Activity

30 days up to

User

Subprojects

Activity

From 01/28/2022 to 02/26/2022

02/26/2022

01:43 PM Feature #8365: Button to copy rules from one interface to another: copy option is shown up.
it will be better if "copy" is changed to be "Paste or apply" in pop up window (attache... Alhusein Zawi
01:04 PM Bug #12633: Gateway monitoring should mark gateway as "offline" on PPPoE parent interface disconnect: GW is waiting for a packet loss threshold, it does not go to offline immediately.
tested by disabling PPPoE serv... Alhusein Zawi
12:27 PM Bug #12536: Setting a default gateway of "None" does not remove the default gateway from the routing table: making default GW as "NONE" removes the default GW routing table.
But Mark Gateway as Down does not remove the... Alhusein Zawi
10:57 AM Bug #12876 (Resolved): Changing RAM disk size does not prompt to reboot: On 2.6 and 22.01 if one changes either RAM Disk Size setting, and saves, the page says "The changes have been applied... Steve Y

02/25/2022

09:28 PM Bug #12259: Intel em NICs Suffering Performance Degradation on FreeBSD12: This can safely be closed since TCP Offload should never be enabled on a Netgate appliance.
However, we should t... Kris Phillips
09:24 PM Regression #12821: Intel e1000 driver (``em``, ``igb``) cannot pass packets tagged with VLAN ``0``: I can confirm the iflib driver issue as well. I may spin up a FreeBSD 12.3 install to compile the newer driver as we... Kris Phillips
07:13 PM Revision f53fe980: Use http_build_query() for Google Domains DDNS post data. Fixes #12754: Viktor Gurov
04:42 PM Regression #12827: High latency and packet loss during a filter reload: I don't even fully understand why there's hashing going on instead of comparing directly, that doesn't really make an... Flole Systems
10:05 AM Regression #12827: High latency and packet loss during a filter reload: I had a look at the issue with a profiler. While the loop you are mentioning is a problem to some extent, the real is... Mateusz Guzik
04:03 PM Bug #12875 (Resolved): Import zabbix-agent6 and zabbix-proxy6 from FreeBSD Ports: Zabbix 5.4 is being deprecated and Zabbix 6 has been released. We should pull these over from FreeBSD ports.
ht... Kris Phillips
03:55 PM Feature #12855 (Resolved): GUI option to select the user password hashing algorithm: This is working well. I've also added it as a recommended patch option in the new system patches package, so people o... Jim Pingle
03:43 PM Bug #12872: Firewall log tracker ID always returns "4294967295" regardless of rule triggered.: The pkg upgrade and restart resolved the issue.
Thank you Julian Kahumana
03:07 PM Bug #12872: Firewall log tracker ID always returns "4294967295" regardless of rule triggered.: Thank you Julian Kahumana
02:58 PM Bug #12872 (Not a Bug): Firewall log tracker ID always returns "4294967295" regardless of rule triggered.: From that pkg output I'm fairly certain your system was interrupted mid-upgrade and is not running a consistent state... Jim Pingle
02:54 PM Bug #12872: Firewall log tracker ID always returns "4294967295" regardless of rule triggered.: Sorry, I'm not familiar with the process. I was pointed here by BBcan177. I can move this all to the negate forum.
T... Julian Kahumana
02:21 PM Bug #12872 (Incomplete): Firewall log tracker ID always returns "4294967295" regardless of rule triggered.: We still need more information here since we have not yet been able to reproduce this behavior. I've checked over 20 ... Jim Pingle
02:02 PM Bug #12872 (Not a Bug): Firewall log tracker ID always returns "4294967295" regardless of rule triggered.: The issue only showed up after upgrading from 2.5 to to 2.6.
The following is an example from the firewall log. Lo... Julian Kahumana
03:24 PM Revision 2e3018c5: Rules copy feature. Implements #8365: Viktor Gurov
02:24 PM Feature #12874 (New): OpenVPN RADIUS Framed-Pool: Allow group mappings within OpenVPN via RADIUS server. Each OpenVPN user group would have a unique subnet associated ... Ryan Whitlock
02:10 PM Regression #12873 (Resolved): Hyper-V RSC support in ``hn(4)`` driver is enabled by default and results in very low throughput: RSC support was added to FreeBSD in 12.3 and is included in pfSense 22.01/2.6.
When run in Hyper-V it can create v... Steve Wheeler
12:59 PM pfSense Packages Bug #12802 (Resolved): OpenVPN client imported using Client Import works until first time editing and saving settings (SHA1 replaced with SHA256): Tested on the:... Danilo Zrenjanin
12:10 PM Bug #12871 (Resolved): Some action buttons are always active for firewall rules, even if no rules are selected: "Delete", "Toggle" (#2505), and "Copy rule" (#8365) buttons at the bottom of the rules page are always active.
All o... Viktor Gurov
10:49 AM pfSense Packages Feature #12246 (Closed): Load a file into patch textarea: Works well, closing. Jim Pingle
09:52 AM Bug #12868: Output from ``pfctl -vvsr`` does not include ``ridentifier`` value in the expected location: https://gitlab.netgate.com/pfSense/FreeBSD-src/-/merge_requests/55
https://gitlab.netgate.com/pfSense/pfSense/-/merg... Kristof Provost
09:47 AM Bug #12868: Output from ``pfctl -vvsr`` does not include ``ridentifier`` value in the expected location: That is unlikely to be related to this. The code that parses the rules for the GUI already catches the proper rtracke... Jim Pingle
09:44 AM Bug #12868: Output from ``pfctl -vvsr`` does not include ``ridentifier`` value in the expected location: There are some users who are experiencing issues with pfSense recording the Tracker ID as "4294967295" which accordin... BBcan177 .
07:16 AM Bug #12868: Output from ``pfctl -vvsr`` does not include ``ridentifier`` value in the expected location: If it's just a leftover remnant then I agree we should remove it. The ridentifier is already visible on the line and ... Jim Pingle
04:00 AM Bug #12868: Output from ``pfctl -vvsr`` does not include ``ridentifier`` value in the expected location: What depends on this?
It's trivial to fix this, but it deviates from upstream. In upstream the rule output always ... Kristof Provost
09:35 AM Feature #8365 (Feedback): Button to copy rules from one interface to another: Applied in changeset commit:2e3018c565c71b8ef44205e4f07080713a564af3. Viktor Gurov
08:58 AM Feature #2505: Toggle button to disable/enable multiple firewall rules: Matthew Drury wrote in #note-10:
> Could this feature also be added to the NAT config pages? (Port Forwards and Outb... Viktor Gurov
08:39 AM Feature #2505: Toggle button to disable/enable multiple firewall rules: Could this feature also be added to the NAT config pages? (Port Forwards and Outbound NAT) Matthew Drury
07:43 AM pfSense Packages Bug #12869 (Pull Request Review): Bind DNS Package AAAA filtering Broken on new ZFS Installs: Jim Pingle
05:52 AM pfSense Packages Bug #12869: Bind DNS Package AAAA filtering Broken on new ZFS Installs: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/188 Viktor Gurov
04:41 AM Bug #12870: Clicking Save & Force Update on a Dynamic DNS entry results in a GUI timeout: But when you disconnect the converter or renew the public IP, the IP was not updated to clodflare. It just only updat... Hong Duong Pham
04:36 AM Bug #12870: Clicking Save & Force Update on a Dynamic DNS entry results in a GUI timeout: Here are related logs:... Danilo Zrenjanin
04:18 AM Bug #12870 (New): Clicking Save & Force Update on a Dynamic DNS entry results in a GUI timeout: Danilo Zrenjanin
04:17 AM Bug #12870: Clicking Save & Force Update on a Dynamic DNS entry results in a GUI timeout: Tested on the:... Danilo Zrenjanin
03:07 AM Bug #12870 (Rejected): Clicking Save & Force Update on a Dynamic DNS entry results in a GUI timeout: This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Viktor Gurov
01:48 AM Bug #12870 (Resolved): Clicking Save & Force Update on a Dynamic DNS entry results in a GUI timeout: The dynamic DNS on Pfsense was not automatically update the IP Address from the network to Cloudflare or any service ... Hong Duong Pham
03:06 AM Bug #12803 (Resolved): Error loading ruleset due to illegal TOS value: Replicated the issue on the:... Danilo Zrenjanin

02/24/2022

08:03 PM Revision 6739d001: Bridge interface input validation fix. Issue #12866: Viktor Gurov
03:05 PM Regression #12866 (Feedback): Disabled Captive Portal configuration prevents adding an interface to a bridge: Merged:
https://github.com/pfsense/pfsense/commit/6739d0014695a1fdba77d8c36b6a89ba7252b021 Viktor Gurov
07:37 AM Regression #12866 (Pull Request Review): Disabled Captive Portal configuration prevents adding an interface to a bridge: Jim Pingle
03:33 AM Regression #12866: Disabled Captive Portal configuration prevents adding an interface to a bridge: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/638 Viktor Gurov
03:26 AM Regression #12866 (Resolved): Disabled Captive Portal configuration prevents adding an interface to a bridge: How to reproduce:
1) Create a Captive Portal on the OPT1 interface
2) Disable Captive Portal
3) Try to create a br... Viktor Gurov
01:04 PM Revision c2bb9552: Do not remove net.link.ifqmaxlen from /boot/loader.conf.local. Fixes #12862: Viktor Gurov
12:38 PM Todo #12556 (New): Comply with current iteration standards when encrypting and decrypting configuration files: Jim Pingle
12:33 PM Bug #12621 (Closed): Fix rare case where /getstats.php might be called without valid post data.: Jim Pingle
10:58 AM pfSense Packages Bug #12869: Bind DNS Package AAAA filtering Broken on new ZFS Installs: Thread that discusses this is here
https://forum.netgate.com/topic/169742/bind-dns-package-aaaa-filtering-problem
JohnPoz _
10:06 AM pfSense Packages Bug #12869 (Resolved): Bind DNS Package AAAA filtering Broken on new ZFS Installs: Reference this older bug for some background (#10413)
This breaks again in newer installs with zfs file systems du... Dean Weimer
10:35 AM Bug #12800: Suboptimal Password Hashing: In #12863, I propose a (surprisingly simple) solution that dramatically increases the strength of the sha512crypt has... Royce Williams
10:30 AM Feature #12863: dynamically tune sha512crypt rounds: Jim Pingle wrote in #note-2:
> Dynamic tuning sounds like more trouble than it's worth, IMO. We'd have to test and ca... Royce Williams
09:27 AM Feature #12863: dynamically tune sha512crypt rounds: Dynamic tuning sounds like more trouble than it's worth, IMO. We'd have to test and cache the value or test each time... Jim Pingle
12:37 AM Feature #12863: dynamically tune sha512crypt rounds: > and to match the sha512crypt
*match the salts in the various sha512crypt @mkpasswd@ implementations. Royce Williams
12:16 AM Feature #12863 (New): dynamically tune sha512crypt rounds: As touched on in #12800 and #12855, sha512crypt's default number of rounds (5000) can be cracked relatively quickly b... Royce Williams
09:15 AM Bug #12868 (Resolved): Output from ``pfctl -vvsr`` does not include ``ridentifier`` value in the expected location: On 22.01/2.6.0 when looking at the ruleset with @pfctl -vvsr@ the tracker/ridentifier ID should be in parenthesis af... Jim Pingle
08:52 AM Bug #12867 (Not a Bug): In some cases, incorrect subnet settings prevent static routes from being set correctly after a system restart.: The primary use case for L2TP is for L3 connectivity to an ISP, not as an L2TP VPN. For those using it as an ISP auth... Jim Pingle
08:42 AM Bug #12867: In some cases, incorrect subnet settings prevent static routes from being set correctly after a system restart.: Jim Pingle wrote in #note-4:
> I tried to recreate the problem and could not. My subnet mask was always applied corr... RUI YUAN
08:09 AM Bug #12867: In some cases, incorrect subnet settings prevent static routes from being set correctly after a system restart.: I tried to recreate the problem and could not. My subnet mask was always applied correctly. There must be something e... Jim Pingle
07:55 AM Bug #12867: In some cases, incorrect subnet settings prevent static routes from being set correctly after a system restart.: Jim Pingle wrote in #note-1:
> There isn't enough information here. You haven't clearly defined the actual problem o... RUI YUAN
07:53 AM Bug #12867: In some cases, incorrect subnet settings prevent static routes from being set correctly after a system restart.: Jim Pingle wrote in #note-1:
> There isn't enough information here. You haven't clearly defined the actual problem o... RUI YUAN
07:32 AM Bug #12867 (Incomplete): In some cases, incorrect subnet settings prevent static routes from being set correctly after a system restart.: There isn't enough information here. You haven't clearly defined the actual problem or the steps to reproduce it, onl... Jim Pingle
07:28 AM Bug #12867 (Not a Bug): In some cases, incorrect subnet settings prevent static routes from being set correctly after a system restart.: After a simple analysis, it seems that the problem is in the following code range. I suspect it is pfSense_interface_... RUI YUAN
08:10 AM Regression #12862 (Feedback): Some ``sysctl`` OIDs in ``loader.conf.local`` are silently removed: Applied in changeset commit:c2bb95522780cbeffd1bca97c44c673ec7f973f1. Viktor Gurov
07:51 AM Regression #12862: Some ``sysctl`` OIDs in ``loader.conf.local`` are silently removed: > 2. In the case of kern.ipc.nmbclusters the default is too high for low end platforms such as uFW / SG-1100.
> (eg.... Jim Pingle
07:09 AM Regression #12862: Some ``sysctl`` OIDs in ``loader.conf.local`` are silently removed: David Burns wrote:
> 1. Removal of the oid net.link.ifqmaxlen (and resetting it to 128) is particularly problematic ... Viktor Gurov
08:06 AM Bug #12864: Interface mismatch after upgrade to 2.6.0, possibly due to old VLANs: Still, I'd expect if I set up new interface assignments at bootup, and then reboot the router, for pfSense to reboot ... Jernej Simončič
07:22 AM Bug #12864 (Not a Bug): Interface mismatch after upgrade to 2.6.0, possibly due to old VLANs: It's not a bug, it's intended behavior, see #12170
You had leftover configuration in your VLANs that referenced t... Jim Pingle
12:21 AM Bug #12864 (Not a Bug): Interface mismatch after upgrade to 2.6.0, possibly due to old VLANs: I migrated my pfSense config from a different computer around version 2.4.5. The old one had bge and em NICs, and I h... Jernej Simončič
07:34 AM pfSense Packages Todo #12865 (Pull Request Review): RRD Summary improvements: Jim Pingle
03:14 AM pfSense Packages Todo #12865: RRD Summary improvements: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/187 Viktor Gurov
03:01 AM pfSense Packages Todo #12865 (Resolved): RRD Summary improvements: 1) Wrong period, mirror date displayed:... Viktor Gurov
07:18 AM pfSense Packages Feature #12860: add mmc-utils package to all images: We already build @mmc-utils@ for Plus and it can be installed manually from the CLI. Trying to build a GUI around it ... Jim Pingle
06:51 AM Revision 52bdee22: fix issues with updating firewall rules: Trevor Kerr
06:46 AM Regression #12827: High latency and packet loss during a filter reload: Flole Systems wrote in #note-8:
> To add to this: Removing the "set keepcounters" option from /etc/inc/filter.inc see... Michael Novotny
04:08 AM Bug #12857: Firewall gateway goes away when making changes to Bridge0 device: Can't reproduce this on pfSense CE 2.7.0 (2.7.0.a.20220224.0600)
Not tested on 22.01/2.6, but it may be related to h... Viktor Gurov

02/23/2022

07:19 PM Feature #4881: Allow NPt to use dynamic IPv6 networks: And maybe another problem: it seems to me that the states from the firewall are not recognized for NPT-conntections:
... L J
06:35 PM Feature #4881: Allow NPt to use dynamic IPv6 networks: Hi Viktor,
awesome, thank you for this patch. I've trired this on our test system:
From my understanding it is ... L J
06:20 PM Bug #12747: Restarting the logging daemon during rotation also restarts ``sshguard``, leading to frequent log messages: I am seeing this as well. In my case it seems to be every 2 minutes-- quite a lot of log noise! On pfSense 2.6.0.
... Todd Marimon
06:17 PM Regression #12862 (Resolved): Some ``sysctl`` OIDs in ``loader.conf.local`` are silently removed: It is common for advanced pfSense users to make use of FreeBSD /boot/loader.conf.local.
Since release of pfSense C... David Burns
06:08 PM Revision e92dded8: Correct Namecheap username handling. Fixes #12761: Jim Pingle
05:35 PM pfSense Packages Feature #12860: add mmc-utils package to all images: This would be helpful/useful now that ZFS is the new default, and/or for folks who don't realize some packages are "r... Steve Y
04:44 PM pfSense Packages Feature #12860 (New): add mmc-utils package to all images: Both Netgate & 3rd party hardware integrators are increasingly using eMMC components.
SATA (& historically SCSI) d... David Burns
05:31 PM pfSense Docs Correction #12861 (Resolved): pfSense hardware tuning guide references obsolete interface loader variable & buffer limits: Some quick feedback on the online doc @https://docs.netgate.com/pfsense/en/latest/hardware/tune.html@
1. There is... David Burns
04:50 PM Revision 8ddf2b5a: Add option for pw hash algo. Implements #12855: Jim Pingle
04:25 PM Revision 46127218: Namecheap DDNS response parse change. Fixes #12816: If the first attempt to parse the response fails, try again without the
XML declaration. The server may not be sendin... Jim Pingle
04:00 PM Regression #11316: Unbound crashes with signal 11 when reloading: @jimp, this is still an open issue. BBcan177 .
03:13 PM Regression #12827: High latency and packet loss during a filter reload: To add to this: Removing the "set keepcounters" option from /etc/inc/filter.inc seems to fix it. So if someone doesn'... Flole Systems
12:05 PM Regression #12827: High latency and packet loss during a filter reload: The current approach of the code mentioned by Kristof is bad in so many ways: There is a lock and within that lock th... Flole Systems
01:39 AM Regression #12827: High latency and packet loss during a filter reload: I can confirm that any rules roload introduces high latency. Even the shutdown of the sync interface (that as far as ... Fabio Giudici
12:15 PM Bug #12761 (Feedback): Input validation prevents configuring wildcard Dynamic DNS records on Google Domains: Applied in changeset commit:e92dded8cbe2e1eb8037b4156255bd603d82958e. Jim Pingle
12:09 PM Bug #12761: Input validation prevents configuring wildcard Dynamic DNS records on Google Domains: Looks like it was only the Namecheap username that was the problem. The definition in the new code was wrong. I pushe... Jim Pingle
10:30 AM Bug #12761 (New): Input validation prevents configuring wildcard Dynamic DNS records on Google Domains: Something in that commit has broken Namecheap DDNS and likely others. For Namecheap it fails to load the password pro... Jim Pingle
11:51 AM pfSense Packages Feature #12658: Adding prometheus metrics to darkstat: I see that the package made it to FreeBSD version 13:
https://freebsd.pkgs.org/13/freebsd-amd64/darkstat-3.0.721.p... Karim Elatov
11:04 AM Feature #12855: GUI option to select the user password hashing algorithm: This has been merged and will be in snapshots soon.
For those who would like to try it out, even on 22.01/2.6.0, i... Jim Pingle
11:00 AM Feature #12855 (Feedback): GUI option to select the user password hashing algorithm: Applied in changeset commit:8ddf2b5a999772754080825f07acf9b6326f1f04. Jim Pingle
10:35 AM Regression #12816 (Feedback): Namecheap Dynamic DNS responses are not parsed properly: Applied in changeset commit:4612721800a1b25bb1fb2d4d7c4ceea6f44f208e. Jim Pingle
10:27 AM Regression #12816: Namecheap Dynamic DNS responses are not parsed properly: The MR should be good enough for now, I've tested it on a few more Namecheap DDNS entries on multiple systems and it ... Jim Pingle
07:11 AM pfSense Packages Feature #12859 (Resolved): Add Zabbix 6.0 LTS (agent and proxy) packages: New LTS release from zabbix. Please add this new version.
https://www.zabbix.com/rn/rn6.0.0
Zabbix 3.0 is out of ... Pim Janssen
07:08 AM Bug #12858 (Duplicate): OpenVPN bug, close connection error: Duplicate of #12817 Jim Pingle
04:02 AM Bug #12858 (Duplicate): OpenVPN bug, close connection error: Dear, If I try to force and close an OpenVPN Client connection an error will be displayed. This happend in the Dashbo... Marco B
03:45 AM Bug #12831: Typo in in /etc/inc/interfaces.inc line 1107: A few remarks:
- I think this issue could have been detected relatively easy quality check, so a nightly build with ... Louis B

02/22/2022

09:13 PM Bug #12857 (New): Firewall gateway goes away when making changes to Bridge0 device: *PFSense* Plus Version: 22.01-RELEASE
*HW:* Netgate 6100
*BIOS:* CORDOBA-02.01.00.05t
*Summary:* When running PF... Bear Sloan
07:55 PM Bug #12840: Upgrade of openvpn-client-export package after 2.6.0 upgrade failed: I have removed the `openvpn` group, and proceeded to reinstall this package. That succeeded.
I'm continuing to tro... Todd Marimon
11:57 AM Bug #12840: Upgrade of openvpn-client-export package after 2.6.0 upgrade failed: Jim Pingle wrote in #note-1:
> Something must have interrupted your upgrade process. The actual upgrade did not full... Todd Marimon
07:45 AM Bug #12840 (Rejected): Upgrade of openvpn-client-export package after 2.6.0 upgrade failed: Something must have interrupted your upgrade process. The actual upgrade did not fully complete or your system couldn... Jim Pingle
03:34 PM Feature #12855 (Pull Request Review): GUI option to select the user password hashing algorithm: Internal MR for initial testing/review: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/636 Jim Pingle
02:05 PM Feature #12855: GUI option to select the user password hashing algorithm: Jim Pingle wrote:
> Though we could offer a higher number of rounds with SHA512, the number of rounds must be identi... Royce Williams
01:09 PM Feature #12855 (Resolved): GUI option to select the user password hashing algorithm: Different scenarios may call for different types of password hashing so it makes sense to give users the choice rathe... Jim Pingle
02:43 PM Todo #12854: Issue with virtual ips and Sync: The reason we are not using the default pfsense HA design is because you cannot use CARP virtual ip on AWS: https://f... Gerald Jimenez
10:44 AM Todo #12854: Issue with virtual ips and Sync: Gerald Jimenez wrote in #note-2:
> We are not using the virtual ips for HA, for HA we use external solution to redir... Jim Pingle
10:25 AM Todo #12854: Issue with virtual ips and Sync: Jim Pingle wrote in #note-1:
> That is not a valid or supported use case of XMLRPC sync. XMLRPC config sync is inten... Gerald Jimenez
10:11 AM Todo #12854 (Rejected): Issue with virtual ips and Sync: That is not a valid or supported use case of XMLRPC sync. XMLRPC config sync is intended for HA, and that isn't valid... Jim Pingle
09:33 AM Todo #12854 (Rejected): Issue with virtual ips and Sync: I have configured 2 pfsense instances with configuration sync between them. In the primary pfsense instance I added a... Gerald Jimenez
02:22 PM Revision 90f21a78: Fix dynamic IPv6 gateway address resolution. Issue #12847: Viktor Gurov
02:21 PM Revision 53831176: Alias Export description support. Issue #12842: Viktor Gurov
02:16 PM Feature #12856 (Duplicate): New Feature Request: Duplicate of #4591 Jim Pingle
01:19 PM Feature #12856 (Duplicate): New Feature Request: A pfsense technical support person named Ryan recommended I make a feature request on this forum. I am coming from a... Lee Barnes
02:05 PM Bug #12800: Suboptimal Password Hashing: As the original reporter, I'd like to echo Royce's words above and thank you for incorporating this into a feature re... Sam K
02:00 PM Bug #12800: Suboptimal Password Hashing: Really like the discussion here! Thank you @royce for all of your analysis which was very informative. I think giving... → luckman212
01:52 PM Bug #12800: Suboptimal Password Hashing: Sounds like a solid way forward - much appreciated!
I do want to point out that whether or not something is dire, vs... Royce Williams
01:13 PM Bug #12800 (Closed): Suboptimal Password Hashing: Moving this over to a feature request to give the user a choice between bcrypt and SHA-512: #12855
Also changing ... Jim Pingle
12:52 PM Feature #8365 (Pull Request Review): Button to copy rules from one interface to another: Jim Pingle
11:46 AM Feature #8365: Button to copy rules from one interface to another: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/635 Viktor Gurov
10:12 AM Feature #12842 (Feedback): Retain descriptions when exporting and importing aliases: Merged:
https://github.com/pfsense/pfsense/commit/538311766974863760762d7e22b8a3e9a8c53cfa Viktor Gurov
07:50 AM Feature #12842 (Pull Request Review): Retain descriptions when exporting and importing aliases: Jim Pingle
10:12 AM Bug #12829: Dummynet kernel module fails to load after upgrade.: Then your problem is different from the one on this issue. Post on the forum to discuss and diagnose your problem. Jim Pingle
10:11 AM Bug #12829: Dummynet kernel module fails to load after upgrade.: cat /var/log/system.log | grep -i dummy --> empty out Evgeny Korostelev
10:08 AM Bug #12829: Dummynet kernel module fails to load after upgrade.: Jim Pingle wrote in #note-9:
> Do you see the same error in the logs from note 1 above about the dummynet module not... Evgeny Korostelev
10:04 AM Bug #12829: Dummynet kernel module fails to load after upgrade.: Evgeny Korostelev wrote in #note-7:
> I have fresh install 2.6.0 and problem with limiter exists.
>
> The problem ap... Jim Pingle
08:50 AM Bug #12829: Dummynet kernel module fails to load after upgrade.: The problem is not relevant on all pfsense 2.6.0 installations
Some random.
how can i help to find the reason ?
No... Evgeny Korostelev
08:45 AM Bug #12829: Dummynet kernel module fails to load after upgrade.: I have fresh install 2.6.0 and problem with limiter exists.
The problem appeared after the upgrade from 2.5.2 -> 2... Evgeny Korostelev
08:34 AM Bug #12829: Dummynet kernel module fails to load after upgrade.: Lewis Smith wrote in #note-5:
> Thank you for getting back to me. A duplicate issue was posted here: https://redmine... Jim Pingle
08:29 AM Bug #12829: Dummynet kernel module fails to load after upgrade.: Jim Pingle wrote in #note-4:
> I can't reproduce this here on a fresh install or upgrade. Limiters are passing traff... Lewis Smith
07:30 AM Bug #12829 (Feedback): Dummynet kernel module fails to load after upgrade.: I can't reproduce this here on a fresh install or upgrade. Limiters are passing traffic as expected and there are no ... Jim Pingle
10:12 AM Bug #12847 (Feedback): On startup "No routing address with matching address" might appear: Merged:
https://github.com/pfsense/pfsense/commit/90f21a78c81778ccd9150ec0d6789efa19b66702 Viktor Gurov
07:51 AM Bug #12847 (Pull Request Review): On startup "No routing address with matching address" might appear: Jim Pingle
07:48 AM Bug #12847: On startup "No routing address with matching address" might appear: I am also seeing on reloading of the rules @all pool addresses must be in the same address family@, probably related/... Flole Systems
01:12 AM Bug #12847 (Confirmed): On startup "No routing address with matching address" might appear: incorrect dynamic resolution of IPv6 gateway address if IPv6 address is not obtained:... Viktor Gurov
10:07 AM Bug #12835: segfault after certificate issue, trying to update from 21.05.2-RELEASE to 22.01 on Netgate SG-1100: It's a hardware issue, not a bug. And there is already a workaround in 22.01 for it. Jim Pingle
09:52 AM Bug #12835: segfault after certificate issue, trying to update from 21.05.2-RELEASE to 22.01 on Netgate SG-1100: Jim, how is a segfault "not a bug"? Such crashes are sometimes even exploitable. Sean McBride
08:00 AM Bug #12835 (Not a Bug): segfault after certificate issue, trying to update from 21.05.2-RELEASE to 22.01 on Netgate SG-1100: Jim Pingle
02:15 AM Bug #12835: segfault after certificate issue, trying to update from 21.05.2-RELEASE to 22.01 on Netgate SG-1100: Actually, I rebooted with filesystem check and that resolved it and allowed the update to complete. Shaun Currier
01:42 AM Bug #12835: segfault after certificate issue, trying to update from 21.05.2-RELEASE to 22.01 on Netgate SG-1100: Also happening to me on Netgate SG-1100. Error message has the same line numbers and appears identical from a quick ... Shaun Currier
10:06 AM Bug #12833: GUI Service Log Filling Up with Cruft: That is a raw web server log, it's not meant to only show notable events, but every access of the web server. That's ... Jim Pingle
08:52 AM Bug #12833: GUI Service Log Filling Up with Cruft: OK. I'm certainly not an expert and it doesn't seem to be causing problems. But, from my point of view, I guess I'd... David Lessnau
07:54 AM Bug #12833 (Not a Bug): GUI Service Log Filling Up with Cruft: It's doing exactly what it's should be doing and logging every request. It's a security concern. If you have no idea ... Jim Pingle
01:34 AM Bug #12833: GUI Service Log Filling Up with Cruft: we can also use the nginx log filtering feature:... Viktor Gurov
08:47 AM Bug #12851: IPSEC Phase 2 - Different Size of Local Network and NAT Translation Network: Jim Pingle wrote in #note-1:
> The GUI may have allowed you to select it, but it wouldn't have been working properly... Michele D'Alessio
08:18 AM Bug #12851 (Not a Bug): IPSEC Phase 2 - Different Size of Local Network and NAT Translation Network: The GUI may have allowed you to select it, but it wouldn't have been working properly. The subnet sizes must be ident... Jim Pingle
07:49 AM Bug #12851 (Not a Bug): IPSEC Phase 2 - Different Size of Local Network and NAT Translation Network: Inside the section:
VPN / IPsec / Tunnels / Edit Phase 2
If I try to change the local network address, the follo... Michele D'Alessio
08:40 AM Bug #12853: Network Address Translation - Pure NAT pfsense freeze after reboot: Jim Pingle wrote in #note-2:
> That option alone does not cause a problem, there may be something in your ruleset co... Antonio Pesce
08:34 AM Bug #12853: Network Address Translation - Pure NAT pfsense freeze after reboot: Jim Pingle wrote in #note-2:
> That option alone does not cause a problem, there may be something in your ruleset co... Michele D'Alessio
08:25 AM Bug #12853 (Feedback): Network Address Translation - Pure NAT pfsense freeze after reboot: That option alone does not cause a problem, there may be something in your ruleset contributing but as stated there i... Jim Pingle
08:19 AM Bug #12853: Network Address Translation - Pure NAT pfsense freeze after reboot: Michele D'Alessio wrote:
> In the menu "System / Advanced / Firewall & NAT" (as shown in the image attached), if I a... Antonio Pesce
08:11 AM Bug #12853 (Closed): Network Address Translation - Pure NAT pfsense freeze after reboot: In the menu "System / Advanced / Firewall & NAT" (as shown in the image attached), if I apply the following changes t... Michele D'Alessio
08:39 AM pfSense Docs Correction #11998 (Closed): Feedback on Hardware — Hardware Tuning and Troubleshooting: Merged Jim Pingle
08:37 AM Feature #12392 (Feedback): Allow the selection of "any" interface in floating rules: Merged:
https://redmine.pfsense.org/projects/pfsense/repository/1/revisions/8a350814ea5748a5eba445e3a40b278164c3816d... Viktor Gurov
07:48 AM Feature #12392 (Pull Request Review): Allow the selection of "any" interface in floating rules: Jim Pingle
08:27 AM Bug #12850: Console error during boot: ``route: route has not been found``: Jim Pingle wrote in #note-1:
> I've seen this as well, though it appears to be harmless as there are no ill effects ... Michele D'Alessio
08:20 AM Bug #12850: Console error during boot: ``route: route has not been found``: Michele D'Alessio wrote:
> Similar to bug #8497,
>
> during boot, the console logs numerous identical errors:
> ... Antonio Pesce
08:16 AM Bug #12850: Console error during boot: ``route: route has not been found``: I've seen this as well, though it appears to be harmless as there are no ill effects I've noticed. Jim Pingle
07:33 AM Bug #12850 (New): Console error during boot: ``route: route has not been found``: Similar to bug #8497,
during boot, the console logs numerous identical errors:
route: route has not been found
... Michele D'Alessio
08:04 AM Bug #12852 (Rejected): Gateway which is forced as inactive does still trigger filter reloads: I have a flapping gateway at the moment so I have forced it as offline using the checkbox in the gateway options. I a... Flole Systems
07:50 AM Bug #12843 (Not a Bug): Port Forward Source Network Does Accept Alias: Jim Pingle
07:46 AM pfSense Packages Bug #12844 (Pull Request Review): Invalid title link in the apcupsd package dashboard widget: Jim Pingle
07:44 AM Todo #12838 (Rejected): Frontend updates and cleanup: I don't see this getting accepted as is. It is difficult to verify that the content of the files is unmodified compar... Jim Pingle
07:38 AM Bug #12837 (Rejected): ipv6 block Rule is set even after disabling: I can't reproduce this. If the "Allow IPv6" box is checked, the rule in question is not present in the ruleset and is... Jim Pingle
07:35 AM Bug #12836 (Rejected): pfSense ipv6 Only Update not possible: The package servers already have IPv6 addresses and connectivity. There may be a problem with the IPv6 path between y... Jim Pingle
07:27 AM Regression #12827: High latency and packet loss during a filter reload: FYI. This latency also occurs when any rules, traffic shaper, etc. (anything that reloads the rules) are applied/modi... Michael Novotny
06:46 AM Bug #12849 (New): pfsync kernel crash on reboot: pfSense Plus 22.01, Netgate 5100 appliance:... Viktor Gurov
02:01 AM Feature #12848 (New): Evaluation of the DynDNS "Result Match" string: Hi,
first of all - thanks for the great work.
In the DynDNS client you can use "Result Match" to check the succes... Stefan Heck

02/21/2022

11:42 PM Bug #12846 (Duplicate): Illegal tos value for certain diffserv values: Duplicate of #12803 Viktor Gurov
07:42 PM Bug #12846: Illegal tos value for certain diffserv values: Reverting it does not fix the issue, probably the patch for pf is missing. Flole Systems
07:40 PM Bug #12846 (Duplicate): Illegal tos value for certain diffserv values: After upgrading to 2.6.0 I am getting for one of my rules:
@illegal tos value 24 - The line in question reads [704... Flole Systems
09:53 PM pfSense Docs Correction #11998 (Waiting on Merge): Feedback on Hardware — Hardware Tuning and Troubleshooting: Marcos M
09:52 PM pfSense Docs Correction #11998: Feedback on Hardware — Hardware Tuning and Troubleshooting: https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/32
Queue count is set automatically according to vCP... Marcos M
08:24 PM Feature #12392: Allow the selection of "any" interface in floating rules: I hit that php error once on 22.05, but I can't seem to reproduce it now to test the patch.
Edit: I was able to repr... Marcos M
12:58 AM Feature #12392 (New): Allow the selection of "any" interface in floating rules: PHP error after editing rules on a non-floating page:... Viktor Gurov
08:22 PM Bug #12847 (Resolved): On startup "No routing address with matching address" might appear: I have a Gateway group named Main_V6 for IPv6 and after a reboot I am seeing
@no routing address with matching add... Flole Systems
01:21 PM Bug #12678 (Resolved): Applying firewall rule changes does not clear dirty flag for aliases subsystem: Tested and working correctly on... Christopher Cope
10:40 AM pfSense Packages Bug #12845: softflowd wrong vlan tag: similar to #9486 Viktor Gurov
10:13 AM pfSense Packages Bug #12845 (New): softflowd wrong vlan tag: When I try to send information about the vlan through IPFIX or Netflow v9, the vlan tag is incorrectly entered in the... Semyon Poklad
10:33 AM Bug #12833: GUI Service Log Filling Up with Cruft: Currently, pfSense syslog uses the "-c -c" option to disable the compression of repeated instances of the same line ... Viktor Gurov
10:27 AM Bug #12843: Port Forward Source Network Does Accept Alias: You are correct. I can now get it to work. I'm not sure what happened yesterday to prevent it. It may have been that ... Steve Matos
01:12 AM Bug #12843 (Feedback): Port Forward Source Network Does Accept Alias: Unable to reproduce - I can successfully use aliases as a source network address by selecting "Single host or alias"
... Viktor Gurov
10:15 AM Bug #12747: Restarting the logging daemon during rotation also restarts ``sshguard``, leading to frequent log messages: it seems to be related to #12833 Viktor Gurov
10:13 AM Feature #12839 (Rejected): fail2ban: The fail2ban functionality is already implemented in Login Protection (sshguard):
https://docs.netgate.com/pfsense/e... Viktor Gurov
09:30 AM Bug #12831 (Resolved): Typo in in /etc/inc/interfaces.inc line 1107: fixed Viktor Gurov
07:23 AM Bug #12828: pfSense keeps crashing (Fatal trap 12: page fault while in kernel mode): Apparently I can sometimes use the 5GHz when I change the config from 2.4 Ghz to 5Ghz however as soon as I reboot and... hugo s
06:57 AM Revision 8a350814: Fix PHP error on firewall_rules_edit.php. Issue #12392: Viktor Gurov
03:37 AM Regression #12827: High latency and packet loss during a filter reload: I strongly suspect https://github.com/pfsense/FreeBSD-src/commit/a5a03901798c76f1f7c77535a2282a60f54b0ec2 is the main... Kristof Provost
03:03 AM pfSense Packages Bug #12623: acme.sh package | DNS-ISPConfig settings: Still an issue after updating to Acme 0.6.10_1 Morten Trab
01:37 AM Feature #12842: Retain descriptions when exporting and importing aliases: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/633 Viktor Gurov
12:11 AM pfSense Packages Bug #12844: Invalid title link in the apcupsd package dashboard widget: fix:
https://github.com/pfsense/FreeBSD-ports/pull/1110 Viktor Gurov
12:11 AM pfSense Packages Bug #12844 (Resolved): Invalid title link in the apcupsd package dashboard widget: clicking on the widget title results in an error:
https://192.168.1.1/apcupsd.widget.php - 404 not found
Viktor Gurov

02/20/2022

06:16 PM Regression #11545: Primary interface address is not always used when VIPs are present: I also have not seen this post install of 22.01. Denny Page
03:49 PM Bug #12843 (Not a Bug): Port Forward Source Network Does Accept Alias: When creating a new NAT Port Forward (or editing an existing one) and configuring a Source network, the interface wil... Steve Matos
03:45 PM Feature #12842 (Resolved): Retain descriptions when exporting and importing aliases: When using the "Export to File" button when editing an alias under Firewall -> Aliases, only the networks/hosts that ... Steve Matos
11:21 AM Bug #12840 (Rejected): Upgrade of openvpn-client-export package after 2.6.0 upgrade failed: I just upgraded from pfsense 2.5.2 to 2.6.0. Several packages did not auto upgrade (I don't know if they should have)... Todd Marimon
10:47 AM Feature #12839 (Rejected): fail2ban: Ability to protect GUI (192.168.1.1) with fail2ban package Evgeny Litvinov
04:57 AM Todo #12838 (Rejected): Frontend updates and cleanup: Currently, there are a lots of non-minified files (/js/vendor folder), reducing front-end performance. I've minified ... GChuf 6
02:16 AM Bug #12837 (Rejected): ipv6 block Rule is set even after disabling: Good Day,
When disabling ipv6 block rule under System - Advanced - Networking even ipv6 is not possible (without p... Peter Lustig
02:12 AM Bug #12836 (Rejected): pfSense ipv6 Only Update not possible: Good Day,
on pfSense 2.5.2 and also 2.6.0 it seems impossible to get updates by ipv6 connection only. Update and G... Peter Lustig

02/19/2022

09:59 PM Bug #12835: segfault after certificate issue, trying to update from 21.05.2-RELEASE to 22.01 on Netgate SG-1100: Thanks for your reply, I'll give that a try.
But I don't think I can agree with "this isn't a bug with software". ... Sean McBride
09:47 PM Bug #12835: segfault after certificate issue, trying to update from 21.05.2-RELEASE to 22.01 on Netgate SG-1100: This isn't a bug with software, but is an issue with the chip that handles authentication to the repo. If you go to ... Kris Phillips
07:21 PM Bug #12835 (Not a Bug): segfault after certificate issue, trying to update from 21.05.2-RELEASE to 22.01 on Netgate SG-1100: On my Netgate SG-1100 I used the GUI to update from 21.05.2-RELEASE to 22.01. It failed, ending with the following:
... Sean McBride
09:41 PM Regression #11545: Primary interface address is not always used when VIPs are present: I haven't seen this occur at all in 22.01/2.6. Kris Phillips
08:21 PM Regression #12834: Only TCP traffic is passed outbound through IPFW: This doesn't actually appear to be a NAT issue, the NAT pf states are all created as expected.
Rather it appears t... Steve Wheeler
03:56 PM Regression #12834 (Resolved): Only TCP traffic is passed outbound through IPFW: As already described in forum the outbound nat is not working for udp packets since upgrading to 2.6.
https://fo... B P
06:34 PM Bug #12829: Dummynet kernel module fails to load after upgrade.: Have had to downgrade for now as the internet connection can become quite unusable without the queues. Happy to set u... Lewis Smith
07:45 AM Bug #12829: Dummynet kernel module fails to load after upgrade.: I have tried only applying a limiter in the upload direction, as that was a proposed workaround for the 2.5.0 issue, ... Lewis Smith
05:17 PM Bug #12831: Typo in in /etc/inc/interfaces.inc line 1107: Lewis Smith wrote in #note-1:
> Just to confirm, this only appeared after creating a LAGG interface?
I see it's alre... Jason Foley
09:25 AM Bug #12831 (Feedback): Typo in in /etc/inc/interfaces.inc line 1107: Applied in changeset commit:cc920eb3b3ebd37c0a905264518e5cbf836ff55e. Jim Pingle
07:47 AM Bug #12831: Typo in in /etc/inc/interfaces.inc line 1107: Just to confirm, this only appeared after creating a LAGG interface? Lewis Smith
03:24 AM Bug #12831 (Resolved): Typo in in /etc/inc/interfaces.inc line 1107: This typo caused a crash on boot. (attached)
mwexec("/sbin/ifconfig " escapeshellarg($laggif) . " laggproto " . es... Jason Foley
04:54 PM Feature #12392: Allow the selection of "any" interface in floating rules: Any selection is present when creating a floating rule in 22.05.a.20220219.0600, wasn't fully sure how to validate th... Jordan G
03:17 PM Revision cc920eb3: Fix php syntax. Fixes #12831: Jim Pingle
01:37 PM Bug #12833: GUI Service Log Filling Up with Cruft: Sorry. Filling up with nginx messages. Here's a link to the forum thread:
https://forum.netgate.com/topic/170081... David Lessnau
01:31 PM Bug #12833 (Not a Bug): GUI Service Log Filling Up with Cruft: Starting with 2.6.0 (but I've updated to 22.1 and it's still happening), the GUI Service log at:
Status > System L... David Lessnau
12:07 PM Bug #12800: Suboptimal Password Hashing: If this change is for potential compliance purposes, such as FIPS, a good compromise might be:
* Expose a UI eleme... Royce Williams
11:56 AM pfSense Plus Feature #12832 (New): 6100 configurable Blinking Blue LED: The blinking blue like for "normal operation status" feels like an "everything is ok ALARM!!!!"
I'd like to see an... shawn butts
11:25 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: !clipboard-202202191221-tmdxs.png!
Should this really be a low priority?
Seems like improper alias tables could p... → luckman212
08:02 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: I thought this would have been fixed with 2.6. I had to reenable the cron workaround. Oh well. D D
09:28 AM Bug #12830 (Duplicate): Traffic Shaper (Limiters) broken: Duplicate of #12829 Jim Pingle
07:49 AM Bug #12830: Traffic Shaper (Limiters) broken: My hardware configuration is 4 nic
vendor = 'Intel Corporation'
device = 'I211 Gigabit Network Connection'
Evgeny Korostelev
04:55 AM Bug #12830: Traffic Shaper (Limiters) broken: Evgeny Korostelev wrote:
> pfSense CE 2.6.0 Stable
> If the Firewall rule is used Traffic Shaper (Limiters), then t... Mikael 86
04:33 AM Bug #12830: Traffic Shaper (Limiters) broken: Evgeny Korostelev wrote in #note-1:
> After update from CE 2.5.2 to 2.6.0 -> stop working traffic limiters
Duplic... Lewis Smith
03:27 AM Bug #12830: Traffic Shaper (Limiters) broken: After update from CE 2.5.2 to 2.6.0 -> stop working traffic limiters Evgeny Korostelev
01:15 AM Bug #12830 (Closed): Traffic Shaper (Limiters) broken: pfSense CE 2.6.0 Stable
If the Firewall rule is used Traffic Shaper (Limiters), then the traffic stops going. Evgeny Korostelev
04:42 AM Feature #12819: GUI option to configure layers for LACP hash: I am getting a syntax error in interfaces.inc at 1107 on boot up that drops pfsense to login prompt.
Are we missin... Ronald Schellberg

02/18/2022

09:26 PM Bug #12723 (Resolved): Disallow remote gateway of ``0.0.0.0`` for VTI mode: it is not allowed to add 0.0.0.0 as remote GW if there is a VTI as P2 and it is not allowed to add VTI if the ... Alhusein Zawi
08:31 PM Revision 47eecb16: LAGG hashing option. Implements #12819: Viktor Gurov
08:12 PM Bug #12829: Dummynet kernel module fails to load after upgrade.: I get the following errors in the System Logs:
@Feb 19 01:58:37 php 420 rc.bootup: The command '/sbin/kldload d... Lewis Smith
07:52 PM Bug #12829 (Closed): Dummynet kernel module fails to load after upgrade.: pfSense 2.6.0 - Fresh upgrade.
When creating a limiter and assigning it in a floating rule, all traffic stops from... Lewis Smith
04:58 PM Bug #12828 (New): pfSense keeps crashing (Fatal trap 12: page fault while in kernel mode): Description
pfSense 2.6.0 keeps rebooting and crashing after I created more than one wireless interface in 5ghz.
... hugo s
04:27 PM Revision 1ab21051: Revert "Add telegraf back to the build on armv7": Go builds, but telegraf fails with:
/usr/local/go/pkg/tool/freebsd_arm/link: mapping output file failed:
cannot allo... Brad Davis
04:01 PM Revision 27ad5aba: Dynamic NPT support. Implements #4881: Viktor Gurov
03:13 PM Regression #12827: High latency and packet loss during a filter reload: I have replicated this with a generated ruleset between 21.05.2 and 22.01:... Steve Wheeler
02:35 PM Regression #12827 (Resolved): High latency and packet loss during a filter reload: Every 15 minutes I am seeing 2 seconds latency that disrupts VPN, VoIP between sites, video conferencing, etc.
I h... Michael Novotny
02:40 PM Feature #12819 (Feedback): GUI option to configure layers for LACP hash: Applied in changeset commit:47eecb1666078d8183543c13a2bf9c2e77838838. Viktor Gurov
07:57 AM Feature #12819 (Pull Request Review): GUI option to configure layers for LACP hash: Jim Pingle
04:04 AM Feature #12819: GUI option to configure layers for LACP hash: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/630 Viktor Gurov
02:38 PM Bug #12826 (Not a Bug): After update to 2.6.0 OpenVPN status don't show TUN server info in Remote Access mode: Your GUI options and custom options combined are putting OpenVPN into a mode the status doesn't expect and has no way... Jim Pingle
02:13 PM Bug #12826 (Not a Bug): After update to 2.6.0 OpenVPN status don't show TUN server info in Remote Access mode: After update to 2.6.0 OpenVPN status don't show TUN server info in Remote Access mode
Looks like this issue https://... alexey kalachev
02:18 PM Bug #12811: Services are not restarted when PPP interfaces connect: Sadly, after applying those patches, the problem still persists.
Is there any way I could help you to narrow it down? Oskar Stroka
03:36 AM Bug #12811: Services are not restarted when PPP interfaces connect: Oskar Stroka wrote in #note-6:
> Thanks a lot guys :)
> Is there an easy way for me to implement this change?
Y... Viktor Gurov
01:29 AM Bug #12811: Services are not restarted when PPP interfaces connect: Thanks a lot guys :)
Is there an easy way for me to implement this change? Oskar Stroka
12:23 PM Bug #12825 (Duplicate): PHP Fatal error when attempting to kill an established OVPN connection via the dashboard widget: Duplicate of #12817 Jim Pingle
11:13 AM Bug #12825: PHP Fatal error when attempting to kill an established OVPN connection via the dashboard widget: Issue occurred using 22.01 on a 5100. Nick Goehring
11:12 AM Bug #12825 (Duplicate): PHP Fatal error when attempting to kill an established OVPN connection via the dashboard widget: Had an issue this evening when trying to manually kill an OVPN connection via the widget on the dashboard. Widget dis... Nick Goehring
12:13 PM Bug #12781 (Resolved): DNS Resolver help text for **System Domain Local Zone Type** option refers users to ``unbound.conf(5)`` man page instead of pfSense docs: Tested on:... Danilo Zrenjanin
10:47 AM pfSense Packages Bug #12822: IPv4 Source ASN format not working: Thanks for the report.
I think the issue is prefixing the input selection with with "AS" or "as".
The ASN list... BBcan177 .
04:09 AM pfSense Packages Bug #12822 (Confirmed): IPv4 Source ASN format not working: On the new pfSense release 2.6 / 22.01 pfBlockerNG devel (3.1.0_1), the web page hangs when defining ASN with the cho... Danilo Zrenjanin
10:25 AM pfSense Packages Bug #12815 (Resolved): invalid IPv6 ACCEPTFILTER prefix-list: Viktor Gurov
10:18 AM pfSense Packages Bug #12815: invalid IPv6 ACCEPTFILTER prefix-list: Will do when/if i need it, for now I consider the issue resolved =) beermount beermount
10:12 AM pfSense Packages Bug #12815: invalid IPv6 ACCEPTFILTER prefix-list: beermount beermount wrote in #note-9:
> This patch works for me, mainly because it removes the ipv6 protocol lines. ... Viktor Gurov
10:02 AM pfSense Packages Bug #12815: invalid IPv6 ACCEPTFILTER prefix-list: This patch works for me, mainly because it removes the ipv6 protocol lines. The commit does seem to cover if Accept F... beermount beermount
08:27 AM pfSense Packages Bug #12815 (Feedback): invalid IPv6 ACCEPTFILTER prefix-list: Merged:
https://github.com/pfsense/FreeBSD-ports/commit/57918af9a19a9bec4ea8ca080f46c16517eeda7a Viktor Gurov
07:48 AM pfSense Packages Bug #12815 (Pull Request Review): invalid IPv6 ACCEPTFILTER prefix-list: Jim Pingle
10:25 AM Feature #4881 (Feedback): Allow NPt to use dynamic IPv6 networks: Applied in changeset commit:27ad5abafc9040f1745cb7862a11d0f86277385c. Viktor Gurov
10:08 AM pfSense Packages Bug #12820 (Resolved): Global Route Handling should use ipv6 route: Viktor Gurov
09:55 AM pfSense Packages Bug #12820: Global Route Handling should use ipv6 route: Verified frr now produces the expected configuration. beermount beermount
08:27 AM pfSense Packages Bug #12820 (Feedback): Global Route Handling should use ipv6 route: Merged:
https://github.com/pfsense/FreeBSD-ports/commit/1bc9946a6ceb2430bf28d141fd98f20dd46a979a Viktor Gurov
07:49 AM pfSense Packages Bug #12820 (Pull Request Review): Global Route Handling should use ipv6 route: Jim Pingle
06:29 AM Bug #12824 (Rejected): Firewall Alias not working as intended - Stack Trace (2.6.0): Unable to reproduce on pfSense Plus 22.01 and pfSense CE 2.6.0
Please try to reimage the appliance from scratch
... Viktor Gurov
06:19 AM Bug #12824 (Rejected): Firewall Alias not working as intended - Stack Trace (2.6.0): *pfsense version:*
Recent inplace upgrade to 2.6.0-RELEASE
*Architecture:*
Only tested against amd64
*Issue*
... Mark Fenwick
05:39 AM Bug #12823 (New): Multiple DHCP6 WAN connections PPPoE interface 'defached' status: from https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/336:
If Wan is PPPoE and is not default gateway, ... Viktor Gurov
04:39 AM Bug #12810 (Resolved): Sanitize SHA-512 user password hashes in ``status.php`` output: Tested:... Danilo Zrenjanin

02/17/2022

11:58 PM pfSense Packages Bug #12820: Global Route Handling should use ipv6 route: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/185 Viktor Gurov
01:25 PM pfSense Packages Bug #12820 (Resolved): Global Route Handling should use ipv6 route: When adding static routes in Global Settings -> Route Handling. IPv6 routes are added with "ip route" I believe this ... beermount beermount
11:43 PM pfSense Packages Bug #12815: invalid IPv6 ACCEPTFILTER prefix-list: beermount beermount wrote in #note-5:
> Viktor Gurov wrote in #note-4:
> > Merged:
> > https://github.com/pfsense/... Viktor Gurov
02:01 PM pfSense Packages Bug #12815: invalid IPv6 ACCEPTFILTER prefix-list: Viktor Gurov wrote in #note-4:
> Merged:
> https://github.com/pfsense/FreeBSD-ports/commit/a787a92965fb73f4d9625182... beermount beermount
10:00 AM pfSense Packages Bug #12815 (Feedback): invalid IPv6 ACCEPTFILTER prefix-list: Merged:
https://github.com/pfsense/FreeBSD-ports/commit/a787a92965fb73f4d9625182238f79cd960b06c2 Viktor Gurov
07:56 AM pfSense Packages Bug #12815 (Pull Request Review): invalid IPv6 ACCEPTFILTER prefix-list: Jim Pingle
07:04 AM pfSense Packages Bug #12815: invalid IPv6 ACCEPTFILTER prefix-list: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/182 Viktor Gurov
06:41 AM pfSense Packages Bug #12815 (Resolved): invalid IPv6 ACCEPTFILTER prefix-list: frr code does not create correct IPv6 prefix-list for IPv6 ACCEPTFILTER entries and does not have explicit 'permit an... Viktor Gurov
05:45 PM Revision af8d80fa: Add telegraf back to the build on armv7: Now that we are running the builds on newer FreeBSD this should work Brad Davis
05:16 PM Regression #12817: PHP error when terminating OpenVPN sessions via the dashboard widget: Retested again and applied the patch successfully and it fixed the issue, thank you! Yuri Weinstein
03:20 PM Regression #12817: PHP error when terminating OpenVPN sessions via the dashboard widget: Ref: https://github.com/pfsense/pfsense/commit/3ade222beb2cae2c0681ed69d4e5a0c82c6303f9.patch Yuri Weinstein
03:19 PM Regression #12817: PHP error when terminating OpenVPN sessions via the dashboard widget: @Viktor
Thx a million!
But I could not apply it:
Patch Test Output apply:... Yuri Weinstein
12:00 PM Regression #12817: PHP error when terminating OpenVPN sessions via the dashboard widget: Yuri Weinstein wrote in #note-4:
> Viktor Gurov wrote in #note-3:
> > fix:
> > https://gitlab.netgate.com/pfSense/... Viktor Gurov
11:20 AM Regression #12817 (Feedback): PHP error when terminating OpenVPN sessions via the dashboard widget: Applied in changeset commit:3ade222beb2cae2c0681ed69d4e5a0c82c6303f9. Viktor Gurov
10:57 AM Regression #12817 (Pull Request Review): PHP error when terminating OpenVPN sessions via the dashboard widget: Jim Pingle
10:01 AM Regression #12817: PHP error when terminating OpenVPN sessions via the dashboard widget: Viktor Gurov wrote in #note-3:
> fix:
> https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/628
Thx for the ... Yuri Weinstein
09:50 AM Regression #12817: PHP error when terminating OpenVPN sessions via the dashboard widget: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/628 Viktor Gurov
09:21 AM Regression #12817 (Resolved): PHP error when terminating OpenVPN sessions via the dashboard widget: If a user clicks on x next to the session on the OpenVPN dashboard widget as here
!clipboard-202202170719-kvzt7.pn... Yuri Weinstein
05:14 PM Revision 3ade222b: Update OpenVPN widget to support client halt function. Fixes #12817: Viktor Gurov
04:55 PM Revision dd3d48af: Multiple DHCP6 WAN connections. Fixes #6880: Viktor Gurov
04:41 PM Revision 4ebb9c8d: Recover SSH Keys option in the installer. Implements #12809: Viktor Gurov
04:41 PM Revision c467ca2f: Restart services on PPP client connect. Fixes #12811: Viktor Gurov
04:40 PM Revision 961f240c: Use random_bytes() to generate salt for SHA512 password hashing. Fixes #12801: Viktor Gurov
04:39 PM Revision c7dd3673: Sanitize SHA512 hashed passwords from status_output. Fixes #12810: Viktor Gurov
04:38 PM Revision 2a9ee4d2: Merge pull request #4555 from zacwest/dnsimple-v6: Viktor Gurov
04:37 PM Revision f2ae911a: Merge pull request #4554 from lmcquade/master: Viktor Gurov
04:37 PM Revision 35731eb2: Merge pull request #4549 from hpeters/master: Viktor Gurov
04:35 PM Regression #12821: Intel e1000 driver (``em``, ``igb``) cannot pass packets tagged with VLAN ``0``: Steve Wheeler wrote in #note-3:
> It looks likely that bug would cause this since it requires VLAN 0. That's fixed h... Hayden Hill
04:31 PM Regression #12821: Intel e1000 driver (``em``, ``igb``) cannot pass packets tagged with VLAN ``0``: It looks likely that bug would cause this since it requires VLAN 0. That's fixed here but isn't yet in the dev branch... Steve Wheeler
03:22 PM Regression #12821: Intel e1000 driver (``em``, ``igb``) cannot pass packets tagged with VLAN ``0``: User @lnxsrt over on GitHub may have found the related FreeBSD Bug. https://bugs.freebsd.org/bugzilla/show_bug.cgi?id... Hayden Hill
02:16 PM Regression #12821: Intel e1000 driver (``em``, ``igb``) cannot pass packets tagged with VLAN ``0``: Also, some related discussion towards the end of this post https://forum.netgate.com/topic/99190/att-uverse-rg-bypass... Hayden Hill
02:11 PM Regression #12821 (Resolved): Intel e1000 driver (``em``, ``igb``) cannot pass packets tagged with VLAN ``0``: Hello!
There are a few of us that have noticed a possible issue with the igb driver in the latest pfSense releases... Hayden Hill
03:45 PM Bug #12771: Automatic filter reload with OpenVPN client gateway uplink happens too soon or not at all: Thanks! Seems like it's all working properly with the patches applied. Jon8RFC .
03:20 PM Todo #12624 (Resolved): Reorganize UPnP options: Jim Pingle
03:10 PM Todo #12624: Reorganize UPnP options: Tested on... Christopher Cope
02:41 PM Bug #12710 (Resolved): Disabling DHCP Server RRD statistics does not work: Tested and working successfully on ... Christopher Cope
02:24 PM Bug #8882: Interface assignments lost on reboot: Jaime Geiger wrote:
> I'm running pfsense in AWS and I'm trying to route out of xn1 (second interface) instead of xn0... Aaron Gilbert
11:15 AM Bug #6880 (Feedback): Multiple DHCP6 WAN connections leads to multiple dhcp6c clients: Applied in changeset commit:dd3d48af87c892a070210f0064e589157868e7c2. Viktor Gurov
11:05 AM Bug #12003 (Feedback): Pie and ``fq_pie`` are missing options and do not handle floating point number input correctly: Merged:
https://github.com/pfsense/pfsense/commit/35731eb2415ba160e5c41be816aaae227e8fb370
Thank You! Viktor Gurov
11:04 AM Feature #12744 (Feedback): IPv6 support for DNSimple Dynamic DNS: Merged:
https://github.com/pfsense/pfsense/commit/2a9ee4d2b5cc472df867ed96f88a95e84d646e41
Thank You! Viktor Gurov
11:04 AM Bug #12721 (Feedback): IPv6 gateway group using link local addresses incorrectly logs a gateway change because it not including interface scope properly: Merged:
https://github.com/pfsense/pfsense/commit/f2ae911a6b1e986e1b729a38a2b83a03b57efecd
Thank You! Viktor Gurov
10:57 AM Feature #12809: Recover existing SSH keys during installation: also: https://github.com/pfsense/FreeBSD-src/commit/3202a3afac1c5632f9be7898f257801c55f30e9a Viktor Gurov
10:50 AM Feature #12809 (Feedback): Recover existing SSH keys during installation: Applied in changeset commit:4ebb9c8d9f9799cb82593bed675e428accc1c63d. Viktor Gurov
07:49 AM Feature #12809 (Pull Request Review): Recover existing SSH keys during installation: Jim Pingle
10:50 AM Bug #12811 (Feedback): Services are not restarted when PPP interfaces connect: Applied in changeset commit:c467ca2f35c102aae897424a2fda08e9b2ace673. Viktor Gurov
07:52 AM Bug #12811 (Pull Request Review): Services are not restarted when PPP interfaces connect: Jim Pingle
01:27 AM Bug #12811: Services are not restarted when PPP interfaces connect: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/625 Viktor Gurov
01:21 AM Bug #12811: Services are not restarted when PPP interfaces connect: Related to #11570
similar issue with OpenVPN - #12771 Viktor Gurov
10:50 AM Bug #12801 (Feedback): User password hashes pseudo-random number generator may return insecure salt value: Applied in changeset commit:961f240c18f8421b0a28ee192ffa041e754e8f8e. Viktor Gurov
07:54 AM Bug #12801 (Pull Request Review): User password hashes pseudo-random number generator may return insecure salt value: Jim Pingle
04:28 AM Bug #12801: User password hashes pseudo-random number generator may return insecure salt value: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/626 Viktor Gurov
10:45 AM Bug #12810 (Feedback): Sanitize SHA-512 user password hashes in ``status.php`` output: Applied in changeset commit:c7dd367324cf1cdc5fe518482515f0605471c702. Viktor Gurov
10:38 AM Feature #12819 (Resolved): GUI option to configure layers for LACP hash: Currently when creating an LACP LAG interface it gets created with the hashing "lacp lagghash l2,l3,l4" not all switc... Mat Clarke
10:01 AM pfSense Packages Bug #12818 (Resolved): IP block logging not working: On the new pfSense release 2.6 / 22.01 pfBlockerNG isn't logging.
The developer has released a patch below
https:... Christopher Cope
09:17 AM Regression #12816: Namecheap Dynamic DNS responses are not parsed properly: MR for the above change, but only use it if we can't come up with a better solution:
https://gitlab.netgate.com/pf... Jim Pingle
09:14 AM Regression #12816 (Resolved): Namecheap Dynamic DNS responses are not parsed properly: Namecheap dynamic DNS updates are succeeding on the server side but the dynamic DNS code can't interpret the response... Jim Pingle
08:24 AM pfSense Packages Bug #12475: OpenVPN Client Export does not show certificate without private key: This change has caused yet another problem with exporting certificates from server_tls_user mode.
Two things I not... Jonathan Herlin
07:56 AM pfSense Packages Bug #12814 (Pull Request Review): OpenVPN Client Import does not populate 'remote_cert_tls' option: Jim Pingle
06:01 AM pfSense Packages Bug #12814: OpenVPN Client Import does not populate 'remote_cert_tls' option: fix:
https://gitlab.netgate.com/pfSense/factory-ports/-/merge_requests/48 Viktor Gurov
05:50 AM pfSense Packages Bug #12814 (Resolved): OpenVPN Client Import does not populate 'remote_cert_tls' option: https://redmine.pfsense.org/issues/11865 introduced 'remote_cert_tls' option,
and if the imported .ovpn file contain... Viktor Gurov
07:52 AM Feature #12813: Recover extra data in the installer: We may run into problems trying to do this much. There is limited room on the RAM disk that is available for recovery... Jim Pingle
12:35 AM Feature #12813 (New): Recover extra data in the installer: In addition to #12809, it would be nice to recover extra data from an existing installation
This would make reinstal... Viktor Gurov
07:40 AM Bug #12803 (Feedback): Error loading ruleset due to illegal TOS value: Applied in changeset commit:b7b78ea1b14555972efaf7e6c47e48709ad1c199. Jim Pingle
01:02 AM Feature #10395: Add Dashboard System Information support for more PC Engines APU boards: We have a growing selection of these boards (together with Netgate hardware). Any chance of a generic fix in the next... David Burns
12:36 AM Bug #12691 (Feedback): Support encrypted ``config.xml`` files when restoring during install: Merged:
https://github.com/pfsense/FreeBSD-src/commit/e0653a3050d4e6bb2d21723fbe01e0df3cc25425 Viktor Gurov

02/16/2022

07:08 PM Feature #12807: Clear Active Secondary WAN Connections: @jimp here's an 11+ year old one that's at least mildly related: https://redmine.pfsense.org/issues/855 → luckman212
07:30 AM Feature #12807: Clear Active Secondary WAN Connections: I thought there was already an open Redmine for this exactly but I can't find it at the moment.
This will likely t... Jim Pingle
06:09 AM Feature #12807: Clear Active Secondary WAN Connections: Adam Di Vizio wrote in #note-3:
> On version 2.5.2 release, the only check box option I have available is:
>
> Fl... Viktor Gurov
05:39 AM Feature #12807: Clear Active Secondary WAN Connections: On version 2.5.2 release, the only check box option I have available is:
Flush all states when a gateway goes down... Adam Di Vizio
03:28 AM Feature #12807: Clear Active Secondary WAN Connections: The "State Killing on Gateway Failure" option on the System / Advanced / Miscellaneous should be changed to the follo... Viktor Gurov
03:22 AM Feature #12807: Clear Active Secondary WAN Connections: looks like a duplicate of #11556 Viktor Gurov
06:09 PM pfSense Packages Feature #12812 (New): Would it be helpful if the FreeBSD net-mgmt/arpwatch port had an option to use mail/dma for mail delivery?: Currently arpwatch under pfsense uses a php script to emulate /usr/sbin/sendmail. If I added a port option to use mai... Craig Leres
01:56 PM Revision b7b78ea1: Remove quotes from TOS values. Fixes #12803: The quotes are no longer required by pf.
See also: #4302 Jim Pingle
01:17 PM Bug #12811 (Resolved): Services are not restarted when PPP interfaces connect: Hi there, I've got a Gateway Group containing my WAN (VDSL with PPPoE) on Tier 1 and my 2nd WAN (LTE Modem) on Tier 2... Oskar Stroka
11:52 AM Feature #12809: Recover existing SSH keys during installation: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/624
https://gitlab.netgate.com/pfSense/FreeBSD-src/-/m... Viktor Gurov
07:44 AM Feature #12809 (Resolved): Recover existing SSH keys during installation: It would be nice if the installer had a way to recover the SSH host keys off the drive the same way it handles the "R... Jim Pingle
09:40 AM Bug #12810 (Pull Request Review): Sanitize SHA-512 user password hashes in ``status.php`` output: Jim Pingle
08:54 AM Bug #12810: Sanitize SHA-512 user password hashes in ``status.php`` output: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/623 Viktor Gurov
08:40 AM Bug #12810 (Resolved): Sanitize SHA-512 user password hashes in ``status.php`` output: config-sanitized.xml sample:... Viktor Gurov
09:28 AM pfSense Packages Bug #12808: Wireguard Gateways disabled when Wireguard Service is Manually Restarted: I'm not able to reproduce this either. Can you post some redacted screenshots of your exact configuration? Christian McDonald
08:55 AM pfSense Packages Bug #12808: Wireguard Gateways disabled when Wireguard Service is Manually Restarted: was testing done with multiple WG gateway groups like in aforementioned setup? Just FYI, WG tunnels had monitor IPs t... RED SKULL
08:51 AM pfSense Packages Bug #12808 (Feedback): Wireguard Gateways disabled when Wireguard Service is Manually Restarted: Viktor Gurov
08:51 AM pfSense Packages Bug #12808: Wireguard Gateways disabled when Wireguard Service is Manually Restarted: Unable to reproduce -
wireguard gateways works as expected after:
1) Restarting the Wireguard service on the Status... Viktor Gurov
04:46 AM pfSense Packages Bug #12808: Wireguard Gateways disabled when Wireguard Service is Manually Restarted: This issue specifically occurs on PfSense 2.6 CE final release.
Once gateways are manually re-enabled, you can see t... RED SKULL
04:45 AM pfSense Packages Bug #12808 (Resolved): Wireguard Gateways disabled when Wireguard Service is Manually Restarted: If the wireguard service is manually restarted at any time after boot, Wireguard gateways are automatically disabled ... RED SKULL
08:32 AM pfSense Packages Bug #12802 (Feedback): OpenVPN client imported using Client Import works until first time editing and saving settings (SHA1 replaced with SHA256): Merged
fixed in OpenVPN Client Export 1.0 Viktor Gurov
07:21 AM pfSense Packages Bug #12802 (Pull Request Review): OpenVPN client imported using Client Import works until first time editing and saving settings (SHA1 replaced with SHA256): MR: https://gitlab.netgate.com/pfSense/factory-ports/-/merge_requests/47 Jim Pingle
12:54 AM pfSense Packages Bug #12802: OpenVPN client imported using Client Import works until first time editing and saving settings (SHA1 replaced with SHA256): from man openvpn(5):... Viktor Gurov
07:58 AM Bug #12803 (Pull Request Review): Error loading ruleset due to illegal TOS value: Changing the config.xml from @<dcsp>@ to @<tos>@ didn't fix the rule, it made the filter rule generation skip the val... Jim Pingle
12:31 AM Bug #12803: Error loading ruleset due to illegal TOS value: Related to https://github.com/pfsense/pfsense/commit/3d259e5e9457bc7e9d5b654366f839eaa2d52369 Viktor Gurov
06:51 AM pfSense Packages Bug #12758 (Resolved): Route Handling Subnet field Input check: Tested on:... Danilo Zrenjanin
06:39 AM Bug #12319 (Resolved): NAT reflection does not work for IPv6 port forwarding rules when configured for NAT+Proxy mode: Tested:... Danilo Zrenjanin
06:23 AM Bug #12775 (Resolved): NTP service is not listed on ``status_services.php`` unless ``config.xml`` contains NTP configuration data: Tested:... Danilo Zrenjanin

02/15/2022

10:57 PM Feature #12807 (Duplicate): Clear Active Secondary WAN Connections: Hello There,
There are many people who may have a secondary WAN connection that is utilized on a wireless pay as g... Adam Di Vizio
08:15 PM pfSense Packages Bug #12802: OpenVPN client imported using Client Import works until first time editing and saving settings (SHA1 replaced with SHA256): Jim Pingle wrote in #note-1:
> Without seeing the configuration you imported it's hard to say what might have happene... cromo cromo
02:43 PM pfSense Packages Bug #12802: OpenVPN client imported using Client Import works until first time editing and saving settings (SHA1 replaced with SHA256): If you go to Diagnostics > Backup/Restore on the Config History tab and do a diff on the config entries before/after ... Jim Pingle
01:34 PM pfSense Packages Bug #12802 (Resolved): OpenVPN client imported using Client Import works until first time editing and saving settings (SHA1 replaced with SHA256): _*Disclaimer: You don't have a "OpenVPN Client Importer" category in your tracker, so I used OpenVPN Client Export*_
... cromo cromo
05:43 PM Revision dd92362d: Add support for multiple sites for syncing packages to: Brad Davis
05:26 PM pfSense Packages Todo #12806 (Closed): Update node_exporter to 1.3.1: Sorry if this isn't the right place to ask. I wasn't sure if pfSense published package updates separate from their ba... Logan Marchione
05:15 PM Bug #12800: Suboptimal Password Hashing: Steve's benchmark information is more representative of real-world attack than the earlier examples, because GPU atta... Royce Williams
12:57 PM Bug #12800: Suboptimal Password Hashing: sha512crypt introduces a DoS because it runs in O(pwLen^2+pwLen*cost) time. On a i5-6500, a 14000 character password ... Steve Thomas
08:01 AM Bug #12800: Suboptimal Password Hashing: Gaige Lama wrote in #note-1:
> It's using CRYPT_SHA512 instead of plain SHA512 which has a default of 5000 rounds.... Sam K
03:37 AM Bug #12800: Suboptimal Password Hashing: Sam Kirkman wrote:
> This bug relates to Todo #10298: https://redmine.pfsense.org/issues/10298
>
> The default passw... Gaige Lama
02:42 AM Bug #12800 (Closed): Suboptimal Password Hashing: This bug relates to Todo #10298: https://redmine.pfsense.org/issues/10298
The default password hashing algorithm h... Sam K
05:10 PM pfSense Docs New Content #12805 (New): Add documentation about what triggers a notfication: I just setup notifications in pfSense and can't find any documentation on the page below to show what sort of actions... Logan Marchione
04:59 PM pfSense Docs New Content #12804 (Closed): Add documentation for Slack notifications: I saw in the issue below that support for notifications via Slack was added to 2.6.0.
https://redmine.pfsense.org/... Logan Marchione
04:00 PM Revision 50ef7d15: Oops, add missing underscore preventing the expansion from working: Brad Davis
03:21 PM Revision af7b55fc: Check each host in PKG_RSYNC_HOSTS to make sure it is set before a build: Brad Davis
02:59 PM Revision 038705c0: Fix for the missing variable check in cafd9f976f4a0eae5ef46fec85510e8a846754bb: Brad Davis
02:45 PM Bug #12803 (Resolved): Error loading ruleset due to illegal TOS value: I updated my Pfsense CE installation from 2.5.2 to 2.6.0 today. After the update I was getting errors showing that t... Michael Berry
02:20 PM Revision 468cd92b: Fallback to package \"name\" during package reinstall on restore. Fixes #12766: Viktor Gurov
02:19 PM Revision 324bff64: Restart services on OpenVPN client connect. Fixes #12771: Viktor Gurov
02:19 PM Revision 72860882: DDNS edit page refactor + DigitalOcean and Google Domains wildcard support. Issues #12752 #12761: Viktor Gurov
02:18 PM Revision f976cb6a: Password prompt on encrypted ECL config.xml. Feature #12685: Viktor Gurov
02:12 PM Revision e18a693e: Remove the reference unbound.conf(5) from the DNS Resolver page. Issue #12781: Viktor Gurov
01:01 PM Bug #12797: UPnP+STUN forms invalid outbound NAT rules using the external address discovered from STUN: For inbound connections (@rdr@), STUN is working and a client can open and successfully test a port with a private WA... Jim Pingle
12:07 PM Bug #12796 (Feedback): 2.5.2 -> 2.6.0 upgrade segfaults if certain packages are installed.: I merged the above fix. We can re-test this after the next package sets get built. Jim Pingle
11:28 AM Bug #12801: User password hashes pseudo-random number generator may return insecure salt value: That is likely the better choice overall. Jim Pingle
11:23 AM Bug #12801: User password hashes pseudo-random number generator may return insecure salt value: Jim Pingle wrote in #note-1:
> That second command needs to be a variable -- it's not a flag telling it to use a sec... Viktor Gurov
11:14 AM Bug #12801: User password hashes pseudo-random number generator may return insecure salt value: That second parameter needs to be a variable -- it's not a flag telling it to use a secure method, it's a variable wh... Jim Pingle
10:30 AM Bug #12801 (Resolved): User password hashes pseudo-random number generator may return insecure salt value: https://github.com/pfsense/pfsense/blob/master/src/etc/inc/auth.inc#L819:... Viktor Gurov
10:55 AM Bug #12771: Automatic filter reload with OpenVPN client gateway uplink happens too soon or not at all: to test this fix you need to install the system patches pkg:
https://docs.netgate.com/pfsense/en/latest/development/... Viktor Gurov
10:19 AM Bug #12771: Automatic filter reload with OpenVPN client gateway uplink happens too soon or not at all: I can't say "fixed" for this issue since I have new problems in 2.6.0, so I can't give it a solid test. I also don't... Jon8RFC .
08:25 AM Bug #12771 (Feedback): Automatic filter reload with OpenVPN client gateway uplink happens too soon or not at all: Applied in changeset commit:324bff6498bbd8e04d735195348d8b78b3e9a4a8. Viktor Gurov
07:58 AM Bug #12771 (Pull Request Review): Automatic filter reload with OpenVPN client gateway uplink happens too soon or not at all: Jim Pingle
02:08 AM Bug #12771: Automatic filter reload with OpenVPN client gateway uplink happens too soon or not at all: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/616 Viktor Gurov
10:48 AM pfSense Packages Feature #12718 (Feedback): add igc(4) to the list of INLINE mode (iflib/netmap) supported cards: Merged:
https://github.com/pfsense/FreeBSD-ports/commit/e2470a23ca412103588c3c969d843311e0ef522a Viktor Gurov
10:47 AM pfSense Packages Feature #12719 (Feedback): add igc(4) to the list of INLINE mode (iflib/netmap) supported cards: Merged:
https://github.com/pfsense/FreeBSD-ports/commit/eaec5586b141176f90836135899eac5fb95e6013 Viktor Gurov
10:47 AM pfSense Packages Bug #12739 (Feedback): Passlist generates invalid Virtual IP subnets: Merged:
https://github.com/pfsense/FreeBSD-ports/commit/fec9c89964c53672bc930479209a8fdb24beeff9 Viktor Gurov
10:47 AM pfSense Packages Bug #12683 (Feedback): snort_get_vpns_list() does not include OpenVPN CSO: Merged:
https://github.com/pfsense/FreeBSD-ports/commit/bf49577abfb4dac2d3bd73e0371ded9341ce1b93 Viktor Gurov
09:55 AM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: Also there is a new forum thread for general feedback on this issue:
https://forum.netgate.com/topic/169837/upnp-f... Jim Pingle
09:54 AM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: For those who still have issues, please start a new forum thread in the "gaming category of the forum":https://forum.... Jim Pingle
08:42 AM Feature #12752 (Feedback): Support wildcard Dynamic DNS records on DigitalOcean: Merged:
https://github.com/pfsense/pfsense/commit/728608824e8fa11acadaac35e46b0d7e2a865870 Viktor Gurov
08:01 AM Feature #12752 (Pull Request Review): Support wildcard Dynamic DNS records on DigitalOcean: Jim Pingle
07:15 AM Feature #12752: Support wildcard Dynamic DNS records on DigitalOcean: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/617 Viktor Gurov
08:41 AM Bug #12761 (Feedback): Input validation prevents configuring wildcard Dynamic DNS records on Google Domains: Merged:
https://github.com/pfsense/pfsense/commit/728608824e8fa11acadaac35e46b0d7e2a865870 Viktor Gurov
08:01 AM Bug #12761 (Pull Request Review): Input validation prevents configuring wildcard Dynamic DNS records on Google Domains: Jim Pingle
07:14 AM Bug #12761: Input validation prevents configuring wildcard Dynamic DNS records on Google Domains: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/617 Viktor Gurov
08:30 AM Feature #12685 (Feedback): Support encrypted ``config.xml`` files when restoring via ECL: Merged Viktor Gurov
08:30 AM Bug #12766 (Feedback): Packages with custom ``internal_name`` values do not reinstall properly when restoring a backup: Applied in changeset commit:468cd92bfaf77a326d5221dd9fd65328e15b297a. Viktor Gurov
07:56 AM Bug #12766 (Pull Request Review): Packages with custom ``internal_name`` values do not reinstall properly when restoring a backup: Jim Pingle
08:30 AM Bug #12781 (Feedback): DNS Resolver help text for **System Domain Local Zone Type** option refers users to ``unbound.conf(5)`` man page instead of pfSense docs: Merged Viktor Gurov
07:57 AM Bug #12781 (Pull Request Review): DNS Resolver help text for **System Domain Local Zone Type** option refers users to ``unbound.conf(5)`` man page instead of pfSense docs: Jim Pingle
01:44 AM Bug #12781: DNS Resolver help text for **System Domain Local Zone Type** option refers users to ``unbound.conf(5)`` man page instead of pfSense docs: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/615 Viktor Gurov
08:15 AM Revision 13720b18: Start/stop PPPoE interface on parent interface events. Fixes #12633: Viktor Gurov
08:03 AM Feature #2505: Toggle button to disable/enable multiple firewall rules: Awesome, thank you! Jon8RFC .
07:17 AM Revision af3320b2: Allow the selection of "any" interface in floating rules. Implements #12392: Viktor Gurov
06:33 AM Revision dc6a9ddc: SNMP service restart improvements. Fixes #12611: Viktor Gurov
06:31 AM Revision 1098cb94: IGMP Proxy service improvements. Fixes #12609: Viktor Gurov
03:18 AM pfSense Packages Feature #11931 (New): Add support for validating a domain's ownership via Google Cloud Cloud DNS: Viktor Gurov
03:10 AM pfSense Packages Feature #11931 (Duplicate): Add support for validating a domain's ownership via Google Cloud Cloud DNS: see also #9200 Viktor Gurov
03:16 AM pfSense Packages Todo #9200: Add DNS support for Google domain to Acme manager: Kyle Klouzal wrote in #note-6:
> Google DNS is different from Google Domains. +1 for Google Domain support here..
se... Viktor Gurov
03:10 AM pfSense Packages Bug #12799 (Duplicate): Missing ACME DNS Providers: Duplicate of #11931 Viktor Gurov
03:00 AM pfSense Packages Feature #12795: Add *.pfsense.org and *.netgate.com to the default DNSBL whitelist: https://github.com/pfsense/FreeBSD-ports/pull/1143 Viktor Gurov
02:25 AM Bug #12633 (Feedback): Gateway monitoring should mark gateway as "offline" on PPPoE parent interface disconnect: Applied in changeset commit:13720b183efaf5697454978db93a5b4815227149. Viktor Gurov
02:15 AM Todo #12093 (Feedback): Make AutoConfigBackup menu entry point to the settings tab so it loads faster when there is no WAN connectivity: Merged Viktor Gurov
02:15 AM Feature #12741 (Feedback): Eliminate duplicate shell commands from history file: Merged Viktor Gurov
02:14 AM Feature #12724 (Feedback): Notify user if AutoConfigBackup is unable to successfully upload a backup: Merged Viktor Gurov
02:14 AM Feature #2456 (Feedback): Option to choose default tab in IPsec status Dashboard widget: Merged Viktor Gurov
01:25 AM Feature #12392 (Feedback): Allow the selection of "any" interface in floating rules: Applied in changeset commit:af3320b2d52f0296e3977e652de2b290c98bbf66. Viktor Gurov
12:40 AM Bug #12611 (Feedback): SNMP daemon is restarted during every ``rc.newwanip`` event: Applied in changeset commit:dc6a9ddcfaa25dda8928d4b2bdc72a117fec3315. Viktor Gurov
12:40 AM Bug #12609 (Feedback): IGMP Proxy server is restarted during every ``rc.newwanip`` event: Applied in changeset commit:1098cb94070574a98a44b4ab160e2a4d1785925a. Viktor Gurov

02/14/2022

09:31 PM pfSense Packages Bug #12799 (Duplicate): Missing ACME DNS Providers: Looking through the source I noticed there is support for some DNS providers that don't appear in the UI.
For exam... Robert Accettura
09:00 PM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: No fix here.
playing COLD WAR or VANGURD. Both PC players. Applied the patch and restarted pfsense box. Shows open ... Michael Clews
05:05 PM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: This patch worked on our configuration here as well.
UPnP seems to be fully functioning now. Thank you!!
Polar Nerd
08:45 AM Feature #7727 (Feedback): uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: Applied in changeset commit:3b50f7656967fbb4daa869a7ae6d18bc5ab6eec3. Jim Pingle
07:57 PM Revision cafd9f97: Add support for multiple sites for syncing packages to: Each site must be defined in the PKG_RSYNC_HOSTS variable and then a
PKG_RSYNC_HOSTNAME_$site must be defined as the ... Brad Davis
07:24 PM Revision ec73bb89: Always restart gateway monitoring and services on interface UP/START event. Fixes #11570: Viktor Gurov
07:22 PM Revision c04144d1: Clear aliases,filter,shaper and natconf flags on filter_configure(). Fixes #12678: Viktor Gurov
07:09 PM Revision 6ac625e8: DNS Resolver restart improvements. Fixes #12612: Viktor Gurov
06:43 PM Revision 95d74811: Remove unused add_hostname_to_watch() from ipsec_setup_gwifs(). Issue #12645: Viktor Gurov
06:32 PM Revision 9bb98111: Restart OpenVPN on interface change. Fixes #11864: Viktor Gurov
06:29 PM Revision 8cd6e269: Fix full path to executable files. Issue #11941: Viktor Gurov
06:28 PM Revision 1ac61672: Disallow 0.0.0.0 and :: as a VTI remote gateway. Issue #12723: Viktor Gurov
06:27 PM Revision 52f152e1: Keep command line history WebGUI option. Implements #12675: Viktor Gurov
06:26 PM Revision c80e6c14: GoDaddy DDNS wildcard support. Fixes #12750: Viktor Gurov
04:37 PM Revision 15713a56: Optimize openvpn_resync_all(). Fixes #12628: Viktor Gurov
04:34 PM Revision de739376: Delete static default route if default gateway is NONE. Fixes #12536 #11692: Viktor Gurov
04:33 PM Revision abc7b305: CARP status check for RADVD with link-local address. Fixes #12582: Viktor Gurov
04:31 PM Revision a3361005: Remove link-local scope from IPv6 addresses in filter_nat_rules_generate_if(). Fixes #11984: Viktor Gurov
04:28 PM Revision ae9e5dde: GleSYS DDNS return code check fix. Issue #12672: Viktor Gurov
04:28 PM Revision ac2ec545: Build net/udpbroadcastrelay. Feature #10818: Viktor Gurov
04:25 PM Revision fd5c12bc: Add IPv6 scope to DHCP6 link-local routes. Fixes #11764: Viktor Gurov
04:23 PM Revision 033c65a4: Fix Custom(v6) requestif on STF interface with Force IPv4 DNS Resolution option. Issue #12590: Viktor Gurov
04:22 PM Revision 0c5cf0df: Skip out-of-range entries on DHCP6 service start. Fixes #12527: Viktor Gurov
04:20 PM Revision 9ca90ee8: Generate unbound ACLs for OpenVPN CSO. Fixes #12636: Viktor Gurov
04:16 PM Revision ac624cf6: Reorganize UPnP options. Todo #12624: Viktor Gurov
04:13 PM Revision 5e53a7b5: Initialize $cmp with an empty array. Fixes #12749: Viktor Gurov
04:12 PM Revision 5e3d0f78: IPSec widget default tab option. Feature #2456: Viktor Gurov
04:12 PM Revision 770a7c5d: ACB notify improvements. Feature #12724: Viktor Gurov
04:11 PM Revision e5677880: Fix disabling dhcpd rrd stats. Issue #12710: Viktor Gurov
04:09 PM Revision 5c1d04af: Static IPv6 route delete fix. Issue #12728: Viktor Gurov
04:09 PM Revision 44c59448: Change ACB main link to services_acb_backup.php. Todo #12093: Viktor Gurov
04:07 PM Revision b979719f: Update Static Route and OpenVPN alias name when the alias is renamed. Fixes #12727: Viktor Gurov
04:07 PM Revision 8cb0120e: Only request copyright file is ews.netgate.com is resolvable. Issue #12141: Viktor Gurov
04:06 PM Revision b5360f49: Use http_build_query() for Google Domains DDNS post data. Fixes #12754: Viktor Gurov
04:04 PM Revision 60f533b7: Reorganize CARP status page. Todo #12701: Viktor Gurov
04:03 PM Revision 85c26953: Eliminate duplicate shell commands from history file. Feature #12741: Viktor Gurov
04:03 PM Revision 0fe9c7bb: Convert OpenVPN Tunnel Network to correct format on save. Issue #11416: Viktor Gurov
04:00 PM Revision 7e288965: Button to toggle selected firewall rules. Implements #2505: Viktor Gurov
03:58 PM Revision e638072c: Display interface interrupts. Fixes #12735: Viktor Gurov
03:58 PM Revision a9aba1ff: Firewall logs widget fixes. Issue #6253: Viktor Gurov
03:57 PM Revision 21cd4a8b: Make ACB columns sortable. Implements #12773: Viktor Gurov
03:57 PM Revision 7e38cc2c: L2TP/PPTP values reset fix. Fixes #12780: Viktor Gurov
03:55 PM Revision 9aa56194: Check system default setting for NAT+Proxy mode in Port Forward input validation. Issue #12319: Viktor Gurov
03:54 PM Revision 5462da2a: Add OpenVPN CSO to Automatic Outbound NAT. Fixes #12792: Viktor Gurov
03:01 PM Regression #11570: Gateway monitoring services is not always restarted on interface events, which may prevent a WAN from recovering back to an online state: Did this make it into 2.6 / 22.01 or do we need to use System Patches to get it? - *edit* nevermind, I see it's targe... → luckman212
01:35 PM Regression #11570 (Feedback): Gateway monitoring services is not always restarted on interface events, which may prevent a WAN from recovering back to an online state: Applied in changeset commit:ec73bb89489d830ec21c4e04ffa3ec401791b55d. Viktor Gurov
02:38 PM Revision 5dcaa2af: Correct NTP service status logic. Fixes #12775: Jim Pingle
02:38 PM Revision 3b50f765: Add UPnP NAT anchors before NAT rules. Fixes #7727: Jim Pingle
02:28 PM Bug #12613 (Feedback): DNS Resolver does not restart during link up/down events on a static IP address interface: should be fixed in #11570 Viktor Gurov
01:49 PM Bug #12798: Web UI allows IP Aliases and 1:1 NAT to share IP on same interface - ends in routing issues: It's possible it's specifically related to your use of a non-local gateway (which is not a typical use case) and not ... Jim Pingle
01:44 PM Bug #12798: Web UI allows IP Aliases and 1:1 NAT to share IP on same interface - ends in routing issues: This isn't a request for support... I've already specified what the symptoms are, the cause and how to fix it. :)
... Paul Parkin
01:00 PM Bug #12798 (Not a Bug): Web UI allows IP Aliases and 1:1 NAT to share IP on same interface - ends in routing issues: I have a few systems here with that kind of configuration and none have the problems you describe, and that is a very... Jim Pingle
12:35 PM Bug #12798: Web UI allows IP Aliases and 1:1 NAT to share IP on same interface - ends in routing issues: This is also an issue in 2.5.2, but I hadn't figured out what caused the issue until today having upgraded to 2.6/22.01. Paul Parkin
12:34 PM Bug #12798 (Not a Bug): Web UI allows IP Aliases and 1:1 NAT to share IP on same interface - ends in routing issues: I've found an issue where if you configure an IP Alias and use that same external IP for a static (1:1) NAT then issu... Paul Parkin
01:30 PM Bug #12678 (Feedback): Applying firewall rule changes does not clear dirty flag for aliases subsystem: Applied in changeset commit:c04144d193bbd6583a5000e409ec4692729bc89e. Viktor Gurov
01:20 PM Bug #12612 (Feedback): DNS Resolver is restarted during every ``rc.newwanip`` event even for interfaces not used in the resolver: Applied in changeset commit:6ac625e8af602df3e70f41f17bd60631cd50e86a. Viktor Gurov
01:09 PM Bug #12797: UPnP+STUN forms invalid outbound NAT rules using the external address discovered from STUN: This may be the same issue already being discussed in this forum thread: https://forum.netgate.com/topic/169773/miniu... Jim Pingle
12:32 PM Bug #12797 (New): UPnP+STUN forms invalid outbound NAT rules using the external address discovered from STUN: With the new release of 22.01 pfSense should be able to use Mini-UPnP, even if it is behind another router as an expo... Bob Dig
12:40 PM Bug #12723 (Feedback): Disallow remote gateway of ``0.0.0.0`` for VTI mode: Merged Viktor Gurov
12:40 PM Bug #11864 (Feedback): OpenVPN stays bound to previous IP address after interface changes: Applied in changeset commit:9bb98111d2e216462e67abbc7513e4204ad7123e. Viktor Gurov
12:40 PM Bug #11941 (Feedback): Many ``exec()`` functions do not use full path to executable files: Merged Viktor Gurov
12:35 PM Feature #12675 (Feedback): Move command line history to a GUI option stored in ``config.xml`` rather than a manual flag file: Applied in changeset commit:52f152e19ad847b8a3b95a1721ce685d637ded9a. Viktor Gurov
12:35 PM Bug #12750 (Feedback): Input validation prevents configuring wildcard Dynamic DNS records on GoDaddy: Applied in changeset commit:c80e6c148af81af4e0126a3ca4d3585fef9fcefc. Viktor Gurov
12:33 PM Revision 663bf0d5: Rework package repos for 2.6.0-RELEASE: Renato Botelho
12:23 PM Bug #6253 (Feedback): Firewall log widget action icon features stop working when new log entries are added dynamically: Merged Viktor Gurov
12:23 PM Bug #11416 (Feedback): OpenVPN IPv4 Tunnel Network incorrectly allows hostnames: Merged Viktor Gurov
12:22 PM Bug #12319 (Feedback): NAT reflection does not work for IPv6 port forwarding rules when configured for NAT+Proxy mode: Merged Viktor Gurov
12:22 PM Bug #12728 (Feedback): Cannot remove IPv6 static routes: Merged Viktor Gurov
12:13 PM Bug #12796: 2.5.2 -> 2.6.0 upgrade segfaults if certain packages are installed.: Possible fix (if the lack of MOVED entry is contributing): https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_r... Jim Pingle
10:50 AM Bug #12796 (Confirmed): 2.5.2 -> 2.6.0 upgrade segfaults if certain packages are installed.: If a 2.5.2 install has zabbix-agent52 installed and tries to upgrade to 2.6.0 from console or GUI it will segfault.
... M Felden
11:26 AM Bug #12590 (Feedback): Dynamic DNS custom IPv6 service fails on 6rd tunnels: Merged Viktor Gurov
11:25 AM Todo #12624 (Feedback): Reorganize UPnP options: Merged Viktor Gurov
11:25 AM Bug #12710 (Feedback): Disabling DHCP Server RRD statistics does not work: Merged Viktor Gurov
11:24 AM Bug #12672 (Feedback): GleSYS Dynamic DNS responses are not parsed properly: Merged Viktor Gurov
10:45 AM Bug #12628 (Feedback): OpenVPN re-synchronization also synchronizes override entries unnecessarily in some cases: Applied in changeset commit:15713a56871e7f000002c98217b289a447d4b472. Viktor Gurov
10:40 AM Bug #11692 (Feedback): ``fixup_default_gateway()`` should not remove a default gateway managed by a dynamic routing daemon: Applied in changeset commit:de7393765b213e376a90e7d6631363fb6640e400. Viktor Gurov
10:40 AM Bug #12536 (Feedback): Setting a default gateway of "None" does not remove the default gateway from the routing table: Applied in changeset commit:de7393765b213e376a90e7d6631363fb6640e400. Viktor Gurov
10:40 AM Regression #12582 (Feedback): RADVD can be started on both HA nodes when configured with an IPv6 link-local address: Applied in changeset commit:abc7b3056fafb57e8941103f2565b5b113edd177. Viktor Gurov
10:40 AM Bug #11984 (Feedback): Automatic Outbound NAT mode can create incorrect rules in some cases: Applied in changeset commit:a336100560f4dcd556a03234a08588f60dd04550. Viktor Gurov
10:39 AM pfSense Packages Bug #12777 (Feedback): STunnel writes config.xml on each start: Merged to devel:
https://github.com/pfsense/FreeBSD-ports/commit/f27121710f8e501abe88e18bd3d59093b7b8d99b Viktor Gurov
10:39 AM pfSense Packages Bug #12772 (Feedback): Syslog-ng writes config.xml on each start: Merged to devel:
https://github.com/pfsense/FreeBSD-ports/commit/b3ed6fd6dfff4033f72b23894f9d700cb21ff08e Viktor Gurov
10:39 AM pfSense Packages Bug #12765 (Feedback): AutoConfigBackup should ignore Lightsquid/lightparser cron changes: Merged to devel:
https://github.com/pfsense/FreeBSD-ports/commit/f8656656e3971935fb69f09813574f4aa2fd0537 Viktor Gurov
10:38 AM pfSense Packages Bug #12758 (Feedback): Route Handling Subnet field Input check: Merged to devel:
https://github.com/pfsense/FreeBSD-ports/commit/d9e9265677cc33267a889452ef3bd6e8ac5dd960 Viktor Gurov
10:38 AM pfSense Packages Bug #11686: FRR generated ACCEPTFILTER permit statement broken: Merged to devel:
https://github.com/pfsense/FreeBSD-ports/commit/220928e87798109137caee263c4cb60338298576 Viktor Gurov
03:07 AM pfSense Packages Bug #11686 (Resolved): FRR generated ACCEPTFILTER permit statement broken: Tested on 22.01-RELEASE (built on Mon Feb 07 16:37:59 UTC 2022) with patch applied.
I see correct ACL sequence now... Azamat Khakimyanov
10:36 AM Bug #12141 (Feedback): Lack of DNS or Internet connectivity causes GUI to be slow: Merged:
https://github.com/pfsense/pfsense/commit/8cb0120e0207a14ca303c7258567f4df835f904b Viktor Gurov
09:59 AM Bug #12141 (Pull Request Review): Lack of DNS or Internet connectivity causes GUI to be slow: Jim Pingle
10:35 AM Bug #11764 (Feedback): IPv6 link local gateway default status not indicated in GUI: Applied in changeset commit:fd5c12bceb2e958ef6d0305be61587c457aecb7d. Viktor Gurov
10:30 AM Bug #12527 (Feedback): DHCPv6 server does not skip interfaces configured with invalid ranges: Applied in changeset commit:0c5cf0df3e2cba772482ad2ee5739725bd33e76f. Viktor Gurov
10:30 AM Feature #12636 (Feedback): Automatically create DNS Resolver ACLs for OpenVPN CSO entries: Applied in changeset commit:9ca90ee8b52c350bb41cabb0b496e7793ace88d2. Viktor Gurov
10:20 AM Bug #12749 (Feedback): Uninitialized array in ``array_remove_duplicates()``: Applied in changeset commit:5e53a7b57d1dfb4da98b1119dd2dd2eda50f2587. Viktor Gurov
10:15 AM Bug #12727 (Feedback): Renaming an alias does not update the alias names in static routes and OpenVPN instances: Applied in changeset commit:b979719fb69df26161302f889dc56d92021d3646. Viktor Gurov
10:15 AM Bug #12754 (Feedback): Google Domains Dynamic DNS responses are not parsed properly: Applied in changeset commit:b5360f49fb3c1fdc36ebf13c20b68d4ff1e15fe6. Viktor Gurov
10:10 AM Feature #2505 (Feedback): Toggle button to disable/enable multiple firewall rules: Applied in changeset commit:7e2889650a9eab525dc300185ec4a596e8c123b4. Viktor Gurov
10:05 AM Bug #12735 (Feedback): Interface status "Total Interrupts" display is non-functional: Applied in changeset commit:e638072cf258c60f069058f67e842bdd0bf353a4. Viktor Gurov
10:05 AM Feature #12773 (Feedback): Ability to sort AutoConfigBackup entries: Applied in changeset commit:21cd4a8ba143673f622313df4092be5b5b96cda6. Viktor Gurov
10:05 AM Bug #12780 (Feedback): L2TP/PPTP interface assignment page loses some values after input validation error: Applied in changeset commit:7e38cc2c736f6250991c1f6f043162bbf17aba65. Viktor Gurov
10:05 AM Bug #12792 (Feedback): Automatic Outbound NAT rules do not include OpenVPN CSO entries: Applied in changeset commit:5462da2a3e3e2a7a04d2efec66a66820145f7808. Viktor Gurov
09:23 AM Bug #12792 (Pull Request Review): Automatic Outbound NAT rules do not include OpenVPN CSO entries: Jim Pingle
05:41 AM Bug #12792: Automatic Outbound NAT rules do not include OpenVPN CSO entries: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/612 Viktor Gurov
04:35 AM Bug #12792 (Resolved): Automatic Outbound NAT rules do not include OpenVPN CSO entries: @filter_nat_rules_automatic_tonathosts()@ generate NAT rules only for OpenVPN Client and Server tunnel networks:
htt... Viktor Gurov
09:37 AM pfSense Packages Feature #12795 (Resolved): Add *.pfsense.org and *.netgate.com to the default DNSBL whitelist: To prevent blocking the system update/pkg install if for some reason these domains are in DNSBL feeds Viktor Gurov
09:24 AM Bug #12794 (Pull Request Review): Link-local address does not reset after removing MAC address spoofing: Jim Pingle
09:17 AM Bug #12794: Link-local address does not reset after removing MAC address spoofing: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/613 Viktor Gurov
06:48 AM Bug #12794 (Resolved): Link-local address does not reset after removing MAC address spoofing: How to reproduce:
1) Check the link-local address on the interface:... Viktor Gurov
09:20 AM pfSense Packages Feature #12789: Show expiration date of certificates in the ACME package list: The GUI shows the expiration date in the cert manager but the ACME package always shows the last renewal time which i... Jim Pingle
09:18 AM Bug #12790: Link-Local IPv6 address on WAN with MAC spoofing changes if there is an IP Alias on WAN: should be fixed with https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/613 Viktor Gurov
09:14 AM Bug #12788 (Rejected): pfSense keeps crashing (Fatal trap 12: page fault while in kernel mode): You might try again on 2.6.0 but that is likely a problem with that specific card or chipset and its VAP support, or ... Jim Pingle
09:10 AM pfSense Docs Correction #12783 (Closed): Feedback on Backup and Recovery --- Using the AutoConfigBackup Service: Fix committed Jim Pingle
08:45 AM Bug #12775 (Feedback): NTP service is not listed on ``status_services.php`` unless ``config.xml`` contains NTP configuration data: Applied in changeset commit:5dcaa2af2b23a953157b075ac1c05b2658b2b22a. Jim Pingle
07:20 AM pfSense Packages Bug #11836: FRR ACCEPTFILTER shows out of order prefix-list: It looks to me like, with the patch, the "seq xx" numbering has been corrected so that the "permit any" is always the... Matthew D
06:11 AM pfSense Packages Bug #11836 (Assigned): FRR ACCEPTFILTER shows out of order prefix-list: Tested on 22.01-RELEASE (built on Mon Feb 07 16:37:59 UTC 2022) with patch from Bug #11686 applied.
I still see th... Azamat Khakimyanov
07:09 AM Bug #12725 (Closed): Potential XSS in ``pkg.php`` via ``pkg_filter``: Jim Pingle
07:09 AM Regression #12699 (Closed): ldap_get_groups() must return an array value: Jim Pingle
07:09 AM Bug #12677 (Closed): OpenVPN form validation issues: Jim Pingle
07:09 AM Regression #12631 (Closed): Dynamic DNS may not use the correct interface when updating during failover: Jim Pingle
07:09 AM Regression #12617 (Closed): Dynamic DNS client updates using a private IP address when it cannot determine the public IP address: Jim Pingle
07:09 AM Bug #12589 (Closed): Dynamic DNS updates do not respect certificate authority trust store: Jim Pingle
07:09 AM Bug #12566 (Closed): IPsec initiates on HA backup node when a tunnel interface is set to a gateway group: Jim Pingle
07:09 AM Feature #12518 (Closed): Restore RRD and extra data from configuration backups when restoring during installation: Jim Pingle
07:09 AM Bug #12500 (Closed): Automatic outbound NAT for reflection does not support IPv6: Jim Pingle
07:09 AM Bug #12481 (Closed): Temporary files for firewall rules generated from RADIUS ACL entries are not deleted on unclean shutdown: Jim Pingle
07:09 AM Bug #12355 (Closed): Captive Portal database and ``ipfw`` rules are out of sync after unclean shutdown: Jim Pingle
07:09 AM Bug #12282 (Closed): Default IPv4 gateway may be set to IPv6 gateway value in certain cases: Jim Pingle
07:09 AM Bug #12164 (Closed): IPv6 policy routing does not work if an IPsec tunnel phase 2 remote network is configured for ``::/0``: Jim Pingle
07:09 AM Bug #11905 (Closed): DHCPv4 server configuration does not include ARM TFTP filenames: Jim Pingle
07:09 AM Bug #11894 (Closed): Vouchers may expire too early when using RAM disks: Jim Pingle
07:09 AM Bug #11829 (Closed): OpenVPN client certificate validation with OCSP always fails: Jim Pingle
07:09 AM Feature #11659 (Closed): Support for UEFI HTTP Boot option in DHCPv4 Server: Jim Pingle
07:09 AM Regression #11512 (Closed): DHCP Leases page and ARP table page fail to load if DNS is not available: Jim Pingle
07:09 AM Regression #11447 (Closed): EAP-RADIUS Mobile IPsec clients with RADIUS-assigned addresses do not get additional configuration attributes: Jim Pingle
07:09 AM Bug #7801 (Closed): UDP fragments received over IPsec tunnel are not properly reassembled and forwarded: Jim Pingle
07:09 AM Feature #7416 (Closed): DHCPv4 client does not support ``supersede`` statement for option 54: Jim Pingle
07:09 AM Bug #6507 (Closed): GRE and GIF tunnels on dynamic IPv6 interface are not brought up during boot: Jim Pingle
05:29 AM Bug #12793 (Closed): Automatic Outbound NAT rules does not include Static Routes entries with aliases: get_staticroutes() correctly returns expanded aliases Viktor Gurov
04:40 AM Bug #12793 (Closed): Automatic Outbound NAT rules does not include Static Routes entries with aliases: @filter_nat_rules_automatic_tonathosts()@ only does not parse static routes with aliases:
https://github.com/pfsense... Viktor Gurov
04:36 AM Bug #12543 (Feedback): Deleteing a Outbound NAT rule gave me an empty rule and displayed php error in UI.: Viktor Gurov

02/13/2022

08:49 PM pfSense Docs New Content #12791: Diagnostic Information for Support (pfSense): https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/30 Marcos M
05:56 PM pfSense Docs New Content #12791 (Resolved): Diagnostic Information for Support (pfSense): Similar to the TNSR documentation page (https://docs.netgate.com/tnsr/en/latest/troubleshooting/diagnostics.html), it... Marcos M
06:13 AM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: T S wrote in #note-82:
> Just to make sure, you need "static port" outbound nat rules, for this to work? I applied th... Jon8RFC .
04:25 AM Bug #12790 (Resolved): Link-Local IPv6 address on WAN with MAC spoofing changes if there is an IP Alias on WAN: Created based on https://forum.netgate.com/topic/169727/link-local-address-behavior-when-spoofing-wan-interface-mac-a... Azamat Khakimyanov

02/09/2022

11:17 PM Bug #8179: Incorrect reverse DNS zone in DHCP server config for non-octet-aligned subnet mask: OMG for 4 years they cannot add custom block to DHCP config. Unbelievable level of support! Vyacheslav Kononenko
10:29 PM Bug #12779 (Duplicate): Bogus domain generated for reverse DDNS when network mask is custom (not 24 16 or 8): Duplicate of #8179 Jim Pingle
06:43 PM Bug #12779 (New): Bogus domain generated for reverse DDNS when network mask is custom (not 24 16 or 8): I have network with 192.168.100.0/23 which would include hosts from 192.168.100 and 192.168.101. In such configuratio... Vyacheslav Kononenko
05:52 PM pfSense Packages Feature #10818: UDP Broadcast Relay: Hello Viktor Gurov, is there any ETA for this package to be merged into pfSense? It seems the GitLab linked does not ... James M
04:43 PM pfSense Packages Feature #12329: Add optional floating firewall rules for IPv4 and IPv6: Offstage Roller wrote in #note-1:
> Update to the original description, the destination for IPv4 would be better if ... Alan Wilson
03:19 PM Regression #12745 (Resolved): AutoConfigBackup does not delete temporary encrypted configuration files from ``/tmp``: Tested on... Christopher Cope
02:55 PM Bug #12778 (Rejected): OpenVPN Widget doesn't show logged in users: Logged-in users are correctly displayed on the dashboard here. There isn't nearly enough information to determine why... Jim Pingle
02:52 PM Bug #12778 (Rejected): OpenVPN Widget doesn't show logged in users: Version: 2.6.0-RC (amd64) built on Mon Jan 24 18:44:12 UTC 2022
Expected behaviour:
Users logged into VPN are sh... Peter Pain
12:26 PM pfSense Packages Bug #12777 (Resolved): STunnel writes config.xml on each start: This can flood ACB:... Viktor Gurov
12:09 PM Feature #12776 (Duplicate): Allow Multiple Subnets for DHCP Server: Duplicate of #2323 and some overlap with #2774
Jim Pingle
11:59 AM Feature #12776 (Duplicate): Allow Multiple Subnets for DHCP Server: Customer requested feature:
To be able to have pfSense handle multiple subnets on the same interface for the DHCP ... Kris Phillips
10:49 AM Bug #12774: Picture widget image is not saved in backup: But we can only backup image data if the "Include extra data" option is checked. Viktor Gurov
10:17 AM Bug #12774: Picture widget image is not saved in backup: That was an intentional change. See commit:1f0bbb13abd34ad06aa9272516b13a5c17a1dc08
Maybe we could suppress the pi... Jim Pingle
10:03 AM Bug #12774 (New): Picture widget image is not saved in backup: After restoring from a backup, the dashboard "picture widget" image is blank Viktor Gurov
10:43 AM pfSense Plus Bug #12759: Proprietary packages link to non-existant or non-public github pages: The other issue isn't really related. They are two distinct problems that wouldn't have a common solution.
This on... Jim Pingle
10:19 AM pfSense Plus Bug #12759: Proprietary packages link to non-existant or non-public github pages: Viktor Gurov wrote in #note-1:
> See also #9755
I understand Jim's comments on that redmine, but it seems since w... Kris Phillips
10:15 AM Bug #12775 (Pull Request Review): NTP service is not listed on ``status_services.php`` unless ``config.xml`` contains NTP configuration data: MR: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/607 Jim Pingle
10:14 AM Bug #12775 (Resolved): NTP service is not listed on ``status_services.php`` unless ``config.xml`` contains NTP configuration data: The NTP service is active by default and is running even on a fresh installation before the user configures NTP, whic... Jim Pingle
09:59 AM Feature #12773 (Pull Request Review): Ability to sort AutoConfigBackup entries: Jim Pingle
09:57 AM Feature #12773: Ability to sort AutoConfigBackup entries: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/606 Viktor Gurov
09:55 AM Feature #12773 (Closed): Ability to sort AutoConfigBackup entries: It would be useful to allow ACB columns to be sorted to quickly check the latest/first backup. Viktor Gurov
09:34 AM pfSense Packages Bug #12772 (Pull Request Review): Syslog-ng writes config.xml on each start: Jim Pingle
09:30 AM pfSense Packages Bug #12772: Syslog-ng writes config.xml on each start: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/179 Viktor Gurov
08:20 AM pfSense Packages Bug #12772 (Resolved): Syslog-ng writes config.xml on each start: This can flood ACB:... Viktor Gurov
07:46 AM Bug #12771: Automatic filter reload with OpenVPN client gateway uplink happens too soon or not at all: after merging https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/516
`/usr/bin/touch /tmp/${1}_upstart4 (up... Viktor Gurov
02:31 AM Bug #12771 (Resolved): Automatic filter reload with OpenVPN client gateway uplink happens too soon or not at all: Not sure if this is strictly an OpenVPN client gateway issue or a gateway up/down issue in other scenarios as well, r... Jon8RFC .
07:46 AM Bug #12735 (Pull Request Review): Interface status "Total Interrupts" display is non-functional: Jim Pingle
07:18 AM Bug #12735: Interface status "Total Interrupts" display is non-functional: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/605 Viktor Gurov
07:36 AM Feature #2505 (Pull Request Review): Toggle button to disable/enable multiple firewall rules: The link is internal and only available to Netgate developers, the changes will be visible in the public repository a... Jim Pingle
04:23 AM Feature #2505: Toggle button to disable/enable multiple firewall rules: Viktor Gurov wrote in #note-5:
> https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/604
not working link Ameelien Niko
04:20 AM Feature #2505: Toggle button to disable/enable multiple firewall rules: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/604 Viktor Gurov
01:19 AM Feature #2505: Toggle button to disable/enable multiple firewall rules: This would be excellent!
I guess when it needs to be done, people just resign themselves to "I'll just do them all... Jon8RFC .
07:34 AM Todo #12701 (Pull Request Review): Reorganize CARP status page: Jim Pingle
04:00 AM Todo #12701: Reorganize CARP status page: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/603 Viktor Gurov
02:01 AM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: Fixed for me. Thank you! Jon8RFC .

02/08/2022

09:16 PM Bug #12754: Google Domains Dynamic DNS responses are not parsed properly: Thank you for this. I edited my /etc/inc/dyndns.class file with your code snippet and that resolved my same issue. Dakota Hourie
04:02 PM pfSense Packages Bug #11836: FRR ACCEPTFILTER shows out of order prefix-list: Regarding ACCEPTFILTER, you can test the patch here listed on #11686 Marcos M
04:01 PM pfSense Packages Bug #11686: FRR generated ACCEPTFILTER permit statement broken: This can be applied using the System Patches package. Marcos M
12:59 PM Bug #8100: pfsync Initially Deletes States on Primary for Connections Established through Secondary: See #12702 Viktor Gurov
12:56 PM pfSense Packages Todo #11574 (Duplicate): Add "nobind" to exported OpenVPN configurations by default: Duplicate of #11575 Viktor Gurov
10:50 AM Feature #7727 (Pull Request Review): uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: MR: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/602
Diff for those wanting to test using the "Syst... Jim Pingle
10:48 AM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: Found a potential issue with the order of outbound NAT rule processing that seems to indicate that the new outbound N... Jim Pingle
07:35 AM pfSense Packages Bug #12758 (Pull Request Review): Route Handling Subnet field Input check: Jim Pingle
04:16 AM pfSense Packages Bug #12758: Route Handling Subnet field Input check: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/178 Viktor Gurov
07:32 AM Bug #11416 (Pull Request Review): OpenVPN IPv4 Tunnel Network incorrectly allows hostnames: Jim Pingle
07:25 AM Bug #11416: OpenVPN IPv4 Tunnel Network incorrectly allows hostnames: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/601 Viktor Gurov

02/07/2022

07:43 PM pfSense Docs Todo #12770: Feedback on Firewall — Configuring firewall rules: Example text:
> Using @Invert Match@ on macros such as @LAN net@ can lead to undesired rule behavior when the interfa... Marcos M
07:25 PM pfSense Docs Todo #12770 (Resolved): Feedback on Firewall — Configuring firewall rules: *Page:* https://docs.netgate.com/pfsense/en/latest/firewall/configure.html
*Feedback:*
After the @Selecting Inver... Marcos M
02:45 PM Bug #12769 (Resolved): ZFS installations without an RTC battery boot with clock at BIOS/EFI default value because they do not receive initial clock value from filesystem data: Already fixed and covered by NG 7447 but adding here so it goes in the release notes.
Systems without an RTC batte... Jim Pingle
02:18 PM Bug #6799: Negating ``<interface> net`` when a VIP exists on the interface results in unintended behavior: I was able to reproduce this on 22.01 when using macros, but not when using aliases. Regarding pfBlockerNG, the VIP d... Marcos M
02:13 PM pfSense Packages Bug #12742 (Pull Request Review): freeRADIUS virtual-server-default: modules dailycounter, monthlycounter, noresetcounter, expire_on_login in authorize section prevent virtual server from loading: Christopher Cope
12:51 PM Bug #12766: Packages with custom ``internal_name`` values do not reinstall properly when restoring a backup: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/600 Viktor Gurov
12:20 PM Bug #12766: Packages with custom ``internal_name`` values do not reinstall properly when restoring a backup: + same issue with BIND package:... Viktor Gurov
11:51 AM Bug #12766: Packages with custom ``internal_name`` values do not reinstall properly when restoring a backup: I think this may be because @internal_name@ in the package tags is set to @radiusd@ though I can't recall why that is... Jim Pingle
11:26 AM Bug #12766 (Resolved): Packages with custom ``internal_name`` values do not reinstall properly when restoring a backup: After restoring pfSense 2.7 (2.7.0.a.20220207.0600) from the backup:... Viktor Gurov
12:39 PM pfSense Packages Bug #12403 (Resolved): WireGuard tunnel and peer edit pages do not prevent browser auto-fill: Fixed in 0.1.6:
https://github.com/pfsense/FreeBSD-ports/commit/49a79c01aa50cbf3da4dd28eca8b9d8e563e67e7#diff-384b8b... Viktor Gurov
12:24 PM Bug #12763: VTI gateway status stuck as "pending" after reboot: OK, that is likely because it doesn't have sufficient information to setup the interface at at that exact moment when... Jim Pingle
12:17 PM Bug #12763 (New): VTI gateway status stuck as "pending" after reboot: Thanks for looking. I traced it down to using an FQDN (issue) vs IP (no issue) for the remote gateway. When using FQD... Marcos M
08:24 AM Bug #12763 (Feedback): VTI gateway status stuck as "pending" after reboot: I can't reproduce this here. My VTI gateways with monitoring enabled are up at boot on 22.01/2.6.0.
More informati... Jim Pingle
11:45 AM Feature #12768 (Rejected): pfSense-repo: Make sure default config file exists: pfSense-repo port create an empty file with .default extension pointing to default repository config file. Add some ... Renato Botelho
11:28 AM pfSense Packages Bug #12767 (New): ```Package radavahi-daemon does does not exist in current pfSense version and it has been removed``` message on pfSense 2.7 restore: After restoring pfSense 2.7 (2.7.0.a.20220207.0600) from the backup:... Viktor Gurov
11:21 AM Todo #12762: Clarify that the IPsec keep alive check option ignores Child SA Start Action: Ok, edited my previous comment. Marcos M
11:11 AM Todo #12762: Clarify that the IPsec keep alive check option ignores Child SA Start Action: "Does not send traffic inside the tunnel" is a key fact about how this feature operates and differentiates it from th... Jim Pingle
11:06 AM Todo #12762: Clarify that the IPsec keep alive check option ignores Child SA Start Action: It caught me off-guard during testing, so I agree there should at least be some warning text on the option regardless... Marcos M
08:21 AM Todo #12762: Clarify that the IPsec keep alive check option ignores Child SA Start Action: That is somewhat by design. It's doing exactly what the user configured it to do, and it's not the same behavior as l... Jim Pingle
04:39 AM Todo #12762: Clarify that the IPsec keep alive check option ignores Child SA Start Action: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/599 Viktor Gurov
10:57 AM pfSense Packages Bug #11686 (Pull Request Review): FRR generated ACCEPTFILTER permit statement broken: Jim Pingle
10:54 AM pfSense Packages Bug #11686: FRR generated ACCEPTFILTER permit statement broken: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/177 Viktor Gurov
10:50 AM pfSense Packages Feature #11798 (Duplicate): HA Sync for FRR config: Duplicate of #9141 Viktor Gurov
10:36 AM pfSense Packages Bug #12765 (Pull Request Review): AutoConfigBackup should ignore Lightsquid/lightparser cron changes: Jim Pingle
10:21 AM pfSense Packages Bug #12765: AutoConfigBackup should ignore Lightsquid/lightparser cron changes: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/176 Viktor Gurov
05:55 AM pfSense Packages Bug #12765 (Resolved): AutoConfigBackup should ignore Lightsquid/lightparser cron changes: Dear,
I went to check the "Auto Configuration Backup" and I came across a serious problem that can cause the loss ... Marcelo Gondim
08:04 AM Bug #12757 (Pull Request Review): Clean up use of ``pfctl -F`` in ``/etc/inc/filter.inc``: Jim Pingle
05:41 AM Bug #12764 (New): VTI gateway status is pending after assigning the VTI interface: How to reproduce:
1) Configure IPsec VTI
2) Assign the VTI interface
3) Check the Status / Gateways page - it show... Viktor Gurov
03:50 AM Todo #12243: Implement ```plugin_interfaces()```: see also https://redmine.pfsense.org/issues/12760 Viktor Gurov
03:50 AM pfSense Packages Bug #12760: Link-local addresses disallowed on Wireguard interfaces: It's not possible on the Interface Assignments page, but you can configure the link-local address on the WireGuard / ... Viktor Gurov
03:19 AM pfSense Packages Bug #11461 (Resolved): zeek package - Web Interface does not display any log content Package/Zeek/Alerts/Real Time Inspection: Viktor Gurov
03:16 AM pfSense Plus Bug #12759: Proprietary packages link to non-existant or non-public github pages: See also #9755 Viktor Gurov

02/06/2022

11:04 PM Bug #12763: VTI gateway status stuck as "pending" after reboot: The icmp state does not exist indicating that dpinger failed in some way. Marcos M
11:03 PM Bug #12763 (Resolved): VTI gateway status stuck as "pending" after reboot: After rebooting the firewall, VTI gateways stay pending until a restart of dpinger. Marcos M
11:01 PM pfSense Packages Bug #12751: Improve FRR route restoration after gateway events: Further testing with 22.01-REL:
VTI gateway with default settings *OR* with option checked: @Disable Gateway Monit... Marcos M
10:20 PM Todo #12762 (Resolved): Clarify that the IPsec keep alive check option ignores Child SA Start Action: The option @Enable periodic keep alive check@ on the P2 configuration does not take into account the P1 option @Child... Marcos M
01:33 PM Bug #12761 (Resolved): Input validation prevents configuring wildcard Dynamic DNS records on Google Domains: Copy of Bug #12750 but with Google Domains selected, gives same error. Apparently bug has been around for 2+ years, b... Ma Ar
12:46 AM pfSense Packages Bug #12760 (New): Link-local addresses disallowed on Wireguard interfaces: Wireguard supports link-local IPv6, however adding a static link-local to interfaces is not allowed, even for interfa... Alex Chang-Lam

02/05/2022

07:25 PM pfSense Packages Bug #11461: zeek package - Web Interface does not display any log content Package/Zeek/Alerts/Real Time Inspection: the web interface shows Logs.
2.6.0-RELEASE (amd64)
built on Tue Jan 25 19:18:35 UTC 2022
FreeBSD 12.3-STABLE
Alhusein Zawi
07:22 PM pfSense Plus Bug #12759 (New): Proprietary packages link to non-existant or non-public github pages: When clicking on the version number to view the code for packages like openvpn-import and aws-wizard, these link to a... Kris Phillips
10:26 AM pfSense Packages Bug #12738 (Resolved): Squid ignores CA Trust Store: Danilo Zrenjanin
10:26 AM pfSense Packages Bug #12738: Squid ignores CA Trust Store: Tested against:... Danilo Zrenjanin
09:56 AM pfSense Packages Bug #12758 (Resolved): Route Handling Subnet field Input check: If a subnet mask is not defined under the Services/FRR/Global Settings - Route Handling - Routes - Subnet field, the ... Danilo Zrenjanin
09:51 AM Bug #12757 (Resolved): Clean up use of ``pfctl -F`` in ``/etc/inc/filter.inc``: Two recommended clean up actions:
1) filter_flush_state_table() in /etc/inc/filter.inc calls 'pfctl -F state' which ... Mark Francis

02/04/2022

03:19 PM pfSense Packages Bug #10937 (Resolved): HAProxy frontend and backend entry limit: Christopher Cope
03:19 PM pfSense Packages Bug #10937: HAProxy frontend and backend entry limit: Tested on... Christopher Cope
02:46 PM Bug #12238 (Resolved): OpenVPN client connect/disconnect scripts are not used in Remote Access (SSL/TLS) mode: Christopher Cope
02:46 PM Bug #12238: OpenVPN client connect/disconnect scripts are not used in Remote Access (SSL/TLS) mode: Tested on... Christopher Cope
02:29 PM pfSense Packages Todo #12351: Remove non-functional feeds: pfBlockerNG-devel 3.1.0_1 has https://isc.sans.edu/feeds/suspiciousdomains_Medium.txt, https://isc.sans.edu/feeds/sus... Christopher Cope
10:29 AM Feature #4667: DNS Resolver - ability to save/restore cache went missing: I'm wondering if we can open this back up. I did some testing and couldn't replicate having any problems when dumpin... Josh Stompro
08:54 AM Bug #12754 (Pull Request Review): Google Domains Dynamic DNS responses are not parsed properly: Jim Pingle
04:36 AM Bug #12754: Google Domains Dynamic DNS responses are not parsed properly: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/598 Viktor Gurov
12:01 AM Bug #12754 (Resolved): Google Domains Dynamic DNS responses are not parsed properly: When using Google Domains with the Dynamic DNS feature, it fails for Unknown Response. This is due to Google requirin... Daniel Pontillo
08:51 AM pfSense Docs Todo #12756 (Closed): Add information on correct MTU to use with WireGuard: *Page:* https://docs.netgate.com/pfsense/en/latest/recipes/wireguard-ra.html
*Feedback:*
In all four Wireguard ... Viktor Gurov
05:26 AM pfSense Packages Bug #12623: acme.sh package | DNS-ISPConfig settings: Do we have an ETA on when the merge will be available in a release? Morten Trab
05:08 AM pfSense Packages Bug #12755 (Duplicate): Acme package dns_ispconfig not working.: Duplicate of #12623 Viktor Gurov
04:18 AM pfSense Packages Bug #12755: Acme package dns_ispconfig not working.: Found this in the acme_issuecert.log:
[Fri Feb 4 10:52:40 CET 2022] You haven't specified the ISPConfig Login dat... Morten Trab
04:15 AM pfSense Packages Bug #12755 (Duplicate): Acme package dns_ispconfig not working.: When trying to use ISPConfig for DNS verification in Acme Certificate, I get this output but no TXT records added to ... Morten Trab

02/03/2022

09:12 PM Bug #5413: Reduce disruptions when changing DNS records from DHCP leases in Unbound: Jiggling the handle on this one again. Just tracked another user complaint down to this issue - the outtage that occ... steven warner
08:37 AM Feature #11865 (Resolved): Option to validate OpenVPN peer TLS certificate key usage: Tested against:... Danilo Zrenjanin
08:21 AM Bug #12753: DynDNS entries not being updated in one netgate box: Thank you for let me know Jim! Fábio Cabrita
07:06 AM Bug #12753 (Rejected): DynDNS entries not being updated in one netgate box: There isn't enough here to say it's a bug and not a configuration problem, even considering what's on the forum threa... Jim Pingle
06:09 AM Bug #12753 (Rejected): DynDNS entries not being updated in one netgate box: Hello everyone,
I've two netgate boxs in HA with 22.05.2, both with multi WAN (but at the time only ix0 NIC have a... Fábio Cabrita
08:14 AM pfSense Packages Bug #12205 (Resolved): Certificate Manager page doesn't show Squid used certificates: Tested against:... Danilo Zrenjanin
07:54 AM Bug #12216 (Resolved): ARM 32/64 network boot options are not parsed on Static DHCP Mapping page: Tested against:... Danilo Zrenjanin
05:19 AM pfSense Packages Bug #11766 (Resolved): Certificate no more pointed "in use" by haproxy: Tested against:... Danilo Zrenjanin
04:57 AM pfSense Packages Bug #12258: Copy key buttons only work in HTTPS mode: Tested against:... Danilo Zrenjanin
04:11 AM pfSense Packages Bug #12339 (Resolved): SyslogNG PHP errors after starting the service: Tested:... Danilo Zrenjanin
02:06 AM Feature #12752 (Resolved): Support wildcard Dynamic DNS records on DigitalOcean: According to https://docs.digitalocean.com/products/networking/dns/how-to/manage-records/ DigitalOcean supports wildc... Viktor Gurov
01:08 AM Bug #11958 (Duplicate): Multi-wan Azure Dyndns updates not working when primary WAN is unplugged: Duplicate of #12631 Viktor Gurov
12:02 AM Revision 2518a721: move firewall functions to include file: Trevor Kerr

02/02/2022

09:48 PM pfSense Packages Bug #12751 (New): Improve FRR route restoration after gateway events: SETUP:
* FRR BGP over IPsec VTI using a localhost interface as update source.
* Check @Diagnostics / Routes@ for ro... Marcos M
06:04 PM pfSense Packages Feature #10466: Add checkbox to Suricata blocked host view to resolve all resolvable IP's automatically: Bill Meeks wrote in #note-2:
> I am hesitant about adding this feature. If there are lots of blocked IP entries (whi... tasty ratz
04:27 PM pfSense Packages Feature #10466: Add checkbox to Suricata blocked host view to resolve all resolvable IP's automatically: I am hesitant about adding this feature. If there are lots of blocked IP entries (which you reference in a different ... Bill Meeks
10:55 AM Bug #12750 (Pull Request Review): Input validation prevents configuring wildcard Dynamic DNS records on GoDaddy: Jim Pingle
08:42 AM Bug #12750: Input validation prevents configuring wildcard Dynamic DNS records on GoDaddy: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/597 Viktor Gurov
08:02 AM Bug #12750 (Resolved): Input validation prevents configuring wildcard Dynamic DNS records on GoDaddy: Dear Team;
when inserting a wildcard record in godaddy as a dynamic dns provider the pfsense rejects the input and... Abdulaziz Al-Marwani
08:22 AM Bug #12749 (Pull Request Review): Uninitialized array in ``array_remove_duplicates()``: Jim Pingle
06:22 AM Bug #12749: Uninitialized array in ``array_remove_duplicates()``: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/596 Viktor Gurov
06:21 AM Bug #12749 (Resolved): Uninitialized array in ``array_remove_duplicates()``: https://github.com/pfsense/pfsense/blob/master/src/etc/inc/util.inc#L3322-L3333:... Viktor Gurov
08:08 AM Feature #2456 (Pull Request Review): Option to choose default tab in IPsec status Dashboard widget: Jim Pingle
06:16 AM Feature #2456: Option to choose default tab in IPsec status Dashboard widget: default tab option:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/595 Viktor Gurov

02/01/2022

12:33 PM Feature #12724 (Pull Request Review): Notify user if AutoConfigBackup is unable to successfully upload a backup: Jim Pingle
06:13 AM Feature #12724: Notify user if AutoConfigBackup is unable to successfully upload a backup: improvements:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/594 Viktor Gurov
12:08 PM pfSense Packages Feature #10466: Add checkbox to Suricata blocked host view to resolve all resolvable IP's automatically: Wanted to bump this one up since it hasn't had any activity in the last few years. tasty ratz
12:06 PM pfSense Packages Feature #12748 (Resolved): Suricata blocked page timestamp breakout to it's own sortable column: It's nearly impossible to fish through the blocked page and find something new right now. The only way is to look thr... tasty ratz
08:47 AM Bug #12747 (Resolved): Restarting the logging daemon during rotation also restarts ``sshguard``, leading to frequent log messages: sshguard has to restart when he logs are rotated in 2.6 in order to monitor the current file. When it does so it logs... Steve Wheeler
01:42 AM Feature #12746 (New): IPoE feature for WAN interface: I'd like to please request the addition of IPoE as a selection method for IPv6 WAN interface configuration.
The reas... Anonymous

01/31/2022

07:26 PM Revision 474db80b: One-time NTP sync from static servers NG 7447: (cherry picked from commit 4745879c9967682624a2e87e190ebc12ba6f985b) Jim Pingle
07:26 PM Revision b62cfee9: Sanity check the clock at boot. Issue NG 7447: (cherry picked from commit 42ed3b9d540c101617eaa00581c527673f6206a2) Jim Pingle
07:25 PM Revision 4745879c: One-time NTP sync from static servers NG 7447: Jim Pingle
07:24 PM Revision 42ed3b9d: Sanity check the clock at boot. Issue NG 7447: Jim Pingle
06:19 PM Revision 7a9ce400: Delete temporary ACB files. Fixes #12745: (cherry picked from commit 17490b15e73c048f8ff42df203c31942e9e2ce73) Viktor Gurov
05:38 PM Revision 17490b15: Delete temporary ACB files. Fixes #12745: Viktor Gurov
01:03 PM Bug #12734: Long hostname breaks DHCP leases layout: I added better screenshot with disappeared buttons and scrollbar at the bottom (host with a long hostname is not show... Juri Oo
12:33 PM Feature #12744 (Pull Request Review): IPv6 support for DNSimple Dynamic DNS: Jim Pingle
12:27 PM Regression #12745: AutoConfigBackup does not delete temporary encrypted configuration files from ``/tmp``: Merged to 22.01/2.6 Viktor Gurov
12:20 PM Regression #12745 (Feedback): AutoConfigBackup does not delete temporary encrypted configuration files from ``/tmp``: Applied in changeset commit:17490b15e73c048f8ff42df203c31942e9e2ce73. Viktor Gurov
11:58 AM Regression #12745 (Pull Request Review): AutoConfigBackup does not delete temporary encrypted configuration files from ``/tmp``: Jim Pingle
11:39 AM Regression #12745: AutoConfigBackup does not delete temporary encrypted configuration files from ``/tmp``: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/593 Viktor Gurov
11:30 AM Regression #12745 (Resolved): AutoConfigBackup does not delete temporary encrypted configuration files from ``/tmp``: ... Viktor Gurov
06:10 AM Bug #12141: Lack of DNS or Internet connectivity causes GUI to be slow: Marcos Mendoza wrote in #note-17:
> Tested on @2.6.0-RELEASE@ by blocking upstream any connection to the internet. T... Viktor Gurov
02:56 AM pfSense Packages Bug #12030 (Resolved): Startup Errors for Avahi Package: Viktor Gurov
01:50 AM pfSense Packages Feature #12656: NextDNS: Marcos Mendoza wrote in #note-2:
> What is the advantage of a package versus using their DNS IP addresses as forward... Abdul Khaliq

01/30/2022

08:58 PM pfSense Packages Feature #12656: NextDNS: What is the advantage of a package versus using their DNS IP addresses as forwarding servers? Marcos M
08:55 PM pfSense Packages Feature #12736: Allow custom cron intervals: The lists included with the package aren't meant to be updated that frequently. You could probably create a second cr... Marcos M
12:42 AM Revision 77a0eb0d: Add IPv6 variant of DNSimple DynDNS Provider: Zac West

01/29/2022

07:58 PM Feature #12744: IPv6 support for DNSimple Dynamic DNS: https://github.com/pfsense/pfsense/pull/4555 Zac West
07:49 PM Feature #12744 (Resolved): IPv6 support for DNSimple Dynamic DNS: Their API doesn't require specifying record type, so this is a relatively straightforward change. Creating this issue... Zac West
06:03 PM Bug #12743 (Rejected): IPv6 LAN IP not displayed in Dashboard -> Interfaces: It shows up on all of mine (Static and tracked), must be something different locally on yours, so not enough informat... Jim Pingle
02:28 PM Bug #12743 (Rejected): IPv6 LAN IP not displayed in Dashboard -> Interfaces: The web UI dashboard does not properly display the IPv6 LAN address, only the IPV4. I filed an early bug on the devel... Eric Veum
03:30 PM pfSense Packages Bug #12030: Startup Errors for Avahi Package: Not seeing these messages upon install or startup of Avahi package 2.2_1 Jordan G

01/28/2022

06:37 PM Revision c1d924e8: Move OPenVPN server save functionality to include file: Steve Beaver
06:33 PM pfSense Packages Bug #12742: freeRADIUS virtual-server-default: modules dailycounter, monthlycounter, noresetcounter, expire_on_login in authorize section prevent virtual server from loading: Fix: https://github.com/pfsense/FreeBSD-ports/pull/1142 Christopher Cope
05:56 PM pfSense Packages Bug #12742: freeRADIUS virtual-server-default: modules dailycounter, monthlycounter, noresetcounter, expire_on_login in authorize section prevent virtual server from loading: This is on freeradius3 0.15.7_32 Christopher Cope
05:42 PM pfSense Packages Bug #12742 (Feedback): freeRADIUS virtual-server-default: modules dailycounter, monthlycounter, noresetcounter, expire_on_login in authorize section prevent virtual server from loading: This seems to be along the same line as this older bug https://redmine.pfsense.org/issues/10197
Creating a freeRAD... Christopher Cope
03:29 PM Revision 723c8402: Merge remote-tracking branch 'origin/master' into mvc_refactor: Steve Beaver
08:24 AM Feature #12741 (Pull Request Review): Eliminate duplicate shell commands from history file: Jim Pingle
08:21 AM Feature #12741: Eliminate duplicate shell commands from history file: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/589 Viktor Gurov
08:18 AM Feature #12741 (Resolved): Eliminate duplicate shell commands from history file: It would be useful to add @set histdup='prev'@ to /etc/skel/dot.tcshrc to ommit immediate duplicates (ie it won't add... Viktor Gurov
07:33 AM Bug #12632 (New): Changing an interface IP address and gateway at the console does not save the new gateway if one already exists for the interface: Jim Pingle
07:30 AM Bug #12632: Changing an interface IP address and gateway at the console does not save the new gateway if one already exists for the interface: I replicated the issue on 22.01.r.20220124.1828 and 2.6.0.r.20220124.1828.... Danilo Zrenjanin
03:24 AM pfSense Packages Bug #12738: Squid ignores CA Trust Store: Merged to 22.01/2.6 Viktor Gurov

Also available in: Atom

Project

General

Profile

pfSense

Activity

Activity

02/26/2022

02/25/2022

02/24/2022

02/23/2022

02/22/2022

02/21/2022

02/20/2022

02/19/2022

02/18/2022

02/17/2022

02/16/2022

02/15/2022

02/14/2022

02/13/2022

02/12/2022

02/11/2022

02/10/2022

02/09/2022

02/08/2022

02/07/2022

02/06/2022

02/05/2022

02/04/2022

02/03/2022

02/02/2022

02/01/2022

01/31/2022

01/30/2022

01/29/2022

01/28/2022