Activity

30 days up to

User

Subprojects

Activity

From 05/03/2021 to 06/01/2021

06/01/2021

08:56 PM Regression #11524: Using SHA1 or SHA256 with AES-NI may fail if AES-NI attempts to accelerate hashing: Tested with SHA256 on IPsec P1 and SHA1 on P2 on @21.05-RC built on Wed May 26 18:11:31 EDT 2021@ with AES-NI selecte... Marcos M
04:11 PM Revision 68be10e6: Duplicating Outbound NAT rule fix. Issue #11981: Viktor Gurov
04:06 PM Bug #11843 (Resolved): Potential XSS vulnerability in Captive Portal ``redirurl`` handling: Tested this against 21.05.r.20210526.1807.
Whilst logged in:... Steve Wheeler
03:58 PM Revision ec8adb56: Create Outbound NAT automatic equivalent rules when switching from Automatic to Manual mode. Fixes #11982: Viktor Gurov
01:12 PM Todo #11983 (Pull Request Review): Hide "Reboot and run a filesystem check" for ZFS systems: Jim Pingle
11:14 AM Todo #11983: Hide "Reboot and run a filesystem check" for ZFS systems: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/273 Viktor Gurov
10:56 AM Todo #11983 (Resolved): Hide "Reboot and run a filesystem check" for ZFS systems: ZFS does not have a fsck utility, so the option to reboot and run a filesystem check does not make sense to offer to ... Jim Pingle
11:20 AM Regression #11982 (Feedback): Outbound NAT does not create automatic equivalent rules when switching from Automatic to Manual mode: Applied in changeset commit:ec8adb56d59a293516d1a0a3fb4eb45aad299f5b. Viktor Gurov
10:59 AM Regression #11982: Outbound NAT does not create automatic equivalent rules when switching from Automatic to Manual mode: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/272 Viktor Gurov
08:47 AM Regression #11982 (Resolved): Outbound NAT does not create automatic equivalent rules when switching from Automatic to Manual mode: When a user switches from Automatic Outbound NAT to Manual Outbound NAT, the GUI is supposed to create a set of stati... Jim Pingle
11:03 AM Regression #11550 (Resolved): Segmentation fault when loading ALTQ traffic shaping rules using FAIRQ: pfSense 2.5.1 test:... Viktor Gurov
10:54 AM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: That might explain why my example config triggers the problem. As preg_match is being used by the PHP code for urltab... Arthur Wiebe
10:20 AM Regression #11805: Port forward rules only function through the default gateway interface, ``reply-to`` does not work for Multi-WAN (CE Only): Testing on 2.5.2-BETA snapshot build 2.5.2.b.20210601.0300 confirms it is fixed there on a system which could reprodu... Jim Pingle
10:15 AM Regression #11316: Unbound crashes with signal 11 when reloading: Jim Pingle wrote:
> The unbound112 build is available in the pkg repository but we're still working on a good set of... Alexis Mestag
09:58 AM Regression #11981 (Pull Request Review): Duplicating Outbound NAT rule does not carry over contents of the source rule: Jim Pingle
09:17 AM Regression #11981: Duplicating Outbound NAT rule does not carry over contents of the source rule: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/271 Viktor Gurov
08:22 AM Regression #11981 (Closed): Duplicating Outbound NAT rule does not carry over contents of the source rule: When using the copy button on an Outbound NAT rule on firewall_nat_out.php, the contents of the source rule are not c... Jim Pingle
09:03 AM pfSense Packages Feature #11972 (Pull Request Review): Arpwatch - Add support for Telegram notifications: Jim Pingle
03:54 AM pfSense Packages Feature #11972: Arpwatch - Add support for Telegram notifications: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/92 Viktor Gurov
09:02 AM Feature #11978 (Pull Request Review): New Dynamic DNS Provider: Strato: Too late for 2.5.2. Jim Pingle
08:55 AM Todo #11976 (Pull Request Review): Compliance with pfSense style guide in Dynamic DNS service code: Jim Pingle
08:42 AM Bug #11979 (Rejected): GUI Cannot reassign Interface on LAGG port: I can't replicate the behavior as stated, and this site is not for support or diagnostic discussion.
For assistanc... Jim Pingle
08:40 AM Feature #11975 (Duplicate): Simplify NAT logging to conforme more easily with local/regional laws: Duplicate of #7800
We're limited at the moment by what pf offers as data for logging, and last I saw, it doesn't s... Jim Pingle
08:37 AM Bug #11973 (Not a Bug): High Latency every 10 second on TCP OVPN: There isn't enough information here to definitively classify this as a bug in pfSense. This site is not for support o... Jim Pingle
07:39 AM pfSense Packages Bug #11366: Arpwatch Cron Notification every 15 minutes: Just checking on the status of this. I updated to the latest version of pfSense, 2.5.1-RELEASE (amd64), and it rever... Edward Thomas
03:51 AM pfSense Packages Bug #11977 (Duplicate): Any mail from the pfsense appliance has "Arpwatch Notification" in the subject line, no matter which package the mail comes from: Duplicate of #8454
see also #11366 Viktor Gurov
03:06 AM pfSense Packages Bug #11980: EAP does not work with SQL backend: Please provide more info - "radiusd `-X`" output during EAP+SQL authentication and changes in the `inner-tunnel-*` fi... Viktor Gurov

05/31/2021

07:56 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: I have confirmed this PHP segmentation fault issue is an issue only on 32-bit ARM hardware such as that in the SG-310... Bill Meeks
06:26 PM Revision 9713b8ee: Add devel/git back to list of packages: Renato Botelho
01:31 PM Bug #11629: PPPoE WAN IP address different than expected when set static by ISP: Jim Pingle wrote:
> We will need a lot more information here since it isn't happening to others that we're aware of ... Daniel van der Wal

05/30/2021

09:01 PM Bug #11636 (Resolved): Unused Limiter entries with schedules create unnecessary cron jobs: Tested and working on 21.05/2.5.2. Cron job was not added until a rule contained the limiter, and the cron job was re... Marcos M
08:43 PM Bug #11718 (Resolved): XMLRPC Client does not honor its default timeout value: This fix has resolved a couple of different setups where the 60s timeout was being hit. Afterwards, the xmlrpc calls ... Marcos M
07:19 PM pfSense Packages Bug #11980 (Feedback): EAP does not work with SQL backend: The problem is that the sql module references in /usr/local/etc/sites-enabled/inner-*-tunnel remain commented out or ... Louis Casambre
07:10 PM Bug #11979 (Rejected): GUI Cannot reassign Interface on LAGG port: I was trying to reassign the HA sync interface from lagg0.4000 to igb3 through the GIU. Saving the setting however wo... Louis Casambre
07:07 PM Regression #11795 (Resolved): Applying IPsec settings for more than ~30 tunnels times out PHP: Tested 51 entries and working on 21.05/2.5.2 - marking as resolved. Marcos M
04:47 PM Bug #11704 (Resolved): Stale hostname registration data for OpenVPN clients is not deleted from the DNS Resolver configuration at boot: Tested and working - marking as resolved. Marcos M
04:15 PM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: >
> I gave up 2 years ago and moved to Untangle Firewall. Worked instantly for all the xboxes in our house. All m... Polar Nerd
04:08 PM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: Polar Nerd wrote:
> Marc 05 wrote:
> > Likely not as miniupnp hasn't changed afaik.
>
> FYI here is a link to wh... Shane Angelo
12:36 PM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: Marc 05 wrote:
> Likely not as miniupnp hasn't changed afaik.
FYI here is a link to where they are discussing thi... Polar Nerd
09:12 AM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: Likely not as miniupnp hasn't changed afaik.
If you have time, find a copy of 2.4.0 and test it. It may help narro... Marc 05
04:16 AM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: Will this work on 2.5.1, as still having the same issue.
would love to test on 2.5.1 as i have 3 pcs all with COD ... Michael Clews
01:37 PM Bug #11821 (Rejected): Upgrade libcurl to version 7.76.0: There are CVEs present in 7.76.0 hence it will not be included on 21.05/2.5.2. New libcurl versions are included in t... Marcos M
09:47 AM Feature #11978: New Dynamic DNS Provider: Strato: PR: https://github.com/pfsense/pfsense/pull/4525
Dennis Neuhaeuser
09:41 AM Feature #11978 (Closed): New Dynamic DNS Provider: Strato: add the german "strato.de" to the dyndns providers Dennis Neuhaeuser
03:45 AM pfSense Packages Bug #11977 (Duplicate): Any mail from the pfsense appliance has "Arpwatch Notification" in the subject line, no matter which package the mail comes from: Most mail from the pfsense appliance has "Arpwatch Notification" in the subject line, even when it is from a complete... Lightning Bit

05/29/2021

10:42 PM Revision 79b9e082: Add some leeway to DynDNS cache expiration time check: This leeway is needed to ensure that the cache is invalidated after N days and
not N+1 days. The latter could happen,... Jaakko Kantojärvi
09:18 PM Revision 22949106: Merge identical code of DynDNS providers: Jaakko Kantojärvi
09:13 PM Revision f56efb0d: Sort DynDNS providers inside switch statements: Not all of the code is sorted in this commit, but comments
were added to the code to instruct future contributors to
... Jaakko Kantojärvi
09:13 PM Revision f6f1d1c6: Remove whitespace at end of line: Jaakko Kantojärvi
06:17 PM pfSense Packages Bug #11822 (Resolved): Upgrade ClamAV to 0.103.2: Verified that the version is upgraded in 21.05/2.5.2. Version in repos confirmed as 0.103.2_1. Kris Phillips
06:09 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: Tested on the 21.05 RC from May 26th on the SG-3100. This issue is still present. Kris Phillips
04:47 PM Todo #11976 (Resolved): Compliance with pfSense style guide in Dynamic DNS service code: Files for the dynamic DNS include white space in the end of lines.
Additionally, many switch statements list provi... Jaakko Kantojärvi
04:09 PM Feature #11975 (Duplicate): Simplify NAT logging to conforme more easily with local/regional laws: The French law requires from ISPs to log "who used this IP address at this timestamp?" informations for a year.
Fo... Anonymous
03:58 PM Feature #11974 (New): XMLRPC synchronization for igmmproxy settings: Configuration synchronization (XMLRPC) does not replicate the configuration of IGMP Proxy.
Related to #11957. Anonymous
01:06 PM Feature #11968 (Resolved): VLAN list sorting: Tested in
2.6.0-DEVELOPMENT (amd64)
built on Fri May 28 01:04:03 EDT 2021
FreeBSD 12.2-STABLE
It works as expe... Max Leighton
10:47 AM Bug #11973 (Not a Bug): High Latency every 10 second on TCP OVPN: Hello,
We have an PFSensePLUS on AWS with 2 OVPN server: 1 TCP and 1 UDP. After the update to 21.02.2 we noticed tha... Davide Accetturi
08:54 AM pfSense Packages Feature #11972 (Resolved): Arpwatch - Add support for Telegram notifications: Arpwatch does not have an option to send notifications to a Telegram backend, even when the Telegram configuration is... Sergio Fernández

05/28/2021

10:12 PM Feature #11968: VLAN list sorting: the "VLANS" headers are clickable .
2.6.0.a.20210528.0100 Alhusein Zawi
11:11 AM Feature #11968: VLAN list sorting: On RELENG_2_5_2 when branched Jim Pingle
07:51 PM Revision b5c9be99: Cisco-AVPair ACL rule: port range operator change: Previous operator ( `><` ) prevented inserting port range with min/max port.
Ex.
`ip:inacl#1=permit tcp host {clienti... fl0l0u
05:06 PM Revision 23f7fa0b: Add 2.5.2-BETA repo: (cherry picked from commit 8997bf4703ab41fe7d36c098c1e0d29d69e26194) Renato Botelho
05:03 PM Revision 34ca228a: Add 2.5.2-BETA repo: (cherry picked from commit 8997bf4703ab41fe7d36c098c1e0d29d69e26194) Renato Botelho
05:03 PM Revision 8997bf47: Add 2.5.2-BETA repo: Renato Botelho
03:51 PM Bug #11453: ``wpa_supplicant`` uses 100% of a CPU core at boot: This is in 2.6 snapshots and now 2.5.2. Also in 21.09 snapshots if testing on arm. Steve Wheeler
01:58 PM Regression #11723 (Closed): Virtual IP addresses are only added to interfaces after reboot: Works correctly now. Jim Pingle
01:56 PM Bug #11867 (Closed): Unquoted variable in ``dot.tcshrc`` can cause proxy password to be printed: Works correctly now. Jim Pingle
01:52 PM Bug #11765 (Closed): Invalid HTML encoding in modal Notices window: Since the bug causing the original notice was random and hard to reproduce, and also has been fixed, it's not viable ... Jim Pingle
01:42 PM Feature #11293 (Closed): New Dynamic DNS Provider: one.com: Closing for lack of feedback. No way for us to test this here. Jim Pingle
01:42 PM Feature #11294 (Closed): New Dynamic DNS Provider: Yandex PDD: Closing for lack of feedback. No way for us to test this here. Jim Pingle
01:42 PM Feature #11358 (Closed): New Dynamic DNS Provider: NIC.RU: Closing for lack of feedback. No way for us to test this here. Jim Pingle
01:42 PM Feature #11420 (Closed): New Dynamic DNS Provider: Gandi LiveDNS IPv6: Closing for lack of feedback. No way for us to test this here. Jim Pingle
01:42 PM Bug #11667 (Closed): Automatic 25-day forced Dynamic DNS update removes wildcard domain: Closing for lack of feedback. Jim Pingle
01:41 PM Bug #11815 (Closed): NoIP.com Dynamic DNS update failure is not detected properly: Closing for lack of feedback. No way for us to test this here. Jim Pingle
01:40 PM Bug #11754 (Closed): Digital Ocean Dynamic DNS help text is incorrect: New text is in place. Jim Pingle
01:28 PM Bug #11767 (Closed): Sanitize OpenVPN Client Export certificate password in status output: Works. Password is sanitized in the output.... Jim Pingle
12:22 PM Bug #11748 (Resolved): Automated corruption recovery from cached ``config.xml`` backup files should check multiple backups: On a fresh VM I made a few changes, booted to single user mode and truncated the last few configs to 0 bytes, and the... Jim Pingle
11:37 AM Revision bb5f626f: devel repo should use PKG_REPO_SERVER_DEVEL: Renato Botelho
11:12 AM Bug #11290: Package ``<plugins>`` and ``<tabs>`` content missing from configuration in some cases: On RELENG_2_5_2 when branched Jim Pingle
07:15 AM pfSense Packages Bug #11964 (Pull Request Review): pfBlocker XMLRPC sync CARP interface advskew: Jim Pingle
07:12 AM Bug #11678: Certificate Manager does not report Unbound as using a certificate: Slipped by me, too. And spell check, since it's technically a valid word.
Thanks! Jim Pingle
01:07 AM Bug #11678: Certificate Manager does not report Unbound as using a certificate: Jim Pingle wrote:
> Updating subject for release notes.
BTW, all this time the subject has a typo: Manger -> Mana... Pete Holzmann
07:12 AM pfSense Plus Bug #11971 (Not a Bug): pfSense Plus 21.02.2 Crashes while reboot: Something is wrong with your filesystem or disk, not a bug. You should wipe and reload from a recovery installation i... Jim Pingle
06:31 AM pfSense Plus Bug #11971 (Not a Bug): pfSense Plus 21.02.2 Crashes while reboot: Our Netgate, updated from pfSense 2.4.5-RELEASE-p1 to pfSense Plus 21.02.2 had the issue that the Traffic Graphs on t... Aljoscha Kretschmann

05/27/2021

11:29 PM pfSense Packages Bug #11892: WireGuard: dpinger does not start correctly on a WireGuard gateway at boot: [2.6.0-DEVELOPMENT][admin@pfSense.home.arpa]/root: ifconfig tun_wg0
tun_wg0: flags=80c1<UP,RUNNING,NOARP,MULTICAST... Alhusein Zawi
07:10 PM Revision 3845c6eb: Fix PKG_REPO_BRANCH_DEVEL s/devel/master/: Renato Botelho
07:02 PM Revision cac3f71a: Welcome pfSense CE 2.5.2-BETA: Renato Botelho
05:37 PM Revision ef4f9a8b: Observe 'after' value when creating a new rule: Steve Beaver
05:28 PM pfSense Packages Bug #11964: pfBlocker XMLRPC sync CARP interface advskew: from https://forum.netgate.com/topic/163709/dns-resolver-not-listening-on-lan-carp-vip-after-update-to-2-5-1/7:
> I ... Viktor Gurov
04:20 PM Revision 7dbe76cd: Init pkg plugin array before use. Fixes #11290: Jim Pingle
03:05 PM Revision cf8a0761: Make VLAN table sortable. Implements #11968: Jim Pingle
01:16 PM Revision 49674e1f: Move globals to include file: Steve Beaver
01:13 PM Revision 2ca19797: Move globals to include file: Steve Beaver
01:05 PM pfSense Packages Bug #11970 (Confirmed): Netgate Firmware Upgrade Doesn't Work on XG-2758 (ADI/coreboot): Any version of pfSense after 2.4.4p3 breaks the flashing functionality for coreboot in the Netgate Firmware Upgrade p... Kris Phillips
01:00 PM Revision a5d3732b: Validate input depends on flag: Steve Beaver
12:35 PM Bug #11290: Package ``<plugins>`` and ``<tabs>`` content missing from configuration in some cases: Jim Pingle wrote:
> Applied in changeset commit:7dbe76cd5756082cbd67db1b93acb606ad84996e.
Can confirm this fixes ... Jeremy Utley
11:30 AM Bug #11290 (Feedback): Package ``<plugins>`` and ``<tabs>`` content missing from configuration in some cases: Applied in changeset commit:7dbe76cd5756082cbd67db1b93acb606ad84996e. Jim Pingle
11:28 AM Bug #11290: Package ``<plugins>`` and ``<tabs>`` content missing from configuration in some cases: Jim Pingle wrote:
> This is actually a problem in the base system not specific to a package. I have a fix, will comm... Jeremy Utley
11:19 AM Bug #11290 (In Progress): Package ``<plugins>`` and ``<tabs>`` content missing from configuration in some cases: This is actually a problem in the base system not specific to a package. I have a fix, will commit shortly. Jim Pingle
10:15 AM Bug #11290: Package ``<plugins>`` and ``<tabs>`` content missing from configuration in some cases: Marcos Mendoza wrote:
> Do those have the @<type>plugin_carp</type>@ line in the /conf/config.xml file? If not, does... Jeremy Utley
10:44 AM Bug #11969 (Pull Request Review): PHP error if no DHCPv6 Relay interfaces are selected: Jim Pingle
10:23 AM Bug #11969: PHP error if no DHCPv6 Relay interfaces are selected: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/270 Viktor Gurov
10:19 AM Bug #11969 (Resolved): PHP error if no DHCPv6 Relay interfaces are selected: How to reproduce:
Unselect all interfaces on the services_dhcpv6_relay.php and uncheck "Enable"
Result:... Viktor Gurov
10:15 AM Feature #11968 (Feedback): VLAN list sorting: Applied in changeset commit:cf8a0761c5c2ae80b62743d6d476e0fae6f2495e. Jim Pingle
10:05 AM Feature #11968 (Resolved): VLAN list sorting: Add sorting for the table of VLAN tags, so the headers are clickable to sort by each column.
See also: #8558
Jim Pingle
09:17 AM Bug #11793: OpenVPN client starts when CARP VIP is in BACKUP status when bound to Virtual IP aliased to CARP VIP: Fixing up subject Jim Pingle
08:54 AM Bug #11967 (Pull Request Review): Mobile IPsec advanced RADIUS parameters do not allow numeric values with a decimal point: Jim Pingle
08:41 AM Bug #11967: Mobile IPsec advanced RADIUS parameters do not allow numeric values with a decimal point: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/269 Viktor Gurov
08:40 AM Bug #11967 (Closed): Mobile IPsec advanced RADIUS parameters do not allow numeric values with a decimal point: "RADIUS Advanced parameters" doesn't allow to enter numeric with a decimal point in the "Retransmit Base" and "Retran... Viktor Gurov
08:52 AM pfSense Packages Bug #11965 (Pull Request Review): Avahi service started twice by /etc/rc.start_package: Jim Pingle
03:41 AM pfSense Packages Bug #11965: Avahi service started twice by /etc/rc.start_package: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/91 Viktor Gurov
08:51 AM Bug #11966 (Pull Request Review): Incorrect RADVD log message on HA event: Jim Pingle
03:00 AM Bug #11966: Incorrect RADVD log message on HA event: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/268 Viktor Gurov
01:24 AM Bug #11966 (Resolved): Incorrect RADVD log message on HA event: After transition to the CARP BACKUP state, an incorrect message appears in the log:
"Stopping radvd instance on LAN ... Viktor Gurov
08:50 AM Feature #11957 (Pull Request Review): XMLRPC synchronization for DHCP relay settings: Jim Pingle
02:57 AM Feature #11957: XMLRPC synchronization for DHCP relay settings: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/267 Viktor Gurov
08:08 AM Todo #11943 (Pull Request Review): Add FRR package documentation links: Jim Pingle
08:04 AM Feature #11211: GUI option to set RADIUS Timeout for EAP-RADIUS: Open a fresh issue for that input validation concern, we can work on that for the next release separate from this. Jim Pingle
07:41 AM Feature #11211: GUI option to set RADIUS Timeout for EAP-RADIUS: works as expected on 21.05.r.20210526.1807 -
I can see advanced parameter in the `/var/etc/ipsec/strongswan.conf`:
... Viktor Gurov
07:48 AM Regression #11952 (Closed): Traffic matching rules with limiters is not handled by DUMMYNET: Confirmed working here as well on latest 21.05 build. I see traffic in limiter info now, and my bufferbloat score is ... Jim Pingle
12:31 AM Feature #11103 (Resolved): Use virtual link local IP address as RA source address for HA environments: works as expected on 21.05.r.20210526.1807
`AdvRASrcAddress` in `/var/etc/radvd.conf`:... Viktor Gurov

05/26/2021

03:12 PM pfSense Docs Todo #11716 (Feedback): Feedback on Network Address Translation — Port Forwards: The redirect target content on the page already covered that, actually. The PR would have added it to the destination... Jim Pingle
09:48 AM pfSense Docs Todo #11716: Feedback on Network Address Translation — Port Forwards: I have something more in-depth in mind for this than is covered by that PR. It's already on my to-do list. Jim Pingle
04:22 AM pfSense Docs Todo #11716: Feedback on Network Address Translation — Port Forwards: https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/15 Viktor Gurov
03:12 PM Regression #11952: Traffic matching rules with limiters is not handled by DUMMYNET: Issue appears resolved on 21.09.a.20210526.0100 Adam Goldberg
02:47 PM Bug #11290: Package ``<plugins>`` and ``<tabs>`` content missing from configuration in some cases: Do those have the @<type>plugin_carp</type>@ line in the /conf/config.xml file? If not, does adding it change the res... Marcos M
01:18 PM Bug #11290: Package ``<plugins>`` and ``<tabs>`` content missing from configuration in some cases: I had been wondering if this problem only popped up on systems that were upgraded from 2.4.x to 2.5.x, and maybe it w... Jeremy Utley
11:30 AM pfSense Docs Todo #11962 (Feedback): Feedback on Firewall — Aliases: Ended up rewriting most of the page:
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/b61cd856772e836b8282f8d... Jim Pingle
09:51 AM pfSense Docs Todo #11962: Feedback on Firewall — Aliases: I have some other ideas for how to mention it without it getting confused with the note mentioned there. I'll take ca... Jim Pingle
03:30 AM pfSense Docs Todo #11962: Feedback on Firewall — Aliases: https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/14 Viktor Gurov
01:24 AM pfSense Docs Todo #11962 (Resolved): Feedback on Firewall — Aliases: *Page:* https://docs.netgate.com/pfsense/en/latest/firewall/aliases.html
*Feedback:*
Note that wildcard hostnam... Viktor Gurov
10:57 AM pfSense Packages Bug #11965 (Resolved): Avahi service started twice by /etc/rc.start_package: Similar to Bug #11887. Avahi tries to start twice on boot.
May 26 11:56:16 avahi-daemon 35721 Failed to create PID... Steve Harrington
09:26 AM Feature #11957: XMLRPC synchronization for DHCP relay settings: I would not condone running both at once for a variety of reasons. It may appear to function acceptably in your speci... Jim Pingle
09:02 AM Feature #11957: XMLRPC synchronization for DHCP relay settings: Viktor Gurov wrote:
> It's not possible to bind DHCP Relay daemon to CARP interface.
> without this, how to determi... Anonymous
01:34 AM Feature #11957: XMLRPC synchronization for DHCP relay settings: It's not possible to bind DHCP Relay daemon to CARP interface.
without this, how to determine which DHCP Relay node ... Viktor Gurov
07:40 AM pfSense Packages Bug #11964 (Resolved): pfBlocker XMLRPC sync CARP interface advskew: https://forum.netgate.com/topic/163709/dns-resolver-not-listening-on-lan-carp-vip-after-update-to-2-5-1/8:... Viktor Gurov
04:13 AM pfSense Packages Feature #11963 (New): Dynamically change OSPF interface costs on selected interfaces on CARP event: In order to improve uptime in HA environments, use a mechanism to dynamically change OSPF interface costs on selected... Viktor Gurov
01:17 AM pfSense Packages Bug #11961 (Resolved): FRR OSPF add unwanted area 0 authentication to router ospf: I have a configuration where one interface has a simple authentication
The area 0 does not have an authentication,... Damiano Bolla

05/25/2021

05:14 PM Revision 360ed166: Toggle-rule rename var for consistency: Steve Beaver
05:13 PM Revision b86f6fe9: Toggle-rule returns new ruke status: Steve Beaver
01:40 PM Regression #11775: State counters not updating and always show 0/0 since last few updates: The 21.09 pkg repositories are accessible as far as I can see. If there is a problem updating, it might be branch spe... Jim Pingle
01:27 PM Regression #11775: State counters not updating and always show 0/0 since last few updates: Jim Pingle wrote:
> If you update to a current build, it includes the fix now. There isn't a reliable way to update ... Craig Weber
12:43 PM Regression #11775: State counters not updating and always show 0/0 since last few updates: If you update to a current build, it includes the fix now. There isn't a reliable way to update just the module that ... Jim Pingle
12:36 PM Regression #11775: State counters not updating and always show 0/0 since last few updates: Jim Pingle wrote:
> It cannot be fixed with a patch in the GUI package, it was a problem in the pfSense module.
>
... Craig Weber
11:19 AM Regression #11775: State counters not updating and always show 0/0 since last few updates: It cannot be fixed with a patch in the GUI package, it was a problem in the pfSense module.
https://github.com/pfs... Jim Pingle
10:57 AM Regression #11775: State counters not updating and always show 0/0 since last few updates: Jim Pingle wrote:
> Excluding from release notes since it was a problem introduced by changes after the last release... Craig Weber
10:54 AM Regression #11775: State counters not updating and always show 0/0 since last few updates: Excluding from release notes since it was a problem introduced by changes after the last release. Jim Pingle
01:06 PM Revision 95b6415a: ipsec: Simplify logic: Renato Botelho
01:06 PM Revision 5f530364: ipsec: Use correct variable name: Renato Botelho
01:06 PM Revision 3d738e68: ipsec: Remove unneeded references on parameters: Renato Botelho
01:06 PM Revision 6ce3ef38: ipsec: Normalize ipsec_lookup_phase1(): - $ph2ent doesn't need to be a pointer
- Return true when $ph1ent is found since $ph1ent is a pointer and is
filled... Renato Botelho
12:15 PM Bug #11290 (New): Package ``<plugins>`` and ``<tabs>`` content missing from configuration in some cases: For some reason my primary node doesn't have a `plugin_carp` config.xml entry for FRR,
secondary is OK:... Viktor Gurov
11:16 AM Bug #11960 (Feedback): Gateway Monitoring Traffic Goes Out Default Gateway: This sounds similar to #11296 or another routing issue that was fixed already -- please re-test on a development snap... Jim Pingle
11:11 AM Bug #11960 (Resolved): Gateway Monitoring Traffic Goes Out Default Gateway: I'm using pfSense Plus 21.02.2 with a SG-3100 and XG-7100 1U. On both systems, I have dual WAN connections with gatew... James Blanton
10:55 AM Regression #11857: Match rules cause pf error parsing rules: Excluding from release notes since it was a problem introduced by changes after the last release. Jim Pingle
10:54 AM Regression #11839: Panic on 21.05/2.6.0 snapshots when memory usage is high: Excluding from release notes since it was a problem introduced by changes after the last release. Jim Pingle
10:52 AM Regression #11945: Incorrect VTI interface creation: Excluding from release notes since it was a regression in code added after the last release. Jim Pingle
09:58 AM Regression #11952: Traffic matching rules with limiters is not handled by DUMMYNET: Relevant commits:
https://github.com/pfsense/FreeBSD-src/commit/b9ec0795d21f2e93d59e6ee5e7d4fa7e1ae0cb1c
https://... Jim Pingle
09:57 AM Regression #11952 (Feedback): Traffic matching rules with limiters is not handled by DUMMYNET: PR with a fix was merged into src branches, will be in builds soon.
Updated the subject to better reflect what the... Jim Pingle
09:14 AM Bug #11959 (Pull Request Review): PPP interfaces lose the description field in ``ifconfig`` output when restarted: Jim Pingle
07:37 AM Bug #11959: PPP interfaces lose the description field in ``ifconfig`` output when restarted: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/266 Viktor Gurov
07:27 AM Bug #11959 (Resolved): PPP interfaces lose the description field in ``ifconfig`` output when restarted: The interface description field (#1557) is lost after running the `pppoe_restart` script:
before:... Viktor Gurov
08:58 AM Bug #11946 (Pull Request Review): Custom value for AutoConfigBackup schedule Hours is not shown when loading the settings page: Jim Pingle
12:50 AM Bug #11946: Custom value for AutoConfigBackup schedule Hours is not shown when loading the settings page: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/265 Viktor Gurov
08:34 AM Feature #11957: XMLRPC synchronization for DHCP relay settings: Each issue should be limited in scope to one specific request. I've changed this to refer only to DHCP Relay. Feel fr... Jim Pingle
03:59 AM Feature #11957: XMLRPC synchronization for DHCP relay settings: see also #2593 Viktor Gurov
07:21 AM Bug #11629: PPPoE WAN IP address different than expected when set static by ISP: Jim Pingle wrote:
> Perhaps this is another variation of #11545 and not a unique issue
This could be an another i... Viktor Gurov
04:10 AM Bug #11958: Multi-wan Azure Dyndns updates not working when primary WAN is unplugged: Neel Patel wrote:
> I have already raised this issue on the Netgate forum - https://forum.netgate.com/topic/163937/m... Viktor Gurov
04:02 AM Bug #8096 (Duplicate): Special characters not propagated by the config sync engine: fixed in #1478 Viktor Gurov
12:36 AM Feature #11954: Multicast limits: see MAXVIFS issue #10909
and https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=251047
Viktor Gurov

05/24/2021

08:59 PM Bug #11734: NAT rule overlap detection is inconsistent: Adding more details here; currently:
It's possible for rules with overlapping ports to be saved when the destinati... Marcos M
07:45 PM Bug #11958 (Duplicate): Multi-wan Azure Dyndns updates not working when primary WAN is unplugged: I have already raised this issue on the Netgate forum - https://forum.netgate.com/topic/163937/multi-wan-azure-dyndns... Neel Patel
05:06 PM Feature #11957 (Resolved): XMLRPC synchronization for DHCP relay settings: Configuration synchronization (XMLRPC) does not replicate the configuration of DHCP relay. Why?
In the same kind b... Anonymous
05:03 PM Feature #11956 (New): "add" button in the top of pages with many user-added items: In Interfaces > Assignments | VLANs, Firewall > Aliases | NAT | Rules | Virtual IPs, it's possible to add the "Add" b... Anonymous
05:01 PM Bug #11955 (Rejected): Cannot disable startup beep without configuring e-mail notifications: On fresh install, in System > Advanced > Notifications (/system_advanced_notifications.php), I only check "Disable th... Anonymous
04:57 PM Feature #11954 (New): Multicast limits: On my two XG-1541, I have configured 1 LAGG, 67 VLANs on this LAGG, 67 networks interfaces and I want to use inter-VL... Anonymous
04:55 PM Bug #11953 (Ready To Test): XG-1541 crashes when igmpproxy is enabled and network interfaces status change: On my two XG-1541, I have configured 1 LAGG, 67 VLANs on this LAGG, 67 networks interfaces and I have enabled igmppro... Anonymous
11:21 AM Regression #11952: Traffic matching rules with limiters is not handled by DUMMYNET: Thanks for the fast response, Jim. I believe this to be a different problem. The rules are indeed being matched as th... Adam Goldberg
11:16 AM Regression #11952: Traffic matching rules with limiters is not handled by DUMMYNET: It's unlikely the negate rules would be hit unless nothing else matched (note that they lack @quick@)
Another way ... Jim Pingle
10:45 AM Regression #11952: Traffic matching rules with limiters is not handled by DUMMYNET: Could it be possible that the auto-added NETGATE rules, which have higher precedence, are overriding the USER limiter... Adam Goldberg
10:25 AM Regression #11952 (Closed): Traffic matching rules with limiters is not handled by DUMMYNET: Traffic limiters have no effect when applied in 21.05 or 21.09 in a multi-wan environment.
3 ISPs - each 1Gbit up ... Adam Goldberg
11:14 AM Regression #11570 (Feedback): Gateway monitoring services is not always restarted on interface events, which may prevent a WAN from recovering back to an online state: Jim Pingle
10:59 AM Regression #11570: Gateway monitoring services is not always restarted on interface events, which may prevent a WAN from recovering back to an online state: It would seem this is fixed on 2.5.1/2.6 according to the comment on #11805
>Hi, just want to report its working fin... Marcos M
10:02 AM Regression #11545: Primary interface address is not always used when VIPs are present: This only seems to affect VPN tunnels where I assume the interface IP is read directly from the interface causing the... Steve Wheeler
10:00 AM Bug #11893: IPsec Dashboard widget only displays first P2 subnet when using a single traffic selector: This issue still appears for me on 21.09.a.20210524.0100. Let me know what other specific information I can provide, ... Adam Goldberg
09:02 AM Regression #11805: Port forward rules only function through the default gateway interface, ``reply-to`` does not work for Multi-WAN (CE Only): Tom Davis wrote:
> Hi, just want to report its working fine now for me using the latest dev CE version 2.6.0.a.20210... Vikash Jhagroe
08:55 AM Regression #11805: Port forward rules only function through the default gateway interface, ``reply-to`` does not work for Multi-WAN (CE Only): Hi, just want to report its working fine now for me using the latest dev CE version 2.6.0.a.20210524.0100
More detai... Tom Davis
07:40 AM pfSense Packages Bug #11886 (Feedback): WireGuard: PHP error in vpn_wg_peers_edit.php: Jim Pingle
07:40 AM pfSense Packages Bug #11892 (Feedback): WireGuard: dpinger does not start correctly on a WireGuard gateway at boot: Jim Pingle
07:40 AM Bug #11949 (Not a Bug): LAGG/LACP with GIF 6to4 tunnel is broken: Not enough evidence here to conclude that it's a bug in FreeBSD or pfSense. You could test it further by not enabling... Jim Pingle
07:35 AM pfSense Packages Feature #11948 (Pull Request Review): ACME: Support specifying non-default port for nsupdate DNS validation method: Jim Pingle
07:34 AM pfSense Packages Feature #11186 (Closed): Allow lo0/Loopback as a valid interface in OSPF/OSPF6: Jim Pingle
07:18 AM pfSense Packages Bug #11950: Wireguard Package Errors and DNS problem: Christian McDonald wrote:
> I'm not able to replicate the DNS issue, but I might not be completely understanding you... RED SKULL
07:14 AM pfSense Packages Bug #11950: Wireguard Package Errors and DNS problem: I'm not able to replicate the DNS issue, but I might not be completely understanding your configuration.
Can you t... Christian McDonald
02:48 AM Bug #11951 (Closed): IPsec status fails when many tunnels are connected: How to reproduce:
1. Set wan address 172.16.1.2/24.
2. Create IPSEC IKEv1 P1 with remote 172.16.1.3 and 11 P2 tun... Maxim A

05/23/2021

05:07 PM Bug #10800: Multi WAN Load Balancing does not work on 2.5.0.a.20200729.0650: I am also experiencing the same issue. Failover works, but load balancing does not work -- all packets go through the... Layla Mah
12:05 PM pfSense Packages Bug #11950: Wireguard Package Errors and DNS problem: I actually caught the flock and fclose bugs last night and have them resolved. I will be submitting a PR tonight or t... Christian McDonald
08:22 AM pfSense Packages Bug #11950 (Resolved): Wireguard Package Errors and DNS problem: Updated from Wireguard Package version 0.0.8 to 0.1.1 and receive the following error after every reboot:
@
Crash r... RED SKULL
08:19 AM pfSense Packages Bug #11886: WireGuard: PHP error in vpn_wg_peers_edit.php: Fixed in https://github.com/pfsense/FreeBSD-ports/pull/1064 Christian McDonald
08:18 AM pfSense Packages Bug #11892: WireGuard: dpinger does not start correctly on a WireGuard gateway at boot: Fixed in https://github.com/pfsense/FreeBSD-ports/pull/1064 Christian McDonald
12:27 AM Bug #11949 (Not a Bug): LAGG/LACP with GIF 6to4 tunnel is broken: I'm running 21.02.2-RELEASE on a Netgate SG-8860.
I have a working he.net TunnelBroker tunnel which works fine wit... Scott Johnson

05/22/2021

08:57 PM Bug #11923 (Resolved): Input validation not working for 1:1 NAT entries using an alias as a destination: I was able to add and modify 1:1 NAT with a destination alias without errors.
Fixed
2.6.0.a.20210522.0100 Alhusein Zawi
02:00 PM Bug #11769 (Resolved): Sanitize Captive Portal RADIUS MAC secret in status output: Tested in
2.6.0-DEVELOPMENT (amd64)
built on Sat May 22 01:04:36 EDT 2021
FreeBSD 12.2-STABLE
radmac_secret ... Max Leighton
01:23 PM Regression #11545: Primary interface address is not always used when VIPs are present: Ran into this again today on a pfSense Plus 21.02.2 upgrade. Had to do the following to fix it:
1. Save the VIP b... Kris Phillips
11:04 AM pfSense Packages Bug #11525: pfsense 2.5.0 release version for vlan issue to suricata: # Does this happen only on VLAN interfaces; have you tried non-vlan interfaces?
# Are you using vmxnet3 or something... Marcos M

05/21/2021

09:56 PM pfSense Packages Feature #11948 (Closed): ACME: Support specifying non-default port for nsupdate DNS validation method: Hi,
I've just submitted a new PR (https://github.com/pfsense/FreeBSD-ports/pull/1067) adding support for non-defau... Pablo Ruiz
09:43 PM pfSense Packages Feature #11186: Allow lo0/Loopback as a valid interface in OSPF/OSPF6: lo0/Loopback is added as interface in OSPF Alhusein Zawi
05:30 AM pfSense Packages Feature #11186 (Feedback): Allow lo0/Loopback as a valid interface in OSPF/OSPF6: Merged four month ago Viktor Gurov
08:00 PM Bug #11939 (Resolved): Editing widgets on Dashboard causes a PHP Warning: Tested on
2.6.0-DEVELOPMENT (amd64)
built on Fri May 21 01:05:01 EDT 2021
FreeBSD 12.2-STABLE
Editing widget... Max Leighton
12:20 PM Bug #11939 (Feedback): Editing widgets on Dashboard causes a PHP Warning: This was picked back yesterday. Jim Pingle
07:15 PM Bug #11946: Custom value for AutoConfigBackup schedule Hours is not shown when loading the settings page: Jim Pingle wrote:
> When ACB is set to use a schedule on @services_acb_settings.php@, a the hour value from config.x... Michael Spears
01:18 PM Bug #11946 (Closed): Custom value for AutoConfigBackup schedule Hours is not shown when loading the settings page: When ACB is set to use a schedule on @services_acb_settings.php@, a the hour value from config.xml is not populated o... Jim Pingle
05:55 PM Revision 6693812a: Add missing vars to applyVIP(). Fixes #11723: Jim Pingle
04:39 PM Revision 6df902ac: IPsec ipsec_create_vtimap() fix. Issue #11945: Viktor Gurov
03:12 PM Bug #6880: Multiple DHCP6 WAN connections leads to multiple dhcp6c clients: I am using this dirty fix (plus a manually generated config file specified for both interfaces in the Webinterfaces),... Flole Systems
01:25 PM Bug #9887 (New): Rule separator positions change when deleting multiple rules: Still broken but not a blocker so moving forward. The scenario in my first test "sep-test1" is OK. The second scenari... Jim Pingle
01:21 PM Feature #10811 (Closed): Randomize time of scheduled AutoConfigBackup runs: This looks OK to me. The minute value in the GUI is random when the page loads when unset, but static once saved.
... Jim Pingle
01:19 PM Regression #11723: Virtual IP addresses are only added to interfaces after reboot: Picked back to 21.05 as well. Jim Pingle
01:05 PM Regression #11723 (Feedback): Virtual IP addresses are only added to interfaces after reboot: Applied in changeset commit:6693812aff9ca84a8d05ac327adb726450c0b18f. Jim Pingle
12:54 PM Regression #11723 (New): Virtual IP addresses are only added to interfaces after reboot: This is still broken, but has a quick/easy fix. Jim Pingle
01:11 PM Feature #7092 (Closed): Kernel modules for alternate congestion control algorithms: Modules are all there on current builds (CE and Plus):... Jim Pingle
01:08 PM Todo #11518 (Closed): Move custom IPsec NAT-T port settings to Advanced Options: Looks good on current build Jim Pingle
12:58 PM Todo #11518: Move custom IPsec NAT-T port settings to Advanced Options: Tested on 21.5.
Looks good. Danilo Zrenjanin
01:06 PM Regression #11510 (Closed): ARP Table populates hostname values using expired DHCP lease data: This looks good on current builds on the system where I could reproduce it before. Jim Pingle
01:00 PM Bug #11688 (Closed): Disabling all interfaces associated with a floating rule causes the firewall to generate an incorrect pf rule: This is working as expected on current builds. Jim Pingle
12:45 PM Regression #11787 (Closed): Thermal sensors widget no longer shows values from certain hardware: This is good now. The other devices are being included. I don't have a Chelsio card to check but given that the other... Jim Pingle
12:44 PM Bug #11801 (Closed): PHP error in ``upgrade_212_to_213()`` when upgrading certain IPsec tunnels: Should be fine now, if anyone else has a problem, can reopen. Jim Pingle
12:41 PM Regression #11819 (Closed): MAC address OEM information missing from ARP table: Info is present on current snaps Jim Pingle
12:40 PM Todo #11844 (Closed): Update OpenVPN to 2.5.2: In current builds and working. Jim Pingle
12:37 PM Bug #11859 (Closed): PHP error on certificate list due to unreadable private key: No errors with a corrupt key on current snapshot. Jim Pingle
12:29 PM Bug #11861 (Closed): Error loading rules in certain cases where an interface is temporarily without an address: This has not recurred for me since the fix went in. Calling it solved. Jim Pingle
12:28 PM Todo #11914 (Resolved): Allow reroot on ZFS from console and GUI reboot menu entries: In and wokring Jim Pingle
12:21 PM Todo #11684: Set ``explicit-exit-notify`` option by default for new OpenVPN server instances: Moving ahead. Jim Pingle
12:20 PM Bug #11922: Certificate manager reports CA as in use by an LDAP server when LDAP is not configured for TLS: Moving ahead. Jim Pingle
12:12 PM Regression #11945 (Feedback): Incorrect VTI interface creation: PR has been merged. Thanks! Renato Botelho
11:40 AM Regression #11945: Incorrect VTI interface creation: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/263 Viktor Gurov
11:39 AM Regression #11945 (Closed): Incorrect VTI interface creation: How to reproduce:
1) Clean install
2) Create IPsec with VTI Phase 2
3) Check config.xml - you'll see:... Viktor Gurov
11:56 AM pfSense Packages Bug #11680 (Resolved): Saving HAProxy FrontEnd description with umlauts causes configuration restore: Tested on the latest development release.
haproxy-devel 0.62_3
All characters can be used in the description ... Danilo Zrenjanin
08:04 AM pfSense Packages Feature #10739 (Pull Request Review): Update HAproxy-devel package to 2.2 and HAproxy to 2.0: Jim Pingle
05:04 AM pfSense Packages Feature #10739: Update HAproxy-devel package to 2.2 and HAproxy to 2.0: http-after-response and http-request_replace-path actions support:
https://github.com/pfsense/FreeBSD-ports/pull/1070 Viktor Gurov
08:03 AM pfSense Packages Bug #11491 (Pull Request Review): haproxy-devel v0.62_2 - startup error 'httpchk': Jim Pingle
03:24 AM pfSense Packages Bug #11491: haproxy-devel v0.62_2 - startup error 'httpchk': fix:
https://github.com/pfsense/FreeBSD-ports/pull/1069 Viktor Gurov
08:01 AM Todo #11943: Add FRR package documentation links: Not a bug since they didn't exist before.
Probably need to start thinking of a way to have an xml tag and/or plugi... Jim Pingle
12:56 AM Todo #11943: Add FRR package documentation links: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/262 Viktor Gurov
07:58 AM pfSense Packages Feature #10779 (Pull Request Review): HAProxy SSL/TLS Compatibility Mode: Jim Pingle
12:21 AM pfSense Packages Feature #10779 (New): HAProxy SSL/TLS Compatibility Mode: DRago_Angel [InV@DER] wrote:
> [...]
> Hi, need update to use ssl-min-ver & ssl-max-ver as mentioned at https://red... Viktor Gurov
07:48 AM Regression #11775: State counters not updating and always show 0/0 since last few updates: Looks good here, too, on the following snapshots:
* Plus snapshot pfSense-21.05.r.20210520.1515
* CE snapshot 2.6... Jim Pingle
05:09 AM Regression #11775 (Resolved): State counters not updating and always show 0/0 since last few updates: Renato Botelho
02:55 AM Regression #11775: State counters not updating and always show 0/0 since last few updates: 2.6.0.a.20210520.0100 -> 2.6.0.a.20210521.0100
Fixed in all instances M Felden
02:52 AM Regression #11775: State counters not updating and always show 0/0 since last few updates: Kris Phillips wrote:
> Confirmed working in latest snapshot. Attached screenshot. This can be closed as resolved.
... Craig Weber
07:43 AM pfSense Plus Bug #11942 (Not a Bug): Disconnecting WAN Interface Kills OpenVPN Servers on Other Interfaces: Not enough information here to rule out a configuration problem. In certain cases the behavior you describe is expect... Jim Pingle
05:28 AM pfSense Packages Bug #11094 (Not a Bug): HAProxy Stick on SSL-Session-ID Doesn't Work: The Frontend type must be "ssl / https(TCP mode)" for this feature to work. Viktor Gurov
12:57 AM pfSense Docs Todo #11944 (Closed): Feedback on Packages — FRR Package — Bidirectional Forwarding Detection: *Page:* https://docs.netgate.com/pfsense/en/latest/packages/frr/bfd/index.html
*Feedback:*
There is no "BFD Sta... Viktor Gurov
12:23 AM Bug #9821: pfSense IPsec not reload configs on connectivity issues with DDNS: DRago_Angel [InV@DER] wrote:
> Jim Pingle wrote:
> > IPsec with DDNS works fine for many users (myself included) --... Viktor Gurov

05/20/2021

08:27 PM Regression #11775: State counters not updating and always show 0/0 since last few updates: Confirmed working in latest snapshot. Attached screenshot. This can be closed as resolved. Kris Phillips
12:57 PM Regression #11775 (Feedback): State counters not updating and always show 0/0 since last few updates: Fixed the PHP module. It was returning only the last rule of the list.
Fixed in php74-pfSense-module-0.70. Luiz Souza
10:29 AM Regression #11775: State counters not updating and always show 0/0 since last few updates: Also not fixed in May 20 build, confirming what Nick K has found. Kris Phillips
10:11 AM Regression #11775: State counters not updating and always show 0/0 since last few updates: I second the Kris response. I am updated to the latest on both my CE and Plus devices and seeing the same issues afte... Nick K
06:43 PM Todo #11943 (Resolved): Add FRR package documentation links: Clicking on Help icon "?" in FRR tabs does not go to FRR documents
https://docs.netgate.com/pfsense/en/latest/packa... Alhusein Zawi
03:55 PM pfSense Plus Bug #11942 (Not a Bug): Disconnecting WAN Interface Kills OpenVPN Servers on Other Interfaces: Netgate SG-2100
21.02.2-RELEASE (arm64)
I have a cable modem plugged into WAN getting a DHCP address from a provi... Web Dawg
03:22 PM Feature #11935 (Pull Request Review): Log external IP address of OpenVPN clients on connect and disconnect: Jim Pingle
02:51 AM Feature #11935: Log external IP address of OpenVPN clients on connect and disconnect: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/260 Viktor Gurov
03:04 PM Revision 2ac5f4ae: Fix PHP error when changing Sys Info Widget. Fixes #11939: Avoid attempting to use $crypto when it's empty/undefined. Jim Pingle
02:46 PM Regression #11857 (Closed): Match rules cause pf error parsing rules: Match rules are also working on 2.6.0.a.20210520.0100 -- closing. Jim Pingle
02:42 PM Regression #11938 (Pull Request Review): DNS Resolver does not add PTR record for OpenVPN clients: Jim Pingle
05:47 AM Regression #11938: DNS Resolver does not add PTR record for OpenVPN clients: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/261 Viktor Gurov
02:05 AM Regression #11938 (Resolved): DNS Resolver does not add PTR record for OpenVPN clients: After changes in #11129 openvpn.learn-address.sh uses the 'unbound-control local_data' command to add client A/AAAA D... Viktor Gurov
02:32 PM Regression #11910: IPsec status tunnel descriptions are incorrect: Renato said the fix for this will need to wait for the next release Jim Pingle
02:21 PM Regression #11550 (Feedback): Segmentation fault when loading ALTQ traffic shaping rules using FAIRQ: Kristof committed a potential fix for this, needs tested. If it's still an issue, set target ahead to 21.09. Jim Pingle
01:44 PM pfSense Packages Bug #11838: FRR ospf6d consumes all available memory+swap after an interface event: I reported this upstream to FRR: https://github.com/FRRouting/frr/issues/8711 Jim Pingle
01:43 PM Regression #11839 (Closed): Panic on 21.05/2.6.0 snapshots when memory usage is high: I've been aggressively attempting to crash the latest builds of 21.05 and 2.6.0 which include the fixes for this prob... Jim Pingle
06:26 AM Regression #11839: Panic on 21.05/2.6.0 snapshots when memory usage is high: I believe these crashes all share the same root cause, which is that we (in certain places) mis-use the rule/state co... Kristof Provost
12:59 PM Revision 8aa8f78e: 1:1 NAT IPsec/OpenVPN/L2TP/PPPoE and interface groups input validation extra 2.6 fix. Issue #11751: Viktor Gurov
12:54 PM Revision 04857433: NAT 1:1 destination alias validation. Fixes #11923: Viktor Gurov
12:38 PM Bug #11762 (Resolved): Invalid combinations of TCP flag matching options cause ``pfctl`` parser error: Tested on the latest release. It looks good.
Ticket resolved. Danilo Zrenjanin
11:29 AM pfSense Packages Bug #11937 (Pull Request Review): HAproxy "Use Client-IP" option breaks Captive Portal: Jim Pingle
11:21 AM pfSense Packages Bug #11937: HAproxy "Use Client-IP" option breaks Captive Portal: fix:
https://github.com/pfsense/FreeBSD-ports/pull/1066 Viktor Gurov
07:19 AM pfSense Packages Bug #11937: HAproxy "Use Client-IP" option breaks Captive Portal: That option is almost certainly incompatible with Captive Portal, but if there is a way to make it work, it would hav... Jim Pingle
10:13 AM Bug #11939 (Waiting on Merge): Editing widgets on Dashboard causes a PHP Warning: Tested on 2.6.0 and 21.05, was able to reproduce the error before but not with the fix applied. Fix is in master and ... Jim Pingle
10:10 AM Bug #11939 (Feedback): Editing widgets on Dashboard causes a PHP Warning: Applied in changeset commit:2ac5f4ae7424349dd977a806ebc84d56affc2f17. Jim Pingle
09:57 AM Bug #11939: Editing widgets on Dashboard causes a PHP Warning: It may still function but that is rather ugly. Jim Pingle
08:03 AM Bug #11939: Editing widgets on Dashboard causes a PHP Warning: Note that it does work 100 % even though it throws a warning. T Toft
08:01 AM Bug #11939 (Resolved): Editing widgets on Dashboard causes a PHP Warning: Editing widgets on the Dashbord page causes "PHP Warning: Invalid argument supplied" errors.
To reproduce:
- Go ... T Toft
08:41 AM Bug #11941 (Resolved): Many ``exec()`` functions do not use full path to executable files: Here's a list:... Viktor Gurov
08:05 AM Bug #11923 (Feedback): Input validation not working for 1:1 NAT entries using an alias as a destination: Applied in changeset commit:04857433ff068382f75340e140a60c5acbd1e69c. Viktor Gurov
08:04 AM Bug #11940 (Not a Bug): Fix return logic on sigkillbypid: PR : https://github.com/pfsense/pfsense/pull/4521 Christian McDonald

05/19/2021

10:12 PM Regression #11775: State counters not updating and always show 0/0 since last few updates: Was asked to test the latest release, as some counters were supposedly fixed in another part of the UI that may be re... Kris Phillips
07:52 PM Regression #11839: Panic on 21.05/2.6.0 snapshots when memory usage is high: Thanks. The majority of these are associated with the pf counter_u64 issue (anything with pf in the traceback).
Ho... Peter Grehan
10:04 AM Regression #11839: Panic on 21.05/2.6.0 snapshots when memory usage is high: Adding a few more I collected from a few misc installs during testing (some were deliberate crashes, others happened ... Jim Pingle
06:59 PM Revision d2eee7c8: Refactor firewall_nat_out for MVC: Steve Beaver
06:29 PM pfSense Packages Bug #11937 (Feedback): HAproxy "Use Client-IP" option breaks Captive Portal: Devices can access https sites without authenticating via Captive portal.
Enabling 'Use Client-IP to connect to back... David Quinn
02:59 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: As posted to https://forum.netgate.com/topic/163854/sg-3100-crash-on-upgrade-restore-when-using-url-tables-and-openvp... Arthur Wiebe
01:58 PM pfSense Packages Bug #11822 (Feedback): Upgrade ClamAV to 0.103.2: clam-av is on the required version in pfSense Plus 21.05. This is expected to be the same in 2.5.2.
On 21.05:
... Kris Phillips
10:44 AM Regression #11316 (Feedback): Unbound crashes with signal 11 when reloading: I've imported https://github.com/NLnetLabs/unbound/commit/ff6b527184b33ffe1e2b643db8a32fae8061fc5a into our devel bra... Renato Botelho
08:43 AM Feature #11935: Log external IP address of OpenVPN clients on connect and disconnect: The syslog entries are called on /etc/inc/openvpn.auth-user.php around lines 120 & 163 ("could not authenticate" & "a... Michael Novotny
07:51 AM Feature #11935: Log external IP address of OpenVPN clients on connect and disconnect: In theory it should be possible, but would need validation to ensure it works as desired.
The data should be avail... Jim Pingle
07:48 AM Feature #11935: Log external IP address of OpenVPN clients on connect and disconnect: Attached is what the syslog entry from graylog. Michael Novotny
07:43 AM Feature #11935 (Resolved): Log external IP address of OpenVPN clients on connect and disconnect: Would it be possible to add the IP address of the user when they are authenticated? This would assist with doing gra... Michael Novotny
08:12 AM pfSense Packages Bug #11936 (Incomplete): FRR does not connect BGP when using password: There isn't nearly enough information here to speculate about a cause. "It doesn't work" is not a complete bug report... Jim Pingle
08:09 AM pfSense Packages Bug #11936 (Incomplete): FRR does not connect BGP when using password: Unsecured BGP sessions work fine, however password protected BGP sessions which previously worked fine no longer work... Clint Guillot
07:58 AM Bug #11818 (Pull Request Review): Mixed use of aliases in a port range produces unloadable ruleset: Jim Pingle
04:59 AM Bug #11818: Mixed use of aliases in a port range produces unloadable ruleset: extra input validation:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/258 Viktor Gurov
07:43 AM Regression #11857: Match rules cause pf error parsing rules: match rules load OK on pfSense Plus snapshot 21.05.r.20210519.0300, there isn't a new CE snapshot yet that has the fi... Jim Pingle
05:44 AM Feature #9341: Support DNS Made Easy authentication without a username: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/259 Viktor Gurov
05:04 AM Feature #9262 (Duplicate): Strongswan DHCP plugin: duplicate of #8168 Viktor Gurov
04:05 AM pfSense Packages Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port: Combined with the duplicate-cn option, this problem is actually pretty bad. (At least I suspect we're having the sam... Harm V

05/18/2021

04:02 PM Regression #11839: Panic on 21.05/2.6.0 snapshots when memory usage is high: There are 3 signatures in the panics: I'd be interested in seeing more.
The KVM one is possibly fixed in FreeBSD-c... Peter Grehan
03:07 PM Regression #11839: Panic on 21.05/2.6.0 snapshots when memory usage is high: The attached configuration when loaded on a VM with 512MB of RAM can reproduce the panic reliably but with some varia... Jim Pingle
02:37 PM Bug #11934: IPSEC stops working on 2.5.1 running on Watchguard XTM 5: Apologies, it’s on the forum under IPSEC, someone else running same HW recorded same info, no other responses.
T... Paul Kennedy
02:29 PM Bug #11934: IPSEC stops working on 2.5.1 running on Watchguard XTM 5: We don't claim to officially support that hardware, so if it's hardware specific, there is nothing Netgate/pfSense ca... Jim Pingle
02:27 PM Bug #11934: IPSEC stops working on 2.5.1 running on Watchguard XTM 5: Sorry Jim, but thought that this was a bug - related to the 2.5.1 running on a specific hardware.....
Works fine o... Paul Kennedy
02:20 PM Bug #11934 (Not a Bug): IPSEC stops working on 2.5.1 running on Watchguard XTM 5: This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
02:15 PM Bug #11934 (Not a Bug): IPSEC stops working on 2.5.1 running on Watchguard XTM 5: I currently have 4 sites that were all running 2.4.5p1 pfSense with IPSEC connecting all together without any major i... Paul Kennedy
02:17 PM Revision 43f77699: Further simplify update check: Steve Beaver
02:13 PM Revision cbd12cad: Revise update check JSON format: Steve Beaver
01:39 PM pfSense Packages Bug #10937: HAProxy frontend and backend entry limit: Error still present on 21.02.2 using haproxy-devel.
Tested on 21.09.a.20210517.0100 and the issue persists, but ph... Marcos M
01:29 PM Bug #11897 (Closed): Language presented to user during upgrade is misleading: This looks good to me now.
Jim Pingle
01:21 PM Revision a343fe6c: Revert "IPsec Mobile EAP-RADIUS additional configuration fix. Issue #11447": This reverts commit b19bb32453fb69fe6ff4d340ff51f1a898bfc5b2. Jim Pingle
01:19 PM Revision 4dd71873: Back out recent changes in mobile IPsec: These changes led to the pool failing to load and thus clients could not
connect. Will revisit for future releases. A... Jim Pingle
12:47 PM Bug #11370 (Closed): firewall_aliases_edit.php is limited in the number of input entries it can save to an alias: This was originally tested with 2.4.5p1 and 2.5.0 iirc.
I can no longer reproduce this on 21.02.2, 21.05-RC, nor 2... Marcos M
12:30 PM Revision a33c0d88: Revert changes for issue #11091: Jim Pingle
12:10 PM Bug #9459: patch pf: silence a runtime warning pfr_update_stats: assertion failed.: I got same issue and i can confirm that after disabling nat reflection errors are gone.
Enabling it again, after s... Gerson Barreiros
11:01 AM Bug #4893 (Pull Request Review): Error loading rules when URL Table Ports content is empty: Jim Pingle
09:23 AM Bug #4893: Error loading rules when URL Table Ports content is empty: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/257 Viktor Gurov
10:48 AM Bug #11863 (Pull Request Review): Unable to create nested URL aliases: Jim Pingle
04:24 AM Bug #11863: Unable to create nested URL aliases: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/256
see also #1603 Viktor Gurov
10:47 AM Feature #10587 (Pull Request Review): UPnP/NAT-PMP STUN configuration options: Jim Pingle
02:41 AM Feature #10587: UPnP/NAT-PMP STUN configuration options: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/255 Viktor Gurov
10:15 AM Regression #11857 (Feedback): Match rules cause pf error parsing rules: Commit was merged, will test once it's in a build. Jim Pingle
06:47 AM Regression #11857: Match rules cause pf error parsing rules: Confirmed, and tracked down to a merge conflict. Fix pushed to the development branches, and merge request opened for... Kristof Provost
08:31 AM Bug #11891 (New): strongSwan configuration contains incorrect structure for mobile pool DNS records: Jim Pingle
08:24 AM Bug #11891: strongSwan configuration contains incorrect structure for mobile pool DNS records: Reverted RADIUS-specific parts of the change here for now, it was causing the configuration to fail. Can try again be... Jim Pingle
08:24 AM Regression #11447 (New): EAP-RADIUS Mobile IPsec clients with RADIUS-assigned addresses do not get additional configuration attributes: Reverted changes for now, they were causing the configuration to fail. Can try again before the next release. Jim Pingle
08:17 AM Bug #11091 (New): Interfaces set as disabled in the configuration have an UP status in the operating system at boot: Per discussion on the PR, all the changes have been reverted.
Can try alternate approaches for the next release. Jim Pingle
08:03 AM Regression #11550: Segmentation fault when loading ALTQ traffic shaping rules using FAIRQ: This is an upstream FreeBSD bug, and is reproducible with the following pf.conf on a recent FreeBSD/main:
> altq o... Kristof Provost

05/17/2021

03:54 PM Todo #11933 (Resolved): PC/SC Smart Card Daemon ``pcscd`` running on all devices at all times, should be optional: In 2.5.0/21.02 we added the @pcscd@ service to builds for #9878 and it gets run at startup in all cases to handle cer... Jim Pingle
02:58 PM Bug #11932: undefined function watchdogd_enabled: It was in Factory before Plus, it's nothing new. It's been around for years. Filesystem corruption or similar failure... Jim Pingle
02:52 PM Bug #11932: undefined function watchdogd_enabled: Ah, yes, I see it there in the base tar (https://firmware.netgate.com/pkg/pfSense_plus-v21_02_2_amd64-core/All/pfSens... catatonic prime
01:20 PM Bug #11932 (Not a Bug): undefined function watchdogd_enabled: That function is present in pfSense Plus system.inc and if it's missing, it's a sign there is something wrong with yo... Jim Pingle
01:15 PM Bug #11932 (Not a Bug): undefined function watchdogd_enabled: Model: SG-4860 (amd64)
Base System: 21.02.2-RELEASE
I observed some of these issues (or others? I dunno I had a b... catatonic prime
01:58 PM pfSense Packages Feature #9238: Add support for Zerotier: Amy Nagle wrote:
> The pfSense-pkg-zerotier package's uninstall action removes zerotier from the rc.conf.local, so i... Gregory Moore
12:48 PM pfSense Packages Feature #9238: Add support for Zerotier: The pfSense-pkg-zerotier package's uninstall action removes zerotier from the rc.conf.local, so it won't start automa... Amy Nagle
10:30 AM pfSense Packages Feature #9238: Add support for Zerotier: Amy Nagle wrote:
> Just a warning to anyone doing an update from 2.4 to 2.5: make sure you don't have an interface a... Gregory Moore
08:11 AM pfSense Packages Feature #9238: Add support for Zerotier: Just a warning to anyone doing an update from 2.4 to 2.5: make sure you don't have an interface assigned to any zerot... Amy Nagle
08:09 AM pfSense Packages Feature #11931 (New): Add support for validating a domain's ownership via Google Cloud Cloud DNS: Add support for validating a domain's ownership via Google Cloud Cloud DNS.
Support for Google Cloud Cloud DNS is ... Alex Cazacu
07:40 AM pfSense Packages Bug #11930 (Needs Patch): DHCPV6 does not work with L3 Interfaces (tun_wg): Last I saw, WireGuard on FreeBSD did not support broadcast/multicast traffic yet. DHCPv6 may work on L3 interfaces bu... Jim Pingle
07:38 AM Bug #11929 (Rejected): Questions about NAT settings: This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
07:37 AM pfSense Packages Bug #11618 (Closed): WireGuard using incorrect IPv6 tunnel address prefix length: Can be reopened if it still applies to the package. Jim Pingle
07:37 AM pfSense Packages Bug #11585 (Closed): WireGuard kernel panic when changing peer port on assigned WireGuard interface: Can always be reopened if it's still a problem. Jim Pingle
07:30 AM Bug #11912 (Closed): IPsec GUI allows creating multiple identical Phase 1 entries when using FQDN for remote gateway: Jim Pingle
07:29 AM Bug #11928 (Duplicate): 2.6.0-DEVELOPMENT - state and byte counters on firewall rules tabs are all 0 zero: Duplicate of #11775 Jim Pingle
07:28 AM Bug #11893 (Closed): IPsec Dashboard widget only displays first P2 subnet when using a single traffic selector: Jim Pingle
02:30 AM Bug #11619: Unable to upgrade 2.4.4-p3 to 2.5/21.02-p1: Same here.... JD -

05/16/2021

04:24 PM pfSense Packages Bug #11930 (Needs Patch): DHCPV6 does not work with L3 Interfaces (tun_wg): If i use the tun_wg interface with DHCPV6 to push prefixes to peers DHPCV6 stops:
@/services_dhcpv6.php: The comma... Dirk Steingäßer
11:10 AM Bug #11929 (Rejected): Questions about NAT settings: It seems that NAT is not working properly.
I usually use two OpenVPNs to protect my privacy online at the same time,... Jack Harris

05/15/2021

09:59 PM pfSense Packages Bug #11618: WireGuard using incorrect IPv6 tunnel address prefix length: If still relevant, should be moved to the package support for the WG package in 2.6.0. This is no longer relevant fo... Kris Phillips
09:58 PM pfSense Packages Bug #11585: WireGuard kernel panic when changing peer port on assigned WireGuard interface: This should be closed out or moved to the packages section for 2.6.0, if it is still reproducible with the package. ... Kris Phillips
09:53 PM Bug #11912: IPsec GUI allows creating multiple identical Phase 1 entries when using FQDN for remote gateway: Tested this and it is now resolved. The newly fixed FQDN checks work on 21.05 RC. Kris Phillips
08:42 PM Bug #11928 (Duplicate): 2.6.0-DEVELOPMENT - state and byte counters on firewall rules tabs are all 0 zero: After upgrading from 2.5.1-Release to 2.6.0.a.20210513.0100 the counters on firewall rules tabs are always 0.
Afte... M Felden
04:24 PM Regression #11775: State counters not updating and always show 0/0 since last few updates: I'm able to reproduce this. I ran a constant ICMP from LAN over an IPSec tunnel. Both the IPSec and LAN firewall ru... Kris Phillips
04:18 PM Bug #11893: IPsec Dashboard widget only displays first P2 subnet when using a single traffic selector: Tested in 21.05 RC build from May 15th. Looks good. This can be closed out. Kris Phillips
04:04 PM Bug #11698: Incomplete PPPoE custom reset values lead to invalid cron entry: /var/etc/pppoe_restart_pppoe0 is not showing any values
#!/bin/sh
/usr/local/sbin/pfSctl -c 'interface reload ... Alhusein Zawi
02:32 PM Regression #11884 (Resolved): Export P12 icon is missing if certificate is not locally renewable: Tested in 2.6 and 21.05. Export P12 is available. I'll mark the ticket resolved. Max Leighton
12:30 PM Feature #11927: Allow DHCP not to serve a gateway - small fix: To add some clarity. The "none" option is available in the general config. However it is not on the static mapping page. Jori Huisman
07:20 AM Feature #11927 (Resolved): Allow DHCP not to serve a gateway - small fix: Currently pfSense cannot serve dual homed machine on DHCP without giving both interfaces a default gateway as leaving... Jori Huisman
05:23 AM Regression #11857: Match rules cause pf error parsing rules: I am seeing the exact same issue on my Negate 3100.
The first time I upgraded from 21.02 to 21.05 all outbound traff... Brad Hawkins
05:06 AM Bug #11926: Advanced DHCP client configuration "Protocol timing" help text is in the wrong location: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/254 Danilo Zrenjanin
04:57 AM Bug #11926 (Resolved): Advanced DHCP client configuration "Protocol timing" help text is in the wrong location: Under Interface setup > DHCP Client Configuration > Advanced configuration, help text for protocol timing is at the w... Danilo Zrenjanin
04:31 AM Bug #11850: NTP authentication input validation rejects valid keys: Jim Pingle wrote:
> Updating subject for release notes.
As I'm still on the 21.02.2-RELEASE (amd64) - when could ... Thomas Paetzold

05/09/2021

06:39 AM Bug #10671: pfsense 2.4.5_1 does not boot on Gen2 2012R2 HyperV VM: Jan de Groot wrote:
> After upgrade to 2.4.5_1, the boot fails with Input/Output error when loading the kernel. Test... itfabrica Tech
04:51 AM Bug #11894: Vouchers may expire too early when using RAM disks: A FL wrote:
> The forum thread is suspecting the problem to be related to ramdisk.
>
> If that is true, the issue... Viktor Gurov
01:10 AM pfSense Docs Todo #11499: Feedback on Services — DHCPv4 Server: https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/12 Viktor Gurov
01:02 AM Bug #10706: Kernel route table entries are removed if they match disabled static route entries: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/245 Viktor Gurov
12:40 AM pfSense Packages Bug #10933 (Resolved): Retired / Invalid IPv4 lists in pfBlockerNG: all these feeds are fixed in the latest versions of pfBlockerNG-devel Viktor Gurov
12:38 AM Bug #11897: Language presented to user during upgrade is misleading: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/244 Viktor Gurov
12:04 AM Bug #11815: NoIP.com Dynamic DNS update failure is not detected properly: https://github.com/pfsense/pfsense/pull/4518 Viktor Gurov

05/08/2021

08:02 PM pfSense Docs Correction #11399 (Rejected): SG-3100 M.2 Installation Guide Reinstall Corrections: Closing this as rejected, since I've tested this and it seems to have been an isolated incident. Kris Phillips
01:52 PM Bug #11778: OpenVPN uses 100% CPU after experiencing packet loss: OpenVPN is historically notorious for high CPU usage to the extent that it can clog up CPU usage to point that other ... Anonymous
12:02 PM Feature #11380 (Resolved): PHP shell playback script to modify Alias contents: Tested in
2.6.0-DEVELOPMENT (amd64)
built on Sat May 08 01:04:01 EDT 2021
FreeBSD 12.2-STABLE
Works as descr... Max Leighton

05/07/2021

05:38 PM Bug #11778: OpenVPN uses 100% CPU after experiencing packet loss: For the past week I've been testing with the traffic shaper disabled and that is what seems to be causing this issue.... Jason NA
02:17 PM Bug #11453: ``wpa_supplicant`` uses 100% of a CPU core at boot: Has this been been integrated to to the 2.6 development branch yet? MILO MEDIN
12:10 PM Feature #11899 (Pull Request Review): Add support for non-Oracle IP Check providers: Jim Pingle
11:48 AM Feature #11899: Add support for non-Oracle IP Check providers: https://github.com/pfsense/pfsense/pull/4519 James Edington
11:47 AM Feature #11899 (Duplicate): Add support for non-Oracle IP Check providers: Currently, only Oracle-run DynDNS is supported as an IP Check provider due to the code that parses an IP Check servic... James Edington
09:39 AM Regression #11839: Panic on 21.05/2.6.0 snapshots when memory usage is high: A couple more. I have additional ones I haven't posted as well... Not sure how helpful they might be at this point si... Jim Pingle
09:12 AM pfSense Packages Bug #11898 (Resolved): PHP error from apcupsd dashboard widget when battery is charging: Not clear exactly what led to this, but one of my systems running apcupsd had the following PHP error in its log:
... Jim Pingle
09:09 AM Bug #11897 (Closed): Language presented to user during upgrade is misleading: Even after #10387 I just noticed something else (screenshot attached).
That is what is presented to the user befor... Chris Linstruth
08:09 AM pfSense Docs Todo #11655 (Closed): Feedback on Packages: This was addressed a few weeks ago. All mentions of Quagga and OpenBGP outside of release notes mentioning they were ... Jim Pingle
06:17 AM Feature #7332: Provide certificate expiry warning: Hi! Do you think revoked certs should not trigger an expiration notification?
Perhaps it is worth creating a new iss... ilmarranen alex
05:18 AM Revision c632527d: Do not try to display too large PHP_errors.log file. Fixes #11685: Viktor Gurov

05/06/2021

05:14 PM Revision 22a82fdd: Remove unused killall qstats command. Issue #11229: Viktor Gurov
04:02 PM Revision 3f706839: Reroot is safe on ZFS now, so allow it. Fixes NG 6304: Jim Pingle
03:14 PM Bug #11894: Vouchers may expire too early when using RAM disks: I don't think so. We are not using HA sync on the appliance. Volker Werbus
02:52 PM Bug #11894: Vouchers may expire too early when using RAM disks: The forum thread is suspecting the problem to be related to ramdisk.
If that is true, the issue could be related t... A FL
01:13 AM Bug #11894: Vouchers may expire too early when using RAM disks: from https://forum.netgate.com/topic/162708/vouchers-getting-expired-before-remaining-time/15:
"Voucher system worki... Viktor Gurov
12:07 PM Bug #11815: NoIP.com Dynamic DNS update failure is not detected properly: Viktor Gurov wrote:
> Are you sure No-IP supports 'groupname:email' ddns format? It looks like you need to use the '... Stefan Bauer
10:56 AM Bug #11815: NoIP.com Dynamic DNS update failure is not detected properly: Stefan Bauer wrote:
> Viktor Gurov wrote:
> > Could you please test the attached patch?
>
> Unfortunately does n... Viktor Gurov
07:35 AM Bug #11815 (Pull Request Review): NoIP.com Dynamic DNS update failure is not detected properly: Jim Pingle
07:29 AM Bug #11815: NoIP.com Dynamic DNS update failure is not detected properly: Viktor Gurov wrote:
> Could you please test the attached patch?
Unfortunately does not work.
Username is encod... Stefan Bauer
05:36 AM Bug #11815: NoIP.com Dynamic DNS update failure is not detected properly: Could you please test the attached patch?
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/243
Viktor Gurov
02:38 AM Bug #11815: NoIP.com Dynamic DNS update failure is not detected properly: Should i prepare a PR to address the urlencode thing?
I do not have the skills to take care of the API change but wo... Stefan Bauer
07:23 AM pfSense Packages Bug #11515 (Pull Request Review): node_exporter 0.18.1_1 - Unable to interact or start the service from web ui: Jim Pingle
12:34 AM pfSense Packages Bug #11515: node_exporter 0.18.1_1 - Unable to interact or start the service from web ui: Joel Holveck wrote:
> I note at least two issues remaining.
>
> First, the config file is in @/usr/local/etc/rc.c... Viktor Gurov
07:21 AM Bug #11893 (Pull Request Review): IPsec Dashboard widget only displays first P2 subnet when using a single traffic selector: Jim Pingle
12:06 AM Bug #11893: IPsec Dashboard widget only displays first P2 subnet when using a single traffic selector: much better now (see screenshots)
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/241 Viktor Gurov
07:17 AM Bug #11896 (Rejected): Packet loss with multiple OpenVPN client connections: There isn't nearly enough detail here for a valid bug report, and it's entirely possible that it is not a bug but a c... Jim Pingle

05/05/2021

08:19 PM Bug #11815: NoIP.com Dynamic DNS update failure is not detected properly: In addition to changes in the noip ddns update api, the response codes/status may have also changed.
See https://www... John Clark
03:40 PM Bug #11815: NoIP.com Dynamic DNS update failure is not detected properly: This appears to be a regression from 2.4.5, as the code changed during the update for #6638, as Viktor noted.
In 2... John Clark
02:41 PM Bug #11815: NoIP.com Dynamic DNS update failure is not detected properly: https://github.com/pfsense/pfsense/pull/4518 Stefan Bauer
12:46 PM Bug #11815: NoIP.com Dynamic DNS update failure is not detected properly: problem is ... Stefan Bauer
10:55 AM Bug #11815 (New): NoIP.com Dynamic DNS update failure is not detected properly: The only actionable thing I see here is that the process returned an error but was treated as a success. It should ha... Jim Pingle
10:54 AM Bug #11815: NoIP.com Dynamic DNS update failure is not detected properly: Please note, above hostname is the real hostname as well as the ip. You can check public DNS, it's not updated, even ... Stefan Bauer
10:50 AM Bug #11815: NoIP.com Dynamic DNS update failure is not detected properly: Hi pleas re-open. Problem still exists here as well. Looks like its a parsing issue as the username is 'GROUPNAME:USE... Stefan Bauer
07:37 PM Revision 69d1be2f: Update services_dyndns_edit.php: Fix additional typo in description. Stefan Bauer
07:27 PM Revision c85ae535: Allow group authentication for NoIP dyndns service.: Extend information for service NoIP to replace ':' in username by '#'.
Allow '#' in username. Stefan Bauer
07:06 PM Bug #11896 (Rejected): Packet loss with multiple OpenVPN client connections: Packet loss with multiple OpenVPN client connections. This started occurring after Release candidate 2.5.1.r.20210403... Keith Townsend
06:27 PM pfSense Packages Bug #11892: WireGuard: dpinger does not start correctly on a WireGuard gateway at boot: Fixed internally, fix will be in next PR Christian McDonald
12:55 PM pfSense Packages Bug #11892 (Resolved): WireGuard: dpinger does not start correctly on a WireGuard gateway at boot: With a WireGuard interface assigned and with a gateway set dpinger does not start correctly at boot. Instead it shows... Steve Wheeler
05:05 PM Feature #11895 (Resolved): Require user to manually apply changes after altering static route entries: Users have requested that there be an Apply Changes confirmation when adding/deleting/changing static routes. The req... Max Leighton
04:21 PM Bug #11894 (Closed): Vouchers may expire too early when using RAM disks: We just upgraded around 10 sites from 2.4.5 to 2.5.1 and detected a strange behavior: We have created 3 voucher rolls... Volker Werbus
01:48 PM Revision f528b6a9: Ensure mobile IPsec pools are always in config. Issue #11891: Jim Pingle
01:23 PM Bug #11893: IPsec Dashboard widget only displays first P2 subnet when using a single traffic selector: Adding sanitized Dashboard Widget Example. Kris Phillips
01:20 PM Bug #11893: IPsec Dashboard widget only displays first P2 subnet when using a single traffic selector: Adding sanitized Status IPSec Page for Comparison. Kris Phillips
01:20 PM Bug #11893: IPsec Dashboard widget only displays first P2 subnet when using a single traffic selector: Since there is only one child SA here with multiple traffic selectors I'm not sure how viable it would be to break th... Jim Pingle
01:11 PM Bug #11893 (Closed): IPsec Dashboard widget only displays first P2 subnet when using a single traffic selector: The IPSec Dashboard Widget only shows the first P2 tunnel when the tunnels are "grouped" like the new way Strongswan ... Kris Phillips
01:06 PM Revision 0a7699de: Correct IPsec P1 Child SA Start Action validation. Fixes #11576: Jim Pingle
09:04 AM Bug #11891 (Feedback): strongSwan configuration contains incorrect structure for mobile pool DNS records: Jim Pingle
08:47 AM Bug #11891 (In Progress): strongSwan configuration contains incorrect structure for mobile pool DNS records: "radius" is a special internal pool in strongSwan, which expects settings to be returned from RADIUS and not defined ... Jim Pingle
07:42 AM Bug #11891 (Resolved): strongSwan configuration contains incorrect structure for mobile pool DNS records: Hello,
according to https://wiki.strongswan.org/projects/strongswan/wiki/Fromipsecconf:
old style configuration
... Oleksandr Yermolenko
08:15 AM Feature #11576 (Feedback): IPsec GUI option to control Child SA ``start_action``: Applied in changeset commit:0a7699de800e849056773b5c4a762096e1689260. Jim Pingle
08:04 AM Feature #11576 (In Progress): IPsec GUI option to control Child SA ``start_action``: Input validation isn't quite right, GUI control is hidden for mobile tunnels but the validation still throws an error... Jim Pingle
07:37 AM Feature #7092 (Pull Request Review): Kernel modules for alternate congestion control algorithms: Jim Pingle
05:33 AM Feature #7092: Kernel modules for alternate congestion control algorithms: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/240 Viktor Gurov
07:34 AM Bug #11829 (Pull Request Review): OpenVPN client certificate validation with OCSP always fails: Jim Pingle
02:51 AM Bug #11829: OpenVPN client certificate validation with OCSP always fails: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/239 Viktor Gurov
07:33 AM Bug #11830 (Pull Request Review): Certificate validation with OCSP always fails in ``openvpn.tls-verify.php``: Jim Pingle
02:43 AM Bug #11830: Certificate validation with OCSP always fails in ``openvpn.tls-verify.php``: openssl ocsp response sample without '-resp_text' (google.com):... Viktor Gurov
07:32 AM Bug #11851 (Closed): /etc/rc.start_packages double-starts some packages: Closing this. If other packages need adjusted, a new issue can be opened for each affected package. Jim Pingle
02:07 AM Bug #11851: /etc/rc.start_packages double-starts some packages: these are pkg issues, see #11887 #11888 #11889 Viktor Gurov
07:31 AM pfSense Packages Bug #11887 (Pull Request Review): Squid service starts twice by /etc/rc.start_packages: Jim Pingle
02:05 AM pfSense Packages Bug #11887: Squid service starts twice by /etc/rc.start_packages: caused by disabled SquidGuard service
fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/89 Viktor Gurov
01:04 AM pfSense Packages Bug #11887 (Resolved): Squid service starts twice by /etc/rc.start_packages: /etc/rc.start_packages starts squid twice:... Viktor Gurov
07:31 AM pfSense Packages Bug #11889 (Pull Request Review): BIND starts twice by /etc/rc.start_packages: Jim Pingle
01:32 AM pfSense Packages Bug #11889: BIND starts twice by /etc/rc.start_packages: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/88 Viktor Gurov
01:28 AM pfSense Packages Bug #11889 (Resolved): BIND starts twice by /etc/rc.start_packages: /etc/rc.start_packages:... Viktor Gurov
07:30 AM pfSense Packages Bug #11888 (Pull Request Review): FreeRADIUS starts twice by /etc/rc.start_packages: Jim Pingle
01:22 AM pfSense Packages Bug #11888: FreeRADIUS starts twice by /etc/rc.start_packages: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/87 Viktor Gurov
01:08 AM pfSense Packages Bug #11888 (Resolved): FreeRADIUS starts twice by /etc/rc.start_packages: /etc/rc.start_packages:... Viktor Gurov
07:26 AM pfSense Packages Feature #11890: Browser-based "clientless" VPN: Unless something new has come up recently there aren't any reliable and actively developed open source browser-based ... Jim Pingle
05:51 AM pfSense Packages Feature #11890 (New): Browser-based "clientless" VPN: I wanted to ask for a feature for a Web Browser clientless based VPN Portal, where I can activate a VPN with credenti... Tu Thach
12:10 AM Feature #5331: IPSec table for tuning strongswan.conf: Lars Pedersen wrote:
> Tried to add retransmission strategy in a pull request https://github.com/pfsense/pfsense/pul... Viktor Gurov

05/04/2021

07:12 PM Bug #11877: Labels and description disappear in firewall_schedule_edit.php: I think the original reason to hide it through .help-block was to avoid cluttering the "Configured Ranges" section. R... Marcos M
05:28 PM Revision a9a1a1ef: Remove pfSense-builder. It's not being used anymore: Renato Botelho
12:52 PM pfSense Packages Bug #11886: WireGuard: PHP error in vpn_wg_peers_edit.php: This was resolved after the initial PR. Should be fixed in the next revision Christian McDonald
10:20 AM pfSense Packages Bug #11886 (Resolved): WireGuard: PHP error in vpn_wg_peers_edit.php: When setting the allowed IPs on a peer as 0.0.0.0/0 only the following error is generated:... Steve Wheeler
09:43 AM pfSense Docs Todo #11875 (Closed): Feedback on Releases — 21.02/21.02-p1/2.5.0 New Features and Changes: It was there just a different heading ("Security / Errata"), and it didn't have the same content. I made some adjustm... Jim Pingle
08:19 AM Bug #11882: NIC Passthrough in Virtualized pfSense 2.5.1 Crashes Hypervisor: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=253932 Viktor Gurov
07:38 AM Bug #11882 (Needs Patch): NIC Passthrough in Virtualized pfSense 2.5.1 Crashes Hypervisor: Unlikely to be specific to pfSense, and not much to go on. You should try it on development snapshots first, and if i... Jim Pingle
08:06 AM pfSense Plus Bug #11885 (Not a Bug): Fatal data abort and reboot SG-1100: Please contact Netgate TAC and work through this with them at https://go.netgate.com, thanks! Jim Pingle
07:35 AM pfSense Plus Bug #11885 (Not a Bug): Fatal data abort and reboot SG-1100: Good morning, we hope y'all are doing well during these challenging times. We've had a rough go with our SG-1100, wha... Brian Carpenter
07:45 AM Bug #11883 (Pull Request Review): ``dhcp6withoutra_script.sh`` does not get executed when advanced options are set: Jim Pingle
02:24 AM Bug #11883: ``dhcp6withoutra_script.sh`` does not get executed when advanced options are set: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/236 Viktor Gurov
07:43 AM Regression #11884 (Pull Request Review): Export P12 icon is missing if certificate is not locally renewable: Jim Pingle
01:36 AM Regression #11884: Export P12 icon is missing if certificate is not locally renewable: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/235 Viktor Gurov
01:32 AM Regression #11884: Export P12 icon is missing if certificate is not locally renewable: #10284 regression Viktor Gurov
01:31 AM Regression #11884 (Resolved): Export P12 icon is missing if certificate is not locally renewable: If you import public/private key from the external CA, there is no "Export P12" on the system_certmanager.php page
h... Viktor Gurov

05/03/2021

11:15 PM Bug #11883 (Closed): ``dhcp6withoutra_script.sh`` does not get executed when advanced options are set: In interfaces.inc:5274 (which gets executed if we have advanced options enabled) the "normal" script is used even whe... Flole Systems
07:55 PM Revision 5e264b0a: Enable build of pfSense-pkg-WireGuard: Renato Botelho
06:42 PM Revision 6a9fa747: Add spinning icon to IPsec status wait message: Steve Beaver
06:34 PM Bug #11882 (Needs Patch): NIC Passthrough in Virtualized pfSense 2.5.1 Crashes Hypervisor: Running pfSense 2.4.5 in Proxmox with Intel NIC passed through was stable for several months. After updating to 2.5.1... James Blanton
03:43 PM Bug #11881 (Not a Bug): Old Gateways show up: That is intentional. It errs on the side of not deleting historical data that someone may want to retain. Jim Pingle
03:31 PM Bug #11881 (Not a Bug): Old Gateways show up: Status -> Monitoring -> Quality -> Graph
There are old gateways listed that no longer exist Moritz Schwarz
01:03 PM Bug #11290: Package ``<plugins>`` and ``<tabs>`` content missing from configuration in some cases: Viktor Gurov wrote:
> Jeremy Utley wrote:
> > I am encountering this exact issue on 2.5.1 now. I have a pair of 2.... Jeremy Utley
11:27 AM Regression #11316: Unbound crashes with signal 11 when reloading: Had crash that even watchdog did not recover. tried manually restarting unbound via web GUI, status was showing as ok... Vaidotas Butkus
11:18 AM Regression #11316: Unbound crashes with signal 11 when reloading: Is there a release of the reverted unbound to try? I'm willing to try it.
I'm now crashing 3 or 4 times a day.
Mike Farmwald
11:12 AM Revision 35a52ca3: fix for missing 0 subnet when clone address entry, needed for vpn's that need two 0 subnets one for ipv4 and ipv6: Manojav Sridhar
09:22 AM Feature #10811: Randomize time of scheduled AutoConfigBackup runs: Applied patch to 21.02.2-RELEASE. Looks good there. Chris Linstruth
08:09 AM pfSense Packages Bug #11878 (Pull Request Review): squidguard dependencies missing: Jim Pingle
06:56 AM pfSense Packages Bug #11878: squidguard dependencies missing: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/85 Danilo Zrenjanin
12:31 AM pfSense Packages Bug #11878 (Resolved): squidguard dependencies missing: pfSense-pkg-squidGuard must depend on pfSense-pkg-squid
https://forum.netgate.com/topic/158288/squidguard-dependen... Viktor Gurov
08:06 AM Bug #11877 (Pull Request Review): Labels and description disappear in firewall_schedule_edit.php: Jim Pingle
01:00 AM Bug #11877: Labels and description disappear in firewall_schedule_edit.php: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/233 Viktor Gurov
08:05 AM pfSense Packages Bug #11173 (Pull Request Review): Status>Monitoring parameters are hidden by the interactive graph: Jim Pingle
08:02 AM Feature #11876: OpenSSL does not use QAT acceleration on pfSense Plus 21.02-RELEASE-p1 or 21.05-DEVELOPMENT: It's not a bug per se, but a feature that does not yet exist (and which may not be as useful as you might expect):
... Jim Pingle
07:57 AM Bug #8013 (Pull Request Review): IPsec MSS clamping value shared for IPv4 and IPv6: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/230 Jim Pingle
07:48 AM pfSense Packages Bug #11874 (Not a Bug): Squid allows entering an invalid IP address into the Bypass Proxy for These Source IPs field: Jim Pingle
07:48 AM pfSense Packages Bug #11711 (Pull Request Review): New Squid Status Page Non-Functional: Jim Pingle
07:45 AM Bug #11873 (Pull Request Review): HTTP Referer error message text is incorrect: Jim Pingle
07:40 AM Feature #9877 (Pull Request Review): QEMU Guest Agent: Jim Pingle
07:40 AM Bug #11781 (Closed): Disable DNSSEC option for dnsmasq: This issue is not referring to an option in the GUI or CLI but a pkg build option:
On 2.5.1:... Jim Pingle
07:38 AM Bug #11815 (Rejected): NoIP.com Dynamic DNS update failure is not detected properly: Rejecting for now. If OP can provide more detail pointing to a potential cause or a reliable means of reproducing the... Jim Pingle
07:33 AM Bug #11820 (Rejected): Backup restore problem with webConfigurator: Rejecting for now since it cannot be reproduced. If someone can find a method capable of reproducing the problem reli... Jim Pingle
06:58 AM Bug #11880 (Closed): Missing ``/0`` subnet when cloning repeatable CIDR mask controls: PR : https://github.com/pfsense/pfsense/pull/4517 Christian McDonald
03:16 AM pfSense Packages Feature #11879 (Closed): Add support for SSL.com ACME server: Read more:
https://www.ssl.com/blogs/sslcom-supports-acme-protocol-ssl-tls-certificate-automation/
https://www.ssl.... Viktor Gurov
03:00 AM pfSense Docs Todo #11646 (Closed): Feedback on Virtual Private Networks — OpenVPN — OpenVPN and Multi-WAN: fixed Viktor Gurov

Also available in: Atom

Project

General

Profile

pfSense

Activity

Activity

06/01/2021

05/31/2021

05/30/2021

05/29/2021

05/28/2021

05/27/2021

05/26/2021

05/25/2021

05/24/2021

05/23/2021

05/22/2021

05/21/2021

05/20/2021

05/19/2021

05/18/2021

05/17/2021

05/16/2021

05/15/2021

05/14/2021

05/13/2021

05/12/2021

05/11/2021

05/10/2021

05/09/2021

05/08/2021

05/07/2021

05/06/2021

05/05/2021

05/04/2021

05/03/2021