Project

General

Profile

Activity

From 08/02/2021 to 08/31/2021

08/31/2021

06:03 PM Revision 0a70f90a: OpenVPN exit notify & inactive incompatibilities
* Ignore exit notify in problematic cases. Fixes #12102
* Ignore inactive seconds in problematic cases. Fixes #12219
... Jim Pingle
03:42 PM Bug #12315: IPsec tunnels using a gateway group do not get reloaded in some cases
There are other cases in which the tunnel may not get re-established ( e.g. #12169 ) which are separate from this iss... Marcos M
03:07 PM Bug #12315: IPsec tunnels using a gateway group do not get reloaded in some cases
Jim Pingle wrote in #note-5:
> Viktor Gurov wrote in #note-4:
> > related issue - #6370 (duplicate?)
>
> It's po... Hagen Herrschaft
07:37 AM Bug #12315: IPsec tunnels using a gateway group do not get reloaded in some cases
Viktor Gurov wrote in #note-4:
> related issue - #6370 (duplicate?)
It's possibly related but I wouldn't say it's... Jim Pingle
02:22 PM Todo #12314: Convert help shortcut links to server-side redirects
Updating subject for release notes Jim Pingle
02:20 PM Bug #12219 (Feedback): Prevent using OpenVPN "Inactive" option with point-to-point modes
Applied in changeset commit:0a70f90aff9cc2fc7fc5f5dc551a708ee349ea07. Jim Pingle
01:18 PM Bug #12219 (Pull Request Review): Prevent using OpenVPN "Inactive" option with point-to-point modes
MR: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/362 Jim Pingle
02:20 PM Bug #12102 (Feedback): Prevent using OpenVPN "Exit Notify" option with point-to-point modes
Applied in changeset commit:0a70f90aff9cc2fc7fc5f5dc551a708ee349ea07. Jim Pingle
01:18 PM Bug #12102 (Pull Request Review): Prevent using OpenVPN "Exit Notify" option with point-to-point modes
MR: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/362 Jim Pingle
02:09 PM Revision 83314732: Cleanup and improve easyrule. Fixes #12151
Viktor Gurov
11:57 AM pfSense Packages Bug #12322: Suricata creates invalid HOME_NET entries
fix:
https://github.com/pfsense/FreeBSD-ports/pull/1104 Viktor Gurov
11:54 AM pfSense Packages Bug #12322 (Resolved): Suricata creates invalid HOME_NET entries
In some cases Suricata creates invalid ("Array()") entries in the HOME_NET variable on boot:... Viktor Gurov
11:54 AM Bug #12319 (Pull Request Review): NAT reflection does not work for IPv6 port forwarding rules when configured for NAT+Proxy mode
Jim Pingle
09:51 AM Bug #12319: NAT reflection does not work for IPv6 port forwarding rules when configured for NAT+Proxy mode
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/361 Viktor Gurov
07:54 AM Bug #12319: NAT reflection does not work for IPv6 port forwarding rules when configured for NAT+Proxy mode
I'm not sure we should even try supporting that mode for IPv6, it's bad enough for IPv4.
I'm inclined to have the ... Jim Pingle
07:51 AM Bug #12319 (Resolved): NAT reflection does not work for IPv6 port forwarding rules when configured for NAT+Proxy mode
Invalid rules created:... Viktor Gurov
11:50 AM Bug #8390 (Pull Request Review): Input validation does not prevent removing a gateway used by a DNS server
Jim Pingle
10:53 AM Feature #12321 (Resolved): Pop-up window to view firewall rules generated from RADIUS ACL entries on the OpenVPN status page
It would be useful to see RADIUS ACL generated rules in pop-up "modal" window by clicking on the "info" icon
like Su... Viktor Gurov
09:56 AM Bug #12259: Intel em NICs Suffering Performance Degradation on FreeBSD12
This is an issue with the following NICs:... Marcos M
09:55 AM Revision e71b27cd: Restart OpenVPN instances on Host and URL type aliases change. Issue #2668
Viktor Gurov
09:27 AM pfSense Docs Correction #12312 (Closed): Correct Image Name for Netgate 6100 Reinstall Documentation
Fixed Viktor Gurov
09:20 AM Bug #12151 (Feedback): ``easyrule`` script does not function properly
Applied in changeset commit:83314732b4df7be3ab614d99563481d3f3b6bf25. Viktor Gurov
05:36 AM Bug #12151: ``easyrule`` script does not function properly
improved fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/359 Viktor Gurov
08:07 AM Feature #9857: IPsec Down/Up SMTP Notifications
Yes Jim, optional always good, but then alerts about gateway state changes could be optional as well :). I mean that ... DRago_Angel [InV@DER]
07:41 AM Feature #9857: IPsec Down/Up SMTP Notifications
If we do add that, it should be optional (perhaps both global and a per-P2 checkbox) and default to off. That will be... Jim Pingle
07:50 AM Feature #12318 (Pull Request Review): Display default "Reflection Timeout" value on ``system_advanced_firewall.php``
Jim Pingle
07:44 AM Feature #12318: Display default "Reflection Timeout" value on ``system_advanced_firewall.php``
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/360 Viktor Gurov
07:39 AM Feature #12318 (Resolved): Display default "Reflection Timeout" value on ``system_advanced_firewall.php``
Display default Reflection Timeout value on system_advanced_firewall.php page
Default is 2000:
https://github.com... Viktor Gurov
07:43 AM Feature #2668 (Pull Request Review): Support aliases in OpenVPN local/remote/tunnel network fields
Jim Pingle
04:56 AM Feature #2668: Support aliases in OpenVPN local/remote/tunnel network fields
minor fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/358 Viktor Gurov
07:43 AM Feature #12316 (Pull Request Review): Include firewall rules generated from OpenVPN RADIUS ACL entries in status output
Jim Pingle
07:38 AM Bug #6370: IPSEC bound to WAN gateway group and Dynamic DNS doesn't to fail back tunnel to WAN on DDNS update
This may be fixed by #12315 -- please re-test on a current Plus 21.09 or CE 2.6.0 snapshot. Jim Pingle
07:35 AM pfSense Packages Feature #11130 (Pull Request Review): FRR RIP support
Jim Pingle
07:28 AM pfSense Packages Feature #12246 (Pull Request Review): Load a file into patch textarea
Jim Pingle

08/30/2021

09:02 PM Revision 4b8d710c: OpenVPN Aliases support. Implements #2668
Viktor Gurov
07:39 PM Revision e7d8f036: Revert "Ticket #12235: pfSense-rc: Save pkg_set_version"
This reverts commit 340c9ab1d1eb1b959dc2292872866bca7e123665. Renato Botelho
07:19 PM Revision 340c9ab1: Ticket #12235: pfSense-rc: Save pkg_set_version
Instead of carry the old file pkg_set_version on pfSense-upgrade, which
is not rebuilt when we change product version... Renato Botelho
06:19 PM Revision 336103c4: Consider GWG in ipsec_force_reload. Fixes #12315
Jim Pingle
04:54 PM pfSense Packages Todo #12317: Suricata UI improvements
+ @ftp-data@ app parser
https://github.com/pfsense/FreeBSD-ports/pull/1103 Viktor Gurov
04:53 PM pfSense Packages Todo #12317 (Resolved): Suricata UI improvements
Fixed: Incorrect entries sort order on the FILES page
Added: Link to Snort Rule Doc for "snort_*" rules on the suric... Viktor Gurov
04:16 PM Todo #12235 (Feedback): ``pfSense-upgrade`` should reinstall all packages on new version upgrades
Fixed moving control file to be installed by pfSense-repo package Renato Botelho
01:25 PM Todo #12235 (In Progress): ``pfSense-upgrade`` should reinstall all packages on new version upgrades
I found a bug on current implementation because control file is installed by pfSense-upgrade and it is not rebuilt wh... Renato Botelho
04:15 PM Feature #2668 (Feedback): Support aliases in OpenVPN local/remote/tunnel network fields
Applied in changeset commit:4b8d710c06b2cea101a3751e8e5d7fd3e657532d. Viktor Gurov
04:01 PM Feature #12316: Include firewall rules generated from OpenVPN RADIUS ACL entries in status output
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/357 Viktor Gurov
03:58 PM Feature #12316 (Resolved): Include firewall rules generated from OpenVPN RADIUS ACL entries in status output
I would be useful for troubleshooting to check the RADIUS ACL generated rules for OpenVPN clients Viktor Gurov
03:55 PM Feature #9857: IPsec Down/Up SMTP Notifications
@updown@ script can be used to implement this feature
see https://wiki.strongswan.org/issues/3604
and https://wiki.... Viktor Gurov
03:53 PM Bug #12315: IPsec tunnels using a gateway group do not get reloaded in some cases
related issue - #6370 (duplicate?) Viktor Gurov
01:25 PM Bug #12315 (Feedback): IPsec tunnels using a gateway group do not get reloaded in some cases
Applied in changeset commit:336103c470c1064ee2264606ef9046ba34987df6. Jim Pingle
01:21 PM Bug #12315 (Confirmed): IPsec tunnels using a gateway group do not get reloaded in some cases
Was able to reproduce it easily just by setting an IPsec tunnel to a gateway group and running the function. Fix inco... Jim Pingle
12:01 PM Bug #12315 (Resolved): IPsec tunnels using a gateway group do not get reloaded in some cases
When @ipsec_force_reload($interface)@ is called, for example by @/etc/rc.newwanip@, it only looks for tunnels which s... Jim Pingle
03:51 PM pfSense Packages Feature #11130: FRR RIP support
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/123 Viktor Gurov
03:50 PM pfSense Packages Feature #12246: Load a file into patch textarea
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/122 Viktor Gurov
03:28 PM Bug #12102 (In Progress): Prevent using OpenVPN "Exit Notify" option with point-to-point modes
Jim Pingle
03:28 PM Bug #12219 (In Progress): Prevent using OpenVPN "Inactive" option with point-to-point modes
Jim Pingle
02:50 PM Revision 0f2df9bb: Move help redirects to server. Implements #12314
Redirect mappings are already in place on the docs web server. Jim Pingle
12:32 PM Bug #7815 (Closed): IPSec MSS Clamping is matching traffic not related to IPSec
This is addressed by https://redmine.pfsense.org/issues/7801 which separates mss clamping between VPN and other netwo... Marcos M
11:32 AM Bug #12310: WAN drop crashes OpenVPN, doesn't restart
Jim Pingle wrote in #note-2:
> I can't reproduce this here, there must be some other aspect of your configuration or... b b
07:29 AM Bug #12310 (Not a Bug): WAN drop crashes OpenVPN, doesn't restart
I can't reproduce this here, there must be some other aspect of your configuration or environment contributing to the... Jim Pingle
10:00 AM Todo #12314 (Feedback): Convert help shortcut links to server-side redirects
Applied in changeset commit:0f2df9bb9f781c0699a40681538e03515e915c7b. Jim Pingle
09:32 AM Todo #12314 (Resolved): Convert help shortcut links to server-side redirects
Currently all of the help page redirects reside in @/usr/local/www/help.php@ and if a new page is added between relea... Jim Pingle
09:42 AM Bug #12262 (Resolved): IPsec phase 1 entry with ``0.0.0.0`` as its remote gateway does not receive correct automatic firewall rules
Yes, the ESP rule is also there.... Marcos M
07:35 AM Bug #12262 (New): IPsec phase 1 entry with ``0.0.0.0`` as its remote gateway does not receive correct automatic firewall rules
I don't see the "inbound esp proto" rule in that file, only "inbound isakmp" and "inbound nat-t" so it appears to be ... Jim Pingle
08:09 AM Todo #12313: Upgrade OpenSSL to 1.1.1l
For things in the ports tree that get tracked in different ways it makes sense to have them noted that way, but for b... Jim Pingle
08:06 AM Todo #12313: Upgrade OpenSSL to 1.1.1l
I know the flow, I was curious about this fixes from upstream will be applied as they are high risk one. Also I saw a... DRago_Angel [InV@DER]
07:52 AM Todo #12313 (Closed): Upgrade OpenSSL to 1.1.1l
We pull in patches for those types of issues from FreeBSD directly as a part of the base system, which doesn't always... Jim Pingle
07:32 AM pfSense Docs Todo #12311 (Rejected): Feedback on pfSense Configuration Recipes — Using Software from FreeBSD
We don't plan on encouraging that practice so we aren't adding more details to the docs. Quite a few users have broke... Jim Pingle

08/29/2021

12:09 PM Bug #7801 (Pull Request Review): UDP fragments received over IPsec tunnel are not properly reassembled and forwarded
The following merge request addresses the two issues outlined in my previous comment:
https://gitlab.netgate.com/pfS... Marcos M
04:29 AM Todo #12313 (Closed): Upgrade OpenSSL to 1.1.1l
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3712
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021... DRago_Angel [InV@DER]

08/28/2021

06:39 PM Regression #12021: NoIP.com incorrectly encodes Dynamic DNS update credentials
This seems to cause 504 Gateway Timeouts in the webConfigurator, but still works on 21.05.1. Kris Phillips
03:02 PM Bug #12212 (Resolved): Disabled IPsec VTI interfaces are always created
fixed
ifconfig output does not show VTI interface if PH2 VTIs is disabled
2.6.0.a.20210828.0100
 Alhusein Zawi
01:02 PM Bug #12262: IPsec phase 1 entry with ``0.0.0.0`` as its remote gateway does not receive correct automatic firewall rules

> Is that what you expected to see?
>
> There should also be an ESP rule in addition to those two, is it present... Alhusein Zawi
11:49 AM pfSense Docs Correction #12312 (Closed): Correct Image Name for Netgate 6100 Reinstall Documentation
Documentation here: https://docs.netgate.com/pfsense/en/latest/solutions/netgate-6100/reinstall-pfsense.html
It st... Kris Phillips
11:16 AM Regression #12172 (Resolved): OpenVPN Wizard configuration missing recently added default values
Looks good now. Marcos M
08:45 AM pfSense Docs Todo #12311 (Rejected): Feedback on pfSense Configuration Recipes — Using Software from FreeBSD
*Page:* https://docs.netgate.com/pfsense/en/latest/recipes/freebsd-pkg-repo.html
*Feedback:*
This applies to PFse... paul vrdsp0

08/27/2021

10:02 PM Bug #12038: System attempts to start inactive services at boot
That does not and is not supposed to disable them. It stops them temporarily. That's working as intended. Jim Pingle
07:56 PM Bug #12038: System attempts to start inactive services at boot

disabled services will be enabled after rebooting
I disabled DNS Resolver and IPsec VPN services from Status>Servic... Alhusein Zawi
09:53 PM Revision 1394773d: Rename a few missing Netgate devices.
Super Micro XG-1537 -> Super Micro 1537
Super Micro XG-1541 -> Super Micro 1541 Luiz Souza
04:24 PM Bug #12310: WAN drop crashes OpenVPN, doesn't restart
(I forgot to note that, of course, I replugged the cable after OpenVPN crashed, and the WAN interface properly got a ... b b
04:21 PM Bug #12310 (Not a Bug): WAN drop crashes OpenVPN, doesn't restart
Under pfSense CE 2.50, with an active OpenVPN tunnel to my ISP's VPN, unplugging the WAN cable crashes the OpenVPN cl... b b
12:49 PM Revision 2c393b55: Add null check. Fixes #9092
If the value is undefined in config.xml this will be null, not an empty
string. Jim Pingle
11:42 AM pfSense Docs Todo #12309 (Closed): Add Light Pattern/Light Meaning for 6100 to Documentation Similar to Other Hardware
The Netgate 6100 docs has nothing documented regarding the light pattern on the face of the unit like other appliance... Kris Phillips
10:26 AM Bug #4418: IPsec mobile clients - bogus "p" appended to search domain
This Problem still exists as I ran into it since the last week.
v2.5.2-RELEASE
No difference if the unity plugi... R. St
09:19 AM Todo #12265: Improve uses of ``grep`` which utilize user-supplied patterns
Updating subject for release notes. Jim Pingle
07:55 AM Feature #9092 (Feedback): Option to set interval of forced Dynamic DNS updates
Applied in changeset commit:2c393b5581d0818ada0187b2af15debf0f95c118. Jim Pingle
07:44 AM Feature #9092 (New): Option to set interval of forced Dynamic DNS updates
This appears to have introduced a bug. Any time the Dynamic DNS update process is triggered, it forces an update:
... Jim Pingle
07:20 AM Bug #12095: Memory leak in pcscd
Charles Ng wrote in #note-11:
> I see the same log spam as described in https://redmine.pfsense.org/issues/12095#not... Jim Pingle
12:51 AM pfSense Packages Feature #12308 (New): Dynamicaly Update Firewall Aliases from OpenVPN LDAP Group membership of the connected user
I would like to propose a feature of dynamically update firewall aliases tables when a users connects to the openvpn ... Dimitris Frnty

08/26/2021

11:09 PM Bug #12095: Memory leak in pcscd
I see the same log spam as described in https://redmine.pfsense.org/issues/12095#note-4 if pcscd is stopped.
The l... Charles Ng
07:12 AM Bug #12095: Memory leak in pcscd
Uwe Dippel wrote in #note-9:
> Same-same. 7 days of uptime, over night it ramped up and killed DNS ('no space left')... Jim Pingle
06:32 AM Bug #12095: Memory leak in pcscd
Same-same. 7 days of uptime, over night it ramped up and killed DNS ('no space left'). 2.5.2-RELEASE (amd64) clean in... Uwe Dippel
03:38 PM Revision 0ef2ff26: Fix a typo in the Netgate 5100 name.
Luiz Souza
03:21 PM Revision df945787: Rename the Netgate devices.
XG-15xx -> 15xx
SG-5100 -> Netgate-5100 Luiz Souza
01:03 PM Revision fe72327b: Revert "Clean up some messy HTML in the cert/ca display code. Prep for future MVC changes."
This reverts commit 8d4fcd7ac1167894136e337fc619e63fa7200fa0. Jim Pingle
12:32 PM Bug #12307 (Resolved): Update cURL to address vulnerabilities in 7.76.1 in CE
Already done, on @pfSense-2.6.0.a.20210824.0500@:... Jim Pingle
11:53 AM Bug #12307 (Resolved): Update cURL to address vulnerabilities in 7.76.1 in CE
The version of cURL is 2.5.2 CE is vulnerable to multiple security issues.
See vulnerabilities here:
https://cu... Kris Phillips
12:29 PM Feature #10587: UPnP/NAT-PMP STUN configuration options
Updating subject for release notes. Jim Pingle
12:26 PM Regression #12048: Error during XMLRPC synchronization due to changes in ``pear-HTTP_Request2``
Updating subject, but also excluding from release notes since this was never a problem in a release.
 Jim Pingle
12:22 PM Regression #12239: Interfaces page does not show Wireless EAP client options
Updating subject for release notes. Jim Pingle
12:21 PM Regression #12234: Wireless Channel/Width Issues with GUI
Regressed and fixed during development, not in any release. Jim Pingle
12:19 PM Bug #12247: Viewing an AutoConfigBackup entry takes approximately 60 seconds to completely load
Updating subject for release notes. Jim Pingle
12:17 PM Regression #12245: Input validation error in system.php
Was a regression introduced after the last release and was never in a release, thus excluding from release notes. Jim Pingle
12:17 PM Bug #12134: Typo in crash reporter page
Updating subject, also excluding from release notes as it's only a text typo. Jim Pingle
12:15 PM Bug #12050: "GoTo line #" function does not work on ``diag_edit.php``
Updating subject for release notes. Jim Pingle
12:13 PM Bug #12049: Input validation incorrectly rejects a second IPv4-only GRE tunnel
Updating subject for release notes. Jim Pingle
12:11 PM Bug #12000: Remote log server input validation allows invalid values
Updating subject for release notes. Jim Pingle
12:10 PM Todo #11507: Update font formats to WOFF2
Updating subject for release notes. Jim Pingle
12:08 PM Todo #12235: ``pfSense-upgrade`` should reinstall all packages on new version upgrades
Updating subject for release notes. Jim Pingle
12:07 PM Bug #12038: System attempts to start inactive services at boot
Updating subject for release notes. Jim Pingle
12:07 PM Bug #12001: System attempts to stop inactive services at shutdown
Updating subject for release notes. Jim Pingle
12:04 PM Bug #12272: Duplicating a Port Forward does not copy "Filter Rule Association" values of "None" or "Pass"
Updating subject for release notes. Jim Pingle
12:03 PM Regression #12233: VIP network addresses are not expanded on Port Forward rules
Updating subject for release notes. Jim Pingle
12:02 PM Bug #12174: Firewall rule tabs load slowly when many rules on the tab utilize gateways
Updating subject for release notes. Jim Pingle
12:01 PM Bug #12168: 1:1 NAT rule with internal IP address of "Any" results in an invalid firewall rule
Updating subject for release notes. Jim Pingle
11:59 AM Bug #12164: IPv6 policy routing does not work if an IPsec tunnel phase 2 remote network is configured for ``::/0``
Updating subject for release notes. Jim Pingle
11:55 AM Regression #12110: PHP error in firewall_nat.inc on line 329
Not a problem in a release. Jim Pingle
11:54 AM Bug #11923: Input validation not working for 1:1 NAT entries using an alias as a destination
Updating subject for release notes. Jim Pingle
11:53 AM Feature #11439: IPv6 support in ``easyrule`` CLI script
Updating subject for release notes. Jim Pingle
11:52 AM Feature #9297: Graph for hardware temperature readings
Updating subject for release notes. Jim Pingle
11:51 AM Bug #12105: Packages are not automatically reinstalled when restoring configuration using the installer
Updating subject for release notes. Jim Pingle
11:45 AM Regression #12111: Crash report message displayed on dashboard. flock() expects parameter 1 to be resource, null given in /etc/inc/util.inc on line 166
Not a problem in a previous release. Jim Pingle
11:44 AM Feature #9877: QEMU Guest Agent
Excluding from release notes since it's only being built and there is no package for it yet. Jim Pingle
10:56 AM Bug #12020: OpenVPN RADIUS-based firewall rules use incorrect port ranges
Updating subject for release notes. Jim Pingle
10:54 AM Bug #12238: OpenVPN client connect/disconnect scripts are not used in Remote Access (SSL/TLS) mode
Updating subject for release notes. Jim Pingle
10:53 AM Bug #12232: OpenVPN status incorrect for TAP servers without a defined tunnel network
Updating subject for release notes. Jim Pingle
10:52 AM Todo #12218: Move "Description" option on OpenVPN server and client pages to top of the page, show internal instance ID
Updating subject for release notes. Jim Pingle
10:52 AM Bug #12192: OpenVPN does not clean up previous CA and CRL files
Updating subject for release notes. Jim Pingle
10:51 AM Regression #12172: OpenVPN Wizard configuration missing recently added default values
Updating subject for release notes. Jim Pingle
10:49 AM Bug #12076: OpenVPN RADIUS-based firewall rules do not use expected value for RADIUS-assigned IP addresses
Updating subject for release notes. Jim Pingle
10:47 AM Bug #11999: OpenVPN IPv6 tunnel network is not validated properly
Updating subject for release notes. Jim Pingle
10:47 AM Regression #11938: DNS Resolver does not add PTR record for OpenVPN clients
Updating subject for release notes. Jim Pingle
10:46 AM Feature #11935: Log external IP address of OpenVPN clients on connect and disconnect
Updating subject for release notes. Jim Pingle
10:41 AM Feature #11865: Option to validate OpenVPN peer TLS certificate key usage
Updating subject for release notes. Jim Pingle
10:38 AM Bug #11675: VLAN and QinQ edit pages allows selecting incompatible OpenVPN ``tun`` interfaces
Updating subject for release notes. Jim Pingle
10:35 AM Feature #12109: Option to suppress expiration notifications for revoked certificates
Updating subject for release notes. Jim Pingle
10:33 AM Bug #11701: Missing global ``$g`` declaration in ``config.lib.inc`` function ``pfSense_clear_globals()``
Updating subject for release notes. Jim Pingle
10:28 AM Feature #12213: Support SHA-256 hash NTP authentication
Updating subject for release notes. Jim Pingle
10:27 AM Feature #12118: Create a log entry when a configuration change occurs
Updating subject for release notes. Jim Pingle
10:25 AM Feature #12011: Disable log compression on new installations when ``/var/log`` is a ZFS dataset with compression enabled
Updating subject for release notes. Jim Pingle
10:23 AM Bug #9058: Kernel panic during L2TP retransmit
Updating subject for release notes. Jim Pingle
10:22 AM Bug #12253: IPv6 gateway for an interface is not shown on ``status_interfaces.php`` if the interface does not also have an IPv4 gateway
Updating subject for release notes. Jim Pingle
10:21 AM Bug #12252: IPv6 DNS servers from dynamic sources are not listed on ``status_interfaces.php``
Updating subject for release notes. Jim Pingle
10:20 AM Bug #12002: Boot messages contain entries about configuring LAGG/VLAN/QinQ interfaces even when no entries of those types are configured
Updating subject for release notes. Jim Pingle
10:18 AM Bug #11926: Advanced DHCP client configuration "Protocol timing" help text is in the wrong location
Updating subject for release notes. Jim Pingle
10:15 AM Regression #12100: Recent 2.6.0 development installers don't actually install
Regression introduced and fixed during development between releases. No need to include it in release notes. Jim Pingle
10:12 AM Bug #12159: "Default preferred lifetime" router advertisement validation check uses incorrect variable
Updating subject for release notes. Jim Pingle
08:43 AM Bug #12159: "Default preferred lifetime" router advertisement validation check uses incorrect variable
Updating subject for release notes. Jim Pingle
10:09 AM Todo #12289: Update "IPsec Filter Mode" option values and help text to reflect that VTI mode also helps transport mode (e.g. GRE)
Updating subject for release notes. Jim Pingle
10:07 AM Bug #12023: Mobile IPsec NAT/BINAT entries missing from firewall rules
Updating subject for release notes. Jim Pingle
10:06 AM Bug #12298: IPsec manual initiation and termination should use a timeout value or forced actions
Updating subject for release notes. Jim Pingle
10:06 AM Bug #12262: IPsec phase 1 entry with ``0.0.0.0`` as its remote gateway does not receive correct automatic firewall rules
Updating subject for release notes. Jim Pingle
10:04 AM Bug #12197: Mobile IPsec phase 1 should not display "Gateway duplicates" option
Updating subject for release notes. Jim Pingle
10:04 AM Feature #12169: IPsec keep alive option to initiate phase 2 without using ICMP
Updating subject for release notes. Jim Pingle
10:03 AM Feature #12169: IPsec keep alive option to initiate phase 2 without using ICMP
Updating subject for release notes. Jim Pingle
10:02 AM Bug #12198: Disabling an IPsec phase 1 entry does not disable related phase 2 entries
Updating subject for release notes. Jim Pingle
10:01 AM Bug #12196: IPsec settings fail to apply when a remote gateway is set to an FQDN and there are no DNS servers available
Updating subject for release notes. Jim Pingle
09:57 AM Bug #12195: IPsec writes CRL files when tunnel does not use certificates
Updating subject for release notes. Jim Pingle
09:57 AM Regression #12186: <br> tags shown in Status>IPsec
This regression was introduced in a commit made after the last release, so no need to include it in release notes. Jim Pingle
09:56 AM Bug #12155: Tunnels with conflicting REQID values can lead to multiple identical Child SA entries
Updating subject for release notes. Jim Pingle
09:52 AM Bug #11951: IPsec status fails when many tunnels are connected
Updating subject for release notes. Jim Pingle
09:42 AM Todo #12171: Upgrade to ``pkg`` 1.17.x
Updating subject for release notes. Jim Pingle
09:42 AM Bug #11653: Duplicate ``comconsole_port`` lines in ``/boot/loader.conf``
Updating subject for release notes. Jim Pingle
09:41 AM Feature #12194: Support Check IP services which return bare IP address values
Updating subject for release notes. Jim Pingle
09:39 AM Feature #12086: New Dynamic DNS Provider: deSEC
Updating subject for release notes. Jim Pingle
09:39 AM Bug #12007: Dynamic DNS cache expiration time check calculation method may cause update to happen on the wrong day
Updating subject for release notes. Jim Pingle
09:36 AM Feature #11978: New Dynamic DNS Provider: Strato
Updating subject for release notes. Jim Pingle
09:35 AM Todo #11976: Compliance with pfSense style guide in Dynamic DNS service code
No need to include this in release notes Jim Pingle
09:34 AM Bug #11816: RFC 2136 Dynamic DNS client uses IPv6 alias VIP instead of Track IPv6 address for AAAA records
Updating subject for release notes. Jim Pingle
09:33 AM Feature #9341: Support DNS Made Easy authentication without a username
Updating subject for release notes. Jim Pingle
09:32 AM Feature #9092: Option to set interval of forced Dynamic DNS updates
Updating subject for release notes. Jim Pingle
09:30 AM Feature #12269: Include firewall rules from packages which failed to load in status output
Updating subject for release notes. Jim Pingle
09:27 AM Bug #12256: Sanitize WireGuard private and pre-shared keys in status output
Updating subject for release notes. Jim Pingle
09:20 AM Bug #12241: System Information widget unnecessarily polls data for hidden items
Updating subject for release notes. Jim Pingle
09:18 AM Regression #11316: Unbound crashes with signal 11 when reloading
Updating subject for release notes. Jim Pingle
09:16 AM Bug #12280: Default IPv6 router advertisement intervals and lifetime are too low
Updating subject for release notes. Jim Pingle
09:15 AM Bug #12277: DHCPv6 Server should not offer configuration options for unsupported PPPoE Server interfaces
Updating subject for release notes. Jim Pingle
09:13 AM Bug #11905: DHCPv4 server configuration does not include ARM TFTP filenames
Updating subject for release notes. Jim Pingle
09:13 AM Feature #11659: Support for UEFI HTTP Boot option in DHCPv4 Server
Updating subject for release notes. Jim Pingle
09:11 AM Bug #11581: Cannot configure WAN IP address with ``/32`` CIDR mask via console menu
Updating subject for release notes. Jim Pingle
09:09 AM Bug #12041: Certificate Manager shows incorrect DN for imported entries with UTF-8 encoding
Updating subject for release notes. Jim Pingle
09:08 AM Bug #12034: Certificate Manager performs redundant escaping of special characters in certificate DN fields
Updating subject for release notes. Jim Pingle
09:05 AM Bug #11922: Certificate manager reports CA as in use by an LDAP server when LDAP is not configured for TLS
Updating subject for release notes. Jim Pingle
09:04 AM Bug #11831: Certificate Revocation tab does not list active users of CRL entries
Updating subject for release notes. Jim Pingle
08:59 AM Bug #11894: Vouchers may expire too early when using RAM disks
Updating subject for release notes. Jim Pingle
08:53 AM Bug #12227: Changing VHID on CARP VIP does not update VHID of related IP Alias VIPs
Updating subject for release notes. Jim Pingle
08:51 AM Bug #12202: When a CARP VIP VHID change is synchronized to a secondary node, the CARP VIP is removed from the interface and the old VHIDs remain active
Updating subject for release notes. Jim Pingle
08:47 AM Bug #11727: Cannot enter persistent CARP maintenance mode when CARP is disabled
Updating subject for release notes. Jim Pingle
08:45 AM Feature #12094: Suppress kernel messages for ``lo0`` configuration during boot
Updating subject for release notes. Jim Pingle
08:42 AM Todo #12060: Remove deprecated ``libzmq`` code and references
Updating subject for release notes. Jim Pingle
08:40 AM Bug #11946: Custom value for AutoConfigBackup schedule Hours is not shown when loading the settings page
Updating subject for release notes. Jim Pingle
08:38 AM Bug #11909: Output from reboot process is printed on Backup & Restore page when restoring a configuration file
Updating subject for release notes. Jim Pingle
08:36 AM Feature #12226: Copy button for group entries in the User Manager
Updating subject for release notes. Jim Pingle
08:33 AM Todo #10298: Use SHA-512 for user password hashes
Updating subject and tracker for release notes. Jim Pingle
08:30 AM Bug #12177: When attempting to delete an in-use alias, input validation only prints the first item using the alias in the error message
Updating subject for release notes. Jim Pingle
08:25 AM Bug #12124: Creating or editing aliases fails with multiple hosts separated by spaces
Updating subject for release notes. Jim Pingle
08:24 AM Bug #4893: Error loading rules when URL Table Ports content is empty
Updating subject for release notes. Jim Pingle
08:05 AM Regression #12306 (Feedback): Certificate info block has CA info, not certificate info
Per Steve B, reverted that commit. Jim Pingle
07:55 AM Regression #12306 (Resolved): Certificate info block has CA info, not certificate info
On system_certmanager.php the info block for the certificate appears to be printing the CA info and not the certifica... Jim Pingle

08/25/2021

04:10 PM Bug #12095: Memory leak in pcscd
Can confirm the bug on my system. Was a clean upgrade from the last version.
2.5.2-RELEASE (amd64)
built on Fri Jul 0... Michael Smith

08/24/2021

05:19 PM Bug #7801 (Feedback): UDP fragments received over IPsec tunnel are not properly reassembled and forwarded
I was able to test this fix and noticed there are two issues which I needed to work around in order for large df-bit-... Marcos M
01:33 PM Revision 7628b091: Increase default RA intervals. Fixes #12280
Jim Pingle
01:24 PM Revision a1eef308: Increase default RA intervals. Fixes #12280
This code path was not included in the original diff. Jim Pingle
01:12 PM Revision 99dfecb7: radvd: Avoid empty AdvDNSSLLifetime (Fixes #12173)
Make sure $raadvdnsslifetime is defined on second foreach Renato Botelho
12:19 PM Bug #12141: Lack of DNS or Internet connectivity causes GUI to be slow
I tried reproducing this on a lab. The gateway is online but pfSense is not able to reach any internet resources (inc... Marcos M
08:46 AM Regression #12028 (Resolved): SNMP daemon issues with pf nvlist changes
This is fine on current snapshots.
No errors in SNMP logs. SNMP queries return expected results. @libpfctl.so.5@ i... Jim Pingle
08:39 AM Regression #12057 (Feedback): 21.09/2.6.0 - High CPU usage and slowness with ``pfctl -ss``
All the relevant changes should be in current snapshots, may need additional testing/confirmation but we likely have ... Jim Pingle
08:36 AM Regression #12288: GRE and GIF tunnel inside addresses are missing at the OS level after applying changes on assigned interfaces
Target can be moved ahead if pressed for time. Nice to fix, but there is a viable workaround so not critical. Jim Pingle
08:35 AM Bug #12280 (Feedback): Default IPv6 router advertisement intervals and lifetime are too low
Applied in changeset commit:a1eef30841b11020c41e02d0bcf1db659852a0ae. Jim Pingle
08:23 AM Bug #12280 (In Progress): Default IPv6 router advertisement intervals and lifetime are too low
There are more lines that didn't get updated along a different code path. Near line 382 and 387. Jim Pingle
08:28 AM Feature #12300 (New): Add Aquantia Atlantic driver to pfsense
Following discussion from https://forum.netgate.com/topic/166048/tp-link-tx401-supported
Add TP-Link driver (aQuanti... ageekhere ageekhere
08:15 AM Bug #12173 (Feedback): IPv6 RA DNSSL lifetime is too short, not compliant with RFC 8106
Applied in changeset commit:99dfecb734b11b1729e58cf650df8d058b300732. Renato Botelho
08:09 AM Bug #11539: Mobile IPsec ``split_include`` value of ``0.0.0.0/0`` causes some clients to fail
There are other changes in 21.09 which may fix this, but leaving it open and moving target for now in case it needs a... Jim Pingle
08:00 AM Feature #12092: Utilize new ``pfctl`` abilities to kill states
Moving ahead, still needs more thought/planning about how best to approach this Jim Pingle
07:59 AM Bug #11296: Static route targets may still reachable via default route when the gateway they should route through is down
Moving ahead, too close to release to make another attempt at this and have enough time to validate the change in beh... Jim Pingle
07:59 AM Bug #11091: Interfaces set as disabled in the configuration have an UP status in the operating system at boot
Moving ahead, too close to release to make another attempt at this and have enough time to validate the change in beh... Jim Pingle
07:46 AM pfSense Plus Regression #11995 (Closed): UPnP/NAT-PMP not functioning on 32-bit ARM
This was fixed before 21.05.1 Jim Pingle
03:09 AM pfSense Packages Bug #12126: freeradius3 0.15.7_31
Hi sorry for the delay.
I've used 0.15.7_32 package version and got the same behavior:
sql nas table is read but ... Alexis Pellicier

08/23/2021

08:53 PM Revision bc642d63: Log settings help text update. Implements #12012
* Improve notes about disk usage
* Add more calculations to estimate potential usage
* Improve notes about when to us... Jim Pingle
07:36 PM Revision dd8d9e23: Disable newsyslog compression w/ZFS. Issue #12011
ZFS compresses /var/log by default. If the ZFS dataset /var/log has
compression enabled on the first boot post instal... Jim Pingle
07:34 PM Revision cf5ee828: Update default config.xml empty tags. Fixes #12299
Reduces the difference between the stock config.xml and what is
written after initial changes are made to the config ... Jim Pingle
07:34 PM Revision 6fab2f23: Update default config.xml. Issue #12299
* Update configuration revision value
* Use new default password hash format Jim Pingle
04:20 PM Revision 41a43f7a: Add missing quotes
Renato Botelho
04:19 PM Revision 062a7598: Replace - by _ on repository path
Renato Botelho
04:05 PM Todo #12012 (Feedback): Improve log settings help text for file size, compression, and retention count
Applied in changeset commit:bc642d63848f67a2f35f977b7bc66bc91508a56c. Jim Pingle
04:00 PM Feature #12011 (Feedback): Disable log compression on new installations when ``/var/log`` is a ZFS dataset with compression enabled
Change is in now, GUI text is coming in #12012
Needs tested a few ways:
* Clean install with ZFS should have l... Jim Pingle
03:18 PM Revision b06e79a6: Followup e324755bee, combine sed and add g flag
Renato Botelho
03:10 PM Revision e324755b: poudriere upstream is not supporting dashes in ports tree names.
This is to prevent issues with sets, so we need to respect the change
https://github.com/freebsd/poudriere/issues/897 Brad Davis
02:49 PM Regression #11470 (Feedback): Panic when using CBQ traffic shaping
I've not been able to reproduce this yet. I'd expect it to happen around the borrowing code of CBQ, where it starts o... Kristof Provost
02:40 PM Todo #12299 (Feedback): Update default ``config.xml``
Applied in changeset commit:cf5ee828686e6feb61fa9c27c61a06497896c551. Jim Pingle
02:06 PM Todo #12299 (Resolved): Update default ``config.xml``
The default configuration file in @/conf.default/config.xml@ is behind the current config revision.
Very few thing... Jim Pingle
01:52 PM Revision 953aba88: Don't wait on manual IPsec actions. Fixes #12298
Use a timeout with swanctl --initiate, and use --force for swanctl
--terminate. This will allow the commands to succe... Jim Pingle
01:17 PM Feature #12070: Support for VLAN ``0``
Anything that would potentially touch VLAN0 needs to be aware of potential security problems with it as well:
* ht... Jim Pingle
10:11 AM pfSense Packages Feature #12297 (Feedback): Suricata: show actual GID:SID rule on click
PR has been merged into devel branches. Thanks! Renato Botelho
09:43 AM Regression #12288: GRE and GIF tunnel inside addresses are missing at the OS level after applying changes on assigned interfaces
Also worth noting that the addresses are present when the GRE is first created, and only disappear after assigning/en... Jim Pingle
09:00 AM Bug #12298 (Feedback): IPsec manual initiation and termination should use a timeout value or forced actions
Applied in changeset commit:953aba88ede593dba2d05fefed879acce5dfde83. Jim Pingle
08:38 AM Bug #12298 (Resolved): IPsec manual initiation and termination should use a timeout value or forced actions
Connecting or disconnecting IPsec P1/P2 entries from the status page, widget, or keep alive uses a command such as @s... Jim Pingle
08:16 AM pfSense Packages Bug #12293 (Feedback): Resolve host via Reverse DNS looks shows IDN domains as punnycode
PR has been merged into devel branches. Thanks! Renato Botelho
08:16 AM pfSense Packages Feature #10809 (Feedback): IDS/IPS - Notifications when new rule categories are released
PR has been merged into devel branches. Thanks! Renato Botelho
08:16 AM pfSense Packages Feature #12292 (Feedback): GeoIP look on the Alerts, Blocked and Files pages
PR has been merged into devel branches. Thanks! Renato Botelho
07:42 AM Bug #12294 (Not a Bug): userland calling deprecated sysctl, please rebuild world pfsense
Almost certainly something leftover in your configuration. Your configuration has a large section of tunable values, ... Jim Pingle
07:32 AM Bug #12256 (Resolved): Sanitize WireGuard private and pre-shared keys in status output
Jim Pingle
07:31 AM Bug #12295 (Not a Bug): Gateway RTT of gateways added through packages (OpenVPN and Wireguard) seem off
There is no difference in monitoring for gateways based on their source like that. It's almost certainly due to diffe... Jim Pingle
07:25 AM Bug #12262: IPsec phase 1 entry with ``0.0.0.0`` as its remote gateway does not receive correct automatic firewall rules
Alhusein Zawi wrote in #note-5:
> # VPN Rules
> pass in on $WAN proto udp from 0.0.0.0/0 to (self) port = 500 tr... Jim Pingle
07:20 AM Todo #12145: Convert RAM disks to ``tmpfs``
Darin May wrote in #note-6:
> Would anything need to change in the dashboard UI code to display tempfs vs ufs where ... Jim Pingle
07:19 AM Feature #12291 (Pull Request Review): Support for Slack notifications
Jim Pingle

08/22/2021

02:40 PM pfSense Packages Feature #12297: Suricata: show actual GID:SID rule on click
https://github.com/pfsense/FreeBSD-ports/pull/1102 Viktor Gurov
02:38 PM pfSense Packages Feature #12297 (Resolved): Suricata: show actual GID:SID rule on click
It would be helpful to see the actual rule affecting the alert via clicking on GID:SID on the Alert page. Viktor Gurov
01:48 PM Todo #12296: Explicitly state where AutoConfigBackup stores encrypted backup data
I did not intend for this to be created as bug, but as an enhancement. I am also aware this is clearly stated here: h... Tyler Montney
01:47 PM Todo #12296 (Resolved): Explicitly state where AutoConfigBackup stores encrypted backup data
Under Services > Auto Configuration Backup > Settings, it should be clearly stated that backups are sent to Netgate r... Tyler Montney
02:41 AM Bug #12294: userland calling deprecated sysctl, please rebuild world pfsense
Kris Phillips wrote in #note-1:
> Hello,
>
> Please be aware that you have uploaded your configuration file unred... itfabrica Tech

08/21/2021

09:48 PM Bug #12256: Sanitize WireGuard private and pre-shared keys in status output
Applied patch in 21.05.1. Private keys were properly removed when generating a status report when they were not befo... Kris Phillips
09:46 PM pfSense Packages Bug #12251: Wireguard 0.1.5 - ignores "KeepAlive" parameter if empty (instead of disabling)
Hmm, seems like 86400 is not a valid value after all. It got silently accepted but eventually caused the tunnel to fa... → luckman212
09:39 PM Bug #12294: userland calling deprecated sysctl, please rebuild world pfsense
Hello,
Please be aware that you have uploaded your configuration file unredacted to the public internet. This is ... Kris Phillips
02:17 PM Bug #12294 (Not a Bug): userland calling deprecated sysctl, please rebuild world pfsense
Hello!
After update pfsense to 2.5.2 i have this error
userland calling deprecated sysctl, please rebuild world pfs... itfabrica Tech
09:36 PM Bug #12295: Gateway RTT of gateways added through packages (OpenVPN and Wireguard) seem off
If your gateway has very low latency, either due to a double NAT or because your static IP block is a routed subnet a... Kris Phillips
02:41 PM Bug #12295 (Not a Bug): Gateway RTT of gateways added through packages (OpenVPN and Wireguard) seem off
Hi,
When looking at RTT in widgets or when extracting information via dpinger it looks as if the latency is very l... Faan DG
09:28 PM Bug #12141: Lack of DNS or Internet connectivity causes GUI to be slow
Still seeing this randomly with customer firewalls. If the WAN interface is disabled or physically disconnected, the... Kris Phillips
03:14 PM Bug #12262: IPsec phase 1 entry with ``0.0.0.0`` as its remote gateway does not receive correct automatic firewall rules
# VPN Rules
pass in on $WAN proto udp from 0.0.0.0/0 to (self) port = 500 tracker 1000105301 keep state label "IP... Alhusein Zawi
02:58 PM pfSense Packages Bug #12293: Resolve host via Reverse DNS looks shows IDN domains as punnycode
https://github.com/pfsense/FreeBSD-ports/pull/1101 Viktor Gurov
09:29 AM pfSense Packages Bug #12293 (Resolved): Resolve host via Reverse DNS looks shows IDN domains as punnycode
"Resolve host via Reverse DNS" shows IDN domains as punnycode,
i.e. "xn--80a1acny.xn--p1ai" instead of "почта.рф" Viktor Gurov
02:29 PM Todo #12145: Convert RAM disks to ``tmpfs``
Would anything need to change in the dashboard UI code to display tempfs vs ufs where appropriate, or is it already d... Loh Phat
12:50 PM Bug #12197 (Resolved): Mobile IPsec phase 1 should not display "Gateway duplicates" option
Tested on the:... Danilo Zrenjanin
08:36 AM pfSense Packages Feature #12292: GeoIP look on the Alerts, Blocked and Files pages
https://github.com/pfsense/FreeBSD-ports/pull/1100 Viktor Gurov
04:34 AM pfSense Packages Feature #12292 (Resolved): GeoIP look on the Alerts, Blocked and Files pages
It would be nice to add a "glob" icon near SRC/DST IP to check Country, State, City, Latitude, Longitude via GeoIP se... Viktor Gurov
06:21 AM Feature #12291: Support for Slack notifications
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/353 Viktor Gurov
01:34 AM Feature #12291 (Resolved): Support for Slack notifications
it would be nice to add Slack notifications
sample code:... Viktor Gurov
05:16 AM pfSense Packages Feature #10809: IDS/IPS - Notifications when new rule categories are released
https://github.com/pfsense/FreeBSD-ports/pull/1099 Viktor Gurov
04:47 AM Bug #12224 (Resolved): OpenVPN page allows to delete/disable instance with an assigned interface
Tested on the:... Danilo Zrenjanin
03:11 AM Bug #12000 (Resolved): Remote log server input validation allows invalid values
Re-tested on the:... Danilo Zrenjanin

08/20/2021

09:57 PM Feature #12290 (Resolved): Add ``librdkafka`` package to the pfSense package repository
A customer has requested the librdkafka package be added to the repos for nProbe and ntopng.
https://freebsd.pkg... Kris Phillips
08:11 PM Bug #12173: IPv6 RA DNSSL lifetime is too short, not compliant with RFC 8106
Jim Pingle wrote in #note-5:
> See notes on PR about problematic behavior after this was merged.
fix:
https://gi... Viktor Gurov
01:18 PM Bug #12173: IPv6 RA DNSSL lifetime is too short, not compliant with RFC 8106
See notes on PR about problematic behavior after this was merged. Jim Pingle
01:17 PM Bug #12173 (In Progress): IPv6 RA DNSSL lifetime is too short, not compliant with RFC 8106
Jim Pingle
07:27 PM Bug #12272 (Resolved): Duplicating a Port Forward does not copy "Filter Rule Association" values of "None" or "Pass"
fixed
clone function copy None and Pass value .
2.6.0.a.20210820.0100
 Alhusein Zawi
04:06 PM Revision 583062bf: IPv6 fix for setdefaultgateway(). Issue #12282
Viktor Gurov
03:48 PM Regression #11470: Panic when using CBQ traffic shaping
I believe I am hitting the same issue. I have included dump files that was generated.
I have enabled CBQ on 7 inte... Reymond Rivera
03:23 PM Regression #11470: Panic when using CBQ traffic shaping
If anyone can provide steps to replicate this please do so. It's 'just working' for me locally. Steve Wheeler
02:11 PM Revision 3ff300c6: Change /var/run to tmpfs. Implements #12145
Jim Pingle
02:01 PM Revision f873a4ef: Update IPsec Filter Mode text. Implements #12289
VTI mode also works for transport mode (e.g. GRE), so note that as well. Jim Pingle
10:44 AM Feature #2668 (Pull Request Review): Support aliases in OpenVPN local/remote/tunnel network fields
Not merged yet Jim Pingle
10:38 AM Feature #2668 (Feedback): Support aliases in OpenVPN local/remote/tunnel network fields
The updated patch looks good now.
Aliases work as expected. Servers are restarted as expected with warnings to the... Steve Wheeler
09:20 AM Todo #12145 (Feedback): Convert RAM disks to ``tmpfs``
Applied in changeset commit:3ff300c630e9decc06d7640136260d07ad566c19. Jim Pingle
09:05 AM Todo #12145 (In Progress): Convert RAM disks to ``tmpfs``
Systems using RAM disks are good now, but on systems not using RAM disks, /var/run is still using md/ufs. Jim Pingle
09:10 AM Todo #12289 (Feedback): Update "IPsec Filter Mode" option values and help text to reflect that VTI mode also helps transport mode (e.g. GRE)
Applied in changeset commit:f873a4ef207dfd3ab29c4c80f225df20decf4a50. Jim Pingle
09:01 AM Todo #12289 (Resolved): Update "IPsec Filter Mode" option values and help text to reflect that VTI mode also helps transport mode (e.g. GRE)
Turns out that the *IPsec Filter Mode* option on *VPN > IPsec*, *Advanced Settings* tab also works to allow two-way f... Jim Pingle
09:04 AM Regression #12287 (Feedback): State table entry rule ID does not contain the expected value
That's an endianness issue. The kernel converts several fields to network-endianness, and the (userspace) libpfctl li... Kristof Provost
08:22 AM Regression #12287 (Resolved): State table entry rule ID does not contain the expected value
On snapshots the rule number in the state table data does not contain the expected value... Jim Pingle
08:46 AM Bug #4479: Firewall rules won't match GRE interface after applying IPSEC transport encryption on GRE tunnel
This is similar, if not identical, to #8686 -- and the same workaround functions for both, it turns out.
You can m... Jim Pingle
08:27 AM pfSense Packages Bug #12286: Add support for ntlm_auth in LDAP
I don't think we want to even consider putting the samba package in even as a dependency. Too much potential for abuse. Jim Pingle
08:17 AM pfSense Packages Bug #12286: Add support for ntlm_auth in LDAP
see also #10415 Viktor Gurov
08:11 AM pfSense Packages Bug #12286: Add support for ntlm_auth in LDAP
The Samba package should be added to @/tools/conf/pfPorts/poudriere_bulk@ to fix this issue and implement Squid NTLM ... Viktor Gurov
07:10 AM pfSense Packages Bug #12286 (New): Add support for ntlm_auth in LDAP
The FreeRADIUS Package currently provides LDAP Authorisation/Authentication.
Some vendors like Mikrotik uses only MS... Vladislav Kulikov
08:26 AM Regression #12288 (Closed): GRE and GIF tunnel inside addresses are missing at the OS level after applying changes on assigned interfaces
Starting from scratch if you create a new GRE interface and assign+enable it, the inner address on the tunnel interfa... Jim Pingle
08:22 AM pfSense Packages Feature #11531 (Feedback): Show netmap compatible cards in IPS Mode note
PR has been merged. Thanks! Renato Botelho
08:22 AM pfSense Packages Feature #12285 (In Progress): Add more EVE Logged Traffic protocols
Reverted for now since it requires binary 6.x Renato Botelho
07:52 AM pfSense Packages Feature #12285 (Feedback): Add more EVE Logged Traffic protocols
PR has been merged. Thanks! Renato Botelho
04:46 AM pfSense Packages Feature #12285: Add more EVE Logged Traffic protocols
https://github.com/pfsense/FreeBSD-ports/pull/1095 Viktor Gurov
02:03 AM pfSense Packages Feature #12285 (Resolved): Add more EVE Logged Traffic protocols
The current version of Suricata does not allow you to select the FTP, FTP_DATA, RFB and HTTP2 log types.
see https:/... Viktor Gurov
07:52 AM pfSense Packages Bug #6964 (Feedback): Host OS Policy Assignment broken when using "Import" or "Aliases" buttons
PR has been merged. Thanks! Renato Botelho
07:52 AM pfSense Packages Feature #10872 (Feedback): Add adjustable notification for Severity Alert
PR has been merged. Thanks! Renato Botelho
06:04 AM pfSense Packages Feature #10872: Add adjustable notification for Severity Alert
https://github.com/pfsense/FreeBSD-ports/pull/1096 Viktor Gurov
07:52 AM pfSense Packages Feature #9852 (Feedback): show File-Store directory listing
PR has been merged. Thanks! Renato Botelho
07:15 AM pfSense Docs Todo #12275 (Resolved): Feedback on Firewall — Aliases
PR Merged. Jim Pingle
01:27 AM pfSense Docs Todo #12275: Feedback on Firewall — Aliases
https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/21 Viktor Gurov
07:14 AM Bug #12282 (Pull Request Review): Default IPv4 gateway may be set to IPv6 gateway value in certain cases
Jim Pingle
12:20 AM Bug #12282: Default IPv4 gateway may be set to IPv6 gateway value in certain cases
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/351 Viktor Gurov
12:14 AM Bug #12282 (Closed): Default IPv4 gateway may be set to IPv6 gateway value in certain cases
setdefaultgateway() may set IPv6 gateway as a IPv4 gateway in some cases,
see https://github.com/pfsense/pfsense/blo... Viktor Gurov
05:20 AM Revision 762d3cc9: Increase default IPv6 router advertisement (RA) intervals and lifetime. Fixes #12280
Viktor Gurov
01:52 AM pfSense Docs Correction #12284 (Closed): Feedback on Packages — OpenVPN Client Export Package
*Page:* https://docs.netgate.com/pfsense/en/latest/packages/openvpn-client-export.html
*Feedback:*
Help page is... Viktor Gurov
01:15 AM Bug #12283 (New): LDAP/RADIUS authentication servers configuration does not allow source IP address to be specified
This is a limitation of the Auth_RADIUS package and @ldap_connect()@
But this is required in some cases - when mul... Viktor Gurov
12:55 AM Bug #12280 (Feedback): Default IPv6 router advertisement intervals and lifetime are too low
Applied in changeset commit:762d3cc938d890a05d69e5324b0cf7d2ecea55a1. Viktor Gurov

08/19/2021

06:59 PM Revision d566427f: Convert RAM disks to tmpfs. Implements #12145
Jim Pingle
02:05 PM Todo #12145 (Feedback): Convert RAM disks to ``tmpfs``
Applied in changeset commit:d566427f1b210e9ce08ed9be376b0919c113e83b. Jim Pingle
12:18 PM Regression #12217 (Resolved): Kernel panic in IPFW when using Captive Portal
Things are still stable here after running a couple days and also updating again. Closing this out for now, will reop... Jim Pingle
11:35 AM pfSense Packages Bug #6964 (Pull Request Review): Host OS Policy Assignment broken when using "Import" or "Aliases" buttons
Jim Pingle
10:57 AM pfSense Packages Bug #6964: Host OS Policy Assignment broken when using "Import" or "Aliases" buttons
fix:
https://github.com/pfsense/FreeBSD-ports/pull/1094 Viktor Gurov
09:03 AM pfSense Packages Feature #12281 (Pull Request Review): Add support for Telegram/Pushover notifications
Jim Pingle
08:43 AM pfSense Packages Feature #12281: Add support for Telegram/Pushover notifications
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/121 Viktor Gurov
01:04 AM pfSense Packages Feature #12281 (New): Add support for Telegram/Pushover notifications
NUT doesn't send notifications to a Telegram/Pushover backend, even when the Telegram/Pushover configuration is set u... Viktor Gurov
09:03 AM pfSense Packages Bug #12264 (Pull Request Review): Stray <table> line in squid_monitor.php
Jim Pingle
06:48 AM pfSense Packages Bug #12264: Stray <table> line in squid_monitor.php
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/120 Viktor Gurov
08:57 AM Bug #12280 (Pull Request Review): Default IPv6 router advertisement intervals and lifetime are too low
Jim Pingle
01:00 AM Bug #12280: Default IPv6 router advertisement intervals and lifetime are too low
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/350 Viktor Gurov
08:01 AM pfSense Packages Feature #9852 (Pull Request Review): show File-Store directory listing
Jim Pingle
06:31 AM pfSense Packages Feature #9852: show File-Store directory listing
https://github.com/pfsense/FreeBSD-ports/pull/1093 Viktor Gurov
07:13 AM pfSense Packages Bug #12157: Snort exits with Signal 10 on 32bit ARM platforms
I've cherry-picked fixed snort to 21.05.1 Renato Botelho
05:55 AM pfSense Packages Bug #11961 (Feedback): FRR OSPF add unwanted area 0 authentication to router ospf
PR has been merged. Thanks! Renato Botelho
05:54 AM pfSense Packages Bug #12276 (Feedback): Incorrect OSPF/OSPF6 status links
PR has been merged. Thanks! Renato Botelho
05:52 AM pfSense Packages Regression #12278 (Feedback): Invalid plugin_certificates() function name
PR has been merged. Thanks! Renato Botelho
05:49 AM pfSense Packages Bug #12263 (Feedback): Snort package unable to save a new or edited Pass List when Language is set for anything other than English
PR merged Renato Botelho
05:14 AM Revision 923399be: Allow to use nested URL alias in URL alias. Fixes #11863
Viktor Gurov
05:05 AM Revision 21088d3f: Port Forward None and Pass associated filter rule copy. Fixes #12272
Viktor Gurov
05:01 AM Revision 653529c3: Do not allow to select PPPoE Server interfaces on the DHCPv6 Server page. Fixes #12277
Viktor Gurov
12:45 AM Bug #12195 (Resolved): IPsec writes CRL files when tunnel does not use certificates
works as expected on 2.6.0.a.20210818.0500 Viktor Gurov
12:43 AM Feature #12269 (Resolved): Include firewall rules from packages which failed to load in status output
2.6.0.a.20210818.0500 works as expected
Firewall-Generated Package Invalid Ruleset squid:... Viktor Gurov
12:20 AM Bug #11863 (Feedback): Unable to create nested URL aliases
Applied in changeset commit:923399be686420e2cb0ef8886dc305353ac843a9. Viktor Gurov
12:15 AM Bug #12272 (Feedback): Duplicating a Port Forward does not copy "Filter Rule Association" values of "None" or "Pass"
Applied in changeset commit:21088d3fac4073c45ea2d02e44b149843a547de3. Viktor Gurov
12:10 AM Bug #12277 (Feedback): DHCPv6 Server should not offer configuration options for unsupported PPPoE Server interfaces
Applied in changeset commit:653529c381645756551dd77b4838478bbfc06e63. Viktor Gurov

08/18/2021

11:58 PM Bug #12280: Default IPv6 router advertisement intervals and lifetime are too low
same values (200/600/1800) on:
Cisco:
https://www.cisco.com/c/en/us/td/docs/security/asa/asa94/config-guides/cli/... Viktor Gurov
08:32 PM Bug #12280 (Resolved): Default IPv6 router advertisement intervals and lifetime are too low
Related forum thread here:
https://forum.netgate.com/topic/165744/why-are-the-default-ra-intervals-and-lifetime-valu... Offstage Roller
08:11 PM Revision cf757a80: Regex cleanup should also kill {}. Fixes #12257
It's not used often (and less in the GUI) and can be a source of
problems with large numbers of repetitions even outs... Jim Pingle
04:17 PM Revision aed495bd: Merge remote-tracking branch 'origin/fix/12279'
Jim Pingle
04:12 PM Revision a38556ff: Use SHA512 to hash user password. Implements #10298
Original commit by Viktor Gurov Jim Pingle
03:00 PM pfSense Packages Regression #12278 (Pull Request Review): Invalid plugin_certificates() function name
Jim Pingle
07:33 AM pfSense Packages Regression #12278: Invalid plugin_certificates() function name
fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/119 Viktor Gurov
07:21 AM pfSense Packages Regression #12278 (Resolved): Invalid plugin_certificates() function name
... Viktor Gurov
02:59 PM Bug #12277 (Pull Request Review): DHCPv6 Server should not offer configuration options for unsupported PPPoE Server interfaces
Jim Pingle
07:06 AM Bug #12277: DHCPv6 Server should not offer configuration options for unsupported PPPoE Server interfaces
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/348 Viktor Gurov
06:48 AM Bug #12277 (Resolved): DHCPv6 Server should not offer configuration options for unsupported PPPoE Server interfaces
If you start PPPoE Server and try to configure the POES interface for DHCP6, an error occurs:... Viktor Gurov
02:58 PM pfSense Packages Bug #12276 (Pull Request Review): Incorrect OSPF/OSPF6 status links
Jim Pingle
05:48 AM pfSense Packages Bug #12276: Incorrect OSPF/OSPF6 status links
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/118 Viktor Gurov
05:40 AM pfSense Packages Bug #12276 (Resolved): Incorrect OSPF/OSPF6 status links
frr_ospf_areas.xml and frr_ospf_interfaces.xml contain `status_frr.php` link instead of `status_frr.php?protocol=ospf... Viktor Gurov
02:57 PM pfSense Packages Bug #11961 (Pull Request Review): FRR OSPF add unwanted area 0 authentication to router ospf
Jim Pingle
05:46 AM pfSense Packages Bug #11961: FRR OSPF add unwanted area 0 authentication to router ospf
fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/117 Viktor Gurov
02:44 PM Revision c9285e9f: Fixes #12279
Christian McDonald
02:24 PM Todo #12145: Convert RAM disks to ``tmpfs``
Updated the diff for testing but hit another thing we need to account for.
Currently we check if there is sufficient... Jim Pingle
01:58 PM Revision 7be7d84e: Ensure Unbound python script exists. Fixes #12274
Check to make sure a referenced python script exsits before attempting
to use it in the Unbound configuration. If the... Jim Pingle
01:54 PM pfSense Packages Bug #12157 (Resolved): Snort exits with Signal 10 on 32bit ARM platforms
This appears to be fixed. I've been running it for several days now and previously it would not run for longer than a... Steve Wheeler
12:09 PM Bug #12241: System Information widget unnecessarily polls data for hidden items
B D wrote in #note-5:
> But since the System Information widget can't ever be removed -- that means its performance ... Viktor Gurov
11:30 AM Todo #10298 (Feedback): Use SHA-512 for user password hashes
Applied in changeset commit:a38556ffba0f8d6cf3f61bd7469ebbb922fd3f64. Jim Pingle
09:55 AM Regression #12279 (Feedback): Uninitialized config array and escaped html in ipsec widget
Applied in changeset commit:c9285e9fff6dafb3124acfbe385641bea2d77b1a. Christian McDonald
09:45 AM Regression #12279 (Pull Request Review): Uninitialized config array and escaped html in ipsec widget
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/349 Christian McDonald
09:43 AM Regression #12279 (Resolved): Uninitialized config array and escaped html in ipsec widget
See screenshot. Christian McDonald
09:05 AM Bug #12274 (Feedback): Unbound fails to start if its configuration references a python script which does not exist
Applied in changeset commit:7be7d84ecf8afb2f5fd51ea0b67f68e69fe7fa6d. Jim Pingle
08:28 AM Bug #12274: Unbound fails to start if its configuration references a python script which does not exist
As long as that script is actually selected in the unbound config GUI (picked as "Python Module Script") and not in c... Jim Pingle
03:31 AM Bug #12274 (Resolved): Unbound fails to start if its configuration references a python script which does not exist
After the installation, unbound works 'out of the box'.
When a previously saved config.xml is imported
and pfBloc... Gertjan KROEB
07:56 AM Bug #12272 (Pull Request Review): Duplicating a Port Forward does not copy "Filter Rule Association" values of "None" or "Pass"
Jim Pingle
02:33 AM Bug #12272: Duplicating a Port Forward does not copy "Filter Rule Association" values of "None" or "Pass"
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/347 Viktor Gurov
07:22 AM Regression #12245 (Resolved): Input validation error in system.php
This is now fixed in snapshots.
Tested:... Steve Wheeler
06:50 AM Bug #12247 (Resolved): Viewing an AutoConfigBackup entry takes approximately 60 seconds to completely load
This looks good.
The files open quickly and completely. Both encrypted and decrypted parts.
Tested:... Steve Wheeler
06:47 AM Feature #12193 (Resolved): AutoConfigBackup performance improvements
This looks good now.
Files are queued as expected and uploaded when the cronjob fires.
The cronjob is created co... Steve Wheeler
03:40 AM pfSense Docs Todo #12275 (Resolved): Feedback on Firewall — Aliases
*Page:* https://docs.netgate.com/pfsense/en/latest/firewall/aliases.html#url-aliases
*Feedback:*
There is no in... Viktor Gurov

08/17/2021

08:12 PM Revision 4174a828: Fixed #12247 by adding curl_close() call
Steve Beaver
05:44 PM Bug #10955: XMLRPC sync results in an error when a failover peer IP address is specified in DHCP server settings for an unconfigured interface
Jim Pingle wrote in #note-12:
> Where/On what page?
Services / DHCP Server / <Interface> // Other Options / Gateway
... Marcos M
02:14 PM Bug #10955: XMLRPC sync results in an error when a failover peer IP address is specified in DHCP server settings for an unconfigured interface
Marcos Mendoza wrote in #note-11:
> It seems this can be triggered if entering "None" for gateway.
Where/On what ... Jim Pingle
01:56 PM Bug #10955: XMLRPC sync results in an error when a failover peer IP address is specified in DHCP server settings for an unconfigured interface
It seems this can be triggered if entering "None" for gateway. Marcos M
03:29 PM Revision 14b8b150: Add incorrectly generated package rules to status_output. Implements #12269
Viktor Gurov
03:16 PM Bug #12247 (Feedback): Viewing an AutoConfigBackup entry takes approximately 60 seconds to completely load
Anonymous
03:14 PM Bug #12247: Viewing an AutoConfigBackup entry takes approximately 60 seconds to completely load
Issue was caused by a missing curl_close() call, making the system wait until the acb server timed out. Anonymous
02:12 PM pfSense Docs Todo #12271 (Closed): Feedback on pfSense Configuration Recipes — Virtualizing with Proxmox® VE
Fixed, thanks! Jim Pingle
09:29 AM pfSense Docs Todo #12271 (Closed): Feedback on pfSense Configuration Recipes — Virtualizing with Proxmox® VE
*Page:* https://docs.netgate.com/pfsense/en/latest/recipes/virtualize-proxmox-ve.html#basic-proxmox-ve-networking
... Aron Schüler
01:33 PM pfSense Docs Todo #12273 (Resolved): Feedback on pfSense Configuration Recipes — Configuring DNS over TLS
*Page:* https://docs.netgate.com/pfsense/en/latest/recipes/dns-over-tls.html
*Feedback:*
The DoT configuration ... Cy BiS
01:12 PM Revision bca881c4: Correct grep usage where needed. Fixes #12265
Jim Pingle
01:11 PM Revision 8cd3f92f: Regex cleanup change. Fixes #12257
Rather than attempting to cleanup group repetition, just discard the
unwanted pattern. Jim Pingle
12:26 PM Revision e3732f92: Replace unlink() by unlink_if_exists()
Renato Botelho
12:06 PM pfSense Docs Correction #12266 (Closed): Ticket system link no longer correct
Fixed in https://gitlab.netgate.com/docs/pfsense-platforms/-/commit/e2094df8635a2470250e1f61c527b9bc6bb29b06 Jim Pingle
10:56 AM Feature #6776: Allow disabling of "filter rule association" by default
Keenton IT wrote in #note-2:
> Hi,
>
> Note that this setting revert back to "Add associated filter rule" also wh... Viktor Gurov
03:33 AM Feature #6776: Allow disabling of "filter rule association" by default
Hi,
Note that this setting revert back to "Add associated filter rule" also when you clone an existing NAT Rule se... Keenton IT
10:56 AM Bug #12272 (Resolved): Duplicating a Port Forward does not copy "Filter Rule Association" values of "None" or "Pass"
When you clone an existing NAT Rule that is set to "None" or "Pass" it's reset to "Add associated filter rule"
#67... Viktor Gurov
10:40 AM Feature #12269 (Feedback): Include firewall rules from packages which failed to load in status output
Applied in changeset commit:14b8b150cb56f1abab87feb3695d841fd734c71c. Viktor Gurov
08:34 AM Feature #12269 (Pull Request Review): Include firewall rules from packages which failed to load in status output
Jim Pingle
02:00 AM Feature #12269: Include firewall rules from packages which failed to load in status output
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/346 Viktor Gurov
01:18 AM Feature #12269 (Resolved): Include firewall rules from packages which failed to load in status output
@discover_pkg_rules()@ creates the "/tmp/rules.packages.{$pkgname}" file if the package creates unloadable rules.
it... Viktor Gurov
09:01 AM Bug #12270: Unidirectional connectivity with DHCP-assigned interface
Now it is solved. Wouldn't have minded to learn elsewhere that 'LAN to ...' is not a mere description. I had set it o... Uwe Dippel
08:29 AM Bug #12270: Unidirectional connectivity with DHCP-assigned interface
"LAN to any" won't match LAN2, it must be "LAN2 to any". Jim Pingle
08:25 AM Bug #12270: Unidirectional connectivity with DHCP-assigned interface
Jim Pingle wrote in #note-2:
> It's not a bug, it's doing exactly what it's been told to do. You need rules on LAN2 ... Uwe Dippel
07:13 AM Bug #12270 (Not a Bug): Unidirectional connectivity with DHCP-assigned interface
It's not a bug, it's doing exactly what it's been told to do. You need rules on LAN2 to allow traffic from LAN2 to do... Jim Pingle
06:02 AM Bug #12270: Unidirectional connectivity with DHCP-assigned interface
I'm not able to correct the 'netstat minus rn' which converted into a strike-through instead of actually showing the ... Uwe Dippel
05:58 AM Bug #12270 (Not a Bug): Unidirectional connectivity with DHCP-assigned interface
[I did discuss this in the forum, and I am aware it sounds unlikely, but haven't found a solution so far. It does loo... Uwe Dippel
08:32 AM Regression #12217: Kernel panic in IPFW when using Captive Portal
So far, so good with the latest snapshot (@2.6.0.a.20210817.0500@). I've updated several systems which easily crashed... Jim Pingle
08:20 AM Todo #12265 (Feedback): Improve uses of ``grep`` which utilize user-supplied patterns
Applied in changeset commit:bca881c428cd82315cc35414017844342db630a0. Jim Pingle
06:10 AM Revision 136c1462: System Information widget optimization. Issue #12241
Viktor Gurov
06:07 AM Revision 3a0f6f36: Move IPsec Mobile additional configuration attributes to strongswan.conf. Fixes #11447
Viktor G
06:05 AM Revision 4f04c78e: Fix IPsec PH1 with Remote Gateway 0.0.0.0 rules creation. Issue #12262
Viktor Gurov
06:05 AM Revision d57eab57: VLAN/QinQ-only interface mismatch detection. Fixes #12170
Viktor G
01:39 AM Bug #12262 (Feedback): IPsec phase 1 entry with ``0.0.0.0`` as its remote gateway does not receive correct automatic firewall rules
Merged Viktor Gurov
01:38 AM Bug #12241 (Feedback): System Information widget unnecessarily polls data for hidden items
Merged Viktor Gurov
01:15 AM Regression #11447 (Feedback): EAP-RADIUS Mobile IPsec clients with RADIUS-assigned addresses do not get additional configuration attributes
Applied in changeset commit:3a0f6f3609dcb50e3ba927a743fb9f1990a48181. Anonymous
01:15 AM Bug #12170 (Feedback): Interface assignment mismatch is not detected if VLAN-only parent interface is removed
Applied in changeset commit:d57eab57652f634939a4bf916997f08fb5bc3916. Anonymous
12:55 AM pfSense Docs Todo #12268 (Closed): Update Aliases documentation with recently added features
*Page:* https://docs.netgate.com/pfsense/en/latest/firewall/aliases.html
*Feedback:*
Network aliases:
+ suppor... Viktor Gurov
12:40 AM Feature #1603 (Resolved): URL table aliases should be usable within network type aliases
in the source tree:
https://github.com/pfsense/pfsense/blob/master/src/usr/local/pfSense/include/www/alias-utils.inc... Viktor Gurov

08/16/2021

07:14 PM Feature #12267: OpenVPN option to limit concurrent connections per user
There's an example here on how to accomplish this:
https://serverfault.com/questions/850599/permit-only-n-connection... Marcos M
07:14 PM Feature #12267 (Resolved): OpenVPN option to limit concurrent connections per user
It's beneficial to be able to limit the total number of connections allowed per user when Duplicate Connection is use... Marcos M
07:13 PM pfSense Packages Bug #11135: HAproxy OCSP reponse crontab bug
I submitted a PR to backport Viktor's changes to the haproxy package as well: https://github.com/pfsense/FreeBSD-port... Daniel Kimsey
06:29 PM Regression #11316: Unbound crashes with signal 11 when reloading
Unbound 1.13.2 is now imported on 2.6.0 and 21.09 and will be available on tomorrow's snapshots Renato Botelho
05:42 PM Revision 57a737f1: More route display changes. Fixes #12257
* Move escape_filter_regex() from syslog.inc to util.inc since it will
be used by things other than syslog.
* Add s... Jim Pingle
04:17 PM pfSense Docs Todo #12261: Feedback on pfSense Configuration Recipes — WireGuard VPN Client Configuration Example
That's great, thank you Jim! David Ross
07:37 AM pfSense Docs Todo #12261: Feedback on pfSense Configuration Recipes — WireGuard VPN Client Configuration Example
We are already aware. Once the development of the WireGuard package progresses further and stabilizes, then the docum... Jim Pingle
02:46 PM pfSense Docs Correction #12266 (Closed): Ticket system link no longer correct
The link given in the docs to open a new ticket in our ticket system no longer links to an existing page since Freshw... Steve Wheeler
01:13 PM Todo #12265 (Resolved): Improve uses of ``grep`` which utilize user-supplied patterns
See #12257 and commit:57a737f1 for examples
A few things to watch out for:
* Patterns passed to grep based on u... Jim Pingle
08:54 AM Bug #12241 (Pull Request Review): System Information widget unnecessarily polls data for hidden items
Jim Pingle
08:07 AM Bug #12241: System Information widget unnecessarily polls data for hidden items
optimization:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/345 Viktor Gurov
08:18 AM pfSense Packages Bug #12263: Snort package unable to save a new or edited Pass List when Language is set for anything other than English
Pull Request #1091, posted here: https://github.com/pfsense/FreeBSD-ports/pull/1091, has been submitted to correct t... Bill Meeks
07:09 AM pfSense Packages Bug #12263 (Resolved): Snort package unable to save a new or edited Pass List when Language is set for anything other than English
When the language on the firewall is set for any language other than English, it is not possible to save changes to a... Bill Meeks
07:48 AM pfSense Packages Bug #12264 (Resolved): Stray <table> line in squid_monitor.php
There's a stray <table> opening element in the C-ICAP Virus Table section of /usr/local/www/squid_monitor.php
<tab... Matthew Fearnley
07:42 AM Bug #12262 (Pull Request Review): IPsec phase 1 entry with ``0.0.0.0`` as its remote gateway does not receive correct automatic firewall rules
Need to be careful when we fix this as if the rules were correct they would match too much traffic and potentially in... Jim Pingle
04:03 AM Bug #12262: IPsec phase 1 entry with ``0.0.0.0`` as its remote gateway does not receive correct automatic firewall rules
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/344 Viktor Gurov
07:40 AM Regression #12217 (Feedback): Kernel panic in IPFW when using Captive Portal
Fix pushed to https://gitlab.netgate.com/pfSense/FreeBSD-src/-/commit/41d976b3b37dfcc66b14c67f610474e94b3d49dd (devel... Kristof Provost
07:39 AM Bug #11863 (Pull Request Review): Unable to create nested URL aliases
Jim Pingle
07:36 AM Bug #7547 (Pull Request Review): Static routes using aliases are not automatically updated when alias content changes
Jim Pingle
07:36 AM Feature #11895 (Pull Request Review): Require user to manually apply changes after altering static route entries
Jim Pingle
07:35 AM Bug #11599 (Pull Request Review): Modifying static routes results in a logged error, changes are not reflected in routing table
Jim Pingle

08/15/2021

08:22 PM Bug #12262 (Resolved): IPsec phase 1 entry with ``0.0.0.0`` as its remote gateway does not receive correct automatic firewall rules
When using @0.0.0.0@ as the remote gateway IP for IPsec, the automatic rules to allow port 500 and 4500 are incorrect... Marcos M
05:47 PM Bug #11863 (New): Unable to create nested URL aliases
Allow to use URL/URL Ports alias in URL/URL ports alias:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests... Viktor Gurov
10:00 AM Bug #11619: Unable to upgrade 2.4.4-p3 to 2.5/21.02-p1
Okay, should've read the ticket better.
Upgrading to 2.4.5_1 using the 2.4.5 depreciated branch followed by upgradin... Glenn G
09:31 AM Bug #11619: Unable to upgrade 2.4.4-p3 to 2.5/21.02-p1
Same here
Any process on how to upgrade?... Glenn G

08/14/2021

06:10 PM Bug #12168: 1:1 NAT rule with internal IP address of "Any" results in an invalid firewall rule

binat on em1 inet all -> 50.50.50.111
2.6.0.a.20210814.1404
 Alhusein Zawi
05:55 PM Bug #12198 (Resolved): Disabling an IPsec phase 1 entry does not disable related phase 2 entries

fixed
I was able to make changes in disabled P1 without errors
2.6.0.a.20210814.1404
 Alhusein Zawi
03:48 PM pfSense Docs Todo #12261 (Closed): Feedback on pfSense Configuration Recipes — WireGuard VPN Client Configuration Example
*Page:* https://docs.netgate.com/pfsense/en/latest/recipes/wireguard-client.html
*Feedback:*
It looks like this p... David Ross
12:00 PM pfSense Packages Bug #12260 (Closed): Update popup and version missmatch?
Always showing popup in the corner about the available update, every refreshed page, no setting to disable it?
A new... Tomas Tom
11:52 AM pfSense Packages Bug #12240 (Resolved): Syslog-ng does not remove logrotate.conf after disable
Tested on Syslog-ng 1.15_11. /usr/local/etc/logrotate.conf is removed after disabling the service. Marking the ticket... Max Leighton
11:47 AM Bug #7547: Static routes using aliases are not automatically updated when alias content changes
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/342 Viktor Gurov
11:46 AM Feature #11895: Require user to manually apply changes after altering static route entries
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/342 Viktor Gurov
11:46 AM Bug #11599: Modifying static routes results in a logged error, changes are not reflected in routing table
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/342 Viktor Gurov
11:08 AM pfSense Packages Bug #12242 (Resolved): rc file is not deleted
Tested on NET-SNMP 0.1.5_9.
/usr/local/etc/rc.d/net-snmpd.sh and /usr/local/etc/rc.d/net-snmptrapd.sh are removed ... Max Leighton
10:45 AM Bug #12232 (Resolved): OpenVPN status incorrect for TAP servers without a defined tunnel network
Tested on:
2.6.0-DEVELOPMENT (amd64)
built on Thu Aug 12 01:16:53 EDT 2021
FreeBSD 12.2-STABLE
Looks good. I ... Max Leighton
05:33 AM Revision c5bda432: Do not delete disabled routes. Fixes #10706
Viktor G
05:33 AM Revision 2e6b2841: Prevent deletion of OpenVPN instances with assigned interfaces. Fixes #12224
Viktor Gurov
05:33 AM Revision 6514012d: Reconfigure stacked IP Aliases on parent CARP VIP changes. Fixes #12227
Viktor Gurov
04:39 AM Bug #8390: Input validation does not prevent removing a gateway used by a DNS server
Jim Pingle wrote in #note-5:
> Their problem is different from the ones linked.
>
> When you remove a gateway, th... Viktor Gurov
12:40 AM Bug #10706 (Feedback): Kernel route table entries are removed if they match disabled static route entries
Applied in changeset commit:c5bda432e875750e1be03fb82a3cfc0684cb382a. Anonymous
12:40 AM Bug #12224 (Feedback): OpenVPN page allows to delete/disable instance with an assigned interface
Applied in changeset commit:2e6b284184ce10b4ff15d8d4716237036b92ff75. Viktor Gurov
12:40 AM Bug #12227 (Feedback): Changing VHID on CARP VIP does not update VHID of related IP Alias VIPs
Applied in changeset commit:6514012d33705dda99d0def4421f5560ad969af5. Viktor Gurov

08/13/2021

08:39 PM pfSense Packages Bug #12251: Wireguard 0.1.5 - ignores "KeepAlive" parameter if empty (instead of disabling)
Thanks. I ended up setting it to a high value, e.g. 86400 → luckman212
08:13 PM Bug #4479: Firewall rules won't match GRE interface after applying IPSEC transport encryption on GRE tunnel
I stumbled across this issue when deploying pfSense for a wireless carrier integration. We needed to do things like p... Arthur Wiebe
08:00 PM Bug #12259 (Closed): Intel em NICs Suffering Performance Degradation on FreeBSD12
Reference FreeBSD bug report here:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=235031
Seems the issue is pa... Kris Phillips
06:40 PM pfSense Packages Bug #12258 (Resolved): Copy key buttons only work in HTTPS mode
Yes of course everyone should be using HTTPS all the time especially now with ACME being available, but sometimes wel... → luckman212
05:46 PM Revision 72ea2b69: Change route collection and output. Fixes #12257
All changes are on src/usr/local/www/diag_routes.php
* Change problematic use of sed for an equivalent and safer use... Jim Pingle
03:35 PM Feature #11978 (Closed): New Dynamic DNS Provider: Strato
Jim Pingle
03:00 PM Feature #11978: New Dynamic DNS Provider: Strato
strato appears in the list of available dyndns providers - using 21.09.a.20210812.1456 Jordan G
01:15 PM Revision ffa913ec: Sanitize WireGuard keys from status_output. Fixes #12256
Viktor Gurov
12:55 PM Bug #12257 (Feedback): Route data collection method on ``diag_routes.php`` has multiple issues
Applied in changeset commit:72ea2b69cc111d4bc8ebf1ccf1e1529923c5b88a. Jim Pingle
12:35 PM Bug #12257 (Resolved): Route data collection method on ``diag_routes.php`` has multiple issues
The way that route data is collected for presentation in the GUI on @diag_routes.php@ has multiple problems, includin... Jim Pingle
12:49 PM Revision 0997d828: Display Gateway IPv6 on status_interfaces.php regardless of Gateway IPv4 status. Fixes #12253
Viktor Gurov
12:49 PM Revision 35de5b66: Show received IPv6 DNS servers on status_interfaces.php page. Fixes #12252
Viktor Gurov
12:49 PM Revision 37c677a1: Fix is_hostname() regression. Issue #12245
Viktor Gurov
12:18 PM Feature #11899: Add support for non-Oracle IP Check providers
looks like duplicate of #12194 Viktor Gurov
11:40 AM Revision e7cac368: Properly remove the old VHID on XMLRPC CARP VIP sync. Fixes #12202
Viktor Gurov
11:30 AM Revision 58f744b7: OpenVPN Tunnel network input validation fix. Issue #11999
Viktor Gurov
09:32 AM Regression #12239 (Resolved): Interfaces page does not show Wireless EAP client options
Looks good on 2.6.0.a.20210812.0500 Viktor Gurov
09:32 AM Regression #12234 (Resolved): Wireless Channel/Width Issues with GUI
Looks good on 2.6.0.a.20210812.0500 Viktor Gurov
09:31 AM Regression #12245: Input validation error in system.php
This looks good now with that patch. I am able to use numeric hosts names. It still rejects invalid hosts that includ... Steve Wheeler
08:34 AM Regression #12245 (Feedback): Input validation error in system.php
Merged Viktor Gurov
07:36 AM Regression #12245 (Pull Request Review): Input validation error in system.php
Jim Pingle
12:35 AM Regression #12245: Input validation error in system.php
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/337 Viktor Gurov
08:35 AM Revision 36abc2ad: Update convert_friendly_interface_to_friendly_descr() to show IP Alias description. Fixes #11337
Viktor G
08:27 AM Bug #12000 (Feedback): Remote log server input validation allows invalid values
re-test required after #12245 Viktor Gurov
08:25 AM Bug #12256 (Feedback): Sanitize WireGuard private and pre-shared keys in status output
Applied in changeset commit:ffa913ec51c68af00a6f0b18e84544ac64d77d2f. Viktor Gurov
07:50 AM Bug #12256 (Pull Request Review): Sanitize WireGuard private and pre-shared keys in status output
Jim Pingle
04:03 AM Bug #12256: Sanitize WireGuard private and pre-shared keys in status output
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/340 Viktor Gurov
03:57 AM Bug #12256 (Resolved): Sanitize WireGuard private and pre-shared keys in status output
@<privatekey>@ and @<presharedkey>@ are not sanitized from status.php output Viktor Gurov
08:11 AM Revision d1d8383c: Use client-connect/client-disconnect script for Remote Access (SSL/TLS) server mode. Fixes #12238
Viktor Gurov
08:11 AM Revision 5ed5f14d: Set $retries=10 in resolve_retry() to improve resolution timeout. Fixes #12196
Viktor G
08:10 AM Revision 0f441291: 1:1 NAT rules creation update. Fixes #12168
* Fix 1:1 NAT rule creation when Any is selected for Internal IP
* Fix 1:1 NAT rule creation when Any is selected for... Viktor G
07:55 AM pfSense Docs Todo #12250 (Closed): Feedback on Networking Concepts — Understanding CIDR Subnet Mask Notation
Fixed, thanks! Jim Pingle
07:55 AM Bug #12253 (Feedback): IPv6 gateway for an interface is not shown on ``status_interfaces.php`` if the interface does not also have an IPv4 gateway
Applied in changeset commit:0997d828271d48e17edb9be0ac1e9ece8f234b00. Viktor Gurov
07:41 AM Bug #12253 (Pull Request Review): IPv6 gateway for an interface is not shown on ``status_interfaces.php`` if the interface does not also have an IPv4 gateway
Jim Pingle
01:54 AM Bug #12253: IPv6 gateway for an interface is not shown on ``status_interfaces.php`` if the interface does not also have an IPv4 gateway
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/339 Viktor Gurov
01:51 AM Bug #12253 (Resolved): IPv6 gateway for an interface is not shown on ``status_interfaces.php`` if the interface does not also have an IPv4 gateway
status_interfaces.php page doesn't display Gateway IPv6 if Gateway IPv4 doesn't exist Viktor Gurov
07:55 AM Bug #12252 (Feedback): IPv6 DNS servers from dynamic sources are not listed on ``status_interfaces.php``
Applied in changeset commit:35de5b66a633f45daa828a3faac9547f9d9db4b7. Viktor Gurov
07:40 AM Bug #12252 (Pull Request Review): IPv6 DNS servers from dynamic sources are not listed on ``status_interfaces.php``
Jim Pingle
12:57 AM Bug #12252: IPv6 DNS servers from dynamic sources are not listed on ``status_interfaces.php``
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/338 Viktor Gurov
12:43 AM Bug #12252 (Resolved): IPv6 DNS servers from dynamic sources are not listed on ``status_interfaces.php``
After configuring DHCP6 on the interface, I see the correct `/var/etc/nameserver_v6*` files with IPv6 DNS servers, bu... Viktor Gurov
07:49 AM Bug #12255 (Duplicate): MTU on Interface change to VLAN MTU
This seems like it is overlapping significantly with #11870 and likely will be solved when that is solved. Jim Pingle
03:41 AM Bug #12255 (Duplicate): MTU on Interface change to VLAN MTU
The MTU on an physical interface in the gui is set to 9000. After creating an vlan on the interface and setting th VL... Rafael Grothmann
07:46 AM Bug #12254 (Duplicate): LAGG
This does appear to be a duplicate of #9183, though it doesn't affect LAGG in general as that is working fine on curr... Jim Pingle
03:29 AM Bug #12254 (Duplicate): LAGG
There is a LAGG over two ethernet Interfaces. The LAGG is working after configuration. After reboot the LAGG is creat... Rafael Grothmann
07:43 AM pfSense Packages Feature #11531 (Pull Request Review): Show netmap compatible cards in IPS Mode note
Jim Pingle
02:07 AM pfSense Packages Feature #11531: Show netmap compatible cards in IPS Mode note
https://github.com/pfsense/FreeBSD-ports/pull/1090 Viktor Gurov
07:23 AM Bug #12236 (Resolved): IPsec bypass rules display help text under each entry
Looks good now Viktor Gurov
07:21 AM Bug #11999 (Feedback): OpenVPN IPv6 tunnel network is not validated properly
Merged Viktor Gurov
06:45 AM Bug #12202 (Feedback): When a CARP VIP VHID change is synchronized to a secondary node, the CARP VIP is removed from the interface and the old VHIDs remain active
Applied in changeset commit:e7cac36841ba2f1fc9aad65cafe4a77c66bd61ac. Viktor Gurov
05:46 AM Revision c7599055: Parse ARM 32/64 network boot options on Static DHCP Mapping page. Fixes #12216
Viktor Gurov
05:45 AM Revision 126f555e: Do not create disabled IPsec VTI interfaces. Fixes #12212
Viktor G
05:44 AM Revision fdb9dcc9: Fix disabling IPsec PH1 with PH2 VTI on vpn_ipsec_phase1.php page. Issue #12198
Viktor G
05:43 AM Revision 4192ee44: Show all alias references on delete attempt. Fixes #12177
Viktor G
05:38 AM Revision 96270d7c: Router Advertisements fixes. Issue #12173
* Set AdvDNSSLLifetime value to 3*MaxRtrAdvInterval per RFC 8106
* Provide DNS configuration via radvd checkbox fix Viktor G
05:37 AM Revision d1150a0c: Write CRL files only if certificate authentication is used in IPsec. Fixes #12195
Viktor G
03:51 AM Bug #11337: Interface column empty in list of GIF tunnels when using IP Alias on CARP VIP as Interface
Merged Viktor Gurov
03:45 AM Bug #11337 (Feedback): Interface column empty in list of GIF tunnels when using IP Alias on CARP VIP as Interface
Applied in changeset commit:36abc2ad355f157365ce982b349eb5d385a24453. Anonymous
03:33 AM Bug #12168 (Feedback): 1:1 NAT rule with internal IP address of "Any" results in an invalid firewall rule
Please check on the latest snapshot Viktor Gurov
03:33 AM Bug #12168: 1:1 NAT rule with internal IP address of "Any" results in an invalid firewall rule
Merged Viktor Gurov
03:20 AM Bug #12238 (Feedback): OpenVPN client connect/disconnect scripts are not used in Remote Access (SSL/TLS) mode
Applied in changeset commit:d1d8383c74465f5bb8dae6348e4bb0a7060012b3. Viktor Gurov
03:20 AM Bug #12196 (Feedback): IPsec settings fail to apply when a remote gateway is set to an FQDN and there are no DNS servers available
Applied in changeset commit:5ed5f14d7c4e53c3f713c0842553916c1d145542. Anonymous
03:08 AM Bug #12173 (Feedback): IPv6 RA DNSSL lifetime is too short, not compliant with RFC 8106
Merged Viktor Gurov
03:07 AM Bug #12198 (Feedback): Disabling an IPsec phase 1 entry does not disable related phase 2 entries
Merged Viktor Gurov
02:26 AM pfSense Packages Bug #7374 (Closed): Barnyard2 package has incomplete install when installed as Suricata depedency
Barnyard2 has been removed from both the Snort and Suricata packages. Viktor Gurov
12:55 AM Bug #12216 (Feedback): ARM 32/64 network boot options are not parsed on Static DHCP Mapping page
Applied in changeset commit:c7599055449b39a6981809e9fa2ed76f34c53467. Viktor Gurov
12:55 AM Bug #12212 (Feedback): Disabled IPsec VTI interfaces are always created
Applied in changeset commit:126f555e4452147580e424051175b8f48b6a5e05. Anonymous
12:45 AM Bug #12177 (Feedback): When attempting to delete an in-use alias, input validation only prints the first item using the alias in the error message
Applied in changeset commit:4192ee446e862699b42122d8c9d2750a98ff0735. Anonymous
12:45 AM Bug #12195 (Feedback): IPsec writes CRL files when tunnel does not use certificates
Applied in changeset commit:d1150a0c3cb90e871eff9bdddca7e351d4adef90. Anonymous

08/12/2021

10:37 PM pfSense Packages Bug #12251 (Confirmed): Wireguard 0.1.5 - ignores "KeepAlive" parameter if empty (instead of disabling)
Restarting the service will work around this in the mean time Christian McDonald
08:21 PM pfSense Packages Bug #12251 (Resolved): Wireguard 0.1.5 - ignores "KeepAlive" parameter if empty (instead of disabling)
Wireguard pkg 0.1.5
pfSense+ 21.05.1
If "KeepAlive" is left empty, config is written as 30 seconds.
Descriptio... → luckman212
02:01 PM pfSense Packages Todo #11033 (Closed): Update OpenVPN Client Export with OpenVPN 2.5.0 installer
Make a new issue for a new request. This was done months ago. Jim Pingle
01:58 PM pfSense Packages Todo #11033: Update OpenVPN Client Export with OpenVPN 2.5.0 installer
Updating Subject as we need to update the OpenVPN Client Export package for 2.5.3, as it's currently on 2.5.2. Also ... Kris Phillips
09:26 AM pfSense Docs Todo #12250 (Closed): Feedback on Networking Concepts — Understanding CIDR Subnet Mask Notation
*Page:* https://docs.netgate.com/pfsense/en/latest/network/cidr.html
*Feedback:*
Typo: "255.224.0 0" (note the ... J St Sauver
08:55 AM pfSense Packages Bug #12101: ArpWatch Suppression Mac for "flip-flop" not suppressing
I have updated to version 0.2.0_6 and still are getting flip-flop notifications. I have tried restarting the service ... Shaun Gause
07:45 AM Bug #12249: Long configuration revision reasons can cause AutoConfigBackup upload to fail
The string "-NoReMoTeBaCkUp" can be added to a commit message to prevent it from being synced to ACB. The string is a... Anonymous
06:59 AM Bug #12249 (Feedback): Long configuration revision reasons can cause AutoConfigBackup upload to fail
HAProxy makes changes to config.xml with extremely large commit messages (> 2K chars) This exceeds the capacity of th... Anonymous

08/11/2021

06:24 PM Revision fa13ece8: Fixed missing $ warning
Steve Beaver
03:55 PM Regression #11316: Unbound crashes with signal 11 when reloading
OK that is unrelated to this bug. It is #12095 which can be mitigated by the patch on #11933. Jim Pingle
03:50 PM Regression #11316: Unbound crashes with signal 11 when reloading
Jim Pingle wrote in #note-67:
> If it was a similar crash to the previous issues, you would see the crash in the mai... Akom Benevolent
03:27 PM Regression #11316: Unbound crashes with signal 11 when reloading
If it was a similar crash to the previous issues, you would see the crash in the main system log. You can filter that... Jim Pingle
03:20 PM Regression #11316: Unbound crashes with signal 11 when reloading
Jim Pingle wrote in #note-65:
> That is odd, the log also didn't show a crash, but a clean stop and start. That is a... Akom Benevolent
02:59 PM Regression #11316: Unbound crashes with signal 11 when reloading
That is odd, the log also didn't show a crash, but a clean stop and start. That is also a very old log, maybe you upl... Jim Pingle
02:13 PM Regression #11316: Unbound crashes with signal 11 when reloading
I just had an *unbound 1.12.0* crash on *CE 2.5.2*
It was up for about a month (with 1.13.0 on 2.5.1 it crashed every... Akom Benevolent
03:32 PM Feature #12248 (New): Package Update Availability Notification
Following up with a user's feature request on Reddit (https://www.reddit.com/r/PFSENSE/comments/p1o4fz/notifications_... Adam Cooper
02:55 PM Bug #12241: System Information widget unnecessarily polls data for hidden items
That has always been the case and likely always will be -- just the fact that you're hitting the dashboard and consta... Jim Pingle
02:11 PM Bug #12241: System Information widget unnecessarily polls data for hidden items
But since the System Information widget can't ever be removed -- that means its performance penalty is fixed for the ... B D
02:10 PM Bug #12241: System Information widget unnecessarily polls data for hidden items
That is correct, hiding items does not stop the data from being collected. Hiding a whole widget would, but not speci... Jim Pingle
01:36 PM Bug #12241: System Information widget unnecessarily polls data for hidden items
... above should be when *all* are *hidden*. B D
01:35 PM Bug #12241: System Information widget unnecessarily polls data for hidden items
Jim,
Thanks for the feedback. Please note that the performance drop occurs even when *all* items (not just pf stat... B D
09:27 AM Bug #12241: System Information widget unnecessarily polls data for hidden items
Watching the dashboard puts a load on the system as it fetches the data used to display the widgets. Some of this is ... Jim Pingle
02:27 PM pfSense Packages Bug #12157 (Feedback): Snort exits with Signal 10 on 32bit ARM platforms
Jim Pingle
01:37 PM pfSense Packages Bug #12157: Snort exits with Signal 10 on 32bit ARM platforms
This should be fixed now as https://cgit.freebsd.org/ports/commit/?id=c2a4ab17ef5e44424f2b2e97e30a2fde437dcd8a hit up... Mateusz Guzik
02:06 PM Feature #12193 (Feedback): AutoConfigBackup performance improvements
Lockfile typo fixed. Anonymous
09:52 AM Feature #12193 (New): AutoConfigBackup performance improvements
Seeing a set of PHP error from these changes:... Jim Pingle
01:21 PM Bug #12247: Viewing an AutoConfigBackup entry takes approximately 60 seconds to completely load
If I attempt to view a backup by clicking on the "view" icon, I should see both the encrypted and decoded config on t... Anonymous
11:44 AM Bug #12247 (Resolved): Viewing an AutoConfigBackup entry takes approximately 60 seconds to completely load
Build: 21.09.a.20210811.0100 - When viewing an ACB backup, the encrypted and decrypted versions of the backup should ... Anonymous
11:39 AM pfSense Packages Feature #12246 (Closed): Load a file into patch textarea
The only way of adding a new patch is to paste patch content on `Patch Contentx` text area. It would be useful to be... Renato Botelho
11:33 AM Bug #6880: Multiple DHCP6 WAN connections leads to multiple dhcp6c clients
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/336 Viktor Gurov
10:48 AM Regression #12069 (Feedback): Panic in ``pfctl`` with large numbers of states
Needs some final testing/confirmation yet now that the other work is done. Jim Pingle
10:07 AM Regression #12069: Panic in ``pfctl`` with large numbers of states
With the introduction of DIOCGETSTATESV2 this problem should probably be considered resolved. Mateusz Guzik
09:57 AM Regression #12228 (Resolved): States table content in GUI is corrupted/invalid on snapshots
Looks good on the latest snapshot: @2.6.0.a.20210811.0500@ with module version @0.72_1@
 Jim Pingle
09:39 AM Bug #12244 (Not a Bug): Gateways with "Use non-local gateway" set are added to the local routing table with the gateway's interface MAC with UHS (host) flags even if a remote route through an external gateway is provided by OSPF
Unless I'm misreading something there is no bug here.
If you _manually_ added a gateway and checked the box to say... Jim Pingle
02:31 AM Bug #12244: Gateways with "Use non-local gateway" set are added to the local routing table with the gateway's interface MAC with UHS (host) flags even if a remote route through an external gateway is provided by OSPF
https://redmine.pfsense.org/issues/7380 Looks quite related to this bug. Layla Mah
01:59 AM Bug #12244: Gateways with "Use non-local gateway" set are added to the local routing table with the gateway's interface MAC with UHS (host) flags even if a remote route through an external gateway is provided by OSPF

For reference, manually deleting the erroneous host (USH flags) route via ... Layla Mah
01:54 AM Bug #12244 (Not a Bug): Gateways with "Use non-local gateway" set are added to the local routing table with the gateway's interface MAC with UHS (host) flags even if a remote route through an external gateway is provided by OSPF
This issue: https://redmine.pfsense.org/issues/11433 claims that 2.5.0 regressed things by not adding gateways with "... Layla Mah
09:34 AM Bug #12006 (Duplicate): CARP IP sometimes doesn't apply to CARP member
Reads the same to me. Closing as a duplicate. Can always reopen if we can get more detail that shows it's a unique pr... Jim Pingle
09:06 AM Bug #12006: CARP IP sometimes doesn't apply to CARP member
seems to be related to #12202 Viktor Gurov
09:10 AM Regression #12245: Input validation error in system.php
related to #12000 Viktor Gurov
09:01 AM Regression #12245 (Resolved): Input validation error in system.php
The input validation in system.php incorrectly prevents numeric hostnames in 2.6 and 21.09. For example '3100' or '26... Steve Wheeler
06:19 AM pfSense Packages Bug #12242 (Feedback): rc file is not deleted
PR has been merged. Thanks! Renato Botelho
12:20 AM pfSense Packages Bug #12242: rc file is not deleted
fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/115 Viktor Gurov
12:03 AM pfSense Packages Bug #12242 (Resolved): rc file is not deleted
After disabling the Net-SNMP and Net-SNMP trap daemon services, `/usr/local/etc/rc.d/net-snmpd.sh` and `/usr/local/et... Viktor Gurov
06:19 AM pfSense Packages Bug #12240 (Feedback): Syslog-ng does not remove logrotate.conf after disable
PR has been merged. Thanks! Renato Botelho
06:14 AM Bug #9058 (Feedback): Kernel panic during L2TP retransmit
Setting target version since it's now fixed. Thanks! Renato Botelho
06:00 AM Bug #9058: Kernel panic during L2TP retransmit
Glad to hear it is working for you.
The work was sponsored by Netgate, so I suggest you use the money to buy more ... Mateusz Guzik
05:39 AM Bug #9058: Kernel panic during L2TP retransmit
It's been running stable for five days (which is twice the max uptime of the last 30 days), so I'll say it's fixed.
... Bianco Veigel
06:13 AM pfSense Packages Feature #9989 (Rejected): Add FreeBSD port and pfSense plugin for HoneyTrap
After internal discussion we decided to reject adding this to pfSense. This kind of software doesn't belong to a Fir... Renato Botelho
06:09 AM Feature #2358 (New): NAT64 support
Pull Request was closed because code was based on IPFW and we plan to stop using IPFW as soon as possible. Introduci... Renato Botelho
05:32 AM Revision 013cbaaa: Hide pcscd service from the service list if IPsec PKCS11 support is disabled. Todo #11933
Viktor G
05:26 AM Revision 1d7ae980: NTP Server SHA256 authentification support. Implements #12213
Viktor G
05:26 AM Revision 1c334904: Delete OpenVPN related config files for disabled instance. Fixes #12223
Viktor G
05:25 AM Revision 253d6509: Fix ProxyARP/Other VIP network address expansion on Port Forward rules. Issue #12233
Viktor Gurov
05:24 AM Revision 883ea6ab: Increment local port and clear tunnel networks value when restarting the OpenVPN wizard. Fixes #12172
Viktor Gurov
05:18 AM Revision cf40cd17: Support for UEFI HTTP Boot option in DHCP config. Implements #11659
Viktor G
05:17 AM Regression #12234 (Feedback): Wireless Channel/Width Issues with GUI
Merged Viktor Gurov
05:16 AM Revision 647cf03a: Wireless Channel/Width Issues fix. Issue #12234
Viktor Gurov
05:16 AM Regression #12233 (Feedback): VIP network addresses are not expanded on Port Forward rules
Merged Viktor Gurov
05:09 AM Revision 27bbf370: Do not show Gateway duplicates option for IPsec Mobile. Fixes #12197
Viktor G
05:08 AM Revision 1fe2aa3e: Hide console output on system backup restore. Fixes #11909
Viktor G
05:08 AM Revision e6407b22: Group copy button. Implements #12226
Viktor Gurov
05:07 AM Revision 5db7152e: Do not show help text under each IPsec bypass rules entry. Fixes #12236
Viktor Gurov
05:05 AM Revision f4738ad4: OpenVPN Wizard ncp_enable value fix. Issue #12172
Viktor G
03:18 AM Todo #11933 (Feedback): PC/SC Smart Card Daemon ``pcscd`` running on all devices at all times, should be optional
Merged Viktor Gurov
12:52 AM Todo #12176: Hide WireGuard interfaces on appropriate pages
see #12243 Viktor Gurov
12:51 AM Todo #12243 (New): Implement ```plugin_interfaces()```
from https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/309#note_39017:
The package should return an arra... Viktor Gurov
12:35 AM Feature #12213 (Feedback): Support SHA-256 hash NTP authentication
Applied in changeset commit:1d7ae980fb91650b31047578bbe9656dd90f89d0. Anonymous
12:35 AM Bug #12223 (Feedback): Configuration files are not deleted after disabling an OpenVPN instance
Applied in changeset commit:1c3349042bbe2bcb10acaf65bded09c322b056a8. Anonymous
12:30 AM Regression #12172 (Feedback): OpenVPN Wizard configuration missing recently added default values
Applied in changeset commit:883ea6ab4221caef114de98b3b63a5fbd8980fe9. Viktor Gurov
12:25 AM Feature #11659 (Feedback): Support for UEFI HTTP Boot option in DHCPv4 Server
Applied in changeset commit:cf40cd1792595d0122cdd6ce1c4ac6145f38df78. Anonymous
12:25 AM Bug #12197 (Feedback): Mobile IPsec phase 1 should not display "Gateway duplicates" option
Applied in changeset commit:27bbf370b1ac61bfd9db9f2c9ae2e285f136f2f7. Anonymous
12:15 AM Feature #12226 (Feedback): Copy button for group entries in the User Manager
Applied in changeset commit:e6407b2267ee82bff41c429e17ff687cbf584cde. Viktor Gurov
12:15 AM Bug #12236 (Feedback): IPsec bypass rules display help text under each entry
Applied in changeset commit:5db7152ef76b8862230a76112dd03efaf3b35e5a. Viktor Gurov

08/10/2021

09:26 PM Bug #12241 (Resolved): System Information widget unnecessarily polls data for hidden items
Netgate SG-3100
pfSense 21.05.1 (observed under 2.4.5p1 too)
If I am not logged into the Web GUI and specifically... B D
07:56 PM Revision d0c3ee6a: Snort: Enable COREDUMPS option
(cherry picked from commit 4e7641271c27cf394e6e2bea278098ed6f0e22b7) Renato Botelho
07:56 PM Revision 4e764127: Snort: Enable COREDUMPS option
Renato Botelho
06:37 PM Revision 8d4fcd7a: Clean up some messy HTML in the cert/ca display code. Prep for future MVC changes.
Steve Beaver
04:51 PM Revision c7839f15: Wireless EAP client option fix. Issue #12239
Viktor Gurov
04:43 PM Bug #12105 (Feedback): Packages are not automatically reinstalled when restoring configuration using the installer
Fix pushed and will be present on next round of snapshots
Commit on FreeBSD-src: f5eb50394ce6 Renato Botelho
04:22 PM Todo #12171 (Feedback): Upgrade to ``pkg`` 1.17.x
pkg 1.17.1 is running fine on 2.6.0 and 21.09 Renato Botelho
03:35 PM Bug #9058: Kernel panic during L2TP retransmit
I removed debug printfs so updating to upcoming snapshot should stop the spam. I'll wait for your final confirmation ... Mateusz Guzik
02:01 PM Revision d91c2317: Merge pull request #4535 from luftegrof/bug12174
Renato Botelho
02:00 PM Revision a6296852: Merge pull request #4512 from jvandervyver/master
Renato Botelho
02:00 PM Revision 7f0ad465: Merge pull request #4530 from Alexilmarranen/master
Renato Botelho
02:00 PM Revision 07fbed96: Merge pull request #4534 from Uglymotha/master
Renato Botelho
02:00 PM Revision 16ff593a: Merge pull request #4533 from seyfidin/patch-1
Renato Botelho
12:47 PM Bug #12095: Memory leak in pcscd
Just registered to report the same issue. I have never used smart cards or IPSec tunnels and today I noticed all swap... Alexander Arques
11:55 AM Regression #12239 (Feedback): Interfaces page does not show Wireless EAP client options
Merged
 Viktor Gurov
07:37 AM Regression #12239 (Pull Request Review): Interfaces page does not show Wireless EAP client options
Jim Pingle
06:35 AM Regression #12239: Interfaces page does not show Wireless EAP client options
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/335 Viktor Gurov
05:55 AM Regression #12239 (Resolved): Interfaces page does not show Wireless EAP client options
It only shows "EAP Client Mode" and "Certificate Authority" but not other PEAP/TLS/TTLS EAP options Viktor Gurov
10:55 AM pfSense Packages Feature #11210: 3rd party rulesets
Tested fine here. Only issue I see is the @Delete@ button will remove the @Check MD5@ label as well. Also, when addin... Marcos M
09:16 AM pfSense Packages Feature #11210 (Feedback): 3rd party rulesets
PR has been merged. Thanks! Renato Botelho
10:46 AM Regression #12228 (Feedback): States table content in GUI is corrupted/invalid on snapshots
I've triggered the build to update all poudriere jails for both CE and Plus. I also bump PORTREVISION of PHP module ... Renato Botelho
09:05 AM Regression #12228: States table content in GUI is corrupted/invalid on snapshots
One of the commits changed the size of struct pf_state.
It should be sufficient to make sure the php module is rec... Mateusz Guzik
10:36 AM Bug #11852: State table content on ``diag_dump_states.php`` does not sort properly
JohnPoz _ wrote in #note-9:
> I thought this might of been included with 21.05.1 - guess not I just checked and stil... Jim Pingle
10:32 AM Bug #11852: State table content on ``diag_dump_states.php`` does not sort properly
I thought this might of been included with 21.05.1 - guess not I just checked and still doesn't sort... Will wait til... JohnPoz _
09:39 AM pfSense Packages Bug #12240: Syslog-ng does not remove logrotate.conf after disable
fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/113 Viktor Gurov
09:23 AM pfSense Packages Bug #12240 (Resolved): Syslog-ng does not remove logrotate.conf after disable
@/usr/local/etc/logrotate.conf@ still exists after disabling Syslog-ng Viktor Gurov
09:25 AM pfSense Packages Bug #12153 (Feedback): Incorrect Outgoing Network Interface on clean install
PR has been merged. Thanks! Renato Botelho
09:25 AM pfSense Packages Bug #12167 (Feedback): BGP TCP setkey not set if neighbor is in peer group
PR has been merged. Thanks! Renato Botelho
09:23 AM pfSense Packages Bug #12204 (Feedback): Certificate Manager page doesn't show Syslog-NG used certificates
PR has been merged. Thanks! Renato Botelho
09:18 AM pfSense Packages Bug #12101 (Feedback): ArpWatch Suppression Mac for "flip-flop" not suppressing
PR has been merged. Thanks! Renato Botelho
09:16 AM pfSense Packages Bug #7039 (Feedback): HAProxy backend configuration does not handle intermediate CAs properly
PR has been merged. Thanks! Renato Botelho
09:02 AM Bug #12159 (Feedback): "Default preferred lifetime" router advertisement validation check uses incorrect variable
PR has been merged. Thanks! Renato Botelho
09:02 AM Bug #12164 (Feedback): IPv6 policy routing does not work if an IPsec tunnel phase 2 remote network is configured for ``::/0``
PR has been merged. Thanks! Renato Botelho
09:01 AM Feature #12109 (Feedback): Option to suppress expiration notifications for revoked certificates
PR has been merged. Thanks! Renato Botelho
09:01 AM Feature #12194 (Feedback): Support Check IP services which return bare IP address values
PR has been merged. Thanks! Renato Botelho
09:01 AM Bug #12174 (Feedback): Firewall rule tabs load slowly when many rules on the tab utilize gateways
PR has been merged. Thanks! Renato Botelho
07:36 AM Regression #12234 (Pull Request Review): Wireless Channel/Width Issues with GUI
Jim Pingle
05:51 AM Regression #12234: Wireless Channel/Width Issues with GUI
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/334 Viktor Gurov
07:34 AM Bug #12238 (Pull Request Review): OpenVPN client connect/disconnect scripts are not used in Remote Access (SSL/TLS) mode
Jim Pingle
03:45 AM Bug #12238: OpenVPN client connect/disconnect scripts are not used in Remote Access (SSL/TLS) mode
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/333 Viktor Gurov
03:34 AM Bug #12238 (Resolved): OpenVPN client connect/disconnect scripts are not used in Remote Access (SSL/TLS) mode
If the "Remote Access (SSL/TLS)" server mode is selected,
The resulting openvpn config file doesn't contain client-... Viktor Gurov
07:29 AM Bug #12236 (Pull Request Review): IPsec bypass rules display help text under each entry
Jim Pingle
12:06 AM Bug #12236: IPsec bypass rules display help text under each entry
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/331 Viktor Gurov
12:00 AM Bug #12236 (Resolved): IPsec bypass rules display help text under each entry
IPsec bypass rules display help text under each entry
see the screenshot Viktor Gurov
07:28 AM Regression #12233 (Pull Request Review): VIP network addresses are not expanded on Port Forward rules
Jim Pingle
03:35 AM Feature #11935: Log external IP address of OpenVPN clients on connect and disconnect
Jim Pingle wrote in #note-9:
> Alhusein Zawi wrote:
> > IP address is not added to openvpn log yet
>
> Where did... Viktor Gurov
03:13 AM pfSense Docs New Content #12237 (Duplicate): Add information on ``ifqmaxlen`` to Hardware Tuning and Troubleshooting
*Page:* https://docs.netgate.com/pfsense/en/latest/hardware/tune.html
*Feedback:*
Need to add optimization of i... Viktor Gurov
03:10 AM pfSense Docs New Content #10311: Default net.link.ifqmaxlen value leads to packet loss under load in OpenVPN
This is a really useful tweak, we have to add it to https://docs.netgate.com/pfsense/en/latest/hardware/tune.html Viktor Gurov
02:27 AM Regression #12172: OpenVPN Wizard configuration missing recently added default values
Marcos Mendoza wrote in #note-4:
>
> Resulting @config.xml@ is correct. After repeating steps (reusing created CA ... Viktor Gurov

08/09/2021

11:54 PM Regression #12233: VIP network addresses are not expanded on Port Forward rules
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/330 Viktor Gurov
07:41 AM Regression #12233 (Confirmed): VIP network addresses are not expanded on Port Forward rules
Jim Pingle
07:12 PM Revision ffcf19c6: Register current pkg_set_version
On pfSense-base post-install script, register current pkg_set_version as
the same of /etc/version Renato Botelho
07:12 PM Revision 1d5cbd11: Set PFSENSE_PKG_SET_VERSION to PRODUCT_VERSION
This is going to be used by pfSense-upgrade port to set pkg_set_version
based on PRODUCT_VERSION Renato Botelho
07:12 PM Revision 6bfe7f67: Allow %%PRODUCT_VERSION%% to be used on make.conf
Renato Botelho
06:32 PM Feature #4632: Support for Multipath TCP (MPTCP)
Jim Thompson wrote in #note-6:
> when it's in FreeBSD.
Since my 2011 bounty for adding IPv6 support to pfSense <h... Lucky Green
06:07 PM Regression #11787: Thermal sensors widget no longer shows values from certain hardware
Hello, I just tried this on a Chelsio T6 card. I can get the temp ("dev.t6nex.0.temperature") for the card at the com... Michael Smith
05:56 PM pfSense Packages Feature #11210: 3rd party rulesets
https://github.com/pfsense/FreeBSD-ports/pull/1089 Viktor Gurov
03:30 PM Todo #12235 (Feedback): ``pfSense-upgrade`` should reinstall all packages on new version upgrades
Implemented on pfSense-upgrade 1.0_2 Renato Botelho
03:30 PM Todo #12235 (Resolved): ``pfSense-upgrade`` should reinstall all packages on new version upgrades
Today pfSense rely only on pkg to detect what must or not be upgraded. Sometimes a package is rebuilt using the same... Renato Botelho
02:15 PM Revision 6c3bfb73: OpenVPN status f/tap+empty tunnel net Fixes #12232
Jim Pingle
10:40 AM Regression #12234 (Resolved): Wireless Channel/Width Issues with GUI
As seen below this was introduced in the update after the July 19th snapshot that was released. The wireless list has... Nick K
09:25 AM Bug #12232 (Feedback): OpenVPN status incorrect for TAP servers without a defined tunnel network
Applied in changeset commit:6c3bfb7322105ea0ab6f0fa30a8f63787afbb76e. Jim Pingle
09:20 AM Bug #12232: OpenVPN status incorrect for TAP servers without a defined tunnel network
When in tap mode with an empty tunnel network, OpenVPN puts the tunnel into "point-to-point" mode which behaves like ... Jim Pingle
08:30 AM Bug #12232 (Confirmed): OpenVPN status incorrect for TAP servers without a defined tunnel network
I can reproduce it here using the settings from the XML file already attached on the issue.
Client shows connected... Jim Pingle
08:12 AM pfSense Packages Bug #11965 (Resolved): Avahi service started twice by /etc/rc.start_package
Jim Pingle
07:53 AM pfSense Packages Bug #11965: Avahi service started twice by /etc/rc.start_package
Solved. Thanks for looking into it. Steve Harrington
08:11 AM pfSense Plus Bug #11466 (Confirmed): PHP exits with signal 11 on SG-3100 when calling PCRE functions
The overall problem is still not solved. 21.05.1 shipped with JIT disabled, but JIT is enabled on 21.09 for testing.
... Jim Pingle
07:33 AM Feature #12181 (Resolved): Add connect/disconnect buttons to IPsec dashboard widget
Jim Pingle
07:32 AM Bug #11187 (Closed): WAN_DHCP6 down, but IPv6 actually works
Jim Pingle
07:32 AM Bug #11187: WAN_DHCP6 down, but IPv6 actually works
Darin May wrote in #note-13:
> I've been wondering is there should be two default gateways, once for each IPv4 and I... Jim Pingle

08/08/2021

06:29 PM Regression #12172: OpenVPN Wizard configuration missing recently added default values
Note, the decoded TLS key is the same, only the xml contains different encoded text.
I can reproduce the issue des... Marcos M
05:58 PM Bug #12168 (Resolved): 1:1 NAT rule with internal IP address of "Any" results in an invalid firewall rule
Rule created correctly:
@binat on vmx0 inet from any to any -> 10.0.5.201@
Tested on:
21.09-DEVELOPMENT (amd64)
buil... Marcos M
05:47 PM Bug #11909 (Resolved): Output from reboot process is printed on Backup & Restore page when restoring a configuration file
Output no longer shown on page.
Tested on:
21.09-DEVELOPMENT (amd64)
built on Sun Aug 08 01:12:39 EDT 2021 Marcos M
04:12 PM Regression #12233 (Resolved): VIP network addresses are not expanded on Port Forward rules
On 2.4.5p1, it was possible to select an auto-expanded IP derived from VIP network expansion. On the latest stable an... Marcos M
01:56 PM Bug #9058: Kernel panic during L2TP retransmit
It was clear to me, that those messages are only for debugging - I was concerned, that the timer is still running for... Bianco Veigel
09:15 AM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions
Kris Phillips wrote in #note-57:
> Did we end up with PCRE JIT disabled still in 21.05.1 or was the disabled JIT com... Marcos M

08/07/2021

08:52 PM pfSense Packages Bug #12157 (Confirmed): Snort exits with Signal 10 on 32bit ARM platforms
I've confirmed this behavior on an SG-3100 on 21.05.1 once we fixed the Signal 11 issue in the above-linked redmine. ... Kris Phillips
08:47 PM Bug #12232: OpenVPN status incorrect for TAP servers without a defined tunnel network
I'm not able to reproduce this bug on 21.05.1. This may be a CE-only issue as I can see a status page in TAP mode on... Kris Phillips
02:29 PM Bug #12232 (Resolved): OpenVPN status incorrect for TAP servers without a defined tunnel network
Creating an OpenVPN server TAP mode without specifying the IPv4 Tunnel Network will result in the Status>OpenVPN page... Max Leighton
08:32 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions
Did we end up with PCRE JIT disabled still in 21.05.1 or was the disabled JIT component re-enabled with the new build... Kris Phillips
03:48 PM Feature #12181: Add connect/disconnect buttons to IPsec dashboard widget
added
2.6.0.a.20210806.0100
 Alhusein Zawi
03:30 PM pfSense Packages Bug #11627 (Resolved): rc file is not deleted
Tested with arpwatch 0.2.0_5.
/usr/local/etc/rc.d/arpwatch.sh is removed after disabling the service. Marking the... Max Leighton
02:41 PM Revision fbf4a07f: Correct syntax. Fixes #12229
Jim Pingle
02:32 PM Bug #11187: WAN_DHCP6 down, but IPv6 actually works
I've been wondering is there should be two default gateways, once for each IPv4 and IPv6. I only see default marked ... Loh Phat
02:25 PM Bug #11187: WAN_DHCP6 down, but IPv6 actually works
Looks like it doesn't happen with 2.5.2 anymore (gateway still online after 31d of uptime) Aleksandr Mezin
01:51 PM Regression #12186 (Resolved): <br> tags shown in Status>IPsec
Tested in
21.09-DEVELOPMENT (amd64)
built on Fri Aug 06 01:12:10 EDT 2021
FreeBSD 12.2-STABLE
Looks good. Ma... Max Leighton
01:30 PM Bug #12231 (Duplicate): Upgrade to latest Dev Build results in broken install
Duplicate of #12229 Jim Pingle
01:13 PM Bug #12231 (Duplicate): Upgrade to latest Dev Build results in broken install
Upgrading to 2.6.0.a.20210807.0500 or 21.09.a.20210807.0500 is resulting in the following after the upgrade completes... Max Leighton
10:04 AM Bug #9058: Kernel panic during L2TP retransmit
All the messages will be removed soon. They are only there right now to confirm the problem condition is being exerci... Mateusz Guzik
06:08 AM Bug #9058: Kernel panic during L2TP retransmit
Now I'm getting the following message every minute:... Bianco Veigel
06:01 AM Bug #9058: Kernel panic during L2TP retransmit
Mateusz Guzik wrote in #note-35:
> Hi Bianco,
>
> did you get the chance to test the fix?
>
> If you check dme... Bianco Veigel
09:50 AM Regression #12229: Revision 0d3747aa - missing semicolons
Applied in changeset commit:fbf4a07f41f93745850adf5a3b1ea345628693ab. Jim Pingle
09:43 AM Regression #12229 (Feedback): Revision 0d3747aa - missing semicolons
Pushed a fix Jim Pingle
05:56 AM Regression #12229 (Resolved): Revision 0d3747aa - missing semicolons
A couple missing semicolons after return statements in system.inc Steve Harrington
09:42 AM Bug #12230 (Duplicate): Fatal parse error in 2.6.0.a.20210807.0500 breaks boot
Duplicate of #12229 Jim Pingle
07:11 AM Bug #12230 (Duplicate): Fatal parse error in 2.6.0.a.20210807.0500 breaks boot
"Parse error: syntax error, unexpected '}', expecting ';' in /etc/inc/system.inc on line 1671" error causes 2.6.0.a.2... RED SKULL

08/06/2021

11:54 PM pfSense Packages Bug #12088 (Resolved): Setting Advertise Capability to ORF leads to invalid configuration preventing frr from starting
Working well. Marking as resolved. Marcos M
05:07 PM Bug #12095: Memory leak in pcscd
I haven't run into this issue before but just today I noticed swap usage at 100% and memory was very high, turns out ... Sean M
04:24 PM Bug #9058: Kernel panic during L2TP retransmit
Sounds good, thanks for the update! Mateusz Guzik
04:18 PM Bug #9058: Kernel panic during L2TP retransmit
I've updated to 2.6.0-DEVELOPMENT (amd64) built on Fri Aug 06 01:10:08 EDT 2021 this evening, and am waiting if it cr... Bianco Veigel
04:15 PM Bug #9058: Kernel panic during L2TP retransmit
Hi Bianco,
did you get the chance to test the fix?
If you check dmesg and see messages like these:... Mateusz Guzik
03:40 PM Revision 0d3747aa: Improve NTP serial port validation. Fixes #12191
Jim Pingle
03:01 PM Regression #11910: IPsec status tunnel descriptions are incorrect

> That should be fixed along with everything else in snapshots. Try it there.
Confirmed! 21.09.a.20210806.0100 f... Charles Hamilton
01:26 PM Bug #12202 (Pull Request Review): When a CARP VIP VHID change is synchronized to a secondary node, the CARP VIP is removed from the interface and the old VHIDs remain active
Jim Pingle
01:04 PM Bug #12202: When a CARP VIP VHID change is synchronized to a secondary node, the CARP VIP is removed from the interface and the old VHIDs remain active
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/329 Viktor Gurov
11:45 AM Regression #12228: States table content in GUI is corrupted/invalid on snapshots
Plus snapshot: 21.09.a.20210806.0500
CE snapshot: 2.6.0.a.20210806.0500 Jim Pingle
11:41 AM Regression #12228 (Resolved): States table content in GUI is corrupted/invalid on snapshots
On current Plus 21.09 and CE 2.6.0 snapshots @diag_dump_states.php@ contains invalid data (see attached image).
Th... Jim Pingle
10:08 AM pfSense Packages Bug #12220 (Rejected): BIND package missing in 2.6.0-DEVELOPMENT
The package is present on current snapshots. You have some issue locally on your firewall. This site is not for suppo... Jim Pingle
10:01 AM Bug #12227 (Pull Request Review): Changing VHID on CARP VIP does not update VHID of related IP Alias VIPs
Jim Pingle
09:28 AM Bug #12227: Changing VHID on CARP VIP does not update VHID of related IP Alias VIPs
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/328 Viktor Gurov
07:59 AM Bug #12227 (Resolved): Changing VHID on CARP VIP does not update VHID of related IP Alias VIPs
192.168.88.44 - CARP VIP (VHID: 1)
192.168.88.45 - IP Alias on CARP VIP:... Viktor Gurov
08:05 AM Feature #12226 (Pull Request Review): Copy button for group entries in the User Manager
Jim Pingle
05:28 AM Feature #12226: Copy button for group entries in the User Manager
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/327 Viktor Gurov
05:20 AM Feature #12226 (Resolved): Copy button for group entries in the User Manager
It would be very helpful to have a "Copy group" icon on system_groupmanager.php page to manage groups with a large nu... Viktor Gurov
07:59 AM Bug #12225 (Pull Request Review): Group membership field is not needed for remote groups
Jim Pingle
05:04 AM Bug #12225: Group membership field is not needed for remote groups
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/326 Viktor Gurov
04:33 AM Bug #12225 (Rejected): Group membership field is not needed for remote groups
The "Group Membership" field on the system_groupmanager.php page is not needed if Scope = Remote
It can be confusing... Viktor Gurov
07:56 AM Bug #12224 (Pull Request Review): OpenVPN page allows to delete/disable instance with an assigned interface
Jim Pingle
03:54 AM Bug #12224: OpenVPN page allows to delete/disable instance with an assigned interface
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/325 Viktor Gurov
03:17 AM Bug #12224 (Resolved): OpenVPN page allows to delete/disable instance with an assigned interface
OpenVPN page allows to delete/disable an instance with an assigned interface
which leads to the wrong interface assi... Viktor Gurov
07:38 AM Bug #11891 (Pull Request Review): strongSwan configuration contains incorrect structure for mobile pool DNS records
Jim Pingle
01:42 AM Bug #11891: strongSwan configuration contains incorrect structure for mobile pool DNS records
Jim Pingle wrote in #note-6:
> Reverted RADIUS-specific parts of the change here for now, it was causing the configur... Viktor Gurov
07:36 AM Bug #12223 (Pull Request Review): Configuration files are not deleted after disabling an OpenVPN instance
Jim Pingle
01:37 AM Bug #12223: Configuration files are not deleted after disabling an OpenVPN instance
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/324 Viktor Gurov
12:52 AM Bug #12223 (Resolved): Configuration files are not deleted after disabling an OpenVPN instance
After setting "Disable this server" checkbox files under @/var/etc/openvpn/server|clientX/@ are not deleted Viktor Gurov
07:35 AM Bug #11999 (Pull Request Review): OpenVPN IPv6 tunnel network is not validated properly
Jim Pingle
01:21 AM Bug #11999: OpenVPN IPv6 tunnel network is not validated properly
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/323 Viktor Gurov
07:18 AM pfSense Packages Bug #11780: Suricata package fails to prune suricata.log
related discussion:
https://forum.netgate.com/topic/165352/suricata-log-rotation-bug Viktor Gurov
12:40 AM Feature #12222 (Rejected): OpenVPN with LDAP active directory auth with Two factor authentication
This should be implemented on the backend side, but not on the appliance.
For example, you can already use a RADIU... Viktor Gurov
12:32 AM Feature #12222 (Rejected): OpenVPN with LDAP active directory auth with Two factor authentication
Hi, it would be very useful to add two factor functionality (google authenticator for example) for OpenVPN with activ... Franz Angeli

08/05/2021

10:05 PM Revision 868c1a67: Init [''system']['acb']
Steve Beaver
06:03 PM Revision 3f818d8a: OpenVPN GUI field adjustments. Implements #12218
* Move description to the top of the page
* For clients and servers, show the ID and corresponding interface name
* S... Jim Pingle
04:14 PM pfSense Packages Bug #12220 (Rejected): BIND package missing in 2.6.0-DEVELOPMENT
After upgrading to 2.6.0-DEVELOPMENT there is no BIND package anymore. Bianco Veigel
03:45 PM Revision a7705968: IPsec Keep Alive corrections. Fixes #12169
* Checked CARP VIP status if used by P1, if VIP is in BACKUP or INIT
state, it does not attempt to initiate.
* Disabl... Jim Pingle
03:19 PM Regression #11986 (Resolved): Static routes may not be in routing table when expected
As noted above, this was worked around for now by reverting the commits from #11296 but I'm changing this one slightl... Jim Pingle
02:11 PM pfSense Packages Bug #12101 (Pull Request Review): ArpWatch Suppression Mac for "flip-flop" not suppressing
Jim Pingle
11:45 AM pfSense Packages Bug #12101: ArpWatch Suppression Mac for "flip-flop" not suppressing
fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/112 Viktor Gurov
01:47 PM Feature #12190: Ability to use an IPv6 prefix in firewall rules
I see alias addresses in FW rules are stored as $alias_name when resolved by filter_generate_address(). Can someone ... Greg Wallace
01:10 PM Todo #12218 (Feedback): Move "Description" option on OpenVPN server and client pages to top of the page, show internal instance ID
Applied in changeset commit:3f818d8a52dc965cb48e367cd1f22542b6058c0c. Jim Pingle
11:35 AM Todo #12218 (In Progress): Move "Description" option on OpenVPN server and client pages to top of the page, show internal instance ID
Jim Pingle
09:50 AM Todo #12218 (Resolved): Move "Description" option on OpenVPN server and client pages to top of the page, show internal instance ID
More logical to have the description be first to easily identify the tunnel at a glance.
Also, show the internal I... Jim Pingle
10:58 AM Regression #12215 (Feedback): OpenVPN does not resync when running on a gateway group
Unable to reproduce on 2.6.0.a.20210805.0500 -
OpenVPN with gwgroup successfully resync on gateway failure/restore
... Viktor Gurov
05:06 AM Regression #12215 (Closed): OpenVPN does not resync when running on a gateway group
Hi all,
It seems that quite a bit of the codebase has changed in the relevant files since the fix I implemented in... James Webb
10:55 AM Feature #12169 (Feedback): IPsec keep alive option to initiate phase 2 without using ICMP
Applied in changeset commit:a7705968eac0b3d21739d88736610aed4785426d. Jim Pingle
10:54 AM pfSense Packages Regression #12125 (Resolved): squidguard 1.16.18_19 conguration error
PR merged. Jim Pingle
10:49 AM pfSense Packages Regression #12125 (Feedback): squidguard 1.16.18_19 conguration error
Merged Viktor Gurov
07:58 AM pfSense Packages Regression #12125 (Pull Request Review): squidguard 1.16.18_19 conguration error
Jim Pingle
04:34 AM pfSense Packages Regression #12125: squidguard 1.16.18_19 conguration error
fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/111 Viktor Gurov
10:19 AM Bug #12219 (Resolved): Prevent using OpenVPN "Inactive" option with point-to-point modes
By default on current versions we set the OpenVPN server option Inactive to 300 (See #11699) but this should only be ... Jim Pingle
09:44 AM Regression #12217: Kernel panic in IPFW when using Captive Portal
Attaching textdump from test VM without CARP. Jim Pingle
09:37 AM Regression #12217: Kernel panic in IPFW when using Captive Portal
Removing CARP from the subject since it doesn't appear to be a requirement to reproduce. Jim Pingle
09:26 AM Regression #12217: Kernel panic in IPFW when using Captive Portal
This is actually easier to reproduce than I thought. If I take a fresh install of pfSense CE on a current snapshot (2... Jim Pingle
09:17 AM Regression #12217 (Resolved): Kernel panic in IPFW when using Captive Portal
Starting around the 2.6.0 snapshot on August 3rd (20210803*), a VM configured for HA with Captive Portal experiences ... Jim Pingle
09:39 AM Bug #12039 (Pull Request Review): Gateway alarm always triggers IPsec restart
Jim Pingle
09:21 AM Bug #12216 (Pull Request Review): ARM 32/64 network boot options are not parsed on Static DHCP Mapping page
Jim Pingle
09:13 AM Bug #12216: ARM 32/64 network boot options are not parsed on Static DHCP Mapping page
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/322 Viktor Gurov
08:33 AM Bug #12216 (Resolved): ARM 32/64 network boot options are not parsed on Static DHCP Mapping page
Saved entries "32-bit ARM file name" and "64-bit ARM file name" are not displayed on page refresh
and do not affect ... Viktor Gurov
08:15 AM Feature #11659 (Pull Request Review): Support for UEFI HTTP Boot option in DHCPv4 Server
Jim Pingle
08:14 AM Feature #11659: Support for UEFI HTTP Boot option in DHCPv4 Server
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/321 Viktor Gurov
07:57 AM pfSense Packages Bug #12204 (Pull Request Review): Certificate Manager page doesn't show Syslog-NG used certificates
Jim Pingle
02:35 AM pfSense Packages Bug #12204: Certificate Manager page doesn't show Syslog-NG used certificates
fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/110 Viktor Gurov
07:55 AM Feature #12213 (Pull Request Review): Support SHA-256 hash NTP authentication
Jim Pingle
01:44 AM Feature #12213: Support SHA-256 hash NTP authentication
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/320 Viktor Gurov
01:18 AM Feature #12213 (Resolved): Support SHA-256 hash NTP authentication
Many vendors also support SHA256 NTP authentification:
Juniper - MD5, SHA1, SHA256
Huawei - MD5, SHA256
Palo Alto ... Viktor Gurov
07:49 AM Bug #12212 (Pull Request Review): Disabled IPsec VTI interfaces are always created
Jim Pingle
01:10 AM Bug #12212: Disabled IPsec VTI interfaces are always created
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/319 Viktor Gurov
01:08 AM Bug #12212 (Resolved): Disabled IPsec VTI interfaces are always created
Regardless of the enable/disable checkbox IPsec PH2 VTIs are always created (see ifconfig output) Viktor Gurov
07:34 AM Bug #12211 (Feedback): Email Notifications not working with Special Characters in Password
Mail is sent using the PHP Pear Mail library which in turn uses PHP Pear Net_SMTP to handle the SMTP connection inclu... Jim Pingle
07:16 AM Bug #9058: Kernel panic during L2TP retransmit
Bianco Veigel wrote in #note-33:
> I've upgraded to 2.6.0-DEVELOPMENT built on Wed Aug 04 01:14:35 EDT 2021 and it c... Renato Botelho
02:35 AM Bug #9058: Kernel panic during L2TP retransmit
I've upgraded to 2.6.0-DEVELOPMENT built on Wed Aug 04 01:14:35 EDT 2021 and it crashed again. The crash dumps are at... Bianco Veigel
05:54 AM Bug #6370 (Confirmed): IPSEC bound to WAN gateway group and Dynamic DNS doesn't to fail back tunnel to WAN on DDNS update
I see the same issue on 21.05 Viktor Gurov
04:39 AM pfSense Docs Todo #12214 (New): Inconsistent usage of GUI/WebGUI/webConfigurator
The GUI is talked about in earlier pages of the documentation as being known as WebGUI
The page detailing "Connect... David Boo
01:20 AM Feature #8794: NTP authentication support
Ansley Barnes wrote in #note-10:
> Is it possible to add the option for SHA256 authentication? The underlying NTPd v... Viktor Gurov

08/04/2021

09:15 PM Revision 6bdf2d74: Increase the number of logs we are keeping
Brad Davis
08:58 PM Bug #12211 (Closed): Email Notifications not working with Special Characters in Password
I have tested this and confirmed with two different gmail accouts.
an account has a ! is password. This account fa... mr rosh
08:41 PM Revision 65fc53d1: Remove a trailing \r that prevents s3 rm from working
Brad Davis
07:42 PM Revision 0ef74a74: missing space in function parameters
lufte grof
07:25 PM Revision a70d6132: Use the cached gateways_status in gateway_info_popup() call
lufte grof
07:13 PM Revision f8993f22: Inline presentation instead of print/echo in PHP
lufte grof
05:29 PM Revision dafe25ea: Ensure ACB config section exists
Steve Beaver
05:25 PM Revision 1dd1832f: Install ACB cron job on upgrade
Steve Beaver
05:10 PM Revision b7ab1742: Set the output format to avoid \r on line endings preventing log files from being deleted
Brad Davis
02:40 PM Bug #11843 (Closed): Potential XSS vulnerability in Captive Portal ``redirurl`` handling
I can no longer reproduce the problem on 2.6.0 or 21.05.1. Jim Pingle
12:32 PM Feature #12193: AutoConfigBackup performance improvements
ACB cron job is now installed on config upgrade if ACB is enabled. Anonymous
11:55 AM pfSense Plus Bug #12200: 32-bit ARM performance regression
Formatting / updating subject for release notes. Jim Pingle
10:25 AM pfSense Plus Bug #12200 (Resolved): 32-bit ARM performance regression
Scott Long
10:25 AM pfSense Plus Bug #12200 (Resolved): 32-bit ARM performance regression
Based on reports from users and from internal testing, we determined that there was a performance regression on the S... Scott Long
11:50 AM pfSense Packages Bug #12206 (Resolved): Certificate Manager page doesn't show Net-SNMP used certificates
On the system_certmanager.php page, you can see the "In Use" column which reflects the certificates used by IPsec/Ope... Viktor Gurov
11:48 AM pfSense Packages Bug #12205 (Resolved): Certificate Manager page doesn't show Squid used certificates
On the system_certmanager.php page, you can see the "In Use" column which reflects the certificates used by IPsec/Ope... Viktor Gurov
11:47 AM pfSense Packages Bug #12204 (Resolved): Certificate Manager page doesn't show Syslog-NG used certificates
On the system_certmanager.php page, you can see the "In Use" column which reflects the certificates used by IPsec/Ope... Viktor Gurov
11:43 AM pfSense Docs Todo #12203 (Rejected): Feedback on Releases — 21.05 New Features and Changes
That isn't widespread enough to warrant giving it that kind of attention and it is not a recent regression.
None o... Jim Pingle
11:39 AM pfSense Docs Todo #12203 (Rejected): Feedback on Releases — 21.05 New Features and Changes
*Page:* https://docs.netgate.com/pfsense/en/latest/releases/21-05.html
*Feedback:*
Add info about #11545 regres... Viktor Gurov
11:10 AM Bug #12198 (Pull Request Review): Disabling an IPsec phase 1 entry does not disable related phase 2 entries
Jim Pingle
11:07 AM Bug #12198: Disabling an IPsec phase 1 entry does not disable related phase 2 entries
Jim Pingle wrote in #note-2:
> IMO, the P2s should not get their own disabled flag set in this case. The code should... Viktor Gurov
09:52 AM Bug #12198: Disabling an IPsec phase 1 entry does not disable related phase 2 entries
IMO, the P2s should not get their own disabled flag set in this case. The code should assume they are disabled if the... Jim Pingle
08:42 AM Bug #12198 (Resolved): Disabling an IPsec phase 1 entry does not disable related phase 2 entries
How to reproduce:
1) Create IPsec PH1 with several PH2 VTI entries
2) Toggle "disable" button on the vpn_ipsec.php ... Viktor Gurov
11:08 AM Bug #11909 (Pull Request Review): Output from reboot process is printed on Backup & Restore page when restoring a configuration file
Jim Pingle
10:16 AM Bug #11909: Output from reboot process is printed on Backup & Restore page when restoring a configuration file
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/317 Viktor Gurov
11:07 AM Bug #12202 (Resolved): When a CARP VIP VHID change is synchronized to a secondary node, the CARP VIP is removed from the interface and the old VHIDs remain active
Set up a CARP VIP between two nodes.
Primary:... Chris Linstruth
10:30 AM pfSense Plus Todo #12201 (Closed): Native hardware package builds for 32-bit ARM
Adding for tracking purposes, this is already complete.
Items from the packages repository included in base and as... Jim Pingle
09:58 AM Feature #11750 (Pull Request Review): Support for network interfaces using the ``qlnxe`` driver
Jim Pingle
09:44 AM Feature #11750: Support for network interfaces using the ``qlnxe`` driver
module support:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/316 Viktor Gurov
09:53 AM Bug #12199 (Not a Bug): ipsec pre-shared keys are stored in cleartext
https://docs.netgate.com/pfsense/en/latest/backup/password-security.html Jim Pingle
09:49 AM Bug #12199 (Not a Bug): ipsec pre-shared keys are stored in cleartext
If one adds a pre-shared key via VPN -> IPSec -> Pre-Shared Keys, these keys are visible and stored in cleartext.
Pl... Stefan Bauer
08:10 AM Feature #12194 (Pull Request Review): Support Check IP services which return bare IP address values
Jim Pingle
12:14 AM Feature #12194: Support Check IP services which return bare IP address values
https://github.com/pfsense/pfsense/pull/4512 Viktor Gurov
12:14 AM Feature #12194 (Resolved): Support Check IP services which return bare IP address values
I wanted to be able to use Check IP Services other than DynDNS.
Most Check IP Services respond only with an IP.
f... Viktor Gurov
08:09 AM Bug #12197 (Pull Request Review): Mobile IPsec phase 1 should not display "Gateway duplicates" option
Jim Pingle
05:56 AM Bug #12197: Mobile IPsec phase 1 should not display "Gateway duplicates" option
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/315 Viktor Gurov
04:54 AM Bug #12197 (Resolved): Mobile IPsec phase 1 should not display "Gateway duplicates" option
There is no need in "Gateway duplicates" option (#10214) for Mobile IPsec tunnels as they always work in "Responsive ... Viktor Gurov
08:07 AM Regression #11447 (Pull Request Review): EAP-RADIUS Mobile IPsec clients with RADIUS-assigned addresses do not get additional configuration attributes
Jim Pingle
05:52 AM Regression #11447: EAP-RADIUS Mobile IPsec clients with RADIUS-assigned addresses do not get additional configuration attributes
revert to pre-2.5 style (attr in strongswan.conf) which works fine:
https://gitlab.netgate.com/pfSense/pfSense/-/mer... Viktor Gurov
08:03 AM Todo #10298 (Pull Request Review): Use SHA-512 for user password hashes
Jim Pingle
03:40 AM Todo #10298: Use SHA-512 for user password hashes
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/313 Viktor Gurov
07:57 AM Bug #12196 (Pull Request Review): IPsec settings fail to apply when a remote gateway is set to an FQDN and there are no DNS servers available
Jim Pingle
12:58 AM Bug #12196: IPsec settings fail to apply when a remote gateway is set to an FQDN and there are no DNS servers available
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/312 Viktor Gurov
12:55 AM Bug #12196 (Resolved): IPsec settings fail to apply when a remote gateway is set to an FQDN and there are no DNS servers available
How to reproduce:
1) Disable DNS servers or configure non-existent DNS servers on the System / General Setup page;
... Viktor Gurov
07:57 AM Bug #12195 (Pull Request Review): IPsec writes CRL files when tunnel does not use certificates
Jim Pingle
12:25 AM Bug #12195: IPsec writes CRL files when tunnel does not use certificates
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/311 Viktor Gurov
12:19 AM Bug #12195 (Resolved): IPsec writes CRL files when tunnel does not use certificates
@ipsec_setup_secrets()@ always writes CRL files, even if there is no PH1 cert authentication (PSK-only) Viktor Gurov
07:53 AM Bug #12174 (Pull Request Review): Firewall rule tabs load slowly when many rules on the tab utilize gateways
Jim Pingle
01:00 AM Bug #12026: Applying IPsec settings for many tunnels is slow or times out
New issues: #12195 and #12196 Viktor Gurov

08/03/2021

05:23 PM Revision e4a2bd9b: Fix selector
Steve Beaver
05:12 PM Revision 5ae46c60: Completes #12193. Ready for testing. Revert only this commit to go back to old ACB system.
Steve Beaver
03:20 PM Revision 90574ebd: Delete unsupported backups
Steve Beaver
03:18 PM Revision 0a74e0dd: Prototype cron script to upload ACB backups per #12193
Steve Beaver
03:16 PM Revision 28cb1a27: Fix OpenVPN CA/CRL cleanup. Fixes #12192
Jim Pingle
02:34 PM Revision 4e24b1fb: Validate gpsport. Fixes #12191
(cherry picked from commit bf21f67bbe2d1694ad1ad72728623dded9ace426) Jim Pingle
02:33 PM Revision bf21f67b: Validate gpsport. Fixes #12191
Jim Pingle
01:42 PM Feature #11374: WireGuard Status in GUI
Would you please consider adding WG to the Available Widgets as part of this ticket ? Yuri Weinstein
01:15 PM Bug #9058: Kernel panic during L2TP retransmit
Bianco Veigel wrote in #note-31:
> Is there anything I can do, to help you fix this? I'm still hitting this bug regu... Renato Botelho
12:11 PM Feature #12193 (Feedback): AutoConfigBackup performance improvements
* When time based backups are selected, and no minutes value provided, a random value is generated and presented to t... Anonymous
10:16 AM Feature #12193 (Resolved): AutoConfigBackup performance improvements
This feature requires two main changes:
# ACB backups from systems we don't allow (pfBlocker, snort, minicron etc) s... Anonymous
10:25 AM Bug #12192 (Feedback): OpenVPN does not clean up previous CA and CRL files
Applied in changeset commit:28cb1a275654001866037928c65bb15471e86d60. Jim Pingle
10:15 AM Bug #12192 (Confirmed): OpenVPN does not clean up previous CA and CRL files
Jim Pingle
09:43 AM Bug #12192 (Resolved): OpenVPN does not clean up previous CA and CRL files

Create a Peer to Peer (SSL/TLS) with Peer Certificate Authority One. After saving change the Peer Certificate Autho... Rafael Grothmann
09:40 AM Bug #12191 (Feedback): File overwrite in ``services_ntpd_gps.php`` via ``gpsport`` parameter
Applied in changeset commit:bf21f67bbe2d1694ad1ad72728623dded9ace426. Jim Pingle
09:09 AM Bug #12191 (Resolved): File overwrite in ``services_ntpd_gps.php`` via ``gpsport`` parameter
The @gpsport@ parameter is not validated properly when set in @services_ntpd_gps.php@ or during NTP setup in @service... Jim Pingle

08/02/2021

11:04 PM Revision 85ea410d: Bug #12174 - rename gw_table to gw_info
lufte grof
10:58 PM Revision c79b9cfe: Bug #12174 - cache results from gateway_info_popup function
lufte grof
08:07 PM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port
That would not make a difference in this case unfortunately - the IGDv2 issue was fixed long ago and has its own redm... Marcos M
06:19 PM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port
Have you guys tried manually adding
force_igd_desc_v1=yes
to the config located at
/var/etc/miniupnpd.conf
Just loo... Greg Wallace
07:53 PM Revision 021ffa03: IPsec identifier type updates. Implements #12044
Correct names to reflect what the actual types are (e.g. Distinguished
name is really FQDN)
Add an explicit "auto" t... Jim Pingle
06:32 PM Revision a3d2c861: Add P2 Keep Alive function. Implements #12169
Works for VTI and Tunnel mode. Checks every 5 minutes if the P2 is connected and
initiates if it doesn't.
Since a fa... Jim Pingle
06:29 PM Bug #12174: Firewall rule tabs load slowly when many rules on the tab utilize gateways
https://github.com/pfsense/pfsense/pull/4535 lufte grof
05:01 PM Bug #12174: Firewall rule tabs load slowly when many rules on the tab utilize gateways
Ok, I'll work on a PR.
I took what you said and applied it. My latest doesn't touch guiconfig.inc. Instead, fire... lufte grof
02:49 PM Bug #12174 (In Progress): Firewall rule tabs load slowly when many rules on the tab utilize gateways
The main problems with that are:
* You're moving too much of that logic onto the page and out of the include file.... Jim Pingle
02:39 PM Bug #12174: Firewall rule tabs load slowly when many rules on the tab utilize gateways
Jim Pingle wrote in #note-2:
> Applied in changeset commit:87011dce1fe88ad48c098d6b6804add53cf64084.
Hi, Jim. Ap... lufte grof
05:45 PM Feature #6626: Support for IPv6 firewall entries with dynamic delegated prefix and static host address
I opened Feature #12190 to address the remaining issues/considerations.
https://redmine.pfsense.org/issues/12190 Greg Wallace
05:44 PM Feature #12190 (New): Ability to use an IPv6 prefix in firewall rules
Many users have internet connections with a dynamic ipv6 prefix (a real joy). Currently firewall rules can only refe... Greg Wallace
05:16 PM Feature #12169 (In Progress): IPsec keep alive option to initiate phase 2 without using ICMP
Almost certainly since this just checks if a P2 with the option checked it enabled and disconnected. If so, it trigge... Jim Pingle
04:37 PM Feature #12169: IPsec keep alive option to initiate phase 2 without using ICMP
Currently after a gateway comes back up, @check_reload_status@ will run "Restarting ipsec tunnels". This is not trigg... Marcos M
01:40 PM Feature #12169 (Feedback): IPsec keep alive option to initiate phase 2 without using ICMP
Applied in changeset commit:a3d2c8617ae7d9cabc6ce37cf8d1202b6c58f6df. Jim Pingle
04:54 PM Revision cbd2aad1: Fix IPsec buttons for Connecting. Fixes #12189
Status page was showing a connect button for tunnels which were already
connecting. It now shows a disconnect button ... Jim Pingle
03:47 PM Todo #10298: Use SHA-512 for user password hashes
(SHA-512 so it matches FreeBSD) Brad Davis
03:44 PM Todo #10298: Use SHA-512 for user password hashes
Can you implement this and switch to SHA-512? Brad Davis
03:05 PM Todo #12044 (Feedback): Improve IPsec identifier settings
Applied in changeset commit:021ffa0316b05618726243489ad44de91a8c57c4. Jim Pingle
02:42 PM Revision dd4ea276: Fix title length
ilmarranen alex
12:08 PM Bug #6624: changes in IPsec config should down the connection
This is going to take a bit more thought yet. Some factors make it more complicated than it seems on the surface:
... Jim Pingle
12:05 PM Bug #12189 (Feedback): IPsec status shows connect buttons while tunnel is connecting
Applied in changeset commit:cbd2aad16d97284280daf584fb713a2c6c3e5249. Jim Pingle
11:57 AM Bug #12189: IPsec status shows connect buttons while tunnel is connecting
Widget showed a disconnect button already. It showed P1 as connected, however, but if that's not expected that is goi... Jim Pingle
11:52 AM Bug #12189 (Resolved): IPsec status shows connect buttons while tunnel is connecting
When a tunnel is in the "Connecting" state, the IPsec status page at status_ipsec.php shows two connect buttons, when... Jim Pingle
12:04 PM Revision b751eaa9: Fix double encoding. Fixes #12186
The values in these arrays are already encoded, no need to do it again. Jim Pingle
09:21 AM Regression #11910: IPsec status tunnel descriptions are incorrect
Charles Hamilton wrote in #note-18:
> It seems this also prevents newly-added tunnels from coming up _unless_ the VT... Jim Pingle
08:40 AM Regression #11910: IPsec status tunnel descriptions are incorrect
It seems this also prevents newly-added tunnels from coming up _unless_ the VTI is disabled. Do we have an ETA on a f... Charles Hamilton
09:04 AM pfSense Packages Bug #12188: client export breaks multi remote configurations
A patch was posted:
https://sourceforge.net/p/openvpn/mailman/openvpn-devel/thread/20210802133127.25000-1-gert%40gre... Pippin MMD
08:15 AM pfSense Packages Bug #12188: client export breaks multi remote configurations
OpenVPN devs were/are aware of this and is currently being looked at.
Maybe a solution is near :)
 Pippin MMD
05:19 AM pfSense Packages Bug #12188 (New): client export breaks multi remote configurations
https://forum.netgate.com/topic/165560/1-2-bug-client-export-openvpn-ras-udp-server
Hi,
as stated in above foru... Jens Groh
07:21 AM Bug #12164 (Pull Request Review): IPv6 policy routing does not work if an IPsec tunnel phase 2 remote network is configured for ``::/0``
Jim Pingle
07:19 AM Bug #11337 (Pull Request Review): Interface column empty in list of GIF tunnels when using IP Alias on CARP VIP as Interface
Jim Pingle
07:17 AM Bug #12026: Applying IPsec settings for many tunnels is slow or times out
Viktor Gurov wrote in #note-6:
> * 2. `ipsec_setup_secrets()` - always writes CRL files, even if there is no PH1 cer... Jim Pingle
07:13 AM Bug #12185 (Rejected): rx and tx queues
This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
07:12 AM Regression #12183: Changing MAC address for PPP parent interface stopped working
That was changed in #11387 to prevent the field from being set on interfaces which don't have MAC addresses.
In yo... Jim Pingle
07:10 AM Regression #12186 (Feedback): <br> tags shown in Status>IPsec
Applied in changeset commit:b751eaa9d062573675689ed3ea4d66a7f1eb405b. Jim Pingle
07:05 AM Feature #4496 (Closed): IPv6 outbound NAT support
Jim Pingle
03:49 AM Feature #4496: IPv6 outbound NAT support
Upon closer inspection, NAT over IPv6 is working.
Cloudflare Warp+ advertises not hiding IP addresses and it does ... Richard Yao
02:17 AM Feature #4496: IPv6 outbound NAT support
Dmitriy K wrote in #note-3:
> afaik, NPt does this, no?
Sadly, NPt does not work for my use case. I have a situation... Richard Yao
 

Also available in: Atom