Activity

30 days up to

User

Subprojects

Activity

From 05/27/2021 to 06/25/2021

06/22/2021

07:58 PM Bug #12071 (Closed): Responder Only IPsec tunnel tries to connect on secondary node when a failover happens in HA: Normally with an IPsec tunnel on a pfSense HA setup, failing over to the secondary makes the IPsec start on the new m... Marcos M
04:24 PM pfSense Docs Correction #11735: Feedback on Hardware — Hardware Tuning and Troubleshooting: Looks good. Marcos M
02:35 PM pfSense Docs Correction #11735: Feedback on Hardware — Hardware Tuning and Troubleshooting: Check the doc again now.
Should be better.
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/1a8fd83fbc4bc389... Jim Pingle
02:59 PM Feature #12070 (Resolved): Support for VLAN ``0``: Hello, I'm not sure if this should be a bug or feature request. Internet fiber providers in the USA and abroad tag th... Michael LaCroix
12:45 PM Bug #12061 (Closed): Update NGINX to address CVE-2021-23017: @nginx-1.20.1,2@ is in the latest test build. GUI, XMLRPC, and captive portal are all working as expected.
While I... Jim Pingle
12:07 PM pfSense Packages Bug #12065 (Pull Request Review): PHP crash when creating a new report in mailreport 3.6.3_2: Jim Pingle
10:50 AM pfSense Packages Bug #12065: PHP crash when creating a new report in mailreport 3.6.3_2: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/96 Viktor Gurov
08:48 AM pfSense Packages Bug #11766 (Feedback): Certificate no more pointed "in use" by haproxy: PR has been merged. Thanks! Renato Botelho
08:48 AM pfSense Packages Bug #11937 (Feedback): HAproxy "Use Client-IP" option breaks Captive Portal: PR has been merged. Thanks! Renato Botelho
08:47 AM pfSense Packages Feature #10779 (Feedback): HAProxy SSL/TLS Compatibility Mode: PR has been merged. Thanks! Renato Botelho
08:46 AM pfSense Packages Bug #11491 (Feedback): haproxy-devel v0.62_2 - startup error 'httpchk': PR has been merged. Thanks! Renato Botelho
08:46 AM pfSense Packages Feature #10739 (Feedback): Update HAproxy-devel package to 2.2 and HAproxy to 2.0: PR has been merged. Thanks! Renato Botelho
08:44 AM pfSense Packages Bug #11993 (Feedback): PHP error after disabling HAProxy: PR has been merged. Thanks! Renato Botelho
08:39 AM pfSense Packages Bug #6235 (Resolved): Snort sometimes crashes during rule update process (specifically related to VRT .so rule update?): PR has been merged Renato Botelho
08:38 AM pfSense Packages Bug #11637 (Resolved): Preprocs - possible to create two defaults: PR has been merged Renato Botelho
08:20 AM pfSense Plus Bug #12068 (Not a Bug): Upgrade to 21.05 fails with seg fault: There is not enough information here to classify that as a bug, and there are numerous others who have upgraded succe... Jim Pingle
01:44 AM pfSense Plus Bug #12068 (Not a Bug): Upgrade to 21.05 fails with seg fault: When trying to upgrade the sg3100 to 21.05 (from 21.02.2). The upgrade fails during the system reload during the "con... Daniel Ramirez
07:29 AM Regression #12069 (Resolved): Panic in ``pfctl`` with large numbers of states: Only "one report of this so far":https://forum.netgate.com/post/988755, so it's unclear how many it may affect. User ... Jim Pingle

06/21/2021

11:38 PM Revision 6bc442e7: Welcome pfSense CE 2.5.2-RELEASE: Renato Botelho
09:31 PM pfSense Docs Correction #11735: Feedback on Hardware — Hardware Tuning and Troubleshooting: Of note, @hw.ix.flow_control=0@ in @loader.conf.local@ can still be used, though it's probably best to keep it as dev... Marcos M
03:43 PM pfSense Docs Correction #11735 (Feedback): Feedback on Hardware — Hardware Tuning and Troubleshooting: Updated as a part of https://gitlab.netgate.com/docs/pfSense-docs/-/commit/35e2d56cc2f1021b58ee71135d99d371e332af1e
Jim Pingle
12:53 PM pfSense Docs Correction #11735 (In Progress): Feedback on Hardware — Hardware Tuning and Troubleshooting: Jim Pingle
06:37 PM Bug #12061 (Feedback): Update NGINX to address CVE-2021-23017: I've cherry-picked commits to upgrade it to 1.20.1,2 on RELENG_2_5_2. Development branches will get it on next round... Renato Botelho
03:43 PM pfSense Docs Correction #9228 (Feedback): Feedback on Hardware — Hardware Sizing Guidance: Updated as a part of https://gitlab.netgate.com/docs/pfSense-docs/-/commit/35e2d56cc2f1021b58ee71135d99d371e332af1e
... Jim Pingle
01:06 PM pfSense Docs Correction #9228 (In Progress): Feedback on Hardware — Hardware Sizing Guidance: Jim Pingle
03:43 PM pfSense Docs New Content #10225 (Feedback): Add cryptographic hardware info to the SG-3100 manual: Not in the manual, but updated related info as a part of https://gitlab.netgate.com/docs/pfSense-docs/-/commit/35e2d5... Jim Pingle
03:35 PM pfSense Docs New Content #10225 (In Progress): Add cryptographic hardware info to the SG-3100 manual: Jim Pingle
03:10 PM Bug #11960: Gateway Monitoring Traffic Goes Out Default Gateway: Jim, Sorry for the delay but I've been out of the office a good bit the past month.
I've updated the SG-3100 to 21... James Blanton
10:29 AM pfSense Packages Bug #12031: Wireguard Package Produces Crash in 2.5.2: Christian McDonald wrote:
> Hi all,
>
> Yes this fix (along with a ton of other fixes) are in the current PR.
... Marcello Marques
09:53 AM pfSense Packages Bug #12031: Wireguard Package Produces Crash in 2.5.2: Hi all,
Yes this fix (along with a ton of other fixes) are in the current PR. Christian McDonald
09:12 AM pfSense Packages Bug #12031: Wireguard Package Produces Crash in 2.5.2: Renato Botelho wrote:
> I'll take care of this one
FWIW, I've been running 0.1.2 _(over several minor revisions)_... Marcello Marques
08:53 AM pfSense Packages Bug #12031: Wireguard Package Produces Crash in 2.5.2: I'll take care of this one Renato Botelho
08:34 AM pfSense Packages Bug #12031: Wireguard Package Produces Crash in 2.5.2: Kris Phillips wrote:
> Issue continues to be present in June 17th 2.5.2 RC build
It's already fixed in the latest... Marcello Marques
08:39 AM Bug #12067 (New): DHCP Monitoring Statistics Error: I have 2 DHCP pool (51 + 51 IP address) in one network (see attachments screen)
But monitoring DHCP show maximum dhc... Evgeny Korostelev
08:00 AM Bug #12049 (Pull Request Review): Input validation incorrectly rejects a second IPv4-only GRE tunnel: Jim Pingle
07:57 AM pfSense Packages Bug #12064 (Duplicate): Navbar not responsive when running iperf: Duplicate of #8502 Jim Pingle
07:44 AM Feature #12066: Include man and man pages for all core programs and packages: Currently we deliberately remove them to save on space, though these days space isn't at as much of a premium as it w... Jim Pingle
06:46 AM Regression #11316: Unbound crashes with signal 11 when reloading: As an ugly workaround, I'm using "Service Watchdog" package to restart *unbound* when it crashes. This happens every... Akom Benevolent
05:44 AM pfSense Packages Feature #12042: Add Zabbix 5.4 agent and proxy packages: Hello, thanks for the work, how long until available ? Nox Inmortus

06/20/2021

07:41 AM pfSense Packages Bug #12030: Startup Errors for Avahi Package: The service warnings are expected if you don't have publishing enabled. It's disabled by default.
See: https://forum... Steve Wheeler

06/19/2021

09:59 PM pfSense Packages Bug #12031: Wireguard Package Produces Crash in 2.5.2: Issue continues to be present in June 17th 2.5.2 RC build Kris Phillips
08:03 PM Bug #12050: "GoTo line #" function does not work on ``diag_edit.php``: seems working -- tested on 21.09.a.20210619.0100 Jordan G
04:44 PM Feature #12066 (New): Include man and man pages for all core programs and packages: Having the man pages - where available - for all out-of-the-box binaries would improve scenarios where there are no o... e 1/1
01:45 PM pfSense Packages Bug #12065 (Resolved): PHP crash when creating a new report in mailreport 3.6.3_2: When creating a new report in mail report 3.6.3_2 a PHP crash is generated. This is triggered as soon as you save the... Max Leighton
12:54 PM pfSense Packages Bug #12030: Startup Errors for Avahi Package: This issue is still present in the June 17th build. Kris Phillips
12:14 PM Bug #12039: Gateway alarm always triggers IPsec restart: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/289
https://gitlab.netgate.com/pfSense/FreeBSD-por... Viktor Gurov
12:13 PM pfSense Packages Bug #12064 (Duplicate): Navbar not responsive when running iperf: In iperf 3.0.2_5, after starting iperf client or server, the navbar is visible but clicking any of the dropdown menus... Max Leighton
02:51 AM Regression #12040 (Resolved): Scheduled firewall rules failing to load: works as expected on 2.5.2.r.20210617.1709:... Viktor Gurov
12:27 AM Bug #12049: Input validation incorrectly rejects a second IPv4-only GRE tunnel: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/288 Viktor Gurov

06/18/2021

10:02 PM Bug #11581 (Resolved): Cannot configure WAN IP address with ``/32`` CIDR mask via console menu: I was able to assign IP address with/32 via console
*** Welcome to pfSense 2.6.0-DEVELOPMENT (amd64) on pfSense *... Alhusein Zawi
08:46 PM Bug #6055: Menu items may remain from packages no longer installed: Chris Buechler wrote:
> Adrien Carlyle wrote:
> > Is there any way to manually correct this?
>
> Edit the <menu>... Jeff Strand
06:48 PM Revision 56ad99b3: Add PPP interface description to mpd config. Fixes #11959: Viktor Gurov
06:42 PM Revision c2c11dcf: Interpret numeric-only addresses as invalid in is_hostname(). Fixes #12000: Viktor Gurov
06:39 PM Revision 99f957fe: Insert Mobile IPsec NAT/BINAT rules into pf rule set. Fixes #12023: Viktor Gurov
06:37 PM Revision 8abff49b: Certmanager UTF8 DN support. Fixes #12041: Viktor Gurov
06:24 PM pfSense Docs New Content #12063 (Closed): Document recently added options for Configuring RFC 2136 Dynamic DNS updates: *Page:* https://docs.netgate.com/pfsense/en/latest/services/dyndns/rfc2136.html
*Feedback:*
# @Zone@: Field not o... Marcos M
06:08 PM Revision afab96d6: Fix #12060: Remove ZeroMQ support: Renato Botelho
05:21 PM pfSense Docs Correction #12062 (Closed): Add Netgate 2100 and 6100 to Throughput Considerations table: That whole page is going to go away: #9228
Once there is a static page we can link to with the numbers from the si... Jim Pingle
05:19 PM pfSense Docs Correction #12062 (Closed): Add Netgate 2100 and 6100 to Throughput Considerations table: h2. Please add the Netgate 2100 and Netgate 6100 to the table on the "Throughput Considerations page":https://docs.ne... Audian Paxson
03:36 PM pfSense Packages Bug #6235: Snort sometimes crashes during rule update process (specifically related to VRT .so rule update?): The Snort GUI package now has additional logic to ensure running Snort interfaces at the start of a rules update cycl... Bill Meeks
03:33 PM pfSense Packages Bug #11637: Preprocs - possible to create two defaults: The remaining GUI bug reported in this issue is fixed in this Snort GUI package Pull Request: https://github.com/pfs... Bill Meeks
03:16 PM Bug #12022 (Resolved): Incorrect OpenVPN Client Export help link: fixed
openvpn help points to https://docs.netgate.com/pfsense/en/latest/packages/openvpn-client-export.html
2.6... Alhusein Zawi
08:00 AM Bug #12022 (Feedback): Incorrect OpenVPN Client Export help link: Applied in changeset commit:62c8a02a9cc6585579fda1e5ec68a1fdbfb0d129. Jim Pingle
07:46 AM Bug #12022 (In Progress): Incorrect OpenVPN Client Export help link: Looks like the help.php line is referencing the wrong file. I'll fix it. Jim Pingle
02:44 AM Bug #12022: Incorrect OpenVPN Client Export help link: Tested on:... Danilo Zrenjanin
02:40 PM Revision 68d8e58c: Use full path for executables in /usr/local/sbin/ shell scripts. Fixes #11985: Viktor Gurov
02:37 PM Revision 692510f2: Do not escape special characters in certificate DN fields. Fixes #12034: Viktor Gurov
01:57 PM Feature #12011: Disable log compression on new installations when ``/var/log`` is a ZFS dataset with compression enabled: I thought perhaps I could have the default be assumed as 'none' with ZFS but in practice that didn't go as well as I'... Jim Pingle
01:55 PM Bug #11959: PPP interfaces lose the description field in ``ifconfig`` output when restarted: Applied in changeset commit:56ad99b3989f0d6bcf1f16ac3eaf727ec6b6c901. Viktor Gurov
01:48 PM Bug #11959 (Feedback): PPP interfaces lose the description field in ``ifconfig`` output when restarted: PR has been merged. Thanks! Renato Botelho
01:55 PM Bug #12000: Remote log server input validation allows invalid values: Applied in changeset commit:c2c11dcf6dd2b71d554d2870a39373e75c70e624. Viktor Gurov
01:45 PM Bug #12000 (Feedback): Remote log server input validation allows invalid values: PR has been merged. Thanks! Renato Botelho
01:45 PM Bug #12023: Mobile IPsec NAT/BINAT entries missing from firewall rules: Applied in changeset commit:99f957fe21d514f9b2bb945fb07c0277df210d03. Viktor Gurov
01:39 PM Bug #12023 (Feedback): Mobile IPsec NAT/BINAT entries missing from firewall rules: PR has been merged. Thanks! Renato Botelho
01:45 PM Bug #12041: Certificate Manager shows incorrect DN for imported entries with UTF-8 encoding: Applied in changeset commit:8abff49b82f6a8ee143cf10f939ed6ca2ad3d4d7. Viktor Gurov
01:38 PM Bug #12041 (Feedback): Certificate Manager shows incorrect DN for imported entries with UTF-8 encoding: PR has been merged. Thanks! Renato Botelho
01:15 PM Todo #12060 (Feedback): Remove deprecated ``libzmq`` code and references: Applied in changeset commit:afab96d6b3bcc47e8fb5b2cd8cbe49d4aefe1a55. Renato Botelho
01:00 PM Todo #12060 (Resolved): Remove deprecated ``libzmq`` code and references: Once upon a time ZMQ was intended to be a potential logging or notification type, but that hasn't been touched in qui... Jim Pingle
01:09 PM Bug #12061: Update NGINX to address CVE-2021-23017: http://nginx.org/en/CHANGES shows it's fixed in 1.20.1, but 1.20.1 is not yet in the ports tree: https://github.com/f... Jim Pingle
01:06 PM Bug #12061 (Closed): Update NGINX to address CVE-2021-23017: https://vuxml.freebsd.org/freebsd/0882f019-bd60-11eb-9bdd-8c164567ca3c.html
NGINX needs to be updated to resolve t... Kris Phillips
12:50 PM Revision 62c8a02a: Correct OpenVPN export help URLs. Fixes #12022: Jim Pingle
12:11 PM Bug #12059 (Rejected): After about an hour DNSSEC lookups start to fail: There isn't enough information to definitively identify this as a bug, and this site is not for support or diagnostic... Jim Pingle
12:07 PM Bug #12059 (Rejected): After about an hour DNSSEC lookups start to fail: After a fresh restart of the server or just unbound everything works great, in the below log paste I used idrive.com.... Keith Owen
11:38 AM pfSense Packages Bug #12058 (Duplicate): pfBlockerNG / "Cannot allocate memory" from Geo blocking IP list: My pfsense emailed me an error yesterday:
```
Notifications in this message: 1
================================
... Sean McBride
11:16 AM Revision 33a37573: RRD DB CPU Temperature. Feature #9297: Viktor Gurov
11:15 AM Revision 71024ca1: Remove package-related syslog configuration on uninstall. Fixes #11846: Viktor Gurov
11:12 AM Revision 44144b37: Hide "Reboot and run a filesystem check" for ZFS systems. Implements #11983: Viktor Gurov
11:11 AM Revision a0892760: Mute boot messages for inactive services. Issue #12038: Viktor Gurov
11:04 AM Revision 4d934cc4: Do not try to stop disabled packages on shutdown. Fixes #12001: Viktor Gurov
09:50 AM Todo #11985: Ensure ``/usr/local/sbin/`` scripts use full path to executable files: Applied in changeset commit:68d8e58c9efd5d43aa0331fa72c4140161972e36. Viktor Gurov
09:41 AM Todo #11985 (Feedback): Ensure ``/usr/local/sbin/`` scripts use full path to executable files: PR has been merged. Thanks! Renato Botelho
09:45 AM Bug #12034: Certificate Manager performs redundant escaping of special characters in certificate DN fields: Applied in changeset commit:692510f22097bc6100fde467d2f6b3aea8cd51bc. Viktor Gurov
09:39 AM Bug #12034 (Feedback): Certificate Manager performs redundant escaping of special characters in certificate DN fields: PR has been merged. Thanks! Renato Botelho
07:12 AM Bug #12034 (Pull Request Review): Certificate Manager performs redundant escaping of special characters in certificate DN fields: Jim Pingle
09:05 AM Feature #12055: Option to disable XMLRPC Sync for Loopback Virtual IPs: Changing the sync default behavior would be a POLA violation as it would break users who rely on that behavior now.
... Jim Pingle
08:49 AM Feature #12055: Option to disable XMLRPC Sync for Loopback Virtual IPs: That seems unnecessarily complex and counter-intuitive. If I go that route then I have a routable IP address on two d... Chris Myles
08:39 AM Feature #12055: Option to disable XMLRPC Sync for Loopback Virtual IPs: Then set FRR differently on each node so it only advertises the addresses you want from each node. FRR does not suppo... Jim Pingle
08:35 AM Feature #12055: Option to disable XMLRPC Sync for Loopback Virtual IPs: They should be advertised though as the loopbacks serve as the primary management addresses for their corresponding n... Chris Myles
08:26 AM Feature #12055: Option to disable XMLRPC Sync for Loopback Virtual IPs: Use the features built into the dynamic routing protocols to prevent those addresses from being advertised. That's th... Jim Pingle
08:20 AM Feature #12055: Option to disable XMLRPC Sync for Loopback Virtual IPs: The problem is that when you configure a loopback address, it's considered a directly connected network and will be a... Chris Myles
07:43 AM Feature #12055 (Feedback): Option to disable XMLRPC Sync for Loopback Virtual IPs: While it is capable of receiving traffic from another host, nothing could ARP for it, so it can't "conflict" as other... Jim Pingle
08:34 AM Regression #12057: 21.09/2.6.0 - High CPU usage and slowness with ``pfctl -ss``: As I mentioned on #12045 we are aware and it will be automatically addressed during the next upstream sync. 2.6.0 is ... Jim Pingle
08:28 AM Regression #12057 (Resolved): 21.09/2.6.0 - High CPU usage and slowness with ``pfctl -ss``: pfctl -ss is taking consuming large amounts of CPU and taking much longer than it should to output data on 2.6:
ht... RED SKULL
08:27 AM Regression #12045: High CPU usage and slowness with ``pfctl -ss``: Yes, we are aware, but 2.6.0 will get the fix when we do a full sync with FreeBSD sources next, which wasn't an optio... Jim Pingle
08:23 AM Regression #12045: High CPU usage and slowness with ``pfctl -ss``: 2.6 has the same problem. This fix needs to be applied there too.
https://www.reddit.com/r/PFSENSE/comments/nz8fm... RED SKULL
07:37 AM pfSense Packages Bug #12054 (Feedback): "succesfully" misspelled: Pushed a fix. The typo was repeated a total of three times in there, actually. Jim Pingle
07:28 AM pfSense Plus Bug #12053 (Feedback): PRF Algorithm is Always Set to SHA256 on New Tunnel Creations: I can't reproduce this here. I see the config.xml tag @<prf-algorithm>sha256</prf-algorithm>@ but it does not get put... Jim Pingle
06:25 AM Bug #11846: Logging configuration added by a package is not removed on uninstall: Applied in changeset commit:71024ca1064fe21145d7402ec5abc05360558f5e. Viktor Gurov
06:15 AM Bug #11846 (Feedback): Logging configuration added by a package is not removed on uninstall: PR has been merged. Thanks! Renato Botelho
06:20 AM Todo #11983: Hide "Reboot and run a filesystem check" for ZFS systems: Applied in changeset commit:44144b377d3282f8e95c676e8fae1d343ba3f8b7. Viktor Gurov
06:13 AM Todo #11983 (Feedback): Hide "Reboot and run a filesystem check" for ZFS systems: PR has been merged. Thanks! Renato Botelho
06:17 AM Feature #9297 (Feedback): Graph for hardware temperature readings: PR has been merged. Thanks! Renato Botelho
06:12 AM Bug #12038 (Feedback): System attempts to start inactive services at boot: PR has been merged. Thanks! Renato Botelho
06:10 AM Bug #12001: System attempts to stop inactive services at shutdown: Applied in changeset commit:4d934cc48211f4b746da6de57e6e888104694f22. Viktor Gurov
06:04 AM Bug #12001 (Feedback): System attempts to stop inactive services at shutdown: PR has been merged. Thanks! Renato Botelho
05:51 AM Bug #12056 (Pull Request Review): Filterlog says "Unknown Option %u": I see the following messages in my filter logs:... Florian Apolloner
05:09 AM Regression #12048: Error during XMLRPC synchronization due to changes in ``pear-HTTP_Request2``: I've created an upstream issue at https://github.com/pear/HTTP_Request2/issues/23 Renato Botelho
04:59 AM Regression #11910: IPsec status tunnel descriptions are incorrect: Kris Phillips wrote:
> Saw this yesterday. Customer has the following:
>
> 3 P1s, 2 were IKEv1 and 1 was IKEv2
... Renato Botelho
04:34 AM Bug #11926 (Resolved): Advanced DHCP client configuration "Protocol timing" help text is in the wrong location: Tested on:... Danilo Zrenjanin

06/17/2021

10:47 PM Feature #12055: Option to disable XMLRPC Sync for Loopback Virtual IPs: Forgot the doc link - here it is: https://docs.netgate.com/pfsense/en/latest/firewall/virtual-ip-addresses.html Chris Myles
10:46 PM Feature #12055 (Closed): Option to disable XMLRPC Sync for Loopback Virtual IPs: According to this pfSense doc, Loopback IPs are synchronized via XMLRPC because they are only ever active on the loca... Chris Myles
08:53 PM pfSense Packages Bug #12054 (Resolved): "succesfully" misspelled: When fetching a patch, the message "Patch fetched succesfully" is missing an S. Steve Y
07:55 PM pfSense Plus Bug #12053: PRF Algorithm is Always Set to SHA256 on New Tunnel Creations: Selection feature was introduced in changeset f5ddbec114b3b9ecce14761d173381556422061b Kris Phillips
07:52 PM pfSense Plus Bug #12053: PRF Algorithm is Always Set to SHA256 on New Tunnel Creations: Reference internal ticket INC-87329 for troubleshooting steps with customer that experienced this. Kris Phillips
07:51 PM pfSense Plus Bug #12053 (Closed): PRF Algorithm is Always Set to SHA256 on New Tunnel Creations: When creating new P1s regardless of what the hash algorithm is set to the variable in config.xml is always set to <pr... Kris Phillips
07:28 PM Regression #12048 (New): Error during XMLRPC synchronization due to changes in ``pear-HTTP_Request2``: Latest 2.5.2 build looks good with pear-HTTP_Request2 2.3.0,1.
Moving this ahead to 2.6.0 for (hopefully) a long t... Jim Pingle
04:29 PM Regression #12048 (Feedback): Error during XMLRPC synchronization due to changes in ``pear-HTTP_Request2``: pear-HTTP_Request2 downgraded to 2.3.0,1 Renato Botelho
01:56 PM Regression #12048: Error during XMLRPC synchronization due to changes in ``pear-HTTP_Request2``: Jim Pingle wrote:
> I have been able to narrow this down further to this change:
>
> [...]
>
> If I go back to... Luca De Andreis
01:16 PM Regression #12048: Error during XMLRPC synchronization due to changes in ``pear-HTTP_Request2``: I have been able to narrow this down further to this change:... Jim Pingle
12:50 PM Regression #12048: Error during XMLRPC synchronization due to changes in ``pear-HTTP_Request2``: After checking many, many different things (SSL, crypto settings, nginx settings, and more) I went back and tried old... Jim Pingle
07:00 PM Revision 9455c6ef: XMLRPC sync improvements. Implements #12051: Jim Pingle
06:04 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: I can confirm that applying the PCRE_JIT patch fixed this problem for me on 21.05. Clinton Cory
05:44 PM Revision f0e84135: Moves the help text to the appropriate place. Issue #11926: Danilo Zrenjanin
05:34 PM Revision 760d4d13: Build QEMU Guest Agent. Feature #9877: Viktor Gurov
05:10 PM Revision cf11a8a5: Allow to swith to Persistent Maintenance Mode if CARP is disabled. Fixes #11727: Viktor Gurov
05:08 PM Revision 97762ce9: Enable build of zabbix 5.4 packages: Renato Botelho
05:04 PM Revision 4e3ab7d2: Add Zabbix 5.4 config options. Feature #12042: Viktor Gurov
04:06 PM Revision 1b910463: Fixed #12050 by adding new JumpToLine() function and calling as needed: Steve Beaver
03:02 PM Regression #12052 (Resolved): IPsec status IKE disconnect button drops all connections for the IKE ID, not a specific IKE SA ID: *Plataform:*
Version 2.5.1-RELEASE (amd64) on VMWare
built on Mon Apr 12 07:50:14 EDT 2021
FreeBSD 12.2-STABLE
... Geovane Gonçalves
02:10 PM Todo #12051 (Feedback): XMLRPC client improvements: Applied in changeset commit:9455c6ef8fa512b9341885c2186f7a79ac59cf2b. Jim Pingle
01:52 PM Todo #12051 (Resolved): XMLRPC client improvements: There are a few changes that could be beneficial for the XMLRPC sync client:
* The same client can be reused for m... Jim Pingle
12:44 PM Bug #11926 (Feedback): Advanced DHCP client configuration "Protocol timing" help text is in the wrong location: PR has been merged. Thanks! Renato Botelho
12:35 PM Feature #9877 (Feedback): QEMU Guest Agent: PR has been merged. Thanks! Renato Botelho
12:20 PM Bug #11727: Cannot enter persistent CARP maintenance mode when CARP is disabled: Applied in changeset commit:cf11a8a5b5752cdf3b4739b1ae1ed56e197705c3. Viktor Gurov
12:12 PM Bug #11727 (Feedback): Cannot enter persistent CARP maintenance mode when CARP is disabled: PR has been merged. Thanks! Renato Botelho
12:09 PM pfSense Packages Feature #12042 (Feedback): Add Zabbix 5.4 agent and proxy packages: PRs merged. Thanks!
I also enabled the build on poudriere_bulk for CE 2.6.0 Renato Botelho
11:15 AM Bug #12050: "GoTo line #" function does not work on ``diag_edit.php``: Applied in changeset commit:1b9104637f304697ec714d8b6ceb8f95466b52b1. Anonymous
11:08 AM Bug #12050 (Feedback): "GoTo line #" function does not work on ``diag_edit.php``: Functionality provided via new JS function jumpToLine() called when requesting GoTo line Anonymous
11:05 AM Bug #12050 (Resolved): "GoTo line #" function does not work on ``diag_edit.php``: When entering a value in the GoTo line # field, the requested line is highlighted, but the textarea does not scroll t... Anonymous
10:59 AM Regression #11910: IPsec status tunnel descriptions are incorrect: Saw this yesterday. Customer has the following:
3 P1s, 2 were IKEv1 and 1 was IKEv2
3 P2s, the 2 for the IKEv1 w... Kris Phillips
10:58 AM Revision dff043e9: Revert "Enable build of Telegraf on armv7": This reverts commit 99e7f9ec562cb3a0f614c60ae7813d8318cdff17. Renato Botelho
10:29 AM Bug #12049: Input validation incorrectly rejects a second IPv4-only GRE tunnel: This is not a regression. Too late for 2.5.2 Renato Botelho
04:20 AM Bug #12049 (Resolved): Input validation incorrectly rejects a second IPv4-only GRE tunnel: More info:
-> This only occurs when creating A 2ND SUCH TUNNEL FOR THE SAME "Parent Interface"
-> The "GRE-tu... Peter Van Overveldt
10:21 AM Revision 99e7f9ec: Enable build of Telegraf on armv7: Renato Botelho
08:02 AM Bug #11850: NTP authentication input validation rejects valid keys: Thanks the effort made.
Just want to confirm: in *21.05-RELEASE* it works now as expected. Thomas Paetzold
06:32 AM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: Charles Jackson wrote:
> I've managed to get two XBoX's and a gaming PC on my network and one Xbox and the PC to con... T S

06/16/2021

05:00 PM Revision b2a8595c: Fix filename: Renato Botelho
02:03 PM Revision 21fb5288: Correct pfctl syntax to kill by label. Fixes #12040: (cherry picked from commit 2afcd4527d4b245c7968bf7ac6b6c505259fe6c9) Jim Pingle
02:02 PM Revision 2afcd452: Correct pfctl syntax to kill by label. Fixes #12040: Jim Pingle
01:57 PM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: Charles Jackson wrote:
> I've managed to get two XBoX's and a gaming PC on my network and one Xbox and the PC to con... Polar Nerd
01:46 PM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: I've managed to get two XBoX's and a gaming PC on my network and one Xbox and the PC to connect to and play the same ... Charles Jackson
12:04 PM pfSense Packages Feature #12042: Add Zabbix 5.4 agent and proxy packages: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/287
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-... Viktor Gurov
09:58 AM Regression #12048 (Confirmed): Error during XMLRPC synchronization due to changes in ``pear-HTTP_Request2``: At first I couldn't reproduce it, but now I can every time. Not sure what changed. It didn't show up in the logs or n... Jim Pingle
07:20 AM Regression #12048 (Rejected): Error during XMLRPC synchronization due to changes in ``pear-HTTP_Request2``: I cannot replicate the problem as stated and nothing changed between the previous builds which would have impacted XM... Jim Pingle
03:08 AM Regression #12048 (Closed): Error during XMLRPC synchronization due to changes in ``pear-HTTP_Request2``: I've just update the test PfSense cluster to release
2.5.2.r.20210615.1851
On the immediately preceding release ... Luca De Andreis
09:11 AM Regression #12037 (Closed): Built-in SNMP daemon does not return values for BEGEMOT-PF-MIB::pfLabels on latest build: SNMP daemon is returning correct responses now Jim Pingle
09:10 AM Regression #12040 (Feedback): Scheduled firewall rules failing to load: Applied in changeset commit:2afcd4527d4b245c7968bf7ac6b6c505259fe6c9. Jim Pingle
09:00 AM Regression #12040 (In Progress): Scheduled firewall rules failing to load: The scheduled rules are loading, but commit:765277ba6d873847c6c5b5657877e9fb0cec4357 needs another fix to correct the... Jim Pingle
09:07 AM Regression #12045 (Resolved): High CPU usage and slowness with ``pfctl -ss``: The latest build includes the fixes for this and it's working properly now. Dumping the states is fast no matter how ... Jim Pingle
07:57 AM Bug #12034: Certificate Manager performs redundant escaping of special characters in certificate DN fields: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/286 Viktor Gurov
07:17 AM Bug #12034: Certificate Manager performs redundant escaping of special characters in certificate DN fields: it looks like `cert_escape_x509_chars()` is not needed - `openssl_csr_new()` automatically adds double quotes in case... Viktor Gurov

06/15/2021

06:38 PM pfSense Plus Bug #11942: Disconnecting WAN Interface Kills OpenVPN Servers on Other Interfaces: I lied about the static. Still no dice. Web Dawg
06:37 PM pfSense Plus Bug #11942: Disconnecting WAN Interface Kills OpenVPN Servers on Other Interfaces: UDP ipv4
It seems to work better if their is a static assigned to WAN, but not scientific test. Will test here so... Web Dawg
05:21 PM Regression #12045 (Feedback): High CPU usage and slowness with ``pfctl -ss``: I've cherry-picked commits from upstream/main to pfsense/RELENG_2_5_2 that should help this case:
b5d787d93b3d83f2... Renato Botelho
01:55 PM Regression #12045 (Resolved): High CPU usage and slowness with ``pfctl -ss``: Some users have found that @pfctl -ss@ is taking consuming large amounts of CPU and taking much longer than it should... Jim Pingle
05:20 PM Todo #12047 (Closed): Make sure libnv fixes are on devel-12 branch: Following commits were cherry-picked directly from upstream/main to pfsense/RELENG_2_5_2 in order to fix #12045.
b... Renato Botelho
04:53 PM Bug #12034: Certificate Manager performs redundant escaping of special characters in certificate DN fields: Here's some more details when examining certificates generated from different sources:
# Cert from third-party app... Marcos M
02:49 PM pfSense Docs Todo #12046 (Rejected): Feedback on Troubleshooting — Troubleshooting Duplicate IPsec SA Entries: That's expected at the moment, but already being worked on.
I'm in the process of updating the other documentation... Jim Pingle
02:43 PM pfSense Docs Todo #12046 (Rejected): Feedback on Troubleshooting — Troubleshooting Duplicate IPsec SA Entries: The confusion is around how to "disable". The way to disable seems to be conflicting?
*Page:* https://docs.netgate... Brendon Baumgartner
01:52 PM Revision 474b0fed: Start IPv6 tunnel interfaces on boot and restart on dynamic IPv6 change. Fixes #6507: Viktor Gurov
01:48 PM Revision 015a4824: Easyrule IPv6 fix. Issue #11439: Viktor Gurov
01:00 PM Revision 27a8acbb: Use 'tos' rather than 'dscp' keyword for pf DSCP matching: The 'dscp' keyword is pfSense-specific, but doesn't do anything more
than the FreeBSD 'tos' keyword.
Using 'tos' will... Kristof Provost
12:59 PM Revision 0b817201: Tell pf to keep counter values: Pf can attempt to preserve (rule) counter values across rule updates.
We've reverted our home-grown implementation an... Kristof Provost
12:59 PM Revision 765277ba: schedule: Use the new multi-label support: We've removed the pfsense specific 'schedule' keyword, and now use the new
multi-label support. That is, schedules ar... Kristof Provost
11:04 AM Bug #12041 (Pull Request Review): Certificate Manager shows incorrect DN for imported entries with UTF-8 encoding: Jim Pingle
10:52 AM Bug #12041: Certificate Manager shows incorrect DN for imported entries with UTF-8 encoding: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/285 Viktor Gurov
09:28 AM Bug #12041 (Resolved): Certificate Manager shows incorrect DN for imported entries with UTF-8 encoding: If you import a certificate containing UTF8 encoding into certificate manager,
it shows escaped unicode characters i... Viktor Gurov
10:56 AM Todo #12044 (Resolved): Improve IPsec identifier settings: We expose several IPsec identifier types in the GUI. strongSwan supports a few more, plus an automatic type. Addition... Jim Pingle
09:37 AM pfSense Packages Feature #12042 (Resolved): Add Zabbix 5.4 agent and proxy packages: New release from Zabbix, please add this new version : https://www.zabbix.com/rn/rn5.4.0 Nox Inmortus
09:21 AM pfSense Packages Bug #11605: Suricata can trigger PHP crash on SG-3100: Justin P wrote:
> Bill Meeks wrote:
> > Jim Pingle wrote:
> > > Bill Meeks wrote:
> > > > Does this function call... Justin P
09:20 AM Bug #6507: GRE and GIF tunnels on dynamic IPv6 interface are not brought up during boot: Applied in changeset commit:474b0fed67a9e2682526a230d410a4339ec7972d. Viktor Gurov
09:10 AM Bug #6507 (Feedback): GRE and GIF tunnels on dynamic IPv6 interface are not brought up during boot: PR has been merged. Thanks! Renato Botelho
08:49 AM Feature #11439 (Feedback): IPv6 support in ``easyrule`` CLI script: PR has been merged. Thanks! Renato Botelho
08:06 AM Regression #12040 (Feedback): Scheduled firewall rules failing to load: There were some commits for the latest pf changes which were not included in the last 2.5.2 build, but will be in the... Jim Pingle
08:03 AM Regression #12040 (Resolved): Scheduled firewall rules failing to load: In 2.5.2-RC firewall rules with a schedule fail to load generating an error.
Tested using this config:... Steve Wheeler
07:27 AM Regression #12037 (Feedback): Built-in SNMP daemon does not return values for BEGEMOT-PF-MIB::pfLabels on latest build: Merged into devel-12 and cherry-picked to RELENG_2_5_2. Kristof Provost
07:14 AM Regression #12037 (Pull Request Review): Built-in SNMP daemon does not return values for BEGEMOT-PF-MIB::pfLabels on latest build: Jim Pingle
07:06 AM Regression #12037 (Waiting on Merge): Built-in SNMP daemon does not return values for BEGEMOT-PF-MIB::pfLabels on latest build: This was the result of an incorrect conversion to libpfctl (a DIOICGETRULE ioctl call was replaced by pfctl_add_rule(... Kristof Provost
07:18 AM Bug #12038 (Pull Request Review): System attempts to start inactive services at boot: Jim Pingle
04:56 AM Bug #12038: System attempts to start inactive services at boot: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/284 Viktor Gurov
03:43 AM Bug #12038 (Resolved): System attempts to start inactive services at boot: ... Viktor Gurov
04:04 AM Bug #12039 (Resolved): Gateway alarm always triggers IPsec restart: There are several issues:
1) '/etc/rc.gateway_alarm' trigger '/etc/rc.newipsecdns' which generate an invalid log m... Viktor Gurov

06/14/2021

08:08 PM Revision 3f39bbaf: Promote 2.5.2 to RC: Renato Botelho
08:06 PM Revision 26f8169b: Promote 2.5.2 to RC: (cherry picked from commit eb1305d0736a1d71d1615ca6b19e3f4a917317a0) Renato Botelho
08:06 PM Revision eb1305d0: Promote 2.5.2 to RC: Renato Botelho
07:14 PM Revision de248d0f: Do not show OpenVPN TUN interfaces on VLAN/QinQ edit pages. Fixes #11675: Viktor Gurov
07:13 PM Revision 3f0e9812: Configure OpenVPN-parent QinQ interfaces on boot. Fixes #11662: Viktor Gurov
06:34 PM Revision 23922057: Remove duplicate comconsole_port from loader.conf. Fixes #11653: Viktor Gurov
06:16 PM Revision 789f8b22: Allow to enter /32 netmask and non-local gateway in the console menu. Issue #11581: Viktor Gurov
06:10 PM Revision a17e9816: link_interface_to_tunnelif(): Make it consistent: Change link_interface_to_tunnelif() to always return an array and
simplify logic used when it's used removing unneede... Renato Botelho
06:09 PM Revision 77e3e15a: Do not unset variables that will be set on next line: Renato Botelho
03:29 PM Regression #12037 (Closed): Built-in SNMP daemon does not return values for BEGEMOT-PF-MIB::pfLabels on latest build: On the current RC builds of 2.5.2 with the new pf code, the bsnmp daemon no longer returns rule label data from the p... Jim Pingle
02:20 PM Bug #11675: VLAN and QinQ edit pages allows selecting incompatible OpenVPN ``tun`` interfaces: Applied in changeset commit:de248d0f6de7bcbca65aa94a37ac2a855b302580. Viktor Gurov
02:15 PM Bug #11675 (Feedback): VLAN and QinQ edit pages allows selecting incompatible OpenVPN ``tun`` interfaces: PR has been merged. Thanks! Renato Botelho
02:20 PM Bug #11662: QinQ using OpenVPN ``ovpn`` interface as a parent is not configured at boot time: Applied in changeset commit:3f0e9812fea8672c2842d5f3f7a103518965af7f. Viktor Gurov
02:13 PM Bug #11662 (Feedback): QinQ using OpenVPN ``ovpn`` interface as a parent is not configured at boot time: PR has been merged. Thanks! Renato Botelho
01:40 PM Bug #11653: Duplicate ``comconsole_port`` lines in ``/boot/loader.conf``: Applied in changeset commit:23922057504c253f1ddd0b6269e7ce85e94ac61e. Viktor Gurov
01:35 PM Bug #11653 (Feedback): Duplicate ``comconsole_port`` lines in ``/boot/loader.conf``: PR has been merged. Thanks! Renato Botelho
01:31 PM Bug #11581 (Feedback): Cannot configure WAN IP address with ``/32`` CIDR mask via console menu: PR has been merged. Thanks! Renato Botelho
01:17 PM pfSense Packages Bug #12036 (Pull Request Review): Certificate Manager page do not show Zabbix used certificates: Jim Pingle
11:39 AM pfSense Packages Bug #12036: Certificate Manager page do not show Zabbix used certificates: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/94 Viktor Gurov
06:03 AM pfSense Packages Bug #12036 (Resolved): Certificate Manager page do not show Zabbix used certificates: On the system_certmanager.php page, you can see the "In Use" column which reflects the certificates used by IPsec / O... Viktor Gurov
11:48 AM Bug #12034: Certificate Manager performs redundant escaping of special characters in certificate DN fields: Interesting. Looks like the output varies by platform or OpenSSL version. Where I initially checked that was on an ol... Jim Pingle
11:33 AM Bug #12034: Certificate Manager performs redundant escaping of special characters in certificate DN fields: Jim Pingle wrote:
> I can't reproduce this here. The code is already doing the escaping so the user doesn't need to ... Viktor Gurov
07:41 AM Bug #12034 (Feedback): Certificate Manager performs redundant escaping of special characters in certificate DN fields: I can't reproduce this here. The code is already doing the escaping so the user doesn't need to worry about it. If I ... Jim Pingle
05:03 AM Bug #12034: Certificate Manager performs redundant escaping of special characters in certificate DN fields: according to https://datatracker.ietf.org/doc/html/rfc4514 "," (comma) must be escaped:... Viktor Gurov
04:53 AM Bug #12034 (Resolved): Certificate Manager performs redundant escaping of special characters in certificate DN fields: We are facing issue while generating Cert/CSR form Cert. Manager whenever there is comma (,) in Organization same.
T... Viktor Gurov
09:30 AM Regression #12021: NoIP.com incorrectly encodes Dynamic DNS update credentials: Marcos Mendoza wrote:
> Maybe the username:password syntax can be avoided altogether and instead the @Authorization@... Viktor Gurov
07:45 AM Regression #12028: SNMP daemon issues with pf nvlist changes: I no longer get the original error on startup, and I am able to see data from the PF MIB:... Jim Pingle
06:01 AM Regression #12028 (Resolved): SNMP daemon issues with pf nvlist changes: libpfctl is now linked to libnv... Renato Botelho
07:44 AM pfSense Docs Correction #12032 (Closed): TP-LINK M7350 modem works as an ethernet devices: PR Merged. Jim Pingle
05:38 AM pfSense Docs Correction #12032: TP-LINK M7350 modem works as an ethernet devices: https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/18 Viktor Gurov
07:38 AM Bug #9277: MBT-4220/2220: pfSense hangs when running sysctl -a: No. Those OIDs don't exist to be read if the i915 module is not loaded:... Steve Wheeler
07:33 AM Bug #9277: MBT-4220/2220: pfSense hangs when running sysctl -a: Does it still crash if you don't load the i915 module? Jim Pingle
07:35 AM Bug #12023 (Pull Request Review): Mobile IPsec NAT/BINAT entries missing from firewall rules: Jim Pingle
04:01 AM Bug #12023: Mobile IPsec NAT/BINAT entries missing from firewall rules: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/283 Viktor Gurov
07:30 AM pfSense Packages Bug #12027 (Closed): FreeRADIUS 3.0.22 removed LEAP, package fails to start: Works now Jim Pingle
06:02 AM Regression #12017 (Resolved): FreeBSD-SA-21:12.libradius breaks mpd5 when using MS-CHAPv2: Renato Botelho
05:32 AM Feature #12035 (Resolved): Input validation to prevent unsupported UTF-8 characters from being used in certificate subject components: If you try to use any UTF8 characters in State or Province/City/Organization/Organizational Unit fields, an error occ... Viktor Gurov
02:17 AM pfSense Packages Bug #12033 (New): maxmindb and _sqlite3 modules not found: https://forum.netgate.com/topic/164305/py_error-log-errors-maxmindb-and-_sqlite3-modules-not-found
I am using pfbl... Viktor Gurov

06/13/2021

02:54 PM Regression #12021: NoIP.com incorrectly encodes Dynamic DNS update credentials: Maybe the username:password syntax can be avoided altogether and instead the @Authorization@ header can be used as sp... Marcos M
11:59 AM pfSense Packages Bug #11459: pfBlockerNG doesn't include WireGuard interface in outbound floating rules: Tested on the latest RC release.
pfBlockerNG-devel 3.0.0_16
After enabling a Wireguard tunnel the interface stil... Danilo Zrenjanin
09:56 AM Regression #11910: IPsec status tunnel descriptions are incorrect: I saw this behaviour when adding a VTI phase 2 to a system which already had a mobile IPSec tunnel defined.
Both con... Steve Wheeler
06:47 AM Bug #9277: MBT-4220/2220: pfSense hangs when running sysctl -a: There appear to be two specific sysctls that cause the system to stop responding:... Steve Wheeler
05:48 AM pfSense Docs Correction #12032 (Closed): TP-LINK M7350 modem works as an ethernet devices: In the docs page entitled "Known Working 3G-4G Modems":https://docs.netgate.com/pfsense/en/latest/cellular/hardware.h... abel callejo

06/12/2021

08:17 PM pfSense Packages Bug #12031 (Resolved): Wireguard Package Produces Crash in 2.5.2: The Wireguard package produces a crash report in the dashboard in 2.5.2 after install. Here is the data:
Crash re... Kris Phillips
07:13 PM Bug #9277: MBT-4220/2220: pfSense hangs when running sysctl -a: This was difficult to pin-down because it only stops responding if the HDMI console is not connected at the time the ... Steve Wheeler
05:54 PM Revision 20a9b988: This appears to be causing unintended fallout. Reverting for now.: Revert "Delete static routes on gateway down. Fixes #11296"
This reverts commit 3fca57f8fae3733845c90338943c418bb77e... Jim Pingle
05:54 PM Revision 25b839d4: This appears to be causing unintended fallout. Reverting for now.: Revert "Delete static routes on gateway down. Fixes #11296"
This reverts commit 3fca57f8fae3733845c90338943c418bb77e... Jim Pingle
05:54 PM pfSense Packages Bug #12030 (Resolved): Startup Errors for Avahi Package: The avahi package is complaining about NSS support being missing and dependency errors on startup in 2.5.2.
WARN... Kris Phillips
03:16 PM pfSense Packages Feature #10858 (Resolved): OpenVPN Client silent install: Tested OpenVPN Client Export 1.6_1 in 2.5.2.r.20210611.0300 and the silent installer option is getting saved as defau... Max Leighton
01:57 PM Bug #12022: Incorrect OpenVPN Client Export help link: 2.6.0.a.20210612.0100 Client Export help is still pointing to https://docs.netgate.com/pfsense/en/latest/vpn/openvp... Alhusein Zawi
01:13 PM Bug #11296 (New): Static route targets may still reachable via default route when the gateway they should route through is down: Jim Pingle
01:00 PM Bug #11296 (Feedback): Static route targets may still reachable via default route when the gateway they should route through is down: Applied in changeset commit:25b839d4990bd5e3f55b2eccbdea74d1d2b92d5d. Jim Pingle
12:56 PM Bug #11296 (New): Static route targets may still reachable via default route when the gateway they should route through is down: Per Jim T, reverted this from 2.6.0 and 2.5.2. It appears to be causing some unintended side effects.
Can revisit ... Jim Pingle
08:37 AM pfSense Packages Bug #11605: Suricata can trigger PHP crash on SG-3100: Bill Meeks wrote:
> Jim Pingle wrote:
> > Bill Meeks wrote:
> > > Does this function call work without restarting ... Justin P
06:39 AM Regression #12028 (Feedback): SNMP daemon issues with pf nvlist changes: Look to be fixed by Luiz's a8c3d8e344a7d7e015b78fa4935fcdbd4aec97df.
We were missing the libnv dependency in the l... Kristof Provost

06/11/2021

07:07 PM pfSense Packages Bug #11950: Wireguard Package Errors and DNS problem: No more DNS issue at boot after using MSS Clamp so disregard the DNS portion of this ticket RED SKULL
04:19 PM Feature #12029 (Duplicate): Please add MAC OUI lookup results (e.g. DHCP Leases table) to the ARP table: It's already in the code, but had a bug recently: #11819 Jim Pingle
04:06 PM Feature #12029 (Duplicate): Please add MAC OUI lookup results (e.g. DHCP Leases table) to the ARP table: In the DHCP Leases table, we see the assigned manufacturer displayed beside each MAC address.
This would be extremel... Adam Thompson
03:53 PM Revision 9569d863: OpenVPN Wizard: Set inactive_seconds = 300 by default.: Follow up with fix for ticket #11699 and also enable it on server
tunnels created using wizard Viktor Gurov
03:52 PM Revision 4aab19d4: Remove urlencode() for NoIP.com DDNS credentials. Fixes #12021.: Viktor Gurov
12:36 PM Bug #12003: Pie and ``fq_pie`` are missing options and do not handle floating point number input correctly: Patch version 3.
Added the ability to set the AQM & Scheduler parameters to zero.
Before php would interpet a zer... Anonymous
12:01 PM Regression #12017 (Feedback): FreeBSD-SA-21:12.libradius breaks mpd5 when using MS-CHAPv2: Renato Botelho
12:01 PM Regression #12017: FreeBSD-SA-21:12.libradius breaks mpd5 when using MS-CHAPv2: Jim Pingle wrote:
> I do see the initial broken commit (@83280d17fccff2db7d79c7f38e80ec29078ef35e@) in 2.5.2 as well... Renato Botelho
10:36 AM Regression #12017: FreeBSD-SA-21:12.libradius breaks mpd5 when using MS-CHAPv2: I do see the initial broken commit (@83280d17fccff2db7d79c7f38e80ec29078ef35e@) in 2.5.2 as well, so we need to bring... Jim Pingle
10:18 AM Regression #12017: FreeBSD-SA-21:12.libradius breaks mpd5 when using MS-CHAPv2: After several attempts I confirm that the bug is on libradius.so.4
I've replaced the library with the patched versio... Michele Rento
11:28 AM Regression #12028 (Resolved): SNMP daemon issues with pf nvlist changes: On @2.5.2.r.20210611.0300@ and @2.6.0.a.20210611.0100@, the built-in SNMP (bsnmp) logs the following at startup:
<... Jim Pingle
11:00 AM pfSense Packages Bug #12027 (Feedback): FreeRADIUS 3.0.22 removed LEAP, package fails to start: Fix pushed as pkg version 0.15.7_31 Jim Pingle
10:59 AM pfSense Packages Bug #12027 (Closed): FreeRADIUS 3.0.22 removed LEAP, package fails to start: Systems which pick up FreeRADIUS 3.0.22 (e.g. 2.5.2, 2.6.0 after latest ports merge) won't start because the package ... Jim Pingle
11:00 AM Regression #12021: NoIP.com incorrectly encodes Dynamic DNS update credentials: Applied in changeset commit:4aab19d4ade5d164c22bd63b2833d54bab740d59. Viktor Gurov
10:53 AM Regression #12021 (Feedback): NoIP.com incorrectly encodes Dynamic DNS update credentials: PR has been merged. Thanks! Renato Botelho
10:51 AM Bug #12022 (Feedback): Incorrect OpenVPN Client Export help link: Merged Renato Botelho
12:17 AM Bug #12022: Incorrect OpenVPN Client Export help link: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/282 Viktor Gurov
10:05 AM Todo #12025: Add 1:1 Validation to Notify Someone They are 1:1 NAT'ing an Interface Address: We used to prevent that in the past and had numerous complaints. There are many ways someone can shoot themselves in ... Jim Pingle
09:57 AM Regression #12024 (Closed): State table data in GUI does not show the expected interface after latest pf merge: This looks good on @2.5.2.r.20210611.0300@ and @2.6.0.a.20210611.0100@, both with @php74-pfSense-module-0.71@
* St... Jim Pingle
05:17 AM Revision fda3e52d: OpenVPN Client Export help link fix. Issue #12022: Viktor Gurov
05:06 AM Regression #11910: IPsec status tunnel descriptions are incorrect: I can replicate the active tunnel count being incorrect, as well as incorrect status, by using P1s with the option "G... Marcos M
12:43 AM Bug #12026: Applying IPsec settings for many tunnels is slow or times out: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/279 Viktor Gurov
12:42 AM Bug #12026 (Resolved): Applying IPsec settings for many tunnels is slow or times out: This is an additional optimization for #11795:
1. `ipsec_get_phase1_src()` - always executes `get_interface_ip/ipv... Viktor Gurov

06/10/2021

09:43 PM Bug #11934: IPSEC stops working on 2.5.1 running on Watchguard XTM 5: Tried altering and saving then applying but no IPSEC status, still unable to stop or start service... Paul Kennedy
08:29 PM Revision e2bb3424: Revise firewall schedule delete for MVC: Steve Beaver
05:34 PM Todo #12025 (New): Add 1:1 Validation to Notify Someone They are 1:1 NAT'ing an Interface Address: Although it is VERY rarely necessary, we should add a banner to the top of the 1:1 NAT page notifying end users that ... Kris Phillips
04:54 PM Revision 99b3a5cb: Change pkg install variable references. Fixes #11290: * For whatever reason, PHP was failing to copy certain values into
$pkg_data which was a reference to the pkg configu... Jim Pingle
03:04 PM Bug #12023: Mobile IPsec NAT/BINAT entries missing from firewall rules: Documenting a possible workaround:
If you have the following Mobile IPsec configuration:
Mobile Virtual Address... Chris Linstruth
11:25 AM Bug #12023: Mobile IPsec NAT/BINAT entries missing from firewall rules: Noting here what I mentioned on Slack:
* This is likely due to the fact that the "remote" network on mobile P2s is... Jim Pingle
11:18 AM Bug #12023 (Resolved): Mobile IPsec NAT/BINAT entries missing from firewall rules: Adding a NAT or BINAT to a mobile IPsec configuration does not work.
The nat rules are not added to the pf configu... Chris Linstruth
02:42 PM Revision 42c0b296: Fix state table content sorting. Fixes #11852: (cherry picked from commit 5d48880b48039967f3b2b5acfb1432ee30953140) Jim Pingle
02:26 PM Revision 5d48880b: Fix state table content sorting. Fixes #11852: Jim Pingle
01:25 PM Revision 02a923c1: Add devel/git back to list of packages: (cherry picked from commit 9713b8ee2a61b3e68ccae0c898adff69ed111948) Renato Botelho
01:11 PM Bug #11852: State table content on ``diag_dump_states.php`` does not sort properly: Typo Jim Pingle
12:54 PM Bug #11852: State table content on ``diag_dump_states.php`` does not sort properly: Updating subject for release notes. Jim Pingle
12:29 PM Bug #11852 (Resolved): State table content on ``diag_dump_states.php`` does not sort properly: Confirmed fix Renato Botelho
09:44 AM Bug #11852: State table content on ``diag_dump_states.php`` does not sort properly: Picked back to RELENG_2_5_2 as well. Jim Pingle
09:35 AM Bug #11852 (Feedback): State table content on ``diag_dump_states.php`` does not sort properly: Applied in changeset commit:5d48880b48039967f3b2b5acfb1432ee30953140. Jim Pingle
09:29 AM Bug #11852: State table content on ``diag_dump_states.php`` does not sort properly: Simple fix, commit pending. Jim Pingle
12:55 PM Regression #12005: ``Recover config.xml`` installer option does not work after default ZFS pool name change: Excluding from release notes since it was a regression which happened after the last release. Jim Pingle
09:41 AM Regression #12005 (Closed): ``Recover config.xml`` installer option does not work after default ZFS pool name change: I've tried this a few times now with RC iso installs and it works fine with the new pool name and old pool name for m... Jim Pingle
12:35 PM Regression #12024 (In Progress): State table data in GUI does not show the expected interface after latest pf merge: Jim Pingle
12:35 PM Regression #12024 (Closed): State table data in GUI does not show the expected interface after latest pf merge: Adding for tracking purposes, it's a known issue but I don't see it in Redmine.
After the latest pf merge, the int... Jim Pingle
12:27 PM Todo #11684 (Resolved): Set ``explicit-exit-notify`` option by default for new OpenVPN server instances: Confirmed fix on wizard Renato Botelho
12:05 PM Bug #11290 (Feedback): Package ``<plugins>`` and ``<tabs>`` content missing from configuration in some cases: Applied in changeset commit:99b3a5cb0ef4586222a331045df3cee17bb25d31. Jim Pingle
12:02 PM Bug #11290: Package ``<plugins>`` and ``<tabs>`` content missing from configuration in some cases: For whatever reason, PHP was failing to copy certain values into @$pkg_data@ which was a reference to the pkg configu... Jim Pingle
09:56 AM Bug #11290 (New): Package ``<plugins>`` and ``<tabs>`` content missing from configuration in some cases: There is still a bug here somewhere. Installing FRR on a complete fresh installation still doesn't get the proper @<p... Jim Pingle
11:01 AM Bug #11453: ``wpa_supplicant`` uses 100% of a CPU core at boot: Renato Botelho wrote:
> Hayden Hill wrote:
> > rom racer wrote:
> > > I don't know what interfaces.inc is but if y... Hayden Hill
06:17 AM Bug #11453: ``wpa_supplicant`` uses 100% of a CPU core at boot: Hayden Hill wrote:
> rom racer wrote:
> > I don't know what interfaces.inc is but if you read the original descript... Renato Botelho
10:17 AM Regression #11981 (Closed): Duplicating Outbound NAT rule does not carry over contents of the source rule: Works with the latest RELENG_2_5_2 code in place. Jim Pingle
10:16 AM Bug #11946 (Closed): Custom value for AutoConfigBackup schedule Hours is not shown when loading the settings page: Works with the latest RELENG_2_5_2 code in place. Jim Pingle
10:12 AM Bug #11967 (Closed): Mobile IPsec advanced RADIUS parameters do not allow numeric values with a decimal point: Works on 2.5.2 RC image 2.5.2.r.20210609.0300 -- the *Retransmit Base* and *Retransmit Timeout* fields allowed values... Jim Pingle
10:04 AM Regression #11994 (Closed): Firewall rule usage counters showing 0/0 after latest pf merge: All good now on 2.5.2 and 2.6.0 Jim Pingle
09:57 AM Bug #12022 (Resolved): Incorrect OpenVPN Client Export help link: The help icon on the vpn_openvpn_export.php page points to
https://docs.netgate.com/pfsense/en/latest/vpn/openvpn/i... Viktor Gurov
07:36 AM Regression #11805 (Resolved): Port forward rules only function through the default gateway interface, ``reply-to`` does not work for Multi-WAN (CE Only): Bouke Henstra wrote:
> Jim Pingle wrote:
> > Adam Kuklycz wrote:
> > > Question, does this affect virtual IP's tha... Renato Botelho
07:33 AM Regression #11982 (Resolved): Outbound NAT does not create automatic equivalent rules when switching from Automatic to Manual mode: Confirmed fix. It will reach 21.09 on next round of merges. Renato Botelho
07:24 AM Regression #12021 (Pull Request Review): NoIP.com incorrectly encodes Dynamic DNS update credentials: Jim Pingle
05:07 AM Regression #12021: NoIP.com incorrectly encodes Dynamic DNS update credentials: fix:
https://redmine.pfsense.org/issues/12021 Viktor Gurov
05:04 AM Regression #12021 (Resolved): NoIP.com incorrectly encodes Dynamic DNS update credentials: There is no need to `urlencode` user credentials (CURLOPT_USERPWD already encode them):... Viktor Gurov
07:21 AM Bug #12020 (Pull Request Review): OpenVPN RADIUS-based firewall rules use incorrect port ranges: Jim Pingle
03:47 AM Bug #12020: OpenVPN RADIUS-based firewall rules use incorrect port ranges: https://github.com/pfsense/pfsense/pull/4522 Viktor Gurov
03:47 AM Bug #12020 (Resolved): OpenVPN RADIUS-based firewall rules use incorrect port ranges: Previous operator ( `><` ) prevented inserting port range with min/max port.
Ex.... Viktor Gurov
04:23 AM pfSense Packages Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port: I had the same problem.
To replicate I connect a client, then kill the openvpn.exe process.
On the pfsense the user... Marco Conca
04:17 AM Bug #11699: OpenVPN does not clean up parsed ``Cisco-AVPair`` rules on non-graceful disconnect: This is not enabled for new servers created by the Remote Access Wizard.
fix:
https://gitlab.netgate.com/pfSense/... Viktor Gurov
04:07 AM Regression #11795: Applying IPsec settings for more than ~30 tunnels times out PHP: extra improvements:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/279 Viktor Gurov

06/09/2021

08:57 PM Revision 3032e3b7: OpenVPN Wizard: Enable exit_notify by default: Follow up with fix for ticket #11684 and also enable it on server
tunnels created using wizard
(cherry picked from c... Renato Botelho
07:23 PM Revision e6389f63: OpenVPN Wizard: Enable exit_notify by default: Follow up with fix for ticket #11684 and also enable it on server
tunnels created using wizard Renato Botelho
04:48 PM Bug #12003: Pie and ``fq_pie`` are missing options and do not handle floating point number input correctly: Patch version 2.
Fixed a spelling problem with the derand setting. Anonymous
03:58 PM Todo #11684: Set ``explicit-exit-notify`` option by default for new OpenVPN server instances: Chris Linstruth wrote:
> This is _not_ enabled for new servers created by the Remote Access Wizard.
>
> Reconnect... Renato Botelho
12:19 PM Todo #11684: Set ``explicit-exit-notify`` option by default for new OpenVPN server instances: This is _not_ enabled for new servers created by the Remote Access Wizard.
Reconnect to this server / Retry once i... Chris Linstruth
02:34 PM Revision 609a2127: Simplify logic: no functional changes: (cherry picked from commit a314c6c846406115c426ed20b102daf6e206b420) Renato Botelho
02:34 PM Revision 372453f5: Outbound NAT: Fix rule duplication - #11981: - firewall_nat_out.inc: Declare $after as a global variable otherwise
duplicate rule will always end up at the bott... Renato Botelho
02:22 PM Revision a314c6c8: Simplify logic: no functional changes: Renato Botelho
02:15 PM Revision 9fedbb13: Outbound NAT: Fix rule duplication - #11981: - firewall_nat_out.inc: Declare $after as a global variable otherwise
duplicate rule will always end up at the bott... Renato Botelho
01:45 PM Bug #11453: ``wpa_supplicant`` uses 100% of a CPU core at boot: rom racer wrote:
> I don't know what interfaces.inc is but if you read the original description of this bug, this wa... Hayden Hill
01:25 PM Bug #11453: ``wpa_supplicant`` uses 100% of a CPU core at boot: I don't know what interfaces.inc is but if you read the original description of this bug, this was encountered in an ... rom racer
12:49 PM Bug #11453: ``wpa_supplicant`` uses 100% of a CPU core at boot: rom racer wrote:
> @Renato please re-open this bug.
>
> There's two versions of wpa_supplicant included in pfSesn... Renato Botelho
12:44 PM Bug #11453: ``wpa_supplicant`` uses 100% of a CPU core at boot: rom racer wrote:
> @Renato please re-open this bug.
>
> There's two versions of wpa_supplicant included in pfSesn... Renato Botelho
08:23 AM Bug #11453: ``wpa_supplicant`` uses 100% of a CPU core at boot: @Renato please re-open this bug.
There's two versions of wpa_supplicant included in pfSesnse. Both the version in... rom racer
07:49 AM Bug #11453 (Resolved): ``wpa_supplicant`` uses 100% of a CPU core at boot: This fix was committed on ports on wpa_supplicant version 2.9_3. We are now using 2.9_10. Renato Botelho
01:32 PM Revision bf1f1428: AutoConfigBackup schedule custom hour value fix. Issue #11946: (cherry picked from commit 806d5c497497476e92568e168c302275e576e25c) Viktor Gurov
12:46 PM Regression #12017: FreeBSD-SA-21:12.libradius breaks mpd5 when using MS-CHAPv2: I am unable to reproduce this on 2.6.0.a.20210609.0100 or 2.5.2.r.20210609.0300
In either case, the authentication... Jim Pingle
02:18 AM Regression #12017 (Resolved): FreeBSD-SA-21:12.libradius breaks mpd5 when using MS-CHAPv2: [[https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=256283]] Bug 256283
l2tp authentication using radius is broken a... Michele Rento
10:15 AM Regression #11805: Port forward rules only function through the default gateway interface, ``reply-to`` does not work for Multi-WAN (CE Only): Jim Pingle wrote:
> Adam Kuklycz wrote:
> > Question, does this affect virtual IP's that are setup on the same inte... Bouke Henstra
10:09 AM pfSense Docs Todo #12018 (Pull Request Review): Feedback on Firewall — Configuring firewall rules: Jim Pingle
03:14 AM pfSense Docs Todo #12018: Feedback on Firewall — Configuring firewall rules: from https://www.freebsd.org/cgi/man.cgi?query=pf.conf&apropos=0&sektion=0&manpath=FreeBSD+13.0-RELEASE+and+Ports&arc... Viktor Gurov
03:04 AM pfSense Docs Todo #12018 (Closed): Feedback on Firewall — Configuring firewall rules: *Page:* https://docs.netgate.com/pfsense/en/latest/firewall/configure.html
*Feedback:*
There is no description ... Viktor Gurov
09:49 AM Regression #11981 (Feedback): Duplicating Outbound NAT rule does not carry over contents of the source rule: Fix pushed to 2.6.0 and 2.5.2 Renato Botelho
09:04 AM Regression #11981: Duplicating Outbound NAT rule does not carry over contents of the source rule: Renato Botelho wrote:
> It actually broke duplication and is now acting like rule is being edited instead of creatin... Renato Botelho
08:43 AM Regression #11981 (In Progress): Duplicating Outbound NAT rule does not carry over contents of the source rule: It actually broke duplication and is now acting like rule is being edited instead of creating a new one Renato Botelho
09:36 AM pfSense Docs Todo #12016 (Closed): Feedback on Cellular Wireless — Known Working 3G-4G Modems: Merged. I fixed the formatting (Should be @::@ not @:::@) but it was wrong on multiple entries so I fixed them all in... Jim Pingle
12:36 AM pfSense Docs Todo #12016: Feedback on Cellular Wireless — Known Working 3G-4G Modems: https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/16 Viktor Gurov
12:26 AM pfSense Docs Todo #12016 (Closed): Feedback on Cellular Wireless — Known Working 3G-4G Modems: *Page:* https://docs.netgate.com/pfsense/en/latest/cellular/hardware.html
*Feedback:*
Add Huawei E5573 to the... Viktor Gurov
08:36 AM Todo #11943 (Resolved): Add FRR package documentation links: Confirmed fix Renato Botelho
08:33 AM Bug #11946: Custom value for AutoConfigBackup schedule Hours is not shown when loading the settings page: Cherry-picked to 2.5.2-RC Renato Botelho
07:56 AM pfSense Packages Bug #11605: Suricata can trigger PHP crash on SG-3100: Jim Pingle wrote:
> Bill Meeks wrote:
> > Does this function call work without restarting PHP? I don't have hardwar... Bill Meeks
07:47 AM pfSense Packages Bug #12019 (Not a Bug): Right Axis always shows `None -`: That's not what it's indicating. You can graph two separate items, in the settings they are labeled to match (Left Ax... Jim Pingle
07:34 AM pfSense Packages Bug #12019 (Not a Bug): Right Axis always shows `None -`: It should show something like "Right Axis: Time" Viktor Gurov
07:45 AM Bug #11966 (Resolved): Incorrect RADVD log message on HA event: Confirmed fix Renato Botelho
07:42 AM Bug #3132: Gateway events for IPv6 affect IPv4 services and vice versa: see #11864#note-3 Viktor Gurov
07:41 AM Bug #11864: OpenVPN stays bound to previous IP address after interface changes: We have to create a function `restart_interface_services($interface, $ipproto)` to restart all interface and IPv4/IPv... Viktor Gurov

06/08/2021

10:10 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: I don't use either Snort or Suricata in operation but I do use pfBLockerNG-devel and the patch has solved the stabili... Loh Phat
09:15 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: Jim Pingle wrote:
> Each package maintainer would need to handle changes to their own code, should they choose to ta... Bill Meeks
09:28 AM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: Darin May wrote:
> How is the cat-herding addressed so that the work-around isn't duplicated across packages?
It ... Jim Pingle
09:24 AM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: How is the cat-herding addressed so that the work-around isn't duplicated across packages? I've noticed chit-chat in... Loh Phat
08:35 AM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: Darin May wrote:
> I'm not familiar with the criteria for bugs to be listed in the target fix list of open issues, b... Jim Pingle
02:24 AM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: Kris Phillips wrote:
> Tested in 21.09 Jun 5th build. This patch is present and no longer needs to be applied manual... Loh Phat
09:52 PM Bug #12015 (Not a Bug): When using VMware Fusion/Workstation NAT, with pfsense IPSEC, no routes are going thru the tunnel: No evidence that this is a bug and not a config/environment issue. Post on the forum to discuss it in more detail. Jim Pingle
07:53 PM Bug #12015 (Not a Bug): When using VMware Fusion/Workstation NAT, with pfsense IPSEC, no routes are going thru the tunnel: So I have a virtualized lab setup that has to connect to a corporate development lab. I have a layered setup where I ... Jeremy Cejka
09:51 PM pfSense Packages Bug #11605: Suricata can trigger PHP crash on SG-3100: Bill Meeks wrote:
> Does this function call work without restarting PHP? I don't have hardware at the moment to test... Jim Pingle
09:20 PM pfSense Packages Bug #11605: Suricata can trigger PHP crash on SG-3100: Jim Pingle wrote:
> The patch should fix the behavior, but the package could also implement the fix on its own using... Bill Meeks
02:52 PM Bug #12014 (Duplicate): Invalid arguments passed in services_dhcpv6_relay.php on line 116: This appears to be a duplicate of #11969 Jim Pingle
02:25 PM Bug #12014 (Duplicate): Invalid arguments passed in services_dhcpv6_relay.php on line 116: Just got this error while saving DHCPv6 relay settings on the 2.5.2-BETA.
pfSense asked me to upload the log. Dan W
09:23 AM Bug #12008 (Not a Bug): IPsec - mutual certificate - can't find priv key: The identifiers must match and be present in the certificate. As you see, it's not always exactly the same in each ca... Jim Pingle
05:27 AM Bug #12008: IPsec - mutual certificate - can't find priv key: it seems working setting my identifer as asn.1, but using as DN the output of the command:
ipsec listcerts
that o... Fabio V
12:42 AM Bug #12008 (Not a Bug): IPsec - mutual certificate - can't find priv key: IPsec with mutual certificate
Jun 8 07:35:28 charon 95058 16[IKE] <con400000|35> IKE_SA con400000[35] state chang... Fabio V
07:35 AM Bug #12013 (New): Reading log data is inefficient in certain cases: When reading log files, the functions are set to fetch a specific number of lines (e.g. 50, 250, 500) but to get thos... Jim Pingle
07:29 AM Bug #11934: IPSEC stops working on 2.5.1 running on Watchguard XTM 5: I cannot tell if the same issue but with 2.5.1 I am experiencing a similar problem with VPN and not with the watchgua... Denis Grilli
07:24 AM Todo #12012 (Resolved): Improve log settings help text for file size, compression, and retention count: The fields in log settings for file size and compression lack information that users need to make properly informed d... Jim Pingle
07:14 AM Feature #12011 (Closed): Disable log compression on new installations when ``/var/log`` is a ZFS dataset with compression enabled: The default setting for log compression is currently bzip2 for all cases, which isn't ideal for every case. If /var/l... Jim Pingle
06:40 AM Bug #12010 (Closed): System default gateway doesn't automatically switch from an inactive gateway if a specific gateway is selected: from https://forum.netgate.com/topic/161065/%D0%B2%D0%BE%D0%BF%D1%80%D0%BE%D1%81%D1%8B-%D0%BF%D0%BE-pfsense-2-5-plus/... Viktor Gurov
05:26 AM Regression #11982: Outbound NAT does not create automatic equivalent rules when switching from Automatic to Manual mode: Max Leighton wrote:
> Tested in 2.6 it is working.
>
> It doesn't seem to have made it to 21.09 current build b... Viktor Gurov
01:35 AM pfSense Packages Bug #12009 (New): Zabbix Agent starts twice by /etc/rc.start_packages: ... Viktor Gurov
12:46 AM Regression #11994 (Feedback): Firewall rule usage counters showing 0/0 after latest pf merge: Fixed in 2.6.0 and 2.5.2.
The tracker ID wasn't being saved rendering the counters useless. Luiz Souza

06/07/2021

03:30 PM Bug #12007 (Resolved): Dynamic DNS cache expiration time check calculation method may cause update to happen on the wrong day: Dynamic DNS update is executed if a) no update has been done for the provider yet, b) the IP address has changed afte... Jaakko Kantojärvi
03:09 PM Regression #12005 (Feedback): ``Recover config.xml`` installer option does not work after default ZFS pool name change: Renato Botelho
09:19 AM Regression #12005 (Closed): ``Recover config.xml`` installer option does not work after default ZFS pool name change: On current 2.5.2, 2.6.0, and 21.09 snapshots the default ZFS pool name changed from "zroot" to "pfSense" and there is... Jim Pingle
02:20 PM Revision 188e82ff: Update config recovery to use new zpool name. Issue #12005: (cherry picked from commit d440bb6ae65f6ddb8ae310683cdac9ce64b01487) Jim Pingle
02:20 PM Revision d440bb6a: Update config recovery to use new zpool name. Issue #12005: Jim Pingle
12:50 PM Bug #11967: Mobile IPsec advanced RADIUS parameters do not allow numeric values with a decimal point: Tested on:... Danilo Zrenjanin
09:46 AM Feature #9297 (Pull Request Review): Graph for hardware temperature readings: Jim Pingle
05:16 AM Feature #9297: Graph for hardware temperature readings: rrd update:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/278
Status Monitoring pkg update:
https:... Viktor Gurov
09:41 AM pfSense Packages Bug #11993 (Pull Request Review): PHP error after disabling HAProxy: Jim Pingle
04:01 AM pfSense Packages Bug #11993: PHP error after disabling HAProxy: fix:
https://github.com/pfsense/FreeBSD-ports/pull/1072 Viktor Gurov
09:40 AM Bug #12002 (Pull Request Review): Boot messages contain entries about configuring LAGG/VLAN/QinQ interfaces even when no entries of those types are configured: Jim Pingle
02:10 AM Bug #12002: Boot messages contain entries about configuring LAGG/VLAN/QinQ interfaces even when no entries of those types are configured: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/277 Viktor Gurov
01:46 AM Bug #12002 (Resolved): Boot messages contain entries about configuring LAGG/VLAN/QinQ interfaces even when no entries of those types are configured: ... Viktor Gurov
09:40 AM Bug #12006 (Duplicate): CARP IP sometimes doesn't apply to CARP member: I noticed this when a CARP member had no CARP status. I was told that this can happen if the VIP address isn't appli... Andrew Waranowski
09:37 AM Bug #12001 (Pull Request Review): System attempts to stop inactive services at shutdown: Jim Pingle
01:27 AM Bug #12001: System attempts to stop inactive services at shutdown: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/276 Viktor Gurov
01:09 AM Bug #12001 (Resolved): System attempts to stop inactive services at shutdown: /etc/rc.stop_packages tries to stop disabled services:... Viktor Gurov
09:34 AM Bug #12000 (Pull Request Review): Remote log server input validation allows invalid values: Jim Pingle
01:01 AM Bug #12000: Remote log server input validation allows invalid values: OS interprets numeric-only value as decimal IP address:... Viktor Gurov
08:14 AM pfSense Packages Bug #11551: SG-3100 with pfBlockerNG doesn't pass traffic: See also: #12004 Jim Pingle
07:34 AM pfSense Packages Bug #11551: SG-3100 with pfBlockerNG doesn't pass traffic: The patch should fix the behavior, but the package could also implement the fix on its own using @ini_set("pcre.jit",... Jim Pingle
08:14 AM pfSense Packages Bug #11605: Suricata can trigger PHP crash on SG-3100: See also: #12004 Jim Pingle
07:19 AM pfSense Packages Bug #11605: Suricata can trigger PHP crash on SG-3100: The patch should fix the behavior, but the package could also implement the fix on its own using @ini_set("pcre.jit",... Jim Pingle
08:14 AM pfSense Plus Todo #12004: Disable PCRE JIT to work around PHP PCRE crashes on multi-core 32-bit ARM systems: Packages and other scripts could use @ini_set("pcre.jit", "0");@ to disable PCRE JIT on systems without the patch to ... Jim Pingle
08:08 AM pfSense Plus Todo #12004 (Resolved): Disable PCRE JIT to work around PHP PCRE crashes on multi-core 32-bit ARM systems: Currently, PHP crashes on multi-core 32-bit ARM systems (SG-3100) with certain PCRE calls, as documented on #11466, #... Jim Pingle
08:12 AM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: I created #12004 for the temporary workaround via disabling PCRE JIT. This issue can remain open while we investigate... Jim Pingle
07:50 AM Bug #12003 (Resolved): Pie and ``fq_pie`` are missing options and do not handle floating point number input correctly: Example:
"alpha" => array("name" => "alpha", "type" => "number", "default" => get_single_sysctl("net.inet.ip.dummyne... Anonymous
07:41 AM Regression #11805: Port forward rules only function through the default gateway interface, ``reply-to`` does not work for Multi-WAN (CE Only): Adam Kuklycz wrote:
> Question, does this affect virtual IP's that are setup on the same interface as the default ga... Jim Pingle
07:33 AM Todo #11983: Hide "Reboot and run a filesystem check" for ZFS systems: Darin May wrote:
> I'm running 21.05 on an sg-3100 and I don't have the fsck option on my reboot menu; should I?
... Jim Pingle
06:59 AM Feature #8794: NTP authentication support: The ntp client auth is yet to be implemented. Steve Wheeler
12:20 AM pfSense Packages Bug #11711: New Squid Status Page Non-Functional: Kris Phillips wrote:
> Can someone provide the patch once this is merged so we can test?
See the attachment
Viktor Gurov
12:05 AM pfSense Packages Feature #11349 (Resolved): Allow to set minimum TLS version: Viktor Gurov

06/06/2021

11:24 PM pfSense Packages Bug #11551: SG-3100 with pfBlockerNG doesn't pass traffic: The patch contained at https://redmine.pfsense.org/issues/11466#note-32 has stopped the PHP crashes. So this bug coul... Loh Phat
11:10 PM Regression #11805: Port forward rules only function through the default gateway interface, ``reply-to`` does not work for Multi-WAN (CE Only): Question, does this affect virtual IP's that are setup on the same interface as the default gateway IP, or does the I... Adam Kuklycz
09:41 AM Bug #12000 (Resolved): Remote log server input validation allows invalid values: When configuring remote syslog servers in status_logs_settings.php each server is entered as IP[:port]. Port 514 is a... Steve Wheeler
08:07 AM pfSense Packages Bug #11605: Suricata can trigger PHP crash on SG-3100: Does the PHP temp workaround patch fix this one too?
https://redmine.pfsense.org/issues/11466#note-32
Loh Phat

06/05/2021

03:42 PM Bug #11999 (Resolved): OpenVPN IPv6 tunnel network is not validated properly: If you enter an IPv6 address without a subnet mask, the configuration will be accepted, but the OpenVPN service will ... Danilo Zrenjanin
03:41 PM Regression #11316: Unbound crashes with signal 11 when reloading: The DHCP service doesn't appear to be reliably updating the DNS server either. Tested on 21.09 Jun 5th build, I did ... Kris Phillips
03:27 PM pfSense Plus Feature #11772: Layer 2 Tunnel Bonding Capability: I understand your concern about the requirement for an "upstream device on a big pipe," however this is exactly the s... Clint Guillot
01:57 PM pfSense Plus Feature #11772: Layer 2 Tunnel Bonding Capability: Not certain how this would be possible. Fundamentally internet connectivity doesn't work this way. You would need ... Kris Phillips
03:20 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: Tested in 21.09 Jun 5th build. This patch is present and no longer needs to be applied manually in the development ch... Kris Phillips
03:13 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: Reporting that the patch in #32 solved my 21.02.2 --> 21.05 upgrade w/pfBLockerNG-devel causing the firewall service ... Loh Phat
01:37 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: Decided to go through some performance testing and stress testing. I loaded the CPU to maximum with iPerf3 traffic a... Kris Phillips
03:04 PM Todo #11983: Hide "Reboot and run a filesystem check" for ZFS systems: I'm running 21.05 on an sg-3100 and I don't have the fsck option on my reboot menu; should I? Loh Phat
03:01 PM Regression #11982: Outbound NAT does not create automatic equivalent rules when switching from Automatic to Manual mode: Verified problem exists on Jun 5th build of 21.09.
Build Info:
21.09-DEVELOPMENT (arm)
built on Sat Jun 05 01:... Kris Phillips
01:26 PM Regression #11982: Outbound NAT does not create automatic equivalent rules when switching from Automatic to Manual mode: Tested in 2.6 it is working.
It doesn't seem to have made it to 21.09 current build because when I test in
21... Max Leighton
02:07 PM pfSense Packages Feature #11349: Allow to set minimum TLS version: Minimum TLS version option are: 1.0/1.1/1.2
2.5.1-RELEASE (amd64)
built on Mon Apr 12 07:50:14 EDT 2021 Alhusein Zawi
01:49 PM pfSense Packages Bug #11711: New Squid Status Page Non-Functional: Can someone provide the patch once this is merged so we can test? Kris Phillips
01:43 PM Bug #11946: Custom value for AutoConfigBackup schedule Hours is not shown when loading the settings page: Tested in 2.6.0. The specified hour will now stay on the page when after navigating away and navigating back.
Howe... Max Leighton
09:45 AM pfSense Docs Correction #11998 (Closed): Feedback on Hardware — Hardware Tuning and Troubleshooting: *Page:* https://docs.netgate.com/pfsense/en/latest/hardware/tune.html
*Feedback:*
Section "VMware vmx(4) Interfac... Michael Huck

06/04/2021

07:04 PM Revision 502973c8: Duplicating Outbound NAT rule fix. Issue #11981: (cherry picked from commit 68be10e63195d399089092149e119de30ae6a639) Viktor Gurov
07:04 PM Revision e191b65c: Create Outbound NAT automatic equivalent rules when switching from Automatic to Manual mode. Fixes #11982: (cherry picked from commit ec8adb56d59a293516d1a0a3fb4eb45aad299f5b) Viktor Gurov
05:30 PM pfSense Packages Feature #11997 (New): IPsec Profile Wizard: Add Support for exporting Android strongSwan Profiles: We currently have Apple and Windows IPSec profile export. However, we're missing this option for Android which has a... Kris Phillips
04:39 PM Bug #9277: MBT-4220/2220: pfSense hangs when running sysctl -a: We've received additional reports of issues related to this bug report. The behavior may be related to running sysctl... Max Leighton
02:58 PM Revision e691303d: Adjust validation for MVC: Steve Beaver
02:05 PM Regression #11981: Duplicating Outbound NAT rule does not carry over contents of the source rule: Fix was not picked back to 2.5.2, but is now. Will be in future builds. Jim Pingle
02:04 PM Regression #11982: Outbound NAT does not create automatic equivalent rules when switching from Automatic to Manual mode: Fix was not picked back to 2.5.2, but is now. Will be in future builds. Jim Pingle
01:00 PM Revision 34b44340: Revise top/bottom outbound rule addition: Steve Beaver
11:15 AM Revision 1f0abbad: Use stable host for pkg repo: Renato Botelho
11:10 AM Revision d7ee51c5: Welcome pfSense CE 2.5.2-RC: Renato Botelho
08:35 AM Regression #11910: IPsec status tunnel descriptions are incorrect: Also seeing strangeness in the IPsec dashboard widget. Customer also reporting the active tunnel counts are incorrect... Chris Linstruth
08:23 AM pfSense Plus Regression #11995 (Closed): UPnP/NAT-PMP not functioning on 32-bit ARM: UPnP is not functional on 32-bit ARM systems (SG-3100, SG-1000) running pfSense Plus 21.05. When a client attempts to... Jim Pingle
07:48 AM Regression #11994 (Closed): Firewall rule usage counters showing 0/0 after latest pf merge: On 2.6.0.a.20210604.0100 the state counters on the firewall rule tabs are showing 0/0 again. We had a similar issue i... Jim Pingle
05:41 AM Regression #11545: Primary interface address is not always used when VIPs are present: I believe I am seeing this now after upgrading 2.4.5-p1 -> 2.5.1-CE with FRR BGP where FRR is told to use the WAN IPv... M Felden
04:12 AM Regression #11775: State counters not updating and always show 0/0 since last few updates: Issue reappeared for me in 2.6.0.a.20210603.0625 and 2.6.0.a.20210604.0100 M Felden
01:35 AM pfSense Packages Bug #11993 (Resolved): PHP error after disabling HAProxy: After unchecking the "Enable HAProxy" checkbox and clicking 'Save' on the haproxy_global.php page, an error occurs:
... Viktor Gurov
01:16 AM Bug #11992 (Confirmed): GRE Tunnel - Does not work with a virtual IP as endpoint: I can confirm this issue on 2.6.0.a.20210603.0100/2.5.2.b.20210603.0300 (Proxmox VM) -
I see high packet loss when... Viktor Gurov

06/03/2021

07:29 PM Revision bfd55119: Simplify getting automated rules: Steve Beaver
06:34 PM Bug #11992 (Confirmed): GRE Tunnel - Does not work with a virtual IP as endpoint: Hello,
I saw that normally this problem is solved since 6 years but I meet a problem, I did not manage to solve it... Gabriel Argentieri
04:49 PM Revision 806d5c49: AutoConfigBackup schedule custom hour value fix. Issue #11946: Viktor Gurov
04:49 PM Revision ebb3c7a6: FRR help links. Fixes #11943: (cherry picked from commit be659aff5a3a52c1e08481a00eb697ecd86a9899) Viktor Gurov
04:48 PM Revision be659aff: FRR help links. Fixes #11943: Viktor Gurov
04:47 PM Revision a7ea1293: Correct RADVD log message on HA event. Fixes #11966: (cherry picked from commit d4b4c1805419cacad886094cf11dacbb4f43a0e6) Viktor Gurov
04:45 PM Revision d4b4c180: Correct RADVD log message on HA event. Fixes #11966: Viktor Gurov
04:44 PM Revision 8bbc34a2: Allow to use numeric with decimal point for RADIUS Advanced Parameters. Feature #11211: (cherry picked from commit f5ab9736059e616e4a037591ef6f89d1c14e23ed) Viktor Gurov
04:43 PM Revision f5ab9736: Allow to use numeric with decimal point for RADIUS Advanced Parameters. Feature #11211: Viktor Gurov
12:55 PM Regression #11805: Port forward rules only function through the default gateway interface, ``reply-to`` does not work for Multi-WAN (CE Only): Updating subject for release notes. Jim Pingle
12:51 PM Todo #11684: Set ``explicit-exit-notify`` option by default for new OpenVPN server instances: Updating subject for release notes. Jim Pingle
11:48 AM Todo #11684 (Feedback): Set ``explicit-exit-notify`` option by default for new OpenVPN server instances: PR has been merged 3 weeks ago and is already present on 2.5.2 Renato Botelho
12:51 PM Bug #11967: Mobile IPsec advanced RADIUS parameters do not allow numeric values with a decimal point: Updating subject for release notes. Jim Pingle
11:45 AM Bug #11967 (Feedback): Mobile IPsec advanced RADIUS parameters do not allow numeric values with a decimal point: PR has been merged. Thanks! Renato Botelho
12:01 PM Bug #11453 (Feedback): ``wpa_supplicant`` uses 100% of a CPU core at boot: Renato Botelho
11:55 AM Todo #11943: Add FRR package documentation links: Applied in changeset commit:be659aff5a3a52c1e08481a00eb697ecd86a9899. Viktor Gurov
11:49 AM Todo #11943 (Feedback): Add FRR package documentation links: Renato Botelho
11:49 AM Todo #11943: Add FRR package documentation links: PR has been merged. Thanks! Renato Botelho
11:55 AM Bug #11966: Incorrect RADVD log message on HA event: Applied in changeset commit:d4b4c1805419cacad886094cf11dacbb4f43a0e6. Viktor Gurov
11:45 AM Bug #11966 (Feedback): Incorrect RADVD log message on HA event: PR has been merged. Thanks! Renato Botelho
11:49 AM Bug #11946 (Feedback): Custom value for AutoConfigBackup schedule Hours is not shown when loading the settings page: PR has been merged. Thanks! Renato Botelho
11:48 AM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: We do not use @pcre_jit_stack@ anywhere directly, so there is nothing to change/adjust in that regard. Also reading t... Jim Pingle
11:35 AM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: Given that this issue seems to only affect 32-bit systems, perhaps this is a case of needing to substitute @pcre_@ fu... Marcos M
10:48 AM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: The PCRE JIT patch has resolved the issue on two problematic SG-3100 configs that I had sitting here.
Thanks Jim. Arthur Wiebe
10:01 AM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: A couple others here have also confirmed that the JIT disable patch has worked around the crash on 3100. I committed ... Jim Pingle
09:34 AM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: Using the sample code from Note 15 I can still crash it with a low recursion limit, and I also tried lowering pcre.ba... Jim Pingle
09:16 AM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: If someone who can readily reproduce the PHP crash wants to try resizing the pcre.recursion_limit automatically based... Jim Pingle
11:30 AM pfSense Plus Bug #11942: Disconnecting WAN Interface Kills OpenVPN Servers on Other Interfaces: Web Dawg wrote:
> Well,
>
> I have 19 other netgate routers configured the same, and they do not do this. Same c... Viktor Gurov
10:19 AM pfSense Plus Bug #11942: Disconnecting WAN Interface Kills OpenVPN Servers on Other Interfaces: Well,
I have 19 other netgate routers configured the same, and they do not do this. Same config.
Only this mod... Web Dawg
03:19 AM Regression #11986: Static routes may not be in routing table when expected: workaround: Disable Gateway Monitoring or Disable Gateway Monitoring Action Viktor Gurov

06/02/2021

11:00 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: A cursory search seems to suggest that the default pcre recursion limit is too high ootb (higher than what can fit in... Christian McDonald
06:47 PM Feature #9297: Graph for hardware temperature readings: Signed up just to do this. +1.
Current CPU temperature at 0% load isn't the same as temperature 2 hours ago when t... Paul Miskinis
05:40 PM Revision 14ee85bb: Minot MVC improvements: Steve Beaver
02:21 PM Revision 3d259e5e: Use 'tos' rather than 'dscp' keyword for pf DSCP matching: The 'dscp' keyword is pfSense-specific, but doesn't do anything more
than the FreeBSD 'tos' keyword.
Using 'tos' will... Kristof Provost
02:21 PM Revision 4715251f: schedule: Use the new multi-label support: We've removed the pfsense specific 'schedule' keyword, and now use the new
multi-label support. That is, schedules ar... Kristof Provost
02:21 PM Revision 78b98b41: Tell pf to keep counter values: Pf can attempt to preserve (rule) counter values across rule updates.
We've reverted our home-grown implementation an... Kristof Provost
01:26 PM Regression #11945 (Closed): Incorrect VTI interface creation: Jim Pingle
01:26 PM Bug #11913 (Closed): RADVD breaks on SIGHUP: Jim Pingle
01:26 PM Feature #11911 (Closed): Shortcut buttons for service control and logs on RADVD configuration: Jim Pingle
01:26 PM Bug #11904 (Closed): IGMP Proxy restarts unnecessarily after IPv6 gateway events: Jim Pingle
01:26 PM Bug #11883 (Closed): ``dhcp6withoutra_script.sh`` does not get executed when advanced options are set: Jim Pingle
01:26 PM Bug #11880 (Closed): Missing ``/0`` subnet when cloning repeatable CIDR mask controls: Jim Pingle
01:26 PM Bug #11850 (Closed): NTP authentication input validation rejects valid keys: Jim Pingle
01:26 PM Bug #11842 (Closed): Captive Portal post-auth redirect is not properly respected: Jim Pingle
01:26 PM Bug #11832 (Closed): ``ipsec_vti()`` does not skip disabled VTI entries: Jim Pingle
01:26 PM Bug #11830 (Closed): Certificate validation with OCSP always fails in ``openvpn.tls-verify.php``: Jim Pingle
01:26 PM Regression #11806 (Closed): IPv4 link-local (``169.254.x.x``) gateway does not function: Jim Pingle
01:26 PM Regression #11794 (Closed): IPsec VTI interface names are not properly formed for more than 32 interfaces: Jim Pingle
01:26 PM Bug #11793 (Closed): OpenVPN client starts when CARP VIP is in BACKUP status when bound to Virtual IP aliased to CARP VIP: Jim Pingle
01:26 PM Regression #11751 (Closed): Input validation prevents creating 1:1 NAT rules on IPsec: Jim Pingle
01:26 PM Bug #11725 (Closed): Error when setting queue limit on CODELQ limiter: Jim Pingle
01:26 PM Regression #11702 (Closed): RAM Disk Settings shows Kernel Memory at ``0`` Kb and does not allow the user to create RAM disks: Jim Pingle
01:26 PM Bug #11700 (Closed): OpenVPN does not kill IPv6 client states on disconnect: Jim Pingle
01:26 PM Bug #11699 (Closed): OpenVPN does not clean up parsed ``Cisco-AVPair`` rules on non-graceful disconnect: Jim Pingle
01:26 PM Bug #11698 (Closed): Incomplete PPPoE custom reset values lead to invalid cron entry: Jim Pingle
01:26 PM Bug #11685 (Closed): PHP error if ``PHP_error.log`` file is too large: Jim Pingle
01:26 PM Bug #11651 (Closed): Error when adding both IPv4 and IPv6 P2 under an IPv4 or IPv6 only IKEv1 P1: Jim Pingle
01:26 PM Bug #11609 (Closed): CLI interface configuration without IPv6 leaves RA enabled: Jim Pingle
01:26 PM Feature #11596 (Closed): Support for Cisco AVPair ``{clientipv6}`` template in firewall rules returns by RADIUS: Jim Pingle
01:26 PM Feature #11576 (Closed): IPsec GUI option to control Child SA ``start_action``: Jim Pingle
01:26 PM Regression #11564 (Closed): strongSwan configuration always contains user EAP/PSK values: Jim Pingle
01:26 PM Regression #11495 (Closed): NTP widget displays incorrect status: Jim Pingle
01:26 PM Feature #11402 (Closed): Xen console support: Jim Pingle
01:26 PM Feature #11395 (Closed): Option to switch IPsec filtering modes to choose between ``enc`` and ``if_ipsec`` filtering: Jim Pingle
01:26 PM Feature #11264 (Closed): Redirect Captive Portal users to login page after they logout: Jim Pingle
01:26 PM Bug #11229 (Closed): Harmless error when enabling traffic shaper: Jim Pingle
01:26 PM Feature #11211 (Closed): GUI option to set RADIUS Timeout for EAP-RADIUS: Jim Pingle
01:25 PM Feature #11140 (Closed): Allow the firewall to use DNS servers provided to an OpenVPN client instance: Jim Pingle
01:25 PM Bug #11082 (Closed): XMLRPC synchronization restarts all OpenVPN instances on the secondary node when making any change on the primary node: Jim Pingle
01:25 PM Feature #6626 (Closed): Support for IPv6 firewall entries with dynamic delegated prefix and static host address: Jim Pingle
01:25 PM Bug #5135 (Closed): DHCP interfaces are always treated as having a gateway, even if one is not assigned by the upstream DHCP server: Jim Pingle
01:25 PM Feature #2400 (Closed): GUI options for WPA Enterprise with identity/password: Jim Pingle
10:42 AM Todo #11985 (Pull Request Review): Ensure ``/usr/local/sbin/`` scripts use full path to executable files: Jim Pingle
05:06 AM Todo #11985: Ensure ``/usr/local/sbin/`` scripts use full path to executable files: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/274 Viktor Gurov
04:18 AM Todo #11985 (Resolved): Ensure ``/usr/local/sbin/`` scripts use full path to executable files: ... Viktor Gurov
10:31 AM Regression #11986 (Resolved): Static routes may not be in routing table when expected: Static routes that I had established via VTI tunnels are not showing up in the routing table.
related to #11296 -
... Viktor Gurov
10:15 AM Bug #11955 (Rejected): Cannot disable startup beep without configuring e-mail notifications: Same here. Unable to reproduce on a fresh install.
Perhaps there is a browser extension or other feature which is ... Jim Pingle
03:03 AM Bug #11955: Cannot disable startup beep without configuring e-mail notifications: unable to reproduce it on 2.4.5-p1/2.5.1/2.6.0.a.20210528.0100/2.5.2.b.20210601.0300 -
I can successfully set "Disa... Viktor Gurov
10:11 AM Regression #11524 (Closed): Using SHA1 or SHA256 with AES-NI may fail if AES-NI attempts to accelerate hashing: Jim Pingle
09:16 AM pfSense Packages Bug #10436: softflowd no longer sends flow data after upgrade (v0.9.9_1 -> v1.0.0): same crash on pfSense 21.02-p2 (SG-3100):... Viktor Gurov
08:26 AM Bug #7779: Traffic crossing a site-to-site OpenVPN tunnel fails to fragment.: see also #7801 Viktor Gurov
05:37 AM Bug #11869 (Resolved): OpenVPN client startup error if IPv6 Tunnel Network is defined in TAP mode: Tested on the:... Danilo Zrenjanin
05:13 AM Bug #11926 (Pull Request Review): Advanced DHCP client configuration "Protocol timing" help text is in the wrong location: Viktor Gurov
05:13 AM Feature #9341 (Pull Request Review): Support DNS Made Easy authentication without a username: Viktor Gurov
04:07 AM Bug #11456 (Resolved): Unbound Python Integration repeatedly mounts ``dev`` without unmounting: works as expected on 2.5.2.b.20210602.0300 -
I only see one mount point after multiple restarts of pfBlockerNG(Pytho... Viktor Gurov
01:47 AM Bug #11629: PPPoE WAN IP address different than expected when set static by ISP: workaround:
You could use VIPs from your /29 for all the VPNs/services. If clients are using an FQDN you could jus... Viktor Gurov
01:01 AM Regression #11981 (Feedback): Duplicating Outbound NAT rule does not carry over contents of the source rule: Viktor Gurov
12:59 AM Regression #11545: Primary interface address is not always used when VIPs are present: might be `ifconfig` bug, like #11594 and #11964 Viktor Gurov
12:47 AM Bug #11984 (Resolved): Automatic Outbound NAT mode can create incorrect rules in some cases: In some cases it uses incorrect IPv6 link-local address specification:... Viktor Gurov

06/01/2021

08:56 PM Regression #11524: Using SHA1 or SHA256 with AES-NI may fail if AES-NI attempts to accelerate hashing: Tested with SHA256 on IPsec P1 and SHA1 on P2 on @21.05-RC built on Wed May 26 18:11:31 EDT 2021@ with AES-NI selecte... Marcos M
04:11 PM Revision 68be10e6: Duplicating Outbound NAT rule fix. Issue #11981: Viktor Gurov
04:06 PM Bug #11843 (Resolved): Potential XSS vulnerability in Captive Portal ``redirurl`` handling: Tested this against 21.05.r.20210526.1807.
Whilst logged in:... Steve Wheeler
03:58 PM Revision ec8adb56: Create Outbound NAT automatic equivalent rules when switching from Automatic to Manual mode. Fixes #11982: Viktor Gurov
01:12 PM Todo #11983 (Pull Request Review): Hide "Reboot and run a filesystem check" for ZFS systems: Jim Pingle
11:14 AM Todo #11983: Hide "Reboot and run a filesystem check" for ZFS systems: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/273 Viktor Gurov
10:56 AM Todo #11983 (Resolved): Hide "Reboot and run a filesystem check" for ZFS systems: ZFS does not have a fsck utility, so the option to reboot and run a filesystem check does not make sense to offer to ... Jim Pingle
11:20 AM Regression #11982 (Feedback): Outbound NAT does not create automatic equivalent rules when switching from Automatic to Manual mode: Applied in changeset commit:ec8adb56d59a293516d1a0a3fb4eb45aad299f5b. Viktor Gurov
10:59 AM Regression #11982: Outbound NAT does not create automatic equivalent rules when switching from Automatic to Manual mode: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/272 Viktor Gurov
08:47 AM Regression #11982 (Resolved): Outbound NAT does not create automatic equivalent rules when switching from Automatic to Manual mode: When a user switches from Automatic Outbound NAT to Manual Outbound NAT, the GUI is supposed to create a set of stati... Jim Pingle
11:03 AM Regression #11550 (Resolved): Segmentation fault when loading ALTQ traffic shaping rules using FAIRQ: pfSense 2.5.1 test:... Viktor Gurov
10:54 AM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: That might explain why my example config triggers the problem. As preg_match is being used by the PHP code for urltab... Arthur Wiebe
10:20 AM Regression #11805: Port forward rules only function through the default gateway interface, ``reply-to`` does not work for Multi-WAN (CE Only): Testing on 2.5.2-BETA snapshot build 2.5.2.b.20210601.0300 confirms it is fixed there on a system which could reprodu... Jim Pingle
10:15 AM Regression #11316: Unbound crashes with signal 11 when reloading: Jim Pingle wrote:
> The unbound112 build is available in the pkg repository but we're still working on a good set of... Alexis Mestag
09:58 AM Regression #11981 (Pull Request Review): Duplicating Outbound NAT rule does not carry over contents of the source rule: Jim Pingle
09:17 AM Regression #11981: Duplicating Outbound NAT rule does not carry over contents of the source rule: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/271 Viktor Gurov
08:22 AM Regression #11981 (Closed): Duplicating Outbound NAT rule does not carry over contents of the source rule: When using the copy button on an Outbound NAT rule on firewall_nat_out.php, the contents of the source rule are not c... Jim Pingle
09:03 AM pfSense Packages Feature #11972 (Pull Request Review): Arpwatch - Add support for Telegram notifications: Jim Pingle
03:54 AM pfSense Packages Feature #11972: Arpwatch - Add support for Telegram notifications: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/92 Viktor Gurov
09:02 AM Feature #11978 (Pull Request Review): New Dynamic DNS Provider: Strato: Too late for 2.5.2. Jim Pingle
08:55 AM Todo #11976 (Pull Request Review): Compliance with pfSense style guide in Dynamic DNS service code: Jim Pingle
08:42 AM Bug #11979 (Rejected): GUI Cannot reassign Interface on LAGG port: I can't replicate the behavior as stated, and this site is not for support or diagnostic discussion.
For assistanc... Jim Pingle
08:40 AM Feature #11975 (Duplicate): Simplify NAT logging to conforme more easily with local/regional laws: Duplicate of #7800
We're limited at the moment by what pf offers as data for logging, and last I saw, it doesn't s... Jim Pingle
08:37 AM Bug #11973 (Not a Bug): High Latency every 10 second on TCP OVPN: There isn't enough information here to definitively classify this as a bug in pfSense. This site is not for support o... Jim Pingle
07:39 AM pfSense Packages Bug #11366: Arpwatch Cron Notification every 15 minutes: Just checking on the status of this. I updated to the latest version of pfSense, 2.5.1-RELEASE (amd64), and it rever... Edward Thomas
03:51 AM pfSense Packages Bug #11977 (Duplicate): Any mail from the pfsense appliance has "Arpwatch Notification" in the subject line, no matter which package the mail comes from: Duplicate of #8454
see also #11366 Viktor Gurov
03:06 AM pfSense Packages Bug #11980: EAP does not work with SQL backend: Please provide more info - "radiusd `-X`" output during EAP+SQL authentication and changes in the `inner-tunnel-*` fi... Viktor Gurov

05/31/2021

07:56 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: I have confirmed this PHP segmentation fault issue is an issue only on 32-bit ARM hardware such as that in the SG-310... Bill Meeks
06:26 PM Revision 9713b8ee: Add devel/git back to list of packages: Renato Botelho
01:31 PM Bug #11629: PPPoE WAN IP address different than expected when set static by ISP: Jim Pingle wrote:
> We will need a lot more information here since it isn't happening to others that we're aware of ... Daniel van der Wal

05/30/2021

09:01 PM Bug #11636 (Resolved): Unused Limiter entries with schedules create unnecessary cron jobs: Tested and working on 21.05/2.5.2. Cron job was not added until a rule contained the limiter, and the cron job was re... Marcos M
08:43 PM Bug #11718 (Resolved): XMLRPC Client does not honor its default timeout value: This fix has resolved a couple of different setups where the 60s timeout was being hit. Afterwards, the xmlrpc calls ... Marcos M
07:19 PM pfSense Packages Bug #11980 (Feedback): EAP does not work with SQL backend: The problem is that the sql module references in /usr/local/etc/sites-enabled/inner-*-tunnel remain commented out or ... Louis Casambre
07:10 PM Bug #11979 (Rejected): GUI Cannot reassign Interface on LAGG port: I was trying to reassign the HA sync interface from lagg0.4000 to igb3 through the GIU. Saving the setting however wo... Louis Casambre
07:07 PM Regression #11795 (Resolved): Applying IPsec settings for more than ~30 tunnels times out PHP: Tested 51 entries and working on 21.05/2.5.2 - marking as resolved. Marcos M
04:47 PM Bug #11704 (Resolved): Stale hostname registration data for OpenVPN clients is not deleted from the DNS Resolver configuration at boot: Tested and working - marking as resolved. Marcos M
04:15 PM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: >
> I gave up 2 years ago and moved to Untangle Firewall. Worked instantly for all the xboxes in our house. All m... Polar Nerd
04:08 PM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: Polar Nerd wrote:
> Marc 05 wrote:
> > Likely not as miniupnp hasn't changed afaik.
>
> FYI here is a link to wh... Shane Angelo
12:36 PM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: Marc 05 wrote:
> Likely not as miniupnp hasn't changed afaik.
FYI here is a link to where they are discussing thi... Polar Nerd
09:12 AM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: Likely not as miniupnp hasn't changed afaik.
If you have time, find a copy of 2.4.0 and test it. It may help narro... Marc 05
04:16 AM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: Will this work on 2.5.1, as still having the same issue.
would love to test on 2.5.1 as i have 3 pcs all with COD ... Michael Clews
01:37 PM Bug #11821 (Rejected): Upgrade libcurl to version 7.76.0: There are CVEs present in 7.76.0 hence it will not be included on 21.05/2.5.2. New libcurl versions are included in t... Marcos M
09:47 AM Feature #11978: New Dynamic DNS Provider: Strato: PR: https://github.com/pfsense/pfsense/pull/4525
Dennis Neuhaeuser
09:41 AM Feature #11978 (Closed): New Dynamic DNS Provider: Strato: add the german "strato.de" to the dyndns providers Dennis Neuhaeuser
03:45 AM pfSense Packages Bug #11977 (Duplicate): Any mail from the pfsense appliance has "Arpwatch Notification" in the subject line, no matter which package the mail comes from: Most mail from the pfsense appliance has "Arpwatch Notification" in the subject line, even when it is from a complete... Lightning Bit

05/29/2021

10:42 PM Revision 79b9e082: Add some leeway to DynDNS cache expiration time check: This leeway is needed to ensure that the cache is invalidated after N days and
not N+1 days. The latter could happen,... Jaakko Kantojärvi
09:18 PM Revision 22949106: Merge identical code of DynDNS providers: Jaakko Kantojärvi
09:13 PM Revision f56efb0d: Sort DynDNS providers inside switch statements: Not all of the code is sorted in this commit, but comments
were added to the code to instruct future contributors to
... Jaakko Kantojärvi
09:13 PM Revision f6f1d1c6: Remove whitespace at end of line: Jaakko Kantojärvi
06:17 PM pfSense Packages Bug #11822 (Resolved): Upgrade ClamAV to 0.103.2: Verified that the version is upgraded in 21.05/2.5.2. Version in repos confirmed as 0.103.2_1. Kris Phillips
06:09 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: Tested on the 21.05 RC from May 26th on the SG-3100. This issue is still present. Kris Phillips
04:47 PM Todo #11976 (Resolved): Compliance with pfSense style guide in Dynamic DNS service code: Files for the dynamic DNS include white space in the end of lines.
Additionally, many switch statements list provi... Jaakko Kantojärvi
04:09 PM Feature #11975 (Duplicate): Simplify NAT logging to conforme more easily with local/regional laws: The French law requires from ISPs to log "who used this IP address at this timestamp?" informations for a year.
Fo... Anonymous
03:58 PM Feature #11974 (New): XMLRPC synchronization for igmmproxy settings: Configuration synchronization (XMLRPC) does not replicate the configuration of IGMP Proxy.
Related to #11957. Anonymous
01:06 PM Feature #11968 (Resolved): VLAN list sorting: Tested in
2.6.0-DEVELOPMENT (amd64)
built on Fri May 28 01:04:03 EDT 2021
FreeBSD 12.2-STABLE
It works as expe... Max Leighton
10:47 AM Bug #11973 (Not a Bug): High Latency every 10 second on TCP OVPN: Hello,
We have an PFSensePLUS on AWS with 2 OVPN server: 1 TCP and 1 UDP. After the update to 21.02.2 we noticed tha... Davide Accetturi
08:54 AM pfSense Packages Feature #11972 (Resolved): Arpwatch - Add support for Telegram notifications: Arpwatch does not have an option to send notifications to a Telegram backend, even when the Telegram configuration is... Sergio Fernández

05/28/2021

10:12 PM Feature #11968: VLAN list sorting: the "VLANS" headers are clickable .
2.6.0.a.20210528.0100 Alhusein Zawi
11:11 AM Feature #11968: VLAN list sorting: On RELENG_2_5_2 when branched Jim Pingle
07:51 PM Revision b5c9be99: Cisco-AVPair ACL rule: port range operator change: Previous operator ( `><` ) prevented inserting port range with min/max port.
Ex.
`ip:inacl#1=permit tcp host {clienti... fl0l0u
05:06 PM Revision 23f7fa0b: Add 2.5.2-BETA repo: (cherry picked from commit 8997bf4703ab41fe7d36c098c1e0d29d69e26194) Renato Botelho
05:03 PM Revision 34ca228a: Add 2.5.2-BETA repo: (cherry picked from commit 8997bf4703ab41fe7d36c098c1e0d29d69e26194) Renato Botelho
05:03 PM Revision 8997bf47: Add 2.5.2-BETA repo: Renato Botelho
03:51 PM Bug #11453: ``wpa_supplicant`` uses 100% of a CPU core at boot: This is in 2.6 snapshots and now 2.5.2. Also in 21.09 snapshots if testing on arm. Steve Wheeler
01:58 PM Regression #11723 (Closed): Virtual IP addresses are only added to interfaces after reboot: Works correctly now. Jim Pingle
01:56 PM Bug #11867 (Closed): Unquoted variable in ``dot.tcshrc`` can cause proxy password to be printed: Works correctly now. Jim Pingle
01:52 PM Bug #11765 (Closed): Invalid HTML encoding in modal Notices window: Since the bug causing the original notice was random and hard to reproduce, and also has been fixed, it's not viable ... Jim Pingle
01:42 PM Feature #11293 (Closed): New Dynamic DNS Provider: one.com: Closing for lack of feedback. No way for us to test this here. Jim Pingle
01:42 PM Feature #11294 (Closed): New Dynamic DNS Provider: Yandex PDD: Closing for lack of feedback. No way for us to test this here. Jim Pingle
01:42 PM Feature #11358 (Closed): New Dynamic DNS Provider: NIC.RU: Closing for lack of feedback. No way for us to test this here. Jim Pingle
01:42 PM Feature #11420 (Closed): New Dynamic DNS Provider: Gandi LiveDNS IPv6: Closing for lack of feedback. No way for us to test this here. Jim Pingle
01:42 PM Bug #11667 (Closed): Automatic 25-day forced Dynamic DNS update removes wildcard domain: Closing for lack of feedback. Jim Pingle
01:41 PM Bug #11815 (Closed): NoIP.com Dynamic DNS update failure is not detected properly: Closing for lack of feedback. No way for us to test this here. Jim Pingle
01:40 PM Bug #11754 (Closed): Digital Ocean Dynamic DNS help text is incorrect: New text is in place. Jim Pingle
01:28 PM Bug #11767 (Closed): Sanitize OpenVPN Client Export certificate password in status output: Works. Password is sanitized in the output.... Jim Pingle
12:22 PM Bug #11748 (Resolved): Automated corruption recovery from cached ``config.xml`` backup files should check multiple backups: On a fresh VM I made a few changes, booted to single user mode and truncated the last few configs to 0 bytes, and the... Jim Pingle
11:37 AM Revision bb5f626f: devel repo should use PKG_REPO_SERVER_DEVEL: Renato Botelho
11:12 AM Bug #11290: Package ``<plugins>`` and ``<tabs>`` content missing from configuration in some cases: On RELENG_2_5_2 when branched Jim Pingle
07:15 AM pfSense Packages Bug #11964 (Pull Request Review): pfBlocker XMLRPC sync CARP interface advskew: Jim Pingle
07:12 AM Bug #11678: Certificate Manager does not report Unbound as using a certificate: Slipped by me, too. And spell check, since it's technically a valid word.
Thanks! Jim Pingle
01:07 AM Bug #11678: Certificate Manager does not report Unbound as using a certificate: Jim Pingle wrote:
> Updating subject for release notes.
BTW, all this time the subject has a typo: Manger -> Mana... Pete Holzmann
07:12 AM pfSense Plus Bug #11971 (Not a Bug): pfSense Plus 21.02.2 Crashes while reboot: Something is wrong with your filesystem or disk, not a bug. You should wipe and reload from a recovery installation i... Jim Pingle
06:31 AM pfSense Plus Bug #11971 (Not a Bug): pfSense Plus 21.02.2 Crashes while reboot: Our Netgate, updated from pfSense 2.4.5-RELEASE-p1 to pfSense Plus 21.02.2 had the issue that the Traffic Graphs on t... Aljoscha Kretschmann

05/27/2021

11:29 PM pfSense Packages Bug #11892: WireGuard: dpinger does not start correctly on a WireGuard gateway at boot: [2.6.0-DEVELOPMENT][admin@pfSense.home.arpa]/root: ifconfig tun_wg0
tun_wg0: flags=80c1<UP,RUNNING,NOARP,MULTICAST... Alhusein Zawi
07:10 PM Revision 3845c6eb: Fix PKG_REPO_BRANCH_DEVEL s/devel/master/: Renato Botelho
07:02 PM Revision cac3f71a: Welcome pfSense CE 2.5.2-BETA: Renato Botelho
05:37 PM Revision ef4f9a8b: Observe 'after' value when creating a new rule: Steve Beaver
05:28 PM pfSense Packages Bug #11964: pfBlocker XMLRPC sync CARP interface advskew: from https://forum.netgate.com/topic/163709/dns-resolver-not-listening-on-lan-carp-vip-after-update-to-2-5-1/7:
> I ... Viktor Gurov
04:20 PM Revision 7dbe76cd: Init pkg plugin array before use. Fixes #11290: Jim Pingle
03:05 PM Revision cf8a0761: Make VLAN table sortable. Implements #11968: Jim Pingle
01:16 PM Revision 49674e1f: Move globals to include file: Steve Beaver
01:13 PM Revision 2ca19797: Move globals to include file: Steve Beaver
01:05 PM pfSense Packages Bug #11970 (Confirmed): Netgate Firmware Upgrade Doesn't Work on XG-2758 (ADI/coreboot): Any version of pfSense after 2.4.4p3 breaks the flashing functionality for coreboot in the Netgate Firmware Upgrade p... Kris Phillips
01:00 PM Revision a5d3732b: Validate input depends on flag: Steve Beaver
12:35 PM Bug #11290: Package ``<plugins>`` and ``<tabs>`` content missing from configuration in some cases: Jim Pingle wrote:
> Applied in changeset commit:7dbe76cd5756082cbd67db1b93acb606ad84996e.
Can confirm this fixes ... Jeremy Utley
11:30 AM Bug #11290 (Feedback): Package ``<plugins>`` and ``<tabs>`` content missing from configuration in some cases: Applied in changeset commit:7dbe76cd5756082cbd67db1b93acb606ad84996e. Jim Pingle
11:28 AM Bug #11290: Package ``<plugins>`` and ``<tabs>`` content missing from configuration in some cases: Jim Pingle wrote:
> This is actually a problem in the base system not specific to a package. I have a fix, will comm... Jeremy Utley
11:19 AM Bug #11290 (In Progress): Package ``<plugins>`` and ``<tabs>`` content missing from configuration in some cases: This is actually a problem in the base system not specific to a package. I have a fix, will commit shortly. Jim Pingle
10:15 AM Bug #11290: Package ``<plugins>`` and ``<tabs>`` content missing from configuration in some cases: Marcos Mendoza wrote:
> Do those have the @<type>plugin_carp</type>@ line in the /conf/config.xml file? If not, does... Jeremy Utley
10:44 AM Bug #11969 (Pull Request Review): PHP error if no DHCPv6 Relay interfaces are selected: Jim Pingle
10:23 AM Bug #11969: PHP error if no DHCPv6 Relay interfaces are selected: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/270 Viktor Gurov
10:19 AM Bug #11969 (Resolved): PHP error if no DHCPv6 Relay interfaces are selected: How to reproduce:
Unselect all interfaces on the services_dhcpv6_relay.php and uncheck "Enable"
Result:... Viktor Gurov
10:15 AM Feature #11968 (Feedback): VLAN list sorting: Applied in changeset commit:cf8a0761c5c2ae80b62743d6d476e0fae6f2495e. Jim Pingle
10:05 AM Feature #11968 (Resolved): VLAN list sorting: Add sorting for the table of VLAN tags, so the headers are clickable to sort by each column.
See also: #8558
Jim Pingle
09:17 AM Bug #11793: OpenVPN client starts when CARP VIP is in BACKUP status when bound to Virtual IP aliased to CARP VIP: Fixing up subject Jim Pingle
08:54 AM Bug #11967 (Pull Request Review): Mobile IPsec advanced RADIUS parameters do not allow numeric values with a decimal point: Jim Pingle
08:41 AM Bug #11967: Mobile IPsec advanced RADIUS parameters do not allow numeric values with a decimal point: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/269 Viktor Gurov
08:40 AM Bug #11967 (Closed): Mobile IPsec advanced RADIUS parameters do not allow numeric values with a decimal point: "RADIUS Advanced parameters" doesn't allow to enter numeric with a decimal point in the "Retransmit Base" and "Retran... Viktor Gurov
08:52 AM pfSense Packages Bug #11965 (Pull Request Review): Avahi service started twice by /etc/rc.start_package: Jim Pingle
03:41 AM pfSense Packages Bug #11965: Avahi service started twice by /etc/rc.start_package: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/91 Viktor Gurov
08:51 AM Bug #11966 (Pull Request Review): Incorrect RADVD log message on HA event: Jim Pingle
03:00 AM Bug #11966: Incorrect RADVD log message on HA event: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/268 Viktor Gurov
01:24 AM Bug #11966 (Resolved): Incorrect RADVD log message on HA event: After transition to the CARP BACKUP state, an incorrect message appears in the log:
"Stopping radvd instance on LAN ... Viktor Gurov
08:50 AM Feature #11957 (Pull Request Review): XMLRPC synchronization for DHCP relay settings: Jim Pingle
02:57 AM Feature #11957: XMLRPC synchronization for DHCP relay settings: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/267 Viktor Gurov
08:08 AM Todo #11943 (Pull Request Review): Add FRR package documentation links: Jim Pingle
08:04 AM Feature #11211: GUI option to set RADIUS Timeout for EAP-RADIUS: Open a fresh issue for that input validation concern, we can work on that for the next release separate from this. Jim Pingle
07:41 AM Feature #11211: GUI option to set RADIUS Timeout for EAP-RADIUS: works as expected on 21.05.r.20210526.1807 -
I can see advanced parameter in the `/var/etc/ipsec/strongswan.conf`:
... Viktor Gurov
07:48 AM Regression #11952 (Closed): Traffic matching rules with limiters is not handled by DUMMYNET: Confirmed working here as well on latest 21.05 build. I see traffic in limiter info now, and my bufferbloat score is ... Jim Pingle
12:31 AM Feature #11103 (Resolved): Use virtual link local IP address as RA source address for HA environments: works as expected on 21.05.r.20210526.1807
`AdvRASrcAddress` in `/var/etc/radvd.conf`:... Viktor Gurov

Also available in: Atom

Project

General

Profile

pfSense

Activity

Activity

06/25/2021

06/24/2021

06/23/2021

06/22/2021

06/21/2021

06/20/2021

06/19/2021

06/18/2021

06/17/2021

06/16/2021

06/15/2021

06/14/2021

06/13/2021

06/12/2021

06/11/2021

06/10/2021

06/09/2021

06/08/2021

06/07/2021

06/06/2021

06/05/2021

06/04/2021

06/03/2021

06/02/2021

06/01/2021

05/31/2021

05/30/2021

05/29/2021

05/28/2021

05/27/2021