Activity

30 days up to

User

Subprojects

Activity

From 11/12/2021 to 12/11/2021

12/11/2021

08:14 PM Bug #7235: 4860 has not got significant IPsec performance rising with enabled HW acceleration: I have a 4860 running newest pfsense, and I use IPSec. How could I do performance measurements? Sean McBride
08:10 PM Bug #7235: 4860 has not got significant IPsec performance rising with enabled HW acceleration: The 4860 is end of sale and end of support, so may be time to put this one to bed regardless. We should re-run perfo... Kris Phillips
08:14 PM Bug #7387: New Traffic Graph in dashboard resets inverted view to normal view: Tested in 21.05.2:
Opened two tabs, one on Status --> Monitoring and one in Status --> Dashboard with the Traffic ... Kris Phillips
08:03 PM Bug #3796: States summary fails and is very slow with large state tables: Probably a better solution to this would be to limit the number of states displayed and have a multi-page view or hav... Kris Phillips
07:59 PM Bug #4604: NTP time server entries may or may not work, depending upon interfaces selected when configuring NTP service: I'm not able to recreate this issue on the latest versions of pfSense Plus. I suspect similar on CE. Likely this bu... Kris Phillips
07:51 PM Bug #1738: Restore fails when username in backup is not matching: In what situation would this issue present itself? If you're restoring a config file from a previous install to a fr... Kris Phillips
07:46 PM Bug #4451: Status DHCP Leases shows double entries for static entries without IP address: This is still the case today in pfSense Plus 21.05.2 and likely in pfSense CE 2.5.2. See attached screenshot. Kris Phillips
07:43 PM Bug #1667: L2TP server does not respond properly from a CARP VIP: Since we don't recommend L2TP for new IPSec VPN setups, this can likely be closed as Rejected. No point in keeping i... Kris Phillips
05:17 PM Bug #12543: Deleteing a Outbound NAT rule gave me an empty rule and displayed php error in UI.: I also was not able to reproduce this. This bug report should be marked as Feedback until we can determine the steps... Kris Phillips
07:51 AM Bug #12543: Deleteing a Outbound NAT rule gave me an empty rule and displayed php error in UI.: I couldn't replicate it either.
I created/deleted duplicate entries with no issues in Manual/Hybrid mode.
We w... Danilo Zrenjanin
05:13 PM Feature #12466: Option to Disable Renegotiation timer in OpenVPN Server: Kris Phillips wrote in #note-3:
> Viktor Gurov wrote in #note-2:
> > openvpn(8):
> > [...]
>
> Since the option... Kris Phillips
05:08 PM pfSense Packages Bug #8258 (Resolved): BIND responds with SERVFAIL when adding/changing records if 'allow-update' is configured for a zone: I tested this with BIND 9.16_11. I can add or change records without issues while allow-updates is set to localnets. ... Max Leighton
04:03 PM pfSense Packages Bug #12533 (Resolved): extra rules incorrect input validation: Tested with Suricata 6.0.3_4. I was able to download and use extra ruleset with and without MD5 check selected. Marki... Max Leighton
03:25 PM Feature #12586: New widget for States: ToDo: Documentation would also need new Widget entry.
https://docs.netgate.com/pfsense/en/latest/monitoring/dashboard... Patrick Mueller
03:22 PM Feature #12586: New widget for States: Added PR: https://github.com/pfsense/pfsense/pull/4547 Patrick Mueller
03:19 PM Feature #12586 (Rejected): New widget for States: Allow to display current states on Dashboard via a small widget.
Common settings which are also available in diag_... Patrick Mueller
08:40 AM Bug #12585: ``rc.notify_message`` only sends notifications via SMTP: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/498 Viktor Gurov
08:39 AM Bug #12585 (Resolved): ``rc.notify_message`` only sends notifications via SMTP: /etc/rc.notify_message should use @notify_all_remote()@ to send messages via telegram/pushover/slack too Viktor Gurov
08:23 AM Bug #12584: ``rc.carpmaster`` only sends notifications via SMTP: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/497 Viktor Gurov
08:20 AM Bug #12584 (Resolved): ``rc.carpmaster`` only sends notifications via SMTP: /etc/rc.carpmaster uses @notify_via_smtp()@ to send the 'HA cluster member "(<iface>): (<iface_descr>)" has resumed C... Viktor Gurov
07:38 AM Todo #12556: Comply with current iteration standards when encrypting and decrypting configuration files: Viktor Gurov wrote in #note-3:
> Phil Wardt wrote in #note-2:
> > I added a note in github
> > Obviously, the curr... Phil Wardt
07:30 AM Todo #12556: Comply with current iteration standards when encrypting and decrypting configuration files: Viktor Gurov wrote in #note-3:
> Phil Wardt wrote in #note-2:
> > I added a note in github
> > Obviously, the curr... Phil Wardt
02:21 AM Todo #12556: Comply with current iteration standards when encrypting and decrypting configuration files: Viktor Gurov wrote in #note-3:
> Phil Wardt wrote in #note-2:
> > I added a note in github
> > Obviously, the current... Phil Wardt
07:26 AM Bug #12583 (Rejected): Static route overlap validation check: It's allowed to add a static route to a network's subnet/supernet used in the existing static route.
e.g.,
... Danilo Zrenjanin
07:05 AM Bug #12554 (Resolved): Route overlap input validation does not work properly: Tested against:... Danilo Zrenjanin
06:32 AM Feature #12290 (Resolved): Add ``librdkafka`` package to the pfSense package repository: Tested against:... Danilo Zrenjanin
06:18 AM Regression #12582: RADVD can be started on both HA nodes when configured with an IPv6 link-local address: Upstream issue: https://github.com/radvd-project/radvd/issues/162 znerol znerol
06:03 AM Regression #12582: RADVD can be started on both HA nodes when configured with an IPv6 link-local address: h3. Theory
It is in fact expected behavior that @radvd@ is starting on both hosts. @radvd@ is supposed to send RAs... znerol znerol
05:48 AM Regression #12582: RADVD can be started on both HA nodes when configured with an IPv6 link-local address: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/496 Viktor Gurov
05:33 AM Regression #12582 (Resolved): RADVD can be started on both HA nodes when configured with an IPv6 link-local address: If IPv6 link-local address is used as `rainterface`, the status of the CARP VIP is not checked (@get_carp_interfaces_... Viktor Gurov
05:47 AM Bug #12575 (Resolved): IPsec Mobile Client RADIUS Advanced parameters are not reset to default values when disabled: Tested against:... Danilo Zrenjanin
04:05 AM Bug #12572 (Resolved): Log entries from ``acbupload.php`` are missing the upload URL: I couldn't replicate the issue on the 2.5.2 release.
Here are the logs:... Danilo Zrenjanin
03:45 AM Regression #12581: Non Link-Local IPv6 CARP address does not get advertised to endpoints with RADVD: Just forgot the traceroute...
Command: tracert -d -6 www.google.com
Tracing route to www.google.com [2a00:1450:... Patrick U
03:38 AM Regression #12581: Non Link-Local IPv6 CARP address does not get advertised to endpoints with RADVD: Hi Viktor,
It did work with the previous version 2.5.0 as designed.
Just like with 2.5.0 and earlier version, I... Patrick U
02:17 AM Regression #12581: Non Link-Local IPv6 CARP address does not get advertised to endpoints with RADVD: Patrick U wrote:
> With feature #11103 a fix is made to exclude "AdvRASrcAddress" section in the RADVD.CONF file and... Viktor Gurov
03:08 AM Feature #12035 (Resolved): Input validation to prevent unsupported UTF-8 characters from being used in certificate subject components: Tested against:... Danilo Zrenjanin

12/10/2021

04:55 PM Feature #12091: RFE: Add support for sssd authentication: I was very disappointed to see that sssd disappeared from the pfSense repository. Is there any chance it could be ad... Orion Poplawski
12:57 PM pfSense Docs Correction #12578 (Closed): Invalid video links: I fixed it manually in the releng/v22.01 branch first then picked back to avoid potential merge conflicts. Jim Pingle
11:10 AM Regression #12581 (Resolved): Non Link-Local IPv6 CARP address does not get advertised to endpoints with RADVD: With feature #11103 a fix is made to exclude "AdvRASrcAddress" section in the RADVD.CONF file and use the IPv6 link-l... Patrick U
10:22 AM Feature #12184: GUI options to configure IKE retransmission behavior: Updating subject for release notes. Jim Pingle
10:21 AM Bug #12572: Log entries from ``acbupload.php`` are missing the upload URL: Updating subject for release notes. Jim Pingle
10:12 AM Bug #12572: Log entries from ``acbupload.php`` are missing the upload URL: Updating subject for release notes. Jim Pingle
10:20 AM Feature #12290: Add ``librdkafka`` package to the pfSense package repository: Updating subject for release notes. Jim Pingle
10:19 AM Feature #12518: Restore RRD and extra data from configuration backups when restoring during installation: Updating subject for release notes. Jim Pingle
10:18 AM Bug #12575: IPsec Mobile Client RADIUS Advanced parameters are not reset to default values when disabled: Updating subject for release notes. Jim Pingle
10:13 AM Bug #12566: IPsec initiates on HA backup node when a tunnel interface is set to a gateway group: Updating subject for release notes. Jim Pingle
09:54 AM Todo #12556: Comply with current iteration standards when encrypting and decrypting configuration files: Phil Wardt wrote in #note-2:
> I added a note in github
> Obviously, the current GUI will not be able to decode old... Viktor Gurov
09:07 AM Bug #11960: Gateway Monitoring Traffic Goes Out Default Gateway: Looks like a duplicate of #11570 Viktor Gurov
09:00 AM Bug #11692 (Pull Request Review): ``fixup_default_gateway()`` should not remove a default gateway managed by a dynamic routing daemon: Viktor Gurov
07:17 AM pfSense Docs Todo #12577 (Rejected): Feedback on pfSense Configuration Recipes — Virtualizing with Proxmox® VE: > - "Apply Configuration" after adding vmbr1 and vmbr2. You mention a reboot might be necessary, but in my experience... Jim Pingle
04:27 AM pfSense Plus Bug #12580 (Duplicate): IPsec Status - incorrect match: Duplicate of #11910 Viktor Gurov
04:08 AM pfSense Plus Bug #12580 (Duplicate): IPsec Status - incorrect match: Netgate XG-7100
Serial: 1916200092
Version: 21.05.2-RELEASE (amd64)
If you are using mutliple Routed IPsec tunne... Georgian Matei
01:28 AM Bug #12579 (Resolved): Utilize ``dnctl(8)`` to apply limiter changes without a filter reload: FreeBSD 12.3 introduced a new @dnctl(8)@ utility, which can be used to change limiter parameters without reloading fi... Viktor Gurov
01:21 AM Bug #12003: Pie and ``fq_pie`` are missing options and do not handle floating point number input correctly: Please create a pull request:
https://docs.netgate.com/pfsense/en/latest/development/pull-request.html Viktor Gurov

12/09/2021

11:35 PM pfSense Docs Correction #12578: Invalid video links: fix:
https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/26 Viktor Gurov
11:31 PM pfSense Docs Correction #12578 (Closed): Invalid video links: ... Viktor Gurov
06:47 PM pfSense Docs Todo #12577 (Rejected): Feedback on pfSense Configuration Recipes — Virtualizing with Proxmox® VE: *Page:* https://docs.netgate.com/pfsense/en/latest/recipes/virtualize-proxmox-ve.html
*Feedback:
Three main thi... David Reitz
06:39 PM Feature #12555 (Resolved): Change Gateway/Group name in firewall rule list to clickable link to edit page for the entry: fixed
link is working if GW is from DHCP
22.01.a.20211209.0600
2.6.0.a.20211209.0600
Alhusein Zawi

12/04/2021

07:36 PM pfSense Packages Feature #10859 (Resolved): Add avahi filtering feature to pfSense: Can confirm this is now in Avahi in the 2.5.2 repo. Closing as resolved. Kris Phillips
07:36 AM pfSense Packages Feature #10859: Add avahi filtering feature to pfSense: Avahi v2.2 when enabled with enable reflection selected provides text entry box for reflection filtering services and... Jordan G
07:25 PM Feature #12564: add column to show that an Alias is in use by or not: Yes
thats what i meant
khaled osama
06:13 PM Feature #12564: add column to show that an Alias is in use by or not: Can you clarify this please? Are you referring to an alias under Firewall --> Aliases? If so, these are just lists ... Kris Phillips
08:14 AM Feature #12564 (New): add column to show that an Alias is in use by or not: can you add column to show that an Alias is in used or not
and it is clickable to show where it is used ?
is it a... khaled osama
06:07 PM pfSense Packages Bug #11530 (Feedback): ntopng 4.2 needs to be updated to 4.3, Bug when accessing a host for details: Tested on pfSense CE 2.5.2. Unable to reproduce. I installed, enabled, and went to the ntopng web interface. After... Kris Phillips
04:50 PM pfSense Packages Bug #11530: ntopng 4.2 needs to be updated to 4.3, Bug when accessing a host for details: I'll have to spin up a 2.5.2 install of CE to test this, but pfSense CE 2.6.0 includes ntopng-5.0.d20210923,1, so sho... Kris Phillips
05:51 PM Bug #12543: Deleteing a Outbound NAT rule gave me an empty rule and displayed php error in UI.: what are steps to produce the issue?
I was not able to produce it , deleted duplicated outbound NAT rules withou... Alhusein Zawi
04:36 PM Bug #12544: OpenSSH vulnerabilities: Jim Pingle wrote in #note-2:
> You cannot go by version number alone. FreeBSD typically carries patches for known vu... Kris Phillips
02:37 PM pfSense Docs New Content #12565 (Closed): Document new "Duplicate Connection Limit" option on OpenVPN server instances: Feature from:
https://redmine.pfsense.org/issues/12267
Update:
https://docs.netgate.com/pfsense/en/latest/vpn/pe... Marcos M
02:34 PM Bug #12332: OpenVPN does not clear old Cisco-AVPair anchor rules in some cases: This is much better than what it was previously. There still exists a rare case in which stale anchor rules will pers... Marcos M
01:51 PM Feature #12555 (Resolved): Change Gateway/Group name in firewall rule list to clickable link to edit page for the entry: Tested in
22.01-DEVELOPMENT (amd64)
built on Sat Dec 04 06:21:33 UTC 2021
FreeBSD 12.3-PRERELEASE
The gateway... Max Leighton
01:38 PM Regression #12559 (Resolved): Firewall rule direction indicator is displayed on all interfaces: Tested on
2.6.0-DEVELOPMENT (amd64)
built on Sat Dec 04 06:23:51 UTC 2021
FreeBSD 12.3-PRERELEASE
The arrows ... Max Leighton
10:17 AM Todo #12296: Explicitly state where AutoConfigBackup stores encrypted backup data: Tested against:... Danilo Zrenjanin
08:18 AM pfSense Packages Feature #8574: Enable AgentX-support in lldpd using GUI: with lldpd v0.9.11 and net-snmp v0.1.5_9 installed, lldpd settings offers enable agentx option Jordan G
05:52 AM Feature #11118 (Resolved): Backup and restore SSH host key(s): Tested against today's release.
It works as expected.
Ticket resolved. Danilo Zrenjanin
04:44 AM Bug #12554 (Feedback): Route overlap input validation does not work properly: Merged Viktor Gurov
02:34 AM Bug #8390 (Resolved): Input validation does not prevent removing a gateway used by a DNS server: I tested against today's development release.
I got an error message and couldn't remove a gateway that was define... Danilo Zrenjanin

12/03/2021

03:56 PM Bug #12552: "Pull DNS" option within OpenVPN client does not cause pfSense to use DNS servers assigned by remote OpenVPN server: Viktor Gurov wrote in #note-11:
> These lines:
> https://github.com/pfsense/pfsense/blob/master/src/usr/local/sbin/... John Williams
02:34 PM Revision d297504c: Do not display direction indicator on the non-floating tabs. Fixes #12559: Viktor Gurov
02:33 PM Revision fe31d06f: Certificate fields input validation. Issue #12035: Viktor Gurov
02:21 PM Revision cd974f08: SNMP IPv6 support. Implements #12325: Viktor Gurov
02:21 PM Revision d6bbbf35: Input validation to prevent removing a gateway if it is still in use by DNS servers. Fixes #8390: Viktor Gurov
02:20 PM Revision dc22e511: Backup and Restore SSH Host Key(s). Feature #11118: Viktor Gurov
01:16 PM Revision 288d56a6: Revert "Make the pkg repo mirror_type and signature_type overridable": This reverts commit f887aab939556fd44080358011d8fe7fddfb2403. Renato Botelho
12:42 PM Regression #12559: Firewall rule direction indicator is displayed on all interfaces: Bug in a newly added feature since the last release, so it doesn't need a release notes entry. Jim Pingle
08:40 AM Regression #12559 (Feedback): Firewall rule direction indicator is displayed on all interfaces: Applied in changeset commit:d297504c66c7aa1284295e403e01eab900cbdcc8. Viktor Gurov
07:33 AM Regression #12559 (Pull Request Review): Firewall rule direction indicator is displayed on all interfaces: Jim Pingle
12:42 PM Bug #12498: Input validation error can unintentionally result in removal of PPP type interface settings: Updating subject for release notes. Jim Pingle
12:40 PM Bug #12141: Lack of DNS or Internet connectivity causes GUI to be slow: Updating subject for release notes. Jim Pingle
12:36 PM Feature #12480: Wake on LAN button to wake all devices: Updating subject for release notes. Jim Pingle
12:34 PM Todo #12501: Traffic shaper wizard default bandwidth type should be Mbit/s: Updating subject for release notes. Jim Pingle
12:33 PM Feature #12325: IPv6 support for base system SNMP service: Updating subject for release notes. Jim Pingle
08:30 AM Feature #12325 (Feedback): IPv6 support for base system SNMP service: Applied in changeset commit:cd974f0831977eb352dc7eaf389ec455368ecb33. Viktor Gurov
12:33 PM Feature #12555: Change Gateway/Group name in firewall rule list to clickable link to edit page for the entry: Updating subject for release notes. Jim Pingle
12:32 PM Bug #12500: Automatic outbound NAT for reflection does not support IPv6: Updating subject for release notes. Jim Pingle
12:31 PM Bug #12452: Port forward rules are not created for special networks (pppoe, openvpn): Updating subject for release notes. Jim Pingle
12:30 PM Bug #12514: Trying to delete an assigned PPPoE interface fails without printing an error message: Updating subject for release notes. Jim Pingle
12:29 PM Feature #11496: Support for NTP Peer mode: Updating subject for release notes. Jim Pingle
12:28 PM Regression #12550: PHP ``foreach`` error in IPsec status: This was a bug with new code added after the last release, so no need for it to be in the release notes. Jim Pingle
12:28 PM Bug #12472: IPsec Keep Alive does not work correctly with gateway groups in HA: This was an issue with a newly added feature, so it does not need to be in the release notes. Jim Pingle
12:27 PM Feature #12035: Input validation to prevent unsupported UTF-8 characters from being used in certificate subject components: Updating subject for release notes. Jim Pingle
08:58 AM Feature #12035 (Feedback): Input validation to prevent unsupported UTF-8 characters from being used in certificate subject components: Merged Viktor Gurov
12:26 PM Todo #12296: Explicitly state where AutoConfigBackup stores encrypted backup data: Updating subject for release notes. Jim Pingle
12:25 PM Todo #12093: Make AutoConfigBackup menu entry point to the settings tab so it loads faster when there is no WAN connectivity: Updating subject for release notes. Jim Pingle
12:22 PM Regression #12549: Per-user Mobile IPsec settings are not applied to connecting mobile clients: I was able to connect to an IKEv2 MSCHAPv2 mobile tunnel on 2.6.0 running this patch. My test client was Windows 10. ... Max Leighton
08:26 AM Regression #12549: Per-user Mobile IPsec settings are not applied to connecting mobile clients: I did some experiments on a few different styles/settings but so far haven't been able to get it to work any better t... Jim Pingle
07:51 AM Regression #12549: Per-user Mobile IPsec settings are not applied to connecting mobile clients: The debian client sends the username as the IKE ID, others do not. It's not a great data point given the relative rar... Jim Pingle
05:25 AM Regression #12549: Per-user Mobile IPsec settings are not applied to connecting mobile clients: but it doesn't work with the email id:... Viktor Gurov
03:27 AM Regression #12549: Per-user Mobile IPsec settings are not applied to connecting mobile clients: works fine on pfSense-2.6.0.a.20211130.0600 without patch:... Viktor Gurov
12:21 PM Feature #11118: Backup and restore SSH host key(s): Updating subject for release notes. Jim Pingle
08:58 AM Feature #11118 (Feedback): Backup and restore SSH host key(s): Merged Viktor Gurov
12:20 PM Bug #10662: Restoring from AutoConfigBackup presents reboot type selection option then reboots automatically: Updating subject for release notes. Jim Pingle
11:49 AM Bug #10662 (Resolved): Restoring from AutoConfigBackup presents reboot type selection option then reboots automatically: Re-tested on today's release.... Danilo Zrenjanin
11:19 AM Bug #12563: OpenVPN server doesn't support Framed-IPv6-Address RADIUS attribute: current PHP RADIUS implementation doesn't support IPv6 attributes:
https://www.php.net/manual/en/radius.constants.at... Viktor Gurov
10:40 AM Bug #12563 (New): OpenVPN server doesn't support Framed-IPv6-Address RADIUS attribute: it only supports Framed-IP-Address,
see https://github.com/pfsense/pfsense/blob/master/src/etc/inc/openvpn.auth-us... Viktor Gurov
11:13 AM pfSense Docs Correction #12284 (Closed): Feedback on Packages — OpenVPN Client Export Package: I updated this a few weeks ago: http://stage-v22.01.docs.netgate.com/pfsense/en/latest/packages/openvpn-client-export... Jim Pingle
11:01 AM pfSense Docs Todo #12415 (Rejected): Feedback on pfSense Configuration Recipes: The majority of that is for Windows and not OpenVPN. Doesn't seem like a great fit for our recipes. It's already diff... Jim Pingle
10:58 AM pfSense Docs Todo #12478 (Closed): Feedback on Virtual Private Networks — IPsec — Mobile IPsec — Choosing a Mobile IPsec Style: Jim Pingle
10:57 AM pfSense Docs Correction #12471 (Closed): AES-XCBC should not be recommended as PRF for IPsec: Jim Pingle
10:57 AM pfSense Docs New Content #9753 (Closed): Feedback on Installing and Upgrading — Writing Disk Images: Jim Pingle
10:54 AM pfSense Docs Correction #12562 (Closed): Feedback on Virtual Private Networks — IPsec — Routed IPsec (VTI): Link fixed and deployed:
releng/v22.01: https://gitlab.netgate.com/docs/pfSense-docs/-/commit/c26b03d1996142df92c6... Jim Pingle
09:05 AM pfSense Docs Correction #12562 (Closed): Feedback on Virtual Private Networks — IPsec — Routed IPsec (VTI): *Page:* https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/routed-vti.html
*Feedback:*
Invalid video link:
... Viktor Gurov
10:43 AM pfSense Docs Todo #12496 (Closed): Feedback on Virtual Private Networks — OpenVPN — Controlling Client Parameters via RADIUS: Note added: https://gitlab.netgate.com/docs/pfSense-docs/-/commit/6100fe1de5806251a008b7cb5b1a77631ac03ec7
http://... Jim Pingle
10:41 AM pfSense Docs Todo #12496: Feedback on Virtual Private Networks — OpenVPN — Controlling Client Parameters via RADIUS: see #12563 Viktor Gurov
09:55 AM pfSense Docs Correction #9370: Update old screenshots: I rewrote the OpenVPN recipe for routing Internet traffic across a VPN, which included taking care of a good chunk of... Jim Pingle
09:53 AM pfSense Docs Correction #11221 (Closed): Feedback on pfSense Configuration Recipes — Routing Internet Traffic Through A Site-To-Site OpenVPN Tunnel: I completely rewrote the doc because the vast majority of it was redundant, repeating things already covered by other... Jim Pingle
08:30 AM Bug #8390 (Feedback): Input validation does not prevent removing a gateway used by a DNS server: Applied in changeset commit:d6bbbf3544326efe4f4970406f1a5c476cedddcb. Viktor Gurov
07:47 AM Feature #12561 (Duplicate): Enable/Disable Selected Button for Rules: Duplicate of #2505 Jim Pingle
07:45 AM Feature #12561 (Duplicate): Enable/Disable Selected Button for Rules: Currently rules can be enabled or disabled 1 at time. It would be nice to have a button to enable/disable rules that ... Matthew Drury

12/02/2021

11:23 PM Regression #12559: Firewall rule direction indicator is displayed on all interfaces: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/482 Viktor Gurov
03:33 PM Regression #12559 (Resolved): Firewall rule direction indicator is displayed on all interfaces: Following the changes applied for this feature: https://redmine.pfsense.org/issues/12433
Rules with a direction ap... Steve Wheeler
11:04 PM Bug #12552: "Pull DNS" option within OpenVPN client does not cause pfSense to use DNS servers assigned by remote OpenVPN server: Michael Brennan wrote in #note-10:
> Viktor Gurov wrote in #note-9:
> > Workaround:
> > 1) cp /usr/local/sbin/pfSe... Viktor Gurov
04:28 PM Bug #12552: "Pull DNS" option within OpenVPN client does not cause pfSense to use DNS servers assigned by remote OpenVPN server: Viktor Gurov wrote in #note-9:
> Workaround:
> 1) cp /usr/local/sbin/pfSense-dhclient-script /usr/local/sbin/pfSens... John Williams
10:32 AM Bug #12552: "Pull DNS" option within OpenVPN client does not cause pfSense to use DNS servers assigned by remote OpenVPN server: Michael Brennan wrote in #note-8:
> Viktor Gurov wrote in #note-7:
> > What is the IPv4 Configuration Type for your... Viktor Gurov
08:14 AM Bug #12552: "Pull DNS" option within OpenVPN client does not cause pfSense to use DNS servers assigned by remote OpenVPN server: Viktor Gurov wrote in #note-7:
> What is the IPv4 Configuration Type for your WAN connection? If it's not "Static IP... John Williams
01:04 AM Bug #12552: "Pull DNS" option within OpenVPN client does not cause pfSense to use DNS servers assigned by remote OpenVPN server: Michael Brennan wrote in #note-2:
> Danilo Zrenjanin wrote in #note-1:
>
> > Can you confirm you enabled the *DNS... Viktor Gurov
04:25 PM Revision 2c21b4a4: Gateway / Gateway group edit on the firewall rules page. Implements #12555: Viktor Gurov
04:24 PM Revision b974b9d5: Add a note about the AutoConfig backup behavior. Implements #12296: Viktor Gurov
03:59 PM Revision a7644b40: Add repository key to list of saved files: Steve Beaver
03:26 PM Revision 15a4d4c0: Route overlap input validation fix. Issue #12554: Viktor Gurov
03:17 PM Bug #12558 (Rejected): Issue selecting Register DHCP static mappings in the DNS Resolver: I can't replicate this problem here and there is not enough information here to replicate the problem or determine a ... Jim Pingle
02:44 PM Bug #12558 (Rejected): Issue selecting Register DHCP static mappings in the DNS Resolver: I cant select this item. When I do, it hangs for a couple minutes and then says "The generated config file cannot be ... Cory Mckee
02:20 PM Todo #12556: Comply with current iteration standards when encrypting and decrypting configuration files: I added a note in github
Obviously, the current GUI will not be able to decode old backups Phil Wardt
08:25 AM Todo #12556: Comply with current iteration standards when encrypting and decrypting configuration files: For our own reference:
The man page doesn't state explicitly what the default number of iterations is, but it is s... Jim Pingle
07:35 AM Todo #12556 (Resolved): Comply with current iteration standards when encrypting and decrypting configuration files: I pushed a commit since this should be really and easy enhancement:
https://github.com/pfsense/pfsense/pull/4545
... Phil Wardt
01:29 PM Revision f3554a3c: IPsec status isset+is_array phase2 check. Fixes #12550: Viktor Gurov
10:59 AM pfSense Docs Correction #12557 (Closed): Feedback on DHCP — Using DHCP Search Domains on Windows DHCP Clients: Docs updated and deployed:
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/008a719ea403db11b0df79f9de69f25bc... Jim Pingle
08:11 AM pfSense Docs Correction #12557 (Closed): Feedback on DHCP — Using DHCP Search Domains on Windows DHCP Clients: *Page:* https://docs.netgate.com/pfsense/en/latest/services/dhcp/client-search-domain.html
The documentation here ... Patrick .
10:35 AM Feature #12555 (Feedback): Change Gateway/Group name in firewall rule list to clickable link to edit page for the entry: Applied in changeset commit:2c21b4a44f383cdfe2c82de113671daa210a693a. Viktor Gurov
10:18 AM Feature #12555 (Pull Request Review): Change Gateway/Group name in firewall rule list to clickable link to edit page for the entry: Jim Pingle
08:46 AM Feature #12555: Change Gateway/Group name in firewall rule list to clickable link to edit page for the entry: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/481 Viktor Gurov
07:24 AM Feature #12555 (Resolved): Change Gateway/Group name in firewall rule list to clickable link to edit page for the entry: It would be useful to allow to click the gateway/gwgroup name for editing on the Firewall / Rules page,
in the same ... Viktor Gurov
10:35 AM Todo #12296 (Feedback): Explicitly state where AutoConfigBackup stores encrypted backup data: Applied in changeset commit:b974b9d52f3f8eab69a077bb25ffd79345ffeb4d. Viktor Gurov
08:00 AM Todo #12296 (Pull Request Review): Explicitly state where AutoConfigBackup stores encrypted backup data: Jim Pingle
03:19 AM Todo #12296: Explicitly state where AutoConfigBackup stores encrypted backup data: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/479 Viktor Gurov
10:25 AM pfSense Packages Regression #12476: Suricata 6.0.3_3 Pass List ignores all single IPs: As far as feedback from me, I had posted in the forum thread but apparently not here. Manually making the code chang... Steve Y
02:52 AM pfSense Packages Regression #12476 (Feedback): Suricata 6.0.3_3 Pass List ignores all single IPs: Merged Viktor Gurov
09:38 AM Regression #12550 (Feedback): PHP ``foreach`` error in IPsec status: Applied in changeset commit:f3554a3cf7d96888ead723b5ad7c3c86e327d2a8. Viktor Gurov
08:03 AM Regression #12550 (Pull Request Review): PHP ``foreach`` error in IPsec status: Jim Pingle
07:30 AM Regression #12550: PHP ``foreach`` error in IPsec status: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/480 Viktor Gurov
07:47 AM Feature #12035 (Pull Request Review): Input validation to prevent unsupported UTF-8 characters from being used in certificate subject components: Jim Pingle
01:34 AM Feature #12035: Input validation to prevent unsupported UTF-8 characters from being used in certificate subject components: do input validation to prevent from using UTF8 characters:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_reques... Viktor Gurov
07:38 AM Bug #12554 (Pull Request Review): Route overlap input validation does not work properly: Jim Pingle
12:53 AM Bug #12554: Route overlap input validation does not work properly: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/477 Viktor Gurov
12:27 AM Bug #12554 (Resolved): Route overlap input validation does not work properly: Route overlap input validation doesn't work after https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/342 fix Viktor Gurov
07:35 AM Regression #12549: Per-user Mobile IPsec settings are not applied to connecting mobile clients: Danilo Zrenjanin wrote in #note-4:
> With or without the patch applied, I couldn't establish a connection with the s... Jim Pingle
04:07 AM Regression #12549: Per-user Mobile IPsec settings are not applied to connecting mobile clients: Tested against:... Danilo Zrenjanin
03:21 AM Bug #11759: Traffic graphs on dashboard double upload on pppoe links: no such issue on 22.01.a.20211130.0600
Traffic graphs show the correct speed Viktor Gurov
02:51 AM Regression #12382: Certificate Depth checking creates OpenVPN micro-outages every time a user authenticates after 2.5.2 upgrade: Jens Groh wrote in #note-9:
> > > Is there an ETA on the fix for this ? We have a support contract.
> >
> > #1182... Viktor Gurov
02:04 AM Regression #12382: Certificate Depth checking creates OpenVPN micro-outages every time a user authenticates after 2.5.2 upgrade: > > Is there an ETA on the fix for this ? We have a support contract.
>
> #11829 is in Feedback and per the previo... Jens Groh
02:46 AM Bug #10662: Restoring from AutoConfigBackup presents reboot type selection option then reboots automatically: Tested against:... Danilo Zrenjanin

12/01/2021

11:38 PM Bug #11599: Modifying static routes results in a logged error, changes are not reflected in routing table: Alhusein Zawi wrote in #note-6:
> I added a static route 192.168.254.0/24 ,the route is added to routing table.
>
... Viktor Gurov
10:34 PM Bug #11599: Modifying static routes results in a logged error, changes are not reflected in routing table: I added a static route 192.168.254.0/24 ,the route is added to routing table.
after modifying it to be 192.0.0.0... Alhusein Zawi
06:19 PM Feature #12553 (New): Auto Config Backup: Allow selecting multiple backups for deletion: Currently backups can only be deleted individually. 100 backups are stored so you may want to remove a significant nu... Steve Wheeler
01:58 PM pfSense Packages Feature #9833: ACME: add ability to use custom ACME server: + 1 for this as well. This is critical for proper security in a homelab in 2021+ Invalid certs aren't cool and make... Manny Tew
01:44 PM Revision a5a4cf87: move firewall functions to include file: Trevor Kerr
01:36 PM Bug #12552: "Pull DNS" option within OpenVPN client does not cause pfSense to use DNS servers assigned by remote OpenVPN server: @Danilo however these appear right after that PUSH:... John Williams
01:33 PM Bug #12552: "Pull DNS" option within OpenVPN client does not cause pfSense to use DNS servers assigned by remote OpenVPN server: Danilo Zrenjanin wrote in #note-4:
> Can you confirm you're getting DNS-related Push control messages from the OpenV... John Williams
01:30 PM Bug #12552: "Pull DNS" option within OpenVPN client does not cause pfSense to use DNS servers assigned by remote OpenVPN server: Can you confirm you're getting DNS-related Push control messages from the OpenVPN server (Status -> System Logs -> Op... Danilo Zrenjanin
11:38 AM Bug #12552: "Pull DNS" option within OpenVPN client does not cause pfSense to use DNS servers assigned by remote OpenVPN server: Also, the DNS Resolution Mode is set to "Use local DNS (127.0.0.1), fall back to remote DNS Servers (Default)". John Williams
11:37 AM Bug #12552: "Pull DNS" option within OpenVPN client does not cause pfSense to use DNS servers assigned by remote OpenVPN server: Danilo Zrenjanin wrote in #note-1:
> Can you confirm you enabled the *DNS Server Override* option under *System/Ge... John Williams
11:28 AM Bug #12552: "Pull DNS" option within OpenVPN client does not cause pfSense to use DNS servers assigned by remote OpenVPN server: Michael Brennan wrote:
> I have an OpenVPN client setup to connect to ExpressVPN. ExpressVPN does not provide stati... Danilo Zrenjanin
11:19 AM Bug #12552 (New): "Pull DNS" option within OpenVPN client does not cause pfSense to use DNS servers assigned by remote OpenVPN server: I have an OpenVPN client setup to connect to ExpressVPN. ExpressVPN does not provide static DNS servers for use with... John Williams
01:19 PM Bug #12547: unsheduled system reboot/crash: I found the panicking instruction:
0xffffffff80eebdf2 <+418>: mov (%rcx),%rcx ... Mateusz Guzik
01:14 PM Revision 9b83e6fb: Do not show the pulldown menu when rebooting after restoring AutoConfigBackup. Fixes #10662: Viktor Gurov
11:18 AM Feature #12551 (New): Add ability to set DNS resolver search domain list: As it exists right now, the Domain set in System > General is added as a search domain in /etc/resolv.conf.
It wou... Chris Linstruth
11:08 AM Bug #7547 (Resolved): Static routes using aliases are not automatically updated when alias content changes: Tested against:... Danilo Zrenjanin
10:05 AM Regression #12550 (Resolved): PHP ``foreach`` error in IPsec status: In rare occasions I have hit a PHP error from the IPsec status page, though I haven't managed to replicate it on dema... Jim Pingle
08:52 AM Feature #11895 (Resolved): Require user to manually apply changes after altering static route entries: Tested against:... Danilo Zrenjanin
07:25 AM Bug #10662 (Feedback): Restoring from AutoConfigBackup presents reboot type selection option then reboots automatically: Applied in changeset commit:9b83e6fb838f16ba2d1d1e10d79129d4c0b696c3. Viktor Gurov
06:56 AM Regression #12549: Per-user Mobile IPsec settings are not applied to connecting mobile clients: It would apply against the current 2.6.0 code base, and not older versions. Jim Pingle
06:53 AM Regression #12549: Per-user Mobile IPsec settings are not applied to connecting mobile clients: I couldn't add that patch.... Danilo Zrenjanin
04:43 AM pfSense Packages Bug #12506 (Feedback): Only selected instance is restarted on suppress list change: PR has been merged. Thanks! Renato Botelho
04:43 AM pfSense Packages Bug #12533 (Feedback): extra rules incorrect input validation: PR has been merged. Thanks! Renato Botelho
02:15 AM pfSense Packages Bug #11182: NRPE in HA syncs the bind IP: On top of the listening IP it might be a problem for the NRPE items being synced, too.
I have e.g. on the master a p... Pim Pish

11/30/2021

04:46 PM Revision f88e9309: Parse cert by passing index rather than cert.: Steve Beaver
03:20 PM Revision cd9c8e55: Initial refactoring of system_certmanager: Steve Beaver
03:07 PM Revision 6a23e65d: Remove AUTH_NIS from www/squid since we set WITHOUT_NIS in src.conf: Brad Davis
03:05 PM Revision f887aab9: Make the pkg repo mirror_type and signature_type overridable: This will be used in a future commit to install from a local dir for CI
builds. Brad Davis
11:55 AM Regression #12549: Per-user Mobile IPsec settings are not applied to connecting mobile clients: Diff attached. The commit is on a private branch at https://gitlab.netgate.com/pfSense/pfSense/-/commit/2119d125f008d... Jim Pingle
11:52 AM Regression #12549 (New): Per-user Mobile IPsec settings are not applied to connecting mobile clients: Not sure when this regressed but it looks like the connection matching in strongSwan is different now than it used to... Jim Pingle

11/29/2021

01:05 PM Bug #7547 (Feedback): Static routes using aliases are not automatically updated when alias content changes: Applied in changeset commit:332052b8bd2a5d35662be2dba773b7a9f0d50681. Viktor Gurov
01:05 PM Feature #11895 (Feedback): Require user to manually apply changes after altering static route entries: Applied in changeset commit:332052b8bd2a5d35662be2dba773b7a9f0d50681. Viktor Gurov
01:05 PM Bug #11599 (Feedback): Modifying static routes results in a logged error, changes are not reflected in routing table: Applied in changeset commit:332052b8bd2a5d35662be2dba773b7a9f0d50681. Viktor Gurov
09:05 AM Bug #12547 (Feedback): unsheduled system reboot/crash: This is not a general problem but one specific to your install or environment.
The backtrace in both cases is iden... Jim Pingle
09:00 AM Bug #12373 (Resolved): Update mpd5 to address vulnerabilities in < 5.9_2: Jim Pingle
09:00 AM Bug #12544: OpenSSH vulnerabilities: You cannot go by version number alone. FreeBSD typically carries patches for known vulnerabilities that don't bump th... Jim Pingle
08:47 AM Feature #12397 (Resolved): Distinguish between policy-based and route-based entries on IPsec status SPD tab: The @scope@ value is there it's just not called @scope@, that's what you see differentiating between VTI and tunnel m... Jim Pingle
08:36 AM Bug #12548: Kernel panic in ``nd6_dad_timer()``: Fixed review link in description to be https://reviews.freebsd.org/D32811
Mateusz said he'll look into it. Jim Pingle
08:20 AM Bug #12548 (Resolved): Kernel panic in ``nd6_dad_timer()``: I've hit this on my edge twice now on 22.01 snapshots but I don't have a lead on a cause yet. The panics happened a w... Jim Pingle
08:28 AM pfSense Packages Feature #10462 (Pull Request Review): CPU Temp Screen: Jim Pingle

11/28/2021

02:10 PM Bug #11296: Static route targets may still reachable via default route when the gateway they should route through is down: Thank you for reporting this issue, I have a very similar problem. In my case, I added a static route that goes throu... Jocelyn Viau
10:02 AM Feature #12248: Package Update Availability Notification: Things to consider:
* Handle cases where the installed package is newer than the available package. See @pkg_version_... Marcos M
08:03 AM Bug #12547: unsheduled system reboot/crash: Not every time !!!
after 45 minutes i have a succesfull result
Evgeny Korostelev
07:19 AM Bug #12547 (Feedback): unsheduled system reboot/crash: pfSense Community Edition 2.5.2
Try navigate to menu "Diagnostics" -> "Routes"
Then system crash/reboot, and after ... Evgeny Korostelev
04:13 AM Bug #12373: Update mpd5 to address vulnerabilities in < 5.9_2: pfSense 22.01.a.20211128.0600 uses mpd5-5.9_4 Viktor Gurov

11/27/2021

05:36 PM pfSense Plus Feature #12546 (New): Add 2FA Support to pfSense Plus Local Database Authentication: To eliminate the reliance on unsupported packages like freeRADIUS for making this work, we should add the capability ... Kris Phillips
05:31 PM Regression #12382: Certificate Depth checking creates OpenVPN micro-outages every time a user authenticates after 2.5.2 upgrade: Joao Assad wrote in #note-7:
> So this bug is affecting us too. We need to route all our VPN clients traffic through... Kris Phillips
05:28 PM Feature #12466: Option to Disable Renegotiation timer in OpenVPN Server: Viktor Gurov wrote in #note-2:
> openvpn(8):
> [...]
Since the option needs to be on both client and server, we ... Kris Phillips
05:23 PM Bug #12544: OpenSSH vulnerabilities: pfSense CE 2.6.0 and pfSense Plus 22.01 have OpenSSH-7.9p1 so they are also affected by this. Kris Phillips
02:24 PM Feature #12397: Distinguish between policy-based and route-based entries on IPsec status SPD tab: It seems this has made it into images, because I test and see some of this functionality.
Tested in:
2.6.0-DEV... Max Leighton
01:37 PM Feature #11935 (Resolved): Log external IP address of OpenVPN clients on connect and disconnect: Tested in:
2.6.0-DEVELOPMENT (amd64)
built on Sat Nov 27 06:23:02 UTC 2021
FreeBSD 12.3-PRERELEASE
In my test... Max Leighton

11/26/2021

09:36 PM pfSense Plus Bug #12545 (Not a Bug): /etc/inc/led.inc functions are not doing the right thing on 6100: At various points of the boot process, the LEDs are supposed to flash with different patterns to indicate stages of b... → luckman212

11/25/2021

07:30 PM Revision 332052b8: Static routes handling update. Fixes #11599 #11895 #7547: * Confirmation box to apply static routes add/route/change
* Reloading routes using aliases after changing the alias
... Viktor Gurov
10:57 AM Bug #12544 (Closed): OpenSSH vulnerabilities: openssh version on pfSense 2.5.2/21.05.2 is vulnerable to:
https://www.cvedetails.com/cve/CVE-2019-16905/
https://w... Viktor Gurov
10:40 AM Bug #12543: Deleteing a Outbound NAT rule gave me an empty rule and displayed php error in UI.: There's a horrible spelling mistake in the title but I can't edit.. Sorry! C J
10:38 AM Bug #12543 (Closed): Deleteing a Outbound NAT rule gave me an empty rule and displayed php error in UI.: When managing Outbound NAT rules
I managed to remove a duplicate rule
Which gave me the following error:... C J
08:26 AM Feature #12116 (Resolved): Support DNS server gateway selection on ``system.php`` for multiple gateways not assigned to interfaces: Tested against:... Danilo Zrenjanin
01:41 AM Bug #12542 (New): Cannot assign a same IPv6 Link-Local address to different interfaces: Hello,
I cannot assign a same IPv6 Link-local address to 2 different interface. (through Virtual IPs in the web in... Bertrand C
01:32 AM pfSense Packages Feature #10462: CPU Temp Screen: Request of feature to be implemented: https://github.com/pfsense/FreeBSD-ports/pull/1125 Geo Rou

11/24/2021

03:10 PM pfSense Packages Bug #11530: ntopng 4.2 needs to be updated to 4.3, Bug when accessing a host for details: upvote for this.
P.s. Also don't know what happen with pfsense repo, but installing ntopng from scratch with versi... DRago_Angel [InV@DER]
03:05 PM Revision 47e079f6: Support DNS server gateway selection on ``system.php`` for multiple gateways not assigned to interfaces. Implements #12116: Viktor Gurov
02:51 PM pfSense Docs Correction #9370: Update old screenshots: I started updating the OpenVPN+RADIUS via AD recipe. The existing recipe contained almost entirely redundant inform... Jim Pingle
11:03 AM Regression #11545: Primary interface address is not always used when VIPs are present: Sorry, new installs on SG2100's and XG7100's, 1 or 2 have been upgraded from 21.05 to 21.05.1 but same issue on all. Dan Edwards
10:54 AM Regression #11545: Primary interface address is not always used when VIPs are present: I was just bit by this again this morning. Every reboot. Very frustrating. Steve, if you need any information on the ... Denny Page
10:20 AM Regression #11545: Primary interface address is not always used when VIPs are present: To clarify, are these new installs, or upgrades? What platform (e.g. AWS)? And yes, try reproducing it and just click... Marcos M
08:49 AM Regression #11545: Primary interface address is not always used when VIPs are present: Also have the same issue on 21.05.1 on every install in 2 different scenarios. Scenario 1 WAN interface has /29 using... Dan Edwards
10:25 AM Feature #12267 (Resolved): OpenVPN option to limit concurrent connections per user: Tested, looks good. Marcos M
03:04 AM Feature #12267 (Feedback): OpenVPN option to limit concurrent connections per user: Merged Viktor Gurov
09:15 AM Feature #12116 (Feedback): Support DNS server gateway selection on ``system.php`` for multiple gateways not assigned to interfaces: Applied in changeset commit:47e079f67f31111a5d5b9e9819ded07438b68b94. Viktor Gurov
07:18 AM Todo #12511 (Resolved): Add note in log settings that disabling logging also disables ``sshguard`` login protection: Jim Pingle
04:41 AM Todo #12511: Add note in log settings that disabling logging also disables ``sshguard`` login protection: Tested against:... Danilo Zrenjanin
03:04 AM Todo #12511 (Feedback): Add note in log settings that disabling logging also disables ``sshguard`` login protection: Merged Viktor Gurov
04:53 AM Feature #9439 (Resolved): Poll Interval For GPS and PPS: Tested against:... Danilo Zrenjanin
04:21 AM pfSense Packages Feature #11210: 3rd party rulesets: Marcos Mendoza wrote in #note-4:
> Tested fine here. Only issue I see is the @Delete@ button will remove the @Check ... Viktor Gurov
12:25 AM Feature #11496: Support for NTP Peer mode: works as expected on 2.6.0.a.20211123.0600
but I don't see this option on 22.01.a.20211122.0600 Viktor Gurov

11/23/2021

07:23 PM Bug #11829: OpenVPN client certificate validation with OCSP always fails: Konstantin Panchenko wrote in #note-7:
> Renato Botelho wrote:
> > PR has been merged. Thanks!
>
> I'm not sure... Marcos M
06:21 PM Revision 04fbf68c: Update enableallowallwan to only include shaper.inc once.: Christian McDonald
02:53 PM Revision 535bba02: Hide the Duplicate Connection Limit input field until the Duplicate Connection check box is ticked. Issue #12267: Viktor Gurov
07:40 AM Bug #12541 (Rejected): IPsec remote side connection fails with: no maching peer if peer identifier is set to Any: Unable to reproduce, tunnels connect OK with peer ID = any here. This is likely a configuration error but may also be... Jim Pingle
04:58 AM Bug #12541: IPsec remote side connection fails with: no maching peer if peer identifier is set to Any: Setting the peer id to their remote gateway IP, is also not working
!clipboard-202111231157-2pp5e.png!
M. Pietersma
04:53 AM Bug #12541 (Rejected): IPsec remote side connection fails with: no maching peer if peer identifier is set to Any: It's currently a issue in version 2.5.2, can't test it in 2.6, because of a production status firewall.
IPsec betw... M. Pietersma
04:55 AM Bug #12455 (Resolved): Captive Portal online user statistics data is not cleared on unclean shutdown: Danilo Zrenjanin
04:55 AM Bug #12455: Captive Portal online user statistics data is not cleared on unclean shutdown: Tested against:... Danilo Zrenjanin
04:12 AM Bug #12539: Changing VLAN ID for LAN interface in assignments silently fails.: Chris Collins wrote:
>
> If you need the specifics, I will retest it and get you the specific log output.
Pleas... Viktor Gurov
01:35 AM Bug #12529 (Resolved): Interface group name starting with a digit creates invalid XML for rule separators: Tested against:... Danilo Zrenjanin

11/22/2021

05:08 PM Revision b58cb30a: Interface Groups start digit input validation. Fixes #12529: Viktor Gurov
05:07 PM Revision 76902a1a: Allow to select 3 (8s) NTP min poll value. Implements #9439: Viktor Gurov
03:28 PM pfSense Docs Correction #12540 (Duplicate): Feedback on pfSense Configuration Recipes — WireGuard Site-to-Site VPN Configuration Example: *Page:* https://docs.netgate.com/pfsense/en/latest/recipes/wireguard-s2s.html
*Feedback:*
1) In the network diagr... James Com
03:15 PM pfSense Docs Correction #9370: Update old screenshots: Updated OpenVPN RA doc and its screenshots:
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/0f0d3085838d083a... Jim Pingle
03:01 PM Revision aa8af662: Fix typo: Jim Pingle
11:15 AM Bug #12529 (Feedback): Interface group name starting with a digit creates invalid XML for rule separators: Applied in changeset commit:b58cb30a0881a221c9c5ff1eb5752ac0660271b9. Viktor Gurov
08:20 AM Bug #12529 (Pull Request Review): Interface group name starting with a digit creates invalid XML for rule separators: Jim Pingle
11:15 AM Feature #9439 (Feedback): Poll Interval For GPS and PPS: Applied in changeset commit:76902a1a62bd2785c23fd87d34c9388ef4ebaa00. Viktor Gurov
08:38 AM Feature #9439 (Pull Request Review): Poll Interval For GPS and PPS: Jim Pingle
08:59 AM Bug #7096 (Feedback): Unbound fails to start on boot if specific network devices are configured in the "Network Interfaces": Jim Pingle
08:51 AM Bug #12537 (Rejected): IPsec -> Advanced Settings not working: PHP Fatal error: Jim Pingle
08:34 AM Feature #12267 (Pull Request Review): OpenVPN option to limit concurrent connections per user: Jim Pingle
08:32 AM Bug #4637 (Closed): system unreachable after deleting VLAN: Jim Pingle
08:26 AM Bug #12440 (Pull Request Review): Zero-value prefix IPv6 addresses are mishandled: Jim Pingle
08:18 AM Feature #12116 (Pull Request Review): Support DNS server gateway selection on ``system.php`` for multiple gateways not assigned to interfaces: Jim Pingle
05:38 AM Bug #12095: Memory leak in pcscd: pcscd bugreport:
https://github.com/LudovicRousseau/PCSC/issues/55 Viktor Gurov

11/21/2021

12:02 PM Bug #7547: Static routes using aliases are not automatically updated when alias content changes: See notes on #11599. Marcos M
12:02 PM Feature #11895: Require user to manually apply changes after altering static route entries: See notes on #11599. Marcos M
11:58 AM Bug #11599: Modifying static routes results in a logged error, changes are not reflected in routing table: Tested this on @22.01.a.20211108.0600@.
* Deleting a static route does not prompt for an "Apply Changes" confirmatio... Marcos M
09:14 AM Bug #7096: Unbound fails to start on boot if specific network devices are configured in the "Network Interfaces": Should be fixed in #11087 and #11547
Could you retest with the latest stable version? Viktor Gurov
09:09 AM Bug #12539: Changing VLAN ID for LAN interface in assignments silently fails.: I saw the same issue on 22.01.a.20211119.0600, with the same workaround, but couldn't reproduce again
I think some... Viktor Gurov
08:48 AM Bug #12539 (New): Changing VLAN ID for LAN interface in assignments silently fails.: Hi
Recently I changed my VLAN ID that I use for my LAN interface, this was to follow advice given to me a long tim... Chris Collins
04:18 AM Bug #12537 (Closed): IPsec -> Advanced Settings not working: PHP Fatal error: Viktor Gurov
03:17 AM Bug #12537: IPsec -> Advanced Settings not working: PHP Fatal error: Sorry, it has been a problem in globals.inc, a custom modification caused the failure, I'm sorry for your time waste ... Guillermo Martínez
12:14 AM Feature #9439: Poll Interval For GPS and PPS: ntp.conf(5):... Viktor Gurov

11/20/2021

11:40 PM Feature #12466: Option to Disable Renegotiation timer in OpenVPN Server: openvpn(8):... Viktor Gurov
11:37 PM Feature #12267: OpenVPN option to limit concurrent connections per user: Max Leighton wrote in #note-5:
> It works. After setting the duplicate connection limit, any connections over the l... Viktor Gurov
04:52 PM Feature #12267: OpenVPN option to limit concurrent connections per user: Tested with
2.6.0-DEVELOPMENT (amd64)
built on Sat Nov 20 06:21:37 UTC 2021
FreeBSD 12.3-PRERELEASE
It works... Max Leighton
11:25 PM Bug #12536: Setting a default gateway of "None" does not remove the default gateway from the routing table: removing the default gateway, if set to 'none', may result in the removal of the route of dynamic routing protocols
... Viktor Gurov
12:59 PM Bug #12536 (Resolved): Setting a default gateway of "None" does not remove the default gateway from the routing table: selecting Default gateway as NONE should remove the default route from routing table.
making default GW as "NONE... Alhusein Zawi
11:08 PM Bug #12537: IPsec -> Advanced Settings not working: PHP Fatal error: Unable to reproduce it on 2.5.2 VM clean install
Where did you download the pfSense image? Viktor Gurov
04:37 PM Bug #12537: IPsec -> Advanced Settings not working: PHP Fatal error: Hi, I don't do anything special, I just access IPsec -> Advanced settings and get this error (see attached image), an... Guillermo Martínez
03:31 PM Bug #12537: IPsec -> Advanced Settings not working: PHP Fatal error: Hello,
I'm not able to reproduce this in 2.5.2. What specific steps are you doing to cause this error? Kris Phillips
01:55 PM Bug #12537 (Rejected): IPsec -> Advanced Settings not working: PHP Fatal error: On every pfSense 2.5.2 box I'm getting:
Fatal error: Uncaught TypeError: Argument 4 passed to Form_Select::__constru... Guillermo Martínez
09:44 PM pfSense Packages Bug #12538 (New): PIMD sub-interface bug: Hello,
I am running into a bug with PIMD. Running latest stable 2.5.2 virtual pfsense in ESXi.
I have two pfsens... Joe Janning
09:02 PM Bug #4637: system unreachable after deleting VLAN: Kindly see my previous comment where I already asked that it be closed with "can't reproduce" as the reason/status. Adam Thompson
04:41 PM Bug #4637: system unreachable after deleting VLAN: This bug should be marked as Incomplete as it's no longer relevant and very old. Kris Phillips
03:47 PM Bug #12434: Multiple cURL Vulnerabilities: cURL has been updated to 7.79.1 on pfSense CE as well. Both pfSense Plus 22.10 and pfSense 2.6.0 CE have fixes for t... Kris Phillips
01:44 PM Bug #11296: Static route targets may still reachable via default route when the gateway they should route through is down: Static route is still reachable while WAN gateway is Marked Gateway as Down.
22.01.a.20211120.0600 Alhusein Zawi
11:37 AM Bug #12452 (Resolved): Port forward rules are not created for special networks (pppoe, openvpn): Tested in
2.6.0-DEVELOPMENT (amd64)
built on Sat Nov 20 06:21:37 UTC 2021
FreeBSD 12.3-PRERELEASE
Input valid... Max Leighton
10:44 AM Todo #12093: Make AutoConfigBackup menu entry point to the settings tab so it loads faster when there is no WAN connectivity: Tested in
2.6.0-DEVELOPMENT (amd64)
built on Sat Nov 20 06:21:37 UTC 2021
FreeBSD 12.3-PRERELEASE
The landing... Max Leighton
09:39 AM Bug #12440: Zero-value prefix IPv6 addresses are mishandled: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/469
example:
fw rule on IPv6 interface with fc00:88... Viktor Gurov
03:31 AM pfSense Packages Bug #12506: Only selected instance is restarted on suppress list change: fix:
https://github.com/pfsense/FreeBSD-ports/pull/1124 Viktor Gurov
02:41 AM Bug #12529: Interface group name starting with a digit creates invalid XML for rule separators: input validation improvements:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/468 Viktor Gurov

11/19/2021

11:59 PM Feature #12116: Support DNS server gateway selection on ``system.php`` for multiple gateways not assigned to interfaces: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/467 Viktor Gurov
07:49 PM Revision 620ef850: Ui3 bandwidth: Steve Beaver
03:58 PM pfSense Packages Bug #12487 (Resolved): Netgate Firmware Upgrade 0.41.1 offers to upgrade FW version 01.00.00.11 to itself: Luiz Souza
03:19 PM Revision a506ea5a: Local Logging warning note. Issue #12511: Viktor Gurov
02:03 PM pfSense Docs Correction #12535 (New): Negate Rules function does not match the description: Originally the automatic Negate Network rules were intended to negate policy routing for locally connected subnets an... Steve Wheeler
10:37 AM pfSense Plus Feature #12534 (Closed): Generate a ISO Image for Remote Restore of pfSense Plus on the XG-1537 and 1541 units with IPMI: The 1537 and 1541 both have IPMI that supports booting ISO images. However, it does not support booting IMG files wh... Kris Phillips
07:40 AM Feature #11439 (Resolved): IPv6 support in ``easyrule`` CLI script: Tested against:... Danilo Zrenjanin
06:52 AM Bug #11999 (Resolved): OpenVPN IPv6 tunnel network is not validated properly: Tested against:... Danilo Zrenjanin
06:37 AM Feature #4769 (Resolved): IPv6 support in the Traffic Shaper Wizard: Tested against:... Danilo Zrenjanin
06:02 AM pfSense Packages Bug #12533: extra rules incorrect input validation: fix:
https://github.com/pfsense/FreeBSD-ports/pull/1123 Viktor Gurov
05:30 AM pfSense Packages Bug #12533 (Resolved): extra rules incorrect input validation: https://forum.netgate.com/topic/167995/suricata-download-extra-rules-fail:
a quick question for you. I'm currently t... Viktor Gurov

11/18/2021

03:14 PM Bug #12529: Interface group name starting with a digit creates invalid XML for rule separators: I'd agree that simply disallowing them to start and end with a digit would be easier. Even if that means that a great... Jens Groh
02:58 PM Bug #12529 (Confirmed): Interface group name starting with a digit creates invalid XML for rule separators: That isn't quite right either, see my reply on your forum thread. The problem is actually separators being in the con... Jim Pingle
02:47 PM Bug #12529: Interface group name starting with a digit creates invalid XML for rule separators: Please have a look at https://forum.netgate.com/topic/167988/pot-bug-s-with-interface-groups-firewall-rules
I did ... Jens Groh
02:26 PM Bug #12529: Interface group name starting with a digit creates invalid XML for rule separators: Maybe it's already been fixed on 22.01 then. I get a rule in the GUI tab and in /tmp/rules.debug.... Jim Pingle
02:06 PM Bug #12529: Interface group name starting with a digit creates invalid XML for rule separators: I didn't think it would be hard to reproduce. Nice if it works for you, Jim, but no it is nothing about special chara... Jens Groh
01:09 PM Bug #12529 (Rejected): Interface group name starting with a digit creates invalid XML for rule separators: I can't replicate this as stated and there isn't nearly enough detail to guess what might be happening in your enviro... Jim Pingle
05:51 AM Bug #12529 (Resolved): Interface group name starting with a digit creates invalid XML for rule separators: Tested on: 2.5.2 as well as plus-25.01
As per the definition of Interface groups, group names may have digits in i... Jens Groh
02:16 PM Bug #12532 (Duplicate): Virtual IP problem with OpenVPN: It's the same as the other issue, no need for a separate entry. Jim Pingle
01:23 PM Bug #12532 (Duplicate): Virtual IP problem with OpenVPN: Hi, I wasn't sure if this should be tracked separately, but I've seen similar behavior to this issue: https://redmine... Gary Smithe
01:21 PM Bug #12528 (Rejected): Fatal error: Uncaught Exception when adding certificates to CRL: I can't replicate this as stated and there isn't enough information to guess what might be happening in your environm... Jim Pingle
03:00 AM Bug #12528 (Rejected): Fatal error: Uncaught Exception when adding certificates to CRL: Hello.
We have a CA certificate and i have created a CRL for it. When trying to add certificates to this CRL we ge... Chriss E
12:48 PM Feature #4128: Email notification webgui configuration: See also: #12531 Jim Pingle
12:47 PM pfSense Plus Feature #12531 (Duplicate): Improve Email and Push Notifications Granularity: Duplicate of #4128 Jim Pingle
12:36 PM pfSense Plus Feature #12531 (Duplicate): Improve Email and Push Notifications Granularity: There is little to no options under System --> Advanced --> Notifications in terms of what is notified. We should ad... Kris Phillips
12:20 PM pfSense Packages Bug #12530: wireguard 0.15 bypasses firewall: If your peers use a static port on both sides and initiate A->B and then immediately stop/start WG and try B->A this ... Jim Pingle
11:49 AM pfSense Packages Bug #12530: wireguard 0.15 bypasses firewall: Christian McDonald wrote in #note-2:
> As long as one peer can initiate a handshake and establish a UDP path, this s... Nicolas Embriz
11:43 AM pfSense Packages Bug #12530 (Rejected): wireguard 0.15 bypasses firewall: Christian McDonald
11:36 AM pfSense Packages Bug #12530: wireguard 0.15 bypasses firewall: Without an UDP allow rule on WAN, my remote peers are not able to initiate a connection.
The key here is 'initiate.... Christian McDonald
10:51 AM pfSense Packages Bug #12530 (Rejected): wireguard 0.15 bypasses firewall: I created a tunnel not assigning an interface and only defining the IP on the same page (interface address) but notic... Nicolas Embriz

11/17/2021

04:32 PM pfSense Packages Bug #12487: Netgate Firmware Upgrade 0.41.1 offers to upgrade FW version 01.00.00.11 to itself: Bug reporter here. With a 7100 on 21.05.1, Netgate Firmware Upgrade 0.41.2 appears to fix this bug. Thanks, user#41... Andrew Warren
10:09 AM Bug #12527: DHCPv6 server does not skip interfaces configured with invalid ranges: When configuring the DHCPv6 Server errors on other interfaces that break the DHCPv6 server as a whole are not detecte... Michael Lindman
10:01 AM Bug #12527 (Resolved): DHCPv6 server does not skip interfaces configured with invalid ranges: Michael Lindman

11/16/2021

05:01 PM Revision a5fd794b: Add librdkafka package to the pfSense repo. Feature #12290: Viktor Gurov
02:48 PM pfSense Packages Feature #12526 (New): WireGuard Widget: Hellow,
I want to request a feature to the WireGuard widget, probably not so important for many others.
Do you th... B. B.
02:45 PM pfSense Packages Feature #12525 (New): WireGuard Tunnel restore configuration: Hi,
I see the function for downloading the configuration "files" in the WireGuard - Tunnels (nice to backup the co... B. B.
01:07 PM Feature #12522: More GUI options for OpenVPN Client-Specific Overrides: Jim Pingle wrote in #note-5:
> Yes, that's exactly expected. When you check it, nothing from the server is pushed, on... Phil Wardt
09:43 AM Feature #12522: More GUI options for OpenVPN Client-Specific Overrides: Phil Wardt wrote in #note-3:
> Jim Pingle wrote in #note-2:
> The bug part is this:
> When that option is checked,... Jim Pingle
05:27 AM Feature #12522: More GUI options for OpenVPN Client-Specific Overrides: A last note if the features are revised added/once:
The title of the tab is "Client-Specific Override". I never expe... Phil Wardt
11:29 AM Bug #12141: Lack of DNS or Internet connectivity causes GUI to be slow: Perhaps we should hardcode / fall back to different DNS providers; e.g. use @1.1.1.1@ and @8.8.8.8@ (and IPv6 counter... Marcos M
11:00 AM Bug #12141 (Feedback): Lack of DNS or Internet connectivity causes GUI to be slow: Applied in changeset commit:bbb3bbebbf8059e72d60dbb1721d997568ae2090. Viktor Gurov
10:45 AM Bug #12141 (Pull Request Review): Lack of DNS or Internet connectivity causes GUI to be slow: Jim Pingle
02:32 AM Bug #12141: Lack of DNS or Internet connectivity causes GUI to be slow: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/463 Viktor Gurov
11:04 AM Todo #12093 (Feedback): Make AutoConfigBackup menu entry point to the settings tab so it loads faster when there is no WAN connectivity: Merged Viktor Gurov
10:45 AM Todo #12093 (Pull Request Review): Make AutoConfigBackup menu entry point to the settings tab so it loads faster when there is no WAN connectivity: Jim Pingle
02:45 AM Todo #12093: Make AutoConfigBackup menu entry point to the settings tab so it loads faster when there is no WAN connectivity: Marcos Mendoza wrote:
> # Navigating to @Services / Auto Configuration Backup@ should not be affected by internet co... Viktor Gurov
10:54 AM Feature #12290 (Pull Request Review): Add ``librdkafka`` package to the pfSense package repository: Jim Pingle
04:20 AM Feature #12290: Add ``librdkafka`` package to the pfSense package repository: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/464 Viktor Gurov
10:36 AM Todo #12511 (Pull Request Review): Add note in log settings that disabling logging also disables ``sshguard`` login protection: Updated subject to match the info in the comments. Jim Pingle
12:06 AM Todo #12511: Add note in log settings that disabling logging also disables ``sshguard`` login protection: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/462 Viktor Gurov
10:22 AM Bug #10662 (Pull Request Review): Restoring from AutoConfigBackup presents reboot type selection option then reboots automatically: Jim Pingle
09:46 AM Revision bbb3bbeb: DNS check improvements for fw check and ACB. Fixes #12141: Viktor Gurov

11/15/2021

11:58 PM Bug #12249: Long configuration revision reasons can cause AutoConfigBackup upload to fail: config.xml file size should be checked before upload, and produce an info box with "ACB config.xml size limit exceed"... Viktor Gurov
11:56 PM Bug #10662: Restoring from AutoConfigBackup presents reboot type selection option then reboots automatically: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/461 Viktor Gurov
05:43 PM Revision 71f503d2: Uninitialized config variables in interface_assign.php: Christian McDonald
03:44 PM Feature #12522: More GUI options for OpenVPN Client-Specific Overrides: Jim Pingle wrote in #note-2:
> It's doing exactly what it says. Normally the client configuration would include the t... Phil Wardt
08:26 AM Feature #12522: More GUI options for OpenVPN Client-Specific Overrides: It's doing exactly what it says. Normally the client configuration would include the topology rather than having it p... Jim Pingle
02:51 PM Revision 7aaa20d9: Use OpenVPN async client-connect, clear stale rules, add option to limit connections per user. Implements #12407 and #12332 and #12267: Marcos M
02:47 PM Revision 6a41d476: Port Forward checks for special interfaces and reflection type. Fixes #12452: Viktor Gurov
02:13 PM Revision 0cfd0083: NTP Peer mode. Implements #11496: Viktor Gurov
12:27 PM Feature #4688: Missing TFC Traffic Flow Confidentiality support: Note:
According to https://wiki.strongswan.org/projects/strongswan/wiki/Swanctlconf this needs to be set on the chil... Marcos M
11:21 AM Todo #12511: Add note in log settings that disabling logging also disables ``sshguard`` login protection: There is no issue - sshguard will start after any AUTH event (ssh/webgui login) because such events transmits data vi... Viktor Gurov
09:40 AM Todo #12511: Add note in log settings that disabling logging also disables ``sshguard`` login protection: Rerooting the system does work too Viktor Gurov
01:15 AM Todo #12511: Add note in log settings that disabling logging also disables ``sshguard`` login protection: Same issue if you just press 'Save' on the status_logs_settings.php page or restart the syslogd service
something wro... Viktor Gurov
09:53 AM Bug #12141: Lack of DNS or Internet connectivity causes GUI to be slow: we can use @check_dnsavailable()@ from #11512 to optimize this behavior
see also #12335 and #9677 Viktor Gurov
09:06 AM Feature #12267 (Feedback): OpenVPN option to limit concurrent connections per user: Merged Viktor Gurov
09:05 AM Bug #12332 (Feedback): OpenVPN does not clear old Cisco-AVPair anchor rules in some cases: Merged Viktor Gurov
09:00 AM Feature #12407 (Feedback): Use deferred client connections in OpenVPN: Applied in changeset commit:7aaa20d95a345c4688e8786c755c7d0433451688. Marcos M
08:55 AM Bug #12452 (Feedback): Port forward rules are not created for special networks (pppoe, openvpn): Applied in changeset commit:6a41d4769dfcdfebc2bf827f67b7ca52613d7223. Viktor Gurov
08:34 AM Bug #12452 (Pull Request Review): Port forward rules are not created for special networks (pppoe, openvpn): Jim Pingle
04:18 AM Bug #12452: Port forward rules are not created for special networks (pppoe, openvpn): pfSense doesn't create rdr rules for special interfaces (openvpn, pppoe, ipsec) if destination = any
add extra che... Viktor Gurov
08:39 AM pfSense Plus Feature #12524: OpenSSL QAT Engine: It's not clear yet if that would be viable or beneficial, but it is under consideration.
Current implementations o... Jim Pingle
05:07 AM pfSense Plus Feature #12524 (New): OpenSSL QAT Engine: Hi all,
is possible to compile openssl to use QAT on PfSense plus, than accelerate OpenVPN ?
Thanks
Luca Luca De Andreis
08:20 AM Feature #11496 (Feedback): Support for NTP Peer mode: Applied in changeset commit:0cfd008330b543a1674787cb031507fb1951a1f9. Viktor Gurov
08:15 AM Bug #12095: Memory leak in pcscd: The problems you're hitting are a mix of somewhat but not really related things.
This issue being the memory leak ... Jim Pingle
07:40 AM Feature #12521: Add the BBR2, QUIC, RACK Congestion Control (CC) protocols: This is not a priority as those algorithms only come into play on pfSense software when the firewall is the *endpoint... Jim Pingle

11/14/2021

02:39 PM Feature #12522: More GUI options for OpenVPN Client-Specific Overrides: Notes:
Maybe one option would be to add an option "Client setting override server defined client options"
This opti... Phil Wardt
02:03 PM Feature #12522 (Resolved): More GUI options for OpenVPN Client-Specific Overrides: I setup an OpenVPN server, let's say 10.10.10.0/24, which works properly
I setup some custom exceptions for a specif... Phil Wardt
10:07 AM Bug #12141: Lack of DNS or Internet connectivity causes GUI to be slow: I agree. There are certain places in the GUI that are affected - the ACB page also being an example (see https://redm... Marcos M
07:26 AM Bug #12095: Memory leak in pcscd: I politely disagree with the assigned priority for this bug, particularly given that a CE release is likely months aw... Pedro Ribeiro
03:47 AM Feature #9544: Enable ``ROUTE_MPATH`` multipath routing: The current status of FreeBSD multipath:
https://www.freebsd.org/status/report-2020-10-2020-12.html#Scalable-routing... Viktor Gurov
03:46 AM Feature #4632: Support for Multipath TCP (MPTCP): FreeBSD multipath status:
https://www.freebsd.org/status/report-2020-10-2020-12.html#Scalable-routing-multipath-support Viktor Gurov

11/13/2021

08:44 PM Regression #11316: Unbound crashes with signal 11 when reloading: I've tested this a bit in 1.13.2 on 22.01 and have been unable to reproduce DHCP/DNS crashes with the latest unbound ... Kris Phillips
08:37 PM Todo #12511: Add note in log settings that disabling logging also disables ``sshguard`` login protection: Testing on 22.01:
Before making any changes running "ps aux | grep sshguard":
root 193 0.0 0.3 11540 3... Kris Phillips
08:32 PM Todo #12511: Add note in log settings that disabling logging also disables ``sshguard`` login protection: Testing on 21.05.2:
I disabled and re-enabled Local Logging and have the following:
root 59415 0.0 0.1 11452 ... Kris Phillips
08:28 PM Bug #10352: RADIUS authentication fails with MSCHAPv1 or MSCHAPv2 when passwords contain international characters: Similar issue with LDAP authentication #12519 Kris Phillips
06:44 PM pfSense Packages Bug #12030: Startup Errors for Avahi Package: Are we going to move this forward? This has been in a pull request review for 2 months. Can the changes be merged s... Kris Phillips
06:42 PM Bug #12141: Lack of DNS or Internet connectivity causes GUI to be slow: Marcos Mendoza wrote in #note-8:
> I tried reproducing this on a lab. The gateway is online but pfSense is not able ... Kris Phillips
04:47 PM pfSense Packages Bug #12073: ``netsnmptrapd.conf`` syntax for ``snmpTrapdAddr`` is wrong: ver 0.1.5_9 reports snmpTrapdAddr when running head -n 1 /var/etc/netsnmptrapd.conf Jordan G
01:47 PM pfSense Packages Bug #11889 (Resolved): BIND starts twice by /etc/rc.start_packages: Tested bind 9.16_11 in
2.6.0-DEVELOPMENT (amd64)
built on Sat Nov 13 06:22:43 UTC 2021
FreeBSD 12.3-PRERELEASE
... Max Leighton
01:19 PM pfSense Packages Bug #12487: Netgate Firmware Upgrade 0.41.1 offers to upgrade FW version 01.00.00.11 to itself: 7100 on 22.01 with Netgate_Firmware_Upgrade 0.46 does not offer "Upgrade and Reboot" when current = latest; 0.45 did ... Jordan G
12:34 PM Feature #11496: Support for NTP Peer mode: Awesome! Thank you Viktor.
Running this latest revision and it all looks good to me.
There was a bounty attach... Christian Borchert
08:35 AM Feature #11496: Support for NTP Peer mode: Christian Borchert wrote in #note-11:
> I'm not sure - but I think we need an 'else' added to the code:
>
> !clip... Viktor Gurov
08:22 AM Feature #11496: Support for NTP Peer mode: I'm not sure - but I think we need an 'else' added to the code:
!clipboard-202111130822-wawmh.png!
Christian Borchert
07:47 AM Feature #11496: Support for NTP Peer mode: Thanks Viktor,
I installed the "System_Patches" package, reverted to backup copies I made of system.inc and servic... Christian Borchert
02:04 AM Feature #11496: Support for NTP Peer mode: Christian Borchert wrote in #note-7:
> OK - I was able to find the ntpd.conf file in pfsense's /var/etc directory
>... Viktor Gurov
10:55 AM Bug #12498 (Resolved): Input validation error can unintentionally result in removal of PPP type interface settings: Tested in:
2.6.0-DEVELOPMENT (amd64)
built on Sat Nov 13 06:22:43 UTC 2021
FreeBSD 12.3-PRERELEASE
I can crea... Max Leighton
10:32 AM Bug #12514 (Resolved): Trying to delete an assigned PPPoE interface fails without printing an error message: Tested in
2.6.0-DEVELOPMENT (amd64)
built on Sat Nov 13 06:22:43 UTC 2021
FreeBSD 12.3-PRERELEASE
The error m... Max Leighton

11/12/2021

09:11 PM Feature #12521 (New): Add the BBR2, QUIC, RACK Congestion Control (CC) protocols: Changing character of traffic in last 5-7 years powered extremely by the fact that
- 80%+ of users using mobile dev... Sergei Shablovsky
07:35 PM Revision fc19062e: Input error message box on the interfaces_ppps.php page. Fixes #12514: Viktor Gurov
03:41 PM Revision 56b1a253: Fix reservation on CE installs with a pool called 'zroot'.: Brad Davis
02:13 PM pfSense Packages Feature #12520 (New): [Squid] - Allow or Deny Mappings from IP/Host/GeoIP sources: Hello,
Do you think it's possible to add the functionality to filter (via IP, Hostname or Alias ?) the access of c... Jean-Michel Pattulacci
01:50 PM Bug #11984: Automatic Outbound NAT mode can create incorrect rules in some cases: may be related to #11764 Viktor Gurov
01:45 PM Bug #12514 (Feedback): Trying to delete an assigned PPPoE interface fails without printing an error message: Applied in changeset commit:fc19062e73c99d55b39bdeb55acde07e8e0427ef. Viktor Gurov
12:15 PM Bug #12514 (Pull Request Review): Trying to delete an assigned PPPoE interface fails without printing an error message: Jim Pingle
01:20 PM Feature #11496: Support for NTP Peer mode: OK - I was able to find the ntpd.conf file in pfsense's /var/etc directory
Looks like it is specifying server/pool... Christian Borchert
12:43 PM Feature #11496: Support for NTP Peer mode: Thanks Viktor,
I believe I applied the changes to the files correctly - where does pfsense save the ntp.conf file ... Christian Borchert
12:19 PM Feature #11496 (Pull Request Review): Support for NTP Peer mode: Jim Pingle
07:11 AM Feature #11496: Support for NTP Peer mode: Christian Borchert wrote in #note-3:
> Viktor Gurov wrote in #note-2:
> > https://gitlab.netgate.com/pfSense/pfSens... Viktor Gurov
06:59 AM Feature #11496: Support for NTP Peer mode: Viktor Gurov wrote in #note-2:
> https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/458
Hi Viktor,
Th... Christian Borchert
01:55 AM Feature #11496: Support for NTP Peer mode: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/458 Viktor Gurov
11:29 AM Regression #11570 (New): Gateway monitoring services is not always restarted on interface events, which may prevent a WAN from recovering back to an online state: same issue on 22.01.a.20211029.0500 - once failover from WAN to LTE(WAN2) happens it will never fail back until I man... Viktor Gurov
09:42 AM Regression #12517 (Resolved): pfSense-rc console errors on old zfs scheme (zroot): Thanks for the report. The fix will be in tomorrows snapshot. Brad Davis
08:43 AM Regression #12517 (Waiting on Merge): pfSense-rc console errors on old zfs scheme (zroot): Brad Davis
07:39 AM Bug #12519: Fail authentication using special character in password via the LDAP connector: a similar issue with RADIUS authentication - #10352 Viktor Gurov
07:10 AM Bug #12519 (New): Fail authentication using special character in password via the LDAP connector: Hi all,
using openVPN authentication by ldap connector to AD 2016 server, I realized that using a character in the... Luca De Andreis
12:09 AM Feature #12518 (Closed): Restore RRD and extra data from configuration backups when restoring during installation: Currently bsdinstall script simply removes any extra data or RRD data from the config.xml:
https://github.com/pfsens... Viktor Gurov

Also available in: Atom

Project

General

Profile

pfSense

Activity

Activity

12/11/2021

12/10/2021

12/09/2021

12/08/2021

12/07/2021

12/06/2021

12/05/2021

12/04/2021

12/03/2021

12/02/2021

12/01/2021

11/30/2021

11/29/2021

11/28/2021

11/27/2021

11/26/2021

11/25/2021

11/24/2021

11/23/2021

11/22/2021

11/21/2021

11/20/2021

11/19/2021

11/18/2021

11/17/2021

11/16/2021

11/15/2021

11/14/2021

11/13/2021

11/12/2021