Activity

30 days up to

User

Subprojects

Activity

From 08/22/2021 to 09/20/2021

09/20/2021

04:17 PM Revision b9885720: Bump up the config version to match a change in plus.: Luiz Souza
03:46 PM Feature #12392 (Resolved): Allow the selection of "any" interface in floating rules: Currently, a floating rule can be created without specifying an interface which allows for filtering on interfaces no... Marcos M
03:37 PM pfSense Docs Todo #12182: Update IPsec to match recent changes: Additional WIP updates:
* https://gitlab.netgate.com/docs/pfSense-docs/-/commit/f5a285f648d86f4d4c2115537cf7cbae6f... Jim Pingle
12:06 PM pfSense Docs Todo #12309 (Closed): Add Light Pattern/Light Meaning for 6100 to Documentation Similar to Other Hardware: LED settings have been added to https://docs.netgate.com/pfsense/en/latest/solutions/netgate-6100/io-ports.html#front... Doug McIntire
09:32 AM pfSense Docs Todo #12309 (In Progress): Add Light Pattern/Light Meaning for 6100 to Documentation Similar to Other Hardware: Doug McIntire
10:24 AM Bug #12391 (Pull Request Review): Uninitialized config variable in ```interface_assign.php```: Christian McDonald
10:21 AM Bug #12391: Uninitialized config variable in ```interface_assign.php```: plus: https://gitlab.netgate.com/pfSense/factory/-/merge_requests/29
ce: https://gitlab.netgate.com/pfSense/pfSense/... Christian McDonald
10:13 AM Bug #12391 (Resolved): Uninitialized config variable in ```interface_assign.php```: ... Christian McDonald
07:39 AM Bug #12390 (Duplicate): i18n zh-hant-TW translate error, incomplete HTML "a" tag: Duplicate of #9344 Jim Pingle
06:31 AM Bug #12390 (Duplicate): i18n zh-hant-TW translate error, incomplete HTML "a" tag: Page path: /vpn_openvpn_server.php?act=edit
Source Code: https://github.com/pfsense/pfsense/blob/master/src/usr/loca... a0000778 a0000778
07:38 AM Bug #12274 (Resolved): Unbound fails to start if its configuration references a python script which does not exist: Jim Pingle
07:37 AM Bug #12389: Help text for RAM disk settings does not mention Captive Portal data: This can wait, it's not critical for it to be in this release. Jim Pingle
07:13 AM pfSense Packages Bug #11888 (Resolved): FreeRADIUS starts twice by /etc/rc.start_packages: Jim Pingle
06:50 AM Bug #11437 (Closed): WireGuard group is not printed in the interface column of the NAT rule list: Not an issue with package. Christian McDonald
06:49 AM Bug #11587 (Closed): WireGuard interfaces do not have data on traffic graphs: WireGuard package and latest kmod correctly reports traffic. Christian McDonald
06:48 AM Bug #11538 (Closed): WireGuard Panic: Unable to hit this panic on wireguard package Christian McDonald
06:47 AM Bug #11691 (Closed): WireGuard MSS Clamping and TCP traffic issues after reboot.: Doesn't seem to be an issue with latest WireGuard package. Christian McDonald
06:46 AM Feature #11374 (Closed): WireGuard Status in GUI: Christian McDonald
01:36 AM Feature #11374: WireGuard Status in GUI: I believe between the status page and the dashboard widget this request is now satisfied. Adam Cooper
12:29 AM Revision 8e2de557: Keep 'enableserial_force' in /conf when a factory reset is performed.: Ticket: #6880 Luiz Souza

09/19/2021

10:16 AM Feature #11588: Automatically suggest next IP address in Wireguard interface subnet when creating a peer: Opened PR 145 (https://github.com/theonemcdonald/pfSense-pkg-WireGuard/pull/145) to resolve this feature request.
Cu... Adam Cooper

09/18/2021

09:50 PM Bug #12274: Unbound fails to start if its configuration references a python script which does not exist: Tested in RC builds of pfSense Plus. Confirmed no longer an issue. Kris Phillips
09:46 PM Regression #12377: NAT Rule Reorder: Tested and confirmed fixed with patch. Tested on RC1 and recreated the bug. Applied the patch and bug went away. A... Kris Phillips
09:28 PM pfSense Plus Bug #12341: Gateway Monitoring Percentage Not Decreasing After Gateway Packet Loss Event: Odd. Not sure why I'm the only one that can't reproduce this one, but this can be closed out. Clearly my testing is... Kris Phillips
04:01 PM Bug #12389 (Resolved): Help text for RAM disk settings does not mention Captive Portal data: Under System>Advanced>Miscellaneous -> RAM Disk Settings > Help text doesn't list captive portal data.
The current... Danilo Zrenjanin
01:38 PM pfSense Packages Bug #11695 (Resolved): PHP error in the last step of the wizard: Tested in:
21.09-RC (amd64)
built on Wed Sep 15 09:10:53 EDT 2021
FreeBSD 12.2-STABLE
The wizard completes su... Max Leighton
12:31 PM Bug #11846 (Resolved): Logging configuration added by a package is not removed on uninstall: Tested with haproxy-devel 0.62_4
/var/etc/syslog.d/haproxy.log.conf is removed on deinstall and no errors are pres... Max Leighton
11:10 AM pfSense Packages Todo #12351: Remove non-functional feeds: I checked with pfBlockerNG-devel 3.1.0. Some of the feeds listed above are removed, but some are still there.
http... Max Leighton
07:07 AM Bug #12388: Captive Portal input validation for "After authentication Redirection URL" and "Blocked MAC address redirect URL" is swapped: hello, how can i solve this problem with this page showing? eyeg eyenop eyenop

09/17/2021

11:38 PM pfSense Packages Bug #11888: FreeRADIUS starts twice by /etc/rc.start_packages: seems fixed
[2.5.2-RELEASE][root@pfSense.home.arpa]/root: /etc/rc.start_packages
Starting package FRR...done.
... Alhusein Zawi
01:28 PM pfSense Docs Todo #12182: Update IPsec to match recent changes: Additional updates:
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/de91716aacbf5581c366dea884c2543ebae3c769... Jim Pingle
10:08 AM Bug #12368: Disk widget alignment issue when only two items are in the list: This looks better on the latest CE snapshot. Will need to wait for a new Plus build to test it there. Jim Pingle

09/16/2021

10:25 PM pfSense Packages Bug #11961: FRR OSPF add unwanted area 0 authentication to router ospf: adding Authentication Type in area tab works (peering)
!
interface em0
ip ospf authentication
ip ospf au... Alhusein Zawi
04:20 PM Bug #11863: Unable to create nested URL aliases: Verified working as expected on:... Chris W
03:40 PM Revision 3bab20ed: Some small cleanups with disk widget and library code.: Christian McDonald
03:34 PM Regression #12382: Certificate Depth checking creates OpenVPN micro-outages every time a user authenticates after 2.5.2 upgrade: Well, obviously you know your userbase better than I do, so if more people would be negatively impacted by reverting ... Brett Keller
07:13 AM Regression #12382: Certificate Depth checking creates OpenVPN micro-outages every time a user authenticates after 2.5.2 upgrade: If it works for you to revert that change, by all means do so, but more people were negatively impacted by the other ... Jim Pingle
07:07 AM Regression #12382: Certificate Depth checking creates OpenVPN micro-outages every time a user authenticates after 2.5.2 upgrade: Should be improved in #11829 Viktor Gurov
03:33 PM pfSense Docs Todo #12182 (In Progress): Update IPsec to match recent changes: Work in progress update:
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/dfa09be3d35387aa3d3b5665591067f5d2b... Jim Pingle
02:44 PM Regression #12384 (Resolved): Segmentation fault when loading ALTQ traffic shaping rules using FAIRQ: Thanks for testing and following up!
I'm going to close this out for now, but if you happen to be able to replicat... Jim Pingle
02:32 PM Regression #12384: Segmentation fault when loading ALTQ traffic shaping rules using FAIRQ: I just tested this on the 2.6.0.a.20210916.0100 snapshot, and I can no longer reproduce the problem there, so this do... Brett Keller
07:16 AM Regression #12384 (Feedback): Segmentation fault when loading ALTQ traffic shaping rules using FAIRQ: Can you replicate this on a CE 2.6.0 or Plus 21.09 snapshot? It may already be corrected there.
Jim Pingle
02:26 PM pfSense Docs Todo #12273: Feedback on pfSense Configuration Recipes — Configuring DNS over TLS: Thanks for catching that! I've pushed a fix. If it's not up yet, it will be momentarily when the build finishes.
h... Jim Pingle
01:56 PM pfSense Docs Todo #12273: Feedback on pfSense Configuration Recipes — Configuring DNS over TLS: Jim Pingle wrote in #note-2:
> Done.
>
> https://gitlab.netgate.com/docs/pfSense-docs/-/commit/489cafdc46a02979926e0... Cy BiS
08:39 AM pfSense Docs Todo #12273 (Resolved): Feedback on pfSense Configuration Recipes — Configuring DNS over TLS: Done.
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/489cafdc46a02979926e0d36409a6cd01bebe957
Jim Pingle
08:20 AM pfSense Docs Todo #12273 (In Progress): Feedback on pfSense Configuration Recipes — Configuring DNS over TLS: Jim Pingle
12:03 PM Bug #12388 (Pull Request Review): Captive Portal input validation for "After authentication Redirection URL" and "Blocked MAC address redirect URL" is swapped: Jim Pingle
11:45 AM Bug #12388: Captive Portal input validation for "After authentication Redirection URL" and "Blocked MAC address redirect URL" is swapped: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/395 Viktor Gurov
07:53 AM Bug #12388 (Resolved): Captive Portal input validation for "After authentication Redirection URL" and "Blocked MAC address redirect URL" is swapped: On @services_captiveportal.php@ the input validation for "After authentication Redirection URL" and "Blocked MAC addr... Jim Pingle
11:30 AM Bug #12368 (Feedback): Disk widget alignment issue when only two items are in the list: Fixed Christian McDonald
09:38 AM pfSense Packages Bug #12167: BGP TCP setkey not set if neighbor is in peer group: Testing this I notice the following:
There is no way to inherit the MD5 settings from the peer group. It must be s... Chris Linstruth
09:25 AM pfSense Packages Bug #12167: BGP TCP setkey not set if neighbor is in peer group: Target package version: v1.1.0_14 Christian McDonald
08:56 AM Bug #12202 (Resolved): When a CARP VIP VHID change is synchronized to a secondary node, the CARP VIP is removed from the interface and the old VHIDs remain active: This specific case works now. Thank you.
Tested on:
2.6.0-DEVELOPMENT (amd64)
built on Thu Sep 16 01:10:58 EDT 2... Chris Linstruth
08:20 AM Feature #2668 (Feedback): Support aliases in OpenVPN local/remote/tunnel network fields: Picked back to @plus-RELENG_21_09@. Jim Pingle
08:19 AM Regression #12377 (Feedback): NAT Rule Reorder: Picked back to @plus-RELENG_21_09@. Jim Pingle
07:31 AM Bug #12385: deleteVIP() does not check 1:1 NAT and Outbound NAT rules: This should not be enforced strictly. Not all NAT rules need a VIP. It's possible someone may be removing an unnecess... Jim Pingle
01:14 AM Bug #12385: deleteVIP() does not check 1:1 NAT and Outbound NAT rules: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/394 Viktor Gurov
12:22 AM Bug #12385 (Rejected): deleteVIP() does not check 1:1 NAT and Outbound NAT rules: It is possible to delete the Virtual IP that is used in 1:1 NAT rules (destination) and Outbound NAT rules (Translati... Viktor Gurov
07:26 AM pfSense Packages Bug #12386 (Pull Request Review): ```bgp as-path``` and ```bgp community-list``` are present in configuration even when BGP daemon is not enabled: Jim Pingle
12:51 AM pfSense Packages Bug #12386: ```bgp as-path``` and ```bgp community-list``` are present in configuration even when BGP daemon is not enabled: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/127 Viktor Gurov
12:34 AM pfSense Packages Bug #12386 (Resolved): ```bgp as-path``` and ```bgp community-list``` are present in configuration even when BGP daemon is not enabled: This breaks config loading:... Viktor Gurov
07:15 AM Bug #12387 (Not a Bug): Problem sending logs without hostname: That isn't possible on 2.4.x as it's a limitation of the syslog format used there. It is possible to change the syslo... Jim Pingle
02:40 AM Bug #12387 (Not a Bug): Problem sending logs without hostname: I have three pfsense with version 2.4.5-RELEASE-p1 and they send logs to graylog 4.1, all the sending works correctly... sergio rodriguez

09/15/2021

10:06 PM Regression #12384 (Resolved): Segmentation fault when loading ALTQ traffic shaping rules using FAIRQ: This is the return of Bug #11550 in pfSense 2.5.2.
I originally filed my report as a reply to that bug, but I real... Brett Keller
09:52 PM Bug #12383: Typos in interfaces_assign.php configuration change description strings: PR https://github.com/pfsense/pfsense/pull/4538 Paighton Bisconer
09:52 PM Bug #12383 (Resolved): Typos in interfaces_assign.php configuration change description strings: 3 instances of "assignment" are misspelled as "assignement"
Lines 233, 351, 406. Paighton Bisconer
08:57 PM Revision b146b9b3: Fix Disks widget UI on UFS systems: ```
PHP 7.4.22 | 10 parallel jobs
............................................................ 60/279 (21 %)
.......... Christian McDonald
08:22 PM Regression #12382 (New): Certificate Depth checking creates OpenVPN micro-outages every time a user authenticates after 2.5.2 upgrade: We're running several OpenVPN servers on a single pfSense box at our office, and ever since upgrading from 2.4.5p1 to... Brett Keller
06:23 PM Bug #11481 (Confirmed): NAT Reflection does not work when "NAT Reflection mode for port forwards" is set to "pure nat": I ran into this issue and was able to get more details. I tested this on both 2.4.5p1 and 21.05 with the following se... Marcos M
03:09 PM pfSense Docs Correction #11151 (Closed): avahi_settings.php is missing an entry in help.php: Redirect added using new method. Help link works now on 21.09. Jim Pingle
02:51 PM pfSense Docs Todo #12375 (Closed): Feedback on pfSense Configuration Recipes — Accessing the Firewall Filesystem with SCP: Given that any version released in the past year should support this, if the user isn't updating it, that's on them.
... Jim Pingle
12:12 AM pfSense Docs Todo #12375 (Closed): Feedback on pfSense Configuration Recipes — Accessing the Firewall Filesystem with SCP: *Page:* https://docs.netgate.com/pfsense/en/latest/recipes/scp-access.html
*Feedback:*
At least WinSCP 5.18 bet... Viktor Gurov
02:33 PM pfSense Docs Todo #12360 (Closed): Remove ALTQ Note on XG-7100 SFP+ Modules: Merged and deployed. Jim Pingle
10:32 AM pfSense Docs Todo #12360: Remove ALTQ Note on XG-7100 SFP+ Modules: https://gitlab.netgate.com/docs/pfsense-platforms/-/merge_requests/11 Viktor Gurov
01:17 PM Revision 4bd90d66: Fix PHP error on firewall_aliases_edit.php page. Issue #2668: Viktor Gurov
01:10 PM pfSense Docs Correction #9228 (Resolved): Feedback on Hardware — Hardware Sizing Guidance: No additional feedback, so closing. Jim Pingle
01:10 PM pfSense Docs New Content #9753 (New): Feedback on Installing and Upgrading — Writing Disk Images: Jim Pingle
01:10 PM pfSense Docs New Content #10225 (Resolved): Add cryptographic hardware info to the SG-3100 manual: No additional feedback, so closing. Jim Pingle
01:10 PM pfSense Docs Correction #11162 (Resolved): Feedback on Backup and Recovery — Making Backups in the GUI: No additional feedback, so closing. Jim Pingle
01:09 PM pfSense Docs Todo #11716 (Resolved): Feedback on Network Address Translation — Port Forwards: No additional feedback, so closing. Jim Pingle
01:09 PM pfSense Docs New Content #11796 (Resolved): Document the FRR Package: No additional feedback, so closing. Jim Pingle
01:08 PM pfSense Docs Todo #11962 (Resolved): Feedback on Firewall — Aliases: No additional feedback, so closing. Jim Pingle
01:07 PM pfSense Docs Todo #12372 (Resolved): Update "Download" documentation: Jim Pingle
10:53 AM Feature #2668 (Waiting on Merge): Support aliases in OpenVPN local/remote/tunnel network fields: Needs picked back to the @plus-RELENG_21_09@ branch after additional approval. Jim Pingle
08:48 AM Feature #2668 (Feedback): Support aliases in OpenVPN local/remote/tunnel network fields: Merged Viktor Gurov
07:07 AM Feature #2668 (Pull Request Review): Support aliases in OpenVPN local/remote/tunnel network fields: Jim Pingle
02:25 AM Feature #2668: Support aliases in OpenVPN local/remote/tunnel network fields: PHP error on firewall_aliases_edit.php page if OpenVPN server description field is empty... Viktor Gurov
10:52 AM Regression #12377 (Waiting on Merge): NAT Rule Reorder: Needs picked back to the @plus-RELENG_21_09@ branch after additional approval. Jim Pingle
08:25 AM Regression #12377 (Feedback): NAT Rule Reorder: Applied in changeset commit:fa7563991540f98166e2ca5e537229a7f73615d4. Viktor Gurov
07:06 AM Regression #12377 (Pull Request Review): NAT Rule Reorder: Jim Pingle
04:54 AM Regression #12377: NAT Rule Reorder: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/392 Viktor Gurov
04:15 AM Regression #12377 (Resolved): NAT Rule Reorder: Fatal error: Uncaught Error: Call to undefined function reorderoutNATrules() in /usr/local/www/firewall_nat_out.php:5... Niccolò Marchi
09:58 AM pfSense Packages Bug #12381: mOTP with RADIUS drops the VPN connection after 60 minutes: I don't think that's FreeRADIUS, but OpenVPN. IIRC OpenVPN defaults to reconnecting every 60 minutes, but can be chan... Jim Pingle
09:46 AM pfSense Packages Bug #12381 (Rejected): mOTP with RADIUS drops the VPN connection after 60 minutes: from https://forum.netgate.com/topic/165967/2fa-mfa-with-radius-drops-the-vpn-connection-after-60-minutes:... Viktor Gurov
09:53 AM Revision fa756399: Rename incorrect reorder function name in firewall_nat_out.php. Fixes #12377: Viktor Gurov
07:05 AM pfSense Docs Todo #12376 (Duplicate): Feedback on pfSense Configuration Recipes: Duplicate of #9370 Jim Pingle
12:23 AM pfSense Docs Todo #12376 (Duplicate): Feedback on pfSense Configuration Recipes: *Page:* https://docs.netgate.com/pfsense/en/latest/recipes/index.html
*Feedback:*
Outdated screenshots (pfSense... Viktor Gurov
01:00 AM Bug #12020 (Resolved): OpenVPN RADIUS-based firewall rules use incorrect port ranges: RADIUS ACL:... Viktor Gurov

09/14/2021

07:15 PM Revision afb0fdd9: Remove unused net/realtek-re-kmod from package repo: Renato Botelho
04:02 PM Bug #10955: XMLRPC sync results in an error when a failover peer IP address is specified in DHCP server settings for an unconfigured interface: Thank you for the info. With the proposed fix, this scenario should not be an issue. Marcos M
03:26 PM Bug #10955: XMLRPC sync results in an error when a failover peer IP address is specified in DHCP server settings for an unconfigured interface: So, while going through the configuration to sanitize them, I noticed the following;
* node1 and node2 had VLAN int... Joachim Tingvold
01:32 PM Bug #11818: Mixed use of aliases in a port range produces unloadable ruleset: Also confirming the attempted combination use of aliases and ports on 2.6 Development:... Chris W
01:22 PM Bug #11818 (Resolved): Mixed use of aliases in a port range produces unloadable ruleset: Jim Pingle
01:16 PM Bug #11818: Mixed use of aliases in a port range produces unloadable ruleset: This is fixed in 21.09.
Trying to use a combination of aliases and ports is rejected:... Steve Wheeler
11:57 AM Bug #12374 (Resolved): Update python to address vulnerabilities < 3.8.12: Details here:
https://vuxml.freebsd.org/freebsd/145ce848-1165-11ec-ac7e-08002789875b.html
Latest 21.09 uses pytho... Marcos M
11:11 AM Bug #12373 (Resolved): Update mpd5 to address vulnerabilities in < 5.9_2: https://vuxml.freebsd.org/freebsd/f55921aa-10c9-11ec-8647-00e0670f2660.html:
Version 5.9_2 contains security fix f... Viktor Gurov
11:02 AM pfSense Docs Todo #12372 (Feedback): Update "Download" documentation: Done:
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/cd42f582f93cb7ee4e6e2833d5d95eb67bf53233
https://do... Jim Pingle
10:11 AM pfSense Docs Todo #12372 (Resolved): Update "Download" documentation: There are a few problems with the download documentation at @/install/download-installer-image.html@, including:
*... Jim Pingle
09:51 AM pfSense Packages Bug #12058: pfBlockerNG / "Cannot allocate memory" from Geo blocking IP list: Viktor, thanks for suggesting the duplicate. I'll see if the config change there also fixes my issue and report back... Sean McBride
09:44 AM pfSense Packages Bug #12058 (Duplicate): pfBlockerNG / "Cannot allocate memory" from Geo blocking IP list: Duplicate of #6814 Viktor Gurov
09:37 AM pfSense Packages Bug #11590 (Closed): pfBlocker Issue when IPv6 is disabled: Viktor Gurov
08:36 AM Bug #12371 (Resolved): Remove subnet overlap check on LAN interfaces when using 6rd: Hello,
Can the subnet overlapping check on the lan interfaces be removed if using 6rd? (See attached screenshot)
... Daniel Porsch
07:40 AM Bug #12366 (Pull Request Review): Rotation settings for individual log files do not take effect after saving: Jim Pingle
05:09 AM Bug #12366: Rotation settings for individual log files do not take effect after saving: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/390 Viktor Gurov
07:37 AM Feature #12370: Add limiters to Queue column on firewall rule list: There are already a lot of columns on that page. While I don't see Limiters being added as a separate column, they co... Jim Pingle
07:30 AM Feature #12370 (New): Add limiters to Queue column on firewall rule list: could you add limiters column to firewall rules page for each interface to
show which firewall rules contain limiter... khaled osama
06:40 AM pfSense Packages Feature #12369 (New): Skip If No Content issue: Even if *Skip If No Content* is ticked if running a command will always result in an email being sent as the command ... Andy Kniveton

09/06/2021

07:07 PM Bug #12332: OpenVPN does not clear old Cisco-AVPair anchor rules in some cases: Copying comments here:
# It doesn't look like this takes into account the @duplicate-cn@ option
# The lines with /tm... Marcos M
04:49 PM Bug #12095: Memory leak in pcscd: Just found out where 1.3GiB of my free memory went. Returned to normal as soon as I killed the pcscd. Bug Reporter
01:26 PM Feature #12343 (New): Real time traffic monitoring: Hi,
Sorry if this was already requested, afaik, no.
I think that it would be great, very nice to have some tool to ... Federico Galli
01:19 PM Revision 28cef398: Fix the diag_defaults.php PHP errors, include the required file.: Submitted by: SteveW
Ticket: #12340 Luiz Souza
10:43 AM Bug #12282 (Feedback): Default IPv4 gateway may be set to IPv6 gateway value in certain cases: Merged Viktor Gurov
08:23 AM Regression #12340 (Feedback): Factory Reset Menu Broken in webConfigurator: 2.6 was also affected, but I fixed quickly after I found the problem.
Both cases are fixed.
Luiz Souza

09/05/2021

11:49 AM Regression #12340: Factory Reset Menu Broken in webConfigurator: This corrects it. Tested.
https://gitlab.netgate.com/pfSense/factory/-/merge_requests/22 Steve Wheeler
10:36 AM Regression #12340: Factory Reset Menu Broken in webConfigurator: This same issue was fixed in the console by: https://gitlab.netgate.com/pfSense/factory/-/commit/f8b02f65792ae1e666b1... Steve Wheeler
09:31 AM Regression #12340: Factory Reset Menu Broken in webConfigurator: Confirmed in 21.09. Tested:... Steve Wheeler
09:07 AM Feature #12342 (Resolved): Dynamic DNS client proxy support: Dynamic DNS client does not use System / Advanced / Miscellaneous proxy settings.
`set_curlproxy()` can be used fo... Viktor Gurov
07:40 AM pfSense Packages Bug #12204: Certificate Manager page doesn't show Syslog-NG used certificates: Danilo Zrenjanin wrote in #note-4:
> Tested on the:
> [...]
>
> The Certificate Manager didn't show Syslog-NG u... Viktor Gurov
05:07 AM Regression #11550: Segmentation fault when loading ALTQ traffic shaping rules using FAIRQ: I'm afraid I have to agree with Roman Nik that this bug is still around in 2.5.2-RELEASE.
I just upgraded from 2.4... Brett Keller
03:34 AM Bug #12323 (Feedback): IPsec Phase 2 entry incorrectly orders proposals in AH mode: Merged Viktor Gurov
12:57 AM pfSense Packages Bug #12339: SyslogNG PHP errors after starting the service: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/125 Viktor Gurov
12:43 AM Feature #10615 (Closed): Allow to load kernel from previous release: already realized:
https://github.com/pfsense/pfsense/blob/master/tools/templates/core_pkg/kernel/metadir/%2BDEINSTALL Viktor Gurov
12:39 AM pfSense Packages Bug #12030: Startup Errors for Avahi Package: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/124 Viktor Gurov

09/04/2021

09:34 PM Regression #12340: Factory Reset Menu Broken in webConfigurator: Additionally testing: After the "factory reset" the wizard did not launch. Some components were reset, but not all. Kris Phillips
08:11 PM Regression #12340: Factory Reset Menu Broken in webConfigurator: On further testing it appears it does still complete the factory reset, but it takes significantly longer as it seems... Kris Phillips
08:09 PM Regression #12340 (Closed): Factory Reset Menu Broken in webConfigurator: In the latest Sept 4th build of pfSense Plus 21.09 the Factory Reset menu under Diagnostics --> Factory Reset does no... Kris Phillips
09:27 PM pfSense Plus Bug #12341 (Resolved): Gateway Monitoring Percentage Not Decreasing After Gateway Packet Loss Event: Under Status --> Gateways if a gateway in 21.09 BETA (Sept 4th build) experiences packet loss the packet loss percent... Kris Phillips
09:01 PM pfSense Packages Bug #12030: Startup Errors for Avahi Package: Error is still present in 21.09 BETA. Kris Phillips
06:06 PM Bug #12177 (Resolved): When attempting to delete an in-use alias, input validation only prints the first item using the alias in the error message: fixed
deleting a used alias returns all used rules.
"Cannot delete alias. Currently in use by rule1, rule2, ... Alhusein Zawi
05:04 PM pfSense Docs Todo #12309: Add Light Pattern/Light Meaning for 6100 to Documentation Similar to Other Hardware: Layout of the docs for the 6100 has improved, but we're still missing the light mapping for the front LEDS.
Should... Kris Phillips
03:49 PM pfSense Packages Bug #12204: Certificate Manager page doesn't show Syslog-NG used certificates: Tested on the:... Danilo Zrenjanin
03:47 PM pfSense Packages Bug #12339 (Resolved): SyslogNG PHP errors after starting the service: After starting the SyslogNG service the following PHP errors appear:... Danilo Zrenjanin
03:24 PM Bug #12277 (Resolved): DHCPv6 Server should not offer configuration options for unsupported PPPoE Server interfaces: Tested on the:... Danilo Zrenjanin
03:19 PM Bug #12138: Clicking "logout" on portal page does not function when logout popup is disabled: I have tested the snapshot of today.
I disabled the pop up and I can log out anyway, so that seems to be fixed.
... Federico Capoano
12:14 PM pfSense Packages Bug #12276 (Resolved): Incorrect OSPF/OSPF6 status links: Checked in
2.6.0-DEVELOPMENT (amd64)
built on Sat Sep 04 01:10:11 EDT 2021
FreeBSD 12.2-STABLE
Looks good. The... Max Leighton
12:00 PM Bug #12223 (Resolved): Configuration files are not deleted after disabling an OpenVPN instance: Tested in:
2.6.0-DEVELOPMENT (amd64)
built on Sat Sep 04 01:10:11 EDT 2021
FreeBSD 12.2-STABLE
And:
21.09... Max Leighton
10:28 AM pfSense Packages Feature #8362 (Closed): Snort and Suricata Package - Allow for changing URLs, Ports, and Protocols to allow for local Repo of Signature Updates: Merged Viktor Gurov
10:25 AM pfSense Packages Feature #10425 (Resolved): upgrade ntopng to 4.0.0: pfSense 2.5.2 uses ntopng 4.2 Viktor Gurov
05:58 AM Bug #12332: OpenVPN does not clear old Cisco-AVPair anchor rules in some cases: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/379 Viktor Gurov
04:14 AM Feature #12226: Copy button for group entries in the User Manager: Alhusein Zawi wrote in #note-7:
> "copy group" icon has been added.
>
> after I changed the group name the name o... Viktor Gurov
02:31 AM Bug #12331 (Resolved): Yandex Dynamic DNS client does not set the ``PddToken`` value: works as expected:
https://forum.netgate.com/topic/129352/ddns-%D1%87%D0%B5%D1%80%D0%B5%D0%B7-api-yandex/16
Viktor Gurov
02:28 AM Regression #12337: IPsec widget generates errors if no tunnels are defined: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/377 Viktor Gurov

09/03/2021

08:59 PM pfSense Packages Bug #12338: RRD Summary does not report data on 3100: There are some users on the forum who report that it will begin counting after some time passes, https://forum.netgat... Max Leighton
08:12 PM pfSense Packages Bug #12338 (Resolved): RRD Summary does not report data on 3100: RRD Summary package version 2.0_1 does not report any data on 3100. Upon installing the package, 0 GB is reported on ... Max Leighton
05:56 PM Revision 7c33b323: Use minimized version of treegrid dependency: Christian McDonald
05:54 PM Regression #12337 (Resolved): IPsec widget generates errors if no tunnels are defined: If you click on the 'Tunnels' or 'Mobile' tabs in the widget and have no tunnels defined PHP errors are generated:
... Steve Wheeler
05:41 PM Revision c121b081: Adds missing treegrid dependency: Christian McDonald
04:42 PM Revision f7e2e6e1: Yandex PDD DDNS token fix. Issue #12331: Viktor Gurov
03:39 PM Bug #12331 (Feedback): Yandex Dynamic DNS client does not set the ``PddToken`` value: Merged Viktor Gurov
02:54 PM Revision 2fbccdad: Fix NG 6792: Fix errors copying previous kernel: pfSense-kernel package pre-deinstall script makes a copy of current
running kernel (/boot/kernel) to /boot/kernel.old... Renato Botelho
02:16 PM Feature #12226: Copy button for group entries in the User Manager: "copy group" icon has been added.
after I changed the group name the name of original group will be changed , I... Alhusein Zawi
02:00 PM Revision 0ec0b654: Add boot msgs for final IPsec steps. Issue #12328: Jim Pingle
01:33 PM Bug #12151 (Resolved): ``easyrule`` script does not function properly: Easy rule has been added via shell

[2.6.0-DEVELOPMENT][admin@pfSense.home.arpa]/root: easyrule pass wan icmp 19... Alhusein Zawi
11:58 AM pfSense Packages Bug #12336: Include Extra Data Description Wrong: Jim Pingle wrote in #note-1:
> Just add a comment on the old one, no need for a whole new issue for that. I pushed a... Dustin Henning
11:57 AM pfSense Packages Bug #12336: Include Extra Data Description Wrong: Of course I accidentally submitted this as a bug instead of.a correction. I thought I was in the pfsense docs sectio... Dustin Henning
11:56 AM pfSense Packages Bug #12336 (Rejected): Include Extra Data Description Wrong: Just add a comment on the old one, no need for a whole new issue for that. I pushed a fix already. Jim Pingle
11:55 AM pfSense Packages Bug #12336 (Rejected): Include Extra Data Description Wrong: After correction correction #12334, the explanation for "Include Extra Data" in the *Backup Options* section of https... Dustin Henning
11:58 AM pfSense Docs Correction #12334: Skip RRD Data Description Wrong: Fixed a typo in the "Include extra data" section as well (said "checked" when it should have been "unchecked"). Jim Pingle
11:21 AM pfSense Docs Correction #12334 (Closed): Skip RRD Data Description Wrong: I fixed and also rewrote the wording on the page for all the options. The previous wording wasn't very clear on a few... Jim Pingle
11:19 AM pfSense Docs Correction #12334 (In Progress): Skip RRD Data Description Wrong: Jim Pingle
08:29 AM pfSense Docs Correction #12334 (Closed): Skip RRD Data Description Wrong: On https://docs.netgate.com/pfsense/en/latest/backup/configuration.html in the *Backup Options* section, the explanat... Dustin Henning
10:46 AM Regression #12324: Hash algorithm GUI options are disabled after switching a phase 2 entry to AH mode: Updating subject for release notes. Jim Pingle
09:04 AM Bug #12328: IPsec VTI interface remote endpoint is not resolved the correct way: I moved the longer term issue over to #12335 Jim Pingle
08:47 AM Bug #12328: IPsec VTI interface remote endpoint is not resolved the correct way: Need to think on this a little more since I'm seeing quite a bit of inefficiency, such as:
At the end of @rc.bootu... Jim Pingle
08:05 AM Bug #12328 (In Progress): IPsec VTI interface remote endpoint is not resolved the correct way: Still a potential issue here.
At the end of @rc.bootup@ another @ipsec_configure()@ is run but the boot flag is cl... Jim Pingle
09:04 AM Bug #12335 (New): IPsec DNS inefficiency: Various aspects of configuring IPsec are inefficiently using DNS. There is a lot of room for improvement here.
For... Jim Pingle
06:16 AM Bug #11268: Cookie named ``id`` prevents some forms from being loaded or saved properly: I've realised that the `id` entry in the session cookie is overriding the `?id=` URL parameter. E.g. setting it to 0... Matthew Fearnley

09/02/2021

06:46 PM Revision e9705a77: Use correct var f/OpenVPN IPv6 ACL. Fixes #12333: Fix variable name when referencing an OpenVPN IPv6 tunnel network while
creating a DNS Resolver ACL entry.
While her... Jim Pingle
06:04 PM Revision f8b02f65: Fix the option 4 in menu, factory reset.: Luiz Souza
02:08 PM Regression #12333: DNS resolver using incorrect variable name when making ACL for OpenVPN IPv6 Tunnel Network: This was apparently a recent regression from changes made in #2668. Excluding from release notes since it was not a p... Jim Pingle
01:55 PM Regression #12333 (Feedback): DNS resolver using incorrect variable name when making ACL for OpenVPN IPv6 Tunnel Network: Applied in changeset commit:e9705a77d3cca7e7a6868b4f2829ac1e5c7a0e0e. Jim Pingle
01:41 PM Regression #12333 (Resolved): DNS resolver using incorrect variable name when making ACL for OpenVPN IPv6 Tunnel Network: When creating the automatic list of @access-control.conf@ entries for the DNS Resolver, the block of code which proce... Jim Pingle
01:32 PM Bug #12331 (Pull Request Review): Yandex Dynamic DNS client does not set the ``PddToken`` value: Jim Pingle
10:49 AM Bug #12331: Yandex Dynamic DNS client does not set the ``PddToken`` value: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/369 Viktor Gurov
10:47 AM Bug #12331 (Resolved): Yandex Dynamic DNS client does not set the ``PddToken`` value: ... Viktor Gurov
01:18 PM Bug #12328: IPsec VTI interface remote endpoint is not resolved the correct way: The test config I used has a total of 20 tunnels, 5 of the 20 are VTI, and 1 of those 5 is using a hostname. Of the o... Jim Pingle
07:25 AM Bug #12328: IPsec VTI interface remote endpoint is not resolved the correct way: Applied in changeset commit:7f0d57f46cec27547b2745b87d24ebe0755ee16e. Jim Pingle
07:19 AM Bug #12328 (Feedback): IPsec VTI interface remote endpoint is not resolved the correct way: Merged. Jim Pingle
12:12 PM Revision 7f0d57f4: Correctly resolve VTI remote addr. Fixes #12328: Use ipsec_get_phase1_dst() to resolve an IPsec P1 remote gateway
address rather than passing an FQDN directly to ifco... Jim Pingle
10:56 AM Bug #11699: OpenVPN does not clean up parsed ``Cisco-AVPair`` rules on non-graceful disconnect: Moved possibly related issue to #12332 Marcos M
10:55 AM Bug #12332: OpenVPN does not clear old Cisco-AVPair anchor rules in some cases: It's possible this is related to #11699 Marcos M
10:55 AM Bug #12332 (Resolved): OpenVPN does not clear old Cisco-AVPair anchor rules in some cases: After some time, there exists anchor rules for old users no longer connected which is causing unintended rule matchin... Marcos M
10:02 AM pfSense Packages Bug #12330: pfBlockerNG devel creating invalid NAT rules on boot: https://github.com/pfsense/FreeBSD-ports/pull/1105 Viktor Gurov
05:28 AM pfSense Packages Bug #12330 (Resolved): pfBlockerNG devel creating invalid NAT rules on boot: There were error(s) loading the rules: /tmp/rules.debug:309: could not parse host specification - The line in questio... Sietse van Zanen
09:33 AM Revision 775e9055: Adds the TreeGrid plugin for jQuery to the pfSense UI stack.(https://github.com/maxazan/jquery-treegrid): Christian McDonald

09/01/2021

05:25 PM Revision 40d3c9da: Adds the TreeGrid plugin for jQuery to the pfSense UI stack.(https://github.com/maxazan/jquery-treegrid): Christian McDonald
04:39 PM pfSense Packages Feature #12329: Add optional floating firewall rules for IPv4 and IPv6: Update to the original description, the destination for IPv4 would be better if it were set to a single address `224.... Offstage Roller
02:51 PM pfSense Packages Feature #12329 (New): Add optional floating firewall rules for IPv4 and IPv6: See this thread for reference:
https://forum.netgate.com/topic/166210/fe80-16-not-included-in-interface-networks
... Offstage Roller
03:11 PM Bug #12328 (Pull Request Review): IPsec VTI interface remote endpoint is not resolved the correct way: MR: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/367 Jim Pingle
02:37 PM Bug #12328 (Resolved): IPsec VTI interface remote endpoint is not resolved the correct way: In @interface_ipsec_vti_configure()@, the remote end of an IPsec VTI interface is not resolved the correct way (e.g. ... Jim Pingle
01:31 PM Revision d582c5be: IPsec PH2 AH proposals order fix. Issue #12323: Viktor Gurov
01:30 PM Revision 1dc88635: Do not disable hash algorithms checkboxes in AH mode. Fixes #12324: Viktor Gurov
12:46 PM Bug #12219 (Resolved): Prevent using OpenVPN "Inactive" option with point-to-point modes: Works as expected on current snapshot. Jim Pingle
12:46 PM Bug #12102 (Resolved): Prevent using OpenVPN "Exit Notify" option with point-to-point modes: Works as expected on current snapshot. Jim Pingle
12:31 PM Revision 0794cb84: Ticket #12151: Pacify PHP lint using static string: Renato Botelho
12:00 PM Bug #12327 (Not a Bug): PHP Error using CRL with intermediate CA: That isn't our code but a library we include (php74-openssl_x509_crl-1.3 ) -- you could report it upstream at https:/... Jim Pingle
11:38 AM Bug #12327 (Not a Bug): PHP Error using CRL with intermediate CA: Hi,
My CA is composed by intermediate + RootCA. When I try to revoke a cert it raises a PHP error like the followi... Asier Carreño
11:08 AM pfSense Packages Bug #11742: Blocking / Unblocking is not working correctly.: The Interface Settings page doesn't clear the @snort2c@ table after disabling Blocking mode,
and there is no special... Viktor Gurov
08:57 AM Regression #12229 (Resolved): Revision 0d3747aa - missing semicolons: Resolved Viktor Gurov
08:40 AM Regression #12324 (Feedback): Hash algorithm GUI options are disabled after switching a phase 2 entry to AH mode: Applied in changeset commit:1dc88635b5c3c82d8af220102ee8512456077de9. Viktor Gurov
08:05 AM Regression #12324 (Pull Request Review): Hash algorithm GUI options are disabled after switching a phase 2 entry to AH mode: Jim Pingle
02:12 AM Regression #12324: Hash algorithm GUI options are disabled after switching a phase 2 entry to AH mode: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/363 Viktor Gurov
12:40 AM Regression #12324 (Resolved): Hash algorithm GUI options are disabled after switching a phase 2 entry to AH mode: How to reproduce:
1. Switch IPsec PH2 mode to AH and select any hash algorithms
2. Save
3. Open IPsec PH2 entry ... Viktor Gurov
08:06 AM Bug #12323 (Pull Request Review): IPsec Phase 2 entry incorrectly orders proposals in AH mode: Jim Pingle
03:34 AM Bug #12323: IPsec Phase 2 entry incorrectly orders proposals in AH mode: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/364 Viktor Gurov
12:36 AM Bug #12323 (Resolved): IPsec Phase 2 entry incorrectly orders proposals in AH mode: If you select all hashing algorithms in AH mode, it sets the MD5 cipher to the first place of ah_proposals:... Viktor Gurov
08:03 AM pfSense Docs Todo #12326 (Closed): Change the latest pfSense Plus version number to 21.05.1: That MR URL came up 404 for me and didn't show in the source repository either.
I fixed it manually & deployed: ht... Jim Pingle
05:09 AM pfSense Docs Todo #12326: Change the latest pfSense Plus version number to 21.05.1: https://gitlab.netgate.com/viktor/pfsense-platforms/-/merge_requests/1 Viktor Gurov
04:55 AM pfSense Docs Todo #12326 (Closed): Change the latest pfSense Plus version number to 21.05.1: replace 21.05 -> 21.05.1 on
https://docs.netgate.com/pfsense/en/latest/solutions/ Viktor Gurov
07:56 AM Feature #12325 (Pull Request Review): IPv6 support for base system SNMP service: Jim Pingle
07:42 AM Feature #12325: IPv6 support for base system SNMP service: https://docs.netgate.com/pfsense/en/latest/services/snmp.html should be updated after this MR is merged Viktor Gurov
07:11 AM Feature #12325: IPv6 support for base system SNMP service: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/365 Viktor Gurov
04:36 AM Feature #12325 (Resolved): IPv6 support for base system SNMP service: IPv6 transport for bsnmpd works on the latest snapshots.
config entry:... Viktor Gurov
01:51 AM Feature #5922 (New): SNMP - enable SNMP v3 functionality: SNMPv3 can be added to bsnmpd config,
see https://lists.freebsd.org/pipermail/freebsd-current/2014-April/049343.html... Viktor Gurov
12:51 AM pfSense Packages Bug #10693: pfSense Bind Zone Editor UI does not update zone serial number when a change is made: I have BIND version 9.16-11 package and pfSense version 2.5.2. Serial number not changing on Save zone. Andrzej Milewski

08/31/2021

06:03 PM Revision 0a70f90a: OpenVPN exit notify & inactive incompatibilities: * Ignore exit notify in problematic cases. Fixes #12102
* Ignore inactive seconds in problematic cases. Fixes #12219
... Jim Pingle
03:42 PM Bug #12315: IPsec tunnels using a gateway group do not get reloaded in some cases: There are other cases in which the tunnel may not get re-established ( e.g. #12169 ) which are separate from this iss... Marcos M
03:07 PM Bug #12315: IPsec tunnels using a gateway group do not get reloaded in some cases: Jim Pingle wrote in #note-5:
> Viktor Gurov wrote in #note-4:
> > related issue - #6370 (duplicate?)
>
> It's po... Hagen Herrschaft
07:37 AM Bug #12315: IPsec tunnels using a gateway group do not get reloaded in some cases: Viktor Gurov wrote in #note-4:
> related issue - #6370 (duplicate?)
It's possibly related but I wouldn't say it's... Jim Pingle
02:22 PM Todo #12314: Convert help shortcut links to server-side redirects: Updating subject for release notes Jim Pingle
02:20 PM Bug #12219 (Feedback): Prevent using OpenVPN "Inactive" option with point-to-point modes: Applied in changeset commit:0a70f90aff9cc2fc7fc5f5dc551a708ee349ea07. Jim Pingle
01:18 PM Bug #12219 (Pull Request Review): Prevent using OpenVPN "Inactive" option with point-to-point modes: MR: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/362 Jim Pingle
02:20 PM Bug #12102 (Feedback): Prevent using OpenVPN "Exit Notify" option with point-to-point modes: Applied in changeset commit:0a70f90aff9cc2fc7fc5f5dc551a708ee349ea07. Jim Pingle
01:18 PM Bug #12102 (Pull Request Review): Prevent using OpenVPN "Exit Notify" option with point-to-point modes: MR: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/362 Jim Pingle
02:09 PM Revision 83314732: Cleanup and improve easyrule. Fixes #12151: Viktor Gurov
11:57 AM pfSense Packages Bug #12322: Suricata creates invalid HOME_NET entries: fix:
https://github.com/pfsense/FreeBSD-ports/pull/1104 Viktor Gurov
11:54 AM pfSense Packages Bug #12322 (Resolved): Suricata creates invalid HOME_NET entries: In some cases Suricata creates invalid ("Array()") entries in the HOME_NET variable on boot:... Viktor Gurov
11:54 AM Bug #12319 (Pull Request Review): NAT reflection does not work for IPv6 port forwarding rules when configured for NAT+Proxy mode: Jim Pingle
09:51 AM Bug #12319: NAT reflection does not work for IPv6 port forwarding rules when configured for NAT+Proxy mode: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/361 Viktor Gurov
07:54 AM Bug #12319: NAT reflection does not work for IPv6 port forwarding rules when configured for NAT+Proxy mode: I'm not sure we should even try supporting that mode for IPv6, it's bad enough for IPv4.
I'm inclined to have the ... Jim Pingle
07:51 AM Bug #12319 (Resolved): NAT reflection does not work for IPv6 port forwarding rules when configured for NAT+Proxy mode: Invalid rules created:... Viktor Gurov
11:50 AM Bug #8390 (Pull Request Review): Input validation does not prevent removing a gateway used by a DNS server: Jim Pingle
10:53 AM Feature #12321 (Resolved): Pop-up window to view firewall rules generated from RADIUS ACL entries on the OpenVPN status page: It would be useful to see RADIUS ACL generated rules in pop-up "modal" window by clicking on the "info" icon
like Su... Viktor Gurov
09:56 AM Bug #12259: Intel em NICs Suffering Performance Degradation on FreeBSD12: This is an issue with the following NICs:... Marcos M
09:55 AM Revision e71b27cd: Restart OpenVPN instances on Host and URL type aliases change. Issue #2668: Viktor Gurov
09:27 AM pfSense Docs Correction #12312 (Closed): Correct Image Name for Netgate 6100 Reinstall Documentation: Fixed Viktor Gurov
09:20 AM Bug #12151 (Feedback): ``easyrule`` script does not function properly: Applied in changeset commit:83314732b4df7be3ab614d99563481d3f3b6bf25. Viktor Gurov
05:36 AM Bug #12151: ``easyrule`` script does not function properly: improved fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/359 Viktor Gurov
08:07 AM Feature #9857: IPsec Down/Up SMTP Notifications: Yes Jim, optional always good, but then alerts about gateway state changes could be optional as well :). I mean that ... DRago_Angel [InV@DER]
07:41 AM Feature #9857: IPsec Down/Up SMTP Notifications: If we do add that, it should be optional (perhaps both global and a per-P2 checkbox) and default to off. That will be... Jim Pingle
07:50 AM Feature #12318 (Pull Request Review): Display default "Reflection Timeout" value on ``system_advanced_firewall.php``: Jim Pingle
07:44 AM Feature #12318: Display default "Reflection Timeout" value on ``system_advanced_firewall.php``: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/360 Viktor Gurov
07:39 AM Feature #12318 (Resolved): Display default "Reflection Timeout" value on ``system_advanced_firewall.php``: Display default Reflection Timeout value on system_advanced_firewall.php page
Default is 2000:
https://github.com... Viktor Gurov
07:43 AM Feature #2668 (Pull Request Review): Support aliases in OpenVPN local/remote/tunnel network fields: Jim Pingle
04:56 AM Feature #2668: Support aliases in OpenVPN local/remote/tunnel network fields: minor fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/358 Viktor Gurov
07:43 AM Feature #12316 (Pull Request Review): Include firewall rules generated from OpenVPN RADIUS ACL entries in status output: Jim Pingle
07:38 AM Bug #6370: IPSEC bound to WAN gateway group and Dynamic DNS doesn't to fail back tunnel to WAN on DDNS update: This may be fixed by #12315 -- please re-test on a current Plus 21.09 or CE 2.6.0 snapshot. Jim Pingle
07:35 AM pfSense Packages Feature #11130 (Pull Request Review): FRR RIP support: Jim Pingle
07:28 AM pfSense Packages Feature #12246 (Pull Request Review): Load a file into patch textarea: Jim Pingle

08/30/2021

09:02 PM Revision 4b8d710c: OpenVPN Aliases support. Implements #2668: Viktor Gurov
07:39 PM Revision e7d8f036: Revert "Ticket #12235: pfSense-rc: Save pkg_set_version": This reverts commit 340c9ab1d1eb1b959dc2292872866bca7e123665. Renato Botelho
07:19 PM Revision 340c9ab1: Ticket #12235: pfSense-rc: Save pkg_set_version: Instead of carry the old file pkg_set_version on pfSense-upgrade, which
is not rebuilt when we change product version... Renato Botelho
06:19 PM Revision 336103c4: Consider GWG in ipsec_force_reload. Fixes #12315: Jim Pingle
04:54 PM pfSense Packages Todo #12317: Suricata UI improvements: + @ftp-data@ app parser
https://github.com/pfsense/FreeBSD-ports/pull/1103 Viktor Gurov
04:53 PM pfSense Packages Todo #12317 (Resolved): Suricata UI improvements: Fixed: Incorrect entries sort order on the FILES page
Added: Link to Snort Rule Doc for "snort_*" rules on the suric... Viktor Gurov
04:16 PM Todo #12235 (Feedback): ``pfSense-upgrade`` should reinstall all packages on new version upgrades: Fixed moving control file to be installed by pfSense-repo package Renato Botelho
01:25 PM Todo #12235 (In Progress): ``pfSense-upgrade`` should reinstall all packages on new version upgrades: I found a bug on current implementation because control file is installed by pfSense-upgrade and it is not rebuilt wh... Renato Botelho
04:15 PM Feature #2668 (Feedback): Support aliases in OpenVPN local/remote/tunnel network fields: Applied in changeset commit:4b8d710c06b2cea101a3751e8e5d7fd3e657532d. Viktor Gurov
04:01 PM Feature #12316: Include firewall rules generated from OpenVPN RADIUS ACL entries in status output: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/357 Viktor Gurov
03:58 PM Feature #12316 (Resolved): Include firewall rules generated from OpenVPN RADIUS ACL entries in status output: I would be useful for troubleshooting to check the RADIUS ACL generated rules for OpenVPN clients Viktor Gurov
03:55 PM Feature #9857: IPsec Down/Up SMTP Notifications: @updown@ script can be used to implement this feature
see https://wiki.strongswan.org/issues/3604
and https://wiki.... Viktor Gurov
03:53 PM Bug #12315: IPsec tunnels using a gateway group do not get reloaded in some cases: related issue - #6370 (duplicate?) Viktor Gurov
01:25 PM Bug #12315 (Feedback): IPsec tunnels using a gateway group do not get reloaded in some cases: Applied in changeset commit:336103c470c1064ee2264606ef9046ba34987df6. Jim Pingle
01:21 PM Bug #12315 (Confirmed): IPsec tunnels using a gateway group do not get reloaded in some cases: Was able to reproduce it easily just by setting an IPsec tunnel to a gateway group and running the function. Fix inco... Jim Pingle
12:01 PM Bug #12315 (Resolved): IPsec tunnels using a gateway group do not get reloaded in some cases: When @ipsec_force_reload($interface)@ is called, for example by @/etc/rc.newwanip@, it only looks for tunnels which s... Jim Pingle
03:51 PM pfSense Packages Feature #11130: FRR RIP support: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/123 Viktor Gurov
03:50 PM pfSense Packages Feature #12246: Load a file into patch textarea: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/122 Viktor Gurov
03:28 PM Bug #12102 (In Progress): Prevent using OpenVPN "Exit Notify" option with point-to-point modes: Jim Pingle
03:28 PM Bug #12219 (In Progress): Prevent using OpenVPN "Inactive" option with point-to-point modes: Jim Pingle
02:50 PM Revision 0f2df9bb: Move help redirects to server. Implements #12314: Redirect mappings are already in place on the docs web server. Jim Pingle
12:32 PM Bug #7815 (Closed): IPSec MSS Clamping is matching traffic not related to IPSec: This is addressed by https://redmine.pfsense.org/issues/7801 which separates mss clamping between VPN and other netwo... Marcos M
11:32 AM Bug #12310: WAN drop crashes OpenVPN, doesn't restart: Jim Pingle wrote in #note-2:
> I can't reproduce this here, there must be some other aspect of your configuration or... b b
07:29 AM Bug #12310 (Not a Bug): WAN drop crashes OpenVPN, doesn't restart: I can't reproduce this here, there must be some other aspect of your configuration or environment contributing to the... Jim Pingle
10:00 AM Todo #12314 (Feedback): Convert help shortcut links to server-side redirects: Applied in changeset commit:0f2df9bb9f781c0699a40681538e03515e915c7b. Jim Pingle
09:32 AM Todo #12314 (Resolved): Convert help shortcut links to server-side redirects: Currently all of the help page redirects reside in @/usr/local/www/help.php@ and if a new page is added between relea... Jim Pingle
09:42 AM Bug #12262 (Resolved): IPsec phase 1 entry with ``0.0.0.0`` as its remote gateway does not receive correct automatic firewall rules: Yes, the ESP rule is also there.... Marcos M
07:35 AM Bug #12262 (New): IPsec phase 1 entry with ``0.0.0.0`` as its remote gateway does not receive correct automatic firewall rules: I don't see the "inbound esp proto" rule in that file, only "inbound isakmp" and "inbound nat-t" so it appears to be ... Jim Pingle
08:09 AM Todo #12313: Upgrade OpenSSL to 1.1.1l: For things in the ports tree that get tracked in different ways it makes sense to have them noted that way, but for b... Jim Pingle
08:06 AM Todo #12313: Upgrade OpenSSL to 1.1.1l: I know the flow, I was curious about this fixes from upstream will be applied as they are high risk one. Also I saw a... DRago_Angel [InV@DER]
07:52 AM Todo #12313 (Closed): Upgrade OpenSSL to 1.1.1l: We pull in patches for those types of issues from FreeBSD directly as a part of the base system, which doesn't always... Jim Pingle
07:32 AM pfSense Docs Todo #12311 (Rejected): Feedback on pfSense Configuration Recipes — Using Software from FreeBSD: We don't plan on encouraging that practice so we aren't adding more details to the docs. Quite a few users have broke... Jim Pingle

08/29/2021

12:09 PM Bug #7801 (Pull Request Review): UDP fragments received over IPsec tunnel are not properly reassembled and forwarded: The following merge request addresses the two issues outlined in my previous comment:
https://gitlab.netgate.com/pfS... Marcos M
04:29 AM Todo #12313 (Closed): Upgrade OpenSSL to 1.1.1l: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3712
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021... DRago_Angel [InV@DER]

08/28/2021

06:39 PM Regression #12021: NoIP.com incorrectly encodes Dynamic DNS update credentials: This seems to cause 504 Gateway Timeouts in the webConfigurator, but still works on 21.05.1. Kris Phillips
03:02 PM Bug #12212 (Resolved): Disabled IPsec VTI interfaces are always created: fixed
ifconfig output does not show VTI interface if PH2 VTIs is disabled
2.6.0.a.20210828.0100
Alhusein Zawi
01:02 PM Bug #12262: IPsec phase 1 entry with ``0.0.0.0`` as its remote gateway does not receive correct automatic firewall rules: > Is that what you expected to see?
>
> There should also be an ESP rule in addition to those two, is it present... Alhusein Zawi
11:49 AM pfSense Docs Correction #12312 (Closed): Correct Image Name for Netgate 6100 Reinstall Documentation: Documentation here: https://docs.netgate.com/pfsense/en/latest/solutions/netgate-6100/reinstall-pfsense.html
It st... Kris Phillips
11:16 AM Regression #12172 (Resolved): OpenVPN Wizard configuration missing recently added default values: Looks good now. Marcos M
08:45 AM pfSense Docs Todo #12311 (Rejected): Feedback on pfSense Configuration Recipes — Using Software from FreeBSD: *Page:* https://docs.netgate.com/pfsense/en/latest/recipes/freebsd-pkg-repo.html
*Feedback:*
This applies to PFse... paul vrdsp0

08/27/2021

10:02 PM Bug #12038: System attempts to start inactive services at boot: That does not and is not supposed to disable them. It stops them temporarily. That's working as intended. Jim Pingle
07:56 PM Bug #12038: System attempts to start inactive services at boot: disabled services will be enabled after rebooting
I disabled DNS Resolver and IPsec VPN services from Status>Servic... Alhusein Zawi
09:53 PM Revision 1394773d: Rename a few missing Netgate devices.: Super Micro XG-1537 -> Super Micro 1537
Super Micro XG-1541 -> Super Micro 1541 Luiz Souza
04:24 PM Bug #12310: WAN drop crashes OpenVPN, doesn't restart: (I forgot to note that, of course, I replugged the cable after OpenVPN crashed, and the WAN interface properly got a ... b b
04:21 PM Bug #12310 (Not a Bug): WAN drop crashes OpenVPN, doesn't restart: Under pfSense CE 2.50, with an active OpenVPN tunnel to my ISP's VPN, unplugging the WAN cable crashes the OpenVPN cl... b b
12:49 PM Revision 2c393b55: Add null check. Fixes #9092: If the value is undefined in config.xml this will be null, not an empty
string. Jim Pingle
11:42 AM pfSense Docs Todo #12309 (Closed): Add Light Pattern/Light Meaning for 6100 to Documentation Similar to Other Hardware: The Netgate 6100 docs has nothing documented regarding the light pattern on the face of the unit like other appliance... Kris Phillips
10:26 AM Bug #4418: IPsec mobile clients - bogus "p" appended to search domain: This Problem still exists as I ran into it since the last week.
v2.5.2-RELEASE
No difference if the unity plugi... R. St
09:19 AM Todo #12265: Improve uses of ``grep`` which utilize user-supplied patterns: Updating subject for release notes. Jim Pingle
07:55 AM Feature #9092 (Feedback): Option to set interval of forced Dynamic DNS updates: Applied in changeset commit:2c393b5581d0818ada0187b2af15debf0f95c118. Jim Pingle
07:44 AM Feature #9092 (New): Option to set interval of forced Dynamic DNS updates: This appears to have introduced a bug. Any time the Dynamic DNS update process is triggered, it forces an update:
... Jim Pingle
07:20 AM Bug #12095: Memory leak in pcscd: Charles Ng wrote in #note-11:
> I see the same log spam as described in https://redmine.pfsense.org/issues/12095#not... Jim Pingle
12:51 AM pfSense Packages Feature #12308 (New): Dynamicaly Update Firewall Aliases from OpenVPN LDAP Group membership of the connected user: I would like to propose a feature of dynamically update firewall aliases tables when a users connects to the openvpn ... Dimitris Frnty

08/26/2021

11:09 PM Bug #12095: Memory leak in pcscd: I see the same log spam as described in https://redmine.pfsense.org/issues/12095#note-4 if pcscd is stopped.
The l... Charles Ng
07:12 AM Bug #12095: Memory leak in pcscd: Uwe Dippel wrote in #note-9:
> Same-same. 7 days of uptime, over night it ramped up and killed DNS ('no space left')... Jim Pingle
06:32 AM Bug #12095: Memory leak in pcscd: Same-same. 7 days of uptime, over night it ramped up and killed DNS ('no space left'). 2.5.2-RELEASE (amd64) clean in... Uwe Dippel
03:38 PM Revision 0ef2ff26: Fix a typo in the Netgate 5100 name.: Luiz Souza
03:21 PM Revision df945787: Rename the Netgate devices.: XG-15xx -> 15xx
SG-5100 -> Netgate-5100 Luiz Souza
01:03 PM Revision fe72327b: Revert "Clean up some messy HTML in the cert/ca display code. Prep for future MVC changes.": This reverts commit 8d4fcd7ac1167894136e337fc619e63fa7200fa0. Jim Pingle
12:32 PM Bug #12307 (Resolved): Update cURL to address vulnerabilities in 7.76.1 in CE: Already done, on @pfSense-2.6.0.a.20210824.0500@:... Jim Pingle
11:53 AM Bug #12307 (Resolved): Update cURL to address vulnerabilities in 7.76.1 in CE: The version of cURL is 2.5.2 CE is vulnerable to multiple security issues.
See vulnerabilities here:
https://cu... Kris Phillips
12:29 PM Feature #10587: UPnP/NAT-PMP STUN configuration options: Updating subject for release notes. Jim Pingle
12:26 PM Regression #12048: Error during XMLRPC synchronization due to changes in ``pear-HTTP_Request2``: Updating subject, but also excluding from release notes since this was never a problem in a release.
Jim Pingle
12:22 PM Regression #12239: Interfaces page does not show Wireless EAP client options: Updating subject for release notes. Jim Pingle
12:21 PM Regression #12234: Wireless Channel/Width Issues with GUI: Regressed and fixed during development, not in any release. Jim Pingle
12:19 PM Bug #12247: Viewing an AutoConfigBackup entry takes approximately 60 seconds to completely load: Updating subject for release notes. Jim Pingle
12:17 PM Regression #12245: Input validation error in system.php: Was a regression introduced after the last release and was never in a release, thus excluding from release notes. Jim Pingle
12:17 PM Bug #12134: Typo in crash reporter page: Updating subject, also excluding from release notes as it's only a text typo. Jim Pingle
12:15 PM Bug #12050: "GoTo line #" function does not work on ``diag_edit.php``: Updating subject for release notes. Jim Pingle
12:13 PM Bug #12049: Input validation incorrectly rejects a second IPv4-only GRE tunnel: Updating subject for release notes. Jim Pingle
12:11 PM Bug #12000: Remote log server input validation allows invalid values: Updating subject for release notes. Jim Pingle
12:10 PM Todo #11507: Update font formats to WOFF2: Updating subject for release notes. Jim Pingle
12:08 PM Todo #12235: ``pfSense-upgrade`` should reinstall all packages on new version upgrades: Updating subject for release notes. Jim Pingle
12:07 PM Bug #12038: System attempts to start inactive services at boot: Updating subject for release notes. Jim Pingle
12:07 PM Bug #12001: System attempts to stop inactive services at shutdown: Updating subject for release notes. Jim Pingle
12:04 PM Bug #12272: Duplicating a Port Forward does not copy "Filter Rule Association" values of "None" or "Pass": Updating subject for release notes. Jim Pingle
12:03 PM Regression #12233: VIP network addresses are not expanded on Port Forward rules: Updating subject for release notes. Jim Pingle
12:02 PM Bug #12174: Firewall rule tabs load slowly when many rules on the tab utilize gateways: Updating subject for release notes. Jim Pingle
12:01 PM Bug #12168: 1:1 NAT rule with internal IP address of "Any" results in an invalid firewall rule: Updating subject for release notes. Jim Pingle
11:59 AM Bug #12164: IPv6 policy routing does not work if an IPsec tunnel phase 2 remote network is configured for ``::/0``: Updating subject for release notes. Jim Pingle
11:55 AM Regression #12110: PHP error in firewall_nat.inc on line 329: Not a problem in a release. Jim Pingle
11:54 AM Bug #11923: Input validation not working for 1:1 NAT entries using an alias as a destination: Updating subject for release notes. Jim Pingle
11:53 AM Feature #11439: IPv6 support in ``easyrule`` CLI script: Updating subject for release notes. Jim Pingle
11:52 AM Feature #9297: Graph for hardware temperature readings: Updating subject for release notes. Jim Pingle
11:51 AM Bug #12105: Packages are not automatically reinstalled when restoring configuration using the installer: Updating subject for release notes. Jim Pingle
11:45 AM Regression #12111: Crash report message displayed on dashboard. flock() expects parameter 1 to be resource, null given in /etc/inc/util.inc on line 166: Not a problem in a previous release. Jim Pingle
11:44 AM Feature #9877: QEMU Guest Agent: Excluding from release notes since it's only being built and there is no package for it yet. Jim Pingle
10:56 AM Bug #12020: OpenVPN RADIUS-based firewall rules use incorrect port ranges: Updating subject for release notes. Jim Pingle
10:54 AM Bug #12238: OpenVPN client connect/disconnect scripts are not used in Remote Access (SSL/TLS) mode: Updating subject for release notes. Jim Pingle
10:53 AM Bug #12232: OpenVPN status incorrect for TAP servers without a defined tunnel network: Updating subject for release notes. Jim Pingle
10:52 AM Todo #12218: Move "Description" option on OpenVPN server and client pages to top of the page, show internal instance ID: Updating subject for release notes. Jim Pingle
10:52 AM Bug #12192: OpenVPN does not clean up previous CA and CRL files: Updating subject for release notes. Jim Pingle
10:51 AM Regression #12172: OpenVPN Wizard configuration missing recently added default values: Updating subject for release notes. Jim Pingle
10:49 AM Bug #12076: OpenVPN RADIUS-based firewall rules do not use expected value for RADIUS-assigned IP addresses: Updating subject for release notes. Jim Pingle
10:47 AM Bug #11999: OpenVPN IPv6 tunnel network is not validated properly: Updating subject for release notes. Jim Pingle
10:47 AM Regression #11938: DNS Resolver does not add PTR record for OpenVPN clients: Updating subject for release notes. Jim Pingle
10:46 AM Feature #11935: Log external IP address of OpenVPN clients on connect and disconnect: Updating subject for release notes. Jim Pingle
10:41 AM Feature #11865: Option to validate OpenVPN peer TLS certificate key usage: Updating subject for release notes. Jim Pingle
10:38 AM Bug #11675: VLAN and QinQ edit pages allows selecting incompatible OpenVPN ``tun`` interfaces: Updating subject for release notes. Jim Pingle
10:35 AM Feature #12109: Option to suppress expiration notifications for revoked certificates: Updating subject for release notes. Jim Pingle
10:33 AM Bug #11701: Missing global ``$g`` declaration in ``config.lib.inc`` function ``pfSense_clear_globals()``: Updating subject for release notes. Jim Pingle
10:28 AM Feature #12213: Support SHA-256 hash NTP authentication: Updating subject for release notes. Jim Pingle
10:27 AM Feature #12118: Create a log entry when a configuration change occurs: Updating subject for release notes. Jim Pingle
10:25 AM Feature #12011: Disable log compression on new installations when ``/var/log`` is a ZFS dataset with compression enabled: Updating subject for release notes. Jim Pingle
10:23 AM Bug #9058: Kernel panic during L2TP retransmit: Updating subject for release notes. Jim Pingle
10:22 AM Bug #12253: IPv6 gateway for an interface is not shown on ``status_interfaces.php`` if the interface does not also have an IPv4 gateway: Updating subject for release notes. Jim Pingle
10:21 AM Bug #12252: IPv6 DNS servers from dynamic sources are not listed on ``status_interfaces.php``: Updating subject for release notes. Jim Pingle
10:20 AM Bug #12002: Boot messages contain entries about configuring LAGG/VLAN/QinQ interfaces even when no entries of those types are configured: Updating subject for release notes. Jim Pingle
10:18 AM Bug #11926: Advanced DHCP client configuration "Protocol timing" help text is in the wrong location: Updating subject for release notes. Jim Pingle
10:15 AM Regression #12100: Recent 2.6.0 development installers don't actually install: Regression introduced and fixed during development between releases. No need to include it in release notes. Jim Pingle
10:12 AM Bug #12159: "Default preferred lifetime" router advertisement validation check uses incorrect variable: Updating subject for release notes. Jim Pingle
08:43 AM Bug #12159: "Default preferred lifetime" router advertisement validation check uses incorrect variable: Updating subject for release notes. Jim Pingle
10:09 AM Todo #12289: Update "IPsec Filter Mode" option values and help text to reflect that VTI mode also helps transport mode (e.g. GRE): Updating subject for release notes. Jim Pingle
10:07 AM Bug #12023: Mobile IPsec NAT/BINAT entries missing from firewall rules: Updating subject for release notes. Jim Pingle
10:06 AM Bug #12298: IPsec manual initiation and termination should use a timeout value or forced actions: Updating subject for release notes. Jim Pingle
10:06 AM Bug #12262: IPsec phase 1 entry with ``0.0.0.0`` as its remote gateway does not receive correct automatic firewall rules: Updating subject for release notes. Jim Pingle
10:04 AM Bug #12197: Mobile IPsec phase 1 should not display "Gateway duplicates" option: Updating subject for release notes. Jim Pingle
10:04 AM Feature #12169: IPsec keep alive option to initiate phase 2 without using ICMP: Updating subject for release notes. Jim Pingle
10:03 AM Feature #12169: IPsec keep alive option to initiate phase 2 without using ICMP: Updating subject for release notes. Jim Pingle
10:02 AM Bug #12198: Disabling an IPsec phase 1 entry does not disable related phase 2 entries: Updating subject for release notes. Jim Pingle
10:01 AM Bug #12196: IPsec settings fail to apply when a remote gateway is set to an FQDN and there are no DNS servers available: Updating subject for release notes. Jim Pingle
09:57 AM Bug #12195: IPsec writes CRL files when tunnel does not use certificates: Updating subject for release notes. Jim Pingle
09:57 AM Regression #12186: <br> tags shown in Status>IPsec: This regression was introduced in a commit made after the last release, so no need to include it in release notes. Jim Pingle
09:56 AM Bug #12155: Tunnels with conflicting REQID values can lead to multiple identical Child SA entries: Updating subject for release notes. Jim Pingle
09:52 AM Bug #11951: IPsec status fails when many tunnels are connected: Updating subject for release notes. Jim Pingle
09:42 AM Todo #12171: Upgrade to ``pkg`` 1.17.x: Updating subject for release notes. Jim Pingle
09:42 AM Bug #11653: Duplicate ``comconsole_port`` lines in ``/boot/loader.conf``: Updating subject for release notes. Jim Pingle
09:41 AM Feature #12194: Support Check IP services which return bare IP address values: Updating subject for release notes. Jim Pingle
09:39 AM Feature #12086: New Dynamic DNS Provider: deSEC: Updating subject for release notes. Jim Pingle
09:39 AM Bug #12007: Dynamic DNS cache expiration time check calculation method may cause update to happen on the wrong day: Updating subject for release notes. Jim Pingle
09:36 AM Feature #11978: New Dynamic DNS Provider: Strato: Updating subject for release notes. Jim Pingle
09:35 AM Todo #11976: Compliance with pfSense style guide in Dynamic DNS service code: No need to include this in release notes Jim Pingle
09:34 AM Bug #11816: RFC 2136 Dynamic DNS client uses IPv6 alias VIP instead of Track IPv6 address for AAAA records: Updating subject for release notes. Jim Pingle
09:33 AM Feature #9341: Support DNS Made Easy authentication without a username: Updating subject for release notes. Jim Pingle
09:32 AM Feature #9092: Option to set interval of forced Dynamic DNS updates: Updating subject for release notes. Jim Pingle
09:30 AM Feature #12269: Include firewall rules from packages which failed to load in status output: Updating subject for release notes. Jim Pingle
09:27 AM Bug #12256: Sanitize WireGuard private and pre-shared keys in status output: Updating subject for release notes. Jim Pingle
09:20 AM Bug #12241: System Information widget unnecessarily polls data for hidden items: Updating subject for release notes. Jim Pingle
09:18 AM Regression #11316: Unbound crashes with signal 11 when reloading: Updating subject for release notes. Jim Pingle
09:16 AM Bug #12280: Default IPv6 router advertisement intervals and lifetime are too low: Updating subject for release notes. Jim Pingle
09:15 AM Bug #12277: DHCPv6 Server should not offer configuration options for unsupported PPPoE Server interfaces: Updating subject for release notes. Jim Pingle
09:13 AM Bug #11905: DHCPv4 server configuration does not include ARM TFTP filenames: Updating subject for release notes. Jim Pingle
09:13 AM Feature #11659: Support for UEFI HTTP Boot option in DHCPv4 Server: Updating subject for release notes. Jim Pingle
09:11 AM Bug #11581: Cannot configure WAN IP address with ``/32`` CIDR mask via console menu: Updating subject for release notes. Jim Pingle
09:09 AM Bug #12041: Certificate Manager shows incorrect DN for imported entries with UTF-8 encoding: Updating subject for release notes. Jim Pingle
09:08 AM Bug #12034: Certificate Manager performs redundant escaping of special characters in certificate DN fields: Updating subject for release notes. Jim Pingle
09:05 AM Bug #11922: Certificate manager reports CA as in use by an LDAP server when LDAP is not configured for TLS: Updating subject for release notes. Jim Pingle
09:04 AM Bug #11831: Certificate Revocation tab does not list active users of CRL entries: Updating subject for release notes. Jim Pingle
08:59 AM Bug #11894: Vouchers may expire too early when using RAM disks: Updating subject for release notes. Jim Pingle
08:53 AM Bug #12227: Changing VHID on CARP VIP does not update VHID of related IP Alias VIPs: Updating subject for release notes. Jim Pingle
08:51 AM Bug #12202: When a CARP VIP VHID change is synchronized to a secondary node, the CARP VIP is removed from the interface and the old VHIDs remain active: Updating subject for release notes. Jim Pingle
08:47 AM Bug #11727: Cannot enter persistent CARP maintenance mode when CARP is disabled: Updating subject for release notes. Jim Pingle
08:45 AM Feature #12094: Suppress kernel messages for ``lo0`` configuration during boot: Updating subject for release notes. Jim Pingle
08:42 AM Todo #12060: Remove deprecated ``libzmq`` code and references: Updating subject for release notes. Jim Pingle
08:40 AM Bug #11946: Custom value for AutoConfigBackup schedule Hours is not shown when loading the settings page: Updating subject for release notes. Jim Pingle
08:38 AM Bug #11909: Output from reboot process is printed on Backup & Restore page when restoring a configuration file: Updating subject for release notes. Jim Pingle
08:36 AM Feature #12226: Copy button for group entries in the User Manager: Updating subject for release notes. Jim Pingle
08:33 AM Todo #10298: Use SHA-512 for user password hashes: Updating subject and tracker for release notes. Jim Pingle
08:30 AM Bug #12177: When attempting to delete an in-use alias, input validation only prints the first item using the alias in the error message: Updating subject for release notes. Jim Pingle
08:25 AM Bug #12124: Creating or editing aliases fails with multiple hosts separated by spaces: Updating subject for release notes. Jim Pingle
08:24 AM Bug #4893: Error loading rules when URL Table Ports content is empty: Updating subject for release notes. Jim Pingle
08:05 AM Regression #12306 (Feedback): Certificate info block has CA info, not certificate info: Per Steve B, reverted that commit. Jim Pingle
07:55 AM Regression #12306 (Resolved): Certificate info block has CA info, not certificate info: On system_certmanager.php the info block for the certificate appears to be printing the CA info and not the certifica... Jim Pingle

08/25/2021

04:10 PM Bug #12095: Memory leak in pcscd: Can confirm the bug on my system. Was a clean upgrade from the last version.
2.5.2-RELEASE (amd64)
built on Fri Jul 0... Michael Smith

08/24/2021

05:19 PM Bug #7801 (Feedback): UDP fragments received over IPsec tunnel are not properly reassembled and forwarded: I was able to test this fix and noticed there are two issues which I needed to work around in order for large df-bit-... Marcos M
01:33 PM Revision 7628b091: Increase default RA intervals. Fixes #12280: Jim Pingle
01:24 PM Revision a1eef308: Increase default RA intervals. Fixes #12280: This code path was not included in the original diff. Jim Pingle
01:12 PM Revision 99dfecb7: radvd: Avoid empty AdvDNSSLLifetime (Fixes #12173): Make sure $raadvdnsslifetime is defined on second foreach Renato Botelho
12:19 PM Bug #12141: Lack of DNS or Internet connectivity causes GUI to be slow: I tried reproducing this on a lab. The gateway is online but pfSense is not able to reach any internet resources (inc... Marcos M
08:46 AM Regression #12028 (Resolved): SNMP daemon issues with pf nvlist changes: This is fine on current snapshots.
No errors in SNMP logs. SNMP queries return expected results. @libpfctl.so.5@ i... Jim Pingle
08:39 AM Regression #12057 (Feedback): 21.09/2.6.0 - High CPU usage and slowness with ``pfctl -ss``: All the relevant changes should be in current snapshots, may need additional testing/confirmation but we likely have ... Jim Pingle
08:36 AM Regression #12288: GRE and GIF tunnel inside addresses are missing at the OS level after applying changes on assigned interfaces: Target can be moved ahead if pressed for time. Nice to fix, but there is a viable workaround so not critical. Jim Pingle
08:35 AM Bug #12280 (Feedback): Default IPv6 router advertisement intervals and lifetime are too low: Applied in changeset commit:a1eef30841b11020c41e02d0bcf1db659852a0ae. Jim Pingle
08:23 AM Bug #12280 (In Progress): Default IPv6 router advertisement intervals and lifetime are too low: There are more lines that didn't get updated along a different code path. Near line 382 and 387. Jim Pingle
08:28 AM Feature #12300 (New): Add Aquantia Atlantic driver to pfsense: Following discussion from https://forum.netgate.com/topic/166048/tp-link-tx401-supported
Add TP-Link driver (aQuanti... ageekhere ageekhere
08:15 AM Bug #12173 (Feedback): IPv6 RA DNSSL lifetime is too short, not compliant with RFC 8106: Applied in changeset commit:99dfecb734b11b1729e58cf650df8d058b300732. Renato Botelho
08:09 AM Bug #11539: Mobile IPsec ``split_include`` value of ``0.0.0.0/0`` causes some clients to fail: There are other changes in 21.09 which may fix this, but leaving it open and moving target for now in case it needs a... Jim Pingle
08:00 AM Feature #12092: Utilize new ``pfctl`` abilities to kill states: Moving ahead, still needs more thought/planning about how best to approach this Jim Pingle
07:59 AM Bug #11296: Static route targets may still reachable via default route when the gateway they should route through is down: Moving ahead, too close to release to make another attempt at this and have enough time to validate the change in beh... Jim Pingle
07:59 AM Bug #11091: Interfaces set as disabled in the configuration have an UP status in the operating system at boot: Moving ahead, too close to release to make another attempt at this and have enough time to validate the change in beh... Jim Pingle
07:46 AM pfSense Plus Regression #11995 (Closed): UPnP/NAT-PMP not functioning on 32-bit ARM: This was fixed before 21.05.1 Jim Pingle
03:09 AM pfSense Packages Bug #12126: freeradius3 0.15.7_31: Hi sorry for the delay.
I've used 0.15.7_32 package version and got the same behavior:
sql nas table is read but ... Alexis Pellicier

08/23/2021

08:53 PM Revision bc642d63: Log settings help text update. Implements #12012: * Improve notes about disk usage
* Add more calculations to estimate potential usage
* Improve notes about when to us... Jim Pingle
07:36 PM Revision dd8d9e23: Disable newsyslog compression w/ZFS. Issue #12011: ZFS compresses /var/log by default. If the ZFS dataset /var/log has
compression enabled on the first boot post instal... Jim Pingle
07:34 PM Revision cf5ee828: Update default config.xml empty tags. Fixes #12299: Reduces the difference between the stock config.xml and what is
written after initial changes are made to the config ... Jim Pingle
07:34 PM Revision 6fab2f23: Update default config.xml. Issue #12299: * Update configuration revision value
* Use new default password hash format Jim Pingle
04:20 PM Revision 41a43f7a: Add missing quotes: Renato Botelho
04:19 PM Revision 062a7598: Replace - by _ on repository path: Renato Botelho
04:05 PM Todo #12012 (Feedback): Improve log settings help text for file size, compression, and retention count: Applied in changeset commit:bc642d63848f67a2f35f977b7bc66bc91508a56c. Jim Pingle
04:00 PM Feature #12011 (Feedback): Disable log compression on new installations when ``/var/log`` is a ZFS dataset with compression enabled: Change is in now, GUI text is coming in #12012
Needs tested a few ways:
* Clean install with ZFS should have l... Jim Pingle
03:18 PM Revision b06e79a6: Followup e324755bee, combine sed and add g flag: Renato Botelho
03:10 PM Revision e324755b: poudriere upstream is not supporting dashes in ports tree names.: This is to prevent issues with sets, so we need to respect the change
https://github.com/freebsd/poudriere/issues/897 Brad Davis
02:49 PM Regression #11470 (Feedback): Panic when using CBQ traffic shaping: I've not been able to reproduce this yet. I'd expect it to happen around the borrowing code of CBQ, where it starts o... Kristof Provost
02:40 PM Todo #12299 (Feedback): Update default ``config.xml``: Applied in changeset commit:cf5ee828686e6feb61fa9c27c61a06497896c551. Jim Pingle
02:06 PM Todo #12299 (Resolved): Update default ``config.xml``: The default configuration file in @/conf.default/config.xml@ is behind the current config revision.
Very few thing... Jim Pingle
01:52 PM Revision 953aba88: Don't wait on manual IPsec actions. Fixes #12298: Use a timeout with swanctl --initiate, and use --force for swanctl
--terminate. This will allow the commands to succe... Jim Pingle
01:17 PM Feature #12070: Support for VLAN ``0``: Anything that would potentially touch VLAN0 needs to be aware of potential security problems with it as well:
* ht... Jim Pingle
10:11 AM pfSense Packages Feature #12297 (Feedback): Suricata: show actual GID:SID rule on click: PR has been merged into devel branches. Thanks! Renato Botelho
09:43 AM Regression #12288: GRE and GIF tunnel inside addresses are missing at the OS level after applying changes on assigned interfaces: Also worth noting that the addresses are present when the GRE is first created, and only disappear after assigning/en... Jim Pingle
09:00 AM Bug #12298 (Feedback): IPsec manual initiation and termination should use a timeout value or forced actions: Applied in changeset commit:953aba88ede593dba2d05fefed879acce5dfde83. Jim Pingle
08:38 AM Bug #12298 (Resolved): IPsec manual initiation and termination should use a timeout value or forced actions: Connecting or disconnecting IPsec P1/P2 entries from the status page, widget, or keep alive uses a command such as @s... Jim Pingle
08:16 AM pfSense Packages Bug #12293 (Feedback): Resolve host via Reverse DNS looks shows IDN domains as punnycode: PR has been merged into devel branches. Thanks! Renato Botelho
08:16 AM pfSense Packages Feature #10809 (Feedback): IDS/IPS - Notifications when new rule categories are released: PR has been merged into devel branches. Thanks! Renato Botelho
08:16 AM pfSense Packages Feature #12292 (Feedback): GeoIP look on the Alerts, Blocked and Files pages: PR has been merged into devel branches. Thanks! Renato Botelho
07:42 AM Bug #12294 (Not a Bug): userland calling deprecated sysctl, please rebuild world pfsense: Almost certainly something leftover in your configuration. Your configuration has a large section of tunable values, ... Jim Pingle
07:32 AM Bug #12256 (Resolved): Sanitize WireGuard private and pre-shared keys in status output: Jim Pingle
07:31 AM Bug #12295 (Not a Bug): Gateway RTT of gateways added through packages (OpenVPN and Wireguard) seem off: There is no difference in monitoring for gateways based on their source like that. It's almost certainly due to diffe... Jim Pingle
07:25 AM Bug #12262: IPsec phase 1 entry with ``0.0.0.0`` as its remote gateway does not receive correct automatic firewall rules: Alhusein Zawi wrote in #note-5:
> # VPN Rules
> pass in on $WAN proto udp from 0.0.0.0/0 to (self) port = 500 tr... Jim Pingle
07:20 AM Todo #12145: Convert RAM disks to ``tmpfs``: Darin May wrote in #note-6:
> Would anything need to change in the dashboard UI code to display tempfs vs ufs where ... Jim Pingle
07:19 AM Feature #12291 (Pull Request Review): Support for Slack notifications: Jim Pingle

08/22/2021

02:40 PM pfSense Packages Feature #12297: Suricata: show actual GID:SID rule on click: https://github.com/pfsense/FreeBSD-ports/pull/1102 Viktor Gurov
02:38 PM pfSense Packages Feature #12297 (Resolved): Suricata: show actual GID:SID rule on click: It would be helpful to see the actual rule affecting the alert via clicking on GID:SID on the Alert page. Viktor Gurov
01:48 PM Todo #12296: Explicitly state where AutoConfigBackup stores encrypted backup data: I did not intend for this to be created as bug, but as an enhancement. I am also aware this is clearly stated here: h... Tyler Montney
01:47 PM Todo #12296 (Resolved): Explicitly state where AutoConfigBackup stores encrypted backup data: Under Services > Auto Configuration Backup > Settings, it should be clearly stated that backups are sent to Netgate r... Tyler Montney
02:41 AM Bug #12294: userland calling deprecated sysctl, please rebuild world pfsense: Kris Phillips wrote in #note-1:
> Hello,
>
> Please be aware that you have uploaded your configuration file unred... itfabrica Tech

Also available in: Atom

Project

General

Profile

pfSense

Activity

Activity

09/20/2021

09/19/2021

09/18/2021

09/17/2021

09/16/2021

09/15/2021

09/14/2021

09/13/2021

09/12/2021

09/11/2021

09/10/2021

09/09/2021

09/08/2021

09/07/2021

09/06/2021

09/05/2021

09/04/2021

09/03/2021

09/02/2021

09/01/2021

08/31/2021

08/30/2021

08/29/2021

08/28/2021

08/27/2021

08/26/2021

08/25/2021

08/24/2021

08/23/2021

08/22/2021