Activity

30 days up to

User

Subprojects

Activity

From 03/15/2022 to 04/13/2022

04/10/2022

05:52 PM Bug #13014: Deadlock in Charon VICI interface: Hi. I get the same error.
See below the IPSecs logs with the highest verbosity level:... Pierre-Emmanuel DEGRYSE
04:49 PM Bug #13040: Build failed pfsense source code: https://pastebin.com/SZBL5pkL Martin Filla
04:47 PM Bug #13040 (Rejected): Build failed pfsense source code: Hi,
i take pfsense devel branch devel-12 and build with this result
ESC[0;1;32m ~~~~~ ^
ESC[0mESC[1m/usr/... Martin Filla
04:36 PM Regression #12937 (New): Traffic Shaper wizard can produce an invalid ruleset when configured with an IPv4 upstream SIP server: Marcos M
04:36 PM Regression #12937: Traffic Shaper wizard can produce an invalid ruleset when configured with an IPv4 upstream SIP server: Tested on @22.05.a.20220410.0600@.
There are still places where it fails:
> There were error(s) loading the rules... Marcos M
01:17 PM Bug #12900: Clicking Save & Force Update on a Dynamic DNS entry results in a GUI timeout: Tested on @22.05.a.20220402.0600@; got a 504 timeout with @Cloudflare@, but not with @HE.net Tunnelbroker@. Marcos M
11:03 AM pfSense Packages Feature #13039 (New): Handle transit gateway VPNs in the AWS VPN wizard: I think the AWS VPN Wizard should not only handle VPC VPN connections, but also attachements to a transit gateway, fr... Soeren Malchow
10:36 AM pfSense Packages Bug #12924: DNS Resolver WireGuard ACL Inconsistency: Hey Christian. Were you able to recreate this problem already? Kevin Mychal Ong
02:54 AM pfSense Plus Feature #12524: OpenSSL QAT Engine: This not only accelerate OpenVPN, but also HAproxy as well.
Now at the moment as qat not loaded in openssl adding:
<... DRago_Angel [InV@DER]

04/09/2022

07:31 PM pfSense Docs Correction #12994: Note in 4100 platform page refers to the 7100: All three pages currently show only the 4100:
https://docs.netgate.com/pfsense/en/latest/solutions/netgate-4100/rein... Chris W
07:27 PM Bug #13012: NAT Reflection generates duplicate rules when internal interface contains multiple VIPs in the same subnet: LAN has 3 VIPs:
em1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500

inet 192.168.1.1 ... Alhusein Zawi
05:50 PM Feature #13023: DNS Resolver option to keep probing when servers are down: running 22.05.a.20220409.0600 the option for "Keep probing servers that are down" was default selected in Services>DN... Jordan G
05:46 PM Bug #12950: OpenVPN as default gateway does not get set at boot time: It appears that some states can get established out the default GW on boot as well. I have a OpenVPN client and have... Kris Phillips
05:37 PM Bug #13003: Malicious Driver Detection event on ``ixl(4)`` driver: I saw this occur on a 7100 that had two bridged ixl interfaces for an add in card on 21.05.2, so it may affect basica... Kris Phillips
05:23 PM Bug #13038: Auto Configuration Backup fails when set to automatically backup on every configuration change.: I can reproduce this, but I'm also unable to use the Backup Now option. It queues the task, but then never actually ... Kris Phillips
01:34 PM Bug #13038 (Closed): Auto Configuration Backup fails when set to automatically backup on every configuration change.: Here are the logs:... Danilo Zrenjanin
01:54 PM Bug #11226: IPsec VTI phase 2 traffic selectors default to address when defined as a network: when selecting VTi it gives "LAN subnet" in local network and "address" in remote network by default.
if there... Alhusein Zawi
01:11 PM pfSense Packages Bug #13032 (Resolved): openvpn-client-import PHP warning: Tested on the:... Danilo Zrenjanin
01:08 PM pfSense Packages Bug #12814 (Resolved): OpenVPN Client Import does not populate 'remote_cert_tls' option: Tested on the:... Danilo Zrenjanin
11:26 AM Feature #12522: More GUI options for OpenVPN Client-Specific Overrides: Attached patch for both *current master branch* , and for release 2.6.0
It includes last upstream 0/empty() fix
Phil Wardt
06:53 AM Feature #12522: More GUI options for OpenVPN Client-Specific Overrides: Had to reset the repo, sorry, updated links and a fixed patch
*I pushed the GUI changes code:*
https://github.com/p... Phil Wardt
11:08 AM Feature #13017: Packet capture: add preview results while capture is running: If it makes testing easier, here's attached a patch that applies to the current master branch
Phil Wardt
09:20 AM Bug #12991 (Resolved): DNS Resolver ACLs are not updated when OpenVPN networks change: Tested on the:... Danilo Zrenjanin
07:07 AM Bug #13015: NAT generates duplicate ``no nat on`` rules for port forwards with a destination of ``Any``: Tested the patch on the:... Danilo Zrenjanin
03:23 AM Bug #12892 (Resolved): ``HTTPClient`` option not sent when using UEFI HTTP Boot: Tested on the:... Danilo Zrenjanin
12:06 AM Feature #13037: Support Intel 2.5g and 5g interfaces: I'd appreciate this as well. I was under the impression it was already supported from what I've read, and have a new... Jon8RFC .

04/08/2022

11:36 PM Revision d0af588d: remove some dead code: see https://forum.netgate.com/topic/171394/sledgehammer-killall-in-shaper-php-and-inc-files → luckman212
10:46 PM Feature #13037 (Closed): Support Intel 2.5g and 5g interfaces: FreeBSD source has enabled the functionality for 2.5g and 5g Nbase-T interfaces in this commit https://cgit.freebsd.o... Simeon OnSecurity
04:24 PM Feature #12522: More GUI options for OpenVPN Client-Specific Overrides: Jim Pingle wrote in #note-5:
> Yes, that's exactly expected. When you check it, nothing from the server is pushed, on... Phil Wardt
03:11 PM Todo #12981 (Resolved): Warn about OpenVPN shared key deprecation: Jim Pingle
03:10 PM Todo #12981: Warn about OpenVPN shared key deprecation: Tested on... Christopher Cope
12:22 PM pfSense Packages Bug #12916: pfBlockerNG-devel cron job does not trigger xmlrpc sync: I can confirm this issue also on a HA pair running 22.01. We have had this issue since switching to pfBlockerNG-devel... Alexander Lindqvist
04:01 AM Bug #12790 (Feedback): Link-Local IPv6 address on WAN with MAC spoofing changes if there is an IP Alias on WAN: Merged:
https://github.com/pfsense/pfsense/commit/f91bca4947c25bb39ee4cb80c9b6e3cd1b314b41 Viktor Gurov

04/07/2022

06:57 PM Bug #5413: Reduce disruptions when changing DNS records from DHCP leases in Unbound: Curious Netgate customer wondering if the fix posted by Alexander Berkes 2 years ago (or any other fix) is in the wor... Dennis Adler
01:54 PM pfSense Plus Bug #13031: Openvpn Float bug: If it's the same on the widget and status page, then it's likely being misreported by OpenVPN itself.
You can try... Jim Pingle
01:20 PM pfSense Plus Bug #13031: Openvpn Float bug: Hi Jim,
This "Dynamic IP" feature on both the tunnels are already un-checked. Please advice. Sam Jay
11:31 AM pfSense Packages Feature #9833: ACME: add ability to use custom ACME server: +1 for this! Just set up step-ca and would love having this functionality too. Connor McBrine-Ellis
10:52 AM pfSense Docs Todo #13036 (Closed): Feedback on Cellular Wireless — Known Working 3G-4G Modems: Merged Jim Pingle
10:48 AM pfSense Docs Todo #13036: Feedback on Cellular Wireless — Known Working 3G-4G Modems: https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/34 Viktor Gurov
10:31 AM pfSense Docs Todo #13036 (Closed): Feedback on Cellular Wireless — Known Working 3G-4G Modems: *Page:* https://docs.netgate.com/pfsense/en/latest/cellular/hardware.html
*Feedback:*

Add the ZTE 833R to the ... Viktor Gurov
10:30 AM Todo #12093 (Resolved): Make AutoConfigBackup menu entry point to the settings tab so it loads faster when there is no WAN connectivity: Jim Pingle
10:21 AM Todo #12093: Make AutoConfigBackup menu entry point to the settings tab so it loads faster when there is no WAN connectivity: Tested in... Christopher Cope
05:10 AM Regression #11570: Gateway monitoring services is not always restarted on interface events, which may prevent a WAN from recovering back to an online state: Wayne Sherman wrote in #note-27:
> *Setup:*
> 2.6.0-RELEASE (amd64), dual WAN with both WANs on DHCP, and failover ... Viktor Gurov
04:54 AM Feature #9544: Enable ``ROUTE_MPATH`` multipath routing: Jim Pingle wrote in #note-9:
> If that is the case, then we'll pick it up naturally when we rebase onto 13.x or late... Alexander Deca
04:19 AM Bug #13013 (Closed): bsdinstall error while creating filesystem on the latest snapshots: no such issue with pfSense-CE-2.7.0-DEVELOPMENT-amd64-20220406-1307.iso
seems related to https://github.com/pfsens... Viktor Gurov

04/06/2022

06:32 PM Revision 394c1772: Merge branch 'master' into mvc_refactor: Trevor Kerr
04:43 PM Bug #12800: Suboptimal Password Hashing: sha512crypt should be deprecated and removed in favor of better and more established options. It is a mistake to defa... Tom Sham
03:34 PM Bug #13035: No default route following WAN Gateway Group PPPoE member failure: Thank you. The test equipement to run the snapshot will be available next Monday.
I did not ask the question prope... Serge Caron
12:08 PM Bug #13035 (Not a Bug): No default route following WAN Gateway Group PPPoE member failure: Seems closer to #12811 or maybe part of #11570 though it's also possible it's a part of your configuration. Not enoug... Jim Pingle
12:04 PM Bug #13035 (Not a Bug): No default route following WAN Gateway Group PPPoE member failure: This is probably a twist on BUG # 12920 [[https://redmine.pfsense.org/issues/12920?tab=properties]]
Tier 1 of a G... Serge Caron
03:30 PM Todo #12934 (Resolved): Update strongSwan: Jim Pingle
03:29 PM Todo #12934: Update strongSwan: Tested successfully on... Christopher Cope
01:44 PM Bug #13033: DNS lookups using DNS forwarder yields invalid cache entries in systemd-resolved: I'm pretty sure it's not a duplicate. It could be a duplicate of #12901 though.... Flole Systems
08:13 AM Bug #13033: DNS lookups using DNS forwarder yields invalid cache entries in systemd-resolved: Not sure about this being a duplicate, since we have "Use local DNS, fall back to remote DNS servers" configured in p... Philipp Hoppen
08:01 AM Bug #13033 (Duplicate): DNS lookups using DNS forwarder yields invalid cache entries in systemd-resolved: Looks like a duplicate of #12902 Jim Pingle
07:38 AM Bug #13033 (Duplicate): DNS lookups using DNS forwarder yields invalid cache entries in systemd-resolved: I have configured a wildcard record in DNS forwarder, supplied in the "custom options" like the following:... Philipp Hoppen
12:55 PM pfSense Packages Bug #13022: HAProxy - Sub Frontends ignore Client verification CA certificates: Hi, I have entered the line and received the following antowrt:... Anonymous
10:33 AM pfSense Packages Bug #13022: HAProxy - Sub Frontends ignore Client verification CA certificates: Shared frontends certificates are saved to the @/var/etc/haproxy/<frontend>.crt_list@
for example:... Viktor Gurov
11:59 AM pfSense Packages Bug #13034 (Feedback): Zabbix6 Agent and Proxy fail to set the PSK from the web GUI in its conf files: Merged:
https://github.com/pfsense/FreeBSD-ports/commit/93b8b43ec23cbe6ae71ad2a792ced07d60589db6 Viktor Gurov
11:34 AM pfSense Packages Bug #13034 (Pull Request Review): Zabbix6 Agent and Proxy fail to set the PSK from the web GUI in its conf files: Jim Pingle
11:30 AM pfSense Packages Bug #13034: Zabbix6 Agent and Proxy fail to set the PSK from the web GUI in its conf files: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/209 Viktor Gurov
10:58 AM pfSense Packages Bug #13034 (Resolved): Zabbix6 Agent and Proxy fail to set the PSK from the web GUI in its conf files: The Zabbix 6 agent and proxy running on pfSense 2.6.0 fails to set the PSK values from the web GUI in the zabbix conf... Mat Clarke
11:34 AM pfSense Packages Bug #13032 (Feedback): openvpn-client-import PHP warning: Merged Viktor Gurov
10:18 AM pfSense Packages Bug #13032 (Pull Request Review): openvpn-client-import PHP warning: Jim Pingle
09:31 AM pfSense Packages Bug #13032: openvpn-client-import PHP warning: fix:
https://gitlab.netgate.com/pfSense/factory-ports/-/merge_requests/50 Viktor Gurov
06:27 AM pfSense Packages Bug #13032 (Resolved): openvpn-client-import PHP warning: Crash report shows:... Steve Wheeler
08:06 AM pfSense Plus Bug #13031 (Not a Bug): Openvpn Float bug: Looks like it's doing what you're telling it to do and what the server allows you to do.
We just report the status... Jim Pingle
02:35 AM pfSense Plus Bug #13031: Openvpn Float bug: I think it's important: Sam uses the same certificate for these 2 different OpenVPN tunnels (2 different OpenVPN Serv... Azamat Khakimyanov

04/05/2022

09:29 PM pfSense Plus Bug #13031 (Not a Bug): Openvpn Float bug: We have notice that There is a bug with the pfSense CE version: 2.6.0-RELEASE. When there is a two tunnels are initi... Sam Jay
03:07 PM Bug #13030 (Not a Bug): login without password in captive portal: Your LDAP server must be allowing the bind -- MS AD is notoriously bad about allowing binding without a password in c... Jim Pingle
02:57 PM Bug #13030 (Not a Bug): login without password in captive portal: Captive portal with LDAP authentication entering without password. putting only the username and password field blan... Octavio Morato
02:28 PM Bug #13029 (Not a Bug): Captive portal "ip allowed": That is most likely a configuration error or something in your setup. This site is not for support or diagnostic disc... Jim Pingle
02:27 PM Bug #13029 (Not a Bug): Captive portal "ip allowed": I have a problem that when I add some ip in the allowed ip field, the captive portal apparently releases all ip's on ... Octavio Morato
12:52 PM pfSense Packages Bug #12956 (Confirmed): suricata fails to use pcre in SID management (e.g. dropsid.conf): I'm reopening this issue, as the function @preg_quote@ escapes all special characters, rather than just delimiters.
h... Marcos M
10:28 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: Been fighting this issue on 2.5 and 2.4.5 and I am talking about using only 1 DNS entry in the Alias to a Dynamic DNS... Charlie Blalock
10:02 AM Bug #13028 (Needs Patch): Crash when reconfiguring interface using if_qlnxe: It's either a bug in the FreeBSD driver or a hardware issue.
Either way here it's not something we can address. If... Jim Pingle
09:55 AM Bug #13028: Crash when reconfiguring interface using if_qlnxe: may be related:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=238646
https://bugs.freebsd.org/bugzilla/show_bug... Viktor Gurov
09:25 AM Bug #13028 (Needs Patch): Crash when reconfiguring interface using if_qlnxe: We are using a "FastLinQ 41232 Dual Port" (OCP 3.0) in our Dell R650xs for our WAN connection. Any "bigger" change se... J Radmacher
08:12 AM pfSense Packages Bug #11343 (Feedback): Invalid link to pfSense-pkg-bind changelog: Merged:
https://github.com/pfsense/FreeBSD-ports/commit/a3bbd61e6a0376f80674a83b6bf99e74cb013bc5 Viktor Gurov
07:32 AM pfSense Packages Bug #11343 (Pull Request Review): Invalid link to pfSense-pkg-bind changelog: Jim Pingle
01:40 AM pfSense Packages Bug #11343: Invalid link to pfSense-pkg-bind changelog: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/206 Viktor Gurov
07:35 AM Feature #13023 (Feedback): DNS Resolver option to keep probing when servers are down: Applied in changeset commit:8490fdae1718e802d10f25729a41f55bb52dcd5f. Marcos M
02:13 AM Revision 8490fdae: Unbound option to keep probing when servers are down. Implements #13023: Marcos M
01:51 AM pfSense Packages Bug #10900 (Feedback): /packages/backup/backup.php?a=download&t=backup HTTP 504, or Sends PHP Error Message as ASCII/Text file Named pfsense.bak.tgz: Should be fixed in #11098.
Please re-test. Viktor Gurov

04/04/2022

03:40 PM Revision b409b29c: Do not generate duplicate ``no nat on`` rules for port forwards with a destination of ``Any``. Fixes #13015: Viktor Gurov
01:46 PM Revision f91bca49: Regenerate link-local address on MAC change. Fixes #12794: Viktor Gurov
01:34 PM Revision a876c333: Do not generate duplicate NAT Reflection rules. Fixes #13012: Viktor Gurov
01:03 PM Bug #13015: NAT generates duplicate ``no nat on`` rules for port forwards with a destination of ``Any``: Applied in changeset commit:b409b29c0e549d966aed312d3ec53b8ae4d0fe29. Viktor Gurov
10:48 AM Bug #13015 (Feedback): NAT generates duplicate ``no nat on`` rules for port forwards with a destination of ``Any``: Merged:
https://github.com/pfsense/pfsense/commit/b409b29c0e549d966aed312d3ec53b8ae4d0fe29 Viktor Gurov
08:21 AM Bug #13015 (Pull Request Review): NAT generates duplicate ``no nat on`` rules for port forwards with a destination of ``Any``: Jim Pingle
05:13 AM Bug #13015: NAT generates duplicate ``no nat on`` rules for port forwards with a destination of ``Any``: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/706 Viktor Gurov
01:03 PM Bug #12794: Link-local address does not reset after removing MAC address spoofing: Applied in changeset commit:f91bca4947c25bb39ee4cb80c9b6e3cd1b314b41. Viktor Gurov
08:52 AM Bug #12794 (Feedback): Link-local address does not reset after removing MAC address spoofing: Merged:
https://github.com/pfsense/pfsense/commit/f91bca4947c25bb39ee4cb80c9b6e3cd1b314b41 Viktor Gurov
01:03 PM Bug #13012: NAT Reflection generates duplicate rules when internal interface contains multiple VIPs in the same subnet: Applied in changeset commit:a876c333310c6874acd4820a4e02374675b7c069. Viktor Gurov
08:36 AM Bug #13012 (Feedback): NAT Reflection generates duplicate rules when internal interface contains multiple VIPs in the same subnet: Merged:
https://github.com/pfsense/pfsense/commit/a876c333310c6874acd4820a4e02374675b7c069 Viktor Gurov
08:25 AM Bug #13012 (Pull Request Review): NAT Reflection generates duplicate rules when internal interface contains multiple VIPs in the same subnet: Jim Pingle
06:07 AM Bug #13012: NAT Reflection generates duplicate rules when internal interface contains multiple VIPs in the same subnet: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/707 Viktor Gurov
01:03 PM Feature #12267: OpenVPN option to limit concurrent connections per user: Applied in changeset commit:70e7b0c12a16143293b7e05f66ac4f9995bc4cb9. Marcos M
01:03 PM Bug #12332: OpenVPN does not clear old Cisco-AVPair anchor rules in some cases: Applied in changeset commit:971b9a642df9cba81d91459c56e0dd92107f6115. Marcos M
01:03 PM Todo #12981: Warn about OpenVPN shared key deprecation: Applied in changeset commit:209ad2e3f59f6e5a11802298b397dfaadfb04921. Jim Pingle
01:03 PM Bug #11226: IPsec VTI phase 2 traffic selectors default to address when defined as a network: Applied in changeset commit:544be7a5360324249e8e389ad5a6de60288cf57f. Marcos M
01:03 PM Regression #12937: Traffic Shaper wizard can produce an invalid ruleset when configured with an IPv4 upstream SIP server: Applied in changeset commit:030fab3edaee1c2f10ea8695a041864810d94390. Viktor Gurov
01:03 PM Bug #12440: Zero-value prefix IPv6 addresses are mishandled: Applied in changeset commit:02004e7ad1ef9ed56b035b4a821b5951e6a05125. Viktor Gurov
01:03 PM Bug #12986: DHCP network boot filename can be incorrectly placed in DHCP Pool Options: Applied in changeset commit:568fdc9f7f4d9d6952f6ef51c922dd3603c5aa30. Viktor Gurov
01:03 PM Regression #12949: The ruleset is not regenerated after assigning an interface: Applied in changeset commit:d1d1084eb4ebedbcc86cfe13c6d25cf9570646b0. Viktor Gurov
12:14 PM pfSense Packages Bug #13022: HAProxy - Sub Frontends ignore Client verification CA certificates: I have taken screenshots of my settings. In principle, the Main Frontent is almost empty, since all settings are cove... Anonymous
07:02 AM pfSense Packages Bug #13022 (Feedback): HAProxy - Sub Frontends ignore Client verification CA certificates: Unable to reproduce with pfSense-pkg-haproxy-devel 0.62_9
Could you provide detailed step-by-step instructions to ... Viktor Gurov
10:59 AM Bug #11764: IPv6 link local gateway default status not indicated in GUI: Daryl Morse wrote in #note-7:
> I was running 2.7.0-dev up to around mid-January, then I shut it down to test the 2.... Viktor Gurov
08:17 AM pfSense Packages Feature #12963 (Feedback): Run nmap scans in the background: Merged to devel for testing in snapshots. Jim Pingle
07:58 AM Bug #13027 (Pull Request Review): Input validation requires a gateway for floating ``match out`` rules: Jim Pingle
07:42 AM Regression #13025 (Feedback): Some services won't start - wrong syntax in autogenerated rc.d scripts: Merged:
https://github.com/pfsense/pfsense/commit/bfa801a664d5ff7e266c323e333b03c33e72e0d4 Viktor Gurov
07:36 AM Regression #13025 (Pull Request Review): Some services won't start - wrong syntax in autogenerated rc.d scripts: Jim Pingle
01:26 AM Regression #13025: Some services won't start - wrong syntax in autogenerated rc.d scripts: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/705 Viktor Gurov
07:39 AM Regression #13026: Limiters do not work: There is ongoing work here as part of the transition to purely pf based handling of these things. See #12579 for some... Jim Pingle
07:29 AM pfSense Docs Correction #13024 (Closed): Feedback on Virtual Private Networks — OpenVPN — Controlling Client Parameters via RADIUS: Merged. Jim Pingle
07:21 AM Bug #13019 (Rejected): Setting an NTP FQDN kills DHCP Server: I can't reproduce it either. This site is not for support or diagnostic discussion, however. Please start a post on t... Jim Pingle
02:00 AM Bug #13019 (Feedback): Setting an NTP FQDN kills DHCP Server: Viktor Gurov
07:10 AM Feature #12819 (Feedback): GUI option to configure layers for LACP hash: That only showed that the GUI option was there -- It still needs to be tested at the OS level to make sure the select... Jim Pingle
06:25 AM Feature #12819 (Resolved): GUI option to configure layers for LACP hash: Viktor Gurov
06:24 AM Revision bfa801a6: write_rcfile() restart fix. Issue #13025: Viktor Gurov
04:48 AM Bug #12774: Picture widget image is not saved in backup: Where the picture data is stored while the system is operating is IMO of no consequence regarding as to whether or no... Ronald Antony
01:59 AM Bug #13021 (Duplicate): Image data of dashboard image widget does not get backed up: Duplicate of #12774 Viktor Gurov

04/03/2022

08:29 PM pfSense Packages Bug #12995 (Resolved): Installing stunnel only on the primary HA node leads to php crashes and sync issues: Tested on @22.05.a.20220403.0600@; works as expected. Marcos M
08:06 PM Bug #13027: Input validation requires a gateway for floating ``match out`` rules: This works on @22.01@ with the following rule and patch:... Marcos M
07:55 PM Bug #13027 (Resolved): Input validation requires a gateway for floating ``match out`` rules: When implementing limiters using floating *match* rules, a gateway should not be necessary. Without selecting one, th... Marcos M
07:49 PM Regression #13026 (Resolved): Limiters do not work: h3. SETUP
@/tmp/rules.limiter@ (no change between versions)... Marcos M
04:36 PM Regression #13025 (Resolved): Some services won't start - wrong syntax in autogenerated rc.d scripts: 22.05-DEVELOPMENT (amd64)
built on Sun Apr 03 06:21:55 UTC 2022
FreeBSD 12.3-STABLE
noticed avahi and other s... johnny stecchino
02:32 PM Regression #12961: CARP event storm when leaving persistent CARP maintenance mode: I can confirm to see the absolute same behaviour in pfSense 2.6.0 CE with a very similar setup! Steffen Wagner
11:27 AM pfSense Docs Correction #13024 (Pull Request Review): Feedback on Virtual Private Networks — OpenVPN — Controlling Client Parameters via RADIUS: Marcos M
11:26 AM pfSense Docs Correction #13024: Feedback on Virtual Private Networks — OpenVPN — Controlling Client Parameters via RADIUS: https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/33 Marcos M
11:02 AM pfSense Docs Correction #13024 (Closed): Feedback on Virtual Private Networks — OpenVPN — Controlling Client Parameters via RADIUS: *Page:* https://docs.netgate.com/pfsense/en/latest/vpn/openvpn/client-parameters-radius.html
*Feedback:*
@Framed-... Marcos M
10:48 AM Feature #13023 (Pull Request Review): DNS Resolver option to keep probing when servers are down: I've been running this option for months and it's helped whenever there are ISP issues.
https://gitlab.netgate.com... Marcos M
09:47 AM Feature #13023 (Resolved): DNS Resolver option to keep probing when servers are down: When servers are down and in the "blocking regime", they are currently probed every 15 minutes which is a relatively ... Marcos M
10:28 AM pfSense Plus Bug #12974: Typing anything into 1100/2100 recovery installer causes process to stop: Kris Phillips wrote in #note-1:
> I'm not able to reproduce this. What serial emulator are you using? Have you tri... Ryan Coleman
06:50 AM pfSense Packages Bug #13022 (Feedback): HAProxy - Sub Frontends ignore Client verification CA certificates: I noticed that when I create sub frontends in HAProxa and enable the "Client verification CA certificates" in them (e... Anonymous
05:03 AM Feature #13017: Packet capture: add preview results while capture is running: Fix previous patch did not properly apply dns option during view/preview results
Add a warning that running preview ... Phil Wardt

04/02/2022

09:11 PM Bug #13021: Image data of dashboard image widget does not get backed up: Oops, sorry, there’s something to clarify: the widget is called “Picture” not “Image” Ronald Antony
09:03 PM Bug #13021: Image data of dashboard image widget does not get backed up: Oh, and ANYTHING can be stored in an XML file, that’s what base64 encoded blobs are for. Ronald Antony
09:01 PM Bug #13021: Image data of dashboard image widget does not get backed up: I’m not sure how I’m supposed to clarify.
It’s pretty easy what I’m talking about: go to the dashboard, add an image... Ronald Antony
07:02 PM Bug #13021: Image data of dashboard image widget does not get backed up: Ronald,
The only thing that is backed up when pfSense is backed up is the config file. I'm not sure what "image" ... Kris Phillips
08:49 AM Bug #13021 (Duplicate): Image data of dashboard image widget does not get backed up: The dashboard has a rather useful image widget, which by using distinctive images, drastically lowers the chance of m... Ronald Antony
07:18 PM pfSense Plus Bug #12974: Typing anything into 1100/2100 recovery installer causes process to stop: I'm not able to reproduce this. What serial emulator are you using? Have you tried Putty or Screen? I've seen this... Kris Phillips
07:15 PM Bug #13019: Setting an NTP FQDN kills DHCP Server: I'm not able to reproduce this issue. I added two NTP settings under Advanced to the DHCP server, restarted the serv... Kris Phillips
02:11 AM Bug #13019 (Rejected): Setting an NTP FQDN kills DHCP Server: Very strange issue here. Setting a FQDN for one of the 3 NTP server options in the IPv4 DHCP server settings kills I... Kristopher Kolpin
01:46 PM Feature #12982: Add support for RFC7499 in RADIUS library.: To add some details from the test:
The file contents did have just 65 rules. I also tried increasing the php @max_in... Marcos M
01:13 PM Regression #12862: Some ``sysctl`` OIDs in ``loader.conf.local`` are silently removed: Running 22.05.a.20220402.0600 on the 1100, kern.ipc.nmbclusters is not present in /boot/loader.conf or system tunables Jordan G
11:45 AM Feature #12819: GUI option to configure layers for LACP hash: tested on 22.05.a.20220402.0600 options for LAGG now show -
Layer 2/3/4/ (default)
Layer 2 (MAC Address)
... Jordan G
09:31 AM Bug #12957 (Resolved): Delete button is always active for NAT rules, even if no rules are selected: Tested on the:... Danilo Zrenjanin
08:44 AM pfSense Docs Todo #13020 (Resolved): Improve ``easyrule`` command documentation: At https://docs.netgate.com/pfsense/en/latest/firewall/easyrule.html#easyrule-in-the-shell the documentation is typic... Ronald Antony
04:25 AM Feature #13017: Packet capture: add preview results while capture is running: Fix upstream original version not applying "DNS resolution" option during capture, but only during display
patch for... Phil Wardt
04:03 AM pfSense Packages Feature #12963: Run nmap scans in the background: I squashed commits since the last review
I reviewed and cleaned up some code readability
Updated the attached patch... Phil Wardt

04/01/2022

05:59 PM pfSense Packages Bug #13018 (New): TLD and DNSBL Safesearch DOH conflict disables TLD block when conflicting DOH FQDN is deselected or whitelisted: pfBlockerNG-devel 3.1.0_4
If a TLD (example .cn) is blacklisted and conflicts with DNSBL Safesearch DOH blocking (ex... James Wilson
04:27 PM pfSense Packages Feature #12963: Run nmap scans in the background: Add No DNS Resolution option for faster scans
Should be completed
Attached patch for pfsense 2.6.0 Phil Wardt
09:53 AM pfSense Packages Feature #12963: Run nmap scans in the background: Updated patch to fix this:
- only kill nmap process using the output file created in GUI
- code formatting Phil Wardt
03:56 PM Feature #13017: Packet capture: add preview results while capture is running: Commit:
https://github.com/pfsense/pfsense/pull/4567
Note: I added the -U option to unbuffer output and permit resul... Phil Wardt
03:54 PM Feature #13017 (Closed): Packet capture: add preview results while capture is running: Packet Capture: add preview results
- allow preview results while a capture is still running
- add a capture summar... Phil Wardt
01:12 PM Regression #13011 (Feedback): Ruleset can fail to load on snapshot from March 31st: Jim Pingle
01:09 PM Regression #13011: Ruleset can fail to load on snapshot from March 31st: Should be sorted out as of 8f782c1bf74a13fa9c8c40c37d6b2391387498c3 on devel-12 and aac961d1dbc43f1cc71acb701a54df0da... Mateusz Guzik
09:06 AM Regression #13011: Ruleset can fail to load on snapshot from March 31st: While not directly related, #13011 is contributing to this problem as it's one source of potentially duplicate rules. Jim Pingle
08:40 AM Regression #13011 (Resolved): Ruleset can fail to load on snapshot from March 31st: Adding this for tracking as we are aware of it and it's being actively worked on.
There is an issue on the latest ... Jim Pingle
01:06 PM pfSense Docs New Content #13016: Workaround for bandwith issues since 2.6 when installed in Hyper-V: There are other things out there that could also be a factor, multiple forum threads also mentioned switch settings i... Jim Pingle
12:52 PM pfSense Docs New Content #13016 (New): Workaround for bandwith issues since 2.6 when installed in Hyper-V: Extremely slow upload speeds since 2.6 when installed in Hyper-V. A workaround for windows 10 machines is disabling b... Christoph Obermoser
12:37 PM Feature #13010: Option to retain the existing serial number when renewing a CA or certificate: Evren Yurtesen wrote in #note-2:
> Excluding the CA serial from being used in future, in authorityKeyIdentifier, doe... Jim Pingle
01:57 AM Feature #13010: Option to retain the existing serial number when renewing a CA or certificate: Excluding the CA serial from being used in future, in authorityKeyIdentifier, does not solve the immediate problem wi... Evren Yurtesen
11:31 AM Bug #13015 (Resolved): NAT generates duplicate ``no nat on`` rules for port forwards with a destination of ``Any``: Port forwards with a destination of @Any@ get extra @no nat on@ NAT rules which can end up duplicated across multiple... Jim Pingle
11:14 AM Bug #13013: bsdinstall error while creating filesystem on the latest snapshots: I ran into what Jim set out yesterday. Had to memstick install 2.6.0 then update to 2.7.0 to get back into operation.... Ted Quade
10:21 AM Bug #13013: bsdinstall error while creating filesystem on the latest snapshots: I see the same issue with a clean install. Viktor Gurov
09:23 AM Bug #13013: bsdinstall error while creating filesystem on the latest snapshots: I was seeing this the other day but it doesn't matter what is on the disk for me, UFS or ZFS, in both cases trying to... Jim Pingle
09:20 AM Bug #13013: bsdinstall error while creating filesystem on the latest snapshots: see also #10690 Viktor Gurov
09:19 AM Bug #13013 (Closed): bsdinstall error while creating filesystem on the latest snapshots: Old ZFS layout (pfSense 2.5.2):... Viktor Gurov
11:03 AM Bug #13014: Deadlock in Charon VICI interface: Might be the same root cause as #7420 though we don't have enough information about either one of these to say for ce... Jim Pingle
10:53 AM Bug #13014 (Resolved): Deadlock in Charon VICI interface: The charon.vici daemon can get in a bad state where all of the qlen slots are "hung". This causes the Status --> IPS... Kris Phillips
09:05 AM Bug #13012 (Resolved): NAT Reflection generates duplicate rules when internal interface contains multiple VIPs in the same subnet: NAT reflection can generate multiple identical rules if the configuration contains multiple VIPs in the same subnet.
... Jim Pingle
01:36 AM pfSense Packages Bug #12814 (Feedback): OpenVPN Client Import does not populate 'remote_cert_tls' option: Merged Viktor Gurov

03/31/2022

08:02 PM Revision 9f534f4b: Use correct rx/tx index. Fixes #8861: Jim Pingle
04:04 PM pfSense Packages Feature #12963: Run nmap scans in the background: I modified the code to disable any custom commands.
This is safer since nmap already changed in the past the -o opti... Phil Wardt
03:47 PM Regression #12897 (Resolved): Attempting to decrypt an encrypted backup with the wrong password makes the GUI timeout: Tested and working correctly on... Christopher Cope
03:44 PM Regression #12834: Only TCP traffic is passed outbound through IPFW: → luckman212 wrote in #note-11:
> @jimp was this one merged as of 22.05.a.20220331.1603? I'm looking in System Patch... Jim Pingle
03:06 PM Regression #12834: Only TCP traffic is passed outbound through IPFW: @jimp was this one merged as of 22.05.a.20220331.1603? I'm looking in System Patches under "Recommended System Patche... → luckman212
03:44 PM Revision 82a6f401: CLI history option optimization. Fixes #12675: There is no longer a need to use the ~/.keephistory flag file. Scripts
can check the config.xml value for a user dire... Jim Pingle
03:42 PM Revision 0049d009: Fix syntax error: Jim Pingle
03:40 PM Bug #12998: Wireless interface WPA configuration fields are always visible: Updating subject for release notes. Jim Pingle
03:39 PM Bug #12710: Disabling DHCP Server RRD statistics does not work: Updating subject for release notes. Jim Pingle
03:38 PM Feature #12616: Option to filter state table contents by rule ID: Updating subject for release notes. Jim Pingle
03:37 PM Bug #12440: Zero-value prefix IPv6 addresses are mishandled: Updating subject for release notes. Jim Pingle
03:37 PM Bug #11226: IPsec VTI phase 2 traffic selectors default to address when defined as a network: Updating subject for release notes. Jim Pingle
03:36 PM Bug #11941: Many ``exec()`` functions do not use full path to executable files: Updating subject for release notes. Jim Pingle
03:35 PM Regression #12937: Traffic Shaper wizard can produce an invalid ruleset when configured with an IPv4 upstream SIP server: Updating subject for release notes. Jim Pingle
03:34 PM Bug #12003: Pie and ``fq_pie`` are missing options and do not handle floating point number input correctly: Updating subject for release notes. Jim Pingle
03:33 PM Bug #12611: SNMP daemon is restarted during every ``rc.newwanip`` event: Updating subject for release notes. Jim Pingle
03:32 PM Bug #12957: Delete button is always active for NAT rules, even if no rules are selected: Updating subject for release notes. Jim Pingle
03:32 PM Bug #12871: Some action buttons are always active for firewall rules, even if no rules are selected: Updating subject for release notes. Jim Pingle
03:32 PM Bug #12871: Some action buttons are always active for firewall rules, even if no rules are selected: Updating subject for release notes. Jim Pingle
03:31 PM Bug #12803: Error loading ruleset due to illegal TOS value: Updating subject for release notes. Jim Pingle
03:31 PM Bug #12792: Automatic Outbound NAT rules do not include OpenVPN CSO entries: Updating subject for release notes. Jim Pingle
03:31 PM Bug #12678: Applying firewall rule changes does not clear dirty flag for aliases subsystem: Updating subject for release notes. Jim Pingle
03:30 PM Feature #12392: Allow the selection of "any" interface in floating rules: Updating subject for release notes. Jim Pingle
03:30 PM Feature #8365: Button to copy rules from one interface to another: Updating subject for release notes. Jim Pingle
03:29 PM Feature #4881: Allow NPt to use dynamic IPv6 networks: Updating subject for release notes. Jim Pingle
03:27 PM Bug #12536: Setting a default gateway of "None" does not remove the default gateway from the routing table: Updating subject for release notes. Jim Pingle
03:26 PM Feature #12968: Button to clear previous packet capture data: Updating subject for release notes. Jim Pingle
03:26 PM Bug #13004: ``write_rcfile()`` does not create ``rc_restart()`` entry: Updating subject for release notes. Jim Pingle
11:23 AM Bug #13004 (Feedback): ``write_rcfile()`` does not create ``rc_restart()`` entry: Merged:
https://github.com/pfsense/pfsense/commit/4e2a765a9f5979aaa2e10ef31ecccd0466e6cc2f Viktor Gurov
07:45 AM Bug #13004 (Pull Request Review): ``write_rcfile()`` does not create ``rc_restart()`` entry: Jim Pingle
05:24 AM Bug #13004: ``write_rcfile()`` does not create ``rc_restart()`` entry: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/699 Viktor Gurov
05:18 AM Bug #13004 (Resolved): ``write_rcfile()`` does not create ``rc_restart()`` entry: @write_rcfile()@ creates only rc_start() and rc_stop() entries, but ignores the contents of 'restart', which is used ... Viktor Gurov
03:25 PM Bug #12766: Packages with custom ``internal_name`` values do not reinstall properly when restoring a backup: Updating subject for release notes. Jim Pingle
06:00 AM Bug #12766 (Resolved): Packages with custom ``internal_name`` values do not reinstall properly when restoring a backup: Tested against:... Danilo Zrenjanin
03:24 PM Todo #12981: Warn about OpenVPN shared key deprecation: Updating subject for release notes. Jim Pingle
03:24 PM Bug #12925: FQDN in network alias is omitted from OpenVPN networks list: Updating subject for release notes. Jim Pingle
03:22 PM Bug #12887: GUI does not reject an invalid OpenVPN tap mode configuration with an empty tunnel network "Bridge DHCP" disabled: Updating subject for release notes. Jim Pingle
03:21 PM Regression #12884: OpenVPN status display for TAP mode services shows peer-to-peer instead of client list in certain cases: Updating subject for release notes. Jim Pingle
03:20 PM Regression #12817: PHP error when terminating OpenVPN sessions via the dashboard widget: Updating subject for release notes. Jim Pingle
03:19 PM Bug #12628: OpenVPN re-synchronization also synchronizes override entries unnecessarily in some cases: Updating subject for release notes. Jim Pingle
03:17 PM Bug #11864: OpenVPN stays bound to previous IP address after interface changes: Updating subject for release notes. Jim Pingle
03:16 PM Bug #11416: OpenVPN IPv4 Tunnel Network incorrectly allows hostnames: Updating subject for release notes. Jim Pingle
03:12 PM Feature #12819: GUI option to configure layers for LACP hash: Updating subject for release notes. Jim Pingle
03:10 PM Bug #12953: ESP description in IPsec phase 2 proposal help text is ambiguous: Updating subject for release notes. Jim Pingle
03:10 PM Bug #12723: Disallow remote gateway of ``0.0.0.0`` for VTI mode: Updating subject for release notes. Jim Pingle
03:08 PM Regression #12866: Disabled Captive Portal configuration prevents adding an interface to a bridge: Updating subject for release notes. Jim Pingle
03:07 PM Bug #12735 (Resolved): Interface status "Total Interrupts" display is non-functional: This looks right on current snapshots now. The value is displayed as expected. Jim Pingle
03:04 PM Feature #8861 (Feedback): Show SFP module details on ``status_interfaces.php``: Fix committed, commit:9f534f4b7af51600ce37e10978f3f1eb977768f3
Jim Pingle
03:02 PM Feature #8861 (In Progress): Show SFP module details on ``status_interfaces.php``: There is a small error keeping it from displaying the RX/TX signal levels from an SFP. To me, I have a fix. Jim Pingle
02:51 PM Bug #12691: Support encrypted ``config.xml`` files when restoring during install: Updating subject for release notes. Jim Pingle
02:51 PM Bug #12609: IGMP Proxy server is restarted during every ``rc.newwanip`` event: Updating subject for release notes. Jim Pingle
02:50 PM Feature #12702: Use consistent pf host ID and add GUI option to set a custom host ID in state synchronization settings: Updating subject for release notes. Jim Pingle
02:49 PM Feature #9091: Chelsio TOE support using the ``t4_tom`` module: Updating subject for release notes. Jim Pingle
02:47 PM Bug #12721: IPv6 gateway group using link local addresses incorrectly logs a gateway change because it not including interface scope properly: Updating subject for release notes. Jim Pingle
02:42 PM Bug #11692: ``fixup_default_gateway()`` should not remove a default gateway managed by a dynamic routing daemon: Updating subject for release notes. Jim Pingle
02:28 PM Feature #13010: Option to retain the existing serial number when renewing a CA or certificate: It could perhaps be made optional but I've seen more trouble from retaining the serial than from changing it, though.... Jim Pingle
01:20 PM Feature #13010 (Resolved): Option to retain the existing serial number when renewing a CA or certificate: I believe this issue is related to Bug #11514 - "Renewing a self-signed CA or certificate does not update the serial ... Evren Yurtesen
01:18 PM Todo #12881: Update ``dpinger`` to 3.2: Updating subject for release notes. Jim Pingle
01:17 PM Bug #12811: Services are not restarted when PPP interfaces connect: Updating subject for release notes. Jim Pingle
01:14 PM Regression #12816: Namecheap Dynamic DNS responses are not parsed properly: Updating subject for release notes. Jim Pingle
01:13 PM Bug #12761: Input validation prevents configuring wildcard Dynamic DNS records on Google Domains: Updating subject for release notes. Jim Pingle
01:12 PM Bug #12754: Google Domains Dynamic DNS responses are not parsed properly: Updating subject for release notes. Jim Pingle
01:11 PM Feature #12752: Support wildcard Dynamic DNS records on DigitalOcean: Updating subject for release notes. Jim Pingle
01:11 PM Bug #12750: Input validation prevents configuring wildcard Dynamic DNS records on GoDaddy: Updating subject for release notes. Jim Pingle
01:10 PM Feature #12744: IPv6 support for DNSimple Dynamic DNS: Updating subject for release notes. Jim Pingle
01:09 PM Bug #12672: GleSYS Dynamic DNS responses are not parsed properly: Updating subject for release notes. Jim Pingle
01:08 PM Bug #12590: Dynamic DNS custom IPv6 service fails on 6rd tunnels: Updating subject for release notes. Jim Pingle
01:05 PM Bug #12991: DNS Resolver ACLs are not updated when OpenVPN networks change: Updating subject for release notes. Jim Pingle
11:33 AM Bug #12991 (Feedback): DNS Resolver ACLs are not updated when OpenVPN networks change: Merged:
https://github.com/pfsense/pfsense/commit/34fc7cd6b5a1b9cb9edafb13cd3dbb4142c66294 Viktor Gurov
07:44 AM Bug #12991 (Pull Request Review): DNS Resolver ACLs are not updated when OpenVPN networks change: Jim Pingle
05:08 AM Bug #12991 (New): DNS Resolver ACLs are not updated when OpenVPN networks change: Danilo Zrenjanin wrote in #note-5:
> Tested with the patch against:
> [...]
>
> The tunnel network from the serv... Viktor Gurov
03:49 AM Bug #12991: DNS Resolver ACLs are not updated when OpenVPN networks change: Tested with the patch against:... Danilo Zrenjanin
01:04 PM Bug #12985: DNS Resolver updates trust anchor at boot even with DNSSEC disabled which can lead to a startup delay of ~2 minutes if the firewall does not have Internet access: Updating subject for release notes. Jim Pingle
11:32 AM Bug #12985 (Resolved): DNS Resolver updates trust anchor at boot even with DNSSEC disabled which can lead to a startup delay of ~2 minutes if the firewall does not have Internet access: > > fix:
> > https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/700
>
> I applied the patch and it fixed... Viktor Gurov
09:22 AM Bug #12985: DNS Resolver updates trust anchor at boot even with DNSSEC disabled which can lead to a startup delay of ~2 minutes if the firewall does not have Internet access: Viktor Gurov wrote in #note-7:
> Glenn Hall wrote in #note-5:
> > This commit seems to break enabling of DNSSEC on ... Glenn Hall
07:47 AM Bug #12985 (Pull Request Review): DNS Resolver updates trust anchor at boot even with DNSSEC disabled which can lead to a startup delay of ~2 minutes if the firewall does not have Internet access: Jim Pingle
07:46 AM Bug #12985: DNS Resolver updates trust anchor at boot even with DNSSEC disabled which can lead to a startup delay of ~2 minutes if the firewall does not have Internet access: Glenn Hall wrote in #note-5:
> This commit seems to break enabling of DNSSEC on 2.7.0.a.20220328.0600. I previously ... Viktor Gurov
01:02 PM Bug #12613: DNS Resolver does not restart during link up/down events on a static IP address interface: Updating subject for release notes. Jim Pingle
01:02 PM Bug #12612: DNS Resolver is restarted during every ``rc.newwanip`` event even for interfaces not used in the resolver: Updating subject for release notes. Jim Pingle
01:01 PM Bug #12749: Uninitialized array in ``array_remove_duplicates()``: Updating subject for release notes. Jim Pingle
01:00 PM Regression #12582: RADVD can be started on both HA nodes when configured with an IPv6 link-local address: Updating subject for release notes. Jim Pingle
12:58 PM Bug #12527: DHCPv6 server does not skip interfaces configured with invalid ranges: Updating subject for release notes. Jim Pingle
12:55 PM Revision 4e2a765a: write_rcfile() restart support. Issue #13004: Viktor Gurov
12:55 PM Bug #12986: DHCP network boot filename can be incorrectly placed in DHCP Pool Options: Updating subject for release notes. Jim Pingle
12:55 PM Revision 34fc7cd6: Improve unbound DNSSEC option check. Issue #12985: Viktor Gurov
12:53 PM Bug #12896: ``HTTPClient`` option does not work for static mappings: Updating subject for release notes. Jim Pingle
12:53 PM Bug #12892: ``HTTPClient`` option not sent when using UEFI HTTP Boot: Updating subject for release notes. Jim Pingle
12:52 PM Feature #12973: Playback script to perform a configuration upgrade on an arbitrary ``config.xml`` file: Updating subject for release notes. Jim Pingle
12:50 PM Feature #12675: Move command line history to a GUI option stored in ``config.xml`` rather than a manual flag file: Updating subject for release notes. Jim Pingle
10:54 AM Feature #12675 (Feedback): Move command line history to a GUI option stored in ``config.xml`` rather than a manual flag file: Merged: https://github.com/pfsense/pfsense/commit/82a6f401d07ac88bb66cc29110d249dd8302bcbf Jim Pingle
10:40 AM Feature #12675 (In Progress): Move command line history to a GUI option stored in ``config.xml`` rather than a manual flag file: Taking another look at this, there is no need to use the flag file at all now. It can be read directly from the confi... Jim Pingle
12:49 PM Bug #12810: Sanitize SHA-512 user password hashes in ``status.php`` output: Updating subject for release notes. Jim Pingle
12:48 PM Feature #12773: Ability to sort AutoConfigBackup entries: Updating subject for release notes. Jim Pingle
12:45 PM Feature #12724: Notify user if AutoConfigBackup is unable to successfully upload a backup: Updating subject for release notes. Jim Pingle
12:44 PM Feature #12685: Support encrypted ``config.xml`` files when restoring via ECL: Updating subject for release notes. Jim Pingle
12:43 PM Feature #12855: GUI option to select the user password hashing algorithm: Updating subject for release notes. Jim Pingle
12:42 PM Feature #13009 (New): Add option for multiple remote addresses to OpenVPN Client: With the ability to bind OpenVPN Servers to localhost and then use port forwarding for multiple interfaces and failov... Kris Phillips
12:41 PM Feature #12842: Retain descriptions when exporting and importing aliases: Updating subject for release notes. Jim Pingle
12:41 PM Bug #12727: Renaming an alias does not update the alias names in static routes and OpenVPN instances: Updating subject for release notes. Jim Pingle
12:23 PM Bug #12868 (Resolved): Output from ``pfctl -vvsr`` does not include ``ridentifier`` value in the expected location: This was merged a while ago and has been working fine.
The @(0)@ bit after the pf rule number is no longer present... Jim Pingle
12:22 PM pfSense Packages Bug #12818 (Resolved): IP block logging not working: Christopher Cope
12:21 PM pfSense Packages Bug #12818: IP block logging not working: Tested and working in... Christopher Cope
12:14 PM pfSense Packages Regression #13002 (Feedback): BIND 9.16_13 could not find existing DNSSEC keys at /cf/named/etc/namedb/keys due to directory change: Merged:
https://github.com/pfsense/FreeBSD-ports/commit/1a4f1fdbd14484e4ea4630fe4cd16ac777a32f5a Viktor Gurov
07:43 AM pfSense Packages Regression #13002 (Pull Request Review): BIND 9.16_13 could not find existing DNSSEC keys at /cf/named/etc/namedb/keys due to directory change: Jim Pingle
04:59 AM pfSense Packages Regression #13002: BIND 9.16_13 could not find existing DNSSEC keys at /cf/named/etc/namedb/keys due to directory change: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/205 Viktor Gurov
12:01 PM Bug #12794: Link-local address does not reset after removing MAC address spoofing: forum topic:
https://forum.netgate.com/topic/169727/link-local-address-behavior-when-spoofing-wan-interface-mac-address Viktor Gurov
11:51 AM pfSense Packages Bug #12916: pfBlockerNG-devel cron job does not trigger xmlrpc sync: Marcos Mendoza wrote:
> Tested on pfSense 2.6.0 and pfBlockerNG-devel 3.1.0_1
> pfBlockerNG-devel option "Enable Sy... Israel Goldstein
10:06 AM Revision 3a792acf: OpenVPN unbound restart fixes. Issue #12991: Viktor Gurov
07:40 AM Feature #12982: Add support for RFC7499 in RADIUS library.: The number that works is too conveniently close to 64 to be a coincidence. It sounds like it's hitting a limit somewh... Jim Pingle

03/30/2022

09:19 PM Revision dabd214e: php: replace DEFAULT_VERSIONS from 74 to 7.4: Glen Barber
07:00 PM Revision 05e58cf4: Make openvpn.connect_async.sh executable: Marcos M
07:00 PM Revision 70e7b0c1: Add option to limit concurrent connections per OpenVPN user. Implements #12267: Marcos M
07:00 PM Revision 971b9a64: Clear stale Cisco-AVPair anchor rules. Fixes #12332: Marcos M
07:00 PM Revision 96a1e759: Improve OpenVPN client connection logging and logic: In preperation for fixes and features Marcos M
07:00 PM Revision acb0c154: Use OpenVPN deferred client-connect. Implements #12407: Marcos M
07:00 PM Revision fdfa9859: Move openvpn client-connect script to separate file: to prepare for deferred client-connect Marcos M
04:26 PM Feature #12982: Add support for RFC7499 in RADIUS library.: Tested with the patch applied, but the issue remains. Note: the rule syntax originally tested was incorrect - this te... Marcos M
04:19 PM Bug #12332: OpenVPN does not clear old Cisco-AVPair anchor rules in some cases: Tested on 2.6 with patch. The rules are being applied correctly, and files get added/removed as expected. Using the f... Marcos M
03:22 PM Bug #12332 (Feedback): OpenVPN does not clear old Cisco-AVPair anchor rules in some cases: Merged Viktor Gurov
04:13 PM Revision ae017785: Duplicate wireless interfaces fix. Issue #12999: Viktor Gurov
04:12 PM Revision f9d9d77e: Interfaces WIFI WPA configuration fields expose fix. Issue #12998: Viktor Gurov
03:54 PM Revision 89f11609: backup via upload file was fixed: Andrey Kuznetsov
03:52 PM Revision 209ad2e3: OpenVPN shared key warning. Implements #12981.: Adds a warning to the OpenVPN client and server list and edit pages
warning the user about shared key mode being depr... Jim Pingle
03:22 PM Feature #12267 (Feedback): OpenVPN option to limit concurrent connections per user: Merged Viktor Gurov
12:29 PM Feature #12267: OpenVPN option to limit concurrent connections per user: Marcos Mendoza wrote in #note-16:
> New MR including fix to client-specific configuration not applying (static addre... Ryan Coleman
03:22 PM Feature #12407 (Feedback): Use deferred client connections in OpenVPN: Merged Viktor Gurov
12:27 PM Feature #12407: Use deferred client connections in OpenVPN: Marcos Mendoza wrote in #note-10:
> New MR, see: https://redmine.pfsense.org/issues/12267#note-16
Tested this wit... Ryan Coleman
01:51 PM Regression #11570: Gateway monitoring services is not always restarted on interface events, which may prevent a WAN from recovering back to an online state: *Setup:*
2.6.0-RELEASE (amd64), dual WAN with both WANs on DHCP, and failover via Gateway groups. (default gateway =... Wayne Sherman
12:41 PM Revision 6e4620d2: Fix typo: Jim Pingle
11:54 AM Regression #12984 (Resolved): OpenVPN causes Crash Reports in the GUI: Testest against:... Danilo Zrenjanin
11:32 AM Bug #12998 (Feedback): Wireless interface WPA configuration fields are always visible: Merged:
https://github.com/pfsense/pfsense/commit/f9d9d77e0a312483078db13298783d55c995cfcb Viktor Gurov
09:19 AM Bug #12998 (Pull Request Review): Wireless interface WPA configuration fields are always visible: That patch corrects the behaviour for my test case. Steve Wheeler
08:43 AM Bug #12998: Wireless interface WPA configuration fields are always visible: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/695 Viktor Gurov
11:32 AM Regression #12999 (Feedback): Duplicate wireless interfaces are created at boot: Merged:
https://github.com/pfsense/pfsense/commit/ae01778587df124d8ef4c69ae8b6d751cb7272fc Viktor Gurov
09:45 AM Regression #12999 (Pull Request Review): Duplicate wireless interfaces are created at boot: Jim Pingle
09:41 AM Regression #12999: Duplicate wireless interfaces are created at boot: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/696 Viktor Gurov
11:15 AM Bug #13003 (Closed): Malicious Driver Detection event on ``ixl(4)`` driver: There have been a handful of reports of MDD events happening with the Intel X710 NIC. The system logs show the follow... Marcos M
11:13 AM Todo #12981 (Feedback): Warn about OpenVPN shared key deprecation: Warning added to tunnel list and when editing an instance for both clients and servers. Warning is only printed when ... Jim Pingle
10:22 AM Todo #12981 (In Progress): Warn about OpenVPN shared key deprecation: Jim Pingle
10:19 AM pfSense Packages Regression #13002 (Resolved): BIND 9.16_13 could not find existing DNSSEC keys at /cf/named/etc/namedb/keys due to directory change: https://forum.netgate.com/topic/170558/bind-package-9-16_12-reads-from-cf-named-but-changes-in-the-gui-are-written-to... Viktor Gurov
09:33 AM Regression #13001 (Not a Bug): HA sync using shared CARP WAN IP results in Interface not found: '_vip577745067c45c' on backup: If you have XMLRPC sync the VIPs that would work as the IDs would match on both. VIPs have to be tracked by ID, not I... Jim Pingle
09:30 AM Regression #13001 (Not a Bug): HA sync using shared CARP WAN IP results in Interface not found: '_vip577745067c45c' on backup: I set up IPSec on an HA setup recently. Per the docs (https://docs.netgate.com/pfsense/en/latest/highavailability/ip... Steve Y
07:40 AM Bug #13000: IPsec AES-GCM encryption algorithm "Key Length" field should be labeled "ICV Length": Yes, adding ICV Lenght into the drop-down will be helpful. Additionally, a note can be added to the existing help tex... Danilo Zrenjanin
07:31 AM Bug #13000: IPsec AES-GCM encryption algorithm "Key Length" field should be labeled "ICV Length": Also note that the field options *are not* 128/256, they are 128/96/64 (plus Auto on P2).
An alternate solution co... Jim Pingle
07:27 AM Bug #13000: IPsec AES-GCM encryption algorithm "Key Length" field should be labeled "ICV Length": It can't be removed, it's a necessary part of the algorithm selection. For AES-GCM it's the ICV (Integrity Check Valu... Jim Pingle
06:40 AM Bug #13000 (New): IPsec AES-GCM encryption algorithm "Key Length" field should be labeled "ICV Length": When choosing AES256/128-GCM, the key length is 256/128 bits long. The second field in the row labeled *Key length* n... Danilo Zrenjanin

03/29/2022

08:25 PM Revision 725763b0: Bring in Zabbix 6.x: Partial cherry-pick
(cherry picked from commit 0590dfaac0ec302b10931d6a239208908053160e) Brad Davis
07:43 PM Regression #12999 (Resolved): Duplicate wireless interfaces are created at boot: When a wifi interface is configured the wlan interface is created at boot and then renamed appropriately.
However in... Steve Wheeler
05:13 PM Bug #12998 (Resolved): Wireless interface WPA configuration fields are always visible: There are some logic errors when configuring a WIFI interface that hides/exposes the fields incorrectly.
When usin... Steve Wheeler
02:39 PM Revision 544be7a5: Don't force a network type on page load for VTI mode P2. Fixes #11226: Also affects mode changes from/to VTI Marcos M
02:31 PM pfSense Packages Feature #12963 (Pull Request Review): Run nmap scans in the background: Jim Pingle
02:28 PM Revision 030fab3e: Check Traffic Shaper Wizard Upstream SIP address family. Fixes #12937: Viktor Gurov
02:25 PM Revision 1ff9c7c3: Restart unbound to update ACL on OpenVPN change. Issue #12991: Viktor Gurov
01:12 PM pfSense Packages Bug #12992 (Pull Request Review): error: nbproc is not supported any more since HAProxy 2.5: Jim Pingle
12:11 PM Bug #12985 (New): DNS Resolver updates trust anchor at boot even with DNSSEC disabled which can lead to a startup delay of ~2 minutes if the firewall does not have Internet access: Jim Pingle
10:56 AM Bug #12985: DNS Resolver updates trust anchor at boot even with DNSSEC disabled which can lead to a startup delay of ~2 minutes if the firewall does not have Internet access: This commit seems to break enabling of DNSSEC on 2.7.0.a.20220328.0600. I previously had it enabled, disabled it, the... Glenn Hall
10:46 AM Bug #12991 (Feedback): DNS Resolver ACLs are not updated when OpenVPN networks change: Merged:
https://github.com/pfsense/pfsense/commit/1ff9c7c3ee0f060c4fd80a9db04c164cd1e92ec7 Viktor Gurov
07:31 AM Bug #12991 (Pull Request Review): DNS Resolver ACLs are not updated when OpenVPN networks change: Jim Pingle
10:46 AM Regression #12937 (Feedback): Traffic Shaper wizard can produce an invalid ruleset when configured with an IPv4 upstream SIP server: Merged:
https://github.com/pfsense/pfsense/commit/030fab3edaee1c2f10ea8695a041864810d94390 Viktor Gurov
07:47 AM Regression #12937 (Pull Request Review): Traffic Shaper wizard can produce an invalid ruleset when configured with an IPv4 upstream SIP server: Jim Pingle
05:25 AM Regression #12937: Traffic Shaper wizard can produce an invalid ruleset when configured with an IPv4 upstream SIP server: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/692 Viktor Gurov
10:45 AM Bug #11226 (Feedback): IPsec VTI phase 2 traffic selectors default to address when defined as a network: Merged:
https://github.com/pfsense/pfsense/commit/544be7a5360324249e8e389ad5a6de60288cf57f Viktor Gurov
10:29 AM Bug #12997 (Not a Bug): Port forward rules only function through the default gateway interface: We specifically test this frequently. I can't reproduce any problems here. It works fine on release and snapshots. Yo... Jim Pingle
10:28 AM Bug #12997 (Not a Bug): Port forward rules only function through the default gateway interface: the nat port forward work only on default gateway.
In another gateway, return closed port.
Multi-Wan
Same ca... Luiz Garcia
10:13 AM pfSense Packages Bug #12995 (Feedback): Installing stunnel only on the primary HA node leads to php crashes and sync issues: Merged:
https://github.com/pfsense/FreeBSD-ports/commit/c1a98faf91dee2303b83b9e1f29500241b2700c5 Viktor Gurov
07:40 AM pfSense Packages Bug #12995 (Pull Request Review): Installing stunnel only on the primary HA node leads to php crashes and sync issues: Jim Pingle
04:57 AM pfSense Packages Bug #12995: Installing stunnel only on the primary HA node leads to php crashes and sync issues: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/203 Viktor Gurov
09:42 AM pfSense Packages Bug #12996 (Duplicate): DNS Resolver needs to run manually after pfBlockerNG-devel package upgrade: Duplicate of #11398 Viktor Gurov
08:19 AM pfSense Packages Bug #12996 (Duplicate): DNS Resolver needs to run manually after pfBlockerNG-devel package upgrade: Running system - PfSense Plus 22.01 x64
After upgrading pfBlockerNG-devel from 3.1.0.1 to 3.1.0.2 and from 3.1.0.... Alex BJ
08:07 AM Bug #9024: Ping packet loss under load when using limiters: I believe I'm hitting this bug now on 22.05 snaps. Is there any workaround or status update on this one? Tried follow... → luckman212
07:50 AM Revision 02004e7a: Convert IPv6 with IPv4 mapping to hex on prefix merge. Fixes #12440: Viktor Gurov
07:49 AM Revision 2b0f4ab1: Add t4_tom module. Feature #9091: Viktor Gurov
07:36 AM pfSense Docs Correction #12994 (Feedback): Note in 4100 platform page refers to the 7100: Fixed and deployed: https://gitlab.netgate.com/docs/pfsense-platforms/-/commit/68ea1b8647735677b2546e37524f20eb9056bb... Jim Pingle
07:34 AM Regression #12873: Hyper-V RSC support in ``hn(4)`` driver is enabled by default and results in very low throughput: This looks to have been addressed by this: https://reviews.freebsd.org/D34507
Only in FreeBSD/main currently. Steve Wheeler
07:30 AM pfSense Plus Bug #12993 (Not a Bug): DHCP Leases page: 504 timeout: This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
07:29 AM Feature #12809: Recover existing SSH keys during installation: Viktor Gurov wrote in #note-6:
> > Additionally, even when fixing that, the @etc@ dir is not present. When importing... Jim Pingle
07:19 AM pfSense Plus Feature #12989 (Rejected): Improve Load Balancing Gateway Groups to Include Bandwith Usage: This is not possible. pf has no way to know how much of a circuit is utilized to make any kind of decision of that na... Jim Pingle
03:30 AM Bug #12440 (Feedback): Zero-value prefix IPv6 addresses are mishandled: Merged:
https://github.com/pfsense/pfsense/commit/02004e7ad1ef9ed56b035b4a821b5951e6a05125 Viktor Gurov
03:29 AM Feature #9091 (Feedback): Chelsio TOE support using the ``t4_tom`` module: Merged:
https://github.com/pfsense/pfsense/commit/2b0f4ab1ff2f66bbf8d8a9ef328aa1a755f9480c Viktor Gurov
03:29 AM Bug #12986 (Feedback): DHCP network boot filename can be incorrectly placed in DHCP Pool Options: Merged:
https://github.com/pfsense/pfsense/commit/568fdc9f7f4d9d6952f6ef51c922dd3603c5aa30 Viktor Gurov

03/28/2022

11:17 PM pfSense Packages Bug #12808: Wireguard Gateways disabled when Wireguard Service is Manually Restarted: I found this bug after having WireGuard stop passing traffic after a WAN GW went down and came back up. Upon restorat... Scott Lykens
09:34 PM pfSense Packages Bug #12995: Installing stunnel only on the primary HA node leads to php crashes and sync issues: After the nodes are in sync, xmlrpc syn completes successfully. Marcos M
08:52 PM pfSense Packages Bug #12995 (Resolved): Installing stunnel only on the primary HA node leads to php crashes and sync issues: Tested on @22.05.a.20220328.0600@.
# Install stunnel on primary node
# Force xmlrpc sync
sync fails and the se... Marcos M
08:39 PM Bug #12940 (Resolved): Deleting a user on the primary node does not delete its home directory on secondary node during XMLRPC sync: Tested on @22.05.a.20220328.0600@. Works as expected. Marcos M
07:34 PM Regression #11805: Port forward rules only function through the default gateway interface, ``reply-to`` does not work for Multi-WAN (CE Only): Kristof Provost wrote in #note-4:
> Patrick Clara: I cannot tell from that post if this is the same problem or not. ... Luiz Garcia
02:06 PM Revision 568fdc9f: Unset $filename variable. Fixes #12986: Viktor Gurov
01:29 PM pfSense Docs Correction #12994 (Closed): Note in 4100 platform page refers to the 7100: https://docs.netgate.com/pfsense/en/latest/solutions/netgate-4100/reinstall-pfsense.html
Note
Choosing the ... Chris Linstruth
11:03 AM Feature #12968 (Resolved): Button to clear previous packet capture data: It functions as expected on... Christopher Cope
10:43 AM Bug #12991: DNS Resolver ACLs are not updated when OpenVPN networks change: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/691 Viktor Gurov
01:56 AM Bug #12991 (Resolved): DNS Resolver ACLs are not updated when OpenVPN networks change: The access_lists.conf file doesn't get updated automatically after creating a CSO entry. After the manual unbound res... Viktor Gurov
10:26 AM Bug #12959: dhcplease process wrongly update host file if client-hostname is empty: lease 172.16.8.16 {
starts 1 2022/03/28 15:23:31;
ends 1 2022/03/28 15:25:01;
cltt 1 2022/03/28 15:23:31;
... Max Bal
09:55 AM Bug #12959 (Feedback): dhcplease process wrongly update host file if client-hostname is empty: Unable to reproduce on 2.7.0.a.20220327.0600
Could you show an example of /var/dhcpd/var/db/dhcpd.leases entries? (y... Viktor Gurov
10:13 AM Bug #12947: Old IPv6 addresses may continue to be used after DHCP or RA changes: I neglected to mention that I was using "Disable Gateway Monitoring Action" on my gateways when the above issues occu... David Myers
10:08 AM Bug #12922: Classless static routes received on DHCP WAN can override chosen default gateway: I've discontinued my Starlink service so I may not be able to help the with debugging of a fix for this issue in the ... David Myers
09:49 AM pfSense Plus Bug #12993 (Not a Bug): DHCP Leases page: 504 timeout: I have used pfsense CE for about 5 years. Finally on December 2021, I acquired a pfsense plus machine: Netgate 1541. ... Antonio Charnichart
09:29 AM Regression #12827: High latency and packet loss during a filter reload: Mateusz Guzik wrote in #note-18:
> Hi Kevin,
>
> can tell me what are the hardware spec if the problematic machines?... Kevin Bentlage
07:05 AM Regression #12827: High latency and packet loss during a filter reload: Kevin Bentlage wrote in #note-15:
> Have the same issues on our PFSense 2.6.0 cluster (2 members) after upgrading fr... Mateusz Guzik
07:04 AM Regression #12827: High latency and packet loss during a filter reload: Apologies for late reply, other things got in the way.
Flole Systems wrote in #note-13:
> Why is there any need f... Mateusz Guzik
09:25 AM Regression #12971 (Resolved): Firewall rule usage counters showing 0/0 after latest pf merge: Confirmed - 22.05.a.20220327.0600 and 2.7.0.a.20220327.0600 are Ok Viktor Gurov
09:22 AM Bug #11830: Certificate validation with OCSP always fails in ``openvpn.tls-verify.php``: Konstantin Panchenko wrote in #note-12:
> Konstantin Panchenko wrote in #note-11:
> > This is still an issue in 2.5... Viktor Gurov
09:08 AM Bug #12986: DHCP network boot filename can be incorrectly placed in DHCP Pool Options: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/690 Viktor Gurov
08:16 AM pfSense Packages Bug #12992 (Resolved): error: nbproc is not supported any more since HAProxy 2.5: On latest 22.05 snaps, HAProxy-devel 0.62_8 pkg will not start, gives the following error "config : parsing [/var/etc... → luckman212
05:13 AM pfSense Packages Feature #12963: Run nmap scans in the background: To disable any code injection risks:
- input is matched against a white list allowing only alphanumeric, spaces (excl... Phil Wardt
05:09 AM pfSense Packages Feature #12963: Run nmap scans in the background: After the last nmap changes, I wanted to harmonize the package with "Packet Capture"
https://github.com/pfsense/Free... Phil Wardt
03:23 AM Feature #12809: Recover existing SSH keys during installation: Jim Pingle wrote in #note-5:
> This is giving an error when it tries to process the keys. When run with @sh -x@, it s... Viktor Gurov
01:57 AM Feature #12636 (Resolved): Automatically create DNS Resolver ACLs for OpenVPN CSO entries: Danilo Zrenjanin wrote in #note-5:
> Tested on the:
>
> [...]
>
> The access_lists.conf file doesn't get upda... Viktor Gurov
12:01 AM Feature #12724 (Resolved): Notify user if AutoConfigBackup is unable to successfully upload a backup: Viktor Gurov

03/27/2022

08:12 PM pfSense Docs Todo #12990 (Closed): Feedback on pfSense® software Configuration Recipes — Configuring CoDel Limiters for Bufferbloat: *Page:* https://docs.netgate.com/pfsense/en/latest/recipes/codel-limiters.html
*Feedback:*
Implementing this as-i... Marcos M
07:48 PM Feature #12973 (Resolved): Playback script to perform a configuration upgrade on an arbitrary ``config.xml`` file: Tested on @22.05.a.20220327.0600@ with a config from pfSense 2.2 (config version 11.6). The file was upgraded correctly. Marcos M
05:49 PM Feature #12982: Add support for RFC7499 in RADIUS library.: There's an MR that changes the way AVPair rules are handled with OpenVPN users (for a different feature request). Wou... Marcos M
12:48 PM Regression #12971: Firewall rule usage counters showing 0/0 after latest pf merge: This seems to be fixed in 22.05.a.20220327.0600 Kristof Provost
11:15 AM pfSense Packages Bug #12956 (Closed): suricata fails to use pcre in SID management (e.g. dropsid.conf): The commit says it resolves issue #10244. The reasoning given there is:
> The chosen solution was to mimic the curre... Marcos M

03/26/2022

09:54 PM Regression #11545: Primary interface address is not always used when VIPs are present: Jeff Quasarano wrote in #note-27:
> I have this exact issue on 22.01. It manifests on reboot with OpenVPN server st... Kris Phillips
09:51 PM pfSense Plus Feature #12989 (Rejected): Improve Load Balancing Gateway Groups to Include Bandwith Usage: Load balancing in pfSense is rather rudimentary and is completely random based on the weighting, with a default weigh... Kris Phillips
09:42 PM Regression #12827: High latency and packet loss during a filter reload: Wanted to add additional observations from situations I've seen this issue crop up:
1. pfBlockerNG causes this wit... Kris Phillips
09:38 PM Regression #12821: Intel e1000 driver (``em``, ``igb``) cannot pass packets tagged with VLAN ``0``: Tested the igb driver. Issue is no longer present in 22.01 or 2.6 with the custom driver compiled from kernel source... Kris Phillips
03:09 PM Feature #12879 (Resolved): Toggle button to disable/enable multiple entries on NAT pages: working successfully.
22.05.a.20220326.0600
Alhusein Zawi
02:26 PM Feature #12724: Notify user if AutoConfigBackup is unable to successfully upload a backup: received notification of failed backup attempt after initiating manual save and intentionally inhibiting upstream con... Jordan G
12:33 PM Feature #12636: Automatically create DNS Resolver ACLs for OpenVPN CSO entries: Tested on the: ... Danilo Zrenjanin
11:23 AM Bug #12988 (Not a Bug): packages.netgate.com does not resolve...: https://docs.netgate.com/pfsense/en/latest/troubleshooting/upgrades.html#packages-netgate-com-has-no-a-aaaa-record Jim Pingle
09:39 AM Bug #12988 (Not a Bug): packages.netgate.com does not resolve...: See https://forum.netgate.com/topic/171035/since-about-1400-hours-i-have-been-unable-to-get-updates-in-dashboard
H... Beat Siegenthaler
10:03 AM Feature #12685 (Resolved): Support encrypted ``config.xml`` files when restoring via ECL: Tested against:... Danilo Zrenjanin

03/25/2022

11:45 PM Bug #12747: Restarting the logging daemon during rotation also restarts ``sshguard``, leading to frequent log messages: Having the same issue since 2.6.0. Car F
07:07 PM Revision 37f3e8f0: Do not sync root.key file if DNSSEC is not enabled. Issue #12985: Viktor Gurov
04:25 PM Feature #1826: PPPoE server IPv6 support: DS-Lite is coming more and more to the market and therefore working IPv6 is required.
Do you see any chance to imple... Thomas Levi
03:05 PM Bug #12987 (Not a Bug): Traffic going through wrong interface: There is not enough information here to rule out a configuration or local network environment problem and this site i... Jim Pingle
03:00 PM Bug #12987 (Not a Bug): Traffic going through wrong interface: Hi, I noticed that since 2.6, some traffic that should be managed by interface A, is actually going through B. If I d... Carlos Paixão
02:14 PM Bug #12985 (Pull Request Review): DNS Resolver updates trust anchor at boot even with DNSSEC disabled which can lead to a startup delay of ~2 minutes if the firewall does not have Internet access: Jim Pingle
02:08 PM Bug #12985: DNS Resolver updates trust anchor at boot even with DNSSEC disabled which can lead to a startup delay of ~2 minutes if the firewall does not have Internet access: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/688 Viktor Gurov
10:09 AM Bug #12985: DNS Resolver updates trust anchor at boot even with DNSSEC disabled which can lead to a startup delay of ~2 minutes if the firewall does not have Internet access: forum topic & solution:
https://forum.netgate.com/topic/162435/unbound-service-very-slow-to-start-in-offline-setup Viktor Gurov
09:07 AM Bug #12985 (Resolved): DNS Resolver updates trust anchor at boot even with DNSSEC disabled which can lead to a startup delay of ~2 minutes if the firewall does not have Internet access: The unbound-anchor starts after every unbound service (re)start, which causes delays if there is no active Internet c... Danilo Zrenjanin
01:29 PM Bug #12986 (Resolved): DHCP network boot filename can be incorrectly placed in DHCP Pool Options: After an upgrade from 2.5.2 to 2.6.0 we have been encountering an issue with network booting. Under inside the DHCP n... John Ward
01:01 PM Revision e1e388e4: Disable buttons on NAT pages if no rules selected. Fixes #12957: Viktor Gurov
11:53 AM Feature #7783: Support for hosting VMs on pfSense using bhyve: Corey Boyle wrote:
> Seems like pfSense would make a great host platform for VMs using bhyve.
I agree. pfsense c... Wayne Sherman
09:00 AM pfSense Docs Todo #12983 (Closed): Fix instances of double words: Fixed numerous double/repeated words and deployed the result.
> 33 files changed, 63 insertions(+), 64 deletions(-... Jim Pingle
07:37 AM pfSense Docs Todo #12983 (In Progress): Fix instances of double words: That one bit is an easy typo fix but I'll use this as an excuse to check for and fix double words like this ("it it")... Jim Pingle
08:49 AM pfSense Packages Bug #12818 (Feedback): IP block logging not working: Should be fixed in pfBlockerNG-devel_3.1.0_3 Viktor Gurov
08:45 AM Bug #12957 (Feedback): Delete button is always active for NAT rules, even if no rules are selected: Merged:
https://github.com/pfsense/pfsense/commit/e1e388e41849d14e514ba428e95a59e33111ff10 Viktor Gurov
07:20 AM Bug #12957 (Pull Request Review): Delete button is always active for NAT rules, even if no rules are selected: Jim Pingle
02:31 AM Bug #12957: Delete button is always active for NAT rules, even if no rules are selected: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/686 Viktor Gurov
08:45 AM Regression #12984 (Feedback): OpenVPN causes Crash Reports in the GUI: Merged:
https://github.com/pfsense/pfsense/commit/4533e50b84a6cfbeaa31d0a5529ab377029659b0 Viktor Gurov
07:22 AM Regression #12984 (Pull Request Review): OpenVPN causes Crash Reports in the GUI: Jim Pingle
03:40 AM Regression #12984: OpenVPN causes Crash Reports in the GUI: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/687 Viktor Gurov
03:08 AM Regression #12984 (Resolved): OpenVPN causes Crash Reports in the GUI: After defining an Alias Network(s) Type with FQDN/32 in the IPv4 Local network(s) under OpenVPN IPv4 Local network(s)... Danilo Zrenjanin
08:38 AM Revision 4533e50b: Skip unresolved OpenVPN alias DNS entries. Fixes #12984: Viktor Gurov
08:22 AM Feature #12809 (New): Recover existing SSH keys during installation: This is giving an error when it tries to process the keys. When run with @sh -x@, it shows:... Jim Pingle
02:43 AM Bug #12925 (Resolved): FQDN in network alias is omitted from OpenVPN networks list: Tested against:... Danilo Zrenjanin

03/24/2022

10:46 PM pfSense Docs Todo #12983 (Closed): Fix instances of double words: I found some unimportant typos in https://docs.netgate.com/pfsense/en/latest/services/dns/resolution-process.html#d... Tony Chi
10:34 PM Feature #12982 (Rejected): Add support for RFC7499 in RADIUS library.: It seems when there are too many entries (per user) in the Radreply table (using MySQL) of FreeRadius package, pfsens... Frank Lee
07:20 PM Revision 65adb193: Packet Capture: edit delete capure icon: Phil Wardt
02:51 PM Todo #12981 (Resolved): Warn about OpenVPN shared key deprecation: See #12980 for more info. OpenVPN shared key is being deprecated. It isn't being removed yet, but will be in the near... Jim Pingle
02:34 PM Feature #12968: Button to clear previous packet capture data: PR merged
Jim Pingle
01:58 PM Feature #12968: Button to clear previous packet capture data: I just noticed you have a delete icon
I pushed another enhancement with a proper delete icon:
https://github.com/pf... Phil Wardt
02:21 PM pfSense Packages Feature #12963: Run nmap scans in the background: Again, noticed the delete icon resource
https://github.com/pfsense/FreeBSD-ports/pull/1152
Phil Wardt
10:20 AM pfSense Packages Feature #12963: Run nmap scans in the background: The Makefile needed an additional fix or it wouldn't compile: https://github.com/pfsense/FreeBSD-ports/commit/d34af18... Jim Pingle
10:05 AM pfSense Packages Feature #12963 (Feedback): Run nmap scans in the background: PR merged, thanks! Jim Pingle
02:11 PM pfSense Docs Todo #12980 (Feedback): Add warnings against OpenVPN Shared Key mode: Warning added and some related refs cleaned up. All committed and deployed:
https://gitlab.netgate.com/docs/pfSens... Jim Pingle
12:47 PM pfSense Docs Todo #12980 (Resolved): Add warnings against OpenVPN Shared Key mode: OpenVPN is deprecating Shared Key mode in OpenVPN 2.6.0 and removing it in a future version (presumably 3.0 or 2.7, w... Jim Pingle
02:05 PM Regression #12977: Rule descriptions in firewall logs show wrong rule label: The rule description for the logs (and perhaps states if that pans out) should always be the last label on the rule. ... Jim Pingle
02:02 PM Regression #12977: Rule descriptions in firewall logs show wrong rule label: I did run into this, and I'm spending some time plumbing things through libpfctl to the pfSense php module. This will... Reid Linnemann
11:16 AM pfSense Packages Feature #12882: Add the option to specify CURLOPT_INTERFACE in pfBlockerNG IPv4/IPv6 lists: Sure thing, happy to contribute! Charles Hamilton
10:53 AM pfSense Packages Feature #12882 (Feedback): Add the option to specify CURLOPT_INTERFACE in pfBlockerNG IPv4/IPv6 lists: PR merged, thanks!
https://github.com/pfsense/commit/9e7c6e33857e42fa97ae04e57285ee180643440d
https://github.com... Viktor Gurov
10:48 AM pfSense Packages Feature #12795 (Feedback): Add *.pfsense.org and *.netgate.com to the default DNSBL whitelist: Merged:
https://github.com/pfsense/FreeBSD-ports/commit/b7a4f7d12cc68460d75ae7204d0e4f8381d6d162
Viktor Gurov
10:47 AM pfSense Packages Bug #12706 (Feedback): pfBlockerNG and unbound does not work after switching /var to RAM disk: Merged:
https://github.com/pfsense/commit/dc4f288b66af9b0ffc6dded8fe128aaeca0a9ac6 Viktor Gurov
10:16 AM pfSense Packages Bug #12772 (Resolved): Syslog-ng writes config.xml on each start: Tested against:... Danilo Zrenjanin
10:09 AM Todo #12934 (Feedback): Update strongSwan: The update is done in the ports tree. It's in CE snapshots now, will be in the next Plus snapshots shortly.... Jim Pingle
09:49 AM Feature #12702 (Resolved): Use consistent pf host ID and add GUI option to set a custom host ID in state synchronization settings: Christopher Cope
09:49 AM Feature #12702: Use consistent pf host ID and add GUI option to set a custom host ID in state synchronization settings: Marking resolved. As noted above, everything was good from version... Christopher Cope
09:02 AM pfSense Packages Bug #12979: Snort Rules Update Process Using Deprecated FreeBSD Subdirectory Name: *Updated Info:* a decision was made to simply cherry-pick the DEVEL change into the RELENG_2_6_0 branch because the S... Bill Meeks
07:22 AM pfSense Packages Bug #12979 (Pull Request Review): Snort Rules Update Process Using Deprecated FreeBSD Subdirectory Name: devel PR merged, left a note on the RELENG_2_6_0 PR as there is an issue there that needs resolved first. Jim Pingle
06:46 AM Bug #12925: FQDN in network alias is omitted from OpenVPN networks list: Thank you, I've just applied both and have confirmed that it is working as expected now. Adrien Carlyle

03/23/2022

10:10 PM Regression #12827: High latency and packet loss during a filter reload: Have the same issues on our PFSense 2.6.0 cluster (2 members) after upgrading from 2.5.2.
Firewalls have 75 interfac... Kevin Bentlage
07:59 PM Revision b77f85b0: Add upgradeconfig script. Implements #12973: Jim Pingle
07:58 PM Revision f4b777f0: Fix syntax errors. Issue #12940: Jim Pingle
06:26 PM Bug #12976: Captive Portal not working with CARP-VIP configured on Captive-Portal-Interface: Yeah this doesn't appear to be CP related. The generated ipfw rules allow access to the CARP VIP on the interface:
<... Steve Wheeler
03:05 PM Bug #12976 (Not a Bug): Captive Portal not working with CARP-VIP configured on Captive-Portal-Interface: Usually if you select any specific interface it doesn't necessarily include the VIPs, so it's somewhat surprising tha... Jim Pingle
02:49 PM Bug #12976: Captive Portal not working with CARP-VIP configured on Captive-Portal-Interface: It looks like I found the issue. I had to explicitly check the CARP-address on the guest-portal interface for unbound... Alex Boettrich
11:21 AM Bug #12976: Captive Portal not working with CARP-VIP configured on Captive-Portal-Interface: Thanks for pointing out #12834 - I missed that.
#12834 is installed now and I rebooted the box - same problem - capt... Alex Boettrich
07:58 AM Bug #12976: Captive Portal not working with CARP-VIP configured on Captive-Portal-Interface: Have you applied the workaround from #12834? It's possible this is the same root cause. Jim Pingle
03:53 PM pfSense Packages Bug #12979: Snort Rules Update Process Using Deprecated FreeBSD Subdirectory Name: A fix for this issue has been posted in Pull Requests https://github.com/pfsense/FreeBSD-ports/pull/1149 for RELEASE ... Bill Meeks
02:23 PM pfSense Packages Bug #12979 (Pull Request Review): Snort Rules Update Process Using Deprecated FreeBSD Subdirectory Name: Beginning around the first of March 2022, the Snort rules update package from the Snort VRT changed the subdirectory ... Bill Meeks
03:02 PM Bug #12940 (Feedback): Deleting a user on the primary node does not delete its home directory on secondary node during XMLRPC sync: Fix was merged + needed a syntax fix. Jim Pingle
08:01 AM Bug #12940 (Pull Request Review): Deleting a user on the primary node does not delete its home directory on secondary node during XMLRPC sync: Jim Pingle
07:03 AM Bug #12940 (New): Deleting a user on the primary node does not delete its home directory on secondary node during XMLRPC sync: Viktor Gurov wrote in #note-6:
> Marcos Mendoza wrote in #note-5:
> > This works if the bug was never hit before. If ... Viktor Gurov
06:20 AM Bug #12940 (Feedback): Deleting a user on the primary node does not delete its home directory on secondary node during XMLRPC sync: Viktor Gurov wrote in #note-2:
> fix:
> https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/680
Merged:
... Viktor Gurov
04:36 AM Bug #12940: Deleting a user on the primary node does not delete its home directory on secondary node during XMLRPC sync: Marcos Mendoza wrote in #note-5:
> This works if the bug was never hit before. If the orphaned directory still exist... Viktor Gurov
03:01 PM Feature #12973 (Feedback): Playback script to perform a configuration upgrade on an arbitrary ``config.xml`` file: Added script: https://gitlab.netgate.com/pfSense/pfSense/-/commit/b77f85b09f21c84eac8355ca805643eae8547221
Jim Pingle
02:35 PM Revision 97b49080: Always change .ssh directory permission. Issue #12940: Viktor Gurov
12:44 PM Revision 4d99cf21: Merge pull request #4562 from NobleKangaroo/increase-max-firewall-log-entries: Jim Pingle
12:34 PM Revision 5042d9e0: Merge pull request #4564 from PhilZ-cwm6/PhilZ-cwm6-patch-pckcapture: Jim Pingle
11:18 AM pfSense Docs Correction #12978: Correction to iftop section of Monitoring Bandwidth Usage: That whole section needs to be rewritten, iftop is a part of base now, and there is a way to use it in the GUI as well. Jim Pingle
11:01 AM pfSense Docs Correction #12978 (Resolved): Correction to iftop section of Monitoring Bandwidth Usage: https://docs.netgate.com/pfsense/en/latest/monitoring/graphs/bandwidth-usage.html#iftop
The instructions on this p... Max Leighton
09:37 AM Regression #12971: Firewall rule usage counters showing 0/0 after latest pf merge: I see the same issue, but believe the root cause is that we've not re-built the php-pfSense-module after the recent m... Kristof Provost
09:29 AM pfSense Packages Feature #12963: Run nmap scans in the background: Standardize nmap text in description: NMap -> Nmap
https://github.com/pfsense/FreeBSD-ports/pull/1148 Phil Wardt
07:28 AM pfSense Packages Feature #12963 (Pull Request Review): Run nmap scans in the background: Jim Pingle
07:41 AM pfSense Packages Bug #12917 (Resolved): LoopiaAPI changed: Loopia is working again, based on a comment left on the Github commit: https://github.com/pfsense/FreeBSD-ports/commi... Jim Pingle
07:39 AM Regression #12977: Rule descriptions in firewall logs show wrong rule label: This is a known issue at the moment. It's a side effect of #12092 and the fact that the methods we use to get the rul... Jim Pingle
07:35 AM Feature #12968 (Feedback): Button to clear previous packet capture data: PR Merged Jim Pingle
06:22 AM Regression #12949 (Feedback): The ruleset is not regenerated after assigning an interface: Merged:
https://github.com/pfsense/pfsense/commit/d1d1084eb4ebedbcc86cfe13c6d25cf9570646b0 Viktor Gurov

03/22/2022

09:32 PM Regression #12977 (Resolved): Rule descriptions in firewall logs show wrong rule label: This was previously working on March 11th snapshot - now broken on 22.05.a.20220322.0600.
Only the default deny ru... Marcos M
09:24 PM pfSense Packages Bug #12951 (Feedback): FRR cannot remove IPv6 routes: There really isn't enough info to determine what may be happening. The error itself can be normal in some cases.
S... Marcos M
07:07 PM Revision a23b8930: Edit Clear Capture button text: Phil Wardt
07:05 PM Revision e01ea791: Unset the other PCRE options: Brad Davis
06:59 PM Revision 39fb897e: Use unlink_if_exists(): Phil Wardt
06:03 PM Revision 7691f0c7: Delete user home directory on user delete XMLRPC sync. Fixes #12940: Viktor Gurov
04:40 PM Revision 0590dfaa: Deprecate Zabbix 3.x and bring in Zabbix 6.x: Brad Davis
04:09 PM Bug #12976 (Not a Bug): Captive Portal not working with CARP-VIP configured on Captive-Portal-Interface: When Captive Portal is configured with a CARP VIP on the interface the captive portal does not work. DNS traffic to C... Alex Boettrich
03:37 PM Revision d1d1084e: Reload filter rules after reassigning an interface. Fixes #12949: Viktor Gurov
03:27 PM pfSense Packages Feature #12963: Run nmap scans in the background: Updated TAB and Button names from ...log to "View Results"
Patch attached above
https://github.com/pfsense/FreeBSD-p... Phil Wardt
01:29 AM pfSense Packages Feature #12963: Run nmap scans in the background: Github link again
https://github.com/pfsense/FreeBSD-ports/pull/1148 Phil Wardt
02:55 PM Bug #12975 (Resolved): IKEv2 Mobile IPsec clients do not receive ``INTERNAL_DNS_DOMAIN`` (value ``25``) attribute: DNS IP addresses must be supplied to the remote client when a mobile tunnel is created in order to resolve remote (pr... Serge Caron
02:13 PM Feature #12968: Button to clear previous packet capture data: With last changes
https://github.com/pfsense/pfsense/pull/4564 Phil Wardt
08:29 AM Feature #12968 (Pull Request Review): Button to clear previous packet capture data: Jim Pingle
01:27 AM Feature #12968: Button to clear previous packet capture data: Viktor Gurov wrote in #note-1:
> Please create a pull request with your changes:
> https://docs.netgate.com/pfsense... Phil Wardt
12:05 AM Feature #12968: Button to clear previous packet capture data: Please create a pull request with your changes:
https://docs.netgate.com/pfsense/en/latest/development/pull-request.... Viktor Gurov
01:47 PM pfSense Plus Bug #12974 (Closed): Typing anything into 1100/2100 recovery installer causes process to stop: During the installation process the user is prompted to select a filesystem or type enter to install with ZFS.
How... Ryan Coleman
01:36 PM Revision abddfcd2: Toggle Button for NAT Pages. Implements #12879: Viktor Gurov
01:34 PM Revision 065e0508: OpenVPN FQDN in alias netmask fix. Issue #12925: Viktor Gurov
01:25 PM Bug #12942 (New): Code to kill states for old gateway when reconnecting an interface is incorrect: Back burner this for now, can revisit soon. The current gateway behavior appears to be sufficient, this might be nice... Jim Pingle
01:10 PM Bug #12940: Deleting a user on the primary node does not delete its home directory on secondary node during XMLRPC sync: This works if the bug was never hit before. If the orphaned directory still exists, creating or deleting a user with ... Marcos M
08:09 AM Bug #12940 (Pull Request Review): Deleting a user on the primary node does not delete its home directory on secondary node during XMLRPC sync: Jim Pingle
01:09 PM pfSense Packages Bug #12917 (Feedback): LoopiaAPI changed: The acme.sh project made a new release with the fix, I've updated the ACME package with the new files, should be buil... Jim Pingle
12:33 PM pfSense Docs Correction #12970 (Closed): SG-2220 incorrectly referred to as SG-2200: There were a few bad refs in that doc, though most were in internal labels and not directly visible. All fixed now, w... Jim Pingle
09:29 AM pfSense Docs Correction #12970 (Closed): SG-2220 incorrectly referred to as SG-2200: On https://docs.netgate.com/pfsense/en/latest/solutions/sg-2220/m-2-sata-installation.html
The first note says
<p... Christopher Cope
12:22 PM Feature #12973 (Resolved): Playback script to perform a configuration upgrade on an arbitrary ``config.xml`` file: In the spirit of this feature:
pfSsh.php playback cryptconfig decrypt /root/enctest/test.xml /root/enctest/out... Chris Linstruth
12:16 PM Revision 3625ad41: Typo in log widget object name.: Jim Pingle
11:04 AM Bug #12972 (Rejected): After firmware update IPSEC connections to a FortiGate firewall fail.: This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
11:03 AM Bug #12972 (Rejected): After firmware update IPSEC connections to a FortiGate firewall fail.: Even the FortiClient VPN client software on our PC's will not connect after update to 22.01.
If we connect our PC to... Henrik Villadsen
10:56 AM Regression #12971 (Resolved): Firewall rule usage counters showing 0/0 after latest pf merge: On the latest Plus (22.05) and CE (2.7.0) snapshots the counters on the firewall rule tabs are showing 0/0 even when ... Jim Pingle
10:04 AM Bug #12920: Gateway behavior differs when the gateway does not exist in the configuration: Seeing what looks top be related whilst testing: https://redmine.pfsense.org/issues/12949
After the WAN interface ... Steve Wheeler
09:40 AM Bug #12925: FQDN in network alias is omitted from OpenVPN networks list: Adrien Carlyle wrote in #note-13:
> Does the original patch get updated or would I need to apply a second or differe... Viktor Gurov
09:16 AM Bug #12925 (Feedback): FQDN in network alias is omitted from OpenVPN networks list: Merged:
https://github.com/pfsense/pfsense/commit/065e050890508ff0c97455a6352cdb914d34ddbd Viktor Gurov
09:13 AM Bug #12925: FQDN in network alias is omitted from OpenVPN networks list: Does the original patch get updated or would I need to apply a second or different one to test for you all? Adrien Carlyle
07:46 AM Bug #12925 (Pull Request Review): FQDN in network alias is omitted from OpenVPN networks list: Jim Pingle
09:27 AM Feature #12879 (Feedback): Toggle button to disable/enable multiple entries on NAT pages: Merged:
https://github.com/pfsense/pfsense/commit/abddfcd2d2ff236716002c88c0d045711cb17d7b Viktor Gurov
08:14 AM pfSense Packages Bug #12969 (Duplicate): Status_Traffic_Totals GUI showing graphical data for the wrong month: Duplicate of #9537 -- This is due to Daylight Saving Time and is a known issue in graphs made from vnstat data. Jim Pingle
08:04 AM pfSense Packages Bug #12965 (Pull Request Review): FRR BFD peer configuration is handled incorrectly in some cases: Jim Pingle
08:04 AM Regression #12949 (Pull Request Review): The ruleset is not regenerated after assigning an interface: Jim Pingle
07:45 AM Feature #12964 (Closed): Add toggle for vtnet ALTQ/multiqueue on Advanced - > Networking page below "hn ALTQ Support": This is not possible as the options which allow ALTQ to work on vtnet are compile-time options and not runtime option... Jim Pingle
06:22 AM pfSense Packages Bug #12808: Wireguard Gateways disabled when Wireguard Service is Manually Restarted: Here are some screenshots for reference.
Note: Disabling Gateway Monitoring and Using Non-local Gateway or using a /... Waqas Khan
06:07 AM pfSense Packages Bug #12808: Wireguard Gateways disabled when Wireguard Service is Manually Restarted: I am the original author of this post https://old.reddit.com/r/PFSENSE/comments/tc8zsx/wireguard_service_not_starting... Waqas Khan

03/21/2022

11:59 PM pfSense Packages Feature #10809 (Resolved): IDS/IPS - Notifications when new rule categories are released: Viktor Gurov
05:26 PM pfSense Packages Feature #10809: IDS/IPS - Notifications when new rule categories are released: Chiming in to note all is good, notifications are sent when new rule categories appear.
Can be closed. e 1/1
10:32 PM Revision ab46a1e2: Merge branch 'master' into mvc_refactor: Trevor Kerr
07:34 PM Revision f9d2c2c3: Packet capture: add clear log button: When there is a log file, show a "Clear Log" button to delete the last log without having to drop to cli Phil Wardt
04:55 PM pfSense Packages Feature #12963: Run nmap scans in the background: Phil Wardt wrote in #note-3:
> Phil Wardt wrote in #note-2:
> > Add a working test patch that can be copied into Sy... Phil Wardt
07:51 AM pfSense Packages Feature #12963: Run nmap scans in the background: Phil Wardt wrote in #note-2:
> Add a working test patch that can be copied into System Patches package:
Added opt... Phil Wardt
03:35 PM pfSense Packages Bug #12969 (Duplicate): Status_Traffic_Totals GUI showing graphical data for the wrong month: In the GUI for version 2.3.2_2, the Interactive Graph and Date Summary are both showing the current data under the wr... Oren Jellow
02:38 PM Feature #12968 (Resolved): Button to clear previous packet capture data: Packet Capture window:
When there is a log file, show a "Clear Log" button to delete the last log without having to ... Phil Wardt
10:59 AM Bug #12940: Deleting a user on the primary node does not delete its home directory on secondary node during XMLRPC sync: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/680 Viktor Gurov
10:43 AM Bug #12957 (In Progress): Delete button is always active for NAT rules, even if no rules are selected: Viktor Gurov
10:43 AM Bug #12966 (Duplicate): Some action buttons are always active, even if no NAT rule is selected: Viktor Gurov
03:39 AM Bug #12966 (Duplicate): Some action buttons are always active, even if no NAT rule is selected: The "Delete" and "Toggle" (#12879) buttons at the bottom of the NAT rules page are always active.
All of these butto... Viktor Gurov
08:39 AM pfSense Packages Bug #12965: FRR BFD peer configuration is handled incorrectly in some cases: fixes:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/199 Viktor Gurov
08:17 AM Bug #10513: State issues with policy routing and HA failover: > Tested in 2.5.2. This seems to still be a big issue.
In 2.6.0, too. I'm not sure about the lost states, but the tr... Christian Ullrich
04:32 AM Regression #12949: The ruleset is not regenerated after assigning an interface: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/679 Viktor Gurov
04:11 AM Bug #12440: Zero-value prefix IPv6 addresses are mishandled: Marcos Mendoza wrote in #note-5:
> Tested on @22.05.a.20220311.0600@ with the patch.
>
> The IP @::192.168.10.10@... Viktor Gurov
03:40 AM Bug #12871: Some action buttons are always active for firewall rules, even if no rules are selected: Christopher Cope wrote in #note-5:
> Tested on
> [...]
>
> and the buttons are disabled without a selection on t... Viktor Gurov
02:12 AM Feature #12675 (New): Move command line history to a GUI option stored in ``config.xml`` rather than a manual flag file: Jim Pingle wrote in #note-8:
> nd now if the user touches the file manually it gets cleared at the next boot, so the... Viktor Gurov
02:10 AM Feature #12675: Move command line history to a GUI option stored in ``config.xml`` rather than a manual flag file: Jim Pingle wrote in #note-10:
> I merged a fix for the option check and also added a GUI option when editing the use... Viktor Gurov
01:14 AM Bug #12790: Link-Local IPv6 address on WAN with MAC spoofing changes if there is an IP Alias on WAN: Tested on 22.05-DEVELOPMENT (built on Sun Mar 20 06:19:27 UTC 2022) with patch from https://gitlab.netgate.com/pfSens... Azamat Khakimyanov

03/20/2022

11:56 PM pfSense Packages Feature #12718 (Resolved): add igc(4) to the list of INLINE mode (iflib/netmap) supported cards: Viktor Gurov
04:04 PM pfSense Packages Bug #12965: FRR BFD peer configuration is handled incorrectly in some cases: To summarize:
* load the saved @Profile@ value on BFD peer edit
* allow the selection of VIPs for @Local Source Add... Marcos M
03:58 PM pfSense Packages Bug #12965 (Pull Request Review): FRR BFD peer configuration is handled incorrectly in some cases: Saving the following BFD peer configuration results in no configuration change (checked by looking at @FRR / Status /... Marcos M
12:52 PM Feature #12964: Add toggle for vtnet ALTQ/multiqueue on Advanced - > Networking page below "hn ALTQ Support": Sorry I meant below "hn ALTQ support" Chris Collins
12:50 PM Feature #12964 (Closed): Add toggle for vtnet ALTQ/multiqueue on Advanced - > Networking page below "hn ALTQ Support": The vtnet driver can only support multiqueue or ALTQ, and not both, I held of the feature request, but now I see hype... Chris Collins
08:48 AM pfSense Packages Feature #12963: Run nmap scans in the background: Add a working test patch that can be copied into System Patches package:
Phil Wardt
08:23 AM pfSense Packages Feature #12963: Run nmap scans in the background: Github commit, tested with screen shots:
https://github.com/pfsense/FreeBSD-ports/pull/1148
Note: it properly sup... Phil Wardt
08:19 AM pfSense Packages Feature #12963 (Feedback): Run nmap scans in the background: NMap package cannot actually run from gui because of nginx timeout
This patch adds the following features:
- run ... Phil Wardt
06:14 AM pfSense Packages Bug #12808: Wireguard Gateways disabled when Wireguard Service is Manually Restarted: Also see:
https://old.reddit.com/r/PFSENSE/comments/tc8zsx/wireguard_service_not_starting_on_system/
Can also con... Zep Man

03/19/2022

10:08 PM Regression #12821: Intel e1000 driver (``em``, ``igb``) cannot pass packets tagged with VLAN ``0``: I have compiled the igb driver for 12.3 to test this weekend.
Additionally, patches for the VLAN issue should be i... Kris Phillips
10:06 PM Regression #12827: High latency and packet loss during a filter reload: Have run into this bug twice with customers, once with a standalone firewall that had 200+ interfaces and another wit... Kris Phillips
06:23 PM Bug #12728 (Resolved): Cannot remove IPv6 static routes: I was able to add/remove IPv6 static routes without errors.
route is removed.
22.05.a.20220319.0600
Alhusein Zawi
03:21 PM pfSense Packages Bug #12917: LoopiaAPI changed: Jim Pingle wrote in #note-2:
> Viktor Gurov wrote in #note-1:
> > acme.sh updated to v3.0.2 in #12886
> >
> > Lo... Nim Djid
01:37 PM pfSense Packages Feature #12718: add igc(4) to the list of INLINE mode (iflib/netmap) supported cards: was able to start suricata inline mode on igc interface (6100) running 22.01 v6.0.4_1 Jordan G
12:53 PM Feature #12863: dynamically tune sha512crypt rounds: Here's a patch that can be applied by copying its contents
Tested with auth on my current system
Rounds could maybe... Phil Wardt
10:16 AM Feature #12863: dynamically tune sha512crypt rounds: Jim Pingle wrote in #note-2:
> Dynamic tuning sounds like more trouble than it's worth, IMO. We'd have to test and ca... Phil Wardt
09:27 AM Feature #12962 (Duplicate): Improve default sha512 password hashing rounds: Already covered by multiple other issues.
See: #12855, #12800, #12863
Jim Pingle
09:22 AM Feature #12962: Improve default sha512 password hashing rounds: Here's the commit:
https://github.com/pfsense/pfsense/pull/4563 Phil Wardt
09:18 AM Feature #12962 (Duplicate): Improve default sha512 password hashing rounds: After this change: https://redmine.pfsense.org/issues/10298
The default encryption for passwords is sha512
Howeve... Phil Wardt
09:11 AM pfSense Packages Bug #12951: FRR cannot remove IPv6 routes: https://github.com/FRRouting/frr/issues/10827 yon Liu
05:32 AM pfSense Packages Bug #12951: FRR cannot remove IPv6 routes: 2022/03/19 02:16:50 BGP: can't connect to 2604:8800:60:240::100 fd 34 : Permission denied
2022/03/19 02:16:50 BGP: c... yon Liu
06:31 AM pfSense Packages Bug #12777 (Resolved): STunnel writes config.xml on each start: Tested with Stunnel 5.50_10
It writes to config.xml only after config changes. Ticket resoloved. Danilo Zrenjanin
05:28 AM Bug #12780 (Resolved): L2TP/PPTP interface assignment page loses some values after input validation error: Tested on the:... Danilo Zrenjanin
05:12 AM Bug #12792 (Resolved): Automatic Outbound NAT rules do not include OpenVPN CSO entries: Tested on:... Danilo Zrenjanin
04:59 AM Bug #12887 (Resolved): GUI does not reject an invalid OpenVPN tap mode configuration with an empty tunnel network "Bridge DHCP" disabled: Tested against:... Danilo Zrenjanin

03/18/2022

10:45 PM Revision 44c4a509: Increase max firewall log entries: Christopher Embry
02:07 PM Revision 062972b3: pf host ID support. Issue #12702: Jim Pingle
02:01 PM Bug #12947: Old IPv6 addresses may continue to be used after DHCP or RA changes: The patch didn't work.
I applied the patch to my 2.5.2 system then enabled DHCP6 client debug mode and saved the i... David Myers
01:16 PM Revision 98ecfb9f: Add user opt to keep history. Implements #12675: Jim Pingle
12:46 PM Regression #12961 (Resolved): CARP event storm when leaving persistent CARP maintenance mode: Hi,
this is a very weird issue so I will try my best to describe it. I think this is a regression that we are seei... Florian Apolloner
12:27 PM Bug #12960 (Resolved): VGA install defaults to serial as primary console when loading/saving admin GUI settings without making changes: When booting from a VGA installer such as the ISO or VGA USB memstick, the boot menu is set to Serial.
See attache... Jim Pingle
12:16 PM Feature #12702: Use consistent pf host ID and add GUI option to set a custom host ID in state synchronization settings: That's from #12703 and is fixed on snapshots later than what you're running. Upgrade and test again. Jim Pingle
12:13 PM Feature #12702: Use consistent pf host ID and add GUI option to set a custom host ID in state synchronization settings: Tested, from the patch, on both a single system and a HA pair all running... Christopher Cope
09:08 AM Feature #12702 (Feedback): Use consistent pf host ID and add GUI option to set a custom host ID in state synchronization settings: Changes merged, will be in snapshots soon for testing. Jim Pingle
11:26 AM Bug #12959 (Feedback): dhcplease process wrongly update host file if client-hostname is empty: I've activated "Register DHCP leases in DNS forwarder" option.
I case where one of my device requests an IP without ... Max Bal
10:38 AM pfSense Docs Todo #12958 (Closed): Feedback on Configuration — Advanced Configuration Options — Miscellaneous Tab: It's correct as it is. tmpfs uses regular RAM, space in RAM used by RAM disks means there is less RAM for other progr... Jim Pingle
09:58 AM pfSense Docs Todo #12958 (Closed): Feedback on Configuration — Advanced Configuration Options — Miscellaneous Tab: *Page:* https://docs.netgate.com/pfsense/en/latest/config/advanced-misc.html
*Feedback:*
re: https://docs.netgate... Steve Y
09:33 AM Bug #12957 (Resolved): Delete button is always active for NAT rules, even if no rules are selected: This is the same issue as #12871 but on all NAT pages instead of the rules page.
Port Forward, 1:1, Outbound, & NP... Christopher Cope
09:01 AM Feature #12675 (Feedback): Move command line history to a GUI option stored in ``config.xml`` rather than a manual flag file: I merged a fix for the option check and also added a GUI option when editing the user. Will be in snapshots soon. Jim Pingle
07:32 AM Feature #12675 (In Progress): Move command line history to a GUI option stored in ``config.xml`` rather than a manual flag file: Jim Pingle
07:30 AM Bug #12871 (Resolved): Some action buttons are always active for firewall rules, even if no rules are selected: This issue was just for the firewall rules page which is good now. The other pages should get a fresh Redmine issue i... Jim Pingle
05:28 AM Bug #12953 (Resolved): ESP description in IPsec phase 2 proposal help text is ambiguous: Tested against:... Danilo Zrenjanin
12:38 AM pfSense Packages Bug #12956: suricata fails to use pcre in SID management (e.g. dropsid.conf): Indeed, I've found the commit that caused the regression:
https://github.com/pfsense/FreeBSD-ports/commit/9d8801b498... Adam CM
12:31 AM pfSense Packages Bug #12956 (Resolved): suricata fails to use pcre in SID management (e.g. dropsid.conf): In suricata/suricata.inc, under "Test the SID token for the PCRE: keyword", the match for the regular expression will... Adam CM

03/17/2022

04:28 PM Bug #12871: Some action buttons are always active for firewall rules, even if no rules are selected: Tested on... Christopher Cope
02:03 PM Feature #12675 (New): Move command line history to a GUI option stored in ``config.xml`` rather than a manual flag file: The MR implemented the config setting/backend part but not the GUI option. And now if the user touches the file manua... Jim Pingle
01:06 PM Revision f14a50f8: Clarify ESP help text. Fixes #12953: Jim Pingle
12:38 PM Feature #12702 (Pull Request Review): Use consistent pf host ID and add GUI option to set a custom host ID in state synchronization settings: MR: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/675 Jim Pingle
10:00 AM Feature #12702 (In Progress): Use consistent pf host ID and add GUI option to set a custom host ID in state synchronization settings: Jim Pingle
11:05 AM Bug #12955 (Not a Bug): DHCP Leases not loading: This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
10:36 AM Bug #12955 (Not a Bug): DHCP Leases not loading: al cargar la pagina DHCP leases ipv4 y tras el minuto de espera del navegador sale el error de la imagen que adjunto
... Nicolas Torres Andrades
09:26 AM Bug #12829: Dummynet kernel module fails to load after upgrade.: See #12954 for Limiters failing to pass traffic.
That is not related to the dummynet kernel module being unavailab... Steve Wheeler
09:22 AM Bug #12830 (Closed): Traffic Shaper (Limiters) broken: This is now better understood. See: #12954 Steve Wheeler
09:19 AM Regression #12954 (Resolved): Traffic routed through DUMMYNET by PF fails when IPFW is enabled: If you have Limiters configured and are sending traffic through then using pf firewall rules that traffic can fail if... Steve Wheeler
08:10 AM Bug #12953 (Feedback): ESP description in IPsec phase 2 proposal help text is ambiguous: Changed wording to "Encapsulating Security Payload (ESP) performs encryption and authentication [...]"
Jim Pingle
05:43 AM Bug #12953 (Resolved): ESP description in IPsec phase 2 proposal help text is ambiguous: Under VPN>IPsec>Tunnels>Edit Phase 2 - Phase 2 Proposal (SA/Key Exchange), help text says:
"Encapsulating Security ... Danilo Zrenjanin
08:01 AM pfSense Packages Bug #12952 (Closed): After update to v. 22.01 DNS Resolver Custom Options for bypassing PfBlockerNG not working: I cannot reproduce any issues with views in the DNS resolver as described. It's possible there is a local issue in pf... Jim Pingle
03:45 AM pfSense Packages Bug #12952 (Closed): After update to v. 22.01 DNS Resolver Custom Options for bypassing PfBlockerNG not working: Immediately after updating PfSense+ on Netgate 7100 from v. 21.05.2 to 22.01 the bypass setting for PfBlockerNG sto... Thomas Kauders
07:57 AM Bug #12950: OpenVPN as default gateway does not get set at boot time: I can reproduce this on snapshots if I set an OpenVPN gateway as default directly, but there is a workaround.
Crea... Jim Pingle
07:32 AM Bug #12703 (Resolved): pf ``hostid`` value is handled inconsistently: This is good on the latest snapshot which was built after our recent upstream merge.... Jim Pingle
12:52 AM pfSense Packages Bug #12951 (Feedback): FRR cannot remove IPv6 routes: pfsense 2.6 system
frr log show:
2022/03/16 21:46:42 ZEBRA: [EC 100663303] kernel_rtm: 2606:2800:e004::/48: r... yon Liu

03/16/2022

06:39 PM Regression #12949: The ruleset is not regenerated after assigning an interface: Also seeing this in:... Steve Wheeler
06:17 PM Regression #12949: The ruleset is not regenerated after assigning an interface: I was able to reproduce this on 2.6 with a default config. Marcos M
06:14 PM Regression #12949: The ruleset is not regenerated after assigning an interface: Logs from a 2.5.2 VM where I reassigned WAN from em0 to vtnet0 and am able to login at the new IP imediately:... Steve Wheeler
05:44 PM Regression #12949 (Resolved): The ruleset is not regenerated after assigning an interface: In some circumstances the ruleset is not reloaded or regenerated after re-assigning an interface.
For example afte... Steve Wheeler
06:32 PM Bug #12950 (New): OpenVPN as default gateway does not get set at boot time: I have an OpenVPN gateway configured as my default gateway with a static route in place to ensure the VPN connects vi... James Chambers
02:37 PM Bug #12947: Old IPv6 addresses may continue to be used after DHCP or RA changes: I tried altering the script so it would fire during a renew with mixed success. Though I found another odd behavior. ... Jim Pingle
07:58 AM Bug #12947: Old IPv6 addresses may continue to be used after DHCP or RA changes: For that to trigger the client would have to fire the script during an event when the change occurs. It may not, but ... Jim Pingle
07:39 AM Bug #12947 (Feedback): Old IPv6 addresses may continue to be used after DHCP or RA changes: I recently started using T-Mobile 5G Home Internet. The gateway device you're required to use is almost completely un... David Myers
12:13 PM Feature #6626: Support for IPv6 firewall entries with dynamic delegated prefix and static host address: Thilo Gass wrote in #note-39:
> In https://redmine.pfsense.org/issues/12190 you find the information:
>
> Forma... Thilo Gass
11:38 AM pfSense Packages Bug #12948 (Resolved): IPsec Profile Wizard/Windows: Script generated for IKEv2 VPN using GCM does not use an optimal Phase 2 hash configuration: When mixing AE ciphers in a P2 with AEAD ciphers (e.g. AES with AES128-GCM), the wizard will generate a script with t... Marcos M
07:41 AM Bug #12946 (Duplicate): Unbound will not resolve long CNAME chains: Duplicate of #11595
We can't take on the technical debt that would come with carrying custom patches for this fore... Jim Pingle

03/15/2022

08:16 PM Revision 719da3ee: Remember dyn GW when if is down. Issue #12931: * When a dynamic interface goes down, retain its old gateway address in
a place we can read if if necessary
* When ... Jim Pingle
06:06 PM Bug #12946 (Duplicate): Unbound will not resolve long CNAME chains: This is relates to Bug #11595. Also documented with the Unbound team, https://github.com/NLnetLabs/unbound/issues/43... Steve Boyle
03:42 PM Feature #12945 (Resolved): Implement missing ipfw equivalents in libpfctl necessary for captiveportal: As indicated by Viktor Gurov:
> pfSense_ipfw_*() functions have been rewritten to use shell scripts, which is slow, ... Reid Linnemann
03:28 PM Feature #12931 (Feedback): Retain knowledge of previous dynamic gateway IP address when interface is down: Changes merged. Jim Pingle
03:23 PM Bug #12942 (In Progress): Code to kill states for old gateway when reconnecting an interface is incorrect: While this does work, it can be harsh and should be made optional if possible. A global option similar to the option ... Jim Pingle
02:57 PM pfSense Docs Correction #12944 (Closed): Hashtab no longer avaliable: Replaced HashTab with OpenHashTab: https://gitlab.netgate.com/docs/pfSense-docs/-/commit/9246ff1a5ea5df1b56186f1e3133... Jim Pingle
02:50 PM pfSense Docs Correction #12944 (In Progress): Hashtab no longer avaliable: Jim Pingle
02:49 PM pfSense Docs Correction #12944 (Closed): Hashtab no longer avaliable: At the following link we recommend Hashtab for Windows users, but they went out of business and for now it isn't avai... Christopher Cope
02:38 PM Revision 2e326e19: Enable /etc/rc.d/zfsbe support in pfSense-rc: Christian McDonald
10:12 AM pfSense Docs Todo #12158 (Closed): Feedback on Installing and Upgrading — Prepare Installation Media — Prepare a USB Memstick: This was fixed a while back, the linked page is just Etcher now. The page linked at the end with alternate techniques... Jim Pingle
10:04 AM pfSense Docs Todo #12704 (Closed): Add more HA DHCP troubleshooting info: Jim Pingle
07:32 AM Bug #12829: Dummynet kernel module fails to load after upgrade.: Lewis Smith wrote in #note-14:
> Luca De Andreis wrote in #note-13:
> > Hello everybody,
> >
> > I can confirm t... Luca De Andreis
07:14 AM Bug #12829: Dummynet kernel module fails to load after upgrade.: Luca De Andreis wrote in #note-13:
> Hello everybody,
>
> I can confirm that there are problems with PfSense 2.6.... Lewis Smith
07:18 AM Bug #12922: Classless static routes received on DHCP WAN can override chosen default gateway: I think there's a similar issue "here":https://github.com/pfsense/pfsense/blob/07fe3d3d60a61621171fbc0a1a5e42c1462fb5... David Myers
07:17 AM Bug #12943 (Duplicate): Routing bad if rename Alias destination network: Duplicate of #12727 Jim Pingle
01:16 AM Bug #12943 (Duplicate): Routing bad if rename Alias destination network: pfsense 2.5.2
Routing bad if rename Alias destination network
Create Alias for network destination routing
Creat... Aleks Bug
03:14 AM Bug #12941: Captive Portal on specific VLAN prevents routing to other networks (since 22.01): @jimp The suggested system patch successfully fixed the issue! Thank you. Lorenzo Marroccoli
02:35 AM pfSense Plus Feature #11732: Add VXLAN Support to pfSense Plus: Understand that VXLAN was supported but removed some time ago for not being enterprise ready.
From my understanding ... Reine Hålldin

Also available in: Atom

Project

General

Profile

pfSense

Activity

Activity

04/13/2022

04/12/2022

04/11/2022

04/10/2022

04/09/2022

04/08/2022

04/07/2022

04/06/2022

04/05/2022

04/04/2022

04/03/2022

04/02/2022

04/01/2022

03/31/2022

03/30/2022

03/29/2022

03/28/2022

03/27/2022

03/26/2022

03/25/2022

03/24/2022

03/23/2022

03/22/2022

03/21/2022

03/20/2022

03/19/2022

03/18/2022

03/17/2022

03/16/2022

03/15/2022