Activity

30 days up to

User

Subprojects

Activity

From 10/18/2021 to 11/16/2021

11/16/2021

05:01 PM Revision a5fd794b: Add librdkafka package to the pfSense repo. Feature #12290: Viktor Gurov
02:48 PM pfSense Packages Feature #12526 (New): WireGuard Widget: Hellow,
I want to request a feature to the WireGuard widget, probably not so important for many others.
Do you th... B. B.
02:45 PM pfSense Packages Feature #12525 (New): WireGuard Tunnel restore configuration: Hi,
I see the function for downloading the configuration "files" in the WireGuard - Tunnels (nice to backup the co... B. B.
01:07 PM Feature #12522: More GUI options for OpenVPN Client-Specific Overrides: Jim Pingle wrote in #note-5:
> Yes, that's exactly expected. When you check it, nothing from the server is pushed, on... Phil Wardt
09:43 AM Feature #12522: More GUI options for OpenVPN Client-Specific Overrides: Phil Wardt wrote in #note-3:
> Jim Pingle wrote in #note-2:
> The bug part is this:
> When that option is checked,... Jim Pingle
05:27 AM Feature #12522: More GUI options for OpenVPN Client-Specific Overrides: A last note if the features are revised added/once:
The title of the tab is "Client-Specific Override". I never expe... Phil Wardt
11:29 AM Bug #12141: Lack of DNS or Internet connectivity causes GUI to be slow: Perhaps we should hardcode / fall back to different DNS providers; e.g. use @1.1.1.1@ and @8.8.8.8@ (and IPv6 counter... Marcos M
11:00 AM Bug #12141 (Feedback): Lack of DNS or Internet connectivity causes GUI to be slow: Applied in changeset commit:bbb3bbebbf8059e72d60dbb1721d997568ae2090. Viktor Gurov
10:45 AM Bug #12141 (Pull Request Review): Lack of DNS or Internet connectivity causes GUI to be slow: Jim Pingle
02:32 AM Bug #12141: Lack of DNS or Internet connectivity causes GUI to be slow: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/463 Viktor Gurov
11:04 AM Todo #12093 (Feedback): Make AutoConfigBackup menu entry point to the settings tab so it loads faster when there is no WAN connectivity: Merged Viktor Gurov
10:45 AM Todo #12093 (Pull Request Review): Make AutoConfigBackup menu entry point to the settings tab so it loads faster when there is no WAN connectivity: Jim Pingle
02:45 AM Todo #12093: Make AutoConfigBackup menu entry point to the settings tab so it loads faster when there is no WAN connectivity: Marcos Mendoza wrote:
> # Navigating to @Services / Auto Configuration Backup@ should not be affected by internet co... Viktor Gurov
10:54 AM Feature #12290 (Pull Request Review): Add ``librdkafka`` package to the pfSense package repository: Jim Pingle
04:20 AM Feature #12290: Add ``librdkafka`` package to the pfSense package repository: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/464 Viktor Gurov
10:36 AM Todo #12511 (Pull Request Review): Add note in log settings that disabling logging also disables ``sshguard`` login protection: Updated subject to match the info in the comments. Jim Pingle
12:06 AM Todo #12511: Add note in log settings that disabling logging also disables ``sshguard`` login protection: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/462 Viktor Gurov
10:22 AM Bug #10662 (Pull Request Review): Restoring from AutoConfigBackup presents reboot type selection option then reboots automatically: Jim Pingle
09:46 AM Revision bbb3bbeb: DNS check improvements for fw check and ACB. Fixes #12141: Viktor Gurov

11/15/2021

11:58 PM Bug #12249: Long configuration revision reasons can cause AutoConfigBackup upload to fail: config.xml file size should be checked before upload, and produce an info box with "ACB config.xml size limit exceed"... Viktor Gurov
11:56 PM Bug #10662: Restoring from AutoConfigBackup presents reboot type selection option then reboots automatically: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/461 Viktor Gurov
05:43 PM Revision 71f503d2: Uninitialized config variables in interface_assign.php: Christian McDonald
03:44 PM Feature #12522: More GUI options for OpenVPN Client-Specific Overrides: Jim Pingle wrote in #note-2:
> It's doing exactly what it says. Normally the client configuration would include the t... Phil Wardt
08:26 AM Feature #12522: More GUI options for OpenVPN Client-Specific Overrides: It's doing exactly what it says. Normally the client configuration would include the topology rather than having it p... Jim Pingle
02:51 PM Revision 7aaa20d9: Use OpenVPN async client-connect, clear stale rules, add option to limit connections per user. Implements #12407 and #12332 and #12267: Marcos M
02:47 PM Revision 6a41d476: Port Forward checks for special interfaces and reflection type. Fixes #12452: Viktor Gurov
02:13 PM Revision 0cfd0083: NTP Peer mode. Implements #11496: Viktor Gurov
12:27 PM Feature #4688: Missing TFC Traffic Flow Confidentiality support: Note:
According to https://wiki.strongswan.org/projects/strongswan/wiki/Swanctlconf this needs to be set on the chil... Marcos M
11:21 AM Todo #12511: Add note in log settings that disabling logging also disables ``sshguard`` login protection: There is no issue - sshguard will start after any AUTH event (ssh/webgui login) because such events transmits data vi... Viktor Gurov
09:40 AM Todo #12511: Add note in log settings that disabling logging also disables ``sshguard`` login protection: Rerooting the system does work too Viktor Gurov
01:15 AM Todo #12511: Add note in log settings that disabling logging also disables ``sshguard`` login protection: Same issue if you just press 'Save' on the status_logs_settings.php page or restart the syslogd service
something wro... Viktor Gurov
09:53 AM Bug #12141: Lack of DNS or Internet connectivity causes GUI to be slow: we can use @check_dnsavailable()@ from #11512 to optimize this behavior
see also #12335 and #9677 Viktor Gurov
09:06 AM Feature #12267 (Feedback): OpenVPN option to limit concurrent connections per user: Merged Viktor Gurov
09:05 AM Bug #12332 (Feedback): OpenVPN does not clear old Cisco-AVPair anchor rules in some cases: Merged Viktor Gurov
09:00 AM Feature #12407 (Feedback): Use deferred client connections in OpenVPN: Applied in changeset commit:7aaa20d95a345c4688e8786c755c7d0433451688. Marcos M
08:55 AM Bug #12452 (Feedback): Port forward rules are not created for special networks (pppoe, openvpn): Applied in changeset commit:6a41d4769dfcdfebc2bf827f67b7ca52613d7223. Viktor Gurov
08:34 AM Bug #12452 (Pull Request Review): Port forward rules are not created for special networks (pppoe, openvpn): Jim Pingle
04:18 AM Bug #12452: Port forward rules are not created for special networks (pppoe, openvpn): pfSense doesn't create rdr rules for special interfaces (openvpn, pppoe, ipsec) if destination = any
add extra che... Viktor Gurov
08:39 AM pfSense Plus Feature #12524: OpenSSL QAT Engine: It's not clear yet if that would be viable or beneficial, but it is under consideration.
Current implementations o... Jim Pingle
05:07 AM pfSense Plus Feature #12524 (New): OpenSSL QAT Engine: Hi all,
is possible to compile openssl to use QAT on PfSense plus, than accelerate OpenVPN ?
Thanks
Luca Luca De Andreis
08:20 AM Feature #11496 (Feedback): Support for NTP Peer mode: Applied in changeset commit:0cfd008330b543a1674787cb031507fb1951a1f9. Viktor Gurov
08:15 AM Bug #12095: Memory leak in pcscd: The problems you're hitting are a mix of somewhat but not really related things.
This issue being the memory leak ... Jim Pingle
07:40 AM Feature #12521: Add the BBR2, QUIC, RACK Congestion Control (CC) protocols: This is not a priority as those algorithms only come into play on pfSense software when the firewall is the *endpoint... Jim Pingle

11/14/2021

02:39 PM Feature #12522: More GUI options for OpenVPN Client-Specific Overrides: Notes:
Maybe one option would be to add an option "Client setting override server defined client options"
This opti... Phil Wardt
02:03 PM Feature #12522 (Resolved): More GUI options for OpenVPN Client-Specific Overrides: I setup an OpenVPN server, let's say 10.10.10.0/24, which works properly
I setup some custom exceptions for a specif... Phil Wardt
10:07 AM Bug #12141: Lack of DNS or Internet connectivity causes GUI to be slow: I agree. There are certain places in the GUI that are affected - the ACB page also being an example (see https://redm... Marcos M
07:26 AM Bug #12095: Memory leak in pcscd: I politely disagree with the assigned priority for this bug, particularly given that a CE release is likely months aw... Pedro Ribeiro
03:47 AM Feature #9544: Enable ``ROUTE_MPATH`` multipath routing: The current status of FreeBSD multipath:
https://www.freebsd.org/status/report-2020-10-2020-12.html#Scalable-routing... Viktor Gurov
03:46 AM Feature #4632: Support for Multipath TCP (MPTCP): FreeBSD multipath status:
https://www.freebsd.org/status/report-2020-10-2020-12.html#Scalable-routing-multipath-support Viktor Gurov

11/13/2021

08:44 PM Regression #11316: Unbound crashes with signal 11 when reloading: I've tested this a bit in 1.13.2 on 22.01 and have been unable to reproduce DHCP/DNS crashes with the latest unbound ... Kris Phillips
08:37 PM Todo #12511: Add note in log settings that disabling logging also disables ``sshguard`` login protection: Testing on 22.01:
Before making any changes running "ps aux | grep sshguard":
root 193 0.0 0.3 11540 3... Kris Phillips
08:32 PM Todo #12511: Add note in log settings that disabling logging also disables ``sshguard`` login protection: Testing on 21.05.2:
I disabled and re-enabled Local Logging and have the following:
root 59415 0.0 0.1 11452 ... Kris Phillips
08:28 PM Bug #10352: RADIUS authentication fails with MSCHAPv1 or MSCHAPv2 when passwords contain international characters: Similar issue with LDAP authentication #12519 Kris Phillips
06:44 PM pfSense Packages Bug #12030: Startup Errors for Avahi Package: Are we going to move this forward? This has been in a pull request review for 2 months. Can the changes be merged s... Kris Phillips
06:42 PM Bug #12141: Lack of DNS or Internet connectivity causes GUI to be slow: Marcos Mendoza wrote in #note-8:
> I tried reproducing this on a lab. The gateway is online but pfSense is not able ... Kris Phillips
04:47 PM pfSense Packages Bug #12073: ``netsnmptrapd.conf`` syntax for ``snmpTrapdAddr`` is wrong: ver 0.1.5_9 reports snmpTrapdAddr when running head -n 1 /var/etc/netsnmptrapd.conf Jordan G
01:47 PM pfSense Packages Bug #11889 (Resolved): BIND starts twice by /etc/rc.start_packages: Tested bind 9.16_11 in
2.6.0-DEVELOPMENT (amd64)
built on Sat Nov 13 06:22:43 UTC 2021
FreeBSD 12.3-PRERELEASE
... Max Leighton
01:19 PM pfSense Packages Bug #12487: Netgate Firmware Upgrade 0.41.1 offers to upgrade FW version 01.00.00.11 to itself: 7100 on 22.01 with Netgate_Firmware_Upgrade 0.46 does not offer "Upgrade and Reboot" when current = latest; 0.45 did ... Jordan G
12:34 PM Feature #11496: Support for NTP Peer mode: Awesome! Thank you Viktor.
Running this latest revision and it all looks good to me.
There was a bounty attach... Christian Borchert
08:35 AM Feature #11496: Support for NTP Peer mode: Christian Borchert wrote in #note-11:
> I'm not sure - but I think we need an 'else' added to the code:
>
> !clip... Viktor Gurov
08:22 AM Feature #11496: Support for NTP Peer mode: I'm not sure - but I think we need an 'else' added to the code:
!clipboard-202111130822-wawmh.png!
Christian Borchert
07:47 AM Feature #11496: Support for NTP Peer mode: Thanks Viktor,
I installed the "System_Patches" package, reverted to backup copies I made of system.inc and servic... Christian Borchert
02:04 AM Feature #11496: Support for NTP Peer mode: Christian Borchert wrote in #note-7:
> OK - I was able to find the ntpd.conf file in pfsense's /var/etc directory
>... Viktor Gurov
10:55 AM Bug #12498 (Resolved): Input validation error can unintentionally result in removal of PPP type interface settings: Tested in:
2.6.0-DEVELOPMENT (amd64)
built on Sat Nov 13 06:22:43 UTC 2021
FreeBSD 12.3-PRERELEASE
I can crea... Max Leighton
10:32 AM Bug #12514 (Resolved): Trying to delete an assigned PPPoE interface fails without printing an error message: Tested in
2.6.0-DEVELOPMENT (amd64)
built on Sat Nov 13 06:22:43 UTC 2021
FreeBSD 12.3-PRERELEASE
The error m... Max Leighton

11/12/2021

09:11 PM Feature #12521 (New): Add the BBR2, QUIC, RACK Congestion Control (CC) protocols: Changing character of traffic in last 5-7 years powered extremely by the fact that
- 80%+ of users using mobile dev... Sergei Shablovsky
07:35 PM Revision fc19062e: Input error message box on the interfaces_ppps.php page. Fixes #12514: Viktor Gurov
03:41 PM Revision 56b1a253: Fix reservation on CE installs with a pool called 'zroot'.: Brad Davis
02:13 PM pfSense Packages Feature #12520 (New): [Squid] - Allow or Deny Mappings from IP/Host/GeoIP sources: Hello,
Do you think it's possible to add the functionality to filter (via IP, Hostname or Alias ?) the access of c... Jean-Michel Pattulacci
01:50 PM Bug #11984: Automatic Outbound NAT mode can create incorrect rules in some cases: may be related to #11764 Viktor Gurov
01:45 PM Bug #12514 (Feedback): Trying to delete an assigned PPPoE interface fails without printing an error message: Applied in changeset commit:fc19062e73c99d55b39bdeb55acde07e8e0427ef. Viktor Gurov
12:15 PM Bug #12514 (Pull Request Review): Trying to delete an assigned PPPoE interface fails without printing an error message: Jim Pingle
01:20 PM Feature #11496: Support for NTP Peer mode: OK - I was able to find the ntpd.conf file in pfsense's /var/etc directory
Looks like it is specifying server/pool... Christian Borchert
12:43 PM Feature #11496: Support for NTP Peer mode: Thanks Viktor,
I believe I applied the changes to the files correctly - where does pfsense save the ntp.conf file ... Christian Borchert
12:19 PM Feature #11496 (Pull Request Review): Support for NTP Peer mode: Jim Pingle
07:11 AM Feature #11496: Support for NTP Peer mode: Christian Borchert wrote in #note-3:
> Viktor Gurov wrote in #note-2:
> > https://gitlab.netgate.com/pfSense/pfSens... Viktor Gurov
06:59 AM Feature #11496: Support for NTP Peer mode: Viktor Gurov wrote in #note-2:
> https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/458
Hi Viktor,
Th... Christian Borchert
01:55 AM Feature #11496: Support for NTP Peer mode: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/458 Viktor Gurov
11:29 AM Regression #11570 (New): Gateway monitoring services is not always restarted on interface events, which may prevent a WAN from recovering back to an online state: same issue on 22.01.a.20211029.0500 - once failover from WAN to LTE(WAN2) happens it will never fail back until I man... Viktor Gurov
09:42 AM Regression #12517 (Resolved): pfSense-rc console errors on old zfs scheme (zroot): Thanks for the report. The fix will be in tomorrows snapshot. Brad Davis
08:43 AM Regression #12517 (Waiting on Merge): pfSense-rc console errors on old zfs scheme (zroot): Brad Davis
07:39 AM Bug #12519: Fail authentication using special character in password via the LDAP connector: a similar issue with RADIUS authentication - #10352 Viktor Gurov
07:10 AM Bug #12519 (New): Fail authentication using special character in password via the LDAP connector: Hi all,
using openVPN authentication by ldap connector to AD 2016 server, I realized that using a character in the... Luca De Andreis
12:09 AM Feature #12518 (Closed): Restore RRD and extra data from configuration backups when restoring during installation: Currently bsdinstall script simply removes any extra data or RRD data from the config.xml:
https://github.com/pfsens... Viktor Gurov

11/11/2021

11:01 PM Bug #12010 (Closed): System default gateway doesn't automatically switch from an inactive gateway if a specific gateway is selected: actually the correct behavior Viktor Gurov
10:57 PM Bug #12514: Trying to delete an assigned PPPoE interface fails without printing an error message: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/457 Viktor Gurov
04:27 PM Revision 7d34f350: Unbreak build: vim doesn't have console FLAVOR: Renato Botelho
02:38 PM Regression #12517 (Resolved): pfSense-rc console errors on old zfs scheme (zroot): After update to 2.6.0.a.20211111.0600 from ~Oct.24-2021 build, and booting with older zfs layout (zroot instead of pf... B C
09:05 AM Bug #12498 (Feedback): Input validation error can unintentionally result in removal of PPP type interface settings: Applied in changeset commit:6a9435a66ee6257dd411b3c6a7248d7a29f9a35a. Viktor Gurov
08:14 AM Bug #12498 (Pull Request Review): Input validation error can unintentionally result in removal of PPP type interface settings: Jim Pingle
02:33 AM Bug #12498 (New): Input validation error can unintentionally result in removal of PPP type interface settings: PPPoE/L2TP/PPTP configuration on the interfaces.php without creating associated interfaces on the interfaces_ppps.php... Viktor Gurov
08:16 AM pfSense Packages Bug #11525: pfsense 2.5.0 release version for vlan issue to suricata: may be related: https://forum.netgate.com/topic/166844/important-info-inline-ips-mode-with-suricata-and-vlans Viktor Gurov
08:06 AM Revision 6a9435a6: Keep port value for PPPoE/L2TP/PPTP on interfaces.php page. Fixes #12498: Viktor Gurov
03:53 AM pfSense Packages Bug #12507 (Pull Request Review): Add support for bi-directional flows in softflowd: Viktor Gurov
12:36 AM Bug #12515 (Duplicate): Missing input validation check for 6RD Tunnel IPv6 Configuration Type setup: Duplicate of #12435 Viktor Gurov

11/10/2021

05:43 PM Revision 639d6600: Add a bit more output when figuring out which distfile cache to use: Brad Davis
05:43 PM Revision 4fd12650: Try to use the distfiles cache for our branch but fall back if needed: This will allow us to avoid downloading everything new when we start a
new release Brad Davis
05:43 PM Revision 2e6f6523: Save the distfiles to s3 with the git branch as part of the name: This will help us clean out old distfiles we do not need while providing
the ability to keep old distfiles around if ... Brad Davis
05:43 PM Revision 662b59e7: Clean up old distfiles using poudriere distclean: Brad Davis
05:42 PM Revision 9637896b: Tell us the name of the logs tarball so we don't have to go hunting through s3: Brad Davis
05:42 PM Revision 11408c41: Add missing quotes: Renato Botelho
05:42 PM Revision 88ae8b00: Replace - by _ on repository path: Renato Botelho
05:42 PM Revision 64d4269d: Followup e324755bee, combine sed and add g flag: Renato Botelho
05:42 PM Revision a726f9ce: poudriere upstream is not supporting dashes in ports tree names.: This is to prevent issues with sets, so we need to respect the change
https://github.com/freebsd/poudriere/issues/897 Brad Davis
05:42 PM Revision da99d38d: Increase the number of logs we are keeping: Brad Davis
05:41 PM Revision 9c18a3ef: Remove a trailing \r that prevents s3 rm from working: Brad Davis
05:41 PM Revision 174eded8: Set the output format to avoid \r on line endings preventing log files from being deleted: Brad Davis
05:41 PM Revision b6da492d: AWS: Separate release tarballs by branch: Renato Botelho
05:41 PM Revision 4a9f9c8d: AWS: Add FLAVOR to distfiles.tar: Renato Botelho
05:40 PM Revision f189057c: AWS: Add branch name to pkgs tarball: Renato Botelho
05:40 PM Revision 5e4fae22: AWS: Simplify logic using 's3 ls' to check if file exists: Renato Botelho
05:40 PM Revision bc93182c: AWS: Make sure distfiles.tar exist before try to download it: Renato Botelho
05:40 PM Revision 3d35f537: AWS: Add missing s3 parameter to ls: Renato Botelho
05:40 PM Revision a74b6ac8: AWS: Add FLAVORS to pkgs cache: Renato Botelho
05:40 PM Revision 86c3bc4f: Do not force git remote to be called origin: Renato Botelho
05:39 PM Revision 405e82b7: AWS: Create initial stashed ports tree on S3: Renato Botelho
05:39 PM Revision 5796b157: AWS: Simplify logic: Create aws_exec() and replace all direct calls to use it Renato Botelho
05:39 PM Revision 5c13cded: Always save built pkgs progress: Brad Davis
05:39 PM Revision fae5a143: Replace factory by ${FLAVOR}: Renato Botelho
05:38 PM Revision 8d49874f: Build improvements for using AWS:: * Use release artifacts from S3 to populate poudriere jails
* Pull prebuilt pkgs from S3 to only rebuild changed item... Brad Davis
03:57 PM Revision e53c0bf4: pfSense-rc: Fix ZFS reservation: e804230c08 introduced an error when USE_ZFS is not set:
Starting syslog...done.
[: : bad number
Starting CRON... don... Renato Botelho
02:48 PM Bug #12095: Memory leak in pcscd: The same happened to me today. I realized it when I started receiving e-mails with lines like... Phil K
08:19 AM pfSense Plus Bug #12516 (Rejected): Backup/Restore NAT should auto-create associated firewall rules: That wouldn't be possible. The associated rules are linked but separate, you have to restore both NAT and firewall ru... Jim Pingle
08:06 AM pfSense Plus Bug #12516 (Rejected): Backup/Restore NAT should auto-create associated firewall rules: I am in the process of migrating settings from an older HA pair of XG-7100 units to a new HA pair of XG-1537. I just... Marc Mapplebeck
04:15 AM Bug #12515 (Duplicate): Missing input validation check for 6RD Tunnel IPv6 Configuration Type setup: You can add any value in the *6RD Prefix* field under Interfaces/WAN - IPv6 Configuration Type 6RD Tunnel. The input ... Danilo Zrenjanin
03:49 AM Bug #12371 (Resolved): Remove subnet overlap check on LAN interfaces when using 6rd: Tested against:... Danilo Zrenjanin
03:03 AM Bug #12514 (Resolved): Trying to delete an assigned PPPoE interface fails without printing an error message: If you try to delete a PPPoE interface (under Interfaces/PPPs) assigned to a physical interface, it will fail without... Danilo Zrenjanin
02:33 AM Bug #12498 (Resolved): Input validation error can unintentionally result in removal of PPP type interface settings: Tested against:... Danilo Zrenjanin
12:11 AM Revision e804230c: Add a ZFS reservation of 10%: Brad Davis

11/09/2021

07:30 PM Feature #9877: QEMU Guest Agent: Let me know if your wanting anyone to help test, I have several proxmox servers and cant wait to be able to install t... jake xanaro
03:59 PM pfSense Packages Feature #12513: WireGuard Utilization Status (Beyond Active Connection): Actually, perhaps it would be better if the yellow indicator could show if the WG connection was used in the previous... Jum Pers
03:46 PM pfSense Packages Feature #12513 (New): WireGuard Utilization Status (Beyond Active Connection): WG and pfSense are working very well together these days - thank you for the continued code and UI updates.
A feat... Jum Pers
11:18 AM pfSense Packages Bug #12399 (Resolved): WireGuard v0.1.5 - Tunnel Will Never Handshake Again After WAN Reset: Excellent! Thanks for the continued feedback!
:) Christian McDonald
11:02 AM pfSense Packages Bug #12399: WireGuard v0.1.5 - Tunnel Will Never Handshake Again After WAN Reset: Christian McDonald wrote in #note-24:
> Look for Package Version 0.1.5_2, which will also upgrade net/wireguard-kmod... Ryan Roosa
07:27 AM pfSense Plus Bug #12512 (Closed): Netgate Hardware (SG-1100 - SG3100) preloaded firmware issues: Tim,
Unfortunately we can't replicate anything like that update check issue here, and there isn't enough detail to... Jim Pingle
07:10 AM pfSense Packages Bug #12487 (Feedback): Netgate Firmware Upgrade 0.41.1 offers to upgrade FW version 01.00.00.11 to itself: Fixed in the latest package update (0.46 for CE and 0.43 for Plus).
Let me know if something doesn't work. Luiz Souza

11/08/2021

04:17 PM pfSense Plus Bug #12512 (Closed): Netgate Hardware (SG-1100 - SG3100) preloaded firmware issues: I have noticed on all of our Netgate hardware we have to re-install the OS upon receiving, failure to do so prevents ... Tim Brogdon
03:13 PM Revision a69cd017: Add a bit more output when figuring out which distfile cache to use: Brad Davis
01:08 PM Revision c58db203: Do not change ports value for PPPoE/L2TP/PPTP on interfaces.php page. Fixes #12498: Viktor Gurov
12:03 PM Todo #12511 (Resolved): Add note in log settings that disabling logging also disables ``sshguard`` login protection: Tested on @21.05@ and @22.01.a.20211103.2115@.
Before changes:... Marcos M
09:42 AM Bug #12510 (Not a Bug): pfSense selecting unwanted GW as default: There is already a mechanism to control which gateways are selected for automatic use by the firewall as a default ga... Jim Pingle
02:30 AM Bug #12510 (Not a Bug): pfSense selecting unwanted GW as default: There must be something I do wrong but I cannot seem to find the right answer.
I've switched my pfSense to BGP so ... Joey Doe
09:40 AM Regression #12345 (Resolved): Captive Portal users cannot get past portal even after successfully logging in: Jim Pingle
07:15 AM Bug #12498 (Feedback): Input validation error can unintentionally result in removal of PPP type interface settings: Applied in changeset commit:c58db2033bacd99196ee025377ac1d654eddb28e. Viktor Gurov
04:14 AM Feature #11118: Backup and restore SSH host key(s): https://gitlab.netgate.com/pfSense/FreeBSD-src/-/merge_requests/28 Viktor Gurov
04:01 AM Bug #12509: Deffered authentication does not work with auth-gen-token external-auth or pusk "auth-token": Some more info - with deferred plugin we get:
Nov 8 10:02:46 openvpn 53695 arek/192.168.100.3:58560 TLS Error: loc... Arkadiusz Rzadkowolski
02:18 AM Bug #12509 (New): Deffered authentication does not work with auth-gen-token external-auth or pusk "auth-token": I am able to use properly deferred authentication on normal login.
Problem rises when I try to use auth-gen-token ... Arkadiusz Rzadkowolski

11/06/2021

03:41 PM Regression #12345: Captive Portal users cannot get past portal even after successfully logging in: I tested Captive Portal in
22.01-DEVELOPMENT (amd64)
built on Fri Nov 05 05:21:41 UTC 2021
FreeBSD 12.3-PRERELEA... Max Leighton
11:53 AM Bug #11960: Gateway Monitoring Traffic Goes Out Default Gateway: I failed to replicate that in
22.01-DEVELOPMENT (amd64)
built on Fri Nov 05 05:21:41 UTC 2021
FreeBSD 12.3-PRERE... Max Leighton
11:25 AM Bug #12508 (New): DHCP Relay over VPN: Currently, DHCP Relay does not work with OpenVPN TAP nor IPsec VTI.
Since the VTI doesn't have a MAC, the interfac... Marcos M
03:01 AM pfSense Packages Bug #12507: Add support for bi-directional flows in softflowd: PR exists in github here: https://github.com/pfsense/FreeBSD-ports/pull/1119 Vito Piserchia
02:59 AM pfSense Packages Bug #12507 (Pull Request Review): Add support for bi-directional flows in softflowd: In order to support IPFIX bi-directional flows, the "-b" param should be added Vito Piserchia
01:01 AM pfSense Packages Bug #12506 (Resolved): Only selected instance is restarted on suppress list change: How to reproduce:
1) Create a Suppress List 'testsupplist'
2) Configure Suricata for the LAN interface and select... Viktor Gurov
12:15 AM Todo #8451 (Resolved): System Information dashboard widget - Kernel PTI toggle: implemented in #9532 Viktor Gurov

11/05/2021

10:06 PM Feature #11496: Support for NTP Peer mode: Bounty here: https://forum.netgate.com/topic/167670/ntp-add-peer-100 Christian Borchert
03:49 PM pfSense Packages Bug #12399: WireGuard v0.1.5 - Tunnel Will Never Handshake Again After WAN Reset: Look for Package Version 0.1.5_2, which will also upgrade net/wireguard-kmod to 0.0.20210606_2. Both are available on... Christian McDonald
02:35 PM Regression #11545: Primary interface address is not always used when VIPs are present: Kris Phillips wrote in #note-16:
> What version of pfSense are you running right now?
As noted above, 21.05.2.
... Denny Page
02:16 PM Bug #11679 (Closed): Policy-based Routing (outbound) and port forwarding (inbound) "selectively" working through WG tunnel: Christian McDonald
01:29 PM Bug #12505: NAT issues with IPsec passthrough: Understandable that this is a limitation of pf, and I appreciate the info on using a floating rule to prevent the lea... Kev Kitchens
01:04 PM Bug #12505 (Not a Bug): NAT issues with IPsec passthrough: This is expected behavior when using static port on outbound NAT rules, and is not a bug.
We already have numerous... Jim Pingle
12:35 PM Bug #12505 (Not a Bug): NAT issues with IPsec passthrough: I've noticed some issues with the automatic IPsec passthrough rules generated when the outbound NAT is set to automat... Kev Kitchens
04:51 AM Bug #12504 (New): BCM57412 NetXtreme-E 10Gb RDMA Ethernet controller issue: We have pfSense 2.5.2 installed and faced with same issue as described in https://lists.freebsd.org/archives/freebsd-... Sergey Dyatko

11/04/2021

09:36 PM Bug #12259: Intel em NICs Suffering Performance Degradation on FreeBSD12: Based on the bug report as long as TCP Offload is disabled this shouldn't be an issue on FreeBSD 12.X. With TCP Offl... Kris Phillips
09:30 PM Bug #12434: Multiple cURL Vulnerabilities: cURL has been updated to 7.79.1 pfSense Plus 22.01. This only affects CE at this point. Kris Phillips
09:21 PM Regression #11545: Primary interface address is not always used when VIPs are present: Denny Page wrote in #note-15:
> I can share info from my install if you like. Unless I disable DHCP6 on the WAN inte... Kris Phillips
03:06 PM Revision d1e65bb2: Automatic outbound NAT for Reflection IPv6 support. Fixes #12500: Viktor Gurov
03:03 PM Revision dd8f951d: IPsec Keep Alive Gateway Group CARP support. Fixes #12472: Viktor Gurov
01:01 PM pfSense Packages Bug #12490 (Rejected): pfSense(CE) completely freezes up with WireGuard: Closing due to inactivity.
If this continues to be a problem, please reach out via our social media and/or forum c... Christian McDonald
12:58 PM pfSense Packages Bug #12399 (Feedback): WireGuard v0.1.5 - Tunnel Will Never Handshake Again After WAN Reset: We have pulled in the upstream patches and bumped our version numbers. You should find a new package version availabl... Christian McDonald
12:57 PM Bug #12503 (Resolved): Unable to delete limiter referenced in filter rules: Tested on the:... Danilo Zrenjanin
01:45 AM Bug #12503 (Feedback): Unable to delete limiter referenced in filter rules: Applied in changeset commit:d0c6bc9a88fd5f054eabf379863e453c0228e808. Viktor Gurov
10:15 AM Bug #12500 (Feedback): Automatic outbound NAT for reflection does not support IPv6: Applied in changeset commit:d1e65bb28972baab2adab0d665b0fb6ea30447e0. Viktor Gurov
10:15 AM Bug #12472 (Feedback): IPsec Keep Alive does not work correctly with gateway groups in HA: Applied in changeset commit:dd8f951de8ffd0546cb15e97569701859db2a111. Viktor Gurov
06:34 AM Revision d0c6bc9a: Allow to delete limiter referenced in filter rules. Fixes #12503: Viktor Gurov

10/31/2021

11:01 PM Feature #12011: Disable log compression on new installations when ``/var/log`` is a ZFS dataset with compression enabled: clean install of 22.01.a.20211030.0500 on 1100 using ZFS, default selection under Status>Systems Logs>Settings>Log Co... Jordan G
07:11 PM Revision f645fb5f: Wake All Devices confirmation prompt. Implements #12480: Viktor Gurov
11:27 AM Bug #12076 (Assigned): OpenVPN RADIUS-based firewall rules do not use expected value for RADIUS-assigned IP addresses: Tested on 22.01-DEVELOPMENT (built on Sun Oct 31 05:21:32 UTC 2021)
Neither Windows 10, nor Ubuntu 21.10 were able... Azamat Khakimyanov
10:52 AM pfSense Packages Feature #10297 (Assigned): IPv6 user attributes: Tested on 21.05.1 and on 22.01-DEVELOPMENT (built on Sun Oct 31 05:21:32 UTC 2021)
There are 'IPv6 Address' (Framed-... Azamat Khakimyanov
06:15 AM Feature #12495: DynDNS: add deSEC IPv4&v6 simultaneos update: Depending Ticket: https://redmine.pfsense.org/issues/12494
PR: https://github.com/pfsense/pfsense/pull/4543 Lukas Wiest
06:11 AM Feature #12495 (Pull Request Review): DynDNS: add deSEC IPv4&v6 simultaneos update: The current implementation for the DynDNS provider DeSEC only supports either IP or LegacyIP updates, but entries tha... Lukas Wiest
06:14 AM Feature #12494: DynDNS: make simultaneous update of IP and LegacyIP possible: PR: https://github.com/pfsense/pfsense/pull/4542 Lukas Wiest
06:10 AM Feature #12494 (Pull Request Review): DynDNS: make simultaneous update of IP and LegacyIP possible: At the moment PfSense can only update either IP (IPv6) or LegacyIP (IPv4) records.
For services that allow multiple ... Lukas Wiest
06:07 AM pfSense Packages Bug #9922 (Resolved): haproxy_version does not use full path to haproxy, leads to errors when run during cron: Tested on 21.05.1 and on 22.01-DEVELOPMENT (built on Sun Oct 31 05:21:32 UTC 2021)
Both versions have full path '/... Azamat Khakimyanov

10/30/2021

07:12 PM pfSense Packages Bug #12258 (Pull Request Review): Copy key buttons only work in HTTPS mode: Updating status to Pull Request Review until changes are live. Kris Phillips
12:42 PM pfSense Packages Bug #12258: Copy key buttons only work in HTTPS mode: PR has been merged, this should be on the next release so ticket can be closed Adam Cooper
07:08 PM pfSense Packages Bug #11098: Backup Files and Directories plugin crashes firewall if /root specified as backup location: Attempting a backup produces a crash, but doesn't freeze the entire firewall or fill the drive thankfully. It also s... Kris Phillips
06:43 PM Bug #12001: System attempts to stop inactive services at shutdown: Installed and setup the snort package on 22.01. Enabled and then disabled it. Halted the system and I don't see any... Kris Phillips
06:34 PM Bug #12241: System Information widget unnecessarily polls data for hidden items: Tested in 22.01. Could be placebo but I noticed a 3-4x CPU usage drop after removing the System Information widget. Kris Phillips
02:11 PM Todo #12218: Move "Description" option on OpenVPN server and client pages to top of the page, show internal instance ID: Tested in
22.01-DEVELOPMENT (amd64)
built on Sat Oct 30 05:20:58 UTC 2021
FreeBSD 12.3-PRERELEASE
Description... Max Leighton
12:43 PM pfSense Packages Bug #12251: Wireguard 0.1.5 - ignores "KeepAlive" parameter if empty (instead of disabling): PR has been merged, should be in the next release so ticket can be closed Adam Cooper
12:38 PM Bug #12493 (Duplicate): IPsec continues to intercept traffic even after Phase II is removed: pfSense version:
pfSense community edition
Version 2.5.2-Release (amd64)
FreeBSD 12.2-Stable
The issue:
We are... Chaim Robinson
11:41 AM Feature #12438 (Resolved): Option to select PPPoE Server authentication protocol: Tested CHAP with PPPoE server in
2.6.0-DEVELOPMENT (amd64)
built on Sat Oct 30 05:23:33 UTC 2021
FreeBSD 12.3-PR... Max Leighton
11:03 AM Feature #12433 (Resolved): Icon for traffic direction on floating rules tab: Checked in
2.6.0-DEVELOPMENT (amd64)
built on Sat Oct 30 05:23:33 UTC 2021
FreeBSD 12.3-PRERELEASE
There is ... Max Leighton

10/29/2021

10:20 PM Bug #12347 (Resolved): IPsec widget treats phase 1 in "connecting" state as connected: widget shows P1 "disconnected" while it is in connecting state. Alhusein Zawi
03:20 PM pfSense Docs Correction #9370 (In Progress): Update old screenshots: * Updated RFC 1918 egress prevention recipe
* https://gitlab.netgate.com/docs/pfSense-docs/-/commit/597814b04beef... Jim Pingle
03:03 PM Feature #12011: Disable log compression on new installations when ``/var/log`` is a ZFS dataset with compression enabled: If you wipe and reload a 2100 or 1100 on a current 22.01 snapshot and use ZFS it will have lz4 compression on @/var/l... Jim Pingle
10:41 AM pfSense Packages Bug #12399 (Confirmed): WireGuard v0.1.5 - Tunnel Will Never Handshake Again After WAN Reset: Christian McDonald
08:21 AM Feature #4881: Allow NPt to use dynamic IPv6 networks: Flole Systems wrote in #note-25:
> There is a PR pending for this since 11 months apparently, what's the current sta... Csoban Kesmarki
07:37 AM pfSense Docs Todo #11812 (Closed): Feedback on pfSense Configuration Recipes — Configuring IPv6 Through A Tunnel Broker Service: Jim Pingle
07:36 AM pfSense Docs Todo #11743 (Closed): Feedback on Virtual Private Networks — VPN Scaling: Jim Pingle
07:36 AM pfSense Docs New Content #12432 (Closed): Add documentation for DNS Resolver Status page: Jim Pingle
07:36 AM pfSense Docs Todo #12429 (Closed): Feedback on Bridging: Jim Pingle
07:36 AM pfSense Docs Correction #11176 (Closed): Feedback on Services — DNS Resolver: Jim Pingle
07:36 AM pfSense Docs Todo #11417 (Closed): Feedback on Services — DNS Resolver — DNS Resolver Advanced Options: Jim Pingle
07:36 AM pfSense Docs Correction #9373 (Closed): Feedback on Services — DNS — Configuring the DNS Resolver: Jim Pingle
07:35 AM pfSense Docs Correction #9394 (Closed): Feedback on Services — DNS — Configuring the DNS Resolver: Jim Pingle
07:35 AM pfSense Docs Todo #12182 (Closed): Update IPsec to match recent changes: Jim Pingle

10/28/2021

09:21 PM Bug #12350 (Resolved): Incorrect label for IPsec DH group 32: fixed
2.6.0.a.20211028.0500 Alhusein Zawi
09:13 PM pfSense Packages Bug #12487: Netgate Firmware Upgrade 0.41.1 offers to upgrade FW version 01.00.00.11 to itself: FWIW, it looks like the bug is here, where check_update() returns true when current version == new version on non-610... Andrew Warren
11:08 AM pfSense Packages Bug #12487: Netgate Firmware Upgrade 0.41.1 offers to upgrade FW version 01.00.00.11 to itself: And it is not showing the update button when it should (Netgate 7100 on 21.05.2 0.41_1) Chris Linstruth
07:50 AM pfSense Packages Bug #12487: Netgate Firmware Upgrade 0.41.1 offers to upgrade FW version 01.00.00.11 to itself: This also appears to affect RCC-VE devices. An SG-4860 here.
Tested:
pkg v0.43 in 22.01 Steve Wheeler
03:44 PM Bug #12492 (Not a Bug): 'DHCPv6 Static Mappings for this Interface' option isn't reliable working (2.5.2-RELEASE (amd64) ): This site is not for support or diagnostic discussion. As you stated, the configuration appears to be correct, so the... Jim Pingle
03:41 PM Bug #12492 (Not a Bug): 'DHCPv6 Static Mappings for this Interface' option isn't reliable working (2.5.2-RELEASE (amd64) ): 'DHCPv6 Static Mappings for this Interface' option isn't reliable working (2.5.2-RELEASE (amd64))
I am experiencin... Patrice BBBBB
03:30 PM pfSense Packages Feature #12491 (New): squidguard: allow multiple regex: When adding a Target category, please allow multiple lines in the 'Regular Expression' list. The upstream squidguard... Jesse Norell
02:46 PM pfSense Packages Bug #12399: WireGuard v0.1.5 - Tunnel Will Never Handshake Again After WAN Reset: > Ryan,
>
> Thanks for the continued investigation here. I'm tracking the kernel module development closely. Prelim... Ryan Roosa
09:52 AM pfSense Packages Bug #12399: WireGuard v0.1.5 - Tunnel Will Never Handshake Again After WAN Reset: Ryan Roosa wrote in #note-17:
> Just a quick update to let you know I've tested for this issue on the latest communi... Christian McDonald
02:17 PM Bug #10955: XMLRPC sync results in an error when a failover peer IP address is specified in DHCP server settings for an unconfigured interface: Updating subject for release notes. Jim Pingle
02:15 PM Regression #11512: DHCP Leases page and ARP table page fail to load if DNS is not available: Updating subject for release notes. Jim Pingle
02:14 PM Regression #12442: Unexpected error message after trying to delete a CARP VIP: Was broke and fixed in snapshots, never in a release. Jim Pingle
02:13 PM Bug #12362: Validation when deleting a VIP does not prevent deleting a CARP VIP used as a parent for an IP Aliases VIP: Updating subject for release notes. Jim Pingle
02:12 PM Bug #12356: Validation when deleting a VIP does not check if the VIP is used by IPsec phase 1 entries: Updating subject for release notes. Jim Pingle
02:11 PM Feature #4769: IPv6 support in the Traffic Shaper Wizard: Updating subject for release notes. Jim Pingle
02:10 PM Bug #12410: 1:1 NAT edit page lists incorrect entries in the Destination field: Updating subject for release notes. Jim Pingle
02:09 PM Regression #12377: NAT Rule Reorder: Introduced and fixed in snapshots, never in a release. Jim Pingle
02:08 PM Bug #12319: NAT reflection does not work for IPv6 port forwarding rules when configured for NAT+Proxy mode: Updating subject for release notes. Jim Pingle
02:07 PM Feature #12318: Display default "Reflection Timeout" value on ``system_advanced_firewall.php``: Updating subject for release notes. Jim Pingle
02:07 PM Bug #10706: Kernel route table entries are removed if they match disabled static route entries: Updating subject for release notes.
It's not specific to OpenVPN, routes from any other source could be impacted. Jim Pingle
02:05 PM Feature #12438: Option to select PPPoE Server authentication protocol: Updating subject for release notes. Jim Pingle
02:05 PM Regression #12396: PHP Warning: Use of undefined constant ip - /etc/inc/services.inc on line 2465: Since this was only a regression in snapshots, no need to include it in release notes. Jim Pingle
02:00 PM Bug #12481: Temporary files for firewall rules generated from RADIUS ACL entries are not deleted on unclean shutdown: Updating subject for release notes. Jim Pingle
01:59 PM Feature #12321: Pop-up window to view firewall rules generated from RADIUS ACL entries on the OpenVPN status page: Updating subject for release notes. Jim Pingle
01:58 PM Feature #12291: Support for Slack notifications: Updating subject for release notes. Jim Pingle
01:57 PM Bug #12366: Rotation settings for individual log files do not take effect after saving: Updating subject for release notes. Jim Pingle
01:57 PM Bug #12435: "6RD Prefix" field does not have input validation: Updating subject for release notes. Jim Pingle
01:56 PM Bug #12371: Remove subnet overlap check on LAN interfaces when using 6rd: Updating subject for release notes. Jim Pingle
01:55 PM Regression #12288: GRE and GIF tunnel inside addresses are missing at the OS level after applying changes on assigned interfaces: Updating subject for release notes. Jim Pingle
01:54 PM Bug #12439: "Default preferred lifetime" field for IPv6 RA does not have input validation: Updating subject for release notes. Jim Pingle
01:52 PM Bug #12419: Console boot output includes ``Configuring IPsec VTI interfaces`` when no VTI interfaces are configured: Updating subject for release notes. Jim Pingle
01:51 PM Feature #12316: Include firewall rules generated from OpenVPN RADIUS ACL entries in status output: Updating subject for release notes. Jim Pingle
01:50 PM Bug #12347: IPsec widget treats phase 1 in "connecting" state as connected: Updating subject for release notes. Jim Pingle
01:47 PM Bug #11482 (Closed): WireGuard interfaces do not always have proper MTU applied: Jim Pingle
01:34 PM Feature #11899 (Duplicate): Add support for non-Oracle IP Check providers: Jim Pingle
01:23 PM pfSense Packages Bug #12490: pfSense(CE) completely freezes up with WireGuard: Hi Mark,
We haven't run into any deadlocks and/or crashes like this for quite some time. First thing I would check... Christian McDonald
12:44 PM pfSense Packages Bug #12490 (Rejected): pfSense(CE) completely freezes up with WireGuard: Hello everyone,
I encountered a strange issue with the Wireguard plugin installed (and in use).
I had a very diff... Mark Zeller
12:24 PM pfSense Docs New Content #9753 (Feedback): Feedback on Installing and Upgrading — Writing Disk Images: Step 2: I replaced the info in the pfSense docs with just the Etcher info, and linked to the main reference doc for a... Jim Pingle
11:12 AM pfSense Docs New Content #9753: Feedback on Installing and Upgrading — Writing Disk Images: Step 1: I updated the main shared reference doc with info on Etcher and made other updates as well
https://gitlab.... Jim Pingle
10:14 AM pfSense Docs New Content #9753 (In Progress): Feedback on Installing and Upgrading — Writing Disk Images: I've already been working on this Jim Pingle
09:10 AM Feature #12489 (Closed): OpenSSH update to the latest version.: We use the version of OpenSSH that ships with the base installation of FreeBSD. It may not always be the latest, but ... Jim Pingle
09:06 AM Feature #12489 (Closed): OpenSSH update to the latest version.: pfSense 2.5.2 version runs the OpenSSH_7.9-p1 version. That is not the latest one.
Danilo Zrenjanin
08:59 AM Revision 4d016cc4: Do not detach ng_ether from physical interfaces: There's no measurable performance impact[1] of leaving an unused ng_ether
node attached to ethernet interfaces, so do... Kristof Provost
08:32 AM Bug #12488 (Not a Bug): Problem with IPSEC - DPD or Child SA keep-alive: This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
08:22 AM Bug #12488 (Not a Bug): Problem with IPSEC - DPD or Child SA keep-alive: I was trying to Configure a new Site to Site IPsec tunnel.
We already have 3 Sites, with lots of Child SA's, in our ... Marc Schildt

10/27/2021

11:10 PM Revision d6bc49df: Document that upstream gateway controls WAN type vs. LAN type interface: Brett Keller
08:46 PM Revision 66b1de4c: IPsec SPD status updates. Implements #12397: * Fix backend parsing of setkey data
* Check for VTI vs tunnel mode
* Output mode in GUI status, and VTI interface na... Jim Pingle
07:51 PM Revision 5814ad25: Revise IPsec widget icon behavior. Fixes #12347: * Change P1 status test so it can detect the "connecting" state and show
a distinct icon.
* Use gettext() for icon to... Jim Pingle
04:00 PM Bug #12350 (Feedback): Incorrect label for IPsec DH group 32: Applied in changeset commit:c7a78ad6792a4cff9ab53fd1171b9f77c925d390. Viktor Gurov
04:00 PM Bug #12481 (Feedback): Temporary files for firewall rules generated from RADIUS ACL entries are not deleted on unclean shutdown: Applied in changeset commit:a96a7151f15c0ad54bdac522b1ac3876409766b9. Viktor Gurov
03:54 PM Feature #12397 (Feedback): Distinguish between policy-based and route-based entries on IPsec status SPD tab: Fix committed, will be in images soon. Jim Pingle
12:27 PM Feature #12397 (In Progress): Distinguish between policy-based and route-based entries on IPsec status SPD tab: Jim Pingle
03:54 PM Bug #12347 (Feedback): IPsec widget treats phase 1 in "connecting" state as connected: Fix committed, will be in images soon. Jim Pingle
12:27 PM Bug #12347 (In Progress): IPsec widget treats phase 1 in "connecting" state as connected: Jim Pingle
03:46 PM Feature #4881: Allow NPt to use dynamic IPv6 networks: It is blocked waiting on #6880 which is still undergoing testing and development. Jim Pingle
03:30 PM Feature #4881: Allow NPt to use dynamic IPv6 networks: There is a PR pending for this since 11 months apparently, what's the current status? Flole Systems
01:25 PM Bug #12170: Interface assignment mismatch is not detected if VLAN-only parent interface is removed: Jim,
Your choice of course however note:
- I took me longer than necessary to understand the problem by then, bec... Louis B
01:10 PM Bug #12170: Interface assignment mismatch is not detected if VLAN-only parent interface is removed: And as noted above, that may be true for your environment but *not* for most others. Your experience is *unusual* and... Jim Pingle
12:58 PM Bug #12170: Interface assignment mismatch is not detected if VLAN-only parent interface is removed: Jim,
As stated before, IMHO the fact that a particular interface fails, should NOT be a reason to shut the whole s... Louis B
01:05 PM pfSense Docs Correction #12471: AES-XCBC should not be recommended as PRF for IPsec: Kev Kitchens wrote in #note-5:
> Totally understandable, although I believe most CPUs supporting AES-NI would also l... Jim Pingle
12:55 PM pfSense Docs Todo #12478 (Feedback): Feedback on Virtual Private Networks — IPsec — Mobile IPsec — Choosing a Mobile IPsec Style: Added to staged 22.01 docs:
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/64cbd3b581c737171e0f592994b7bbce... Jim Pingle
12:26 AM pfSense Packages Bug #12487 (Closed): Netgate Firmware Upgrade 0.41.1 offers to upgrade FW version 01.00.00.11 to itself: See attached screenshot. When current firmware version == latest firmware version, should there be an "Upgrade and R... Andrew Warren

10/26/2021

05:57 PM Revision 3d1db50b: vim-console is now a FLAVOR: Renato Botelho
10:24 AM Bug #12472: IPsec Keep Alive does not work correctly with gateway groups in HA: There exists checks in other areas that could be adapted for this:
https://gitlab.netgate.com/pfSense/pfSense/blob/m... Marcos M
06:41 AM pfSense Packages Feature #11531 (Assigned): Show netmap compatible cards in IPS Mode note: Tested on 21.05.1
There is a list of Netmap! Supported drivers:
_WARNING: Inline Mode only works with NIC drivers w... Azamat Khakimyanov
06:31 AM pfSense Packages Feature #11533 (Resolved): add ena(4) to the list of INLINE mode (netmap) supported cards: Tested on 21.05.1
There is ena NIC in the list of Netmap! Supported drivers.
Marked this Feature request as resolved. Azamat Khakimyanov

10/25/2021

06:21 PM Bug #6880: Multiple DHCP6 WAN connections leads to multiple dhcp6c clients: Has the fix been merged yet? What's the current status? Can we set the target version appropriately as there is now a... Flole Systems
05:24 PM pfSense Docs Correction #12469: Automatic outbound NAT rules are applied to the WG interface: Brett Keller wrote in #note-8:
> Setting an upstream gateway includes the interface in automatic outbound NAT rule g... Brett Keller
05:04 PM Bug #12486: Editing a network interface: I see now, at some point I must have turned on RAs then turned off IPv6 for the interface I’d turned it on for. Maybe... James Chambers
03:37 PM Bug #12486: Editing a network interface: Sorry but I’ve searched and searched for answers already, the interface tells me to disable router advertisements and... James Chambers
02:33 PM Bug #12486 (Not a Bug): Editing a network interface: This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
01:24 PM Bug #12486: Editing a network interface: *issue James Chambers
01:23 PM Bug #12486: Editing a network interface: I can get around the issues by temporarily adding an IPv6 configuration. James Chambers
01:12 PM Bug #12486 (Not a Bug): Editing a network interface: I have a network interface just for accessing the pfSense GUI. From this network I can edit other interfaces but I am... James Chambers
12:31 PM pfSense Packages Bug #12399: WireGuard v0.1.5 - Tunnel Will Never Handshake Again After WAN Reset: Just a quick update to let you know I've tested for this issue on the latest community release of OPNsense (21.7.3_3)... Ryan Roosa
10:11 AM Feature #12011: Disable log compression on new installations when ``/var/log`` is a ZFS dataset with compression enabled: I'm fairly certain that's because the 2100 and 1100 have compression off on @/var/log@ by default. You can confirm th... Jim Pingle
10:06 AM Feature #10587 (Resolved): UPnP/NAT-PMP STUN configuration options: Jim Pingle
10:02 AM pfSense Packages Bug #11465 (Closed): Input validation does not prevent multiple conflicting WireGuard peers on a single tunnel from attempting to act as default route: Jim Pingle
09:51 AM Bug #12485 (Rejected): DDNS set to a gateway group does not update on WAN failover: I can't replicate this. I use multi-WAN with DDNS on my edge and it updates properly, I had several failures last wee... Jim Pingle
07:26 AM pfSense Packages Feature #11386 (Resolved): Add WireGuard tunneled networks to vpnaddresses list: Tested on 21.05_p1 and on 22.01-DEVELOPMENT (built on Sun Oct 24 05:22:55 UTC 2021)
I see WireGuard tunnel network i... Azamat Khakimyanov

10/24/2021

08:02 AM pfSense Packages Bug #11682 (Resolved): Certificate Manager page do not show STunnel used certificates: Tested on 21.05.1 and 22.01-DEVELOPMENT (built on Sun Oct 24 05:22:55 UTC 2021)
I still see this Bug on 21.05.1 but ... Azamat Khakimyanov
07:43 AM pfSense Packages Bug #11683 (Resolved): Certificate Manager page doesn't show FreeRADIUS used certificates: Tested on 21.05.1 and 22.01-DEVELOPMENT (built on Sun Oct 24 05:22:55 UTC 2021)
I see FreeRADIUS certificate in 'IN ... Azamat Khakimyanov
07:04 AM pfSense Packages Bug #11687 (Resolved): Fix download URLs for SecuriteInfo.com: Tested on 21.05.1 and 22.01-DEVELOPMENT (Squid: 0.4.45_5).
I saw SecuriteInfo.com ID in /usr/local/pkg/squid_antivir... Azamat Khakimyanov

10/23/2021

06:13 PM Feature #10587: UPnP/NAT-PMP STUN configuration options: Options for setting STUN configuration is present in UPnP/NAT-PMP on 22.01.a.20211023.0500 Jordan G
05:47 PM Feature #12011: Disable log compression on new installations when ``/var/log`` is a ZFS dataset with compression enabled: 2100 on ZFS upgraded to 22.01.a.20211023.0500 shows bzip2 as log compression setting. Set to none, saved and then fac... Jordan G
05:23 PM pfSense Plus Bug #11626: Google LDAP connections fail due to lack of SNI for TLS 1.3: It appears that openldap25-client and openldap25-server are both in freshports for FreeBSD.
https://www.freshpor... Kris Phillips
11:55 AM Feature #12441 (Resolved): Send notification for halt, reboot, and reroot events: Tested in
2.6.0-DEVELOPMENT (amd64)
built on Sat Oct 23 05:23:58 UTC 2021
FreeBSD 12.3-PRERELEASE
I get no... Max Leighton
11:44 AM Todo #12449: Update "DNS Server Override" and "DNS Query Forwarding" help text: Checked in
2.6.0-DEVELOPMENT (amd64)
built on Sat Oct 23 05:23:58 UTC 2021
FreeBSD 12.3-PRERELEASE
The help ... Max Leighton
06:48 AM Bug #12483: GUI creates inconsistent config.xml: The `staticroutes` is just 1 example of many, there are few other configuration keys which are victim of this issue.
... Evren Yurtesen
06:36 AM pfSense Packages Bug #11465: Input validation does not prevent multiple conflicting WireGuard peers on a single tunnel from attempting to act as default route: This ticket can now be closed as the PR has been merged Adam Cooper

10/22/2021

08:42 PM pfSense Docs Correction #12471: AES-XCBC should not be recommended as PRF for IPsec: Thanks for taking this up Jim!
> Originally that was recommended as it would result in the highest performance on ... Kev Kitchens
01:11 PM pfSense Docs Correction #12471 (Feedback): AES-XCBC should not be recommended as PRF for IPsec: Fixed in https://gitlab.netgate.com/docs/pfSense-docs/-/commit/5086c307ec3b213edcc7efbfc82eabf416053ce3 but won't be ... Jim Pingle
12:39 PM pfSense Docs Correction #12471: AES-XCBC should not be recommended as PRF for IPsec: It's also worth noting that the native IPsec client in Android 11 and 12 does support AES-XCBC and has it listed befo... Jim Pingle
09:58 AM pfSense Docs Correction #12471: AES-XCBC should not be recommended as PRF for IPsec: Originally that was recommended as it would result in the highest performance on systems with hardware acceleration f... Jim Pingle
08:24 PM Revision c7a78ad6: Elliptic Curve 25519, 448 bit -> Elliptic Curve 448, 448 bit PH2 rename. Fixes #12350: Viktor Gurov
04:15 PM Bug #12485: DDNS set to a gateway group does not update on WAN failover: I should add that WAN failover happens without issue. The default gateway becomes WAN2 as expected. It's just DDNS th... Max Leighton
04:14 PM Bug #12485 (Rejected): DDNS set to a gateway group does not update on WAN failover: For my test, I observed this in 21.01, and it has been observed in 21.05.1 as well.
It's been reported that DDNS i... Max Leighton
03:04 PM pfSense Packages Bug #12482 (Pull Request Review): Outdated doc links: Jim Pingle
08:59 AM pfSense Packages Bug #12482: Outdated doc links: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/140 Viktor Gurov
07:06 AM pfSense Packages Bug #12482 (Resolved): Outdated doc links: The HAProxy-devel package (based on haproxy 2.4.x) uses outdated doc links (haproxy 1.7):... Viktor Gurov
03:02 PM Bug #12350 (Pull Request Review): Incorrect label for IPsec DH group 32: Jim Pingle
01:09 AM Bug #12350: Incorrect label for IPsec DH group 32: Alhusein Zawi wrote in #note-5:
> fixed "Elliptic Curve 448" in P1.
>
> still showing up as "Elliptic Curve 25519... Viktor Gurov
03:01 PM Feature #12184 (Pull Request Review): GUI options to configure IKE retransmission behavior: Jim Pingle
01:05 AM Feature #12184: GUI options to configure IKE retransmission behavior: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/438 Viktor Gurov
02:56 PM Bug #12481 (Pull Request Review): Temporary files for firewall rules generated from RADIUS ACL entries are not deleted on unclean shutdown: Jim Pingle
12:56 PM pfSense Packages Bug #12142 (Resolved): XMLRPC replication target configuration: Tested on the:... Danilo Zrenjanin
12:39 PM Bug #12356 (Resolved): Validation when deleting a VIP does not check if the VIP is used by IPsec phase 1 entries: Tested on the:... Danilo Zrenjanin
09:42 AM pfSense Packages Bug #12484 (Duplicate): Unable to remove intermediate CA: It's the same as the other linked issue. Adding that feature will solve this problem as the user could choose the oth... Jim Pingle
09:38 AM pfSense Packages Bug #12484 (Duplicate): Unable to remove intermediate CA: Some client needs to remove intermediate "ISRG Root X1" CA to allow legacy clients to work,
otherwise they will get ... Viktor Gurov
07:54 AM Bug #12483 (New): GUI creates inconsistent config.xml: With pfSense 2.5. If I update the Hostname from the GUI. The config diff shows the normal hostname change, in additio... Evren Yurtesen
02:50 AM Feature #7749 (Resolved): Support ``0`` CIDR mask for IGMP Proxy networks: Viktor Gurov
02:06 AM Feature #7749: Support ``0`` CIDR mask for IGMP Proxy networks: Tested on the:... Danilo Zrenjanin

10/21/2021

07:10 PM Bug #12350: Incorrect label for IPsec DH group 32: fixed "Elliptic Curve 448" in P1.
still showing up as "Elliptic Curve 25519, 448 bit" in P2.
2.6.0.a.202110... Alhusein Zawi
05:15 PM pfSense Docs Correction #12471: AES-XCBC should not be recommended as PRF for IPsec: For some further justification, the NIST Guide to IPsec VPNs (SP 800-77) does not list AES-XCBC as an approved PRF al... Kev Kitchens
03:11 PM Revision a96a7151: Delete stale OpenVPN RADIUS ACL generated rules. Fixes #12481: Viktor Gurov
02:02 PM Revision 5a1436da: Tell us the name of the logs tarball so we don't have to go hunting through s3: Brad Davis
01:28 PM Revision 46cdd9ab: Allow to select PPPoE Server authentication protocol. Implements #12438: Viktor Gurov
01:27 PM Revision aa1936ee: DNS check optimization for NDP diag page. Fixes #11512: Viktor Gurov
10:13 AM Bug #12481: Temporary files for firewall rules generated from RADIUS ACL entries are not deleted on unclean shutdown: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/436 Viktor Gurov
09:47 AM Bug #12481 (Closed): Temporary files for firewall rules generated from RADIUS ACL entries are not deleted on unclean shutdown: ovpn_ovpnsX_user_NNN.rules files under /tmp folder are not deleted on unclean shutdown Viktor Gurov
09:41 AM Bug #12335: IPsec DNS inefficiency: Jim Pingle wrote:
> Additionally, look at all calls of @ipsec_get_phase1_dst()@ such as when configuring VTI interfa... Viktor Gurov
08:45 AM Feature #12438 (Feedback): Option to select PPPoE Server authentication protocol: Applied in changeset commit:46cdd9ab8e3f5e22a9178f9bca2d8785f7de38a7. Viktor Gurov
08:01 AM Feature #12438 (Pull Request Review): Option to select PPPoE Server authentication protocol: Jim Pingle
06:12 AM Feature #12438: Option to select PPPoE Server authentication protocol: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/434 Viktor Gurov
08:35 AM Regression #11512 (Feedback): DHCP Leases page and ARP table page fail to load if DNS is not available: Applied in changeset commit:aa1936eefc251b5330e7392f3b1fbc23a006a400. Viktor Gurov
08:30 AM Feature #12441 (Feedback): Send notification for halt, reboot, and reroot events: Applied in changeset commit:138f2dd0087989cfd5cbb2caa71af83529139475. Viktor Gurov
07:59 AM Feature #12441 (Pull Request Review): Send notification for halt, reboot, and reroot events: Jim Pingle
03:28 AM Feature #12441 (New): Send notification for halt, reboot, and reroot events: Send notification on WebGUI reboot/reroot/halt:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/433 Viktor Gurov
08:25 AM Revision 138f2dd0: Send notification on WebGUI reboot/reroot/halt. Implements #12441: Viktor Gurov
08:19 AM Feature #12480: Wake on LAN button to wake all devices: Adding a confirmation prompt would be viable, but I don't see it being a significant enough need to add an option som... Jim Pingle
06:59 AM Feature #12480: Wake on LAN button to wake all devices: It could be a good idea to have the possibilities to move/remove the button "Wake All Devices" or be able to put ... Antoine Graux
06:56 AM Feature #12480 (Resolved): Wake on LAN button to wake all devices: It could be a good idea to have the possibilities to move or remove the button "Wake All Devices".If the administrato... Antoine Graux
08:15 AM Bug #12436: Pppoe server config gui does not allow setting of chap authentication, and sets the network start address for allocation to 0: Viktor Gurov wrote in #note-4:
> Jim Pingle wrote in #note-3:
> > An IP address ending in @.0@ is only invalid when... Jim Pingle
06:31 AM Bug #12436 (New): Pppoe server config gui does not allow setting of chap authentication, and sets the network start address for allocation to 0: Jim Pingle wrote in #note-3:
> An IP address ending in @.0@ is only invalid when used as a part of an actual subnet.... Viktor Gurov
03:48 AM Bug #9344: OpenVPN click NCP Algorithms will always go to DH Parameters website(in Chinese-Taiwan): I've already fixed this issue on https://zanata.netgate.com, but it looks like it's not merged to 2.6.0 Viktor Gurov
12:45 AM Bug #12452: Port forward rules are not created for special networks (pppoe, openvpn): Marcos Mendoza wrote in #note-1:
> This should be tested on 22.01 snapshots as something changed to fix the missing ... Viktor Gurov

10/20/2021

05:53 PM pfSense Docs Correction #12469: Automatic outbound NAT rules are applied to the WG interface: Christian McDonald wrote in #note-3:
> For assigned tunnel interfaces, the inverse is true...pfSense has no way of k... Brett Keller
10:25 AM pfSense Docs Correction #12469 (Closed): Automatic outbound NAT rules are applied to the WG interface: Merged and deployed. Jim Pingle
08:28 AM pfSense Docs Correction #12469 (Pull Request Review): Automatic outbound NAT rules are applied to the WG interface: Jim Pingle
04:48 PM Revision e6df5881: Icon for traffic direction on floating rules tab. Implements #12433: Viktor Gurov
04:11 PM Revision 6e889d88: Fix OpenVPN status page halt function when client_id=0. Issue #12416: Viktor Gurov
04:07 PM Revision 349e7c67: Update DNS Server Override and DNS Query Forwarding help text. Todo #12449: Viktor Gurov
04:05 PM Revision 2c702751: IPsec PC/SC daemon status / services page fix. Issue #12468: Viktor Gurov
03:17 PM Bug #12479 (Rejected): Secure Cookie Attribute Not Set for webConfigurator: It's already set to true if the GUI is set to HTTPS.
If it's set to HTTP, it isn't set.
source:src/etc/inc/auth... Jim Pingle
03:10 PM Bug #12479 (Rejected): Secure Cookie Attribute Not Set for webConfigurator: The webConfigurator does not require secure transmission of cookies using the Secure Cookie Attribute in PHP. As suc... Kris Phillips
01:50 PM Revision 0b783d30: Remove stale captiveportal_online_users file on boot. Fixes #12455: Viktor Gurov
01:13 PM Regression #12442 (Resolved): Unexpected error message after trying to delete a CARP VIP: fixed
"Virtual IP # 0 does not exist." is not showing up.
2.6.0.a.20211020.0500
Alhusein Zawi
11:55 AM Feature #12433 (Feedback): Icon for traffic direction on floating rules tab: Applied in changeset commit:e6df58819b5cfd261630d2ff35a9d40246a2af45. Viktor Gurov
11:50 AM Feature #12416 (Feedback): Support OpenVPN ``client-kill`` to terminate remote clients instead of clearing their session: Merged Viktor Gurov
11:49 AM Todo #12449 (Feedback): Update "DNS Server Override" and "DNS Query Forwarding" help text: Merged Viktor Gurov
11:49 AM Bug #12468 (Feedback): Stopping IPsec daemon on the Status / Services page lead to log files flooding if pcscd daemon is enabled: Merged Viktor Gurov
09:10 AM Bug #12455 (Feedback): Captive Portal online user statistics data is not cleared on unclean shutdown: Applied in changeset commit:0b783d30498a717d27419be6a9fd1c129d26ae21. Viktor Gurov
08:54 AM pfSense Docs Todo #12478: Feedback on Virtual Private Networks — IPsec — Mobile IPsec — Choosing a Mobile IPsec Style: There are mentions of Group auth in the IPsec docs which are still pending (waiting on 22.01 now):
http://stage-v2... Jim Pingle
08:37 AM pfSense Docs Todo #12478 (Closed): Feedback on Virtual Private Networks — IPsec — Mobile IPsec — Choosing a Mobile IPsec Style: *Page:* https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/mobile-choices.html#ikev2-with-eap-radius
https... Viktor Gurov
08:35 AM Bug #12472: IPsec Keep Alive does not work correctly with gateway groups in HA: Viktor Gurov wrote in #note-1:
> It's difficult to determine if specific interfaces of a gateway group are being use... Jim Pingle
02:45 AM Bug #12472: IPsec Keep Alive does not work correctly with gateway groups in HA: It's difficult to determine if specific interfaces of a gateway group are being used for CARP VIP too, since the conf... Viktor Gurov
08:30 AM pfSense Packages Bug #12475 (Pull Request Review): OpenVPN Client Export does not show certificate without private key: Jim Pingle
01:42 AM pfSense Packages Bug #12475: OpenVPN Client Export does not show certificate without private key: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/137 Viktor Gurov
08:22 AM pfSense Packages Bug #12293 (Resolved): Resolve host via Reverse DNS looks shows IDN domains as punnycode: suricata 6.0.3_3 - works as expected Viktor Gurov
08:21 AM Todo #12454 (Resolved): Suppress kernel messages when loading ``dummynet`` and thermal sensor modules: 2.6.0.a.20211020.0500 - works as expected Viktor Gurov
08:17 AM Bug #12448 (Resolved): Set OpenVPN Gateway Creation value to "Both" by default for new instances: 2.6.0.a.20211020.0500 - looks good Viktor Gurov
03:23 AM Feature #12407: Use deferred client connections in OpenVPN: Marcos Mendoza wrote in #note-1:
> https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/402
#12321 and #12316... Viktor Gurov
03:16 AM pfSense Packages Regression #12476: Suricata 6.0.3_3 Pass List ignores all single IPs: fix:
https://github.com/pfsense/FreeBSD-ports/pull/1117 Viktor Gurov
02:57 AM Bug #12477 (Closed): IPsec Keep Alive does not work correctly with stacked IP Aliases in HA: not an issue, work correctly Viktor Gurov
02:47 AM Bug #12477 (Closed): IPsec Keep Alive does not work correctly with stacked IP Aliases in HA: In @ipsec_keepalive.php: (substr($status[$ikeid]['p1']['interface'], 0, 4) == "_vip")@ does not check IP Aliases stac... Viktor Gurov

10/19/2021

02:46 PM Revision d12195f5: Set Gateway creation radio button to Both by default. Fixes #12448: Viktor Gurov
02:25 PM pfSense Docs Correction #12469 (Waiting on Merge): Automatic outbound NAT rules are applied to the WG interface: Thanks for the feedback.
https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/25 Christian McDonald
01:54 PM pfSense Packages Regression #12476: Suricata 6.0.3_3 Pass List ignores all single IPs: I did not try intermediate versions between 6.0.0_14 and 6.0.3_3, just installed the latest, so I can't say when this... Steve Y
09:57 AM pfSense Packages Regression #12476: Suricata 6.0.3_3 Pass List ignores all single IPs: Edit: I have a 2100/21.05.1 with the latest Snort 4.1.4_3 and it doesn't have this issue. Steve Y
09:50 AM pfSense Packages Regression #12476 (Resolved): Suricata 6.0.3_3 Pass List ignores all single IPs: After upgrading pfSense-pkg-suricata from 6.0.0_14 to 6.0.3_3 all Pass List entries for single IPs are ignored and no... Steve Y
01:00 PM Regression #12442 (Feedback): Unexpected error message after trying to delete a CARP VIP: Merged Viktor Gurov
12:59 PM Regression #12288 (Feedback): GRE and GIF tunnel inside addresses are missing at the OS level after applying changes on assigned interfaces: Merged Viktor Gurov
10:00 AM Bug #12448 (Feedback): Set OpenVPN Gateway Creation value to "Both" by default for new instances: Applied in changeset commit:d12195f57d0722749ebc4de177f7ea1648680a7e. Viktor Gurov
09:55 AM Feature #12441 (Feedback): Send notification for halt, reboot, and reroot events: Applied in changeset commit:4738f3080db4abb0e49d410d07a9611aeba65e25. Viktor Gurov
08:32 AM Revision 4738f308: Send reboot/reroot/halt notification. Implements #12441: Viktor Gurov
07:43 AM Bug #12470 (Pull Request Review): Thermal Sensors Dashboard widget filter for negative values refers to invalid variable: Jim Pingle
07:24 AM pfSense Packages Bug #12475 (Resolved): OpenVPN Client Export does not show certificate without private key: When using the page https://<server>/vpn_openvpn_export.php to export an openvpn client config package only certifica... Denis Grilli
05:21 AM pfSense Packages Feature #12447: Acme add dnsapi dns_cpanel.sh: How can I upgrade? Akos Tomaschik

10/18/2021

08:45 PM Feature #12473 (New): Allow user adjustment of IPsec Keep Alive periodic checks: Let the user adjust the keepalive check time introduced in #12169, as the keepalive time could be lowered once #12184... Marcos M
08:41 PM Bug #12472 (Resolved): IPsec Keep Alive does not work correctly with gateway groups in HA: In @ipsec_keepalive.php@: @(substr($status[$ikeid]['p1']['interface'], 0, 4) == "_vip")@ returns a false negative whe... Marcos M
08:33 PM Bug #12452: Port forward rules are not created for special networks (pppoe, openvpn): This should be tested on 22.01 snapshots as something changed to fix the missing nat rules (see #11481) which may aff... Marcos M
06:40 PM pfSense Docs Correction #12471 (Closed): AES-XCBC should not be recommended as PRF for IPsec: The IPsec Configuration (https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/configure.html) and VPN Scaling (https:... Kev Kitchens
04:46 PM pfSense Packages Bug #12399: WireGuard v0.1.5 - Tunnel Will Never Handshake Again After WAN Reset: FWIW, just wanted to share updates I've made to my bandaid script. I found that 'head -c' usage on '/dev/urandom' lik... Ryan Roosa
11:16 AM pfSense Packages Bug #12399: WireGuard v0.1.5 - Tunnel Will Never Handshake Again After WAN Reset: Christian McDonald wrote in #note-13:
> Thank you for the detailed report here. This is immensely helpful. I will co... Ryan Roosa
04:10 PM Bug #12470 (Resolved): Thermal Sensors Dashboard widget filter for negative values refers to invalid variable: The Thermal Sensors widget has code to filter out any sysctl line that contains ' -', but is checking a $negsign vari... Daniel Cameron
03:14 PM Revision dc883862: Reset CP DB on unclean shutdown if preservedb option is not enabled. Fixes #12355: Viktor Gurov
03:13 PM Revision 661c23ea: GRE/GIF interface configure fix. Issue #12288: Viktor Gurov
03:13 PM Revision 26bbdbc5: deleteVIP() input validation fix. Issue #12442: Viktor Gurov
03:13 PM Revision 322ac50f: Elliptic Curve 25519, 448 bit -> Elliptic Curve 448, 448 bit rename. Fixes #12350: Viktor Gurov
03:12 PM Revision aabaad0a: Mute kernel messages on dummynet and thermal hardware modules load. Fixes #12454: Viktor Gurov
03:12 PM Revision 1c4c9e7f: Allow to use /0 netmask on IGMP Proxy edit page. Fixes #7749: Viktor Gurov
03:11 PM Revision ff6d9cb1: Traffic Shaper Wizard IPv6 support. Implements #4769: Viktor Gurov
02:48 PM pfSense Docs Correction #12469: Automatic outbound NAT rules are applied to the WG interface: Thanks. It would probably be useful to put a note about this in the docs for the s2s instructions. Brendon Baumgartner
02:41 PM pfSense Docs Correction #12469: Automatic outbound NAT rules are applied to the WG interface: Outbound NAT rules are not applied on unassigned tunnel interfaces. pfSense has no way of knowing these interfaces ex... Christian McDonald
01:49 PM pfSense Docs Correction #12469 (Resolved): Automatic outbound NAT rules are applied to the WG interface: These is back in the current wireguard package.
https://forum.netgate.com/topic/165344/wireguard-site-to-site-vpn/... Brendon Baumgartner
11:23 AM pfSense Docs Todo #12445 (Rejected): Feedback on pfSense Configuration Recipes: The ePub opens and reads fine in Calibre (Multiple operating systems), FBReader, and others I tried which support ePu... Jim Pingle
10:20 AM Bug #12355 (Feedback): Captive Portal database and ``ipfw`` rules are out of sync after unclean shutdown: Applied in changeset commit:dc883862bc431c929d3063cd83603b504cd173bd. Viktor Gurov
08:22 AM Bug #12355 (Pull Request Review): Captive Portal database and ``ipfw`` rules are out of sync after unclean shutdown: Jim Pingle
10:20 AM Bug #12350 (Feedback): Incorrect label for IPsec DH group 32: Applied in changeset commit:322ac50fafd5b186763b8113d3cab24d6101d8f1. Viktor Gurov
07:46 AM Bug #12350 (Pull Request Review): Incorrect label for IPsec DH group 32: Jim Pingle
10:20 AM Todo #12454 (Feedback): Suppress kernel messages when loading ``dummynet`` and thermal sensor modules: Applied in changeset commit:aabaad0ab7e479a19ae597f2710eb4004d10f2ac. Viktor Gurov
08:17 AM Todo #12454 (Pull Request Review): Suppress kernel messages when loading ``dummynet`` and thermal sensor modules: Jim Pingle
10:20 AM Feature #7749 (Feedback): Support ``0`` CIDR mask for IGMP Proxy networks: Applied in changeset commit:1c4c9e7f2fe686b8ccea6780cabe43635d27856d. Viktor Gurov
08:21 AM Feature #7749 (Pull Request Review): Support ``0`` CIDR mask for IGMP Proxy networks: The Gitlab link is private and intended for internal review, it's not public yet. Once we merge the PR it will be vis... Jim Pingle
10:20 AM Feature #4769 (Feedback): IPv6 support in the Traffic Shaper Wizard: Applied in changeset commit:ff6d9cb1d7d5443a196cbedbf5632d9072415a0a. Viktor Gurov
08:54 AM Feature #4769 (Pull Request Review): IPv6 support in the Traffic Shaper Wizard: Jim Pingle
10:03 AM pfSense Docs Correction #12450 (Closed): Typo in the Phase 2 proposal (Child SA) section.: Fixed in the new IPsec docs coming with 22.01, changing them in the current docs would cause a merge conflict with th... Jim Pingle
09:37 AM Bug #12468 (Pull Request Review): Stopping IPsec daemon on the Status / Services page lead to log files flooding if pcscd daemon is enabled: Jim Pingle
09:35 AM Bug #12460 (Pull Request Review): Unbound falls back to using all outgoing network interfaces if manually selected outgoing interface(s) are unavailable: Jim Pingle
09:31 AM Todo #12431 (Pull Request Review): GUI pages should use ``POST`` for AJAX calls, not ``GET``: Jim Pingle
09:26 AM Feature #12342 (Pull Request Review): Dynamic DNS client proxy support: Jim Pingle
09:21 AM Feature #12169 (Resolved): IPsec keep alive option to initiate phase 2 without using ICMP: Those should be added as a separate bug report and feature request. For most cases this is working fine.
Jim Pingle
09:19 AM Feature #12464 (Pull Request Review): Option to control log level of authentication messages in system logs ("Emergency" vs "Notice" level): The current behavior is intentional since it triggers the login "beep" and console message.
If we change this at a... Jim Pingle
09:10 AM pfSense Packages Feature #11163 (Pull Request Review): Preferred Chain option: Jim Pingle
09:01 AM Feature #12433 (Pull Request Review): Icon for traffic direction on floating rules tab: Jim Pingle
08:37 AM pfSense Docs Todo #12457: Add UPS Configuration Recipes for apcupsd and nut UPS Packages with Common Brand Units: We could maybe add some generic info but we should not attempt to keep a list of settings in the docs for hardware we... Jim Pingle
08:28 AM Bug #12455 (Pull Request Review): Captive Portal online user statistics data is not cleared on unclean shutdown: Jim Pingle
08:17 AM Revision 9263389e: fix filter expression to check correct variable instead of non-existing one: Daniel Cameron
08:15 AM Feature #12267 (Pull Request Review): OpenVPN option to limit concurrent connections per user: Jim Pingle
08:14 AM Bug #12332 (Pull Request Review): OpenVPN does not clear old Cisco-AVPair anchor rules in some cases: Jim Pingle
08:14 AM Feature #12407 (Pull Request Review): Use deferred client connections in OpenVPN: Jim Pingle
07:59 AM pfSense Docs Todo #12453 (Closed): Support for translation: It is something we have considered in the past but have not made a firm decision on. It's not just a technical proble... Jim Pingle
07:55 AM Todo #12449 (Pull Request Review): Update "DNS Server Override" and "DNS Query Forwarding" help text: Jim Pingle
07:51 AM Bug #12448 (Pull Request Review): Set OpenVPN Gateway Creation value to "Both" by default for new instances: Jim Pingle
07:47 AM pfSense Packages Feature #12447 (Rejected): Acme add dnsapi dns_cpanel.sh: New providers all get added when we update ACME from upstream, we don't add them manually or separately like this, so... Jim Pingle
07:45 AM Regression #11512 (Pull Request Review): DHCP Leases page and ARP table page fail to load if DNS is not available: Jim Pingle
07:37 AM Bug #10304 (Closed): ``radvd`` only responds to the first Router Solicitation received after each multicast Router Advertisement: Jim Pingle
07:35 AM Regression #12442 (Pull Request Review): Unexpected error message after trying to delete a CARP VIP: Jim Pingle
07:33 AM Regression #12288 (Pull Request Review): GRE and GIF tunnel inside addresses are missing at the OS level after applying changes on assigned interfaces: Jim Pingle
07:31 AM Feature #12441 (Pull Request Review): Send notification for halt, reboot, and reroot events: Jim Pingle
07:27 AM Feature #12416 (Pull Request Review): Support OpenVPN ``client-kill`` to terminate remote clients instead of clearing their session: The "last fix PR":https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/413 hasn't been merged yet. Jim Pingle
05:48 AM pfSense Packages Todo #12456 (Resolved): Remove zabbix 5.2 packages: Max Leighton wrote in #note-3:
> I checked in
>
> 2.6.0-DEVELOPMENT (amd64)
> built on Sat Oct 16 05:24:35 UTC... Renato Botelho

Also available in: Atom

Project

General

Profile

pfSense

Activity

Activity

11/16/2021

11/15/2021

11/14/2021

11/13/2021

11/12/2021

11/11/2021

11/10/2021

11/09/2021

11/08/2021

11/06/2021

11/05/2021

11/04/2021

11/03/2021

11/02/2021

11/01/2021

10/31/2021

10/30/2021

10/29/2021

10/28/2021

10/27/2021

10/26/2021

10/25/2021

10/24/2021

10/23/2021

10/22/2021

10/21/2021

10/20/2021

10/19/2021

10/18/2021