Activity

30 days up to

User

Subprojects

Activity

From 05/12/2021 to 06/10/2021

06/10/2021

09:43 PM Bug #11934: IPSEC stops working on 2.5.1 running on Watchguard XTM 5: Tried altering and saving then applying but no IPSEC status, still unable to stop or start service... Paul Kennedy
08:29 PM Revision e2bb3424: Revise firewall schedule delete for MVC: Steve Beaver
05:34 PM Todo #12025 (New): Add 1:1 Validation to Notify Someone They are 1:1 NAT'ing an Interface Address: Although it is VERY rarely necessary, we should add a banner to the top of the 1:1 NAT page notifying end users that ... Kris Phillips
04:54 PM Revision 99b3a5cb: Change pkg install variable references. Fixes #11290: * For whatever reason, PHP was failing to copy certain values into
$pkg_data which was a reference to the pkg configu... Jim Pingle
03:04 PM Bug #12023: Mobile IPsec NAT/BINAT entries missing from firewall rules: Documenting a possible workaround:
If you have the following Mobile IPsec configuration:
Mobile Virtual Address... Chris Linstruth
11:25 AM Bug #12023: Mobile IPsec NAT/BINAT entries missing from firewall rules: Noting here what I mentioned on Slack:
* This is likely due to the fact that the "remote" network on mobile P2s is... Jim Pingle
11:18 AM Bug #12023 (Resolved): Mobile IPsec NAT/BINAT entries missing from firewall rules: Adding a NAT or BINAT to a mobile IPsec configuration does not work.
The nat rules are not added to the pf configu... Chris Linstruth
02:42 PM Revision 42c0b296: Fix state table content sorting. Fixes #11852: (cherry picked from commit 5d48880b48039967f3b2b5acfb1432ee30953140) Jim Pingle
02:26 PM Revision 5d48880b: Fix state table content sorting. Fixes #11852: Jim Pingle
01:25 PM Revision 02a923c1: Add devel/git back to list of packages: (cherry picked from commit 9713b8ee2a61b3e68ccae0c898adff69ed111948) Renato Botelho
01:11 PM Bug #11852: State table content on ``diag_dump_states.php`` does not sort properly: Typo Jim Pingle
12:54 PM Bug #11852: State table content on ``diag_dump_states.php`` does not sort properly: Updating subject for release notes. Jim Pingle
12:29 PM Bug #11852 (Resolved): State table content on ``diag_dump_states.php`` does not sort properly: Confirmed fix Renato Botelho
09:44 AM Bug #11852: State table content on ``diag_dump_states.php`` does not sort properly: Picked back to RELENG_2_5_2 as well. Jim Pingle
09:35 AM Bug #11852 (Feedback): State table content on ``diag_dump_states.php`` does not sort properly: Applied in changeset commit:5d48880b48039967f3b2b5acfb1432ee30953140. Jim Pingle
09:29 AM Bug #11852: State table content on ``diag_dump_states.php`` does not sort properly: Simple fix, commit pending. Jim Pingle
12:55 PM Regression #12005: ``Recover config.xml`` installer option does not work after default ZFS pool name change: Excluding from release notes since it was a regression which happened after the last release. Jim Pingle
09:41 AM Regression #12005 (Closed): ``Recover config.xml`` installer option does not work after default ZFS pool name change: I've tried this a few times now with RC iso installs and it works fine with the new pool name and old pool name for m... Jim Pingle
12:35 PM Regression #12024 (In Progress): State table data in GUI does not show the expected interface after latest pf merge: Jim Pingle
12:35 PM Regression #12024 (Closed): State table data in GUI does not show the expected interface after latest pf merge: Adding for tracking purposes, it's a known issue but I don't see it in Redmine.
After the latest pf merge, the int... Jim Pingle
12:27 PM Todo #11684 (Resolved): Set ``explicit-exit-notify`` option by default for new OpenVPN server instances: Confirmed fix on wizard Renato Botelho
12:05 PM Bug #11290 (Feedback): Package ``<plugins>`` and ``<tabs>`` content missing from configuration in some cases: Applied in changeset commit:99b3a5cb0ef4586222a331045df3cee17bb25d31. Jim Pingle
12:02 PM Bug #11290: Package ``<plugins>`` and ``<tabs>`` content missing from configuration in some cases: For whatever reason, PHP was failing to copy certain values into @$pkg_data@ which was a reference to the pkg configu... Jim Pingle
09:56 AM Bug #11290 (New): Package ``<plugins>`` and ``<tabs>`` content missing from configuration in some cases: There is still a bug here somewhere. Installing FRR on a complete fresh installation still doesn't get the proper @<p... Jim Pingle
11:01 AM Bug #11453: ``wpa_supplicant`` uses 100% of a CPU core at boot: Renato Botelho wrote:
> Hayden Hill wrote:
> > rom racer wrote:
> > > I don't know what interfaces.inc is but if y... Hayden Hill
06:17 AM Bug #11453: ``wpa_supplicant`` uses 100% of a CPU core at boot: Hayden Hill wrote:
> rom racer wrote:
> > I don't know what interfaces.inc is but if you read the original descript... Renato Botelho
10:17 AM Regression #11981 (Closed): Duplicating Outbound NAT rule does not carry over contents of the source rule: Works with the latest RELENG_2_5_2 code in place. Jim Pingle
10:16 AM Bug #11946 (Closed): Custom value for AutoConfigBackup schedule Hours is not shown when loading the settings page: Works with the latest RELENG_2_5_2 code in place. Jim Pingle
10:12 AM Bug #11967 (Closed): Mobile IPsec advanced RADIUS parameters do not allow numeric values with a decimal point: Works on 2.5.2 RC image 2.5.2.r.20210609.0300 -- the *Retransmit Base* and *Retransmit Timeout* fields allowed values... Jim Pingle
10:04 AM Regression #11994 (Closed): Firewall rule usage counters showing 0/0 after latest pf merge: All good now on 2.5.2 and 2.6.0 Jim Pingle
09:57 AM Bug #12022 (Resolved): Incorrect OpenVPN Client Export help link: The help icon on the vpn_openvpn_export.php page points to
https://docs.netgate.com/pfsense/en/latest/vpn/openvpn/i... Viktor Gurov
07:36 AM Regression #11805 (Resolved): Port forward rules only function through the default gateway interface, ``reply-to`` does not work for Multi-WAN (CE Only): Bouke Henstra wrote:
> Jim Pingle wrote:
> > Adam Kuklycz wrote:
> > > Question, does this affect virtual IP's tha... Renato Botelho
07:33 AM Regression #11982 (Resolved): Outbound NAT does not create automatic equivalent rules when switching from Automatic to Manual mode: Confirmed fix. It will reach 21.09 on next round of merges. Renato Botelho
07:24 AM Regression #12021 (Pull Request Review): NoIP.com incorrectly encodes Dynamic DNS update credentials: Jim Pingle
05:07 AM Regression #12021: NoIP.com incorrectly encodes Dynamic DNS update credentials: fix:
https://redmine.pfsense.org/issues/12021 Viktor Gurov
05:04 AM Regression #12021 (Resolved): NoIP.com incorrectly encodes Dynamic DNS update credentials: There is no need to `urlencode` user credentials (CURLOPT_USERPWD already encode them):... Viktor Gurov
07:21 AM Bug #12020 (Pull Request Review): OpenVPN RADIUS-based firewall rules use incorrect port ranges: Jim Pingle
03:47 AM Bug #12020: OpenVPN RADIUS-based firewall rules use incorrect port ranges: https://github.com/pfsense/pfsense/pull/4522 Viktor Gurov
03:47 AM Bug #12020 (Resolved): OpenVPN RADIUS-based firewall rules use incorrect port ranges: Previous operator ( `><` ) prevented inserting port range with min/max port.
Ex.... Viktor Gurov
04:23 AM pfSense Packages Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port: I had the same problem.
To replicate I connect a client, then kill the openvpn.exe process.
On the pfsense the user... Marco Conca
04:17 AM Bug #11699: OpenVPN does not clean up parsed ``Cisco-AVPair`` rules on non-graceful disconnect: This is not enabled for new servers created by the Remote Access Wizard.
fix:
https://gitlab.netgate.com/pfSense/... Viktor Gurov
04:07 AM Regression #11795: Applying IPsec settings for more than ~30 tunnels times out PHP: extra improvements:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/279 Viktor Gurov

06/09/2021

08:57 PM Revision 3032e3b7: OpenVPN Wizard: Enable exit_notify by default: Follow up with fix for ticket #11684 and also enable it on server
tunnels created using wizard
(cherry picked from c... Renato Botelho
07:23 PM Revision e6389f63: OpenVPN Wizard: Enable exit_notify by default: Follow up with fix for ticket #11684 and also enable it on server
tunnels created using wizard Renato Botelho
04:48 PM Bug #12003: Pie and ``fq_pie`` are missing options and do not handle floating point number input correctly: Patch version 2.
Fixed a spelling problem with the derand setting. Anonymous
03:58 PM Todo #11684: Set ``explicit-exit-notify`` option by default for new OpenVPN server instances: Chris Linstruth wrote:
> This is _not_ enabled for new servers created by the Remote Access Wizard.
>
> Reconnect... Renato Botelho
12:19 PM Todo #11684: Set ``explicit-exit-notify`` option by default for new OpenVPN server instances: This is _not_ enabled for new servers created by the Remote Access Wizard.
Reconnect to this server / Retry once i... Chris Linstruth
02:34 PM Revision 609a2127: Simplify logic: no functional changes: (cherry picked from commit a314c6c846406115c426ed20b102daf6e206b420) Renato Botelho
02:34 PM Revision 372453f5: Outbound NAT: Fix rule duplication - #11981: - firewall_nat_out.inc: Declare $after as a global variable otherwise
duplicate rule will always end up at the bott... Renato Botelho
02:22 PM Revision a314c6c8: Simplify logic: no functional changes: Renato Botelho
02:15 PM Revision 9fedbb13: Outbound NAT: Fix rule duplication - #11981: - firewall_nat_out.inc: Declare $after as a global variable otherwise
duplicate rule will always end up at the bott... Renato Botelho
01:45 PM Bug #11453: ``wpa_supplicant`` uses 100% of a CPU core at boot: rom racer wrote:
> I don't know what interfaces.inc is but if you read the original description of this bug, this wa... Hayden Hill
01:25 PM Bug #11453: ``wpa_supplicant`` uses 100% of a CPU core at boot: I don't know what interfaces.inc is but if you read the original description of this bug, this was encountered in an ... rom racer
12:49 PM Bug #11453: ``wpa_supplicant`` uses 100% of a CPU core at boot: rom racer wrote:
> @Renato please re-open this bug.
>
> There's two versions of wpa_supplicant included in pfSesn... Renato Botelho
12:44 PM Bug #11453: ``wpa_supplicant`` uses 100% of a CPU core at boot: rom racer wrote:
> @Renato please re-open this bug.
>
> There's two versions of wpa_supplicant included in pfSesn... Renato Botelho
08:23 AM Bug #11453: ``wpa_supplicant`` uses 100% of a CPU core at boot: @Renato please re-open this bug.
There's two versions of wpa_supplicant included in pfSesnse. Both the version in... rom racer
07:49 AM Bug #11453 (Resolved): ``wpa_supplicant`` uses 100% of a CPU core at boot: This fix was committed on ports on wpa_supplicant version 2.9_3. We are now using 2.9_10. Renato Botelho
01:32 PM Revision bf1f1428: AutoConfigBackup schedule custom hour value fix. Issue #11946: (cherry picked from commit 806d5c497497476e92568e168c302275e576e25c) Viktor Gurov
12:46 PM Regression #12017: FreeBSD-SA-21:12.libradius breaks mpd5 when using MS-CHAPv2: I am unable to reproduce this on 2.6.0.a.20210609.0100 or 2.5.2.r.20210609.0300
In either case, the authentication... Jim Pingle
02:18 AM Regression #12017 (Resolved): FreeBSD-SA-21:12.libradius breaks mpd5 when using MS-CHAPv2: [[https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=256283]] Bug 256283
l2tp authentication using radius is broken a... Michele Rento
10:15 AM Regression #11805: Port forward rules only function through the default gateway interface, ``reply-to`` does not work for Multi-WAN (CE Only): Jim Pingle wrote:
> Adam Kuklycz wrote:
> > Question, does this affect virtual IP's that are setup on the same inte... Bouke Henstra
10:09 AM pfSense Docs Todo #12018 (Pull Request Review): Feedback on Firewall — Configuring firewall rules: Jim Pingle
03:14 AM pfSense Docs Todo #12018: Feedback on Firewall — Configuring firewall rules: from https://www.freebsd.org/cgi/man.cgi?query=pf.conf&apropos=0&sektion=0&manpath=FreeBSD+13.0-RELEASE+and+Ports&arc... Viktor Gurov
03:04 AM pfSense Docs Todo #12018 (Closed): Feedback on Firewall — Configuring firewall rules: *Page:* https://docs.netgate.com/pfsense/en/latest/firewall/configure.html
*Feedback:*
There is no description ... Viktor Gurov
09:49 AM Regression #11981 (Feedback): Duplicating Outbound NAT rule does not carry over contents of the source rule: Fix pushed to 2.6.0 and 2.5.2 Renato Botelho
09:04 AM Regression #11981: Duplicating Outbound NAT rule does not carry over contents of the source rule: Renato Botelho wrote:
> It actually broke duplication and is now acting like rule is being edited instead of creatin... Renato Botelho
08:43 AM Regression #11981 (In Progress): Duplicating Outbound NAT rule does not carry over contents of the source rule: It actually broke duplication and is now acting like rule is being edited instead of creating a new one Renato Botelho
09:36 AM pfSense Docs Todo #12016 (Closed): Feedback on Cellular Wireless — Known Working 3G-4G Modems: Merged. I fixed the formatting (Should be @::@ not @:::@) but it was wrong on multiple entries so I fixed them all in... Jim Pingle
12:36 AM pfSense Docs Todo #12016: Feedback on Cellular Wireless — Known Working 3G-4G Modems: https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/16 Viktor Gurov
12:26 AM pfSense Docs Todo #12016 (Closed): Feedback on Cellular Wireless — Known Working 3G-4G Modems: *Page:* https://docs.netgate.com/pfsense/en/latest/cellular/hardware.html
*Feedback:*
Add Huawei E5573 to the... Viktor Gurov
08:36 AM Todo #11943 (Resolved): Add FRR package documentation links: Confirmed fix Renato Botelho
08:33 AM Bug #11946: Custom value for AutoConfigBackup schedule Hours is not shown when loading the settings page: Cherry-picked to 2.5.2-RC Renato Botelho
07:56 AM pfSense Packages Bug #11605: Suricata can trigger PHP crash on SG-3100: Jim Pingle wrote:
> Bill Meeks wrote:
> > Does this function call work without restarting PHP? I don't have hardwar... Bill Meeks
07:47 AM pfSense Packages Bug #12019 (Not a Bug): Right Axis always shows `None -`: That's not what it's indicating. You can graph two separate items, in the settings they are labeled to match (Left Ax... Jim Pingle
07:34 AM pfSense Packages Bug #12019 (Not a Bug): Right Axis always shows `None -`: It should show something like "Right Axis: Time" Viktor Gurov
07:45 AM Bug #11966 (Resolved): Incorrect RADVD log message on HA event: Confirmed fix Renato Botelho
07:42 AM Bug #3132: Gateway events for IPv6 affect IPv4 services and vice versa: see #11864#note-3 Viktor Gurov
07:41 AM Bug #11864: OpenVPN stays bound to previous IP address after interface changes: We have to create a function `restart_interface_services($interface, $ipproto)` to restart all interface and IPv4/IPv... Viktor Gurov

06/08/2021

10:10 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: I don't use either Snort or Suricata in operation but I do use pfBLockerNG-devel and the patch has solved the stabili... Loh Phat
09:15 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: Jim Pingle wrote:
> Each package maintainer would need to handle changes to their own code, should they choose to ta... Bill Meeks
09:28 AM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: Darin May wrote:
> How is the cat-herding addressed so that the work-around isn't duplicated across packages?
It ... Jim Pingle
09:24 AM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: How is the cat-herding addressed so that the work-around isn't duplicated across packages? I've noticed chit-chat in... Loh Phat
08:35 AM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: Darin May wrote:
> I'm not familiar with the criteria for bugs to be listed in the target fix list of open issues, b... Jim Pingle
02:24 AM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: Kris Phillips wrote:
> Tested in 21.09 Jun 5th build. This patch is present and no longer needs to be applied manual... Loh Phat
09:52 PM Bug #12015 (Not a Bug): When using VMware Fusion/Workstation NAT, with pfsense IPSEC, no routes are going thru the tunnel: No evidence that this is a bug and not a config/environment issue. Post on the forum to discuss it in more detail. Jim Pingle
07:53 PM Bug #12015 (Not a Bug): When using VMware Fusion/Workstation NAT, with pfsense IPSEC, no routes are going thru the tunnel: So I have a virtualized lab setup that has to connect to a corporate development lab. I have a layered setup where I ... Jeremy Cejka
09:51 PM pfSense Packages Bug #11605: Suricata can trigger PHP crash on SG-3100: Bill Meeks wrote:
> Does this function call work without restarting PHP? I don't have hardware at the moment to test... Jim Pingle
09:20 PM pfSense Packages Bug #11605: Suricata can trigger PHP crash on SG-3100: Jim Pingle wrote:
> The patch should fix the behavior, but the package could also implement the fix on its own using... Bill Meeks
02:52 PM Bug #12014 (Duplicate): Invalid arguments passed in services_dhcpv6_relay.php on line 116: This appears to be a duplicate of #11969 Jim Pingle
02:25 PM Bug #12014 (Duplicate): Invalid arguments passed in services_dhcpv6_relay.php on line 116: Just got this error while saving DHCPv6 relay settings on the 2.5.2-BETA.
pfSense asked me to upload the log. Dan W
09:23 AM Bug #12008 (Not a Bug): IPsec - mutual certificate - can't find priv key: The identifiers must match and be present in the certificate. As you see, it's not always exactly the same in each ca... Jim Pingle
05:27 AM Bug #12008: IPsec - mutual certificate - can't find priv key: it seems working setting my identifer as asn.1, but using as DN the output of the command:
ipsec listcerts
that o... Fabio V
12:42 AM Bug #12008 (Not a Bug): IPsec - mutual certificate - can't find priv key: IPsec with mutual certificate
Jun 8 07:35:28 charon 95058 16[IKE] <con400000|35> IKE_SA con400000[35] state chang... Fabio V
07:35 AM Bug #12013 (New): Reading log data is inefficient in certain cases: When reading log files, the functions are set to fetch a specific number of lines (e.g. 50, 250, 500) but to get thos... Jim Pingle
07:29 AM Bug #11934: IPSEC stops working on 2.5.1 running on Watchguard XTM 5: I cannot tell if the same issue but with 2.5.1 I am experiencing a similar problem with VPN and not with the watchgua... Denis Grilli
07:24 AM Todo #12012 (Resolved): Improve log settings help text for file size, compression, and retention count: The fields in log settings for file size and compression lack information that users need to make properly informed d... Jim Pingle
07:14 AM Feature #12011 (Closed): Disable log compression on new installations when ``/var/log`` is a ZFS dataset with compression enabled: The default setting for log compression is currently bzip2 for all cases, which isn't ideal for every case. If /var/l... Jim Pingle
06:40 AM Bug #12010 (Closed): System default gateway doesn't automatically switch from an inactive gateway if a specific gateway is selected: from https://forum.netgate.com/topic/161065/%D0%B2%D0%BE%D0%BF%D1%80%D0%BE%D1%81%D1%8B-%D0%BF%D0%BE-pfsense-2-5-plus/... Viktor Gurov
05:26 AM Regression #11982: Outbound NAT does not create automatic equivalent rules when switching from Automatic to Manual mode: Max Leighton wrote:
> Tested in 2.6 it is working.
>
> It doesn't seem to have made it to 21.09 current build b... Viktor Gurov
01:35 AM pfSense Packages Bug #12009 (New): Zabbix Agent starts twice by /etc/rc.start_packages: ... Viktor Gurov
12:46 AM Regression #11994 (Feedback): Firewall rule usage counters showing 0/0 after latest pf merge: Fixed in 2.6.0 and 2.5.2.
The tracker ID wasn't being saved rendering the counters useless. Luiz Souza

06/07/2021

03:30 PM Bug #12007 (Resolved): Dynamic DNS cache expiration time check calculation method may cause update to happen on the wrong day: Dynamic DNS update is executed if a) no update has been done for the provider yet, b) the IP address has changed afte... Jaakko Kantojärvi
03:09 PM Regression #12005 (Feedback): ``Recover config.xml`` installer option does not work after default ZFS pool name change: Renato Botelho
09:19 AM Regression #12005 (Closed): ``Recover config.xml`` installer option does not work after default ZFS pool name change: On current 2.5.2, 2.6.0, and 21.09 snapshots the default ZFS pool name changed from "zroot" to "pfSense" and there is... Jim Pingle
02:20 PM Revision 188e82ff: Update config recovery to use new zpool name. Issue #12005: (cherry picked from commit d440bb6ae65f6ddb8ae310683cdac9ce64b01487) Jim Pingle
02:20 PM Revision d440bb6a: Update config recovery to use new zpool name. Issue #12005: Jim Pingle
12:50 PM Bug #11967: Mobile IPsec advanced RADIUS parameters do not allow numeric values with a decimal point: Tested on:... Danilo Zrenjanin
09:46 AM Feature #9297 (Pull Request Review): Graph for hardware temperature readings: Jim Pingle
05:16 AM Feature #9297: Graph for hardware temperature readings: rrd update:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/278
Status Monitoring pkg update:
https:... Viktor Gurov
09:41 AM pfSense Packages Bug #11993 (Pull Request Review): PHP error after disabling HAProxy: Jim Pingle
04:01 AM pfSense Packages Bug #11993: PHP error after disabling HAProxy: fix:
https://github.com/pfsense/FreeBSD-ports/pull/1072 Viktor Gurov
09:40 AM Bug #12002 (Pull Request Review): Boot messages contain entries about configuring LAGG/VLAN/QinQ interfaces even when no entries of those types are configured: Jim Pingle
02:10 AM Bug #12002: Boot messages contain entries about configuring LAGG/VLAN/QinQ interfaces even when no entries of those types are configured: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/277 Viktor Gurov
01:46 AM Bug #12002 (Resolved): Boot messages contain entries about configuring LAGG/VLAN/QinQ interfaces even when no entries of those types are configured: ... Viktor Gurov
09:40 AM Bug #12006 (Duplicate): CARP IP sometimes doesn't apply to CARP member: I noticed this when a CARP member had no CARP status. I was told that this can happen if the VIP address isn't appli... Andrew Waranowski
09:37 AM Bug #12001 (Pull Request Review): System attempts to stop inactive services at shutdown: Jim Pingle
01:27 AM Bug #12001: System attempts to stop inactive services at shutdown: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/276 Viktor Gurov
01:09 AM Bug #12001 (Resolved): System attempts to stop inactive services at shutdown: /etc/rc.stop_packages tries to stop disabled services:... Viktor Gurov
09:34 AM Bug #12000 (Pull Request Review): Remote log server input validation allows invalid values: Jim Pingle
01:01 AM Bug #12000: Remote log server input validation allows invalid values: OS interprets numeric-only value as decimal IP address:... Viktor Gurov
08:14 AM pfSense Packages Bug #11551: SG-3100 with pfBlockerNG doesn't pass traffic: See also: #12004 Jim Pingle
07:34 AM pfSense Packages Bug #11551: SG-3100 with pfBlockerNG doesn't pass traffic: The patch should fix the behavior, but the package could also implement the fix on its own using @ini_set("pcre.jit",... Jim Pingle
08:14 AM pfSense Packages Bug #11605: Suricata can trigger PHP crash on SG-3100: See also: #12004 Jim Pingle
07:19 AM pfSense Packages Bug #11605: Suricata can trigger PHP crash on SG-3100: The patch should fix the behavior, but the package could also implement the fix on its own using @ini_set("pcre.jit",... Jim Pingle
08:14 AM pfSense Plus Todo #12004: Disable PCRE JIT to work around PHP PCRE crashes on multi-core 32-bit ARM systems: Packages and other scripts could use @ini_set("pcre.jit", "0");@ to disable PCRE JIT on systems without the patch to ... Jim Pingle
08:08 AM pfSense Plus Todo #12004 (Resolved): Disable PCRE JIT to work around PHP PCRE crashes on multi-core 32-bit ARM systems: Currently, PHP crashes on multi-core 32-bit ARM systems (SG-3100) with certain PCRE calls, as documented on #11466, #... Jim Pingle
08:12 AM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: I created #12004 for the temporary workaround via disabling PCRE JIT. This issue can remain open while we investigate... Jim Pingle
07:50 AM Bug #12003 (Resolved): Pie and ``fq_pie`` are missing options and do not handle floating point number input correctly: Example:
"alpha" => array("name" => "alpha", "type" => "number", "default" => get_single_sysctl("net.inet.ip.dummyne... Anonymous
07:41 AM Regression #11805: Port forward rules only function through the default gateway interface, ``reply-to`` does not work for Multi-WAN (CE Only): Adam Kuklycz wrote:
> Question, does this affect virtual IP's that are setup on the same interface as the default ga... Jim Pingle
07:33 AM Todo #11983: Hide "Reboot and run a filesystem check" for ZFS systems: Darin May wrote:
> I'm running 21.05 on an sg-3100 and I don't have the fsck option on my reboot menu; should I?
... Jim Pingle
06:59 AM Feature #8794: NTP authentication support: The ntp client auth is yet to be implemented. Steve Wheeler
12:20 AM pfSense Packages Bug #11711: New Squid Status Page Non-Functional: Kris Phillips wrote:
> Can someone provide the patch once this is merged so we can test?
See the attachment
Viktor Gurov
12:05 AM pfSense Packages Feature #11349 (Resolved): Allow to set minimum TLS version: Viktor Gurov

06/06/2021

11:24 PM pfSense Packages Bug #11551: SG-3100 with pfBlockerNG doesn't pass traffic: The patch contained at https://redmine.pfsense.org/issues/11466#note-32 has stopped the PHP crashes. So this bug coul... Loh Phat
11:10 PM Regression #11805: Port forward rules only function through the default gateway interface, ``reply-to`` does not work for Multi-WAN (CE Only): Question, does this affect virtual IP's that are setup on the same interface as the default gateway IP, or does the I... Adam Kuklycz
09:41 AM Bug #12000 (Resolved): Remote log server input validation allows invalid values: When configuring remote syslog servers in status_logs_settings.php each server is entered as IP[:port]. Port 514 is a... Steve Wheeler
08:07 AM pfSense Packages Bug #11605: Suricata can trigger PHP crash on SG-3100: Does the PHP temp workaround patch fix this one too?
https://redmine.pfsense.org/issues/11466#note-32
Loh Phat

06/05/2021

03:42 PM Bug #11999 (Resolved): OpenVPN IPv6 tunnel network is not validated properly: If you enter an IPv6 address without a subnet mask, the configuration will be accepted, but the OpenVPN service will ... Danilo Zrenjanin
03:41 PM Regression #11316: Unbound crashes with signal 11 when reloading: The DHCP service doesn't appear to be reliably updating the DNS server either. Tested on 21.09 Jun 5th build, I did ... Kris Phillips
03:27 PM pfSense Plus Feature #11772: Layer 2 Tunnel Bonding Capability: I understand your concern about the requirement for an "upstream device on a big pipe," however this is exactly the s... Clint Guillot
01:57 PM pfSense Plus Feature #11772: Layer 2 Tunnel Bonding Capability: Not certain how this would be possible. Fundamentally internet connectivity doesn't work this way. You would need ... Kris Phillips
03:20 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: Tested in 21.09 Jun 5th build. This patch is present and no longer needs to be applied manually in the development ch... Kris Phillips
03:13 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: Reporting that the patch in #32 solved my 21.02.2 --> 21.05 upgrade w/pfBLockerNG-devel causing the firewall service ... Loh Phat
01:37 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: Decided to go through some performance testing and stress testing. I loaded the CPU to maximum with iPerf3 traffic a... Kris Phillips
03:04 PM Todo #11983: Hide "Reboot and run a filesystem check" for ZFS systems: I'm running 21.05 on an sg-3100 and I don't have the fsck option on my reboot menu; should I? Loh Phat
03:01 PM Regression #11982: Outbound NAT does not create automatic equivalent rules when switching from Automatic to Manual mode: Verified problem exists on Jun 5th build of 21.09.
Build Info:
21.09-DEVELOPMENT (arm)
built on Sat Jun 05 01:... Kris Phillips
01:26 PM Regression #11982: Outbound NAT does not create automatic equivalent rules when switching from Automatic to Manual mode: Tested in 2.6 it is working.
It doesn't seem to have made it to 21.09 current build because when I test in
21... Max Leighton
02:07 PM pfSense Packages Feature #11349: Allow to set minimum TLS version: Minimum TLS version option are: 1.0/1.1/1.2
2.5.1-RELEASE (amd64)
built on Mon Apr 12 07:50:14 EDT 2021 Alhusein Zawi
01:49 PM pfSense Packages Bug #11711: New Squid Status Page Non-Functional: Can someone provide the patch once this is merged so we can test? Kris Phillips
01:43 PM Bug #11946: Custom value for AutoConfigBackup schedule Hours is not shown when loading the settings page: Tested in 2.6.0. The specified hour will now stay on the page when after navigating away and navigating back.
Howe... Max Leighton
09:45 AM pfSense Docs Correction #11998 (Closed): Feedback on Hardware — Hardware Tuning and Troubleshooting: *Page:* https://docs.netgate.com/pfsense/en/latest/hardware/tune.html
*Feedback:*
Section "VMware vmx(4) Interfac... Michael Huck

06/04/2021

07:04 PM Revision 502973c8: Duplicating Outbound NAT rule fix. Issue #11981: (cherry picked from commit 68be10e63195d399089092149e119de30ae6a639) Viktor Gurov
07:04 PM Revision e191b65c: Create Outbound NAT automatic equivalent rules when switching from Automatic to Manual mode. Fixes #11982: (cherry picked from commit ec8adb56d59a293516d1a0a3fb4eb45aad299f5b) Viktor Gurov
05:30 PM pfSense Packages Feature #11997 (New): IPsec Profile Wizard: Add Support for exporting Android strongSwan Profiles: We currently have Apple and Windows IPSec profile export. However, we're missing this option for Android which has a... Kris Phillips
04:39 PM Bug #9277: MBT-4220/2220: pfSense hangs when running sysctl -a: We've received additional reports of issues related to this bug report. The behavior may be related to running sysctl... Max Leighton
02:58 PM Revision e691303d: Adjust validation for MVC: Steve Beaver
02:05 PM Regression #11981: Duplicating Outbound NAT rule does not carry over contents of the source rule: Fix was not picked back to 2.5.2, but is now. Will be in future builds. Jim Pingle
02:04 PM Regression #11982: Outbound NAT does not create automatic equivalent rules when switching from Automatic to Manual mode: Fix was not picked back to 2.5.2, but is now. Will be in future builds. Jim Pingle
01:00 PM Revision 34b44340: Revise top/bottom outbound rule addition: Steve Beaver
11:15 AM Revision 1f0abbad: Use stable host for pkg repo: Renato Botelho
11:10 AM Revision d7ee51c5: Welcome pfSense CE 2.5.2-RC: Renato Botelho
08:35 AM Regression #11910: IPsec status tunnel descriptions are incorrect: Also seeing strangeness in the IPsec dashboard widget. Customer also reporting the active tunnel counts are incorrect... Chris Linstruth
08:23 AM pfSense Plus Regression #11995 (Closed): UPnP/NAT-PMP not functioning on 32-bit ARM: UPnP is not functional on 32-bit ARM systems (SG-3100, SG-1000) running pfSense Plus 21.05. When a client attempts to... Jim Pingle
07:48 AM Regression #11994 (Closed): Firewall rule usage counters showing 0/0 after latest pf merge: On 2.6.0.a.20210604.0100 the state counters on the firewall rule tabs are showing 0/0 again. We had a similar issue i... Jim Pingle
05:41 AM Regression #11545: Primary interface address is not always used when VIPs are present: I believe I am seeing this now after upgrading 2.4.5-p1 -> 2.5.1-CE with FRR BGP where FRR is told to use the WAN IPv... M Felden
04:12 AM Regression #11775: State counters not updating and always show 0/0 since last few updates: Issue reappeared for me in 2.6.0.a.20210603.0625 and 2.6.0.a.20210604.0100 M Felden
01:35 AM pfSense Packages Bug #11993 (Resolved): PHP error after disabling HAProxy: After unchecking the "Enable HAProxy" checkbox and clicking 'Save' on the haproxy_global.php page, an error occurs:
... Viktor Gurov
01:16 AM Bug #11992 (Confirmed): GRE Tunnel - Does not work with a virtual IP as endpoint: I can confirm this issue on 2.6.0.a.20210603.0100/2.5.2.b.20210603.0300 (Proxmox VM) -
I see high packet loss when... Viktor Gurov

05/31/2021

07:56 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: I have confirmed this PHP segmentation fault issue is an issue only on 32-bit ARM hardware such as that in the SG-310... Bill Meeks
06:26 PM Revision 9713b8ee: Add devel/git back to list of packages: Renato Botelho
01:31 PM Bug #11629: PPPoE WAN IP address different than expected when set static by ISP: Jim Pingle wrote:
> We will need a lot more information here since it isn't happening to others that we're aware of ... Daniel van der Wal

05/30/2021

09:01 PM Bug #11636 (Resolved): Unused Limiter entries with schedules create unnecessary cron jobs: Tested and working on 21.05/2.5.2. Cron job was not added until a rule contained the limiter, and the cron job was re... Marcos M
08:43 PM Bug #11718 (Resolved): XMLRPC Client does not honor its default timeout value: This fix has resolved a couple of different setups where the 60s timeout was being hit. Afterwards, the xmlrpc calls ... Marcos M
07:19 PM pfSense Packages Bug #11980 (Feedback): EAP does not work with SQL backend: The problem is that the sql module references in /usr/local/etc/sites-enabled/inner-*-tunnel remain commented out or ... Louis Casambre
07:10 PM Bug #11979 (Rejected): GUI Cannot reassign Interface on LAGG port: I was trying to reassign the HA sync interface from lagg0.4000 to igb3 through the GIU. Saving the setting however wo... Louis Casambre
07:07 PM Regression #11795 (Resolved): Applying IPsec settings for more than ~30 tunnels times out PHP: Tested 51 entries and working on 21.05/2.5.2 - marking as resolved. Marcos M
04:47 PM Bug #11704 (Resolved): Stale hostname registration data for OpenVPN clients is not deleted from the DNS Resolver configuration at boot: Tested and working - marking as resolved. Marcos M
04:15 PM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: >
> I gave up 2 years ago and moved to Untangle Firewall. Worked instantly for all the xboxes in our house. All m... Polar Nerd
04:08 PM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: Polar Nerd wrote:
> Marc 05 wrote:
> > Likely not as miniupnp hasn't changed afaik.
>
> FYI here is a link to wh... Shane Angelo
12:36 PM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: Marc 05 wrote:
> Likely not as miniupnp hasn't changed afaik.
FYI here is a link to where they are discussing thi... Polar Nerd
09:12 AM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: Likely not as miniupnp hasn't changed afaik.
If you have time, find a copy of 2.4.0 and test it. It may help narro... Marc 05
04:16 AM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: Will this work on 2.5.1, as still having the same issue.
would love to test on 2.5.1 as i have 3 pcs all with COD ... Michael Clews
01:37 PM Bug #11821 (Rejected): Upgrade libcurl to version 7.76.0: There are CVEs present in 7.76.0 hence it will not be included on 21.05/2.5.2. New libcurl versions are included in t... Marcos M
09:47 AM Feature #11978: New Dynamic DNS Provider: Strato: PR: https://github.com/pfsense/pfsense/pull/4525
Dennis Neuhaeuser
09:41 AM Feature #11978 (Closed): New Dynamic DNS Provider: Strato: add the german "strato.de" to the dyndns providers Dennis Neuhaeuser
03:45 AM pfSense Packages Bug #11977 (Duplicate): Any mail from the pfsense appliance has "Arpwatch Notification" in the subject line, no matter which package the mail comes from: Most mail from the pfsense appliance has "Arpwatch Notification" in the subject line, even when it is from a complete... Lightning Bit

05/29/2021

10:42 PM Revision 79b9e082: Add some leeway to DynDNS cache expiration time check: This leeway is needed to ensure that the cache is invalidated after N days and
not N+1 days. The latter could happen,... Jaakko Kantojärvi
09:18 PM Revision 22949106: Merge identical code of DynDNS providers: Jaakko Kantojärvi
09:13 PM Revision f56efb0d: Sort DynDNS providers inside switch statements: Not all of the code is sorted in this commit, but comments
were added to the code to instruct future contributors to
... Jaakko Kantojärvi
09:13 PM Revision f6f1d1c6: Remove whitespace at end of line: Jaakko Kantojärvi
06:17 PM pfSense Packages Bug #11822 (Resolved): Upgrade ClamAV to 0.103.2: Verified that the version is upgraded in 21.05/2.5.2. Version in repos confirmed as 0.103.2_1. Kris Phillips
06:09 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: Tested on the 21.05 RC from May 26th on the SG-3100. This issue is still present. Kris Phillips
04:47 PM Todo #11976 (Resolved): Compliance with pfSense style guide in Dynamic DNS service code: Files for the dynamic DNS include white space in the end of lines.
Additionally, many switch statements list provi... Jaakko Kantojärvi
04:09 PM Feature #11975 (Duplicate): Simplify NAT logging to conforme more easily with local/regional laws: The French law requires from ISPs to log "who used this IP address at this timestamp?" informations for a year.
Fo... Anonymous
03:58 PM Feature #11974 (New): XMLRPC synchronization for igmmproxy settings: Configuration synchronization (XMLRPC) does not replicate the configuration of IGMP Proxy.
Related to #11957. Anonymous
01:06 PM Feature #11968 (Resolved): VLAN list sorting: Tested in
2.6.0-DEVELOPMENT (amd64)
built on Fri May 28 01:04:03 EDT 2021
FreeBSD 12.2-STABLE
It works as expe... Max Leighton
10:47 AM Bug #11973 (Not a Bug): High Latency every 10 second on TCP OVPN: Hello,
We have an PFSensePLUS on AWS with 2 OVPN server: 1 TCP and 1 UDP. After the update to 21.02.2 we noticed tha... Davide Accetturi
08:54 AM pfSense Packages Feature #11972 (Resolved): Arpwatch - Add support for Telegram notifications: Arpwatch does not have an option to send notifications to a Telegram backend, even when the Telegram configuration is... Sergio Fernández

05/28/2021

10:12 PM Feature #11968: VLAN list sorting: the "VLANS" headers are clickable .
2.6.0.a.20210528.0100 Alhusein Zawi
11:11 AM Feature #11968: VLAN list sorting: On RELENG_2_5_2 when branched Jim Pingle
07:51 PM Revision b5c9be99: Cisco-AVPair ACL rule: port range operator change: Previous operator ( `><` ) prevented inserting port range with min/max port.
Ex.
`ip:inacl#1=permit tcp host {clienti... fl0l0u
05:06 PM Revision 23f7fa0b: Add 2.5.2-BETA repo: (cherry picked from commit 8997bf4703ab41fe7d36c098c1e0d29d69e26194) Renato Botelho
05:03 PM Revision 34ca228a: Add 2.5.2-BETA repo: (cherry picked from commit 8997bf4703ab41fe7d36c098c1e0d29d69e26194) Renato Botelho
05:03 PM Revision 8997bf47: Add 2.5.2-BETA repo: Renato Botelho
03:51 PM Bug #11453: ``wpa_supplicant`` uses 100% of a CPU core at boot: This is in 2.6 snapshots and now 2.5.2. Also in 21.09 snapshots if testing on arm. Steve Wheeler
01:58 PM Regression #11723 (Closed): Virtual IP addresses are only added to interfaces after reboot: Works correctly now. Jim Pingle
01:56 PM Bug #11867 (Closed): Unquoted variable in ``dot.tcshrc`` can cause proxy password to be printed: Works correctly now. Jim Pingle
01:52 PM Bug #11765 (Closed): Invalid HTML encoding in modal Notices window: Since the bug causing the original notice was random and hard to reproduce, and also has been fixed, it's not viable ... Jim Pingle
01:42 PM Feature #11293 (Closed): New Dynamic DNS Provider: one.com: Closing for lack of feedback. No way for us to test this here. Jim Pingle
01:42 PM Feature #11294 (Closed): New Dynamic DNS Provider: Yandex PDD: Closing for lack of feedback. No way for us to test this here. Jim Pingle
01:42 PM Feature #11358 (Closed): New Dynamic DNS Provider: NIC.RU: Closing for lack of feedback. No way for us to test this here. Jim Pingle
01:42 PM Feature #11420 (Closed): New Dynamic DNS Provider: Gandi LiveDNS IPv6: Closing for lack of feedback. No way for us to test this here. Jim Pingle
01:42 PM Bug #11667 (Closed): Automatic 25-day forced Dynamic DNS update removes wildcard domain: Closing for lack of feedback. Jim Pingle
01:41 PM Bug #11815 (Closed): NoIP.com Dynamic DNS update failure is not detected properly: Closing for lack of feedback. No way for us to test this here. Jim Pingle
01:40 PM Bug #11754 (Closed): Digital Ocean Dynamic DNS help text is incorrect: New text is in place. Jim Pingle
01:28 PM Bug #11767 (Closed): Sanitize OpenVPN Client Export certificate password in status output: Works. Password is sanitized in the output.... Jim Pingle
12:22 PM Bug #11748 (Resolved): Automated corruption recovery from cached ``config.xml`` backup files should check multiple backups: On a fresh VM I made a few changes, booted to single user mode and truncated the last few configs to 0 bytes, and the... Jim Pingle
11:37 AM Revision bb5f626f: devel repo should use PKG_REPO_SERVER_DEVEL: Renato Botelho
11:12 AM Bug #11290: Package ``<plugins>`` and ``<tabs>`` content missing from configuration in some cases: On RELENG_2_5_2 when branched Jim Pingle
07:15 AM pfSense Packages Bug #11964 (Pull Request Review): pfBlocker XMLRPC sync CARP interface advskew: Jim Pingle
07:12 AM Bug #11678: Certificate Manager does not report Unbound as using a certificate: Slipped by me, too. And spell check, since it's technically a valid word.
Thanks! Jim Pingle
01:07 AM Bug #11678: Certificate Manager does not report Unbound as using a certificate: Jim Pingle wrote:
> Updating subject for release notes.
BTW, all this time the subject has a typo: Manger -> Mana... Pete Holzmann
07:12 AM pfSense Plus Bug #11971 (Not a Bug): pfSense Plus 21.02.2 Crashes while reboot: Something is wrong with your filesystem or disk, not a bug. You should wipe and reload from a recovery installation i... Jim Pingle
06:31 AM pfSense Plus Bug #11971 (Not a Bug): pfSense Plus 21.02.2 Crashes while reboot: Our Netgate, updated from pfSense 2.4.5-RELEASE-p1 to pfSense Plus 21.02.2 had the issue that the Traffic Graphs on t... Aljoscha Kretschmann

05/27/2021

11:29 PM pfSense Packages Bug #11892: WireGuard: dpinger does not start correctly on a WireGuard gateway at boot: [2.6.0-DEVELOPMENT][admin@pfSense.home.arpa]/root: ifconfig tun_wg0
tun_wg0: flags=80c1<UP,RUNNING,NOARP,MULTICAST... Alhusein Zawi
07:10 PM Revision 3845c6eb: Fix PKG_REPO_BRANCH_DEVEL s/devel/master/: Renato Botelho
07:02 PM Revision cac3f71a: Welcome pfSense CE 2.5.2-BETA: Renato Botelho
05:37 PM Revision ef4f9a8b: Observe 'after' value when creating a new rule: Steve Beaver
05:28 PM pfSense Packages Bug #11964: pfBlocker XMLRPC sync CARP interface advskew: from https://forum.netgate.com/topic/163709/dns-resolver-not-listening-on-lan-carp-vip-after-update-to-2-5-1/7:
> I ... Viktor Gurov
04:20 PM Revision 7dbe76cd: Init pkg plugin array before use. Fixes #11290: Jim Pingle
03:05 PM Revision cf8a0761: Make VLAN table sortable. Implements #11968: Jim Pingle
01:16 PM Revision 49674e1f: Move globals to include file: Steve Beaver
01:13 PM Revision 2ca19797: Move globals to include file: Steve Beaver
01:05 PM pfSense Packages Bug #11970 (Confirmed): Netgate Firmware Upgrade Doesn't Work on XG-2758 (ADI/coreboot): Any version of pfSense after 2.4.4p3 breaks the flashing functionality for coreboot in the Netgate Firmware Upgrade p... Kris Phillips
01:00 PM Revision a5d3732b: Validate input depends on flag: Steve Beaver
12:35 PM Bug #11290: Package ``<plugins>`` and ``<tabs>`` content missing from configuration in some cases: Jim Pingle wrote:
> Applied in changeset commit:7dbe76cd5756082cbd67db1b93acb606ad84996e.
Can confirm this fixes ... Jeremy Utley
11:30 AM Bug #11290 (Feedback): Package ``<plugins>`` and ``<tabs>`` content missing from configuration in some cases: Applied in changeset commit:7dbe76cd5756082cbd67db1b93acb606ad84996e. Jim Pingle
11:28 AM Bug #11290: Package ``<plugins>`` and ``<tabs>`` content missing from configuration in some cases: Jim Pingle wrote:
> This is actually a problem in the base system not specific to a package. I have a fix, will comm... Jeremy Utley
11:19 AM Bug #11290 (In Progress): Package ``<plugins>`` and ``<tabs>`` content missing from configuration in some cases: This is actually a problem in the base system not specific to a package. I have a fix, will commit shortly. Jim Pingle
10:15 AM Bug #11290: Package ``<plugins>`` and ``<tabs>`` content missing from configuration in some cases: Marcos Mendoza wrote:
> Do those have the @<type>plugin_carp</type>@ line in the /conf/config.xml file? If not, does... Jeremy Utley
10:44 AM Bug #11969 (Pull Request Review): PHP error if no DHCPv6 Relay interfaces are selected: Jim Pingle
10:23 AM Bug #11969: PHP error if no DHCPv6 Relay interfaces are selected: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/270 Viktor Gurov
10:19 AM Bug #11969 (Resolved): PHP error if no DHCPv6 Relay interfaces are selected: How to reproduce:
Unselect all interfaces on the services_dhcpv6_relay.php and uncheck "Enable"
Result:... Viktor Gurov
10:15 AM Feature #11968 (Feedback): VLAN list sorting: Applied in changeset commit:cf8a0761c5c2ae80b62743d6d476e0fae6f2495e. Jim Pingle
10:05 AM Feature #11968 (Resolved): VLAN list sorting: Add sorting for the table of VLAN tags, so the headers are clickable to sort by each column.
See also: #8558
Jim Pingle
09:17 AM Bug #11793: OpenVPN client starts when CARP VIP is in BACKUP status when bound to Virtual IP aliased to CARP VIP: Fixing up subject Jim Pingle
08:54 AM Bug #11967 (Pull Request Review): Mobile IPsec advanced RADIUS parameters do not allow numeric values with a decimal point: Jim Pingle
08:41 AM Bug #11967: Mobile IPsec advanced RADIUS parameters do not allow numeric values with a decimal point: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/269 Viktor Gurov
08:40 AM Bug #11967 (Closed): Mobile IPsec advanced RADIUS parameters do not allow numeric values with a decimal point: "RADIUS Advanced parameters" doesn't allow to enter numeric with a decimal point in the "Retransmit Base" and "Retran... Viktor Gurov
08:52 AM pfSense Packages Bug #11965 (Pull Request Review): Avahi service started twice by /etc/rc.start_package: Jim Pingle
03:41 AM pfSense Packages Bug #11965: Avahi service started twice by /etc/rc.start_package: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/91 Viktor Gurov
08:51 AM Bug #11966 (Pull Request Review): Incorrect RADVD log message on HA event: Jim Pingle
03:00 AM Bug #11966: Incorrect RADVD log message on HA event: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/268 Viktor Gurov
01:24 AM Bug #11966 (Resolved): Incorrect RADVD log message on HA event: After transition to the CARP BACKUP state, an incorrect message appears in the log:
"Stopping radvd instance on LAN ... Viktor Gurov
08:50 AM Feature #11957 (Pull Request Review): XMLRPC synchronization for DHCP relay settings: Jim Pingle
02:57 AM Feature #11957: XMLRPC synchronization for DHCP relay settings: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/267 Viktor Gurov
08:08 AM Todo #11943 (Pull Request Review): Add FRR package documentation links: Jim Pingle
08:04 AM Feature #11211: GUI option to set RADIUS Timeout for EAP-RADIUS: Open a fresh issue for that input validation concern, we can work on that for the next release separate from this. Jim Pingle
07:41 AM Feature #11211: GUI option to set RADIUS Timeout for EAP-RADIUS: works as expected on 21.05.r.20210526.1807 -
I can see advanced parameter in the `/var/etc/ipsec/strongswan.conf`:
... Viktor Gurov
07:48 AM Regression #11952 (Closed): Traffic matching rules with limiters is not handled by DUMMYNET: Confirmed working here as well on latest 21.05 build. I see traffic in limiter info now, and my bufferbloat score is ... Jim Pingle
12:31 AM Feature #11103 (Resolved): Use virtual link local IP address as RA source address for HA environments: works as expected on 21.05.r.20210526.1807
`AdvRASrcAddress` in `/var/etc/radvd.conf`:... Viktor Gurov

05/26/2021

03:12 PM pfSense Docs Todo #11716 (Feedback): Feedback on Network Address Translation — Port Forwards: The redirect target content on the page already covered that, actually. The PR would have added it to the destination... Jim Pingle
09:48 AM pfSense Docs Todo #11716: Feedback on Network Address Translation — Port Forwards: I have something more in-depth in mind for this than is covered by that PR. It's already on my to-do list. Jim Pingle
04:22 AM pfSense Docs Todo #11716: Feedback on Network Address Translation — Port Forwards: https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/15 Viktor Gurov
03:12 PM Regression #11952: Traffic matching rules with limiters is not handled by DUMMYNET: Issue appears resolved on 21.09.a.20210526.0100 Adam Goldberg
02:47 PM Bug #11290: Package ``<plugins>`` and ``<tabs>`` content missing from configuration in some cases: Do those have the @<type>plugin_carp</type>@ line in the /conf/config.xml file? If not, does adding it change the res... Marcos M
01:18 PM Bug #11290: Package ``<plugins>`` and ``<tabs>`` content missing from configuration in some cases: I had been wondering if this problem only popped up on systems that were upgraded from 2.4.x to 2.5.x, and maybe it w... Jeremy Utley
11:30 AM pfSense Docs Todo #11962 (Feedback): Feedback on Firewall — Aliases: Ended up rewriting most of the page:
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/b61cd856772e836b8282f8d... Jim Pingle
09:51 AM pfSense Docs Todo #11962: Feedback on Firewall — Aliases: I have some other ideas for how to mention it without it getting confused with the note mentioned there. I'll take ca... Jim Pingle
03:30 AM pfSense Docs Todo #11962: Feedback on Firewall — Aliases: https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/14 Viktor Gurov
01:24 AM pfSense Docs Todo #11962 (Resolved): Feedback on Firewall — Aliases: *Page:* https://docs.netgate.com/pfsense/en/latest/firewall/aliases.html
*Feedback:*
Note that wildcard hostnam... Viktor Gurov
10:57 AM pfSense Packages Bug #11965 (Resolved): Avahi service started twice by /etc/rc.start_package: Similar to Bug #11887. Avahi tries to start twice on boot.
May 26 11:56:16 avahi-daemon 35721 Failed to create PID... Steve Harrington
09:26 AM Feature #11957: XMLRPC synchronization for DHCP relay settings: I would not condone running both at once for a variety of reasons. It may appear to function acceptably in your speci... Jim Pingle
09:02 AM Feature #11957: XMLRPC synchronization for DHCP relay settings: Viktor Gurov wrote:
> It's not possible to bind DHCP Relay daemon to CARP interface.
> without this, how to determi... Anonymous
01:34 AM Feature #11957: XMLRPC synchronization for DHCP relay settings: It's not possible to bind DHCP Relay daemon to CARP interface.
without this, how to determine which DHCP Relay node ... Viktor Gurov
07:40 AM pfSense Packages Bug #11964 (Resolved): pfBlocker XMLRPC sync CARP interface advskew: https://forum.netgate.com/topic/163709/dns-resolver-not-listening-on-lan-carp-vip-after-update-to-2-5-1/8:... Viktor Gurov
04:13 AM pfSense Packages Feature #11963 (New): Dynamically change OSPF interface costs on selected interfaces on CARP event: In order to improve uptime in HA environments, use a mechanism to dynamically change OSPF interface costs on selected... Viktor Gurov
01:17 AM pfSense Packages Bug #11961 (Resolved): FRR OSPF add unwanted area 0 authentication to router ospf: I have a configuration where one interface has a simple authentication
The area 0 does not have an authentication,... Damiano Bolla

05/25/2021

05:14 PM Revision 360ed166: Toggle-rule rename var for consistency: Steve Beaver
05:13 PM Revision b86f6fe9: Toggle-rule returns new ruke status: Steve Beaver
01:40 PM Regression #11775: State counters not updating and always show 0/0 since last few updates: The 21.09 pkg repositories are accessible as far as I can see. If there is a problem updating, it might be branch spe... Jim Pingle
01:27 PM Regression #11775: State counters not updating and always show 0/0 since last few updates: Jim Pingle wrote:
> If you update to a current build, it includes the fix now. There isn't a reliable way to update ... Craig Weber
12:43 PM Regression #11775: State counters not updating and always show 0/0 since last few updates: If you update to a current build, it includes the fix now. There isn't a reliable way to update just the module that ... Jim Pingle
12:36 PM Regression #11775: State counters not updating and always show 0/0 since last few updates: Jim Pingle wrote:
> It cannot be fixed with a patch in the GUI package, it was a problem in the pfSense module.
>
... Craig Weber
11:19 AM Regression #11775: State counters not updating and always show 0/0 since last few updates: It cannot be fixed with a patch in the GUI package, it was a problem in the pfSense module.
https://github.com/pfs... Jim Pingle
10:57 AM Regression #11775: State counters not updating and always show 0/0 since last few updates: Jim Pingle wrote:
> Excluding from release notes since it was a problem introduced by changes after the last release... Craig Weber
10:54 AM Regression #11775: State counters not updating and always show 0/0 since last few updates: Excluding from release notes since it was a problem introduced by changes after the last release. Jim Pingle
01:06 PM Revision 95b6415a: ipsec: Simplify logic: Renato Botelho
01:06 PM Revision 5f530364: ipsec: Use correct variable name: Renato Botelho
01:06 PM Revision 3d738e68: ipsec: Remove unneeded references on parameters: Renato Botelho
01:06 PM Revision 6ce3ef38: ipsec: Normalize ipsec_lookup_phase1(): - $ph2ent doesn't need to be a pointer
- Return true when $ph1ent is found since $ph1ent is a pointer and is
filled... Renato Botelho
12:15 PM Bug #11290 (New): Package ``<plugins>`` and ``<tabs>`` content missing from configuration in some cases: For some reason my primary node doesn't have a `plugin_carp` config.xml entry for FRR,
secondary is OK:... Viktor Gurov
11:16 AM Bug #11960 (Feedback): Gateway Monitoring Traffic Goes Out Default Gateway: This sounds similar to #11296 or another routing issue that was fixed already -- please re-test on a development snap... Jim Pingle
11:11 AM Bug #11960 (Resolved): Gateway Monitoring Traffic Goes Out Default Gateway: I'm using pfSense Plus 21.02.2 with a SG-3100 and XG-7100 1U. On both systems, I have dual WAN connections with gatew... James Blanton
10:55 AM Regression #11857: Match rules cause pf error parsing rules: Excluding from release notes since it was a problem introduced by changes after the last release. Jim Pingle
10:54 AM Regression #11839: Panic on 21.05/2.6.0 snapshots when memory usage is high: Excluding from release notes since it was a problem introduced by changes after the last release. Jim Pingle
10:52 AM Regression #11945: Incorrect VTI interface creation: Excluding from release notes since it was a regression in code added after the last release. Jim Pingle
09:58 AM Regression #11952: Traffic matching rules with limiters is not handled by DUMMYNET: Relevant commits:
https://github.com/pfsense/FreeBSD-src/commit/b9ec0795d21f2e93d59e6ee5e7d4fa7e1ae0cb1c
https://... Jim Pingle
09:57 AM Regression #11952 (Feedback): Traffic matching rules with limiters is not handled by DUMMYNET: PR with a fix was merged into src branches, will be in builds soon.
Updated the subject to better reflect what the... Jim Pingle
09:14 AM Bug #11959 (Pull Request Review): PPP interfaces lose the description field in ``ifconfig`` output when restarted: Jim Pingle
07:37 AM Bug #11959: PPP interfaces lose the description field in ``ifconfig`` output when restarted: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/266 Viktor Gurov
07:27 AM Bug #11959 (Resolved): PPP interfaces lose the description field in ``ifconfig`` output when restarted: The interface description field (#1557) is lost after running the `pppoe_restart` script:
before:... Viktor Gurov
08:58 AM Bug #11946 (Pull Request Review): Custom value for AutoConfigBackup schedule Hours is not shown when loading the settings page: Jim Pingle
12:50 AM Bug #11946: Custom value for AutoConfigBackup schedule Hours is not shown when loading the settings page: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/265 Viktor Gurov
08:34 AM Feature #11957: XMLRPC synchronization for DHCP relay settings: Each issue should be limited in scope to one specific request. I've changed this to refer only to DHCP Relay. Feel fr... Jim Pingle
03:59 AM Feature #11957: XMLRPC synchronization for DHCP relay settings: see also #2593 Viktor Gurov
07:21 AM Bug #11629: PPPoE WAN IP address different than expected when set static by ISP: Jim Pingle wrote:
> Perhaps this is another variation of #11545 and not a unique issue
This could be an another i... Viktor Gurov
04:10 AM Bug #11958: Multi-wan Azure Dyndns updates not working when primary WAN is unplugged: Neel Patel wrote:
> I have already raised this issue on the Netgate forum - https://forum.netgate.com/topic/163937/m... Viktor Gurov
04:02 AM Bug #8096 (Duplicate): Special characters not propagated by the config sync engine: fixed in #1478 Viktor Gurov
12:36 AM Feature #11954: Multicast limits: see MAXVIFS issue #10909
and https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=251047
Viktor Gurov

05/24/2021

08:59 PM Bug #11734: NAT rule overlap detection is inconsistent: Adding more details here; currently:
It's possible for rules with overlapping ports to be saved when the destinati... Marcos M
07:45 PM Bug #11958 (Duplicate): Multi-wan Azure Dyndns updates not working when primary WAN is unplugged: I have already raised this issue on the Netgate forum - https://forum.netgate.com/topic/163937/multi-wan-azure-dyndns... Neel Patel
05:06 PM Feature #11957 (Resolved): XMLRPC synchronization for DHCP relay settings: Configuration synchronization (XMLRPC) does not replicate the configuration of DHCP relay. Why?
In the same kind b... Anonymous
05:03 PM Feature #11956 (New): "add" button in the top of pages with many user-added items: In Interfaces > Assignments | VLANs, Firewall > Aliases | NAT | Rules | Virtual IPs, it's possible to add the "Add" b... Anonymous
05:01 PM Bug #11955 (Rejected): Cannot disable startup beep without configuring e-mail notifications: On fresh install, in System > Advanced > Notifications (/system_advanced_notifications.php), I only check "Disable th... Anonymous
04:57 PM Feature #11954 (New): Multicast limits: On my two XG-1541, I have configured 1 LAGG, 67 VLANs on this LAGG, 67 networks interfaces and I want to use inter-VL... Anonymous
04:55 PM Bug #11953 (Ready To Test): XG-1541 crashes when igmpproxy is enabled and network interfaces status change: On my two XG-1541, I have configured 1 LAGG, 67 VLANs on this LAGG, 67 networks interfaces and I have enabled igmppro... Anonymous
11:21 AM Regression #11952: Traffic matching rules with limiters is not handled by DUMMYNET: Thanks for the fast response, Jim. I believe this to be a different problem. The rules are indeed being matched as th... Adam Goldberg
11:16 AM Regression #11952: Traffic matching rules with limiters is not handled by DUMMYNET: It's unlikely the negate rules would be hit unless nothing else matched (note that they lack @quick@)
Another way ... Jim Pingle
10:45 AM Regression #11952: Traffic matching rules with limiters is not handled by DUMMYNET: Could it be possible that the auto-added NETGATE rules, which have higher precedence, are overriding the USER limiter... Adam Goldberg
10:25 AM Regression #11952 (Closed): Traffic matching rules with limiters is not handled by DUMMYNET: Traffic limiters have no effect when applied in 21.05 or 21.09 in a multi-wan environment.
3 ISPs - each 1Gbit up ... Adam Goldberg
11:14 AM Regression #11570 (Feedback): Gateway monitoring services is not always restarted on interface events, which may prevent a WAN from recovering back to an online state: Jim Pingle
10:59 AM Regression #11570: Gateway monitoring services is not always restarted on interface events, which may prevent a WAN from recovering back to an online state: It would seem this is fixed on 2.5.1/2.6 according to the comment on #11805
>Hi, just want to report its working fin... Marcos M
10:02 AM Regression #11545: Primary interface address is not always used when VIPs are present: This only seems to affect VPN tunnels where I assume the interface IP is read directly from the interface causing the... Steve Wheeler
10:00 AM Bug #11893: IPsec Dashboard widget only displays first P2 subnet when using a single traffic selector: This issue still appears for me on 21.09.a.20210524.0100. Let me know what other specific information I can provide, ... Adam Goldberg
09:02 AM Regression #11805: Port forward rules only function through the default gateway interface, ``reply-to`` does not work for Multi-WAN (CE Only): Tom Davis wrote:
> Hi, just want to report its working fine now for me using the latest dev CE version 2.6.0.a.20210... Vikash Jhagroe
08:55 AM Regression #11805: Port forward rules only function through the default gateway interface, ``reply-to`` does not work for Multi-WAN (CE Only): Hi, just want to report its working fine now for me using the latest dev CE version 2.6.0.a.20210524.0100
More detai... Tom Davis
07:40 AM pfSense Packages Bug #11886 (Feedback): WireGuard: PHP error in vpn_wg_peers_edit.php: Jim Pingle
07:40 AM pfSense Packages Bug #11892 (Feedback): WireGuard: dpinger does not start correctly on a WireGuard gateway at boot: Jim Pingle
07:40 AM Bug #11949 (Not a Bug): LAGG/LACP with GIF 6to4 tunnel is broken: Not enough evidence here to conclude that it's a bug in FreeBSD or pfSense. You could test it further by not enabling... Jim Pingle
07:35 AM pfSense Packages Feature #11948 (Pull Request Review): ACME: Support specifying non-default port for nsupdate DNS validation method: Jim Pingle
07:34 AM pfSense Packages Feature #11186 (Closed): Allow lo0/Loopback as a valid interface in OSPF/OSPF6: Jim Pingle
07:18 AM pfSense Packages Bug #11950: Wireguard Package Errors and DNS problem: Christian McDonald wrote:
> I'm not able to replicate the DNS issue, but I might not be completely understanding you... RED SKULL
07:14 AM pfSense Packages Bug #11950: Wireguard Package Errors and DNS problem: I'm not able to replicate the DNS issue, but I might not be completely understanding your configuration.
Can you t... Christian McDonald
02:48 AM Bug #11951 (Closed): IPsec status fails when many tunnels are connected: How to reproduce:
1. Set wan address 172.16.1.2/24.
2. Create IPSEC IKEv1 P1 with remote 172.16.1.3 and 11 P2 tun... Maxim A

05/23/2021

05:07 PM Bug #10800: Multi WAN Load Balancing does not work on 2.5.0.a.20200729.0650: I am also experiencing the same issue. Failover works, but load balancing does not work -- all packets go through the... Layla Mah
12:05 PM pfSense Packages Bug #11950: Wireguard Package Errors and DNS problem: I actually caught the flock and fclose bugs last night and have them resolved. I will be submitting a PR tonight or t... Christian McDonald
08:22 AM pfSense Packages Bug #11950 (Resolved): Wireguard Package Errors and DNS problem: Updated from Wireguard Package version 0.0.8 to 0.1.1 and receive the following error after every reboot:
@
Crash r... RED SKULL
08:19 AM pfSense Packages Bug #11886: WireGuard: PHP error in vpn_wg_peers_edit.php: Fixed in https://github.com/pfsense/FreeBSD-ports/pull/1064 Christian McDonald
08:18 AM pfSense Packages Bug #11892: WireGuard: dpinger does not start correctly on a WireGuard gateway at boot: Fixed in https://github.com/pfsense/FreeBSD-ports/pull/1064 Christian McDonald
12:27 AM Bug #11949 (Not a Bug): LAGG/LACP with GIF 6to4 tunnel is broken: I'm running 21.02.2-RELEASE on a Netgate SG-8860.
I have a working he.net TunnelBroker tunnel which works fine wit... Scott Johnson

05/22/2021

08:57 PM Bug #11923 (Resolved): Input validation not working for 1:1 NAT entries using an alias as a destination: I was able to add and modify 1:1 NAT with a destination alias without errors.
Fixed
2.6.0.a.20210522.0100 Alhusein Zawi
02:00 PM Bug #11769 (Resolved): Sanitize Captive Portal RADIUS MAC secret in status output: Tested in
2.6.0-DEVELOPMENT (amd64)
built on Sat May 22 01:04:36 EDT 2021
FreeBSD 12.2-STABLE
radmac_secret ... Max Leighton
01:23 PM Regression #11545: Primary interface address is not always used when VIPs are present: Ran into this again today on a pfSense Plus 21.02.2 upgrade. Had to do the following to fix it:
1. Save the VIP b... Kris Phillips
11:04 AM pfSense Packages Bug #11525: pfsense 2.5.0 release version for vlan issue to suricata: # Does this happen only on VLAN interfaces; have you tried non-vlan interfaces?
# Are you using vmxnet3 or something... Marcos M

05/21/2021

09:56 PM pfSense Packages Feature #11948 (Closed): ACME: Support specifying non-default port for nsupdate DNS validation method: Hi,
I've just submitted a new PR (https://github.com/pfsense/FreeBSD-ports/pull/1067) adding support for non-defau... Pablo Ruiz
09:43 PM pfSense Packages Feature #11186: Allow lo0/Loopback as a valid interface in OSPF/OSPF6: lo0/Loopback is added as interface in OSPF Alhusein Zawi
05:30 AM pfSense Packages Feature #11186 (Feedback): Allow lo0/Loopback as a valid interface in OSPF/OSPF6: Merged four month ago Viktor Gurov
08:00 PM Bug #11939 (Resolved): Editing widgets on Dashboard causes a PHP Warning: Tested on
2.6.0-DEVELOPMENT (amd64)
built on Fri May 21 01:05:01 EDT 2021
FreeBSD 12.2-STABLE
Editing widget... Max Leighton
12:20 PM Bug #11939 (Feedback): Editing widgets on Dashboard causes a PHP Warning: This was picked back yesterday. Jim Pingle
07:15 PM Bug #11946: Custom value for AutoConfigBackup schedule Hours is not shown when loading the settings page: Jim Pingle wrote:
> When ACB is set to use a schedule on @services_acb_settings.php@, a the hour value from config.x... Michael Spears
01:18 PM Bug #11946 (Closed): Custom value for AutoConfigBackup schedule Hours is not shown when loading the settings page: When ACB is set to use a schedule on @services_acb_settings.php@, a the hour value from config.xml is not populated o... Jim Pingle
05:55 PM Revision 6693812a: Add missing vars to applyVIP(). Fixes #11723: Jim Pingle
04:39 PM Revision 6df902ac: IPsec ipsec_create_vtimap() fix. Issue #11945: Viktor Gurov
03:12 PM Bug #6880: Multiple DHCP6 WAN connections leads to multiple dhcp6c clients: I am using this dirty fix (plus a manually generated config file specified for both interfaces in the Webinterfaces),... Flole Systems
01:25 PM Bug #9887 (New): Rule separator positions change when deleting multiple rules: Still broken but not a blocker so moving forward. The scenario in my first test "sep-test1" is OK. The second scenari... Jim Pingle
01:21 PM Feature #10811 (Closed): Randomize time of scheduled AutoConfigBackup runs: This looks OK to me. The minute value in the GUI is random when the page loads when unset, but static once saved.
... Jim Pingle
01:19 PM Regression #11723: Virtual IP addresses are only added to interfaces after reboot: Picked back to 21.05 as well. Jim Pingle
01:05 PM Regression #11723 (Feedback): Virtual IP addresses are only added to interfaces after reboot: Applied in changeset commit:6693812aff9ca84a8d05ac327adb726450c0b18f. Jim Pingle
12:54 PM Regression #11723 (New): Virtual IP addresses are only added to interfaces after reboot: This is still broken, but has a quick/easy fix. Jim Pingle
01:11 PM Feature #7092 (Closed): Kernel modules for alternate congestion control algorithms: Modules are all there on current builds (CE and Plus):... Jim Pingle
01:08 PM Todo #11518 (Closed): Move custom IPsec NAT-T port settings to Advanced Options: Looks good on current build Jim Pingle
12:58 PM Todo #11518: Move custom IPsec NAT-T port settings to Advanced Options: Tested on 21.5.
Looks good. Danilo Zrenjanin
01:06 PM Regression #11510 (Closed): ARP Table populates hostname values using expired DHCP lease data: This looks good on current builds on the system where I could reproduce it before. Jim Pingle
01:00 PM Bug #11688 (Closed): Disabling all interfaces associated with a floating rule causes the firewall to generate an incorrect pf rule: This is working as expected on current builds. Jim Pingle
12:45 PM Regression #11787 (Closed): Thermal sensors widget no longer shows values from certain hardware: This is good now. The other devices are being included. I don't have a Chelsio card to check but given that the other... Jim Pingle
12:44 PM Bug #11801 (Closed): PHP error in ``upgrade_212_to_213()`` when upgrading certain IPsec tunnels: Should be fine now, if anyone else has a problem, can reopen. Jim Pingle
12:41 PM Regression #11819 (Closed): MAC address OEM information missing from ARP table: Info is present on current snaps Jim Pingle
12:40 PM Todo #11844 (Closed): Update OpenVPN to 2.5.2: In current builds and working. Jim Pingle
12:37 PM Bug #11859 (Closed): PHP error on certificate list due to unreadable private key: No errors with a corrupt key on current snapshot. Jim Pingle
12:29 PM Bug #11861 (Closed): Error loading rules in certain cases where an interface is temporarily without an address: This has not recurred for me since the fix went in. Calling it solved. Jim Pingle
12:28 PM Todo #11914 (Resolved): Allow reroot on ZFS from console and GUI reboot menu entries: In and wokring Jim Pingle
12:21 PM Todo #11684: Set ``explicit-exit-notify`` option by default for new OpenVPN server instances: Moving ahead. Jim Pingle
12:20 PM Bug #11922: Certificate manager reports CA as in use by an LDAP server when LDAP is not configured for TLS: Moving ahead. Jim Pingle
12:12 PM Regression #11945 (Feedback): Incorrect VTI interface creation: PR has been merged. Thanks! Renato Botelho
11:40 AM Regression #11945: Incorrect VTI interface creation: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/263 Viktor Gurov
11:39 AM Regression #11945 (Closed): Incorrect VTI interface creation: How to reproduce:
1) Clean install
2) Create IPsec with VTI Phase 2
3) Check config.xml - you'll see:... Viktor Gurov
11:56 AM pfSense Packages Bug #11680 (Resolved): Saving HAProxy FrontEnd description with umlauts causes configuration restore: Tested on the latest development release.
haproxy-devel 0.62_3
All characters can be used in the description ... Danilo Zrenjanin
08:04 AM pfSense Packages Feature #10739 (Pull Request Review): Update HAproxy-devel package to 2.2 and HAproxy to 2.0: Jim Pingle
05:04 AM pfSense Packages Feature #10739: Update HAproxy-devel package to 2.2 and HAproxy to 2.0: http-after-response and http-request_replace-path actions support:
https://github.com/pfsense/FreeBSD-ports/pull/1070 Viktor Gurov
08:03 AM pfSense Packages Bug #11491 (Pull Request Review): haproxy-devel v0.62_2 - startup error 'httpchk': Jim Pingle
03:24 AM pfSense Packages Bug #11491: haproxy-devel v0.62_2 - startup error 'httpchk': fix:
https://github.com/pfsense/FreeBSD-ports/pull/1069 Viktor Gurov
08:01 AM Todo #11943: Add FRR package documentation links: Not a bug since they didn't exist before.
Probably need to start thinking of a way to have an xml tag and/or plugi... Jim Pingle
12:56 AM Todo #11943: Add FRR package documentation links: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/262 Viktor Gurov
07:58 AM pfSense Packages Feature #10779 (Pull Request Review): HAProxy SSL/TLS Compatibility Mode: Jim Pingle
12:21 AM pfSense Packages Feature #10779 (New): HAProxy SSL/TLS Compatibility Mode: DRago_Angel [InV@DER] wrote:
> [...]
> Hi, need update to use ssl-min-ver & ssl-max-ver as mentioned at https://red... Viktor Gurov
07:48 AM Regression #11775: State counters not updating and always show 0/0 since last few updates: Looks good here, too, on the following snapshots:
* Plus snapshot pfSense-21.05.r.20210520.1515
* CE snapshot 2.6... Jim Pingle
05:09 AM Regression #11775 (Resolved): State counters not updating and always show 0/0 since last few updates: Renato Botelho
02:55 AM Regression #11775: State counters not updating and always show 0/0 since last few updates: 2.6.0.a.20210520.0100 -> 2.6.0.a.20210521.0100
Fixed in all instances M Felden
02:52 AM Regression #11775: State counters not updating and always show 0/0 since last few updates: Kris Phillips wrote:
> Confirmed working in latest snapshot. Attached screenshot. This can be closed as resolved.
... Craig Weber
07:43 AM pfSense Plus Bug #11942 (Not a Bug): Disconnecting WAN Interface Kills OpenVPN Servers on Other Interfaces: Not enough information here to rule out a configuration problem. In certain cases the behavior you describe is expect... Jim Pingle
05:28 AM pfSense Packages Bug #11094 (Not a Bug): HAProxy Stick on SSL-Session-ID Doesn't Work: The Frontend type must be "ssl / https(TCP mode)" for this feature to work. Viktor Gurov
12:57 AM pfSense Docs Todo #11944 (Closed): Feedback on Packages — FRR Package — Bidirectional Forwarding Detection: *Page:* https://docs.netgate.com/pfsense/en/latest/packages/frr/bfd/index.html
*Feedback:*
There is no "BFD Sta... Viktor Gurov
12:23 AM Bug #9821: pfSense IPsec not reload configs on connectivity issues with DDNS: DRago_Angel [InV@DER] wrote:
> Jim Pingle wrote:
> > IPsec with DDNS works fine for many users (myself included) --... Viktor Gurov

05/20/2021

08:27 PM Regression #11775: State counters not updating and always show 0/0 since last few updates: Confirmed working in latest snapshot. Attached screenshot. This can be closed as resolved. Kris Phillips
12:57 PM Regression #11775 (Feedback): State counters not updating and always show 0/0 since last few updates: Fixed the PHP module. It was returning only the last rule of the list.
Fixed in php74-pfSense-module-0.70. Luiz Souza
10:29 AM Regression #11775: State counters not updating and always show 0/0 since last few updates: Also not fixed in May 20 build, confirming what Nick K has found. Kris Phillips
10:11 AM Regression #11775: State counters not updating and always show 0/0 since last few updates: I second the Kris response. I am updated to the latest on both my CE and Plus devices and seeing the same issues afte... Nick K
06:43 PM Todo #11943 (Resolved): Add FRR package documentation links: Clicking on Help icon "?" in FRR tabs does not go to FRR documents
https://docs.netgate.com/pfsense/en/latest/packa... Alhusein Zawi
03:55 PM pfSense Plus Bug #11942 (Not a Bug): Disconnecting WAN Interface Kills OpenVPN Servers on Other Interfaces: Netgate SG-2100
21.02.2-RELEASE (arm64)
I have a cable modem plugged into WAN getting a DHCP address from a provi... Web Dawg
03:22 PM Feature #11935 (Pull Request Review): Log external IP address of OpenVPN clients on connect and disconnect: Jim Pingle
02:51 AM Feature #11935: Log external IP address of OpenVPN clients on connect and disconnect: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/260 Viktor Gurov
03:04 PM Revision 2ac5f4ae: Fix PHP error when changing Sys Info Widget. Fixes #11939: Avoid attempting to use $crypto when it's empty/undefined. Jim Pingle
02:46 PM Regression #11857 (Closed): Match rules cause pf error parsing rules: Match rules are also working on 2.6.0.a.20210520.0100 -- closing. Jim Pingle
02:42 PM Regression #11938 (Pull Request Review): DNS Resolver does not add PTR record for OpenVPN clients: Jim Pingle
05:47 AM Regression #11938: DNS Resolver does not add PTR record for OpenVPN clients: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/261 Viktor Gurov
02:05 AM Regression #11938 (Resolved): DNS Resolver does not add PTR record for OpenVPN clients: After changes in #11129 openvpn.learn-address.sh uses the 'unbound-control local_data' command to add client A/AAAA D... Viktor Gurov
02:32 PM Regression #11910: IPsec status tunnel descriptions are incorrect: Renato said the fix for this will need to wait for the next release Jim Pingle
02:21 PM Regression #11550 (Feedback): Segmentation fault when loading ALTQ traffic shaping rules using FAIRQ: Kristof committed a potential fix for this, needs tested. If it's still an issue, set target ahead to 21.09. Jim Pingle
01:44 PM pfSense Packages Bug #11838: FRR ospf6d consumes all available memory+swap after an interface event: I reported this upstream to FRR: https://github.com/FRRouting/frr/issues/8711 Jim Pingle
01:43 PM Regression #11839 (Closed): Panic on 21.05/2.6.0 snapshots when memory usage is high: I've been aggressively attempting to crash the latest builds of 21.05 and 2.6.0 which include the fixes for this prob... Jim Pingle
06:26 AM Regression #11839: Panic on 21.05/2.6.0 snapshots when memory usage is high: I believe these crashes all share the same root cause, which is that we (in certain places) mis-use the rule/state co... Kristof Provost
12:59 PM Revision 8aa8f78e: 1:1 NAT IPsec/OpenVPN/L2TP/PPPoE and interface groups input validation extra 2.6 fix. Issue #11751: Viktor Gurov
12:54 PM Revision 04857433: NAT 1:1 destination alias validation. Fixes #11923: Viktor Gurov
12:38 PM Bug #11762 (Resolved): Invalid combinations of TCP flag matching options cause ``pfctl`` parser error: Tested on the latest release. It looks good.
Ticket resolved. Danilo Zrenjanin
11:29 AM pfSense Packages Bug #11937 (Pull Request Review): HAproxy "Use Client-IP" option breaks Captive Portal: Jim Pingle
11:21 AM pfSense Packages Bug #11937: HAproxy "Use Client-IP" option breaks Captive Portal: fix:
https://github.com/pfsense/FreeBSD-ports/pull/1066 Viktor Gurov
07:19 AM pfSense Packages Bug #11937: HAproxy "Use Client-IP" option breaks Captive Portal: That option is almost certainly incompatible with Captive Portal, but if there is a way to make it work, it would hav... Jim Pingle
10:13 AM Bug #11939 (Waiting on Merge): Editing widgets on Dashboard causes a PHP Warning: Tested on 2.6.0 and 21.05, was able to reproduce the error before but not with the fix applied. Fix is in master and ... Jim Pingle
10:10 AM Bug #11939 (Feedback): Editing widgets on Dashboard causes a PHP Warning: Applied in changeset commit:2ac5f4ae7424349dd977a806ebc84d56affc2f17. Jim Pingle
09:57 AM Bug #11939: Editing widgets on Dashboard causes a PHP Warning: It may still function but that is rather ugly. Jim Pingle
08:03 AM Bug #11939: Editing widgets on Dashboard causes a PHP Warning: Note that it does work 100 % even though it throws a warning. T Toft
08:01 AM Bug #11939 (Resolved): Editing widgets on Dashboard causes a PHP Warning: Editing widgets on the Dashbord page causes "PHP Warning: Invalid argument supplied" errors.
To reproduce:
- Go ... T Toft
08:41 AM Bug #11941 (Resolved): Many ``exec()`` functions do not use full path to executable files: Here's a list:... Viktor Gurov
08:05 AM Bug #11923 (Feedback): Input validation not working for 1:1 NAT entries using an alias as a destination: Applied in changeset commit:04857433ff068382f75340e140a60c5acbd1e69c. Viktor Gurov
08:04 AM Bug #11940 (Not a Bug): Fix return logic on sigkillbypid: PR : https://github.com/pfsense/pfsense/pull/4521 Christian McDonald

05/19/2021

10:12 PM Regression #11775: State counters not updating and always show 0/0 since last few updates: Was asked to test the latest release, as some counters were supposedly fixed in another part of the UI that may be re... Kris Phillips
07:52 PM Regression #11839: Panic on 21.05/2.6.0 snapshots when memory usage is high: Thanks. The majority of these are associated with the pf counter_u64 issue (anything with pf in the traceback).
Ho... Peter Grehan
10:04 AM Regression #11839: Panic on 21.05/2.6.0 snapshots when memory usage is high: Adding a few more I collected from a few misc installs during testing (some were deliberate crashes, others happened ... Jim Pingle
06:59 PM Revision d2eee7c8: Refactor firewall_nat_out for MVC: Steve Beaver
06:29 PM pfSense Packages Bug #11937 (Feedback): HAproxy "Use Client-IP" option breaks Captive Portal: Devices can access https sites without authenticating via Captive portal.
Enabling 'Use Client-IP to connect to back... David Quinn
02:59 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: As posted to https://forum.netgate.com/topic/163854/sg-3100-crash-on-upgrade-restore-when-using-url-tables-and-openvp... Arthur Wiebe
01:58 PM pfSense Packages Bug #11822 (Feedback): Upgrade ClamAV to 0.103.2: clam-av is on the required version in pfSense Plus 21.05. This is expected to be the same in 2.5.2.
On 21.05:
... Kris Phillips
10:44 AM Regression #11316 (Feedback): Unbound crashes with signal 11 when reloading: I've imported https://github.com/NLnetLabs/unbound/commit/ff6b527184b33ffe1e2b643db8a32fae8061fc5a into our devel bra... Renato Botelho
08:43 AM Feature #11935: Log external IP address of OpenVPN clients on connect and disconnect: The syslog entries are called on /etc/inc/openvpn.auth-user.php around lines 120 & 163 ("could not authenticate" & "a... Michael Novotny
07:51 AM Feature #11935: Log external IP address of OpenVPN clients on connect and disconnect: In theory it should be possible, but would need validation to ensure it works as desired.
The data should be avail... Jim Pingle
07:48 AM Feature #11935: Log external IP address of OpenVPN clients on connect and disconnect: Attached is what the syslog entry from graylog. Michael Novotny
07:43 AM Feature #11935 (Resolved): Log external IP address of OpenVPN clients on connect and disconnect: Would it be possible to add the IP address of the user when they are authenticated? This would assist with doing gra... Michael Novotny
08:12 AM pfSense Packages Bug #11936 (Incomplete): FRR does not connect BGP when using password: There isn't nearly enough information here to speculate about a cause. "It doesn't work" is not a complete bug report... Jim Pingle
08:09 AM pfSense Packages Bug #11936 (Incomplete): FRR does not connect BGP when using password: Unsecured BGP sessions work fine, however password protected BGP sessions which previously worked fine no longer work... Clint Guillot
07:58 AM Bug #11818 (Pull Request Review): Mixed use of aliases in a port range produces unloadable ruleset: Jim Pingle
04:59 AM Bug #11818: Mixed use of aliases in a port range produces unloadable ruleset: extra input validation:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/258 Viktor Gurov
07:43 AM Regression #11857: Match rules cause pf error parsing rules: match rules load OK on pfSense Plus snapshot 21.05.r.20210519.0300, there isn't a new CE snapshot yet that has the fi... Jim Pingle
05:44 AM Feature #9341: Support DNS Made Easy authentication without a username: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/259 Viktor Gurov
05:04 AM Feature #9262 (Duplicate): Strongswan DHCP plugin: duplicate of #8168 Viktor Gurov
04:05 AM pfSense Packages Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port: Combined with the duplicate-cn option, this problem is actually pretty bad. (At least I suspect we're having the sam... Harm V

05/18/2021

04:02 PM Regression #11839: Panic on 21.05/2.6.0 snapshots when memory usage is high: There are 3 signatures in the panics: I'd be interested in seeing more.
The KVM one is possibly fixed in FreeBSD-c... Peter Grehan
03:07 PM Regression #11839: Panic on 21.05/2.6.0 snapshots when memory usage is high: The attached configuration when loaded on a VM with 512MB of RAM can reproduce the panic reliably but with some varia... Jim Pingle
02:37 PM Bug #11934: IPSEC stops working on 2.5.1 running on Watchguard XTM 5: Apologies, it’s on the forum under IPSEC, someone else running same HW recorded same info, no other responses.
T... Paul Kennedy
02:29 PM Bug #11934: IPSEC stops working on 2.5.1 running on Watchguard XTM 5: We don't claim to officially support that hardware, so if it's hardware specific, there is nothing Netgate/pfSense ca... Jim Pingle
02:27 PM Bug #11934: IPSEC stops working on 2.5.1 running on Watchguard XTM 5: Sorry Jim, but thought that this was a bug - related to the 2.5.1 running on a specific hardware.....
Works fine o... Paul Kennedy
02:20 PM Bug #11934 (Not a Bug): IPSEC stops working on 2.5.1 running on Watchguard XTM 5: This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
02:15 PM Bug #11934 (Not a Bug): IPSEC stops working on 2.5.1 running on Watchguard XTM 5: I currently have 4 sites that were all running 2.4.5p1 pfSense with IPSEC connecting all together without any major i... Paul Kennedy
02:17 PM Revision 43f77699: Further simplify update check: Steve Beaver
02:13 PM Revision cbd12cad: Revise update check JSON format: Steve Beaver
01:39 PM pfSense Packages Bug #10937: HAProxy frontend and backend entry limit: Error still present on 21.02.2 using haproxy-devel.
Tested on 21.09.a.20210517.0100 and the issue persists, but ph... Marcos M
01:29 PM Bug #11897 (Closed): Language presented to user during upgrade is misleading: This looks good to me now.
Jim Pingle
01:21 PM Revision a343fe6c: Revert "IPsec Mobile EAP-RADIUS additional configuration fix. Issue #11447": This reverts commit b19bb32453fb69fe6ff4d340ff51f1a898bfc5b2. Jim Pingle
01:19 PM Revision 4dd71873: Back out recent changes in mobile IPsec: These changes led to the pool failing to load and thus clients could not
connect. Will revisit for future releases. A... Jim Pingle
12:47 PM Bug #11370 (Closed): firewall_aliases_edit.php is limited in the number of input entries it can save to an alias: This was originally tested with 2.4.5p1 and 2.5.0 iirc.
I can no longer reproduce this on 21.02.2, 21.05-RC, nor 2... Marcos M
12:30 PM Revision a33c0d88: Revert changes for issue #11091: Jim Pingle
12:10 PM Bug #9459: patch pf: silence a runtime warning pfr_update_stats: assertion failed.: I got same issue and i can confirm that after disabling nat reflection errors are gone.
Enabling it again, after s... Gerson Barreiros
11:01 AM Bug #4893 (Pull Request Review): Error loading rules when URL Table Ports content is empty: Jim Pingle
09:23 AM Bug #4893: Error loading rules when URL Table Ports content is empty: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/257 Viktor Gurov
10:48 AM Bug #11863 (Pull Request Review): Unable to create nested URL aliases: Jim Pingle
04:24 AM Bug #11863: Unable to create nested URL aliases: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/256
see also #1603 Viktor Gurov
10:47 AM Feature #10587 (Pull Request Review): UPnP/NAT-PMP STUN configuration options: Jim Pingle
02:41 AM Feature #10587: UPnP/NAT-PMP STUN configuration options: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/255 Viktor Gurov
10:15 AM Regression #11857 (Feedback): Match rules cause pf error parsing rules: Commit was merged, will test once it's in a build. Jim Pingle
06:47 AM Regression #11857: Match rules cause pf error parsing rules: Confirmed, and tracked down to a merge conflict. Fix pushed to the development branches, and merge request opened for... Kristof Provost
08:31 AM Bug #11891 (New): strongSwan configuration contains incorrect structure for mobile pool DNS records: Jim Pingle
08:24 AM Bug #11891: strongSwan configuration contains incorrect structure for mobile pool DNS records: Reverted RADIUS-specific parts of the change here for now, it was causing the configuration to fail. Can try again be... Jim Pingle
08:24 AM Regression #11447 (New): EAP-RADIUS Mobile IPsec clients with RADIUS-assigned addresses do not get additional configuration attributes: Reverted changes for now, they were causing the configuration to fail. Can try again before the next release. Jim Pingle
08:17 AM Bug #11091 (New): Interfaces set as disabled in the configuration have an UP status in the operating system at boot: Per discussion on the PR, all the changes have been reverted.
Can try alternate approaches for the next release. Jim Pingle
08:03 AM Regression #11550: Segmentation fault when loading ALTQ traffic shaping rules using FAIRQ: This is an upstream FreeBSD bug, and is reproducible with the following pf.conf on a recent FreeBSD/main:
> altq o... Kristof Provost

05/17/2021

03:54 PM Todo #11933 (Resolved): PC/SC Smart Card Daemon ``pcscd`` running on all devices at all times, should be optional: In 2.5.0/21.02 we added the @pcscd@ service to builds for #9878 and it gets run at startup in all cases to handle cer... Jim Pingle
02:58 PM Bug #11932: undefined function watchdogd_enabled: It was in Factory before Plus, it's nothing new. It's been around for years. Filesystem corruption or similar failure... Jim Pingle
02:52 PM Bug #11932: undefined function watchdogd_enabled: Ah, yes, I see it there in the base tar (https://firmware.netgate.com/pkg/pfSense_plus-v21_02_2_amd64-core/All/pfSens... catatonic prime
01:20 PM Bug #11932 (Not a Bug): undefined function watchdogd_enabled: That function is present in pfSense Plus system.inc and if it's missing, it's a sign there is something wrong with yo... Jim Pingle
01:15 PM Bug #11932 (Not a Bug): undefined function watchdogd_enabled: Model: SG-4860 (amd64)
Base System: 21.02.2-RELEASE
I observed some of these issues (or others? I dunno I had a b... catatonic prime
01:58 PM pfSense Packages Feature #9238: Add support for Zerotier: Amy Nagle wrote:
> The pfSense-pkg-zerotier package's uninstall action removes zerotier from the rc.conf.local, so i... Gregory Moore
12:48 PM pfSense Packages Feature #9238: Add support for Zerotier: The pfSense-pkg-zerotier package's uninstall action removes zerotier from the rc.conf.local, so it won't start automa... Amy Nagle
10:30 AM pfSense Packages Feature #9238: Add support for Zerotier: Amy Nagle wrote:
> Just a warning to anyone doing an update from 2.4 to 2.5: make sure you don't have an interface a... Gregory Moore
08:11 AM pfSense Packages Feature #9238: Add support for Zerotier: Just a warning to anyone doing an update from 2.4 to 2.5: make sure you don't have an interface assigned to any zerot... Amy Nagle
08:09 AM pfSense Packages Feature #11931 (New): Add support for validating a domain's ownership via Google Cloud Cloud DNS: Add support for validating a domain's ownership via Google Cloud Cloud DNS.
Support for Google Cloud Cloud DNS is ... Alex Cazacu
07:40 AM pfSense Packages Bug #11930 (Needs Patch): DHCPV6 does not work with L3 Interfaces (tun_wg): Last I saw, WireGuard on FreeBSD did not support broadcast/multicast traffic yet. DHCPv6 may work on L3 interfaces bu... Jim Pingle
07:38 AM Bug #11929 (Rejected): Questions about NAT settings: This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
07:37 AM pfSense Packages Bug #11618 (Closed): WireGuard using incorrect IPv6 tunnel address prefix length: Can be reopened if it still applies to the package. Jim Pingle
07:37 AM pfSense Packages Bug #11585 (Closed): WireGuard kernel panic when changing peer port on assigned WireGuard interface: Can always be reopened if it's still a problem. Jim Pingle
07:30 AM Bug #11912 (Closed): IPsec GUI allows creating multiple identical Phase 1 entries when using FQDN for remote gateway: Jim Pingle
07:29 AM Bug #11928 (Duplicate): 2.6.0-DEVELOPMENT - state and byte counters on firewall rules tabs are all 0 zero: Duplicate of #11775 Jim Pingle
07:28 AM Bug #11893 (Closed): IPsec Dashboard widget only displays first P2 subnet when using a single traffic selector: Jim Pingle
02:30 AM Bug #11619: Unable to upgrade 2.4.4-p3 to 2.5/21.02-p1: Same here.... JD -

05/16/2021

04:24 PM pfSense Packages Bug #11930 (Needs Patch): DHCPV6 does not work with L3 Interfaces (tun_wg): If i use the tun_wg interface with DHCPV6 to push prefixes to peers DHPCV6 stops:
@/services_dhcpv6.php: The comma... Dirk Steingäßer
11:10 AM Bug #11929 (Rejected): Questions about NAT settings: It seems that NAT is not working properly.
I usually use two OpenVPNs to protect my privacy online at the same time,... Jack Harris

05/15/2021

09:59 PM pfSense Packages Bug #11618: WireGuard using incorrect IPv6 tunnel address prefix length: If still relevant, should be moved to the package support for the WG package in 2.6.0. This is no longer relevant fo... Kris Phillips
09:58 PM pfSense Packages Bug #11585: WireGuard kernel panic when changing peer port on assigned WireGuard interface: This should be closed out or moved to the packages section for 2.6.0, if it is still reproducible with the package. ... Kris Phillips
09:53 PM Bug #11912: IPsec GUI allows creating multiple identical Phase 1 entries when using FQDN for remote gateway: Tested this and it is now resolved. The newly fixed FQDN checks work on 21.05 RC. Kris Phillips
08:42 PM Bug #11928 (Duplicate): 2.6.0-DEVELOPMENT - state and byte counters on firewall rules tabs are all 0 zero: After upgrading from 2.5.1-Release to 2.6.0.a.20210513.0100 the counters on firewall rules tabs are always 0.
Afte... M Felden
04:24 PM Regression #11775: State counters not updating and always show 0/0 since last few updates: I'm able to reproduce this. I ran a constant ICMP from LAN over an IPSec tunnel. Both the IPSec and LAN firewall ru... Kris Phillips
04:18 PM Bug #11893: IPsec Dashboard widget only displays first P2 subnet when using a single traffic selector: Tested in 21.05 RC build from May 15th. Looks good. This can be closed out. Kris Phillips
04:04 PM Bug #11698: Incomplete PPPoE custom reset values lead to invalid cron entry: /var/etc/pppoe_restart_pppoe0 is not showing any values
#!/bin/sh
/usr/local/sbin/pfSctl -c 'interface reload ... Alhusein Zawi
02:32 PM Regression #11884 (Resolved): Export P12 icon is missing if certificate is not locally renewable: Tested in 2.6 and 21.05. Export P12 is available. I'll mark the ticket resolved. Max Leighton
12:30 PM Feature #11927: Allow DHCP not to serve a gateway - small fix: To add some clarity. The "none" option is available in the general config. However it is not on the static mapping page. Jori Huisman
07:20 AM Feature #11927 (Resolved): Allow DHCP not to serve a gateway - small fix: Currently pfSense cannot serve dual homed machine on DHCP without giving both interfaces a default gateway as leaving... Jori Huisman
05:23 AM Regression #11857: Match rules cause pf error parsing rules: I am seeing the exact same issue on my Negate 3100.
The first time I upgraded from 21.02 to 21.05 all outbound traff... Brad Hawkins
05:06 AM Bug #11926: Advanced DHCP client configuration "Protocol timing" help text is in the wrong location: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/254 Danilo Zrenjanin
04:57 AM Bug #11926 (Resolved): Advanced DHCP client configuration "Protocol timing" help text is in the wrong location: Under Interface setup > DHCP Client Configuration > Advanced configuration, help text for protocol timing is at the w... Danilo Zrenjanin
04:31 AM Bug #11850: NTP authentication input validation rejects valid keys: Jim Pingle wrote:
> Updating subject for release notes.
As I'm still on the 21.02.2-RELEASE (amd64) - when could ... Thomas Paetzold

05/14/2021

10:31 PM Bug #11855 (Resolved): Error when changing MTU if the interface is used for both IPv4 and IPv6 default routes: Followed the steps to reproduce the issue , there is no error
2.6.0-DEVELOPMENT (amd64)
built on Fri May 07 01:0... Alhusein Zawi
04:29 PM Bug #11873 (Resolved): HTTP Referer error message text is incorrect: Checked in
2.6.0-DEVELOPMENT (amd64)
built on Fri May 14 01:04:01 EDT 2021
FreeBSD 12.2-STABLE
It's accurat... Max Leighton
02:51 PM Regression #11316: Unbound crashes with signal 11 when reloading: Mike Farmwald wrote:
> Jim Pingle wrote:
> > Snapshots for 2.6.0 and 21.05 have had Unbound 1.12.x for a couple wee... Jim Pingle
11:31 AM pfSense Docs Correction #11907 (Closed): Feedback on Virtual Private Networks — OpenVPN — OpenVPN Configuration Options: Merged and deployed Jim Pingle
07:18 AM pfSense Docs Correction #11907 (Pull Request Review): Feedback on Virtual Private Networks — OpenVPN — OpenVPN Configuration Options: Jim Pingle
02:31 AM pfSense Docs Correction #11907: Feedback on Virtual Private Networks — OpenVPN — OpenVPN Configuration Options: https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/13 Viktor Gurov
10:49 AM Bug #11923 (Pull Request Review): Input validation not working for 1:1 NAT entries using an alias as a destination: Jim Pingle
10:38 AM Bug #11923: Input validation not working for 1:1 NAT entries using an alias as a destination: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/252 Viktor Gurov
09:45 AM Bug #11923 (New): Input validation not working for 1:1 NAT entries using an alias as a destination: I can reproduce it on 2.5.1 and 2.6.0.a.20210514.0100 Viktor Gurov
06:25 AM Bug #11923 (Duplicate): Input validation not working for 1:1 NAT entries using an alias as a destination: Duplicate of #11751 Viktor Gurov
05:07 AM Bug #11923 (Resolved): Input validation not working for 1:1 NAT entries using an alias as a destination: We have some NAT 1:1 configured with the "Destination" field with alias.
Today we discovered that we could not eith... Massimiliano Cianelli
10:45 AM Regression #11751: Input validation prevents creating 1:1 NAT rules on IPsec: Jim Pingle wrote:
> Already in 21.05 branch.
extra 2.6-only fix:
https://gitlab.netgate.com/pfSense/pfSense/-/me... Viktor Gurov
08:07 AM Regression #11751: Input validation prevents creating 1:1 NAT rules on IPsec: Hi,
I've applied the patch to pfsense 2.5.1 (Using system patch) and 2.5.0 (manually) but I'm still unable to crea... Massimiliano Cianelli
09:27 AM Bug #11925 (New): Calling-Station-Id always set to WAN IP: RADIUS attribute Calling-Station-Id always set to WAN IP address,
no matter which interface OpenVPN server is listen... Viktor Gurov
07:36 AM Bug #11924 (Rejected): 2 PfSense in HA, installed on HP ProLiant DL160 Gen9, reboot needed to restart several daemon: This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
05:50 AM Bug #11924 (Rejected): 2 PfSense in HA, installed on HP ProLiant DL160 Gen9, reboot needed to restart several daemon: _Good Morning,_
*The following message to explain the problem at hand.*
I regularly update the PFSense withou... Michele D'Alessio
07:32 AM Bug #11922 (Pull Request Review): Certificate manager reports CA as in use by an LDAP server when LDAP is not configured for TLS: Jim Pingle
04:42 AM Bug #11922: Certificate manager reports CA as in use by an LDAP server when LDAP is not configured for TLS: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/251 Viktor Gurov
04:33 AM Bug #11922 (Resolved): Certificate manager reports CA as in use by an LDAP server when LDAP is not configured for TLS: If you create a LDAP Authentication server entry with transport = "Standard TCP" and select a non-global peer CA,
it... Viktor Gurov
07:29 AM Feature #11921: Feature Request: Compile unbound with EDNS Client Subnet (ECS) module (--enable-subnet): This is an option in the FreeBSD port already:... Jim Pingle
03:03 AM Feature #11921 (New): Feature Request: Compile unbound with EDNS Client Subnet (ECS) module (--enable-subnet): There are use cases for the subnet module in unbound to be able to configure EDNS client subnet behavior via the
... M Felden
07:23 AM Bug #11091: Interfaces set as disabled in the configuration have an UP status in the operating system at boot: We can bring in that fix for the next release, I backed out the original change from plus-RELENG_21_05 to make sure i... Jim Pingle
02:44 AM Bug #11091: Interfaces set as disabled in the configuration have an UP status in the operating system at boot: Steve Wheeler wrote:
> Confirmed; this breaks sub-interfaces on anything that is assigned but disabled by removing t... Viktor Gurov
03:36 AM Bug #11370: firewall_aliases_edit.php is limited in the number of input entries it can save to an alias: unable to reproduce it on 2.6.0.a.20210513.0100 - I can successfully import a list containing 600+ lines and see all... Viktor Gurov
02:24 AM pfSense Docs Todo #11499 (Closed): Feedback on Services — DHCPv4 Server: Added Viktor Gurov
01:09 AM Todo #6647: Enable Additional Security Headers: PCI DSS Compliance scan requires Content-Security-Policy HTTP Header Viktor Gurov
12:56 AM pfSense Plus Feature #11920: SAML Authentication for pfSense (VPN and webConfigurator): see also #9970 Viktor Gurov

05/13/2021

10:16 PM Revision e56f7a19: Report file system type in metrics: Steve Beaver
05:55 PM Revision 5c1ed67f: Refactor firewall_nat_npt for MVC: Steve Beaver
04:15 PM Revision 79ba83ad: Refactor firewall_nat_1to1_edit for MVC: Steve Beaver
02:27 PM pfSense Plus Feature #11920 (New): SAML Authentication for pfSense (VPN and webConfigurator): A customer has requested SAML authentication support for things like Azure as an alternative to LDAP and RADIUS. Ple... Kris Phillips
02:07 PM Revision 8fb4972c: Refactor 1 to 1 NAT for MVC: Steve Beaver
09:47 AM Bug #11792 (Closed): Cannot disable IPsec P1 when related P2s are in VTI mode and enabled: Jim Pingle
09:09 AM Regression #11723: Virtual IP addresses are only added to interfaces after reboot: Updating subject, but also excluding from release notes since it was a regression since the last release. Jim Pingle
09:08 AM Bug #11636: Unused Limiter entries with schedules create unnecessary cron jobs: Updating subject for release notes. Jim Pingle
09:08 AM Feature #6626: Support for IPv6 firewall entries with dynamic delegated prefix and static host address: Updating subject for release notes. Jim Pingle
08:48 AM Bug #11832: ``ipsec_vti()`` does not skip disabled VTI entries: Updating subject for release notes. Jim Pingle
08:48 AM Regression #11794: IPsec VTI interface names are not properly formed for more than 32 interfaces: Updating subject for release notes. Jim Pingle
08:48 AM Bug #11651: Error when adding both IPv4 and IPv6 P2 under an IPv4 or IPv6 only IKEv1 P1: Updating subject for release notes. Jim Pingle
08:47 AM Todo #11518: Move custom IPsec NAT-T port settings to Advanced Options: Updating subject for release notes. Jim Pingle
08:46 AM Bug #11456: Unbound Python Integration repeatedly mounts ``dev`` without unmounting: Updating subject for release notes. Jim Pingle
08:39 AM Bug #11850: NTP authentication input validation rejects valid keys: Updating subject for release notes. Jim Pingle
07:44 AM Feature #11358: New Dynamic DNS Provider: NIC.RU: Updating subject for release notes. Jim Pingle
07:44 AM Feature #11294: New Dynamic DNS Provider: Yandex PDD: Updating subject for release notes. Jim Pingle
07:44 AM Feature #11293: New Dynamic DNS Provider: one.com: Updating subject for release notes. Jim Pingle
07:42 AM Bug #11688: Disabling all interfaces associated with a floating rule causes the firewall to generate an incorrect pf rule: Either way is fine Jim Pingle

05/12/2021

10:43 PM Bug #11792: Cannot disable IPsec P1 when related P2s are in VTI mode and enabled: Tested on both 21.05 and 2.6.0 snapshots. Marcos M
07:46 AM Bug #11792: Cannot disable IPsec P1 when related P2s are in VTI mode and enabled: Marcos Mendoza wrote:
> Tested latest snapshot. Worked well.
2.6.0 snapshot or 21.05 snapshot? Jim Pingle
10:28 PM Revision 4e820dc1: One.com, NIC.RU, Yandex DynDNS support. Implements #11293 #11294 #11358: Viktor Gurov
09:44 PM Revision 0193bb0b: Set explicit-exit-notify to 1 for new OpenVPN Server instances. Issue #11684: Viktor Gurov
09:08 PM Revision 866cc787: Fix missing ')' in openvpn.inc: Steve Beaver
07:46 PM Revision 58a50506: Enable unbound112 build: Renato Botelho
07:45 PM Revision 662778ef: Add needed options to unbound112: (cherry picked from commit 3c8dcdf77be9ed2a6fc296914053a41ef6ff04f2) Renato Botelho
05:35 PM Feature #11358 (Feedback): New Dynamic DNS Provider: NIC.RU: Applied in changeset commit:4e820dc1e02074ddf8de28d3be4f54be4a5c8066. Viktor Gurov
05:35 PM Feature #11294 (Feedback): New Dynamic DNS Provider: Yandex PDD: Applied in changeset commit:4e820dc1e02074ddf8de28d3be4f54be4a5c8066. Viktor Gurov
05:35 PM Feature #11293 (Feedback): New Dynamic DNS Provider: one.com: Applied in changeset commit:4e820dc1e02074ddf8de28d3be4f54be4a5c8066. Viktor Gurov
04:41 PM Bug #11299: Unused L2TP VPN files are not removed when the service is disabled: fix subject typo
Viktor Gurov
02:37 PM Bug #11299: Unused L2TP VPN files are not removed when the service is disabled: Updating subject for release notes. Jim Pingle
04:16 PM Bug #11688: Disabling all interfaces associated with a floating rule causes the firewall to generate an incorrect pf rule: Jim Pingle wrote:
> causes the firewall to generate an invalid pf rule
I would argue that the generated rule is n... Jonathon Reinhart
02:48 PM Bug #11688: Disabling all interfaces associated with a floating rule causes the firewall to generate an incorrect pf rule: Updating subject for release notes. Jim Pingle
07:15 AM Bug #11688 (Feedback): Disabling all interfaces associated with a floating rule causes the firewall to generate an incorrect pf rule: Anonymous
02:54 PM Feature #2400: GUI options for WPA Enterprise with identity/password: Updating subject for release notes. Jim Pingle
07:44 AM Feature #2400: GUI options for WPA Enterprise with identity/password: Already in 21.05 branch. Jim Pingle
02:54 PM Bug #11808: Ignore WireGuard configurations under ``<installedpackages></installedpackages>``: Updating subject for release notes. Jim Pingle
02:53 PM Bug #11880: Missing ``/0`` subnet when cloning repeatable CIDR mask controls: Updating subject for release notes. Jim Pingle
07:01 AM Bug #11880 (Feedback): Missing ``/0`` subnet when cloning repeatable CIDR mask controls: Anonymous
02:52 PM Bug #11873: HTTP Referer error message text is incorrect: Updating subject for release notes. Jim Pingle
02:52 PM Regression #11751: Input validation prevents creating 1:1 NAT rules on IPsec: Updating subject for release notes. Jim Pingle
02:51 PM Regression #11702: RAM Disk Settings shows Kernel Memory at ``0`` Kb and does not allow the user to create RAM disks: Updating subject for release notes. Jim Pingle
02:51 PM Bug #11685: PHP error if ``PHP_error.log`` file is too large: Updating subject for release notes. Jim Pingle
07:11 AM Bug #11685: PHP error if ``PHP_error.log`` file is too large: Already in 21.05 branch. Jim Pingle
02:50 PM Regression #11510: ARP Table populates hostname values using expired DHCP lease data: Updating subject for release notes. Jim Pingle
07:31 AM Regression #11510: ARP Table populates hostname values using expired DHCP lease data: Already in 21.05 branch. Jim Pingle
02:49 PM Feature #11228: Replace HTTP links with HTTPS in the GUI: Updating subject for release notes. Jim Pingle
02:49 PM Bug #11897: Language presented to user during upgrade is misleading: Updating subject for release notes. Jim Pingle
06:56 AM Bug #11897 (Feedback): Language presented to user during upgrade is misleading: Anonymous
02:48 PM Bug #11861: Error loading rules in certain cases where an interface is temporarily without an address: Updating subject for release notes. Jim Pingle
02:47 PM Feature #6626: Support for IPv6 firewall entries with dynamic delegated prefix and static host address: Updating subject for release notes. Jim Pingle
07:43 AM Feature #6626: Support for IPv6 firewall entries with dynamic delegated prefix and static host address: Already in 21.05 branch. Jim Pingle
02:46 PM Regression #11806: IPv4 link-local (``169.254.x.x``) gateway does not function: Updating subject for release notes. Jim Pingle
02:46 PM Bug #11296: Static route targets may still reachable via default route when the gateway they should route through is down: Updating subject for release notes. Jim Pingle
02:44 PM Bug #11867: Unquoted variable in ``dot.tcshrc`` can cause proxy password to be printed: Updating subject for release notes. Jim Pingle
02:43 PM Feature #11125: Kernel module for RTL8153 driver: Updating subject for release notes. Jim Pingle
02:43 PM Feature #7092: Kernel modules for alternate congestion control algorithms: Updating subject for release notes. Jim Pingle
07:30 AM Feature #7092: Kernel modules for alternate congestion control algorithms: Applied in changeset commit:b28f8cd6effe35fe9c223da83da3dfe7be24f67b. Viktor Gurov
07:22 AM Feature #7092 (Feedback): Kernel modules for alternate congestion control algorithms: Anonymous
02:42 PM Bug #11830: Certificate validation with OCSP always fails in ``openvpn.tls-verify.php``: Updating subject for release notes. Jim Pingle
07:07 AM Bug #11830 (Feedback): Certificate validation with OCSP always fails in ``openvpn.tls-verify.php``: Anonymous
02:41 PM Bug #11700: OpenVPN does not kill IPv6 client states on disconnect: Updating subject for release notes. Jim Pingle
07:10 AM Bug #11700: OpenVPN does not kill IPv6 client states on disconnect: Already in 21.05 branch. Jim Pingle
02:41 PM Bug #11699: OpenVPN does not clean up parsed ``Cisco-AVPair`` rules on non-graceful disconnect: Updating subject for release notes. Jim Pingle
07:13 AM Bug #11699 (Feedback): OpenVPN does not clean up parsed ``Cisco-AVPair`` rules on non-graceful disconnect: Anonymous
02:41 PM Feature #11596: Support for Cisco AVPair ``{clientipv6}`` template in firewall rules returns by RADIUS: Updating subject for release notes. Jim Pingle
07:16 AM Feature #11596: Support for Cisco AVPair ``{clientipv6}`` template in firewall rules returns by RADIUS: Already in 21.05 branch. Jim Pingle
02:40 PM Feature #11521: Set Explicit Exit Notify to ``1`` by default for new OpenVPN client instances: Updating subject for release notes. Jim Pingle
02:39 PM Bug #11141: OpenVPN Wizard does not support gateway groups: Updating subject for release notes. Jim Pingle
02:39 PM Feature #11140: Allow the firewall to use DNS servers provided to an OpenVPN client instance: Updating subject for release notes. Jim Pingle
07:40 AM Feature #11140: Allow the firewall to use DNS servers provided to an OpenVPN client instance: Already in 21.05 branch. Jim Pingle
02:38 PM Regression #11495: NTP widget displays incorrect status: Updating subject for release notes. Jim Pingle
07:17 AM Regression #11495 (Feedback): NTP widget displays incorrect status: Anonymous
02:38 PM Feature #11406: GUI option to set MTU for L2TP VPN server: Updating subject for release notes. Jim Pingle
02:37 PM Feature #11911: Shortcut buttons for service control and logs on RADVD configuration: Updating subject for release notes. Jim Pingle
08:06 AM Feature #11911 (Closed): Shortcut buttons for service control and logs on RADVD configuration: Moving from internal Redmine since this affects CE and Plus and isn't hardware-dependent.
Original Description fro... Jim Pingle
02:36 PM Feature #11103: Use virtual link local IP address as RA source address for HA environments: Updating subject for release notes. Jim Pingle
07:21 AM Feature #11103 (Feedback): Use virtual link local IP address as RA source address for HA environments: Anonymous
02:35 PM Bug #11891: strongSwan configuration contains incorrect structure for mobile pool DNS records: Updating subject for release notes. Jim Pingle
02:35 PM Bug #11832: ``ipsec_vti()`` does not skip disabled VTI entries: Updating subject for release notes. Jim Pingle
07:06 AM Bug #11832 (Feedback): ``ipsec_vti()`` does not skip disabled VTI entries: Anonymous
02:34 PM Bug #11651: Error when adding both IPv4 and IPv6 P2 under an IPv4 or IPv6 only IKEv1 P1: Updating subject for release notes. Jim Pingle
07:15 AM Bug #11651: Error when adding both IPv4 and IPv6 P2 under an IPv4 or IPv6 only IKEv1 P1: Already in 21.05 branch. Jim Pingle
02:34 PM Feature #11576: IPsec GUI option to control Child SA ``start_action``: Updating subject for release notes. Jim Pingle
07:27 AM Feature #11576: IPsec GUI option to control Child SA ``start_action``: Already in 21.05 branch. Jim Pingle
02:33 PM Regression #11564: strongSwan configuration always contains user EAP/PSK values: Updating subject for release notes. Jim Pingle
07:28 AM Regression #11564: strongSwan configuration always contains user EAP/PSK values: Already in 21.05 branch. Jim Pingle
02:32 PM Feature #11395: Option to switch IPsec filtering modes to choose between ``enc`` and ``if_ipsec`` filtering: Updating subject for release notes. Jim Pingle
07:35 AM Feature #11395: Option to switch IPsec filtering modes to choose between ``enc`` and ``if_ipsec`` filtering: Already in 21.05 branch. Jim Pingle
02:32 PM Feature #11211: GUI option to set RADIUS Timeout for EAP-RADIUS: Updating subject for release notes. Jim Pingle
07:38 AM Feature #11211: GUI option to set RADIUS Timeout for EAP-RADIUS: Already in 21.05 branch. Jim Pingle
02:31 PM Bug #11855: Error when changing MTU if the interface is used for both IPv4 and IPv6 default routes: Updating subject for release notes. Jim Pingle
07:10 AM Bug #11855: Error when changing MTU if the interface is used for both IPv4 and IPv6 default routes: Applied in changeset commit:4979c9934be628bc10ca62221b48e7a39e03319f. Viktor Gurov
07:02 AM Bug #11855 (Feedback): Error when changing MTU if the interface is used for both IPv4 and IPv6 default routes: Anonymous
02:30 PM Bug #11698: Incomplete PPPoE custom reset values lead to invalid cron entry: Updating subject for release notes. Jim Pingle
07:14 AM Bug #11698 (Feedback): Incomplete PPPoE custom reset values lead to invalid cron entry: Anonymous
02:29 PM Bug #11387: Interfaces page displays MAC Address field for interfaces which do not support L2: Updating subject for release notes. Jim Pingle
02:28 PM Bug #5135: DHCP interfaces are always treated as having a gateway, even if one is not assigned by the upstream DHCP server: Updating subject for release notes. Jim Pingle
07:43 AM Bug #5135: DHCP interfaces are always treated as having a gateway, even if one is not assigned by the upstream DHCP server: Already in 21.05 branch. Jim Pingle
02:27 PM Bug #11904: IGMP Proxy restarts unnecessarily after IPv6 gateway events: Updating subject for release notes. Jim Pingle
07:00 AM Bug #11904: IGMP Proxy restarts unnecessarily after IPv6 gateway events: Applied in changeset commit:159ea168178bb5fb4b2a4e0e4936710562d929a1. Viktor Gurov
06:55 AM Bug #11904 (Feedback): IGMP Proxy restarts unnecessarily after IPv6 gateway events: Anonymous
02:25 PM Bug #11082: XMLRPC synchronization restarts all OpenVPN instances on the secondary node when making any change on the primary node: Updating subject for release notes. Jim Pingle
07:41 AM Bug #11082: XMLRPC synchronization restarts all OpenVPN instances on the secondary node when making any change on the primary node: Already in 21.05 branch. Jim Pingle
02:24 PM Todo #11426: Deprecate old cryptographic accelerator hardware which is not viable on modern systems: Updating subject for release notes. Jim Pingle
02:23 PM Feature #11164: Input validation to prevent setting a load balancing gateway group as default: Updating subject for release notes. Jim Pingle
02:21 PM Bug #11815: NoIP.com Dynamic DNS update failure is not detected properly: Updating subject for release notes. Jim Pingle
07:09 AM Bug #11815 (Feedback): NoIP.com Dynamic DNS update failure is not detected properly: Anonymous
02:21 PM Bug #11754: Digital Ocean Dynamic DNS help text is incorrect: Updating subject for release notes. Jim Pingle
02:20 PM Bug #11667: Automatic 25-day forced Dynamic DNS update removes wildcard domain: Updating subject for release notes. Jim Pingle
07:12 AM Bug #11667: Automatic 25-day forced Dynamic DNS update removes wildcard domain: Already in 21.05 branch. Jim Pingle
02:11 PM Feature #11420: New Dynamic DNS Provider: Gandi LiveDNS IPv6: Updating subject for release notes. Jim Pingle
07:34 AM Feature #11420: New Dynamic DNS Provider: Gandi LiveDNS IPv6: Already in 21.05 branch. Jim Pingle
02:10 PM Feature #7842: New Dynamic DNS Provider: Mythic-Beasts: Updating subject for release notes. Jim Pingle
02:09 PM Bug #11456: Unbound Python Integration repeatedly mounts ``dev`` without unmounting: Updating subject for release notes. Jim Pingle
07:25 AM Bug #11456: Unbound Python Integration repeatedly mounts ``dev`` without unmounting: Applied in changeset commit:a72b320ee3d7d29563210e62b132afd0d76f1165. Viktor Gurov
07:17 AM Bug #11456 (Feedback): Unbound Python Integration repeatedly mounts ``dev`` without unmounting: Anonymous
02:08 PM Regression #11819: MAC address OEM information missing from ARP table: Updating subject for release notes. Jim Pingle
02:08 PM Bug #11769: Sanitize Captive Portal RADIUS MAC secret in status output: Updating subject for release notes. Jim Pingle
02:07 PM Bug #11883: ``dhcp6withoutra_script.sh`` does not get executed when advanced options are set: Updating subject for release notes. Jim Pingle
06:59 AM Bug #11883 (Feedback): ``dhcp6withoutra_script.sh`` does not get executed when advanced options are set: Anonymous
02:06 PM Regression #11787: Thermal sensors widget no longer shows values from certain hardware: This should also fix the thermal sensors widget on the 3100 (#11673) Jim Pingle
07:11 AM Regression #11787 (Feedback): Thermal sensors widget no longer shows values from certain hardware: Anonymous
02:05 PM pfSense Plus Bug #11673 (Duplicate): Thermal Sensors Non-functional on SG-3100: Fixed by #11787, marking this a duplicate Jim Pingle
02:03 PM Todo #11914: Allow reroot on ZFS from console and GUI reboot menu entries: Updating subject for release notes. Jim Pingle
08:18 AM Todo #11914 (Resolved): Allow reroot on ZFS from console and GUI reboot menu entries: Moving from internal Redmine 6304 since this affects CE and Plus and isn't hardware-dependent.
Original Descriptio... Jim Pingle
02:02 PM Bug #11609: CLI interface configuration without IPv6 leaves RA enabled: Updating subject for release notes. Jim Pingle
07:15 AM Bug #11609: CLI interface configuration without IPv6 leaves RA enabled: Already in 21.05 branch. Jim Pingle
02:02 PM Bug #11801: PHP error in ``upgrade_212_to_213()`` when upgrading certain IPsec tunnels: Updating subject for release notes. Jim Pingle
02:01 PM Bug #11678: Certificate Manager does not report Unbound as using a certificate: Updating subject for release notes. Jim Pingle
02:01 PM Bug #11793: OpenVPN client starts when CARP VIP is in BACKUP status when bound to Virtual IP aliased to CARP VIP: Updating subject for release notes. Jim Pingle
07:15 AM Bug #11793: OpenVPN client starts when CARP VIP is in BACKUP status when bound to Virtual IP aliased to CARP VIP: Applied in changeset commit:70d797668245d8070782912d6bcdf0939aea7c62. Viktor Gurov
07:10 AM Bug #11793 (Feedback): OpenVPN client starts when CARP VIP is in BACKUP status when bound to Virtual IP aliased to CARP VIP: Anonymous
02:00 PM Bug #11843: Potential XSS vulnerability in Captive Portal ``redirurl`` handling: Updating subject for release notes. Jim Pingle
01:59 PM Feature #11264: Redirect Captive Portal users to login page after they logout: Updating subject for release notes. Jim Pingle
07:37 AM Feature #11264: Redirect Captive Portal users to login page after they logout: The PR in the description was closed without merging, the merged PR was https://github.com/pfsense/pfsense/pull/4503
... Jim Pingle
01:58 PM Bug #11748: Automated corruption recovery from cached ``config.xml`` backup files should check multiple backups: Updating subject for release notes. Jim Pingle
07:20 AM Bug #11748: Automated corruption recovery from cached ``config.xml`` backup files should check multiple backups: Applied in changeset commit:40159e4f9fc2db7ac8a6a28a5f757e51e7975886. Viktor Gurov
07:11 AM Bug #11748 (Feedback): Automated corruption recovery from cached ``config.xml`` backup files should check multiple backups: Anonymous
01:56 PM Feature #10811: Randomize time of scheduled AutoConfigBackup runs: Updating subject for release notes. Jim Pingle
07:42 AM Feature #10811: Randomize time of scheduled AutoConfigBackup runs: Already in 21.05 branch. Jim Pingle
01:50 PM Feature #11390: Copy button for Authentication Server entries: Updating subject for release notes. Jim Pingle
01:49 PM Feature #11380: PHP shell playback script to modify Alias contents: Updating subject for release notes. Jim Pingle
01:15 PM Revision 837dfef2: Sort modules alphabetically: Renato Botelho
01:08 PM Revision 9a887a87: Reduce differences from Plus. No functional changes: Renato Botelho
12:57 PM Regression #11316: Unbound crashes with signal 11 when reloading: Jim Pingle wrote:
> Snapshots for 2.6.0 and 21.05 have had Unbound 1.12.x for a couple weeks now.
>
> I created #... Mike Farmwald
08:51 AM Regression #11316: Unbound crashes with signal 11 when reloading: Snapshots for 2.6.0 and 21.05 have had Unbound 1.12.x for a couple weeks now.
I created #11915 to note that since ... Jim Pingle
12:21 PM Revision b28f8cd6: Add congestion control modules. Implements #7092: Viktor Gurov
12:20 PM Revision e1f2d297: Merge pull request #4515 from znerol-forks/feature/master/radvd-linklocal-vip-2: Steve Beaver
12:17 PM Revision a72b320e: Unbound devfs mount check. Fixes #11456: Viktor Gurov
12:16 PM Revision 6f102d9c: NTP status widget fix. Issue #11495: Viktor Gurov
12:15 PM Revision 8fdd4d4b: Merge pull request #4509 from JonathonReinhart/floating-rule-no-matching-iface-master: Steve Beaver
12:14 PM Revision 8292d14f: PPPoE custom reset crontab entry fix. Issue #11698: Viktor Gurov
12:13 PM Revision 58307d6f: Set default OpenVPN inactive timeout to 300. Issue #11699: Viktor Gurov
12:12 PM Revision 4f26f187: Set default_socket_timeout on XMLRPC sync. Fixes #11718: Viktor Gurov
12:12 PM Revision fb64d0be: saveVIP() fix. Issue #11723: Viktor Gurov
12:11 PM Revision 40159e4f: Checking multiple backups when detecting invalid configuration. Fixes #11748: Viktor Gurov
12:11 PM Revision f4f50954: Include Chelsio temperature values.: https://redmine.pfsense.org/issues/11787 Steve Wheeler
12:10 PM Revision 70d79766: Do not start an OpenVPN instance if vip aliased to BACKUP CARP. Fixes #11793: Viktor Gurov
12:09 PM Revision 304354a5: Merge pull request #4518 from bauerstefan/master: Steve Beaver
12:08 PM Revision 8ec7864a: NoIP.com DynDNS fix. Issue #11815: Viktor Gurov
12:07 PM Revision 126944b7: openvpn.tls-verify.php fixes. Issue #11830: Viktor Gurov
12:06 PM Revision 9ca88c29: ipsec_vti() skipdisabled fix. Issue #11832: Viktor Gurov
12:05 PM Revision 0e4202b7: Refactor hide logic for fields on DynDNS edit page. Fixes #11840: The page included hide/show logic for username field only for few
providers, which meant that if a provider with the ... Jaakko Kantojärvi
12:02 PM Revision 4979c993: Correctly change default IPv6 route MTU if both IPv4/IPv6 gateways are configured on interface. Fixes #11855: Viktor Gurov
12:02 PM Revision f0a0bae5: OpenVPN TAP ifconfig-ipv6 syntax fix. Issue #11869: Viktor Gurov
12:01 PM Revision 2f00a5e3: Merge pull request #4517 from vajonam/fix_address_clone: Steve Beaver
11:58 AM Revision c600ac6b: DHCP6: Do not wait for a RA & Advanced Configuration script fix. Issue #11883: Viktor Gurov
11:58 AM Revision 21e14611: IPsec Dashboard widget improvement. Fixes #11893: Viktor Gurov
11:55 AM Revision 8054b3a6: Change firmware update message text. Issue #11897: Viktor Gurov
11:54 AM Revision 159ea168: Do not restart IGMP Proxy on IPv6 gateway events. Fixes #11904: Viktor Gurov
10:05 AM Regression #11775: State counters not updating and always show 0/0 since last few updates: Having the same issue on 21.05-BETA with all counters on all interfaces reporting 0/0 B in the WebUI
pfctl -sa rep... Adam Goldberg
08:50 AM Todo #11915 (Resolved): Temporarily move back to Unbound 1.12.x due to instability on Unbound 1.13.x: This is already done, adding issue for tracking purposes and so it will show up in the release notes.
Since Unboun... Jim Pingle
08:44 AM Regression #11470: Panic when using CBQ traffic shaping: Would be nice to fix soon if we can, but not a blocker at the moment. Jim Pingle
08:44 AM Regression #11550: Segmentation fault when loading ALTQ traffic shaping rules using FAIRQ: Would be nice to fix soon if we can, but not a blocker at the moment. Jim Pingle
08:15 AM Bug #11913 (Closed): RADVD breaks on SIGHUP: Moving from internal Redmine 6287 since this affects CE and Plus and isn't hardware-dependent.
Original Descriptio... Jim Pingle
08:11 AM Bug #11912 (Closed): IPsec GUI allows creating multiple identical Phase 1 entries when using FQDN for remote gateway: Moving from internal Redmine issue 6010 since this affects CE and Plus and isn't hardware-dependent.
Original Desc... Jim Pingle
08:00 AM Regression #11910 (Resolved): IPsec status tunnel descriptions are incorrect: Moving from internal Redmine since this affects CE and Plus and isn't hardware-dependent.
Original description:
... Jim Pingle
07:42 AM Bug #9887: Rule separator positions change when deleting multiple rules: Already in 21.05 branch. Jim Pingle
07:34 AM Feature #11402: Xen console support: Already in 21.05 branch. Jim Pingle
07:32 AM Regression #11447: EAP-RADIUS Mobile IPsec clients with RADIUS-assigned addresses do not get additional configuration attributes: Already in 21.05 branch. Jim Pingle
07:30 AM Todo #11518: Move custom IPsec NAT-T port settings to Advanced Options: Already in 21.05 branch. Jim Pingle
07:30 AM Regression #11524: Using SHA1 or SHA256 with AES-NI may fail if AES-NI attempts to accelerate hashing: Already in 21.05 builds. Jim Pingle
07:29 AM Bug #11539: Mobile IPsec ``split_include`` value of ``0.0.0.0/0`` causes some clients to fail: Nothing committed here yet and only one data point on if it's beneficial. Bumping this one up for the moment. I'd lik... Jim Pingle
07:20 AM Bug #11718: XMLRPC Client does not honor its default timeout value: Applied in changeset commit:4f26f187d8cc5028646e86fbb95ce91552d062c2. Viktor Gurov
07:13 AM Bug #11718 (Feedback): XMLRPC Client does not honor its default timeout value: Anonymous
07:19 AM Bug #11229 (Feedback): Harmless error when enabling traffic shaper: Anonymous
07:15 AM Bug #11636: Unused Limiter entries with schedules create unnecessary cron jobs: Already in 21.05 branch. Jim Pingle
07:12 AM Regression #11723 (Feedback): Virtual IP addresses are only added to interfaces after reboot: Anonymous
07:10 AM Bug #11704: Stale hostname registration data for OpenVPN clients is not deleted from the DNS Resolver configuration at boot: Already in 21.05 branch. Jim Pingle
07:09 AM Bug #11725: Error when setting queue limit on CODELQ limiter: Already in 21.05 branch. Jim Pingle
07:05 AM Bug #11893: IPsec Dashboard widget only displays first P2 subnet when using a single traffic selector: Applied in changeset commit:21e146119fb995e4b9b7fadf41b367fa3a1a0d41. Viktor Gurov
06:58 AM Bug #11893 (Feedback): IPsec Dashboard widget only displays first P2 subnet when using a single traffic selector: Anonymous
07:02 AM Bug #11869 (Feedback): OpenVPN client startup error if IPv6 Tunnel Network is defined in TAP mode: Anonymous

Also available in: Atom

Project

General

Profile

pfSense

Activity

Activity

06/10/2021

06/09/2021

06/08/2021

06/07/2021

06/06/2021

06/05/2021

06/04/2021

06/03/2021

06/02/2021

06/01/2021

05/31/2021

05/30/2021

05/29/2021

05/28/2021

05/27/2021

05/26/2021

05/25/2021

05/24/2021

05/23/2021

05/22/2021

05/21/2021

05/20/2021

05/19/2021

05/18/2021

05/17/2021

05/16/2021

05/15/2021

05/14/2021

05/13/2021

05/12/2021