Activity

30 days up to

User

Subprojects

Activity

From 03/15/2021 to 04/13/2021

04/13/2021

01:19 PM Bug #11803 (Rejected): Network unavailability and crash report: This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
01:15 PM Bug #11803 (Rejected): Network unavailability and crash report: In an unpredictable way I'm loosing connectivity to the network routed bym pfSense. After a while network is back and... Maciej Czech
11:32 AM Revision a16e742c: Change stable version to 2.5.1: Renato Botelho
11:04 AM Revision 1af3f59b: Change stable version to 2.5.1: Renato Botelho
11:01 AM Revision 50d50d32: Change stable version to 2.5.1: Renato Botelho
10:52 AM Bug #11713 (Closed): Error when deleting IPv6 link-local routes: Jim Pingle
10:52 AM Bug #11674 (Closed): OpenVPN binds to all interfaces when configured on a 6RD interface: Jim Pingle
10:52 AM Bug #11644 (Closed): Unreachable LDAP server for SSH auth causes boot process to stop at 'Synchronizing user settings' and no user can login over SSH: Jim Pingle
10:52 AM Bug #11643 (Closed): IPsec tunnel does not function when configured on a 6RD interface: Jim Pingle
10:52 AM Bug #11638 (Closed): PHP error in logs from XMLRPC if no sections are selected to sync: Jim Pingle
10:52 AM Regression #11633 (Closed): DHCP6 interfaces are reconfigured multiple times at boot when more than one interface is set to Track: Jim Pingle
10:52 AM Bug #11617 (Closed): Unexpected Operator error on console at boot with ZFS and RAM Disks: Jim Pingle
10:52 AM Regression #11594 (Closed): IPv6 routes with a prefix length of 128 result in an invalid route table entry: Jim Pingle
10:52 AM Bug #11578 (Closed): Error when removing automatic DNS server route: Jim Pingle
10:52 AM Regression #11565 (Closed): Saved state timeout values not loaded into GUI fields on system_advanced_firewall.php: Jim Pingle
10:52 AM Regression #11561 (Closed): ACLs generated from RADIUS reply attributes do not parse ``{clientip}`` macro: Jim Pingle
10:52 AM Bug #11559 (Closed): OpenVPN does not start with a long list of Data Encryption Algorithms: Jim Pingle
10:52 AM Regression #11555 (Closed): IPsec peer ID of "Any" does not generate a proper remote definition or related secrets: Jim Pingle
10:51 AM Bug #11554 (Closed): Selected Data Encryption Algorithms list items reset when an input validation error occurs: Jim Pingle
10:51 AM Bug #11547 (Closed): DNS Resolver does not bind to an interface when it recovers from a down state: Jim Pingle
10:51 AM Regression #11537 (Closed): IPsec VTI tunnel between IPv6 peers may not configure correctly: Jim Pingle
10:51 AM Regression #11526 (Closed): Mobile IPsec broken when using strict certificate revocation list checking: Jim Pingle
10:51 AM Regression #11519 (Closed): Incorrect DHCP failover IP address configured on peer after XMLRPC sync: Jim Pingle
10:51 AM Bug #11514 (Closed): Renewing a self-signed CA or certificate does not update the serial number: Jim Pingle
10:51 AM Bug #11488 (Closed): IPsec tunnel definitions have ``pools =`` entry in ``swanctl.conf`` with no value: Jim Pingle
10:51 AM Regression #11487 (Closed): IPsec tunnels using expanded IKE connection numbers do not have proper child SA names in ``swanctl.conf``: Jim Pingle
10:51 AM Regression #11486 (Closed): Connect and disconnect buttons on the IPsec status page do not work for all tunnels: Jim Pingle
10:51 AM Bug #11476 (Closed): Telegram and Pushover notification API calls do not respect proxy configuration: Jim Pingle
10:51 AM Regression #11475 (Closed): Route tables with many entries can lead to PHP errors and timeouts when looking up routes: Jim Pingle
10:51 AM Bug #11448 (Closed): Incorrect order of ``route-nopull`` option in OpenVPN client-specific override configuration: Jim Pingle
10:51 AM Bug #11446 (Closed): Mobile IPsec DNS server input validation does not reject unsupported IPv4-mapped IPv6 addresses: Jim Pingle
10:51 AM Regression #11435 (Closed): IPsec status incorrect for entries using expanded IKE connection numbers: Jim Pingle
10:51 AM Bug #11409 (Closed): IPv4 MSS value is incorrectly applied to IPv6 packets: Jim Pingle
10:51 AM Bug #11383 (Closed): pfSense Proxy Authentication not working: Jim Pingle
10:51 AM Bug #11104 (Closed): OpenVPN does not start with several authentication sources selected: Jim Pingle
10:51 AM Bug #4521 (Closed): OpenVPN authentication and certificate validation fail due to size of data passed through ``fcgicli``: Jim Pingle
10:26 AM Bug #11639 (Closed): Entries from rotated log files may be displayed out of order when log display includes contents from multiple files: Fixed. Jim Pingle
10:25 AM Bug #11706 (Closed): Renewing a certificate without a ``type`` value assumes a server certificate: Tested again and this is working fine for me here. Can reopen or make a new issue if additional problem scenarios are... Jim Pingle
10:06 AM Regression #11500 (Closed): OpenVPN using the wrong OpenSSL command to list digest algorithms: Fixed. Jim Pingle
10:04 AM Regression #11760 (Closed): PHP error on package install: Fixed. Jim Pingle
09:06 AM Regression #11316: Unbound crashes with signal 11 when reloading: I'm experiencing this issue as well.
It seems to be preceded by unbound going 100% cpu for several minutes, during... Andrew Counterman
08:02 AM Bug #11616 (Closed): Potential stored XSS vulnerability in services_wol.php: Fixed and confirmed fixed multiple times. Jim Pingle
04:10 AM pfSense Packages Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port: I can confirm that after upgrading our Netgate XG-7100 from 2.4.5p1 to 21.02.1 this issue began.
Neither the OpenV... Jason B

04/12/2021

08:54 PM Bug #11800: ipv6 DHCP can't push gataway address to LAN: Jim Pingle wrote:
> There aren't nearly enough details here for a proper bug report. Keep it on the forum until you ... yon Liu
07:19 AM Bug #11800 (Rejected): ipv6 DHCP can't push gataway address to LAN: There aren't nearly enough details here for a proper bug report. Keep it on the forum until you have more details tha... Jim Pingle
05:48 AM Bug #11800 (Rejected): ipv6 DHCP can't push gataway address to LAN: LAN's any devices has no get ipv6 network gateway.
Reported
https://forum.netgate.com/topic/162834/ipv6-dhcp-not-... yon Liu
08:39 PM pfSense Packages Bug #10436: softflowd no longer sends flow data after upgrade (v0.9.9_1 -> v1.0.0): Same issue for me also. No flows being exported from the firewall as reported by capture on the firewall. Any ideas o... Nigel Smith
12:15 PM pfSense Packages Bug #11802 (New): FreeRADIUS sync: freeradius3 0.15.7_30 seems to have changed the XMLRPC Sync behavior in a recent update. This leads to the issue that... Michael Schefczyk
11:19 AM Revision 39da595a: Welcome pfSense 2.5.1-RELEASE: Renato Botelho
07:42 AM Bug #11801 (Closed): PHP error in ``upgrade_212_to_213()`` when upgrading certain IPsec tunnels: Certain IPsec tunnel configurations fail to upgrade cleanly with the following error:... Jim Pingle
07:24 AM Regression #11787 (Pull Request Review): Thermal sensors widget no longer shows values from certain hardware: Looks like a couple others are also missing from the output, not just Chelsio. See my notes on the PR. Jim Pingle
07:15 AM Bug #11799 (Duplicate): date sorting on system logs does alphabetical sort not numeric sort: Duplicate of #11639 Jim Pingle
04:55 AM Bug #11799 (Duplicate): date sorting on system logs does alphabetical sort not numeric sort: On the page Status System Logs System General, if you sort by date, the sorting is done by alphabetic order not numer... Robin Wood
06:49 AM pfSense Packages Bug #11491: haproxy-devel v0.62_2 - startup error 'httpchk': More over now HAproxy 2.0 support alpn h2 on backend and from 2.2 it supported on http-check. Also default server par... DRago_Angel [InV@DER]

04/11/2021

05:48 PM Bug #8831: Radvd causes latency spikes: Could you please provide information on what NIC you are using? To me it seems like an issue with a certain kind of N... Flole Systems
05:21 PM Bug #8831: Radvd causes latency spikes: I'm having an issue with this on 2.5.0-Release . I'm not using LACP, but I do have multiple LANs on VLANs. Jonathan Black
09:56 AM Bug #11256: Cannot add alias with multiple URLs: I just upgraded to 21.02_1 and it does not work. I thought 21.02_1 would be the same as 2.5.0. Is it not?
*EDIT:* ... Andreas Lindhé
05:17 AM pfSense Packages Feature #11798 (Duplicate): HA Sync for FRR config: I'm using two pfSense firewalls in a cluster with CARP.
On both FRR is configured but there is no sync option from ... Robert Sailer

04/10/2021

06:27 PM pfSense Packages Bug #11797 (Confirmed): Traffic Totals lost upon reboot when using a ramdisk for /var and /tmp: When using a ramdisk for /var and /tmp, RRD Data and log files are saved from the ramdisk to disk on a regular basis ... John Cornwell
10:17 AM Regression #11787: Thermal sensors widget no longer shows values from certain hardware: This should add that: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/217 Steve Wheeler
09:21 AM pfSense Packages Bug #11637: Preprocs - possible to create two defaults: Tested in 2.6.0, and the original behavior is fixed. The GUI still has a slight issue:
When creating a new server ... Max Leighton
08:51 AM Regression #11442 (Resolved): Distinguished Name (FQDN) IPsec peer identifier type is not formatted properly in ``swanctl.conf`` secrets: Tested and it looks good. This can be resolved. Max Leighton
04:36 AM Bug #3849: Compex WLE200NX wireless card stops responding: I have a similar issue with an "APU3 C2" board since upgrading pfSense from v2.4.5p1 (FreeBSD 11.3-STABLE) to v2.5.0 ... Guillaume J

04/09/2021

08:24 PM pfSense Packages Bug #11753: Enabling DNS over HTTPS/TLS Blocking in pfBlockerNG Causes Crash: Resolved in pfBlockerNG v3.0.0_16 BBcan177 .
02:51 PM pfSense Docs New Content #11796: Document the FRR Package: A good chunk of the documentation is up now, but it is still very much a work in progress:
https://gitlab.netgate.... Jim Pingle
02:29 PM pfSense Docs New Content #11796 (In Progress): Document the FRR Package: Jim Pingle
02:29 PM pfSense Docs New Content #11796 (Resolved): Document the FRR Package: Add documentation for the FRR Package.
Adapt any existing Quagga and OpenBGPd documents to use FRR instead.
Jim Pingle
10:10 AM Regression #11795 (Resolved): Applying IPsec settings for more than ~30 tunnels times out PHP: When attempting to apply IPsec changes on a system with more than around 30 tunnels, the apply process causes a timeo... Jim Pingle
10:03 AM Regression #11794 (Closed): IPsec VTI interface names are not properly formed for more than 32 interfaces: IPsec VTI interfaces names are not properly formed for more than 32 interfaces. For example a tunnel with a reqid of ... Jim Pingle
09:32 AM Regression #11524: Using SHA1 or SHA256 with AES-NI may fail if AES-NI attempts to accelerate hashing: Updating subject.
Note that this problem only affects CPUs which report the ability to accelerate SHA1 and SHA256.... Jim Pingle
08:55 AM Bug #11793 (Closed): OpenVPN client starts when CARP VIP is in BACKUP status when bound to Virtual IP aliased to CARP VIP: If an OpenVPN client is bound to a _virtual IP_ which is an _IP Alias_ for a _CARP IP_, the OpenVPN client (e.g. ovpn... monotype tattoo
07:48 AM Regression #11785: OpenSSL "Operation not supported" error with cryptodev in certain cases: Exclude from release notes since it regressed after the previous release. Jim Pingle
07:28 AM Regression #11316: Unbound crashes with signal 11 when reloading: There is a "new commit on Unbound which may help":https://github.com/NLnetLabs/unbound/commit/7396eff7af10eb85bee277a... Jim Pingle
07:24 AM pfSense Packages Bug #11392: FRR - Advanced Routing Behavior - Network Import Check: Flag should be reversed: That's what I fixed yesterday but there isn't a new package yet. Wait for pfSense-pkg-frr version 1.1.0_10. Jim Pingle
04:46 AM Bug #10955 (Pull Request Review): XMLRPC sync results in an error when a failover peer IP address is specified in DHCP server settings for an unconfigured interface: According to https://github.com/pfsense/pfsense/pull/4479/commits/64431f257bb831a8aa121c356bbef3ab28d0ddc1 function *... Azamat Khakimyanov

04/08/2021

11:44 PM pfSense Packages Bug #11392: FRR - Advanced Routing Behavior - Network Import Check: Flag should be reversed: "bgp network import-check" will not be shown up in configuration if I did not enable it once.
if I enabled it it w... Alhusein Zawi
11:18 AM pfSense Packages Bug #11392 (Feedback): FRR - Advanced Routing Behavior - Network Import Check: Flag should be reversed: Fixed committed and merged everywhere it is relevant. Jim Pingle
09:44 AM pfSense Packages Bug #11392 (In Progress): FRR - Advanced Routing Behavior - Network Import Check: Flag should be reversed: This doesn't add the option when there is no @frrbgpadvanced@ config present, and it should since we want it to be th... Jim Pingle
09:07 PM Revision 53b87a4c: VTI: Fix interface number limit: Code introduced by commit 3b85b43bb4b tried to keep the old way used to
decided VTI interface number using reqid and ... Renato Botelho
05:49 PM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs: Working fine for me now after update to 21.02.2.r.20210406.1302
Now once again able to connect to the network from t... Eduard Rozenberg
02:41 PM Bug #11782 (Closed): Sanitize status ouput for ACME AWS DynDNS key ID: Key itself is already sanitized through #10569
There should be no need to sanitize the ID. Marcos M
02:06 PM Bug #10190: can't disable Phase 1 when Phase 2 is VTI: This fixes the issue where a P1 can't be disabled if it has an inactive P2 in VTI mode.
An issue remains if the P2... Marcos M
02:05 PM Bug #11792 (Closed): Cannot disable IPsec P1 when related P2s are in VTI mode and enabled: Setup:
IPsec Phase 1 with one or more Phase 2 entries in VTI mode. No IPsec interfaces assigned.
Issue:
While bo... Marcos M
11:06 AM pfSense Packages Bug #11791 (Duplicate): comp-lzo in Client export is still used when Allow Compression set to "Refuse": Duplicate of #11745 Jim Pingle
10:09 AM pfSense Packages Bug #11791 (Duplicate): comp-lzo in Client export is still used when Allow Compression set to "Refuse": I noticed that the field "Compression" is still being used in client export even when "Refuse any non-stub compressio... chiel chiel
07:26 AM Regression #11747 (Resolved): Firewall rule schedule cannot be changed: Jim Pingle
07:21 AM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: Bill Meeks wrote:
> One of the issues identified in this ticket, the logging of "blank" interface names and the disp... Renato Botelho
07:20 AM pfSense Packages Bug #11637 (Feedback): Preprocs - possible to create two defaults: PR merged on 2.6.0 / 2.5.1. It will be cherry-picked to stable after tests Renato Botelho
03:55 AM Regression #11316: Unbound crashes with signal 11 when reloading: Can confirm the same happening on my system. Unbound crashed with an interval of one week and always at night. And it... S P

04/07/2021

11:13 PM Regression #11747: Firewall rule schedule cannot be changed: I was able to modify Schedules when it is applied to FW rule (added/deleted)
2.5.1-RC (amd64)
built on Tue Apr... Alhusein Zawi
03:31 PM Feature #11790: Support hiding interface groups via special tag: Clarification: This doesn't hide the group from being used or having rules configured on it, it just hides it from be... Christian McDonald
03:19 PM Feature #11790 (Rejected): Support hiding interface groups via special tag: PR: https://github.com/pfsense/pfsense/pull/4513
This will be useful for packages needing to create (protected) in... Christian McDonald
01:34 PM Feature #6362: Allow specifying the client identifier hardware type: In pfSense, just pre-pending... Carlo Tognetti
12:49 PM Revision 39d83c73: Show Unbound used certificate on the Certificate Manager page. Fixes #11678: Viktor Gurov
12:49 PM Revision 5cbb0a7f: Reload NAT config before testing: Steve Beaver
12:37 PM Revision 246a8832: Add cronjob only for limiters applied to firewall rules. Fixes #11636: Viktor Gurov
12:37 PM Revision 15f716d8: Note says that gateway or failover gatewaygroup are valid options #11164: Danilo Zrenjanin
12:34 PM Revision 1e1a9918: Disable RA mode in rc.initial.setlanip. Fixes #11609: Viktor Gurov
12:32 PM Revision 6bb8cdd4: OpenVPN Cisco AVPair {clientipv6} template. Implements #11596: Viktor Gurov
10:58 AM Regression #11785 (Resolved): OpenSSL "Operation not supported" error with cryptodev in certain cases: Fixed according feedbacks Renato Botelho
10:48 AM Regression #11785: OpenSSL "Operation not supported" error with cryptodev in certain cases: 2.5.1.r.20210406.1302 resolved the issues I was seeing as report above (#3). Thanks! Greg Shaffer
07:24 AM Regression #11785: OpenSSL "Operation not supported" error with cryptodev in certain cases: Latest snapshot is working fine here. Same VM before which could reproduce the OpenVPN and Unbound errors with crypto... Jim Pingle
08:53 AM Bug #11789 (Rejected): Restore Nat Outbound Config Issue: Hi all,
I'm reporting a bug about the Restore from config file of NAT Config.
The Outbound config is "Manual Outbou... Daniele Ciribifera
08:03 AM pfSense Plus Regression #11436 (Resolved): State matching problem with reponses to packets arriving on non-default WANs: Renato Botelho
05:10 AM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs: @Rick Strangman
> Updated by Renato Botelho 1 day ago
>...
>Fix was pushed to FreeBSD and cherry-picked to FreeBSD... Grzegorz Krzystek
05:07 AM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs: I can confirm the issue has been resolved. Explanation please. Rick Strangman
07:55 AM Bug #11678: Certificate Manager does not report Unbound as using a certificate: Applied in changeset commit:39d83c73ce8b1b5d99540ccfc6734b3ad4d23107. Viktor Gurov
07:49 AM Bug #11678 (Feedback): Certificate Manager does not report Unbound as using a certificate: PR has been merged. Thanks! Renato Botelho
07:45 AM Bug #11636: Unused Limiter entries with schedules create unnecessary cron jobs: Applied in changeset commit:246a8832c1928dc4cfcf40bd2bde4fbda0af191e. Viktor Gurov
07:40 AM Bug #11636 (Feedback): Unused Limiter entries with schedules create unnecessary cron jobs: PR has been merged. Thanks! Renato Botelho
07:45 AM Bug #11609: CLI interface configuration without IPv6 leaves RA enabled: Applied in changeset commit:1e1a9918cfd77626442b84bffdf32a7876a30e6f. Viktor Gurov
07:36 AM Bug #11609 (Feedback): CLI interface configuration without IPv6 leaves RA enabled: PR has been merged. Thanks! Renato Botelho
07:40 AM Feature #11596: Support for Cisco AVPair ``{clientipv6}`` template in firewall rules returns by RADIUS: Applied in changeset commit:6bb8cdd4d8b892bcb77163c02902d83c26cbe2f2. Viktor Gurov
07:34 AM Feature #11596 (Feedback): Support for Cisco AVPair ``{clientipv6}`` template in firewall rules returns by RADIUS: PR has been merged. Thanks! Renato Botelho
07:37 AM Bug #11778: OpenVPN uses 100% CPU after experiencing packet loss: According to my email VPN1_WAN/client1 was suffering packet loss at Apr 6, 2021, 10:11 PM, then not soon after VPN2_W... Jason NA
07:37 AM Feature #11164 (Feedback): Input validation to prevent setting a load balancing gateway group as default: PR has been merged. Thanks! Renato Botelho

04/06/2021

11:45 PM pfSense Packages Feature #11749: Option to disable NAT rule creation: I don't want to use the VIP Webservice in general, but the NAT rules are the biggest problem. I can't delete them and... Frank Gouton
05:30 PM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs: I tested it on RC update channel
currently running 21.02.2.r.20210406.1302
and port forward works as expected. on b... Grzegorz Krzystek
05:24 PM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs: So is this build different that what shows up in System->Updates? Rick Strangman
05:17 PM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs: to be more precise tested on build 21.02.2.r.20210405.1121
on booth wans port forward works now as expected.
Good... Grzegorz Krzystek
05:05 PM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs: Renato Botelho wrote:
> Fix was pushed to FreeBSD and cherry-picked to FreeBSD-src on commit 4fd4e2b70189
works o... Grzegorz Krzystek
03:57 PM pfSense Docs Todo #11788 (Duplicate): Feedback on pfSense Configuration Recipes — Dynamic Routing Protocol Basics: *Page:* https://docs.netgate.com/pfsense/en/latest/recipes/dynamic-routing-basics.html
*Feedback:*
https://docs.n... Paighton Bisconer
03:36 PM Revision 2dacd7fe: Accommodate 'after' property when creating a NAT rule: Steve Beaver
01:06 PM Regression #11787 (Closed): Thermal sensors widget no longer shows values from certain hardware: The changes made for this bug: https://redmine.pfsense.org/issues/10963 excluded the Chelsio sysctl temperature value... Steve Wheeler
12:47 PM Regression #11785 (Feedback): OpenSSL "Operation not supported" error with cryptodev in certain cases: Luiz reverted changes that introduced this issue on both devel and RC branches Renato Botelho
12:45 PM Regression #11785: OpenSSL "Operation not supported" error with cryptodev in certain cases: I couldn't reproduce that one before but it's entirely possible I didn't test it on this particular setting. It doesn... Jim Pingle
12:28 PM Regression #11785: OpenSSL "Operation not supported" error with cryptodev in certain cases: This effects more than just OpenVPN. With cryptographic device set to both AES-NI and Crypto Dev I was seeing errors... Greg Shaffer
10:06 AM Regression #11785: OpenSSL "Operation not supported" error with cryptodev in certain cases: It appears to be tied to cryptodev and not AES-NI. I can have aesni.ko loaded and it works OK, but fails when loading... Jim Pingle
09:19 AM Regression #11785 (Resolved): OpenSSL "Operation not supported" error with cryptodev in certain cases: It's not clear what specifically is triggering this, but with AES-NI+cryptodev loaded, I have a VM which is failing t... Jim Pingle
12:46 PM Bug #11774 (Duplicate): unbound control shows SSL error: Looks like this is a duplicate of #11785 (which has better info, even though it came after) Jim Pingle
11:49 AM Bug #11786 (New): SSH incomplete setup and startup fail while recovering XML backup in a fresh install of pfSense 2.5.0: Recovering a XML exported with RDD data and extra package data (about 8,2MB of data) causes SSH service configuration... Bruno Andrade da Silva
11:41 AM Bug #11778: OpenVPN uses 100% CPU after experiencing packet loss: I changed verbosity on client1, waited a couple of minutes then changed the verbosity on client2 and when I hit save ... Jason NA
10:42 AM Bug #11778: OpenVPN uses 100% CPU after experiencing packet loss: > since the upgrade whenever one or both clients start experiencing packet loss they start using 100% CPU
A OpenVP... Pippin MMD
07:41 AM pfSense Packages Bug #11783 (Not a Bug): /usr/local/pkg/acme/acme_command.sh : Uncaught RuntimeException: Couldn't create directory: Looks like a settings issue, it's got an entry set to need a web root folder but the value is empty. Jim Pingle
06:44 AM Regression #11433: Gateways with "Use non-local gateway" set are not added to routing table: Hi Renato,
the only patch (pfSense-pkg-System_Patches: 1.2_5) shown in the UI does not correct the problem. It seems... Frank Soyer
01:53 AM pfSense Packages Feature #11784 (New): squidguard auto update blacklist option: Would be nice to have an auto update blacklist option with a drop down menu for none, daily, weekly, fortnightly or m... ageekhere ageekhere

04/05/2021

07:43 PM Bug #11774: unbound control shows SSL error: I'm seeing similar SSL type errors in 2.5.1.r.20210405.0300. When I run the command "/usr/local/www: /usr/local/sbin/... Greg Shaffer
06:05 PM Revision 1346823f: Fix #11781: Disable DNSSEC option for dnsmasq: Renato Botelho
05:51 PM Bug #11777: Input validation prevents DNS Resolver from being disabled: Jim Pingle wrote:
> This is kind of a tricky situation since someone may want to work on their DNS Resolver configur... Martin Thygesen
08:21 AM Bug #11777: Input validation prevents DNS Resolver from being disabled: This is kind of a tricky situation since someone may want to work on their DNS Resolver configuration while it's alre... Jim Pingle
05:44 PM pfSense Packages Bug #11783: /usr/local/pkg/acme/acme_command.sh : Uncaught RuntimeException: Couldn't create directory: user was admin during setup process so permissions to create a director should not have been an issue. Martin Thygesen
05:44 PM pfSense Packages Bug #11783 (Not a Bug): /usr/local/pkg/acme/acme_command.sh : Uncaught RuntimeException: Couldn't create directory: Tried to setup acme on new firewall instance using old Key & ID from previous installation
Failed to write directory... Martin Thygesen
04:26 PM Bug #11712: Interface can't be switched to an available network port igb3: This is not a support issue and I suspect is a generic case.
That's unfortunate you can't reproduce it. Yuri Weinstein
01:39 PM Bug #11782 (Closed): Sanitize status ouput for ACME AWS DynDNS key ID: Currently, the following is not sanitized when downloading the file from /status.php.
* dns_awsaws_access_key_id
... Marcos M
01:31 PM pfSense Plus Regression #11436 (Feedback): State matching problem with reponses to packets arriving on non-default WANs: Fix was pushed to FreeBSD and cherry-picked to FreeBSD-src on commit 4fd4e2b70189 Renato Botelho
01:10 PM Bug #11781 (Feedback): Disable DNSSEC option for dnsmasq: Applied in changeset commit:1346823fd42cea2f633cc16f6b106ea4e4ce2311. Renato Botelho
01:05 PM Bug #11781 (Closed): Disable DNSSEC option for dnsmasq: We never provided support for DNSSEC on dnsmasq and it brings unnecessary dependencies Renato Botelho
12:19 PM pfSense Packages Bug #11780 (Rejected): Suricata package fails to prune suricata.log: The suricata package does not prune suricata.log. As a result, suricata.log grows without bound eventually resulting ... Kushdeep Chabba
11:22 AM Revision c12f206d: Support services like AWS and validate returned IP: Johan van der Vyver
10:27 AM Bug #11778: OpenVPN uses 100% CPU after experiencing packet loss: When I updated to 2.5 I changed a few more things from these VPN guides <https://nguvu.org/pfsense/pfsense-baseline-s... Jason NA
08:32 AM Bug #11778: OpenVPN uses 100% CPU after experiencing packet loss: I'm not sure there is anything pfSense could do about that. If OpenVPN itself is using the CPU, it's likely a problem... Jim Pingle
09:54 AM Bug #11706: Renewing a certificate without a ``type`` value assumes a server certificate: Right, on 2.5.0 (or a 2.5.1 snapshot from before this fix), removing @<type>user</type>@ will result in a server cert... Jim Pingle
09:20 AM pfSense Packages Bug #11766 (Pull Request Review): Certificate no more pointed "in use" by haproxy: Jim Pingle
08:46 AM pfSense Docs Todo #11779 (Rejected): Feedback on Configuration — Advanced Configuration Options — Admin Access Tab: > - make sure that the SSH-server is only listening to explicitly defined IPV4 and/or IPV6 addresses
Not possible ... Jim Pingle
05:47 AM pfSense Docs Todo #11779 (Rejected): Feedback on Configuration — Advanced Configuration Options — Admin Access Tab: *Page:* https://docs.netgate.com/pfsense/en/latest/config/advanced-admin.html
*Feedback:*
When trying to access m... Louis B
08:25 AM Bug #11776: Overwrite /boot.config and /boot/loader.conf when you use a serial console pfsense installation.: I tried to make my own customizations in the boot/loader.conf.local, but doesn't work because it blocks when you have... André Cirne
07:50 AM Bug #11776 (Rejected): Overwrite /boot.config and /boot/loader.conf when you use a serial console pfsense installation.: That is normal and expected.
Use /boot/loader.conf.local for your own customizations. Jim Pingle
07:49 AM Bug #11773 (Rejected): Using SSL/TLS for outgoing DNS Queries in forwarding mode can cause DNS to hang following the restoration of WAN connectivity: Those would be issues in unbound itself -- we don't have that kind of control over Unbound code. What you should do i... Jim Pingle
06:17 AM Regression #11433: Gateways with "Use non-local gateway" set are not added to routing table: Frank Soyer wrote:
> Hi guys,
> I'm just facing this bug after an update to 2.5.0. Unfortunatly, gitlab.netgate.com... Renato Botelho
06:15 AM Bug #3709 (Resolved): Disabled static route entries trigger 'route delete' error at boot: Renato Botelho

04/04/2021

10:32 AM pfSense Packages Bug #11766: Certificate no more pointed "in use" by haproxy: fix:
https://github.com/pfsense/FreeBSD-ports/pull/1059 Viktor Gurov
02:45 AM Bug #11774 (Rejected): unbound control shows SSL error: Unable to reproduce this issue on 2.5.1.r.20210403.0300 and 2.6.0.a.20210403.0100:... Viktor Gurov
12:05 AM pfSense Plus Feature #10804 (Resolved): Interface Status page information for switch uplinks may be replaced by switch port data when media state monitoring is set: Viktor Gurov

04/03/2021

07:48 PM Bug #11778 (New): OpenVPN uses 100% CPU after experiencing packet loss: I have two OpenVPN clients set up in a gateway group and when I was running 2.4.5p1 this was fine I had zero problems... Jason NA
06:16 PM pfSense Plus Feature #10804: Interface Status page information for switch uplinks may be replaced by switch port data when media state monitoring is set: Status>Interfaces shows tagged ports
Netgate XG-7100
21.02.2-RC (amd64)
built on Sat Apr 03 03:04:06 EDT 2021... Alhusein Zawi
05:57 PM Bug #11777: Input validation prevents DNS Resolver from being disabled: sorry noob mistake name= services_unbound.php : unbound dns resolver error on disable
affected architecture is amd64... Martin Thygesen
05:51 PM Bug #11777 (New): Input validation prevents DNS Resolver from being disabled: When trying to disable unbound, the following error prevents the service from being turned off.
-----------------
... Martin Thygesen
05:41 PM Regression #11702: RAM Disk Settings shows Kernel Memory at ``0`` Kb and does not allow the user to create RAM disks: Created RAM Disks on SG-2100 on 21.05.a.20210403.0100 - reports correctly on dashboard following apply/reboot Jordan G
11:49 AM Bug #11706: Renewing a certificate without a ``type`` value assumes a server certificate: I've done the test again on 2.5.0-RELEASE. The outcome is the same.
Initially, I created TestUserCert(User Type)... Danilo Zrenjanin
07:24 AM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs: I've reproduced the issue, and believe I have a fix.
I'm still trying to work out why it didn't happen on CE though. Kristof Provost
07:02 AM Bug #11776 (Rejected): Overwrite /boot.config and /boot/loader.conf when you use a serial console pfsense installation.: Function setup_loader_settings (https://github.com/pfsense/pfsense/blob/8b424bca02372246210fba3cf36045a704c11ae3/src/... André Cirne
04:02 AM Regression #11775 (Resolved): State counters not updating and always show 0/0 since last few updates: Not exactly sure which update caused this but it is within the last few weeks. When looking at my firewall rules ever... Craig Weber
03:21 AM Regression #11433: Gateways with "Use non-local gateway" set are not added to routing table: Hi guys,
I'm just facing this bug after an update to 2.5.0. Unfortunatly, gitlab.netgate.com is actually OFF, I can'... Frank Soyer
12:07 AM Bug #3709: Disabled static route entries trigger 'route delete' error at boot: after creating the same openvpn route as static, the route table will add static route Gateway(not openvpn GW)
afte... Alhusein Zawi

04/02/2021

12:44 PM Bug #11774: unbound control shows SSL error: Also, I get no stats under Status > DNS Resolver Nitin Gupta
11:56 AM Bug #11774 (Duplicate): unbound control shows SSL error: When executing the following command:... Nitin Gupta
11:58 AM pfSense Packages Bug #11637: Preprocs - possible to create two defaults: This problem is corrected by Pull Request 1058 here: https://github.com/pfsense/FreeBSD-ports/pull/1058. This issue ... Bill Meeks
11:57 AM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: One of the issues identified in this ticket, the logging of "blank" interface names and the display of "Unknown" as t... Bill Meeks
09:04 AM Bug #11773 (Rejected): Using SSL/TLS for outgoing DNS Queries in forwarding mode can cause DNS to hang following the restoration of WAN connectivity: I have unbound setup in forwarding mode to use "SSL/TLS for outgoing DNS Queries to Forwarding Servers". Unfortunatel... Richard Yao

04/01/2021

10:19 PM Regression #11729 (Resolved): Automatic default gateway mode does not select expected entries: Alhusein Zawi
10:19 PM Regression #11729: Automatic default gateway mode does not select expected entries: fixed
creating a LAN GW is not switching default GW.
2.5.1-RC (amd64)
built on Thu Apr 01 11:53:55 EDT 2021... Alhusein Zawi
09:08 PM Bug #11428: CPU details are incorrect in the System Information widget after resetting log files: Bearny B. wrote:
> Bearny B. wrote:
> > Some CPU Type information disappear after reset the log files under Status.... Michael Spears
09:03 PM Bug #11469: Pfsense 2.5.0 not working with Generation 2 Hyper-V VM: Marcos Mendoza wrote:
> Given the ZFS error, this actually may be the following issue:
> https://redmine.pfsense.or... Michael Spears
04:26 PM pfSense Plus Feature #11772: Layer 2 Tunnel Bonding Capability: Bonus points on this one: A "wizard" which can be run on the "central office" end PF to create the configuration for... Clint Guillot
04:22 PM pfSense Plus Feature #11772 (New): Layer 2 Tunnel Bonding Capability: Ability to tunnel traffic over multiple WAN connections back to another PF appliance at a central location in order t... Clint Guillot
02:48 PM Bug #11734 (Pull Request Review): NAT rule overlap detection is inconsistent: Jim Pingle
01:15 PM pfSense Docs Correction #11258 (Closed): Feedback on Installing and Upgrading — Prepare Installation Media — Prepare a USB Memstick: Jim Pingle
01:15 PM pfSense Docs Correction #9378 (Closed): Feedback on Virtualization — Virtualizing pfSense with Proxmox: Jim Pingle
01:15 PM pfSense Docs Correction #9951 (Closed): Feedback on VPN — OpenVPN — Configuring a Single Multi-Purpose OpenVPN Instance: Jim Pingle
01:14 PM pfSense Docs New Content #11150 (Closed): vpn_ipsec_export_win.php missing from help.php: Jim Pingle
01:14 PM pfSense Docs New Content #11238 (Closed): LAGG (Link Aggregation): Jim Pingle
01:13 PM pfSense Docs Correction #11162: Feedback on Backup and Recovery — Making Backups in the GUI: I added a section on backup compatibility with explains in more detail about what can/cannot be restored between vers... Jim Pingle
12:21 PM pfSense Packages Bug #11771: Darkstat WebGUI Cannot be accessed when Pfsense is accessed via a DNS name: Nevermind, it's the SSL business. The "Access Darkstat" button tries to use SSL and the browser is complaining and n... Jon V
12:10 PM pfSense Packages Bug #11771 (Rejected): Darkstat WebGUI Cannot be accessed when Pfsense is accessed via a DNS name: There must be something wrong in your testing. The firewall can't tell if it's being accessed by IP address or hostna... Jim Pingle
12:01 PM pfSense Packages Bug #11771 (Rejected): Darkstat WebGUI Cannot be accessed when Pfsense is accessed via a DNS name: Lets say you have a DNS entry "pfsense-local" the configuration of Darkstat only works when you navigate to 192.168.1... Jon V
12:00 PM pfSense Packages Bug #11768 (Pull Request Review): FRR OSPF - Comment field within the ospf interfaces gets longer and longer: Jim Pingle
11:29 AM pfSense Packages Bug #11768: FRR OSPF - Comment field within the ospf interfaces gets longer and longer: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/80 Viktor Gurov
08:56 AM pfSense Packages Bug #11768 (Resolved): FRR OSPF - Comment field within the ospf interfaces gets longer and longer: The comment field in the assigned ospf interfaces gets longer e.g.
interface ovpns1
description "ospfd: vpn230 D... Robert Sailer
11:28 AM pfSense Plus Bug #11770 (New): Pantech UML295 USB Modem No Longer Functional: The Pantech UML295 modem in the USB port is caused pfSense to hang on reboot when upgrading to version 21.02 of the s... Kris Phillips
10:51 AM Bug #11769 (Pull Request Review): Sanitize Captive Portal RADIUS MAC secret in status output: Jim Pingle
09:25 AM Bug #11769: Sanitize Captive Portal RADIUS MAC secret in status output: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/216 Viktor Gurov
09:06 AM Bug #11769 (Resolved): Sanitize Captive Portal RADIUS MAC secret in status output: RADIUS MAC Secret (`<radmac_secret>`) is not sanitized:... Viktor Gurov
10:50 AM Bug #11767 (Pull Request Review): Sanitize OpenVPN Client Export certificate password in status output: Jim Pingle
09:25 AM Bug #11767: Sanitize OpenVPN Client Export certificate password in status output: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/216 Viktor Gurov
09:04 AM Bug #11767: Sanitize OpenVPN Client Export certificate password in status output: example:... Viktor Gurov
08:37 AM Bug #11767 (Closed): Sanitize OpenVPN Client Export certificate password in status output: Certificate Password (Password used to protect the certificate file contents) `<pass>` is not sanitized from status_o... Viktor Gurov
08:47 AM Regression #11758 (Closed): Broadcom NetXtreme and QLogic 10 Gigabit Ethernet adapters are not available in 2.5.1 / 2.6: all there:... Viktor Gurov
07:44 AM Bug #11765 (Pull Request Review): Invalid HTML encoding in modal Notices window: Jim Pingle
01:49 AM Bug #11765: Invalid HTML encoding in modal Notices window: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/215 Viktor Gurov
01:15 AM Bug #11765 (Closed): Invalid HTML encoding in modal Notices window: In some cases it shows "&lt;head&gt" instead of "<head>":... Viktor Gurov
03:54 AM pfSense Packages Bug #11766: Certificate no more pointed "in use" by haproxy: Also seeing this - see my comments in linked thread JohnPoz _
03:37 AM pfSense Packages Bug #11766 (Resolved): Certificate no more pointed "in use" by haproxy: https://forum.netgate.com/topic/162606/certificate-no-more-pointed-in-use-by-haproxy:
I've seen in version 2.5 that ... Viktor Gurov

03/31/2021

01:39 PM Revision 3bf54e0d: Firewall Schedules edit fix. Issue #11747: (cherry picked from commit 18f7c1cb378cbfc8109c4aff3eb734048a4bc299) Viktor Gurov
01:39 PM Bug #11651: Error when adding both IPv4 and IPv6 P2 under an IPv4 or IPv6 only IKEv1 P1: Jim Pingle wrote:
> After the PR is merged this whole docs page can go away: https://docs.netgate.com/pfsense/en/lat... Jim Pingle
01:24 PM Revision 68f7d49e: Fix #11760: Make sure log file exist: Prevent PHP complaining about log file not found and create an empty
file when it doesn't exist. In this case return... Renato Botelho
01:24 PM Revision a7086b04: Fix #11760: Make sure log file exist: Prevent PHP complaining about log file not found and create an empty
file when it doesn't exist. In this case return... Renato Botelho
01:16 PM Bug #11383 (Feedback): pfSense Proxy Authentication not working: Fix pushed on FreeBSD-src repository.
Upstream ticket - https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=220468 Renato Botelho
12:47 PM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs: I am trying to reproduce with CE my scenario in a virtual environment and was having issues, good to know it doesn't ... Grant Derhofer
11:03 AM Bug #11764: IPv6 link local gateway default status not indicated in GUI: In this case, the gateway is from the WAN interface which is set to DHCPv6. Jim Pingle
11:01 AM Bug #11764 (Resolved): IPv6 link local gateway default status not indicated in GUI: In certain cases an IPv6 link-local gateway is not marked as default in the Dashboard widget or on status_gateways.ph... Jim Pingle
08:42 AM Bug #11652 (Resolved): Unable to renew a certificate without a SAN: works as expected on 2.5.1.r.20210330.1803 Viktor Gurov
08:40 AM Regression #11747: Firewall rule schedule cannot be changed: Patch works for me when I test it, picked back so it doesn't get missed. Jim Pingle
08:30 AM Regression #11760 (Feedback): PHP error on package install: Applied in changeset commit:a7086b04cae21ca742fdeefd1019ee1401b6dded. Renato Botelho
04:55 AM Regression #11760: PHP error on package install: I'll fix it Renato Botelho
02:29 AM Regression #11760 (Closed): PHP error on package install: https://github.com/pfsense/pfsense/commit/8e2960cc32c25f34d0bf8f122429df8edae58a94
and
https://github.com/pfsense/p... Viktor Gurov
08:11 AM Bug #11762 (Pull Request Review): Invalid combinations of TCP flag matching options cause ``pfctl`` parser error: Jim Pingle
07:57 AM Bug #11762: Invalid combinations of TCP flag matching options cause ``pfctl`` parser error: extra input validation:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/214 Viktor Gurov
07:46 AM Bug #11762: Invalid combinations of TCP flag matching options cause ``pfctl`` parser error: Updating subject for release notes Jim Pingle
07:25 AM Bug #11762 (Resolved): Invalid combinations of TCP flag matching options cause ``pfctl`` parser error: ... Viktor Gurov
08:06 AM Bug #11748 (Pull Request Review): Automated corruption recovery from cached ``config.xml`` backup files should check multiple backups: Jim Pingle
06:16 AM Bug #11748: Automated corruption recovery from cached ``config.xml`` backup files should check multiple backups: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/213 Viktor Gurov
07:58 AM pfSense Packages Bug #11763 (New): Traffic graphs refresh issue: Using Windows 10 20H2 and Chrome 89.
If Main page of pfsense is opened with traffic graphs displayed for a while (... Laurent BONNIN
07:30 AM Bug #11754 (Pull Request Review): Digital Ocean Dynamic DNS help text is incorrect: Jim Pingle
06:52 AM pfSense Packages Bug #11753: Enabling DNS over HTTPS/TLS Blocking in pfBlockerNG Causes Crash: Thanks @BBcan177, that was exactly it. Leave it to us dumb users to break stuff. lol. Jeff Strand
04:52 AM Bug #11761 (New): L2TP/IPsec VPN : PPP LCP negotiation occurs before user authentication: We are using pfSense to provide a l2tp/ipsec VPN connectivity to our users.
Users are using the Windows 10 (20h2) na... Chris Sibers
03:39 AM pfSense Packages Bug #11756: HaProxy does not transfer backend states during reload: Hi Viktor, I do not think that the ticket you linked is correct. I am specifically talking about the config option "l... Florian Apolloner
03:11 AM pfSense Packages Bug #11756: HaProxy does not transfer backend states during reload: fixed in haproxy-devel: #10599 Viktor Gurov
01:28 AM Bug #11759 (New): Traffic graphs on dashboard double upload on pppoe links: This is a long standing issue, also existing on previous versions
When looking at graphs, upload traffic appears at ... net blues
01:13 AM Regression #11758: Broadcom NetXtreme and QLogic 10 Gigabit Ethernet adapters are not available in 2.5.1 / 2.6: https://gitlab.netgate.com/pfSense/FreeBSD-src/-/merge_requests/5 Viktor Gurov
12:58 AM Regression #11758: Broadcom NetXtreme and QLogic 10 Gigabit Ethernet adapters are not available in 2.5.1 / 2.6: qlxgb - #9891 Viktor Gurov
12:56 AM Regression #11758 (Closed): Broadcom NetXtreme and QLogic 10 Gigabit Ethernet adapters are not available in 2.5.1 / 2.6: QLogic 10 Gigabit Ethernet (qlxgb) #11750
Broadcom NetXtreme (bnxt) #9155
missed from 2.5.1/2.6:... Viktor Gurov
01:06 AM Feature #11750: Support for network interfaces using the ``qlnxe`` driver: https://gitlab.netgate.com/pfSense/FreeBSD-src/-/merge_requests/11 Viktor Gurov

03/30/2021

11:59 PM Bug #11105 (Resolved): IPv6 RA RDNSS lifetime is too short, not compliant with RFC 8106: Viktor Gurov
08:47 PM pfSense Packages Bug #11753: Enabling DNS over HTTPS/TLS Blocking in pfBlockerNG Causes Crash: When you enable Doh/DoT Blocking, you must select atleast one of the lists below. I will add some input validation an... BBcan177 .
08:24 PM Revision c5b0f351: Revise MVC provision: Steve Beaver
07:47 PM Revision 8b7f7e66: Automatic default gateway set fix. Issue #11729: (cherry picked from commit f511939a42fbf9002d58f53f4d61e71dca20a4a6) Viktor Gurov
07:46 PM Revision f511939a: Automatic default gateway set fix. Issue #11729: Viktor Gurov
07:28 PM Revision d5ed3d86: Remove Wireguard reference in header: Steve Beaver
06:55 PM Revision 3abbccc9: Allow general access to create_interface_list() for MVC: Steve Beaver
06:24 PM Revision d670e31a: Updates the help text for DigitalOcean client setup. Issue #11754: Danilo Zrenjanin
05:10 PM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs: I can confirm that it does not occur in CE v5.0. I had the config operational before I migrated to Netgate x7100 with... Rick Strangman
04:10 PM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs: Jordan Bradley wrote:
> I'm using community edition and this bug is affecting me.
Based on your description above... Jim Pingle
04:08 PM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs: I'm using community edition and this bug is affecting me. Jordan Bradley
04:00 PM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs: A few notes:
* This only appears to affect pfSense Plus, not CE, which explains why some people cannot reproduce t... Jim Pingle
04:58 PM Regression #11751: Input validation prevents creating 1:1 NAT rules on IPsec: This bug quite ruined our environment.
Will be very greatfull for hotfix. Alex Lost
07:39 AM Regression #11751: Input validation prevents creating 1:1 NAT rules on IPsec: Tested here against 21.02 snapshot. Works as expected. Steve Wheeler
07:38 AM Regression #11751 (Pull Request Review): Input validation prevents creating 1:1 NAT rules on IPsec: Jim Pingle
05:14 AM Regression #11751: Input validation prevents creating 1:1 NAT rules on IPsec: fix also includes OpenVPN and L2TP VPN input validation:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests... Viktor Gurov
03:18 PM Feature #11757 (New): Allow XMLRPC sync to bypass default auth server in favor of local database: Some organizations with multiple firewall admins are using an external auth server as the system default for authenti... Max Leighton
02:48 PM Regression #11729 (Feedback): Automatic default gateway mode does not select expected entries: Merged and cherry-picked to 2.5.1 Renato Botelho
02:46 PM Regression #11524: Using SHA1 or SHA256 with AES-NI may fail if AES-NI attempts to accelerate hashing: Not enough time for 2.5.1 Renato Botelho
02:46 PM Regression #11545: Primary interface address is not always used when VIPs are present: Not enough time for 2.5.1 Renato Botelho
01:35 PM Bug #11754: Digital Ocean Dynamic DNS help text is incorrect: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/212 Danilo Zrenjanin
07:51 AM Todo #11755 (Closed): Upgrade OpenSSL to 1.1.1k: We already have an internal issue tracking this (NG 5939), and it was pulled into the tree yesterday.... Jim Pingle
02:19 AM Todo #11755 (Closed): Upgrade OpenSSL to 1.1.1k: https://www.openssl.org/news/vulnerabilities.html Luca De Andreis
04:33 AM pfSense Packages Bug #11756 (Feedback): HaProxy does not transfer backend states during reload: When reloading Haproxy (due to config changes for instance) the newly started process does not seem to remember the e... Florian Apolloner
04:32 AM Bug #11731: Missing support for Realtek USB NICs: Vincent Bentley wrote:
> Ase Karlsson wrote:
> > Hi,
> > Just made a support ticket to Netgate #80195 and was prom... Ase Karlsson
04:17 AM Bug #11731: Missing support for Realtek USB NICs: Ase Karlsson wrote:
> Hi,
> Just made a support ticket to Netgate #80195 and was prompted to summit a bug report he... Vincent Bentley

03/29/2021

06:11 PM Bug #11754 (Closed): Digital Ocean Dynamic DNS help text is incorrect: There are reports that setting up a DDNS client with Digital Ocean now only requires the actual host name like most o... Max Leighton
05:41 PM pfSense Packages Bug #11753 (Resolved): Enabling DNS over HTTPS/TLS Blocking in pfBlockerNG Causes Crash: Enabling the "DoH/DoT Blocking" option in "Firewall/pfBlockerNG/DNSBL/DNSBL SafeSearch" menu causes pfSense to crash.... Jeff Strand
05:03 PM Bug #11469: Pfsense 2.5.0 not working with Generation 2 Hyper-V VM: Given the ZFS error, this actually may be the following issue:
https://redmine.pfsense.org/issues/11483 Marcos M
02:03 PM Bug #11734: NAT rule overlap detection is inconsistent: I've added some further details on it. At the least, there is a typo that should be fixed. Marcos M
08:34 AM Bug #11734 (Rejected): NAT rule overlap detection is inconsistent: Protocol doesn't overlap. You can have separate port forward rules for TCP and for UDP on the same port ranges which ... Jim Pingle
01:54 PM pfSense Packages Regression #11738 (Feedback): SquidGuard 1.16.18_17 Not Filtering Blacklist No-Transparent Mode: Merged Renato Botelho
08:47 AM pfSense Packages Regression #11738 (Pull Request Review): SquidGuard 1.16.18_17 Not Filtering Blacklist No-Transparent Mode: Jim Pingle
01:41 PM pfSense Docs Todo #11722 (Closed): LaTeX Error: Too deeply nested.: That worked, thanks! Jared Dillard
01:21 PM pfSense Docs Todo #11722 (Resolved): LaTeX Error: Too deeply nested.: This should do it:
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/0e4504bbed5308f2690effae6190af3e0581f4a5
... Jim Pingle
11:37 AM Bug #11733: Web interface hangs when gateway link becomes intermittent: The ONT was just replaced. Immediately after, I tried to connect to the web interface, but I received a 502 error as ... Richard Yao
08:30 AM Bug #11733 (Rejected): Web interface hangs when gateway link becomes intermittent: Most likely the rapid cycling of link on the port was causing interface event processing to get backed up in a queue,... Jim Pingle
10:12 AM pfSense Plus Bug #11726 (Rejected): Network traffic stops with latest RC build.: Unable to reproduce and not enough information to determine if there is a bug, or anything which can be done.
If y... Jim Pingle
09:41 AM Regression #11751 (Closed): Input validation prevents creating 1:1 NAT rules on IPsec: Additional input validation in the GUI in 21.02/2.5 prevents creating a 1:1 NAT rule on the IPSec interface because i... Steve Wheeler
09:30 AM Feature #11750 (Resolved): Support for network interfaces using the ``qlnxe`` driver: In 2.5.0 if_qlnxe is missing as a module (or compiled in). In 2.4.5 this was also the case but there I was able to co... Franky Van Liedekerke
09:03 AM Regression #11747 (Feedback): Firewall rule schedule cannot be changed: PR merged to master, after it's tested there we can consider cherry picking to 21.02.2/2.5.1 since it's a significant... Jim Pingle
08:55 AM Regression #11747 (Pull Request Review): Firewall rule schedule cannot be changed: Jim Pingle
09:03 AM Bug #11748: Automated corruption recovery from cached ``config.xml`` backup files should check multiple backups: Updating subject.
tl;dr appears to be: config.xml corrupt/missing, and most recent historical backup is also corru... Jim Pingle
08:53 AM pfSense Packages Bug #11746 (Pull Request Review): Second LDAP server configuration misses the ipaNThash control attribute: Jim Pingle
08:52 AM pfSense Packages Bug #11745 (Pull Request Review): Incorrect compress options in exported configuration when server is set to refuse compression: Jim Pingle
08:51 AM pfSense Docs Correction #11740 (Resolved): Delay Standard Deviation: Fix merged. Jim Pingle
08:42 AM Bug #11706: Renewing a certificate without a ``type`` value assumes a server certificate: Danilo Zrenjanin wrote:
> Tried to replicate on the:
> 2.5.0-RELEASE (amd64)
> built on Tue Feb 16 08:56:29 EST 20... Jim Pingle
08:36 AM Bug #11736 (Rejected): Issue with UPNP: This site is not for support or diagnostic discussion and there doesn't appear to be enough information here to descr... Jim Pingle
08:26 AM Feature #2668 (Pull Request Review): Support aliases in OpenVPN local/remote/tunnel network fields: Jim Pingle
08:24 AM Regression #11729 (Pull Request Review): Automatic default gateway mode does not select expected entries: Jim Pingle
08:22 AM Bug #11725 (Pull Request Review): Error when setting queue limit on CODELQ limiter: Jim Pingle
08:17 AM Bug #11728 (Rejected): Dual WAN on 21.02-RELEASE-p1 Netgate SG7100 - Routing groups: Unable to reproduce as stated, it's likely a configuration or environmental issue.
This site is not for support or... Jim Pingle
08:16 AM Bug #11727 (Pull Request Review): Cannot enter persistent CARP maintenance mode when CARP is disabled: Jim Pingle
08:14 AM Bug #11699 (Pull Request Review): OpenVPN does not clean up parsed ``Cisco-AVPair`` rules on non-graceful disconnect: Jim Pingle
08:12 AM pfSense Packages Feature #11719: ACME - Create script for DNSExit API: Netgate maintains the pfSense package for acme.sh (pfSense GUI, code to setup and invoke acme.sh, etc) but we do not ... Jim Pingle
08:09 AM Bug #11724: Packages unexpectedly removed when changing update branches: Generalizing subject since it can happen with multiple packages Jim Pingle
08:08 AM Bug #11718: XMLRPC Client does not honor its default timeout value: Simplifying subject for release notes. Jim Pingle
08:07 AM Bug #11718 (Pull Request Review): XMLRPC Client does not honor its default timeout value: Jim Pingle
08:06 AM Regression #11723 (Pull Request Review): Virtual IP addresses are only added to interfaces after reboot: Jim Pingle
08:00 AM Bug #11720 (Rejected): Unbound crashing and can't stay up: Since there isn't any clear information here that points to an actionable bug, I'm closing it out for now.
If you ... Jim Pingle
07:55 AM pfSense Packages Feature #10859 (Pull Request Review): Add avahi filtering feature to pfSense: Jim Pingle
07:51 AM Bug #11721 (Rejected): NAT redirecting traffic to incorrect interface address: Not seeing anything actionable here -- the reflection rules catching the traffic explains the symptoms, if you have V... Jim Pingle
07:42 AM Bug #11713: Error when deleting IPv6 link-local routes: Updating subject for release notes. Jim Pingle
07:36 AM Bug #11712 (Rejected): Interface can't be switched to an available network port igb3: Can't reproduce as stated, swapping assignments works as expected for enabled or disabled interfaces.
This site is... Jim Pingle
05:24 AM pfSense Packages Feature #11749 (New): Option to disable NAT rule creation: I'd like to have an option to disable the automatic NAT rule creation of DNSBL.
First I'd like to have full manual... Frank Gouton
03:16 AM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs: Rick Strangman wrote:
> I attach a pfsense packet capture on the LAN side from the bad WAN2. You can see that the in... Kristof Provost

03/28/2021

12:39 PM Revision 18f7c1cb: Firewall Schedules edit fix. Issue #11747: Viktor Gurov
11:16 AM Bug #11748 (Resolved): Automated corruption recovery from cached ``config.xml`` backup files should check multiple backups: Apparently something went wrong during the saving in the environment of traffic shaping. The system was no longer acc... Philippe Landsberg
07:44 AM Regression #11747: Firewall rule schedule cannot be changed: it also fixes error:... Viktor Gurov
07:16 AM Regression #11747 (Resolved): Firewall rule schedule cannot be changed: Running on latest Version 2.5.0
When I modify the schedule, it will not save any longer
I get the following error... Viktor Gurov
06:51 AM pfSense Packages Bug #11746: Second LDAP server configuration misses the ipaNThash control attribute: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/79 Viktor Gurov
06:49 AM pfSense Packages Bug #11746 (Resolved): Second LDAP server configuration misses the ipaNThash control attribute: Only the first LDAP server configuration contains the ipaNThash control attribute:
https://github.com/pfsense/FreeBS... Viktor Gurov
04:47 AM pfSense Packages Bug #11745: Incorrect compress options in exported configuration when server is set to refuse compression: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/78 Viktor Gurov
04:16 AM pfSense Packages Bug #11745 (Resolved): Incorrect compress options in exported configuration when server is set to refuse compression: I create ovpn server. I use it with some options, one of them is "refuse any non-stub compression". Then I use client... Viktor Gurov
02:46 AM pfSense Docs Correction #11740: Delay Standard Deviation: correction:
https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/11 Viktor Gurov
02:42 AM Bug #11744 (Rejected): SquidGuard service state STOPPED: This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Viktor Gurov
01:31 AM Bug #11744 (Rejected): SquidGuard service state STOPPED: Please Help me
After install squidGuard & squid but not start Arash Arshia
02:41 AM pfSense Plus Bug #11741 (Closed): VLAN 1 description displays as "Default System VLANDefault System VLAN": internal issue NG 5952 created Viktor Gurov
12:38 AM pfSense Docs Todo #11743 (Closed): Feedback on Virtual Private Networks — VPN Scaling: *Page:* https://docs.netgate.com/pfsense/en/latest/vpn/performance.html
*Feedback:*
Intel QAT information needs... Viktor Gurov
12:23 AM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs: I believe I'm also encountering this issue, at least a google for "pfsense rdr not working after upgrade" brought me ... Craig Leres
12:06 AM Feature #7842 (Resolved): New Dynamic DNS Provider: Mythic-Beasts: Viktor Gurov
12:06 AM pfSense Packages Regression #11738: SquidGuard 1.16.18_17 Not Filtering Blacklist No-Transparent Mode: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/77 Viktor Gurov

03/27/2021

11:30 PM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs: I attach a pfsense packet capture on the LAN side from the bad WAN2. You can see that the initial SMTP request comes ... Rick Strangman
04:28 AM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs: Just wanted to add that this issue also impact IPv6 NPt with multiwan, please check this as well when fix will be at ... DRago_Angel [InV@DER]
05:46 PM Feature #7842: New Dynamic DNS Provider: Mythic-Beasts: Provider appears in list correctly following loopia and is selectable
tested with 20210327 build Jordan G
03:39 PM pfSense Packages Bug #11742 (Not a Bug): Blocking / Unblocking is not working correctly.: If you turn on blocking for a port via the GUI and then turn the blocking back off. Gui indicates that it is off, but... Ian Mitchell
03:33 PM pfSense Plus Bug #11726: Network traffic stops with latest RC build.: This may be a dup of ticket 11540. Ian Mitchell
12:10 PM Bug #11724: Packages unexpectedly removed when changing update branches: I can confirm this behavior with NUT and FRR as well. Users who rely on FRR but aren't ready to update have experienc... Max Leighton
12:01 PM Bug #11654 (Resolved): Certificates with escaped x509 characters display the escaped version when renewing: It's fixed in
2.5.1-RC (amd64)
built on Sat Mar 27 03:04:02 EDT 2021
FreeBSD 12.2-STABLE
I'll mark the ticke... Max Leighton
11:42 AM pfSense Plus Bug #11741: VLAN 1 description displays as "Default System VLANDefault System VLAN": Screenshot didn't make it. Here
!https://dsc.cloud/b854da/pb-A0SwdJGmBR/pb-A0SwdJGmBR.png! → luckman212
11:37 AM pfSense Plus Bug #11741 (Closed): VLAN 1 description displays as "Default System VLANDefault System VLAN": In the GUI, the description for the default VLAN is printed twice:
!https://cln.sh/dd93kN!
I made a simple fix ... → luckman212
09:21 AM pfSense Docs Correction #11740 (Resolved): Delay Standard Deviation: There is a typo.
The standard deviation on the RTT values. The standard deviation gives an impression of the varia... Danilo Zrenjanin
09:14 AM Bug #11737 (Rejected): captive portal not working for more than five interface: Not enough information in this report to act on. Please discuss on the captive portal area at the forum and, if it is... Chris Linstruth
07:41 AM Bug #11737 (Rejected): captive portal not working for more than five interface: captive portal not working for more than five interface in pfsense 2.5 Mohamed Ahmed
09:12 AM pfSense Docs New Content #11739 (Resolved): Manual Outbound NAT rules in HA setup: It would be helpful to note that the manual rule for localhost traffic should be using WAN interface IP.
https://d... Danilo Zrenjanin
08:24 AM pfSense Packages Regression #11738 (Resolved): SquidGuard 1.16.18_17 Not Filtering Blacklist No-Transparent Mode: Hello.
We found some strange behavior, after upgrade to this version 1.16.18_17
SG stop filtering our blacklist a... Peter Moreno
03:25 AM Bug #11706: Renewing a certificate without a ``type`` value assumes a server certificate: Tried to replicate on the:
2.5.0-RELEASE (amd64)
built on Tue Feb 16 08:56:29 EST 2021
In my case, after removi... Danilo Zrenjanin

03/26/2021

06:51 PM Revision 3c17a9bb: Upgrade: Improve information when it fails: Since first version after pfSense-upgrade, pkg_mgr_install.php waits for
pkg socket to start presenting information t... Renato Botelho
06:51 PM Revision 8e2960cc: Display a suitable message in hte textarea if hte update process aborts for any reason. Tighten up timing so that update attempts that complete very quickly are not missed.: (cherry picked from commit 7cc4c2fcbb1ef88506afccd9fb24aead20ab49bf) Steve Beaver
06:50 PM Revision 8ec12f4b: Upgrade: Improve information when it fails: Since first version after pfSense-upgrade, pkg_mgr_install.php waits for
pkg socket to start presenting information t... Renato Botelho
06:22 PM Bug #11736 (Rejected): Issue with UPNP: Mar 27 00:18:37 miniupnpd 69951 Listening for NAT-PMP/PCP traffic on port 5351
Mar 27 00:18:37 miniupnpd 69951 setso... Kristian Krautwald
05:49 PM pfSense Docs Correction #11735 (Closed): Feedback on Hardware — Hardware Tuning and Troubleshooting: *Page:* https://docs.netgate.com/pfsense/en/latest/hardware/tune.html
*Feedback:*
On pfSense 21.02/2.5, given tha... Marcos M
05:35 PM Bug #11734: NAT rule overlap detection is inconsistent: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/209 Marcos M
05:24 PM Bug #11734 (Resolved): NAT rule overlap detection is inconsistent: When saving an additional NAT port forward rule:
# The "protocol" field is effectively ignored in overlap checks
... Marcos M
03:16 PM Bug #11733 (Rejected): Web interface hangs when gateway link becomes intermittent: I have a failing Verizon ONT. The web interface hung when the ONT first started to fail. Logging into pfsense using S... Richard Yao
01:15 PM Bug #11725: Error when setting queue limit on CODELQ limiter: Viktor Gurov wrote:
> extra input validation:
> https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/206
... Vincent Jansen
02:51 AM Bug #11725: Error when setting queue limit on CODELQ limiter: extra input validation:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/206 Viktor Gurov
02:30 AM Bug #11725 (Confirmed): Error when setting queue limit on CODELQ limiter: CoDel has no parameters,
see https://queue.acm.org/detail.cfm?id=2209336
and https://arstechnica.com/information-te... Viktor Gurov
11:43 AM pfSense Packages Bug #10187: Insertion of ZERO_WIDTH_SPACE into IPv6 addresses make it impossible to use browser find functionality: If this is waiting for me to submit a patch: it ain't coming. Izaac Falken
11:23 AM pfSense Plus Feature #11732 (New): Add VXLAN Support to pfSense Plus: VXLAN Support would be useful for scalable cloud deployments of pfSense Plus Kris Phillips
06:26 AM Feature #2668: Support aliases in OpenVPN local/remote/tunnel network fields: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/208 Viktor Gurov
04:37 AM Regression #11729: Automatic default gateway mode does not select expected entries: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/207 Viktor Gurov
02:35 AM Bug #11731 (New): Missing support for Realtek USB NICs: Hi,
Just made a support ticket to Netgate #80195 and was prompted to summit a bug report here.
In version 2.5.0 a R... Ase Karlsson
01:56 AM Bug #11382 (Resolved): OpenVPN client configuration page displays Shared Key option when set for SSL/TLS: Alhusein Zawi wrote:
> Tested on 21.02.2.r.20210325.0300
>
> Shared Key option is not displayed when Server mode ... Viktor Gurov
01:35 AM Bug #9450: Multiwan gateway group fail-over not working as expected (possible race condition): Yet every time my dsl goes offline e.g. for packet loss and comes back according to the notification, when I cat /tmp... Dee D

03/25/2021

11:44 PM Bug #11382: OpenVPN client configuration page displays Shared Key option when set for SSL/TLS: Tested on 21.02.2.r.20210325.0300
Shared Key option is not displayed when Server mode is for SSL/TLS in client con... Alhusein Zawi
09:38 PM Bug #11730 (Resolved): "Dark" theme does not sufficiently distinguish between selected and deselected elements in option lists: The options within @select@ elements are hard to see when hovering over them. See attached @option-background-current... Marcos M
09:19 PM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs: The issue is:
1. 2 x WAN, WAN1 & WAN 2, both DHCP
2. WAN1 set as default gateway
3. Both WANs have identical NAT r... Rick Strangman
08:10 PM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs: Kris Phillips wrote:
> Testing with the following on amd64:
>
> 1. Created Port Forward from WAN address to inter... Kris Phillips
07:08 PM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs: Kris,
I can reliably reproduce this bug on my systems. We are running 2 C2758s in a MultiWAN / HA config. We set... David Socha
05:11 PM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs: My setup is that I'm trying to do port forwarding on an openvpn client interface in order to forward a reserved port ... Jordan Bradley
05:01 PM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs: Testing with the following on amd64:
1. Created Port Forward from WAN address to internal and WAN2 set as default ... Kris Phillips
08:24 PM Revision 120a0ada: Merge branch 'master' of gitlab.netgate.com:pfsense/pfsense: Steve Beaver
08:20 PM Revision d832de01: Display a suitable message in the textarea if the update process aborts for any reason. Tighten up timing so that update attempts that complete very quickly are not missed.: Steve Beaver
04:57 PM Revision 7cc4c2fc: Display a suitable message in hte textarea if hte update process aborts for any reason. Tighten up timing so that update attempts that complete very quickly are not missed.: Steve Beaver
03:25 PM Revision e962e17b: Find IPsec IKEv1 SAs widget fix. Issue #11435: (cherry picked from commit 8c9eaa7190f6c9a354a4a34cfeb10a776592be8c) Viktor Gurov
03:25 PM Revision 8c9eaa71: Find IPsec IKEv1 SAs widget fix. Issue #11435: Viktor Gurov
01:25 PM Revision 80073869: WireGuard removal: Fix config: Keep `wgpeer` item defined as an array on xmlparse.inc to prevent errors
on config files while they already have WG c... Renato Botelho
01:22 PM Revision d60c59fe: WireGuard removal: Fix config: Keep `wgpeer` item defined as an array on xmlparse.inc to prevent errors
on config files while they already have WG c... Renato Botelho
12:12 PM Revision f9e30d4d: Add open-vm-tools options: Renato Botelho
10:41 AM Regression #11729 (Resolved): Automatic default gateway mode does not select expected entries: # New 21.02p1/2.5 install
# Have a monitored WAN gateway
# Have Default gateway set to Automatic
# Create a new un... Marcos M
10:26 AM Regression #11435: IPsec status incorrect for entries using expanded IKE connection numbers: PR merged and cherry-picked to 2.5.1 Renato Botelho
05:03 AM Bug #11728 (Rejected): Dual WAN on 21.02-RELEASE-p1 Netgate SG7100 - Routing groups: We have 2 netgate SG7100 in failover with a Dual WAN.
When we activate the WAN interface on the standby Netgate, w... Fabrice Cunuder
05:02 AM Bug #11727: Cannot enter persistent CARP maintenance mode when CARP is disabled: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/205 Viktor Gurov
04:14 AM Bug #11727 (Resolved): Cannot enter persistent CARP maintenance mode when CARP is disabled: If you press "Disable CARP" button on the Status / CARP page, and then "Enter Persistent CARP Maintenance Mode" error... Viktor Gurov
02:53 AM Bug #6880: Multiple DHCP6 WAN connections leads to multiple dhcp6c clients: Issue is getting worse with 2.5.1-RC. This is unacceptable! Car F
01:17 AM Bug #11699: OpenVPN does not clean up parsed ``Cisco-AVPair`` rules on non-graceful disconnect: Set default OpenVPN inactive timeout to 300:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/204 Viktor Gurov
01:08 AM Bug #11569 (Resolved): ACLs generated from RADIUS reply attributes have incorrect syntax: works as expected on 2.5.1.r.20210324.0300
RADIUS attributes:... Viktor Gurov

03/24/2021

09:17 PM pfSense Plus Bug #11726 (Rejected): Network traffic stops with latest RC build.: After updating to the RC build 21.02.2.r.20210324.0300 network traffic ceased. No NAT traffic was passing, each inter... Ian Mitchell
08:37 PM pfSense Packages Feature #11719: ACME - Create script for DNSExit API: I must be misinterpreting the Netgate Package docs.
Reading from the page https://docs.netgate.com/pfsense/en/late... Mike McV
04:45 PM pfSense Packages Feature #11719 (Rejected): ACME - Create script for DNSExit API: We don't write custom scripts at pfSense. Please open a ticket on ACME project for that Renato Botelho
08:08 PM Revision e0628582: Update translation files: Renato Botelho
07:59 PM Revision d0aab9c7: Regenerate pot: Renato Botelho
07:58 PM Revision 6bd19b7c: Regenerate pot: Renato Botelho
07:37 PM Revision 01b63446: Do not try to include wg.inc: Renato Botelho
04:40 PM Bug #11725 (Closed): Error when setting queue limit on CODELQ limiter: When applying a queue limit, it seems the queue size isn't applied.
Also the flowing error is thrown:
Filter Relo... Vincent Jansen
04:03 PM Bug #11724: Packages unexpectedly removed when changing update branches: The NUT package is also automatically removed under similar circumstances.
https://forum.netgate.com/topic/161343/... John Clark
01:51 PM Bug #11724 (New): Packages unexpectedly removed when changing update branches: FRR will be removed in 2.4.5-p1 if you set System>Update to the branch to Previous Stable:
to produce the issue in... Alhusein Zawi
01:59 PM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs: Svein Wisnaes wrote:
> Grzegorz Krzystek wrote:
> > last known working version is 2.4.5p1
> >
> > No ETA on this... Kris Phillips
07:32 AM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs: Grzegorz Krzystek wrote:
> last known working version is 2.4.5p1
>
> No ETA on this, nor known workaround yet.
... Svein Wisnaes
06:50 AM Bug #11718: XMLRPC Client does not honor its default timeout value: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/203 Viktor Gurov
04:08 AM Regression #11435: IPsec status incorrect for entries using expanded IKE connection numbers: Jim Pingle wrote:
> I checked in a fix for the widget now as well. Worked on two systems here (one which worked befo... Viktor Gurov
03:51 AM Regression #11723: Virtual IP addresses are only added to interfaces after reboot: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/201 Viktor Gurov
03:40 AM Regression #11723 (Closed): Virtual IP addresses are only added to interfaces after reboot: Virtual IPs are not added when you press "Apply" on the Firewall / Virtual IPs page,
only added after a reboot
pf... Viktor Gurov
01:18 AM Bug #11705 (Resolved): Creating a certificate while creating a user does not fully configure the certificate properly: Jim Pingle wrote:
> To test:
>
> * Create a user + cert certificate in the same step on a system without the fix ... Viktor Gurov
01:13 AM Bug #11720: Unbound crashing and can't stay up: I fixed this but not sure what fixed it.
1) I changed listen interfaces to listen production and guest traffic and o... Xemanth -

03/23/2021

09:00 PM pfSense Packages Bug #11632: unbound service not restarted on pfBlocker-devel install/reinstall: Duplicate issue:
https://redmine.pfsense.org/issues/11398 BBcan177 .
03:24 PM Bug #11694: Upstream Gateway Not Being Set Repeatedly: Hi there,
Thanks for the patch ID, apologies it took so long to come back to you, yes - this patch has resolved th... Alasdair Corton
03:17 PM Bug #11720: Unbound crashing and can't stay up: Hmm that ipv6 is interesting. Do you think my system is affected even through I don't have any ipv6 interfaces? Xemanth -
03:14 PM Bug #11720: Unbound crashing and can't stay up: BBcan177 . wrote:
> If you set the Resolver Inbound/Outbound Interfaces to "All", does it still cause these errors?
... Xemanth -
01:19 PM Bug #11720: Unbound crashing and can't stay up: Also seeing this in your logs:... BBcan177 .
01:17 PM Bug #11720: Unbound crashing and can't stay up: If you set the Resolver Inbound/Outbound Interfaces to "All", does it still cause these errors?
I saw this FreeBSD... BBcan177 .
12:48 AM Bug #11720 (Rejected): Unbound crashing and can't stay up: Hi,
Last Sunday when I changed the verbosity level in OpenVPN configuration, Unbound started to crash like... a lo... Xemanth -
02:37 PM pfSense Docs Todo #11722 (Closed): LaTeX Error: Too deeply nested.: Apparently LaTeX has a nesting limit and the definition list here is too deeply nested: https://docs.netgate.com/pfse... Jared Dillard
12:02 PM pfSense Docs Correction #11647 (Closed): Feedback on Virtual Private Networks — IPsec — Routed IPsec (VTI): Merged. Jared Dillard
11:18 AM pfSense Packages Feature #10859: Add avahi filtering feature to pfSense: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/76 Viktor Gurov
11:15 AM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs: I can concur that with 2 Wan Interfaces (different subnet in our case), with DMZ and LAN networks that traffic coming... Gerald Drouillard
09:57 AM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs: Thanks for that.
The only progress I can report so far is that this demonstrates that the initial SYN arrives and ... Kristof Provost
08:38 AM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs: last known working version is 2.4.5p1
No ETA on this, nor known workaround yet.
Grzegorz Krzystek
08:34 AM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs: Netgate XG-1537
21.02-RELEASE-p1 (amd64)
built on Mon Feb 22 09:39:51 EST 2021
FreeBSD 12.2-STABLE
2 x WAN wi... Svein Wisnaes
07:49 AM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs: please check your mailbox ;) Grzegorz Krzystek
07:44 AM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs: Yes, that's the setup I have, and I'm unable to reproduce the problem. The port forwarding just work on both WAN and ... Kristof Provost
05:44 AM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs: What is funny is it need to be related with routing.
reflection nat works. this is impacting only when connection ca... Grzegorz Krzystek
05:33 AM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs: Kristof Provost wrote:
> With a PPPoE setup I still can't reproduce the problem. Along with the latest report that's... Grzegorz Krzystek
05:22 AM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs: With a PPPoE setup I still can't reproduce the problem. Along with the latest report that's fairly strong evidence th... Kristof Provost
09:52 AM Regression #11710 (Resolved): PHP error when resetting log files: Renato Botelho
09:15 AM Regression #11710: PHP error when resetting log files: Renato Botelho wrote:
> Bearny B. wrote:
> > Renato Botelho wrote:
> > > PR merged and cherry-picked to 2.5.1
> >... B. B.
06:38 AM Regression #11710: PHP error when resetting log files: BaB Rex wrote:
> Renato Botelho wrote:
> > PR merged and cherry-picked to 2.5.1
>
> Tested on latest snapshots o... Renato Botelho
03:17 AM Regression #11710: PHP error when resetting log files: Renato Botelho wrote:
> PR merged and cherry-picked to 2.5.1
Tested on latest snapshots on 2.5.1 RC and 2.6.0 DEV... B. B.
06:38 AM Bug #11428 (Resolved): CPU details are incorrect in the System Information widget after resetting log files: Renato Botelho
03:06 AM Bug #11428: CPU details are incorrect in the System Information widget after resetting log files: Bearny B. wrote:
> Some CPU Type information disappear after reset the log files under Status.
> This happen on VMW... B. B.
01:09 AM Bug #11721 (Rejected): NAT redirecting traffic to incorrect interface address: Good evening,
To be clear upfront, this is not currently impacting me any longer. I decided to write up the detai... Adam McLellan

03/22/2021

10:48 PM pfSense Packages Feature #11719 (Rejected): ACME - Create script for DNSExit API: Link to tech docs.
https://www.dnsexit.com/dns/dns-api/
This is out of my wheelhouse so any assistance would be... Mike McV
04:43 PM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs: I am not using PPPOE. Both WANs are DHCP. My config attached. Rick Strangman
11:45 AM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs: Thanks. I've not immediately spotted anything suspect in there.
However, it appears that all reports of this issue... Kristof Provost
08:48 AM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs: I've so far been unable to reproduce this problem.
It's possible that I'm missing some relevant factor in my setup. ... Kristof Provost
02:26 PM Revision bc8dbe9e: Fix PHP error on Reset Log Files. Issue #11710: (cherry picked from commit 5800b750ef69db5dbf8c7a274ee297af6acc7d02) Viktor Gurov
02:26 PM Revision 5800b750: Fix PHP error on Reset Log Files. Issue #11710: Viktor Gurov
02:17 PM Bug #11718 (Resolved): XMLRPC Client does not honor its default timeout value: I have traced an XMLRPC problem where I got a systematic mysterious error when starting a sync between my firewalls (... Vincent Caron
12:54 PM Revision cc807fbf: route_add_or_change() add linklocal gateway scope. Fixes #11713: (cherry picked from commit cca31114b0ac041e41865c586d587558f82979d6) Viktor Gurov
10:21 AM Bug #11454 (Resolved): Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: It seems to be resolved now. Renato Botelho
09:58 AM pfSense Plus Regression #11689 (Resolved): LEDs do not indicate available upgrade status: Confirmed working on latest snapshot Renato Botelho
09:52 AM Revision cca31114: route_add_or_change() add linklocal gateway scope. Fixes #11713: Viktor Gurov
09:32 AM Regression #11443 (Resolved): Disabling 'State Table Size' in the System Information widget prevents other data from being displayed: Renato Botelho
09:26 AM Regression #11710 (Feedback): PHP error when resetting log files: PR merged and cherry-picked to 2.5.1 Renato Botelho
01:38 AM Regression #11710: PHP error when resetting log files: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/199 Viktor Gurov
09:25 AM Bug #11602 (Resolved): Delayed packet transmission in cxgbe driver can lead to latency and reduced performance: Renato Botelho
07:54 AM Bug #11713 (Feedback): Error when deleting IPv6 link-local routes: PR merged and cherry-picked to 2.5.1 Renato Botelho
05:04 AM Bug #11713: Error when deleting IPv6 link-local routes: route_add_or_change() doesn't add linklocal scope part to the `route` command:... Viktor Gurov
01:39 AM Bug #11713: Error when deleting IPv6 link-local routes: For similar questions
[[https://forum.netgate.com/topic/161375/pf2-6-report/13]]
[[https://redmine.pfsense.org/... yon Liu
06:06 AM Bug #11717 (New): Incorrect port forwarding rules if Destination port alias is not equal to Redirect target port alias: If Destination port alias and Redirect target port alias contains different ports,
incorrect port forwarding rules a... Viktor Gurov
05:13 AM Bug #11149 (New): DHCP relay won't start with DHCP server behind gateway: seems another issue
related to #9466 and #10416 Viktor Gurov
03:25 AM Bug #11149: DHCP relay won't start with DHCP server behind gateway: It seems that the "bug" has indeed something to do with Outgoing NAT & dhcrelay. When starting from commandline dhcre... Mark Lavrijsen
04:15 AM Regression #11524: Using SHA1 or SHA256 with AES-NI may fail if AES-NI attempts to accelerate hashing: We've hit this after upgrade from 2.4.5 to 2.5.0 on our two SG-5100 - was terribly difficult to figure it out, but th... Yury Zaytsev
02:53 AM pfSense Docs Todo #11716 (Resolved): Feedback on Network Address Translation — Port Forwards: *Page:* https://docs.netgate.com/pfsense/en/latest/nat/port-forwards.html
*Feedback:*
Add a note that if the re... Viktor Gurov
01:45 AM Bug #11708 (Rejected): WOL wakes ALL devices when trying to wake up ONE device: Fixed in 2.5.1/2.6 Viktor Gurov
01:40 AM Bug #11709 (Duplicate): Crash in 2.5.1.r.20210320.0824: Kristian Krautwald wrote:
> > Can you provide more information on your syslog config (if any) and any reproduction i... Viktor Gurov
01:35 AM Bug #11715 (New): OpenVPN MTU: when i setup openvpn config link-mtu 1500 and No matter you choose any Allow Compression, then openvpn interface mtu ... yon Liu
01:32 AM Bug #11105: IPv6 RA RDNSS lifetime is too short, not compliant with RFC 8106: works as expected,
but now shows warning in routing.log:... Viktor Gurov
01:15 AM Bug #11707 (Duplicate): IPv4 /8 or above Static routing uses aliases: Duplicate of #11599 Viktor Gurov

03/21/2021

05:58 PM pfSense Docs New Content #11714 (Closed): Add section about the correct addresses to use for failover peers when Troubleshooting High Availability DHCP Failover: *Page:* https://docs.netgate.com/pfsense/en/latest/troubleshooting/ha-dhcp-failover.html
*Feedback:*
I had acci... Benjamin Pettinen
12:08 PM Bug #11713 (Closed): Error when deleting IPv6 link-local routes: /system.php: The command '/sbin/route -q delete -host -inet6 2001:4860:4860::8844 'fe80::4e6d:58ff:fe4a:97d4'' return... Kristian Krautwald
11:18 AM Bug #11709: Crash in 2.5.1.r.20210320.0824: > Can you provide more information on your syslog config (if any) and any reproduction instructions if you have them?... Kristian Krautwald
10:36 AM Bug #11712 (Rejected): Interface can't be switched to an available network port igb3: I have a generic (QOTOM-Q355G4) pfSense box with 4 NICs and network assignment as the following:
WAN - igb0
LAN ... Yuri Weinstein
07:04 AM Regression #11316: Unbound crashes with signal 11 when reloading: Vaidotas, static DHCP should probably be used if you rely on hostnames so much. The feature in general has been the ... Chris Collins
12:37 AM Regression #11316: Unbound crashes with signal 11 when reloading: Chris Collins wrote:
> I hope the decision is not made to roll back unbound, as its just going back to old code, whe... Vaidotas Butkus

03/20/2021

09:52 PM Regression #11443: Disabling 'State Table Size' in the System Information widget prevents other data from being displayed: Tested on pfSense Plus 21.02p2 and this works on here again as well. Kris Phillips
09:18 PM pfSense Plus Bug #11630: WireGuard MultiWAN Not Failing Back to Tier 1: Since Wireguard is being removed from the next release, this bug report should be closed out as Rejected. Kris Phillips
09:14 PM pfSense Plus Bug #11673: Thermal Sensors Non-functional on SG-3100: Important to note that this seemed to work fine in the 2.4.5p1 images. Its just the newer release that has issues. Kris Phillips
08:32 PM Bug #11691: WireGuard MSS Clamping and TCP traffic issues after reboot.: Should this be closed out considering WireGuard is being pulled? Michael Spears
08:30 PM Bug #11709: Crash in 2.5.1.r.20210320.0824: Kristian Krautwald wrote:
> Crash report begins. Anonymous machine information:
> amd64
> 12.2-STABLE
> FreeBSD ... Michael Spears
02:10 PM Bug #11709 (Duplicate): Crash in 2.5.1.r.20210320.0824: Crash report begins. Anonymous machine information:
amd64
12.2-STABLE
FreeBSD 12.2-STABLE cb7f262d547(RELENG_2_5_... Kristian Krautwald
07:11 PM pfSense Packages Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port: Yuran Yastreb wrote:
> Edgardo Rodriguez wrote:
> > Jim Pingle wrote:
> > > No, but since you compiled it on a dif... Edgardo Rodriguez
11:47 AM pfSense Packages Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port: Edgardo Rodriguez wrote:
> Jim Pingle wrote:
> > No, but since you compiled it on a different system and nobody els... Yuran Yastreb
06:42 PM pfSense Packages Bug #11711 (Resolved): New Squid Status Page Non-Functional: Under Services --> Squid --> Status, the page does not load or work on 21.02 of 2.5 of pfSense and pfSense Plus. The... Kris Phillips
05:59 PM Regression #11710 (Resolved): PHP error when resetting log files: I got this error message after i press RESET LOG FILES under status.
Same error on 2.6.0 DEV too. (latest snapshot)
... B. B.
02:19 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: All is good on my installation ...
Thank you to everyone for the help. Mike McV
12:49 PM Bug #11602: Delayed packet transmission in cxgbe driver can lead to latency and reduced performance: Wanted to provide feedback that this looks be resolved in the latest 2.5.1 snapshots:
*Before: 2.5.0-RELEASE*
<... Timo M
11:10 AM pfSense Packages Feature #11201 (Resolved): Show iTLD Allow IDN domains: Tested on pfBlockerNG-devel 3.0.0_15 version.
It looks fine, the Total TLD Count is included and works as expecte... Danilo Zrenjanin
10:50 AM Bug #11299 (Resolved): Unused L2TP VPN files are not removed when the service is disabled: Tested on the latest release.
The l2tp directory and the files have been deleted upon disabling the L2TP service.... Danilo Zrenjanin
10:44 AM Todo #11518: Move custom IPsec NAT-T port settings to Advanced Options: Tested on the latest release.
The custom IPSEC NAT-T port settings are located under VPN/IPsec/Advanced Settings.... Danilo Zrenjanin
10:35 AM pfSense Packages Feature #11520 (Resolved): Add 'explicit-exit-notify' option by default: Tested on the latest release.
OpenVPN - Client Export Utility adds explicit-exit-notify in the client configurati... Danilo Zrenjanin
09:07 AM Bug #11425 (Resolved): XMLRPC error with Captive Portal and CARP failover when GUI is on non-standard port: Tested in
2.5.1-RC (amd64)
built on Thu Mar 18 03:04:03 EDT 2021
FreeBSD 12.2-STABLE
It's fixed. The XMLRPC e... Max Leighton
08:55 AM Bug #11708 (Rejected): WOL wakes ALL devices when trying to wake up ONE device: Hi,
I've played with WOL a bit and found the following:
After waking up ALL devices ONCE, the URI changes to /s... Karl Fischer
08:52 AM Bug #11489 (Resolved): Invalid certificate data can cause a PHP error: Tested on
2.5.1-RC (amd64)
built on Thu Mar 18 03:04:03 EDT 2021
FreeBSD 12.2-STABLE
It works. The broken cer... Max Leighton
06:41 AM Bug #11707: IPv4 /8 or above Static routing uses aliases: test system version is:
2.6.0-DEVELOPMENT (amd64)
built on Fri Mar 19 01:04:20 EDT 2021
FreeBSD 12.2-STABLE yon Liu
06:38 AM Bug #11707 (Duplicate): IPv4 /8 or above Static routing uses aliases: When I delete the previously set static route using aliases 1.0.0.0/8 and 110.0.0.0/7 via wan,and also manually updat... yon Liu
03:04 AM Feature #9877: QEMU Guest Agent: Port was added to FreeBSD repository:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=254105
https://svnweb.fre... Maciej Czech

03/19/2021

08:58 PM pfSense Packages Bug #11515: node_exporter 0.18.1_1 - Unable to interact or start the service from web ui: I note at least two issues remaining.
First, the config file is in @/usr/local/etc/rc.conf.d/@, but that directory... Joel Holveck
07:26 PM Revision 02f44d9c: Remove WireGuard support: Out of an abundance of caution while we investigate the claims about
WireGuard in public, we need to remove it from p... Renato Botelho
07:25 PM Revision 281dede0: Remove WireGuard support: Out of an abundance of caution while we investigate the claims about
WireGuard in public, we need to remove it from p... Renato Botelho
07:21 PM Feature #9260: ssh_tunnel_shell: Disable console message output: I just upgraded to 2.5.0. I had regular users configured with the "User - System: SSH tunneling" permission, accessin... Carlos Man
03:33 PM Revision 4af6e7f6: Fix cert type handling during renewal. Fixes #11706: (cherry picked from commit 009a3d4e16d2905e01fbc0a7b6f53985af3afd09) Jim Pingle
03:32 PM Revision 009a3d4e: Fix cert type handling during renewal. Fixes #11706: Jim Pingle
03:28 PM Revision 73d4ea07: Add missing word to help text: Steve Beaver
03:13 PM Revision 937dbcc1: Fix user cert parameters when creating user+cert. Fixes #11705: (cherry picked from commit 0aa7f5a7ee5e7b5fd2292669cfc2dd7c420e04f7) Jim Pingle
03:12 PM Revision 0aa7f5a7: Fix user cert parameters when creating user+cert. Fixes #11705: Jim Pingle
01:33 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: I'll leave this open over the weekend to collect more feedback but I think at this point every problem scenario is so... Jim Pingle
01:27 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: RC worked great for me! dpinger works, and I could re-enable my traffic limiters (codel) with great success.
Thank... Jesse Beauclaire
12:41 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: Thank you Jim.
Moderator moved my original upgrade post on the forum to the snapshots section.
Updated to relea... Pete C
09:38 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: Pete C wrote:
> Tried the above diff patch on my 2.5.1 build with the RA checkbox thing and it did not change anythi... Jim Pingle
09:09 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: Thank you Renato.
f3488a18e3fc276b58ecc2aeb8f7471da9bd2088
Tried the above diff patch on my 2.5.1 build with th... Pete C
08:15 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: Pete C wrote:
> Jim Pingle wrote:
> > Applied in changeset commit:f3488a18e3fc276b58ecc2aeb8f7471da9bd2088.
>
> ... Renato Botelho
08:02 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: Jim Pingle wrote:
> Applied in changeset commit:f3488a18e3fc276b58ecc2aeb8f7471da9bd2088.
Will a different patch ... Pete C
07:25 AM Bug #11454 (Feedback): Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: Applied in changeset commit:f3488a18e3fc276b58ecc2aeb8f7471da9bd2088. Jim Pingle
07:17 AM Bug #11454 (In Progress): Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: OK I thought it was more subtle than that but you are right, I was able to replicate it by checking that box, and con... Jim Pingle
01:07 PM Revision ed16c6cf: Catch up with rename of Coreboot upgrade package to Firmware: (cherry picked from commit 99cef76e8e8f9d12ff0e0dfe1fba8f059b1806bd) Renato Botelho
12:19 PM Revision ec3fd7e5: Fix RA GW for "Do not wait for RA" path. Fixes #11454: (cherry picked from commit f3488a18e3fc276b58ecc2aeb8f7471da9bd2088) Jim Pingle
12:18 PM Revision f3488a18: Fix RA GW for "Do not wait for RA" path. Fixes #11454: Jim Pingle
11:01 AM Bug #11407 (Waiting on Merge): Removing a WireGuard tunnel in a middle position can break Add button behavior: Jim Pingle
10:55 AM Bug #11706: Renewing a certificate without a ``type`` value assumes a server certificate: To test:
* On a system without the fix, create test certificates:
* A user certificate with default settings ... Jim Pingle
10:40 AM Bug #11706 (Feedback): Renewing a certificate without a ``type`` value assumes a server certificate: Applied in changeset commit:009a3d4e16d2905e01fbc0a7b6f53985af3afd09. Jim Pingle
09:56 AM Bug #11706 (Closed): Renewing a certificate without a ``type`` value assumes a server certificate: When renewing a certificate, if the @type@ field is empty, the renewal process results in a certificate with its type... Jim Pingle
10:46 AM Bug #11705: Creating a certificate while creating a user does not fully configure the certificate properly: To test:
* Create a user + cert certificate in the same step on a system without the fix -- choose sha256 (default... Jim Pingle
10:20 AM Bug #11705 (Feedback): Creating a certificate while creating a user does not fully configure the certificate properly: Applied in changeset commit:0aa7f5a7ee5e7b5fd2292669cfc2dd7c420e04f7. Jim Pingle
09:55 AM Bug #11705 (Resolved): Creating a certificate while creating a user does not fully configure the certificate properly: When creating a certificate while creating a new user (not adding to an existing user), the resulting certificate is ... Jim Pingle
10:29 AM Feature #11556: Kill states using the pre-NAT address: I can confirm this is currently an issue. Marcos M
07:24 AM Bug #11704 (Pull Request Review): Stale hostname registration data for OpenVPN clients is not deleted from the DNS Resolver configuration at boot: Jim Pingle
02:25 AM Bug #11704: Stale hostname registration data for OpenVPN clients is not deleted from the DNS Resolver configuration at boot: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/198 Viktor Gurov
02:15 AM Bug #11704 (Resolved): Stale hostname registration data for OpenVPN clients is not deleted from the DNS Resolver configuration at boot: `/var/unbound/openvpn.*`files are not deleted after system reboot, resulting in incorrect/outdated DNS records Viktor Gurov
05:10 AM pfSense Packages Bug #11204 (Feedback): Fix net-snmp logging to syslog: Merged Viktor Gurov
05:09 AM pfSense Packages Bug #10990 (Feedback): net-snmp IPv6 listen address needs to be wrapped in square brackets: Merged Viktor Gurov
05:08 AM pfSense Packages Bug #11039 (Resolved): route-map not working if Address Family is enabled.: Viktor Gurov
04:14 AM Bug #11699: OpenVPN does not clean up parsed ``Cisco-AVPair`` rules on non-graceful disconnect: I think it is better to set the inactive timeout to the default value (like 300 seconds) for new instances
to cleanu... Viktor Gurov
01:53 AM Feature #11659: Support for UEFI HTTP Boot option in DHCPv4 Server: I would liek to see this feature introduced as I am running into issues with iPXE on my systems and I need to boot im... Nathan Revo

03/18/2021

10:32 PM Bug #11657: netmap_ring_reinit error: I'm on ESXi 7. I only noticed the following, though I'm thinking it's some Suricata setting I need to tune for the in... Marc 05
09:17 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: Paul K wrote:
> I did look at line 5091 but there was nothing on that line related to rtsold. Anyway, I think you ar... Flole Systems
08:45 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: Flole Systems wrote:
> I pointed out a possible cause for this 2 times now already and nobody seemed to care, so one... Paul K
08:32 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: Tested with the new RC build and it is working fine for me know. Thanks for fixing it Jim and Renato! Paul K
03:48 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: I pointed out a possible cause for this 2 times now already and nobody seemed to care, so one last time:
Flole S... Flole Systems
02:46 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: That's probably a bit tougher to replicate then. Like you said that's one for a new forum thread and likely a differe... Jim Pingle
02:33 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: After quite a bit of digging and capturing i think i have found the missing link to my scenario. I will also create t... Mike McV
11:56 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: Got the syntax correct on the rtsold, and running this from the CLI resolves the issue, but it does not survive a reb... Mike McV
11:43 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: Mike McV wrote:
> Is there a possibility the scripts are not happy with a Tagged LAGG interface.(Outside of my exper... Jim Pingle
10:56 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: Jim Pingle wrote:
> If i remove my static IPV6 monitor address Gateway monitoring stops working, but the protocol ... Mike McV
10:48 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: 2.5.1-RC-20210318-0300 resolved the IPv6 Gateway issue I was experiencing. Thanks for the fix! Greg Shaffer
10:13 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: Flole Systems wrote:
> Also in line 5091 of the interfaces.inc the -M flag is missing entirely, I think it should be... Flole Systems
10:11 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: Mike McV wrote:
> If i remove my static IPV6 monitor address Gateway monitoring stops working, but the protocol work... Jim Pingle
09:48 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: This (2.5.1.r.20210318.0300) did not resolve it for me.
If i remove my static IPV6 monitor address Gateway monitor... Mike McV
08:32 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: Jesse Beauclaire wrote:
> Hate to ask this here, but I am affected by this issue so it's sort of relevent... Can I u... Jim Pingle
08:31 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: Hate to ask this here, but I am affected by this issue so it's sort of relevent... Can I update to the RC without kil... Jesse Beauclaire
08:17 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: Working for me too now with 2.5.1.r.20210318.0300. Patrik Lundquist
08:08 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: The complete set of fixes is in the current RC build, so it's ready for others to test. It works for me that's me and... Jim Pingle
07:47 PM pfSense Packages Feature #11703 (New): add Krill and Routinator support BGP RPKI: From the perspective of safety and reliability, deploying your own RPKI facilities is the best option, so can these f... yon Liu
07:28 PM Revision 02ff3b5a: Fixed #11702 by revising ramdisk code: Steve Beaver
07:17 PM pfSense Packages Bug #11693: IPv6 static routing fails: !https://i.imgur.com/vm8NKfi.jpg! yon Liu
03:58 PM Revision 100b5040: Add missing global declaration: Add missing global declaration BBcan177 .
02:35 PM Regression #11702: RAM Disk Settings shows Kernel Memory at ``0`` Kb and does not allow the user to create RAM disks: Applied in changeset pfsense:commit:02ff3b5a91b3062cd4116fdf18af6e2d95cef86a. Anonymous
02:28 PM Regression #11702 (Feedback): RAM Disk Settings shows Kernel Memory at ``0`` Kb and does not allow the user to create RAM disks: Anonymous
01:45 PM Regression #11702 (Closed): RAM Disk Settings shows Kernel Memory at ``0`` Kb and does not allow the user to create RAM disks: Anonymous
02:24 PM Feature #11576: IPsec GUI option to control Child SA ``start_action``: Marcos Mendoza wrote:
> Something that's somewhat confusing (even now with "Child SA Close Action") is what exactly ... Jim Pingle
02:20 PM Feature #11576: IPsec GUI option to control Child SA ``start_action``: Something that's somewhat confusing (even now with "Child SA Close Action") is what exactly the default is. This coul... Marcos M
12:07 PM Bug #11699: OpenVPN does not clean up parsed ``Cisco-AVPair`` rules on non-graceful disconnect: Jim Pingle wrote:
> According to the OpenVPN docs and other posts I see, the disconnect script should be run even on... Viktor Gurov
11:39 AM Bug #11699: OpenVPN does not clean up parsed ``Cisco-AVPair`` rules on non-graceful disconnect: According to the OpenVPN docs and other posts I see, the disconnect script should be run even on ping timeout / uncle... Jim Pingle
09:28 AM Bug #11699 (Closed): OpenVPN does not clean up parsed ``Cisco-AVPair`` rules on non-graceful disconnect: There is a difference between a graceful and not graceful disconnect. We tested it last night where I just turn off ... Viktor Gurov
11:51 AM Bug #11672: when setup Static Routes use aliases,cannot automatically learn that the aliases ip list has changed: This problem also exists in using aliases in firewall rules yon Liu
11:47 AM pfSense Packages Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port: Jim Pingle wrote:
> No, but since you compiled it on a different system and nobody else had replicated it, it's unli... Edgardo Rodriguez
11:39 AM pfSense Packages Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port: No, but since you compiled it on a different system and nobody else had replicated it, it's unlikely to be related wi... Jim Pingle
11:35 AM pfSense Packages Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port: Jim Pingle wrote:
> We haven't evaluated that patch yet, but it's unlikely to make it into the next release this lat... Edgardo Rodriguez
08:00 AM pfSense Packages Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port: We haven't evaluated that patch yet, but it's unlikely to make it into the next release this late in the process. If ... Jim Pingle
11:38 AM pfSense Packages Bug #11696 (Feedback): SquidGuard Disable "Groups ACL" no work: Merged Viktor Gurov
08:01 AM pfSense Packages Bug #11696 (Pull Request Review): SquidGuard Disable "Groups ACL" no work: Jim Pingle
06:57 AM pfSense Packages Bug #11696: SquidGuard Disable "Groups ACL" no work: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/75 Viktor Gurov
06:47 AM pfSense Packages Bug #11696 (Resolved): SquidGuard Disable "Groups ACL" no work: https://forum.netgate.com/topic/162053/squidguard-disable-groups-acl-no-work-bug:
Pfsense 2.5.0
"Common ACL" is D... Viktor Gurov
11:03 AM Bug #11701: Missing global ``$g`` declaration in ``config.lib.inc`` function ``pfSense_clear_globals()``: PR: https://github.com/pfsense/pfsense/pull/4510 BBcan177 .
10:59 AM Bug #11701 (Resolved): Missing global ``$g`` declaration in ``config.lib.inc`` function ``pfSense_clear_globals()``: /etc/inc/config.lib.inc
Line: 1106
function pfSense_clear_globals() {
global $config, *$g,* $FilterIfList, $Gat... BBcan177 .
09:46 AM Bug #11700 (Pull Request Review): OpenVPN does not kill IPv6 client states on disconnect: Jim Pingle
09:44 AM Bug #11700: OpenVPN does not kill IPv6 client states on disconnect: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/197 Viktor Gurov
09:42 AM Bug #11700 (Closed): OpenVPN does not kill IPv6 client states on disconnect: openvpn.attributes.sh successfully kills all IPv4 states with:... Viktor Gurov
09:26 AM Bug #11698 (Pull Request Review): Incomplete PPPoE custom reset values lead to invalid cron entry: Jim Pingle
08:57 AM Bug #11698: Incomplete PPPoE custom reset values lead to invalid cron entry: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/196 Viktor Gurov
08:50 AM Bug #11698 (Closed): Incomplete PPPoE custom reset values lead to invalid cron entry: If you configure the "Custom Reset" option and only fill in the "Minutes" or "Hour" field, but not other fields,
an ... Viktor Gurov
08:13 AM Bug #11697 (Rejected): Status / System Logs doesn't show any logs after Upgrade 2.4.5 -> 2.5.0, works on fresh install: Unable to reproduce the problem here -- numerous systems have been upgraded from 2.4.5 to 2.5.0 and all have working ... Jim Pingle
08:10 AM Bug #11697 (Rejected): Status / System Logs doesn't show any logs after Upgrade 2.4.5 -> 2.5.0, works on fresh install: Dear all,
we've upgraded two pfSense VMs from 2.4.5 to 2.5.0. The upgrade worked, however, "Status / System Logs" ... Christian Strauf
07:52 AM Bug #11692: ``fixup_default_gateway()`` should not remove a default gateway managed by a dynamic routing daemon: Updating subject for release notes. Jim Pingle
07:47 AM Bug #11688 (Pull Request Review): Disabling all interfaces associated with a floating rule causes the firewall to generate an incorrect pf rule: Jim Pingle
07:38 AM pfSense Packages Bug #11695 (Feedback): PHP error in the last step of the wizard: Merged Renato Botelho
07:05 AM pfSense Packages Bug #11695: PHP error in the last step of the wizard: fix:
https://gitlab.netgate.com/pfSense/factory-ports/-/merge_requests/1 Viktor Gurov
06:06 AM pfSense Packages Bug #11695 (Resolved): PHP error in the last step of the wizard: I get the following error message when trying to create a VPN using the AWS wizard:... Viktor Gurov
06:03 AM Feature #11125: Kernel module for RTL8153 driver: Is there any chances that this modify will be insert into 2.5.1 release? Anonymous
05:49 AM Bug #11694: Upstream Gateway Not Being Set Repeatedly: Alasdair Corton wrote:
> The "Fix" link isn't working
>
> https://gitlab.netgate.com/pfSense/pfSense/-/merge_requ... Viktor Gurov
04:19 AM Bug #11694: Upstream Gateway Not Being Set Repeatedly: The "Fix" link isn't working
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/139 Alasdair Corton
04:08 AM Bug #11694 (Duplicate): Upstream Gateway Not Being Set Repeatedly: Duplicate of #11433 Viktor Gurov
03:39 AM Bug #11694 (Duplicate): Upstream Gateway Not Being Set Repeatedly: Hi all,
I have been experiencing a consistent issue with my pfSense virtual machine. My current set up is 2 ESXi h... Alasdair Corton
01:59 AM Regression #11433: Gateways with "Use non-local gateway" set are not added to routing table: Viktor Gurov wrote:
> works as expected on 2.5.1.r.20210314.2256:
> [...]
I tested this with 2.5.1.r.20210314.22... Andrew Murray
12:07 AM Revision c04b3a71: Skip floating rules with all interfaces disabled. Issue #11688: Prior to this change, if a floating rule had associated interfaces, but
they were all disabled, the rule would be gen... Jonathon Reinhart

03/17/2021

08:46 PM pfSense Packages Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port: Pippin MMD wrote:
> Asked on #openvpn-devel, this patch should fix this ticket:
> https://patchwork.openvpn.net/pat... Wesley Lucio dos Santos
07:01 AM pfSense Packages Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port: Pippin MMD wrote:
> Asked on #openvpn-devel, this patch should fix this ticket:
> https://patchwork.openvpn.net/pat... Edgardo Rodriguez
06:55 AM pfSense Packages Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port: Asked on #openvpn-devel, this patch should fix this ticket:
https://patchwork.openvpn.net/patch/1550/
It is not r... Pippin MMD
07:38 PM pfSense Packages Bug #11693 (Resolved): IPv6 static routing fails: ipv6 static routing rules do not work, when I setup 240e::/20 via wan dhcpv6 interface, but
it still via frr bgp oth... yon Liu
07:34 PM Bug #11692 (Resolved): ``fixup_default_gateway()`` should not remove a default gateway managed by a dynamic routing daemon: so I using frr bgp router,so I need disable and setup Default gateway IPv6 to none, but I config Default gateway IPv6... yon Liu
05:04 PM Revision 73617c4b: Add MVC wrapper to various functions used by firewall_nat*: Steve Beaver
02:19 PM Feature #11374: WireGuard Status in GUI: Current snapshot builds have a bit more info, but it's still limited in its usefulness since WireGuard is connectionl... Jim Pingle
02:17 PM Feature #11374: WireGuard Status in GUI: Thanks - completely understandable - perhaps as more wg features get exposed over time, some way of visually gauging ... Jum Pers
02:05 PM Bug #11691 (Closed): WireGuard MSS Clamping and TCP traffic issues after reboot.: Testing the latest development code (2.6.0.a.20210317.0100), upon reboot even though the MTU (as reported by Status>I... Christian McDonald
01:29 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: Adjusting subject again to reflect both problems that were fixed since they were close, potentially related, but not ... Jim Pingle
01:27 PM Bug #11454 (Feedback): Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: I've pushed rtsold fix to FreeBSD-src repository for all branches. It should be fine on next snapshot. Renato Botelho
01:15 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: OK I've tested with a patched rtsold on multiple systems and now I'm seeing the correct and expected behavior all aro... Jim Pingle
11:22 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: Running rtsold manually, as Paul K (Thanks!) did, I see the same results. Greg Shaffer
10:35 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: OK, so I did some sniffing and found that the systems I was observing had multiple devices on the segment responding ... Jim Pingle
12:10 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: Yeah, I guess it was already described. The way I read that post though is that it was patched to pass second argumen... Paul K
12:01 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: Exactly, and that was already described above. That's why I was wondering how this patch was supposed to fix it when ... Flole Systems
01:03 PM Regression #11316: Unbound crashes with signal 11 when reloading: Chris Collins wrote:
> I hope the decision is not made to roll back unbound, as its just going back to old code, whe... Jim Pingle
12:50 PM Regression #11316: Unbound crashes with signal 11 when reloading: I hope the decision is not made to roll back unbound, as its just going back to old code, when the better decision mi... Chris Collins
03:29 AM Regression #11316: Unbound crashes with signal 11 when reloading: Jim Pingle wrote:
> Updating subject for release notes.
>
> If Unbound doesn't find/fix the issue in 1.13.1 soon ... Vaidotas Butkus
12:11 PM Bug #11474 (Resolved): Broken help link on IPsec Advanced Settings tab: Thanks! Jim Pingle
12:09 PM Bug #11474: Broken help link on IPsec Advanced Settings tab: I can confirm this is working for me on a SG-5100 running 21.02.2 RC build 17 March 0300. Touching the help icon brin... Nick Goehring
11:55 AM Feature #11690: Add an option to rescan PCI buses to allow NIC hotplug: The probe order for >4 NICs is a well documented issue with ESX across multiple operating systems. It may not affect ... Jim Pingle
11:53 AM Feature #11690: Add an option to rescan PCI buses to allow NIC hotplug: Hi Jim, thanks for the explanation.
If I understand correctly, the problem would only occur if I add more than 4 NIC... Louis Sautier
11:47 AM Feature #11690 (Rejected): Add an option to rescan PCI buses to allow NIC hotplug: I don't think we'd ever recommend doing that. If you must, you can run the command manually, but there could be drast... Jim Pingle
11:18 AM Feature #11690 (Rejected): Add an option to rescan PCI buses to allow NIC hotplug: Hi,
Would it be possible to add an option to rescan PCI buses? Maybe just a playback command would be enough.
I a... Louis Sautier
10:44 AM Feature #7077 (Resolved): Display negotiated data encryption algorithm in OpenVPN connection status: Jim Pingle
10:25 AM pfSense Plus Regression #11689: LEDs do not indicate available upgrade status: Relevant commits:
https://gitlab.netgate.com/pfSense/factory/-/commit/2add5e3aaaa59a66b2de8789b39b61efff27dfb8
ht... Jim Pingle
10:07 AM pfSense Plus Regression #11689: LEDs do not indicate available upgrade status: I committed another change to use the middle LED for this rather than overloading the use of the ready LED, since the... Jim Pingle
09:41 AM pfSense Plus Regression #11689 (Feedback): LEDs do not indicate available upgrade status: Fix committed, should be in tomorrow's image Jim Pingle
08:44 AM pfSense Plus Regression #11689 (Resolved): LEDs do not indicate available upgrade status: LEDs are not being updated when a new upgrade is available.
Only affects Plus.
Variable in @etc/rc.update_pkg_m... Jim Pingle
02:52 AM Bug #11352: CTF types > 2^15 in the pfSense kernel config results in DTrace failing: With all SCSI and RAID drivers from GENERIC, this pulled back the number of types to 28890.
Perhaps a few modern SCS... Peter Grehan

03/16/2021

11:50 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: I think I might have found the problem.
First of all, I stated incorrectly in my previous post that "/var/etc/dhcp... Paul K
07:42 PM Bug #11454 (In Progress): Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: Flole Systems wrote:
> No surprise that didn't fix it, where should that second argument be coming from? Its never p... Jim Pingle
07:38 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: No surprise that didn't fix it, where should that second argument be coming from? Its never passed to the managedconf... Flole Systems
02:34 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: The 2.5.1-RC did not resolve the gateway issue. Thread started on the forum. Greg Shaffer
12:39 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: Please direct all feedback to threads on the forum category for Plus 21.02.2 / CE 2.5.1 at https://forum.netgate.com/... Jim Pingle
11:48 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: I restored the original interfaces.inc, applied the patch and rebooted my system. Doesn't look like it fixed the issu... Greg Shaffer
11:36 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: At a minimum you have to Edit/Save/Apply on the affected WAN interface after changing the gateway, otherwise it won't... Jim Pingle
11:34 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: I tried applying this as a patch to my 2.5 box... the patch tested properly and applied without issue, but after remo... Anonymous
08:10 AM Bug #11454 (Feedback): Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: Applied in changeset commit:78ca7d58c6cc706b5c6aeb8c00c6b4e2b5c841cd. Jim Pingle
08:06 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: Updating subject for release notes and to more accurately reflect the nature of the problem. Jim Pingle
07:53 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: To me, I have a fix. Jim Pingle
10:44 PM Bug #11688: Disabling all interfaces associated with a floating rule causes the firewall to generate an incorrect pf rule: I opened a GitHub pull request: https://github.com/pfsense/pfsense/pull/4509 Jonathon Reinhart
10:31 PM Bug #11688 (Closed): Disabling all interfaces associated with a floating rule causes the firewall to generate an incorrect pf rule: h1. TL;DR
If a floating rule is associated with interfaces, but none of them are enabled, the generated rule incor... Jonathon Reinhart
07:28 PM pfSense Packages Feature #11573: Custom Commands: Maybe web terminal is option here you wanted to ask, but pfsense already allow you run commands, not predefined one DRago_Angel [InV@DER]
07:11 PM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs: I have the same problem with 21.02. No VPN's just straight multi-wan. WAN2 (non-default) responds to a ping and works... Rick Strangman
03:27 PM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs: Sounds like it may be related to my issue as well (#11630). It was working normally on my daily build from January du... James Blanton
06:49 PM Revision 5effaab2: Merge pull request #4503 from nraven777/patch-1: Renato Botelho
06:49 PM Revision e04e15e4: Merge pull request #4508 from thomasloven/patch-1: Renato Botelho
06:47 PM Revision 1a7bff1d: Merge pull request #4502 from znerol-forks/fix/master/deprecate-prefix-of-when-ra-srcaddr-set: Renato Botelho
06:33 PM Revision 3c4fc240: Revert changes for issue #11091: Negatively impacts parent interfaces, needs more work. Jim Pingle
05:56 PM Revision 0a0a3e17: set_curlproxy() fixes. Issue #11476: (cherry picked from commit 75a3b0decc8e26e42cdc04f84d7a1a806c922f5a) Viktor Gurov
05:05 PM pfSense Packages Bug #11687: Fix download URLs for SecuriteInfo.com: A pull request fixing this bug can be found on "GitHub":https://github.com/pfsense/FreeBSD-ports/pull/1055. Markus *
04:55 PM pfSense Packages Bug #11687 (Resolved): Fix download URLs for SecuriteInfo.com: The download URLs for the SecuriteInfo.com databases in the freshclam configuration are missing the SecuriteInfo.com ID. Markus *
04:59 PM Feature #7077: Display negotiated data encryption algorithm in OpenVPN connection status: Can confirm this is working for me on a SG-5100 running 21.02.2 RC. When connected with my android device, I navigate... Nick Goehring
04:33 PM pfSense Packages Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port: Well, confirmed what I stated before,
*enable_async_push=yes* breaks reconnect process when using server with UDP a... Edgardo Rodriguez
03:29 PM pfSense Packages Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port: I found that, using tcp server mode reconnection works as expected (without needing to set lport 0, or nobind, or any... Edgardo Rodriguez
03:59 PM pfSense Packages Bug #11686 (Resolved): FRR generated ACCEPTFILTER permit statement broken: When the ACCEPTFILTER is generated all goes well except the last line which is ip prefix-list ACCEPTFILTER seq 10 per... Robert Sailer
03:19 PM Revision 75a3b0de: set_curlproxy() fixes. Issue #11476: Viktor Gurov
03:08 PM Regression #11570: Gateway monitoring services is not always restarted on interface events, which may prevent a WAN from recovering back to an online state: Viktor Gurov wrote:
> M L wrote:
> > *Failover back to main, not so great:*
> > # Plug in WAN1
> > # WAN1 interfa... James Blanton
01:54 PM pfSense Packages Bug #11680 (Feedback): Saving HAProxy FrontEnd description with umlauts causes configuration restore: PR has been merged. Thanks! Renato Botelho
10:48 AM pfSense Packages Bug #11680 (Pull Request Review): Saving HAProxy FrontEnd description with umlauts causes configuration restore: Jim Pingle
04:07 AM pfSense Packages Bug #11680: Saving HAProxy FrontEnd description with umlauts causes configuration restore: fix:
https://github.com/pfsense/FreeBSD-ports/pull/1054 Viktor Gurov
12:07 AM pfSense Packages Bug #11680: Saving HAProxy FrontEnd description with umlauts causes configuration restore: similar to #10442 Viktor Gurov
12:06 AM pfSense Packages Bug #11680 (Resolved): Saving HAProxy FrontEnd description with umlauts causes configuration restore: https://forum.netgate.com/topic/162010/saving-haproxy-config-causes-config-restore:
On pfSense 2.5.0, HAProxy, i t... Viktor Gurov
01:53 PM pfSense Packages Bug #11640 (Feedback): Ntopng configuration and data loss when shutting down Redis: PR has been merged. Thanks! Renato Botelho
01:50 PM Feature #11264 (Feedback): Redirect Captive Portal users to login page after they logout: PR has been merged. Thanks! Renato Botelho
01:50 PM Bug #11667 (Feedback): Automatic 25-day forced Dynamic DNS update removes wildcard domain: PR has been merged. Thanks! Renato Botelho
01:48 PM Feature #11103: Use virtual link local IP address as RA source address for HA environments: MErged. Thanks! Renato Botelho
01:34 PM Bug #11091: Interfaces set as disabled in the configuration have an UP status in the operating system at boot: I backed the change out of RELENG_2_5_1, moving target forward.
Jim Pingle
01:25 PM Bug #11091 (In Progress): Interfaces set as disabled in the configuration have an UP status in the operating system at boot: I think this may need some refinement as it could interfere with other things. If you have an interface assigned but ... Jim Pingle
01:13 PM Revision 919545c4: Finish refactoring firewall_NAT* for MVC: Steve Beaver
01:01 PM Revision 77abcd71: Only write DHCP6 gw when given a value. Fixes #11454: (cherry picked from commit 78ca7d58c6cc706b5c6aeb8c00c6b4e2b5c841cd) Jim Pingle
12:59 PM Revision 78ca7d58: Only write DHCP6 gw when given a value. Fixes #11454: Jim Pingle
12:56 PM Bug #11476 (Feedback): Telegram and Pushover notification API calls do not respect proxy configuration: Merged and cherry-picked to 2.5.1 Renato Botelho
11:33 AM Bug #11476 (Pull Request Review): Telegram and Pushover notification API calls do not respect proxy configuration: Jim Pingle
10:23 AM Bug #11476 (New): Telegram and Pushover notification API calls do not respect proxy configuration: some errors:... Viktor Gurov
12:42 PM Revision ad0c2928: Add 2.5.1-RC repository: Renato Botelho
12:42 PM Revision 11208036: Add 2.5.1-RC repository: Renato Botelho
12:39 PM Revision bc85c456: Add 2.5.1-RC repository: Renato Botelho
12:22 PM Revision ac37d85c: Set correct WireGuard interface MTU on boot/config changes. Fixes #11482: (cherry picked from commit 5b141e80eca7718043a83bb690dfe2d8db04ee87) Viktor Gurov
12:22 PM Revision 5b141e80: Set correct WireGuard interface MTU on boot/config changes. Fixes #11482: Viktor Gurov
12:22 PM Revision 6ba95044: Reject IPv4-mapped IPv6 addresses on Mobile IPsec DNS server input validation. Fixes #11446: (cherry picked from commit 90fd68c6d42a25db20147dd455fc2701599b9c7d) Viktor Gurov
12:21 PM Revision 90fd68c6: Reject IPv4-mapped IPv6 addresses on Mobile IPsec DNS server input validation. Fixes #11446: Viktor Gurov
11:46 AM Bug #11685: PHP error if ``PHP_error.log`` file is too large: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/195 Viktor Gurov
11:46 AM Bug #11685 (Pull Request Review): PHP error if ``PHP_error.log`` file is too large: Jim Pingle
11:35 AM Bug #11685 (Closed): PHP error if ``PHP_error.log`` file is too large: Unable to load crash dump files if PHP_error.log is too large:... Viktor Gurov
11:29 AM Todo #11684 (Pull Request Review): Set ``explicit-exit-notify`` option by default for new OpenVPN server instances: Jim Pingle
10:54 AM Todo #11684: Set ``explicit-exit-notify`` option by default for new OpenVPN server instances: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/194
see also #11520 and #11521
Viktor Gurov
10:50 AM Todo #11684 (Resolved): Set ``explicit-exit-notify`` option by default for new OpenVPN server instances: https://openvpn-users.narkive.com/bjhC5hVo/tls-error-local-remote-tls-keys-are-out-of-sync#post8:
Suppose you have a... Viktor Gurov
10:57 AM Regression #11433 (Resolved): Gateways with "Use non-local gateway" set are not added to routing table: works as expected on 2.5.1.r.20210314.2256:... Viktor Gurov
10:50 AM pfSense Packages Bug #11683 (Pull Request Review): Certificate Manager page doesn't show FreeRADIUS used certificates: Jim Pingle
06:26 AM pfSense Packages Bug #11683: Certificate Manager page doesn't show FreeRADIUS used certificates: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/74 Viktor Gurov
05:39 AM pfSense Packages Bug #11683 (Resolved): Certificate Manager page doesn't show FreeRADIUS used certificates: On the system_certmanager.php page, you can see the "In Use" column which reflects the certificates used by IPsec/Ope... Viktor Gurov
10:49 AM pfSense Packages Bug #11682 (Pull Request Review): Certificate Manager page do not show STunnel used certificates: Jim Pingle
05:35 AM pfSense Packages Bug #11682: Certificate Manager page do not show STunnel used certificates: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/73 Viktor Gurov
05:33 AM pfSense Packages Bug #11682 (Resolved): Certificate Manager page do not show STunnel used certificates: On the system_certmanager.php page, you can see the "In Use" column which reflects the certificates used by IPsec / O... Viktor Gurov
10:35 AM Bug #11403 (Resolved): DNS Resolver does not add a ``local-zone`` type for ``ip6.arpa`` domain override: works as expected on 2.5.1.r.20210314.2256:... Viktor Gurov
10:25 AM Bug #11624 (Resolved): Typo on Router Advertisements page: ok on 2.5.1.r.20210314.2256 Viktor Gurov
10:15 AM pfSense Packages Bug #11366 (Pull Request Review): Arpwatch Cron Notification every 15 minutes: Jim Pingle
02:07 AM pfSense Packages Bug #11366: Arpwatch Cron Notification every 15 minutes: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/72 Viktor Gurov
10:15 AM Bug #11678 (Pull Request Review): Certificate Manager does not report Unbound as using a certificate: Jim Pingle
01:59 AM Bug #11678: Certificate Manager does not report Unbound as using a certificate: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/191 Viktor Gurov
10:13 AM pfSense Packages Bug #11681 (Pull Request Review): FRR generates invalid BFD configuration after removing interfaces: Jim Pingle
12:49 AM pfSense Packages Bug #11681: FRR generates invalid BFD configuration after removing interfaces: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/71 Viktor Gurov
12:17 AM pfSense Packages Bug #11681 (Resolved): FRR generates invalid BFD configuration after removing interfaces: If you create a BFD peer configuration and set the Interface option to a value other than "Default",
and then remove... Viktor Gurov
10:08 AM Regression #11447: EAP-RADIUS Mobile IPsec clients with RADIUS-assigned addresses do not get additional configuration attributes: If it needs that kind of more involved work then we can look at it deeper for the next release after this. Jim Pingle
08:17 AM Regression #11447: EAP-RADIUS Mobile IPsec clients with RADIUS-assigned addresses do not get additional configuration attributes: Jim Pingle wrote:
> To test:
>
> * Setup mobile IPsec using IKEv2 and EAP-RADIUS against a RADIUS server
> * Lea... Viktor Gurov
09:54 AM Bug #11464 (Resolved): Requests to ``ews.netgate.com`` do not honor proxy configuration: works as expected on 2.5.1.r.20210314.2256:
I see ... Viktor Gurov
09:27 AM pfSense Packages Bug #11585: WireGuard kernel panic when changing peer port on assigned WireGuard interface: I can test whenever this hits the dev snaps. I assume this is incubating in 2.6 devl?
I'm not sure what you can di... Christian McDonald
08:10 AM pfSense Packages Bug #11585 (Feedback): WireGuard kernel panic when changing peer port on assigned WireGuard interface: Many wg fixes were cherry-picked from upstream. This must be tested again Renato Botelho
08:10 AM Bug #11538 (Feedback): WireGuard Panic: Many wg fixes were cherry-picked from upstream. This must be tested again Renato Botelho
08:10 AM Bug #11586 (Feedback): WireGuard panic when saving many times in a row: Many wg fixes were cherry-picked from upstream. This must be tested again Renato Botelho
07:42 AM pfSense Docs Correction #11647: Feedback on Virtual Private Networks — IPsec — Routed IPsec (VTI): https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/10 Viktor Gurov
07:39 AM pfSense Docs Correction #11649 (Resolved): Feedback on System Monitoring — Routing Logs: PR merged and deployed Jim Pingle
07:35 AM pfSense Docs Correction #11649: Feedback on System Monitoring — Routing Logs: https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/9 Viktor Gurov
07:30 AM Bug #11482: WireGuard interfaces do not always have proper MTU applied: Applied in changeset commit:5b141e80eca7718043a83bb690dfe2d8db04ee87. Viktor Gurov
07:23 AM Bug #11482 (Feedback): WireGuard interfaces do not always have proper MTU applied: Merged and cherry-picked to 2.5.1 Renato Botelho
07:30 AM Bug #11446: Mobile IPsec DNS server input validation does not reject unsupported IPv4-mapped IPv6 addresses: Applied in changeset commit:90fd68c6d42a25db20147dd455fc2701599b9c7d. Viktor Gurov
07:23 AM Bug #11446 (Feedback): Mobile IPsec DNS server input validation does not reject unsupported IPv4-mapped IPv6 addresses: Merged and cherry-picked to 2.5.1 Renato Botelho
06:13 AM pfSense Packages Bug #11610: NET-SNMP is not setting the correct permissions on AgentX: I *think* the issue is somewhere in here */usr/local/pkg/frr.inc*
in the segment as follows:... Yif Swery
05:58 AM pfSense Packages Bug #11610: NET-SNMP is not setting the correct permissions on AgentX: Viktor Gurov wrote:
> Unable to reproduce with FRR pkg 1.1.0_8 -
> frr starts successfully with the "Enable agentx"... Yif Swery

03/15/2021

10:29 PM pfSense Packages Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port: Jim Pingle wrote:
> If an OpenVPN client reconnects immediately after disconnecting, in certain cases it cannot pass... Edgardo Rodriguez
04:08 PM Revision 8e4d80e1: Revise target port error message: Steve Beaver
01:57 PM Revision 188456d0: Do not delete disabled routes on boot. Fixes #3709: (cherry picked from commit 6336607d28a014a3de1b4e873a6ab97b9a635a7f) Viktor Gurov
01:56 PM Revision 6336607d: Do not delete disabled routes on boot. Fixes #3709: Viktor Gurov
01:54 PM Revision 58832005: Shell LDAP authentication fix. Issue #11644: (cherry picked from commit 0c0b3a3d15e36fbba28937e6f4f6a41c61c984b3) Viktor Gurov
01:54 PM Revision 0c0b3a3d: Shell LDAP authentication fix. Issue #11644: Viktor Gurov
01:52 PM Revision c9f3f96a: Correct local IPv6 address for OpenVPN on 6RD/6to4 interfaces. Fixes #11674: (cherry picked from commit 1b59af4f44927e41fbe0bd64b9f737fc8dd32d33) Viktor Gurov
01:51 PM Revision 1b59af4f: Correct local IPv6 address for OpenVPN on 6RD/6to4 interfaces. Fixes #11674: Viktor Gurov
12:24 PM Revision be444914: Change OpenVPN auth to php-cgi for the time being. Fixes #4521: (cherry picked from commit 1bfdb794cb2a06932da0029ca37f9727c3f74274) Jim Pingle
12:24 PM Revision 1bfdb794: Change OpenVPN auth to php-cgi for the time being. Fixes #4521: Jim Pingle
09:42 AM Bug #11679 (Closed): Policy-based Routing (outbound) and port forwarding (inbound) "selectively" working through WG tunnel: This is my main thread about this issue: https://forum.netgate.com/topic/161293/policy-based-routing-outbound-and-por... Kevin Mychal Ong
09:18 AM Bug #11502: WireGuard ``matchaddr failed`` kernel messages in system log: Jim Pingle wrote:
> Adam Esslinger wrote:
> > I noticed that there were additional "LAN" network that weren't defin... Kevin Mychal Ong
09:05 AM Bug #3709: Disabled static route entries trigger 'route delete' error at boot: Applied in changeset commit:6336607d28a014a3de1b4e873a6ab97b9a635a7f. Viktor Gurov
08:56 AM Bug #3709 (Feedback): Disabled static route entries trigger 'route delete' error at boot: Merged and cherry-picked to 2.5.1 Renato Botelho
06:36 AM Bug #3709 (Pull Request Review): Disabled static route entries trigger 'route delete' error at boot: Jim Pingle
09:00 AM Bug #11674: OpenVPN binds to all interfaces when configured on a 6RD interface: Applied in changeset commit:1b59af4f44927e41fbe0bd64b9f737fc8dd32d33. Viktor Gurov
08:53 AM Bug #11674 (Feedback): OpenVPN binds to all interfaces when configured on a 6RD interface: Merged and cherry-picked to 2.5.1 Renato Botelho
06:16 AM Bug #11674 (Pull Request Review): OpenVPN binds to all interfaces when configured on a 6RD interface: Jim Pingle
08:55 AM Bug #11644 (Feedback): Unreachable LDAP server for SSH auth causes boot process to stop at 'Synchronizing user settings' and no user can login over SSH: Renato Botelho
08:55 AM Bug #11644: Unreachable LDAP server for SSH auth causes boot process to stop at 'Synchronizing user settings' and no user can login over SSH: Merged and cherry-picked to 2.5.1 Renato Botelho
06:40 AM Bug #11644 (Pull Request Review): Unreachable LDAP server for SSH auth causes boot process to stop at 'Synchronizing user settings' and no user can login over SSH: Jim Pingle
07:43 AM Bug #11678: Certificate Manager does not report Unbound as using a certificate: Not so critical we need to rush it into this release, but the next one, sure. Jim Pingle
07:41 AM Bug #11678 (Resolved): Certificate Manager does not report Unbound as using a certificate: If you enable SSL/TLS Service for local clients in Unbound you can select a certificate to use for that.
In the Ce... Steve Wheeler
07:30 AM Bug #4521: OpenVPN authentication and certificate validation fail due to size of data passed through ``fcgicli``: Applied in changeset commit:1bfdb794cb2a06932da0029ca37f9727c3f74274. Jim Pingle
07:28 AM Bug #4521 (Feedback): OpenVPN authentication and certificate validation fail due to size of data passed through ``fcgicli``: I pushed a change for both @ovpn_auth_verify@ and @ovpn_auth_verify_async@ to use @php-cgi@ for the time being, the c... Jim Pingle
07:26 AM Bug #11677 (Rejected): MultiWAN issue after upgrade to 2.5.0 - gets external WANIP but link down: This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
07:22 AM Bug #11677 (Rejected): MultiWAN issue after upgrade to 2.5.0 - gets external WANIP but link down: Hi there,
We upgraded our office pfSense instance from 2.4.5 to 2.5.0 last night, and lost WAN2 as a result. We get ... Michael Knowles
06:33 AM Bug #11675 (Pull Request Review): VLAN and QinQ edit pages allows selecting incompatible OpenVPN ``tun`` interfaces: Jim Pingle
06:32 AM pfSense Plus Bug #11673: Thermal Sensors Non-functional on SG-3100: I can reproduce it here even on a 21.02.2 snapshot. It's specific to the Thermal Sensors widget and not the temperatu... Jim Pingle
06:08 AM Bug #11663 (Duplicate): XMLRPC does not sync MSS clamping value under IPsec Advanced Settings tab: That is a better path forward Jim Pingle
06:07 AM Bug #11658 (Resolved): Ambiguous text in help and input validation error for system domain name: Jim Pingle
06:04 AM Regression #11475 (Feedback): Route tables with many entries can lead to PHP errors and timeouts when looking up routes: Luiz merged the PR and cherry-picked but needs confirmation that the fix is in and working in snapshots. Jim Pingle
06:02 AM Bug #11676 (Rejected): Kernel Panic with APU2 and Pfsense 2.5.0: Each of those panics has a completely different backtrace, and combined with the errors in the message buffer, I'm in... Jim Pingle
03:24 AM Bug #11676 (Rejected): Kernel Panic with APU2 and Pfsense 2.5.0: Hi all
I receive after upgrading to 2.5.0 Kernel Panics on APU2
with PFSense 2.5.0.
Thx in advance
admins Stefan Bühler
12:07 AM Revision c9b7ffc3: Merge pull request #187 from viktor/route_get_fix: Supress route no found error. Issue #11475
(cherry picked from commit f5ff5cdc369b494499db3f7aca4426952add59e3) Luiz Souza
12:01 AM Revision f5ff5cdc: Merge pull request #187 from viktor/route_get_fix: Supress route no found error. Issue #11475 Luiz Souza

Also available in: Atom

Project

General

Profile

pfSense

Activity

Activity

04/13/2021

04/12/2021

04/11/2021

04/10/2021

04/09/2021

04/08/2021

04/07/2021

04/06/2021

04/05/2021

04/04/2021

04/03/2021

04/02/2021

04/01/2021

03/31/2021

03/30/2021

03/29/2021

03/28/2021

03/27/2021

03/26/2021

03/25/2021

03/24/2021

03/23/2021

03/22/2021

03/21/2021

03/20/2021

03/19/2021

03/18/2021

03/17/2021

03/16/2021

03/15/2021