Activity

30 days up to

User

Subprojects

Activity

From 07/09/2021 to 08/07/2021

08/07/2021

08:52 PM pfSense Packages Bug #12157 (Confirmed): Snort exits with Signal 10 on 32bit ARM platforms: I've confirmed this behavior on an SG-3100 on 21.05.1 once we fixed the Signal 11 issue in the above-linked redmine. ... Kris Phillips
08:47 PM Bug #12232: OpenVPN status incorrect for TAP servers without a defined tunnel network: I'm not able to reproduce this bug on 21.05.1. This may be a CE-only issue as I can see a status page in TAP mode on... Kris Phillips
02:29 PM Bug #12232 (Resolved): OpenVPN status incorrect for TAP servers without a defined tunnel network: Creating an OpenVPN server TAP mode without specifying the IPv4 Tunnel Network will result in the Status>OpenVPN page... Max Leighton
08:32 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: Did we end up with PCRE JIT disabled still in 21.05.1 or was the disabled JIT component re-enabled with the new build... Kris Phillips
03:48 PM Feature #12181: Add connect/disconnect buttons to IPsec dashboard widget: added
2.6.0.a.20210806.0100
Alhusein Zawi
03:30 PM pfSense Packages Bug #11627 (Resolved): rc file is not deleted: Tested with arpwatch 0.2.0_5.
/usr/local/etc/rc.d/arpwatch.sh is removed after disabling the service. Marking the... Max Leighton
02:41 PM Revision fbf4a07f: Correct syntax. Fixes #12229: Jim Pingle
02:32 PM Bug #11187: WAN_DHCP6 down, but IPv6 actually works: I've been wondering is there should be two default gateways, once for each IPv4 and IPv6. I only see default marked ... Loh Phat
02:25 PM Bug #11187: WAN_DHCP6 down, but IPv6 actually works: Looks like it doesn't happen with 2.5.2 anymore (gateway still online after 31d of uptime) Aleksandr Mezin
01:51 PM Regression #12186 (Resolved): tags shown in Status>IPsec: Tested in
21.09-DEVELOPMENT (amd64)
built on Fri Aug 06 01:12:10 EDT 2021
FreeBSD 12.2-STABLE
Looks good. Ma... Max Leighton
01:30 PM Bug #12231 (Duplicate): Upgrade to latest Dev Build results in broken install: Duplicate of #12229 Jim Pingle
01:13 PM Bug #12231 (Duplicate): Upgrade to latest Dev Build results in broken install: Upgrading to 2.6.0.a.20210807.0500 or 21.09.a.20210807.0500 is resulting in the following after the upgrade completes... Max Leighton
10:04 AM Bug #9058: Kernel panic during L2TP retransmit: All the messages will be removed soon. They are only there right now to confirm the problem condition is being exerci... Mateusz Guzik
06:08 AM Bug #9058: Kernel panic during L2TP retransmit: Now I'm getting the following message every minute:... Bianco Veigel
06:01 AM Bug #9058: Kernel panic during L2TP retransmit: Mateusz Guzik wrote in #note-35:
> Hi Bianco,
>
> did you get the chance to test the fix?
>
> If you check dme... Bianco Veigel
09:50 AM Regression #12229: Revision 0d3747aa - missing semicolons: Applied in changeset commit:fbf4a07f41f93745850adf5a3b1ea345628693ab. Jim Pingle
09:43 AM Regression #12229 (Feedback): Revision 0d3747aa - missing semicolons: Pushed a fix Jim Pingle
05:56 AM Regression #12229 (Resolved): Revision 0d3747aa - missing semicolons: A couple missing semicolons after return statements in system.inc Steve Harrington
09:42 AM Bug #12230 (Duplicate): Fatal parse error in 2.6.0.a.20210807.0500 breaks boot: Duplicate of #12229 Jim Pingle
07:11 AM Bug #12230 (Duplicate): Fatal parse error in 2.6.0.a.20210807.0500 breaks boot: "Parse error: syntax error, unexpected '}', expecting ';' in /etc/inc/system.inc on line 1671" error causes 2.6.0.a.2... RED SKULL

08/06/2021

11:54 PM pfSense Packages Bug #12088 (Resolved): Setting Advertise Capability to ORF leads to invalid configuration preventing frr from starting: Working well. Marking as resolved. Marcos M
05:07 PM Bug #12095: Memory leak in pcscd: I haven't run into this issue before but just today I noticed swap usage at 100% and memory was very high, turns out ... Sean M
04:24 PM Bug #9058: Kernel panic during L2TP retransmit: Sounds good, thanks for the update! Mateusz Guzik
04:18 PM Bug #9058: Kernel panic during L2TP retransmit: I've updated to 2.6.0-DEVELOPMENT (amd64) built on Fri Aug 06 01:10:08 EDT 2021 this evening, and am waiting if it cr... Bianco Veigel
04:15 PM Bug #9058: Kernel panic during L2TP retransmit: Hi Bianco,
did you get the chance to test the fix?
If you check dmesg and see messages like these:... Mateusz Guzik
03:40 PM Revision 0d3747aa: Improve NTP serial port validation. Fixes #12191: Jim Pingle
03:01 PM Regression #11910: IPsec status tunnel descriptions are incorrect: > That should be fixed along with everything else in snapshots. Try it there.
Confirmed! 21.09.a.20210806.0100 f... Charles Hamilton
01:26 PM Bug #12202 (Pull Request Review): When a CARP VIP VHID change is synchronized to a secondary node, the CARP VIP is removed from the interface and the old VHIDs remain active: Jim Pingle
01:04 PM Bug #12202: When a CARP VIP VHID change is synchronized to a secondary node, the CARP VIP is removed from the interface and the old VHIDs remain active: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/329 Viktor Gurov
11:45 AM Regression #12228: States table content in GUI is corrupted/invalid on snapshots: Plus snapshot: 21.09.a.20210806.0500
CE snapshot: 2.6.0.a.20210806.0500 Jim Pingle
11:41 AM Regression #12228 (Resolved): States table content in GUI is corrupted/invalid on snapshots: On current Plus 21.09 and CE 2.6.0 snapshots @diag_dump_states.php@ contains invalid data (see attached image).
Th... Jim Pingle
10:08 AM pfSense Packages Bug #12220 (Rejected): BIND package missing in 2.6.0-DEVELOPMENT: The package is present on current snapshots. You have some issue locally on your firewall. This site is not for suppo... Jim Pingle
10:01 AM Bug #12227 (Pull Request Review): Changing VHID on CARP VIP does not update VHID of related IP Alias VIPs: Jim Pingle
09:28 AM Bug #12227: Changing VHID on CARP VIP does not update VHID of related IP Alias VIPs: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/328 Viktor Gurov
07:59 AM Bug #12227 (Resolved): Changing VHID on CARP VIP does not update VHID of related IP Alias VIPs: 192.168.88.44 - CARP VIP (VHID: 1)
192.168.88.45 - IP Alias on CARP VIP:... Viktor Gurov
08:05 AM Feature #12226 (Pull Request Review): Copy button for group entries in the User Manager: Jim Pingle
05:28 AM Feature #12226: Copy button for group entries in the User Manager: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/327 Viktor Gurov
05:20 AM Feature #12226 (Resolved): Copy button for group entries in the User Manager: It would be very helpful to have a "Copy group" icon on system_groupmanager.php page to manage groups with a large nu... Viktor Gurov
07:59 AM Bug #12225 (Pull Request Review): Group membership field is not needed for remote groups: Jim Pingle
05:04 AM Bug #12225: Group membership field is not needed for remote groups: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/326 Viktor Gurov
04:33 AM Bug #12225 (Rejected): Group membership field is not needed for remote groups: The "Group Membership" field on the system_groupmanager.php page is not needed if Scope = Remote
It can be confusing... Viktor Gurov
07:56 AM Bug #12224 (Pull Request Review): OpenVPN page allows to delete/disable instance with an assigned interface: Jim Pingle
03:54 AM Bug #12224: OpenVPN page allows to delete/disable instance with an assigned interface: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/325 Viktor Gurov
03:17 AM Bug #12224 (Resolved): OpenVPN page allows to delete/disable instance with an assigned interface: OpenVPN page allows to delete/disable an instance with an assigned interface
which leads to the wrong interface assi... Viktor Gurov
07:38 AM Bug #11891 (Pull Request Review): strongSwan configuration contains incorrect structure for mobile pool DNS records: Jim Pingle
01:42 AM Bug #11891: strongSwan configuration contains incorrect structure for mobile pool DNS records: Jim Pingle wrote in #note-6:
> Reverted RADIUS-specific parts of the change here for now, it was causing the configur... Viktor Gurov
07:36 AM Bug #12223 (Pull Request Review): Configuration files are not deleted after disabling an OpenVPN instance: Jim Pingle
01:37 AM Bug #12223: Configuration files are not deleted after disabling an OpenVPN instance: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/324 Viktor Gurov
12:52 AM Bug #12223 (Resolved): Configuration files are not deleted after disabling an OpenVPN instance: After setting "Disable this server" checkbox files under @/var/etc/openvpn/server|clientX/@ are not deleted Viktor Gurov
07:35 AM Bug #11999 (Pull Request Review): OpenVPN IPv6 tunnel network is not validated properly: Jim Pingle
01:21 AM Bug #11999: OpenVPN IPv6 tunnel network is not validated properly: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/323 Viktor Gurov
07:18 AM pfSense Packages Bug #11780: Suricata package fails to prune suricata.log: related discussion:
https://forum.netgate.com/topic/165352/suricata-log-rotation-bug Viktor Gurov
12:40 AM Feature #12222 (Rejected): OpenVPN with LDAP active directory auth with Two factor authentication: This should be implemented on the backend side, but not on the appliance.
For example, you can already use a RADIU... Viktor Gurov
12:32 AM Feature #12222 (Rejected): OpenVPN with LDAP active directory auth with Two factor authentication: Hi, it would be very useful to add two factor functionality (google authenticator for example) for OpenVPN with activ... Franz Angeli

08/05/2021

10:05 PM Revision 868c1a67: Init [''system']['acb']: Steve Beaver
06:03 PM Revision 3f818d8a: OpenVPN GUI field adjustments. Implements #12218: * Move description to the top of the page
* For clients and servers, show the ID and corresponding interface name
* S... Jim Pingle
04:14 PM pfSense Packages Bug #12220 (Rejected): BIND package missing in 2.6.0-DEVELOPMENT: After upgrading to 2.6.0-DEVELOPMENT there is no BIND package anymore. Bianco Veigel
03:45 PM Revision a7705968: IPsec Keep Alive corrections. Fixes #12169: * Checked CARP VIP status if used by P1, if VIP is in BACKUP or INIT
state, it does not attempt to initiate.
* Disabl... Jim Pingle
03:19 PM Regression #11986 (Resolved): Static routes may not be in routing table when expected: As noted above, this was worked around for now by reverting the commits from #11296 but I'm changing this one slightl... Jim Pingle
02:11 PM pfSense Packages Bug #12101 (Pull Request Review): ArpWatch Suppression Mac for "flip-flop" not suppressing: Jim Pingle
11:45 AM pfSense Packages Bug #12101: ArpWatch Suppression Mac for "flip-flop" not suppressing: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/112 Viktor Gurov
01:47 PM Feature #12190: Ability to use an IPv6 prefix in firewall rules: I see alias addresses in FW rules are stored as $alias_name when resolved by filter_generate_address(). Can someone ... Greg Wallace
01:10 PM Todo #12218 (Feedback): Move "Description" option on OpenVPN server and client pages to top of the page, show internal instance ID: Applied in changeset commit:3f818d8a52dc965cb48e367cd1f22542b6058c0c. Jim Pingle
11:35 AM Todo #12218 (In Progress): Move "Description" option on OpenVPN server and client pages to top of the page, show internal instance ID: Jim Pingle
09:50 AM Todo #12218 (Resolved): Move "Description" option on OpenVPN server and client pages to top of the page, show internal instance ID: More logical to have the description be first to easily identify the tunnel at a glance.
Also, show the internal I... Jim Pingle
10:58 AM Regression #12215 (Feedback): OpenVPN does not resync when running on a gateway group: Unable to reproduce on 2.6.0.a.20210805.0500 -
OpenVPN with gwgroup successfully resync on gateway failure/restore
... Viktor Gurov
05:06 AM Regression #12215 (Closed): OpenVPN does not resync when running on a gateway group: Hi all,
It seems that quite a bit of the codebase has changed in the relevant files since the fix I implemented in... James Webb
10:55 AM Feature #12169 (Feedback): IPsec keep alive option to initiate phase 2 without using ICMP: Applied in changeset commit:a7705968eac0b3d21739d88736610aed4785426d. Jim Pingle
10:54 AM pfSense Packages Regression #12125 (Resolved): squidguard 1.16.18_19 conguration error: PR merged. Jim Pingle
10:49 AM pfSense Packages Regression #12125 (Feedback): squidguard 1.16.18_19 conguration error: Merged Viktor Gurov
07:58 AM pfSense Packages Regression #12125 (Pull Request Review): squidguard 1.16.18_19 conguration error: Jim Pingle
04:34 AM pfSense Packages Regression #12125: squidguard 1.16.18_19 conguration error: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/111 Viktor Gurov
10:19 AM Bug #12219 (Resolved): Prevent using OpenVPN "Inactive" option with point-to-point modes: By default on current versions we set the OpenVPN server option Inactive to 300 (See #11699) but this should only be ... Jim Pingle
09:44 AM Regression #12217: Kernel panic in IPFW when using Captive Portal: Attaching textdump from test VM without CARP. Jim Pingle
09:37 AM Regression #12217: Kernel panic in IPFW when using Captive Portal: Removing CARP from the subject since it doesn't appear to be a requirement to reproduce. Jim Pingle
09:26 AM Regression #12217: Kernel panic in IPFW when using Captive Portal: This is actually easier to reproduce than I thought. If I take a fresh install of pfSense CE on a current snapshot (2... Jim Pingle
09:17 AM Regression #12217 (Resolved): Kernel panic in IPFW when using Captive Portal: Starting around the 2.6.0 snapshot on August 3rd (20210803*), a VM configured for HA with Captive Portal experiences ... Jim Pingle
09:39 AM Bug #12039 (Pull Request Review): Gateway alarm always triggers IPsec restart: Jim Pingle
09:21 AM Bug #12216 (Pull Request Review): ARM 32/64 network boot options are not parsed on Static DHCP Mapping page: Jim Pingle
09:13 AM Bug #12216: ARM 32/64 network boot options are not parsed on Static DHCP Mapping page: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/322 Viktor Gurov
08:33 AM Bug #12216 (Resolved): ARM 32/64 network boot options are not parsed on Static DHCP Mapping page: Saved entries "32-bit ARM file name" and "64-bit ARM file name" are not displayed on page refresh
and do not affect ... Viktor Gurov
08:15 AM Feature #11659 (Pull Request Review): Support for UEFI HTTP Boot option in DHCPv4 Server: Jim Pingle
08:14 AM Feature #11659: Support for UEFI HTTP Boot option in DHCPv4 Server: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/321 Viktor Gurov
07:57 AM pfSense Packages Bug #12204 (Pull Request Review): Certificate Manager page doesn't show Syslog-NG used certificates: Jim Pingle
02:35 AM pfSense Packages Bug #12204: Certificate Manager page doesn't show Syslog-NG used certificates: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/110 Viktor Gurov
07:55 AM Feature #12213 (Pull Request Review): Support SHA-256 hash NTP authentication: Jim Pingle
01:44 AM Feature #12213: Support SHA-256 hash NTP authentication: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/320 Viktor Gurov
01:18 AM Feature #12213 (Resolved): Support SHA-256 hash NTP authentication: Many vendors also support SHA256 NTP authentification:
Juniper - MD5, SHA1, SHA256
Huawei - MD5, SHA256
Palo Alto ... Viktor Gurov
07:49 AM Bug #12212 (Pull Request Review): Disabled IPsec VTI interfaces are always created: Jim Pingle
01:10 AM Bug #12212: Disabled IPsec VTI interfaces are always created: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/319 Viktor Gurov
01:08 AM Bug #12212 (Resolved): Disabled IPsec VTI interfaces are always created: Regardless of the enable/disable checkbox IPsec PH2 VTIs are always created (see ifconfig output) Viktor Gurov
07:34 AM Bug #12211 (Feedback): Email Notifications not working with Special Characters in Password: Mail is sent using the PHP Pear Mail library which in turn uses PHP Pear Net_SMTP to handle the SMTP connection inclu... Jim Pingle
07:16 AM Bug #9058: Kernel panic during L2TP retransmit: Bianco Veigel wrote in #note-33:
> I've upgraded to 2.6.0-DEVELOPMENT built on Wed Aug 04 01:14:35 EDT 2021 and it c... Renato Botelho
02:35 AM Bug #9058: Kernel panic during L2TP retransmit: I've upgraded to 2.6.0-DEVELOPMENT built on Wed Aug 04 01:14:35 EDT 2021 and it crashed again. The crash dumps are at... Bianco Veigel
05:54 AM Bug #6370 (Confirmed): IPSEC bound to WAN gateway group and Dynamic DNS doesn't to fail back tunnel to WAN on DDNS update: I see the same issue on 21.05 Viktor Gurov
04:39 AM pfSense Docs Todo #12214 (New): Inconsistent usage of GUI/WebGUI/webConfigurator: The GUI is talked about in earlier pages of the documentation as being known as WebGUI
The page detailing "Connect... David Boo
01:20 AM Feature #8794: NTP authentication support: Ansley Barnes wrote in #note-10:
> Is it possible to add the option for SHA256 authentication? The underlying NTPd v... Viktor Gurov

08/04/2021

09:15 PM Revision 6bdf2d74: Increase the number of logs we are keeping: Brad Davis
08:58 PM Bug #12211 (Closed): Email Notifications not working with Special Characters in Password: I have tested this and confirmed with two different gmail accouts.
an account has a ! is password. This account fa... mr rosh
08:41 PM Revision 65fc53d1: Remove a trailing \r that prevents s3 rm from working: Brad Davis
07:42 PM Revision 0ef74a74: missing space in function parameters: lufte grof
07:25 PM Revision a70d6132: Use the cached gateways_status in gateway_info_popup() call: lufte grof
07:13 PM Revision f8993f22: Inline presentation instead of print/echo in PHP: lufte grof
05:29 PM Revision dafe25ea: Ensure ACB config section exists: Steve Beaver
05:25 PM Revision 1dd1832f: Install ACB cron job on upgrade: Steve Beaver
05:10 PM Revision b7ab1742: Set the output format to avoid \r on line endings preventing log files from being deleted: Brad Davis
02:40 PM Bug #11843 (Closed): Potential XSS vulnerability in Captive Portal ``redirurl`` handling: I can no longer reproduce the problem on 2.6.0 or 21.05.1. Jim Pingle
12:32 PM Feature #12193: AutoConfigBackup performance improvements: ACB cron job is now installed on config upgrade if ACB is enabled. Anonymous
11:55 AM pfSense Plus Bug #12200: 32-bit ARM performance regression: Formatting / updating subject for release notes. Jim Pingle
10:25 AM pfSense Plus Bug #12200 (Resolved): 32-bit ARM performance regression: Scott Long
10:25 AM pfSense Plus Bug #12200 (Resolved): 32-bit ARM performance regression: Based on reports from users and from internal testing, we determined that there was a performance regression on the S... Scott Long
11:50 AM pfSense Packages Bug #12206 (Resolved): Certificate Manager page doesn't show Net-SNMP used certificates: On the system_certmanager.php page, you can see the "In Use" column which reflects the certificates used by IPsec/Ope... Viktor Gurov
11:48 AM pfSense Packages Bug #12205 (Resolved): Certificate Manager page doesn't show Squid used certificates: On the system_certmanager.php page, you can see the "In Use" column which reflects the certificates used by IPsec/Ope... Viktor Gurov
11:47 AM pfSense Packages Bug #12204 (Resolved): Certificate Manager page doesn't show Syslog-NG used certificates: On the system_certmanager.php page, you can see the "In Use" column which reflects the certificates used by IPsec/Ope... Viktor Gurov
11:43 AM pfSense Docs Todo #12203 (Rejected): Feedback on Releases — 21.05 New Features and Changes: That isn't widespread enough to warrant giving it that kind of attention and it is not a recent regression.
None o... Jim Pingle
11:39 AM pfSense Docs Todo #12203 (Rejected): Feedback on Releases — 21.05 New Features and Changes: *Page:* https://docs.netgate.com/pfsense/en/latest/releases/21-05.html
*Feedback:*
Add info about #11545 regres... Viktor Gurov
11:10 AM Bug #12198 (Pull Request Review): Disabling an IPsec phase 1 entry does not disable related phase 2 entries: Jim Pingle
11:07 AM Bug #12198: Disabling an IPsec phase 1 entry does not disable related phase 2 entries: Jim Pingle wrote in #note-2:
> IMO, the P2s should not get their own disabled flag set in this case. The code should... Viktor Gurov
09:52 AM Bug #12198: Disabling an IPsec phase 1 entry does not disable related phase 2 entries: IMO, the P2s should not get their own disabled flag set in this case. The code should assume they are disabled if the... Jim Pingle
08:42 AM Bug #12198 (Resolved): Disabling an IPsec phase 1 entry does not disable related phase 2 entries: How to reproduce:
1) Create IPsec PH1 with several PH2 VTI entries
2) Toggle "disable" button on the vpn_ipsec.php ... Viktor Gurov
11:08 AM Bug #11909 (Pull Request Review): Output from reboot process is printed on Backup & Restore page when restoring a configuration file: Jim Pingle
10:16 AM Bug #11909: Output from reboot process is printed on Backup & Restore page when restoring a configuration file: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/317 Viktor Gurov
11:07 AM Bug #12202 (Resolved): When a CARP VIP VHID change is synchronized to a secondary node, the CARP VIP is removed from the interface and the old VHIDs remain active: Set up a CARP VIP between two nodes.
Primary:... Chris Linstruth
10:30 AM pfSense Plus Todo #12201 (Closed): Native hardware package builds for 32-bit ARM: Adding for tracking purposes, this is already complete.
Items from the packages repository included in base and as... Jim Pingle
09:58 AM Feature #11750 (Pull Request Review): Support for network interfaces using the ``qlnxe`` driver: Jim Pingle
09:44 AM Feature #11750: Support for network interfaces using the ``qlnxe`` driver: module support:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/316 Viktor Gurov
09:53 AM Bug #12199 (Not a Bug): ipsec pre-shared keys are stored in cleartext: https://docs.netgate.com/pfsense/en/latest/backup/password-security.html Jim Pingle
09:49 AM Bug #12199 (Not a Bug): ipsec pre-shared keys are stored in cleartext: If one adds a pre-shared key via VPN -> IPSec -> Pre-Shared Keys, these keys are visible and stored in cleartext.
Pl... Stefan Bauer
08:10 AM Feature #12194 (Pull Request Review): Support Check IP services which return bare IP address values: Jim Pingle
12:14 AM Feature #12194: Support Check IP services which return bare IP address values: https://github.com/pfsense/pfsense/pull/4512 Viktor Gurov
12:14 AM Feature #12194 (Resolved): Support Check IP services which return bare IP address values: I wanted to be able to use Check IP Services other than DynDNS.
Most Check IP Services respond only with an IP.
f... Viktor Gurov
08:09 AM Bug #12197 (Pull Request Review): Mobile IPsec phase 1 should not display "Gateway duplicates" option: Jim Pingle
05:56 AM Bug #12197: Mobile IPsec phase 1 should not display "Gateway duplicates" option: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/315 Viktor Gurov
04:54 AM Bug #12197 (Resolved): Mobile IPsec phase 1 should not display "Gateway duplicates" option: There is no need in "Gateway duplicates" option (#10214) for Mobile IPsec tunnels as they always work in "Responsive ... Viktor Gurov
08:07 AM Regression #11447 (Pull Request Review): EAP-RADIUS Mobile IPsec clients with RADIUS-assigned addresses do not get additional configuration attributes: Jim Pingle
05:52 AM Regression #11447: EAP-RADIUS Mobile IPsec clients with RADIUS-assigned addresses do not get additional configuration attributes: revert to pre-2.5 style (attr in strongswan.conf) which works fine:
https://gitlab.netgate.com/pfSense/pfSense/-/mer... Viktor Gurov
08:03 AM Todo #10298 (Pull Request Review): Use SHA-512 for user password hashes: Jim Pingle
03:40 AM Todo #10298: Use SHA-512 for user password hashes: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/313 Viktor Gurov
07:57 AM Bug #12196 (Pull Request Review): IPsec settings fail to apply when a remote gateway is set to an FQDN and there are no DNS servers available: Jim Pingle
12:58 AM Bug #12196: IPsec settings fail to apply when a remote gateway is set to an FQDN and there are no DNS servers available: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/312 Viktor Gurov
12:55 AM Bug #12196 (Resolved): IPsec settings fail to apply when a remote gateway is set to an FQDN and there are no DNS servers available: How to reproduce:
1) Disable DNS servers or configure non-existent DNS servers on the System / General Setup page;
... Viktor Gurov
07:57 AM Bug #12195 (Pull Request Review): IPsec writes CRL files when tunnel does not use certificates: Jim Pingle
12:25 AM Bug #12195: IPsec writes CRL files when tunnel does not use certificates: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/311 Viktor Gurov
12:19 AM Bug #12195 (Resolved): IPsec writes CRL files when tunnel does not use certificates: @ipsec_setup_secrets()@ always writes CRL files, even if there is no PH1 cert authentication (PSK-only) Viktor Gurov
07:53 AM Bug #12174 (Pull Request Review): Firewall rule tabs load slowly when many rules on the tab utilize gateways: Jim Pingle
01:00 AM Bug #12026: Applying IPsec settings for many tunnels is slow or times out: New issues: #12195 and #12196 Viktor Gurov

08/03/2021

05:23 PM Revision e4a2bd9b: Fix selector: Steve Beaver
05:12 PM Revision 5ae46c60: Completes #12193. Ready for testing. Revert only this commit to go back to old ACB system.: Steve Beaver
03:20 PM Revision 90574ebd: Delete unsupported backups: Steve Beaver
03:18 PM Revision 0a74e0dd: Prototype cron script to upload ACB backups per #12193: Steve Beaver
03:16 PM Revision 28cb1a27: Fix OpenVPN CA/CRL cleanup. Fixes #12192: Jim Pingle
02:34 PM Revision 4e24b1fb: Validate gpsport. Fixes #12191: (cherry picked from commit bf21f67bbe2d1694ad1ad72728623dded9ace426) Jim Pingle
02:33 PM Revision bf21f67b: Validate gpsport. Fixes #12191: Jim Pingle
01:42 PM Feature #11374: WireGuard Status in GUI: Would you please consider adding WG to the Available Widgets as part of this ticket ? Yuri Weinstein
01:15 PM Bug #9058: Kernel panic during L2TP retransmit: Bianco Veigel wrote in #note-31:
> Is there anything I can do, to help you fix this? I'm still hitting this bug regu... Renato Botelho
12:11 PM Feature #12193 (Feedback): AutoConfigBackup performance improvements: * When time based backups are selected, and no minutes value provided, a random value is generated and presented to t... Anonymous
10:16 AM Feature #12193 (Resolved): AutoConfigBackup performance improvements: This feature requires two main changes:
# ACB backups from systems we don't allow (pfBlocker, snort, minicron etc) s... Anonymous
10:25 AM Bug #12192 (Feedback): OpenVPN does not clean up previous CA and CRL files: Applied in changeset commit:28cb1a275654001866037928c65bb15471e86d60. Jim Pingle
10:15 AM Bug #12192 (Confirmed): OpenVPN does not clean up previous CA and CRL files: Jim Pingle
09:43 AM Bug #12192 (Resolved): OpenVPN does not clean up previous CA and CRL files: Create a Peer to Peer (SSL/TLS) with Peer Certificate Authority One. After saving change the Peer Certificate Autho... Rafael Grothmann
09:40 AM Bug #12191 (Feedback): File overwrite in ``services_ntpd_gps.php`` via ``gpsport`` parameter: Applied in changeset commit:bf21f67bbe2d1694ad1ad72728623dded9ace426. Jim Pingle
09:09 AM Bug #12191 (Resolved): File overwrite in ``services_ntpd_gps.php`` via ``gpsport`` parameter: The @gpsport@ parameter is not validated properly when set in @services_ntpd_gps.php@ or during NTP setup in @service... Jim Pingle

08/02/2021

11:04 PM Revision 85ea410d: Bug #12174 - rename gw_table to gw_info: lufte grof
10:58 PM Revision c79b9cfe: Bug #12174 - cache results from gateway_info_popup function: lufte grof
08:07 PM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: That would not make a difference in this case unfortunately - the IGDv2 issue was fixed long ago and has its own redm... Marcos M
06:19 PM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: Have you guys tried manually adding
force_igd_desc_v1=yes
to the config located at
/var/etc/miniupnpd.conf
Just loo... Greg Wallace
07:53 PM Revision 021ffa03: IPsec identifier type updates. Implements #12044: Correct names to reflect what the actual types are (e.g. Distinguished
name is really FQDN)
Add an explicit "auto" t... Jim Pingle
06:32 PM Revision a3d2c861: Add P2 Keep Alive function. Implements #12169: Works for VTI and Tunnel mode. Checks every 5 minutes if the P2 is connected and
initiates if it doesn't.
Since a fa... Jim Pingle
06:29 PM Bug #12174: Firewall rule tabs load slowly when many rules on the tab utilize gateways: https://github.com/pfsense/pfsense/pull/4535 lufte grof
05:01 PM Bug #12174: Firewall rule tabs load slowly when many rules on the tab utilize gateways: Ok, I'll work on a PR.
I took what you said and applied it. My latest doesn't touch guiconfig.inc. Instead, fire... lufte grof
02:49 PM Bug #12174 (In Progress): Firewall rule tabs load slowly when many rules on the tab utilize gateways: The main problems with that are:
* You're moving too much of that logic onto the page and out of the include file.... Jim Pingle
02:39 PM Bug #12174: Firewall rule tabs load slowly when many rules on the tab utilize gateways: Jim Pingle wrote in #note-2:
> Applied in changeset commit:87011dce1fe88ad48c098d6b6804add53cf64084.
Hi, Jim. Ap... lufte grof
05:45 PM Feature #6626: Support for IPv6 firewall entries with dynamic delegated prefix and static host address: I opened Feature #12190 to address the remaining issues/considerations.
https://redmine.pfsense.org/issues/12190 Greg Wallace
05:44 PM Feature #12190 (New): Ability to use an IPv6 prefix in firewall rules: Many users have internet connections with a dynamic ipv6 prefix (a real joy). Currently firewall rules can only refe... Greg Wallace
05:16 PM Feature #12169 (In Progress): IPsec keep alive option to initiate phase 2 without using ICMP: Almost certainly since this just checks if a P2 with the option checked it enabled and disconnected. If so, it trigge... Jim Pingle
04:37 PM Feature #12169: IPsec keep alive option to initiate phase 2 without using ICMP: Currently after a gateway comes back up, @check_reload_status@ will run "Restarting ipsec tunnels". This is not trigg... Marcos M
01:40 PM Feature #12169 (Feedback): IPsec keep alive option to initiate phase 2 without using ICMP: Applied in changeset commit:a3d2c8617ae7d9cabc6ce37cf8d1202b6c58f6df. Jim Pingle
04:54 PM Revision cbd2aad1: Fix IPsec buttons for Connecting. Fixes #12189: Status page was showing a connect button for tunnels which were already
connecting. It now shows a disconnect button ... Jim Pingle
03:47 PM Todo #10298: Use SHA-512 for user password hashes: (SHA-512 so it matches FreeBSD) Brad Davis
03:44 PM Todo #10298: Use SHA-512 for user password hashes: Can you implement this and switch to SHA-512? Brad Davis
03:05 PM Todo #12044 (Feedback): Improve IPsec identifier settings: Applied in changeset commit:021ffa0316b05618726243489ad44de91a8c57c4. Jim Pingle
02:42 PM Revision dd4ea276: Fix title length: ilmarranen alex
12:08 PM Bug #6624: changes in IPsec config should down the connection: This is going to take a bit more thought yet. Some factors make it more complicated than it seems on the surface:
... Jim Pingle
12:05 PM Bug #12189 (Feedback): IPsec status shows connect buttons while tunnel is connecting: Applied in changeset commit:cbd2aad16d97284280daf584fb713a2c6c3e5249. Jim Pingle
11:57 AM Bug #12189: IPsec status shows connect buttons while tunnel is connecting: Widget showed a disconnect button already. It showed P1 as connected, however, but if that's not expected that is goi... Jim Pingle
11:52 AM Bug #12189 (Resolved): IPsec status shows connect buttons while tunnel is connecting: When a tunnel is in the "Connecting" state, the IPsec status page at status_ipsec.php shows two connect buttons, when... Jim Pingle
12:04 PM Revision b751eaa9: Fix double encoding. Fixes #12186: The values in these arrays are already encoded, no need to do it again. Jim Pingle
09:21 AM Regression #11910: IPsec status tunnel descriptions are incorrect: Charles Hamilton wrote in #note-18:
> It seems this also prevents newly-added tunnels from coming up _unless_ the VT... Jim Pingle
08:40 AM Regression #11910: IPsec status tunnel descriptions are incorrect: It seems this also prevents newly-added tunnels from coming up _unless_ the VTI is disabled. Do we have an ETA on a f... Charles Hamilton
09:04 AM pfSense Packages Bug #12188: client export breaks multi remote configurations: A patch was posted:
https://sourceforge.net/p/openvpn/mailman/openvpn-devel/thread/20210802133127.25000-1-gert%40gre... Pippin MMD
08:15 AM pfSense Packages Bug #12188: client export breaks multi remote configurations: OpenVPN devs were/are aware of this and is currently being looked at.
Maybe a solution is near :)
Pippin MMD
05:19 AM pfSense Packages Bug #12188 (New): client export breaks multi remote configurations: https://forum.netgate.com/topic/165560/1-2-bug-client-export-openvpn-ras-udp-server
Hi,
as stated in above foru... Jens Groh
07:21 AM Bug #12164 (Pull Request Review): IPv6 policy routing does not work if an IPsec tunnel phase 2 remote network is configured for ``::/0``: Jim Pingle
07:19 AM Bug #11337 (Pull Request Review): Interface column empty in list of GIF tunnels when using IP Alias on CARP VIP as Interface: Jim Pingle
07:17 AM Bug #12026: Applying IPsec settings for many tunnels is slow or times out: Viktor Gurov wrote in #note-6:
> * 2. `ipsec_setup_secrets()` - always writes CRL files, even if there is no PH1 cer... Jim Pingle
07:13 AM Bug #12185 (Rejected): rx and tx queues: This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
07:12 AM Regression #12183: Changing MAC address for PPP parent interface stopped working: That was changed in #11387 to prevent the field from being set on interfaces which don't have MAC addresses.
In yo... Jim Pingle
07:10 AM Regression #12186 (Feedback): tags shown in Status>IPsec: Applied in changeset commit:b751eaa9d062573675689ed3ea4d66a7f1eb405b. Jim Pingle
07:05 AM Feature #4496 (Closed): IPv6 outbound NAT support: Jim Pingle
03:49 AM Feature #4496: IPv6 outbound NAT support: Upon closer inspection, NAT over IPv6 is working.
Cloudflare Warp+ advertises not hiding IP addresses and it does ... Richard Yao
02:17 AM Feature #4496: IPv6 outbound NAT support: Dmitriy K wrote in #note-3:
> afaik, NPt does this, no?
Sadly, NPt does not work for my use case. I have a situation... Richard Yao

08/01/2021

07:15 PM Feature #8365: Button to copy rules from one interface to another: This is a pretty important feature for big corp networks with several vlans. Still no progress on it after three years?? RED SKULL
05:16 AM Bug #9595: OpenVPN does not resync when running on a gateway group: There has been a regression introduced in the latest changes of the pfSense codebase that have caused this bug to rea... James Webb

07/31/2021

08:04 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: >consistently will not start on its own after reboot and crashes with a sig 10
Signal 10 with Snort is a different... Steve Y
07:29 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: On reboot testing with 21.05.1 I'm able to consistently get snort to crash after a reboot. The service started norma... Kris Phillips
07:20 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: Tested on SG-3100 on 21.05.1 of pfSense Plus built on July 30th. With blocking mode enabled and running snort I'm un... Kris Phillips
06:50 PM pfSense Packages Bug #12030: Startup Errors for Avahi Package: Tested in 21.05.1 and this is still a present error:
WARNING: No NSS support for mDNS detected, consider installin... Kris Phillips
06:40 PM Bug #12102: Prevent using OpenVPN "Exit Notify" option with point-to-point modes: This default option problem is still present in 21.05.1. Kris Phillips
06:13 PM Regression #12187 (Rejected): Outbound LAN rule no longer working: Not enough information here to classify it as a bug. Post on the forum and include specific details such as the entir... Jim Pingle
04:49 PM Regression #12187 (Rejected): Outbound LAN rule no longer working: I just realized that after a 2.5.2 upgrade a rule I had in place no longer works.
- I have Dual ISPS
- I have high ... Arnold Fredson
05:59 PM Regression #12186 (Confirmed): tags shown in Status>IPsec: Jim Pingle
04:10 PM Regression #12186 (Resolved): tags shown in Status>IPsec: In the latest build of 2.6 tags are being displayed when there are multiple P2 networks. I have produced this in... Max Leighton
05:58 PM Bug #6275 (Resolved): Disconnected IPsec phase 2 entries are not shown in IPsec status: Jim Pingle
04:05 PM Bug #6275: Disconnected IPsec phase 2 entries are not shown in IPsec status: Tested in
2.6.0-DEVELOPMENT (amd64)
built on Sat Jul 31 01:15:09 EDT 2021
FreeBSD 12.2-STABLE
I now see the ... Max Leighton
05:57 PM Bug #11552 (Resolved): Incorrect phase 2 entry removed when deleting multiple items consecutively: Jim Pingle
01:33 PM Bug #11552: Incorrect phase 2 entry removed when deleting multiple items consecutively: Tested in
2.6.0-DEVELOPMENT (amd64)
built on Sat Jul 31 01:15:09 EDT 2021
FreeBSD 12.2-STABLE
Repeating Jim'... Max Leighton
01:19 PM Revision a86ab279: Small fixes for expiredays comparing: ilmarranen alex
01:17 PM Revision 4ed695f2: Add setting for ignore revoked certificates. Fix Bug #12109: ilmarranen alex
12:52 PM pfSense Packages Bug #11993 (Resolved): PHP error after disabling HAProxy: The issue was on the haproxy-devel 0.62_3 version.
Tested on the haproxy-devel 0.62_4 version. There are no any err... Danilo Zrenjanin
12:42 PM Revision 948c631e: Prevent ::\0 from becoming part of negate_networks: Sietse van Zanen
12:30 PM Revision b2e3ba07: Merge branch 'pfsense:master' into master: ilmarranen alex
09:06 AM pfSense Packages Regression #12143 (Resolved): frr 1.1.0_12 package won't save OSPF settings unless entry exists in OSPF Networks: Tested on the frr 1.1.0_13 package. It works fine.
The ticket can be resolved. Danilo Zrenjanin
07:48 AM Bug #12164: IPv6 policy routing does not work if an IPsec tunnel phase 2 remote network is configured for ``::/0``: https://github.com/pfsense/pfsense/pull/4534
It is not ok to require end users who are not usually software develope... Sietse van Zanen
04:16 AM Bug #11337: Interface column empty in list of GIF tunnels when using IP Alias on CARP VIP as Interface: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/310 Viktor Gurov
12:43 AM Bug #12026: Applying IPsec settings for many tunnels is slow or times out: Jim Pingle wrote in #note-5:
> Applied in changeset commit:bec6dcfbbef4832b34d47ca60b0671b23dc185d8.
* 1. `ipsec_... Viktor Gurov
12:32 AM pfSense Plus Bug #11626: Google LDAP connections fail due to lack of SNI for TLS 1.3: Philipp Wagner wrote in #note-9:
> * In theory: Disable server certificate validation, which then accepts the self-s... Viktor Gurov

07/30/2021

11:30 PM Bug #12185 (Rejected): rx and tx queues: i am useing intel x520 10g nic with 24 core cpu but rx and tx queues not above 16 please tell me solution to extend q... adeel altaf
10:36 PM Feature #12184: GUI options to configure IKE retransmission behavior: The restransmit options could be put under "VPN / IPsec / Advanced Settings". Marcos M
10:35 PM Feature #12184 (Resolved): GUI options to configure IKE retransmission behavior: When using IKEv2, @dpd_timeout@ is ignored and instead the global @charon.retransmit_*@ is used to determine the time... Marcos M
07:45 PM pfSense Packages Bug #11847: Filters not applied to PEER Groups: Prefix filter is not showing up in configuration file if there is no added neighbor

router bgp 61000
no bgp ne... Alhusein Zawi
07:38 PM Regression #12183 (Confirmed): Changing MAC address for PPP parent interface stopped working: mac address tab not showing in pppoe client interface i want to spoof my mac please tell me solution already showing ... adeel altaf
07:27 PM Revision 87011dce: Cache gw status for rules. Fixes #12174: Don't fetch a new gateway status for every rule. Fetch it once and use
it for the entire page load. Jim Pingle
05:32 PM Revision bec6dcfb: IPsec updates to address multiple issues: * Configure/apply code changes.
* Vast performance increase. Fixes #12026
* Changed connection naming to be easie... Jim Pingle
02:56 PM Revision 005ac9d7: Merge branch 'pfsense:master' into master: ilmarranen alex
02:50 PM pfSense Docs Todo #12182 (Closed): Update IPsec to match recent changes: I made significant IPsec changes in https://redmine.pfsense.org/projects/pfsense/repository/1/revisions/bec6dcfbbef48... Jim Pingle
02:40 PM Bug #12174 (Feedback): Firewall rule tabs load slowly when many rules on the tab utilize gateways: Applied in changeset commit:87011dce1fe88ad48c098d6b6804add53cf64084. Jim Pingle
02:37 PM Feature #2456: Option to choose default tab in IPsec status Dashboard widget: I split (b) off into #12181 so this issue can remain open for the first request (a), the ability to configure a defau... Jim Pingle
02:19 PM Feature #2456: Option to choose default tab in IPsec status Dashboard widget: (b) has been implemented now in 2.6.0/21.09. See commit:bec6dcfbbef4832b34d47ca60b0671b23dc185d8 Jim Pingle
02:36 PM Feature #12181 (Resolved): Add connect/disconnect buttons to IPsec dashboard widget: Split from #2456
In the tunnel tab of the IPsec widget, add a mechanism to connect or disconnect tunnels
Alrea... Jim Pingle
01:32 PM pfSense Plus Bug #11626: Google LDAP connections fail due to lack of SNI for TLS 1.3: Thanks for tracking that down!
The main problem now is that OpenLDAP 2.5 isn't currently available in the FreeBSD ... Jim Pingle
01:09 PM pfSense Plus Bug #11626: Google LDAP connections fail due to lack of SNI for TLS 1.3: I have the same issue when setting up Google's "Secure LDAP" as user directory and did a bit more digging. Here's my ... Philipp Wagner
01:06 PM Feature #12169: IPsec keep alive option to initiate phase 2 without using ICMP: The other work is done, so this can proceed. See commit:bec6dcfbbef4832b34d47ca60b0671b23dc185d8 Jim Pingle
12:45 PM Bug #11552 (Feedback): Incorrect phase 2 entry removed when deleting multiple items consecutively: Applied in changeset commit:bec6dcfbbef4832b34d47ca60b0671b23dc185d8. Jim Pingle
11:44 AM Bug #11552: Incorrect phase 2 entry removed when deleting multiple items consecutively: Updating subject for release notes. Jim Pingle
12:45 PM Bug #6275 (Feedback): Disconnected IPsec phase 2 entries are not shown in IPsec status: Applied in changeset commit:bec6dcfbbef4832b34d47ca60b0671b23dc185d8. Jim Pingle
12:45 PM Regression #11910 (Feedback): IPsec status tunnel descriptions are incorrect: Applied in changeset commit:bec6dcfbbef4832b34d47ca60b0671b23dc185d8. Jim Pingle
12:45 PM Bug #11951 (Feedback): IPsec status fails when many tunnels are connected: Applied in changeset commit:bec6dcfbbef4832b34d47ca60b0671b23dc185d8. Jim Pingle
12:45 PM Bug #12155 (Feedback): Tunnels with conflicting REQID values can lead to multiple identical Child SA entries: Applied in changeset commit:bec6dcfbbef4832b34d47ca60b0671b23dc185d8. Jim Pingle
12:45 PM Bug #12026 (Feedback): Applying IPsec settings for many tunnels is slow or times out: Applied in changeset commit:bec6dcfbbef4832b34d47ca60b0671b23dc185d8. Jim Pingle
12:02 PM Bug #12026: Applying IPsec settings for many tunnels is slow or times out: Updating subject for release notes. Jim Pingle
11:38 AM Revision 7a23eb2e: Only create pkg.pkg.sig if pkg.pkg exists: Renato Botelho
11:37 AM Revision b5641da1: Only create pkg.pkg.sig if pkg.pkg exists: Renato Botelho
10:03 AM pfSense Docs Todo #11536 (Closed): Feedback on Virtual Private Networks — OpenVPN — Controlling Client Parameters via RADIUS: PR merged. Jim Pingle
08:40 AM pfSense Docs Todo #11536 (Pull Request Review): Feedback on Virtual Private Networks — OpenVPN — Controlling Client Parameters via RADIUS: Jim Pingle
06:35 AM pfSense Docs Todo #11536: Feedback on Virtual Private Networks — OpenVPN — Controlling Client Parameters via RADIUS: https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/19 Viktor Gurov
09:41 AM pfSense Packages Bug #10867: squidGuard Package Hangs on Uninstall or Upgrade: Still seeing this in 21.05. The packahe reinstall process stops at Squidguard with:... Steve Wheeler
09:36 AM pfSense Docs Todo #12180 (Closed): Feedback on Virtual Private Networks — IPsec — IPsec Configuration: PR merged. Jim Pingle
09:20 AM pfSense Docs Todo #12180 (Pull Request Review): Feedback on Virtual Private Networks — IPsec — IPsec Configuration: Jim Pingle
08:57 AM pfSense Docs Todo #12180: Feedback on Virtual Private Networks — IPsec — IPsec Configuration: https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/20 Viktor Gurov
08:39 AM pfSense Docs Todo #12180 (Closed): Feedback on Virtual Private Networks — IPsec — IPsec Configuration: *Page:* https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/configure.html#advanced-options
*Feedback:*... Viktor Gurov
08:35 AM Bug #12177 (Pull Request Review): When attempting to delete an in-use alias, input validation only prints the first item using the alias in the error message: Jim Pingle
01:34 AM Bug #12177: When attempting to delete an in-use alias, input validation only prints the first item using the alias in the error message: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/308 Viktor Gurov
01:02 AM Bug #12177 (Resolved): When attempting to delete an in-use alias, input validation only prints the first item using the alias in the error message: If you try to delete a used alias, only the first reference to the alias will be shown in the alert message box:
<pr... Viktor Gurov
08:23 AM Todo #12176 (Pull Request Review): Hide WireGuard interfaces on appropriate pages: See my comment on the PR with a better approach. Jim Pingle
02:02 AM Todo #12176: Hide WireGuard interfaces on appropriate pages: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/309 Viktor Gurov
12:55 AM Todo #12176 (Pull Request Review): Hide WireGuard interfaces on appropriate pages: Todo:
1) Add @tun_wg@ to @is_pseudo_interface()@ list to prevent its use on the DHCP/DHCP6 Relay (#10341) and PPPoE ... Viktor Gurov
08:20 AM Bug #12000 (Resolved): Remote log server input validation allows invalid values: It works fine. It considered my entry as FQDN (192.168.33.33333) and passed the validity check.
The ticket can be ... Danilo Zrenjanin
05:41 AM Bug #12000: Remote log server input validation allows invalid values: Tested on the:... Danilo Zrenjanin
08:02 AM pfSense Packages Feature #12179 (Confirmed): QEMU package: Currently, the qemu-guest-agent can be installed from the console. It works fine.
https://redmine.pfsense.org/issues... Danilo Zrenjanin
06:58 AM pfSense Packages Bug #12178: WireGuard always shows 'Configuring WireGuard tunnels...done.' message on boot: easy fix, I can get that into next release Christian McDonald
03:32 AM pfSense Packages Bug #12178 (New): WireGuard always shows 'Configuring WireGuard tunnels...done.' message on boot: WireGuard pkg always shows "Configuring WireGuard Tunnels...done." on boot, whether any tunnels are configured or not... Viktor Gurov
02:46 AM Feature #9877 (Resolved): QEMU Guest Agent: Installed sucesefully qemu-guest-agent on the:... Danilo Zrenjanin
12:59 AM pfSense Packages Todo #12175: Error after enable DHCP on Wiregurd: Great ! Yuri Weinstein
12:56 AM pfSense Packages Todo #12175: Error after enable DHCP on Wiregurd: Yuri Weinstein wrote in #note-4:
> It’d be great to make this impossible to use then
see #12176 Viktor Gurov

07/29/2021

07:57 PM Revision 3337381a: Add REPO_ACCEPT_LEGACY_PKG to fix pkg sign: Renato Botelho
07:56 PM Revision 7f607a8f: Create a pkg bootstrap signature symlink: (cherry picked from commit 9ad8ac15f6edb552251fb214f9d6efa52febd5db) Renato Botelho
04:47 PM pfSense Packages Bug #12088: Setting Advertise Capability to ORF leads to invalid configuration preventing frr from starting: fixed
selecting ORF (GUI) is added to configuration file :
neighbor 172.17.99.11 capability orf prefix-list b... Alhusein Zawi
03:54 PM Bug #12170: Interface assignment mismatch is not detected if VLAN-only parent interface is removed: That is not the philosophy taken by pfSense for other interfaces, and it won't be changed here. There are other open ... Jim Pingle
03:14 PM Bug #12170: Interface assignment mismatch is not detected if VLAN-only parent interface is removed: @Jim,
I object !!
- I am very glad that the system was still running even with the defect x520. That allowed t... Louis B
07:25 AM Bug #12170 (Pull Request Review): Interface assignment mismatch is not detected if VLAN-only parent interface is removed: Jim Pingle
03:08 AM Bug #12170: Interface assignment mismatch is not detected if VLAN-only parent interface is removed: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/306 Viktor Gurov
02:56 PM Revision 7fb96c6c: Revert "Show result of pkg sign command to make it easier to debug": This reverts commit d796e0af08457ba75ad708b8a04e4dcfe70bbba3. Renato Botelho
01:22 PM Bug #9058: Kernel panic during L2TP retransmit: Is there anything I can do, to help you fix this? I'm still hitting this bug regularly (up to multiple times per day)... Bianco Veigel
01:13 PM pfSense Packages Todo #12175: Error after enable DHCP on Wiregurd: It’d be great to make this impossible to use then Yuri Weinstein
01:00 PM pfSense Packages Todo #12175: Error after enable DHCP on Wiregurd: Todo: Consider this case when working on improvements to base for better handling pseudo-interface types. Christian McDonald
12:56 PM pfSense Packages Todo #12175 (Rejected): Error after enable DHCP on Wiregurd: This is not a bug. WireGuard is a layer3 tunnel. DHCP operates at layer2. Disable DHCP on your WireGuard interfaces.
... Christian McDonald
12:37 PM pfSense Packages Todo #12175 (Rejected): Error after enable DHCP on Wiregurd: After enabling Wireguard DHCP server, I see error loading DHCP, red status and in the log php-fpm error:... Yuri Weinstein
11:58 AM Bug #12174: Firewall rule tabs load slowly when many rules on the tab utilize gateways: A quick look at the code tells me this is likely the same root cause as what is making the IPsec status and apply pro... Jim Pingle
11:26 AM Bug #12174 (Resolved): Firewall rule tabs load slowly when many rules on the tab utilize gateways: firewall_rules.php is slow to load for interfaces that have numerous rules utilizing the gateway field for policy-bas... lufte grof
09:16 AM Bug #11675 (Resolved): VLAN and QinQ edit pages allows selecting incompatible OpenVPN ``tun`` interfaces: Tested on:... Danilo Zrenjanin
07:27 AM Bug #12173 (Pull Request Review): IPv6 RA DNSSL lifetime is too short, not compliant with RFC 8106: Jim Pingle
03:39 AM Bug #12173: IPv6 RA DNSSL lifetime is too short, not compliant with RFC 8106: fixes:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/307 Viktor Gurov
06:35 AM Bug #12041 (Resolved): Certificate Manager shows incorrect DN for imported entries with UTF-8 encoding: Tested on the:... Danilo Zrenjanin
06:28 AM Bug #12023 (Resolved): Mobile IPsec NAT/BINAT entries missing from firewall rules: Tested on the:... Danilo Zrenjanin
12:30 AM pfSense Docs Todo #12018 (Closed): Feedback on Firewall — Configuring firewall rules: merged Viktor Gurov

07/28/2021

10:07 PM Bug #12173 (Resolved): IPv6 RA DNSSL lifetime is too short, not compliant with RFC 8106: This issue is almost exactly the same as issue 11105 [1] but for the DNSSL setting.
The 'AdvDNSSLLifetime' value i... Andrew W
09:20 PM Feature #11047: Add Encryption Password suggestions and Restriction: Jim Pingle wrote in #note-2:
> That is way too much text to add to the GUI. There is a help link if anyone wants to ... Sergei Shablovsky
07:03 PM Revision 9ad8ac15: Create a pkg bootstrap signature symlink: Renato Botelho
03:20 PM Regression #12172 (Pull Request Review): OpenVPN Wizard configuration missing recently added default values: Jim Pingle
11:39 AM Regression #12172: OpenVPN Wizard configuration missing recently added default values: fix for @ncp_enable@ value:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/305
but I cannot reproduc... Viktor Gurov
10:56 AM Regression #12172 (Resolved): OpenVPN Wizard configuration missing recently added default values: After generating an RA OpenVPN Server configuration through the wizard, @config.xml@ contains the following:... Marcos M
03:20 PM pfSense Packages Bug #12167 (Pull Request Review): BGP TCP setkey not set if neighbor is in peer group: Jim Pingle
04:56 AM pfSense Packages Bug #12167: BGP TCP setkey not set if neighbor is in peer group: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/109 Viktor Gurov
03:17 PM Bug #3948 (Closed): Changing OpenVPN from tun to tap or vice-versa breaks that instance: Jim Pingle
04:37 AM Bug #3948: Changing OpenVPN from tun to tap or vice-versa breaks that instance: no such issue on pfSense 2.6.0.a.20210726.1819:... Viktor Gurov
03:15 PM Todo #11933 (Pull Request Review): PC/SC Smart Card Daemon ``pcscd`` running on all devices at all times, should be optional: Jim Pingle
02:26 AM Todo #11933: PC/SC Smart Card Daemon ``pcscd`` running on all devices at all times, should be optional: hide @pcscd@ from the service list if not enabled:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/304 Viktor Gurov
03:14 PM Bug #12168 (Pull Request Review): 1:1 NAT rule with internal IP address of "Any" results in an invalid firewall rule: Jim Pingle
12:46 AM Bug #12168: 1:1 NAT rule with internal IP address of "Any" results in an invalid firewall rule: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/303 Viktor Gurov
02:47 PM Revision d796e0af: Show result of pkg sign command to make it easier to debug: Renato Botelho
01:26 PM Bug #11552 (In Progress): Incorrect phase 2 entry removed when deleting multiple items consecutively: Jim Pingle
10:31 AM pfSense Plus Bug #11626: Google LDAP connections fail due to lack of SNI for TLS 1.3: This issue open 5 months and still no fix. The stunnel workaround is not a good solution - it only works for gui and ... Michael Mogren
07:30 AM Todo #12171 (Resolved): Upgrade to ``pkg`` 1.17.x: After ports moved to pkg 1.17.x we started seeing issues to sign repositories. I suspect one of the causes is due to... Renato Botelho
12:13 AM pfSense Packages Feature #12165 (Duplicate): NTPsec: Is duplicate of #8149 Viktor Gurov

07/27/2021

02:14 PM Regression #12021: NoIP.com incorrectly encodes Dynamic DNS update credentials: Manually made the change detailed in 4aab19d4ade5d164c22bd63b2833d54bab740d59 and it's working for me now. Greg B
10:59 AM Bug #12095: Memory leak in pcscd: >There looks to be a limit at ~1GB
If you meant a limit for pcscd's RAM usage, I pulled up a few...a 3100 (21.05)... Steve Y

07/26/2021

03:50 PM Bug #12163: WAN interface throughput degradation after send high volume through OpenVPN site-to-site Tunnel: Jim Pingle wrote in #note-1:
> Almost certainly a duplicate of #11778
I doubt it, in my case CPU never exceeded a... Tom Hebert
12:25 PM Bug #12163 (Duplicate): WAN interface throughput degradation after send high volume through OpenVPN site-to-site Tunnel: Almost certainly a duplicate of #11778 Jim Pingle
02:23 PM Bug #12170: Interface assignment mismatch is not detected if VLAN-only parent interface is removed: None of that matters. If the interface is missing when it must be present, the configuration should be rejected as wi... Jim Pingle
02:18 PM Bug #12170: Interface assignment mismatch is not detected if VLAN-only parent interface is removed: Jim,
Note that:
- the interface assignment was completely legal when it was created (the x520 was functioning at ... Louis B
02:07 PM Bug #12170 (Resolved): Interface assignment mismatch is not detected if VLAN-only parent interface is removed: If an interface is used only for VLANs (e.g. it is not assigned directly) and that interface is removed, the system d... Jim Pingle
02:08 PM Feature #12166 (Duplicate): Dashboard Interfaces should show "physical" interface failures: That is a much different issue than the status not reflecting if the underlying interface is down which is what you d... Jim Pingle
02:05 PM Feature #12166: Dashboard Interfaces should show "physical" interface failures: @Jim,
I do not support your reaction. At this very moment my pfSense router its 10 G x520 card is defect and has... Louis B
12:42 PM Feature #12166 (Rejected): Dashboard Interfaces should show "physical" interface failures: I can't reproduce what you're talking about here. If I unplug an interface, the VLANs on that interface also show as ... Jim Pingle
06:39 AM Feature #12166 (Duplicate): Dashboard Interfaces should show "physical" interface failures: *Hello,
Since two days I did have severe network problems. So I did start investigating the problem. One of the fi... Louis B
01:59 PM Feature #6150 (Rejected): Named IPSec entries: Using custom names will cause more problems than it solves.
I'm in the process of doing some work on IPsec which w... Jim Pingle
01:52 PM Bug #6275 (In Progress): Disconnected IPsec phase 2 entries are not shown in IPsec status: This is something I intend to address as a part of the current IPsec changes I'm making. Jim Pingle
01:51 PM Bug #11951 (In Progress): IPsec status fails when many tunnels are connected: I'm working on optimizations for this as a part of ongoing IPsec work, should be solved soon. Jim Pingle
01:47 PM Bug #6624: changes in IPsec config should down the connection: This should be more manageable once my current work is done. The P2 connection IDs will be more predictable and then ... Jim Pingle
01:41 PM Bug #11900 (Duplicate): IPsec tunnels remain active after disabling: Duplicate of #6624 Jim Pingle
01:16 PM Feature #12169: IPsec keep alive option to initiate phase 2 without using ICMP: Also note this should solve what some users see where after some time of a peer being down, a VTI tunnel won't automa... Jim Pingle
01:10 PM Feature #12169 (Resolved): IPsec keep alive option to initiate phase 2 without using ICMP: Currently the IPsec GUI allows users to enter an IP address to ping a remote host as a means to connect a P2 and keep... Jim Pingle
12:44 PM pfSense Packages Bug #12058: pfBlockerNG / "Cannot allocate memory" from Geo blocking IP list: Just a note: this wasn't a one-off. I get this email (just about?) every time I change some firewall setting. Sean McBride
12:35 PM Regression #12052 (Resolved): IPsec status IKE disconnect button drops all connections for the IKE ID, not a specific IKE SA ID: Jim Pingle
08:08 AM Regression #12052: IPsec status IKE disconnect button drops all connections for the IKE ID, not a specific IKE SA ID: The patch works in my 2.5.1 Version. Thanks.
Geovane Geovane Gonçalves
12:33 PM pfSense Packages Feature #11410: adding bpytop (former Bashtop): This is highly unlikely to be added by Netgate staff -- someone in the community will need to create the package and ... Jim Pingle
12:32 PM pfSense Packages Feature #12165: NTPsec: This is a completely different NTP package than what is in base, so either the base ntpd would need to be switched (u... Jim Pingle
12:29 PM Bug #12164 (Rejected): IPv6 policy routing does not work if an IPsec tunnel phase 2 remote network is configured for ``::/0``: Not enough information here to prove it's a bug and this site is not for support or diagnostic discussion.
You nee... Jim Pingle
12:24 PM Todo #11983 (Resolved): Hide "Reboot and run a filesystem check" for ZFS systems: Same is also true on 2.6.0 snapshots. Closing. Jim Pingle
12:22 PM Bug #12026 (In Progress): Applying IPsec settings for many tunnels is slow or times out: I've got some ongoing work I'm doing which is going to conflict with some of that PR. Won't know exactly how badly un... Jim Pingle
12:19 PM Regression #11316: Unbound crashes with signal 11 when reloading: I've imported more patches from upstream and bumped unbound to 1.13.1_3. This version will be available with next ro... Renato Botelho
12:04 PM Bug #12168 (Resolved): 1:1 NAT rule with internal IP address of "Any" results in an invalid firewall rule: # Create a new 1:1 NAT rule
# Choose interface / external subnet IP
# Select @Any@ for Internal IP
# Save/Apply
... Marcos M
08:51 AM pfSense Packages Bug #12167 (Feedback): BGP TCP setkey not set if neighbor is in peer group: When a neighbor is a member of a peer group, with *FRR and setkey Bidirectional* enabled with a password, the setkey ... Chris Linstruth
05:39 AM Feature #12090 (Resolved): Add new Dynamic DNS provider: dy.fi: Renato Botelho

07/25/2021

08:10 PM pfSense Packages Feature #12165 (Duplicate): NTPsec: Some basic info here https://blog.ntpsec.org/2019/01/02/starting-nts.html, https://blog.ntpsec.org/2019/01/02/start... Sergei Shablovsky
05:50 PM pfSense Packages Feature #11410: adding bpytop (former Bashtop): Please, any news ? Sergei Shablovsky
02:43 PM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: IGDv2 is not currently used:... Marcos M
12:35 PM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: Here's something mentioning IGDv2 being the problem in miniupnp, and solving it by reverting to IGDv1:
https://www.re... Jon8RFC .
12:41 PM Bug #12164: IPv6 policy routing does not work if an IPsec tunnel phase 2 remote network is configured for ``::/0``: More important question, where does pfsense get the idea that it should make untransparent unlogged routing decisions? Sietse van Zanen
12:40 PM Bug #12164: IPv6 policy routing does not work if an IPsec tunnel phase 2 remote network is configured for ``::/0``: table <negate_networks> { 10.0.23.0/24 ::/0 }
If I remove ::/0 it works. Where is this table coming from?
Only th... Sietse van Zanen
12:33 PM Bug #12164: IPv6 policy routing does not work if an IPsec tunnel phase 2 remote network is configured for ``::/0``: IPv6 Rule:
<rule>
<id></id>
<tracker>1627229557</t... Sietse van Zanen
12:18 PM Bug #12164: IPv6 policy routing does not work if an IPsec tunnel phase 2 remote network is configured for ``::/0``: in rules.debug:
pass in log quick on $Untrust inet6 proto tcp from $RDEGW01 to <negate_networks> port 25 track... Sietse van Zanen
11:42 AM Bug #12164 (Closed): IPv6 policy routing does not work if an IPsec tunnel phase 2 remote network is configured for ``::/0``: Policy routes through firewall rules do not work for IPv6, traffic is routed through default routes.
Selecting a g... Sietse van Zanen

07/24/2021

11:07 PM Feature #8030: Unbound: Add support for DNS over TLS to internal clients: This feature seems not to be documented here:
https://docs.netgate.com/pfsense/en/latest/services/dns/resolver.htm... Sean McBride
09:13 PM Bug #12141: Lack of DNS or Internet connectivity causes GUI to be slow: Oddly setting the WAN interface of a firewall to None for IPv4 and IPv6 causes no slowness in the webConfigurator. I... Kris Phillips
03:09 PM Bug #12141: Lack of DNS or Internet connectivity causes GUI to be slow: Jim Pingle wrote in #note-3:
> If it's every page load then most likely it's related to authentication settings, lik... Kris Phillips
07:11 PM Bug #12163 (Duplicate): WAN interface throughput degradation after send high volume through OpenVPN site-to-site Tunnel: We have a Netgate 5100 onsite and three remote sites. Two of those sites use Netgate 5100s and the third is running ... Tom Hebert
06:28 PM Todo #11983: Hide "Reboot and run a filesystem check" for ZFS systems: diagnostics>reboot only presents "Normal reboot" and "Reroot" as choices on system using ZFS running 21.09.a.20210723... Jordan G
06:23 PM Feature #12090: Add new Dynamic DNS provider: dy.fi: dynamic dns provider DY.fi appears in drop down list - tested on ver 21.09.a.20210723.0100 Jordan G
03:36 PM Regression #11316: Unbound crashes with signal 11 when reloading: Kris Phillips wrote in #note-61:
> I have been running 21.05 for over a month and haven't seen any unbound crashes a... Jim Pingle
03:07 PM Regression #11316: Unbound crashes with signal 11 when reloading: I have been running 21.05 for over a month and haven't seen any unbound crashes at all on 1.12. We will want to rete... Kris Phillips
03:03 PM pfSense Docs Todo #12162 (Resolved): Add "usb reset" as possible solution for non-booting flash drives on the SG-1100: Recently I've noticed a fair number of customers having issues with multiple flash drives not wanting to boot properl... Kris Phillips
02:07 PM Bug #12161 (Rejected): NAT+Routing+Limiter: Most likely a configuration problem, not a bug.
Please post on the forum at https://forum.netgate.com to discuss a... Jim Pingle
12:11 PM Bug #12161 (Rejected): NAT+Routing+Limiter: in my setup 5 lan interfaces but when am apply limiter queque on one lan interface then all lan interfaces packet los... adeel altaf
12:16 PM Feature #12118 (Resolved): Create a log entry when a configuration change occurs: Tested in
21.09-DEVELOPMENT (arm64)
built on Sat Jul 24 01:10:30 EDT 2021
FreeBSD 12.2-STABLE
And
2.6.0-D... Max Leighton
11:52 AM pfSense Packages Bug #12074 (Resolved): Freeradius: Additional Information field descriptions swapped: Checked in FreeRADIUS 0.15.7_32. Looks good. The descriptions match the correct fields now. Marking the ticket resolved. Max Leighton
11:22 AM Regression #12052: IPsec status IKE disconnect button drops all connections for the IKE ID, not a specific IKE SA ID: Tested in
21.09-DEVELOPMENT (arm64)
built on Sat Jul 24 01:10:30 EDT 2021
FreeBSD 12.2-STABLE
It works. I am a... Max Leighton

07/23/2021

05:39 PM Regression #11316: Unbound crashes with signal 11 when reloading: The most recent 2.5.2 version of pfsense seems to work great. or at least in a way I haven't found a problem.
Thanks... Remo Wylliams
03:27 PM pfSense Packages Regression #12160 (Feedback): An invalid configuration is generated when choosing TLS as the default protocol: PR merged. Jim Pingle
03:22 PM pfSense Packages Regression #12160 (Pull Request Review): An invalid configuration is generated when choosing TLS as the default protocol: Jim Pingle
09:37 AM pfSense Packages Regression #12160: An invalid configuration is generated when choosing TLS as the default protocol: A "pull request":https://github.com/pfsense/FreeBSD-ports/pull/1087 has been created. Markus *
05:11 AM pfSense Packages Regression #12160: An invalid configuration is generated when choosing TLS as the default protocol: A solution has been proposed "here":https://github.com/pfsense/FreeBSD-ports/commit/a5b1eda67c40592e14806a4a4bbdd946f... Markus *
05:07 AM pfSense Packages Regression #12160 (Resolved): An invalid configuration is generated when choosing TLS as the default protocol: This regression was introduced by "this":https://github.com/pfsense/FreeBSD-ports/commit/a5b1eda67c40592e14806a4a4bbd... Markus *
02:42 PM Todo #12145: Convert RAM disks to ``tmpfs``: One additional item I found is needed: In source:usr/local/www/includes/functions.inc.php#L163 @df -Tht@ is executed ... Jim Pingle
02:26 PM Todo #11933 (New): PC/SC Smart Card Daemon ``pcscd`` running on all devices at all times, should be optional: Tested this both on snapshots and on release systems with @afcc0e9c97c1993ae6b95f886665fcb4375d26c7@ applied via syst... Jim Pingle
01:45 PM Regression #11910 (In Progress): IPsec status tunnel descriptions are incorrect: Jim Pingle
01:45 PM Regression #11910: IPsec status tunnel descriptions are incorrect: I managed to reproduce it naturally on a system here and it looks like one way this is happening is due to vtimaps ma... Jim Pingle
01:41 PM Bug #12155 (In Progress): Tunnels with conflicting REQID values can lead to multiple identical Child SA entries: Jim Pingle

07/22/2021

10:52 PM Regression #12021: NoIP.com incorrectly encodes Dynamic DNS update credentials: Works with simple passwords, still does not work with complex ones.
Getting "Response Data: badauth\x0d ". Bug Reporter
03:09 PM Bug #12159 (Resolved): "Default preferred lifetime" router advertisement validation check uses incorrect variable: While checking for post variables, there is a typo which leads to broken functionality.
PR here: https://github.co... Seyfidin Hamraoui
02:28 PM pfSense Packages Bug #8454: Arpwatch package break email notifications from other sources: Ter Ted wrote in #note-11:
> It was very annoying, I don't understand why it can't be fixed.
Agree. It is always ... Beat Siegenthaler
12:26 PM pfSense Plus Bug #11466 (Feedback): PHP exits with signal 11 on SG-3100 when calling PCRE functions: Setting to feedback for now, can mark it resolved once we have new snapshots without the patches that disabled PCRE J... Jim Pingle
12:15 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: Testing against the current 21.09 snapshot the disable-pcrejit patch is no longer required.... Steve Wheeler
12:24 PM pfSense Plus Todo #12004: Disable PCRE JIT to work around PHP PCRE crashes on multi-core 32-bit ARM systems: I reverted the relevant commits since this is no longer necessary. Jim Pingle
12:16 PM pfSense Plus Todo #12004: Disable PCRE JIT to work around PHP PCRE crashes on multi-core 32-bit ARM systems: Testing against the current 21.09 snapshot the disable-pcrejit patch is no longer required.... Steve Wheeler
12:04 PM pfSense Docs Todo #12158 (Closed): Feedback on Installing and Upgrading — Prepare Installation Media — Prepare a USB Memstick: *Page:* https://docs.netgate.com/pfsense/en/latest/install/write-memstick.html
*Feedback:*
Hi, the information ... Henrik Gudat
11:59 AM Bug #12156: Enabling captive portal in high availability sync causes it to crash: From a quick glance at the code I agree -- it's also possible they restored just the captive portal section of a conf... Jim Pingle
11:52 AM Bug #12156 (Closed): Enabling captive portal in high availability sync causes it to crash: It's hard to say what happened here exactly, but this is either a support issue or an edge case (i.e. upgrading from ... Christian McDonald
03:24 AM Bug #12156: Enabling captive portal in high availability sync causes it to crash: Most likely because config was imported from an old version of pfsense (2.0.2), in fact in UI config was blank and I ... Tomas Modenese
10:02 AM pfSense Packages Bug #12137 (Resolved): PHP error after rulesets update: Jim Pingle
09:50 AM pfSense Packages Bug #12137: PHP error after rulesets update: This fix has been merged into both the RELEASE and DEVEL branches via pull request: https://github.com/pfsense/FreeB... Bill Meeks
09:53 AM Bug #12001: System attempts to stop inactive services at shutdown: A fix for this issue has been incorporated into both the Snort and Suricata packages. The pull request (https://githu... Bill Meeks
09:45 AM pfSense Packages Bug #12157 (Resolved): Snort exits with Signal 10 on 32bit ARM platforms: After enabling Snort it fails to start or crashes shortly after logging:... Steve Wheeler
08:11 AM Bug #12026 (Pull Request Review): Applying IPsec settings for many tunnels is slow or times out: Jim Pingle
07:42 AM Regression #11910: IPsec status tunnel descriptions are incorrect: To me, I have some ideas on how to address it. Jim Pingle
07:42 AM Bug #12155: Tunnels with conflicting REQID values can lead to multiple identical Child SA entries: To me, I have some ideas on how to address it. Jim Pingle
05:53 AM pfSense Packages Bug #12083 (Resolved): Lack of OSPF network input validation causes service startup error: Tested with the frr 1.1.0_13.
Input validation works fine. Danilo Zrenjanin
05:28 AM pfSense Packages Bug #12080 (Resolved): Setting a route-map to redistribute in BGP leads to invalid configuration preventing frr from starting: Tested on the frr 1.1.0_13.
It works fine. Danilo Zrenjanin
02:32 AM Bug #12107 (Resolved): Notifications page cannot be saved without configuring or disabling SMTP: Tested on the:... Danilo Zrenjanin

07/21/2021

01:32 PM Bug #12156: Enabling captive portal in high availability sync causes it to crash: I can replicate this with the provided config snippet, but the issue here is that the provided voucher config here is... Christian McDonald
10:02 AM Bug #12156: Enabling captive portal in high availability sync causes it to crash: <voucher>
<charset>2345678abcdefhijkmnpqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ</charset>
<rollbits>16</rollbits>
... Tomas Modenese
09:41 AM Bug #12156 (Feedback): Enabling captive portal in high availability sync causes it to crash: From the code around that point it looks like maybe you have a broken or invalid voucher configuration. Can you attac... Jim Pingle
09:27 AM Bug #12156 (Closed): Enabling captive portal in high availability sync causes it to crash: Hi,
as described in the subject, if i toggle "Captive Portal" option in the High availability menu, the sync between... Tomas Modenese
10:50 AM pfSense Docs Todo #12127 (Closed): Feedback on Releases — 2.5.2 New Features and Changes: Added to the release notes and deployed.
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/05b341f5b2b9f87bd03... Jim Pingle
09:44 AM Bug #12155: Tunnels with conflicting REQID values can lead to multiple identical Child SA entries: Likely related to changes made in #11794 and may also be related to #11910 Jim Pingle
08:41 AM Bug #12155 (Resolved): Tunnels with conflicting REQID values can lead to multiple identical Child SA entries: Testing in 21.05 and 21.09 it's possible to create IPSec tunnels with the same reqid if both VTI and Tunnel mode conn... Steve Wheeler
09:42 AM Bug #12154 (Not a Bug): PPPoE won't reconnect : state change Closed: There isn't enough information here to classify it as a bug, and you also marked the version as "2.4.5-p1" and bug re... Jim Pingle
08:28 AM Bug #12154 (Not a Bug): PPPoE won't reconnect : state change Closed: SG-1100 devices at different locations. The same ISP provides connection via PPPoE at the locations. Recently the Int... David G
09:11 AM Todo #11933: PC/SC Smart Card Daemon ``pcscd`` running on all devices at all times, should be optional: Steve Wheeler wrote in #note-5:
> This option should probably have a warning on it to let users know un-selecting it... Viktor Gurov
08:55 AM Todo #11933: PC/SC Smart Card Daemon ``pcscd`` running on all devices at all times, should be optional: This option should probably have a warning on it to let users know un-selecting it will restart all IPSec tunnels. Steve Wheeler
07:49 AM Bug #8815: IP addresses are removed from interfaces when link is lost and either IPv4 or IPv6 is dynamic: This appears to be due to an interface having *either* IPv4 or IPv6 set to a dynamic type (read: Not static, not 'non... Jim Pingle
07:26 AM pfSense Packages Bug #12126: freeradius3 0.15.7_31: may be related to #11582 #11802 Viktor Gurov
07:25 AM Bug #12151: ``easyrule`` script does not function properly: Tested this against 2.5.2. Looks good. Rules and aliases are created as expected. Steve Wheeler
07:24 AM pfSense Packages Bug #11980 (Feedback): EAP does not work with SQL backend: Viktor Gurov
07:17 AM pfSense Packages Bug #12153 (Pull Request Review): Incorrect Outgoing Network Interface on clean install: Jim Pingle
03:16 AM pfSense Packages Bug #12153: Incorrect Outgoing Network Interface on clean install: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/107 Viktor Gurov
03:08 AM pfSense Packages Bug #12153 (Resolved): Incorrect Outgoing Network Interface on clean install: After a clean installation of the Squid package, Outgoing Network Interface = "LAN"
Should be "Default (auto)" Viktor Gurov
06:46 AM pfSense Packages Feature #11827: Please include acme deploy folder/scripts: +1 for that feature Nicolas Liaudat

07/20/2021

08:38 PM Revision 8d51efb6: Log config changes. Implements #12118: * Add new option to System Log settings to log config changes
* On by default
* Logs the config revision description ... Jim Pingle
06:26 PM Revision 88479de6: Portal logout updates. Fixes #12138: * Change "Connected" page to also include a logout button
* Style page the same way as the login page for a more cons... Jim Pingle
06:18 PM Bug #8815: IP addresses are removed from interfaces when link is lost and either IPv4 or IPv6 is dynamic: This appears to be coupled to the IPv6 setting on the interface that is disconnected.
Testing here against 2.5.2, ... Steve Wheeler
04:24 PM Revision 9fc1648e: Portal Redir URL scheme check. Fixes #11843: * Add support to is_URL() to check that the scheme only matches HTTP or
HTTPS
* Use the new is_URL() feature in Capti... Jim Pingle
04:22 PM Revision c416f6fa: Portal Redir URL scheme check. Fixes #11843: * Add support to is_URL() to check that the scheme only matches HTTP or
HTTPS
* Use the new is_URL() feature in Capti... Jim Pingle
03:47 PM Feature #12118: Create a log entry when a configuration change occurs: As implemented it will log the same description which is added to the configuration already (which shows in the confi... Jim Pingle
03:45 PM Feature #12118 (Feedback): Create a log entry when a configuration change occurs: Applied in changeset commit:8d51efb6b3bd2e826f8d90924c152678eadd06c0. Jim Pingle
02:53 PM Bug #12138: Clicking "logout" on portal page does not function when logout popup is disabled: If testing on 2.5.2, first apply @9fc1648ef349d6a657e29ceb2c3dfb70967adb3f@ then apply @88479de6fa2aedf09972d6eb204f5... Jim Pingle
02:45 PM Bug #12138 (Feedback): Clicking "logout" on portal page does not function when logout popup is disabled: Applied in changeset commit:88479de6fa2aedf09972d6eb204f5ef7567e8616. Jim Pingle
01:59 PM Bug #12138 (In Progress): Clicking "logout" on portal page does not function when logout popup is disabled: Turns out some of the behavior I saw was from an old custom logout page that I forgot I had, which didn't have all th... Jim Pingle
01:40 PM Bug #12144: Bug in ``df -t`` filtering if two filesystems use the same mountpoint: The following is the hack which does the trick for me fwiw:... Mateusz Guzik
01:29 PM Bug #12144: Bug in ``df -t`` filtering if two filesystems use the same mountpoint: This comes from a deficiency in the API exposed to userspace.
Consider the following:... Mateusz Guzik
06:12 AM Bug #12144 (In Progress): Bug in ``df -t`` filtering if two filesystems use the same mountpoint: Mateusz reproduced the issue on stock FreeBSD and will work on a fix Renato Botelho
12:33 PM Revision 41588db3: Ticket #12107: Fix reverse conditional: Follow up 28f1007613 and fix wrong conditional to validate SMTP Server
IP address or FQDN Renato Botelho
12:19 PM Bug #11843 (Feedback): Potential XSS vulnerability in Captive Portal ``redirurl`` handling: Applied in changeset commit:c416f6fab10f149b15a352dfb609f86a98f6103d. Jim Pingle
11:22 AM Bug #11843 (In Progress): Potential XSS vulnerability in Captive Portal ``redirurl`` handling: Reopening since the fix here is not complete. The URL scheme isn't validated here so it is still possible to trigger ... Jim Pingle
12:19 PM Bug #12107: Notifications page cannot be saved without configuring or disabling SMTP: Applied in changeset commit:28f10076133e32b6583ba483bb5e921e32553111. Renato Botelho
06:20 AM Bug #12107 (Feedback): Notifications page cannot be saved without configuring or disabling SMTP: PR has been merged. Thanks! Renato Botelho
12:00 PM Revision 28f10076: Fix #12107: Rework SMTP fields validation: Do not validate SMTP related fields if E-Mail server field is empty. In
this case nothing will be done by notices.in... Renato Botelho
11:20 AM Revision b43cc8e5: System Notifications input validation fix. Issue #12107: Viktor G
11:18 AM Revision afcc0e9c: IPsec PKCS#11 support as an optional feature. Issue #11933: Viktor G
11:00 AM Feature #8520: Option to auto-renew DHCP on interface with an offline gateway or marked as down: The issue described for the reason has been fixed by https://redmine.pfsense.org/issues/9267
The feature request f... Marcos M
10:22 AM Bug #12151 (Pull Request Review): ``easyrule`` script does not function properly: Christian McDonald
10:20 AM Bug #12151: ``easyrule`` script does not function properly: Fixed in https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/302 Christian McDonald
03:51 AM Bug #12151 (Resolved): ``easyrule`` script does not function properly: When opening a shell on pfSense 2.5.2 and running any easyrule command (event just 'easyrule' which should show the u... Antoine Benoit
06:23 AM Regression #12110 (Resolved): PHP error in firewall_nat.inc on line 329: Renato Botelho
06:21 AM pfSense Packages Bug #12128 (Resolved): Zabbix Agent 5 1.0.4_8 and Proxy 5 1.0.4_7 Broken: Renato Botelho
06:19 AM Todo #11933 (Feedback): PC/SC Smart Card Daemon ``pcscd`` running on all devices at all times, should be optional: PR has been merged. Thanks! Renato Botelho
06:14 AM pfSense Packages Bug #12142 (Feedback): XMLRPC replication target configuration: PR has been merged. Thanks! Renato Botelho

07/19/2021

07:50 PM Bug #12141: Lack of DNS or Internet connectivity causes GUI to be slow: Hi Jim
Apologies, I haven't had a chance to test yet, but just a FYI, by pfsense box is a home machine, nothing sp... Andrew McCann
09:07 AM Bug #12141: Lack of DNS or Internet connectivity causes GUI to be slow: If it's every page load then most likely it's related to authentication settings, like it's trying to check privilege... Jim Pingle
03:52 PM Todo #12145 (Resolved): Convert RAM disks to ``tmpfs``: For various reasons we may want to switch the RAM disks from ufs on md devices to "tmpfs":https://www.freebsd.org/cgi... Jim Pingle
03:36 PM Bug #12144 (In Progress): Bug in ``df -t`` filtering if two filesystems use the same mountpoint: When using RAM disks for @/tmp@ and @/var@ on a ZFS installation, the System Information widget on the Dashboard appe... Jim Pingle
12:42 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: This particular issue was narrowed to only focus on the PHP interpreter problem on SG-3100. Snort itself crashing as ... Jim Pingle
09:34 AM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: Jim Pingle wrote:
> If anyone is still having issues with PHP crashing on the 3100 after applying "the PCRE JIT patc... Lucas Lopes Costa
11:51 AM Feature #12133: Add " Pass-through (IP) Auto Entry " option to Captive portal: Jim Pingle wrote:
> I don't see automatic pass-through for IP addresses as being viable. Users could change their ad... Depressed Admin
08:02 AM Feature #12133 (Rejected): Add " Pass-through (IP) Auto Entry " option to Captive portal: I don't see automatic pass-through for IP addresses as being viable. Users could change their address or it could be ... Jim Pingle
11:06 AM Bug #12107 (Pull Request Review): Notifications page cannot be saved without configuring or disabling SMTP: Jim Pingle
09:55 AM Bug #12107: Notifications page cannot be saved without configuring or disabling SMTP: > It will appear to save but returns very quickly. No error is shown.
> If you refresh the page 'Disable the startup... Viktor Gurov
11:05 AM Bug #7801 (Resolved): UDP fragments received over IPsec tunnel are not properly reassembled and forwarded: Jim Pingle
07:54 AM Bug #7801: UDP fragments received over IPsec tunnel are not properly reassembled and forwarded: OK that looks better. Thanks. Chris Linstruth
11:05 AM pfSense Packages Bug #12142 (Pull Request Review): XMLRPC replication target configuration: Jim Pingle
05:13 AM pfSense Packages Bug #12142: XMLRPC replication target configuration: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/106 Viktor Gurov
10:59 AM Bug #12132 (Duplicate): Port Fowards Using CARP VIP Form Validation on Source Broken: Jim Pingle
10:58 AM Bug #12135: firewall_nat.php, Line: 40, Message: require_once(): Failed opening required 'firewall_nat.inc': It isn't a general issue with upgrading as tens of thousands of users have upgraded and nobody else is hitting this t... Jim Pingle
04:19 AM Bug #12135: firewall_nat.php, Line: 40, Message: require_once(): Failed opening required 'firewall_nat.inc': It seems to happen if you update from 2.5.1 to 2.5.2.
I maintain several pfsense systems and some of them have the s... Stefan Bauer
10:30 AM pfSense Packages Regression #12143 (Feedback): frr 1.1.0_12 package won't save OSPF settings unless entry exists in OSPF Networks: PR has been merged. Thanks! Renato Botelho
09:07 AM pfSense Packages Regression #12143 (Pull Request Review): frr 1.1.0_12 package won't save OSPF settings unless entry exists in OSPF Networks: Jim Pingle
03:21 AM pfSense Packages Regression #12143: frr 1.1.0_12 package won't save OSPF settings unless entry exists in OSPF Networks: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/105 Viktor Gurov
03:14 AM pfSense Packages Regression #12143 (Resolved): frr 1.1.0_12 package won't save OSPF settings unless entry exists in OSPF Networks: https://forum.netgate.com/topic/165160/frr-1-1-0_12-package-won-t-save-ospf-settings-unless-entry-exists-in-ospf-netw... Viktor Gurov
09:32 AM Bug #10955: XMLRPC sync results in an error when a failover peer IP address is specified in DHCP server settings for an unconfigured interface: the bug still exist after upgrading to 2.5.2
Exception calling XMLRPC method restore_config_section # Impossible ... khaled osama
09:07 AM Bug #11734 (Pull Request Review): NAT rule overlap detection is inconsistent: Jim Pingle
09:03 AM Bug #12049 (Resolved): Input validation incorrectly rejects a second IPv4-only GRE tunnel: Jim Pingle
08:59 AM pfSense Packages Bug #7039 (Pull Request Review): HAProxy backend configuration does not handle intermediate CAs properly: Jim Pingle
08:19 AM Bug #12138: Clicking "logout" on portal page does not function when logout popup is disabled: This is actually a bug and not intended.
You should always be able to manually go back to the portal page at @<htt... Jim Pingle
08:11 AM Bug #12136 (Rejected): Road warrior VPN not working in 2.5.2-release: Mobile IPsec works in general, though it's possible there is a problem specific to your configuration or environment.... Jim Pingle
08:09 AM Todo #11933 (Pull Request Review): PC/SC Smart Card Daemon ``pcscd`` running on all devices at all times, should be optional: Jim Pingle
07:53 AM Regression #11550: Segmentation fault when loading ALTQ traffic shaping rules using FAIRQ: Roman Nik wrote:
> Its look like regression in 2.5.2 release, because for 2.5.2 beta all worked fine.
Are the sym... Jim Pingle
07:42 AM Bug #12123 (Duplicate): 2.5.2 Ipsec Tunnel Status Dashboard Widget - Count of active tunnels, and Inactive tunnels is wrong: Already covered by #11910 Jim Pingle
07:37 AM Feature #12121: Wider "local network(s)" fields in OpenVPN server configuration: The GUI for these could use some redesign since it was originally only used for a single network. It can't be a rowhe... Jim Pingle
07:32 AM Bug #12119 (Not a Bug): [dashboard] WAN traffic graph displays no data when suricata is enabled: This is normal and expected when using inline mode and NETMAP. The interface behavior is fundamentally different in t... Jim Pingle

07/18/2021

04:56 PM Bug #12141 (Feedback): Lack of DNS or Internet connectivity causes GUI to be slow: I'm not able to reproduce this on 2.5.2.
There are instances in which no internet/DNS connectivity will result in ... Marcos M
02:13 AM Bug #12141: Lack of DNS or Internet connectivity causes GUI to be slow: Kris Phillips wrote:
> If a device is being configured offline, if the device is unable to query DNS, the webConfigu... Andrew McCann
04:43 PM pfSense Packages Bug #12137: PHP error after rulesets update: I already have a fix for this applied in my internal package repo. The same potential bug exists in the Suricata pack... Bill Meeks
10:55 AM Bug #11734: NAT rule overlap detection is inconsistent: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/301 Marcos M
10:53 AM Bug #12132 (Closed): Port Fowards Using CARP VIP Form Validation on Source Broken: Indeed this is a symptom of #11734. Consequently, the patch there resolves this symptom in an unintentional way. I've... Marcos M
05:35 AM Bug #12123: 2.5.2 Ipsec Tunnel Status Dashboard Widget - Count of active tunnels, and Inactive tunnels is wrong: Eddy Cho wrote:
> since the upgrade, the widget seems to mis-count the tunnel status. I have over 30 active tunnels ... Alex Nilsson
04:43 AM pfSense Packages Bug #12142 (Resolved): XMLRPC replication target configuration: After upgrading from 2.5.1, the following error message appears in the log of the primary node of our HA cluster:
... Louis Casambre

07/17/2021

10:52 PM pfSense Packages Bug #10983 (Rejected): pfBlockerNG not cleaning everything behind it: Updating as Rejected as the bug can not be reproduced. Kris Phillips
10:48 PM Bug #11734: NAT rule overlap detection is inconsistent: Tested the changeset and the issue for 12132 and this redmine appears to be resolved. Kris Phillips
10:41 PM Bug #11734: NAT rule overlap detection is inconsistent: Potentially related issue with source traffic with video demonstrating the issue: https://redmine.pfsense.org/issues/... Kris Phillips
10:45 PM Bug #12132: Port Fowards Using CARP VIP Form Validation on Source Broken: Issue appears corrected with changeset "3736da7f0ffd73c0cd25b7118b3c4be2e1f0eab9":https://redmine.pfsense.org/project... Kris Phillips
10:39 PM pfSense Packages Bug #11745 (Resolved): Incorrect compress options in exported configuration when server is set to refuse compression: Created a test OpenVPN server with compress disabled and exported a config. I do not see compress in the config so t... Kris Phillips
06:00 PM Bug #12141 (Resolved): Lack of DNS or Internet connectivity causes GUI to be slow: If a device is being configured offline, if the device is unable to query DNS, the webConfigurator causes a noticeabl... Kris Phillips
05:51 PM Bug #12049: Input validation incorrectly rejects a second IPv4-only GRE tunnel: Tested in
21.09-DEVELOPMENT (amd64)
built on Sat Jul 17 01:10:40 EDT 2021
FreeBSD 12.2-STABLE
It works. I wa... Max Leighton
05:22 PM Bug #12107: Notifications page cannot be saved without configuring or disabling SMTP: I can confirm that this is reproducible with those steps. Max Leighton
11:12 AM Bug #12134 (Resolved): Typo in crash reporter page: Tested on the:... Danilo Zrenjanin
07:52 AM pfSense Packages Regression #12140 (Closed): DNSBL https webserver not working: After upgrade to pfSense 2.5.2 the DNSBL webserver seems to be broken on https (http works). Multiple people are expe... Sil Schouten
04:07 AM pfSense Packages Bug #7039: HAProxy backend configuration does not handle intermediate CAs properly: Submitted a "PR":https://github.com/pfsense/FreeBSD-ports/pull/1083 to resolve this issue. Neil Bortnak

07/16/2021

11:29 PM Bug #11734: NAT rule overlap detection is inconsistent: There's still an issue when the selected source or destination is a special network (e.g. L2TP Clients), as well as a... Marcos M
09:45 PM Feature #12139 (New): Add support in for specifying a DNSMASQ configuration file: As per https://redmine.pfsense.org/issues/6730 the Dnsmasq command line is hard coded to specify "-C /dev/null". This... M Jurgens
02:32 PM Bug #12138 (Resolved): Clicking "logout" on portal page does not function when logout popup is disabled: From forum discussion: https://forum.netgate.com/topic/163581/is-logout-without-popup-possible/10.
Turning out the... Federico Capoano
12:56 PM Bug #12034 (Resolved): Certificate Manager performs redundant escaping of special characters in certificate DN fields: Looks good.
Performing the same tests that previously yielded extra escape characters now correctly shows just one... Marcos M
12:44 PM pfSense Packages Bug #11173 (Resolved): Status>Monitoring parameters are hidden by the interactive graph: Now works on Firefox and Edge/Chromium.
On mobile resolutions, some labels clip on the right instead, though I thi... Marcos M
12:24 PM Bug #12132: Port Fowards Using CARP VIP Form Validation on Source Broken: Here is a screencast showing the issue on 21.05 of pfSense Plus Kris Phillips
11:42 AM Bug #12132: Port Fowards Using CARP VIP Form Validation on Source Broken: unable to reproduce on pfSense-2.6.0.a.20210716.0500 - works without issues Viktor Gurov
11:11 AM Bug #12132: Port Fowards Using CARP VIP Form Validation on Source Broken: Did additional testing today as I wasn't able to recreate this. I realized this only applies to TCP/UDP with differe... Kris Phillips
11:46 AM Bug #11778: OpenVPN uses 100% CPU after experiencing packet loss: Jason NA wrote:
> For the past week I've been testing with the traffic shaper disabled and that is what seems to be ... M B
11:28 AM Revision 9d7a87f9: Add Zabbix 5.4 config options. Feature #12042: (cherry picked from commit 4e3ab7d23394fab5baaaa1a79943c50a0809db7c) Viktor Gurov
11:13 AM pfSense Packages Bug #12131 (Resolved): zabbix-proxy54 database is down: Renato Botelho
09:33 AM pfSense Packages Bug #12131: zabbix-proxy54 database is down: Renato Botelho wrote:
> Commit that defines zabbix-proxy 5.4 options was missing on stable branches. Fixed on versi... Jeff Dairiki
06:32 AM pfSense Packages Bug #12131 (Feedback): zabbix-proxy54 database is down: Commit that defines zabbix-proxy 5.4 options was missing on stable branches. Fixed on version 1.0.4_9 Renato Botelho
02:18 AM pfSense Packages Bug #12131: zabbix-proxy54 database is down: at the same time:
https://github.com/pfsense/pfsense/blob/master/tools/conf/pfPorts/make.conf#L119:... Viktor Gurov
02:15 AM pfSense Packages Bug #12131: zabbix-proxy54 database is down: Zabbix Proxy 5.4 package doesn't create /var/db/zabbix-proxy/proxy.db file
from https://www.zabbix.com/documentation... Viktor Gurov
11:13 AM pfSense Packages Feature #12042 (Resolved): Add Zabbix 5.4 agent and proxy packages: Renato Botelho
09:36 AM pfSense Packages Feature #12042: Add Zabbix 5.4 agent and proxy packages: Jeff Dairiki wrote:
>
> I'm still having the "@connection to database '/var/db/zabbix-proxy/proxy.db' failed@" iss... Jeff Dairiki
11:07 AM pfSense Packages Bug #12126: freeradius3 0.15.7_31: Please attach the `radiusd -X` command output during authentication and the /usr/local/etc/raddb/radiusd.conf file
... Viktor Gurov
06:18 AM Bug #12134 (Feedback): Typo in crash reporter page: PR has been merged. Thanks! Renato Botelho
12:15 AM Bug #12134: Typo in crash reporter page: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/298 Viktor Gurov
06:17 AM pfSense Packages Bug #12137 (Resolved): PHP error after rulesets update: After fresh Snort install, if you configure the rules update and run "Force Update", an error occurs if the interface... Viktor Gurov
06:05 AM Bug #12135 (Rejected): firewall_nat.php, Line: 40, Message: require_once(): Failed opening required 'firewall_nat.inc': It seems include_path is missing needed directories. I've checked a 2.5.2 installation and include_path content is:
... Renato Botelho
01:18 AM Bug #12135 (Rejected): firewall_nat.php, Line: 40, Message: require_once(): Failed opening required 'firewall_nat.inc': Hi,
we see on several pfsense systems following error message after clicking Firewall -> NAT.
PHP ERROR: Type: ... Stefan Bauer
05:50 AM pfSense Packages Bug #12129 (Resolved): extra include_file entry: Renato Botelho
05:13 AM Revision 5dac18af: Crash Reporter typo fix. Issue #12134: Viktor G
03:10 AM Todo #11933: PC/SC Smart Card Daemon ``pcscd`` running on all devices at all times, should be optional: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/299 Viktor Gurov
02:59 AM Bug #12136 (Rejected): Road warrior VPN not working in 2.5.2-release: Hello to all,
after installing version 2.5.2-release the Road Warrior VPN stopped to work (on version 2.5.1-releas... Michele Di Maria

07/15/2021

08:49 PM Revision dd0c42ea: Fixed typo in lifetime validation: Seyfidin Hamraoui
07:51 PM Bug #12134 (Resolved): Typo in crash reporter page: https://github.com/pfsense/pfsense/blob/fcc49e91217f2777e0ade826f1b69f6683f4be86/src/usr/local/www/crash_reporter.php... Kris Lou
07:43 PM pfSense Packages Bug #12129: extra include_file entry: Upgraded to pfsense-CE 2.5.2, prior to this commit:... Kris Lou
08:03 AM pfSense Packages Bug #12129 (Feedback): extra include_file entry: PR has been merged. Thanks! Renato Botelho
01:59 AM pfSense Packages Bug #12129: extra include_file entry: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/104 Viktor Gurov
01:48 AM pfSense Packages Bug #12129 (Resolved): extra include_file entry: ... Viktor Gurov
05:54 PM Feature #12133 (Rejected): Add " Pass-through (IP) Auto Entry " option to Captive portal: Hi
there is options in cp that makes cp to auto authenticate with mac address but for bigger networks this option ... Depressed Admin
03:05 PM Bug #11679 (Feedback): Policy-based Routing (outbound) and port forwarding (inbound) "selectively" working through WG tunnel: Christian McDonald
02:39 PM Bug #11679: Policy-based Routing (outbound) and port forwarding (inbound) "selectively" working through WG tunnel: Non-Bug in packaged version, Config issue
https://github.com/theonemcdonald/pfSense-pkg-WireGuard/issues/90 Tigger 2014
02:25 PM Bug #12132 (Duplicate): Port Fowards Using CARP VIP Form Validation on Source Broken: With the interface address, you're able to define different port forward NATs on the same interface IP address and po... Kris Phillips
01:13 PM Revision 75f2aba5: Captive Portal DB/Vouchers RAM disk backup. Issue #11894: Mark Silinio
01:08 PM Revision 3900634b: DynDNS DNS Made Easy provider update. Implements #9341: Viktor Gurov
12:09 PM Bug #12124 (Resolved): Creating or editing aliases fails with multiple hosts separated by spaces: Tested on the:... Danilo Zrenjanin
11:46 AM pfSense Packages Bug #12036: Certificate Manager page do not show Zabbix used certificates: Viktor Gurov wrote:
> Jeff Dairiki wrote:
> > There appears to be a syntax error (missing closing parenthesis) in t... Jeff Dairiki
12:35 AM pfSense Packages Bug #12036: Certificate Manager page do not show Zabbix used certificates: Jeff Dairiki wrote:
> There appears to be a syntax error (missing closing parenthesis) in the merged PR.
>
> See:... Viktor Gurov
11:38 AM pfSense Packages Feature #12042: Add Zabbix 5.4 agent and proxy packages: Viktor Gurov wrote:
> Nox Inmortus wrote:
> > Hello,
> >
> > I also concurs that the zabbix-proxy54 package inst... Jeff Dairiki
02:35 AM pfSense Packages Feature #12042: Add Zabbix 5.4 agent and proxy packages: Nox Inmortus wrote:
> Hello,
>
> I also concurs that the zabbix-proxy54 package install does not succeed, trying ... Viktor Gurov
02:32 AM pfSense Packages Feature #12042: Add Zabbix 5.4 agent and proxy packages: Hello,
I also concurs that the zabbix-proxy54 package install does not succeed, trying with 2.5.1. Here is the ins... Nox Inmortus
10:58 AM Bug #9459: patch pf: silence a runtime warning pfr_update_stats: assertion failed.: Issue continues to occur under 2.5.2. A S
10:31 AM Revision 72f21342: Merge branch 'pfsense:master' into master: ilmarranen alex
10:05 AM Revision cfec2190: certs.inc closing parenthesis fix. Issue #11831: Mark Silinio
10:00 AM pfSense Packages Bug #12131 (Resolved): zabbix-proxy54 database is down: Hi, after upgrading zabbix proxy to the new 5.4 version I get this error:
42052:20210715:165612.288 [Z3001] connec... Mario A
09:00 AM pfSense Packages Bug #12128: Zabbix Agent 5 1.0.4_8 and Proxy 5 1.0.4_7 Broken: All good after update done :) issue solved. Guillaume Hullin
08:58 AM pfSense Packages Bug #12128: Zabbix Agent 5 1.0.4_8 and Proxy 5 1.0.4_7 Broken: DRago_Angel [InV@DER] wrote:
> Rafael Sant'Anna wrote:
> > Guillaume Hullin wrote:
> > > Same problem over here a... Renato Botelho
08:49 AM pfSense Packages Bug #12128: Zabbix Agent 5 1.0.4_8 and Proxy 5 1.0.4_7 Broken: Rafael Sant'Anna wrote:
> Guillaume Hullin wrote:
> > Same problem over here after updating to zabbix5-proxy-5.0.1... DRago_Angel [InV@DER]
07:52 AM pfSense Packages Bug #12128 (Feedback): Zabbix Agent 5 1.0.4_8 and Proxy 5 1.0.4_7 Broken: Merged Renato Botelho
06:50 AM pfSense Packages Bug #12128: Zabbix Agent 5 1.0.4_8 and Proxy 5 1.0.4_7 Broken: Guillaume Hullin wrote:
> Same problem over here after updating to zabbix5-proxy-5.0.11 and zabbix5-agent-5.0.11
> ... Rafael Sant'Anna
04:26 AM pfSense Packages Bug #12128: Zabbix Agent 5 1.0.4_8 and Proxy 5 1.0.4_7 Broken: Same problem over here after updating to zabbix5-proxy-5.0.11 and zabbix5-agent-5.0.11
Viktor Gurov wrote:
> fix:... Guillaume Hullin
12:34 AM pfSense Packages Bug #12128: Zabbix Agent 5 1.0.4_8 and Proxy 5 1.0.4_7 Broken: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/103 Viktor Gurov
08:20 AM Feature #9341: Support DNS Made Easy authentication without a username: Applied in changeset commit:3900634b4c0c55d66af6b7020bafb998941e5824. Viktor Gurov
08:13 AM Feature #9341 (Feedback): Support DNS Made Easy authentication without a username: PR has been merged. Thanks! Renato Botelho
08:13 AM Bug #11894 (Feedback): Vouchers may expire too early when using RAM disks: PR has been merged. Thanks! Renato Botelho
07:52 AM Bug #11831: Certificate Revocation tab does not list active users of CRL entries: Merged Renato Botelho
05:06 AM Bug #11831: Certificate Revocation tab does not list active users of CRL entries: extra fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/297 Viktor Gurov
07:31 AM Feature #8794: NTP authentication support: Is it possible to add the option for SHA256 authentication? The underlying NTPd version appears to support it. Ansley Barnes
02:00 AM pfSense Packages Bug #12130 (Closed): Zeek fails to start: : zeekctl deploy
checking configurations ...
zeek scripts failed.
fatal error: can't find local.zeek
Apparently... A S

07/14/2021

11:56 PM pfSense Packages Bug #12128: Zabbix Agent 5 1.0.4_8 and Proxy 5 1.0.4_7 Broken: Appears to be missing the closing ")" on line 378. (Can't speak to the zabbix-proxy.inc file, but suspect may be same... A S
06:36 PM pfSense Packages Bug #12128 (Resolved): Zabbix Agent 5 1.0.4_8 and Proxy 5 1.0.4_7 Broken: Parse error: syntax error, unexpected ';' in /usr/local/pkg/zabbix-agent.inc on line 379
pkg-static: POST-INSTALL sc... DRago_Angel [InV@DER]
10:01 PM Revision fcc49e91: Merge pull request #4499 from GChuf/fonts: Renato Botelho
09:58 PM Revision 99a9bb65: Merge pull request #4514 from raphendyr/patch-dyfi: Renato Botelho
06:33 PM pfSense Packages Bug #12036: Certificate Manager page do not show Zabbix used certificates: There appears to be a syntax error (missing closing parenthesis) in the merged PR.
See:
https://github.com/pfse... Jeff Dairiki
01:18 PM pfSense Packages Bug #12036 (Feedback): Certificate Manager page do not show Zabbix used certificates: PR has been merged. Thanks! Renato Botelho
05:10 PM pfSense Packages Bug #12114 (Feedback): syslog-ng only binds to the last specified interface: PR has been merged. Thanks! Renato Botelho
05:02 PM Todo #11507 (Feedback): Update font formats to WOFF2: PR has been merged. Thanks! Renato Botelho
04:59 PM Feature #12090 (Feedback): Add new Dynamic DNS provider: dy.fi: PR has been merged. Thanks! Renato Botelho
04:42 PM Bug #12039 (In Progress): Gateway alarm always triggers IPsec restart: I've merged check_reload_status part. Please re-test PHP part to make sure it's working as expected. Renato Botelho
04:40 PM pfSense Packages Bug #11681 (Feedback): FRR generates invalid BFD configuration after removing interfaces: PR has been merged. Thanks! Renato Botelho
04:36 PM pfSense Packages Bug #12083 (Feedback): Lack of OSPF network input validation causes service startup error: PR has been merged. Thanks! Renato Botelho
03:31 PM Revision 1c87a584: VPN Packet Processing checkboxes fix. Issue #7801: Mark Silinio
03:30 PM Revision 1b1723da: Certificate Revocation page improvements. Issue #11831: Mark Silinio
03:29 PM Revision 0dfe0402: idn_to_ascii failing with large input strings, fixes #12124: R. Christian McDonald
02:12 PM pfSense Packages Bug #11847 (Feedback): Filters not applied to PEER Groups: PR has been merged. Thanks! Renato Botelho
02:10 PM pfSense Packages Bug #11768 (Feedback): FRR OSPF - Comment field within the ospf interfaces gets longer and longer: PR has been merged. Thanks! Renato Botelho
02:08 PM pfSense Packages Bug #12088 (Feedback): Setting Advertise Capability to ORF leads to invalid configuration preventing frr from starting: PR has been merged. Thanks! Renato Botelho
02:07 PM pfSense Packages Bug #12080 (Feedback): Setting a route-map to redistribute in BGP leads to invalid configuration preventing frr from starting: PR has been merged. Thanks! Renato Botelho
01:51 PM pfSense Packages Bug #11582 (Feedback): FreeRADIUS XML-RPC Sync doesn't sync all configuration sections: PR has been merged. Thanks! Renato Botelho
01:45 PM pfSense Packages Bug #11888 (Feedback): FreeRADIUS starts twice by /etc/rc.start_packages: PR has been merged. Thanks! Renato Botelho
01:44 PM pfSense Packages Bug #11746 (Feedback): Second LDAP server configuration misses the ipaNThash control attribute: PR has been merged. Thanks! Renato Botelho
01:41 PM pfSense Packages Bug #11683 (Feedback): Certificate Manager page doesn't show FreeRADIUS used certificates: PR has been merged. Thanks! Renato Botelho
01:28 PM pfSense Packages Bug #12074 (Feedback): Freeradius: Additional Information field descriptions swapped: PR has been merged. Thanks! Renato Botelho
11:50 AM pfSense Packages Bug #12074: Freeradius: Additional Information field descriptions swapped: Done: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/102 Steve Wheeler
10:35 AM pfSense Packages Bug #12074: Freeradius: Additional Information field descriptions swapped: Steve Wheeler wrote:
> https://gitlab.netgate.com/pfSense/factory-ports/-/merge_requests/6
Please submit it again... Renato Botelho
01:21 PM pfSense Packages Bug #11756 (Feedback): HaProxy does not transfer backend states during reload: PR has been merged. Thanks! Renato Botelho
01:17 PM Feature #9297: Graph for hardware temperature readings: PR has been merged. Thanks! Renato Botelho
01:15 PM pfSense Packages Bug #11173 (Feedback): Status>Monitoring parameters are hidden by the interactive graph: PR has been merged. Thanks! Renato Botelho
01:05 PM pfSense Packages Bug #11627 (Feedback): rc file is not deleted: PR has been merged. Thanks! Renato Botelho
12:58 PM pfSense Packages Feature #11972 (Feedback): Arpwatch - Add support for Telegram notifications: PR has been merged. Thanks! Renato Botelho
12:56 PM pfSense Packages Bug #11366 (Feedback): Arpwatch Cron Notification every 15 minutes: PR has been merged. Thanks! Renato Botelho
12:54 PM Revision e9c8a663: Fixes Redmine #12111: R. Christian McDonald
12:46 PM pfSense Packages Bug #11682 (Feedback): Certificate Manager page do not show STunnel used certificates: PR has been merged. Thanks! Renato Botelho
12:37 PM pfSense Packages Bug #11515 (Feedback): node_exporter 0.18.1_1 - Unable to interact or start the service from web ui: PR has been merged. Thanks! Renato Botelho
12:35 PM pfSense Packages Bug #11889 (Feedback): BIND starts twice by /etc/rc.start_packages: PR has been merged. Thanks! Renato Botelho
12:32 PM pfSense Packages Feature #10859 (Feedback): Add avahi filtering feature to pfSense: PR has been merged. Thanks! Renato Botelho
12:12 PM pfSense Packages Bug #11965 (Feedback): Avahi service started twice by /etc/rc.start_package: PR has been merged. Thanks! Renato Botelho
12:10 PM pfSense Packages Bug #11745 (Feedback): Incorrect compress options in exported configuration when server is set to refuse compression: PR has been merged. Thanks! Renato Botelho
11:45 AM pfSense Packages Feature #12042: Add Zabbix 5.4 agent and proxy packages: Viktor Gurov wrote:
>
> Clean install works as expected
> see #11493 for workaround
Thank you for the reply!
... Jeff Dairiki
07:48 AM pfSense Packages Feature #12042: Add Zabbix 5.4 agent and proxy packages: Jeff Dairiki wrote:
> I've installed it but it fails :-( with the following output repeating in @/var/log/zabbix-pro... Viktor Gurov
11:26 AM pfSense Packages Bug #11628 (Feedback): ftp-proxy error messages in logs: PR has been merged. Thanks! Renato Botelho
10:35 AM Bug #12124: Creating or editing aliases fails with multiple hosts separated by spaces: Applied in changeset commit:0dfe04026ae5245fb075b5f44be4913a239b14a9. Christian McDonald
10:29 AM Bug #12124 (Feedback): Creating or editing aliases fails with multiple hosts separated by spaces: PR has been merged. Thanks! Renato Botelho
10:31 AM Bug #7801 (Feedback): UDP fragments received over IPsec tunnel are not properly reassembled and forwarded: Renato Botelho
04:49 AM Bug #7801: UDP fragments received over IPsec tunnel are not properly reassembled and forwarded: Chris Linstruth wrote:
> The new checkboxes in *System > Advanced, Firewall & NAT* are not populated when re-enterin... Viktor Gurov
10:30 AM Bug #11831 (Feedback): Certificate Revocation tab does not list active users of CRL entries: PR has been merged. Thanks! Renato Botelho
10:28 AM Regression #12111 (Feedback): Crash report message displayed on dashboard. flock() expects parameter 1 to be resource, null given in /etc/inc/util.inc on line 166: PR has been merged. Thanks! Renato Botelho
07:38 AM pfSense Docs Todo #12127 (Closed): Feedback on Releases — 2.5.2 New Features and Changes: *Page:* https://docs.netgate.com/pfsense/en/latest/releases/2-5-2.html
*Feedback:*
NoIP.com DDNS bug #12021 sho... Viktor Gurov
07:00 AM Regression #11550: Segmentation fault when loading ALTQ traffic shaping rules using FAIRQ: Its look like regression in 2.5.2 release, because for 2.5.2 beta all worked fine. Roman Nik
04:04 AM Feature #11357 (Duplicate): Support for DynDNS provider deSEC.io: Duplicate of #12086 Viktor Gurov
03:24 AM pfSense Packages Bug #12126 (New): freeradius3 0.15.7_31: I use sql module with freeradius3.
My nas clients are in a sql nas table and since 0.15.7_31 version of the freera... Alexis Pellicier
02:58 AM pfSense Packages Regression #12125 (Resolved): squidguard 1.16.18_19 conguration error: Since commit 675ad02cfca7c91eddf09cbf26810708ac833c9f my squidguard stop working.
I've made a minimal conf to trac... Alexis Pellicier
02:32 AM pfSense Packages Regression #11534: FreeRADIUS EAP anonymous connection forbidden out-of-tunnel: This is still affecting 2.5.2 and 2.6.0. Didier Raboud

07/13/2021

07:02 PM pfSense Packages Feature #12042: Add Zabbix 5.4 agent and proxy packages: Rafael Sant'Anna wrote:
>
> I can't see zabbix proxy54 on PFSense 2.5.2, anyone could help me how to install ?
... Jeff Dairiki
08:34 AM pfSense Packages Feature #12042: Add Zabbix 5.4 agent and proxy packages: Jordan Greene wrote:
> proxy and agent 5.4 are available and able to install, tested on plus 21.09.a.20210708.1151
... Rafael Sant'Anna
02:24 PM Revision 94dbc880: Enable build of zabbix 5.4 packages: (cherry picked from commit 97762ce9d85546c3b9d4c88f11c8c5ff04d72c72) Renato Botelho
12:40 PM Feature #12070: Support for VLAN ``0``: This would likely have to be resolved in FreeBSD itself. More details on the issue here:
https://bugs.freebsd.org/bug... Marcos M
12:16 PM Revision ae241eea: Set net.link.ifqmaxlen: This removes the need for a kernel patch which overrules IFQ_MAXLEN. Kristof Provost
09:28 AM pfSense Packages Feature #11310: Adding a widget to apcupsd plug-in: Kris Phillips wrote:
> Renato Botelho wrote:
> > PR has been merged to CE 2.6.0 so we can get it tested and then ch... Renato Botelho
07:53 AM Bug #12124 (Pull Request Review): Creating or editing aliases fails with multiple hosts separated by spaces: PR : https://github.com/pfsense/pfsense/pull/4532 Christian McDonald
12:56 AM Bug #11830: Certificate validation with OCSP always fails in ``openvpn.tls-verify.php``: This is still an issue in 2.5.2, validation code still checking only for the last line returned from "openssl", docum... Konstantin Panchenko
12:48 AM Bug #11829: OpenVPN client certificate validation with OCSP always fails: Renato Botelho wrote:
> PR has been merged. Thanks!
I'm not sure what was changed but this is still an issue in ... Konstantin Panchenko

07/12/2021

05:42 PM Bug #12001: System attempts to stop inactive services at shutdown: I've added my own internal bug tracking report of this issue to my list for the Snort and Suricata packages. I will m... Bill Meeks
08:43 AM Bug #12001: System attempts to stop inactive services at shutdown: Right now it's the responsibility of packages themselves to handle removing their own *.sh rc files when they are dis... Christian McDonald
05:33 PM Bug #12124 (Resolved): Creating or editing aliases fails with multiple hosts separated by spaces: Normally you can input multiple host/network aliases on the first form input if you separate each with an space.
T... Casin Mirad
10:18 AM Bug #12112: PHP Warning: PHP Startup: Unable to load dynamic library 'intl.so' (tried: /usr/local/lib/php/20190902/intl.so (Shared object "libicuio.so.69" not found, required by "intl.so"), /usr/local/lib/php/20190902/intl.so.so (/usr/local/lib/php/20190902/intl.so.: [[https://forum.netgate.com/topic/164928/php-warning-php-startup-unable-to-load-dynamic-library-intl-so-tried-usr-loc... Jan Zalewski
07:31 AM Bug #12112: PHP Warning: PHP Startup: Unable to load dynamic library 'intl.so' (tried: /usr/local/lib/php/20190902/intl.so (Shared object "libicuio.so.69" not found, required by "intl.so"), /usr/local/lib/php/20190902/intl.so.so (/usr/local/lib/php/20190902/intl.so.: Jan Zalewski wrote:
> # Launch latest build
> # Analyze callstack:
>
> [07-Jul-2021 14:00:00 UTC] PHP Warning: ... Jesse Beauclaire

07/11/2021

05:41 PM Feature #12120: Permit several sets of destination DHCP servers in DHCP relay: Requests are forwarded to all servers already. So if server A has a scope for the PBX subnet, and server B has a scop... Christian McDonald

07/10/2021

09:22 PM pfSense Packages Feature #11310: Adding a widget to apcupsd plug-in: Renato Botelho wrote:
> PR has been merged to CE 2.6.0 so we can get it tested and then cherry-pick to stable branch... Kris Phillips
09:05 PM Regression #11910: IPsec status tunnel descriptions are incorrect: Ran into this today as well. This seems to happen with multiple VTI tunnels or a mix of VTI and Tunnel mode. I don'... Kris Phillips
09:01 PM pfSense Packages Bug #11950 (Resolved): Wireguard Package Errors and DNS problem: PHP messages are gone in latest package in 2.5.2/21.05. Marking as resolved. Kris Phillips
07:51 PM pfSense Packages Feature #11997: IPsec Profile Wizard: Add Support for exporting Android strongSwan Profiles: Assigning to Jim Pingle, as he'd likely be the one to make this implementation. Feel free to reassign if this is in ... Kris Phillips
06:38 PM pfSense Packages Feature #12042: Add Zabbix 5.4 agent and proxy packages: proxy and agent 5.4 are available and able to install, tested on plus 21.09.a.20210708.1151 Jordan G
06:19 PM Bug #12123 (Duplicate): 2.5.2 Ipsec Tunnel Status Dashboard Widget - Count of active tunnels, and Inactive tunnels is wrong: since the upgrade, the widget seems to mis-count the tunnel status. I have over 30 active tunnels however this is sho... Eddy Cho
06:18 PM Regression #12110: PHP error in firewall_nat.inc on line 329: tested on plus 21.09.a.20210708.1151 - added icmp rules on separate WAN and successfully pinged one from the other Jordan G
02:09 PM Bug #12050 (Resolved): "GoTo line #" function does not work on ``diag_edit.php``: Also tested and working in
2.6.0-DEVELOPMENT (amd64)
built on Fri Jul 09 09:13:36 EDT 2021
FreeBSD 12.2-STABLE
... Max Leighton
01:36 PM Feature #12120: Permit several sets of destination DHCP servers in DHCP relay: Mistake in the title: desintation => destination. Sorry. Anonymous
12:51 PM Feature #12120 (New): Permit several sets of destination DHCP servers in DHCP relay: At this time, pfSense's DHCP relay allows a unique set of one or more target DHCP servers associated to a list of net... Anonymous
01:33 PM Bug #12119: [dashboard] WAN traffic graph displays no data when suricata is enabled: WAN Interface is a standard DHCP setup Erik Schaeffer
01:32 PM Bug #12119: [dashboard] WAN traffic graph displays no data when suricata is enabled: Certainly!
pfsense ver: 2.5.2
suricata ver: 6.0.0_11
Suricata Options Other than defaults:
- Block Offenders:... Erik Schaeffer
12:04 PM Bug #12119: [dashboard] WAN traffic graph displays no data when suricata is enabled: I'm not able to reproduce this with Suricata 6.0.0_11 in pfSense 2.5.2 or 2.6. I tried with blocking mode enabled and... Max Leighton
01:10 PM Bug #12122 (New): Perform greedy actions asychronously: Applying some actions takes time (from tens of seconds to several minutes). In the meantime, the web interface hangs ... Anonymous
01:04 PM Feature #6738: GUI Action Buttons replicated to the top of the List: See also #11956. Anonymous
01:03 PM Feature #10290: Firewall Aliases Add button on top of list: See also #11956. Anonymous
01:01 PM Feature #11956: "add" button in the top of pages with many user-added items: This feature request also expands #6738. Anonymous
01:00 PM pfSense Packages Todo #11574: Add "nobind" to exported OpenVPN configurations by default: I vote for it. :) Anonymous
12:58 PM pfSense Packages Feature #11165: OpenVPN Exporter - Allow for name customization: I vote for it.
IMO, the priority should be at least "normal" and the focus should be on the Windows installer beca... Anonymous
12:57 PM Bug #12001: System attempts to stop inactive services at shutdown: Tested in
2.6.0-DEVELOPMENT (amd64)
built on Fri Jul 09 09:13:36 EDT 2021
FreeBSD 12.2-STABLE
I still see:
... Max Leighton
12:55 PM Feature #12121 (New): Wider "local network(s)" fields in OpenVPN server configuration: In OpenVPN server configuration, the fields "IPv4 local network(s)" and "IPv6 local network(s)" are too small in the ... Anonymous

07/09/2021

08:54 PM Bug #12119: [dashboard] WAN traffic graph displays no data when suricata is enabled: Attaching screenshots of the issue. Erik Schaeffer
08:49 PM Bug #12119 (Not a Bug): [dashboard] WAN traffic graph displays no data when suricata is enabled: Erik Schaeffer
06:37 PM Feature #12118 (Resolved): Create a log entry when a configuration change occurs: When rules are modified, the only thing syslog sends is _filterdns[96878]: merge_config: configuration reload_. Inste... Tyler Montney
03:39 PM Revision 87075500: AWS: Separate release tarballs by branch: Renato Botelho
02:34 PM Bug #12105 (Confirmed): Packages are not automatically reinstalled when restoring configuration using the installer: Looks like the base system moved to using @/cf/conf/needs_package_sync@ for the flag file a while back in commit:1051... Jim Pingle
01:55 PM Revision f152d664: AWS: Add FLAVOR to distfiles.tar: Renato Botelho
01:34 PM Revision 8be1bb42: AWS: Add branch name to pkgs tarball: Renato Botelho
01:21 PM Feature #628: Ability to specify listen IP address of management services (SSH, web interface): I also find this issue a bit strange, not very happy pfSense nginx and sshd listens on every interface. I modified ... Mete Balci
12:49 PM Bug #7801 (Assigned): UDP fragments received over IPsec tunnel are not properly reassembled and forwarded: The new checkboxes in *System > Advanced, Firewall & NAT* are not populated when re-entering the configuration page.
... Chris Linstruth
12:13 PM Revision 6363f2bb: AWS: Simplify logic using 's3 ls' to check if file exists: Renato Botelho
12:13 PM Revision 903e84c2: AWS: Make sure distfiles.tar exist before try to download it: Renato Botelho
11:57 AM Revision 85e010a1: AWS: Add missing s3 parameter to ls: Renato Botelho
11:35 AM Revision 7accab44: AWS: Add FLAVORS to pkgs cache: Renato Botelho
11:32 AM Revision 37b5a3c3: Do not force git remote to be called origin: Renato Botelho
11:25 AM Bug #12102 (Confirmed): Prevent using OpenVPN "Exit Notify" option with point-to-point modes: Was just looking at this on a forum thread and this is not site-to-site vs RA but point-to-multipoint (client/server)... Jim Pingle
11:06 AM Bug #12102: Prevent using OpenVPN "Exit Notify" option with point-to-point modes: Jim Pingle wrote:
> What is "Exit Notify" set to on both ends when this happens? From the log, that is why it termin... Kris Phillips
11:20 AM Revision 1bd84384: AWS: Create initial stashed ports tree on S3: Renato Botelho
11:05 AM Revision dcc5e63d: AWS: Simplify logic: Create aws_exec() and replace all direct calls to use it Renato Botelho
10:28 AM Regression #12117 (Duplicate): service NOIP version 2.5.2: Duplicate of #12021 Jim Pingle
10:13 AM Regression #12117 (Duplicate): service NOIP version 2.5.2: after upgrading to version 2.5.2 the NOIP service does not update the WAN IP, I entered the NOIP website, registered ... Lucas Lopes Costa
10:23 AM Regression #11316: Unbound crashes with signal 11 when reloading: Martin Müller wrote:
> "Unbound 1.13.1 was just released a few days ago
I had the same problem with pfsense 2.5.1... Morten Mathiasen
08:26 AM pfSense Docs New Content #11739: Manual Outbound NAT rules in HA setup: one more hint. I would suggest adding a note or xref to https://docs.netgate.com/pfsense/en/latest/highavailability/r... Danilo Zrenjanin
08:11 AM Regression #12100 (Resolved): Recent 2.6.0 development installers don't actually install: Luiz Souza
06:30 AM Feature #6362: Allow specifying the client identifier hardware type: h2. Request
To me, just prepending \000 to the text content of the GUI field
> Services / DHCP Server / LAN / E... Carlo Tognetti

Also available in: Atom

Project

General

Profile

pfSense

Activity

Activity

08/07/2021

08/06/2021

08/05/2021

08/04/2021

08/03/2021

08/02/2021

08/01/2021

07/31/2021

07/30/2021

07/29/2021

07/28/2021

07/27/2021

07/26/2021

07/25/2021

07/24/2021

07/23/2021

07/22/2021

07/21/2021

07/20/2021

07/19/2021

07/18/2021

07/17/2021

07/16/2021

07/15/2021

07/14/2021

07/13/2021

07/12/2021

07/11/2021

07/10/2021

07/09/2021