Activity

30 days up to

User

Subprojects

Activity

From 05/19/2021 to 06/17/2021

06/17/2021

10:47 PM Feature #12055: Option to disable XMLRPC Sync for Loopback Virtual IPs: Forgot the doc link - here it is: https://docs.netgate.com/pfsense/en/latest/firewall/virtual-ip-addresses.html Chris Myles
10:46 PM Feature #12055 (Closed): Option to disable XMLRPC Sync for Loopback Virtual IPs: According to this pfSense doc, Loopback IPs are synchronized via XMLRPC because they are only ever active on the loca... Chris Myles
08:53 PM pfSense Packages Bug #12054 (Resolved): "succesfully" misspelled: When fetching a patch, the message "Patch fetched succesfully" is missing an S. Steve Y
07:55 PM pfSense Plus Bug #12053: PRF Algorithm is Always Set to SHA256 on New Tunnel Creations: Selection feature was introduced in changeset f5ddbec114b3b9ecce14761d173381556422061b Kris Phillips
07:52 PM pfSense Plus Bug #12053: PRF Algorithm is Always Set to SHA256 on New Tunnel Creations: Reference internal ticket INC-87329 for troubleshooting steps with customer that experienced this. Kris Phillips
07:51 PM pfSense Plus Bug #12053 (Closed): PRF Algorithm is Always Set to SHA256 on New Tunnel Creations: When creating new P1s regardless of what the hash algorithm is set to the variable in config.xml is always set to <pr... Kris Phillips
07:28 PM Regression #12048 (New): Error during XMLRPC synchronization due to changes in ``pear-HTTP_Request2``: Latest 2.5.2 build looks good with pear-HTTP_Request2 2.3.0,1.
Moving this ahead to 2.6.0 for (hopefully) a long t... Jim Pingle
04:29 PM Regression #12048 (Feedback): Error during XMLRPC synchronization due to changes in ``pear-HTTP_Request2``: pear-HTTP_Request2 downgraded to 2.3.0,1 Renato Botelho
01:56 PM Regression #12048: Error during XMLRPC synchronization due to changes in ``pear-HTTP_Request2``: Jim Pingle wrote:
> I have been able to narrow this down further to this change:
>
> [...]
>
> If I go back to... Luca De Andreis
01:16 PM Regression #12048: Error during XMLRPC synchronization due to changes in ``pear-HTTP_Request2``: I have been able to narrow this down further to this change:... Jim Pingle
12:50 PM Regression #12048: Error during XMLRPC synchronization due to changes in ``pear-HTTP_Request2``: After checking many, many different things (SSL, crypto settings, nginx settings, and more) I went back and tried old... Jim Pingle
07:00 PM Revision 9455c6ef: XMLRPC sync improvements. Implements #12051: Jim Pingle
06:04 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: I can confirm that applying the PCRE_JIT patch fixed this problem for me on 21.05. Clinton Cory
05:44 PM Revision f0e84135: Moves the help text to the appropriate place. Issue #11926: Danilo Zrenjanin
05:34 PM Revision 760d4d13: Build QEMU Guest Agent. Feature #9877: Viktor Gurov
05:10 PM Revision cf11a8a5: Allow to swith to Persistent Maintenance Mode if CARP is disabled. Fixes #11727: Viktor Gurov
05:08 PM Revision 97762ce9: Enable build of zabbix 5.4 packages: Renato Botelho
05:04 PM Revision 4e3ab7d2: Add Zabbix 5.4 config options. Feature #12042: Viktor Gurov
04:06 PM Revision 1b910463: Fixed #12050 by adding new JumpToLine() function and calling as needed: Steve Beaver
03:02 PM Regression #12052 (Resolved): IPsec status IKE disconnect button drops all connections for the IKE ID, not a specific IKE SA ID: *Plataform:*
Version 2.5.1-RELEASE (amd64) on VMWare
built on Mon Apr 12 07:50:14 EDT 2021
FreeBSD 12.2-STABLE
... Geovane Gonçalves
02:10 PM Todo #12051 (Feedback): XMLRPC client improvements: Applied in changeset commit:9455c6ef8fa512b9341885c2186f7a79ac59cf2b. Jim Pingle
01:52 PM Todo #12051 (Resolved): XMLRPC client improvements: There are a few changes that could be beneficial for the XMLRPC sync client:
* The same client can be reused for m... Jim Pingle
12:44 PM Bug #11926 (Feedback): Advanced DHCP client configuration "Protocol timing" help text is in the wrong location: PR has been merged. Thanks! Renato Botelho
12:35 PM Feature #9877 (Feedback): QEMU Guest Agent: PR has been merged. Thanks! Renato Botelho
12:20 PM Bug #11727: Cannot enter persistent CARP maintenance mode when CARP is disabled: Applied in changeset commit:cf11a8a5b5752cdf3b4739b1ae1ed56e197705c3. Viktor Gurov
12:12 PM Bug #11727 (Feedback): Cannot enter persistent CARP maintenance mode when CARP is disabled: PR has been merged. Thanks! Renato Botelho
12:09 PM pfSense Packages Feature #12042 (Feedback): Add Zabbix 5.4 agent and proxy packages: PRs merged. Thanks!
I also enabled the build on poudriere_bulk for CE 2.6.0 Renato Botelho
11:15 AM Bug #12050: "GoTo line #" function does not work on ``diag_edit.php``: Applied in changeset commit:1b9104637f304697ec714d8b6ceb8f95466b52b1. Anonymous
11:08 AM Bug #12050 (Feedback): "GoTo line #" function does not work on ``diag_edit.php``: Functionality provided via new JS function jumpToLine() called when requesting GoTo line Anonymous
11:05 AM Bug #12050 (Resolved): "GoTo line #" function does not work on ``diag_edit.php``: When entering a value in the GoTo line # field, the requested line is highlighted, but the textarea does not scroll t... Anonymous
10:59 AM Regression #11910: IPsec status tunnel descriptions are incorrect: Saw this yesterday. Customer has the following:
3 P1s, 2 were IKEv1 and 1 was IKEv2
3 P2s, the 2 for the IKEv1 w... Kris Phillips
10:58 AM Revision dff043e9: Revert "Enable build of Telegraf on armv7": This reverts commit 99e7f9ec562cb3a0f614c60ae7813d8318cdff17. Renato Botelho
10:29 AM Bug #12049: Input validation incorrectly rejects a second IPv4-only GRE tunnel: This is not a regression. Too late for 2.5.2 Renato Botelho
04:20 AM Bug #12049 (Resolved): Input validation incorrectly rejects a second IPv4-only GRE tunnel: More info:
-> This only occurs when creating A 2ND SUCH TUNNEL FOR THE SAME "Parent Interface"
-> The "GRE-tu... Peter Van Overveldt
10:21 AM Revision 99e7f9ec: Enable build of Telegraf on armv7: Renato Botelho
08:02 AM Bug #11850: NTP authentication input validation rejects valid keys: Thanks the effort made.
Just want to confirm: in *21.05-RELEASE* it works now as expected. Thomas Paetzold
06:32 AM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: Charles Jackson wrote:
> I've managed to get two XBoX's and a gaming PC on my network and one Xbox and the PC to con... T S

06/16/2021

05:00 PM Revision b2a8595c: Fix filename: Renato Botelho
02:03 PM Revision 21fb5288: Correct pfctl syntax to kill by label. Fixes #12040: (cherry picked from commit 2afcd4527d4b245c7968bf7ac6b6c505259fe6c9) Jim Pingle
02:02 PM Revision 2afcd452: Correct pfctl syntax to kill by label. Fixes #12040: Jim Pingle
01:57 PM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: Charles Jackson wrote:
> I've managed to get two XBoX's and a gaming PC on my network and one Xbox and the PC to con... Polar Nerd
01:46 PM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: I've managed to get two XBoX's and a gaming PC on my network and one Xbox and the PC to connect to and play the same ... Charles Jackson
12:04 PM pfSense Packages Feature #12042: Add Zabbix 5.4 agent and proxy packages: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/287
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-... Viktor Gurov
09:58 AM Regression #12048 (Confirmed): Error during XMLRPC synchronization due to changes in ``pear-HTTP_Request2``: At first I couldn't reproduce it, but now I can every time. Not sure what changed. It didn't show up in the logs or n... Jim Pingle
07:20 AM Regression #12048 (Rejected): Error during XMLRPC synchronization due to changes in ``pear-HTTP_Request2``: I cannot replicate the problem as stated and nothing changed between the previous builds which would have impacted XM... Jim Pingle
03:08 AM Regression #12048 (Closed): Error during XMLRPC synchronization due to changes in ``pear-HTTP_Request2``: I've just update the test PfSense cluster to release
2.5.2.r.20210615.1851
On the immediately preceding release ... Luca De Andreis
09:11 AM Regression #12037 (Closed): Built-in SNMP daemon does not return values for BEGEMOT-PF-MIB::pfLabels on latest build: SNMP daemon is returning correct responses now Jim Pingle
09:10 AM Regression #12040 (Feedback): Scheduled firewall rules failing to load: Applied in changeset commit:2afcd4527d4b245c7968bf7ac6b6c505259fe6c9. Jim Pingle
09:00 AM Regression #12040 (In Progress): Scheduled firewall rules failing to load: The scheduled rules are loading, but commit:765277ba6d873847c6c5b5657877e9fb0cec4357 needs another fix to correct the... Jim Pingle
09:07 AM Regression #12045 (Resolved): High CPU usage and slowness with ``pfctl -ss``: The latest build includes the fixes for this and it's working properly now. Dumping the states is fast no matter how ... Jim Pingle
07:57 AM Bug #12034: Certificate Manager performs redundant escaping of special characters in certificate DN fields: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/286 Viktor Gurov
07:17 AM Bug #12034: Certificate Manager performs redundant escaping of special characters in certificate DN fields: it looks like `cert_escape_x509_chars()` is not needed - `openssl_csr_new()` automatically adds double quotes in case... Viktor Gurov

06/15/2021

06:38 PM pfSense Plus Bug #11942: Disconnecting WAN Interface Kills OpenVPN Servers on Other Interfaces: I lied about the static. Still no dice. Web Dawg
06:37 PM pfSense Plus Bug #11942: Disconnecting WAN Interface Kills OpenVPN Servers on Other Interfaces: UDP ipv4
It seems to work better if their is a static assigned to WAN, but not scientific test. Will test here so... Web Dawg
05:21 PM Regression #12045 (Feedback): High CPU usage and slowness with ``pfctl -ss``: I've cherry-picked commits from upstream/main to pfsense/RELENG_2_5_2 that should help this case:
b5d787d93b3d83f2... Renato Botelho
01:55 PM Regression #12045 (Resolved): High CPU usage and slowness with ``pfctl -ss``: Some users have found that @pfctl -ss@ is taking consuming large amounts of CPU and taking much longer than it should... Jim Pingle
05:20 PM Todo #12047 (Closed): Make sure libnv fixes are on devel-12 branch: Following commits were cherry-picked directly from upstream/main to pfsense/RELENG_2_5_2 in order to fix #12045.
b... Renato Botelho
04:53 PM Bug #12034: Certificate Manager performs redundant escaping of special characters in certificate DN fields: Here's some more details when examining certificates generated from different sources:
# Cert from third-party app... Marcos M
02:49 PM pfSense Docs Todo #12046 (Rejected): Feedback on Troubleshooting — Troubleshooting Duplicate IPsec SA Entries: That's expected at the moment, but already being worked on.
I'm in the process of updating the other documentation... Jim Pingle
02:43 PM pfSense Docs Todo #12046 (Rejected): Feedback on Troubleshooting — Troubleshooting Duplicate IPsec SA Entries: The confusion is around how to "disable". The way to disable seems to be conflicting?
*Page:* https://docs.netgate... Brendon Baumgartner
01:52 PM Revision 474b0fed: Start IPv6 tunnel interfaces on boot and restart on dynamic IPv6 change. Fixes #6507: Viktor Gurov
01:48 PM Revision 015a4824: Easyrule IPv6 fix. Issue #11439: Viktor Gurov
01:00 PM Revision 27a8acbb: Use 'tos' rather than 'dscp' keyword for pf DSCP matching: The 'dscp' keyword is pfSense-specific, but doesn't do anything more
than the FreeBSD 'tos' keyword.
Using 'tos' will... Kristof Provost
12:59 PM Revision 0b817201: Tell pf to keep counter values: Pf can attempt to preserve (rule) counter values across rule updates.
We've reverted our home-grown implementation an... Kristof Provost
12:59 PM Revision 765277ba: schedule: Use the new multi-label support: We've removed the pfsense specific 'schedule' keyword, and now use the new
multi-label support. That is, schedules ar... Kristof Provost
11:04 AM Bug #12041 (Pull Request Review): Certificate Manager shows incorrect DN for imported entries with UTF-8 encoding: Jim Pingle
10:52 AM Bug #12041: Certificate Manager shows incorrect DN for imported entries with UTF-8 encoding: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/285 Viktor Gurov
09:28 AM Bug #12041 (Resolved): Certificate Manager shows incorrect DN for imported entries with UTF-8 encoding: If you import a certificate containing UTF8 encoding into certificate manager,
it shows escaped unicode characters i... Viktor Gurov
10:56 AM Todo #12044 (Resolved): Improve IPsec identifier settings: We expose several IPsec identifier types in the GUI. strongSwan supports a few more, plus an automatic type. Addition... Jim Pingle
09:37 AM pfSense Packages Feature #12042 (Resolved): Add Zabbix 5.4 agent and proxy packages: New release from Zabbix, please add this new version : https://www.zabbix.com/rn/rn5.4.0 Nox Inmortus
09:21 AM pfSense Packages Bug #11605: Suricata can trigger PHP crash on SG-3100: Justin P wrote:
> Bill Meeks wrote:
> > Jim Pingle wrote:
> > > Bill Meeks wrote:
> > > > Does this function call... Justin P
09:20 AM Bug #6507: GRE and GIF tunnels on dynamic IPv6 interface are not brought up during boot: Applied in changeset commit:474b0fed67a9e2682526a230d410a4339ec7972d. Viktor Gurov
09:10 AM Bug #6507 (Feedback): GRE and GIF tunnels on dynamic IPv6 interface are not brought up during boot: PR has been merged. Thanks! Renato Botelho
08:49 AM Feature #11439 (Feedback): IPv6 support in ``easyrule`` CLI script: PR has been merged. Thanks! Renato Botelho
08:06 AM Regression #12040 (Feedback): Scheduled firewall rules failing to load: There were some commits for the latest pf changes which were not included in the last 2.5.2 build, but will be in the... Jim Pingle
08:03 AM Regression #12040 (Resolved): Scheduled firewall rules failing to load: In 2.5.2-RC firewall rules with a schedule fail to load generating an error.
Tested using this config:... Steve Wheeler
07:27 AM Regression #12037 (Feedback): Built-in SNMP daemon does not return values for BEGEMOT-PF-MIB::pfLabels on latest build: Merged into devel-12 and cherry-picked to RELENG_2_5_2. Kristof Provost
07:14 AM Regression #12037 (Pull Request Review): Built-in SNMP daemon does not return values for BEGEMOT-PF-MIB::pfLabels on latest build: Jim Pingle
07:06 AM Regression #12037 (Waiting on Merge): Built-in SNMP daemon does not return values for BEGEMOT-PF-MIB::pfLabels on latest build: This was the result of an incorrect conversion to libpfctl (a DIOICGETRULE ioctl call was replaced by pfctl_add_rule(... Kristof Provost
07:18 AM Bug #12038 (Pull Request Review): System attempts to start inactive services at boot: Jim Pingle
04:56 AM Bug #12038: System attempts to start inactive services at boot: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/284 Viktor Gurov
03:43 AM Bug #12038 (Resolved): System attempts to start inactive services at boot: ... Viktor Gurov
04:04 AM Bug #12039 (Resolved): Gateway alarm always triggers IPsec restart: There are several issues:
1) '/etc/rc.gateway_alarm' trigger '/etc/rc.newipsecdns' which generate an invalid log m... Viktor Gurov

06/14/2021

08:08 PM Revision 3f39bbaf: Promote 2.5.2 to RC: Renato Botelho
08:06 PM Revision 26f8169b: Promote 2.5.2 to RC: (cherry picked from commit eb1305d0736a1d71d1615ca6b19e3f4a917317a0) Renato Botelho
08:06 PM Revision eb1305d0: Promote 2.5.2 to RC: Renato Botelho
07:14 PM Revision de248d0f: Do not show OpenVPN TUN interfaces on VLAN/QinQ edit pages. Fixes #11675: Viktor Gurov
07:13 PM Revision 3f0e9812: Configure OpenVPN-parent QinQ interfaces on boot. Fixes #11662: Viktor Gurov
06:34 PM Revision 23922057: Remove duplicate comconsole_port from loader.conf. Fixes #11653: Viktor Gurov
06:16 PM Revision 789f8b22: Allow to enter /32 netmask and non-local gateway in the console menu. Issue #11581: Viktor Gurov
06:10 PM Revision a17e9816: link_interface_to_tunnelif(): Make it consistent: Change link_interface_to_tunnelif() to always return an array and
simplify logic used when it's used removing unneede... Renato Botelho
06:09 PM Revision 77e3e15a: Do not unset variables that will be set on next line: Renato Botelho
03:29 PM Regression #12037 (Closed): Built-in SNMP daemon does not return values for BEGEMOT-PF-MIB::pfLabels on latest build: On the current RC builds of 2.5.2 with the new pf code, the bsnmp daemon no longer returns rule label data from the p... Jim Pingle
02:20 PM Bug #11675: VLAN and QinQ edit pages allows selecting incompatible OpenVPN ``tun`` interfaces: Applied in changeset commit:de248d0f6de7bcbca65aa94a37ac2a855b302580. Viktor Gurov
02:15 PM Bug #11675 (Feedback): VLAN and QinQ edit pages allows selecting incompatible OpenVPN ``tun`` interfaces: PR has been merged. Thanks! Renato Botelho
02:20 PM Bug #11662: QinQ using OpenVPN ``ovpn`` interface as a parent is not configured at boot time: Applied in changeset commit:3f0e9812fea8672c2842d5f3f7a103518965af7f. Viktor Gurov
02:13 PM Bug #11662 (Feedback): QinQ using OpenVPN ``ovpn`` interface as a parent is not configured at boot time: PR has been merged. Thanks! Renato Botelho
01:40 PM Bug #11653: Duplicate ``comconsole_port`` lines in ``/boot/loader.conf``: Applied in changeset commit:23922057504c253f1ddd0b6269e7ce85e94ac61e. Viktor Gurov
01:35 PM Bug #11653 (Feedback): Duplicate ``comconsole_port`` lines in ``/boot/loader.conf``: PR has been merged. Thanks! Renato Botelho
01:31 PM Bug #11581 (Feedback): Cannot configure WAN IP address with ``/32`` CIDR mask via console menu: PR has been merged. Thanks! Renato Botelho
01:17 PM pfSense Packages Bug #12036 (Pull Request Review): Certificate Manager page do not show Zabbix used certificates: Jim Pingle
11:39 AM pfSense Packages Bug #12036: Certificate Manager page do not show Zabbix used certificates: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/94 Viktor Gurov
06:03 AM pfSense Packages Bug #12036 (Resolved): Certificate Manager page do not show Zabbix used certificates: On the system_certmanager.php page, you can see the "In Use" column which reflects the certificates used by IPsec / O... Viktor Gurov
11:48 AM Bug #12034: Certificate Manager performs redundant escaping of special characters in certificate DN fields: Interesting. Looks like the output varies by platform or OpenSSL version. Where I initially checked that was on an ol... Jim Pingle
11:33 AM Bug #12034: Certificate Manager performs redundant escaping of special characters in certificate DN fields: Jim Pingle wrote:
> I can't reproduce this here. The code is already doing the escaping so the user doesn't need to ... Viktor Gurov
07:41 AM Bug #12034 (Feedback): Certificate Manager performs redundant escaping of special characters in certificate DN fields: I can't reproduce this here. The code is already doing the escaping so the user doesn't need to worry about it. If I ... Jim Pingle
05:03 AM Bug #12034: Certificate Manager performs redundant escaping of special characters in certificate DN fields: according to https://datatracker.ietf.org/doc/html/rfc4514 "," (comma) must be escaped:... Viktor Gurov
04:53 AM Bug #12034 (Resolved): Certificate Manager performs redundant escaping of special characters in certificate DN fields: We are facing issue while generating Cert/CSR form Cert. Manager whenever there is comma (,) in Organization same.
T... Viktor Gurov
09:30 AM Regression #12021: NoIP.com incorrectly encodes Dynamic DNS update credentials: Marcos Mendoza wrote:
> Maybe the username:password syntax can be avoided altogether and instead the @Authorization@... Viktor Gurov
07:45 AM Regression #12028: SNMP daemon issues with pf nvlist changes: I no longer get the original error on startup, and I am able to see data from the PF MIB:... Jim Pingle
06:01 AM Regression #12028 (Resolved): SNMP daemon issues with pf nvlist changes: libpfctl is now linked to libnv... Renato Botelho
07:44 AM pfSense Docs Correction #12032 (Closed): TP-LINK M7350 modem works as an ethernet devices: PR Merged. Jim Pingle
05:38 AM pfSense Docs Correction #12032: TP-LINK M7350 modem works as an ethernet devices: https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/18 Viktor Gurov
07:38 AM Bug #9277: MBT-4220/2220: pfSense hangs when running sysctl -a: No. Those OIDs don't exist to be read if the i915 module is not loaded:... Steve Wheeler
07:33 AM Bug #9277: MBT-4220/2220: pfSense hangs when running sysctl -a: Does it still crash if you don't load the i915 module? Jim Pingle
07:35 AM Bug #12023 (Pull Request Review): Mobile IPsec NAT/BINAT entries missing from firewall rules: Jim Pingle
04:01 AM Bug #12023: Mobile IPsec NAT/BINAT entries missing from firewall rules: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/283 Viktor Gurov
07:30 AM pfSense Packages Bug #12027 (Closed): FreeRADIUS 3.0.22 removed LEAP, package fails to start: Works now Jim Pingle
06:02 AM Regression #12017 (Resolved): FreeBSD-SA-21:12.libradius breaks mpd5 when using MS-CHAPv2: Renato Botelho
05:32 AM Feature #12035 (Resolved): Input validation to prevent unsupported UTF-8 characters from being used in certificate subject components: If you try to use any UTF8 characters in State or Province/City/Organization/Organizational Unit fields, an error occ... Viktor Gurov
02:17 AM pfSense Packages Bug #12033 (New): maxmindb and _sqlite3 modules not found: https://forum.netgate.com/topic/164305/py_error-log-errors-maxmindb-and-_sqlite3-modules-not-found
I am using pfbl... Viktor Gurov

06/13/2021

02:54 PM Regression #12021: NoIP.com incorrectly encodes Dynamic DNS update credentials: Maybe the username:password syntax can be avoided altogether and instead the @Authorization@ header can be used as sp... Marcos M
11:59 AM pfSense Packages Bug #11459: pfBlockerNG doesn't include WireGuard interface in outbound floating rules: Tested on the latest RC release.
pfBlockerNG-devel 3.0.0_16
After enabling a Wireguard tunnel the interface stil... Danilo Zrenjanin
09:56 AM Regression #11910: IPsec status tunnel descriptions are incorrect: I saw this behaviour when adding a VTI phase 2 to a system which already had a mobile IPSec tunnel defined.
Both con... Steve Wheeler
06:47 AM Bug #9277: MBT-4220/2220: pfSense hangs when running sysctl -a: There appear to be two specific sysctls that cause the system to stop responding:... Steve Wheeler
05:48 AM pfSense Docs Correction #12032 (Closed): TP-LINK M7350 modem works as an ethernet devices: In the docs page entitled "Known Working 3G-4G Modems":https://docs.netgate.com/pfsense/en/latest/cellular/hardware.h... abel callejo

06/12/2021

08:17 PM pfSense Packages Bug #12031 (Resolved): Wireguard Package Produces Crash in 2.5.2: The Wireguard package produces a crash report in the dashboard in 2.5.2 after install. Here is the data:
Crash re... Kris Phillips
07:13 PM Bug #9277: MBT-4220/2220: pfSense hangs when running sysctl -a: This was difficult to pin-down because it only stops responding if the HDMI console is not connected at the time the ... Steve Wheeler
05:54 PM Revision 20a9b988: This appears to be causing unintended fallout. Reverting for now.: Revert "Delete static routes on gateway down. Fixes #11296"
This reverts commit 3fca57f8fae3733845c90338943c418bb77e... Jim Pingle
05:54 PM Revision 25b839d4: This appears to be causing unintended fallout. Reverting for now.: Revert "Delete static routes on gateway down. Fixes #11296"
This reverts commit 3fca57f8fae3733845c90338943c418bb77e... Jim Pingle
05:54 PM pfSense Packages Bug #12030 (Resolved): Startup Errors for Avahi Package: The avahi package is complaining about NSS support being missing and dependency errors on startup in 2.5.2.
WARN... Kris Phillips
03:16 PM pfSense Packages Feature #10858 (Resolved): OpenVPN Client silent install: Tested OpenVPN Client Export 1.6_1 in 2.5.2.r.20210611.0300 and the silent installer option is getting saved as defau... Max Leighton
01:57 PM Bug #12022: Incorrect OpenVPN Client Export help link: 2.6.0.a.20210612.0100 Client Export help is still pointing to https://docs.netgate.com/pfsense/en/latest/vpn/openvp... Alhusein Zawi
01:13 PM Bug #11296 (New): Static route targets may still reachable via default route when the gateway they should route through is down: Jim Pingle
01:00 PM Bug #11296 (Feedback): Static route targets may still reachable via default route when the gateway they should route through is down: Applied in changeset commit:25b839d4990bd5e3f55b2eccbdea74d1d2b92d5d. Jim Pingle
12:56 PM Bug #11296 (New): Static route targets may still reachable via default route when the gateway they should route through is down: Per Jim T, reverted this from 2.6.0 and 2.5.2. It appears to be causing some unintended side effects.
Can revisit ... Jim Pingle
08:37 AM pfSense Packages Bug #11605: Suricata can trigger PHP crash on SG-3100: Bill Meeks wrote:
> Jim Pingle wrote:
> > Bill Meeks wrote:
> > > Does this function call work without restarting ... Justin P
06:39 AM Regression #12028 (Feedback): SNMP daemon issues with pf nvlist changes: Look to be fixed by Luiz's a8c3d8e344a7d7e015b78fa4935fcdbd4aec97df.
We were missing the libnv dependency in the l... Kristof Provost

06/11/2021

07:07 PM pfSense Packages Bug #11950: Wireguard Package Errors and DNS problem: No more DNS issue at boot after using MSS Clamp so disregard the DNS portion of this ticket RED SKULL
04:19 PM Feature #12029 (Duplicate): Please add MAC OUI lookup results (e.g. DHCP Leases table) to the ARP table: It's already in the code, but had a bug recently: #11819 Jim Pingle
04:06 PM Feature #12029 (Duplicate): Please add MAC OUI lookup results (e.g. DHCP Leases table) to the ARP table: In the DHCP Leases table, we see the assigned manufacturer displayed beside each MAC address.
This would be extremel... Adam Thompson
03:53 PM Revision 9569d863: OpenVPN Wizard: Set inactive_seconds = 300 by default.: Follow up with fix for ticket #11699 and also enable it on server
tunnels created using wizard Viktor Gurov
03:52 PM Revision 4aab19d4: Remove urlencode() for NoIP.com DDNS credentials. Fixes #12021.: Viktor Gurov
12:36 PM Bug #12003: Pie and ``fq_pie`` are missing options and do not handle floating point number input correctly: Patch version 3.
Added the ability to set the AQM & Scheduler parameters to zero.
Before php would interpet a zer... Anonymous
12:01 PM Regression #12017 (Feedback): FreeBSD-SA-21:12.libradius breaks mpd5 when using MS-CHAPv2: Renato Botelho
12:01 PM Regression #12017: FreeBSD-SA-21:12.libradius breaks mpd5 when using MS-CHAPv2: Jim Pingle wrote:
> I do see the initial broken commit (@83280d17fccff2db7d79c7f38e80ec29078ef35e@) in 2.5.2 as well... Renato Botelho
10:36 AM Regression #12017: FreeBSD-SA-21:12.libradius breaks mpd5 when using MS-CHAPv2: I do see the initial broken commit (@83280d17fccff2db7d79c7f38e80ec29078ef35e@) in 2.5.2 as well, so we need to bring... Jim Pingle
10:18 AM Regression #12017: FreeBSD-SA-21:12.libradius breaks mpd5 when using MS-CHAPv2: After several attempts I confirm that the bug is on libradius.so.4
I've replaced the library with the patched versio... Michele Rento
11:28 AM Regression #12028 (Resolved): SNMP daemon issues with pf nvlist changes: On @2.5.2.r.20210611.0300@ and @2.6.0.a.20210611.0100@, the built-in SNMP (bsnmp) logs the following at startup:
<... Jim Pingle
11:00 AM pfSense Packages Bug #12027 (Feedback): FreeRADIUS 3.0.22 removed LEAP, package fails to start: Fix pushed as pkg version 0.15.7_31 Jim Pingle
10:59 AM pfSense Packages Bug #12027 (Closed): FreeRADIUS 3.0.22 removed LEAP, package fails to start: Systems which pick up FreeRADIUS 3.0.22 (e.g. 2.5.2, 2.6.0 after latest ports merge) won't start because the package ... Jim Pingle
11:00 AM Regression #12021: NoIP.com incorrectly encodes Dynamic DNS update credentials: Applied in changeset commit:4aab19d4ade5d164c22bd63b2833d54bab740d59. Viktor Gurov
10:53 AM Regression #12021 (Feedback): NoIP.com incorrectly encodes Dynamic DNS update credentials: PR has been merged. Thanks! Renato Botelho
10:51 AM Bug #12022 (Feedback): Incorrect OpenVPN Client Export help link: Merged Renato Botelho
12:17 AM Bug #12022: Incorrect OpenVPN Client Export help link: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/282 Viktor Gurov
10:05 AM Todo #12025: Add 1:1 Validation to Notify Someone They are 1:1 NAT'ing an Interface Address: We used to prevent that in the past and had numerous complaints. There are many ways someone can shoot themselves in ... Jim Pingle
09:57 AM Regression #12024 (Closed): State table data in GUI does not show the expected interface after latest pf merge: This looks good on @2.5.2.r.20210611.0300@ and @2.6.0.a.20210611.0100@, both with @php74-pfSense-module-0.71@
* St... Jim Pingle
05:17 AM Revision fda3e52d: OpenVPN Client Export help link fix. Issue #12022: Viktor Gurov
05:06 AM Regression #11910: IPsec status tunnel descriptions are incorrect: I can replicate the active tunnel count being incorrect, as well as incorrect status, by using P1s with the option "G... Marcos M
12:43 AM Bug #12026: Applying IPsec settings for many tunnels is slow or times out: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/279 Viktor Gurov
12:42 AM Bug #12026 (Resolved): Applying IPsec settings for many tunnels is slow or times out: This is an additional optimization for #11795:
1. `ipsec_get_phase1_src()` - always executes `get_interface_ip/ipv... Viktor Gurov

06/10/2021

09:43 PM Bug #11934: IPSEC stops working on 2.5.1 running on Watchguard XTM 5: Tried altering and saving then applying but no IPSEC status, still unable to stop or start service... Paul Kennedy
08:29 PM Revision e2bb3424: Revise firewall schedule delete for MVC: Steve Beaver
05:34 PM Todo #12025 (New): Add 1:1 Validation to Notify Someone They are 1:1 NAT'ing an Interface Address: Although it is VERY rarely necessary, we should add a banner to the top of the 1:1 NAT page notifying end users that ... Kris Phillips
04:54 PM Revision 99b3a5cb: Change pkg install variable references. Fixes #11290: * For whatever reason, PHP was failing to copy certain values into
$pkg_data which was a reference to the pkg configu... Jim Pingle
03:04 PM Bug #12023: Mobile IPsec NAT/BINAT entries missing from firewall rules: Documenting a possible workaround:
If you have the following Mobile IPsec configuration:
Mobile Virtual Address... Chris Linstruth
11:25 AM Bug #12023: Mobile IPsec NAT/BINAT entries missing from firewall rules: Noting here what I mentioned on Slack:
* This is likely due to the fact that the "remote" network on mobile P2s is... Jim Pingle
11:18 AM Bug #12023 (Resolved): Mobile IPsec NAT/BINAT entries missing from firewall rules: Adding a NAT or BINAT to a mobile IPsec configuration does not work.
The nat rules are not added to the pf configu... Chris Linstruth
02:42 PM Revision 42c0b296: Fix state table content sorting. Fixes #11852: (cherry picked from commit 5d48880b48039967f3b2b5acfb1432ee30953140) Jim Pingle
02:26 PM Revision 5d48880b: Fix state table content sorting. Fixes #11852: Jim Pingle
01:25 PM Revision 02a923c1: Add devel/git back to list of packages: (cherry picked from commit 9713b8ee2a61b3e68ccae0c898adff69ed111948) Renato Botelho
01:11 PM Bug #11852: State table content on ``diag_dump_states.php`` does not sort properly: Typo Jim Pingle
12:54 PM Bug #11852: State table content on ``diag_dump_states.php`` does not sort properly: Updating subject for release notes. Jim Pingle
12:29 PM Bug #11852 (Resolved): State table content on ``diag_dump_states.php`` does not sort properly: Confirmed fix Renato Botelho
09:44 AM Bug #11852: State table content on ``diag_dump_states.php`` does not sort properly: Picked back to RELENG_2_5_2 as well. Jim Pingle
09:35 AM Bug #11852 (Feedback): State table content on ``diag_dump_states.php`` does not sort properly: Applied in changeset commit:5d48880b48039967f3b2b5acfb1432ee30953140. Jim Pingle
09:29 AM Bug #11852: State table content on ``diag_dump_states.php`` does not sort properly: Simple fix, commit pending. Jim Pingle
12:55 PM Regression #12005: ``Recover config.xml`` installer option does not work after default ZFS pool name change: Excluding from release notes since it was a regression which happened after the last release. Jim Pingle
09:41 AM Regression #12005 (Closed): ``Recover config.xml`` installer option does not work after default ZFS pool name change: I've tried this a few times now with RC iso installs and it works fine with the new pool name and old pool name for m... Jim Pingle
12:35 PM Regression #12024 (In Progress): State table data in GUI does not show the expected interface after latest pf merge: Jim Pingle
12:35 PM Regression #12024 (Closed): State table data in GUI does not show the expected interface after latest pf merge: Adding for tracking purposes, it's a known issue but I don't see it in Redmine.
After the latest pf merge, the int... Jim Pingle
12:27 PM Todo #11684 (Resolved): Set ``explicit-exit-notify`` option by default for new OpenVPN server instances: Confirmed fix on wizard Renato Botelho
12:05 PM Bug #11290 (Feedback): Package ``<plugins>`` and ``<tabs>`` content missing from configuration in some cases: Applied in changeset commit:99b3a5cb0ef4586222a331045df3cee17bb25d31. Jim Pingle
12:02 PM Bug #11290: Package ``<plugins>`` and ``<tabs>`` content missing from configuration in some cases: For whatever reason, PHP was failing to copy certain values into @$pkg_data@ which was a reference to the pkg configu... Jim Pingle
09:56 AM Bug #11290 (New): Package ``<plugins>`` and ``<tabs>`` content missing from configuration in some cases: There is still a bug here somewhere. Installing FRR on a complete fresh installation still doesn't get the proper @<p... Jim Pingle
11:01 AM Bug #11453: ``wpa_supplicant`` uses 100% of a CPU core at boot: Renato Botelho wrote:
> Hayden Hill wrote:
> > rom racer wrote:
> > > I don't know what interfaces.inc is but if y... Hayden Hill
06:17 AM Bug #11453: ``wpa_supplicant`` uses 100% of a CPU core at boot: Hayden Hill wrote:
> rom racer wrote:
> > I don't know what interfaces.inc is but if you read the original descript... Renato Botelho
10:17 AM Regression #11981 (Closed): Duplicating Outbound NAT rule does not carry over contents of the source rule: Works with the latest RELENG_2_5_2 code in place. Jim Pingle
10:16 AM Bug #11946 (Closed): Custom value for AutoConfigBackup schedule Hours is not shown when loading the settings page: Works with the latest RELENG_2_5_2 code in place. Jim Pingle
10:12 AM Bug #11967 (Closed): Mobile IPsec advanced RADIUS parameters do not allow numeric values with a decimal point: Works on 2.5.2 RC image 2.5.2.r.20210609.0300 -- the *Retransmit Base* and *Retransmit Timeout* fields allowed values... Jim Pingle
10:04 AM Regression #11994 (Closed): Firewall rule usage counters showing 0/0 after latest pf merge: All good now on 2.5.2 and 2.6.0 Jim Pingle
09:57 AM Bug #12022 (Resolved): Incorrect OpenVPN Client Export help link: The help icon on the vpn_openvpn_export.php page points to
https://docs.netgate.com/pfsense/en/latest/vpn/openvpn/i... Viktor Gurov
07:36 AM Regression #11805 (Resolved): Port forward rules only function through the default gateway interface, ``reply-to`` does not work for Multi-WAN (CE Only): Bouke Henstra wrote:
> Jim Pingle wrote:
> > Adam Kuklycz wrote:
> > > Question, does this affect virtual IP's tha... Renato Botelho
07:33 AM Regression #11982 (Resolved): Outbound NAT does not create automatic equivalent rules when switching from Automatic to Manual mode: Confirmed fix. It will reach 21.09 on next round of merges. Renato Botelho
07:24 AM Regression #12021 (Pull Request Review): NoIP.com incorrectly encodes Dynamic DNS update credentials: Jim Pingle
05:07 AM Regression #12021: NoIP.com incorrectly encodes Dynamic DNS update credentials: fix:
https://redmine.pfsense.org/issues/12021 Viktor Gurov
05:04 AM Regression #12021 (Resolved): NoIP.com incorrectly encodes Dynamic DNS update credentials: There is no need to `urlencode` user credentials (CURLOPT_USERPWD already encode them):... Viktor Gurov
07:21 AM Bug #12020 (Pull Request Review): OpenVPN RADIUS-based firewall rules use incorrect port ranges: Jim Pingle
03:47 AM Bug #12020: OpenVPN RADIUS-based firewall rules use incorrect port ranges: https://github.com/pfsense/pfsense/pull/4522 Viktor Gurov
03:47 AM Bug #12020 (Resolved): OpenVPN RADIUS-based firewall rules use incorrect port ranges: Previous operator ( `><` ) prevented inserting port range with min/max port.
Ex.... Viktor Gurov
04:23 AM pfSense Packages Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port: I had the same problem.
To replicate I connect a client, then kill the openvpn.exe process.
On the pfsense the user... Marco Conca
04:17 AM Bug #11699: OpenVPN does not clean up parsed ``Cisco-AVPair`` rules on non-graceful disconnect: This is not enabled for new servers created by the Remote Access Wizard.
fix:
https://gitlab.netgate.com/pfSense/... Viktor Gurov
04:07 AM Regression #11795: Applying IPsec settings for more than ~30 tunnels times out PHP: extra improvements:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/279 Viktor Gurov

06/09/2021

08:57 PM Revision 3032e3b7: OpenVPN Wizard: Enable exit_notify by default: Follow up with fix for ticket #11684 and also enable it on server
tunnels created using wizard
(cherry picked from c... Renato Botelho
07:23 PM Revision e6389f63: OpenVPN Wizard: Enable exit_notify by default: Follow up with fix for ticket #11684 and also enable it on server
tunnels created using wizard Renato Botelho
04:48 PM Bug #12003: Pie and ``fq_pie`` are missing options and do not handle floating point number input correctly: Patch version 2.
Fixed a spelling problem with the derand setting. Anonymous
03:58 PM Todo #11684: Set ``explicit-exit-notify`` option by default for new OpenVPN server instances: Chris Linstruth wrote:
> This is _not_ enabled for new servers created by the Remote Access Wizard.
>
> Reconnect... Renato Botelho
12:19 PM Todo #11684: Set ``explicit-exit-notify`` option by default for new OpenVPN server instances: This is _not_ enabled for new servers created by the Remote Access Wizard.
Reconnect to this server / Retry once i... Chris Linstruth
02:34 PM Revision 609a2127: Simplify logic: no functional changes: (cherry picked from commit a314c6c846406115c426ed20b102daf6e206b420) Renato Botelho
02:34 PM Revision 372453f5: Outbound NAT: Fix rule duplication - #11981: - firewall_nat_out.inc: Declare $after as a global variable otherwise
duplicate rule will always end up at the bott... Renato Botelho
02:22 PM Revision a314c6c8: Simplify logic: no functional changes: Renato Botelho
02:15 PM Revision 9fedbb13: Outbound NAT: Fix rule duplication - #11981: - firewall_nat_out.inc: Declare $after as a global variable otherwise
duplicate rule will always end up at the bott... Renato Botelho
01:45 PM Bug #11453: ``wpa_supplicant`` uses 100% of a CPU core at boot: rom racer wrote:
> I don't know what interfaces.inc is but if you read the original description of this bug, this wa... Hayden Hill
01:25 PM Bug #11453: ``wpa_supplicant`` uses 100% of a CPU core at boot: I don't know what interfaces.inc is but if you read the original description of this bug, this was encountered in an ... rom racer
12:49 PM Bug #11453: ``wpa_supplicant`` uses 100% of a CPU core at boot: rom racer wrote:
> @Renato please re-open this bug.
>
> There's two versions of wpa_supplicant included in pfSesn... Renato Botelho
12:44 PM Bug #11453: ``wpa_supplicant`` uses 100% of a CPU core at boot: rom racer wrote:
> @Renato please re-open this bug.
>
> There's two versions of wpa_supplicant included in pfSesn... Renato Botelho
08:23 AM Bug #11453: ``wpa_supplicant`` uses 100% of a CPU core at boot: @Renato please re-open this bug.
There's two versions of wpa_supplicant included in pfSesnse. Both the version in... rom racer
07:49 AM Bug #11453 (Resolved): ``wpa_supplicant`` uses 100% of a CPU core at boot: This fix was committed on ports on wpa_supplicant version 2.9_3. We are now using 2.9_10. Renato Botelho
01:32 PM Revision bf1f1428: AutoConfigBackup schedule custom hour value fix. Issue #11946: (cherry picked from commit 806d5c497497476e92568e168c302275e576e25c) Viktor Gurov
12:46 PM Regression #12017: FreeBSD-SA-21:12.libradius breaks mpd5 when using MS-CHAPv2: I am unable to reproduce this on 2.6.0.a.20210609.0100 or 2.5.2.r.20210609.0300
In either case, the authentication... Jim Pingle
02:18 AM Regression #12017 (Resolved): FreeBSD-SA-21:12.libradius breaks mpd5 when using MS-CHAPv2: [[https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=256283]] Bug 256283
l2tp authentication using radius is broken a... Michele Rento
10:15 AM Regression #11805: Port forward rules only function through the default gateway interface, ``reply-to`` does not work for Multi-WAN (CE Only): Jim Pingle wrote:
> Adam Kuklycz wrote:
> > Question, does this affect virtual IP's that are setup on the same inte... Bouke Henstra
10:09 AM pfSense Docs Todo #12018 (Pull Request Review): Feedback on Firewall — Configuring firewall rules: Jim Pingle
03:14 AM pfSense Docs Todo #12018: Feedback on Firewall — Configuring firewall rules: from https://www.freebsd.org/cgi/man.cgi?query=pf.conf&apropos=0&sektion=0&manpath=FreeBSD+13.0-RELEASE+and+Ports&arc... Viktor Gurov
03:04 AM pfSense Docs Todo #12018 (Closed): Feedback on Firewall — Configuring firewall rules: *Page:* https://docs.netgate.com/pfsense/en/latest/firewall/configure.html
*Feedback:*
There is no description ... Viktor Gurov
09:49 AM Regression #11981 (Feedback): Duplicating Outbound NAT rule does not carry over contents of the source rule: Fix pushed to 2.6.0 and 2.5.2 Renato Botelho
09:04 AM Regression #11981: Duplicating Outbound NAT rule does not carry over contents of the source rule: Renato Botelho wrote:
> It actually broke duplication and is now acting like rule is being edited instead of creatin... Renato Botelho
08:43 AM Regression #11981 (In Progress): Duplicating Outbound NAT rule does not carry over contents of the source rule: It actually broke duplication and is now acting like rule is being edited instead of creating a new one Renato Botelho
09:36 AM pfSense Docs Todo #12016 (Closed): Feedback on Cellular Wireless — Known Working 3G-4G Modems: Merged. I fixed the formatting (Should be @::@ not @:::@) but it was wrong on multiple entries so I fixed them all in... Jim Pingle
12:36 AM pfSense Docs Todo #12016: Feedback on Cellular Wireless — Known Working 3G-4G Modems: https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/16 Viktor Gurov
12:26 AM pfSense Docs Todo #12016 (Closed): Feedback on Cellular Wireless — Known Working 3G-4G Modems: *Page:* https://docs.netgate.com/pfsense/en/latest/cellular/hardware.html
*Feedback:*
Add Huawei E5573 to the... Viktor Gurov
08:36 AM Todo #11943 (Resolved): Add FRR package documentation links: Confirmed fix Renato Botelho
08:33 AM Bug #11946: Custom value for AutoConfigBackup schedule Hours is not shown when loading the settings page: Cherry-picked to 2.5.2-RC Renato Botelho
07:56 AM pfSense Packages Bug #11605: Suricata can trigger PHP crash on SG-3100: Jim Pingle wrote:
> Bill Meeks wrote:
> > Does this function call work without restarting PHP? I don't have hardwar... Bill Meeks
07:47 AM pfSense Packages Bug #12019 (Not a Bug): Right Axis always shows `None -`: That's not what it's indicating. You can graph two separate items, in the settings they are labeled to match (Left Ax... Jim Pingle
07:34 AM pfSense Packages Bug #12019 (Not a Bug): Right Axis always shows `None -`: It should show something like "Right Axis: Time" Viktor Gurov
07:45 AM Bug #11966 (Resolved): Incorrect RADVD log message on HA event: Confirmed fix Renato Botelho
07:42 AM Bug #3132: Gateway events for IPv6 affect IPv4 services and vice versa: see #11864#note-3 Viktor Gurov
07:41 AM Bug #11864: OpenVPN stays bound to previous IP address after interface changes: We have to create a function `restart_interface_services($interface, $ipproto)` to restart all interface and IPv4/IPv... Viktor Gurov

06/08/2021

10:10 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: I don't use either Snort or Suricata in operation but I do use pfBLockerNG-devel and the patch has solved the stabili... Loh Phat
09:15 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: Jim Pingle wrote:
> Each package maintainer would need to handle changes to their own code, should they choose to ta... Bill Meeks
09:28 AM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: Darin May wrote:
> How is the cat-herding addressed so that the work-around isn't duplicated across packages?
It ... Jim Pingle
09:24 AM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: How is the cat-herding addressed so that the work-around isn't duplicated across packages? I've noticed chit-chat in... Loh Phat
08:35 AM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: Darin May wrote:
> I'm not familiar with the criteria for bugs to be listed in the target fix list of open issues, b... Jim Pingle
02:24 AM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: Kris Phillips wrote:
> Tested in 21.09 Jun 5th build. This patch is present and no longer needs to be applied manual... Loh Phat
09:52 PM Bug #12015 (Not a Bug): When using VMware Fusion/Workstation NAT, with pfsense IPSEC, no routes are going thru the tunnel: No evidence that this is a bug and not a config/environment issue. Post on the forum to discuss it in more detail. Jim Pingle
07:53 PM Bug #12015 (Not a Bug): When using VMware Fusion/Workstation NAT, with pfsense IPSEC, no routes are going thru the tunnel: So I have a virtualized lab setup that has to connect to a corporate development lab. I have a layered setup where I ... Jeremy Cejka
09:51 PM pfSense Packages Bug #11605: Suricata can trigger PHP crash on SG-3100: Bill Meeks wrote:
> Does this function call work without restarting PHP? I don't have hardware at the moment to test... Jim Pingle
09:20 PM pfSense Packages Bug #11605: Suricata can trigger PHP crash on SG-3100: Jim Pingle wrote:
> The patch should fix the behavior, but the package could also implement the fix on its own using... Bill Meeks
02:52 PM Bug #12014 (Duplicate): Invalid arguments passed in services_dhcpv6_relay.php on line 116: This appears to be a duplicate of #11969 Jim Pingle
02:25 PM Bug #12014 (Duplicate): Invalid arguments passed in services_dhcpv6_relay.php on line 116: Just got this error while saving DHCPv6 relay settings on the 2.5.2-BETA.
pfSense asked me to upload the log. Dan W
09:23 AM Bug #12008 (Not a Bug): IPsec - mutual certificate - can't find priv key: The identifiers must match and be present in the certificate. As you see, it's not always exactly the same in each ca... Jim Pingle
05:27 AM Bug #12008: IPsec - mutual certificate - can't find priv key: it seems working setting my identifer as asn.1, but using as DN the output of the command:
ipsec listcerts
that o... Fabio V
12:42 AM Bug #12008 (Not a Bug): IPsec - mutual certificate - can't find priv key: IPsec with mutual certificate
Jun 8 07:35:28 charon 95058 16[IKE] <con400000|35> IKE_SA con400000[35] state chang... Fabio V
07:35 AM Bug #12013 (New): Reading log data is inefficient in certain cases: When reading log files, the functions are set to fetch a specific number of lines (e.g. 50, 250, 500) but to get thos... Jim Pingle
07:29 AM Bug #11934: IPSEC stops working on 2.5.1 running on Watchguard XTM 5: I cannot tell if the same issue but with 2.5.1 I am experiencing a similar problem with VPN and not with the watchgua... Denis Grilli
07:24 AM Todo #12012 (Resolved): Improve log settings help text for file size, compression, and retention count: The fields in log settings for file size and compression lack information that users need to make properly informed d... Jim Pingle
07:14 AM Feature #12011 (Closed): Disable log compression on new installations when ``/var/log`` is a ZFS dataset with compression enabled: The default setting for log compression is currently bzip2 for all cases, which isn't ideal for every case. If /var/l... Jim Pingle
06:40 AM Bug #12010 (Closed): System default gateway doesn't automatically switch from an inactive gateway if a specific gateway is selected: from https://forum.netgate.com/topic/161065/%D0%B2%D0%BE%D0%BF%D1%80%D0%BE%D1%81%D1%8B-%D0%BF%D0%BE-pfsense-2-5-plus/... Viktor Gurov
05:26 AM Regression #11982: Outbound NAT does not create automatic equivalent rules when switching from Automatic to Manual mode: Max Leighton wrote:
> Tested in 2.6 it is working.
>
> It doesn't seem to have made it to 21.09 current build b... Viktor Gurov
01:35 AM pfSense Packages Bug #12009 (New): Zabbix Agent starts twice by /etc/rc.start_packages: ... Viktor Gurov
12:46 AM Regression #11994 (Feedback): Firewall rule usage counters showing 0/0 after latest pf merge: Fixed in 2.6.0 and 2.5.2.
The tracker ID wasn't being saved rendering the counters useless. Luiz Souza

06/07/2021

03:30 PM Bug #12007 (Resolved): Dynamic DNS cache expiration time check calculation method may cause update to happen on the wrong day: Dynamic DNS update is executed if a) no update has been done for the provider yet, b) the IP address has changed afte... Jaakko Kantojärvi
03:09 PM Regression #12005 (Feedback): ``Recover config.xml`` installer option does not work after default ZFS pool name change: Renato Botelho
09:19 AM Regression #12005 (Closed): ``Recover config.xml`` installer option does not work after default ZFS pool name change: On current 2.5.2, 2.6.0, and 21.09 snapshots the default ZFS pool name changed from "zroot" to "pfSense" and there is... Jim Pingle
02:20 PM Revision 188e82ff: Update config recovery to use new zpool name. Issue #12005: (cherry picked from commit d440bb6ae65f6ddb8ae310683cdac9ce64b01487) Jim Pingle
02:20 PM Revision d440bb6a: Update config recovery to use new zpool name. Issue #12005: Jim Pingle
12:50 PM Bug #11967: Mobile IPsec advanced RADIUS parameters do not allow numeric values with a decimal point: Tested on:... Danilo Zrenjanin
09:46 AM Feature #9297 (Pull Request Review): Graph for hardware temperature readings: Jim Pingle
05:16 AM Feature #9297: Graph for hardware temperature readings: rrd update:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/278
Status Monitoring pkg update:
https:... Viktor Gurov
09:41 AM pfSense Packages Bug #11993 (Pull Request Review): PHP error after disabling HAProxy: Jim Pingle
04:01 AM pfSense Packages Bug #11993: PHP error after disabling HAProxy: fix:
https://github.com/pfsense/FreeBSD-ports/pull/1072 Viktor Gurov
09:40 AM Bug #12002 (Pull Request Review): Boot messages contain entries about configuring LAGG/VLAN/QinQ interfaces even when no entries of those types are configured: Jim Pingle
02:10 AM Bug #12002: Boot messages contain entries about configuring LAGG/VLAN/QinQ interfaces even when no entries of those types are configured: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/277 Viktor Gurov
01:46 AM Bug #12002 (Resolved): Boot messages contain entries about configuring LAGG/VLAN/QinQ interfaces even when no entries of those types are configured: ... Viktor Gurov
09:40 AM Bug #12006 (Duplicate): CARP IP sometimes doesn't apply to CARP member: I noticed this when a CARP member had no CARP status. I was told that this can happen if the VIP address isn't appli... Andrew Waranowski
09:37 AM Bug #12001 (Pull Request Review): System attempts to stop inactive services at shutdown: Jim Pingle
01:27 AM Bug #12001: System attempts to stop inactive services at shutdown: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/276 Viktor Gurov
01:09 AM Bug #12001 (Resolved): System attempts to stop inactive services at shutdown: /etc/rc.stop_packages tries to stop disabled services:... Viktor Gurov
09:34 AM Bug #12000 (Pull Request Review): Remote log server input validation allows invalid values: Jim Pingle
01:01 AM Bug #12000: Remote log server input validation allows invalid values: OS interprets numeric-only value as decimal IP address:... Viktor Gurov
08:14 AM pfSense Packages Bug #11551: SG-3100 with pfBlockerNG doesn't pass traffic: See also: #12004 Jim Pingle
07:34 AM pfSense Packages Bug #11551: SG-3100 with pfBlockerNG doesn't pass traffic: The patch should fix the behavior, but the package could also implement the fix on its own using @ini_set("pcre.jit",... Jim Pingle
08:14 AM pfSense Packages Bug #11605: Suricata can trigger PHP crash on SG-3100: See also: #12004 Jim Pingle
07:19 AM pfSense Packages Bug #11605: Suricata can trigger PHP crash on SG-3100: The patch should fix the behavior, but the package could also implement the fix on its own using @ini_set("pcre.jit",... Jim Pingle
08:14 AM pfSense Plus Todo #12004: Disable PCRE JIT to work around PHP PCRE crashes on multi-core 32-bit ARM systems: Packages and other scripts could use @ini_set("pcre.jit", "0");@ to disable PCRE JIT on systems without the patch to ... Jim Pingle
08:08 AM pfSense Plus Todo #12004 (Resolved): Disable PCRE JIT to work around PHP PCRE crashes on multi-core 32-bit ARM systems: Currently, PHP crashes on multi-core 32-bit ARM systems (SG-3100) with certain PCRE calls, as documented on #11466, #... Jim Pingle
08:12 AM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: I created #12004 for the temporary workaround via disabling PCRE JIT. This issue can remain open while we investigate... Jim Pingle
07:50 AM Bug #12003 (Resolved): Pie and ``fq_pie`` are missing options and do not handle floating point number input correctly: Example:
"alpha" => array("name" => "alpha", "type" => "number", "default" => get_single_sysctl("net.inet.ip.dummyne... Anonymous
07:41 AM Regression #11805: Port forward rules only function through the default gateway interface, ``reply-to`` does not work for Multi-WAN (CE Only): Adam Kuklycz wrote:
> Question, does this affect virtual IP's that are setup on the same interface as the default ga... Jim Pingle
07:33 AM Todo #11983: Hide "Reboot and run a filesystem check" for ZFS systems: Darin May wrote:
> I'm running 21.05 on an sg-3100 and I don't have the fsck option on my reboot menu; should I?
... Jim Pingle
06:59 AM Feature #8794: NTP authentication support: The ntp client auth is yet to be implemented. Steve Wheeler
12:20 AM pfSense Packages Bug #11711: New Squid Status Page Non-Functional: Kris Phillips wrote:
> Can someone provide the patch once this is merged so we can test?
See the attachment
Viktor Gurov
12:05 AM pfSense Packages Feature #11349 (Resolved): Allow to set minimum TLS version: Viktor Gurov

06/06/2021

11:24 PM pfSense Packages Bug #11551: SG-3100 with pfBlockerNG doesn't pass traffic: The patch contained at https://redmine.pfsense.org/issues/11466#note-32 has stopped the PHP crashes. So this bug coul... Loh Phat
11:10 PM Regression #11805: Port forward rules only function through the default gateway interface, ``reply-to`` does not work for Multi-WAN (CE Only): Question, does this affect virtual IP's that are setup on the same interface as the default gateway IP, or does the I... Adam Kuklycz
09:41 AM Bug #12000 (Resolved): Remote log server input validation allows invalid values: When configuring remote syslog servers in status_logs_settings.php each server is entered as IP[:port]. Port 514 is a... Steve Wheeler
08:07 AM pfSense Packages Bug #11605: Suricata can trigger PHP crash on SG-3100: Does the PHP temp workaround patch fix this one too?
https://redmine.pfsense.org/issues/11466#note-32
Loh Phat

06/05/2021

03:42 PM Bug #11999 (Resolved): OpenVPN IPv6 tunnel network is not validated properly: If you enter an IPv6 address without a subnet mask, the configuration will be accepted, but the OpenVPN service will ... Danilo Zrenjanin
03:41 PM Regression #11316: Unbound crashes with signal 11 when reloading: The DHCP service doesn't appear to be reliably updating the DNS server either. Tested on 21.09 Jun 5th build, I did ... Kris Phillips
03:27 PM pfSense Plus Feature #11772: Layer 2 Tunnel Bonding Capability: I understand your concern about the requirement for an "upstream device on a big pipe," however this is exactly the s... Clint Guillot
01:57 PM pfSense Plus Feature #11772: Layer 2 Tunnel Bonding Capability: Not certain how this would be possible. Fundamentally internet connectivity doesn't work this way. You would need ... Kris Phillips
03:20 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: Tested in 21.09 Jun 5th build. This patch is present and no longer needs to be applied manually in the development ch... Kris Phillips
03:13 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: Reporting that the patch in #32 solved my 21.02.2 --> 21.05 upgrade w/pfBLockerNG-devel causing the firewall service ... Loh Phat
01:37 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: Decided to go through some performance testing and stress testing. I loaded the CPU to maximum with iPerf3 traffic a... Kris Phillips
03:04 PM Todo #11983: Hide "Reboot and run a filesystem check" for ZFS systems: I'm running 21.05 on an sg-3100 and I don't have the fsck option on my reboot menu; should I? Loh Phat
03:01 PM Regression #11982: Outbound NAT does not create automatic equivalent rules when switching from Automatic to Manual mode: Verified problem exists on Jun 5th build of 21.09.
Build Info:
21.09-DEVELOPMENT (arm)
built on Sat Jun 05 01:... Kris Phillips
01:26 PM Regression #11982: Outbound NAT does not create automatic equivalent rules when switching from Automatic to Manual mode: Tested in 2.6 it is working.
It doesn't seem to have made it to 21.09 current build because when I test in
21... Max Leighton
02:07 PM pfSense Packages Feature #11349: Allow to set minimum TLS version: Minimum TLS version option are: 1.0/1.1/1.2
2.5.1-RELEASE (amd64)
built on Mon Apr 12 07:50:14 EDT 2021 Alhusein Zawi
01:49 PM pfSense Packages Bug #11711: New Squid Status Page Non-Functional: Can someone provide the patch once this is merged so we can test? Kris Phillips
01:43 PM Bug #11946: Custom value for AutoConfigBackup schedule Hours is not shown when loading the settings page: Tested in 2.6.0. The specified hour will now stay on the page when after navigating away and navigating back.
Howe... Max Leighton
09:45 AM pfSense Docs Correction #11998 (Closed): Feedback on Hardware — Hardware Tuning and Troubleshooting: *Page:* https://docs.netgate.com/pfsense/en/latest/hardware/tune.html
*Feedback:*
Section "VMware vmx(4) Interfac... Michael Huck

06/04/2021

07:04 PM Revision 502973c8: Duplicating Outbound NAT rule fix. Issue #11981: (cherry picked from commit 68be10e63195d399089092149e119de30ae6a639) Viktor Gurov
07:04 PM Revision e191b65c: Create Outbound NAT automatic equivalent rules when switching from Automatic to Manual mode. Fixes #11982: (cherry picked from commit ec8adb56d59a293516d1a0a3fb4eb45aad299f5b) Viktor Gurov
05:30 PM pfSense Packages Feature #11997 (New): IPsec Profile Wizard: Add Support for exporting Android strongSwan Profiles: We currently have Apple and Windows IPSec profile export. However, we're missing this option for Android which has a... Kris Phillips
04:39 PM Bug #9277: MBT-4220/2220: pfSense hangs when running sysctl -a: We've received additional reports of issues related to this bug report. The behavior may be related to running sysctl... Max Leighton
02:58 PM Revision e691303d: Adjust validation for MVC: Steve Beaver
02:05 PM Regression #11981: Duplicating Outbound NAT rule does not carry over contents of the source rule: Fix was not picked back to 2.5.2, but is now. Will be in future builds. Jim Pingle
02:04 PM Regression #11982: Outbound NAT does not create automatic equivalent rules when switching from Automatic to Manual mode: Fix was not picked back to 2.5.2, but is now. Will be in future builds. Jim Pingle
01:00 PM Revision 34b44340: Revise top/bottom outbound rule addition: Steve Beaver
11:15 AM Revision 1f0abbad: Use stable host for pkg repo: Renato Botelho
11:10 AM Revision d7ee51c5: Welcome pfSense CE 2.5.2-RC: Renato Botelho
08:35 AM Regression #11910: IPsec status tunnel descriptions are incorrect: Also seeing strangeness in the IPsec dashboard widget. Customer also reporting the active tunnel counts are incorrect... Chris Linstruth
08:23 AM pfSense Plus Regression #11995 (Closed): UPnP/NAT-PMP not functioning on 32-bit ARM: UPnP is not functional on 32-bit ARM systems (SG-3100, SG-1000) running pfSense Plus 21.05. When a client attempts to... Jim Pingle
07:48 AM Regression #11994 (Closed): Firewall rule usage counters showing 0/0 after latest pf merge: On 2.6.0.a.20210604.0100 the state counters on the firewall rule tabs are showing 0/0 again. We had a similar issue i... Jim Pingle
05:41 AM Regression #11545: Primary interface address is not always used when VIPs are present: I believe I am seeing this now after upgrading 2.4.5-p1 -> 2.5.1-CE with FRR BGP where FRR is told to use the WAN IPv... M Felden
04:12 AM Regression #11775: State counters not updating and always show 0/0 since last few updates: Issue reappeared for me in 2.6.0.a.20210603.0625 and 2.6.0.a.20210604.0100 M Felden
01:35 AM pfSense Packages Bug #11993 (Resolved): PHP error after disabling HAProxy: After unchecking the "Enable HAProxy" checkbox and clicking 'Save' on the haproxy_global.php page, an error occurs:
... Viktor Gurov
01:16 AM Bug #11992 (Confirmed): GRE Tunnel - Does not work with a virtual IP as endpoint: I can confirm this issue on 2.6.0.a.20210603.0100/2.5.2.b.20210603.0300 (Proxmox VM) -
I see high packet loss when... Viktor Gurov

05/31/2021

07:56 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: I have confirmed this PHP segmentation fault issue is an issue only on 32-bit ARM hardware such as that in the SG-310... Bill Meeks
06:26 PM Revision 9713b8ee: Add devel/git back to list of packages: Renato Botelho
01:31 PM Bug #11629: PPPoE WAN IP address different than expected when set static by ISP: Jim Pingle wrote:
> We will need a lot more information here since it isn't happening to others that we're aware of ... Daniel van der Wal

05/30/2021

09:01 PM Bug #11636 (Resolved): Unused Limiter entries with schedules create unnecessary cron jobs: Tested and working on 21.05/2.5.2. Cron job was not added until a rule contained the limiter, and the cron job was re... Marcos M
08:43 PM Bug #11718 (Resolved): XMLRPC Client does not honor its default timeout value: This fix has resolved a couple of different setups where the 60s timeout was being hit. Afterwards, the xmlrpc calls ... Marcos M
07:19 PM pfSense Packages Bug #11980 (Feedback): EAP does not work with SQL backend: The problem is that the sql module references in /usr/local/etc/sites-enabled/inner-*-tunnel remain commented out or ... Louis Casambre
07:10 PM Bug #11979 (Rejected): GUI Cannot reassign Interface on LAGG port: I was trying to reassign the HA sync interface from lagg0.4000 to igb3 through the GIU. Saving the setting however wo... Louis Casambre
07:07 PM Regression #11795 (Resolved): Applying IPsec settings for more than ~30 tunnels times out PHP: Tested 51 entries and working on 21.05/2.5.2 - marking as resolved. Marcos M
04:47 PM Bug #11704 (Resolved): Stale hostname registration data for OpenVPN clients is not deleted from the DNS Resolver configuration at boot: Tested and working - marking as resolved. Marcos M
04:15 PM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: >
> I gave up 2 years ago and moved to Untangle Firewall. Worked instantly for all the xboxes in our house. All m... Polar Nerd
04:08 PM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: Polar Nerd wrote:
> Marc 05 wrote:
> > Likely not as miniupnp hasn't changed afaik.
>
> FYI here is a link to wh... Shane Angelo
12:36 PM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: Marc 05 wrote:
> Likely not as miniupnp hasn't changed afaik.
FYI here is a link to where they are discussing thi... Polar Nerd
09:12 AM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: Likely not as miniupnp hasn't changed afaik.
If you have time, find a copy of 2.4.0 and test it. It may help narro... Marc 05
04:16 AM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: Will this work on 2.5.1, as still having the same issue.
would love to test on 2.5.1 as i have 3 pcs all with COD ... Michael Clews
01:37 PM Bug #11821 (Rejected): Upgrade libcurl to version 7.76.0: There are CVEs present in 7.76.0 hence it will not be included on 21.05/2.5.2. New libcurl versions are included in t... Marcos M
09:47 AM Feature #11978: New Dynamic DNS Provider: Strato: PR: https://github.com/pfsense/pfsense/pull/4525
Dennis Neuhaeuser
09:41 AM Feature #11978 (Closed): New Dynamic DNS Provider: Strato: add the german "strato.de" to the dyndns providers Dennis Neuhaeuser
03:45 AM pfSense Packages Bug #11977 (Duplicate): Any mail from the pfsense appliance has "Arpwatch Notification" in the subject line, no matter which package the mail comes from: Most mail from the pfsense appliance has "Arpwatch Notification" in the subject line, even when it is from a complete... Lightning Bit

05/29/2021

10:42 PM Revision 79b9e082: Add some leeway to DynDNS cache expiration time check: This leeway is needed to ensure that the cache is invalidated after N days and
not N+1 days. The latter could happen,... Jaakko Kantojärvi
09:18 PM Revision 22949106: Merge identical code of DynDNS providers: Jaakko Kantojärvi
09:13 PM Revision f56efb0d: Sort DynDNS providers inside switch statements: Not all of the code is sorted in this commit, but comments
were added to the code to instruct future contributors to
... Jaakko Kantojärvi
09:13 PM Revision f6f1d1c6: Remove whitespace at end of line: Jaakko Kantojärvi
06:17 PM pfSense Packages Bug #11822 (Resolved): Upgrade ClamAV to 0.103.2: Verified that the version is upgraded in 21.05/2.5.2. Version in repos confirmed as 0.103.2_1. Kris Phillips
06:09 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: Tested on the 21.05 RC from May 26th on the SG-3100. This issue is still present. Kris Phillips
04:47 PM Todo #11976 (Resolved): Compliance with pfSense style guide in Dynamic DNS service code: Files for the dynamic DNS include white space in the end of lines.
Additionally, many switch statements list provi... Jaakko Kantojärvi
04:09 PM Feature #11975 (Duplicate): Simplify NAT logging to conforme more easily with local/regional laws: The French law requires from ISPs to log "who used this IP address at this timestamp?" informations for a year.
Fo... Anonymous
03:58 PM Feature #11974 (New): XMLRPC synchronization for igmmproxy settings: Configuration synchronization (XMLRPC) does not replicate the configuration of IGMP Proxy.
Related to #11957. Anonymous
01:06 PM Feature #11968 (Resolved): VLAN list sorting: Tested in
2.6.0-DEVELOPMENT (amd64)
built on Fri May 28 01:04:03 EDT 2021
FreeBSD 12.2-STABLE
It works as expe... Max Leighton
10:47 AM Bug #11973 (Not a Bug): High Latency every 10 second on TCP OVPN: Hello,
We have an PFSensePLUS on AWS with 2 OVPN server: 1 TCP and 1 UDP. After the update to 21.02.2 we noticed tha... Davide Accetturi
08:54 AM pfSense Packages Feature #11972 (Resolved): Arpwatch - Add support for Telegram notifications: Arpwatch does not have an option to send notifications to a Telegram backend, even when the Telegram configuration is... Sergio Fernández

05/28/2021

10:12 PM Feature #11968: VLAN list sorting: the "VLANS" headers are clickable .
2.6.0.a.20210528.0100 Alhusein Zawi
11:11 AM Feature #11968: VLAN list sorting: On RELENG_2_5_2 when branched Jim Pingle
07:51 PM Revision b5c9be99: Cisco-AVPair ACL rule: port range operator change: Previous operator ( `><` ) prevented inserting port range with min/max port.
Ex.
`ip:inacl#1=permit tcp host {clienti... fl0l0u
05:06 PM Revision 23f7fa0b: Add 2.5.2-BETA repo: (cherry picked from commit 8997bf4703ab41fe7d36c098c1e0d29d69e26194) Renato Botelho
05:03 PM Revision 34ca228a: Add 2.5.2-BETA repo: (cherry picked from commit 8997bf4703ab41fe7d36c098c1e0d29d69e26194) Renato Botelho
05:03 PM Revision 8997bf47: Add 2.5.2-BETA repo: Renato Botelho
03:51 PM Bug #11453: ``wpa_supplicant`` uses 100% of a CPU core at boot: This is in 2.6 snapshots and now 2.5.2. Also in 21.09 snapshots if testing on arm. Steve Wheeler
01:58 PM Regression #11723 (Closed): Virtual IP addresses are only added to interfaces after reboot: Works correctly now. Jim Pingle
01:56 PM Bug #11867 (Closed): Unquoted variable in ``dot.tcshrc`` can cause proxy password to be printed: Works correctly now. Jim Pingle
01:52 PM Bug #11765 (Closed): Invalid HTML encoding in modal Notices window: Since the bug causing the original notice was random and hard to reproduce, and also has been fixed, it's not viable ... Jim Pingle
01:42 PM Feature #11293 (Closed): New Dynamic DNS Provider: one.com: Closing for lack of feedback. No way for us to test this here. Jim Pingle
01:42 PM Feature #11294 (Closed): New Dynamic DNS Provider: Yandex PDD: Closing for lack of feedback. No way for us to test this here. Jim Pingle
01:42 PM Feature #11358 (Closed): New Dynamic DNS Provider: NIC.RU: Closing for lack of feedback. No way for us to test this here. Jim Pingle
01:42 PM Feature #11420 (Closed): New Dynamic DNS Provider: Gandi LiveDNS IPv6: Closing for lack of feedback. No way for us to test this here. Jim Pingle
01:42 PM Bug #11667 (Closed): Automatic 25-day forced Dynamic DNS update removes wildcard domain: Closing for lack of feedback. Jim Pingle
01:41 PM Bug #11815 (Closed): NoIP.com Dynamic DNS update failure is not detected properly: Closing for lack of feedback. No way for us to test this here. Jim Pingle
01:40 PM Bug #11754 (Closed): Digital Ocean Dynamic DNS help text is incorrect: New text is in place. Jim Pingle
01:28 PM Bug #11767 (Closed): Sanitize OpenVPN Client Export certificate password in status output: Works. Password is sanitized in the output.... Jim Pingle
12:22 PM Bug #11748 (Resolved): Automated corruption recovery from cached ``config.xml`` backup files should check multiple backups: On a fresh VM I made a few changes, booted to single user mode and truncated the last few configs to 0 bytes, and the... Jim Pingle
11:37 AM Revision bb5f626f: devel repo should use PKG_REPO_SERVER_DEVEL: Renato Botelho
11:12 AM Bug #11290: Package ``<plugins>`` and ``<tabs>`` content missing from configuration in some cases: On RELENG_2_5_2 when branched Jim Pingle
07:15 AM pfSense Packages Bug #11964 (Pull Request Review): pfBlocker XMLRPC sync CARP interface advskew: Jim Pingle
07:12 AM Bug #11678: Certificate Manager does not report Unbound as using a certificate: Slipped by me, too. And spell check, since it's technically a valid word.
Thanks! Jim Pingle
01:07 AM Bug #11678: Certificate Manager does not report Unbound as using a certificate: Jim Pingle wrote:
> Updating subject for release notes.
BTW, all this time the subject has a typo: Manger -> Mana... Pete Holzmann
07:12 AM pfSense Plus Bug #11971 (Not a Bug): pfSense Plus 21.02.2 Crashes while reboot: Something is wrong with your filesystem or disk, not a bug. You should wipe and reload from a recovery installation i... Jim Pingle
06:31 AM pfSense Plus Bug #11971 (Not a Bug): pfSense Plus 21.02.2 Crashes while reboot: Our Netgate, updated from pfSense 2.4.5-RELEASE-p1 to pfSense Plus 21.02.2 had the issue that the Traffic Graphs on t... Aljoscha Kretschmann

05/27/2021

11:29 PM pfSense Packages Bug #11892: WireGuard: dpinger does not start correctly on a WireGuard gateway at boot: [2.6.0-DEVELOPMENT][admin@pfSense.home.arpa]/root: ifconfig tun_wg0
tun_wg0: flags=80c1<UP,RUNNING,NOARP,MULTICAST... Alhusein Zawi
07:10 PM Revision 3845c6eb: Fix PKG_REPO_BRANCH_DEVEL s/devel/master/: Renato Botelho
07:02 PM Revision cac3f71a: Welcome pfSense CE 2.5.2-BETA: Renato Botelho
05:37 PM Revision ef4f9a8b: Observe 'after' value when creating a new rule: Steve Beaver
05:28 PM pfSense Packages Bug #11964: pfBlocker XMLRPC sync CARP interface advskew: from https://forum.netgate.com/topic/163709/dns-resolver-not-listening-on-lan-carp-vip-after-update-to-2-5-1/7:
> I ... Viktor Gurov
04:20 PM Revision 7dbe76cd: Init pkg plugin array before use. Fixes #11290: Jim Pingle
03:05 PM Revision cf8a0761: Make VLAN table sortable. Implements #11968: Jim Pingle
01:16 PM Revision 49674e1f: Move globals to include file: Steve Beaver
01:13 PM Revision 2ca19797: Move globals to include file: Steve Beaver
01:05 PM pfSense Packages Bug #11970 (Confirmed): Netgate Firmware Upgrade Doesn't Work on XG-2758 (ADI/coreboot): Any version of pfSense after 2.4.4p3 breaks the flashing functionality for coreboot in the Netgate Firmware Upgrade p... Kris Phillips
01:00 PM Revision a5d3732b: Validate input depends on flag: Steve Beaver
12:35 PM Bug #11290: Package ``<plugins>`` and ``<tabs>`` content missing from configuration in some cases: Jim Pingle wrote:
> Applied in changeset commit:7dbe76cd5756082cbd67db1b93acb606ad84996e.
Can confirm this fixes ... Jeremy Utley
11:30 AM Bug #11290 (Feedback): Package ``<plugins>`` and ``<tabs>`` content missing from configuration in some cases: Applied in changeset commit:7dbe76cd5756082cbd67db1b93acb606ad84996e. Jim Pingle
11:28 AM Bug #11290: Package ``<plugins>`` and ``<tabs>`` content missing from configuration in some cases: Jim Pingle wrote:
> This is actually a problem in the base system not specific to a package. I have a fix, will comm... Jeremy Utley
11:19 AM Bug #11290 (In Progress): Package ``<plugins>`` and ``<tabs>`` content missing from configuration in some cases: This is actually a problem in the base system not specific to a package. I have a fix, will commit shortly. Jim Pingle
10:15 AM Bug #11290: Package ``<plugins>`` and ``<tabs>`` content missing from configuration in some cases: Marcos Mendoza wrote:
> Do those have the @<type>plugin_carp</type>@ line in the /conf/config.xml file? If not, does... Jeremy Utley
10:44 AM Bug #11969 (Pull Request Review): PHP error if no DHCPv6 Relay interfaces are selected: Jim Pingle
10:23 AM Bug #11969: PHP error if no DHCPv6 Relay interfaces are selected: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/270 Viktor Gurov
10:19 AM Bug #11969 (Resolved): PHP error if no DHCPv6 Relay interfaces are selected: How to reproduce:
Unselect all interfaces on the services_dhcpv6_relay.php and uncheck "Enable"
Result:... Viktor Gurov
10:15 AM Feature #11968 (Feedback): VLAN list sorting: Applied in changeset commit:cf8a0761c5c2ae80b62743d6d476e0fae6f2495e. Jim Pingle
10:05 AM Feature #11968 (Resolved): VLAN list sorting: Add sorting for the table of VLAN tags, so the headers are clickable to sort by each column.
See also: #8558
Jim Pingle
09:17 AM Bug #11793: OpenVPN client starts when CARP VIP is in BACKUP status when bound to Virtual IP aliased to CARP VIP: Fixing up subject Jim Pingle
08:54 AM Bug #11967 (Pull Request Review): Mobile IPsec advanced RADIUS parameters do not allow numeric values with a decimal point: Jim Pingle
08:41 AM Bug #11967: Mobile IPsec advanced RADIUS parameters do not allow numeric values with a decimal point: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/269 Viktor Gurov
08:40 AM Bug #11967 (Closed): Mobile IPsec advanced RADIUS parameters do not allow numeric values with a decimal point: "RADIUS Advanced parameters" doesn't allow to enter numeric with a decimal point in the "Retransmit Base" and "Retran... Viktor Gurov
08:52 AM pfSense Packages Bug #11965 (Pull Request Review): Avahi service started twice by /etc/rc.start_package: Jim Pingle
03:41 AM pfSense Packages Bug #11965: Avahi service started twice by /etc/rc.start_package: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/91 Viktor Gurov
08:51 AM Bug #11966 (Pull Request Review): Incorrect RADVD log message on HA event: Jim Pingle
03:00 AM Bug #11966: Incorrect RADVD log message on HA event: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/268 Viktor Gurov
01:24 AM Bug #11966 (Resolved): Incorrect RADVD log message on HA event: After transition to the CARP BACKUP state, an incorrect message appears in the log:
"Stopping radvd instance on LAN ... Viktor Gurov
08:50 AM Feature #11957 (Pull Request Review): XMLRPC synchronization for DHCP relay settings: Jim Pingle
02:57 AM Feature #11957: XMLRPC synchronization for DHCP relay settings: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/267 Viktor Gurov
08:08 AM Todo #11943 (Pull Request Review): Add FRR package documentation links: Jim Pingle
08:04 AM Feature #11211: GUI option to set RADIUS Timeout for EAP-RADIUS: Open a fresh issue for that input validation concern, we can work on that for the next release separate from this. Jim Pingle
07:41 AM Feature #11211: GUI option to set RADIUS Timeout for EAP-RADIUS: works as expected on 21.05.r.20210526.1807 -
I can see advanced parameter in the `/var/etc/ipsec/strongswan.conf`:
... Viktor Gurov
07:48 AM Regression #11952 (Closed): Traffic matching rules with limiters is not handled by DUMMYNET: Confirmed working here as well on latest 21.05 build. I see traffic in limiter info now, and my bufferbloat score is ... Jim Pingle
12:31 AM Feature #11103 (Resolved): Use virtual link local IP address as RA source address for HA environments: works as expected on 21.05.r.20210526.1807
`AdvRASrcAddress` in `/var/etc/radvd.conf`:... Viktor Gurov

05/26/2021

03:12 PM pfSense Docs Todo #11716 (Feedback): Feedback on Network Address Translation — Port Forwards: The redirect target content on the page already covered that, actually. The PR would have added it to the destination... Jim Pingle
09:48 AM pfSense Docs Todo #11716: Feedback on Network Address Translation — Port Forwards: I have something more in-depth in mind for this than is covered by that PR. It's already on my to-do list. Jim Pingle
04:22 AM pfSense Docs Todo #11716: Feedback on Network Address Translation — Port Forwards: https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/15 Viktor Gurov
03:12 PM Regression #11952: Traffic matching rules with limiters is not handled by DUMMYNET: Issue appears resolved on 21.09.a.20210526.0100 Adam Goldberg
02:47 PM Bug #11290: Package ``<plugins>`` and ``<tabs>`` content missing from configuration in some cases: Do those have the @<type>plugin_carp</type>@ line in the /conf/config.xml file? If not, does adding it change the res... Marcos M
01:18 PM Bug #11290: Package ``<plugins>`` and ``<tabs>`` content missing from configuration in some cases: I had been wondering if this problem only popped up on systems that were upgraded from 2.4.x to 2.5.x, and maybe it w... Jeremy Utley
11:30 AM pfSense Docs Todo #11962 (Feedback): Feedback on Firewall — Aliases: Ended up rewriting most of the page:
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/b61cd856772e836b8282f8d... Jim Pingle
09:51 AM pfSense Docs Todo #11962: Feedback on Firewall — Aliases: I have some other ideas for how to mention it without it getting confused with the note mentioned there. I'll take ca... Jim Pingle
03:30 AM pfSense Docs Todo #11962: Feedback on Firewall — Aliases: https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/14 Viktor Gurov
01:24 AM pfSense Docs Todo #11962 (Resolved): Feedback on Firewall — Aliases: *Page:* https://docs.netgate.com/pfsense/en/latest/firewall/aliases.html
*Feedback:*
Note that wildcard hostnam... Viktor Gurov
10:57 AM pfSense Packages Bug #11965 (Resolved): Avahi service started twice by /etc/rc.start_package: Similar to Bug #11887. Avahi tries to start twice on boot.
May 26 11:56:16 avahi-daemon 35721 Failed to create PID... Steve Harrington
09:26 AM Feature #11957: XMLRPC synchronization for DHCP relay settings: I would not condone running both at once for a variety of reasons. It may appear to function acceptably in your speci... Jim Pingle
09:02 AM Feature #11957: XMLRPC synchronization for DHCP relay settings: Viktor Gurov wrote:
> It's not possible to bind DHCP Relay daemon to CARP interface.
> without this, how to determi... Anonymous
01:34 AM Feature #11957: XMLRPC synchronization for DHCP relay settings: It's not possible to bind DHCP Relay daemon to CARP interface.
without this, how to determine which DHCP Relay node ... Viktor Gurov
07:40 AM pfSense Packages Bug #11964 (Resolved): pfBlocker XMLRPC sync CARP interface advskew: https://forum.netgate.com/topic/163709/dns-resolver-not-listening-on-lan-carp-vip-after-update-to-2-5-1/8:... Viktor Gurov
04:13 AM pfSense Packages Feature #11963 (New): Dynamically change OSPF interface costs on selected interfaces on CARP event: In order to improve uptime in HA environments, use a mechanism to dynamically change OSPF interface costs on selected... Viktor Gurov
01:17 AM pfSense Packages Bug #11961 (Resolved): FRR OSPF add unwanted area 0 authentication to router ospf: I have a configuration where one interface has a simple authentication
The area 0 does not have an authentication,... Damiano Bolla

05/25/2021

05:14 PM Revision 360ed166: Toggle-rule rename var for consistency: Steve Beaver
05:13 PM Revision b86f6fe9: Toggle-rule returns new ruke status: Steve Beaver
01:40 PM Regression #11775: State counters not updating and always show 0/0 since last few updates: The 21.09 pkg repositories are accessible as far as I can see. If there is a problem updating, it might be branch spe... Jim Pingle
01:27 PM Regression #11775: State counters not updating and always show 0/0 since last few updates: Jim Pingle wrote:
> If you update to a current build, it includes the fix now. There isn't a reliable way to update ... Craig Weber
12:43 PM Regression #11775: State counters not updating and always show 0/0 since last few updates: If you update to a current build, it includes the fix now. There isn't a reliable way to update just the module that ... Jim Pingle
12:36 PM Regression #11775: State counters not updating and always show 0/0 since last few updates: Jim Pingle wrote:
> It cannot be fixed with a patch in the GUI package, it was a problem in the pfSense module.
>
... Craig Weber
11:19 AM Regression #11775: State counters not updating and always show 0/0 since last few updates: It cannot be fixed with a patch in the GUI package, it was a problem in the pfSense module.
https://github.com/pfs... Jim Pingle
10:57 AM Regression #11775: State counters not updating and always show 0/0 since last few updates: Jim Pingle wrote:
> Excluding from release notes since it was a problem introduced by changes after the last release... Craig Weber
10:54 AM Regression #11775: State counters not updating and always show 0/0 since last few updates: Excluding from release notes since it was a problem introduced by changes after the last release. Jim Pingle
01:06 PM Revision 95b6415a: ipsec: Simplify logic: Renato Botelho
01:06 PM Revision 5f530364: ipsec: Use correct variable name: Renato Botelho
01:06 PM Revision 3d738e68: ipsec: Remove unneeded references on parameters: Renato Botelho
01:06 PM Revision 6ce3ef38: ipsec: Normalize ipsec_lookup_phase1(): - $ph2ent doesn't need to be a pointer
- Return true when $ph1ent is found since $ph1ent is a pointer and is
filled... Renato Botelho
12:15 PM Bug #11290 (New): Package ``<plugins>`` and ``<tabs>`` content missing from configuration in some cases: For some reason my primary node doesn't have a `plugin_carp` config.xml entry for FRR,
secondary is OK:... Viktor Gurov
11:16 AM Bug #11960 (Feedback): Gateway Monitoring Traffic Goes Out Default Gateway: This sounds similar to #11296 or another routing issue that was fixed already -- please re-test on a development snap... Jim Pingle
11:11 AM Bug #11960 (Resolved): Gateway Monitoring Traffic Goes Out Default Gateway: I'm using pfSense Plus 21.02.2 with a SG-3100 and XG-7100 1U. On both systems, I have dual WAN connections with gatew... James Blanton
10:55 AM Regression #11857: Match rules cause pf error parsing rules: Excluding from release notes since it was a problem introduced by changes after the last release. Jim Pingle
10:54 AM Regression #11839: Panic on 21.05/2.6.0 snapshots when memory usage is high: Excluding from release notes since it was a problem introduced by changes after the last release. Jim Pingle
10:52 AM Regression #11945: Incorrect VTI interface creation: Excluding from release notes since it was a regression in code added after the last release. Jim Pingle
09:58 AM Regression #11952: Traffic matching rules with limiters is not handled by DUMMYNET: Relevant commits:
https://github.com/pfsense/FreeBSD-src/commit/b9ec0795d21f2e93d59e6ee5e7d4fa7e1ae0cb1c
https://... Jim Pingle
09:57 AM Regression #11952 (Feedback): Traffic matching rules with limiters is not handled by DUMMYNET: PR with a fix was merged into src branches, will be in builds soon.
Updated the subject to better reflect what the... Jim Pingle
09:14 AM Bug #11959 (Pull Request Review): PPP interfaces lose the description field in ``ifconfig`` output when restarted: Jim Pingle
07:37 AM Bug #11959: PPP interfaces lose the description field in ``ifconfig`` output when restarted: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/266 Viktor Gurov
07:27 AM Bug #11959 (Resolved): PPP interfaces lose the description field in ``ifconfig`` output when restarted: The interface description field (#1557) is lost after running the `pppoe_restart` script:
before:... Viktor Gurov
08:58 AM Bug #11946 (Pull Request Review): Custom value for AutoConfigBackup schedule Hours is not shown when loading the settings page: Jim Pingle
12:50 AM Bug #11946: Custom value for AutoConfigBackup schedule Hours is not shown when loading the settings page: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/265 Viktor Gurov
08:34 AM Feature #11957: XMLRPC synchronization for DHCP relay settings: Each issue should be limited in scope to one specific request. I've changed this to refer only to DHCP Relay. Feel fr... Jim Pingle
03:59 AM Feature #11957: XMLRPC synchronization for DHCP relay settings: see also #2593 Viktor Gurov
07:21 AM Bug #11629: PPPoE WAN IP address different than expected when set static by ISP: Jim Pingle wrote:
> Perhaps this is another variation of #11545 and not a unique issue
This could be an another i... Viktor Gurov
04:10 AM Bug #11958: Multi-wan Azure Dyndns updates not working when primary WAN is unplugged: Neel Patel wrote:
> I have already raised this issue on the Netgate forum - https://forum.netgate.com/topic/163937/m... Viktor Gurov
04:02 AM Bug #8096 (Duplicate): Special characters not propagated by the config sync engine: fixed in #1478 Viktor Gurov
12:36 AM Feature #11954: Multicast limits: see MAXVIFS issue #10909
and https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=251047
Viktor Gurov

05/24/2021

08:59 PM Bug #11734: NAT rule overlap detection is inconsistent: Adding more details here; currently:
It's possible for rules with overlapping ports to be saved when the destinati... Marcos M
07:45 PM Bug #11958 (Duplicate): Multi-wan Azure Dyndns updates not working when primary WAN is unplugged: I have already raised this issue on the Netgate forum - https://forum.netgate.com/topic/163937/multi-wan-azure-dyndns... Neel Patel
05:06 PM Feature #11957 (Resolved): XMLRPC synchronization for DHCP relay settings: Configuration synchronization (XMLRPC) does not replicate the configuration of DHCP relay. Why?
In the same kind b... Anonymous
05:03 PM Feature #11956 (New): "add" button in the top of pages with many user-added items: In Interfaces > Assignments | VLANs, Firewall > Aliases | NAT | Rules | Virtual IPs, it's possible to add the "Add" b... Anonymous
05:01 PM Bug #11955 (Rejected): Cannot disable startup beep without configuring e-mail notifications: On fresh install, in System > Advanced > Notifications (/system_advanced_notifications.php), I only check "Disable th... Anonymous
04:57 PM Feature #11954 (New): Multicast limits: On my two XG-1541, I have configured 1 LAGG, 67 VLANs on this LAGG, 67 networks interfaces and I want to use inter-VL... Anonymous
04:55 PM Bug #11953 (Ready To Test): XG-1541 crashes when igmpproxy is enabled and network interfaces status change: On my two XG-1541, I have configured 1 LAGG, 67 VLANs on this LAGG, 67 networks interfaces and I have enabled igmppro... Anonymous
11:21 AM Regression #11952: Traffic matching rules with limiters is not handled by DUMMYNET: Thanks for the fast response, Jim. I believe this to be a different problem. The rules are indeed being matched as th... Adam Goldberg
11:16 AM Regression #11952: Traffic matching rules with limiters is not handled by DUMMYNET: It's unlikely the negate rules would be hit unless nothing else matched (note that they lack @quick@)
Another way ... Jim Pingle
10:45 AM Regression #11952: Traffic matching rules with limiters is not handled by DUMMYNET: Could it be possible that the auto-added NETGATE rules, which have higher precedence, are overriding the USER limiter... Adam Goldberg
10:25 AM Regression #11952 (Closed): Traffic matching rules with limiters is not handled by DUMMYNET: Traffic limiters have no effect when applied in 21.05 or 21.09 in a multi-wan environment.
3 ISPs - each 1Gbit up ... Adam Goldberg
11:14 AM Regression #11570 (Feedback): Gateway monitoring services is not always restarted on interface events, which may prevent a WAN from recovering back to an online state: Jim Pingle
10:59 AM Regression #11570: Gateway monitoring services is not always restarted on interface events, which may prevent a WAN from recovering back to an online state: It would seem this is fixed on 2.5.1/2.6 according to the comment on #11805
>Hi, just want to report its working fin... Marcos M
10:02 AM Regression #11545: Primary interface address is not always used when VIPs are present: This only seems to affect VPN tunnels where I assume the interface IP is read directly from the interface causing the... Steve Wheeler
10:00 AM Bug #11893: IPsec Dashboard widget only displays first P2 subnet when using a single traffic selector: This issue still appears for me on 21.09.a.20210524.0100. Let me know what other specific information I can provide, ... Adam Goldberg
09:02 AM Regression #11805: Port forward rules only function through the default gateway interface, ``reply-to`` does not work for Multi-WAN (CE Only): Tom Davis wrote:
> Hi, just want to report its working fine now for me using the latest dev CE version 2.6.0.a.20210... Vikash Jhagroe
08:55 AM Regression #11805: Port forward rules only function through the default gateway interface, ``reply-to`` does not work for Multi-WAN (CE Only): Hi, just want to report its working fine now for me using the latest dev CE version 2.6.0.a.20210524.0100
More detai... Tom Davis
07:40 AM pfSense Packages Bug #11886 (Feedback): WireGuard: PHP error in vpn_wg_peers_edit.php: Jim Pingle
07:40 AM pfSense Packages Bug #11892 (Feedback): WireGuard: dpinger does not start correctly on a WireGuard gateway at boot: Jim Pingle
07:40 AM Bug #11949 (Not a Bug): LAGG/LACP with GIF 6to4 tunnel is broken: Not enough evidence here to conclude that it's a bug in FreeBSD or pfSense. You could test it further by not enabling... Jim Pingle
07:35 AM pfSense Packages Feature #11948 (Pull Request Review): ACME: Support specifying non-default port for nsupdate DNS validation method: Jim Pingle
07:34 AM pfSense Packages Feature #11186 (Closed): Allow lo0/Loopback as a valid interface in OSPF/OSPF6: Jim Pingle
07:18 AM pfSense Packages Bug #11950: Wireguard Package Errors and DNS problem: Christian McDonald wrote:
> I'm not able to replicate the DNS issue, but I might not be completely understanding you... RED SKULL
07:14 AM pfSense Packages Bug #11950: Wireguard Package Errors and DNS problem: I'm not able to replicate the DNS issue, but I might not be completely understanding your configuration.
Can you t... Christian McDonald
02:48 AM Bug #11951 (Closed): IPsec status fails when many tunnels are connected: How to reproduce:
1. Set wan address 172.16.1.2/24.
2. Create IPSEC IKEv1 P1 with remote 172.16.1.3 and 11 P2 tun... Maxim A

05/23/2021

05:07 PM Bug #10800: Multi WAN Load Balancing does not work on 2.5.0.a.20200729.0650: I am also experiencing the same issue. Failover works, but load balancing does not work -- all packets go through the... Layla Mah
12:05 PM pfSense Packages Bug #11950: Wireguard Package Errors and DNS problem: I actually caught the flock and fclose bugs last night and have them resolved. I will be submitting a PR tonight or t... Christian McDonald
08:22 AM pfSense Packages Bug #11950 (Resolved): Wireguard Package Errors and DNS problem: Updated from Wireguard Package version 0.0.8 to 0.1.1 and receive the following error after every reboot:
@
Crash r... RED SKULL
08:19 AM pfSense Packages Bug #11886: WireGuard: PHP error in vpn_wg_peers_edit.php: Fixed in https://github.com/pfsense/FreeBSD-ports/pull/1064 Christian McDonald
08:18 AM pfSense Packages Bug #11892: WireGuard: dpinger does not start correctly on a WireGuard gateway at boot: Fixed in https://github.com/pfsense/FreeBSD-ports/pull/1064 Christian McDonald
12:27 AM Bug #11949 (Not a Bug): LAGG/LACP with GIF 6to4 tunnel is broken: I'm running 21.02.2-RELEASE on a Netgate SG-8860.
I have a working he.net TunnelBroker tunnel which works fine wit... Scott Johnson

05/22/2021

08:57 PM Bug #11923 (Resolved): Input validation not working for 1:1 NAT entries using an alias as a destination: I was able to add and modify 1:1 NAT with a destination alias without errors.
Fixed
2.6.0.a.20210522.0100 Alhusein Zawi
02:00 PM Bug #11769 (Resolved): Sanitize Captive Portal RADIUS MAC secret in status output: Tested in
2.6.0-DEVELOPMENT (amd64)
built on Sat May 22 01:04:36 EDT 2021
FreeBSD 12.2-STABLE
radmac_secret ... Max Leighton
01:23 PM Regression #11545: Primary interface address is not always used when VIPs are present: Ran into this again today on a pfSense Plus 21.02.2 upgrade. Had to do the following to fix it:
1. Save the VIP b... Kris Phillips
11:04 AM pfSense Packages Bug #11525: pfsense 2.5.0 release version for vlan issue to suricata: # Does this happen only on VLAN interfaces; have you tried non-vlan interfaces?
# Are you using vmxnet3 or something... Marcos M

05/21/2021

09:56 PM pfSense Packages Feature #11948 (Closed): ACME: Support specifying non-default port for nsupdate DNS validation method: Hi,
I've just submitted a new PR (https://github.com/pfsense/FreeBSD-ports/pull/1067) adding support for non-defau... Pablo Ruiz
09:43 PM pfSense Packages Feature #11186: Allow lo0/Loopback as a valid interface in OSPF/OSPF6: lo0/Loopback is added as interface in OSPF Alhusein Zawi
05:30 AM pfSense Packages Feature #11186 (Feedback): Allow lo0/Loopback as a valid interface in OSPF/OSPF6: Merged four month ago Viktor Gurov
08:00 PM Bug #11939 (Resolved): Editing widgets on Dashboard causes a PHP Warning: Tested on
2.6.0-DEVELOPMENT (amd64)
built on Fri May 21 01:05:01 EDT 2021
FreeBSD 12.2-STABLE
Editing widget... Max Leighton
12:20 PM Bug #11939 (Feedback): Editing widgets on Dashboard causes a PHP Warning: This was picked back yesterday. Jim Pingle
07:15 PM Bug #11946: Custom value for AutoConfigBackup schedule Hours is not shown when loading the settings page: Jim Pingle wrote:
> When ACB is set to use a schedule on @services_acb_settings.php@, a the hour value from config.x... Michael Spears
01:18 PM Bug #11946 (Closed): Custom value for AutoConfigBackup schedule Hours is not shown when loading the settings page: When ACB is set to use a schedule on @services_acb_settings.php@, a the hour value from config.xml is not populated o... Jim Pingle
05:55 PM Revision 6693812a: Add missing vars to applyVIP(). Fixes #11723: Jim Pingle
04:39 PM Revision 6df902ac: IPsec ipsec_create_vtimap() fix. Issue #11945: Viktor Gurov
03:12 PM Bug #6880: Multiple DHCP6 WAN connections leads to multiple dhcp6c clients: I am using this dirty fix (plus a manually generated config file specified for both interfaces in the Webinterfaces),... Flole Systems
01:25 PM Bug #9887 (New): Rule separator positions change when deleting multiple rules: Still broken but not a blocker so moving forward. The scenario in my first test "sep-test1" is OK. The second scenari... Jim Pingle
01:21 PM Feature #10811 (Closed): Randomize time of scheduled AutoConfigBackup runs: This looks OK to me. The minute value in the GUI is random when the page loads when unset, but static once saved.
... Jim Pingle
01:19 PM Regression #11723: Virtual IP addresses are only added to interfaces after reboot: Picked back to 21.05 as well. Jim Pingle
01:05 PM Regression #11723 (Feedback): Virtual IP addresses are only added to interfaces after reboot: Applied in changeset commit:6693812aff9ca84a8d05ac327adb726450c0b18f. Jim Pingle
12:54 PM Regression #11723 (New): Virtual IP addresses are only added to interfaces after reboot: This is still broken, but has a quick/easy fix. Jim Pingle
01:11 PM Feature #7092 (Closed): Kernel modules for alternate congestion control algorithms: Modules are all there on current builds (CE and Plus):... Jim Pingle
01:08 PM Todo #11518 (Closed): Move custom IPsec NAT-T port settings to Advanced Options: Looks good on current build Jim Pingle
12:58 PM Todo #11518: Move custom IPsec NAT-T port settings to Advanced Options: Tested on 21.5.
Looks good. Danilo Zrenjanin
01:06 PM Regression #11510 (Closed): ARP Table populates hostname values using expired DHCP lease data: This looks good on current builds on the system where I could reproduce it before. Jim Pingle
01:00 PM Bug #11688 (Closed): Disabling all interfaces associated with a floating rule causes the firewall to generate an incorrect pf rule: This is working as expected on current builds. Jim Pingle
12:45 PM Regression #11787 (Closed): Thermal sensors widget no longer shows values from certain hardware: This is good now. The other devices are being included. I don't have a Chelsio card to check but given that the other... Jim Pingle
12:44 PM Bug #11801 (Closed): PHP error in ``upgrade_212_to_213()`` when upgrading certain IPsec tunnels: Should be fine now, if anyone else has a problem, can reopen. Jim Pingle
12:41 PM Regression #11819 (Closed): MAC address OEM information missing from ARP table: Info is present on current snaps Jim Pingle
12:40 PM Todo #11844 (Closed): Update OpenVPN to 2.5.2: In current builds and working. Jim Pingle
12:37 PM Bug #11859 (Closed): PHP error on certificate list due to unreadable private key: No errors with a corrupt key on current snapshot. Jim Pingle
12:29 PM Bug #11861 (Closed): Error loading rules in certain cases where an interface is temporarily without an address: This has not recurred for me since the fix went in. Calling it solved. Jim Pingle
12:28 PM Todo #11914 (Resolved): Allow reroot on ZFS from console and GUI reboot menu entries: In and wokring Jim Pingle
12:21 PM Todo #11684: Set ``explicit-exit-notify`` option by default for new OpenVPN server instances: Moving ahead. Jim Pingle
12:20 PM Bug #11922: Certificate manager reports CA as in use by an LDAP server when LDAP is not configured for TLS: Moving ahead. Jim Pingle
12:12 PM Regression #11945 (Feedback): Incorrect VTI interface creation: PR has been merged. Thanks! Renato Botelho
11:40 AM Regression #11945: Incorrect VTI interface creation: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/263 Viktor Gurov
11:39 AM Regression #11945 (Closed): Incorrect VTI interface creation: How to reproduce:
1) Clean install
2) Create IPsec with VTI Phase 2
3) Check config.xml - you'll see:... Viktor Gurov
11:56 AM pfSense Packages Bug #11680 (Resolved): Saving HAProxy FrontEnd description with umlauts causes configuration restore: Tested on the latest development release.
haproxy-devel 0.62_3
All characters can be used in the description ... Danilo Zrenjanin
08:04 AM pfSense Packages Feature #10739 (Pull Request Review): Update HAproxy-devel package to 2.2 and HAproxy to 2.0: Jim Pingle
05:04 AM pfSense Packages Feature #10739: Update HAproxy-devel package to 2.2 and HAproxy to 2.0: http-after-response and http-request_replace-path actions support:
https://github.com/pfsense/FreeBSD-ports/pull/1070 Viktor Gurov
08:03 AM pfSense Packages Bug #11491 (Pull Request Review): haproxy-devel v0.62_2 - startup error 'httpchk': Jim Pingle
03:24 AM pfSense Packages Bug #11491: haproxy-devel v0.62_2 - startup error 'httpchk': fix:
https://github.com/pfsense/FreeBSD-ports/pull/1069 Viktor Gurov
08:01 AM Todo #11943: Add FRR package documentation links: Not a bug since they didn't exist before.
Probably need to start thinking of a way to have an xml tag and/or plugi... Jim Pingle
12:56 AM Todo #11943: Add FRR package documentation links: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/262 Viktor Gurov
07:58 AM pfSense Packages Feature #10779 (Pull Request Review): HAProxy SSL/TLS Compatibility Mode: Jim Pingle
12:21 AM pfSense Packages Feature #10779 (New): HAProxy SSL/TLS Compatibility Mode: DRago_Angel [InV@DER] wrote:
> [...]
> Hi, need update to use ssl-min-ver & ssl-max-ver as mentioned at https://red... Viktor Gurov
07:48 AM Regression #11775: State counters not updating and always show 0/0 since last few updates: Looks good here, too, on the following snapshots:
* Plus snapshot pfSense-21.05.r.20210520.1515
* CE snapshot 2.6... Jim Pingle
05:09 AM Regression #11775 (Resolved): State counters not updating and always show 0/0 since last few updates: Renato Botelho
02:55 AM Regression #11775: State counters not updating and always show 0/0 since last few updates: 2.6.0.a.20210520.0100 -> 2.6.0.a.20210521.0100
Fixed in all instances M Felden
02:52 AM Regression #11775: State counters not updating and always show 0/0 since last few updates: Kris Phillips wrote:
> Confirmed working in latest snapshot. Attached screenshot. This can be closed as resolved.
... Craig Weber
07:43 AM pfSense Plus Bug #11942 (Not a Bug): Disconnecting WAN Interface Kills OpenVPN Servers on Other Interfaces: Not enough information here to rule out a configuration problem. In certain cases the behavior you describe is expect... Jim Pingle
05:28 AM pfSense Packages Bug #11094 (Not a Bug): HAProxy Stick on SSL-Session-ID Doesn't Work: The Frontend type must be "ssl / https(TCP mode)" for this feature to work. Viktor Gurov
12:57 AM pfSense Docs Todo #11944 (Closed): Feedback on Packages — FRR Package — Bidirectional Forwarding Detection: *Page:* https://docs.netgate.com/pfsense/en/latest/packages/frr/bfd/index.html
*Feedback:*
There is no "BFD Sta... Viktor Gurov
12:23 AM Bug #9821: pfSense IPsec not reload configs on connectivity issues with DDNS: DRago_Angel [InV@DER] wrote:
> Jim Pingle wrote:
> > IPsec with DDNS works fine for many users (myself included) --... Viktor Gurov

05/20/2021

08:27 PM Regression #11775: State counters not updating and always show 0/0 since last few updates: Confirmed working in latest snapshot. Attached screenshot. This can be closed as resolved. Kris Phillips
12:57 PM Regression #11775 (Feedback): State counters not updating and always show 0/0 since last few updates: Fixed the PHP module. It was returning only the last rule of the list.
Fixed in php74-pfSense-module-0.70. Luiz Souza
10:29 AM Regression #11775: State counters not updating and always show 0/0 since last few updates: Also not fixed in May 20 build, confirming what Nick K has found. Kris Phillips
10:11 AM Regression #11775: State counters not updating and always show 0/0 since last few updates: I second the Kris response. I am updated to the latest on both my CE and Plus devices and seeing the same issues afte... Nick K
06:43 PM Todo #11943 (Resolved): Add FRR package documentation links: Clicking on Help icon "?" in FRR tabs does not go to FRR documents
https://docs.netgate.com/pfsense/en/latest/packa... Alhusein Zawi
03:55 PM pfSense Plus Bug #11942 (Not a Bug): Disconnecting WAN Interface Kills OpenVPN Servers on Other Interfaces: Netgate SG-2100
21.02.2-RELEASE (arm64)
I have a cable modem plugged into WAN getting a DHCP address from a provi... Web Dawg
03:22 PM Feature #11935 (Pull Request Review): Log external IP address of OpenVPN clients on connect and disconnect: Jim Pingle
02:51 AM Feature #11935: Log external IP address of OpenVPN clients on connect and disconnect: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/260 Viktor Gurov
03:04 PM Revision 2ac5f4ae: Fix PHP error when changing Sys Info Widget. Fixes #11939: Avoid attempting to use $crypto when it's empty/undefined. Jim Pingle
02:46 PM Regression #11857 (Closed): Match rules cause pf error parsing rules: Match rules are also working on 2.6.0.a.20210520.0100 -- closing. Jim Pingle
02:42 PM Regression #11938 (Pull Request Review): DNS Resolver does not add PTR record for OpenVPN clients: Jim Pingle
05:47 AM Regression #11938: DNS Resolver does not add PTR record for OpenVPN clients: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/261 Viktor Gurov
02:05 AM Regression #11938 (Resolved): DNS Resolver does not add PTR record for OpenVPN clients: After changes in #11129 openvpn.learn-address.sh uses the 'unbound-control local_data' command to add client A/AAAA D... Viktor Gurov
02:32 PM Regression #11910: IPsec status tunnel descriptions are incorrect: Renato said the fix for this will need to wait for the next release Jim Pingle
02:21 PM Regression #11550 (Feedback): Segmentation fault when loading ALTQ traffic shaping rules using FAIRQ: Kristof committed a potential fix for this, needs tested. If it's still an issue, set target ahead to 21.09. Jim Pingle
01:44 PM pfSense Packages Bug #11838: FRR ospf6d consumes all available memory+swap after an interface event: I reported this upstream to FRR: https://github.com/FRRouting/frr/issues/8711 Jim Pingle
01:43 PM Regression #11839 (Closed): Panic on 21.05/2.6.0 snapshots when memory usage is high: I've been aggressively attempting to crash the latest builds of 21.05 and 2.6.0 which include the fixes for this prob... Jim Pingle
06:26 AM Regression #11839: Panic on 21.05/2.6.0 snapshots when memory usage is high: I believe these crashes all share the same root cause, which is that we (in certain places) mis-use the rule/state co... Kristof Provost
12:59 PM Revision 8aa8f78e: 1:1 NAT IPsec/OpenVPN/L2TP/PPPoE and interface groups input validation extra 2.6 fix. Issue #11751: Viktor Gurov
12:54 PM Revision 04857433: NAT 1:1 destination alias validation. Fixes #11923: Viktor Gurov
12:38 PM Bug #11762 (Resolved): Invalid combinations of TCP flag matching options cause ``pfctl`` parser error: Tested on the latest release. It looks good.
Ticket resolved. Danilo Zrenjanin
11:29 AM pfSense Packages Bug #11937 (Pull Request Review): HAproxy "Use Client-IP" option breaks Captive Portal: Jim Pingle
11:21 AM pfSense Packages Bug #11937: HAproxy "Use Client-IP" option breaks Captive Portal: fix:
https://github.com/pfsense/FreeBSD-ports/pull/1066 Viktor Gurov
07:19 AM pfSense Packages Bug #11937: HAproxy "Use Client-IP" option breaks Captive Portal: That option is almost certainly incompatible with Captive Portal, but if there is a way to make it work, it would hav... Jim Pingle
10:13 AM Bug #11939 (Waiting on Merge): Editing widgets on Dashboard causes a PHP Warning: Tested on 2.6.0 and 21.05, was able to reproduce the error before but not with the fix applied. Fix is in master and ... Jim Pingle
10:10 AM Bug #11939 (Feedback): Editing widgets on Dashboard causes a PHP Warning: Applied in changeset commit:2ac5f4ae7424349dd977a806ebc84d56affc2f17. Jim Pingle
09:57 AM Bug #11939: Editing widgets on Dashboard causes a PHP Warning: It may still function but that is rather ugly. Jim Pingle
08:03 AM Bug #11939: Editing widgets on Dashboard causes a PHP Warning: Note that it does work 100 % even though it throws a warning. T Toft
08:01 AM Bug #11939 (Resolved): Editing widgets on Dashboard causes a PHP Warning: Editing widgets on the Dashbord page causes "PHP Warning: Invalid argument supplied" errors.
To reproduce:
- Go ... T Toft
08:41 AM Bug #11941 (Resolved): Many ``exec()`` functions do not use full path to executable files: Here's a list:... Viktor Gurov
08:05 AM Bug #11923 (Feedback): Input validation not working for 1:1 NAT entries using an alias as a destination: Applied in changeset commit:04857433ff068382f75340e140a60c5acbd1e69c. Viktor Gurov
08:04 AM Bug #11940 (Not a Bug): Fix return logic on sigkillbypid: PR : https://github.com/pfsense/pfsense/pull/4521 Christian McDonald

05/19/2021

10:12 PM Regression #11775: State counters not updating and always show 0/0 since last few updates: Was asked to test the latest release, as some counters were supposedly fixed in another part of the UI that may be re... Kris Phillips
07:52 PM Regression #11839: Panic on 21.05/2.6.0 snapshots when memory usage is high: Thanks. The majority of these are associated with the pf counter_u64 issue (anything with pf in the traceback).
Ho... Peter Grehan
10:04 AM Regression #11839: Panic on 21.05/2.6.0 snapshots when memory usage is high: Adding a few more I collected from a few misc installs during testing (some were deliberate crashes, others happened ... Jim Pingle
06:59 PM Revision d2eee7c8: Refactor firewall_nat_out for MVC: Steve Beaver
06:29 PM pfSense Packages Bug #11937 (Feedback): HAproxy "Use Client-IP" option breaks Captive Portal: Devices can access https sites without authenticating via Captive portal.
Enabling 'Use Client-IP to connect to back... David Quinn
02:59 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: As posted to https://forum.netgate.com/topic/163854/sg-3100-crash-on-upgrade-restore-when-using-url-tables-and-openvp... Arthur Wiebe
01:58 PM pfSense Packages Bug #11822 (Feedback): Upgrade ClamAV to 0.103.2: clam-av is on the required version in pfSense Plus 21.05. This is expected to be the same in 2.5.2.
On 21.05:
... Kris Phillips
10:44 AM Regression #11316 (Feedback): Unbound crashes with signal 11 when reloading: I've imported https://github.com/NLnetLabs/unbound/commit/ff6b527184b33ffe1e2b643db8a32fae8061fc5a into our devel bra... Renato Botelho
08:43 AM Feature #11935: Log external IP address of OpenVPN clients on connect and disconnect: The syslog entries are called on /etc/inc/openvpn.auth-user.php around lines 120 & 163 ("could not authenticate" & "a... Michael Novotny
07:51 AM Feature #11935: Log external IP address of OpenVPN clients on connect and disconnect: In theory it should be possible, but would need validation to ensure it works as desired.
The data should be avail... Jim Pingle
07:48 AM Feature #11935: Log external IP address of OpenVPN clients on connect and disconnect: Attached is what the syslog entry from graylog. Michael Novotny
07:43 AM Feature #11935 (Resolved): Log external IP address of OpenVPN clients on connect and disconnect: Would it be possible to add the IP address of the user when they are authenticated? This would assist with doing gra... Michael Novotny
08:12 AM pfSense Packages Bug #11936 (Incomplete): FRR does not connect BGP when using password: There isn't nearly enough information here to speculate about a cause. "It doesn't work" is not a complete bug report... Jim Pingle
08:09 AM pfSense Packages Bug #11936 (Incomplete): FRR does not connect BGP when using password: Unsecured BGP sessions work fine, however password protected BGP sessions which previously worked fine no longer work... Clint Guillot
07:58 AM Bug #11818 (Pull Request Review): Mixed use of aliases in a port range produces unloadable ruleset: Jim Pingle
04:59 AM Bug #11818: Mixed use of aliases in a port range produces unloadable ruleset: extra input validation:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/258 Viktor Gurov
07:43 AM Regression #11857: Match rules cause pf error parsing rules: match rules load OK on pfSense Plus snapshot 21.05.r.20210519.0300, there isn't a new CE snapshot yet that has the fi... Jim Pingle
05:44 AM Feature #9341: Support DNS Made Easy authentication without a username: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/259 Viktor Gurov
05:04 AM Feature #9262 (Duplicate): Strongswan DHCP plugin: duplicate of #8168 Viktor Gurov
04:05 AM pfSense Packages Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port: Combined with the duplicate-cn option, this problem is actually pretty bad. (At least I suspect we're having the sam... Harm V

Also available in: Atom

Project

General

Profile

pfSense

Activity

Activity

06/17/2021

06/16/2021

06/15/2021

06/14/2021

06/13/2021

06/12/2021

06/11/2021

06/10/2021

06/09/2021

06/08/2021

06/07/2021

06/06/2021

06/05/2021

06/04/2021

06/03/2021

06/02/2021

06/01/2021

05/31/2021

05/30/2021

05/29/2021

05/28/2021

05/27/2021

05/26/2021

05/25/2021

05/24/2021

05/23/2021

05/22/2021

05/21/2021

05/20/2021

05/19/2021