Activity

30 days up to

User

Subprojects

Activity

From 04/20/2021 to 05/19/2021

05/19/2021

10:12 PM Regression #11775: State counters not updating and always show 0/0 since last few updates: Was asked to test the latest release, as some counters were supposedly fixed in another part of the UI that may be re... Kris Phillips
07:52 PM Regression #11839: Panic on 21.05/2.6.0 snapshots when memory usage is high: Thanks. The majority of these are associated with the pf counter_u64 issue (anything with pf in the traceback).
Ho... Peter Grehan
10:04 AM Regression #11839: Panic on 21.05/2.6.0 snapshots when memory usage is high: Adding a few more I collected from a few misc installs during testing (some were deliberate crashes, others happened ... Jim Pingle
06:59 PM Revision d2eee7c8: Refactor firewall_nat_out for MVC: Steve Beaver
06:29 PM pfSense Packages Bug #11937 (Feedback): HAproxy "Use Client-IP" option breaks Captive Portal: Devices can access https sites without authenticating via Captive portal.
Enabling 'Use Client-IP to connect to back... David Quinn
02:59 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: As posted to https://forum.netgate.com/topic/163854/sg-3100-crash-on-upgrade-restore-when-using-url-tables-and-openvp... Arthur Wiebe
01:58 PM pfSense Packages Bug #11822 (Feedback): Upgrade ClamAV to 0.103.2: clam-av is on the required version in pfSense Plus 21.05. This is expected to be the same in 2.5.2.
On 21.05:
... Kris Phillips
10:44 AM Regression #11316 (Feedback): Unbound crashes with signal 11 when reloading: I've imported https://github.com/NLnetLabs/unbound/commit/ff6b527184b33ffe1e2b643db8a32fae8061fc5a into our devel bra... Renato Botelho
08:43 AM Feature #11935: Log external IP address of OpenVPN clients on connect and disconnect: The syslog entries are called on /etc/inc/openvpn.auth-user.php around lines 120 & 163 ("could not authenticate" & "a... Michael Novotny
07:51 AM Feature #11935: Log external IP address of OpenVPN clients on connect and disconnect: In theory it should be possible, but would need validation to ensure it works as desired.
The data should be avail... Jim Pingle
07:48 AM Feature #11935: Log external IP address of OpenVPN clients on connect and disconnect: Attached is what the syslog entry from graylog. Michael Novotny
07:43 AM Feature #11935 (Resolved): Log external IP address of OpenVPN clients on connect and disconnect: Would it be possible to add the IP address of the user when they are authenticated? This would assist with doing gra... Michael Novotny
08:12 AM pfSense Packages Bug #11936 (Incomplete): FRR does not connect BGP when using password: There isn't nearly enough information here to speculate about a cause. "It doesn't work" is not a complete bug report... Jim Pingle
08:09 AM pfSense Packages Bug #11936 (Incomplete): FRR does not connect BGP when using password: Unsecured BGP sessions work fine, however password protected BGP sessions which previously worked fine no longer work... Clint Guillot
07:58 AM Bug #11818 (Pull Request Review): Mixed use of aliases in a port range produces unloadable ruleset: Jim Pingle
04:59 AM Bug #11818: Mixed use of aliases in a port range produces unloadable ruleset: extra input validation:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/258 Viktor Gurov
07:43 AM Regression #11857: Match rules cause pf error parsing rules: match rules load OK on pfSense Plus snapshot 21.05.r.20210519.0300, there isn't a new CE snapshot yet that has the fi... Jim Pingle
05:44 AM Feature #9341: Support DNS Made Easy authentication without a username: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/259 Viktor Gurov
05:04 AM Feature #9262 (Duplicate): Strongswan DHCP plugin: duplicate of #8168 Viktor Gurov
04:05 AM pfSense Packages Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port: Combined with the duplicate-cn option, this problem is actually pretty bad. (At least I suspect we're having the sam... Harm V

05/18/2021

04:02 PM Regression #11839: Panic on 21.05/2.6.0 snapshots when memory usage is high: There are 3 signatures in the panics: I'd be interested in seeing more.
The KVM one is possibly fixed in FreeBSD-c... Peter Grehan
03:07 PM Regression #11839: Panic on 21.05/2.6.0 snapshots when memory usage is high: The attached configuration when loaded on a VM with 512MB of RAM can reproduce the panic reliably but with some varia... Jim Pingle
02:37 PM Bug #11934: IPSEC stops working on 2.5.1 running on Watchguard XTM 5: Apologies, it’s on the forum under IPSEC, someone else running same HW recorded same info, no other responses.
T... Paul Kennedy
02:29 PM Bug #11934: IPSEC stops working on 2.5.1 running on Watchguard XTM 5: We don't claim to officially support that hardware, so if it's hardware specific, there is nothing Netgate/pfSense ca... Jim Pingle
02:27 PM Bug #11934: IPSEC stops working on 2.5.1 running on Watchguard XTM 5: Sorry Jim, but thought that this was a bug - related to the 2.5.1 running on a specific hardware.....
Works fine o... Paul Kennedy
02:20 PM Bug #11934 (Not a Bug): IPSEC stops working on 2.5.1 running on Watchguard XTM 5: This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
02:15 PM Bug #11934 (Not a Bug): IPSEC stops working on 2.5.1 running on Watchguard XTM 5: I currently have 4 sites that were all running 2.4.5p1 pfSense with IPSEC connecting all together without any major i... Paul Kennedy
02:17 PM Revision 43f77699: Further simplify update check: Steve Beaver
02:13 PM Revision cbd12cad: Revise update check JSON format: Steve Beaver
01:39 PM pfSense Packages Bug #10937: HAProxy frontend and backend entry limit: Error still present on 21.02.2 using haproxy-devel.
Tested on 21.09.a.20210517.0100 and the issue persists, but ph... Marcos M
01:29 PM Bug #11897 (Closed): Language presented to user during upgrade is misleading: This looks good to me now.
Jim Pingle
01:21 PM Revision a343fe6c: Revert "IPsec Mobile EAP-RADIUS additional configuration fix. Issue #11447": This reverts commit b19bb32453fb69fe6ff4d340ff51f1a898bfc5b2. Jim Pingle
01:19 PM Revision 4dd71873: Back out recent changes in mobile IPsec: These changes led to the pool failing to load and thus clients could not
connect. Will revisit for future releases. A... Jim Pingle
12:47 PM Bug #11370 (Closed): firewall_aliases_edit.php is limited in the number of input entries it can save to an alias: This was originally tested with 2.4.5p1 and 2.5.0 iirc.
I can no longer reproduce this on 21.02.2, 21.05-RC, nor 2... Marcos M
12:30 PM Revision a33c0d88: Revert changes for issue #11091: Jim Pingle
12:10 PM Bug #9459: patch pf: silence a runtime warning pfr_update_stats: assertion failed.: I got same issue and i can confirm that after disabling nat reflection errors are gone.
Enabling it again, after s... Gerson Barreiros
11:01 AM Bug #4893 (Pull Request Review): Error loading rules when URL Table Ports content is empty: Jim Pingle
09:23 AM Bug #4893: Error loading rules when URL Table Ports content is empty: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/257 Viktor Gurov
10:48 AM Bug #11863 (Pull Request Review): Unable to create nested URL aliases: Jim Pingle
04:24 AM Bug #11863: Unable to create nested URL aliases: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/256
see also #1603 Viktor Gurov
10:47 AM Feature #10587 (Pull Request Review): UPnP/NAT-PMP STUN configuration options: Jim Pingle
02:41 AM Feature #10587: UPnP/NAT-PMP STUN configuration options: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/255 Viktor Gurov
10:15 AM Regression #11857 (Feedback): Match rules cause pf error parsing rules: Commit was merged, will test once it's in a build. Jim Pingle
06:47 AM Regression #11857: Match rules cause pf error parsing rules: Confirmed, and tracked down to a merge conflict. Fix pushed to the development branches, and merge request opened for... Kristof Provost
08:31 AM Bug #11891 (New): strongSwan configuration contains incorrect structure for mobile pool DNS records: Jim Pingle
08:24 AM Bug #11891: strongSwan configuration contains incorrect structure for mobile pool DNS records: Reverted RADIUS-specific parts of the change here for now, it was causing the configuration to fail. Can try again be... Jim Pingle
08:24 AM Regression #11447 (New): EAP-RADIUS Mobile IPsec clients with RADIUS-assigned addresses do not get additional configuration attributes: Reverted changes for now, they were causing the configuration to fail. Can try again before the next release. Jim Pingle
08:17 AM Bug #11091 (New): Interfaces set as disabled in the configuration have an UP status in the operating system at boot: Per discussion on the PR, all the changes have been reverted.
Can try alternate approaches for the next release. Jim Pingle
08:03 AM Regression #11550: Segmentation fault when loading ALTQ traffic shaping rules using FAIRQ: This is an upstream FreeBSD bug, and is reproducible with the following pf.conf on a recent FreeBSD/main:
> altq o... Kristof Provost

05/17/2021

03:54 PM Todo #11933 (Resolved): PC/SC Smart Card Daemon ``pcscd`` running on all devices at all times, should be optional: In 2.5.0/21.02 we added the @pcscd@ service to builds for #9878 and it gets run at startup in all cases to handle cer... Jim Pingle
02:58 PM Bug #11932: undefined function watchdogd_enabled: It was in Factory before Plus, it's nothing new. It's been around for years. Filesystem corruption or similar failure... Jim Pingle
02:52 PM Bug #11932: undefined function watchdogd_enabled: Ah, yes, I see it there in the base tar (https://firmware.netgate.com/pkg/pfSense_plus-v21_02_2_amd64-core/All/pfSens... catatonic prime
01:20 PM Bug #11932 (Not a Bug): undefined function watchdogd_enabled: That function is present in pfSense Plus system.inc and if it's missing, it's a sign there is something wrong with yo... Jim Pingle
01:15 PM Bug #11932 (Not a Bug): undefined function watchdogd_enabled: Model: SG-4860 (amd64)
Base System: 21.02.2-RELEASE
I observed some of these issues (or others? I dunno I had a b... catatonic prime
01:58 PM pfSense Packages Feature #9238: Add support for Zerotier: Amy Nagle wrote:
> The pfSense-pkg-zerotier package's uninstall action removes zerotier from the rc.conf.local, so i... Gregory Moore
12:48 PM pfSense Packages Feature #9238: Add support for Zerotier: The pfSense-pkg-zerotier package's uninstall action removes zerotier from the rc.conf.local, so it won't start automa... Amy Nagle
10:30 AM pfSense Packages Feature #9238: Add support for Zerotier: Amy Nagle wrote:
> Just a warning to anyone doing an update from 2.4 to 2.5: make sure you don't have an interface a... Gregory Moore
08:11 AM pfSense Packages Feature #9238: Add support for Zerotier: Just a warning to anyone doing an update from 2.4 to 2.5: make sure you don't have an interface assigned to any zerot... Amy Nagle
08:09 AM pfSense Packages Feature #11931 (New): Add support for validating a domain's ownership via Google Cloud Cloud DNS: Add support for validating a domain's ownership via Google Cloud Cloud DNS.
Support for Google Cloud Cloud DNS is ... Alex Cazacu
07:40 AM pfSense Packages Bug #11930 (Needs Patch): DHCPV6 does not work with L3 Interfaces (tun_wg): Last I saw, WireGuard on FreeBSD did not support broadcast/multicast traffic yet. DHCPv6 may work on L3 interfaces bu... Jim Pingle
07:38 AM Bug #11929 (Rejected): Questions about NAT settings: This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
07:37 AM pfSense Packages Bug #11618 (Closed): WireGuard using incorrect IPv6 tunnel address prefix length: Can be reopened if it still applies to the package. Jim Pingle
07:37 AM pfSense Packages Bug #11585 (Closed): WireGuard kernel panic when changing peer port on assigned WireGuard interface: Can always be reopened if it's still a problem. Jim Pingle
07:30 AM Bug #11912 (Closed): IPsec GUI allows creating multiple identical Phase 1 entries when using FQDN for remote gateway: Jim Pingle
07:29 AM Bug #11928 (Duplicate): 2.6.0-DEVELOPMENT - state and byte counters on firewall rules tabs are all 0 zero: Duplicate of #11775 Jim Pingle
07:28 AM Bug #11893 (Closed): IPsec Dashboard widget only displays first P2 subnet when using a single traffic selector: Jim Pingle
02:30 AM Bug #11619: Unable to upgrade 2.4.4-p3 to 2.5/21.02-p1: Same here.... JD -

05/16/2021

04:24 PM pfSense Packages Bug #11930 (Needs Patch): DHCPV6 does not work with L3 Interfaces (tun_wg): If i use the tun_wg interface with DHCPV6 to push prefixes to peers DHPCV6 stops:
@/services_dhcpv6.php: The comma... Dirk Steingäßer
11:10 AM Bug #11929 (Rejected): Questions about NAT settings: It seems that NAT is not working properly.
I usually use two OpenVPNs to protect my privacy online at the same time,... Jack Harris

05/15/2021

09:59 PM pfSense Packages Bug #11618: WireGuard using incorrect IPv6 tunnel address prefix length: If still relevant, should be moved to the package support for the WG package in 2.6.0. This is no longer relevant fo... Kris Phillips
09:58 PM pfSense Packages Bug #11585: WireGuard kernel panic when changing peer port on assigned WireGuard interface: This should be closed out or moved to the packages section for 2.6.0, if it is still reproducible with the package. ... Kris Phillips
09:53 PM Bug #11912: IPsec GUI allows creating multiple identical Phase 1 entries when using FQDN for remote gateway: Tested this and it is now resolved. The newly fixed FQDN checks work on 21.05 RC. Kris Phillips
08:42 PM Bug #11928 (Duplicate): 2.6.0-DEVELOPMENT - state and byte counters on firewall rules tabs are all 0 zero: After upgrading from 2.5.1-Release to 2.6.0.a.20210513.0100 the counters on firewall rules tabs are always 0.
Afte... M Felden
04:24 PM Regression #11775: State counters not updating and always show 0/0 since last few updates: I'm able to reproduce this. I ran a constant ICMP from LAN over an IPSec tunnel. Both the IPSec and LAN firewall ru... Kris Phillips
04:18 PM Bug #11893: IPsec Dashboard widget only displays first P2 subnet when using a single traffic selector: Tested in 21.05 RC build from May 15th. Looks good. This can be closed out. Kris Phillips
04:04 PM Bug #11698: Incomplete PPPoE custom reset values lead to invalid cron entry: /var/etc/pppoe_restart_pppoe0 is not showing any values
#!/bin/sh
/usr/local/sbin/pfSctl -c 'interface reload ... Alhusein Zawi
02:32 PM Regression #11884 (Resolved): Export P12 icon is missing if certificate is not locally renewable: Tested in 2.6 and 21.05. Export P12 is available. I'll mark the ticket resolved. Max Leighton
12:30 PM Feature #11927: Allow DHCP not to serve a gateway - small fix: To add some clarity. The "none" option is available in the general config. However it is not on the static mapping page. Jori Huisman
07:20 AM Feature #11927 (Resolved): Allow DHCP not to serve a gateway - small fix: Currently pfSense cannot serve dual homed machine on DHCP without giving both interfaces a default gateway as leaving... Jori Huisman
05:23 AM Regression #11857: Match rules cause pf error parsing rules: I am seeing the exact same issue on my Negate 3100.
The first time I upgraded from 21.02 to 21.05 all outbound traff... Brad Hawkins
05:06 AM Bug #11926: Advanced DHCP client configuration "Protocol timing" help text is in the wrong location: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/254 Danilo Zrenjanin
04:57 AM Bug #11926 (Resolved): Advanced DHCP client configuration "Protocol timing" help text is in the wrong location: Under Interface setup > DHCP Client Configuration > Advanced configuration, help text for protocol timing is at the w... Danilo Zrenjanin
04:31 AM Bug #11850: NTP authentication input validation rejects valid keys: Jim Pingle wrote:
> Updating subject for release notes.
As I'm still on the 21.02.2-RELEASE (amd64) - when could ... Thomas Paetzold

05/09/2021

06:39 AM Bug #10671: pfsense 2.4.5_1 does not boot on Gen2 2012R2 HyperV VM: Jan de Groot wrote:
> After upgrade to 2.4.5_1, the boot fails with Input/Output error when loading the kernel. Test... itfabrica Tech
04:51 AM Bug #11894: Vouchers may expire too early when using RAM disks: A FL wrote:
> The forum thread is suspecting the problem to be related to ramdisk.
>
> If that is true, the issue... Viktor Gurov
01:10 AM pfSense Docs Todo #11499: Feedback on Services — DHCPv4 Server: https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/12 Viktor Gurov
01:02 AM Bug #10706: Kernel route table entries are removed if they match disabled static route entries: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/245 Viktor Gurov
12:40 AM pfSense Packages Bug #10933 (Resolved): Retired / Invalid IPv4 lists in pfBlockerNG: all these feeds are fixed in the latest versions of pfBlockerNG-devel Viktor Gurov
12:38 AM Bug #11897: Language presented to user during upgrade is misleading: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/244 Viktor Gurov
12:04 AM Bug #11815: NoIP.com Dynamic DNS update failure is not detected properly: https://github.com/pfsense/pfsense/pull/4518 Viktor Gurov

05/08/2021

08:02 PM pfSense Docs Correction #11399 (Rejected): SG-3100 M.2 Installation Guide Reinstall Corrections: Closing this as rejected, since I've tested this and it seems to have been an isolated incident. Kris Phillips
01:52 PM Bug #11778: OpenVPN uses 100% CPU after experiencing packet loss: OpenVPN is historically notorious for high CPU usage to the extent that it can clog up CPU usage to point that other ... Anonymous
12:02 PM Feature #11380 (Resolved): PHP shell playback script to modify Alias contents: Tested in
2.6.0-DEVELOPMENT (amd64)
built on Sat May 08 01:04:01 EDT 2021
FreeBSD 12.2-STABLE
Works as descr... Max Leighton

05/07/2021

05:38 PM Bug #11778: OpenVPN uses 100% CPU after experiencing packet loss: For the past week I've been testing with the traffic shaper disabled and that is what seems to be causing this issue.... Jason NA
02:17 PM Bug #11453: ``wpa_supplicant`` uses 100% of a CPU core at boot: Has this been been integrated to to the 2.6 development branch yet? MILO MEDIN
12:10 PM Feature #11899 (Pull Request Review): Add support for non-Oracle IP Check providers: Jim Pingle
11:48 AM Feature #11899: Add support for non-Oracle IP Check providers: https://github.com/pfsense/pfsense/pull/4519 James Edington
11:47 AM Feature #11899 (Duplicate): Add support for non-Oracle IP Check providers: Currently, only Oracle-run DynDNS is supported as an IP Check provider due to the code that parses an IP Check servic... James Edington
09:39 AM Regression #11839: Panic on 21.05/2.6.0 snapshots when memory usage is high: A couple more. I have additional ones I haven't posted as well... Not sure how helpful they might be at this point si... Jim Pingle
09:12 AM pfSense Packages Bug #11898 (Resolved): PHP error from apcupsd dashboard widget when battery is charging: Not clear exactly what led to this, but one of my systems running apcupsd had the following PHP error in its log:
... Jim Pingle
09:09 AM Bug #11897 (Closed): Language presented to user during upgrade is misleading: Even after #10387 I just noticed something else (screenshot attached).
That is what is presented to the user befor... Chris Linstruth
08:09 AM pfSense Docs Todo #11655 (Closed): Feedback on Packages: This was addressed a few weeks ago. All mentions of Quagga and OpenBGP outside of release notes mentioning they were ... Jim Pingle
06:17 AM Feature #7332: Provide certificate expiry warning: Hi! Do you think revoked certs should not trigger an expiration notification?
Perhaps it is worth creating a new iss... ilmarranen alex
05:18 AM Revision c632527d: Do not try to display too large PHP_errors.log file. Fixes #11685: Viktor Gurov

05/06/2021

05:14 PM Revision 22a82fdd: Remove unused killall qstats command. Issue #11229: Viktor Gurov
04:02 PM Revision 3f706839: Reroot is safe on ZFS now, so allow it. Fixes NG 6304: Jim Pingle
03:14 PM Bug #11894: Vouchers may expire too early when using RAM disks: I don't think so. We are not using HA sync on the appliance. Volker Werbus
02:52 PM Bug #11894: Vouchers may expire too early when using RAM disks: The forum thread is suspecting the problem to be related to ramdisk.
If that is true, the issue could be related t... A FL
01:13 AM Bug #11894: Vouchers may expire too early when using RAM disks: from https://forum.netgate.com/topic/162708/vouchers-getting-expired-before-remaining-time/15:
"Voucher system worki... Viktor Gurov
12:07 PM Bug #11815: NoIP.com Dynamic DNS update failure is not detected properly: Viktor Gurov wrote:
> Are you sure No-IP supports 'groupname:email' ddns format? It looks like you need to use the '... Stefan Bauer
10:56 AM Bug #11815: NoIP.com Dynamic DNS update failure is not detected properly: Stefan Bauer wrote:
> Viktor Gurov wrote:
> > Could you please test the attached patch?
>
> Unfortunately does n... Viktor Gurov
07:35 AM Bug #11815 (Pull Request Review): NoIP.com Dynamic DNS update failure is not detected properly: Jim Pingle
07:29 AM Bug #11815: NoIP.com Dynamic DNS update failure is not detected properly: Viktor Gurov wrote:
> Could you please test the attached patch?
Unfortunately does not work.
Username is encod... Stefan Bauer
05:36 AM Bug #11815: NoIP.com Dynamic DNS update failure is not detected properly: Could you please test the attached patch?
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/243
Viktor Gurov
02:38 AM Bug #11815: NoIP.com Dynamic DNS update failure is not detected properly: Should i prepare a PR to address the urlencode thing?
I do not have the skills to take care of the API change but wo... Stefan Bauer
07:23 AM pfSense Packages Bug #11515 (Pull Request Review): node_exporter 0.18.1_1 - Unable to interact or start the service from web ui: Jim Pingle
12:34 AM pfSense Packages Bug #11515: node_exporter 0.18.1_1 - Unable to interact or start the service from web ui: Joel Holveck wrote:
> I note at least two issues remaining.
>
> First, the config file is in @/usr/local/etc/rc.c... Viktor Gurov
07:21 AM Bug #11893 (Pull Request Review): IPsec Dashboard widget only displays first P2 subnet when using a single traffic selector: Jim Pingle
12:06 AM Bug #11893: IPsec Dashboard widget only displays first P2 subnet when using a single traffic selector: much better now (see screenshots)
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/241 Viktor Gurov
07:17 AM Bug #11896 (Rejected): Packet loss with multiple OpenVPN client connections: There isn't nearly enough detail here for a valid bug report, and it's entirely possible that it is not a bug but a c... Jim Pingle

05/05/2021

08:19 PM Bug #11815: NoIP.com Dynamic DNS update failure is not detected properly: In addition to changes in the noip ddns update api, the response codes/status may have also changed.
See https://www... John Clark
03:40 PM Bug #11815: NoIP.com Dynamic DNS update failure is not detected properly: This appears to be a regression from 2.4.5, as the code changed during the update for #6638, as Viktor noted.
In 2... John Clark
02:41 PM Bug #11815: NoIP.com Dynamic DNS update failure is not detected properly: https://github.com/pfsense/pfsense/pull/4518 Stefan Bauer
12:46 PM Bug #11815: NoIP.com Dynamic DNS update failure is not detected properly: problem is ... Stefan Bauer
10:55 AM Bug #11815 (New): NoIP.com Dynamic DNS update failure is not detected properly: The only actionable thing I see here is that the process returned an error but was treated as a success. It should ha... Jim Pingle
10:54 AM Bug #11815: NoIP.com Dynamic DNS update failure is not detected properly: Please note, above hostname is the real hostname as well as the ip. You can check public DNS, it's not updated, even ... Stefan Bauer
10:50 AM Bug #11815: NoIP.com Dynamic DNS update failure is not detected properly: Hi pleas re-open. Problem still exists here as well. Looks like its a parsing issue as the username is 'GROUPNAME:USE... Stefan Bauer
07:37 PM Revision 69d1be2f: Update services_dyndns_edit.php: Fix additional typo in description. Stefan Bauer
07:27 PM Revision c85ae535: Allow group authentication for NoIP dyndns service.: Extend information for service NoIP to replace ':' in username by '#'.
Allow '#' in username. Stefan Bauer
07:06 PM Bug #11896 (Rejected): Packet loss with multiple OpenVPN client connections: Packet loss with multiple OpenVPN client connections. This started occurring after Release candidate 2.5.1.r.20210403... Keith Townsend
06:27 PM pfSense Packages Bug #11892: WireGuard: dpinger does not start correctly on a WireGuard gateway at boot: Fixed internally, fix will be in next PR Christian McDonald
12:55 PM pfSense Packages Bug #11892 (Resolved): WireGuard: dpinger does not start correctly on a WireGuard gateway at boot: With a WireGuard interface assigned and with a gateway set dpinger does not start correctly at boot. Instead it shows... Steve Wheeler
05:05 PM Feature #11895 (Resolved): Require user to manually apply changes after altering static route entries: Users have requested that there be an Apply Changes confirmation when adding/deleting/changing static routes. The req... Max Leighton
04:21 PM Bug #11894 (Closed): Vouchers may expire too early when using RAM disks: We just upgraded around 10 sites from 2.4.5 to 2.5.1 and detected a strange behavior: We have created 3 voucher rolls... Volker Werbus
01:48 PM Revision f528b6a9: Ensure mobile IPsec pools are always in config. Issue #11891: Jim Pingle
01:23 PM Bug #11893: IPsec Dashboard widget only displays first P2 subnet when using a single traffic selector: Adding sanitized Dashboard Widget Example. Kris Phillips
01:20 PM Bug #11893: IPsec Dashboard widget only displays first P2 subnet when using a single traffic selector: Adding sanitized Status IPSec Page for Comparison. Kris Phillips
01:20 PM Bug #11893: IPsec Dashboard widget only displays first P2 subnet when using a single traffic selector: Since there is only one child SA here with multiple traffic selectors I'm not sure how viable it would be to break th... Jim Pingle
01:11 PM Bug #11893 (Closed): IPsec Dashboard widget only displays first P2 subnet when using a single traffic selector: The IPSec Dashboard Widget only shows the first P2 tunnel when the tunnels are "grouped" like the new way Strongswan ... Kris Phillips
01:06 PM Revision 0a7699de: Correct IPsec P1 Child SA Start Action validation. Fixes #11576: Jim Pingle
09:04 AM Bug #11891 (Feedback): strongSwan configuration contains incorrect structure for mobile pool DNS records: Jim Pingle
08:47 AM Bug #11891 (In Progress): strongSwan configuration contains incorrect structure for mobile pool DNS records: "radius" is a special internal pool in strongSwan, which expects settings to be returned from RADIUS and not defined ... Jim Pingle
07:42 AM Bug #11891 (Resolved): strongSwan configuration contains incorrect structure for mobile pool DNS records: Hello,
according to https://wiki.strongswan.org/projects/strongswan/wiki/Fromipsecconf:
old style configuration
... Oleksandr Yermolenko
08:15 AM Feature #11576 (Feedback): IPsec GUI option to control Child SA ``start_action``: Applied in changeset commit:0a7699de800e849056773b5c4a762096e1689260. Jim Pingle
08:04 AM Feature #11576 (In Progress): IPsec GUI option to control Child SA ``start_action``: Input validation isn't quite right, GUI control is hidden for mobile tunnels but the validation still throws an error... Jim Pingle
07:37 AM Feature #7092 (Pull Request Review): Kernel modules for alternate congestion control algorithms: Jim Pingle
05:33 AM Feature #7092: Kernel modules for alternate congestion control algorithms: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/240 Viktor Gurov
07:34 AM Bug #11829 (Pull Request Review): OpenVPN client certificate validation with OCSP always fails: Jim Pingle
02:51 AM Bug #11829: OpenVPN client certificate validation with OCSP always fails: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/239 Viktor Gurov
07:33 AM Bug #11830 (Pull Request Review): Certificate validation with OCSP always fails in ``openvpn.tls-verify.php``: Jim Pingle
02:43 AM Bug #11830: Certificate validation with OCSP always fails in ``openvpn.tls-verify.php``: openssl ocsp response sample without '-resp_text' (google.com):... Viktor Gurov
07:32 AM Bug #11851 (Closed): /etc/rc.start_packages double-starts some packages: Closing this. If other packages need adjusted, a new issue can be opened for each affected package. Jim Pingle
02:07 AM Bug #11851: /etc/rc.start_packages double-starts some packages: these are pkg issues, see #11887 #11888 #11889 Viktor Gurov
07:31 AM pfSense Packages Bug #11887 (Pull Request Review): Squid service starts twice by /etc/rc.start_packages: Jim Pingle
02:05 AM pfSense Packages Bug #11887: Squid service starts twice by /etc/rc.start_packages: caused by disabled SquidGuard service
fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/89 Viktor Gurov
01:04 AM pfSense Packages Bug #11887 (Resolved): Squid service starts twice by /etc/rc.start_packages: /etc/rc.start_packages starts squid twice:... Viktor Gurov
07:31 AM pfSense Packages Bug #11889 (Pull Request Review): BIND starts twice by /etc/rc.start_packages: Jim Pingle
01:32 AM pfSense Packages Bug #11889: BIND starts twice by /etc/rc.start_packages: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/88 Viktor Gurov
01:28 AM pfSense Packages Bug #11889 (Resolved): BIND starts twice by /etc/rc.start_packages: /etc/rc.start_packages:... Viktor Gurov
07:30 AM pfSense Packages Bug #11888 (Pull Request Review): FreeRADIUS starts twice by /etc/rc.start_packages: Jim Pingle
01:22 AM pfSense Packages Bug #11888: FreeRADIUS starts twice by /etc/rc.start_packages: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/87 Viktor Gurov
01:08 AM pfSense Packages Bug #11888 (Resolved): FreeRADIUS starts twice by /etc/rc.start_packages: /etc/rc.start_packages:... Viktor Gurov
07:26 AM pfSense Packages Feature #11890: Browser-based "clientless" VPN: Unless something new has come up recently there aren't any reliable and actively developed open source browser-based ... Jim Pingle
05:51 AM pfSense Packages Feature #11890 (New): Browser-based "clientless" VPN: I wanted to ask for a feature for a Web Browser clientless based VPN Portal, where I can activate a VPN with credenti... Tu Thach
12:10 AM Feature #5331: IPSec table for tuning strongswan.conf: Lars Pedersen wrote:
> Tried to add retransmission strategy in a pull request https://github.com/pfsense/pfsense/pul... Viktor Gurov

05/04/2021

07:12 PM Bug #11877: Labels and description disappear in firewall_schedule_edit.php: I think the original reason to hide it through .help-block was to avoid cluttering the "Configured Ranges" section. R... Marcos M
05:28 PM Revision a9a1a1ef: Remove pfSense-builder. It's not being used anymore: Renato Botelho
12:52 PM pfSense Packages Bug #11886: WireGuard: PHP error in vpn_wg_peers_edit.php: This was resolved after the initial PR. Should be fixed in the next revision Christian McDonald
10:20 AM pfSense Packages Bug #11886 (Resolved): WireGuard: PHP error in vpn_wg_peers_edit.php: When setting the allowed IPs on a peer as 0.0.0.0/0 only the following error is generated:... Steve Wheeler
09:43 AM pfSense Docs Todo #11875 (Closed): Feedback on Releases — 21.02/21.02-p1/2.5.0 New Features and Changes: It was there just a different heading ("Security / Errata"), and it didn't have the same content. I made some adjustm... Jim Pingle
08:19 AM Bug #11882: NIC Passthrough in Virtualized pfSense 2.5.1 Crashes Hypervisor: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=253932 Viktor Gurov
07:38 AM Bug #11882 (Needs Patch): NIC Passthrough in Virtualized pfSense 2.5.1 Crashes Hypervisor: Unlikely to be specific to pfSense, and not much to go on. You should try it on development snapshots first, and if i... Jim Pingle
08:06 AM pfSense Plus Bug #11885 (Not a Bug): Fatal data abort and reboot SG-1100: Please contact Netgate TAC and work through this with them at https://go.netgate.com, thanks! Jim Pingle
07:35 AM pfSense Plus Bug #11885 (Not a Bug): Fatal data abort and reboot SG-1100: Good morning, we hope y'all are doing well during these challenging times. We've had a rough go with our SG-1100, wha... Brian Carpenter
07:45 AM Bug #11883 (Pull Request Review): ``dhcp6withoutra_script.sh`` does not get executed when advanced options are set: Jim Pingle
02:24 AM Bug #11883: ``dhcp6withoutra_script.sh`` does not get executed when advanced options are set: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/236 Viktor Gurov
07:43 AM Regression #11884 (Pull Request Review): Export P12 icon is missing if certificate is not locally renewable: Jim Pingle
01:36 AM Regression #11884: Export P12 icon is missing if certificate is not locally renewable: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/235 Viktor Gurov
01:32 AM Regression #11884: Export P12 icon is missing if certificate is not locally renewable: #10284 regression Viktor Gurov
01:31 AM Regression #11884 (Resolved): Export P12 icon is missing if certificate is not locally renewable: If you import public/private key from the external CA, there is no "Export P12" on the system_certmanager.php page
h... Viktor Gurov

05/03/2021

11:15 PM Bug #11883 (Closed): ``dhcp6withoutra_script.sh`` does not get executed when advanced options are set: In interfaces.inc:5274 (which gets executed if we have advanced options enabled) the "normal" script is used even whe... Flole Systems
07:55 PM Revision 5e264b0a: Enable build of pfSense-pkg-WireGuard: Renato Botelho
06:42 PM Revision 6a9fa747: Add spinning icon to IPsec status wait message: Steve Beaver
06:34 PM Bug #11882 (Needs Patch): NIC Passthrough in Virtualized pfSense 2.5.1 Crashes Hypervisor: Running pfSense 2.4.5 in Proxmox with Intel NIC passed through was stable for several months. After updating to 2.5.1... James Blanton
03:43 PM Bug #11881 (Not a Bug): Old Gateways show up: That is intentional. It errs on the side of not deleting historical data that someone may want to retain. Jim Pingle
03:31 PM Bug #11881 (Not a Bug): Old Gateways show up: Status -> Monitoring -> Quality -> Graph
There are old gateways listed that no longer exist Moritz Schwarz
01:03 PM Bug #11290: Package ``<plugins>`` and ``<tabs>`` content missing from configuration in some cases: Viktor Gurov wrote:
> Jeremy Utley wrote:
> > I am encountering this exact issue on 2.5.1 now. I have a pair of 2.... Jeremy Utley
11:27 AM Regression #11316: Unbound crashes with signal 11 when reloading: Had crash that even watchdog did not recover. tried manually restarting unbound via web GUI, status was showing as ok... Vaidotas Butkus
11:18 AM Regression #11316: Unbound crashes with signal 11 when reloading: Is there a release of the reverted unbound to try? I'm willing to try it.
I'm now crashing 3 or 4 times a day.
Mike Farmwald
11:12 AM Revision 35a52ca3: fix for missing 0 subnet when clone address entry, needed for vpn's that need two 0 subnets one for ipv4 and ipv6: Manojav Sridhar
09:22 AM Feature #10811: Randomize time of scheduled AutoConfigBackup runs: Applied patch to 21.02.2-RELEASE. Looks good there. Chris Linstruth
08:09 AM pfSense Packages Bug #11878 (Pull Request Review): squidguard dependencies missing: Jim Pingle
06:56 AM pfSense Packages Bug #11878: squidguard dependencies missing: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/85 Danilo Zrenjanin
12:31 AM pfSense Packages Bug #11878 (Resolved): squidguard dependencies missing: pfSense-pkg-squidGuard must depend on pfSense-pkg-squid
https://forum.netgate.com/topic/158288/squidguard-dependen... Viktor Gurov
08:06 AM Bug #11877 (Pull Request Review): Labels and description disappear in firewall_schedule_edit.php: Jim Pingle
01:00 AM Bug #11877: Labels and description disappear in firewall_schedule_edit.php: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/233 Viktor Gurov
08:05 AM pfSense Packages Bug #11173 (Pull Request Review): Status>Monitoring parameters are hidden by the interactive graph: Jim Pingle
08:02 AM Feature #11876: OpenSSL does not use QAT acceleration on pfSense Plus 21.02-RELEASE-p1 or 21.05-DEVELOPMENT: It's not a bug per se, but a feature that does not yet exist (and which may not be as useful as you might expect):
... Jim Pingle
07:57 AM Bug #8013 (Pull Request Review): IPsec MSS clamping value shared for IPv4 and IPv6: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/230 Jim Pingle
07:48 AM pfSense Packages Bug #11874 (Not a Bug): Squid allows entering an invalid IP address into the Bypass Proxy for These Source IPs field: Jim Pingle
07:48 AM pfSense Packages Bug #11711 (Pull Request Review): New Squid Status Page Non-Functional: Jim Pingle
07:45 AM Bug #11873 (Pull Request Review): HTTP Referer error message text is incorrect: Jim Pingle
07:40 AM Feature #9877 (Pull Request Review): QEMU Guest Agent: Jim Pingle
07:40 AM Bug #11781 (Closed): Disable DNSSEC option for dnsmasq: This issue is not referring to an option in the GUI or CLI but a pkg build option:
On 2.5.1:... Jim Pingle
07:38 AM Bug #11815 (Rejected): NoIP.com Dynamic DNS update failure is not detected properly: Rejecting for now. If OP can provide more detail pointing to a potential cause or a reliable means of reproducing the... Jim Pingle
07:33 AM Bug #11820 (Rejected): Backup restore problem with webConfigurator: Rejecting for now since it cannot be reproduced. If someone can find a method capable of reproducing the problem reli... Jim Pingle
06:58 AM Bug #11880 (Closed): Missing ``/0`` subnet when cloning repeatable CIDR mask controls: PR : https://github.com/pfsense/pfsense/pull/4517 Christian McDonald
03:16 AM pfSense Packages Feature #11879 (Closed): Add support for SSL.com ACME server: Read more:
https://www.ssl.com/blogs/sslcom-supports-acme-protocol-ssl-tls-certificate-automation/
https://www.ssl.... Viktor Gurov
03:00 AM pfSense Docs Todo #11646 (Closed): Feedback on Virtual Private Networks — OpenVPN — OpenVPN and Multi-WAN: fixed Viktor Gurov

05/02/2021

06:41 PM pfSense Packages Bug #11173: Status>Monitoring parameters are hidden by the interactive graph: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/84 Marcos M
03:57 PM Bug #11877 (Resolved): Labels and description disappear in firewall_schedule_edit.php: # Add a new entry under Firewall / Schedules
# Select a date
# Click "Add Time"
# The labels and description on th... Marcos M
02:08 PM Feature #11876 (New): OpenSSL does not use QAT acceleration on pfSense Plus 21.02-RELEASE-p1 or 21.05-DEVELOPMENT: QAT acceleration is not being utilized by OpenSSL.
The QAT driver is loaded... Adam Goldberg
08:52 AM pfSense Docs Todo #11875 (Closed): Feedback on Releases — 21.02/21.02-p1/2.5.0 New Features and Changes: *Page:* https://docs.netgate.com/pfsense/en/latest/releases/2-5-0.html
*Feedback:*
There is no know issue/errat... Viktor Gurov
05:48 AM Regression #11870: Setting MTU on VLAN does not set MTU on parent interface in 2.5.1: related to #9154 Viktor Gurov
05:14 AM Feature #9877: QEMU Guest Agent: build agent:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/232 Viktor Gurov
03:31 AM pfSense Packages Bug #11874: Squid allows entering an invalid IP address into the Bypass Proxy for These Source IPs field: works as expected -
192168.44.aa or 888.88.888.8 - is invalid IP, but valid hostname Viktor Gurov
02:08 AM pfSense Packages Bug #11711: New Squid Status Page Non-Functional: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/83 Viktor Gurov
12:26 AM Bug #11873: HTTP Referer error message text is incorrect: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/231 Viktor Gurov
12:13 AM pfSense Packages Bug #11445 (Resolved): bgp as-path in wrong position: Viktor Gurov

05/01/2021

07:31 PM pfSense Packages Bug #11532 (Resolved): LCDproc service is not disabled: Tested on 0.10.8_9. Once LCDProc is disabled, the file at /usr/local/etc/rc.d/lcdproc.sh is removed as expected. Mark... Max Leighton
05:54 PM Bug #11453: ``wpa_supplicant`` uses 100% of a CPU core at boot: Greg Revelle wrote:
> MILO MEDIN wrote:
> > @rom racer, thanks for doing the build.
> >
> > I loaded it in 2.5... C HL
05:19 PM Regression #11805: Port forward rules only function through the default gateway interface, ``reply-to`` does not work for Multi-WAN (CE Only): > It is a kernel-level fix, not something that can be applied as a patch using that package.
Jim, thanks for the u... Rafael Possamai
04:52 PM Bug #11781: Disable DNSSEC option for dnsmasq: I couldn't find the DNSSEC option in the dnsmasq on 2.4.5-p1 and 2.5.1. Can you please provide more details on how to... Danilo Zrenjanin
04:41 PM pfSense Packages Bug #11874: Squid allows entering an invalid IP address into the Bypass Proxy for These Source IPs field: That field also accepts aliases and (though it's not recommended) hostnames, so it isn't quite that simple. Jim Pingle
04:40 PM pfSense Packages Bug #11874 (Not a Bug): Squid allows entering an invalid IP address into the Bypass Proxy for These Source IPs field: In Transparent Mode, Squid will allow entering an invalid IP address into the Bypass Proxy for These Source IPs field... Danilo Zrenjanin
04:07 PM Bug #11141 (Resolved): OpenVPN Wizard does not support gateway groups: OpenVPN Wizard shows GW group and GW group can be selected.
2.6.0.a.20210430.0100
Alhusein Zawi
03:58 PM Bug #11873 (Resolved): HTTP Referer error message text is incorrect: An HTTP Referer message gives not an accurate path to the location where it can be disabled.
"If not needed, this... Danilo Zrenjanin
03:02 PM pfSense Packages Bug #11763: Traffic graphs refresh issue: Unable to reproduce on 21.02.2 Michael Spears
03:00 PM pfSense Packages Bug #11445: bgp as-path in wrong position: fixed
router bgp 61000
no bgp network import-check
neighbor 192.168.1.99 remote-as 61000
neighbor 192.168.1.... Alhusein Zawi
02:01 PM Bug #11852: State table content on ``diag_dump_states.php`` does not sort properly: JohnPoz _ wrote:
> Not sure if bug or regression. But Columns in the diag_dump_states.php will not sort
>
> You ... Michael Spears
02:01 PM Bug #11815: NoIP.com Dynamic DNS update failure is not detected properly: I Ivanov wrote:
> DynDNS does not update IP address on service NoIP.com (paid), even though the address has changed,... Kris Phillips
01:55 PM Bug #11820: Backup restore problem with webConfigurator: Marcelo Gondim wrote:
> Hi all,
>
> A PFSense server that I have, had a disk problem and stopped working. For my ... Kris Phillips
01:17 PM Bug #11872: gif interfaces reporting incorrect traffic counters: This also affects packet counters too.
!https://i.imgur.com/6Cm2HNe.png! Dan Monaghan
01:14 PM Bug #11872 (New): gif interfaces reporting incorrect traffic counters: I've been running a gif tunnel on my pfSense box to Hurricane Electric's Tunnel Broker service for a number of years ... Dan Monaghan
11:07 AM pfSense Docs Correction #11871 (Resolved): SG-2100 must be manually power cycled after installation: The Reinstalling pfSense Plus Software document for the SG-2100 indicates that the unit will reboot automatically aft... Max Leighton

04/30/2021

03:24 PM pfSense Packages Bug #11543: SquidGuard 1.16.18_15 - returning wrong page: I´ve tested and when i try acess some page blocked , when i look to url is wrong
if i change this , its work.
So i´... Robson Ferreira
02:38 PM Regression #11870 (Not a Bug): Setting MTU on VLAN does not set MTU on parent interface in 2.5.1: When altering the MTU on a VLAN, the physical interface needs to follow. Currently it does not, and you have to assig... Carlos Montalvo J.
12:42 PM Regression #11795 (Feedback): Applying IPsec settings for more than ~30 tunnels times out PHP: This should be fixed on current snapshots by the following commits:
* commit:1622230a5ad99796c017d6da98520b67c15bb... Jim Pingle
12:00 AM Feature #11406 (Resolved): GUI option to set MTU for L2TP VPN server: "vpn MTU" option is added on 2.6.0.a.20210421.0100 Alhusein Zawi

04/29/2021

04:14 PM Revision a8ccdf50: Add IPsec GUI control for Child SA Start Action. Implements #11576: Jim Pingle
02:20 PM Revision 6e363140: Skip expired DHCP leases for ARP table content. Fixes #11510: (cherry picked from commit 148c79da63eb1912fce81838af341b294bf60849) Jim Pingle
02:20 PM Revision 148c79da: Skip expired DHCP leases for ARP table content. Fixes #11510: Jim Pingle
01:49 PM Revision ef6524c7: Fix variable being used before assignment. Fixes #11842: (cherry picked from commit 48860631d02e7aea6c03cef043a58081a1fadbb8) Jim Pingle
01:49 PM Revision 48860631: Fix variable being used before assignment. Fixes #11842: Jim Pingle
01:26 PM Bug #7801 (Pull Request Review): UDP fragments received over IPsec tunnel are not properly reassembled and forwarded: Jim Pingle
11:50 AM Bug #7801: UDP fragments received over IPsec tunnel are not properly reassembled and forwarded: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/230 Viktor Gurov
06:23 AM Bug #7801: UDP fragments received over IPsec tunnel are not properly reassembled and forwarded: Franciszek Koltuniuk wrote:
> Hi,
> I have a similar issue with fragmented packets send/received over IPsec tunnel... Viktor Gurov
11:45 AM Revision f7163f44: Fix missing ';': Steve Beaver
11:20 AM Feature #11576 (Feedback): IPsec GUI option to control Child SA ``start_action``: Applied in changeset commit:a8ccdf506d95df855f9779e3bb090e740154cb7f. Jim Pingle
11:14 AM pfSense Packages Bug #11173: Status>Monitoring parameters are hidden by the interactive graph: Looks like it's due to the height property on `.svg.nvd3-svg`. Though some extra styling needs to be done to make it ... Marcos M
09:30 AM Regression #11510 (Feedback): ARP Table populates hostname values using expired DHCP lease data: Applied in changeset commit:148c79da63eb1912fce81838af341b294bf60849. Jim Pingle
09:21 AM Regression #11510 (In Progress): ARP Table populates hostname values using expired DHCP lease data: I was able to reproduce this. I used a slightly different fix. Jim Pingle
08:55 AM Bug #11842 (Feedback): Captive Portal post-auth redirect is not properly respected: Applied in changeset commit:48860631d02e7aea6c03cef043a58081a1fadbb8. Jim Pingle
08:22 AM Bug #11842 (In Progress): Captive Portal post-auth redirect is not properly respected: I'll look into that ASAP, thanks for testing! Jim Pingle
08:11 AM Bug #11842: Captive Portal post-auth redirect is not properly respected: A feedback :
I saw my browser sending 'plain http' to the https port.
File /etc/inc/captiveportal.inc line 2261... Gertjan KROEB
08:00 AM Bug #11869 (Pull Request Review): OpenVPN client startup error if IPv6 Tunnel Network is defined in TAP mode: Jim Pingle
05:53 AM Bug #11869: OpenVPN client startup error if IPv6 Tunnel Network is defined in TAP mode: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/229 Viktor Gurov
05:41 AM Bug #11869 (Resolved): OpenVPN client startup error if IPv6 Tunnel Network is defined in TAP mode: If you define any "IPv6 Tunnel Network" in TAP mode,
an invalid 'ifconfig-ipv6' option is created in the config file... Viktor Gurov
07:59 AM Bug #11867 (Pull Request Review): Unquoted variable in ``dot.tcshrc`` can cause proxy password to be printed: Jim Pingle
12:30 AM Bug #11867: Unquoted variable in ``dot.tcshrc`` can cause proxy password to be printed: this bug causes not only printing the password in the shell, but also not populating the HTTP_PROXY_AUTH env variable... Viktor Gurov
07:31 AM Regression #11868: PHP error from missing ';' in util.inc line 2036: Login from command line, then:... Jens Leinenbach
07:30 AM Regression #11868 (Resolved): PHP error from missing ';' in util.inc line 2036: Already fixed by commit:f7163f442b514df4a0bbb6c7f66ce55279bb05e7 Jim Pingle
07:25 AM Regression #11868: PHP error from missing ';' in util.inc line 2036: I normally upgraded to version 2.6.0.a.20210429.0100 but the system didn't boot properly.
I had to add missing ";" i... Jens Leinenbach
05:28 AM Regression #11868: PHP error from missing ';' in util.inc line 2036: I've tried to upgrade 2.4.5p1 to 2.5.1: OK
2.5.1 to 2.6.0 snapshot : failed Luca De Andreis
04:56 AM Regression #11868 (Resolved): PHP error from missing ';' in util.inc line 2036: I've tried on a test virtual machine running on PfSense 2.4.5p1, upgrade to 2.6.0 snapshot failed, any idea ?
Very... Luca De Andreis
12:03 AM pfSense Packages Feature #11295 (Pull Request Review): DNSBL IDN support: Viktor Gurov

04/28/2021

07:21 PM Revision f381d8d8: Move protocol setup outside of foreach. It only needs to happen once: Steve Beaver
05:46 PM Revision 1622230a: Revise resolve_retry timing/action to avoid long delays in ipsec status results: Steve Beaver
05:09 PM Regression #11316: Unbound crashes with signal 11 when reloading: We're reverting to unbound 1.12 in order to restore stability. We have to backport at least one CVE for it, so it's ... Scott Long
04:13 PM Bug #11867 (Closed): Unquoted variable in ``dot.tcshrc`` can cause proxy password to be printed: https://github.com/pfsense/pfsense/blob/a7086b04cae21ca742fdeefd1019ee1401b6dded/src/etc/skel/dot.tcshrc#L71 causes u... John Runyon
02:05 PM Feature #11865 (Pull Request Review): Option to validate OpenVPN peer TLS certificate key usage: Jim Pingle
08:57 AM Feature #11865: Option to validate OpenVPN peer TLS certificate key usage: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/227 Viktor Gurov
08:31 AM Feature #11865 (Resolved): Option to validate OpenVPN peer TLS certificate key usage: As an additional security measure
https://openvpn.net/community-resources/reference-manual-for-openvpn-2-4/:
<pre... Viktor Gurov
12:10 PM Revision 3c8dcdf7: Add needed options to unbound112: Renato Botelho
11:26 AM Bug #11866: Update dnsmasq to 2.85 to fix CVE-2021-3448: pfSense 2.6.0 and pfSense Plus 21.05 appears to have 2.85,1 in the development builds. Kris Phillips
11:26 AM Bug #11866 (Closed): Update dnsmasq to 2.85 to fix CVE-2021-3448: dnsmasq has a new CVE for CVE-2021-3448. Not affected in 2.85 and beyond.
https://www.tenable.com/cve/CVE-2021-... Kris Phillips
09:14 AM Bug #11864: OpenVPN stays bound to previous IP address after interface changes: Currently only DHCP, SNMP, Gateways Monitoring, RRD Graphing and Syslog services are restarted on interface changes.
... Viktor Gurov
08:29 AM Bug #11864 (Resolved): OpenVPN stays bound to previous IP address after interface changes: Setup:
OpenVPN listening on UDP IPv4 on a VIP or physical interface.
Steps to recreate:
# While OpenVPN is runni... Marcos M
08:24 AM Regression #11775: State counters not updating and always show 0/0 since last few updates: I have the same issue on all 2.6.0 builds also. Tigger 2014
08:13 AM Bug #11863 (Resolved): Unable to create nested URL aliases: Adding an URL/URL Table (IPs/Ports) alias produces error:... Viktor Gurov
07:47 AM pfSense Docs New Content #11862 (Closed): Document High Availability IPSec: High Availability is a great feature, but lacks documentation/examples in a couple of areas. I tried to set up a VTI... Bill Somerville
07:40 AM Bug #11831 (Pull Request Review): Certificate Revocation tab does not list active users of CRL entries: Jim Pingle
01:23 AM Bug #11831: Certificate Revocation tab does not list active users of CRL entries: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/226 Viktor Gurov
07:28 AM Bug #6507: GRE and GIF tunnels on dynamic IPv6 interface are not brought up during boot: Updating subject to reflect that the PR corrects both GRE and GIF. Jim Pingle
07:27 AM Bug #11860 (Duplicate): GIF interfaces should be reconfigured when IPv6 address of a WAN-Interface changes: Thorsten Zitterell wrote:
> Viktor Gurov wrote:
> > should be fixed by https://gitlab.netgate.com/pfSense/pfSense/-... Jim Pingle
12:58 AM Bug #11860: GIF interfaces should be reconfigured when IPv6 address of a WAN-Interface changes: Viktor Gurov wrote:
> should be fixed by https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/63
> see #6507... Thorsten Zitterell
12:18 AM Bug #11860: GIF interfaces should be reconfigured when IPv6 address of a WAN-Interface changes: should be fixed by https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/63
see #6507 Viktor Gurov
07:27 AM Bug #11854: DNS resolver stopped by himself with fatal error: Jim Pingle wrote:
> Doesn't look exactly like #11316 but may be related. If not, it's a different Unbound bug that i... Yann Papouin
07:25 AM Bug #11829 (New): OpenVPN client certificate validation with OCSP always fails: Jim Pingle
02:18 AM Bug #11829: OpenVPN client certificate validation with OCSP always fails: Viktor Gurov wrote:
> Duplicate of #11830
Actually it is not duplicate, I've opened two of them as fixes have to ... Konstantin Panchenko

04/27/2021

11:59 PM Bug #11453: ``wpa_supplicant`` uses 100% of a CPU core at boot: MILO MEDIN wrote:
> @rom racer, thanks for doing the build.
>
> I loaded it in 2.5.1 and can confirm it fixes t... Greg Revelle
08:39 PM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs: This issue is for Plus only. The issue for CE is #11805
Jim Pingle
08:26 PM Revision dcf96e88: Test for empty negated addrs in pf rules. Fixes #11861: (cherry picked from commit 5401382ae85e57cd475d9460cde5732b755525a0) Jim Pingle
08:25 PM Revision 5401382a: Test for empty negated addrs in pf rules. Fixes #11861: Jim Pingle
07:42 PM Revision b3b62e67: Do not read cert key details if parsing key failed. Fixes #11859: (cherry picked from commit 55dc00701011c2547a55dabf7716d2939cadc509) Jim Pingle
07:41 PM Revision 55dc0070: Do not read cert key details if parsing key failed. Fixes #11859: Jim Pingle
07:22 PM Revision 7a010ad2: Fix PHP error in upgrade code. Fixes #11801: Change upgrade_212_to_213() so it unsets variables individually after
first testing if they are set. This avoids an e... Jim Pingle
07:21 PM Revision a6edfe27: Fix PHP error in upgrade code. Fixes #11801: Change upgrade_212_to_213() so it unsets variables individually after
first testing if they are set. This avoids an e... Jim Pingle
03:39 PM Bug #11407 (Closed): Removing a WireGuard tunnel in a middle position can break Add button behavior: Jim Pingle
03:38 PM Feature #11576 (In Progress): IPsec GUI option to control Child SA ``start_action``: Jim Pingle
03:35 PM Bug #11861 (Feedback): Error loading rules in certain cases where an interface is temporarily without an address: Applied in changeset commit:5401382ae85e57cd475d9460cde5732b755525a0. Jim Pingle
03:33 PM Bug #11861: Error loading rules in certain cases where an interface is temporarily without an address: As luck would have it that WAN just failed again and I was able to confirm that the fix I checked in corrects the pro... Jim Pingle
03:22 PM Bug #11861 (Closed): Error loading rules in certain cases where an interface is temporarily without an address: Had an interface event on my edge firewall yesterday where one WAN lost its interface address and resulted in an inva... Jim Pingle
02:56 PM Bug #11860 (Duplicate): GIF interfaces should be reconfigured when IPv6 address of a WAN-Interface changes: I have successfully configured my router for DS-lite (NetCom BW, Germany) using PPPoE for initial WAN setup (IPv4 & I... Thorsten Zitterell
02:50 PM Bug #11859 (Feedback): PHP error on certificate list due to unreadable private key: Applied in changeset commit:55dc00701011c2547a55dabf7716d2939cadc509. Jim Pingle
02:41 PM Bug #11859 (Closed): PHP error on certificate list due to unreadable private key: If a certificate private key is present, but corrupted and cannot be read, it can result in the following PHP error:
... Jim Pingle
02:30 PM Bug #11801 (Feedback): PHP error in ``upgrade_212_to_213()`` when upgrading certain IPsec tunnels: Applied in changeset commit:a6edfe2763df01132d56199faf9ac1dc99471f1c. Jim Pingle
02:27 PM Regression #11524: Using SHA1 or SHA256 with AES-NI may fail if AES-NI attempts to accelerate hashing: Another fix [1] was imported from FreeBSD and will be present on tomorrow's snapshots
[1] https://cgit.freebsd.org... Renato Botelho
11:17 AM pfSense Packages Todo #11845 (Resolved): Update OpenVPN client export installers to 2.5.2: Jim Pingle
11:12 AM pfSense Packages Todo #11845: Update OpenVPN client export installers to 2.5.2: Jim Pingle wrote:
> Need to test that the Windows installer export buttons download a working executable installer w... Viktor Gurov
09:47 AM Bug #11858 (Rejected): OpenVPN Client Interface Change Requires Reboot to Take Effect: This site is not for support or diagnostic discussion, and reports of issues on obsolete versions are also invalid.
... Jim Pingle
09:29 AM Bug #11858 (Rejected): OpenVPN Client Interface Change Requires Reboot to Take Effect: 2.4.5-RELEASE-p1, Netgate SG-5100
Just as the subject says. I tried restarting the service, and disabling the VPN... Web Dawg
09:29 AM Regression #11839: Panic on 21.05/2.6.0 snapshots when memory usage is high: This continues to be simple to hit and quite annoying. Installs that worked fine for years all of a sudden can't run ... Jim Pingle
09:21 AM Regression #11857 (Closed): Match rules cause pf error parsing rules: Having a match rule, either manually or from ALTQ traffic shaping, leads to a pfctl error loading the rules:... Jim Pingle
09:16 AM pfSense Packages Bug #10436: softflowd no longer sends flow data after upgrade (v0.9.9_1 -> v1.0.0): see:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=255206
https://github.com/irino/softflowd/issues/38
Viktor Gurov
08:56 AM Regression #11805: Port forward rules only function through the default gateway interface, ``reply-to`` does not work for Multi-WAN (CE Only): Jens Groh wrote:
> If you don't mind: if the fix was checked into RELENG_2_5_0, could you post the fix/patch ID so o... Jim Pingle
08:53 AM Regression #11805: Port forward rules only function through the default gateway interface, ``reply-to`` does not work for Multi-WAN (CE Only): Jim Pingle wrote:
> 2.6.0 snapshots are currently working correctly, and the fix was checked into RELENG_2_5_0. What... Jens Groh
08:33 AM Bug #11855 (Pull Request Review): Error when changing MTU if the interface is used for both IPv4 and IPv6 default routes: Jim Pingle
06:23 AM Bug #11855: Error when changing MTU if the interface is used for both IPv4 and IPv6 default routes: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/225 Viktor Gurov
05:59 AM Bug #11855 (Resolved): Error when changing MTU if the interface is used for both IPv4 and IPv6 default routes: How to reproduce:
1) Configure both IPv4 and IPv6 default gateways on interface
2) Change interface MTU
3) Result:... Viktor Gurov
08:32 AM pfSense Packages Bug #11756 (Pull Request Review): HaProxy does not transfer backend states during reload: Jim Pingle
05:19 AM pfSense Packages Bug #11756: HaProxy does not transfer backend states during reload: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/82 Viktor Gurov
08:31 AM Bug #11854 (Closed): DNS resolver stopped by himself with fatal error: Doesn't look exactly like #11316 but may be related. If not, it's a different Unbound bug that is out of our control.... Jim Pingle
03:08 AM Bug #11854 (Closed): DNS resolver stopped by himself with fatal error: 2.5.1-RELEASE (amd64)
built on Mon Apr 12 07:50:14 EDT 2021
Please note that nobody was editing pfsense settings... Yann Papouin
08:28 AM pfSense Packages Bug #11847 (Pull Request Review): Filters not applied to PEER Groups: Jim Pingle
02:44 AM pfSense Packages Bug #11847: Filters not applied to PEER Groups: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/81 Viktor Gurov
08:26 AM Bug #11850 (Pull Request Review): NTP authentication input validation rejects valid keys: Jim Pingle
02:23 AM Bug #11850: NTP authentication input validation rejects valid keys: An MD5 key is a string of 20 random printable ASCII characters,
while a SHA key is a string of 40 random hex digits.... Viktor Gurov
08:01 AM pfSense Packages Bug #11853 (Duplicate): softflowd not sending flow data: Duplicate of #10436 Jim Pingle
08:01 AM Feature #11856: Replace/add Alias or DNS names for known LAN addresses in the State table: This is unlikely to be viable because it would scale very poorly. That said, if someone can come up with a way to do ... Jim Pingle
07:16 AM Feature #11856 (New): Replace/add Alias or DNS names for known LAN addresses in the State table: Looking at the State table it would be nice to have internal addresses shown as DNS names or aliases if it can be res... John Weithman

04/26/2021

10:53 PM Bug #11820: Backup restore problem with webConfigurator: Marcos Mendoza wrote:
> It may be that the webconfigurator needs to be restarted after the restore. Would you be abl... Marcelo Gondim
10:36 PM pfSense Packages Bug #11853 (Duplicate): softflowd not sending flow data: No flows being exported from the firewall (as reported by capture on the firewall) and hence no flows being collected... Nigel Smith
06:23 PM Bug #11453: ``wpa_supplicant`` uses 100% of a CPU core at boot: MILO MEDIN wrote:
> @rom racer, thanks for doing the build.
>
> I loaded it in 2.5.1 and can confirm it fixes t... Matt Johnson
06:15 PM Bug #11453: ``wpa_supplicant`` uses 100% of a CPU core at boot: @rom racer, thanks for doing the build.
I loaded it in 2.5.1 and can confirm it fixes the issue for me too.
MILO MEDIN
02:25 PM Regression #11795: Applying IPsec settings for more than ~30 tunnels times out PHP: I would add that it also takes a LONG time to pull ipsec status. Core Team
01:08 PM Bug #11852 (Resolved): State table content on ``diag_dump_states.php`` does not sort properly: Not sure if bug or regression. But Columns in the diag_dump_states.php will not sort
You can click on the column ... JohnPoz _
08:22 AM Bug #11678 (Resolved): Certificate Manager does not report Unbound as using a certificate: It works. It shows as in use when the certificate is active ("Enable SSL/TLS Service" checked), and it doesn't show i... Jim Pingle
08:07 AM pfSense Docs Todo #11849 (Rejected): CARP mode when upgrading HA clusters: This is all as expected.
If the button says "Enter ..." then it's not in maintenance mode. If the button says "Lea... Jim Pingle
07:53 AM pfSense Packages Todo #11845: Update OpenVPN client export installers to 2.5.2: Need to test that the Windows installer export buttons download a working executable installer which installs the exp... Jim Pingle
03:05 AM Bug #11851 (Closed): /etc/rc.start_packages double-starts some packages: During boot process, /etc/rc.start_packages double starts some packages, slowing down boot significantly in some case... Dave Tickem

04/25/2021

05:58 PM Bug #11453: ``wpa_supplicant`` uses 100% of a CPU core at boot: Hayden Hill wrote:
> rom racer wrote:
> > @Milo Medin, great find! I've published some details on the pfatt issue ... Matt Johnson
03:33 PM Bug #10955: XMLRPC sync results in an error when a failover peer IP address is specified in DHCP server settings for an unconfigured interface: Same for me, bug is present again Manuel Trier

04/24/2021

08:09 PM Bug #11453: ``wpa_supplicant`` uses 100% of a CPU core at boot: rom racer wrote:
> @Milo Medin, great find! I've published some details on the pfatt issue here as well as a patche... Hayden Hill
07:50 PM Bug #11453: ``wpa_supplicant`` uses 100% of a CPU core at boot: @Milo Medin, great find! I've published some details on the pfatt issue here as well as a patched wpa_supplicant:
... rom racer
06:54 PM pfSense Packages Bug #11753 (Resolved): Enabling DNS over HTTPS/TLS Blocking in pfBlockerNG Causes Crash: Confirmed pfBlockerNG 3.0.0_16 fixes this issue. There is a form validation that pops up at the top with a message n... Kris Phillips
06:14 PM pfSense Packages Bug #11711: New Squid Status Page Non-Functional: Based on the error messages, it would seem it's something with TLS negotiation, which is odd since it works fine with... Kris Phillips
06:13 PM pfSense Packages Bug #11711: New Squid Status Page Non-Functional: Status page with squidGuard disabled:
Squid Object Cache: Version 4.13
Build Info:
Service Name: squid
Start Ti... Kris Phillips
06:12 PM pfSense Packages Bug #11711: New Squid Status Page Non-Functional: Error message that shows up in the Status page with squidGuard enabled:
HTTP/1.1 503 Service Unavailable
Server: ... Kris Phillips
06:08 PM pfSense Packages Bug #11711: New Squid Status Page Non-Functional: Confirmed. You only need to enable squidGuard for the issue to become present. If you have it installed, but disabl... Kris Phillips
05:19 PM pfSense Packages Todo #11845: Update OpenVPN client export installers to 2.5.2: 21.02.2 reports the following versions while installing OvpnCE in package manager - openvpn-client-export-2.5.2/pfSen... Jordan G
03:50 PM Feature #11750: Support for network interfaces using the ``qlnxe`` driver: Viktor Gurov wrote:
> https://gitlab.netgate.com/pfSense/FreeBSD-src/-/merge_requests/11
That GitLab link seems b... Layla Mah
12:44 PM Bug #11850 (Closed): NTP authentication input validation rejects valid keys: I run into issues with the "Enable NTPv3 authentication (RFC 1305)" and more precisely whit entering a valit SHA-1 ke... Thomas Paetzold
12:11 PM Bug #11678: Certificate Manager does not report Unbound as using a certificate: Tested on the latest Development version.
It still doesn't show Unbound as a user of the certificate. I was able ... Danilo Zrenjanin
12:04 PM Feature #11790: Support hiding interface groups via special tag: Sure
https://github.com/theonemcdonald/pfSense-pkg-WireGuard
https://youtu.be/ljcJE7bZNWE
https://github.com... Christian McDonald
09:10 AM Feature #11790: Support hiding interface groups via special tag: Can you provide an example of how this would benefit a package? It'd be nice to have some context, thanks! Marcos M
10:25 AM pfSense Docs Todo #11849 (Rejected): CARP mode when upgrading HA clusters: The current documentation:
https://docs.netgate.com/pfsense/en/latest/install/upgrade-guide-ha.html
says to d... Nick Carr
09:00 AM Bug #11815: NoIP.com Dynamic DNS update failure is not detected properly: The logs make it sound less like it failed to update with the service, and more-so that the public IP at the time rem... Marcos M
08:48 AM Bug #11820: Backup restore problem with webConfigurator: It may be that the webconfigurator needs to be restarted after the restore. Would you be able to test again, and rest... Marcos M

04/23/2021

09:05 PM pfSense Packages Bug #11848 (New): Issue with squid cache download speed: I found a strange problem, when testing squid's cache using https://www.internode.on.net/support/tools/speed_test/
T... ageekhere ageekhere
01:33 PM Regression #11795: Applying IPsec settings for more than ~30 tunnels times out PHP: There must be more to it than just the number of tunnels. I generated a config with 40 dummy tunnels and it applies t... Jim Pingle
10:01 AM pfSense Packages Bug #11847 (Resolved): Filters not applied to PEER Groups: When creating a Peer group and adding an AS/Prefix filter or route map to the peer group, the generated configuration... Grant Gordon
07:18 AM Bug #11846 (Pull Request Review): Logging configuration added by a package is not removed on uninstall: Jim Pingle
12:51 AM Bug #11846: Logging configuration added by a package is not removed on uninstall: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/223 Viktor Gurov
12:43 AM Bug #11846 (Resolved): Logging configuration added by a package is not removed on uninstall: How to reproduce:
1) Install HAProxy-devel;
2) Check /var/etc/syslog.d/haproxy.log.conf file;
3) Uninstall HAPro... Viktor Gurov
12:13 AM Regression #11751: Input validation prevents creating 1:1 NAT rules on IPsec: Fiden Galvez wrote:
> Hi Victor:
> Please could you share again the fix, cause he link looks like it is dead.
Viktor Gurov

04/22/2021

06:10 PM Revision 697a99c1: Improve Captive Portal redirect URL handling.: * Fix handling of after auth redir URL value so it gets properly
respected as stated in the GUI. Fixes #11842
* Fix u... Jim Pingle
06:05 PM Revision de9ba32b: Improve Captive Portal redirect URL handling.: * Fix handling of after auth redir URL value so it gets properly
respected as stated in the GUI. Fixes #11842
* Fix u... Jim Pingle
03:12 PM pfSense Packages Todo #11845 (Feedback): Update OpenVPN client export installers to 2.5.2: Done. Available now in OpenVPN client export pkg version 1.6 on Plus 21.02.2 and CE 2.5.1.
Will be in snapshots fo... Jim Pingle
02:31 PM pfSense Packages Todo #11845 (Resolved): Update OpenVPN client export installers to 2.5.2: OpenVPN 2.5.2 fixes some bugs and a noteworthy CVE, "CVE-2020-15078":https://community.openvpn.net/openvpn/wiki/CVE-2... Jim Pingle
02:44 PM Regression #11751: Input validation prevents creating 1:1 NAT rules on IPsec: Hi Victor:
Please could you share again the fix, cause he link looks like it is dead.
Thank you Fiden Galvez
02:36 PM Todo #11844 (Feedback): Update OpenVPN to 2.5.2: Added to 2.6.0/21.05 Renato Botelho
02:28 PM Todo #11844 (Closed): Update OpenVPN to 2.5.2: OpenVPN 2.5.2 fixes some bugs and a noteworthy CVE, "CVE-2020-15078":https://community.openvpn.net/openvpn/wiki/CVE-2... Jim Pingle
01:20 PM Bug #11843 (Feedback): Potential XSS vulnerability in Captive Portal ``redirurl`` handling: Applied in changeset commit:de9ba32bd3531ccf74e143391deaacb77e085097. Jim Pingle
12:53 PM Bug #11843 (Closed): Potential XSS vulnerability in Captive Portal ``redirurl`` handling: The value of @redirurl@ is passed as-is from the client URL into a page result served to users in certain cases. If a... Jim Pingle
01:20 PM Bug #11842 (Feedback): Captive Portal post-auth redirect is not properly respected: Applied in changeset commit:de9ba32bd3531ccf74e143391deaacb77e085097. Jim Pingle
12:53 PM Bug #11842 (Closed): Captive Portal post-auth redirect is not properly respected: The value of "After authentication Redirection URL" in Captive Portal is supposed to override the automatically detec... Jim Pingle
10:11 AM Regression #11839: Panic on 21.05/2.6.0 snapshots when memory usage is high: Attaching another crash with a potentially more interesting backtrace. Jim Pingle
09:03 AM Regression #11839 (Closed): Panic on 21.05/2.6.0 snapshots when memory usage is high: On several systems (hardware and VMs) running Plus 21.05 and CE 2.6.0 snapshots I am seeing panics when the systems a... Jim Pingle
09:30 AM pfSense Packages Bug #11841 (New): FRR access lists default bahavior changed to permit by default: Free Range Routing's Access List behavior in pfSense 2.5.x has changed fundamentally from previous versions, changing... Gavin Owen
08:30 AM pfSense Packages Bug #11838 (Needs Patch): FRR ospf6d consumes all available memory+swap after an interface event: In certain cases ospf6d will consume all RAM and swap after an interface event. For me, the easiest way to reproduce ... Jim Pingle
07:11 AM Bug #11586 (Not a Bug): WireGuard panic when saving many times in a row: Jim Pingle
06:34 AM Bug #11586: WireGuard panic when saving many times in a row: Unable to reproduce this on the latest kmod code..and I've been quite aggressive at building and tearing down tunnels... Christian McDonald
07:08 AM pfSense Packages Feature #11837 (New): Increase field length of FRR Networks in Access Lists and Prefix Lists: The field lengths for the network statements within the Free Range Routing package's Access Control List and Prefix-L... Gavin Owen
06:40 AM pfSense Packages Bug #11836 (Confirmed): FRR ACCEPTFILTER shows out of order prefix-list: Adding entries to the ACCEPTFILTER prefix-list creates erratic behavior within the FRR running configuration.
Have... Gavin Owen
06:32 AM Bug #11587: WireGuard interfaces do not have data on traffic graphs: Bumping this so Renato sees it, since we are closing issues :) Christian McDonald
06:05 AM Bug #11600 (Not a Bug): WireGuard interfaces should have MSS clamping enabled by default: Renato Botelho
05:42 AM Bug #11600: WireGuard interfaces should have MSS clamping enabled by default: This seems to no longer be a requirement, as WireGuard by design should be able to pass larger MTUs within the tunnel... Christian McDonald
06:05 AM Bug #11339 (Not a Bug): Odd console output when WireGuard is running: Renato Botelho
05:41 AM Bug #11339: Odd console output when WireGuard is running: Not seeing this on the latest kmod code Christian McDonald
04:53 AM Bug #8618: 2.4.4 *possible bug* with Intel C3858 and Interface Auto-Detection on 10Gb interfaces: Sorry for reviving an old thread but the problem remains in 2021.
I just purchased a Supermicro A2SDi-TP8F and the... Alexandre Tatut
03:19 AM Bug #11830: Certificate validation with OCSP always fails in ``openvpn.tls-verify.php``: see also #11829 Viktor Gurov
03:19 AM Bug #11829 (Duplicate): OpenVPN client certificate validation with OCSP always fails: Duplicate of #11830 Viktor Gurov
03:02 AM pfSense Packages Bug #11835 (New): FRR OSPF redistributed connected routes disappearing: pfSense/FRR is flushing and repropagating certain OSPF routes unnecessarily, causing outages.
Scenario is two fire... Gavin Owen
01:52 AM Feature #11164 (Resolved): Input validation to prevent setting a load balancing gateway group as default: Viktor Gurov

04/21/2021

09:19 PM Feature #11164: Input validation to prevent setting a load balancing gateway group as default: note is added (attached)
2.6.0-DEVELOPMENT (amd64)
built on Wed Apr 21 01:03:55 EDT 2021
FreeBSD 12.2-STABLE Alhusein Zawi
04:05 PM Bug #11834 (Rejected): Default gateway unsets (world icon goes) & default route changes from IP to MAC address: This site is not for support or diagnostic discussion and there is not enough information here to suggest it is a bug... Jim Pingle
03:46 PM Bug #11834: Default gateway unsets (world icon goes) & default route changes from IP to MAC address: Ben Edmunds wrote:
> I have recently added a second WAN link and notice that around once every 8 or so hours my defa... Tigger 2014
03:42 PM Bug #11834 (Rejected): Default gateway unsets (world icon goes) & default route changes from IP to MAC address: I have recently added a second WAN link and notice that around once every 8 or so hours my default route is broken an... Tigger 2014
02:33 PM Bug #11502 (Not a Bug): WireGuard ``matchaddr failed`` kernel messages in system log: Renato Botelho
02:10 PM Bug #11502: WireGuard ``matchaddr failed`` kernel messages in system log: Unable to reproduce this now with latest kmod code. Christian McDonald
01:41 PM Regression #11795: Applying IPsec settings for more than ~30 tunnels times out PHP: Currently running on 21.02.2-RC code on zColo vpn concentrators, along with a patch to fix VTI creation issues after ... Core Team
11:48 AM Bug #11828: PPPOE not working VPN not workin Blocking internet and pfsense gui is blocked after upgrade 2.4.5 to 2.5.1: also Nord VPN is down will not connect or if it doesn no internet and then goes down
Site to Site OPENVPN does co... mike nah
11:19 AM Bug #11828: PPPOE not working VPN not workin Blocking internet and pfsense gui is blocked after upgrade 2.4.5 to 2.5.1: also packages dont import it sticks on Please wait while the update system initializes
does nothing i guess thats n... mike nah
08:06 AM Bug #11828: PPPOE not working VPN not workin Blocking internet and pfsense gui is blocked after upgrade 2.4.5 to 2.5.1: i seen the ppp on the 2.4.5 so your saying it gets deleted in 2.5.1. so i gotta re add it
PPPOe WAN OpenVPN ... mike nah
07:55 AM Bug #11828: PPPOE not working VPN not workin Blocking internet and pfsense gui is blocked after upgrade 2.4.5 to 2.5.1: Jim Pingle wrote:
> I can't reproduce anything like that here on PPPoE -- please keep the discussion going on your f... mike nah
07:40 AM Bug #11828 (Not a Bug): PPPOE not working VPN not workin Blocking internet and pfsense gui is blocked after upgrade 2.4.5 to 2.5.1: I can't reproduce anything like that here on PPPoE -- please keep the discussion going on your forum thread until a m... Jim Pingle
09:48 AM Regression #11805: Port forward rules only function through the default gateway interface, ``reply-to`` does not work for Multi-WAN (CE Only): 2.6.0 snapshots are currently working correctly, and the fix was checked into RELENG_2_5_0. Whatever release happens ... Jim Pingle
09:42 AM Regression #11805: Port forward rules only function through the default gateway interface, ``reply-to`` does not work for Multi-WAN (CE Only): I don't know if this is substantial new information, especially if a fix is already under development. But what I fig... Emanuel Birkmann
07:16 AM Regression #11805 (Feedback): Port forward rules only function through the default gateway interface, ``reply-to`` does not work for Multi-WAN (CE Only): I cleaned up the comments again. *Please do not comment unless you have substantial new information*. Otherwise, keep... Jim Pingle
01:05 AM Regression #11805: Port forward rules only function through the default gateway interface, ``reply-to`` does not work for Multi-WAN (CE Only): Adam Kuklycz wrote:
> Now, with Jim removing a handful of comments saying they too have the issue, it gives the perc... Kristof Provost
09:45 AM Revision 91bdd4ef: Do not remove IPv6 link-local vips on secondary during hasync, refs: #11103: znerol
09:44 AM Revision 55b55478: Do not remove route upon radvd shutdown, refs: #11103: znerol
09:02 AM Bug #11188 (Resolved): MultiWAN setup NAT issue: Resolved in #11436 Viktor Gurov
08:03 AM Bug #11833 (Rejected): Bugg version 2.5.0 and 2.5.1: This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
07:59 AM Bug #11833 (Rejected): Bugg version 2.5.0 and 2.5.1: Hello,
Since I upgraded to version 2.5.0, my OPENVPN goes down and then the DHCP also goes down and I don't have acc... Francis TAISANERIE
08:00 AM Bug #11832 (Pull Request Review): ``ipsec_vti()`` does not skip disabled VTI entries: Jim Pingle
05:09 AM Bug #11832: ``ipsec_vti()`` does not skip disabled VTI entries: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/222 Viktor Gurov
05:06 AM Bug #11832 (Closed): ``ipsec_vti()`` does not skip disabled VTI entries: https://github.com/pfsense/pfsense/blob/3af1961155caafb890cfb635d7278e1498ae7423/src/etc/inc/ipsec.inc#L959:... Viktor Gurov
07:49 AM Feature #11103 (Pull Request Review): Use virtual link local IP address as RA source address for HA environments: Jim Pingle
05:03 AM Feature #11103: Use virtual link local IP address as RA source address for HA environments: Found another thing I've missed before:
https://github.com/pfsense/pfsense/pull/4515 znerol znerol
07:43 AM Regression #11806 (Pull Request Review): IPv4 link-local (``169.254.x.x``) gateway does not function: Jim Pingle
05:16 AM Regression #11806: IPv4 link-local (``169.254.x.x``) gateway does not function: Viktor Gurov wrote:
> Jim Pingle wrote:
> > Limiting the change from #11713 to only IPv6 addresses partially solves... Viktor Gurov
01:13 AM Regression #11806: IPv4 link-local (``169.254.x.x``) gateway does not function: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/221
"route has not been found" - another issue and not... Viktor Gurov
07:11 AM Bug #11808 (Resolved): Ignore WireGuard configurations under ``<installedpackages></installedpackages>``: Renato Botelho
04:50 AM Bug #11808: Ignore WireGuard configurations under ``<installedpackages></installedpackages>``: This is working as expected! Christian McDonald
04:04 AM Bug #11662 (Pull Request Review): QinQ using OpenVPN ``ovpn`` interface as a parent is not configured at boot time: Viktor Gurov
03:43 AM Bug #11831 (Resolved): Certificate Revocation tab does not list active users of CRL entries: Unlike "CAs" and "Certificates" pages, "Certificate Revocation" doesn't show the services names in the "In Use" colum... Viktor Gurov
02:59 AM Bug #11290: Package ``<plugins>`` and ``<tabs>`` content missing from configuration in some cases: Jeremy Utley wrote:
> I am encountering this exact issue on 2.5.1 now. I have a pair of 2.5.1 PFSense CE installs w... Viktor Gurov

04/20/2021

09:53 PM Bug #11830 (Closed): Certificate validation with OCSP always fails in ``openvpn.tls-verify.php``: Certificate validation by the script will always fail:
1. exec function used to call "openssl ocsp" returns only the... Konstantin Panchenko
09:40 PM Bug #11829 (Closed): OpenVPN client certificate validation with OCSP always fails: Establishing OpenVPN tunnel will always fail if "Check client certificates with OCSP" enabled.
OpenVPN will call "ov... Konstantin Panchenko
08:58 PM Regression #11524 (Feedback): Using SHA1 or SHA256 with AES-NI may fail if AES-NI attempts to accelerate hashing: Regression fixed in 2.6 devel. Luiz Souza
12:53 PM Regression #11524: Using SHA1 or SHA256 with AES-NI may fail if AES-NI attempts to accelerate hashing: After inspecting the code, disabling the SHA functionality in AES-NI is the best course of action. Jim Pingle
07:53 PM Bug #11828 (Not a Bug): PPPOE not working VPN not workin Blocking internet and pfsense gui is blocked after upgrade 2.4.5 to 2.5.1: i not sure if i filled in the problems the in proper format you guys want from the page requirements.. hope its ok
... mike nah
06:41 PM Regression #11805: Port forward rules only function through the default gateway interface, ``reply-to`` does not work for Multi-WAN (CE Only): I also have the same problem! Reinaldo Alves Feitosa
04:07 PM pfSense Packages Feature #11827 (New): Please include acme deploy folder/scripts: The acme project includes a @deploy@ folder with several dozen scripts available to the --deploy-hook switch.
pfSe... Pete Holzmann
02:02 PM pfSense Packages Feature #11826 (New): Preserve acme SAN Method parameters for new cert creations: In a given environment, it is very likely that SAN Method parameters (eg API Token) will be identical for every SAN c... Pete Holzmann
01:55 PM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs: Hi Kristof,
Sorry, my test was been incorrect, NPt actually works on 21.02.2-RELEASE (amd64).
My firewall rule wa... DRago_Angel [InV@DER]
01:23 PM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs: <removed> DRago_Angel [InV@DER]
06:49 AM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs: Please post your full configuration file (censor any passwords / keys) or e-mail it to me at kprovost@netgate.com.
Y... Kristof Provost
11:33 AM Bug #11678: Certificate Manager does not report Unbound as using a certificate: Jim Pingle wrote:
> Not so critical we need to rush it into this release, but the next one, sure.
Here's the real... Pete Holzmann
10:45 AM Feature #11825: Assign IPv6 address to WAN with PD-only ISP: Jim Pingle wrote:
> It's not viable to have addresses from the same subnet on two different interfaces. It places th... Jonathan Grande
10:22 AM Feature #11825 (Rejected): Assign IPv6 address to WAN with PD-only ISP: It's not viable to have addresses from the same subnet on two different interfaces. It places them into the same subn... Jim Pingle
10:09 AM Feature #11825 (Rejected): Assign IPv6 address to WAN with PD-only ISP: When the WAN interface is set to "request only an IPv6 prefix" (which is required by some ISPs), no IPv6 address is a... Jonathan Grande
08:41 AM Bug #11290: Package ``<plugins>`` and ``<tabs>`` content missing from configuration in some cases: I am encountering this exact issue on 2.5.1 now. I have a pair of 2.5.1 PFSense CE installs with IPSec connections t... Jeremy Utley
07:01 AM pfSense Packages Bug #11711: New Squid Status Page Non-Functional: it works fine after disabling SquidGuard Viktor Gurov
03:58 AM Feature #11406: GUI option to set MTU for L2TP VPN server: Alhusein Zawi wrote:
> There is no option to change MTU in L2TP VPN server
Please check on the latest 2.6 snapsho... Viktor Gurov
03:48 AM Regression #11806: IPv4 link-local (``169.254.x.x``) gateway does not function: Jim Pingle wrote:
> Limiting the change from #11713 to only IPv6 addresses partially solves the problem but also res... Viktor Gurov
01:50 AM Bug #11824 (Duplicate): pfSense 2.5.1 multi-WAN accepts inbound traffic only on default gatway: Duplicate of #11805 Viktor Gurov
12:29 AM Bug #11824 (Duplicate): pfSense 2.5.1 multi-WAN accepts inbound traffic only on default gatway: Before upgrade to 2.5.1, a dual-WAN device did accept inbound IPv4 traffic on both WAN connections according to NAT a... Michael Schefczyk
12:38 AM pfSense Plus Bug #11807: HA setup restarts all OpenVPN instances on the secondary after making any change on the primary: Edgar Escoboza wrote:
> PfSenseVersion.png demonstrates that we are on the latest version of the PfSense+
> CodeRev... Viktor Gurov

Also available in: Atom

Project

General

Profile

pfSense

Activity

Activity

05/19/2021

05/18/2021

05/17/2021

05/16/2021

05/15/2021

05/14/2021

05/13/2021

05/12/2021

05/11/2021

05/10/2021

05/09/2021

05/08/2021

05/07/2021

05/06/2021

05/05/2021

05/04/2021

05/03/2021

05/02/2021

05/01/2021

04/30/2021

04/29/2021

04/28/2021

04/27/2021

04/26/2021

04/25/2021

04/24/2021

04/23/2021

04/22/2021

04/21/2021

04/20/2021