Activity

30 days up to

User

Subprojects

Activity

From 07/24/2021 to 08/22/2021

08/22/2021

02:40 PM pfSense Packages Feature #12297: Suricata: show actual GID:SID rule on click: https://github.com/pfsense/FreeBSD-ports/pull/1102 Viktor Gurov
02:38 PM pfSense Packages Feature #12297 (Resolved): Suricata: show actual GID:SID rule on click: It would be helpful to see the actual rule affecting the alert via clicking on GID:SID on the Alert page. Viktor Gurov
01:48 PM Todo #12296: Explicitly state where AutoConfigBackup stores encrypted backup data: I did not intend for this to be created as bug, but as an enhancement. I am also aware this is clearly stated here: h... Tyler Montney
01:47 PM Todo #12296 (Resolved): Explicitly state where AutoConfigBackup stores encrypted backup data: Under Services > Auto Configuration Backup > Settings, it should be clearly stated that backups are sent to Netgate r... Tyler Montney
02:41 AM Bug #12294: userland calling deprecated sysctl, please rebuild world pfsense: Kris Phillips wrote in #note-1:
> Hello,
>
> Please be aware that you have uploaded your configuration file unred... itfabrica Tech

08/21/2021

09:48 PM Bug #12256: Sanitize WireGuard private and pre-shared keys in status output: Applied patch in 21.05.1. Private keys were properly removed when generating a status report when they were not befo... Kris Phillips
09:46 PM pfSense Packages Bug #12251: Wireguard 0.1.5 - ignores "KeepAlive" parameter if empty (instead of disabling): Hmm, seems like 86400 is not a valid value after all. It got silently accepted but eventually caused the tunnel to fa... → luckman212
09:39 PM Bug #12294: userland calling deprecated sysctl, please rebuild world pfsense: Hello,
Please be aware that you have uploaded your configuration file unredacted to the public internet. This is ... Kris Phillips
02:17 PM Bug #12294 (Not a Bug): userland calling deprecated sysctl, please rebuild world pfsense: Hello!
After update pfsense to 2.5.2 i have this error
userland calling deprecated sysctl, please rebuild world pfs... itfabrica Tech
09:36 PM Bug #12295: Gateway RTT of gateways added through packages (OpenVPN and Wireguard) seem off: If your gateway has very low latency, either due to a double NAT or because your static IP block is a routed subnet a... Kris Phillips
02:41 PM Bug #12295 (Not a Bug): Gateway RTT of gateways added through packages (OpenVPN and Wireguard) seem off: Hi,
When looking at RTT in widgets or when extracting information via dpinger it looks as if the latency is very l... Faan DG
09:28 PM Bug #12141: Lack of DNS or Internet connectivity causes GUI to be slow: Still seeing this randomly with customer firewalls. If the WAN interface is disabled or physically disconnected, the... Kris Phillips
03:14 PM Bug #12262: IPsec phase 1 entry with ``0.0.0.0`` as its remote gateway does not receive correct automatic firewall rules: # VPN Rules
pass in on $WAN proto udp from 0.0.0.0/0 to (self) port = 500 tracker 1000105301 keep state label "IP... Alhusein Zawi
02:58 PM pfSense Packages Bug #12293: Resolve host via Reverse DNS looks shows IDN domains as punnycode: https://github.com/pfsense/FreeBSD-ports/pull/1101 Viktor Gurov
09:29 AM pfSense Packages Bug #12293 (Resolved): Resolve host via Reverse DNS looks shows IDN domains as punnycode: "Resolve host via Reverse DNS" shows IDN domains as punnycode,
i.e. "xn--80a1acny.xn--p1ai" instead of "почта.рф" Viktor Gurov
02:29 PM Todo #12145: Convert RAM disks to ``tmpfs``: Would anything need to change in the dashboard UI code to display tempfs vs ufs where appropriate, or is it already d... Loh Phat
12:50 PM Bug #12197 (Resolved): Mobile IPsec phase 1 should not display "Gateway duplicates" option: Tested on the:... Danilo Zrenjanin
08:36 AM pfSense Packages Feature #12292: GeoIP look on the Alerts, Blocked and Files pages: https://github.com/pfsense/FreeBSD-ports/pull/1100 Viktor Gurov
04:34 AM pfSense Packages Feature #12292 (Resolved): GeoIP look on the Alerts, Blocked and Files pages: It would be nice to add a "glob" icon near SRC/DST IP to check Country, State, City, Latitude, Longitude via GeoIP se... Viktor Gurov
06:21 AM Feature #12291: Support for Slack notifications: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/353 Viktor Gurov
01:34 AM Feature #12291 (Resolved): Support for Slack notifications: it would be nice to add Slack notifications
sample code:... Viktor Gurov
05:16 AM pfSense Packages Feature #10809: IDS/IPS - Notifications when new rule categories are released: https://github.com/pfsense/FreeBSD-ports/pull/1099 Viktor Gurov
04:47 AM Bug #12224 (Resolved): OpenVPN page allows to delete/disable instance with an assigned interface: Tested on the:... Danilo Zrenjanin
03:11 AM Bug #12000 (Resolved): Remote log server input validation allows invalid values: Re-tested on the:... Danilo Zrenjanin

08/20/2021

09:57 PM Feature #12290 (Resolved): Add ``librdkafka`` package to the pfSense package repository: A customer has requested the librdkafka package be added to the repos for nProbe and ntopng.
https://freebsd.pkg... Kris Phillips
08:11 PM Bug #12173: IPv6 RA DNSSL lifetime is too short, not compliant with RFC 8106: Jim Pingle wrote in #note-5:
> See notes on PR about problematic behavior after this was merged.
fix:
https://gi... Viktor Gurov
01:18 PM Bug #12173: IPv6 RA DNSSL lifetime is too short, not compliant with RFC 8106: See notes on PR about problematic behavior after this was merged. Jim Pingle
01:17 PM Bug #12173 (In Progress): IPv6 RA DNSSL lifetime is too short, not compliant with RFC 8106: Jim Pingle
07:27 PM Bug #12272 (Resolved): Duplicating a Port Forward does not copy "Filter Rule Association" values of "None" or "Pass": fixed
clone function copy None and Pass value .
2.6.0.a.20210820.0100
Alhusein Zawi
04:06 PM Revision 583062bf: IPv6 fix for setdefaultgateway(). Issue #12282: Viktor Gurov
03:48 PM Regression #11470: Panic when using CBQ traffic shaping: I believe I am hitting the same issue. I have included dump files that was generated.
I have enabled CBQ on 7 inte... Reymond Rivera
03:23 PM Regression #11470: Panic when using CBQ traffic shaping: If anyone can provide steps to replicate this please do so. It's 'just working' for me locally. Steve Wheeler
02:11 PM Revision 3ff300c6: Change /var/run to tmpfs. Implements #12145: Jim Pingle
02:01 PM Revision f873a4ef: Update IPsec Filter Mode text. Implements #12289: VTI mode also works for transport mode (e.g. GRE), so note that as well. Jim Pingle
10:44 AM Feature #2668 (Pull Request Review): Support aliases in OpenVPN local/remote/tunnel network fields: Not merged yet Jim Pingle
10:38 AM Feature #2668 (Feedback): Support aliases in OpenVPN local/remote/tunnel network fields: The updated patch looks good now.
Aliases work as expected. Servers are restarted as expected with warnings to the... Steve Wheeler
09:20 AM Todo #12145 (Feedback): Convert RAM disks to ``tmpfs``: Applied in changeset commit:3ff300c630e9decc06d7640136260d07ad566c19. Jim Pingle
09:05 AM Todo #12145 (In Progress): Convert RAM disks to ``tmpfs``: Systems using RAM disks are good now, but on systems not using RAM disks, /var/run is still using md/ufs. Jim Pingle
09:10 AM Todo #12289 (Feedback): Update "IPsec Filter Mode" option values and help text to reflect that VTI mode also helps transport mode (e.g. GRE): Applied in changeset commit:f873a4ef207dfd3ab29c4c80f225df20decf4a50. Jim Pingle
09:01 AM Todo #12289 (Resolved): Update "IPsec Filter Mode" option values and help text to reflect that VTI mode also helps transport mode (e.g. GRE): Turns out that the *IPsec Filter Mode* option on *VPN > IPsec*, *Advanced Settings* tab also works to allow two-way f... Jim Pingle
09:04 AM Regression #12287 (Feedback): State table entry rule ID does not contain the expected value: That's an endianness issue. The kernel converts several fields to network-endianness, and the (userspace) libpfctl li... Kristof Provost
08:22 AM Regression #12287 (Resolved): State table entry rule ID does not contain the expected value: On snapshots the rule number in the state table data does not contain the expected value... Jim Pingle
08:46 AM Bug #4479: Firewall rules won't match GRE interface after applying IPSEC transport encryption on GRE tunnel: This is similar, if not identical, to #8686 -- and the same workaround functions for both, it turns out.
You can m... Jim Pingle
08:27 AM pfSense Packages Bug #12286: Add support for ntlm_auth in LDAP: I don't think we want to even consider putting the samba package in even as a dependency. Too much potential for abuse. Jim Pingle
08:17 AM pfSense Packages Bug #12286: Add support for ntlm_auth in LDAP: see also #10415 Viktor Gurov
08:11 AM pfSense Packages Bug #12286: Add support for ntlm_auth in LDAP: The Samba package should be added to @/tools/conf/pfPorts/poudriere_bulk@ to fix this issue and implement Squid NTLM ... Viktor Gurov
07:10 AM pfSense Packages Bug #12286 (New): Add support for ntlm_auth in LDAP: The FreeRADIUS Package currently provides LDAP Authorisation/Authentication.
Some vendors like Mikrotik uses only MS... Vladislav Kulikov
08:26 AM Regression #12288 (Closed): GRE and GIF tunnel inside addresses are missing at the OS level after applying changes on assigned interfaces: Starting from scratch if you create a new GRE interface and assign+enable it, the inner address on the tunnel interfa... Jim Pingle
08:22 AM pfSense Packages Feature #11531 (Feedback): Show netmap compatible cards in IPS Mode note: PR has been merged. Thanks! Renato Botelho
08:22 AM pfSense Packages Feature #12285 (In Progress): Add more EVE Logged Traffic protocols: Reverted for now since it requires binary 6.x Renato Botelho
07:52 AM pfSense Packages Feature #12285 (Feedback): Add more EVE Logged Traffic protocols: PR has been merged. Thanks! Renato Botelho
04:46 AM pfSense Packages Feature #12285: Add more EVE Logged Traffic protocols: https://github.com/pfsense/FreeBSD-ports/pull/1095 Viktor Gurov
02:03 AM pfSense Packages Feature #12285 (Resolved): Add more EVE Logged Traffic protocols: The current version of Suricata does not allow you to select the FTP, FTP_DATA, RFB and HTTP2 log types.
see https:/... Viktor Gurov
07:52 AM pfSense Packages Bug #6964 (Feedback): Host OS Policy Assignment broken when using "Import" or "Aliases" buttons: PR has been merged. Thanks! Renato Botelho
07:52 AM pfSense Packages Feature #10872 (Feedback): Add adjustable notification for Severity Alert: PR has been merged. Thanks! Renato Botelho
06:04 AM pfSense Packages Feature #10872: Add adjustable notification for Severity Alert: https://github.com/pfsense/FreeBSD-ports/pull/1096 Viktor Gurov
07:52 AM pfSense Packages Feature #9852 (Feedback): show File-Store directory listing: PR has been merged. Thanks! Renato Botelho
07:15 AM pfSense Docs Todo #12275 (Resolved): Feedback on Firewall — Aliases: PR Merged. Jim Pingle
01:27 AM pfSense Docs Todo #12275: Feedback on Firewall — Aliases: https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/21 Viktor Gurov
07:14 AM Bug #12282 (Pull Request Review): Default IPv4 gateway may be set to IPv6 gateway value in certain cases: Jim Pingle
12:20 AM Bug #12282: Default IPv4 gateway may be set to IPv6 gateway value in certain cases: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/351 Viktor Gurov
12:14 AM Bug #12282 (Closed): Default IPv4 gateway may be set to IPv6 gateway value in certain cases: setdefaultgateway() may set IPv6 gateway as a IPv4 gateway in some cases,
see https://github.com/pfsense/pfsense/blo... Viktor Gurov
05:20 AM Revision 762d3cc9: Increase default IPv6 router advertisement (RA) intervals and lifetime. Fixes #12280: Viktor Gurov
01:52 AM pfSense Docs Correction #12284 (Closed): Feedback on Packages — OpenVPN Client Export Package: *Page:* https://docs.netgate.com/pfsense/en/latest/packages/openvpn-client-export.html
*Feedback:*
Help page is... Viktor Gurov
01:15 AM Bug #12283 (New): LDAP/RADIUS authentication servers configuration does not allow source IP address to be specified: This is a limitation of the Auth_RADIUS package and @ldap_connect()@
But this is required in some cases - when mul... Viktor Gurov
12:55 AM Bug #12280 (Feedback): Default IPv6 router advertisement intervals and lifetime are too low: Applied in changeset commit:762d3cc938d890a05d69e5324b0cf7d2ecea55a1. Viktor Gurov

08/19/2021

06:59 PM Revision d566427f: Convert RAM disks to tmpfs. Implements #12145: Jim Pingle
02:05 PM Todo #12145 (Feedback): Convert RAM disks to ``tmpfs``: Applied in changeset commit:d566427f1b210e9ce08ed9be376b0919c113e83b. Jim Pingle
12:18 PM Regression #12217 (Resolved): Kernel panic in IPFW when using Captive Portal: Things are still stable here after running a couple days and also updating again. Closing this out for now, will reop... Jim Pingle
11:35 AM pfSense Packages Bug #6964 (Pull Request Review): Host OS Policy Assignment broken when using "Import" or "Aliases" buttons: Jim Pingle
10:57 AM pfSense Packages Bug #6964: Host OS Policy Assignment broken when using "Import" or "Aliases" buttons: fix:
https://github.com/pfsense/FreeBSD-ports/pull/1094 Viktor Gurov
09:03 AM pfSense Packages Feature #12281 (Pull Request Review): Add support for Telegram/Pushover notifications: Jim Pingle
08:43 AM pfSense Packages Feature #12281: Add support for Telegram/Pushover notifications: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/121 Viktor Gurov
01:04 AM pfSense Packages Feature #12281 (New): Add support for Telegram/Pushover notifications: NUT doesn't send notifications to a Telegram/Pushover backend, even when the Telegram/Pushover configuration is set u... Viktor Gurov
09:03 AM pfSense Packages Bug #12264 (Pull Request Review): Stray <table> line in squid_monitor.php: Jim Pingle
06:48 AM pfSense Packages Bug #12264: Stray <table> line in squid_monitor.php: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/120 Viktor Gurov
08:57 AM Bug #12280 (Pull Request Review): Default IPv6 router advertisement intervals and lifetime are too low: Jim Pingle
01:00 AM Bug #12280: Default IPv6 router advertisement intervals and lifetime are too low: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/350 Viktor Gurov
08:01 AM pfSense Packages Feature #9852 (Pull Request Review): show File-Store directory listing: Jim Pingle
06:31 AM pfSense Packages Feature #9852: show File-Store directory listing: https://github.com/pfsense/FreeBSD-ports/pull/1093 Viktor Gurov
07:13 AM pfSense Packages Bug #12157: Snort exits with Signal 10 on 32bit ARM platforms: I've cherry-picked fixed snort to 21.05.1 Renato Botelho
05:55 AM pfSense Packages Bug #11961 (Feedback): FRR OSPF add unwanted area 0 authentication to router ospf: PR has been merged. Thanks! Renato Botelho
05:54 AM pfSense Packages Bug #12276 (Feedback): Incorrect OSPF/OSPF6 status links: PR has been merged. Thanks! Renato Botelho
05:52 AM pfSense Packages Regression #12278 (Feedback): Invalid plugin_certificates() function name: PR has been merged. Thanks! Renato Botelho
05:49 AM pfSense Packages Bug #12263 (Feedback): Snort package unable to save a new or edited Pass List when Language is set for anything other than English: PR merged Renato Botelho
05:14 AM Revision 923399be: Allow to use nested URL alias in URL alias. Fixes #11863: Viktor Gurov
05:05 AM Revision 21088d3f: Port Forward None and Pass associated filter rule copy. Fixes #12272: Viktor Gurov
05:01 AM Revision 653529c3: Do not allow to select PPPoE Server interfaces on the DHCPv6 Server page. Fixes #12277: Viktor Gurov
12:45 AM Bug #12195 (Resolved): IPsec writes CRL files when tunnel does not use certificates: works as expected on 2.6.0.a.20210818.0500 Viktor Gurov
12:43 AM Feature #12269 (Resolved): Include firewall rules from packages which failed to load in status output: 2.6.0.a.20210818.0500 works as expected
Firewall-Generated Package Invalid Ruleset squid:... Viktor Gurov
12:20 AM Bug #11863 (Feedback): Unable to create nested URL aliases: Applied in changeset commit:923399be686420e2cb0ef8886dc305353ac843a9. Viktor Gurov
12:15 AM Bug #12272 (Feedback): Duplicating a Port Forward does not copy "Filter Rule Association" values of "None" or "Pass": Applied in changeset commit:21088d3fac4073c45ea2d02e44b149843a547de3. Viktor Gurov
12:10 AM Bug #12277 (Feedback): DHCPv6 Server should not offer configuration options for unsupported PPPoE Server interfaces: Applied in changeset commit:653529c381645756551dd77b4838478bbfc06e63. Viktor Gurov

08/18/2021

11:58 PM Bug #12280: Default IPv6 router advertisement intervals and lifetime are too low: same values (200/600/1800) on:
Cisco:
https://www.cisco.com/c/en/us/td/docs/security/asa/asa94/config-guides/cli/... Viktor Gurov
08:32 PM Bug #12280 (Resolved): Default IPv6 router advertisement intervals and lifetime are too low: Related forum thread here:
https://forum.netgate.com/topic/165744/why-are-the-default-ra-intervals-and-lifetime-valu... Offstage Roller
08:11 PM Revision cf757a80: Regex cleanup should also kill {}. Fixes #12257: It's not used often (and less in the GUI) and can be a source of
problems with large numbers of repetitions even outs... Jim Pingle
04:17 PM Revision aed495bd: Merge remote-tracking branch 'origin/fix/12279': Jim Pingle
04:12 PM Revision a38556ff: Use SHA512 to hash user password. Implements #10298: Original commit by Viktor Gurov Jim Pingle
03:00 PM pfSense Packages Regression #12278 (Pull Request Review): Invalid plugin_certificates() function name: Jim Pingle
07:33 AM pfSense Packages Regression #12278: Invalid plugin_certificates() function name: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/119 Viktor Gurov
07:21 AM pfSense Packages Regression #12278 (Resolved): Invalid plugin_certificates() function name: ... Viktor Gurov
02:59 PM Bug #12277 (Pull Request Review): DHCPv6 Server should not offer configuration options for unsupported PPPoE Server interfaces: Jim Pingle
07:06 AM Bug #12277: DHCPv6 Server should not offer configuration options for unsupported PPPoE Server interfaces: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/348 Viktor Gurov
06:48 AM Bug #12277 (Resolved): DHCPv6 Server should not offer configuration options for unsupported PPPoE Server interfaces: If you start PPPoE Server and try to configure the POES interface for DHCP6, an error occurs:... Viktor Gurov
02:58 PM pfSense Packages Bug #12276 (Pull Request Review): Incorrect OSPF/OSPF6 status links: Jim Pingle
05:48 AM pfSense Packages Bug #12276: Incorrect OSPF/OSPF6 status links: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/118 Viktor Gurov
05:40 AM pfSense Packages Bug #12276 (Resolved): Incorrect OSPF/OSPF6 status links: frr_ospf_areas.xml and frr_ospf_interfaces.xml contain `status_frr.php` link instead of `status_frr.php?protocol=ospf... Viktor Gurov
02:57 PM pfSense Packages Bug #11961 (Pull Request Review): FRR OSPF add unwanted area 0 authentication to router ospf: Jim Pingle
05:46 AM pfSense Packages Bug #11961: FRR OSPF add unwanted area 0 authentication to router ospf: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/117 Viktor Gurov
02:44 PM Revision c9285e9f: Fixes #12279: Christian McDonald
02:24 PM Todo #12145: Convert RAM disks to ``tmpfs``: Updated the diff for testing but hit another thing we need to account for.
Currently we check if there is sufficient... Jim Pingle
01:58 PM Revision 7be7d84e: Ensure Unbound python script exists. Fixes #12274: Check to make sure a referenced python script exsits before attempting
to use it in the Unbound configuration. If the... Jim Pingle
01:54 PM pfSense Packages Bug #12157 (Resolved): Snort exits with Signal 10 on 32bit ARM platforms: This appears to be fixed. I've been running it for several days now and previously it would not run for longer than a... Steve Wheeler
12:09 PM Bug #12241: System Information widget unnecessarily polls data for hidden items: B D wrote in #note-5:
> But since the System Information widget can't ever be removed -- that means its performance ... Viktor Gurov
11:30 AM Todo #10298 (Feedback): Use SHA-512 for user password hashes: Applied in changeset commit:a38556ffba0f8d6cf3f61bd7469ebbb922fd3f64. Jim Pingle
09:55 AM Regression #12279 (Feedback): Uninitialized config array and escaped html in ipsec widget: Applied in changeset commit:c9285e9fff6dafb3124acfbe385641bea2d77b1a. Christian McDonald
09:45 AM Regression #12279 (Pull Request Review): Uninitialized config array and escaped html in ipsec widget: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/349 Christian McDonald
09:43 AM Regression #12279 (Resolved): Uninitialized config array and escaped html in ipsec widget: See screenshot. Christian McDonald
09:05 AM Bug #12274 (Feedback): Unbound fails to start if its configuration references a python script which does not exist: Applied in changeset commit:7be7d84ecf8afb2f5fd51ea0b67f68e69fe7fa6d. Jim Pingle
08:28 AM Bug #12274: Unbound fails to start if its configuration references a python script which does not exist: As long as that script is actually selected in the unbound config GUI (picked as "Python Module Script") and not in c... Jim Pingle
03:31 AM Bug #12274 (Resolved): Unbound fails to start if its configuration references a python script which does not exist: After the installation, unbound works 'out of the box'.
When a previously saved config.xml is imported
and pfBloc... Gertjan KROEB
07:56 AM Bug #12272 (Pull Request Review): Duplicating a Port Forward does not copy "Filter Rule Association" values of "None" or "Pass": Jim Pingle
02:33 AM Bug #12272: Duplicating a Port Forward does not copy "Filter Rule Association" values of "None" or "Pass": fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/347 Viktor Gurov
07:22 AM Regression #12245 (Resolved): Input validation error in system.php: This is now fixed in snapshots.
Tested:... Steve Wheeler
06:50 AM Bug #12247 (Resolved): Viewing an AutoConfigBackup entry takes approximately 60 seconds to completely load: This looks good.
The files open quickly and completely. Both encrypted and decrypted parts.
Tested:... Steve Wheeler
06:47 AM Feature #12193 (Resolved): AutoConfigBackup performance improvements: This looks good now.
Files are queued as expected and uploaded when the cronjob fires.
The cronjob is created co... Steve Wheeler
03:40 AM pfSense Docs Todo #12275 (Resolved): Feedback on Firewall — Aliases: *Page:* https://docs.netgate.com/pfsense/en/latest/firewall/aliases.html#url-aliases
*Feedback:*
There is no in... Viktor Gurov

08/17/2021

08:12 PM Revision 4174a828: Fixed #12247 by adding curl_close() call: Steve Beaver
05:44 PM Bug #10955: XMLRPC sync results in an error when a failover peer IP address is specified in DHCP server settings for an unconfigured interface: Jim Pingle wrote in #note-12:
> Where/On what page?
Services / DHCP Server / <Interface> // Other Options / Gateway
... Marcos M
02:14 PM Bug #10955: XMLRPC sync results in an error when a failover peer IP address is specified in DHCP server settings for an unconfigured interface: Marcos Mendoza wrote in #note-11:
> It seems this can be triggered if entering "None" for gateway.
Where/On what ... Jim Pingle
01:56 PM Bug #10955: XMLRPC sync results in an error when a failover peer IP address is specified in DHCP server settings for an unconfigured interface: It seems this can be triggered if entering "None" for gateway. Marcos M
03:29 PM Revision 14b8b150: Add incorrectly generated package rules to status_output. Implements #12269: Viktor Gurov
03:16 PM Bug #12247 (Feedback): Viewing an AutoConfigBackup entry takes approximately 60 seconds to completely load: Anonymous
03:14 PM Bug #12247: Viewing an AutoConfigBackup entry takes approximately 60 seconds to completely load: Issue was caused by a missing curl_close() call, making the system wait until the acb server timed out. Anonymous
02:12 PM pfSense Docs Todo #12271 (Closed): Feedback on pfSense Configuration Recipes — Virtualizing with Proxmox® VE: Fixed, thanks! Jim Pingle
09:29 AM pfSense Docs Todo #12271 (Closed): Feedback on pfSense Configuration Recipes — Virtualizing with Proxmox® VE: *Page:* https://docs.netgate.com/pfsense/en/latest/recipes/virtualize-proxmox-ve.html#basic-proxmox-ve-networking
... Aron Schüler
01:33 PM pfSense Docs Todo #12273 (Resolved): Feedback on pfSense Configuration Recipes — Configuring DNS over TLS: *Page:* https://docs.netgate.com/pfsense/en/latest/recipes/dns-over-tls.html
*Feedback:*
The DoT configuration ... Cy BiS
01:12 PM Revision bca881c4: Correct grep usage where needed. Fixes #12265: Jim Pingle
01:11 PM Revision 8cd3f92f: Regex cleanup change. Fixes #12257: Rather than attempting to cleanup group repetition, just discard the
unwanted pattern. Jim Pingle
12:26 PM Revision e3732f92: Replace unlink() by unlink_if_exists(): Renato Botelho
12:06 PM pfSense Docs Correction #12266 (Closed): Ticket system link no longer correct: Fixed in https://gitlab.netgate.com/docs/pfsense-platforms/-/commit/e2094df8635a2470250e1f61c527b9bc6bb29b06 Jim Pingle
10:56 AM Feature #6776: Allow disabling of "filter rule association" by default: Keenton IT wrote in #note-2:
> Hi,
>
> Note that this setting revert back to "Add associated filter rule" also wh... Viktor Gurov
03:33 AM Feature #6776: Allow disabling of "filter rule association" by default: Hi,
Note that this setting revert back to "Add associated filter rule" also when you clone an existing NAT Rule se... Keenton IT
10:56 AM Bug #12272 (Resolved): Duplicating a Port Forward does not copy "Filter Rule Association" values of "None" or "Pass": When you clone an existing NAT Rule that is set to "None" or "Pass" it's reset to "Add associated filter rule"
#67... Viktor Gurov
10:40 AM Feature #12269 (Feedback): Include firewall rules from packages which failed to load in status output: Applied in changeset commit:14b8b150cb56f1abab87feb3695d841fd734c71c. Viktor Gurov
08:34 AM Feature #12269 (Pull Request Review): Include firewall rules from packages which failed to load in status output: Jim Pingle
02:00 AM Feature #12269: Include firewall rules from packages which failed to load in status output: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/346 Viktor Gurov
01:18 AM Feature #12269 (Resolved): Include firewall rules from packages which failed to load in status output: @discover_pkg_rules()@ creates the "/tmp/rules.packages.{$pkgname}" file if the package creates unloadable rules.
it... Viktor Gurov
09:01 AM Bug #12270: Unidirectional connectivity with DHCP-assigned interface: Now it is solved. Wouldn't have minded to learn elsewhere that 'LAN to ...' is not a mere description. I had set it o... Uwe Dippel
08:29 AM Bug #12270: Unidirectional connectivity with DHCP-assigned interface: "LAN to any" won't match LAN2, it must be "LAN2 to any". Jim Pingle
08:25 AM Bug #12270: Unidirectional connectivity with DHCP-assigned interface: Jim Pingle wrote in #note-2:
> It's not a bug, it's doing exactly what it's been told to do. You need rules on LAN2 ... Uwe Dippel
07:13 AM Bug #12270 (Not a Bug): Unidirectional connectivity with DHCP-assigned interface: It's not a bug, it's doing exactly what it's been told to do. You need rules on LAN2 to allow traffic from LAN2 to do... Jim Pingle
06:02 AM Bug #12270: Unidirectional connectivity with DHCP-assigned interface: I'm not able to correct the 'netstat minus rn' which converted into a strike-through instead of actually showing the ... Uwe Dippel
05:58 AM Bug #12270 (Not a Bug): Unidirectional connectivity with DHCP-assigned interface: [I did discuss this in the forum, and I am aware it sounds unlikely, but haven't found a solution so far. It does loo... Uwe Dippel
08:32 AM Regression #12217: Kernel panic in IPFW when using Captive Portal: So far, so good with the latest snapshot (@2.6.0.a.20210817.0500@). I've updated several systems which easily crashed... Jim Pingle
08:20 AM Todo #12265 (Feedback): Improve uses of ``grep`` which utilize user-supplied patterns: Applied in changeset commit:bca881c428cd82315cc35414017844342db630a0. Jim Pingle
06:10 AM Revision 136c1462: System Information widget optimization. Issue #12241: Viktor Gurov
06:07 AM Revision 3a0f6f36: Move IPsec Mobile additional configuration attributes to strongswan.conf. Fixes #11447: Viktor G
06:05 AM Revision 4f04c78e: Fix IPsec PH1 with Remote Gateway 0.0.0.0 rules creation. Issue #12262: Viktor Gurov
06:05 AM Revision d57eab57: VLAN/QinQ-only interface mismatch detection. Fixes #12170: Viktor G
01:39 AM Bug #12262 (Feedback): IPsec phase 1 entry with ``0.0.0.0`` as its remote gateway does not receive correct automatic firewall rules: Merged Viktor Gurov
01:38 AM Bug #12241 (Feedback): System Information widget unnecessarily polls data for hidden items: Merged Viktor Gurov
01:15 AM Regression #11447 (Feedback): EAP-RADIUS Mobile IPsec clients with RADIUS-assigned addresses do not get additional configuration attributes: Applied in changeset commit:3a0f6f3609dcb50e3ba927a743fb9f1990a48181. Anonymous
01:15 AM Bug #12170 (Feedback): Interface assignment mismatch is not detected if VLAN-only parent interface is removed: Applied in changeset commit:d57eab57652f634939a4bf916997f08fb5bc3916. Anonymous
12:55 AM pfSense Docs Todo #12268 (Closed): Update Aliases documentation with recently added features: *Page:* https://docs.netgate.com/pfsense/en/latest/firewall/aliases.html
*Feedback:*
Network aliases:
+ suppor... Viktor Gurov
12:40 AM Feature #1603 (Resolved): URL table aliases should be usable within network type aliases: in the source tree:
https://github.com/pfsense/pfsense/blob/master/src/usr/local/pfSense/include/www/alias-utils.inc... Viktor Gurov

08/16/2021

07:14 PM Feature #12267: OpenVPN option to limit concurrent connections per user: There's an example here on how to accomplish this:
https://serverfault.com/questions/850599/permit-only-n-connection... Marcos M
07:14 PM Feature #12267 (Resolved): OpenVPN option to limit concurrent connections per user: It's beneficial to be able to limit the total number of connections allowed per user when Duplicate Connection is use... Marcos M
07:13 PM pfSense Packages Bug #11135: HAproxy OCSP reponse crontab bug: I submitted a PR to backport Viktor's changes to the haproxy package as well: https://github.com/pfsense/FreeBSD-port... Daniel Kimsey
06:29 PM Regression #11316: Unbound crashes with signal 11 when reloading: Unbound 1.13.2 is now imported on 2.6.0 and 21.09 and will be available on tomorrow's snapshots Renato Botelho
05:42 PM Revision 57a737f1: More route display changes. Fixes #12257: * Move escape_filter_regex() from syslog.inc to util.inc since it will
be used by things other than syslog.
* Add s... Jim Pingle
04:17 PM pfSense Docs Todo #12261: Feedback on pfSense Configuration Recipes — WireGuard VPN Client Configuration Example: That's great, thank you Jim! David Ross
07:37 AM pfSense Docs Todo #12261: Feedback on pfSense Configuration Recipes — WireGuard VPN Client Configuration Example: We are already aware. Once the development of the WireGuard package progresses further and stabilizes, then the docum... Jim Pingle
02:46 PM pfSense Docs Correction #12266 (Closed): Ticket system link no longer correct: The link given in the docs to open a new ticket in our ticket system no longer links to an existing page since Freshw... Steve Wheeler
01:13 PM Todo #12265 (Resolved): Improve uses of ``grep`` which utilize user-supplied patterns: See #12257 and commit:57a737f1 for examples
A few things to watch out for:
* Patterns passed to grep based on u... Jim Pingle
08:54 AM Bug #12241 (Pull Request Review): System Information widget unnecessarily polls data for hidden items: Jim Pingle
08:07 AM Bug #12241: System Information widget unnecessarily polls data for hidden items: optimization:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/345 Viktor Gurov
08:18 AM pfSense Packages Bug #12263: Snort package unable to save a new or edited Pass List when Language is set for anything other than English: Pull Request #1091, posted here: https://github.com/pfsense/FreeBSD-ports/pull/1091, has been submitted to correct t... Bill Meeks
07:09 AM pfSense Packages Bug #12263 (Resolved): Snort package unable to save a new or edited Pass List when Language is set for anything other than English: When the language on the firewall is set for any language other than English, it is not possible to save changes to a... Bill Meeks
07:48 AM pfSense Packages Bug #12264 (Resolved): Stray <table> line in squid_monitor.php: There's a stray <table> opening element in the C-ICAP Virus Table section of /usr/local/www/squid_monitor.php
<tab... Matthew Fearnley
07:42 AM Bug #12262 (Pull Request Review): IPsec phase 1 entry with ``0.0.0.0`` as its remote gateway does not receive correct automatic firewall rules: Need to be careful when we fix this as if the rules were correct they would match too much traffic and potentially in... Jim Pingle
04:03 AM Bug #12262: IPsec phase 1 entry with ``0.0.0.0`` as its remote gateway does not receive correct automatic firewall rules: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/344 Viktor Gurov
07:40 AM Regression #12217 (Feedback): Kernel panic in IPFW when using Captive Portal: Fix pushed to https://gitlab.netgate.com/pfSense/FreeBSD-src/-/commit/41d976b3b37dfcc66b14c67f610474e94b3d49dd (devel... Kristof Provost
07:39 AM Bug #11863 (Pull Request Review): Unable to create nested URL aliases: Jim Pingle
07:36 AM Bug #7547 (Pull Request Review): Static routes using aliases are not automatically updated when alias content changes: Jim Pingle
07:36 AM Feature #11895 (Pull Request Review): Require user to manually apply changes after altering static route entries: Jim Pingle
07:35 AM Bug #11599 (Pull Request Review): Modifying static routes results in a logged error, changes are not reflected in routing table: Jim Pingle

08/15/2021

08:22 PM Bug #12262 (Resolved): IPsec phase 1 entry with ``0.0.0.0`` as its remote gateway does not receive correct automatic firewall rules: When using @0.0.0.0@ as the remote gateway IP for IPsec, the automatic rules to allow port 500 and 4500 are incorrect... Marcos M
05:47 PM Bug #11863 (New): Unable to create nested URL aliases: Allow to use URL/URL Ports alias in URL/URL ports alias:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests... Viktor Gurov
10:00 AM Bug #11619: Unable to upgrade 2.4.4-p3 to 2.5/21.02-p1: Okay, should've read the ticket better.
Upgrading to 2.4.5_1 using the 2.4.5 depreciated branch followed by upgradin... Glenn G
09:31 AM Bug #11619: Unable to upgrade 2.4.4-p3 to 2.5/21.02-p1: Same here
Any process on how to upgrade?... Glenn G

08/14/2021

06:10 PM Bug #12168: 1:1 NAT rule with internal IP address of "Any" results in an invalid firewall rule: binat on em1 inet all -> 50.50.50.111
2.6.0.a.20210814.1404
Alhusein Zawi
05:55 PM Bug #12198 (Resolved): Disabling an IPsec phase 1 entry does not disable related phase 2 entries: fixed
I was able to make changes in disabled P1 without errors
2.6.0.a.20210814.1404
Alhusein Zawi
03:48 PM pfSense Docs Todo #12261 (Closed): Feedback on pfSense Configuration Recipes — WireGuard VPN Client Configuration Example: *Page:* https://docs.netgate.com/pfsense/en/latest/recipes/wireguard-client.html
*Feedback:*
It looks like this p... David Ross
12:00 PM pfSense Packages Bug #12260 (Closed): Update popup and version missmatch?: Always showing popup in the corner about the available update, every refreshed page, no setting to disable it?
A new... Tomas Tom
11:52 AM pfSense Packages Bug #12240 (Resolved): Syslog-ng does not remove logrotate.conf after disable: Tested on Syslog-ng 1.15_11. /usr/local/etc/logrotate.conf is removed after disabling the service. Marking the ticket... Max Leighton
11:47 AM Bug #7547: Static routes using aliases are not automatically updated when alias content changes: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/342 Viktor Gurov
11:46 AM Feature #11895: Require user to manually apply changes after altering static route entries: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/342 Viktor Gurov
11:46 AM Bug #11599: Modifying static routes results in a logged error, changes are not reflected in routing table: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/342 Viktor Gurov
11:08 AM pfSense Packages Bug #12242 (Resolved): rc file is not deleted: Tested on NET-SNMP 0.1.5_9.
/usr/local/etc/rc.d/net-snmpd.sh and /usr/local/etc/rc.d/net-snmptrapd.sh are removed ... Max Leighton
10:45 AM Bug #12232 (Resolved): OpenVPN status incorrect for TAP servers without a defined tunnel network: Tested on:
2.6.0-DEVELOPMENT (amd64)
built on Thu Aug 12 01:16:53 EDT 2021
FreeBSD 12.2-STABLE
Looks good. I ... Max Leighton
05:33 AM Revision c5bda432: Do not delete disabled routes. Fixes #10706: Viktor G
05:33 AM Revision 2e6b2841: Prevent deletion of OpenVPN instances with assigned interfaces. Fixes #12224: Viktor Gurov
05:33 AM Revision 6514012d: Reconfigure stacked IP Aliases on parent CARP VIP changes. Fixes #12227: Viktor Gurov
04:39 AM Bug #8390: Input validation does not prevent removing a gateway used by a DNS server: Jim Pingle wrote in #note-5:
> Their problem is different from the ones linked.
>
> When you remove a gateway, th... Viktor Gurov
12:40 AM Bug #10706 (Feedback): Kernel route table entries are removed if they match disabled static route entries: Applied in changeset commit:c5bda432e875750e1be03fb82a3cfc0684cb382a. Anonymous
12:40 AM Bug #12224 (Feedback): OpenVPN page allows to delete/disable instance with an assigned interface: Applied in changeset commit:2e6b284184ce10b4ff15d8d4716237036b92ff75. Viktor Gurov
12:40 AM Bug #12227 (Feedback): Changing VHID on CARP VIP does not update VHID of related IP Alias VIPs: Applied in changeset commit:6514012d33705dda99d0def4421f5560ad969af5. Viktor Gurov

08/13/2021

08:39 PM pfSense Packages Bug #12251: Wireguard 0.1.5 - ignores "KeepAlive" parameter if empty (instead of disabling): Thanks. I ended up setting it to a high value, e.g. 86400 → luckman212
08:13 PM Bug #4479: Firewall rules won't match GRE interface after applying IPSEC transport encryption on GRE tunnel: I stumbled across this issue when deploying pfSense for a wireless carrier integration. We needed to do things like p... Arthur Wiebe
08:00 PM Bug #12259 (Closed): Intel em NICs Suffering Performance Degradation on FreeBSD12: Reference FreeBSD bug report here:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=235031
Seems the issue is pa... Kris Phillips
06:40 PM pfSense Packages Bug #12258 (Resolved): Copy key buttons only work in HTTPS mode: Yes of course everyone should be using HTTPS all the time especially now with ACME being available, but sometimes wel... → luckman212
05:46 PM Revision 72ea2b69: Change route collection and output. Fixes #12257: All changes are on src/usr/local/www/diag_routes.php
* Change problematic use of sed for an equivalent and safer use... Jim Pingle
03:35 PM Feature #11978 (Closed): New Dynamic DNS Provider: Strato: Jim Pingle
03:00 PM Feature #11978: New Dynamic DNS Provider: Strato: strato appears in the list of available dyndns providers - using 21.09.a.20210812.1456 Jordan G
01:15 PM Revision ffa913ec: Sanitize WireGuard keys from status_output. Fixes #12256: Viktor Gurov
12:55 PM Bug #12257 (Feedback): Route data collection method on ``diag_routes.php`` has multiple issues: Applied in changeset commit:72ea2b69cc111d4bc8ebf1ccf1e1529923c5b88a. Jim Pingle
12:35 PM Bug #12257 (Resolved): Route data collection method on ``diag_routes.php`` has multiple issues: The way that route data is collected for presentation in the GUI on @diag_routes.php@ has multiple problems, includin... Jim Pingle
12:49 PM Revision 0997d828: Display Gateway IPv6 on status_interfaces.php regardless of Gateway IPv4 status. Fixes #12253: Viktor Gurov
12:49 PM Revision 35de5b66: Show received IPv6 DNS servers on status_interfaces.php page. Fixes #12252: Viktor Gurov
12:49 PM Revision 37c677a1: Fix is_hostname() regression. Issue #12245: Viktor Gurov
12:18 PM Feature #11899: Add support for non-Oracle IP Check providers: looks like duplicate of #12194 Viktor Gurov
11:40 AM Revision e7cac368: Properly remove the old VHID on XMLRPC CARP VIP sync. Fixes #12202: Viktor Gurov
11:30 AM Revision 58f744b7: OpenVPN Tunnel network input validation fix. Issue #11999: Viktor Gurov
09:32 AM Regression #12239 (Resolved): Interfaces page does not show Wireless EAP client options: Looks good on 2.6.0.a.20210812.0500 Viktor Gurov
09:32 AM Regression #12234 (Resolved): Wireless Channel/Width Issues with GUI: Looks good on 2.6.0.a.20210812.0500 Viktor Gurov
09:31 AM Regression #12245: Input validation error in system.php: This looks good now with that patch. I am able to use numeric hosts names. It still rejects invalid hosts that includ... Steve Wheeler
08:34 AM Regression #12245 (Feedback): Input validation error in system.php: Merged Viktor Gurov
07:36 AM Regression #12245 (Pull Request Review): Input validation error in system.php: Jim Pingle
12:35 AM Regression #12245: Input validation error in system.php: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/337 Viktor Gurov
08:35 AM Revision 36abc2ad: Update convert_friendly_interface_to_friendly_descr() to show IP Alias description. Fixes #11337: Viktor G
08:27 AM Bug #12000 (Feedback): Remote log server input validation allows invalid values: re-test required after #12245 Viktor Gurov
08:25 AM Bug #12256 (Feedback): Sanitize WireGuard private and pre-shared keys in status output: Applied in changeset commit:ffa913ec51c68af00a6f0b18e84544ac64d77d2f. Viktor Gurov
07:50 AM Bug #12256 (Pull Request Review): Sanitize WireGuard private and pre-shared keys in status output: Jim Pingle
04:03 AM Bug #12256: Sanitize WireGuard private and pre-shared keys in status output: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/340 Viktor Gurov
03:57 AM Bug #12256 (Resolved): Sanitize WireGuard private and pre-shared keys in status output: @<privatekey>@ and @<presharedkey>@ are not sanitized from status.php output Viktor Gurov
08:11 AM Revision d1d8383c: Use client-connect/client-disconnect script for Remote Access (SSL/TLS) server mode. Fixes #12238: Viktor Gurov
08:11 AM Revision 5ed5f14d: Set $retries=10 in resolve_retry() to improve resolution timeout. Fixes #12196: Viktor G
08:10 AM Revision 0f441291: 1:1 NAT rules creation update. Fixes #12168: * Fix 1:1 NAT rule creation when Any is selected for Internal IP
* Fix 1:1 NAT rule creation when Any is selected for... Viktor G
07:55 AM pfSense Docs Todo #12250 (Closed): Feedback on Networking Concepts — Understanding CIDR Subnet Mask Notation: Fixed, thanks! Jim Pingle
07:55 AM Bug #12253 (Feedback): IPv6 gateway for an interface is not shown on ``status_interfaces.php`` if the interface does not also have an IPv4 gateway: Applied in changeset commit:0997d828271d48e17edb9be0ac1e9ece8f234b00. Viktor Gurov
07:41 AM Bug #12253 (Pull Request Review): IPv6 gateway for an interface is not shown on ``status_interfaces.php`` if the interface does not also have an IPv4 gateway: Jim Pingle
01:54 AM Bug #12253: IPv6 gateway for an interface is not shown on ``status_interfaces.php`` if the interface does not also have an IPv4 gateway: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/339 Viktor Gurov
01:51 AM Bug #12253 (Resolved): IPv6 gateway for an interface is not shown on ``status_interfaces.php`` if the interface does not also have an IPv4 gateway: status_interfaces.php page doesn't display Gateway IPv6 if Gateway IPv4 doesn't exist Viktor Gurov
07:55 AM Bug #12252 (Feedback): IPv6 DNS servers from dynamic sources are not listed on ``status_interfaces.php``: Applied in changeset commit:35de5b66a633f45daa828a3faac9547f9d9db4b7. Viktor Gurov
07:40 AM Bug #12252 (Pull Request Review): IPv6 DNS servers from dynamic sources are not listed on ``status_interfaces.php``: Jim Pingle
12:57 AM Bug #12252: IPv6 DNS servers from dynamic sources are not listed on ``status_interfaces.php``: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/338 Viktor Gurov
12:43 AM Bug #12252 (Resolved): IPv6 DNS servers from dynamic sources are not listed on ``status_interfaces.php``: After configuring DHCP6 on the interface, I see the correct `/var/etc/nameserver_v6*` files with IPv6 DNS servers, bu... Viktor Gurov
07:49 AM Bug #12255 (Duplicate): MTU on Interface change to VLAN MTU: This seems like it is overlapping significantly with #11870 and likely will be solved when that is solved. Jim Pingle
03:41 AM Bug #12255 (Duplicate): MTU on Interface change to VLAN MTU: The MTU on an physical interface in the gui is set to 9000. After creating an vlan on the interface and setting th VL... Rafael Grothmann
07:46 AM Bug #12254 (Duplicate): LAGG: This does appear to be a duplicate of #9183, though it doesn't affect LAGG in general as that is working fine on curr... Jim Pingle
03:29 AM Bug #12254 (Duplicate): LAGG: There is a LAGG over two ethernet Interfaces. The LAGG is working after configuration. After reboot the LAGG is creat... Rafael Grothmann
07:43 AM pfSense Packages Feature #11531 (Pull Request Review): Show netmap compatible cards in IPS Mode note: Jim Pingle
02:07 AM pfSense Packages Feature #11531: Show netmap compatible cards in IPS Mode note: https://github.com/pfsense/FreeBSD-ports/pull/1090 Viktor Gurov
07:23 AM Bug #12236 (Resolved): IPsec bypass rules display help text under each entry: Looks good now Viktor Gurov
07:21 AM Bug #11999 (Feedback): OpenVPN IPv6 tunnel network is not validated properly: Merged Viktor Gurov
06:45 AM Bug #12202 (Feedback): When a CARP VIP VHID change is synchronized to a secondary node, the CARP VIP is removed from the interface and the old VHIDs remain active: Applied in changeset commit:e7cac36841ba2f1fc9aad65cafe4a77c66bd61ac. Viktor Gurov
05:46 AM Revision c7599055: Parse ARM 32/64 network boot options on Static DHCP Mapping page. Fixes #12216: Viktor Gurov
05:45 AM Revision 126f555e: Do not create disabled IPsec VTI interfaces. Fixes #12212: Viktor G
05:44 AM Revision fdb9dcc9: Fix disabling IPsec PH1 with PH2 VTI on vpn_ipsec_phase1.php page. Issue #12198: Viktor G
05:43 AM Revision 4192ee44: Show all alias references on delete attempt. Fixes #12177: Viktor G
05:38 AM Revision 96270d7c: Router Advertisements fixes. Issue #12173: * Set AdvDNSSLLifetime value to 3*MaxRtrAdvInterval per RFC 8106
* Provide DNS configuration via radvd checkbox fix Viktor G
05:37 AM Revision d1150a0c: Write CRL files only if certificate authentication is used in IPsec. Fixes #12195: Viktor G
03:51 AM Bug #11337: Interface column empty in list of GIF tunnels when using IP Alias on CARP VIP as Interface: Merged Viktor Gurov
03:45 AM Bug #11337 (Feedback): Interface column empty in list of GIF tunnels when using IP Alias on CARP VIP as Interface: Applied in changeset commit:36abc2ad355f157365ce982b349eb5d385a24453. Anonymous
03:33 AM Bug #12168 (Feedback): 1:1 NAT rule with internal IP address of "Any" results in an invalid firewall rule: Please check on the latest snapshot Viktor Gurov
03:33 AM Bug #12168: 1:1 NAT rule with internal IP address of "Any" results in an invalid firewall rule: Merged Viktor Gurov
03:20 AM Bug #12238 (Feedback): OpenVPN client connect/disconnect scripts are not used in Remote Access (SSL/TLS) mode: Applied in changeset commit:d1d8383c74465f5bb8dae6348e4bb0a7060012b3. Viktor Gurov
03:20 AM Bug #12196 (Feedback): IPsec settings fail to apply when a remote gateway is set to an FQDN and there are no DNS servers available: Applied in changeset commit:5ed5f14d7c4e53c3f713c0842553916c1d145542. Anonymous
03:08 AM Bug #12173 (Feedback): IPv6 RA DNSSL lifetime is too short, not compliant with RFC 8106: Merged Viktor Gurov
03:07 AM Bug #12198 (Feedback): Disabling an IPsec phase 1 entry does not disable related phase 2 entries: Merged Viktor Gurov
02:26 AM pfSense Packages Bug #7374 (Closed): Barnyard2 package has incomplete install when installed as Suricata depedency: Barnyard2 has been removed from both the Snort and Suricata packages. Viktor Gurov
12:55 AM Bug #12216 (Feedback): ARM 32/64 network boot options are not parsed on Static DHCP Mapping page: Applied in changeset commit:c7599055449b39a6981809e9fa2ed76f34c53467. Viktor Gurov
12:55 AM Bug #12212 (Feedback): Disabled IPsec VTI interfaces are always created: Applied in changeset commit:126f555e4452147580e424051175b8f48b6a5e05. Anonymous
12:45 AM Bug #12177 (Feedback): When attempting to delete an in-use alias, input validation only prints the first item using the alias in the error message: Applied in changeset commit:4192ee446e862699b42122d8c9d2750a98ff0735. Anonymous
12:45 AM Bug #12195 (Feedback): IPsec writes CRL files when tunnel does not use certificates: Applied in changeset commit:d1150a0c3cb90e871eff9bdddca7e351d4adef90. Anonymous

08/12/2021

10:37 PM pfSense Packages Bug #12251 (Confirmed): Wireguard 0.1.5 - ignores "KeepAlive" parameter if empty (instead of disabling): Restarting the service will work around this in the mean time Christian McDonald
08:21 PM pfSense Packages Bug #12251 (Resolved): Wireguard 0.1.5 - ignores "KeepAlive" parameter if empty (instead of disabling): Wireguard pkg 0.1.5
pfSense+ 21.05.1
If "KeepAlive" is left empty, config is written as 30 seconds.
Descriptio... → luckman212
02:01 PM pfSense Packages Todo #11033 (Closed): Update OpenVPN Client Export with OpenVPN 2.5.0 installer: Make a new issue for a new request. This was done months ago. Jim Pingle
01:58 PM pfSense Packages Todo #11033: Update OpenVPN Client Export with OpenVPN 2.5.0 installer: Updating Subject as we need to update the OpenVPN Client Export package for 2.5.3, as it's currently on 2.5.2. Also ... Kris Phillips
09:26 AM pfSense Docs Todo #12250 (Closed): Feedback on Networking Concepts — Understanding CIDR Subnet Mask Notation: *Page:* https://docs.netgate.com/pfsense/en/latest/network/cidr.html
*Feedback:*
Typo: "255.224.0 0" (note the ... J St Sauver
08:55 AM pfSense Packages Bug #12101: ArpWatch Suppression Mac for "flip-flop" not suppressing: I have updated to version 0.2.0_6 and still are getting flip-flop notifications. I have tried restarting the service ... Shaun Gause
07:45 AM Bug #12249: Long configuration revision reasons can cause AutoConfigBackup upload to fail: The string "-NoReMoTeBaCkUp" can be added to a commit message to prevent it from being synced to ACB. The string is a... Anonymous
06:59 AM Bug #12249 (Feedback): Long configuration revision reasons can cause AutoConfigBackup upload to fail: HAProxy makes changes to config.xml with extremely large commit messages (> 2K chars) This exceeds the capacity of th... Anonymous

08/11/2021

06:24 PM Revision fa13ece8: Fixed missing $ warning: Steve Beaver
03:55 PM Regression #11316: Unbound crashes with signal 11 when reloading: OK that is unrelated to this bug. It is #12095 which can be mitigated by the patch on #11933. Jim Pingle
03:50 PM Regression #11316: Unbound crashes with signal 11 when reloading: Jim Pingle wrote in #note-67:
> If it was a similar crash to the previous issues, you would see the crash in the mai... Akom Benevolent
03:27 PM Regression #11316: Unbound crashes with signal 11 when reloading: If it was a similar crash to the previous issues, you would see the crash in the main system log. You can filter that... Jim Pingle
03:20 PM Regression #11316: Unbound crashes with signal 11 when reloading: Jim Pingle wrote in #note-65:
> That is odd, the log also didn't show a crash, but a clean stop and start. That is a... Akom Benevolent
02:59 PM Regression #11316: Unbound crashes with signal 11 when reloading: That is odd, the log also didn't show a crash, but a clean stop and start. That is also a very old log, maybe you upl... Jim Pingle
02:13 PM Regression #11316: Unbound crashes with signal 11 when reloading: I just had an *unbound 1.12.0* crash on *CE 2.5.2*
It was up for about a month (with 1.13.0 on 2.5.1 it crashed every... Akom Benevolent
03:32 PM Feature #12248 (New): Package Update Availability Notification: Following up with a user's feature request on Reddit (https://www.reddit.com/r/PFSENSE/comments/p1o4fz/notifications_... Adam Cooper
02:55 PM Bug #12241: System Information widget unnecessarily polls data for hidden items: That has always been the case and likely always will be -- just the fact that you're hitting the dashboard and consta... Jim Pingle
02:11 PM Bug #12241: System Information widget unnecessarily polls data for hidden items: But since the System Information widget can't ever be removed -- that means its performance penalty is fixed for the ... B D
02:10 PM Bug #12241: System Information widget unnecessarily polls data for hidden items: That is correct, hiding items does not stop the data from being collected. Hiding a whole widget would, but not speci... Jim Pingle
01:36 PM Bug #12241: System Information widget unnecessarily polls data for hidden items: ... above should be when *all* are *hidden*. B D
01:35 PM Bug #12241: System Information widget unnecessarily polls data for hidden items: Jim,
Thanks for the feedback. Please note that the performance drop occurs even when *all* items (not just pf stat... B D
09:27 AM Bug #12241: System Information widget unnecessarily polls data for hidden items: Watching the dashboard puts a load on the system as it fetches the data used to display the widgets. Some of this is ... Jim Pingle
02:27 PM pfSense Packages Bug #12157 (Feedback): Snort exits with Signal 10 on 32bit ARM platforms: Jim Pingle
01:37 PM pfSense Packages Bug #12157: Snort exits with Signal 10 on 32bit ARM platforms: This should be fixed now as https://cgit.freebsd.org/ports/commit/?id=c2a4ab17ef5e44424f2b2e97e30a2fde437dcd8a hit up... Mateusz Guzik
02:06 PM Feature #12193 (Feedback): AutoConfigBackup performance improvements: Lockfile typo fixed. Anonymous
09:52 AM Feature #12193 (New): AutoConfigBackup performance improvements: Seeing a set of PHP error from these changes:... Jim Pingle
01:21 PM Bug #12247: Viewing an AutoConfigBackup entry takes approximately 60 seconds to completely load: If I attempt to view a backup by clicking on the "view" icon, I should see both the encrypted and decoded config on t... Anonymous
11:44 AM Bug #12247 (Resolved): Viewing an AutoConfigBackup entry takes approximately 60 seconds to completely load: Build: 21.09.a.20210811.0100 - When viewing an ACB backup, the encrypted and decrypted versions of the backup should ... Anonymous
11:39 AM pfSense Packages Feature #12246 (Closed): Load a file into patch textarea: The only way of adding a new patch is to paste patch content on `Patch Contentx` text area. It would be useful to be... Renato Botelho
11:33 AM Bug #6880: Multiple DHCP6 WAN connections leads to multiple dhcp6c clients: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/336 Viktor Gurov
10:48 AM Regression #12069 (Feedback): Panic in ``pfctl`` with large numbers of states: Needs some final testing/confirmation yet now that the other work is done. Jim Pingle
10:07 AM Regression #12069: Panic in ``pfctl`` with large numbers of states: With the introduction of DIOCGETSTATESV2 this problem should probably be considered resolved. Mateusz Guzik
09:57 AM Regression #12228 (Resolved): States table content in GUI is corrupted/invalid on snapshots: Looks good on the latest snapshot: @2.6.0.a.20210811.0500@ with module version @0.72_1@
Jim Pingle
09:39 AM Bug #12244 (Not a Bug): Gateways with "Use non-local gateway" set are added to the local routing table with the gateway's interface MAC with UHS (host) flags even if a remote route through an external gateway is provided by OSPF: Unless I'm misreading something there is no bug here.
If you _manually_ added a gateway and checked the box to say... Jim Pingle
02:31 AM Bug #12244: Gateways with "Use non-local gateway" set are added to the local routing table with the gateway's interface MAC with UHS (host) flags even if a remote route through an external gateway is provided by OSPF: https://redmine.pfsense.org/issues/7380 Looks quite related to this bug. Layla Mah
01:59 AM Bug #12244: Gateways with "Use non-local gateway" set are added to the local routing table with the gateway's interface MAC with UHS (host) flags even if a remote route through an external gateway is provided by OSPF: For reference, manually deleting the erroneous host (USH flags) route via ... Layla Mah
01:54 AM Bug #12244 (Not a Bug): Gateways with "Use non-local gateway" set are added to the local routing table with the gateway's interface MAC with UHS (host) flags even if a remote route through an external gateway is provided by OSPF: This issue: https://redmine.pfsense.org/issues/11433 claims that 2.5.0 regressed things by not adding gateways with "... Layla Mah
09:34 AM Bug #12006 (Duplicate): CARP IP sometimes doesn't apply to CARP member: Reads the same to me. Closing as a duplicate. Can always reopen if we can get more detail that shows it's a unique pr... Jim Pingle
09:06 AM Bug #12006: CARP IP sometimes doesn't apply to CARP member: seems to be related to #12202 Viktor Gurov
09:10 AM Regression #12245: Input validation error in system.php: related to #12000 Viktor Gurov
09:01 AM Regression #12245 (Resolved): Input validation error in system.php: The input validation in system.php incorrectly prevents numeric hostnames in 2.6 and 21.09. For example '3100' or '26... Steve Wheeler
06:19 AM pfSense Packages Bug #12242 (Feedback): rc file is not deleted: PR has been merged. Thanks! Renato Botelho
12:20 AM pfSense Packages Bug #12242: rc file is not deleted: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/115 Viktor Gurov
12:03 AM pfSense Packages Bug #12242 (Resolved): rc file is not deleted: After disabling the Net-SNMP and Net-SNMP trap daemon services, `/usr/local/etc/rc.d/net-snmpd.sh` and `/usr/local/et... Viktor Gurov
06:19 AM pfSense Packages Bug #12240 (Feedback): Syslog-ng does not remove logrotate.conf after disable: PR has been merged. Thanks! Renato Botelho
06:14 AM Bug #9058 (Feedback): Kernel panic during L2TP retransmit: Setting target version since it's now fixed. Thanks! Renato Botelho
06:00 AM Bug #9058: Kernel panic during L2TP retransmit: Glad to hear it is working for you.
The work was sponsored by Netgate, so I suggest you use the money to buy more ... Mateusz Guzik
05:39 AM Bug #9058: Kernel panic during L2TP retransmit: It's been running stable for five days (which is twice the max uptime of the last 30 days), so I'll say it's fixed.
... Bianco Veigel
06:13 AM pfSense Packages Feature #9989 (Rejected): Add FreeBSD port and pfSense plugin for HoneyTrap: After internal discussion we decided to reject adding this to pfSense. This kind of software doesn't belong to a Fir... Renato Botelho
06:09 AM Feature #2358 (New): NAT64 support: Pull Request was closed because code was based on IPFW and we plan to stop using IPFW as soon as possible. Introduci... Renato Botelho
05:32 AM Revision 013cbaaa: Hide pcscd service from the service list if IPsec PKCS11 support is disabled. Todo #11933: Viktor G
05:26 AM Revision 1d7ae980: NTP Server SHA256 authentification support. Implements #12213: Viktor G
05:26 AM Revision 1c334904: Delete OpenVPN related config files for disabled instance. Fixes #12223: Viktor G
05:25 AM Revision 253d6509: Fix ProxyARP/Other VIP network address expansion on Port Forward rules. Issue #12233: Viktor Gurov
05:24 AM Revision 883ea6ab: Increment local port and clear tunnel networks value when restarting the OpenVPN wizard. Fixes #12172: Viktor Gurov
05:18 AM Revision cf40cd17: Support for UEFI HTTP Boot option in DHCP config. Implements #11659: Viktor G
05:17 AM Regression #12234 (Feedback): Wireless Channel/Width Issues with GUI: Merged Viktor Gurov
05:16 AM Revision 647cf03a: Wireless Channel/Width Issues fix. Issue #12234: Viktor Gurov
05:16 AM Regression #12233 (Feedback): VIP network addresses are not expanded on Port Forward rules: Merged Viktor Gurov
05:09 AM Revision 27bbf370: Do not show Gateway duplicates option for IPsec Mobile. Fixes #12197: Viktor G
05:08 AM Revision 1fe2aa3e: Hide console output on system backup restore. Fixes #11909: Viktor G
05:08 AM Revision e6407b22: Group copy button. Implements #12226: Viktor Gurov
05:07 AM Revision 5db7152e: Do not show help text under each IPsec bypass rules entry. Fixes #12236: Viktor Gurov
05:05 AM Revision f4738ad4: OpenVPN Wizard ncp_enable value fix. Issue #12172: Viktor G
03:18 AM Todo #11933 (Feedback): PC/SC Smart Card Daemon ``pcscd`` running on all devices at all times, should be optional: Merged Viktor Gurov
12:52 AM Todo #12176: Hide WireGuard interfaces on appropriate pages: see #12243 Viktor Gurov
12:51 AM Todo #12243 (New): Implement ```plugin_interfaces()```: from https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/309#note_39017:
The package should return an arra... Viktor Gurov
12:35 AM Feature #12213 (Feedback): Support SHA-256 hash NTP authentication: Applied in changeset commit:1d7ae980fb91650b31047578bbe9656dd90f89d0. Anonymous
12:35 AM Bug #12223 (Feedback): Configuration files are not deleted after disabling an OpenVPN instance: Applied in changeset commit:1c3349042bbe2bcb10acaf65bded09c322b056a8. Anonymous
12:30 AM Regression #12172 (Feedback): OpenVPN Wizard configuration missing recently added default values: Applied in changeset commit:883ea6ab4221caef114de98b3b63a5fbd8980fe9. Viktor Gurov
12:25 AM Feature #11659 (Feedback): Support for UEFI HTTP Boot option in DHCPv4 Server: Applied in changeset commit:cf40cd1792595d0122cdd6ce1c4ac6145f38df78. Anonymous
12:25 AM Bug #12197 (Feedback): Mobile IPsec phase 1 should not display "Gateway duplicates" option: Applied in changeset commit:27bbf370b1ac61bfd9db9f2c9ae2e285f136f2f7. Anonymous
12:15 AM Feature #12226 (Feedback): Copy button for group entries in the User Manager: Applied in changeset commit:e6407b2267ee82bff41c429e17ff687cbf584cde. Viktor Gurov
12:15 AM Bug #12236 (Feedback): IPsec bypass rules display help text under each entry: Applied in changeset commit:5db7152ef76b8862230a76112dd03efaf3b35e5a. Viktor Gurov

08/10/2021

09:26 PM Bug #12241 (Resolved): System Information widget unnecessarily polls data for hidden items: Netgate SG-3100
pfSense 21.05.1 (observed under 2.4.5p1 too)
If I am not logged into the Web GUI and specifically... B D
07:56 PM Revision d0c3ee6a: Snort: Enable COREDUMPS option: (cherry picked from commit 4e7641271c27cf394e6e2bea278098ed6f0e22b7) Renato Botelho
07:56 PM Revision 4e764127: Snort: Enable COREDUMPS option: Renato Botelho
06:37 PM Revision 8d4fcd7a: Clean up some messy HTML in the cert/ca display code. Prep for future MVC changes.: Steve Beaver
04:51 PM Revision c7839f15: Wireless EAP client option fix. Issue #12239: Viktor Gurov
04:43 PM Bug #12105 (Feedback): Packages are not automatically reinstalled when restoring configuration using the installer: Fix pushed and will be present on next round of snapshots
Commit on FreeBSD-src: f5eb50394ce6 Renato Botelho
04:22 PM Todo #12171 (Feedback): Upgrade to ``pkg`` 1.17.x: pkg 1.17.1 is running fine on 2.6.0 and 21.09 Renato Botelho
03:35 PM Bug #9058: Kernel panic during L2TP retransmit: I removed debug printfs so updating to upcoming snapshot should stop the spam. I'll wait for your final confirmation ... Mateusz Guzik
02:01 PM Revision d91c2317: Merge pull request #4535 from luftegrof/bug12174: Renato Botelho
02:00 PM Revision a6296852: Merge pull request #4512 from jvandervyver/master: Renato Botelho
02:00 PM Revision 7f0ad465: Merge pull request #4530 from Alexilmarranen/master: Renato Botelho
02:00 PM Revision 07fbed96: Merge pull request #4534 from Uglymotha/master: Renato Botelho
02:00 PM Revision 16ff593a: Merge pull request #4533 from seyfidin/patch-1: Renato Botelho
12:47 PM Bug #12095: Memory leak in pcscd: Just registered to report the same issue. I have never used smart cards or IPSec tunnels and today I noticed all swap... Alexander Arques
11:55 AM Regression #12239 (Feedback): Interfaces page does not show Wireless EAP client options: Merged
Viktor Gurov
07:37 AM Regression #12239 (Pull Request Review): Interfaces page does not show Wireless EAP client options: Jim Pingle
06:35 AM Regression #12239: Interfaces page does not show Wireless EAP client options: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/335 Viktor Gurov
05:55 AM Regression #12239 (Resolved): Interfaces page does not show Wireless EAP client options: It only shows "EAP Client Mode" and "Certificate Authority" but not other PEAP/TLS/TTLS EAP options Viktor Gurov
10:55 AM pfSense Packages Feature #11210: 3rd party rulesets: Tested fine here. Only issue I see is the @Delete@ button will remove the @Check MD5@ label as well. Also, when addin... Marcos M
09:16 AM pfSense Packages Feature #11210 (Feedback): 3rd party rulesets: PR has been merged. Thanks! Renato Botelho
10:46 AM Regression #12228 (Feedback): States table content in GUI is corrupted/invalid on snapshots: I've triggered the build to update all poudriere jails for both CE and Plus. I also bump PORTREVISION of PHP module ... Renato Botelho
09:05 AM Regression #12228: States table content in GUI is corrupted/invalid on snapshots: One of the commits changed the size of struct pf_state.
It should be sufficient to make sure the php module is rec... Mateusz Guzik
10:36 AM Bug #11852: State table content on ``diag_dump_states.php`` does not sort properly: JohnPoz _ wrote in #note-9:
> I thought this might of been included with 21.05.1 - guess not I just checked and stil... Jim Pingle
10:32 AM Bug #11852: State table content on ``diag_dump_states.php`` does not sort properly: I thought this might of been included with 21.05.1 - guess not I just checked and still doesn't sort... Will wait til... JohnPoz _
09:39 AM pfSense Packages Bug #12240: Syslog-ng does not remove logrotate.conf after disable: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/113 Viktor Gurov
09:23 AM pfSense Packages Bug #12240 (Resolved): Syslog-ng does not remove logrotate.conf after disable: @/usr/local/etc/logrotate.conf@ still exists after disabling Syslog-ng Viktor Gurov
09:25 AM pfSense Packages Bug #12153 (Feedback): Incorrect Outgoing Network Interface on clean install: PR has been merged. Thanks! Renato Botelho
09:25 AM pfSense Packages Bug #12167 (Feedback): BGP TCP setkey not set if neighbor is in peer group: PR has been merged. Thanks! Renato Botelho
09:23 AM pfSense Packages Bug #12204 (Feedback): Certificate Manager page doesn't show Syslog-NG used certificates: PR has been merged. Thanks! Renato Botelho
09:18 AM pfSense Packages Bug #12101 (Feedback): ArpWatch Suppression Mac for "flip-flop" not suppressing: PR has been merged. Thanks! Renato Botelho
09:16 AM pfSense Packages Bug #7039 (Feedback): HAProxy backend configuration does not handle intermediate CAs properly: PR has been merged. Thanks! Renato Botelho
09:02 AM Bug #12159 (Feedback): "Default preferred lifetime" router advertisement validation check uses incorrect variable: PR has been merged. Thanks! Renato Botelho
09:02 AM Bug #12164 (Feedback): IPv6 policy routing does not work if an IPsec tunnel phase 2 remote network is configured for ``::/0``: PR has been merged. Thanks! Renato Botelho
09:01 AM Feature #12109 (Feedback): Option to suppress expiration notifications for revoked certificates: PR has been merged. Thanks! Renato Botelho
09:01 AM Feature #12194 (Feedback): Support Check IP services which return bare IP address values: PR has been merged. Thanks! Renato Botelho
09:01 AM Bug #12174 (Feedback): Firewall rule tabs load slowly when many rules on the tab utilize gateways: PR has been merged. Thanks! Renato Botelho
07:36 AM Regression #12234 (Pull Request Review): Wireless Channel/Width Issues with GUI: Jim Pingle
05:51 AM Regression #12234: Wireless Channel/Width Issues with GUI: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/334 Viktor Gurov
07:34 AM Bug #12238 (Pull Request Review): OpenVPN client connect/disconnect scripts are not used in Remote Access (SSL/TLS) mode: Jim Pingle
03:45 AM Bug #12238: OpenVPN client connect/disconnect scripts are not used in Remote Access (SSL/TLS) mode: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/333 Viktor Gurov
03:34 AM Bug #12238 (Resolved): OpenVPN client connect/disconnect scripts are not used in Remote Access (SSL/TLS) mode: If the "Remote Access (SSL/TLS)" server mode is selected,
The resulting openvpn config file doesn't contain client-... Viktor Gurov
07:29 AM Bug #12236 (Pull Request Review): IPsec bypass rules display help text under each entry: Jim Pingle
12:06 AM Bug #12236: IPsec bypass rules display help text under each entry: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/331 Viktor Gurov
12:00 AM Bug #12236 (Resolved): IPsec bypass rules display help text under each entry: IPsec bypass rules display help text under each entry
see the screenshot Viktor Gurov
07:28 AM Regression #12233 (Pull Request Review): VIP network addresses are not expanded on Port Forward rules: Jim Pingle
03:35 AM Feature #11935: Log external IP address of OpenVPN clients on connect and disconnect: Jim Pingle wrote in #note-9:
> Alhusein Zawi wrote:
> > IP address is not added to openvpn log yet
>
> Where did... Viktor Gurov
03:13 AM pfSense Docs New Content #12237 (Duplicate): Add information on ``ifqmaxlen`` to Hardware Tuning and Troubleshooting: *Page:* https://docs.netgate.com/pfsense/en/latest/hardware/tune.html
*Feedback:*
Need to add optimization of i... Viktor Gurov
03:10 AM pfSense Docs New Content #10311: Default net.link.ifqmaxlen value leads to packet loss under load in OpenVPN: This is a really useful tweak, we have to add it to https://docs.netgate.com/pfsense/en/latest/hardware/tune.html Viktor Gurov
02:27 AM Regression #12172: OpenVPN Wizard configuration missing recently added default values: Marcos Mendoza wrote in #note-4:
>
> Resulting @config.xml@ is correct. After repeating steps (reusing created CA ... Viktor Gurov

08/09/2021

11:54 PM Regression #12233: VIP network addresses are not expanded on Port Forward rules: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/330 Viktor Gurov
07:41 AM Regression #12233 (Confirmed): VIP network addresses are not expanded on Port Forward rules: Jim Pingle
07:12 PM Revision ffcf19c6: Register current pkg_set_version: On pfSense-base post-install script, register current pkg_set_version as
the same of /etc/version Renato Botelho
07:12 PM Revision 1d5cbd11: Set PFSENSE_PKG_SET_VERSION to PRODUCT_VERSION: This is going to be used by pfSense-upgrade port to set pkg_set_version
based on PRODUCT_VERSION Renato Botelho
07:12 PM Revision 6bfe7f67: Allow %%PRODUCT_VERSION%% to be used on make.conf: Renato Botelho
06:32 PM Feature #4632: Support for Multipath TCP (MPTCP): Jim Thompson wrote in #note-6:
> when it's in FreeBSD.
Since my 2011 bounty for adding IPv6 support to pfSense <h... Lucky Green
06:07 PM Regression #11787: Thermal sensors widget no longer shows values from certain hardware: Hello, I just tried this on a Chelsio T6 card. I can get the temp ("dev.t6nex.0.temperature") for the card at the com... Michael Smith
05:56 PM pfSense Packages Feature #11210: 3rd party rulesets: https://github.com/pfsense/FreeBSD-ports/pull/1089 Viktor Gurov
03:30 PM Todo #12235 (Feedback): ``pfSense-upgrade`` should reinstall all packages on new version upgrades: Implemented on pfSense-upgrade 1.0_2 Renato Botelho
03:30 PM Todo #12235 (Resolved): ``pfSense-upgrade`` should reinstall all packages on new version upgrades: Today pfSense rely only on pkg to detect what must or not be upgraded. Sometimes a package is rebuilt using the same... Renato Botelho
02:15 PM Revision 6c3bfb73: OpenVPN status f/tap+empty tunnel net Fixes #12232: Jim Pingle
10:40 AM Regression #12234 (Resolved): Wireless Channel/Width Issues with GUI: As seen below this was introduced in the update after the July 19th snapshot that was released. The wireless list has... Nick K
09:25 AM Bug #12232 (Feedback): OpenVPN status incorrect for TAP servers without a defined tunnel network: Applied in changeset commit:6c3bfb7322105ea0ab6f0fa30a8f63787afbb76e. Jim Pingle
09:20 AM Bug #12232: OpenVPN status incorrect for TAP servers without a defined tunnel network: When in tap mode with an empty tunnel network, OpenVPN puts the tunnel into "point-to-point" mode which behaves like ... Jim Pingle
08:30 AM Bug #12232 (Confirmed): OpenVPN status incorrect for TAP servers without a defined tunnel network: I can reproduce it here using the settings from the XML file already attached on the issue.
Client shows connected... Jim Pingle
08:12 AM pfSense Packages Bug #11965 (Resolved): Avahi service started twice by /etc/rc.start_package: Jim Pingle
07:53 AM pfSense Packages Bug #11965: Avahi service started twice by /etc/rc.start_package: Solved. Thanks for looking into it. Steve Harrington
08:11 AM pfSense Plus Bug #11466 (Confirmed): PHP exits with signal 11 on SG-3100 when calling PCRE functions: The overall problem is still not solved. 21.05.1 shipped with JIT disabled, but JIT is enabled on 21.09 for testing.
... Jim Pingle
07:33 AM Feature #12181 (Resolved): Add connect/disconnect buttons to IPsec dashboard widget: Jim Pingle
07:32 AM Bug #11187 (Closed): WAN_DHCP6 down, but IPv6 actually works: Jim Pingle
07:32 AM Bug #11187: WAN_DHCP6 down, but IPv6 actually works: Darin May wrote in #note-13:
> I've been wondering is there should be two default gateways, once for each IPv4 and I... Jim Pingle

08/08/2021

06:29 PM Regression #12172: OpenVPN Wizard configuration missing recently added default values: Note, the decoded TLS key is the same, only the xml contains different encoded text.
I can reproduce the issue des... Marcos M
05:58 PM Bug #12168 (Resolved): 1:1 NAT rule with internal IP address of "Any" results in an invalid firewall rule: Rule created correctly:
@binat on vmx0 inet from any to any -> 10.0.5.201@
Tested on:
21.09-DEVELOPMENT (amd64)
buil... Marcos M
05:47 PM Bug #11909 (Resolved): Output from reboot process is printed on Backup & Restore page when restoring a configuration file: Output no longer shown on page.
Tested on:
21.09-DEVELOPMENT (amd64)
built on Sun Aug 08 01:12:39 EDT 2021 Marcos M
04:12 PM Regression #12233 (Resolved): VIP network addresses are not expanded on Port Forward rules: On 2.4.5p1, it was possible to select an auto-expanded IP derived from VIP network expansion. On the latest stable an... Marcos M
01:56 PM Bug #9058: Kernel panic during L2TP retransmit: It was clear to me, that those messages are only for debugging - I was concerned, that the timer is still running for... Bianco Veigel
09:15 AM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: Kris Phillips wrote in #note-57:
> Did we end up with PCRE JIT disabled still in 21.05.1 or was the disabled JIT com... Marcos M

08/07/2021

08:52 PM pfSense Packages Bug #12157 (Confirmed): Snort exits with Signal 10 on 32bit ARM platforms: I've confirmed this behavior on an SG-3100 on 21.05.1 once we fixed the Signal 11 issue in the above-linked redmine. ... Kris Phillips
08:47 PM Bug #12232: OpenVPN status incorrect for TAP servers without a defined tunnel network: I'm not able to reproduce this bug on 21.05.1. This may be a CE-only issue as I can see a status page in TAP mode on... Kris Phillips
02:29 PM Bug #12232 (Resolved): OpenVPN status incorrect for TAP servers without a defined tunnel network: Creating an OpenVPN server TAP mode without specifying the IPv4 Tunnel Network will result in the Status>OpenVPN page... Max Leighton
08:32 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: Did we end up with PCRE JIT disabled still in 21.05.1 or was the disabled JIT component re-enabled with the new build... Kris Phillips
03:48 PM Feature #12181: Add connect/disconnect buttons to IPsec dashboard widget: added
2.6.0.a.20210806.0100
Alhusein Zawi
03:30 PM pfSense Packages Bug #11627 (Resolved): rc file is not deleted: Tested with arpwatch 0.2.0_5.
/usr/local/etc/rc.d/arpwatch.sh is removed after disabling the service. Marking the... Max Leighton
02:41 PM Revision fbf4a07f: Correct syntax. Fixes #12229: Jim Pingle
02:32 PM Bug #11187: WAN_DHCP6 down, but IPv6 actually works: I've been wondering is there should be two default gateways, once for each IPv4 and IPv6. I only see default marked ... Loh Phat
02:25 PM Bug #11187: WAN_DHCP6 down, but IPv6 actually works: Looks like it doesn't happen with 2.5.2 anymore (gateway still online after 31d of uptime) Aleksandr Mezin
01:51 PM Regression #12186 (Resolved): <br> tags shown in Status>IPsec: Tested in
21.09-DEVELOPMENT (amd64)
built on Fri Aug 06 01:12:10 EDT 2021
FreeBSD 12.2-STABLE
Looks good. Ma... Max Leighton
01:30 PM Bug #12231 (Duplicate): Upgrade to latest Dev Build results in broken install: Duplicate of #12229 Jim Pingle
01:13 PM Bug #12231 (Duplicate): Upgrade to latest Dev Build results in broken install: Upgrading to 2.6.0.a.20210807.0500 or 21.09.a.20210807.0500 is resulting in the following after the upgrade completes... Max Leighton
10:04 AM Bug #9058: Kernel panic during L2TP retransmit: All the messages will be removed soon. They are only there right now to confirm the problem condition is being exerci... Mateusz Guzik
06:08 AM Bug #9058: Kernel panic during L2TP retransmit: Now I'm getting the following message every minute:... Bianco Veigel
06:01 AM Bug #9058: Kernel panic during L2TP retransmit: Mateusz Guzik wrote in #note-35:
> Hi Bianco,
>
> did you get the chance to test the fix?
>
> If you check dme... Bianco Veigel
09:50 AM Regression #12229: Revision 0d3747aa - missing semicolons: Applied in changeset commit:fbf4a07f41f93745850adf5a3b1ea345628693ab. Jim Pingle
09:43 AM Regression #12229 (Feedback): Revision 0d3747aa - missing semicolons: Pushed a fix Jim Pingle
05:56 AM Regression #12229 (Resolved): Revision 0d3747aa - missing semicolons: A couple missing semicolons after return statements in system.inc Steve Harrington
09:42 AM Bug #12230 (Duplicate): Fatal parse error in 2.6.0.a.20210807.0500 breaks boot: Duplicate of #12229 Jim Pingle
07:11 AM Bug #12230 (Duplicate): Fatal parse error in 2.6.0.a.20210807.0500 breaks boot: "Parse error: syntax error, unexpected '}', expecting ';' in /etc/inc/system.inc on line 1671" error causes 2.6.0.a.2... RED SKULL

08/06/2021

11:54 PM pfSense Packages Bug #12088 (Resolved): Setting Advertise Capability to ORF leads to invalid configuration preventing frr from starting: Working well. Marking as resolved. Marcos M
05:07 PM Bug #12095: Memory leak in pcscd: I haven't run into this issue before but just today I noticed swap usage at 100% and memory was very high, turns out ... Sean M
04:24 PM Bug #9058: Kernel panic during L2TP retransmit: Sounds good, thanks for the update! Mateusz Guzik
04:18 PM Bug #9058: Kernel panic during L2TP retransmit: I've updated to 2.6.0-DEVELOPMENT (amd64) built on Fri Aug 06 01:10:08 EDT 2021 this evening, and am waiting if it cr... Bianco Veigel
04:15 PM Bug #9058: Kernel panic during L2TP retransmit: Hi Bianco,
did you get the chance to test the fix?
If you check dmesg and see messages like these:... Mateusz Guzik
03:40 PM Revision 0d3747aa: Improve NTP serial port validation. Fixes #12191: Jim Pingle
03:01 PM Regression #11910: IPsec status tunnel descriptions are incorrect: > That should be fixed along with everything else in snapshots. Try it there.
Confirmed! 21.09.a.20210806.0100 f... Charles Hamilton
01:26 PM Bug #12202 (Pull Request Review): When a CARP VIP VHID change is synchronized to a secondary node, the CARP VIP is removed from the interface and the old VHIDs remain active: Jim Pingle
01:04 PM Bug #12202: When a CARP VIP VHID change is synchronized to a secondary node, the CARP VIP is removed from the interface and the old VHIDs remain active: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/329 Viktor Gurov
11:45 AM Regression #12228: States table content in GUI is corrupted/invalid on snapshots: Plus snapshot: 21.09.a.20210806.0500
CE snapshot: 2.6.0.a.20210806.0500 Jim Pingle
11:41 AM Regression #12228 (Resolved): States table content in GUI is corrupted/invalid on snapshots: On current Plus 21.09 and CE 2.6.0 snapshots @diag_dump_states.php@ contains invalid data (see attached image).
Th... Jim Pingle
10:08 AM pfSense Packages Bug #12220 (Rejected): BIND package missing in 2.6.0-DEVELOPMENT: The package is present on current snapshots. You have some issue locally on your firewall. This site is not for suppo... Jim Pingle
10:01 AM Bug #12227 (Pull Request Review): Changing VHID on CARP VIP does not update VHID of related IP Alias VIPs: Jim Pingle
09:28 AM Bug #12227: Changing VHID on CARP VIP does not update VHID of related IP Alias VIPs: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/328 Viktor Gurov
07:59 AM Bug #12227 (Resolved): Changing VHID on CARP VIP does not update VHID of related IP Alias VIPs: 192.168.88.44 - CARP VIP (VHID: 1)
192.168.88.45 - IP Alias on CARP VIP:... Viktor Gurov
08:05 AM Feature #12226 (Pull Request Review): Copy button for group entries in the User Manager: Jim Pingle
05:28 AM Feature #12226: Copy button for group entries in the User Manager: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/327 Viktor Gurov
05:20 AM Feature #12226 (Resolved): Copy button for group entries in the User Manager: It would be very helpful to have a "Copy group" icon on system_groupmanager.php page to manage groups with a large nu... Viktor Gurov
07:59 AM Bug #12225 (Pull Request Review): Group membership field is not needed for remote groups: Jim Pingle
05:04 AM Bug #12225: Group membership field is not needed for remote groups: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/326 Viktor Gurov
04:33 AM Bug #12225 (Rejected): Group membership field is not needed for remote groups: The "Group Membership" field on the system_groupmanager.php page is not needed if Scope = Remote
It can be confusing... Viktor Gurov
07:56 AM Bug #12224 (Pull Request Review): OpenVPN page allows to delete/disable instance with an assigned interface: Jim Pingle
03:54 AM Bug #12224: OpenVPN page allows to delete/disable instance with an assigned interface: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/325 Viktor Gurov
03:17 AM Bug #12224 (Resolved): OpenVPN page allows to delete/disable instance with an assigned interface: OpenVPN page allows to delete/disable an instance with an assigned interface
which leads to the wrong interface assi... Viktor Gurov
07:38 AM Bug #11891 (Pull Request Review): strongSwan configuration contains incorrect structure for mobile pool DNS records: Jim Pingle
01:42 AM Bug #11891: strongSwan configuration contains incorrect structure for mobile pool DNS records: Jim Pingle wrote in #note-6:
> Reverted RADIUS-specific parts of the change here for now, it was causing the configur... Viktor Gurov
07:36 AM Bug #12223 (Pull Request Review): Configuration files are not deleted after disabling an OpenVPN instance: Jim Pingle
01:37 AM Bug #12223: Configuration files are not deleted after disabling an OpenVPN instance: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/324 Viktor Gurov
12:52 AM Bug #12223 (Resolved): Configuration files are not deleted after disabling an OpenVPN instance: After setting "Disable this server" checkbox files under @/var/etc/openvpn/server|clientX/@ are not deleted Viktor Gurov
07:35 AM Bug #11999 (Pull Request Review): OpenVPN IPv6 tunnel network is not validated properly: Jim Pingle
01:21 AM Bug #11999: OpenVPN IPv6 tunnel network is not validated properly: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/323 Viktor Gurov
07:18 AM pfSense Packages Bug #11780: Suricata package fails to prune suricata.log: related discussion:
https://forum.netgate.com/topic/165352/suricata-log-rotation-bug Viktor Gurov
12:40 AM Feature #12222 (Rejected): OpenVPN with LDAP active directory auth with Two factor authentication: This should be implemented on the backend side, but not on the appliance.
For example, you can already use a RADIU... Viktor Gurov
12:32 AM Feature #12222 (Rejected): OpenVPN with LDAP active directory auth with Two factor authentication: Hi, it would be very useful to add two factor functionality (google authenticator for example) for OpenVPN with activ... Franz Angeli

08/05/2021

10:05 PM Revision 868c1a67: Init [''system']['acb']: Steve Beaver
06:03 PM Revision 3f818d8a: OpenVPN GUI field adjustments. Implements #12218: * Move description to the top of the page
* For clients and servers, show the ID and corresponding interface name
* S... Jim Pingle
04:14 PM pfSense Packages Bug #12220 (Rejected): BIND package missing in 2.6.0-DEVELOPMENT: After upgrading to 2.6.0-DEVELOPMENT there is no BIND package anymore. Bianco Veigel
03:45 PM Revision a7705968: IPsec Keep Alive corrections. Fixes #12169: * Checked CARP VIP status if used by P1, if VIP is in BACKUP or INIT
state, it does not attempt to initiate.
* Disabl... Jim Pingle
03:19 PM Regression #11986 (Resolved): Static routes may not be in routing table when expected: As noted above, this was worked around for now by reverting the commits from #11296 but I'm changing this one slightl... Jim Pingle
02:11 PM pfSense Packages Bug #12101 (Pull Request Review): ArpWatch Suppression Mac for "flip-flop" not suppressing: Jim Pingle
11:45 AM pfSense Packages Bug #12101: ArpWatch Suppression Mac for "flip-flop" not suppressing: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/112 Viktor Gurov
01:47 PM Feature #12190: Ability to use an IPv6 prefix in firewall rules: I see alias addresses in FW rules are stored as $alias_name when resolved by filter_generate_address(). Can someone ... Greg Wallace
01:10 PM Todo #12218 (Feedback): Move "Description" option on OpenVPN server and client pages to top of the page, show internal instance ID: Applied in changeset commit:3f818d8a52dc965cb48e367cd1f22542b6058c0c. Jim Pingle
11:35 AM Todo #12218 (In Progress): Move "Description" option on OpenVPN server and client pages to top of the page, show internal instance ID: Jim Pingle
09:50 AM Todo #12218 (Resolved): Move "Description" option on OpenVPN server and client pages to top of the page, show internal instance ID: More logical to have the description be first to easily identify the tunnel at a glance.
Also, show the internal I... Jim Pingle
10:58 AM Regression #12215 (Feedback): OpenVPN does not resync when running on a gateway group: Unable to reproduce on 2.6.0.a.20210805.0500 -
OpenVPN with gwgroup successfully resync on gateway failure/restore
... Viktor Gurov
05:06 AM Regression #12215 (Closed): OpenVPN does not resync when running on a gateway group: Hi all,
It seems that quite a bit of the codebase has changed in the relevant files since the fix I implemented in... James Webb
10:55 AM Feature #12169 (Feedback): IPsec keep alive option to initiate phase 2 without using ICMP: Applied in changeset commit:a7705968eac0b3d21739d88736610aed4785426d. Jim Pingle
10:54 AM pfSense Packages Regression #12125 (Resolved): squidguard 1.16.18_19 conguration error: PR merged. Jim Pingle
10:49 AM pfSense Packages Regression #12125 (Feedback): squidguard 1.16.18_19 conguration error: Merged Viktor Gurov
07:58 AM pfSense Packages Regression #12125 (Pull Request Review): squidguard 1.16.18_19 conguration error: Jim Pingle
04:34 AM pfSense Packages Regression #12125: squidguard 1.16.18_19 conguration error: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/111 Viktor Gurov
10:19 AM Bug #12219 (Resolved): Prevent using OpenVPN "Inactive" option with point-to-point modes: By default on current versions we set the OpenVPN server option Inactive to 300 (See #11699) but this should only be ... Jim Pingle
09:44 AM Regression #12217: Kernel panic in IPFW when using Captive Portal: Attaching textdump from test VM without CARP. Jim Pingle
09:37 AM Regression #12217: Kernel panic in IPFW when using Captive Portal: Removing CARP from the subject since it doesn't appear to be a requirement to reproduce. Jim Pingle
09:26 AM Regression #12217: Kernel panic in IPFW when using Captive Portal: This is actually easier to reproduce than I thought. If I take a fresh install of pfSense CE on a current snapshot (2... Jim Pingle
09:17 AM Regression #12217 (Resolved): Kernel panic in IPFW when using Captive Portal: Starting around the 2.6.0 snapshot on August 3rd (20210803*), a VM configured for HA with Captive Portal experiences ... Jim Pingle
09:39 AM Bug #12039 (Pull Request Review): Gateway alarm always triggers IPsec restart: Jim Pingle
09:21 AM Bug #12216 (Pull Request Review): ARM 32/64 network boot options are not parsed on Static DHCP Mapping page: Jim Pingle
09:13 AM Bug #12216: ARM 32/64 network boot options are not parsed on Static DHCP Mapping page: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/322 Viktor Gurov
08:33 AM Bug #12216 (Resolved): ARM 32/64 network boot options are not parsed on Static DHCP Mapping page: Saved entries "32-bit ARM file name" and "64-bit ARM file name" are not displayed on page refresh
and do not affect ... Viktor Gurov
08:15 AM Feature #11659 (Pull Request Review): Support for UEFI HTTP Boot option in DHCPv4 Server: Jim Pingle
08:14 AM Feature #11659: Support for UEFI HTTP Boot option in DHCPv4 Server: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/321 Viktor Gurov
07:57 AM pfSense Packages Bug #12204 (Pull Request Review): Certificate Manager page doesn't show Syslog-NG used certificates: Jim Pingle
02:35 AM pfSense Packages Bug #12204: Certificate Manager page doesn't show Syslog-NG used certificates: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/110 Viktor Gurov
07:55 AM Feature #12213 (Pull Request Review): Support SHA-256 hash NTP authentication: Jim Pingle
01:44 AM Feature #12213: Support SHA-256 hash NTP authentication: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/320 Viktor Gurov
01:18 AM Feature #12213 (Resolved): Support SHA-256 hash NTP authentication: Many vendors also support SHA256 NTP authentification:
Juniper - MD5, SHA1, SHA256
Huawei - MD5, SHA256
Palo Alto ... Viktor Gurov
07:49 AM Bug #12212 (Pull Request Review): Disabled IPsec VTI interfaces are always created: Jim Pingle
01:10 AM Bug #12212: Disabled IPsec VTI interfaces are always created: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/319 Viktor Gurov
01:08 AM Bug #12212 (Resolved): Disabled IPsec VTI interfaces are always created: Regardless of the enable/disable checkbox IPsec PH2 VTIs are always created (see ifconfig output) Viktor Gurov
07:34 AM Bug #12211 (Feedback): Email Notifications not working with Special Characters in Password: Mail is sent using the PHP Pear Mail library which in turn uses PHP Pear Net_SMTP to handle the SMTP connection inclu... Jim Pingle
07:16 AM Bug #9058: Kernel panic during L2TP retransmit: Bianco Veigel wrote in #note-33:
> I've upgraded to 2.6.0-DEVELOPMENT built on Wed Aug 04 01:14:35 EDT 2021 and it c... Renato Botelho
02:35 AM Bug #9058: Kernel panic during L2TP retransmit: I've upgraded to 2.6.0-DEVELOPMENT built on Wed Aug 04 01:14:35 EDT 2021 and it crashed again. The crash dumps are at... Bianco Veigel
05:54 AM Bug #6370 (Confirmed): IPSEC bound to WAN gateway group and Dynamic DNS doesn't to fail back tunnel to WAN on DDNS update: I see the same issue on 21.05 Viktor Gurov
04:39 AM pfSense Docs Todo #12214 (New): Inconsistent usage of GUI/WebGUI/webConfigurator: The GUI is talked about in earlier pages of the documentation as being known as WebGUI
The page detailing "Connect... David Boo
01:20 AM Feature #8794: NTP authentication support: Ansley Barnes wrote in #note-10:
> Is it possible to add the option for SHA256 authentication? The underlying NTPd v... Viktor Gurov

08/04/2021

09:15 PM Revision 6bdf2d74: Increase the number of logs we are keeping: Brad Davis
08:58 PM Bug #12211 (Closed): Email Notifications not working with Special Characters in Password: I have tested this and confirmed with two different gmail accouts.
an account has a ! is password. This account fa... mr rosh
08:41 PM Revision 65fc53d1: Remove a trailing \r that prevents s3 rm from working: Brad Davis
07:42 PM Revision 0ef74a74: missing space in function parameters: lufte grof
07:25 PM Revision a70d6132: Use the cached gateways_status in gateway_info_popup() call: lufte grof
07:13 PM Revision f8993f22: Inline presentation instead of print/echo in PHP: lufte grof
05:29 PM Revision dafe25ea: Ensure ACB config section exists: Steve Beaver
05:25 PM Revision 1dd1832f: Install ACB cron job on upgrade: Steve Beaver
05:10 PM Revision b7ab1742: Set the output format to avoid \r on line endings preventing log files from being deleted: Brad Davis
02:40 PM Bug #11843 (Closed): Potential XSS vulnerability in Captive Portal ``redirurl`` handling: I can no longer reproduce the problem on 2.6.0 or 21.05.1. Jim Pingle
12:32 PM Feature #12193: AutoConfigBackup performance improvements: ACB cron job is now installed on config upgrade if ACB is enabled. Anonymous
11:55 AM pfSense Plus Bug #12200: 32-bit ARM performance regression: Formatting / updating subject for release notes. Jim Pingle
10:25 AM pfSense Plus Bug #12200 (Resolved): 32-bit ARM performance regression: Scott Long
10:25 AM pfSense Plus Bug #12200 (Resolved): 32-bit ARM performance regression: Based on reports from users and from internal testing, we determined that there was a performance regression on the S... Scott Long
11:50 AM pfSense Packages Bug #12206 (Resolved): Certificate Manager page doesn't show Net-SNMP used certificates: On the system_certmanager.php page, you can see the "In Use" column which reflects the certificates used by IPsec/Ope... Viktor Gurov
11:48 AM pfSense Packages Bug #12205 (Resolved): Certificate Manager page doesn't show Squid used certificates: On the system_certmanager.php page, you can see the "In Use" column which reflects the certificates used by IPsec/Ope... Viktor Gurov
11:47 AM pfSense Packages Bug #12204 (Resolved): Certificate Manager page doesn't show Syslog-NG used certificates: On the system_certmanager.php page, you can see the "In Use" column which reflects the certificates used by IPsec/Ope... Viktor Gurov
11:43 AM pfSense Docs Todo #12203 (Rejected): Feedback on Releases — 21.05 New Features and Changes: That isn't widespread enough to warrant giving it that kind of attention and it is not a recent regression.
None o... Jim Pingle
11:39 AM pfSense Docs Todo #12203 (Rejected): Feedback on Releases — 21.05 New Features and Changes: *Page:* https://docs.netgate.com/pfsense/en/latest/releases/21-05.html
*Feedback:*
Add info about #11545 regres... Viktor Gurov
11:10 AM Bug #12198 (Pull Request Review): Disabling an IPsec phase 1 entry does not disable related phase 2 entries: Jim Pingle
11:07 AM Bug #12198: Disabling an IPsec phase 1 entry does not disable related phase 2 entries: Jim Pingle wrote in #note-2:
> IMO, the P2s should not get their own disabled flag set in this case. The code should... Viktor Gurov
09:52 AM Bug #12198: Disabling an IPsec phase 1 entry does not disable related phase 2 entries: IMO, the P2s should not get their own disabled flag set in this case. The code should assume they are disabled if the... Jim Pingle
08:42 AM Bug #12198 (Resolved): Disabling an IPsec phase 1 entry does not disable related phase 2 entries: How to reproduce:
1) Create IPsec PH1 with several PH2 VTI entries
2) Toggle "disable" button on the vpn_ipsec.php ... Viktor Gurov
11:08 AM Bug #11909 (Pull Request Review): Output from reboot process is printed on Backup & Restore page when restoring a configuration file: Jim Pingle
10:16 AM Bug #11909: Output from reboot process is printed on Backup & Restore page when restoring a configuration file: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/317 Viktor Gurov
11:07 AM Bug #12202 (Resolved): When a CARP VIP VHID change is synchronized to a secondary node, the CARP VIP is removed from the interface and the old VHIDs remain active: Set up a CARP VIP between two nodes.
Primary:... Chris Linstruth
10:30 AM pfSense Plus Todo #12201 (Closed): Native hardware package builds for 32-bit ARM: Adding for tracking purposes, this is already complete.
Items from the packages repository included in base and as... Jim Pingle
09:58 AM Feature #11750 (Pull Request Review): Support for network interfaces using the ``qlnxe`` driver: Jim Pingle
09:44 AM Feature #11750: Support for network interfaces using the ``qlnxe`` driver: module support:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/316 Viktor Gurov
09:53 AM Bug #12199 (Not a Bug): ipsec pre-shared keys are stored in cleartext: https://docs.netgate.com/pfsense/en/latest/backup/password-security.html Jim Pingle
09:49 AM Bug #12199 (Not a Bug): ipsec pre-shared keys are stored in cleartext: If one adds a pre-shared key via VPN -> IPSec -> Pre-Shared Keys, these keys are visible and stored in cleartext.
Pl... Stefan Bauer
08:10 AM Feature #12194 (Pull Request Review): Support Check IP services which return bare IP address values: Jim Pingle
12:14 AM Feature #12194: Support Check IP services which return bare IP address values: https://github.com/pfsense/pfsense/pull/4512 Viktor Gurov
12:14 AM Feature #12194 (Resolved): Support Check IP services which return bare IP address values: I wanted to be able to use Check IP Services other than DynDNS.
Most Check IP Services respond only with an IP.
f... Viktor Gurov
08:09 AM Bug #12197 (Pull Request Review): Mobile IPsec phase 1 should not display "Gateway duplicates" option: Jim Pingle
05:56 AM Bug #12197: Mobile IPsec phase 1 should not display "Gateway duplicates" option: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/315 Viktor Gurov
04:54 AM Bug #12197 (Resolved): Mobile IPsec phase 1 should not display "Gateway duplicates" option: There is no need in "Gateway duplicates" option (#10214) for Mobile IPsec tunnels as they always work in "Responsive ... Viktor Gurov
08:07 AM Regression #11447 (Pull Request Review): EAP-RADIUS Mobile IPsec clients with RADIUS-assigned addresses do not get additional configuration attributes: Jim Pingle
05:52 AM Regression #11447: EAP-RADIUS Mobile IPsec clients with RADIUS-assigned addresses do not get additional configuration attributes: revert to pre-2.5 style (attr in strongswan.conf) which works fine:
https://gitlab.netgate.com/pfSense/pfSense/-/mer... Viktor Gurov
08:03 AM Todo #10298 (Pull Request Review): Use SHA-512 for user password hashes: Jim Pingle
03:40 AM Todo #10298: Use SHA-512 for user password hashes: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/313 Viktor Gurov
07:57 AM Bug #12196 (Pull Request Review): IPsec settings fail to apply when a remote gateway is set to an FQDN and there are no DNS servers available: Jim Pingle
12:58 AM Bug #12196: IPsec settings fail to apply when a remote gateway is set to an FQDN and there are no DNS servers available: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/312 Viktor Gurov
12:55 AM Bug #12196 (Resolved): IPsec settings fail to apply when a remote gateway is set to an FQDN and there are no DNS servers available: How to reproduce:
1) Disable DNS servers or configure non-existent DNS servers on the System / General Setup page;
... Viktor Gurov
07:57 AM Bug #12195 (Pull Request Review): IPsec writes CRL files when tunnel does not use certificates: Jim Pingle
12:25 AM Bug #12195: IPsec writes CRL files when tunnel does not use certificates: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/311 Viktor Gurov
12:19 AM Bug #12195 (Resolved): IPsec writes CRL files when tunnel does not use certificates: @ipsec_setup_secrets()@ always writes CRL files, even if there is no PH1 cert authentication (PSK-only) Viktor Gurov
07:53 AM Bug #12174 (Pull Request Review): Firewall rule tabs load slowly when many rules on the tab utilize gateways: Jim Pingle
01:00 AM Bug #12026: Applying IPsec settings for many tunnels is slow or times out: New issues: #12195 and #12196 Viktor Gurov

08/03/2021

05:23 PM Revision e4a2bd9b: Fix selector: Steve Beaver
05:12 PM Revision 5ae46c60: Completes #12193. Ready for testing. Revert only this commit to go back to old ACB system.: Steve Beaver
03:20 PM Revision 90574ebd: Delete unsupported backups: Steve Beaver
03:18 PM Revision 0a74e0dd: Prototype cron script to upload ACB backups per #12193: Steve Beaver
03:16 PM Revision 28cb1a27: Fix OpenVPN CA/CRL cleanup. Fixes #12192: Jim Pingle
02:34 PM Revision 4e24b1fb: Validate gpsport. Fixes #12191: (cherry picked from commit bf21f67bbe2d1694ad1ad72728623dded9ace426) Jim Pingle
02:33 PM Revision bf21f67b: Validate gpsport. Fixes #12191: Jim Pingle
01:42 PM Feature #11374: WireGuard Status in GUI: Would you please consider adding WG to the Available Widgets as part of this ticket ? Yuri Weinstein
01:15 PM Bug #9058: Kernel panic during L2TP retransmit: Bianco Veigel wrote in #note-31:
> Is there anything I can do, to help you fix this? I'm still hitting this bug regu... Renato Botelho
12:11 PM Feature #12193 (Feedback): AutoConfigBackup performance improvements: * When time based backups are selected, and no minutes value provided, a random value is generated and presented to t... Anonymous
10:16 AM Feature #12193 (Resolved): AutoConfigBackup performance improvements: This feature requires two main changes:
# ACB backups from systems we don't allow (pfBlocker, snort, minicron etc) s... Anonymous
10:25 AM Bug #12192 (Feedback): OpenVPN does not clean up previous CA and CRL files: Applied in changeset commit:28cb1a275654001866037928c65bb15471e86d60. Jim Pingle
10:15 AM Bug #12192 (Confirmed): OpenVPN does not clean up previous CA and CRL files: Jim Pingle
09:43 AM Bug #12192 (Resolved): OpenVPN does not clean up previous CA and CRL files: Create a Peer to Peer (SSL/TLS) with Peer Certificate Authority One. After saving change the Peer Certificate Autho... Rafael Grothmann
09:40 AM Bug #12191 (Feedback): File overwrite in ``services_ntpd_gps.php`` via ``gpsport`` parameter: Applied in changeset commit:bf21f67bbe2d1694ad1ad72728623dded9ace426. Jim Pingle
09:09 AM Bug #12191 (Resolved): File overwrite in ``services_ntpd_gps.php`` via ``gpsport`` parameter: The @gpsport@ parameter is not validated properly when set in @services_ntpd_gps.php@ or during NTP setup in @service... Jim Pingle

08/02/2021

11:04 PM Revision 85ea410d: Bug #12174 - rename gw_table to gw_info: lufte grof
10:58 PM Revision c79b9cfe: Bug #12174 - cache results from gateway_info_popup function: lufte grof
08:07 PM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: That would not make a difference in this case unfortunately - the IGDv2 issue was fixed long ago and has its own redm... Marcos M
06:19 PM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: Have you guys tried manually adding
force_igd_desc_v1=yes
to the config located at
/var/etc/miniupnpd.conf
Just loo... Greg Wallace
07:53 PM Revision 021ffa03: IPsec identifier type updates. Implements #12044: Correct names to reflect what the actual types are (e.g. Distinguished
name is really FQDN)
Add an explicit "auto" t... Jim Pingle
06:32 PM Revision a3d2c861: Add P2 Keep Alive function. Implements #12169: Works for VTI and Tunnel mode. Checks every 5 minutes if the P2 is connected and
initiates if it doesn't.
Since a fa... Jim Pingle
06:29 PM Bug #12174: Firewall rule tabs load slowly when many rules on the tab utilize gateways: https://github.com/pfsense/pfsense/pull/4535 lufte grof
05:01 PM Bug #12174: Firewall rule tabs load slowly when many rules on the tab utilize gateways: Ok, I'll work on a PR.
I took what you said and applied it. My latest doesn't touch guiconfig.inc. Instead, fire... lufte grof
02:49 PM Bug #12174 (In Progress): Firewall rule tabs load slowly when many rules on the tab utilize gateways: The main problems with that are:
* You're moving too much of that logic onto the page and out of the include file.... Jim Pingle
02:39 PM Bug #12174: Firewall rule tabs load slowly when many rules on the tab utilize gateways: Jim Pingle wrote in #note-2:
> Applied in changeset commit:87011dce1fe88ad48c098d6b6804add53cf64084.
Hi, Jim. Ap... lufte grof
05:45 PM Feature #6626: Support for IPv6 firewall entries with dynamic delegated prefix and static host address: I opened Feature #12190 to address the remaining issues/considerations.
https://redmine.pfsense.org/issues/12190 Greg Wallace
05:44 PM Feature #12190 (New): Ability to use an IPv6 prefix in firewall rules: Many users have internet connections with a dynamic ipv6 prefix (a real joy). Currently firewall rules can only refe... Greg Wallace
05:16 PM Feature #12169 (In Progress): IPsec keep alive option to initiate phase 2 without using ICMP: Almost certainly since this just checks if a P2 with the option checked it enabled and disconnected. If so, it trigge... Jim Pingle
04:37 PM Feature #12169: IPsec keep alive option to initiate phase 2 without using ICMP: Currently after a gateway comes back up, @check_reload_status@ will run "Restarting ipsec tunnels". This is not trigg... Marcos M
01:40 PM Feature #12169 (Feedback): IPsec keep alive option to initiate phase 2 without using ICMP: Applied in changeset commit:a3d2c8617ae7d9cabc6ce37cf8d1202b6c58f6df. Jim Pingle
04:54 PM Revision cbd2aad1: Fix IPsec buttons for Connecting. Fixes #12189: Status page was showing a connect button for tunnels which were already
connecting. It now shows a disconnect button ... Jim Pingle
03:47 PM Todo #10298: Use SHA-512 for user password hashes: (SHA-512 so it matches FreeBSD) Brad Davis
03:44 PM Todo #10298: Use SHA-512 for user password hashes: Can you implement this and switch to SHA-512? Brad Davis
03:05 PM Todo #12044 (Feedback): Improve IPsec identifier settings: Applied in changeset commit:021ffa0316b05618726243489ad44de91a8c57c4. Jim Pingle
02:42 PM Revision dd4ea276: Fix title length: ilmarranen alex
12:08 PM Bug #6624: changes in IPsec config should down the connection: This is going to take a bit more thought yet. Some factors make it more complicated than it seems on the surface:
... Jim Pingle
12:05 PM Bug #12189 (Feedback): IPsec status shows connect buttons while tunnel is connecting: Applied in changeset commit:cbd2aad16d97284280daf584fb713a2c6c3e5249. Jim Pingle
11:57 AM Bug #12189: IPsec status shows connect buttons while tunnel is connecting: Widget showed a disconnect button already. It showed P1 as connected, however, but if that's not expected that is goi... Jim Pingle
11:52 AM Bug #12189 (Resolved): IPsec status shows connect buttons while tunnel is connecting: When a tunnel is in the "Connecting" state, the IPsec status page at status_ipsec.php shows two connect buttons, when... Jim Pingle
12:04 PM Revision b751eaa9: Fix double encoding. Fixes #12186: The values in these arrays are already encoded, no need to do it again. Jim Pingle
09:21 AM Regression #11910: IPsec status tunnel descriptions are incorrect: Charles Hamilton wrote in #note-18:
> It seems this also prevents newly-added tunnels from coming up _unless_ the VT... Jim Pingle
08:40 AM Regression #11910: IPsec status tunnel descriptions are incorrect: It seems this also prevents newly-added tunnels from coming up _unless_ the VTI is disabled. Do we have an ETA on a f... Charles Hamilton
09:04 AM pfSense Packages Bug #12188: client export breaks multi remote configurations: A patch was posted:
https://sourceforge.net/p/openvpn/mailman/openvpn-devel/thread/20210802133127.25000-1-gert%40gre... Pippin MMD
08:15 AM pfSense Packages Bug #12188: client export breaks multi remote configurations: OpenVPN devs were/are aware of this and is currently being looked at.
Maybe a solution is near :)
Pippin MMD
05:19 AM pfSense Packages Bug #12188 (New): client export breaks multi remote configurations: https://forum.netgate.com/topic/165560/1-2-bug-client-export-openvpn-ras-udp-server
Hi,
as stated in above foru... Jens Groh
07:21 AM Bug #12164 (Pull Request Review): IPv6 policy routing does not work if an IPsec tunnel phase 2 remote network is configured for ``::/0``: Jim Pingle
07:19 AM Bug #11337 (Pull Request Review): Interface column empty in list of GIF tunnels when using IP Alias on CARP VIP as Interface: Jim Pingle
07:17 AM Bug #12026: Applying IPsec settings for many tunnels is slow or times out: Viktor Gurov wrote in #note-6:
> * 2. `ipsec_setup_secrets()` - always writes CRL files, even if there is no PH1 cer... Jim Pingle
07:13 AM Bug #12185 (Rejected): rx and tx queues: This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
07:12 AM Regression #12183: Changing MAC address for PPP parent interface stopped working: That was changed in #11387 to prevent the field from being set on interfaces which don't have MAC addresses.
In yo... Jim Pingle
07:10 AM Regression #12186 (Feedback): <br> tags shown in Status>IPsec: Applied in changeset commit:b751eaa9d062573675689ed3ea4d66a7f1eb405b. Jim Pingle
07:05 AM Feature #4496 (Closed): IPv6 outbound NAT support: Jim Pingle
03:49 AM Feature #4496: IPv6 outbound NAT support: Upon closer inspection, NAT over IPv6 is working.
Cloudflare Warp+ advertises not hiding IP addresses and it does ... Richard Yao
02:17 AM Feature #4496: IPv6 outbound NAT support: Dmitriy K wrote in #note-3:
> afaik, NPt does this, no?
Sadly, NPt does not work for my use case. I have a situation... Richard Yao

08/01/2021

07:15 PM Feature #8365: Button to copy rules from one interface to another: This is a pretty important feature for big corp networks with several vlans. Still no progress on it after three years?? RED SKULL
05:16 AM Bug #9595: OpenVPN does not resync when running on a gateway group: There has been a regression introduced in the latest changes of the pfSense codebase that have caused this bug to rea... James Webb

07/31/2021

08:04 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: >consistently will not start on its own after reboot and crashes with a sig 10
Signal 10 with Snort is a different... Steve Y
07:29 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: On reboot testing with 21.05.1 I'm able to consistently get snort to crash after a reboot. The service started norma... Kris Phillips
07:20 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: Tested on SG-3100 on 21.05.1 of pfSense Plus built on July 30th. With blocking mode enabled and running snort I'm un... Kris Phillips
06:50 PM pfSense Packages Bug #12030: Startup Errors for Avahi Package: Tested in 21.05.1 and this is still a present error:
WARNING: No NSS support for mDNS detected, consider installin... Kris Phillips
06:40 PM Bug #12102: Prevent using OpenVPN "Exit Notify" option with point-to-point modes: This default option problem is still present in 21.05.1. Kris Phillips
06:13 PM Regression #12187 (Rejected): Outbound LAN rule no longer working: Not enough information here to classify it as a bug. Post on the forum and include specific details such as the entir... Jim Pingle
04:49 PM Regression #12187 (Rejected): Outbound LAN rule no longer working: I just realized that after a 2.5.2 upgrade a rule I had in place no longer works.
- I have Dual ISPS
- I have high ... Arnold Fredson
05:59 PM Regression #12186 (Confirmed): <br> tags shown in Status>IPsec: Jim Pingle
04:10 PM Regression #12186 (Resolved): <br> tags shown in Status>IPsec: In the latest build of 2.6 <br> tags are being displayed when there are multiple P2 networks. I have produced this in... Max Leighton
05:58 PM Bug #6275 (Resolved): Disconnected IPsec phase 2 entries are not shown in IPsec status: Jim Pingle
04:05 PM Bug #6275: Disconnected IPsec phase 2 entries are not shown in IPsec status: Tested in
2.6.0-DEVELOPMENT (amd64)
built on Sat Jul 31 01:15:09 EDT 2021
FreeBSD 12.2-STABLE
I now see the ... Max Leighton
05:57 PM Bug #11552 (Resolved): Incorrect phase 2 entry removed when deleting multiple items consecutively: Jim Pingle
01:33 PM Bug #11552: Incorrect phase 2 entry removed when deleting multiple items consecutively: Tested in
2.6.0-DEVELOPMENT (amd64)
built on Sat Jul 31 01:15:09 EDT 2021
FreeBSD 12.2-STABLE
Repeating Jim'... Max Leighton
01:19 PM Revision a86ab279: Small fixes for expiredays comparing: ilmarranen alex
01:17 PM Revision 4ed695f2: Add setting for ignore revoked certificates. Fix Bug #12109: ilmarranen alex
12:52 PM pfSense Packages Bug #11993 (Resolved): PHP error after disabling HAProxy: The issue was on the haproxy-devel 0.62_3 version.
Tested on the haproxy-devel 0.62_4 version. There are no any err... Danilo Zrenjanin
12:42 PM Revision 948c631e: Prevent ::\0 from becoming part of negate_networks: Sietse van Zanen
12:30 PM Revision b2e3ba07: Merge branch 'pfsense:master' into master: ilmarranen alex
09:06 AM pfSense Packages Regression #12143 (Resolved): frr 1.1.0_12 package won't save OSPF settings unless entry exists in OSPF Networks: Tested on the frr 1.1.0_13 package. It works fine.
The ticket can be resolved. Danilo Zrenjanin
07:48 AM Bug #12164: IPv6 policy routing does not work if an IPsec tunnel phase 2 remote network is configured for ``::/0``: https://github.com/pfsense/pfsense/pull/4534
It is not ok to require end users who are not usually software develope... Sietse van Zanen
04:16 AM Bug #11337: Interface column empty in list of GIF tunnels when using IP Alias on CARP VIP as Interface: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/310 Viktor Gurov
12:43 AM Bug #12026: Applying IPsec settings for many tunnels is slow or times out: Jim Pingle wrote in #note-5:
> Applied in changeset commit:bec6dcfbbef4832b34d47ca60b0671b23dc185d8.
* 1. `ipsec_... Viktor Gurov
12:32 AM pfSense Plus Bug #11626: Google LDAP connections fail due to lack of SNI for TLS 1.3: Philipp Wagner wrote in #note-9:
> * In theory: Disable server certificate validation, which then accepts the self-s... Viktor Gurov

07/30/2021

11:30 PM Bug #12185 (Rejected): rx and tx queues: i am useing intel x520 10g nic with 24 core cpu but rx and tx queues not above 16 please tell me solution to extend q... adeel altaf
10:36 PM Feature #12184: GUI options to configure IKE retransmission behavior: The restransmit options could be put under "VPN / IPsec / Advanced Settings". Marcos M
10:35 PM Feature #12184 (Resolved): GUI options to configure IKE retransmission behavior: When using IKEv2, @dpd_timeout@ is ignored and instead the global @charon.retransmit_*@ is used to determine the time... Marcos M
07:45 PM pfSense Packages Bug #11847: Filters not applied to PEER Groups: Prefix filter is not showing up in configuration file if there is no added neighbor

router bgp 61000
no bgp ne... Alhusein Zawi
07:38 PM Regression #12183 (Confirmed): Changing MAC address for PPP parent interface stopped working: mac address tab not showing in pppoe client interface i want to spoof my mac please tell me solution already showing ... adeel altaf
07:27 PM Revision 87011dce: Cache gw status for rules. Fixes #12174: Don't fetch a new gateway status for every rule. Fetch it once and use
it for the entire page load. Jim Pingle
05:32 PM Revision bec6dcfb: IPsec updates to address multiple issues: * Configure/apply code changes.
* Vast performance increase. Fixes #12026
* Changed connection naming to be easie... Jim Pingle
02:56 PM Revision 005ac9d7: Merge branch 'pfsense:master' into master: ilmarranen alex
02:50 PM pfSense Docs Todo #12182 (Closed): Update IPsec to match recent changes: I made significant IPsec changes in https://redmine.pfsense.org/projects/pfsense/repository/1/revisions/bec6dcfbbef48... Jim Pingle
02:40 PM Bug #12174 (Feedback): Firewall rule tabs load slowly when many rules on the tab utilize gateways: Applied in changeset commit:87011dce1fe88ad48c098d6b6804add53cf64084. Jim Pingle
02:37 PM Feature #2456: Option to choose default tab in IPsec status Dashboard widget: I split (b) off into #12181 so this issue can remain open for the first request (a), the ability to configure a defau... Jim Pingle
02:19 PM Feature #2456: Option to choose default tab in IPsec status Dashboard widget: (b) has been implemented now in 2.6.0/21.09. See commit:bec6dcfbbef4832b34d47ca60b0671b23dc185d8 Jim Pingle
02:36 PM Feature #12181 (Resolved): Add connect/disconnect buttons to IPsec dashboard widget: Split from #2456
In the tunnel tab of the IPsec widget, add a mechanism to connect or disconnect tunnels
Alrea... Jim Pingle
01:32 PM pfSense Plus Bug #11626: Google LDAP connections fail due to lack of SNI for TLS 1.3: Thanks for tracking that down!
The main problem now is that OpenLDAP 2.5 isn't currently available in the FreeBSD ... Jim Pingle
01:09 PM pfSense Plus Bug #11626: Google LDAP connections fail due to lack of SNI for TLS 1.3: I have the same issue when setting up Google's "Secure LDAP" as user directory and did a bit more digging. Here's my ... Philipp Wagner
01:06 PM Feature #12169: IPsec keep alive option to initiate phase 2 without using ICMP: The other work is done, so this can proceed. See commit:bec6dcfbbef4832b34d47ca60b0671b23dc185d8 Jim Pingle
12:45 PM Bug #11552 (Feedback): Incorrect phase 2 entry removed when deleting multiple items consecutively: Applied in changeset commit:bec6dcfbbef4832b34d47ca60b0671b23dc185d8. Jim Pingle
11:44 AM Bug #11552: Incorrect phase 2 entry removed when deleting multiple items consecutively: Updating subject for release notes. Jim Pingle
12:45 PM Bug #6275 (Feedback): Disconnected IPsec phase 2 entries are not shown in IPsec status: Applied in changeset commit:bec6dcfbbef4832b34d47ca60b0671b23dc185d8. Jim Pingle
12:45 PM Regression #11910 (Feedback): IPsec status tunnel descriptions are incorrect: Applied in changeset commit:bec6dcfbbef4832b34d47ca60b0671b23dc185d8. Jim Pingle
12:45 PM Bug #11951 (Feedback): IPsec status fails when many tunnels are connected: Applied in changeset commit:bec6dcfbbef4832b34d47ca60b0671b23dc185d8. Jim Pingle
12:45 PM Bug #12155 (Feedback): Tunnels with conflicting REQID values can lead to multiple identical Child SA entries: Applied in changeset commit:bec6dcfbbef4832b34d47ca60b0671b23dc185d8. Jim Pingle
12:45 PM Bug #12026 (Feedback): Applying IPsec settings for many tunnels is slow or times out: Applied in changeset commit:bec6dcfbbef4832b34d47ca60b0671b23dc185d8. Jim Pingle
12:02 PM Bug #12026: Applying IPsec settings for many tunnels is slow or times out: Updating subject for release notes. Jim Pingle
11:38 AM Revision 7a23eb2e: Only create pkg.pkg.sig if pkg.pkg exists: Renato Botelho
11:37 AM Revision b5641da1: Only create pkg.pkg.sig if pkg.pkg exists: Renato Botelho
10:03 AM pfSense Docs Todo #11536 (Closed): Feedback on Virtual Private Networks — OpenVPN — Controlling Client Parameters via RADIUS: PR merged. Jim Pingle
08:40 AM pfSense Docs Todo #11536 (Pull Request Review): Feedback on Virtual Private Networks — OpenVPN — Controlling Client Parameters via RADIUS: Jim Pingle
06:35 AM pfSense Docs Todo #11536: Feedback on Virtual Private Networks — OpenVPN — Controlling Client Parameters via RADIUS: https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/19 Viktor Gurov
09:41 AM pfSense Packages Bug #10867: squidGuard Package Hangs on Uninstall or Upgrade: Still seeing this in 21.05. The packahe reinstall process stops at Squidguard with:... Steve Wheeler
09:36 AM pfSense Docs Todo #12180 (Closed): Feedback on Virtual Private Networks — IPsec — IPsec Configuration: PR merged. Jim Pingle
09:20 AM pfSense Docs Todo #12180 (Pull Request Review): Feedback on Virtual Private Networks — IPsec — IPsec Configuration: Jim Pingle
08:57 AM pfSense Docs Todo #12180: Feedback on Virtual Private Networks — IPsec — IPsec Configuration: https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/20 Viktor Gurov
08:39 AM pfSense Docs Todo #12180 (Closed): Feedback on Virtual Private Networks — IPsec — IPsec Configuration: *Page:* https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/configure.html#advanced-options
*Feedback:*... Viktor Gurov
08:35 AM Bug #12177 (Pull Request Review): When attempting to delete an in-use alias, input validation only prints the first item using the alias in the error message: Jim Pingle
01:34 AM Bug #12177: When attempting to delete an in-use alias, input validation only prints the first item using the alias in the error message: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/308 Viktor Gurov
01:02 AM Bug #12177 (Resolved): When attempting to delete an in-use alias, input validation only prints the first item using the alias in the error message: If you try to delete a used alias, only the first reference to the alias will be shown in the alert message box:
<pr... Viktor Gurov
08:23 AM Todo #12176 (Pull Request Review): Hide WireGuard interfaces on appropriate pages: See my comment on the PR with a better approach. Jim Pingle
02:02 AM Todo #12176: Hide WireGuard interfaces on appropriate pages: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/309 Viktor Gurov
12:55 AM Todo #12176 (Pull Request Review): Hide WireGuard interfaces on appropriate pages: Todo:
1) Add @tun_wg@ to @is_pseudo_interface()@ list to prevent its use on the DHCP/DHCP6 Relay (#10341) and PPPoE ... Viktor Gurov
08:20 AM Bug #12000 (Resolved): Remote log server input validation allows invalid values: It works fine. It considered my entry as FQDN (192.168.33.33333) and passed the validity check.
The ticket can be ... Danilo Zrenjanin
05:41 AM Bug #12000: Remote log server input validation allows invalid values: Tested on the:... Danilo Zrenjanin
08:02 AM pfSense Packages Feature #12179 (Confirmed): QEMU package: Currently, the qemu-guest-agent can be installed from the console. It works fine.
https://redmine.pfsense.org/issues... Danilo Zrenjanin
06:58 AM pfSense Packages Bug #12178: WireGuard always shows 'Configuring WireGuard tunnels...done.' message on boot: easy fix, I can get that into next release Christian McDonald
03:32 AM pfSense Packages Bug #12178 (New): WireGuard always shows 'Configuring WireGuard tunnels...done.' message on boot: WireGuard pkg always shows "Configuring WireGuard Tunnels...done." on boot, whether any tunnels are configured or not... Viktor Gurov
02:46 AM Feature #9877 (Resolved): QEMU Guest Agent: Installed sucesefully qemu-guest-agent on the:... Danilo Zrenjanin
12:59 AM pfSense Packages Todo #12175: Error after enable DHCP on Wiregurd: Great ! Yuri Weinstein
12:56 AM pfSense Packages Todo #12175: Error after enable DHCP on Wiregurd: Yuri Weinstein wrote in #note-4:
> It’d be great to make this impossible to use then
see #12176 Viktor Gurov

07/29/2021

07:57 PM Revision 3337381a: Add REPO_ACCEPT_LEGACY_PKG to fix pkg sign: Renato Botelho
07:56 PM Revision 7f607a8f: Create a pkg bootstrap signature symlink: (cherry picked from commit 9ad8ac15f6edb552251fb214f9d6efa52febd5db) Renato Botelho
04:47 PM pfSense Packages Bug #12088: Setting Advertise Capability to ORF leads to invalid configuration preventing frr from starting: fixed
selecting ORF (GUI) is added to configuration file :
neighbor 172.17.99.11 capability orf prefix-list b... Alhusein Zawi
03:54 PM Bug #12170: Interface assignment mismatch is not detected if VLAN-only parent interface is removed: That is not the philosophy taken by pfSense for other interfaces, and it won't be changed here. There are other open ... Jim Pingle
03:14 PM Bug #12170: Interface assignment mismatch is not detected if VLAN-only parent interface is removed: @Jim,
I object !!
- I am very glad that the system was still running even with the defect x520. That allowed t... Louis B
07:25 AM Bug #12170 (Pull Request Review): Interface assignment mismatch is not detected if VLAN-only parent interface is removed: Jim Pingle
03:08 AM Bug #12170: Interface assignment mismatch is not detected if VLAN-only parent interface is removed: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/306 Viktor Gurov
02:56 PM Revision 7fb96c6c: Revert "Show result of pkg sign command to make it easier to debug": This reverts commit d796e0af08457ba75ad708b8a04e4dcfe70bbba3. Renato Botelho
01:22 PM Bug #9058: Kernel panic during L2TP retransmit: Is there anything I can do, to help you fix this? I'm still hitting this bug regularly (up to multiple times per day)... Bianco Veigel
01:13 PM pfSense Packages Todo #12175: Error after enable DHCP on Wiregurd: It’d be great to make this impossible to use then Yuri Weinstein
01:00 PM pfSense Packages Todo #12175: Error after enable DHCP on Wiregurd: Todo: Consider this case when working on improvements to base for better handling pseudo-interface types. Christian McDonald
12:56 PM pfSense Packages Todo #12175 (Rejected): Error after enable DHCP on Wiregurd: This is not a bug. WireGuard is a layer3 tunnel. DHCP operates at layer2. Disable DHCP on your WireGuard interfaces.
... Christian McDonald
12:37 PM pfSense Packages Todo #12175 (Rejected): Error after enable DHCP on Wiregurd: After enabling Wireguard DHCP server, I see error loading DHCP, red status and in the log php-fpm error:... Yuri Weinstein
11:58 AM Bug #12174: Firewall rule tabs load slowly when many rules on the tab utilize gateways: A quick look at the code tells me this is likely the same root cause as what is making the IPsec status and apply pro... Jim Pingle
11:26 AM Bug #12174 (Resolved): Firewall rule tabs load slowly when many rules on the tab utilize gateways: firewall_rules.php is slow to load for interfaces that have numerous rules utilizing the gateway field for policy-bas... lufte grof
09:16 AM Bug #11675 (Resolved): VLAN and QinQ edit pages allows selecting incompatible OpenVPN ``tun`` interfaces: Tested on:... Danilo Zrenjanin
07:27 AM Bug #12173 (Pull Request Review): IPv6 RA DNSSL lifetime is too short, not compliant with RFC 8106: Jim Pingle
03:39 AM Bug #12173: IPv6 RA DNSSL lifetime is too short, not compliant with RFC 8106: fixes:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/307 Viktor Gurov
06:35 AM Bug #12041 (Resolved): Certificate Manager shows incorrect DN for imported entries with UTF-8 encoding: Tested on the:... Danilo Zrenjanin
06:28 AM Bug #12023 (Resolved): Mobile IPsec NAT/BINAT entries missing from firewall rules: Tested on the:... Danilo Zrenjanin
12:30 AM pfSense Docs Todo #12018 (Closed): Feedback on Firewall — Configuring firewall rules: merged Viktor Gurov

07/28/2021

10:07 PM Bug #12173 (Resolved): IPv6 RA DNSSL lifetime is too short, not compliant with RFC 8106: This issue is almost exactly the same as issue 11105 [1] but for the DNSSL setting.
The 'AdvDNSSLLifetime' value i... Andrew W
09:20 PM Feature #11047: Add Encryption Password suggestions and Restriction: Jim Pingle wrote in #note-2:
> That is way too much text to add to the GUI. There is a help link if anyone wants to ... Sergei Shablovsky
07:03 PM Revision 9ad8ac15: Create a pkg bootstrap signature symlink: Renato Botelho
03:20 PM Regression #12172 (Pull Request Review): OpenVPN Wizard configuration missing recently added default values: Jim Pingle
11:39 AM Regression #12172: OpenVPN Wizard configuration missing recently added default values: fix for @ncp_enable@ value:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/305
but I cannot reproduc... Viktor Gurov
10:56 AM Regression #12172 (Resolved): OpenVPN Wizard configuration missing recently added default values: After generating an RA OpenVPN Server configuration through the wizard, @config.xml@ contains the following:... Marcos M
03:20 PM pfSense Packages Bug #12167 (Pull Request Review): BGP TCP setkey not set if neighbor is in peer group: Jim Pingle
04:56 AM pfSense Packages Bug #12167: BGP TCP setkey not set if neighbor is in peer group: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/109 Viktor Gurov
03:17 PM Bug #3948 (Closed): Changing OpenVPN from tun to tap or vice-versa breaks that instance: Jim Pingle
04:37 AM Bug #3948: Changing OpenVPN from tun to tap or vice-versa breaks that instance: no such issue on pfSense 2.6.0.a.20210726.1819:... Viktor Gurov
03:15 PM Todo #11933 (Pull Request Review): PC/SC Smart Card Daemon ``pcscd`` running on all devices at all times, should be optional: Jim Pingle
02:26 AM Todo #11933: PC/SC Smart Card Daemon ``pcscd`` running on all devices at all times, should be optional: hide @pcscd@ from the service list if not enabled:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/304 Viktor Gurov
03:14 PM Bug #12168 (Pull Request Review): 1:1 NAT rule with internal IP address of "Any" results in an invalid firewall rule: Jim Pingle
12:46 AM Bug #12168: 1:1 NAT rule with internal IP address of "Any" results in an invalid firewall rule: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/303 Viktor Gurov
02:47 PM Revision d796e0af: Show result of pkg sign command to make it easier to debug: Renato Botelho
01:26 PM Bug #11552 (In Progress): Incorrect phase 2 entry removed when deleting multiple items consecutively: Jim Pingle
10:31 AM pfSense Plus Bug #11626: Google LDAP connections fail due to lack of SNI for TLS 1.3: This issue open 5 months and still no fix. The stunnel workaround is not a good solution - it only works for gui and ... Michael Mogren
07:30 AM Todo #12171 (Resolved): Upgrade to ``pkg`` 1.17.x: After ports moved to pkg 1.17.x we started seeing issues to sign repositories. I suspect one of the causes is due to... Renato Botelho
12:13 AM pfSense Packages Feature #12165 (Duplicate): NTPsec: Is duplicate of #8149 Viktor Gurov

07/27/2021

02:14 PM Regression #12021: NoIP.com incorrectly encodes Dynamic DNS update credentials: Manually made the change detailed in 4aab19d4ade5d164c22bd63b2833d54bab740d59 and it's working for me now. Greg B
10:59 AM Bug #12095: Memory leak in pcscd: >There looks to be a limit at ~1GB
If you meant a limit for pcscd's RAM usage, I pulled up a few...a 3100 (21.05)... Steve Y

07/26/2021

03:50 PM Bug #12163: WAN interface throughput degradation after send high volume through OpenVPN site-to-site Tunnel: Jim Pingle wrote in #note-1:
> Almost certainly a duplicate of #11778
I doubt it, in my case CPU never exceeded a... Tom Hebert
12:25 PM Bug #12163 (Duplicate): WAN interface throughput degradation after send high volume through OpenVPN site-to-site Tunnel: Almost certainly a duplicate of #11778 Jim Pingle
02:23 PM Bug #12170: Interface assignment mismatch is not detected if VLAN-only parent interface is removed: None of that matters. If the interface is missing when it must be present, the configuration should be rejected as wi... Jim Pingle
02:18 PM Bug #12170: Interface assignment mismatch is not detected if VLAN-only parent interface is removed: Jim,
Note that:
- the interface assignment was completely legal when it was created (the x520 was functioning at ... Louis B
02:07 PM Bug #12170 (Resolved): Interface assignment mismatch is not detected if VLAN-only parent interface is removed: If an interface is used only for VLANs (e.g. it is not assigned directly) and that interface is removed, the system d... Jim Pingle
02:08 PM Feature #12166 (Duplicate): Dashboard Interfaces should show "physical" interface failures: That is a much different issue than the status not reflecting if the underlying interface is down which is what you d... Jim Pingle
02:05 PM Feature #12166: Dashboard Interfaces should show "physical" interface failures: @Jim,
I do not support your reaction. At this very moment my pfSense router its 10 G x520 card is defect and has... Louis B
12:42 PM Feature #12166 (Rejected): Dashboard Interfaces should show "physical" interface failures: I can't reproduce what you're talking about here. If I unplug an interface, the VLANs on that interface also show as ... Jim Pingle
06:39 AM Feature #12166 (Duplicate): Dashboard Interfaces should show "physical" interface failures: *Hello,
Since two days I did have severe network problems. So I did start investigating the problem. One of the fi... Louis B
01:59 PM Feature #6150 (Rejected): Named IPSec entries: Using custom names will cause more problems than it solves.
I'm in the process of doing some work on IPsec which w... Jim Pingle
01:52 PM Bug #6275 (In Progress): Disconnected IPsec phase 2 entries are not shown in IPsec status: This is something I intend to address as a part of the current IPsec changes I'm making. Jim Pingle
01:51 PM Bug #11951 (In Progress): IPsec status fails when many tunnels are connected: I'm working on optimizations for this as a part of ongoing IPsec work, should be solved soon. Jim Pingle
01:47 PM Bug #6624: changes in IPsec config should down the connection: This should be more manageable once my current work is done. The P2 connection IDs will be more predictable and then ... Jim Pingle
01:41 PM Bug #11900 (Duplicate): IPsec tunnels remain active after disabling: Duplicate of #6624 Jim Pingle
01:16 PM Feature #12169: IPsec keep alive option to initiate phase 2 without using ICMP: Also note this should solve what some users see where after some time of a peer being down, a VTI tunnel won't automa... Jim Pingle
01:10 PM Feature #12169 (Resolved): IPsec keep alive option to initiate phase 2 without using ICMP: Currently the IPsec GUI allows users to enter an IP address to ping a remote host as a means to connect a P2 and keep... Jim Pingle
12:44 PM pfSense Packages Bug #12058: pfBlockerNG / "Cannot allocate memory" from Geo blocking IP list: Just a note: this wasn't a one-off. I get this email (just about?) every time I change some firewall setting. Sean McBride
12:35 PM Regression #12052 (Resolved): IPsec status IKE disconnect button drops all connections for the IKE ID, not a specific IKE SA ID: Jim Pingle
08:08 AM Regression #12052: IPsec status IKE disconnect button drops all connections for the IKE ID, not a specific IKE SA ID: The patch works in my 2.5.1 Version. Thanks.
Geovane Geovane Gonçalves
12:33 PM pfSense Packages Feature #11410: adding bpytop (former Bashtop): This is highly unlikely to be added by Netgate staff -- someone in the community will need to create the package and ... Jim Pingle
12:32 PM pfSense Packages Feature #12165: NTPsec: This is a completely different NTP package than what is in base, so either the base ntpd would need to be switched (u... Jim Pingle
12:29 PM Bug #12164 (Rejected): IPv6 policy routing does not work if an IPsec tunnel phase 2 remote network is configured for ``::/0``: Not enough information here to prove it's a bug and this site is not for support or diagnostic discussion.
You nee... Jim Pingle
12:24 PM Todo #11983 (Resolved): Hide "Reboot and run a filesystem check" for ZFS systems: Same is also true on 2.6.0 snapshots. Closing. Jim Pingle
12:22 PM Bug #12026 (In Progress): Applying IPsec settings for many tunnels is slow or times out: I've got some ongoing work I'm doing which is going to conflict with some of that PR. Won't know exactly how badly un... Jim Pingle
12:19 PM Regression #11316: Unbound crashes with signal 11 when reloading: I've imported more patches from upstream and bumped unbound to 1.13.1_3. This version will be available with next ro... Renato Botelho
12:04 PM Bug #12168 (Resolved): 1:1 NAT rule with internal IP address of "Any" results in an invalid firewall rule: # Create a new 1:1 NAT rule
# Choose interface / external subnet IP
# Select @Any@ for Internal IP
# Save/Apply
... Marcos M
08:51 AM pfSense Packages Bug #12167 (Feedback): BGP TCP setkey not set if neighbor is in peer group: When a neighbor is a member of a peer group, with *FRR and setkey Bidirectional* enabled with a password, the setkey ... Chris Linstruth
05:39 AM Feature #12090 (Resolved): Add new Dynamic DNS provider: dy.fi: Renato Botelho

07/25/2021

08:10 PM pfSense Packages Feature #12165 (Duplicate): NTPsec: Some basic info here https://blog.ntpsec.org/2019/01/02/starting-nts.html, https://blog.ntpsec.org/2019/01/02/start... Sergei Shablovsky
05:50 PM pfSense Packages Feature #11410: adding bpytop (former Bashtop): Please, any news ? Sergei Shablovsky
02:43 PM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: IGDv2 is not currently used:... Marcos M
12:35 PM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: Here's something mentioning IGDv2 being the problem in miniupnp, and solving it by reverting to IGDv1:
https://www.re... Jon8RFC .
12:41 PM Bug #12164: IPv6 policy routing does not work if an IPsec tunnel phase 2 remote network is configured for ``::/0``: More important question, where does pfsense get the idea that it should make untransparent unlogged routing decisions? Sietse van Zanen
12:40 PM Bug #12164: IPv6 policy routing does not work if an IPsec tunnel phase 2 remote network is configured for ``::/0``: table <negate_networks> { 10.0.23.0/24 ::/0 }
If I remove ::/0 it works. Where is this table coming from?
Only th... Sietse van Zanen
12:33 PM Bug #12164: IPv6 policy routing does not work if an IPsec tunnel phase 2 remote network is configured for ``::/0``: IPv6 Rule:
<rule>
<id></id>
<tracker>1627229557</t... Sietse van Zanen
12:18 PM Bug #12164: IPv6 policy routing does not work if an IPsec tunnel phase 2 remote network is configured for ``::/0``: in rules.debug:
pass in log quick on $Untrust inet6 proto tcp from $RDEGW01 to <negate_networks> port 25 track... Sietse van Zanen
11:42 AM Bug #12164 (Closed): IPv6 policy routing does not work if an IPsec tunnel phase 2 remote network is configured for ``::/0``: Policy routes through firewall rules do not work for IPv6, traffic is routed through default routes.
Selecting a g... Sietse van Zanen

07/24/2021

11:07 PM Feature #8030: Unbound: Add support for DNS over TLS to internal clients: This feature seems not to be documented here:
https://docs.netgate.com/pfsense/en/latest/services/dns/resolver.htm... Sean McBride
09:13 PM Bug #12141: Lack of DNS or Internet connectivity causes GUI to be slow: Oddly setting the WAN interface of a firewall to None for IPv4 and IPv6 causes no slowness in the webConfigurator. I... Kris Phillips
03:09 PM Bug #12141: Lack of DNS or Internet connectivity causes GUI to be slow: Jim Pingle wrote in #note-3:
> If it's every page load then most likely it's related to authentication settings, lik... Kris Phillips
07:11 PM Bug #12163 (Duplicate): WAN interface throughput degradation after send high volume through OpenVPN site-to-site Tunnel: We have a Netgate 5100 onsite and three remote sites. Two of those sites use Netgate 5100s and the third is running ... Tom Hebert
06:28 PM Todo #11983: Hide "Reboot and run a filesystem check" for ZFS systems: diagnostics>reboot only presents "Normal reboot" and "Reroot" as choices on system using ZFS running 21.09.a.20210723... Jordan G
06:23 PM Feature #12090: Add new Dynamic DNS provider: dy.fi: dynamic dns provider DY.fi appears in drop down list - tested on ver 21.09.a.20210723.0100 Jordan G
03:36 PM Regression #11316: Unbound crashes with signal 11 when reloading: Kris Phillips wrote in #note-61:
> I have been running 21.05 for over a month and haven't seen any unbound crashes a... Jim Pingle
03:07 PM Regression #11316: Unbound crashes with signal 11 when reloading: I have been running 21.05 for over a month and haven't seen any unbound crashes at all on 1.12. We will want to rete... Kris Phillips
03:03 PM pfSense Docs Todo #12162 (Resolved): Add "usb reset" as possible solution for non-booting flash drives on the SG-1100: Recently I've noticed a fair number of customers having issues with multiple flash drives not wanting to boot properl... Kris Phillips
02:07 PM Bug #12161 (Rejected): NAT+Routing+Limiter: Most likely a configuration problem, not a bug.
Please post on the forum at https://forum.netgate.com to discuss a... Jim Pingle
12:11 PM Bug #12161 (Rejected): NAT+Routing+Limiter: in my setup 5 lan interfaces but when am apply limiter queque on one lan interface then all lan interfaces packet los... adeel altaf
12:16 PM Feature #12118 (Resolved): Create a log entry when a configuration change occurs: Tested in
21.09-DEVELOPMENT (arm64)
built on Sat Jul 24 01:10:30 EDT 2021
FreeBSD 12.2-STABLE
And
2.6.0-D... Max Leighton
11:52 AM pfSense Packages Bug #12074 (Resolved): Freeradius: Additional Information field descriptions swapped: Checked in FreeRADIUS 0.15.7_32. Looks good. The descriptions match the correct fields now. Marking the ticket resolved. Max Leighton
11:22 AM Regression #12052: IPsec status IKE disconnect button drops all connections for the IKE ID, not a specific IKE SA ID: Tested in
21.09-DEVELOPMENT (arm64)
built on Sat Jul 24 01:10:30 EDT 2021
FreeBSD 12.2-STABLE
It works. I am a... Max Leighton

Also available in: Atom

Project

General

Profile

pfSense

Activity

Activity

08/22/2021

08/21/2021

08/20/2021

08/19/2021

08/18/2021

08/17/2021

08/16/2021

08/15/2021

08/14/2021

08/13/2021

08/12/2021

08/11/2021

08/10/2021

08/09/2021

08/08/2021

08/07/2021

08/06/2021

08/05/2021

08/04/2021

08/03/2021

08/02/2021

08/01/2021

07/31/2021

07/30/2021

07/29/2021

07/28/2021

07/27/2021

07/26/2021

07/25/2021

07/24/2021