Activity

30 days up to

User

Subprojects

Activity

From 04/17/2022 to 05/16/2022

05/16/2022

10:33 PM Bug #13177 (Rejected): pppoe Cannot attach to ng_ether message: Invalid argument.: pppoe fails to start after upgrading to 22.05 beta (from 22.01)
No session is ever established,
see
https://fo... net blues
07:37 PM Regression #13176: UPnP port mappings cause kernel panic: Tested with @22.05.b.20220513.0600@ on a ESXi VM by running a network test on a Playstation 5; the result gave NAT2 (... Marcos M
07:35 PM Regression #13176: UPnP port mappings cause kernel panic: See: https://forum.netgate.com/topic/172182/22-05-b-20220513-0600-upnp-crash Steve Wheeler
07:33 PM Regression #13176 (Resolved): UPnP port mappings cause kernel panic: Adding a port mapping via UPnP causes a kerlnel panic in 22.05.
Tested here using GUPnP Universal control point. ... Steve Wheeler
05:12 PM Revision b7ddc1b8: captiveportal_passthru_delete_entry() -> captiveportal_passthrumac_delete_entry(). Fixes #13175: Viktor Gurov
04:31 PM Revision edf6dbfa: User Mgr scope icon corrections. Fixes #13174: Jim Pingle
03:58 PM Regression #12961: CARP event storm when leaving persistent CARP maintenance mode: Florian Apolloner wrote in #note-15:
> I only looked over the code because I am heading out into the weekend but the... Bill Hughes
03:19 PM Bug #13169 (Feedback): captiveportal_ether_delete_entry() does not delete anchors/pipes: Fixed in 1c887f5e Reid Linnemann
11:56 AM Bug #13169: captiveportal_ether_delete_entry() does not delete anchors/pipes: I see what I did, I was expecting a single rule and that I should return its dnpipe and dnrpipe, when in actuality th... Reid Linnemann
11:32 AM Bug #13169: captiveportal_ether_delete_entry() does not delete anchors/pipes: Getting back 4 entries would indicate to me that the anchor path matches more than one rule, and you are getting the ... Reid Linnemann
11:07 AM Bug #13169: captiveportal_ether_delete_entry() does not delete anchors/pipes: https://github.com/pfsense/pfsense/blob/master/src/etc/inc/captiveportal.inc#L1098
same issue after replacing @$ho... Viktor Gurov
04:33 AM Bug #13169 (Resolved): captiveportal_ether_delete_entry() does not delete anchors/pipes: For some reason, @pfSense_pf_cp_get_eth_pipes()@, and @pfSense_pf_cp_flush()@ does not work properly inside @captivep... Viktor Gurov
02:13 PM Revision 6f0d088a: Port Forward Redirect target IP save fix. Fixes #13171: Viktor Gurov
12:20 PM Bug #13175 (Feedback): PHP error on MAC entry add/edit: Applied in changeset commit:b7ddc1b810f16c827cb6e61b6316a23c649d1e1c. Viktor Gurov
11:53 AM Bug #13175 (Pull Request Review): PHP error on MAC entry add/edit: Jim Pingle
11:50 AM Bug #13175: PHP error on MAC entry add/edit: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/787 Viktor Gurov
11:45 AM Bug #13175 (Resolved): PHP error on MAC entry add/edit: ... Viktor Gurov
11:40 AM Bug #13174 (Feedback): Icon missing for user manager entries with a scope other than "user": Applied in changeset commit:edf6dbfa7d03460303d9aa16dc67334f9bbf3c01. Jim Pingle
11:30 AM Bug #13174 (Resolved): Icon missing for user manager entries with a scope other than "user": There is supposed to be an icon before each user manager entry to indicate the scope (e.g. system, user) but currentl... Jim Pingle
11:35 AM Bug #13171: Changing the redirect target for a Port Forward with an associated filter creates an incorrect firewall rule: Updating subject for release notes. Jim Pingle
11:30 AM Bug #13171 (Feedback): Changing the redirect target for a Port Forward with an associated filter creates an incorrect firewall rule: Applied in changeset commit:6f0d088a8451802aacd4e7fa6be95d00707babd9. Viktor Gurov
11:13 AM Bug #13171 (Pull Request Review): Changing the redirect target for a Port Forward with an associated filter creates an incorrect firewall rule: Jim Pingle
09:14 AM Bug #13171: Changing the redirect target for a Port Forward with an associated filter creates an incorrect firewall rule: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/785 Viktor Gurov
06:06 AM Bug #13171 (Resolved): Changing the redirect target for a Port Forward with an associated filter creates an incorrect firewall rule: Tested on 22.01 but I saw the same issue on 21.05_p2 too.
To reproduce this issue:
- I created alias for internal... Azamat Khakimyanov
09:07 AM Bug #13170 (Not a Bug): Internet (IPV6-)connectivity gone due to renaming WAN-interface: The internal name "wan" has nothing to do with your custom name "WAN" or "WAN_TEST".
The only references I see which... Jim Pingle
08:52 AM Bug #13170: Internet (IPV6-)connectivity gone due to renaming WAN-interface: Jim, could you please take me serious!
Hereby two config files:
- my actual config and
- the same config with th... Louis B
08:12 AM Bug #13170 (Incomplete): Internet (IPV6-)connectivity gone due to renaming WAN-interface: There isn't nearly enough information here to classify this as a bug. The interface name itself isn't referenced anyw... Jim Pingle
04:55 AM Bug #13170 (Not a Bug): Internet (IPV6-)connectivity gone due to renaming WAN-interface: Hello,
Yesterday I discovered that my IPV6 was not working any longer, despite the fact the both IPV4 and IPV6-gat... Louis B
08:18 AM Bug #13164 (Pull Request Review): Info icon on ``firewall_nat_out.php`` is incorrectly placed in manual outbound NAT mode: Jim Pingle
08:15 AM Feature #13173 (Duplicate): Config restore could/should be better: Duplicate of #13172 Jim Pingle
06:42 AM Feature #13173 (Duplicate): Config restore could/should be better: Today I was trying to solve issues by partly restoring old config files. A few things about that:
- I think it is ... Louis B
08:15 AM Feature #13172 (Duplicate): Config restore could/should be better: Duplicate of #3696 Jim Pingle
06:41 AM Feature #13172 (Duplicate): Config restore could/should be better: Today I was trying to solve issues by partly restoring old config files. A few things about that:
- I think it is ... Louis B
08:00 AM pfSense Packages Bug #13166 (Pull Request Review): IPsec Export: Apple Profile generates invalid configuration: Jim Pingle
02:53 AM pfSense Packages Bug #13166: IPsec Export: Apple Profile generates invalid configuration: fix:
https://gitlab.netgate.com/pfSense/factory-ports/-/merge_requests/56 Viktor Gurov
07:57 AM Bug #9123: Adding/configuring vlan on ixl-devices causes aq_add_macvlan err -53, aq_error 14: → luckman212 wrote in #note-10:
> I was just looking at Open issues marked "very high" and this still comes up -- sh... Jim Pingle
07:56 AM Regression #13150: Captive Portal not applying per user bandwidths: Thinking about this a bit more, it's expected that ... Kristof Provost
07:54 AM Feature #4259 (New): Port forward NAT rules with "any" protocol: Jim Pingle
07:53 AM Feature #13168: Multiple Dashboard views for a single user: A: Please do not set a target version on issues. Feature planning and resource allocation are something we determine ... Jim Pingle
03:29 AM Bug #11764 (Feedback): IPv6 link local gateway default status not indicated in GUI: Daryl Morse wrote in #note-7:
> I was running 2.7.0-dev up to around mid-January, then I shut it down to test the 2.... Viktor Gurov

05/15/2022

04:28 PM Feature #13168 (New): Multiple Dashboard views for a single user: Dear pfSense Dev Team!
Dashboard - by determination are **place where results of analytics in form of charts AND/O... Sergei Shablovsky
03:05 PM Regression #13167: DigitalOcean Dynamic DNS update fails with a "bad request" error: Saved before I added the affected version: 2.6.0-RELEASE (amd64) Chris C
03:03 PM Regression #13167 (Resolved): DigitalOcean Dynamic DNS update fails with a "bad request" error: Dynamic DNS updates using the DigitalOcean plugin are failing, it looks like phpDynDNS isn't expecting a hyphen in th... Chris C
02:43 PM pfSense Packages Bug #13166 (Resolved): IPsec Export: Apple Profile generates invalid configuration: Using 3DES for IPsec P1 and P2, the exported apple profile shows @DES3@ instead of @3DES@. This prevented a MacOS lap... Marcos M
02:33 PM pfSense Packages Bug #12948 (Resolved): IPsec Profile Wizard/Windows: Script generated for IKEv2 VPN using GCM does not use an optimal Phase 2 hash configuration: Now works. Marcos M
11:32 AM Regression #12873 (Feedback): Hyper-V RSC support in ``hn(4)`` driver is enabled by default and results in very low throughput: This patch is now in 2.7 and 22.05-beta snapshots. Steve Wheeler
10:53 AM Bug #9295: IPv6 PD does not work with PPPOE (Server & Client): @Flole have you tested this on any recent builds? There've been a lot of upstream fixes so, would be worth a try. I d... → luckman212
10:49 AM Bug #9123: Adding/configuring vlan on ixl-devices causes aq_add_macvlan err -53, aq_error 14: I was just looking at Open issues marked "very high" and this still comes up -- should it be closed? → luckman212
10:47 AM pfSense Packages Bug #13115: WireGuard panic due to KBI changes in ```udp_tun_func_t()```: @cmcdonald looks like John/Trond worked up a patch and it's been committed, see https://cgit.freebsd.org/ports/commit... → luckman212
01:48 AM Feature #13165 (Pull Request Review): Feat: live update for Services dashboard widget: I noticed that the Services dashboard widget did not live-update as services are modified. If a service dies or is st... → luckman212

05/14/2022

05:32 PM Bug #13158: Input validation error when applying limiter changes: Triggering this error on a couple of queues, then saving while on the pipe page leads to the queues being saved with ... Marcos M
01:01 PM Feature #4259: Port forward NAT rules with "any" protocol: I am still seeing the same error
2.7.0.a.20220513.0600
There were error(s) loading the rules: /tmp/rules.debug... Alhusein Zawi
06:52 AM Todo #13159: Decrease distance between img-buttons in webGUI to eliminate mistake entry: Sergei Shablovsky wrote in #note-3:
> Jim Pingle wrote in #note-1:
> > Do you mean increase? Decreasing distance wo... Sergei Shablovsky
06:40 AM Todo #13159: Decrease distance between img-buttons in webGUI to eliminate mistake entry: Jim Pingle wrote in #note-1:
> Do you mean increase? Decreasing distance would make them closer together and more li... Sergei Shablovsky
06:35 AM Feature #13161: FLASH PORT'S LED button, to help quickly find port that need to be connected to patch&cable: Jim Pingle wrote in #note-1:
> What "two commands" are you referring to?
>
> Flashing NIC LEDs would vary by hard... Sergei Shablovsky
04:08 AM Revision b6669022: fix infoblock placement on firewall_nat_out.php - redmine #13164: → luckman212

05/13/2022

11:11 PM Bug #13164: Info icon on ``firewall_nat_out.php`` is incorrectly placed in manual outbound NAT mode: PR: https://github.com/pfsense/pfsense/pull/4588 → luckman212
10:06 PM Bug #13164 (Resolved): Info icon on ``firewall_nat_out.php`` is incorrectly placed in manual outbound NAT mode: @firewall_nat_out.php@ has a bug where the infoblock (i) is displayed wayyy off to the left of the main table when in... → luckman212
06:21 PM Revision 17c43ebc: Ensure same type comparison. Additional fix #13059: Marcos M
06:06 PM Revision eca0a3ac: mkdir before restoring extra data. Fixes #13157: Viktor Gurov
04:36 PM Bug #12440 (Resolved): Zero-value prefix IPv6 addresses are mishandled: Testes and working as expected on... Christopher Cope
03:13 PM Feature #12616 (Resolved): Option to filter state table contents by rule ID: Tested successfully on... Christopher Cope
01:40 PM Revision f653dfe6: ovpn-dnslinkup: do not set interface routes for DNS servers: If the OpenVPN server provides DNS server information (and 'Pull DNS' is
set) we add these DNS servers to our DNS con... Kristof Provost
01:31 PM Revision 620a9745: check_dnsavailable() improvement. Fixes #13162: Viktor Gurov
01:30 PM Regression #13059 (Feedback): Error when saving changes to a disabled OpenVPN client: Applied in changeset commit:17c43ebc182ebd147f50713b4bce5d6e3c072535. Marcos M
01:20 PM Bug #13157 (Feedback): PHP error restoring DHCP lease data on fresh installation:: Applied in changeset commit:eca0a3acd2e806a4bfb56d23413dafdd782a3280. Viktor Gurov
12:04 PM Bug #13157 (Pull Request Review): PHP error restoring DHCP lease data on fresh installation:: Jim Pingle
11:51 AM Bug #13157: PHP error restoring DHCP lease data on fresh installation:: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/784 Viktor Gurov
01:20 PM Bug #11629 (Feedback): PPPoE WAN IP address different than expected when set static by ISP: Merged Viktor Gurov
01:17 PM Todo #12701 (Feedback): Reorganize CARP status page: Merged Viktor Gurov
12:59 PM Revision b7ca68bc: Print correct pkg name. Fixes #13163: Jim Pingle
12:06 PM pfSense Packages Feature #13160 (Pull Request Review): Option to sort monitoring graph views: Jim Pingle
10:24 AM pfSense Packages Feature #13160: Option to sort monitoring graph views: updated PR: https://github.com/pfsense/FreeBSD-ports/pull/1167
I reworked this so everything is self-contained in ... → luckman212
12:06 AM pfSense Packages Feature #13160 (Pull Request Review): Option to sort monitoring graph views: By default, RRD (Status -> Monitoring) tabs are just displayed in order of creation. This can get a bit messy. This s... → luckman212
09:01 AM pfSense Packages Bug #13153 (Feedback): Static routes bound to WireGuard interfaces are not restored after down / up events: Merged https://github.com/theonemcdonald/pfSense-pkg-WireGuard/pull/152 and synced upstream. Look for v0.1.6_2 of the... Christian McDonald
08:40 AM Regression #13162 (Feedback): Upgrade does not work when using only IPv6 DNS servers: Applied in changeset commit:620a974509585d341120662508f011deca2bd8b5. Viktor Gurov
08:14 AM Regression #13162 (Pull Request Review): Upgrade does not work when using only IPv6 DNS servers: Jim Pingle
05:48 AM Regression #13162: Upgrade does not work when using only IPv6 DNS servers: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/781 Viktor Gurov
04:53 AM Regression #13162 (Resolved): Upgrade does not work when using only IPv6 DNS servers: When only IPv6 DNS servers are used (in general config) GUI update is not functional.
Following message is displayed... Sietse van Zanen
08:30 AM Regression #13163 (Feedback): Incorrect variable in package error message results in "Array" being printed instead of package name: Applied in changeset commit:b7ca68bc5a4bbbd38a305bacb8ea19370082f66a. Jim Pingle
07:53 AM Regression #13163 (Resolved): Incorrect variable in package error message results in "Array" being printed instead of package name: If the package system fails to find a package in the repository it's printing the name incorrectly in the error:
<... Jim Pingle
08:11 AM Todo #13159: Decrease distance between img-buttons in webGUI to eliminate mistake entry: I've gotten used to the pinch and zoom when doing stuff on mobile. Yes the buttons are small, but I agree with Jim - ... → luckman212
07:27 AM Todo #13159: Decrease distance between img-buttons in webGUI to eliminate mistake entry: Do you mean increase? Decreasing distance would make them closer together and more likely to be hit accidentally.
... Jim Pingle
07:31 AM Feature #13161: FLASH PORT'S LED button, to help quickly find port that need to be connected to patch&cable: What "two commands" are you referring to?
Flashing NIC LEDs would vary by hardware/driver/etc. There isn't a gener... Jim Pingle
03:05 AM Feature #13161 (New): FLASH PORT'S LED button, to help quickly find port that need to be connected to patch&cable: Dear pfSense Dev Team!
Seems there are reason to making FLASH PORT'S LED button in sections Interface (and State /... Sergei Shablovsky
04:49 AM Regression #13150 (In Progress): Captive Portal not applying per user bandwidths: Viktor Gurov
04:48 AM Regression #13150: Captive Portal not applying per user bandwidths: Kristof Provost wrote in #note-8:
> No, that won't work on ethernet rules. The 'dnpipe (1, 2)' syntax tell pf to app... Viktor Gurov

05/12/2022

09:15 PM Todo #13159 (New): Decrease distance between img-buttons in webGUI to eliminate mistake entry: Hi, dear pfSense Dev Team!
Please, decrease distance between img-buttons in “Action” column in most webGUI pages t... Sergei Shablovsky
08:30 PM pfSense Packages Bug #13153: Static routes bound to WireGuard interfaces are not restored after down / up events: I also played around with @devd@, adding something like this to @/usr/local/etc/devd/custom.conf@:... → luckman212
08:12 PM pfSense Packages Bug #13153: Static routes bound to WireGuard interfaces are not restored after down / up events: I found what appears to be the cause, and submitted a small PR:
https://github.com/theonemcdonald/pfSense-pkg-Wire... → luckman212
08:24 AM pfSense Packages Bug #13153 (Resolved): Static routes bound to WireGuard interfaces are not restored after down / up events: h5. This was tested on today's 22.05 snap: 22.05.b.20220512.0600 using WG package 0.1.6_1 / kmod-0.0.20211105_1
h... → luckman212
07:47 PM Bug #5413: Reduce disruptions when changing DNS records from DHCP leases in Unbound: Hey Netgate,
What happened to this fix... I see that the 22.05 beta is out and this bug is still set to CE-NEXT an... Dennis Adler
12:10 PM Bug #13158 (Resolved): Input validation error when applying limiter changes: Tested on @22.05.b.20220512.0600@.
# make a change to a limiter queue; save
# click on the queue to reload the pa... Marcos M
12:02 PM Regression #12834: Only TCP traffic is passed outbound through IPFW: I don't see any immediate reason it should not be working, the patch is definitely applied and the pass all not layer... Reid Linnemann
12:00 PM pfSense Docs Todo #12990 (Closed): Feedback on pfSense® software Configuration Recipes — Configuring CoDel Limiters for Bufferbloat: Marcos M
11:55 AM Bug #9024 (Feedback): Ping packet loss under load when using limiters: Marcos M
11:48 AM Bug #9024: Ping packet loss under load when using limiters: This seems to be resolved with 22.05. Testing with iperf3 client behind the firewall, and an iperf3 server a couple o... Marcos M
11:42 AM Bug #13157 (Resolved): PHP error restoring DHCP lease data on fresh installation:: Restoring a configuration with DHCP lease data can lead to a PHP error when restoring during a fresh install:
<pre... Jim Pingle
11:25 AM Regression #12915 (Resolved): ``diag_pftop.php`` does not fully encode output: Working properly on current snapshots. Jim Pingle
11:18 AM pfSense Packages Regression #13156: pfBlockerNG IP block stats do not work: pfBlockerNG page shows:
> When manually creating 'Alias' type firewall rules; Prefix the Firewall rule Description wi... Marcos M
11:16 AM pfSense Packages Regression #13156 (Resolved): pfBlockerNG IP block stats do not work: On 22.01, the filter log rules description includes the rule id in parenthesis. This breaks the IP block tracking for... Marcos M
11:10 AM Bug #12900 (Duplicate): Clicking Save & Force Update on a Dynamic DNS entry results in a GUI timeout: Marcos M
11:10 AM Regression #13155 (Pull Request Review): Rule labels in pftop output are not correct: MR: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/780
After applying the patch to test, check the co... Jim Pingle
11:06 AM Regression #13155 (Resolved): Rule labels in pftop output are not correct: The output from @pftop@ uses the first label from the rule, so it's getting other incorrect labels now such as the ru... Jim Pingle
08:50 AM pfSense Packages Todo #12354 (Feedback): Update haproxy-devel to mitigate CVE-2021-40346: Merged:
https://github.com/pfsense/FreeBSD-ports/commit/8e2872d9734568b53d87285de1c50a21f0560551 Viktor Gurov
08:14 AM pfSense Packages Todo #12354 (Pull Request Review): Update haproxy-devel to mitigate CVE-2021-40346: Jim Pingle
12:58 AM pfSense Packages Todo #12354 (New): Update haproxy-devel to mitigate CVE-2021-40346: revert:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/237 Viktor Gurov
08:46 AM pfSense Packages Bug #13154: pfBlocker causing excessive CPU load: I'm also the OP for that ticket, too. Michael Novotny
08:44 AM pfSense Packages Bug #13154 (Duplicate): pfBlocker causing excessive CPU load: Almost certainly a duplicate of #12827 and not a unique issue. Jim Pingle
08:42 AM pfSense Packages Bug #13154 (Resolved): pfBlocker causing excessive CPU load: After killing that process (/usr/local/bin/php_pfb), my bandwidth & CPU usage was back to normal.
I'm running this o... Michael Novotny
07:11 AM Regression #13150: Captive Portal not applying per user bandwidths: No, that won't work on ethernet rules. The 'dnpipe (1, 2)' syntax tell pf to apply pipe 1 on forward traffic, and pip... Kristof Provost
04:21 AM Regression #13150: Captive Portal not applying per user bandwidths: Looks like dnpipe issue.
Maybe we should use L3-like dnpipe syntax, like:... Viktor Gurov
06:08 AM Bug #13152 (Duplicate): Disconnecting PPPoE generates PHP error: Duplicate of #13134 Viktor Gurov
05:22 AM Bug #13152 (Duplicate): Disconnecting PPPoE generates PHP error: I noticed this issue on the:... Danilo Zrenjanin
05:39 AM Bug #12633: Gateway monitoring should mark gateway as "offline" on PPPoE parent interface disconnect: Danilo Zrenjanin wrote in #note-10:
> Tested the patch:
> [...]
>
> After removing the cable on the PPPoE (WAN) ... Viktor Gurov
04:48 AM Bug #12633: Gateway monitoring should mark gateway as "offline" on PPPoE parent interface disconnect: Tested the patch:... Danilo Zrenjanin
04:24 AM Bug #13148 (Feedback): Traffic passed by Captive Portal cannot use limiter queues on other rules: Merged:
https://github.com/pfsense/FreeBSD-src/commit/faf3efce30185573cfd263d019b2efa2745842af Viktor Gurov

05/11/2022

11:59 PM Revision fa2e511d: pfSense: Fix missing global decl in captiveportal_get_last_activity. Fixes #13147: linnemannr
07:52 PM pfSense Docs Todo #12990: Feedback on pfSense® software Configuration Recipes — Configuring CoDel Limiters for Bufferbloat: #9263 is no longer an issue with 22.05, and potentially neither is #9024. Something that's not clear is that if fq_co... Marcos M
07:10 PM Regression #13147 (Feedback): Captive Portal: Idle timeout does not see activity: Applied in changeset commit:fa2e511df4765c6e15b390214dd0a7b5868960d9. Anonymous
07:07 PM Regression #13147: Captive Portal: Idle timeout does not see activity: Additionally, the function captiveportal_get_last_activity() did not declare $config as a global, so the zone id was ... Reid Linnemann
01:12 PM Regression #13147: Captive Portal: Idle timeout does not see activity: It returns an empty array because the function never actually called pf_ctl_get_eth_rules() to get the rules before i... Reid Linnemann
05:30 AM Regression #13147: Captive Portal: Idle timeout does not see activity: @pfSense_pf_cp_get_eth_last_active("{$anchor}/{$ip}_32")@ returns empty array Viktor Gurov
05:24 AM Regression #13147: Captive Portal: Idle timeout does not see activity: Related to:
https://github.com/pfsense/pfsense/commit/978ea0858dd24d1cbcca02a69a501e0ef37c11da Viktor Gurov
05:47 PM Revision 6578d950: Fix JS for mobile IPsec disconnect. Fixes #13131: Jim Pingle
05:45 PM Bug #12737: CA path is not defined when using ``curl`` in the shell: For reference, the cert store can be specified:
> curl -vso /dev/null --cacert /etc/ssl/certs/a734448e.0 --connect-ti... Marcos M
03:25 PM Revision 0db2b0ff: Captive Portal per user bandwidths fix. Issue #13150: Viktor Gurov
03:23 PM Feature #7727 (Resolved): uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: Lots of positive feedback on the forum here showing it's working as well as can be expected now.
There are still s... Jim Pingle
03:20 PM Regression #13106 (Resolved): ``pfanchordrill`` treating errors as anchor names: This one is fixed. Jim Pingle
03:17 PM Regression #13011 (Resolved): Ruleset can fail to load on snapshot from March 31st: Fixed and working for a while now. Jim Pingle
03:16 PM Bug #11539: Mobile IPsec ``split_include`` value of ``0.0.0.0/0`` causes some clients to fail: Still no meaningful feedback here, can keep waiting until someone who can replicate the original problem can confirm ... Jim Pingle
03:14 PM Feature #8861 (Resolved): Show SFP module details on ``status_interfaces.php``: Looks great now:
!2022-05-11_16-13.png! Jim Pingle
03:10 PM Regression #12816 (Resolved): Namecheap Dynamic DNS responses are not parsed properly: This has been working well since it went in. Jim Pingle
02:52 PM Bug #13148: Traffic passed by Captive Portal cannot use limiter queues on other rules: https://gitlab.netgate.com/pfSense/FreeBSD-src/-/merge_requests/83 should fix the problem.
Kristof Provost
09:28 AM Bug #13148: Traffic passed by Captive Portal cannot use limiter queues on other rules: It looks like you need to have multiple queues defined on the pipe for this to manifest. Kristof Provost
06:58 AM Bug #13148: Traffic passed by Captive Portal cannot use limiter queues on other rules: Do you have anything special configured for captive portal? Bandwidth restrictions or something?
I've tried to rep... Kristof Provost
02:48 PM Feature #12675 (Resolved): Move command line history to a GUI option stored in ``config.xml`` rather than a manual flag file: This is working very well. Option is active after config restore, it's only in the config, no more flag file. All OK. Jim Pingle
12:55 PM Bug #13131 (Feedback): Mobile IPsec clients cannot be manually disconnected from IPsec status screen: Applied in changeset commit:6578d9501401287f72be543b159e2f6b19d5e736. Jim Pingle
12:46 PM Bug #13131: Mobile IPsec clients cannot be manually disconnected from IPsec status screen: I was able to replicate the problem and have a fix. Jim Pingle
12:43 PM Bug #13131 (In Progress): Mobile IPsec clients cannot be manually disconnected from IPsec status screen: Jim Pingle
05:27 AM Bug #13131: Mobile IPsec clients cannot be manually disconnected from IPsec status screen: Tested:... Danilo Zrenjanin
12:50 PM Regression #13150 (Confirmed): Captive Portal not applying per user bandwidths: With that patch the pipes are created correctly:... Steve Wheeler
10:52 AM Regression #13150 (Feedback): Captive Portal not applying per user bandwidths: Merged:
https://github.com/pfsense/pfsense/commit/0db2b0ff8b44d4b99a488ee798041a056a00dd10 Viktor Gurov
10:31 AM Regression #13150 (Pull Request Review): Captive Portal not applying per user bandwidths: Jim Pingle
10:26 AM Regression #13150: Captive Portal not applying per user bandwidths: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/778 Viktor Gurov
08:32 AM Regression #13150 (Resolved): Captive Portal not applying per user bandwidths: Enabling 'Per-user bandwidth restriction' in the captive portal and setting limits does not apply them to the created... Steve Wheeler
12:45 PM Bug #13132 (Resolved): Multiple ``<sshdata>`` or ``<rrddata>`` sections in ``config.xml`` lead to an XML parsing error during restore: I was getting the error only when manually added sshdata tags in the following order:... Danilo Zrenjanin
06:12 AM Bug #13132: Multiple ``<sshdata>`` or ``<rrddata>`` sections in ``config.xml`` lead to an XML parsing error during restore: Tested the patch against:... Danilo Zrenjanin
12:41 PM Feature #9091 (Resolved): Chelsio TOE support using the ``t4_tom`` module: Tested:... Danilo Zrenjanin
12:29 PM Feature #13109 (Resolved): Trim whitespace from MAC addresses in user input: Tested and working successfully on... Christopher Cope
12:27 PM Revision dfd4d0e9: remove colon to stay consistent with the rest of the GUI: → luckman212
12:27 PM Regression #13122 (Resolved): PHP error from Captive Portal status on current development snapshots: Tested:... Danilo Zrenjanin
12:13 PM Regression #13123 (Resolved): PHP error from Captive Portal at boot on current development snapshots: Tested:... Danilo Zrenjanin
12:09 PM Revision 7610a397: Cleanup PPPoE VIPs on interface down to fix IP address order. Issue #11629: Viktor Gurov
11:18 AM pfSense Packages Todo #12354: Update haproxy-devel to mitigate CVE-2021-40346: Want to tell again on version of haproxy that now this actions not needed, please remove them DRago_Angel [InV@DER]
10:14 AM pfSense Packages Todo #12354: Update haproxy-devel to mitigate CVE-2021-40346: This patch seems to conflict with http-request redirect action:... Micha Kersloot
10:30 AM Bug #13151 (Not a Bug): DNS Resolver (unbound) leaking DNS queries: This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
10:02 AM Bug #13151 (Not a Bug): DNS Resolver (unbound) leaking DNS queries: Not sure if this is a bug or a misconfiguration/misunderstanding of unbound on my part?
Platform: pfSense+ 22.01-R... Michael Mercier
08:50 AM pfSense Docs Todo #13143 (Closed): minor correction: WireGuard Remote Access VPN Configuration Example: Pushed a fix, it'll be public when the build finishes in a few minutes. Jim Pingle
06:37 AM pfSense Docs Todo #13143: minor correction: WireGuard Remote Access VPN Configuration Example: screenshot
!clipboard-202205110737-gbfno.png!
→ luckman212
08:06 AM Bug #11629 (Pull Request Review): PPPoE WAN IP address different than expected when set static by ISP: Jim Pingle
07:10 AM Bug #11629: PPPoE WAN IP address different than expected when set static by ISP: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/777 Viktor Gurov
06:40 AM Bug #11629 (Confirmed): PPPoE WAN IP address different than expected when set static by ISP: able to reproduce on pfSense-2.7.0.a.20220511.0600 Viktor Gurov
08:05 AM Todo #13149: Remove unnecessary trailing colon after Outbound NAT "Automatic Rules" section header: related forum post: https://forum.netgate.com/topic/172102/updating-texts-that-are-referenced-by-gettext-translations... → luckman212
08:04 AM Todo #13149 (Pull Request Review): Remove unnecessary trailing colon after Outbound NAT "Automatic Rules" section header: Jim Pingle
07:32 AM Todo #13149 (Resolved): Remove unnecessary trailing colon after Outbound NAT "Automatic Rules" section header: Firewall → NAT → Outbound → Automatic rules table header has a @:@ after it, which is not seen anywhere else in the G... → luckman212

05/10/2022

08:43 PM Regression #13134 (Resolved): PHP error when releasing DHCP lease: Fix works, thanks! Marcos M
02:25 AM Regression #13134 (Feedback): PHP error when releasing DHCP lease: Applied in changeset commit:6292f557bfc5d4131236138a8f48e62da731a71a. Viktor Gurov
08:39 PM Bug #9263: Incorrect ICMP reply when using limiters: → luckman212 wrote in #note-10:
> Is there any way us mere mortals can access these snaps? Or are they still private... Marcos M
01:32 PM Bug #9263: Incorrect ICMP reply when using limiters: Is there any way us mere mortals can access these snaps? Or are they still private only? → luckman212
01:29 PM Bug #9263 (Feedback): Incorrect ICMP reply when using limiters: Tested on @22.05.a.20220510.1205@ with either pass quick or match rules on either LAN or WAN interfaces. This is now ... Marcos M
07:25 PM pfSense Packages Bug #13115 (Feedback): WireGuard panic due to KBI changes in ```udp_tun_func_t()```: Christian McDonald
07:04 PM Bug #13148 (Resolved): Traffic passed by Captive Portal cannot use limiter queues on other rules: Traffic that has been passed by the captive portal on an interface will fail if it passed into a dummynet queue by ot... Steve Wheeler
06:08 PM Revision 6cdd2fda: pfanchordrill Captive Portal anchors support. Fixes #13142: Viktor Gurov
04:33 PM Regression #13147 (Resolved): Captive Portal: Idle timeout does not see activity: The idle timeout value is applied regardless of activity from the connected user. Functions as a hard timeout.
Her... Steve Wheeler
03:50 PM Revision aa11df80: Adapt OpenVPN widget to new output. Fixes #13129: Jim Pingle
03:23 PM Bug #13127 (Pull Request Review): DHCP lease list displays wrong interface name in the "Leases in Use" summary if DHCP settings for a disabled interface remain in the configuration: Jim Pingle
03:22 PM Feature #13125 (Pull Request Review): Option to restore dashboard widget layout: Jim Pingle
03:22 PM Regression #12954 (Resolved): Traffic routed through DUMMYNET by PF fails when IPFW is enabled: Yes, this is solved in 22.05 now that ipfw is no longer used.
You can run Captive Portal and Limiters and pass tra... Steve Wheeler
03:17 PM Regression #12954 (Feedback): Traffic routed through DUMMYNET by PF fails when IPFW is enabled: Is this fixed now that the new code is all in? Jim Pingle
03:19 PM Regression #13026 (Feedback): Limiters do not work: This needs re-tested now that all the new code is in. Jim Pingle
03:19 PM Bug #12960: VGA install defaults to serial as primary console when loading/saving admin GUI settings without making changes: This seems to be working OK despite how it looks. It can wait for the next release. Jim Pingle
02:47 PM Revision 3e49e032: Captive Portal host remove fix. Issue #13146: Viktor Gurov
01:15 PM Regression #13142 (Feedback): PHP shell ``pfanchordrill`` script produces errors on captive portal tables: Applied in changeset commit:6cdd2fda5c28fdca8171e14fdbd4b0eb98177ee1. Viktor Gurov
06:50 AM Regression #13142 (Pull Request Review): PHP shell ``pfanchordrill`` script produces errors on captive portal tables: Steve Wheeler
06:49 AM Regression #13142: PHP shell ``pfanchordrill`` script produces errors on captive portal tables: That patch fixes it for my use case shown above. Steve Wheeler
02:39 AM Regression #13142: PHP shell ``pfanchordrill`` script produces errors on captive portal tables: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/773 Viktor Gurov
11:48 AM Feature #12982: Add support for RFC7499 in RADIUS library.: Hello team,
Any further progress? Sorry keep bugging you guys, but I just need to know, if possible, any rough ET... Frank Lee
11:28 AM Todo #13129: OpenVPN status page improvements: Widget should be OK now, fixed by commit:aa11df80ebd8c8dc07dfaafba364fac32a6631e0 Jim Pingle
11:07 AM Todo #13129: OpenVPN status page improvements: The OpenVPN widget shows P2P tunnels as down even when they are connected and passing traffic.
Tested: 22.05.a.202... Steve Wheeler
08:59 AM Regression #13146: Captive Potal: Hosts remain connected after removing them from the table: That patch looks good. After removing the host the anchor is removed from the ruleset:... Steve Wheeler
08:54 AM Regression #13146 (Pull Request Review): Captive Potal: Hosts remain connected after removing them from the table: Jim Pingle
08:42 AM Regression #13146: Captive Potal: Hosts remain connected after removing them from the table: related to https://github.com/pfsense/pfsense/commit/978ea0858dd24d1cbcca02a69a501e0ef37c11da
fix:
https://gitl... Viktor Gurov
07:05 AM Regression #13146 (Resolved): Captive Potal: Hosts remain connected after removing them from the table: When you remove a connected client using the 'Disconnect this user' button in Status > Captive Portal the user is rem... Steve Wheeler
07:37 AM Bug #13145 (Pull Request Review): Per-user ``route`` files are not removed from ``/tmp`` when they are no longer needed: Jim Pingle
03:04 AM Bug #13145: Per-user ``route`` files are not removed from ``/tmp`` when they are no longer needed: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/774 Viktor Gurov
03:02 AM Bug #13145 (Resolved): Per-user ``route`` files are not removed from ``/tmp`` when they are no longer needed: from #13140:
pfSense+ version 22.01 on Netgate 7100 1u
I have run into an issue where users connecting to OpenV... Viktor Gurov
07:25 AM Bug #13144: Firewall rule entries can get out of sync when entries are deleted while other administrators are editing entries simultaneously: This is a known issue throughout the GUI, it isn't unique to rules. Any items in any area accessed by array index 'id... Jim Pingle
01:27 AM Bug #13144 (New): Firewall rule entries can get out of sync when entries are deleted while other administrators are editing entries simultaneously: tested versions:
2.4.5
2.6.0
Prereqs
Admin A logs in to Firewall
Admin B logs in to same Firewall
Inten... Silvan Ehemann
07:17 AM Revision cf38c37a: ssh-keygen check improvements. Fixes #13139: Viktor Gurov
03:04 AM Bug #13140: Cisco-AVPair - anchor entries incomplete / GUI and command line show different results: Jim Pingle wrote in #note-8:
> Michael Mercier wrote in #note-1:
> > At lease one other thing I have noticed while ... Viktor Gurov
02:25 AM Bug #13139 (Feedback): Stale ``sshdkeys.dirty`` lock file prevents generating SSH server keys: Applied in changeset commit:cf38c37a75153b55520f83efe074e0b6e4810c4b. Viktor Gurov
02:15 AM Bug #12691: Support encrypted ``config.xml`` files when restoring during install: latest fix:
https://github.com/pfsense/FreeBSD-src/commit/072e35cbaebc20469dd6287fb160bb68a8de4189 Viktor Gurov

05/09/2022

09:46 PM pfSense Docs Todo #13143 (Closed): minor correction: WireGuard Remote Access VPN Configuration Example: *Page:* https://docs.netgate.com/pfsense/en/latest/recipes/wireguard-ra.html
*Feedback:*
in the example config fi... → luckman212
08:03 PM Regression #13142: PHP shell ``pfanchordrill`` script produces errors on captive portal tables: Similar to #13106 which should already be fixed in the repo but the behavior is slightly different. This isn't gettin... Jim Pingle
06:15 PM Regression #13142 (Resolved): PHP shell ``pfanchordrill`` script produces errors on captive portal tables: When running the pfanchordrill PHP shell script on a system with captive portal enabled the following errors are show... Steve Wheeler
07:36 PM Bug #11494: Wireguard interface sends ICMP Redirect when routing between two peers: @cmcdonald Just for the record, I'm hitting this exact issue right now on current 22.05 snaps, with WG 0.1.6_1 packag... → luckman212
05:33 PM pfSense Packages Bug #13141 (New): wrong page squidguard block: when i using squid+squidguard, a few versions before I could use redirect mode external url move.
So there i was put... Robson Ferreira
02:32 PM Bug #12691 (Feedback): Support encrypted ``config.xml`` files when restoring during install: Fix merged Jim Pingle
02:09 PM Bug #12691 (In Progress): Support encrypted ``config.xml`` files when restoring during install: This introduced a syntax error. Fix incoming. Jim Pingle
09:22 AM Bug #13140: Cisco-AVPair - anchor entries incomplete / GUI and command line show different results: Michael Mercier wrote in #note-1:
> At lease one other thing I have noticed while trying to debug the issue:
>
> ... Jim Pingle
09:21 AM Bug #13140 (Not a Bug): Cisco-AVPair - anchor entries incomplete / GUI and command line show different results: No worries, there were recent changes in that code so it was entirely possible there was a gremlin lurking there. Gla... Jim Pingle
09:19 AM Bug #13140: Cisco-AVPair - anchor entries incomplete / GUI and command line show different results: Ahh... see output below.
So the end result of all this is that *I* put the wrong IP entries in the Cisco-AVPair res... Michael Mercier
09:03 AM Bug #13140: Cisco-AVPair - anchor entries incomplete / GUI and command line show different results: I suspect it's using a table to simplify those last few and you aren't dumping the contents like it expects:
Try:
... Jim Pingle
08:46 AM Bug #13140: Cisco-AVPair - anchor entries incomplete / GUI and command line show different results: Output below, if there is something additional you need please let me know.... Michael Mercier
08:31 AM Bug #13140: Cisco-AVPair - anchor entries incomplete / GUI and command line show different results: Please show the actual contents of the rules file and the contents of the `pfctl` output for the anchor. You can subs... Jim Pingle
07:57 AM Bug #13140: Cisco-AVPair - anchor entries incomplete / GUI and command line show different results: As I do a little more digging...
Once a user who is not receiving the correct rules has connected, from the command ... Michael Mercier
07:05 AM Bug #13140: Cisco-AVPair - anchor entries incomplete / GUI and command line show different results: At lease one other thing I have noticed while trying to debug the issue:
# The file(s) containing the 'route' opti... Michael Mercier
06:54 AM Bug #13140 (Not a Bug): Cisco-AVPair - anchor entries incomplete / GUI and command line show different results: pfSense+ version 22.01 on Netgate 7100 1u
I have run into an issue where users connecting to OpenVPN using a RADIU... Michael Mercier
08:29 AM Bug #13139 (Pull Request Review): Stale ``sshdkeys.dirty`` lock file prevents generating SSH server keys: Jim Pingle
07:56 AM Regression #13134 (Pull Request Review): PHP error when releasing DHCP lease: Jim Pingle
06:59 AM Regression #13026: Limiters do not work: It's being suggested in #9263 to apply the limiter on the LAN interface as a workaround. I guess that wouldn't work w... → luckman212
05:51 AM Bug #11629: PPPoE WAN IP address different than expected when set static by ISP: Viktor Gurov wrote in #note-13:
> Merged:
> https://github.com/pfsense/pfsense/commit/6c98abd379b9222824ba8465c3825... D D
01:48 AM Bug #9263: Incorrect ICMP reply when using limiters: Marcos Mendoza wrote in #note-7:
> On 22.05, this seems to only happen when applying limiters on the WAN interface r... Tomasz K.

05/08/2022

03:42 PM Revision 6292f557: Add default value to $ipv6type argument of restart_interface_services(). Fixes #13134: Viktor Gurov
03:07 PM Bug #9024: Ping packet loss under load when using limiters: Potential workaround: https://redmine.pfsense.org/issues/9263#note-7 Marcos M
03:05 PM Bug #9263: Incorrect ICMP reply when using limiters: On 22.05, this seems to only happen when applying limiters on the WAN interface rather than the LAN interfaces. For e... Marcos M
05:20 AM Revision ef16abd8: add option to restore dashboard widget layout: → luckman212
04:50 AM Bug #13139: Stale ``sshdkeys.dirty`` lock file prevents generating SSH server keys: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/771 Viktor Gurov
04:46 AM Bug #13139 (Resolved): Stale ``sshdkeys.dirty`` lock file prevents generating SSH server keys: In some rare cases (backup/restore related?) /etc/sshd unable to generate new keys because of dirty subsystem lock fi... Viktor Gurov
03:43 AM Revision 22adbe09: fix for https://redmine.pfsense.org/issues/13127: → luckman212
02:36 AM Feature #4259: Port forward NAT rules with "any" protocol: Alhusein Zawi wrote in #note-15:
> Error:
>
> There were error(s) loading the rules: /tmp/rules.debug:166: syntax... Viktor Gurov
02:08 AM Bug #12610 (Duplicate): Dynamic DNS services are restarted at every rc.newwanip event, regardless of whether the IP is changed or not: Duplicate of #9506 Viktor Gurov
02:08 AM Bug #9506 (Duplicate): Dynamic DNS update notification sent even if IP address didn't change: Duplicate of #9506 Viktor Gurov
01:55 AM Bug #11629 (Feedback): PPPoE WAN IP address different than expected when set static by ISP: Merged:
https://github.com/pfsense/pfsense/commit/6c98abd379b9222824ba8465c38253d6bd6f5253 Viktor Gurov
01:50 AM pfSense Packages Feature #13135: Add dibdot DoH-IP-blocklists feeds: https://github.com/pfsense/FreeBSD-ports/pull/1165 Viktor Gurov
01:18 AM Regression #13134: PHP error when releasing DHCP lease: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/770 Viktor Gurov

05/07/2022

09:52 PM Regression #12827: High latency and packet loss during a filter reload: Hello,
Can we please get an update on this and what needs to be tested before release? Kris Phillips
09:45 PM Regression #12821: Intel e1000 driver (``em``, ``igb``) cannot pass packets tagged with VLAN ``0``: Unfortunately, it seems that with the May 6th build of 22.05 netgraph is still broken for VLAN0 tagged DHCP traffic. ... Kris Phillips
09:24 PM Regression #12821: Intel e1000 driver (``em``, ``igb``) cannot pass packets tagged with VLAN ``0``: Fix to the script here resolves the ngeth interface issue since they are already part of netgraph:
https://github.co... Kris Phillips
02:17 PM Revision 6c98abd3: Cleanup PPPoE VIPs to fix IP address order. Issue #11629: Viktor Gurov
02:15 PM Revision d8a87019: Remove topology keyword from openvpn_cc file. Fixes #13133: Marcos M
01:42 PM Feature #4259: Port forward NAT rules with "any" protocol: Error:
There were error(s) loading the rules: /tmp/rules.debug:166: syntax error - The line in question reads [1... Alhusein Zawi
12:33 PM pfSense Docs New Content #12597: How to reset IPMI settings and password for Netgate appliances: Commit adding IPMI password reset steps to the current reference page which appears in the 1537 and 1541 documentatio... Chris W
09:25 AM Bug #13133 (Feedback): OpenVPN ``client-connect`` file contains ``topology``: Applied in changeset commit:d8a8701961cf58e6232c4f6bff550936d985dc0f. Marcos M
08:38 AM Regression #13126 (Resolved): NAT rules are not saving properly, they are losing the `local-port` value: Tested:... Danilo Zrenjanin
02:52 AM pfSense Packages Feature #13138 (New): DNS over HTTPS/TLS Blocking should be removed from SafeSearch: Currently there is an option for DNS over HTTPS/TLS Blocking located
Firewall --> pfBlockerNG --> DNSBL --> DNSBL ... Jon Brown
02:39 AM pfSense Packages Feature #13137 (New): ckuethe/doh-blocklist.txt add to DoH feeds: This Gist is a list of DoH servers scraped from https://github.com/curl/curl/wiki/DNS-over-HTTPS which is referenced ... Jon Brown
02:27 AM pfSense Packages Feature #13136 (New): Add crypt0rr DNS-over-HTTPS (DOH) provider list feeds: A simple list with public DNS-over-HTTPS (DOH) providers so you can easily block them.
* The list is based on DNS ... Jon Brown
02:18 AM pfSense Packages Feature #13135 (Resolved): Add dibdot DoH-IP-blocklists feeds: This is a large list of DoH servers and the list has been recently updated.
GitHub Repo: https://github.com/dibdo... Jon Brown

05/06/2022

06:04 PM Regression #13026: Limiters do not work: Using floating match rules as originally described, limiters do not yet work for me in either out/in direction. I am ... Marcos M
05:31 PM Revision f2c2a2b4: OpenVPN status improvements. Implements #13129: * Clean up and improve client/p2p state interpretation
* Output OpenVPN instance interface names
* Improve formatting... Jim Pingle
05:23 PM Revision 3f479ecb: Revert "Revert "Remove the leftover pfSense-installer repo if it exists"": This reverts commit ae40f82dc7bdc2cbef8a22ee682ec97e5a69fbd8.
Bring this back in now the build puts the file in /tmp... Brad Davis
05:04 PM Bug #12870: Clicking Save & Force Update on a Dynamic DNS entry results in a GUI timeout: We replicated this on a customer firewall using Cloudflare dyndns.
At boot the client comes up correctly and shows... Steve Wheeler
02:38 PM Revision 795e6194: Use dnctl(8) to control limiter rules. Feature #12579: Viktor Gurov
02:38 PM pfSense Packages Feature #13063 (Pull Request Review): Improve modem support: Jim Pingle
02:59 AM pfSense Packages Feature #13063: Improve modem support: One more update to provide full support for Quectel EC25 and ensure compatibility with more candidate modems by utili... Konstantinos Kondylis
02:36 PM Bug #11629 (Pull Request Review): PPPoE WAN IP address different than expected when set static by ISP: Jim Pingle
06:02 AM Bug #11629: PPPoE WAN IP address different than expected when set static by ISP: Dan Rice wrote in #note-10:
> We still have this issue and as a workaround (to present out Public IP as something els... Viktor Gurov
03:25 AM Bug #11629: PPPoE WAN IP address different than expected when set static by ISP: We still have this issue and as a workaround (to present out Public IP as something else) we setup an Outbound NAT ma... Dan Rice
12:40 PM Todo #13129 (Feedback): OpenVPN status page improvements: Applied in changeset commit:f2c2a2b4131841b0b26d154742ef890708a7946c. Jim Pingle
12:08 PM Regression #13134 (Resolved): PHP error when releasing DHCP lease: Go to @Status / Interfaces@ and click @Release <interface>@
> Fatal error: Uncaught ArgumentCountError: Too few argu... Marcos M
10:51 AM Bug #12579 (Feedback): Utilize ``dnctl(8)`` to apply limiter changes without a filter reload: Merged:
https://github.com/pfsense/pfsense/commit/795e61945b92495507d17d8f2aa4795a26fd3876 Viktor Gurov
06:07 AM Revision 1e4911dc: Remove duplicate SSHDATA tag. Fixes #13132: Viktor Gurov
01:59 AM Bug #13131: Mobile IPsec clients cannot be manually disconnected from IPsec status screen: !clipboard-202205060857-lyees.png!
It is clients (roadwarriors) using IKEv2 with PSKs
I added a snapshot more. ... Lars Pedersen
01:15 AM Bug #13132 (Feedback): Multiple ``<sshdata>`` or ``<rrddata>`` sections in ``config.xml`` lead to an XML parsing error during restore: Applied in changeset commit:1e4911dcb05d66e84dbc21047435b2abb44377ac. Viktor Gurov

05/02/2022

08:44 PM Revision ef267412: more spelling fixes: Kris Anderson
08:42 PM Revision 0a30410b: more accurate error message: Kris Anderson
08:37 PM Revision 39414efc: fix a spelling mistake: Kris Anderson
08:23 PM Revision 635e5b9d: max dhcp lease can be equal to the default lease: Kris Anderson
08:18 PM Bug #13121 (Rejected): Interfaces Groups not restoring after restoring from backup: Interfaces Groups not restored after restoring from backup: Interfaces restored but Interfaces groups - not.
But M... Sergei Shablovsky
08:12 PM Bug #13120 (Rejected): Widgets on Dashboard not restoring after restoring from backup: Widgets on Dashboard (it’s name, position on Dashboard and numbers of columns in Dashboard) not restoring after resto... Sergei Shablovsky
03:47 PM Feature #13118: Relax DHCP maximum lease time input validation: Offstage Roller wrote:
> Forum thread:
> https://forum.netgate.com/topic/171808/the-maximum-lease-time-must-be-at-l... Offstage Roller
03:32 PM Feature #13118 (Resolved): Relax DHCP maximum lease time input validation: Forum thread:
https://forum.netgate.com/topic/171808/the-maximum-lease-time-must-be-at-least-60-seconds-and-higher-t... Offstage Roller
03:44 PM pfSense Packages Bug #13119: Problem with the visibility of the Squid Proxy Server submenu: I have the squid package installed, but Squid Proxy Server does not appear in my Services menu
How can i solve this ... Jorge Fernando Valdes
03:41 PM pfSense Packages Bug #13119 (Not a Bug): Problem with the visibility of the Squid Proxy Server submenu: I have the squid package installed, but Squid Proxy Server does not appear in my Services menu
How can i solve this ... Jorge Fernando Valdes
03:38 PM pfSense Packages Bug #13114: BIND calls rndc in rc_stop when named is not running: https://github.com/pfsense/FreeBSD-ports/pull/1163 Stuart Wyatt
03:38 PM pfSense Packages Bug #13113: BIND widget uses old/bad path to .conf file: https://github.com/pfsense/FreeBSD-ports/pull/1163
Stuart Wyatt
03:34 PM Revision 76569401: Improve OpenVPN "tls-client"/"pull". Fixes #13116: "tls-client" and "client" are redundant, so only use "tls-client" and
"pull". Omit "pull" in cases where it is known ... Jim Pingle
02:07 PM Bug #12796 (Confirmed): 2.5.2 -> 2.6.0 upgrade segfaults if certain packages are installed.: This error is still happening. Just worked with a customer facing this issue while attempting to upgrade. Christopher Cope
12:49 PM Bug #13116: OpenVPN client ``tls-client``/``client`` configuration directive not handled properly: The @route-nopull@ option is harmless in this case. If it is present without @pull@ it does nothing, doesn't even log... Jim Pingle
11:39 AM Bug #13116: OpenVPN client ``tls-client``/``client`` configuration directive not handled properly: Does this need to take into account the `route-no-pull` option? Marcos M
10:45 AM Bug #13116 (Feedback): OpenVPN client ``tls-client``/``client`` configuration directive not handled properly: Applied in changeset commit:7656940124d108194df34ec0793ac1263aaabf23. Jim Pingle
10:04 AM Bug #13116 (Resolved): OpenVPN client ``tls-client``/``client`` configuration directive not handled properly: There are a few problems with how we currently build a client configuration using the @tls-client@ and @client@ direc... Jim Pingle
12:47 PM Regression #13117: pfBlockerNG DNSBL unbound python mode prevents deletion of OpenVPN server and client configurations: It seems the issue described initially is a symptom of a race condition with writing the configuration. Still investi... Marcos M
11:50 AM Regression #13117 (Resolved): pfBlockerNG DNSBL unbound python mode prevents deletion of OpenVPN server and client configurations: Issue exists on @22.05.a.20220429.1807@.
Issue not present on @22.05.a.20220426.1313@.
If DNS Resolver has @Enabl... Marcos M
12:09 PM Regression #12821: Intel e1000 driver (``em``, ``igb``) cannot pass packets tagged with VLAN ``0``: Kris Phillips wrote in #note-11:
> Hayden Hill wrote in #note-10:
> > Kris Phillips wrote in #note-9:
> > > Comman... Hayden Hill
09:45 AM pfSense Packages Bug #13115 (Resolved): WireGuard panic due to KBI changes in ```udp_tun_func_t()```: Reference: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263297
We will need to cherry pick whatever solution ... Christian McDonald
08:31 AM Feature #12982: Add support for RFC7499 in RADIUS library.: I've looked at the RADIUS code we have but didn't see anything that would suggest any kind of limit. I also briefly l... Jim Pingle
08:00 AM Regression #13111 (Duplicate): when saving NAT rule using a port alias, strstr() expects at least 2 parameters, 1 given in /usr/local/pfSense/include/www/firewall_nat.inc error: This is already covered on #4259 (see the comments later in the issue) Jim Pingle
07:59 AM Feature #9393 (New): Improved support for USB interfaces that may not always be present: Jordan Greene wrote in #note-8:
> Tested on 22.05.a.20220429.1807 by adding USB NIC, enabling it and setting a stati... Jim Pingle
07:57 AM Bug #13110: changing CARP VIP address does not update outbound NAT interface IP: This isn't necessarily going to be desirable or helpful. The two are not necessarily related even if they share the a... Jim Pingle

05/01/2022

09:48 PM pfSense Packages Bug #13114 (Resolved): BIND calls rndc in rc_stop when named is not running: rc_stop does not check for named running before calling rndc. rndc will timeout/fail if named is not running. Stuart Wyatt
09:47 PM pfSense Packages Bug #13113 (Resolved): BIND widget uses old/bad path to .conf file: The BIND widget uses the old/bad path to the .conf file.
/cf/ should be /var/etc/
Stuart Wyatt
07:32 PM Regression #13026: Limiters do not work: Tested on @22.05.a.20220429.1807@ with patch from #12579 applied. Same issue/results. Marcos M
06:47 PM Regression #13112 (Pull Request Review): PHP warning from ``unlink()`` function calls when files do not exist: Marcos M
06:47 PM Regression #13112: PHP warning from ``unlink()`` function calls when files do not exist: Relevant commit: https://gitlab.netgate.com/pfSense/pfSense/-/commit/583062bfd019ce6b41062456adb594d5a37f6ec3
I ha... Marcos M
06:37 PM Regression #13112 (Resolved): PHP warning from ``unlink()`` function calls when files do not exist: On 22.05 after reboot, the following php crash report appeared:... Marcos M
03:36 PM pfSense Packages Bug #11575 (Resolved): OpenVPN clients cannot pass traffic when reconnecting using the same source port: Viktor Gurov
01:19 AM pfSense Packages Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port: Checked on 22.01 release and openvpn-client-export 1.6_4 version. The nobind is presented in exported config by default. aleksei prokofiev
12:25 PM Feature #12982: Add support for RFC7499 in RADIUS library.: Yes, you are correct, 10.1.10.50 is pfSense and 10.1.10.207 is MySQL which provide the table for the FreeRadius on pf... Frank Lee
11:31 AM Feature #12982: Add support for RFC7499 in RADIUS library.: Note: removed potentially sensitive info from comment.
Thanks for the test. I presume 10.1.10.50 is pfSense and 10... Marcos M
10:18 AM Regression #12821: Intel e1000 driver (``em``, ``igb``) cannot pass packets tagged with VLAN ``0``: Hayden Hill wrote in #note-10:
> Kris Phillips wrote in #note-9:
> > Command I was trying to run manually after I n... Kris Phillips
01:48 AM Regression #12821: Intel e1000 driver (``em``, ``igb``) cannot pass packets tagged with VLAN ``0``: Kris Phillips wrote in #note-9:
> Command I was trying to run manually after I noticed it failing:
>
> /usr/loca... Hayden Hill

04/30/2022

10:55 PM Regression #13111: when saving NAT rule using a port alias, strstr() expects at least 2 parameters, 1 given in /usr/local/pfSense/include/www/firewall_nat.inc error: actually it looks like @vktg already fixed this in this commit: https://github.com/pfsense/pfsense/commit/1aa4beab67d... → luckman212
10:46 PM Regression #13111: when saving NAT rule using a port alias, strstr() expects at least 2 parameters, 1 given in /usr/local/pfSense/include/www/firewall_nat.inc error: ... → luckman212
09:38 PM Regression #13111 (Duplicate): when saving NAT rule using a port alias, strstr() expects at least 2 parameters, 1 given in /usr/local/pfSense/include/www/firewall_nat.inc error: sorry for the terse bugreport, but I am onsite at a client at 10:30pm and desperately trying to get this HA pair of N... → luckman212
09:05 PM Regression #12827: High latency and packet loss during a filter reload: Mateusz Guzik wrote in #note-21:
> Huh, apologies for lack of updates.
>
> The issue is largely fixed for over 3 ... Kris Phillips
09:00 PM pfSense Plus Bug #12974: Typing anything into 1100/2100 recovery installer causes process to stop: Ryan Coleman wrote in #note-4:
> Kris Phillips wrote in #note-3:
> > Ryan Coleman wrote in #note-2:
> > > Kris P... Kris Phillips
08:44 PM Regression #12821: Intel e1000 driver (``em``, ``igb``) cannot pass packets tagged with VLAN ``0``: Command I was trying to run manually after I noticed it failing:
/usr/local/bin/php -r "pfSense_ngctl_attach('.',... Kris Phillips
08:42 PM Regression #12821: Intel e1000 driver (``em``, ``igb``) cannot pass packets tagged with VLAN ``0``: Tested pfatt on 22.05 April 29th build and getting the following crash report:
Fatal error: Uncaught Error: Call t... Kris Phillips
05:57 PM Feature #9393: Improved support for USB interfaces that may not always be present: Tested on 22.05.a.20220429.1807 by adding USB NIC, enabling it and setting a static IP. Rebooted system and removed U... Jordan G
05:26 PM Feature #12931 (Resolved): Retain knowledge of previous dynamic gateway IP address when interface is down: /tmp/em2_router.last was created after disabling the interface (proxmox) and it contains previous dynamic gateway I... Alhusein Zawi
04:50 PM Bug #11226 (Resolved): IPsec VTI phase 2 traffic selectors default to address when defined as a network: Alhusein Zawi
01:19 PM Bug #13110 (New): changing CARP VIP address does not update outbound NAT interface IP: In my testing, on a 2 node HA cluster running 22.05.a.20220426.1313, if you change the Virtual IP, it is properly syn... → luckman212
12:51 PM Bug #12727 (Resolved): Renaming an alias does not update the alias names in static routes and OpenVPN instances: working as expected
2.7.0.a.20220426.0600
Alhusein Zawi

04/29/2022

06:20 PM Bug #13092: PPPoE WANs fail to reconnect after parameter negotiation failure: The subject is incorrect.
As stated in the TAC, after further analyzing additional cases it became clear that the du... David G
03:09 PM Bug #13092: PPPoE WANs fail to reconnect after parameter negotiation failure: Updating subject for release notes. Jim Pingle
07:45 AM Bug #13092 (Feedback): PPPoE WANs fail to reconnect after parameter negotiation failure: Applied in changeset commit:75363ea828a165b14de9c8e750a92378ecb4acbf. Viktor Gurov
07:27 AM Bug #13092 (Pull Request Review): PPPoE WANs fail to reconnect after parameter negotiation failure: Jim Pingle
01:38 AM Bug #13092: PPPoE WANs fail to reconnect after parameter negotiation failure: David G wrote in #note-6:
> The reported issue is known. The workaround is to add the following config.
>
> set b... Viktor Gurov
05:56 PM Revision 978ea085: pfSense: Utilize pf captiveportal funcs from php-pfSense - Feature #12945: linnemannr
03:49 PM Bug #6253 (Resolved): Firewall log widget action icon features stop working when new log entries are added dynamically: Tested and working as expected on... Christopher Cope
03:07 PM Bug #13083: Slack notification options only allow ``-`` as a special character in channel names: Updating subject for release notes. Jim Pingle
03:05 PM Bug #13099: Static routes to destinations at L2TP clients are not re-added after a client reconnects: Updating subject for release notes. Jim Pingle
03:03 PM Bug #12606: ``devd`` is not configured to act on USB interface attach/detach events: Updating subject for release notes. Jim Pingle
03:02 PM Feature #9393: Improved support for USB interfaces that may not always be present: Updating subject for release notes. Jim Pingle
03:00 PM Bug #12645: ``filterdns`` does not monitor remote IPsec gateways for IPv6 address changes: Updating subject for release notes. Jim Pingle
02:58 PM Bug #13097: PHP error when upgrading from before configuration revision 21.6, ``ipsec_create_vtimap()`` is undefined: Updating subject for release notes. Jim Pingle
02:34 PM Feature #12982: Add support for RFC7499 in RADIUS library.: Hello,
the support tech told me you guys wanted a packet capture. I assume that you need packet capture between the... Frank Lee
11:44 AM Bug #13102 (Resolved): Deleting an IPSec tunnel doesn't destroy the SA (SADs/SPDs), causes crash in status_ipsec.php: Viktor Gurov
08:33 AM Bug #13102: Deleting an IPSec tunnel doesn't destroy the SA (SADs/SPDs), causes crash in status_ipsec.php: tested on
22.05-DEVELOPMENT (amd64)
built on Fri Apr 22 06:22:18 UTC 2022
FreeBSD 12.3-STABLE
bug reproduced, pictu... Georgiy Tyutyunnik
06:36 AM Revision 75363ea8: Use mpd embedded bandwidth control to reconnect. Fixes #13092: Viktor Gurov
12:06 AM Regression #12834: Only TCP traffic is passed outbound through IPFW: Sorry Sir I duplicate the "Ipfw table all list" of after enabling the Captive Portal and the before enabling captive ... Aspiring Network Admin

04/28/2022

10:54 PM Bug #13092: PPPoE WANs fail to reconnect after parameter negotiation failure: The reported issue is known. The workaround is to add the following config.
set bundle period 6
set bundle lowat 0
s... David G
07:28 PM Bug #13092 (New): PPPoE WANs fail to reconnect after parameter negotiation failure: 'noretry' is no longer a valid bundle option in mpd5.... Steve Wheeler
07:58 PM Regression #12834: Only TCP traffic is passed outbound through IPFW: Hi Sir Reid thank you for the reply. This is my ipfw list and ipfw table all list before and after enabling and loggi... Aspiring Network Admin
03:24 PM Regression #12834: Only TCP traffic is passed outbound through IPFW: Aspiring Network Admin wrote in #note-13:
> Hi Sir may I ask if you already fixed this problem that you have on your... Reid Linnemann
05:59 PM Revision 94151cf2: store dnsmasq custom_options as base64: → luckman212
05:50 PM Revision 8dffcfd3: trim mac address when submitting: eases copy & paste which sometimes grabs a little extra whitespace
on either end -- previously caused input validatio... → luckman212
02:22 PM Feature #13109 (Pull Request Review): Trim whitespace from MAC addresses in user input: Jim Pingle
12:56 PM Feature #13109: Trim whitespace from MAC addresses in user input: PR: https://github.com/pfsense/pfsense/pull/4580 → luckman212
12:55 PM Feature #13109 (Resolved): Trim whitespace from MAC addresses in user input: Small patch to trim MAC address input on POST.
This eases copy & paste which sometimes grabs a little extra whites... → luckman212
01:53 PM Bug #1819: DNS Resolver Not Registering DHCP Server Specified Domain Name: Ondrej Sala wrote in #note-39:
> bump
> 11 years later and still no fix?
Allistah F wrote in #note-40:
> I just ran ... xander bron
01:17 PM Revision d90552c5: Destroy deleted/disabled IPsec SA. Fixes #13102: Viktor Gurov
12:44 PM Bug #13105 (Pull Request Review): DNS Forwarder custom options may fail after save/restore when options are only separated by newline: Jim Pingle
10:50 AM Bug #13105: DNS Forwarder custom options may fail after save/restore when options are only separated by newline: @jimp I submitted a PR: https://github.com/pfsense/pfsense/pull/4579 → luckman212
08:37 AM Feature #4259 (Feedback): Port forward NAT rules with "any" protocol: Merged:
https://github.com/pfsense/pfsense/commit/1aa4beab67da79d69df094771a4317279318227d Viktor Gurov
07:19 AM Feature #4259 (Pull Request Review): Port forward NAT rules with "any" protocol: Jim Pingle
02:57 AM Feature #4259: Port forward NAT rules with "any" protocol: Jim Pingle wrote in #note-11:
> This is causing a PHP error:
>
> [...]
fix:
https://gitlab.netgate.com/pfSens... Viktor Gurov
08:30 AM Bug #13102 (Feedback): Deleting an IPSec tunnel doesn't destroy the SA (SADs/SPDs), causes crash in status_ipsec.php: Applied in changeset commit:d90552c59e51fb13c712b6a96a51ca2462424156. Viktor Gurov
08:29 AM pfSense Packages Bug #13104 (Feedback): BIND: Unable to fetch namd root file: Merged:
https://github.com/pfsense/FreeBSD-ports/commit/3bc9ac8e64ba744212eda05ba190e544ef6d2d40 Viktor Gurov
07:13 AM pfSense Packages Bug #13104 (Pull Request Review): BIND: Unable to fetch namd root file: Jim Pingle
07:08 AM pfSense Packages Bug #13104: BIND: Unable to fetch namd root file: This corrects it in my test box. named starts at boot without error with that patch applied.
Steve Wheeler
03:37 AM pfSense Packages Bug #13104: BIND: Unable to fetch namd root file: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/224 Viktor Gurov
07:56 AM Revision 1aa4beab: Port Forward input validation fix. Issue #4259: Viktor Gurov
02:43 AM Bug #12649 (Feedback): Allowed IP/Hostname "Direction" option is never used: Implemented in #13100 Viktor Gurov

04/27/2022

09:34 PM Revision ad2a86ea: Captive Portal remove unused ipfw code. Todo #13100: Viktor Gurov
09:09 PM Revision 7c2468c5: Captive Portal ipfw->pf transition. Todo #13100: Viktor Gurov
08:50 PM Bug #13076: Marking a gateway as down does not affect IPsec entries using gateway groups: Tested on @22.05.a.20220426.1313@.
On a VTI P2 with keepalive checked and the P1 using a gateway group, I marked t... Marcos M
05:26 PM Revision a32a9530: add warning for menu option 14 when it might kill your connection: → luckman212
04:35 PM Todo #13100: Transition Captive Portal from IPFW to PF: remove unused ipfw code:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/751 Viktor Gurov
07:51 AM Todo #13100: Transition Captive Portal from IPFW to PF: see also:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/220 Viktor Gurov
03:57 PM pfSense Packages Bug #12933 (Resolved): Vulnerability in ClamAV Engine Used by Squid: pfSense 22.05 and pfSense-pkg-squid-0.4.45_8 uses clamav @0.104.2,1@ which is not affected. Marcos M
03:18 PM pfSense Docs Todo #13108: ZFS filesystem implications: This isn't a recent change in ZFS, as the /cf/conf dataset has been configured with the @exec@ property set to @off@ ... Jim Pingle
01:05 PM pfSense Docs Todo #13108 (Rejected): ZFS filesystem implications: One of the recent file system changes to the default ZFS install was to mount some things as 'noexec'.
This includes... Steve Wheeler
03:10 PM Revision 37e06c12: Fix error handling in pfanchordrill. Fixes #13106: Jim Pingle
02:51 PM Bug #13102 (Pull Request Review): Deleting an IPSec tunnel doesn't destroy the SA (SADs/SPDs), causes crash in status_ipsec.php: Jim Pingle
02:36 PM Bug #13102: Deleting an IPSec tunnel doesn't destroy the SA (SADs/SPDs), causes crash in status_ipsec.php: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/750 Viktor Gurov
06:47 AM Bug #13102 (Confirmed): Deleting an IPSec tunnel doesn't destroy the SA (SADs/SPDs), causes crash in status_ipsec.php: Viktor Gurov
02:26 PM pfSense Docs Correction #13107 (Resolved): Blacklists need to be revisited: Removed links to MESD and Shalla, both seem to be dead. Shalla shut down, the MESD link times out and never loads. I ... Jim Pingle
12:14 PM pfSense Docs Correction #13107 (Resolved): Blacklists need to be revisited: https://docs.netgate.com/pfsense/en/latest/packages/cache-proxy/squidguard.html#blacklist
Shallalist is dead, for ... Chris Linstruth
12:37 PM Revision 085ff94b: USB NIC handling improvements. Fixes #12606 #9393: Viktor Gurov
11:41 AM Bug #13105: DNS Forwarder custom options may fail after save/restore when options are only separated by newline: → luckman212 wrote in #note-8:
> Oh great idea! Only downside is losing the ability to see the data when directly vi... Jim Pingle
11:37 AM Bug #13105: DNS Forwarder custom options may fail after save/restore when options are only separated by newline: Oh great idea! Only downside is losing the ability to see the data when directly viewing the XML, but that's a very m... → luckman212
10:37 AM Bug #13105: DNS Forwarder custom options may fail after save/restore when options are only separated by newline: A reboot or restore couldn't "corrupt" this. A reboot doesn't alter the configuration. It could only change on save.
... Jim Pingle
10:31 AM Bug #13105: DNS Forwarder custom options may fail after save/restore when options are only separated by newline: @jimp As far as I can tell from looking at the code (and my experience as well) it only validates on SAVE, but not wh... → luckman212
09:35 AM Bug #13105: DNS Forwarder custom options may fail after save/restore when options are only separated by newline: → luckman212 wrote in #note-4:
> 2 other possible workarounds:
> - have each custom option in its own row, with an ... Jim Pingle
08:20 AM Bug #13105: DNS Forwarder custom options may fail after save/restore when options are only separated by newline: 2 other possible workarounds:
- have each custom option in its own row, with an "add row" button UI similar to def... → luckman212
07:39 AM Bug #13105: DNS Forwarder custom options may fail after save/restore when options are only separated by newline: The inconsistent handling of newlines in text boxes in browsers is one of the reasons the OpenVPN advanced options in... Jim Pingle
10:47 AM Feature #4259 (New): Port forward NAT rules with "any" protocol: This is causing a PHP error:... Jim Pingle
10:20 AM Regression #13106 (Feedback): ``pfanchordrill`` treating errors as anchor names: Applied in changeset commit:37e06c12873a4d5439dda3349e124d55b19cd3d0. Jim Pingle
10:09 AM Regression #13106 (Resolved): ``pfanchordrill`` treating errors as anchor names: The @pfanchordrill@ PHP playback script parses the output of the pf anchor list and uses it to recurse to find nested... Jim Pingle
08:35 AM pfSense Packages Bug #13098 (Feedback): HAProxy Virtual IP broken link under Frontend setup: PR has been merged.
Thank You!
https://github.com/pfsense/FreeBSD-ports/pull/1160/commits/d32312de35cecd94a77295... Viktor Gurov
07:33 AM pfSense Packages Bug #13098: HAProxy Virtual IP broken link under Frontend setup: Pull Request: https://github.com/pfsense/FreeBSD-ports/pull/1160 Chris Gunther
07:50 AM Feature #9393: Improved support for USB interfaces that may not always be present: Applied in changeset commit:085ff94b11a8f0f9eea7aaf0d1d2ff8347710d9c. Viktor Gurov
07:49 AM Feature #9393 (Feedback): Improved support for USB interfaces that may not always be present: Merged:
https://github.com/pfsense/pfsense/commit/085ff94b11a8f0f9eea7aaf0d1d2ff8347710d9c Viktor Gurov
07:50 AM Bug #12606: ``devd`` is not configured to act on USB interface attach/detach events: Applied in changeset commit:085ff94b11a8f0f9eea7aaf0d1d2ff8347710d9c. Viktor Gurov
07:49 AM Bug #12606 (Feedback): ``devd`` is not configured to act on USB interface attach/detach events: Merged:
https://github.com/pfsense/pfsense/commit/085ff94b11a8f0f9eea7aaf0d1d2ff8347710d9c Viktor Gurov
07:40 AM Bug #12645 (Feedback): ``filterdns`` does not monitor remote IPsec gateways for IPv6 address changes: Merged:
https://github.com/pfsense/pfsense/commit/95d74811193b4be8eb515b5dd13e963971f8de57 Viktor Gurov
06:32 AM Todo #12601 (Closed): Optimize fw rules load on boot: We need to run "pf" before DNS Resolver and other services so that they can work properly.
see 6103#note-2 for examp... Viktor Gurov
04:46 AM pfSense Packages Feature #12963: Run nmap scans in the background: Tested the package against:... Danilo Zrenjanin
04:20 AM Feature #13103: Warn the user if they attempt to disable SSH from the menu while connected through SSH: I tested the commit. It is pretty helpful and works as expected. Danilo Zrenjanin
04:07 AM pfSense Packages Bug #12891 (Resolved): Trailing space in Acme Account Keys "name" breaks UI functions: I tested against the 0.7.1_1 Acme version. It works as expected. I could edit, remove, and copy the account key with ... Danilo Zrenjanin
03:07 AM Bug #13086 (Resolved): Traffic shaper wizard rewrites Mbits to Kbits: Tested against the version below:... Danilo Zrenjanin
01:23 AM Bug #13083 (Resolved): Slack notification options only allow ``-`` as a special character in channel names: Tested against the version below:... Danilo Zrenjanin
01:14 AM Feature #2456 (Resolved): Option to choose default tab in IPsec status Dashboard widget: Tested against the version below:... Danilo Zrenjanin

04/26/2022

09:38 PM Feature #12687: Option to disable auto-addition of static routes for ``dpinger``: The OP's original concern also pops up when using a single physical WAN with multiple PPPoE sessions. Some ISPs allo... Kristopher Kolpin
09:04 PM Regression #12834: Only TCP traffic is passed outbound through IPFW: Hi Sir may I ask if you already fixed this problem that you have on your Captive Portal? We have the same problem and... Aspiring Network Admin
07:16 PM Bug #13105: DNS Forwarder custom options may fail after save/restore when options are only separated by newline: (I recently experienced this on 22.05 snaps, btw) → luckman212
07:14 PM Bug #13105 (Resolved): DNS Forwarder custom options may fail after save/restore when options are only separated by newline: Sometimes when saving DNS Forwarder (dnsmasq) config, the custom options data gets mangled (a newline is lost, so 2 c... → luckman212
06:52 PM pfSense Packages Bug #13104 (Resolved): BIND: Unable to fetch namd root file: Throws php error:... Steve Wheeler
06:41 PM Feature #13103: Warn the user if they attempt to disable SSH from the menu while connected through SSH: PR: https://github.com/pfsense/pfsense/pull/4578 → luckman212
06:40 PM Feature #13103 (Resolved): Warn the user if they attempt to disable SSH from the menu while connected through SSH: Believe it or not, I fat fingered "13" the other day and typed "14" instead when connected via SSH ... and hit "y" wh... → luckman212
04:27 PM Bug #13102 (New): Deleting an IPSec tunnel doesn't destroy the SA (SADs/SPDs), causes crash in status_ipsec.php: * Running 22.05.a.20220426.1313 on a Netgate 6100
* Not sure if this is a regression in 22.05 or an old bug.
Toda... → luckman212
04:19 PM Revision 1c04a6d4: Reload static routes on L2TP VPN client connect. Fixes #13099: Viktor Gurov
03:21 PM Revision 9dc881fd: Update config 215 to 216 fix. Issue #13097: Christopher Cope
03:08 PM Todo #13100: Transition Captive Portal from IPFW to PF: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/748 Viktor Gurov
12:33 PM Todo #13100 (Resolved): Transition Captive Portal from IPFW to PF: Implement Captive Portal ipfw->pf transition.
related issues: #12599 #12733 #12579 Viktor Gurov
12:53 PM Bug #13101 (Not a Bug): OpenVPN certificate validation fails: I can't reproduce this. TLS certs work fine as-is without any special changes.
This site is not for support or dia... Jim Pingle
12:47 PM Bug #13101 (Not a Bug): OpenVPN certificate validation fails: OpenVPN fails the validation on a certificate issued by pfSense as CA.
This is the error returned by OpenVPN on Verb... Massimo Vannucci
11:30 AM Bug #13099 (Feedback): Static routes to destinations at L2TP clients are not re-added after a client reconnects: Applied in changeset commit:1c04a6d44e03e2cc175b7af509f8f55eee55be82. Viktor Gurov
10:04 AM Bug #13099 (Pull Request Review): Static routes to destinations at L2TP clients are not re-added after a client reconnects: Jim Pingle
09:42 AM Bug #13099: Static routes to destinations at L2TP clients are not re-added after a client reconnects: original forum topic: https://forum.netgate.com/topic/171700/l2tp-%D1%82%D1%83%D0%BD%D0%BD%D0%B5%D0%BB%D1%8C-%D0%BD%D... Viktor Gurov
08:41 AM Bug #13099: Static routes to destinations at L2TP clients are not re-added after a client reconnects: similar to #10407, but server-side Viktor Gurov
08:40 AM Bug #13099 (Resolved): Static routes to destinations at L2TP clients are not re-added after a client reconnects: How to recreate:
* Create L2TP VPN
* Create a static route to the subnet behind L2TP VPN client
* Disconnect L2TP ... Viktor Gurov
10:22 AM Bug #13097 (Feedback): PHP error when upgrading from before configuration revision 21.6, ``ipsec_create_vtimap()`` is undefined: Fix merged.
New patch attached. Christopher Cope
10:20 AM Revision ddf61d2b: LDAP authentication extended query fix. Issue #13093: Viktor Gurov
08:50 AM pfSense Packages Bug #11693 (Feedback): IPv6 static routing fails: Merged:
https://github.com/pfsense/FreeBSD-ports/commit/095720f390905d462ce94dbb59af405da779acb1 Viktor Gurov
07:26 AM pfSense Packages Bug #11693 (Pull Request Review): IPv6 static routing fails: Jim Pingle
05:49 AM pfSense Packages Bug #11693: IPv6 static routing fails: correct syntax is @ipv6 route fc00:aaaa:bbbb::/64 fe80::290:bff:fe7c:5bb vtnet1@, not @ipv6 route fc00:aaaa:bbbb::/64... Viktor Gurov
07:07 AM Bug #13093: LDAP authentication fails with extended query and RFC2307 group lookups enabled: . Chris Linstruth
07:06 AM Bug #13093: LDAP authentication fails with extended query and RFC2307 group lookups enabled: ... Chris Linstruth
05:25 AM Bug #13093: LDAP authentication fails with extended query and RFC2307 group lookups enabled: I found an issue where the Extended query is always used, regardless of the "Enable extended query" checkbox:
https:... Viktor Gurov

04/25/2022

05:40 PM pfSense Packages Bug #13098 (Resolved): HAProxy Virtual IP broken link under Frontend setup: This was fixed in the haproxy-devel, but not the standard haproxy package under: https://redmine.pfsense.org/issues/1... Chris Gunther
04:23 PM Bug #13097: PHP error when upgrading from before configuration revision 21.6, ``ipsec_create_vtimap()`` is undefined: Attached a patch file with the changes from the merge request for testing. Christopher Cope
04:10 PM Bug #13097 (Pull Request Review): PHP error when upgrading from before configuration revision 21.6, ``ipsec_create_vtimap()`` is undefined: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/745/ Christopher Cope
01:07 PM Bug #13097: PHP error when upgrading from before configuration revision 21.6, ``ipsec_create_vtimap()`` is undefined: I thought we had a workaround in place for that but I'm not seeing it now.
The function in question could be copie... Jim Pingle
10:27 AM Bug #13097 (Resolved): PHP error when upgrading from before configuration revision 21.6, ``ipsec_create_vtimap()`` is undefined: In function upgrade_215_to_216() in /etc/inc/upgrade_config.inc:6411 there is a call to ipsec_create_vtimap()
This... Christopher Cope
03:10 PM Bug #1819: DNS Resolver Not Registering DHCP Server Specified Domain Name: Jim Pingle wrote in #note-35:
> Fixing this issue is nowhere near as simple as that patch implies. The DHCP server c... Allistah F
03:02 PM Bug #1819: DNS Resolver Not Registering DHCP Server Specified Domain Name: I just ran into this bug and couldn't figure out why this was happening. It's really unfortunate that this is still ... Allistah F
02:20 PM Revision 77fa7b29: Add no noretry to PPPoE mpd configuration. Fixes #13092: Viktor Gurov
02:19 PM Revision 80d6b1ba: Traffic Shaper Wizard bandwidth scale fix. Issue #13086: Viktor Gurov
01:25 PM Revision 7ef24f72: Fix typo. Issue #13076: Viktor Gurov
12:49 PM Bug #4500: UPnP/NAT-PMP status page does not display all port mappings: It's still possible to have multiple problems here. Though it may take some manual fiddling with upnpc and/or gupnp t... Jim Pingle
12:22 PM pfSense Packages Bug #13095 (Feedback): Snort VRT change in Shared Object Rules path name results in failure to extract and update Snort Shared Object Rules when enabled: PR merged, thanks! Jim Pingle
11:40 AM pfSense Packages Bug #13095: Snort VRT change in Shared Object Rules path name results in failure to extract and update Snort Shared Object Rules when enabled: Pull Requests https://github.com/pfsense/FreeBSD-ports/pull/1161 and https://github.com/pfsense/FreeBSD-ports/pull/11... Bill Meeks
09:43 AM pfSense Packages Bug #13095 (Feedback): Snort VRT change in Shared Object Rules path name results in failure to extract and update Snort Shared Object Rules when enabled: Apparently the Snort Vulnerability Research Team recently altered part of the path name inside the Snort Rules Update... Bill Meeks
12:22 PM pfSense Packages Feature #13096 (Feedback): Improve robustness of Snort Rules Update Log size limitation logic: PR merged, thanks! Jim Pingle
11:42 AM pfSense Packages Feature #13096: Improve robustness of Snort Rules Update Log size limitation logic: This feature has been implemented via changes included in Pull Requests https://github.com/pfsense/FreeBSD-ports/pull... Bill Meeks
09:47 AM pfSense Packages Feature #13096 (Feedback): Improve robustness of Snort Rules Update Log size limitation logic: Change the code for truncating the Snort Rules Update Log file when it exceeds the maximum configured size to be more... Bill Meeks
11:50 AM Bug #12691 (Feedback): Support encrypted ``config.xml`` files when restoring during install: Merged:
https://github.com/pfsense/FreeBSD-src/commit/0e4c152b7e44f36e5fbe59ef6a7611f8d50b9e51 Viktor Gurov
08:50 AM Bug #12691 (Pull Request Review): Support encrypted ``config.xml`` files when restoring during install: Jim Pingle
03:00 AM Bug #12691 (New): Support encrypted ``config.xml`` files when restoring during install: Jordan Greene wrote in #note-7:
> was able to successfully load password protected config.xml from flash drive by re... Viktor Gurov
11:45 AM Bug #13076 (Feedback): Marking a gateway as down does not affect IPsec entries using gateway groups: Merged:
https://github.com/pfsense/pfsense/commit/7ef24f72405be1af3e3d82bde4ca572e3462827d Viktor Gurov
08:53 AM Bug #13076 (Pull Request Review): Marking a gateway as down does not affect IPsec entries using gateway groups: Jim Pingle
08:26 AM Bug #13076 (New): Marking a gateway as down does not affect IPsec entries using gateway groups: small typo:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/744 Viktor Gurov
11:44 AM Bug #13086 (Feedback): Traffic shaper wizard rewrites Mbits to Kbits: Merged:
https://github.com/pfsense/pfsense/commit/80d6b1ba38f906b0960dca2c6f95df5cf9fda404 Viktor Gurov
08:50 AM Bug #13086 (Pull Request Review): Traffic shaper wizard rewrites Mbits to Kbits: Jim Pingle
03:41 AM Bug #13086 (New): Traffic shaper wizard rewrites Mbits to Kbits: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/743 Viktor Gurov
09:30 AM Bug #13092 (Feedback): PPPoE WANs fail to reconnect after parameter negotiation failure: Applied in changeset commit:77fa7b2937c0a14fc3d8db3058ff11db9e0210f2. Viktor Gurov
08:49 AM Bug #13092 (Pull Request Review): PPPoE WANs fail to reconnect after parameter negotiation failure: Jim Pingle
02:45 AM Bug #13092: PPPoE WANs fail to reconnect after parameter negotiation failure: see also https://forum.netgate.com/topic/37353/pppoe-reconenction-fix-mpd-fix-100
solution:
https://sourceforge.n... Viktor Gurov
08:36 AM Bug #7234 (Closed): ntpd overload during IPsec session without HW acceleration: Jim Pingle
08:35 AM Bug #6611 (Closed): Kernel panic when running PPPoE Server on tun/tap interface: Jim Pingle

04/24/2022

06:06 PM Feature #13094: Allow packet capture filtering in tagged packets: That works for me in all tested cases. Steve Wheeler
05:38 PM Feature #13094 (Pull Request Review): Allow packet capture filtering in tagged packets: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/741
Old behavior:
* No filter specified: vlan packets in... Marcos M
03:03 PM Feature #13094 (Closed): Allow packet capture filtering in tagged packets: Currently the host filtering options in the webgui packet capture do not match VLAN or QinQ tagged traffic.
It wou... Steve Wheeler
11:52 AM Feature #12819 (Resolved): GUI option to configure layers for LACP hash: Viktor Gurov
06:35 AM Feature #12819: GUI option to configure layers for LACP hash: While I agree this is a welcome feature addition it should not matter what the other side supports. This is for trans... Chris Linstruth
06:33 AM Feature #12819: GUI option to configure layers for LACP hash: Ran through the various settings. Looks good. All passed basic pings to another host across the lagg.... Chris Linstruth
11:05 AM Bug #13093 (Feedback): LDAP authentication fails with extended query and RFC2307 group lookups enabled: LDAP authentication fails with extended query and RFC2307 group lookups enabled
h2. With Extended Query On and RFC... Chris Linstruth

04/23/2022

08:57 PM Bug #13092: PPPoE WANs fail to reconnect after parameter negotiation failure: I've seen cases when the PPP client stops to retry re-establishing the connection within a minute after the outage st... David G
08:02 PM Bug #13092 (Resolved): PPPoE WANs fail to reconnect after parameter negotiation failure: Opened on behalf of TAC ticket 881570903.
After a six hour ISP outage, the service was restored but pfSense didn't... Chris W
06:09 PM Bug #12691: Support encrypted ``config.xml`` files when restoring during install: was able to successfully load password protected config.xml from flash drive by rerooting from the console menu with ... Jordan G
01:53 PM Bug #7234: ntpd overload during IPsec session without HW acceleration: Testing this on pfSense Plus 22.01, I'm unable to reproduce any NTP CPU locking on a single thread testing with or wi... Kris Phillips
01:49 PM Bug #6611: Kernel panic when running PPPoE Server on tun/tap interface: Since redmine 4510 no longer allows this, this should be marked as resolved. I have verified that OpenVPN interfaces... Kris Phillips
01:46 PM Bug #4500: UPnP/NAT-PMP status page does not display all port mappings: I'm unable to reproduce this on pfSense Plus 22.01 with my UPnP table. I'm assuming that with UI changes since 2.3 t... Kris Phillips
01:41 PM Bug #13003: Malicious Driver Detection event on ``ixl(4)`` driver: Christoph Vieten wrote in #note-2:
> Same happened on 2.6.0 with Intel x710-T4 multiple times now.
> Updating the n... Kris Phillips
12:17 PM Bug #13049 (Resolved): Empty ``negate_networks`` table breaks policy routing rules: Tested in systems which would and would not require negate_networks and it worked as expected. Marcos M
06:20 AM Bug #13048: Explicit PPPoE disconnect of a WAN Gateway Group member may not restore a default route: Can't recreate this issue on 22.01, failover working as expected, and default route changes every time if tier 1 goes... Lev Prokofev
02:52 AM Bug #13086: Traffic shaper wizard rewrites Mbits to Kbits: Yes, I replicated that. It's a minor cosmetic issue.
steps to reproduce:
 1. Run Traffic Shaper Wizards
 2. Cho... Danilo Zrenjanin

04/22/2022

10:13 PM Feature #4259 (Resolved): Port forward NAT rules with "any" protocol: added
rdr on em0 inet from any to 10.100.100.127 -> 10.10.10.30
2.7.0.a.20220422.0600
Alhusein Zawi
06:45 PM Bug #1819: DNS Resolver Not Registering DHCP Server Specified Domain Name: bump
11 years later and still no fix? Ondrej Sala
05:01 PM Revision 227f2150: Slack Notifications fix. Issue #13083: Christopher Cope
04:30 PM Feature #13091 (New): RFE: Ability to specify the order of OpenVPN Authentication servers: It would be helpful to be able to specify the order of OpenVPN Authentication servers. Orion Poplawski
01:34 PM Revision a250063f: Slow rule generation regression. Fix #13049: Marcos M
12:44 PM Bug #13076: Marking a gateway as down does not affect IPsec entries using gateway groups: Tested the issue against the version below:
22.05-DEVELOPMENT (amd64)
built on Fri Apr 22 06:22:18 UTC 2022
FreeBSD 1... Georgiy Tyutyunnik
12:24 PM Bug #13083 (Feedback): Slack notification options only allow ``-`` as a special character in channel names: Fix merged. Christopher Cope
12:06 PM Bug #13083 (Pull Request Review): Slack notification options only allow ``-`` as a special character in channel names: Christopher Cope
12:05 PM Bug #13083: Slack notification options only allow ``-`` as a special character in channel names: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/740 Christopher Cope
12:17 PM Bug #13069: Input validation for IPv6 addresses allows invalid address compression in some cases: Updating subject for release notes. Jim Pingle
12:14 PM Regression #13056: OpenVPN ``remote_cert_tls`` option does not behave correctly when enabled and later disabled: Updating subject for release notes. Jim Pingle
12:12 PM Bug #13082: L2TP stays bound to previous IP address after static IP address change: Updating subject for release notes. Jim Pingle
08:42 AM Bug #13082 (Resolved): L2TP stays bound to previous IP address after static IP address change: Viktor Gurov
08:34 AM Bug #13082: L2TP stays bound to previous IP address after static IP address change: Tested the bug reoccurrence against the version below:
2.7.0-DEVELOPMENT (amd64)
built on Fri Apr 22 06:21:00 UTC 2... Georgiy Tyutyunnik
12:11 PM Bug #13066: L2TP MPD configuration is not updated when a dynamic WAN IP address changes: Updating subject for release notes. Jim Pingle
12:10 PM Bug #13071: Delete function for IPsec SAD entries on ``status_ipsec_sad.php`` does not work: Updating subject for release notes. Jim Pingle
11:19 AM Bug #13090: OpenVPN NetBIOS Node Type and Scope ID options are not pushed to clients: https://github.com/pfsense/pfsense/pull/4576 Phil Wardt
11:19 AM Bug #13090 (Resolved): OpenVPN NetBIOS Node Type and Scope ID options are not pushed to clients: Old legacy settings are replaced by new ones on settings load, so they are probably unset at this time Phil Wardt
11:09 AM Feature #13085: OpenVPN NBDD server options: I posted the following patches: #13087, #13088, #13089
Once they are merged, I will push the NDBB server part, as it... Phil Wardt
07:39 AM Feature #13085 (Pull Request Review): OpenVPN NBDD server options: Jim Pingle
03:51 AM Feature #13085: OpenVPN NBDD server options: patch applying to current master branch and to release v2.6 Phil Wardt
03:38 AM Feature #13085: OpenVPN NBDD server options: Github pull request:
https://github.com/pfsense/pfsense/pull/4572
The first commit fixes a few annoying GUI bugs ... Phil Wardt
03:33 AM Feature #13085 (Resolved): OpenVPN NBDD server options: *In first commit,* I expose the NBDD servers in GUI, replace some spaces by tabs and fix the GUI bugs
Commit 1: Open... Phil Wardt
11:07 AM Bug #13086: Traffic shaper wizard rewrites Mbits to Kbits: Mhm odd, I am trying against the snapshots from today and I get the behavior in the attached screenshots. Please don'... Florian Apolloner
08:32 AM Bug #13086 (Feedback): Traffic shaper wizard rewrites Mbits to Kbits: Works as expected on the latest snapshots.
Please provide the steps to reproduce this issue. Viktor Gurov
07:24 AM Bug #13086 (Resolved): Traffic shaper wizard rewrites Mbits to Kbits: Configuring a Download bandwidth of "100 Mbit/s" in the traffic shaper multi wizard leads to a bandwidth of "104857.6... Florian Apolloner
11:06 AM Bug #13089: Some OpenVPN NetBIOS settings are kept even when NetBIOS is disabled: https://github.com/pfsense/pfsense/pull/4575
Phil Wardt
11:05 AM Bug #13089 (Resolved): Some OpenVPN NetBIOS settings are kept even when NetBIOS is disabled: OpenVPN: fix some netbios options were preserved even if teh Netbios option was unchecked
Completes:
https://redmin... Phil Wardt
10:49 AM Bug #13088: Rapidly clicking certain options on OpenVPN Client Overrides can cause hide/show field behavior to invert: https://github.com/pfsense/pfsense/pull/4574 Phil Wardt
10:47 AM Bug #13088 (Resolved): Rapidly clicking certain options on OpenVPN Client Overrides can cause hide/show field behavior to invert: in client specific overrides, NTP and DNS options: use javascript instead of toggles class because the latter causes ... Phil Wardt
10:40 AM Regression #12961: CARP event storm when leaving persistent CARP maintenance mode: I only looked over the code because I am heading out into the weekend but the code looks good. Thanks for that Viktor! Florian Apolloner
08:48 AM Regression #12961 (Feedback): CARP event storm when leaving persistent CARP maintenance mode: Merged:
https://github.com/pfsense/pfsense/commit/3c15b353c6968801cfffb7d3b30a7069d2330a3e Viktor Gurov
08:02 AM Regression #12961 (Pull Request Review): CARP event storm when leaving persistent CARP maintenance mode: Jim Pingle
03:42 AM Regression #12961 (New): CARP event storm when leaving persistent CARP maintenance mode: Florian Apolloner wrote in #note-11:
> While this most certainly fixes the reported issue I feel like this change is... Viktor Gurov
01:19 AM Regression #12961: CARP event storm when leaving persistent CARP maintenance mode: While this most certainly fixes the reported issue I feel like this change is still somewhat fragile. The main proble... Florian Apolloner
10:19 AM Bug #13087: OpenVPN WINS options may be visible even when NetBIOS is disabled: https://github.com/pfsense/pfsense/pull/4573 Phil Wardt
10:14 AM Bug #13087 (Resolved): OpenVPN WINS options may be visible even when NetBIOS is disabled: When we check NetBIOS option, and check the Wins servers option, then if Netbios option is unchecked, the WINS server... Phil Wardt
08:45 AM Bug #13049 (Feedback): Empty ``negate_networks`` table breaks policy routing rules: Applied in changeset commit:a250063f87eae118e7d3be6d207cfb4a8858fb7a. Marcos M
08:40 AM Revision 3c15b353: Optimize stacked IP Aliases reconfiguration. Issue #12961: Viktor Gurov
07:50 AM pfSense Docs Todo #13084 (Closed): LDAP Configuration still refers to Factory Edition instead of pfSense Plus: Fixed that and a few other instances that were no longer needed:
https://gitlab.netgate.com/docs/pfSense-docs/-/co... Jim Pingle
07:39 AM pfSense Packages Bug #11640 (Closed): Ntopng configuration and data loss when shutting down Redis: Jim Pingle
06:38 AM Bug #12747: Restarting the logging daemon during rotation also restarts ``sshguard``, leading to frequent log messages: I'm also experiencing the same issue on 2.6.0
!clipboard-202204221938-uajpw.png!
Marle Cua-chin
02:24 AM Bug #13003: Malicious Driver Detection event on ``ixl(4)`` driver: Same happened on 2.6.0 with Intel x710-T4 multiple times now.
Updating the nvme from 8.15 to latest 8.60 didn't fix ... Christoph Vieten

04/21/2022

06:16 PM pfSense Packages Bug #11640: Ntopng configuration and data loss when shutting down Redis: The PR was merged quite come time ago. I believe this bug can be closed as complete. Denny Page
04:14 PM pfSense Docs Todo #13084 (Closed): LDAP Configuration still refers to Factory Edition instead of pfSense Plus: https://docs.netgate.com/pfsense/en/latest/usermanager/ldap.html
The Client Certificate section on the above page ... Christopher Cope
04:04 PM Revision 47f2f406: OpenVPN Enforce key usage option typo fix. Issue #13056: Viktor Gurov
04:03 PM Revision 413ccc94: Port forward NAT rules with Any protocol. Implements #4259: Viktor Gurov
04:02 PM Revision 83047e42: Restart L2TP VPN on interface change. Fixes #13082: Viktor Gurov
02:36 PM Bug #7037: CPU frequency in System Information: Is there a quick and dirty way to manually force this to always display?
It's just one line and I would rather it sta... Jon8RFC .
02:35 PM Bug #13078: Firewall schedules appear to ignore "month" field: That's a much different request -- should be entered as a fresh feature request.
If the behavior of the day of wee... Jim Pingle
02:26 PM Bug #13078: Firewall schedules appear to ignore "month" field: In that case can the design be improved. There's nothing to cue a user that's how it works. No discoverability.
An... Stilez y
10:21 AM Bug #13078 (Not a Bug): Firewall schedules appear to ignore "month" field: This is working as intended. Clicking the day of week in the header activates the schedule for that day of the week i... Jim Pingle
01:15 PM Revision 8a906fba: Reconfigure stacked IP Aliases on XMLRPC sync and Virtual IP change only. Fixes #12961: Viktor Gurov
12:49 PM Bug #12105 (Resolved): Packages are not automatically reinstalled when restoring configuration using the installer: This was fixed somewhere along the line. I've reinstalled numerous times on 22.05 snapshots and the packages are rein... Jim Pingle
12:48 PM Todo #12047 (Closed): Make sure libnv fixes are on devel-12 branch: This was done long ago. Jim Pingle
12:33 PM Bug #13083: Slack notification options only allow ``-`` as a special character in channel names: From slack api doc... Christopher Cope
12:29 PM Bug #13083 (Resolved): Slack notification options only allow ``-`` as a special character in channel names: When I tried to define a valid slack channel name, I got "The Slack Channel name can only contain - as special charac... Danilo Zrenjanin
11:57 AM Regression #13056 (Feedback): OpenVPN ``remote_cert_tls`` option does not behave correctly when enabled and later disabled: Merged:
https://github.com/pfsense/pfsense/commit/47f2f4060d9e5b71c5c69356b61191fd2931383c Viktor Gurov
10:25 AM Regression #13056 (Pull Request Review): OpenVPN ``remote_cert_tls`` option does not behave correctly when enabled and later disabled: Jim Pingle
12:30 AM Regression #13056 (New): OpenVPN ``remote_cert_tls`` option does not behave correctly when enabled and later disabled: Thorsten Zitterell wrote in #note-9:
> Viktor Gurov wrote in #note-7:
> > Merged:
> > https://github.com/pfsense/p... Viktor Gurov
11:10 AM Feature #4259 (Feedback): Port forward NAT rules with "any" protocol: Applied in changeset commit:413ccc9447d65fed717c4bea565fb00a59ab62a9. Viktor Gurov
10:26 AM Feature #4259 (Pull Request Review): Port forward NAT rules with "any" protocol: Jim Pingle
02:25 AM Feature #4259: Port forward NAT rules with "any" protocol: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/736 Viktor Gurov
11:10 AM Bug #13082 (Feedback): L2TP stays bound to previous IP address after static IP address change: Applied in changeset commit:83047e422f0adbafbb875091c2f72b123ac9f023. Viktor Gurov
10:35 AM Bug #13082 (Pull Request Review): L2TP stays bound to previous IP address after static IP address change: Jim Pingle
06:17 AM Bug #13082: L2TP stays bound to previous IP address after static IP address change: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/737 Viktor Gurov
06:15 AM Bug #13082 (Resolved): L2TP stays bound to previous IP address after static IP address change: Steps to reproduce:
1. Set L2TP to listen on the WAN interface.
2. Manually change the WAN IP address
3. Check ... Danilo Zrenjanin
11:10 AM Regression #12961 (Feedback): CARP event storm when leaving persistent CARP maintenance mode: Applied in changeset commit:8a906fba5e42d391227dfc39311d02b570576d50. Viktor Gurov
10:58 AM Regression #12961: CARP event storm when leaving persistent CARP maintenance mode: Any chance of sharing the patch here for a community review? I think I have a good idea about what is going wrong and... Florian Apolloner
10:50 AM Regression #12961 (Pull Request Review): CARP event storm when leaving persistent CARP maintenance mode: Jim Pingle
08:16 AM Regression #12961: CARP event storm when leaving persistent CARP maintenance mode: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/738 Viktor Gurov
06:32 AM Regression #12961: CARP event storm when leaving persistent CARP maintenance mode: Okay, I do have found the cause for this issue: https://github.com/pfsense/pfsense/commit/6514012d33705dda99d0def4421... Florian Apolloner
05:18 AM Regression #12961: CARP event storm when leaving persistent CARP maintenance mode: Ok, this gets all triggered via https://github.com/pfsense/pfsense/blob/48cf54f850c5bf4fe26a8e33deb449807e71c204/src/... Florian Apolloner
05:03 AM Regression #12961: CARP event storm when leaving persistent CARP maintenance mode: Okay, this can be nicely reproduced by making the secondary enter & leave persistent carp maintenance mode. I added a... Florian Apolloner
10:32 AM Feature #13081 (Duplicate): Kill states on Tier 2 gateway when Tier 1 gateway gets back online: Duplicate of #855 and many others like it. Jim Pingle
05:43 AM Feature #13081 (Duplicate): Kill states on Tier 2 gateway when Tier 1 gateway gets back online: It would be helpful to have an option to track Tier 1 gateway status and kill states on Tier 2 failover WAN when Tier... Danilo Zrenjanin
10:27 AM Bug #13071 (Resolved): Delete function for IPsec SAD entries on ``status_ipsec_sad.php`` does not work: Jim Pingle
02:49 AM Bug #13071: Delete function for IPsec SAD entries on ``status_ipsec_sad.php`` does not work: Tested the patch against the version below:... Danilo Zrenjanin
08:11 AM Bug #5413: Reduce disruptions when changing DNS records from DHCP leases in Unbound: Paying Netgate customer here. Am actively running into this problem (showing in the form of periodic DNS resolution e... R D
06:32 AM Bug #13066 (Resolved): L2TP MPD configuration is not updated when a dynamic WAN IP address changes: Viktor Gurov
06:21 AM Bug #13066: L2TP MPD configuration is not updated when a dynamic WAN IP address changes: It works fine with IP renew using DHCP/PPPoE. I created a new Redmine for manual IP change https://redmine.pfsense.or... Danilo Zrenjanin
05:20 AM Bug #13066: L2TP MPD configuration is not updated when a dynamic WAN IP address changes: Tested the patch on the version below:... Danilo Zrenjanin
06:32 AM Bug #12227: Changing VHID on CARP VIP does not update VHID of related IP Alias VIPs: Cross-linking https://redmine.pfsense.org/issues/12961 -- this fix causes multiple carp interface changes resulting i... Florian Apolloner
06:20 AM Regression #13064 (Resolved): Crash Report after saving any Interface configuration change: Viktor Gurov
02:03 AM Regression #13064: Crash Report after saving any Interface configuration change: Tested the latest patch against the version below:... Danilo Zrenjanin
01:40 AM Bug #12747: Restarting the logging daemon during rotation also restarts ``sshguard``, leading to frequent log messages: Having the same issue since 2.6.0 too. Michael TRVL ALBT

04/20/2022

04:16 PM Regression #12183: Changing MAC address for PPP parent interface stopped working: Jim Pingle wrote in #note-5:
> Fernando Santos wrote in #note-4:
> > Jim Pingle wrote in #note-3:
> > > That page ... Fernando Santos
10:23 AM Regression #12183: Changing MAC address for PPP parent interface stopped working: Fernando Santos wrote in #note-4:
> Jim Pingle wrote in #note-3:
> > That page doesn't mention spoofing the MAC now... Jim Pingle
08:54 AM Regression #12183: Changing MAC address for PPP parent interface stopped working: Jim Pingle wrote in #note-3:
> That page doesn't mention spoofing the MAC now, and needing to spoof it with PPPoE is... Fernando Santos
02:46 PM Bug #13049 (Pull Request Review): Empty ``negate_networks`` table breaks policy routing rules: Marcos M
02:45 PM Bug #13049: Empty ``negate_networks`` table breaks policy routing rules: This introduces a significant delay to building the filter ruleset due to the introduction of @$vpns_list = filter_ge... Marcos M
02:43 PM Regression #13056: OpenVPN ``remote_cert_tls`` option does not behave correctly when enabled and later disabled: Viktor Gurov wrote in #note-7:
> Merged:
> https://github.com/pfsense/pfsense/commit/48cf54f850c5bf4fe26a8e33deb449... Thorsten Zitterell
09:24 AM Regression #13056: OpenVPN ``remote_cert_tls`` option does not behave correctly when enabled and later disabled: Michael Ruder wrote in #note-6:
> Works for me now as expected. I however noticed, that with the patch now in @confi... Viktor Gurov
09:22 AM Regression #13056 (Feedback): OpenVPN ``remote_cert_tls`` option does not behave correctly when enabled and later disabled: Merged:
https://github.com/pfsense/pfsense/commit/48cf54f850c5bf4fe26a8e33deb449807e71c204 Viktor Gurov
08:34 AM Regression #13056: OpenVPN ``remote_cert_tls`` option does not behave correctly when enabled and later disabled: Works for me now as expected. I however noticed, that with the patch now in @config.xml@ there is either @<remote_cer... Michael Ruder
07:44 AM Regression #13056 (New): OpenVPN ``remote_cert_tls`` option does not behave correctly when enabled and later disabled: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/733 Viktor Gurov
06:27 AM Regression #13056: OpenVPN ``remote_cert_tls`` option does not behave correctly when enabled and later disabled: I think this is a bug: Regardless of the newly introduced setting "Client Certificate Key Usage Validation", the @rem... Michael Ruder
02:31 PM Bug #13080 (Resolved): Cannot set EFI console as primary console when using both EFI and Serial: If a system is booting EFI it uses the console @efi@, whereas VGA uses @vidconsole@. When enabling the serial console... Jim Pingle
01:04 PM Revision 48cf54f8: OpenVPN Enforce key usage option fix. Issue #13056: Viktor Gurov
12:52 PM Revision 410cabc4: ddb.conf: log registers: When we crash also log the register values. They may contain useful
hints for debugging (especially if the unstripped... Kristof Provost
12:47 PM Revision 0b385c4e: Reload IPsec and OpenVPN on gateway IP or force_down option change. Issue #13076: Viktor Gurov
12:47 PM pfSense Docs Correction #13079 (Closed): Add WireGuard docs rewrites: Merged and deployed. Jim Pingle
12:44 PM pfSense Docs Correction #13079 (Closed): Add WireGuard docs rewrites: https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/35 Christian McDonald
12:46 PM Revision fcfa177b: NPT manual prefix fix. Issue #13070: Viktor Gurov
12:46 PM Revision bc68ed41: Send packages reload event on interface change. Issue #13064: Viktor Gurov
12:38 PM Bug #13078 (Not a Bug): Firewall schedules appear to ignore "month" field: pfSense 2.6.0-REL. The month field in firewall schedules appears to be totally ignored.
Reproduction:
Enter som... Stilez y
11:02 AM pfSense Packages Bug #10426 (Feedback): Filer must validate that File name is uniq: Fix merged. Christopher Cope
09:26 AM Regression #13064 (Feedback): Crash Report after saving any Interface configuration change: Merged:
https://github.com/pfsense/pfsense/commit/bc68ed41a9606a1bf88611a8d601f4d06aa3ec8a Viktor Gurov
07:25 AM Regression #13064 (Pull Request Review): Crash Report after saving any Interface configuration change: Jim Pingle
01:18 AM Regression #13064: Crash Report after saving any Interface configuration change: Marcos Mendoza wrote in #note-6:
> Edit: Bad test before. Still receiving the error after applying the patch:
> > F... Viktor Gurov
09:26 AM Feature #13070 (Feedback): Allow auto prefix with manual prefix-length in NPt: Merged:
https://github.com/pfsense/pfsense/commit/fcfa177bf11b2638c14a5f60526a657c63e0d308 Viktor Gurov
09:23 AM Feature #13070: Allow auto prefix with manual prefix-length in NPt: Applied patch and switched to /64 and it's looking good now. So it was the manual rule that was broken before and the... Marcos M
07:25 AM Feature #13070 (Pull Request Review): Allow auto prefix with manual prefix-length in NPt: Jim Pingle
01:43 AM Feature #13070: Allow auto prefix with manual prefix-length in NPt: Marcos Mendoza wrote in #note-6:
> The PD prefix changed so I tested this further. There's an issue currently; as is... Viktor Gurov
09:25 AM Bug #13076 (Feedback): Marking a gateway as down does not affect IPsec entries using gateway groups: Merged:
https://github.com/pfsense/pfsense/commit/0b385c4e183611a76a5a232f439564fcfe37d63f Viktor Gurov
08:52 AM Bug #13076: Marking a gateway as down does not affect IPsec entries using gateway groups: Updating the title to reflect the actual issue. Marcos M
07:26 AM Bug #13076 (Pull Request Review): Marking a gateway as down does not affect IPsec entries using gateway groups: Jim Pingle
03:00 AM Bug #13076: Marking a gateway as down does not affect IPsec entries using gateway groups: > Going into the gateway config and enabling Mark Gateway as Down will make the gateway show as Offline (Forced) unde... Viktor Gurov
09:21 AM Regression #12937 (Feedback): Traffic Shaper wizard can produce an invalid ruleset when configured with an IPv4 upstream SIP server: Merged:
https://github.com/pfsense/pfsense/commit/7d31047a38979d685a5a467d382201c317a69869 Viktor Gurov
07:24 AM Regression #12937 (Pull Request Review): Traffic Shaper wizard can produce an invalid ruleset when configured with an IPv4 upstream SIP server: Jim Pingle
01:14 AM Regression #12937: Traffic Shaper wizard can produce an invalid ruleset when configured with an IPv4 upstream SIP server: Marcos Mendoza wrote in #note-18:
> The VOIP rules were created with the @Any@ interface. However, this error is bac... Viktor Gurov
08:03 AM Bug #13077 (Duplicate): remote-cert-tls client set in configuration regardless of Client Certificate Key Usage Validation option (after server restart only!): Duplicate of #13056 Viktor Gurov
07:41 AM Bug #13077 (Rejected): remote-cert-tls client set in configuration regardless of Client Certificate Key Usage Validation option (after server restart only!): There is no code that treats that option differently in the way you describe and I cannot reproduce this as stated. Y... Jim Pingle
06:30 AM Bug #13077 (Duplicate): remote-cert-tls client set in configuration regardless of Client Certificate Key Usage Validation option (after server restart only!): Regardless of the newly introduced setting "Client Certificate Key Usage Validation", the @remote-cert-tls client@ en... Michael Ruder
07:17 AM pfSense Plus Bug #13075 (Duplicate): Netgate 2100 IPsec S2S AES GCM and SafeXcel mbuf overload: Duplicate of #13074 Jim Pingle
06:13 AM Revision 7d31047a: Traffic Shaper Wizard ipprotocol fix. Issue #12937: Viktor Gurov

04/19/2022

09:11 PM Bug #13076: Marking a gateway as down does not affect IPsec entries using gateway groups: Restarting dpinger does not change the behavior - it still runs and packet loss stays at 0. Forcing it as down will a... Marcos M
09:02 PM Bug #13076 (Resolved): Marking a gateway as down does not affect IPsec entries using gateway groups: Tested on @22.05.a.20220419.0600@ and @22.01@.
Going into the gateway config and enabling @Mark Gateway as Down@ w... Marcos M
08:19 PM Bug #13069 (Resolved): Input validation for IPv6 addresses allows invalid address compression in some cases: Marcos M
08:09 PM Regression #12937 (New): Traffic Shaper wizard can produce an invalid ruleset when configured with an IPv4 upstream SIP server: The VOIP rules were created with the @Any@ interface. However, this error is back now:
> There were error(s) loadin... Marcos M
06:48 PM Bug #12763 (Resolved): VTI gateway status stuck as "pending" after reboot: Tested on 22.01 with both patches applied and on @22.05.a.20220419.0600@ with the second patch applied. The FQDN gate... Marcos M
10:20 AM Bug #12763 (Feedback): VTI gateway status stuck as "pending" after reboot: Applied in changeset commit:a41488ff8d8c7647dd93a20fb4d4e3ebd52c175f. Viktor Gurov
10:10 AM Bug #12763 (Pull Request Review): VTI gateway status stuck as "pending" after reboot: Jim Pingle
09:32 AM Bug #12763: VTI gateway status stuck as "pending" after reboot: Marcos Mendoza wrote in #note-10:
> Tested on @22.05.a.20220417.0600@. The FQDN VTI gateway remains pending after re... Viktor Gurov
05:38 PM pfSense Packages Bug #12933: Vulnerability in ClamAV Engine Used by Squid: Are there any updates on when this might be addressed? We are required to contact the "vendor" every 30 days to requ... Derek Andree
04:47 PM pfSense Plus Bug #13075 (Duplicate): Netgate 2100 IPsec S2S AES GCM and SafeXcel mbuf overload: Hello everyone,
i run into a mbuf overload after change the S2S Setting (Netgate 6100 – 2100) from AES256 to AES128-... Dennis H
04:05 PM Bug #12900: Clicking Save & Force Update on a Dynamic DNS entry results in a GUI timeout: Confirmed this is happening with 22.01 as well. Unclear if it is updating the record as well, but receiving the 504 e... Ryan Coleman
03:52 PM Revision 2d82d2e3: Restart L2TP VPN on interface IP change. Fixes #13066: Viktor Gurov
02:31 PM Revision a41488ff: Restart dpinger on boot if IPsec PH1 remote gateway is FQDN and PH2 mode is VTI. Fixes #12763: Viktor Gurov
01:25 PM Regression #13064 (Confirmed): Crash Report after saving any Interface configuration change: Marcos M
01:19 PM Regression #13064 (Resolved): Crash Report after saving any Interface configuration change: Edit: Bad test before. Still receiving the error after applying the patch:
> Fatal error: Uncaught Error: Call to und... Marcos M
01:16 PM Feature #13070: Allow auto prefix with manual prefix-length in NPt: The PD prefix changed so I tested this further. There's an issue currently; as is, a manual rule behaves differently ... Marcos M
12:24 PM pfSense Packages Feature #13063 (Feedback): Improve modem support: PR has been merged. Thanks! Viktor Gurov
12:14 PM pfSense Plus Bug #13074: AES-GCM with SafeXcel on Netgate 2100 causes MBUF overload: Reverting to AES-CBC with SHA384 in P1 and P2 works perfectly, even with SafeXcel enabled. Only seems to apply to AES... Chris S
12:10 PM pfSense Plus Bug #13074 (New): AES-GCM with SafeXcel on Netgate 2100 causes MBUF overload: Running IPSec tunnels on a Netgate 2100 with AES-GCM and SafeXcel enabled seem to cause an MBUF overload requiring a ... Chris S
11:00 AM Bug #13066 (Feedback): L2TP MPD configuration is not updated when a dynamic WAN IP address changes: Applied in changeset commit:2d82d2e37a6c0042a7afd74752d8a4fe3df3936d. Viktor Gurov
09:17 AM Regression #12827: High latency and packet loss during a filter reload: Mateusz Guzik wrote in #note-21:
> Huh, apologies for lack of updates.
>
> The issue is largely fixed for over 3 wee... Marcos M
04:55 AM Regression #12827: High latency and packet loss during a filter reload: Mateusz Guzik wrote in #note-21:
> Huh, apologies for lack of updates.
>
> The issue is largely fixed for over 3 ... Kevin Bentlage
04:24 AM Regression #12827: High latency and packet loss during a filter reload: Huh, apologies for lack of updates.
The issue is largely fixed for over 3 weeks now in the snapshots. If you can't i... Mateusz Guzik
03:15 AM Regression #12827: High latency and packet loss during a filter reload: Any updates on this? Kevin Bentlage
07:32 AM Feature #13072 (Pull Request Review): Matching background/font colors of queue values with dark theme.: Jim Pingle
05:38 AM pfSense Packages Bug #13073 (New): ClamAV - clamd dies with high CPU load and thus the C-ICAP of squid-reverse proxy causes http:500 errors: ClamAV - clamd dies with high CPU load and thus the C-ICAP of squid-reverse proxy causes http:500 errors
user-ag... Konrad Lanz

04/18/2022

08:28 PM Revision 303c51fc: Allow auto prefix with manual prefix-length in NPT. Implements #13070: Viktor Gurov
07:21 PM Revision 888646db: Ensure same type comparison. Fixes #13059: Marcos M
06:03 PM Feature #13072: Matching background/font colors of queue values with dark theme.: https://github.com/pfsense/pfsense/pull/4571 Zedful ☺
05:45 PM Feature #13072 (Pull Request Review): Matching background/font colors of queue values with dark theme.: Zedful ☺
06:02 PM Revision 08219be9: Fix IPsec SAD delete. Fixes #13071: Jim Pingle
03:36 PM Revision 810f1026: Do not restart IPv4 OpenVPN on IPv6 gateway events and vice versa. Fixes #13061: Viktor Gurov
03:35 PM Feature #13070 (Feedback): Allow auto prefix with manual prefix-length in NPt: Applied in changeset commit:303c51fc2351300c3b5586bea0b885ada6a3f3e5. Viktor Gurov
02:42 PM Feature #13070: Allow auto prefix with manual prefix-length in NPt: Thank you very much!! I'll have to wait for the dynamic prefix to change from the ISP to see how that goes, but testi... Marcos M
02:28 PM Feature #13070 (Pull Request Review): Allow auto prefix with manual prefix-length in NPt: Jim Pingle
02:20 PM Feature #13070: Allow auto prefix with manual prefix-length in NPt: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/726 Viktor Gurov
11:53 AM Feature #13070 (Resolved): Allow auto prefix with manual prefix-length in NPt: The current NPt functionality in 22.05 does not allow for overriding the prefix-length of an automatically tracked in... Marcos M
03:12 PM Revision 8a89c115: Reject multiple IPv6 compressions. Fixes #13069: Having :: in an IPv6 address more than once is not valid, even if it
expands to an unambiguous result. Jim Pingle
02:30 PM Regression #13059 (Feedback): Error when saving changes to a disabled OpenVPN client: Applied in changeset commit:888646db3ec871b014b16af5b4fbb2aced4693c3. Marcos M
01:47 PM Revision ac0c9910: Traffic Shaper Wizard VOIP rules fix. Issue #12937: Viktor Gurov
01:15 PM Bug #13071 (Feedback): Delete function for IPsec SAD entries on ``status_ipsec_sad.php`` does not work: Applied in changeset commit:08219be9c56250f998585a7aec7539efbe933952. Jim Pingle
01:04 PM Bug #13071 (Pull Request Review): Delete function for IPsec SAD entries on ``status_ipsec_sad.php`` does not work: MR to fix it: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/725 Jim Pingle
01:02 PM Bug #13071 (Resolved): Delete function for IPsec SAD entries on ``status_ipsec_sad.php`` does not work: The delete function for IPsec SAD entries on @status_ipsec_sad.php@ is not working due to a misplaced @usepost@ attri... Jim Pingle
12:07 PM Bug #13065: Domain override for home.arpa not working: Please keep the discussion on the forum -- this is not a platform for support. Jim Pingle
12:00 PM Bug #13065: Domain override for home.arpa not working: Can I provide logs here so they can be looked at and to start reproducing the issue on your end? I really don't have ... Kevin Mychal Ong
11:30 AM Bug #13065: Domain override for home.arpa not working: That's what I thought, which is why I was pretty convinced this is a "bug". I've exhausted all troubleshooting that I... Kevin Mychal Ong
11:17 AM Bug #13065: Domain override for home.arpa not working: There is no special handling for home.arpa except when the firewall's own domain is set to home.arpa -- the only plac... Jim Pingle
11:07 AM Bug #13065: Domain override for home.arpa not working: Yes, I know what you're sayingand they do match with the site's domain. There is 100% no conflict. The pfsense dhcp s... Kevin Mychal Ong
11:03 AM Bug #13065: Domain override for home.arpa not working: Check the *Domain* under *System > General Setup* , that should match whatever the domain for the site is, if it's @h... Jim Pingle
10:58 AM Bug #13065: Domain override for home.arpa not working: Jim,I'm not sure what you mean. All three of my sites are on their own local domain (not subdomain).
Site 1 = home.a... Kevin Mychal Ong
08:11 AM Bug #13065 (Not a Bug): Domain override for home.arpa not working: This is a settings issue, not a bug. Your firewall is almost certainly still set at the default hostname+domain of @p... Jim Pingle
11:10 AM Bug #11764: IPv6 link local gateway default status not indicated in GUI: Viktor Gurov wrote in #note-9:
> Daryl Morse wrote in #note-7:
> > I was running 2.7.0-dev up to around mid-January... Daryl Morse
10:50 AM Bug #13061 (Feedback): Gateway events for IPv6 affect IPv4 OpenVPN instances and vice versa: Applied in changeset commit:810f1026a07e75f8f582f85c5f6a63450b2d8a8e. Viktor Gurov
07:57 AM Bug #13061 (Pull Request Review): Gateway events for IPv6 affect IPv4 OpenVPN instances and vice versa: Jim Pingle
10:40 AM Bug #13069 (Feedback): Input validation for IPv6 addresses allows invalid address compression in some cases: Applied in changeset commit:8a89c11574e9db83b7cc5e11f2e83d40f42cf614. Jim Pingle
10:27 AM Bug #13069: Input validation for IPv6 addresses allows invalid address compression in some cases: Tested with the IP that broke it previously in different places e.g. alias, interface, vip, freeradius. All worked (r... Marcos M
10:15 AM Bug #13069 (Pull Request Review): Input validation for IPv6 addresses allows invalid address compression in some cases: MR: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/724
With the change in the MR, the results are as ... Jim Pingle
10:11 AM Bug #13069 (In Progress): Input validation for IPv6 addresses allows invalid address compression in some cases: Jim Pingle
09:52 AM Bug #13069 (Confirmed): Input validation for IPv6 addresses allows invalid address compression in some cases: Marcos sent me a different IPv6 string directly and that does validate when it should not, which I then used to check... Jim Pingle
08:18 AM Bug #13069: Input validation for IPv6 addresses allows invalid address compression in some cases: Same here, validation works fine in places I've tried it (e.g. alias content)
We will need a list of *specific* pa... Jim Pingle
06:15 AM Bug #13069 (Feedback): Input validation for IPv6 addresses allows invalid address compression in some cases: unable to reproduce - @is_ipaddrv6('fc00::5::1')@ returns false Viktor Gurov
10:35 AM Revision ef9522c6: Include pkg-utils.inc to interfaces.php. Fixes #13064: Viktor Gurov
09:10 AM Regression #12937: Traffic Shaper wizard can produce an invalid ruleset when configured with an IPv4 upstream SIP server: Is this at all related to https://redmine.pfsense.org/issues/13026 ? I am eager to have limiters working again on 22.... → luckman212
08:57 AM Regression #12937 (Feedback): Traffic Shaper wizard can produce an invalid ruleset when configured with an IPv4 upstream SIP server: Merged:
https://github.com/pfsense/pfsense/commit/ac0c991083b910d82fcc52ceb52718f5bc40d4de Viktor Gurov
08:20 AM Regression #12937 (Pull Request Review): Traffic Shaper wizard can produce an invalid ruleset when configured with an IPv4 upstream SIP server: Jim Pingle
07:39 AM Regression #12937 (New): Traffic Shaper wizard can produce an invalid ruleset when configured with an IPv4 upstream SIP server: Marcos Mendoza wrote in #note-13:
> Everything works except for:
> > Floating rules without a specific interface sh... Viktor Gurov
08:55 AM Regression #13064 (Feedback): Crash Report after saving any Interface configuration change: Applied in changeset commit:ef9522c62f79845432d47a7fe1e735373ec72a2e. Viktor Gurov
08:15 AM Regression #13064 (Pull Request Review): Crash Report after saving any Interface configuration change: Jim Pingle
05:36 AM Regression #13064: Crash Report after saving any Interface configuration change: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/722 Viktor Gurov
08:14 AM Bug #13066 (Pull Request Review): L2TP MPD configuration is not updated when a dynamic WAN IP address changes: Jim Pingle
05:29 AM Bug #13066: L2TP MPD configuration is not updated when a dynamic WAN IP address changes: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/721 Viktor Gurov
08:13 AM Feature #12714 (Resolved): Show ``Inactive`` for Hardware Crypto output instead of empty field on System Information dashboard widget when nothing can be accelerated: Jim Pingle
08:13 AM Feature #13023 (Resolved): DNS Resolver option to keep probing when servers are down: Jim Pingle
08:07 AM Feature #13010 (Resolved): Option to retain the existing serial number when renewing a CA or certificate: Christopher Cope wrote in #note-7:
> Tested on
> [...]
>
> and it works, but it doesn't prevent the user from re... Jim Pingle
08:06 AM pfSense Packages Feature #13063 (Pull Request Review): Improve modem support: Jim Pingle
08:02 AM Bug #13062 (Not a Bug): Interface Mistmatch on Hyper V: That is likely an issue in your hypervisor configuration or potentially something that needs adjusted in your setting... Jim Pingle
08:00 AM pfSense Packages Bug #10426 (Pull Request Review): Filer must validate that File name is uniq: Jim Pingle
05:32 AM pfSense Packages Feature #11531 (Resolved): Show netmap compatible cards in IPS Mode note: accidentally deleted comment from Jordan Green:
on pfSense + 22.05.a.20220416.0747/Suricata 6.0.4_1 warning now di... Viktor Gurov

04/17/2022

09:11 PM Bug #13069 (Resolved): Input validation for IPv6 addresses allows invalid address compression in some cases: Tested on @22.05.a.20220412.0600@.
There is no input validation for IPv6 addresses with multiple instances of the ... Marcos M
08:55 PM Bug #13068 (Resolved): Firewall rules fail to load when a URL table alias file does not exist: If the firewall is unable to fetch the contents of a @URL Table (IPs)@ alias that did not previously exist, PF will f... Marcos M
07:45 PM Bug #13067 (Resolved): Resolve interval for ``filterdns`` may not match the configured value: Tested on @22.05.a.20220417.0600@.
Tested with the feature from:
https://redmine.pfsense.org/issues/13057
The ... Marcos M
07:41 PM Feature #13057: GUI option for IPsec ``dns-interval`` setting: Tested on @22.05.a.20220417.0600@.
The interval is added correctly:
> root 62793 0.0 0.3 12140 2784 - Is ... Marcos M
06:08 PM Bug #12763 (Confirmed): VTI gateway status stuck as "pending" after reboot: Tested on @22.05.a.20220417.0600@. The FQDN VTI gateway remains pending after reboot. Marcos M
05:52 PM Feature #12714: Show ``Inactive`` for Hardware Crypto output instead of empty field on System Information dashboard widget when nothing can be accelerated: Hardware crypto on the dashboard shows "Inactive" if AES-NI is disabled and the accelerated algorithms if it is activ... Chris Linstruth
05:49 PM Regression #12937: Traffic Shaper wizard can produce an invalid ruleset when configured with an IPv4 upstream SIP server: Everything works except for:
> Floating rules without a specific interface should be created with the Any interface ... Marcos M
05:41 PM Feature #13023: DNS Resolver option to keep probing when servers are down: After updating to today's snapshot:
1. The Keep probing advanced option was present
2. The Keep probing advanced ... Chris Linstruth
04:06 PM Feature #4881: Allow NPt to use dynamic IPv6 networks: I've seen the following from ISPs, both of which have some caveats in the current 22.05 NPt implementation:
*Dynamic... Marcos M
04:04 PM Feature #4881: Allow NPt to use dynamic IPv6 networks: L J wrote in #note-30:
> It is also not working to assign the ULA with a virtual IP to the LAN interface because the... Marcos M
11:31 AM pfSense Plus Bug #12974: Typing anything into 1100/2100 recovery installer causes process to stop: Kris Phillips wrote in #note-3:
> Ryan Coleman wrote in #note-2:
> > Kris Phillips wrote in #note-1:
> > > I'm no... Ryan Coleman
05:45 AM Bug #13066 (Resolved): L2TP MPD configuration is not updated when a dynamic WAN IP address changes: After an provider based change of the WAN IP the L2TP server is still listening on the OLD WAN IP.
The IP changed ... Nico Schmidt

Also available in: Atom

Project

General

Profile

pfSense

Activity

Activity

05/16/2022

05/15/2022

05/14/2022

05/13/2022

05/12/2022

05/11/2022

05/10/2022

05/09/2022

05/08/2022

05/07/2022

05/06/2022

05/05/2022

05/04/2022

05/03/2022

05/02/2022

05/01/2022

04/30/2022

04/29/2022

04/28/2022

04/27/2022

04/26/2022

04/25/2022

04/24/2022

04/23/2022

04/22/2022

04/21/2022

04/20/2022

04/19/2022

04/18/2022

04/17/2022