Activity

30 days up to

User

Subprojects

Activity

From 08/10/2021 to 09/08/2021

09/08/2021

05:30 PM Feature #12349 (Closed): Disks dashboard widget to replace Disk Usage section of System Information widget: Notables:
* Removes disk usage information from System Information widget.
* Collapsible treegrid interface to hier... Christian McDonald
02:26 PM Bug #12079: Kernel panic when running IGMP Proxy: Sleeping thread owns a non-sleepable lock: Per Mateusz, this is still unresolved upstream in FreeBSD, even on HEAD. Moving target ahead. Jim Pingle
02:21 PM Regression #12340: Factory Reset Menu Broken in webConfigurator: Moving to main project since it did end up affecting both CE and Plus.
Excluding from release notes since it was n... Jim Pingle
02:18 PM pfSense Plus Bug #11466 (Feedback): PHP exits with signal 11 on SG-3100 when calling PCRE functions: Per Mateusz, PHP JIT will need to be disabled on the 3100. There is currently no other way around the crash on multi-... Jim Pingle
02:06 PM Regression #11470: Panic when using CBQ traffic shaping: Please see the attached sanitized interfaces/shaper config for a 5100 that has this issue which may help in reproduci... Max Leighton
01:53 PM Revision 5d0c974d: Make ssh PermitRootLogin conditional. Fixes #12346: Jim Pingle
01:01 PM Feature #2668 (Feedback): Support aliases in OpenVPN local/remote/tunnel network fields: PR was already merged. Jim Pingle
01:01 PM Feature #12226 (Feedback): Copy button for group entries in the User Manager: PR was already merged. Jim Pingle
01:00 PM Bug #12225: Group membership field is not needed for remote groups: Moving ahead, cosmetic only and not critical. Jim Pingle
12:58 PM Bug #11891 (Feedback): strongSwan configuration contains incorrect structure for mobile pool DNS records: Referenced PR was merged a few weeks ago. Jim Pingle
12:49 PM Bug #9887: Rule separator positions change when deleting multiple rules: Moving ahead Jim Pingle
11:19 AM Revision dd155b32: IPsec Widget none/disabled tunnels fixes. Issue #12337: Viktor Gurov
10:37 AM Bug #12138: Clicking "logout" on portal page does not function when logout popup is disabled: Jim Pingle wrote in #note-8:
> Federico Capoano wrote in #note-7:
> > I think this issue can be closed.
>
> I'm ... Federico Capoano
09:03 AM Bug #12138: Clicking "logout" on portal page does not function when logout popup is disabled: Federico Capoano wrote in #note-7:
> I think this issue can be closed.
I'm going to leave it open for now and wai... Jim Pingle
10:33 AM Revision df14688b: Group copy fix. Issue #12226: Viktor Gurov
09:05 AM Bug #12346 (Feedback): Deny SSH access for ``admin`` and ``root`` users when the ``admin`` GUI account is disabled: Applied in changeset commit:5d0c974dd7e369cb551aacb5f4587e400141cb7a. Jim Pingle
08:01 AM Bug #12346 (In Progress): Deny SSH access for ``admin`` and ``root`` users when the ``admin`` GUI account is disabled: I could swear there was already a redmine issue for this but I'm not seeing it now.
We can't actually completely d... Jim Pingle
07:56 AM Bug #12347: IPsec widget treats phase 1 in "connecting" state as connected: That's expected at the moment. There isn't going to be fine-grained info on the widget like that. If it showed discon... Jim Pingle
07:41 AM Bug #12347 (Resolved): IPsec widget treats phase 1 in "connecting" state as connected: The IPSec widget will show tunnels connected at P1 when they are still in the connecting state and in fact fail to co... Steve Wheeler
07:13 AM Regression #12337 (Feedback): IPsec widget generates errors if no tunnels are defined: This looks good. It prevents the PHP errors at shows no tunnels are configured. Steve Wheeler

09/07/2021

05:08 PM Bug #12138: Clicking "logout" on portal page does not function when logout popup is disabled: Thanks for letting me know!
I think this issue can be closed.
Is a minor bugfix release (eg: 2.5.3) on the table? Federico Capoano
01:18 PM Bug #12138: Clicking "logout" on portal page does not function when logout popup is disabled: The issue you describe is unrelated to this, I can reproduce that here, I created #12345 to track it since it's a sep... Jim Pingle
04:43 PM Bug #12346 (Closed): Deny SSH access for ``admin`` and ``root`` users when the ``admin`` GUI account is disabled: If the admin user is disabled in the webgui that user can still login via SSH if it's enabled as long as they have ei... Steve Wheeler
03:35 PM Regression #12217 (Feedback): Kernel panic in IPFW when using Captive Portal: Kristof merged the request. Should be in snapshots tomorrow. Jim Pingle
01:28 PM Regression #12217: Kernel panic in IPFW when using Captive Portal: MR with fix from Kristof: https://gitlab.netgate.com/pfSense/FreeBSD-src/-/merge_requests/24 Jim Pingle
09:07 AM Regression #12217: Kernel panic in IPFW when using Captive Portal: Forgot to mention in the previous update but this crash happens when a user logs in, not as early as before. Jim Pingle
07:51 AM Regression #12217 (Confirmed): Kernel panic in IPFW when using Captive Portal: Not sure if the original fix got dropped somehow or if this is new, but the backtrace is slightly different. It's cra... Jim Pingle
03:34 PM Regression #12288: GRE and GIF tunnel inside addresses are missing at the OS level after applying changes on assigned interfaces: Move to next Plus release. Jim Pingle
03:32 PM Bug #12328 (Feedback): IPsec VTI interface remote endpoint is not resolved the correct way: This is OK as-is for the moment, could use more testing but the code I was going to add for this release is in the tree. Jim Pingle
01:17 PM Regression #12345 (Resolved): Captive Portal users cannot get past portal even after successfully logging in: On current snapshots, a user can login to the Captive Portal but after login they are unable to proceed further. HTTP... Jim Pingle
09:14 AM Bug #12344: SMTP Mail notification does not support STARTTLS: MIght consider removing "STARTTLS" from the doc :) Derek Wuelfrath
09:09 AM Bug #12344 (Duplicate): SMTP Mail notification does not support STARTTLS: Duplicate of #8313 Jim Pingle
08:00 AM Bug #12344 (Duplicate): SMTP Mail notification does not support STARTTLS: Mail server is configured to accept STARTTLS. When setting "Secure SMTP Connection", which from the doc should suppor... Derek Wuelfrath
07:41 AM pfSense Packages Bug #12339 (Pull Request Review): SyslogNG PHP errors after starting the service: Jim Pingle
07:41 AM pfSense Packages Bug #12030 (Pull Request Review): Startup Errors for Avahi Package: Jim Pingle
07:37 AM pfSense Plus Bug #12341 (Feedback): Gateway Monitoring Percentage Not Decreasing After Gateway Packet Loss Event: There isn't anything on the page which could do that, it must be your browser cache. Try shift+reload or ctrl+F5 and ... Jim Pingle
07:26 AM Feature #12226 (Pull Request Review): Copy button for group entries in the User Manager: Jim Pingle
07:25 AM Regression #12337 (Pull Request Review): IPsec widget generates errors if no tunnels are defined: Jim Pingle

09/06/2021

07:07 PM Bug #12332: OpenVPN does not clear old Cisco-AVPair anchor rules in some cases: Copying comments here:
# It doesn't look like this takes into account the @duplicate-cn@ option
# The lines with /tm... Marcos M
04:49 PM Bug #12095: Memory leak in pcscd: Just found out where 1.3GiB of my free memory went. Returned to normal as soon as I killed the pcscd. Bug Reporter
01:26 PM Feature #12343 (New): Real time traffic monitoring: Hi,
Sorry if this was already requested, afaik, no.
I think that it would be great, very nice to have some tool to ... Federico Galli
01:19 PM Revision 28cef398: Fix the diag_defaults.php PHP errors, include the required file.: Submitted by: SteveW
Ticket: #12340 Luiz Souza
10:43 AM Bug #12282 (Feedback): Default IPv4 gateway may be set to IPv6 gateway value in certain cases: Merged Viktor Gurov
08:23 AM Regression #12340 (Feedback): Factory Reset Menu Broken in webConfigurator: 2.6 was also affected, but I fixed quickly after I found the problem.
Both cases are fixed.
Luiz Souza

09/05/2021

11:49 AM Regression #12340: Factory Reset Menu Broken in webConfigurator: This corrects it. Tested.
https://gitlab.netgate.com/pfSense/factory/-/merge_requests/22 Steve Wheeler
10:36 AM Regression #12340: Factory Reset Menu Broken in webConfigurator: This same issue was fixed in the console by: https://gitlab.netgate.com/pfSense/factory/-/commit/f8b02f65792ae1e666b1... Steve Wheeler
09:31 AM Regression #12340: Factory Reset Menu Broken in webConfigurator: Confirmed in 21.09. Tested:... Steve Wheeler
09:07 AM Feature #12342 (Resolved): Dynamic DNS client proxy support: Dynamic DNS client does not use System / Advanced / Miscellaneous proxy settings.
`set_curlproxy()` can be used fo... Viktor Gurov
07:40 AM pfSense Packages Bug #12204: Certificate Manager page doesn't show Syslog-NG used certificates: Danilo Zrenjanin wrote in #note-4:
> Tested on the:
> [...]
>
> The Certificate Manager didn't show Syslog-NG u... Viktor Gurov
05:07 AM Regression #11550: Segmentation fault when loading ALTQ traffic shaping rules using FAIRQ: I'm afraid I have to agree with Roman Nik that this bug is still around in 2.5.2-RELEASE.
I just upgraded from 2.4... Brett Keller
03:34 AM Bug #12323 (Feedback): IPsec Phase 2 entry incorrectly orders proposals in AH mode: Merged Viktor Gurov
12:57 AM pfSense Packages Bug #12339: SyslogNG PHP errors after starting the service: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/125 Viktor Gurov
12:43 AM Feature #10615 (Closed): Allow to load kernel from previous release: already realized:
https://github.com/pfsense/pfsense/blob/master/tools/templates/core_pkg/kernel/metadir/%2BDEINSTALL Viktor Gurov
12:39 AM pfSense Packages Bug #12030: Startup Errors for Avahi Package: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/124 Viktor Gurov

09/04/2021

09:34 PM Regression #12340: Factory Reset Menu Broken in webConfigurator: Additionally testing: After the "factory reset" the wizard did not launch. Some components were reset, but not all. Kris Phillips
08:11 PM Regression #12340: Factory Reset Menu Broken in webConfigurator: On further testing it appears it does still complete the factory reset, but it takes significantly longer as it seems... Kris Phillips
08:09 PM Regression #12340 (Closed): Factory Reset Menu Broken in webConfigurator: In the latest Sept 4th build of pfSense Plus 21.09 the Factory Reset menu under Diagnostics --> Factory Reset does no... Kris Phillips
09:27 PM pfSense Plus Bug #12341 (Resolved): Gateway Monitoring Percentage Not Decreasing After Gateway Packet Loss Event: Under Status --> Gateways if a gateway in 21.09 BETA (Sept 4th build) experiences packet loss the packet loss percent... Kris Phillips
09:01 PM pfSense Packages Bug #12030: Startup Errors for Avahi Package: Error is still present in 21.09 BETA. Kris Phillips
06:06 PM Bug #12177 (Resolved): When attempting to delete an in-use alias, input validation only prints the first item using the alias in the error message: fixed
deleting a used alias returns all used rules.
"Cannot delete alias. Currently in use by rule1, rule2, ... Alhusein Zawi
05:04 PM pfSense Docs Todo #12309: Add Light Pattern/Light Meaning for 6100 to Documentation Similar to Other Hardware: Layout of the docs for the 6100 has improved, but we're still missing the light mapping for the front LEDS.
Should... Kris Phillips
03:49 PM pfSense Packages Bug #12204: Certificate Manager page doesn't show Syslog-NG used certificates: Tested on the:... Danilo Zrenjanin
03:47 PM pfSense Packages Bug #12339 (Resolved): SyslogNG PHP errors after starting the service: After starting the SyslogNG service the following PHP errors appear:... Danilo Zrenjanin
03:24 PM Bug #12277 (Resolved): DHCPv6 Server should not offer configuration options for unsupported PPPoE Server interfaces: Tested on the:... Danilo Zrenjanin
03:19 PM Bug #12138: Clicking "logout" on portal page does not function when logout popup is disabled: I have tested the snapshot of today.
I disabled the pop up and I can log out anyway, so that seems to be fixed.
... Federico Capoano
12:14 PM pfSense Packages Bug #12276 (Resolved): Incorrect OSPF/OSPF6 status links: Checked in
2.6.0-DEVELOPMENT (amd64)
built on Sat Sep 04 01:10:11 EDT 2021
FreeBSD 12.2-STABLE
Looks good. The... Max Leighton
12:00 PM Bug #12223 (Resolved): Configuration files are not deleted after disabling an OpenVPN instance: Tested in:
2.6.0-DEVELOPMENT (amd64)
built on Sat Sep 04 01:10:11 EDT 2021
FreeBSD 12.2-STABLE
And:
21.09... Max Leighton
10:28 AM pfSense Packages Feature #8362 (Closed): Snort and Suricata Package - Allow for changing URLs, Ports, and Protocols to allow for local Repo of Signature Updates: Merged Viktor Gurov
10:25 AM pfSense Packages Feature #10425 (Resolved): upgrade ntopng to 4.0.0: pfSense 2.5.2 uses ntopng 4.2 Viktor Gurov
05:58 AM Bug #12332: OpenVPN does not clear old Cisco-AVPair anchor rules in some cases: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/379 Viktor Gurov
04:14 AM Feature #12226: Copy button for group entries in the User Manager: Alhusein Zawi wrote in #note-7:
> "copy group" icon has been added.
>
> after I changed the group name the name o... Viktor Gurov
02:31 AM Bug #12331 (Resolved): Yandex Dynamic DNS client does not set the ``PddToken`` value: works as expected:
https://forum.netgate.com/topic/129352/ddns-%D1%87%D0%B5%D1%80%D0%B5%D0%B7-api-yandex/16
Viktor Gurov
02:28 AM Regression #12337: IPsec widget generates errors if no tunnels are defined: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/377 Viktor Gurov

09/03/2021

08:59 PM pfSense Packages Bug #12338: RRD Summary does not report data on 3100: There are some users on the forum who report that it will begin counting after some time passes, https://forum.netgat... Max Leighton
08:12 PM pfSense Packages Bug #12338 (Resolved): RRD Summary does not report data on 3100: RRD Summary package version 2.0_1 does not report any data on 3100. Upon installing the package, 0 GB is reported on ... Max Leighton
05:56 PM Revision 7c33b323: Use minimized version of treegrid dependency: Christian McDonald
05:54 PM Regression #12337 (Resolved): IPsec widget generates errors if no tunnels are defined: If you click on the 'Tunnels' or 'Mobile' tabs in the widget and have no tunnels defined PHP errors are generated:
... Steve Wheeler
05:41 PM Revision c121b081: Adds missing treegrid dependency: Christian McDonald
04:42 PM Revision f7e2e6e1: Yandex PDD DDNS token fix. Issue #12331: Viktor Gurov
03:39 PM Bug #12331 (Feedback): Yandex Dynamic DNS client does not set the ``PddToken`` value: Merged Viktor Gurov
02:54 PM Revision 2fbccdad: Fix NG 6792: Fix errors copying previous kernel: pfSense-kernel package pre-deinstall script makes a copy of current
running kernel (/boot/kernel) to /boot/kernel.old... Renato Botelho
02:16 PM Feature #12226: Copy button for group entries in the User Manager: "copy group" icon has been added.
after I changed the group name the name of original group will be changed , I... Alhusein Zawi
02:00 PM Revision 0ec0b654: Add boot msgs for final IPsec steps. Issue #12328: Jim Pingle
01:33 PM Bug #12151 (Resolved): ``easyrule`` script does not function properly: Easy rule has been added via shell

[2.6.0-DEVELOPMENT][admin@pfSense.home.arpa]/root: easyrule pass wan icmp 19... Alhusein Zawi
11:58 AM pfSense Packages Bug #12336: Include Extra Data Description Wrong: Jim Pingle wrote in #note-1:
> Just add a comment on the old one, no need for a whole new issue for that. I pushed a... Dustin Henning
11:57 AM pfSense Packages Bug #12336: Include Extra Data Description Wrong: Of course I accidentally submitted this as a bug instead of.a correction. I thought I was in the pfsense docs sectio... Dustin Henning
11:56 AM pfSense Packages Bug #12336 (Rejected): Include Extra Data Description Wrong: Just add a comment on the old one, no need for a whole new issue for that. I pushed a fix already. Jim Pingle
11:55 AM pfSense Packages Bug #12336 (Rejected): Include Extra Data Description Wrong: After correction correction #12334, the explanation for "Include Extra Data" in the *Backup Options* section of https... Dustin Henning
11:58 AM pfSense Docs Correction #12334: Skip RRD Data Description Wrong: Fixed a typo in the "Include extra data" section as well (said "checked" when it should have been "unchecked"). Jim Pingle
11:21 AM pfSense Docs Correction #12334 (Closed): Skip RRD Data Description Wrong: I fixed and also rewrote the wording on the page for all the options. The previous wording wasn't very clear on a few... Jim Pingle
11:19 AM pfSense Docs Correction #12334 (In Progress): Skip RRD Data Description Wrong: Jim Pingle
08:29 AM pfSense Docs Correction #12334 (Closed): Skip RRD Data Description Wrong: On https://docs.netgate.com/pfsense/en/latest/backup/configuration.html in the *Backup Options* section, the explanat... Dustin Henning
10:46 AM Regression #12324: Hash algorithm GUI options are disabled after switching a phase 2 entry to AH mode: Updating subject for release notes. Jim Pingle
09:04 AM Bug #12328: IPsec VTI interface remote endpoint is not resolved the correct way: I moved the longer term issue over to #12335 Jim Pingle
08:47 AM Bug #12328: IPsec VTI interface remote endpoint is not resolved the correct way: Need to think on this a little more since I'm seeing quite a bit of inefficiency, such as:
At the end of @rc.bootu... Jim Pingle
08:05 AM Bug #12328 (In Progress): IPsec VTI interface remote endpoint is not resolved the correct way: Still a potential issue here.
At the end of @rc.bootup@ another @ipsec_configure()@ is run but the boot flag is cl... Jim Pingle
09:04 AM Bug #12335 (New): IPsec DNS inefficiency: Various aspects of configuring IPsec are inefficiently using DNS. There is a lot of room for improvement here.
For... Jim Pingle
06:16 AM Bug #11268: Cookie named ``id`` prevents some forms from being loaded or saved properly: I've realised that the `id` entry in the session cookie is overriding the `?id=` URL parameter. E.g. setting it to 0... Matthew Fearnley

09/02/2021

06:46 PM Revision e9705a77: Use correct var f/OpenVPN IPv6 ACL. Fixes #12333: Fix variable name when referencing an OpenVPN IPv6 tunnel network while
creating a DNS Resolver ACL entry.
While her... Jim Pingle
06:04 PM Revision f8b02f65: Fix the option 4 in menu, factory reset.: Luiz Souza
02:08 PM Regression #12333: DNS resolver using incorrect variable name when making ACL for OpenVPN IPv6 Tunnel Network: This was apparently a recent regression from changes made in #2668. Excluding from release notes since it was not a p... Jim Pingle
01:55 PM Regression #12333 (Feedback): DNS resolver using incorrect variable name when making ACL for OpenVPN IPv6 Tunnel Network: Applied in changeset commit:e9705a77d3cca7e7a6868b4f2829ac1e5c7a0e0e. Jim Pingle
01:41 PM Regression #12333 (Resolved): DNS resolver using incorrect variable name when making ACL for OpenVPN IPv6 Tunnel Network: When creating the automatic list of @access-control.conf@ entries for the DNS Resolver, the block of code which proce... Jim Pingle
01:32 PM Bug #12331 (Pull Request Review): Yandex Dynamic DNS client does not set the ``PddToken`` value: Jim Pingle
10:49 AM Bug #12331: Yandex Dynamic DNS client does not set the ``PddToken`` value: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/369 Viktor Gurov
10:47 AM Bug #12331 (Resolved): Yandex Dynamic DNS client does not set the ``PddToken`` value: ... Viktor Gurov
01:18 PM Bug #12328: IPsec VTI interface remote endpoint is not resolved the correct way: The test config I used has a total of 20 tunnels, 5 of the 20 are VTI, and 1 of those 5 is using a hostname. Of the o... Jim Pingle
07:25 AM Bug #12328: IPsec VTI interface remote endpoint is not resolved the correct way: Applied in changeset commit:7f0d57f46cec27547b2745b87d24ebe0755ee16e. Jim Pingle
07:19 AM Bug #12328 (Feedback): IPsec VTI interface remote endpoint is not resolved the correct way: Merged. Jim Pingle
12:12 PM Revision 7f0d57f4: Correctly resolve VTI remote addr. Fixes #12328: Use ipsec_get_phase1_dst() to resolve an IPsec P1 remote gateway
address rather than passing an FQDN directly to ifco... Jim Pingle
10:56 AM Bug #11699: OpenVPN does not clean up parsed ``Cisco-AVPair`` rules on non-graceful disconnect: Moved possibly related issue to #12332 Marcos M
10:55 AM Bug #12332: OpenVPN does not clear old Cisco-AVPair anchor rules in some cases: It's possible this is related to #11699 Marcos M
10:55 AM Bug #12332 (Resolved): OpenVPN does not clear old Cisco-AVPair anchor rules in some cases: After some time, there exists anchor rules for old users no longer connected which is causing unintended rule matchin... Marcos M
10:02 AM pfSense Packages Bug #12330: pfBlockerNG devel creating invalid NAT rules on boot: https://github.com/pfsense/FreeBSD-ports/pull/1105 Viktor Gurov
05:28 AM pfSense Packages Bug #12330 (Resolved): pfBlockerNG devel creating invalid NAT rules on boot: There were error(s) loading the rules: /tmp/rules.debug:309: could not parse host specification - The line in questio... Sietse van Zanen
09:33 AM Revision 775e9055: Adds the TreeGrid plugin for jQuery to the pfSense UI stack.(https://github.com/maxazan/jquery-treegrid): Christian McDonald

09/01/2021

05:25 PM Revision 40d3c9da: Adds the TreeGrid plugin for jQuery to the pfSense UI stack.(https://github.com/maxazan/jquery-treegrid): Christian McDonald
04:39 PM pfSense Packages Feature #12329: Add optional floating firewall rules for IPv4 and IPv6: Update to the original description, the destination for IPv4 would be better if it were set to a single address `224.... Offstage Roller
02:51 PM pfSense Packages Feature #12329 (New): Add optional floating firewall rules for IPv4 and IPv6: See this thread for reference:
https://forum.netgate.com/topic/166210/fe80-16-not-included-in-interface-networks
... Offstage Roller
03:11 PM Bug #12328 (Pull Request Review): IPsec VTI interface remote endpoint is not resolved the correct way: MR: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/367 Jim Pingle
02:37 PM Bug #12328 (Resolved): IPsec VTI interface remote endpoint is not resolved the correct way: In @interface_ipsec_vti_configure()@, the remote end of an IPsec VTI interface is not resolved the correct way (e.g. ... Jim Pingle
01:31 PM Revision d582c5be: IPsec PH2 AH proposals order fix. Issue #12323: Viktor Gurov
01:30 PM Revision 1dc88635: Do not disable hash algorithms checkboxes in AH mode. Fixes #12324: Viktor Gurov
12:46 PM Bug #12219 (Resolved): Prevent using OpenVPN "Inactive" option with point-to-point modes: Works as expected on current snapshot. Jim Pingle
12:46 PM Bug #12102 (Resolved): Prevent using OpenVPN "Exit Notify" option with point-to-point modes: Works as expected on current snapshot. Jim Pingle
12:31 PM Revision 0794cb84: Ticket #12151: Pacify PHP lint using static string: Renato Botelho
12:00 PM Bug #12327 (Not a Bug): PHP Error using CRL with intermediate CA: That isn't our code but a library we include (php74-openssl_x509_crl-1.3 ) -- you could report it upstream at https:/... Jim Pingle
11:38 AM Bug #12327 (Not a Bug): PHP Error using CRL with intermediate CA: Hi,
My CA is composed by intermediate + RootCA. When I try to revoke a cert it raises a PHP error like the followi... Asier Carreño
11:08 AM pfSense Packages Bug #11742: Blocking / Unblocking is not working correctly.: The Interface Settings page doesn't clear the @snort2c@ table after disabling Blocking mode,
and there is no special... Viktor Gurov
08:57 AM Regression #12229 (Resolved): Revision 0d3747aa - missing semicolons: Resolved Viktor Gurov
08:40 AM Regression #12324 (Feedback): Hash algorithm GUI options are disabled after switching a phase 2 entry to AH mode: Applied in changeset commit:1dc88635b5c3c82d8af220102ee8512456077de9. Viktor Gurov
08:05 AM Regression #12324 (Pull Request Review): Hash algorithm GUI options are disabled after switching a phase 2 entry to AH mode: Jim Pingle
02:12 AM Regression #12324: Hash algorithm GUI options are disabled after switching a phase 2 entry to AH mode: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/363 Viktor Gurov
12:40 AM Regression #12324 (Resolved): Hash algorithm GUI options are disabled after switching a phase 2 entry to AH mode: How to reproduce:
1. Switch IPsec PH2 mode to AH and select any hash algorithms
2. Save
3. Open IPsec PH2 entry ... Viktor Gurov
08:06 AM Bug #12323 (Pull Request Review): IPsec Phase 2 entry incorrectly orders proposals in AH mode: Jim Pingle
03:34 AM Bug #12323: IPsec Phase 2 entry incorrectly orders proposals in AH mode: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/364 Viktor Gurov
12:36 AM Bug #12323 (Resolved): IPsec Phase 2 entry incorrectly orders proposals in AH mode: If you select all hashing algorithms in AH mode, it sets the MD5 cipher to the first place of ah_proposals:... Viktor Gurov
08:03 AM pfSense Docs Todo #12326 (Closed): Change the latest pfSense Plus version number to 21.05.1: That MR URL came up 404 for me and didn't show in the source repository either.
I fixed it manually & deployed: ht... Jim Pingle
05:09 AM pfSense Docs Todo #12326: Change the latest pfSense Plus version number to 21.05.1: https://gitlab.netgate.com/viktor/pfsense-platforms/-/merge_requests/1 Viktor Gurov
04:55 AM pfSense Docs Todo #12326 (Closed): Change the latest pfSense Plus version number to 21.05.1: replace 21.05 -> 21.05.1 on
https://docs.netgate.com/pfsense/en/latest/solutions/ Viktor Gurov
07:56 AM Feature #12325 (Pull Request Review): IPv6 support for base system SNMP service: Jim Pingle
07:42 AM Feature #12325: IPv6 support for base system SNMP service: https://docs.netgate.com/pfsense/en/latest/services/snmp.html should be updated after this MR is merged Viktor Gurov
07:11 AM Feature #12325: IPv6 support for base system SNMP service: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/365 Viktor Gurov
04:36 AM Feature #12325 (Resolved): IPv6 support for base system SNMP service: IPv6 transport for bsnmpd works on the latest snapshots.
config entry:... Viktor Gurov
01:51 AM Feature #5922 (New): SNMP - enable SNMP v3 functionality: SNMPv3 can be added to bsnmpd config,
see https://lists.freebsd.org/pipermail/freebsd-current/2014-April/049343.html... Viktor Gurov
12:51 AM pfSense Packages Bug #10693: pfSense Bind Zone Editor UI does not update zone serial number when a change is made: I have BIND version 9.16-11 package and pfSense version 2.5.2. Serial number not changing on Save zone. Andrzej Milewski

08/31/2021

06:03 PM Revision 0a70f90a: OpenVPN exit notify & inactive incompatibilities: * Ignore exit notify in problematic cases. Fixes #12102
* Ignore inactive seconds in problematic cases. Fixes #12219
... Jim Pingle
03:42 PM Bug #12315: IPsec tunnels using a gateway group do not get reloaded in some cases: There are other cases in which the tunnel may not get re-established ( e.g. #12169 ) which are separate from this iss... Marcos M
03:07 PM Bug #12315: IPsec tunnels using a gateway group do not get reloaded in some cases: Jim Pingle wrote in #note-5:
> Viktor Gurov wrote in #note-4:
> > related issue - #6370 (duplicate?)
>
> It's po... Hagen Herrschaft
07:37 AM Bug #12315: IPsec tunnels using a gateway group do not get reloaded in some cases: Viktor Gurov wrote in #note-4:
> related issue - #6370 (duplicate?)
It's possibly related but I wouldn't say it's... Jim Pingle
02:22 PM Todo #12314: Convert help shortcut links to server-side redirects: Updating subject for release notes Jim Pingle
02:20 PM Bug #12219 (Feedback): Prevent using OpenVPN "Inactive" option with point-to-point modes: Applied in changeset commit:0a70f90aff9cc2fc7fc5f5dc551a708ee349ea07. Jim Pingle
01:18 PM Bug #12219 (Pull Request Review): Prevent using OpenVPN "Inactive" option with point-to-point modes: MR: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/362 Jim Pingle
02:20 PM Bug #12102 (Feedback): Prevent using OpenVPN "Exit Notify" option with point-to-point modes: Applied in changeset commit:0a70f90aff9cc2fc7fc5f5dc551a708ee349ea07. Jim Pingle
01:18 PM Bug #12102 (Pull Request Review): Prevent using OpenVPN "Exit Notify" option with point-to-point modes: MR: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/362 Jim Pingle
02:09 PM Revision 83314732: Cleanup and improve easyrule. Fixes #12151: Viktor Gurov
11:57 AM pfSense Packages Bug #12322: Suricata creates invalid HOME_NET entries: fix:
https://github.com/pfsense/FreeBSD-ports/pull/1104 Viktor Gurov
11:54 AM pfSense Packages Bug #12322 (Resolved): Suricata creates invalid HOME_NET entries: In some cases Suricata creates invalid ("Array()") entries in the HOME_NET variable on boot:... Viktor Gurov
11:54 AM Bug #12319 (Pull Request Review): NAT reflection does not work for IPv6 port forwarding rules when configured for NAT+Proxy mode: Jim Pingle
09:51 AM Bug #12319: NAT reflection does not work for IPv6 port forwarding rules when configured for NAT+Proxy mode: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/361 Viktor Gurov
07:54 AM Bug #12319: NAT reflection does not work for IPv6 port forwarding rules when configured for NAT+Proxy mode: I'm not sure we should even try supporting that mode for IPv6, it's bad enough for IPv4.
I'm inclined to have the ... Jim Pingle
07:51 AM Bug #12319 (Resolved): NAT reflection does not work for IPv6 port forwarding rules when configured for NAT+Proxy mode: Invalid rules created:... Viktor Gurov
11:50 AM Bug #8390 (Pull Request Review): Input validation does not prevent removing a gateway used by a DNS server: Jim Pingle
10:53 AM Feature #12321 (Resolved): Pop-up window to view firewall rules generated from RADIUS ACL entries on the OpenVPN status page: It would be useful to see RADIUS ACL generated rules in pop-up "modal" window by clicking on the "info" icon
like Su... Viktor Gurov
09:56 AM Bug #12259: Intel em NICs Suffering Performance Degradation on FreeBSD12: This is an issue with the following NICs:... Marcos M
09:55 AM Revision e71b27cd: Restart OpenVPN instances on Host and URL type aliases change. Issue #2668: Viktor Gurov
09:27 AM pfSense Docs Correction #12312 (Closed): Correct Image Name for Netgate 6100 Reinstall Documentation: Fixed Viktor Gurov
09:20 AM Bug #12151 (Feedback): ``easyrule`` script does not function properly: Applied in changeset commit:83314732b4df7be3ab614d99563481d3f3b6bf25. Viktor Gurov
05:36 AM Bug #12151: ``easyrule`` script does not function properly: improved fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/359 Viktor Gurov
08:07 AM Feature #9857: IPsec Down/Up SMTP Notifications: Yes Jim, optional always good, but then alerts about gateway state changes could be optional as well :). I mean that ... DRago_Angel [InV@DER]
07:41 AM Feature #9857: IPsec Down/Up SMTP Notifications: If we do add that, it should be optional (perhaps both global and a per-P2 checkbox) and default to off. That will be... Jim Pingle
07:50 AM Feature #12318 (Pull Request Review): Display default "Reflection Timeout" value on ``system_advanced_firewall.php``: Jim Pingle
07:44 AM Feature #12318: Display default "Reflection Timeout" value on ``system_advanced_firewall.php``: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/360 Viktor Gurov
07:39 AM Feature #12318 (Resolved): Display default "Reflection Timeout" value on ``system_advanced_firewall.php``: Display default Reflection Timeout value on system_advanced_firewall.php page
Default is 2000:
https://github.com... Viktor Gurov
07:43 AM Feature #2668 (Pull Request Review): Support aliases in OpenVPN local/remote/tunnel network fields: Jim Pingle
04:56 AM Feature #2668: Support aliases in OpenVPN local/remote/tunnel network fields: minor fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/358 Viktor Gurov
07:43 AM Feature #12316 (Pull Request Review): Include firewall rules generated from OpenVPN RADIUS ACL entries in status output: Jim Pingle
07:38 AM Bug #6370: IPSEC bound to WAN gateway group and Dynamic DNS doesn't to fail back tunnel to WAN on DDNS update: This may be fixed by #12315 -- please re-test on a current Plus 21.09 or CE 2.6.0 snapshot. Jim Pingle
07:35 AM pfSense Packages Feature #11130 (Pull Request Review): FRR RIP support: Jim Pingle
07:28 AM pfSense Packages Feature #12246 (Pull Request Review): Load a file into patch textarea: Jim Pingle

08/30/2021

09:02 PM Revision 4b8d710c: OpenVPN Aliases support. Implements #2668: Viktor Gurov
07:39 PM Revision e7d8f036: Revert "Ticket #12235: pfSense-rc: Save pkg_set_version": This reverts commit 340c9ab1d1eb1b959dc2292872866bca7e123665. Renato Botelho
07:19 PM Revision 340c9ab1: Ticket #12235: pfSense-rc: Save pkg_set_version: Instead of carry the old file pkg_set_version on pfSense-upgrade, which
is not rebuilt when we change product version... Renato Botelho
06:19 PM Revision 336103c4: Consider GWG in ipsec_force_reload. Fixes #12315: Jim Pingle
04:54 PM pfSense Packages Todo #12317: Suricata UI improvements: + @ftp-data@ app parser
https://github.com/pfsense/FreeBSD-ports/pull/1103 Viktor Gurov
04:53 PM pfSense Packages Todo #12317 (Resolved): Suricata UI improvements: Fixed: Incorrect entries sort order on the FILES page
Added: Link to Snort Rule Doc for "snort_*" rules on the suric... Viktor Gurov
04:16 PM Todo #12235 (Feedback): ``pfSense-upgrade`` should reinstall all packages on new version upgrades: Fixed moving control file to be installed by pfSense-repo package Renato Botelho
01:25 PM Todo #12235 (In Progress): ``pfSense-upgrade`` should reinstall all packages on new version upgrades: I found a bug on current implementation because control file is installed by pfSense-upgrade and it is not rebuilt wh... Renato Botelho
04:15 PM Feature #2668 (Feedback): Support aliases in OpenVPN local/remote/tunnel network fields: Applied in changeset commit:4b8d710c06b2cea101a3751e8e5d7fd3e657532d. Viktor Gurov
04:01 PM Feature #12316: Include firewall rules generated from OpenVPN RADIUS ACL entries in status output: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/357 Viktor Gurov
03:58 PM Feature #12316 (Resolved): Include firewall rules generated from OpenVPN RADIUS ACL entries in status output: I would be useful for troubleshooting to check the RADIUS ACL generated rules for OpenVPN clients Viktor Gurov
03:55 PM Feature #9857: IPsec Down/Up SMTP Notifications: @updown@ script can be used to implement this feature
see https://wiki.strongswan.org/issues/3604
and https://wiki.... Viktor Gurov
03:53 PM Bug #12315: IPsec tunnels using a gateway group do not get reloaded in some cases: related issue - #6370 (duplicate?) Viktor Gurov
01:25 PM Bug #12315 (Feedback): IPsec tunnels using a gateway group do not get reloaded in some cases: Applied in changeset commit:336103c470c1064ee2264606ef9046ba34987df6. Jim Pingle
01:21 PM Bug #12315 (Confirmed): IPsec tunnels using a gateway group do not get reloaded in some cases: Was able to reproduce it easily just by setting an IPsec tunnel to a gateway group and running the function. Fix inco... Jim Pingle
12:01 PM Bug #12315 (Resolved): IPsec tunnels using a gateway group do not get reloaded in some cases: When @ipsec_force_reload($interface)@ is called, for example by @/etc/rc.newwanip@, it only looks for tunnels which s... Jim Pingle
03:51 PM pfSense Packages Feature #11130: FRR RIP support: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/123 Viktor Gurov
03:50 PM pfSense Packages Feature #12246: Load a file into patch textarea: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/122 Viktor Gurov
03:28 PM Bug #12102 (In Progress): Prevent using OpenVPN "Exit Notify" option with point-to-point modes: Jim Pingle
03:28 PM Bug #12219 (In Progress): Prevent using OpenVPN "Inactive" option with point-to-point modes: Jim Pingle
02:50 PM Revision 0f2df9bb: Move help redirects to server. Implements #12314: Redirect mappings are already in place on the docs web server. Jim Pingle
12:32 PM Bug #7815 (Closed): IPSec MSS Clamping is matching traffic not related to IPSec: This is addressed by https://redmine.pfsense.org/issues/7801 which separates mss clamping between VPN and other netwo... Marcos M
11:32 AM Bug #12310: WAN drop crashes OpenVPN, doesn't restart: Jim Pingle wrote in #note-2:
> I can't reproduce this here, there must be some other aspect of your configuration or... b b
07:29 AM Bug #12310 (Not a Bug): WAN drop crashes OpenVPN, doesn't restart: I can't reproduce this here, there must be some other aspect of your configuration or environment contributing to the... Jim Pingle
10:00 AM Todo #12314 (Feedback): Convert help shortcut links to server-side redirects: Applied in changeset commit:0f2df9bb9f781c0699a40681538e03515e915c7b. Jim Pingle
09:32 AM Todo #12314 (Resolved): Convert help shortcut links to server-side redirects: Currently all of the help page redirects reside in @/usr/local/www/help.php@ and if a new page is added between relea... Jim Pingle
09:42 AM Bug #12262 (Resolved): IPsec phase 1 entry with ``0.0.0.0`` as its remote gateway does not receive correct automatic firewall rules: Yes, the ESP rule is also there.... Marcos M
07:35 AM Bug #12262 (New): IPsec phase 1 entry with ``0.0.0.0`` as its remote gateway does not receive correct automatic firewall rules: I don't see the "inbound esp proto" rule in that file, only "inbound isakmp" and "inbound nat-t" so it appears to be ... Jim Pingle
08:09 AM Todo #12313: Upgrade OpenSSL to 1.1.1l: For things in the ports tree that get tracked in different ways it makes sense to have them noted that way, but for b... Jim Pingle
08:06 AM Todo #12313: Upgrade OpenSSL to 1.1.1l: I know the flow, I was curious about this fixes from upstream will be applied as they are high risk one. Also I saw a... DRago_Angel [InV@DER]
07:52 AM Todo #12313 (Closed): Upgrade OpenSSL to 1.1.1l: We pull in patches for those types of issues from FreeBSD directly as a part of the base system, which doesn't always... Jim Pingle
07:32 AM pfSense Docs Todo #12311 (Rejected): Feedback on pfSense Configuration Recipes — Using Software from FreeBSD: We don't plan on encouraging that practice so we aren't adding more details to the docs. Quite a few users have broke... Jim Pingle

08/29/2021

12:09 PM Bug #7801 (Pull Request Review): UDP fragments received over IPsec tunnel are not properly reassembled and forwarded: The following merge request addresses the two issues outlined in my previous comment:
https://gitlab.netgate.com/pfS... Marcos M
04:29 AM Todo #12313 (Closed): Upgrade OpenSSL to 1.1.1l: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3712
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021... DRago_Angel [InV@DER]

08/28/2021

06:39 PM Regression #12021: NoIP.com incorrectly encodes Dynamic DNS update credentials: This seems to cause 504 Gateway Timeouts in the webConfigurator, but still works on 21.05.1. Kris Phillips
03:02 PM Bug #12212 (Resolved): Disabled IPsec VTI interfaces are always created: fixed
ifconfig output does not show VTI interface if PH2 VTIs is disabled
2.6.0.a.20210828.0100
Alhusein Zawi
01:02 PM Bug #12262: IPsec phase 1 entry with ``0.0.0.0`` as its remote gateway does not receive correct automatic firewall rules: > Is that what you expected to see?
>
> There should also be an ESP rule in addition to those two, is it present... Alhusein Zawi
11:49 AM pfSense Docs Correction #12312 (Closed): Correct Image Name for Netgate 6100 Reinstall Documentation: Documentation here: https://docs.netgate.com/pfsense/en/latest/solutions/netgate-6100/reinstall-pfsense.html
It st... Kris Phillips
11:16 AM Regression #12172 (Resolved): OpenVPN Wizard configuration missing recently added default values: Looks good now. Marcos M
08:45 AM pfSense Docs Todo #12311 (Rejected): Feedback on pfSense Configuration Recipes — Using Software from FreeBSD: *Page:* https://docs.netgate.com/pfsense/en/latest/recipes/freebsd-pkg-repo.html
*Feedback:*
This applies to PFse... paul vrdsp0

08/27/2021

10:02 PM Bug #12038: System attempts to start inactive services at boot: That does not and is not supposed to disable them. It stops them temporarily. That's working as intended. Jim Pingle
07:56 PM Bug #12038: System attempts to start inactive services at boot: disabled services will be enabled after rebooting
I disabled DNS Resolver and IPsec VPN services from Status>Servic... Alhusein Zawi
09:53 PM Revision 1394773d: Rename a few missing Netgate devices.: Super Micro XG-1537 -> Super Micro 1537
Super Micro XG-1541 -> Super Micro 1541 Luiz Souza
04:24 PM Bug #12310: WAN drop crashes OpenVPN, doesn't restart: (I forgot to note that, of course, I replugged the cable after OpenVPN crashed, and the WAN interface properly got a ... b b
04:21 PM Bug #12310 (Not a Bug): WAN drop crashes OpenVPN, doesn't restart: Under pfSense CE 2.50, with an active OpenVPN tunnel to my ISP's VPN, unplugging the WAN cable crashes the OpenVPN cl... b b
12:49 PM Revision 2c393b55: Add null check. Fixes #9092: If the value is undefined in config.xml this will be null, not an empty
string. Jim Pingle
11:42 AM pfSense Docs Todo #12309 (Closed): Add Light Pattern/Light Meaning for 6100 to Documentation Similar to Other Hardware: The Netgate 6100 docs has nothing documented regarding the light pattern on the face of the unit like other appliance... Kris Phillips
10:26 AM Bug #4418: IPsec mobile clients - bogus "p" appended to search domain: This Problem still exists as I ran into it since the last week.
v2.5.2-RELEASE
No difference if the unity plugi... R. St
09:19 AM Todo #12265: Improve uses of ``grep`` which utilize user-supplied patterns: Updating subject for release notes. Jim Pingle
07:55 AM Feature #9092 (Feedback): Option to set interval of forced Dynamic DNS updates: Applied in changeset commit:2c393b5581d0818ada0187b2af15debf0f95c118. Jim Pingle
07:44 AM Feature #9092 (New): Option to set interval of forced Dynamic DNS updates: This appears to have introduced a bug. Any time the Dynamic DNS update process is triggered, it forces an update:
... Jim Pingle
07:20 AM Bug #12095: Memory leak in pcscd: Charles Ng wrote in #note-11:
> I see the same log spam as described in https://redmine.pfsense.org/issues/12095#not... Jim Pingle
12:51 AM pfSense Packages Feature #12308 (New): Dynamicaly Update Firewall Aliases from OpenVPN LDAP Group membership of the connected user: I would like to propose a feature of dynamically update firewall aliases tables when a users connects to the openvpn ... Dimitris Frnty

08/26/2021

11:09 PM Bug #12095: Memory leak in pcscd: I see the same log spam as described in https://redmine.pfsense.org/issues/12095#note-4 if pcscd is stopped.
The l... Charles Ng
07:12 AM Bug #12095: Memory leak in pcscd: Uwe Dippel wrote in #note-9:
> Same-same. 7 days of uptime, over night it ramped up and killed DNS ('no space left')... Jim Pingle
06:32 AM Bug #12095: Memory leak in pcscd: Same-same. 7 days of uptime, over night it ramped up and killed DNS ('no space left'). 2.5.2-RELEASE (amd64) clean in... Uwe Dippel
03:38 PM Revision 0ef2ff26: Fix a typo in the Netgate 5100 name.: Luiz Souza
03:21 PM Revision df945787: Rename the Netgate devices.: XG-15xx -> 15xx
SG-5100 -> Netgate-5100 Luiz Souza
01:03 PM Revision fe72327b: Revert "Clean up some messy HTML in the cert/ca display code. Prep for future MVC changes.": This reverts commit 8d4fcd7ac1167894136e337fc619e63fa7200fa0. Jim Pingle
12:32 PM Bug #12307 (Resolved): Update cURL to address vulnerabilities in 7.76.1 in CE: Already done, on @pfSense-2.6.0.a.20210824.0500@:... Jim Pingle
11:53 AM Bug #12307 (Resolved): Update cURL to address vulnerabilities in 7.76.1 in CE: The version of cURL is 2.5.2 CE is vulnerable to multiple security issues.
See vulnerabilities here:
https://cu... Kris Phillips
12:29 PM Feature #10587: UPnP/NAT-PMP STUN configuration options: Updating subject for release notes. Jim Pingle
12:26 PM Regression #12048: Error during XMLRPC synchronization due to changes in ``pear-HTTP_Request2``: Updating subject, but also excluding from release notes since this was never a problem in a release.
Jim Pingle
12:22 PM Regression #12239: Interfaces page does not show Wireless EAP client options: Updating subject for release notes. Jim Pingle
12:21 PM Regression #12234: Wireless Channel/Width Issues with GUI: Regressed and fixed during development, not in any release. Jim Pingle
12:19 PM Bug #12247: Viewing an AutoConfigBackup entry takes approximately 60 seconds to completely load: Updating subject for release notes. Jim Pingle
12:17 PM Regression #12245: Input validation error in system.php: Was a regression introduced after the last release and was never in a release, thus excluding from release notes. Jim Pingle
12:17 PM Bug #12134: Typo in crash reporter page: Updating subject, also excluding from release notes as it's only a text typo. Jim Pingle
12:15 PM Bug #12050: "GoTo line #" function does not work on ``diag_edit.php``: Updating subject for release notes. Jim Pingle
12:13 PM Bug #12049: Input validation incorrectly rejects a second IPv4-only GRE tunnel: Updating subject for release notes. Jim Pingle
12:11 PM Bug #12000: Remote log server input validation allows invalid values: Updating subject for release notes. Jim Pingle
12:10 PM Todo #11507: Update font formats to WOFF2: Updating subject for release notes. Jim Pingle
12:08 PM Todo #12235: ``pfSense-upgrade`` should reinstall all packages on new version upgrades: Updating subject for release notes. Jim Pingle
12:07 PM Bug #12038: System attempts to start inactive services at boot: Updating subject for release notes. Jim Pingle
12:07 PM Bug #12001: System attempts to stop inactive services at shutdown: Updating subject for release notes. Jim Pingle
12:04 PM Bug #12272: Duplicating a Port Forward does not copy "Filter Rule Association" values of "None" or "Pass": Updating subject for release notes. Jim Pingle
12:03 PM Regression #12233: VIP network addresses are not expanded on Port Forward rules: Updating subject for release notes. Jim Pingle
12:02 PM Bug #12174: Firewall rule tabs load slowly when many rules on the tab utilize gateways: Updating subject for release notes. Jim Pingle
12:01 PM Bug #12168: 1:1 NAT rule with internal IP address of "Any" results in an invalid firewall rule: Updating subject for release notes. Jim Pingle
11:59 AM Bug #12164: IPv6 policy routing does not work if an IPsec tunnel phase 2 remote network is configured for ``::/0``: Updating subject for release notes. Jim Pingle
11:55 AM Regression #12110: PHP error in firewall_nat.inc on line 329: Not a problem in a release. Jim Pingle
11:54 AM Bug #11923: Input validation not working for 1:1 NAT entries using an alias as a destination: Updating subject for release notes. Jim Pingle
11:53 AM Feature #11439: IPv6 support in ``easyrule`` CLI script: Updating subject for release notes. Jim Pingle
11:52 AM Feature #9297: Graph for hardware temperature readings: Updating subject for release notes. Jim Pingle
11:51 AM Bug #12105: Packages are not automatically reinstalled when restoring configuration using the installer: Updating subject for release notes. Jim Pingle
11:45 AM Regression #12111: Crash report message displayed on dashboard. flock() expects parameter 1 to be resource, null given in /etc/inc/util.inc on line 166: Not a problem in a previous release. Jim Pingle
11:44 AM Feature #9877: QEMU Guest Agent: Excluding from release notes since it's only being built and there is no package for it yet. Jim Pingle
10:56 AM Bug #12020: OpenVPN RADIUS-based firewall rules use incorrect port ranges: Updating subject for release notes. Jim Pingle
10:54 AM Bug #12238: OpenVPN client connect/disconnect scripts are not used in Remote Access (SSL/TLS) mode: Updating subject for release notes. Jim Pingle
10:53 AM Bug #12232: OpenVPN status incorrect for TAP servers without a defined tunnel network: Updating subject for release notes. Jim Pingle
10:52 AM Todo #12218: Move "Description" option on OpenVPN server and client pages to top of the page, show internal instance ID: Updating subject for release notes. Jim Pingle
10:52 AM Bug #12192: OpenVPN does not clean up previous CA and CRL files: Updating subject for release notes. Jim Pingle
10:51 AM Regression #12172: OpenVPN Wizard configuration missing recently added default values: Updating subject for release notes. Jim Pingle
10:49 AM Bug #12076: OpenVPN RADIUS-based firewall rules do not use expected value for RADIUS-assigned IP addresses: Updating subject for release notes. Jim Pingle
10:47 AM Bug #11999: OpenVPN IPv6 tunnel network is not validated properly: Updating subject for release notes. Jim Pingle
10:47 AM Regression #11938: DNS Resolver does not add PTR record for OpenVPN clients: Updating subject for release notes. Jim Pingle
10:46 AM Feature #11935: Log external IP address of OpenVPN clients on connect and disconnect: Updating subject for release notes. Jim Pingle
10:41 AM Feature #11865: Option to validate OpenVPN peer TLS certificate key usage: Updating subject for release notes. Jim Pingle
10:38 AM Bug #11675: VLAN and QinQ edit pages allows selecting incompatible OpenVPN ``tun`` interfaces: Updating subject for release notes. Jim Pingle
10:35 AM Feature #12109: Option to suppress expiration notifications for revoked certificates: Updating subject for release notes. Jim Pingle
10:33 AM Bug #11701: Missing global ``$g`` declaration in ``config.lib.inc`` function ``pfSense_clear_globals()``: Updating subject for release notes. Jim Pingle
10:28 AM Feature #12213: Support SHA-256 hash NTP authentication: Updating subject for release notes. Jim Pingle
10:27 AM Feature #12118: Create a log entry when a configuration change occurs: Updating subject for release notes. Jim Pingle
10:25 AM Feature #12011: Disable log compression on new installations when ``/var/log`` is a ZFS dataset with compression enabled: Updating subject for release notes. Jim Pingle
10:23 AM Bug #9058: Kernel panic during L2TP retransmit: Updating subject for release notes. Jim Pingle
10:22 AM Bug #12253: IPv6 gateway for an interface is not shown on ``status_interfaces.php`` if the interface does not also have an IPv4 gateway: Updating subject for release notes. Jim Pingle
10:21 AM Bug #12252: IPv6 DNS servers from dynamic sources are not listed on ``status_interfaces.php``: Updating subject for release notes. Jim Pingle
10:20 AM Bug #12002: Boot messages contain entries about configuring LAGG/VLAN/QinQ interfaces even when no entries of those types are configured: Updating subject for release notes. Jim Pingle
10:18 AM Bug #11926: Advanced DHCP client configuration "Protocol timing" help text is in the wrong location: Updating subject for release notes. Jim Pingle
10:15 AM Regression #12100: Recent 2.6.0 development installers don't actually install: Regression introduced and fixed during development between releases. No need to include it in release notes. Jim Pingle
10:12 AM Bug #12159: "Default preferred lifetime" router advertisement validation check uses incorrect variable: Updating subject for release notes. Jim Pingle
08:43 AM Bug #12159: "Default preferred lifetime" router advertisement validation check uses incorrect variable: Updating subject for release notes. Jim Pingle
10:09 AM Todo #12289: Update "IPsec Filter Mode" option values and help text to reflect that VTI mode also helps transport mode (e.g. GRE): Updating subject for release notes. Jim Pingle
10:07 AM Bug #12023: Mobile IPsec NAT/BINAT entries missing from firewall rules: Updating subject for release notes. Jim Pingle
10:06 AM Bug #12298: IPsec manual initiation and termination should use a timeout value or forced actions: Updating subject for release notes. Jim Pingle
10:06 AM Bug #12262: IPsec phase 1 entry with ``0.0.0.0`` as its remote gateway does not receive correct automatic firewall rules: Updating subject for release notes. Jim Pingle
10:04 AM Bug #12197: Mobile IPsec phase 1 should not display "Gateway duplicates" option: Updating subject for release notes. Jim Pingle
10:04 AM Feature #12169: IPsec keep alive option to initiate phase 2 without using ICMP: Updating subject for release notes. Jim Pingle
10:03 AM Feature #12169: IPsec keep alive option to initiate phase 2 without using ICMP: Updating subject for release notes. Jim Pingle
10:02 AM Bug #12198: Disabling an IPsec phase 1 entry does not disable related phase 2 entries: Updating subject for release notes. Jim Pingle
10:01 AM Bug #12196: IPsec settings fail to apply when a remote gateway is set to an FQDN and there are no DNS servers available: Updating subject for release notes. Jim Pingle
09:57 AM Bug #12195: IPsec writes CRL files when tunnel does not use certificates: Updating subject for release notes. Jim Pingle
09:57 AM Regression #12186: <br> tags shown in Status>IPsec: This regression was introduced in a commit made after the last release, so no need to include it in release notes. Jim Pingle
09:56 AM Bug #12155: Tunnels with conflicting REQID values can lead to multiple identical Child SA entries: Updating subject for release notes. Jim Pingle
09:52 AM Bug #11951: IPsec status fails when many tunnels are connected: Updating subject for release notes. Jim Pingle
09:42 AM Todo #12171: Upgrade to ``pkg`` 1.17.x: Updating subject for release notes. Jim Pingle
09:42 AM Bug #11653: Duplicate ``comconsole_port`` lines in ``/boot/loader.conf``: Updating subject for release notes. Jim Pingle
09:41 AM Feature #12194: Support Check IP services which return bare IP address values: Updating subject for release notes. Jim Pingle
09:39 AM Feature #12086: New Dynamic DNS Provider: deSEC: Updating subject for release notes. Jim Pingle
09:39 AM Bug #12007: Dynamic DNS cache expiration time check calculation method may cause update to happen on the wrong day: Updating subject for release notes. Jim Pingle
09:36 AM Feature #11978: New Dynamic DNS Provider: Strato: Updating subject for release notes. Jim Pingle
09:35 AM Todo #11976: Compliance with pfSense style guide in Dynamic DNS service code: No need to include this in release notes Jim Pingle
09:34 AM Bug #11816: RFC 2136 Dynamic DNS client uses IPv6 alias VIP instead of Track IPv6 address for AAAA records: Updating subject for release notes. Jim Pingle
09:33 AM Feature #9341: Support DNS Made Easy authentication without a username: Updating subject for release notes. Jim Pingle
09:32 AM Feature #9092: Option to set interval of forced Dynamic DNS updates: Updating subject for release notes. Jim Pingle
09:30 AM Feature #12269: Include firewall rules from packages which failed to load in status output: Updating subject for release notes. Jim Pingle
09:27 AM Bug #12256: Sanitize WireGuard private and pre-shared keys in status output: Updating subject for release notes. Jim Pingle
09:20 AM Bug #12241: System Information widget unnecessarily polls data for hidden items: Updating subject for release notes. Jim Pingle
09:18 AM Regression #11316: Unbound crashes with signal 11 when reloading: Updating subject for release notes. Jim Pingle
09:16 AM Bug #12280: Default IPv6 router advertisement intervals and lifetime are too low: Updating subject for release notes. Jim Pingle
09:15 AM Bug #12277: DHCPv6 Server should not offer configuration options for unsupported PPPoE Server interfaces: Updating subject for release notes. Jim Pingle
09:13 AM Bug #11905: DHCPv4 server configuration does not include ARM TFTP filenames: Updating subject for release notes. Jim Pingle
09:13 AM Feature #11659: Support for UEFI HTTP Boot option in DHCPv4 Server: Updating subject for release notes. Jim Pingle
09:11 AM Bug #11581: Cannot configure WAN IP address with ``/32`` CIDR mask via console menu: Updating subject for release notes. Jim Pingle
09:09 AM Bug #12041: Certificate Manager shows incorrect DN for imported entries with UTF-8 encoding: Updating subject for release notes. Jim Pingle
09:08 AM Bug #12034: Certificate Manager performs redundant escaping of special characters in certificate DN fields: Updating subject for release notes. Jim Pingle
09:05 AM Bug #11922: Certificate manager reports CA as in use by an LDAP server when LDAP is not configured for TLS: Updating subject for release notes. Jim Pingle
09:04 AM Bug #11831: Certificate Revocation tab does not list active users of CRL entries: Updating subject for release notes. Jim Pingle
08:59 AM Bug #11894: Vouchers may expire too early when using RAM disks: Updating subject for release notes. Jim Pingle
08:53 AM Bug #12227: Changing VHID on CARP VIP does not update VHID of related IP Alias VIPs: Updating subject for release notes. Jim Pingle
08:51 AM Bug #12202: When a CARP VIP VHID change is synchronized to a secondary node, the CARP VIP is removed from the interface and the old VHIDs remain active: Updating subject for release notes. Jim Pingle
08:47 AM Bug #11727: Cannot enter persistent CARP maintenance mode when CARP is disabled: Updating subject for release notes. Jim Pingle
08:45 AM Feature #12094: Suppress kernel messages for ``lo0`` configuration during boot: Updating subject for release notes. Jim Pingle
08:42 AM Todo #12060: Remove deprecated ``libzmq`` code and references: Updating subject for release notes. Jim Pingle
08:40 AM Bug #11946: Custom value for AutoConfigBackup schedule Hours is not shown when loading the settings page: Updating subject for release notes. Jim Pingle
08:38 AM Bug #11909: Output from reboot process is printed on Backup & Restore page when restoring a configuration file: Updating subject for release notes. Jim Pingle
08:36 AM Feature #12226: Copy button for group entries in the User Manager: Updating subject for release notes. Jim Pingle
08:33 AM Todo #10298: Use SHA-512 for user password hashes: Updating subject and tracker for release notes. Jim Pingle
08:30 AM Bug #12177: When attempting to delete an in-use alias, input validation only prints the first item using the alias in the error message: Updating subject for release notes. Jim Pingle
08:25 AM Bug #12124: Creating or editing aliases fails with multiple hosts separated by spaces: Updating subject for release notes. Jim Pingle
08:24 AM Bug #4893: Error loading rules when URL Table Ports content is empty: Updating subject for release notes. Jim Pingle
08:05 AM Regression #12306 (Feedback): Certificate info block has CA info, not certificate info: Per Steve B, reverted that commit. Jim Pingle
07:55 AM Regression #12306 (Resolved): Certificate info block has CA info, not certificate info: On system_certmanager.php the info block for the certificate appears to be printing the CA info and not the certifica... Jim Pingle

08/25/2021

04:10 PM Bug #12095: Memory leak in pcscd: Can confirm the bug on my system. Was a clean upgrade from the last version.
2.5.2-RELEASE (amd64)
built on Fri Jul 0... Michael Smith

08/24/2021

05:19 PM Bug #7801 (Feedback): UDP fragments received over IPsec tunnel are not properly reassembled and forwarded: I was able to test this fix and noticed there are two issues which I needed to work around in order for large df-bit-... Marcos M
01:33 PM Revision 7628b091: Increase default RA intervals. Fixes #12280: Jim Pingle
01:24 PM Revision a1eef308: Increase default RA intervals. Fixes #12280: This code path was not included in the original diff. Jim Pingle
01:12 PM Revision 99dfecb7: radvd: Avoid empty AdvDNSSLLifetime (Fixes #12173): Make sure $raadvdnsslifetime is defined on second foreach Renato Botelho
12:19 PM Bug #12141: Lack of DNS or Internet connectivity causes GUI to be slow: I tried reproducing this on a lab. The gateway is online but pfSense is not able to reach any internet resources (inc... Marcos M
08:46 AM Regression #12028 (Resolved): SNMP daemon issues with pf nvlist changes: This is fine on current snapshots.
No errors in SNMP logs. SNMP queries return expected results. @libpfctl.so.5@ i... Jim Pingle
08:39 AM Regression #12057 (Feedback): 21.09/2.6.0 - High CPU usage and slowness with ``pfctl -ss``: All the relevant changes should be in current snapshots, may need additional testing/confirmation but we likely have ... Jim Pingle
08:36 AM Regression #12288: GRE and GIF tunnel inside addresses are missing at the OS level after applying changes on assigned interfaces: Target can be moved ahead if pressed for time. Nice to fix, but there is a viable workaround so not critical. Jim Pingle
08:35 AM Bug #12280 (Feedback): Default IPv6 router advertisement intervals and lifetime are too low: Applied in changeset commit:a1eef30841b11020c41e02d0bcf1db659852a0ae. Jim Pingle
08:23 AM Bug #12280 (In Progress): Default IPv6 router advertisement intervals and lifetime are too low: There are more lines that didn't get updated along a different code path. Near line 382 and 387. Jim Pingle
08:28 AM Feature #12300 (New): Add Aquantia Atlantic driver to pfsense: Following discussion from https://forum.netgate.com/topic/166048/tp-link-tx401-supported
Add TP-Link driver (aQuanti... ageekhere ageekhere
08:15 AM Bug #12173 (Feedback): IPv6 RA DNSSL lifetime is too short, not compliant with RFC 8106: Applied in changeset commit:99dfecb734b11b1729e58cf650df8d058b300732. Renato Botelho
08:09 AM Bug #11539: Mobile IPsec ``split_include`` value of ``0.0.0.0/0`` causes some clients to fail: There are other changes in 21.09 which may fix this, but leaving it open and moving target for now in case it needs a... Jim Pingle
08:00 AM Feature #12092: Utilize new ``pfctl`` abilities to kill states: Moving ahead, still needs more thought/planning about how best to approach this Jim Pingle
07:59 AM Bug #11296: Static route targets may still reachable via default route when the gateway they should route through is down: Moving ahead, too close to release to make another attempt at this and have enough time to validate the change in beh... Jim Pingle
07:59 AM Bug #11091: Interfaces set as disabled in the configuration have an UP status in the operating system at boot: Moving ahead, too close to release to make another attempt at this and have enough time to validate the change in beh... Jim Pingle
07:46 AM pfSense Plus Regression #11995 (Closed): UPnP/NAT-PMP not functioning on 32-bit ARM: This was fixed before 21.05.1 Jim Pingle
03:09 AM pfSense Packages Bug #12126: freeradius3 0.15.7_31: Hi sorry for the delay.
I've used 0.15.7_32 package version and got the same behavior:
sql nas table is read but ... Alexis Pellicier

08/23/2021

08:53 PM Revision bc642d63: Log settings help text update. Implements #12012: * Improve notes about disk usage
* Add more calculations to estimate potential usage
* Improve notes about when to us... Jim Pingle
07:36 PM Revision dd8d9e23: Disable newsyslog compression w/ZFS. Issue #12011: ZFS compresses /var/log by default. If the ZFS dataset /var/log has
compression enabled on the first boot post instal... Jim Pingle
07:34 PM Revision cf5ee828: Update default config.xml empty tags. Fixes #12299: Reduces the difference between the stock config.xml and what is
written after initial changes are made to the config ... Jim Pingle
07:34 PM Revision 6fab2f23: Update default config.xml. Issue #12299: * Update configuration revision value
* Use new default password hash format Jim Pingle
04:20 PM Revision 41a43f7a: Add missing quotes: Renato Botelho
04:19 PM Revision 062a7598: Replace - by _ on repository path: Renato Botelho
04:05 PM Todo #12012 (Feedback): Improve log settings help text for file size, compression, and retention count: Applied in changeset commit:bc642d63848f67a2f35f977b7bc66bc91508a56c. Jim Pingle
04:00 PM Feature #12011 (Feedback): Disable log compression on new installations when ``/var/log`` is a ZFS dataset with compression enabled: Change is in now, GUI text is coming in #12012
Needs tested a few ways:
* Clean install with ZFS should have l... Jim Pingle
03:18 PM Revision b06e79a6: Followup e324755bee, combine sed and add g flag: Renato Botelho
03:10 PM Revision e324755b: poudriere upstream is not supporting dashes in ports tree names.: This is to prevent issues with sets, so we need to respect the change
https://github.com/freebsd/poudriere/issues/897 Brad Davis
02:49 PM Regression #11470 (Feedback): Panic when using CBQ traffic shaping: I've not been able to reproduce this yet. I'd expect it to happen around the borrowing code of CBQ, where it starts o... Kristof Provost
02:40 PM Todo #12299 (Feedback): Update default ``config.xml``: Applied in changeset commit:cf5ee828686e6feb61fa9c27c61a06497896c551. Jim Pingle
02:06 PM Todo #12299 (Resolved): Update default ``config.xml``: The default configuration file in @/conf.default/config.xml@ is behind the current config revision.
Very few thing... Jim Pingle
01:52 PM Revision 953aba88: Don't wait on manual IPsec actions. Fixes #12298: Use a timeout with swanctl --initiate, and use --force for swanctl
--terminate. This will allow the commands to succe... Jim Pingle
01:17 PM Feature #12070: Support for VLAN ``0``: Anything that would potentially touch VLAN0 needs to be aware of potential security problems with it as well:
* ht... Jim Pingle
10:11 AM pfSense Packages Feature #12297 (Feedback): Suricata: show actual GID:SID rule on click: PR has been merged into devel branches. Thanks! Renato Botelho
09:43 AM Regression #12288: GRE and GIF tunnel inside addresses are missing at the OS level after applying changes on assigned interfaces: Also worth noting that the addresses are present when the GRE is first created, and only disappear after assigning/en... Jim Pingle
09:00 AM Bug #12298 (Feedback): IPsec manual initiation and termination should use a timeout value or forced actions: Applied in changeset commit:953aba88ede593dba2d05fefed879acce5dfde83. Jim Pingle
08:38 AM Bug #12298 (Resolved): IPsec manual initiation and termination should use a timeout value or forced actions: Connecting or disconnecting IPsec P1/P2 entries from the status page, widget, or keep alive uses a command such as @s... Jim Pingle
08:16 AM pfSense Packages Bug #12293 (Feedback): Resolve host via Reverse DNS looks shows IDN domains as punnycode: PR has been merged into devel branches. Thanks! Renato Botelho
08:16 AM pfSense Packages Feature #10809 (Feedback): IDS/IPS - Notifications when new rule categories are released: PR has been merged into devel branches. Thanks! Renato Botelho
08:16 AM pfSense Packages Feature #12292 (Feedback): GeoIP look on the Alerts, Blocked and Files pages: PR has been merged into devel branches. Thanks! Renato Botelho
07:42 AM Bug #12294 (Not a Bug): userland calling deprecated sysctl, please rebuild world pfsense: Almost certainly something leftover in your configuration. Your configuration has a large section of tunable values, ... Jim Pingle
07:32 AM Bug #12256 (Resolved): Sanitize WireGuard private and pre-shared keys in status output: Jim Pingle
07:31 AM Bug #12295 (Not a Bug): Gateway RTT of gateways added through packages (OpenVPN and Wireguard) seem off: There is no difference in monitoring for gateways based on their source like that. It's almost certainly due to diffe... Jim Pingle
07:25 AM Bug #12262: IPsec phase 1 entry with ``0.0.0.0`` as its remote gateway does not receive correct automatic firewall rules: Alhusein Zawi wrote in #note-5:
> # VPN Rules
> pass in on $WAN proto udp from 0.0.0.0/0 to (self) port = 500 tr... Jim Pingle
07:20 AM Todo #12145: Convert RAM disks to ``tmpfs``: Darin May wrote in #note-6:
> Would anything need to change in the dashboard UI code to display tempfs vs ufs where ... Jim Pingle
07:19 AM Feature #12291 (Pull Request Review): Support for Slack notifications: Jim Pingle

08/22/2021

02:40 PM pfSense Packages Feature #12297: Suricata: show actual GID:SID rule on click: https://github.com/pfsense/FreeBSD-ports/pull/1102 Viktor Gurov
02:38 PM pfSense Packages Feature #12297 (Resolved): Suricata: show actual GID:SID rule on click: It would be helpful to see the actual rule affecting the alert via clicking on GID:SID on the Alert page. Viktor Gurov
01:48 PM Todo #12296: Explicitly state where AutoConfigBackup stores encrypted backup data: I did not intend for this to be created as bug, but as an enhancement. I am also aware this is clearly stated here: h... Tyler Montney
01:47 PM Todo #12296 (Resolved): Explicitly state where AutoConfigBackup stores encrypted backup data: Under Services > Auto Configuration Backup > Settings, it should be clearly stated that backups are sent to Netgate r... Tyler Montney
02:41 AM Bug #12294: userland calling deprecated sysctl, please rebuild world pfsense: Kris Phillips wrote in #note-1:
> Hello,
>
> Please be aware that you have uploaded your configuration file unred... itfabrica Tech

08/21/2021

09:48 PM Bug #12256: Sanitize WireGuard private and pre-shared keys in status output: Applied patch in 21.05.1. Private keys were properly removed when generating a status report when they were not befo... Kris Phillips
09:46 PM pfSense Packages Bug #12251: Wireguard 0.1.5 - ignores "KeepAlive" parameter if empty (instead of disabling): Hmm, seems like 86400 is not a valid value after all. It got silently accepted but eventually caused the tunnel to fa... → luckman212
09:39 PM Bug #12294: userland calling deprecated sysctl, please rebuild world pfsense: Hello,
Please be aware that you have uploaded your configuration file unredacted to the public internet. This is ... Kris Phillips
02:17 PM Bug #12294 (Not a Bug): userland calling deprecated sysctl, please rebuild world pfsense: Hello!
After update pfsense to 2.5.2 i have this error
userland calling deprecated sysctl, please rebuild world pfs... itfabrica Tech
09:36 PM Bug #12295: Gateway RTT of gateways added through packages (OpenVPN and Wireguard) seem off: If your gateway has very low latency, either due to a double NAT or because your static IP block is a routed subnet a... Kris Phillips
02:41 PM Bug #12295 (Not a Bug): Gateway RTT of gateways added through packages (OpenVPN and Wireguard) seem off: Hi,
When looking at RTT in widgets or when extracting information via dpinger it looks as if the latency is very l... Faan DG
09:28 PM Bug #12141: Lack of DNS or Internet connectivity causes GUI to be slow: Still seeing this randomly with customer firewalls. If the WAN interface is disabled or physically disconnected, the... Kris Phillips
03:14 PM Bug #12262: IPsec phase 1 entry with ``0.0.0.0`` as its remote gateway does not receive correct automatic firewall rules: # VPN Rules
pass in on $WAN proto udp from 0.0.0.0/0 to (self) port = 500 tracker 1000105301 keep state label "IP... Alhusein Zawi
02:58 PM pfSense Packages Bug #12293: Resolve host via Reverse DNS looks shows IDN domains as punnycode: https://github.com/pfsense/FreeBSD-ports/pull/1101 Viktor Gurov
09:29 AM pfSense Packages Bug #12293 (Resolved): Resolve host via Reverse DNS looks shows IDN domains as punnycode: "Resolve host via Reverse DNS" shows IDN domains as punnycode,
i.e. "xn--80a1acny.xn--p1ai" instead of "почта.рф" Viktor Gurov
02:29 PM Todo #12145: Convert RAM disks to ``tmpfs``: Would anything need to change in the dashboard UI code to display tempfs vs ufs where appropriate, or is it already d... Loh Phat
12:50 PM Bug #12197 (Resolved): Mobile IPsec phase 1 should not display "Gateway duplicates" option: Tested on the:... Danilo Zrenjanin
08:36 AM pfSense Packages Feature #12292: GeoIP look on the Alerts, Blocked and Files pages: https://github.com/pfsense/FreeBSD-ports/pull/1100 Viktor Gurov
04:34 AM pfSense Packages Feature #12292 (Resolved): GeoIP look on the Alerts, Blocked and Files pages: It would be nice to add a "glob" icon near SRC/DST IP to check Country, State, City, Latitude, Longitude via GeoIP se... Viktor Gurov
06:21 AM Feature #12291: Support for Slack notifications: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/353 Viktor Gurov
01:34 AM Feature #12291 (Resolved): Support for Slack notifications: it would be nice to add Slack notifications
sample code:... Viktor Gurov
05:16 AM pfSense Packages Feature #10809: IDS/IPS - Notifications when new rule categories are released: https://github.com/pfsense/FreeBSD-ports/pull/1099 Viktor Gurov
04:47 AM Bug #12224 (Resolved): OpenVPN page allows to delete/disable instance with an assigned interface: Tested on the:... Danilo Zrenjanin
03:11 AM Bug #12000 (Resolved): Remote log server input validation allows invalid values: Re-tested on the:... Danilo Zrenjanin

08/20/2021

09:57 PM Feature #12290 (Resolved): Add ``librdkafka`` package to the pfSense package repository: A customer has requested the librdkafka package be added to the repos for nProbe and ntopng.
https://freebsd.pkg... Kris Phillips
08:11 PM Bug #12173: IPv6 RA DNSSL lifetime is too short, not compliant with RFC 8106: Jim Pingle wrote in #note-5:
> See notes on PR about problematic behavior after this was merged.
fix:
https://gi... Viktor Gurov
01:18 PM Bug #12173: IPv6 RA DNSSL lifetime is too short, not compliant with RFC 8106: See notes on PR about problematic behavior after this was merged. Jim Pingle
01:17 PM Bug #12173 (In Progress): IPv6 RA DNSSL lifetime is too short, not compliant with RFC 8106: Jim Pingle
07:27 PM Bug #12272 (Resolved): Duplicating a Port Forward does not copy "Filter Rule Association" values of "None" or "Pass": fixed
clone function copy None and Pass value .
2.6.0.a.20210820.0100
Alhusein Zawi
04:06 PM Revision 583062bf: IPv6 fix for setdefaultgateway(). Issue #12282: Viktor Gurov
03:48 PM Regression #11470: Panic when using CBQ traffic shaping: I believe I am hitting the same issue. I have included dump files that was generated.
I have enabled CBQ on 7 inte... Reymond Rivera
03:23 PM Regression #11470: Panic when using CBQ traffic shaping: If anyone can provide steps to replicate this please do so. It's 'just working' for me locally. Steve Wheeler
02:11 PM Revision 3ff300c6: Change /var/run to tmpfs. Implements #12145: Jim Pingle
02:01 PM Revision f873a4ef: Update IPsec Filter Mode text. Implements #12289: VTI mode also works for transport mode (e.g. GRE), so note that as well. Jim Pingle
10:44 AM Feature #2668 (Pull Request Review): Support aliases in OpenVPN local/remote/tunnel network fields: Not merged yet Jim Pingle
10:38 AM Feature #2668 (Feedback): Support aliases in OpenVPN local/remote/tunnel network fields: The updated patch looks good now.
Aliases work as expected. Servers are restarted as expected with warnings to the... Steve Wheeler
09:20 AM Todo #12145 (Feedback): Convert RAM disks to ``tmpfs``: Applied in changeset commit:3ff300c630e9decc06d7640136260d07ad566c19. Jim Pingle
09:05 AM Todo #12145 (In Progress): Convert RAM disks to ``tmpfs``: Systems using RAM disks are good now, but on systems not using RAM disks, /var/run is still using md/ufs. Jim Pingle
09:10 AM Todo #12289 (Feedback): Update "IPsec Filter Mode" option values and help text to reflect that VTI mode also helps transport mode (e.g. GRE): Applied in changeset commit:f873a4ef207dfd3ab29c4c80f225df20decf4a50. Jim Pingle
09:01 AM Todo #12289 (Resolved): Update "IPsec Filter Mode" option values and help text to reflect that VTI mode also helps transport mode (e.g. GRE): Turns out that the *IPsec Filter Mode* option on *VPN > IPsec*, *Advanced Settings* tab also works to allow two-way f... Jim Pingle
09:04 AM Regression #12287 (Feedback): State table entry rule ID does not contain the expected value: That's an endianness issue. The kernel converts several fields to network-endianness, and the (userspace) libpfctl li... Kristof Provost
08:22 AM Regression #12287 (Resolved): State table entry rule ID does not contain the expected value: On snapshots the rule number in the state table data does not contain the expected value... Jim Pingle
08:46 AM Bug #4479: Firewall rules won't match GRE interface after applying IPSEC transport encryption on GRE tunnel: This is similar, if not identical, to #8686 -- and the same workaround functions for both, it turns out.
You can m... Jim Pingle
08:27 AM pfSense Packages Bug #12286: Add support for ntlm_auth in LDAP: I don't think we want to even consider putting the samba package in even as a dependency. Too much potential for abuse. Jim Pingle
08:17 AM pfSense Packages Bug #12286: Add support for ntlm_auth in LDAP: see also #10415 Viktor Gurov
08:11 AM pfSense Packages Bug #12286: Add support for ntlm_auth in LDAP: The Samba package should be added to @/tools/conf/pfPorts/poudriere_bulk@ to fix this issue and implement Squid NTLM ... Viktor Gurov
07:10 AM pfSense Packages Bug #12286 (New): Add support for ntlm_auth in LDAP: The FreeRADIUS Package currently provides LDAP Authorisation/Authentication.
Some vendors like Mikrotik uses only MS... Vladislav Kulikov
08:26 AM Regression #12288 (Closed): GRE and GIF tunnel inside addresses are missing at the OS level after applying changes on assigned interfaces: Starting from scratch if you create a new GRE interface and assign+enable it, the inner address on the tunnel interfa... Jim Pingle
08:22 AM pfSense Packages Feature #11531 (Feedback): Show netmap compatible cards in IPS Mode note: PR has been merged. Thanks! Renato Botelho
08:22 AM pfSense Packages Feature #12285 (In Progress): Add more EVE Logged Traffic protocols: Reverted for now since it requires binary 6.x Renato Botelho
07:52 AM pfSense Packages Feature #12285 (Feedback): Add more EVE Logged Traffic protocols: PR has been merged. Thanks! Renato Botelho
04:46 AM pfSense Packages Feature #12285: Add more EVE Logged Traffic protocols: https://github.com/pfsense/FreeBSD-ports/pull/1095 Viktor Gurov
02:03 AM pfSense Packages Feature #12285 (Resolved): Add more EVE Logged Traffic protocols: The current version of Suricata does not allow you to select the FTP, FTP_DATA, RFB and HTTP2 log types.
see https:/... Viktor Gurov
07:52 AM pfSense Packages Bug #6964 (Feedback): Host OS Policy Assignment broken when using "Import" or "Aliases" buttons: PR has been merged. Thanks! Renato Botelho
07:52 AM pfSense Packages Feature #10872 (Feedback): Add adjustable notification for Severity Alert: PR has been merged. Thanks! Renato Botelho
06:04 AM pfSense Packages Feature #10872: Add adjustable notification for Severity Alert: https://github.com/pfsense/FreeBSD-ports/pull/1096 Viktor Gurov
07:52 AM pfSense Packages Feature #9852 (Feedback): show File-Store directory listing: PR has been merged. Thanks! Renato Botelho
07:15 AM pfSense Docs Todo #12275 (Resolved): Feedback on Firewall — Aliases: PR Merged. Jim Pingle
01:27 AM pfSense Docs Todo #12275: Feedback on Firewall — Aliases: https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/21 Viktor Gurov
07:14 AM Bug #12282 (Pull Request Review): Default IPv4 gateway may be set to IPv6 gateway value in certain cases: Jim Pingle
12:20 AM Bug #12282: Default IPv4 gateway may be set to IPv6 gateway value in certain cases: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/351 Viktor Gurov
12:14 AM Bug #12282 (Closed): Default IPv4 gateway may be set to IPv6 gateway value in certain cases: setdefaultgateway() may set IPv6 gateway as a IPv4 gateway in some cases,
see https://github.com/pfsense/pfsense/blo... Viktor Gurov
05:20 AM Revision 762d3cc9: Increase default IPv6 router advertisement (RA) intervals and lifetime. Fixes #12280: Viktor Gurov
01:52 AM pfSense Docs Correction #12284 (Closed): Feedback on Packages — OpenVPN Client Export Package: *Page:* https://docs.netgate.com/pfsense/en/latest/packages/openvpn-client-export.html
*Feedback:*
Help page is... Viktor Gurov
01:15 AM Bug #12283 (New): LDAP/RADIUS authentication servers configuration does not allow source IP address to be specified: This is a limitation of the Auth_RADIUS package and @ldap_connect()@
But this is required in some cases - when mul... Viktor Gurov
12:55 AM Bug #12280 (Feedback): Default IPv6 router advertisement intervals and lifetime are too low: Applied in changeset commit:762d3cc938d890a05d69e5324b0cf7d2ecea55a1. Viktor Gurov

08/19/2021

06:59 PM Revision d566427f: Convert RAM disks to tmpfs. Implements #12145: Jim Pingle
02:05 PM Todo #12145 (Feedback): Convert RAM disks to ``tmpfs``: Applied in changeset commit:d566427f1b210e9ce08ed9be376b0919c113e83b. Jim Pingle
12:18 PM Regression #12217 (Resolved): Kernel panic in IPFW when using Captive Portal: Things are still stable here after running a couple days and also updating again. Closing this out for now, will reop... Jim Pingle
11:35 AM pfSense Packages Bug #6964 (Pull Request Review): Host OS Policy Assignment broken when using "Import" or "Aliases" buttons: Jim Pingle
10:57 AM pfSense Packages Bug #6964: Host OS Policy Assignment broken when using "Import" or "Aliases" buttons: fix:
https://github.com/pfsense/FreeBSD-ports/pull/1094 Viktor Gurov
09:03 AM pfSense Packages Feature #12281 (Pull Request Review): Add support for Telegram/Pushover notifications: Jim Pingle
08:43 AM pfSense Packages Feature #12281: Add support for Telegram/Pushover notifications: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/121 Viktor Gurov
01:04 AM pfSense Packages Feature #12281 (New): Add support for Telegram/Pushover notifications: NUT doesn't send notifications to a Telegram/Pushover backend, even when the Telegram/Pushover configuration is set u... Viktor Gurov
09:03 AM pfSense Packages Bug #12264 (Pull Request Review): Stray <table> line in squid_monitor.php: Jim Pingle
06:48 AM pfSense Packages Bug #12264: Stray <table> line in squid_monitor.php: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/120 Viktor Gurov
08:57 AM Bug #12280 (Pull Request Review): Default IPv6 router advertisement intervals and lifetime are too low: Jim Pingle
01:00 AM Bug #12280: Default IPv6 router advertisement intervals and lifetime are too low: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/350 Viktor Gurov
08:01 AM pfSense Packages Feature #9852 (Pull Request Review): show File-Store directory listing: Jim Pingle
06:31 AM pfSense Packages Feature #9852: show File-Store directory listing: https://github.com/pfsense/FreeBSD-ports/pull/1093 Viktor Gurov
07:13 AM pfSense Packages Bug #12157: Snort exits with Signal 10 on 32bit ARM platforms: I've cherry-picked fixed snort to 21.05.1 Renato Botelho
05:55 AM pfSense Packages Bug #11961 (Feedback): FRR OSPF add unwanted area 0 authentication to router ospf: PR has been merged. Thanks! Renato Botelho
05:54 AM pfSense Packages Bug #12276 (Feedback): Incorrect OSPF/OSPF6 status links: PR has been merged. Thanks! Renato Botelho
05:52 AM pfSense Packages Regression #12278 (Feedback): Invalid plugin_certificates() function name: PR has been merged. Thanks! Renato Botelho
05:49 AM pfSense Packages Bug #12263 (Feedback): Snort package unable to save a new or edited Pass List when Language is set for anything other than English: PR merged Renato Botelho
05:14 AM Revision 923399be: Allow to use nested URL alias in URL alias. Fixes #11863: Viktor Gurov
05:05 AM Revision 21088d3f: Port Forward None and Pass associated filter rule copy. Fixes #12272: Viktor Gurov
05:01 AM Revision 653529c3: Do not allow to select PPPoE Server interfaces on the DHCPv6 Server page. Fixes #12277: Viktor Gurov
12:45 AM Bug #12195 (Resolved): IPsec writes CRL files when tunnel does not use certificates: works as expected on 2.6.0.a.20210818.0500 Viktor Gurov
12:43 AM Feature #12269 (Resolved): Include firewall rules from packages which failed to load in status output: 2.6.0.a.20210818.0500 works as expected
Firewall-Generated Package Invalid Ruleset squid:... Viktor Gurov
12:20 AM Bug #11863 (Feedback): Unable to create nested URL aliases: Applied in changeset commit:923399be686420e2cb0ef8886dc305353ac843a9. Viktor Gurov
12:15 AM Bug #12272 (Feedback): Duplicating a Port Forward does not copy "Filter Rule Association" values of "None" or "Pass": Applied in changeset commit:21088d3fac4073c45ea2d02e44b149843a547de3. Viktor Gurov
12:10 AM Bug #12277 (Feedback): DHCPv6 Server should not offer configuration options for unsupported PPPoE Server interfaces: Applied in changeset commit:653529c381645756551dd77b4838478bbfc06e63. Viktor Gurov

08/18/2021

11:58 PM Bug #12280: Default IPv6 router advertisement intervals and lifetime are too low: same values (200/600/1800) on:
Cisco:
https://www.cisco.com/c/en/us/td/docs/security/asa/asa94/config-guides/cli/... Viktor Gurov
08:32 PM Bug #12280 (Resolved): Default IPv6 router advertisement intervals and lifetime are too low: Related forum thread here:
https://forum.netgate.com/topic/165744/why-are-the-default-ra-intervals-and-lifetime-valu... Offstage Roller
08:11 PM Revision cf757a80: Regex cleanup should also kill {}. Fixes #12257: It's not used often (and less in the GUI) and can be a source of
problems with large numbers of repetitions even outs... Jim Pingle
04:17 PM Revision aed495bd: Merge remote-tracking branch 'origin/fix/12279': Jim Pingle
04:12 PM Revision a38556ff: Use SHA512 to hash user password. Implements #10298: Original commit by Viktor Gurov Jim Pingle
03:00 PM pfSense Packages Regression #12278 (Pull Request Review): Invalid plugin_certificates() function name: Jim Pingle
07:33 AM pfSense Packages Regression #12278: Invalid plugin_certificates() function name: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/119 Viktor Gurov
07:21 AM pfSense Packages Regression #12278 (Resolved): Invalid plugin_certificates() function name: ... Viktor Gurov
02:59 PM Bug #12277 (Pull Request Review): DHCPv6 Server should not offer configuration options for unsupported PPPoE Server interfaces: Jim Pingle
07:06 AM Bug #12277: DHCPv6 Server should not offer configuration options for unsupported PPPoE Server interfaces: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/348 Viktor Gurov
06:48 AM Bug #12277 (Resolved): DHCPv6 Server should not offer configuration options for unsupported PPPoE Server interfaces: If you start PPPoE Server and try to configure the POES interface for DHCP6, an error occurs:... Viktor Gurov
02:58 PM pfSense Packages Bug #12276 (Pull Request Review): Incorrect OSPF/OSPF6 status links: Jim Pingle
05:48 AM pfSense Packages Bug #12276: Incorrect OSPF/OSPF6 status links: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/118 Viktor Gurov
05:40 AM pfSense Packages Bug #12276 (Resolved): Incorrect OSPF/OSPF6 status links: frr_ospf_areas.xml and frr_ospf_interfaces.xml contain `status_frr.php` link instead of `status_frr.php?protocol=ospf... Viktor Gurov
02:57 PM pfSense Packages Bug #11961 (Pull Request Review): FRR OSPF add unwanted area 0 authentication to router ospf: Jim Pingle
05:46 AM pfSense Packages Bug #11961: FRR OSPF add unwanted area 0 authentication to router ospf: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/117 Viktor Gurov
02:44 PM Revision c9285e9f: Fixes #12279: Christian McDonald
02:24 PM Todo #12145: Convert RAM disks to ``tmpfs``: Updated the diff for testing but hit another thing we need to account for.
Currently we check if there is sufficient... Jim Pingle
01:58 PM Revision 7be7d84e: Ensure Unbound python script exists. Fixes #12274: Check to make sure a referenced python script exsits before attempting
to use it in the Unbound configuration. If the... Jim Pingle
01:54 PM pfSense Packages Bug #12157 (Resolved): Snort exits with Signal 10 on 32bit ARM platforms: This appears to be fixed. I've been running it for several days now and previously it would not run for longer than a... Steve Wheeler
12:09 PM Bug #12241: System Information widget unnecessarily polls data for hidden items: B D wrote in #note-5:
> But since the System Information widget can't ever be removed -- that means its performance ... Viktor Gurov
11:30 AM Todo #10298 (Feedback): Use SHA-512 for user password hashes: Applied in changeset commit:a38556ffba0f8d6cf3f61bd7469ebbb922fd3f64. Jim Pingle
09:55 AM Regression #12279 (Feedback): Uninitialized config array and escaped html in ipsec widget: Applied in changeset commit:c9285e9fff6dafb3124acfbe385641bea2d77b1a. Christian McDonald
09:45 AM Regression #12279 (Pull Request Review): Uninitialized config array and escaped html in ipsec widget: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/349 Christian McDonald
09:43 AM Regression #12279 (Resolved): Uninitialized config array and escaped html in ipsec widget: See screenshot. Christian McDonald
09:05 AM Bug #12274 (Feedback): Unbound fails to start if its configuration references a python script which does not exist: Applied in changeset commit:7be7d84ecf8afb2f5fd51ea0b67f68e69fe7fa6d. Jim Pingle
08:28 AM Bug #12274: Unbound fails to start if its configuration references a python script which does not exist: As long as that script is actually selected in the unbound config GUI (picked as "Python Module Script") and not in c... Jim Pingle
03:31 AM Bug #12274 (Resolved): Unbound fails to start if its configuration references a python script which does not exist: After the installation, unbound works 'out of the box'.
When a previously saved config.xml is imported
and pfBloc... Gertjan KROEB
07:56 AM Bug #12272 (Pull Request Review): Duplicating a Port Forward does not copy "Filter Rule Association" values of "None" or "Pass": Jim Pingle
02:33 AM Bug #12272: Duplicating a Port Forward does not copy "Filter Rule Association" values of "None" or "Pass": fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/347 Viktor Gurov
07:22 AM Regression #12245 (Resolved): Input validation error in system.php: This is now fixed in snapshots.
Tested:... Steve Wheeler
06:50 AM Bug #12247 (Resolved): Viewing an AutoConfigBackup entry takes approximately 60 seconds to completely load: This looks good.
The files open quickly and completely. Both encrypted and decrypted parts.
Tested:... Steve Wheeler
06:47 AM Feature #12193 (Resolved): AutoConfigBackup performance improvements: This looks good now.
Files are queued as expected and uploaded when the cronjob fires.
The cronjob is created co... Steve Wheeler
03:40 AM pfSense Docs Todo #12275 (Resolved): Feedback on Firewall — Aliases: *Page:* https://docs.netgate.com/pfsense/en/latest/firewall/aliases.html#url-aliases
*Feedback:*
There is no in... Viktor Gurov

08/17/2021

08:12 PM Revision 4174a828: Fixed #12247 by adding curl_close() call: Steve Beaver
05:44 PM Bug #10955: XMLRPC sync results in an error when a failover peer IP address is specified in DHCP server settings for an unconfigured interface: Jim Pingle wrote in #note-12:
> Where/On what page?
Services / DHCP Server / <Interface> // Other Options / Gateway
... Marcos M
02:14 PM Bug #10955: XMLRPC sync results in an error when a failover peer IP address is specified in DHCP server settings for an unconfigured interface: Marcos Mendoza wrote in #note-11:
> It seems this can be triggered if entering "None" for gateway.
Where/On what ... Jim Pingle
01:56 PM Bug #10955: XMLRPC sync results in an error when a failover peer IP address is specified in DHCP server settings for an unconfigured interface: It seems this can be triggered if entering "None" for gateway. Marcos M
03:29 PM Revision 14b8b150: Add incorrectly generated package rules to status_output. Implements #12269: Viktor Gurov
03:16 PM Bug #12247 (Feedback): Viewing an AutoConfigBackup entry takes approximately 60 seconds to completely load: Anonymous
03:14 PM Bug #12247: Viewing an AutoConfigBackup entry takes approximately 60 seconds to completely load: Issue was caused by a missing curl_close() call, making the system wait until the acb server timed out. Anonymous
02:12 PM pfSense Docs Todo #12271 (Closed): Feedback on pfSense Configuration Recipes — Virtualizing with Proxmox® VE: Fixed, thanks! Jim Pingle
09:29 AM pfSense Docs Todo #12271 (Closed): Feedback on pfSense Configuration Recipes — Virtualizing with Proxmox® VE: *Page:* https://docs.netgate.com/pfsense/en/latest/recipes/virtualize-proxmox-ve.html#basic-proxmox-ve-networking
... Aron Schüler
01:33 PM pfSense Docs Todo #12273 (Resolved): Feedback on pfSense Configuration Recipes — Configuring DNS over TLS: *Page:* https://docs.netgate.com/pfsense/en/latest/recipes/dns-over-tls.html
*Feedback:*
The DoT configuration ... Cy BiS
01:12 PM Revision bca881c4: Correct grep usage where needed. Fixes #12265: Jim Pingle
01:11 PM Revision 8cd3f92f: Regex cleanup change. Fixes #12257: Rather than attempting to cleanup group repetition, just discard the
unwanted pattern. Jim Pingle
12:26 PM Revision e3732f92: Replace unlink() by unlink_if_exists(): Renato Botelho
12:06 PM pfSense Docs Correction #12266 (Closed): Ticket system link no longer correct: Fixed in https://gitlab.netgate.com/docs/pfsense-platforms/-/commit/e2094df8635a2470250e1f61c527b9bc6bb29b06 Jim Pingle
10:56 AM Feature #6776: Allow disabling of "filter rule association" by default: Keenton IT wrote in #note-2:
> Hi,
>
> Note that this setting revert back to "Add associated filter rule" also wh... Viktor Gurov
03:33 AM Feature #6776: Allow disabling of "filter rule association" by default: Hi,
Note that this setting revert back to "Add associated filter rule" also when you clone an existing NAT Rule se... Keenton IT
10:56 AM Bug #12272 (Resolved): Duplicating a Port Forward does not copy "Filter Rule Association" values of "None" or "Pass": When you clone an existing NAT Rule that is set to "None" or "Pass" it's reset to "Add associated filter rule"
#67... Viktor Gurov
10:40 AM Feature #12269 (Feedback): Include firewall rules from packages which failed to load in status output: Applied in changeset commit:14b8b150cb56f1abab87feb3695d841fd734c71c. Viktor Gurov
08:34 AM Feature #12269 (Pull Request Review): Include firewall rules from packages which failed to load in status output: Jim Pingle
02:00 AM Feature #12269: Include firewall rules from packages which failed to load in status output: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/346 Viktor Gurov
01:18 AM Feature #12269 (Resolved): Include firewall rules from packages which failed to load in status output: @discover_pkg_rules()@ creates the "/tmp/rules.packages.{$pkgname}" file if the package creates unloadable rules.
it... Viktor Gurov
09:01 AM Bug #12270: Unidirectional connectivity with DHCP-assigned interface: Now it is solved. Wouldn't have minded to learn elsewhere that 'LAN to ...' is not a mere description. I had set it o... Uwe Dippel
08:29 AM Bug #12270: Unidirectional connectivity with DHCP-assigned interface: "LAN to any" won't match LAN2, it must be "LAN2 to any". Jim Pingle
08:25 AM Bug #12270: Unidirectional connectivity with DHCP-assigned interface: Jim Pingle wrote in #note-2:
> It's not a bug, it's doing exactly what it's been told to do. You need rules on LAN2 ... Uwe Dippel
07:13 AM Bug #12270 (Not a Bug): Unidirectional connectivity with DHCP-assigned interface: It's not a bug, it's doing exactly what it's been told to do. You need rules on LAN2 to allow traffic from LAN2 to do... Jim Pingle
06:02 AM Bug #12270: Unidirectional connectivity with DHCP-assigned interface: I'm not able to correct the 'netstat minus rn' which converted into a strike-through instead of actually showing the ... Uwe Dippel
05:58 AM Bug #12270 (Not a Bug): Unidirectional connectivity with DHCP-assigned interface: [I did discuss this in the forum, and I am aware it sounds unlikely, but haven't found a solution so far. It does loo... Uwe Dippel
08:32 AM Regression #12217: Kernel panic in IPFW when using Captive Portal: So far, so good with the latest snapshot (@2.6.0.a.20210817.0500@). I've updated several systems which easily crashed... Jim Pingle
08:20 AM Todo #12265 (Feedback): Improve uses of ``grep`` which utilize user-supplied patterns: Applied in changeset commit:bca881c428cd82315cc35414017844342db630a0. Jim Pingle
06:10 AM Revision 136c1462: System Information widget optimization. Issue #12241: Viktor Gurov
06:07 AM Revision 3a0f6f36: Move IPsec Mobile additional configuration attributes to strongswan.conf. Fixes #11447: Viktor G
06:05 AM Revision 4f04c78e: Fix IPsec PH1 with Remote Gateway 0.0.0.0 rules creation. Issue #12262: Viktor Gurov
06:05 AM Revision d57eab57: VLAN/QinQ-only interface mismatch detection. Fixes #12170: Viktor G
01:39 AM Bug #12262 (Feedback): IPsec phase 1 entry with ``0.0.0.0`` as its remote gateway does not receive correct automatic firewall rules: Merged Viktor Gurov
01:38 AM Bug #12241 (Feedback): System Information widget unnecessarily polls data for hidden items: Merged Viktor Gurov
01:15 AM Regression #11447 (Feedback): EAP-RADIUS Mobile IPsec clients with RADIUS-assigned addresses do not get additional configuration attributes: Applied in changeset commit:3a0f6f3609dcb50e3ba927a743fb9f1990a48181. Anonymous
01:15 AM Bug #12170 (Feedback): Interface assignment mismatch is not detected if VLAN-only parent interface is removed: Applied in changeset commit:d57eab57652f634939a4bf916997f08fb5bc3916. Anonymous
12:55 AM pfSense Docs Todo #12268 (Closed): Update Aliases documentation with recently added features: *Page:* https://docs.netgate.com/pfsense/en/latest/firewall/aliases.html
*Feedback:*
Network aliases:
+ suppor... Viktor Gurov
12:40 AM Feature #1603 (Resolved): URL table aliases should be usable within network type aliases: in the source tree:
https://github.com/pfsense/pfsense/blob/master/src/usr/local/pfSense/include/www/alias-utils.inc... Viktor Gurov

08/16/2021

07:14 PM Feature #12267: OpenVPN option to limit concurrent connections per user: There's an example here on how to accomplish this:
https://serverfault.com/questions/850599/permit-only-n-connection... Marcos M
07:14 PM Feature #12267 (Resolved): OpenVPN option to limit concurrent connections per user: It's beneficial to be able to limit the total number of connections allowed per user when Duplicate Connection is use... Marcos M
07:13 PM pfSense Packages Bug #11135: HAproxy OCSP reponse crontab bug: I submitted a PR to backport Viktor's changes to the haproxy package as well: https://github.com/pfsense/FreeBSD-port... Daniel Kimsey
06:29 PM Regression #11316: Unbound crashes with signal 11 when reloading: Unbound 1.13.2 is now imported on 2.6.0 and 21.09 and will be available on tomorrow's snapshots Renato Botelho
05:42 PM Revision 57a737f1: More route display changes. Fixes #12257: * Move escape_filter_regex() from syslog.inc to util.inc since it will
be used by things other than syslog.
* Add s... Jim Pingle
04:17 PM pfSense Docs Todo #12261: Feedback on pfSense Configuration Recipes — WireGuard VPN Client Configuration Example: That's great, thank you Jim! David Ross
07:37 AM pfSense Docs Todo #12261: Feedback on pfSense Configuration Recipes — WireGuard VPN Client Configuration Example: We are already aware. Once the development of the WireGuard package progresses further and stabilizes, then the docum... Jim Pingle
02:46 PM pfSense Docs Correction #12266 (Closed): Ticket system link no longer correct: The link given in the docs to open a new ticket in our ticket system no longer links to an existing page since Freshw... Steve Wheeler
01:13 PM Todo #12265 (Resolved): Improve uses of ``grep`` which utilize user-supplied patterns: See #12257 and commit:57a737f1 for examples
A few things to watch out for:
* Patterns passed to grep based on u... Jim Pingle
08:54 AM Bug #12241 (Pull Request Review): System Information widget unnecessarily polls data for hidden items: Jim Pingle
08:07 AM Bug #12241: System Information widget unnecessarily polls data for hidden items: optimization:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/345 Viktor Gurov
08:18 AM pfSense Packages Bug #12263: Snort package unable to save a new or edited Pass List when Language is set for anything other than English: Pull Request #1091, posted here: https://github.com/pfsense/FreeBSD-ports/pull/1091, has been submitted to correct t... Bill Meeks
07:09 AM pfSense Packages Bug #12263 (Resolved): Snort package unable to save a new or edited Pass List when Language is set for anything other than English: When the language on the firewall is set for any language other than English, it is not possible to save changes to a... Bill Meeks
07:48 AM pfSense Packages Bug #12264 (Resolved): Stray <table> line in squid_monitor.php: There's a stray <table> opening element in the C-ICAP Virus Table section of /usr/local/www/squid_monitor.php
<tab... Matthew Fearnley
07:42 AM Bug #12262 (Pull Request Review): IPsec phase 1 entry with ``0.0.0.0`` as its remote gateway does not receive correct automatic firewall rules: Need to be careful when we fix this as if the rules were correct they would match too much traffic and potentially in... Jim Pingle
04:03 AM Bug #12262: IPsec phase 1 entry with ``0.0.0.0`` as its remote gateway does not receive correct automatic firewall rules: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/344 Viktor Gurov
07:40 AM Regression #12217 (Feedback): Kernel panic in IPFW when using Captive Portal: Fix pushed to https://gitlab.netgate.com/pfSense/FreeBSD-src/-/commit/41d976b3b37dfcc66b14c67f610474e94b3d49dd (devel... Kristof Provost
07:39 AM Bug #11863 (Pull Request Review): Unable to create nested URL aliases: Jim Pingle
07:36 AM Bug #7547 (Pull Request Review): Static routes using aliases are not automatically updated when alias content changes: Jim Pingle
07:36 AM Feature #11895 (Pull Request Review): Require user to manually apply changes after altering static route entries: Jim Pingle
07:35 AM Bug #11599 (Pull Request Review): Modifying static routes results in a logged error, changes are not reflected in routing table: Jim Pingle

08/15/2021

08:22 PM Bug #12262 (Resolved): IPsec phase 1 entry with ``0.0.0.0`` as its remote gateway does not receive correct automatic firewall rules: When using @0.0.0.0@ as the remote gateway IP for IPsec, the automatic rules to allow port 500 and 4500 are incorrect... Marcos M
05:47 PM Bug #11863 (New): Unable to create nested URL aliases: Allow to use URL/URL Ports alias in URL/URL ports alias:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests... Viktor Gurov
10:00 AM Bug #11619: Unable to upgrade 2.4.4-p3 to 2.5/21.02-p1: Okay, should've read the ticket better.
Upgrading to 2.4.5_1 using the 2.4.5 depreciated branch followed by upgradin... Glenn G
09:31 AM Bug #11619: Unable to upgrade 2.4.4-p3 to 2.5/21.02-p1: Same here
Any process on how to upgrade?... Glenn G

08/14/2021

06:10 PM Bug #12168: 1:1 NAT rule with internal IP address of "Any" results in an invalid firewall rule: binat on em1 inet all -> 50.50.50.111
2.6.0.a.20210814.1404
Alhusein Zawi
05:55 PM Bug #12198 (Resolved): Disabling an IPsec phase 1 entry does not disable related phase 2 entries: fixed
I was able to make changes in disabled P1 without errors
2.6.0.a.20210814.1404
Alhusein Zawi
03:48 PM pfSense Docs Todo #12261 (Closed): Feedback on pfSense Configuration Recipes — WireGuard VPN Client Configuration Example: *Page:* https://docs.netgate.com/pfsense/en/latest/recipes/wireguard-client.html
*Feedback:*
It looks like this p... David Ross
12:00 PM pfSense Packages Bug #12260 (Closed): Update popup and version missmatch?: Always showing popup in the corner about the available update, every refreshed page, no setting to disable it?
A new... Tomas Tom
11:52 AM pfSense Packages Bug #12240 (Resolved): Syslog-ng does not remove logrotate.conf after disable: Tested on Syslog-ng 1.15_11. /usr/local/etc/logrotate.conf is removed after disabling the service. Marking the ticket... Max Leighton
11:47 AM Bug #7547: Static routes using aliases are not automatically updated when alias content changes: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/342 Viktor Gurov
11:46 AM Feature #11895: Require user to manually apply changes after altering static route entries: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/342 Viktor Gurov
11:46 AM Bug #11599: Modifying static routes results in a logged error, changes are not reflected in routing table: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/342 Viktor Gurov
11:08 AM pfSense Packages Bug #12242 (Resolved): rc file is not deleted: Tested on NET-SNMP 0.1.5_9.
/usr/local/etc/rc.d/net-snmpd.sh and /usr/local/etc/rc.d/net-snmptrapd.sh are removed ... Max Leighton
10:45 AM Bug #12232 (Resolved): OpenVPN status incorrect for TAP servers without a defined tunnel network: Tested on:
2.6.0-DEVELOPMENT (amd64)
built on Thu Aug 12 01:16:53 EDT 2021
FreeBSD 12.2-STABLE
Looks good. I ... Max Leighton
05:33 AM Revision c5bda432: Do not delete disabled routes. Fixes #10706: Viktor G
05:33 AM Revision 2e6b2841: Prevent deletion of OpenVPN instances with assigned interfaces. Fixes #12224: Viktor Gurov
05:33 AM Revision 6514012d: Reconfigure stacked IP Aliases on parent CARP VIP changes. Fixes #12227: Viktor Gurov
04:39 AM Bug #8390: Input validation does not prevent removing a gateway used by a DNS server: Jim Pingle wrote in #note-5:
> Their problem is different from the ones linked.
>
> When you remove a gateway, th... Viktor Gurov
12:40 AM Bug #10706 (Feedback): Kernel route table entries are removed if they match disabled static route entries: Applied in changeset commit:c5bda432e875750e1be03fb82a3cfc0684cb382a. Anonymous
12:40 AM Bug #12224 (Feedback): OpenVPN page allows to delete/disable instance with an assigned interface: Applied in changeset commit:2e6b284184ce10b4ff15d8d4716237036b92ff75. Viktor Gurov
12:40 AM Bug #12227 (Feedback): Changing VHID on CARP VIP does not update VHID of related IP Alias VIPs: Applied in changeset commit:6514012d33705dda99d0def4421f5560ad969af5. Viktor Gurov

08/13/2021

08:39 PM pfSense Packages Bug #12251: Wireguard 0.1.5 - ignores "KeepAlive" parameter if empty (instead of disabling): Thanks. I ended up setting it to a high value, e.g. 86400 → luckman212
08:13 PM Bug #4479: Firewall rules won't match GRE interface after applying IPSEC transport encryption on GRE tunnel: I stumbled across this issue when deploying pfSense for a wireless carrier integration. We needed to do things like p... Arthur Wiebe
08:00 PM Bug #12259 (Closed): Intel em NICs Suffering Performance Degradation on FreeBSD12: Reference FreeBSD bug report here:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=235031
Seems the issue is pa... Kris Phillips
06:40 PM pfSense Packages Bug #12258 (Resolved): Copy key buttons only work in HTTPS mode: Yes of course everyone should be using HTTPS all the time especially now with ACME being available, but sometimes wel... → luckman212
05:46 PM Revision 72ea2b69: Change route collection and output. Fixes #12257: All changes are on src/usr/local/www/diag_routes.php
* Change problematic use of sed for an equivalent and safer use... Jim Pingle
03:35 PM Feature #11978 (Closed): New Dynamic DNS Provider: Strato: Jim Pingle
03:00 PM Feature #11978: New Dynamic DNS Provider: Strato: strato appears in the list of available dyndns providers - using 21.09.a.20210812.1456 Jordan G
01:15 PM Revision ffa913ec: Sanitize WireGuard keys from status_output. Fixes #12256: Viktor Gurov
12:55 PM Bug #12257 (Feedback): Route data collection method on ``diag_routes.php`` has multiple issues: Applied in changeset commit:72ea2b69cc111d4bc8ebf1ccf1e1529923c5b88a. Jim Pingle
12:35 PM Bug #12257 (Resolved): Route data collection method on ``diag_routes.php`` has multiple issues: The way that route data is collected for presentation in the GUI on @diag_routes.php@ has multiple problems, includin... Jim Pingle
12:49 PM Revision 0997d828: Display Gateway IPv6 on status_interfaces.php regardless of Gateway IPv4 status. Fixes #12253: Viktor Gurov
12:49 PM Revision 35de5b66: Show received IPv6 DNS servers on status_interfaces.php page. Fixes #12252: Viktor Gurov
12:49 PM Revision 37c677a1: Fix is_hostname() regression. Issue #12245: Viktor Gurov
12:18 PM Feature #11899: Add support for non-Oracle IP Check providers: looks like duplicate of #12194 Viktor Gurov
11:40 AM Revision e7cac368: Properly remove the old VHID on XMLRPC CARP VIP sync. Fixes #12202: Viktor Gurov
11:30 AM Revision 58f744b7: OpenVPN Tunnel network input validation fix. Issue #11999: Viktor Gurov
09:32 AM Regression #12239 (Resolved): Interfaces page does not show Wireless EAP client options: Looks good on 2.6.0.a.20210812.0500 Viktor Gurov
09:32 AM Regression #12234 (Resolved): Wireless Channel/Width Issues with GUI: Looks good on 2.6.0.a.20210812.0500 Viktor Gurov
09:31 AM Regression #12245: Input validation error in system.php: This looks good now with that patch. I am able to use numeric hosts names. It still rejects invalid hosts that includ... Steve Wheeler
08:34 AM Regression #12245 (Feedback): Input validation error in system.php: Merged Viktor Gurov
07:36 AM Regression #12245 (Pull Request Review): Input validation error in system.php: Jim Pingle
12:35 AM Regression #12245: Input validation error in system.php: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/337 Viktor Gurov
08:35 AM Revision 36abc2ad: Update convert_friendly_interface_to_friendly_descr() to show IP Alias description. Fixes #11337: Viktor G
08:27 AM Bug #12000 (Feedback): Remote log server input validation allows invalid values: re-test required after #12245 Viktor Gurov
08:25 AM Bug #12256 (Feedback): Sanitize WireGuard private and pre-shared keys in status output: Applied in changeset commit:ffa913ec51c68af00a6f0b18e84544ac64d77d2f. Viktor Gurov
07:50 AM Bug #12256 (Pull Request Review): Sanitize WireGuard private and pre-shared keys in status output: Jim Pingle
04:03 AM Bug #12256: Sanitize WireGuard private and pre-shared keys in status output: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/340 Viktor Gurov
03:57 AM Bug #12256 (Resolved): Sanitize WireGuard private and pre-shared keys in status output: @<privatekey>@ and @<presharedkey>@ are not sanitized from status.php output Viktor Gurov
08:11 AM Revision d1d8383c: Use client-connect/client-disconnect script for Remote Access (SSL/TLS) server mode. Fixes #12238: Viktor Gurov
08:11 AM Revision 5ed5f14d: Set $retries=10 in resolve_retry() to improve resolution timeout. Fixes #12196: Viktor G
08:10 AM Revision 0f441291: 1:1 NAT rules creation update. Fixes #12168: * Fix 1:1 NAT rule creation when Any is selected for Internal IP
* Fix 1:1 NAT rule creation when Any is selected for... Viktor G
07:55 AM pfSense Docs Todo #12250 (Closed): Feedback on Networking Concepts — Understanding CIDR Subnet Mask Notation: Fixed, thanks! Jim Pingle
07:55 AM Bug #12253 (Feedback): IPv6 gateway for an interface is not shown on ``status_interfaces.php`` if the interface does not also have an IPv4 gateway: Applied in changeset commit:0997d828271d48e17edb9be0ac1e9ece8f234b00. Viktor Gurov
07:41 AM Bug #12253 (Pull Request Review): IPv6 gateway for an interface is not shown on ``status_interfaces.php`` if the interface does not also have an IPv4 gateway: Jim Pingle
01:54 AM Bug #12253: IPv6 gateway for an interface is not shown on ``status_interfaces.php`` if the interface does not also have an IPv4 gateway: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/339 Viktor Gurov
01:51 AM Bug #12253 (Resolved): IPv6 gateway for an interface is not shown on ``status_interfaces.php`` if the interface does not also have an IPv4 gateway: status_interfaces.php page doesn't display Gateway IPv6 if Gateway IPv4 doesn't exist Viktor Gurov
07:55 AM Bug #12252 (Feedback): IPv6 DNS servers from dynamic sources are not listed on ``status_interfaces.php``: Applied in changeset commit:35de5b66a633f45daa828a3faac9547f9d9db4b7. Viktor Gurov
07:40 AM Bug #12252 (Pull Request Review): IPv6 DNS servers from dynamic sources are not listed on ``status_interfaces.php``: Jim Pingle
12:57 AM Bug #12252: IPv6 DNS servers from dynamic sources are not listed on ``status_interfaces.php``: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/338 Viktor Gurov
12:43 AM Bug #12252 (Resolved): IPv6 DNS servers from dynamic sources are not listed on ``status_interfaces.php``: After configuring DHCP6 on the interface, I see the correct `/var/etc/nameserver_v6*` files with IPv6 DNS servers, bu... Viktor Gurov
07:49 AM Bug #12255 (Duplicate): MTU on Interface change to VLAN MTU: This seems like it is overlapping significantly with #11870 and likely will be solved when that is solved. Jim Pingle
03:41 AM Bug #12255 (Duplicate): MTU on Interface change to VLAN MTU: The MTU on an physical interface in the gui is set to 9000. After creating an vlan on the interface and setting th VL... Rafael Grothmann
07:46 AM Bug #12254 (Duplicate): LAGG: This does appear to be a duplicate of #9183, though it doesn't affect LAGG in general as that is working fine on curr... Jim Pingle
03:29 AM Bug #12254 (Duplicate): LAGG: There is a LAGG over two ethernet Interfaces. The LAGG is working after configuration. After reboot the LAGG is creat... Rafael Grothmann
07:43 AM pfSense Packages Feature #11531 (Pull Request Review): Show netmap compatible cards in IPS Mode note: Jim Pingle
02:07 AM pfSense Packages Feature #11531: Show netmap compatible cards in IPS Mode note: https://github.com/pfsense/FreeBSD-ports/pull/1090 Viktor Gurov
07:23 AM Bug #12236 (Resolved): IPsec bypass rules display help text under each entry: Looks good now Viktor Gurov
07:21 AM Bug #11999 (Feedback): OpenVPN IPv6 tunnel network is not validated properly: Merged Viktor Gurov
06:45 AM Bug #12202 (Feedback): When a CARP VIP VHID change is synchronized to a secondary node, the CARP VIP is removed from the interface and the old VHIDs remain active: Applied in changeset commit:e7cac36841ba2f1fc9aad65cafe4a77c66bd61ac. Viktor Gurov
05:46 AM Revision c7599055: Parse ARM 32/64 network boot options on Static DHCP Mapping page. Fixes #12216: Viktor Gurov
05:45 AM Revision 126f555e: Do not create disabled IPsec VTI interfaces. Fixes #12212: Viktor G
05:44 AM Revision fdb9dcc9: Fix disabling IPsec PH1 with PH2 VTI on vpn_ipsec_phase1.php page. Issue #12198: Viktor G
05:43 AM Revision 4192ee44: Show all alias references on delete attempt. Fixes #12177: Viktor G
05:38 AM Revision 96270d7c: Router Advertisements fixes. Issue #12173: * Set AdvDNSSLLifetime value to 3*MaxRtrAdvInterval per RFC 8106
* Provide DNS configuration via radvd checkbox fix Viktor G
05:37 AM Revision d1150a0c: Write CRL files only if certificate authentication is used in IPsec. Fixes #12195: Viktor G
03:51 AM Bug #11337: Interface column empty in list of GIF tunnels when using IP Alias on CARP VIP as Interface: Merged Viktor Gurov
03:45 AM Bug #11337 (Feedback): Interface column empty in list of GIF tunnels when using IP Alias on CARP VIP as Interface: Applied in changeset commit:36abc2ad355f157365ce982b349eb5d385a24453. Anonymous
03:33 AM Bug #12168 (Feedback): 1:1 NAT rule with internal IP address of "Any" results in an invalid firewall rule: Please check on the latest snapshot Viktor Gurov
03:33 AM Bug #12168: 1:1 NAT rule with internal IP address of "Any" results in an invalid firewall rule: Merged Viktor Gurov
03:20 AM Bug #12238 (Feedback): OpenVPN client connect/disconnect scripts are not used in Remote Access (SSL/TLS) mode: Applied in changeset commit:d1d8383c74465f5bb8dae6348e4bb0a7060012b3. Viktor Gurov
03:20 AM Bug #12196 (Feedback): IPsec settings fail to apply when a remote gateway is set to an FQDN and there are no DNS servers available: Applied in changeset commit:5ed5f14d7c4e53c3f713c0842553916c1d145542. Anonymous
03:08 AM Bug #12173 (Feedback): IPv6 RA DNSSL lifetime is too short, not compliant with RFC 8106: Merged Viktor Gurov
03:07 AM Bug #12198 (Feedback): Disabling an IPsec phase 1 entry does not disable related phase 2 entries: Merged Viktor Gurov
02:26 AM pfSense Packages Bug #7374 (Closed): Barnyard2 package has incomplete install when installed as Suricata depedency: Barnyard2 has been removed from both the Snort and Suricata packages. Viktor Gurov
12:55 AM Bug #12216 (Feedback): ARM 32/64 network boot options are not parsed on Static DHCP Mapping page: Applied in changeset commit:c7599055449b39a6981809e9fa2ed76f34c53467. Viktor Gurov
12:55 AM Bug #12212 (Feedback): Disabled IPsec VTI interfaces are always created: Applied in changeset commit:126f555e4452147580e424051175b8f48b6a5e05. Anonymous
12:45 AM Bug #12177 (Feedback): When attempting to delete an in-use alias, input validation only prints the first item using the alias in the error message: Applied in changeset commit:4192ee446e862699b42122d8c9d2750a98ff0735. Anonymous
12:45 AM Bug #12195 (Feedback): IPsec writes CRL files when tunnel does not use certificates: Applied in changeset commit:d1150a0c3cb90e871eff9bdddca7e351d4adef90. Anonymous

08/12/2021

10:37 PM pfSense Packages Bug #12251 (Confirmed): Wireguard 0.1.5 - ignores "KeepAlive" parameter if empty (instead of disabling): Restarting the service will work around this in the mean time Christian McDonald
08:21 PM pfSense Packages Bug #12251 (Resolved): Wireguard 0.1.5 - ignores "KeepAlive" parameter if empty (instead of disabling): Wireguard pkg 0.1.5
pfSense+ 21.05.1
If "KeepAlive" is left empty, config is written as 30 seconds.
Descriptio... → luckman212
02:01 PM pfSense Packages Todo #11033 (Closed): Update OpenVPN Client Export with OpenVPN 2.5.0 installer: Make a new issue for a new request. This was done months ago. Jim Pingle
01:58 PM pfSense Packages Todo #11033: Update OpenVPN Client Export with OpenVPN 2.5.0 installer: Updating Subject as we need to update the OpenVPN Client Export package for 2.5.3, as it's currently on 2.5.2. Also ... Kris Phillips
09:26 AM pfSense Docs Todo #12250 (Closed): Feedback on Networking Concepts — Understanding CIDR Subnet Mask Notation: *Page:* https://docs.netgate.com/pfsense/en/latest/network/cidr.html
*Feedback:*
Typo: "255.224.0 0" (note the ... J St Sauver
08:55 AM pfSense Packages Bug #12101: ArpWatch Suppression Mac for "flip-flop" not suppressing: I have updated to version 0.2.0_6 and still are getting flip-flop notifications. I have tried restarting the service ... Shaun Gause
07:45 AM Bug #12249: Long configuration revision reasons can cause AutoConfigBackup upload to fail: The string "-NoReMoTeBaCkUp" can be added to a commit message to prevent it from being synced to ACB. The string is a... Anonymous
06:59 AM Bug #12249 (Feedback): Long configuration revision reasons can cause AutoConfigBackup upload to fail: HAProxy makes changes to config.xml with extremely large commit messages (> 2K chars) This exceeds the capacity of th... Anonymous

08/11/2021

06:24 PM Revision fa13ece8: Fixed missing $ warning: Steve Beaver
03:55 PM Regression #11316: Unbound crashes with signal 11 when reloading: OK that is unrelated to this bug. It is #12095 which can be mitigated by the patch on #11933. Jim Pingle
03:50 PM Regression #11316: Unbound crashes with signal 11 when reloading: Jim Pingle wrote in #note-67:
> If it was a similar crash to the previous issues, you would see the crash in the mai... Akom Benevolent
03:27 PM Regression #11316: Unbound crashes with signal 11 when reloading: If it was a similar crash to the previous issues, you would see the crash in the main system log. You can filter that... Jim Pingle
03:20 PM Regression #11316: Unbound crashes with signal 11 when reloading: Jim Pingle wrote in #note-65:
> That is odd, the log also didn't show a crash, but a clean stop and start. That is a... Akom Benevolent
02:59 PM Regression #11316: Unbound crashes with signal 11 when reloading: That is odd, the log also didn't show a crash, but a clean stop and start. That is also a very old log, maybe you upl... Jim Pingle
02:13 PM Regression #11316: Unbound crashes with signal 11 when reloading: I just had an *unbound 1.12.0* crash on *CE 2.5.2*
It was up for about a month (with 1.13.0 on 2.5.1 it crashed every... Akom Benevolent
03:32 PM Feature #12248 (New): Package Update Availability Notification: Following up with a user's feature request on Reddit (https://www.reddit.com/r/PFSENSE/comments/p1o4fz/notifications_... Adam Cooper
02:55 PM Bug #12241: System Information widget unnecessarily polls data for hidden items: That has always been the case and likely always will be -- just the fact that you're hitting the dashboard and consta... Jim Pingle
02:11 PM Bug #12241: System Information widget unnecessarily polls data for hidden items: But since the System Information widget can't ever be removed -- that means its performance penalty is fixed for the ... B D
02:10 PM Bug #12241: System Information widget unnecessarily polls data for hidden items: That is correct, hiding items does not stop the data from being collected. Hiding a whole widget would, but not speci... Jim Pingle
01:36 PM Bug #12241: System Information widget unnecessarily polls data for hidden items: ... above should be when *all* are *hidden*. B D
01:35 PM Bug #12241: System Information widget unnecessarily polls data for hidden items: Jim,
Thanks for the feedback. Please note that the performance drop occurs even when *all* items (not just pf stat... B D
09:27 AM Bug #12241: System Information widget unnecessarily polls data for hidden items: Watching the dashboard puts a load on the system as it fetches the data used to display the widgets. Some of this is ... Jim Pingle
02:27 PM pfSense Packages Bug #12157 (Feedback): Snort exits with Signal 10 on 32bit ARM platforms: Jim Pingle
01:37 PM pfSense Packages Bug #12157: Snort exits with Signal 10 on 32bit ARM platforms: This should be fixed now as https://cgit.freebsd.org/ports/commit/?id=c2a4ab17ef5e44424f2b2e97e30a2fde437dcd8a hit up... Mateusz Guzik
02:06 PM Feature #12193 (Feedback): AutoConfigBackup performance improvements: Lockfile typo fixed. Anonymous
09:52 AM Feature #12193 (New): AutoConfigBackup performance improvements: Seeing a set of PHP error from these changes:... Jim Pingle
01:21 PM Bug #12247: Viewing an AutoConfigBackup entry takes approximately 60 seconds to completely load: If I attempt to view a backup by clicking on the "view" icon, I should see both the encrypted and decoded config on t... Anonymous
11:44 AM Bug #12247 (Resolved): Viewing an AutoConfigBackup entry takes approximately 60 seconds to completely load: Build: 21.09.a.20210811.0100 - When viewing an ACB backup, the encrypted and decrypted versions of the backup should ... Anonymous
11:39 AM pfSense Packages Feature #12246 (Closed): Load a file into patch textarea: The only way of adding a new patch is to paste patch content on `Patch Contentx` text area. It would be useful to be... Renato Botelho
11:33 AM Bug #6880: Multiple DHCP6 WAN connections leads to multiple dhcp6c clients: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/336 Viktor Gurov
10:48 AM Regression #12069 (Feedback): Panic in ``pfctl`` with large numbers of states: Needs some final testing/confirmation yet now that the other work is done. Jim Pingle
10:07 AM Regression #12069: Panic in ``pfctl`` with large numbers of states: With the introduction of DIOCGETSTATESV2 this problem should probably be considered resolved. Mateusz Guzik
09:57 AM Regression #12228 (Resolved): States table content in GUI is corrupted/invalid on snapshots: Looks good on the latest snapshot: @2.6.0.a.20210811.0500@ with module version @0.72_1@
Jim Pingle
09:39 AM Bug #12244 (Not a Bug): Gateways with "Use non-local gateway" set are added to the local routing table with the gateway's interface MAC with UHS (host) flags even if a remote route through an external gateway is provided by OSPF: Unless I'm misreading something there is no bug here.
If you _manually_ added a gateway and checked the box to say... Jim Pingle
02:31 AM Bug #12244: Gateways with "Use non-local gateway" set are added to the local routing table with the gateway's interface MAC with UHS (host) flags even if a remote route through an external gateway is provided by OSPF: https://redmine.pfsense.org/issues/7380 Looks quite related to this bug. Layla Mah
01:59 AM Bug #12244: Gateways with "Use non-local gateway" set are added to the local routing table with the gateway's interface MAC with UHS (host) flags even if a remote route through an external gateway is provided by OSPF: For reference, manually deleting the erroneous host (USH flags) route via ... Layla Mah
01:54 AM Bug #12244 (Not a Bug): Gateways with "Use non-local gateway" set are added to the local routing table with the gateway's interface MAC with UHS (host) flags even if a remote route through an external gateway is provided by OSPF: This issue: https://redmine.pfsense.org/issues/11433 claims that 2.5.0 regressed things by not adding gateways with "... Layla Mah
09:34 AM Bug #12006 (Duplicate): CARP IP sometimes doesn't apply to CARP member: Reads the same to me. Closing as a duplicate. Can always reopen if we can get more detail that shows it's a unique pr... Jim Pingle
09:06 AM Bug #12006: CARP IP sometimes doesn't apply to CARP member: seems to be related to #12202 Viktor Gurov
09:10 AM Regression #12245: Input validation error in system.php: related to #12000 Viktor Gurov
09:01 AM Regression #12245 (Resolved): Input validation error in system.php: The input validation in system.php incorrectly prevents numeric hostnames in 2.6 and 21.09. For example '3100' or '26... Steve Wheeler
06:19 AM pfSense Packages Bug #12242 (Feedback): rc file is not deleted: PR has been merged. Thanks! Renato Botelho
12:20 AM pfSense Packages Bug #12242: rc file is not deleted: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/115 Viktor Gurov
12:03 AM pfSense Packages Bug #12242 (Resolved): rc file is not deleted: After disabling the Net-SNMP and Net-SNMP trap daemon services, `/usr/local/etc/rc.d/net-snmpd.sh` and `/usr/local/et... Viktor Gurov
06:19 AM pfSense Packages Bug #12240 (Feedback): Syslog-ng does not remove logrotate.conf after disable: PR has been merged. Thanks! Renato Botelho
06:14 AM Bug #9058 (Feedback): Kernel panic during L2TP retransmit: Setting target version since it's now fixed. Thanks! Renato Botelho
06:00 AM Bug #9058: Kernel panic during L2TP retransmit: Glad to hear it is working for you.
The work was sponsored by Netgate, so I suggest you use the money to buy more ... Mateusz Guzik
05:39 AM Bug #9058: Kernel panic during L2TP retransmit: It's been running stable for five days (which is twice the max uptime of the last 30 days), so I'll say it's fixed.
... Bianco Veigel
06:13 AM pfSense Packages Feature #9989 (Rejected): Add FreeBSD port and pfSense plugin for HoneyTrap: After internal discussion we decided to reject adding this to pfSense. This kind of software doesn't belong to a Fir... Renato Botelho
06:09 AM Feature #2358 (New): NAT64 support: Pull Request was closed because code was based on IPFW and we plan to stop using IPFW as soon as possible. Introduci... Renato Botelho
05:32 AM Revision 013cbaaa: Hide pcscd service from the service list if IPsec PKCS11 support is disabled. Todo #11933: Viktor G
05:26 AM Revision 1d7ae980: NTP Server SHA256 authentification support. Implements #12213: Viktor G
05:26 AM Revision 1c334904: Delete OpenVPN related config files for disabled instance. Fixes #12223: Viktor G
05:25 AM Revision 253d6509: Fix ProxyARP/Other VIP network address expansion on Port Forward rules. Issue #12233: Viktor Gurov
05:24 AM Revision 883ea6ab: Increment local port and clear tunnel networks value when restarting the OpenVPN wizard. Fixes #12172: Viktor Gurov
05:18 AM Revision cf40cd17: Support for UEFI HTTP Boot option in DHCP config. Implements #11659: Viktor G
05:17 AM Regression #12234 (Feedback): Wireless Channel/Width Issues with GUI: Merged Viktor Gurov
05:16 AM Revision 647cf03a: Wireless Channel/Width Issues fix. Issue #12234: Viktor Gurov
05:16 AM Regression #12233 (Feedback): VIP network addresses are not expanded on Port Forward rules: Merged Viktor Gurov
05:09 AM Revision 27bbf370: Do not show Gateway duplicates option for IPsec Mobile. Fixes #12197: Viktor G
05:08 AM Revision 1fe2aa3e: Hide console output on system backup restore. Fixes #11909: Viktor G
05:08 AM Revision e6407b22: Group copy button. Implements #12226: Viktor Gurov
05:07 AM Revision 5db7152e: Do not show help text under each IPsec bypass rules entry. Fixes #12236: Viktor Gurov
05:05 AM Revision f4738ad4: OpenVPN Wizard ncp_enable value fix. Issue #12172: Viktor G
03:18 AM Todo #11933 (Feedback): PC/SC Smart Card Daemon ``pcscd`` running on all devices at all times, should be optional: Merged Viktor Gurov
12:52 AM Todo #12176: Hide WireGuard interfaces on appropriate pages: see #12243 Viktor Gurov
12:51 AM Todo #12243 (New): Implement ```plugin_interfaces()```: from https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/309#note_39017:
The package should return an arra... Viktor Gurov
12:35 AM Feature #12213 (Feedback): Support SHA-256 hash NTP authentication: Applied in changeset commit:1d7ae980fb91650b31047578bbe9656dd90f89d0. Anonymous
12:35 AM Bug #12223 (Feedback): Configuration files are not deleted after disabling an OpenVPN instance: Applied in changeset commit:1c3349042bbe2bcb10acaf65bded09c322b056a8. Anonymous
12:30 AM Regression #12172 (Feedback): OpenVPN Wizard configuration missing recently added default values: Applied in changeset commit:883ea6ab4221caef114de98b3b63a5fbd8980fe9. Viktor Gurov
12:25 AM Feature #11659 (Feedback): Support for UEFI HTTP Boot option in DHCPv4 Server: Applied in changeset commit:cf40cd1792595d0122cdd6ce1c4ac6145f38df78. Anonymous
12:25 AM Bug #12197 (Feedback): Mobile IPsec phase 1 should not display "Gateway duplicates" option: Applied in changeset commit:27bbf370b1ac61bfd9db9f2c9ae2e285f136f2f7. Anonymous
12:15 AM Feature #12226 (Feedback): Copy button for group entries in the User Manager: Applied in changeset commit:e6407b2267ee82bff41c429e17ff687cbf584cde. Viktor Gurov
12:15 AM Bug #12236 (Feedback): IPsec bypass rules display help text under each entry: Applied in changeset commit:5db7152ef76b8862230a76112dd03efaf3b35e5a. Viktor Gurov

08/10/2021

09:26 PM Bug #12241 (Resolved): System Information widget unnecessarily polls data for hidden items: Netgate SG-3100
pfSense 21.05.1 (observed under 2.4.5p1 too)
If I am not logged into the Web GUI and specifically... B D
07:56 PM Revision d0c3ee6a: Snort: Enable COREDUMPS option: (cherry picked from commit 4e7641271c27cf394e6e2bea278098ed6f0e22b7) Renato Botelho
07:56 PM Revision 4e764127: Snort: Enable COREDUMPS option: Renato Botelho
06:37 PM Revision 8d4fcd7a: Clean up some messy HTML in the cert/ca display code. Prep for future MVC changes.: Steve Beaver
04:51 PM Revision c7839f15: Wireless EAP client option fix. Issue #12239: Viktor Gurov
04:43 PM Bug #12105 (Feedback): Packages are not automatically reinstalled when restoring configuration using the installer: Fix pushed and will be present on next round of snapshots
Commit on FreeBSD-src: f5eb50394ce6 Renato Botelho
04:22 PM Todo #12171 (Feedback): Upgrade to ``pkg`` 1.17.x: pkg 1.17.1 is running fine on 2.6.0 and 21.09 Renato Botelho
03:35 PM Bug #9058: Kernel panic during L2TP retransmit: I removed debug printfs so updating to upcoming snapshot should stop the spam. I'll wait for your final confirmation ... Mateusz Guzik
02:01 PM Revision d91c2317: Merge pull request #4535 from luftegrof/bug12174: Renato Botelho
02:00 PM Revision a6296852: Merge pull request #4512 from jvandervyver/master: Renato Botelho
02:00 PM Revision 7f0ad465: Merge pull request #4530 from Alexilmarranen/master: Renato Botelho
02:00 PM Revision 07fbed96: Merge pull request #4534 from Uglymotha/master: Renato Botelho
02:00 PM Revision 16ff593a: Merge pull request #4533 from seyfidin/patch-1: Renato Botelho
12:47 PM Bug #12095: Memory leak in pcscd: Just registered to report the same issue. I have never used smart cards or IPSec tunnels and today I noticed all swap... Alexander Arques
11:55 AM Regression #12239 (Feedback): Interfaces page does not show Wireless EAP client options: Merged
Viktor Gurov
07:37 AM Regression #12239 (Pull Request Review): Interfaces page does not show Wireless EAP client options: Jim Pingle
06:35 AM Regression #12239: Interfaces page does not show Wireless EAP client options: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/335 Viktor Gurov
05:55 AM Regression #12239 (Resolved): Interfaces page does not show Wireless EAP client options: It only shows "EAP Client Mode" and "Certificate Authority" but not other PEAP/TLS/TTLS EAP options Viktor Gurov
10:55 AM pfSense Packages Feature #11210: 3rd party rulesets: Tested fine here. Only issue I see is the @Delete@ button will remove the @Check MD5@ label as well. Also, when addin... Marcos M
09:16 AM pfSense Packages Feature #11210 (Feedback): 3rd party rulesets: PR has been merged. Thanks! Renato Botelho
10:46 AM Regression #12228 (Feedback): States table content in GUI is corrupted/invalid on snapshots: I've triggered the build to update all poudriere jails for both CE and Plus. I also bump PORTREVISION of PHP module ... Renato Botelho
09:05 AM Regression #12228: States table content in GUI is corrupted/invalid on snapshots: One of the commits changed the size of struct pf_state.
It should be sufficient to make sure the php module is rec... Mateusz Guzik
10:36 AM Bug #11852: State table content on ``diag_dump_states.php`` does not sort properly: JohnPoz _ wrote in #note-9:
> I thought this might of been included with 21.05.1 - guess not I just checked and stil... Jim Pingle
10:32 AM Bug #11852: State table content on ``diag_dump_states.php`` does not sort properly: I thought this might of been included with 21.05.1 - guess not I just checked and still doesn't sort... Will wait til... JohnPoz _
09:39 AM pfSense Packages Bug #12240: Syslog-ng does not remove logrotate.conf after disable: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/113 Viktor Gurov
09:23 AM pfSense Packages Bug #12240 (Resolved): Syslog-ng does not remove logrotate.conf after disable: @/usr/local/etc/logrotate.conf@ still exists after disabling Syslog-ng Viktor Gurov
09:25 AM pfSense Packages Bug #12153 (Feedback): Incorrect Outgoing Network Interface on clean install: PR has been merged. Thanks! Renato Botelho
09:25 AM pfSense Packages Bug #12167 (Feedback): BGP TCP setkey not set if neighbor is in peer group: PR has been merged. Thanks! Renato Botelho
09:23 AM pfSense Packages Bug #12204 (Feedback): Certificate Manager page doesn't show Syslog-NG used certificates: PR has been merged. Thanks! Renato Botelho
09:18 AM pfSense Packages Bug #12101 (Feedback): ArpWatch Suppression Mac for "flip-flop" not suppressing: PR has been merged. Thanks! Renato Botelho
09:16 AM pfSense Packages Bug #7039 (Feedback): HAProxy backend configuration does not handle intermediate CAs properly: PR has been merged. Thanks! Renato Botelho
09:02 AM Bug #12159 (Feedback): "Default preferred lifetime" router advertisement validation check uses incorrect variable: PR has been merged. Thanks! Renato Botelho
09:02 AM Bug #12164 (Feedback): IPv6 policy routing does not work if an IPsec tunnel phase 2 remote network is configured for ``::/0``: PR has been merged. Thanks! Renato Botelho
09:01 AM Feature #12109 (Feedback): Option to suppress expiration notifications for revoked certificates: PR has been merged. Thanks! Renato Botelho
09:01 AM Feature #12194 (Feedback): Support Check IP services which return bare IP address values: PR has been merged. Thanks! Renato Botelho
09:01 AM Bug #12174 (Feedback): Firewall rule tabs load slowly when many rules on the tab utilize gateways: PR has been merged. Thanks! Renato Botelho
07:36 AM Regression #12234 (Pull Request Review): Wireless Channel/Width Issues with GUI: Jim Pingle
05:51 AM Regression #12234: Wireless Channel/Width Issues with GUI: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/334 Viktor Gurov
07:34 AM Bug #12238 (Pull Request Review): OpenVPN client connect/disconnect scripts are not used in Remote Access (SSL/TLS) mode: Jim Pingle
03:45 AM Bug #12238: OpenVPN client connect/disconnect scripts are not used in Remote Access (SSL/TLS) mode: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/333 Viktor Gurov
03:34 AM Bug #12238 (Resolved): OpenVPN client connect/disconnect scripts are not used in Remote Access (SSL/TLS) mode: If the "Remote Access (SSL/TLS)" server mode is selected,
The resulting openvpn config file doesn't contain client-... Viktor Gurov
07:29 AM Bug #12236 (Pull Request Review): IPsec bypass rules display help text under each entry: Jim Pingle
12:06 AM Bug #12236: IPsec bypass rules display help text under each entry: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/331 Viktor Gurov
12:00 AM Bug #12236 (Resolved): IPsec bypass rules display help text under each entry: IPsec bypass rules display help text under each entry
see the screenshot Viktor Gurov
07:28 AM Regression #12233 (Pull Request Review): VIP network addresses are not expanded on Port Forward rules: Jim Pingle
03:35 AM Feature #11935: Log external IP address of OpenVPN clients on connect and disconnect: Jim Pingle wrote in #note-9:
> Alhusein Zawi wrote:
> > IP address is not added to openvpn log yet
>
> Where did... Viktor Gurov
03:13 AM pfSense Docs New Content #12237 (Duplicate): Add information on ``ifqmaxlen`` to Hardware Tuning and Troubleshooting: *Page:* https://docs.netgate.com/pfsense/en/latest/hardware/tune.html
*Feedback:*
Need to add optimization of i... Viktor Gurov
03:10 AM pfSense Docs New Content #10311: Default net.link.ifqmaxlen value leads to packet loss under load in OpenVPN: This is a really useful tweak, we have to add it to https://docs.netgate.com/pfsense/en/latest/hardware/tune.html Viktor Gurov
02:27 AM Regression #12172: OpenVPN Wizard configuration missing recently added default values: Marcos Mendoza wrote in #note-4:
>
> Resulting @config.xml@ is correct. After repeating steps (reusing created CA ... Viktor Gurov

Also available in: Atom

Project

General

Profile

pfSense

Activity

Activity

09/08/2021

09/07/2021

09/06/2021

09/05/2021

09/04/2021

09/03/2021

09/02/2021

09/01/2021

08/31/2021

08/30/2021

08/29/2021

08/28/2021

08/27/2021

08/26/2021

08/25/2021

08/24/2021

08/23/2021

08/22/2021

08/21/2021

08/20/2021

08/19/2021

08/18/2021

08/17/2021

08/16/2021

08/15/2021

08/14/2021

08/13/2021

08/12/2021

08/11/2021

08/10/2021