XMLRPC sync: Until the other issue is addressed, I have noted the limitation here: https://docs.netgate.com/pfsense/en/latest/vpn/... Jim Pingle
12:46 PM Feature #11302: WireGuard XMLRPC sync: After testing this for a while in several different configuration styles, it's not viable yet. NAT doesn't help, at b... Jim Pingle
02:18 PM Bug #11330 (Feedback): IGMP Proxy upgrade to latest version: Version 0.3 was cherry-picked from FreeBSD and will be available on next round of snapshots Renato Botelho
02:18 PM Bug #11356 (Not a Bug): Copy firewall rule from one interface to another interface: It works fine as-is. Click copy, then set the interface to the new one, then save. Jim Pingle
02:01 PM Bug #11356 (Not a Bug): Copy firewall rule from one interface to another interface: Please, add this functionality on firewall rules:
Copy selected firewall rule from one interface to another interf... Teste Teste
02:17 PM Revision ab9a819b: Sanitize PKCS11 PIN from swanctl.conf. Issue #11348: Viktor Gurov
02:16 PM Revision 51a34b1f: Sanitize securiteinfo_id. Issue #11344: Viktor Gurov
02:16 PM Revision f1895d6a: Sanitize DHCP DDNS keys. Issue #11342: Viktor Gurov
02:15 PM Revision 294bb15c: Sanitize WireGuard PresharedKey from config. Fixes #11341: Viktor Gurov
02:14 PM Bug #11256 (Feedback): Cannot add alias with multiple URLs: Viktor says it works on 2.5.0. Leaving it at feedback state for now Renato Botelho
02:14 PM Revision 90749e06: Issue #11340: Hide WireGuard interfaces on DHCP/DHCPv6 Relay pages,
Hide mediaopt field for WireGuard interfaces on interfaces.php ... Viktor Gurov
02:13 PM Revision 48c91226: Hide TLS keydir for p2p openvpn mode. Issue #11336: Viktor Gurov
02:12 PM Bug #10966 (Feedback): IPv6 - WAN does not renew address when upstream fails: I've imported debian patch - https://sources.debian.org/patches/wide-dhcpv6/20080615-23/0018-dhcpv6-ignore-advertise-... Renato Botelho
01:23 PM Bug #11355 (Not a Bug): interfaces / assign interfaces / vxlan missing from menu: That is correct, there were issues in VXLAN which made it non ready for production use and it was removed. Jim Pingle
01:19 PM Bug #11355: interfaces / assign interfaces / vxlan missing from menu: i found out that vxlan has been retired https://redmine.pfsense.org/projects/pfsense/repository/revisions/3856366b4fb... Manuel Piovan
01:14 PM Bug #11355: interfaces / assign interfaces / vxlan missing from menu: https://redmine.pfsense.org/projects/pfsense/repository/revisions/3856366b4fb3823d02108c0ee63043509a89e0db
Grimson Gretzleburg
01:05 PM Bug #11355 (Not a Bug): interfaces / assign interfaces / vxlan missing from menu: 2.5.0-DEVELOPMENT (amd64)
built on Mon Feb 01 00:03:10 EST 2021
FreeBSD 12.2-STABLE
i can manually load the page... Manuel Piovan
11:51 AM Bug #8954 (Feedback): hn0: driver does not support altq: I've enabled hn_altq_enable option on default config. It was missing
I've also added needed loader tuning to inst... Renato Botelho
11:41 AM Bug #8954: hn0: driver does not support altq: Moving target to 2.5.0 since it regressed Renato Botelho
08:52 AM Bug #11339: Odd console output when WireGuard is running: For completeness sake, this is confirmed to be WireGuard.... Marcos M
08:36 AM Bug #11339: Odd console output when WireGuard is running: If your gateway was set to automatic there is a high chance that wireguard took over as the default gateway. At least... Jim Pingle
08:31 AM Bug #11339: Odd console output when WireGuard is running: That was not the case here, though I did have the gateway selection set to automatic. However, given that the WAN gat... Marcos M
07:45 AM Bug #11339: Odd console output when WireGuard is running: When Steve saw it, I think he had a routing loop of sorts -- the outer WireGuard traffic was attempting to go over th... Jim Pingle
08:24 AM pfSense Packages Bug #11333: Incorrect community-list format: 2.4.5 PR has been merged. Thanks! Renato Botelho
08:22 AM pfSense Packages Bug #11346 (Feedback): Raw-Config not working: PR has been merged. Thanks! Renato Botelho
07:57 AM pfSense Packages Bug #11346 (Pull Request Review): Raw-Config not working: Jim Pingle
08:22 AM pfSense Packages Bug #11345 (Feedback): FRR-OSPF - No "prefix-list" possible: PR has been merged. Thanks! Renato Botelho
07:55 AM pfSense Packages Bug #11345 (Pull Request Review): FRR-OSPF - No "prefix-list" possible: Jim Pingle
08:20 AM pfSense Packages Bug #11054 (Feedback): Check Client Certificate CN not working as described: PR has been merged. Thanks! Renato Botelho
07:54 AM pfSense Packages Bug #11054 (Pull Request Review): Check Client Certificate CN not working as described: Jim Pingle
08:20 AM Bug #11341: PresharedKey is not sanitized from status_output config file: Applied in changeset commit:294bb15c5230bd389bd1a6b738297bf4d57afb98. Viktor Gurov
08:15 AM Bug #11341 (Feedback): PresharedKey is not sanitized from status_output config file: PR has been merged. Thanks! Renato Botelho
07:49 AM Bug #11341 (Pull Request Review): PresharedKey is not sanitized from status_output config file: Jim Pingle
08:17 AM Bug #11348 (Feedback): Sanitize PKCS#11 PIN from swanctl.conf: PR has been merged. Thanks! Renato Botelho
07:57 AM Bug #11348 (Pull Request Review): Sanitize PKCS#11 PIN from swanctl.conf: Jim Pingle
08:17 AM Bug #11344 (Feedback): Sanitize Squid securiteinfo_id: PR has been merged. Thanks! Renato Botelho
07:53 AM Bug #11344 (Pull Request Review): Sanitize Squid securiteinfo_id: Jim Pingle
08:16 AM Bug #11342 (Feedback): Sanitize DHCP DDNS keys: PR has been merged. Thanks! Renato Botelho
07:52 AM Bug #11342 (Pull Request Review): Sanitize DHCP DDNS keys: Jim Pingle
08:14 AM Bug #11340 (Feedback): Hide WG interfaces on DHCP/DHCPv6 Relay pages: PR has been merged. Thanks! Renato Botelho
07:47 AM Bug #11340 (Pull Request Review): Hide WG interfaces on DHCP/DHCPv6 Relay pages: Jim Pingle
08:14 AM Bug #11336 (Feedback): Hide TLS keydir for p2p openvpn mode: PR has been merged. Thanks! Renato Botelho
08:09 AM Bug #11353 (Not a Bug): Changing of gateway order in gateway groups is not applied to firewall rules on "Apply": I can't replicate this on 2.5.0. Might have been fixed since 2.4.5.
The apply process already performs a filter re... Jim Pingle
03:00 AM Bug #11353 (Not a Bug): Changing of gateway order in gateway groups is not applied to firewall rules on "Apply": Suppose you have gateway group with two gateways: GW1 = Tier1, GW2 = Tier2.
Then you change order: GW1 = Tier2, G... Alexey Ab
08:00 AM pfSense Packages Todo #11351 (Not a Bug): updated version to pfsense 2.4.5_1: At this point, the 2.5.0 release is close enough that backporting all the changes is unlikely. Jim Pingle
07:59 AM Bug #11350 (Rejected): Multi wan default gateway bug and gateway monitoring bug: Default gateway groups can only be failover, not load balance. There is no way to have two default gateways of equal ... Jim Pingle
07:34 AM Bug #11337 (New): Interface column empty in list of GIF tunnels when using IP Alias on CARP VIP as Interface: The description was inaccurate. As stated, there was no problem. The problem exists only when the interface is set to... Jim Pingle
07:25 AM pfSense Packages Feature #9555 (Resolved): pimd package: Tested on 2.4.5_p1 and on 21.02-DEVELOPMENT (built on Mon Feb 01 00:05:45 EST 2021)
Tested with 3 different multic... Azamat Khakimyanov
06:39 AM Bug #11338 (Feedback): WireGuard cannot connect to an IPv6 endpoint: Peter Grehan wrote:
> if_wg.diff - kernel diff
> wg_tools - wireguard_tools diff
I've imported both patches and ... Renato Botelho
06:26 AM Bug #11322 (Resolved): WireGuard Public Key should not be entered by the user: Renato Botelho

01/31/2021

08:34 PM Bug #11352 (New): CTF types > 2^15 in the pfSense kernel config results in DTrace failing: The pfSense kernel config adds a number of additional subystems and drivers to the FreeBSD GENERIC kernel.
This ad... Peter Grehan
01:44 PM Bug #11311 (Resolved): Listen and peer port validation in wg.inc: Tested on the latest 2.5 image. It's working as expected. I'll mark it as resolved. Max Leighton
09:56 AM pfSense Packages Todo #11351 (Not a Bug): updated version to pfsense 2.4.5_1: you did released updated version (1.16.18_14) for pfsense 2.5.devel
but pfsense 2.4.5_1 still at version (1.16.18_... khaled osama
09:31 AM Bug #11337: Interface column empty in list of GIF tunnels when using IP Alias on CARP VIP as Interface: instead of having multiple CARP VIPs attached to WAN, I have one CARP VIP and the IP Aliases that follow that CARP VI... Christian McDonald
01:00 AM Bug #11338: WireGuard cannot connect to an IPv6 endpoint: if_wg.diff - kernel diff
wg_tools - wireguard_tools diff Peter Grehan
12:43 AM Bug #11338: WireGuard cannot connect to an IPv6 endpoint: The above wasn't correct: just another misconfiguration :(
There are a number of issues, all boiling down to "stru... Peter Grehan

Also available in: Atom

Project

General

Profile

pfSense

Activity

Activity

03/01/2021

02/28/2021

02/27/2021

02/26/2021

02/25/2021

02/24/2021

02/23/2021

02/22/2021

02/21/2021

02/20/2021

02/19/2021

02/18/2021

02/17/2021

02/16/2021

02/15/2021

02/14/2021

02/13/2021

02/12/2021

02/11/2021

02/10/2021

02/09/2021

02/08/2021

02/07/2021

02/06/2021

02/05/2021

02/04/2021

02/03/2021

02/02/2021

02/01/2021

01/31/2021