Activity

30 days up to

User

Subprojects

Activity

From 06/15/2021 to 07/14/2021

07/14/2021

11:56 PM pfSense Packages Bug #12128: Zabbix Agent 5 1.0.4_8 and Proxy 5 1.0.4_7 Broken: Appears to be missing the closing ")" on line 378. (Can't speak to the zabbix-proxy.inc file, but suspect may be same... A S
06:36 PM pfSense Packages Bug #12128 (Resolved): Zabbix Agent 5 1.0.4_8 and Proxy 5 1.0.4_7 Broken: Parse error: syntax error, unexpected ';' in /usr/local/pkg/zabbix-agent.inc on line 379
pkg-static: POST-INSTALL sc... DRago_Angel [InV@DER]
10:01 PM Revision fcc49e91: Merge pull request #4499 from GChuf/fonts: Renato Botelho
09:58 PM Revision 99a9bb65: Merge pull request #4514 from raphendyr/patch-dyfi: Renato Botelho
06:33 PM pfSense Packages Bug #12036: Certificate Manager page do not show Zabbix used certificates: There appears to be a syntax error (missing closing parenthesis) in the merged PR.
See:
https://github.com/pfse... Jeff Dairiki
01:18 PM pfSense Packages Bug #12036 (Feedback): Certificate Manager page do not show Zabbix used certificates: PR has been merged. Thanks! Renato Botelho
05:10 PM pfSense Packages Bug #12114 (Feedback): syslog-ng only binds to the last specified interface: PR has been merged. Thanks! Renato Botelho
05:02 PM Todo #11507 (Feedback): Update font formats to WOFF2: PR has been merged. Thanks! Renato Botelho
04:59 PM Feature #12090 (Feedback): Add new Dynamic DNS provider: dy.fi: PR has been merged. Thanks! Renato Botelho
04:42 PM Bug #12039 (In Progress): Gateway alarm always triggers IPsec restart: I've merged check_reload_status part. Please re-test PHP part to make sure it's working as expected. Renato Botelho
04:40 PM pfSense Packages Bug #11681 (Feedback): FRR generates invalid BFD configuration after removing interfaces: PR has been merged. Thanks! Renato Botelho
04:36 PM pfSense Packages Bug #12083 (Feedback): Lack of OSPF network input validation causes service startup error: PR has been merged. Thanks! Renato Botelho
03:31 PM Revision 1c87a584: VPN Packet Processing checkboxes fix. Issue #7801: Mark Silinio
03:30 PM Revision 1b1723da: Certificate Revocation page improvements. Issue #11831: Mark Silinio
03:29 PM Revision 0dfe0402: idn_to_ascii failing with large input strings, fixes #12124: R. Christian McDonald
02:12 PM pfSense Packages Bug #11847 (Feedback): Filters not applied to PEER Groups: PR has been merged. Thanks! Renato Botelho
02:10 PM pfSense Packages Bug #11768 (Feedback): FRR OSPF - Comment field within the ospf interfaces gets longer and longer: PR has been merged. Thanks! Renato Botelho
02:08 PM pfSense Packages Bug #12088 (Feedback): Setting Advertise Capability to ORF leads to invalid configuration preventing frr from starting: PR has been merged. Thanks! Renato Botelho
02:07 PM pfSense Packages Bug #12080 (Feedback): Setting a route-map to redistribute in BGP leads to invalid configuration preventing frr from starting: PR has been merged. Thanks! Renato Botelho
01:51 PM pfSense Packages Bug #11582 (Feedback): FreeRADIUS XML-RPC Sync doesn't sync all configuration sections: PR has been merged. Thanks! Renato Botelho
01:45 PM pfSense Packages Bug #11888 (Feedback): FreeRADIUS starts twice by /etc/rc.start_packages: PR has been merged. Thanks! Renato Botelho
01:44 PM pfSense Packages Bug #11746 (Feedback): Second LDAP server configuration misses the ipaNThash control attribute: PR has been merged. Thanks! Renato Botelho
01:41 PM pfSense Packages Bug #11683 (Feedback): Certificate Manager page doesn't show FreeRADIUS used certificates: PR has been merged. Thanks! Renato Botelho
01:28 PM pfSense Packages Bug #12074 (Feedback): Freeradius: Additional Information field descriptions swapped: PR has been merged. Thanks! Renato Botelho
11:50 AM pfSense Packages Bug #12074: Freeradius: Additional Information field descriptions swapped: Done: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/102 Steve Wheeler
10:35 AM pfSense Packages Bug #12074: Freeradius: Additional Information field descriptions swapped: Steve Wheeler wrote:
> https://gitlab.netgate.com/pfSense/factory-ports/-/merge_requests/6
Please submit it again... Renato Botelho
01:21 PM pfSense Packages Bug #11756 (Feedback): HaProxy does not transfer backend states during reload: PR has been merged. Thanks! Renato Botelho
01:17 PM Feature #9297: Graph for hardware temperature readings: PR has been merged. Thanks! Renato Botelho
01:15 PM pfSense Packages Bug #11173 (Feedback): Status>Monitoring parameters are hidden by the interactive graph: PR has been merged. Thanks! Renato Botelho
01:05 PM pfSense Packages Bug #11627 (Feedback): rc file is not deleted: PR has been merged. Thanks! Renato Botelho
12:58 PM pfSense Packages Feature #11972 (Feedback): Arpwatch - Add support for Telegram notifications: PR has been merged. Thanks! Renato Botelho
12:56 PM pfSense Packages Bug #11366 (Feedback): Arpwatch Cron Notification every 15 minutes: PR has been merged. Thanks! Renato Botelho
12:54 PM Revision e9c8a663: Fixes Redmine #12111: R. Christian McDonald
12:46 PM pfSense Packages Bug #11682 (Feedback): Certificate Manager page do not show STunnel used certificates: PR has been merged. Thanks! Renato Botelho
12:37 PM pfSense Packages Bug #11515 (Feedback): node_exporter 0.18.1_1 - Unable to interact or start the service from web ui: PR has been merged. Thanks! Renato Botelho
12:35 PM pfSense Packages Bug #11889 (Feedback): BIND starts twice by /etc/rc.start_packages: PR has been merged. Thanks! Renato Botelho
12:32 PM pfSense Packages Feature #10859 (Feedback): Add avahi filtering feature to pfSense: PR has been merged. Thanks! Renato Botelho
12:12 PM pfSense Packages Bug #11965 (Feedback): Avahi service started twice by /etc/rc.start_package: PR has been merged. Thanks! Renato Botelho
12:10 PM pfSense Packages Bug #11745 (Feedback): Incorrect compress options in exported configuration when server is set to refuse compression: PR has been merged. Thanks! Renato Botelho
11:45 AM pfSense Packages Feature #12042: Add Zabbix 5.4 agent and proxy packages: Viktor Gurov wrote:
>
> Clean install works as expected
> see #11493 for workaround
Thank you for the reply!
... Jeff Dairiki
07:48 AM pfSense Packages Feature #12042: Add Zabbix 5.4 agent and proxy packages: Jeff Dairiki wrote:
> I've installed it but it fails :-( with the following output repeating in @/var/log/zabbix-pro... Viktor Gurov
11:26 AM pfSense Packages Bug #11628 (Feedback): ftp-proxy error messages in logs: PR has been merged. Thanks! Renato Botelho
10:35 AM Bug #12124: Creating or editing aliases fails with multiple hosts separated by spaces: Applied in changeset commit:0dfe04026ae5245fb075b5f44be4913a239b14a9. Christian McDonald
10:29 AM Bug #12124 (Feedback): Creating or editing aliases fails with multiple hosts separated by spaces: PR has been merged. Thanks! Renato Botelho
10:31 AM Bug #7801 (Feedback): UDP fragments received over IPsec tunnel are not properly reassembled and forwarded: Renato Botelho
04:49 AM Bug #7801: UDP fragments received over IPsec tunnel are not properly reassembled and forwarded: Chris Linstruth wrote:
> The new checkboxes in *System > Advanced, Firewall & NAT* are not populated when re-enterin... Viktor Gurov
10:30 AM Bug #11831 (Feedback): Certificate Revocation tab does not list active users of CRL entries: PR has been merged. Thanks! Renato Botelho
10:28 AM Regression #12111 (Feedback): Crash report message displayed on dashboard. flock() expects parameter 1 to be resource, null given in /etc/inc/util.inc on line 166: PR has been merged. Thanks! Renato Botelho
07:38 AM pfSense Docs Todo #12127 (Closed): Feedback on Releases — 2.5.2 New Features and Changes: *Page:* https://docs.netgate.com/pfsense/en/latest/releases/2-5-2.html
*Feedback:*
NoIP.com DDNS bug #12021 sho... Viktor Gurov
07:00 AM Regression #11550: Segmentation fault when loading ALTQ traffic shaping rules using FAIRQ: Its look like regression in 2.5.2 release, because for 2.5.2 beta all worked fine. Roman Nik
04:04 AM Feature #11357 (Duplicate): Support for DynDNS provider deSEC.io: Duplicate of #12086 Viktor Gurov
03:24 AM pfSense Packages Bug #12126 (New): freeradius3 0.15.7_31: I use sql module with freeradius3.
My nas clients are in a sql nas table and since 0.15.7_31 version of the freera... Alexis Pellicier
02:58 AM pfSense Packages Regression #12125 (Resolved): squidguard 1.16.18_19 conguration error: Since commit 675ad02cfca7c91eddf09cbf26810708ac833c9f my squidguard stop working.
I've made a minimal conf to trac... Alexis Pellicier
02:32 AM pfSense Packages Regression #11534: FreeRADIUS EAP anonymous connection forbidden out-of-tunnel: This is still affecting 2.5.2 and 2.6.0. Didier Raboud

07/13/2021

07:02 PM pfSense Packages Feature #12042: Add Zabbix 5.4 agent and proxy packages: Rafael Sant'Anna wrote:
>
> I can't see zabbix proxy54 on PFSense 2.5.2, anyone could help me how to install ?
... Jeff Dairiki
08:34 AM pfSense Packages Feature #12042: Add Zabbix 5.4 agent and proxy packages: Jordan Greene wrote:
> proxy and agent 5.4 are available and able to install, tested on plus 21.09.a.20210708.1151
... Rafael Sant'Anna
02:24 PM Revision 94dbc880: Enable build of zabbix 5.4 packages: (cherry picked from commit 97762ce9d85546c3b9d4c88f11c8c5ff04d72c72) Renato Botelho
12:40 PM Feature #12070: Support for VLAN ``0``: This would likely have to be resolved in FreeBSD itself. More details on the issue here:
https://bugs.freebsd.org/bug... Marcos M
12:16 PM Revision ae241eea: Set net.link.ifqmaxlen: This removes the need for a kernel patch which overrules IFQ_MAXLEN. Kristof Provost
09:28 AM pfSense Packages Feature #11310: Adding a widget to apcupsd plug-in: Kris Phillips wrote:
> Renato Botelho wrote:
> > PR has been merged to CE 2.6.0 so we can get it tested and then ch... Renato Botelho
07:53 AM Bug #12124 (Pull Request Review): Creating or editing aliases fails with multiple hosts separated by spaces: PR : https://github.com/pfsense/pfsense/pull/4532 Christian McDonald
12:56 AM Bug #11830: Certificate validation with OCSP always fails in ``openvpn.tls-verify.php``: This is still an issue in 2.5.2, validation code still checking only for the last line returned from "openssl", docum... Konstantin Panchenko
12:48 AM Bug #11829: OpenVPN client certificate validation with OCSP always fails: Renato Botelho wrote:
> PR has been merged. Thanks!
I'm not sure what was changed but this is still an issue in ... Konstantin Panchenko

07/12/2021

05:42 PM Bug #12001: System attempts to stop inactive services at shutdown: I've added my own internal bug tracking report of this issue to my list for the Snort and Suricata packages. I will m... Bill Meeks
08:43 AM Bug #12001: System attempts to stop inactive services at shutdown: Right now it's the responsibility of packages themselves to handle removing their own *.sh rc files when they are dis... Christian McDonald
05:33 PM Bug #12124 (Resolved): Creating or editing aliases fails with multiple hosts separated by spaces: Normally you can input multiple host/network aliases on the first form input if you separate each with an space.
T... Casin Mirad
10:18 AM Bug #12112: PHP Warning: PHP Startup: Unable to load dynamic library 'intl.so' (tried: /usr/local/lib/php/20190902/intl.so (Shared object "libicuio.so.69" not found, required by "intl.so"), /usr/local/lib/php/20190902/intl.so.so (/usr/local/lib/php/20190902/intl.so.: [[https://forum.netgate.com/topic/164928/php-warning-php-startup-unable-to-load-dynamic-library-intl-so-tried-usr-loc... Jan Zalewski
07:31 AM Bug #12112: PHP Warning: PHP Startup: Unable to load dynamic library 'intl.so' (tried: /usr/local/lib/php/20190902/intl.so (Shared object "libicuio.so.69" not found, required by "intl.so"), /usr/local/lib/php/20190902/intl.so.so (/usr/local/lib/php/20190902/intl.so.: Jan Zalewski wrote:
> # Launch latest build
> # Analyze callstack:
>
> [07-Jul-2021 14:00:00 UTC] PHP Warning: ... Jesse Beauclaire

07/11/2021

05:41 PM Feature #12120: Permit several sets of destination DHCP servers in DHCP relay: Requests are forwarded to all servers already. So if server A has a scope for the PBX subnet, and server B has a scop... Christian McDonald

07/10/2021

09:22 PM pfSense Packages Feature #11310: Adding a widget to apcupsd plug-in: Renato Botelho wrote:
> PR has been merged to CE 2.6.0 so we can get it tested and then cherry-pick to stable branch... Kris Phillips
09:05 PM Regression #11910: IPsec status tunnel descriptions are incorrect: Ran into this today as well. This seems to happen with multiple VTI tunnels or a mix of VTI and Tunnel mode. I don'... Kris Phillips
09:01 PM pfSense Packages Bug #11950 (Resolved): Wireguard Package Errors and DNS problem: PHP messages are gone in latest package in 2.5.2/21.05. Marking as resolved. Kris Phillips
07:51 PM pfSense Packages Feature #11997: IPsec Profile Wizard: Add Support for exporting Android strongSwan Profiles: Assigning to Jim Pingle, as he'd likely be the one to make this implementation. Feel free to reassign if this is in ... Kris Phillips
06:38 PM pfSense Packages Feature #12042: Add Zabbix 5.4 agent and proxy packages: proxy and agent 5.4 are available and able to install, tested on plus 21.09.a.20210708.1151 Jordan G
06:19 PM Bug #12123 (Duplicate): 2.5.2 Ipsec Tunnel Status Dashboard Widget - Count of active tunnels, and Inactive tunnels is wrong: since the upgrade, the widget seems to mis-count the tunnel status. I have over 30 active tunnels however this is sho... Eddy Cho
06:18 PM Regression #12110: PHP error in firewall_nat.inc on line 329: tested on plus 21.09.a.20210708.1151 - added icmp rules on separate WAN and successfully pinged one from the other Jordan G
02:09 PM Bug #12050 (Resolved): "GoTo line #" function does not work on ``diag_edit.php``: Also tested and working in
2.6.0-DEVELOPMENT (amd64)
built on Fri Jul 09 09:13:36 EDT 2021
FreeBSD 12.2-STABLE
... Max Leighton
01:36 PM Feature #12120: Permit several sets of destination DHCP servers in DHCP relay: Mistake in the title: desintation => destination. Sorry. Anonymous
12:51 PM Feature #12120 (New): Permit several sets of destination DHCP servers in DHCP relay: At this time, pfSense's DHCP relay allows a unique set of one or more target DHCP servers associated to a list of net... Anonymous
01:33 PM Bug #12119: [dashboard] WAN traffic graph displays no data when suricata is enabled: WAN Interface is a standard DHCP setup Erik Schaeffer
01:32 PM Bug #12119: [dashboard] WAN traffic graph displays no data when suricata is enabled: Certainly!
pfsense ver: 2.5.2
suricata ver: 6.0.0_11
Suricata Options Other than defaults:
- Block Offenders:... Erik Schaeffer
12:04 PM Bug #12119: [dashboard] WAN traffic graph displays no data when suricata is enabled: I'm not able to reproduce this with Suricata 6.0.0_11 in pfSense 2.5.2 or 2.6. I tried with blocking mode enabled and... Max Leighton
01:10 PM Bug #12122 (New): Perform greedy actions asychronously: Applying some actions takes time (from tens of seconds to several minutes). In the meantime, the web interface hangs ... Anonymous
01:04 PM Feature #6738: GUI Action Buttons replicated to the top of the List: See also #11956. Anonymous
01:03 PM Feature #10290: Firewall Aliases Add button on top of list: See also #11956. Anonymous
01:01 PM Feature #11956: "add" button in the top of pages with many user-added items: This feature request also expands #6738. Anonymous
01:00 PM pfSense Packages Todo #11574: Add "nobind" to exported OpenVPN configurations by default: I vote for it. :) Anonymous
12:58 PM pfSense Packages Feature #11165: OpenVPN Exporter - Allow for name customization: I vote for it.
IMO, the priority should be at least "normal" and the focus should be on the Windows installer beca... Anonymous
12:57 PM Bug #12001: System attempts to stop inactive services at shutdown: Tested in
2.6.0-DEVELOPMENT (amd64)
built on Fri Jul 09 09:13:36 EDT 2021
FreeBSD 12.2-STABLE
I still see:
... Max Leighton
12:55 PM Feature #12121 (New): Wider "local network(s)" fields in OpenVPN server configuration: In OpenVPN server configuration, the fields "IPv4 local network(s)" and "IPv6 local network(s)" are too small in the ... Anonymous

07/06/2021

08:06 PM Revision 1fe8f376: New stable release is 2.5.2: Renato Botelho
07:36 PM Revision 8db6781b: Fix #12110 PHP error on line 329: Steve Beaver
05:03 PM Revision c3ff46e1: Revised help text wording (bleow/above): Steve Beaver
05:00 PM Revision 026ede39: Fix reporting of onterface selection: Steve Beaver
04:06 PM Bug #11453: ``wpa_supplicant`` uses 100% of a CPU core at boot: Doesn't really matter, they're both closed states. Jim Pingle
03:57 PM Bug #11453: ``wpa_supplicant`` uses 100% of a CPU core at boot: Why was this closed versus resolved? Hayden Hill
03:54 PM Bug #11453 (Closed): ``wpa_supplicant`` uses 100% of a CPU core at boot: Jim Pingle
04:05 PM pfSense Plus Regression #11995: UPnP/NAT-PMP not functioning on 32-bit ARM: It doesn't appear to be due to a change in the ports, as 21.02.2 works and has @miniupnpd-2.2.1,1@ while 21.05 fails ... Jim Pingle
01:22 PM pfSense Plus Regression #11995: UPnP/NAT-PMP not functioning on 32-bit ARM: It's also noteworthy that it IS adding some rules, but they are @block return@ firewall rules and not the @nat@ and @... Jim Pingle
11:58 AM pfSense Plus Regression #11995: UPnP/NAT-PMP not functioning on 32-bit ARM: This still happens on current 21.09 snapshots (21.09.a.20210706.0500):... Jim Pingle
03:55 PM Regression #12069 (In Progress): Panic in ``pfctl`` with large numbers of states: All reports indicate this is OK on 2.5.2 since the changes were backed out. Will need to check it again after additio... Jim Pingle
03:54 PM Bug #11913 (Closed): RADVD breaks on SIGHUP: Jim Pingle
03:54 PM Regression #11524 (Closed): Using SHA1 or SHA256 with AES-NI may fail if AES-NI attempts to accelerate hashing: Jim Pingle
03:54 PM Bug #10956 (Closed): Panic configuring LAGG+VLAN interfaces when using a kernel with ``INVARIANTS``.: Jim Pingle
02:45 PM Regression #12110: PHP error in firewall_nat.inc on line 329: Applied in changeset commit:8db6781bed17455116b93a1fa0875996c5f84b60. Anonymous
02:38 PM Regression #12110 (Feedback): PHP error in firewall_nat.inc on line 329: Fix should appear in 7/07 development snapshot Anonymous
02:14 PM Regression #12110 (Resolved): PHP error in firewall_nat.inc on line 329: This seems to be happening when adding ICMP rules to two separate WANs.
Can't get them both to respond to ping req... Dan W
01:25 PM pfSense Packages Feature #12097: Add dnsbl and geoip logs to system log: https://github.com/pfsense/FreeBSD-ports/pull/1079 Sil Schouten
01:02 PM Feature #11927: Allow DHCP not to serve a gateway - small fix: https://www.iana.org/assignments/bootp-dhcp-parameters/bootp-dhcp-parameters.xhtml
Router aka Gateway is DHCP opti... Marcos M
12:44 PM Revision 81891ef8: Remove specific 2.5.2 repo: Renato Botelho
12:43 PM Revision 0e082768: Change default repo to 2.5.2: Renato Botelho
12:05 PM Feature #12096: Refactor DNS forwarder (dnsmasq) for MVC: Fixed incorrect display of selected interface
Fixed help text wording (below/above)
Anonymous
11:10 AM Bug #12107 (New): Notifications page cannot be saved without configuring or disabling SMTP: Steps to replicate:
Install pfSense clean. I used a 2.5.2 image here but have also see it in 21.05 and 2.5.1.
Skip ... Steve Wheeler
09:21 AM Bug #12107 (Feedback): Notifications page cannot be saved without configuring or disabling SMTP: Someone else reported this in #11955 but I couldn't reproduce it at the time, and I still can't reproduce it on 2.5.2... Jim Pingle
10:12 AM Revision 226cb195: Exclude revoked certs from expiration notification. Fix Bug #12109: ilmarranen alex
09:59 AM Feature #12109 (Pull Request Review): Option to suppress expiration notifications for revoked certificates: Jim Pingle
05:54 AM Feature #12109: Option to suppress expiration notifications for revoked certificates: "Exclude revoked certs from expiration notification. Fix Bug #12109 "Issue 4530":https://github.com/pfsense/pfsense/p... ilmarranen alex
05:05 AM Feature #12109 (Resolved): Option to suppress expiration notifications for revoked certificates: Alerts for expired certificates have been added in Feature # 7332, however, they do not ignore revoked certificates. ... ilmarranen alex
09:52 AM Feature #12108 (Rejected): openvpn upgrade to BLAKE3: That's up to OpenSSL upstream, not us or even OpenVPN.... Jim Pingle
12:24 AM Feature #12108 (Rejected): openvpn upgrade to BLAKE3: now pfsense openvpn has BLAKE2b, i want to upgrade it to BLAKE3.
https://github.com/BLAKE3-team/BLAKE3 yon Liu
09:24 AM Bug #12105: Packages are not automatically reinstalled when restoring configuration using the installer: Jim Pingle wrote:
> Which methods were you testing? Was it loading a config from USB during the installation, or u... Christian Ullrich
09:14 AM Bug #12105: Packages are not automatically reinstalled when restoring configuration using the installer: Which methods were you testing? Was it loading a config from USB during the installation, or using the "Recover confi... Jim Pingle
09:09 AM Feature #12104 (Needs Patch): Advertise Speed autonegotiation: AFAIK there isn't a way to do this in FreeBSD without modifying the drivers. There is no mechanism in @ifconfig@ that... Jim Pingle
09:05 AM Bug #12102 (Feedback): Prevent using OpenVPN "Exit Notify" option with point-to-point modes: What is "Exit Notify" set to on both ends when this happens? From the log, that is why it terminated. Odds are the se... Jim Pingle
09:03 AM pfSense Plus Bug #12053 (Closed): PRF Algorithm is Always Set to SHA256 on New Tunnel Creations: OK, if we can find a way to reproduce it on another system, we can always reopen it later with the exact conditions a... Jim Pingle
09:02 AM Feature #11935: Log external IP address of OpenVPN clients on connect and disconnect: Alhusein Zawi wrote:
> IP address is not added to openvpn log yet
Where did you test that? It would only be in 2.... Jim Pingle
08:02 AM Regression #12100: Recent 2.6.0 development installers don't actually install: This also applies to 21.09 snapshots currently.
The bsdinstaller appears to be missing from the image.
Tested J... Steve Wheeler

07/05/2021

07:44 AM Bug #12107 (Resolved): Notifications page cannot be saved without configuring or disabling SMTP: In System > Advanced > Notifications page you can only save changes to any value on the page if the email section is ... Steve Wheeler

07/04/2021

05:59 PM Bug #12106 (Duplicate): Multi WAN not functioning on CE 2.51: This is the same as #11805. It is fixed in 2.5.2, which will be out shortly. Jim Pingle
05:50 PM Bug #12106 (Duplicate): Multi WAN not functioning on CE 2.51: Similar to pfsense+ #11436 and CE #11805. Upgraded customer from 2.4.5p1 to CE 2.5.1. Network has 2 x WAN and 2 x LAN... Rick Strangman
02:32 PM Bug #12095: Memory leak in pcscd: Additional note:
Stopping the service while IPsec is in use leads to the following log spam:... Marcos M
01:26 PM Bug #12095: Memory leak in pcscd: Here are some stats on various 21.05 VMs:
* Uptime: 6d2h
* RAM: 1G
* pcscd usage: 326M
* 2 VTI IPsec tunnels
... Marcos M
02:31 PM Bug #12105: Packages are not automatically reinstalled when restoring configuration using the installer: Actually, the documentation mentions automatic package reinstallation only for the ECL method, and that is what works... Christian Ullrich
01:58 PM Bug #12105 (Resolved): Packages are not automatically reinstalled when restoring configuration using the installer: pfSense does not install the configured packages during the first boot after installation if the first documented met... Christian Ullrich
09:30 AM Feature #12104 (Needs Patch): Advertise Speed autonegotiation: Now don't have mechanism to select/modify array modes to advertise speed autonegotiation
eg to choise:
10 half dupl... Evgeny Korostelev
09:13 AM Feature #12103: L2TP VPN Clients show on dashboard: Ok, yes sorry.
Thank you Evgeny Korostelev
09:10 AM Feature #12103: L2TP VPN Clients show on dashboard: This is a duplicate of part of what the other issue would implement.
There is no way to get the status for L2TP ri... Jim Pingle
09:05 AM Feature #12103: L2TP VPN Clients show on dashboard: Jim Pingle wrote:
> Duplicate of #9633
It is not Duplicate...
pfSense have no widget for dashboard now Evgeny Korostelev
08:59 AM Feature #12103 (Duplicate): L2TP VPN Clients show on dashboard: Duplicate of #9633 Jim Pingle
08:26 AM Feature #12103: L2TP VPN Clients show on dashboard: i mean widget for dashboard Evgeny Korostelev
08:12 AM Feature #12103 (Duplicate): L2TP VPN Clients show on dashboard: Please make dashboard, which can show online L2TP clients online connect status Evgeny Korostelev

07/03/2021

03:52 PM Bug #12102 (Resolved): Prevent using OpenVPN "Exit Notify" option with point-to-point modes: When establishing an OpenVPN client/server site to site in 21.05, if the OpenVPN client (on another box) makes any ch... Kris Phillips
03:36 PM Bug #11863 (Resolved): Unable to create nested URL aliases: Danilo Zrenjanin
03:35 PM Bug #11863: Unable to create nested URL aliases: Tested on the:... Danilo Zrenjanin
03:20 PM Regression #12100: Recent 2.6.0 development installers don't actually install: Note that the latest pfSense 2.5.2RC installer works fine.
Mike Farmwald
03:12 PM pfSense Packages Bug #12031 (Resolved): Wireguard Package Produces Crash in 2.5.2: Confirmed fixed in 2.5.2 latest builds on 0.1.3_1. Crash is no longer present. Kris Phillips
03:09 PM pfSense Plus Bug #12053: PRF Algorithm is Always Set to SHA256 on New Tunnel Creations: I've only been able to reproduce this after further testing on the one user's install. Not sure how this was trigger... Kris Phillips
01:50 PM Feature #11935: Log external IP address of OpenVPN clients on connect and disconnect: IP address is not added to openvpn log yet
Alhusein Zawi
12:12 PM pfSense Packages Bug #12054 (Resolved): "succesfully" misspelled: Tested with System Patches 1.2_6. I see the correct spelling now. Marking the ticket resolved. Max Leighton

07/02/2021

07:31 PM Revision b7c42a51: Revert "Revert "Welcome pfSense CE 2.5.2-RELEASE"": This reverts commit 7fededa1ce3ecffaeb657cef6a069e7e180c2aa7. Renato Botelho
07:06 PM pfSense Packages Bug #12031: Wireguard Package Produces Crash in 2.5.2: Looks good here, will we get this cherry picked for 21.05? Christian McDonald
08:00 AM pfSense Packages Bug #12031 (Feedback): Wireguard Package Produces Crash in 2.5.2: I've bumped package version so it is reinstalled during upgrade process. It was needed because we changed FreeBSD-sr... Renato Botelho
06:42 PM pfSense Packages Bug #12101 (Assigned): ArpWatch Suppression Mac for "flip-flop" not suppressing: I have working notifications with ArpWatch on my pfsense running on an XG-7100.
I get notifications the way I shou... Shaun Gause
01:49 PM Todo #7689 (Closed): bsdinstall does not automatically copy config.xml from USB drive like the previous installer: Scott Long
11:44 AM Regression #12100 (Resolved): Recent 2.6.0 development installers don't actually install: I've tried most of the recent installers (e.g., https://snapshots.netgate.com/amd64/pfSense_master/installer/pfSense-... Mike Farmwald
08:15 AM Regression #12048 (Closed): Error during XMLRPC synchronization due to changes in ``pear-HTTP_Request2``: Looks good with that version.
On snapshot @2.6.0.a.20210701.0100@ with @php74-pear-HTTP_Request2-2.4.2_1,1@ and i... Jim Pingle
07:59 AM pfSense Packages Bug #12085 (Resolved): OpenVM Tools vmware-kmod service won't start in 2.5.2 RC on ESXi 6.0: Yeah, since we moved FreeBSD src to an earlier version to remove some pf changes that was causing issues, it rebuilt ... Renato Botelho
06:15 AM Revision 230ac725: Add dynamic DNS provider dy.fi: Fixes https://redmine.pfsense.org/issues/12090 Jaakko Kantojärvi
06:14 AM Revision 691d0458: Fix order of providers in doc string (use case-insensitive sort): Jaakko Kantojärvi
02:30 AM pfSense Docs New Content #12098 (New): Using a static route for Accessing a CPE/Modem from Inside the Firewall: *Page:* https://docs.netgate.com/pfsense/en/latest/recipes/modem-access.html
*Feedback:*
I found this article i... Chris Cooter

07/01/2021

08:01 PM pfSense Packages Bug #12085: OpenVM Tools vmware-kmod service won't start in 2.5.2 RC on ESXi 6.0: Now I can't reproduce this on 2.5.2.r.20210629.1350. The service starts/restarts without issues on upgraded systems s... Max Leighton
07:26 PM pfSense Packages Bug #12085: OpenVM Tools vmware-kmod service won't start in 2.5.2 RC on ESXi 6.0: Kris saw smiliar (if not the same) errors related to the WireGuard kernel module recently. Might check with Renato. Christian McDonald
05:18 PM Revision 8e033f72: Revise DNS forwarder for MVC. #12096: Steve Beaver
03:02 PM Revision 3736da7f: Correct NAT rule overlap detection. Fixes #11734: Marcos M
03:01 PM Revision 30169caa: XMLRPC synchronization for DHCP/DHCPv6 Relay settings. Implements #11957: Viktor Gurov
03:00 PM Revision 6ae26227: Always apply IPsec changes on HA secondary. Fixes #12075: Viktor Gurov
02:57 PM Revision ebf56762: GRE Interfaces input validation fix. Issue #12049: Viktor Gurov
02:51 PM Revision ce04d03f: Reconfigure L2TP/PPTP tunnels on newwanip event. Fixes #12072: Viktor Gurov
01:39 PM Regression #11316: Unbound crashes with signal 11 when reloading: I take that back. no sooner do I say it's working then.. BANG..
No crash in the log but completely hung DNS and rest... Remo Wylliams
01:15 PM Regression #11316: Unbound crashes with signal 11 when reloading: No I'm not seeing any crashes on unbound. Didn't know about the DHCP leases.
Thanks again. Remo Wylliams
09:46 AM Regression #11316: Unbound crashes with signal 11 when reloading: Remo Wylliams wrote:
> I updated to CE 2.6.xx and the unbound failures seem to be fewer but still a problem.
Ar... Jim Pingle
09:31 AM Regression #11316: Unbound crashes with signal 11 when reloading: Jim Pingle wrote:
> There is no change since the last updates already covered above in previous comments:
>
> * U... Remo Wylliams
01:35 PM Revision 4dc43323: DHCPv6 Relay page PHP error on save fix. Issue #11969: Viktor Gurov
01:33 PM Revision 1e9e12c2: OpenVPN client IP address logging. Implements #11935: Viktor Gurov
01:30 PM Revision 234fbf04: Port Forward port ranges extra input validation. Fixes #11818: Viktor Gurov
01:27 PM Revision c7a23ab9: Add/remove OpenVPN client PTR record. Fixes #11938: Viktor Gurov
01:25 PM Revision da6d6be2: Fix syntax s/)/]/: Renato Botelho
01:21 PM Revision c0cbbf0b: Do not show uninformative interfaces configure message at boot. Fixes #12002: Viktor Gurov
01:20 PM Revision 805d4676: is_ipaddrv() fix. Issue #6507: Viktor Gurov
01:17 PM Revision 4ebc299b: UPnP STUN configuration. Feature #10587: Viktor Gurov
01:12 PM Revision d74bd052: Do not show CA as In Use if LDAP Server transport is not TLS/SSL. Fixes #11922: Viktor Gurov
01:11 PM Revision 8e6cfbc4: Allow to use URL type nested aliases. Fixes #11863: Viktor Gurov
01:05 PM Revision 3ee90a3e: Skip empty URLTable (Ports) aliases. Fixes #4893: Viktor Gurov
12:54 PM Revision 810adc14: Add OpenVPN remote-cert-tls option. Implements #11865: Viktor Gurov
12:53 PM Revision e5395534: DHCPv4 ARM PXE config fix. Issue #11905: Viktor Gurov
12:52 PM Revision acb89722: Captive Portal redirect page IP/MAC fix. Issue #11902: Viktor Gurov
12:44 PM Revision ee49cc68: ovpn_auth_verify improvements. Issue #11829: Viktor Gurov
12:39 PM Revision a8e97945: IPSec VPN IP Do-Not-Fragment and Fragment Reassemble options. Fixes #7801: Viktor Gurov
12:39 PM pfSense Packages Feature #12097: Add dnsbl and geoip logs to system log: FYI I have implemented it locally already. Sil Schouten
12:37 PM pfSense Packages Feature #12097 (New): Add dnsbl and geoip logs to system log: Functionality similar to how snort has a setting to enable syslog. Sil Schouten
12:35 PM Revision 5bb49d3e: get_interface_ipv6() Track Interface IP improvements. Fixes #11816: Viktor Gurov
12:19 PM Feature #12096 (Feedback): Refactor DNS forwarder (dnsmasq) for MVC: Updates complete and ready to be tested. Anonymous
10:21 AM Feature #12096 (Resolved): Refactor DNS forwarder (dnsmasq) for MVC: Move the get/apply/update/delete logic out of the display file and into an include file.
Support JSON data format
E... Anonymous
10:10 AM Bug #11734: NAT rule overlap detection is inconsistent: Applied in changeset commit:3736da7f0ffd73c0cd25b7118b3c4be2e1f0eab9. Marcos M
10:02 AM Bug #11734 (Feedback): NAT rule overlap detection is inconsistent: PR has been merged. Thanks! Renato Botelho
10:10 AM Feature #11957: XMLRPC synchronization for DHCP relay settings: Applied in changeset commit:30169caa4cf9c5fac1751e756cc8dab84eec0b29. Viktor Gurov
10:01 AM Feature #11957 (Feedback): XMLRPC synchronization for DHCP relay settings: PR has been merged. Thanks! Renato Botelho
10:10 AM Bug #12075: Changes to an existing IPsec configuration are not applied on HA secondary after XMLRPC sync: Applied in changeset commit:6ae26227e1ce622ff9bec0999bb829cec92373e8. Viktor Gurov
10:00 AM Bug #12075 (Feedback): Changes to an existing IPsec configuration are not applied on HA secondary after XMLRPC sync: PR has been merged. Thanks! Renato Botelho
10:00 AM Bug #12072: FQDN L2TP server address is only resolved at boot: Applied in changeset commit:ce04d03ff8c74e50585522dcd7b0deed46138be9. Viktor Gurov
09:51 AM Bug #12072 (Feedback): FQDN L2TP server address is only resolved at boot: PR has been merged. Thanks! Renato Botelho
09:57 AM Bug #12049 (Feedback): Input validation incorrectly rejects a second IPv4-only GRE tunnel: Renato Botelho
09:57 AM Bug #12049: Input validation incorrectly rejects a second IPv4-only GRE tunnel: PR has been merged. Thanks! Renato Botelho
09:50 AM Bug #11940 (Not a Bug): Fix return logic on sigkillbypid: Renato Botelho
08:40 AM Feature #11935: Log external IP address of OpenVPN clients on connect and disconnect: Applied in changeset commit:1e9e12c2180110ef556eee48516cfde0065d4f1a. Viktor Gurov
08:34 AM Feature #11935 (Feedback): Log external IP address of OpenVPN clients on connect and disconnect: PR has been merged. Thanks! Renato Botelho
08:40 AM Bug #11818: Mixed use of aliases in a port range produces unloadable ruleset: Applied in changeset commit:234fbf04cbb6ab2cf64f2e7491b135e9de31af07. Viktor Gurov
08:30 AM Bug #11818 (Feedback): Mixed use of aliases in a port range produces unloadable ruleset: PR has been merged. Thanks! Renato Botelho
08:35 AM Bug #11969 (Feedback): PHP error if no DHCPv6 Relay interfaces are selected: PR has been merged. Thanks! Renato Botelho
08:35 AM Regression #11938: DNS Resolver does not add PTR record for OpenVPN clients: Applied in changeset commit:c7a23ab9400a69b49e6fb09f78d342c972e0d202. Viktor Gurov
08:28 AM Regression #11938 (Feedback): DNS Resolver does not add PTR record for OpenVPN clients: PR has been merged. Thanks! Renato Botelho
08:30 AM Bug #12002: Boot messages contain entries about configuring LAGG/VLAN/QinQ interfaces even when no entries of those types are configured: Applied in changeset commit:c0cbbf0b23bd2bb787ace397758b82999784f3ac. Viktor Gurov
08:21 AM Bug #12002 (Feedback): Boot messages contain entries about configuring LAGG/VLAN/QinQ interfaces even when no entries of those types are configured: PR has been merged. Thanks! Renato Botelho
08:20 AM Bug #6507 (Feedback): GRE and GIF tunnels on dynamic IPv6 interface are not brought up during boot: PR has been merged. Thanks! Renato Botelho
08:20 AM Bug #11922: Certificate manager reports CA as in use by an LDAP server when LDAP is not configured for TLS: Applied in changeset commit:d74bd05275490d30ccd6e607fd58c4e0bd73746e. Viktor Gurov
08:12 AM Bug #11922 (Feedback): Certificate manager reports CA as in use by an LDAP server when LDAP is not configured for TLS: PR has been merged. Thanks! Renato Botelho
08:20 AM Bug #11863: Unable to create nested URL aliases: Applied in changeset commit:8e6cfbc4b58ab19827add586e95098e1700b8069. Viktor Gurov
08:11 AM Bug #11863 (Feedback): Unable to create nested URL aliases: PR has been merged. Thanks! Renato Botelho
08:17 AM Feature #10587 (Feedback): UPnP/NAT-PMP STUN configuration options: PR has been merged. Thanks! Renato Botelho
08:15 AM Bug #4893: Error loading rules when URL Table Ports content is empty: Applied in changeset commit:3ee90a3ee2a00f02a3254a138d05e800fffdaf3e. Viktor Gurov
08:05 AM Bug #4893 (Feedback): Error loading rules when URL Table Ports content is empty: PR has been merged. Thanks! Renato Botelho
08:00 AM Feature #11865: Option to validate OpenVPN peer TLS certificate key usage: Applied in changeset commit:810adc14df07be380eba2a48ed8ff416cacad31e. Viktor Gurov
07:54 AM Feature #11865 (Feedback): Option to validate OpenVPN peer TLS certificate key usage: PR has been merged. Thanks! Renato Botelho
07:53 AM Bug #11905 (Feedback): DHCPv4 server configuration does not include ARM TFTP filenames: PR has been merged. Thanks! Renato Botelho
07:52 AM Bug #11902 (Feedback): Incorrect variable substitution in captive portal error page: PR has been merged. Thanks! Renato Botelho
07:50 AM Bug #7801: UDP fragments received over IPsec tunnel are not properly reassembled and forwarded: Applied in changeset commit:a8e97945b4fdaa9c5228bddf2964d95fb505ee4b. Viktor Gurov
07:41 AM Bug #7801 (Feedback): UDP fragments received over IPsec tunnel are not properly reassembled and forwarded: PR has been merged. Thanks! Renato Botelho
07:45 AM Bug #11829 (Feedback): OpenVPN client certificate validation with OCSP always fails: PR has been merged. Thanks! Renato Botelho
07:45 AM Bug #11816: RFC 2136 Dynamic DNS client uses IPv6 alias VIP instead of Track IPv6 address for AAAA records: Applied in changeset commit:5bb49d3e388717cfb83e138724ba22fd4534eb62. Viktor Gurov
07:35 AM Bug #11816 (Feedback): RFC 2136 Dynamic DNS client uses IPv6 alias VIP instead of Track IPv6 address for AAAA records: PR has been merged. Thanks! Renato Botelho

06/30/2021

08:46 PM Revision 5a8d6013: Merge pull request #4529 from theonemcdonald/improvement/lo0startupspew: Renato Botelho
08:45 PM Revision 5fbfdeb3: Merge pull request #4528 from Inperpetuammemoriam/master: Renato Botelho
08:25 PM Revision 9e8300cb: Add dynamic DNS service provider deSEC: This commit implements the method of updating DNS records using the HTTP
Token Authentication specified in the deSEC ... Markus *
08:11 PM Revision cfd8b45f: Supresses lo0 config kernel msgs during startup: R. Christian McDonald
07:22 PM Revision 32fed791: Merge pull request #4526 from fl0l0u/patch-2: Renato Botelho
07:15 PM Revision dc6eb05f: dyndns: Add strato.de provider (Fixes #11978): Dennis Neuhaeuser
07:09 PM Revision 92eecca9: Merge pull request #4527 from raphendyr/feature-maxcacheage: Renato Botelho
03:46 PM Feature #12094 (Feedback): Suppress kernel messages for ``lo0`` configuration during boot: PR has been merged. Thanks! Renato Botelho
03:15 PM Feature #12094 (Resolved): Suppress kernel messages for ``lo0`` configuration during boot: PR : https://github.com/pfsense/pfsense/pull/4529 Christian McDonald
03:45 PM Feature #12086 (Feedback): New Dynamic DNS Provider: deSEC: PR has been merged. Thanks! Renato Botelho
03:32 PM Bug #12095: Memory leak in pcscd: Could be partially mitigated by #11933 -- That daemon should be made optional and off by default except for the few p... Jim Pingle
03:27 PM Bug #12095 (New): Memory leak in pcscd: The PCSC daemon looks to have a memory leak even when it's not in use. Or even when there are no IPSec tunnels define... Steve Wheeler
02:22 PM Bug #12076 (Feedback): OpenVPN RADIUS-based firewall rules do not use expected value for RADIUS-assigned IP addresses: PR has been merged. Thanks! Renato Botelho
02:20 PM Feature #11978: New Dynamic DNS Provider: Strato: Applied in changeset commit:dc6eb05f2373c8e72019aa7be40a2a10c8b9edae. Anonymous
02:17 PM Feature #11978 (Feedback): New Dynamic DNS Provider: Strato: PR has been merged. Thanks! Renato Botelho
02:10 PM Feature #9092 (Feedback): Option to set interval of forced Dynamic DNS updates: PR has been merged. Thanks! Renato Botelho
02:03 PM pfSense Packages Bug #11391 (Feedback): Zeek crashes on 2.5.0: PR has been merged to 2.5.1, 2.5.2-RC and 2.6.0-DEVELOPMENT. Thanks! Renato Botelho
02:03 PM pfSense Packages Bug #11461 (Feedback): zeek package - Web Interface does not display any log content Package/Zeek/Alerts/Real Time Inspection: PR has been merged to 2.5.1, 2.5.2-RC and 2.6.0-DEVELOPMENT. Thanks! Renato Botelho
01:59 PM Todo #12093: Make AutoConfigBackup menu entry point to the settings tab so it loads faster when there is no WAN connectivity: It used to be a package, we decided to integrate it into base when it was made free to all. I don't see it moving bac... Jim Pingle
01:48 PM Todo #12093: Make AutoConfigBackup menu entry point to the settings tab so it loads faster when there is no WAN connectivity: This is something that I've actually been looking into as well over the past few days in response to work on the Wire... Christian McDonald
12:57 PM Bug #11453: ``wpa_supplicant`` uses 100% of a CPU core at boot: Jim Pingle wrote:
> Due to changes in the freebsd-src branch used to build 2.5.2 snapshots, this needs re-tested on ... Hayden Hill
10:16 AM Feature #12092: Utilize new ``pfctl`` abilities to kill states: Note on "That also assumes the rule has an ID in its configuration, which we may need to check is always true."
Th... Marcos M
02:21 AM Regression #11545: Primary interface address is not always used when VIPs are present: > Per my previous redmine reply, you only need to resave the VIP and interface. There is no need to remove it, alt... M Felden

06/29/2021

07:01 PM Regression #11545: Primary interface address is not always used when VIPs are present: M Felden wrote:
> I believe I am seeing this now after upgrading 2.4.5-p1 -> 2.5.1-CE with FRR BGP where FRR is told... Kris Phillips
04:35 PM Feature #12092: Utilize new ``pfctl`` abilities to kill states: → luckman212 wrote:
> @Jim yes that would be a godsend for multiwan if it works out. I always dreamed of being able ... Jim Pingle
04:14 PM Feature #12092: Utilize new ``pfctl`` abilities to kill states: @Jim yes that would be a godsend for multiwan if it works out. I always dreamed of being able to kill specific states... → luckman212
09:23 AM Feature #12092: Utilize new ``pfctl`` abilities to kill states: Another random thought, it _might_ be possible to leverage this to help with multi-wan (like #8555) since we could ki... Jim Pingle
09:18 AM Feature #12092 (Closed): Utilize new ``pfctl`` abilities to kill states: In the latest pf changes present on 2.6.0, @pfctl@ now supports killing states by label. We are using this to kill sc... Jim Pingle
03:41 PM Regression #12069: Panic in ``pfctl`` with large numbers of states: Excluding from release notes since it's not going to be a problem in any release (introduced in snapshots and fixed t... Jim Pingle
03:36 PM Regression #12069: Panic in ``pfctl`` with large numbers of states: @2.5.2.r.20210629.1350@ looks good to me. @pfctl -ss@ is fast and I'm not seeing any slow down or memory pressure lik... Jim Pingle
08:15 AM Regression #12069 (Feedback): Panic in ``pfctl`` with large numbers of states: We'll have a new RC build soon with the pf changes rolled back so we're closer to the previous version in that area. ... Jim Pingle
03:40 PM Regression #12028 (New): SNMP daemon issues with pf nvlist changes: The changes here have been backed out of 2.5.2 so we'll need to check/test 2.6.0 once it has been synchronized with u... Jim Pingle
03:25 PM pfSense Docs Correction #11096 (Closed): Feedback on pfSense Configuration Recipes — IPsec Site-to-Site VPN Example with Pre-Shared Keys: This recipe has been updated with current recommendations for encryption and also in other ways, such as using settin... Jim Pingle
12:55 PM Bug #12003: Pie and ``fq_pie`` are missing options and do not handle floating point number input correctly: Patch version 4.
shaper-full-v4.patch
Broken up into seperate patches.
shaper-pie-001.patch
Necessary to ge... Anonymous
12:48 PM Bug #10956 (Feedback): Panic configuring LAGG+VLAN interfaces when using a kernel with ``INVARIANTS``.: The relevant commit for this should be present on a build dated *after* this comment.
Given the barrier to testing... Jim Pingle
12:46 PM Bug #11913 (Feedback): RADVD breaks on SIGHUP: Due to changes in the freebsd-src branch used to build 2.5.2 snapshots, this needs re-tested on a build dated *after*... Jim Pingle
12:46 PM Bug #11453 (Feedback): ``wpa_supplicant`` uses 100% of a CPU core at boot: Due to changes in the freebsd-src branch used to build 2.5.2 snapshots, this needs re-tested on a build dated *after*... Jim Pingle
12:46 PM Regression #11524 (Feedback): Using SHA1 or SHA256 with AES-NI may fail if AES-NI attempts to accelerate hashing: Due to changes in the freebsd-src branch used to build 2.5.2 snapshots, this needs re-tested on a build dated *after*... Jim Pingle
12:16 PM Todo #12093 (Resolved): Make AutoConfigBackup menu entry point to the settings tab so it loads faster when there is no WAN connectivity: When @Backup Frequency@ is set to backup on change, changing/saving settings is delayed. This can range from only a s... Marcos M
09:32 AM Bug #8555: Selectively killing states on WAN failure: We _might_ be able to use the new mutli-label and kill-states-by-label support in pf to come up with a solution here ... Jim Pingle
07:58 AM Bug #12079: Kernel panic when running IGMP Proxy: Sleeping thread owns a non-sleepable lock: Re-targeting this to 2.6.0/21.09 Jim Pingle
07:20 AM Regression #12048 (Feedback): Error during XMLRPC synchronization due to changes in ``pear-HTTP_Request2``: I've added a patch from upstream [1] to devel/pear-HTTP_Request2, version 2.4.2_1,1
[1] https://github.com/pear/HT... Renato Botelho
06:51 AM pfSense Packages Bug #12031: Wireguard Package Produces Crash in 2.5.2: Kris Phillips wrote:
> Correction: Wireguard is available in the internal test repo. It is not available on the pub... Renato Botelho
06:46 AM pfSense Packages Bug #12031: Wireguard Package Produces Crash in 2.5.2: Did some sleuthing into Kris's error. This looks like something wrong with the build, not something specific in the p... Christian McDonald

06/28/2021

01:38 PM pfSense Packages Bug #11605 (Closed): Suricata can trigger PHP crash on SG-3100: Closing this as it appears to be the same root cause as #11466 which has a workaround applied as #12004 -- Users can ... Jim Pingle
01:36 PM pfSense Packages Bug #11551 (Closed): SG-3100 with pfBlockerNG doesn't pass traffic: Closing this as it appears to be the same root cause as #11466 which has a workaround applied as #12004 -- Users can ... Jim Pingle
01:24 PM Regression #11316: Unbound crashes with signal 11 when reloading: There is no change since the last updates already covered above in previous comments:
* Unbound still hasn't put o... Jim Pingle
01:17 PM Regression #11316: Unbound crashes with signal 11 when reloading: This problem is very much interfering with my network operations. I have watchdog restarting unbound but
it can take... Remo Wylliams
01:04 PM Regression #11316: Unbound crashes with signal 11 when reloading: For those commenting about restarting the service - that didn't help me. Had to restart the firewalls.
This 5 mont... Eduard Rozenberg
01:00 PM Bug #12079: Kernel panic when running IGMP Proxy: Sleeping thread owns a non-sleepable lock: First a note that to my understanding the bug is not easy to run into. However, booting a kernel with debug options e... Mateusz Guzik
12:46 PM Feature #12091 (New): RFE: Add support for sssd authentication: I'm making use of sssd authentication on pfSense 2.5+, but I keep having to add "sss" to nsswitch.conf because it is ... Orion Poplawski
10:15 AM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: If anyone is still having issues with PHP crashing on the 3100 after applying "the PCRE JIT patch from comment 32":ht... Jim Pingle
09:10 AM Feature #12086: New Dynamic DNS Provider: deSEC: My bad. I had not noticed that I still were under *pfSense Packages* when creating the issue from my previous issue. ... Markus *
07:59 AM Feature #12086 (Pull Request Review): New Dynamic DNS Provider: deSEC: PR: https://github.com/pfsense/pfsense/pull/4528 Jim Pingle
07:56 AM Feature #12086: New Dynamic DNS Provider: deSEC: Category is there, but this was filed under packages and not base. Jim Pingle
08:14 AM Feature #12090 (Pull Request Review): Add new Dynamic DNS provider: dy.fi: Jim Pingle
08:12 AM pfSense Packages Bug #11461 (Pull Request Review): zeek package - Web Interface does not display any log content Package/Zeek/Alerts/Real Time Inspection: Jim Pingle
08:12 AM pfSense Packages Bug #11391 (Pull Request Review): Zeek crashes on 2.5.0: Jim Pingle
08:11 AM Bug #12089 (Not a Bug): pfSense has detected a crash report or programming bug. Click here for more information.: That is almost certainly a hardware problem, not a bug.... Jim Pingle
08:03 AM pfSense Packages Bug #12088 (Pull Request Review): Setting Advertise Capability to ORF leads to invalid configuration preventing frr from starting: Jim Pingle
08:02 AM Bug #12087 (Not a Bug): Aliase: Unable to reproduce. There must be some other invalid input in the field or similar issue, I can enter that hostname ... Jim Pingle
07:54 AM pfSense Packages Bug #11610 (New): NET-SNMP is not setting the correct permissions on AgentX: Updating issue to reflect that it's really a problem in NET-SNMP.
Setting the permissions to 777/777 seems less th... Jim Pingle
07:49 AM pfSense Packages Bug #12083 (Pull Request Review): Lack of OSPF network input validation causes service startup error: Jim Pingle
07:40 AM pfSense Docs Todo #12082 (Rejected): Freenode IRC: Not a documentation issue. If any decisions are made in this area, we'll update the site as needed. Jim Pingle
07:39 AM Bug #12081 (Not a Bug): Limiters do not work when running pfsense in ESXI: Limiters are not hardware or platform specific. I've recently tested limiters in ESXi, Proxmox, and on bare metal har... Jim Pingle
07:37 AM pfSense Packages Bug #12080 (Pull Request Review): Setting a route-map to redistribute in BGP leads to invalid configuration preventing frr from starting: Jim Pingle
06:55 AM pfSense Packages Bug #12031: Wireguard Package Produces Crash in 2.5.2: I'm not seeing that on both my 2.5.2 and 2.6.0 boxes (both x86 obviously).
I have seen similar output from kld* wh... Christian McDonald
03:49 AM pfSense Packages Feature #12042: Add Zabbix 5.4 agent and proxy packages: Hello, packages still unavailable ? Nox Inmortus

06/27/2021

08:49 PM Revision 82caf945: Add option to set max cache age for the custom dynamic DNS provider: Fixes https://redmine.pfsense.org/issues/9092 Jaakko Kantojärvi
04:06 PM Feature #12090 (Resolved): Add new Dynamic DNS provider: dy.fi: Dy.fi is a small dynamic service provider exclusive to Finland (i.e., the service requires that the client IP locates... Jaakko Kantojärvi
03:57 PM Feature #9092: Option to set interval of forced Dynamic DNS updates: Fix aka. the PR in review: https://github.com/pfsense/pfsense/pull/4527 Jaakko Kantojärvi
11:46 AM pfSense Packages Bug #11461: zeek package - Web Interface does not display any log content Package/Zeek/Alerts/Real Time Inspection: Fixed in this PR: https://github.com/pfsense/FreeBSD-ports/pull/1077 Prosper Doko
11:45 AM pfSense Packages Bug #11391: Zeek crashes on 2.5.0: Fixed in this PR: https://github.com/pfsense/FreeBSD-ports/pull/1077 Prosper Doko
07:38 AM Bug #12089 (Not a Bug): pfSense has detected a crash report or programming bug. Click here for more information.: Pfsense se rompe y se reinicia. Ricardo Adolfo Sánchez Arboleda

06/26/2021

09:48 PM pfSense Packages Bug #12088: Setting Advertise Capability to ORF leads to invalid configuration preventing frr from starting: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/100
This accomplishes the following:
* Allow th... Marcos M
08:09 PM pfSense Packages Bug #12088 (Resolved): Setting Advertise Capability to ORF leads to invalid configuration preventing frr from starting: Selecting @ORF@ under @Services / FRR BGP / Neighbors // Advanced Options / Advertise Capability@ results in an inval... Marcos M
09:28 PM pfSense Packages Bug #11711 (Resolved): New Squid Status Page Non-Functional: Confirmed on 2.5.2 June 26th build of Community Edition that this issue is resolved. I have enabled both services an... Kris Phillips
09:17 PM pfSense Packages Bug #12030: Startup Errors for Avahi Package: Confirmed this is the case. We may want to consider making this a "more friendly" error, as it looks like a bug unti... Kris Phillips
07:14 PM Bug #12087 (Not a Bug): Aliase: Boa noite!
Gostaria de reportar algo que eu acredito ser um bug na última versão (2.5.1) do pfsense community editio... Gustavo Carvalho
06:04 PM Feature #12086 (Resolved): New Dynamic DNS Provider: deSEC: Even though deSEC can currently be used with the "custom":https://docs.netgate.com/pfsense/en/latest/services/dyndns/... Markus *
04:21 PM Bug #11959 (Resolved): PPP interfaces lose the description field in ``ifconfig`` output when restarted: pppoe0: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: OPT1
nd6 opt... Alhusein Zawi
03:28 PM pfSense Packages Bug #12031 (Assigned): Wireguard Package Produces Crash in 2.5.2: Correction: Wireguard is available in the internal test repo. It is not available on the public-facing repo. I was ... Kris Phillips
02:28 PM pfSense Packages Bug #12031: Wireguard Package Produces Crash in 2.5.2: Checked on 2.5.2 June 26th build. The updated Wireguard package is not merged into the branch repo currently it woul... Kris Phillips
02:35 PM pfSense Packages Bug #12085 (Resolved): OpenVM Tools vmware-kmod service won't start in 2.5.2 RC on ESXi 6.0: Tetsed with OpenVM Tools version 10.1.0_5,1
Since upgrading to 2.5.2.r.20210626.0300 the vmware-kmod service fails... Max Leighton
12:55 PM pfSense Packages Bug #11610: NET-SNMP is not setting the correct permissions on AgentX: Found the issue,
net-snmp is the issue since it sets the agentx file with permissions that could not be accessed b... Yif Swery
12:47 PM Bug #11727 (Resolved): Cannot enter persistent CARP maintenance mode when CARP is disabled: Tested in
2.6.0-DEVELOPMENT (amd64)
built on Sat Jun 26 01:04:01 EDT 2021
FreeBSD 12.2-STABLE
It doesn't tell... Max Leighton
09:25 AM pfSense Packages Bug #12065 (Resolved): PHP crash when creating a new report in mailreport 3.6.3_2: Tetsted in 3.6.3_3. The PHP crash is no longer present. Marking the ticket resolved. Max Leighton
09:00 AM pfSense Packages Bug #12083: Lack of OSPF network input validation causes service startup error: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/99 Viktor Gurov
08:20 AM pfSense Packages Bug #12083 (Resolved): Lack of OSPF network input validation causes service startup error: There is no input validation in the @OSPF Networks@ fields on the frr_ospf.xml page and this allows incorrect network... Viktor Gurov
08:22 AM pfSense Packages Bug #12084 (New): libfrr.so.0 error on SG-1100: harmless error on SG-1100 while starting FRR service:... Viktor Gurov
04:03 AM pfSense Docs Todo #12082 (Rejected): Freenode IRC: Lot of projects are moving there IRC away from Freenode due to owner / policy changes.
Please review the use of Fre... Pim Janssen
03:05 AM Bug #12081 (Not a Bug): Limiters do not work when running pfsense in ESXI: I have been running pfsense for years, both on metal and in esxi. When running on metal, I use bufferbloat exactly as... Mark Vos

06/25/2021

04:25 PM pfSense Packages Bug #11459 (Resolved): pfBlockerNG doesn't include WireGuard interface in outbound floating rules: After enabling the Wireguard service, the system automatically creates an interface group with the name WireGuard (Fi... Danilo Zrenjanin
04:03 PM pfSense Packages Bug #11878 (Resolved): squidguard dependencies missing: Tested on:... Danilo Zrenjanin
03:55 PM pfSense Packages Bug #12073: ``netsnmptrapd.conf`` syntax for ``snmpTrapdAddr`` is wrong: Tested on :... Danilo Zrenjanin
03:19 PM pfSense Packages Bug #12080: Setting a route-map to redistribute in BGP leads to invalid configuration preventing frr from starting: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/98 Marcos M
03:14 PM pfSense Packages Bug #12080 (Resolved): Setting a route-map to redistribute in BGP leads to invalid configuration preventing frr from starting: Selecting a route map under @Services / FRR BGP // Network Distribution / Redistribute Local@ results in an invalid @... Marcos M
02:52 PM Bug #12079 (Closed): Kernel panic when running IGMP Proxy: Sleeping thread owns a non-sleepable lock: IGMPProxy can trigger a kernel panic in 2.5.2-RC.... Steve Wheeler
01:57 PM Bug #10956: Panic configuring LAGG+VLAN interfaces when using a kernel with ``INVARIANTS``.: Updating subject but excluding from release notes since it wouldn't affect any potential release, only debugging kern... Jim Pingle
01:54 PM Bug #10956 (New): Panic configuring LAGG+VLAN interfaces when using a kernel with ``INVARIANTS``.: A fix has been committed to FreeBSD, we will make sure it gets into 2.5.2.... Jim Pingle
12:55 PM Regression #11910: IPsec status tunnel descriptions are incorrect: Also in another setup, just having two VTI tunnels seems to do the same thing. See image attached. Marcos M
12:04 PM Bug #11960: Gateway Monitoring Traffic Goes Out Default Gateway: UPDATE! Bug only exists upon "link down"
+SETUP:+
# Dual WAN connections
# GW group configured as
## failover... James Blanton
10:03 AM Feature #9092 (Pull Request Review): Option to set interval of forced Dynamic DNS updates: Jim Pingle
07:38 AM Bug #12075: Changes to an existing IPsec configuration are not applied on HA secondary after XMLRPC sync: Copied from my comments on the PR:
Skipping entries negates the entire point of doing the configure during XMLRPC ... Jim Pingle
07:38 AM Bug #12075 (Pull Request Review): Changes to an existing IPsec configuration are not applied on HA secondary after XMLRPC sync: Jim Pingle
03:21 AM Bug #12075: Changes to an existing IPsec configuration are not applied on HA secondary after XMLRPC sync: PH1 entries with BACKUP VIP or VIPs aliased to BACKUP CARP must be skipped in `ipsec_get_phase1_src()` (see also http... Viktor Gurov
03:12 AM Bug #12075: Changes to an existing IPsec configuration are not applied on HA secondary after XMLRPC sync: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/292 Viktor Gurov
07:33 AM Bug #12078 (Not a Bug): DNS Resolution Behavior does not consider named when setting localhost: Since named is a package, it doesn't integrate into base in that way by design. If someone wants to set that up and u... Jim Pingle
01:49 AM Bug #12072: FQDN L2TP server address is only resolved at boot: works as expected as reported on the forum:
https://forum.netgate.com/topic/164614/pfsense-2-4-5-p1-l2tp-server-ip-r... Viktor Gurov

06/24/2021

11:52 PM pfSense Packages Bug #12031: Wireguard Package Produces Crash in 2.5.2: no crash report after installing WireGuard .
2.6.0.a.20210624.0100
WireGuard ver. 0.1.3 Alhusein Zawi
07:24 PM Revision 7fededa1: Revert "Welcome pfSense CE 2.5.2-RELEASE": This reverts commit 6bc442e71f8061aaae5cf29e106305f20697e1d5. Renato Botelho
07:24 PM Revision 2e248c0e: Move FreeBSD-src back to RELENG_2_5_0: Renato Botelho
07:23 PM Revision e0e318ad: Revert "schedule: Use the new multi-label support": This reverts commit 765277ba6d873847c6c5b5657877e9fb0cec4357. Renato Botelho
07:23 PM Revision 54f72904: Revert "Tell pf to keep counter values": This reverts commit 0b817201399fb7252aeb09eca94362618728183f. Renato Botelho
07:23 PM Revision 23253139: Revert "Use 'tos' rather than 'dscp' keyword for pf DSCP matching": This reverts commit 27a8acbb5455c3b3516d844024d9208ef23649bf. Renato Botelho
07:23 PM Revision 4ea084cc: Revert "Correct pfctl syntax to kill by label. Fixes #12040": This reverts commit 21fb5288f829b7efcad71c0610df3cf6cb2fba81. Renato Botelho
04:19 PM Bug #12078 (Not a Bug): DNS Resolution Behavior does not consider named when setting localhost: With dnsmasq and unbound disabled, and instead using Bind/named, the setting @DNS Resolution Behavior@ under @System ... Marcos M
02:53 PM Regression #11910: IPsec status tunnel descriptions are incorrect: Another scenario which may be related to whatever root cause this is:
While DPD is happening, i.e. waiting for the... Marcos M
02:23 PM Bug #12071: Responder Only IPsec tunnel tries to connect on secondary node when a failover happens in HA: Yes, DPD does have to timeout (which can take several minutes), unfortunately by the time the primary goes into BACKU... Jim Pingle
02:10 PM Bug #12071 (Closed): Responder Only IPsec tunnel tries to connect on secondary node when a failover happens in HA: Marcos M
02:09 PM Bug #12071: Responder Only IPsec tunnel tries to connect on secondary node when a failover happens in HA: I re-tested this and indeed the issue is the "apply-after-sync" behavior.
Further testing explained the following ... Marcos M
02:15 PM Bug #12075: Changes to an existing IPsec configuration are not applied on HA secondary after XMLRPC sync: Perhaps it could be treated similarly to FRR and OpenVPN where the secondary checks whether its interface is CARP, an... Marcos M
01:32 PM Revision daaa7474: Changes requested: - if formatting
- removing temporary variable fl0l0u
12:05 PM pfSense Packages Bug #11887 (Feedback): Squid service starts twice by /etc/rc.start_packages: PR has been merged. Thanks! Renato Botelho
12:05 PM pfSense Packages Bug #11711 (Feedback): New Squid Status Page Non-Functional: PR has been merged. Thanks! Renato Botelho
12:03 PM pfSense Packages Bug #11878 (Feedback): squidguard dependencies missing: PR merged on 2.6.0 CE. Thanks Renato Botelho
08:45 AM Feature #12077 (New): Allow stick-connections per gateway group: Currently the Sticky Connections option for load-balance gateway groups is globally applied.
However it's actually... Steve Wheeler
07:30 AM Bug #6507 (Pull Request Review): GRE and GIF tunnels on dynamic IPv6 interface are not brought up during boot: Jim Pingle
06:56 AM Bug #6507: GRE and GIF tunnels on dynamic IPv6 interface are not brought up during boot: small fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/291 Viktor Gurov
07:29 AM Bug #12072 (Pull Request Review): FQDN L2TP server address is only resolved at boot: Jim Pingle
06:51 AM Bug #12072: FQDN L2TP server address is only resolved at boot: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/290 Viktor Gurov
07:22 AM pfSense Packages Bug #12065 (Feedback): PHP crash when creating a new report in mailreport 3.6.3_2: PR has been merged. Thanks! Renato Botelho
06:43 AM Regression #12069: Panic in ``pfctl`` with large numbers of states: This issue doesn't have anything to do with Unbound directly. The screenshots I added above were from a system which ... Jim Pingle
05:34 AM Regression #12069: Panic in ``pfctl`` with large numbers of states: Issue unlikely to be limited to or related to Unbound. Unbound was mentioned originally in the context that it is a g... M Felden
05:22 AM Regression #12069: Panic in ``pfctl`` with large numbers of states: I have more details...
I unplug LAN and WAN cable and wait 4-5 minutes.... Then I plug them both in. After few sec... Greg M
12:18 AM Bug #12076: OpenVPN RADIUS-based firewall rules do not use expected value for RADIUS-assigned IP addresses: https://github.com/pfsense/pfsense/pull/4526 Viktor Gurov

06/23/2021

09:13 PM Revision 6e8c4db2: Cisco-AVPair + Framed-IP-Address: correcting clientip: Workaround to substitute Framed-IP-Address value in Cisco-AVPair ACL's where {clientip} is used fl0l0u
05:23 PM Revision d1b2d749: Merge pull request #4522 from fl0l0u/patch-1: Renato Botelho
05:23 PM Revision 994699bd: Merge pull request #4524 from raphendyr/feature-dyndns-leeway: Renato Botelho
05:23 PM Revision 170b1df3: Merge pull request #4510 from BBcan177/patch-2: Renato Botelho
05:08 PM Revision fe7667b0: Merge pull request #4523 from raphendyr/cleanup-dyndns: Renato Botelho
04:24 PM Bug #12076 (Resolved): OpenVPN RADIUS-based firewall rules do not use expected value for RADIUS-assigned IP addresses: Current OpenVPN script implemented to trigger Cisco-AVPair ACL in PF chains allows the ... Florian Lourdault
03:40 PM Regression #12069: Panic in ``pfctl`` with large numbers of states: Retested on pfSense+ 21.05. Found the systems still pass traffic, even with 7.1M states.
pfSenseCE 2.5.2 did no... Patrick Sanderson
03:11 PM Regression #12069: Panic in ``pfctl`` with large numbers of states: Additional panic output from a system in the test lab with >1M states Jim Pingle
01:08 PM Regression #12069: Panic in ``pfctl`` with large numbers of states: I can reproduce this now but it took a few tries.
Here is what I did:
First, set the firewall to conservative m... Jim Pingle
03:35 PM Bug #12071: Responder Only IPsec tunnel tries to connect on secondary node when a failover happens in HA: Since the apply-after-sync thing seems to be its own legitimate issue, I created #12075 for it. If this turns out to ... Jim Pingle
03:17 PM Bug #12071 (Feedback): Responder Only IPsec tunnel tries to connect on secondary node when a failover happens in HA: I can't reproduce this as stated, at least on 2.5.2. I set the HA pair as responder only and set the far side to alwa... Jim Pingle
03:34 PM Bug #12075 (Resolved): Changes to an existing IPsec configuration are not applied on HA secondary after XMLRPC sync: When synchronizing settings over XMLRPC, the secondary only reconfigures the IPsec daemon if IPsec is enabled or disa... Jim Pingle
02:34 PM pfSense Packages Bug #12074: Freeradius: Additional Information field descriptions swapped: https://gitlab.netgate.com/pfSense/factory-ports/-/merge_requests/6 Steve Wheeler
02:00 PM pfSense Packages Bug #12074 (Resolved): Freeradius: Additional Information field descriptions swapped: In Freeradius > Settings > Logging Configuration the field descriptions for 'Additional Information for Bad Attempts'... Steve Wheeler
01:12 PM pfSense Packages Bug #12031 (Feedback): Wireguard Package Produces Crash in 2.5.2: WireGuard package version 1.1.3 was merged into 2.6.0 and 2.5.2 Renato Botelho
01:12 PM pfSense Packages Bug #11950 (Feedback): Wireguard Package Errors and DNS problem: WireGuard package version 1.1.3 was merged into 2.6.0 and 2.5.2 Renato Botelho
12:23 PM Bug #11701 (Feedback): Missing global ``$g`` declaration in ``config.lib.inc`` function ``pfSense_clear_globals()``: PR has been merged. Thanks! Renato Botelho
12:23 PM Bug #12007 (Feedback): Dynamic DNS cache expiration time check calculation method may cause update to happen on the wrong day: PR has been merged. Thanks! Renato Botelho
12:23 PM Bug #12020 (Feedback): OpenVPN RADIUS-based firewall rules use incorrect port ranges: PR has been merged. Thanks! Renato Botelho
12:09 PM Todo #11976 (Feedback): Compliance with pfSense style guide in Dynamic DNS service code: PR has been merged. Thanks! Renato Botelho
10:10 AM pfSense Packages Bug #11687 (Feedback): Fix download URLs for SecuriteInfo.com: PR has been merged. Thanks! Renato Botelho
10:09 AM pfSense Packages Bug #12073 (Feedback): ``netsnmptrapd.conf`` syntax for ``snmpTrapdAddr`` is wrong: PR has been merged. Thanks! Renato Botelho
10:07 AM pfSense Packages Bug #12073 (New): ``netsnmptrapd.conf`` syntax for ``snmpTrapdAddr`` is wrong: The snmptrapd configuration uses the keyword "snmpTrapdAddr" instead of
"agentaddress". This is probably a copy-past... Renato Botelho
10:03 AM pfSense Packages Feature #11310 (Feedback): Adding a widget to apcupsd plug-in: PR has been merged to CE 2.6.0 so we can get it tested and then cherry-pick to stable branches Renato Botelho
09:50 AM pfSense Packages Feature #11948 (Feedback): ACME: Support specifying non-default port for nsupdate DNS validation method: PR has been merged. Thanks! Renato Botelho
09:41 AM Bug #9362: rc.dyndns.update: Cloudflare DDNS with proxy enabled doesn't work at all: thx for the patch Robert R. :)
Jason Hodgdon
09:22 AM Bug #12072: FQDN L2TP server address is only resolved at boot: we need to restart the L2TP/PPTP interfaces that use WAN as parent on /etc/rc.newwanip event
like GRE/GIF: https://g... Viktor Gurov
05:45 AM Bug #12072 (Resolved): FQDN L2TP server address is only resolved at boot: Hello!
Im using "russian vpn" scheme to connect with ISP - WAN interface with DHCP (actually internal ISP network)... Alex BJ
08:01 AM pfSense Packages Bug #9895: snort reinstallation failed: Viktor Gurov wrote:
> same issue on 2.6.0.a.20210622.0100:
> [...]
>
> Another solution: https://forum.netgate.c... Bill Meeks
06:18 AM pfSense Packages Bug #9895: snort reinstallation failed: same issue on 2.6.0.a.20210622.0100:... Viktor Gurov
07:05 AM pfSense Docs Correction #11735 (Closed): Feedback on Hardware — Hardware Tuning and Troubleshooting: Jim Pingle
07:01 AM pfSense Packages Feature #11210: 3rd party rulesets: >
> For example https://sslbl.abuse.ch/blacklist/#ssl-certificates-suricata
- added to 6.0.0_11
see https://for... Viktor Gurov
05:44 AM pfSense Packages Bug #11459: pfBlockerNG doesn't include WireGuard interface in outbound floating rules: You will need to assign the WireGuard tunnel to a pfSense interface. pfBlocker can't 'see' unassigned WireGuard tunnels. Christian McDonald

06/22/2021

07:58 PM Bug #12071 (Closed): Responder Only IPsec tunnel tries to connect on secondary node when a failover happens in HA: Normally with an IPsec tunnel on a pfSense HA setup, failing over to the secondary makes the IPsec start on the new m... Marcos M
04:24 PM pfSense Docs Correction #11735: Feedback on Hardware — Hardware Tuning and Troubleshooting: Looks good. Marcos M
02:35 PM pfSense Docs Correction #11735: Feedback on Hardware — Hardware Tuning and Troubleshooting: Check the doc again now.
Should be better.
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/1a8fd83fbc4bc389... Jim Pingle
02:59 PM Feature #12070 (Resolved): Support for VLAN ``0``: Hello, I'm not sure if this should be a bug or feature request. Internet fiber providers in the USA and abroad tag th... Michael LaCroix
12:45 PM Bug #12061 (Closed): Update NGINX to address CVE-2021-23017: @nginx-1.20.1,2@ is in the latest test build. GUI, XMLRPC, and captive portal are all working as expected.
While I... Jim Pingle
12:07 PM pfSense Packages Bug #12065 (Pull Request Review): PHP crash when creating a new report in mailreport 3.6.3_2: Jim Pingle
10:50 AM pfSense Packages Bug #12065: PHP crash when creating a new report in mailreport 3.6.3_2: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/96 Viktor Gurov
08:48 AM pfSense Packages Bug #11766 (Feedback): Certificate no more pointed "in use" by haproxy: PR has been merged. Thanks! Renato Botelho
08:48 AM pfSense Packages Bug #11937 (Feedback): HAproxy "Use Client-IP" option breaks Captive Portal: PR has been merged. Thanks! Renato Botelho
08:47 AM pfSense Packages Feature #10779 (Feedback): HAProxy SSL/TLS Compatibility Mode: PR has been merged. Thanks! Renato Botelho
08:46 AM pfSense Packages Bug #11491 (Feedback): haproxy-devel v0.62_2 - startup error 'httpchk': PR has been merged. Thanks! Renato Botelho
08:46 AM pfSense Packages Feature #10739 (Feedback): Update HAproxy-devel package to 2.2 and HAproxy to 2.0: PR has been merged. Thanks! Renato Botelho
08:44 AM pfSense Packages Bug #11993 (Feedback): PHP error after disabling HAProxy: PR has been merged. Thanks! Renato Botelho
08:39 AM pfSense Packages Bug #6235 (Resolved): Snort sometimes crashes during rule update process (specifically related to VRT .so rule update?): PR has been merged Renato Botelho
08:38 AM pfSense Packages Bug #11637 (Resolved): Preprocs - possible to create two defaults: PR has been merged Renato Botelho
08:20 AM pfSense Plus Bug #12068 (Not a Bug): Upgrade to 21.05 fails with seg fault: There is not enough information here to classify that as a bug, and there are numerous others who have upgraded succe... Jim Pingle
01:44 AM pfSense Plus Bug #12068 (Not a Bug): Upgrade to 21.05 fails with seg fault: When trying to upgrade the sg3100 to 21.05 (from 21.02.2). The upgrade fails during the system reload during the "con... Daniel Ramirez
07:29 AM Regression #12069 (Resolved): Panic in ``pfctl`` with large numbers of states: Only "one report of this so far":https://forum.netgate.com/post/988755, so it's unclear how many it may affect. User ... Jim Pingle

06/21/2021

11:38 PM Revision 6bc442e7: Welcome pfSense CE 2.5.2-RELEASE: Renato Botelho
09:31 PM pfSense Docs Correction #11735: Feedback on Hardware — Hardware Tuning and Troubleshooting: Of note, @hw.ix.flow_control=0@ in @loader.conf.local@ can still be used, though it's probably best to keep it as dev... Marcos M
03:43 PM pfSense Docs Correction #11735 (Feedback): Feedback on Hardware — Hardware Tuning and Troubleshooting: Updated as a part of https://gitlab.netgate.com/docs/pfSense-docs/-/commit/35e2d56cc2f1021b58ee71135d99d371e332af1e
Jim Pingle
12:53 PM pfSense Docs Correction #11735 (In Progress): Feedback on Hardware — Hardware Tuning and Troubleshooting: Jim Pingle
06:37 PM Bug #12061 (Feedback): Update NGINX to address CVE-2021-23017: I've cherry-picked commits to upgrade it to 1.20.1,2 on RELENG_2_5_2. Development branches will get it on next round... Renato Botelho
03:43 PM pfSense Docs Correction #9228 (Feedback): Feedback on Hardware — Hardware Sizing Guidance: Updated as a part of https://gitlab.netgate.com/docs/pfSense-docs/-/commit/35e2d56cc2f1021b58ee71135d99d371e332af1e
... Jim Pingle
01:06 PM pfSense Docs Correction #9228 (In Progress): Feedback on Hardware — Hardware Sizing Guidance: Jim Pingle
03:43 PM pfSense Docs New Content #10225 (Feedback): Add cryptographic hardware info to the SG-3100 manual: Not in the manual, but updated related info as a part of https://gitlab.netgate.com/docs/pfSense-docs/-/commit/35e2d5... Jim Pingle
03:35 PM pfSense Docs New Content #10225 (In Progress): Add cryptographic hardware info to the SG-3100 manual: Jim Pingle
03:10 PM Bug #11960: Gateway Monitoring Traffic Goes Out Default Gateway: Jim, Sorry for the delay but I've been out of the office a good bit the past month.
I've updated the SG-3100 to 21... James Blanton
10:29 AM pfSense Packages Bug #12031: Wireguard Package Produces Crash in 2.5.2: Christian McDonald wrote:
> Hi all,
>
> Yes this fix (along with a ton of other fixes) are in the current PR.
... Marcello Marques
09:53 AM pfSense Packages Bug #12031: Wireguard Package Produces Crash in 2.5.2: Hi all,
Yes this fix (along with a ton of other fixes) are in the current PR. Christian McDonald
09:12 AM pfSense Packages Bug #12031: Wireguard Package Produces Crash in 2.5.2: Renato Botelho wrote:
> I'll take care of this one
FWIW, I've been running 0.1.2 _(over several minor revisions)_... Marcello Marques
08:53 AM pfSense Packages Bug #12031: Wireguard Package Produces Crash in 2.5.2: I'll take care of this one Renato Botelho
08:34 AM pfSense Packages Bug #12031: Wireguard Package Produces Crash in 2.5.2: Kris Phillips wrote:
> Issue continues to be present in June 17th 2.5.2 RC build
It's already fixed in the latest... Marcello Marques
08:39 AM Bug #12067 (New): DHCP Monitoring Statistics Error: I have 2 DHCP pool (51 + 51 IP address) in one network (see attachments screen)
But monitoring DHCP show maximum dhc... Evgeny Korostelev
08:00 AM Bug #12049 (Pull Request Review): Input validation incorrectly rejects a second IPv4-only GRE tunnel: Jim Pingle
07:57 AM pfSense Packages Bug #12064 (Duplicate): Navbar not responsive when running iperf: Duplicate of #8502 Jim Pingle
07:44 AM Feature #12066: Include man and man pages for all core programs and packages: Currently we deliberately remove them to save on space, though these days space isn't at as much of a premium as it w... Jim Pingle
06:46 AM Regression #11316: Unbound crashes with signal 11 when reloading: As an ugly workaround, I'm using "Service Watchdog" package to restart *unbound* when it crashes. This happens every... Akom Benevolent
05:44 AM pfSense Packages Feature #12042: Add Zabbix 5.4 agent and proxy packages: Hello, thanks for the work, how long until available ? Nox Inmortus

06/20/2021

07:41 AM pfSense Packages Bug #12030: Startup Errors for Avahi Package: The service warnings are expected if you don't have publishing enabled. It's disabled by default.
See: https://forum... Steve Wheeler

06/19/2021

09:59 PM pfSense Packages Bug #12031: Wireguard Package Produces Crash in 2.5.2: Issue continues to be present in June 17th 2.5.2 RC build Kris Phillips
08:03 PM Bug #12050: "GoTo line #" function does not work on ``diag_edit.php``: seems working -- tested on 21.09.a.20210619.0100 Jordan G
04:44 PM Feature #12066 (New): Include man and man pages for all core programs and packages: Having the man pages - where available - for all out-of-the-box binaries would improve scenarios where there are no o... e 1/1
01:45 PM pfSense Packages Bug #12065 (Resolved): PHP crash when creating a new report in mailreport 3.6.3_2: When creating a new report in mail report 3.6.3_2 a PHP crash is generated. This is triggered as soon as you save the... Max Leighton
12:54 PM pfSense Packages Bug #12030: Startup Errors for Avahi Package: This issue is still present in the June 17th build. Kris Phillips
12:14 PM Bug #12039: Gateway alarm always triggers IPsec restart: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/289
https://gitlab.netgate.com/pfSense/FreeBSD-por... Viktor Gurov
12:13 PM pfSense Packages Bug #12064 (Duplicate): Navbar not responsive when running iperf: In iperf 3.0.2_5, after starting iperf client or server, the navbar is visible but clicking any of the dropdown menus... Max Leighton
02:51 AM Regression #12040 (Resolved): Scheduled firewall rules failing to load: works as expected on 2.5.2.r.20210617.1709:... Viktor Gurov
12:27 AM Bug #12049: Input validation incorrectly rejects a second IPv4-only GRE tunnel: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/288 Viktor Gurov

06/18/2021

10:02 PM Bug #11581 (Resolved): Cannot configure WAN IP address with ``/32`` CIDR mask via console menu: I was able to assign IP address with/32 via console
*** Welcome to pfSense 2.6.0-DEVELOPMENT (amd64) on pfSense *... Alhusein Zawi
08:46 PM Bug #6055: Menu items may remain from packages no longer installed: Chris Buechler wrote:
> Adrien Carlyle wrote:
> > Is there any way to manually correct this?
>
> Edit the <menu>... Jeff Strand
06:48 PM Revision 56ad99b3: Add PPP interface description to mpd config. Fixes #11959: Viktor Gurov
06:42 PM Revision c2c11dcf: Interpret numeric-only addresses as invalid in is_hostname(). Fixes #12000: Viktor Gurov
06:39 PM Revision 99f957fe: Insert Mobile IPsec NAT/BINAT rules into pf rule set. Fixes #12023: Viktor Gurov
06:37 PM Revision 8abff49b: Certmanager UTF8 DN support. Fixes #12041: Viktor Gurov
06:24 PM pfSense Docs New Content #12063 (Closed): Document recently added options for Configuring RFC 2136 Dynamic DNS updates: *Page:* https://docs.netgate.com/pfsense/en/latest/services/dyndns/rfc2136.html
*Feedback:*
# @Zone@: Field not o... Marcos M
06:08 PM Revision afab96d6: Fix #12060: Remove ZeroMQ support: Renato Botelho
05:21 PM pfSense Docs Correction #12062 (Closed): Add Netgate 2100 and 6100 to Throughput Considerations table: That whole page is going to go away: #9228
Once there is a static page we can link to with the numbers from the si... Jim Pingle
05:19 PM pfSense Docs Correction #12062 (Closed): Add Netgate 2100 and 6100 to Throughput Considerations table: h2. Please add the Netgate 2100 and Netgate 6100 to the table on the "Throughput Considerations page":https://docs.ne... Audian Paxson
03:36 PM pfSense Packages Bug #6235: Snort sometimes crashes during rule update process (specifically related to VRT .so rule update?): The Snort GUI package now has additional logic to ensure running Snort interfaces at the start of a rules update cycl... Bill Meeks
03:33 PM pfSense Packages Bug #11637: Preprocs - possible to create two defaults: The remaining GUI bug reported in this issue is fixed in this Snort GUI package Pull Request: https://github.com/pfs... Bill Meeks
03:16 PM Bug #12022 (Resolved): Incorrect OpenVPN Client Export help link: fixed
openvpn help points to https://docs.netgate.com/pfsense/en/latest/packages/openvpn-client-export.html
2.6... Alhusein Zawi
08:00 AM Bug #12022 (Feedback): Incorrect OpenVPN Client Export help link: Applied in changeset commit:62c8a02a9cc6585579fda1e5ec68a1fdbfb0d129. Jim Pingle
07:46 AM Bug #12022 (In Progress): Incorrect OpenVPN Client Export help link: Looks like the help.php line is referencing the wrong file. I'll fix it. Jim Pingle
02:44 AM Bug #12022: Incorrect OpenVPN Client Export help link: Tested on:... Danilo Zrenjanin
02:40 PM Revision 68d8e58c: Use full path for executables in /usr/local/sbin/ shell scripts. Fixes #11985: Viktor Gurov
02:37 PM Revision 692510f2: Do not escape special characters in certificate DN fields. Fixes #12034: Viktor Gurov
01:57 PM Feature #12011: Disable log compression on new installations when ``/var/log`` is a ZFS dataset with compression enabled: I thought perhaps I could have the default be assumed as 'none' with ZFS but in practice that didn't go as well as I'... Jim Pingle
01:55 PM Bug #11959: PPP interfaces lose the description field in ``ifconfig`` output when restarted: Applied in changeset commit:56ad99b3989f0d6bcf1f16ac3eaf727ec6b6c901. Viktor Gurov
01:48 PM Bug #11959 (Feedback): PPP interfaces lose the description field in ``ifconfig`` output when restarted: PR has been merged. Thanks! Renato Botelho
01:55 PM Bug #12000: Remote log server input validation allows invalid values: Applied in changeset commit:c2c11dcf6dd2b71d554d2870a39373e75c70e624. Viktor Gurov
01:45 PM Bug #12000 (Feedback): Remote log server input validation allows invalid values: PR has been merged. Thanks! Renato Botelho
01:45 PM Bug #12023: Mobile IPsec NAT/BINAT entries missing from firewall rules: Applied in changeset commit:99f957fe21d514f9b2bb945fb07c0277df210d03. Viktor Gurov
01:39 PM Bug #12023 (Feedback): Mobile IPsec NAT/BINAT entries missing from firewall rules: PR has been merged. Thanks! Renato Botelho
01:45 PM Bug #12041: Certificate Manager shows incorrect DN for imported entries with UTF-8 encoding: Applied in changeset commit:8abff49b82f6a8ee143cf10f939ed6ca2ad3d4d7. Viktor Gurov
01:38 PM Bug #12041 (Feedback): Certificate Manager shows incorrect DN for imported entries with UTF-8 encoding: PR has been merged. Thanks! Renato Botelho
01:15 PM Todo #12060 (Feedback): Remove deprecated ``libzmq`` code and references: Applied in changeset commit:afab96d6b3bcc47e8fb5b2cd8cbe49d4aefe1a55. Renato Botelho
01:00 PM Todo #12060 (Resolved): Remove deprecated ``libzmq`` code and references: Once upon a time ZMQ was intended to be a potential logging or notification type, but that hasn't been touched in qui... Jim Pingle
01:09 PM Bug #12061: Update NGINX to address CVE-2021-23017: http://nginx.org/en/CHANGES shows it's fixed in 1.20.1, but 1.20.1 is not yet in the ports tree: https://github.com/f... Jim Pingle
01:06 PM Bug #12061 (Closed): Update NGINX to address CVE-2021-23017: https://vuxml.freebsd.org/freebsd/0882f019-bd60-11eb-9bdd-8c164567ca3c.html
NGINX needs to be updated to resolve t... Kris Phillips
12:50 PM Revision 62c8a02a: Correct OpenVPN export help URLs. Fixes #12022: Jim Pingle
12:11 PM Bug #12059 (Rejected): After about an hour DNSSEC lookups start to fail: There isn't enough information to definitively identify this as a bug, and this site is not for support or diagnostic... Jim Pingle
12:07 PM Bug #12059 (Rejected): After about an hour DNSSEC lookups start to fail: After a fresh restart of the server or just unbound everything works great, in the below log paste I used idrive.com.... Keith Owen
11:38 AM pfSense Packages Bug #12058 (Duplicate): pfBlockerNG / "Cannot allocate memory" from Geo blocking IP list: My pfsense emailed me an error yesterday:
```
Notifications in this message: 1
================================
... Sean McBride
11:16 AM Revision 33a37573: RRD DB CPU Temperature. Feature #9297: Viktor Gurov
11:15 AM Revision 71024ca1: Remove package-related syslog configuration on uninstall. Fixes #11846: Viktor Gurov
11:12 AM Revision 44144b37: Hide "Reboot and run a filesystem check" for ZFS systems. Implements #11983: Viktor Gurov
11:11 AM Revision a0892760: Mute boot messages for inactive services. Issue #12038: Viktor Gurov
11:04 AM Revision 4d934cc4: Do not try to stop disabled packages on shutdown. Fixes #12001: Viktor Gurov
09:50 AM Todo #11985: Ensure ``/usr/local/sbin/`` scripts use full path to executable files: Applied in changeset commit:68d8e58c9efd5d43aa0331fa72c4140161972e36. Viktor Gurov
09:41 AM Todo #11985 (Feedback): Ensure ``/usr/local/sbin/`` scripts use full path to executable files: PR has been merged. Thanks! Renato Botelho
09:45 AM Bug #12034: Certificate Manager performs redundant escaping of special characters in certificate DN fields: Applied in changeset commit:692510f22097bc6100fde467d2f6b3aea8cd51bc. Viktor Gurov
09:39 AM Bug #12034 (Feedback): Certificate Manager performs redundant escaping of special characters in certificate DN fields: PR has been merged. Thanks! Renato Botelho
07:12 AM Bug #12034 (Pull Request Review): Certificate Manager performs redundant escaping of special characters in certificate DN fields: Jim Pingle
09:05 AM Feature #12055: Option to disable XMLRPC Sync for Loopback Virtual IPs: Changing the sync default behavior would be a POLA violation as it would break users who rely on that behavior now.
... Jim Pingle
08:49 AM Feature #12055: Option to disable XMLRPC Sync for Loopback Virtual IPs: That seems unnecessarily complex and counter-intuitive. If I go that route then I have a routable IP address on two d... Chris Myles
08:39 AM Feature #12055: Option to disable XMLRPC Sync for Loopback Virtual IPs: Then set FRR differently on each node so it only advertises the addresses you want from each node. FRR does not suppo... Jim Pingle
08:35 AM Feature #12055: Option to disable XMLRPC Sync for Loopback Virtual IPs: They should be advertised though as the loopbacks serve as the primary management addresses for their corresponding n... Chris Myles
08:26 AM Feature #12055: Option to disable XMLRPC Sync for Loopback Virtual IPs: Use the features built into the dynamic routing protocols to prevent those addresses from being advertised. That's th... Jim Pingle
08:20 AM Feature #12055: Option to disable XMLRPC Sync for Loopback Virtual IPs: The problem is that when you configure a loopback address, it's considered a directly connected network and will be a... Chris Myles
07:43 AM Feature #12055 (Feedback): Option to disable XMLRPC Sync for Loopback Virtual IPs: While it is capable of receiving traffic from another host, nothing could ARP for it, so it can't "conflict" as other... Jim Pingle
08:34 AM Regression #12057: 21.09/2.6.0 - High CPU usage and slowness with ``pfctl -ss``: As I mentioned on #12045 we are aware and it will be automatically addressed during the next upstream sync. 2.6.0 is ... Jim Pingle
08:28 AM Regression #12057 (Resolved): 21.09/2.6.0 - High CPU usage and slowness with ``pfctl -ss``: pfctl -ss is taking consuming large amounts of CPU and taking much longer than it should to output data on 2.6:
ht... RED SKULL
08:27 AM Regression #12045: High CPU usage and slowness with ``pfctl -ss``: Yes, we are aware, but 2.6.0 will get the fix when we do a full sync with FreeBSD sources next, which wasn't an optio... Jim Pingle
08:23 AM Regression #12045: High CPU usage and slowness with ``pfctl -ss``: 2.6 has the same problem. This fix needs to be applied there too.
https://www.reddit.com/r/PFSENSE/comments/nz8fm... RED SKULL
07:37 AM pfSense Packages Bug #12054 (Feedback): "succesfully" misspelled: Pushed a fix. The typo was repeated a total of three times in there, actually. Jim Pingle
07:28 AM pfSense Plus Bug #12053 (Feedback): PRF Algorithm is Always Set to SHA256 on New Tunnel Creations: I can't reproduce this here. I see the config.xml tag @<prf-algorithm>sha256</prf-algorithm>@ but it does not get put... Jim Pingle
06:25 AM Bug #11846: Logging configuration added by a package is not removed on uninstall: Applied in changeset commit:71024ca1064fe21145d7402ec5abc05360558f5e. Viktor Gurov
06:15 AM Bug #11846 (Feedback): Logging configuration added by a package is not removed on uninstall: PR has been merged. Thanks! Renato Botelho
06:20 AM Todo #11983: Hide "Reboot and run a filesystem check" for ZFS systems: Applied in changeset commit:44144b377d3282f8e95c676e8fae1d343ba3f8b7. Viktor Gurov
06:13 AM Todo #11983 (Feedback): Hide "Reboot and run a filesystem check" for ZFS systems: PR has been merged. Thanks! Renato Botelho
06:17 AM Feature #9297 (Feedback): Graph for hardware temperature readings: PR has been merged. Thanks! Renato Botelho
06:12 AM Bug #12038 (Feedback): System attempts to start inactive services at boot: PR has been merged. Thanks! Renato Botelho
06:10 AM Bug #12001: System attempts to stop inactive services at shutdown: Applied in changeset commit:4d934cc48211f4b746da6de57e6e888104694f22. Viktor Gurov
06:04 AM Bug #12001 (Feedback): System attempts to stop inactive services at shutdown: PR has been merged. Thanks! Renato Botelho
05:51 AM Bug #12056 (Pull Request Review): Filterlog says "Unknown Option %u": I see the following messages in my filter logs:... Florian Apolloner
05:09 AM Regression #12048: Error during XMLRPC synchronization due to changes in ``pear-HTTP_Request2``: I've created an upstream issue at https://github.com/pear/HTTP_Request2/issues/23 Renato Botelho
04:59 AM Regression #11910: IPsec status tunnel descriptions are incorrect: Kris Phillips wrote:
> Saw this yesterday. Customer has the following:
>
> 3 P1s, 2 were IKEv1 and 1 was IKEv2
... Renato Botelho
04:34 AM Bug #11926 (Resolved): Advanced DHCP client configuration "Protocol timing" help text is in the wrong location: Tested on:... Danilo Zrenjanin

06/17/2021

10:47 PM Feature #12055: Option to disable XMLRPC Sync for Loopback Virtual IPs: Forgot the doc link - here it is: https://docs.netgate.com/pfsense/en/latest/firewall/virtual-ip-addresses.html Chris Myles
10:46 PM Feature #12055 (Closed): Option to disable XMLRPC Sync for Loopback Virtual IPs: According to this pfSense doc, Loopback IPs are synchronized via XMLRPC because they are only ever active on the loca... Chris Myles
08:53 PM pfSense Packages Bug #12054 (Resolved): "succesfully" misspelled: When fetching a patch, the message "Patch fetched succesfully" is missing an S. Steve Y
07:55 PM pfSense Plus Bug #12053: PRF Algorithm is Always Set to SHA256 on New Tunnel Creations: Selection feature was introduced in changeset f5ddbec114b3b9ecce14761d173381556422061b Kris Phillips
07:52 PM pfSense Plus Bug #12053: PRF Algorithm is Always Set to SHA256 on New Tunnel Creations: Reference internal ticket INC-87329 for troubleshooting steps with customer that experienced this. Kris Phillips
07:51 PM pfSense Plus Bug #12053 (Closed): PRF Algorithm is Always Set to SHA256 on New Tunnel Creations: When creating new P1s regardless of what the hash algorithm is set to the variable in config.xml is always set to <pr... Kris Phillips
07:28 PM Regression #12048 (New): Error during XMLRPC synchronization due to changes in ``pear-HTTP_Request2``: Latest 2.5.2 build looks good with pear-HTTP_Request2 2.3.0,1.
Moving this ahead to 2.6.0 for (hopefully) a long t... Jim Pingle
04:29 PM Regression #12048 (Feedback): Error during XMLRPC synchronization due to changes in ``pear-HTTP_Request2``: pear-HTTP_Request2 downgraded to 2.3.0,1 Renato Botelho
01:56 PM Regression #12048: Error during XMLRPC synchronization due to changes in ``pear-HTTP_Request2``: Jim Pingle wrote:
> I have been able to narrow this down further to this change:
>
> [...]
>
> If I go back to... Luca De Andreis
01:16 PM Regression #12048: Error during XMLRPC synchronization due to changes in ``pear-HTTP_Request2``: I have been able to narrow this down further to this change:... Jim Pingle
12:50 PM Regression #12048: Error during XMLRPC synchronization due to changes in ``pear-HTTP_Request2``: After checking many, many different things (SSL, crypto settings, nginx settings, and more) I went back and tried old... Jim Pingle
07:00 PM Revision 9455c6ef: XMLRPC sync improvements. Implements #12051: Jim Pingle
06:04 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: I can confirm that applying the PCRE_JIT patch fixed this problem for me on 21.05. Clinton Cory
05:44 PM Revision f0e84135: Moves the help text to the appropriate place. Issue #11926: Danilo Zrenjanin
05:34 PM Revision 760d4d13: Build QEMU Guest Agent. Feature #9877: Viktor Gurov
05:10 PM Revision cf11a8a5: Allow to swith to Persistent Maintenance Mode if CARP is disabled. Fixes #11727: Viktor Gurov
05:08 PM Revision 97762ce9: Enable build of zabbix 5.4 packages: Renato Botelho
05:04 PM Revision 4e3ab7d2: Add Zabbix 5.4 config options. Feature #12042: Viktor Gurov
04:06 PM Revision 1b910463: Fixed #12050 by adding new JumpToLine() function and calling as needed: Steve Beaver
03:02 PM Regression #12052 (Resolved): IPsec status IKE disconnect button drops all connections for the IKE ID, not a specific IKE SA ID: *Plataform:*
Version 2.5.1-RELEASE (amd64) on VMWare
built on Mon Apr 12 07:50:14 EDT 2021
FreeBSD 12.2-STABLE
... Geovane Gonçalves
02:10 PM Todo #12051 (Feedback): XMLRPC client improvements: Applied in changeset commit:9455c6ef8fa512b9341885c2186f7a79ac59cf2b. Jim Pingle
01:52 PM Todo #12051 (Resolved): XMLRPC client improvements: There are a few changes that could be beneficial for the XMLRPC sync client:
* The same client can be reused for m... Jim Pingle
12:44 PM Bug #11926 (Feedback): Advanced DHCP client configuration "Protocol timing" help text is in the wrong location: PR has been merged. Thanks! Renato Botelho
12:35 PM Feature #9877 (Feedback): QEMU Guest Agent: PR has been merged. Thanks! Renato Botelho
12:20 PM Bug #11727: Cannot enter persistent CARP maintenance mode when CARP is disabled: Applied in changeset commit:cf11a8a5b5752cdf3b4739b1ae1ed56e197705c3. Viktor Gurov
12:12 PM Bug #11727 (Feedback): Cannot enter persistent CARP maintenance mode when CARP is disabled: PR has been merged. Thanks! Renato Botelho
12:09 PM pfSense Packages Feature #12042 (Feedback): Add Zabbix 5.4 agent and proxy packages: PRs merged. Thanks!
I also enabled the build on poudriere_bulk for CE 2.6.0 Renato Botelho
11:15 AM Bug #12050: "GoTo line #" function does not work on ``diag_edit.php``: Applied in changeset commit:1b9104637f304697ec714d8b6ceb8f95466b52b1. Anonymous
11:08 AM Bug #12050 (Feedback): "GoTo line #" function does not work on ``diag_edit.php``: Functionality provided via new JS function jumpToLine() called when requesting GoTo line Anonymous
11:05 AM Bug #12050 (Resolved): "GoTo line #" function does not work on ``diag_edit.php``: When entering a value in the GoTo line # field, the requested line is highlighted, but the textarea does not scroll t... Anonymous
10:59 AM Regression #11910: IPsec status tunnel descriptions are incorrect: Saw this yesterday. Customer has the following:
3 P1s, 2 were IKEv1 and 1 was IKEv2
3 P2s, the 2 for the IKEv1 w... Kris Phillips
10:58 AM Revision dff043e9: Revert "Enable build of Telegraf on armv7": This reverts commit 99e7f9ec562cb3a0f614c60ae7813d8318cdff17. Renato Botelho
10:29 AM Bug #12049: Input validation incorrectly rejects a second IPv4-only GRE tunnel: This is not a regression. Too late for 2.5.2 Renato Botelho
04:20 AM Bug #12049 (Resolved): Input validation incorrectly rejects a second IPv4-only GRE tunnel: More info:
-> This only occurs when creating A 2ND SUCH TUNNEL FOR THE SAME "Parent Interface"
-> The "GRE-tu... Peter Van Overveldt
10:21 AM Revision 99e7f9ec: Enable build of Telegraf on armv7: Renato Botelho
08:02 AM Bug #11850: NTP authentication input validation rejects valid keys: Thanks the effort made.
Just want to confirm: in *21.05-RELEASE* it works now as expected. Thomas Paetzold
06:32 AM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: Charles Jackson wrote:
> I've managed to get two XBoX's and a gaming PC on my network and one Xbox and the PC to con... T S

06/16/2021

05:00 PM Revision b2a8595c: Fix filename: Renato Botelho
02:03 PM Revision 21fb5288: Correct pfctl syntax to kill by label. Fixes #12040: (cherry picked from commit 2afcd4527d4b245c7968bf7ac6b6c505259fe6c9) Jim Pingle
02:02 PM Revision 2afcd452: Correct pfctl syntax to kill by label. Fixes #12040: Jim Pingle
01:57 PM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: Charles Jackson wrote:
> I've managed to get two XBoX's and a gaming PC on my network and one Xbox and the PC to con... Polar Nerd
01:46 PM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: I've managed to get two XBoX's and a gaming PC on my network and one Xbox and the PC to connect to and play the same ... Charles Jackson
12:04 PM pfSense Packages Feature #12042: Add Zabbix 5.4 agent and proxy packages: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/287
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-... Viktor Gurov
09:58 AM Regression #12048 (Confirmed): Error during XMLRPC synchronization due to changes in ``pear-HTTP_Request2``: At first I couldn't reproduce it, but now I can every time. Not sure what changed. It didn't show up in the logs or n... Jim Pingle
07:20 AM Regression #12048 (Rejected): Error during XMLRPC synchronization due to changes in ``pear-HTTP_Request2``: I cannot replicate the problem as stated and nothing changed between the previous builds which would have impacted XM... Jim Pingle
03:08 AM Regression #12048 (Closed): Error during XMLRPC synchronization due to changes in ``pear-HTTP_Request2``: I've just update the test PfSense cluster to release
2.5.2.r.20210615.1851
On the immediately preceding release ... Luca De Andreis
09:11 AM Regression #12037 (Closed): Built-in SNMP daemon does not return values for BEGEMOT-PF-MIB::pfLabels on latest build: SNMP daemon is returning correct responses now Jim Pingle
09:10 AM Regression #12040 (Feedback): Scheduled firewall rules failing to load: Applied in changeset commit:2afcd4527d4b245c7968bf7ac6b6c505259fe6c9. Jim Pingle
09:00 AM Regression #12040 (In Progress): Scheduled firewall rules failing to load: The scheduled rules are loading, but commit:765277ba6d873847c6c5b5657877e9fb0cec4357 needs another fix to correct the... Jim Pingle
09:07 AM Regression #12045 (Resolved): High CPU usage and slowness with ``pfctl -ss``: The latest build includes the fixes for this and it's working properly now. Dumping the states is fast no matter how ... Jim Pingle
07:57 AM Bug #12034: Certificate Manager performs redundant escaping of special characters in certificate DN fields: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/286 Viktor Gurov
07:17 AM Bug #12034: Certificate Manager performs redundant escaping of special characters in certificate DN fields: it looks like `cert_escape_x509_chars()` is not needed - `openssl_csr_new()` automatically adds double quotes in case... Viktor Gurov

06/15/2021

06:38 PM pfSense Plus Bug #11942: Disconnecting WAN Interface Kills OpenVPN Servers on Other Interfaces: I lied about the static. Still no dice. Web Dawg
06:37 PM pfSense Plus Bug #11942: Disconnecting WAN Interface Kills OpenVPN Servers on Other Interfaces: UDP ipv4
It seems to work better if their is a static assigned to WAN, but not scientific test. Will test here so... Web Dawg
05:21 PM Regression #12045 (Feedback): High CPU usage and slowness with ``pfctl -ss``: I've cherry-picked commits from upstream/main to pfsense/RELENG_2_5_2 that should help this case:
b5d787d93b3d83f2... Renato Botelho
01:55 PM Regression #12045 (Resolved): High CPU usage and slowness with ``pfctl -ss``: Some users have found that @pfctl -ss@ is taking consuming large amounts of CPU and taking much longer than it should... Jim Pingle
05:20 PM Todo #12047 (Closed): Make sure libnv fixes are on devel-12 branch: Following commits were cherry-picked directly from upstream/main to pfsense/RELENG_2_5_2 in order to fix #12045.
b... Renato Botelho
04:53 PM Bug #12034: Certificate Manager performs redundant escaping of special characters in certificate DN fields: Here's some more details when examining certificates generated from different sources:
# Cert from third-party app... Marcos M
02:49 PM pfSense Docs Todo #12046 (Rejected): Feedback on Troubleshooting — Troubleshooting Duplicate IPsec SA Entries: That's expected at the moment, but already being worked on.
I'm in the process of updating the other documentation... Jim Pingle
02:43 PM pfSense Docs Todo #12046 (Rejected): Feedback on Troubleshooting — Troubleshooting Duplicate IPsec SA Entries: The confusion is around how to "disable". The way to disable seems to be conflicting?
*Page:* https://docs.netgate... Brendon Baumgartner
01:52 PM Revision 474b0fed: Start IPv6 tunnel interfaces on boot and restart on dynamic IPv6 change. Fixes #6507: Viktor Gurov
01:48 PM Revision 015a4824: Easyrule IPv6 fix. Issue #11439: Viktor Gurov
01:00 PM Revision 27a8acbb: Use 'tos' rather than 'dscp' keyword for pf DSCP matching: The 'dscp' keyword is pfSense-specific, but doesn't do anything more
than the FreeBSD 'tos' keyword.
Using 'tos' will... Kristof Provost
12:59 PM Revision 0b817201: Tell pf to keep counter values: Pf can attempt to preserve (rule) counter values across rule updates.
We've reverted our home-grown implementation an... Kristof Provost
12:59 PM Revision 765277ba: schedule: Use the new multi-label support: We've removed the pfsense specific 'schedule' keyword, and now use the new
multi-label support. That is, schedules ar... Kristof Provost
11:04 AM Bug #12041 (Pull Request Review): Certificate Manager shows incorrect DN for imported entries with UTF-8 encoding: Jim Pingle
10:52 AM Bug #12041: Certificate Manager shows incorrect DN for imported entries with UTF-8 encoding: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/285 Viktor Gurov
09:28 AM Bug #12041 (Resolved): Certificate Manager shows incorrect DN for imported entries with UTF-8 encoding: If you import a certificate containing UTF8 encoding into certificate manager,
it shows escaped unicode characters i... Viktor Gurov
10:56 AM Todo #12044 (Resolved): Improve IPsec identifier settings: We expose several IPsec identifier types in the GUI. strongSwan supports a few more, plus an automatic type. Addition... Jim Pingle
09:37 AM pfSense Packages Feature #12042 (Resolved): Add Zabbix 5.4 agent and proxy packages: New release from Zabbix, please add this new version : https://www.zabbix.com/rn/rn5.4.0 Nox Inmortus
09:21 AM pfSense Packages Bug #11605: Suricata can trigger PHP crash on SG-3100: Justin P wrote:
> Bill Meeks wrote:
> > Jim Pingle wrote:
> > > Bill Meeks wrote:
> > > > Does this function call... Justin P
09:20 AM Bug #6507: GRE and GIF tunnels on dynamic IPv6 interface are not brought up during boot: Applied in changeset commit:474b0fed67a9e2682526a230d410a4339ec7972d. Viktor Gurov
09:10 AM Bug #6507 (Feedback): GRE and GIF tunnels on dynamic IPv6 interface are not brought up during boot: PR has been merged. Thanks! Renato Botelho
08:49 AM Feature #11439 (Feedback): IPv6 support in ``easyrule`` CLI script: PR has been merged. Thanks! Renato Botelho
08:06 AM Regression #12040 (Feedback): Scheduled firewall rules failing to load: There were some commits for the latest pf changes which were not included in the last 2.5.2 build, but will be in the... Jim Pingle
08:03 AM Regression #12040 (Resolved): Scheduled firewall rules failing to load: In 2.5.2-RC firewall rules with a schedule fail to load generating an error.
Tested using this config:... Steve Wheeler
07:27 AM Regression #12037 (Feedback): Built-in SNMP daemon does not return values for BEGEMOT-PF-MIB::pfLabels on latest build: Merged into devel-12 and cherry-picked to RELENG_2_5_2. Kristof Provost
07:14 AM Regression #12037 (Pull Request Review): Built-in SNMP daemon does not return values for BEGEMOT-PF-MIB::pfLabels on latest build: Jim Pingle
07:06 AM Regression #12037 (Waiting on Merge): Built-in SNMP daemon does not return values for BEGEMOT-PF-MIB::pfLabels on latest build: This was the result of an incorrect conversion to libpfctl (a DIOICGETRULE ioctl call was replaced by pfctl_add_rule(... Kristof Provost
07:18 AM Bug #12038 (Pull Request Review): System attempts to start inactive services at boot: Jim Pingle
04:56 AM Bug #12038: System attempts to start inactive services at boot: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/284 Viktor Gurov
03:43 AM Bug #12038 (Resolved): System attempts to start inactive services at boot: ... Viktor Gurov
04:04 AM Bug #12039 (Resolved): Gateway alarm always triggers IPsec restart: There are several issues:
1) '/etc/rc.gateway_alarm' trigger '/etc/rc.newipsecdns' which generate an invalid log m... Viktor Gurov

Also available in: Atom

Project

General

Profile

pfSense

Activity

Activity

07/14/2021

07/13/2021

07/12/2021

07/11/2021

07/10/2021

07/09/2021

07/08/2021

07/07/2021

07/06/2021

07/05/2021

07/04/2021

07/03/2021

07/02/2021

07/01/2021

06/30/2021

06/29/2021

06/28/2021

06/27/2021

06/26/2021

06/25/2021

06/24/2021

06/23/2021

06/22/2021

06/21/2021

06/20/2021

06/19/2021

06/18/2021

06/17/2021

06/16/2021

06/15/2021