pfSense

11/10/2021

05:43 PM Revision 639d6600: Add a bit more output when figuring out which distfile cache to use

Brad Davis

05:43 PM Revision 4fd12650: Try to use the distfiles cache for our branch but fall back if needed

This will allow us to avoid downloading everything new when we start a
new release Brad Davis

05:43 PM Revision 2e6f6523: Save the distfiles to s3 with the git branch as part of the name

This will help us clean out old distfiles we do not need while providing
the ability to keep old distfiles around if ... Brad Davis

05:43 PM Revision 662b59e7: Clean up old distfiles using poudriere distclean

Brad Davis

05:42 PM Revision 9637896b: Tell us the name of the logs tarball so we don't have to go hunting through s3

Brad Davis

05:42 PM Revision 11408c41: Add missing quotes

Renato Botelho

05:42 PM Revision 88ae8b00: Replace - by _ on repository path

Renato Botelho

05:42 PM Revision 64d4269d: Followup e324755bee, combine sed and add g flag

Renato Botelho

05:42 PM Revision a726f9ce: poudriere upstream is not supporting dashes in ports tree names.

This is to prevent issues with sets, so we need to respect the change
https://github.com/freebsd/poudriere/issues/897 Brad Davis

05:42 PM Revision da99d38d: Increase the number of logs we are keeping

Brad Davis

05:41 PM Revision 9c18a3ef: Remove a trailing \r that prevents s3 rm from working

Brad Davis

05:41 PM Revision 174eded8: Set the output format to avoid \r on line endings preventing log files from being deleted

Brad Davis

05:41 PM Revision b6da492d: AWS: Separate release tarballs by branch

Renato Botelho

05:41 PM Revision 4a9f9c8d: AWS: Add FLAVOR to distfiles.tar

Renato Botelho

05:40 PM Revision f189057c: AWS: Add branch name to pkgs tarball

Renato Botelho

05:40 PM Revision 5e4fae22: AWS: Simplify logic using 's3 ls' to check if file exists

Renato Botelho

05:40 PM Revision bc93182c: AWS: Make sure distfiles.tar exist before try to download it

Renato Botelho

05:40 PM Revision 3d35f537: AWS: Add missing s3 parameter to ls

Renato Botelho

05:40 PM Revision a74b6ac8: AWS: Add FLAVORS to pkgs cache

Renato Botelho

05:40 PM Revision 86c3bc4f: Do not force git remote to be called origin

Renato Botelho

05:39 PM Revision 405e82b7: AWS: Create initial stashed ports tree on S3

Renato Botelho

05:39 PM Revision 5796b157: AWS: Simplify logic

Create aws_exec() and replace all direct calls to use it Renato Botelho

05:39 PM Revision 5c13cded: Always save built pkgs progress

Brad Davis

05:39 PM Revision fae5a143: Replace factory by ${FLAVOR}

Renato Botelho

05:38 PM Revision 8d49874f: Build improvements for using AWS:

* Use release artifacts from S3 to populate poudriere jails
* Pull prebuilt pkgs from S3 to only rebuild changed item... Brad Davis

03:57 PM Revision e53c0bf4: pfSense-rc: Fix ZFS reservation

e804230c08 introduced an error when USE_ZFS is not set:
Starting syslog...done.
[: : bad number
Starting CRON... don... Renato Botelho

02:48 PM Bug #12095: Memory leak in pcscd

The same happened to me today. I realized it when I started receiving e-mails with lines like... Phil K

08:19 AM pfSense Plus Bug #12516 (Rejected): Backup/Restore NAT should auto-create associated firewall rules

That wouldn't be possible. The associated rules are linked but separate, you have to restore both NAT and firewall ru... Jim Pingle

08:06 AM pfSense Plus Bug #12516 (Rejected): Backup/Restore NAT should auto-create associated firewall rules

I am in the process of migrating settings from an older HA pair of XG-7100 units to a new HA pair of XG-1537. I just... Marc Mapplebeck

04:15 AM Bug #12515 (Duplicate): Missing input validation check for 6RD Tunnel IPv6 Configuration Type setup

You can add any value in the *6RD Prefix* field under Interfaces/WAN - IPv6 Configuration Type 6RD Tunnel. The input ... Danilo Zrenjanin

03:49 AM Bug #12371 (Resolved): Remove subnet overlap check on LAN interfaces when using 6rd

Tested against:... Danilo Zrenjanin

03:03 AM Bug #12514 (Resolved): Trying to delete an assigned PPPoE interface fails without printing an error message

If you try to delete a PPPoE interface (under Interfaces/PPPs) assigned to a physical interface, it will fail without... Danilo Zrenjanin

02:33 AM Bug #12498 (Resolved): Input validation error can unintentionally result in removal of PPP type interface settings

Tested against:... Danilo Zrenjanin

12:11 AM Revision e804230c: Add a ZFS reservation of 10%

Brad Davis

11/09/2021

07:30 PM Feature #9877: QEMU Guest Agent

Let me know if your wanting anyone to help test, I have several proxmox servers and cant wait to be able to install t... jake xanaro

03:59 PM pfSense Packages Feature #12513: WireGuard Utilization Status (Beyond Active Connection)

Actually, perhaps it would be better if the yellow indicator could show if the WG connection was used in the previous... Jum Pers

03:46 PM pfSense Packages Feature #12513 (New): WireGuard Utilization Status (Beyond Active Connection)

WG and pfSense are working very well together these days - thank you for the continued code and UI updates.
A feat... Jum Pers

11:18 AM pfSense Packages Bug #12399 (Resolved): WireGuard v0.1.5 - Tunnel Will Never Handshake Again After WAN Reset

Excellent! Thanks for the continued feedback!
:) Christian McDonald

11:02 AM pfSense Packages Bug #12399: WireGuard v0.1.5 - Tunnel Will Never Handshake Again After WAN Reset

Christian McDonald wrote in #note-24:
> Look for Package Version 0.1.5_2, which will also upgrade net/wireguard-kmod... Ryan Roosa

07:27 AM pfSense Plus Bug #12512 (Closed): Netgate Hardware (SG-1100 - SG3100) preloaded firmware issues

Tim,
Unfortunately we can't replicate anything like that update check issue here, and there isn't enough detail to... Jim Pingle

07:10 AM pfSense Packages Bug #12487 (Feedback): Netgate Firmware Upgrade 0.41.1 offers to upgrade FW version 01.00.00.11 to itself

Fixed in the latest package update (0.46 for CE and 0.43 for Plus).
Let me know if something doesn't work. Luiz Souza

11/08/2021

04:17 PM pfSense Plus Bug #12512 (Closed): Netgate Hardware (SG-1100 - SG3100) preloaded firmware issues

I have noticed on all of our Netgate hardware we have to re-install the OS upon receiving, failure to do so prevents ... Tim Brogdon

03:13 PM Revision a69cd017: Add a bit more output when figuring out which distfile cache to use

Brad Davis

01:08 PM Revision c58db203: Do not change ports value for PPPoE/L2TP/PPTP on interfaces.php page. Fixes #12498

Viktor Gurov

12:03 PM Todo #12511 (Resolved): Add note in log settings that disabling logging also disables ``sshguard`` login protection

Tested on @21.05@ and @22.01.a.20211103.2115@.
Before changes:... Marcos M

09:42 AM Bug #12510 (Not a Bug): pfSense selecting unwanted GW as default

There is already a mechanism to control which gateways are selected for automatic use by the firewall as a default ga... Jim Pingle

02:30 AM Bug #12510 (Not a Bug): pfSense selecting unwanted GW as default

There must be something I do wrong but I cannot seem to find the right answer.
I've switched my pfSense to BGP so ... Joey Doe

09:40 AM Regression #12345 (Resolved): Captive Portal users cannot get past portal even after successfully logging in

Jim Pingle

07:15 AM Bug #12498 (Feedback): Input validation error can unintentionally result in removal of PPP type interface settings

Applied in changeset commit:c58db2033bacd99196ee025377ac1d654eddb28e. Viktor Gurov

04:14 AM Feature #11118: Backup and restore SSH host key(s)

https://gitlab.netgate.com/pfSense/FreeBSD-src/-/merge_requests/28 Viktor Gurov

04:01 AM Bug #12509: Deffered authentication does not work with auth-gen-token external-auth or pusk "auth-token"

Some more info - with deferred plugin we get:
Nov 8 10:02:46 openvpn 53695 arek/192.168.100.3:58560 TLS Error: loc... Arkadiusz Rzadkowolski

02:18 AM Bug #12509 (New): Deffered authentication does not work with auth-gen-token external-auth or pusk "auth-token"

I am able to use properly deferred authentication on normal login.
Problem rises when I try to use auth-gen-token ... Arkadiusz Rzadkowolski

11/06/2021

03:41 PM Regression #12345: Captive Portal users cannot get past portal even after successfully logging in

I tested Captive Portal in
22.01-DEVELOPMENT (amd64)
built on Fri Nov 05 05:21:41 UTC 2021
FreeBSD 12.3-PRERELEA... Max Leighton

11:53 AM Bug #11960: Gateway Monitoring Traffic Goes Out Default Gateway

I failed to replicate that in
22.01-DEVELOPMENT (amd64)
built on Fri Nov 05 05:21:41 UTC 2021
FreeBSD 12.3-PRERE... Max Leighton

11:25 AM Bug #12508 (New): DHCP Relay over VPN

Currently, DHCP Relay does not work with OpenVPN TAP nor IPsec VTI.
Since the VTI doesn't have a MAC, the interfac... Marcos M

03:01 AM pfSense Packages Bug #12507: Add support for bi-directional flows in softflowd

PR exists in github here: https://github.com/pfsense/FreeBSD-ports/pull/1119 Vito Piserchia

02:59 AM pfSense Packages Bug #12507 (Pull Request Review): Add support for bi-directional flows in softflowd

In order to support IPFIX bi-directional flows, the "-b" param should be added Vito Piserchia

01:01 AM pfSense Packages Bug #12506 (Resolved): Only selected instance is restarted on suppress list change

How to reproduce:
1) Create a Suppress List 'testsupplist'
2) Configure Suricata for the LAN interface and select... Viktor Gurov

12:15 AM Todo #8451 (Resolved): System Information dashboard widget - Kernel PTI toggle

implemented in #9532 Viktor Gurov

11/05/2021

10:06 PM Feature #11496: Support for NTP Peer mode

Bounty here: https://forum.netgate.com/topic/167670/ntp-add-peer-100 Christian Borchert

03:49 PM pfSense Packages Bug #12399: WireGuard v0.1.5 - Tunnel Will Never Handshake Again After WAN Reset

Look for Package Version 0.1.5_2, which will also upgrade net/wireguard-kmod to 0.0.20210606_2. Both are available on... Christian McDonald

02:35 PM Regression #11545: Primary interface address is not always used when VIPs are present

Kris Phillips wrote in #note-16:
> What version of pfSense are you running right now?
As noted above, 21.05.2.
... Denny Page

02:16 PM Bug #11679 (Closed): Policy-based Routing (outbound) and port forwarding (inbound) "selectively" working through WG tunnel

Christian McDonald

01:29 PM Bug #12505: NAT issues with IPsec passthrough

Understandable that this is a limitation of pf, and I appreciate the info on using a floating rule to prevent the lea... Kev Kitchens

01:04 PM Bug #12505 (Not a Bug): NAT issues with IPsec passthrough

This is expected behavior when using static port on outbound NAT rules, and is not a bug.
We already have numerous... Jim Pingle

12:35 PM Bug #12505 (Not a Bug): NAT issues with IPsec passthrough

I've noticed some issues with the automatic IPsec passthrough rules generated when the outbound NAT is set to automat... Kev Kitchens

04:51 AM Bug #12504 (New): BCM57412 NetXtreme-E 10Gb RDMA Ethernet controller issue

We have pfSense 2.5.2 installed and faced with same issue as described in https://lists.freebsd.org/archives/freebsd-... Sergey Dyatko

11/04/2021

09:36 PM Bug #12259: Intel em NICs Suffering Performance Degradation on FreeBSD12

Based on the bug report as long as TCP Offload is disabled this shouldn't be an issue on FreeBSD 12.X. With TCP Offl... Kris Phillips

09:30 PM Bug #12434: Multiple cURL Vulnerabilities

cURL has been updated to 7.79.1 pfSense Plus 22.01. This only affects CE at this point. Kris Phillips

09:21 PM Regression #11545: Primary interface address is not always used when VIPs are present

Denny Page wrote in #note-15:
> I can share info from my install if you like. Unless I disable DHCP6 on the WAN inte... Kris Phillips

03:06 PM Revision d1e65bb2: Automatic outbound NAT for Reflection IPv6 support. Fixes #12500

Viktor Gurov

03:03 PM Revision dd8f951d: IPsec Keep Alive Gateway Group CARP support. Fixes #12472

Viktor Gurov

01:01 PM pfSense Packages Bug #12490 (Rejected): pfSense(CE) completely freezes up with WireGuard

Closing due to inactivity.
If this continues to be a problem, please reach out via our social media and/or forum c... Christian McDonald

12:58 PM pfSense Packages Bug #12399 (Feedback): WireGuard v0.1.5 - Tunnel Will Never Handshake Again After WAN Reset

We have pulled in the upstream patches and bumped our version numbers. You should find a new package version availabl... Christian McDonald

12:57 PM Bug #12503 (Resolved): Unable to delete limiter referenced in filter rules

Tested on the:... Danilo Zrenjanin

01:45 AM Bug #12503 (Feedback): Unable to delete limiter referenced in filter rules

Applied in changeset commit:d0c6bc9a88fd5f054eabf379863e453c0228e808. Viktor Gurov

10:15 AM Bug #12500 (Feedback): Automatic outbound NAT for reflection does not support IPv6

Applied in changeset commit:d1e65bb28972baab2adab0d665b0fb6ea30447e0. Viktor Gurov

10:15 AM Bug #12472 (Feedback): IPsec Keep Alive does not work correctly with gateway groups in HA

Applied in changeset commit:dd8f951de8ffd0546cb15e97569701859db2a111. Viktor Gurov

06:34 AM Revision d0c6bc9a: Allow to delete limiter referenced in filter rules. Fixes #12503

Viktor Gurov

11/03/2021

09:48 PM Revision 1e77a36d: Try to use the distfiles cache for our branch but fall back if needed

This will allow us to avoid downloading everything new when we start a
new release Brad Davis

01:50 PM Bug #12503 (Pull Request Review): Unable to delete limiter referenced in filter rules

Jim Pingle

05:47 AM Bug #12503: Unable to delete limiter referenced in filter rules

fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/451 Viktor Gurov

03:33 AM Bug #12503 (Resolved): Unable to delete limiter referenced in filter rules

error message:... Viktor Gurov

01:47 PM Bug #12472 (Pull Request Review): IPsec Keep Alive does not work correctly with gateway groups in HA

Jim Pingle

02:08 AM Bug #12472: IPsec Keep Alive does not work correctly with gateway groups in HA

fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/450 Viktor Gurov

01:43 PM Bug #12500 (Pull Request Review): Automatic outbound NAT for reflection does not support IPv6

Jim Pingle

01:41 AM Bug #12500: Automatic outbound NAT for reflection does not support IPv6

fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/449 Viktor Gurov

04:25 AM Todo #12501 (Resolved): Traffic shaper wizard default bandwidth type should be Mbit/s

Viktor Gurov

04:15 AM Todo #12501: Traffic shaper wizard default bandwidth type should be Mbit/s

Tested on the:... Danilo Zrenjanin

04:21 AM Feature #12480 (Resolved): Wake on LAN button to wake all devices

Tested on the:... Danilo Zrenjanin

11/02/2021

11:44 PM Feature #12011 (Feedback): Disable log compression on new installations when ``/var/log`` is a ZFS dataset with compression enabled

Viktor Gurov

11:44 PM Todo #12501 (Feedback): Traffic shaper wizard default bandwidth type should be Mbit/s

Viktor Gurov

08:01 AM Todo #12501 (Pull Request Review): Traffic shaper wizard default bandwidth type should be Mbit/s

Jim Pingle

07:42 AM Todo #12501: Traffic shaper wizard default bandwidth type should be Mbit/s

https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/448 Viktor Gurov

07:14 AM Todo #12501 (Resolved): Traffic shaper wizard default bandwidth type should be Mbit/s

Current "Kbit/s" is impractical with today's speeds Viktor Gurov

09:53 PM Regression #11570: Gateway monitoring services is not always restarted on interface events, which may prevent a WAN from recovering back to an online state

Tested this on @22.01.a.20211013.0500@ - it worked correctly (as in the default gateway did change under Diagnostics ... Marcos M

09:20 PM Regression #11570: Gateway monitoring services is not always restarted on interface events, which may prevent a WAN from recovering back to an online state

I'm seeing this on 21.05.2-RELEASE too. Once failover from WAN to WAN2 happens it will never fail back. the WAN get... Chris B

06:06 PM pfSense Packages Feature #12502 (Resolved): Option to include Syslog-ng Configuration Library (scl)

Although the @scl.conf@ is present in @/usr/local/etc/scl.conf@ the associated referenced tree ( @@include 'scl/*/*.c... Marco Rodriguez

03:38 PM pfSense Docs Correction #9370: Update old screenshots

Cellular doc updated: https://gitlab.netgate.com/docs/pfSense-docs/-/commit/971d0fb77b22a551713108c35812932e24acee6f
... Jim Pingle

02:22 PM Revision 700f4da0: Save the distfiles to s3 with the git branch as part of the name

This will help us clean out old distfiles we do not need while providing
the ability to keep old distfiles around if ... Brad Davis

02:22 PM Revision 05a02665: Clean up old distfiles using poudriere distclean

Brad Davis

01:16 PM Revision 2a485da2: status_logs_settings.php logcompression value fix. Issue #12011

Viktor Gurov

01:16 PM Revision b3979f4a: Add Chelsio T6 CXGBE (cc) to ALTq capable list. Fixes #12499

Viktor Gurov

12:42 PM Revision f571a57b: Change traffic shaper wizard default bandwidth type to Mbit/s. Todo #12501

Viktor Gurov

10:05 AM Feature #12499 (Feedback): Allow Chelsio T6 CXGBE (``cc``) drivers to be used for ALTQ traffic shaping

Applied in changeset commit:b3979f4abe9ecb2bdd59cbbcb61e3eccf9180b79. Viktor Gurov

07:40 AM Feature #12499 (Pull Request Review): Allow Chelsio T6 CXGBE (``cc``) drivers to be used for ALTQ traffic shaping

Jim Pingle

12:12 AM Feature #12499: Allow Chelsio T6 CXGBE (``cc``) drivers to be used for ALTQ traffic shaping

fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/446 Viktor Gurov

09:09 AM Bug #12498: Input validation error can unintentionally result in removal of PPP type interface settings

That looks good. Tested agaist:... Steve Wheeler

07:58 AM Bug #12498 (Pull Request Review): Input validation error can unintentionally result in removal of PPP type interface settings

Jim Pingle

03:15 AM Bug #12498: Input validation error can unintentionally result in removal of PPP type interface settings

Confirmed
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/447 Viktor Gurov

08:40 AM pfSense Packages Regression #12476: Suricata 6.0.3_3 Pass List ignores all single IPs

Aren Breur wrote in #note-5:
> I am running 2.6.0-DEVELOPMENT (amd64). a network with /15 also does NOT work. I mad... Bill Meeks

06:54 AM Bug #12500 (Closed): Automatic outbound NAT for reflection does not support IPv6

@filter_generate_reflection_nat()@ doesn't support IPv6 and skips IPv6 Port Forward rules
https://github.com/pfsen... Viktor Gurov

12:21 AM Todo #12449 (Resolved): Update "DNS Server Override" and "DNS Query Forwarding" help text

checked in 22.01.a.20211029.0500
all ok Viktor Gurov

11/01/2021

05:55 PM Feature #12499 (Resolved): Allow Chelsio T6 CXGBE (``cc``) drivers to be used for ALTQ traffic shaping

cxgbe drivers support ALTq. cc interface labels should supoort it:
https://www.freebsd.org/cgi/man.cgi?query=cxl&apr... Juan Sebastian

05:41 PM Regression #11545: Primary interface address is not always used when VIPs are present

I can share info from my install if you like. Unless I disable DHCP6 on the WAN interface, I am currently hitting the... Denny Page

04:18 PM Regression #11545: Primary interface address is not always used when VIPs are present

We have been unable to replicate this issue in any sort of repeatable way which makes it almost impossible to dig int... Steve Wheeler

04:00 PM Regression #11545: Primary interface address is not always used when VIPs are present

Still seeing this in 21.05.2... any possibility this will be addressed soon? Denny Page

03:29 PM pfSense Docs Correction #9370: Update old screenshots

Nut is updated:
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/d9fc04f46bacb750a9a37c3e51d5b7d790841644
... Jim Pingle

02:35 PM Bug #12498 (Resolved): Input validation error can unintentionally result in removal of PPP type interface settings

If you edit a PPPoE interface through, for example, Interfaces > WAN (interfaces.php) and change the password but do ... Steve Wheeler

10:40 AM Feature #12480 (Feedback): Wake on LAN button to wake all devices

Applied in changeset commit:f645fb5f37584e6892608a3c9b0e123b001d3610. Viktor Gurov

09:17 AM Feature #12480 (Pull Request Review): Wake on LAN button to wake all devices

Jim Pingle

12:05 AM Feature #12480: Wake on LAN button to wake all devices

confirmation prompt:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/443 Viktor Gurov

09:32 AM Feature #11118 (Pull Request Review): Backup and restore SSH host key(s)

Jim Pingle

04:05 AM Feature #11118: Backup and restore SSH host key(s)

https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/445 Viktor Gurov

09:24 AM pfSense Packages Bug #11098 (Pull Request Review): Backup Files and Directories plugin crashes firewall if /root specified as backup location

Jim Pingle

12:37 AM pfSense Packages Bug #11098: Backup Files and Directories plugin crashes firewall if /root specified as backup location

fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/142 Viktor Gurov

09:23 AM Feature #12011 (Pull Request Review): Disable log compression on new installations when ``/var/log`` is a ZFS dataset with compression enabled

Jim Pingle

12:17 AM Feature #12011: Disable log compression on new installations when ``/var/log`` is a ZFS dataset with compression enabled

Jordan Greene wrote in #note-8:
> clean install of 22.01.a.20211030.0500 on 1100 using ZFS, default selection under ... Viktor Gurov

09:13 AM Bug #12493: IPsec continues to intercept traffic even after Phase II is removed

Whether or not traffic is "captured" depends on the presence of policies in the security policy database (SPD, which ... Jim Pingle

02:53 AM Bug #12493: IPsec continues to intercept traffic even after Phase II is removed

This issue has been marked as Duplicate, and I would like to point out that this marking is not totally true.
I re... Chaim Robinson

12:12 AM Bug #12493 (Duplicate): IPsec continues to intercept traffic even after Phase II is removed

Duplicate of #6624 Viktor Gurov

08:54 AM Todo #12218 (Resolved): Move "Description" option on OpenVPN server and client pages to top of the page, show internal instance ID

Jim Pingle

08:53 AM Feature #12495 (Pull Request Review): DynDNS: add deSEC IPv4&v6 simultaneos update

Jim Pingle

08:52 AM Feature #12494 (Pull Request Review): DynDNS: make simultaneous update of IP and LegacyIP possible

Jim Pingle

07:43 AM Regression #11447: EAP-RADIUS Mobile IPsec clients with RADIUS-assigned addresses do not get additional configuration attributes

I recently hit this bug where IKEv2 EAP-RADIUS clients were not getting their DNS server.
Apologies for the commen... Pedro Ribeiro

07:34 AM Bug #12347 (Resolved): IPsec widget treats phase 1 in "connecting" state as connected

Viktor Gurov

07:30 AM Bug #12347: IPsec widget treats phase 1 in "connecting" state as connected

This looks good.
Tested:... Steve Wheeler

07:21 AM Bug #12347 (Feedback): IPsec widget treats phase 1 in "connecting" state as connected

It should show a yellow spinner while it is in the 'connecting' state, not the disconnected icon. Can you check it ag... Jim Pingle

06:43 AM Bug #12497 (Duplicate): OpenVPN Server assignes random IPv4 addresses to active clients even if FreeRadius has configured Framed-IP for all these remote clients

For Remote Access OpenVPN Server all connected clients still gets IP-addresses from OpenVPN pool instead of getting c... Azamat Khakimyanov

05:56 AM pfSense Packages Feature #11531 (New): Show netmap compatible cards in IPS Mode note

Azamat Khakimyanov wrote in #note-7:
> Tested on 21.05.1
> There is a list of Netmap! Supported drivers:
> _WARNIN... Viktor Gurov

05:46 AM Feature #4881: Allow NPt to use dynamic IPv6 networks

Csoban Kesmarki wrote in #note-27:
> Flole Systems wrote in #note-25:
> > There is a PR pending for this since 11 m... Viktor Gurov

05:24 AM pfSense Packages Regression #12476: Suricata 6.0.3_3 Pass List ignores all single IPs

I am running 2.6.0-DEVELOPMENT (amd64). a network with /15 also does NOT work. I made it to 2 /16 networks that work... Aren Breur

01:12 AM pfSense Docs Todo #12496 (Closed): Feedback on Virtual Private Networks — OpenVPN — Controlling Client Parameters via RADIUS

*Page:* https://docs.netgate.com/pfsense/en/latest/vpn/openvpn/client-parameters-radius.html
*Feedback:*
Better... Viktor Gurov

12:24 AM Bug #12241 (Resolved): System Information widget unnecessarily polls data for hidden items

This is noticeable on SG-3100 with 1Gb/s uplink Viktor Gurov

12:22 AM Bug #12001 (Resolved): System attempts to stop inactive services at shutdown

Viktor Gurov

10/31/2021

11:01 PM Feature #12011: Disable log compression on new installations when ``/var/log`` is a ZFS dataset with compression enabled

clean install of 22.01.a.20211030.0500 on 1100 using ZFS, default selection under Status>Systems Logs>Settings>Log Co... Jordan G

07:11 PM Revision f645fb5f: Wake All Devices confirmation prompt. Implements #12480

Viktor Gurov

11:27 AM Bug #12076 (Assigned): OpenVPN RADIUS-based firewall rules do not use expected value for RADIUS-assigned IP addresses

Tested on 22.01-DEVELOPMENT (built on Sun Oct 31 05:21:32 UTC 2021)
Neither Windows 10, nor Ubuntu 21.10 were able... Azamat Khakimyanov

10:52 AM pfSense Packages Feature #10297 (Assigned): IPv6 user attributes

Tested on 21.05.1 and on 22.01-DEVELOPMENT (built on Sun Oct 31 05:21:32 UTC 2021)
There are 'IPv6 Address' (Framed-... Azamat Khakimyanov

06:15 AM Feature #12495: DynDNS: add deSEC IPv4&v6 simultaneos update

Depending Ticket: https://redmine.pfsense.org/issues/12494
PR: https://github.com/pfsense/pfsense/pull/4543 Lukas Wiest

06:11 AM Feature #12495 (Pull Request Review): DynDNS: add deSEC IPv4&v6 simultaneos update

The current implementation for the DynDNS provider DeSEC only supports either IP or LegacyIP updates, but entries tha... Lukas Wiest

06:14 AM Feature #12494: DynDNS: make simultaneous update of IP and LegacyIP possible

PR: https://github.com/pfsense/pfsense/pull/4542 Lukas Wiest

06:10 AM Feature #12494 (Pull Request Review): DynDNS: make simultaneous update of IP and LegacyIP possible

At the moment PfSense can only update either IP (IPv6) or LegacyIP (IPv4) records.
For services that allow multiple ... Lukas Wiest

06:07 AM pfSense Packages Bug #9922 (Resolved): haproxy_version does not use full path to haproxy, leads to errors when run during cron

Tested on 21.05.1 and on 22.01-DEVELOPMENT (built on Sun Oct 31 05:21:32 UTC 2021)
Both versions have full path '/... Azamat Khakimyanov

10/30/2021

07:12 PM pfSense Packages Bug #12258 (Pull Request Review): Copy key buttons only work in HTTPS mode

Updating status to Pull Request Review until changes are live. Kris Phillips

12:42 PM pfSense Packages Bug #12258: Copy key buttons only work in HTTPS mode

PR has been merged, this should be on the next release so ticket can be closed Adam Cooper

07:08 PM pfSense Packages Bug #11098: Backup Files and Directories plugin crashes firewall if /root specified as backup location

Attempting a backup produces a crash, but doesn't freeze the entire firewall or fill the drive thankfully. It also s... Kris Phillips

06:43 PM Bug #12001: System attempts to stop inactive services at shutdown

Installed and setup the snort package on 22.01. Enabled and then disabled it. Halted the system and I don't see any... Kris Phillips

06:34 PM Bug #12241: System Information widget unnecessarily polls data for hidden items

Tested in 22.01. Could be placebo but I noticed a 3-4x CPU usage drop after removing the System Information widget. Kris Phillips

02:11 PM Todo #12218: Move "Description" option on OpenVPN server and client pages to top of the page, show internal instance ID

Tested in
22.01-DEVELOPMENT (amd64)
built on Sat Oct 30 05:20:58 UTC 2021
FreeBSD 12.3-PRERELEASE
Description... Max Leighton

12:43 PM pfSense Packages Bug #12251: Wireguard 0.1.5 - ignores "KeepAlive" parameter if empty (instead of disabling)

PR has been merged, should be in the next release so ticket can be closed Adam Cooper

12:38 PM Bug #12493 (Duplicate): IPsec continues to intercept traffic even after Phase II is removed

pfSense version:
pfSense community edition
Version 2.5.2-Release (amd64)
FreeBSD 12.2-Stable
The issue:
We are... Chaim Robinson

11:41 AM Feature #12438 (Resolved): Option to select PPPoE Server authentication protocol

Tested CHAP with PPPoE server in
2.6.0-DEVELOPMENT (amd64)
built on Sat Oct 30 05:23:33 UTC 2021
FreeBSD 12.3-PR... Max Leighton

11:03 AM Feature #12433 (Resolved): Icon for traffic direction on floating rules tab

Checked in
2.6.0-DEVELOPMENT (amd64)
built on Sat Oct 30 05:23:33 UTC 2021
FreeBSD 12.3-PRERELEASE
There is ... Max Leighton

10/29/2021

10:20 PM Bug #12347 (Resolved): IPsec widget treats phase 1 in "connecting" state as connected

widget shows P1 "disconnected" while it is in connecting state. Alhusein Zawi

03:20 PM pfSense Docs Correction #9370 (In Progress): Update old screenshots

* Updated RFC 1918 egress prevention recipe
* https://gitlab.netgate.com/docs/pfSense-docs/-/commit/597814b04beef... Jim Pingle

03:03 PM Feature #12011: Disable log compression on new installations when ``/var/log`` is a ZFS dataset with compression enabled

If you wipe and reload a 2100 or 1100 on a current 22.01 snapshot and use ZFS it will have lz4 compression on @/var/l... Jim Pingle

10:41 AM pfSense Packages Bug #12399 (Confirmed): WireGuard v0.1.5 - Tunnel Will Never Handshake Again After WAN Reset

Christian McDonald

08:21 AM Feature #4881: Allow NPt to use dynamic IPv6 networks

Flole Systems wrote in #note-25:
> There is a PR pending for this since 11 months apparently, what's the current sta... Csoban Kesmarki

07:37 AM pfSense Docs Todo #11812 (Closed): Feedback on pfSense Configuration Recipes — Configuring IPv6 Through A Tunnel Broker Service

Jim Pingle

07:36 AM pfSense Docs Todo #11743 (Closed): Feedback on Virtual Private Networks — VPN Scaling

Jim Pingle

07:36 AM pfSense Docs New Content #12432 (Closed): Add documentation for DNS Resolver Status page

Jim Pingle

07:36 AM pfSense Docs Todo #12429 (Closed): Feedback on Bridging

Jim Pingle

07:36 AM pfSense Docs Correction #11176 (Closed): Feedback on Services — DNS Resolver

Jim Pingle

07:36 AM pfSense Docs Todo #11417 (Closed): Feedback on Services — DNS Resolver — DNS Resolver Advanced Options

Jim Pingle

07:36 AM pfSense Docs Correction #9373 (Closed): Feedback on Services — DNS — Configuring the DNS Resolver

Jim Pingle

07:35 AM pfSense Docs Correction #9394 (Closed): Feedback on Services — DNS — Configuring the DNS Resolver

Jim Pingle

07:35 AM pfSense Docs Todo #12182 (Closed): Update IPsec to match recent changes

Jim Pingle

10/28/2021

09:21 PM Bug #12350 (Resolved): Incorrect label for IPsec DH group 32

fixed
2.6.0.a.20211028.0500 Alhusein Zawi

09:13 PM pfSense Packages Bug #12487: Netgate Firmware Upgrade 0.41.1 offers to upgrade FW version 01.00.00.11 to itself

FWIW, it looks like the bug is here, where check_update() returns true when current version == new version on non-610... Andrew Warren

11:08 AM pfSense Packages Bug #12487: Netgate Firmware Upgrade 0.41.1 offers to upgrade FW version 01.00.00.11 to itself

And it is not showing the update button when it should (Netgate 7100 on 21.05.2 0.41_1) Chris Linstruth

07:50 AM pfSense Packages Bug #12487: Netgate Firmware Upgrade 0.41.1 offers to upgrade FW version 01.00.00.11 to itself

This also appears to affect RCC-VE devices. An SG-4860 here.
Tested:
pkg v0.43 in 22.01 Steve Wheeler

03:44 PM Bug #12492 (Not a Bug): 'DHCPv6 Static Mappings for this Interface' option isn't reliable working (2.5.2-RELEASE (amd64) )

This site is not for support or diagnostic discussion. As you stated, the configuration appears to be correct, so the... Jim Pingle

03:41 PM Bug #12492 (Not a Bug): 'DHCPv6 Static Mappings for this Interface' option isn't reliable working (2.5.2-RELEASE (amd64) )

'DHCPv6 Static Mappings for this Interface' option isn't reliable working (2.5.2-RELEASE (amd64))
I am experiencin... Patrice BBBBB

03:30 PM pfSense Packages Feature #12491 (New): squidguard: allow multiple regex

When adding a Target category, please allow multiple lines in the 'Regular Expression' list. The upstream squidguard... Jesse Norell

02:46 PM pfSense Packages Bug #12399: WireGuard v0.1.5 - Tunnel Will Never Handshake Again After WAN Reset

> Ryan,
>
> Thanks for the continued investigation here. I'm tracking the kernel module development closely. Prelim... Ryan Roosa

09:52 AM pfSense Packages Bug #12399: WireGuard v0.1.5 - Tunnel Will Never Handshake Again After WAN Reset

Ryan Roosa wrote in #note-17:
> Just a quick update to let you know I've tested for this issue on the latest communi... Christian McDonald

02:17 PM Bug #10955: XMLRPC sync results in an error when a failover peer IP address is specified in DHCP server settings for an unconfigured interface

Updating subject for release notes. Jim Pingle

02:15 PM Regression #11512: DHCP Leases page and ARP table page fail to load if DNS is not available

Updating subject for release notes. Jim Pingle

02:14 PM Regression #12442: Unexpected error message after trying to delete a CARP VIP

Was broke and fixed in snapshots, never in a release. Jim Pingle

02:13 PM Bug #12362: Validation when deleting a VIP does not prevent deleting a CARP VIP used as a parent for an IP Aliases VIP

Updating subject for release notes. Jim Pingle

02:12 PM Bug #12356: Validation when deleting a VIP does not check if the VIP is used by IPsec phase 1 entries

Updating subject for release notes. Jim Pingle

02:11 PM Feature #4769: IPv6 support in the Traffic Shaper Wizard

Updating subject for release notes. Jim Pingle

02:10 PM Bug #12410: 1:1 NAT edit page lists incorrect entries in the Destination field

Updating subject for release notes. Jim Pingle

02:09 PM Regression #12377: NAT Rule Reorder

Introduced and fixed in snapshots, never in a release. Jim Pingle

02:08 PM Bug #12319: NAT reflection does not work for IPv6 port forwarding rules when configured for NAT+Proxy mode

Updating subject for release notes. Jim Pingle

02:07 PM Feature #12318: Display default "Reflection Timeout" value on ``system_advanced_firewall.php``

Updating subject for release notes. Jim Pingle

02:07 PM Bug #10706: Kernel route table entries are removed if they match disabled static route entries

Updating subject for release notes.
It's not specific to OpenVPN, routes from any other source could be impacted. Jim Pingle

02:05 PM Feature #12438: Option to select PPPoE Server authentication protocol

Updating subject for release notes. Jim Pingle

02:05 PM Regression #12396: PHP Warning: Use of undefined constant ip - /etc/inc/services.inc on line 2465

Since this was only a regression in snapshots, no need to include it in release notes. Jim Pingle

02:00 PM Bug #12481: Temporary files for firewall rules generated from RADIUS ACL entries are not deleted on unclean shutdown

Updating subject for release notes. Jim Pingle

01:59 PM Feature #12321: Pop-up window to view firewall rules generated from RADIUS ACL entries on the OpenVPN status page

Updating subject for release notes. Jim Pingle

01:58 PM Feature #12291: Support for Slack notifications

Updating subject for release notes. Jim Pingle

01:57 PM Bug #12366: Rotation settings for individual log files do not take effect after saving

Updating subject for release notes. Jim Pingle

01:57 PM Bug #12435: "6RD Prefix" field does not have input validation

Updating subject for release notes. Jim Pingle

01:56 PM Bug #12371: Remove subnet overlap check on LAN interfaces when using 6rd

Updating subject for release notes. Jim Pingle

01:55 PM Regression #12288: GRE and GIF tunnel inside addresses are missing at the OS level after applying changes on assigned interfaces

Updating subject for release notes. Jim Pingle

01:54 PM Bug #12439: "Default preferred lifetime" field for IPv6 RA does not have input validation

Updating subject for release notes. Jim Pingle

01:52 PM Bug #12419: Console boot output includes ``Configuring IPsec VTI interfaces`` when no VTI interfaces are configured

Updating subject for release notes. Jim Pingle

01:51 PM Feature #12316: Include firewall rules generated from OpenVPN RADIUS ACL entries in status output

Updating subject for release notes. Jim Pingle

01:50 PM Bug #12347: IPsec widget treats phase 1 in "connecting" state as connected

Updating subject for release notes. Jim Pingle

01:47 PM Bug #11482 (Closed): WireGuard interfaces do not always have proper MTU applied

Jim Pingle

01:34 PM Feature #11899 (Duplicate): Add support for non-Oracle IP Check providers

Jim Pingle

01:23 PM pfSense Packages Bug #12490: pfSense(CE) completely freezes up with WireGuard

Hi Mark,
We haven't run into any deadlocks and/or crashes like this for quite some time. First thing I would check... Christian McDonald

12:44 PM pfSense Packages Bug #12490 (Rejected): pfSense(CE) completely freezes up with WireGuard

Hello everyone,
I encountered a strange issue with the Wireguard plugin installed (and in use).
I had a very diff... Mark Zeller

12:24 PM pfSense Docs New Content #9753 (Feedback): Feedback on Installing and Upgrading — Writing Disk Images

Step 2: I replaced the info in the pfSense docs with just the Etcher info, and linked to the main reference doc for a... Jim Pingle

11:12 AM pfSense Docs New Content #9753: Feedback on Installing and Upgrading — Writing Disk Images

Step 1: I updated the main shared reference doc with info on Etcher and made other updates as well
https://gitlab.... Jim Pingle

10:14 AM pfSense Docs New Content #9753 (In Progress): Feedback on Installing and Upgrading — Writing Disk Images

I've already been working on this Jim Pingle

09:10 AM Feature #12489 (Closed): OpenSSH update to the latest version.

We use the version of OpenSSH that ships with the base installation of FreeBSD. It may not always be the latest, but ... Jim Pingle

09:06 AM Feature #12489 (Closed): OpenSSH update to the latest version.

pfSense 2.5.2 version runs the OpenSSH_7.9-p1 version. That is not the latest one.
Danilo Zrenjanin

08:59 AM Revision 4d016cc4: Do not detach ng_ether from physical interfaces

There's no measurable performance impact[1] of leaving an unused ng_ether
node attached to ethernet interfaces, so do... Kristof Provost

08:32 AM Bug #12488 (Not a Bug): Problem with IPSEC - DPD or Child SA keep-alive

This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle

08:22 AM Bug #12488 (Not a Bug): Problem with IPSEC - DPD or Child SA keep-alive

I was trying to Configure a new Site to Site IPsec tunnel.
We already have 3 Sites, with lots of Child SA's, in our ... Marc Schildt

10/27/2021

11:10 PM Revision d6bc49df: Document that upstream gateway controls WAN type vs. LAN type interface

Brett Keller

08:46 PM Revision 66b1de4c: IPsec SPD status updates. Implements #12397

* Fix backend parsing of setkey data
* Check for VTI vs tunnel mode
* Output mode in GUI status, and VTI interface na... Jim Pingle

07:51 PM Revision 5814ad25: Revise IPsec widget icon behavior. Fixes #12347

* Change P1 status test so it can detect the "connecting" state and show
a distinct icon.
* Use gettext() for icon to... Jim Pingle

04:00 PM Bug #12350 (Feedback): Incorrect label for IPsec DH group 32

Applied in changeset commit:c7a78ad6792a4cff9ab53fd1171b9f77c925d390. Viktor Gurov

04:00 PM Bug #12481 (Feedback): Temporary files for firewall rules generated from RADIUS ACL entries are not deleted on unclean shutdown

Applied in changeset commit:a96a7151f15c0ad54bdac522b1ac3876409766b9. Viktor Gurov

03:54 PM Feature #12397 (Feedback): Distinguish between policy-based and route-based entries on IPsec status SPD tab

Fix committed, will be in images soon. Jim Pingle

12:27 PM Feature #12397 (In Progress): Distinguish between policy-based and route-based entries on IPsec status SPD tab

Jim Pingle

03:54 PM Bug #12347 (Feedback): IPsec widget treats phase 1 in "connecting" state as connected

Fix committed, will be in images soon. Jim Pingle

12:27 PM Bug #12347 (In Progress): IPsec widget treats phase 1 in "connecting" state as connected

Jim Pingle

03:46 PM Feature #4881: Allow NPt to use dynamic IPv6 networks

It is blocked waiting on #6880 which is still undergoing testing and development. Jim Pingle

03:30 PM Feature #4881: Allow NPt to use dynamic IPv6 networks

There is a PR pending for this since 11 months apparently, what's the current status? Flole Systems

01:25 PM Bug #12170: Interface assignment mismatch is not detected if VLAN-only parent interface is removed

Jim,
Your choice of course however note:
- I took me longer than necessary to understand the problem by then, bec... Louis B

01:10 PM Bug #12170: Interface assignment mismatch is not detected if VLAN-only parent interface is removed

And as noted above, that may be true for your environment but *not* for most others. Your experience is *unusual* and... Jim Pingle

12:58 PM Bug #12170: Interface assignment mismatch is not detected if VLAN-only parent interface is removed

Jim,
As stated before, IMHO the fact that a particular interface fails, should NOT be a reason to shut the whole s... Louis B

01:05 PM pfSense Docs Correction #12471: AES-XCBC should not be recommended as PRF for IPsec

Kev Kitchens wrote in #note-5:
> Totally understandable, although I believe most CPUs supporting AES-NI would also l... Jim Pingle

12:55 PM pfSense Docs Todo #12478 (Feedback): Feedback on Virtual Private Networks — IPsec — Mobile IPsec — Choosing a Mobile IPsec Style

Added to staged 22.01 docs:
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/64cbd3b581c737171e0f592994b7bbce... Jim Pingle

12:26 AM pfSense Packages Bug #12487 (Closed): Netgate Firmware Upgrade 0.41.1 offers to upgrade FW version 01.00.00.11 to itself

See attached screenshot. When current firmware version == latest firmware version, should there be an "Upgrade and R... Andrew Warren

10/26/2021

05:57 PM Revision 3d1db50b: vim-console is now a FLAVOR

Renato Botelho

10:24 AM Bug #12472: IPsec Keep Alive does not work correctly with gateway groups in HA

There exists checks in other areas that could be adapted for this:
https://gitlab.netgate.com/pfSense/pfSense/blob/m... Marcos M

06:41 AM pfSense Packages Feature #11531 (Assigned): Show netmap compatible cards in IPS Mode note

Tested on 21.05.1
There is a list of Netmap! Supported drivers:
_WARNING: Inline Mode only works with NIC drivers w... Azamat Khakimyanov

06:31 AM pfSense Packages Feature #11533 (Resolved): add ena(4) to the list of INLINE mode (netmap) supported cards

Tested on 21.05.1
There is ena NIC in the list of Netmap! Supported drivers.
Marked this Feature request as resolved. Azamat Khakimyanov

10/25/2021

06:21 PM Bug #6880: Multiple DHCP6 WAN connections leads to multiple dhcp6c clients

Has the fix been merged yet? What's the current status? Can we set the target version appropriately as there is now a... Flole Systems

05:24 PM pfSense Docs Correction #12469: Automatic outbound NAT rules are applied to the WG interface

Brett Keller wrote in #note-8:
> Setting an upstream gateway includes the interface in automatic outbound NAT rule g... Brett Keller

05:04 PM Bug #12486: Editing a network interface

I see now, at some point I must have turned on RAs then turned off IPv6 for the interface I’d turned it on for. Maybe... James Chambers

03:37 PM Bug #12486: Editing a network interface

Sorry but I’ve searched and searched for answers already, the interface tells me to disable router advertisements and... James Chambers

02:33 PM Bug #12486 (Not a Bug): Editing a network interface

This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle

01:24 PM Bug #12486: Editing a network interface

*issue James Chambers

01:23 PM Bug #12486: Editing a network interface

I can get around the issues by temporarily adding an IPv6 configuration. James Chambers

01:12 PM Bug #12486 (Not a Bug): Editing a network interface

I have a network interface just for accessing the pfSense GUI. From this network I can edit other interfaces but I am... James Chambers

12:31 PM pfSense Packages Bug #12399: WireGuard v0.1.5 - Tunnel Will Never Handshake Again After WAN Reset

Just a quick update to let you know I've tested for this issue on the latest community release of OPNsense (21.7.3_3)... Ryan Roosa

10:11 AM Feature #12011: Disable log compression on new installations when ``/var/log`` is a ZFS dataset with compression enabled

I'm fairly certain that's because the 2100 and 1100 have compression off on @/var/log@ by default. You can confirm th... Jim Pingle

10:06 AM Feature #10587 (Resolved): UPnP/NAT-PMP STUN configuration options

Jim Pingle

10:02 AM pfSense Packages Bug #11465 (Closed): Input validation does not prevent multiple conflicting WireGuard peers on a single tunnel from attempting to act as default route

Jim Pingle

09:51 AM Bug #12485 (Rejected): DDNS set to a gateway group does not update on WAN failover

I can't replicate this. I use multi-WAN with DDNS on my edge and it updates properly, I had several failures last wee... Jim Pingle

07:26 AM pfSense Packages Feature #11386 (Resolved): Add WireGuard tunneled networks to vpnaddresses list

Tested on 21.05_p1 and on 22.01-DEVELOPMENT (built on Sun Oct 24 05:22:55 UTC 2021)
I see WireGuard tunnel network i... Azamat Khakimyanov

10/24/2021

08:02 AM pfSense Packages Bug #11682 (Resolved): Certificate Manager page do not show STunnel used certificates

Tested on 21.05.1 and 22.01-DEVELOPMENT (built on Sun Oct 24 05:22:55 UTC 2021)
I still see this Bug on 21.05.1 but ... Azamat Khakimyanov

07:43 AM pfSense Packages Bug #11683 (Resolved): Certificate Manager page doesn't show FreeRADIUS used certificates

Tested on 21.05.1 and 22.01-DEVELOPMENT (built on Sun Oct 24 05:22:55 UTC 2021)
I see FreeRADIUS certificate in 'IN ... Azamat Khakimyanov

07:04 AM pfSense Packages Bug #11687 (Resolved): Fix download URLs for SecuriteInfo.com

Tested on 21.05.1 and 22.01-DEVELOPMENT (Squid: 0.4.45_5).
I saw SecuriteInfo.com ID in /usr/local/pkg/squid_antivir... Azamat Khakimyanov

10/23/2021

06:13 PM Feature #10587: UPnP/NAT-PMP STUN configuration options

Options for setting STUN configuration is present in UPnP/NAT-PMP on 22.01.a.20211023.0500 Jordan G

05:47 PM Feature #12011: Disable log compression on new installations when ``/var/log`` is a ZFS dataset with compression enabled

2100 on ZFS upgraded to 22.01.a.20211023.0500 shows bzip2 as log compression setting. Set to none, saved and then fac... Jordan G

05:23 PM pfSense Plus Bug #11626: Google LDAP connections fail due to lack of SNI for TLS 1.3

It appears that openldap25-client and openldap25-server are both in freshports for FreeBSD.
https://www.freshpor... Kris Phillips

11:55 AM Feature #12441 (Resolved): Send notification for halt, reboot, and reroot events

Tested in
2.6.0-DEVELOPMENT (amd64)
built on Sat Oct 23 05:23:58 UTC 2021
FreeBSD 12.3-PRERELEASE
I get no... Max Leighton

11:44 AM Todo #12449: Update "DNS Server Override" and "DNS Query Forwarding" help text

Checked in
2.6.0-DEVELOPMENT (amd64)
built on Sat Oct 23 05:23:58 UTC 2021
FreeBSD 12.3-PRERELEASE
The help ... Max Leighton

06:48 AM Bug #12483: GUI creates inconsistent config.xml

The `staticroutes` is just 1 example of many, there are few other configuration keys which are victim of this issue.
... Evren Yurtesen

06:36 AM pfSense Packages Bug #11465: Input validation does not prevent multiple conflicting WireGuard peers on a single tunnel from attempting to act as default route

This ticket can now be closed as the PR has been merged Adam Cooper

10/22/2021

08:42 PM pfSense Docs Correction #12471: AES-XCBC should not be recommended as PRF for IPsec

Thanks for taking this up Jim!
> Originally that was recommended as it would result in the highest performance on ... Kev Kitchens

01:11 PM pfSense Docs Correction #12471 (Feedback): AES-XCBC should not be recommended as PRF for IPsec

Fixed in https://gitlab.netgate.com/docs/pfSense-docs/-/commit/5086c307ec3b213edcc7efbfc82eabf416053ce3 but won't be ... Jim Pingle

12:39 PM pfSense Docs Correction #12471: AES-XCBC should not be recommended as PRF for IPsec

It's also worth noting that the native IPsec client in Android 11 and 12 does support AES-XCBC and has it listed befo... Jim Pingle

09:58 AM pfSense Docs Correction #12471: AES-XCBC should not be recommended as PRF for IPsec

Originally that was recommended as it would result in the highest performance on systems with hardware acceleration f... Jim Pingle

08:24 PM Revision c7a78ad6: Elliptic Curve 25519, 448 bit -> Elliptic Curve 448, 448 bit PH2 rename. Fixes #12350

Viktor Gurov

04:15 PM Bug #12485: DDNS set to a gateway group does not update on WAN failover

I should add that WAN failover happens without issue. The default gateway becomes WAN2 as expected. It's just DDNS th... Max Leighton

04:14 PM Bug #12485 (Rejected): DDNS set to a gateway group does not update on WAN failover

For my test, I observed this in 21.01, and it has been observed in 21.05.1 as well.
It's been reported that DDNS i... Max Leighton

03:04 PM pfSense Packages Bug #12482 (Pull Request Review): Outdated doc links

Jim Pingle

08:59 AM pfSense Packages Bug #12482: Outdated doc links

fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/140 Viktor Gurov

07:06 AM pfSense Packages Bug #12482 (Resolved): Outdated doc links

The HAProxy-devel package (based on haproxy 2.4.x) uses outdated doc links (haproxy 1.7):... Viktor Gurov

03:02 PM Bug #12350 (Pull Request Review): Incorrect label for IPsec DH group 32

Jim Pingle

01:09 AM Bug #12350: Incorrect label for IPsec DH group 32

Alhusein Zawi wrote in #note-5:
> fixed "Elliptic Curve 448" in P1.
>
> still showing up as "Elliptic Curve 25519... Viktor Gurov

03:01 PM Feature #12184 (Pull Request Review): GUI options to configure IKE retransmission behavior

Jim Pingle

01:05 AM Feature #12184: GUI options to configure IKE retransmission behavior

https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/438 Viktor Gurov

02:56 PM Bug #12481 (Pull Request Review): Temporary files for firewall rules generated from RADIUS ACL entries are not deleted on unclean shutdown

Jim Pingle

12:56 PM pfSense Packages Bug #12142 (Resolved): XMLRPC replication target configuration

Tested on the:... Danilo Zrenjanin

12:39 PM Bug #12356 (Resolved): Validation when deleting a VIP does not check if the VIP is used by IPsec phase 1 entries

Tested on the:... Danilo Zrenjanin

09:42 AM pfSense Packages Bug #12484 (Duplicate): Unable to remove intermediate CA

It's the same as the other linked issue. Adding that feature will solve this problem as the user could choose the oth... Jim Pingle

09:38 AM pfSense Packages Bug #12484 (Duplicate): Unable to remove intermediate CA

Some client needs to remove intermediate "ISRG Root X1" CA to allow legacy clients to work,
otherwise they will get ... Viktor Gurov

07:54 AM Bug #12483 (New): GUI creates inconsistent config.xml

With pfSense 2.5. If I update the Hostname from the GUI. The config diff shows the normal hostname change, in additio... Evren Yurtesen

02:50 AM Feature #7749 (Resolved): Support ``0`` CIDR mask for IGMP Proxy networks

Viktor Gurov

02:06 AM Feature #7749: Support ``0`` CIDR mask for IGMP Proxy networks

Tested on the:... Danilo Zrenjanin

10/21/2021

07:10 PM Bug #12350: Incorrect label for IPsec DH group 32

fixed "Elliptic Curve 448" in P1.
still showing up as "Elliptic Curve 25519, 448 bit" in P2.
2.6.0.a.202110... Alhusein Zawi

05:15 PM pfSense Docs Correction #12471: AES-XCBC should not be recommended as PRF for IPsec

For some further justification, the NIST Guide to IPsec VPNs (SP 800-77) does not list AES-XCBC as an approved PRF al... Kev Kitchens

03:11 PM Revision a96a7151: Delete stale OpenVPN RADIUS ACL generated rules. Fixes #12481

Viktor Gurov

02:02 PM Revision 5a1436da: Tell us the name of the logs tarball so we don't have to go hunting through s3

Brad Davis

01:28 PM Revision 46cdd9ab: Allow to select PPPoE Server authentication protocol. Implements #12438

Viktor Gurov

01:27 PM Revision aa1936ee: DNS check optimization for NDP diag page. Fixes #11512

Viktor Gurov

10:13 AM Bug #12481: Temporary files for firewall rules generated from RADIUS ACL entries are not deleted on unclean shutdown

fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/436 Viktor Gurov

09:47 AM Bug #12481 (Closed): Temporary files for firewall rules generated from RADIUS ACL entries are not deleted on unclean shutdown

ovpn_ovpnsX_user_NNN.rules files under /tmp folder are not deleted on unclean shutdown Viktor Gurov

09:41 AM Bug #12335: IPsec DNS inefficiency

Jim Pingle wrote:
> Additionally, look at all calls of @ipsec_get_phase1_dst()@ such as when configuring VTI interfa... Viktor Gurov

08:45 AM Feature #12438 (Feedback): Option to select PPPoE Server authentication protocol

Applied in changeset commit:46cdd9ab8e3f5e22a9178f9bca2d8785f7de38a7. Viktor Gurov

08:01 AM Feature #12438 (Pull Request Review): Option to select PPPoE Server authentication protocol

Jim Pingle

06:12 AM Feature #12438: Option to select PPPoE Server authentication protocol

fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/434 Viktor Gurov

08:35 AM Regression #11512 (Feedback): DHCP Leases page and ARP table page fail to load if DNS is not available

Applied in changeset commit:aa1936eefc251b5330e7392f3b1fbc23a006a400. Viktor Gurov

08:30 AM Feature #12441 (Feedback): Send notification for halt, reboot, and reroot events

Applied in changeset commit:138f2dd0087989cfd5cbb2caa71af83529139475. Viktor Gurov

07:59 AM Feature #12441 (Pull Request Review): Send notification for halt, reboot, and reroot events

Jim Pingle

03:28 AM Feature #12441 (New): Send notification for halt, reboot, and reroot events

Send notification on WebGUI reboot/reroot/halt:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/433 Viktor Gurov

08:25 AM Revision 138f2dd0: Send notification on WebGUI reboot/reroot/halt. Implements #12441

Viktor Gurov

08:19 AM Feature #12480: Wake on LAN button to wake all devices

Adding a confirmation prompt would be viable, but I don't see it being a significant enough need to add an option som... Jim Pingle

06:59 AM Feature #12480: Wake on LAN button to wake all devices

It could be a good idea to have the possibilities to move/remove the button "Wake All Devices" or be able to put ... Antoine Graux

06:56 AM Feature #12480 (Resolved): Wake on LAN button to wake all devices

It could be a good idea to have the possibilities to move or remove the button "Wake All Devices".If the administrato... Antoine Graux

08:15 AM Bug #12436: Pppoe server config gui does not allow setting of chap authentication, and sets the network start address for allocation to 0

Viktor Gurov wrote in #note-4:
> Jim Pingle wrote in #note-3:
> > An IP address ending in @.0@ is only invalid when... Jim Pingle

06:31 AM Bug #12436 (New): Pppoe server config gui does not allow setting of chap authentication, and sets the network start address for allocation to 0

Jim Pingle wrote in #note-3:
> An IP address ending in @.0@ is only invalid when used as a part of an actual subnet.... Viktor Gurov

03:48 AM Bug #9344: OpenVPN click NCP Algorithms will always go to DH Parameters website(in Chinese-Taiwan)

I've already fixed this issue on https://zanata.netgate.com, but it looks like it's not merged to 2.6.0 Viktor Gurov

12:45 AM Bug #12452: Port forward rules are not created for special networks (pppoe, openvpn)

Marcos Mendoza wrote in #note-1:
> This should be tested on 22.01 snapshots as something changed to fix the missing ... Viktor Gurov

10/20/2021

05:53 PM pfSense Docs Correction #12469: Automatic outbound NAT rules are applied to the WG interface

Christian McDonald wrote in #note-3:
> For assigned tunnel interfaces, the inverse is true...pfSense has no way of k... Brett Keller

10:25 AM pfSense Docs Correction #12469 (Closed): Automatic outbound NAT rules are applied to the WG interface

Merged and deployed. Jim Pingle

08:28 AM pfSense Docs Correction #12469 (Pull Request Review): Automatic outbound NAT rules are applied to the WG interface

Jim Pingle

04:48 PM Revision e6df5881: Icon for traffic direction on floating rules tab. Implements #12433

Viktor Gurov

04:11 PM Revision 6e889d88: Fix OpenVPN status page halt function when client_id=0. Issue #12416

Viktor Gurov

04:07 PM Revision 349e7c67: Update DNS Server Override and DNS Query Forwarding help text. Todo #12449

Viktor Gurov

04:05 PM Revision 2c702751: IPsec PC/SC daemon status / services page fix. Issue #12468

Viktor Gurov

03:17 PM Bug #12479 (Rejected): Secure Cookie Attribute Not Set for webConfigurator

It's already set to true if the GUI is set to HTTPS.
If it's set to HTTP, it isn't set.
source:src/etc/inc/auth... Jim Pingle

03:10 PM Bug #12479 (Rejected): Secure Cookie Attribute Not Set for webConfigurator

The webConfigurator does not require secure transmission of cookies using the Secure Cookie Attribute in PHP. As suc... Kris Phillips

01:50 PM Revision 0b783d30: Remove stale captiveportal_online_users file on boot. Fixes #12455

Viktor Gurov

01:13 PM Regression #12442 (Resolved): Unexpected error message after trying to delete a CARP VIP

fixed
"Virtual IP # 0 does not exist." is not showing up.
2.6.0.a.20211020.0500
Alhusein Zawi

11:55 AM Feature #12433 (Feedback): Icon for traffic direction on floating rules tab

Applied in changeset commit:e6df58819b5cfd261630d2ff35a9d40246a2af45. Viktor Gurov

11:50 AM Feature #12416 (Feedback): Support OpenVPN ``client-kill`` to terminate remote clients instead of clearing their session

Merged Viktor Gurov

11:49 AM Todo #12449 (Feedback): Update "DNS Server Override" and "DNS Query Forwarding" help text

Merged Viktor Gurov

11:49 AM Bug #12468 (Feedback): Stopping IPsec daemon on the Status / Services page lead to log files flooding if pcscd daemon is enabled

Merged Viktor Gurov

09:10 AM Bug #12455 (Feedback): Captive Portal online user statistics data is not cleared on unclean shutdown

Applied in changeset commit:0b783d30498a717d27419be6a9fd1c129d26ae21. Viktor Gurov

08:54 AM pfSense Docs Todo #12478: Feedback on Virtual Private Networks — IPsec — Mobile IPsec — Choosing a Mobile IPsec Style

There are mentions of Group auth in the IPsec docs which are still pending (waiting on 22.01 now):
http://stage-v2... Jim Pingle

08:37 AM pfSense Docs Todo #12478 (Closed): Feedback on Virtual Private Networks — IPsec — Mobile IPsec — Choosing a Mobile IPsec Style

*Page:* https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/mobile-choices.html#ikev2-with-eap-radius
https... Viktor Gurov

08:35 AM Bug #12472: IPsec Keep Alive does not work correctly with gateway groups in HA

Viktor Gurov wrote in #note-1:
> It's difficult to determine if specific interfaces of a gateway group are being use... Jim Pingle

02:45 AM Bug #12472: IPsec Keep Alive does not work correctly with gateway groups in HA

It's difficult to determine if specific interfaces of a gateway group are being used for CARP VIP too, since the conf... Viktor Gurov

08:30 AM pfSense Packages Bug #12475 (Pull Request Review): OpenVPN Client Export does not show certificate without private key

Jim Pingle

01:42 AM pfSense Packages Bug #12475: OpenVPN Client Export does not show certificate without private key

fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/137 Viktor Gurov

08:22 AM pfSense Packages Bug #12293 (Resolved): Resolve host via Reverse DNS looks shows IDN domains as punnycode

suricata 6.0.3_3 - works as expected Viktor Gurov

08:21 AM Todo #12454 (Resolved): Suppress kernel messages when loading ``dummynet`` and thermal sensor modules

2.6.0.a.20211020.0500 - works as expected Viktor Gurov

08:17 AM Bug #12448 (Resolved): Set OpenVPN Gateway Creation value to "Both" by default for new instances

2.6.0.a.20211020.0500 - looks good Viktor Gurov

03:23 AM Feature #12407: Use deferred client connections in OpenVPN

Marcos Mendoza wrote in #note-1:
> https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/402
#12321 and #12316... Viktor Gurov

03:16 AM pfSense Packages Regression #12476: Suricata 6.0.3_3 Pass List ignores all single IPs

fix:
https://github.com/pfsense/FreeBSD-ports/pull/1117 Viktor Gurov

02:57 AM Bug #12477 (Closed): IPsec Keep Alive does not work correctly with stacked IP Aliases in HA

not an issue, work correctly Viktor Gurov

02:47 AM Bug #12477 (Closed): IPsec Keep Alive does not work correctly with stacked IP Aliases in HA

In @ipsec_keepalive.php: (substr($status[$ikeid]['p1']['interface'], 0, 4) == "_vip")@ does not check IP Aliases stac... Viktor Gurov

10/19/2021

02:46 PM Revision d12195f5: Set Gateway creation radio button to Both by default. Fixes #12448

Viktor Gurov

02:25 PM pfSense Docs Correction #12469 (Waiting on Merge): Automatic outbound NAT rules are applied to the WG interface

Thanks for the feedback.
https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/25 Christian McDonald

01:54 PM pfSense Packages Regression #12476: Suricata 6.0.3_3 Pass List ignores all single IPs

I did not try intermediate versions between 6.0.0_14 and 6.0.3_3, just installed the latest, so I can't say when this... Steve Y

09:57 AM pfSense Packages Regression #12476: Suricata 6.0.3_3 Pass List ignores all single IPs

Edit: I have a 2100/21.05.1 with the latest Snort 4.1.4_3 and it doesn't have this issue. Steve Y

09:50 AM pfSense Packages Regression #12476 (Resolved): Suricata 6.0.3_3 Pass List ignores all single IPs

After upgrading pfSense-pkg-suricata from 6.0.0_14 to 6.0.3_3 all Pass List entries for single IPs are ignored and no... Steve Y

01:00 PM Regression #12442 (Feedback): Unexpected error message after trying to delete a CARP VIP

Merged Viktor Gurov

12:59 PM Regression #12288 (Feedback): GRE and GIF tunnel inside addresses are missing at the OS level after applying changes on assigned interfaces

Merged Viktor Gurov

10:00 AM Bug #12448 (Feedback): Set OpenVPN Gateway Creation value to "Both" by default for new instances

Applied in changeset commit:d12195f57d0722749ebc4de177f7ea1648680a7e. Viktor Gurov

09:55 AM Feature #12441 (Feedback): Send notification for halt, reboot, and reroot events

Applied in changeset commit:4738f3080db4abb0e49d410d07a9611aeba65e25. Viktor Gurov

08:32 AM Revision 4738f308: Send reboot/reroot/halt notification. Implements #12441

Viktor Gurov

07:43 AM Bug #12470 (Pull Request Review): Thermal Sensors Dashboard widget filter for negative values refers to invalid variable

Jim Pingle

07:24 AM pfSense Packages Bug #12475 (Resolved): OpenVPN Client Export does not show certificate without private key

When using the page https://<server>/vpn_openvpn_export.php to export an openvpn client config package only certifica... Denis Grilli

05:21 AM pfSense Packages Feature #12447: Acme add dnsapi dns_cpanel.sh

How can I upgrade? Akos Tomaschik

10/18/2021

08:45 PM Feature #12473 (New): Allow user adjustment of IPsec Keep Alive periodic checks

Let the user adjust the keepalive check time introduced in #12169, as the keepalive time could be lowered once #12184... Marcos M

08:41 PM Bug #12472 (Resolved): IPsec Keep Alive does not work correctly with gateway groups in HA

In @ipsec_keepalive.php@: @(substr($status[$ikeid]['p1']['interface'], 0, 4) == "_vip")@ returns a false negative whe... Marcos M

08:33 PM Bug #12452: Port forward rules are not created for special networks (pppoe, openvpn)

This should be tested on 22.01 snapshots as something changed to fix the missing nat rules (see #11481) which may aff... Marcos M

06:40 PM pfSense Docs Correction #12471 (Closed): AES-XCBC should not be recommended as PRF for IPsec

The IPsec Configuration (https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/configure.html) and VPN Scaling (https:... Kev Kitchens

04:46 PM pfSense Packages Bug #12399: WireGuard v0.1.5 - Tunnel Will Never Handshake Again After WAN Reset

FWIW, just wanted to share updates I've made to my bandaid script. I found that 'head -c' usage on '/dev/urandom' lik... Ryan Roosa

11:16 AM pfSense Packages Bug #12399: WireGuard v0.1.5 - Tunnel Will Never Handshake Again After WAN Reset

Christian McDonald wrote in #note-13:
> Thank you for the detailed report here. This is immensely helpful. I will co... Ryan Roosa

04:10 PM Bug #12470 (Resolved): Thermal Sensors Dashboard widget filter for negative values refers to invalid variable

The Thermal Sensors widget has code to filter out any sysctl line that contains ' -', but is checking a $negsign vari... Daniel Cameron

03:14 PM Revision dc883862: Reset CP DB on unclean shutdown if preservedb option is not enabled. Fixes #12355

Viktor Gurov

03:13 PM Revision 661c23ea: GRE/GIF interface configure fix. Issue #12288

Viktor Gurov

03:13 PM Revision 26bbdbc5: deleteVIP() input validation fix. Issue #12442

Viktor Gurov

03:13 PM Revision 322ac50f: Elliptic Curve 25519, 448 bit -> Elliptic Curve 448, 448 bit rename. Fixes #12350

Viktor Gurov

03:12 PM Revision aabaad0a: Mute kernel messages on dummynet and thermal hardware modules load. Fixes #12454

Viktor Gurov

03:12 PM Revision 1c4c9e7f: Allow to use /0 netmask on IGMP Proxy edit page. Fixes #7749

Viktor Gurov

03:11 PM Revision ff6d9cb1: Traffic Shaper Wizard IPv6 support. Implements #4769

Viktor Gurov

02:48 PM pfSense Docs Correction #12469: Automatic outbound NAT rules are applied to the WG interface

Thanks. It would probably be useful to put a note about this in the docs for the s2s instructions. Brendon Baumgartner

02:41 PM pfSense Docs Correction #12469: Automatic outbound NAT rules are applied to the WG interface

Outbound NAT rules are not applied on unassigned tunnel interfaces. pfSense has no way of knowing these interfaces ex... Christian McDonald

01:49 PM pfSense Docs Correction #12469 (Resolved): Automatic outbound NAT rules are applied to the WG interface

These is back in the current wireguard package.
https://forum.netgate.com/topic/165344/wireguard-site-to-site-vpn/... Brendon Baumgartner

11:23 AM pfSense Docs Todo #12445 (Rejected): Feedback on pfSense Configuration Recipes

The ePub opens and reads fine in Calibre (Multiple operating systems), FBReader, and others I tried which support ePu... Jim Pingle

10:20 AM Bug #12355 (Feedback): Captive Portal database and ``ipfw`` rules are out of sync after unclean shutdown

Applied in changeset commit:dc883862bc431c929d3063cd83603b504cd173bd. Viktor Gurov

08:22 AM Bug #12355 (Pull Request Review): Captive Portal database and ``ipfw`` rules are out of sync after unclean shutdown

Jim Pingle

10:20 AM Bug #12350 (Feedback): Incorrect label for IPsec DH group 32

Applied in changeset commit:322ac50fafd5b186763b8113d3cab24d6101d8f1. Viktor Gurov

07:46 AM Bug #12350 (Pull Request Review): Incorrect label for IPsec DH group 32

Jim Pingle

10:20 AM Todo #12454 (Feedback): Suppress kernel messages when loading ``dummynet`` and thermal sensor modules

Applied in changeset commit:aabaad0ab7e479a19ae597f2710eb4004d10f2ac. Viktor Gurov

08:17 AM Todo #12454 (Pull Request Review): Suppress kernel messages when loading ``dummynet`` and thermal sensor modules

Jim Pingle

10:20 AM Feature #7749 (Feedback): Support ``0`` CIDR mask for IGMP Proxy networks

Applied in changeset commit:1c4c9e7f2fe686b8ccea6780cabe43635d27856d. Viktor Gurov

08:21 AM Feature #7749 (Pull Request Review): Support ``0`` CIDR mask for IGMP Proxy networks

The Gitlab link is private and intended for internal review, it's not public yet. Once we merge the PR it will be vis... Jim Pingle

10:20 AM Feature #4769 (Feedback): IPv6 support in the Traffic Shaper Wizard

Applied in changeset commit:ff6d9cb1d7d5443a196cbedbf5632d9072415a0a. Viktor Gurov

08:54 AM Feature #4769 (Pull Request Review): IPv6 support in the Traffic Shaper Wizard

Jim Pingle

10:03 AM pfSense Docs Correction #12450 (Closed): Typo in the Phase 2 proposal (Child SA) section.

Fixed in the new IPsec docs coming with 22.01, changing them in the current docs would cause a merge conflict with th... Jim Pingle

09:37 AM Bug #12468 (Pull Request Review): Stopping IPsec daemon on the Status / Services page lead to log files flooding if pcscd daemon is enabled

Jim Pingle

09:35 AM Bug #12460 (Pull Request Review): Unbound falls back to using all outgoing network interfaces if manually selected outgoing interface(s) are unavailable

Jim Pingle

09:31 AM Todo #12431 (Pull Request Review): GUI pages should use ``POST`` for AJAX calls, not ``GET``

Jim Pingle

09:26 AM Feature #12342 (Pull Request Review): Dynamic DNS client proxy support

Jim Pingle

09:21 AM Feature #12169 (Resolved): IPsec keep alive option to initiate phase 2 without using ICMP

Those should be added as a separate bug report and feature request. For most cases this is working fine.
Jim Pingle

09:19 AM Feature #12464 (Pull Request Review): Option to control log level of authentication messages in system logs ("Emergency" vs "Notice" level)

The current behavior is intentional since it triggers the login "beep" and console message.
If we change this at a... Jim Pingle

09:10 AM pfSense Packages Feature #11163 (Pull Request Review): Preferred Chain option

Jim Pingle

09:01 AM Feature #12433 (Pull Request Review): Icon for traffic direction on floating rules tab

Jim Pingle

08:37 AM pfSense Docs Todo #12457: Add UPS Configuration Recipes for apcupsd and nut UPS Packages with Common Brand Units

We could maybe add some generic info but we should not attempt to keep a list of settings in the docs for hardware we... Jim Pingle

08:28 AM Bug #12455 (Pull Request Review): Captive Portal online user statistics data is not cleared on unclean shutdown

Jim Pingle

08:17 AM Revision 9263389e: fix filter expression to check correct variable instead of non-existing one

Daniel Cameron

08:15 AM Feature #12267 (Pull Request Review): OpenVPN option to limit concurrent connections per user

Jim Pingle

08:14 AM Bug #12332 (Pull Request Review): OpenVPN does not clear old Cisco-AVPair anchor rules in some cases

Jim Pingle

08:14 AM Feature #12407 (Pull Request Review): Use deferred client connections in OpenVPN

Jim Pingle

07:59 AM pfSense Docs Todo #12453 (Closed): Support for translation

It is something we have considered in the past but have not made a firm decision on. It's not just a technical proble... Jim Pingle

07:55 AM Todo #12449 (Pull Request Review): Update "DNS Server Override" and "DNS Query Forwarding" help text

Jim Pingle

07:51 AM Bug #12448 (Pull Request Review): Set OpenVPN Gateway Creation value to "Both" by default for new instances

Jim Pingle

07:47 AM pfSense Packages Feature #12447 (Rejected): Acme add dnsapi dns_cpanel.sh

New providers all get added when we update ACME from upstream, we don't add them manually or separately like this, so... Jim Pingle

07:45 AM Regression #11512 (Pull Request Review): DHCP Leases page and ARP table page fail to load if DNS is not available

Jim Pingle

07:37 AM Bug #10304 (Closed): ``radvd`` only responds to the first Router Solicitation received after each multicast Router Advertisement

Jim Pingle

07:35 AM Regression #12442 (Pull Request Review): Unexpected error message after trying to delete a CARP VIP

Jim Pingle

07:33 AM Regression #12288 (Pull Request Review): GRE and GIF tunnel inside addresses are missing at the OS level after applying changes on assigned interfaces

Jim Pingle

07:31 AM Feature #12441 (Pull Request Review): Send notification for halt, reboot, and reroot events

Jim Pingle

07:27 AM Feature #12416 (Pull Request Review): Support OpenVPN ``client-kill`` to terminate remote clients instead of clearing their session

The "last fix PR":https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/413 hasn't been merged yet. Jim Pingle

05:48 AM pfSense Packages Todo #12456 (Resolved): Remove zabbix 5.2 packages

Max Leighton wrote in #note-3:
> I checked in
>
> 2.6.0-DEVELOPMENT (amd64)
> built on Sat Oct 16 05:24:35 UTC... Renato Botelho

10/17/2021

11:04 AM Feature #12318 (Resolved): Display default "Reflection Timeout" value on ``system_advanced_firewall.php``

2.6.0.a.20211016.0500 - looks good Viktor Gurov

10:02 AM Feature #12318 (Feedback): Display default "Reflection Timeout" value on ``system_advanced_firewall.php``

Viktor Gurov

10:04 AM Bug #8013 (New): IPsec MSS clamping value shared for IPv4 and IPv6

Jim Pingle wrote in #note-3:
> https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/230
This is another fi... Viktor Gurov

10:00 AM Bug #12468: Stopping IPsec daemon on the Status / Services page lead to log files flooding if pcscd daemon is enabled

fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/431 Viktor Gurov

09:52 AM Bug #12468 (Resolved): Stopping IPsec daemon on the Status / Services page lead to log files flooding if pcscd daemon is enabled

- PC/SC daemon must be stopped before strongswan, otherwise it will flood log
- There is no needs in PC/SC service e... Viktor Gurov

09:30 AM Bug #12460: Unbound falls back to using all outgoing network interfaces if manually selected outgoing interface(s) are unavailable

fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/430 Viktor Gurov

05:50 AM Revision 67fedb90: Use proxy for DDNS Check IP Services. Feature #12342

Viktor Gurov

05:35 AM Bug #12467: CP error on client disconnect after reboot

addition:
for some reason I see .db file of deleted CP zone after reboot (also if 'rm /var/db/captiveportal*'):
<pre... Viktor Gurov

04:56 AM Bug #12467 (Resolved): CP error on client disconnect after reboot

How to reproduce:
1) Create CP zone "mycpzone" with default settings and Local Database authentication (maybe other ... Viktor Gurov

01:30 AM Todo #12431: GUI pages should use ``POST`` for AJAX calls, not ``GET``

https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/429 Viktor Gurov

12:52 AM Feature #12342 (New): Dynamic DNS client proxy support

Check IP Services proxy support:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/428 Viktor Gurov

12:30 AM pfSense Packages Feature #12462: Telegraf: Add "devfs" to ignore_fs

https://github.com/pfsense/FreeBSD-ports/pull/1114 Viktor Gurov

12:10 AM Bug #12463 (Duplicate): Unexpected error message after trying to delete a VIP alias

Duplicate of #12442 Viktor Gurov

12:09 AM Todo #12430 (Resolved): Add IPsec phase 2 BINAT subnet size input validation

Viktor Gurov

12:04 AM Bug #12038 (Resolved): System attempts to start inactive services at boot

Viktor Gurov

10/16/2021

10:04 PM Feature #12466 (New): Option to Disable Renegotiation timer in OpenVPN Server

We should add an option to the OpenVPN server webConfigurator so that we can disable renegotiation in OpenVPN. This ... Kris Phillips

10:01 PM pfSense Packages Bug #12381 (Rejected): mOTP with RADIUS drops the VPN connection after 60 minutes

Jim Pingle wrote in #note-1:
> I don't think that's FreeRADIUS, but OpenVPN. IIRC OpenVPN defaults to reconnecting e... Kris Phillips

09:28 PM Bug #12038: System attempts to start inactive services at boot

Tested on 22.01. Looks good and disabled services don't show in the startup as far as I can tell. Kris Phillips

08:36 PM Feature #12169 (New): IPsec keep alive option to initiate phase 2 without using ICMP

I did some further testing on this.
@(substr($status[$ikeid]['p1']['interface'], 0, 4) == "_vip")@ returns a false... Marcos M

07:35 PM pfSense Packages Feature #12465 (New): Add forwardfor advanced usecases

By default haproxy creates new x-forward-for header and do not touch existing one. This could be found in documentati... DRago_Angel [InV@DER]

11:16 AM pfSense Packages Bug #11887 (Resolved): Squid service starts twice by /etc/rc.start_packages

Tested in:
22.01-DEVELOPMENT (amd64)
built on Wed Oct 13 05:25:11 UTC 2021
FreeBSD 12.2-STABLE
Squid: 0.4.45_5 ... Max Leighton

10:36 AM pfSense Packages Todo #12456: Remove zabbix 5.2 packages

I checked in
2.6.0-DEVELOPMENT (amd64)
built on Sat Oct 16 05:24:35 UTC 2021
FreeBSD 12.2-STABLE
And see tha... Max Leighton

10:13 AM Feature #12464: Option to control log level of authentication messages in system logs ("Emergency" vs "Notice" level)

https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/427 Steve Wheeler

09:57 AM Feature #12464 (Resolved): Option to control log level of authentication messages in system logs ("Emergency" vs "Notice" level)

All authentication logs are send with the Level set as Emergency even when authentication is successful:... Steve Wheeler

10:06 AM Feature #11957 (Resolved): XMLRPC synchronization for DHCP relay settings

Tested in
22.01-DEVELOPMENT (amd64)
built on Wed Oct 13 05:25:11 UTC 2021
FreeBSD 12.2-STABLE
The DHCP Relay... Max Leighton

09:44 AM Bug #12356: Validation when deleting a VIP does not check if the VIP is used by IPsec phase 1 entries

I tested on the:... Danilo Zrenjanin

09:44 AM Bug #12463 (Duplicate): Unexpected error message after trying to delete a VIP alias

There is an unexpected error message after trying to delete a VIP Alias type which is used as an interface for IPsec ... Danilo Zrenjanin

07:58 AM Feature #12416 (Resolved): Support OpenVPN ``client-kill`` to terminate remote clients instead of clearing their session

Tested on the:... Danilo Zrenjanin

07:44 AM Feature #12342 (Resolved): Dynamic DNS client proxy support

Tested on the:... Danilo Zrenjanin

07:23 AM Todo #12430: Add IPsec phase 2 BINAT subnet size input validation

Testet on the:... Danilo Zrenjanin

10/15/2021

09:37 PM pfSense Packages Bug #11592: Node exporter can not read system statistics

The issue is that in "node_collector v1.0.0":https://github.com/prometheus/node_exporter/blob/master/CHANGELOG.md#100... Daniel Kimsey

09:19 PM pfSense Packages Feature #11163: Preferred Chain option

I submitted a PR to implement this option as I found one my clients needed it for a particular cert I was issuing.
P... Daniel Kimsey

08:56 PM pfSense Packages Bug #12399: WireGuard v0.1.5 - Tunnel Will Never Handshake Again After WAN Reset

Ryan Roosa wrote in #note-12:
> Samuel Hanna wrote in #note-11:
> > The problem still persist on wireguard 0.1.5_1.... Samuel Hanna

08:55 PM pfSense Packages Bug #12399: WireGuard v0.1.5 - Tunnel Will Never Handshake Again After WAN Reset

Thank you for the detailed report here. This is immensely helpful. I will continue to poke at this next week and repo... Christian McDonald

05:18 PM pfSense Packages Bug #12399: WireGuard v0.1.5 - Tunnel Will Never Handshake Again After WAN Reset

Samuel Hanna wrote in #note-11:
> The problem still persist on wireguard 0.1.5_1.
> even after changing the keys and ... Ryan Roosa

08:52 PM Feature #9617: PPPoE Static IP Configuration in GUI

any update on this feature??
it would be great to have this option in pppoe interface gui, it's very useful if i h... Samuel Hanna

06:44 PM pfSense Packages Feature #12462 (Pull Request Review): Telegraf: Add "devfs" to ignore_fs

The Netgate XG-1537 has the following disk paths at 100% utilization:
* /dev
* /var/dhcpd/dev
* /var/unbound/dev
... Offstage Roller

03:47 PM pfSense Docs Todo #12461 (Resolved): Improve macOS Serial Command Instructions

Many of the devices no longer just show "/dev/cu.usbserial" for their path in macOS. For example the SG-5100 with th... Kris Phillips

01:27 PM Feature #7749: Support ``0`` CIDR mask for IGMP Proxy networks

The address for gitlab is in the private range. I can't tell if you want me to see the update or not, but I have no a... Juan Abonia

09:57 AM Bug #12460 (Resolved): Unbound falls back to using all outgoing network interfaces if manually selected outgoing interface(s) are unavailable

How to reproduce:
1) Configure OpenVPN client and assign OpenVPN interface
2) Select OpenVPN interface in `Outgoi... Viktor Gurov

09:35 AM Todo #12459 (New): Add IP Alias subnet input validation

From https://docs.netgate.com/pfsense/en/latest/firewall/virtual-ip-address-comparison.html#ip-alias:
- Can be in a ... Viktor Gurov

08:18 AM Feature #12458 (New): Use "unixHomeDirectory" instead of "homeDirectory" when LDAP authentication server is Active Directory

In many Active Directory environments, @homeDirectory@ is a UNC path to an SMB/CIFS shared folder, e.g.,... Charles Hamilton

03:28 AM Feature #12433: Icon for traffic direction on floating rules tab

https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/426 Viktor Gurov

03:00 AM Feature #4769: IPv6 support in the Traffic Shaper Wizard

https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/425 Viktor Gurov

10/14/2021

07:30 PM Bug #12408 (Resolved): Input validation prevents creating 1:1 NAT rules on OpenVPN

able to create 1:1 NAT on openvpn int.
2.6.0.a.20211013.0500
Alhusein Zawi

03:41 PM Revision 35c4d4fd: Ticket #12456: Retire Zabbix 5.2 packages

Renato Botelho

02:19 PM Bug #12410 (Resolved): 1:1 NAT edit page lists incorrect entries in the Destination field

fixed
2.6.0.a.20211013.0500
Alhusein Zawi

12:53 PM pfSense Docs Todo #12457 (New): Add UPS Configuration Recipes for apcupsd and nut UPS Packages with Common Brand Units

A customer requested that we add some basic "how to" recipes to the pfSense docs for basic operations in the apcupsd ... Kris Phillips

10:16 AM pfSense Packages Todo #12456 (Feedback): Remove zabbix 5.2 packages

Done Renato Botelho

10:15 AM pfSense Packages Todo #12456 (Resolved): Remove zabbix 5.2 packages

zabbix 5.2 were removed from FreeBSD ports because they are unsupported by upstream. Remove pfSense packages as well Renato Botelho

09:55 AM pfSense Packages Bug #10431 (Resolved): pfBlockerNG Cron Job wrong - Clear IP / DNSBL Statistics

no such issue with pfBlockerNG-devel 3.1.0 (fixed):... Viktor Gurov

09:48 AM pfSense Packages Feature #9798: add ipv4 and ipv6 dnscrypt-resolvers feeds

actual link:
https://download.dnscrypt.net/dnscrypt-resolvers/json/public-resolvers.json Viktor Gurov

09:42 AM pfSense Packages Bug #11817 (Closed): Enabling Firewall / pfBlockerNG / DNSBL / IPv6 DNSBL blocks radvd from starting

Viktor Gurov

08:38 AM Feature #8908 (Closed): setting default gateway using lower Tier in case gateway group is set as default

no such issue on 2.6.0.a.20211013.0500 -
If I set GW group in Default gateway IPv4 then, after pressing 'apply', low... Viktor Gurov

04:05 AM Bug #12455: Captive Portal online user statistics data is not cleared on unclean shutdown

fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/424 Viktor Gurov

03:57 AM Bug #12455 (Resolved): Captive Portal online user statistics data is not cleared on unclean shutdown

`/var/db/captiveportal_online_users` (used for RRD) can contain incorrect data on unclean shutdown
and should be cle... Viktor Gurov

03:10 AM Bug #12355: Captive Portal database and ``ipfw`` rules are out of sync after unclean shutdown

fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/423 Viktor Gurov

12:25 AM Feature #7749: Support ``0`` CIDR mask for IGMP Proxy networks

fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/422 Viktor Gurov

12:14 AM Todo #12454: Suppress kernel messages when loading ``dummynet`` and thermal sensor modules

fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/421 Viktor Gurov

12:09 AM Todo #12454 (Resolved): Suppress kernel messages when loading ``dummynet`` and thermal sensor modules

There is a console spam on boot after loading dummynet.ko:
https://github.com/pfsense/pfsense/blob/fd331bdcdee813f67... Viktor Gurov

10/13/2021

06:41 PM pfSense Docs Todo #12453 (Closed): Support for translation

Hi
Can you give translation support for pfSense docs? I take a look in Readthedocs project and a way to bring supp... Claudio Ferreira

05:10 PM Revision e0019dfd: Added registration page and repo cert handling logic for CE -> Plus upgrade

Steve Beaver

02:47 PM pfSense Packages Bug #12251: Wireguard 0.1.5 - ignores "KeepAlive" parameter if empty (instead of disabling)

→ luckman212 wrote in #note-3:
> Hmm, seems like 86400 is not a valid value after all. It got silently accepted but ... Adam Cooper

01:51 PM Bug #12075 (Resolved): Changes to an existing IPsec configuration are not applied on HA secondary after XMLRPC sync

Tested on 22.01.a.20211010.0500 with configuration that I originally experienced the issue in. It works correctly now. Marcos M

01:45 PM Feature #12169 (Resolved): IPsec keep alive option to initiate phase 2 without using ICMP

Tested on 22.01.a.20211010.0500. Still works well. Marcos M

01:34 PM pfSense Packages Bug #12258: Copy key buttons only work in HTTPS mode

Created PR 150 to resolve this.
Tested on local dev instance with HTTP only access and it fallsback, does a consol... Adam Cooper

10:56 AM Bug #12452 (Resolved): Port forward rules are not created for special networks (pppoe, openvpn)

https://forum.netgate.com/topic/167150/dns-redirect-on-pppoe-clients-failing:
"I have a pfSense server running suces... Viktor Gurov

10:53 AM Bug #12361 (Resolved): NAT rule overlap detection does not check special networks

Tested on 22.01.a.20211010.0500. Looks good. Marcos M

10:06 AM Bug #12451 (New): deleteVIP() does not check RFC2136 Update Source

It is possible to delete the Virtual IP that is used by RFC 2136 Dynamic DNS client in the 'Update Source' field
Viktor Gurov

09:17 AM pfSense Docs Todo #12428 (Closed): Feedback on Services — DNS Resolver — Host Overrides

+ Viktor Gurov

09:08 AM pfSense Docs Correction #12450 (Closed): Typo in the Phase 2 proposal (Child SA) section.

Here is the link:
https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/configure.html#phase-2-proposal-child-sa
... Danilo Zrenjanin

09:06 AM pfSense Packages Bug #12443: DNSBL Category ```Enable All``` button not working

fix:
https://github.com/pfsense/FreeBSD-ports/pull/1113 Viktor Gurov

05:46 AM Revision fd331bdc: Dynamic DNS proxy option. Fixes #12342

Viktor Gurov

05:13 AM Revision b9fbc36a: Slack Notifications. Feature #12291

Viktor Gurov

05:10 AM Revision a3e79766: NAT 1:1 pseudo-interface input validation fix. Issue #12408

Viktor Gurov

04:47 AM Todo #12449: Update "DNS Server Override" and "DNS Query Forwarding" help text

https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/420 Viktor Gurov

04:36 AM Todo #12449 (Resolved): Update "DNS Server Override" and "DNS Query Forwarding" help text

after implementing the 'Pull DNS' option for OpenVPN client
(Allow the firewall to use DNS servers provided to an Op... Viktor Gurov

03:36 AM Bug #12448: Set OpenVPN Gateway Creation value to "Both" by default for new instances

fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/419 Viktor Gurov

03:32 AM Bug #12448 (Resolved): Set OpenVPN Gateway Creation value to "Both" by default for new instances

The ```Create Gateway``` radio button is unchecked by default, but the text below it says it should:
"If you assign ... Viktor Gurov

03:11 AM pfSense Packages Feature #12447 (Rejected): Acme add dnsapi dns_cpanel.sh

Hello,
Please add the following feature to the acme package:
https://github.com/acmesh-official/acme.sh/blob/mast... Akos Tomaschik

01:35 AM Bug #12350: Incorrect label for IPsec DH group 32

https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/418 Viktor Gurov

01:23 AM Regression #11512: DHCP Leases page and ARP table page fail to load if DNS is not available

Ronald Schellberg wrote in #note-8:
> Noticed when executing a ndp diagnostic query, that _getHostName() is now decl... Viktor Gurov

12:55 AM Feature #12342 (Feedback): Dynamic DNS client proxy support

Applied in changeset commit:fd331bdcdee813f67ee111c43029d360febb79b1. Viktor Gurov

12:40 AM pfSense Docs Todo #12418 (Closed): AutoConfigBackup Menu Structure Documentation

Viktor Gurov

12:40 AM Bug #12446 (Duplicate): IPsec dashboard widget description

duplicate of #11910 Viktor Gurov

12:37 AM Feature #12291 (Feedback): Support for Slack notifications

Merged Viktor Gurov

12:36 AM Bug #12408 (Feedback): Input validation prevents creating 1:1 NAT rules on OpenVPN

Merged Viktor Gurov

12:10 AM Todo #12406 (Feedback): Remove unused functions

Merged Viktor Gurov

12:09 AM Bug #12410 (Feedback): 1:1 NAT edit page lists incorrect entries in the Destination field

Merged Viktor Gurov

12:08 AM Todo #12430 (Feedback): Add IPsec phase 2 BINAT subnet size input validation

Merged Viktor Gurov

12:06 AM Feature #12416 (Feedback): Support OpenVPN ``client-kill`` to terminate remote clients instead of clearing their session

Merged Viktor Gurov

10/12/2021

08:07 PM Bug #11481 (Closed): NAT Reflection does not work when "NAT Reflection mode for port forwards" is set to "pure nat"

Closing as it's not an issue on 22.01. Marcos M

01:55 PM Bug #11481: NAT Reflection does not work when "NAT Reflection mode for port forwards" is set to "pure nat"

This looks to be fixed in 2.6/22.01 without this PR.
Outbound NAT rules are added as expected when NAT reflection i... Steve Wheeler