Activity

30 days up to

User

Subprojects

Activity

From 03/31/2022 to 04/29/2022

04/29/2022

06:20 PM Bug #13092: PPPoE WANs fail to reconnect after parameter negotiation failure: The subject is incorrect.
As stated in the TAC, after further analyzing additional cases it became clear that the du... David G
03:09 PM Bug #13092: PPPoE WANs fail to reconnect after parameter negotiation failure: Updating subject for release notes. Jim Pingle
07:45 AM Bug #13092 (Feedback): PPPoE WANs fail to reconnect after parameter negotiation failure: Applied in changeset commit:75363ea828a165b14de9c8e750a92378ecb4acbf. Viktor Gurov
07:27 AM Bug #13092 (Pull Request Review): PPPoE WANs fail to reconnect after parameter negotiation failure: Jim Pingle
01:38 AM Bug #13092: PPPoE WANs fail to reconnect after parameter negotiation failure: David G wrote in #note-6:
> The reported issue is known. The workaround is to add the following config.
>
> set b... Viktor Gurov
05:56 PM Revision 978ea085: pfSense: Utilize pf captiveportal funcs from php-pfSense - Feature #12945: linnemannr
03:49 PM Bug #6253 (Resolved): Firewall log widget action icon features stop working when new log entries are added dynamically: Tested and working as expected on... Christopher Cope
03:07 PM Bug #13083: Slack notification options only allow ``-`` as a special character in channel names: Updating subject for release notes. Jim Pingle
03:05 PM Bug #13099: Static routes to destinations at L2TP clients are not re-added after a client reconnects: Updating subject for release notes. Jim Pingle
03:03 PM Bug #12606: ``devd`` is not configured to act on USB interface attach/detach events: Updating subject for release notes. Jim Pingle
03:02 PM Feature #9393: Improved support for USB interfaces that may not always be present: Updating subject for release notes. Jim Pingle
03:00 PM Bug #12645: ``filterdns`` does not monitor remote IPsec gateways for IPv6 address changes: Updating subject for release notes. Jim Pingle
02:58 PM Bug #13097: PHP error when upgrading from before configuration revision 21.6, ``ipsec_create_vtimap()`` is undefined: Updating subject for release notes. Jim Pingle
02:34 PM Feature #12982: Add support for RFC7499 in RADIUS library.: Hello,
the support tech told me you guys wanted a packet capture. I assume that you need packet capture between the... Frank Lee
11:44 AM Bug #13102 (Resolved): Deleting an IPSec tunnel doesn't destroy the SA (SADs/SPDs), causes crash in status_ipsec.php: Viktor Gurov
08:33 AM Bug #13102: Deleting an IPSec tunnel doesn't destroy the SA (SADs/SPDs), causes crash in status_ipsec.php: tested on
22.05-DEVELOPMENT (amd64)
built on Fri Apr 22 06:22:18 UTC 2022
FreeBSD 12.3-STABLE
bug reproduced, pictu... Georgiy Tyutyunnik
06:36 AM Revision 75363ea8: Use mpd embedded bandwidth control to reconnect. Fixes #13092: Viktor Gurov
12:06 AM Regression #12834: Only TCP traffic is passed outbound through IPFW: Sorry Sir I duplicate the "Ipfw table all list" of after enabling the Captive Portal and the before enabling captive ... Aspiring Network Admin

04/28/2022

10:54 PM Bug #13092: PPPoE WANs fail to reconnect after parameter negotiation failure: The reported issue is known. The workaround is to add the following config.
set bundle period 6
set bundle lowat 0
s... David G
07:28 PM Bug #13092 (New): PPPoE WANs fail to reconnect after parameter negotiation failure: 'noretry' is no longer a valid bundle option in mpd5.... Steve Wheeler
07:58 PM Regression #12834: Only TCP traffic is passed outbound through IPFW: Hi Sir Reid thank you for the reply. This is my ipfw list and ipfw table all list before and after enabling and loggi... Aspiring Network Admin
03:24 PM Regression #12834: Only TCP traffic is passed outbound through IPFW: Aspiring Network Admin wrote in #note-13:
> Hi Sir may I ask if you already fixed this problem that you have on your... Reid Linnemann
05:59 PM Revision 94151cf2: store dnsmasq custom_options as base64: → luckman212
05:50 PM Revision 8dffcfd3: trim mac address when submitting: eases copy & paste which sometimes grabs a little extra whitespace
on either end -- previously caused input validatio... → luckman212
02:22 PM Feature #13109 (Pull Request Review): Trim whitespace from MAC addresses in user input: Jim Pingle
12:56 PM Feature #13109: Trim whitespace from MAC addresses in user input: PR: https://github.com/pfsense/pfsense/pull/4580 → luckman212
12:55 PM Feature #13109 (Resolved): Trim whitespace from MAC addresses in user input: Small patch to trim MAC address input on POST.
This eases copy & paste which sometimes grabs a little extra whites... → luckman212
01:53 PM Bug #1819: DNS Resolver Not Registering DHCP Server Specified Domain Name: Ondrej Sala wrote in #note-39:
> bump
> 11 years later and still no fix?
Allistah F wrote in #note-40:
> I just ran ... xander bron
01:17 PM Revision d90552c5: Destroy deleted/disabled IPsec SA. Fixes #13102: Viktor Gurov
12:44 PM Bug #13105 (Pull Request Review): DNS Forwarder custom options may fail after save/restore when options are only separated by newline: Jim Pingle
10:50 AM Bug #13105: DNS Forwarder custom options may fail after save/restore when options are only separated by newline: @jimp I submitted a PR: https://github.com/pfsense/pfsense/pull/4579 → luckman212
08:37 AM Feature #4259 (Feedback): Port forward NAT rules with "any" protocol: Merged:
https://github.com/pfsense/pfsense/commit/1aa4beab67da79d69df094771a4317279318227d Viktor Gurov
07:19 AM Feature #4259 (Pull Request Review): Port forward NAT rules with "any" protocol: Jim Pingle
02:57 AM Feature #4259: Port forward NAT rules with "any" protocol: Jim Pingle wrote in #note-11:
> This is causing a PHP error:
>
> [...]
fix:
https://gitlab.netgate.com/pfSens... Viktor Gurov
08:30 AM Bug #13102 (Feedback): Deleting an IPSec tunnel doesn't destroy the SA (SADs/SPDs), causes crash in status_ipsec.php: Applied in changeset commit:d90552c59e51fb13c712b6a96a51ca2462424156. Viktor Gurov
08:29 AM pfSense Packages Bug #13104 (Feedback): BIND: Unable to fetch namd root file: Merged:
https://github.com/pfsense/FreeBSD-ports/commit/3bc9ac8e64ba744212eda05ba190e544ef6d2d40 Viktor Gurov
07:13 AM pfSense Packages Bug #13104 (Pull Request Review): BIND: Unable to fetch namd root file: Jim Pingle
07:08 AM pfSense Packages Bug #13104: BIND: Unable to fetch namd root file: This corrects it in my test box. named starts at boot without error with that patch applied.
Steve Wheeler
03:37 AM pfSense Packages Bug #13104: BIND: Unable to fetch namd root file: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/224 Viktor Gurov
07:56 AM Revision 1aa4beab: Port Forward input validation fix. Issue #4259: Viktor Gurov
02:43 AM Bug #12649 (Feedback): Allowed IP/Hostname "Direction" option is never used: Implemented in #13100 Viktor Gurov

04/27/2022

09:34 PM Revision ad2a86ea: Captive Portal remove unused ipfw code. Todo #13100: Viktor Gurov
09:09 PM Revision 7c2468c5: Captive Portal ipfw->pf transition. Todo #13100: Viktor Gurov
08:50 PM Bug #13076: Marking a gateway as down does not affect IPsec entries using gateway groups: Tested on @22.05.a.20220426.1313@.
On a VTI P2 with keepalive checked and the P1 using a gateway group, I marked t... Marcos M
05:26 PM Revision a32a9530: add warning for menu option 14 when it might kill your connection: → luckman212
04:35 PM Todo #13100: Transition Captive Portal from IPFW to PF: remove unused ipfw code:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/751 Viktor Gurov
07:51 AM Todo #13100: Transition Captive Portal from IPFW to PF: see also:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/220 Viktor Gurov
03:57 PM pfSense Packages Bug #12933 (Resolved): Vulnerability in ClamAV Engine Used by Squid: pfSense 22.05 and pfSense-pkg-squid-0.4.45_8 uses clamav @0.104.2,1@ which is not affected. Marcos M
03:18 PM pfSense Docs Todo #13108: ZFS filesystem implications: This isn't a recent change in ZFS, as the /cf/conf dataset has been configured with the @exec@ property set to @off@ ... Jim Pingle
01:05 PM pfSense Docs Todo #13108 (Rejected): ZFS filesystem implications: One of the recent file system changes to the default ZFS install was to mount some things as 'noexec'.
This includes... Steve Wheeler
03:10 PM Revision 37e06c12: Fix error handling in pfanchordrill. Fixes #13106: Jim Pingle
02:51 PM Bug #13102 (Pull Request Review): Deleting an IPSec tunnel doesn't destroy the SA (SADs/SPDs), causes crash in status_ipsec.php: Jim Pingle
02:36 PM Bug #13102: Deleting an IPSec tunnel doesn't destroy the SA (SADs/SPDs), causes crash in status_ipsec.php: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/750 Viktor Gurov
06:47 AM Bug #13102 (Confirmed): Deleting an IPSec tunnel doesn't destroy the SA (SADs/SPDs), causes crash in status_ipsec.php: Viktor Gurov
02:26 PM pfSense Docs Correction #13107 (Resolved): Blacklists need to be revisited: Removed links to MESD and Shalla, both seem to be dead. Shalla shut down, the MESD link times out and never loads. I ... Jim Pingle
12:14 PM pfSense Docs Correction #13107 (Resolved): Blacklists need to be revisited: https://docs.netgate.com/pfsense/en/latest/packages/cache-proxy/squidguard.html#blacklist
Shallalist is dead, for ... Chris Linstruth
12:37 PM Revision 085ff94b: USB NIC handling improvements. Fixes #12606 #9393: Viktor Gurov
11:41 AM Bug #13105: DNS Forwarder custom options may fail after save/restore when options are only separated by newline: → luckman212 wrote in #note-8:
> Oh great idea! Only downside is losing the ability to see the data when directly vi... Jim Pingle
11:37 AM Bug #13105: DNS Forwarder custom options may fail after save/restore when options are only separated by newline: Oh great idea! Only downside is losing the ability to see the data when directly viewing the XML, but that's a very m... → luckman212
10:37 AM Bug #13105: DNS Forwarder custom options may fail after save/restore when options are only separated by newline: A reboot or restore couldn't "corrupt" this. A reboot doesn't alter the configuration. It could only change on save.
... Jim Pingle
10:31 AM Bug #13105: DNS Forwarder custom options may fail after save/restore when options are only separated by newline: @jimp As far as I can tell from looking at the code (and my experience as well) it only validates on SAVE, but not wh... → luckman212
09:35 AM Bug #13105: DNS Forwarder custom options may fail after save/restore when options are only separated by newline: → luckman212 wrote in #note-4:
> 2 other possible workarounds:
> - have each custom option in its own row, with an ... Jim Pingle
08:20 AM Bug #13105: DNS Forwarder custom options may fail after save/restore when options are only separated by newline: 2 other possible workarounds:
- have each custom option in its own row, with an "add row" button UI similar to def... → luckman212
07:39 AM Bug #13105: DNS Forwarder custom options may fail after save/restore when options are only separated by newline: The inconsistent handling of newlines in text boxes in browsers is one of the reasons the OpenVPN advanced options in... Jim Pingle
10:47 AM Feature #4259 (New): Port forward NAT rules with "any" protocol: This is causing a PHP error:... Jim Pingle
10:20 AM Regression #13106 (Feedback): ``pfanchordrill`` treating errors as anchor names: Applied in changeset commit:37e06c12873a4d5439dda3349e124d55b19cd3d0. Jim Pingle
10:09 AM Regression #13106 (Resolved): ``pfanchordrill`` treating errors as anchor names: The @pfanchordrill@ PHP playback script parses the output of the pf anchor list and uses it to recurse to find nested... Jim Pingle
08:35 AM pfSense Packages Bug #13098 (Feedback): HAProxy Virtual IP broken link under Frontend setup: PR has been merged.
Thank You!
https://github.com/pfsense/FreeBSD-ports/pull/1160/commits/d32312de35cecd94a77295... Viktor Gurov
07:33 AM pfSense Packages Bug #13098: HAProxy Virtual IP broken link under Frontend setup: Pull Request: https://github.com/pfsense/FreeBSD-ports/pull/1160 Chris Gunther
07:50 AM Feature #9393: Improved support for USB interfaces that may not always be present: Applied in changeset commit:085ff94b11a8f0f9eea7aaf0d1d2ff8347710d9c. Viktor Gurov
07:49 AM Feature #9393 (Feedback): Improved support for USB interfaces that may not always be present: Merged:
https://github.com/pfsense/pfsense/commit/085ff94b11a8f0f9eea7aaf0d1d2ff8347710d9c Viktor Gurov
07:50 AM Bug #12606: ``devd`` is not configured to act on USB interface attach/detach events: Applied in changeset commit:085ff94b11a8f0f9eea7aaf0d1d2ff8347710d9c. Viktor Gurov
07:49 AM Bug #12606 (Feedback): ``devd`` is not configured to act on USB interface attach/detach events: Merged:
https://github.com/pfsense/pfsense/commit/085ff94b11a8f0f9eea7aaf0d1d2ff8347710d9c Viktor Gurov
07:40 AM Bug #12645 (Feedback): ``filterdns`` does not monitor remote IPsec gateways for IPv6 address changes: Merged:
https://github.com/pfsense/pfsense/commit/95d74811193b4be8eb515b5dd13e963971f8de57 Viktor Gurov
06:32 AM Todo #12601 (Closed): Optimize fw rules load on boot: We need to run "pf" before DNS Resolver and other services so that they can work properly.
see 6103#note-2 for examp... Viktor Gurov
04:46 AM pfSense Packages Feature #12963: Run nmap scans in the background: Tested the package against:... Danilo Zrenjanin
04:20 AM Feature #13103: Warn the user if they attempt to disable SSH from the menu while connected through SSH: I tested the commit. It is pretty helpful and works as expected. Danilo Zrenjanin
04:07 AM pfSense Packages Bug #12891 (Resolved): Trailing space in Acme Account Keys "name" breaks UI functions: I tested against the 0.7.1_1 Acme version. It works as expected. I could edit, remove, and copy the account key with ... Danilo Zrenjanin
03:07 AM Bug #13086 (Resolved): Traffic shaper wizard rewrites Mbits to Kbits: Tested against the version below:... Danilo Zrenjanin
01:23 AM Bug #13083 (Resolved): Slack notification options only allow ``-`` as a special character in channel names: Tested against the version below:... Danilo Zrenjanin
01:14 AM Feature #2456 (Resolved): Option to choose default tab in IPsec status Dashboard widget: Tested against the version below:... Danilo Zrenjanin

04/26/2022

09:38 PM Feature #12687: Option to disable auto-addition of static routes for ``dpinger``: The OP's original concern also pops up when using a single physical WAN with multiple PPPoE sessions. Some ISPs allo... Kristopher Kolpin
09:04 PM Regression #12834: Only TCP traffic is passed outbound through IPFW: Hi Sir may I ask if you already fixed this problem that you have on your Captive Portal? We have the same problem and... Aspiring Network Admin
07:16 PM Bug #13105: DNS Forwarder custom options may fail after save/restore when options are only separated by newline: (I recently experienced this on 22.05 snaps, btw) → luckman212
07:14 PM Bug #13105 (Resolved): DNS Forwarder custom options may fail after save/restore when options are only separated by newline: Sometimes when saving DNS Forwarder (dnsmasq) config, the custom options data gets mangled (a newline is lost, so 2 c... → luckman212
06:52 PM pfSense Packages Bug #13104 (Resolved): BIND: Unable to fetch namd root file: Throws php error:... Steve Wheeler
06:41 PM Feature #13103: Warn the user if they attempt to disable SSH from the menu while connected through SSH: PR: https://github.com/pfsense/pfsense/pull/4578 → luckman212
06:40 PM Feature #13103 (Resolved): Warn the user if they attempt to disable SSH from the menu while connected through SSH: Believe it or not, I fat fingered "13" the other day and typed "14" instead when connected via SSH ... and hit "y" wh... → luckman212
04:27 PM Bug #13102 (New): Deleting an IPSec tunnel doesn't destroy the SA (SADs/SPDs), causes crash in status_ipsec.php: * Running 22.05.a.20220426.1313 on a Netgate 6100
* Not sure if this is a regression in 22.05 or an old bug.
Toda... → luckman212
04:19 PM Revision 1c04a6d4: Reload static routes on L2TP VPN client connect. Fixes #13099: Viktor Gurov
03:21 PM Revision 9dc881fd: Update config 215 to 216 fix. Issue #13097: Christopher Cope
03:08 PM Todo #13100: Transition Captive Portal from IPFW to PF: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/748 Viktor Gurov
12:33 PM Todo #13100 (Resolved): Transition Captive Portal from IPFW to PF: Implement Captive Portal ipfw->pf transition.
related issues: #12599 #12733 #12579 Viktor Gurov
12:53 PM Bug #13101 (Not a Bug): OpenVPN certificate validation fails: I can't reproduce this. TLS certs work fine as-is without any special changes.
This site is not for support or dia... Jim Pingle
12:47 PM Bug #13101 (Not a Bug): OpenVPN certificate validation fails: OpenVPN fails the validation on a certificate issued by pfSense as CA.
This is the error returned by OpenVPN on Verb... Massimo Vannucci
11:30 AM Bug #13099 (Feedback): Static routes to destinations at L2TP clients are not re-added after a client reconnects: Applied in changeset commit:1c04a6d44e03e2cc175b7af509f8f55eee55be82. Viktor Gurov
10:04 AM Bug #13099 (Pull Request Review): Static routes to destinations at L2TP clients are not re-added after a client reconnects: Jim Pingle
09:42 AM Bug #13099: Static routes to destinations at L2TP clients are not re-added after a client reconnects: original forum topic: https://forum.netgate.com/topic/171700/l2tp-%D1%82%D1%83%D0%BD%D0%BD%D0%B5%D0%BB%D1%8C-%D0%BD%D... Viktor Gurov
08:41 AM Bug #13099: Static routes to destinations at L2TP clients are not re-added after a client reconnects: similar to #10407, but server-side Viktor Gurov
08:40 AM Bug #13099 (Resolved): Static routes to destinations at L2TP clients are not re-added after a client reconnects: How to recreate:
* Create L2TP VPN
* Create a static route to the subnet behind L2TP VPN client
* Disconnect L2TP ... Viktor Gurov
10:22 AM Bug #13097 (Feedback): PHP error when upgrading from before configuration revision 21.6, ``ipsec_create_vtimap()`` is undefined: Fix merged.
New patch attached. Christopher Cope
10:20 AM Revision ddf61d2b: LDAP authentication extended query fix. Issue #13093: Viktor Gurov
08:50 AM pfSense Packages Bug #11693 (Feedback): IPv6 static routing fails: Merged:
https://github.com/pfsense/FreeBSD-ports/commit/095720f390905d462ce94dbb59af405da779acb1 Viktor Gurov
07:26 AM pfSense Packages Bug #11693 (Pull Request Review): IPv6 static routing fails: Jim Pingle
05:49 AM pfSense Packages Bug #11693: IPv6 static routing fails: correct syntax is @ipv6 route fc00:aaaa:bbbb::/64 fe80::290:bff:fe7c:5bb vtnet1@, not @ipv6 route fc00:aaaa:bbbb::/64... Viktor Gurov
07:07 AM Bug #13093: LDAP authentication fails with extended query and RFC2307 group lookups enabled: . Chris Linstruth
07:06 AM Bug #13093: LDAP authentication fails with extended query and RFC2307 group lookups enabled: ... Chris Linstruth
05:25 AM Bug #13093: LDAP authentication fails with extended query and RFC2307 group lookups enabled: I found an issue where the Extended query is always used, regardless of the "Enable extended query" checkbox:
https:... Viktor Gurov

04/25/2022

05:40 PM pfSense Packages Bug #13098 (Resolved): HAProxy Virtual IP broken link under Frontend setup: This was fixed in the haproxy-devel, but not the standard haproxy package under: https://redmine.pfsense.org/issues/1... Chris Gunther
04:23 PM Bug #13097: PHP error when upgrading from before configuration revision 21.6, ``ipsec_create_vtimap()`` is undefined: Attached a patch file with the changes from the merge request for testing. Christopher Cope
04:10 PM Bug #13097 (Pull Request Review): PHP error when upgrading from before configuration revision 21.6, ``ipsec_create_vtimap()`` is undefined: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/745/ Christopher Cope
01:07 PM Bug #13097: PHP error when upgrading from before configuration revision 21.6, ``ipsec_create_vtimap()`` is undefined: I thought we had a workaround in place for that but I'm not seeing it now.
The function in question could be copie... Jim Pingle
10:27 AM Bug #13097 (Resolved): PHP error when upgrading from before configuration revision 21.6, ``ipsec_create_vtimap()`` is undefined: In function upgrade_215_to_216() in /etc/inc/upgrade_config.inc:6411 there is a call to ipsec_create_vtimap()
This... Christopher Cope
03:10 PM Bug #1819: DNS Resolver Not Registering DHCP Server Specified Domain Name: Jim Pingle wrote in #note-35:
> Fixing this issue is nowhere near as simple as that patch implies. The DHCP server c... Allistah F
03:02 PM Bug #1819: DNS Resolver Not Registering DHCP Server Specified Domain Name: I just ran into this bug and couldn't figure out why this was happening. It's really unfortunate that this is still ... Allistah F
02:20 PM Revision 77fa7b29: Add no noretry to PPPoE mpd configuration. Fixes #13092: Viktor Gurov
02:19 PM Revision 80d6b1ba: Traffic Shaper Wizard bandwidth scale fix. Issue #13086: Viktor Gurov
01:25 PM Revision 7ef24f72: Fix typo. Issue #13076: Viktor Gurov
12:49 PM Bug #4500: UPnP/NAT-PMP status page does not display all port mappings: It's still possible to have multiple problems here. Though it may take some manual fiddling with upnpc and/or gupnp t... Jim Pingle
12:22 PM pfSense Packages Bug #13095 (Feedback): Snort VRT change in Shared Object Rules path name results in failure to extract and update Snort Shared Object Rules when enabled: PR merged, thanks! Jim Pingle
11:40 AM pfSense Packages Bug #13095: Snort VRT change in Shared Object Rules path name results in failure to extract and update Snort Shared Object Rules when enabled: Pull Requests https://github.com/pfsense/FreeBSD-ports/pull/1161 and https://github.com/pfsense/FreeBSD-ports/pull/11... Bill Meeks
09:43 AM pfSense Packages Bug #13095 (Feedback): Snort VRT change in Shared Object Rules path name results in failure to extract and update Snort Shared Object Rules when enabled: Apparently the Snort Vulnerability Research Team recently altered part of the path name inside the Snort Rules Update... Bill Meeks
12:22 PM pfSense Packages Feature #13096 (Feedback): Improve robustness of Snort Rules Update Log size limitation logic: PR merged, thanks! Jim Pingle
11:42 AM pfSense Packages Feature #13096: Improve robustness of Snort Rules Update Log size limitation logic: This feature has been implemented via changes included in Pull Requests https://github.com/pfsense/FreeBSD-ports/pull... Bill Meeks
09:47 AM pfSense Packages Feature #13096 (Feedback): Improve robustness of Snort Rules Update Log size limitation logic: Change the code for truncating the Snort Rules Update Log file when it exceeds the maximum configured size to be more... Bill Meeks
11:50 AM Bug #12691 (Feedback): Support encrypted ``config.xml`` files when restoring during install: Merged:
https://github.com/pfsense/FreeBSD-src/commit/0e4c152b7e44f36e5fbe59ef6a7611f8d50b9e51 Viktor Gurov
08:50 AM Bug #12691 (Pull Request Review): Support encrypted ``config.xml`` files when restoring during install: Jim Pingle
03:00 AM Bug #12691 (New): Support encrypted ``config.xml`` files when restoring during install: Jordan Greene wrote in #note-7:
> was able to successfully load password protected config.xml from flash drive by re... Viktor Gurov
11:45 AM Bug #13076 (Feedback): Marking a gateway as down does not affect IPsec entries using gateway groups: Merged:
https://github.com/pfsense/pfsense/commit/7ef24f72405be1af3e3d82bde4ca572e3462827d Viktor Gurov
08:53 AM Bug #13076 (Pull Request Review): Marking a gateway as down does not affect IPsec entries using gateway groups: Jim Pingle
08:26 AM Bug #13076 (New): Marking a gateway as down does not affect IPsec entries using gateway groups: small typo:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/744 Viktor Gurov
11:44 AM Bug #13086 (Feedback): Traffic shaper wizard rewrites Mbits to Kbits: Merged:
https://github.com/pfsense/pfsense/commit/80d6b1ba38f906b0960dca2c6f95df5cf9fda404 Viktor Gurov
08:50 AM Bug #13086 (Pull Request Review): Traffic shaper wizard rewrites Mbits to Kbits: Jim Pingle
03:41 AM Bug #13086 (New): Traffic shaper wizard rewrites Mbits to Kbits: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/743 Viktor Gurov
09:30 AM Bug #13092 (Feedback): PPPoE WANs fail to reconnect after parameter negotiation failure: Applied in changeset commit:77fa7b2937c0a14fc3d8db3058ff11db9e0210f2. Viktor Gurov
08:49 AM Bug #13092 (Pull Request Review): PPPoE WANs fail to reconnect after parameter negotiation failure: Jim Pingle
02:45 AM Bug #13092: PPPoE WANs fail to reconnect after parameter negotiation failure: see also https://forum.netgate.com/topic/37353/pppoe-reconenction-fix-mpd-fix-100
solution:
https://sourceforge.n... Viktor Gurov
08:36 AM Bug #7234 (Closed): ntpd overload during IPsec session without HW acceleration: Jim Pingle
08:35 AM Bug #6611 (Closed): Kernel panic when running PPPoE Server on tun/tap interface: Jim Pingle

04/24/2022

06:06 PM Feature #13094: Allow packet capture filtering in tagged packets: That works for me in all tested cases. Steve Wheeler
05:38 PM Feature #13094 (Pull Request Review): Allow packet capture filtering in tagged packets: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/741
Old behavior:
* No filter specified: vlan packets in... Marcos M
03:03 PM Feature #13094 (Closed): Allow packet capture filtering in tagged packets: Currently the host filtering options in the webgui packet capture do not match VLAN or QinQ tagged traffic.
It wou... Steve Wheeler
11:52 AM Feature #12819 (Resolved): GUI option to configure layers for LACP hash: Viktor Gurov
06:35 AM Feature #12819: GUI option to configure layers for LACP hash: While I agree this is a welcome feature addition it should not matter what the other side supports. This is for trans... Chris Linstruth
06:33 AM Feature #12819: GUI option to configure layers for LACP hash: Ran through the various settings. Looks good. All passed basic pings to another host across the lagg.... Chris Linstruth
11:05 AM Bug #13093 (Feedback): LDAP authentication fails with extended query and RFC2307 group lookups enabled: LDAP authentication fails with extended query and RFC2307 group lookups enabled
h2. With Extended Query On and RFC... Chris Linstruth

04/23/2022

08:57 PM Bug #13092: PPPoE WANs fail to reconnect after parameter negotiation failure: I've seen cases when the PPP client stops to retry re-establishing the connection within a minute after the outage st... David G
08:02 PM Bug #13092 (Resolved): PPPoE WANs fail to reconnect after parameter negotiation failure: Opened on behalf of TAC ticket 881570903.
After a six hour ISP outage, the service was restored but pfSense didn't... Chris W
06:09 PM Bug #12691: Support encrypted ``config.xml`` files when restoring during install: was able to successfully load password protected config.xml from flash drive by rerooting from the console menu with ... Jordan G
01:53 PM Bug #7234: ntpd overload during IPsec session without HW acceleration: Testing this on pfSense Plus 22.01, I'm unable to reproduce any NTP CPU locking on a single thread testing with or wi... Kris Phillips
01:49 PM Bug #6611: Kernel panic when running PPPoE Server on tun/tap interface: Since redmine 4510 no longer allows this, this should be marked as resolved. I have verified that OpenVPN interfaces... Kris Phillips
01:46 PM Bug #4500: UPnP/NAT-PMP status page does not display all port mappings: I'm unable to reproduce this on pfSense Plus 22.01 with my UPnP table. I'm assuming that with UI changes since 2.3 t... Kris Phillips
01:41 PM Bug #13003: Malicious Driver Detection event on ``ixl(4)`` driver: Christoph Vieten wrote in #note-2:
> Same happened on 2.6.0 with Intel x710-T4 multiple times now.
> Updating the n... Kris Phillips
12:17 PM Bug #13049 (Resolved): Empty ``negate_networks`` table breaks policy routing rules: Tested in systems which would and would not require negate_networks and it worked as expected. Marcos M
06:20 AM Bug #13048: Explicit PPPoE disconnect of a WAN Gateway Group member may not restore a default route: Can't recreate this issue on 22.01, failover working as expected, and default route changes every time if tier 1 goes... Lev Prokofev
02:52 AM Bug #13086: Traffic shaper wizard rewrites Mbits to Kbits: Yes, I replicated that. It's a minor cosmetic issue.
steps to reproduce:
 1. Run Traffic Shaper Wizards
 2. Cho... Danilo Zrenjanin

04/19/2022

09:11 PM Bug #13076: Marking a gateway as down does not affect IPsec entries using gateway groups: Restarting dpinger does not change the behavior - it still runs and packet loss stays at 0. Forcing it as down will a... Marcos M
09:02 PM Bug #13076 (Resolved): Marking a gateway as down does not affect IPsec entries using gateway groups: Tested on @22.05.a.20220419.0600@ and @22.01@.
Going into the gateway config and enabling @Mark Gateway as Down@ w... Marcos M
08:19 PM Bug #13069 (Resolved): Input validation for IPv6 addresses allows invalid address compression in some cases: Marcos M
08:09 PM Regression #12937 (New): Traffic Shaper wizard can produce an invalid ruleset when configured with an IPv4 upstream SIP server: The VOIP rules were created with the @Any@ interface. However, this error is back now:
> There were error(s) loadin... Marcos M
06:48 PM Bug #12763 (Resolved): VTI gateway status stuck as "pending" after reboot: Tested on 22.01 with both patches applied and on @22.05.a.20220419.0600@ with the second patch applied. The FQDN gate... Marcos M
10:20 AM Bug #12763 (Feedback): VTI gateway status stuck as "pending" after reboot: Applied in changeset commit:a41488ff8d8c7647dd93a20fb4d4e3ebd52c175f. Viktor Gurov
10:10 AM Bug #12763 (Pull Request Review): VTI gateway status stuck as "pending" after reboot: Jim Pingle
09:32 AM Bug #12763: VTI gateway status stuck as "pending" after reboot: Marcos Mendoza wrote in #note-10:
> Tested on @22.05.a.20220417.0600@. The FQDN VTI gateway remains pending after re... Viktor Gurov
05:38 PM pfSense Packages Bug #12933: Vulnerability in ClamAV Engine Used by Squid: Are there any updates on when this might be addressed? We are required to contact the "vendor" every 30 days to requ... Derek Andree
04:47 PM pfSense Plus Bug #13075 (Duplicate): Netgate 2100 IPsec S2S AES GCM and SafeXcel mbuf overload: Hello everyone,
i run into a mbuf overload after change the S2S Setting (Netgate 6100 – 2100) from AES256 to AES128-... Dennis H
04:05 PM Bug #12900: Clicking Save & Force Update on a Dynamic DNS entry results in a GUI timeout: Confirmed this is happening with 22.01 as well. Unclear if it is updating the record as well, but receiving the 504 e... Ryan Coleman
03:52 PM Revision 2d82d2e3: Restart L2TP VPN on interface IP change. Fixes #13066: Viktor Gurov
02:31 PM Revision a41488ff: Restart dpinger on boot if IPsec PH1 remote gateway is FQDN and PH2 mode is VTI. Fixes #12763: Viktor Gurov
01:25 PM Regression #13064 (Confirmed): Crash Report after saving any Interface configuration change: Marcos M
01:19 PM Regression #13064 (Resolved): Crash Report after saving any Interface configuration change: Edit: Bad test before. Still receiving the error after applying the patch:
> Fatal error: Uncaught Error: Call to und... Marcos M
01:16 PM Feature #13070: Allow auto prefix with manual prefix-length in NPt: The PD prefix changed so I tested this further. There's an issue currently; as is, a manual rule behaves differently ... Marcos M
12:24 PM pfSense Packages Feature #13063 (Feedback): Improve modem support: PR has been merged. Thanks! Viktor Gurov
12:14 PM pfSense Plus Bug #13074: AES-GCM with SafeXcel on Netgate 2100 causes MBUF overload: Reverting to AES-CBC with SHA384 in P1 and P2 works perfectly, even with SafeXcel enabled. Only seems to apply to AES... Chris S
12:10 PM pfSense Plus Bug #13074 (New): AES-GCM with SafeXcel on Netgate 2100 causes MBUF overload: Running IPSec tunnels on a Netgate 2100 with AES-GCM and SafeXcel enabled seem to cause an MBUF overload requiring a ... Chris S
11:00 AM Bug #13066 (Feedback): L2TP MPD configuration is not updated when a dynamic WAN IP address changes: Applied in changeset commit:2d82d2e37a6c0042a7afd74752d8a4fe3df3936d. Viktor Gurov
09:17 AM Regression #12827: High latency and packet loss during a filter reload: Mateusz Guzik wrote in #note-21:
> Huh, apologies for lack of updates.
>
> The issue is largely fixed for over 3 wee... Marcos M
04:55 AM Regression #12827: High latency and packet loss during a filter reload: Mateusz Guzik wrote in #note-21:
> Huh, apologies for lack of updates.
>
> The issue is largely fixed for over 3 ... Kevin Bentlage
04:24 AM Regression #12827: High latency and packet loss during a filter reload: Huh, apologies for lack of updates.
The issue is largely fixed for over 3 weeks now in the snapshots. If you can't i... Mateusz Guzik
03:15 AM Regression #12827: High latency and packet loss during a filter reload: Any updates on this? Kevin Bentlage
07:32 AM Feature #13072 (Pull Request Review): Matching background/font colors of queue values with dark theme.: Jim Pingle
05:38 AM pfSense Packages Bug #13073 (New): ClamAV - clamd dies with high CPU load and thus the C-ICAP of squid-reverse proxy causes http:500 errors: ClamAV - clamd dies with high CPU load and thus the C-ICAP of squid-reverse proxy causes http:500 errors
user-ag... Konrad Lanz

04/18/2022

08:28 PM Revision 303c51fc: Allow auto prefix with manual prefix-length in NPT. Implements #13070: Viktor Gurov
07:21 PM Revision 888646db: Ensure same type comparison. Fixes #13059: Marcos M
06:03 PM Feature #13072: Matching background/font colors of queue values with dark theme.: https://github.com/pfsense/pfsense/pull/4571 Zedful ☺
05:45 PM Feature #13072 (Pull Request Review): Matching background/font colors of queue values with dark theme.: Zedful ☺
06:02 PM Revision 08219be9: Fix IPsec SAD delete. Fixes #13071: Jim Pingle
03:36 PM Revision 810f1026: Do not restart IPv4 OpenVPN on IPv6 gateway events and vice versa. Fixes #13061: Viktor Gurov
03:35 PM Feature #13070 (Feedback): Allow auto prefix with manual prefix-length in NPt: Applied in changeset commit:303c51fc2351300c3b5586bea0b885ada6a3f3e5. Viktor Gurov
02:42 PM Feature #13070: Allow auto prefix with manual prefix-length in NPt: Thank you very much!! I'll have to wait for the dynamic prefix to change from the ISP to see how that goes, but testi... Marcos M
02:28 PM Feature #13070 (Pull Request Review): Allow auto prefix with manual prefix-length in NPt: Jim Pingle
02:20 PM Feature #13070: Allow auto prefix with manual prefix-length in NPt: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/726 Viktor Gurov
11:53 AM Feature #13070 (Resolved): Allow auto prefix with manual prefix-length in NPt: The current NPt functionality in 22.05 does not allow for overriding the prefix-length of an automatically tracked in... Marcos M
03:12 PM Revision 8a89c115: Reject multiple IPv6 compressions. Fixes #13069: Having :: in an IPv6 address more than once is not valid, even if it
expands to an unambiguous result. Jim Pingle
02:30 PM Regression #13059 (Feedback): Error when saving changes to a disabled OpenVPN client: Applied in changeset commit:888646db3ec871b014b16af5b4fbb2aced4693c3. Marcos M
01:47 PM Revision ac0c9910: Traffic Shaper Wizard VOIP rules fix. Issue #12937: Viktor Gurov
01:15 PM Bug #13071 (Feedback): Delete function for IPsec SAD entries on ``status_ipsec_sad.php`` does not work: Applied in changeset commit:08219be9c56250f998585a7aec7539efbe933952. Jim Pingle
01:04 PM Bug #13071 (Pull Request Review): Delete function for IPsec SAD entries on ``status_ipsec_sad.php`` does not work: MR to fix it: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/725 Jim Pingle
01:02 PM Bug #13071 (Resolved): Delete function for IPsec SAD entries on ``status_ipsec_sad.php`` does not work: The delete function for IPsec SAD entries on @status_ipsec_sad.php@ is not working due to a misplaced @usepost@ attri... Jim Pingle
12:07 PM Bug #13065: Domain override for home.arpa not working: Please keep the discussion on the forum -- this is not a platform for support. Jim Pingle
12:00 PM Bug #13065: Domain override for home.arpa not working: Can I provide logs here so they can be looked at and to start reproducing the issue on your end? I really don't have ... Kevin Mychal Ong
11:30 AM Bug #13065: Domain override for home.arpa not working: That's what I thought, which is why I was pretty convinced this is a "bug". I've exhausted all troubleshooting that I... Kevin Mychal Ong
11:17 AM Bug #13065: Domain override for home.arpa not working: There is no special handling for home.arpa except when the firewall's own domain is set to home.arpa -- the only plac... Jim Pingle
11:07 AM Bug #13065: Domain override for home.arpa not working: Yes, I know what you're sayingand they do match with the site's domain. There is 100% no conflict. The pfsense dhcp s... Kevin Mychal Ong
11:03 AM Bug #13065: Domain override for home.arpa not working: Check the *Domain* under *System > General Setup* , that should match whatever the domain for the site is, if it's @h... Jim Pingle
10:58 AM Bug #13065: Domain override for home.arpa not working: Jim,I'm not sure what you mean. All three of my sites are on their own local domain (not subdomain).
Site 1 = home.a... Kevin Mychal Ong
08:11 AM Bug #13065 (Not a Bug): Domain override for home.arpa not working: This is a settings issue, not a bug. Your firewall is almost certainly still set at the default hostname+domain of @p... Jim Pingle
11:10 AM Bug #11764: IPv6 link local gateway default status not indicated in GUI: Viktor Gurov wrote in #note-9:
> Daryl Morse wrote in #note-7:
> > I was running 2.7.0-dev up to around mid-January... Daryl Morse
10:50 AM Bug #13061 (Feedback): Gateway events for IPv6 affect IPv4 OpenVPN instances and vice versa: Applied in changeset commit:810f1026a07e75f8f582f85c5f6a63450b2d8a8e. Viktor Gurov
07:57 AM Bug #13061 (Pull Request Review): Gateway events for IPv6 affect IPv4 OpenVPN instances and vice versa: Jim Pingle
10:40 AM Bug #13069 (Feedback): Input validation for IPv6 addresses allows invalid address compression in some cases: Applied in changeset commit:8a89c11574e9db83b7cc5e11f2e83d40f42cf614. Jim Pingle
10:27 AM Bug #13069: Input validation for IPv6 addresses allows invalid address compression in some cases: Tested with the IP that broke it previously in different places e.g. alias, interface, vip, freeradius. All worked (r... Marcos M
10:15 AM Bug #13069 (Pull Request Review): Input validation for IPv6 addresses allows invalid address compression in some cases: MR: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/724
With the change in the MR, the results are as ... Jim Pingle
10:11 AM Bug #13069 (In Progress): Input validation for IPv6 addresses allows invalid address compression in some cases: Jim Pingle
09:52 AM Bug #13069 (Confirmed): Input validation for IPv6 addresses allows invalid address compression in some cases: Marcos sent me a different IPv6 string directly and that does validate when it should not, which I then used to check... Jim Pingle
08:18 AM Bug #13069: Input validation for IPv6 addresses allows invalid address compression in some cases: Same here, validation works fine in places I've tried it (e.g. alias content)
We will need a list of *specific* pa... Jim Pingle
06:15 AM Bug #13069 (Feedback): Input validation for IPv6 addresses allows invalid address compression in some cases: unable to reproduce - @is_ipaddrv6('fc00::5::1')@ returns false Viktor Gurov
10:35 AM Revision ef9522c6: Include pkg-utils.inc to interfaces.php. Fixes #13064: Viktor Gurov
09:10 AM Regression #12937: Traffic Shaper wizard can produce an invalid ruleset when configured with an IPv4 upstream SIP server: Is this at all related to https://redmine.pfsense.org/issues/13026 ? I am eager to have limiters working again on 22.... → luckman212
08:57 AM Regression #12937 (Feedback): Traffic Shaper wizard can produce an invalid ruleset when configured with an IPv4 upstream SIP server: Merged:
https://github.com/pfsense/pfsense/commit/ac0c991083b910d82fcc52ceb52718f5bc40d4de Viktor Gurov
08:20 AM Regression #12937 (Pull Request Review): Traffic Shaper wizard can produce an invalid ruleset when configured with an IPv4 upstream SIP server: Jim Pingle
07:39 AM Regression #12937 (New): Traffic Shaper wizard can produce an invalid ruleset when configured with an IPv4 upstream SIP server: Marcos Mendoza wrote in #note-13:
> Everything works except for:
> > Floating rules without a specific interface sh... Viktor Gurov
08:55 AM Regression #13064 (Feedback): Crash Report after saving any Interface configuration change: Applied in changeset commit:ef9522c62f79845432d47a7fe1e735373ec72a2e. Viktor Gurov
08:15 AM Regression #13064 (Pull Request Review): Crash Report after saving any Interface configuration change: Jim Pingle
05:36 AM Regression #13064: Crash Report after saving any Interface configuration change: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/722 Viktor Gurov
08:14 AM Bug #13066 (Pull Request Review): L2TP MPD configuration is not updated when a dynamic WAN IP address changes: Jim Pingle
05:29 AM Bug #13066: L2TP MPD configuration is not updated when a dynamic WAN IP address changes: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/721 Viktor Gurov
08:13 AM Feature #12714 (Resolved): Show ``Inactive`` for Hardware Crypto output instead of empty field on System Information dashboard widget when nothing can be accelerated: Jim Pingle
08:13 AM Feature #13023 (Resolved): DNS Resolver option to keep probing when servers are down: Jim Pingle
08:07 AM Feature #13010 (Resolved): Option to retain the existing serial number when renewing a CA or certificate: Christopher Cope wrote in #note-7:
> Tested on
> [...]
>
> and it works, but it doesn't prevent the user from re... Jim Pingle
08:06 AM pfSense Packages Feature #13063 (Pull Request Review): Improve modem support: Jim Pingle
08:02 AM Bug #13062 (Not a Bug): Interface Mistmatch on Hyper V: That is likely an issue in your hypervisor configuration or potentially something that needs adjusted in your setting... Jim Pingle
08:00 AM pfSense Packages Bug #10426 (Pull Request Review): Filer must validate that File name is uniq: Jim Pingle
05:32 AM pfSense Packages Feature #11531 (Resolved): Show netmap compatible cards in IPS Mode note: accidentally deleted comment from Jordan Green:
on pfSense + 22.05.a.20220416.0747/Suricata 6.0.4_1 warning now di... Viktor Gurov

04/17/2022

09:11 PM Bug #13069 (Resolved): Input validation for IPv6 addresses allows invalid address compression in some cases: Tested on @22.05.a.20220412.0600@.
There is no input validation for IPv6 addresses with multiple instances of the ... Marcos M
08:55 PM Bug #13068 (Resolved): Firewall rules fail to load when a URL table alias file does not exist: If the firewall is unable to fetch the contents of a @URL Table (IPs)@ alias that did not previously exist, PF will f... Marcos M
07:45 PM Bug #13067 (Resolved): Resolve interval for ``filterdns`` may not match the configured value: Tested on @22.05.a.20220417.0600@.
Tested with the feature from:
https://redmine.pfsense.org/issues/13057
The ... Marcos M
07:41 PM Feature #13057: GUI option for IPsec ``dns-interval`` setting: Tested on @22.05.a.20220417.0600@.
The interval is added correctly:
> root 62793 0.0 0.3 12140 2784 - Is ... Marcos M
06:08 PM Bug #12763 (Confirmed): VTI gateway status stuck as "pending" after reboot: Tested on @22.05.a.20220417.0600@. The FQDN VTI gateway remains pending after reboot. Marcos M
05:52 PM Feature #12714: Show ``Inactive`` for Hardware Crypto output instead of empty field on System Information dashboard widget when nothing can be accelerated: Hardware crypto on the dashboard shows "Inactive" if AES-NI is disabled and the accelerated algorithms if it is activ... Chris Linstruth
05:49 PM Regression #12937: Traffic Shaper wizard can produce an invalid ruleset when configured with an IPv4 upstream SIP server: Everything works except for:
> Floating rules without a specific interface should be created with the Any interface ... Marcos M
05:41 PM Feature #13023: DNS Resolver option to keep probing when servers are down: After updating to today's snapshot:
1. The Keep probing advanced option was present
2. The Keep probing advanced ... Chris Linstruth
04:06 PM Feature #4881: Allow NPt to use dynamic IPv6 networks: I've seen the following from ISPs, both of which have some caveats in the current 22.05 NPt implementation:
*Dynamic... Marcos M
04:04 PM Feature #4881: Allow NPt to use dynamic IPv6 networks: L J wrote in #note-30:
> It is also not working to assign the ULA with a virtual IP to the LAN interface because the... Marcos M
11:31 AM pfSense Plus Bug #12974: Typing anything into 1100/2100 recovery installer causes process to stop: Kris Phillips wrote in #note-3:
> Ryan Coleman wrote in #note-2:
> > Kris Phillips wrote in #note-1:
> > > I'm no... Ryan Coleman
05:45 AM Bug #13066 (Resolved): L2TP MPD configuration is not updated when a dynamic WAN IP address changes: After an provider based change of the WAN IP the L2TP server is still listening on the OLD WAN IP.
The IP changed ... Nico Schmidt

04/16/2022

06:08 PM Bug #11416 (Resolved): OpenVPN IPv4 Tunnel Network incorrectly allows hostnames: Fixed
the host address will be changed to be the the network address in IPv4 Tunnel Network.
I entered 10.0.8... Alhusein Zawi
05:31 PM Bug #13055 (Resolved): The ``negate_networks`` table is not updated when an OpenVPN server is deleted: Alhusein Zawi
05:29 PM Bug #13055: The ``negate_networks`` table is not updated when an OpenVPN server is deleted: fixed
negate_networks table deleted openvpnnetwork without filter reload or rebooting.
2.7.0.a.20220416.06... Alhusein Zawi
11:49 AM Bug #13065 (Not a Bug): Domain override for home.arpa not working: When I setup a domain override for home.arpa to use the DNS Resolver on the remote wireguard node, unbound does not e... Kevin Mychal Ong
09:14 AM Bug #12870: Clicking Save & Force Update on a Dynamic DNS entry results in a GUI timeout: Logs is the same reply from Danilo Zrẹnanin. Please check ! Hong Duong Pham
08:37 AM Bug #12750 (Resolved): Input validation prevents configuring wildcard Dynamic DNS records on GoDaddy: Tested on the version below:... Danilo Zrenjanin
05:07 AM pfSense Packages Feature #13063: Improve modem support: https://github.com/pfsense/FreeBSD-ports/pull/1159 Konstantinos Kondylis
02:27 AM pfSense Packages Feature #13063 (Resolved): Improve modem support: Cellular package currently supports two Huawei modems and Simcom.
It creates symbolic links for data and control por... Konstantinos Kondylis
04:51 AM pfSense Packages Bug #12739 (Resolved): Passlist generates invalid Virtual IP subnets: Tested against:... Danilo Zrenjanin
04:15 AM Bug #12763: VTI gateway status stuck as "pending" after reboot: Tested the patch against the version below:... Danilo Zrenjanin
03:18 AM Bug #12790 (Resolved): Link-Local IPv6 address on WAN with MAC spoofing changes if there is an IP Alias on WAN: Tested with version below:... Danilo Zrenjanin
02:55 AM Regression #13064 (Resolved): Crash Report after saving any Interface configuration change: ... Danilo Zrenjanin

04/15/2022

08:40 PM Bug #12878: Traffic shaping by interface, route queue bandwidth inbound, out by a large factor.: Blake,
What model of device are you running? The redmine is stated it's for arm64. What type of NICs? Can you p... Kris Phillips
08:38 PM Bug #12870: Clicking Save & Force Update on a Dynamic DNS entry results in a GUI timeout: Hong Duong Pham wrote in #note-5:
> But when you disconnect the converter or renew the public IP, the IP was not upd... Kris Phillips
08:35 PM pfSense Plus Bug #12974: Typing anything into 1100/2100 recovery installer causes process to stop: Ryan Coleman wrote in #note-2:
> Kris Phillips wrote in #note-1:
> > I'm not able to reproduce this. What serial ... Kris Phillips
08:29 PM Bug #13014: Deadlock in Charon VICI interface: Someone with this issue:
If you could please run:
ps aux | grep charon
Output should look something like this... Kris Phillips
06:44 PM Bug #13062 (Not a Bug): Interface Mistmatch on Hyper V: Hello,
I just did the ugprade to 2.6.0 and received the error "Network Interface mismatch". It looks like it cant ... Brad Sterner
06:03 PM pfSense Packages Bug #10426: Filer must validate that File name is uniq: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/214 Christopher Cope
05:26 PM Feature #13057 (Resolved): GUI option for IPsec ``dns-interval`` setting: "FQDN Endpoints Resolve Interval" is added to IPsec Advanced Settings
2.7.0.a.20220415.0600
Alhusein Zawi
02:54 PM pfSense Packages Bug #12338: RRD Summary does not report data on 3100: Same issue on a 3100 Alan Wilson
12:50 PM Bug #12794 (Resolved): Link-local address does not reset after removing MAC address spoofing: Tested against:... Danilo Zrenjanin
12:37 PM Feature #13010: Option to retain the existing serial number when renewing a CA or certificate: Tested on... Christopher Cope
11:16 AM pfSense Packages Feature #12795 (Resolved): Add *.pfsense.org and *.netgate.com to the default DNSBL whitelist: Tested on 3.1.0_4
in... Christopher Cope
01:52 AM Bug #3132: Gateway events for IPv6 affect IPv4 services and vice versa: OpenVPN redmine issue: #13061 Viktor Gurov
01:52 AM Bug #13061: Gateway events for IPv6 affect IPv4 OpenVPN instances and vice versa: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/720 Viktor Gurov
01:36 AM Bug #13061 (Resolved): Gateway events for IPv6 affect IPv4 OpenVPN instances and vice versa: When a gateway of a specific type has an event, OpenVPN instaces on the interface are restarted, rather than just tho... Viktor Gurov

04/14/2022

03:51 PM Revision 7c97240f: Do not restart IPv4 IPsec on IPv6 gateway events and vice versa. Issue #3132: Viktor Gurov
03:51 PM Revision 9e42e2f7: WebGUI option for IPsec <dns-interval> option. Feature #13057: Viktor Gurov
01:39 PM Revision 528e53e8: Encode alias URL before display. Fixes #13060: (cherry picked from commit ac6e07b50d1f72d689eee3ad16427c975482adc3) Jim Pingle
01:36 PM Revision ac6e07b5: Encode alias URL before display. Fixes #13060: Jim Pingle
12:51 PM Bug #12763: VTI gateway status stuck as "pending" after reboot: Updating subject for release notes. Jim Pingle
12:50 PM Bug #3132 (In Progress): Gateway events for IPv6 affect IPv4 services and vice versa: I wouldn't mark the whole issue Feedback as it's only partially implemented. Would be better to make a separate Redmi... Jim Pingle
11:25 AM Bug #3132 (Feedback): Gateway events for IPv6 affect IPv4 services and vice versa: Merged:
https://github.com/pfsense/pfsense/commit/7c97240f1a37b06ba13b31c372c8aec29d6449b7 Viktor Gurov
05:05 AM Bug #3132: Gateway events for IPv6 affect IPv4 services and vice versa: IPsec service fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/718
it's better to have a separate... Viktor Gurov
12:48 PM Bug #13055: The ``negate_networks`` table is not updated when an OpenVPN server is deleted: Updating subject for release notes. Jim Pingle
12:48 PM Bug #13049: Empty ``negate_networks`` table breaks policy routing rules: Updating subject for release notes. Jim Pingle
12:47 PM Bug #12975: IKEv2 Mobile IPsec clients do not receive ``INTERNAL_DNS_DOMAIN`` (value ``25``) attribute: Updating subject for release notes. Jim Pingle
11:24 AM Feature #13057 (Feedback): GUI option for IPsec ``dns-interval`` setting: Merged:
https://github.com/pfsense/pfsense/commit/9e42e2f74060d5a71d98123715f21687444ff165 Viktor Gurov
09:20 AM Feature #13057 (Pull Request Review): GUI option for IPsec ``dns-interval`` setting: Jim Pingle
04:10 AM Feature #13057: GUI option for IPsec ``dns-interval`` setting: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/717 Viktor Gurov
08:45 AM Bug #13060 (Feedback): Potential XSS from URL and URL Table alias URLs: Applied in changeset commit:ac6e07b50d1f72d689eee3ad16427c975482adc3. Jim Pingle
08:35 AM Bug #13060 (Resolved): Potential XSS from URL and URL Table alias URLs: The URL from a URL or URL Table type alias is not sanitized before display on @firewall_alias.php@, which can potenti... Jim Pingle

04/13/2022

01:43 PM Revision 58e89ea1: Skip IPsec VTI interface if remote FQDN gateway is not resolved. Issue #12763: Viktor Gurov
12:27 PM Regression #13059 (Pull Request Review): Error when saving changes to a disabled OpenVPN client: Jim Pingle
11:24 AM Regression #13059: Error when saving changes to a disabled OpenVPN client: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/716 Marcos M
09:05 AM Regression #13059 (Resolved): Error when saving changes to a disabled OpenVPN client: When enabling a previously disabled OpenVPN client the following PHP error is reported:... Steve Wheeler
10:27 AM Bug #12763 (Feedback): VTI gateway status stuck as "pending" after reboot: Merged:
https://github.com/pfsense/pfsense/commit/58e89ea1a6c54d46a2322ebf574f78db4e4285a9 Viktor Gurov
08:25 AM Bug #12763 (Pull Request Review): VTI gateway status stuck as "pending" after reboot: Jim Pingle
06:13 AM Bug #12763: VTI gateway status stuck as "pending" after reboot: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/715 Viktor Gurov
08:30 AM Regression #13056 (Not a Bug): OpenVPN ``remote_cert_tls`` option does not behave correctly when enabled and later disabled: That setting won't prevent clients from connecting on auth-only VPNs. There must be something else happening in your ... Jim Pingle
04:23 AM Regression #13056 (Resolved): OpenVPN ``remote_cert_tls`` option does not behave correctly when enabled and later disabled: I have a OpenVPN server running on a pfsense with version 22.01 for some month now.
Multiple clients connect to the ... Thorsten Zitterell
08:25 AM Bug #13055 (Feedback): The ``negate_networks`` table is not updated when an OpenVPN server is deleted: Applied in changeset commit:172452a43c4a530cd3340767acd54409e62a7734. Viktor Gurov
08:12 AM Bug #13055 (Pull Request Review): The ``negate_networks`` table is not updated when an OpenVPN server is deleted: Jim Pingle
02:16 AM Bug #13055: The ``negate_networks`` table is not updated when an OpenVPN server is deleted: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/714 Viktor Gurov
02:13 AM Bug #13055 (Resolved): The ``negate_networks`` table is not updated when an OpenVPN server is deleted: When deleting an OpenVPN Server, a filter reload is not triggered and hence the @negate_networks@ table is not update... Viktor Gurov
08:24 AM Feature #13057: GUI option for IPsec ``dns-interval`` setting: It is a "hidden" config option to let users choose how often to re-resolve FQDN endpoints for IPsec. Users could manu... Jim Pingle
05:41 AM Feature #13057 (Resolved): GUI option for IPsec ``dns-interval`` setting: @$ipseccfg['dns-interval']@ is never defined and looks like legacy code/refactoring error.
https://github.com/pfse... Viktor Gurov
08:05 AM Todo #13058 (New): Add static routes and directly connected networks back to policy route negation rules: The @negate_networks@ list for automatic policy route negation rules used to include VPNs, static routes, and directl... Jim Pingle
08:00 AM Todo #13052 (Rejected): Consolidate vpn_networks and negate_networks tables: It may have changed over time but negate_networks used to include VPNs, static routes, and directly connected network... Jim Pingle
02:14 AM Todo #13052: Consolidate vpn_networks and negate_networks tables: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/713
Marcos Mendoza wrote:
>
> Side note: Wh... Viktor Gurov
07:15 AM Revision 172452a4: Reload filter on OpenVPN instance delete. Fixes #13055: Viktor Gurov

04/12/2022

03:04 PM Feature #13054 (Resolved): Package plugin hook for web server configuration stanzas: Packages may potentially need to add server and location blocks to the web server configuration for various reasons. ... Jim Pingle
01:47 PM Revision 318714cb: Restart services on interface configuration changes. Todo #12619: Viktor Gurov
01:45 PM Revision 415a1b20: Do not create negate rules if <negate_networks> is empty. Fixes #13049: Viktor Gurov
11:49 AM pfSense Packages Bug #13053 (Closed): LoopiaAPI error handling: In the latest package for ACME the update for LoopiaAPI introduced some code that is incompatible with FreeBSD. This ... Christopher Cope
10:16 AM Revision 5f5f71cc: IPSec IKEv2 Mobile INTERNAL_DNS_DOMAIN (value 25) attribute. Fixes #12975: Viktor Gurov
09:59 AM Todo #13052 (Rejected): Consolidate vpn_networks and negate_networks tables: It seems currently that both @vpn_networks@ and @negate_networks@ end up with the same content.... Marcos M
09:25 AM Todo #13042 (Resolved): Remove code references to unused ``reset`` parameter from traffic shaper pages: Marcos M
09:20 AM Bug #13048 (Feedback): Explicit PPPoE disconnect of a WAN Gateway Group member may not restore a default route: Merged:
https://github.com/pfsense/pfsense/commit/318714cb33435017fcf05a052c80b5193a62a931 Viktor Gurov
08:16 AM Bug #13048 (Pull Request Review): Explicit PPPoE disconnect of a WAN Gateway Group member may not restore a default route: Jim Pingle
05:07 AM Bug #13048: Explicit PPPoE disconnect of a WAN Gateway Group member may not restore a default route: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/710 Viktor Gurov
09:19 AM Todo #12619 (Feedback): Restart services on interface changes: Merged:
https://github.com/pfsense/pfsense/commit/318714cb33435017fcf05a052c80b5193a62a931 Viktor Gurov
08:10 AM Todo #12619 (Pull Request Review): Restart services on interface changes: Jim Pingle
04:10 AM Todo #12619: Restart services on interface changes: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/710 Viktor Gurov
08:55 AM Bug #13049 (Feedback): Empty ``negate_networks`` table breaks policy routing rules: Applied in changeset commit:415a1b2083228030f200c8ea0eac3a8fc91f7142. Viktor Gurov
08:11 AM Bug #13049 (Pull Request Review): Empty ``negate_networks`` table breaks policy routing rules: Jim Pingle
04:25 AM Bug #13049: Empty ``negate_networks`` table breaks policy routing rules: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/711 Viktor Gurov
08:55 AM Bug #12975 (Feedback): IKEv2 Mobile IPsec clients do not receive ``INTERNAL_DNS_DOMAIN`` (value ``25``) attribute: Applied in changeset commit:5f5f71cc01788f8b2f9412c4019340e532fa84ff. Viktor Gurov
08:15 AM Bug #12975 (Pull Request Review): IKEv2 Mobile IPsec clients do not receive ``INTERNAL_DNS_DOMAIN`` (value ``25``) attribute: Jim Pingle
05:17 AM Bug #12975: IKEv2 Mobile IPsec clients do not receive ``INTERNAL_DNS_DOMAIN`` (value ``25``) attribute: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/712
see https://www.rfc-editor.org/rfc/rfc8598.html Viktor Gurov
07:41 AM pfSense Packages Bug #13050 (Feedback): ACME update EasyDNS inline api sign-up link: PR merged, thanks! Jim Pingle
02:39 AM pfSense Packages Bug #13050: ACME update EasyDNS inline api sign-up link: Pull Request: https://github.com/pfsense/FreeBSD-ports/pull/1156 Rowan Moul
02:37 AM pfSense Packages Bug #13050 (Resolved): ACME update EasyDNS inline api sign-up link: The inline api key sign-up link for EasyDNS points to a legacy page, giving the impression that the integration is ou... Rowan Moul
07:03 AM Bug #13051 (New): Firewall traffic shaper by interface selection unknow: when selected a que in Firewall/ Traffic Shaper/By Interface nothing in side hierarchy is highlighted to show what qu... Michael Kellogg

04/11/2022

09:20 PM Todo #13042: Remove code references to unused ``reset`` parameter from traffic shaper pages: For reference, the code was added here:
https://github.com/pfsense/pfsense/commit/4f335a1be02c95e183efdddd7e2d7610a0... Marcos M
09:08 AM Todo #13042 (Feedback): Remove code references to unused ``reset`` parameter from traffic shaper pages: PR Merged, commit:d0af588d4fae0632c70a32beecc2aaf4110dacd1 Jim Pingle
08:51 AM Todo #13042 (Resolved): Remove code references to unused ``reset`` parameter from traffic shaper pages: small PR to remove some old code that is no longer referenced
see https://github.com/pfsense/pfsense/pull/4568 and... → luckman212
08:01 PM Revision ab7ad5f9: Option to keep serial f/renew cert Fixes #13010: Defaults to keep serial for CA but not for certs. Jim Pingle
07:59 PM Bug #13049 (Resolved): Empty ``negate_networks`` table breaks policy routing rules: When @negate_networks@ is empty, is effectively behaves the same as @any@. In cases where the @negate_networks@ table... Marcos M
07:10 PM Bug #13048 (Resolved): Explicit PPPoE disconnect of a WAN Gateway Group member may not restore a default route: (This is a rewording of Bug #13035)
Tier 1 of a Gateway Group is a PPPoE interface.
Tier 2 of the same Gateway Gr... Serge Caron
05:56 PM Revision 25df45db: Traffic Shaper wizard minor fixes. Issue #12937: Viktor Gurov
05:42 PM Bug #13035: No default route following WAN Gateway Group PPPoE member failure: The results of the test are simple: Gateway failover occurs if the PPPoE gateway goes down (ie., removing the interne... Serge Caron
03:28 PM Feature #13023: DNS Resolver option to keep probing when servers are down: Updating subject for release notes. Jim Pingle
03:28 PM Regression #12862: Some ``sysctl`` OIDs in ``loader.conf.local`` are silently removed: Updating subject for release notes. Jim Pingle
09:26 AM Regression #12862: Some ``sysctl`` OIDs in ``loader.conf.local`` are silently removed: Jordan Greene wrote in #note-4:
> Running 22.05.a.20220402.0600 on the 1100, kern.ipc.nmbclusters is not present in ... Viktor Gurov
03:22 PM Bug #12790: Link-Local IPv6 address on WAN with MAC spoofing changes if there is an IP Alias on WAN: Updating subject for release notes. Jim Pingle
03:11 PM Feature #12522: More GUI options for OpenVPN Client-Specific Overrides: A last note: the changes are very conservative and follow the code / layout of vpn_openvpn_server.php code
- One of ... Phil Wardt
04:09 AM Feature #12522: More GUI options for OpenVPN Client-Specific Overrides: I pushed the full changes with the actions set in openvpn.inc. That was the easier part as most of them were already ... Phil Wardt
03:10 PM Feature #13010 (Feedback): Option to retain the existing serial number when renewing a CA or certificate: Applied in changeset commit:ab7ad5f95edd943278d311f9daf5208c02cce9d0. Jim Pingle
03:06 PM Feature #13010 (In Progress): Option to retain the existing serial number when renewing a CA or certificate: Adding the GUI option to retain the serial on renew was simple, so I took that route. The other change seems to be a ... Jim Pingle
02:01 PM Revision 621a9b07: Merge pull request #4568 from luckman212/cruft-removal-1: Jim Pingle
01:20 PM pfSense Packages Bug #12948 (Feedback): IPsec Profile Wizard/Windows: Script generated for IKEv2 VPN using GCM does not use an optimal Phase 2 hash configuration: Merged Viktor Gurov
10:28 AM pfSense Packages Bug #12948 (Pull Request Review): IPsec Profile Wizard/Windows: Script generated for IKEv2 VPN using GCM does not use an optimal Phase 2 hash configuration: Jim Pingle
09:55 AM pfSense Packages Bug #12948: IPsec Profile Wizard/Windows: Script generated for IKEv2 VPN using GCM does not use an optimal Phase 2 hash configuration: fix:
https://gitlab.netgate.com/pfSense/factory-ports/-/merge_requests/51 Viktor Gurov
01:05 PM Regression #12937 (Feedback): Traffic Shaper wizard can produce an invalid ruleset when configured with an IPv4 upstream SIP server: Merged:
https://github.com/pfsense/pfsense/commit/25df45db811c713ee0893c03b535142780c14bca Viktor Gurov
08:23 AM Regression #12937 (Pull Request Review): Traffic Shaper wizard can produce an invalid ruleset when configured with an IPv4 upstream SIP server: Jim Pingle
08:13 AM Regression #12937: Traffic Shaper wizard can produce an invalid ruleset when configured with an IPv4 upstream SIP server: Marcos Mendoza wrote in #note-8:
>
> Additionally:
> * Using the @Penalty Box@ option results in a floating rule ... Viktor Gurov
12:55 PM pfSense Packages Bug #12916: pfBlockerNG-devel cron job does not trigger xmlrpc sync: fix:
https://github.com/pfsense/FreeBSD-ports/pull/1158 Viktor Gurov
11:58 AM pfSense Packages Bug #13047: Firewall rules on WireGuard interfaces ignored, state counters not updating and always show 0/0: Thanks, just tested on snapshots and I can confirm this works as expected on 22.05 snapshots. It does not appear to w... Adam Goldberg
11:54 AM pfSense Packages Bug #13047: Firewall rules on WireGuard interfaces ignored, state counters not updating and always show 0/0: I can't reproduce that here on snapshots. I have no group rules, only rules on assigned WG interfaces. Traffic passes... Jim Pingle
11:50 AM pfSense Packages Bug #13047: Firewall rules on WireGuard interfaces ignored, state counters not updating and always show 0/0: This likely needs to be re-opened. Even with the group rule removed and also disabled, interface rules are ignored.
Adam Goldberg
10:22 AM pfSense Packages Bug #13047 (Not a Bug): Firewall rules on WireGuard interfaces ignored, state counters not updating and always show 0/0: Group rules (such as the WireGuard tab) are processed before per-interface rules. Assigned WireGuard interfaces are s... Jim Pingle
10:08 AM pfSense Packages Bug #13047 (Not a Bug): Firewall rules on WireGuard interfaces ignored, state counters not updating and always show 0/0: Firewall rules added to "WireGuard" are processed, but rules added to specific interfaces are ignored.
This issue... Adam Goldberg
10:33 AM pfSense Plus Bug #13041: DNS resolution of internal network names when logged in via OpenVPN requires workaround: > So is the hypothesis that restarting the DNS resolver would effectively address the issue? I can test that.
I r... Fred Dushin
10:27 AM pfSense Plus Bug #13041: DNS resolution of internal network names when logged in via OpenVPN requires workaround: Viktor Gurov wrote in #note-1:
> may be related to #12991
Interesting. So is the hypothesis that restarting the ... Fred Dushin
10:22 AM pfSense Plus Bug #13041: DNS resolution of internal network names when logged in via OpenVPN requires workaround: may be related to #12991 Viktor Gurov
07:36 AM pfSense Plus Bug #13041 (Closed): DNS resolution of internal network names when logged in via OpenVPN requires workaround: A number of us on the forums have discovered that when logged in via OpenVPN, DNS resolution of internal names on the... Fred Dushin
09:50 AM Bug #13046 (New): Floating rule applied to IPv6 interface with a SLAAC DHCPv6 gateway reports error on boot: Running PfSense Plus 22.02. Creating a floating rule targeting IPv6 traffic on a WAN interface with a default gateway... Adam Goldberg
09:49 AM Bug #13040: Build failed pfsense source code: Jim Pingle wrote in #note-2:
> Snapshots are building OK from that code, must be something in your environment.
H... Martin Filla
07:32 AM Bug #13040 (Rejected): Build failed pfsense source code: Snapshots are building OK from that code, must be something in your environment.
Jim Pingle
09:40 AM pfSense Packages Bug #13045 (New): Firewall floating rules ignore WireGuard traffic: When adding a floating rule to apply a limiter targeting traffic on a WireGuard interface, the rule is ignored.
Ad... Adam Goldberg
09:19 AM pfSense Packages Feature #13044 (New): Customized reporting: Status >> Email Reports
Request: The ability to create custom reporting so that columns and headers can be part of... Mike Moore
09:15 AM pfSense Packages Bug #13043 (New): OSPF over Wireguard interface doesn't populate neighbors after reboot: Running pfSense Plus 22.02 and the latest Wireguard (0.1.6_1) and FRR (1.1.1_6 / 7.5.1_3) packages. OSPF works as exp... Adam Goldberg
07:43 AM Bug #13015 (Resolved): NAT generates duplicate ``no nat on`` rules for port forwards with a destination of ``Any``: It's OK on the latest snap for me, no need to apply the patch manually.
Before upgrade:... Jim Pingle
07:30 AM pfSense Docs Correction #12994 (Closed): Note in 4100 platform page refers to the 7100: Jim Pingle
07:29 AM Bug #13012 (Resolved): NAT Reflection generates duplicate rules when internal interface contains multiple VIPs in the same subnet: Jim Pingle
07:27 AM Bug #13038 (Closed): Auto Configuration Backup fails when set to automatically backup on every configuration change.: That's not a bug in the package, it's a server-side issue that needs addressed by IT. Jim Pingle
07:23 AM Feature #13037 (Closed): Support Intel 2.5g and 5g interfaces: We'll pick up that change naturally through updates to the base OS when the time comes. Jim Pingle
02:22 AM Feature #12807: Clear Active Secondary WAN Connections: looks like duplicate of #12942 Viktor Gurov

04/10/2022

05:52 PM Bug #13014: Deadlock in Charon VICI interface: Hi. I get the same error.
See below the IPSecs logs with the highest verbosity level:... Pierre-Emmanuel DEGRYSE
04:49 PM Bug #13040: Build failed pfsense source code: https://pastebin.com/SZBL5pkL Martin Filla
04:47 PM Bug #13040 (Rejected): Build failed pfsense source code: Hi,
i take pfsense devel branch devel-12 and build with this result
ESC[0;1;32m ~~~~~ ^
ESC[0mESC[1m/usr/... Martin Filla
04:36 PM Regression #12937 (New): Traffic Shaper wizard can produce an invalid ruleset when configured with an IPv4 upstream SIP server: Marcos M
04:36 PM Regression #12937: Traffic Shaper wizard can produce an invalid ruleset when configured with an IPv4 upstream SIP server: Tested on @22.05.a.20220410.0600@.
There are still places where it fails:
> There were error(s) loading the rules... Marcos M
01:17 PM Bug #12900: Clicking Save & Force Update on a Dynamic DNS entry results in a GUI timeout: Tested on @22.05.a.20220402.0600@; got a 504 timeout with @Cloudflare@, but not with @HE.net Tunnelbroker@. Marcos M
11:03 AM pfSense Packages Feature #13039 (New): Handle transit gateway VPNs in the AWS VPN wizard: I think the AWS VPN Wizard should not only handle VPC VPN connections, but also attachements to a transit gateway, fr... Soeren Malchow
10:36 AM pfSense Packages Bug #12924: DNS Resolver WireGuard ACL Inconsistency: Hey Christian. Were you able to recreate this problem already? Kevin Mychal Ong
02:54 AM pfSense Plus Feature #12524: OpenSSL QAT Engine: This not only accelerate OpenVPN, but also HAproxy as well.
Now at the moment as qat not loaded in openssl adding:
<... DRago_Angel [InV@DER]

04/09/2022

07:31 PM pfSense Docs Correction #12994: Note in 4100 platform page refers to the 7100: All three pages currently show only the 4100:
https://docs.netgate.com/pfsense/en/latest/solutions/netgate-4100/rein... Chris W
07:27 PM Bug #13012: NAT Reflection generates duplicate rules when internal interface contains multiple VIPs in the same subnet: LAN has 3 VIPs:
em1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500

inet 192.168.1.1 ... Alhusein Zawi
05:50 PM Feature #13023: DNS Resolver option to keep probing when servers are down: running 22.05.a.20220409.0600 the option for "Keep probing servers that are down" was default selected in Services>DN... Jordan G
05:46 PM Bug #12950: OpenVPN as default gateway does not get set at boot time: It appears that some states can get established out the default GW on boot as well. I have a OpenVPN client and have... Kris Phillips
05:37 PM Bug #13003: Malicious Driver Detection event on ``ixl(4)`` driver: I saw this occur on a 7100 that had two bridged ixl interfaces for an add in card on 21.05.2, so it may affect basica... Kris Phillips
05:23 PM Bug #13038: Auto Configuration Backup fails when set to automatically backup on every configuration change.: I can reproduce this, but I'm also unable to use the Backup Now option. It queues the task, but then never actually ... Kris Phillips
01:34 PM Bug #13038 (Closed): Auto Configuration Backup fails when set to automatically backup on every configuration change.: Here are the logs:... Danilo Zrenjanin
01:54 PM Bug #11226: IPsec VTI phase 2 traffic selectors default to address when defined as a network: when selecting VTi it gives "LAN subnet" in local network and "address" in remote network by default.
if there... Alhusein Zawi
01:11 PM pfSense Packages Bug #13032 (Resolved): openvpn-client-import PHP warning: Tested on the:... Danilo Zrenjanin
01:08 PM pfSense Packages Bug #12814 (Resolved): OpenVPN Client Import does not populate 'remote_cert_tls' option: Tested on the:... Danilo Zrenjanin
11:26 AM Feature #12522: More GUI options for OpenVPN Client-Specific Overrides: Attached patch for both *current master branch* , and for release 2.6.0
It includes last upstream 0/empty() fix
Phil Wardt
06:53 AM Feature #12522: More GUI options for OpenVPN Client-Specific Overrides: Had to reset the repo, sorry, updated links and a fixed patch
*I pushed the GUI changes code:*
https://github.com/p... Phil Wardt
11:08 AM Feature #13017: Packet capture: add preview results while capture is running: If it makes testing easier, here's attached a patch that applies to the current master branch
Phil Wardt
09:20 AM Bug #12991 (Resolved): DNS Resolver ACLs are not updated when OpenVPN networks change: Tested on the:... Danilo Zrenjanin
07:07 AM Bug #13015: NAT generates duplicate ``no nat on`` rules for port forwards with a destination of ``Any``: Tested the patch on the:... Danilo Zrenjanin
03:23 AM Bug #12892 (Resolved): ``HTTPClient`` option not sent when using UEFI HTTP Boot: Tested on the:... Danilo Zrenjanin
12:06 AM Feature #13037: Support Intel 2.5g and 5g interfaces: I'd appreciate this as well. I was under the impression it was already supported from what I've read, and have a new... Jon8RFC .

04/08/2022

11:36 PM Revision d0af588d: remove some dead code: see https://forum.netgate.com/topic/171394/sledgehammer-killall-in-shaper-php-and-inc-files → luckman212
10:46 PM Feature #13037 (Closed): Support Intel 2.5g and 5g interfaces: FreeBSD source has enabled the functionality for 2.5g and 5g Nbase-T interfaces in this commit https://cgit.freebsd.o... Simeon OnSecurity
04:24 PM Feature #12522: More GUI options for OpenVPN Client-Specific Overrides: Jim Pingle wrote in #note-5:
> Yes, that's exactly expected. When you check it, nothing from the server is pushed, on... Phil Wardt
03:11 PM Todo #12981 (Resolved): Warn about OpenVPN shared key deprecation: Jim Pingle
03:10 PM Todo #12981: Warn about OpenVPN shared key deprecation: Tested on... Christopher Cope
12:22 PM pfSense Packages Bug #12916: pfBlockerNG-devel cron job does not trigger xmlrpc sync: I can confirm this issue also on a HA pair running 22.01. We have had this issue since switching to pfBlockerNG-devel... Alexander Lindqvist
04:01 AM Bug #12790 (Feedback): Link-Local IPv6 address on WAN with MAC spoofing changes if there is an IP Alias on WAN: Merged:
https://github.com/pfsense/pfsense/commit/f91bca4947c25bb39ee4cb80c9b6e3cd1b314b41 Viktor Gurov

04/07/2022

06:57 PM Bug #5413: Reduce disruptions when changing DNS records from DHCP leases in Unbound: Curious Netgate customer wondering if the fix posted by Alexander Berkes 2 years ago (or any other fix) is in the wor... Dennis Adler
01:54 PM pfSense Plus Bug #13031: Openvpn Float bug: If it's the same on the widget and status page, then it's likely being misreported by OpenVPN itself.
You can try... Jim Pingle
01:20 PM pfSense Plus Bug #13031: Openvpn Float bug: Hi Jim,
This "Dynamic IP" feature on both the tunnels are already un-checked. Please advice. Sam Jay
11:31 AM pfSense Packages Feature #9833: ACME: add ability to use custom ACME server: +1 for this! Just set up step-ca and would love having this functionality too. Connor McBrine-Ellis
10:52 AM pfSense Docs Todo #13036 (Closed): Feedback on Cellular Wireless — Known Working 3G-4G Modems: Merged Jim Pingle
10:48 AM pfSense Docs Todo #13036: Feedback on Cellular Wireless — Known Working 3G-4G Modems: https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/34 Viktor Gurov
10:31 AM pfSense Docs Todo #13036 (Closed): Feedback on Cellular Wireless — Known Working 3G-4G Modems: *Page:* https://docs.netgate.com/pfsense/en/latest/cellular/hardware.html
*Feedback:*

Add the ZTE 833R to the ... Viktor Gurov
10:30 AM Todo #12093 (Resolved): Make AutoConfigBackup menu entry point to the settings tab so it loads faster when there is no WAN connectivity: Jim Pingle
10:21 AM Todo #12093: Make AutoConfigBackup menu entry point to the settings tab so it loads faster when there is no WAN connectivity: Tested in... Christopher Cope
05:10 AM Regression #11570: Gateway monitoring services is not always restarted on interface events, which may prevent a WAN from recovering back to an online state: Wayne Sherman wrote in #note-27:
> *Setup:*
> 2.6.0-RELEASE (amd64), dual WAN with both WANs on DHCP, and failover ... Viktor Gurov
04:54 AM Feature #9544: Enable ``ROUTE_MPATH`` multipath routing: Jim Pingle wrote in #note-9:
> If that is the case, then we'll pick it up naturally when we rebase onto 13.x or late... Alexander Deca
04:19 AM Bug #13013 (Closed): bsdinstall error while creating filesystem on the latest snapshots: no such issue with pfSense-CE-2.7.0-DEVELOPMENT-amd64-20220406-1307.iso
seems related to https://github.com/pfsens... Viktor Gurov

04/06/2022

06:32 PM Revision 394c1772: Merge branch 'master' into mvc_refactor: Trevor Kerr
04:43 PM Bug #12800: Suboptimal Password Hashing: sha512crypt should be deprecated and removed in favor of better and more established options. It is a mistake to defa... Tom Sham
03:34 PM Bug #13035: No default route following WAN Gateway Group PPPoE member failure: Thank you. The test equipement to run the snapshot will be available next Monday.
I did not ask the question prope... Serge Caron
12:08 PM Bug #13035 (Not a Bug): No default route following WAN Gateway Group PPPoE member failure: Seems closer to #12811 or maybe part of #11570 though it's also possible it's a part of your configuration. Not enoug... Jim Pingle
12:04 PM Bug #13035 (Not a Bug): No default route following WAN Gateway Group PPPoE member failure: This is probably a twist on BUG # 12920 [[https://redmine.pfsense.org/issues/12920?tab=properties]]
Tier 1 of a G... Serge Caron
03:30 PM Todo #12934 (Resolved): Update strongSwan: Jim Pingle
03:29 PM Todo #12934: Update strongSwan: Tested successfully on... Christopher Cope
01:44 PM Bug #13033: DNS lookups using DNS forwarder yields invalid cache entries in systemd-resolved: I'm pretty sure it's not a duplicate. It could be a duplicate of #12901 though.... Flole Systems
08:13 AM Bug #13033: DNS lookups using DNS forwarder yields invalid cache entries in systemd-resolved: Not sure about this being a duplicate, since we have "Use local DNS, fall back to remote DNS servers" configured in p... Philipp Hoppen
08:01 AM Bug #13033 (Duplicate): DNS lookups using DNS forwarder yields invalid cache entries in systemd-resolved: Looks like a duplicate of #12902 Jim Pingle
07:38 AM Bug #13033 (Duplicate): DNS lookups using DNS forwarder yields invalid cache entries in systemd-resolved: I have configured a wildcard record in DNS forwarder, supplied in the "custom options" like the following:... Philipp Hoppen
12:55 PM pfSense Packages Bug #13022: HAProxy - Sub Frontends ignore Client verification CA certificates: Hi, I have entered the line and received the following antowrt:... Anonymous
10:33 AM pfSense Packages Bug #13022: HAProxy - Sub Frontends ignore Client verification CA certificates: Shared frontends certificates are saved to the @/var/etc/haproxy/<frontend>.crt_list@
for example:... Viktor Gurov
11:59 AM pfSense Packages Bug #13034 (Feedback): Zabbix6 Agent and Proxy fail to set the PSK from the web GUI in its conf files: Merged:
https://github.com/pfsense/FreeBSD-ports/commit/93b8b43ec23cbe6ae71ad2a792ced07d60589db6 Viktor Gurov
11:34 AM pfSense Packages Bug #13034 (Pull Request Review): Zabbix6 Agent and Proxy fail to set the PSK from the web GUI in its conf files: Jim Pingle
11:30 AM pfSense Packages Bug #13034: Zabbix6 Agent and Proxy fail to set the PSK from the web GUI in its conf files: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/209 Viktor Gurov
10:58 AM pfSense Packages Bug #13034 (Resolved): Zabbix6 Agent and Proxy fail to set the PSK from the web GUI in its conf files: The Zabbix 6 agent and proxy running on pfSense 2.6.0 fails to set the PSK values from the web GUI in the zabbix conf... Mat Clarke
11:34 AM pfSense Packages Bug #13032 (Feedback): openvpn-client-import PHP warning: Merged Viktor Gurov
10:18 AM pfSense Packages Bug #13032 (Pull Request Review): openvpn-client-import PHP warning: Jim Pingle
09:31 AM pfSense Packages Bug #13032: openvpn-client-import PHP warning: fix:
https://gitlab.netgate.com/pfSense/factory-ports/-/merge_requests/50 Viktor Gurov
06:27 AM pfSense Packages Bug #13032 (Resolved): openvpn-client-import PHP warning: Crash report shows:... Steve Wheeler
08:06 AM pfSense Plus Bug #13031 (Not a Bug): Openvpn Float bug: Looks like it's doing what you're telling it to do and what the server allows you to do.
We just report the status... Jim Pingle
02:35 AM pfSense Plus Bug #13031: Openvpn Float bug: I think it's important: Sam uses the same certificate for these 2 different OpenVPN tunnels (2 different OpenVPN Serv... Azamat Khakimyanov

04/05/2022

09:29 PM pfSense Plus Bug #13031 (Not a Bug): Openvpn Float bug: We have notice that There is a bug with the pfSense CE version: 2.6.0-RELEASE. When there is a two tunnels are initi... Sam Jay
03:07 PM Bug #13030 (Not a Bug): login without password in captive portal: Your LDAP server must be allowing the bind -- MS AD is notoriously bad about allowing binding without a password in c... Jim Pingle
02:57 PM Bug #13030 (Not a Bug): login without password in captive portal: Captive portal with LDAP authentication entering without password. putting only the username and password field blan... Octavio Morato
02:28 PM Bug #13029 (Not a Bug): Captive portal "ip allowed": That is most likely a configuration error or something in your setup. This site is not for support or diagnostic disc... Jim Pingle
02:27 PM Bug #13029 (Not a Bug): Captive portal "ip allowed": I have a problem that when I add some ip in the allowed ip field, the captive portal apparently releases all ip's on ... Octavio Morato
12:52 PM pfSense Packages Bug #12956 (Confirmed): suricata fails to use pcre in SID management (e.g. dropsid.conf): I'm reopening this issue, as the function @preg_quote@ escapes all special characters, rather than just delimiters.
h... Marcos M
10:28 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: Been fighting this issue on 2.5 and 2.4.5 and I am talking about using only 1 DNS entry in the Alias to a Dynamic DNS... Charlie Blalock
10:02 AM Bug #13028 (Needs Patch): Crash when reconfiguring interface using if_qlnxe: It's either a bug in the FreeBSD driver or a hardware issue.
Either way here it's not something we can address. If... Jim Pingle
09:55 AM Bug #13028: Crash when reconfiguring interface using if_qlnxe: may be related:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=238646
https://bugs.freebsd.org/bugzilla/show_bug... Viktor Gurov
09:25 AM Bug #13028 (Needs Patch): Crash when reconfiguring interface using if_qlnxe: We are using a "FastLinQ 41232 Dual Port" (OCP 3.0) in our Dell R650xs for our WAN connection. Any "bigger" change se... J Radmacher
08:12 AM pfSense Packages Bug #11343 (Feedback): Invalid link to pfSense-pkg-bind changelog: Merged:
https://github.com/pfsense/FreeBSD-ports/commit/a3bbd61e6a0376f80674a83b6bf99e74cb013bc5 Viktor Gurov
07:32 AM pfSense Packages Bug #11343 (Pull Request Review): Invalid link to pfSense-pkg-bind changelog: Jim Pingle
01:40 AM pfSense Packages Bug #11343: Invalid link to pfSense-pkg-bind changelog: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/206 Viktor Gurov
07:35 AM Feature #13023 (Feedback): DNS Resolver option to keep probing when servers are down: Applied in changeset commit:8490fdae1718e802d10f25729a41f55bb52dcd5f. Marcos M
02:13 AM Revision 8490fdae: Unbound option to keep probing when servers are down. Implements #13023: Marcos M
01:51 AM pfSense Packages Bug #10900 (Feedback): /packages/backup/backup.php?a=download&t=backup HTTP 504, or Sends PHP Error Message as ASCII/Text file Named pfsense.bak.tgz: Should be fixed in #11098.
Please re-test. Viktor Gurov

04/04/2022

03:40 PM Revision b409b29c: Do not generate duplicate ``no nat on`` rules for port forwards with a destination of ``Any``. Fixes #13015: Viktor Gurov
01:46 PM Revision f91bca49: Regenerate link-local address on MAC change. Fixes #12794: Viktor Gurov
01:34 PM Revision a876c333: Do not generate duplicate NAT Reflection rules. Fixes #13012: Viktor Gurov
01:03 PM Bug #13015: NAT generates duplicate ``no nat on`` rules for port forwards with a destination of ``Any``: Applied in changeset commit:b409b29c0e549d966aed312d3ec53b8ae4d0fe29. Viktor Gurov
10:48 AM Bug #13015 (Feedback): NAT generates duplicate ``no nat on`` rules for port forwards with a destination of ``Any``: Merged:
https://github.com/pfsense/pfsense/commit/b409b29c0e549d966aed312d3ec53b8ae4d0fe29 Viktor Gurov
08:21 AM Bug #13015 (Pull Request Review): NAT generates duplicate ``no nat on`` rules for port forwards with a destination of ``Any``: Jim Pingle
05:13 AM Bug #13015: NAT generates duplicate ``no nat on`` rules for port forwards with a destination of ``Any``: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/706 Viktor Gurov
01:03 PM Bug #12794: Link-local address does not reset after removing MAC address spoofing: Applied in changeset commit:f91bca4947c25bb39ee4cb80c9b6e3cd1b314b41. Viktor Gurov
08:52 AM Bug #12794 (Feedback): Link-local address does not reset after removing MAC address spoofing: Merged:
https://github.com/pfsense/pfsense/commit/f91bca4947c25bb39ee4cb80c9b6e3cd1b314b41 Viktor Gurov
01:03 PM Bug #13012: NAT Reflection generates duplicate rules when internal interface contains multiple VIPs in the same subnet: Applied in changeset commit:a876c333310c6874acd4820a4e02374675b7c069. Viktor Gurov
08:36 AM Bug #13012 (Feedback): NAT Reflection generates duplicate rules when internal interface contains multiple VIPs in the same subnet: Merged:
https://github.com/pfsense/pfsense/commit/a876c333310c6874acd4820a4e02374675b7c069 Viktor Gurov
08:25 AM Bug #13012 (Pull Request Review): NAT Reflection generates duplicate rules when internal interface contains multiple VIPs in the same subnet: Jim Pingle
06:07 AM Bug #13012: NAT Reflection generates duplicate rules when internal interface contains multiple VIPs in the same subnet: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/707 Viktor Gurov
01:03 PM Feature #12267: OpenVPN option to limit concurrent connections per user: Applied in changeset commit:70e7b0c12a16143293b7e05f66ac4f9995bc4cb9. Marcos M
01:03 PM Bug #12332: OpenVPN does not clear old Cisco-AVPair anchor rules in some cases: Applied in changeset commit:971b9a642df9cba81d91459c56e0dd92107f6115. Marcos M
01:03 PM Todo #12981: Warn about OpenVPN shared key deprecation: Applied in changeset commit:209ad2e3f59f6e5a11802298b397dfaadfb04921. Jim Pingle
01:03 PM Bug #11226: IPsec VTI phase 2 traffic selectors default to address when defined as a network: Applied in changeset commit:544be7a5360324249e8e389ad5a6de60288cf57f. Marcos M
01:03 PM Regression #12937: Traffic Shaper wizard can produce an invalid ruleset when configured with an IPv4 upstream SIP server: Applied in changeset commit:030fab3edaee1c2f10ea8695a041864810d94390. Viktor Gurov
01:03 PM Bug #12440: Zero-value prefix IPv6 addresses are mishandled: Applied in changeset commit:02004e7ad1ef9ed56b035b4a821b5951e6a05125. Viktor Gurov
01:03 PM Bug #12986: DHCP network boot filename can be incorrectly placed in DHCP Pool Options: Applied in changeset commit:568fdc9f7f4d9d6952f6ef51c922dd3603c5aa30. Viktor Gurov
01:03 PM Regression #12949: The ruleset is not regenerated after assigning an interface: Applied in changeset commit:d1d1084eb4ebedbcc86cfe13c6d25cf9570646b0. Viktor Gurov
12:14 PM pfSense Packages Bug #13022: HAProxy - Sub Frontends ignore Client verification CA certificates: I have taken screenshots of my settings. In principle, the Main Frontent is almost empty, since all settings are cove... Anonymous
07:02 AM pfSense Packages Bug #13022 (Feedback): HAProxy - Sub Frontends ignore Client verification CA certificates: Unable to reproduce with pfSense-pkg-haproxy-devel 0.62_9
Could you provide detailed step-by-step instructions to ... Viktor Gurov
10:59 AM Bug #11764: IPv6 link local gateway default status not indicated in GUI: Daryl Morse wrote in #note-7:
> I was running 2.7.0-dev up to around mid-January, then I shut it down to test the 2.... Viktor Gurov
08:17 AM pfSense Packages Feature #12963 (Feedback): Run nmap scans in the background: Merged to devel for testing in snapshots. Jim Pingle
07:58 AM Bug #13027 (Pull Request Review): Input validation requires a gateway for floating ``match out`` rules: Jim Pingle
07:42 AM Regression #13025 (Feedback): Some services won't start - wrong syntax in autogenerated rc.d scripts: Merged:
https://github.com/pfsense/pfsense/commit/bfa801a664d5ff7e266c323e333b03c33e72e0d4 Viktor Gurov
07:36 AM Regression #13025 (Pull Request Review): Some services won't start - wrong syntax in autogenerated rc.d scripts: Jim Pingle
01:26 AM Regression #13025: Some services won't start - wrong syntax in autogenerated rc.d scripts: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/705 Viktor Gurov
07:39 AM Regression #13026: Limiters do not work: There is ongoing work here as part of the transition to purely pf based handling of these things. See #12579 for some... Jim Pingle
07:29 AM pfSense Docs Correction #13024 (Closed): Feedback on Virtual Private Networks — OpenVPN — Controlling Client Parameters via RADIUS: Merged. Jim Pingle
07:21 AM Bug #13019 (Rejected): Setting an NTP FQDN kills DHCP Server: I can't reproduce it either. This site is not for support or diagnostic discussion, however. Please start a post on t... Jim Pingle
02:00 AM Bug #13019 (Feedback): Setting an NTP FQDN kills DHCP Server: Viktor Gurov
07:10 AM Feature #12819 (Feedback): GUI option to configure layers for LACP hash: That only showed that the GUI option was there -- It still needs to be tested at the OS level to make sure the select... Jim Pingle
06:25 AM Feature #12819 (Resolved): GUI option to configure layers for LACP hash: Viktor Gurov
06:24 AM Revision bfa801a6: write_rcfile() restart fix. Issue #13025: Viktor Gurov
04:48 AM Bug #12774: Picture widget image is not saved in backup: Where the picture data is stored while the system is operating is IMO of no consequence regarding as to whether or no... Ronald Antony
01:59 AM Bug #13021 (Duplicate): Image data of dashboard image widget does not get backed up: Duplicate of #12774 Viktor Gurov

04/03/2022

08:29 PM pfSense Packages Bug #12995 (Resolved): Installing stunnel only on the primary HA node leads to php crashes and sync issues: Tested on @22.05.a.20220403.0600@; works as expected. Marcos M
08:06 PM Bug #13027: Input validation requires a gateway for floating ``match out`` rules: This works on @22.01@ with the following rule and patch:... Marcos M
07:55 PM Bug #13027 (Resolved): Input validation requires a gateway for floating ``match out`` rules: When implementing limiters using floating *match* rules, a gateway should not be necessary. Without selecting one, th... Marcos M
07:49 PM Regression #13026 (Resolved): Limiters do not work: h3. SETUP
@/tmp/rules.limiter@ (no change between versions)... Marcos M
04:36 PM Regression #13025 (Resolved): Some services won't start - wrong syntax in autogenerated rc.d scripts: 22.05-DEVELOPMENT (amd64)
built on Sun Apr 03 06:21:55 UTC 2022
FreeBSD 12.3-STABLE
noticed avahi and other s... johnny stecchino
02:32 PM Regression #12961: CARP event storm when leaving persistent CARP maintenance mode: I can confirm to see the absolute same behaviour in pfSense 2.6.0 CE with a very similar setup! Steffen Wagner
11:27 AM pfSense Docs Correction #13024 (Pull Request Review): Feedback on Virtual Private Networks — OpenVPN — Controlling Client Parameters via RADIUS: Marcos M
11:26 AM pfSense Docs Correction #13024: Feedback on Virtual Private Networks — OpenVPN — Controlling Client Parameters via RADIUS: https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/33 Marcos M
11:02 AM pfSense Docs Correction #13024 (Closed): Feedback on Virtual Private Networks — OpenVPN — Controlling Client Parameters via RADIUS: *Page:* https://docs.netgate.com/pfsense/en/latest/vpn/openvpn/client-parameters-radius.html
*Feedback:*
@Framed-... Marcos M
10:48 AM Feature #13023 (Pull Request Review): DNS Resolver option to keep probing when servers are down: I've been running this option for months and it's helped whenever there are ISP issues.
https://gitlab.netgate.com... Marcos M
09:47 AM Feature #13023 (Resolved): DNS Resolver option to keep probing when servers are down: When servers are down and in the "blocking regime", they are currently probed every 15 minutes which is a relatively ... Marcos M
10:28 AM pfSense Plus Bug #12974: Typing anything into 1100/2100 recovery installer causes process to stop: Kris Phillips wrote in #note-1:
> I'm not able to reproduce this. What serial emulator are you using? Have you tri... Ryan Coleman
06:50 AM pfSense Packages Bug #13022 (Feedback): HAProxy - Sub Frontends ignore Client verification CA certificates: I noticed that when I create sub frontends in HAProxa and enable the "Client verification CA certificates" in them (e... Anonymous
05:03 AM Feature #13017: Packet capture: add preview results while capture is running: Fix previous patch did not properly apply dns option during view/preview results
Add a warning that running preview ... Phil Wardt

04/02/2022

09:11 PM Bug #13021: Image data of dashboard image widget does not get backed up: Oops, sorry, there’s something to clarify: the widget is called “Picture” not “Image” Ronald Antony
09:03 PM Bug #13021: Image data of dashboard image widget does not get backed up: Oh, and ANYTHING can be stored in an XML file, that’s what base64 encoded blobs are for. Ronald Antony
09:01 PM Bug #13021: Image data of dashboard image widget does not get backed up: I’m not sure how I’m supposed to clarify.
It’s pretty easy what I’m talking about: go to the dashboard, add an image... Ronald Antony
07:02 PM Bug #13021: Image data of dashboard image widget does not get backed up: Ronald,
The only thing that is backed up when pfSense is backed up is the config file. I'm not sure what "image" ... Kris Phillips
08:49 AM Bug #13021 (Duplicate): Image data of dashboard image widget does not get backed up: The dashboard has a rather useful image widget, which by using distinctive images, drastically lowers the chance of m... Ronald Antony
07:18 PM pfSense Plus Bug #12974: Typing anything into 1100/2100 recovery installer causes process to stop: I'm not able to reproduce this. What serial emulator are you using? Have you tried Putty or Screen? I've seen this... Kris Phillips
07:15 PM Bug #13019: Setting an NTP FQDN kills DHCP Server: I'm not able to reproduce this issue. I added two NTP settings under Advanced to the DHCP server, restarted the serv... Kris Phillips
02:11 AM Bug #13019 (Rejected): Setting an NTP FQDN kills DHCP Server: Very strange issue here. Setting a FQDN for one of the 3 NTP server options in the IPv4 DHCP server settings kills I... Kristopher Kolpin
01:46 PM Feature #12982: Add support for RFC7499 in RADIUS library.: To add some details from the test:
The file contents did have just 65 rules. I also tried increasing the php @max_in... Marcos M
01:13 PM Regression #12862: Some ``sysctl`` OIDs in ``loader.conf.local`` are silently removed: Running 22.05.a.20220402.0600 on the 1100, kern.ipc.nmbclusters is not present in /boot/loader.conf or system tunables Jordan G
11:45 AM Feature #12819: GUI option to configure layers for LACP hash: tested on 22.05.a.20220402.0600 options for LAGG now show -
Layer 2/3/4/ (default)
Layer 2 (MAC Address)
... Jordan G
09:31 AM Bug #12957 (Resolved): Delete button is always active for NAT rules, even if no rules are selected: Tested on the:... Danilo Zrenjanin
08:44 AM pfSense Docs Todo #13020 (Resolved): Improve ``easyrule`` command documentation: At https://docs.netgate.com/pfsense/en/latest/firewall/easyrule.html#easyrule-in-the-shell the documentation is typic... Ronald Antony
04:25 AM Feature #13017: Packet capture: add preview results while capture is running: Fix upstream original version not applying "DNS resolution" option during capture, but only during display
patch for... Phil Wardt
04:03 AM pfSense Packages Feature #12963: Run nmap scans in the background: I squashed commits since the last review
I reviewed and cleaned up some code readability
Updated the attached patch... Phil Wardt

04/01/2022

05:59 PM pfSense Packages Bug #13018 (New): TLD and DNSBL Safesearch DOH conflict disables TLD block when conflicting DOH FQDN is deselected or whitelisted: pfBlockerNG-devel 3.1.0_4
If a TLD (example .cn) is blacklisted and conflicts with DNSBL Safesearch DOH blocking (ex... James Wilson
04:27 PM pfSense Packages Feature #12963: Run nmap scans in the background: Add No DNS Resolution option for faster scans
Should be completed
Attached patch for pfsense 2.6.0 Phil Wardt
09:53 AM pfSense Packages Feature #12963: Run nmap scans in the background: Updated patch to fix this:
- only kill nmap process using the output file created in GUI
- code formatting Phil Wardt
03:56 PM Feature #13017: Packet capture: add preview results while capture is running: Commit:
https://github.com/pfsense/pfsense/pull/4567
Note: I added the -U option to unbuffer output and permit resul... Phil Wardt
03:54 PM Feature #13017 (Closed): Packet capture: add preview results while capture is running: Packet Capture: add preview results
- allow preview results while a capture is still running
- add a capture summar... Phil Wardt
01:12 PM Regression #13011 (Feedback): Ruleset can fail to load on snapshot from March 31st: Jim Pingle
01:09 PM Regression #13011: Ruleset can fail to load on snapshot from March 31st: Should be sorted out as of 8f782c1bf74a13fa9c8c40c37d6b2391387498c3 on devel-12 and aac961d1dbc43f1cc71acb701a54df0da... Mateusz Guzik
09:06 AM Regression #13011: Ruleset can fail to load on snapshot from March 31st: While not directly related, #13011 is contributing to this problem as it's one source of potentially duplicate rules. Jim Pingle
08:40 AM Regression #13011 (Resolved): Ruleset can fail to load on snapshot from March 31st: Adding this for tracking as we are aware of it and it's being actively worked on.
There is an issue on the latest ... Jim Pingle
01:06 PM pfSense Docs New Content #13016: Workaround for bandwith issues since 2.6 when installed in Hyper-V: There are other things out there that could also be a factor, multiple forum threads also mentioned switch settings i... Jim Pingle
12:52 PM pfSense Docs New Content #13016 (New): Workaround for bandwith issues since 2.6 when installed in Hyper-V: Extremely slow upload speeds since 2.6 when installed in Hyper-V. A workaround for windows 10 machines is disabling b... Christoph Obermoser
12:37 PM Feature #13010: Option to retain the existing serial number when renewing a CA or certificate: Evren Yurtesen wrote in #note-2:
> Excluding the CA serial from being used in future, in authorityKeyIdentifier, doe... Jim Pingle
01:57 AM Feature #13010: Option to retain the existing serial number when renewing a CA or certificate: Excluding the CA serial from being used in future, in authorityKeyIdentifier, does not solve the immediate problem wi... Evren Yurtesen
11:31 AM Bug #13015 (Resolved): NAT generates duplicate ``no nat on`` rules for port forwards with a destination of ``Any``: Port forwards with a destination of @Any@ get extra @no nat on@ NAT rules which can end up duplicated across multiple... Jim Pingle
11:14 AM Bug #13013: bsdinstall error while creating filesystem on the latest snapshots: I ran into what Jim set out yesterday. Had to memstick install 2.6.0 then update to 2.7.0 to get back into operation.... Ted Quade
10:21 AM Bug #13013: bsdinstall error while creating filesystem on the latest snapshots: I see the same issue with a clean install. Viktor Gurov
09:23 AM Bug #13013: bsdinstall error while creating filesystem on the latest snapshots: I was seeing this the other day but it doesn't matter what is on the disk for me, UFS or ZFS, in both cases trying to... Jim Pingle
09:20 AM Bug #13013: bsdinstall error while creating filesystem on the latest snapshots: see also #10690 Viktor Gurov
09:19 AM Bug #13013 (Closed): bsdinstall error while creating filesystem on the latest snapshots: Old ZFS layout (pfSense 2.5.2):... Viktor Gurov
11:03 AM Bug #13014: Deadlock in Charon VICI interface: Might be the same root cause as #7420 though we don't have enough information about either one of these to say for ce... Jim Pingle
10:53 AM Bug #13014 (Resolved): Deadlock in Charon VICI interface: The charon.vici daemon can get in a bad state where all of the qlen slots are "hung". This causes the Status --> IPS... Kris Phillips
09:05 AM Bug #13012 (Resolved): NAT Reflection generates duplicate rules when internal interface contains multiple VIPs in the same subnet: NAT reflection can generate multiple identical rules if the configuration contains multiple VIPs in the same subnet.
... Jim Pingle
01:36 AM pfSense Packages Bug #12814 (Feedback): OpenVPN Client Import does not populate 'remote_cert_tls' option: Merged Viktor Gurov

03/31/2022

08:02 PM Revision 9f534f4b: Use correct rx/tx index. Fixes #8861: Jim Pingle
04:04 PM pfSense Packages Feature #12963: Run nmap scans in the background: I modified the code to disable any custom commands.
This is safer since nmap already changed in the past the -o opti... Phil Wardt
03:47 PM Regression #12897 (Resolved): Attempting to decrypt an encrypted backup with the wrong password makes the GUI timeout: Tested and working correctly on... Christopher Cope
03:44 PM Regression #12834: Only TCP traffic is passed outbound through IPFW: → luckman212 wrote in #note-11:
> @jimp was this one merged as of 22.05.a.20220331.1603? I'm looking in System Patch... Jim Pingle
03:06 PM Regression #12834: Only TCP traffic is passed outbound through IPFW: @jimp was this one merged as of 22.05.a.20220331.1603? I'm looking in System Patches under "Recommended System Patche... → luckman212
03:44 PM Revision 82a6f401: CLI history option optimization. Fixes #12675: There is no longer a need to use the ~/.keephistory flag file. Scripts
can check the config.xml value for a user dire... Jim Pingle
03:42 PM Revision 0049d009: Fix syntax error: Jim Pingle
03:40 PM Bug #12998: Wireless interface WPA configuration fields are always visible: Updating subject for release notes. Jim Pingle
03:39 PM Bug #12710: Disabling DHCP Server RRD statistics does not work: Updating subject for release notes. Jim Pingle
03:38 PM Feature #12616: Option to filter state table contents by rule ID: Updating subject for release notes. Jim Pingle
03:37 PM Bug #12440: Zero-value prefix IPv6 addresses are mishandled: Updating subject for release notes. Jim Pingle
03:37 PM Bug #11226: IPsec VTI phase 2 traffic selectors default to address when defined as a network: Updating subject for release notes. Jim Pingle
03:36 PM Bug #11941: Many ``exec()`` functions do not use full path to executable files: Updating subject for release notes. Jim Pingle
03:35 PM Regression #12937: Traffic Shaper wizard can produce an invalid ruleset when configured with an IPv4 upstream SIP server: Updating subject for release notes. Jim Pingle
03:34 PM Bug #12003: Pie and ``fq_pie`` are missing options and do not handle floating point number input correctly: Updating subject for release notes. Jim Pingle
03:33 PM Bug #12611: SNMP daemon is restarted during every ``rc.newwanip`` event: Updating subject for release notes. Jim Pingle
03:32 PM Bug #12957: Delete button is always active for NAT rules, even if no rules are selected: Updating subject for release notes. Jim Pingle
03:32 PM Bug #12871: Some action buttons are always active for firewall rules, even if no rules are selected: Updating subject for release notes. Jim Pingle
03:32 PM Bug #12871: Some action buttons are always active for firewall rules, even if no rules are selected: Updating subject for release notes. Jim Pingle
03:31 PM Bug #12803: Error loading ruleset due to illegal TOS value: Updating subject for release notes. Jim Pingle
03:31 PM Bug #12792: Automatic Outbound NAT rules do not include OpenVPN CSO entries: Updating subject for release notes. Jim Pingle
03:31 PM Bug #12678: Applying firewall rule changes does not clear dirty flag for aliases subsystem: Updating subject for release notes. Jim Pingle
03:30 PM Feature #12392: Allow the selection of "any" interface in floating rules: Updating subject for release notes. Jim Pingle
03:30 PM Feature #8365: Button to copy rules from one interface to another: Updating subject for release notes. Jim Pingle
03:29 PM Feature #4881: Allow NPt to use dynamic IPv6 networks: Updating subject for release notes. Jim Pingle
03:27 PM Bug #12536: Setting a default gateway of "None" does not remove the default gateway from the routing table: Updating subject for release notes. Jim Pingle
03:26 PM Feature #12968: Button to clear previous packet capture data: Updating subject for release notes. Jim Pingle
03:26 PM Bug #13004: ``write_rcfile()`` does not create ``rc_restart()`` entry: Updating subject for release notes. Jim Pingle
11:23 AM Bug #13004 (Feedback): ``write_rcfile()`` does not create ``rc_restart()`` entry: Merged:
https://github.com/pfsense/pfsense/commit/4e2a765a9f5979aaa2e10ef31ecccd0466e6cc2f Viktor Gurov
07:45 AM Bug #13004 (Pull Request Review): ``write_rcfile()`` does not create ``rc_restart()`` entry: Jim Pingle
05:24 AM Bug #13004: ``write_rcfile()`` does not create ``rc_restart()`` entry: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/699 Viktor Gurov
05:18 AM Bug #13004 (Resolved): ``write_rcfile()`` does not create ``rc_restart()`` entry: @write_rcfile()@ creates only rc_start() and rc_stop() entries, but ignores the contents of 'restart', which is used ... Viktor Gurov
03:25 PM Bug #12766: Packages with custom ``internal_name`` values do not reinstall properly when restoring a backup: Updating subject for release notes. Jim Pingle
06:00 AM Bug #12766 (Resolved): Packages with custom ``internal_name`` values do not reinstall properly when restoring a backup: Tested against:... Danilo Zrenjanin
03:24 PM Todo #12981: Warn about OpenVPN shared key deprecation: Updating subject for release notes. Jim Pingle
03:24 PM Bug #12925: FQDN in network alias is omitted from OpenVPN networks list: Updating subject for release notes. Jim Pingle
03:22 PM Bug #12887: GUI does not reject an invalid OpenVPN tap mode configuration with an empty tunnel network "Bridge DHCP" disabled: Updating subject for release notes. Jim Pingle
03:21 PM Regression #12884: OpenVPN status display for TAP mode services shows peer-to-peer instead of client list in certain cases: Updating subject for release notes. Jim Pingle
03:20 PM Regression #12817: PHP error when terminating OpenVPN sessions via the dashboard widget: Updating subject for release notes. Jim Pingle
03:19 PM Bug #12628: OpenVPN re-synchronization also synchronizes override entries unnecessarily in some cases: Updating subject for release notes. Jim Pingle
03:17 PM Bug #11864: OpenVPN stays bound to previous IP address after interface changes: Updating subject for release notes. Jim Pingle
03:16 PM Bug #11416: OpenVPN IPv4 Tunnel Network incorrectly allows hostnames: Updating subject for release notes. Jim Pingle
03:12 PM Feature #12819: GUI option to configure layers for LACP hash: Updating subject for release notes. Jim Pingle
03:10 PM Bug #12953: ESP description in IPsec phase 2 proposal help text is ambiguous: Updating subject for release notes. Jim Pingle
03:10 PM Bug #12723: Disallow remote gateway of ``0.0.0.0`` for VTI mode: Updating subject for release notes. Jim Pingle
03:08 PM Regression #12866: Disabled Captive Portal configuration prevents adding an interface to a bridge: Updating subject for release notes. Jim Pingle
03:07 PM Bug #12735 (Resolved): Interface status "Total Interrupts" display is non-functional: This looks right on current snapshots now. The value is displayed as expected. Jim Pingle
03:04 PM Feature #8861 (Feedback): Show SFP module details on ``status_interfaces.php``: Fix committed, commit:9f534f4b7af51600ce37e10978f3f1eb977768f3
Jim Pingle
03:02 PM Feature #8861 (In Progress): Show SFP module details on ``status_interfaces.php``: There is a small error keeping it from displaying the RX/TX signal levels from an SFP. To me, I have a fix. Jim Pingle
02:51 PM Bug #12691: Support encrypted ``config.xml`` files when restoring during install: Updating subject for release notes. Jim Pingle
02:51 PM Bug #12609: IGMP Proxy server is restarted during every ``rc.newwanip`` event: Updating subject for release notes. Jim Pingle
02:50 PM Feature #12702: Use consistent pf host ID and add GUI option to set a custom host ID in state synchronization settings: Updating subject for release notes. Jim Pingle
02:49 PM Feature #9091: Chelsio TOE support using the ``t4_tom`` module: Updating subject for release notes. Jim Pingle
02:47 PM Bug #12721: IPv6 gateway group using link local addresses incorrectly logs a gateway change because it not including interface scope properly: Updating subject for release notes. Jim Pingle
02:42 PM Bug #11692: ``fixup_default_gateway()`` should not remove a default gateway managed by a dynamic routing daemon: Updating subject for release notes. Jim Pingle
02:28 PM Feature #13010: Option to retain the existing serial number when renewing a CA or certificate: It could perhaps be made optional but I've seen more trouble from retaining the serial than from changing it, though.... Jim Pingle
01:20 PM Feature #13010 (Resolved): Option to retain the existing serial number when renewing a CA or certificate: I believe this issue is related to Bug #11514 - "Renewing a self-signed CA or certificate does not update the serial ... Evren Yurtesen
01:18 PM Todo #12881: Update ``dpinger`` to 3.2: Updating subject for release notes. Jim Pingle
01:17 PM Bug #12811: Services are not restarted when PPP interfaces connect: Updating subject for release notes. Jim Pingle
01:14 PM Regression #12816: Namecheap Dynamic DNS responses are not parsed properly: Updating subject for release notes. Jim Pingle
01:13 PM Bug #12761: Input validation prevents configuring wildcard Dynamic DNS records on Google Domains: Updating subject for release notes. Jim Pingle
01:12 PM Bug #12754: Google Domains Dynamic DNS responses are not parsed properly: Updating subject for release notes. Jim Pingle
01:11 PM Feature #12752: Support wildcard Dynamic DNS records on DigitalOcean: Updating subject for release notes. Jim Pingle
01:11 PM Bug #12750: Input validation prevents configuring wildcard Dynamic DNS records on GoDaddy: Updating subject for release notes. Jim Pingle
01:10 PM Feature #12744: IPv6 support for DNSimple Dynamic DNS: Updating subject for release notes. Jim Pingle
01:09 PM Bug #12672: GleSYS Dynamic DNS responses are not parsed properly: Updating subject for release notes. Jim Pingle
01:08 PM Bug #12590: Dynamic DNS custom IPv6 service fails on 6rd tunnels: Updating subject for release notes. Jim Pingle
01:05 PM Bug #12991: DNS Resolver ACLs are not updated when OpenVPN networks change: Updating subject for release notes. Jim Pingle
11:33 AM Bug #12991 (Feedback): DNS Resolver ACLs are not updated when OpenVPN networks change: Merged:
https://github.com/pfsense/pfsense/commit/34fc7cd6b5a1b9cb9edafb13cd3dbb4142c66294 Viktor Gurov
07:44 AM Bug #12991 (Pull Request Review): DNS Resolver ACLs are not updated when OpenVPN networks change: Jim Pingle
05:08 AM Bug #12991 (New): DNS Resolver ACLs are not updated when OpenVPN networks change: Danilo Zrenjanin wrote in #note-5:
> Tested with the patch against:
> [...]
>
> The tunnel network from the serv... Viktor Gurov
03:49 AM Bug #12991: DNS Resolver ACLs are not updated when OpenVPN networks change: Tested with the patch against:... Danilo Zrenjanin
01:04 PM Bug #12985: DNS Resolver updates trust anchor at boot even with DNSSEC disabled which can lead to a startup delay of ~2 minutes if the firewall does not have Internet access: Updating subject for release notes. Jim Pingle
11:32 AM Bug #12985 (Resolved): DNS Resolver updates trust anchor at boot even with DNSSEC disabled which can lead to a startup delay of ~2 minutes if the firewall does not have Internet access: > > fix:
> > https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/700
>
> I applied the patch and it fixed... Viktor Gurov
09:22 AM Bug #12985: DNS Resolver updates trust anchor at boot even with DNSSEC disabled which can lead to a startup delay of ~2 minutes if the firewall does not have Internet access: Viktor Gurov wrote in #note-7:
> Glenn Hall wrote in #note-5:
> > This commit seems to break enabling of DNSSEC on ... Glenn Hall
07:47 AM Bug #12985 (Pull Request Review): DNS Resolver updates trust anchor at boot even with DNSSEC disabled which can lead to a startup delay of ~2 minutes if the firewall does not have Internet access: Jim Pingle
07:46 AM Bug #12985: DNS Resolver updates trust anchor at boot even with DNSSEC disabled which can lead to a startup delay of ~2 minutes if the firewall does not have Internet access: Glenn Hall wrote in #note-5:
> This commit seems to break enabling of DNSSEC on 2.7.0.a.20220328.0600. I previously ... Viktor Gurov
01:02 PM Bug #12613: DNS Resolver does not restart during link up/down events on a static IP address interface: Updating subject for release notes. Jim Pingle
01:02 PM Bug #12612: DNS Resolver is restarted during every ``rc.newwanip`` event even for interfaces not used in the resolver: Updating subject for release notes. Jim Pingle
01:01 PM Bug #12749: Uninitialized array in ``array_remove_duplicates()``: Updating subject for release notes. Jim Pingle
01:00 PM Regression #12582: RADVD can be started on both HA nodes when configured with an IPv6 link-local address: Updating subject for release notes. Jim Pingle
12:58 PM Bug #12527: DHCPv6 server does not skip interfaces configured with invalid ranges: Updating subject for release notes. Jim Pingle
12:55 PM Revision 4e2a765a: write_rcfile() restart support. Issue #13004: Viktor Gurov
12:55 PM Bug #12986: DHCP network boot filename can be incorrectly placed in DHCP Pool Options: Updating subject for release notes. Jim Pingle
12:55 PM Revision 34fc7cd6: Improve unbound DNSSEC option check. Issue #12985: Viktor Gurov
12:53 PM Bug #12896: ``HTTPClient`` option does not work for static mappings: Updating subject for release notes. Jim Pingle
12:53 PM Bug #12892: ``HTTPClient`` option not sent when using UEFI HTTP Boot: Updating subject for release notes. Jim Pingle
12:52 PM Feature #12973: Playback script to perform a configuration upgrade on an arbitrary ``config.xml`` file: Updating subject for release notes. Jim Pingle
12:50 PM Feature #12675: Move command line history to a GUI option stored in ``config.xml`` rather than a manual flag file: Updating subject for release notes. Jim Pingle
10:54 AM Feature #12675 (Feedback): Move command line history to a GUI option stored in ``config.xml`` rather than a manual flag file: Merged: https://github.com/pfsense/pfsense/commit/82a6f401d07ac88bb66cc29110d249dd8302bcbf Jim Pingle
10:40 AM Feature #12675 (In Progress): Move command line history to a GUI option stored in ``config.xml`` rather than a manual flag file: Taking another look at this, there is no need to use the flag file at all now. It can be read directly from the confi... Jim Pingle
12:49 PM Bug #12810: Sanitize SHA-512 user password hashes in ``status.php`` output: Updating subject for release notes. Jim Pingle
12:48 PM Feature #12773: Ability to sort AutoConfigBackup entries: Updating subject for release notes. Jim Pingle
12:45 PM Feature #12724: Notify user if AutoConfigBackup is unable to successfully upload a backup: Updating subject for release notes. Jim Pingle
12:44 PM Feature #12685: Support encrypted ``config.xml`` files when restoring via ECL: Updating subject for release notes. Jim Pingle
12:43 PM Feature #12855: GUI option to select the user password hashing algorithm: Updating subject for release notes. Jim Pingle
12:42 PM Feature #13009 (New): Add option for multiple remote addresses to OpenVPN Client: With the ability to bind OpenVPN Servers to localhost and then use port forwarding for multiple interfaces and failov... Kris Phillips
12:41 PM Feature #12842: Retain descriptions when exporting and importing aliases: Updating subject for release notes. Jim Pingle
12:41 PM Bug #12727: Renaming an alias does not update the alias names in static routes and OpenVPN instances: Updating subject for release notes. Jim Pingle
12:23 PM Bug #12868 (Resolved): Output from ``pfctl -vvsr`` does not include ``ridentifier`` value in the expected location: This was merged a while ago and has been working fine.
The @(0)@ bit after the pf rule number is no longer present... Jim Pingle
12:22 PM pfSense Packages Bug #12818 (Resolved): IP block logging not working: Christopher Cope
12:21 PM pfSense Packages Bug #12818: IP block logging not working: Tested and working in... Christopher Cope
12:14 PM pfSense Packages Regression #13002 (Feedback): BIND 9.16_13 could not find existing DNSSEC keys at /cf/named/etc/namedb/keys due to directory change: Merged:
https://github.com/pfsense/FreeBSD-ports/commit/1a4f1fdbd14484e4ea4630fe4cd16ac777a32f5a Viktor Gurov
07:43 AM pfSense Packages Regression #13002 (Pull Request Review): BIND 9.16_13 could not find existing DNSSEC keys at /cf/named/etc/namedb/keys due to directory change: Jim Pingle
04:59 AM pfSense Packages Regression #13002: BIND 9.16_13 could not find existing DNSSEC keys at /cf/named/etc/namedb/keys due to directory change: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/205 Viktor Gurov
12:01 PM Bug #12794: Link-local address does not reset after removing MAC address spoofing: forum topic:
https://forum.netgate.com/topic/169727/link-local-address-behavior-when-spoofing-wan-interface-mac-address Viktor Gurov
11:51 AM pfSense Packages Bug #12916: pfBlockerNG-devel cron job does not trigger xmlrpc sync: Marcos Mendoza wrote:
> Tested on pfSense 2.6.0 and pfBlockerNG-devel 3.1.0_1
> pfBlockerNG-devel option "Enable Sy... Israel Goldstein
10:06 AM Revision 3a792acf: OpenVPN unbound restart fixes. Issue #12991: Viktor Gurov
07:40 AM Feature #12982: Add support for RFC7499 in RADIUS library.: The number that works is too conveniently close to 64 to be a coincidence. It sounds like it's hitting a limit somewh... Jim Pingle

Also available in: Atom

Project

General

Profile

pfSense

Activity

Activity

04/29/2022

04/28/2022

04/27/2022

04/26/2022

04/25/2022

04/24/2022

04/23/2022

04/22/2022

04/21/2022

04/20/2022

04/19/2022

04/18/2022

04/17/2022

04/16/2022

04/15/2022

04/14/2022

04/13/2022

04/12/2022

04/11/2022

04/10/2022

04/09/2022

04/08/2022

04/07/2022

04/06/2022

04/05/2022

04/04/2022

04/03/2022

04/02/2022

04/01/2022

03/31/2022