Activity

30 days up to

User

Subprojects

Activity

From 10/08/2021 to 11/06/2021

11/06/2021

03:41 PM Regression #12345: Captive Portal users cannot get past portal even after successfully logging in: I tested Captive Portal in
22.01-DEVELOPMENT (amd64)
built on Fri Nov 05 05:21:41 UTC 2021
FreeBSD 12.3-PRERELEA... Max Leighton
11:53 AM Bug #11960: Gateway Monitoring Traffic Goes Out Default Gateway: I failed to replicate that in
22.01-DEVELOPMENT (amd64)
built on Fri Nov 05 05:21:41 UTC 2021
FreeBSD 12.3-PRERE... Max Leighton
11:25 AM Bug #12508 (New): DHCP Relay over VPN: Currently, DHCP Relay does not work with OpenVPN TAP nor IPsec VTI.
Since the VTI doesn't have a MAC, the interfac... Marcos M
03:01 AM pfSense Packages Bug #12507: Add support for bi-directional flows in softflowd: PR exists in github here: https://github.com/pfsense/FreeBSD-ports/pull/1119 Vito Piserchia
02:59 AM pfSense Packages Bug #12507 (Pull Request Review): Add support for bi-directional flows in softflowd: In order to support IPFIX bi-directional flows, the "-b" param should be added Vito Piserchia
01:01 AM pfSense Packages Bug #12506 (Resolved): Only selected instance is restarted on suppress list change: How to reproduce:
1) Create a Suppress List 'testsupplist'
2) Configure Suricata for the LAN interface and select... Viktor Gurov
12:15 AM Todo #8451 (Resolved): System Information dashboard widget - Kernel PTI toggle: implemented in #9532 Viktor Gurov

11/05/2021

10:06 PM Feature #11496: Support for NTP Peer mode: Bounty here: https://forum.netgate.com/topic/167670/ntp-add-peer-100 Christian Borchert
03:49 PM pfSense Packages Bug #12399: WireGuard v0.1.5 - Tunnel Will Never Handshake Again After WAN Reset: Look for Package Version 0.1.5_2, which will also upgrade net/wireguard-kmod to 0.0.20210606_2. Both are available on... Christian McDonald
02:35 PM Regression #11545: Primary interface address is not always used when VIPs are present: Kris Phillips wrote in #note-16:
> What version of pfSense are you running right now?
As noted above, 21.05.2.
... Denny Page
02:16 PM Bug #11679 (Closed): Policy-based Routing (outbound) and port forwarding (inbound) "selectively" working through WG tunnel: Christian McDonald
01:29 PM Bug #12505: NAT issues with IPsec passthrough: Understandable that this is a limitation of pf, and I appreciate the info on using a floating rule to prevent the lea... Kev Kitchens
01:04 PM Bug #12505 (Not a Bug): NAT issues with IPsec passthrough: This is expected behavior when using static port on outbound NAT rules, and is not a bug.
We already have numerous... Jim Pingle
12:35 PM Bug #12505 (Not a Bug): NAT issues with IPsec passthrough: I've noticed some issues with the automatic IPsec passthrough rules generated when the outbound NAT is set to automat... Kev Kitchens
04:51 AM Bug #12504 (New): BCM57412 NetXtreme-E 10Gb RDMA Ethernet controller issue: We have pfSense 2.5.2 installed and faced with same issue as described in https://lists.freebsd.org/archives/freebsd-... Sergey Dyatko

11/04/2021

09:36 PM Bug #12259: Intel em NICs Suffering Performance Degradation on FreeBSD12: Based on the bug report as long as TCP Offload is disabled this shouldn't be an issue on FreeBSD 12.X. With TCP Offl... Kris Phillips
09:30 PM Bug #12434: Multiple cURL Vulnerabilities: cURL has been updated to 7.79.1 pfSense Plus 22.01. This only affects CE at this point. Kris Phillips
09:21 PM Regression #11545: Primary interface address is not always used when VIPs are present: Denny Page wrote in #note-15:
> I can share info from my install if you like. Unless I disable DHCP6 on the WAN inte... Kris Phillips
03:06 PM Revision d1e65bb2: Automatic outbound NAT for Reflection IPv6 support. Fixes #12500: Viktor Gurov
03:03 PM Revision dd8f951d: IPsec Keep Alive Gateway Group CARP support. Fixes #12472: Viktor Gurov
01:01 PM pfSense Packages Bug #12490 (Rejected): pfSense(CE) completely freezes up with WireGuard: Closing due to inactivity.
If this continues to be a problem, please reach out via our social media and/or forum c... Christian McDonald
12:58 PM pfSense Packages Bug #12399 (Feedback): WireGuard v0.1.5 - Tunnel Will Never Handshake Again After WAN Reset: We have pulled in the upstream patches and bumped our version numbers. You should find a new package version availabl... Christian McDonald
12:57 PM Bug #12503 (Resolved): Unable to delete limiter referenced in filter rules: Tested on the:... Danilo Zrenjanin
01:45 AM Bug #12503 (Feedback): Unable to delete limiter referenced in filter rules: Applied in changeset commit:d0c6bc9a88fd5f054eabf379863e453c0228e808. Viktor Gurov
10:15 AM Bug #12500 (Feedback): Automatic outbound NAT for reflection does not support IPv6: Applied in changeset commit:d1e65bb28972baab2adab0d665b0fb6ea30447e0. Viktor Gurov
10:15 AM Bug #12472 (Feedback): IPsec Keep Alive does not work correctly with gateway groups in HA: Applied in changeset commit:dd8f951de8ffd0546cb15e97569701859db2a111. Viktor Gurov
06:34 AM Revision d0c6bc9a: Allow to delete limiter referenced in filter rules. Fixes #12503: Viktor Gurov

10/31/2021

11:01 PM Feature #12011: Disable log compression on new installations when ``/var/log`` is a ZFS dataset with compression enabled: clean install of 22.01.a.20211030.0500 on 1100 using ZFS, default selection under Status>Systems Logs>Settings>Log Co... Jordan G
07:11 PM Revision f645fb5f: Wake All Devices confirmation prompt. Implements #12480: Viktor Gurov
11:27 AM Bug #12076 (Assigned): OpenVPN RADIUS-based firewall rules do not use expected value for RADIUS-assigned IP addresses: Tested on 22.01-DEVELOPMENT (built on Sun Oct 31 05:21:32 UTC 2021)
Neither Windows 10, nor Ubuntu 21.10 were able... Azamat Khakimyanov
10:52 AM pfSense Packages Feature #10297 (Assigned): IPv6 user attributes: Tested on 21.05.1 and on 22.01-DEVELOPMENT (built on Sun Oct 31 05:21:32 UTC 2021)
There are 'IPv6 Address' (Framed-... Azamat Khakimyanov
06:15 AM Feature #12495: DynDNS: add deSEC IPv4&v6 simultaneos update: Depending Ticket: https://redmine.pfsense.org/issues/12494
PR: https://github.com/pfsense/pfsense/pull/4543 Lukas Wiest
06:11 AM Feature #12495 (Pull Request Review): DynDNS: add deSEC IPv4&v6 simultaneos update: The current implementation for the DynDNS provider DeSEC only supports either IP or LegacyIP updates, but entries tha... Lukas Wiest
06:14 AM Feature #12494: DynDNS: make simultaneous update of IP and LegacyIP possible: PR: https://github.com/pfsense/pfsense/pull/4542 Lukas Wiest
06:10 AM Feature #12494 (Pull Request Review): DynDNS: make simultaneous update of IP and LegacyIP possible: At the moment PfSense can only update either IP (IPv6) or LegacyIP (IPv4) records.
For services that allow multiple ... Lukas Wiest
06:07 AM pfSense Packages Bug #9922 (Resolved): haproxy_version does not use full path to haproxy, leads to errors when run during cron: Tested on 21.05.1 and on 22.01-DEVELOPMENT (built on Sun Oct 31 05:21:32 UTC 2021)
Both versions have full path '/... Azamat Khakimyanov

10/30/2021

07:12 PM pfSense Packages Bug #12258 (Pull Request Review): Copy key buttons only work in HTTPS mode: Updating status to Pull Request Review until changes are live. Kris Phillips
12:42 PM pfSense Packages Bug #12258: Copy key buttons only work in HTTPS mode: PR has been merged, this should be on the next release so ticket can be closed Adam Cooper
07:08 PM pfSense Packages Bug #11098: Backup Files and Directories plugin crashes firewall if /root specified as backup location: Attempting a backup produces a crash, but doesn't freeze the entire firewall or fill the drive thankfully. It also s... Kris Phillips
06:43 PM Bug #12001: System attempts to stop inactive services at shutdown: Installed and setup the snort package on 22.01. Enabled and then disabled it. Halted the system and I don't see any... Kris Phillips
06:34 PM Bug #12241: System Information widget unnecessarily polls data for hidden items: Tested in 22.01. Could be placebo but I noticed a 3-4x CPU usage drop after removing the System Information widget. Kris Phillips
02:11 PM Todo #12218: Move "Description" option on OpenVPN server and client pages to top of the page, show internal instance ID: Tested in
22.01-DEVELOPMENT (amd64)
built on Sat Oct 30 05:20:58 UTC 2021
FreeBSD 12.3-PRERELEASE
Description... Max Leighton
12:43 PM pfSense Packages Bug #12251: Wireguard 0.1.5 - ignores "KeepAlive" parameter if empty (instead of disabling): PR has been merged, should be in the next release so ticket can be closed Adam Cooper
12:38 PM Bug #12493 (Duplicate): IPsec continues to intercept traffic even after Phase II is removed: pfSense version:
pfSense community edition
Version 2.5.2-Release (amd64)
FreeBSD 12.2-Stable
The issue:
We are... Chaim Robinson
11:41 AM Feature #12438 (Resolved): Option to select PPPoE Server authentication protocol: Tested CHAP with PPPoE server in
2.6.0-DEVELOPMENT (amd64)
built on Sat Oct 30 05:23:33 UTC 2021
FreeBSD 12.3-PR... Max Leighton
11:03 AM Feature #12433 (Resolved): Icon for traffic direction on floating rules tab: Checked in
2.6.0-DEVELOPMENT (amd64)
built on Sat Oct 30 05:23:33 UTC 2021
FreeBSD 12.3-PRERELEASE
There is ... Max Leighton

10/29/2021

10:20 PM Bug #12347 (Resolved): IPsec widget treats phase 1 in "connecting" state as connected: widget shows P1 "disconnected" while it is in connecting state. Alhusein Zawi
03:20 PM pfSense Docs Correction #9370 (In Progress): Update old screenshots: * Updated RFC 1918 egress prevention recipe
* https://gitlab.netgate.com/docs/pfSense-docs/-/commit/597814b04beef... Jim Pingle
03:03 PM Feature #12011: Disable log compression on new installations when ``/var/log`` is a ZFS dataset with compression enabled: If you wipe and reload a 2100 or 1100 on a current 22.01 snapshot and use ZFS it will have lz4 compression on @/var/l... Jim Pingle
10:41 AM pfSense Packages Bug #12399 (Confirmed): WireGuard v0.1.5 - Tunnel Will Never Handshake Again After WAN Reset: Christian McDonald
08:21 AM Feature #4881: Allow NPt to use dynamic IPv6 networks: Flole Systems wrote in #note-25:
> There is a PR pending for this since 11 months apparently, what's the current sta... Csoban Kesmarki
07:37 AM pfSense Docs Todo #11812 (Closed): Feedback on pfSense Configuration Recipes — Configuring IPv6 Through A Tunnel Broker Service: Jim Pingle
07:36 AM pfSense Docs Todo #11743 (Closed): Feedback on Virtual Private Networks — VPN Scaling: Jim Pingle
07:36 AM pfSense Docs New Content #12432 (Closed): Add documentation for DNS Resolver Status page: Jim Pingle
07:36 AM pfSense Docs Todo #12429 (Closed): Feedback on Bridging: Jim Pingle
07:36 AM pfSense Docs Correction #11176 (Closed): Feedback on Services — DNS Resolver: Jim Pingle
07:36 AM pfSense Docs Todo #11417 (Closed): Feedback on Services — DNS Resolver — DNS Resolver Advanced Options: Jim Pingle
07:36 AM pfSense Docs Correction #9373 (Closed): Feedback on Services — DNS — Configuring the DNS Resolver: Jim Pingle
07:35 AM pfSense Docs Correction #9394 (Closed): Feedback on Services — DNS — Configuring the DNS Resolver: Jim Pingle
07:35 AM pfSense Docs Todo #12182 (Closed): Update IPsec to match recent changes: Jim Pingle

10/28/2021

09:21 PM Bug #12350 (Resolved): Incorrect label for IPsec DH group 32: fixed
2.6.0.a.20211028.0500 Alhusein Zawi
09:13 PM pfSense Packages Bug #12487: Netgate Firmware Upgrade 0.41.1 offers to upgrade FW version 01.00.00.11 to itself: FWIW, it looks like the bug is here, where check_update() returns true when current version == new version on non-610... Andrew Warren
11:08 AM pfSense Packages Bug #12487: Netgate Firmware Upgrade 0.41.1 offers to upgrade FW version 01.00.00.11 to itself: And it is not showing the update button when it should (Netgate 7100 on 21.05.2 0.41_1) Chris Linstruth
07:50 AM pfSense Packages Bug #12487: Netgate Firmware Upgrade 0.41.1 offers to upgrade FW version 01.00.00.11 to itself: This also appears to affect RCC-VE devices. An SG-4860 here.
Tested:
pkg v0.43 in 22.01 Steve Wheeler
03:44 PM Bug #12492 (Not a Bug): 'DHCPv6 Static Mappings for this Interface' option isn't reliable working (2.5.2-RELEASE (amd64) ): This site is not for support or diagnostic discussion. As you stated, the configuration appears to be correct, so the... Jim Pingle
03:41 PM Bug #12492 (Not a Bug): 'DHCPv6 Static Mappings for this Interface' option isn't reliable working (2.5.2-RELEASE (amd64) ): 'DHCPv6 Static Mappings for this Interface' option isn't reliable working (2.5.2-RELEASE (amd64))
I am experiencin... Patrice BBBBB
03:30 PM pfSense Packages Feature #12491 (New): squidguard: allow multiple regex: When adding a Target category, please allow multiple lines in the 'Regular Expression' list. The upstream squidguard... Jesse Norell
02:46 PM pfSense Packages Bug #12399: WireGuard v0.1.5 - Tunnel Will Never Handshake Again After WAN Reset: > Ryan,
>
> Thanks for the continued investigation here. I'm tracking the kernel module development closely. Prelim... Ryan Roosa
09:52 AM pfSense Packages Bug #12399: WireGuard v0.1.5 - Tunnel Will Never Handshake Again After WAN Reset: Ryan Roosa wrote in #note-17:
> Just a quick update to let you know I've tested for this issue on the latest communi... Christian McDonald
02:17 PM Bug #10955: XMLRPC sync results in an error when a failover peer IP address is specified in DHCP server settings for an unconfigured interface: Updating subject for release notes. Jim Pingle
02:15 PM Regression #11512: DHCP Leases page and ARP table page fail to load if DNS is not available: Updating subject for release notes. Jim Pingle
02:14 PM Regression #12442: Unexpected error message after trying to delete a CARP VIP: Was broke and fixed in snapshots, never in a release. Jim Pingle
02:13 PM Bug #12362: Validation when deleting a VIP does not prevent deleting a CARP VIP used as a parent for an IP Aliases VIP: Updating subject for release notes. Jim Pingle
02:12 PM Bug #12356: Validation when deleting a VIP does not check if the VIP is used by IPsec phase 1 entries: Updating subject for release notes. Jim Pingle
02:11 PM Feature #4769: IPv6 support in the Traffic Shaper Wizard: Updating subject for release notes. Jim Pingle
02:10 PM Bug #12410: 1:1 NAT edit page lists incorrect entries in the Destination field: Updating subject for release notes. Jim Pingle
02:09 PM Regression #12377: NAT Rule Reorder: Introduced and fixed in snapshots, never in a release. Jim Pingle
02:08 PM Bug #12319: NAT reflection does not work for IPv6 port forwarding rules when configured for NAT+Proxy mode: Updating subject for release notes. Jim Pingle
02:07 PM Feature #12318: Display default "Reflection Timeout" value on ``system_advanced_firewall.php``: Updating subject for release notes. Jim Pingle
02:07 PM Bug #10706: Kernel route table entries are removed if they match disabled static route entries: Updating subject for release notes.
It's not specific to OpenVPN, routes from any other source could be impacted. Jim Pingle
02:05 PM Feature #12438: Option to select PPPoE Server authentication protocol: Updating subject for release notes. Jim Pingle
02:05 PM Regression #12396: PHP Warning: Use of undefined constant ip - /etc/inc/services.inc on line 2465: Since this was only a regression in snapshots, no need to include it in release notes. Jim Pingle
02:00 PM Bug #12481: Temporary files for firewall rules generated from RADIUS ACL entries are not deleted on unclean shutdown: Updating subject for release notes. Jim Pingle
01:59 PM Feature #12321: Pop-up window to view firewall rules generated from RADIUS ACL entries on the OpenVPN status page: Updating subject for release notes. Jim Pingle
01:58 PM Feature #12291: Support for Slack notifications: Updating subject for release notes. Jim Pingle
01:57 PM Bug #12366: Rotation settings for individual log files do not take effect after saving: Updating subject for release notes. Jim Pingle
01:57 PM Bug #12435: "6RD Prefix" field does not have input validation: Updating subject for release notes. Jim Pingle
01:56 PM Bug #12371: Remove subnet overlap check on LAN interfaces when using 6rd: Updating subject for release notes. Jim Pingle
01:55 PM Regression #12288: GRE and GIF tunnel inside addresses are missing at the OS level after applying changes on assigned interfaces: Updating subject for release notes. Jim Pingle
01:54 PM Bug #12439: "Default preferred lifetime" field for IPv6 RA does not have input validation: Updating subject for release notes. Jim Pingle
01:52 PM Bug #12419: Console boot output includes ``Configuring IPsec VTI interfaces`` when no VTI interfaces are configured: Updating subject for release notes. Jim Pingle
01:51 PM Feature #12316: Include firewall rules generated from OpenVPN RADIUS ACL entries in status output: Updating subject for release notes. Jim Pingle
01:50 PM Bug #12347: IPsec widget treats phase 1 in "connecting" state as connected: Updating subject for release notes. Jim Pingle
01:47 PM Bug #11482 (Closed): WireGuard interfaces do not always have proper MTU applied: Jim Pingle
01:34 PM Feature #11899 (Duplicate): Add support for non-Oracle IP Check providers: Jim Pingle
01:23 PM pfSense Packages Bug #12490: pfSense(CE) completely freezes up with WireGuard: Hi Mark,
We haven't run into any deadlocks and/or crashes like this for quite some time. First thing I would check... Christian McDonald
12:44 PM pfSense Packages Bug #12490 (Rejected): pfSense(CE) completely freezes up with WireGuard: Hello everyone,
I encountered a strange issue with the Wireguard plugin installed (and in use).
I had a very diff... Mark Zeller
12:24 PM pfSense Docs New Content #9753 (Feedback): Feedback on Installing and Upgrading — Writing Disk Images: Step 2: I replaced the info in the pfSense docs with just the Etcher info, and linked to the main reference doc for a... Jim Pingle
11:12 AM pfSense Docs New Content #9753: Feedback on Installing and Upgrading — Writing Disk Images: Step 1: I updated the main shared reference doc with info on Etcher and made other updates as well
https://gitlab.... Jim Pingle
10:14 AM pfSense Docs New Content #9753 (In Progress): Feedback on Installing and Upgrading — Writing Disk Images: I've already been working on this Jim Pingle
09:10 AM Feature #12489 (Closed): OpenSSH update to the latest version.: We use the version of OpenSSH that ships with the base installation of FreeBSD. It may not always be the latest, but ... Jim Pingle
09:06 AM Feature #12489 (Closed): OpenSSH update to the latest version.: pfSense 2.5.2 version runs the OpenSSH_7.9-p1 version. That is not the latest one.
Danilo Zrenjanin
08:59 AM Revision 4d016cc4: Do not detach ng_ether from physical interfaces: There's no measurable performance impact[1] of leaving an unused ng_ether
node attached to ethernet interfaces, so do... Kristof Provost
08:32 AM Bug #12488 (Not a Bug): Problem with IPSEC - DPD or Child SA keep-alive: This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
08:22 AM Bug #12488 (Not a Bug): Problem with IPSEC - DPD or Child SA keep-alive: I was trying to Configure a new Site to Site IPsec tunnel.
We already have 3 Sites, with lots of Child SA's, in our ... Marc Schildt

10/27/2021

11:10 PM Revision d6bc49df: Document that upstream gateway controls WAN type vs. LAN type interface: Brett Keller
08:46 PM Revision 66b1de4c: IPsec SPD status updates. Implements #12397: * Fix backend parsing of setkey data
* Check for VTI vs tunnel mode
* Output mode in GUI status, and VTI interface na... Jim Pingle
07:51 PM Revision 5814ad25: Revise IPsec widget icon behavior. Fixes #12347: * Change P1 status test so it can detect the "connecting" state and show
a distinct icon.
* Use gettext() for icon to... Jim Pingle
04:00 PM Bug #12350 (Feedback): Incorrect label for IPsec DH group 32: Applied in changeset commit:c7a78ad6792a4cff9ab53fd1171b9f77c925d390. Viktor Gurov
04:00 PM Bug #12481 (Feedback): Temporary files for firewall rules generated from RADIUS ACL entries are not deleted on unclean shutdown: Applied in changeset commit:a96a7151f15c0ad54bdac522b1ac3876409766b9. Viktor Gurov
03:54 PM Feature #12397 (Feedback): Distinguish between policy-based and route-based entries on IPsec status SPD tab: Fix committed, will be in images soon. Jim Pingle
12:27 PM Feature #12397 (In Progress): Distinguish between policy-based and route-based entries on IPsec status SPD tab: Jim Pingle
03:54 PM Bug #12347 (Feedback): IPsec widget treats phase 1 in "connecting" state as connected: Fix committed, will be in images soon. Jim Pingle
12:27 PM Bug #12347 (In Progress): IPsec widget treats phase 1 in "connecting" state as connected: Jim Pingle
03:46 PM Feature #4881: Allow NPt to use dynamic IPv6 networks: It is blocked waiting on #6880 which is still undergoing testing and development. Jim Pingle
03:30 PM Feature #4881: Allow NPt to use dynamic IPv6 networks: There is a PR pending for this since 11 months apparently, what's the current status? Flole Systems
01:25 PM Bug #12170: Interface assignment mismatch is not detected if VLAN-only parent interface is removed: Jim,
Your choice of course however note:
- I took me longer than necessary to understand the problem by then, bec... Louis B
01:10 PM Bug #12170: Interface assignment mismatch is not detected if VLAN-only parent interface is removed: And as noted above, that may be true for your environment but *not* for most others. Your experience is *unusual* and... Jim Pingle
12:58 PM Bug #12170: Interface assignment mismatch is not detected if VLAN-only parent interface is removed: Jim,
As stated before, IMHO the fact that a particular interface fails, should NOT be a reason to shut the whole s... Louis B
01:05 PM pfSense Docs Correction #12471: AES-XCBC should not be recommended as PRF for IPsec: Kev Kitchens wrote in #note-5:
> Totally understandable, although I believe most CPUs supporting AES-NI would also l... Jim Pingle
12:55 PM pfSense Docs Todo #12478 (Feedback): Feedback on Virtual Private Networks — IPsec — Mobile IPsec — Choosing a Mobile IPsec Style: Added to staged 22.01 docs:
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/64cbd3b581c737171e0f592994b7bbce... Jim Pingle
12:26 AM pfSense Packages Bug #12487 (Closed): Netgate Firmware Upgrade 0.41.1 offers to upgrade FW version 01.00.00.11 to itself: See attached screenshot. When current firmware version == latest firmware version, should there be an "Upgrade and R... Andrew Warren

10/26/2021

05:57 PM Revision 3d1db50b: vim-console is now a FLAVOR: Renato Botelho
10:24 AM Bug #12472: IPsec Keep Alive does not work correctly with gateway groups in HA: There exists checks in other areas that could be adapted for this:
https://gitlab.netgate.com/pfSense/pfSense/blob/m... Marcos M
06:41 AM pfSense Packages Feature #11531 (Assigned): Show netmap compatible cards in IPS Mode note: Tested on 21.05.1
There is a list of Netmap! Supported drivers:
_WARNING: Inline Mode only works with NIC drivers w... Azamat Khakimyanov
06:31 AM pfSense Packages Feature #11533 (Resolved): add ena(4) to the list of INLINE mode (netmap) supported cards: Tested on 21.05.1
There is ena NIC in the list of Netmap! Supported drivers.
Marked this Feature request as resolved. Azamat Khakimyanov

10/25/2021

06:21 PM Bug #6880: Multiple DHCP6 WAN connections leads to multiple dhcp6c clients: Has the fix been merged yet? What's the current status? Can we set the target version appropriately as there is now a... Flole Systems
05:24 PM pfSense Docs Correction #12469: Automatic outbound NAT rules are applied to the WG interface: Brett Keller wrote in #note-8:
> Setting an upstream gateway includes the interface in automatic outbound NAT rule g... Brett Keller
05:04 PM Bug #12486: Editing a network interface: I see now, at some point I must have turned on RAs then turned off IPv6 for the interface I’d turned it on for. Maybe... James Chambers
03:37 PM Bug #12486: Editing a network interface: Sorry but I’ve searched and searched for answers already, the interface tells me to disable router advertisements and... James Chambers
02:33 PM Bug #12486 (Not a Bug): Editing a network interface: This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
01:24 PM Bug #12486: Editing a network interface: *issue James Chambers
01:23 PM Bug #12486: Editing a network interface: I can get around the issues by temporarily adding an IPv6 configuration. James Chambers
01:12 PM Bug #12486 (Not a Bug): Editing a network interface: I have a network interface just for accessing the pfSense GUI. From this network I can edit other interfaces but I am... James Chambers
12:31 PM pfSense Packages Bug #12399: WireGuard v0.1.5 - Tunnel Will Never Handshake Again After WAN Reset: Just a quick update to let you know I've tested for this issue on the latest community release of OPNsense (21.7.3_3)... Ryan Roosa
10:11 AM Feature #12011: Disable log compression on new installations when ``/var/log`` is a ZFS dataset with compression enabled: I'm fairly certain that's because the 2100 and 1100 have compression off on @/var/log@ by default. You can confirm th... Jim Pingle
10:06 AM Feature #10587 (Resolved): UPnP/NAT-PMP STUN configuration options: Jim Pingle
10:02 AM pfSense Packages Bug #11465 (Closed): Input validation does not prevent multiple conflicting WireGuard peers on a single tunnel from attempting to act as default route: Jim Pingle
09:51 AM Bug #12485 (Rejected): DDNS set to a gateway group does not update on WAN failover: I can't replicate this. I use multi-WAN with DDNS on my edge and it updates properly, I had several failures last wee... Jim Pingle
07:26 AM pfSense Packages Feature #11386 (Resolved): Add WireGuard tunneled networks to vpnaddresses list: Tested on 21.05_p1 and on 22.01-DEVELOPMENT (built on Sun Oct 24 05:22:55 UTC 2021)
I see WireGuard tunnel network i... Azamat Khakimyanov

10/24/2021

08:02 AM pfSense Packages Bug #11682 (Resolved): Certificate Manager page do not show STunnel used certificates: Tested on 21.05.1 and 22.01-DEVELOPMENT (built on Sun Oct 24 05:22:55 UTC 2021)
I still see this Bug on 21.05.1 but ... Azamat Khakimyanov
07:43 AM pfSense Packages Bug #11683 (Resolved): Certificate Manager page doesn't show FreeRADIUS used certificates: Tested on 21.05.1 and 22.01-DEVELOPMENT (built on Sun Oct 24 05:22:55 UTC 2021)
I see FreeRADIUS certificate in 'IN ... Azamat Khakimyanov
07:04 AM pfSense Packages Bug #11687 (Resolved): Fix download URLs for SecuriteInfo.com: Tested on 21.05.1 and 22.01-DEVELOPMENT (Squid: 0.4.45_5).
I saw SecuriteInfo.com ID in /usr/local/pkg/squid_antivir... Azamat Khakimyanov

10/23/2021

06:13 PM Feature #10587: UPnP/NAT-PMP STUN configuration options: Options for setting STUN configuration is present in UPnP/NAT-PMP on 22.01.a.20211023.0500 Jordan G
05:47 PM Feature #12011: Disable log compression on new installations when ``/var/log`` is a ZFS dataset with compression enabled: 2100 on ZFS upgraded to 22.01.a.20211023.0500 shows bzip2 as log compression setting. Set to none, saved and then fac... Jordan G
05:23 PM pfSense Plus Bug #11626: Google LDAP connections fail due to lack of SNI for TLS 1.3: It appears that openldap25-client and openldap25-server are both in freshports for FreeBSD.
https://www.freshpor... Kris Phillips
11:55 AM Feature #12441 (Resolved): Send notification for halt, reboot, and reroot events: Tested in
2.6.0-DEVELOPMENT (amd64)
built on Sat Oct 23 05:23:58 UTC 2021
FreeBSD 12.3-PRERELEASE
I get no... Max Leighton
11:44 AM Todo #12449: Update "DNS Server Override" and "DNS Query Forwarding" help text: Checked in
2.6.0-DEVELOPMENT (amd64)
built on Sat Oct 23 05:23:58 UTC 2021
FreeBSD 12.3-PRERELEASE
The help ... Max Leighton
06:48 AM Bug #12483: GUI creates inconsistent config.xml: The `staticroutes` is just 1 example of many, there are few other configuration keys which are victim of this issue.
... Evren Yurtesen
06:36 AM pfSense Packages Bug #11465: Input validation does not prevent multiple conflicting WireGuard peers on a single tunnel from attempting to act as default route: This ticket can now be closed as the PR has been merged Adam Cooper

10/22/2021

08:42 PM pfSense Docs Correction #12471: AES-XCBC should not be recommended as PRF for IPsec: Thanks for taking this up Jim!
> Originally that was recommended as it would result in the highest performance on ... Kev Kitchens
01:11 PM pfSense Docs Correction #12471 (Feedback): AES-XCBC should not be recommended as PRF for IPsec: Fixed in https://gitlab.netgate.com/docs/pfSense-docs/-/commit/5086c307ec3b213edcc7efbfc82eabf416053ce3 but won't be ... Jim Pingle
12:39 PM pfSense Docs Correction #12471: AES-XCBC should not be recommended as PRF for IPsec: It's also worth noting that the native IPsec client in Android 11 and 12 does support AES-XCBC and has it listed befo... Jim Pingle
09:58 AM pfSense Docs Correction #12471: AES-XCBC should not be recommended as PRF for IPsec: Originally that was recommended as it would result in the highest performance on systems with hardware acceleration f... Jim Pingle
08:24 PM Revision c7a78ad6: Elliptic Curve 25519, 448 bit -> Elliptic Curve 448, 448 bit PH2 rename. Fixes #12350: Viktor Gurov
04:15 PM Bug #12485: DDNS set to a gateway group does not update on WAN failover: I should add that WAN failover happens without issue. The default gateway becomes WAN2 as expected. It's just DDNS th... Max Leighton
04:14 PM Bug #12485 (Rejected): DDNS set to a gateway group does not update on WAN failover: For my test, I observed this in 21.01, and it has been observed in 21.05.1 as well.
It's been reported that DDNS i... Max Leighton
03:04 PM pfSense Packages Bug #12482 (Pull Request Review): Outdated doc links: Jim Pingle
08:59 AM pfSense Packages Bug #12482: Outdated doc links: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/140 Viktor Gurov
07:06 AM pfSense Packages Bug #12482 (Resolved): Outdated doc links: The HAProxy-devel package (based on haproxy 2.4.x) uses outdated doc links (haproxy 1.7):... Viktor Gurov
03:02 PM Bug #12350 (Pull Request Review): Incorrect label for IPsec DH group 32: Jim Pingle
01:09 AM Bug #12350: Incorrect label for IPsec DH group 32: Alhusein Zawi wrote in #note-5:
> fixed "Elliptic Curve 448" in P1.
>
> still showing up as "Elliptic Curve 25519... Viktor Gurov
03:01 PM Feature #12184 (Pull Request Review): GUI options to configure IKE retransmission behavior: Jim Pingle
01:05 AM Feature #12184: GUI options to configure IKE retransmission behavior: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/438 Viktor Gurov
02:56 PM Bug #12481 (Pull Request Review): Temporary files for firewall rules generated from RADIUS ACL entries are not deleted on unclean shutdown: Jim Pingle
12:56 PM pfSense Packages Bug #12142 (Resolved): XMLRPC replication target configuration: Tested on the:... Danilo Zrenjanin
12:39 PM Bug #12356 (Resolved): Validation when deleting a VIP does not check if the VIP is used by IPsec phase 1 entries: Tested on the:... Danilo Zrenjanin
09:42 AM pfSense Packages Bug #12484 (Duplicate): Unable to remove intermediate CA: It's the same as the other linked issue. Adding that feature will solve this problem as the user could choose the oth... Jim Pingle
09:38 AM pfSense Packages Bug #12484 (Duplicate): Unable to remove intermediate CA: Some client needs to remove intermediate "ISRG Root X1" CA to allow legacy clients to work,
otherwise they will get ... Viktor Gurov
07:54 AM Bug #12483 (New): GUI creates inconsistent config.xml: With pfSense 2.5. If I update the Hostname from the GUI. The config diff shows the normal hostname change, in additio... Evren Yurtesen
02:50 AM Feature #7749 (Resolved): Support ``0`` CIDR mask for IGMP Proxy networks: Viktor Gurov
02:06 AM Feature #7749: Support ``0`` CIDR mask for IGMP Proxy networks: Tested on the:... Danilo Zrenjanin

10/21/2021

07:10 PM Bug #12350: Incorrect label for IPsec DH group 32: fixed "Elliptic Curve 448" in P1.
still showing up as "Elliptic Curve 25519, 448 bit" in P2.
2.6.0.a.202110... Alhusein Zawi
05:15 PM pfSense Docs Correction #12471: AES-XCBC should not be recommended as PRF for IPsec: For some further justification, the NIST Guide to IPsec VPNs (SP 800-77) does not list AES-XCBC as an approved PRF al... Kev Kitchens
03:11 PM Revision a96a7151: Delete stale OpenVPN RADIUS ACL generated rules. Fixes #12481: Viktor Gurov
02:02 PM Revision 5a1436da: Tell us the name of the logs tarball so we don't have to go hunting through s3: Brad Davis
01:28 PM Revision 46cdd9ab: Allow to select PPPoE Server authentication protocol. Implements #12438: Viktor Gurov
01:27 PM Revision aa1936ee: DNS check optimization for NDP diag page. Fixes #11512: Viktor Gurov
10:13 AM Bug #12481: Temporary files for firewall rules generated from RADIUS ACL entries are not deleted on unclean shutdown: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/436 Viktor Gurov
09:47 AM Bug #12481 (Closed): Temporary files for firewall rules generated from RADIUS ACL entries are not deleted on unclean shutdown: ovpn_ovpnsX_user_NNN.rules files under /tmp folder are not deleted on unclean shutdown Viktor Gurov
09:41 AM Bug #12335: IPsec DNS inefficiency: Jim Pingle wrote:
> Additionally, look at all calls of @ipsec_get_phase1_dst()@ such as when configuring VTI interfa... Viktor Gurov
08:45 AM Feature #12438 (Feedback): Option to select PPPoE Server authentication protocol: Applied in changeset commit:46cdd9ab8e3f5e22a9178f9bca2d8785f7de38a7. Viktor Gurov
08:01 AM Feature #12438 (Pull Request Review): Option to select PPPoE Server authentication protocol: Jim Pingle
06:12 AM Feature #12438: Option to select PPPoE Server authentication protocol: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/434 Viktor Gurov
08:35 AM Regression #11512 (Feedback): DHCP Leases page and ARP table page fail to load if DNS is not available: Applied in changeset commit:aa1936eefc251b5330e7392f3b1fbc23a006a400. Viktor Gurov
08:30 AM Feature #12441 (Feedback): Send notification for halt, reboot, and reroot events: Applied in changeset commit:138f2dd0087989cfd5cbb2caa71af83529139475. Viktor Gurov
07:59 AM Feature #12441 (Pull Request Review): Send notification for halt, reboot, and reroot events: Jim Pingle
03:28 AM Feature #12441 (New): Send notification for halt, reboot, and reroot events: Send notification on WebGUI reboot/reroot/halt:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/433 Viktor Gurov
08:25 AM Revision 138f2dd0: Send notification on WebGUI reboot/reroot/halt. Implements #12441: Viktor Gurov
08:19 AM Feature #12480: Wake on LAN button to wake all devices: Adding a confirmation prompt would be viable, but I don't see it being a significant enough need to add an option som... Jim Pingle
06:59 AM Feature #12480: Wake on LAN button to wake all devices: It could be a good idea to have the possibilities to move/remove the button "Wake All Devices" or be able to put ... Antoine Graux
06:56 AM Feature #12480 (Resolved): Wake on LAN button to wake all devices: It could be a good idea to have the possibilities to move or remove the button "Wake All Devices".If the administrato... Antoine Graux
08:15 AM Bug #12436: Pppoe server config gui does not allow setting of chap authentication, and sets the network start address for allocation to 0: Viktor Gurov wrote in #note-4:
> Jim Pingle wrote in #note-3:
> > An IP address ending in @.0@ is only invalid when... Jim Pingle
06:31 AM Bug #12436 (New): Pppoe server config gui does not allow setting of chap authentication, and sets the network start address for allocation to 0: Jim Pingle wrote in #note-3:
> An IP address ending in @.0@ is only invalid when used as a part of an actual subnet.... Viktor Gurov
03:48 AM Bug #9344: OpenVPN click NCP Algorithms will always go to DH Parameters website(in Chinese-Taiwan): I've already fixed this issue on https://zanata.netgate.com, but it looks like it's not merged to 2.6.0 Viktor Gurov
12:45 AM Bug #12452: Port forward rules are not created for special networks (pppoe, openvpn): Marcos Mendoza wrote in #note-1:
> This should be tested on 22.01 snapshots as something changed to fix the missing ... Viktor Gurov

10/20/2021

05:53 PM pfSense Docs Correction #12469: Automatic outbound NAT rules are applied to the WG interface: Christian McDonald wrote in #note-3:
> For assigned tunnel interfaces, the inverse is true...pfSense has no way of k... Brett Keller
10:25 AM pfSense Docs Correction #12469 (Closed): Automatic outbound NAT rules are applied to the WG interface: Merged and deployed. Jim Pingle
08:28 AM pfSense Docs Correction #12469 (Pull Request Review): Automatic outbound NAT rules are applied to the WG interface: Jim Pingle
04:48 PM Revision e6df5881: Icon for traffic direction on floating rules tab. Implements #12433: Viktor Gurov
04:11 PM Revision 6e889d88: Fix OpenVPN status page halt function when client_id=0. Issue #12416: Viktor Gurov
04:07 PM Revision 349e7c67: Update DNS Server Override and DNS Query Forwarding help text. Todo #12449: Viktor Gurov
04:05 PM Revision 2c702751: IPsec PC/SC daemon status / services page fix. Issue #12468: Viktor Gurov
03:17 PM Bug #12479 (Rejected): Secure Cookie Attribute Not Set for webConfigurator: It's already set to true if the GUI is set to HTTPS.
If it's set to HTTP, it isn't set.
source:src/etc/inc/auth... Jim Pingle
03:10 PM Bug #12479 (Rejected): Secure Cookie Attribute Not Set for webConfigurator: The webConfigurator does not require secure transmission of cookies using the Secure Cookie Attribute in PHP. As suc... Kris Phillips
01:50 PM Revision 0b783d30: Remove stale captiveportal_online_users file on boot. Fixes #12455: Viktor Gurov
01:13 PM Regression #12442 (Resolved): Unexpected error message after trying to delete a CARP VIP: fixed
"Virtual IP # 0 does not exist." is not showing up.
2.6.0.a.20211020.0500
Alhusein Zawi
11:55 AM Feature #12433 (Feedback): Icon for traffic direction on floating rules tab: Applied in changeset commit:e6df58819b5cfd261630d2ff35a9d40246a2af45. Viktor Gurov
11:50 AM Feature #12416 (Feedback): Support OpenVPN ``client-kill`` to terminate remote clients instead of clearing their session: Merged Viktor Gurov
11:49 AM Todo #12449 (Feedback): Update "DNS Server Override" and "DNS Query Forwarding" help text: Merged Viktor Gurov
11:49 AM Bug #12468 (Feedback): Stopping IPsec daemon on the Status / Services page lead to log files flooding if pcscd daemon is enabled: Merged Viktor Gurov
09:10 AM Bug #12455 (Feedback): Captive Portal online user statistics data is not cleared on unclean shutdown: Applied in changeset commit:0b783d30498a717d27419be6a9fd1c129d26ae21. Viktor Gurov
08:54 AM pfSense Docs Todo #12478: Feedback on Virtual Private Networks — IPsec — Mobile IPsec — Choosing a Mobile IPsec Style: There are mentions of Group auth in the IPsec docs which are still pending (waiting on 22.01 now):
http://stage-v2... Jim Pingle
08:37 AM pfSense Docs Todo #12478 (Closed): Feedback on Virtual Private Networks — IPsec — Mobile IPsec — Choosing a Mobile IPsec Style: *Page:* https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/mobile-choices.html#ikev2-with-eap-radius
https... Viktor Gurov
08:35 AM Bug #12472: IPsec Keep Alive does not work correctly with gateway groups in HA: Viktor Gurov wrote in #note-1:
> It's difficult to determine if specific interfaces of a gateway group are being use... Jim Pingle
02:45 AM Bug #12472: IPsec Keep Alive does not work correctly with gateway groups in HA: It's difficult to determine if specific interfaces of a gateway group are being used for CARP VIP too, since the conf... Viktor Gurov
08:30 AM pfSense Packages Bug #12475 (Pull Request Review): OpenVPN Client Export does not show certificate without private key: Jim Pingle
01:42 AM pfSense Packages Bug #12475: OpenVPN Client Export does not show certificate without private key: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/137 Viktor Gurov
08:22 AM pfSense Packages Bug #12293 (Resolved): Resolve host via Reverse DNS looks shows IDN domains as punnycode: suricata 6.0.3_3 - works as expected Viktor Gurov
08:21 AM Todo #12454 (Resolved): Suppress kernel messages when loading ``dummynet`` and thermal sensor modules: 2.6.0.a.20211020.0500 - works as expected Viktor Gurov
08:17 AM Bug #12448 (Resolved): Set OpenVPN Gateway Creation value to "Both" by default for new instances: 2.6.0.a.20211020.0500 - looks good Viktor Gurov
03:23 AM Feature #12407: Use deferred client connections in OpenVPN: Marcos Mendoza wrote in #note-1:
> https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/402
#12321 and #12316... Viktor Gurov
03:16 AM pfSense Packages Regression #12476: Suricata 6.0.3_3 Pass List ignores all single IPs: fix:
https://github.com/pfsense/FreeBSD-ports/pull/1117 Viktor Gurov
02:57 AM Bug #12477 (Closed): IPsec Keep Alive does not work correctly with stacked IP Aliases in HA: not an issue, work correctly Viktor Gurov
02:47 AM Bug #12477 (Closed): IPsec Keep Alive does not work correctly with stacked IP Aliases in HA: In @ipsec_keepalive.php: (substr($status[$ikeid]['p1']['interface'], 0, 4) == "_vip")@ does not check IP Aliases stac... Viktor Gurov

10/19/2021

02:46 PM Revision d12195f5: Set Gateway creation radio button to Both by default. Fixes #12448: Viktor Gurov
02:25 PM pfSense Docs Correction #12469 (Waiting on Merge): Automatic outbound NAT rules are applied to the WG interface: Thanks for the feedback.
https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/25 Christian McDonald
01:54 PM pfSense Packages Regression #12476: Suricata 6.0.3_3 Pass List ignores all single IPs: I did not try intermediate versions between 6.0.0_14 and 6.0.3_3, just installed the latest, so I can't say when this... Steve Y
09:57 AM pfSense Packages Regression #12476: Suricata 6.0.3_3 Pass List ignores all single IPs: Edit: I have a 2100/21.05.1 with the latest Snort 4.1.4_3 and it doesn't have this issue. Steve Y
09:50 AM pfSense Packages Regression #12476 (Resolved): Suricata 6.0.3_3 Pass List ignores all single IPs: After upgrading pfSense-pkg-suricata from 6.0.0_14 to 6.0.3_3 all Pass List entries for single IPs are ignored and no... Steve Y
01:00 PM Regression #12442 (Feedback): Unexpected error message after trying to delete a CARP VIP: Merged Viktor Gurov
12:59 PM Regression #12288 (Feedback): GRE and GIF tunnel inside addresses are missing at the OS level after applying changes on assigned interfaces: Merged Viktor Gurov
10:00 AM Bug #12448 (Feedback): Set OpenVPN Gateway Creation value to "Both" by default for new instances: Applied in changeset commit:d12195f57d0722749ebc4de177f7ea1648680a7e. Viktor Gurov
09:55 AM Feature #12441 (Feedback): Send notification for halt, reboot, and reroot events: Applied in changeset commit:4738f3080db4abb0e49d410d07a9611aeba65e25. Viktor Gurov
08:32 AM Revision 4738f308: Send reboot/reroot/halt notification. Implements #12441: Viktor Gurov
07:43 AM Bug #12470 (Pull Request Review): Thermal Sensors Dashboard widget filter for negative values refers to invalid variable: Jim Pingle
07:24 AM pfSense Packages Bug #12475 (Resolved): OpenVPN Client Export does not show certificate without private key: When using the page https://<server>/vpn_openvpn_export.php to export an openvpn client config package only certifica... Denis Grilli
05:21 AM pfSense Packages Feature #12447: Acme add dnsapi dns_cpanel.sh: How can I upgrade? Akos Tomaschik

10/18/2021

08:45 PM Feature #12473 (New): Allow user adjustment of IPsec Keep Alive periodic checks: Let the user adjust the keepalive check time introduced in #12169, as the keepalive time could be lowered once #12184... Marcos M
08:41 PM Bug #12472 (Resolved): IPsec Keep Alive does not work correctly with gateway groups in HA: In @ipsec_keepalive.php@: @(substr($status[$ikeid]['p1']['interface'], 0, 4) == "_vip")@ returns a false negative whe... Marcos M
08:33 PM Bug #12452: Port forward rules are not created for special networks (pppoe, openvpn): This should be tested on 22.01 snapshots as something changed to fix the missing nat rules (see #11481) which may aff... Marcos M
06:40 PM pfSense Docs Correction #12471 (Closed): AES-XCBC should not be recommended as PRF for IPsec: The IPsec Configuration (https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/configure.html) and VPN Scaling (https:... Kev Kitchens
04:46 PM pfSense Packages Bug #12399: WireGuard v0.1.5 - Tunnel Will Never Handshake Again After WAN Reset: FWIW, just wanted to share updates I've made to my bandaid script. I found that 'head -c' usage on '/dev/urandom' lik... Ryan Roosa
11:16 AM pfSense Packages Bug #12399: WireGuard v0.1.5 - Tunnel Will Never Handshake Again After WAN Reset: Christian McDonald wrote in #note-13:
> Thank you for the detailed report here. This is immensely helpful. I will co... Ryan Roosa
04:10 PM Bug #12470 (Resolved): Thermal Sensors Dashboard widget filter for negative values refers to invalid variable: The Thermal Sensors widget has code to filter out any sysctl line that contains ' -', but is checking a $negsign vari... Daniel Cameron
03:14 PM Revision dc883862: Reset CP DB on unclean shutdown if preservedb option is not enabled. Fixes #12355: Viktor Gurov
03:13 PM Revision 661c23ea: GRE/GIF interface configure fix. Issue #12288: Viktor Gurov
03:13 PM Revision 26bbdbc5: deleteVIP() input validation fix. Issue #12442: Viktor Gurov
03:13 PM Revision 322ac50f: Elliptic Curve 25519, 448 bit -> Elliptic Curve 448, 448 bit rename. Fixes #12350: Viktor Gurov
03:12 PM Revision aabaad0a: Mute kernel messages on dummynet and thermal hardware modules load. Fixes #12454: Viktor Gurov
03:12 PM Revision 1c4c9e7f: Allow to use /0 netmask on IGMP Proxy edit page. Fixes #7749: Viktor Gurov
03:11 PM Revision ff6d9cb1: Traffic Shaper Wizard IPv6 support. Implements #4769: Viktor Gurov
02:48 PM pfSense Docs Correction #12469: Automatic outbound NAT rules are applied to the WG interface: Thanks. It would probably be useful to put a note about this in the docs for the s2s instructions. Brendon Baumgartner
02:41 PM pfSense Docs Correction #12469: Automatic outbound NAT rules are applied to the WG interface: Outbound NAT rules are not applied on unassigned tunnel interfaces. pfSense has no way of knowing these interfaces ex... Christian McDonald
01:49 PM pfSense Docs Correction #12469 (Resolved): Automatic outbound NAT rules are applied to the WG interface: These is back in the current wireguard package.
https://forum.netgate.com/topic/165344/wireguard-site-to-site-vpn/... Brendon Baumgartner
11:23 AM pfSense Docs Todo #12445 (Rejected): Feedback on pfSense Configuration Recipes: The ePub opens and reads fine in Calibre (Multiple operating systems), FBReader, and others I tried which support ePu... Jim Pingle
10:20 AM Bug #12355 (Feedback): Captive Portal database and ``ipfw`` rules are out of sync after unclean shutdown: Applied in changeset commit:dc883862bc431c929d3063cd83603b504cd173bd. Viktor Gurov
08:22 AM Bug #12355 (Pull Request Review): Captive Portal database and ``ipfw`` rules are out of sync after unclean shutdown: Jim Pingle
10:20 AM Bug #12350 (Feedback): Incorrect label for IPsec DH group 32: Applied in changeset commit:322ac50fafd5b186763b8113d3cab24d6101d8f1. Viktor Gurov
07:46 AM Bug #12350 (Pull Request Review): Incorrect label for IPsec DH group 32: Jim Pingle
10:20 AM Todo #12454 (Feedback): Suppress kernel messages when loading ``dummynet`` and thermal sensor modules: Applied in changeset commit:aabaad0ab7e479a19ae597f2710eb4004d10f2ac. Viktor Gurov
08:17 AM Todo #12454 (Pull Request Review): Suppress kernel messages when loading ``dummynet`` and thermal sensor modules: Jim Pingle
10:20 AM Feature #7749 (Feedback): Support ``0`` CIDR mask for IGMP Proxy networks: Applied in changeset commit:1c4c9e7f2fe686b8ccea6780cabe43635d27856d. Viktor Gurov
08:21 AM Feature #7749 (Pull Request Review): Support ``0`` CIDR mask for IGMP Proxy networks: The Gitlab link is private and intended for internal review, it's not public yet. Once we merge the PR it will be vis... Jim Pingle
10:20 AM Feature #4769 (Feedback): IPv6 support in the Traffic Shaper Wizard: Applied in changeset commit:ff6d9cb1d7d5443a196cbedbf5632d9072415a0a. Viktor Gurov
08:54 AM Feature #4769 (Pull Request Review): IPv6 support in the Traffic Shaper Wizard: Jim Pingle
10:03 AM pfSense Docs Correction #12450 (Closed): Typo in the Phase 2 proposal (Child SA) section.: Fixed in the new IPsec docs coming with 22.01, changing them in the current docs would cause a merge conflict with th... Jim Pingle
09:37 AM Bug #12468 (Pull Request Review): Stopping IPsec daemon on the Status / Services page lead to log files flooding if pcscd daemon is enabled: Jim Pingle
09:35 AM Bug #12460 (Pull Request Review): Unbound falls back to using all outgoing network interfaces if manually selected outgoing interface(s) are unavailable: Jim Pingle
09:31 AM Todo #12431 (Pull Request Review): GUI pages should use ``POST`` for AJAX calls, not ``GET``: Jim Pingle
09:26 AM Feature #12342 (Pull Request Review): Dynamic DNS client proxy support: Jim Pingle
09:21 AM Feature #12169 (Resolved): IPsec keep alive option to initiate phase 2 without using ICMP: Those should be added as a separate bug report and feature request. For most cases this is working fine.
Jim Pingle
09:19 AM Feature #12464 (Pull Request Review): Option to control log level of authentication messages in system logs ("Emergency" vs "Notice" level): The current behavior is intentional since it triggers the login "beep" and console message.
If we change this at a... Jim Pingle
09:10 AM pfSense Packages Feature #11163 (Pull Request Review): Preferred Chain option: Jim Pingle
09:01 AM Feature #12433 (Pull Request Review): Icon for traffic direction on floating rules tab: Jim Pingle
08:37 AM pfSense Docs Todo #12457: Add UPS Configuration Recipes for apcupsd and nut UPS Packages with Common Brand Units: We could maybe add some generic info but we should not attempt to keep a list of settings in the docs for hardware we... Jim Pingle
08:28 AM Bug #12455 (Pull Request Review): Captive Portal online user statistics data is not cleared on unclean shutdown: Jim Pingle
08:17 AM Revision 9263389e: fix filter expression to check correct variable instead of non-existing one: Daniel Cameron
08:15 AM Feature #12267 (Pull Request Review): OpenVPN option to limit concurrent connections per user: Jim Pingle
08:14 AM Bug #12332 (Pull Request Review): OpenVPN does not clear old Cisco-AVPair anchor rules in some cases: Jim Pingle
08:14 AM Feature #12407 (Pull Request Review): Use deferred client connections in OpenVPN: Jim Pingle
07:59 AM pfSense Docs Todo #12453 (Closed): Support for translation: It is something we have considered in the past but have not made a firm decision on. It's not just a technical proble... Jim Pingle
07:55 AM Todo #12449 (Pull Request Review): Update "DNS Server Override" and "DNS Query Forwarding" help text: Jim Pingle
07:51 AM Bug #12448 (Pull Request Review): Set OpenVPN Gateway Creation value to "Both" by default for new instances: Jim Pingle
07:47 AM pfSense Packages Feature #12447 (Rejected): Acme add dnsapi dns_cpanel.sh: New providers all get added when we update ACME from upstream, we don't add them manually or separately like this, so... Jim Pingle
07:45 AM Regression #11512 (Pull Request Review): DHCP Leases page and ARP table page fail to load if DNS is not available: Jim Pingle
07:37 AM Bug #10304 (Closed): ``radvd`` only responds to the first Router Solicitation received after each multicast Router Advertisement: Jim Pingle
07:35 AM Regression #12442 (Pull Request Review): Unexpected error message after trying to delete a CARP VIP: Jim Pingle
07:33 AM Regression #12288 (Pull Request Review): GRE and GIF tunnel inside addresses are missing at the OS level after applying changes on assigned interfaces: Jim Pingle
07:31 AM Feature #12441 (Pull Request Review): Send notification for halt, reboot, and reroot events: Jim Pingle
07:27 AM Feature #12416 (Pull Request Review): Support OpenVPN ``client-kill`` to terminate remote clients instead of clearing their session: The "last fix PR":https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/413 hasn't been merged yet. Jim Pingle
05:48 AM pfSense Packages Todo #12456 (Resolved): Remove zabbix 5.2 packages: Max Leighton wrote in #note-3:
> I checked in
>
> 2.6.0-DEVELOPMENT (amd64)
> built on Sat Oct 16 05:24:35 UTC... Renato Botelho

10/17/2021

11:04 AM Feature #12318 (Resolved): Display default "Reflection Timeout" value on ``system_advanced_firewall.php``: 2.6.0.a.20211016.0500 - looks good Viktor Gurov
10:02 AM Feature #12318 (Feedback): Display default "Reflection Timeout" value on ``system_advanced_firewall.php``: Viktor Gurov
10:04 AM Bug #8013 (New): IPsec MSS clamping value shared for IPv4 and IPv6: Jim Pingle wrote in #note-3:
> https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/230
This is another fi... Viktor Gurov
10:00 AM Bug #12468: Stopping IPsec daemon on the Status / Services page lead to log files flooding if pcscd daemon is enabled: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/431 Viktor Gurov
09:52 AM Bug #12468 (Resolved): Stopping IPsec daemon on the Status / Services page lead to log files flooding if pcscd daemon is enabled: - PC/SC daemon must be stopped before strongswan, otherwise it will flood log
- There is no needs in PC/SC service e... Viktor Gurov
09:30 AM Bug #12460: Unbound falls back to using all outgoing network interfaces if manually selected outgoing interface(s) are unavailable: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/430 Viktor Gurov
05:50 AM Revision 67fedb90: Use proxy for DDNS Check IP Services. Feature #12342: Viktor Gurov
05:35 AM Bug #12467: CP error on client disconnect after reboot: addition:
for some reason I see .db file of deleted CP zone after reboot (also if 'rm /var/db/captiveportal*'):
<pre... Viktor Gurov
04:56 AM Bug #12467 (Resolved): CP error on client disconnect after reboot: How to reproduce:
1) Create CP zone "mycpzone" with default settings and Local Database authentication (maybe other ... Viktor Gurov
01:30 AM Todo #12431: GUI pages should use ``POST`` for AJAX calls, not ``GET``: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/429 Viktor Gurov
12:52 AM Feature #12342 (New): Dynamic DNS client proxy support: Check IP Services proxy support:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/428 Viktor Gurov
12:30 AM pfSense Packages Feature #12462: Telegraf: Add "devfs" to ignore_fs: https://github.com/pfsense/FreeBSD-ports/pull/1114 Viktor Gurov
12:10 AM Bug #12463 (Duplicate): Unexpected error message after trying to delete a VIP alias: Duplicate of #12442 Viktor Gurov
12:09 AM Todo #12430 (Resolved): Add IPsec phase 2 BINAT subnet size input validation: Viktor Gurov
12:04 AM Bug #12038 (Resolved): System attempts to start inactive services at boot: Viktor Gurov

10/16/2021

10:04 PM Feature #12466 (New): Option to Disable Renegotiation timer in OpenVPN Server: We should add an option to the OpenVPN server webConfigurator so that we can disable renegotiation in OpenVPN. This ... Kris Phillips
10:01 PM pfSense Packages Bug #12381 (Rejected): mOTP with RADIUS drops the VPN connection after 60 minutes: Jim Pingle wrote in #note-1:
> I don't think that's FreeRADIUS, but OpenVPN. IIRC OpenVPN defaults to reconnecting e... Kris Phillips
09:28 PM Bug #12038: System attempts to start inactive services at boot: Tested on 22.01. Looks good and disabled services don't show in the startup as far as I can tell. Kris Phillips
08:36 PM Feature #12169 (New): IPsec keep alive option to initiate phase 2 without using ICMP: I did some further testing on this.
@(substr($status[$ikeid]['p1']['interface'], 0, 4) == "_vip")@ returns a false... Marcos M
07:35 PM pfSense Packages Feature #12465 (New): Add forwardfor advanced usecases: By default haproxy creates new x-forward-for header and do not touch existing one. This could be found in documentati... DRago_Angel [InV@DER]
11:16 AM pfSense Packages Bug #11887 (Resolved): Squid service starts twice by /etc/rc.start_packages: Tested in:
22.01-DEVELOPMENT (amd64)
built on Wed Oct 13 05:25:11 UTC 2021
FreeBSD 12.2-STABLE
Squid: 0.4.45_5 ... Max Leighton
10:36 AM pfSense Packages Todo #12456: Remove zabbix 5.2 packages: I checked in
2.6.0-DEVELOPMENT (amd64)
built on Sat Oct 16 05:24:35 UTC 2021
FreeBSD 12.2-STABLE
And see tha... Max Leighton
10:13 AM Feature #12464: Option to control log level of authentication messages in system logs ("Emergency" vs "Notice" level): https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/427 Steve Wheeler
09:57 AM Feature #12464 (Resolved): Option to control log level of authentication messages in system logs ("Emergency" vs "Notice" level): All authentication logs are send with the Level set as Emergency even when authentication is successful:... Steve Wheeler
10:06 AM Feature #11957 (Resolved): XMLRPC synchronization for DHCP relay settings: Tested in
22.01-DEVELOPMENT (amd64)
built on Wed Oct 13 05:25:11 UTC 2021
FreeBSD 12.2-STABLE
The DHCP Relay... Max Leighton
09:44 AM Bug #12356: Validation when deleting a VIP does not check if the VIP is used by IPsec phase 1 entries: I tested on the:... Danilo Zrenjanin
09:44 AM Bug #12463 (Duplicate): Unexpected error message after trying to delete a VIP alias: There is an unexpected error message after trying to delete a VIP Alias type which is used as an interface for IPsec ... Danilo Zrenjanin
07:58 AM Feature #12416 (Resolved): Support OpenVPN ``client-kill`` to terminate remote clients instead of clearing their session: Tested on the:... Danilo Zrenjanin
07:44 AM Feature #12342 (Resolved): Dynamic DNS client proxy support: Tested on the:... Danilo Zrenjanin
07:23 AM Todo #12430: Add IPsec phase 2 BINAT subnet size input validation: Testet on the:... Danilo Zrenjanin

10/15/2021

09:37 PM pfSense Packages Bug #11592: Node exporter can not read system statistics: The issue is that in "node_collector v1.0.0":https://github.com/prometheus/node_exporter/blob/master/CHANGELOG.md#100... Daniel Kimsey
09:19 PM pfSense Packages Feature #11163: Preferred Chain option: I submitted a PR to implement this option as I found one my clients needed it for a particular cert I was issuing.
P... Daniel Kimsey
08:56 PM pfSense Packages Bug #12399: WireGuard v0.1.5 - Tunnel Will Never Handshake Again After WAN Reset: Ryan Roosa wrote in #note-12:
> Samuel Hanna wrote in #note-11:
> > The problem still persist on wireguard 0.1.5_1.... Samuel Hanna
08:55 PM pfSense Packages Bug #12399: WireGuard v0.1.5 - Tunnel Will Never Handshake Again After WAN Reset: Thank you for the detailed report here. This is immensely helpful. I will continue to poke at this next week and repo... Christian McDonald
05:18 PM pfSense Packages Bug #12399: WireGuard v0.1.5 - Tunnel Will Never Handshake Again After WAN Reset: Samuel Hanna wrote in #note-11:
> The problem still persist on wireguard 0.1.5_1.
> even after changing the keys and ... Ryan Roosa
08:52 PM Feature #9617: PPPoE Static IP Configuration in GUI: any update on this feature??
it would be great to have this option in pppoe interface gui, it's very useful if i h... Samuel Hanna
06:44 PM pfSense Packages Feature #12462 (Pull Request Review): Telegraf: Add "devfs" to ignore_fs: The Netgate XG-1537 has the following disk paths at 100% utilization:
* /dev
* /var/dhcpd/dev
* /var/unbound/dev
... Offstage Roller
03:47 PM pfSense Docs Todo #12461 (Resolved): Improve macOS Serial Command Instructions: Many of the devices no longer just show "/dev/cu.usbserial" for their path in macOS. For example the SG-5100 with th... Kris Phillips
01:27 PM Feature #7749: Support ``0`` CIDR mask for IGMP Proxy networks: The address for gitlab is in the private range. I can't tell if you want me to see the update or not, but I have no a... Juan Abonia
09:57 AM Bug #12460 (Resolved): Unbound falls back to using all outgoing network interfaces if manually selected outgoing interface(s) are unavailable: How to reproduce:
1) Configure OpenVPN client and assign OpenVPN interface
2) Select OpenVPN interface in `Outgoi... Viktor Gurov
09:35 AM Todo #12459 (New): Add IP Alias subnet input validation: From https://docs.netgate.com/pfsense/en/latest/firewall/virtual-ip-address-comparison.html#ip-alias:
- Can be in a ... Viktor Gurov
08:18 AM Feature #12458 (New): Use "unixHomeDirectory" instead of "homeDirectory" when LDAP authentication server is Active Directory: In many Active Directory environments, @homeDirectory@ is a UNC path to an SMB/CIFS shared folder, e.g.,... Charles Hamilton
03:28 AM Feature #12433: Icon for traffic direction on floating rules tab: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/426 Viktor Gurov
03:00 AM Feature #4769: IPv6 support in the Traffic Shaper Wizard: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/425 Viktor Gurov

10/14/2021

07:30 PM Bug #12408 (Resolved): Input validation prevents creating 1:1 NAT rules on OpenVPN: able to create 1:1 NAT on openvpn int.
2.6.0.a.20211013.0500
Alhusein Zawi
03:41 PM Revision 35c4d4fd: Ticket #12456: Retire Zabbix 5.2 packages: Renato Botelho
02:19 PM Bug #12410 (Resolved): 1:1 NAT edit page lists incorrect entries in the Destination field: fixed
2.6.0.a.20211013.0500
Alhusein Zawi
12:53 PM pfSense Docs Todo #12457 (New): Add UPS Configuration Recipes for apcupsd and nut UPS Packages with Common Brand Units: A customer requested that we add some basic "how to" recipes to the pfSense docs for basic operations in the apcupsd ... Kris Phillips
10:16 AM pfSense Packages Todo #12456 (Feedback): Remove zabbix 5.2 packages: Done Renato Botelho
10:15 AM pfSense Packages Todo #12456 (Resolved): Remove zabbix 5.2 packages: zabbix 5.2 were removed from FreeBSD ports because they are unsupported by upstream. Remove pfSense packages as well Renato Botelho
09:55 AM pfSense Packages Bug #10431 (Resolved): pfBlockerNG Cron Job wrong - Clear IP / DNSBL Statistics: no such issue with pfBlockerNG-devel 3.1.0 (fixed):... Viktor Gurov
09:48 AM pfSense Packages Feature #9798: add ipv4 and ipv6 dnscrypt-resolvers feeds: actual link:
https://download.dnscrypt.net/dnscrypt-resolvers/json/public-resolvers.json Viktor Gurov
09:42 AM pfSense Packages Bug #11817 (Closed): Enabling Firewall / pfBlockerNG / DNSBL / IPv6 DNSBL blocks radvd from starting: Viktor Gurov
08:38 AM Feature #8908 (Closed): setting default gateway using lower Tier in case gateway group is set as default: no such issue on 2.6.0.a.20211013.0500 -
If I set GW group in Default gateway IPv4 then, after pressing 'apply', low... Viktor Gurov
04:05 AM Bug #12455: Captive Portal online user statistics data is not cleared on unclean shutdown: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/424 Viktor Gurov
03:57 AM Bug #12455 (Resolved): Captive Portal online user statistics data is not cleared on unclean shutdown: `/var/db/captiveportal_online_users` (used for RRD) can contain incorrect data on unclean shutdown
and should be cle... Viktor Gurov
03:10 AM Bug #12355: Captive Portal database and ``ipfw`` rules are out of sync after unclean shutdown: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/423 Viktor Gurov
12:25 AM Feature #7749: Support ``0`` CIDR mask for IGMP Proxy networks: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/422 Viktor Gurov
12:14 AM Todo #12454: Suppress kernel messages when loading ``dummynet`` and thermal sensor modules: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/421 Viktor Gurov
12:09 AM Todo #12454 (Resolved): Suppress kernel messages when loading ``dummynet`` and thermal sensor modules: There is a console spam on boot after loading dummynet.ko:
https://github.com/pfsense/pfsense/blob/fd331bdcdee813f67... Viktor Gurov

10/13/2021

06:41 PM pfSense Docs Todo #12453 (Closed): Support for translation: Hi
Can you give translation support for pfSense docs? I take a look in Readthedocs project and a way to bring supp... Claudio Ferreira
05:10 PM Revision e0019dfd: Added registration page and repo cert handling logic for CE -> Plus upgrade: Steve Beaver
02:47 PM pfSense Packages Bug #12251: Wireguard 0.1.5 - ignores "KeepAlive" parameter if empty (instead of disabling): → luckman212 wrote in #note-3:
> Hmm, seems like 86400 is not a valid value after all. It got silently accepted but ... Adam Cooper
01:51 PM Bug #12075 (Resolved): Changes to an existing IPsec configuration are not applied on HA secondary after XMLRPC sync: Tested on 22.01.a.20211010.0500 with configuration that I originally experienced the issue in. It works correctly now. Marcos M
01:45 PM Feature #12169 (Resolved): IPsec keep alive option to initiate phase 2 without using ICMP: Tested on 22.01.a.20211010.0500. Still works well. Marcos M
01:34 PM pfSense Packages Bug #12258: Copy key buttons only work in HTTPS mode: Created PR 150 to resolve this.
Tested on local dev instance with HTTP only access and it fallsback, does a consol... Adam Cooper
10:56 AM Bug #12452 (Resolved): Port forward rules are not created for special networks (pppoe, openvpn): https://forum.netgate.com/topic/167150/dns-redirect-on-pppoe-clients-failing:
"I have a pfSense server running suces... Viktor Gurov
10:53 AM Bug #12361 (Resolved): NAT rule overlap detection does not check special networks: Tested on 22.01.a.20211010.0500. Looks good. Marcos M
10:06 AM Bug #12451 (New): deleteVIP() does not check RFC2136 Update Source: It is possible to delete the Virtual IP that is used by RFC 2136 Dynamic DNS client in the 'Update Source' field
Viktor Gurov
09:17 AM pfSense Docs Todo #12428 (Closed): Feedback on Services — DNS Resolver — Host Overrides: + Viktor Gurov
09:08 AM pfSense Docs Correction #12450 (Closed): Typo in the Phase 2 proposal (Child SA) section.: Here is the link:
https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/configure.html#phase-2-proposal-child-sa
... Danilo Zrenjanin
09:06 AM pfSense Packages Bug #12443: DNSBL Category ```Enable All``` button not working: fix:
https://github.com/pfsense/FreeBSD-ports/pull/1113 Viktor Gurov
05:46 AM Revision fd331bdc: Dynamic DNS proxy option. Fixes #12342: Viktor Gurov
05:13 AM Revision b9fbc36a: Slack Notifications. Feature #12291: Viktor Gurov
05:10 AM Revision a3e79766: NAT 1:1 pseudo-interface input validation fix. Issue #12408: Viktor Gurov
04:47 AM Todo #12449: Update "DNS Server Override" and "DNS Query Forwarding" help text: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/420 Viktor Gurov
04:36 AM Todo #12449 (Resolved): Update "DNS Server Override" and "DNS Query Forwarding" help text: after implementing the 'Pull DNS' option for OpenVPN client
(Allow the firewall to use DNS servers provided to an Op... Viktor Gurov
03:36 AM Bug #12448: Set OpenVPN Gateway Creation value to "Both" by default for new instances: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/419 Viktor Gurov
03:32 AM Bug #12448 (Resolved): Set OpenVPN Gateway Creation value to "Both" by default for new instances: The ```Create Gateway``` radio button is unchecked by default, but the text below it says it should:
"If you assign ... Viktor Gurov
03:11 AM pfSense Packages Feature #12447 (Rejected): Acme add dnsapi dns_cpanel.sh: Hello,
Please add the following feature to the acme package:
https://github.com/acmesh-official/acme.sh/blob/mast... Akos Tomaschik
01:35 AM Bug #12350: Incorrect label for IPsec DH group 32: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/418 Viktor Gurov
01:23 AM Regression #11512: DHCP Leases page and ARP table page fail to load if DNS is not available: Ronald Schellberg wrote in #note-8:
> Noticed when executing a ndp diagnostic query, that _getHostName() is now decl... Viktor Gurov
12:55 AM Feature #12342 (Feedback): Dynamic DNS client proxy support: Applied in changeset commit:fd331bdcdee813f67ee111c43029d360febb79b1. Viktor Gurov
12:40 AM pfSense Docs Todo #12418 (Closed): AutoConfigBackup Menu Structure Documentation: Viktor Gurov
12:40 AM Bug #12446 (Duplicate): IPsec dashboard widget description: duplicate of #11910 Viktor Gurov
12:37 AM Feature #12291 (Feedback): Support for Slack notifications: Merged Viktor Gurov
12:36 AM Bug #12408 (Feedback): Input validation prevents creating 1:1 NAT rules on OpenVPN: Merged Viktor Gurov
12:10 AM Todo #12406 (Feedback): Remove unused functions: Merged Viktor Gurov
12:09 AM Bug #12410 (Feedback): 1:1 NAT edit page lists incorrect entries in the Destination field: Merged Viktor Gurov
12:08 AM Todo #12430 (Feedback): Add IPsec phase 2 BINAT subnet size input validation: Merged Viktor Gurov
12:06 AM Feature #12416 (Feedback): Support OpenVPN ``client-kill`` to terminate remote clients instead of clearing their session: Merged Viktor Gurov

10/12/2021

08:07 PM Bug #11481 (Closed): NAT Reflection does not work when "NAT Reflection mode for port forwards" is set to "pure nat": Closing as it's not an issue on 22.01. Marcos M
01:55 PM Bug #11481: NAT Reflection does not work when "NAT Reflection mode for port forwards" is set to "pure nat": This looks to be fixed in 2.6/22.01 without this PR.
Outbound NAT rules are added as expected when NAT reflection i... Steve Wheeler

10/11/2021

12:39 PM pfSense Packages Bug #12444: ntopng throws errors when viewing single host: https://redmine.pfsense.org/issues/11530 - same/same? Jordan G
12:00 PM Bug #12446 (Duplicate): IPsec dashboard widget description: Hello,
looks like description of the tunnel is wrong on the IPsec dashboard.
Consider the following:
IPsec Phase... Gabriele Villa
08:21 AM pfSense Packages Bug #12126: freeradius3 0.15.7_31: Ok thanks for the info.
Any chance to have freeradius3 package update for 2.5.2 release? Alexis Pellicier
08:14 AM pfSense Packages Bug #12126: freeradius3 0.15.7_31: This looks to be a bug in Freeradius 3.0.22. See the 3.0.23 release notes:
https://github.com/FreeRADIUS/freeradius-... Steve Wheeler
05:17 AM pfSense Packages Feature #11310 (Resolved): Adding a widget to apcupsd plug-in: Renato Botelho

10/10/2021

07:11 PM pfSense Docs Todo #12445 (Rejected): Feedback on pfSense Configuration Recipes: *Page:* https://docs.netgate.com/pfsense/en/latest/recipes/index.html
*Feedback:*
Your ebook won't open with ei... Jerry Lumpkins
11:16 AM Bug #12361 (Feedback): NAT rule overlap detection does not check special networks: Marcos M
09:53 AM Bug #12366 (Resolved): Rotation settings for individual log files do not take effect after saving: Marcos M
09:42 AM Regression #11512: DHCP Leases page and ARP table page fail to load if DNS is not available: Noticed when executing a ndp diagnostic query, that _getHostName() is now declared in both diag_ndp.php and system.in... Ronald Schellberg

10/09/2021

09:08 PM pfSense Packages Bug #12444 (Closed): ntopng throws errors when viewing single host: Users have reports that when navigating to Hosts>Hosts and clicking to view a single host within the ntopNG settings ... Max Leighton
07:27 PM pfSense Packages Bug #11886 (Resolved): WireGuard: PHP error in vpn_wg_peers_edit.php: No longer able to reproduce this in 22.01 of pfSense Plus. Closing as Resolved. Kris Phillips
07:19 PM pfSense Packages Bug #12101 (Assigned): ArpWatch Suppression Mac for "flip-flop" not suppressing: Moving status back to Assigned as this hasn't been confirmed as fixed in updated package. Kris Phillips
07:11 PM Bug #12356: Validation when deleting a VIP does not check if the VIP is used by IPsec phase 1 entries: Can confirm this hasn't been merged into the Oct 9th build of pfSense Plus 22.01. We need to patch this in pfSense P... Kris Phillips
01:09 PM Bug #12356: Validation when deleting a VIP does not check if the VIP is used by IPsec phase 1 entries: Yes, I tested again in the latest build of 2.6 and it works as expected.
2.6.0-DEVELOPMENT (amd64)
built on Sat ... Max Leighton
12:08 PM Bug #12356: Validation when deleting a VIP does not check if the VIP is used by IPsec phase 1 entries: Max Leighton wrote in #note-4:
> I tested this in:
>
> 22.01-DEVELOPMENT (amd64)
> built on Sat Oct 09 05:27:30... Viktor Gurov
11:42 AM Bug #12356: Validation when deleting a VIP does not check if the VIP is used by IPsec phase 1 entries: I tested this in:
22.01-DEVELOPMENT (amd64)
built on Sat Oct 09 05:27:30 UTC 2021
FreeBSD 12.2-STABLE
And I c... Max Leighton
07:04 PM Bug #10304: ``radvd`` only responds to the first Router Solicitation received after each multicast Router Advertisement: FWIW, this seems to have resolved at some point on the 2.6 nightlies Kev Kitchens
07:02 PM Bug #12366: Rotation settings for individual log files do not take effect after saving: Tested this in the latest build of pfSense Plus 22.01 and it seems to properly rotate logging. Looks good. Kris Phillips
06:24 PM pfSense Docs Todo #12418: AutoConfigBackup Menu Structure Documentation: Jim,
Looks good. This can be closed out. Kris Phillips
04:47 PM Feature #12416: Support OpenVPN ``client-kill`` to terminate remote clients instead of clearing their session: They were able to test that patch and confirmed it was working as expected. Max Leighton
02:58 AM Feature #12416: Support OpenVPN ``client-kill`` to terminate remote clients instead of clearing their session: Kris Phillips wrote in #note-3:
> Customer in internal ticket 96721 tested this. Their results seem to be that this... Viktor Gurov
04:34 PM pfSense Packages Bug #12399: WireGuard v0.1.5 - Tunnel Will Never Handshake Again After WAN Reset: The problem still persist on wireguard 0.1.5_1.
even after changing the keys and ports nothing seems to help.
wish ... Samuel Hanna
02:04 PM Bug #12075: Changes to an existing IPsec configuration are not applied on HA secondary after XMLRPC sync: This seems to work for me. When I make changes to an existing tunnel's encryption settings, interface, local ID, etc,... Max Leighton
01:41 PM pfSense Packages Bug #4615: /var/logs/c-icap/server.log & access.log growing without being rotated: Hi,
so I took a look: /var/log/c-icap/access.log - 272MB
the mentioned bugfix was meant for squid, I think?
... Stephan Berger
12:05 PM Feature #9633: PPPoE/L2TP Server Status Page: Any news ?
Evgeny Korostelev
11:39 AM Regression #12442: Unexpected error message after trying to delete a CARP VIP: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/416 Viktor Gurov
06:22 AM Regression #12442 (Resolved): Unexpected error message after trying to delete a CARP VIP: There is an unexpected error message after trying to delete a CARP VIP which is used as a parent interface for VIP Al... Danilo Zrenjanin
11:24 AM Regression #12288: GRE and GIF tunnel inside addresses are missing at the OS level after applying changes on assigned interfaces: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/415 Viktor Gurov
11:04 AM pfSense Packages Bug #12443 (Resolved): DNSBL Category ```Enable All``` button not working: https://forum.netgate.com/topic/167094/dnsbl-catagory-bug:
"I dunno if i'm doing something wrong but under Blacklist... Viktor Gurov
10:37 AM Bug #11430: PHP console spam after Assigning Interfaces: @mute_kernel_msg()@/@unmute_kernel_msg()@ can be used to avoid these messages Viktor Gurov
09:58 AM pfSense Packages Bug #12153 (Resolved): Incorrect Outgoing Network Interface on clean install: Viktor Gurov
07:52 AM pfSense Packages Bug #12153: Incorrect Outgoing Network Interface on clean install: on clean install of 0.4.45_5 the default outgoing network interface shows as "Default (auto)" upon first visit to Ser... Jordan G
09:58 AM Bug #12362 (Resolved): Validation when deleting a VIP does not prevent deleting a CARP VIP used as a parent for an IP Aliases VIP: Viktor Gurov
06:24 AM Bug #12362: Validation when deleting a VIP does not prevent deleting a CARP VIP used as a parent for an IP Aliases VIP: Tested on the:... Danilo Zrenjanin
09:43 AM Revision 1004053d: OpenVPN Generated RADIUS ACL Ruleset for status_output. Implements #12316: Viktor Gurov
08:16 AM Revision 61eb637d: Modal window to see RADIUS ACL generated rules on the status_openvpn.php page. Implements #12321: Viktor Gurov
07:37 AM Revision 253b9b62: IPsec PH2 BINAT subnet size input validation. Todo #12430: Viktor Gurov
07:35 AM Revision 59724429: Do not check subnet overlapping on 6RD interfaces. Fixes #12371: Viktor Gurov
07:35 AM pfSense Packages Feature #11310: Adding a widget to apcupsd plug-in: Dashboard widget for APCUPSD is available after installing and configuring package. Status, line voltage, load, batte... Jordan G
05:50 AM pfSense Packages Todo #12354: Update haproxy-devel to mitigate CVE-2021-40346: Viktor Gurov wrote in #note-6:
> You can try to apply the attached patch
No need to add this if version of haproxy w... DRago_Angel [InV@DER]
05:48 AM pfSense Packages Todo #12354: Update haproxy-devel to mitigate CVE-2021-40346: DRago_Angel [InV@DER] wrote in #note-3:
> Hi, this is serious CVE, and still no updates? Even it possible to workaro... Viktor Gurov
05:45 AM Bug #12388 (Resolved): Captive Portal input validation for "After authentication Redirection URL" and "Blocked MAC address redirect URL" is swapped: Tested on the:... Danilo Zrenjanin
05:36 AM Bug #12371: Remove subnet overlap check on LAN interfaces when using 6rd: Daniel Porsch wrote:
> Hello,
>
> Can the subnet overlapping check on the lan interfaces be removed if using 6rd?... Viktor Gurov
02:45 AM Bug #12371 (Feedback): Remove subnet overlap check on LAN interfaces when using 6rd: Applied in changeset commit:5972442910d7c6a7657810e35ee3d9975061a925. Viktor Gurov
05:03 AM Bug #12419 (Resolved): Console boot output includes ``Configuring IPsec VTI interfaces`` when no VTI interfaces are configured: Tested on the:... Danilo Zrenjanin
05:01 AM Feature #12441: Send notification for halt, reboot, and reroot events: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/414 Viktor Gurov
04:55 AM Feature #12441 (Resolved): Send notification for halt, reboot, and reroot events: Currently @notify_all_remote()@ is only used on boot:
https://github.com/pfsense/pfsense/blob/1004053d3ae9c350e20249... Viktor Gurov
04:50 AM Feature #12316 (Feedback): Include firewall rules generated from OpenVPN RADIUS ACL entries in status output: Applied in changeset commit:1004053d3ae9c350e20249d65783b6c4a63b0e58. Viktor Gurov
03:25 AM pfSense Packages Feature #11972 (Resolved): Arpwatch - Add support for Telegram notifications: there is no
Alhusein Zawi wrote in #note-4:
> there is no option to add Telegram in Arpwatch page.
>
> Tested... Viktor Gurov
03:25 AM Feature #12321 (Feedback): Pop-up window to view firewall rules generated from RADIUS ACL entries on the OpenVPN status page: Applied in changeset commit:61eb637d00c921d2ae64f9edc66dfa9611fec35c. Viktor Gurov
03:24 AM Bug #12389 (Resolved): Help text for RAM disk settings does not mention Captive Portal data: Tested on the:... Danilo Zrenjanin
03:18 AM Bug #12435 (Resolved): "6RD Prefix" field does not have input validation: Tested on the:... Danilo Zrenjanin
02:59 AM Bug #12439 (Resolved): "Default preferred lifetime" field for IPv6 RA does not have input validation: Tested on the:... Danilo Zrenjanin
02:17 AM Bug #12440: Zero-value prefix IPv6 addresses are mishandled: Steve Wheeler wrote:
> IPv6 addresses of that format appear to be deprecated though pf itself appears to be able to ... Viktor Gurov

10/08/2021

07:30 PM Feature #12416: Support OpenVPN ``client-kill`` to terminate remote clients instead of clearing their session: Customer in internal ticket 96721 tested this. Their results seem to be that this patch breaks the OpenVPN client ki... Kris Phillips
05:44 PM Bug #12440 (Resolved): Zero-value prefix IPv6 addresses are mishandled: Zero-value prefix IPv6 addresses on the type ::/96 are mishandled when used in pfSense firewall or NAT rules.
For ... Steve Wheeler
04:56 PM Revision 9a18668d: Display default Reflection Timeout value. Feature #12318: Viktor Gurov
03:51 PM Revision 44a4215f: 1:1 NAT destination entries description fix. Issue #12410: Viktor Gurov
03:50 PM Revision e33311fe: DNS check optimization. Fixes #11512: Viktor Gurov
03:49 PM Revision 1ab2ec0a: IPv6 Port Forwarding Proxy+NAT input validation. Fixes #12319: Viktor Gurov
03:48 PM Revision ff90368d: fix #11734 NAT overlap validation does not check special networks: Marcos M
03:44 PM Revision 42259176: deleteVIP() IPsec PH1 input validation. Fixes #12356: Viktor Gurov
03:42 PM Revision 3e968849: Correct input validation on deleting a CARP VIP which is referenced by an IP Alias. Fixes #12362: Viktor Gurov
03:36 PM Revision b5332117: Improve XMLRPC Sync for dhcpd. Fixes #10955: Marcos M
03:36 PM Revision 83afa41a: Reload syslogd on log Rotation Size / Retention Count change. Fixes #12366: Viktor Gurov
03:35 PM Revision 08ef78ac: Allow to halt OpenVPN client on status page. Issue #12416: Viktor Gurov
03:34 PM Revision ed1ff340: Do not show Configuring IPsec VTI interfaces message at boot if no VTIs are configured. Fixes #12419.: Viktor Gurov
03:34 PM Revision 14e080ab: Swap Captive Portal Redirection URL and Blocked MAC redirect URL input validation messages. Fixes #12388: Viktor Gurov
03:33 PM Revision d9793efc: Update help text for RAM disk settings. Fixes #12389: Viktor Gurov
03:30 PM Revision 79b8b049: Remove unused function from pfsense-utils.inc. Todo #12406: Viktor Gurov
03:26 PM Revision b8cfee9d: 6RD Prefix input validation. Fixes #12435: Viktor Gurov
12:22 PM Revision 7cf69c98: Default preferred lifetime input validation. Fixes #12439: Viktor Gurov
12:09 PM pfSense Docs Todo #12418 (Feedback): AutoConfigBackup Menu Structure Documentation: Fixed (plus a few other changes):
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/160898325eff3f21fa77b9fc67... Jim Pingle
10:59 AM pfSense Docs Todo #12418 (In Progress): AutoConfigBackup Menu Structure Documentation: Jim Pingle
11:11 AM pfSense Docs Todo #11812 (Feedback): Feedback on pfSense Configuration Recipes — Configuring IPv6 Through A Tunnel Broker Service: Updated the doc and added the reboot advice.
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/465c63a97708665... Jim Pingle
11:00 AM Regression #11512 (Feedback): DHCP Leases page and ARP table page fail to load if DNS is not available: Applied in changeset commit:e33311fefd11f5b30c6822c298cf9d12adbb164e. Viktor Gurov
11:00 AM Bug #12319 (Feedback): NAT reflection does not work for IPv6 port forwarding rules when configured for NAT+Proxy mode: Applied in changeset commit:1ab2ec0a269f03dd7e865d21787331a7a2cb6f3f. Viktor Gurov
10:50 AM Bug #12356 (Feedback): Validation when deleting a VIP does not check if the VIP is used by IPsec phase 1 entries: Applied in changeset commit:42259176d0c0a4ca49099ef5cdbcbfdacdd64589. Viktor Gurov
10:50 AM Bug #12362 (Feedback): Validation when deleting a VIP does not prevent deleting a CARP VIP used as a parent for an IP Aliases VIP: Applied in changeset commit:3e968849be516d138cad7f021ee2d8df11bea202. Viktor Gurov
10:50 AM Bug #10955 (Feedback): XMLRPC sync results in an error when a failover peer IP address is specified in DHCP server settings for an unconfigured interface: Applied in changeset commit:b5332117fd5b675d9d7f81b9c2895ab452f3d610. Marcos M
10:45 AM Bug #12366 (Feedback): Rotation settings for individual log files do not take effect after saving: Applied in changeset commit:83afa41acfafdfd90fb71d8cdd5542a826bef315. Viktor Gurov
10:35 AM Regression #12288: GRE and GIF tunnel inside addresses are missing at the OS level after applying changes on assigned interfaces: This also applies to GIF interfaces. Additionally, it doesn't happen on assignment but any time changes are applied. Jim Pingle
10:35 AM Bug #12419 (Feedback): Console boot output includes ``Configuring IPsec VTI interfaces`` when no VTI interfaces are configured: Applied in changeset commit:ed1ff34051aa52395e91c84b7e4d2beb0f2e9b91. Viktor Gurov
10:35 AM Bug #12388 (Feedback): Captive Portal input validation for "After authentication Redirection URL" and "Blocked MAC address redirect URL" is swapped: Applied in changeset commit:14e080ab41419b4006130432c1e128deaaffdee0. Viktor Gurov
10:35 AM Bug #12389 (Feedback): Help text for RAM disk settings does not mention Captive Portal data: Applied in changeset commit:d9793efc0cb9d13aa812141ab509d288455f1f62. Viktor Gurov
10:35 AM Bug #12435 (Feedback): "6RD Prefix" field does not have input validation: Applied in changeset commit:b8cfee9dbaec99fc20ed0d816bb3cbe79943b150. Viktor Gurov
07:41 AM Bug #12435 (Pull Request Review): "6RD Prefix" field does not have input validation: Jim Pingle
12:49 AM Bug #12435: "6RD Prefix" field does not have input validation: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/411 Viktor Gurov
12:42 AM Bug #12435 (Resolved): "6RD Prefix" field does not have input validation: ```6RD Prefix``` field on the interfaces.php page has no input validation and allows any value to be entered Viktor Gurov
10:35 AM Bug #12439 (Feedback): "Default preferred lifetime" field for IPv6 RA does not have input validation: Applied in changeset commit:7cf69c985d73a2a3a418832bf9e6314a05f8efbe. Viktor Gurov
07:42 AM Bug #12439 (Pull Request Review): "Default preferred lifetime" field for IPv6 RA does not have input validation: Jim Pingle
07:23 AM Bug #12439: "Default preferred lifetime" field for IPv6 RA does not have input validation: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/412 Viktor Gurov
07:13 AM Bug #12439 (Resolved): "Default preferred lifetime" field for IPv6 RA does not have input validation: The "Default preferred lifetime" field allows to enter any value, including non-numeric Viktor Gurov
07:40 AM Bug #12371 (Pull Request Review): Remove subnet overlap check on LAN interfaces when using 6rd: Jim Pingle
12:36 AM Bug #12371: Remove subnet overlap check on LAN interfaces when using 6rd: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/410 Viktor Gurov
07:36 AM Feature #9827 (Duplicate): Add default route indicator to gateways dashboard widget to indicate which interface is currently selected as default in a gateways group scenario: duplicate of #11057 Viktor Gurov
07:24 AM Bug #12437 (Rejected): Firewall logs block item from appearing in logs creates an alias such as EasyRuleBlockHostsOPT10. OPT10 was renamed to e.g. “wirelessly when interface was created there is no way to find original OPTX from gui: Given the free-form nature of interface descriptions that isn't viable, and they would also not update if an interfac... Jim Pingle
03:19 AM Bug #12437 (Rejected): Firewall logs block item from appearing in logs creates an alias such as EasyRuleBlockHostsOPT10. OPT10 was renamed to e.g. “wirelessly when interface was created there is no way to find original OPTX from gui: Once interfaces have been renamed there does not seem to be an easy way to identify which OPTX interface it used to b... And Ritchie
07:21 AM Bug #12436 (Not a Bug): Pppoe server config gui does not allow setting of chap authentication, and sets the network start address for allocation to 0: An IP address ending in @.0@ is only invalid when used as a part of an actual subnet. In point-to-point interfaces li... Jim Pingle
03:55 AM Bug #12436: Pppoe server config gui does not allow setting of chap authentication, and sets the network start address for allocation to 0: Hi Victor,
This behaviour causes assigned client ip address to be 0 thus invalid.
E.g. 192.168.1.0 is not a valid ... And Ritchie
03:43 AM Bug #12436: Pppoe server config gui does not allow setting of chap authentication, and sets the network start address for allocation to 0: And Ritchie wrote:
> It is not possible to enable chap authentication via the gui. The service config file is genera... Viktor Gurov
03:08 AM Bug #12436 (New): Pppoe server config gui does not allow setting of chap authentication, and sets the network start address for allocation to 0: It is not possible to enable chap authentication via the gui. The service config file is generated with pap authentic... And Ritchie
07:13 AM Bug #12159 (Resolved): "Default preferred lifetime" router advertisement validation check uses incorrect variable: The original issue from the PR is resolved in 21.09.r.20210923.2242
but the "Default preferred lifetime" field all... Viktor Gurov
06:47 AM Regression #11938 (Resolved): DNS Resolver does not add PTR record for OpenVPN clients: Tested on the:... Danilo Zrenjanin
05:27 AM Regression #12233 (Resolved): VIP network addresses are not expanded on Port Forward rules: Tested on the:... Danilo Zrenjanin
03:40 AM Feature #12438 (Resolved): Option to select PPPoE Server authentication protocol: It is not possible to enable chap authentication via the gui. The service config file is generated with pap authentic... Viktor Gurov

Also available in: Atom

Project

General

Profile

pfSense

Activity

Activity

11/06/2021

11/05/2021

11/04/2021

11/03/2021

11/02/2021

11/01/2021

10/31/2021

10/30/2021

10/29/2021

10/28/2021

10/27/2021

10/26/2021

10/25/2021

10/24/2021

10/23/2021

10/22/2021

10/21/2021

10/20/2021

10/19/2021

10/18/2021

10/17/2021

10/16/2021

10/15/2021

10/14/2021

10/13/2021

10/12/2021

10/11/2021

10/10/2021

10/09/2021

10/08/2021